[PULL v2 0/8] Misc patches for QEMU 5.0-rc3

[Paolo Bonzini]

The following changes since commit 53ef8a92eb04ee19640f5aad3bff36cd4a36c250:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200406' 
into staging (2020-04-06 12:36:45 +0100)

are available in the Git repository at:

  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to 267514b33ffa3f315adc26fc14d89f92e90840f5:

  module: increase dirs array size by one (2020-04-13 02:56:18 -0400)


Bugfixes, and reworking of the atomics documentation.



v1->v2: remove stray roms/SLOF change

Alexander Duyck (1):
  memory: Do not allow direct write access to rom_device regions

Bauerchen (1):
  oslib-posix: take lock before qemu_cond_broadcast

Bruce Rogers (1):
  module: increase dirs array size by one

Igor Mammedov (1):
  vl.c: error out if -mem-path is used together with -M memory-backend

Olaf Hering (1):
  piix: fix xenfv regression, add compat machine xenfv-4.2

Paolo Bonzini (3):
  atomics: convert to reStructuredText
  atomics: update documentation
  rcu: do not mention atomic_mb_read/set in documentation

 docs/devel/atomics.rst   | 507 +++
 docs/devel/atomics.txt   | 403 
 docs/devel/index.rst |   1 +
 docs/devel/rcu.txt   |   4 +-
 hw/i386/pc_piix.c|  19 +-
 include/exec/memory.h|   4 +-
 softmmu/vl.c |   5 +
 tests/qtest/device-introspect-test.c |   2 +-
 tests/qtest/qom-test.c   |  42 +--
 tests/qtest/test-hmp.c   |   2 +-
 util/module.c|   2 +-
 util/oslib-posix.c   |   3 +
 12 files changed, 547 insertions(+), 447 deletions(-)
 create mode 100644 docs/devel/atomics.rst
 delete mode 100644 docs/devel/atomics.txt
-- 
2.18.2

Re: [PATCH for-5.0? 0/3] Make docs build work with Sphinx 3

[Paolo Bonzini]

On 11/04/20 20:29, Peter Maydell wrote:
> 
> I've marked this up as 'for-5.0?' because I think it would be
> nice if at least patch 1 went in. Patch 2 seems uncontroversial
> (though I guess we should forward it up to the kernel folks
> since kernel-doc is from them originally). Patch 3 is the
> expedient change, but you could argue about whether this is
> the best way to tell kernel-doc what to do.

I agree---I would say this is ok for 5.0 as long as the last two patches
are forwarded to the kernel and any changes integrated back.

Patch 1 is clever. :)

Paolo

> 
> thanks
> -- PMM
> 
> Peter Maydell (3):
>   configure: Honour --disable-werror for Sphinx
>   scripts/kernel-doc: Add missing close-paren in c:function directives
>   kernel-doc: Use c:struct for Sphinx 3.0 and later

[PATCH 0/15] KVM: MIPS: Add Loongson-3 support (Host Side)

[Huacai Chen]

We are preparing to add KVM support for Loongson-3. VZ extension is
fully supported in Loongson-3A R4+, and we will not care about old CPUs
(at least now). We already have a full functional Linux kernel (based
on Linux-5.4.x LTS) and QEMU (based on 5.0.0-rc2) and their git
repositories are here:

QEMU: https://github.com/chenhuacai/qemu
Kernel: https://github.com/chenhuacai/linux

Of course these two repositories need to be rework and not suitable for
upstream (especially the commits need to be splitted). We show them here
is just to tell others what we have done, and how KVM/Loongson will look
like.

Our plan is make the KVM host side be upstream first, and after that,
we will make the KVM guest side and QEMU emulator be upstream.

Mike Rapoport(1):
 mips: define pud_index() regardless of page table folding

Xing Li(2):
 KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
 KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits

Huacai Chen(12):
 KVM: MIPS: Increase KVM_MAX_VCPUS and KVM_USER_MEM_SLOTS to 16
 KVM: MIPS: Add EVENTFD support which is needed by VHOST
 KVM: MIPS: Use lddir/ldpte instructions to lookup gpa_mm.pgd
 KVM: MIPS: Introduce and use cpu_guest_has_ldpte
 KVM: MIPS: Use root tlb to control guest's CCA for Loongson-3
 KVM: MIPS: Let indexed cacheops cause guest exit on Loongson-3
 KVM: MIPS: Add more types of virtual interrupts
 KVM: MIPS: Add Loongson-3 Virtual IPI interrupt support
 KVM: MIPS: Add CPUCFG emulation for Loongson-3
 KVM: MIPS: Add CONFIG6 and DIAG registers emulation
 KVM: MIPS: Add more MMIO load/store instructions emulation
 KVM: MIPS: Enable KVM support for Loongson-3

Signed-off-by: Huacai Chen 
---
 arch/mips/Kconfig|   1 +
 arch/mips/include/asm/cpu-features.h |   3 +
 arch/mips/include/asm/kvm_host.h |  50 +++-
 arch/mips/include/asm/mipsregs.h |   7 +
 arch/mips/include/asm/pgtable-64.h   |   4 +-
 arch/mips/include/uapi/asm/inst.h|  11 +
 arch/mips/kernel/cpu-probe.c |   2 +
 arch/mips/kvm/Kconfig|   1 +
 arch/mips/kvm/Makefile   |   5 +-
 arch/mips/kvm/emulate.c  | 461 ++-
 arch/mips/kvm/entry.c|  19 +-
 arch/mips/kvm/interrupt.c|  93 +--
 arch/mips/kvm/interrupt.h|  14 +-
 arch/mips/kvm/loongson_ipi.c | 215 
 arch/mips/kvm/mips.c |  49 +++-
 arch/mips/kvm/tlb.c  |  39 +++
 arch/mips/kvm/trap_emul.c|   3 +
 arch/mips/kvm/vz.c   | 204 +++-
 18 files changed, 1013 insertions(+), 168 deletions(-)
 create mode 100644 arch/mips/kvm/loongson_ipi.c
--
2.7.0

[PATCH 01/15] mips: define pud_index() regardless of page table folding

[Huacai Chen]

From: Mike Rapoport 

Commit 31168f033e37 ("mips: drop __pXd_offset() macros that duplicate
pXd_index() ones") is correct that pud_index() & __pud_offset() are the
same when pud_index() is actually provided, however it does not take into
account the __PAGETABLE_PUD_FOLDED case. This has broken MIPS KVM
compilation because it relied on availability of pud_index().

Define pud_index() regardless of page table folded. It will evaluate to
actual index for 4-level pagetables and to 0 for folded PUD level.

Link: https://lore.kernel.org/lkml/20200331154749.5457-1-pbonz...@redhat.com
Tested-by: Bibo Mao 
Tested-by: Huacai Chen 
Reported-by: Paolo Bonzini 
Signed-off-by: Mike Rapoport 
[Huacai: Add Tested-by and take this patch into my series, because my
 series can't build an available kernel if without this patch.]
Signed-off-by: Huacai Chen 
---
 arch/mips/include/asm/pgtable-64.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/mips/include/asm/pgtable-64.h 
b/arch/mips/include/asm/pgtable-64.h
index f92716c..ee5dc0c 100644
--- a/arch/mips/include/asm/pgtable-64.h
+++ b/arch/mips/include/asm/pgtable-64.h
@@ -172,6 +172,8 @@
 
 extern pte_t invalid_pte_table[PTRS_PER_PTE];
 
+#define pud_index(address) (((address) >> PUD_SHIFT) & (PTRS_PER_PUD - 1))
+
 #ifndef __PAGETABLE_PUD_FOLDED
 /*
  * For 4-level pagetables we defines these ourselves, for 3-level the
@@ -210,8 +212,6 @@ static inline void p4d_clear(p4d_t *p4dp)
p4d_val(*p4dp) = (unsigned long)invalid_pud_table;
 }
 
-#define pud_index(address) (((address) >> PUD_SHIFT) & (PTRS_PER_PUD - 1))
-
 static inline unsigned long p4d_page_vaddr(p4d_t p4d)
 {
return p4d_val(p4d);
-- 
2.7.0

[PATCH 04/15] KVM: MIPS: Increase KVM_MAX_VCPUS and KVM_USER_MEM_SLOTS to 16

[Huacai Chen]

Loongson-3 based machines can have as many as 16 CPUs, and so does
memory slots, so increase KVM_MAX_VCPUS and KVM_USER_MEM_SLOTS to 16.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/include/asm/kvm_host.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h
index 7b47a32..2258a2e 100644
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -78,8 +78,8 @@
 #define KVM_REG_MIPS_CP0_KSCRATCH6 MIPS_CP0_64(31, 7)
 
 
-#define KVM_MAX_VCPUS  8
-#define KVM_USER_MEM_SLOTS 8
+#define KVM_MAX_VCPUS  16
+#define KVM_USER_MEM_SLOTS 16
 /* memory slots that does not exposed to userspace */
 #define KVM_PRIVATE_MEM_SLOTS  0
 
-- 
2.7.0

qemu-devel@nongnu.org

[Huacai Chen]

From: Xing Li 

The code in decode_config4() of arch/mips/kernel/cpu-probe.c

asid_mask = MIPS_ENTRYHI_ASID;
if (config4 & MIPS_CONF4_AE)
asid_mask |= MIPS_ENTRYHI_ASIDX;
set_cpu_asid_mask(c, asid_mask);

set asid_mask to cpuinfo->asid_mask.

So in order to support variable ASID_MASK, KVM_ENTRYHI_ASID should also
be changed to cpu_asid_mask(&boot_cpu_data).

Cc: sta...@vger.kernel.org
Signed-off-by: Xing Li 
[Huacai: Change current_cpu_data to boot_cpu_data for optimization]
Signed-off-by: Huacai Chen 
---
 arch/mips/include/asm/kvm_host.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h
index 41204a4..5794584 100644
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -275,7 +275,7 @@ enum emulation_result {
 #define MIPS3_PG_FRAME 0x3fc0
 
 #define VPN2_MASK  0xe000
-#define KVM_ENTRYHI_ASID   MIPS_ENTRYHI_ASID
+#define KVM_ENTRYHI_ASID   cpu_asid_mask(&boot_cpu_data)
 #define TLB_IS_GLOBAL(x)   ((x).tlb_lo[0] & (x).tlb_lo[1] & ENTRYLO_G)
 #define TLB_VPN2(x)((x).tlb_hi & VPN2_MASK)
 #define TLB_ASID(x)((x).tlb_hi & KVM_ENTRYHI_ASID)
-- 
2.7.0

[PATCH 05/15] KVM: MIPS: Add EVENTFD support which is needed by VHOST

[Huacai Chen]

Add EVENTFD support for KVM/MIPS, which is needed by VHOST. Tested on
Loongson-3 platform.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/kvm/Kconfig | 1 +
 arch/mips/kvm/Makefile| 2 +-
 arch/mips/kvm/trap_emul.c | 3 +++
 arch/mips/kvm/vz.c| 3 +++
 4 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/mips/kvm/Kconfig b/arch/mips/kvm/Kconfig
index eac25ae..80b0464 100644
--- a/arch/mips/kvm/Kconfig
+++ b/arch/mips/kvm/Kconfig
@@ -22,6 +22,7 @@ config KVM
select EXPORT_UASM
select PREEMPT_NOTIFIERS
select KVM_GENERIC_DIRTYLOG_READ_PROTECT
+   select HAVE_KVM_EVENTFD
select HAVE_KVM_VCPU_ASYNC_IOCTL
select KVM_MMIO
select MMU_NOTIFIER
diff --git a/arch/mips/kvm/Makefile b/arch/mips/kvm/Makefile
index 01affc1..0a3cef6 100644
--- a/arch/mips/kvm/Makefile
+++ b/arch/mips/kvm/Makefile
@@ -2,7 +2,7 @@
 # Makefile for KVM support for MIPS
 #
 
-common-objs-y = $(addprefix ../../../virt/kvm/, kvm_main.o coalesced_mmio.o)
+common-objs-y = $(addprefix ../../../virt/kvm/, kvm_main.o coalesced_mmio.o 
eventfd.o)
 
 EXTRA_CFLAGS += -Ivirt/kvm -Iarch/mips/kvm
 
diff --git a/arch/mips/kvm/trap_emul.c b/arch/mips/kvm/trap_emul.c
index 5a11e83..f464506b 100644
--- a/arch/mips/kvm/trap_emul.c
+++ b/arch/mips/kvm/trap_emul.c
@@ -529,6 +529,9 @@ static int kvm_trap_emul_check_extension(struct kvm *kvm, 
long ext)
case KVM_CAP_MIPS_TE:
r = 1;
break;
+   case KVM_CAP_IOEVENTFD:
+   r = 1;
+   break;
default:
r = 0;
break;
diff --git a/arch/mips/kvm/vz.c b/arch/mips/kvm/vz.c
index dde2088..17932ab 100644
--- a/arch/mips/kvm/vz.c
+++ b/arch/mips/kvm/vz.c
@@ -2927,6 +2927,9 @@ static int kvm_vz_check_extension(struct kvm *kvm, long 
ext)
r = 2;
break;
 #endif
+   case KVM_CAP_IOEVENTFD:
+   r = 1;
+   break;
default:
r = 0;
break;
-- 
2.7.0

[PATCH 06/15] KVM: MIPS: Use lddir/ldpte instructions to lookup gpa_mm.pgd

[Huacai Chen]

Loongson-3 can use lddir/ldpte instuctions to accelerate page table
walking, so use them to lookup gpa_mm.pgd.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/kvm/entry.c | 19 ++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/arch/mips/kvm/entry.c b/arch/mips/kvm/entry.c
index 16e1c93..fd71694 100644
--- a/arch/mips/kvm/entry.c
+++ b/arch/mips/kvm/entry.c
@@ -56,6 +56,7 @@
 #define C0_BADVADDR8, 0
 #define C0_BADINSTR8, 1
 #define C0_BADINSTRP   8, 2
+#define C0_PGD 9, 7
 #define C0_ENTRYHI 10, 0
 #define C0_GUESTCTL1   10, 4
 #define C0_STATUS  12, 0
@@ -307,7 +308,10 @@ static void *kvm_mips_build_enter_guest(void *addr)
 
 #ifdef CONFIG_KVM_MIPS_VZ
/* Save normal linux process pgd (VZ guarantees pgd_reg is set) */
-   UASM_i_MFC0(&p, K0, c0_kscratch(), pgd_reg);
+   if (cpu_has_ldpte)
+   UASM_i_MFC0(&p, K0, C0_PWBASE);
+   else
+   UASM_i_MFC0(&p, K0, c0_kscratch(), pgd_reg);
UASM_i_SW(&p, K0, offsetof(struct kvm_vcpu_arch, host_pgd), K1);
 
/*
@@ -469,8 +473,10 @@ void *kvm_mips_build_tlb_refill_exception(void *addr, void 
*handler)
u32 *p = addr;
struct uasm_label labels[2];
struct uasm_reloc relocs[2];
+#ifndef CONFIG_CPU_LOONGSON64
struct uasm_label *l = labels;
struct uasm_reloc *r = relocs;
+#endif
 
memset(labels, 0, sizeof(labels));
memset(relocs, 0, sizeof(relocs));
@@ -490,6 +496,16 @@ void *kvm_mips_build_tlb_refill_exception(void *addr, void 
*handler)
 */
preempt_disable();
 
+#ifdef CONFIG_CPU_LOONGSON64
+   UASM_i_MFC0(&p, K1, C0_PGD);
+   uasm_i_lddir(&p, K0, K1, 3);  /* global page dir */
+#ifndef __PAGETABLE_PMD_FOLDED
+   uasm_i_lddir(&p, K1, K0, 1);  /* middle page dir */
+#endif
+   uasm_i_ldpte(&p, K1, 0);  /* even */
+   uasm_i_ldpte(&p, K1, 1);  /* odd */
+   uasm_i_tlbwr(&p);
+#else
/*
 * Now for the actual refill bit. A lot of this can be common with the
 * Linux TLB refill handler, however we don't need to handle so many
@@ -512,6 +528,7 @@ void *kvm_mips_build_tlb_refill_exception(void *addr, void 
*handler)
build_get_ptep(&p, K0, K1);
build_update_entries(&p, K0, K1);
build_tlb_write_entry(&p, &l, &r, tlb_random);
+#endif
 
preempt_enable();
 
-- 
2.7.0

[PATCH 07/15] KVM: MIPS: Introduce and use cpu_guest_has_ldpte

[Huacai Chen]

Loongson-3 has lddir/ldpte instructions and their related CP0 registers
are the same as HTW. So we introduce a cpu_guest_has_ldpte flag and use
it to indicate whether we need to save/restore HTW related CP0 registers
(PWBase, PWSize, PWField and PWCtl).

