Re: [PATCH for 4.2 v6 00/54] Support for TCG plugins

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20191017131615.19660-1-alex.ben...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH for 4.2 v6 00/54] Support for TCG plugins
Type: series
Message-id: 20191017131615.19660-1-alex.ben...@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
9847f1b scripts/checkpatch.pl: don't complain about (foo, /* empty */)
e3fa8e1 .travis.yml: add --enable-plugins tests
b4a5f84 include/exec: wrap cpu_ldst.h in CONFIG_TCG
8462b2e accel/stubs: reduce headers from tcg-stub
66d6663 tests/plugin: add hotpages to analyse memory access patterns
cf354fc tests/plugin: add instruction execution breakdown
161670c tests/plugin: add a hotblocks plugin
31bb5d8 tests/tcg: enable plugin testing
32fae30 tests/tcg: drop test-i386-fprem from TESTS when not SLOW
9813370 tests/tcg: move "virtual" tests to EXTRA_TESTS
f932394 tests/tcg: set QEMU_OPTS for all cris runs
2d34307 tests/tcg/Makefile.target: fix path to config-host.mak
96c806e tests/plugin: add sample plugins
8d459e7 linux-user: support -plugin option
557e7e9 vl: support -plugin option
3547a90 plugin: add qemu_plugin_outs helper
fa5672e plugin: add qemu_plugin_insn_disas helper
cc752d2 plugin: expand the plugin_init function to include an info block
13aaf71 plugin: add API symbols to qemu-plugins.symbols
c7db739 configure: add --enable-plugins
09d36aa translator: inject instrumentation from plugins
7faedce target/openrisc: fetch code with translator_ld
734b011 target/xtensa: fetch code with translator_ld
b95a23d target/sparc: fetch code with translator_ld
83ca1d2 target/riscv: fetch code with translator_ld
97da0dd target/alpha: fetch code with translator_ld
3e3734e target/m68k: fetch code with translator_ld
f040316 target/hppa: fetch code with translator_ld
0af56b7 target/i386: fetch code with translator_ld
2227803 target/sh4: fetch code with translator_ld
59646df target/ppc: fetch code with translator_ld
271b6d3 target/arm: fetch code with translator_ld
7f001d1 translator: add translator_ld{ub,sw,uw,l,q}
233c92e plugin-gen: add plugin_insn_append
1b9cb4f cpu: hook plugin vcpu events
55bc125 *-user: plugin syscalls
b2b9b3e *-user: notify plugin of exit
ede8e39 translate-all: notify plugin code of tb_flush
6730862 plugins: implement helpers for resolving hwaddr
d925699 tcg: let plugins instrument virtual memory accesses
602641a atomic_template: add inline trace/plugin helpers
2bcb790 plugin-gen: add module for TCG-related code
ef984a5 tcg: add tcg_gen_st_ptr
3ed6ebb cputlb: introduce get_page_addr_code_hostp
f845fd4 cputlb: document get_page_addr_code
0994f5f queue: add QTAILQ_REMOVE_SEVERAL
c47e85c plugin: add implementation of the api
5591d65 plugin: add core code
8bba1274 plugin: add user-facing API
4197e2a docs/devel: add plugins.rst design document
2266562 translate-all: use cpu_in_exclusive_work_context() in tb_flush
51bbfa6 cpu: introduce cpu_in_exclusive_context()
0512852 trace: add mmu_index to mem_info
2e4704f trace: expand mem_info:size_shift to 4 bits

=== OUTPUT BEGIN ===
1/54 Checking commit 2e4704f0a0e9 (trace: expand mem_info:size_shift to 4 bits)
2/54 Checking commit 0512852c1418 (trace: add mmu_index to mem_info)
3/54 Checking commit 51bbfa6c73b6 (cpu: introduce cpu_in_exclusive_context())
4/54 Checking commit 22665627c396 (translate-all: use 
cpu_in_exclusive_work_context() in tb_flush)
5/54 Checking commit 4197e2a049aa (docs/devel: add plugins.rst design document)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#24: 
new file mode 100644

total: 0 errors, 1 warnings, 116 lines checked

Patch 5/54 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/54 Checking commit 8bba1274c903 (plugin: add user-facing API)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

WARNING: architecture specific defines should be avoided
#41: FILE: include/qemu/qemu-plugin.h:22:
+#if defined _WIN32 || defined __CYGWIN__

WARNING: architecture specific defines should be avoided
#49: FILE: include/qemu/qemu-plugin.h:30:
+  #if __GNUC__ >= 4

total: 0 errors, 3 warnings, 351 lines checked

Patch 6/54 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/54 Checking commit 5591d65608db (plugin: add core code)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#99: 
new file mode 100644

ERROR: externs should be avoided in .c files
#947: FILE: plugins/loader.c:63:
+extern struct qemu_plugin_state pl

Re: Python 2 and test/vm/netbsd

[Thomas Huth]

On 18/10/2019 00.55, Eduardo Habkost wrote:
> On Thu, Oct 17, 2019 at 07:05:41PM -0300, Eduardo Habkost wrote:
>> On Wed, Oct 16, 2019 at 07:41:24PM -0300, Eduardo Habkost wrote:
>>> On Wed, Oct 16, 2019 at 08:11:57AM +0200, Thomas Huth wrote:
 On 16/10/2019 05.00, Eduardo Habkost wrote:
> On Tue, Sep 17, 2019 at 08:31:40PM -0300, Eduardo Habkost wrote:
>> On Mon, Jul 01, 2019 at 07:25:27PM -0300, Eduardo Habkost wrote:
>>> On Mon, Jun 10, 2019 at 01:58:50PM +0100, Peter Maydell wrote:
> [...]
 The configure check also spits out deprecation warnings for
 the NetBSD/FreeBSD/OpenBSD tests/vm configurations. It would be nice
 to get those updated.
>>>
>>> CCing the test/vm maintainers.
>>>
>>> Fam, Alex, are you able to fix this and create new BSD VM images
>>> with Python 3 available?  I thought the VM image configurations
>>> were stored in the source tree, but they are downloaded from
>>> download.patchew.org.
>>
>> Fam, Alex, can you help us on this?  Python 2 won't be supported
>> anymore, so we need the VM images to be updated.
>
> Anyone?
>
> I'm about to submit patches to remove Python 2 support, and this
> will break tests/vm/netbsd.
>
> I'm powerless to fix this issue, because the netbsd image is
> hosted at download.patchew.org.

 Gerd had a patch to convert the netbsd VM script to ad hoc image
 creation, too:

 https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04459.html

 But there was a regression with the serial port between QEMU v3.0 and
 v4.x, so it was not included:

 https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg06784.html
>>>
>>> The URL above has this error:
>>>
>>>   con recv:  x: Exitqj
>>>   con recv: To be able to use the network, we need answers to the
>>>   following:Network media type
>>>   con send: 
>>>   con recv: : qqqk Perform autoconfiguration?
>>>  >a: Yes b: Noq
>>>   console: *** read timeout ***
>>>   console: waiting for: 'a: Yes'
>>>   console: line buffer:
>>>   
>>>   con recv: qqj
>>>
>>> I believe that problem was solved in v4, because v4 was reading
>>> the serial output 1 byte at a time.
>>>
>>> The issue that caused the netbsd patch to be dropped was:
>>> https://lore.kernel.org/qemu-devel/cafeaca8k9qja9ie-kwiaphr0fy_2zg7jrx5uv4aassjxcss...@mail.gmail.com/
>>>
>>> Possibly this is the same issue we saw at:
>>> https://lore.kernel.org/qemu-devel/20190607034214.gb22...@habkost.net/
>>>
>>> The test script must either close the console socket, or keep
>>> reading from it.  Otherwise, the QEMU VCPU threads might get
>>> stuck waiting for the chardev to be writeable.
>>
>> It doesn't seem to be the same issue.  Even if the console socket is closed,
>> I'm seeing results similar to the ones reported by Peter (the "pkgin -y
>> install" step is unreasonably slow).
>>
>> Running with V=1, I see packages being downloaded at reasonable speeds, but
>> there's a huge interval (of various minutes) between each package download.
> 
> I've found the cause for the slowness I'm seeing: for each file
> being downloaded, the guest spents at least 75 seconds trying to
> connect to the IPv6 address of ftp.NetBSD.org, before trying
> IPv4.  I don't know if this is a NetBSD bug, or a slirp bug.

Does it work better if you turn IPv6 off? E.g.:

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -81,7 +81,7 @@ class BaseVM(object):
 self._args = [ \
 "-nodefaults", "-m", "4G",
 "-cpu", "max",
-"-netdev", "user,id=vnet,hostfwd=:127.0.0.1:0-:22",
+"-netdev", "user,id=vnet,hostfwd=:127.0.0.1:0-:22,ipv6=off",
 "-device", "virtio-net-pci,netdev=vnet",
 "-vnc", "127.0.0.1:0,to=20"]
 if vcpus and vcpus > 1:

 Thomas


> Output of `strace -e trace=network` below:
> 
> 1571352260.348566 recvfrom(30, 
> "~[\201\200\0\1\0\1\0\0\0\0\3ftp\6NetBSD\3org\0\0\1\0\1"..., 1500, 0, 
> {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.5.30.160")}, 
> [128->16]) = 48 <0.16>
> 1571352260.349030 socket(AF_INET6, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_IP) = 31 
> <0.41>
> 1571352260.349142 setsockopt(31, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 
> <0.09>
> 1571352260.349179 setsockopt(31, SOL_SOCKET, SO_OOBINLINE, [1], 4) = 0 
> <0.07>
> 1571352260.349207 setsockopt(31, SOL_TCP, TCP_NODELAY, [1], 4) = 0 <0.08>
> 1571352260.349239 connect(31, {sa_family=AF_INET6, sin6_port=htons(80), 
> sin6_flowinfo=htonl(67108864), inet_pton(AF_INET6, "2001:470:a085:999::21", 
> &sin6_addr), sin6_scope_id=377348480}, 28) = -1 ENETUNREACH (Network is 
> unreachable) <0.000
> 021>
> 1571352266.350112 socket(AF_INET6, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_IP) = 31 
> <0.000131>
> 1571352266.350603 setsockopt(31, SOL_S

Re: [Virtio-fs] [PATCH 0/2] virtiofsd: Two fix for xattr operation

[Miklos Szeredi]

On Thu, Oct 17, 2019 at 6:48 PM Miklos Szeredi  wrote:

> Even simpler: allow O_PATH descriptors for f*xattr().

Attached patch.  Will post shortly.

However, I think it would make sense to fix virtiofsd as well, as this
will take time to percolate down, even if Al doesn't find anything
wrong with it.

Doing unshare(CLONE_FS) after thread startup seems safe, though must
be careful to change the working directory to the root of the mount
*before* starting any threads.

Thanks,
Miklos
diff --git a/fs/xattr.c b/fs/xattr.c
index 90dd78f0eb27..fd1335b86e60 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -495,7 +495,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
 SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
 		const void __user *,value, size_t, size, int, flags)
 {
-	struct fd f = fdget(fd);
+	struct fd f = fdget_raw(fd);
 	int error = -EBADF;
 
 	if (!f.file)
@@ -587,7 +587,7 @@ SYSCALL_DEFINE4(lgetxattr, const char __user *, pathname,
 SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name,
 		void __user *, value, size_t, size)
 {
-	struct fd f = fdget(fd);
+	struct fd f = fdget_raw(fd);
 	ssize_t error = -EBADF;
 
 	if (!f.file)
@@ -662,7 +662,7 @@ SYSCALL_DEFINE3(llistxattr, const char __user *, pathname, char __user *, list,
 
 SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size)
 {
-	struct fd f = fdget(fd);
+	struct fd f = fdget_raw(fd);
 	ssize_t error = -EBADF;
 
 	if (!f.file)
@@ -727,7 +727,7 @@ SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname,
 
 SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)
 {
-	struct fd f = fdget(fd);
+	struct fd f = fdget_raw(fd);
 	int error = -EBADF;
 
 	if (!f.file)

[Bug 1848556] Re: qemu-img check failing on remote image in Eoan

[Christian Ehrhardt ]

** Attachment added: "strace of the hanging qemu-img"
   
https://bugs.launchpad.net/qemu/+bug/1848556/+attachment/5298128/+files/qemu-img-hangs.strace

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1848556

Title:
  qemu-img check failing on remote image in Eoan

Status in QEMU:
  Confirmed

Bug description:
  The "qemu-img check" function is failing on remote (HTTP-hosted)
  images, beginning with Ubuntu 19.10 (qemu-utils version 1:4.0+dfsg-
  0ubuntu9). With previous versions, through Ubuntu 19.04/qemu-utils
  version 1:3.1+dfsg-2ubuntu3.5, the following worked:

  $ /usr/bin/qemu-img check  
http://10.193.37.117/cloud/eoan-server-cloudimg-amd64.img
  No errors were found on the image.
  19778/36032 = 54.89% allocated, 90.34% fragmented, 89.90% compressed clusters
  Image end offset: 514064384

  The 10.193.37.117 server holds an Apache server that hosts the cloud
  images on a LAN. Beginning with Ubuntu 19.10/qemu-utils 1:4.0+dfsg-
  0ubuntu9, the same command never returns. (I've left it for up to an
  hour with no change.) I'm able to wget the image from the same server
  and installation on which qemu-img check fails. I've tried several
  .img files on the server, ranging from Bionic to Eoan, with the same
  results with all of them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1848556/+subscriptions

[Bug 1848556] Re: qemu-img check failing on remote image in Eoan

[Christian Ehrhardt ]

Hi Rod,
I did try to recreate with the qemu version that you have.

$ apt install apache2 qemu-system-x86
$ qemu-img create -f qcow2 /var/www/html/test.img 1G
# local
$ qemu-img check test.img
No errors were found on the image.
# remote
$ qemu-img check http://localhost:80/test.img   

  
No errors were found on the image.  

  
Image end offset: 262144

Local check and remote check both work just fine.

I recognized the image that you have there and then did:
$ cd /var/www/html/
$ wget 
https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img
# local
$ qemu-img check bionic-server-cloudimg-amd64.img
No errors were found on the image.
16651/36032 = 46.21% allocated, 98.92% fragmented, 98.49% compressed clusters
Image end offset: 344195072
# remote
$ qemu-img check http://localhost:80/bionic-server-cloudimg-amd64.img


Therefore I can confirm the behavior you described.

** Changed in: qemu
   Status: New => Incomplete

** Changed in: qemu
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1848556

Title:
  qemu-img check failing on remote image in Eoan

Status in QEMU:
  Confirmed

Bug description:
  The "qemu-img check" function is failing on remote (HTTP-hosted)
  images, beginning with Ubuntu 19.10 (qemu-utils version 1:4.0+dfsg-
  0ubuntu9). With previous versions, through Ubuntu 19.04/qemu-utils
  version 1:3.1+dfsg-2ubuntu3.5, the following worked:

  $ /usr/bin/qemu-img check  
http://10.193.37.117/cloud/eoan-server-cloudimg-amd64.img
  No errors were found on the image.
  19778/36032 = 54.89% allocated, 90.34% fragmented, 89.90% compressed clusters
  Image end offset: 514064384

  The 10.193.37.117 server holds an Apache server that hosts the cloud
  images on a LAN. Beginning with Ubuntu 19.10/qemu-utils 1:4.0+dfsg-
  0ubuntu9, the same command never returns. (I've left it for up to an
  hour with no change.) I'm able to wget the image from the same server
  and installation on which qemu-img check fails. I've tried several
  .img files on the server, ranging from Bionic to Eoan, with the same
  results with all of them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1848556/+subscriptions

Re: [PATCH] Fix unsigned integer underflow in fd-trans.c

[Laurent Vivier]

Le 18/10/2019 à 02:19, Shu-Chun Weng a écrit :
> In any of these `*_for_each_*` functions, the last entry in the buffer (so the
> "remaining length in the buffer" `len` is equal to the length of the
> entry `nlmsg_len`/`nla_len`/etc) has size that is not a multiple of the
> alignment, the aligned lengths `*_ALIGN(*_len)` will be greater than `len`.
> Since `len` is unsigned (`size_t`), it underflows and the loop will read
> pass the buffer.
> 
> This may manifest as random EINVAL or EOPNOTSUPP error on IO or network
> system calls.
> 
> Signed-off-by: Shu-Chun Weng 
> ---
>  linux-user/fd-trans.c | 51 +--
>  1 file changed, 40 insertions(+), 11 deletions(-)
> 
> diff --git a/linux-user/fd-trans.c b/linux-user/fd-trans.c
> index 60077ce531..9b92386abf 100644
> --- a/linux-user/fd-trans.c
> +++ b/linux-user/fd-trans.c
> @@ -279,6 +279,7 @@ static abi_long host_to_target_for_each_nlmsg(struct 
> nlmsghdr *nlh,
> (struct nlmsghdr *))
>  {
>  uint32_t nlmsg_len;
> +uint32_t aligned_nlmsg_len;
>  abi_long ret;
>  
>  while (len > sizeof(struct nlmsghdr)) {
> @@ -312,8 +313,13 @@ static abi_long host_to_target_for_each_nlmsg(struct 
> nlmsghdr *nlh,
>  break;
>  }
>  tswap_nlmsghdr(nlh);
> -len -= NLMSG_ALIGN(nlmsg_len);
> -nlh = (struct nlmsghdr *)(((char*)nlh) + NLMSG_ALIGN(nlmsg_len));
> +
> +aligned_nlmsg_len = NLMSG_ALIGN(nlmsg_len);
> +if (aligned_nlmsg_len >= len) {
> +break;
> +}
> +len -= aligned_nlmsg_len;
> +nlh = (struct nlmsghdr *)(((char*)nlh) + aligned_nlmsg_len);
>  }
>  return 0;
>  }

Nice catch.

But the first "if" in the loop is already here for that, we only need to
fix it with something like that in all the for_each functions:

@@ -285,7 +285,7 @@ static abi_long host_to_target_for_each_nlmsg(struct
nlmsghdr *nlh,

 nlmsg_len = nlh->nlmsg_len;
 if (nlmsg_len < sizeof(struct nlmsghdr) ||
-nlmsg_len > len) {
+NLMSG_ALIGN(nlmsg_len) > len) {
 break;
 }

Thanks,
Laurent

[Bug 1848556] Re: qemu-img check failing on remote image in Eoan

[Christian Ehrhardt ]

The stuck poll is at:
#0  0x7fafb935ad26 in __GI_ppoll (fds=0x560dba615670, nfds=1, 
timeout=, timeout@entry=0x0, sigmask=sigmask@entry=0x0) at 
../sysdeps/unix/sysv/linux/ppoll.c:39
#1  0x560db89550b9 in ppoll (__ss=0x0, __timeout=0x0, __nfds=, __fds=) at /usr/include/x86_64-linux-gnu/bits/poll2.h:77
#2  qemu_poll_ns (fds=, nfds=, timeout=) at ./util/qemu-timer.c:322
#3  0x560db89570eb in aio_poll (ctx=ctx@entry=0x560dba5e83b0, 
blocking=blocking@entry=true) at ./util/aio-posix.c:666
#4  0x560db888c21d in bdrv_check (bs=, res=, 
fix=) at ./block.c:4149
#5  0x560db887e6ab in collect_image_check (bs=0x560dba5ed680, 
check=0x560dba6143d0, filename=0x7ffe3d7c48d7 
"http://localhost:80/bionic-server-cloudimg-amd64.img";, fix=, 
fmt=) at ./qemu-img.c:615
#6  0x560db88825e1 in img_check (argc=, argv=) at ./qemu-img.c:774
#7  0x560db887bd2e in main (argc=2, argv=) at 
./qemu-img.c:4987

And from strace we know that the FD is from
260 [pid 20469]  0.67 eventfd2(0, EFD_CLOEXEC|EFD_NONBLOCK) = 8 
<0.41>

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1848556

Title:
  qemu-img check failing on remote image in Eoan

Status in QEMU:
  Confirmed

Bug description:
  The "qemu-img check" function is failing on remote (HTTP-hosted)
  images, beginning with Ubuntu 19.10 (qemu-utils version 1:4.0+dfsg-
  0ubuntu9). With previous versions, through Ubuntu 19.04/qemu-utils
  version 1:3.1+dfsg-2ubuntu3.5, the following worked:

  $ /usr/bin/qemu-img check  
http://10.193.37.117/cloud/eoan-server-cloudimg-amd64.img
  No errors were found on the image.
  19778/36032 = 54.89% allocated, 90.34% fragmented, 89.90% compressed clusters
  Image end offset: 514064384

  The 10.193.37.117 server holds an Apache server that hosts the cloud
  images on a LAN. Beginning with Ubuntu 19.10/qemu-utils 1:4.0+dfsg-
  0ubuntu9, the same command never returns. (I've left it for up to an
  hour with no change.) I'm able to wget the image from the same server
  and installation on which qemu-img check fails. I've tried several
  .img files on the server, ranging from Bionic to Eoan, with the same
  results with all of them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1848556/+subscriptions

Re: [PATCH] hw/s390x: Emit a warning if user tried to enable USB

[Philippe Mathieu-Daudé]

On 10/18/19 8:35 AM, Thomas Huth wrote:

On 17/10/2019 20.18, Philippe Mathieu-Daudé wrote:

On 10/17/19 4:40 PM, Thomas Huth wrote:

On 17/10/2019 16.34, Cornelia Huck wrote:

On Thu, 17 Oct 2019 16:21:23 +0200
Thomas Huth  wrote:


There is no USB on s390x, so running qemu-system-s390x with
"-machine ...,usb=on" is certainly wrong. Emit a warning to make
the users aware of their misconfiguration.

Signed-off-by: Thomas Huth 
---
   After a year or two, we could finally turn this into a hard error,
   but I think we should give the users some time to fix their command
   lines first, so I'm initially only emitting a warning here.

   hw/s390x/s390-virtio-ccw.c | 4 
   1 file changed, 4 insertions(+)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index d3edeef0ad..af8c4c0daf 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -243,6 +243,10 @@ static void ccw_init(MachineState *machine)
   VirtualCssBus *css_bus;
   DeviceState *dev;
   +    if (machine->usb) {
+    warn_report("This machine does not support USB");


I'm wondering if this is the only machine type not supporting usb...
if not, how are others handling it?


I think most machines are silently ignoring it, like we did on s390x
until now, too.


The usb parsing code in machine.c does not care if usb is even
configured (CONFIG_USB).


machine.c is common code, so you can not use CONFIG_USB there.


We already have:

bool target_words_bigendian(void)
{
#if defined(TARGET_WORDS_BIGENDIAN)
     return true;
#else
     return false;
#endif
}


... and kvm_available() and xen_available() ...


diff --git a/hw/usb/machine.c b/hw/usb/machine.c
new file mode 100644
index 00..5381928479
--- /dev/null
+++ b/hw/usb/machine.c
@@ -0,0 +1,12 @@
+#include "qemu/osdep.h"
+#include "hw/boards.h"
+#include "config-devices.h"
+
+bool machine_has_usb(void)
+{
+#if defined(CONFIG_USB)
+    return true;
+#else
+    return false;
+#endif
+}


I think I'd rather call it usb_available() (like the other _available()
functions) and put it into arch_init.c (and rename that file to arch.c
or target.c or something like that).


Yes, clever names :)

[PULL 00/13] Audio 20191018 patches

[Gerd Hoffmann]

The following changes since commit f22f553efffd083ff624be116726f843a39f1148:

  Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20191013' into 
staging (2019-10-17 16:48:56 +0100)

are available in the Git repository at:

  git://git.kraxel.org/qemu tags/audio-20191018-pull-request

for you to fetch changes up to 0cf13e367a99dd1abefc46ec94b4c1a80c678f61:

  paaudio: fix channel order for usb-audio 5.1 and 7.1 streams (2019-10-18 
08:14:05 +0200)


audio: bugfixes, pa connection and stream naming.
audio: 5.1/7.1 support for alsa, pa and usb-audio.



Kővágó, Zoltán (13):
  audio: fix parameter dereference before NULL check
  audio: paaudio: fix connection and stream name
  audio: paaudio: ability to specify stream name
  audio: add mixing-engine option (documentation)
  audio: make mixeng optional
  paaudio: get/put_buffer functions
  audio: support more than two channels in volume setting
  audio: replace shift in audio_pcm_info with bytes_per_frame
  audio: basic support for multichannel audio
  usb-audio: do not count on avail bytes actually available
  usb-audio: support more than two channels of audio
  usbaudio: change playback counters to 64 bit
  paaudio: fix channel order for usb-audio 5.1 and 7.1 streams

 audio/audio.h   |  10 +
 audio/audio_int.h   |   7 +-
 audio/audio_template.h  |  31 ++-
 audio/dsound_template.h |  10 +-
 audio/alsaaudio.c   |  18 +-
 audio/audio.c   | 176 ++-
 audio/coreaudio.c   |   4 +-
 audio/dsoundaudio.c |   4 +-
 audio/noaudio.c |   2 +-
 audio/ossaudio.c|  14 +-
 audio/paaudio.c | 162 --
 audio/spiceaudio.c  |  17 +-
 audio/wavaudio.c|   6 +-
 hw/usb/dev-audio.c  | 461 ++--
 qapi/audio.json |  12 ++
 qemu-options.hx |  15 ++
 16 files changed, 758 insertions(+), 191 deletions(-)

-- 
2.18.1

[PULL 03/13] audio: paaudio: ability to specify stream name

[Gerd Hoffmann]

From: Kővágó, Zoltán 

This can be used to identify stream in tools like pavucontrol when one
creates multiple -audiodevs or runs multiple qemu instances.

Signed-off-by: Kővágó, Zoltán 
Acked-by: Markus Armbruster 
Message-id: 
2d6e337c474ac84172d0809e6959c26b21d48120.1568157545.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 audio/paaudio.c | 4 ++--
 qapi/audio.json | 6 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/audio/paaudio.c b/audio/paaudio.c
index 3e6580a5ee50..2cba492d8265 100644
--- a/audio/paaudio.c
+++ b/audio/paaudio.c
@@ -339,7 +339,7 @@ static int qpa_init_out(HWVoiceOut *hw, struct audsettings 
*as,
 
 pa->stream = qpa_simple_new (
 c,
-g->dev->id,
+ppdo->has_stream_name ? ppdo->stream_name : g->dev->id,
 PA_STREAM_PLAYBACK,
 ppdo->has_name ? ppdo->name : NULL,
 &ss,
@@ -388,7 +388,7 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings 
*as, void *drv_opaque)
 
 pa->stream = qpa_simple_new (
 c,
-g->dev->id,
+ppdo->has_stream_name ? ppdo->stream_name : g->dev->id,
 PA_STREAM_RECORD,
 ppdo->has_name ? ppdo->name : NULL,
 &ss,
diff --git a/qapi/audio.json b/qapi/audio.json
index 9fefdf5186dd..e45218f081f2 100644
--- a/qapi/audio.json
+++ b/qapi/audio.json
@@ -206,6 +206,11 @@
 #
 # @name: name of the sink/source to use
 #
+# @stream-name: name of the PulseAudio stream created by qemu.  Can be
+#   used to identify the stream in PulseAudio when you
+#   create multiple PulseAudio devices or run multiple qemu
+#   instances (default: audiodev's id, since 4.2)
+#
 # @latency: latency you want PulseAudio to achieve in microseconds
 #   (default 15000)
 #
@@ -215,6 +220,7 @@
   'base': 'AudiodevPerDirectionOptions',
   'data': {
 '*name': 'str',
+'*stream-name': 'str',
 '*latency': 'uint32' } }
 
 ##
-- 
2.18.1

[PULL 07/13] audio: support more than two channels in volume setting

[Gerd Hoffmann]

From: Kővágó, Zoltán 

Signed-off-by: Kővágó, Zoltán 
Message-id: 
5d3dd2ee3baaa62805e79c3901abb7415ae32461.1570996490.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 audio/audio.h  | 10 ++
 audio/audio_int.h  |  4 ++--
 audio/audio.c  | 30 ++
 audio/paaudio.c| 20 
 audio/spiceaudio.c | 14 --
 5 files changed, 54 insertions(+), 24 deletions(-)

diff --git a/audio/audio.h b/audio/audio.h
index c74abb8c4718..0db3c7dd5e06 100644
--- a/audio/audio.h
+++ b/audio/audio.h
@@ -124,6 +124,16 @@ uint64_t AUD_get_elapsed_usec_out (SWVoiceOut *sw, 
QEMUAudioTimeStamp *ts);
 void AUD_set_volume_out (SWVoiceOut *sw, int mute, uint8_t lvol, uint8_t rvol);
 void AUD_set_volume_in (SWVoiceIn *sw, int mute, uint8_t lvol, uint8_t rvol);
 
+#define AUDIO_MAX_CHANNELS 16
+typedef struct Volume {
+bool mute;
+int channels;
+uint8_t vol[AUDIO_MAX_CHANNELS];
+} Volume;
+
+void audio_set_volume_out(SWVoiceOut *sw, Volume *vol);
+void audio_set_volume_in(SWVoiceIn *sw, Volume *vol);
+
 SWVoiceIn *AUD_open_in (
 QEMUSoundCard *card,
 SWVoiceIn *sw,
diff --git a/audio/audio_int.h b/audio/audio_int.h
index 22a703c13e1c..9176db249b23 100644
--- a/audio/audio_int.h
+++ b/audio/audio_int.h
@@ -166,7 +166,7 @@ struct audio_pcm_ops {
  */
 size_t (*put_buffer_out)(HWVoiceOut *hw, void *buf, size_t size);
 void   (*enable_out)(HWVoiceOut *hw, bool enable);
-void   (*volume_out)(HWVoiceOut *hw, struct mixeng_volume *vol);
+void   (*volume_out)(HWVoiceOut *hw, Volume *vol);
 
 int(*init_in) (HWVoiceIn *hw, audsettings *as, void *drv_opaque);
 void   (*fini_in) (HWVoiceIn *hw);
@@ -174,7 +174,7 @@ struct audio_pcm_ops {
 void  *(*get_buffer_in)(HWVoiceIn *hw, size_t *size);
 void   (*put_buffer_in)(HWVoiceIn *hw, void *buf, size_t size);
 void   (*enable_in)(HWVoiceIn *hw, bool enable);
-void   (*volume_in)(HWVoiceIn *hw, struct mixeng_volume *vol);
+void   (*volume_in)(HWVoiceIn *hw, Volume *vol);
 };
 
 void *audio_generic_get_buffer_in(HWVoiceIn *hw, size_t *size);
diff --git a/audio/audio.c b/audio/audio.c
index d616a4af98bd..f1c145dfcdeb 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -1891,31 +1891,45 @@ void AUD_del_capture (CaptureVoiceOut *cap, void 
*cb_opaque)
 }
 
 void AUD_set_volume_out (SWVoiceOut *sw, int mute, uint8_t lvol, uint8_t rvol)
+{
+Volume vol = { .mute = mute, .channels = 2, .vol = { lvol, rvol } };
+audio_set_volume_out(sw, &vol);
+}
+
+void audio_set_volume_out(SWVoiceOut *sw, Volume *vol)
 {
 if (sw) {
 HWVoiceOut *hw = sw->hw;
 
-sw->vol.mute = mute;
-sw->vol.l = nominal_volume.l * lvol / 255;
-sw->vol.r = nominal_volume.r * rvol / 255;
+sw->vol.mute = vol->mute;
+sw->vol.l = nominal_volume.l * vol->vol[0] / 255;
+sw->vol.r = nominal_volume.l * vol->vol[vol->channels > 1 ? 1 : 0] /
+255;
 
 if (hw->pcm_ops->volume_out) {
-hw->pcm_ops->volume_out(hw, &sw->vol);
+hw->pcm_ops->volume_out(hw, vol);
 }
 }
 }
 
 void AUD_set_volume_in (SWVoiceIn *sw, int mute, uint8_t lvol, uint8_t rvol)
+{
+Volume vol = { .mute = mute, .channels = 2, .vol = { lvol, rvol } };
+audio_set_volume_in(sw, &vol);
+}
+
+void audio_set_volume_in(SWVoiceIn *sw, Volume *vol)
 {
 if (sw) {
 HWVoiceIn *hw = sw->hw;
 
-sw->vol.mute = mute;
-sw->vol.l = nominal_volume.l * lvol / 255;
-sw->vol.r = nominal_volume.r * rvol / 255;
+sw->vol.mute = vol->mute;
+sw->vol.l = nominal_volume.l * vol->vol[0] / 255;
+sw->vol.r = nominal_volume.r * vol->vol[vol->channels > 1 ? 1 : 0] /
+255;
 
 if (hw->pcm_ops->volume_in) {
-hw->pcm_ops->volume_in(hw, &sw->vol);
+hw->pcm_ops->volume_in(hw, vol);
 }
 }
 }
diff --git a/audio/paaudio.c b/audio/paaudio.c
index 77cd0bc0d026..292c8c9ff4c0 100644
--- a/audio/paaudio.c
+++ b/audio/paaudio.c
@@ -532,20 +532,22 @@ static void qpa_fini_in (HWVoiceIn *hw)
 }
 }
 
-static void qpa_volume_out(HWVoiceOut *hw, struct mixeng_volume *vol)
+static void qpa_volume_out(HWVoiceOut *hw, Volume *vol)
 {
 PAVoiceOut *pa = (PAVoiceOut *) hw;
 pa_operation *op;
 pa_cvolume v;
 PAConnection *c = pa->g->conn;
+int i;
 
 #ifdef PA_CHECK_VERSION/* macro is present in 0.9.16+ */
 pa_cvolume_init (&v);  /* function is present in 0.9.13+ */
 #endif
 
-v.channels = 2;
-v.values[0] = ((PA_VOLUME_NORM - PA_VOLUME_MUTED) * vol->l) / UINT32_MAX;
-v.values[1] = ((PA_VOLUME_NORM - PA_VOLUME_MUTED) * vol->r) / UINT32_MAX;
+v.channels = vol->channels;
+for (i = 0; i < vol->channels; ++i) {
+v.values[i] = ((PA_VOLUME_NORM - PA_VOLUME_MUTED) * vol->vol[i]) / 255;
+}
 
 pa_threaded_mainloop_lock(c->mainloop);
 
@@ -572,20 +574,22 @@ static void qpa_volume_out(HWVoiceOut *hw, struct 

[PULL 09/13] audio: basic support for multichannel audio

[Gerd Hoffmann]

From: Kővágó, Zoltán 

Which currently only means removing some checks.  Old code won't require
more than two channels, but new code will need it.

Signed-off-by: Kővágó, Zoltán 
Message-id: 
7e53be1f97e939ed3bb729ef39e76b775643118a.1570996490.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 audio/alsaaudio.c | 7 ---
 audio/audio.c | 2 +-
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index eddf013a537c..f37ce1ce8570 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -493,13 +493,6 @@ static int alsa_open(bool in, struct alsa_params_req *req,
 goto err;
 }
 
-if (nchannels != 1 && nchannels != 2) {
-alsa_logerr2 (err, typ,
-  "Can not handle obtained number of channels %d\n",
-  nchannels);
-goto err;
-}
-
 if (apdo->buffer_length) {
 int dir = 0;
 unsigned int btime = apdo->buffer_length;
diff --git a/audio/audio.c b/audio/audio.c
index c00f4deddd3d..7fc3aa9d1637 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -242,7 +242,7 @@ static int audio_validate_settings (struct audsettings *as)
 {
 int invalid;
 
-invalid = as->nchannels != 1 && as->nchannels != 2;
+invalid = as->nchannels < 1;
 invalid |= as->endianness != 0 && as->endianness != 1;
 
 switch (as->fmt) {
-- 
2.18.1

[PULL 08/13] audio: replace shift in audio_pcm_info with bytes_per_frame

[Gerd Hoffmann]

From: Kővágó, Zoltán 

The bit shifting trick worked because the number of bytes per frame was
always a power-of-two (since QEMU only supports mono, stereo and 8, 16
and 32 bit samples).  But if we want to add support for surround sound,
this no longer holds true.

Signed-off-by: Kővágó, Zoltán 
Message-id: 
1351fd9bcce0ff20d81850c5292722194329de02.1570996490.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 audio/audio_int.h   |  3 +-
 audio/dsound_template.h | 10 +++---
 audio/alsaaudio.c   | 11 +++---
 audio/audio.c   | 74 -
 audio/coreaudio.c   |  4 +--
 audio/dsoundaudio.c |  4 +--
 audio/noaudio.c |  2 +-
 audio/ossaudio.c| 14 
 audio/spiceaudio.c  |  3 +-
 audio/wavaudio.c|  6 ++--
 10 files changed, 66 insertions(+), 65 deletions(-)

diff --git a/audio/audio_int.h b/audio/audio_int.h
index 9176db249b23..5ba20783463a 100644
--- a/audio/audio_int.h
+++ b/audio/audio_int.h
@@ -43,8 +43,7 @@ struct audio_pcm_info {
 int sign;
 int freq;
 int nchannels;
-int align;
-int shift;
+int bytes_per_frame;
 int bytes_per_second;
 int swap_endianness;
 };
diff --git a/audio/dsound_template.h b/audio/dsound_template.h
index 9f10b688df57..7a15f91ce563 100644
--- a/audio/dsound_template.h
+++ b/audio/dsound_template.h
@@ -98,8 +98,8 @@ static int glue (dsound_lock_, TYPE) (
 goto fail;
 }
 
-if ((p1p && *p1p && (*blen1p & info->align)) ||
-(p2p && *p2p && (*blen2p & info->align))) {
+if ((p1p && *p1p && (*blen1p % info->bytes_per_frame)) ||
+(p2p && *p2p && (*blen2p % info->bytes_per_frame))) {
 dolog("DirectSound returned misaligned buffer %ld %ld\n",
   *blen1p, *blen2p);
 glue(dsound_unlock_, TYPE)(buf, *p1p, p2p ? *p2p : NULL, *blen1p,
@@ -247,14 +247,14 @@ static int dsound_init_out(HWVoiceOut *hw, struct 
audsettings *as,
 obt_as.endianness = 0;
 audio_pcm_init_info (&hw->info, &obt_as);
 
-if (bc.dwBufferBytes & hw->info.align) {
+if (bc.dwBufferBytes % hw->info.bytes_per_frame) {
 dolog (
 "GetCaps returned misaligned buffer size %ld, alignment %d\n",
-bc.dwBufferBytes, hw->info.align + 1
+bc.dwBufferBytes, hw->info.bytes_per_frame
 );
 }
 hw->size_emul = bc.dwBufferBytes;
-hw->samples = bc.dwBufferBytes >> hw->info.shift;
+hw->samples = bc.dwBufferBytes / hw->info.bytes_per_frame;
 ds->s = s;
 
 #ifdef DEBUG_DSOUND
diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index cfe42284a6aa..eddf013a537c 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -602,7 +602,7 @@ static size_t alsa_write(HWVoiceOut *hw, void *buf, size_t 
len)
 {
 ALSAVoiceOut *alsa = (ALSAVoiceOut *) hw;
 size_t pos = 0;
-size_t len_frames = len >> hw->info.shift;
+size_t len_frames = len / hw->info.bytes_per_frame;
 
 while (len_frames) {
 char *src = advance(buf, pos);
@@ -648,7 +648,7 @@ static size_t alsa_write(HWVoiceOut *hw, void *buf, size_t 
len)
 }
 }
 
-pos += written << hw->info.shift;
+pos += written * hw->info.bytes_per_frame;
 if (written < len_frames) {
 break;
 }
@@ -802,7 +802,8 @@ static size_t alsa_read(HWVoiceIn *hw, void *buf, size_t 
len)
 void *dst = advance(buf, pos);
 snd_pcm_sframes_t nread;
 
-nread = snd_pcm_readi(alsa->handle, dst, len >> hw->info.shift);
+nread = snd_pcm_readi(
+alsa->handle, dst, len / hw->info.bytes_per_frame);
 
 if (nread <= 0) {
 switch (nread) {
@@ -828,8 +829,8 @@ static size_t alsa_read(HWVoiceIn *hw, void *buf, size_t 
len)
 }
 }
 
-pos += nread << hw->info.shift;
-len -= nread << hw->info.shift;
+pos += nread * hw->info.bytes_per_frame;
+len -= nread * hw->info.bytes_per_frame;
 }
 
 return pos;
diff --git a/audio/audio.c b/audio/audio.c
index f1c145dfcdeb..c00f4deddd3d 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -299,12 +299,13 @@ static int audio_pcm_info_eq (struct audio_pcm_info 
*info, struct audsettings *a
 
 void audio_pcm_init_info (struct audio_pcm_info *info, struct audsettings *as)
 {
-int bits = 8, sign = 0, shift = 0;
+int bits = 8, sign = 0, mul;
 
 switch (as->fmt) {
 case AUDIO_FORMAT_S8:
 sign = 1;
 case AUDIO_FORMAT_U8:
+mul = 1;
 break;
 
 case AUDIO_FORMAT_S16:
@@ -312,7 +313,7 @@ void audio_pcm_init_info (struct audio_pcm_info *info, 
struct audsettings *as)
 /* fall through */
 case AUDIO_FORMAT_U16:
 bits = 16;
-shift = 1;
+mul = 2;
 break;
 
 case AUDIO_FORMAT_S32:
@@ -320,7 +321,7 @@ void audio_pcm_init_info (struct audio_pcm_info *info, 
struct audsettings *as)
 /* fall through */
 case AUDIO_FORMAT_U32:
 bits = 32;
-  

[PULL 01/13] audio: fix parameter dereference before NULL check

[Gerd Hoffmann]

From: Kővágó, Zoltán 

This should fix Coverity issues CID 1405305 and 1405301.

Signed-off-by: Kővágó, Zoltán 
Message-id: 
0eadcc88b8421bb86ce2d68ac70517f920c3ad6c.1568157545.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 audio/audio_template.h | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/audio/audio_template.h b/audio/audio_template.h
index 235d1acbbebb..1006d6b1eb8a 100644
--- a/audio/audio_template.h
+++ b/audio/audio_template.h
@@ -425,8 +425,8 @@ SW *glue (AUD_open_, TYPE) (
 struct audsettings *as
 )
 {
-AudioState *s = card->state;
-AudiodevPerDirectionOptions *pdo = glue(audio_get_pdo_, TYPE)(s->dev);
+AudioState *s;
+AudiodevPerDirectionOptions *pdo;
 
 if (audio_bug(__func__, !card || !name || !callback_fn || !as)) {
 dolog ("card=%p name=%p callback_fn=%p as=%p\n",
@@ -434,6 +434,9 @@ SW *glue (AUD_open_, TYPE) (
 goto fail;
 }
 
+s = card->state;
+pdo = glue(audio_get_pdo_, TYPE)(s->dev);
+
 ldebug ("open %s, freq %d, nchannels %d, fmt %d\n",
 name, as->freq, as->nchannels, as->fmt);
 
-- 
2.18.1

[PULL 05/13] audio: make mixeng optional

[Gerd Hoffmann]

From: Kővágó, Zoltán 

Implementation of the previously added mixing-engine option.

