[Qemu-devel] [PATCH] spapr: Print out extra hints when CAS negotiation of interrupt mode fails

[Greg Kurz]

Let's suggest to the user how the machine should be configured to allow
the guest to boot successfully.

Suggested-by: Satheesh Rajendran 
Signed-off-by: Greg Kurz 
---
 hw/ppc/spapr_hcall.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 63a55614b83d..aae9fd2b3e6d 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1646,12 +1646,12 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
  */
 if (guest_xive) {
 if (spapr->irq->ov5 == SPAPR_OV5_XIVE_LEGACY) {
-error_report("Guest requested unavailable interrupt mode (XIVE)");
+error_report("Guest requested unavailable interrupt mode (XIVE), 
try the ic-mode=xive or ic-mode=dual machine property");
 exit(EXIT_FAILURE);
 }
 } else {
 if (spapr->irq->ov5 == SPAPR_OV5_XIVE_EXPLOIT) {
-error_report("Guest requested unavailable interrupt mode (XICS)");
+error_report("Guest requested unavailable interrupt mode (XICS), 
either don't set the ic-mode machine property or try ic-mode=xics or 
ic-mode=dual");
 exit(EXIT_FAILURE);
 }
 }

Re: [Qemu-devel] [PATCH v4 6/6] acpi: pci: use build_append_foo() API to construct MCFG

[Wei Yang]

On Wed, May 15, 2019 at 07:29:17AM +0200, Philippe Mathieu-Daudé wrote:
>
>Thanks Michael for testing...
>
>Wei, can you add a MCFG test in tests/bios-tables-test.c?
>

I took a look into the test, current q35 has already has a reference MCFG in 
tests/data/acpi/q35/MCFG.

And there would be a warning message when reserved[8] is missed.

/x86_64/acpi/q35/bridge: acpi-test: Warning! MCFG mismatch.

Is this enough? Or what more information prefer to add?

>Regards,
>
>Phil.
>
>>> -AcpiMcfgAllocation allocation[0];
>>> -} QEMU_PACKED;
>>> -typedef struct AcpiTableMcfg AcpiTableMcfg;
>>> -
>>>  /*
>>>   * TCPA Description Table
>>>   *
>>> -- 
>>> 2.19.1

-- 
Wei Yang
Help you, Help me

Re: [Qemu-devel] [PATCH] spapr: Print out extra hints when CAS negotiation of interrupt mode fails

[Satheesh Rajendran]

On Thu, May 16, 2019 at 09:36:57AM +0200, Greg Kurz wrote:
> Let's suggest to the user how the machine should be configured to allow
> the guest to boot successfully.
> 
> Suggested-by: Satheesh Rajendran 
> Signed-off-by: Greg Kurz 
> ---
>  hw/ppc/spapr_hcall.c |4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Reviewed-and-Tested-by: Satheesh Rajendran 

2019-05-16T07:42:43.018771Z qemu-system-ppc64: Guest requested unavailable 
interrupt mode (XICS), either don't set the ic-mode machine property or try 
ic-mode=xics or ic-mode=dual
2019-05-16 07:42:43.394+: shutting down, reason=crashed

> 
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index 63a55614b83d..aae9fd2b3e6d 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -1646,12 +1646,12 @@ static target_ulong 
> h_client_architecture_support(PowerPCCPU *cpu,
>   */
>  if (guest_xive) {
>  if (spapr->irq->ov5 == SPAPR_OV5_XIVE_LEGACY) {
> -error_report("Guest requested unavailable interrupt mode 
> (XIVE)");
> +error_report("Guest requested unavailable interrupt mode (XIVE), 
> try the ic-mode=xive or ic-mode=dual machine property");
>  exit(EXIT_FAILURE);
>  }
>  } else {
>  if (spapr->irq->ov5 == SPAPR_OV5_XIVE_EXPLOIT) {
> -error_report("Guest requested unavailable interrupt mode 
> (XICS)");
> +error_report("Guest requested unavailable interrupt mode (XICS), 
> either don't set the ic-mode machine property or try ic-mode=xics or 
> ic-mode=dual");
>  exit(EXIT_FAILURE);
>  }
>  }
> 

Re: [Qemu-devel] [PATCH v9 2/7] virtio-pmem: Add virtio pmem driver

[Pankaj Gupta]

> 
> > +   vpmem->vdev = vdev;
> > +   vdev->priv = vpmem;
> > +   err = init_vq(vpmem);
> > +   if (err) {
> > +   dev_err(&vdev->dev, "failed to initialize virtio pmem vq's\n");
> > +   goto out_err;
> > +   }
> > +
> > +   virtio_cread(vpmem->vdev, struct virtio_pmem_config,
> > +   start, &vpmem->start);
> > +   virtio_cread(vpmem->vdev, struct virtio_pmem_config,
> > +   size, &vpmem->size);
> > +
> > +   res.start = vpmem->start;
> > +   res.end   = vpmem->start + vpmem->size-1;
> 
> nit: " - 1;"

Sure.

> 
> > +   vpmem->nd_desc.provider_name = "virtio-pmem";
> > +   vpmem->nd_desc.module = THIS_MODULE;
> > +
> > +   vpmem->nvdimm_bus = nvdimm_bus_register(&vdev->dev,
> > +   &vpmem->nd_desc);
> > +   if (!vpmem->nvdimm_bus) {
> > +   dev_err(&vdev->dev, "failed to register device with 
> > nvdimm_bus\n");
> > +   err = -ENXIO;
> > +   goto out_vq;
> > +   }
> > +
> > +   dev_set_drvdata(&vdev->dev, vpmem->nvdimm_bus);
> > +
> > +   ndr_desc.res = &res;
> > +   ndr_desc.numa_node = nid;
> > +   ndr_desc.flush = async_pmem_flush;
> > +   set_bit(ND_REGION_PAGEMAP, &ndr_desc.flags);
> > +   set_bit(ND_REGION_ASYNC, &ndr_desc.flags);
> > +   nd_region = nvdimm_pmem_region_create(vpmem->nvdimm_bus, &ndr_desc);
> > +   if (!nd_region) {
> > +   dev_err(&vdev->dev, "failed to create nvdimm region\n");
> > +   err = -ENXIO;
> > +   goto out_nd;
> > +   }
> > +   nd_region->provider_data = dev_to_virtio(nd_region->dev.parent->parent);
> > +   return 0;
> > +out_nd:
> > +   nvdimm_bus_unregister(vpmem->nvdimm_bus);
> > +out_vq:
> > +   vdev->config->del_vqs(vdev);
> > +out_err:
> > +   return err;
> > +}
> > +
> > +static void virtio_pmem_remove(struct virtio_device *vdev)
> > +{
> > +   struct nvdimm_bus *nvdimm_bus = dev_get_drvdata(&vdev->dev);
> > +
> > +   nvdimm_bus_unregister(nvdimm_bus);
> > +   vdev->config->del_vqs(vdev);
> > +   vdev->config->reset(vdev);
> > +}
> > +
> > +static struct virtio_driver virtio_pmem_driver = {
> > +   .driver.name= KBUILD_MODNAME,
> > +   .driver.owner   = THIS_MODULE,
> > +   .id_table   = id_table,
> > +   .probe  = virtio_pmem_probe,
> > +   .remove = virtio_pmem_remove,
> > +};
> > +
> > +module_virtio_driver(virtio_pmem_driver);
> > +MODULE_DEVICE_TABLE(virtio, id_table);
> > +MODULE_DESCRIPTION("Virtio pmem driver");
> > +MODULE_LICENSE("GPL");
> > diff --git a/drivers/nvdimm/virtio_pmem.h b/drivers/nvdimm/virtio_pmem.h
> > new file mode 100644
> > index ..ab1da877575d
> > --- /dev/null
> > +++ b/drivers/nvdimm/virtio_pmem.h
> > @@ -0,0 +1,60 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +/*
> > + * virtio_pmem.h: virtio pmem Driver
> > + *
> > + * Discovers persistent memory range information
> > + * from host and provides a virtio based flushing
> > + * interface.
> > + **/
> > +
> > +#ifndef _LINUX_VIRTIO_PMEM_H
> > +#define _LINUX_VIRTIO_PMEM_H
> > +
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +
> > +struct virtio_pmem_request {
> > +   /* Host return status corresponding to flush request */
> > +   int ret;
> > +
> > +   /* command name*/
> > +   char name[16];
> 
> So ... why are we sending string commands and expect native-endianess
> integers and don't define a proper request/response structure + request
> types in include/uapi/linux/virtio_pmem.h like
> 
> struct virtio_pmem_resp {
>   __virtio32 ret;
> }
> 
> #define VIRTIO_PMEM_REQ_TYPE_FLUSH1
> struct virtio_pmem_req {
>   __virtio16 type;
> }
> 
> ... and this way we also define a proper endianess format for exchange
> and keep it extensible

Done the suggested change.

Thank you,
Pankaj

> 
> @MST, what's your take on this?
> 
> 
> --
> 
> Thanks,
> 
> David / dhildenb
> 

Re: [Qemu-devel] [PATCH] [RFC] qcow2: add compression type feature

[Denis Plotnikov]

On 29.04.2019 1:32, Max Reitz wrote:
> On 05.02.19 10:08, Denis Plotnikov wrote:
>> The patch adds some preparation parts for incompatible compression type
>> feature into QCOW2 header that indicates that *all* compressed clusters
>> must be (de)compressed using a certain compression type.
>>
>> It is implied that the compression type is set on the image creation and
>> can be changed only later by image convertion, thus the only compression
>> algorithm is used for the image.
>>
>> The plan is to add support for ZSTD and then may be something more effective
>> in the future.
>>
>> ZSDT compression algorithm consumes 3-5 times less CPU power with a
>> comparable comression ratio with zlib. It would be wise to use it for
>> data compression f.e. for backups.
>>
>> The default compression is ZLIB.
>>
>> Signed-off-by: Denis Plotnikov 
>> ---
>>   block/qcow2.c | 25 +
>>   block/qcow2.h | 26 ++
>>   2 files changed, 47 insertions(+), 4 deletions(-)
> 
> Are there plans to pursue this further?
Yes, I'm going to come up with the first version in a few weeks
> 
> [...]
> 
>> diff --git a/block/qcow2.h b/block/qcow2.h
>> index 32cce9eee2..fdde5bbefd 100644
>> --- a/block/qcow2.h
>> +++ b/block/qcow2.h
>> @@ -112,6 +112,10 @@
>>   #define QCOW2_OPT_REFCOUNT_CACHE_SIZE "refcount-cache-size"
>>   #define QCOW2_OPT_CACHE_CLEAN_INTERVAL "cache-clean-interval"
>>   
>> +/* Compression types */
>> +#define QCOW2_COMPRESSION_TYPE_ZLIB0
>> +#define QCOW2_COMPRESSION_TYPE_ZSTD1
> 
> We probably want QAPI types anyway (qemu-img info should report the
> compression type), so I think we could use them instead.
I'm not sure that I understood the idea. Could you please explain what 
is meant here? We don't need those constants and should use the 
constants defined somewhere else (where)?

Denis


> 
>>   typedef struct QCowHeader {
>>   uint32_t magic;
>>   uint32_t version;
>> @@ -197,10 +201,13 @@ enum {
>>   
>>   /* Incompatible feature bits */
>>   enum {
>> -QCOW2_INCOMPAT_DIRTY_BITNR   = 0,
>> -QCOW2_INCOMPAT_CORRUPT_BITNR = 1,
>> -QCOW2_INCOMPAT_DIRTY = 1 << QCOW2_INCOMPAT_DIRTY_BITNR,
>> -QCOW2_INCOMPAT_CORRUPT   = 1 << QCOW2_INCOMPAT_CORRUPT_BITNR,
>> +QCOW2_INCOMPAT_DIRTY_BITNR= 0,
>> +QCOW2_INCOMPAT_CORRUPT_BITNR  = 1,
>> +QCOW2_INCOMPAT_COMPRESSION_TYPE_BITNR = 2,
>> +QCOW2_INCOMPAT_DIRTY  = 1 << QCOW2_INCOMPAT_DIRTY_BITNR,
>> +QCOW2_INCOMPAT_CORRUPT= 1 << 
>> QCOW2_INCOMPAT_CORRUPT_BITNR,
>> +QCOW2_INCOMPAT_COMPRESSION_TYPE   =
>> +1 << 
>> QCOW2_INCOMPAT_COMPRESSION_TYPE_BITNR,
>>   
>>   QCOW2_INCOMPAT_MASK  = QCOW2_INCOMPAT_DIRTY
>>| QCOW2_INCOMPAT_CORRUPT,
> 
> This mask needs to be expanded by QCOW2_INCOMPAT_COMPRESSION_TYPE.
> 
>> @@ -256,6 +263,10 @@ typedef struct Qcow2BitmapHeaderExt {
>>   uint64_t bitmap_directory_offset;
>>   } QEMU_PACKED Qcow2BitmapHeaderExt;
>>   
>> +typedef struct Qcow2CompressionTypeExt {
>> +uint32_t compression_type;
>> +} QEMU_PACKED Qcow2CompressionTypeExt;
>> +
>>   typedef struct BDRVQcow2State {
>>   int cluster_bits;
>>   int cluster_size;
>> @@ -340,6 +351,13 @@ typedef struct BDRVQcow2State {
>>   
>>   CoQueue compress_wait_queue;
>>   int nb_compress_threads;
>> +/**
>> + * Compression type used for the image. Default: 0 - ZLIB
>> + * The image compression type is set on image creation.
>> + * The only way to change the compression type is to convert the image
>> + * with the desired compresion type set
> 
> *compression
> 
> And, well, ideally qemu-img amend could perform this operation, too.
> 
> Max
> 
>> + */
>> +uint32_t compression_type;
>>   } BDRVQcow2State;
>>   
>>   typedef struct Qcow2COWRegion {
>>
> 
> 

-- 
Best,
Denis

Re: [Qemu-devel] [PATCH v9 2/7] virtio-pmem: Add virtio pmem driver

[Pankaj Gupta]

> >> +  vpmem->vdev = vdev;
> >> +  vdev->priv = vpmem;
> >> +  err = init_vq(vpmem);
> >> +  if (err) {
> >> +  dev_err(&vdev->dev, "failed to initialize virtio pmem vq's\n");
> >> +  goto out_err;
> >> +  }
> >> +
> >> +  virtio_cread(vpmem->vdev, struct virtio_pmem_config,
> >> +  start, &vpmem->start);
> >> +  virtio_cread(vpmem->vdev, struct virtio_pmem_config,
> >> +  size, &vpmem->size);
> >> +
> >> +  res.start = vpmem->start;
> >> +  res.end   = vpmem->start + vpmem->size-1;
> > 
> > nit: " - 1;"
> > 
> >> +  vpmem->nd_desc.provider_name = "virtio-pmem";
> >> +  vpmem->nd_desc.module = THIS_MODULE;
> >> +
> >> +  vpmem->nvdimm_bus = nvdimm_bus_register(&vdev->dev,
> >> +  &vpmem->nd_desc);
> >> +  if (!vpmem->nvdimm_bus) {
> >> +  dev_err(&vdev->dev, "failed to register device with 
> >> nvdimm_bus\n");
> >> +  err = -ENXIO;
> >> +  goto out_vq;
> >> +  }
> >> +
> >> +  dev_set_drvdata(&vdev->dev, vpmem->nvdimm_bus);
> >> +
> >> +  ndr_desc.res = &res;
> >> +  ndr_desc.numa_node = nid;
> >> +  ndr_desc.flush = async_pmem_flush;
> >> +  set_bit(ND_REGION_PAGEMAP, &ndr_desc.flags);
> >> +  set_bit(ND_REGION_ASYNC, &ndr_desc.flags);
> >> +  nd_region = nvdimm_pmem_region_create(vpmem->nvdimm_bus, &ndr_desc);
> >> +  if (!nd_region) {
> >> +  dev_err(&vdev->dev, "failed to create nvdimm region\n");
> >> +  err = -ENXIO;
> >> +  goto out_nd;
> >> +  }
> >> +  nd_region->provider_data = dev_to_virtio(nd_region->dev.parent->parent);
> >> +  return 0;
> >> +out_nd:
> >> +  nvdimm_bus_unregister(vpmem->nvdimm_bus);
> >> +out_vq:
> >> +  vdev->config->del_vqs(vdev);
> >> +out_err:
> >> +  return err;
> >> +}
> >> +
> >> +static void virtio_pmem_remove(struct virtio_device *vdev)
> >> +{
> >> +  struct nvdimm_bus *nvdimm_bus = dev_get_drvdata(&vdev->dev);
> >> +
> >> +  nvdimm_bus_unregister(nvdimm_bus);
> >> +  vdev->config->del_vqs(vdev);
> >> +  vdev->config->reset(vdev);
> >> +}
> >> +
> >> +static struct virtio_driver virtio_pmem_driver = {
> >> +  .driver.name= KBUILD_MODNAME,
> >> +  .driver.owner   = THIS_MODULE,
> >> +  .id_table   = id_table,
> >> +  .probe  = virtio_pmem_probe,
> >> +  .remove = virtio_pmem_remove,
> >> +};
> >> +
> >> +module_virtio_driver(virtio_pmem_driver);
> >> +MODULE_DEVICE_TABLE(virtio, id_table);
> >> +MODULE_DESCRIPTION("Virtio pmem driver");
> >> +MODULE_LICENSE("GPL");
> >> diff --git a/drivers/nvdimm/virtio_pmem.h b/drivers/nvdimm/virtio_pmem.h
> >> new file mode 100644
> >> index ..ab1da877575d
> >> --- /dev/null
> >> +++ b/drivers/nvdimm/virtio_pmem.h
> >> @@ -0,0 +1,60 @@
> >> +/* SPDX-License-Identifier: GPL-2.0 */
> >> +/*
> >> + * virtio_pmem.h: virtio pmem Driver
> >> + *
> >> + * Discovers persistent memory range information
> >> + * from host and provides a virtio based flushing
> >> + * interface.
> >> + **/
> >> +
> >> +#ifndef _LINUX_VIRTIO_PMEM_H
> >> +#define _LINUX_VIRTIO_PMEM_H
> >> +
> >> +#include 
> >> +#include 
> >> +#include 
> >> +#include 
> >> +#include 
> >> +#include 
> >> +
> >> +struct virtio_pmem_request {
> >> +  /* Host return status corresponding to flush request */
> >> +  int ret;
> >> +
> >> +  /* command name*/
> >> +  char name[16];
> > 
> > So ... why are we sending string commands and expect native-endianess
> > integers and don't define a proper request/response structure + request
> > types in include/uapi/linux/virtio_pmem.h like
> > 
> > struct virtio_pmem_resp {
> > __virtio32 ret;
> > }
> 
> FWIW, I wonder if we should even properly translate return values and
> define types like
> 
> VIRTIO_PMEM_RESP_TYPE_OK  0
> VIRTIO_PMEM_RESP_TYPE_EIO 1

Don't think these are required as only failure and success
return types easy to understand.

Thanks,
Pankaj
> 
> ..
> 
> > 
> > #define VIRTIO_PMEM_REQ_TYPE_FLUSH  1
> > struct virtio_pmem_req {
> > __virtio16 type;
> > }
> > 
> > ... and this way we also define a proper endianess format for exchange
> > and keep it extensible
> > 
> > @MST, what's your take on this?
> > 
> > 
> 
> 
> --
> 
> Thanks,
> 
> David / dhildenb
> 

Re: [Qemu-devel] [PATCH] spapr: Print out extra hints when CAS negotiation of interrupt mode fails

[Cédric Le Goater]

On 5/16/19 9:45 AM, Satheesh Rajendran wrote:
> On Thu, May 16, 2019 at 09:36:57AM +0200, Greg Kurz wrote:
>> Let's suggest to the user how the machine should be configured to allow
>> the guest to boot successfully.
>>
>> Suggested-by: Satheesh Rajendran 
>> Signed-off-by: Greg Kurz 
>> ---
>>  hw/ppc/spapr_hcall.c |4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> Reviewed-and-Tested-by: Satheesh Rajendran 

you should use two different tags. I don't think patchwork understand
compounds.

C. 

> 2019-05-16T07:42:43.018771Z qemu-system-ppc64: Guest requested unavailable 
> interrupt mode (XICS), either don't set the ic-mode machine property or try 
> ic-mode=xics or ic-mode=dual
> 2019-05-16 07:42:43.394+: shutting down, reason=crashed
> 
>>
>> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
>> index 63a55614b83d..aae9fd2b3e6d 100644
>> --- a/hw/ppc/spapr_hcall.c
>> +++ b/hw/ppc/spapr_hcall.c
>> @@ -1646,12 +1646,12 @@ static target_ulong 
>> h_client_architecture_support(PowerPCCPU *cpu,
>>   */
>>  if (guest_xive) {
>>  if (spapr->irq->ov5 == SPAPR_OV5_XIVE_LEGACY) {
>> -error_report("Guest requested unavailable interrupt mode 
>> (XIVE)");
>> +error_report("Guest requested unavailable interrupt mode 
>> (XIVE), try the ic-mode=xive or ic-mode=dual machine property");
>>  exit(EXIT_FAILURE);
>>  }
>>  } else {
>>  if (spapr->irq->ov5 == SPAPR_OV5_XIVE_EXPLOIT) {
>> -error_report("Guest requested unavailable interrupt mode 
>> (XICS)");
>> +error_report("Guest requested unavailable interrupt mode 
>> (XICS), either don't set the ic-mode machine property or try ic-mode=xics or 
>> ic-mode=dual");
>>  exit(EXIT_FAILURE);
>>  }
>>  }
>>
> 

Re: [Qemu-devel] [PATCH v2 1/4] net: fix assertion failure when ipv6-prefixlen is not a number

[Markus Armbruster]

Stefano Garzarella  writes:

> If 'ipv6-prefixlen' is not a number, the current behaviour
> produces an assertion failure:
> $ qemu-system-x86_64 -net user,ipv6-net=feca::0/a
> qemu-system-x86_64: qemu/util/qemu-option.c:1175: qemu_opts_foreach:
> Assertion `!errp || !*errp' failed.
> Aborted (core dumped)
>
> This patch fixes it, jumping to the end of the function when
> 'ipv6-prefixlen' is not a number, and printing the more friendly
> message:
> $ qemu-system-x86_64 -net user,ipv6-net=feca::0/a
> qemu-system-x86_64: Parameter 'ipv6-prefixlen' expects a number
>
> Signed-off-by: Stefano Garzarella 

Reviewed-by: Markus Armbruster 

Re: [Qemu-devel] [PULL 22/27] vl: Create block backends before setting machine properties

[Michal Privoznik]

On 3/11/19 11:08 PM, Markus Armbruster wrote:

qemu-system-FOO's main() acts on command line arguments in its own
idiosyncratic order.  There's not much method to its madness.
Whenever we find a case where one kind of command line argument needs
to refer to something created for another kind later, we rejigger the
order.

Block devices get created long after machine properties get processed.
Therefore, block device machine properties can be created, but not
set.  No such properties exist.  But the next commit will create some.
Time to rejigger again: create block devices earlier.

Signed-off-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190308131445.17502-8-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
---
  vl.c | 9 +++--
  1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/vl.c b/vl.c
index c22ca447fa..e9239d55ad 100644
--- a/vl.c
+++ b/vl.c
@@ -4274,6 +4274,13 @@ int main(int argc, char **argv, char **envp)
  exit(0);
  }
  
+/*

+ * Note: we need to create block backends before
+ * machine_set_property(), so machine properties can refer to
+ * them.
+ */
+configure_blockdev(&bdo_queue, machine_class, snapshot);
+
  machine_opts = qemu_get_machine_opts();
  qemu_opt_foreach(machine_opts, machine_set_property, current_machine,
   &error_fatal);
@@ -4400,8 +4407,6 @@ int main(int argc, char **argv, char **envp)
  ram_mig_init();
  dirty_bitmap_mig_init();
  
-configure_blockdev(&bdo_queue, machine_class, snapshot);

-
  qemu_opts_foreach(qemu_find_opts("mon"),
mon_init_func, NULL, &error_fatal);
  



Actually, there is more problems with this. Trying to run a guest with 
persistent reservations fails after this patch is applied (git bisect 
points me to this commit). My command line is:


qemu.git $ ./x86_64-softmmu/qemu-system-x86_64 \
-monitor stdio \
-object pr-manager-helper,id=pr-helper0,path=/tmp/pr-helper0.sock
-drive 
file=/dev/mapper/crypt,file.pr-manager=pr-helper0,format=raw,if=none,id=drive-scsi0-0-0-2 
\
-device 
scsi-block,bus=scsi0.0,channel=0,scsi-id=0,lun=2,drive=drive-scsi0-0-0-2,id=scsi0-0-0-2


Honestly, I have no idea how to fix it, so I'm just raising this issue 
here. Do you want me to open a bug or something?


Thanks,
Michal

Re: [Qemu-devel] [PATCH v2 2/4] net: avoid using variable length array in net_client_init()

[Markus Armbruster]

Stefano Garzarella  writes:

> net_client_init() uses a variable length array to store the prefix
> of 'ipv6-net' parameter (e.g. if ipv6-net=fec0::0/64, the prefix
> is 'fec0::0').
> This patch introduces g_strsplit() to split the 'ipv6-net' parameter,
> so we can remove the variable length array.
>
> Suggested-by: Markus Armbruster 
> Signed-off-by: Stefano Garzarella 
> ---
>  net/net.c | 33 +
>  1 file changed, 21 insertions(+), 12 deletions(-)
>
> diff --git a/net/net.c b/net/net.c
> index d5071e49e2..932fa5abb5 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -1118,29 +1118,38 @@ static int net_client_init(QemuOpts *opts, bool 
> is_netdev, Error **errp)
>  const char *ip6_net = qemu_opt_get(opts, "ipv6-net");
>  
>  if (ip6_net) {
> -char buf[strlen(ip6_net) + 1];
> +gchar **substrings;
> +char *prefix_addr;
> +unsigned long prefix_len = 64; /* Default 64bit prefix length. */
>  
> -if (get_str_sep(buf, sizeof(buf), &ip6_net, '/') < 0) {
> -/* Default 64bit prefix length.  */
> -qemu_opt_set(opts, "ipv6-prefix", ip6_net, &error_abort);
> -qemu_opt_set_number(opts, "ipv6-prefixlen", 64, 
> &error_abort);
> -} else {
> +substrings = g_strsplit(ip6_net, "/", 2);
> +if (!substrings || !substrings[0]) {
> +error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
> +   "ipv6-net", "a valid IPv6 prefix");
> +g_strfreev(substrings);
> +goto out;

Indentation's off.

> +}
> +
> +*prefix_addr = substrings[0];
> +
> +if (substrings[1]) {
>  /* User-specified prefix length.  */
> -unsigned long len;
>  int err;
>  
> -qemu_opt_set(opts, "ipv6-prefix", buf, &error_abort);
> -err = qemu_strtoul(ip6_net, NULL, 10, &len);
> -
> +err = qemu_strtoul(substrings[1], NULL, 10, &prefix_len);
>  if (err) {
>  error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
> "ipv6-prefixlen", "a number");
> +g_strfreev(substrings);
>  goto out;

Two g_strfreev() before goto out.  Avoidable: declare substrings at the
function level, initialize to NULL, then call g_strfreev(substrings) ...

>  }
> -
> -qemu_opt_set_number(opts, "ipv6-prefixlen", len, 
> &error_abort);
>  }
> +
> +qemu_opt_set(opts, "ipv6-prefix", prefix_addr, &error_abort);
> +qemu_opt_set_number(opts, "ipv6-prefixlen", prefix_len,
> +&error_abort);
>  qemu_opt_unset(opts, "ipv6-net");
> +g_strfreev(substrings);
>  }
>  }

   if (is_netdev) {
   visit_type_Netdev(v, NULL, (Netdev **)&object, &err);
   } else {
   visit_type_NetLegacy(v, NULL, (NetLegacy **)&object, &err);
   }

   if (!err) {
   ret = net_client_init1(object, is_netdev, &err);
   }

   if (is_netdev) {
   qapi_free_Netdev(object);
   } else {
   qapi_free_NetLegacy(object);
   }

   out:
   error_propagate(errp, err);

... here.  Your choice.

   visit_free(v);
   return ret;
   }

With at least the indentation fixed:
Reviewed-by: Markus Armbruster 


Not this patch's problem: when visit_type_FOO() fails with an input
visitor such as @v, you should not call qapi_free_FOO().  Nothing bad
happens when you do, it's just sloppy.  See visitor.h's big comment for
details.

Cleaner:

   if (is_netdev) {
   visit_type_Netdev(v, NULL, (Netdev **)&object, &err);
   } else {
   visit_type_NetLegacy(v, NULL, (NetLegacy **)&object, &err);
   }
   if (err) {
   goto out;
   }

   ret = net_client_init1(object, is_netdev, &err);

   if (is_netdev) {
   qapi_free_Netdev(object);
   } else {
   qapi_free_NetLegacy(object);
   }

   out:

Or maybe:

   if (is_netdev) {
   visit_type_Netdev(v, NULL, &netdev, &err);
   if (err) {
   goto out;
   }
   ret = net_client_init1(netdev, is_netdev, &err);
   qapi_free_Netdev(netdev);
   } else {
   visit_type_NetLegacy(v, NULL, &netlegacy, &err);
   if (err) {
   goto out;
   }
   ret = net_client_init1(netlegacy, is_netdev, &err);
   qapi_free_NetLegacy(netlegacy);
   }

   out:

with

   Netdev *netdev;
   NetLegacy *netlegacy;

replacing @object.

Or one step further: observe net_client_init() is always called with a
compile-time constant second argument.  Split it into two functions,
factor the common part into a helper.

Re: [Qemu-devel] [PATCH] spapr: Print out extra hints when CAS negotiation of interrupt mode fails

[Satheesh Rajendran]

On Thu, May 16, 2019 at 10:32:15AM +0200, Greg Kurz wrote:
> On Thu, 16 May 2019 10:22:26 +0200
> Cédric Le Goater  wrote:
> 
> > On 5/16/19 9:45 AM, Satheesh Rajendran wrote:
> > > On Thu, May 16, 2019 at 09:36:57AM +0200, Greg Kurz wrote:  
> > >> Let's suggest to the user how the machine should be configured to allow
> > >> the guest to boot successfully.
> > >>
> > >> Suggested-by: Satheesh Rajendran 
> > >> Signed-off-by: Greg Kurz 
> > >> ---
> > >>  hw/ppc/spapr_hcall.c |4 ++--
> > >>  1 file changed, 2 insertions(+), 2 deletions(-)  
> > > 
> > > Reviewed-and-Tested-by: Satheesh Rajendran   

Reviewed-by: Satheesh Rajendran 
Tested-by: Satheesh Rajendran 

Done!

> > 
> > you should use two different tags. I don't think patchwork understand
> > compounds.
> > 
> > C. 
> > 
> 
Thanks !!
> It doesn't indeed.
> 
> $ pwclient view 1100396 | grep Reviewed
> $
>  
Regards,
-Satheesh.
> > > 2019-05-16T07:42:43.018771Z qemu-system-ppc64: Guest requested 
> > > unavailable interrupt mode (XICS), either don't set the ic-mode machine 
> > > property or try ic-mode=xics or ic-mode=dual
> > > 2019-05-16 07:42:43.394+: shutting down, reason=crashed
> > >   
> > >>
> > >> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> > >> index 63a55614b83d..aae9fd2b3e6d 100644
> > >> --- a/hw/ppc/spapr_hcall.c
> > >> +++ b/hw/ppc/spapr_hcall.c
> > >> @@ -1646,12 +1646,12 @@ static target_ulong 
> > >> h_client_architecture_support(PowerPCCPU *cpu,
> > >>   */
> > >>  if (guest_xive) {
> > >>  if (spapr->irq->ov5 == SPAPR_OV5_XIVE_LEGACY) {
> > >> -error_report("Guest requested unavailable interrupt mode 
> > >> (XIVE)");
> > >> +error_report("Guest requested unavailable interrupt mode 
> > >> (XIVE), try the ic-mode=xive or ic-mode=dual machine property");
> > >>  exit(EXIT_FAILURE);
> > >>  }
> > >>  } else {
> > >>  if (spapr->irq->ov5 == SPAPR_OV5_XIVE_EXPLOIT) {
> > >> -error_report("Guest requested unavailable interrupt mode 
> > >> (XICS)");
> > >> +error_report("Guest requested unavailable interrupt mode 
> > >> (XICS), either don't set the ic-mode machine property or try 
> > >> ic-mode=xics or ic-mode=dual");
> > >>  exit(EXIT_FAILURE);
> > >>  }
> > >>  }
> > >>  
> > >   
> > 
> 

Re: [Qemu-devel] [PATCH] spapr: Print out extra hints when CAS negotiation of interrupt mode fails

[Greg Kurz]

On Thu, 16 May 2019 10:22:26 +0200
Cédric Le Goater  wrote:

> On 5/16/19 9:45 AM, Satheesh Rajendran wrote:
> > On Thu, May 16, 2019 at 09:36:57AM +0200, Greg Kurz wrote:  
> >> Let's suggest to the user how the machine should be configured to allow
> >> the guest to boot successfully.
> >>
> >> Suggested-by: Satheesh Rajendran 
> >> Signed-off-by: Greg Kurz 
> >> ---
> >>  hw/ppc/spapr_hcall.c |4 ++--
> >>  1 file changed, 2 insertions(+), 2 deletions(-)  
> > 
> > Reviewed-and-Tested-by: Satheesh Rajendran   
> 
> you should use two different tags. I don't think patchwork understand
> compounds.
> 
> C. 
> 

It doesn't indeed.

$ pwclient view 1100396 | grep Reviewed
$
 
> > 2019-05-16T07:42:43.018771Z qemu-system-ppc64: Guest requested unavailable 
> > interrupt mode (XICS), either don't set the ic-mode machine property or try 
> > ic-mode=xics or ic-mode=dual
> > 2019-05-16 07:42:43.394+: shutting down, reason=crashed
> >   
> >>
> >> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> >> index 63a55614b83d..aae9fd2b3e6d 100644
> >> --- a/hw/ppc/spapr_hcall.c
> >> +++ b/hw/ppc/spapr_hcall.c
> >> @@ -1646,12 +1646,12 @@ static target_ulong 
> >> h_client_architecture_support(PowerPCCPU *cpu,
> >>   */
> >>  if (guest_xive) {
> >>  if (spapr->irq->ov5 == SPAPR_OV5_XIVE_LEGACY) {
> >> -error_report("Guest requested unavailable interrupt mode 
> >> (XIVE)");
> >> +error_report("Guest requested unavailable interrupt mode 
> >> (XIVE), try the ic-mode=xive or ic-mode=dual machine property");
> >>  exit(EXIT_FAILURE);
> >>  }
> >>  } else {
> >>  if (spapr->irq->ov5 == SPAPR_OV5_XIVE_EXPLOIT) {
> >> -error_report("Guest requested unavailable interrupt mode 
> >> (XICS)");
> >> +error_report("Guest requested unavailable interrupt mode 
> >> (XICS), either don't set the ic-mode machine property or try ic-mode=xics 
> >> or ic-mode=dual");
> >>  exit(EXIT_FAILURE);
> >>  }
> >>  }
> >>  
> >   
> 

Re: [Qemu-devel] [PATCH v2 3/4] net: use g_strsplit() for parsing host address and port

[Markus Armbruster]

Stefano Garzarella  writes:

> Use the glib function to split host address and port in
> the parse_host_port() function.
>
> Suggested-by: Markus Armbruster 
> Signed-off-by: Stefano Garzarella 

Reviewed-by: Markus Armbruster 

Re: [Qemu-devel] [PATCH v2 4/4] net: remove unused get_str_sep() function

[Markus Armbruster]

Stefano Garzarella  writes:

> Since the get_str_sep() function is no longer used in
> net/net.c, we can remove it.
>
> Signed-off-by: Stefano Garzarella 

Reviewed-by: Markus Armbruster 

Re: [Qemu-devel] [PATCH 1/5] vfio: vfio_iommu_type1: linux header place holder

[Pierre Morel]

On 12/05/2019 20:22, Michael S. Tsirkin wrote:

On Fri, May 10, 2019 at 04:38:49PM +0200, Pierre Morel wrote:

This should be copied from Linux kernel UAPI includes.