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/include/asm/cpu-features.h |  3 +++
 arch/mips/kernel/cpu-probe.c |  1 +
 arch/mips/kvm/vz.c   | 26 +-
 3 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/arch/mips/include/asm/cpu-features.h 
b/arch/mips/include/asm/cpu-features.h
index de44c92..c576aad 100644
--- a/arch/mips/include/asm/cpu-features.h
+++ b/arch/mips/include/asm/cpu-features.h
@@ -665,6 +665,9 @@
 #ifndef cpu_guest_has_htw
 #define cpu_guest_has_htw  (cpu_data[0].guest.options & MIPS_CPU_HTW)
 #endif
+#ifndef cpu_guest_has_ldpte
+#define cpu_guest_has_ldpte(cpu_data[0].guest.options & MIPS_CPU_LDPTE)
+#endif
 #ifndef cpu_guest_has_mvh
 #define cpu_guest_has_mvh  (cpu_data[0].guest.options & MIPS_CPU_MVH)
 #endif
diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c
index f21a230..5bf0821 100644
--- a/arch/mips/kernel/cpu-probe.c
+++ b/arch/mips/kernel/cpu-probe.c
@@ -1966,6 +1966,7 @@ static inline void cpu_probe_loongson(struct cpuinfo_mips 
*c, unsigned int cpu)
set_isa(c, MIPS_CPU_ISA_M64R2);
decode_configs(c);
c->options |= MIPS_CPU_FTLB | MIPS_CPU_TLBINV | MIPS_CPU_LDPTE;
+   c->guest.options |= MIPS_CPU_LDPTE;
c->writecombine = _CACHE_UNCACHED_ACCELERATED;
c->ases |= (MIPS_ASE_LOONGSON_MMI | MIPS_ASE_LOONGSON_CAM |
MIPS_ASE_LOONGSON_EXT | MIPS_ASE_LOONGSON_EXT2);
diff --git a/arch/mips/kvm/vz.c b/arch/mips/kvm/vz.c
index 17932ab..422cd06 100644
--- a/arch/mips/kvm/vz.c
+++ b/arch/mips/kvm/vz.c
@@ -1706,7 +1706,7 @@ static unsigned long kvm_vz_num_regs(struct kvm_vcpu 
*vcpu)
ret += ARRAY_SIZE(kvm_vz_get_one_regs_contextconfig);
if (cpu_guest_has_segments)
ret += ARRAY_SIZE(kvm_vz_get_one_regs_segments);
-   if (cpu_guest_has_htw)
+   if (cpu_guest_has_htw || cpu_guest_has_ldpte)
ret += ARRAY_SIZE(kvm_vz_get_one_regs_htw);
if (cpu_guest_has_maar && !cpu_guest_has_dyn_maar)
ret += 1 + ARRAY_SIZE(vcpu->arch.maar);
@@ -1755,7 +1755,7 @@ static int kvm_vz_copy_reg_indices(struct kvm_vcpu *vcpu, 
u64 __user *indices)
return -EFAULT;
indices += ARRAY_SIZE(kvm_vz_get_one_regs_segments);
}
-   if (cpu_guest_has_htw) {
+   if (cpu_guest_has_htw || cpu_guest_has_ldpte) {
if (copy_to_user(indices, kvm_vz_get_one_regs_htw,
 sizeof(kvm_vz_get_one_regs_htw)))
return -EFAULT;
@@ -1878,17 +1878,17 @@ static int kvm_vz_get_one_reg(struct kvm_vcpu *vcpu,
*v = read_gc0_segctl2();
break;
case KVM_REG_MIPS_CP0_PWBASE:
-   if (!cpu_guest_has_htw)
+   if (!cpu_guest_has_htw && !cpu_guest_has_ldpte)
return -EINVAL;
*v = read_gc0_pwbase();
break;
case KVM_REG_MIPS_CP0_PWFIELD:
-   if (!cpu_guest_has_htw)
+   if (!cpu_guest_has_htw && !cpu_guest_has_ldpte)
return -EINVAL;
*v = read_gc0_pwfield();
break;
case KVM_REG_MIPS_CP0_PWSIZE:
-   if (!cpu_guest_has_htw)
+   if (!cpu_guest_has_htw && !cpu_guest_has_ldpte)
return -EINVAL;
*v = read_gc0_pwsize();
break;
@@ -1896,7 +1896,7 @@ static int kvm_vz_get_one_reg(struct kvm_vcpu *vcpu,
*v = (long)read_gc0_wired();
break;
case KVM_REG_MIPS_CP0_PWCTL:
-   if (!cpu_guest_has_htw)
+   if (!cpu_guest_has_htw && !cpu_guest_has_ldpte)
return -EINVAL;
*v = read_gc0_pwctl();
break;
@@ -2101,17 +2101,17 @@ static int kvm_vz_set_one_reg(struct kvm_vcpu *vcpu,
write_gc0_segctl2(v);
break;
case KVM_REG_MIPS_CP0_PWBASE:
-   if (!cpu_guest_has_htw)
+   if (!cpu_guest_has_htw && !cpu_guest_has_ldpte)
return -EINVAL;
write_gc0_pwbase(v);
break;
case KVM_REG_MIPS_CP0_PWFIELD:
-   if (!cpu_guest_has_htw)
+   if (!cpu_guest_has_htw && !cpu_guest_has_ldpte)
return -EINVAL;
write_gc0_pwfield(v);
break;
case KVM_REG_MIPS_CP0_PWSIZE:
-   if (!cpu_guest_has_htw)
+   if (!cpu_guest_has_htw && !cpu_guest_has_ldpte)
return -EINVAL;
   

[PATCH 03/15] KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits

[Huacai Chen]

From: Xing Li 

If a CPU support more than 32bit vmbits (which is true for 64bit CPUs),
VPN2_MASK set to fixed 0xe000 will lead to a wrong EntryHi in some
functions such as _kvm_mips_host_tlb_inv().

The cpu_vmbits definition of 32bit CPU in cpu-features.h is 31, so we
still use the old definition.

Cc: sta...@vger.kernel.org
Signed-off-by: Xing Li 
[Huacai: Improve commit messages]
Signed-off-by: Huacai Chen 
---
 arch/mips/include/asm/kvm_host.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h
index 5794584..7b47a32 100644
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -274,7 +274,11 @@ enum emulation_result {
 #define MIPS3_PG_SHIFT 6
 #define MIPS3_PG_FRAME 0x3fc0
 
+#if defined(CONFIG_64BIT)
+#define VPN2_MASK  GENMASK(cpu_vmbits - 1, 13)
+#else
 #define VPN2_MASK  0xe000
+#endif
 #define KVM_ENTRYHI_ASID   cpu_asid_mask(&boot_cpu_data)
 #define TLB_IS_GLOBAL(x)   ((x).tlb_lo[0] & (x).tlb_lo[1] & ENTRYLO_G)
 #define TLB_VPN2(x)((x).tlb_hi & VPN2_MASK)
-- 
2.7.0

[PATCH 08/15] KVM: MIPS: Use root tlb to control guest's CCA for Loongson-3

[Huacai Chen]

KVM guest has two levels of address translation: guest tlb translates
GVA to GPA, and root tlb translates GPA to HPA. By default guest's CCA
is controlled by guest tlb, but Loongson-3 maintains all cache coherency
by hardware (including multi-core coherency and I/O DMA coherency) so it
prefers all guest mappings be cacheable mappings. Thus, we use root tlb
to control guest's CCA for Loongson-3.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/kvm/vz.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/arch/mips/kvm/vz.c b/arch/mips/kvm/vz.c
index 422cd06..e30ebb2 100644
--- a/arch/mips/kvm/vz.c
+++ b/arch/mips/kvm/vz.c
@@ -2871,6 +2871,10 @@ static int kvm_vz_hardware_enable(void)
if (cpu_has_guestctl2)
clear_c0_guestctl2(0x3f << 10);
 
+   /* Control guest CCA attribute */
+   if (cpu_has_csr())
+   csr_writel(csr_readl(0xffec) | 0x1, 0xffec);
+
return 0;
 }
 
-- 
2.7.0

[PATCH 09/15] KVM: MIPS: Let indexed cacheops cause guest exit on Loongson-3

[Huacai Chen]

Loongson-3's indexed cache operations need a node-id in the address,
but in KVM guest the node-id may be incorrect. So, let indexed cache
operations cause guest exit on Loongson-3.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/kvm/vz.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/mips/kvm/vz.c b/arch/mips/kvm/vz.c
index e30ebb2..9a228dc 100644
--- a/arch/mips/kvm/vz.c
+++ b/arch/mips/kvm/vz.c
@@ -2853,8 +2853,12 @@ static int kvm_vz_hardware_enable(void)
write_c0_guestctl0(MIPS_GCTL0_CP0 |
   (MIPS_GCTL0_AT_GUEST << MIPS_GCTL0_AT_SHIFT) |
   MIPS_GCTL0_CG | MIPS_GCTL0_CF);
-   if (cpu_has_guestctl0ext)
-   set_c0_guestctl0ext(MIPS_GCTL0EXT_CGI);
+   if (cpu_has_guestctl0ext) {
+   if (current_cpu_type() != CPU_LOONGSON64)
+   set_c0_guestctl0ext(MIPS_GCTL0EXT_CGI);
+   else
+   clear_c0_guestctl0ext(MIPS_GCTL0EXT_CGI);
+   }
 
if (cpu_has_guestid) {
write_c0_guestctl1(0);
-- 
2.7.0

[PATCH 10/15] KVM: MIPS: Add more types of virtual interrupts

[Huacai Chen]

In current implementation, MIPS KVM uses IP2, IP3, IP4 and IP7 for
external interrupt, two kinds of IPIs and timer interrupt respectively,
but Loongson-3 based machines prefer to use IP2, IP3, IP6 and IP7 for
two kinds of external interrupts, IPI and timer interrupt. So we define
two priority-irq mapping tables: kvm_loongson3_priority_to_irq[] for
Loongson-3, and kvm_default_priority_to_irq[] for others. The virtual
interrupt infrastructure is updated to deliver all types of interrupts
from IP2, IP3, IP4, IP6 and IP7.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/kvm/interrupt.c | 93 +++
 arch/mips/kvm/interrupt.h | 14 ---
 arch/mips/kvm/mips.c  | 40 ++--
 arch/mips/kvm/vz.c| 53 ---
 4 files changed, 67 insertions(+), 133 deletions(-)

diff --git a/arch/mips/kvm/interrupt.c b/arch/mips/kvm/interrupt.c
index 7257e8b6..d28c2c9c 100644
--- a/arch/mips/kvm/interrupt.c
+++ b/arch/mips/kvm/interrupt.c
@@ -61,27 +61,8 @@ void kvm_mips_queue_io_int_cb(struct kvm_vcpu *vcpu,
 * the EXC code will be set when we are actually
 * delivering the interrupt:
 */
-   switch (intr) {
-   case 2:
-   kvm_set_c0_guest_cause(vcpu->arch.cop0, (C_IRQ0));
-   /* Queue up an INT exception for the core */
-   kvm_mips_queue_irq(vcpu, MIPS_EXC_INT_IO);
-   break;
-
-   case 3:
-   kvm_set_c0_guest_cause(vcpu->arch.cop0, (C_IRQ1));
-   kvm_mips_queue_irq(vcpu, MIPS_EXC_INT_IPI_1);
-   break;
-
-   case 4:
-   kvm_set_c0_guest_cause(vcpu->arch.cop0, (C_IRQ2));
-   kvm_mips_queue_irq(vcpu, MIPS_EXC_INT_IPI_2);
-   break;
-
-   default:
-   break;
-   }
-
+   kvm_set_c0_guest_cause(vcpu->arch.cop0, 1 << (intr + 8));
+   kvm_mips_queue_irq(vcpu, kvm_irq_to_priority(intr));
 }
 
 void kvm_mips_dequeue_io_int_cb(struct kvm_vcpu *vcpu,
@@ -89,26 +70,8 @@ void kvm_mips_dequeue_io_int_cb(struct kvm_vcpu *vcpu,
 {
int intr = (int)irq->irq;
 
-   switch (intr) {
-   case -2:
-   kvm_clear_c0_guest_cause(vcpu->arch.cop0, (C_IRQ0));
-   kvm_mips_dequeue_irq(vcpu, MIPS_EXC_INT_IO);
-   break;
-
-   case -3:
-   kvm_clear_c0_guest_cause(vcpu->arch.cop0, (C_IRQ1));
-   kvm_mips_dequeue_irq(vcpu, MIPS_EXC_INT_IPI_1);
-   break;
-
-   case -4:
-   kvm_clear_c0_guest_cause(vcpu->arch.cop0, (C_IRQ2));
-   kvm_mips_dequeue_irq(vcpu, MIPS_EXC_INT_IPI_2);
-   break;
-
-   default:
-   break;
-   }
-
+   kvm_clear_c0_guest_cause(vcpu->arch.cop0, 1 << (-intr + 8));
+   kvm_mips_dequeue_irq(vcpu, kvm_irq_to_priority(-intr));
 }
 
 /* Deliver the interrupt of the corresponding priority, if possible. */
@@ -116,50 +79,20 @@ int kvm_mips_irq_deliver_cb(struct kvm_vcpu *vcpu, 
unsigned int priority,
u32 cause)
 {
int allowed = 0;
-   u32 exccode;
+   u32 exccode, ie;
 
struct kvm_vcpu_arch *arch = &vcpu->arch;
struct mips_coproc *cop0 = vcpu->arch.cop0;
 
-   switch (priority) {
-   case MIPS_EXC_INT_TIMER:
-   if ((kvm_read_c0_guest_status(cop0) & ST0_IE)
-   && (!(kvm_read_c0_guest_status(cop0) & (ST0_EXL | ST0_ERL)))
-   && (kvm_read_c0_guest_status(cop0) & IE_IRQ5)) {
-   allowed = 1;
-   exccode = EXCCODE_INT;
-   }
-   break;
-
-   case MIPS_EXC_INT_IO:
-   if ((kvm_read_c0_guest_status(cop0) & ST0_IE)
-   && (!(kvm_read_c0_guest_status(cop0) & (ST0_EXL | ST0_ERL)))
-   && (kvm_read_c0_guest_status(cop0) & IE_IRQ0)) {
-   allowed = 1;
-   exccode = EXCCODE_INT;
-   }
-   break;
-
-   case MIPS_EXC_INT_IPI_1:
-   if ((kvm_read_c0_guest_status(cop0) & ST0_IE)
-   && (!(kvm_read_c0_guest_status(cop0) & (ST0_EXL | ST0_ERL)))
-   && (kvm_read_c0_guest_status(cop0) & IE_IRQ1)) {
-   allowed = 1;
-   exccode = EXCCODE_INT;
-   }
-   break;
-
-   case MIPS_EXC_INT_IPI_2:
-   if ((kvm_read_c0_guest_status(cop0) & ST0_IE)
-   && (!(kvm_read_c0_guest_status(cop0) & (ST0_EXL | ST0_ERL)))
-   && (kvm_read_c0_guest_status(cop0) & IE_IRQ2)) {
-   allowed = 1;
-   exccode = EXCCODE_INT;
-   }
-   break;
+   if (priority == MIPS_EXC_MAX)
+   return 0;
 
-   default:
-   break;
+   ie = 1 << (kvm_priority_to_irq[priority] + 8);
+   if ((kvm_read_c0_guest_status(cop0)

[PATCH 11/15] KVM: MIPS: Add Loongson-3 Virtual IPI interrupt support

[Huacai Chen]

This patch add Loongson-3 Virtual IPI interrupt support in the kernel,
because emulate it in QEMU is too expensive for performance.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/include/asm/kvm_host.h |  32 ++
 arch/mips/kvm/Makefile   |   3 +
 arch/mips/kvm/emulate.c  |  21 +++-
 arch/mips/kvm/loongson_ipi.c | 215 +++
 arch/mips/kvm/mips.c |   6 ++
 5 files changed, 276 insertions(+), 1 deletion(-)
 create mode 100644 arch/mips/kvm/loongson_ipi.c

diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h
index 2258a2e..4022712 100644
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -23,6 +23,8 @@
 #include 
 #include 
 
+#include 
+
 /* MIPS KVM register ids */
 #define MIPS_CP0_32(_R, _S)\
(KVM_REG_MIPS_CP0 | KVM_REG_SIZE_U32 | (8 * (_R) + (_S)))
@@ -181,11 +183,39 @@ struct kvm_vcpu_stat {
 struct kvm_arch_memory_slot {
 };
 
+#ifdef CONFIG_CPU_LOONGSON64
+typedef struct ipi_state {
+   uint32_t status;
+   uint32_t en;
+   uint32_t set;
+   uint32_t clear;
+   uint64_t buf[4];
+} ipi_state;
+
+struct loongson_kvm_ipi;
+
+typedef struct ipi_io_device {
+   int node_id;
+   struct loongson_kvm_ipi *ipi;
+   struct kvm_io_device device;
+} ipi_io_device;
+
+struct loongson_kvm_ipi {
+   spinlock_t lock;
+   struct kvm *kvm;
+   ipi_state ipistate[16];
+   ipi_io_device dev_ipi[4];
+};
+#endif
+
 struct kvm_arch {
/* Guest physical mm */
struct mm_struct gpa_mm;
/* Mask of CPUs needing GPA ASID flush */
cpumask_t asid_flush_mask;
+#ifdef CONFIG_CPU_LOONGSON64
+   struct loongson_kvm_ipi ipi;
+#endif
 };
 
 #define N_MIPS_COPROC_REGS 32
@@ -1133,6 +1163,8 @@ extern int kvm_mips_trans_mtc0(union mips_instruction 
inst, u32 *opc,
 /* Misc */
 extern void kvm_mips_dump_stats(struct kvm_vcpu *vcpu);
 extern unsigned long kvm_mips_get_ramsize(struct kvm *kvm);
+extern int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
+struct kvm_mips_interrupt *irq);
 
 static inline void kvm_arch_hardware_unsetup(void) {}
 static inline void kvm_arch_sync_events(struct kvm *kvm) {}
diff --git a/arch/mips/kvm/Makefile b/arch/mips/kvm/Makefile
index 0a3cef6..506c4ac 100644
--- a/arch/mips/kvm/Makefile
+++ b/arch/mips/kvm/Makefile
@@ -13,6 +13,9 @@ kvm-objs := $(common-objs-y) mips.o emulate.o entry.o \
fpu.o
 kvm-objs += hypcall.o
 kvm-objs += mmu.o
+ifdef CONFIG_CPU_LOONGSON64
+kvm-objs += loongson_ipi.o
+endif
 
 ifdef CONFIG_KVM_MIPS_VZ
 kvm-objs   += vz.o
diff --git a/arch/mips/kvm/emulate.c b/arch/mips/kvm/emulate.c
index 754094b..aa2db51 100644
--- a/arch/mips/kvm/emulate.c
+++ b/arch/mips/kvm/emulate.c
@@ -1600,6 +1600,7 @@ enum emulation_result kvm_mips_emulate_store(union 
mips_instruction inst,
 struct kvm_run *run,
 struct kvm_vcpu *vcpu)
 {
+   int r;
enum emulation_result er;
u32 rt;
void *data = run->mmio.data;
@@ -1666,9 +1667,17 @@ enum emulation_result kvm_mips_emulate_store(union 
mips_instruction inst,
goto out_fail;
}
 