Signed-off-by: Kővágó, Zoltán 
Message-id: 
c05bc258889ed289e8ee1bdbcc5e84174ec221e7.1570996490.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 audio/audio_template.h | 24 ++-
 audio/audio.c  | 70 ++
 2 files changed, 80 insertions(+), 14 deletions(-)

diff --git a/audio/audio_template.h b/audio/audio_template.h
index 1006d6b1eb8a..3287d7075e6a 100644
--- a/audio/audio_template.h
+++ b/audio/audio_template.h
@@ -78,13 +78,17 @@ static void glue (audio_pcm_hw_free_resources_, TYPE) (HW 
*hw)
 
 static void glue(audio_pcm_hw_alloc_resources_, TYPE)(HW *hw)
 {
-size_t samples = hw->samples;
-if (audio_bug(__func__, samples == 0)) {
-dolog("Attempted to allocate empty buffer\n");
-}
+if (glue(audio_get_pdo_, TYPE)(hw->s->dev)->mixing_engine) {
+size_t samples = hw->samples;
+if (audio_bug(__func__, samples == 0)) {
+dolog("Attempted to allocate empty buffer\n");
+}
 
-HWBUF = g_malloc0(sizeof(STSampleBuffer) + sizeof(st_sample) * samples);
-HWBUF->size = samples;
+HWBUF = g_malloc0(sizeof(STSampleBuffer) + sizeof(st_sample) * 
samples);
+HWBUF->size = samples;
+} else {
+HWBUF = NULL;
+}
 }
 
 static void glue (audio_pcm_sw_free_resources_, TYPE) (SW *sw)
@@ -103,6 +107,10 @@ static int glue (audio_pcm_sw_alloc_resources_, TYPE) (SW 
*sw)
 {
 int samples;
 
+if (!glue(audio_get_pdo_, TYPE)(sw->s->dev)->mixing_engine) {
+return 0;
+}
+
 samples = ((int64_t) sw->HWBUF->size << 32) / sw->ratio;
 
 sw->buf = audio_calloc(__func__, samples, sizeof(struct st_sample));
@@ -328,9 +336,9 @@ static HW *glue(audio_pcm_hw_add_, TYPE)(AudioState *s, 
struct audsettings *as)
 HW *hw;
 AudiodevPerDirectionOptions *pdo = glue(audio_get_pdo_, TYPE)(s->dev);
 
-if (pdo->fixed_settings) {
+if (!pdo->mixing_engine || pdo->fixed_settings) {
 hw = glue(audio_pcm_hw_add_new_, TYPE)(s, as);
-if (hw) {
+if (!pdo->mixing_engine || hw) {
 return hw;
 }
 }
diff --git a/audio/audio.c b/audio/audio.c
index 7128ee98dc97..d616a4af98bd 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -838,32 +838,46 @@ static void audio_timer (void *opaque)
  */
 size_t AUD_write(SWVoiceOut *sw, void *buf, size_t size)
 {
+HWVoiceOut *hw;
+
 if (!sw) {
 /* XXX: Consider options */
 return size;
 }
+hw = sw->hw;
 
-if (!sw->hw->enabled) {
+if (!hw->enabled) {
 dolog ("Writing to disabled voice %s\n", SW_NAME (sw));
 return 0;
 }
 
-return audio_pcm_sw_write(sw, buf, size);
+if (audio_get_pdo_out(hw->s->dev)->mixing_engine) {
+return audio_pcm_sw_write(sw, buf, size);
+} else {
+return hw->pcm_ops->write(hw, buf, size);
+}
 }
 
 size_t AUD_read(SWVoiceIn *sw, void *buf, size_t size)
 {
+HWVoiceIn *hw;
+
 if (!sw) {
 /* XXX: Consider options */
 return size;
 }
+hw = sw->hw;
 
-if (!sw->hw->enabled) {
+if (!hw->enabled) {
 dolog ("Reading from disabled voice %s\n", SW_NAME (sw));
 return 0;
 }
 
-return audio_pcm_sw_read(sw, buf, size);
+if (audio_get_pdo_in(hw->s->dev)->mixing_engine) {
+return audio_pcm_sw_read(sw, buf, size);
+} else {
+return hw->pcm_ops->read(hw, buf, size);
+}
 }
 
 int AUD_get_buffer_size_out (SWVoiceOut *sw)
@@ -1090,6 +1104,26 @@ static void audio_run_out (AudioState *s)
 HWVoiceOut *hw = NULL;
 SWVoiceOut *sw;
 
+if (!audio_get_pdo_out(s->dev)->mixing_engine) {
+while ((hw = audio_pcm_hw_find_any_enabled_out(s, hw))) {
+/* there is exactly 1 sw for each hw with no mixeng */
+sw = hw->sw_head.lh_first;
+
+if (hw->pending_disable) {
+hw->enabled = 0;
+hw->pending_disable = 0;
+if (hw->pcm_ops->enable_out) {
+hw->pcm_ops->enable_out(hw, false);
+}
+}
+
+if (sw->active) {
+sw->callback.fn(sw->callback.opaque, INT_MAX);
+}
+}
+return;
+}
+
 while ((hw = audio_pcm_hw_find_any_enabled_out(s, hw))) {
 size_t played, live, prev_rpos, free;
 int nb_live, cleanup_required;
@@ -1227,6 +1261,17 @@ static void audio_run_in (AudioState *s)
 {
 HWVoiceIn *hw = NULL;
 
+if (!audio_get_pdo_in(s->dev)->mixing_engine) {
+while ((hw = audio_pcm_hw_find_any_enabled_in(s, hw))) {
+/* there is exactly 1 sw for each hw with no mixeng */
+SWVoiceIn *sw = hw->sw_head.lh_first;
+if (sw->active) {
+sw->callback.fn(sw->callback.opaque, INT_MAX);
+}
+}
+return;
+}
+
 while ((hw = audio_pcm_hw_find_any_enabled_i

[PULL 13/13] paaudio: fix channel order for usb-audio 5.1 and 7.1 streams

[Gerd Hoffmann]

From: Kővágó, Zoltán 

Signed-off-by: Kővágó, Zoltán 
Message-id: 
2900e462d27bd73277ae083d037c32b1b4451ee2.1570996490.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 audio/paaudio.c | 50 -
 1 file changed, 45 insertions(+), 5 deletions(-)

diff --git a/audio/paaudio.c b/audio/paaudio.c
index 292c8c9ff4c0..df541a72d3a9 100644
--- a/audio/paaudio.c
+++ b/audio/paaudio.c
@@ -339,17 +339,59 @@ static pa_stream *qpa_simple_new (
 pa_stream_direction_t dir,
 const char *dev,
 const pa_sample_spec *ss,
-const pa_channel_map *map,
 const pa_buffer_attr *attr,
 int *rerror)
 {
 int r;
-pa_stream *stream;
+pa_stream *stream = NULL;
 pa_stream_flags_t flags;
+pa_channel_map map;
 
 pa_threaded_mainloop_lock(c->mainloop);
 
-stream = pa_stream_new(c->context, name, ss, map);
+pa_channel_map_init(&map);
+map.channels = ss->channels;
+
+/*
+ * TODO: This currently expects the only frontend supporting more than 2
+ * channels is the usb-audio.  We will need some means to set channel
+ * order when a new frontend gains multi-channel support.
+ */
+switch (ss->channels) {
+case 1:
+map.map[0] = PA_CHANNEL_POSITION_MONO;
+break;
+
+case 2:
+map.map[0] = PA_CHANNEL_POSITION_LEFT;
+map.map[1] = PA_CHANNEL_POSITION_RIGHT;
+break;
+
+case 6:
+map.map[0] = PA_CHANNEL_POSITION_FRONT_LEFT;
+map.map[1] = PA_CHANNEL_POSITION_FRONT_RIGHT;
+map.map[2] = PA_CHANNEL_POSITION_CENTER;
+map.map[3] = PA_CHANNEL_POSITION_LFE;
+map.map[4] = PA_CHANNEL_POSITION_REAR_LEFT;
+map.map[5] = PA_CHANNEL_POSITION_REAR_RIGHT;
+break;
+
+case 8:
+map.map[0] = PA_CHANNEL_POSITION_FRONT_LEFT;
+map.map[1] = PA_CHANNEL_POSITION_FRONT_RIGHT;
+map.map[2] = PA_CHANNEL_POSITION_CENTER;
+map.map[3] = PA_CHANNEL_POSITION_LFE;
+map.map[4] = PA_CHANNEL_POSITION_REAR_LEFT;
+map.map[5] = PA_CHANNEL_POSITION_REAR_RIGHT;
+map.map[6] = PA_CHANNEL_POSITION_SIDE_LEFT;
+map.map[7] = PA_CHANNEL_POSITION_SIDE_RIGHT;
+
+default:
+dolog("Internal error: unsupported channel count %d\n", ss->channels);
+goto fail;
+}
+
+stream = pa_stream_new(c->context, name, ss, &map);
 if (!stream) {
 goto fail;
 }
@@ -422,7 +464,6 @@ static int qpa_init_out(HWVoiceOut *hw, struct audsettings 
*as,
 PA_STREAM_PLAYBACK,
 ppdo->has_name ? ppdo->name : NULL,
 &ss,
-NULL,   /* channel map */
 &ba,/* buffering attributes */
 &error
 );
@@ -471,7 +512,6 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings 
*as, void *drv_opaque)
 PA_STREAM_RECORD,
 ppdo->has_name ? ppdo->name : NULL,
 &ss,
-NULL,   /* channel map */
 &ba,/* buffering attributes */
 &error
 );
-- 
2.18.1

[PULL 12/13] usbaudio: change playback counters to 64 bit

[Gerd Hoffmann]

From: Kővágó, Zoltán 

With stereo playback, they need about 375 minutes of continuous audio
playback to overflow, which is usually not a problem (as stopping and
later resuming playback resets the counters).  But with 7.1 audio, they
only need about 95 minutes to overflow.

After the overflow, the buf->prod % USBAUDIO_PACKET_SIZE(channels)
assertion no longer holds true, which will result in overflowing the
buffer.  With 64 bit variables, it would take about 762000 years to
overflow.

Signed-off-by: Kővágó, Zoltán 
Message-id: 
ff866985ed369f1e18ea7c70da6a7fce8e241deb.1570996490.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-audio.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/hw/usb/dev-audio.c b/hw/usb/dev-audio.c
index e42bdfbdc101..ea604bbb8e4a 100644
--- a/hw/usb/dev-audio.c
+++ b/hw/usb/dev-audio.c
@@ -578,9 +578,9 @@ static const USBDesc desc_audio_multi = {
 
 struct streambuf {
 uint8_t *data;
-uint32_t size;
-uint32_t prod;
-uint32_t cons;
+size_t size;
+uint64_t prod;
+uint64_t cons;
 };
 
 static void streambuf_init(struct streambuf *buf, uint32_t size,
@@ -601,7 +601,7 @@ static void streambuf_fini(struct streambuf *buf)
 
 static int streambuf_put(struct streambuf *buf, USBPacket *p, uint32_t 
channels)
 {
-uint32_t free = buf->size - (buf->prod - buf->cons);
+int64_t free = buf->size - (buf->prod - buf->cons);
 
 if (free < USBAUDIO_PACKET_SIZE(channels)) {
 return 0;
@@ -610,6 +610,8 @@ static int streambuf_put(struct streambuf *buf, USBPacket 
*p, uint32_t channels)
 return 0;
 }
 
+/* can happen if prod overflows */
+assert(buf->prod % USBAUDIO_PACKET_SIZE(channels) == 0);
 usb_packet_copy(p, buf->data + (buf->prod % buf->size),
 USBAUDIO_PACKET_SIZE(channels));
 buf->prod += USBAUDIO_PACKET_SIZE(channels);
@@ -618,10 +620,10 @@ static int streambuf_put(struct streambuf *buf, USBPacket 
*p, uint32_t channels)
 
 static uint8_t *streambuf_get(struct streambuf *buf, size_t *len)
 {
-uint32_t used = buf->prod - buf->cons;
+int64_t used = buf->prod - buf->cons;
 uint8_t *data;
 
-if (!used) {
+if (used <= 0) {
 *len = 0;
 return NULL;
 }
-- 
2.18.1

[PATCH v2 1/7] qapi: Don't suppress doc generation without pragma doc-required

[Markus Armbruster]

Commit bc52d03ff5 "qapi: Make doc comments optional where we don't
need them" made scripts/qapi2texi.py fail[*] unless the schema had
pragma 'doc-required': true.  The stated reason was inability to cope
with incomplete documentation.

When commit fb0bc835e5 "qapi-gen: New common driver for code and doc
generators" folded scripts/qapi2texi.py into scripts/qapi-gen.py, it
turned the failure into silent suppression.

The doc generator can cope with incomplete documentation now.  I don't
know since when, or what the problem was, or even whether it ever
existed.

Drop the silent suppression.

[*] The fail part was broken, fixed in commit e8ba07ea9a.

Signed-off-by: Markus Armbruster 
Reviewed-by: Eric Blake 
---
 scripts/qapi/doc.py| 2 --
 tests/Makefile.include | 1 +
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/scripts/qapi/doc.py b/scripts/qapi/doc.py
index 5fc0fc7e06..693cc4486b 100755
--- a/scripts/qapi/doc.py
+++ b/scripts/qapi/doc.py
@@ -283,8 +283,6 @@ class 
QAPISchemaGenDocVisitor(qapi.common.QAPISchemaVisitor):
 
 
 def gen_doc(schema, output_dir, prefix):
-if not qapi.common.doc_required:
-return
 vis = QAPISchemaGenDocVisitor(prefix)
 vis.visit_begin(schema)
 for doc in schema.docs:
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 3543451ed3..214fbd941c 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -609,6 +609,7 @@ tests/test-qapi-gen-timestamp: \
$(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-gen.py \
-o tests -p "test-" $<, \
"GEN","$(@:%-timestamp=%)")
+   @rm -f tests/test-qapi-doc.texi
@>$@
 
 tests/qapi-schema/doc-good.test.texi: 
$(SRC_PATH)/tests/qapi-schema/doc-good.json $(qapi-py)
-- 
2.21.0

[PULL 04/13] audio: add mixing-engine option (documentation)

[Gerd Hoffmann]

From: Kővágó, Zoltán 

This will allow us to disable mixeng when we use a decent backend.

Disabling mixeng have a few advantages:
* we no longer convert the audio output from one format to another, when
  the underlying audio system would just convert it to a third format.
  We no longer convert, only the underlying system, when needed.
* the underlying system probably has better resampling and sample format
  converting methods anyway...
* we may support formats that the mixeng currently does not support (S24
  or float samples, more than two channels)
* when using an audio server (like pulseaudio) different sound card
  outputs will show up as separate streams, even if we use only one
  backend

Disadvantages:
* audio capturing no longer works (wavcapture, and vnc audio extension)
* some backends only support a single playback stream or very picky
  about the audio format.  In this case we can't disable mixeng.

Originally thw two main use cases of the disabled option was: using
unsupported audio formats (5.1 and 7.1 audio) and having different
pulseaudio streams per audio frontend.  Since we can have multiple
-audiodevs, the latter is not that important, so currently you only need
this option if you want to use 5.1 or 7.1 audio (implemented in a later
patch), otherwise it's probably better to stick to the old and tried
mixeng, since it's less picky about the backends.

The ideal solution would be to port as much as possible to gstreamer,
but this is currently out of scope:
https://wiki.qemu.org/Internships/ProjectIdeas/AudioGStreamer

Signed-off-by: Kővágó, Zoltán 
Message-id: 
5765186a7aadd51a72bc7d3e804307f0ee8a34ce.1570996490.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 qapi/audio.json |  6 ++
 qemu-options.hx | 15 +++
 2 files changed, 21 insertions(+)

diff --git a/qapi/audio.json b/qapi/audio.json
index e45218f081f2..83312b23391e 100644
--- a/qapi/audio.json
+++ b/qapi/audio.json
@@ -11,6 +11,11 @@
 # General audio backend options that are used for both playback and
 # recording.
 #
+# @mixing-engine: use QEMU's mixing engine to mix all streams inside QEMU and
+# convert audio formats when not supported by the backend. When
+# set to off, fixed-settings must be also off (default on,
+# since 4.2)
+#
 # @fixed-settings: use fixed settings for host input/output. When off,
 #  frequency, channels and format must not be
 #  specified (default true)
@@ -31,6 +36,7 @@
 ##
 { 'struct': 'AudiodevPerDirectionOptions',
   'data': {
+'*mixing-engine':  'bool',
 '*fixed-settings': 'bool',
 '*frequency':  'uint32',
 '*channels':   'uint32',
diff --git a/qemu-options.hx b/qemu-options.hx
index 793d70ff9388..996b6fba7461 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -433,6 +433,7 @@ DEF("audiodev", HAS_ARG, QEMU_OPTION_audiodev,
 "specifies the audio backend to use\n"
 "id= identifier of the backend\n"
 "timer-period= timer period in microseconds\n"
+"in|out.mixing-engine= use mixing engine to mix streams 
inside QEMU\n"
 "in|out.fixed-settings= use fixed settings for host 
audio\n"
 "in|out.frequency= frequency to use with fixed settings\n"
 "in|out.channels= number of channels to use with fixed 
settings\n"
@@ -493,6 +494,10 @@ output's property with @code{out.@var{prop}}. For example:
 -audiodev alsa,id=example,out.channels=1 # leaves in.channels unspecified
 @end example
 
+NOTE: parameter validation is known to be incomplete, in many cases
+specifying an invalid option causes QEMU to print an error message and
+continue emulation without sound.
+
 Valid global options are:
 
 @table @option
@@ -503,6 +508,16 @@ Identifies the audio backend.
 Sets the timer @var{period} used by the audio subsystem in microseconds.
 Default is 1 (10 ms).
 
+@item in|out.mixing-engine=on|off
+Use QEMU's mixing engine to mix all streams inside QEMU and convert
+audio formats when not supported by the backend.  When off,
+@var{fixed-settings} must be off too.  Note that disabling this option
+means that the selected backend must support multiple streams and the
+audio formats used by the virtual cards, otherwise you'll get no sound.
+It's not recommended to disable this option unless you want to use 5.1
+or 7.1 audio, as mixing engine only supports mono and stereo audio.
+Default is on.
+
 @item in|out.fixed-settings=on|off
 Use fixed settings for host audio.  When off, it will change based on
 how the guest opens the sound card.  In this case you must not specify
-- 
2.18.1

[PULL 06/13] paaudio: get/put_buffer functions

[Gerd Hoffmann]

From: Kővágó, Zoltán 

This lets us avoid some buffer copying when using mixeng.

Signed-off-by: Kővágó, Zoltán 
Message-id: 
d03d30138b9b5a9681cc90cbfbfec0a197cac88c.1570996490.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 audio/paaudio.c | 83 +
 1 file changed, 83 insertions(+)

diff --git a/audio/paaudio.c b/audio/paaudio.c
index 2cba492d8265..77cd0bc0d026 100644
--- a/audio/paaudio.c
+++ b/audio/paaudio.c
@@ -99,6 +99,59 @@ static inline int PA_STREAM_IS_GOOD(pa_stream_state_t x)
 }   \
 } while (0)
 
+static void *qpa_get_buffer_in(HWVoiceIn *hw, size_t *size)
+{
+PAVoiceIn *p = (PAVoiceIn *) hw;
+PAConnection *c = p->g->conn;
+int r;
+
+pa_threaded_mainloop_lock(c->mainloop);
+
+CHECK_DEAD_GOTO(c, p->stream, unlock_and_fail,
+"pa_threaded_mainloop_lock failed\n");
+
+if (!p->read_length) {
+r = pa_stream_peek(p->stream, &p->read_data, &p->read_length);
+CHECK_SUCCESS_GOTO(c, r == 0, unlock_and_fail,
+   "pa_stream_peek failed\n");
+}
+
+*size = MIN(p->read_length, *size);
+
+pa_threaded_mainloop_unlock(c->mainloop);
+return (void *) p->read_data;
+
+unlock_and_fail:
+pa_threaded_mainloop_unlock(c->mainloop);
+*size = 0;
+return NULL;
+}
+
+static void qpa_put_buffer_in(HWVoiceIn *hw, void *buf, size_t size)
+{
+PAVoiceIn *p = (PAVoiceIn *) hw;
+PAConnection *c = p->g->conn;
+int r;
+
+pa_threaded_mainloop_lock(c->mainloop);
+
+CHECK_DEAD_GOTO(c, p->stream, unlock,
+"pa_threaded_mainloop_lock failed\n");
+
+assert(buf == p->read_data && size <= p->read_length);
+
+p->read_data += size;
+p->read_length -= size;
+
+if (size && !p->read_length) {
+r = pa_stream_drop(p->stream);
+CHECK_SUCCESS_GOTO(c, r == 0, unlock, "pa_stream_drop failed\n");
+}
+
+unlock:
+pa_threaded_mainloop_unlock(c->mainloop);
+}
+
 static size_t qpa_read(HWVoiceIn *hw, void *data, size_t length)
 {
 PAVoiceIn *p = (PAVoiceIn *) hw;
@@ -137,6 +190,32 @@ unlock_and_fail:
 return 0;
 }
 
+static void *qpa_get_buffer_out(HWVoiceOut *hw, size_t *size)
+{
+PAVoiceOut *p = (PAVoiceOut *) hw;
+PAConnection *c = p->g->conn;
+void *ret;
+int r;
+
+pa_threaded_mainloop_lock(c->mainloop);
+
+CHECK_DEAD_GOTO(c, p->stream, unlock_and_fail,
+"pa_threaded_mainloop_lock failed\n");
+
+*size = -1;
+r = pa_stream_begin_write(p->stream, &ret, size);
+CHECK_SUCCESS_GOTO(c, r >= 0, unlock_and_fail,
+   "pa_stream_begin_write failed\n");
+
+pa_threaded_mainloop_unlock(c->mainloop);
+return ret;
+
+unlock_and_fail:
+pa_threaded_mainloop_unlock(c->mainloop);
+*size = 0;
+return NULL;
+}
+
 static size_t qpa_write(HWVoiceOut *hw, void *data, size_t length)
 {
 PAVoiceOut *p = (PAVoiceOut *) hw;
@@ -701,11 +780,15 @@ static struct audio_pcm_ops qpa_pcm_ops = {
 .init_out = qpa_init_out,
 .fini_out = qpa_fini_out,
 .write= qpa_write,
+.get_buffer_out = qpa_get_buffer_out,
+.put_buffer_out = qpa_write, /* pa handles it */
 .volume_out = qpa_volume_out,
 
 .init_in  = qpa_init_in,
 .fini_in  = qpa_fini_in,
 .read = qpa_read,
+.get_buffer_in = qpa_get_buffer_in,
+.put_buffer_in = qpa_put_buffer_in,
 .volume_in = qpa_volume_in
 };
 
-- 
2.18.1

[PATCH v2 7/7] qapi: Clear scripts/qapi/doc.py executable bits again

[Markus Armbruster]

Commit fbf09a2fa4 "qapi: add 'ifcond' to visitor methods" brought back
the executable bits.  Fix that.  Drop the #! line for good measure.

Signed-off-by: Markus Armbruster 
Reviewed-by: Eric Blake 
---
 scripts/qapi/doc.py | 1 -
 1 file changed, 1 deletion(-)
 mode change 100755 => 100644 scripts/qapi/doc.py

diff --git a/scripts/qapi/doc.py b/scripts/qapi/doc.py
old mode 100755
new mode 100644
index 1c5125249f..dc8919bab7
--- a/scripts/qapi/doc.py
+++ b/scripts/qapi/doc.py
@@ -1,4 +1,3 @@
-#!/usr/bin/env python
 # QAPI texi generator
 #
 # This work is licensed under the terms of the GNU LGPL, version 2+.
-- 
2.21.0

[PULL 11/13] usb-audio: support more than two channels of audio

[Gerd Hoffmann]

From: Kővágó, Zoltán 

This commit adds support for 5.1 and 7.1 audio playback.  This commit
adds a new property to usb-audio:

* multi=on|off
  Whether to enable the 5.1 and 7.1 audio support.  When off (default)
  it continues to emulate the old stereo-only device.  When on, it
  emulates a slightly different audio device that supports 5.1 and 7.1
  audio.

Signed-off-by: Kővágó, Zoltán 
Message-id: 
98e96606228afa907fa238eac26573d5af63434a.1570996490.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-audio.c | 419 +++--
 1 file changed, 366 insertions(+), 53 deletions(-)

diff --git a/hw/usb/dev-audio.c b/hw/usb/dev-audio.c
index 74c99b1f1204..e42bdfbdc101 100644
--- a/hw/usb/dev-audio.c
+++ b/hw/usb/dev-audio.c
@@ -37,11 +37,15 @@
 #include "desc.h"
 #include "audio/audio.h"
 
+static void usb_audio_reinit(USBDevice *dev, unsigned channels);
+
 #define USBAUDIO_VENDOR_NUM 0x46f4 /* CRC16() of "QEMU" */
 #define USBAUDIO_PRODUCT_NUM0x0002
 
 #define DEV_CONFIG_VALUE1 /* The one and only */
 
+#define USBAUDIO_MAX_CHANNELS(s) (s->multi ? 8 : 2)
+
 /* Descriptor subtypes for AC interfaces */
 #define DST_AC_HEADER   1
 #define DST_AC_INPUT_TERMINAL   2
@@ -80,6 +84,27 @@ static const USBDescStrings usb_audio_stringtable = {
 [STRING_REAL_STREAM]= "Audio Output - 48 kHz Stereo",
 };
 
+/*
+ * A USB audio device supports an arbitrary number of alternate
+ * interface settings for each interface.  Each corresponds to a block
+ * diagram of parameterized blocks.  This can thus refer to things like
+ * number of channels, data rates, or in fact completely different
+ * block diagrams.  Alternative setting 0 is always the null block diagram,
+ * which is used by a disabled device.
+ */
+enum usb_audio_altset {
+ALTSET_OFF= 0x00, /* No endpoint */
+ALTSET_STEREO = 0x01, /* Single endpoint */
+ALTSET_51 = 0x02,
+ALTSET_71 = 0x03,
+};
+
+static unsigned altset_channels[] = {
+[ALTSET_STEREO] = 2,
+[ALTSET_51] = 6,
+[ALTSET_71] = 8,
+};
+
 #define U16(x) ((x) & 0xff), (((x) >> 8) & 0xff)
 #define U24(x) U16(x), (((x) >> 16) & 0xff)
 #define U32(x) U24(x), (((x) >> 24) & 0xff)
@@ -87,7 +112,8 @@ static const USBDescStrings usb_audio_stringtable = {
 /*
  * A Basic Audio Device uses these specific values
  */
-#define USBAUDIO_PACKET_SIZE 192
+#define USBAUDIO_PACKET_SIZE_BASE 96
+#define USBAUDIO_PACKET_SIZE(channels) (USBAUDIO_PACKET_SIZE_BASE * channels)
 #define USBAUDIO_SAMPLE_RATE 48000
 #define USBAUDIO_PACKET_INTERVAL 1
 
@@ -121,7 +147,7 @@ static const USBDescIface desc_iface[] = {
 0x01,   /*  u8  bTerminalID */
 U16(0x0101),/* u16  wTerminalType */
 0x00,   /*  u8  bAssocTerminal */
-0x02,   /* u16  bNrChannels */
+0x02,   /*  u8  bNrChannels */
 U16(0x0003),/* u16  wChannelConfig */
 0x00,   /*  u8  iChannelNames */
 STRING_INPUT_TERMINAL,  /*  u8  iTerminal */
@@ -156,14 +182,14 @@ static const USBDescIface desc_iface[] = {
 },
 },{
 .bInterfaceNumber  = 1,
-.bAlternateSetting = 0,
+.bAlternateSetting = ALTSET_OFF,
 .bNumEndpoints = 0,
 .bInterfaceClass   = USB_CLASS_AUDIO,
 .bInterfaceSubClass= USB_SUBCLASS_AUDIO_STREAMING,
 .iInterface= STRING_NULL_STREAM,
 },{
 .bInterfaceNumber  = 1,
-.bAlternateSetting = 1,
+.bAlternateSetting = ALTSET_STEREO,
 .bNumEndpoints = 1,
 .bInterfaceClass   = USB_CLASS_AUDIO,
 .bInterfaceSubClass= USB_SUBCLASS_AUDIO_STREAMING,
@@ -199,7 +225,7 @@ static const USBDescIface desc_iface[] = {
 {
 .bEndpointAddress  = USB_DIR_OUT | 0x01,
 .bmAttributes  = 0x0d,
-.wMaxPacketSize= USBAUDIO_PACKET_SIZE,
+.wMaxPacketSize= USBAUDIO_PACKET_SIZE(2),
 .bInterval = 1,
 .is_audio  = 1,
 /* Stereo Headphone Class-specific
@@ -247,17 +273,274 @@ static const USBDesc desc_audio = {
 .str  = usb_audio_stringtable,
 };
 
-/*
- * A USB audio device supports an arbitrary number of alternate
- * interface settings for each interface.  Each corresponds to a block
- * diagram of parameterized blocks.  This can thus refer to things like
- * number of channels, data rates, or in fact completely different
- * block diagrams.  Alternative setting 0 is always the null block diagram

[PULL 10/13] usb-audio: do not count on avail bytes actually available

[Gerd Hoffmann]

From: Kővágó, Zoltán 

This assumption is no longer true when mixeng is turned off.

Signed-off-by: Kővágó, Zoltán 
Message-id: 
d63f4d39a0ee7a2e4e7e4a2eb005ba79120eaf1d.1570996490.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-audio.c | 30 ++
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/hw/usb/dev-audio.c b/hw/usb/dev-audio.c
index ae42e5a2f1d0..74c99b1f1204 100644
--- a/hw/usb/dev-audio.c
+++ b/hw/usb/dev-audio.c
@@ -319,30 +319,31 @@ static int streambuf_put(struct streambuf *buf, USBPacket 
*p)
 {
 uint32_t free = buf->size - (buf->prod - buf->cons);
 
-if (!free) {
+if (free < USBAUDIO_PACKET_SIZE) {
 return 0;
 }
 if (p->iov.size != USBAUDIO_PACKET_SIZE) {
 return 0;
 }
-assert(free >= USBAUDIO_PACKET_SIZE);
+
 usb_packet_copy(p, buf->data + (buf->prod % buf->size),
 USBAUDIO_PACKET_SIZE);
 buf->prod += USBAUDIO_PACKET_SIZE;
 return USBAUDIO_PACKET_SIZE;
 }
 
-static uint8_t *streambuf_get(struct streambuf *buf)
+static uint8_t *streambuf_get(struct streambuf *buf, size_t *len)
 {
 uint32_t used = buf->prod - buf->cons;
 uint8_t *data;
 
 if (!used) {
+*len = 0;
 return NULL;
 }
-assert(used >= USBAUDIO_PACKET_SIZE);
 data = buf->data + (buf->cons % buf->size);
-buf->cons += USBAUDIO_PACKET_SIZE;
+*len = MIN(buf->prod - buf->cons,
+   buf->size - (buf->cons % buf->size));
 return data;
 }
 
@@ -374,16 +375,21 @@ static void output_callback(void *opaque, int avail)
 USBAudioState *s = opaque;
 uint8_t *data;
 
-for (;;) {
-if (avail < USBAUDIO_PACKET_SIZE) {
-return;
-}
-data = streambuf_get(&s->out.buf);
+while (avail) {
+size_t written, len;
+
+data = streambuf_get(&s->out.buf, &len);
 if (!data) {
 return;
 }
-AUD_write(s->out.voice, data, USBAUDIO_PACKET_SIZE);
-avail -= USBAUDIO_PACKET_SIZE;
+
+written = AUD_write(s->out.voice, data, len);
+avail -= written;
+s->out.buf.cons += written;
+
+if (written < len) {
+return;
+}
 }
 }
 
-- 
2.18.1

[PULL 02/13] audio: paaudio: fix connection and stream name

[Gerd Hoffmann]

From: Kővágó, Zoltán 

Connection name was previously erroneously set to the server socket
path, while connection names were simply "qemu".  After this patch, the
connection name will be the vm name (falling back to "qemu" if not
specified), while stream names will be the audiodev's id.

Signed-off-by: Kővágó, Zoltán 
Message-id: 
3d139426031a400a68d440608ba5e43f0e116cd8.1568157545.git.dirty.ice...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 audio/paaudio.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/audio/paaudio.c b/audio/paaudio.c
index ed31f863f7fe..3e6580a5ee50 100644
--- a/audio/paaudio.c
+++ b/audio/paaudio.c
@@ -2,6 +2,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu/module.h"
+#include "qemu-common.h"
 #include "audio.h"
 #include "qapi/opts-visitor.h"
 
@@ -338,7 +339,7 @@ static int qpa_init_out(HWVoiceOut *hw, struct audsettings 
*as,
 
 pa->stream = qpa_simple_new (
 c,
-"qemu",
+g->dev->id,
 PA_STREAM_PLAYBACK,
 ppdo->has_name ? ppdo->name : NULL,
 &ss,
@@ -387,7 +388,7 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings 
*as, void *drv_opaque)
 
 pa->stream = qpa_simple_new (
 c,
-"qemu",
+g->dev->id,
 PA_STREAM_RECORD,
 ppdo->has_name ? ppdo->name : NULL,
 &ss,
@@ -549,6 +550,7 @@ static int qpa_validate_per_direction_opts(Audiodev *dev,
 /* common */
 static void *qpa_conn_init(const char *server)
 {
+const char *vm_name;
 PAConnection *c = g_malloc0(sizeof(PAConnection));
 QTAILQ_INSERT_TAIL(&pa_conns, c, list);
 
@@ -557,8 +559,9 @@ static void *qpa_conn_init(const char *server)
 goto fail;
 }
 
+vm_name = qemu_get_vm_name();
 c->context = pa_context_new(pa_threaded_mainloop_get_api(c->mainloop),
-server);
+vm_name ? vm_name : "qemu");
 if (!c->context) {
 goto fail;
 }
-- 
2.18.1

[PATCH v2 0/7] qapi: Cleanups and test speedup

[Markus Armbruster]

v2:
* PATCH 4,6
  - Commit message improved [Eric]
* PATCH 6
  - Makefiles updated [Kevin]
  - Import statements fixed

Markus Armbruster (7):
  qapi: Don't suppress doc generation without pragma doc-required
  qapi: Store pragma state in QAPISourceInfo, not global state
  qapi: Eliminate accidental global frontend state
  qapi: Speed up frontend tests
  qapi: Move gen_enum(), gen_enum_lookup() back to qapi/types.py
  qapi: Split up scripts/qapi/common.py
  qapi: Clear scripts/qapi/doc.py executable bits again

 Makefile  |   13 +-
 scripts/qapi-gen.py   |   10 +-
 scripts/qapi/commands.py  |1 +
 scripts/qapi/common.py| 2377 -
 scripts/qapi/doc.py   |   10 +-
 scripts/qapi/error.py |   42 +
 scripts/qapi/events.py|3 +
 scripts/qapi/expr.py  |  377 +++
 scripts/qapi/gen.py   |  290 ++
 scripts/qapi/introspect.py|5 +
 scripts/qapi/parser.py|  569 
 scripts/qapi/schema.py| 1042 
 scripts/qapi/source.py|   67 +
 scripts/qapi/types.py |   61 +
 scripts/qapi/visit.py |2 +
 tests/Makefile.include|   30 +-
 tests/qapi-schema/allow-preconfig-test.err|4 +-
 tests/qapi-schema/allow-preconfig-test.exit   |1 -
 tests/qapi-schema/alternate-any.err   |4 +-
 tests/qapi-schema/alternate-any.exit  |1 -
 tests/qapi-schema/alternate-array.err |4 +-
 tests/qapi-schema/alternate-array.exit|1 -
 tests/qapi-schema/alternate-base.err  |4 +-
 tests/qapi-schema/alternate-base.exit |1 -
 .../alternate-branch-if-invalid.err   |4 +-
 .../alternate-branch-if-invalid.exit  |1 -
 tests/qapi-schema/alternate-clash.err |4 +-
 tests/qapi-schema/alternate-clash.exit|1 -
 .../alternate-conflict-bool-string.err|4 +-
 .../alternate-conflict-bool-string.exit   |1 -
 tests/qapi-schema/alternate-conflict-dict.err |4 +-
 .../qapi-schema/alternate-conflict-dict.exit  |1 -
 .../alternate-conflict-enum-bool.err  |4 +-
 .../alternate-conflict-enum-bool.exit |1 -
 .../alternate-conflict-enum-int.err   |4 +-
 .../alternate-conflict-enum-int.exit  |1 -
 .../alternate-conflict-num-string.err |4 +-
 .../alternate-conflict-num-string.exit|1 -
 .../qapi-schema/alternate-conflict-string.err |4 +-
 .../alternate-conflict-string.exit|1 -
 tests/qapi-schema/alternate-empty.err |4 +-
 tests/qapi-schema/alternate-empty.exit|1 -
 tests/qapi-schema/alternate-invalid-dict.err  |4 +-
 tests/qapi-schema/alternate-invalid-dict.exit |1 -
 tests/qapi-schema/alternate-nested.err|4 +-
 tests/qapi-schema/alternate-nested.exit   |1 -
 tests/qapi-schema/alternate-unknown.err   |4 +-
 tests/qapi-schema/alternate-unknown.exit  |1 -
 tests/qapi-schema/args-alternate.err  |4 +-
 tests/qapi-schema/args-alternate.exit |1 -
 tests/qapi-schema/args-any.err|4 +-
 tests/qapi-schema/args-any.exit   |1 -
 tests/qapi-schema/args-array-empty.err|4 +-
 tests/qapi-schema/args-array-empty.exit   |1 -
 tests/qapi-schema/args-array-unknown.err  |4 +-
 tests/qapi-schema/args-array-unknown.exit |1 -
 tests/qapi-schema/args-bad-boxed.err  |4 +-
 tests/qapi-schema/args-bad-boxed.exit |1 -
 tests/qapi-schema/args-boxed-anon.err |4 +-
 tests/qapi-schema/args-boxed-anon.exit|1 -
 tests/qapi-schema/args-boxed-string.err   |4 +-
 tests/qapi-schema/args-boxed-string.exit  |1 -
 tests/qapi-schema/args-int.err|4 +-
 tests/qapi-schema/args-int.exit   |1 -
 tests/qapi-schema/args-invalid.err|4 +-
 tests/qapi-schema/args-invalid.exit   |1 -
 tests/qapi-schema/args-member-array-bad.err   |4 +-
 tests/qapi-schema/args-member-array-bad.exit  |1 -
 tests/qapi-schema/args-member-case.err|4 +-
 tests/qapi-schema/args-member-case.exit   |1 -
 tests/qapi-schema/args-member-unknown.err |4 +-
 tests/qapi-schema/args-member-unknown.exit|1 -
 tests/qapi-schema/args-name-clash.err |4 +-
 tests/qapi-schema/args-name-clash.exit|1 -
 tests/qapi-schema/args-union.err  |4 +-
 tests/qapi-schema/args-union.exit |1 -
 tests/qapi-schema/args-unknown.err|4 +-
 tests/qapi-schema/args-unknown.exit   |1 -
 tests/qapi-schema/bad-base.err|  

[PATCH v2 5/7] qapi: Move gen_enum(), gen_enum_lookup() back to qapi/types.py

[Markus Armbruster]

The next commit will split up qapi/common.py.  gen_enum() needs
QAPISchemaEnumMember, and that's in the way.  Move it to qapi/types.py
along with its buddy gen_enum_lookup().

Permit me a short a digression on history: how did gen_enum() end up
in qapi/common.py?  Commit 21cd70dfc1 "qapi script: add event support"
duplicated qapi-types.py's gen_enum() and gen_enum_lookup() in
qapi-event.py.  Simply importing them would have been cleaner, but
wasn't possible as qapi-types.py was a program, not a module.  Commit
efd2eaa6c2 "qapi: De-duplicate enum code generation" de-duplicated by
moving them to qapi.py, which was a module.

Since then, program qapi-types.py has morphed into module types.py.
It's where gen_enum() and gen_enum_lookup() started, and where they
belong.

Signed-off-by: Markus Armbruster 
Reviewed-by: Eric Blake 
---
 scripts/qapi/common.py | 59 --
 scripts/qapi/events.py |  1 +
 scripts/qapi/types.py  | 59 ++
 3 files changed, 60 insertions(+), 59 deletions(-)

diff --git a/scripts/qapi/common.py b/scripts/qapi/common.py
index 9d5c05f6a1..306857f0c0 100644
--- a/scripts/qapi/common.py
+++ b/scripts/qapi/common.py
@@ -2239,65 +2239,6 @@ def _wrap_ifcond(ifcond, before, after):
 return out
 
 
-def gen_enum_lookup(name, members, prefix=None):
-ret = mcgen('''
-
-const QEnumLookup %(c_name)s_lookup = {
-.array = (const char *const[]) {
-''',
-c_name=c_name(name))
-for m in members:
-ret += gen_if(m.ifcond)
-index = c_enum_const(name, m.name, prefix)
-ret += mcgen('''
-[%(index)s] = "%(name)s",
-''',
- index=index, name=m.name)
-ret += gen_endif(m.ifcond)
-
-ret += mcgen('''
-},
-.size = %(max_index)s
-};
-''',
- max_index=c_enum_const(name, '_MAX', prefix))
-return ret
-
-
-def gen_enum(name, members, prefix=None):
-# append automatically generated _MAX value
-enum_members = members + [QAPISchemaEnumMember('_MAX', None)]
-
-ret = mcgen('''
-
-typedef enum %(c_name)s {
-''',
-c_name=c_name(name))
-
-for m in enum_members:
-ret += gen_if(m.ifcond)
-ret += mcgen('''
-%(c_enum)s,
-''',
- c_enum=c_enum_const(name, m.name, prefix))
-ret += gen_endif(m.ifcond)
-
-ret += mcgen('''
-} %(c_name)s;
-''',
- c_name=c_name(name))
-
-ret += mcgen('''
-
-#define %(c_name)s_str(val) \\
-qapi_enum_lookup(&%(c_name)s_lookup, (val))
-
-extern const QEnumLookup %(c_name)s_lookup;
-''',
- c_name=c_name(name))
-return ret
-
-
 def build_params(arg_type, boxed, extra=None):
 ret = ''
 sep = ''
diff --git a/scripts/qapi/events.py b/scripts/qapi/events.py
index 7308e8e589..a716a1d27f 100644
--- a/scripts/qapi/events.py
+++ b/scripts/qapi/events.py
@@ -13,6 +13,7 @@ See the COPYING file in the top-level directory.
 """
 
 from qapi.common import *
+from qapi.types import gen_enum, gen_enum_lookup
 
 
 def build_event_send_proto(name, arg_type, boxed):
diff --git a/scripts/qapi/types.py b/scripts/qapi/types.py
index 3edd9374aa..711543147d 100644
--- a/scripts/qapi/types.py
+++ b/scripts/qapi/types.py
@@ -21,6 +21,65 @@ from qapi.common import *
 objects_seen = set()
 
 
+def gen_enum_lookup(name, members, prefix=None):
+ret = mcgen('''
+
+const QEnumLookup %(c_name)s_lookup = {
+.array = (const char *const[]) {
+''',
+c_name=c_name(name))
+for m in members:
+ret += gen_if(m.ifcond)
+index = c_enum_const(name, m.name, prefix)
+ret += mcgen('''
+[%(index)s] = "%(name)s",
+''',
+ index=index, name=m.name)
+ret += gen_endif(m.ifcond)
+
+ret += mcgen('''
+},
+.size = %(max_index)s
+};
+''',
+ max_index=c_enum_const(name, '_MAX', prefix))
+return ret
+
+
+def gen_enum(name, members, prefix=None):
+# append automatically generated _MAX value
+enum_members = members + [QAPISchemaEnumMember('_MAX', None)]
+
+ret = mcgen('''
+
+typedef enum %(c_name)s {
+''',
+c_name=c_name(name))
+
+for m in enum_members:
+ret += gen_if(m.ifcond)
+ret += mcgen('''
+%(c_enum)s,
+''',
+ c_enum=c_enum_const(name, m.name, prefix))
+ret += gen_endif(m.ifcond)
+
+ret += mcgen('''
+} %(c_name)s;
+''',
+ c_name=c_name(name))
+
+ret += mcgen('''
+
+#define %(c_name)s_str(val) \\
+qapi_enum_lookup(&%(c_name)s_lookup, (val))
+
+extern const QEnumLookup %(c_name)s_lookup;
+''',
+ c_name=c_name(name))
+return ret
+
+
 def gen_fwd_object_or_array(name):
 return mcgen('''
 
-- 
2.21.0

[PATCH v2 2/7] qapi: Store pragma state in QAPISourceInfo, not global state

[Markus Armbruster]

The frontend can't be run more than once due to its global state.
A future commit will want to do that.