Signed-off-by: Pierre Morel 


pls add a note which linux version did you sync with.


I will, thanks.
Pierre




---
  linux-headers/linux/vfio.h | 16 +---
  1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
index 12a7b1d..eaecaef 100644
--- a/linux-headers/linux/vfio.h
+++ b/linux-headers/linux/vfio.h
@@ -9,8 +9,8 @@
   * it under the terms of the GNU General Public License version 2 as
   * published by the Free Software Foundation.
   */
-#ifndef VFIO_H
-#define VFIO_H
+#ifndef _UAPIVFIO_H
+#define _UAPIVFIO_H
  
  #include 

  #include 
@@ -711,6 +711,16 @@ struct vfio_iommu_type1_info {
__u32   flags;
  #define VFIO_IOMMU_INFO_PGSIZES (1 << 0)/* supported page sizes info 
*/
__u64   iova_pgsizes;   /* Bitmap of supported page sizes */
+#define VFIO_IOMMU_INFO_CAPABILITIES (1 << 1)  /* support capabilities info */
+   __u64   cap_offset; /* Offset within info struct of first cap */
+};
+
+#define VFIO_IOMMU_INFO_CAP_QFN1
+#define VFIO_IOMMU_INFO_CAP_QGRP   2
+
+struct vfio_iommu_type1_info_block {
+   struct vfio_info_cap_header header;
+   __u32 data[];
  };
  
  #define VFIO_IOMMU_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12)

@@ -910,4 +920,4 @@ struct vfio_iommu_spapr_tce_remove {
  
  /* * */
  
-#endif /* VFIO_H */

+#endif /* _UAPIVFIO_H */
--
2.7.4





--
Pierre Morel
Linux/KVM/QEMU in Böblingen - Germany

Re: [Qemu-devel] [PATCH 3/5] s390: vfio_pci: Use a PCI Group structure

[Pierre Morel]

On 14/05/2019 13:49, Cornelia Huck wrote:

On Fri, 10 May 2019 16:38:51 +0200
Pierre Morel  wrote:


We use a S390PCIGroup structure to hold the information
related to zPCI Function group.

This allows us to be ready to support multiple groups and to retrieve
the group information from the host.


What if there is no host to retrieve information from?


There is a default group for emulate devices.
I will enhance the comment.

Thanks





Signed-off-by: Pierre Morel 
---
  hw/s390x/s390-pci-bus.c  | 42 ++
  hw/s390x/s390-pci-bus.h  | 11 ++-
  hw/s390x/s390-pci-inst.c | 22 +-
  3 files changed, 65 insertions(+), 10 deletions(-)



diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
index be28962..8147847 100644
--- a/hw/s390x/s390-pci-inst.c
+++ b/hw/s390x/s390-pci-inst.c
@@ -284,21 +284,25 @@ int clp_service_call(S390CPU *cpu, uint8_t r2, uintptr_t 
ra)
  stq_p(&resquery->edma, ZPCI_EDMA_ADDR);
  stl_p(&resquery->fid, pbdev->fid);
  stw_p(&resquery->pchid, 0);
-stw_p(&resquery->ug, 1);
+stw_p(&resquery->ug, ZPCI_DEFAULT_FN_GRP);
  stl_p(&resquery->uid, pbdev->uid);
  stw_p(&resquery->hdr.rsp, CLP_RC_OK);
  break;
  }
  case CLP_QUERY_PCI_FNGRP: {
  ClpRspQueryPciGrp *resgrp = (ClpRspQueryPciGrp *)resh;
-resgrp->fr = 1;
-stq_p(&resgrp->dasm, 0);
-stq_p(&resgrp->msia, ZPCI_MSI_ADDR);
-stw_p(&resgrp->mui, DEFAULT_MUI);
-stw_p(&resgrp->i, 128);
-stw_p(&resgrp->maxstbl, 128);
-resgrp->version = 0;
  
+ClpReqQueryPciGrp *reqgrp = (ClpReqQueryPciGrp *)reqh;

+S390PCIGroup *grp;
+
+grp = s390_grp_find(reqgrp->g);
+if (!grp) {
+/* We do not allow access to unknown groups */
+/* The group must have been obtained with a vfio device */


What about non-vfio devices? How does this whole feature work for
emulated devices?


Emulated devices get a default group with predefined values.
The predefined values we used before this series.
I will modify the patch comment to explain the emulated devices case.
Thanks for the comments.

Regards,
Pierre


--
Pierre Morel
Linux/KVM/QEMU in Böblingen - Germany

Re: [Qemu-devel] [RFC] hw/core/bus.c: Only the main system bus can have no parent

[Peter Maydell]

On Thu, 16 May 2019 at 06:37, Markus Armbruster  wrote:
>
> Peter Maydell  writes:
>
> > In commit 80376c3fc2c38fdd453 in 2010 we added a workaround for
> > some qbus buses not being connected to qdev devices -- if the
> > bus has no parent object then we register a reset function which
> > resets the bus on system reset.
> >
> > Nearly a decade later, we have now no buses in the tree which
> > are created with non-NULL parents, so we can remove the
> > workaround and instead just assert that if the bus has a NULL
> > parent then it is the main system bus.
> >
> > (The absence of other parentless buses was confirmed by
> > code inspection of all the callsites of qbus_create() and
> > qbus_create_inplace() and cross-checked by 'make check'.)
>
> Could we assert(parent || bus == main_system_bus) in qbus_realize()?

Er, that's what this patch is doing.

> Aside: I hate sysbus_get_default().  It creates main_system_bus on first
> call, wherever that call may be hiding.  I feel we should create it
> explicitly.  I'd then make main_system_bus public, and delete
> sysbus_get_default().

Yes, I think that would be a reasonable thing to do.
The implicit creation is weird since we effectively
rely on a main system bus existing anyway (it is the root
of the reset tree).

> > Signed-off-by: Peter Maydell 
> > ---
> > While I was reviewing Damian's reset patchset I noticed this
> > code which meant that we theoretically had multiple 'roots' to
> > the set of things being reset, so I wondered what was actually
> > using it. It turns out nothing was :-)
> >
> > Commit 80376c3fc2c38fdd453 also added a TODO in vl.c suggesting
> > that there is the wrong place to register the reset function
> > which effectively resets the whole system starting at the
> > root which is the main system bus:
> >qemu_register_reset(qbus_reset_all_fn, sysbus_get_default());
> > I don't understand why vl.c is a bad place to put that, and I'd
> > rather not move it to qdev.c (where in qdev.c?) because that
> > would reshuffle reset ordering which seems liable to cause
> > regressions. So maybe we should just delete that TODO comment?
>
> Hmm.
>
> The one in vl.c arranges to run qbus_reset_all(main_system_bus), which
> walks the tree rooted at main_system_bus, resetting its buses and
> devices in post-order.
>
> A registry of callbacks to run on certain events is a fine technique.
> Relying on registration order, however, is in bad taste.  We should
> model dependencies between reset functions explicitly.

That might be nice, but in practice we have no such model at
all, and I don't think I've seen anybody propose one. I hope we
don't have too many accidental ordering dependencies, but I'm
not confident that we have none at all, and would prefer not to
prod that sleeping dragon...

The multi-phase-reset patches Damien has on list at the moment
would allow some of the reset ordering issues to be sidestepped
because "phase 1" for all devices happens before "phase 2" so
you have "before" and "after" places to put the logic in different
devices.

> That said, we can't ignore dependencies just because we've coded them
> badly.
>
> I count more than 100 qemu_register_reset(), and most of them look like
> they reset hardware.  Why do devices use qemu_register_reset() instead
> of DeviceClass method reset?

Most of the ones for hardware are "this device hasn't been
converted to be a QOM Device" (eg hw/arm/omap1.c, hw/input/pckbd.c,
lots of the stuff in hw/ppc).

The other reason for having to have a qemu_register_reset() handler
to reset something that's a Device is if that Device is not on
a qbus. The most common example of this is CPUs -- since those
don't have a bus to live on they don't get reset by the "reset
everything that's on a QOM bus reachable from the main system
bus" logic. I'm not sure what the nicest way to address this is:
transitioning away from "reset of devices is based on the qdev tree"
to something else seems between difficult and impossible, even
though logically speaking the QOM tree is in many cases closer
to the actual hardware hierarchy of reset.

> Registered handlers run in (implicitly defined) registration order,
> reset methods in (explicit) qdev tree post order.  Much better as long
> as that's the order we want.
>
> Say we managed to clean up this mess somehow, so reset handler
> registration order doesn't matter anymore.  Then moving the
> qemu_register_reset() for main_system_bus from main() to wherever we
> create main_system_bus would make sense, wouldn't it?

I guess so... (There's an argument that the main system bus
should be a child bus of the Machine object, logically speaking,
but Machines aren't subtypes of Device so that doesn't work.)

> If it does make sense, we should keep the TODO in main(), because it
> asks for exactly that.  Perhaps delete "by qdev.c".
>
> > ---
> >  hw/core/bus.c | 7 +++
> >  1 file changed, 3 insertions(+), 4 deletions(-)
> >
> > diff --git a/hw/core/bus.c b/hw/core/bus.c
> > in

Re: [Qemu-devel] [PATCH 00/11] kvm/migration: support KVM_CLEAR_DIRTY_LOG

[Peter Xu]

On Thu, May 09, 2019 at 10:33:19AM +0800, Peter Xu wrote:
> On Wed, May 08, 2019 at 01:55:07PM +0200, Paolo Bonzini wrote:
> > On 08/05/19 06:39, Peter Xu wrote:
> > >> The disadvantage of this is that you won't clear in the kernel those
> > >> dirty bits that come from other sources (e.g. vhost or
> > >> address_space_map).  This can lead to double-copying of pages.
> > >>
> > >> Migration already makes a local copy in rb->bmap, and
> > >> memory_region_snapshot_and_clear_dirty can also do the clear.  Would it
> > >> be possible to invoke the clear using rb->bmap instead of the KVMSlot's
> > >> new bitmap?
> > >
> > > Actually that's what I did in the first version before I post the work
> > > but I noticed that there seems to have a race condition with the
> > > design.  The problem is we have multiple copies of the same dirty
> > > bitmap from KVM and the race can happen with those multiple users
> > > (bitmaps of the users can be a merged version containing KVM and other
> > > sources like vhost, address_space_map, etc. but let's just make it
> > > simpler to not have them yet).
> > 
> > I see now.  And in fact the same double-copying inefficiency happens
> > already without this series, so you are improving the situation anyway.
> > 
> > Have you done any kind of benchmarking already?
> 
> Not yet.  I posted the series for some initial reviews first before
> moving on with performance tests.
> 
> My plan of the test scenario could be:
> 
> - find a guest with relatively large memory (I would guess it is
>   better to have memory like 64G or even more to make some big
>   difference)
> 
> - run random dirty memory workload upon most of the mem, with dirty
>   rate X Bps.
> 
> - setup the migration bandwidth to Y Bps (Y should be bigger than X
>   but not that big.  One could be X=800M and Y=1G to emulate 10G nic
>   with a workload that we can still converge with precopy only) and
>   start precopy migration.
> 
> - measure total migration time with CLEAR_LOG on & off. We should
>   expect the guest to have these with CLEAR_LOG: (1) not hang during
>   log_sync, and (2) migration should complete faster.

Some updates on performance numbers.

Summary: the ideal case below shows ~40% or even more time reduced to
migrate the same VM with the same workload.  In other words, it could
be seen as ~40% faster than before.

Test environment: 13G guest, 10G test mem (so I leave 3G untouched),
dirty rate 900MB/s, BW 10Gbps to emulate ixgbe, downtime 100ms.

IO pattern: I pre-fault all the 10G mem then I do random writes (with
command "mig_mon mm_dirty 10240 900 random" [1]) upon the test memory
with a constant dirty rate (900MB/s, as mentioned).  Then I migrate
during the IOs.

Here's the total migration time of such VM (for each scenario, I run
the migration 5 times then I get an average migration total time
used):

   |--+-+-|
   | scenario | migration times (s) | average (s) |
   |--+-+-|
   | no CLEAR_LOG | 55, 54, 56, 74, 54  |  58 |
   | 1G chunk | 40, 39, 41, 39, 40  |  40 |
   | 128M chunk   | 38, 40, 37, 40, 38  |  38 |
   | 16M chunk| 42, 40, 38, 41, 38  |  39 |
   | 1M chunk | 37, 40, 36, 40, 39  |  38 |
   |--+-+-|

The first "no CLEAR_LOG" means the master branch which still uses the
GET_DIRTY only.  The latter four scenarios are all with the new
CLEAR_LOG interface, aka, this series.  The test result shows that
128M chunk size seems to be a good default value instead of 1G (which
this series used).  I'll adjust that accordingly when I post the next
version.

[1] https://github.com/xzpeter/clibs/blob/master/bsd/mig_mon/mig_mon.c

Regards,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2] migration/dirty-bitmaps: change bitmap enumeration method

[Vladimir Sementsov-Ogievskiy]

14.05.2019 23:19, John Snow wrote:
> Shift from looking at every root BDS to *every* BDS. This will migrate
> bitmaps that are attached to blockdev created nodes instead of just ones
> attached to emulated storage devices.
> 
> Note that this will not migrate anonymous or internal-use bitmaps, as
> those are defined as having no name.
> 
> This will also fix the Coverity issues Peter Maydell has been asking
> about for the past several releases, as well as fixing a real bug.
> 
> Reported-by: Peter Maydell 
> Reported-by: Coverity 😅
> Reported-by: aihua liang 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1652490
> Fixes: Coverity CID 1390625
> CC: Stefan Hajnoczi 
> Signed-off-by: John Snow 
> ---
>   migration/block-dirty-bitmap.c | 14 --
>   1 file changed, 4 insertions(+), 10 deletions(-)
> 
> diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
> index d1bb863cb6..4a896a09eb 100644
> --- a/migration/block-dirty-bitmap.c
> +++ b/migration/block-dirty-bitmap.c
> @@ -273,7 +273,6 @@ static int init_dirty_bitmap_migration(void)
>   BlockDriverState *bs;
>   BdrvDirtyBitmap *bitmap;
>   DirtyBitmapMigBitmapState *dbms;
> -BdrvNextIterator it;
>   Error *local_err = NULL;
>   
>   dirty_bitmap_mig_state.bulk_completed = false;
> @@ -281,13 +280,8 @@ static int init_dirty_bitmap_migration(void)
>   dirty_bitmap_mig_state.prev_bitmap = NULL;
>   dirty_bitmap_mig_state.no_bitmaps = false;
>   
> -for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
> -const char *drive_name = bdrv_get_device_or_node_name(bs);
> -
> -/* skip automatically inserted nodes */
> -while (bs && bs->drv && bs->implicit) {
> -bs = backing_bs(bs);
> -}

hm, so, after the patch, for implicitly-filtered nodes we'll have node_name 
instead of device name..

But, on the other, hand, if we have implicitly-filtered node on target, we were 
doing wrong thing anyway,
as dirty_bitmap_load_header don't skip implicit nodes.

> +for (bs = bdrv_next_all_states(NULL); bs; bs = bdrv_next_all_states(bs)) 
> {

As I understand, difference with bdrv_next_node is that we don't skip unnamed 
nodes [...]

> +const char *name = bdrv_get_device_or_node_name(bs);
>   
>   for (bitmap = bdrv_dirty_bitmap_next(bs, NULL); bitmap;
>bitmap = bdrv_dirty_bitmap_next(bs, bitmap))
> @@ -296,7 +290,7 @@ static int init_dirty_bitmap_migration(void)
>   continue;
>   }
>   
> -if (drive_name == NULL) {
> +if (!name || strcmp(name, "") == 0) {

[...] to do this (may be paranoiac, but why not?) check

>   error_report("Found bitmap '%s' in unnamed node %p. It 
> can't "
>"be migrated", bdrv_dirty_bitmap_name(bitmap), 
> bs);
>   goto fail;
> @@ -313,7 +307,7 @@ static int init_dirty_bitmap_migration(void)
>   
>   dbms = g_new0(DirtyBitmapMigBitmapState, 1);
>   dbms->bs = bs;
> -dbms->node_name = drive_name;
> +dbms->node_name = name;
>   dbms->bitmap = bitmap;
>   dbms->total_sectors = bdrv_nb_sectors(bs);
>   dbms->sectors_per_chunk = CHUNK_SIZE * 8 *
> 

There is still some mess about device name vs node name, and I don't know, 
could we somehow
solve it, but patch looks OK for me anyway:

Reviewed-by: Vladimir Sementsov-Ogievskiy 

-- 
Best regards,
Vladimir

Re: [Qemu-devel] [PATCH v13 09/12] Add rx-softmmu

[Philippe Mathieu-Daudé]

On 5/16/19 7:52 AM, Yoshinori Sato wrote:
> Signed-off-by: Yoshinori Sato 
> Tested-by: Philippe Mathieu-Daudé 
> 
> Using only CONFIG_RX=y:

Richard: Can you drop the previous "Using only CONFIG_RX=y" line?
It was related to an older series. Thanks!

> Reviewed-by: Philippe Mathieu-Daudé 
> 
> Signed-off-by: Yoshinori Sato 

One S-o-b is enough ;) I'm not asking you to respin this series however!

> ---
>  configure  | 8 
>  default-configs/rx-softmmu.mak | 3 +++
>  include/sysemu/arch_init.h | 1 +
>  arch_init.c| 2 ++
>  hw/Kconfig | 1 +
>  5 files changed, 15 insertions(+)
>  create mode 100644 default-configs/rx-softmmu.mak
> 
> diff --git a/configure b/configure
> index 8999698bc2..28782762dd 100755
> --- a/configure
> +++ b/configure
> @@ -7547,6 +7547,11 @@ case "$target_name" in
>  gdb_xml_files="riscv-64bit-cpu.xml riscv-64bit-fpu.xml 
> riscv-64bit-csr.xml"
>  target_compiler=$cross_cc_riscv64
>;;
> +  rx)
> +TARGET_ARCH=rx
> +bflt="yes"
> +target_compiler=$cross_cc_rx
> +  ;;
>sh4|sh4eb)
>  TARGET_ARCH=sh4
>  bflt="yes"
> @@ -7767,6 +7772,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
>riscv*)
>  disas_config "RISCV"
>;;
> +  rx)
> +disas_config "RX"
> +  ;;
>s390*)
>  disas_config "S390"
>;;
> diff --git a/default-configs/rx-softmmu.mak b/default-configs/rx-softmmu.mak
> new file mode 100644
> index 00..a3eecefb11
> --- /dev/null
> +++ b/default-configs/rx-softmmu.mak
> @@ -0,0 +1,3 @@
> +# Default configuration for rx-softmmu
> +
> +CONFIG_RX_VIRT=y
> diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
> index 10cbafe970..3f4f844f7b 100644
> --- a/include/sysemu/arch_init.h
> +++ b/include/sysemu/arch_init.h
> @@ -25,6 +25,7 @@ enum {
>  QEMU_ARCH_NIOS2 = (1 << 17),
>  QEMU_ARCH_HPPA = (1 << 18),
>  QEMU_ARCH_RISCV = (1 << 19),
> +QEMU_ARCH_RX = (1 << 20),
>  };
>  
>  extern const uint32_t arch_type;
> diff --git a/arch_init.c b/arch_init.c
> index f4f3f610c8..cc25ddd7ca 100644
> --- a/arch_init.c
> +++ b/arch_init.c
> @@ -74,6 +74,8 @@ int graphic_depth = 32;
>  #define QEMU_ARCH QEMU_ARCH_PPC
>  #elif defined(TARGET_RISCV)
>  #define QEMU_ARCH QEMU_ARCH_RISCV
> +#elif defined(TARGET_RX)
> +#define QEMU_ARCH QEMU_ARCH_RX
>  #elif defined(TARGET_S390X)
>  #define QEMU_ARCH QEMU_ARCH_S390X
>  #elif defined(TARGET_SH4)
> diff --git a/hw/Kconfig b/hw/Kconfig
> index 88b9f15007..63a071092e 100644
> --- a/hw/Kconfig
> +++ b/hw/Kconfig
> @@ -53,6 +53,7 @@ source nios2/Kconfig
>  source openrisc/Kconfig
>  source ppc/Kconfig
>  source riscv/Kconfig
> +source rx/Kconfig
>  source s390x/Kconfig
>  source sh4/Kconfig
>  source sparc/Kconfig
> 

Re: [Qemu-devel] [PATCH v12 00/12] Add RX archtecture support

[Philippe Mathieu-Daudé]

Hi Yoshinori,

On 5/16/19 6:13 AM, Yoshinori Sato wrote:
> On Thu, 16 May 2019 01:48:29 +0900,
> Richard Henderson wrote:
[...]>> Rather than having you send out a v13 with only changes to the
tags, I will
>> apply them myself while preparing an initial pull request for this.
>>
>> Thanks for your patience.
>>
> 
> OK.
> I prepare v13 which added Reviewed-by.

No need for a v13! Richard already did the work for you :)

Re: [Qemu-devel] [Qemu-ppc] [PATCH v8 6/6] migration: Block migration while handling machine check

[Greg Kurz]

On Mon, 22 Apr 2019 12:33:45 +0530
Aravinda Prasad  wrote:

> Block VM migration requests until the machine check
> error handling is complete as (i) these errors are
> specific to the source hardware and is irrelevant on
> the target hardware, (ii) these errors cause data
> corruption and should be handled before migration.
> 
> Signed-off-by: Aravinda Prasad 
> ---
>  hw/ppc/spapr_events.c  |   17 +
>  hw/ppc/spapr_rtas.c|4 
>  include/hw/ppc/spapr.h |3 +++
>  3 files changed, 24 insertions(+)
> 
> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
> index 4032db0..45b990c 100644
> --- a/hw/ppc/spapr_events.c
> +++ b/hw/ppc/spapr_events.c
> @@ -41,6 +41,7 @@
>  #include "qemu/bcd.h"
>  #include "hw/ppc/spapr_ovec.h"
>  #include 
> +#include "migration/blocker.h"
>  
>  #define RTAS_LOG_VERSION_MASK   0xff00
>  #define   RTAS_LOG_VERSION_60x0600
> @@ -864,6 +865,22 @@ static void spapr_mce_dispatch_elog(PowerPCCPU *cpu, 
> bool recovered)
>  void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
>  {
>  SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
> +int ret;
> +Error *local_err = NULL;
> +
> +error_setg(&spapr->migration_blocker,
> +"Live migration not supported during machine check handling");
> +ret = migrate_add_blocker(spapr->migration_blocker, &local_err);

migrate_add_blocker() propagates the reason of the failure in local_err,
ie. because a migration is already in progress or --only-migratable was
passed on the QEMU command line, along with the error message passed in
the first argument. This means that...

> +if (ret < 0) {
> +/*
> + * We don't want to abort and let the migration to continue. In a
> + * rare case, the machine check handler will run on the target
> + * hardware. Though this is not preferable, it is better than 
> aborting
> + * the migration or killing the VM.
> + */
> +error_free(spapr->migration_blocker);
> +fprintf(stderr, "Warning: Machine check during VM migration\n");

... you should just do:

error_report_err(local_err);

This also takes care of freeing local_err which would be leaked otherwise.

> +}
>  
>  while (spapr->mc_status != -1) {
>  /*
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index 997cf19..1229a0e 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -50,6 +50,7 @@
>  #include "target/ppc/mmu-hash64.h"
>  #include "target/ppc/mmu-book3s-v3.h"
>  #include "kvm_ppc.h"
> +#include "migration/blocker.h"
>  
>  static void rtas_display_character(PowerPCCPU *cpu, SpaprMachineState *spapr,
> uint32_t token, uint32_t nargs,
> @@ -396,6 +397,9 @@ static void rtas_ibm_nmi_interlock(PowerPCCPU *cpu,
>  spapr->mc_status = -1;
>  qemu_cond_signal(&spapr->mc_delivery_cond);
>  rtas_st(rets, 0, RTAS_OUT_SUCCESS);
> +migrate_del_blocker(spapr->migration_blocker);
> +error_free(spapr->migration_blocker);
> +spapr->migration_blocker = NULL;
>  }
>  }
>  
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index 9d16ad1..dda5fd2 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -10,6 +10,7 @@
>  #include "hw/ppc/spapr_irq.h"
>  #include "hw/ppc/spapr_xive.h"  /* For SpaprXive */
>  #include "hw/ppc/xics.h"/* For ICSState */
> +#include "qapi/error.h"
>  
>  struct SpaprVioBus;
>  struct SpaprPhbState;
> @@ -213,6 +214,8 @@ struct SpaprMachineState {
>  SpaprCapabilities def, eff, mig;
>  
>  unsigned gpu_numa_id;
> +
> +Error *migration_blocker;
>  };
>  
>  #define H_SUCCESS 0
> 
> 

Re: [Qemu-devel] [PATCH] [RFC] qcow2: add compression type feature

[Max Reitz]

On 16.05.19 09:50, Denis Plotnikov wrote:
> 
> 
> On 29.04.2019 1:32, Max Reitz wrote:
>> On 05.02.19 10:08, Denis Plotnikov wrote:
>>> The patch adds some preparation parts for incompatible compression type
>>> feature into QCOW2 header that indicates that *all* compressed clusters
>>> must be (de)compressed using a certain compression type.
>>>
>>> It is implied that the compression type is set on the image creation and
>>> can be changed only later by image convertion, thus the only compression
>>> algorithm is used for the image.
>>>
>>> The plan is to add support for ZSTD and then may be something more effective
>>> in the future.
>>>
>>> ZSDT compression algorithm consumes 3-5 times less CPU power with a
>>> comparable comression ratio with zlib. It would be wise to use it for
>>> data compression f.e. for backups.
>>>
>>> The default compression is ZLIB.
>>>
>>> Signed-off-by: Denis Plotnikov 
>>> ---
>>>   block/qcow2.c | 25 +
>>>   block/qcow2.h | 26 ++
>>>   2 files changed, 47 insertions(+), 4 deletions(-)
>>
>> Are there plans to pursue this further?
> Yes, I'm going to come up with the first version in a few weeks

OK.

>> [...]
>>
>>> diff --git a/block/qcow2.h b/block/qcow2.h
>>> index 32cce9eee2..fdde5bbefd 100644
>>> --- a/block/qcow2.h
>>> +++ b/block/qcow2.h
>>> @@ -112,6 +112,10 @@
>>>   #define QCOW2_OPT_REFCOUNT_CACHE_SIZE "refcount-cache-size"
>>>   #define QCOW2_OPT_CACHE_CLEAN_INTERVAL "cache-clean-interval"
>>>   
>>> +/* Compression types */
>>> +#define QCOW2_COMPRESSION_TYPE_ZLIB0
>>> +#define QCOW2_COMPRESSION_TYPE_ZSTD1
>>
>> We probably want QAPI types anyway (qemu-img info should report the
>> compression type), so I think we could use them instead.
> I'm not sure that I understood the idea. Could you please explain what 
> is meant here? We don't need those constants and should use the 
> constants defined somewhere else (where)?

qemu-img info can report format-specific information.  I think the
compression type should be listed there as well, once there is more than
one.

Format-specific information is a QAPI type, namely
ImageInfoSpecificQCow2.  Therefore, everything it contains needs to be a
QAPI object, and this includes potential compression information.  We
thus need a QAPI enum like Qcow2CompressionType, and that would
automatically give us these values.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] [RFC] qcow2: add compression type feature

[Denis Plotnikov]

On 16.05.2019 13:40, Max Reitz wrote:
> On 16.05.19 09:50, Denis Plotnikov wrote:
>>
>>
>> On 29.04.2019 1:32, Max Reitz wrote:
>>> On 05.02.19 10:08, Denis Plotnikov wrote:
 The patch adds some preparation parts for incompatible compression type
 feature into QCOW2 header that indicates that *all* compressed clusters
 must be (de)compressed using a certain compression type.

 It is implied that the compression type is set on the image creation and
 can be changed only later by image convertion, thus the only compression
 algorithm is used for the image.

 The plan is to add support for ZSTD and then may be something more 
 effective
 in the future.

 ZSDT compression algorithm consumes 3-5 times less CPU power with a
 comparable comression ratio with zlib. It would be wise to use it for
 data compression f.e. for backups.

 The default compression is ZLIB.

 Signed-off-by: Denis Plotnikov 
 ---
block/qcow2.c | 25 +
block/qcow2.h | 26 ++
2 files changed, 47 insertions(+), 4 deletions(-)
>>>
>>> Are there plans to pursue this further?
>> Yes, I'm going to come up with the first version in a few weeks
> 
> OK.
> 
>>> [...]
>>>
 diff --git a/block/qcow2.h b/block/qcow2.h
 index 32cce9eee2..fdde5bbefd 100644
 --- a/block/qcow2.h
 +++ b/block/qcow2.h
 @@ -112,6 +112,10 @@
#define QCOW2_OPT_REFCOUNT_CACHE_SIZE "refcount-cache-size"
#define QCOW2_OPT_CACHE_CLEAN_INTERVAL "cache-clean-interval"

 +/* Compression types */
 +#define QCOW2_COMPRESSION_TYPE_ZLIB0
 +#define QCOW2_COMPRESSION_TYPE_ZSTD1
>>>
>>> We probably want QAPI types anyway (qemu-img info should report the
>>> compression type), so I think we could use them instead.
>> I'm not sure that I understood the idea. Could you please explain what
>> is meant here? We don't need those constants and should use the
>> constants defined somewhere else (where)?
> 
> qemu-img info can report format-specific information.  I think the
> compression type should be listed there as well, once there is more than
> one.
> 
> Format-specific information is a QAPI type, namely
> ImageInfoSpecificQCow2.  Therefore, everything it contains needs to be a
> QAPI object, and this includes potential compression information.  We
> thus need a QAPI enum like Qcow2CompressionType, and that would
> automatically give us these values.

Thanks for clarification. Will do that way.

Denis
> 
> Max
> 

-- 
Best,
Denis

[Qemu-devel] [PATCH] migration: Fix typo in migrate_add_blocker() error message

[Greg Kurz]

Signed-off-by: Greg Kurz 
---
 migration/migration.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration/migration.c b/migration/migration.c
index 609e0df5d0c0..c15e75e0eebe 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1714,7 +1714,7 @@ int migrate_add_blocker(Error *reason, Error **errp)
 if (only_migratable) {
 error_propagate_prepend(errp, error_copy(reason),
 "disallowing migration blocker "
-"(--only_migratable) for: ");
+"(--only-migratable) for: ");
 return -EACCES;
 }
 

Re: [Qemu-devel] [PATCH v4 6/6] acpi: pci: use build_append_foo() API to construct MCFG

[Philippe Mathieu-Daudé]

On Thu, May 16, 2019 at 9:41 AM Wei Yang  wrote:
>
> On Wed, May 15, 2019 at 07:29:17AM +0200, Philippe Mathieu-Daudé wrote:
> >
> >Thanks Michael for testing...
> >
> >Wei, can you add a MCFG test in tests/bios-tables-test.c?
> >
>
> I took a look into the test, current q35 has already has a reference MCFG in
> tests/data/acpi/q35/MCFG.
>
> And there would be a warning message when reserved[8] is missed.
>
> /x86_64/acpi/q35/bridge: acpi-test: Warning! MCFG mismatch.
>
> Is this enough? Or what more information prefer to add?

Well, the test has to fail for any mismatch (not a simple warning).

A mismatch failure seems to be enough IMHO.

> >>> -AcpiMcfgAllocation allocation[0];
> >>> -} QEMU_PACKED;
> >>> -typedef struct AcpiTableMcfg AcpiTableMcfg;
> >>> -
> >>>  /*
> >>>   * TCPA Description Table
> >>>   *
> >>> --
> >>> 2.19.1
>
> --
> Wei Yang
> Help you, Help me

Re: [Qemu-devel] [PATCH v2] iotests: Filter 175's allocation information

[Max Reitz]

On 13.05.19 17:52, Max Reitz wrote:
> It is possible for an empty file to take up blocks on a filesystem.
> Make iotest 175 take this into account.
> 
> Reported-by: Thomas Huth 
> Signed-off-by: Max Reitz 
> ---
> v2: [Nir]
> - Use a function for filtering
> - s/empty_blocks/extra_blocks/
> ---
>  tests/qemu-iotests/175 | 26 ++
>  tests/qemu-iotests/175.out |  8 
>  2 files changed, 26 insertions(+), 8 deletions(-)
> 
> diff --git a/tests/qemu-iotests/175 b/tests/qemu-iotests/175
> index d0ffc495c2..b5eb0aa856 100755
> --- a/tests/qemu-iotests/175
> +++ b/tests/qemu-iotests/175
> @@ -28,10 +28,25 @@ status=1  # failure is the default!
>  
>  _cleanup()
>  {
> - _cleanup_test_img
> +_cleanup_test_img
> +rm -f "$TEST_DIR/empty"
>  }
>  trap "_cleanup; exit \$status" 0 1 2 3 15
>  
> +# Some file systems sometimes allocate extra blocks independently of
> +# the file size.  This function hides the resulting difference in the
> +# stat -c '%b' output.
> +# Parameter 1: Number of blocks an empty file occupies
> +# Parameter 2: Image size in bytes
> +_filter_blocks()
> +{
> +extra_blocks=$1
> +img_size=$2
> +
> +sed -e "s/blocks=$extra_blocks/nothing allocated/" \
> +-e "s/blocks=$((extra_blocks + img_size / 512))/everything 
> allocated/"

Only now got around to creating an FS with similar characteristics to
Thomas’s.  Turns out this test still fails there because it prints
“blocks=nothing allocated050”...

Unless objections arise, I’ll just add a \$ to each pattern to fix that.
 (I could also just swap the lines, but that isn’t really right.)

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [Qemu-ppc] [PATCH v8 6/6] migration: Block migration while handling machine check

[Aravinda Prasad]

On Thursday 16 May 2019 04:24 PM, Greg Kurz wrote:
> On Mon, 22 Apr 2019 12:33:45 +0530
> Aravinda Prasad  wrote:
> 
>> Block VM migration requests until the machine check
>> error handling is complete as (i) these errors are
>> specific to the source hardware and is irrelevant on
>> the target hardware, (ii) these errors cause data
>> corruption and should be handled before migration.
>>
>> Signed-off-by: Aravinda Prasad 
>> ---
>>  hw/ppc/spapr_events.c  |   17 +
>>  hw/ppc/spapr_rtas.c|4 
>>  include/hw/ppc/spapr.h |3 +++
>>  3 files changed, 24 insertions(+)
>>
>> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
>> index 4032db0..45b990c 100644
>> --- a/hw/ppc/spapr_events.c
>> +++ b/hw/ppc/spapr_events.c
>> @@ -41,6 +41,7 @@
>>  #include "qemu/bcd.h"
>>  #include "hw/ppc/spapr_ovec.h"
>>  #include 
>> +#include "migration/blocker.h"
>>  
>>  #define RTAS_LOG_VERSION_MASK   0xff00
>>  #define   RTAS_LOG_VERSION_60x0600
>> @@ -864,6 +865,22 @@ static void spapr_mce_dispatch_elog(PowerPCCPU *cpu, 
>> bool recovered)
>>  void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
>>  {
>>  SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
>> +int ret;
>> +Error *local_err = NULL;
>> +
>> +error_setg(&spapr->migration_blocker,
>> +"Live migration not supported during machine check handling");
>> +ret = migrate_add_blocker(spapr->migration_blocker, &local_err);
> 
> migrate_add_blocker() propagates the reason of the failure in local_err,
> ie. because a migration is already in progress or --only-migratable was
> passed on the QEMU command line, along with the error message passed in
> the first argument. This means that...
> 
>> +if (ret < 0) {
>> +/*
>> + * We don't want to abort and let the migration to continue. In a
>> + * rare case, the machine check handler will run on the target
>> + * hardware. Though this is not preferable, it is better than 
>> aborting
>> + * the migration or killing the VM.
>> + */
>> +error_free(spapr->migration_blocker);
>> +fprintf(stderr, "Warning: Machine check during VM migration\n");
> 
> ... you should just do:
> 
> error_report_err(local_err);
> 
> This also takes care of freeing local_err which would be leaked otherwise.

Sure. I am planning to use warn_report_err() as I don't want to abort.