-   run->mmio.is_write = 1;
vcpu->mmio_needed = 1;
+   run->mmio.is_write = 1;
vcpu->mmio_is_write = 1;
+
+   r = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, run->mmio.phys_addr, 
run->mmio.len, data);
+
+   if (!r) {
+   vcpu->mmio_needed = 0;
+   return EMULATE_DONE;
+   }
+
return EMULATE_DO_MMIO;
 
 out_fail:
@@ -1681,6 +1690,7 @@ enum emulation_result kvm_mips_emulate_load(union 
mips_instruction inst,
u32 cause, struct kvm_run *run,
struct kvm_vcpu *vcpu)
 {
+   int r;
enum emulation_result er;
unsigned long curr_pc;
u32 op, rt;
@@ -1745,6 +1755,15 @@ enum emulation_result kvm_mips_emulate_load(union 
mips_instruction inst,
 
run->mmio.is_write = 0;
vcpu->mmio_is_write = 0;
+
+   r = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, run->mmio.phys_addr, 
run->mmio.len, run->mmio.data);
+
+   if (!r) {
+   kvm_mips_complete_mmio_load(vcpu, run);
+   vcpu->mmio_needed = 0;
+   return EMULATE_DONE;
+   }
+
return EMULATE_DO_MMIO;
 }
 
diff --git a/arch/mips/kvm/loongson_ipi.c b/arch/mips/kvm/loongson_ipi.c
new file mode 100644
index ..3e22532
--- /dev/null
+++ b/arch/mips/kvm/loongson_ipi.c
@@ -0,0 +1,215 @@
+/*
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License.  See the file "COPYING" in the main directory of this archive
+ * for more details.
+ *
+ * Loongson-3 Virtual IPI interrupt support.
+ *
+ * Copyright (C) 2019  Loongson Technologie

[PATCH 12/15] KVM: MIPS: Add CPUCFG emulation for Loongson-3

[Huacai Chen]

Loongson-3 overrides lwc2 instructions to implement CPUCFG and CSR
read/write functions. These instructions all cause guest exit so CSR
doesn't benifit KVM guest (and there are always legacy methods to
provide the same functions as CSR). So, we only emulate CPUCFG and let
it return 0 (which means the virtual CPU doesn't have any advanced
features, including CSR) in KVM.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/include/asm/kvm_host.h  |  3 +++
 arch/mips/include/uapi/asm/inst.h | 11 +
 arch/mips/kvm/mips.c  |  3 +++
 arch/mips/kvm/vz.c| 50 +++
 4 files changed, 67 insertions(+)

diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h
index 4022712..c291767 100644
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -173,6 +173,9 @@ struct kvm_vcpu_stat {
u64 vz_ghfc_exits;
u64 vz_gpa_exits;
u64 vz_resvd_exits;
+#ifdef CONFIG_CPU_LOONGSON64
+   u64 vz_cpucfg_exits;
+#endif
 #endif
u64 halt_successful_poll;
u64 halt_attempted_poll;
diff --git a/arch/mips/include/uapi/asm/inst.h 
b/arch/mips/include/uapi/asm/inst.h
index 98f97c8..43d1faa 100644
--- a/arch/mips/include/uapi/asm/inst.h
+++ b/arch/mips/include/uapi/asm/inst.h
@@ -1012,6 +1012,16 @@ struct loongson3_lsdc2_format {  /* Loongson-3 
overridden ldc2/sdc2 Load/Store fo
;))
 };
 
+struct loongson3_lscsr_format {/* Loongson-3 CPUCFG&CSR read/write 
format */
+   __BITFIELD_FIELD(unsigned int opcode : 6,
+   __BITFIELD_FIELD(unsigned int rs : 5,
+   __BITFIELD_FIELD(unsigned int fr : 5,
+   __BITFIELD_FIELD(unsigned int rd : 5,
+   __BITFIELD_FIELD(unsigned int fd : 5,
+   __BITFIELD_FIELD(unsigned int func : 6,
+   ;))
+};
+
 /*
  * MIPS16e instruction formats (16-bit length)
  */
@@ -1114,6 +1124,7 @@ union mips_instruction {
struct mm16_r5_format mm16_r5_format;
struct loongson3_lswc2_format loongson3_lswc2_format;
struct loongson3_lsdc2_format loongson3_lsdc2_format;
+   struct loongson3_lscsr_format loongson3_lscsr_format;
 };
 
 union mips16e_instruction {
diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c
index 20acd50..2d9ce8d 100644
--- a/arch/mips/kvm/mips.c
+++ b/arch/mips/kvm/mips.c
@@ -68,6 +68,9 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
{ "vz_ghfc",  VCPU_STAT(vz_ghfc_exits),  KVM_STAT_VCPU },
{ "vz_gpa",   VCPU_STAT(vz_gpa_exits),   KVM_STAT_VCPU },
{ "vz_resvd", VCPU_STAT(vz_resvd_exits), KVM_STAT_VCPU },
+#ifdef CONFIG_CPU_LOONGSON64
+   { "vz_cpucfg",VCPU_STAT(vz_cpucfg_exits),KVM_STAT_VCPU },
+#endif
 #endif
{ "halt_successful_poll", VCPU_STAT(halt_successful_poll), 
KVM_STAT_VCPU },
{ "halt_attempted_poll", VCPU_STAT(halt_attempted_poll), KVM_STAT_VCPU 
},
diff --git a/arch/mips/kvm/vz.c b/arch/mips/kvm/vz.c
index db9b0f5..0772565 100644
--- a/arch/mips/kvm/vz.c
+++ b/arch/mips/kvm/vz.c
@@ -29,6 +29,7 @@
 #include 
 
 #include "interrupt.h"
+#include "loongson_regs.h"
 
 #include "trace.h"
 
@@ -1092,6 +1093,50 @@ static enum emulation_result kvm_vz_gpsi_cache(union 
mips_instruction inst,
return EMULATE_FAIL;
 }
 
+#ifdef CONFIG_CPU_LOONGSON64
+static enum emulation_result kvm_vz_gpsi_lwc2(union mips_instruction inst,
+ u32 *opc, u32 cause,
+ struct kvm_run *run,
+ struct kvm_vcpu *vcpu)
+{
+   unsigned int rs, rd;
+   unsigned long curr_pc;
+   enum emulation_result er = EMULATE_DONE;
+
+   /*
+* Update PC and hold onto current PC in case there is
+* an error and we want to rollback the PC
+*/
+   curr_pc = vcpu->arch.pc;
+   er = update_pc(vcpu, cause);
+   if (er == EMULATE_FAIL)
+   return er;
+
+   rs = inst.loongson3_lscsr_format.rs;
+   rd = inst.loongson3_lscsr_format.rd;
+   switch (inst.loongson3_lscsr_format.fr) {
+   case 0x8:  /* Read CPUCFG */
+   ++vcpu->stat.vz_cpucfg_exits;
+   vcpu->arch.gprs[rd] = 0; /* Don't export any advanced 
features to guest */
+   break;
+   default:
+   kvm_err("lwc2 emulate not impl %d rs %lx @%lx\n",
+   inst.loongson3_lscsr_format.fr, 
vcpu->arch.gprs[rs], curr_pc);
+   er = EMULATE_FAIL;
+   break;
+   }
+   /* Rollback PC only if emulation was unsuccessful */
+   if (er == EMULATE_FAIL) {
+   kvm_err("[%#lx]%s: unsupported lwc2 instruction 0x%08x 
0x%08x\n",
+   curr_pc, __func__, inst.word, 
inst.loongson3_lscsr_format.fr);
+
+   vcpu->arch.pc = curr_pc;
+   }
+
+ 

[PATCH 13/15] KVM: MIPS: Add CONFIG6 and DIAG registers emulation

[Huacai Chen]

Loongson-3 has CONFIG6 and DIAG registers which need to be emulate.
CONFIG6 is mostly used to enable/disable FTLB and SFB, while DIAG is
mostly used to flush BTB, ITLB, DTLB, VTLB and FTLB.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/include/asm/kvm_host.h |  5 
 arch/mips/include/asm/mipsregs.h |  7 +
 arch/mips/kvm/tlb.c  | 39 +++
 arch/mips/kvm/vz.c   | 58 +++-
 4 files changed, 108 insertions(+), 1 deletion(-)

diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h
index c291767..3ef6ca8 100644
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -68,9 +68,11 @@
 #define KVM_REG_MIPS_CP0_CONFIG3   MIPS_CP0_32(16, 3)
 #define KVM_REG_MIPS_CP0_CONFIG4   MIPS_CP0_32(16, 4)
 #define KVM_REG_MIPS_CP0_CONFIG5   MIPS_CP0_32(16, 5)
+#define KVM_REG_MIPS_CP0_CONFIG6   MIPS_CP0_32(16, 6)
 #define KVM_REG_MIPS_CP0_CONFIG7   MIPS_CP0_32(16, 7)
 #define KVM_REG_MIPS_CP0_MAARI MIPS_CP0_64(17, 2)
 #define KVM_REG_MIPS_CP0_XCONTEXT  MIPS_CP0_64(20, 0)
+#define KVM_REG_MIPS_CP0_DIAG  MIPS_CP0_32(22, 0)
 #define KVM_REG_MIPS_CP0_ERROREPC  MIPS_CP0_64(30, 0)
 #define KVM_REG_MIPS_CP0_KSCRATCH1 MIPS_CP0_64(31, 2)
 #define KVM_REG_MIPS_CP0_KSCRATCH2 MIPS_CP0_64(31, 3)
@@ -256,6 +258,7 @@ struct mips_coproc {
 #define MIPS_CP0_WATCH_LO  18
 #define MIPS_CP0_WATCH_HI  19
 #define MIPS_CP0_TLB_XCONTEXT  20
+#define MIPS_CP0_DIAG  22
 #define MIPS_CP0_ECC   26
 #define MIPS_CP0_CACHE_ERR 27
 #define MIPS_CP0_TAG_LO28
@@ -927,6 +930,8 @@ void kvm_vz_save_guesttlb(struct kvm_mips_tlb *buf, 
unsigned int index,
  unsigned int count);
 void kvm_vz_load_guesttlb(const struct kvm_mips_tlb *buf, unsigned int index,
  unsigned int count);
+void kvm_loongson_clear_guest_vtlb(void);
+void kvm_loongson_clear_guest_ftlb(void);
 #endif
 
 void kvm_mips_suspend_mm(int cpu);
diff --git a/arch/mips/include/asm/mipsregs.h b/arch/mips/include/asm/mipsregs.h
index 796fe47..ce40fbf 100644
--- a/arch/mips/include/asm/mipsregs.h
+++ b/arch/mips/include/asm/mipsregs.h
@@ -674,6 +674,9 @@
 #define MIPS_CONF5_CV  (_ULCAST_(1) << 29)
 #define MIPS_CONF5_K   (_ULCAST_(1) << 30)
 
+#define MIPS_CONF6_INTIMER (_ULCAST_(1) << 6)
+#define MIPS_CONF6_EXTIMER (_ULCAST_(1) << 7)
+#define MIPS_CONF6_SFBEN   (_ULCAST_(1) << 8)
 #define MIPS_CONF6_SYND(_ULCAST_(1) << 13)
 /* proAptiv FTLB on/off bit */
 #define MIPS_CONF6_FTLBEN  (_ULCAST_(1) << 15)
@@ -993,6 +996,8 @@
 /* Disable Branch Return Cache */
 #define R10K_DIAG_D_BRC(_ULCAST_(1) << 22)
 
+/* Flush BTB */
+#define LOONGSON_DIAG_BTB  (_ULCAST_(1) << 1)
 /* Flush ITLB */
 #define LOONGSON_DIAG_ITLB (_ULCAST_(1) << 2)
 /* Flush DTLB */
@@ -2825,7 +2830,9 @@ __BUILD_SET_C0(status)
 __BUILD_SET_C0(cause)
 __BUILD_SET_C0(config)
 __BUILD_SET_C0(config5)
+__BUILD_SET_C0(config6)
 __BUILD_SET_C0(config7)
+__BUILD_SET_C0(diag)
 __BUILD_SET_C0(intcontrol)
 __BUILD_SET_C0(intctl)
 __BUILD_SET_C0(srsmap)
diff --git a/arch/mips/kvm/tlb.c b/arch/mips/kvm/tlb.c
index 7cd9216..1efb9a0 100644
--- a/arch/mips/kvm/tlb.c
+++ b/arch/mips/kvm/tlb.c
@@ -20,6 +20,7 @@
 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -622,6 +623,44 @@ void kvm_vz_load_guesttlb(const struct kvm_mips_tlb *buf, 
unsigned int index,
 }
 EXPORT_SYMBOL_GPL(kvm_vz_load_guesttlb);
 
+void kvm_loongson_clear_guest_vtlb(void)
+{
+   int idx = read_gc0_index();
+
+   /* Set root GuestID for root probe and write of guest TLB entry */
+   set_root_gid_to_guest_gid();
+
+   write_gc0_index(0);
+   guest_tlbinvf();
+   write_gc0_index(idx);
+
+   clear_root_gid();
+   set_c0_diag(LOONGSON_DIAG_ITLB | LOONGSON_DIAG_DTLB);
+}
+EXPORT_SYMBOL_GPL(kvm_loongson_clear_guest_vtlb);
+
+void kvm_loongson_clear_guest_ftlb(void)
+{
+   int i;
+   int idx = read_gc0_index();
+
+   /* Set root GuestID for root probe and write of guest TLB entry */
+   set_root_gid_to_guest_gid();
+
+   for (i = current_cpu_data.tlbsizevtlb;
+i < (current_cpu_data.tlbsizevtlb +
+current_cpu_data.tlbsizeftlbsets);
+i++) {
+   write_gc0_index(i);
+   guest_tlbinvf();
+   }
+   write_gc0_index(idx);
+
+   clear_root_gid();
+   set_c0_diag(LOONGSON_DIAG_ITLB | LOONGSON_DIAG_DTLB);
+}
+EXPORT_SYMBOL_GPL(kvm_loongson_clear_guest_ftlb);
+
 #endif
 
 /**
diff --git a/arch/mips/kvm/vz.c b/arch/mips/kvm/vz.c
index 0772565..2ea1f13 100644
--- a/arch/mips/kvm/vz.c
+++ b/arch/mips/kvm/vz.c
@@ -127,6 +127,11 @@ static inline unsigned int 
kvm_vz_config5_guest_wrmask(struct kvm_vcpu *vcpu)
return mask;
 }
 
+static inline unsigned int kvm_vz_config6_guest_wr

[PATCH 14/15] KVM: MIPS: Add more MMIO load/store instructions emulation

[Huacai Chen]

This patch add more MMIO load/store instructions emulation, which can
be observed in QXL and some other device drivers:

1, LWL, LWR, LDW, LDR, SWL, SWR, SDL and SDR for all MIPS;
2, GSLBX, GSLHX, GSLWX, GSLDX, GSSBX, GSSHX, GSSWX and GSSDX for
   Loongson-3.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/kvm/emulate.c | 440 ++--
 1 file changed, 430 insertions(+), 10 deletions(-)

diff --git a/arch/mips/kvm/emulate.c b/arch/mips/kvm/emulate.c
index aa2db51..572e67d 100644
--- a/arch/mips/kvm/emulate.c
+++ b/arch/mips/kvm/emulate.c
@@ -1604,6 +1604,7 @@ enum emulation_result kvm_mips_emulate_store(union 
mips_instruction inst,
enum emulation_result er;
u32 rt;
void *data = run->mmio.data;
+   unsigned int imme;
unsigned long curr_pc;
 
/*
@@ -1661,6 +1662,191 @@ enum emulation_result kvm_mips_emulate_store(union 
mips_instruction inst,
  vcpu->arch.gprs[rt], *(u8 *)data);
break;
 
+   case swl_op:
+   run->mmio.phys_addr = kvm_mips_callbacks->gva_to_gpa(
+   vcpu->arch.host_cp0_badvaddr) & 
(~0x3);
+   run->mmio.len = 4;
+   imme = vcpu->arch.host_cp0_badvaddr & 0x3;
+   switch (imme) {
+   case 0:
+   *(u32 *)data = ((*(u32*)data) & 0xff00) | 
(vcpu->arch.gprs[rt] >> 24);
+   break;
+   case 1:
+   *(u32 *)data = ((*(u32*)data) & 0x) | 
(vcpu->arch.gprs[rt] >> 16);
+   break;
+   case 2:
+   *(u32 *)data = ((*(u32*)data) & 0xff00) | 
(vcpu->arch.gprs[rt] >> 8);
+   break;
+   case 3:
+   *(u32 *)data = vcpu->arch.gprs[rt];
+   break;
+   default:
+   break;
+   }
+
+   kvm_debug("[%#lx] OP_SWL: eaddr: %#lx, gpr: %#lx, data: %#x\n",
+ vcpu->arch.pc, vcpu->arch.host_cp0_badvaddr,
+ vcpu->arch.gprs[rt], *(u32 *)data);
+   break;
+
+   case swr_op:
+   run->mmio.phys_addr = kvm_mips_callbacks->gva_to_gpa(
+   vcpu->arch.host_cp0_badvaddr) & 
(~0x3);
+   run->mmio.len = 4;
+   imme = vcpu->arch.host_cp0_badvaddr & 0x3;
+   switch (imme) {
+   case 0:
+   *(u32 *)data = vcpu->arch.gprs[rt];
+   break;
+   case 1:
+   *(u32 *)data = ((*(u32*)data) & 0xff) | 
(vcpu->arch.gprs[rt] << 8);
+   break;
+   case 2:
+   *(u32 *)data = ((*(u32*)data) & 0x) | 
(vcpu->arch.gprs[rt] << 16);
+   break;
+   case 3:
+   *(u32 *)data = ((*(u32*)data) & 0xff) | 
(vcpu->arch.gprs[rt] << 24);
+   break;
+   default:
+   break;
+   }
+
+   kvm_debug("[%#lx] OP_SWR: eaddr: %#lx, gpr: %#lx, data: %#x\n",
+ vcpu->arch.pc, vcpu->arch.host_cp0_badvaddr,
+ vcpu->arch.gprs[rt], *(u32 *)data);
+   break;
+
+   case sdl_op:
+   run->mmio.phys_addr = kvm_mips_callbacks->gva_to_gpa(
+   vcpu->arch.host_cp0_badvaddr) & 
(~0x7);
+
+   run->mmio.len = 8;
+   imme = vcpu->arch.host_cp0_badvaddr & 0x7;
+   switch (imme) {
+   case 0:
+   *(u64 *)data = ((*(u64*)data) & 0xff00) | 
((vcpu->arch.gprs[rt] >> 56) & 0xff);
+   break;
+   case 1:
+   *(u64 *)data = ((*(u64*)data) & 0x) | 
((vcpu->arch.gprs[rt] >> 48) & 0x);
+   break;
+   case 2:
+   *(u64 *)data = ((*(u64*)data) & 0xff00) | 
((vcpu->arch.gprs[rt] >> 40) & 0xff);
+   break;
+   case 3:
+   *(u64 *)data = ((*(u64*)data) & 0x) | 
((vcpu->arch.gprs[rt] >> 32) & 0x);
+   break;
+   case 4:
+   *(u64 *)data = ((*(u64*)data) & 0xff00) | 
((vcpu->arch.gprs[rt] >> 24) & 0xff);
+   break;
+   case 5:
+   *(u64 *)data = ((*(u64*)data) & 0x) | 
((vcpu->arch.gprs[rt] >> 16) & 0x);
+   break;
+   case 6:
+   *(u64 *)data = ((*(u64*)data) & 0xff00) | 
((vcpu->arch.gprs[rt] >> 8) & 0xff);
+   break;
+  

[PATCH 15/15] KVM: MIPS: Enable KVM support for Loongson-3

[Huacai Chen]

This patch enable KVM support for Loongson-3 by selecting HAVE_KVM, but
only enable KVM/VZ on Loongson-3A R4+ (because VZ of early processors
are incomplete). Besides, Loongson-3 support SMP guests, so we clear the
linked load bit of LLAddr in kvm_vz_vcpu_load() if the guest has more
than one VCPUs.