Recent commit "qapi: Move context-sensitive checking to the proper
place" got rid of many global variables already, but pragma state is
still stored in global variables (that's why a pragma directive's
scope is the complete schema).

Move the pragma state to QAPISourceInfo.

Signed-off-by: Markus Armbruster 
Reviewed-by: Eric Blake 
---
 scripts/qapi/common.py | 36 +++-
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/scripts/qapi/common.py b/scripts/qapi/common.py
index d6e00c80ea..5abab44302 100644
--- a/scripts/qapi/common.py
+++ b/scripts/qapi/common.py
@@ -21,25 +21,28 @@ import string
 import sys
 from collections import OrderedDict
 
-# Are documentation comments required?
-doc_required = False
-
-# Whitelist of commands allowed to return a non-dictionary
-returns_whitelist = []
-
-# Whitelist of entities allowed to violate case conventions
-name_case_whitelist = []
-
 
 #
 # Parsing the schema into expressions
 #
 
+
+class QAPISchemaPragma(object):
+def __init__(self):
+# Are documentation comments required?
+self.doc_required = False
+# Whitelist of commands allowed to return a non-dictionary
+self.returns_whitelist = []
+# Whitelist of entities allowed to violate case conventions
+self.name_case_whitelist = []
+
+
 class QAPISourceInfo(object):
 def __init__(self, fname, line, parent):
 self.fname = fname
 self.line = line
 self.parent = parent
+self.pragma = parent.pragma if parent else QAPISchemaPragma()
 self.defn_meta = None
 self.defn_name = None
 
@@ -486,26 +489,25 @@ class QAPISchemaParser(object):
 return QAPISchemaParser(incl_fname, previously_included, info)
 
 def _pragma(self, name, value, info):
-global doc_required, returns_whitelist, name_case_whitelist
 if name == 'doc-required':
 if not isinstance(value, bool):
 raise QAPISemError(info,
"pragma 'doc-required' must be boolean")
-doc_required = value
+info.pragma.doc_required = value
 elif name == 'returns-whitelist':
 if (not isinstance(value, list)
 or any([not isinstance(elt, str) for elt in value])):
 raise QAPISemError(
 info,
 "pragma returns-whitelist must be a list of strings")
-returns_whitelist = value
+info.pragma.returns_whitelist = value
 elif name == 'name-case-whitelist':
 if (not isinstance(value, list)
 or any([not isinstance(elt, str) for elt in value])):
 raise QAPISemError(
 info,
 "pragma name-case-whitelist must be a list of strings")
-name_case_whitelist = value
+info.pragma.name_case_whitelist = value
 else:
 raise QAPISemError(info, "unknown pragma '%s'" % name)
 
@@ -757,7 +759,7 @@ def check_type(value, info, source,
 raise QAPISemError(info,
"%s should be an object or type name" % source)
 
-permit_upper = allow_dict in name_case_whitelist
+permit_upper = allow_dict in info.pragma.name_case_whitelist
 
 # value is a dictionary, check that each member is okay
 for (key, arg) in value.items():
@@ -840,7 +842,7 @@ def check_enum(expr, info):
 if prefix is not None and not isinstance(prefix, str):
 raise QAPISemError(info, "'prefix' must be a string")
 
-permit_upper = name in name_case_whitelist
+permit_upper = name in info.pragma.name_case_whitelist
 
 for member in members:
 source = "'data' member"
@@ -968,7 +970,7 @@ def check_exprs(exprs):
 raise QAPISemError(
 info, "documentation comment is for '%s'" % doc.symbol)
 doc.check_expr(expr)
-elif doc_required:
+elif info.pragma.doc_required:
 raise QAPISemError(info,
"documentation comment required")
 
@@ -1690,7 +1692,7 @@ class QAPISchemaCommand(QAPISchemaEntity):
 if self._ret_type_name:
 self.ret_type = schema.resolve_type(
 self._ret_type_name, self.info, "command's 'returns'")
-if self.name not in returns_whitelist:
+if self.name not in self.info.pragma.returns_whitelist:
 if not (isinstance(self.ret_type, QAPISchemaObjectType)
 or (isinstance(self.ret_type, QAPISchemaArrayType)
 and isinstance(self.ret_type.element_type,
-- 
2.21.0

[PATCH v2 3/7] qapi: Eliminate accidental global frontend state

[Markus Armbruster]

The frontend can't be run more than once due to its global state.
A future commit will want to do that.

The only global frontend state remaining is accidental:
QAPISchemaParser.__init__()'s parameter previously_included=[].
Python evaluates the default once, at definition time.  Any
modifications to it are visible in subsequent calls.  Well-known
Python trap.  Change the default to None and replace it by the real
default in the function body.  Use the opportunity to convert
previously_included to a set.

Signed-off-by: Markus Armbruster 
Reviewed-by: Eric Blake 
---
 scripts/qapi/common.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/qapi/common.py b/scripts/qapi/common.py
index 5abab44302..9d5c05f6a1 100644
--- a/scripts/qapi/common.py
+++ b/scripts/qapi/common.py
@@ -391,8 +391,9 @@ class QAPIDoc(object):
 
 class QAPISchemaParser(object):
 
-def __init__(self, fname, previously_included=[], incl_info=None):
-previously_included.append(os.path.abspath(fname))
+def __init__(self, fname, previously_included=None, incl_info=None):
+previously_included = previously_included or set()
+previously_included.add(os.path.abspath(fname))
 
 try:
 if sys.version_info[0] >= 3:
-- 
2.21.0

[Bug 1848556] Re: qemu-img check failing on remote image in Eoan

[Christian Ehrhardt ]

Quick checks:
- does not depend on the exact image, e.g. 
https://cloud-images.ubuntu.com/eoan/current/eoan-server-cloudimg-amd64.img or 
https://download.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2
 hang as well
- the former qemu 3.1 based qemu-utils work fine

Maybe that helps to identify a known patch that might already exist.
Even it if doesn't the simple repro in comment #2 should still help.

If there is no immediate idea out of the data we have let me know, this
seems bisectable to me.

** Also affects: qemu (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1848556

Title:
  qemu-img check failing on remote image in Eoan

Status in QEMU:
  Confirmed
Status in qemu package in Ubuntu:
  New

Bug description:
  The "qemu-img check" function is failing on remote (HTTP-hosted)
  images, beginning with Ubuntu 19.10 (qemu-utils version 1:4.0+dfsg-
  0ubuntu9). With previous versions, through Ubuntu 19.04/qemu-utils
  version 1:3.1+dfsg-2ubuntu3.5, the following worked:

  $ /usr/bin/qemu-img check  
http://10.193.37.117/cloud/eoan-server-cloudimg-amd64.img
  No errors were found on the image.
  19778/36032 = 54.89% allocated, 90.34% fragmented, 89.90% compressed clusters
  Image end offset: 514064384

  The 10.193.37.117 server holds an Apache server that hosts the cloud
  images on a LAN. Beginning with Ubuntu 19.10/qemu-utils 1:4.0+dfsg-
  0ubuntu9, the same command never returns. (I've left it for up to an
  hour with no change.) I'm able to wget the image from the same server
  and installation on which qemu-img check fails. I've tried several
  .img files on the server, ranging from Bionic to Eoan, with the same
  results with all of them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1848556/+subscriptions

Re: [PATCH 1/2] spapr: Introduce a interrupt presenter reset handler

[Greg Kurz]

On Thu, 17 Oct 2019 16:42:40 +0200
Cédric Le Goater  wrote:

> The interrupt presenters are not reseted today. Extend the sPAPR IRQ
> backend with a new cpu_intc_reset() handler which will be called by
> the CPU reset handler.
> 
> spapr_realize_vcpu() is modified to call the CPU reset only after the
> the intc presenter has been created.
> 
> Signed-off-by: Cédric Le Goater 
> ---
>  include/hw/ppc/spapr_irq.h |  4 
>  include/hw/ppc/xics.h  |  1 +
>  include/hw/ppc/xive.h  |  1 +
>  hw/intc/spapr_xive.c   |  8 
>  hw/intc/xics.c |  5 +
>  hw/intc/xics_spapr.c   |  8 
>  hw/intc/xive.c | 11 ---
>  hw/ppc/spapr_cpu_core.c|  8 ++--
>  hw/ppc/spapr_irq.c | 21 +
>  9 files changed, 62 insertions(+), 5 deletions(-)
> 
> diff --git a/include/hw/ppc/spapr_irq.h b/include/hw/ppc/spapr_irq.h
> index 5e150a667902..78327496c102 100644
> --- a/include/hw/ppc/spapr_irq.h
> +++ b/include/hw/ppc/spapr_irq.h
> @@ -52,6 +52,8 @@ typedef struct SpaprInterruptControllerClass {
>   */
>  int (*cpu_intc_create)(SpaprInterruptController *intc,
>  PowerPCCPU *cpu, Error **errp);
> +int (*cpu_intc_reset)(SpaprInterruptController *intc, PowerPCCPU *cpu,
> +  Error **errp);

Looking at the rest of the patch, it seems that we don't need error
reporting. I suggest you make this void and drop the errp parameter.

>  int (*claim_irq)(SpaprInterruptController *intc, int irq, bool lsi,
>   Error **errp);
>  void (*free_irq)(SpaprInterruptController *intc, int irq);
> @@ -68,6 +70,8 @@ void spapr_irq_update_active_intc(SpaprMachineState *spapr);
>  
>  int spapr_irq_cpu_intc_create(SpaprMachineState *spapr,
>PowerPCCPU *cpu, Error **errp);
> +int spapr_irq_cpu_intc_reset(SpaprMachineState *spapr,
> + PowerPCCPU *cpu, Error **errp);
>  void spapr_irq_print_info(SpaprMachineState *spapr, Monitor *mon);
>  void spapr_irq_dt(SpaprMachineState *spapr, uint32_t nr_servers,
>void *fdt, uint32_t phandle);
> diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
> index 1e6a9300eb2b..602173c12250 100644
> --- a/include/hw/ppc/xics.h
> +++ b/include/hw/ppc/xics.h
> @@ -161,6 +161,7 @@ void icp_set_mfrr(ICPState *icp, uint8_t mfrr);
>  uint32_t icp_accept(ICPState *ss);
>  uint32_t icp_ipoll(ICPState *ss, uint32_t *mfrr);
>  void icp_eoi(ICPState *icp, uint32_t xirr);
> +void icp_reset(ICPState *icp);
>  
>  void ics_write_xive(ICSState *ics, int nr, int server,
>  uint8_t priority, uint8_t saved_priority);
> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
> index fd3319bd3202..99381639f50c 100644
> --- a/include/hw/ppc/xive.h
> +++ b/include/hw/ppc/xive.h
> @@ -415,6 +415,7 @@ uint64_t xive_tctx_tm_read(XiveTCTX *tctx, hwaddr offset, 
> unsigned size);
>  
>  void xive_tctx_pic_print_info(XiveTCTX *tctx, Monitor *mon);
>  Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp);
> +void xive_tctx_reset(XiveTCTX *tctx);
>  
>  static inline uint32_t xive_nvt_cam_line(uint8_t nvt_blk, uint32_t nvt_idx)
>  {
> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
> index ba32d2cc5b0f..0c3acf1a4192 100644
> --- a/hw/intc/spapr_xive.c
> +++ b/hw/intc/spapr_xive.c
> @@ -553,6 +553,13 @@ static int 
> spapr_xive_cpu_intc_create(SpaprInterruptController *intc,
>  return 0;
>  }
>  
> +static int spapr_xive_cpu_intc_reset(SpaprInterruptController *intc,
> + PowerPCCPU *cpu, Error **errp)
> +{
> +xive_tctx_reset(spapr_cpu_state(cpu)->tctx);
> +return 0;
> +}
> +
>  static void spapr_xive_set_irq(SpaprInterruptController *intc, int irq, int 
> val)
>  {
>  SpaprXive *xive = SPAPR_XIVE(intc);
> @@ -697,6 +704,7 @@ static void spapr_xive_class_init(ObjectClass *klass, 
> void *data)
>  sicc->activate = spapr_xive_activate;
>  sicc->deactivate = spapr_xive_deactivate;
>  sicc->cpu_intc_create = spapr_xive_cpu_intc_create;
> +sicc->cpu_intc_reset = spapr_xive_cpu_intc_reset;
>  sicc->claim_irq = spapr_xive_claim_irq;
>  sicc->free_irq = spapr_xive_free_irq;
>  sicc->set_irq = spapr_xive_set_irq;
> diff --git a/hw/intc/xics.c b/hw/intc/xics.c
> index b5ac408f7b74..652771d6a5a5 100644
> --- a/hw/intc/xics.c
> +++ b/hw/intc/xics.c
> @@ -295,6 +295,11 @@ static void icp_reset_handler(void *dev)
>  }
>  }
>  
> +void icp_reset(ICPState *icp)
> +{
> +icp_reset_handler(icp);
> +}
> +
>  static void icp_realize(DeviceState *dev, Error **errp)
>  {
>  ICPState *icp = ICP(dev);
> diff --git a/hw/intc/xics_spapr.c b/hw/intc/xics_spapr.c
> index 4f64b9a9fc66..c0b2a576effe 100644
> --- a/hw/intc/xics_spapr.c
> +++ b/hw/intc/xics_spapr.c
> @@ -346,6 +346,13 @@ static int 
> xics_spapr_cpu_intc_create(SpaprInterruptController *intc,
>  return 0;
>  }
>  
> +

Re: [PATCH 2/2] spapr/xive: Set the OS CAM line at reset

[Greg Kurz]

On Thu, 17 Oct 2019 16:42:41 +0200
Cédric Le Goater  wrote:

> When a Virtual Processor is scheduled to run on a HW thread, the
> hypervisor pushes its identifier in the OS CAM line. When running in
> TCG or kernel_irqchip=off, QEMU needs to emulate the same behavior.
> 

This is only related to kernel_irqchip=off, which is always the case
when running in TCG actually. Maybe rephrase to "When not running with
an in-kernel irqchip, QEMU needs..." ?

> Introduce a 'os-cam' property which will be used to set the OS CAM
> line at reset and remove the spapr_xive_set_tctx_os_cam() calls which
> are done when the XIVE interrupt controller are activated.
> 

Since OS CAM is constant, I guess it is ok to make it a property.
Alternatively, you could pass it as an extra parameter to
xive_tctx_reset().

> This change also has the benefit to remove the use of CPU_FOREACH()
> which can be unsafe.
> 

Nice !

> Signed-off-by: Cédric Le Goater 
> ---
>  include/hw/ppc/spapr_xive.h |  1 -
>  include/hw/ppc/xive.h   |  4 +++-
>  hw/intc/spapr_xive.c| 31 +--
>  hw/intc/xive.c  | 22 +-
>  hw/ppc/pnv.c|  3 ++-
>  5 files changed, 31 insertions(+), 30 deletions(-)
> 
> diff --git a/include/hw/ppc/spapr_xive.h b/include/hw/ppc/spapr_xive.h
> index d84bd5c229f0..742b7e834f2a 100644
> --- a/include/hw/ppc/spapr_xive.h
> +++ b/include/hw/ppc/spapr_xive.h
> @@ -57,7 +57,6 @@ typedef struct SpaprXive {
>  void spapr_xive_pic_print_info(SpaprXive *xive, Monitor *mon);
>  
>  void spapr_xive_hcall_init(SpaprMachineState *spapr);
> -void spapr_xive_set_tctx_os_cam(XiveTCTX *tctx);
>  void spapr_xive_mmio_set_enabled(SpaprXive *xive, bool enable);
>  void spapr_xive_map_mmio(SpaprXive *xive);
>  
> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
> index 99381639f50c..e273069c25a9 100644
> --- a/include/hw/ppc/xive.h
> +++ b/include/hw/ppc/xive.h
> @@ -319,6 +319,7 @@ typedef struct XiveTCTX {
>  qemu_irqos_output;
>  
>  uint8_t regs[XIVE_TM_RING_COUNT * XIVE_TM_RING_SIZE];
> +uint32_tos_cam;
>  } XiveTCTX;
>  
>  /*
> @@ -414,7 +415,8 @@ void xive_tctx_tm_write(XiveTCTX *tctx, hwaddr offset, 
> uint64_t value,
>  uint64_t xive_tctx_tm_read(XiveTCTX *tctx, hwaddr offset, unsigned size);
>  
>  void xive_tctx_pic_print_info(XiveTCTX *tctx, Monitor *mon);
> -Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp);
> +Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, uint32_t os_cam,
> + Error **errp);
>  void xive_tctx_reset(XiveTCTX *tctx);
>  
>  static inline uint32_t xive_nvt_cam_line(uint8_t nvt_blk, uint32_t nvt_idx)
> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
> index 0c3acf1a4192..71f138512a1c 100644
> --- a/hw/intc/spapr_xive.c
> +++ b/hw/intc/spapr_xive.c
> @@ -205,21 +205,13 @@ void spapr_xive_mmio_set_enabled(SpaprXive *xive, bool 
> enable)
>  memory_region_set_enabled(&xive->end_source.esb_mmio, false);
>  }
>  
> -/*
> - * When a Virtual Processor is scheduled to run on a HW thread, the
> - * hypervisor pushes its identifier in the OS CAM line. Emulate the
> - * same behavior under QEMU.
> - */
> -void spapr_xive_set_tctx_os_cam(XiveTCTX *tctx)
> +static uint32_t spapr_xive_get_os_cam(PowerPCCPU *cpu)
>  {
>  uint8_t  nvt_blk;
>  uint32_t nvt_idx;
> -uint32_t nvt_cam;
> -
> -spapr_xive_cpu_to_nvt(POWERPC_CPU(tctx->cs), &nvt_blk, &nvt_idx);
>  
> -nvt_cam = cpu_to_be32(TM_QW1W2_VO | xive_nvt_cam_line(nvt_blk, nvt_idx));
> -memcpy(&tctx->regs[TM_QW1_OS + TM_WORD2], &nvt_cam, 4);
> +spapr_xive_cpu_to_nvt(cpu, &nvt_blk, &nvt_idx);
> +return xive_nvt_cam_line(nvt_blk, nvt_idx);
>  }
>  
>  static void spapr_xive_end_reset(XiveEND *end)
> @@ -537,19 +529,14 @@ static int 
> spapr_xive_cpu_intc_create(SpaprInterruptController *intc,
>  SpaprXive *xive = SPAPR_XIVE(intc);
>  Object *obj;
>  SpaprCpuState *spapr_cpu = spapr_cpu_state(cpu);
> +uint32_t os_cam = spapr_xive_get_os_cam(cpu);
>  
> -obj = xive_tctx_create(OBJECT(cpu), XIVE_ROUTER(xive), errp);
> +obj = xive_tctx_create(OBJECT(cpu), XIVE_ROUTER(xive), os_cam, errp);
>  if (!obj) {
>  return -1;
>  }
>  
>  spapr_cpu->tctx = XIVE_TCTX(obj);
> -
> -/*
> - * (TCG) Early setting the OS CAM line for hotplugged CPUs as they
> - * don't beneficiate from the reset of the XIVE IRQ backend
> - */
> -spapr_xive_set_tctx_os_cam(spapr_cpu->tctx);
>  return 0;
>  }
>  
> @@ -650,14 +637,6 @@ static void spapr_xive_dt(SpaprInterruptController 
> *intc, uint32_t nr_servers,
>  static int spapr_xive_activate(SpaprInterruptController *intc, Error **errp)
>  {
>  SpaprXive *xive = SPAPR_XIVE(intc);
> -CPUState *cs;
> -
> -CPU_FOREACH(cs) {
> -PowerPCCPU *cpu = POWERPC_CPU(cs);
> -
> -/* (TCG) Set the OS CAM line of the thread interrupt context. */
> -spapr_xive_set_tctx_os_cam

[PATCH v5 3/5] tests: qapi: Test 'features' of commands

[Markus Armbruster]

From: Peter Krempa 

Signed-off-by: Peter Krempa 
Reviewed-by: Markus Armbruster 
Signed-off-by: Markus Armbruster 
---
 tests/test-qmp-cmds.c   | 24 
 tests/qapi-schema/qapi-schema-test.json | 18 ++
 tests/qapi-schema/qapi-schema-test.out  | 23 +++
 tests/qapi-schema/test-qapi.py  | 13 +
 4 files changed, 74 insertions(+), 4 deletions(-)

diff --git a/tests/test-qmp-cmds.c b/tests/test-qmp-cmds.c
index 36fdf5b115..27b0afe55a 100644
--- a/tests/test-qmp-cmds.c
+++ b/tests/test-qmp-cmds.c
@@ -51,6 +51,30 @@ void qmp_test_features(FeatureStruct0 *fs0, FeatureStruct1 
*fs1,
 {
 }
 
+void qmp_test_command_features0(Error **errp)
+{
+}
+
+void qmp_test_command_features1(Error **errp)
+{
+}
+
+void qmp_test_command_features3(Error **errp)
+{
+}
+
+void qmp_test_command_cond_features1(Error **errp)
+{
+}
+
+void qmp_test_command_cond_features2(Error **errp)
+{
+}
+
+void qmp_test_command_cond_features3(Error **errp)
+{
+}
+
 UserDefTwo *qmp_user_def_cmd2(UserDefOne *ud1a,
   bool has_udb1, UserDefOne *ud1b,
   Error **errp)
diff --git a/tests/qapi-schema/qapi-schema-test.json 
b/tests/qapi-schema/qapi-schema-test.json
index 75c42eb0e3..9abf175fe0 100644
--- a/tests/qapi-schema/qapi-schema-test.json
+++ b/tests/qapi-schema/qapi-schema-test.json
@@ -290,3 +290,21 @@
 'cfs1': 'CondFeatureStruct1',
 'cfs2': 'CondFeatureStruct2',
 'cfs3': 'CondFeatureStruct3' } }
+
+# test 'features' for command
+
+{ 'command': 'test-command-features0',
+  'features': [] }
+{ 'command': 'test-command-features1',
+  'features': [ 'feature1' ] }
+{ 'command': 'test-command-features3',
+  'features': [ 'feature1', 'feature2' ] }
+
+{ 'command': 'test-command-cond-features1',
+  'features': [ { 'name': 'feature1', 'if': 'defined(TEST_IF_FEATURE_1)'} ] }
+{ 'command': 'test-command-cond-features2',
+  'features': [ { 'name': 'feature1', 'if': 'defined(TEST_IF_FEATURE_1)'},
+{ 'name': 'feature2', 'if': 'defined(TEST_IF_FEATURE_2)'} ] }
+{ 'command': 'test-command-cond-features3',
+  'features': [ { 'name': 'feature1', 'if': [ 'defined(TEST_IF_COND_1)',
+  'defined(TEST_IF_COND_2)'] } ] }
diff --git a/tests/qapi-schema/qapi-schema-test.out 
b/tests/qapi-schema/qapi-schema-test.out
index aca43186a9..3660e75a48 100644
--- a/tests/qapi-schema/qapi-schema-test.out
+++ b/tests/qapi-schema/qapi-schema-test.out
@@ -412,3 +412,26 @@ object q_obj_test-features-arg
 member cfs3: CondFeatureStruct3 optional=False
 command test-features q_obj_test-features-arg -> None
 gen=True success_response=True boxed=False oob=False preconfig=False
+command test-command-features0 None -> None
+gen=True success_response=True boxed=False oob=False preconfig=False
+command test-command-features1 None -> None
+gen=True success_response=True boxed=False oob=False preconfig=False
+feature feature1
+command test-command-features3 None -> None
+gen=True success_response=True boxed=False oob=False preconfig=False
+feature feature1
+feature feature2
+command test-command-cond-features1 None -> None
+gen=True success_response=True boxed=False oob=False preconfig=False
+feature feature1
+if ['defined(TEST_IF_FEATURE_1)']
+command test-command-cond-features2 None -> None
+gen=True success_response=True boxed=False oob=False preconfig=False
+feature feature1
+if ['defined(TEST_IF_FEATURE_1)']
+feature feature2
+if ['defined(TEST_IF_FEATURE_2)']
+command test-command-cond-features3 None -> None
+gen=True success_response=True boxed=False oob=False preconfig=False
+feature feature1
+if ['defined(TEST_IF_COND_1)', 'defined(TEST_IF_COND_2)']
diff --git a/tests/qapi-schema/test-qapi.py b/tests/qapi-schema/test-qapi.py
index d31ac4bbb7..2bd9fd8742 100755
--- a/tests/qapi-schema/test-qapi.py
+++ b/tests/qapi-schema/test-qapi.py
@@ -61,10 +61,7 @@ class QAPISchemaTestVisitor(QAPISchemaVisitor):
 self._print_if(m.ifcond, 8)
 self._print_variants(variants)
 self._print_if(ifcond)
-if features:
-for f in features:
-print('feature %s' % f.name)
-self._print_if(f.ifcond, 8)
+self._print_features(features)
 
 def visit_alternate_type(self, name, info, ifcond, variants):
 print('alternate %s' % name)
@@ -80,6 +77,7 @@ class QAPISchemaTestVisitor(QAPISchemaVisitor):
 print('gen=%s success_response=%s boxed=%s oob=%s preconfig=%s'
   % (gen, success_response, boxed, allow_oob, allow_preconfig))
 self._print_if(ifcond)
+self._print_features(features)
 
 def visit_event(self, name, info, ifcond, arg_type, boxed):
 print('event %s %s' % (name, arg_type and arg_type.name))
@@ -99,6 +97,13 @@ class QAPISchemaTestV

[PATCH v5 0/5] qapi: Add detection for the 'savevm' fix for blockdev

[Markus Armbruster]

Add 'features' field in the schema for commands and add a feature flag
to advertise that the fix for savevm [1] is present.

[1] https://lists.gnu.org/archive/html/qemu-devel/2019-09/msg03487.html

Based-on: <20191018074345.24034-1-arm...@redhat.com>

v5:
* PATCH 2:
  - qapi-code-gen.txt grammar updated
  - Doc generation for boxed commands fixed
  - Commit message tweaked
* PATCH 3:
  - Command names in qapi-schema-test.json tweaked
  - Trivial pycodestyle-3 fix
* PATCH 4: New
* PATCH 5: Whitespace tweaked

v4:
* PATCH 1: New
* PATCH 2: Factor out check_features()
* PATCH 3: Factor out _print_features(), drop duplicated test
* PATCH 4
  - Shorten savevm-blockdev-monitor-nodes to just savevm-monitor-nodes
  - Tweak commit message and documentation

Markus Armbruster (2):
  tests/qapi-schema: Tidy up test output indentation
  tests/qapi-schema: Cover feature documentation comments

Peter Krempa (3):
  qapi: Add feature flags to commands
  tests: qapi: Test 'features' of commands
  qapi: Allow introspecting fix for savevm's cooperation with blockdev

 docs/devel/qapi-code-gen.txt| 10 ++--
 tests/qapi-schema/doc-good.texi | 22 
 qapi/introspect.json|  6 +-
 qapi/misc.json  |  9 ++-
 tests/test-qmp-cmds.c   | 24 
 scripts/qapi/commands.py|  3 +-
 scripts/qapi/doc.py |  4 +-
 scripts/qapi/expr.py| 35 +++-
 scripts/qapi/introspect.py  |  7 ++-
 scripts/qapi/schema.py  | 22 ++--
 tests/qapi-schema/doc-good.json | 17 +-
 tests/qapi-schema/doc-good.out  |  9 ++-
 tests/qapi-schema/event-case.out|  2 +-
 tests/qapi-schema/indented-expr.out |  4 +-
 tests/qapi-schema/qapi-schema-test.json | 18 ++
 tests/qapi-schema/qapi-schema-test.out  | 75 -
 tests/qapi-schema/test-qapi.py  | 20 ---
 17 files changed, 219 insertions(+), 68 deletions(-)

-- 
2.21.0

[PATCH v5 4/5] tests/qapi-schema: Cover feature documentation comments

[Markus Armbruster]

Commit 8aa3a33e44 "tests/qapi-schema: Test for good feature lists in
structs" neglected to cover documentation comments, and the previous
commit followed its example.  Make up for them.

Signed-off-by: Markus Armbruster 
---
 tests/qapi-schema/doc-good.texi | 22 ++
 tests/qapi-schema/doc-good.json | 17 +++--
 tests/qapi-schema/doc-good.out  |  5 +
 3 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/tests/qapi-schema/doc-good.texi b/tests/qapi-schema/doc-good.texi
index 2526abc6d9..2ce8b883c9 100644
--- a/tests/qapi-schema/doc-good.texi
+++ b/tests/qapi-schema/doc-good.texi
@@ -122,6 +122,12 @@ Not documented
 @*@b{If:} @code{defined(IFSTR)}
 @end table
 
+@b{Features:}
+@table @asis
+@item @code{variant1-feat}
+a feature
+@end table
+
 @end deftp
 
 
@@ -182,6 +188,14 @@ argument
 Not documented
 @end table
 
+@b{Features:}
+@table @asis
+@item @code{cmd-feat1}
+a feature
+@item @code{cmd-feat2}
+another feature
+@end table
+
 @b{Note:}
 @code{arg3} is undocumented
 
@@ -227,6 +241,14 @@ If you're bored enough to read this, go see a video of 
boxed cats
 
 @b{Arguments:} the members of @code{Object}
 
+@b{Features:}
+@table @asis
+@item @code{cmd-feat1}
+a feature
+@item @code{cmd-feat2}
+another feature
+@end table
+
 @b{Example:}
 @example
 -> in
diff --git a/tests/qapi-schema/doc-good.json b/tests/qapi-schema/doc-good.json
index f7fb48af38..7dc21e58a3 100644
--- a/tests/qapi-schema/doc-good.json
+++ b/tests/qapi-schema/doc-good.json
@@ -71,8 +71,12 @@
 # A paragraph
 #
 # Another paragraph (but no @var: line)
+#
+# Features:
+# @variant1-feat: a feature
 ##
 { 'struct': 'Variant1',
+  'features': [ 'variant1-feat' ],
   'data': { 'var1': { 'type': 'str', 'if': 'defined(IFSTR)' } } }
 
 ##
@@ -104,6 +108,10 @@
 #
 # @arg2: the second
 # argument
+#
+# Features:
+# @cmd-feat1: a feature
+# @cmd-feat2: another feature
 # Note: @arg3 is undocumented
 # Returns: @Object
 # TODO: frobnicate
@@ -123,11 +131,15 @@
 ##
 { 'command': 'cmd',
   'data': { 'arg1': 'int', '*arg2': 'str', 'arg3': 'bool' },
-  'returns': 'Object' }
+  'returns': 'Object',
+  'features': [ 'cmd-feat1', 'cmd-feat2' ] }
 
 ##
 # @cmd-boxed:
 # If you're bored enough to read this, go see a video of boxed cats
+# Features:
+# @cmd-feat1: a feature
+# @cmd-feat2: another feature
 # Example:
 #
 # -> in
@@ -135,4 +147,5 @@
 # <- out
 ##
 { 'command': 'cmd-boxed', 'boxed': true,
-  'data': 'Object' }
+  'data': 'Object',
+  'features': [ 'cmd-feat1', 'cmd-feat2' ] }
diff --git a/tests/qapi-schema/doc-good.out b/tests/qapi-schema/doc-good.out
index 6562e1f412..f78fdef6a9 100644
--- a/tests/qapi-schema/doc-good.out
+++ b/tests/qapi-schema/doc-good.out
@@ -20,6 +20,7 @@ object Base
 object Variant1
 member var1: str optional=False
 if ['defined(IFSTR)']
+feature variant1-feat
 object Variant2
 object Object
 base Base
@@ -47,8 +48,12 @@ object q_obj_cmd-arg
 member arg3: bool optional=False
 command cmd q_obj_cmd-arg -> Object
 gen=True success_response=True boxed=False oob=False preconfig=False
+feature cmd-feat1
+feature cmd-feat2
 command cmd-boxed Object -> None
 gen=True success_response=True boxed=True oob=False preconfig=False
+feature cmd-feat1
+feature cmd-feat2
 doc freeform
 body=
 = Section
-- 
2.21.0

[PATCH v5 2/5] qapi: Add feature flags to commands

[Markus Armbruster]

From: Peter Krempa 

Similarly to features for struct types introduce the feature flags also
for commands. This will allow notifying management layers of fixes and
compatible changes in the behaviour of a command which may not be
detectable any other way.

The changes were heavily inspired by commit 6a8c0b51025.

Signed-off-by: Peter Krempa 
Reviewed-by: Markus Armbruster 
Signed-off-by: Markus Armbruster 
---
 docs/devel/qapi-code-gen.txt   | 10 ++
 qapi/introspect.json   |  6 +-
 scripts/qapi/commands.py   |  3 ++-
 scripts/qapi/doc.py|  4 +++-
 scripts/qapi/expr.py   | 35 +++---
 scripts/qapi/introspect.py |  7 ++-
 scripts/qapi/schema.py | 22 +
 tests/qapi-schema/test-qapi.py |  3 ++-
 8 files changed, 62 insertions(+), 28 deletions(-)

diff --git a/docs/devel/qapi-code-gen.txt b/docs/devel/qapi-code-gen.txt
index 64d9e4c6a9..45c93a43cc 100644
--- a/docs/devel/qapi-code-gen.txt
+++ b/docs/devel/qapi-code-gen.txt
@@ -457,7 +457,8 @@ Syntax:
 '*gen': false,
 '*allow-oob': true,
 '*allow-preconfig': true,
-'*if': COND }
+'*if': COND,
+'*features': FEATURES }
 
 Member 'command' names the command.
 
@@ -640,9 +641,10 @@ change in the QMP syntax (usually by allowing values or 
operations
 that previously resulted in an error).  QMP clients may still need to
 know whether the extension is available.
 
-For this purpose, a list of features can be specified for a struct type.
-This is exposed to the client as a list of string, where each string
-signals that this build of QEMU shows a certain behaviour.
+For this purpose, a list of features can be specified for a command or
+struct type.  This is exposed to the client as a list of strings,
+where each string signals that this build of QEMU shows a certain
+behaviour.
 
 Each member of the 'features' array defines a feature.  It can either
 be { 'name': STRING, '*if': COND }, or STRING, which is shorthand for
diff --git a/qapi/introspect.json b/qapi/introspect.json
index 1843c1cb17..031a954fa9 100644
--- a/qapi/introspect.json
+++ b/qapi/introspect.json
@@ -266,13 +266,17 @@
 # @allow-oob: whether the command allows out-of-band execution,
 # defaults to false (Since: 2.12)
 #
+# @features: names of features associated with the command, in no particular
+#order. (since 4.2)
+#
 # TODO: @success-response (currently irrelevant, because it's QGA, not QMP)
 #
 # Since: 2.5
 ##
 { 'struct': 'SchemaInfoCommand',
   'data': { 'arg-type': 'str', 'ret-type': 'str',
-'*allow-oob': 'bool' } }
+'*allow-oob': 'bool',
+'*features': [ 'str' ] } }
 
 ##
 # @SchemaInfoEvent:
diff --git a/scripts/qapi/commands.py b/scripts/qapi/commands.py
index 898516b086..ab98e504f3 100644
--- a/scripts/qapi/commands.py
+++ b/scripts/qapi/commands.py
@@ -277,7 +277,8 @@ void %(c_prefix)sqmp_init_marshal(QmpCommandList *cmds);
 genc.add(gen_registry(self._regy.get_content(), self._prefix))
 
 def visit_command(self, name, info, ifcond, arg_type, ret_type, gen,
-  success_response, boxed, allow_oob, allow_preconfig):
+  success_response, boxed, allow_oob, allow_preconfig,
+  features):
 if not gen:
 return
 # FIXME: If T is a user-defined type, the user is responsible
diff --git a/scripts/qapi/doc.py b/scripts/qapi/doc.py
index dc8919bab7..6d5726cf6e 100644
--- a/scripts/qapi/doc.py
+++ b/scripts/qapi/doc.py
@@ -249,12 +249,14 @@ class QAPISchemaGenDocVisitor(QAPISchemaVisitor):
body=texi_entity(doc, 'Members', ifcond)))
 
 def visit_command(self, name, info, ifcond, arg_type, ret_type, gen,
-  success_response, boxed, allow_oob, allow_preconfig):
+  success_response, boxed, allow_oob, allow_preconfig,
+  features):
 doc = self.cur_doc
 if boxed:
 body = texi_body(doc)
 body += ('\n@b{Arguments:} the members of @code{%s}\n'
  % arg_type.name)
+body += texi_features(doc)
 body += texi_sections(doc, ifcond)
 else:
 body = texi_entity(doc, 'Arguments', ifcond)
diff --git a/scripts/qapi/expr.py b/scripts/qapi/expr.py
index da23063f57..5a7e548899 100644
--- a/scripts/qapi/expr.py
+++ b/scripts/qapi/expr.py
@@ -184,6 +184,22 @@ def normalize_features(features):
for f in features]
 
 
+def check_features(features, info):
+if features is None:
+return
+if not isinstance(features, list):
+raise QAPISemError(info, "'features' must be an array")
+for f in features:
+source = "'features' member"
+assert isinstance(f, dict)
+check_keys(f, info, source, ['name'], ['if'])
+ch

[PATCH v5 5/5] qapi: Allow introspecting fix for savevm's cooperation with blockdev

[Markus Armbruster]

From: Peter Krempa 

'savevm' was buggy as it considered all monitor-owned block device
nodes for snapshot. With the introduction of -blockdev, the common
usage made all nodes including protocol and backing file nodes be
monitor-owned and thus considered for snapshot.

This is a problem since the 'file' protocol nodes can't have internal
snapshots and it does not make sense to take snapshot of nodes
representing backing files.

This was fixed by commit 05f4aced658a02b02. Clients need to be able to
detect whether this fix is present.

Since savevm does not have an QMP alternative, add the feature for the
'human-monitor-command' backdoor which is used to call this command in
modern use.

Signed-off-by: Peter Krempa 
Reviewed-by: Markus Armbruster 
Signed-off-by: Markus Armbruster 
---
 qapi/misc.json | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/qapi/misc.json b/qapi/misc.json
index 6bd11f50e6..33b94e3589 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -1020,6 +1020,12 @@
 #
 # @cpu-index: The CPU to use for commands that require an implicit CPU
 #
+# Features:
+# @savevm-monitor-nodes: If present, HMP command savevm only snapshots
+#monitor-owned nodes if they have no parents.
+#This allows the use of 'savevm' with
+#-blockdev. (since 4.2)
+#
 # Returns: the output of the command as a string
 #
 # Since: 0.14.0
@@ -1047,7 +1053,8 @@
 ##
 { 'command': 'human-monitor-command',
   'data': {'command-line': 'str', '*cpu-index': 'int'},
-  'returns': 'str' }
+  'returns': 'str',
+  'features': [ 'savevm-monitor-nodes' ] }
 
 ##
 # @change:
-- 
2.21.0

Re: [PATCH v2 2/2] migration: savevm_state_handler_insert: constant-time element insertion

[Dr. David Alan Gilbert]

* Scott Cheloha (chel...@linux.vnet.ibm.com) wrote:
> savevm_state's SaveStateEntry TAILQ is a priority queue.  Priority
> sorting is maintained by searching from head to tail for a suitable
> insertion spot.  Insertion is thus an O(n) operation.
> 
> If we instead keep track of the head of each priority's subqueue
> within that larger queue we can reduce this operation to O(1) time.
> 
> savevm_state_handler_remove() becomes slightly more complex to
> accomodate these gains: we need to replace the head of a priority's
> subqueue when removing it.
> 
> With O(1) insertion, booting VMs with many SaveStateEntry objects is
> more plausible.  For example, a ppc64 VM with maxmem=8T has 4 such
> objects to insert.

Separate from reviewing this patch, I'd like to understand why you've
got 4 objects.  This feels very very wrong and is likely to cause
problems to random other bits of qemu as well.