Regards,
Aravinda

> 
>> +}
>>  
>>  while (spapr->mc_status != -1) {
>>  /*
>> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
>> index 997cf19..1229a0e 100644
>> --- a/hw/ppc/spapr_rtas.c
>> +++ b/hw/ppc/spapr_rtas.c
>> @@ -50,6 +50,7 @@
>>  #include "target/ppc/mmu-hash64.h"
>>  #include "target/ppc/mmu-book3s-v3.h"
>>  #include "kvm_ppc.h"
>> +#include "migration/blocker.h"
>>  
>>  static void rtas_display_character(PowerPCCPU *cpu, SpaprMachineState 
>> *spapr,
>> uint32_t token, uint32_t nargs,
>> @@ -396,6 +397,9 @@ static void rtas_ibm_nmi_interlock(PowerPCCPU *cpu,
>>  spapr->mc_status = -1;
>>  qemu_cond_signal(&spapr->mc_delivery_cond);
>>  rtas_st(rets, 0, RTAS_OUT_SUCCESS);
>> +migrate_del_blocker(spapr->migration_blocker);
>> +error_free(spapr->migration_blocker);
>> +spapr->migration_blocker = NULL;
>>  }
>>  }
>>  
>> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
>> index 9d16ad1..dda5fd2 100644
>> --- a/include/hw/ppc/spapr.h
>> +++ b/include/hw/ppc/spapr.h
>> @@ -10,6 +10,7 @@
>>  #include "hw/ppc/spapr_irq.h"
>>  #include "hw/ppc/spapr_xive.h"  /* For SpaprXive */
>>  #include "hw/ppc/xics.h"/* For ICSState */
>> +#include "qapi/error.h"
>>  
>>  struct SpaprVioBus;
>>  struct SpaprPhbState;
>> @@ -213,6 +214,8 @@ struct SpaprMachineState {
>>  SpaprCapabilities def, eff, mig;
>>  
>>  unsigned gpu_numa_id;
>> +
>> +Error *migration_blocker;
>>  };
>>  
>>  #define H_SUCCESS 0
>>
>>
> 

-- 
Regards,
Aravinda

[Qemu-devel] [PATCH] configure: only link capstone to emulation targets

[Daniel P . Berrangé]

Only the emulators link to code that uses capstone, so adding it to the
global LIBs places undesirable dependancies on other binaries, in
particular the tools.

There is no variable that covers both user emulation and machine
emulation, so add a new "$libs_cpu" for this purpose.

In particular this removes the 8 MB capstone dep from the things
qemu-img links against, allowing for a more minimal installation
in scenarios that don't want system emulators installed.

Signed-off-by: Daniel P. Berrangé 
---
 Makefile.target | 1 +
 configure   | 6 --
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index ae02495951..15e5191f36 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -117,6 +117,7 @@ obj-$(CONFIG_TCG) += fpu/softfloat.o
 obj-y += target/$(TARGET_BASE_ARCH)/
 obj-y += disas.o
 obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o
+LIBS := $(libs_cpu) $(LIBS)
 
 #
 # Linux user emulator target
diff --git a/configure b/configure
index 8999698bc2..64f09c5905 100755
--- a/configure
+++ b/configure
@@ -289,6 +289,7 @@ audio_drv_list=""
 block_drv_rw_whitelist=""
 block_drv_ro_whitelist=""
 host_cc="cc"
+libs_cpu=""
 libs_softmmu=""
 libs_tools=""
 audio_pt_int=""
@@ -5015,12 +5016,12 @@ case "$capstone" in
 else
   LIBCAPSTONE=libcapstone.a
 fi
-LIBS="-L\$(BUILD_DIR)/capstone -lcapstone $LIBS"
+libs_cpu="-L\$(BUILD_DIR)/capstone -lcapstone $libs_cpu"
 ;;
 
   system)
 QEMU_CFLAGS="$QEMU_CFLAGS $($pkg_config --cflags capstone)"
-LIBS="$($pkg_config --libs capstone) $LIBS"
+libs_cpu="$($pkg_config --libs capstone) $libs_cpu"
 ;;
 
   no)
@@ -6488,6 +6489,7 @@ echo "qemu_helperdir=$libexecdir" >> $config_host_mak
 echo "qemu_localedir=$qemu_localedir" >> $config_host_mak
 echo "qemu_icondir=$qemu_icondir" >> $config_host_mak
 echo "qemu_desktopdir=$qemu_desktopdir" >> $config_host_mak
+echo "libs_cpu=$libs_cpu" >> $config_host_mak
 echo "libs_softmmu=$libs_softmmu" >> $config_host_mak
 echo "GIT=$git" >> $config_host_mak
 echo "GIT_SUBMODULES=$git_submodules" >> $config_host_mak
-- 
2.21.0

Re: [Qemu-devel] [PATCH v2 2/4] net: avoid using variable length array in net_client_init()

[Stefano Garzarella]

On Thu, May 16, 2019 at 10:44:20AM +0200, Markus Armbruster wrote:
> Stefano Garzarella  writes:
> 
> > net_client_init() uses a variable length array to store the prefix
> > of 'ipv6-net' parameter (e.g. if ipv6-net=fec0::0/64, the prefix
> > is 'fec0::0').
> > This patch introduces g_strsplit() to split the 'ipv6-net' parameter,
> > so we can remove the variable length array.
> >
> > Suggested-by: Markus Armbruster 
> > Signed-off-by: Stefano Garzarella 
> > ---
> >  net/net.c | 33 +
> >  1 file changed, 21 insertions(+), 12 deletions(-)
> >
> > diff --git a/net/net.c b/net/net.c
> > index d5071e49e2..932fa5abb5 100644
> > --- a/net/net.c
> > +++ b/net/net.c
> > @@ -1118,29 +1118,38 @@ static int net_client_init(QemuOpts *opts, bool 
> > is_netdev, Error **errp)
> >  const char *ip6_net = qemu_opt_get(opts, "ipv6-net");
> >  
> >  if (ip6_net) {
> > -char buf[strlen(ip6_net) + 1];
> > +gchar **substrings;
> > +char *prefix_addr;
> > +unsigned long prefix_len = 64; /* Default 64bit prefix length. 
> > */
> >  
> > -if (get_str_sep(buf, sizeof(buf), &ip6_net, '/') < 0) {
> > -/* Default 64bit prefix length.  */
> > -qemu_opt_set(opts, "ipv6-prefix", ip6_net, &error_abort);
> > -qemu_opt_set_number(opts, "ipv6-prefixlen", 64, 
> > &error_abort);
> > -} else {
> > +substrings = g_strsplit(ip6_net, "/", 2);
> > +if (!substrings || !substrings[0]) {
> > +error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
> > +   "ipv6-net", "a valid IPv6 prefix");
> > +g_strfreev(substrings);
> > +goto out;
> 
> Indentation's off.
> 

Copy and past issue :(

> > +}
> > +
> > +*prefix_addr = substrings[0];
> > +
> > +if (substrings[1]) {
> >  /* User-specified prefix length.  */
> > -unsigned long len;
> >  int err;
> >  
> > -qemu_opt_set(opts, "ipv6-prefix", buf, &error_abort);
> > -err = qemu_strtoul(ip6_net, NULL, 10, &len);
> > -
> > +err = qemu_strtoul(substrings[1], NULL, 10, &prefix_len);
> >  if (err) {
> >  error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
> > "ipv6-prefixlen", "a number");
> > +g_strfreev(substrings);
> >  goto out;
> 
> Two g_strfreev() before goto out.  Avoidable: declare substrings at the
> function level, initialize to NULL, then call g_strfreev(substrings) ...o

I'll fix it in the v3, it's cleaner.

> 
> >  }
> > -
> > -qemu_opt_set_number(opts, "ipv6-prefixlen", len, 
> > &error_abort);
> >  }
> > +
> > +qemu_opt_set(opts, "ipv6-prefix", prefix_addr, &error_abort);
> > +qemu_opt_set_number(opts, "ipv6-prefixlen", prefix_len,
> > +&error_abort);
> >  qemu_opt_unset(opts, "ipv6-net");
> > +g_strfreev(substrings);
> >  }
> >  }
> 
>if (is_netdev) {
>visit_type_Netdev(v, NULL, (Netdev **)&object, &err);
>} else {
>visit_type_NetLegacy(v, NULL, (NetLegacy **)&object, &err);
>}
> 
>if (!err) {
>ret = net_client_init1(object, is_netdev, &err);
>}
> 
>if (is_netdev) {
>qapi_free_Netdev(object);
>} else {
>qapi_free_NetLegacy(object);
>}
> 
>out:
>error_propagate(errp, err);
> 
> ... here.  Your choice.
> 
>visit_free(v);
>return ret;
>}
> 
> With at least the indentation fixed:
> Reviewed-by: Markus Armbruster 

Thanks!

> 
> 
> Not this patch's problem: when visit_type_FOO() fails with an input
> visitor such as @v, you should not call qapi_free_FOO().  Nothing bad
> happens when you do, it's just sloppy.  See visitor.h's big comment for
> details.
> 
> Cleaner:
> 
>if (is_netdev) {
>visit_type_Netdev(v, NULL, (Netdev **)&object, &err);
>} else {
>visit_type_NetLegacy(v, NULL, (NetLegacy **)&object, &err);
>}
>if (err) {
>goto out;
>}
> 
>ret = net_client_init1(object, is_netdev, &err);
> 
>if (is_netdev) {
>qapi_free_Netdev(object);
>} else {
>qapi_free_NetLegacy(object);
>}
> 
>out:
> 
> Or maybe:
> 
>if (is_netdev) {
>visit_type_Netdev(v, NULL, &netdev, &err);
>if (err) {
>goto out;
>}
>ret = net_client_init1(netdev, is_netdev, &err);
>qapi_free_Netdev(netdev);
>} else {
>visit_type_NetLegacy(v, NULL, &netlegacy, &err);
>if (err) {
>goto out;
>  

Re: [Qemu-devel] [Qemu-block] [PATCH v3 1/3] block: introducing 'bdrv_co_delete_file' interface

[Daniel Henrique Barboza]

Hi John,

On 5/13/19 4:47 PM, John Snow wrote:

It looks like this one has gone un-noticed for a little while.

On 3/26/19 5:17 PM, Daniel Henrique Barboza wrote:

Adding to Block Drivers the capability of being able to clean up
its created files can be useful in certain situations. For the
LUKS driver, for instance, a failure in one of its authentication
steps can leave files in the host that weren't there before.

This patch adds the 'bdrv_co_delete_file' interface to block
drivers and add it to the 'file' driver in file-posix.c. The
implementation is given by 'raw_co_delete_file'. The helper
'bdrv_path_is_regular_file' is being used only in raw_co_delete_file
at this moment, but it will be used inside LUKS in a later patch.
Foreseeing this future use, let's put it in block.c and make it
public.

Suggested-by: Daniel P. Berrangé 
Signed-off-by: Daniel Henrique Barboza 
---
  block.c   | 11 +++
  block/file-posix.c| 28 
  include/block/block.h |  1 +
  include/block/block_int.h |  6 ++
  4 files changed, 46 insertions(+)

diff --git a/block.c b/block.c
index 0a93ee9ac8..227362b282 100644
--- a/block.c
+++ b/block.c
@@ -621,6 +621,17 @@ int get_tmp_filename(char *filename, int size)
  #endif
  }
  
+/**

+ * Helper that checks if a given string represents a regular
+ * local file.
+ */
+bool bdrv_path_is_regular_file(const char *path)
+{
+struct stat st;
+
+return (stat(path, &st) == 0) && S_ISREG(st.st_mode);
+}
+
  /*
   * Detect host devices. By convention, /dev/cdrom[N] is always
   * recognized as a host CDROM.
diff --git a/block/file-posix.c b/block/file-posix.c
index d102f3b222..09d84bab37 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -2342,6 +2342,33 @@ static int coroutine_fn raw_co_create_opts(const char 
*filename, QemuOpts *opts,
  return raw_co_create(&options, errp);
  }
  
+/**

+ * Co-routine function that erases a regular file.
+ */
+static int coroutine_fn raw_co_delete_file(const char *filename,
+   Error **errp)

Do we need to mark functions that make no use of coroutines as
coroutine_fn? I guess this way the interface is *allowed* to be a
coroutine if other drivers need to make use of that.


This function is used in a coroutine in patch 2. But to be honest, what I
did here was to emulate the existing behavior of bdrv_create. Which
is kind of lame if bdrv_create happens to have design problems or
inconsistencies, but at least it's based on something that's already
working.





+{
+int ret;
+
+/* Skip file: protocol prefix */
+strstart(filename, "file:", &filename);
+

This sticks out as fragile to me, but I guess that's exactly how create
works, so... OK.


Yep, create does the same thing.



Thanks,


DHB




+if (!bdrv_path_is_regular_file(filename)) {
+ret = -ENOENT;
+error_setg_errno(errp, -ret, "%s is not a regular file", filename);
+goto done;
+}
+
+ret = unlink(filename);
+if (ret < 0) {
+ret = -errno;
+error_setg_errno(errp, -ret, "Error when deleting file %s", filename);
+}
+
+done:
+return ret;
+}
+
  /*
   * Find allocation range in @bs around offset @start.
   * May change underlying file descriptor's file offset.
@@ -2867,6 +2894,7 @@ BlockDriver bdrv_file = {
  .bdrv_co_block_status = raw_co_block_status,
  .bdrv_co_invalidate_cache = raw_co_invalidate_cache,
  .bdrv_co_pwrite_zeroes = raw_co_pwrite_zeroes,
+.bdrv_co_delete_file = raw_co_delete_file,
  
  .bdrv_co_preadv = raw_co_preadv,

  .bdrv_co_pwritev= raw_co_pwritev,
diff --git a/include/block/block.h b/include/block/block.h
index e452988b66..820643f96d 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -363,6 +363,7 @@ int bdrv_freeze_backing_chain(BlockDriverState *bs, 
BlockDriverState *base,
Error **errp);
  void bdrv_unfreeze_backing_chain(BlockDriverState *bs, BlockDriverState 
*base);
  
+bool bdrv_path_is_regular_file(const char *path);
  
  typedef struct BdrvCheckResult {

  int corruptions;
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 01e855a066..74abb78ce7 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -309,6 +309,12 @@ struct BlockDriver {
   */
  int coroutine_fn (*bdrv_co_flush)(BlockDriverState *bs);
  
+/*

+ * Delete a local created file.
+ */
+int coroutine_fn (*bdrv_co_delete_file)(const char *filename,
+Error **errp);
+
  /*
   * Flushes all data that was already written to the OS all the way down to
   * the disk (for example file-posix.c calls fsync()).


Seems alright at a glance, if we want this interface.

Kevin, do we?

--js

Re: [Qemu-devel] [PULL 22/27] vl: Create block backends before setting machine properties

[Markus Armbruster]

Michal Privoznik  writes:

> On 3/11/19 11:08 PM, Markus Armbruster wrote:
>> qemu-system-FOO's main() acts on command line arguments in its own
>> idiosyncratic order.  There's not much method to its madness.
>> Whenever we find a case where one kind of command line argument needs
>> to refer to something created for another kind later, we rejigger the
>> order.
>>
>> Block devices get created long after machine properties get processed.
>> Therefore, block device machine properties can be created, but not
>> set.  No such properties exist.  But the next commit will create some.
>> Time to rejigger again: create block devices earlier.
>>
>> Signed-off-by: Markus Armbruster 
>> Reviewed-by: Philippe Mathieu-Daudé 
>> Message-Id: <20190308131445.17502-8-arm...@redhat.com>
>> Reviewed-by: Michael S. Tsirkin 
>> ---
>>   vl.c | 9 +++--
>>   1 file changed, 7 insertions(+), 2 deletions(-)
>>
>> diff --git a/vl.c b/vl.c
>> index c22ca447fa..e9239d55ad 100644
>> --- a/vl.c
>> +++ b/vl.c
>> @@ -4274,6 +4274,13 @@ int main(int argc, char **argv, char **envp)
>>   exit(0);
>>   }
>>   +/*
>> + * Note: we need to create block backends before
>> + * machine_set_property(), so machine properties can refer to
>> + * them.
>> + */
>> +configure_blockdev(&bdo_queue, machine_class, snapshot);
>> +
>>   machine_opts = qemu_get_machine_opts();
>>   qemu_opt_foreach(machine_opts, machine_set_property, current_machine,
>>&error_fatal);
>> @@ -4400,8 +4407,6 @@ int main(int argc, char **argv, char **envp)
>>   ram_mig_init();
>>   dirty_bitmap_mig_init();
>>   -configure_blockdev(&bdo_queue, machine_class, snapshot);
>> -
>>   qemu_opts_foreach(qemu_find_opts("mon"),
>> mon_init_func, NULL, &error_fatal);
>>   
>>
>
> Actually, there is more problems with this. Trying to run a guest with
> persistent reservations fails after this patch is applied (git bisect
> points me to this commit). My command line is:
>
> qemu.git $ ./x86_64-softmmu/qemu-system-x86_64 \
> -monitor stdio \
> -object pr-manager-helper,id=pr-helper0,path=/tmp/pr-helper0.sock
> -drive
> file=/dev/mapper/crypt,file.pr-manager=pr-helper0,format=raw,if=none,id=drive-scsi0-0-0-2
>  
> \
> -device
> scsi-block,bus=scsi0.0,channel=0,scsi-id=0,lun=2,drive=drive-scsi0-0-0-2,id=scsi0-0-0-2
>
> Honestly, I have no idea how to fix it, so I'm just raising this issue
> here. Do you want me to open a bug or something?

Let's skip the bug filing bureaucracy and go straight to debugging.

Actual and expected behavior of your reproducer, please :)

Re: [Qemu-devel] [PATCH] spapr/xive: Sanity checks of OV5 during CAS

[David Gibson]

On Thu, May 16, 2019 at 08:58:14AM +0200, Greg Kurz wrote:
> On Thu, 16 May 2019 12:09:57 +0530
> Satheesh Rajendran  wrote:
> 
> > On Wed, May 15, 2019 at 07:04:24PM +0200, Greg Kurz wrote:
> > > If a machine is started with ic-mode=xive but the guest only knows
> > > about XICS, eg. an RHEL 7.6 guest, the kernel panics. This is
> > > expected but a bit unfortunate since the crash doesn't provide
> > > much information for the end user to guess what's happening.
> > > 
> > > Detect that during CAS and exit QEMU with a proper error message
> > > instead, like it is already done for the MMU.
> > > 
> > > Even if this is less likely to happen, the opposite case of a guest
> > > that only knows about XIVE would certainly fail all the same if the
> > > machine is started with ic-mode=xics.
> > > 
> > > Also, the only valid values a guest can pass in byte 23 of OV5 during
> > > CAS are 0b00 (XIVE legacy mode) and 0b01 (XIVE exploitation mode). Any
> > > other value is a bug, at least with the current spec. Again, it does
> > > not seem right to let the guest go on without a precise idea of the
> > > interrupt mode it asked for.
> > > 
> > > Handle these cases as well.
> > > 
> > > Reported-by: Satheesh Rajendran 
> > > Signed-off-by: Greg Kurz 
> > > ---
> > >  hw/ppc/spapr_hcall.c |   24 
> > >  1 file changed, 24 insertions(+)
> > > 
> > > diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> > > index 6c16d2b12040..63a55614b83d 100644
> > > --- a/hw/ppc/spapr_hcall.c
> > > +++ b/hw/ppc/spapr_hcall.c
> > > @@ -1513,6 +1513,7 @@ static target_ulong 
> > > h_client_architecture_support(PowerPCCPU *cpu,
> > >  bool guest_radix;
> > >  Error *local_err = NULL;
> > >  bool raw_mode_supported = false;
> > > +bool guest_xive;
> > > 
> > >  cas_pvr = cas_check_pvr(spapr, cpu, &addr, &raw_mode_supported, 
> > > &local_err);
> > >  if (local_err) {
> > > @@ -1545,10 +1546,17 @@ static target_ulong 
> > > h_client_architecture_support(PowerPCCPU *cpu,
> > >  error_report("guest requested hash and radix MMU, which is 
> > > invalid.");
> > >  exit(EXIT_FAILURE);
> > >  }
> > > +if (spapr_ovec_test(ov5_guest, OV5_XIVE_BOTH)) {
> > > +error_report("guest requested an invalid interrupt mode");
> > > +exit(EXIT_FAILURE);
> > > +}
> > > +
> > >  /* The radix/hash bit in byte 24 requires special handling: */
> > >  guest_radix = spapr_ovec_test(ov5_guest, OV5_MMU_RADIX_300);
> > >  spapr_ovec_clear(ov5_guest, OV5_MMU_RADIX_300);
> > > 
> > > +guest_xive = spapr_ovec_test(ov5_guest, OV5_XIVE_EXPLOIT);
> > > +
> > >  /*
> > >   * HPT resizing is a bit of a special case, because when enabled
> > >   * we assume an HPT guest will support it until it says it
> > > @@ -1632,6 +1640,22 @@ static target_ulong 
> > > h_client_architecture_support(PowerPCCPU *cpu,
> > >ov5_updates) != 0);
> > >  }
> > > 
> > > +/*
> > > + * Ensure the guest asks for an interrupt mode we support; otherwise
> > > + * terminate the boot.
> > > + */
> > > +if (guest_xive) {
> > > +if (spapr->irq->ov5 == SPAPR_OV5_XIVE_LEGACY) {
> > > +error_report("Guest requested unavailable interrupt mode 
> > > (XIVE)");
> > > +exit(EXIT_FAILURE);
> > > +}
> > > +} else {
> > > +if (spapr->irq->ov5 == SPAPR_OV5_XIVE_EXPLOIT) {
> > > +error_report("Guest requested unavailable interrupt mode 
> > > (XICS)");  
> > 
> > Looks like there is a typo in the error msg reported, instead it should be 
> > something like below
> > 
> > "Guest requested unavailable interrupt mode(XIVE), please use supported 
> > interrupt mode(ic-type=xics)"
> > 
> 
> Hmm... Agreed that it may be worth adding some hint for the user to proceed 
> but...
> 
> > Same for the previous check aswell.
> > 
> > Coz, I booted 3.10(kernel) guest with ic-type=xive and got a below error, 
> > which seems wrong
> > 
> > 2019-05-16T06:24:58.713261Z qemu-system-ppc64: Guest requested unavailable 
> > interrupt mode (XICS)
> > 
> 
> ... this message is ok: the 3.10 kernel based guest _does_ ask for XICS,
> which isn't available because of ic-mode=xive.

I won't be sending a pull request for a little while yet, so if you
want to send a followup improving the messages I can fold it into the
original patch in my tree.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PULL 00/21] Misc patches for 2019-05-15

[Peter Maydell]

On Wed, 15 May 2019 at 21:52, Paolo Bonzini  wrote:
>
> The following changes since commit e329ad2ab72c43b56df88b34954c2c7d839bb373:
>
>   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20190513' into 
> staging (2019-05-14 10:08:47 +0100)
>
> are available in the git repository at:
>
>
>   git://github.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 88f1090e9020057022ac04531ca87d25f67f57ca:
>
>   hw/net/ne2000: Extract the PCI device from the chipset common code 
> (2019-05-15 11:56:54 +0200)
>
> 
> Mostly bugfixes and cleanups, the most important being
> "megasas: fix mapped frame size" from Peter Lieven.
> In addition, -realtime is marked as deprecated.
>
> 
> Chen Zhang via Qemu-devel (1):
>   hvf: Add missing break statement

Hi -- looks like this commit needs its author
email tidying up so it isn't attributed to the mailing list.

thanks
-- PMM

[Qemu-devel] [PULL 00/37] pci, pc, virtio: features, fixes

[Michael S. Tsirkin]

The following changes since commit efb4f3b62c69383a7308d7b739a3193e7c0ccae8:

  Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into 
staging (2019-05-10 14:49:36 +0100)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream

for you to fetch changes up to 0534d255dae78450d90d59db0f3a9a46b32ebd73:

  tests: acpi: print error unable to dump ACPI table during rebuild (2019-05-14 
21:19:14 -0400)


pci, pc, virtio: features, fixes

reconnect for vhost blk
tests for UEFI
misc other stuff

Signed-off-by: Michael S. Tsirkin 


Dan Streetman (1):
  do not call vhost_net_cleanup() on running net from char user event

Daniel P. Berrangé (2):
  hw: report invalid disable-legacy|modern usage for virtio-1-only devs
  Revert "globals: Allow global properties to be optional"

David Gibson (2):
  pcie: Remove redundant test in pcie_mmcfg_data_{read,write}()
  pci: Simplify pci_bus_is_root()

Igor Mammedov (16):
  q35: acpi: do not create dummy MCFG table
  tests: acpi: rename acpi_parse_rsdp_table() into acpi_fetch_rsdp_table()
  tests: acpi: make acpi_fetch_table() take size of fetched table pointer
  tests: acpi: make RSDT test routine handle XSDT
  tests: acpi: make pointer to RSDP 64bit
  tests: acpi: fetch X_DSDT if pointer to DSDT is 0
  tests: acpi: skip FACS table if board uses hw reduced ACPI profile
  tests: acpi: move boot_sector_init() into x86 tests branch
  tests: acpi: add acpi_find_rsdp_address_uefi() helper
  tests: acpi: add a way to start tests with UEFI firmware
  tests: acpi: ignore SMBIOS tests when UEFI firmware is used
  tests: acpi: allow to override default accelerator
  tests: add expected ACPI tables for arm/virt board
  tests: acpi: add simple arm/virt testcase
  tests: acpi: refactor rebuild-expected-aml.sh to dump ACPI tables for a 
specified list of targets
  tests: acpi: print error unable to dump ACPI table during rebuild

Li Feng (1):
  libvhost-user: fix bad vu_log_write

Marc-André Lureau (1):
  docs: reST-ify vhost-user documentation

Markus Armbruster (3):
  acpi/piix4: Convert debug printf()s to trace events
  acpi/pcihp: Convert debug printf()s to trace events
  acpi/pcihp: Add a few more trace points related to unplug

Wei Yang (4):
  hw/arm/virt-acpi-build: remove unnecessary variable mcfg_start
  i386, acpi: remove mcfg_ prefix in AcpiMcfgInfo members
  hw/arm/virt-acpi-build: pass AcpiMcfgInfo to build_mcfg()
  hw/acpi: Consolidate build_mcfg to pci.c

Xie Yongji (7):
  virtio: Introduce started flag to VirtioDevice
  virtio: Use started flag in virtio_vmstate_change()
  vhost-user-blk: Use started flag in vhost_user_blk_set_status()
  vhost-user-blk: Only start vhost-user backend with the first kick
  vhost-user-blk: Add return value for vhost_user_blk_start()
  vhost-user-blk: Add support to reconnect backend
  contrib/vhost-user-blk: enable inflight I/O tracking

 docs/interop/vhost-user.txt | 1219 
 default-configs/arm-softmmu.mak |1 +
 default-configs/i386-softmmu.mak|1 +
 hw/virtio/virtio-pci.h  |   31 +-
 include/hw/acpi/pci.h   |   34 +
 include/hw/pci/pci.h|1 -
 include/hw/pci/pci_bus.h|   12 +-
 include/hw/qdev-core.h  |3 -
 include/hw/virtio/vhost-user-blk.h  |3 +
 include/hw/virtio/virtio.h  |2 +
 tests/acpi-utils.h  |7 +-
 contrib/libvhost-user/libvhost-user.c   |2 +-
 contrib/vhost-user-blk/vhost-user-blk.c |3 +-
 hw/acpi/pci.c   |   46 ++
 hw/acpi/pcihp.c |   32 +-
 hw/acpi/piix4.c |   14 +-
 hw/arm/virt-acpi-build.c|   31 +-
 hw/block/vhost-user-blk.c   |  175 +++-
 hw/core/machine.c   |   23 +-
 hw/display/virtio-gpu-pci.c |4 +-
 hw/display/virtio-vga.c |4 +-
 hw/i386/acpi-build.c|   44 +-
 hw/pci-bridge/pci_expander_bridge.c |6 -
 hw/pci/pci.c|   14 +-
 hw/pci/pcie_host.c  |   10 -
 hw/virtio/virtio-crypto-pci.c   |4 +-
 hw/virtio/virtio-input-pci.c|4 +-
 hw/virtio/virtio-pci.c  |   27 +-
 hw/virtio/virtio.c  |   54 +-
 net/vhost-user.c|1 -
 qom/object.c|3 -
 tests/acpi-utils.c  |   68 +-
 tests/bios-tables-test.c|  146 +++-
 tests/vmgenid-test.c|6 +-
 MAINTAINERS 

[Qemu-devel] [PULL 02/37] Revert "globals: Allow global properties to be optional"

[Michael S. Tsirkin]

From: Daniel P. Berrangé 

This reverts commit d7741743f4f3d2683d1bb6938f88dc0167c21afa.

Relying on setting properties on parents types which may not
be relevant to certain sub-classes had unexpected side-effects
causing bugs in device config defaults. It is preferrable to
be explicit about which devices get which properties, even if
this needs repetition.

Signed-off-by: Daniel P. Berrangé 
Message-Id: <20190215103239.28640-3-berra...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/qdev-core.h | 3 ---
 qom/object.c   | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index 33ed3b8dde..fa55dc10ae 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -251,8 +251,6 @@ struct PropertyInfo {
 /**
  * GlobalProperty:
  * @used: Set to true if property was used when initializing a device.
- * @optional: If set to true, GlobalProperty will be skipped without errors
- *if the property doesn't exist.
  *
  * An error is fatal for non-hotplugged devices, when the global is applied.
  */
@@ -261,7 +259,6 @@ typedef struct GlobalProperty {
 const char *property;
 const char *value;
 bool used;
-bool optional;
 } GlobalProperty;
 
 static inline void
diff --git a/qom/object.c b/qom/object.c
index d3412e7fdc..99c4fa707e 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -385,9 +385,6 @@ void object_apply_global_props(Object *obj, const GPtrArray 
*props, Error **errp
 if (object_dynamic_cast(obj, p->driver) == NULL) {
 continue;
 }
-if (p->optional && !object_property_find(obj, p->property, NULL)) {
-continue;
-}
 p->used = true;
 object_property_parse(obj, p->value, p->property, &err);
 if (err != NULL) {
-- 
MST

[Qemu-devel] [PULL 06/37] vhost-user-blk: Use started flag in vhost_user_blk_set_status()

[Michael S. Tsirkin]

From: Xie Yongji 

Use started flag in vhost_user_blk_set_status() to decide if
starting vhost-user backend or not.

Signed-off-by: Xie Yongji 
Signed-off-by: Zhang Yu 
Message-Id: <20190320112646.3712-4-xieyon...@baidu.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/block/vhost-user-blk.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 28b81368f7..700c1dd111 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -190,7 +190,7 @@ static void vhost_user_blk_stop(VirtIODevice *vdev)
 static void vhost_user_blk_set_status(VirtIODevice *vdev, uint8_t status)
 {
 VHostUserBlk *s = VHOST_USER_BLK(vdev);
-bool should_start = status & VIRTIO_CONFIG_S_DRIVER_OK;
+bool should_start = vdev->started;
 
 if (!vdev->vm_running) {
 should_start = false;
@@ -350,7 +350,7 @@ static void vhost_user_blk_device_unrealize(DeviceState 
*dev, Error **errp)
 VHostUserBlk *s = VHOST_USER_BLK(dev);
 struct vhost_virtqueue *vqs = s->dev.vqs;
 
-vhost_user_blk_set_status(vdev, 0);
+virtio_set_status(vdev, 0);
 vhost_dev_cleanup(&s->dev);
 vhost_dev_free_inflight(s->inflight);
 g_free(vqs);
-- 
MST

[Qemu-devel] [PULL 15/37] do not call vhost_net_cleanup() on running net from char user event

[Michael S. Tsirkin]

From: Dan Streetman 

Buglink: https://launchpad.net/bugs/1823458

Currently, a user CHR_EVENT_CLOSED event will cause net_vhost_user_event()
to call vhost_user_cleanup(), which calls vhost_net_cleanup() for all
its queues.  However, vhost_net_cleanup() must never be called like
this for fully-initialized nets; when other code later calls
vhost_net_stop() - such as from virtio_net_vhost_status() - it will try
to access the already-cleaned-up fields and fail with assertion errors
or segfaults.

The vhost_net_cleanup() will eventually be called from
qemu_cleanup_net_client().

Signed-off-by: Dan Streetman 
Message-Id: <20190416184624.15397-3-dan.street...@canonical.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 net/vhost-user.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/net/vhost-user.c b/net/vhost-user.c
index 5a26a24708..51921de443 100644
--- a/net/vhost-user.c
+++ b/net/vhost-user.c
@@ -236,7 +236,6 @@ static void chr_closed_bh(void *opaque)
 s = DO_UPCAST(NetVhostUserState, nc, ncs[0]);
 
 qmp_set_link(name, false, &err);
-vhost_user_stop(queues, ncs);
 
 qemu_chr_fe_set_handlers(&s->chr, NULL, NULL, net_vhost_user_event,
  NULL, opaque, NULL, true);
-- 
MST

[Qemu-devel] [PULL 01/37] hw: report invalid disable-legacy|modern usage for virtio-1-only devs

[Michael S. Tsirkin]

From: Daniel P. Berrangé 

A number of virtio devices (gpu, crypto, mouse, keyboard, tablet) only
support the virtio-1 (aka modern) mode. Currently if the user launches
QEMU, setting those devices to enable legacy mode, QEMU will silently
create them in modern mode, ignoring the user's (mistaken) request.

This patch introduces proper data validation so that an attempt to
configure a virtio-1-only devices in legacy mode gets reported as an
error to the user.

Checking this required introduction of a new field to explicitly track
what operating model is to be used for a device, separately from the
disable_modern and disable_legacy fields that record the user's
requested configuration.