Signed-off-by: Huacai Chen 
Co-developed-by: Jiaxun Yang 
---
 arch/mips/Kconfig| 1 +
 arch/mips/kernel/cpu-probe.c | 1 +
 arch/mips/kvm/vz.c   | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index a1f973c..e9a1389 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -1465,6 +1465,7 @@ config CPU_LOONGSON64
select MIPS_L1_CACHE_SHIFT_6
select GPIOLIB
select SWIOTLB
+   select HAVE_KVM
help
The Loongson GSx64(GS264/GS464/GS464E/GS464V) series of 
processor
cores implements the MIPS64R2 instruction set with many 
extensions,
diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c
index 5bf0821..c46724e 100644
--- a/arch/mips/kernel/cpu-probe.c
+++ b/arch/mips/kernel/cpu-probe.c
@@ -1958,6 +1958,7 @@ static inline void cpu_probe_loongson(struct cpuinfo_mips 
*c, unsigned int cpu)
c->writecombine = _CACHE_UNCACHED_ACCELERATED;
c->ases |= (MIPS_ASE_LOONGSON_MMI | MIPS_ASE_LOONGSON_CAM |
MIPS_ASE_LOONGSON_EXT | MIPS_ASE_LOONGSON_EXT2);
+   c->ases &= ~MIPS_ASE_VZ; /* VZ of Loongson-3A2000/3000 is 
incomplete */
break;
case PRID_IMP_LOONGSON_64G:
c->cputype = CPU_LOONGSON64;
diff --git a/arch/mips/kvm/vz.c b/arch/mips/kvm/vz.c
index 2ea1f13..cddd5b0 100644
--- a/arch/mips/kvm/vz.c
+++ b/arch/mips/kvm/vz.c
@@ -2666,7 +2666,7 @@ static int kvm_vz_vcpu_load(struct kvm_vcpu *vcpu, int 
cpu)
 * prevents a SC on the next VCPU from succeeding by matching a LL on
 * the previous VCPU.
 */
-   if (cpu_guest_has_rw_llb)
+   if (vcpu->kvm->created_vcpus > 1)
write_gc0_lladdr(0);
 
return 0;
-- 
2.7.0

Re: [PATCH 0/15] KVM: MIPS: Add Loongson-3 support (Host Side)

[Jiaxun Yang]

On Mon, 13 Apr 2020 15:30:09 +0800
Huacai Chen  wrote:

> We are preparing to add KVM support for Loongson-3. VZ extension is
> fully supported in Loongson-3A R4+, and we will not care about old
> CPUs (at least now). We already have a full functional Linux kernel
> (based on Linux-5.4.x LTS) and QEMU (based on 5.0.0-rc2) and their git
> repositories are here:
> 
> QEMU: https://github.com/chenhuacai/qemu
> Kernel: https://github.com/chenhuacai/linux
> 
> Of course these two repositories need to be rework and not suitable
> for upstream (especially the commits need to be splitted). We show
> them here is just to tell others what we have done, and how
> KVM/Loongson will look like.
> 
> Our plan is make the KVM host side be upstream first, and after that,
> we will make the KVM guest side and QEMU emulator be upstream.

+ Aleksandar as QEMU/MIPS mainatiner

I was involved in KVM/Loongson development a bit and also intend to
help with mainline these works.

After dealing with basic LS7A PCH kernel support, I'm going to
cooperate with Huacai and anyone who interested in to deal with
following stuff:

- Basic QEMU/TCG support for Loongson64 instructions.
Well, it seems unrelated with KVM, but that would make
development easier with cross ISA emulation. I'm not going to
implement all the features like Loongson's page table fast walk
extension and binary translation extension but I'll ensure any
binary compiled with march=loongson3a can run flawlessly on
TCG.

- Design of Loongson-VIRT QEMU machine
It is nearly impossible to bring a real Loongson system into
QEMU. Both RS780E and LS7A PCH have tons of unreasonable design
that would make the emulation extremely complex, Loongson
company's KVM implementation[1] has already proofed that,
thay're now in the hell. So we all agreed that we should build
a machine from draft. I think we should reuse existing infra as
far as possible to reduce our work load. I'm planing to use
pci-host-cam-generic together with VIRTIO PCI devices and a
a strip down version of loongson,liointc-1.0a to build a pure
PCI based system. But if any one have better idea please just
tell us, I'm still considering how to implement SMP-IPI and ACPI
stuff.

- BIOS in VM
This has a lower priority. But BIOS is required to make a
emulated machine looks like a real machine. Loongson have their
open-sourced PMON and close-sourced UEFI(Based on tianocore).
I'd really with Loongson or Lemote will open-source their UEFI
but PMON is also a option.

Any kind of feedback is appreciated.

Thanks.

Wish you good health :-)


[1]: http://cgit.loongnix.org/cgit/linux-3.10/ &
http://cgit.loongnix.org/cgit/qemu-2.7.0/

Btw: I think Cc qemu-devel for the whole series is a little bit
disturb, probably we should only Cc qemu-devel for the cover letter.

> 
> Mike Rapoport(1):
>  mips: define pud_index() regardless of page table folding
> 
> Xing Li(2):
>  KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
>  KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
> 
> Huacai Chen(12):
>  KVM: MIPS: Increase KVM_MAX_VCPUS and KVM_USER_MEM_SLOTS to 16
>  KVM: MIPS: Add EVENTFD support which is needed by VHOST
>  KVM: MIPS: Use lddir/ldpte instructions to lookup gpa_mm.pgd
>  KVM: MIPS: Introduce and use cpu_guest_has_ldpte
>  KVM: MIPS: Use root tlb to control guest's CCA for Loongson-3
>  KVM: MIPS: Let indexed cacheops cause guest exit on Loongson-3
>  KVM: MIPS: Add more types of virtual interrupts
>  KVM: MIPS: Add Loongson-3 Virtual IPI interrupt support
>  KVM: MIPS: Add CPUCFG emulation for Loongson-3
>  KVM: MIPS: Add CONFIG6 and DIAG registers emulation
>  KVM: MIPS: Add more MMIO load/store instructions emulation
>  KVM: MIPS: Enable KVM support for Loongson-3
> 
> Signed-off-by: Huacai Chen 
> ---
>  arch/mips/Kconfig|   1 +
>  arch/mips/include/asm/cpu-features.h |   3 +
>  arch/mips/include/asm/kvm_host.h |  50 +++-
>  arch/mips/include/asm/mipsregs.h |   7 +
>  arch/mips/include/asm/pgtable-64.h   |   4 +-
>  arch/mips/include/uapi/asm/inst.h|  11 +
>  arch/mips/kernel/cpu-probe.c |   2 +
>  arch/mips/kvm/Kconfig|   1 +
>  arch/mips/kvm/Makefile   |   5 +-
>  arch/mips/kvm/emulate.c  | 461
> ++- arch/mips/kvm/entry.c
>|  19 +- arch/mips/kvm/interrupt.c|  93 +--
>  arch/mips/kvm/interrupt.h|  14 +-
>  arch/mips/kvm/loongson_ipi.c | 215 
>  arch/mips/kvm/mips.c |  49 +++-
>  arch/mips/kvm/tlb.c  |  39 +++
>  arch/mips/kvm/trap_emul.c|   3 +
>  arch/mips/kvm/vz.c   | 204 +++-
>  18 files changed, 1013 insertions(+), 168 deletions(-)
>  create mode 100644 arch/mips/kvm/loong

[PATCH] hw/rdma: Destroy list mutex when list is destroyed

[Yuval Shaia]

List mutex should be destroyed when gs list gets destroyed.

Reported-by: Peter Maydell 
Signed-off-by: Yuval Shaia 
---
 hw/rdma/rdma_utils.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/rdma/rdma_utils.c b/hw/rdma/rdma_utils.c
index 73f279104c..698ed4716c 100644
--- a/hw/rdma/rdma_utils.c
+++ b/hw/rdma/rdma_utils.c
@@ -100,6 +100,7 @@ void rdma_protected_gslist_destroy(RdmaProtectedGSList 
*list)
 {
 if (list->list) {
 g_slist_free(list->list);
+qemu_mutex_destroy(&list->lock);
 list->list = NULL;
 }
 }
-- 
2.20.1

Re: [PATCH 0/15] KVM: MIPS: Add Loongson-3 support (Host Side)

[Huacai Chen]

Hi, Jiaxun,

On Mon, Apr 13, 2020 at 4:19 PM Jiaxun Yang  wrote:
>
> On Mon, 13 Apr 2020 15:30:09 +0800
> Huacai Chen  wrote:
>
> > We are preparing to add KVM support for Loongson-3. VZ extension is
> > fully supported in Loongson-3A R4+, and we will not care about old
> > CPUs (at least now). We already have a full functional Linux kernel
> > (based on Linux-5.4.x LTS) and QEMU (based on 5.0.0-rc2) and their git
> > repositories are here:
> >
> > QEMU: https://github.com/chenhuacai/qemu
> > Kernel: https://github.com/chenhuacai/linux
> >
> > Of course these two repositories need to be rework and not suitable
> > for upstream (especially the commits need to be splitted). We show
> > them here is just to tell others what we have done, and how
> > KVM/Loongson will look like.
> >
> > Our plan is make the KVM host side be upstream first, and after that,
> > we will make the KVM guest side and QEMU emulator be upstream.
>
> + Aleksandar as QEMU/MIPS mainatiner
>
> I was involved in KVM/Loongson development a bit and also intend to
> help with mainline these works.
>
> After dealing with basic LS7A PCH kernel support, I'm going to
> cooperate with Huacai and anyone who interested in to deal with
> following stuff:
>
> - Basic QEMU/TCG support for Loongson64 instructions.
> Well, it seems unrelated with KVM, but that would make
> development easier with cross ISA emulation. I'm not going to
> implement all the features like Loongson's page table fast walk
> extension and binary translation extension but I'll ensure any
> binary compiled with march=loongson3a can run flawlessly on
> TCG.
>
> - Design of Loongson-VIRT QEMU machine
> It is nearly impossible to bring a real Loongson system into
> QEMU. Both RS780E and LS7A PCH have tons of unreasonable design
> that would make the emulation extremely complex, Loongson
> company's KVM implementation[1] has already proofed that,
> thay're now in the hell. So we all agreed that we should build
> a machine from draft. I think we should reuse existing infra as
> far as possible to reduce our work load. I'm planing to use
> pci-host-cam-generic together with VIRTIO PCI devices and a
> a strip down version of loongson,liointc-1.0a to build a pure
> PCI based system. But if any one have better idea please just
> tell us, I'm still considering how to implement SMP-IPI and ACPI
> stuff.
>
> - BIOS in VM
> This has a lower priority. But BIOS is required to make a
> emulated machine looks like a real machine. Loongson have their
> open-sourced PMON and close-sourced UEFI(Based on tianocore).
> I'd really with Loongson or Lemote will open-source their UEFI
> but PMON is also a option.
There will be an open source BIOS, we have completed 98%.

>
> Any kind of feedback is appreciated.
>
> Thanks.
>
> Wish you good health :-)
>
>
> [1]: http://cgit.loongnix.org/cgit/linux-3.10/ &
> http://cgit.loongnix.org/cgit/qemu-2.7.0/
>
> Btw: I think Cc qemu-devel for the whole series is a little bit
> disturb, probably we should only Cc qemu-devel for the cover letter.
Sorrry, its my mistake.

>
> >
> > Mike Rapoport(1):
> >  mips: define pud_index() regardless of page table folding
> >
> > Xing Li(2):
> >  KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
> >  KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
> >
> > Huacai Chen(12):
> >  KVM: MIPS: Increase KVM_MAX_VCPUS and KVM_USER_MEM_SLOTS to 16
> >  KVM: MIPS: Add EVENTFD support which is needed by VHOST
> >  KVM: MIPS: Use lddir/ldpte instructions to lookup gpa_mm.pgd
> >  KVM: MIPS: Introduce and use cpu_guest_has_ldpte
> >  KVM: MIPS: Use root tlb to control guest's CCA for Loongson-3
> >  KVM: MIPS: Let indexed cacheops cause guest exit on Loongson-3
> >  KVM: MIPS: Add more types of virtual interrupts
> >  KVM: MIPS: Add Loongson-3 Virtual IPI interrupt support
> >  KVM: MIPS: Add CPUCFG emulation for Loongson-3
> >  KVM: MIPS: Add CONFIG6 and DIAG registers emulation
> >  KVM: MIPS: Add more MMIO load/store instructions emulation
> >  KVM: MIPS: Enable KVM support for Loongson-3
> >
> > Signed-off-by: Huacai Chen 
> > ---
> >  arch/mips/Kconfig|   1 +
> >  arch/mips/include/asm/cpu-features.h |   3 +
> >  arch/mips/include/asm/kvm_host.h |  50 +++-
> >  arch/mips/include/asm/mipsregs.h |   7 +
> >  arch/mips/include/asm/pgtable-64.h   |   4 +-
> >  arch/mips/include/uapi/asm/inst.h|  11 +
> >  arch/mips/kernel/cpu-probe.c |   2 +
> >  arch/mips/kvm/Kconfig|   1 +
> >  arch/mips/kvm/Makefile   |   5 +-
> >  arch/mips/kvm/emulate.c  | 461
> > ++- arch/mips/kvm/entry.c
> >|  19 +- arch/mips/kvm/interrupt.c|  93 +--
> >  arch/mips/kvm/interrupt.h|  14 +-
> >  arch/mips/kvm/loongson_

Re: [PATCH] lockable: Replace locks with lock guard macros

[Yuval Shaia]

For the hw/rdma stuff:

Reviewed-by: Yuval Shaia 
Tested-by: Yuval Shaia 

Thanks,
Yuval

On Wed, 1 Apr 2020 at 19:20, Simran Singhal 
wrote:

> Replace manual lock()/unlock() calls with lock guard macros
> (QEMU_LOCK_GUARD/WITH_QEMU_LOCK_GUARD).
>
> Signed-off-by: Simran Singhal 
> ---
>  hw/hyperv/hyperv.c | 15 ++---
>  hw/rdma/rdma_backend.c | 50 +-
>  hw/rdma/rdma_rm.c  |  3 +--
>  hw/rdma/rdma_utils.c   | 15 +
>  4 files changed, 39 insertions(+), 44 deletions(-)
>
> diff --git a/hw/hyperv/hyperv.c b/hw/hyperv/hyperv.c
> index 8ca3706f5b..4ddafe1de1 100644
> --- a/hw/hyperv/hyperv.c
> +++ b/hw/hyperv/hyperv.c
> @@ -15,6 +15,7 @@
>  #include "sysemu/kvm.h"
>  #include "qemu/bitops.h"
>  #include "qemu/error-report.h"
> +#include "qemu/lockable.h"
>  #include "qemu/queue.h"
>  #include "qemu/rcu.h"
>  #include "qemu/rcu_queue.h"
> @@ -491,7 +492,7 @@ int hyperv_set_msg_handler(uint32_t conn_id,
> HvMsgHandler handler, void *data)
>  int ret;
>  MsgHandler *mh;
>
> -qemu_mutex_lock(&handlers_mutex);
> +QEMU_LOCK_GUARD(&handlers_mutex);
>  QLIST_FOREACH(mh, &msg_handlers, link) {
>  if (mh->conn_id == conn_id) {
>  if (handler) {
> @@ -501,7 +502,7 @@ int hyperv_set_msg_handler(uint32_t conn_id,
> HvMsgHandler handler, void *data)
>  g_free_rcu(mh, rcu);
>  ret = 0;
>  }
> -goto unlock;
> +return ret;
>  }
>  }
>
> @@ -515,8 +516,7 @@ int hyperv_set_msg_handler(uint32_t conn_id,
> HvMsgHandler handler, void *data)
>  } else {
>  ret = -ENOENT;
>  }
> -unlock:
> -qemu_mutex_unlock(&handlers_mutex);
> +
>  return ret;
>  }
>
> @@ -565,7 +565,7 @@ static int set_event_flag_handler(uint32_t conn_id,
> EventNotifier *notifier)
>  int ret;
>  EventFlagHandler *handler;
>
> -qemu_mutex_lock(&handlers_mutex);
> +QEMU_LOCK_GUARD(&handlers_mutex);
>  QLIST_FOREACH(handler, &event_flag_handlers, link) {
>  if (handler->conn_id == conn_id) {
>  if (notifier) {
> @@ -575,7 +575,7 @@ static int set_event_flag_handler(uint32_t conn_id,
> EventNotifier *notifier)
>  g_free_rcu(handler, rcu);
>  ret = 0;
>  }
> -goto unlock;
> +return ret;
>  }
>  }
>
> @@ -588,8 +588,7 @@ static int set_event_flag_handler(uint32_t conn_id,
> EventNotifier *notifier)
>  } else {
>  ret = -ENOENT;
>  }
> -unlock:
> -qemu_mutex_unlock(&handlers_mutex);
> +
>  return ret;
>  }
>
> diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
> index 3dd39fe1a7..db7e5c8be5 100644
> --- a/hw/rdma/rdma_backend.c
> +++ b/hw/rdma/rdma_backend.c
> @@ -95,36 +95,36 @@ static int rdma_poll_cq(RdmaDeviceResources
> *rdma_dev_res, struct ibv_cq *ibcq)
>  struct ibv_wc wc[2];
>  RdmaProtectedGSList *cqe_ctx_list;
>
> -qemu_mutex_lock(&rdma_dev_res->lock);
> -do {
> -ne = ibv_poll_cq(ibcq, ARRAY_SIZE(wc), wc);
> +WITH_QEMU_LOCK_GUARD(&rdma_dev_res->lock) {
> +do {
> +ne = ibv_poll_cq(ibcq, ARRAY_SIZE(wc), wc);
>
> -trace_rdma_poll_cq(ne, ibcq);
> +trace_rdma_poll_cq(ne, ibcq);
>
> -for (i = 0; i < ne; i++) {
> -bctx = rdma_rm_get_cqe_ctx(rdma_dev_res, wc[i].wr_id);
> -if (unlikely(!bctx)) {
> -rdma_error_report("No matching ctx for req %"PRId64,
> -  wc[i].wr_id);
> -continue;
> -}
> +for (i = 0; i < ne; i++) {
> +bctx = rdma_rm_get_cqe_ctx(rdma_dev_res, wc[i].wr_id);
> +if (unlikely(!bctx)) {
> +rdma_error_report("No matching ctx for req %"PRId64,
> +  wc[i].wr_id);
> +continue;
> +}
>
> -comp_handler(bctx->up_ctx, &wc[i]);
> +comp_handler(bctx->up_ctx, &wc[i]);
>
> -if (bctx->backend_qp) {
> -cqe_ctx_list = &bctx->backend_qp->cqe_ctx_list;
> -} else {
> -cqe_ctx_list = &bctx->backend_srq->cqe_ctx_list;
> -}
> +if (bctx->backend_qp) {
> +cqe_ctx_list = &bctx->backend_qp->cqe_ctx_list;
> +} else {
> +cqe_ctx_list = &bctx->backend_srq->cqe_ctx_list;
> +}
>
> -rdma_protected_gslist_remove_int32(cqe_ctx_list, wc[i].wr_id);
> -rdma_rm_dealloc_cqe_ctx(rdma_dev_res, wc[i].wr_id);
> -g_free(bctx);
> -}
> -total_ne += ne;
> -} while (ne > 0);
> -atomic_sub(&rdma_dev_res->stats.missing_cqe, total_ne);
> -qemu_mutex_unlock(&rdma_dev_res->lock);
> +rdma_protected_gslist_remove_int32(cqe_ctx_list,
> wc[i].wr_id);
> +rdma_rm_dealloc_cqe_

[PATCH 0/3] Some trivial fixes

[Keqian Zhu]

Hi all,

This patch-set contains trivial bugfix and typo fix.

Thanks,
Keqian

Keqian Zhu (3):
  bugfix: Use gicr_typer in arm_gicv3_icc_reset
  intc/gicv3_kvm: use kvm_gicc_access to get ICC_CTLR_EL1
  Typo: Correct the name of CPU hotplug memory region

 hw/acpi/cpu.c   | 2 +-
 hw/intc/arm_gicv3_kvm.c | 7 ++-
 2 files changed, 3 insertions(+), 6 deletions(-)

-- 
2.19.1

[PATCH 3/3] Typo: Correct the name of CPU hotplug memory region

[Keqian Zhu]

Replace "acpi-mem-hotplug" with "acpi-cpu-hotplug"

Signed-off-by: Keqian Zhu 
---
 hw/acpi/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/acpi/cpu.c b/hw/acpi/cpu.c
index e2c957ce00..3d6a500fb7 100644
--- a/hw/acpi/cpu.c
+++ b/hw/acpi/cpu.c
@@ -222,7 +222,7 @@ void cpu_hotplug_hw_init(MemoryRegion *as, Object *owner,
 state->devs[i].arch_id = id_list->cpus[i].arch_id;
 }
 memory_region_init_io(&state->ctrl_reg, owner, &cpu_hotplug_ops, state,
-  "acpi-mem-hotplug", ACPI_CPU_HOTPLUG_REG_LEN);
+  "acpi-cpu-hotplug", ACPI_CPU_HOTPLUG_REG_LEN);
 memory_region_add_subregion(as, base_addr, &state->ctrl_reg);
 }
 
-- 
2.19.1

[PATCH 2/3] intc/gicv3_kvm: use kvm_gicc_access to get ICC_CTLR_EL1

[Keqian Zhu]

Replace kvm_device_access with kvm_gicc_access to simplify
code.

Signed-off-by: Keqian Zhu 
---
 hw/intc/arm_gicv3_kvm.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
index ca43bf87ca..85f6420498 100644
--- a/hw/intc/arm_gicv3_kvm.c
+++ b/hw/intc/arm_gicv3_kvm.c
@@ -678,9 +678,8 @@ static void arm_gicv3_icc_reset(CPUARMState *env, const 
ARMCPRegInfo *ri)
 }
 
 /* Initialize to actual HW supported configuration */
-kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CPU_SYSREGS,
-  KVM_VGIC_ATTR(ICC_CTLR_EL1, c->gicr_typer),
-  &c->icc_ctlr_el1[GICV3_NS], false, &error_abort);
+kvm_gicc_access(s, ICC_CTLR_EL1, c->cpu->cpu_index,
+&c->icc_ctlr_el1[GICV3_NS], false);
 
 c->icc_ctlr_el1[GICV3_S] = c->icc_ctlr_el1[GICV3_NS];
 }
-- 
2.19.1

[PATCH 1/3] bugfix: Use gicr_typer in arm_gicv3_icc_reset

[Keqian Zhu]

The KVM_VGIC_ATTR macro expect the second parameter as gicr_typer,
of which high 32bit is constructed by mp_affinity. For most case,
the high 32bit of mp_affinity is zero, so it will always access the
ICC_CTLR_EL1 of CPU0.

Signed-off-by: Keqian Zhu 
---
 hw/intc/arm_gicv3_kvm.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
index 49304ca589..ca43bf87ca 100644
--- a/hw/intc/arm_gicv3_kvm.c
+++ b/hw/intc/arm_gicv3_kvm.c
@@ -658,13 +658,11 @@ static void kvm_arm_gicv3_get(GICv3State *s)
 
 static void arm_gicv3_icc_reset(CPUARMState *env, const ARMCPRegInfo *ri)
 {
-ARMCPU *cpu;
 GICv3State *s;
 GICv3CPUState *c;
 
 c = (GICv3CPUState *)env->gicv3state;
 s = c->gic;
-cpu = ARM_CPU(c->cpu);
 
 c->icc_pmr_el1 = 0;
 c->icc_bpr[GICV3_G0] = GIC_MIN_BPR;
@@ -681,7 +679,7 @@ static void arm_gicv3_icc_reset(CPUARMState *env, const 
ARMCPRegInfo *ri)
 
 /* Initialize to actual HW supported configuration */
 kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CPU_SYSREGS,
-  KVM_VGIC_ATTR(ICC_CTLR_EL1, cpu->mp_affinity),
+  KVM_VGIC_ATTR(ICC_CTLR_EL1, c->gicr_typer),
   &c->icc_ctlr_el1[GICV3_NS], false, &error_abort);
 
 c->icc_ctlr_el1[GICV3_S] = c->icc_ctlr_el1[GICV3_NS];
-- 
2.19.1

Re: [PATCH v2] lockable: Replace locks with lock guard macros

[Yuval Shaia]

On Thu, 2 Apr 2020 at 09:50, Simran Singhal 
wrote:

> Replace manual lock()/unlock() calls with lock guard macros
> (QEMU_LOCK_GUARD/WITH_QEMU_LOCK_GUARD).
>
> Signed-off-by: Simran Singhal 
> ---
> Changes in v2:
> -Drop changes in file hw/rdma/rdma_utils.c
>

So i guess we are expected to see this back soon, right?

Ignore my r-b and t-b for v1, i did not encounter the build errors, this
one is okay too.

For the hw/rdma stuff:

Reviewed-by: Yuval Shaia 
Tested-by: Yuval Shaia 

Thanks,
Yuval


>
>  hw/hyperv/hyperv.c | 15 ++---
>  hw/rdma/rdma_backend.c | 50 +-
>  hw/rdma/rdma_rm.c  |  3 +--
>  3 files changed, 33 insertions(+), 35 deletions(-)
>
> diff --git a/hw/hyperv/hyperv.c b/hw/hyperv/hyperv.c
> index 8ca3706f5b..4ddafe1de1 100644
> --- a/hw/hyperv/hyperv.c
> +++ b/hw/hyperv/hyperv.c
> @@ -15,6 +15,7 @@
>  #include "sysemu/kvm.h"
>  #include "qemu/bitops.h"
>  #include "qemu/error-report.h"
> +#include "qemu/lockable.h"
>  #include "qemu/queue.h"
>  #include "qemu/rcu.h"
>  #include "qemu/rcu_queue.h"
> @@ -491,7 +492,7 @@ int hyperv_set_msg_handler(uint32_t conn_id,
> HvMsgHandler handler, void *data)
>  int ret;
>  MsgHandler *mh;
>
> -qemu_mutex_lock(&handlers_mutex);
> +QEMU_LOCK_GUARD(&handlers_mutex);
>  QLIST_FOREACH(mh, &msg_handlers, link) {
>  if (mh->conn_id == conn_id) {
>  if (handler) {
> @@ -501,7 +502,7 @@ int hyperv_set_msg_handler(uint32_t conn_id,
> HvMsgHandler handler, void *data)
>  g_free_rcu(mh, rcu);
>  ret = 0;
>  }
> -goto unlock;
> +return ret;
>  }
>  }
>
> @@ -515,8 +516,7 @@ int hyperv_set_msg_handler(uint32_t conn_id,
> HvMsgHandler handler, void *data)
>  } else {
>  ret = -ENOENT;
>  }
> -unlock:
> -qemu_mutex_unlock(&handlers_mutex);
> +
>  return ret;
>  }
>
> @@ -565,7 +565,7 @@ static int set_event_flag_handler(uint32_t conn_id,
> EventNotifier *notifier)
>  int ret;
>  EventFlagHandler *handler;
>
> -qemu_mutex_lock(&handlers_mutex);
> +QEMU_LOCK_GUARD(&handlers_mutex);
>  QLIST_FOREACH(handler, &event_flag_handlers, link) {
>  if (handler->conn_id == conn_id) {
>  if (notifier) {
> @@ -575,7 +575,7 @@ static int set_event_flag_handler(uint32_t conn_id,
> EventNotifier *notifier)
>  g_free_rcu(handler, rcu);
>  ret = 0;
>  }
> -goto unlock;
> +return ret;
>  }
>  }
>
> @@ -588,8 +588,7 @@ static int set_event_flag_handler(uint32_t conn_id,
> EventNotifier *notifier)
>  } else {
>  ret = -ENOENT;
>  }
> -unlock:
> -qemu_mutex_unlock(&handlers_mutex);
> +
>  return ret;
>  }
>
> diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
> index 3dd39fe1a7..db7e5c8be5 100644
> --- a/hw/rdma/rdma_backend.c
> +++ b/hw/rdma/rdma_backend.c
> @@ -95,36 +95,36 @@ static int rdma_poll_cq(RdmaDeviceResources
> *rdma_dev_res, struct ibv_cq *ibcq)
>  struct ibv_wc wc[2];
>  RdmaProtectedGSList *cqe_ctx_list;
>
> -qemu_mutex_lock(&rdma_dev_res->lock);
> -do {
> -ne = ibv_poll_cq(ibcq, ARRAY_SIZE(wc), wc);
> +WITH_QEMU_LOCK_GUARD(&rdma_dev_res->lock) {
> +do {
> +ne = ibv_poll_cq(ibcq, ARRAY_SIZE(wc), wc);
>
> -trace_rdma_poll_cq(ne, ibcq);
> +trace_rdma_poll_cq(ne, ibcq);
>
> -for (i = 0; i < ne; i++) {
> -bctx = rdma_rm_get_cqe_ctx(rdma_dev_res, wc[i].wr_id);
> -if (unlikely(!bctx)) {
> -rdma_error_report("No matching ctx for req %"PRId64,
> -  wc[i].wr_id);
> -continue;
> -}
> +for (i = 0; i < ne; i++) {
> +bctx = rdma_rm_get_cqe_ctx(rdma_dev_res, wc[i].wr_id);
> +if (unlikely(!bctx)) {
> +rdma_error_report("No matching ctx for req %"PRId64,
> +  wc[i].wr_id);
> +continue;
> +}
>
> -comp_handler(bctx->up_ctx, &wc[i]);
> +comp_handler(bctx->up_ctx, &wc[i]);
>
> -if (bctx->backend_qp) {
> -cqe_ctx_list = &bctx->backend_qp->cqe_ctx_list;
> -} else {
> -cqe_ctx_list = &bctx->backend_srq->cqe_ctx_list;
> -}
> +if (bctx->backend_qp) {
> +cqe_ctx_list = &bctx->backend_qp->cqe_ctx_list;
> +} else {
> +cqe_ctx_list = &bctx->backend_srq->cqe_ctx_list;
> +}
>
> -rdma_protected_gslist_remove_int32(cqe_ctx_list, wc[i].wr_id);
> -rdma_rm_dealloc_cqe_ctx(rdma_dev_res, wc[i].wr_id);
> -g_free(bctx);
> -}
> -total_ne += ne;
> -} while (ne > 0);
> -atomic_sub(&rdma_dev_res->stats.missing_cqe, t

Re: [PATCH 0/7] hw/sparc/leon3: Few fixes and disable HelenOS test

[KONRAD Frederic]

Le 4/11/20 à 7:30 PM, Philippe Mathieu-Daudé a écrit :

On 3/31/20 12:50 PM, Philippe Mathieu-Daudé wrote:

Philippe Mathieu-Daudé (7):
   hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to AHB PnP
 registers
   hw/misc/grlib_ahb_apb_pnp: Fix AHB PnP 8-bit accesses


Ping ^^^ for 5.0?


Hi Philippe,

You already have my rb tag for those one, and IMHO they should be good candidate
for 5.0 (if it's not too late).

Cheers,
Fred




   hw/misc/grlib_ahb_apb_pnp: Add trace events on read accesses
   hw/timer/grlib_gptimer: Display frequency in decimal
   target/sparc/int32_helper: Remove DEBUG_PCALL definition
   target/sparc/int32_helper: Extract and use excp_name_str()

  hw/misc/grlib_ahb_apb_pnp.c | 24 ++--
  target/sparc/int32_helper.c | 23 ---
  hw/misc/trace-events|  4 
  hw/timer/trace-events   |  2 +-
  tests/acceptance/machine_sparc_leon3.py |  4 
  5 files changed, 43 insertions(+), 14 deletions(-)

[PATCH v3] migration/throttle: Add cpu-throttle-tailslow migration parameter

[Keqian Zhu]

At the tail stage of throttling, the Guest is very sensitive to
CPU percentage while the @cpu-throttle-increment is excessive
usually at tail stage.

If this parameter is true, we will compute the ideal CPU percentage
used by the Guest, which may exactly make the dirty rate match the
dirty rate threshold. Then we will choose a smaller throttle increment
between the one specified by @cpu-throttle-increment and the one
generated by ideal CPU percentage.

Therefore, it is compatible to traditional throttling, meanwhile
the throttle increment won't be excessive at tail stage. This may
make migration time longer, and is disabled by default.