Dave

> Signed-off-by: Scott Cheloha 
> ---
>  migration/savevm.c | 26 +++---
>  1 file changed, 23 insertions(+), 3 deletions(-)
> 
> diff --git a/migration/savevm.c b/migration/savevm.c
> index b2e3b7222a..f7a2d36bba 100644
> --- a/migration/savevm.c
> +++ b/migration/savevm.c
> @@ -250,6 +250,7 @@ typedef struct SaveStateEntry {
>  
>  typedef struct SaveState {
>  QTAILQ_HEAD(, SaveStateEntry) handlers;
> +SaveStateEntry *handler_pri_head[MIG_PRI_MAX + 1];
>  int global_section_id;
>  uint32_t len;
>  const char *name;
> @@ -261,6 +262,7 @@ typedef struct SaveState {
>  
>  static SaveState savevm_state = {
>  .handlers = QTAILQ_HEAD_INITIALIZER(savevm_state.handlers),
> +.handler_pri_head = { [MIG_PRI_DEFAULT ... MIG_PRI_MAX] = NULL },
>  .global_section_id = 0,
>  };
>  
> @@ -709,24 +711,42 @@ static void savevm_state_handler_insert(SaveStateEntry 
> *nse)
>  {
>  MigrationPriority priority = save_state_priority(nse);
>  SaveStateEntry *se;
> +int i;
>  
>  assert(priority <= MIG_PRI_MAX);
>  
> -QTAILQ_FOREACH(se, &savevm_state.handlers, entry) {
> -if (save_state_priority(se) < priority) {
> +for (i = priority - 1; i >= 0; i--) {
> +se = savevm_state.handler_pri_head[i];
> +if (se != NULL) {
> +assert(save_state_priority(se) < priority);
>  break;
>  }
>  }
>  
> -if (se) {
> +if (i >= 0) {
>  QTAILQ_INSERT_BEFORE(se, nse, entry);
>  } else {
>  QTAILQ_INSERT_TAIL(&savevm_state.handlers, nse, entry);
>  }
> +
> +if (savevm_state.handler_pri_head[priority] == NULL) {
> +savevm_state.handler_pri_head[priority] = nse;
> +}
>  }
>  
>  static void savevm_state_handler_remove(SaveStateEntry *se)
>  {
> +SaveStateEntry *next;
> +MigrationPriority priority = save_state_priority(se);
> +
> +if (se == savevm_state.handler_pri_head[priority]) {
> +next = QTAILQ_NEXT(se, entry);
> +if (next != NULL && save_state_priority(next) == priority) {
> +savevm_state.handler_pri_head[priority] = next;
> +} else {
> +savevm_state.handler_pri_head[priority] = NULL;
> +}
> +}
>  QTAILQ_REMOVE(&savevm_state.handlers, se, entry);
>  }
>  
> -- 
> 2.23.0
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[PATCH v5 1/5] tests/qapi-schema: Tidy up test output indentation

[Markus Armbruster]

Command and event details are indented three spaces, everything else
four.  Messed up in commit 156402e5042.  Use four spaces consistently.

Signed-off-by: Markus Armbruster 
Reviewed-by: Peter Krempa 
---
 tests/qapi-schema/doc-good.out |  4 +-
 tests/qapi-schema/event-case.out   |  2 +-
 tests/qapi-schema/indented-expr.out|  4 +-
 tests/qapi-schema/qapi-schema-test.out | 52 +-
 tests/qapi-schema/test-qapi.py |  4 +-
 5 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/tests/qapi-schema/doc-good.out b/tests/qapi-schema/doc-good.out
index d3bca343eb..6562e1f412 100644
--- a/tests/qapi-schema/doc-good.out
+++ b/tests/qapi-schema/doc-good.out
@@ -46,9 +46,9 @@ object q_obj_cmd-arg
 member arg2: str optional=True
 member arg3: bool optional=False
 command cmd q_obj_cmd-arg -> Object
-   gen=True success_response=True boxed=False oob=False preconfig=False
+gen=True success_response=True boxed=False oob=False preconfig=False
 command cmd-boxed Object -> None
-   gen=True success_response=True boxed=True oob=False preconfig=False
+gen=True success_response=True boxed=True oob=False preconfig=False
 doc freeform
 body=
 = Section
diff --git a/tests/qapi-schema/event-case.out b/tests/qapi-schema/event-case.out
index ec8a1406e4..42ae519656 100644
--- a/tests/qapi-schema/event-case.out
+++ b/tests/qapi-schema/event-case.out
@@ -11,4 +11,4 @@ enum QType
 member qbool
 module event-case.json
 event oops None
-   boxed=False
+boxed=False
diff --git a/tests/qapi-schema/indented-expr.out 
b/tests/qapi-schema/indented-expr.out
index bffdf6756d..04356775cd 100644
--- a/tests/qapi-schema/indented-expr.out
+++ b/tests/qapi-schema/indented-expr.out
@@ -11,6 +11,6 @@ enum QType
 member qbool
 module indented-expr.json
 command eins None -> None
-   gen=True success_response=True boxed=False oob=False preconfig=False
+gen=True success_response=True boxed=False oob=False preconfig=False
 command zwei None -> None
-   gen=True success_response=True boxed=False oob=False preconfig=False
+gen=True success_response=True boxed=False oob=False preconfig=False
diff --git a/tests/qapi-schema/qapi-schema-test.out 
b/tests/qapi-schema/qapi-schema-test.out
index 98031da96f..aca43186a9 100644
--- a/tests/qapi-schema/qapi-schema-test.out
+++ b/tests/qapi-schema/qapi-schema-test.out
@@ -33,7 +33,7 @@ object Union
 case value3: q_empty
 case value4: q_empty
 command user_def_cmd0 Empty2 -> Empty2
-   gen=True success_response=True boxed=False oob=False preconfig=False
+gen=True success_response=True boxed=False oob=False preconfig=False
 enum QEnumTwo
 prefix QENUM_TWO
 member value1
@@ -205,35 +205,35 @@ object SecondArrayRef
 member s: StatusList optional=False
 module qapi-schema-test.json
 command user_def_cmd None -> None
-   gen=True success_response=True boxed=False oob=False preconfig=False
+gen=True success_response=True boxed=False oob=False preconfig=False
 object q_obj_user_def_cmd1-arg
 member ud1a: UserDefOne optional=False
 command user_def_cmd1 q_obj_user_def_cmd1-arg -> None
-   gen=True success_response=True boxed=False oob=False preconfig=False
+gen=True success_response=True boxed=False oob=False preconfig=False
 object q_obj_user_def_cmd2-arg
 member ud1a: UserDefOne optional=False
 member ud1b: UserDefOne optional=True
 command user_def_cmd2 q_obj_user_def_cmd2-arg -> UserDefTwo
-   gen=True success_response=True boxed=False oob=False preconfig=False
+gen=True success_response=True boxed=False oob=False preconfig=False
 command cmd-success-response None -> None
-   gen=True success_response=False boxed=False oob=False preconfig=False
+gen=True success_response=False boxed=False oob=False preconfig=False
 object q_obj_guest-get-time-arg
 member a: int optional=False
 member b: int optional=True
 command guest-get-time q_obj_guest-get-time-arg -> int
-   gen=True success_response=True boxed=False oob=False preconfig=False
+gen=True success_response=True boxed=False oob=False preconfig=False
 object q_obj_guest-sync-arg
 member arg: any optional=False
 command guest-sync q_obj_guest-sync-arg -> any
-   gen=True success_response=True boxed=False oob=False preconfig=False
+gen=True success_response=True boxed=False oob=False preconfig=False
 command boxed-struct UserDefZero -> None
-   gen=True success_response=True boxed=True oob=False preconfig=False
+gen=True success_response=True boxed=True oob=False preconfig=False
 command boxed-union UserDefListUnion -> None
-   gen=True success_response=True boxed=True oob=False preconfig=False
+gen=True success_response=True boxed=True oob=False preconfig=False
 command boxed-empty Empty1 -> None
-   gen=True success_response=True boxed=True oob=False preconfig=False
+gen=True success_response=True boxed=True oob=False preconfig=False
 command test-flags-command None -> None
-   gen=True success_respons

Re: [PATCH] configure: Require Python >= 3.5

[Kevin Wolf]

Am 17.10.2019 um 21:39 hat John Snow geschrieben:
> On 10/17/19 7:21 AM, Kevin Wolf wrote:
> > Am 17.10.2019 um 00:48 hat John Snow geschrieben:
> >> On 10/16/19 6:42 PM, Eduardo Habkost wrote:
> >>> Python 3.5 is the oldest Python version available on our
> >>> supported build platforms, and Python 2 end of life will be 3
> >>> weeks after the planned release date of QEMU 4.2.0.  Drop Python
> >>> 2 support from configure completely, and require Python 3.5 or
> >>> newer.
> >>>
> >>> Signed-off-by: Eduardo Habkost 
> >>
> >> Seems like a good time and place to mention this. Kevin, you require
> >> 3.6+ for iotests, which are -- at present -- invoked as part of "make
> >> check".
> >>
> >> Do we care? Basically, this just means that iotests won't run for
> >> systems that don't have 3.6+, which would be platforms like Debian 9 --
> >> which is why ehabkost is choosing 3.5 here.
> > 
> > I think we were aware of this when we made the change to iotests. That
> > all tests of the current upstream QEMU version are run on Debian
> > oldstable (with the distro Python version) is, to say the least, not a
> > priority for me. They must not fail, but I'd say skipping is fine.
> > 
> > And actually, we should still have a reasonable coverage there with the
> > shell-based test cases.
> 
> This seems like a weirdly arbitrary decision for a benefit that's not
> clear to me. Is it because you want variable annotations?

Yes, the discussion about type annotations is what made me check whether
we could do 3.6, because if we want to make use of type checking, we'll
need it for both functions and variables to get reasonable results.

And actually, we currently don't have any Python tests in the auto
group, so the only effect is for people manually running ./check on
Debian oldstable. I'm not sure, but I suspect this might be the empty
set.

Kevin

Re: [PATCH 1/2] spapr: Introduce a interrupt presenter reset handler

[Cédric Le Goater]

On 18/10/2019 09:46, Greg Kurz wrote:
> On Thu, 17 Oct 2019 16:42:40 +0200
> Cédric Le Goater  wrote:
> 
>> The interrupt presenters are not reseted today. Extend the sPAPR IRQ
>> backend with a new cpu_intc_reset() handler which will be called by
>> the CPU reset handler.
>>
>> spapr_realize_vcpu() is modified to call the CPU reset only after the
>> the intc presenter has been created.
>>
>> Signed-off-by: Cédric Le Goater 
>> ---
>>  include/hw/ppc/spapr_irq.h |  4 
>>  include/hw/ppc/xics.h  |  1 +
>>  include/hw/ppc/xive.h  |  1 +
>>  hw/intc/spapr_xive.c   |  8 
>>  hw/intc/xics.c |  5 +
>>  hw/intc/xics_spapr.c   |  8 
>>  hw/intc/xive.c | 11 ---
>>  hw/ppc/spapr_cpu_core.c|  8 ++--
>>  hw/ppc/spapr_irq.c | 21 +
>>  9 files changed, 62 insertions(+), 5 deletions(-)
>>
>> diff --git a/include/hw/ppc/spapr_irq.h b/include/hw/ppc/spapr_irq.h
>> index 5e150a667902..78327496c102 100644
>> --- a/include/hw/ppc/spapr_irq.h
>> +++ b/include/hw/ppc/spapr_irq.h
>> @@ -52,6 +52,8 @@ typedef struct SpaprInterruptControllerClass {
>>   */
>>  int (*cpu_intc_create)(SpaprInterruptController *intc,
>>  PowerPCCPU *cpu, Error **errp);
>> +int (*cpu_intc_reset)(SpaprInterruptController *intc, PowerPCCPU *cpu,
>> +  Error **errp);
> 
> Looking at the rest of the patch, it seems that we don't need error
> reporting. I suggest you make this void and drop the errp parameter.

yes. we can drop the error on that path.

> 
>>  int (*claim_irq)(SpaprInterruptController *intc, int irq, bool lsi,
>>   Error **errp);
>>  void (*free_irq)(SpaprInterruptController *intc, int irq);
>> @@ -68,6 +70,8 @@ void spapr_irq_update_active_intc(SpaprMachineState 
>> *spapr);
>>  
>>  int spapr_irq_cpu_intc_create(SpaprMachineState *spapr,
>>PowerPCCPU *cpu, Error **errp);
>> +int spapr_irq_cpu_intc_reset(SpaprMachineState *spapr,
>> + PowerPCCPU *cpu, Error **errp);
>>  void spapr_irq_print_info(SpaprMachineState *spapr, Monitor *mon);
>>  void spapr_irq_dt(SpaprMachineState *spapr, uint32_t nr_servers,
>>void *fdt, uint32_t phandle);
>> diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
>> index 1e6a9300eb2b..602173c12250 100644
>> --- a/include/hw/ppc/xics.h
>> +++ b/include/hw/ppc/xics.h
>> @@ -161,6 +161,7 @@ void icp_set_mfrr(ICPState *icp, uint8_t mfrr);
>>  uint32_t icp_accept(ICPState *ss);
>>  uint32_t icp_ipoll(ICPState *ss, uint32_t *mfrr);
>>  void icp_eoi(ICPState *icp, uint32_t xirr);
>> +void icp_reset(ICPState *icp);
>>  
>>  void ics_write_xive(ICSState *ics, int nr, int server,
>>  uint8_t priority, uint8_t saved_priority);
>> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
>> index fd3319bd3202..99381639f50c 100644
>> --- a/include/hw/ppc/xive.h
>> +++ b/include/hw/ppc/xive.h
>> @@ -415,6 +415,7 @@ uint64_t xive_tctx_tm_read(XiveTCTX *tctx, hwaddr 
>> offset, unsigned size);
>>  
>>  void xive_tctx_pic_print_info(XiveTCTX *tctx, Monitor *mon);
>>  Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp);
>> +void xive_tctx_reset(XiveTCTX *tctx);
>>  
>>  static inline uint32_t xive_nvt_cam_line(uint8_t nvt_blk, uint32_t nvt_idx)
>>  {
>> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
>> index ba32d2cc5b0f..0c3acf1a4192 100644
>> --- a/hw/intc/spapr_xive.c
>> +++ b/hw/intc/spapr_xive.c
>> @@ -553,6 +553,13 @@ static int 
>> spapr_xive_cpu_intc_create(SpaprInterruptController *intc,
>>  return 0;
>>  }
>>  
>> +static int spapr_xive_cpu_intc_reset(SpaprInterruptController *intc,
>> + PowerPCCPU *cpu, Error **errp)
>> +{
>> +xive_tctx_reset(spapr_cpu_state(cpu)->tctx);
>> +return 0;
>> +}
>> +
>>  static void spapr_xive_set_irq(SpaprInterruptController *intc, int irq, int 
>> val)
>>  {
>>  SpaprXive *xive = SPAPR_XIVE(intc);
>> @@ -697,6 +704,7 @@ static void spapr_xive_class_init(ObjectClass *klass, 
>> void *data)
>>  sicc->activate = spapr_xive_activate;
>>  sicc->deactivate = spapr_xive_deactivate;
>>  sicc->cpu_intc_create = spapr_xive_cpu_intc_create;
>> +sicc->cpu_intc_reset = spapr_xive_cpu_intc_reset;
>>  sicc->claim_irq = spapr_xive_claim_irq;
>>  sicc->free_irq = spapr_xive_free_irq;
>>  sicc->set_irq = spapr_xive_set_irq;
>> diff --git a/hw/intc/xics.c b/hw/intc/xics.c
>> index b5ac408f7b74..652771d6a5a5 100644
>> --- a/hw/intc/xics.c
>> +++ b/hw/intc/xics.c
>> @@ -295,6 +295,11 @@ static void icp_reset_handler(void *dev)
>>  }
>>  }
>>  
>> +void icp_reset(ICPState *icp)
>> +{
>> +icp_reset_handler(icp);
>> +}
>> +
>>  static void icp_realize(DeviceState *dev, Error **errp)
>>  {
>>  ICPState *icp = ICP(dev);
>> diff --git a/hw/intc/xics_spapr.c b/hw/intc/xics_spapr.c
>> index 4f64b9a

Re: [PATCH v7 1/2] docs: improve qcow2 spec about extending image header

[Vladimir Sementsov-Ogievskiy]

08.10.2019 12:05, Vladimir Sementsov-Ogievskiy wrote:
> 07.10.2019 23:21, Eric Blake wrote:
>> On 10/7/19 11:04 AM, Vladimir Sementsov-Ogievskiy wrote:
>>> Make it more obvious how to add new fields to the version 3 header and
>>> how to interpret them.
>>>
>>> Signed-off-by: Vladimir Sementsov-Ogievskiy 
>>> ---
>>>   docs/interop/qcow2.txt | 26 +++---
>>>   1 file changed, 23 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/docs/interop/qcow2.txt b/docs/interop/qcow2.txt
>>> index af5711e533..3f2855593f 100644
>>> --- a/docs/interop/qcow2.txt
>>> +++ b/docs/interop/qcow2.txt
>>> @@ -79,9 +79,9 @@ The first cluster of a qcow2 image contains the file 
>>> header:
>>>   Offset into the image file at which the snapshot table
>>>   starts. Must be aligned to a cluster boundary.
>>> -If the version is 3 or higher, the header has the following additional 
>>> fields.
>>> -For version 2, the values are assumed to be zero, unless specified 
>>> otherwise
>>> -in the description of a field.
>>> +For version 2, header is always 72 bytes length and finishes here.
>>> +For version 3 or higher the header length is at least 104 bytes and has at
>>> +least next five fields, up to the @header_length field.
>>
>> This hunk seems okay.
>>
>>>    72 -  79:  incompatible_features
>>>   Bitmask of incompatible features. An implementation 
>>> must
>>> @@ -165,6 +165,26 @@ in the description of a field.
>>>   Length of the header structure in bytes. For version 2
>>>   images, the length is always assumed to be 72 bytes.
>>> +Additional fields (version 3 and higher)
>>> +
>>> +The following fields of the header are optional: if software don't know 
>>> how to
>>> +interpret the field, it may safely ignore it. Still the field must be kept 
>>> as is
>>> +when rewriting the image.
>>
>> if software doesn't know how to interpret the field, it may be safely 
>> ignored, other than preserving the field unchanged when rewriting the image 
>> header.
>>
>> Missing:
>>
>> If header_length excludes an optional field, the value of 0 should be used 
>> for that field.
> 
> This is what I dislike in old wording. Why do we need this default-zero 
> thing[*]? What is the default?
> 
> Default is absence of the feature, we don't have these future features now 
> and don't care of them.
> What is this default 0 for us now? Nothing.
> 
> Consider some future version: if it sees that header_length excludes some 
> fields, it understands,
> that there is no such feature here. That's all. Work without it. The feature 
> itself should declare
> behavior without this feature, which should correspond to behavior before 
> this feature introduction..
> 
> So at least, I don't like "the value of 0 should be used for that field", as 
> instances of Qemu which
> don't know about the feature will ignore this requirement, as they don't need 
> any value of that
> field at all.
> 
> What you actually mean, IMHO, is: for all optional field 0 value must be 
> equal to absence of the feature,
> like when header_length excludes this field. I don't see, do we really need 
> this requirement, but
> seems it was mentioned before this patch and we'd better keep it.. I just 
> don't like concept of
> "default" value keeping in mind valid Qemu instances which don't know about 
> field at all.
> 
>>
>>> @header_length must be bound to the end of one of
>>> +these fields (or to @header_length field end itself, to be 104 bytes).
>>
>> We don't use the @header_length markup anywhere else in this file, starting 
>> to do so here is odd.
>>
>> I would suggest a stronger requirement:
>>
>> header_length must be a multiple of 4, and must not land in the middle of 
>> any optional 8-byte field.
>>
>> Or maybe even add our compression type extension with 4 bytes of padding, so 
>> that we could go even stronger:
>>
>> header_length must be a multiple of 8.
> 
> Hmm, if we imply that software will have to add some padding, than 
> requirement above about zero === feature-absence
> becomes necessary. [*]
> 
> Still I have two questions:
> 1. Do we really need all fields to be 4 or 8 bytes? Why not use 1 byte for 
> compression?
> 2. What is the benefit of padding, which you propose?

Hmm, now I think, that we should align header to multiply of 8, as header 
extensions are already have
"""
Directly after the image header, optional sections called header extensions can
be stored. Each extension has a structure like the following:

[...]

   n -  m:   Padding to round up the header extension size to the next
 multiple of 8.
"""

So, it looks inconsistent, if we pad all header extensions to  8 bytes except 
for the start of the first extension.

I'll resend with padding soon.

> 
>>
>>> +This definition implies the following:
>>> +1. Software may support some of these optional fields and ignore the 
>>> others,
>>> +   which m

Re: [PATCH 2/2] spapr/xive: Set the OS CAM line at reset

[Cédric Le Goater]

On 18/10/2019 10:07, Greg Kurz wrote:
> On Thu, 17 Oct 2019 16:42:41 +0200
> Cédric Le Goater  wrote:
> 
>> When a Virtual Processor is scheduled to run on a HW thread, the
>> hypervisor pushes its identifier in the OS CAM line. When running in
>> TCG or kernel_irqchip=off, QEMU needs to emulate the same behavior.
>>
> 
> This is only related to kernel_irqchip=off, which is always the case
> when running in TCG actually. Maybe rephrase to "When not running with
> an in-kernel irqchip, QEMU needs..." ?

yes. 


>> Introduce a 'os-cam' property which will be used to set the OS CAM
>> line at reset and remove the spapr_xive_set_tctx_os_cam() calls which
>> are done when the XIVE interrupt controller are activated.
>>
> 
> Since OS CAM is constant, I guess it is ok to make it a property.
> Alternatively, you could pass it as an extra parameter to
> xive_tctx_reset().


indeed. We have all we need to do that. I will wait for some feedback.

>> This change also has the benefit to remove the use of CPU_FOREACH()
>> which can be unsafe.
>>
> 
> Nice !
> 
>> Signed-off-by: Cédric Le Goater 
>> ---
>>  include/hw/ppc/spapr_xive.h |  1 -
>>  include/hw/ppc/xive.h   |  4 +++-
>>  hw/intc/spapr_xive.c| 31 +--
>>  hw/intc/xive.c  | 22 +-
>>  hw/ppc/pnv.c|  3 ++-
>>  5 files changed, 31 insertions(+), 30 deletions(-)
>>
>> diff --git a/include/hw/ppc/spapr_xive.h b/include/hw/ppc/spapr_xive.h
>> index d84bd5c229f0..742b7e834f2a 100644
>> --- a/include/hw/ppc/spapr_xive.h
>> +++ b/include/hw/ppc/spapr_xive.h
>> @@ -57,7 +57,6 @@ typedef struct SpaprXive {
>>  void spapr_xive_pic_print_info(SpaprXive *xive, Monitor *mon);
>>  
>>  void spapr_xive_hcall_init(SpaprMachineState *spapr);
>> -void spapr_xive_set_tctx_os_cam(XiveTCTX *tctx);
>>  void spapr_xive_mmio_set_enabled(SpaprXive *xive, bool enable);
>>  void spapr_xive_map_mmio(SpaprXive *xive);
>>  
>> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
>> index 99381639f50c..e273069c25a9 100644
>> --- a/include/hw/ppc/xive.h
>> +++ b/include/hw/ppc/xive.h
>> @@ -319,6 +319,7 @@ typedef struct XiveTCTX {
>>  qemu_irqos_output;
>>  
>>  uint8_t regs[XIVE_TM_RING_COUNT * XIVE_TM_RING_SIZE];
>> +uint32_tos_cam;
>>  } XiveTCTX;
>>  
>>  /*
>> @@ -414,7 +415,8 @@ void xive_tctx_tm_write(XiveTCTX *tctx, hwaddr offset, 
>> uint64_t value,
>>  uint64_t xive_tctx_tm_read(XiveTCTX *tctx, hwaddr offset, unsigned size);
>>  
>>  void xive_tctx_pic_print_info(XiveTCTX *tctx, Monitor *mon);
>> -Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp);
>> +Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, uint32_t os_cam,
>> + Error **errp);
>>  void xive_tctx_reset(XiveTCTX *tctx);
>>  
>>  static inline uint32_t xive_nvt_cam_line(uint8_t nvt_blk, uint32_t nvt_idx)
>> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
>> index 0c3acf1a4192..71f138512a1c 100644
>> --- a/hw/intc/spapr_xive.c
>> +++ b/hw/intc/spapr_xive.c
>> @@ -205,21 +205,13 @@ void spapr_xive_mmio_set_enabled(SpaprXive *xive, bool 
>> enable)
>>  memory_region_set_enabled(&xive->end_source.esb_mmio, false);
>>  }
>>  
>> -/*
>> - * When a Virtual Processor is scheduled to run on a HW thread, the
>> - * hypervisor pushes its identifier in the OS CAM line. Emulate the
>> - * same behavior under QEMU.
>> - */
>> -void spapr_xive_set_tctx_os_cam(XiveTCTX *tctx)
>> +static uint32_t spapr_xive_get_os_cam(PowerPCCPU *cpu)
>>  {
>>  uint8_t  nvt_blk;
>>  uint32_t nvt_idx;
>> -uint32_t nvt_cam;
>> -
>> -spapr_xive_cpu_to_nvt(POWERPC_CPU(tctx->cs), &nvt_blk, &nvt_idx);
>>  
>> -nvt_cam = cpu_to_be32(TM_QW1W2_VO | xive_nvt_cam_line(nvt_blk, 
>> nvt_idx));
>> -memcpy(&tctx->regs[TM_QW1_OS + TM_WORD2], &nvt_cam, 4);
>> +spapr_xive_cpu_to_nvt(cpu, &nvt_blk, &nvt_idx);
>> +return xive_nvt_cam_line(nvt_blk, nvt_idx);
>>  }
>>  
>>  static void spapr_xive_end_reset(XiveEND *end)
>> @@ -537,19 +529,14 @@ static int 
>> spapr_xive_cpu_intc_create(SpaprInterruptController *intc,
>>  SpaprXive *xive = SPAPR_XIVE(intc);
>>  Object *obj;
>>  SpaprCpuState *spapr_cpu = spapr_cpu_state(cpu);
>> +uint32_t os_cam = spapr_xive_get_os_cam(cpu);
>>  
>> -obj = xive_tctx_create(OBJECT(cpu), XIVE_ROUTER(xive), errp);
>> +obj = xive_tctx_create(OBJECT(cpu), XIVE_ROUTER(xive), os_cam, errp);
>>  if (!obj) {
>>  return -1;
>>  }
>>  
>>  spapr_cpu->tctx = XIVE_TCTX(obj);
>> -
>> -/*
>> - * (TCG) Early setting the OS CAM line for hotplugged CPUs as they
>> - * don't beneficiate from the reset of the XIVE IRQ backend
>> - */
>> -spapr_xive_set_tctx_os_cam(spapr_cpu->tctx);
>>  return 0;
>>  }
>>  
>> @@ -650,14 +637,6 @@ static void spapr_xive_dt(SpaprInterruptController 
>> *intc, uint32_t nr_servers,
>>  static int spapr_xive_activate(SpaprInterruptController *intc, Error **errp)
>> 

Re: [PATCH] block/backup: drop dead code from backup_job_create

[Stefano Garzarella]

Hi Vladimir,

On Thu, Oct 17, 2019 at 05:21:22PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> After commit 00e30f05de1d195, there is no more "goto error" points
> after job creation, so after "error:" @job is always NULL and we don't
> need roll-back job creation.

I don't know this code very well, but IIUC only block_job_add_bdrv() could
fail after the job creation, but this shouldn't happen because "Required
permissions are already taken by backup-top target", so it seems safe
for me:

Acked-by: Stefano Garzarella 

Thanks,
Stefano

> 
> Reported-by: Coverity (CID 1406402)
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>  block/backup.c | 5 +
>  1 file changed, 1 insertion(+), 4 deletions(-)
> 
> diff --git a/block/backup.c b/block/backup.c
> index 46978c1785..6e1497f7bb 100644
> --- a/block/backup.c
> +++ b/block/backup.c
> @@ -474,10 +474,7 @@ BlockJob *backup_job_create(const char *job_id, 
> BlockDriverState *bs,
>  if (sync_bitmap) {
>  bdrv_reclaim_dirty_bitmap(bs, sync_bitmap, NULL);
>  }
> -if (job) {
> -backup_clean(&job->common.job);
> -job_early_fail(&job->common.job);
> -} else if (backup_top) {
> +if (backup_top) {
>  bdrv_backup_top_drop(backup_top);
>  }
>  
> -- 
> 2.21.0
> 
> 

Re: [PATCH v2 2/2] migration: savevm_state_handler_insert: constant-time element insertion

[Laurent Vivier]

On 18/10/2019 10:16, Dr. David Alan Gilbert wrote:
> * Scott Cheloha (chel...@linux.vnet.ibm.com) wrote:
>> savevm_state's SaveStateEntry TAILQ is a priority queue.  Priority
>> sorting is maintained by searching from head to tail for a suitable
>> insertion spot.  Insertion is thus an O(n) operation.
>>
>> If we instead keep track of the head of each priority's subqueue
>> within that larger queue we can reduce this operation to O(1) time.
>>
>> savevm_state_handler_remove() becomes slightly more complex to
>> accomodate these gains: we need to replace the head of a priority's
>> subqueue when removing it.
>>
>> With O(1) insertion, booting VMs with many SaveStateEntry objects is
>> more plausible.  For example, a ppc64 VM with maxmem=8T has 4 such
>> objects to insert.
> 
> Separate from reviewing this patch, I'd like to understand why you've
> got 4 objects.  This feels very very wrong and is likely to cause
> problems to random other bits of qemu as well.

I think the 4 objects are the "dr-connectors" that are used to plug
peripherals (memory, pci card, cpus, ...).

https://github.com/qemu/qemu/blob/master/hw/ppc/spapr_drc.c

They are part of SPAPR specification.

https://raw.githubusercontent.com/qemu/qemu/master/docs/specs/ppc-spapr-hotplug.txt

CC Michael Roth

Thanks,
Laurent

RE: [QEMU][PATCH v2] ssi: xilinx_spips: Skip update of cs and fifo releated to spips in gqspi

[Sai Pavan Boddu]

Hi Francisco,

Thanks I will send a V3 following your suggestion.

Regards,
Sai Pavan

> -Original Message-
> From: Francisco Iglesias 
> Sent: Thursday, October 17, 2019 7:05 PM
> To: Sai Pavan Boddu 
> Cc: Alistair Francis ; Edgar Iglesias
> ; Peter Maydell ; qemu-
> de...@nongnu.org
> Subject: Re: [QEMU][PATCH v2] ssi: xilinx_spips: Skip update of cs and fifo
> releated to spips in gqspi
> 
> Hi Sai,
> 
> On [2019 Oct 17] Thu 15:47:54, Sai Pavan Boddu wrote:
> > GQSPI handles chip selects and fifos in a different way compared to
> > spips. So skip update of cs and fifos related to spips in gqspi mode.
> >
> > Signed-off-by: Sai Pavan Boddu 
> > ---
> > Changes for V2:
> > Just skip update of spips cs and fifos
> > Update commit message accordingly
> >
> >  hw/ssi/xilinx_spips.c | 7 +++
> >  1 file changed, 7 insertions(+)
> >
> > diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c index
> > a309c71..27154b0 100644
> > --- a/hw/ssi/xilinx_spips.c
> > +++ b/hw/ssi/xilinx_spips.c
> > @@ -1022,6 +1022,13 @@ static void xilinx_spips_write(void *opaque,
> hwaddr addr,
> >  }
> >  s->regs[addr] = (s->regs[addr] & ~mask) | (value & mask);
> >  no_reg_update:
> > +/* In GQSPI mode skip update of CS and fifo's related to spips */
> > +if (object_dynamic_cast(OBJECT(s), TYPE_XLNX_ZYNQMP_QSPIPS)) {
> > +XlnxZynqMPQSPIPS *ss = XLNX_ZYNQMP_QSPIPS(s);
> > +if (ARRAY_FIELD_EX32(ss->regs, GQSPI_SELECT, GENERIC_QSPI_EN))
> {
> > +return;
> > +}
> > +}
> 
> Above corrects the issue for the zynqmp but not for the other two models
> (below functions shouldn't be called when writing the mentioned config regs
> for them either), would it be ok for you to expand to the switch cases you
> had in v1 (into the switch in this function and return after updating the reg
> values)? (the correction will then spawn all three
> models)
> 
> Best regards,
> Francisco Iglesias
> 
> >  xilinx_spips_update_cs_lines(s);
> >  xilinx_spips_check_flush(s);
> >  xilinx_spips_update_cs_lines(s);
> > --
> > 2.7.4
> >
> >

[Bug 1848556] Re: qemu-img check failing on remote image in Eoan

[Christian Ehrhardt ]

Since it seemed so easy, while bisecting I found that it hangs with
v4.0.0 and v3.1.0 from git and even v3.0.0.

Since the reported good version was 3.1 I began to wonder if I might have 
overlooked something.
I wondered if it might be e.g. the apache version providing a different 
behavior on http.


I was trying to access the same apache server with 4.0 and 3.1 and ran it 
against the download target:
$ qemu-img check 
https://download.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2

3.1 ran into a segfault and 4.0 seems to hang on that.
Maybe I should take a break and revisit that later, as people might have an 
idea already what this might be about.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1848556

Title:
  qemu-img check failing on remote image in Eoan

Status in QEMU:
  Confirmed
Status in qemu package in Ubuntu:
  New

Bug description:
  The "qemu-img check" function is failing on remote (HTTP-hosted)
  images, beginning with Ubuntu 19.10 (qemu-utils version 1:4.0+dfsg-
  0ubuntu9). With previous versions, through Ubuntu 19.04/qemu-utils
  version 1:3.1+dfsg-2ubuntu3.5, the following worked:

  $ /usr/bin/qemu-img check  
http://10.193.37.117/cloud/eoan-server-cloudimg-amd64.img
  No errors were found on the image.
  19778/36032 = 54.89% allocated, 90.34% fragmented, 89.90% compressed clusters
  Image end offset: 514064384

  The 10.193.37.117 server holds an Apache server that hosts the cloud
  images on a LAN. Beginning with Ubuntu 19.10/qemu-utils 1:4.0+dfsg-
  0ubuntu9, the same command never returns. (I've left it for up to an
  hour with no change.) I'm able to wget the image from the same server
  and installation on which qemu-img check fails. I've tried several
  .img files on the server, ranging from Bionic to Eoan, with the same
  results with all of them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1848556/+subscriptions

Re: [PATCH] hw/s390x: Emit a warning if user tried to enable USB

[Cornelia Huck]

On Fri, 18 Oct 2019 08:35:17 +0200
Thomas Huth  wrote:

> On 17/10/2019 20.18, Philippe Mathieu-Daudé wrote:
> > On 10/17/19 4:40 PM, Thomas Huth wrote:  
> >> On 17/10/2019 16.34, Cornelia Huck wrote:  
> >>> On Thu, 17 Oct 2019 16:21:23 +0200
> >>> Thomas Huth  wrote:
> >>>  
>  There is no USB on s390x, so running qemu-system-s390x with
>  "-machine ...,usb=on" is certainly wrong. Emit a warning to make
>  the users aware of their misconfiguration.
> 
>  Signed-off-by: Thomas Huth 
>  ---
>    After a year or two, we could finally turn this into a hard error,
>    but I think we should give the users some time to fix their command
>    lines first, so I'm initially only emitting a warning here.
> 
>    hw/s390x/s390-virtio-ccw.c | 4 
>    1 file changed, 4 insertions(+)
> 
>  diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
>  index d3edeef0ad..af8c4c0daf 100644
>  --- a/hw/s390x/s390-virtio-ccw.c
>  +++ b/hw/s390x/s390-virtio-ccw.c
>  @@ -243,6 +243,10 @@ static void ccw_init(MachineState *machine)
>    VirtualCssBus *css_bus;
>    DeviceState *dev;
>    +    if (machine->usb) {
>  +    warn_report("This machine does not support USB");  
> >>>
> >>> I'm wondering if this is the only machine type not supporting usb...
> >>> if not, how are others handling it?  
> >>
> >> I think most machines are silently ignoring it, like we did on s390x
> >> until now, too.
> >>  
> >>> The usb parsing code in machine.c does not care if usb is even
> >>> configured (CONFIG_USB).  
> >>
> >> machine.c is common code, so you can not use CONFIG_USB there.  
> > 
> > We already have:
> > 
> > bool target_words_bigendian(void)
> > {
> > #if defined(TARGET_WORDS_BIGENDIAN)
> >     return true;
> > #else
> >     return false;
> > #endif
> > }  
> 
> ... and kvm_available() and xen_available() ...
> 
> > diff --git a/hw/usb/machine.c b/hw/usb/machine.c
> > new file mode 100644
> > index 00..5381928479
> > --- /dev/null
> > +++ b/hw/usb/machine.c
> > @@ -0,0 +1,12 @@
> > +#include "qemu/osdep.h"
> > +#include "hw/boards.h"
> > +#include "config-devices.h"
> > +
> > +bool machine_has_usb(void)
> > +{
> > +#if defined(CONFIG_USB)
> > +    return true;
> > +#else
> > +    return false;
> > +#endif
> > +}  
> 
> I think I'd rather call it usb_available() (like the other _available()
> functions) and put it into arch_init.c (and rename that file to arch.c
> or target.c or something like that).

I like 'usb_available()'.

Maybe we should also warn for igd_passthru if not xen_available()? Not
sure how helpful that is, though. Even if we warn and put it in the
deprecation notes, I'm not sure how much we'd gain if we were to make
it an actual error.

Re: iotest failure -- test possibly not using sufficiently unique temp filename?

[Max Reitz]

On 18.10.19 08:20, Thomas Huth wrote:
> On 17/10/2019 18.41, Peter Maydell wrote:
>> On Fri, 27 Sep 2019 at 17:44, Max Reitz  wrote:
>>>
>>> On 27.09.19 18:39, Peter Maydell wrote:
 Hi; I just saw this iotest failure (on an s390x box, as it happens):

   TESTiotest-qcow2: 130 [fail]
 QEMU  --
 "/home/linux1/qemu/build/all/tests/qemu-iotests/../../s390x-softmmu/qemu-system-s390x"
 -nodefaults -display none -machine accel=qtest
 QEMU_IMG  -- 
 "/home/linux1/qemu/build/all/tests/qemu-iotests/../../qemu-img"
 QEMU_IO   --
 "/home/linux1/qemu/build/all/tests/qemu-iotests/../../qemu-io"
 --cache writeback -f qcow2
 QEMU_NBD  -- 
 "/home/linux1/qemu/build/all/tests/qemu-iotests/../../qemu-nbd"
 IMGFMT-- qcow2 (compat=1.1)
 IMGPROTO  -- file
 PLATFORM  -- Linux/s390x lxub05 4.15.0-58-generic
 TEST_DIR  -- /home/linux1/qemu/build/all/tests/qemu-iotests/scratch
 SOCKET_SCM_HELPER --
 /home/linux1/qemu/build/all/tests/qemu-iotests/socket_scm_helper

 --- /home/linux1/qemu/tests/qemu-iotests/130.out2019-05-10
 12:27:16.948075733 -0400
 +++ /home/linux1/qemu/build/all/tests/qemu-iotests/130.out.bad
 2019-09-27 12:01:23.649722655 -0400
 @@ -18,20 +18,22 @@
  QEMU X.Y.Z monitor - type 'help' for more information
  (qemu) commit testdisk
  (qemu)
 -image: TEST_DIR/t.IMGFMT
 -file format: IMGFMT
 -virtual size: 64 MiB (67108864 bytes)
 -backing file: TEST_DIR/t.IMGFMT.orig
 -backing file format: raw
 +qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Failed to get shared 
 "write" lock
 +Is another process using the image [TEST_DIR/t.IMGFMT]?

  === Marking image dirty (lazy refcounts) ===

 +qemu-img: TEST_DIR/t.IMGFMT: Failed to get "write" lock
 +Is another process using the image [TEST_DIR/t.IMGFMT]?
  Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
 -wrote 4096/4096 bytes at offset 0
 -4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 +qemu-io: can't open device
 /home/linux1/qemu/build/all/tests/qemu-iotests/scratch/t.qcow2: Failed
 to get "write" lock
 +Is another process using the image
 [/home/linux1/qemu/build/all/tests/qemu-iotests/scratch/t.qcow2]?
 +no file open, try 'help open'
  image: TEST_DIR/t.IMGFMT
  file format: IMGFMT
  virtual size: 64 MiB (67108864 bytes)
 +backing file: TEST_DIR/t.IMGFMT.orig
 +backing file format: raw
  Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
 backing_file=TEST_DIR/t.IMGFMT.orig backing_fmt=raw
  wrote 4096/4096 bytes at offset 0
  4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)



 This looks suspiciously like the test isn't using a unique
 filename for its disk image: "qemu-iotests/scratch/t.qcow2"
 in the build directory, and so perhaps it has collided with
 another iotest ?

 If we run 'make check' with a -j option do the
 iotests all get run serially anyway, or do they run in
 parallel against each other ?
>>>
>>> As far as I know, all iotests are executed serially.  Anything else
>>> would not work with the same scratch directory.
>>>
>>> The only thing I suspect is that some tool has been accidentally left
>>> running by some previous test that still accesses its own image.  But I
>>> don’t know.
>>
>> Just saw this one again with the same iotest 130 on the same
>> s390 box; only difference is that the log this time around
>> has the first part where qemu-img fails, but not the second part
>> where qemu-io fails:
>>
>> --- /home/linux1/qemu/tests/qemu-iotests/130.out2019-05-10
>> 12:27:16.948075733 -0400
>> +++ /home/linux1/qemu/build/all/tests/qemu-iotests/130.out.bad
>> 2019-10-17 11:56:43.450750873 -0400
>> @@ -18,11 +18,8 @@
>>  QEMU X.Y.Z monitor - type 'help' for more information
>>  (qemu) commit testdisk
>>  (qemu)
>> -image: TEST_DIR/t.IMGFMT
>> -file format: IMGFMT
>> -virtual size: 64 MiB (67108864 bytes)
>> -backing file: TEST_DIR/t.IMGFMT.orig
>> -backing file format: raw
>> +qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Failed to get shared "write" 
>> lock
>> +Is another process using the image [TEST_DIR/t.IMGFMT]?
>>
>>  === Marking image dirty (lazy refcounts) ===
>>
>> On the host machine there don't seem to be any stray
>> processes which might have held the file open, and
>> indeed the file doesn't exist at all, so it got removed
>> by some cleanup or other.
> 
> Ok, so unless someone has a clue what might be going on here (is there a
> race in the test?), I'd suggest that we simply remove 130 from the auto
> group again. Shall I send a patch?

I don’t have much of an idea.  It looks like maybe the qemu process
(which dos the commit) is lingering, but that shouldn’t be because
_cleanup_qemu always waits for it.  (Also, I can’t reproduce the problem
on my system.)