Signed-off-by: Daniel P. Berrangé 
Message-Id: <20190215103239.28640-2-berra...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-pci.h| 31 +--
 hw/core/machine.c | 23 ---
 hw/display/virtio-gpu-pci.c   |  4 +++-
 hw/display/virtio-vga.c   |  4 +++-
 hw/virtio/virtio-crypto-pci.c |  4 +++-
 hw/virtio/virtio-input-pci.c  |  4 +++-
 hw/virtio/virtio-pci.c| 26 --
 7 files changed, 73 insertions(+), 23 deletions(-)

diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h
index 18581854ca..bfea2892a5 100644
--- a/hw/virtio/virtio-pci.h
+++ b/hw/virtio/virtio-pci.h
@@ -15,6 +15,7 @@
 #ifndef QEMU_VIRTIO_PCI_H
 #define QEMU_VIRTIO_PCI_H
 
+#include "qapi/error.h"
 #include "hw/pci/msi.h"
 #include "hw/virtio/virtio-bus.h"
 
@@ -118,6 +119,12 @@ typedef struct VirtIOPCIQueue {
   uint32_t used[2];
 } VirtIOPCIQueue;
 
+typedef enum {
+VIRTIO_PCI_MODE_LEGACY,
+VIRTIO_PCI_MODE_TRANSITIONAL,
+VIRTIO_PCI_MODE_MODERN,
+} VirtIOPCIMode;
+
 struct VirtIOPCIProxy {
 PCIDevice pci_dev;
 MemoryRegion bar;
@@ -142,6 +149,7 @@ struct VirtIOPCIProxy {
 bool disable_modern;
 bool ignore_backend_features;
 OnOffAuto disable_legacy;
+VirtIOPCIMode mode;
 uint32_t class_code;
 uint32_t nvectors;
 uint32_t dfselect;
@@ -156,23 +164,34 @@ struct VirtIOPCIProxy {
 
 static inline bool virtio_pci_modern(VirtIOPCIProxy *proxy)
 {
-return !proxy->disable_modern;
+return proxy->mode != VIRTIO_PCI_MODE_LEGACY;
 }
 
 static inline bool virtio_pci_legacy(VirtIOPCIProxy *proxy)
 {
-return proxy->disable_legacy == ON_OFF_AUTO_OFF;
+return proxy->mode != VIRTIO_PCI_MODE_MODERN;
 }
 
-static inline void virtio_pci_force_virtio_1(VirtIOPCIProxy *proxy)
+static inline bool virtio_pci_force_virtio_1(VirtIOPCIProxy *proxy,
+ Error **errp)
 {
-proxy->disable_modern = false;
-proxy->disable_legacy = ON_OFF_AUTO_ON;
+if (proxy->disable_legacy == ON_OFF_AUTO_OFF) {
+error_setg(errp, "Unable to set disable-legacy=off on a virtio-1.0 "
+   "only device");
+return false;
+}
+if (proxy->disable_modern == true) {
+error_setg(errp, "Unable to set disable-modern=on on a virtio-1.0 "
+   "only device");
+return false;
+}
+proxy->mode = VIRTIO_PCI_MODE_MODERN;
+return true;
 }
 
 static inline void virtio_pci_disable_modern(VirtIOPCIProxy *proxy)
 {
-proxy->disable_modern = true;
+proxy->mode = VIRTIO_PCI_MODE_LEGACY;
 }
 
 /*
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 5d046a43e3..934c1bcceb 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -102,9 +102,26 @@ const size_t hw_compat_2_7_len = 
G_N_ELEMENTS(hw_compat_2_7);
 
 GlobalProperty hw_compat_2_6[] = {
 { "virtio-mmio", "format_transport_address", "off" },
-/* Optional because not all virtio-pci devices support legacy mode */
-{ "virtio-pci", "disable-modern", "on",  .optional = true },
-{ "virtio-pci", "disable-legacy", "off", .optional = true },
+/*
+ * don't include devices which are modern-only
+ * ie keyboard, mouse, tablet, gpu, vga & crypto
+ */
+{ "virtio-9p-pci", "disable-modern", "on" },
+{ "virtio-9p-pci", "disable-legacy", "off" },
+{ "virtio-balloon-pci", "disable-modern", "on" },
+{ "virtio-balloon-pci", "disable-legacy", "off" },
+{ "virtio-blk-pci", "disable-modern", "on" },
+{ "virtio-blk-pci", "disable-legacy", "off" },
+{ "virtio-input-host-pci", "disable-modern", "on" },
+{ "virtio-input-host-pci", "disable-legacy", "off" },
+{ "virtio-net-pci", "disable-modern", "on" },
+{ "virtio-net-pci", "disable-legacy", "off" },
+{ "virtio-rng-pci", "disable-modern", "on" },
+{ "virtio-rng-pci", "disable-legacy", "off" },
+{ "virtio-scsi-pci", "disable-modern", "on" },
+{ "virtio-scsi-pci", "disable-legacy", "off" },
+{ "virtio-serial-pci", "disable-modern", "on" },
+{ "virtio-serial-pci", "disable-legacy", "off" },
 };
 const size_t hw_compat_2_6_len = G_N_ELEMENTS(hw_compat_2_6);
 
diff --git a/hw/display/virtio-gpu-pci.c b/hw/displa

[Qemu-devel] [PULL 03/37] docs: reST-ify vhost-user documentation

[Michael S. Tsirkin]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Message-Id: <20190315180735.13096-1-marcandre.lur...@redhat.com>
Reviewed-by: Jens Freimann 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 docs/interop/vhost-user.txt | 1219 ---
 MAINTAINERS |2 +-
 docs/interop/index.rst  |2 +-
 docs/interop/vhost-user.rst | 1351 +++
 4 files changed, 1353 insertions(+), 1221 deletions(-)
 delete mode 100644 docs/interop/vhost-user.txt
 create mode 100644 docs/interop/vhost-user.rst

diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
deleted file mode 100644
index 4dbd530cb9..00
--- a/docs/interop/vhost-user.txt
+++ /dev/null
@@ -1,1219 +0,0 @@
-Vhost-user Protocol
-===
-
-Copyright (c) 2014 Virtual Open Systems Sarl.
-
-This work is licensed under the terms of the GNU GPL, version 2 or later.
-See the COPYING file in the top-level directory.
-===
-
-This protocol is aiming to complement the ioctl interface used to control the
-vhost implementation in the Linux kernel. It implements the control plane 
needed
-to establish virtqueue sharing with a user space process on the same host. It
-uses communication over a Unix domain socket to share file descriptors in the
-ancillary data of the message.
-
-The protocol defines 2 sides of the communication, master and slave. Master is
-the application that shares its virtqueues, in our case QEMU. Slave is the
-consumer of the virtqueues.
-
-In the current implementation QEMU is the Master, and the Slave is the
-external process consuming the virtio queues, for example a software
-Ethernet switch running in user space, such as Snabbswitch, or a block
-device backend processing read & write to a virtual disk. In order to
-facilitate interoperability between various backend implementations,
-it is recommended to follow the "Backend program conventions"
-described in this document.
-
-Master and slave can be either a client (i.e. connecting) or server (listening)
-in the socket communication.
-
-Message Specification
--
-
-Note that all numbers are in the machine native byte order. A vhost-user 
message
-consists of 3 header fields and a payload:
-
-
-| request | flags | size | payload |
-
-
- * Request: 32-bit type of the request
- * Flags: 32-bit bit field:
-   - Lower 2 bits are the version (currently 0x01)
-   - Bit 2 is the reply flag - needs to be sent on each reply from the slave
-   - Bit 3 is the need_reply flag - see VHOST_USER_PROTOCOL_F_REPLY_ACK for
- details.
- * Size - 32-bit size of the payload
-
-
-Depending on the request type, payload can be:
-
- * A single 64-bit integer
-   ---
-   | u64 |
-   ---
-
-   u64: a 64-bit unsigned integer
-
- * A vring state description
-   ---
-   | index | num |
-   ---
-
-   Index: a 32-bit index
-   Num: a 32-bit number
-
- * A vring address description
-   --
-   | index | flags | size | descriptor | used | available | log |
-   --
-
-   Index: a 32-bit vring index
-   Flags: a 32-bit vring flags
-   Descriptor: a 64-bit ring address of the vring descriptor table
-   Used: a 64-bit ring address of the vring used ring
-   Available: a 64-bit ring address of the vring available ring
-   Log: a 64-bit guest address for logging
-
-   Note that a ring address is an IOVA if VIRTIO_F_IOMMU_PLATFORM has been
-   negotiated.  Otherwise it is a user address.
-
- * Memory regions description
-   ---
-   | num regions | padding | region0 | ... | region7 |
-   ---
-
-   Num regions: a 32-bit number of regions
-   Padding: 32-bit
-
-   A region is:
-   -
-   | guest address | size | user address | mmap offset |
-   -
-
-   Guest address: a 64-bit guest address of the region
-   Size: a 64-bit size
-   User address: a 64-bit user address
-   mmap offset: 64-bit offset where region starts in the mapped memory
-
-* Log description
-   ---
-   | log size | log offset |
-   ---
-   log size: size of area used for logging
-   log offset: offset from start of supplied file descriptor
-   where logging starts (i.e. where guest address 0 would be logged)
-
- * An IOTLB message
-   -
-   | iova | size | user address | permissions flags | type |
-   -
-
-   IOVA: a 64-bit I/O virtual address programmed by the guest
-   Size: a 64-bit size
-   User address: a 64-bit user addres

[Qemu-devel] [PULL 08/37] vhost-user-blk: Add return value for vhost_user_blk_start()

[Michael S. Tsirkin]

From: Xie Yongji 

Add a return value for vhost_user_blk_start() to check whether
we start vhost-user backend successfully or not.

Signed-off-by: Xie Yongji 
Signed-off-by: Zhang Yu 
Message-Id: <20190320112646.3712-6-xieyon...@baidu.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/block/vhost-user-blk.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 39e1adc60a..6802c19d65 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -103,7 +103,7 @@ const VhostDevConfigOps blk_ops = {
 .vhost_dev_config_notifier = vhost_user_blk_handle_config_change,
 };
 
-static void vhost_user_blk_start(VirtIODevice *vdev)
+static int vhost_user_blk_start(VirtIODevice *vdev)
 {
 VHostUserBlk *s = VHOST_USER_BLK(vdev);
 BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(vdev)));
@@ -112,13 +112,13 @@ static void vhost_user_blk_start(VirtIODevice *vdev)
 
 if (!k->set_guest_notifiers) {
 error_report("binding does not support guest notifiers");
-return;
+return -ENOSYS;
 }
 
 ret = vhost_dev_enable_notifiers(&s->dev, vdev);
 if (ret < 0) {
 error_report("Error enabling host notifiers: %d", -ret);
-return;
+return ret;
 }
 
 ret = k->set_guest_notifiers(qbus->parent, s->dev.nvqs, true);
@@ -157,12 +157,13 @@ static void vhost_user_blk_start(VirtIODevice *vdev)
 vhost_virtqueue_mask(&s->dev, vdev, i, false);
 }
 
-return;
+return ret;
 
 err_guest_notifiers:
 k->set_guest_notifiers(qbus->parent, s->dev.nvqs, false);
 err_host_notifiers:
 vhost_dev_disable_notifiers(&s->dev, vdev);
+return ret;
 }
 
 static void vhost_user_blk_stop(VirtIODevice *vdev)
-- 
MST

[Qemu-devel] [PULL 23/37] tests: acpi: rename acpi_parse_rsdp_table() into acpi_fetch_rsdp_table()

[Michael S. Tsirkin]

From: Igor Mammedov 

so name would reflect what the function does

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Wei Yang 
Message-Id: <1556808723-226478-2-git-send-email-imamm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/acpi-utils.h   | 2 +-
 tests/acpi-utils.c   | 2 +-
 tests/bios-tables-test.c | 2 +-
 tests/vmgenid-test.c | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/acpi-utils.h b/tests/acpi-utils.h
index ef388bbf12..4cd5553586 100644
--- a/tests/acpi-utils.h
+++ b/tests/acpi-utils.h
@@ -47,7 +47,7 @@ typedef struct {
 uint8_t acpi_calc_checksum(const uint8_t *data, int len);
 uint32_t acpi_find_rsdp_address(QTestState *qts);
 uint64_t acpi_get_xsdt_address(uint8_t *rsdp_table);
-void acpi_parse_rsdp_table(QTestState *qts, uint32_t addr, uint8_t 
*rsdp_table);
+void acpi_fetch_rsdp_table(QTestState *qts, uint32_t addr, uint8_t 
*rsdp_table);
 void acpi_fetch_table(QTestState *qts, uint8_t **aml, uint32_t *aml_len,
   const uint8_t *addr_ptr, const char *sig,
   bool verify_checksum);
diff --git a/tests/acpi-utils.c b/tests/acpi-utils.c
index cc33b460ab..633d8f513d 100644
--- a/tests/acpi-utils.c
+++ b/tests/acpi-utils.c
@@ -63,7 +63,7 @@ uint64_t acpi_get_xsdt_address(uint8_t *rsdp_table)
 return le64_to_cpu(xsdt_physical_address);
 }
 
-void acpi_parse_rsdp_table(QTestState *qts, uint32_t addr, uint8_t *rsdp_table)
+void acpi_fetch_rsdp_table(QTestState *qts, uint32_t addr, uint8_t *rsdp_table)
 {
 uint8_t revision;
 
diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index a506dcbb29..6a678bf761 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -89,7 +89,7 @@ static void test_acpi_rsdp_table(test_data *data)
 uint8_t *rsdp_table = data->rsdp_table, revision;
 uint32_t addr = data->rsdp_addr;
 
-acpi_parse_rsdp_table(data->qts, addr, rsdp_table);
+acpi_fetch_rsdp_table(data->qts, addr, rsdp_table);
 revision = rsdp_table[15 /* Revision offset */];
 
 switch (revision) {
diff --git a/tests/vmgenid-test.c b/tests/vmgenid-test.c
index ae38ee5ac0..f400184268 100644
--- a/tests/vmgenid-test.c
+++ b/tests/vmgenid-test.c
@@ -40,7 +40,7 @@ static uint32_t acpi_find_vgia(QTestState *qts)
 g_assert_cmphex(rsdp_offset, <, RSDP_ADDR_INVALID);
 
 
-acpi_parse_rsdp_table(qts, rsdp_offset, rsdp_table);
+acpi_fetch_rsdp_table(qts, rsdp_offset, rsdp_table);
 acpi_fetch_table(qts, &rsdt, &rsdt_len, &rsdp_table[16 /* RsdtAddress */],
  "RSDT", true);
 
-- 
MST

[Qemu-devel] [PULL 05/37] virtio: Use started flag in virtio_vmstate_change()

[Michael S. Tsirkin]

From: Xie Yongji 

Currently, we use DRIVER_OK status bit to check whether guest
driver has started the device in virtio_vmstate_change(). But it's
not the case for virtio 1.0 transitional devices. If migration completes
between kicking virtqueue and setting VIRTIO_CONFIG_S_DRIVER_OK, guest
may be hung. So here we use started flag to check guest state instead.

Signed-off-by: Xie Yongji 
Signed-off-by: Zhang Yu 
Message-Id: <20190320112646.3712-3-xieyon...@baidu.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index af7b59b4ae..b8d36cd4b7 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -2291,7 +2291,7 @@ static void virtio_vmstate_change(void *opaque, int 
running, RunState state)
 VirtIODevice *vdev = opaque;
 BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
 VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
-bool backend_run = running && (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK);
+bool backend_run = running && vdev->started;
 vdev->vm_running = running;
 
 if (backend_run) {
-- 
MST

[Qemu-devel] [PULL 09/37] vhost-user-blk: Add support to reconnect backend

[Michael S. Tsirkin]

From: Xie Yongji 

Since we now support the message VHOST_USER_GET_INFLIGHT_FD
and VHOST_USER_SET_INFLIGHT_FD. The backend is able to restart
safely because it can track inflight I/O in shared memory.
This patch allows qemu to reconnect the backend after
connection closed.

Signed-off-by: Xie Yongji 
Signed-off-by: Ni Xun 
Signed-off-by: Zhang Yu 
Message-Id: <20190320112646.3712-7-xieyon...@baidu.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/vhost-user-blk.h |   3 +
 hw/block/vhost-user-blk.c  | 159 -
 2 files changed, 139 insertions(+), 23 deletions(-)

diff --git a/include/hw/virtio/vhost-user-blk.h 
b/include/hw/virtio/vhost-user-blk.h
index 68634bee61..51457fb857 100644
--- a/include/hw/virtio/vhost-user-blk.h
+++ b/include/hw/virtio/vhost-user-blk.h
@@ -38,6 +38,9 @@ typedef struct VHostUserBlk {
 struct vhost_dev dev;
 struct vhost_inflight *inflight;
 VhostUserState vhost_user;
+struct vhost_virtqueue *vqs;
+guint watch;
+bool connected;
 } VHostUserBlk;
 
 #endif
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 6802c19d65..9cb61336a6 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -192,17 +192,27 @@ static void vhost_user_blk_set_status(VirtIODevice *vdev, 
uint8_t status)
 {
 VHostUserBlk *s = VHOST_USER_BLK(vdev);
 bool should_start = vdev->started;
+int ret;
 
 if (!vdev->vm_running) {
 should_start = false;
 }
 
+if (!s->connected) {
+return;
+}
+
 if (s->dev.started == should_start) {
 return;
 }
 
 if (should_start) {
-vhost_user_blk_start(vdev);
+ret = vhost_user_blk_start(vdev);
+if (ret < 0) {
+error_report("vhost-user-blk: vhost start failed: %s",
+ strerror(-ret));
+qemu_chr_fe_disconnect(&s->chardev);
+}
 } else {
 vhost_user_blk_stop(vdev);
 }
@@ -238,12 +248,16 @@ static uint64_t vhost_user_blk_get_features(VirtIODevice 
*vdev,
 static void vhost_user_blk_handle_output(VirtIODevice *vdev, VirtQueue *vq)
 {
 VHostUserBlk *s = VHOST_USER_BLK(vdev);
-int i;
+int i, ret;
 
 if (!vdev->start_on_kick) {
 return;
 }
 
+if (!s->connected) {
+return;
+}
+
 if (s->dev.started) {
 return;
 }
@@ -251,7 +265,13 @@ static void vhost_user_blk_handle_output(VirtIODevice 
*vdev, VirtQueue *vq)
 /* Some guests kick before setting VIRTIO_CONFIG_S_DRIVER_OK so start
  * vhost here instead of waiting for .set_status().
  */
-vhost_user_blk_start(vdev);
+ret = vhost_user_blk_start(vdev);
+if (ret < 0) {
+error_report("vhost-user-blk: vhost start failed: %s",
+ strerror(-ret));
+qemu_chr_fe_disconnect(&s->chardev);
+return;
+}
 
 /* Kick right away to begin processing requests already in vring */
 for (i = 0; i < s->dev.nvqs; i++) {
@@ -271,11 +291,103 @@ static void vhost_user_blk_reset(VirtIODevice *vdev)
 vhost_dev_free_inflight(s->inflight);
 }
 
+static int vhost_user_blk_connect(DeviceState *dev)
+{
+VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+VHostUserBlk *s = VHOST_USER_BLK(vdev);
+int ret = 0;
+
+if (s->connected) {
+return 0;
+}
+s->connected = true;
+
+s->dev.nvqs = s->num_queues;
+s->dev.vqs = s->vqs;
+s->dev.vq_index = 0;
+s->dev.backend_features = 0;
+
+vhost_dev_set_config_notifier(&s->dev, &blk_ops);
+
+ret = vhost_dev_init(&s->dev, &s->vhost_user, VHOST_BACKEND_TYPE_USER, 0);
+if (ret < 0) {
+error_report("vhost-user-blk: vhost initialization failed: %s",
+ strerror(-ret));
+return ret;
+}
+
+/* restore vhost state */
+if (vdev->started) {
+ret = vhost_user_blk_start(vdev);
+if (ret < 0) {
+error_report("vhost-user-blk: vhost start failed: %s",
+ strerror(-ret));
+return ret;
+}
+}
+
+return 0;
+}
+
+static void vhost_user_blk_disconnect(DeviceState *dev)
+{
+VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+VHostUserBlk *s = VHOST_USER_BLK(vdev);
+
+if (!s->connected) {
+return;
+}
+s->connected = false;
+
+if (s->dev.started) {
+vhost_user_blk_stop(vdev);
+}
+
+vhost_dev_cleanup(&s->dev);
+}
+
+static gboolean vhost_user_blk_watch(GIOChannel *chan, GIOCondition cond,
+ void *opaque)
+{
+DeviceState *dev = opaque;
+VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+VHostUserBlk *s = VHOST_USER_BLK(vdev);
+
+qemu_chr_fe_disconnect(&s->chardev);
+
+return true;
+}
+
+static void vhost_user_blk_event(void *opaque, int event)
+{
+DeviceState *dev = opaque;
+VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+VHostUserBlk *s = VHOST_USER_BLK(vdev);
+
+switch (event

[Qemu-devel] [PULL 04/37] virtio: Introduce started flag to VirtioDevice

[Michael S. Tsirkin]

From: Xie Yongji 

The virtio 1.0 transitional devices support driver uses the device
before setting the DRIVER_OK status bit. So we introduce a started
flag to indicate whether driver has started the device or not.

Signed-off-by: Xie Yongji 
Signed-off-by: Zhang Yu 
Message-Id: <20190320112646.3712-2-xieyon...@baidu.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/virtio.h |  2 ++
 hw/virtio/virtio.c | 52 --
 2 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index ce9516236a..fea08bcc44 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -105,6 +105,8 @@ struct VirtIODevice
 uint16_t device_id;
 bool vm_running;
 bool broken; /* device in invalid state, needs reset */
+bool started;
+bool start_on_kick; /* virtio 1.0 transitional devices support that */
 VMChangeStateEntry *vmstate;
 char *bus_name;
 uint8_t device_endian;
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 2626a895cb..af7b59b4ae 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -1162,10 +1162,16 @@ int virtio_set_status(VirtIODevice *vdev, uint8_t val)
 }
 }
 }
+vdev->started = val & VIRTIO_CONFIG_S_DRIVER_OK;
+if (unlikely(vdev->start_on_kick && vdev->started)) {
+vdev->start_on_kick = false;
+}
+
 if (k->set_status) {
 k->set_status(vdev, val);
 }
 vdev->status = val;
+
 return 0;
 }
 
@@ -1208,6 +1214,9 @@ void virtio_reset(void *opaque)
 k->reset(vdev);
 }
 
+vdev->start_on_kick = (virtio_host_has_feature(vdev, VIRTIO_F_VERSION_1) &&
+  !virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1));
+vdev->started = false;
 vdev->broken = false;
 vdev->guest_features = 0;
 vdev->queue_sel = 0;
@@ -1518,14 +1527,21 @@ void virtio_queue_set_align(VirtIODevice *vdev, int n, 
int align)
 
 static bool virtio_queue_notify_aio_vq(VirtQueue *vq)
 {
+bool ret = false;
+
 if (vq->vring.desc && vq->handle_aio_output) {
 VirtIODevice *vdev = vq->vdev;
 
 trace_virtio_queue_notify(vdev, vq - vdev->vq, vq);
-return vq->handle_aio_output(vdev, vq);
+ret = vq->handle_aio_output(vdev, vq);
+
+if (unlikely(vdev->start_on_kick)) {
+vdev->started = true;
+vdev->start_on_kick = false;
+}
 }
 
-return false;
+return ret;
 }
 
 static void virtio_queue_notify_vq(VirtQueue *vq)
@@ -1539,6 +1555,11 @@ static void virtio_queue_notify_vq(VirtQueue *vq)
 
 trace_virtio_queue_notify(vdev, vq - vdev->vq, vq);
 vq->handle_output(vdev, vq);
+
+if (unlikely(vdev->start_on_kick)) {
+vdev->started = true;
+vdev->start_on_kick = false;
+}
 }
 }
 
@@ -1556,6 +1577,11 @@ void virtio_queue_notify(VirtIODevice *vdev, int n)
 } else if (vq->handle_output) {
 vq->handle_output(vdev, vq);
 }
+
+if (unlikely(vdev->start_on_kick)) {
+vdev->started = true;
+vdev->start_on_kick = false;
+}
 }
 
 uint16_t virtio_queue_vector(VirtIODevice *vdev, int n)
@@ -1770,6 +1796,13 @@ static bool virtio_broken_needed(void *opaque)
 return vdev->broken;
 }
 
+static bool virtio_started_needed(void *opaque)
+{
+VirtIODevice *vdev = opaque;
+
+return vdev->started;
+}
+
 static const VMStateDescription vmstate_virtqueue = {
 .name = "virtqueue_state",
 .version_id = 1,
@@ -1898,6 +1931,17 @@ static const VMStateDescription vmstate_virtio_broken = {
 }
 };
 
+static const VMStateDescription vmstate_virtio_started = {
+.name = "virtio/started",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = &virtio_started_needed,
+.fields = (VMStateField[]) {
+VMSTATE_BOOL(started, VirtIODevice),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_virtio = {
 .name = "virtio",
 .version_id = 1,
@@ -1913,6 +1957,7 @@ static const VMStateDescription vmstate_virtio = {
 &vmstate_virtio_ringsize,
 &vmstate_virtio_broken,
 &vmstate_virtio_extra_state,
+&vmstate_virtio_started,
 NULL
 }
 };
@@ -2286,6 +2331,9 @@ void virtio_init(VirtIODevice *vdev, const char *name,
 g_malloc0(sizeof(*vdev->vector_queues) * nvectors);
 }
 
+vdev->start_on_kick = (virtio_host_has_feature(vdev, VIRTIO_F_VERSION_1) &&
+  !virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1));
+vdev->started = false;
 vdev->device_id = device_id;
 vdev->status = 0;
 atomic_set(&vdev->isr, 0);
-- 
MST

[Qemu-devel] [PULL 27/37] tests: acpi: fetch X_DSDT if pointer to DSDT is 0

[Michael S. Tsirkin]

From: Igor Mammedov 

that way it would be possible to test a DSDT pointed by
64bit X_DSDT field in FADT.

PS:
it will allow to enable testing arm/virt board, which sets
only newer X_DSDT field.

Signed-off-by: Igor Mammedov 
Message-Id: <1556808723-226478-6-git-send-email-imamm...@redhat.com>
Reviewed-by: Wei Yang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/bios-tables-test.c | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index a164d274a2..d165a1bd62 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -140,6 +140,9 @@ static void test_acpi_fadt_table(test_data *data)
 AcpiSdtTable table = g_array_index(data->tables, typeof(table), 0);
 uint8_t *fadt_aml = table.aml;
 uint32_t fadt_len = table.aml_len;
+uint32_t val;
+int dsdt_offset = 40 /* DSDT */;
+int dsdt_entry_size = 4;
 
 g_assert(compare_signature(&table, "FACP"));
 
@@ -148,8 +151,14 @@ static void test_acpi_fadt_table(test_data *data)
  fadt_aml + 36 /* FIRMWARE_CTRL */, 4, "FACS", false);
 g_array_append_val(data->tables, table);
 
+memcpy(&val, fadt_aml + dsdt_offset, 4);
+val = le32_to_cpu(val);
+if (!val) {
+dsdt_offset = 140 /* X_DSDT */;
+dsdt_entry_size = 8;
+}
 acpi_fetch_table(data->qts, &table.aml, &table.aml_len,
- fadt_aml + 40 /* DSDT */, 4, "DSDT", true);
+ fadt_aml + dsdt_offset, dsdt_entry_size, "DSDT", true);
 g_array_append_val(data->tables, table);
 
 memset(fadt_aml + 36, 0, 4); /* sanitize FIRMWARE_CTRL ptr */
-- 
MST

[Qemu-devel] [PULL 10/37] contrib/vhost-user-blk: enable inflight I/O tracking

[Michael S. Tsirkin]

From: Xie Yongji 

This patch enables inflight I/O tracking for
vhost-user-blk backend so that we could restart it safely.

Signed-off-by: Xie Yongji 
Signed-off-by: Zhang Yu 
Message-Id: <20190320112646.3712-8-xieyon...@baidu.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 contrib/vhost-user-blk/vhost-user-blk.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/contrib/vhost-user-blk/vhost-user-blk.c 
b/contrib/vhost-user-blk/vhost-user-blk.c
index 43583f2659..86a3987744 100644
--- a/contrib/vhost-user-blk/vhost-user-blk.c
+++ b/contrib/vhost-user-blk/vhost-user-blk.c
@@ -398,7 +398,8 @@ vub_get_features(VuDev *dev)
 static uint64_t
 vub_get_protocol_features(VuDev *dev)
 {
-return 1ull << VHOST_USER_PROTOCOL_F_CONFIG;
+return 1ull << VHOST_USER_PROTOCOL_F_CONFIG |
+   1ull << VHOST_USER_PROTOCOL_F_INFLIGHT_SHMFD;
 }
 
 static int
-- 
MST

[Qemu-devel] [PULL 31/37] tests: acpi: add a way to start tests with UEFI firmware

[Michael S. Tsirkin]

From: Igor Mammedov 

For testcase to use UEFI firmware, one needs to provide and specify
firmware and varstore blob names in test_data { uefi_fl1, uefi_fl2 }
fields respectively and RAM start address plus size where to look for
test structure signature. Additionally testcase should specify
bootable cdrom image from uefi-boot-images with EFI test utility.

Signed-off-by: Igor Mammedov 
Reviewed-by: Laszlo Ersek 
Message-Id: <1556808723-226478-10-git-send-email-imamm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/bios-tables-test.c | 50 +++-
 1 file changed, 34 insertions(+), 16 deletions(-)

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 4d13a3cce6..84e1ce2972 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -26,6 +26,11 @@
 typedef struct {
 const char *machine;
 const char *variant;
+const char *uefi_fl1;
+const char *uefi_fl2;
+const char *cd;
+const uint64_t ram_start;
+const uint64_t scan_len;
 uint64_t rsdp_addr;
 uint8_t rsdp_table[36 /* ACPI 2.0+ RSDP size */];
 GArray *tables;
@@ -77,13 +82,6 @@ static void free_test_data(test_data *data)
 g_array_free(data->tables, true);
 }
 
-static void test_acpi_rsdp_address(test_data *data)
-{
-uint32_t off = acpi_find_rsdp_address(data->qts);
-g_assert_cmphex(off, <, 0x10);
-data->rsdp_addr = off;
-}
-
 static void test_acpi_rsdp_table(test_data *data)
 {
 uint8_t *rsdp_table = data->rsdp_table;
@@ -524,21 +522,41 @@ static void test_smbios_structs(test_data *data)
 static void test_acpi_one(const char *params, test_data *data)
 {
 char *args;
+bool use_uefi = data->uefi_fl1 && data->uefi_fl2;
 
-/* Disable kernel irqchip to be able to override apic irq0. */
-args = g_strdup_printf("-machine %s,accel=%s,kernel-irqchip=off "
-   "-net none -display none %s "
-   "-drive id=hd0,if=none,file=%s,format=raw "
-   "-device ide-hd,drive=hd0 ",
-   data->machine, "kvm:tcg",
-   params ? params : "", disk);
+if (use_uefi) {
+/*
+ * TODO: convert '-drive if=pflash' to new syntax (see e33763be7cd3)
+ * when arm/virt boad starts to support it.
+ */
+args = g_strdup_printf("-machine %s,accel=%s -nodefaults -nographic "
+"-drive if=pflash,format=raw,file=%s,readonly "
+"-drive if=pflash,format=raw,file=%s,snapshot=on -cdrom %s %s",
+data->machine, "kvm:tcg", data->uefi_fl1, data->uefi_fl2,
+data->cd, params ? params : "");
+
+} else {
+/* Disable kernel irqchip to be able to override apic irq0. */
+args = g_strdup_printf("-machine %s,accel=%s,kernel-irqchip=off "
+"-net none -display none %s "
+"-drive id=hd0,if=none,file=%s,format=raw "
+"-device ide-hd,drive=hd0 ",
+ data->machine, "kvm:tcg", params ? params : "", disk);
+}
 
 data->qts = qtest_init(args);
 
-boot_sector_test(data->qts);
+if (use_uefi) {
+g_assert(data->scan_len);
+data->rsdp_addr = acpi_find_rsdp_address_uefi(data->qts,
+data->ram_start, data->scan_len);
+} else {
+boot_sector_test(data->qts);
+data->rsdp_addr = acpi_find_rsdp_address(data->qts);
+g_assert_cmphex(data->rsdp_addr, <, 0x10);
+}
 
 data->tables = g_array_new(false, true, sizeof(AcpiSdtTable));
-test_acpi_rsdp_address(data);
 test_acpi_rsdp_table(data);
 test_acpi_rxsdt_table(data);
 test_acpi_fadt_table(data);
-- 
MST

[Qemu-devel] [PULL 14/37] q35: acpi: do not create dummy MCFG table

[Michael S. Tsirkin]

From: Igor Mammedov 

Dummy table (with signature "QEMU") creation came from original SeaBIOS
codebase. And QEMU would have to keep it around if there were Q35 machine
that depended on keeping ACPI tables blob constant size. Luckily there
were no versioned Q35 machine types before commit:
  (since 2.3) a1666142db acpi-build: make ROMs RAM blocks resizeable
which obsoleted need to keep ACPI tables blob the same size on 
source/destination.

Considering the 1st versioned machine is pc-q35-2.4, the dummy table
is not really necessary and it's safe to drop it without breaking
cross version migration in both directions unconditionally.

Signed-off-by: Igor Mammedov 
Message-Id: <1554822037-329838-1-git-send-email-imamm...@redhat.com>
Reviewed-by: Wei Yang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/acpi-build.c | 18 --
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 416da318ae..8671e25af4 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2401,7 +2401,6 @@ static void
 build_mcfg_q35(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
 {
 AcpiTableMcfg *mcfg;
-const char *sig;
 int len = sizeof(*mcfg) + 1 * sizeof(mcfg->allocation[0]);
 
 mcfg = acpi_data_push(table_data, len);
@@ -2411,19 +2410,7 @@ build_mcfg_q35(GArray *table_data, BIOSLinker *linker, 
AcpiMcfgInfo *info)
 mcfg->allocation[0].start_bus_number = 0;
 mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->mcfg_size - 1);
 
-/* MCFG is used for ECAM which can be enabled or disabled by guest.
- * To avoid table size changes (which create migration issues),
- * always create the table even if there are no allocations,
- * but set the signature to a reserved value in this case.
- * ACPI spec requires OSPMs to ignore such tables.
- */
-if (info->mcfg_base == PCIE_BASE_ADDR_UNMAPPED) {
-/* Reserved signature: ignored by OSPM */
-sig = "QEMU";
-} else {
-sig = "MCFG";
-}
-build_header(linker, table_data, (void *)mcfg, sig, len, 1, NULL, NULL);
+build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
 }
 
 /*
@@ -2592,6 +2579,9 @@ static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
 }
 mcfg->mcfg_base = qnum_get_uint(qobject_to(QNum, o));
 qobject_unref(o);
+if (mcfg->mcfg_base == PCIE_BASE_ADDR_UNMAPPED) {
+return false;
+}
 
 o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_SIZE, NULL);
 assert(o);
-- 
MST

[Qemu-devel] [PULL 07/37] vhost-user-blk: Only start vhost-user backend with the first kick

[Michael S. Tsirkin]

From: Xie Yongji 

We should only start vhost-user backend at the first kick for
virtio 1.0 transitional devices.

Signed-off-by: Xie Yongji 
Signed-off-by: Zhang Yu 
Message-Id: <20190320112646.3712-5-xieyon...@baidu.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/block/vhost-user-blk.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 700c1dd111..39e1adc60a 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -239,8 +239,7 @@ static void vhost_user_blk_handle_output(VirtIODevice 
*vdev, VirtQueue *vq)
 VHostUserBlk *s = VHOST_USER_BLK(vdev);
 int i;
 
-if (!(virtio_host_has_feature(vdev, VIRTIO_F_VERSION_1) &&
-!virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1))) {
+if (!vdev->start_on_kick) {
 return;
 }
 
-- 
MST

[Qemu-devel] [PULL 11/37] acpi/piix4: Convert debug printf()s to trace events

[Michael S. Tsirkin]

From: Markus Armbruster 

Signed-off-by: Markus Armbruster 
Message-Id: <20190402161900.7374-2-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/acpi/piix4.c  | 14 +++---
 hw/acpi/trace-events |  4 
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 9c079d6834..546ba036ed 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -39,14 +39,7 @@
 #include "hw/acpi/acpi_dev_interface.h"
 #include "hw/xen/xen.h"
 #include "qom/cpu.h"
-
-//#define DEBUG
-
-#ifdef DEBUG
-# define PIIX4_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
-#else
-# define PIIX4_DPRINTF(format, ...) do { } while (0)
-#endif
+#include "trace.h"
 
 #define GPE_BASE 0xafe0
 #define GPE_LEN 4
@@ -596,7 +589,7 @@ static uint64_t gpe_readb(void *opaque, hwaddr addr, 
unsigned width)
 PIIX4PMState *s = opaque;
 uint32_t val = acpi_gpe_ioport_readb(&s->ar, addr);
 
-PIIX4_DPRINTF("gpe read %" HWADDR_PRIx " == %" PRIu32 "\n", addr, val);
+trace_piix4_gpe_readb(addr, width, val);
 return val;
 }
 
@@ -605,10 +598,9 @@ static void gpe_writeb(void *opaque, hwaddr addr, uint64_t 
val,
 {
 PIIX4PMState *s = opaque;
 
+trace_piix4_gpe_writeb(addr, width, val);
 acpi_gpe_ioport_writeb(&s->ar, addr, val);
 acpi_update_sci(&s->ar, s->irq);
-
-PIIX4_DPRINTF("gpe write %" HWADDR_PRIx " <== %" PRIu64 "\n", addr, val);
 }
 
 static const MemoryRegionOps piix4_gpe_ops = {
diff --git a/hw/acpi/trace-events b/hw/acpi/trace-events
index 6272d8a9e7..825b25cbb0 100644
--- a/hw/acpi/trace-events
+++ b/hw/acpi/trace-events
@@ -31,6 +31,10 @@ cpuhp_acpi_ejecting_cpu(uint32_t idx) "0x%"PRIx32
 cpuhp_acpi_write_ost_ev(uint32_t slot, uint32_t ev) "idx[0x%"PRIx32"] OST 
EVENT: 0x%"PRIx32
 cpuhp_acpi_write_ost_status(uint32_t slot, uint32_t st) "idx[0x%"PRIx32"] OST 
STATUS: 0x%"PRIx32
 
+# piix4.c
+piix4_gpe_readb(uint64_t addr, unsigned width, uint64_t val) "addr: 0x%" 
PRIx64 " width: %d ==> 0x%" PRIx64
+piix4_gpe_writeb(uint64_t addr, unsigned width, uint64_t val) "addr: 0x%" 
PRIx64 " width: %d <== 0x%" PRIx64
+
 # tco.c
 tco_timer_reload(int ticks, int msec) "ticks=%d (%d ms)"
 tco_timer_expired(int timeouts_no, bool strap, bool no_reboot) "timeouts_no=%d 
no_reboot=%d/%d"
-- 
MST

[Qemu-devel] [PULL 16/37] hw/arm/virt-acpi-build: remove unnecessary variable mcfg_start

[Michael S. Tsirkin]

From: Wei Yang 

mcfg_start points to the start of MCFG table and is used in
build_header. While this information could be derived from mcfg.