Signed-off-by: Keqian Zhu 
---
Cc: Juan Quintela 
Cc: "Dr. David Alan Gilbert" 
Cc: Eric Blake 
Cc: Markus Armbruster 
---
 migration/migration.c | 13 
 migration/ram.c   | 25 +-
 monitor/hmp-cmds.c|  8 
 qapi/migration.json   | 48 +++
 4 files changed, 89 insertions(+), 5 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index 187ac0410c..d478a87290 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -785,6 +785,8 @@ MigrationParameters *qmp_query_migrate_parameters(Error 
**errp)
 params->cpu_throttle_initial = s->parameters.cpu_throttle_initial;
 params->has_cpu_throttle_increment = true;
 params->cpu_throttle_increment = s->parameters.cpu_throttle_increment;
+params->has_cpu_throttle_tailslow = true;
+params->cpu_throttle_tailslow = s->parameters.cpu_throttle_tailslow;
 params->has_tls_creds = true;
 params->tls_creds = g_strdup(s->parameters.tls_creds);
 params->has_tls_hostname = true;
@@ -1324,6 +1326,10 @@ static void 
migrate_params_test_apply(MigrateSetParameters *params,
 dest->cpu_throttle_increment = params->cpu_throttle_increment;
 }
 
+if (params->has_cpu_throttle_tailslow) {
+dest->cpu_throttle_tailslow = params->cpu_throttle_tailslow;
+}
+
 if (params->has_tls_creds) {
 assert(params->tls_creds->type == QTYPE_QSTRING);
 dest->tls_creds = g_strdup(params->tls_creds->u.s);
@@ -1412,6 +1418,10 @@ static void migrate_params_apply(MigrateSetParameters 
*params, Error **errp)
 s->parameters.cpu_throttle_increment = params->cpu_throttle_increment;
 }
 
+if (params->has_cpu_throttle_tailslow) {
+s->parameters.cpu_throttle_tailslow = params->cpu_throttle_tailslow;
+}
+
 if (params->has_tls_creds) {
 g_free(s->parameters.tls_creds);
 assert(params->tls_creds->type == QTYPE_QSTRING);
@@ -3594,6 +3604,8 @@ static Property migration_properties[] = {
 DEFINE_PROP_UINT8("x-cpu-throttle-increment", MigrationState,
   parameters.cpu_throttle_increment,
   DEFAULT_MIGRATE_CPU_THROTTLE_INCREMENT),
+DEFINE_PROP_BOOL("x-cpu-throttle-tailslow", MigrationState,
+  parameters.cpu_throttle_tailslow, false),
 DEFINE_PROP_SIZE("x-max-bandwidth", MigrationState,
   parameters.max_bandwidth, MAX_THROTTLE),
 DEFINE_PROP_UINT64("x-downtime-limit", MigrationState,
@@ -3700,6 +3712,7 @@ static void migration_instance_init(Object *obj)
 params->has_throttle_trigger_threshold = true;
 params->has_cpu_throttle_initial = true;
 params->has_cpu_throttle_increment = true;
+params->has_cpu_throttle_tailslow = true;
 params->has_max_bandwidth = true;
 params->has_downtime_limit = true;
 params->has_x_checkpoint_delay = true;
diff --git a/migration/ram.c b/migration/ram.c
index 04f13feb2e..3317c99786 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -616,20 +616,34 @@ static size_t save_page_header(RAMState *rs, QEMUFile *f, 
 RAMBlock *block,
  * able to complete migration. Some workloads dirty memory way too
  * fast and will not effectively converge, even with auto-converge.
  */
-static void mig_throttle_guest_down(void)
+static void mig_throttle_guest_down(uint64_t bytes_dirty_period,
+uint64_t bytes_dirty_threshold)
 {
 MigrationState *s = migrate_get_current();
 uint64_t pct_initial = s->parameters.cpu_throttle_initial;
-uint64_t pct_icrement = s->parameters.cpu_throttle_increment;
+uint64_t pct_increment = s->parameters.cpu_throttle_increment;
+bool pct_tailslow = s->parameters.cpu_throttle_tailslow;
 int pct_max = s->parameters.max_cpu_throttle;
 
+uint64_t throttle_now = cpu_throttle_get_percentage();
+uint64_t cpu_now, cpu_ideal, throttle_inc;
+
 /* We have not started throttling yet. Let's start it. */
 if (!cpu_throttle_active()) {
 cpu_throttle_set(pct_initial);
 } else {
 /* Throttling already on, just increase the rate */
-cpu_throttle_set(MIN(cpu_throttle_get_percentage() + pct_icrement,
- pct_max));
+if (!pct_tailslow) {
+throttle_inc = pct_increment;
+}

Re: [PATCH] hw/pci/pcie: Forbid hot-plug via QMP if it's disabled on the slot

[Michael S. Tsirkin]

On Wed, Apr 08, 2020 at 12:51:20PM +0200, Igor Mammedov wrote:
> On Tue,  7 Apr 2020 16:50:17 +0200
> Julia Suvorova  wrote:
> 
> > Raise an error when trying to hot-plug/unplug a device through QMP to a 
> > device
> > with disabled hot-plug capability. This makes the device behaviour more
> > consistent and provides an explanation of the failure in the case of
> > asynchronous unplug.
> 
> it applies to hotplug in general (i.e. not only QMP)
> 
> > 
> > Signed-off-by: Julia Suvorova 
> > ---
> >  hw/pci/pcie.c | 24 +---
> >  1 file changed, 21 insertions(+), 3 deletions(-)
> > 
> > diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
> > index 0eb3a2a5d2..e9798caa8a 100644
> > --- a/hw/pci/pcie.c
> > +++ b/hw/pci/pcie.c
> > @@ -415,6 +415,7 @@ void pcie_cap_slot_plug_cb(HotplugHandler *hotplug_dev, 
> > DeviceState *dev,
> >  {
> >  PCIDevice *hotplug_pdev = PCI_DEVICE(hotplug_dev);
> >  uint8_t *exp_cap = hotplug_pdev->config + hotplug_pdev->exp.exp_cap;
> > +uint32_t sltcap = pci_get_word(exp_cap + PCI_EXP_SLTCAP);
> >  PCIDevice *pci_dev = PCI_DEVICE(dev);
> >  
> >  /* Don't send event when device is enabled during qemu machine 
> > creation:
> > @@ -430,6 +431,13 @@ void pcie_cap_slot_plug_cb(HotplugHandler 
> > *hotplug_dev, DeviceState *dev,
> >  return;
> >  }
> >  
> > +/* Hot-plug is disabled on the slot */
> > +if ((sltcap & PCI_EXP_SLTCAP_HPC) == 0) {
> > +error_setg(errp, "Device '%s' does not support hot-plug",
> > + DEVICE(hotplug_dev)->id);
> plug and unplug_req are synchronous. so one can skip on "Device '%s'",
> user will get this error message as response to device_add/del command.
> 
> and more exactly it's concrete slot that does not support hotplug, how about
> "slot doesn't support ..." or just "hotlpug is not supported"

Well device name is useful here, while these commands are synchronous
others aren't so log parsing might not be synchronous.

I do think we should mention slot since that's the reason
hotplug failed:
"Device '%s' hot-plug failed: unsupported by slot"

> > +return;
> > +}
> > +
> >  /* To enable multifunction hot-plug, we just ensure the function
> >   * 0 added last. When function 0 is added, we set the sltsta and
> >   * inform OS via event notification.
> > @@ -464,14 +472,24 @@ static void pcie_unplug_device(PCIBus *bus, PCIDevice 
> > *dev, void *opaque)
> >  object_unparent(OBJECT(dev));
> >  }
> >  
> > -void pcie_cap_slot_unplug_request_cb(HotplugHandler *hotplug_dev,
> > +void pcie_cap_slot_unplug_request_cb(HotplugHandler *hotplug_handler,
> >   DeviceState *dev, Error **errp)
> >  {
> >  Error *local_err = NULL;
> >  PCIDevice *pci_dev = PCI_DEVICE(dev);
> >  PCIBus *bus = pci_get_bus(pci_dev);
> > +PCIDevice *hotplug_dev = PCI_DEVICE(hotplug_handler);
> > +uint8_t *exp_cap = hotplug_dev->config + hotplug_dev->exp.exp_cap;
> > +uint32_t sltcap = pci_get_word(exp_cap + PCI_EXP_SLTCAP);
> > +
> > +/* Hot-unplug is disabled on the slot */
> > +if ((sltcap & PCI_EXP_SLTCAP_HPC) == 0) {
> > +error_setg(errp, "Device '%s' does not support hot-unplug",
> > + DEVICE(hotplug_dev)->id);
> > +return;

Here too let's mention slot since that's the reason
hotplug failed:
"Device '%s' hot-unplug failed: unsupported by slot"

?

> > +}
> >  
> > -pcie_cap_slot_plug_common(PCI_DEVICE(hotplug_dev), dev, &local_err);
> > +pcie_cap_slot_plug_common(hotplug_dev, dev, &local_err);
> >  if (local_err) {
> >  error_propagate(errp, local_err);
> >  return;
> > @@ -490,7 +508,7 @@ void pcie_cap_slot_unplug_request_cb(HotplugHandler 
> > *hotplug_dev,
> >  return;
> >  }
> >  
> > -pcie_cap_slot_push_attention_button(PCI_DEVICE(hotplug_dev));
> > +pcie_cap_slot_push_attention_button(hotplug_dev);
> >  }
> >  
> >  /* pci express slot for pci express root/downstream port

Re: [PATCH-for-5.0 0/3] virtio, vhost-gpu: Release memory returned by malloc() with free()

[Michael S. Tsirkin]

On Mon, Mar 23, 2020 at 09:41:20AM -0400, Michael S. Tsirkin wrote:
> On Mon, Mar 23, 2020 at 12:29:40PM +0100, Philippe Mathieu-Daudé wrote:
> > Coverity reported a ALLOC_FREE_MISMATCH in vg_handle_cursor(),
> > because the memory returned by vu_queue_pop() is allocated with
> > malloc(). Fix it.
> > 
> > Similar error occurs with virtio. Document and fix.
> 
> I will queue this. Thanks!

So what are we doing with this patchset? Marc-André reported issues -
any plan to fix them up? Split up the patchset to 3 independent
patches?

> > Philippe Mathieu-Daudé (3):
> >   vhost-user-gpu: Release memory returned by vu_queue_pop() with free()
> >   virtio: Document virtqueue_pop()
> >   virtio-gpu: Release memory returned by virtqueue_pop() with free()
> > 
> >  include/hw/virtio/virtio.h  | 8 
> >  contrib/vhost-user-gpu/vhost-user-gpu.c | 4 ++--
> >  contrib/vhost-user-gpu/virgl.c  | 2 +-
> >  hw/display/virtio-gpu-3d.c  | 2 +-
> >  hw/display/virtio-gpu.c | 8 
> >  5 files changed, 16 insertions(+), 8 deletions(-)
> > 
> > -- 
> > 2.21.1

Re: [PATCH v4 10/30] qcow2: Add offset_to_sc_index()

[Vladimir Sementsov-Ogievskiy]

17.03.2020 21:16, Alberto Garcia wrote:

For a given offset, return the subcluster number within its cluster
(i.e. with 32 subclusters per cluster it returns a number between 0
and 31).

Signed-off-by: Alberto Garcia
Reviewed-by: Max Reitz


Reviewed-by: Vladimir Sementsov-Ogievskiy 

--
Best regards,
Vladimir

Re: [PATCH v2] gdbstub: Fix segment fault for i386 target

[Laurent Vivier]

Le 13/04/2020 à 01:32, Changbin Du a écrit :
> With GByteArray, we should pass the object itself but not to plus an offset.
> 
> gdb log:
> Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
> __memmove_avx_unaligned_erms () at 
> ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:384
> 384   ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file 
> or directory.
> 
> Fixes: a010bdbe71 ("gdbstub: extend GByteArray to read register helpers")
> Signed-off-by: Changbin Du 
> 
> ---
> v2: remove m68k fix since it's already queued.
> ---
>  target/i386/gdbstub.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/i386/gdbstub.c b/target/i386/gdbstub.c
> index f3d23b614e..b98a99500a 100644
> --- a/target/i386/gdbstub.c
> +++ b/target/i386/gdbstub.c
> @@ -106,7 +106,7 @@ int x86_cpu_gdb_read_register(CPUState *cs, GByteArray 
> *mem_buf, int n)
>  } else if (n >= IDX_FP_REGS && n < IDX_FP_REGS + 8) {
>  floatx80 *fp = (floatx80 *) &env->fpregs[n - IDX_FP_REGS];
>  int len = gdb_get_reg64(mem_buf, cpu_to_le64(fp->low));
> -len += gdb_get_reg16(mem_buf + len, cpu_to_le16(fp->high));
> +len += gdb_get_reg16(mem_buf, cpu_to_le16(fp->high));
>  return len;
>  } else if (n >= IDX_XMM_REGS && n < IDX_XMM_REGS + CPU_NB_REGS) {
>  n -= IDX_XMM_REGS;
> 

Reviewed-by: Laurent Vivier 

[PULL 0/4] pc: bugfixes, maintainers

[Michael S. Tsirkin]

The following changes since commit f3bac27cc1e303e1860cc55b9b6889ba39dee587:

  Update version for v5.0.0-rc2 release (2020-04-07 23:13:37 +0100)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream

for you to fetch changes up to ce4adc0b6e6167091373389ef8befd379c61fddb:

  exec: Fix for qemu_ram_resize() callback (2020-04-13 06:55:54 -0400)


pc: bugfixes, maintainers

A couple of bugfixes.
Add a new vhost-user-blk maintainer.

Signed-off-by: Michael S. Tsirkin 


David Hildenbrand (1):
  exec: Fix for qemu_ram_resize() callback

Raphael Norwitz (1):
  MAINTAINERS: Add myself as vhost-user-blk maintainer

Shameer Kolothum (2):
  acpi: Use macro for table-loader file name
  fw_cfg: Migrate ACPI table mr sizes separately

 include/hw/acpi/aml-build.h |  1 +
 include/hw/nvram/fw_cfg.h   |  6 +++
 exec.c  | 16 +++-
 hw/arm/virt-acpi-build.c|  2 +-
 hw/core/machine.c   |  1 +
 hw/i386/acpi-build.c|  2 +-
 hw/nvram/fw_cfg.c   | 91 -
 MAINTAINERS | 12 ++
 8 files changed, 126 insertions(+), 5 deletions(-)

[PULL 1/4] MAINTAINERS: Add myself as vhost-user-blk maintainer

[Michael S. Tsirkin]

From: Raphael Norwitz 

As suggested by Michael, let's add me as a maintainer of
vhost-user-blk and vhost-user-scsi.

CC: Michael S. Tsirkin 
CC Peter Maydell 
Signed-off-by: Raphael Norwitz 
Message-Id: <1585213047-20089-1-git-send-email-raphael.norw...@nutanix.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 MAINTAINERS | 12 
 1 file changed, 12 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 642c8e0b6b..5f93e8c01d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1853,6 +1853,18 @@ F: hw/display/virtio-gpu*
 F: hw/display/virtio-vga.*
 F: include/hw/virtio/virtio-gpu.h
 
+vhost-user-blk
+M: Raphael Norwitz 
+S: Maintained
+F: contrib/vhost-user-blk/
+F: contrib/vhost-user-scsi/
+F: hw/block/vhost-user-blk.c
+F: hw/scsi/vhost-user-scsi.c
+F: hw/virtio/vhost-user-blk-pci.c
+F: hw/virtio/vhost-user-scsi-pci.c
+F: include/hw/virtio/vhost-user-blk.h
+F: include/hw/virtio/vhost-user-scsi.h
+
 vhost-user-gpu
 M: Marc-André Lureau 
 M: Gerd Hoffmann 
-- 
MST

[PULL 2/4] acpi: Use macro for table-loader file name

[Michael S. Tsirkin]

From: Shameer Kolothum 

Use macro for "etc/table-loader" and move it to the header
file similar to ACPI_BUILD_TABLE_FILE/ACPI_BUILD_RSDP_FILE etc.

Signed-off-by: Shameer Kolothum 
Reviewed-by: Igor Mammedov 
Message-Id: <20200403101827.30664-2-shameerali.kolothum.th...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Philippe Mathieu-Daudé 
---
 include/hw/acpi/aml-build.h | 1 +
 hw/arm/virt-acpi-build.c| 2 +-
 hw/i386/acpi-build.c| 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index de4a406568..0f4ed53d7f 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -13,6 +13,7 @@
 #define ACPI_BUILD_TABLE_FILE "etc/acpi/tables"
 #define ACPI_BUILD_RSDP_FILE "etc/acpi/rsdp"
 #define ACPI_BUILD_TPMLOG_FILE "etc/tpm/log"
+#define ACPI_BUILD_LOADER_FILE "etc/table-loader"
 
 #define AML_NOTIFY_METHOD "NTFY"
 
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 7ef0733d71..81d41a3990 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -929,7 +929,7 @@ void virt_acpi_setup(VirtMachineState *vms)
 
 build_state->linker_mr =
 acpi_add_rom_blob(virt_acpi_build_update, build_state,
-  tables.linker->cmd_blob, "etc/table-loader", 0);
+  tables.linker->cmd_blob, ACPI_BUILD_LOADER_FILE, 0);
 
 fw_cfg_add_file(vms->fw_cfg, ACPI_BUILD_TPMLOG_FILE, tables.tcpalog->data,
 acpi_data_len(tables.tcpalog));
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 2a7e55bae7..23c77eeb95 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -3043,7 +3043,7 @@ void acpi_setup(void)
 
 build_state->linker_mr =
 acpi_add_rom_blob(acpi_build_update, build_state,
-  tables.linker->cmd_blob, "etc/table-loader", 0);
+  tables.linker->cmd_blob, ACPI_BUILD_LOADER_FILE, 0);
 
 fw_cfg_add_file(x86ms->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
 tables.tcpalog->data, acpi_data_len(tables.tcpalog));
-- 
MST

[PULL 3/4] fw_cfg: Migrate ACPI table mr sizes separately

[Michael S. Tsirkin]

From: Shameer Kolothum 

Any sub-page size update to ACPI MRs will be lost during
migration, as we use aligned size in ram_load_precopy() ->
qemu_ram_resize() path. This will result in inconsistency in
FWCfgEntry sizes between source and destination. In order to avoid
this, save and restore them separately during migration.

Up until now, this problem may not be that relevant for x86 as both
ACPI table and Linker MRs gets padded and aligned. Also at present,
qemu_ram_resize() doesn't invoke callback to update FWCfgEntry for
unaligned size changes. But since we are going to fix the
qemu_ram_resize() in the subsequent patch, the issue may become
more serious especially for RSDP MR case.

Moreover, the issue will soon become prominent in arm/virt as well
where the MRs are not padded or aligned at all and eventually have
acpi table changes as part of future additions like NVDIMM hot-add
feature.