The only hunch that I 

Re: [PATCH v32 04/13] target/avr: Add instruction translation - Registers definition

[Aleksandar Markovic]

On Thursday, October 17, 2019, Michael Rolnik  wrote:

> On Thu, Oct 17, 2019 at 11:17 PM Aleksandar Markovic
>  wrote:
> >>
> >>
> >> >> +static TCGv cpu_Cf;
> >> >> +static TCGv cpu_Zf;
> >> >> +static TCGv cpu_Nf;
> >> >> +static TCGv cpu_Vf;
> >> >> +static TCGv cpu_Sf;
> >> >> +static TCGv cpu_Hf;
> >> >> +static TCGv cpu_Tf;
> >> >> +static TCGv cpu_If;
> >> >> +
> >> >
> >> >
> >> > Hello, Michael,
> >> >
> >> > Is there any particular reason or motivation beyond modelling status
> register flags as TCGv variables?
> >>
> >>
> >>
> >> I think it's easier this way as I don't need to convert flag values to
> >> bits or bits to flag values.
> >
> >
> > Ok. But, how do you map 0/1 flag value to the value of a TCGv variable
> and vice versa? In other words, what value or values (out of 2^32 vales) of
> a TCGv variable mean the flag is 1? And the same question for 0.
> >
> > Is 01111110100 one or zero?
> >
> > Besides, in such arrangement, how do you display the 8-bit status
> register in gdb, if at all?
>
> each flag register is either 0 or 1,


>
>
Michael,

If this is true, why is there a special handling of two flags in the
following code:


static inline uint8_t cpu_get_sreg(CPUAVRState *env)
{
uint8_t sreg;
sreg = (env->sregC & 0x01) << 0
| (env->sregZ == 0 ? 1 : 0) << 1
| (env->sregN) << 2
| (env->sregV) << 3
| (env->sregS) << 4
| (env->sregH) << 5
| (env->sregT) << 6
| (env->sregI) << 7;
return sreg;
}
static inline void cpu_set_sreg(CPUAVRState *env, uint8_t sreg)
{
env->sregC = (sreg >> 0) & 0x01;
env->sregZ = (sreg >> 1) & 0x01 ? 0 : 1;
env->sregN = (sreg >> 2) & 0x01;
env->sregV = (sreg >> 3) & 0x01;
env->sregS = (sreg >> 4) & 0x01;
env->sregH = (sreg >> 5) & 0x01;
env->sregT = (sreg >> 6) & 0x01;
env->sregI = (sreg >> 7) & 0x01;
}
 ?


Thanks,
A.

>
>  they are calculated here
> 1. https://github.com/michaelrolnik/qemu-avr/blob/
> avr-v32/target/avr/translate.c#L146-L148
> 2. https://github.com/michaelrolnik/qemu-avr/blob/
> avr-v32/target/avr/translate.c#L166
> 3. https://github.com/michaelrolnik/qemu-avr/blob/
> avr-v32/target/avr/translate.c#L185-L187
> 4. https://github.com/michaelrolnik/qemu-avr/blob/
> avr-v32/target/avr/translate.c#L205
> 5. https://github.com/michaelrolnik/qemu-avr/blob/
> avr-v32/target/avr/translate.c#L214-L215
> 6. https://github.com/michaelrolnik/qemu-avr/blob/
> avr-v32/target/avr/translate.c#L222-L223
> The COU itself never uses SREG at all, only the flags.
>
> As for the GDB it's get assembled/disassembled here
> 1. https://github.com/michaelrolnik/qemu-avr/blob/
> avr-v32/target/avr/cpu.h#L219-L243
> 2. https://github.com/michaelrolnik/qemu-avr/blob/
> avr-v32/target/avr/gdbstub.c#L35-L37
> 3. https://github.com/michaelrolnik/qemu-avr/blob/
> avr-v32/target/avr/gdbstub.c#L66-L68
>
> >
> > A.
> >
> >>
> >> >
> >> > A.
> >> >
> >> >
> >> >
> >> >>
> >> >> +static TCGv cpu_rampD;
> >> >> +static TCGv cpu_rampX;
> >> >> +static TCGv cpu_rampY;
> >> >> +static TCGv cpu_rampZ;
> >> >> +
> >> >> +static TCGv cpu_r[NO_CPU_REGISTERS];
> >> >> +static TCGv cpu_eind;
> >> >> +static TCGv cpu_sp;
> >> >> +
> >> >> +static TCGv cpu_skip;
> >> >> +
> >> >> +static const char reg_names[NO_CPU_REGISTERS][8] = {
> >> >> +"r0",  "r1",  "r2",  "r3",  "r4",  "r5",  "r6",  "r7",
> >> >> +"r8",  "r9",  "r10", "r11", "r12", "r13", "r14", "r15",
> >> >> +"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
> >> >> +"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
> >> >> +};
> >> >> +#define REG(x) (cpu_r[x])
> >> >> +
> >> >> +enum {
> >> >> +DISAS_EXIT   = DISAS_TARGET_0,  /* We want return to the cpu
> main loop.  */
> >> >> +DISAS_LOOKUP = DISAS_TARGET_1,  /* We have a variable condition
> exit.  */
> >> >> +DISAS_CHAIN  = DISAS_TARGET_2,  /* We have a single condition
> exit.  */
> >> >> +};
> >> >> +
> >> >> +typedef struct DisasContext DisasContext;
> >> >> +
> >> >> +/* This is the state at translation time. */
> >> >> +struct DisasContext {
> >> >> +TranslationBlock *tb;
> >> >> +
> >> >> +CPUAVRState *env;
> >> >> +CPUState *cs;
> >> >> +
> >> >> +target_long npc;
> >> >> +uint32_t opcode;
> >> >> +
> >> >> +/* Routine used to access memory */
> >> >> +int memidx;
> >> >> +int bstate;
> >> >> +int singlestep;
> >> >> +
> >> >> +TCGv skip_var0;
> >> >> +TCGv skip_var1;
> >> >> +TCGCond skip_cond;
> >> >> +bool free_skip_var0;
> >> >> +};
> >> >> +
> >> >> +static int to_A(DisasContext *ctx, int indx) { return 16 + (indx %
> 16); }
> >> >> +static int to_B(DisasContext *ctx, int indx) { return 16 + (indx %
> 8); }
> >> >> +static int to_C(DisasContext *ctx, int indx) { return 24 + (indx %
> 4) * 2; }
> >> >> +static int to_D(DisasContext *ctx, int indx) { return (indx % 16) *
> 2; }
> >> >> +
> >> >> +static uint16_t next_word(DisasContext *ctx)
> >> >> +{
> >> >> +return cpu_lduw_code(ctx->env, ctx->npc++ * 2);
> >> >> +}
> >> >> +
> >> >> +static int append_16(DisasCont

[Bug 1848556] Re: qemu-img check failing on remote image in Eoan

[Max Reitz]

Hi,

Could you try the qemu’s master branch?
bfb23b480a49114315877aacf700b49453e0f9d9 has fixed an issue that sounds
very much like this.  The problem in that case is that libcurl 7.59.0
changed behavior, so bisecting qemu will not produce results.

Max

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1848556

Title:
  qemu-img check failing on remote image in Eoan

Status in QEMU:
  Confirmed
Status in qemu package in Ubuntu:
  New

Bug description:
  The "qemu-img check" function is failing on remote (HTTP-hosted)
  images, beginning with Ubuntu 19.10 (qemu-utils version 1:4.0+dfsg-
  0ubuntu9). With previous versions, through Ubuntu 19.04/qemu-utils
  version 1:3.1+dfsg-2ubuntu3.5, the following worked:

  $ /usr/bin/qemu-img check  
http://10.193.37.117/cloud/eoan-server-cloudimg-amd64.img
  No errors were found on the image.
  19778/36032 = 54.89% allocated, 90.34% fragmented, 89.90% compressed clusters
  Image end offset: 514064384

  The 10.193.37.117 server holds an Apache server that hosts the cloud
  images on a LAN. Beginning with Ubuntu 19.10/qemu-utils 1:4.0+dfsg-
  0ubuntu9, the same command never returns. (I've left it for up to an
  hour with no change.) I'm able to wget the image from the same server
  and installation on which qemu-img check fails. I've tried several
  .img files on the server, ranging from Bionic to Eoan, with the same
  results with all of them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1848556/+subscriptions

Re: [PATCH v2 01/23] iotests: Introduce $SOCK_DIR

[Max Reitz]

On 17.10.19 16:52, Eric Blake wrote:
> On 10/17/19 8:31 AM, Max Reitz wrote:
>> Unix sockets generally have a maximum path length.  Depending on your
>> $TEST_DIR, it may be exceeded and then all tests that create and use
>> Unix sockets there may fail.
>>
>> Circumvent this by adding a new scratch directory specifically for
>> Unix socket files.  It defaults to a temporary directory (mktemp -d)
>> that is completely removed after the iotests are done.
>>
>> (By default, mktemp -d creates a /tmp/tmp.XX directory, which
>> should be short enough for our use cases.)
>>
>> Use mkdir -p to create the directory (because it seems right), and do
>> the same for $TEST_DIR (because there is no reason for that to be
>> created in any different way).
>>
>> Signed-off-by: Max Reitz 
>> ---
>>   tests/qemu-iotests/check | 15 +--
>>   1 file changed, 13 insertions(+), 2 deletions(-)
> 
>> @@ -116,10 +117,14 @@ set_prog_path()
>>   if [ -z "$TEST_DIR" ]; then
>>   TEST_DIR=$PWD/scratch
>>   fi
>> +mkdir -p "$TEST_DIR" || _init_error 'Failed to create TEST_DIR'
> 
> This one seems fine. We are either using the user's name (and if it is
> pre-existing, not fail) or using a well-known name (if someone else
> slams in files into that directory in parallel with our test run, oh
> well).  But at least the well-known name is a directory that is probably
> already accessible only to the current user, not world-writable.
> 
>>   -if [ ! -e "$TEST_DIR" ]; then
>> -    mkdir "$TEST_DIR"
>> +tmp_sock_dir=false
>> +if [ -z "$SOCK_DIR" ]; then
>> +    SOCK_DIR=$(mktemp -d)
>> +    tmp_sock_dir=true
>>   fi
>> +mkdir -p "$SOCK_DIR" || _init_error 'Failed to create SOCK_DIR'
> 
> Thinking about this again: if the user passed in a name, we probably
> want to use it no matter whether the directory already exists (mkdir -p
> makes sense: either the directory did not exist, or the user is in
> charge of passing us a directory that they already secured).  But if we
> generate our own name in a world-writable location in /tmp, using mkdir
> -p means someone else can race us to the creation of the directory, and
> potentially populate it in a way to cause us a security hole while we
> execute our tests.

I don’t quite see how this is a security hole.  mktemp -d creates the
directory, so noone can race us.

Max

> I would be a bit more comfortable with:
> 
> tmp_sock_dir=false
> tmp_sock_opt=-p
> if [ -z "$SOCK_DIR" ]; then
>     SOCK_DIR=$(mktemp -d)
>     tmp_sock_dir=true
>     tmp_sock_opt=  # disable -p for our generated name
> fi
> mkdir $tmp_sock_opt "$SOCK_DIR" || _init_error 'Failed to create SOCK_DIR'
> 




signature.asc
Description: OpenPGP digital signature

[PATCH v3] ssi: xilinx_spips: Skip spi bus update for few register writes

[Sai Pavan Boddu]

Few of the register writes need not update the spi bus state, so just
return after reg write. Added few more dummy register offsets which need
the same behaviour.

Signed-off-by: Sai Pavan Boddu 
---
Changes for V2:
Just skip update of spips cs and fifos
Update commit message accordingly
Changes for V3:
Avoid checking for zynqmp qspi
Skip spi bus update for few of the registers

 hw/ssi/xilinx_spips.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index a309c71..c23de47 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -109,6 +109,7 @@
 #define R_GPIO  (0x30 / 4)
 #define R_LPBK_DLY_ADJ  (0x38 / 4)
 #define R_LPBK_DLY_ADJ_RESET (0x33)
+#define R_IOU_TAPDLY_BYPASS (0x3C / 4)
 #define R_TXD1  (0x80 / 4)
 #define R_TXD2  (0x84 / 4)
 #define R_TXD3  (0x88 / 4)
@@ -139,6 +140,8 @@
 #define R_LQSPI_STS (0xA4 / 4)
 #define LQSPI_STS_WR_RECVD  (1 << 1)
 
+#define R_DUMMY_CYCLE_EN(0xC8 / 4)
+#define R_ECO   (0xF8 / 4)
 #define R_MOD_ID(0xFC / 4)
 
 #define R_GQSPI_SELECT  (0x144 / 4)
@@ -1022,6 +1025,15 @@ static void xilinx_spips_write(void *opaque, hwaddr addr,
 }
 s->regs[addr] = (s->regs[addr] & ~mask) | (value & mask);
 no_reg_update:
+/* Skip SPI bus update for below registers writes */
+switch (addr) {
+case R_GPIO:
+case R_LPBK_DLY_ADJ:
+case R_IOU_TAPDLY_BYPASS:
+case R_DUMMY_CYCLE_EN:
+case R_ECO:
+return;
+}
 xilinx_spips_update_cs_lines(s);
 xilinx_spips_check_flush(s);
 xilinx_spips_update_cs_lines(s);
-- 
2.7.4

Re: [PATCH 25/32] hw/pci-host/piix: Extract piix3_create()

[Aleksandar Markovic]

On Tuesday, October 15, 2019, Philippe Mathieu-Daudé 
wrote:

> Extract the PIIX3 creation code from the i440fx_init() function.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/pci-host/piix.c | 51 --
>  1 file changed, 31 insertions(+), 20 deletions(-)
>
>
Reviewed-by: Aleksandar Markovic 


> diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
> index 2f4cbcbfe9..3292703de7 100644
> --- a/hw/pci-host/piix.c
> +++ b/hw/pci-host/piix.c
> @@ -331,6 +331,36 @@ static void i440fx_realize(PCIDevice *dev, Error
> **errp)
>  }
>  }
>
> +static PIIX3State *piix3_create(PCIBus *pci_bus, ISABus **isa_bus)
> +{
> +PIIX3State *piix3;
> +PCIDevice *pci_dev;
> +
> +/*
> + * Xen supports additional interrupt routes from the PCI devices to
> + * the IOAPIC: the four pins of each PCI device on the bus are also
> + * connected to the IOAPIC directly.
> + * These additional routes can be discovered through ACPI.
> + */
> +if (xen_enabled()) {
> +pci_dev = pci_create_simple_multifunction(pci_bus, -1, true,
> +  TYPE_PIIX3_XEN_DEVICE);
> +piix3 = PIIX3_PCI_DEVICE(pci_dev);
> +pci_bus_irqs(pci_bus, xen_piix3_set_irq, xen_pci_slot_get_pirq,
> + piix3, XEN_PIIX_NUM_PIRQS);
> +} else {
> +pci_dev = pci_create_simple_multifunction(pci_bus, -1, true,
> +  TYPE_PIIX3_DEVICE);
> +piix3 = PIIX3_PCI_DEVICE(pci_dev);
> +pci_bus_irqs(pci_bus, piix3_set_irq, pci_slot_get_pirq,
> + piix3, PIIX_NUM_PIRQS);
> +pci_bus_set_route_irq_fn(pci_bus, piix3_route_intx_pin_to_irq);
> +}
> +*isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(piix3), "isa.0"));
> +
> +return piix3;
> +}
> +
>  PCIBus *i440fx_init(const char *host_type, const char *pci_type,
>  PCII440FXState **pi440fx_state,
>  int *piix3_devfn,
> @@ -400,27 +430,8 @@ PCIBus *i440fx_init(const char *host_type, const char
> *pci_type,
>   PAM_EXPAN_SIZE);
>  }
>
> -/* Xen supports additional interrupt routes from the PCI devices to
> - * the IOAPIC: the four pins of each PCI device on the bus are also
> - * connected to the IOAPIC directly.
> - * These additional routes can be discovered through ACPI. */
> -if (xen_enabled()) {
> -PCIDevice *pci_dev = pci_create_simple_multifunction(b,
> - -1, true, TYPE_PIIX3_XEN_DEVICE);
> -piix3 = PIIX3_PCI_DEVICE(pci_dev);
> -pci_bus_irqs(b, xen_piix3_set_irq, xen_pci_slot_get_pirq,
> -piix3, XEN_PIIX_NUM_PIRQS);
> -} else {
> -PCIDevice *pci_dev = pci_create_simple_multifunction(b,
> - -1, true, TYPE_PIIX3_DEVICE);
> -piix3 = PIIX3_PCI_DEVICE(pci_dev);
> -pci_bus_irqs(b, piix3_set_irq, pci_slot_get_pirq, piix3,
> -PIIX_NUM_PIRQS);
> -pci_bus_set_route_irq_fn(b, piix3_route_intx_pin_to_irq);
> -}
> +piix3 = piix3_create(b, isa_bus);
>  piix3->pic = pic;
> -*isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(piix3), "isa.0"));
> -
>  *piix3_devfn = piix3->dev.devfn;
>
>  ram_size = ram_size / 8 / 1024 / 1024;
> --
> 2.21.0
>
>
>

Re: [PATCH 26/32] hw/pci-host/piix: Move RCR_IOPORT register definition

[Aleksandar Markovic]

On Tuesday, October 15, 2019, Philippe Mathieu-Daudé 
wrote:

> From: Philippe Mathieu-Daudé 
>
> The RCR_IOPORT register belongs to the PIIX chipset.
> Move the definition to "piix.h".
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/pci-host/piix.c| 1 +
>  include/hw/i386/pc.h  | 6 --
>  include/hw/southbridge/piix.h | 6 ++
>  3 files changed, 7 insertions(+), 6 deletions(-)
>
>
Does it make sense to add prefix PIIX_ or a similar one to the register
name?

In any case:

Reviewed-by: Aleksandar Markovic 


> diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
> index 3292703de7..3770575c1a 100644
> --- a/hw/pci-host/piix.c
> +++ b/hw/pci-host/piix.c
> @@ -27,6 +27,7 @@
>  #include "hw/irq.h"
>  #include "hw/pci/pci.h"
>  #include "hw/pci/pci_host.h"
> +#include "hw/southbridge/piix.h"
>  #include "hw/qdev-properties.h"
>  #include "hw/isa/isa.h"
>  #include "hw/sysbus.h"
> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> index 183326d9fe..1c20b96571 100644
> --- a/include/hw/i386/pc.h
> +++ b/include/hw/i386/pc.h
> @@ -257,12 +257,6 @@ typedef struct PCII440FXState PCII440FXState;
>
>  #define TYPE_IGD_PASSTHROUGH_I440FX_PCI_DEVICE "igd-passthrough-i440FX"
>
> -/*
> - * Reset Control Register: PCI-accessible ISA-Compatible Register at
> address
> - * 0xcf9, provided by the PCI/ISA bridge (PIIX3 PCI function 0,
> 8086:7000).
> - */
> -#define RCR_IOPORT 0xcf9
> -
>  PCIBus *i440fx_init(const char *host_type, const char *pci_type,
>  PCII440FXState **pi440fx_state, int *piix_devfn,
>  ISABus **isa_bus, qemu_irq *pic,
> diff --git a/include/hw/southbridge/piix.h b/include/hw/southbridge/piix.h
> index add352456b..79ebe0089b 100644
> --- a/include/hw/southbridge/piix.h
> +++ b/include/hw/southbridge/piix.h
> @@ -18,6 +18,12 @@ I2CBus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t
> smb_io_base,
>qemu_irq sci_irq, qemu_irq smi_irq,
>int smm_enabled, DeviceState **piix4_pm);
>
> +/*
> + * Reset Control Register: PCI-accessible ISA-Compatible Register at
> address
> + * 0xcf9, provided by the PCI/ISA bridge (PIIX3 PCI function 0,
> 8086:7000).
> + */
> +#define RCR_IOPORT 0xcf9
> +
>  extern PCIDevice *piix4_dev;
>
>  DeviceState *piix4_create(PCIBus *pci_bus, ISABus **isa_bus,
> --
> 2.21.0
>
>
>

[PATCH v4] migration: Support QLIST migration

[Eric Auger]

Support QLIST migration using the same principle as QTAILQ:
94869d5c52 ("migration: migrate QTAILQ").

The VMSTATE_QLIST_V macro has the same proto as VMSTATE_QTAILQ_V.
The change mainly resides in QLIST RAW macros: QLIST_RAW_INSERT_HEAD
and QLIST_RAW_REVERSE.

Tests also are provided.

Signed-off-by: Eric Auger 

---

v3 -> v4:
- replace QLIST_RAW_INSERT_TAIL by QLIST_RAW_INSERT_HEAD and
  QLIST_RAW_REVERSE as suggested by Juan
---
 include/migration/vmstate.h |  21 ++
 include/qemu/queue.h|  40 +++
 migration/trace-events  |   5 ++
 migration/vmstate-types.c   |  70 +++
 tests/test-vmstate.c| 133 
 5 files changed, 269 insertions(+)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index b9ee563aa4..ea2f1f4749 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -225,6 +225,7 @@ extern const VMStateInfo vmstate_info_tmp;
 extern const VMStateInfo vmstate_info_bitmap;
 extern const VMStateInfo vmstate_info_qtailq;
 extern const VMStateInfo vmstate_info_gtree;
+extern const VMStateInfo vmstate_info_qlist;
 
 #define type_check_2darray(t1,t2,n,m) ((t1(*)[n][m])0 - (t2*)0)
 /*
@@ -794,6 +795,26 @@ extern const VMStateInfo vmstate_info_gtree;
 .offset   = offsetof(_state, _field),  
\
 }
 
+/*
+ * For migrating a QLIST
+ * Target QLIST needs be properly initialized.
+ * _type: type of QLIST element
+ * _next: name of QLIST_ENTRY entry field in QLIST element
+ * _vmsd: VMSD for QLIST element
+ * size: size of QLIST element
+ * start: offset of QLIST_ENTRY in QTAILQ element
+ */
+#define VMSTATE_QLIST_V(_field, _state, _version, _vmsd, _type, _next)  \
+{\
+.name = (stringify(_field)), \
+.version_id   = (_version),  \
+.vmsd = &(_vmsd),\
+.size = sizeof(_type),   \
+.info = &vmstate_info_qlist, \
+.offset   = offsetof(_state, _field),\
+.start= offsetof(_type, _next),  \
+}
+
 /* _f : field name
_f_n : num of elements field_name
_n : num of elements
diff --git a/include/qemu/queue.h b/include/qemu/queue.h
index 73bf4a984d..cd8ad4f386 100644
--- a/include/qemu/queue.h
+++ b/include/qemu/queue.h
@@ -491,4 +491,44 @@ union {
 \
 QTAILQ_RAW_TQH_CIRC(head)->tql_prev = QTAILQ_RAW_TQE_CIRC(elm, entry); 
 \
 } while (/*CONSTCOND*/0)
 
+#define QLIST_RAW_FIRST(head)  
\
+field_at_offset(head, 0, void *)
+
+#define QLIST_RAW_NEXT(elm, entry) 
\
+field_at_offset(elm, entry, void *)
+
+#define QLIST_RAW_PREVIOUS(elm, entry) 
\
+field_at_offset(elm, entry + sizeof(void *), void *)
+
+#define QLIST_RAW_FOREACH(elm, head, entry)
\
+for ((elm) = *QLIST_RAW_FIRST(head);   
\
+ (elm);
\
+ (elm) = *QLIST_RAW_NEXT(elm, entry))
+
+#define QLIST_RAW_INSERT_HEAD(head, elm, entry) do {   
\
+void *first = *QLIST_RAW_FIRST(head);  
\
+*QLIST_RAW_FIRST(head) = elm;  
\
+*QLIST_RAW_PREVIOUS(elm, entry) = head;
\
+if (first) {   
\
+*QLIST_RAW_PREVIOUS(first, entry) = first; 
\
+*QLIST_RAW_NEXT(elm, entry) = first;   
\
+} else {   
\
+*QLIST_RAW_NEXT(elm, entry) = NULL;
\
+}  
\
+} while (0)
+
+#define QLIST_RAW_REVERSE(head, elm, entry) do {   
\
+void *iter = *QLIST_RAW_FIRST(head), *prev = NULL, *next;  
\
+while (iter)   
\
+{  
\
+next = *QLIST_RAW_NEXT(iter, entry);   
\
+*QLIST_RAW_PREVIOUS(iter, entry) = next;   
\
+*QLIST_RAW_NEXT(iter, entry) = prev;   
\
+prev = iter;  

Re: [PATCH v3] migration: Support QLIST migration

[Auger Eric]

Hi Juan,

On 10/17/19 10:06 AM, Juan Quintela wrote:
> Eric Auger  wrote:
>> Support QLIST migration using the same principle as QTAILQ:
>> 94869d5c52 ("migration: migrate QTAILQ").
>>
>> The VMSTATE_QLIST_V macro has the same proto as VMSTATE_QTAILQ_V.
>> The change mainly resides in QLIST_RAW_INSERT_TAIL implementation.
>>
>> Tests also are provided.
>>
>> Signed-off-by: Eric Auger 
> 
> Hi
> 
> 
> How long are these lists normally?  I think that the INSERT_TAIL is the
> wrong approach.  If lists can be long, it is much better to just insert
> at the beggining and as last operation, reverse things, no?>
>> +#define QLIST_RAW_INSERT_TAIL(head, elm, entry) do {
>>\
>> +void *iter, *last = NULL;   
>>\
>> +*QLIST_RAW_NEXT(elm, entry) = NULL; 
>>\
>> +if (!*QLIST_RAW_FIRST(head)) {  
>>\
>> +*QLIST_RAW_FIRST(head) = elm;   
>>\
>> +*QLIST_RAW_PREVIOUS(elm, entry) = head; 
>>\
>> +break;  
>>\
>> +}   
>>\
>> +for (iter = *QLIST_RAW_FIRST(head); 
>>\
>> + iter; last = iter, iter = *QLIST_RAW_NEXT(iter, entry))
>>\
>> +{ } 
>>\
>> +*QLIST_RAW_NEXT(last, entry) = elm; 
>>\
>> +*QLIST_RAW_PREVIOUS(elm, entry) = last; 
>>\
> 
> I think that you normally want to do this two instructions in the
> reverse order, just in case (famous last words).
> 
> 
>> +static int get_qlist(QEMUFile *f, void *pv, size_t unused_size,
>> + const VMStateField *field)
>> +{
>> +int ret = 0;
>> +const VMStateDescription *vmsd = field->vmsd;
>> +/* size of a QLIST element */
>> +size_t size = field->size;
>> +/* offset of the QLIST entry in a QLIST element */
>> +size_t entry_offset = field->start;
>> +int version_id = field->version_id;
>> +void *elm;
>> +
>> +trace_get_qlist(field->name, vmsd->name, vmsd->version_id);
>> +if (version_id > vmsd->version_id) {
>> +error_report("%s %s",  vmsd->name, "too new");
>> +return -EINVAL;
>> +}
>> +if (version_id < vmsd->minimum_version_id) {
>> +error_report("%s %s",  vmsd->name, "too old");
>> +return -EINVAL;
>> +}
>> +
>> +while (qemu_get_byte(f)) {
>> +elm = g_malloc(size);
>> +ret = vmstate_load_state(f, vmsd, elm, version_id);
>> +if (ret) {
>> +error_report("%s: failed to load %s (%d)", field->name,
>> + vmsd->name, ret);
>> +g_free(elm);
>> +return ret;
>> +}
>> +QLIST_RAW_INSERT_TAIL(pv, elm, entry_offset);
> 
> Here we insert at the beggining.
> 
>> +}
> 
> Here we reverse?
> 
> We move from O(n^2) to O(2n), much better, no?
> As said, except if the lists are normally very short.

Yes I agree with you. I derived the QTAILQ code without much thinking
about perf. Also in my case I expect the list to be short.

But as we want this code to be useful for other cases, I rewrote as you
suggested.

Thank you for your review.

Eric

> 
> 
> The rest of the patch looks ok to me.
> 
> Later, Juan.
> 

Re: [PATCH 27/32] hw/pci-host/piix: Define and use the PIIX IRQ Route Control Registers

[Aleksandar Markovic]

On Tuesday, October 15, 2019, Philippe Mathieu-Daudé 
wrote:

> The IRQ Route Control registers definitions belong to the PIIX
> chipset. We were only defining the 'A' register. Define the other
> B, C and D registers, and use them.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/i386/xen/xen-hvm.c | 5 +++--
>  hw/mips/gt64xxx_pci.c | 4 ++--
>  hw/pci-host/piix.c| 9 -
>  include/hw/southbridge/piix.h | 6 ++
>  4 files changed, 15 insertions(+), 9 deletions(-)
>
>
The register from the patch 27/32 doesn't have prefix and the registers
ftom this patch do - inconsistency?

In any case:

Reviewed-by: Aleksandar Markovic 



> diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c
> index 6b5e5bb7f5..4ce2fb9c89 100644
> --- a/hw/i386/xen/xen-hvm.c
> +++ b/hw/i386/xen/xen-hvm.c
> @@ -14,6 +14,7 @@
>  #include "hw/pci/pci.h"
>  #include "hw/pci/pci_host.h"
>  #include "hw/i386/pc.h"
> +#include "hw/southbridge/piix.h"
>  #include "hw/irq.h"
>  #include "hw/hw.h"
>  #include "hw/i386/apic-msidef.h"
> @@ -156,8 +157,8 @@ void xen_piix_pci_write_config_client(uint32_t
> address, uint32_t val, int len)
>  v = 0;
>  }
>  v &= 0xf;
> -if (((address + i) >= 0x60) && ((address + i) <= 0x63)) {
> -xen_set_pci_link_route(xen_domid, address + i - 0x60, v);
> +if (((address + i) >= PIIX_PIRQCA) && ((address + i) <=
> PIIX_PIRQCD)) {
> +xen_set_pci_link_route(xen_domid, address + i - PIIX_PIRQCA,
> v);
>  }
>  }
>  }
> diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
> index c277398c0d..5cab9c1ee1 100644
> --- a/hw/mips/gt64xxx_pci.c
> +++ b/hw/mips/gt64xxx_pci.c
> @@ -1013,12 +1013,12 @@ static void gt64120_pci_set_irq(void *opaque, int
> irq_num, int level)
>
>  /* now we change the pic irq level according to the piix irq mappings
> */
>  /* XXX: optimize */
> -pic_irq = piix4_dev->config[0x60 + irq_num];
> +pic_irq = piix4_dev->config[PIIX_PIRQCA + irq_num];
>  if (pic_irq < 16) {
>  /* The pic level is the logical OR of all the PCI irqs mapped to
> it. */
>  pic_level = 0;
>  for (i = 0; i < 4; i++) {
> -if (pic_irq == piix4_dev->config[0x60 + i]) {
> +if (pic_irq == piix4_dev->config[PIIX_PIRQCA + i]) {
>  pic_level |= pci_irq_levels[i];
>  }
>  }
> diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
> index 3770575c1a..a450fc726e 100644
> --- a/hw/pci-host/piix.c
> +++ b/hw/pci-host/piix.c
> @@ -61,7 +61,6 @@ typedef struct I440FXState {
>  #define PIIX_NUM_PIC_IRQS   16  /* i8259 * 2 */
>  #define PIIX_NUM_PIRQS  4ULL/* PIRQ[A-D] */
>  #define XEN_PIIX_NUM_PIRQS  128ULL
> -#define PIIX_PIRQC  0x60
>
>  typedef struct PIIX3State {
>  PCIDevice dev;
> @@ -468,7 +467,7 @@ static void piix3_set_irq_level_internal(PIIX3State
> *piix3, int pirq, int level)
>  int pic_irq;
>  uint64_t mask;
>
> -pic_irq = piix3->dev.config[PIIX_PIRQC + pirq];
> +pic_irq = piix3->dev.config[PIIX_PIRQCA + pirq];
>  if (pic_irq >= PIIX_NUM_PIC_IRQS) {
>  return;
>  }
> @@ -482,7 +481,7 @@ static void piix3_set_irq_level(PIIX3State *piix3, int
> pirq, int level)
>  {
>  int pic_irq;
>
> -pic_irq = piix3->dev.config[PIIX_PIRQC + pirq];
> +pic_irq = piix3->dev.config[PIIX_PIRQCA + pirq];
>  if (pic_irq >= PIIX_NUM_PIC_IRQS) {
>  return;
>  }
> @@ -501,7 +500,7 @@ static void piix3_set_irq(void *opaque, int pirq, int
> level)
>  static PCIINTxRoute piix3_route_intx_pin_to_irq(void *opaque, int pin)
>  {
>  PIIX3State *piix3 = opaque;
> -int irq = piix3->dev.config[PIIX_PIRQC + pin];
> +int irq = piix3->dev.config[PIIX_PIRQCA + pin];
>  PCIINTxRoute route;
>
>  if (irq < PIIX_NUM_PIC_IRQS) {
> @@ -530,7 +529,7 @@ static void piix3_write_config(PCIDevice *dev,
> uint32_t address, uint32_t val, int len)
>  {
>  pci_default_write_config(dev, address, val, len);
> -if (ranges_overlap(address, len, PIIX_PIRQC, 4)) {
> +if (ranges_overlap(address, len, PIIX_PIRQCA, 4)) {
>  PIIX3State *piix3 = PIIX3_PCI_DEVICE(dev);
>  int pic_irq;
>
> diff --git a/include/hw/southbridge/piix.h b/include/hw/southbridge/piix.h
> index 79ebe0089b..9c92c37a4d 100644
> --- a/include/hw/southbridge/piix.h
> +++ b/include/hw/southbridge/piix.h
> @@ -18,6 +18,12 @@ I2CBus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t
> smb_io_base,
>qemu_irq sci_irq, qemu_irq smi_irq,
>int smm_enabled, DeviceState **piix4_pm);
>
> +/* PIRQRC[A:D]: PIRQx Route Control Registers */
> +#define PIIX_PIRQCA 0x60
> +#define PIIX_PIRQCB 0x61
> +#define PIIX_PIRQCC 0x62
> +#define PIIX_PIRQCD 0x63
> +
>  /*
>   * Reset Control Register: PCI-accessible ISA-Compatible Register at
> address
>   * 0xcf9, provided by the PCI/ISA bridge (PIIX3

Re: [PATCH v7 1/2] docs: improve qcow2 spec about extending image header

[Vladimir Sementsov-Ogievskiy]

18.10.2019 11:29, Vladimir Sementsov-Ogievskiy wrote:
> 08.10.2019 12:05, Vladimir Sementsov-Ogievskiy wrote:
>> 07.10.2019 23:21, Eric Blake wrote:
>>> On 10/7/19 11:04 AM, Vladimir Sementsov-Ogievskiy wrote:
 Make it more obvious how to add new fields to the version 3 header and
 how to interpret them.

 Signed-off-by: Vladimir Sementsov-Ogievskiy 
 ---
   docs/interop/qcow2.txt | 26 +++---
   1 file changed, 23 insertions(+), 3 deletions(-)

 diff --git a/docs/interop/qcow2.txt b/docs/interop/qcow2.txt
 index af5711e533..3f2855593f 100644
 --- a/docs/interop/qcow2.txt
 +++ b/docs/interop/qcow2.txt
 @@ -79,9 +79,9 @@ The first cluster of a qcow2 image contains the file 
 header:
   Offset into the image file at which the snapshot 
 table
   starts. Must be aligned to a cluster boundary.
 -If the version is 3 or higher, the header has the following additional 
 fields.
 -For version 2, the values are assumed to be zero, unless specified 
 otherwise
 -in the description of a field.
 +For version 2, header is always 72 bytes length and finishes here.
 +For version 3 or higher the header length is at least 104 bytes and has at
 +least next five fields, up to the @header_length field.
>>>
>>> This hunk seems okay.
>>>
    72 -  79:  incompatible_features
   Bitmask of incompatible features. An implementation 
 must
 @@ -165,6 +165,26 @@ in the description of a field.
   Length of the header structure in bytes. For version 
 2
   images, the length is always assumed to be 72 bytes.
 +Additional fields (version 3 and higher)
 +
 +The following fields of the header are optional: if software don't know 
 how to
 +interpret the field, it may safely ignore it. Still the field must be 
 kept as is
 +when rewriting the image.
>>>
>>> if software doesn't know how to interpret the field, it may be safely 
>>> ignored, other than preserving the field unchanged when rewriting the image 
>>> header.
>>>
>>> Missing:
>>>
>>> If header_length excludes an optional field, the value of 0 should be used 
>>> for that field.
>>
>> This is what I dislike in old wording. Why do we need this default-zero 
>> thing[*]? What is the default?
>>
>> Default is absence of the feature, we don't have these future features now 
>> and don't care of them.
>> What is this default 0 for us now? Nothing.
>>
>> Consider some future version: if it sees that header_length excludes some 
>> fields, it understands,
>> that there is no such feature here. That's all. Work without it. The feature 
>> itself should declare
>> behavior without this feature, which should correspond to behavior before 
>> this feature introduction..
>>
>> So at least, I don't like "the value of 0 should be used for that field", as 
>> instances of Qemu which
>> don't know about the feature will ignore this requirement, as they don't 
>> need any value of that
>> field at all.
>>
>> What you actually mean, IMHO, is: for all optional field 0 value must be 
>> equal to absence of the feature,
>> like when header_length excludes this field. I don't see, do we really need 
>> this requirement, but
>> seems it was mentioned before this patch and we'd better keep it.. I just 
>> don't like concept of
>> "default" value keeping in mind valid Qemu instances which don't know about 
>> field at all.
>>
>>>
 @header_length must be bound to the end of one of
 +these fields (or to @header_length field end itself, to be 104 bytes).
>>>
>>> We don't use the @header_length markup anywhere else in this file, starting 
>>> to do so here is odd.
>>>
>>> I would suggest a stronger requirement:
>>>
>>> header_length must be a multiple of 4, and must not land in the middle of 
>>> any optional 8-byte field.
>>>
>>> Or maybe even add our compression type extension with 4 bytes of padding, 
>>> so that we could go even stronger:
>>>
>>> header_length must be a multiple of 8.
>>
>> Hmm, if we imply that software will have to add some padding, than 
>> requirement above about zero === feature-absence
>> becomes necessary. [*]
>>
>> Still I have two questions:
>> 1. Do we really need all fields to be 4 or 8 bytes? Why not use 1 byte for 
>> compression?
>> 2. What is the benefit of padding, which you propose?
> 
> Hmm, now I think, that we should align header to multiply of 8, as header 
> extensions are already have
> """
> Directly after the image header, optional sections called header extensions 
> can
> be stored. Each extension has a structure like the following:
> 
> [...]
> 
>    n -  m:   Padding to round up the header extension size to the next
>      multiple of 8.
> """
> 
> So, it looks inconsistent, if we pad all header extensions to  8 bytes except 
> for the start of the fir

Re: [PATCH 28/32] hw/pci-host/piix: Move i440FX declarations to hw/pci-host/i440fx.h

[Aleksandar Markovic]

On Tuesday, October 15, 2019, Philippe Mathieu-Daudé 
wrote:

> From: Philippe Mathieu-Daudé 
>
> The hw/pci-host/piix.c contains a mix of PIIX3 and i440FX chipsets
> functions. To be able to split it, we need to export some
> declarations first.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  MAINTAINERS  |  1 +
>  hw/acpi/pcihp.c  |  2 +-
>  hw/i386/pc_piix.c|  1 +
>  hw/pci-host/piix.c   |  1 +
>  include/hw/i386/pc.h | 22 -
>  include/hw/pci-host/i440fx.h | 37 
>  stubs/pci-host-piix.c|  3 ++-
>  7 files changed, 43 insertions(+), 24 deletions(-)
>  create mode 100644 include/hw/pci-host/i440fx.h
>
>
Reviewed-by: Aleksandar Markovic 



> diff --git a/MAINTAINERS b/MAINTAINERS
> index 556f58bd8c..adf059a164 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1228,6 +1228,7 @@ F: hw/i386/
>  F: hw/pci-host/piix.c
>  F: hw/pci-host/q35.c
>  F: hw/pci-host/pam.c
> +F: include/hw/pci-host/i440fx.h
>  F: include/hw/pci-host/q35.h
>  F: include/hw/pci-host/pam.h
>  F: hw/isa/lpc_ich9.c
> diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
> index 82d295b6e8..8413348a33 100644
> --- a/hw/acpi/pcihp.c
> +++ b/hw/acpi/pcihp.c
> @@ -27,7 +27,7 @@
>  #include "qemu/osdep.h"
>  #include "hw/acpi/pcihp.h"
>
> -#include "hw/i386/pc.h"
> +#include "hw/pci-host/i440fx.h"
>  #include "hw/pci/pci.h"
>  #include "hw/pci/pci_bridge.h"
>  #include "hw/acpi/acpi.h"
> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> index 5b35ff04c7..8ac4bf12ca 100644
> --- a/hw/i386/pc_piix.c
> +++ b/hw/i386/pc_piix.c
> @@ -29,6 +29,7 @@
>  #include "hw/loader.h"
>  #include "hw/i386/pc.h"
>  #include "hw/i386/apic.h"
> +#include "hw/pci-host/i440fx.h"
>  #include "hw/southbridge/piix.h"
>  #include "hw/display/ramfb.h"
>  #include "hw/firmware/smbios.h"
> diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
> index a450fc726e..0b5da5bc94 100644
> --- a/hw/pci-host/piix.c
> +++ b/hw/pci-host/piix.c
> @@ -27,6 +27,7 @@
>  #include "hw/irq.h"
>  #include "hw/pci/pci.h"
>  #include "hw/pci/pci_host.h"
> +#include "hw/pci-host/i440fx.h"
>  #include "hw/southbridge/piix.h"
>  #include "hw/qdev-properties.h"
>  #include "hw/isa/isa.h"
> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> index 1c20b96571..cead2828de 100644
> --- a/include/hw/i386/pc.h
> +++ b/include/hw/i386/pc.h
> @@ -248,28 +248,6 @@ int cmos_get_fd_drive_type(FloppyDriveType fd0);
>  /* hpet.c */
>  extern int no_hpet;
>
> -/* piix_pci.c */
> -struct PCII440FXState;
> -typedef struct PCII440FXState PCII440FXState;
> -
> -#define TYPE_I440FX_PCI_HOST_BRIDGE "i440FX-pcihost"
> -#define TYPE_I440FX_PCI_DEVICE "i440FX"
> -
> -#define TYPE_IGD_PASSTHROUGH_I440FX_PCI_DEVICE "igd-passthrough-i440FX"
> -
> -PCIBus *i440fx_init(const char *host_type, const char *pci_type,
> -PCII440FXState **pi440fx_state, int *piix_devfn,
> -ISABus **isa_bus, qemu_irq *pic,
> -MemoryRegion *address_space_mem,
> -MemoryRegion *address_space_io,
> -ram_addr_t ram_size,
> -ram_addr_t below_4g_mem_size,
> -ram_addr_t above_4g_mem_size,
> -MemoryRegion *pci_memory,
> -MemoryRegion *ram_memory);
> -
> -PCIBus *find_i440fx(void);
> -
>  /* pc_sysfw.c */
>  void pc_system_flash_create(PCMachineState *pcms);
>  void pc_system_firmware_init(PCMachineState *pcms, MemoryRegion
> *rom_memory);
> diff --git a/include/hw/pci-host/i440fx.h b/include/hw/pci-host/i440fx.h
> new file mode 100644
> index 00..e327f9bf87
> --- /dev/null
> +++ b/include/hw/pci-host/i440fx.h
> @@ -0,0 +1,37 @@
> +/*
> + * QEMU i440FX North Bridge Emulation
> + *
> + * Copyright (c) 2006 Fabrice Bellard
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> later.
> + * See the COPYING file in the top-level directory.
> + *
> + */
> +
> +#ifndef HW_PCI_I440FX_H
> +#define HW_PCI_I440FX_H
> +
> +#include "hw/hw.h"
> +#include "hw/pci/pci_bus.h"
> +
> +typedef struct PCII440FXState PCII440FXState;
> +
> +#define TYPE_I440FX_PCI_HOST_BRIDGE "i440FX-pcihost"
> +#define TYPE_I440FX_PCI_DEVICE "i440FX"
> +
> +#define TYPE_IGD_PASSTHROUGH_I440FX_PCI_DEVICE "igd-passthrough-i440FX"
> +
> +PCIBus *i440fx_init(const char *host_type, const char *pci_type,
> +PCII440FXState **pi440fx_state, int *piix_devfn,
> +ISABus **isa_bus, qemu_irq *pic,
> +MemoryRegion *address_space_mem,
> +MemoryRegion *address_space_io,
> +ram_addr_t ram_size,
> +ram_addr_t below_4g_mem_size,
> +ram_addr_t above_4g_mem_size,
> +MemoryRegion *pci_memory,
> +MemoryRegion *ram_memory);
> +
> +PCIBus *find_i440fx(void);
> +
> +#endif
> diff --git a/stubs/pci-host-piix

Re: [PATCH 29/32] hw/pci-host/piix: Fix code style issues

[Aleksandar Markovic]

On Tuesday, October 15, 2019, Philippe Mathieu-Daudé 
wrote:

> We will move this code, fix its style first.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/pci-host/piix.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
>
Reviewed-by: Aleksandar Markovic 


> diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
> index 0b5da5bc94..61f91ff561 100644
> --- a/hw/pci-host/piix.c
> +++ b/hw/pci-host/piix.c
> @@ -133,9 +133,10 @@ static PCIINTxRoute piix3_route_intx_pin_to_irq(void
> *opaque, int pci_intx);
>  static void piix3_write_config_xen(PCIDevice *dev,
> uint32_t address, uint32_t val, int len);
>
> -/* return the global irq number corresponding to a given device irq
> -   pin. We could also use the bus number to have a more precise
> -   mapping. */
> +/*
> + * Return the global irq number corresponding to a given device irq
> + * pin. We could also use the bus number to have a more precise mapping.
> + */
>  static int pci_slot_get_pirq(PCIDevice *pci_dev, int pci_intx)
>  {
>  int slot_addend;
> --
> 2.21.0
>
>
>

Re: [PATCH 2/2] spapr/xive: Set the OS CAM line at reset

[David Gibson]

On Thu, Oct 17, 2019 at 04:42:41PM +0200, Cédric Le Goater wrote:
> When a Virtual Processor is scheduled to run on a HW thread, the
> hypervisor pushes its identifier in the OS CAM line. When running in
> TCG or kernel_irqchip=off, QEMU needs to emulate the same behavior.
> 
> Introduce a 'os-cam' property which will be used to set the OS CAM
> line at reset and remove the spapr_xive_set_tctx_os_cam() calls which
> are done when the XIVE interrupt controller are activated.