This patch removes the unnecessary variable mcfg_start.

Signed-off-by: Wei Yang 
Reviewed-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190419003053.8260-3-richardw.y...@linux.intel.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/arm/virt-acpi-build.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index bf9c0bc2f4..12dbaf3846 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -552,7 +552,6 @@ build_mcfg(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
 const MemMapEntry *memmap = vms->memmap;
 int ecam_id = VIRT_ECAM_ID(vms->highmem_ecam);
 int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
-int mcfg_start = table_data->len;
 
 mcfg = acpi_data_push(table_data, len);
 mcfg->allocation[0].address = cpu_to_le64(memmap[ecam_id].base);
@@ -563,8 +562,7 @@ build_mcfg(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
 mcfg->allocation[0].end_bus_number =
 PCIE_MMCFG_BUS(memmap[ecam_id].size - 1);
 
-build_header(linker, table_data, (void *)(table_data->data + mcfg_start),
- "MCFG", table_data->len - mcfg_start, 1, NULL, NULL);
+build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
 }
 
 /* GTDT */
-- 
MST

[Qemu-devel] [PULL 21/37] pcie: Remove redundant test in pcie_mmcfg_data_{read, write}()

[Michael S. Tsirkin]

From: David Gibson 

These functions have an explicit test for accesses above the device's
config size.  But pci_host_config_{read,write}_common() which they're
about to call already have checks against the config space limit and
do the right thing.  So, remove the redundant tests.

Signed-off-by: David Gibson 
Message-Id: <20190424041959.4087-2-da...@gibson.dropbear.id.au>
---
 hw/pci/pcie_host.c | 10 --
 1 file changed, 10 deletions(-)

diff --git a/hw/pci/pcie_host.c b/hw/pci/pcie_host.c
index 553db56778..1ee4945a6d 100644
--- a/hw/pci/pcie_host.c
+++ b/hw/pci/pcie_host.c
@@ -47,11 +47,6 @@ static void pcie_mmcfg_data_write(void *opaque, hwaddr 
mmcfg_addr,
 }
 addr = PCIE_MMCFG_CONFOFFSET(mmcfg_addr);
 limit = pci_config_size(pci_dev);
-if (limit <= addr) {
-/* conventional pci device can be behind pcie-to-pci bridge.
-   256 <= addr < 4K has no effects. */
-return;
-}
 pci_host_config_write_common(pci_dev, addr, limit, val, len);
 }
 
@@ -70,11 +65,6 @@ static uint64_t pcie_mmcfg_data_read(void *opaque,
 }
 addr = PCIE_MMCFG_CONFOFFSET(mmcfg_addr);
 limit = pci_config_size(pci_dev);
-if (limit <= addr) {
-/* conventional pci device can be behind pcie-to-pci bridge.
-   256 <= addr < 4K has no effects. */
-return ~0x0;
-}
 return pci_host_config_read_common(pci_dev, addr, limit, len);
 }
 
-- 
MST

[Qemu-devel] [PULL 35/37] tests: acpi: add simple arm/virt testcase

[Michael S. Tsirkin]

From: Igor Mammedov 

adds simple arm/virt test case that starts guest with
bios-tables-test.aarch64.iso.qcow2 boot image which
initializes UefiTestSupport* structure in RAM once
guest is booted.

 * see commit: tests: acpi: add acpi_find_rsdp_address_uefi() helper

Signed-off-by: Igor Mammedov 
Reviewed-by: Laszlo Ersek 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <1556808723-226478-14-git-send-email-imamm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/bios-tables-test.c | 18 ++
 tests/Makefile.include   |  1 +
 2 files changed, 19 insertions(+)

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 39c1e24efd..eaa1b0cf62 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -810,6 +810,22 @@ static void test_acpi_piix4_tcg_dimm_pxm(void)
 test_acpi_tcg_dimm_pxm(MACHINE_PC);
 }
 
+static void test_acpi_virt_tcg(void)
+{
+test_data data = {
+.machine = "virt",
+.accel = "tcg",
+.uefi_fl1 = "pc-bios/edk2-aarch64-code.fd",
+.uefi_fl2 = "pc-bios/edk2-arm-vars.fd",
+.cd = "tests/data/uefi-boot-images/bios-tables-test.aarch64.iso.qcow2",
+.ram_start = 0x4000ULL,
+.scan_len = 128ULL * 1024 * 1024,
+};
+
+test_acpi_one("-cpu cortex-a57", &data);
+free_test_data(&data);
+}
+
 int main(int argc, char *argv[])
 {
 const char *arch = qtest_get_arch();
@@ -838,6 +854,8 @@ int main(int argc, char *argv[])
 qtest_add_func("acpi/q35/numamem", test_acpi_q35_tcg_numamem);
 qtest_add_func("acpi/piix4/dimmpxm", test_acpi_piix4_tcg_dimm_pxm);
 qtest_add_func("acpi/q35/dimmpxm", test_acpi_q35_tcg_dimm_pxm);
+} else if (strcmp(arch, "aarch64") == 0) {
+qtest_add_func("acpi/virt", test_acpi_virt_tcg);
 }
 ret = g_test_run();
 boot_sector_cleanup(disk);
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 60de085ee1..43ef524de4 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -267,6 +267,7 @@ check-qtest-arm-y += tests/hexloader-test$(EXESUF)
 check-qtest-aarch64-y = tests/numa-test$(EXESUF)
 check-qtest-aarch64-y += tests/boot-serial-test$(EXESUF)
 check-qtest-aarch64-y += tests/migration-test$(EXESUF)
+check-qtest-aarch64-y += tests/bios-tables-test$(EXESUF)
 
 check-qtest-microblazeel-y += $(check-qtest-microblaze-y)
 
-- 
MST

[Qemu-devel] [PULL 22/37] pci: Simplify pci_bus_is_root()

[Michael S. Tsirkin]

From: David Gibson 

pci_bus_is_root() currently relies on a method in the PCIBusClass.
But it's always known if a PCI bus is a root bus when we create it, so
using a dynamic method is overkill.

This replaces it with an IS_ROOT bit in a new flags field, which is set on
root buses and otherwise clear.  As a bonus this removes the special
is_root logic from pci_expander_bridge, since it already creates its bus
as a root bus.

Signed-off-by: David Gibson 
Reviewed-by: Marcel Apfelbaum 
Reviewed-by: Peter Xu 
Reviewed-by: Greg Kurz 
Message-Id: <20190424041959.4087-3-da...@gibson.dropbear.id.au>
---
 include/hw/pci/pci.h|  1 -
 include/hw/pci/pci_bus.h| 12 +++-
 hw/pci-bridge/pci_expander_bridge.c |  6 --
 hw/pci/pci.c| 14 ++
 hw/virtio/virtio-pci.c  |  1 +
 5 files changed, 14 insertions(+), 20 deletions(-)

diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index fdd4c43d3a..edf44de21d 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -395,7 +395,6 @@ typedef PCIINTxRoute (*pci_route_irq_fn)(void *opaque, int 
pin);
 #define TYPE_PCIE_BUS "PCIE"
 
 bool pci_bus_is_express(PCIBus *bus);
-bool pci_bus_is_root(PCIBus *bus);
 bool pci_bus_allows_extended_config_space(PCIBus *bus);
 
 void pci_root_bus_new_inplace(PCIBus *bus, size_t bus_size, DeviceState 
*parent,
diff --git a/include/hw/pci/pci_bus.h b/include/hw/pci/pci_bus.h
index f6df834170..aea98d5040 100644
--- a/include/hw/pci/pci_bus.h
+++ b/include/hw/pci/pci_bus.h
@@ -15,14 +15,19 @@ typedef struct PCIBusClass {
 BusClass parent_class;
 /*< public >*/
 
-bool (*is_root)(PCIBus *bus);
 int (*bus_num)(PCIBus *bus);
 uint16_t (*numa_node)(PCIBus *bus);
 bool (*allows_extended_config_space)(PCIBus *bus);
 } PCIBusClass;
 
+enum PCIBusFlags {
+/* This bus is the root of a PCI domain */
+PCI_BUS_IS_ROOT = 0x0001,
+};
+
 struct PCIBus {
 BusState qbus;
+enum PCIBusFlags flags;
 PCIIOMMUFunc iommu_fn;
 void *iommu_opaque;
 uint8_t devfn_min;
@@ -47,4 +52,9 @@ struct PCIBus {
 Notifier machine_done;
 };
 
+static inline bool pci_bus_is_root(PCIBus *bus)
+{
+return !!(bus->flags & PCI_BUS_IS_ROOT);
+}
+
 #endif /* QEMU_PCI_BUS_H */
diff --git a/hw/pci-bridge/pci_expander_bridge.c 
b/hw/pci-bridge/pci_expander_bridge.c
index e62de4218f..ca66bc721a 100644
--- a/hw/pci-bridge/pci_expander_bridge.c
+++ b/hw/pci-bridge/pci_expander_bridge.c
@@ -66,11 +66,6 @@ static int pxb_bus_num(PCIBus *bus)
 return pxb->bus_nr;
 }
 
-static bool pxb_is_root(PCIBus *bus)
-{
-return true; /* by definition */
-}
-
 static uint16_t pxb_bus_numa_node(PCIBus *bus)
 {
 PXBDev *pxb = convert_to_pxb(bus->parent_dev);
@@ -83,7 +78,6 @@ static void pxb_bus_class_init(ObjectClass *class, void *data)
 PCIBusClass *pbc = PCI_BUS_CLASS(class);
 
 pbc->bus_num = pxb_bus_num;
-pbc->is_root = pxb_is_root;
 pbc->numa_node = pxb_bus_numa_node;
 }
 
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index a78023f669..b386777045 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -129,14 +129,9 @@ static void pci_bus_unrealize(BusState *qbus, Error **errp)
 vmstate_unregister(NULL, &vmstate_pcibus, bus);
 }
 
-static bool pcibus_is_root(PCIBus *bus)
-{
-return !bus->parent_dev;
-}
-
 static int pcibus_num(PCIBus *bus)
 {
-if (pcibus_is_root(bus)) {
+if (pci_bus_is_root(bus)) {
 return 0; /* pci host bridge */
 }
 return bus->parent_dev->config[PCI_SECONDARY_BUS];
@@ -164,7 +159,6 @@ static void pci_bus_class_init(ObjectClass *klass, void 
*data)
 k->unrealize = pci_bus_unrealize;
 k->reset = pcibus_reset;
 
-pbc->is_root = pcibus_is_root;
 pbc->bus_num = pcibus_num;
 pbc->numa_node = pcibus_numa_node;
 pbc->allows_extended_config_space = pcibus_allows_extended_config_space;
@@ -398,6 +392,7 @@ static void pci_root_bus_init(PCIBus *bus, DeviceState 
*parent,
 bus->slot_reserved_mask = 0x0;
 bus->address_space_mem = address_space_mem;
 bus->address_space_io = address_space_io;
+bus->flags |= PCI_BUS_IS_ROOT;
 
 /* host bridge */
 QLIST_INIT(&bus->child);
@@ -415,11 +410,6 @@ bool pci_bus_is_express(PCIBus *bus)
 return object_dynamic_cast(OBJECT(bus), TYPE_PCIE_BUS);
 }
 
-bool pci_bus_is_root(PCIBus *bus)
-{
-return PCI_BUS_GET_CLASS(bus)->is_root(bus);
-}
-
 bool pci_bus_allows_extended_config_space(PCIBus *bus)
 {
 return PCI_BUS_GET_CLASS(bus)->allows_extended_config_space(bus);
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 509c1ff555..9056cdfa3c 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -20,6 +20,7 @@
 #include "standard-headers/linux/virtio_pci.h"
 #include "hw/virtio/virtio.h"
 #include "hw/pci/pci.h"
+#include "hw/pci/pci_bus.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "hw/pci/msi.h"
-- 
MST

[Qemu-devel] [PULL 12/37] acpi/pcihp: Convert debug printf()s to trace events

[Michael S. Tsirkin]

From: Markus Armbruster 

Signed-off-by: Markus Armbruster 
Message-Id: <20190402161900.7374-3-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/acpi/pcihp.c  | 25 -
 hw/acpi/trace-events |  9 +
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index 88e4ae1bcd..7729c5338b 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -37,14 +37,7 @@
 #include "hw/pci/pci_bus.h"
 #include "qapi/error.h"
 #include "qom/qom-qobject.h"
-
-//#define DEBUG
-
-#ifdef DEBUG
-# define ACPI_PCIHP_DPRINTF(format, ...) printf(format, ## __VA_ARGS__)
-#else
-# define ACPI_PCIHP_DPRINTF(format, ...) do { } while (0)
-#endif
+#include "trace.h"
 
 #define ACPI_PCIHP_ADDR 0xae00
 #define ACPI_PCIHP_SIZE 0x0014
@@ -306,23 +299,23 @@ static uint64_t pci_read(void *opaque, hwaddr addr, 
unsigned int size)
 if (!s->legacy_piix) {
 s->acpi_pcihp_pci_status[bsel].up = 0;
 }
-ACPI_PCIHP_DPRINTF("pci_up_read %" PRIu32 "\n", val);
+trace_acpi_pci_up_read(val);
 break;
 case PCI_DOWN_BASE:
 val = s->acpi_pcihp_pci_status[bsel].down;
-ACPI_PCIHP_DPRINTF("pci_down_read %" PRIu32 "\n", val);
+trace_acpi_pci_down_read(val);
 break;
 case PCI_EJ_BASE:
 /* No feature defined yet */
-ACPI_PCIHP_DPRINTF("pci_features_read %" PRIu32 "\n", val);
+trace_acpi_pci_features_read(val);
 break;
 case PCI_RMV_BASE:
 val = s->acpi_pcihp_pci_status[bsel].hotplug_enable;
-ACPI_PCIHP_DPRINTF("pci_rmv_read %" PRIu32 "\n", val);
+trace_acpi_pci_rmv_read(val);
 break;
 case PCI_SEL_BASE:
 val = s->hotplug_select;
-ACPI_PCIHP_DPRINTF("pci_sel_read %" PRIu32 "\n", val);
+trace_acpi_pci_sel_read(val);
 default:
 break;
 }
@@ -340,13 +333,11 @@ static void pci_write(void *opaque, hwaddr addr, uint64_t 
data,
 break;
 }
 acpi_pcihp_eject_slot(s, s->hotplug_select, data);
-ACPI_PCIHP_DPRINTF("pciej write %" HWADDR_PRIx " <== %" PRIu64 "\n",
-  addr, data);
+trace_acpi_pci_ej_write(addr, data);
 break;
 case PCI_SEL_BASE:
 s->hotplug_select = s->legacy_piix ? ACPI_PCIHP_BSEL_DEFAULT : data;
-ACPI_PCIHP_DPRINTF("pcisel write %" HWADDR_PRIx " <== %" PRIu64 "\n",
-  addr, data);
+trace_acpi_pci_sel_write(addr, data);
 default:
 break;
 }
diff --git a/hw/acpi/trace-events b/hw/acpi/trace-events
index 825b25cbb0..98a56baa6f 100644
--- a/hw/acpi/trace-events
+++ b/hw/acpi/trace-events
@@ -31,6 +31,15 @@ cpuhp_acpi_ejecting_cpu(uint32_t idx) "0x%"PRIx32
 cpuhp_acpi_write_ost_ev(uint32_t slot, uint32_t ev) "idx[0x%"PRIx32"] OST 
EVENT: 0x%"PRIx32
 cpuhp_acpi_write_ost_status(uint32_t slot, uint32_t st) "idx[0x%"PRIx32"] OST 
STATUS: 0x%"PRIx32
 
+# pcihp.c
+acpi_pci_up_read(uint32_t val) "%" PRIu32
+acpi_pci_down_read(uint32_t val) "%" PRIu32
+acpi_pci_features_read(uint32_t val) "%" PRIu32
+acpi_pci_rmv_read(uint32_t val) "%" PRIu32
+acpi_pci_sel_read(uint32_t val) "%" PRIu32
+acpi_pci_ej_write(uint64_t addr, uint64_t data) "0x%" PRIx64 " <== %" PRIu64
+acpi_pci_sel_write(uint64_t addr, uint64_t data) "0x%" PRIx64 " <== %" PRIu64
+
 # piix4.c
 piix4_gpe_readb(uint64_t addr, unsigned width, uint64_t val) "addr: 0x%" 
PRIx64 " width: %d ==> 0x%" PRIx64
 piix4_gpe_writeb(uint64_t addr, unsigned width, uint64_t val) "addr: 0x%" 
PRIx64 " width: %d <== 0x%" PRIx64
-- 
MST

[Qemu-devel] [PULL 26/37] tests: acpi: make pointer to RSDP 64bit

[Michael S. Tsirkin]

From: Igor Mammedov 

In case of UEFI, RSDP doesn't have to be located in lowmem,
it could be placed at any address. Make sure that test won't
break if it is placed above the first 4Gb of address space.

PS:
While at it cleanup some local variables as we don't really
need them.

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1556808723-226478-5-git-send-email-imamm...@redhat.com>
Reviewed-by: Wei Yang 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/acpi-utils.h   |  2 +-
 tests/acpi-utils.c   |  2 +-
 tests/bios-tables-test.c | 10 --
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/tests/acpi-utils.h b/tests/acpi-utils.h
index f55ccf9ff7..1da6c100a4 100644
--- a/tests/acpi-utils.h
+++ b/tests/acpi-utils.h
@@ -46,7 +46,7 @@ typedef struct {
 
 uint8_t acpi_calc_checksum(const uint8_t *data, int len);
 uint32_t acpi_find_rsdp_address(QTestState *qts);
-void acpi_fetch_rsdp_table(QTestState *qts, uint32_t addr, uint8_t 
*rsdp_table);
+void acpi_fetch_rsdp_table(QTestState *qts, uint64_t addr, uint8_t 
*rsdp_table);
 void acpi_fetch_table(QTestState *qts, uint8_t **aml, uint32_t *aml_len,
   const uint8_t *addr_ptr, int addr_size, const char *sig,
   bool verify_checksum);
diff --git a/tests/acpi-utils.c b/tests/acpi-utils.c
index a0d49c4371..c216b9e0e9 100644
--- a/tests/acpi-utils.c
+++ b/tests/acpi-utils.c
@@ -51,7 +51,7 @@ uint32_t acpi_find_rsdp_address(QTestState *qts)
 return off;
 }
 
-void acpi_fetch_rsdp_table(QTestState *qts, uint32_t addr, uint8_t *rsdp_table)
+void acpi_fetch_rsdp_table(QTestState *qts, uint64_t addr, uint8_t *rsdp_table)
 {
 uint8_t revision;
 
diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index d6ab1218da..a164d274a2 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -26,7 +26,7 @@
 typedef struct {
 const char *machine;
 const char *variant;
-uint32_t rsdp_addr;
+uint64_t rsdp_addr;
 uint8_t rsdp_table[36 /* ACPI 2.0+ RSDP size */];
 GArray *tables;
 uint32_t smbios_ep_addr;
@@ -86,13 +86,11 @@ static void test_acpi_rsdp_address(test_data *data)
 
 static void test_acpi_rsdp_table(test_data *data)
 {
-uint8_t *rsdp_table = data->rsdp_table, revision;
-uint32_t addr = data->rsdp_addr;
+uint8_t *rsdp_table = data->rsdp_table;
 
-acpi_fetch_rsdp_table(data->qts, addr, rsdp_table);
-revision = rsdp_table[15 /* Revision offset */];
+acpi_fetch_rsdp_table(data->qts, data->rsdp_addr, rsdp_table);
 
-switch (revision) {
+switch (rsdp_table[15 /* Revision offset */]) {
 case 0: /* ACPI 1.0 RSDP */
 /* With rev 1, checksum is only for the first 20 bytes */
 g_assert(!acpi_calc_checksum(rsdp_table,  20));
-- 
MST

[Qemu-devel] [PULL 13/37] acpi/pcihp: Add a few more trace points related to unplug

[Michael S. Tsirkin]

From: Markus Armbruster 

Signed-off-by: Markus Armbruster 
Message-Id: <20190402161900.7374-4-arm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Markus Armbruster 
Reviewed-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/acpi/pcihp.c  | 7 +++
 hw/acpi/trace-events | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index 7729c5338b..613406d09b 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -152,6 +152,8 @@ static void acpi_pcihp_eject_slot(AcpiPciHpState *s, 
unsigned bsel, unsigned slo
 int slot = ctz32(slots);
 PCIBus *bus = acpi_pcihp_find_hotplug_bus(s, bsel);
 
+trace_acpi_pci_eject_slot(bsel, slot);
+
 if (!bus) {
 return;
 }
@@ -263,6 +265,8 @@ void acpi_pcihp_device_plug_cb(HotplugHandler *hotplug_dev, 
AcpiPciHpState *s,
 void acpi_pcihp_device_unplug_cb(HotplugHandler *hotplug_dev, AcpiPciHpState 
*s,
  DeviceState *dev, Error **errp)
 {
+trace_acpi_pci_unplug(PCI_SLOT(PCI_DEVICE(dev)->devfn),
+  acpi_pcihp_get_bsel(pci_get_bus(PCI_DEVICE(dev;
 object_property_set_bool(OBJECT(dev), false, "realized", NULL);
 }
 
@@ -273,6 +277,9 @@ void acpi_pcihp_device_unplug_request_cb(HotplugHandler 
*hotplug_dev,
 PCIDevice *pdev = PCI_DEVICE(dev);
 int slot = PCI_SLOT(pdev->devfn);
 int bsel = acpi_pcihp_get_bsel(pci_get_bus(pdev));
+
+trace_acpi_pci_unplug_request(bsel, slot);
+
 if (bsel < 0) {
 error_setg(errp, "Unsupported bus. Bus doesn't have property '"
ACPI_PCIHP_PROP_BSEL "' set");
diff --git a/hw/acpi/trace-events b/hw/acpi/trace-events
index 98a56baa6f..96b8273297 100644
--- a/hw/acpi/trace-events
+++ b/hw/acpi/trace-events
@@ -32,6 +32,9 @@ cpuhp_acpi_write_ost_ev(uint32_t slot, uint32_t ev) 
"idx[0x%"PRIx32"] OST EVENT:
 cpuhp_acpi_write_ost_status(uint32_t slot, uint32_t st) "idx[0x%"PRIx32"] OST 
STATUS: 0x%"PRIx32
 
 # pcihp.c
+acpi_pci_eject_slot(unsigned bsel, unsigned slot) "bsel: %u slot: %u"
+acpi_pci_unplug(int bsel, int slot) "bsel: %d slot: %d"
+acpi_pci_unplug_request(int bsel, int slot) "bsel: %d slot: %d"
 acpi_pci_up_read(uint32_t val) "%" PRIu32
 acpi_pci_down_read(uint32_t val) "%" PRIu32
 acpi_pci_features_read(uint32_t val) "%" PRIu32
-- 
MST

[Qemu-devel] [PULL 32/37] tests: acpi: ignore SMBIOS tests when UEFI firmware is used

[Michael S. Tsirkin]

From: Igor Mammedov 

once FW provides a pointer to SMBIOS entry point like it does for
RSDP it should be possible to enable this one the same way.

Signed-off-by: Igor Mammedov 
Reviewed-by: Laszlo Ersek 
Message-Id: <1556808723-226478-11-git-send-email-imamm...@redhat.com>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/bios-tables-test.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 84e1ce2972..8302ffc2cd 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -569,8 +569,15 @@ static void test_acpi_one(const char *params, test_data 
*data)
 }
 }
 
-test_smbios_entry_point(data);
-test_smbios_structs(data);
+/*
+ * TODO: make SMBIOS tests work with UEFI firmware,
+ * Bug on uefi-test-tools to provide entry point:
+ * https://bugs.launchpad.net/qemu/+bug/1821884
+ */
+if (!use_uefi) {
+test_smbios_entry_point(data);
+test_smbios_structs(data);
+}
 
 assert(!global_qtest);
 qtest_quit(data->qts);
-- 
MST

[Qemu-devel] [PULL 28/37] tests: acpi: skip FACS table if board uses hw reduced ACPI profile

[Michael S. Tsirkin]

From: Igor Mammedov 

If FADT has HW_REDUCED_ACPI flag set, do not attempt to fetch
FACS as it's not provided by the board.

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Wei Yang 
Message-Id: <1556808723-226478-7-git-send-email-imamm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/bios-tables-test.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index d165a1bd62..e2fc34143d 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -147,9 +147,13 @@ static void test_acpi_fadt_table(test_data *data)
 g_assert(compare_signature(&table, "FACP"));
 
 /* Since DSDT/FACS isn't in RSDT, add them to ASL test list manually */
-acpi_fetch_table(data->qts, &table.aml, &table.aml_len,
- fadt_aml + 36 /* FIRMWARE_CTRL */, 4, "FACS", false);
-g_array_append_val(data->tables, table);
+memcpy(&val, fadt_aml + 112 /* Flags */, 4);
+val = le32_to_cpu(val);
+if (!(val & 1UL << 20 /* HW_REDUCED_ACPI */)) {
+acpi_fetch_table(data->qts, &table.aml, &table.aml_len,
+ fadt_aml + 36 /* FIRMWARE_CTRL */, 4, "FACS", false);
+g_array_append_val(data->tables, table);
+}
 
 memcpy(&val, fadt_aml + dsdt_offset, 4);
 val = le32_to_cpu(val);
-- 
MST

[Qemu-devel] [PULL 17/37] i386, acpi: remove mcfg_ prefix in AcpiMcfgInfo members

[Michael S. Tsirkin]

From: Wei Yang 

This is obvious the member in AcpiMcfgInfo describe MCFG's property.

Remove the mcfg_ prefix.

Signed-off-by: Wei Yang 
Suggested-by: Igor Mammedov 
Reviewed-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20190419003053.8260-4-richardw.y...@linux.intel.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/acpi-build.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 8671e25af4..6df7bb3abc 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -87,8 +87,8 @@
 #define ACPI_BUILD_IOAPIC_ID 0x0
 
 typedef struct AcpiMcfgInfo {
-uint64_t mcfg_base;
-uint32_t mcfg_size;
+uint64_t base;
+uint32_t size;
 } AcpiMcfgInfo;
 
 typedef struct AcpiPmInfo {
@@ -2404,11 +2404,11 @@ build_mcfg_q35(GArray *table_data, BIOSLinker *linker, 
AcpiMcfgInfo *info)
 int len = sizeof(*mcfg) + 1 * sizeof(mcfg->allocation[0]);
 
 mcfg = acpi_data_push(table_data, len);
-mcfg->allocation[0].address = cpu_to_le64(info->mcfg_base);
+mcfg->allocation[0].address = cpu_to_le64(info->base);
 /* Only a single allocation so no need to play with segments */
 mcfg->allocation[0].pci_segment = cpu_to_le16(0);
 mcfg->allocation[0].start_bus_number = 0;
-mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->mcfg_size - 1);
+mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
 
 build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
 }
@@ -2577,15 +2577,15 @@ static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
 if (!o) {
 return false;
 }
-mcfg->mcfg_base = qnum_get_uint(qobject_to(QNum, o));
+mcfg->base = qnum_get_uint(qobject_to(QNum, o));
 qobject_unref(o);
-if (mcfg->mcfg_base == PCIE_BASE_ADDR_UNMAPPED) {
+if (mcfg->base == PCIE_BASE_ADDR_UNMAPPED) {
 return false;
 }
 
 o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_SIZE, NULL);
 assert(o);
-mcfg->mcfg_size = qnum_get_uint(qobject_to(QNum, o));
+mcfg->size = qnum_get_uint(qobject_to(QNum, o));
 qobject_unref(o);
 return true;
 }
-- 
MST

[Qemu-devel] [PULL 30/37] tests: acpi: add acpi_find_rsdp_address_uefi() helper

[Michael S. Tsirkin]

From: Igor Mammedov 

introduce UEFI specific counterpart to acpi_find_rsdp_address()
that will help to find RSDP address when [OA]VMF is used as
firmware. It requires guest firmware or other guest app to place
1Mb aligned UefiTestSupport structure (defined in this patch)
in RAM with UefiTestSupport::signature_guid set to
AB87A6B1-2034-BDA0-71BD-375007757785
For test app details see commit
  (09a274d82f tests: introduce "uefi-test-tools" with the BiosTablesTest UEFI 
app)

Signed-off-by: Igor Mammedov 
Reviewed-by: Laszlo Ersek 
Reviewed-by: Wei Yang 
Message-Id: <1556808723-226478-9-git-send-email-imamm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/acpi-utils.h |  2 ++
 tests/acpi-utils.c | 44 
 2 files changed, 46 insertions(+)

diff --git a/tests/acpi-utils.h b/tests/acpi-utils.h
index 1da6c100a4..52c529e1b0 100644
--- a/tests/acpi-utils.h
+++ b/tests/acpi-utils.h
@@ -46,6 +46,8 @@ typedef struct {
 
 uint8_t acpi_calc_checksum(const uint8_t *data, int len);
 uint32_t acpi_find_rsdp_address(QTestState *qts);
+uint64_t acpi_find_rsdp_address_uefi(QTestState *qts, uint64_t start,
+ uint64_t size);
 void acpi_fetch_rsdp_table(QTestState *qts, uint64_t addr, uint8_t 
*rsdp_table);
 void acpi_fetch_table(QTestState *qts, uint8_t **aml, uint32_t *aml_len,
   const uint8_t *addr_ptr, int addr_size, const char *sig,
diff --git a/tests/acpi-utils.c b/tests/acpi-utils.c
index c216b9e0e9..d2a202efca 100644
--- a/tests/acpi-utils.c
+++ b/tests/acpi-utils.c
@@ -101,3 +101,47 @@ void acpi_fetch_table(QTestState *qts, uint8_t **aml, 
uint32_t *aml_len,
 g_assert(!acpi_calc_checksum(*aml, *aml_len));
 }
 }
+
+#define GUID_SIZE 16
+static const uint8_t AcpiTestSupportGuid[GUID_SIZE] = {
+   0xb1, 0xa6, 0x87, 0xab,
+   0x34, 0x20,
+   0xa0, 0xbd,
+   0x71, 0xbd, 0x37, 0x50, 0x07, 0x75, 0x77, 0x85 };
+
+typedef struct {
+uint8_t signature_guid[GUID_SIZE];
+uint64_t rsdp10;
+uint64_t rsdp20;
+} __attribute__((packed)) UefiTestSupport;
+
+/* Wait at most 600 seconds (test is slow with TCG and --enable-debug) */
+#define TEST_DELAY (1 * G_USEC_PER_SEC / 10)
+#define TEST_CYCLES MAX((600 * G_USEC_PER_SEC / TEST_DELAY), 1)
+#define MB 0x10ULL
+uint64_t acpi_find_rsdp_address_uefi(QTestState *qts, uint64_t start,
+ uint64_t size)
+{
+int i, j;
+uint8_t data[GUID_SIZE];
+
+for (i = 0; i < TEST_CYCLES; ++i) {
+for (j = 0; j < size / MB; j++) {
+/* look for GUID at every 1Mb block */
+uint64_t addr = start + j * MB;
+
+qtest_memread(qts, addr, data, sizeof(data));
+if (!memcmp(AcpiTestSupportGuid, data, sizeof(data))) {
+UefiTestSupport ret;
+
+qtest_memread(qts, addr, &ret, sizeof(ret));
+ret.rsdp10 = le64_to_cpu(ret.rsdp10);
+ret.rsdp20 = le64_to_cpu(ret.rsdp20);
+return ret.rsdp20 ? ret.rsdp20 : ret.rsdp10;
+}
+}
+g_usleep(TEST_DELAY);
+}
+g_assert_not_reached();
+return 0;
+}
-- 
MST

[Qemu-devel] [PULL 33/37] tests: acpi: allow to override default accelerator

[Michael S. Tsirkin]

From: Igor Mammedov 

By default test cases were run with 'kvm:tcg' accelerators to speed up
tests execution. While it works for x86, were change of accelerator
doesn't affect ACPI tables, the approach doesn't works for ARM usecase
though.

In arm/virt case, KVM mode requires using 'host' cpu model, which
isn't available in TCG mode. That could be worked around with 'max'
cpu model, which works both for KVM and TCG. However in KVM mode it
is necessary to specify matching GIC version, which also could use
'max' value to automatically pick GIC version suitable for host's CPU.
Depending on host cpu type, different GIC versions would be used,
which in turn leads to different ACPI tables (APIC) generated.
As result while comparing with reference blobs, test would fail if
host's GIC version won't match the version on the host where
reference blobs where generated.

Let's keep testing simple for now and allow ARM tests run in TCG only
mode. To do so introduce 'accel' parameter in test configuration, so
test case could override default "kvm:tcg" with accelerator of choice.