Suggested-by: David Hildenbrand 
Signed-off-by: Shameer Kolothum 
Acked-by: David Hildenbrand 
Message-Id: <20200403101827.30664-3-shameerali.kolothum.th...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/nvram/fw_cfg.h |  6 +++
 hw/core/machine.c |  1 +
 hw/nvram/fw_cfg.c | 91 ++-
 3 files changed, 97 insertions(+), 1 deletion(-)

diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index b5291eefad..25d9307018 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -53,6 +53,12 @@ struct FWCfgState {
 dma_addr_t dma_addr;
 AddressSpace *dma_as;
 MemoryRegion dma_iomem;
+
+/* restore during migration */
+bool acpi_mr_restore;
+uint64_t table_mr_size;
+uint64_t linker_mr_size;
+uint64_t rsdp_mr_size;
 };
 
 struct FWCfgIoState {
diff --git a/hw/core/machine.c b/hw/core/machine.c
index de0c425605..c1a444cb75 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -39,6 +39,7 @@ GlobalProperty hw_compat_4_2[] = {
 { "usb-redir", "suppress-remote-wake", "off" },
 { "qxl", "revision", "4" },
 { "qxl-vga", "revision", "4" },
+{ "fw_cfg", "acpi-mr-restore", "false" },
 };
 const size_t hw_compat_4_2_len = G_N_ELEMENTS(hw_compat_4_2);
 
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 179b302f01..4be6c9d9fd 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -39,6 +39,7 @@
 #include "qemu/config-file.h"
 #include "qemu/cutils.h"
 #include "qapi/error.h"
+#include "hw/acpi/aml-build.h"
 
 #define FW_CFG_FILE_SLOTS_DFLT 0x20
 
@@ -610,6 +611,55 @@ bool fw_cfg_dma_enabled(void *opaque)
 return s->dma_enabled;
 }
 
+static bool fw_cfg_acpi_mr_restore(void *opaque)
+{
+FWCfgState *s = opaque;
+bool mr_aligned;
+
+mr_aligned = QEMU_IS_ALIGNED(s->table_mr_size, qemu_real_host_page_size) &&
+ QEMU_IS_ALIGNED(s->linker_mr_size, qemu_real_host_page_size) 
&&
+ QEMU_IS_ALIGNED(s->rsdp_mr_size, qemu_real_host_page_size);
+return s->acpi_mr_restore && !mr_aligned;
+}
+
+static void fw_cfg_update_mr(FWCfgState *s, uint16_t key, size_t size)
+{
+MemoryRegion *mr;
+ram_addr_t offset;
+int arch = !!(key & FW_CFG_ARCH_LOCAL);
+void *ptr;
+
+key &= FW_CFG_ENTRY_MASK;
+assert(key < fw_cfg_max_entry(s));
+
+ptr = s->entries[arch][key].data;
+mr = memory_region_from_host(ptr, &offset);
+
+memory_region_ram_resize(mr, size, &error_abort);
+}
+
+static int fw_cfg_acpi_mr_restore_post_load(void *opaque, int version_id)
+{
+FWCfgState *s = opaque;
+int i, index;
+
+assert(s->files);
+
+index = be32_to_cpu(s->files->count);
+
+for (i = 0; i < index; i++) {
+if (!strcmp(s->files->f[i].name, ACPI_BUILD_TABLE_FILE)) {
+fw_cfg_update_mr(s, FW_CFG_FILE_FIRST + i, s->table_mr_size);
+} else if (!strcmp(s->files->f[i].name, ACPI_BUILD_LOADER_FILE)) {
+fw_cfg_update_mr(s, FW_CFG_FILE_FIRST + i, s->linker_mr_size);
+} else if (!strcmp(s->files->f[i].name, ACPI_BUILD_RSDP_FILE)) {
+fw_cfg_update_mr(s, FW_CFG_FILE_FIRST + i, s->rsdp_mr_size);
+}
+}
+
+return 0;
+}
+
 static const VMStateDescription vmstate_fw_cfg_dma = {
 .name = "fw_cfg/dma",
 .needed = fw_cfg_dma_enabled,
@@ -619,6 +669,20 @@ static const VMStateDescription vmstate_fw_cfg_dma = {
 },
 };
 
+static const VMStateDescription vmstate_fw_cfg_acpi_mr = {
+.name = "fw_cfg/acpi_mr",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = fw_cfg_acpi_mr_restore,
+.post_load = fw_cfg_acpi_mr_restore_post_load,
+.fields = (VMStateField[]) {
+VMSTATE_UINT64(table_mr_size, FWCfgState),
+VMSTATE_UINT64(linker_mr_size, FWCfgState),
+VMSTATE_UINT64(rsdp_mr_size, FWCfgState),
+VMSTATE_END_OF_LIST()
+},
+};
+
 static const VMStateDescription vmstate_fw_cfg = {
 .name = "fw_cfg",
 .version_id = 2,
@@ -631,6 +695,7 @@ static const VMStateDescription vmstate_fw_cf

[PULL 4/4] exec: Fix for qemu_ram_resize() callback

[Michael S. Tsirkin]

From: David Hildenbrand 

Summarizing the issue:
1. Memory regions contain ram blocks with a different size,  if the
   size is  not properly aligned. While memory regions can have an
   unaligned size, ram blocks can't. This is true when creating
   resizable memory region with  an unaligned size.
2. When resizing a ram block/memory region, the size of the memory
   region  is set to the aligned size. The callback is called with
   the aligned size. The unaligned piece is lost.

Because of the above, if ACPI blob length modifications happens
after the initial virt_acpi_build() call, and the changed blob
length is within the PAGE size boundary, then the revised size
is not seen by the firmware on Guest reboot.

Hence make sure callback is called if memory region size is changed,
irrespective of aligned or not.

Signed-off-by: David Hildenbrand 
[Shameer: added commit log]
Signed-off-by: Shameer Kolothum 
Reviewed-by: Igor Mammedov 
Message-Id: <20200403101827.30664-4-shameerali.kolothum.th...@huawei.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Philippe Mathieu-Daudé 
---
 exec.c | 16 ++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/exec.c b/exec.c
index de9d949902..2874bb5088 100644
--- a/exec.c
+++ b/exec.c
@@ -2074,11 +2074,23 @@ static int memory_try_enable_merging(void *addr, size_t 
len)
  */
 int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
 {
+const ram_addr_t unaligned_size = newsize;
+
 assert(block);
 
 newsize = HOST_PAGE_ALIGN(newsize);
 
 if (block->used_length == newsize) {
+/*
+ * We don't have to resize the ram block (which only knows aligned
+ * sizes), however, we have to notify if the unaligned size changed.
+ */
+if (unaligned_size != memory_region_size(block->mr)) {
+memory_region_set_size(block->mr, unaligned_size);
+if (block->resized) {
+block->resized(block->idstr, unaligned_size, block->host);
+}
+}
 return 0;
 }
 
@@ -2102,9 +2114,9 @@ int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, 
Error **errp)
 block->used_length = newsize;
 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
 DIRTY_CLIENTS_ALL);
-memory_region_set_size(block->mr, newsize);
+memory_region_set_size(block->mr, unaligned_size);
 if (block->resized) {
-block->resized(block->idstr, newsize, block->host);
+block->resized(block->idstr, unaligned_size, block->host);
 }
 return 0;
 }
-- 
MST

[RFC patch v1 0/3] qemu-file writing performance improving

[Denis Plotnikov]

Problem description: qcow2 internal snapshot saving time is too big on HDD ~ 25 
sec

When a qcow2 image is placed on a regular HDD and the image is openned with
O_DIRECT the snapshot saving time is around 26 sec.
The snapshot saving time can be 4 times sorter.
The patch series propose the way to achive that. 

Why is the saving time = ~25 sec?

There are three things:
1. qemu-file iov limit (currently 64)
2. direct qemu_fflush calls, inducing disk writings
3. ram data copying and synchronous disk wrtings

When 1, 2 are quite clear, the 3rd needs some explaination:

Internal snapshot uses qemu-file as an interface to store the data with
stream semantics.
qemu-file avoids data coping when possible (mostly for ram data)
and use iovectors to propagate the data to an undelying block driver state.
In the case when qcow2 openned with O_DIRECT it is suboptimal.

This is what happens: on writing, when the iovectors query goes from qemu-file
to bdrv (here and further by brdv I mean qcow2 with posix O_DIRECT openned 
backend),
the brdv checks all iovectors to be base and size aligned, if it's not the case,
the data copied to an internal buffer and synchronous pwrite is called.
If the iovectors are aligned, io_submit is called.

In our case, snapshot almost always induces pwrite, since we never have all
the iovectors aligned in the query, because of frequent adding a short iovector:
8 byte ram-page delimiters, after adding each ram page iovector.

So the qemu-file code in this case:
1. doesn't aviod ram copying
2. works fully synchronously

How to improve the snapshot time:

1. easy way: to increase iov limit to IOV_MAX (1024).
This will reduce synchronous writing frequency.
My test revealed that with iov limit = IOV_MAX the snapshot time *~12 sec*.

2. complex way: do writings asynchronously.
Introduce both base- and size-aligned buffer, write the data only when
the buffer is full, write the buffer asynchronously, meanwhile filling another
buffer with snapshot data.
My test revealed that this complex way provides the snapshot time *~6 sec*,
2 times better than just iov limit increasing.

The patch proposes how to improve the snapshot performance in the complex way,
allowing to use the asyncronous writings when needed.

This is an RFC series, as I didn't confident that I fully understand all
qemu-file use cases. I tried to make the series in a safe way to not break
anything related to qemu-file using in other places, like migration.

All comments are *VERY* appriciated!

Thanks,
Denis

Denis Plotnikov (3):
  qemu-file: introduce current buffer
  qemu-file: add buffered mode
  migration/savevm: use qemu-file buffered mode for non-cached bdrv

 include/qemu/typedefs.h |   2 +
 migration/qemu-file.c   | 479 +---
 migration/qemu-file.h   |   9 +
 migration/savevm.c  |  38 +++-
 4 files changed, 456 insertions(+), 72 deletions(-)

-- 
1.8.3.1

[RFC patch v1 3/3] migration/savevm: use qemu-file buffered mode for non-cached bdrv

[Denis Plotnikov]

This makes internal snapshots of HDD placed qcow2 images opened with
O_DIRECT flag 4 times faster.

The test:
   creates 500M internal snapshot for a cow2 image placed on HDD
Result times:
   with the patch: ~6 sec
   without patch: ~24 sec

This happens because the internal snapshot saving produces a lot of
pwrites, because of flushing the internal buffers with non-aligned
io vectors and direct calling qemu_fflush.

To fix it, we introduce an internal pointer and size aligned buffer.
The most of the time the buffer is flushed only when it's full regardless
of direct calling qemu_fflush. When the buffer is full, it is written
asynchronously.

This gives us a cople of advantages leading to performance improvement:

1. beacause of pointer and size aligned buffers we can use asynchronous
   os write syscall, like io_submit
2. when some buffer is being written, another buffer is filled with
   data.

Signed-off-by: Denis Plotnikov 
---
 migration/savevm.c | 38 --
 1 file changed, 36 insertions(+), 2 deletions(-)

diff --git a/migration/savevm.c b/migration/savevm.c
index c00a680..db0cac9 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -63,6 +63,7 @@
 #include "migration/colo.h"
 #include "qemu/bitmap.h"
 #include "net/announce.h"
+#include "block/block_int.h"
 
 const unsigned int postcopy_ram_discard_version = 0;
 
@@ -153,6 +154,12 @@ static int bdrv_fclose(void *opaque, Error **errp)
 return bdrv_flush(opaque);
 }
 
+static bool qemu_file_is_buffered(void *opaque)
+{
+BlockDriverState *bs = (BlockDriverState *) opaque;
+return !!(bs->open_flags & BDRV_O_NOCACHE);
+}
+
 static const QEMUFileOps bdrv_read_ops = {
 .get_buffer = block_get_buffer,
 .close =  bdrv_fclose
@@ -160,7 +167,8 @@ static const QEMUFileOps bdrv_read_ops = {
 
 static const QEMUFileOps bdrv_write_ops = {
 .writev_buffer  = block_writev_buffer,
-.close  = bdrv_fclose
+.close  = bdrv_fclose,
+.enable_buffered = qemu_file_is_buffered
 };
 
 static QEMUFile *qemu_fopen_bdrv(BlockDriverState *bs, int is_writable)
@@ -2624,7 +2632,7 @@ int qemu_load_device_state(QEMUFile *f)
 return 0;
 }
 
-int save_snapshot(const char *name, Error **errp)
+static int coroutine_fn save_snapshot_fn(const char *name, Error **errp)
 {
 BlockDriverState *bs, *bs1;
 QEMUSnapshotInfo sn1, *sn = &sn1, old_sn1, *old_sn = &old_sn1;
@@ -2747,6 +2755,32 @@ int save_snapshot(const char *name, Error **errp)
 return ret;
 }
 
+ typedef struct SaveVMParams {
+ const char *name;
+ Error **errp;
+ int ret;
+ } SaveVMParams;
+
+static void coroutine_fn save_snapshot_entry(void *opaque)
+{
+SaveVMParams *p = (SaveVMParams *) opaque;
+p->ret = save_snapshot_fn(p->name, p->errp);
+}
+
+int save_snapshot(const char *name, Error **errp)
+{
+SaveVMParams p = (SaveVMParams) {
+.name = name,
+.errp = errp,
+.ret = -EINPROGRESS,
+};
+
+Coroutine *co = qemu_coroutine_create(save_snapshot_entry, &p);
+aio_co_enter(qemu_get_aio_context(), co);
+AIO_WAIT_WHILE(qemu_get_aio_context(), p.ret == -EINPROGRESS);
+return p.ret;
+}
+
 void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live,
 Error **errp)
 {
-- 
1.8.3.1

[RFC patch v1 2/3] qemu-file: add buffered mode

[Denis Plotnikov]

The patch adds ability to qemu-file to write the data
asynchronously to improve the performance on writing.
Before, only synchronous writing was supported.

Enabling of the asyncronous mode is managed by new
"enabled_buffered" callback.

Signed-off-by: Denis Plotnikov 
---
 include/qemu/typedefs.h |   1 +
 migration/qemu-file.c   | 351 +---
 migration/qemu-file.h   |   9 ++
 3 files changed, 339 insertions(+), 22 deletions(-)

diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 88dce54..9b388c8 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -98,6 +98,7 @@ typedef struct QEMUBH QEMUBH;
 typedef struct QemuConsole QemuConsole;
 typedef struct QEMUFile QEMUFile;
 typedef struct QEMUFileBuffer QEMUFileBuffer;
+typedef struct QEMUFileAioTask QEMUFileAioTask;
 typedef struct QemuLockable QemuLockable;
 typedef struct QemuMutex QemuMutex;
 typedef struct QemuOpt QemuOpt;
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
index 285c6ef..f42f949 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
@@ -29,19 +29,25 @@
 #include "qemu-file.h"
 #include "trace.h"
 #include "qapi/error.h"
+#include "block/aio_task.h"
 
-#define IO_BUF_SIZE 32768
+#define IO_BUF_SIZE (1024 * 1024)
 #define MAX_IOV_SIZE MIN(IOV_MAX, 64)
+#define IO_BUF_NUM 2
+#define IO_BUF_ALIGNMENT 512
 
-QEMU_BUILD_BUG_ON(!QEMU_IS_ALIGNED(IO_BUF_SIZE, 512));
+QEMU_BUILD_BUG_ON(!QEMU_IS_ALIGNED(IO_BUF_SIZE, IO_BUF_ALIGNMENT));
+QEMU_BUILD_BUG_ON(IO_BUF_SIZE > INT_MAX);
+QEMU_BUILD_BUG_ON(IO_BUF_NUM <= 0);
 
 struct QEMUFileBuffer {
 int buf_index;
-int buf_size; /* 0 when writing */
+int buf_size; /* 0 when non-buffered writing */
 uint8_t *buf;
 unsigned long *may_free;
 struct iovec *iov;
 unsigned int iovcnt;
+QLIST_ENTRY(QEMUFileBuffer) link;
 };
 
 struct QEMUFile {
@@ -60,6 +66,22 @@ struct QEMUFile {
 bool shutdown;
 /* currently used buffer */
 QEMUFileBuffer *current_buf;
+/*
+ * with buffered_mode enabled all the data copied to 512 byte
+ * aligned buffer, including iov data. Then the buffer is passed
+ * to writev_buffer callback.
+ */
+bool buffered_mode;
+/* for async buffer writing */
+AioTaskPool *pool;
+/* the list of free buffers, currently used on is NOT there */
+QLIST_HEAD(, QEMUFileBuffer) free_buffers;
+};
+
+struct QEMUFileAioTask {
+AioTask task;
+QEMUFile *f;
+QEMUFileBuffer *fb;
 };
 
 /*
@@ -115,10 +137,42 @@ QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps 
*ops)
 f->opaque = opaque;
 f->ops = ops;
 
-f->current_buf = g_new0(QEMUFileBuffer, 1);
-f->current_buf->buf = g_malloc(IO_BUF_SIZE);
-f->current_buf->iov = g_new0(struct iovec, MAX_IOV_SIZE);
-f->current_buf->may_free = bitmap_new(MAX_IOV_SIZE);
+if (f->ops->enable_buffered) {
+f->buffered_mode = f->ops->enable_buffered(f->opaque);
+}
+
+if (f->buffered_mode && qemu_file_is_writable(f)) {
+int i;
+/*
+ * in buffered_mode we don't use internal io vectors
+ * and may_free bitmap, because we copy the data to be
+ * written right away to the buffer
+ */
+f->pool = aio_task_pool_new(IO_BUF_NUM);
+
+/* allocate io buffers */
+for (i = 0; i < IO_BUF_NUM; i++) {
+QEMUFileBuffer *fb = g_new0(QEMUFileBuffer, 1);
+
+fb->buf = qemu_memalign(IO_BUF_ALIGNMENT, IO_BUF_SIZE);
+fb->buf_size = IO_BUF_SIZE;
+
+/*
+ * put the first buffer to the current buf and the rest
+ * to the list of free buffers
+ */
+if (i == 0) {
+f->current_buf = fb;
+} else {
+QLIST_INSERT_HEAD(&f->free_buffers, fb, link);
+}
+}
+} else {
+f->current_buf = g_new0(QEMUFileBuffer, 1);
+f->current_buf->buf = g_malloc(IO_BUF_SIZE);
+f->current_buf->iov = g_new0(struct iovec, MAX_IOV_SIZE);
+f->current_buf->may_free = bitmap_new(MAX_IOV_SIZE);
+}
 
 return f;
 }
@@ -190,6 +244,8 @@ static void qemu_iovec_release_ram(QEMUFile *f)
 unsigned long idx;
 QEMUFileBuffer *fb = f->current_buf;
 
+assert(!f->buffered_mode);
+
 /* Find and release all the contiguous memory ranges marked as may_free. */
 idx = find_next_bit(fb->may_free, fb->iovcnt, 0);
 if (idx >= fb->iovcnt) {
@@ -221,6 +277,147 @@ static void qemu_iovec_release_ram(QEMUFile *f)
 bitmap_zero(fb->may_free, MAX_IOV_SIZE);
 }
 
+static void advance_buf_ptr(QEMUFile *f, size_t size)
+{
+QEMUFileBuffer *fb = f->current_buf;
+/* must not advance to 0 */
+assert(size);
+/* must not overflow buf_index (int) */
+assert(fb->buf_index + size <= INT_MAX);
+/* must not exceed buf_size */
+assert(fb->buf_index + size <= fb->buf_size);
+
+fb->buf_index += size;
+}
+
+static size_t get_buf_free_size(Q

[RFC patch v1 1/3] qemu-file: introduce current buffer

[Denis Plotnikov]

To approach async wrtiting in the further commits, the buffer
allocated in QEMUFile struct is replaced with the link to the
current buffer. We're going to use many buffers to write the
qemu file stream to the unerlying storage asynchronously. The
current buffer points out to the buffer is currently filled
with data.