I'm not immediately seeing the advantage of doing this via a property,
rather than poking it from the PAPR code which already knows the right
values.

Also, let me check my understanding:
  IIUC, on powernv the OS (running in HV mode) can alter the OS CAM
  lines for itself and/or its guests, but for pseries they're fixed in
  place.  Is that right?

> This change also has the benefit to remove the use of CPU_FOREACH()
> which can be unsafe.
> 
> Signed-off-by: Cédric Le Goater 
> ---
>  include/hw/ppc/spapr_xive.h |  1 -
>  include/hw/ppc/xive.h   |  4 +++-
>  hw/intc/spapr_xive.c| 31 +--
>  hw/intc/xive.c  | 22 +-
>  hw/ppc/pnv.c|  3 ++-
>  5 files changed, 31 insertions(+), 30 deletions(-)
> 
> diff --git a/include/hw/ppc/spapr_xive.h b/include/hw/ppc/spapr_xive.h
> index d84bd5c229f0..742b7e834f2a 100644
> --- a/include/hw/ppc/spapr_xive.h
> +++ b/include/hw/ppc/spapr_xive.h
> @@ -57,7 +57,6 @@ typedef struct SpaprXive {
>  void spapr_xive_pic_print_info(SpaprXive *xive, Monitor *mon);
>  
>  void spapr_xive_hcall_init(SpaprMachineState *spapr);
> -void spapr_xive_set_tctx_os_cam(XiveTCTX *tctx);
>  void spapr_xive_mmio_set_enabled(SpaprXive *xive, bool enable);
>  void spapr_xive_map_mmio(SpaprXive *xive);
>  
> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
> index 99381639f50c..e273069c25a9 100644
> --- a/include/hw/ppc/xive.h
> +++ b/include/hw/ppc/xive.h
> @@ -319,6 +319,7 @@ typedef struct XiveTCTX {
>  qemu_irqos_output;
>  
>  uint8_t regs[XIVE_TM_RING_COUNT * XIVE_TM_RING_SIZE];
> +uint32_tos_cam;
>  } XiveTCTX;
>  
>  /*
> @@ -414,7 +415,8 @@ void xive_tctx_tm_write(XiveTCTX *tctx, hwaddr offset, 
> uint64_t value,
>  uint64_t xive_tctx_tm_read(XiveTCTX *tctx, hwaddr offset, unsigned size);
>  
>  void xive_tctx_pic_print_info(XiveTCTX *tctx, Monitor *mon);
> -Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp);
> +Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, uint32_t os_cam,
> + Error **errp);
>  void xive_tctx_reset(XiveTCTX *tctx);
>  
>  static inline uint32_t xive_nvt_cam_line(uint8_t nvt_blk, uint32_t nvt_idx)
> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
> index 0c3acf1a4192..71f138512a1c 100644
> --- a/hw/intc/spapr_xive.c
> +++ b/hw/intc/spapr_xive.c
> @@ -205,21 +205,13 @@ void spapr_xive_mmio_set_enabled(SpaprXive *xive, bool 
> enable)
>  memory_region_set_enabled(&xive->end_source.esb_mmio, false);
>  }
>  
> -/*
> - * When a Virtual Processor is scheduled to run on a HW thread, the
> - * hypervisor pushes its identifier in the OS CAM line. Emulate the
> - * same behavior under QEMU.
> - */
> -void spapr_xive_set_tctx_os_cam(XiveTCTX *tctx)
> +static uint32_t spapr_xive_get_os_cam(PowerPCCPU *cpu)
>  {
>  uint8_t  nvt_blk;
>  uint32_t nvt_idx;
> -uint32_t nvt_cam;
> -
> -spapr_xive_cpu_to_nvt(POWERPC_CPU(tctx->cs), &nvt_blk, &nvt_idx);
>  
> -nvt_cam = cpu_to_be32(TM_QW1W2_VO | xive_nvt_cam_line(nvt_blk, nvt_idx));
> -memcpy(&tctx->regs[TM_QW1_OS + TM_WORD2], &nvt_cam, 4);
> +spapr_xive_cpu_to_nvt(cpu, &nvt_blk, &nvt_idx);
> +return xive_nvt_cam_line(nvt_blk, nvt_idx);
>  }
>  
>  static void spapr_xive_end_reset(XiveEND *end)
> @@ -537,19 +529,14 @@ static int 
> spapr_xive_cpu_intc_create(SpaprInterruptController *intc,
>  SpaprXive *xive = SPAPR_XIVE(intc);
>  Object *obj;
>  SpaprCpuState *spapr_cpu = spapr_cpu_state(cpu);
> +uint32_t os_cam = spapr_xive_get_os_cam(cpu);
>  
> -obj = xive_tctx_create(OBJECT(cpu), XIVE_ROUTER(xive), errp);
> +obj = xive_tctx_create(OBJECT(cpu), XIVE_ROUTER(xive), os_cam, errp);
>  if (!obj) {
>  return -1;
>  }
>  
>  spapr_cpu->tctx = XIVE_TCTX(obj);
> -
> -/*
> - * (TCG) Early setting the OS CAM line for hotplugged CPUs as they
> - * don't beneficiate from the reset of the XIVE IRQ backend
> - */
> -spapr_xive_set_tctx_os_cam(spapr_cpu->tctx);
>  return 0;
>  }
>  
> @@ -650,14 +637,6 @@ static void spapr_xive_dt(SpaprInterruptController 
> *intc, uint32_t nr_servers,
>  static int spapr_xive_activate(SpaprInterruptController *intc, Error **errp)
>  {
>  SpaprXive *xive = SPAPR_XIVE(intc);
> -CPUState *cs;
> -
> -CPU_FOREACH(cs) {
> -PowerPCCPU *cpu = POWERPC_CPU(cs);
> -
> -/* (TCG) Set the OS CAM line of the thread interrupt context. */
> -spapr

Re: [PATCH 1/2] spapr: Introduce a interrupt presenter reset handler

[David Gibson]

On Thu, Oct 17, 2019 at 04:42:40PM +0200, Cédric Le Goater wrote:
> The interrupt presenters are not reseted today.

I don't think that's accurate.  We register reset handlers for both
ICP and TCTX already.  We might not be resetting in quite the right
order, but this will need a clearer description of what's changing.

Also, with this patch as is, I think we'll reset twice (once from the
registered handler, once via the cpu).

> Extend the sPAPR IRQ
> backend with a new cpu_intc_reset() handler which will be called by
> the CPU reset handler.
> 
> spapr_realize_vcpu() is modified to call the CPU reset only after the
> the intc presenter has been created.
> 
> Signed-off-by: Cédric Le Goater 
> ---
>  include/hw/ppc/spapr_irq.h |  4 
>  include/hw/ppc/xics.h  |  1 +
>  include/hw/ppc/xive.h  |  1 +
>  hw/intc/spapr_xive.c   |  8 
>  hw/intc/xics.c |  5 +
>  hw/intc/xics_spapr.c   |  8 
>  hw/intc/xive.c | 11 ---
>  hw/ppc/spapr_cpu_core.c|  8 ++--
>  hw/ppc/spapr_irq.c | 21 +
>  9 files changed, 62 insertions(+), 5 deletions(-)
> 
> diff --git a/include/hw/ppc/spapr_irq.h b/include/hw/ppc/spapr_irq.h
> index 5e150a667902..78327496c102 100644
> --- a/include/hw/ppc/spapr_irq.h
> +++ b/include/hw/ppc/spapr_irq.h
> @@ -52,6 +52,8 @@ typedef struct SpaprInterruptControllerClass {
>   */
>  int (*cpu_intc_create)(SpaprInterruptController *intc,
>  PowerPCCPU *cpu, Error **errp);
> +int (*cpu_intc_reset)(SpaprInterruptController *intc, PowerPCCPU *cpu,
> +  Error **errp);
>  int (*claim_irq)(SpaprInterruptController *intc, int irq, bool lsi,
>   Error **errp);
>  void (*free_irq)(SpaprInterruptController *intc, int irq);
> @@ -68,6 +70,8 @@ void spapr_irq_update_active_intc(SpaprMachineState *spapr);
>  
>  int spapr_irq_cpu_intc_create(SpaprMachineState *spapr,
>PowerPCCPU *cpu, Error **errp);
> +int spapr_irq_cpu_intc_reset(SpaprMachineState *spapr,
> + PowerPCCPU *cpu, Error **errp);
>  void spapr_irq_print_info(SpaprMachineState *spapr, Monitor *mon);
>  void spapr_irq_dt(SpaprMachineState *spapr, uint32_t nr_servers,
>void *fdt, uint32_t phandle);
> diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
> index 1e6a9300eb2b..602173c12250 100644
> --- a/include/hw/ppc/xics.h
> +++ b/include/hw/ppc/xics.h
> @@ -161,6 +161,7 @@ void icp_set_mfrr(ICPState *icp, uint8_t mfrr);
>  uint32_t icp_accept(ICPState *ss);
>  uint32_t icp_ipoll(ICPState *ss, uint32_t *mfrr);
>  void icp_eoi(ICPState *icp, uint32_t xirr);
> +void icp_reset(ICPState *icp);
>  
>  void ics_write_xive(ICSState *ics, int nr, int server,
>  uint8_t priority, uint8_t saved_priority);
> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
> index fd3319bd3202..99381639f50c 100644
> --- a/include/hw/ppc/xive.h
> +++ b/include/hw/ppc/xive.h
> @@ -415,6 +415,7 @@ uint64_t xive_tctx_tm_read(XiveTCTX *tctx, hwaddr offset, 
> unsigned size);
>  
>  void xive_tctx_pic_print_info(XiveTCTX *tctx, Monitor *mon);
>  Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp);
> +void xive_tctx_reset(XiveTCTX *tctx);
>  
>  static inline uint32_t xive_nvt_cam_line(uint8_t nvt_blk, uint32_t nvt_idx)
>  {
> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
> index ba32d2cc5b0f..0c3acf1a4192 100644
> --- a/hw/intc/spapr_xive.c
> +++ b/hw/intc/spapr_xive.c
> @@ -553,6 +553,13 @@ static int 
> spapr_xive_cpu_intc_create(SpaprInterruptController *intc,
>  return 0;
>  }
>  
> +static int spapr_xive_cpu_intc_reset(SpaprInterruptController *intc,
> + PowerPCCPU *cpu, Error **errp)
> +{
> +xive_tctx_reset(spapr_cpu_state(cpu)->tctx);
> +return 0;
> +}
> +
>  static void spapr_xive_set_irq(SpaprInterruptController *intc, int irq, int 
> val)
>  {
>  SpaprXive *xive = SPAPR_XIVE(intc);
> @@ -697,6 +704,7 @@ static void spapr_xive_class_init(ObjectClass *klass, 
> void *data)
>  sicc->activate = spapr_xive_activate;
>  sicc->deactivate = spapr_xive_deactivate;
>  sicc->cpu_intc_create = spapr_xive_cpu_intc_create;
> +sicc->cpu_intc_reset = spapr_xive_cpu_intc_reset;
>  sicc->claim_irq = spapr_xive_claim_irq;
>  sicc->free_irq = spapr_xive_free_irq;
>  sicc->set_irq = spapr_xive_set_irq;
> diff --git a/hw/intc/xics.c b/hw/intc/xics.c
> index b5ac408f7b74..652771d6a5a5 100644
> --- a/hw/intc/xics.c
> +++ b/hw/intc/xics.c
> @@ -295,6 +295,11 @@ static void icp_reset_handler(void *dev)
>  }
>  }
>  
> +void icp_reset(ICPState *icp)
> +{
> +icp_reset_handler(icp);
> +}
> +
>  static void icp_realize(DeviceState *dev, Error **errp)
>  {
>  ICPState *icp = ICP(dev);
> diff --git a/hw/intc/xics_spapr.c b/hw/intc/xics_spapr.c
> index 4f64b9a9fc66..c0b2a576effe 100644

Re: [Qemu-devel] [PATCH v2 3/4] trace: forbid use of %m in trace event format strings

[Thomas Huth]

On 22/01/2019 19.10, Eric Blake wrote:
> On 1/22/19 11:23 AM, Daniel P. Berrangé wrote:
> 
>>
 On this point though, does anyone know of any platforms we support[1],
 or are likely to support in future, where 'strerror' is *not* thread
 safe ?
>>>
>>> I'm not coming up with one, and I think the problem is independent of
>>> this series (if we DO have a problem, it's a series all its own to
>>> eradicate the use of strerror() in favor of something safer, either
>>> picking strerror_l() or dealing with the glibc vs. BSD differences in
>>> strerror_r()).
>>
>> Agree that its not really something for this series - this just
>> made me think of it again.
> 
> Shoot - FreeBSD strerror() is not threadsafe:
> https://github.com/freebsd/freebsd/blob/master/lib/libc/string/strerror.c#L119
> 
> char *
> strerror(int num)
> {
>   static char ebuf[NL_TEXTMAX];
> 
>   if (strerror_r(num, ebuf, sizeof(ebuf)) != 0)
>   errno = EINVAL;
>   return (ebuf);
> }
> 
>>
>> We went through the scrubbing in libvirt to use the sane, but still
>> tedious to call, variant of strerror_r() many years ago. With luck
>> though it is a worry that can be confined the dustbin of ancient
>> UNIX historyunless someone can point to evidence to the contrary ?
> 
> libvirt has it easy - they let gnulib do all the work of futzing around
> with getting a working strerror() despite platform bugs and despite
> glibc's insistence on a non-POSIX signature if _GNU_SOURCE is defined.
> We'll have to do a bit more legwork.
> 
> That said, I've added it to:
> https://wiki.qemu.org/Contribute/BiteSizedTasks#Error_checking
> 
> if someone wants to do the grunt work.

I think we should change that task to switch to g_strerror() from glib
instead ... as far as I can see, this is a proper wrapper around
strerror_r(), so we don't have to deal with the implementation oddities
of strerror_r() in QEMU.

 Thomas



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 3/4] trace: forbid use of %m in trace event format strings

[Daniel P . Berrangé]

On Fri, Oct 18, 2019 at 11:31:15AM +0200, Thomas Huth wrote:
> On 22/01/2019 19.10, Eric Blake wrote:
> > On 1/22/19 11:23 AM, Daniel P. Berrangé wrote:
> > 
> >>
>  On this point though, does anyone know of any platforms we support[1],
>  or are likely to support in future, where 'strerror' is *not* thread
>  safe ?
> >>>
> >>> I'm not coming up with one, and I think the problem is independent of
> >>> this series (if we DO have a problem, it's a series all its own to
> >>> eradicate the use of strerror() in favor of something safer, either
> >>> picking strerror_l() or dealing with the glibc vs. BSD differences in
> >>> strerror_r()).
> >>
> >> Agree that its not really something for this series - this just
> >> made me think of it again.
> > 
> > Shoot - FreeBSD strerror() is not threadsafe:
> > https://github.com/freebsd/freebsd/blob/master/lib/libc/string/strerror.c#L119
> > 
> > char *
> > strerror(int num)
> > {
> > static char ebuf[NL_TEXTMAX];
> > 
> > if (strerror_r(num, ebuf, sizeof(ebuf)) != 0)
> > errno = EINVAL;
> > return (ebuf);
> > }
> > 
> >>
> >> We went through the scrubbing in libvirt to use the sane, but still
> >> tedious to call, variant of strerror_r() many years ago. With luck
> >> though it is a worry that can be confined the dustbin of ancient
> >> UNIX historyunless someone can point to evidence to the contrary ?
> > 
> > libvirt has it easy - they let gnulib do all the work of futzing around
> > with getting a working strerror() despite platform bugs and despite
> > glibc's insistence on a non-POSIX signature if _GNU_SOURCE is defined.
> > We'll have to do a bit more legwork.
> > 
> > That said, I've added it to:
> > https://wiki.qemu.org/Contribute/BiteSizedTasks#Error_checking
> > 
> > if someone wants to do the grunt work.
> 
> I think we should change that task to switch to g_strerror() from glib
> instead ... as far as I can see, this is a proper wrapper around
> strerror_r(), so we don't have to deal with the implementation oddities
> of strerror_r() in QEMU.

Yeah, I think using g_strerror() makes sense. We've just adopted that
in libvirt precisely to avoid these platform portability oddities and
the really unpleasant API calling convention of strerror_r().


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH 30/32] hw/pci-host/piix: Extract PIIX3 functions to hw/isa/piix3.c

[Aleksandar Markovic]

On Tuesday, October 15, 2019, Philippe Mathieu-Daudé 
wrote:

> From: Philippe Mathieu-Daudé 
>
> Move all the PIIX3 functions to a new file: hw/isa/piix3.c.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> Checkpatch warning:
>
>  ERROR: spaces required around that '*' (ctx:VxV)
>  #312: FILE: hw/isa/piix3.c:248:
>  +.subsections = (const VMStateDescription*[]) {
>   ^
> ---
>  MAINTAINERS   |   1 +
>  hw/i386/Kconfig   |   1 +
>  hw/isa/Kconfig|   4 +
>  hw/isa/Makefile.objs  |   1 +
>  hw/isa/piix3.c| 399 +
>  hw/pci-host/Kconfig   |   1 -
>  hw/pci-host/piix.c| 402 --
>  include/hw/southbridge/piix.h |  36 +++
>  8 files changed, 442 insertions(+), 403 deletions(-)
>  create mode 100644 hw/isa/piix3.c
>
>

Reviewed-by: Aleksandar Markovic 


> diff --git a/MAINTAINERS b/MAINTAINERS
> index adf059a164..4845f47d93 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1231,6 +1231,7 @@ F: hw/pci-host/pam.c
>  F: include/hw/pci-host/i440fx.h
>  F: include/hw/pci-host/q35.h
>  F: include/hw/pci-host/pam.h
> +F: hw/isa/piix3.c
>  F: hw/isa/lpc_ich9.c
>  F: hw/i2c/smbus_ich9.c
>  F: hw/acpi/piix4.c
> diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
> index c5c9d4900e..589d75e26a 100644
> --- a/hw/i386/Kconfig
> +++ b/hw/i386/Kconfig
> @@ -61,6 +61,7 @@ config I440FX
>  select PC_ACPI
>  select ACPI_SMBUS
>  select PCI_PIIX
> +select PIIX3
>  select IDE_PIIX
>  select DIMM
>  select SMBIOS
> diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig
> index 98a289957e..8a38813cc1 100644
> --- a/hw/isa/Kconfig
> +++ b/hw/isa/Kconfig
> @@ -29,6 +29,10 @@ config PC87312
>  select FDC
>  select IDE_ISA
>
> +config PIIX3
> +bool
> +select ISA_BUS
> +
>  config PIIX4
>  bool
>  # For historical reasons, SuperIO devices are created in the board
> diff --git a/hw/isa/Makefile.objs b/hw/isa/Makefile.objs
> index ff97485504..8e73960a75 100644
> --- a/hw/isa/Makefile.objs
> +++ b/hw/isa/Makefile.objs
> @@ -3,6 +3,7 @@ common-obj-$(CONFIG_ISA_SUPERIO) += isa-superio.o
>  common-obj-$(CONFIG_APM) += apm.o
>  common-obj-$(CONFIG_I82378) += i82378.o
>  common-obj-$(CONFIG_PC87312) += pc87312.o
> +common-obj-$(CONFIG_PIIX3) += piix3.o
>  common-obj-$(CONFIG_PIIX4) += piix4.o
>  common-obj-$(CONFIG_VT82C686) += vt82c686.o
>  common-obj-$(CONFIG_SMC37C669) += smc37c669-superio.o
> diff --git a/hw/isa/piix3.c b/hw/isa/piix3.c
> new file mode 100644
> index 00..05146447ef
> --- /dev/null
> +++ b/hw/isa/piix3.c
> @@ -0,0 +1,399 @@
> +/*
> + * QEMU PIIX PCI ISA Bridge Emulation
> + *
> + * Copyright (c) 2006 Fabrice Bellard
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining
> a copy
> + * of this software and associated documentation files (the "Software"),
> to deal
> + * in the Software without restriction, including without limitation the
> rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or
> sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
> OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
> ARISING FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
> IN
> + * THE SOFTWARE.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/range.h"
> +#include "hw/southbridge/piix.h"
> +#include "hw/irq.h"
> +#include "hw/isa/isa.h"
> +#include "hw/xen/xen.h"
> +#include "sysemu/sysemu.h"
> +#include "sysemu/reset.h"
> +#include "sysemu/runstate.h"
> +#include "migration/vmstate.h"
> +
> +#define XEN_PIIX_NUM_PIRQS  128ULL
> +
> +#define TYPE_PIIX3_PCI_DEVICE "pci-piix3"
> +#define PIIX3_PCI_DEVICE(obj) \
> +OBJECT_CHECK(PIIX3State, (obj), TYPE_PIIX3_PCI_DEVICE)
> +
> +#define TYPE_PIIX3_DEVICE "PIIX3"
> +#define TYPE_PIIX3_XEN_DEVICE "PIIX3-xen"
> +
> +static void piix3_set_irq_pic(PIIX3State *piix3, int pic_irq)
> +{
> +qemu_set_irq(piix3->pic[pic_irq],
> + !!(piix3->pic_levels &
> +(((1ULL << PIIX_NUM_PIRQS) - 1) <<
> + (pic_irq * PIIX_NUM_PIRQS;
> +}
> +
> +static void piix3_set_irq_level_internal(PIIX3State *piix3, int pirq,
> int level)
> +{
> +int pic_irq;
> +uint64_t mask;
> +
> +pic_irq = piix3->dev.config[PIIX_PIRQCA + pirq];
> +

Re: [PATCH 31/32] hw/pci-host: Rename incorrectly named 'piix' as 'i440fx'

[Aleksandar Markovic]

On Tuesday, October 15, 2019, Philippe Mathieu-Daudé 
wrote:

> From: Philippe Mathieu-Daudé 
>
> We moved all the PIIX3 southbridge code out of hw/pci-host/piix.c,
> it now only contains i440FX northbridge code.
> Rename it to match the chipset modelled.
>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  MAINTAINERS  | 2 +-
>  hw/i386/Kconfig  | 2 +-
>  hw/pci-host/Kconfig  | 2 +-
>  hw/pci-host/Makefile.objs| 2 +-
>  hw/pci-host/{piix.c => i440fx.c} | 0
>  5 files changed, 4 insertions(+), 4 deletions(-)
>  rename hw/pci-host/{piix.c => i440fx.c} (100%)
>
>

Reviewed-by: Aleksandar Markovic 


> diff --git a/MAINTAINERS b/MAINTAINERS
> index 4845f47d93..1bc9959b8a 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1225,7 +1225,7 @@ M: Marcel Apfelbaum 
>  S: Supported
>  F: include/hw/i386/
>  F: hw/i386/
> -F: hw/pci-host/piix.c
> +F: hw/pci-host/i440fx.c
>  F: hw/pci-host/q35.c
>  F: hw/pci-host/pam.c
>  F: include/hw/pci-host/i440fx.h
> diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
> index 589d75e26a..cfe94aede7 100644
> --- a/hw/i386/Kconfig
> +++ b/hw/i386/Kconfig
> @@ -60,7 +60,7 @@ config I440FX
>  select PC_PCI
>  select PC_ACPI
>  select ACPI_SMBUS
> -select PCI_PIIX
> +select PCI_I440FX
>  select PIIX3
>  select IDE_PIIX
>  select DIMM
> diff --git a/hw/pci-host/Kconfig b/hw/pci-host/Kconfig
> index 397043b289..b0aa8351c4 100644
> --- a/hw/pci-host/Kconfig
> +++ b/hw/pci-host/Kconfig
> @@ -28,7 +28,7 @@ config PCI_SABRE
>  select PCI
>  bool
>
> -config PCI_PIIX
> +config PCI_I440FX
>  bool
>  select PCI
>  select PAM
> diff --git a/hw/pci-host/Makefile.objs b/hw/pci-host/Makefile.objs
> index a9cd3e022d..efd752b766 100644
> --- a/hw/pci-host/Makefile.objs
> +++ b/hw/pci-host/Makefile.objs
> @@ -13,7 +13,7 @@ common-obj-$(CONFIG_VERSATILE_PCI) += versatile.o
>
>  common-obj-$(CONFIG_PCI_SABRE) += sabre.o
>  common-obj-$(CONFIG_FULONG) += bonito.o
> -common-obj-$(CONFIG_PCI_PIIX) += piix.o
> +common-obj-$(CONFIG_PCI_I440FX) += i440fx.o
>  common-obj-$(CONFIG_PCI_EXPRESS_Q35) += q35.o
>  common-obj-$(CONFIG_PCI_EXPRESS_GENERIC_BRIDGE) += gpex.o
>  common-obj-$(CONFIG_PCI_EXPRESS_XILINX) += xilinx-pcie.o
> diff --git a/hw/pci-host/piix.c b/hw/pci-host/i440fx.c
> similarity index 100%
> rename from hw/pci-host/piix.c
> rename to hw/pci-host/i440fx.c
> --
> 2.21.0
>
>
>

Re: [PATCH 1/2] spapr: Introduce a interrupt presenter reset handler

[Greg Kurz]

On Fri, 18 Oct 2019 13:47:07 +1100
David Gibson  wrote:

> On Thu, Oct 17, 2019 at 04:42:40PM +0200, Cédric Le Goater wrote:
> > The interrupt presenters are not reseted today.
> 
> I don't think that's accurate.  We register reset handlers for both
> ICP and TCTX already.  We might not be resetting in quite the right
> order, but this will need a clearer description of what's changing.
> 
> Also, with this patch as is, I think we'll reset twice (once from the
> registered handler, once via the cpu).
> 

That makes three at first boot since we also reset the CPU during
realize :) But yes, if we go that way, we should probably change
the pnv machine to do the same and stop registering reset handlers.

> > Extend the sPAPR IRQ
> > backend with a new cpu_intc_reset() handler which will be called by
> > the CPU reset handler.
> > 
> > spapr_realize_vcpu() is modified to call the CPU reset only after the
> > the intc presenter has been created.
> > 
> > Signed-off-by: Cédric Le Goater 
> > ---
> >  include/hw/ppc/spapr_irq.h |  4 
> >  include/hw/ppc/xics.h  |  1 +
> >  include/hw/ppc/xive.h  |  1 +
> >  hw/intc/spapr_xive.c   |  8 
> >  hw/intc/xics.c |  5 +
> >  hw/intc/xics_spapr.c   |  8 
> >  hw/intc/xive.c | 11 ---
> >  hw/ppc/spapr_cpu_core.c|  8 ++--
> >  hw/ppc/spapr_irq.c | 21 +
> >  9 files changed, 62 insertions(+), 5 deletions(-)
> > 
> > diff --git a/include/hw/ppc/spapr_irq.h b/include/hw/ppc/spapr_irq.h
> > index 5e150a667902..78327496c102 100644
> > --- a/include/hw/ppc/spapr_irq.h
> > +++ b/include/hw/ppc/spapr_irq.h
> > @@ -52,6 +52,8 @@ typedef struct SpaprInterruptControllerClass {
> >   */
> >  int (*cpu_intc_create)(SpaprInterruptController *intc,
> >  PowerPCCPU *cpu, Error **errp);
> > +int (*cpu_intc_reset)(SpaprInterruptController *intc, PowerPCCPU *cpu,
> > +  Error **errp);
> >  int (*claim_irq)(SpaprInterruptController *intc, int irq, bool lsi,
> >   Error **errp);
> >  void (*free_irq)(SpaprInterruptController *intc, int irq);
> > @@ -68,6 +70,8 @@ void spapr_irq_update_active_intc(SpaprMachineState 
> > *spapr);
> >  
> >  int spapr_irq_cpu_intc_create(SpaprMachineState *spapr,
> >PowerPCCPU *cpu, Error **errp);
> > +int spapr_irq_cpu_intc_reset(SpaprMachineState *spapr,
> > + PowerPCCPU *cpu, Error **errp);
> >  void spapr_irq_print_info(SpaprMachineState *spapr, Monitor *mon);
> >  void spapr_irq_dt(SpaprMachineState *spapr, uint32_t nr_servers,
> >void *fdt, uint32_t phandle);
> > diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
> > index 1e6a9300eb2b..602173c12250 100644
> > --- a/include/hw/ppc/xics.h
> > +++ b/include/hw/ppc/xics.h
> > @@ -161,6 +161,7 @@ void icp_set_mfrr(ICPState *icp, uint8_t mfrr);
> >  uint32_t icp_accept(ICPState *ss);
> >  uint32_t icp_ipoll(ICPState *ss, uint32_t *mfrr);
> >  void icp_eoi(ICPState *icp, uint32_t xirr);
> > +void icp_reset(ICPState *icp);
> >  
> >  void ics_write_xive(ICSState *ics, int nr, int server,
> >  uint8_t priority, uint8_t saved_priority);
> > diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
> > index fd3319bd3202..99381639f50c 100644
> > --- a/include/hw/ppc/xive.h
> > +++ b/include/hw/ppc/xive.h
> > @@ -415,6 +415,7 @@ uint64_t xive_tctx_tm_read(XiveTCTX *tctx, hwaddr 
> > offset, unsigned size);
> >  
> >  void xive_tctx_pic_print_info(XiveTCTX *tctx, Monitor *mon);
> >  Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp);
> > +void xive_tctx_reset(XiveTCTX *tctx);
> >  
> >  static inline uint32_t xive_nvt_cam_line(uint8_t nvt_blk, uint32_t nvt_idx)
> >  {
> > diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
> > index ba32d2cc5b0f..0c3acf1a4192 100644
> > --- a/hw/intc/spapr_xive.c
> > +++ b/hw/intc/spapr_xive.c
> > @@ -553,6 +553,13 @@ static int 
> > spapr_xive_cpu_intc_create(SpaprInterruptController *intc,
> >  return 0;
> >  }
> >  
> > +static int spapr_xive_cpu_intc_reset(SpaprInterruptController *intc,
> > + PowerPCCPU *cpu, Error **errp)
> > +{
> > +xive_tctx_reset(spapr_cpu_state(cpu)->tctx);
> > +return 0;
> > +}
> > +
> >  static void spapr_xive_set_irq(SpaprInterruptController *intc, int irq, 
> > int val)
> >  {
> >  SpaprXive *xive = SPAPR_XIVE(intc);
> > @@ -697,6 +704,7 @@ static void spapr_xive_class_init(ObjectClass *klass, 
> > void *data)
> >  sicc->activate = spapr_xive_activate;
> >  sicc->deactivate = spapr_xive_deactivate;
> >  sicc->cpu_intc_create = spapr_xive_cpu_intc_create;
> > +sicc->cpu_intc_reset = spapr_xive_cpu_intc_reset;
> >  sicc->claim_irq = spapr_xive_claim_irq;
> >  sicc->free_irq = spapr_xive_free_irq;
> >  sicc->set_irq = spapr_xive_set_irq;
> > diff --git a/

Re: [PATCH 2/2] spapr/xive: Set the OS CAM line at reset

[Cédric Le Goater]

On 18/10/2019 05:55, David Gibson wrote:
> On Thu, Oct 17, 2019 at 04:42:41PM +0200, Cédric Le Goater wrote:
>> When a Virtual Processor is scheduled to run on a HW thread, the
>> hypervisor pushes its identifier in the OS CAM line. When running in
>> TCG or kernel_irqchip=off, QEMU needs to emulate the same behavior.
>>
>> Introduce a 'os-cam' property which will be used to set the OS CAM
>> line at reset and remove the spapr_xive_set_tctx_os_cam() calls which
>> are done when the XIVE interrupt controller are activated.
> 
> I'm not immediately seeing the advantage of doing this via a property,
> rather than poking it from the PAPR code which already knows the right
> values.

we can simplify by passing the OS CAM line value as a parameter of the 
xive_tctx_reset routine, as suggested by Greg.

> 
> Also, let me check my understanding:
>   IIUC, on powernv the OS (running in HV mode) can alter the OS CAM
>   lines for itself 

OPAL only sets the VT bit in the HW cam line.

Linux PowerNV sets the POOL CAM line.

> and/or its guests, 

KVM sets the OS CAM line when a vCPU is scheduled to run.

> but for pseries they're fixed in place.  Is that right?

QEMU emulates KVM and sets the OS CAM line to a value similar to what KVM
would use. We can consider this value a reset constant.

C.

 
>> This change also has the benefit to remove the use of CPU_FOREACH()
>> which can be unsafe.
>>
>> Signed-off-by: Cédric Le Goater 
>> ---
>>  include/hw/ppc/spapr_xive.h |  1 -
>>  include/hw/ppc/xive.h   |  4 +++-
>>  hw/intc/spapr_xive.c| 31 +--
>>  hw/intc/xive.c  | 22 +-
>>  hw/ppc/pnv.c|  3 ++-
>>  5 files changed, 31 insertions(+), 30 deletions(-)
>>
>> diff --git a/include/hw/ppc/spapr_xive.h b/include/hw/ppc/spapr_xive.h
>> index d84bd5c229f0..742b7e834f2a 100644
>> --- a/include/hw/ppc/spapr_xive.h
>> +++ b/include/hw/ppc/spapr_xive.h
>> @@ -57,7 +57,6 @@ typedef struct SpaprXive {
>>  void spapr_xive_pic_print_info(SpaprXive *xive, Monitor *mon);
>>  
>>  void spapr_xive_hcall_init(SpaprMachineState *spapr);
>> -void spapr_xive_set_tctx_os_cam(XiveTCTX *tctx);
>>  void spapr_xive_mmio_set_enabled(SpaprXive *xive, bool enable);
>>  void spapr_xive_map_mmio(SpaprXive *xive);
>>  
>> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
>> index 99381639f50c..e273069c25a9 100644
>> --- a/include/hw/ppc/xive.h
>> +++ b/include/hw/ppc/xive.h
>> @@ -319,6 +319,7 @@ typedef struct XiveTCTX {
>>  qemu_irqos_output;
>>  
>>  uint8_t regs[XIVE_TM_RING_COUNT * XIVE_TM_RING_SIZE];
>> +uint32_tos_cam;
>>  } XiveTCTX;
>>  
>>  /*
>> @@ -414,7 +415,8 @@ void xive_tctx_tm_write(XiveTCTX *tctx, hwaddr offset, 
>> uint64_t value,
>>  uint64_t xive_tctx_tm_read(XiveTCTX *tctx, hwaddr offset, unsigned size);
>>  
>>  void xive_tctx_pic_print_info(XiveTCTX *tctx, Monitor *mon);
>> -Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp);
>> +Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, uint32_t os_cam,
>> + Error **errp);
>>  void xive_tctx_reset(XiveTCTX *tctx);
>>  
>>  static inline uint32_t xive_nvt_cam_line(uint8_t nvt_blk, uint32_t nvt_idx)
>> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
>> index 0c3acf1a4192..71f138512a1c 100644
>> --- a/hw/intc/spapr_xive.c
>> +++ b/hw/intc/spapr_xive.c
>> @@ -205,21 +205,13 @@ void spapr_xive_mmio_set_enabled(SpaprXive *xive, bool 
>> enable)
>>  memory_region_set_enabled(&xive->end_source.esb_mmio, false);
>>  }
>>  
>> -/*
>> - * When a Virtual Processor is scheduled to run on a HW thread, the
>> - * hypervisor pushes its identifier in the OS CAM line. Emulate the
>> - * same behavior under QEMU.
>> - */
>> -void spapr_xive_set_tctx_os_cam(XiveTCTX *tctx)
>> +static uint32_t spapr_xive_get_os_cam(PowerPCCPU *cpu)
>>  {
>>  uint8_t  nvt_blk;
>>  uint32_t nvt_idx;
>> -uint32_t nvt_cam;
>> -
>> -spapr_xive_cpu_to_nvt(POWERPC_CPU(tctx->cs), &nvt_blk, &nvt_idx);
>>  
>> -nvt_cam = cpu_to_be32(TM_QW1W2_VO | xive_nvt_cam_line(nvt_blk, 
>> nvt_idx));
>> -memcpy(&tctx->regs[TM_QW1_OS + TM_WORD2], &nvt_cam, 4);
>> +spapr_xive_cpu_to_nvt(cpu, &nvt_blk, &nvt_idx);
>> +return xive_nvt_cam_line(nvt_blk, nvt_idx);
>>  }
>>  
>>  static void spapr_xive_end_reset(XiveEND *end)
>> @@ -537,19 +529,14 @@ static int 
>> spapr_xive_cpu_intc_create(SpaprInterruptController *intc,
>>  SpaprXive *xive = SPAPR_XIVE(intc);
>>  Object *obj;
>>  SpaprCpuState *spapr_cpu = spapr_cpu_state(cpu);
>> +uint32_t os_cam = spapr_xive_get_os_cam(cpu);
>>  
>> -obj = xive_tctx_create(OBJECT(cpu), XIVE_ROUTER(xive), errp);
>> +obj = xive_tctx_create(OBJECT(cpu), XIVE_ROUTER(xive), os_cam, errp);
>>  if (!obj) {
>>  return -1;
>>  }
>>  
>>  spapr_cpu->tctx = XIVE_TCTX(obj);
>> -
>> -/*
>> - * (TCG) Early setting the OS CAM line for hotplugged CPUs as they
>> - * 

Re: [PATCH v2 2/2] migration: savevm_state_handler_insert: constant-time element insertion

[Dr. David Alan Gilbert]

* Laurent Vivier (lviv...@redhat.com) wrote:
> On 18/10/2019 10:16, Dr. David Alan Gilbert wrote:
> > * Scott Cheloha (chel...@linux.vnet.ibm.com) wrote:
> >> savevm_state's SaveStateEntry TAILQ is a priority queue.  Priority
> >> sorting is maintained by searching from head to tail for a suitable
> >> insertion spot.  Insertion is thus an O(n) operation.
> >>
> >> If we instead keep track of the head of each priority's subqueue
> >> within that larger queue we can reduce this operation to O(1) time.
> >>
> >> savevm_state_handler_remove() becomes slightly more complex to
> >> accomodate these gains: we need to replace the head of a priority's
> >> subqueue when removing it.
> >>
> >> With O(1) insertion, booting VMs with many SaveStateEntry objects is
> >> more plausible.  For example, a ppc64 VM with maxmem=8T has 4 such
> >> objects to insert.
> > 
> > Separate from reviewing this patch, I'd like to understand why you've
> > got 4 objects.  This feels very very wrong and is likely to cause
> > problems to random other bits of qemu as well.
> 
> I think the 4 objects are the "dr-connectors" that are used to plug
> peripherals (memory, pci card, cpus, ...).

Yes, Scott confirmed that in the reply to the previous version.
IMHO nothing in qemu is designed to deal with that many devices/objects
- I'm sure that something other than the migration code is going to get upset.

Is perhaps the structure wrong somewhere - should there be a single DRC
device that knows about all DRCs?

Dave


> https://github.com/qemu/qemu/blob/master/hw/ppc/spapr_drc.c
> 
> They are part of SPAPR specification.
> 
> https://raw.githubusercontent.com/qemu/qemu/master/docs/specs/ppc-spapr-hotplug.txt
> 
> CC Michael Roth
> 
> Thanks,
> Laurent
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [PATCH 1/2] spapr: Introduce a interrupt presenter reset handler

[Cédric Le Goater]

On 18/10/2019 04:47, David Gibson wrote:
> On Thu, Oct 17, 2019 at 04:42:40PM +0200, Cédric Le Goater wrote:
>> The interrupt presenters are not reseted today.
> 
> I don't think that's accurate.  We register reset handlers for both
> ICP and TCTX already.  We might not be resetting in quite the right
> order, but this will need a clearer description of what's changing.
> 
> Also, with this patch as is, I think we'll reset twice (once from the
> registered handler, once via the cpu).

Unless the CPU is hotplugged, in which case it is only called once
in the realize handler ...

C. 