Signed-off-by: Igor Mammedov 
Message-Id: <1556808723-226478-12-git-send-email-imamm...@redhat.com>
Reviewed-by: Laszlo Ersek 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/bios-tables-test.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 8302ffc2cd..39c1e24efd 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -24,6 +24,7 @@
 #define ACPI_REBUILD_EXPECTED_AML "TEST_ACPI_REBUILD_AML"
 
 typedef struct {
+const char *accel;
 const char *machine;
 const char *variant;
 const char *uefi_fl1;
@@ -532,8 +533,8 @@ static void test_acpi_one(const char *params, test_data 
*data)
 args = g_strdup_printf("-machine %s,accel=%s -nodefaults -nographic "
 "-drive if=pflash,format=raw,file=%s,readonly "
 "-drive if=pflash,format=raw,file=%s,snapshot=on -cdrom %s %s",
-data->machine, "kvm:tcg", data->uefi_fl1, data->uefi_fl2,
-data->cd, params ? params : "");
+data->machine, data->accel ? data->accel : "kvm:tcg",
+data->uefi_fl1, data->uefi_fl2, data->cd, params ? params : "");
 
 } else {
 /* Disable kernel irqchip to be able to override apic irq0. */
@@ -541,7 +542,8 @@ static void test_acpi_one(const char *params, test_data 
*data)
 "-net none -display none %s "
 "-drive id=hd0,if=none,file=%s,format=raw "
 "-device ide-hd,drive=hd0 ",
- data->machine, "kvm:tcg", params ? params : "", disk);
+ data->machine, data->accel ? data->accel : "kvm:tcg",
+ params ? params : "", disk);
 }
 
 data->qts = qtest_init(args);
-- 
MST

[Qemu-devel] [PULL 34/37] tests: add expected ACPI tables for arm/virt board

[Michael S. Tsirkin]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Tested-by: Philippe Mathieu-Daudé 
Message-Id: <1556808723-226478-13-git-send-email-imamm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/data/acpi/virt/APIC | Bin 0 -> 168 bytes
 tests/data/acpi/virt/DSDT | Bin 0 -> 18476 bytes
 tests/data/acpi/virt/FACP | Bin 0 -> 268 bytes
 tests/data/acpi/virt/GTDT | Bin 0 -> 96 bytes
 tests/data/acpi/virt/MCFG | Bin 0 -> 60 bytes
 tests/data/acpi/virt/SPCR | Bin 0 -> 80 bytes
 6 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 tests/data/acpi/virt/APIC
 create mode 100644 tests/data/acpi/virt/DSDT
 create mode 100644 tests/data/acpi/virt/FACP
 create mode 100644 tests/data/acpi/virt/GTDT
 create mode 100644 tests/data/acpi/virt/MCFG
 create mode 100644 tests/data/acpi/virt/SPCR

diff --git a/tests/data/acpi/virt/APIC b/tests/data/acpi/virt/APIC
new file mode 100644
index 
..797dfde2841c51b7e72065602e99ce1714347f0d
GIT binary patch
literal 168
zcmZ<^@N{0mz`($~*~#D8BUr&HBEZ=ZD8>jB1F=Cg4Dd+6SPUF6788)c?E~X6Fu>G{
hBZPn~MyPrgD9sGlkD?67;f3451Xcqw&w(L;0RYV=2>}2A

literal 0
HcmV?d1

diff --git a/tests/data/acpi/virt/DSDT b/tests/data/acpi/virt/DSDT
new file mode 100644
index 
..20e85c7f89f645c69935c615c07084e221419960
GIT binary patch
literal 18476
zcmc)ScU)EVAII^7km3at6myGa+R|dUS|(gjDG>rqi;BuJN5jfYEla7?tSq%Xt!(eT
zr!AYd_uhN&!S8+U(D&=t`StIw9$oH>d%mB0pK#D~&LeJRL*=*uql2K;?26j>=!V`E
z6YJuY`dmg31mXSgWB#J~S-UqiR5Udjdl!92h)D&$WWX;hthf7M5uZl}Dl25#TNmhEvu#pquBa=&ZuBsU?
zNU5HsVO)7EM{DBc|GlzR+b&ufK3RFzF7@fJLGsy(?FFt|xgHw}TBWeXJ_0W|JtBPC
ze~f4qtRGR58c`9xic&YHN5oo1&B(GDr9Pu9azX2pRsl1jJ8oT
zI@pY@ZAJ-xjMnWRv8Wk^He(x~5xJZ4ha|nLZ)h{N^%>FoX>Qc(=wdUr^BK|mX0kpAo&Ewu_q4!)6Tk8PWS``=}YcY{m{gBYHp0kDAfjW{mI|(fesZ)QpX6M!C<3
z-cLJ3&DhvxRQQbO{j_7$jQ%zwZZk@w_tV0t8JpUSN}mzEpLU9xvANBt@)^4s4=
z2H1>|J|lWR?Hn~@OPevuXGHI(U7}_b+YJ3Rp7d((_T?CwzC;y
zeMa%s@e)fW`SdejB+pgPzu=p7X6ze?Sk6-*5#>0_Xck_RDm_2W7&y)ZK;$m)=j
zmDAD^jB3z`rSORJHgor&Q5eH
z-MJy08^WmrUUw?p*%{8xaCW9s=}w($+V`^yoH{^ur_!BW;p_@$S2~sM>;`8yICVhn
zPNh4$!`U6q?sO{M*#piVaOwcuol1B1gtI4{J?T`svlpDb;M4)TJC*J%g0l$DB081s
z>=Vowj2IppUD&4s`
zoSVa`6B>6a-MIyvTfn&mol18OfO7zxIstO0(wzh090=z?I+gC+63#8*)CrS2mG0aM
z&aL3wicY0FbzRQ>ye)=PCs^)Ox>J|qv@(6&Yenk>N1--2g5m-PNh3_am}1V;M579JC*L#B{g#n
zg>xvKN_Xl)nmLETsS`wZD&48eXXe}*&aLTGx>Fa;%()GmI-zu@(w(|gX3lNl+?GzI
zJ9UA~oZG>v6Hs?5-KooB=G-36?depyQy0U`IUG)%u)0&}PF(^s=MHf0K&R53Bj6kX
z=LkBL?ktD19L{n&mG0Cvlh-;I+gCMgR>6KIy#l^+!@ZD;oO-{r9124tcSCnPNh2=;B0`iflj46
z$H6%c&T(`q-8ml4@o=hF
zJDcEag0qQEr91b6b1yjeqEqS4z2V#&&b{eWx^o{m_knXCI+gC61m`3;C()^N=e}_6
z3+KLcD&488-uCD1esJzbr_!C1;hYTTWIC1Z+#k;U;oP52r8}p7@UW}c^I8acg}=!
zCY&?rRJ!wUI1h*Oa5|OloCW7BIA_tRbmtLp9s%bObSm9B8_wBq&Zbl8&N*<-fpZR>
zN_WnMb1s~7=~TM&NH~v#^GG_C?mP<4qu@M>PNh5N!8s4kd2}k>c{H3y!+A8FN_QRu
z=P_^|L#NW6^WmHi=X^Sq?py%p0yr1YsdQ&EoXv1H)2Vdlv2Y#>=dpAu-FY0G$H93V
zol18e59jf49#5yzoeSYy2w=OQ>4(W!LjVmKGWxtLC+J5PY~1UOHiQ|Znn
za4vy!37txJo(SiOaGpq~(w!&4c@mr_(W!Lj$#9+w=gD*`-MJLbrEo5#Q|ZoA;5-G+
zQ|MH>^Hexbh4WN8mF`>y=Q22#(W!LjayXa6xtva=J6FKD0?rk5D&2V+oTtHg8l6ga
zo(|{faGp-5(w%3(c?O(k(5ZCinQ)#7=b3aW-FX(AXTfZ#o=vCHo#()L
z4xH!EsdVSLaGne2xpXSsc^;hS!Fe8?N_URJ!wGI4_3tVmg)Xyadim;Jk!Rr8`%_xeCrzbSm9>
zDV&$Wc`2PrcU}hPWpG|br_!C5!+ANJm(!_q=M`{X0p}HTD&2V{oL9nmC7nulUIph>
za9%~H(w$esc{Q9@)2VdlHE>=7=QVUH-FYpX*TQ)%ol19J2j_KgUPq_Wo!7&8J)GCm
zsdVQJaNYpt4Rk8qc_W-R!g(W|N_XA_=S^_lM5of7H^X@|oHx^{bmuK_-U8<>bSm9>
zE1b8&c`Kbtcisl)ZE)U3r_!Cb!+ATLx6`R~=N)j~0p}fbD&2V}oOi-`C!I=n-Ua7f
zaNb3y(w%q1c{iMQ)2VdlJ#gLw=RI^P-FYvZ_riHEol1A!2j_io-bbg>o%h3eKb-f|
zsdVQ9a6SO%19U3g`5>GR!ucSbN_Rd4=Rqcl;e4DHzD&6@EoX^1d44q1MJ`3lwa6U_?
z(w%GJTnpz~I+gBx4$kM`e2z|~JD-R1c{rb^Q|ZnZ;Cunj7wA;F^F=scg!4r@mF|2A
z&X?ePiB6?EUxxE#IA5ky>CRW+d$8ci?;n&Uffk
zy7OH)--YvCI+gBx56<`Ce2-40JKu-%eK_BzQ|ZnR;QRp259n07^Fug4g!4l>mG1lq
z&X3^yh)$(DKZf&TI6tOS>CR8!`~=QV=v2D%Q#e0`^HVyN?)(hS&*1!wPNh3Phx2nd
zKc`da&M)Bn0?se!RJ!v^IKPDROFEVA{0h#m;QWeCr8~cd^J_T2rc>$8Z{Yj}&Tr^c
zy7OB&zlHN#I+gDH4$kl3{EkkgJHLnXdpN(RQ|Znh;QRs3ALvxN^G7&;g!4x_mG1lr
z&Y$4?iB6?Ee}?mCIDe*7>CRu^`~}Wm=v2D%S2%x#^H(~R?)(kT-{Aa>PNh44hx2zh
zf2ULF&OhM%1I|C_RJ!v|IRAw6Pdb(E{0q*%;QWhDr91zI^KUr+rc>$87C2krY@t(`
zbT&3uXX$^8vEMh17mrN-KB;c&^rjx|VmXO7^5`2R-^e3;qYr+ruys>IeM3fSRO^S&ss7)h*wT1Svj`NiYWyhWBH9WZC8OmrRdkX@gRI%+|-U
z8DWHT!aHT*s2N9wx3Qi<_+e#-w|
zCa1oxxGDL|)s4+HS@l)vx2#F-LE(GJgg*#nvEqMxyAr#GzF9>hQs1W3hy3tk_y#kh
z+l;EKP5s1`C*DVANccWF>wb|tH9P&T8$ss!chlJnyQM+f`xSx>MLUN8=H&5JIVJQNjlBbPnKQWME+3?d0$55v<@85#a0w6axw|fY>0KxE!S15v<@85#a0&6k`O6f!H7#8OTC8azL5|h^3)?DJYFj0RVOU
B2mt^9

literal 0
HcmV?d1

diff --git a/tests/data/acpi/virt/MCFG b/tests/data/acpi/virt/MCFG
new file mode 100644
index 
..e8987e1af0ec3829770bf4fe11fab02b06160dd2
GIT binary patch
literal 60
scmeZuc5}C3U|?YMck*}k2v%^42ypfViZKGkKx`0=1Oyx)oc|yS05YNo0RR91

literal 0
HcmV?d1

diff --git a/tests/data/acpi/virt/SPCR b/tests/data/acpi/virt/SPCR
new file mode 100644
index 
..377271a0e7817cc21a

Re: [Qemu-devel] [PATCH] spapr/xive: Sanity checks of OV5 during CAS

[Greg Kurz]

On Thu, 16 May 2019 21:46:01 +1000
David Gibson  wrote:
[...]
> 
> I won't be sending a pull request for a little while yet, so if you
> want to send a followup improving the messages I can fold it into the
> original patch in my tree.
> 

Done.

https://patchwork.ozlabs.org/patch/1100396/



pgpfY4g2F1hUZ.pgp
Description: OpenPGP digital signature

[Qemu-devel] [PULL 18/37] hw/arm/virt-acpi-build: pass AcpiMcfgInfo to build_mcfg()

[Michael S. Tsirkin]

From: Wei Yang 

To build MCFG, two information is necessary:

* bus number
* base address

Abstract these two information to AcpiMcfgInfo so that build_mcfg and
build_mcfg_q35 will have the same declaration.

Signed-off-by: Wei Yang 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Igor Mammedov 

Message-Id: <20190419003053.8260-5-richardw.y...@linux.intel.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/pci.h| 33 +
 hw/arm/virt-acpi-build.c | 18 +++---
 hw/i386/acpi-build.c |  6 +-
 3 files changed, 45 insertions(+), 12 deletions(-)
 create mode 100644 include/hw/acpi/pci.h

diff --git a/include/hw/acpi/pci.h b/include/hw/acpi/pci.h
new file mode 100644
index 00..124af7d32a
--- /dev/null
+++ b/include/hw/acpi/pci.h
@@ -0,0 +1,33 @@
+/*
+ * Support for generating PCI related ACPI tables and passing them to Guests
+ *
+ * Copyright (C) 2006 Fabrice Bellard
+ * Copyright (C) 2008-2010  Kevin O'Connor 
+ * Copyright (C) 2013-2019 Red Hat Inc
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Author: Wei Yang 
+ * Author: Michael S. Tsirkin 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+#ifndef HW_ACPI_PCI_H
+#define HW_ACPI_PCI_H
+
+typedef struct AcpiMcfgInfo {
+uint64_t base;
+uint32_t size;
+} AcpiMcfgInfo;
+
+#endif
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 12dbaf3846..e7c96d658e 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -40,6 +40,7 @@
 #include "hw/loader.h"
 #include "hw/hw.h"
 #include "hw/acpi/aml-build.h"
+#include "hw/acpi/pci.h"
 #include "hw/pci/pcie_host.h"
 #include "hw/pci/pci.h"
 #include "hw/arm/virt.h"
@@ -546,21 +547,18 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
 }
 
 static void
-build_mcfg(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
+build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
 {
 AcpiTableMcfg *mcfg;
-const MemMapEntry *memmap = vms->memmap;
-int ecam_id = VIRT_ECAM_ID(vms->highmem_ecam);
 int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
 
 mcfg = acpi_data_push(table_data, len);
-mcfg->allocation[0].address = cpu_to_le64(memmap[ecam_id].base);
+mcfg->allocation[0].address = cpu_to_le64(info->base);
 
 /* Only a single allocation so no need to play with segments */
 mcfg->allocation[0].pci_segment = cpu_to_le16(0);
 mcfg->allocation[0].start_bus_number = 0;
-mcfg->allocation[0].end_bus_number =
-PCIE_MMCFG_BUS(memmap[ecam_id].size - 1);
+mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
 
 build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
 }
@@ -801,7 +799,13 @@ void virt_acpi_build(VirtMachineState *vms, 
AcpiBuildTables *tables)
 build_gtdt(tables_blob, tables->linker, vms);
 
 acpi_add_table(table_offsets, tables_blob);
-build_mcfg(tables_blob, tables->linker, vms);
+{
+AcpiMcfgInfo mcfg = {
+   .base = vms->memmap[VIRT_ECAM_ID(vms->highmem_ecam)].base,
+   .size = vms->memmap[VIRT_ECAM_ID(vms->highmem_ecam)].size,
+};
+build_mcfg(tables_blob, tables->linker, &mcfg);
+}
 
 acpi_add_table(table_offsets, tables_blob);
 build_spcr(tables_blob, tables->linker, vms);
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 6df7bb3abc..dbd3a6cac2 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -58,6 +58,7 @@
 #include "hw/i386/x86-iommu.h"
 
 #include "hw/acpi/aml-build.h"
+#include "hw/acpi/pci.h"
 
 #include "qom/qom-qobject.h"
 #include "hw/i386/amd_iommu.h"
@@ -86,11 +87,6 @@
 /* Default IOAPIC ID */
 #define ACPI_BUILD_IOAPIC_ID 0x0
 
-typedef struct AcpiMcfgInfo {
-uint64_t base;
-uint32_t size;
-} AcpiMcfgInfo;
-
 typedef struct AcpiPmInfo {
 bool s3_disabled;
 bool s4_disabled;
-- 
MST

[Qemu-devel] [PULL 19/37] hw/acpi: Consolidate build_mcfg to pci.c

[Michael S. Tsirkin]

From: Wei Yang 

Now we have two identical build_mcfg functions.

Consolidate them in acpi/pci.c.

Signed-off-by: Wei Yang 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Igor Mammedov 

Message-Id: <20190419003053.8260-6-richardw.y...@linux.intel.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 default-configs/arm-softmmu.mak  |  1 +
 default-configs/i386-softmmu.mak |  1 +
 include/hw/acpi/pci.h|  1 +
 hw/acpi/pci.c| 46 
 hw/arm/virt-acpi-build.c | 17 
 hw/i386/acpi-build.c | 18 +
 hw/acpi/Kconfig  |  4 +++
 hw/acpi/Makefile.objs|  1 +
 8 files changed, 55 insertions(+), 34 deletions(-)
 create mode 100644 hw/acpi/pci.c

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 613d19a06d..8f2796e195 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -144,6 +144,7 @@ CONFIG_XIO3130=y
 CONFIG_IOH3420=y
 CONFIG_I82801B11=y
 CONFIG_ACPI=y
+CONFIG_ACPI_PCI=y
 CONFIG_ARM_VIRT=y
 CONFIG_SMBIOS=y
 CONFIG_ASPEED_SOC=y
diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index ba3fb3ff50..cd5ea391e8 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -25,3 +25,4 @@
 CONFIG_ISAPC=y
 CONFIG_I440FX=y
 CONFIG_Q35=y
+CONFIG_ACPI_PCI=y
diff --git a/include/hw/acpi/pci.h b/include/hw/acpi/pci.h
index 124af7d32a..8bbd32cf45 100644
--- a/include/hw/acpi/pci.h
+++ b/include/hw/acpi/pci.h
@@ -30,4 +30,5 @@ typedef struct AcpiMcfgInfo {
 uint32_t size;
 } AcpiMcfgInfo;
 
+void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info);
 #endif
diff --git a/hw/acpi/pci.c b/hw/acpi/pci.c
new file mode 100644
index 00..fa0fa30bb9
--- /dev/null
+++ b/hw/acpi/pci.c
@@ -0,0 +1,46 @@
+/*
+ * Support for generating PCI related ACPI tables and passing them to Guests
+ *
+ * Copyright (C) 2006 Fabrice Bellard
+ * Copyright (C) 2008-2010  Kevin O'Connor 
+ * Copyright (C) 2013-2019 Red Hat Inc
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Author: Wei Yang 
+ * Author: Michael S. Tsirkin 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "hw/acpi/aml-build.h"
+#include "hw/acpi/pci.h"
+#include "hw/pci/pcie_host.h"
+
+void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
+{
+AcpiTableMcfg *mcfg;
+int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
+
+mcfg = acpi_data_push(table_data, len);
+mcfg->allocation[0].address = cpu_to_le64(info->base);
+
+/* Only a single allocation so no need to play with segments */
+mcfg->allocation[0].pci_segment = cpu_to_le16(0);
+mcfg->allocation[0].start_bus_number = 0;
+mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
+
+build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
+}
+
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index e7c96d658e..4a64f9985c 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -546,23 +546,6 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
  "SRAT", table_data->len - srat_start, 3, NULL, NULL);
 }
 
-static void
-build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info)
-{
-AcpiTableMcfg *mcfg;
-int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
-
-mcfg = acpi_data_push(table_data, len);
-mcfg->allocation[0].address = cpu_to_le64(info->base);
-
-/* Only a single allocation so no need to play with segments */
-mcfg->allocation[0].pci_segment = cpu_to_le16(0);
-mcfg->allocation[0].start_bus_number = 0;
-mcfg->allocation[0].end_bus_number = PCIE_MMCFG_BUS(info->size - 1);
-
-build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
-}
-
 /* GTDT */
 static void
 build_gtdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index dbd3a6cac2..2fecccb13f 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2393,22 +2393,6 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
MachineState *machine)
  table_data->len - srat_start, 1, NULL, NULL);
 }
 
-static void
-build_mcfg_q35(GArr

[Qemu-devel] [PULL 37/37] tests: acpi: print error unable to dump ACPI table during rebuild

[Michael S. Tsirkin]

From: Igor Mammedov 

Instead of just asserting print the error that lead to assert first.
While at it move assert into rebuild branch, which removes redundant
check done in case of !rebuild branch is taken (the later is taken
care of by g_assert_no_error).

Signed-off-by: Igor Mammedov 
Reviewed-by: Wei Yang 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1556808723-226478-16-git-send-email-imamm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/bios-tables-test.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index eaa1b0cf62..6cb8b16488 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -195,11 +195,14 @@ static void dump_aml_files(test_data *data, bool rebuild)
sdt->aml, ext);
 fd = g_open(aml_file, O_WRONLY|O_TRUNC|O_CREAT,
 S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
+if (fd < 0) {
+perror(aml_file);
+}
+g_assert(fd >= 0);
 } else {
 fd = g_file_open_tmp("aml-XX", &sdt->aml_file, &error);
 g_assert_no_error(error);
 }
-g_assert(fd >= 0);
 
 ret = qemu_write_full(fd, sdt->aml, sdt->aml_len);
 g_assert(ret == sdt->aml_len);
-- 
MST

Re: [Qemu-devel] [PATCH v4] s390: diagnose 318 info reset and migration support

[Collin Walling]

On 5/14/19 5:04 AM, Christian Borntraeger wrote:



On 14.05.19 11:00, David Hildenbrand wrote:

On 14.05.19 10:56, Christian Borntraeger wrote:



On 14.05.19 10:50, David Hildenbrand wrote:

On 14.05.19 10:37, Christian Borntraeger wrote:



On 14.05.19 09:28, David Hildenbrand wrote:

But that can be tested using the runability information if I am not wrong.


You mean the cpu level information, right?


Yes, query-cpu-definition includes for each model runability information
via "unavailable-features" (valid under the started QEMU machine).






and others that we have today.

So yes, I think this would be acceptable.


I guess it is acceptable yes. I doubt anybody uses that many CPUs in
production either way. But you never know.


I think that using that many cpus is a more uncommon setup, but I still
think that having to wait for actual failure


That can happen all the time today. You can easily say z14 in the xml when
on a zEC12. Only at startup you get the error. The question is really:


"-smp 248 -cpu host" will no longer work, while e.g. "-smp 248 -cpu z12"
will work. Actually, even "-smp 248" will no longer work on affected
machines.

That is why wonder if it is better to disable the feature and print a
warning. Similar to CMMA, where want want to tolerate when CMMA is not
possible in the current environment (huge pages).

"Diag318 will not be enabled because it is not compatible with more than
240 CPUs".

However, I still think that implementing support for more than one SCLP
response page is the best solution. Guests will need adaptions for > 240
CPUs with Diag318, but who cares? Existing setups will continue to work.

Implementing that SCLP thingy will avoid any warnings and any errors. It
just works from the QEMU perspective.

Is implementing this realistic?


Yes it is but it will take time. I will try to get this rolling. To make
progress on the diag318 thing, can we error on startup now and simply
remove that check when when have implemented a larger sccb? If we would
now do all kinds of "change the max number games" would be harder to "fix".



Another idea for temporary handling: Simply only indicate 240 CPUs to
the guest if the response does not fit into a page. Once we have that
SCLP thingy, this will be fixed. Guest migration back and forth should
work, as the VCPUs are fully functional (and initially always stopped),
the guest will simply not be able to detect them via SCLP when booting
up, and therefore not use them.


Yes, that looks like a good temporary solution. In fact if the guest relies
on simply probing it could even make use of the additional CPUs. Its just
the sclp response that is limited to 240 (or make it 247?)


I think the limiting factor was more than a single CPU, but I don't
recall. We can do the math again and come up with the right number.


I think We need 8 byte per CPU. With byte 134 we should still be ok with
247. Collin can do the math in the patch description.




Yes 247 fits just fine. The 240 came up as extra space in case we expand
the rscpi even more in the future.

I used the

The SCCB_SIZE - sizeof(ReadInfo)) / sizeof(CPUEntry) < S390_MAX_CPUS

calculation as an example of what we could do if the SCCB_SIZE ever
increases (it would allow older machines to retroactively allow diag318
if they can also support a larger SCCB... but thinking out loud, there
might be many more moving parts that would make this preemptive approach
too tricky to implement today).

[Qemu-devel] [PULL 20/37] libvhost-user: fix bad vu_log_write

[Michael S. Tsirkin]

From: Li Feng 

Mark dirty as page, the step of each call is 1.

Signed-off-by: Li Feng 
Message-Id: <20190420091016.213160-1-fen...@smartx.com>
Reviewed-by: Marc-André Lureau 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 contrib/libvhost-user/libvhost-user.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/libvhost-user/libvhost-user.c 
b/contrib/libvhost-user/libvhost-user.c
index e08d6c7b97..2689de6d1c 100644
--- a/contrib/libvhost-user/libvhost-user.c
+++ b/contrib/libvhost-user/libvhost-user.c
@@ -433,7 +433,7 @@ vu_log_write(VuDev *dev, uint64_t address, uint64_t length)
 page = address / VHOST_LOG_PAGE;
 while (page * VHOST_LOG_PAGE < address + length) {
 vu_log_page(dev->log_table, page);
-page += VHOST_LOG_PAGE;
+page += 1;
 }
 
 vu_log_kick(dev);
-- 
MST

[Qemu-devel] [PATCH 2/2] iotests: test external snapshot with bitmap copying

[Vladimir Sementsov-Ogievskiy]

This test shows that external snapshots and incremental backups are
friends.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/254 | 52 +
 tests/qemu-iotests/254.out | 53 ++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 106 insertions(+)
 create mode 100755 tests/qemu-iotests/254
 create mode 100644 tests/qemu-iotests/254.out

diff --git a/tests/qemu-iotests/254 b/tests/qemu-iotests/254
new file mode 100755
index 00..15688f2c29
--- /dev/null
+++ b/tests/qemu-iotests/254
@@ -0,0 +1,52 @@
+#!/usr/bin/env python
+#
+# Test external snapshot with bitmap copying.
+#
+# Copyright (c) 2019 Virtuozzo International GmbH. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import iotests
+from iotests import qemu_img_create, file_path, log
+
+disk, top = file_path('disk', 'top')
+size = 1024 * 1024
+
+qemu_img_create('-f', iotests.imgfmt, disk, str(size))
+
+vm = iotests.VM().add_drive(disk, opts='node-name=base')
+vm.launch()
+
+vm.qmp_log('block-dirty-bitmap-add', node='drive0', name='bitmap0')
+
+vm.hmp_qemu_io('drive0', 'write 0 512K')
+
+vm.qmp_log('transaction', indent=2, actions=[
+{'type': 'blockdev-snapshot-sync',
+ 'data': {'device': 'drive0', 'snapshot-file': top,
+  'snapshot-node-name': 'snap'}},
+{'type': 'block-dirty-bitmap-add',
+ 'data': {'node': 'snap', 'name': 'bitmap0'}},
+{'type': 'block-dirty-bitmap-merge',
+ 'data': {'node': 'snap', 'target': 'bitmap0', 'bitmaps': [],
+  'external-bitmaps': [{'node': 'base', 'name': 'bitmap0'}]}}
+], filters=[iotests.filter_qmp_testfiles])
+
+result = vm.qmp('query-block')['return'][0]
+log("query-block: device = {}, node-name = {}, dirty-bitmaps:".format(
+result['device'], result['inserted']['node-name']))
+log(result['dirty-bitmaps'], indent=2)
+
+vm.shutdown()
diff --git a/tests/qemu-iotests/254.out b/tests/qemu-iotests/254.out
new file mode 100644
index 00..14a9cd3d71
--- /dev/null
+++ b/tests/qemu-iotests/254.out
@@ -0,0 +1,53 @@
+{"execute": "block-dirty-bitmap-add", "arguments": {"name": "bitmap0", "node": 
"drive0"}}
+{"return": {}}
+{
+  "execute": "transaction",
+  "arguments": {
+"actions": [
+  {
+"data": {
+  "device": "drive0",
+  "snapshot-file": "TEST_DIR/PID-top",
+  "snapshot-node-name": "snap"
+},
+"type": "blockdev-snapshot-sync"
+  },
+  {
+"data": {
+  "name": "bitmap0",
+  "node": "snap"
+},
+"type": "block-dirty-bitmap-add"
+  },
+  {
+"data": {
+  "bitmaps": [],
+  "external-bitmaps": [
+{
+  "name": "bitmap0",
+  "node": "base"
+}
+  ],
+  "node": "snap",
+  "target": "bitmap0"
+},
+"type": "block-dirty-bitmap-merge"
+  }
+]
+  }
+}
+{
+  "return": {}
+}
+query-block: device = drive0, node-name = snap, dirty-bitmaps:
+[
+  {
+"busy": false,
+"count": 524288,
+"granularity": 65536,
+"name": "bitmap0",
+"persistent": false,
+"recording": true,
+"status": "active"
+  }
+]
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 00e474ab0a..5552d0153c 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -250,3 +250,4 @@
 248 rw auto quick
 249 rw auto quick
 252 rw auto backing quick
+254 rw auto backing quick
-- 
2.18.0

Re: [Qemu-devel] [PATCH v13 10/12] hw/registerfields.h: Add 8bit and 16bit register macros.

[Philippe Mathieu-Daudé]

Hi Yoshinori,

On 5/16/19 7:52 AM, Yoshinori Sato wrote:
> Some RX peripheral using 8bit and 16bit registers.
> Added 8bit and 16bit APIs.
> 
> Signed-off-by: Yoshinori Sato 
> Reviewed-by: Richard Henderson 
> ---
>  include/hw/registerfields.h | 32 +++-
>  1 file changed, 31 insertions(+), 1 deletion(-)
> 
> diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
> index 2659a58737..a0bb0654d6 100644
> --- a/include/hw/registerfields.h
> +++ b/include/hw/registerfields.h
> @@ -22,6 +22,14 @@
>  enum { A_ ## reg = (addr) };  \
>  enum { R_ ## reg = (addr) / 4 };
>  
> +#define REG8(reg, addr)  \
> +enum { A_ ## reg = (addr) };  \
> +enum { R_ ## reg = (addr) };

This macro is used in your devices (previous patches) and we can not
build the previous patches without this one:

  CC  rx-softmmu/hw/char/renesas_sci.o
./hw/char/renesas_sci.c:34:10: error: expected ‘)’ before numeric constant
 REG8(SMR, 0)
  ^~
  )
./hw/char/renesas_sci.c:42:10: error: expected ‘)’ before numeric constant
 REG8(BRR, 1)
  ^~
  )
./hw/char/renesas_sci.c:51:10: error: expected ‘)’ before numeric constant
 REG8(TDR, 3)
  ^~
  )
./hw/char/renesas_sci.c:62:10: error: expected ‘)’ before numeric constant
 REG8(RDR, 5)
  ^~
  )
./hw/char/renesas_sci.c:68:11: error: expected ‘)’ before numeric constant
 REG8(SEMR, 7)
   ^~
   )
./hw/char/renesas_sci.c: In function ‘can_receive’:
./hw/char/renesas_sci.c:78:16: error: implicit declaration of function
‘FIELD_EX8’; did you mean ‘FIELD_EX64’?
[-Werror=implicit-function-declaration]
 return FIELD_EX8(sci->scr, SCR, RE);
^
FIELD_EX64
./hw/char/renesas_sci.c:78:16: error: nested extern declaration of
‘FIELD_EX8’ [-Werror=nested-externs]
./hw/char/renesas_sci.c:78:36: error: ‘SCR’ undeclared (first use in
this function)
 return FIELD_EX8(sci->scr, SCR, RE);
^~~
./hw/char/renesas_sci.c:78:36: note: each undeclared identifier is
reported only once for each function it appears in
./hw/char/renesas_sci.c:78:41: error: ‘RE’ undeclared (first use in this
function)
 return FIELD_EX8(sci->scr, SCR, RE);
 ^~
./hw/char/renesas_sci.c: In function ‘receive’:
./hw/char/renesas_sci.c:86:29: error: ‘SSR’ undeclared (first use in
this function)
 if (FIELD_EX8(sci->ssr, SSR, RDRF) || size > 1) {
 ^~~
./hw/char/renesas_sci.c:86:34: error: ‘RDRF’ undeclared (first use in
this function)
 if (FIELD_EX8(sci->ssr, SSR, RDRF) || size > 1) {
  ^~~~
./hw/char/renesas_sci.c:87:20: error: implicit declaration of function
‘FIELD_DP8’; did you mean ‘FIELD_DP32’?
[-Werror=implicit-function-declaration]
 sci->ssr = FIELD_DP8(sci->ssr, SSR, ORER, 1);
^
FIELD_DP32
./hw/char/renesas_sci.c:87:20: error: nested extern declaration of
‘FIELD_DP8’ [-Werror=nested-externs]
./hw/char/renesas_sci.c:87:45: error: ‘ORER’ undeclared (first use in
this function)
 sci->ssr = FIELD_DP8(sci->ssr, SSR, ORER, 1);
 ^~~~
./hw/char/renesas_sci.c:88:33: error: ‘SCR’ undeclared (first use in
this function)
 if (FIELD_EX8(sci->scr, SCR, RIE)) {
 ^~~
./hw/char/renesas_sci.c:88:38: error: ‘RIE’ undeclared (first use in
this function); did you mean ‘PIE’?
 if (FIELD_EX8(sci->scr, SCR, RIE)) {
  ^~~
  PIE
./hw/char/renesas_sci.c: In function ‘send_byte’:
./hw/char/renesas_sci.c:107:36: error: ‘SSR’ undeclared (first use in
this function)
 sci->ssr = FIELD_DP8(sci->ssr, SSR, TEND, 0);
^~~
./hw/char/renesas_sci.c:107:41: error: ‘TEND’ undeclared (first use in
this function); did you mean ‘TEI’?
 sci->ssr = FIELD_DP8(sci->ssr, SSR, TEND, 0);
 ^~~~
 TEI
./hw/char/renesas_sci.c:108:41: error: ‘TDRE’ undeclared (first use in
this function); did you mean ‘TRUE’?
 sci->ssr = FIELD_DP8(sci->ssr, SSR, TDRE, 1);
 ^~~~
 TRUE
./hw/char/renesas_sci.c:110:29: error: ‘SCR’ undeclared (first use in
this function)
 if (FIELD_EX8(sci->scr, SCR, TIE)) {
 ^~~
./hw/char/renesas_sci.c:110:34: error: ‘TIE’ undeclared (first use in
this function); did you mean ‘PIE’?
 if (FIELD_EX8(sci->scr, SCR, TIE)) {
  ^~~
  PIE
./hw/char/renesas_sci.c: In function ‘txend’:
./hw/char/renesas_sci.c:

Re: [Qemu-devel] [PATCH v13 11/12] qemu/bitops.h: Add extract8 and extract16

[Philippe Mathieu-Daudé]

On 5/16/19 7:52 AM, Yoshinori Sato wrote:
> Signed-off-by: Yoshinori Sato 
> Reviewed-by: Richard Henderson 
> ---
>  include/qemu/bitops.h | 38 ++
>  1 file changed, 38 insertions(+)
> 
> diff --git a/include/qemu/bitops.h b/include/qemu/bitops.h
> index 3f0926cf40..764f9d1ea0 100644
> --- a/include/qemu/bitops.h
> +++ b/include/qemu/bitops.h
> @@ -301,6 +301,44 @@ static inline uint32_t extract32(uint32_t value, int 
> start, int length)
>  }
>  
>  /**
> + * extract8:
> + * @value: the value to extract the bit field from
> + * @start: the lowest bit in the bit field (numbered from 0)
> + * @length: the length of the bit field
> + *
> + * Extract from the 8 bit input @value the bit field specified by the
> + * @start and @length parameters, and return it. The bit field must
> + * lie entirely within the 8 bit word. It is valid to request that
> + * all 8 bits are returned (ie @length 8 and @start 0).
> + *
> + * Returns: the value of the bit field extracted from the input value.
> + */
> +static inline uint8_t extract8(uint8_t value, int start, int length)
> +{
> +assert(start >= 0 && length > 0 && length <= 8 - start);
> +return extract32(value, start, length);
> +}
> +
> +/**
> + * extract16:
> + * @value: the value to extract the bit field from
> + * @start: the lowest bit in the bit field (numbered from 0)
> + * @length: the length of the bit field
> + *
> + * Extract from the 16 bit input @value the bit field specified by the
> + * @start and @length parameters, and return it. The bit field must
> + * lie entirely within the 16 bit word. It is valid to request that
> + * all 16 bits are returned (ie @length 16 and @start 0).
> + *
> + * Returns: the value of the bit field extracted from the input value.
> + */
> +static inline uint16_t extract16(uint16_t value, int start, int length)
> +{
> +assert(start >= 0 && length > 0 && length <= 16 - start);
> +return extract32(value, start, length);
> +}
> +
> +/**
>   * extract64:
>   * @value: the value to extract the bit field from
>   * @start: the lowest bit in the bit field (numbered from 0)
> 

Reviewed-by: Philippe Mathieu-Daudé 

Re: [Qemu-devel] [PULL 02/21] roms: assert if max rom size is less than the used size

[Thomas Huth]

On 15/05/2019 22.50, Paolo Bonzini wrote:
> From: Igor Mammedov 
> 
> It would ensure that we would notice attempt to write beyond
> the allocated buffer. In case of MemoryRegion backed ROM it's
> the host buffer and the guest RAM otherwise.
> 
> assert can be triggered with:
>   dd if=/dev/zero of=/tmp/blob bs=63k count=1
>   qemu-system-x86_64 `for  i in {1..33}; do echo -n " -acpitable /tmp/blob"; 
> done`

Sorry, but a user should normally never be able to trigger an assert,
even if passing lots of garbage to qemu via the command line. asserts
are for guarding against programming errors.

Could you please change this into a proper error message instead?

 Thanks,
  Thomas

[Qemu-devel] [PULL 24/37] tests: acpi: make acpi_fetch_table() take size of fetched table pointer

[Michael S. Tsirkin]

From: Igor Mammedov 

Currently acpi_fetch_table() assumes 32 bit size of table pointer
in ACPI tables. However X_foo variants are 64 bit, prepare
acpi_fetch_table() to handle both by adding an argument
for addr_ptr pointed entry size. Follow up commits will use that
to read XSDT and X_foo entries in ACPI tables.