> 
>> Extend the sPAPR IRQ
>> backend with a new cpu_intc_reset() handler which will be called by
>> the CPU reset handler.
>>
>> spapr_realize_vcpu() is modified to call the CPU reset only after the
>> the intc presenter has been created.
>>
>> Signed-off-by: Cédric Le Goater 
>> ---
>>  include/hw/ppc/spapr_irq.h |  4 
>>  include/hw/ppc/xics.h  |  1 +
>>  include/hw/ppc/xive.h  |  1 +
>>  hw/intc/spapr_xive.c   |  8 
>>  hw/intc/xics.c |  5 +
>>  hw/intc/xics_spapr.c   |  8 
>>  hw/intc/xive.c | 11 ---
>>  hw/ppc/spapr_cpu_core.c|  8 ++--
>>  hw/ppc/spapr_irq.c | 21 +
>>  9 files changed, 62 insertions(+), 5 deletions(-)
>>
>> diff --git a/include/hw/ppc/spapr_irq.h b/include/hw/ppc/spapr_irq.h
>> index 5e150a667902..78327496c102 100644
>> --- a/include/hw/ppc/spapr_irq.h
>> +++ b/include/hw/ppc/spapr_irq.h
>> @@ -52,6 +52,8 @@ typedef struct SpaprInterruptControllerClass {
>>   */
>>  int (*cpu_intc_create)(SpaprInterruptController *intc,
>>  PowerPCCPU *cpu, Error **errp);
>> +int (*cpu_intc_reset)(SpaprInterruptController *intc, PowerPCCPU *cpu,
>> +  Error **errp);
>>  int (*claim_irq)(SpaprInterruptController *intc, int irq, bool lsi,
>>   Error **errp);
>>  void (*free_irq)(SpaprInterruptController *intc, int irq);
>> @@ -68,6 +70,8 @@ void spapr_irq_update_active_intc(SpaprMachineState 
>> *spapr);
>>  
>>  int spapr_irq_cpu_intc_create(SpaprMachineState *spapr,
>>PowerPCCPU *cpu, Error **errp);
>> +int spapr_irq_cpu_intc_reset(SpaprMachineState *spapr,
>> + PowerPCCPU *cpu, Error **errp);
>>  void spapr_irq_print_info(SpaprMachineState *spapr, Monitor *mon);
>>  void spapr_irq_dt(SpaprMachineState *spapr, uint32_t nr_servers,
>>void *fdt, uint32_t phandle);
>> diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
>> index 1e6a9300eb2b..602173c12250 100644
>> --- a/include/hw/ppc/xics.h
>> +++ b/include/hw/ppc/xics.h
>> @@ -161,6 +161,7 @@ void icp_set_mfrr(ICPState *icp, uint8_t mfrr);
>>  uint32_t icp_accept(ICPState *ss);
>>  uint32_t icp_ipoll(ICPState *ss, uint32_t *mfrr);
>>  void icp_eoi(ICPState *icp, uint32_t xirr);
>> +void icp_reset(ICPState *icp);
>>  
>>  void ics_write_xive(ICSState *ics, int nr, int server,
>>  uint8_t priority, uint8_t saved_priority);
>> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
>> index fd3319bd3202..99381639f50c 100644
>> --- a/include/hw/ppc/xive.h
>> +++ b/include/hw/ppc/xive.h
>> @@ -415,6 +415,7 @@ uint64_t xive_tctx_tm_read(XiveTCTX *tctx, hwaddr 
>> offset, unsigned size);
>>  
>>  void xive_tctx_pic_print_info(XiveTCTX *tctx, Monitor *mon);
>>  Object *xive_tctx_create(Object *cpu, XiveRouter *xrtr, Error **errp);
>> +void xive_tctx_reset(XiveTCTX *tctx);
>>  
>>  static inline uint32_t xive_nvt_cam_line(uint8_t nvt_blk, uint32_t nvt_idx)
>>  {
>> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
>> index ba32d2cc5b0f..0c3acf1a4192 100644
>> --- a/hw/intc/spapr_xive.c
>> +++ b/hw/intc/spapr_xive.c
>> @@ -553,6 +553,13 @@ static int 
>> spapr_xive_cpu_intc_create(SpaprInterruptController *intc,
>>  return 0;
>>  }
>>  
>> +static int spapr_xive_cpu_intc_reset(SpaprInterruptController *intc,
>> + PowerPCCPU *cpu, Error **errp)
>> +{
>> +xive_tctx_reset(spapr_cpu_state(cpu)->tctx);
>> +return 0;
>> +}
>> +
>>  static void spapr_xive_set_irq(SpaprInterruptController *intc, int irq, int 
>> val)
>>  {
>>  SpaprXive *xive = SPAPR_XIVE(intc);
>> @@ -697,6 +704,7 @@ static void spapr_xive_class_init(ObjectClass *klass, 
>> void *data)
>>  sicc->activate = spapr_xive_activate;
>>  sicc->deactivate = spapr_xive_deactivate;
>>  sicc->cpu_intc_create = spapr_xive_cpu_intc_create;
>> +sicc->cpu_intc_reset = spapr_xive_cpu_intc_reset;
>>  sicc->claim_irq = spapr_xive_claim_irq;
>>  sicc->free_irq = spapr_xive_free_irq;
>>  sicc->set_irq = spapr_xive_set_irq;
>> diff --git a/hw/intc/xics.c b/hw/intc/xics.c
>> index b5ac408f7b74..652771d6a5a5 100644
>> --- a/hw/intc/xics.c
>> +++ b/hw/intc/xics.c
>> @@ -295,6 +295,11 @@ static void icp_reset_handler(void *dev)
>>  }
>>  }
>>  
>> +void 

[PATCH v8 0/3] qcow2: add zstd cluster compression

[Vladimir Sementsov-Ogievskiy]

Hi all!

Here is my proposal, about how to correctly update qcow2 specification
to introduce new field, keeping in mind currently existing images and
downstream Qemu instances.

v8: Add padding, and clarify "zero equals absence" concept.
Move some points to commit message from the spec itself.
Fix s/108/105 in 02

Vladimij Sementsov-Ogievskiy (3):
  docs: improve qcow2 spec about extending image header
  docs: define padding for qcow2 header
  docs: qcow2: introduce compression type feature

 docs/interop/qcow2.txt | 48 +++---
 1 file changed, 45 insertions(+), 3 deletions(-)

-- 
2.21.0

[PATCH v8 2/3] docs: define padding for qcow2 header

[Vladimir Sementsov-Ogievskiy]

Header extensions ends are already defined to be multiply of 8. Let's
gently ask for header length to be a multiply of 8 too, when we have
some additional fields. Requiring this may be considered as an
incompatible change, so the padding is optional. Actually, padding is
allowed before this patch (due to definition of additional fields),
the only actual change is "SHOULD" word.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 docs/interop/qcow2.txt | 5 +
 1 file changed, 5 insertions(+)

diff --git a/docs/interop/qcow2.txt b/docs/interop/qcow2.txt
index 4709f3bb30..b971e59b1a 100644
--- a/docs/interop/qcow2.txt
+++ b/docs/interop/qcow2.txt
@@ -185,6 +185,11 @@ which is covered by @header_length must be zeroed.
 
 < ... No additional fields in the header currently ... >
 
+Header padding
+If @header_length is larger than 104, software SHOULD make it a
+multiply of 8, adding zero-padding after additional fields. Still the
+padding is optional and may be absent in the image.
+
 Directly after the image header, optional sections called header extensions can
 be stored. Each extension has a structure like the following:
 
-- 
2.21.0

[PATCH v8 3/3] docs: qcow2: introduce compression type feature

[Vladimir Sementsov-Ogievskiy]

The patch add new additional field to qcow2 header: compression_type,
which specifies compression type. If field is absent or zero, default
compression type is set: ZLIB, which corresponds to current behavior.

New compression type (ZSTD) is to be added in further commit.

Suggested-by: Denis Plotnikov 
Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 docs/interop/qcow2.txt | 19 ++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/docs/interop/qcow2.txt b/docs/interop/qcow2.txt
index b971e59b1a..4eabd81363 100644
--- a/docs/interop/qcow2.txt
+++ b/docs/interop/qcow2.txt
@@ -109,6 +109,12 @@ least next five fields, up to the @header_length field.
 An External Data File Name header extension may
 be present if this bit is set.
 
+Bit 3:  Compression type bit.  If this bit is set,
+non-default compression is used for compressed
+clusters. In this case, @header_length must
+be at least 105 and @compression_type field
+must be non-zero.
+
 Bits 3-63:  Reserved (set to 0)
 
  80 -  87:  compatible_features
@@ -183,7 +189,18 @@ It's allowed for the header end to cut some field in the 
middle (in this case
 the field is considered as absent), but in this case the part of the field
 which is covered by @header_length must be zeroed.
 
-< ... No additional fields in the header currently ... >
+  104:  compression_type
+Defines the compression method used for compressed 
clusters.
+A single compression type is applied to all compressed 
image
+clusters.
+If incompatible compression type bit is set: the field must
+exist (i.e. @header_length >= 105) and must be non-zero (
+which means non-zlib compression type)
+If incompatible compression type bit is unset: the field
+may not exist (if @header_length < 105) or it must be zero
+(which means zlib).
+Available compression type values:
+0: zlib 
 
 Header padding
 If @header_length is larger than 104, software SHOULD make it a
-- 
2.21.0

[PATCH v8 1/3] docs: improve qcow2 spec about extending image header

[Vladimir Sementsov-Ogievskiy]

Make it more obvious how to add new fields to the version 3 header and
how to interpret them.

The specification is adjusted so for new defined optional fields:

1. Software may support some of these optional fields and ignore the
   others, which means that features may be backported to downstream
   Qemu independently.
3. If @header_length is higher than the highest field end that software
   knows, it should assume that topmost unknown additional fields are
   correct, and keep additional unknown fields as is on rewriting the
   image.
3. If we want to add incompatible field (or a field, for which some its
   values would be incompatible), it must be accompanied by
   incompatible feature bit.

Also the concept of "default is zero" is clarified, as it's strange to
say that the value of the field is assumed to be zero for the software
version which don't know about the field at all and don't know how to
treat it be it zero or not.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 docs/interop/qcow2.txt | 26 +++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/docs/interop/qcow2.txt b/docs/interop/qcow2.txt
index af5711e533..4709f3bb30 100644
--- a/docs/interop/qcow2.txt
+++ b/docs/interop/qcow2.txt
@@ -79,9 +79,9 @@ The first cluster of a qcow2 image contains the file header:
 Offset into the image file at which the snapshot table
 starts. Must be aligned to a cluster boundary.
 
-If the version is 3 or higher, the header has the following additional fields.
-For version 2, the values are assumed to be zero, unless specified otherwise
-in the description of a field.
+For version 2, header is always 72 bytes length and finishes here.
+For version 3 or higher the header length is at least 104 bytes and has at
+least next five fields, up to the @header_length field.
 
  72 -  79:  incompatible_features
 Bitmask of incompatible features. An implementation must
@@ -164,6 +164,26 @@ in the description of a field.
 100 - 103:  header_length
 Length of the header structure in bytes. For version 2
 images, the length is always assumed to be 72 bytes.
+For version 3 it's at least 104 bytes.
+
+Additional fields (version 3 and higher)
+
+The following fields of the header are optional: if software doesn't know how
+to interpret the field, it may be safely ignored, other than preserving the
+field unchanged when rewriting the image header.
+
+For all additional fields zero value equals to absence of field (absence is
+when field.offset + field.size > @header_length). This implies
+that if software want's to set fields up to some field not aligned to multiply
+of 8 it must align header up by zeroes. And on the other hand, if software
+need some optional field which is absent it should assume that it's value is
+zero.
+
+It's allowed for the header end to cut some field in the middle (in this case
+the field is considered as absent), but in this case the part of the field
+which is covered by @header_length must be zeroed.
+
+< ... No additional fields in the header currently ... >
 
 Directly after the image header, optional sections called header extensions can
 be stored. Each extension has a structure like the following:
-- 
2.21.0

Re: [PULL 00/18] x86 and machine queue, 2019-10-15

[Peter Maydell]

On Tue, 15 Oct 2019 at 22:37, Eduardo Habkost  wrote:
>
> The following changes since commit 69b81893bc28feb678188fbcdce52eff1609bdad:
>
>   Merge remote-tracking branch 
> 'remotes/pmaydell/tags/pull-target-arm-20191015' into staging (2019-10-15 
> 18:15:59 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/ehabkost/qemu.git tags/machine-next-pull-request
>
> for you to fetch changes up to 69edb0f37a52053978de65a81241ef171a6f2396:
>
>   target/i386: Add Snowridge-v2 (no MPX) CPU model (2019-10-15 18:34:44 -0300)
>
> 
> x86 and machine queue, 2019-10-15
>
> Features:
> * Snowridge-v2 (no MPX) CPU model (Xiaoyao Li)
>
> Bug fixes:
> * cpu-plug-test: fix device_add for pc/q35 machines (Igor Mammedov)
> * Fix legacy guest with xsave panic on older Linux kernel (Bingsong Si)
> * Omit all-zeroes entries from KVM CPUID table (Eduardo Habkost)
>
> Cleanups:
> * Convert reset handlers to DeviceReset (Philippe Mathieu-Daudé)
> * MachineClass::auto_enable_numa field (Tao Xu)
> * target/i386/cpu.h cleanups (Tao Xu)
> * memory_device_get_free_addr() cleanups (Wei Yang)
>

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.2
for any user-visible changes.

-- PMM

[PATCH] qemu-img.texi: Describe data_file and data_file_raw

[Han Han]

https://bugzilla.redhat.com/show_bug.cgi?id=1763105

Signed-off-by: Han Han 
---
 qemu-img.texi | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/qemu-img.texi b/qemu-img.texi
index b5156d6316..44596c2d93 100644
--- a/qemu-img.texi
+++ b/qemu-img.texi
@@ -763,6 +763,16 @@ file which is COW and has data blocks already, it couldn't 
be changed to NOCOW
 by setting @code{nocow=on}. One can issue @code{lsattr filename} to check if
 the NOCOW flag is set or not (Capital 'C' is NOCOW flag).
 
+@item data_file
+File name of data file that is stored in the image and used as a default for
+opening the image. If the option is used, qcow2 file only stores the metadata
+of the image.
+
+@item data_file_raw
+This option requires @option{data_file}. If this option is set to @code{on},
+qemu will always keep the external data file consistent as a standalone
+read-only raw image. Default value is @code{off}.
+
 @end table
 
 @item Other
-- 
2.20.1

Re: [PATCH v2 7/7] libqos: add VIRTIO PCI 1.0 support

[Stefan Hajnoczi]

On Fri, Oct 18, 2019 at 08:48:23AM +0200, Thomas Huth wrote:
> On 17/10/2019 18.18, Thomas Huth wrote:
> > On 17/10/2019 18.07, Stefan Hajnoczi wrote:
> >> On Thu, Oct 17, 2019 at 04:52:54PM +0200, Thomas Huth wrote:
> >>> On 11/10/2019 10.56, Stefan Hajnoczi wrote:
>  Implement the VIRTIO 1.0 virtio-pci interface.  The main change here is
>  that the register layout is no longer a fixed layout in BAR 0.  Instead
>  we have to iterate of PCI Capabilities to find descriptions of where
>  various registers are located.  The vring registers are also more
>  fine-grained, allowing for more flexible vring layouts, but we don't
>  take advantage of that.
> 
>  Note that test cases do not negotiate VIRTIO_F_VERSION_1 yet and are
>  therefore not running in VIRTIO 1.0 mode.
> 
>  Signed-off-by: Stefan Hajnoczi 
>  ---
>   tests/Makefile.include   |   1 +
>   tests/libqos/virtio-pci-modern.h |  17 ++
>   tests/libqos/virtio-pci.h|  10 +
>   tests/libqos/virtio-pci-modern.c | 412 +++
>   tests/libqos/virtio-pci.c|   6 +-
>   5 files changed, 445 insertions(+), 1 deletion(-)
>   create mode 100644 tests/libqos/virtio-pci-modern.h
>   create mode 100644 tests/libqos/virtio-pci-modern.c
> >>> [...]
>  +static bool probe_device_type(QVirtioPCIDevice *dev)
>  +{
>  +uint16_t vendor_id;
>  +uint16_t device_id;
>  +
>  +/* "Drivers MUST match devices with the PCI Vendor ID 0x1AF4" */
>  +vendor_id = qpci_config_readw(dev->pdev, PCI_VENDOR_ID);
>  +if (vendor_id != 0x1af4) {
>  +return false;
>  +}
>  +
>  +/*
>  + * "Any PCI device with ... PCI Device ID 0x1000 through 0x107F 
>  inclusive
>  + * is a virtio device"
>  + */
>  +device_id = qpci_config_readw(dev->pdev, PCI_DEVICE_ID);
>  +if (device_id < 0x1000 || device_id > 0x107f) {
>  +return false;
>  +}
>  +
>  +/*
>  + * "Devices MAY utilize a Transitional PCI Device ID range, 0x1000 
>  to
>  + * 0x103F depending on the device type"
>  + */
>  +if (device_id < 0x1040) {
>  +/*
>  + * "Transitional devices MUST have the PCI Subsystem Device ID 
>  matching
>  + * the Virtio Device ID"
>  + */
>  +dev->vdev.device_type = qpci_config_readw(dev->pdev, 
>  PCI_SUBSYSTEM_ID);
> >>>
> >>> Shouldn't you return "false" here in case the device_type is 0 ? Which
> >>> likely means that it is a legacy or broken device ...?
> >>
> >> The real decision whether to use this PCI device or not happens in
> >> probe_device_layout().  If it's broken or a legacy device then that
> >> function will fail.
> > 
> > Ok, fair.
> > 
> > I've added the patches to my qtest-next branch:
> > 
> > https://gitlab.com/huth/qemu/tree/qtest-next
> 
>  Hi Stephan,
> 
> looks like this is breaking the virtio-blk-test in certain configurations:
> 
>  https://gitlab.com/huth/qemu/-/jobs/324085741
> 
> and:
> 
>  https://cirrus-ci.com/task/4511314474434560
> 
> Could you please have a look?

On reading the VIRTIO specification again, I think my idea of supporting
the VIRTIO 1.0 PCI interface without actually negotiating the
VIRTIO_F_VERSION_1 feature bit is non-compliant:

  2.2.3 Legacy Interface: A Note on Feature Bits

  Transitional Drivers MUST detect Legacy Devices by detecting that the feature 
bit VIRTIO_F_VERSION_1 is not offered. [...]

  In this case device is used through the legacy interface.

Please drop this patch series for now.  Additional patches are required
to implement VIRTIO_F_VERSION_1 and then the endianness issue will go
away.  I will send a v2.

Stefan


signature.asc
Description: PGP signature

Re: [Virtio-fs] [PATCH 0/2] virtiofsd: Two fix for xattr operation

[Stefan Hajnoczi]

On Fri, Oct 18, 2019 at 09:16:36AM +0200, Miklos Szeredi wrote:
> On Thu, Oct 17, 2019 at 6:48 PM Miklos Szeredi  wrote:
> 
> > Even simpler: allow O_PATH descriptors for f*xattr().
> 
> Attached patch.  Will post shortly.
> 
> However, I think it would make sense to fix virtiofsd as well, as this
> will take time to percolate down, even if Al doesn't find anything
> wrong with it.
> 
> Doing unshare(CLONE_FS) after thread startup seems safe, though must
> be careful to change the working directory to the root of the mount
> *before* starting any threads.

Thank you for extending O_PATH, that's great!  This will be the cleanest
way to perform xattr operations.

If your patch is accepted I will send a man-pages.git patch to update
the open(2) O_PATH documentation (with a minimum kernel version).

I've added the unshare(CLONE_FS) task to my todo list in case no one
else gets to it first.  I may not have time to work on it before
Novemeber though.

Stefan


signature.asc
Description: PGP signature

Re: [PATCH 26/32] hw/pci-host/piix: Move RCR_IOPORT register definition

[Philippe Mathieu-Daudé]

On 10/18/19 11:19 AM, Aleksandar Markovic wrote:
On Tuesday, October 15, 2019, Philippe Mathieu-Daudé > wrote:


From: Philippe Mathieu-Daudé mailto:f4...@amsat.org>>

The RCR_IOPORT register belongs to the PIIX chipset.
Move the definition to "piix.h".

Signed-off-by: Philippe Mathieu-Daudé mailto:phi...@redhat.com>>
---
  hw/pci-host/piix.c            | 1 +
  include/hw/i386/pc.h          | 6 --
  include/hw/southbridge/piix.h | 6 ++
  3 files changed, 7 insertions(+), 6 deletions(-)


Does it make sense to add prefix PIIX_ or a similar one to the register 
name?


Good idea, it will make the comment in hw/i386/acpi-build.c:213 cleaner:

/* The above need not be conditional on machine type because the 
reset port

 * happens to be the same on PIIX (pc) and ICH9 (q35). */
QEMU_BUILD_BUG_ON(ICH9_RST_CNT_IOPORT != RCR_IOPORT);



In any case:

Reviewed-by: Aleksandar Markovic >


Thanks!



diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index 3292703de7..3770575c1a 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -27,6 +27,7 @@
  #include "hw/irq.h"
  #include "hw/pci/pci.h"
  #include "hw/pci/pci_host.h"
+#include "hw/southbridge/piix.h"
  #include "hw/qdev-properties.h"
  #include "hw/isa/isa.h"
  #include "hw/sysbus.h"
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 183326d9fe..1c20b96571 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -257,12 +257,6 @@ typedef struct PCII440FXState PCII440FXState;

  #define TYPE_IGD_PASSTHROUGH_I440FX_PCI_DEVICE
"igd-passthrough-i440FX"

-/*
- * Reset Control Register: PCI-accessible ISA-Compatible Register
at address
- * 0xcf9, provided by the PCI/ISA bridge (PIIX3 PCI function 0,
8086:7000).
- */
-#define RCR_IOPORT 0xcf9
-
  PCIBus *i440fx_init(const char *host_type, const char *pci_type,
                      PCII440FXState **pi440fx_state, int *piix_devfn,
                      ISABus **isa_bus, qemu_irq *pic,
diff --git a/include/hw/southbridge/piix.h
b/include/hw/southbridge/piix.h
index add352456b..79ebe0089b 100644
--- a/include/hw/southbridge/piix.h
+++ b/include/hw/southbridge/piix.h
@@ -18,6 +18,12 @@ I2CBus *piix4_pm_init(PCIBus *bus, int devfn,
uint32_t smb_io_base,
                        qemu_irq sci_irq, qemu_irq smi_irq,
                        int smm_enabled, DeviceState **piix4_pm);

+/*
+ * Reset Control Register: PCI-accessible ISA-Compatible Register
at address
+ * 0xcf9, provided by the PCI/ISA bridge (PIIX3 PCI function 0,
8086:7000).
+ */
+#define RCR_IOPORT 0xcf9
+
  extern PCIDevice *piix4_dev;

  DeviceState *piix4_create(PCIBus *pci_bus, ISABus **isa_bus,
-- 
2.21.0

[PULL 0/4] Ui 20191018 patches

[Gerd Hoffmann]

The following changes since commit f22f553efffd083ff624be116726f843a39f1148:

  Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20191013' into 
staging (2019-10-17 16:48:56 +0100)

are available in the Git repository at:

  git://git.kraxel.org/qemu tags/ui-20191018-pull-request

for you to fetch changes up to 707f75070a94c28889f887deef0ab4da09e25ddf:

  ui: fix keymap file search in input-barrier object (2019-10-18 10:40:46 +0200)


ui: bugfixes for cocoa, curses and input-barrier.



Hikaru Nishida (1):
  ui: Fix hanging up Cocoa display on macOS 10.15 (Catalina)

Laurent Vivier (1):
  ui: fix keymap file search in input-barrier object

Matthew Kilgore (2):
  curses: use the bit mask constants provided by curses
  curses: correctly pass the color pair to setcchar()

 ui/curses.c|  8 +---
 ui/input-barrier.c | 14 +++---
 ui/cocoa.m | 12 
 3 files changed, 24 insertions(+), 10 deletions(-)

-- 
2.18.1

[PULL 2/4] curses: use the bit mask constants provided by curses

[Gerd Hoffmann]

From: Matthew Kilgore 

The curses API provides the A_ATTRIBUTES and A_CHARTEXT bit masks for
getting the attributes and character parts of a chtype, respectively. We
should use provided constants instead of using 0xff.

Signed-off-by: Matthew Kilgore 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Samuel Thibault 
Tested-by: Samuel Thibault 
Message-id: 20191004035338.25601-2-mattkilgor...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 ui/curses.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui/curses.c b/ui/curses.c
index ec281125acbd..84003f56a323 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -75,8 +75,8 @@ static void curses_update(DisplayChangeListener *dcl,
 line = screen + y * width;
 for (h += y; y < h; y ++, line += width) {
 for (x = 0; x < width; x++) {
-chtype ch = line[x] & 0xff;
-chtype at = line[x] & ~0xff;
+chtype ch = line[x] & A_CHARTEXT;
+chtype at = line[x] & A_ATTRIBUTES;
 ret = getcchar(&vga_to_curses[ch], wch, &attrs, &colors, NULL);
 if (ret == ERR || wch[0] == 0) {
 wch[0] = ch;
-- 
2.18.1

[PULL 4/4] ui: fix keymap file search in input-barrier object

[Gerd Hoffmann]

From: Laurent Vivier 

If we try to start QEMU with "-k en-us", qemu prints a message and exits
with:

qemu-system-i386: could not read keymap file: 'en-us'

It's because this function is called way too early, before
qemu_add_data_dir() is called, and so qemu_find_file() fails.

To fix that, move init_keyboard_layout() from the class init function to the
instance init function.

Reported-by: Anthony PERARD 
Reviewed-by: Anthony PERARD 
Signed-off-by: Laurent Vivier 
Message-id: 20190923220658.27007-1-laur...@vivier.eu
Fixes: 6105683da35b ("ui: add an embedded Barrier client")
Signed-off-by: Laurent Vivier 
Signed-off-by: Gerd Hoffmann 
---
 ui/input-barrier.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/ui/input-barrier.c b/ui/input-barrier.c
index a2c961f285a4..fe35049b83a2 100644
--- a/ui/input-barrier.c
+++ b/ui/input-barrier.c
@@ -682,6 +682,13 @@ static void input_barrier_instance_init(Object *obj)
 {
 InputBarrier *ib = INPUT_BARRIER(obj);
 
+/* always use generic keymaps */
+if (keyboard_layout && !kbd_layout) {
+/* We use X11 key id, so use VNC name2keysym */
+kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout,
+  &error_fatal);
+}
+
 ib->saddr.type = SOCKET_ADDRESS_TYPE_INET;
 ib->saddr.u.inet.host = g_strdup("localhost");
 ib->saddr.u.inet.port = g_strdup("24800");
@@ -719,13 +726,6 @@ static void input_barrier_class_init(ObjectClass *oc, void 
*data)
 UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
 
 ucc->complete = input_barrier_complete;
-
-/* always use generic keymaps */
-if (keyboard_layout) {
-/* We use X11 key id, so use VNC name2keysym */
-kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout,
-  &error_fatal);
-}
 }
 
 static const TypeInfo input_barrier_info = {
-- 
2.18.1

[PULL 3/4] curses: correctly pass the color pair to setcchar()

[Gerd Hoffmann]

From: Matthew Kilgore 

The current code does not correctly pass the color pair information to
setcchar(), it instead always passes zero. This results in the curses
output always being in white on black.

This patch fixes this by using PAIR_NUMBER() to retrieve the color pair
number from the chtype value, and then passes that value as an argument
to setcchar().

Signed-off-by: Matthew Kilgore 
Reviewed-by: Samuel Thibault 
Tested-by: Samuel Thibault 
Message-id: 20191004035338.25601-3-mattkilgor...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 ui/curses.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ui/curses.c b/ui/curses.c
index 84003f56a323..3a1b71451c93 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -77,12 +77,14 @@ static void curses_update(DisplayChangeListener *dcl,
 for (x = 0; x < width; x++) {
 chtype ch = line[x] & A_CHARTEXT;
 chtype at = line[x] & A_ATTRIBUTES;
+short color_pair = PAIR_NUMBER(line[x]);
+
 ret = getcchar(&vga_to_curses[ch], wch, &attrs, &colors, NULL);
 if (ret == ERR || wch[0] == 0) {
 wch[0] = ch;
 wch[1] = 0;
 }
-setcchar(&curses_line[x], wch, at, 0, NULL);
+setcchar(&curses_line[x], wch, at, color_pair, NULL);
 }
 mvwadd_wchnstr(screenpad, y, 0, curses_line, width);
 }
-- 
2.18.1

[PULL 1/4] ui: Fix hanging up Cocoa display on macOS 10.15 (Catalina)

[Gerd Hoffmann]

From: Hikaru Nishida 

macOS API documentation says that before applicationDidFinishLaunching
is called, any events will not be processed. However, some events are
fired before it is called in macOS Catalina. This causes deadlock of
iothread_lock in handleEvent while it will be released after the
app_started_sem is posted.
This patch avoids processing events before the app_started_sem is
posted to prevent this deadlock.

Buglink: https://bugs.launchpad.net/qemu/+bug/1847906
Signed-off-by: Hikaru Nishida 
Message-id: 20191015010734.85229-1-hikaru...@gmail.com
Signed-off-by: Gerd Hoffmann 
---
 ui/cocoa.m | 12 
 1 file changed, 12 insertions(+)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index f12e21df6e10..fbb5b1b45f81 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -134,6 +134,7 @@ NSArray * supportedImageFileTypes;
 
 static QemuSemaphore display_init_sem;
 static QemuSemaphore app_started_sem;
+static bool allow_events;
 
 // Utility functions to run specified code block with iothread lock held
 typedef void (^CodeBlock)(void);
@@ -729,6 +730,16 @@ QemuCocoaView *cocoaView;
 
 - (bool) handleEvent:(NSEvent *)event
 {
+if(!allow_events) {
+/*
+ * Just let OSX have all events that arrive before
+ * applicationDidFinishLaunching.
+ * This avoids a deadlock on the iothread lock, which 
cocoa_display_init()
+ * will not drop until after the app_started_sem is posted. (In theory
+ * there should not be any such events, but OSX Catalina now emits 
some.)
+ */
+return false;
+}
 return bool_with_iothread_lock(^{
 return [self handleEventLocked:event];
 });
@@ -1156,6 +1167,7 @@ QemuCocoaView *cocoaView;
 - (void)applicationDidFinishLaunching: (NSNotification *) note
 {
 COCOA_DEBUG("QemuCocoaAppController: applicationDidFinishLaunching\n");
+allow_events = true;
 /* Tell cocoa_display_init to proceed */
 qemu_sem_post(&app_started_sem);
 }
-- 
2.18.1

[PATCH] tests/vm: update openbsd to release 6.6

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann 
---
 tests/vm/openbsd | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/vm/openbsd b/tests/vm/openbsd
index b92c39f89a6f..9f82cd459fde 100755
--- a/tests/vm/openbsd
+++ b/tests/vm/openbsd
@@ -22,8 +22,8 @@ class OpenBSDVM(basevm.BaseVM):
 name = "openbsd"
 arch = "x86_64"
 
-link = "https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/install65.iso";
-csum = "38d1f8cadd502f1c27bf05c5abde6cc505dd28f3f34f8a941048ff9a54f9f608"
+link = "https://cdn.openbsd.org/pub/OpenBSD/6.6/amd64/install66.iso";
+csum = "b22e63df56e6266de6bbeed8e9be0fbe9ee2291551c5bc03f3cc2e4ab9436ee3"
 size = "20G"
 pkgs = [
 # tools
-- 
2.18.1

Re: [PATCH v2 06/10] hw/arm/bcm2836: Create VideoCore address space in the SoC

[Philippe Mathieu-Daudé]

On 10/18/19 12:57 AM, Philippe Mathieu-Daudé wrote:

Currently the VideoCore is created in the Peripheral container
as the 'GPU bus'. It is created there because the peripherals
using DMA use physical addresses from the VideoCore bus.
However the VideoCore is a GPU core placed at the same
hierarchical level than the ARM cores.

To match the datasheet design, create the VideoCore container
in the SoC, and link it to the peripheral container.

The VideoCore bus is 1GiB wide, accessible at 4 regions in
different cache configurations. Add the full mapping.

[...]

diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index 019e67b906..d712f36052 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -9,6 +9,7 @@
   */
  
  #include "qemu/osdep.h"

+#include "qemu/units.h"
  #include "qapi/error.h"
  #include "qemu/module.h"
  #include "cpu.h"
@@ -16,6 +17,9 @@
  #include "hw/arm/raspi_platform.h"
  #include "hw/sysbus.h"
  
+/* Peripheral base address on the VC (GPU) system bus */

+#define BCM2835_VC_PERI_BASE0x3e00
+
  struct BCM283XInfo {
  const char *name;
  const char *cpu_type;
@@ -50,6 +54,21 @@ static void bcm2836_init(Object *obj)
  const BCM283XInfo *info = bc->info;
  int n;
  
+/* VideoCore memory region */

+memory_region_init(&s->videocore.mr[0], obj, "videocore-bus", 1 * GiB);
+object_property_add_child(obj, "videocore",
+  OBJECT(&s->videocore.mr[0]), NULL);
+for (n = 1; n < BCM283X_NCPUS; n++) {
+static const char *alias_name[] = {
+NULL, "cached-coherent", "cached", "uncached"
+};
+memory_region_init_alias(&s->videocore.mr[n], obj,
+ alias_name[n], &s->videocore.mr[0],
+ 0, 1 * GiB);


Please disregard this patch, something is incorrect here and I'll respin.


+memory_region_add_subregion_overlap(&s->videocore.mr[0], n * GiB,
+&s->videocore.mr[n], 0);
+}
+
  for (n = 0; n < BCM283X_NCPUS; n++) {
  object_initialize_child(obj, "cpu[*]", &s->cpus[n], 
sizeof(s->cpus[n]),
  info->cpu_type, &error_abort, NULL);
@@ -71,6 +90,7 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
  BCM283XState *s = BCM283X(dev);
  BCM283XClass *bc = BCM283X_GET_CLASS(dev);
  const BCM283XInfo *info = bc->info;
+MemoryRegion *ram_mr, *peri_mr;
  Object *obj;
  Error *err = NULL;
  int n;
@@ -83,26 +103,45 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
 __func__, error_get_pretty(err));
  return;
  }

[...]

Re: [PATCH 2/2] spapr/xive: Set the OS CAM line at reset

[Cédric Le Goater]

On 18/10/2019 11:42, Cédric Le Goater wrote:
> On 18/10/2019 05:55, David Gibson wrote:
>> On Thu, Oct 17, 2019 at 04:42:41PM +0200, Cédric Le Goater wrote:
>>> When a Virtual Processor is scheduled to run on a HW thread, the
>>> hypervisor pushes its identifier in the OS CAM line. When running in
>>> TCG or kernel_irqchip=off, QEMU needs to emulate the same behavior.
>>>
>>> Introduce a 'os-cam' property which will be used to set the OS CAM
>>> line at reset and remove the spapr_xive_set_tctx_os_cam() calls which
>>> are done when the XIVE interrupt controller are activated.
>>
>> I'm not immediately seeing the advantage of doing this via a property,
>> rather than poking it from the PAPR code which already knows the right
>> values.
> 
> we can simplify by passing the OS CAM line value as a parameter of the 
> xive_tctx_reset routine, as suggested by Greg.

and if we remove the reset handlers from XiveTCTX and rely only on the 
CPU reset handler to reset the presenter. 

C.

Re: Python 2 and test/vm/netbsd

[Gerd Hoffmann]

  Hi,

> > Running with V=1, I see packages being downloaded at reasonable speeds, but
> > there's a huge interval (of various minutes) between each package download.
> 
> I've found the cause for the slowness I'm seeing: for each file
> being downloaded, the guest spents at least 75 seconds trying to
> connect to the IPv6 address of ftp.NetBSD.org, before trying
> IPv4.

Ah, that nicely explains why it worked just fine for me.  First, I have
a local proxy configured so the installer isn't going to connect to
ftp.NetBSD.org directly.  Second I have IPv6 connectivity.

> I don't know if this is a NetBSD bug, or a slirp bug.

Both I'd say ...

First, by default slirp should not send IPv6 router announcements
to the user network if the host has no IPv6 connectivity.

Second, the recommended way to connect is to try ipv4 and ipv6 in
parallel, then use whatever connects first.  Web browsers typically
do it that way.  wget and curl don't do that though, they try one
address after the other, and I guess this is where the delay comes
from ...

cheers,
  Gerd

[PATCH] Do not use %m in common code to print error messages

[Thomas Huth]

The %m format specifier is an extension from glibc - and when compiling
QEMU for NetBSD, the compiler correctly complains, e.g.:

/home/qemu/qemu-test.ELjfrQ/src/util/main-loop.c: In function 'sigfd_handler':
/home/qemu/qemu-test.ELjfrQ/src/util/main-loop.c:64:13: warning: %m is only
 allowed in syslog(3) like functions [-Wformat=]
 printf("read from sigfd returned %zd: %m\n", len);
 ^
Let's use g_strerror() here instead, which is an easy-to-use wrapper
around the thread-safe strerror_r() function.

While we're at it, also convert the "printf()" in main-loop.c into
the preferred "error_report()".

Signed-off-by: Thomas Huth 
---
 hw/misc/tmp421.c | 8 ++--
 util/main-loop.c | 4 +++-
 util/systemd.c   | 5 +++--
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/hw/misc/tmp421.c b/hw/misc/tmp421.c
index 9f044705fa..f23c46a40a 100644
--- a/hw/misc/tmp421.c
+++ b/hw/misc/tmp421.c
@@ -120,7 +120,9 @@ static void tmp421_get_temperature(Object *obj, Visitor *v, 
const char *name,
 int tempid;
 
 if (sscanf(name, "temperature%d", &tempid) != 1) {
-error_setg(errp, "error reading %s: %m", name);
+const char *errmsg = g_strerror(errno);
+error_setg(errp, "error reading %s: %s", name, errmsg);
+g_free((gpointer)errmsg);
 return;
 }
 
@@ -160,7 +162,9 @@ static void tmp421_set_temperature(Object *obj, Visitor *v, 
const char *name,
 }
 
 if (sscanf(name, "temperature%d", &tempid) != 1) {
-error_setg(errp, "error reading %s: %m", name);
+const char *errmsg = g_strerror(errno);
+error_setg(errp, "error reading %s: %s", errmsg);
+g_free((gpointer)errmsg);
 return;
 }
 
diff --git a/util/main-loop.c b/util/main-loop.c
index e3eaa55866..e95d93fef3 100644
--- a/util/main-loop.c
+++ b/util/main-loop.c
@@ -61,7 +61,9 @@ static void sigfd_handler(void *opaque)
 }
 
 if (len != sizeof(info)) {
-printf("read from sigfd returned %zd: %m\n", len);
+const char *errmsg = g_strerror(errno);
+error_report("read from sigfd returned %zd: %s", len, errmsg);
+g_free((gpointer)errmsg);
 return;
 }
 
diff --git a/util/systemd.c b/util/systemd.c
index d22e86c707..17862c704f 100644
--- a/util/systemd.c
+++ b/util/systemd.c
@@ -59,9 +59,10 @@ unsigned int check_socket_activation(void)
  * descriptor is invalid, so socket activation has gone wrong
  * and we should exit.
  */
+const char *errmsg = g_strerror(errno);
 error_report("Socket activation failed: "
- "invalid file descriptor fd = %d: %m",
- fd);
+ "invalid file descriptor fd = %d: %s", fd, errmsg);
+g_free((gpointer)errmsg);
 exit(EXIT_FAILURE);
 }
 }
-- 
2.18.1

[PATCH v11 00/15] Introduce the microvm machine type

[Sergio Lopez]

microvm is a machine type inspired by Firecracker and constructed
after its machine model.

It's a minimalist machine type without PCI nor ACPI support, designed
for short-lived guests. microvm also establishes a baseline for
benchmarking and optimizing both QEMU and guest operating systems,
since it is optimized for both boot time and footprint.

---

Changelog
v11:
 - Remove leftovers from pre-v3 series in microvm.h (Marc-André
   Lureau)
 - Add a "Limitations" section to the documentation (Daniel
   P. Berrangé)
 - Remove "server" flag from an example in the documentation
   (Marc-André Lureau)
 
v10:
 - Fix typo in documentation and cover (Greg Kurz)
 - Fix commit message in patch 04/14 (Philippe Mathieu-Daudé)
 - Ensure "microvm" appears in lowercase everywhere except in
   MachineClass and MachineState struct derivatives (Philippe
   Mathieu-Daudé)
 - Add missing components to MICROVM config in Kconfig (Paolo Bonzini,
   Philippe Mathieu-Daudé)

v9:
 - Fix a typo in "[PATCH v9 05/15] hw/i386/pc: avoid an assignment in
   if condition in x86_load_linux()" (Philippe Mathieu-Daudé)
 - Replace qemu_strtol() with qemu_strtoui() to preserve the original
   type of video_mode (Philippe Mathieu-Daudé)

v8:
 - Split "[PATCH v7 03/12] hw/i386/pc: fix code style issues on
   functions that will be moved out" into four different patches
   (Philippe Mathieu-Daudé)

v7:
 - Fix code style issues on already present code touched by this patch
   series (Michael S. Tsirkin, Philippe Mathieu-Daudé)
 - Add new files to MAINTAINERS (Michael S. Tsirkin, Philippe
   Mathieu-Daudé)
 - Allow starting a microvm machine without a kernel image, fixing
   "qom-test" (Michael S. Tsirkin)
 - Change "bios-microvm.bin" mode to 0644 (Stefano Garzarella)
 - Remove unneeded "hw/i386/pc.h" include from x86.c (Stefano
   Garzarella)

v6:
 - Some style fixes (Philippe Mathieu-Daudé)
 - Fix a documentation bug stating that LAPIC was in userspace (Paolo
   Bonzini)
 - Update Xen HVM code after X86MachineState introduction (Philippe
   Mathieu-Daudé)
 - Rename header guard from QEMU_VIRTIO_MMIO_H to HW_VIRTIO_MMIO_H
   (Philippe Mathieu-Daudé)

v5:
 - Drop unneeded "[PATCH v4 2/8] hw/i386: Factorize e820 related
   functions" (Philippe Mathieu-Daudé)
 - Drop unneeded "[PATCH v4 1/8] hw/i386: Factorize PVH related
   functions" (Stefano Garzarella)
 - Split X86MachineState introduction into smaller patches (Philippe
   Mathieu-Daudé)
 - Change option-roms to x-option-roms and kernel-cmdline to
   auto-kernel-cmdline (Paolo Bonzini)
 - Make i8259 PIT and i8254 PIC optional (Paolo Bonzini)
 - Some fixes to the documentation (Paolo Bonzini)
 - Switch documentation format from txt to rst (Peter Maydell)
 - Move NMI interface to X86_MACHINE (Philippe Mathieu-Daudé, Paolo
   Bonzini)

v4:
 - This is a complete rewrite of the whole patchset, with a focus on
   reusing as much existing code as possible to ease the maintenance burden
   and making the machine type as compatible as possible by default. As
   a result, the number of lines dedicated specifically to microvm is
   383 (code lines measured by "cloc") and, with the default
   configuration, it's now able to boot both PVH ELF images and
   bzImages with either SeaBIOS or qboot.

v3:
  - Add initrd support (thanks Stefano).

v2:
  - Drop "[PATCH 1/4] hw/i386: Factorize CPU routine".
  - Simplify machine definition (thanks Eduardo).
  - Remove use of unneeded NUMA-related callbacks (thanks Eduardo).
  - Add a patch to factorize PVH-related functions.
  - Replace use of Linux's Zero Page with PVH (thanks Maran and Paolo).

---

Sergio Lopez (15):
  hw/virtio: Factorize virtio-mmio headers
  hw/i386/pc: rename functions shared with non-PC machines
  hw/i386/pc: fix code style issues on functions that will be moved out
  hw/i386/pc: replace use of strtol with qemu_strtoui in
x86_load_linux()
  hw/i386/pc: avoid an assignment in if condition in x86_load_linux()
  hw/i386/pc: remove commented out code from x86_load_linux()
  hw/i386/pc: move shared x86 functions to x86.c and export them
  hw/i386: split PCMachineState deriving X86MachineState from it
  hw/i386: make x86.c independent from PCMachineState
  fw_cfg: add "modify" functions for all types
  hw/intc/apic: reject pic ints if isa_pic == NULL
  roms: add microvm-bios (qboot) as binary and git submodule
  docs/microvm.rst: document the new microvm machine type
  hw/i386: Introduce the microvm machine type
  MAINTAINERS: add microvm related files

 docs/microvm.rst | 108 +
 default-configs/i386-softmmu.mak |   1 +
 include/hw/i386/microvm.h|  71 +++
 include/hw/i386/pc.h |  28 +-
 include/hw/i386/x86.h|  96 
 include/hw/nvram/fw_cfg.h|  42 ++
 include/hw/virtio/virtio-mmio.h  |  73 +++
 hw/acpi/cpu_hotplug.c|  10 +-
 hw/i386/acpi-build.c |  29 +-
 hw/i386/amd_iommu.c  |   3 +-
 hw/i386/intel_iommu.c|   3 +-
 hw/i386/microvm.c

[PATCH v11 01/15] hw/virtio: Factorize virtio-mmio headers

[Sergio Lopez]

Put QOM and main struct definition in a separate header file, so it
can be accessed from other components.

Signed-off-by: Sergio Lopez 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael S. Tsirkin 
---
 include/hw/virtio/virtio-mmio.h | 73 +
 hw/virtio/virtio-mmio.c | 48 +-
 2 files changed, 74 insertions(+), 47 deletions(-)
 create mode 100644 include/hw/virtio/virtio-mmio.h

diff --git a/include/hw/virtio/virtio-mmio.h b/include/hw/virtio/virtio-mmio.h
new file mode 100644
index 00..7dbfd03dcf
--- /dev/null
+++ b/include/hw/virtio/virtio-mmio.h
@@ -0,0 +1,73 @@
+/*
+ * Virtio MMIO bindings
+ *
+ * Copyright (c) 2011 Linaro Limited
+ *
+ * Author:
+ *  Peter Maydell 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#ifndef HW_VIRTIO_MMIO_H
+#define HW_VIRTIO_MMIO_H
+
+#include "hw/virtio/virtio-bus.h"
+
+/* QOM macros */
+/* virtio-mmio-bus */
+#define TYPE_VIRTIO_MMIO_BUS "virtio-mmio-bus"
+#define VIRTIO_MMIO_BUS(obj) \
+OBJECT_CHECK(VirtioBusState, (obj), TYPE_VIRTIO_MMIO_BUS)
+#define VIRTIO_MMIO_BUS_GET_CLASS(obj) \
+OBJECT_GET_CLASS(VirtioBusClass, (obj), TYPE_VIRTIO_MMIO_BUS)
+#define VIRTIO_MMIO_BUS_CLASS(klass) \
+OBJECT_CLASS_CHECK(VirtioBusClass, (klass), TYPE_VIRTIO_MMIO_BUS)
+
+/* virtio-mmio */
+#define TYPE_VIRTIO_MMIO "virtio-mmio"
+#define VIRTIO_MMIO(obj) \
+OBJECT_CHECK(VirtIOMMIOProxy, (obj), TYPE_VIRTIO_MMIO)
+
+#define VIRT_MAGIC 0x74726976 /* 'virt' */
+#define VIRT_VERSION 2
+#define VIRT_VERSION_LEGACY 1
+#define VIRT_VENDOR 0x554D4551 /* 'QEMU' */
+
+typedef struct VirtIOMMIOQueue {
+uint16_t num;
+bool enabled;
+uint32_t desc[2];
+uint32_t avail[2];
+uint32_t used[2];
+} VirtIOMMIOQueue;
+
+typedef struct {
+/* Generic */
+SysBusDevice parent_obj;
+MemoryRegion iomem;
+qemu_irq irq;
+bool legacy;
+/* Guest accessible state needing migration and reset */
+uint32_t host_features_sel;
+uint32_t guest_features_sel;
+uint32_t guest_page_shift;
+/* virtio-bus */
+VirtioBusState bus;
+bool format_transport_address;
+/* Fields only used for non-legacy (v2) devices */
+uint32_t guest_features[2];
+VirtIOMMIOQueue vqs[VIRTIO_QUEUE_MAX];
+} VirtIOMMIOProxy;
+
+#endif
diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
index 3d5ca0f667..94d934c44b 100644
--- a/hw/virtio/virtio-mmio.c
+++ b/hw/virtio/virtio-mmio.c
@@ -29,57 +29,11 @@
 #include "qemu/host-utils.h"
 #include "qemu/module.h"
 #include "sysemu/kvm.h"
-#include "hw/virtio/virtio-bus.h"
+#include "hw/virtio/virtio-mmio.h"
 #include "qemu/error-report.h"
 #include "qemu/log.h"
 #include "trace.h"
 
-/* QOM macros */
-/* virtio-mmio-bus */
-#define TYPE_VIRTIO_MMIO_BUS "virtio-mmio-bus"
-#define VIRTIO_MMIO_BUS(obj) \
-OBJECT_CHECK(VirtioBusState, (obj), TYPE_VIRTIO_MMIO_BUS)
-#define VIRTIO_MMIO_BUS_GET_CLASS(obj) \
-OBJECT_GET_CLASS(VirtioBusClass, (obj), TYPE_VIRTIO_MMIO_BUS)
-#define VIRTIO_MMIO_BUS_CLASS(klass) \
-OBJECT_CLASS_CHECK(VirtioBusClass, (klass), TYPE_VIRTIO_MMIO_BUS)
-
-/* virtio-mmio */
-#define TYPE_VIRTIO_MMIO "virtio-mmio"
-#define VIRTIO_MMIO(obj) \
-OBJECT_CHECK(VirtIOMMIOProxy, (obj), TYPE_VIRTIO_MMIO)
-
-#define VIRT_MAGIC 0x74726976 /* 'virt' */
-#define VIRT_VERSION 2
-#define VIRT_VERSION_LEGACY 1
-#define VIRT_VENDOR 0x554D4551 /* 'QEMU' */
-
-typedef struct VirtIOMMIOQueue {
-uint16_t num;
-bool enabled;
-uint32_t desc[2];
-uint32_t avail[2];
-uint32_t used[2];
-} VirtIOMMIOQueue;
-
-typedef struct {
-/* Generic */
-SysBusDevice parent_obj;
-MemoryRegion iomem;
-qemu_irq irq;
-bool legacy;
-/* Guest accessible state needing migration and reset */
-uint32_t host_features_sel;
-uint32_t guest_features_sel;
-uint32_t guest_page_shift;
-/* virtio-bus */
-VirtioBusState bus;
-bool format_transport_address;
-/* Fields only used for non-legacy (v2) devices */
-uint32_t guest_features[2];
-VirtIOMMIOQueue vqs[VIRTIO_QUEUE_MAX];
-} VirtIOMMIOProxy;
-
 static bool virtio_mmio_ioeventfd_enabled(DeviceState *d)
 {
 return kvm_eventfds_enabled();
-- 
2.21.0

[PATCH v11 02/15] hw/i386/pc: rename functions shared with non-PC machines

[Sergio Lopez]

The following functions are named *pc* but are not PC-machine specific
but generic to the X86 architecture, rename them:

  load_linux -> x86_load_linux
  pc_new_cpu -> x86_new_cpu
  pc_cpus_init   -> x86_cpus_init
  pc_cpu_index_to_props  -> x86_cpu_index_to_props
  pc_get_default_cpu_node_id -> x86_get_default_cpu_node_id
  pc_possible_cpu_arch_ids   -> x86_possible_cpu_arch_ids
  old_pc_system_rom_init -> x86_system_rom_init

Signed-off-by: Sergio Lopez 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefano Garzarella 
Reviewed-by: Michael S. Tsirkin 
---
 include/hw/i386/pc.h |  2 +-
 hw/i386/pc.c | 28 ++--
 hw/i386/pc_piix.c|  2 +-
 hw/i386/pc_q35.c |  2 +-
 hw/i386/pc_sysfw.c   |  6 +++---
 5 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 6df4f4b6fb..d12f42e9e5 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -195,7 +195,7 @@ bool pc_machine_is_smm_enabled(PCMachineState *pcms);
 void pc_register_ferr_irq(qemu_irq irq);
 void pc_acpi_smi_interrupt(void *opaque, int irq, int level);
 
-void pc_cpus_init(PCMachineState *pcms);
+void x86_cpus_init(PCMachineState *pcms);
 void pc_hot_add_cpu(MachineState *ms, const int64_t id, Error **errp);
 void pc_smp_parse(MachineState *ms, QemuOpts *opts);
 
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index bcda50efcc..fd08c6704b 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1019,8 +1019,8 @@ static bool load_elfboot(const char *kernel_filename,
 return true;
 }
 
-static void load_linux(PCMachineState *pcms,
-   FWCfgState *fw_cfg)
+static void x86_load_linux(PCMachineState *pcms,
+   FWCfgState *fw_cfg)
 {
 uint16_t protocol;
 int setup_size, kernel_size, cmdline_size;
@@ -1374,7 +1374,7 @@ void pc_acpi_smi_interrupt(void *opaque, int irq, int 
level)
 }
 }
 
-static void pc_new_cpu(PCMachineState *pcms, int64_t apic_id, Error **errp)
+static void x86_cpu_new(PCMachineState *pcms, int64_t apic_id, Error **errp)
 {
 Object *cpu = NULL;
 Error *local_err = NULL;
@@ -1490,14 +1490,14 @@ void pc_hot_add_cpu(MachineState *ms, const int64_t id, 
Error **errp)
 return;
 }
 
-pc_new_cpu(PC_MACHINE(ms), apic_id, &local_err);
+x86_cpu_new(PC_MACHINE(ms), apic_id, &local_err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
 }
 }
 
-void pc_cpus_init(PCMachineState *pcms)
+void x86_cpus_init(PCMachineState *pcms)
 {
 int i;
 const CPUArchIdList *possible_cpus;
@@ -1518,7 +1518,7 @@ void pc_cpus_init(PCMachineState *pcms)
  ms->smp.max_cpus - 1) + 1;
 possible_cpus = mc->possible_cpu_arch_ids(ms);
 for (i = 0; i < ms->smp.cpus; i++) {
-pc_new_cpu(pcms, possible_cpus->cpus[i].arch_id, &error_fatal);
+x86_cpu_new(pcms, possible_cpus->cpus[i].arch_id, &error_fatal);
 }
 }
 
@@ -1621,7 +1621,7 @@ void xen_load_linux(PCMachineState *pcms)
 fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, pcms->boot_cpus);
 rom_set_fw(fw_cfg);
 
-load_linux(pcms, fw_cfg);
+x86_load_linux(pcms, fw_cfg);
 for (i = 0; i < nb_option_roms; i++) {
 assert(!strcmp(option_rom[i].name, "linuxboot.bin") ||
!strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
@@ -1756,7 +1756,7 @@ void pc_memory_init(PCMachineState *pcms,
 }
 
 if (linux_boot) {
-load_linux(pcms, fw_cfg);
+x86_load_linux(pcms, fw_cfg);
 }
 
 for (i = 0; i < nb_option_roms; i++) {
@@ -2678,7 +2678,7 @@ static void pc_machine_wakeup(MachineState *machine)
 }
 
 static CpuInstanceProperties
-pc_cpu_index_to_props(MachineState *ms, unsigned cpu_index)
+x86_cpu_index_to_props(MachineState *ms, unsigned cpu_index)
 {
 MachineClass *mc = MACHINE_GET_CLASS(ms);
 const CPUArchIdList *possible_cpus = mc->possible_cpu_arch_ids(ms);
@@ -2687,7 +2687,7 @@ pc_cpu_index_to_props(MachineState *ms, unsigned 
cpu_index)
 return possible_cpus->cpus[cpu_index].props;
 }
 
-static int64_t pc_get_default_cpu_node_id(const MachineState *ms, int idx)
+static int64_t x86_get_default_cpu_node_id(const MachineState *ms, int idx)
 {
X86CPUTopoInfo topo;
PCMachineState *pcms = PC_MACHINE(ms);
@@ -2699,7 +2699,7 @@ static int64_t pc_get_default_cpu_node_id(const 
MachineState *ms, int idx)
return topo.pkg_id % ms->numa_state->num_nodes;
 }
 
-static const CPUArchIdList *pc_possible_cpu_arch_ids(MachineState *ms)
+static const CPUArchIdList *x86_possible_cpu_arch_ids(MachineState *ms)
 {
 PCMachineState *pcms = PC_MACHINE(ms);
 int i;
@@ -2801,9 +2801,9 @@ static void pc_machine_class_init(ObjectClass *oc, void 
*data)
 assert(!mc->get_hotplug_handler);
 mc->get_hotplug_handler = pc_get_hotplug_handler;
 mc->hotplug_allowed = pc_hotplug_allowed;
- 

[PATCH v11 03/15] hw/i386/pc: fix code style issues on functions that will be moved out

[Sergio Lopez]

Fix code style issues detected by checkpatch.pl on functions that will
be moved out to x86.c.

Signed-off-by: Sergio Lopez 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Marc-André Lureau 
---
 hw/i386/pc.c | 53 
 1 file changed, 29 insertions(+), 24 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index fd08c6704b..77e86bfc3d 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -866,7 +866,8 @@ static void handle_a20_line_change(void *opaque, int irq, 
int level)
 x86_cpu_set_a20(cpu, level);
 }
 
-/* Calculates initial APIC ID for a specific CPU index
+/*
+ * Calculates initial APIC ID for a specific CPU index
  *
  * Currently we need to be able to calculate the APIC ID from the CPU index
  * alone (without requiring a CPU object), as the QEMU<->Seabios interfaces 
have
@@ -1039,7 +1040,7 @@ static void x86_load_linux(PCMachineState *pcms,
 const char *kernel_cmdline = machine->kernel_cmdline;
 
 /* Align to 16 bytes as a paranoia measure */
-cmdline_size = (strlen(kernel_cmdline)+16) & ~15;
+cmdline_size = (strlen(kernel_cmdline) + 16) & ~15;
 
 /* load the kernel header */
 f = fopen(kernel_filename, "rb");
@@ -1055,8 +1056,8 @@ static void x86_load_linux(PCMachineState *pcms,
 #if 0
 fprintf(stderr, "header magic: %#x\n", ldl_p(header+0x202));
 #endif
-if (ldl_p(header+0x202) == 0x53726448) {
-protocol = lduw_p(header+0x206);
+if (ldl_p(header + 0x202) == 0x53726448) {
+protocol = lduw_p(header + 0x206);
 } else {
 /*
  * This could be a multiboot kernel. If it is, let's stop treating it
@@ -1158,7 +1159,7 @@ static void x86_load_linux(PCMachineState *pcms,
 
 /* highest address for loading the initrd */
 if (protocol >= 0x20c &&
-lduw_p(header+0x236) & XLF_CAN_BE_LOADED_ABOVE_4G) {
+lduw_p(header + 0x236) & XLF_CAN_BE_LOADED_ABOVE_4G) {
 /*
  * Linux has supported initrd up to 4 GB for a very long time (2007,
  * long before XLF_CAN_BE_LOADED_ABOVE_4G which was added in 2013),
@@ -1177,7 +1178,7 @@ static void x86_load_linux(PCMachineState *pcms,
  */
 initrd_max = UINT32_MAX;
 } else if (protocol >= 0x203) {
-initrd_max = ldl_p(header+0x22c);
+initrd_max = ldl_p(header + 0x22c);
 } else {
 initrd_max = 0x37ff;
 }
@@ -1187,14 +1188,14 @@ static void x86_load_linux(PCMachineState *pcms,
 }
 
 fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_ADDR, cmdline_addr);
-fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, strlen(kernel_cmdline)+1);
+fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, strlen(kernel_cmdline) + 1);
 fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA, kernel_cmdline);
 
 if (protocol >= 0x202) {
-stl_p(header+0x228, cmdline_addr);
+stl_p(header + 0x228, cmdline_addr);
 } else {
-stw_p(header+0x20, 0xA33F);
-stw_p(header+0x22, cmdline_addr-real_addr);
+stw_p(header + 0x20, 0xA33F);
+stw_p(header + 0x22, cmdline_addr - real_addr);
 }
 
 /* handle vga= parameter */
@@ -1212,20 +1213,22 @@ static void x86_load_linux(PCMachineState *pcms,
 } else {
 video_mode = strtol(vmode, NULL, 0);
 }
-stw_p(header+0x1fa, video_mode);
+stw_p(header + 0x1fa, video_mode);
 }
 
 /* loader type */
-/* High nybble = B reserved for QEMU; low nybble is revision number.
-   If this code is substantially changed, you may want to consider
-   incrementing the revision. */
+/*
+ * High nybble = B reserved for QEMU; low nybble is revision number.
+ * If this code is substantially changed, you may want to consider
+ * incrementing the revision.
+ */
 if (protocol >= 0x200) {
 header[0x210] = 0xB0;
 }
 /* heap */
 if (protocol >= 0x201) {
-header[0x211] |= 0x80; /* CAN_USE_HEAP */
-stw_p(header+0x224, cmdline_addr-real_addr-0x200);
+header[0x211] |= 0x80; /* CAN_USE_HEAP */
+stw_p(header + 0x224, cmdline_addr - real_addr - 0x200);
 }
 
 /* load initrd */
@@ -1257,14 +1260,14 @@ static void x86_load_linux(PCMachineState *pcms,
 exit(1);
 }
 
-initrd_addr = (initrd_max-initrd_size) & ~4095;
+initrd_addr = (initrd_max - initrd_size) & ~4095;
 
 fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, initrd_addr);
 fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
 fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, initrd_data, initrd_size);
 
-stl_p(header+0x218, initrd_addr);
-stl_p(header+0x21c, initrd_size);
+stl_p(header + 0x218, initrd_addr);
+stl_p(header + 0x21c, initrd_size);
 }
 
 /* load kernel and setup */
@@ -1272,7 +1275,7 @@ static void x86_load_linux(PCMachineState *pcms,
 if (setup_size == 0) {
 setup_size = 4;
 }
-setup_size = (setup_size+1)*512;
+setup_size 

[PATCH v11 04/15] hw/i386/pc: replace use of strtol with qemu_strtoui in x86_load_linux()

[Sergio Lopez]

Follow checkpatch.pl recommendation and replace the use of strtol with
qemu_strtoui in x86_load_linux().

Signed-off-by: Sergio Lopez 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Marc-André Lureau 
---
 hw/i386/pc.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 77e86bfc3d..c8608b8007 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -68,6 +68,7 @@
 #include "qemu/config-file.h"
 #include "qemu/error-report.h"
 #include "qemu/option.h"
+#include "qemu/cutils.h"
 #include "hw/acpi/acpi.h"
 #include "hw/acpi/cpu_hotplug.h"
 #include "hw/boards.h"
@@ -1202,6 +1203,7 @@ static void x86_load_linux(PCMachineState *pcms,
 vmode = strstr(kernel_cmdline, "vga=");
 if (vmode) {
 unsigned int video_mode;
+int ret;
 /* skip "vga=" */
 vmode += 4;
 if (!strncmp(vmode, "normal", 6)) {
@@ -1211,7 +1213,12 @@ static void x86_load_linux(PCMachineState *pcms,
 } else if (!strncmp(vmode, "ask", 3)) {
 video_mode = 0xfffd;
 } else {
-video_mode = strtol(vmode, NULL, 0);
+ret = qemu_strtoui(vmode, NULL, 0, &video_mode);
+if (ret != 0) {
+fprintf(stderr, "qemu: can't parse 'vga' parameter: %s\n",
+strerror(-ret));
+exit(1);
+}
 }
 stw_p(header + 0x1fa, video_mode);
 }
-- 
2.21.0

[PATCH v11 10/15] fw_cfg: add "modify" functions for all types

[Sergio Lopez]

This allows to alter the contents of an already added item.

Signed-off-by: Sergio Lopez 
Reviewed-by: Michael S. Tsirkin 
Reviewed-by: Marc-André Lureau 
---
 include/hw/nvram/fw_cfg.h | 42 +++
 hw/nvram/fw_cfg.c | 29 +++
 2 files changed, 71 insertions(+)

diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index 80e435d303..b5291eefad 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -98,6 +98,20 @@ void fw_cfg_add_bytes(FWCfgState *s, uint16_t key, void 
*data, size_t len);
  */
 void fw_cfg_add_string(FWCfgState *s, uint16_t key, const char *value);
 
+/**
+ * fw_cfg_modify_string:
+ * @s: fw_cfg device being modified
+ * @key: selector key value for new fw_cfg item
+ * @value: NUL-terminated ascii string
+ *
+ * Replace the fw_cfg item available by selecting the given key. The new
+ * data will consist of a dynamically allocated copy of the provided string,
+ * including its NUL terminator. The data being replaced, assumed to have
+ * been dynamically allocated during an earlier call to either
+ * fw_cfg_add_string() or fw_cfg_modify_string(), is freed before returning.
+ */
+void fw_cfg_modify_string(FWCfgState *s, uint16_t key, const char *value);
+
 /**
  * fw_cfg_add_i16:
  * @s: fw_cfg device being modified
@@ -136,6 +150,20 @@ void fw_cfg_modify_i16(FWCfgState *s, uint16_t key, 
uint16_t value);
  */
 void fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t value);
 
+/**
+ * fw_cfg_modify_i32:
+ * @s: fw_cfg device being modified
+ * @key: selector key value for new fw_cfg item
+ * @value: 32-bit integer
+ *
+ * Replace the fw_cfg item available by selecting the given key. The new
+ * data will consist of a dynamically allocated copy of the given 32-bit
+ * value, converted to little-endian representation. The data being replaced,
+ * assumed to have been dynamically allocated during an earlier call to
+ * either fw_cfg_add_i32() or fw_cfg_modify_i32(), is freed before returning.
+ */
+void fw_cfg_modify_i32(FWCfgState *s, uint16_t key, uint32_t value);
+
 /**
  * fw_cfg_add_i64:
  * @s: fw_cfg device being modified
@@ -148,6 +176,20 @@ void fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t 
value);
  */
 void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value);
 
+/**
+ * fw_cfg_modify_i64:
+ * @s: fw_cfg device being modified
+ * @key: selector key value for new fw_cfg item
+ * @value: 64-bit integer
+ *
+ * Replace the fw_cfg item available by selecting the given key. The new
+ * data will consist of a dynamically allocated copy of the given 64-bit
+ * value, converted to little-endian representation. The data being replaced,
+ * assumed to have been dynamically allocated during an earlier call to
+ * either fw_cfg_add_i64() or fw_cfg_modify_i64(), is freed before returning.
+ */
+void fw_cfg_modify_i64(FWCfgState *s, uint16_t key, uint64_t value);
+
 /**
  * fw_cfg_add_file:
  * @s: fw_cfg device being modified
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 7dc3ac378e..aef1727250 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -690,6 +690,15 @@ void fw_cfg_add_string(FWCfgState *s, uint16_t key, const 
char *value)
 fw_cfg_add_bytes(s, key, g_memdup(value, sz), sz);
 }
 
+void fw_cfg_modify_string(FWCfgState *s, uint16_t key, const char *value)
+{
+size_t sz = strlen(value) + 1;
+char *old;
+
+old = fw_cfg_modify_bytes_read(s, key, g_memdup(value, sz), sz);
+g_free(old);
+}
+
 void fw_cfg_add_i16(FWCfgState *s, uint16_t key, uint16_t value)
 {
 uint16_t *copy;
@@ -720,6 +729,16 @@ void fw_cfg_add_i32(FWCfgState *s, uint16_t key, uint32_t 
value)
 fw_cfg_add_bytes(s, key, copy, sizeof(value));
 }
 
+void fw_cfg_modify_i32(FWCfgState *s, uint16_t key, uint32_t value)
+{
+uint32_t *copy, *old;
+
+copy = g_malloc(sizeof(value));
+*copy = cpu_to_le32(value);
+old = fw_cfg_modify_bytes_read(s, key, copy, sizeof(value));
+g_free(old);
+}
+
 void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t value)
 {
 uint64_t *copy;
@@ -730,6 +749,16 @@ void fw_cfg_add_i64(FWCfgState *s, uint16_t key, uint64_t 
value)
 fw_cfg_add_bytes(s, key, copy, sizeof(value));
 }
 
+void fw_cfg_modify_i64(FWCfgState *s, uint16_t key, uint64_t value)
+{
+uint64_t *copy, *old;
+
+copy = g_malloc(sizeof(value));
+*copy = cpu_to_le64(value);
+old = fw_cfg_modify_bytes_read(s, key, copy, sizeof(value));
+g_free(old);
+}
+
 void fw_cfg_set_order_override(FWCfgState *s, int order)
 {
 assert(s->fw_cfg_order_override == 0);
-- 
2.21.0

[PATCH v11 14/15] hw/i386: Introduce the microvm machine type

[Sergio Lopez]

microvm is a machine type inspired by Firecracker and constructed
after its machine model.

It's a minimalist machine type without PCI nor ACPI support, designed
for short-lived guests. microvm also establishes a baseline for
benchmarking and optimizing both QEMU and guest operating systems,
since it is optimized for both boot time and footprint.

Signed-off-by: Sergio Lopez 
Reviewed-by: Michael S. Tsirkin 
---
 default-configs/i386-softmmu.mak |   1 +
 include/hw/i386/microvm.h|  71 
 hw/i386/microvm.c| 572 +++
 hw/i386/Kconfig  |  10 +
 hw/i386/Makefile.objs|   1 +
 5 files changed, 655 insertions(+)
 create mode 100644 include/hw/i386/microvm.h
 create mode 100644 hw/i386/microvm.c

diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index 4229900f57..4cc64dafa2 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -28,3 +28,4 @@
 CONFIG_ISAPC=y
 CONFIG_I440FX=y
 CONFIG_Q35=y
+CONFIG_MICROVM=y
diff --git a/include/hw/i386/microvm.h b/include/hw/i386/microvm.h
new file mode 100644
index 00..ba68d1f22b
--- /dev/null
+++ b/include/hw/i386/microvm.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2018 Intel Corporation
+ * Copyright (c) 2019 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_I386_MICROVM_H
+#define HW_I386_MICROVM_H
+
+#include "qemu-common.h"
+#include "exec/hwaddr.h"
+#include "qemu/notify.h"
+
+#include "hw/boards.h"
+#include "hw/i386/x86.h"
+
+/* Platform virtio definitions */
+#define VIRTIO_MMIO_BASE  0xc000
+#define VIRTIO_IRQ_BASE   5
+#define VIRTIO_NUM_TRANSPORTS 8
+#define VIRTIO_CMDLINE_MAXLEN 64
+
+/* Machine type options */
+#define MICROVM_MACHINE_PIT "pit"
+#define MICROVM_MACHINE_PIC "pic"
+#define MICROVM_MACHINE_RTC "rtc"
+#define MICROVM_MACHINE_ISA_SERIAL  "isa-serial"
+#define MICROVM_MACHINE_OPTION_ROMS "x-option-roms"
+#define MICROVM_MACHINE_AUTO_KERNEL_CMDLINE "auto-kernel-cmdline"
+
+typedef struct {
+X86MachineClass parent;
+HotplugHandler *(*orig_hotplug_handler)(MachineState *machine,
+   DeviceState *dev);
+} MicrovmMachineClass;
+
+typedef struct {
+X86MachineState parent;
+
+/* Machine type options */
+OnOffAuto pic;
+OnOffAuto pit;
+OnOffAuto rtc;
+bool isa_serial;
+bool option_roms;
+bool auto_kernel_cmdline;
+
+/* Machine state */
+bool kernel_cmdline_fixed;
+} MicrovmMachineState;
+
+#define TYPE_MICROVM_MACHINE   MACHINE_TYPE_NAME("microvm")
+#define MICROVM_MACHINE(obj) \
+OBJECT_CHECK(MicrovmMachineState, (obj), TYPE_MICROVM_MACHINE)
+#define MICROVM_MACHINE_GET_CLASS(obj) \
+OBJECT_GET_CLASS(MicrovmMachineClass, obj, TYPE_MICROVM_MACHINE)
+#define MICROVM_MACHINE_CLASS(class) \
+OBJECT_CLASS_CHECK(MicrovmMachineClass, class, TYPE_MICROVM_MACHINE)
+
+#endif
diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
new file mode 100644
index 00..20d2189ea8
--- /dev/null
+++ b/hw/i386/microvm.c
@@ -0,0 +1,572 @@
+/*
+ * Copyright (c) 2018 Intel Corporation
+ * Copyright (c) 2019 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "qemu/cutils.h"
+#include "qemu/units.h"
+#include "qapi/error.h"
+#include "qapi/visitor.h"
+#include "qapi/qapi-visit-common.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/cpus.h"
+#include "sysemu/numa.h"
+#include "sysemu/reset.h"
+
+#include "hw/loader.h"
+#include "hw/irq.h"
+#include "hw/kvm/clock.h"
+#include "hw/i386/microvm.h"
+#include "hw/i386/x86.h"
+#include "hw/i386/pc.h"
+#include "target/i386/cpu.h"
+#include "hw/timer/i8254.h"
+#include "hw/timer/mc146818rtc.h"

[PATCH v11 05/15] hw/i386/pc: avoid an assignment in if condition in x86_load_linux()

[Sergio Lopez]

Follow checkpatch.pl recommendation and avoid an assignment in if
condition in x86_load_linux().

Signed-off-by: Sergio Lopez 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/i386/pc.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index c8608b8007..90c2263a33 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1045,7 +1045,14 @@ static void x86_load_linux(PCMachineState *pcms,
 
 /* load the kernel header */
 f = fopen(kernel_filename, "rb");
-if (!f || !(kernel_size = get_file_size(f)) ||
+if (!f) {
+fprintf(stderr, "qemu: could not open kernel file '%s': %s\n",
+kernel_filename, strerror(errno));
+exit(1);
+}
+
+kernel_size = get_file_size(f);
+if (!kernel_size ||
 fread(header, 1, MIN(ARRAY_SIZE(header), kernel_size), f) !=
 MIN(ARRAY_SIZE(header), kernel_size)) {
 fprintf(stderr, "qemu: could not load kernel '%s': %s\n",
-- 
2.21.0

Re: [PATCH] Do not use %m in common code to print error messages

[Daniel P . Berrangé]

On Fri, Oct 18, 2019 at 12:44:38PM +0200, Thomas Huth wrote:
> The %m format specifier is an extension from glibc - and when compiling
> QEMU for NetBSD, the compiler correctly complains, e.g.:
> 
> /home/qemu/qemu-test.ELjfrQ/src/util/main-loop.c: In function 'sigfd_handler':
> /home/qemu/qemu-test.ELjfrQ/src/util/main-loop.c:64:13: warning: %m is only
>  allowed in syslog(3) like functions [-Wformat=]
>  printf("read from sigfd returned %zd: %m\n", len);
>  ^
> Let's use g_strerror() here instead, which is an easy-to-use wrapper
> around the thread-safe strerror_r() function.
> 
> While we're at it, also convert the "printf()" in main-loop.c into
> the preferred "error_report()".
> 
> Signed-off-by: Thomas Huth 
> ---
>  hw/misc/tmp421.c | 8 ++--
>  util/main-loop.c | 4 +++-
>  util/systemd.c   | 5 +++--
>  3 files changed, 12 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/misc/tmp421.c b/hw/misc/tmp421.c
> index 9f044705fa..f23c46a40a 100644
> --- a/hw/misc/tmp421.c
> +++ b/hw/misc/tmp421.c
> @@ -120,7 +120,9 @@ static void tmp421_get_temperature(Object *obj, Visitor 
> *v, const char *name,
>  int tempid;
>  
>  if (sscanf(name, "temperature%d", &tempid) != 1) {
> -error_setg(errp, "error reading %s: %m", name);
> +const char *errmsg = g_strerror(errno);
> +error_setg(errp, "error reading %s: %s", name, errmsg);
> +g_free((gpointer)errmsg);

Kaboom crash. This is trying to free a const string that is the caller
doesn't own. It remains under ownership of g_strerror forever.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[PATCH v11 07/15] hw/i386/pc: move shared x86 functions to x86.c and export them

[Sergio Lopez]

Move x86 functions that will be shared between PC and non-PC machine
types to x86.c, along with their helpers.

Signed-off-by: Sergio Lopez 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefano Garzarella 
Reviewed-by: Michael S. Tsirkin 
---
 include/hw/i386/pc.h  |   1 -
 include/hw/i386/x86.h |  35 +++
 hw/i386/pc.c  | 587 +--
 hw/i386/pc_piix.c |   1 +
 hw/i386/pc_q35.c  |   1 +
 hw/i386/pc_sysfw.c|  56 +---
 hw/i386/x86.c | 690 ++
 hw/i386/Makefile.objs |   1 +
 8 files changed, 730 insertions(+), 642 deletions(-)
 create mode 100644 include/hw/i386/x86.h
 create mode 100644 hw/i386/x86.c

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index d12f42e9e5..73e2847e87 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -195,7 +195,6 @@ bool pc_machine_is_smm_enabled(PCMachineState *pcms);
 void pc_register_ferr_irq(qemu_irq irq);
 void pc_acpi_smi_interrupt(void *opaque, int irq, int level);
 
-void x86_cpus_init(PCMachineState *pcms);
 void pc_hot_add_cpu(MachineState *ms, const int64_t id, Error **errp);
 void pc_smp_parse(MachineState *ms, QemuOpts *opts);
 
diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
new file mode 100644
index 00..71e2b6985d
--- /dev/null
+++ b/include/hw/i386/x86.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2019 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_I386_X86_H
+#define HW_I386_X86_H
+
+#include "hw/boards.h"
+
+uint32_t x86_cpu_apic_id_from_index(PCMachineState *pcms,
+unsigned int cpu_index);
+void x86_cpu_new(PCMachineState *pcms, int64_t apic_id, Error **errp);
+void x86_cpus_init(PCMachineState *pcms);
+CpuInstanceProperties x86_cpu_index_to_props(MachineState *ms,
+ unsigned cpu_index);
+int64_t x86_get_default_cpu_node_id(const MachineState *ms, int idx);
+const CPUArchIdList *x86_possible_cpu_arch_ids(MachineState *ms);
+
+void x86_bios_rom_init(MemoryRegion *rom_memory, bool isapc_ram_fw);
+
+void x86_load_linux(PCMachineState *x86ms, FWCfgState *fw_cfg);
+
+#endif
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 612bfe9c95..05de536a2b 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -24,6 +24,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu/units.h"
+#include "hw/i386/x86.h"
 #include "hw/i386/pc.h"
 #include "hw/char/serial.h"
 #include "hw/char/parallel.h"
@@ -103,9 +104,6 @@
 
 struct hpet_fw_config hpet_cfg = {.count = UINT8_MAX};
 
-/* Physical Address of PVH entry point read from kernel ELF NOTE */
-static size_t pvh_start_addr;
-
 GlobalProperty pc_compat_4_1[] = {};
 const size_t pc_compat_4_1_len = G_N_ELEMENTS(pc_compat_4_1);
 
@@ -867,481 +865,6 @@ static void handle_a20_line_change(void *opaque, int irq, 
int level)
 x86_cpu_set_a20(cpu, level);
 }
 
-/*
- * Calculates initial APIC ID for a specific CPU index
- *
- * Currently we need to be able to calculate the APIC ID from the CPU index
- * alone (without requiring a CPU object), as the QEMU<->Seabios interfaces 
have
- * no concept of "CPU index", and the NUMA tables on fw_cfg need the APIC ID of
- * all CPUs up to max_cpus.
- */
-static uint32_t x86_cpu_apic_id_from_index(PCMachineState *pcms,
-   unsigned int cpu_index)
-{
-MachineState *ms = MACHINE(pcms);
-PCMachineClass *pcmc = PC_MACHINE_GET_CLASS(pcms);
-uint32_t correct_id;
-static bool warned;
-
-correct_id = x86_apicid_from_cpu_idx(pcms->smp_dies, ms->smp.cores,
- ms->smp.threads, cpu_index);
-if (pcmc->compat_apic_id_mode) {
-if (cpu_index != correct_id && !warned && !qtest_enabled()) {
-error_report("APIC IDs set in compatibility mode, "
- "CPU topology won't match the configuration");
-warned = true;
-}
-return cpu_index;
-} else {
-return correct_id;
-}
-}
-
-static long get_file_size(FILE *f)
-{
-long where, size;
-
-/* XXX: on Unix systems, using fstat() probably makes more sense */
-
-where = ftell(f);
-fseek(f, 0, SEEK_END);
-size = ftell(f);
-fseek(f, where, SEEK_SET);
-
-return size;
-}
-
-struct setup_data {
-uint64_t next;
-uint32_t type;
-uint32_t len;
-

[PATCH v11 09/15] hw/i386: make x86.c independent from PCMachineState

[Sergio Lopez]

As a last step into splitting PCMachineState and deriving
X86MachineState from it, make the functions previously extracted from
pc.c to x86.c independent from PCMachineState, using X86MachineState
instead.

Signed-off-by: Sergio Lopez 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael S. Tsirkin 
---
 include/hw/i386/x86.h | 13 +++
 hw/i386/pc.c  | 14 
 hw/i386/pc_piix.c |  2 +-
 hw/i386/pc_q35.c  |  2 +-
 hw/i386/x86.c | 53 ---
 5 files changed, 44 insertions(+), 40 deletions(-)

diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
index d15713e92e..82d09fd7d0 100644
--- a/include/hw/i386/x86.h
+++ b/include/hw/i386/x86.h
@@ -75,10 +75,11 @@ typedef struct {
 #define X86_MACHINE_CLASS(class) \
 OBJECT_CLASS_CHECK(X86MachineClass, class, TYPE_X86_MACHINE)
 
-uint32_t x86_cpu_apic_id_from_index(PCMachineState *pcms,
+uint32_t x86_cpu_apic_id_from_index(X86MachineState *pcms,
 unsigned int cpu_index);
-void x86_cpu_new(PCMachineState *pcms, int64_t apic_id, Error **errp);
-void x86_cpus_init(PCMachineState *pcms);
+
+void x86_cpu_new(X86MachineState *pcms, int64_t apic_id, Error **errp);
+void x86_cpus_init(X86MachineState *pcms, int default_cpu_version);
 CpuInstanceProperties x86_cpu_index_to_props(MachineState *ms,
  unsigned cpu_index);
 int64_t x86_get_default_cpu_node_id(const MachineState *ms, int idx);
@@ -86,6 +87,10 @@ const CPUArchIdList *x86_possible_cpu_arch_ids(MachineState 
*ms);
 
 void x86_bios_rom_init(MemoryRegion *rom_memory, bool isapc_ram_fw);
 
-void x86_load_linux(PCMachineState *pcms, FWCfgState *fw_cfg);
+void x86_load_linux(X86MachineState *x86ms,
+FWCfgState *fw_cfg,
+int acpi_data_size,
+bool pvh_enabled,
+bool linuxboot_dma_enabled);
 
 #endif
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 1457a45101..a4d3a284fb 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -983,8 +983,8 @@ void pc_smp_parse(MachineState *ms, QemuOpts *opts)
 
 void pc_hot_add_cpu(MachineState *ms, const int64_t id, Error **errp)
 {
-PCMachineState *pcms = PC_MACHINE(ms);
-int64_t apic_id = x86_cpu_apic_id_from_index(pcms, id);
+X86MachineState *x86ms = X86_MACHINE(ms);
+int64_t apic_id = x86_cpu_apic_id_from_index(x86ms, id);
 Error *local_err = NULL;
 
 if (id < 0) {
@@ -999,7 +999,8 @@ void pc_hot_add_cpu(MachineState *ms, const int64_t id, 
Error **errp)
 return;
 }
 
-x86_cpu_new(PC_MACHINE(ms), apic_id, &local_err);
+
+x86_cpu_new(X86_MACHINE(ms), apic_id, &local_err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
@@ -1100,6 +1101,7 @@ void xen_load_linux(PCMachineState *pcms)
 {
 int i;
 FWCfgState *fw_cfg;
+PCMachineClass *pcmc = PC_MACHINE_GET_CLASS(pcms);
 X86MachineState *x86ms = X86_MACHINE(pcms);
 
 assert(MACHINE(pcms)->kernel_filename != NULL);
@@ -1108,7 +1110,8 @@ void xen_load_linux(PCMachineState *pcms)
 fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, x86ms->boot_cpus);
 rom_set_fw(fw_cfg);
 
-x86_load_linux(pcms, fw_cfg);
+x86_load_linux(x86ms, fw_cfg, pcmc->acpi_data_size,
+   pcmc->pvh_enabled, pcmc->linuxboot_dma_enabled);
 for (i = 0; i < nb_option_roms; i++) {
 assert(!strcmp(option_rom[i].name, "linuxboot.bin") ||
!strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
@@ -1244,7 +1247,8 @@ void pc_memory_init(PCMachineState *pcms,
 }
 
 if (linux_boot) {
-x86_load_linux(pcms, fw_cfg);
+x86_load_linux(x86ms, fw_cfg, pcmc->acpi_data_size,
+   pcmc->pvh_enabled, pcmc->linuxboot_dma_enabled);
 }
 
 for (i = 0; i < nb_option_roms; i++) {
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 0afa8fe6ea..a86317cdff 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -154,7 +154,7 @@ static void pc_init1(MachineState *machine,
 }
 }
 
-x86_cpus_init(pcms);
+x86_cpus_init(x86ms, pcmc->default_cpu_version);
 
 if (kvm_enabled() && pcmc->kvmclock_enabled) {
 kvmclock_create();
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 374ac6c068..75c8caf7c2 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -181,7 +181,7 @@ static void pc_q35_init(MachineState *machine)
 xen_hvm_init(pcms, &ram_memory);
 }
 
-x86_cpus_init(pcms);
+x86_cpus_init(x86ms, pcmc->default_cpu_version);
 
 kvmclock_create();
 
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index de4fed0164..fd84b23124 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -36,7 +36,6 @@
 #include "sysemu/sysemu.h"
 
 #include "hw/i386/x86.h"
-#include "hw/i386/pc.h"
 #include "target/i386/cpu.h"
 #include "hw/i386/topology.h"
 #include "hw/i386/fw_cfg.h"
@@ -61,11 +60,10 @@ static size_t pvh_s