Signed-off-by: Igor Mammedov 
Message-Id: <1556808723-226478-3-git-send-email-imamm...@redhat.com>
Reviewed-by: Wei Yang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/acpi-utils.h   |  2 +-
 tests/acpi-utils.c   | 10 ++
 tests/bios-tables-test.c |  8 
 tests/vmgenid-test.c |  4 ++--
 4 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/tests/acpi-utils.h b/tests/acpi-utils.h
index 4cd5553586..92285b75b3 100644
--- a/tests/acpi-utils.h
+++ b/tests/acpi-utils.h
@@ -49,7 +49,7 @@ uint32_t acpi_find_rsdp_address(QTestState *qts);
 uint64_t acpi_get_xsdt_address(uint8_t *rsdp_table);
 void acpi_fetch_rsdp_table(QTestState *qts, uint32_t addr, uint8_t 
*rsdp_table);
 void acpi_fetch_table(QTestState *qts, uint8_t **aml, uint32_t *aml_len,
-  const uint8_t *addr_ptr, const char *sig,
+  const uint8_t *addr_ptr, int addr_size, const char *sig,
   bool verify_checksum);
 
 #endif  /* TEST_ACPI_UTILS_H */
diff --git a/tests/acpi-utils.c b/tests/acpi-utils.c
index 633d8f513d..644c87b5f9 100644
--- a/tests/acpi-utils.c
+++ b/tests/acpi-utils.c
@@ -91,13 +91,15 @@ void acpi_fetch_rsdp_table(QTestState *qts, uint32_t addr, 
uint8_t *rsdp_table)
  *  actual one.
  */
 void acpi_fetch_table(QTestState *qts, uint8_t **aml, uint32_t *aml_len,
-  const uint8_t *addr_ptr, const char *sig,
+  const uint8_t *addr_ptr, int addr_size, const char *sig,
   bool verify_checksum)
 {
-uint32_t addr, len;
+uint32_t len;
+uint64_t addr = 0;
 
-memcpy(&addr, addr_ptr , sizeof(addr));
-addr = le32_to_cpu(addr);
+g_assert(addr_size == 4 || addr_size == 8);
+memcpy(&addr, addr_ptr , addr_size);
+addr = le64_to_cpu(addr);
 qtest_memread(qts, addr + 4, &len, 4); /* Length of ACPI table */
 *aml_len = le32_to_cpu(len);
 *aml = g_malloc0(*aml_len);
diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 6a678bf761..86b592c67f 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -114,14 +114,14 @@ static void test_acpi_rsdt_table(test_data *data)
 
 /* read RSDT table */
 acpi_fetch_table(data->qts, &rsdt.aml, &rsdt.aml_len,
- &data->rsdp_table[16 /* RsdtAddress */], "RSDT", true);
+ &data->rsdp_table[16 /* RsdtAddress */], 4, "RSDT", true);
 
 /* Load all tables and add to test list directly RSDT referenced tables */
 ACPI_FOREACH_RSDT_ENTRY(rsdt.aml, rsdt.aml_len, ent, 4 /* Entry size */) {
 AcpiSdtTable ssdt_table = {};
 
 acpi_fetch_table(data->qts, &ssdt_table.aml, &ssdt_table.aml_len, ent,
- NULL, true);
+ 4, NULL, true);
 /* Add table to ASL test tables list */
 g_array_append_val(data->tables, ssdt_table);
 }
@@ -139,11 +139,11 @@ static void test_acpi_fadt_table(test_data *data)
 
 /* Since DSDT/FACS isn't in RSDT, add them to ASL test list manually */
 acpi_fetch_table(data->qts, &table.aml, &table.aml_len,
- fadt_aml + 36 /* FIRMWARE_CTRL */, "FACS", false);
+ fadt_aml + 36 /* FIRMWARE_CTRL */, 4, "FACS", false);
 g_array_append_val(data->tables, table);
 
 acpi_fetch_table(data->qts, &table.aml, &table.aml_len,
- fadt_aml + 40 /* DSDT */, "DSDT", true);
+ fadt_aml + 40 /* DSDT */, 4, "DSDT", true);
 g_array_append_val(data->tables, table);
 
 memset(fadt_aml + 36, 0, 4); /* sanitize FIRMWARE_CTRL ptr */
diff --git a/tests/vmgenid-test.c b/tests/vmgenid-test.c
index f400184268..85d8e6463e 100644
--- a/tests/vmgenid-test.c
+++ b/tests/vmgenid-test.c
@@ -42,12 +42,12 @@ static uint32_t acpi_find_vgia(QTestState *qts)
 
 acpi_fetch_rsdp_table(qts, rsdp_offset, rsdp_table);
 acpi_fetch_table(qts, &rsdt, &rsdt_len, &rsdp_table[16 /* RsdtAddress */],
- "RSDT", true);
+ 4, "RSDT", true);
 
 ACPI_FOREACH_RSDT_ENTRY(rsdt, rsdt_len, ent, 4 /* Entry size */) {
 uint8_t *table_aml;
 
-acpi_fetch_table(qts, &table_aml, &table_length, ent, NULL, true);
+acpi_fetch_table(qts, &table_aml, &table_length, ent, 4, NULL, true);
 if (!memcmp(table_aml + 16 /* OEM Table ID */, "VMGENID", 7)) {
 uint32_t vgia_val;
 uint8_t *aml = &table_aml[36 /* AML byte-code start */];
-- 
MST

Re: [Qemu-devel] [PATCH 1/4] block: Improve "Block node is read-only" message

[Alberto Garcia]

On Wed 15 May 2019 10:15:00 PM CEST, Max Reitz wrote:
> This message does not make any sense when it appears as the response to
> making an R/W node read-only.  We should detect that case and emit a
> different message, then.
>
> Signed-off-by: Max Reitz 

Reviewed-by: Alberto Garcia 

Berto

Re: [Qemu-devel] [PULL 00/16] migration queue

[Peter Maydell]

On Tue, 14 May 2019 at 19:36, Dr. David Alan Gilbert (git)
 wrote:
>
> From: "Dr. David Alan Gilbert" 
>
> The following changes since commit e329ad2ab72c43b56df88b34954c2c7d839bb373:
>
>   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20190513' into 
> staging (2019-05-14 10:08:47 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/dagrh/qemu.git tags/pull-migration-20190514b
>
> for you to fetch changes up to 9d3250d5ba8c4c5389530b861686e22e77fddcc7:
>
>   monitor: Call mon_get_cpu() only once at hmp_gva2gpa() (2019-05-14 19:00:04 
> +0100)
>
> 
> Migration pull 2019-05-14
>
> Small fixes/cleanups
> One HMP/monitor fix
>
> 



Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.1
for any user-visible changes.

-- PMM

[Qemu-devel] [PULL 25/37] tests: acpi: make RSDT test routine handle XSDT

[Michael S. Tsirkin]

From: Igor Mammedov 

If RSDP revision is more than 0 fetch table pointed by XSDT
and fallback to legacy RSDT table otherwise.

While at it drop unused acpi_get_xsdt_address().

Signed-off-by: Igor Mammedov 
Message-Id: <1556808723-226478-4-git-send-email-imamm...@redhat.com>
Reviewed-by: Wei Yang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/acpi-utils.h   |  1 -
 tests/acpi-utils.c   | 12 
 tests/bios-tables-test.c | 20 ++--
 3 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/tests/acpi-utils.h b/tests/acpi-utils.h
index 92285b75b3..f55ccf9ff7 100644
--- a/tests/acpi-utils.h
+++ b/tests/acpi-utils.h
@@ -46,7 +46,6 @@ typedef struct {
 
 uint8_t acpi_calc_checksum(const uint8_t *data, int len);
 uint32_t acpi_find_rsdp_address(QTestState *qts);
-uint64_t acpi_get_xsdt_address(uint8_t *rsdp_table);
 void acpi_fetch_rsdp_table(QTestState *qts, uint32_t addr, uint8_t 
*rsdp_table);
 void acpi_fetch_table(QTestState *qts, uint8_t **aml, uint32_t *aml_len,
   const uint8_t *addr_ptr, int addr_size, const char *sig,
diff --git a/tests/acpi-utils.c b/tests/acpi-utils.c
index 644c87b5f9..a0d49c4371 100644
--- a/tests/acpi-utils.c
+++ b/tests/acpi-utils.c
@@ -51,18 +51,6 @@ uint32_t acpi_find_rsdp_address(QTestState *qts)
 return off;
 }
 
-uint64_t acpi_get_xsdt_address(uint8_t *rsdp_table)
-{
-uint64_t xsdt_physical_address;
-uint8_t revision = rsdp_table[15 /* Revision offset */];
-
-/* We must have revision 2 if we're looking for an XSDT pointer */
-g_assert(revision == 2);
-
-memcpy(&xsdt_physical_address, &rsdp_table[24 /* XsdtAddress offset */], 
8);
-return le64_to_cpu(xsdt_physical_address);
-}
-
 void acpi_fetch_rsdp_table(QTestState *qts, uint32_t addr, uint8_t *rsdp_table)
 {
 uint8_t revision;
diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 86b592c67f..d6ab1218da 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -107,21 +107,29 @@ static void test_acpi_rsdp_table(test_data *data)
 }
 }
 
-static void test_acpi_rsdt_table(test_data *data)
+static void test_acpi_rxsdt_table(test_data *data)
 {
+const char *sig = "RSDT";
 AcpiSdtTable rsdt = {};
+int entry_size = 4;
+int addr_off = 16 /* RsdtAddress */;
 uint8_t *ent;
 
-/* read RSDT table */
+if (data->rsdp_table[15 /* Revision offset */] != 0) {
+addr_off = 24 /* XsdtAddress */;
+entry_size = 8;
+sig = "XSDT";
+}
+/* read [RX]SDT table */
 acpi_fetch_table(data->qts, &rsdt.aml, &rsdt.aml_len,
- &data->rsdp_table[16 /* RsdtAddress */], 4, "RSDT", true);
+ &data->rsdp_table[addr_off], entry_size, sig, true);
 
 /* Load all tables and add to test list directly RSDT referenced tables */
-ACPI_FOREACH_RSDT_ENTRY(rsdt.aml, rsdt.aml_len, ent, 4 /* Entry size */) {
+ACPI_FOREACH_RSDT_ENTRY(rsdt.aml, rsdt.aml_len, ent, entry_size) {
 AcpiSdtTable ssdt_table = {};
 
 acpi_fetch_table(data->qts, &ssdt_table.aml, &ssdt_table.aml_len, ent,
- 4, NULL, true);
+ entry_size, NULL, true);
 /* Add table to ASL test tables list */
 g_array_append_val(data->tables, ssdt_table);
 }
@@ -521,7 +529,7 @@ static void test_acpi_one(const char *params, test_data 
*data)
 data->tables = g_array_new(false, true, sizeof(AcpiSdtTable));
 test_acpi_rsdp_address(data);
 test_acpi_rsdp_table(data);
-test_acpi_rsdt_table(data);
+test_acpi_rxsdt_table(data);
 test_acpi_fadt_table(data);
 
 if (iasl) {
-- 
MST

Re: [Qemu-devel] [PATCH 2/4] iotests.py: Let assert_qmp() accept an array

[Alberto Garcia]

On Wed 15 May 2019 10:15:01 PM CEST, Max Reitz wrote:
> Sometimes we cannot tell which error message qemu will emit, and we do
> not care.  With this change, we can then just pass an array of all
> possible messages to assert_qmp() and it will choose the right one.
>
> Signed-off-by: Max Reitz 

Reviewed-by: Alberto Garcia 

Berto

Re: [Qemu-devel] [RFC 00/17] multi-phase reset mechanism

[Peter Maydell]

On Mon, 25 Mar 2019 at 11:02, Damien Hedde  wrote:
>
> Hi all,
>
> This series is a proposal to implement the multi-phase reset we've discussed
> here (https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg00310.html) and
> more recently there
> (https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00081.html).
>
> To summarize, we need a multi-phase reset to allow for a more complex
> initialization of a platform. In particular we need to "propagate" a clock
> tree, but we have to ensure that every device is initialized first.

Hi; I finally managed to get my thoughts about reset coherent
enough to write down in an email.


OVERVIEW

I had a read through the patchset and spent a while trying to
understand what we currently have.

Our current (device) reset model is:
 * single-phase
-- there is only one 'reset' method
 * implicit
-- devices don't need to be explicitly registered anywhere
   in a "reset hierarchy"; instead they are reset by virtue
   of being in the bus heirarchy they are already in
 * bus-based
-- sysbus reset is registered in vl.c; free-floating other buses[*]
   (ie those with a NULL parent) have a reset registered in qbus_realize;
   buses with parents (ie anything with a non-NULL parent passed to
   qbus_create() or qbus_create_inplace()) will get traversed by
   the recursive traversal of whatever bus their parent is on.
 * not exhaustive
-- any devices not put on a bus, or put on a bus whose parent device
   is not on a bus, will not get reset
 * not modelling GPIO reset signal lines

[*] It turns out we actually don't have any of these any more, so
we can remove the code that deals with them. The only parentless bus
is the main system bus, which is the root of the "reset hierarchy".

This patchset is trying to address:
 * changing to multi-phase
 * modelling of GPIO reset signal lines

It leaves reset as bus-based: currently we do this via qbus_walk_children/
qdev_walk_children, which traverse the bus->children and dev->child_bus
lists, and in the patchset's implementation of Resettable for qdev/qbus
the methods iterate through those.

I think this is reasonable -- we don't want to try to tackle every
reset related problem at once. The two issues the patchset is looking
at fit well together, because the GPIO-reset-lines are a motivation
for switching to multiphase (you need to handle both entering and
leaving reset).

("not exhaustive" is the thing we should really try to
fix at some point, but I have no good ideas for how to do this.)

API DESIGN

On what the right APIs should be: I think we should separate
"the API that's nice for devices to implement" from "the API that's
nice for callers wanting to reset a device". Here's my suggestion
for doing that:


Have the Resettable interface be:
 * init
 * hold
 * exit
 * get_reset_count
 * increment_reset_count (returns previous count)
 * decrement_reset_count (returns new count)
 * some method for "iterate over any Resettable child objects"
   (probably a "call this callback for each child" type API)

Individual devices implement init/hold/exit
Device base class implements the reset_count methods
Device base class implements a default 'init' method that calls dc->reset
  and default hold/exit that are no-ops
Device base class has a new vmstate subsection which migrates the
  reset count, subsection's needed function says "only send
  if reset count is non-zero". Back-compat here should be fine
  as current machines don't implement any way that a device in
  the system can be being held in reset at the point where a
  migration happens. If future changes add features to a
  machine model that permit that, the migration is forwards-compatible.
Device base class implements the iterate-over-children method to
 iterate over the dev->child_bus buses
Bus base class implements reset_count methods
Bus base class implements default no-op init/hold/exit
Bus base class implements the iterate-over-children method to
 iterate over the bus->children devices
Handling migration of the bus base class reset count is a little
 awkward -- we'll need to put it in a vmstate subsection which
 is part of the vmstate of the device which owns the bus.
 (I talked to David Gilbert on IRC about this and have some
 possibilities for how to do it, but will postpone writing them
 out until we've decided whether we like the APIs.)

The "API for devices to implement" is then the init/hold/exit
methods of the Resettable interface -- they don't need to worry
about these methods possibly being called multiple times, and
they don't need to handle the reference count or passing on
the calling of the phase methods to their children. They
just need to implement the correct behaviour for their device
for this phase.

The "API for callers wanting to reset a device" is a set of
helper functions that take a pointer to a Resettable object.
It's these that deal with the reset count and children:

resettable_assert_reset(Resettable *

[Qemu-devel] [PULL 29/37] tests: acpi: move boot_sector_init() into x86 tests branch

[Michael S. Tsirkin]

From: Igor Mammedov 

boot_sector_init() won't be used by arm/virt board, so move it from
global scope to x86 branch that uses it.

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1556808723-226478-8-git-send-email-imamm...@redhat.com>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/bios-tables-test.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index e2fc34143d..4d13a3cce6 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -788,13 +788,14 @@ int main(int argc, char *argv[])
 const char *arch = qtest_get_arch();
 int ret;
 
-ret = boot_sector_init(disk);
-if(ret)
-return ret;
-
 g_test_init(&argc, &argv, NULL);
 
 if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
+ret = boot_sector_init(disk);
+if (ret) {
+return ret;
+}
+
 qtest_add_func("acpi/piix4", test_acpi_piix4_tcg);
 qtest_add_func("acpi/piix4/bridge", test_acpi_piix4_tcg_bridge);
 qtest_add_func("acpi/q35", test_acpi_q35_tcg);
-- 
MST

Re: [Qemu-devel] [PULL 22/27] vl: Create block backends before setting machine properties

[Michal Privoznik]

On 5/16/19 1:43 PM, Markus Armbruster wrote:



Actually, there is more problems with this. Trying to run a guest with
persistent reservations fails after this patch is applied (git bisect
points me to this commit). My command line is:

qemu.git $ ./x86_64-softmmu/qemu-system-x86_64 \
-monitor stdio \
-object pr-manager-helper,id=pr-helper0,path=/tmp/pr-helper0.sock
-drive
file=/dev/mapper/crypt,file.pr-manager=pr-helper0,format=raw,if=none,id=drive-scsi0-0-0-2
\
-device
scsi-block,bus=scsi0.0,channel=0,scsi-id=0,lun=2,drive=drive-scsi0-0-0-2,id=scsi0-0-0-2

Honestly, I have no idea how to fix it, so I'm just raising this issue
here. Do you want me to open a bug or something?


Let's skip the bug filing bureaucracy and go straight to debugging.


Agreed.



Actual and expected behavior of your reproducer, please :)



Actual is that qemu fails to parse cmd line:


qemu-system-x86_64: -drive 
file=/dev/mapper/crypt,file.pr-manager=pr-helper0,format=raw,if=none,id=drive-scsi0-0-0-2: 
No persistent reservation manager with id 'pr-helper0'



Which obviously is not correct, because pr-helper0 is specified.
Expected result is that qemu suceeds in parsing the cmd line and starts 
the guest. To test it you don't need /dev/mapper/* really, I mean, if 
qemu fails with a different error message (e.g. it can't open the disk 
or EPERM or whatever), it's a sign it got past the cmd line parsing 
successfuly.


Michal

[Qemu-devel] [PULL 36/37] tests: acpi: refactor rebuild-expected-aml.sh to dump ACPI tables for a specified list of targets

[Michael S. Tsirkin]

From: Igor Mammedov 

Make initial list contain aarch64 and x86_64 targets.

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1556808723-226478-15-git-send-email-imamm...@redhat.com>
Reviewed-by: Wei Yang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/data/acpi/rebuild-expected-aml.sh | 23 +++
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/tests/data/acpi/rebuild-expected-aml.sh 
b/tests/data/acpi/rebuild-expected-aml.sh
index abdff70a0d..07f7e3f501 100755
--- a/tests/data/acpi/rebuild-expected-aml.sh
+++ b/tests/data/acpi/rebuild-expected-aml.sh
@@ -7,21 +7,12 @@
 #
 # Authors:
 #  Marcel Apfelbaum 
+#  Igor Mammedov 
 #
 # This work is licensed under the terms of the GNU GPLv2.
 # See the COPYING.LIB file in the top-level directory.
 
-qemu=
-
-if [ -e x86_64-softmmu/qemu-system-x86_64 ]; then
-qemu="x86_64-softmmu/qemu-system-x86_64"
-elif [ -e i386-softmmu/qemu-system-i386 ]; then
-qemu="i386-softmmu/qemu-system-i386"
-else
-echo "Run 'make' to build the qemu exectutable!"
-echo "Run this script from the build directory."
-exit 1;
-fi
+qemu_bins="aarch64-softmmu/qemu-system-aarch64 
x86_64-softmmu/qemu-system-x86_64"
 
 if [ ! -e "tests/bios-tables-test" ]; then
 echo "Test: bios-tables-test is required! Run make check before this 
script."
@@ -29,6 +20,14 @@ if [ ! -e "tests/bios-tables-test" ]; then
 exit 1;
 fi
 
-TEST_ACPI_REBUILD_AML=y QTEST_QEMU_BINARY=$qemu tests/bios-tables-test
+for qemu in $qemu_bins; do
+if [ ! -e $qemu ]; then
+echo "Run 'make' to build the following QEMU executables: $qemu_bins"
+echo "Also, run this script from the build directory."
+exit 1;
+fi
+TEST_ACPI_REBUILD_AML=y QTEST_QEMU_BINARY=$qemu tests/bios-tables-test
+done
+
 
 echo "The files were rebuilt and can be added to git."
-- 
MST

Re: [Qemu-devel] [PATCH v13 12/12] MAINTAINERS: Add RX

[Philippe Mathieu-Daudé]

On 5/16/19 7:52 AM, Yoshinori Sato wrote:
> Signed-off-by: Yoshinori Sato 
> Reviewed-by: Richard Henderson 
> ---
>  MAINTAINERS | 19 +++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index a73a61a546..ef6a02702e 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -272,6 +272,13 @@ F: include/hw/riscv/
>  F: linux-user/host/riscv32/
>  F: linux-user/host/riscv64/
>  
> +RENESAS RX
> +M: Yoshinori Sato 
> +S: Maintained
> +F: target/rx/
> +F: hw/rx/
> +F: include/hw/rx/
> +
>  S390
>  M: Richard Henderson 
>  M: David Hildenbrand 
> @@ -1106,6 +1113,18 @@ F: pc-bios/canyonlands.dt[sb]
>  F: pc-bios/u-boot-sam460ex-20100605.bin
>  F: roms/u-boot-sam460ex
>  
> +RX Machines
> +---
> +RX-QEMU
> +M: Yoshinori Sato 
> +S: Maintained
> +F: hw/rx/rxqemu.c

This is now "hw/rx/rx-virt.c"

> +F: hw/intc/rx_icu.c
> +F: hw/timer/renesas_*.c
> +F: hw/char/renesas_sci.c
> +F: include/hw/timer/renesas_*.h
> +F: include/hw/char/renesas_sci.h

You missed:

F: include/hw/intc/rx_icu.h
F: default-configs/rx-softmmu.mak

With the 3 changes:
Reviewed-by: Philippe Mathieu-Daudé 

Richard, that would be nice if you can apply those changes directly ;)

> +
>  SH4 Machines
>  
>  R2D
>

[Qemu-devel] [PATCH 0/2] bitmaps: merge bitmaps from different nodes

[Vladimir Sementsov-Ogievskiy]

Hi all!

We need to copy bitmaps to new top node on external snapshot, to
not break incremental backup chain.

The only thing to do is to allow block-dirty-bitmap-merge to work
with different nodes, here it is.

Vladimir Sementsov-Ogievskiy (2):
  qapi: support external bitmaps in block-dirty-bitmap-merge
  iotests: test external snapshot with bitmap copying

 qapi/block-core.json   | 13 +++---
 block/dirty-bitmap.c   |  9 ---
 blockdev.c | 46 +++--
 tests/qemu-iotests/254 | 52 +
 tests/qemu-iotests/254.out | 53 ++
 tests/qemu-iotests/group   |  1 +
 6 files changed, 154 insertions(+), 20 deletions(-)
 create mode 100755 tests/qemu-iotests/254
 create mode 100644 tests/qemu-iotests/254.out

-- 
2.18.0

[Qemu-devel] [PATCH 1/2] qapi: support external bitmaps in block-dirty-bitmap-merge

[Vladimir Sementsov-Ogievskiy]

Add new optional parameter making possible to merge bitmaps from
different nodes. It is needed to maintain external snapshots during
incremental backup chain history.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 qapi/block-core.json | 13 ++---
 block/dirty-bitmap.c |  9 ++---
 blockdev.c   | 46 ++--
 3 files changed, 48 insertions(+), 20 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 7ccbfff9d0..933b50771a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2006,16 +2006,23 @@
 ##
 # @BlockDirtyBitmapMerge:
 #
-# @node: name of device/node which the bitmap is tracking
+# @node: name of device/node which the @target and @bitmaps bitmaps are
+#tracking
 #
 # @target: name of the destination dirty bitmap
 #
-# @bitmaps: name(s) of the source dirty bitmap(s)
+# @bitmaps: name(s) of the source dirty bitmap(s). The field is optional
+#   since 4.1.
+#
+# @external-bitmaps: additional list of source dirty bitmaps with specified
+#nodes, which allows merging bitmaps between different
+#nodes. (Since: 4.1)
 #
 # Since: 4.0
 ##
 { 'struct': 'BlockDirtyBitmapMerge',
-  'data': { 'node': 'str', 'target': 'str', 'bitmaps': ['str'] } }
+  'data': { 'node': 'str', 'target': 'str', '*bitmaps': ['str'],
+'*external-bitmaps': ['BlockDirtyBitmap'] } }
 
 ##
 # @block-dirty-bitmap-add:
diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
index 59e6ebb861..49646a30e6 100644
--- a/block/dirty-bitmap.c
+++ b/block/dirty-bitmap.c
@@ -816,10 +816,10 @@ void bdrv_merge_dirty_bitmap(BdrvDirtyBitmap *dest, const 
BdrvDirtyBitmap *src,
 {
 bool ret;
 
-/* only bitmaps from one bds are supported */
-assert(dest->mutex == src->mutex);
-
 qemu_mutex_lock(dest->mutex);
+if (src->mutex != dest->mutex) {
+qemu_mutex_lock(src->mutex);
+}
 
 if (bdrv_dirty_bitmap_check(dest, BDRV_BITMAP_DEFAULT, errp)) {
 goto out;
@@ -845,4 +845,7 @@ void bdrv_merge_dirty_bitmap(BdrvDirtyBitmap *dest, const 
BdrvDirtyBitmap *src,
 
 out:
 qemu_mutex_unlock(dest->mutex);
+if (src->mutex != dest->mutex) {
+qemu_mutex_unlock(src->mutex);
+}
 }
diff --git a/blockdev.c b/blockdev.c
index 79fbac8450..8d37ce5943 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2112,11 +2112,9 @@ static void 
block_dirty_bitmap_disable_abort(BlkActionState *common)
 }
 }
 
-static BdrvDirtyBitmap *do_block_dirty_bitmap_merge(const char *node,
-const char *target,
-strList *bitmaps,
-HBitmap **backup,
-Error **errp);
+static BdrvDirtyBitmap *do_block_dirty_bitmap_merge(
+const char *node, const char *target, strList *bitmaps,
+BlockDirtyBitmapList *external_bitmaps, HBitmap **backup, Error 
**errp);
 
 static void block_dirty_bitmap_merge_prepare(BlkActionState *common,
  Error **errp)
@@ -2132,8 +2130,9 @@ static void 
block_dirty_bitmap_merge_prepare(BlkActionState *common,
 action = common->action->u.block_dirty_bitmap_merge.data;
 
 state->bitmap = do_block_dirty_bitmap_merge(action->node, action->target,
-action->bitmaps, 
&state->backup,
-errp);
+action->bitmaps,
+action->external_bitmaps,
+&state->backup, errp);
 }
 
 static void abort_prepare(BlkActionState *common, Error **errp)
@@ -2965,15 +2964,14 @@ void qmp_block_dirty_bitmap_disable(const char *node, 
const char *name,
 bdrv_disable_dirty_bitmap(bitmap);
 }
 
-static BdrvDirtyBitmap *do_block_dirty_bitmap_merge(const char *node,
-const char *target,
-strList *bitmaps,
-HBitmap **backup,
-Error **errp)
+static BdrvDirtyBitmap *do_block_dirty_bitmap_merge(
+const char *node, const char *target, strList *bitmaps,
+BlockDirtyBitmapList *external_bitmaps, HBitmap **backup, Error **errp)
 {
 BlockDriverState *bs;
 BdrvDirtyBitmap *dst, *src, *anon;
 strList *lst;
+BlockDirtyBitmapList *ext_lst;
 Error *local_err = NULL;
 
 dst = block_dirty_bitmap_lookup(node, target, &bs, errp);
@@ -3003,6 +3001,22 @@ static BdrvDirtyBitmap 
*do_block_dirty_bitmap_merge(const char *node,
 }
 }
 
+for (ext_lst = external_bitmaps; ext_lst; ext_lst = ext_lst->next) {
+src = block_dirty_bitmap_lookup(ext_lst->value->node,
+ 

Re: [Qemu-devel] [PATCH 3/4] iotests.py: Fix VM.run_job

[Alberto Garcia]

On Wed 15 May 2019 10:15:02 PM CEST, Max Reitz wrote:
> log() is in the current module, there is no need to prefix it.  In fact,
> doing so may make VM.run_job() unusable in tests that never use
> iotests.log() themselves.
>
> Signed-off-by: Max Reitz 

Reviewed-by: Alberto Garcia 

Berto

[Qemu-devel] [Bug 1823458] Re: race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu

[Dan Streetman]

see bug 1829245 for regression introduced by this patch; these patches
will be reverted from xenial, and then re-uploaded along with a patch
for the regression in bug 1829380

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1823458

Title:
  race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown
  crashes qemu

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Fix Released
Status in QEMU:
  Fix Released
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Trusty:
  Won't Fix
Status in qemu source package in Xenial:
  Fix Released
Status in qemu source package in Bionic:
  Fix Released
Status in qemu source package in Cosmic:
  Fix Released
Status in qemu source package in Disco:
  Fix Released

Bug description:
  [impact]

  on shutdown of a guest, there is a race condition that results in qemu
  crashing instead of normally shutting down.  The bt looks similar to
  this (depending on the specific version of qemu, of course; this is
  taken from 2.5 version of qemu):

  (gdb) bt
  #0  __GI___pthread_mutex_lock (mutex=0x0) at ../nptl/pthread_mutex_lock.c:66
  #1  0x5636c0bc4389 in qemu_mutex_lock (mutex=mutex@entry=0x0) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/util/qemu-thread-posix.c:73
  #2  0x5636c0988130 in qemu_chr_fe_write_all (s=s@entry=0x0, 
buf=buf@entry=0x7ffe65c086a0 "\v", len=len@entry=20) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/qemu-char.c:205
  #3  0x5636c08f3483 in vhost_user_write (msg=msg@entry=0x7ffe65c086a0, 
fds=fds@entry=0x0, fd_num=fd_num@entry=0, dev=0x5636c1bf6b70, 
dev=0x5636c1bf6b70)
  at /build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost-user.c:195
  #4  0x5636c08f411c in vhost_user_get_vring_base (dev=0x5636c1bf6b70, 
ring=0x7ffe65c087e0) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost-user.c:364
  #5  0x5636c08efff0 in vhost_virtqueue_stop (dev=dev@entry=0x5636c1bf6b70, 
vdev=vdev@entry=0x5636c2853338, vq=0x5636c1bf6d00, idx=1) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost.c:895
  #6  0x5636c08f2944 in vhost_dev_stop (hdev=hdev@entry=0x5636c1bf6b70, 
vdev=vdev@entry=0x5636c2853338) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost.c:1262
  #7  0x5636c08db2a8 in vhost_net_stop_one (net=0x5636c1bf6b70, 
dev=dev@entry=0x5636c2853338) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/vhost_net.c:293
  #8  0x5636c08dbe5b in vhost_net_stop (dev=dev@entry=0x5636c2853338, 
ncs=0x5636c209d110, total_queues=total_queues@entry=1) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/vhost_net.c:371
  #9  0x5636c08d7745 in virtio_net_vhost_status (status=7 '\a', 
n=0x5636c2853338) at /build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/virtio-net.c:150
  #10 virtio_net_set_status (vdev=, status=) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/virtio-net.c:162
  #11 0x5636c08ec42c in virtio_set_status (vdev=0x5636c2853338, 
val=) at /build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/virtio.c:624
  #12 0x5636c098fed2 in vm_state_notify (running=running@entry=0, 
state=state@entry=RUN_STATE_SHUTDOWN) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:1605
  #13 0x5636c089172a in do_vm_stop (state=RUN_STATE_SHUTDOWN) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/cpus.c:724
  #14 vm_stop (state=RUN_STATE_SHUTDOWN) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/cpus.c:1407
  #15 0x5636c085d240 in main_loop_should_exit () at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:1883
  #16 main_loop () at /build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:1931
  #17 main (argc=, argv=, envp=) 
at /build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:4683

  [test case]

  unfortunately since this is a race condition, it's very hard to
  arbitrarily reproduce; it depends very much on the overall
  configuration of the guest as well as how exactly it's shut down -
  specifically, its vhost user net must be closed from the host side at
  a specific time during qemu shutdown.

  I have someone with such a setup who has reported to me their setup is
  able to reproduce this reliably, but the config is too complex for me
  to reproduce so I have relied on their reproduction and testing to
  debug and craft the patch for this.

  [regression potential]

  the change adds a flag to prevent repeated calls to vhost_net_stop().
  This also prevents any calls to vhost_net_cleanup() from
  net_vhost_user_event().  Any regression would be seen when stopping
  and/or cleaning up a vhost net.  Regressions might include failure to
  hot-remove a vhost net from a guest, or failure to cleanup (i.e. mem
  leak), or crashes during cleanup or stopping a vhost net.

  [other info]

  this was originally seen in the 2.5 version of qemu - specifically,
  the UCA version in trusty-mitaka (which uses the xenial qemu
  codebase).

  After discussion upstream, it appears this was fixed upstream by
  commit e7c83a885f8, which is includ

Re: [Qemu-devel] [PATCH v13 07/12] hw/char: RX62N serial communication interface (SCI)

[Philippe Mathieu-Daudé]

On 5/16/19 7:52 AM, Yoshinori Sato wrote:
> This module supported only non FIFO type.
> Hardware manual.
> https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf
> 
> Signed-off-by: Yoshinori Sato 
> Reviewed-by: Alex Bennée 
> ---
>  include/hw/char/renesas_sci.h |  45 ++
>  hw/char/renesas_sci.c | 340 
> ++
>  hw/char/Kconfig   |   3 +
>  hw/char/Makefile.objs |   1 +
>  4 files changed, 389 insertions(+)
>  create mode 100644 include/hw/char/renesas_sci.h
>  create mode 100644 hw/char/renesas_sci.c
> 
> diff --git a/include/hw/char/renesas_sci.h b/include/hw/char/renesas_sci.h
> new file mode 100644
> index 00..50d1336944
> --- /dev/null
> +++ b/include/hw/char/renesas_sci.h
> @@ -0,0 +1,45 @@
> +/*
> + * Renesas Serial Communication Interface
> + *
> + * Copyright (c) 2018 Yoshinori Sato
> + *
> + * This code is licensed under the GPL version 2 or later.
> + *
> + */
> +
> +#include "chardev/char-fe.h"
> +#include "qemu/timer.h"
> +#include "hw/sysbus.h"
> +
> +#define TYPE_RENESAS_SCI "renesas-sci"
> +#define RSCI(obj) OBJECT_CHECK(RSCIState, (obj), TYPE_RENESAS_SCI)
> +
> +enum {
> +ERI = 0,
> +RXI = 1,
> +TXI = 2,
> +TEI = 3,
> +SCI_NR_IRQ = 4,
> +};
> +
> +typedef struct {
> +SysBusDevice parent_obj;
> +MemoryRegion memory;
> +
> +uint8_t smr;
> +uint8_t brr;
> +uint8_t scr;
> +uint8_t tdr;
> +uint8_t ssr;
> +uint8_t rdr;
> +uint8_t scmr;
> +uint8_t semr;
> +
> +uint8_t read_ssr;
> +int64_t trtime;
> +int64_t rx_next;
> +QEMUTimer *timer;
> +CharBackend chr;
> +uint64_t input_freq;
> +qemu_irq irq[SCI_NR_IRQ];
> +} RSCIState;
> diff --git a/hw/char/renesas_sci.c b/hw/char/renesas_sci.c
> new file mode 100644
> index 00..6298cbf43a
> --- /dev/null
> +++ b/hw/char/renesas_sci.c
> @@ -0,0 +1,340 @@
> +/*
> + * Renesas Serial Communication Interface
> + *
> + * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
> + * (Rev.1.40 R01UH0033EJ0140)
> + *
> + * Copyright (c) 2019 Yoshinori Sato
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along 
> with
> + * this program.  If not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/log.h"
> +#include "qapi/error.h"
> +#include "qemu-common.h"
> +#include "cpu.h"
> +#include "hw/hw.h"
> +#include "hw/sysbus.h"
> +#include "hw/registerfields.h"
> +#include "hw/char/renesas_sci.h"
> +#include "qemu/error-report.h"
> +
> +/* SCI register map */
> +REG8(SMR, 0)
> +  FIELD(SMR, CKS,  0, 2)
> +  FIELD(SMR, MP,   2, 1)
> +  FIELD(SMR, STOP, 3, 1)
> +  FIELD(SMR, PM,   4, 1)
> +  FIELD(SMR, PE,   5, 1)
> +  FIELD(SMR, CHR,  6, 1)
> +  FIELD(SMR, CM,   7, 1)
> +REG8(BRR, 1)
> +REG8(SCR, 2)
> +  FIELD(SCR, CKE, 0, 2)
> +  FIELD(SCR, TEIE, 2, 1)
> +  FIELD(SCR, MPIE, 3, 1)
> +  FIELD(SCR, RE,   4, 1)
> +  FIELD(SCR, TE,   5, 1)
> +  FIELD(SCR, RIE,  6, 1)
> +  FIELD(SCR, TIE,  7, 1)
> +REG8(TDR, 3)
> +REG8(SSR, 4)
> +  FIELD(SSR, MPBT, 0, 1)
> +  FIELD(SSR, MPB,  1, 1)
> +  FIELD(SSR, TEND, 2, 1)
> +  FIELD(SSR, ERR, 3, 3)
> +FIELD(SSR, PER,  3, 1)
> +FIELD(SSR, FER,  4, 1)
> +FIELD(SSR, ORER, 5, 1)
> +  FIELD(SSR, RDRF, 6, 1)
> +  FIELD(SSR, TDRE, 7, 1)
> +REG8(RDR, 5)
> +REG8(SCMR, 6)
> +  FIELD(SCMR, SMIF, 0, 1)
> +  FIELD(SCMR, SINV, 2, 1)
> +  FIELD(SCMR, SDIR, 3, 1)
> +  FIELD(SCMR, BCP2, 7, 1)
> +REG8(SEMR, 7)
> +  FIELD(SEMR, ACS0, 0, 1)
> +  FIELD(SEMR, ABCS, 4, 1)
> +
> +static int can_receive(void *opaque)
> +{
> +RSCIState *sci = RSCI(opaque);
> +if (sci->rx_next > qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)) {
> +return 0;
> +} else {
> +return FIELD_EX8(sci->scr, SCR, RE);
> +}
> +}
> +
> +static void receive(void *opaque, const uint8_t *buf, int size)
> +{
> +RSCIState *sci = RSCI(opaque);
> +sci->rx_next = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + sci->trtime;
> +if (FIELD_EX8(sci->ssr, SSR, RDRF) || size > 1) {
> +sci->ssr = FIELD_DP8(sci->ssr, SSR, ORER, 1);
> +if (FIELD_EX8(sci->scr, SCR, RIE)) {
> +qemu_set_irq(sci->irq[ERI], 1);
> +}
> +} else {
> +sci->rdr = buf[0];
> +sci->ssr = FIELD_DP8(sci->ssr, SSR, RDRF, 1);
> +if (FIELD_EX8(sci->scr, SCR, RIE)) {
> +qemu_irq_pulse(sci->irq[RXI]);
> +}
> +}
> +}
> +
> +static void send_byte(RSCIState *sci)
> +{

Re: [Qemu-devel] [PATCH v9 00/27] gdbstub: Refactor command packets handler

[Alex Bennée]

Alex Bennée  writes:

> Jon Doron  writes:
>
>> This patch series refactors the old gdbstub command packets handler
>> with a new infrastructure which should ease extending and adding new
>> and missing gdb command packets.
>
> Jon,
>

>
> Finally it would be nice if we could modernise the membuf and strbuf
> handling with a more robust glib based approach. I understand if you
> don't want to do that now and I'll happily accept the patches without it
> but I did notice you can send the gdbserver a bit loopy if you send it
> some very long maint packets so it would be nice to have that a bit
> safer.

Actually I had a go at this this morning and it turned out to be quite
fiddly so perhaps this is something best left to a follow-up series once
the re-factoring is in.

--
Alex Bennée

Re: [Qemu-devel] [PATCH v13 06/12] hw/timer: RX62N internal timer modules

[Philippe Mathieu-Daudé]

Hi Yoshinori,

On 5/16/19 7:52 AM, Yoshinori Sato wrote:
> renesas_tmr: 8bit timer modules.
> renesas_cmt: 16bit compare match timer modules.
> This part use many renesas's CPU.
> Hardware manual.
> https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf
> 
> Signed-off-by: Yoshinori Sato 
> Reviewed-by: Alex Bennée 
> ---
>  include/hw/timer/renesas_cmt.h |  38 
>  include/hw/timer/renesas_tmr.h |  50 +
>  hw/timer/renesas_cmt.c | 275 +
>  hw/timer/renesas_tmr.c | 455 
> +
>  hw/timer/Kconfig   |   6 +
>  hw/timer/Makefile.objs |   3 +
>  6 files changed, 827 insertions(+)
>  create mode 100644 include/hw/timer/renesas_cmt.h
>  create mode 100644 include/hw/timer/renesas_tmr.h
>  create mode 100644 hw/timer/renesas_cmt.c
>  create mode 100644 hw/timer/renesas_tmr.c
> 
> diff --git a/include/hw/timer/renesas_cmt.h b/include/hw/timer/renesas_cmt.h
> new file mode 100644
> index 00..acd25c6e0b
> --- /dev/null
> +++ b/include/hw/timer/renesas_cmt.h
> @@ -0,0 +1,38 @@
> +/*
> + * Renesas Compare-match timer Object
> + *
> + * Copyright (c) 2019 Yoshinori Sato
> + *
> + * This code is licensed under the GPL version 2 or later.
> + *
> + */
> +
> +#ifndef HW_RENESAS_CMT_H
> +#define HW_RENESAS_CMT_H
> +
> +#include "hw/sysbus.h"
> +
> +#define TYPE_RENESAS_CMT "renesas-cmt"
> +#define RCMT(obj) OBJECT_CHECK(RCMTState, (obj), TYPE_RENESAS_CMT)
> +
> +enum {
> +CMT_CH = 2,
> +CMT_NR_IRQ = 1 * CMT_CH,

Odd ;)

> +};
> +
> +typedef struct RCMTState {
> +SysBusDevice parent_obj;
> +
> +uint64_t input_freq;
> +MemoryRegion memory;
> +
> +uint16_t cmstr;

You can declare a RCmtChannelState structure here {

> +uint16_t cmcr[CMT_CH];
> +uint16_t cmcnt[CMT_CH];
> +uint16_t cmcor[CMT_CH];
> +int64_t tick[CMT_CH];
> +qemu_irq cmi[CMT_CH];
> +QEMUTimer *timer[CMT_CH];

} of count CMT_CH:

   struct RCmtChannelState channel[CMT_CH];

So you can use the same timer callback using &channel[id] as opaque context.

> +} RCMTState;
> +
> +#endif
> diff --git a/include/hw/timer/renesas_tmr.h b/include/hw/timer/renesas_tmr.h
> new file mode 100644
> index 00..de394e64d0
> --- /dev/null
> +++ b/include/hw/timer/renesas_tmr.h
> @@ -0,0 +1,50 @@
> +/*
> + * Renesas 8bit timer Object
> + *
> + * Copyright (c) 2018 Yoshinori Sato
> + *
> + * This code is licensed under the GPL version 2 or later.
> + *
> + */
> +
> +#ifndef HW_RENESAS_TMR_H
> +#define HW_RENESAS_TMR_H
> +
> +#include "hw/sysbus.h"
> +
> +#define TYPE_RENESAS_TMR "renesas-tmr"
> +#define RTMR(obj) OBJECT_CHECK(RTMRState, (obj), TYPE_RENESAS_TMR)
> +
> +enum timer_event {cmia = 0,
> +  cmib = 1,
> +  ovi = 2,
> +  none = 3,
> +  TMR_NR_EVENTS = 4};

This enum indentation seems screwed, I'm surprise checkpatch did not
complain.

> +enum {
> +TMR_CH = 2,
> +TMR_NR_IRQ = 3 * TMR_CH,
> +};
> +
> +typedef struct RTMRState {
> +SysBusDevice parent_obj;
> +
> +uint64_t input_freq;
> +MemoryRegion memory;
> +
> +uint8_t tcnt[TMR_CH];
> +uint8_t tcora[TMR_CH];
> +uint8_t tcorb[TMR_CH];
> +uint8_t tcr[TMR_CH];
> +uint8_t tccr[TMR_CH];
> +uint8_t tcor[TMR_CH];
> +uint8_t tcsr[TMR_CH];
> +int64_t tick;
> +int64_t div_round[TMR_CH];
> +enum timer_event next[TMR_CH];
> +qemu_irq cmia[TMR_CH];
> +qemu_irq cmib[TMR_CH];
> +qemu_irq ovi[TMR_CH];
> +QEMUTimer *timer[TMR_CH];

Same 'ChannelState' structure comment applies here.

> +} RTMRState;
> +
> +#endif
> diff --git a/hw/timer/renesas_cmt.c b/hw/timer/renesas_cmt.c
> new file mode 100644
> index 00..a2a2b92055
> --- /dev/null
> +++ b/hw/timer/renesas_cmt.c
> @@ -0,0 +1,275 @@
> +/*
> + * Renesas 16bit Compare-match timer
> + *
> + * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
> + * (Rev.1.40 R01UH0033EJ0140)
> + *
> + * Copyright (c) 2019 Yoshinori Sato
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along 
> with
> + * this program.  If not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu-common.h"
> +#include "qemu/log.h"
> +#include "qapi/error.h"
> +#include "qemu/timer.h"
> +#include "cpu.h"
> +#include "hw/hw.h"
> +#include "hw/sysbus.h"
> +#include "hw/registerfields.h"
> +#include "hw/timer/renesas_cmt.h"
> +#in

Re: [Qemu-devel] [PATCH v2] iotests: Filter 175's allocation information

[Nir Soffer]

On Thu, May 16, 2019 at 2:03 PM Max Reitz  wrote:

> On 13.05.19 17:52, Max Reitz wrote:
> > It is possible for an empty file to take up blocks on a filesystem.
> > Make iotest 175 take this into account.
> >
> > Reported-by: Thomas Huth 
> > Signed-off-by: Max Reitz 
> > ---
> > v2: [Nir]
> > - Use a function for filtering
> > - s/empty_blocks/extra_blocks/
> > ---
> >  tests/qemu-iotests/175 | 26 ++
> >  tests/qemu-iotests/175.out |  8 
> >  2 files changed, 26 insertions(+), 8 deletions(-)
> >
> > diff --git a/tests/qemu-iotests/175 b/tests/qemu-iotests/175
> > index d0ffc495c2..b5eb0aa856 100755
> > --- a/tests/qemu-iotests/175
> > +++ b/tests/qemu-iotests/175
> > @@ -28,10 +28,25 @@ status=1  # failure is the default!
> >
> >  _cleanup()
> >  {
> > - _cleanup_test_img
> > +_cleanup_test_img
> > +rm -f "$TEST_DIR/empty"
> >  }
> >  trap "_cleanup; exit \$status" 0 1 2 3 15
> >
> > +# Some file systems sometimes allocate extra blocks independently of
> > +# the file size.  This function hides the resulting difference in the
> > +# stat -c '%b' output.
> > +# Parameter 1: Number of blocks an empty file occupies
> > +# Parameter 2: Image size in bytes
> > +_filter_blocks()
> > +{
> > +extra_blocks=$1
> > +img_size=$2
> > +
> > +sed -e "s/blocks=$extra_blocks/nothing allocated/" \
> > +-e "s/blocks=$((extra_blocks + img_size / 512))/everything
> allocated/"
>
> Only now got around to creating an FS with similar characteristics to
> Thomas’s.  Turns out this test still fails there because it prints
> “blocks=nothing allocated050”...
>
> Unless objections arise, I’ll just add a \$ to each pattern to fix that.
>  (I could also just swap the lines, but that isn’t really right.)
>

Sounds right.

Can you share how to create file system which reproduces this?
Maybe adding the details in the test would be useful.

Nir

Re: [Qemu-devel] [PATCH v2] mips: Decide to map PAGE_EXEC in map_address

[Jakub Jermar]

Hi,

On 5/3/19 12:02 PM, Jakub Jermar wrote:
> Hi,
> 
> On 4/23/19 4:58 PM, Jakub Jermar wrote:
>> Hi Philippe!
>>
>> On 4/23/19 3:48 PM, Philippe Mathieu-Daudé wrote:
>>> Hi Jakub,
>>>
>>> On 4/23/19 1:00 PM, Jakub Jermář wrote:
 This commit addresses QEMU Bug #1825311:

   mips_cpu_handle_mmu_fault renders all accessed pages executable

 It allows finer-grained control over whether the accessed page should be
 executable by moving the decision to the underlying map_address
 function, which has more information for this.

 As a result, pages that have the XI bit set in the TLB and are accessed
 for read/write, don't suddenly end up being executable.

>>>
>>> Fixes: https://bugs.launchpad.net/qemu/+bug/1825311
>>>
 Signed-off-by: Jakub Jermář 
 ---
  target/mips/helper.c | 17 ++---
  1 file changed, 10 insertions(+), 7 deletions(-)

 diff --git a/target/mips/helper.c b/target/mips/helper.c
 index c44cdca3b5..132d073fbe 100644
 --- a/target/mips/helper.c
 +++ b/target/mips/helper.c
 @@ -43,7 +43,7 @@ int no_mmu_map_address (CPUMIPSState *env, hwaddr 
 *physical, int *prot,
  target_ulong address, int rw, int access_type)
  {
  *physical = address;
 -*prot = PAGE_READ | PAGE_WRITE;
 +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
  return TLBRET_MATCH;
  }
  
 @@ -61,7 +61,7 @@ int fixed_mmu_map_address (CPUMIPSState *env, hwaddr 
 *physical, int *prot,
  else
  *physical = address;
  
 -*prot = PAGE_READ | PAGE_WRITE;
 +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
  return TLBRET_MATCH;
  }
  
 @@ -101,6 +101,9 @@ int r4k_map_address (CPUMIPSState *env, hwaddr 
 *physical, int *prot,
  *prot = PAGE_READ;
  if (n ? tlb->D1 : tlb->D0)
  *prot |= PAGE_WRITE;
 +if (!(n ? tlb->XI1 : tlb->XI0)) {
 +*prot |= PAGE_EXEC;
 +}
>>>
>>> This was indeed missed in commit 2fb58b73746e.
>>>
  return TLBRET_MATCH;
  }
  return TLBRET_DIRTY;
 @@ -182,7 +185,7 @@ static int get_seg_physical_address(CPUMIPSState *env, 
 hwaddr *physical,
  } else {
  /* The segment is unmapped */
  *physical = physical_base | (real_address & segmask);
 -*prot = PAGE_READ | PAGE_WRITE;
 +*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
  return TLBRET_MATCH;
  }
  }
 @@ -913,8 +916,8 @@ int mips_cpu_handle_mmu_fault(CPUState *cs, vaddr 
 address, int size, int rw,
  }
  if (ret == TLBRET_MATCH) {
  tlb_set_page(cs, address & TARGET_PAGE_MASK,
 - physical & TARGET_PAGE_MASK, prot | PAGE_EXEC,
 - mmu_idx, TARGET_PAGE_SIZE);
 + physical & TARGET_PAGE_MASK, prot, mmu_idx,
 + TARGET_PAGE_SIZE);
  ret = 0;
  } else if (ret < 0)
  #endif
 @@ -936,8 +939,8 @@ int mips_cpu_handle_mmu_fault(CPUState *cs, vaddr 
 address, int size, int rw,
 address, rw, access_type, 
 mmu_idx);
  if (ret == TLBRET_MATCH) {
  tlb_set_page(cs, address & TARGET_PAGE_MASK,
 -physical & TARGET_PAGE_MASK, prot | PAGE_EXEC,
 -mmu_idx, TARGET_PAGE_SIZE);
 +physical & TARGET_PAGE_MASK, prot, mmu_idx,
 +TARGET_PAGE_SIZE);
  ret = 0;
  return ret;
  }

>>>
>>> Your patch looks correct, but I'd like to test it.
>>> Do you have a reproducer?
>>> Can you describe the command line you used?
>>
>> I've just attached a reproducer image and script to the bug. It's a
>> 32-bit little-endian test binary running on top of the L4Re microkernel.
>> Let me know if you also need a 64-bit version.
>>
>> I tested both 32 and 64-bit versions of the reproducer and also checked
>> to see that the the other images I have lying around here (Linux 2.6.32
>> big endian and HelenOS master little-endian, both 32-bit for 4Kc)
>> continue to run without regressions.
>>
>> Best regards,
>> Jakub
> 
> (ping)
> 
> Is there anything else I can do to help to get this merged?
> 
> https://patchew.org/QEMU/20190423110034.1260142-1-jakub.jer...@kernkonzept.com/

Has anyone managed to have a look at this?

Thanks,
Jakub

> 
> Thanks,
> Jakub
> 

-- 
Kernkonzept GmbH at Dresden, Germany, HRB 31129, CEO Dr.-Ing. Michael
Hohmuth

Re: [Qemu-devel] [Qemu-block] [PATCH 0/9] Assembly coroutine backend and x86 CET support

[Peter Maydell]

On Wed, 15 May 2019 at 10:48, Stefan Hajnoczi  wrote:
>
> On Thu, May 09, 2019 at 02:44:39PM +0100, Peter Maydell wrote:
> > On Sun, 5 May 2019 at 16:41, Alex Bennée  wrote:
> > >
> > >
> > > Paolo Bonzini  writes:
> > >
> > > > *** BLURB HERE ***
> > >
> > > I assume there was going to be a bit more background here?
> >
> > Mmm, could we have the rationale, please ?
>
> Paolo can add more if necessary, but my understanding is:
>
> 1. It's required for Intel Control-flow Enforcement Technology (CET).
>The existing ucontext backend doesn't work with CET.
> 2. It's faster than the existing ucontext implementation.

Mmm, I think we've talked about 1 before, but I think it would
be useful to clearly state why we need to do things here.
It's also useful for identifying whether we need an asm
backend for every host, or only some hosts (and if so which).

I'm unconvinced by 2 as a rationale for adding more host asm.
Coroutines were already bad enough when they were at least
vaguely portable C code.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v13 05/12] hw/intc: RX62N interrupt controller (ICUa)

[Philippe Mathieu-Daudé]

On 5/16/19 7:52 AM, Yoshinori Sato wrote:
> This implementation supported only ICUa.
> Hardware manual.
> https://www.renesas.com/us/en/doc/products/mpumcu/doc/rx_family/r01uh0033ej0140_rx62n.pdf
> 
> Signed-off-by: Yoshinori Sato 
> Reviewed-by: Alex Bennée 
> ---
>  include/hw/intc/rx_icu.h |  57 +++
>  hw/intc/rx_icu.c | 376 
> +++
>  hw/intc/Kconfig  |   3 +
>  hw/intc/Makefile.objs|   1 +
>  4 files changed, 437 insertions(+)
>  create mode 100644 include/hw/intc/rx_icu.h
>  create mode 100644 hw/intc/rx_icu.c
> 
> diff --git a/include/hw/intc/rx_icu.h b/include/hw/intc/rx_icu.h
> new file mode 100644
> index 00..7b0bfdeac1
> --- /dev/null
> +++ b/include/hw/intc/rx_icu.h
> @@ -0,0 +1,57 @@
> +#ifndef RX_ICU_H
> +#define RX_ICU_H
> +
> +#include "qemu-common.h"
> +#include "hw/irq.h"
> +
> +enum TRG_MODE {
> +TRG_LEVEL = 0,
> +TRG_NEDGE = 1,   /* Falling */
> +TRG_PEDGE = 2,   /* Raising */
> +TRG_BEDGE = 3,   /* Both */
> +};
> +
> +struct IRQSource {
> +enum TRG_MODE sense;
> +int level;
> +};
> +
> +enum {

The SWI goes here:

   SWI = 27,

> +NR_IRQS = 256,
> +};
> +
> +struct RXICUState {
> +SysBusDevice parent_obj;
> +
> +MemoryRegion memory;
> +struct IRQSource src[NR_IRQS];
> +char *icutype;
> +uint32_t nr_irqs;
> +uint32_t *map;
> +uint32_t nr_sense;
> +uint32_t *init_sense;
> +
> +uint8_t ir[NR_IRQS];
> +uint8_t dtcer[NR_IRQS];
> +uint8_t ier[NR_IRQS / 8];
> +uint8_t ipr[142];
> +uint8_t dmasr[4];
> +uint16_t fir;
> +uint8_t nmisr;
> +uint8_t nmier;
> +uint8_t nmiclr;
> +uint8_t nmicr;
> +int req_irq;
> +qemu_irq _irq;
> +qemu_irq _fir;
> +qemu_irq _swi;
> +};
> +typedef struct RXICUState RXICUState;
> +
> +#define TYPE_RXICU "rxicu"

"rx-icu" (Nitpicking)

> +#define RXICU(obj) OBJECT_CHECK(RXICUState, (obj), TYPE_RXICU)
> +
> +/* Software interrupt request */
> +#define SWI 27

^ remove.

> +
> +#endif /* RX_ICU_H */
> diff --git a/hw/intc/rx_icu.c b/hw/intc/rx_icu.c
> new file mode 100644
> index 00..cb28c7a8d2
> --- /dev/null
> +++ b/hw/intc/rx_icu.c
> @@ -0,0 +1,376 @@
> +/*
> + * RX Interrupt Control Unit
> + *
> + * Warning: Only ICUa is supported.
> + *
> + * Datasheet: RX62N Group, RX621 Group User's Manual: Hardware
> + * (Rev.1.40 R01UH0033EJ0140)
> + *
> + * Copyright (c) 2019 Yoshinori Sato
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along 
> with
> + * this program.  If not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu-common.h"
> +#include "qemu/log.h"
> +#include "qapi/error.h"
> +#include "cpu.h"
> +#include "hw/hw.h"
> +#include "hw/sysbus.h"
> +#include "hw/registerfields.h"
> +#include "hw/intc/rx_icu.h"
> +#include "qemu/error-report.h"
> +
> +REG8(IR, 0)
> +  FIELD(IR, IR,  0, 1)
> +REG8(DTCER, 0x100)
> +  FIELD(DTCER, DTCE,  0, 1)
> +REG8(IER, 0x200)
> +REG8(SWINTR, 0x2e0)
> +  FIELD(SWINTR, SWINT, 0, 1)
> +REG16(FIR, 0x2f0)
> +  FIELD(FIR, FVCT, 0, 8)
> +  FIELD(FIR, FIEN, 15, 1)
> +REG8(IPR, 0x300)
> +  FIELD(IPR, IPR, 0, 4)
> +REG8(DMRSR, 0x400)
> +REG8(IRQCR, 0x500)
> +  FIELD(IRQCR, IRQMD, 2, 2)
> +REG8(NMISR, 0x580)
> +  FIELD(NMISR, NMIST, 0, 1)
> +  FIELD(NMISR, LVDST, 1, 1)
> +  FIELD(NMISR, OSTST, 2, 1)
> +REG8(NMIER, 0x581)
> +  FIELD(NMIER, NMIEN, 0, 1)
> +  FIELD(NMIER, LVDEN, 1, 1)
> +  FIELD(NMIER, OSTEN, 2, 1)
> +REG8(NMICLR, 0x582)
> +  FIELD(NMICLR, NMICLR, 0, 1)
> +  FIELD(NMICLR, OSTCLR, 2, 1)
> +REG8(NMICR, 0x583)
> +  FIELD(NMICR, NMIMD, 3, 1)
> +
> +#define request(icu, n) (icu->ipr[icu->map[n]] << 8 | n)
> +
> +static void set_irq(RXICUState *icu, int n_IRQ, int req)
> +{
> +if ((icu->fir & R_FIR_FIEN_MASK) &&
> +(icu->fir & R_FIR_FVCT_MASK) == n_IRQ) {
> +qemu_set_irq(icu->_fir, req);
> +} else {
> +qemu_set_irq(icu->_irq, req);
> +}
> +}
> +
> +static void rxicu_request(RXICUState *icu, int n_IRQ)
> +{
> +int enable;
> +
> +enable = icu->ier[n_IRQ / 8] & (1 << (n_IRQ & 7));
> +if (n_IRQ > 0 && enable != 0 && atomic_read(&icu->req_irq) < 0) {
> +atomic_set(&icu->req_irq, n_IRQ);
> +set_irq(icu, n_IRQ, request(icu, n_IRQ));
> +}
> +}
> +
> +static void rxicu_set_irq(void *opaque, int n_IRQ, int level)
> +{
> +RXICUState *icu = opaque;
> +struct IRQSource *src;
> +int issue;
> +
> +if (n_IRQ >= NR_IRQS) 

Re: [Qemu-devel] [PATCH 0/2] target/arm: Minor bit field improvements

[Peter Maydell]

On Tue, 14 May 2019 at 02:11, Richard Henderson
 wrote:
>
> The tcg extract2 patch on which this depended is now in master.
>
>
> r~
>
>
> Richard Henderson (2):
>   target/arm: Use extract2 for EXTR
>   target/arm: Simplify BFXIL expansion



Applied to target-arm.next, thanks.

-- PMM

Re: [Qemu-devel] [PATCH v13 00/12] Add RX archtecture support

[Philippe Mathieu-Daudé]

On 5/16/19 7:52 AM, Yoshinori Sato wrote:
> Hello.
> This patch series is added Renesas RX target emulation.
> 
> Add "Reviewed-by" for all changes.
> 
> My git repository is bellow.
> git://git.pf.osdn.net/gitroot/y/ys/ysato/qemu.git tags/rx-20190514
> 
> Testing binaries bellow.
> u-boot
> Download - https://osdn.net/users/ysato/pf/qemu/dl/u-boot.bin.gz
> 
> starting
> $ gzip -d u-boot.bin.gz
> $ qemu-system-rx -bios u-boot.bin
> 
> linux and pico-root (only sash)
> Download - https://osdn.net/users/ysato/pf/qemu/dl/zImage (kernel)
>https://osdn.net/users/ysato/pf/qemu/dl/rx-qemu.dtb (DeviceTree)
> 
> starting
> $ qemu-system-rx -kernel zImage -dtb rx-qemu.dtb -append "earlycon"
> 
> Changes for v12.
> - None
> 
> Yoshinori Sato (12):
>   target/rx: TCG translation
>   target/rx: TCG helper
>   target/rx: CPU definition
>   target/rx: RX disassembler
>   hw/intc: RX62N interrupt controller (ICUa)
>   hw/timer: RX62N internal timer modules
>   hw/char: RX62N serial communication interface (SCI)
>   hw/rx: RX Target hardware definition
>   Add rx-softmmu
>   hw/registerfields.h: Add 8bit and 16bit register macros.
>   qemu/bitops.h: Add extract8 and extract16
>   MAINTAINERS: Add RX

Series:
Tested-by: Philippe Mathieu-Daudé 

Re: [Qemu-devel] [PATCH v13 02/12] target/rx: TCG helper

[Philippe Mathieu-Daudé]

On 5/16/19 7:52 AM, Yoshinori Sato wrote:
> Signed-off-by: Yoshinori Sato 
> Reviewed-by: Richard Henderson 
> ---
>  target/rx/helper.h|  31 
>  target/rx/helper.c| 148 
>  target/rx/op_helper.c | 481 
> ++
>  3 files changed, 660 insertions(+)
>  create mode 100644 target/rx/helper.h
>  create mode 100644 target/rx/helper.c
>  create mode 100644 target/rx/op_helper.c
> 
> diff --git a/target/rx/helper.h b/target/rx/helper.h
> new file mode 100644
> index 00..f0b7ebbbf7
> --- /dev/null
> +++ b/target/rx/helper.h
> @@ -0,0 +1,31 @@
> +DEF_HELPER_1(raise_illegal_instruction, noreturn, env)
> +DEF_HELPER_1(raise_access_fault, noreturn, env)
> +DEF_HELPER_1(raise_privilege_violation, noreturn, env)
> +DEF_HELPER_1(wait, noreturn, env)
> +DEF_HELPER_1(debug, noreturn, env)
> +DEF_HELPER_2(rxint, noreturn, env, i32)
> +DEF_HELPER_1(rxbrk, noreturn, env)
> +DEF_HELPER_FLAGS_3(fadd, TCG_CALL_NO_WG, f32, env, f32, f32)
> +DEF_HELPER_FLAGS_3(fsub, TCG_CALL_NO_WG, f32, env, f32, f32)
> +DEF_HELPER_FLAGS_3(fmul, TCG_CALL_NO_WG, f32, env, f32, f32)
> +DEF_HELPER_FLAGS_3(fdiv, TCG_CALL_NO_WG, f32, env, f32, f32)
> +DEF_HELPER_FLAGS_3(fcmp, TCG_CALL_NO_WG, void, env, f32, f32)
> +DEF_HELPER_FLAGS_2(ftoi, TCG_CALL_NO_WG, i32, env, f32)
> +DEF_HELPER_FLAGS_2(round, TCG_CALL_NO_WG, i32, env, f32)
> +DEF_HELPER_FLAGS_2(itof, TCG_CALL_NO_WG, f32, env, i32)
> +DEF_HELPER_2(set_fpsw, void, env, i32)
> +DEF_HELPER_FLAGS_2(racw, TCG_CALL_NO_WG, void, env, i32)
> +DEF_HELPER_FLAGS_2(set_psw_rte, TCG_CALL_NO_WG, void, env, i32)
> +DEF_HELPER_FLAGS_2(set_psw, TCG_CALL_NO_WG, void, env, i32)
> +DEF_HELPER_1(pack_psw, i32, env)
> +DEF_HELPER_FLAGS_3(div, TCG_CALL_NO_WG, i32, env, i32, i32)
> +DEF_HELPER_FLAGS_3(divu, TCG_CALL_NO_WG, i32, env, i32, i32)
> +DEF_HELPER_FLAGS_1(scmpu, TCG_CALL_NO_WG, void, env)
> +DEF_HELPER_1(smovu, void, env)
> +DEF_HELPER_1(smovf, void, env)
> +DEF_HELPER_1(smovb, void, env)
> +DEF_HELPER_2(sstr, void, env, i32)
> +DEF_HELPER_FLAGS_2(swhile, TCG_CALL_NO_WG, void, env, i32)
> +DEF_HELPER_FLAGS_2(suntil, TCG_CALL_NO_WG, void, env, i32)
> +DEF_HELPER_FLAGS_2(rmpa, TCG_CALL_NO_WG, void, env, i32)
> +DEF_HELPER_1(satr, void, env)
> diff --git a/target/rx/helper.c b/target/rx/helper.c
> new file mode 100644
> index 00..8e598c9c1d
> --- /dev/null
> +++ b/target/rx/helper.c
> @@ -0,0 +1,148 @@
> +/*
> + *  RX emulation
> + *
> + *  Copyright (c) 2019 Yoshinori Sato
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along 
> with
> + * this program.  If not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/bitops.h"
> +#include "cpu.h"
> +#include "exec/log.h"
> +#include "exec/cpu_ldst.h"
> +#include "sysemu/sysemu.h"
> +
> +void rx_cpu_unpack_psw(CPURXState *env, uint32_t psw, int rte)
> +{
> +if (env->psw_pm == 0) {
> +env->psw_ipl = FIELD_EX32(psw, PSW, IPL);
> +if (rte) {
> +/* PSW.PM can write RTE and RTFI */
> +env->psw_pm = FIELD_EX32(psw, PSW, PM);
> +}
> +env->psw_u = FIELD_EX32(psw, PSW, U);
> +env->psw_i = FIELD_EX32(psw, PSW, I);
> +}
> +env->psw_o = FIELD_EX32(psw, PSW, O) << 31;
> +env->psw_s = FIELD_EX32(psw, PSW, S) << 31;
> +env->psw_z = 1 - FIELD_EX32(psw, PSW, Z);
> +env->psw_c = FIELD_EX32(psw, PSW, C);
> +}
> +
> +#define INT_FLAGS (CPU_INTERRUPT_HARD | CPU_INTERRUPT_FIR)
> +void rx_cpu_do_interrupt(CPUState *cs)
> +{
> +RXCPU *cpu = RXCPU(cs);
> +CPURXState *env = &cpu->env;
> +int do_irq = cs->interrupt_request & INT_FLAGS;
> +uint32_t save_psw;
> +
> +env->in_sleep = 0;
> +
> +if (env->psw_u) {
> +env->usp = env->regs[0];
> +} else {
> +env->isp = env->regs[0];
> +}
> +save_psw = rx_cpu_pack_psw(env);
> +env->psw_pm = env->psw_i = env->psw_u = 0;
> +
> +if (do_irq) {
> +if (do_irq & CPU_INTERRUPT_FIR) {
> +env->bpc = env->pc;
> +env->bpsw = save_psw;
> +env->pc = env->fintv;
> +env->psw_ipl = 15;
> +cs->interrupt_request &= ~CPU_INTERRUPT_FIR;
> +qemu_set_irq(env->ack, env->ack_irq);
> +qemu_log_mask(CPU_LOG_INT, "fast interrupt raised\n");
> +} else if (do_irq & CPU_INTERRUPT_HARD) {
> +env->isp -= 4;
> +cpu_stl_all(env, env->isp, save_psw);
> +env->isp -= 4;
> +   

Re: [Qemu-devel] [RFC 0/3] target/m68k: convert to transaction_failed hook

[Peter Maydell]

On Fri, 3 May 2019 at 18:12, Laurent Vivier  wrote:
>
> On 10/12/2018 17:56, Peter Maydell wrote:
> > This patchset converts the m68k target from the deprecated
> > unassigned_access hook to the new transaction_failed hook.
> > It's RFC for a couple of reasons:
> >   * it's untested, since I don't have an m68k test image
> >   * the second patch just makes "bus error while trying to
> > read page tables" be treated as a page fault, when it
> > should probably cause a fault reporting it as a bus error
> > of some kind
> >   * I don't understand why the old unassigned_access hook
> > set the ATC bit in the MMU SSW, since the docs I have say
> > this should be set if the fault happened during a table
> > search, but cleared if it's just an ordinary bus-errored
> > data or insn access. Probably this is a pre-existing bug?
>
> I think you're right. It must be cleared on bus error.

Thanks for the review of this patchset. Is there anything
you want me to do for a v2, or is it ready to be applied ?

-- PMM

Re: [Qemu-devel] [PATCH v2] iotests: Filter 175's allocation information

[Max Reitz]

On 16.05.19 15:06, Nir Soffer wrote:
> On Thu, May 16, 2019 at 2:03 PM Max Reitz  > wrote:
> 
> On 13.05.19 17:52, Max Reitz wrote:
> > It is possible for an empty file to take up blocks on a filesystem.
> > Make iotest 175 take this into account.
> >
> > Reported-by: Thomas Huth mailto:th...@redhat.com>>
> > Signed-off-by: Max Reitz  >
> > ---
> > v2: [Nir]
> > - Use a function for filtering
> > - s/empty_blocks/extra_blocks/
> > ---
> >  tests/qemu-iotests/175     | 26 ++
> >  tests/qemu-iotests/175.out |  8 
> >  2 files changed, 26 insertions(+), 8 deletions(-)
> >
> > diff --git a/tests/qemu-iotests/175 b/tests/qemu-iotests/175
> > index d0ffc495c2..b5eb0aa856 100755
> > --- a/tests/qemu-iotests/175
> > +++ b/tests/qemu-iotests/175
> > @@ -28,10 +28,25 @@ status=1  # failure is the default!
> > 
> >  _cleanup()
> >  {
> > -     _cleanup_test_img
> > +    _cleanup_test_img
> > +    rm -f "$TEST_DIR/empty"
> >  }
> >  trap "_cleanup; exit \$status" 0 1 2 3 15
> > 
> > +# Some file systems sometimes allocate extra blocks independently of
> > +# the file size.  This function hides the resulting difference in the
> > +# stat -c '%b' output.
> > +# Parameter 1: Number of blocks an empty file occupies
> > +# Parameter 2: Image size in bytes
> > +_filter_blocks()
> > +{
> > +    extra_blocks=$1
> > +    img_size=$2
> > +
> > +    sed -e "s/blocks=$extra_blocks/nothing allocated/" \
> > +        -e "s/blocks=$((extra_blocks + img_size /
> 512))/everything allocated/"
> 
> Only now got around to creating an FS with similar characteristics to
> Thomas’s.  Turns out this test still fails there because it prints
> “blocks=nothing allocated050”...
> 
> Unless objections arise, I’ll just add a \$ to each pattern to fix that.
>  (I could also just swap the lines, but that isn’t really right.)
> 
> 
> Sounds right.
> 
> Can you share how to create file system which reproduces this?
> Maybe adding the details in the test would be useful.

Sure:

$ mkfs.ext4 -b 1024 -I 128 /dev/loop0

-I 128 is the important one.  The block size just changes the number of
extra blocks (2 with 1024, 8 with 4096).

...I guess I’ll just a v3 now.

Max



signature.asc
Description: OpenPGP digital signature