This patch doesn't add any features to qemu-file and doesn't
change any qemu-file behavior.

Signed-off-by: Denis Plotnikov 
---
 include/qemu/typedefs.h |   1 +
 migration/qemu-file.c   | 156 +---
 2 files changed, 95 insertions(+), 62 deletions(-)

diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 375770a..88dce54 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -97,6 +97,7 @@ typedef struct QDict QDict;
 typedef struct QEMUBH QEMUBH;
 typedef struct QemuConsole QemuConsole;
 typedef struct QEMUFile QEMUFile;
+typedef struct QEMUFileBuffer QEMUFileBuffer;
 typedef struct QemuLockable QemuLockable;
 typedef struct QemuMutex QemuMutex;
 typedef struct QemuOpt QemuOpt;
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
index 1c3a358..285c6ef 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
@@ -33,6 +33,17 @@
 #define IO_BUF_SIZE 32768
 #define MAX_IOV_SIZE MIN(IOV_MAX, 64)
 
+QEMU_BUILD_BUG_ON(!QEMU_IS_ALIGNED(IO_BUF_SIZE, 512));
+
+struct QEMUFileBuffer {
+int buf_index;
+int buf_size; /* 0 when writing */
+uint8_t *buf;
+unsigned long *may_free;
+struct iovec *iov;
+unsigned int iovcnt;
+};
+
 struct QEMUFile {
 const QEMUFileOps *ops;
 const QEMUFileHooks *hooks;
@@ -43,18 +54,12 @@ struct QEMUFile {
 
 int64_t pos; /* start of buffer when writing, end of buffer
 when reading */
-int buf_index;
-int buf_size; /* 0 when writing */
-uint8_t buf[IO_BUF_SIZE];
-
-DECLARE_BITMAP(may_free, MAX_IOV_SIZE);
-struct iovec iov[MAX_IOV_SIZE];
-unsigned int iovcnt;
-
 int last_error;
 Error *last_error_obj;
 /* has the file has been shutdown */
 bool shutdown;
+/* currently used buffer */
+QEMUFileBuffer *current_buf;
 };
 
 /*
@@ -109,6 +114,12 @@ QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps 
*ops)
 
 f->opaque = opaque;
 f->ops = ops;
+
+f->current_buf = g_new0(QEMUFileBuffer, 1);
+f->current_buf->buf = g_malloc(IO_BUF_SIZE);
+f->current_buf->iov = g_new0(struct iovec, MAX_IOV_SIZE);
+f->current_buf->may_free = bitmap_new(MAX_IOV_SIZE);
+
 return f;
 }
 
@@ -177,35 +188,37 @@ static void qemu_iovec_release_ram(QEMUFile *f)
 {
 struct iovec iov;
 unsigned long idx;
+QEMUFileBuffer *fb = f->current_buf;
 
 /* Find and release all the contiguous memory ranges marked as may_free. */
-idx = find_next_bit(f->may_free, f->iovcnt, 0);
-if (idx >= f->iovcnt) {
+idx = find_next_bit(fb->may_free, fb->iovcnt, 0);
+if (idx >= fb->iovcnt) {
 return;
 }
-iov = f->iov[idx];
+iov = fb->iov[idx];
 
 /* The madvise() in the loop is called for iov within a continuous range 
and
  * then reinitialize the iov. And in the end, madvise() is called for the
  * last iov.
  */
-while ((idx = find_next_bit(f->may_free, f->iovcnt, idx + 1)) < f->iovcnt) 
{
+while ((idx = find_next_bit(fb->may_free,
+fb->iovcnt, idx + 1)) < fb->iovcnt) {
 /* check for adjacent buffer and coalesce them */
-if (iov.iov_base + iov.iov_len == f->iov[idx].iov_base) {
-iov.iov_len += f->iov[idx].iov_len;
+if (iov.iov_base + iov.iov_len == fb->iov[idx].iov_base) {
+iov.iov_len += fb->iov[idx].iov_len;
 continue;
 }
 if (qemu_madvise(iov.iov_base, iov.iov_len, QEMU_MADV_DONTNEED) < 0) {
 error_report("migrate: madvise DONTNEED failed %p %zd: %s",
  iov.iov_base, iov.iov_len, strerror(errno));
 }
-iov = f->iov[idx];
+iov = fb->iov[idx];
 }
 if (qemu_madvise(iov.iov_base, iov.iov_len, QEMU_MADV_DONTNEED) < 0) {
 error_report("migrate: madvise DONTNEED failed %p %zd: %s",
  iov.iov_base, iov.iov_len, strerror(errno));
 }
-memset(f->may_free, 0, sizeof(f->may_free));
+bitmap_zero(fb->may_free, MAX_IOV_SIZE);
 }
 
 /**
@@ -219,6 +232,7 @@ void qemu_fflush(QEMUFile *f)
 ssize_t ret = 0;
 ssize_t expect = 0;
 Error *local_error = NULL;
+QEMUFileBuffer *fb = f->current_buf;
 
 if (!qemu_file_is_writable(f)) {
 return;
@@ -227,9 +241,9 @@ void qemu_fflush(QEMUFile *f)
 if (f->shutdown) {
 return;
 }
-if (f->iovcnt > 0) {
-expect = iov_size(f->iov, f->iovcnt);
-ret = f->ops->writev_buffer(f->opaque, f->iov, f->iovcnt, f->pos,
+if (fb->iovcnt > 0) {
+expect = iov_size(fb->iov, fb->iovcnt);
+ret = f->ops->writev_buffer(f->opaque, fb->iov, fb->iov

Re: [PATCH 13/15] KVM: MIPS: Add CONFIG6 and DIAG registers emulation

[Jiaxun Yang]

On Mon, 13 Apr 2020 15:30:22 +0800
Huacai Chen  wrote:

> Loongson-3 has CONFIG6 and DIAG registers which need to be emulate.
> CONFIG6 is mostly used to enable/disable FTLB and SFB, while DIAG is
> mostly used to flush BTB, ITLB, DTLB, VTLB and FTLB.
> 
> Signed-off-by: Huacai Chen 
> Co-developed-by: Jiaxun Yang 

It should be guarded by CONFIG_CPU_LOONGSON64 as well.

Thanks.

> ---
>  arch/mips/include/asm/kvm_host.h |  5 
>  arch/mips/include/asm/mipsregs.h |  7 +
>  arch/mips/kvm/tlb.c  | 39 +++
>  arch/mips/kvm/vz.c   | 58
> +++- 4 files changed, 108
> insertions(+), 1 deletion(-)
> 
> diff --git a/arch/mips/include/asm/kvm_host.h
> b/arch/mips/include/asm/kvm_host.h index c291767..3ef6ca8 100644
> --- a/arch/mips/include/asm/kvm_host.h
> +++ b/arch/mips/include/asm/kvm_host.h
> @@ -68,9 +68,11 @@
>  #define KVM_REG_MIPS_CP0_CONFIG3 MIPS_CP0_32(16, 3)
>  #define KVM_REG_MIPS_CP0_CONFIG4 MIPS_CP0_32(16, 4)
>  #define KVM_REG_MIPS_CP0_CONFIG5 MIPS_CP0_32(16, 5)
> +#define KVM_REG_MIPS_CP0_CONFIG6 MIPS_CP0_32(16, 6)
>  #define KVM_REG_MIPS_CP0_CONFIG7 MIPS_CP0_32(16, 7)
>  #define KVM_REG_MIPS_CP0_MAARI   MIPS_CP0_64(17, 2)
>  #define KVM_REG_MIPS_CP0_XCONTEXTMIPS_CP0_64(20, 0)
> +#define KVM_REG_MIPS_CP0_DIAGMIPS_CP0_32(22, 0)
>  #define KVM_REG_MIPS_CP0_ERROREPCMIPS_CP0_64(30, 0)
>  #define KVM_REG_MIPS_CP0_KSCRATCH1   MIPS_CP0_64(31, 2)
>  #define KVM_REG_MIPS_CP0_KSCRATCH2   MIPS_CP0_64(31, 3)
> @@ -256,6 +258,7 @@ struct mips_coproc {
>  #define MIPS_CP0_WATCH_LO18
>  #define MIPS_CP0_WATCH_HI19
>  #define MIPS_CP0_TLB_XCONTEXT20
> +#define MIPS_CP0_DIAG22
>  #define MIPS_CP0_ECC 26
>  #define MIPS_CP0_CACHE_ERR   27
>  #define MIPS_CP0_TAG_LO  28
> @@ -927,6 +930,8 @@ void kvm_vz_save_guesttlb(struct kvm_mips_tlb
> *buf, unsigned int index, unsigned int count);
>  void kvm_vz_load_guesttlb(const struct kvm_mips_tlb *buf, unsigned
> int index, unsigned int count);
> +void kvm_loongson_clear_guest_vtlb(void);
> +void kvm_loongson_clear_guest_ftlb(void);
>  #endif
>  
>  void kvm_mips_suspend_mm(int cpu);
> diff --git a/arch/mips/include/asm/mipsregs.h
> b/arch/mips/include/asm/mipsregs.h index 796fe47..ce40fbf 100644
> --- a/arch/mips/include/asm/mipsregs.h
> +++ b/arch/mips/include/asm/mipsregs.h
> @@ -674,6 +674,9 @@
>  #define MIPS_CONF5_CV(_ULCAST_(1) << 29)
>  #define MIPS_CONF5_K (_ULCAST_(1) << 30)
>  
> +#define MIPS_CONF6_INTIMER   (_ULCAST_(1) << 6)
> +#define MIPS_CONF6_EXTIMER   (_ULCAST_(1) << 7)
> +#define MIPS_CONF6_SFBEN (_ULCAST_(1) << 8)
>  #define MIPS_CONF6_SYND  (_ULCAST_(1) << 13)
>  /* proAptiv FTLB on/off bit */
>  #define MIPS_CONF6_FTLBEN(_ULCAST_(1) << 15)
> @@ -993,6 +996,8 @@
>  /* Disable Branch Return Cache */
>  #define R10K_DIAG_D_BRC  (_ULCAST_(1) << 22)
>  
> +/* Flush BTB */
> +#define LOONGSON_DIAG_BTB(_ULCAST_(1) << 1)
>  /* Flush ITLB */
>  #define LOONGSON_DIAG_ITLB   (_ULCAST_(1) << 2)
>  /* Flush DTLB */
> @@ -2825,7 +2830,9 @@ __BUILD_SET_C0(status)
>  __BUILD_SET_C0(cause)
>  __BUILD_SET_C0(config)
>  __BUILD_SET_C0(config5)
> +__BUILD_SET_C0(config6)
>  __BUILD_SET_C0(config7)
> +__BUILD_SET_C0(diag)
>  __BUILD_SET_C0(intcontrol)
>  __BUILD_SET_C0(intctl)
>  __BUILD_SET_C0(srsmap)
> diff --git a/arch/mips/kvm/tlb.c b/arch/mips/kvm/tlb.c
> index 7cd9216..1efb9a0 100644
> --- a/arch/mips/kvm/tlb.c
> +++ b/arch/mips/kvm/tlb.c
> @@ -20,6 +20,7 @@
>  
>  #include 
>  #include 
> +#include 
>  #include 
>  #include 
>  #include 
> @@ -622,6 +623,44 @@ void kvm_vz_load_guesttlb(const struct
> kvm_mips_tlb *buf, unsigned int index, }
>  EXPORT_SYMBOL_GPL(kvm_vz_load_guesttlb);
>  
> +void kvm_loongson_clear_guest_vtlb(void)
> +{
> + int idx = read_gc0_index();
> +
> + /* Set root GuestID for root probe and write of guest TLB
> entry */
> + set_root_gid_to_guest_gid();
> +
> + write_gc0_index(0);
> + guest_tlbinvf();
> + write_gc0_index(idx);
> +
> + clear_root_gid();
> + set_c0_diag(LOONGSON_DIAG_ITLB | LOONGSON_DIAG_DTLB);
> +}
> +EXPORT_SYMBOL_GPL(kvm_loongson_clear_guest_vtlb);
> +
> +void kvm_loongson_clear_guest_ftlb(void)
> +{
> + int i;
> + int idx = read_gc0_index();
> +
> + /* Set root GuestID for root probe and write of guest TLB
> entry */
> + set_root_gid_to_guest_gid();
> +
> + for (i = current_cpu_data.tlbsizevtlb;
> +  i < (current_cpu_data.tlbsizevtlb +
> +  current_cpu_data.tlbsizeftlbsets);
> +  i++) {
> + write_gc0_index(i);
> + guest_tlbinvf();
> + }
> + write_gc0_index(idx);
> +
> + clear_root_gid();
> + set_c0_diag(LOONGSON_DIAG_ITLB | LOONGSON_DIAG_DTLB);
> +}
> +EXPORT_SYMBOL_GPL(kvm_loongson_clear_guest_ftlb);
> +
>  #endif
>  
>  /**
> diff --git a/arch/mips/k

Re: [PULL for-5.0 0/1] tcg patch queue

[Peter Maydell]

On Sun, 12 Apr 2020 at 22:11, Richard Henderson
 wrote:
>
> The following changes since commit 17e1e49814096a3daaa8e5a73acd56a0f30bdc18:
>
>   Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
> into staging (2020-04-09 19:00:41 +0100)
>
> are available in the Git repository at:
>
>   https://github.com/rth7680/qemu.git tags/pull-tcg-20200412
>
> for you to fetch changes up to a4e57084c16d5b0eff3651693fba04f26b30b551:
>
>   tcg/mips: mips sync* encode error (2020-04-12 14:07:07 -0700)
>
> 
> Fix tcg/mips barrier encoding
>
> 
> lixinyu (1):
>   tcg/mips: mips sync* encode error
>
>  tcg/mips/tcg-target.inc.c | 10 +-
>  1 file changed, 5 insertions(+), 5 deletions(-)



Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.

-- PMM

Re: [RFC patch v1 0/3] qemu-file writing performance improving

[Denis V. Lunev]

On 4/13/20 2:12 PM, Denis Plotnikov wrote:
> Problem description: qcow2 internal snapshot saving time is too big on HDD ~ 
> 25 sec
>
> When a qcow2 image is placed on a regular HDD and the image is openned with
> O_DIRECT the snapshot saving time is around 26 sec.
> The snapshot saving time can be 4 times sorter.
> The patch series propose the way to achive that. 
>
> Why is the saving time = ~25 sec?
>
> There are three things:
> 1. qemu-file iov limit (currently 64)
> 2. direct qemu_fflush calls, inducing disk writings
in a non-aligned way, which results further in READ-MODIFY-WRITE
operations at the beginning and at the end of the writing data.
Within synchronous operations this slow-downs the process a lot!

> 3. ram data copying and synchronous disk wrtings
>
> When 1, 2 are quite clear, the 3rd needs some explaination:
>
> Internal snapshot uses qemu-file as an interface to store the data with
> stream semantics.
> qemu-file avoids data coping when possible (mostly for ram data)
> and use iovectors to propagate the data to an undelying block driver state.
> In the case when qcow2 openned with O_DIRECT it is suboptimal.
>
> This is what happens: on writing, when the iovectors query goes from qemu-file
> to bdrv (here and further by brdv I mean qcow2 with posix O_DIRECT openned 
> backend),
> the brdv checks all iovectors to be base and size aligned, if it's not the 
> case,
> the data copied to an internal buffer and synchronous pwrite is called.
> If the iovectors are aligned, io_submit is called.
>
> In our case, snapshot almost always induces pwrite, since we never have all
> the iovectors aligned in the query, because of frequent adding a short 
> iovector:
> 8 byte ram-page delimiters, after adding each ram page iovector.
>
> So the qemu-file code in this case:
> 1. doesn't aviod ram copying
> 2. works fully synchronously
>
> How to improve the snapshot time:
>
> 1. easy way: to increase iov limit to IOV_MAX (1024).
> This will reduce synchronous writing frequency.
> My test revealed that with iov limit = IOV_MAX the snapshot time *~12 sec*.
>
> 2. complex way: do writings asynchronously.
> Introduce both base- and size-aligned buffer, write the data only when
> the buffer is full, write the buffer asynchronously, meanwhile filling another
> buffer with snapshot data.
> My test revealed that this complex way provides the snapshot time *~6 sec*,
> 2 times better than just iov limit increasing.

We also align written data as flush operations over the disk
are not mandatory.

> The patch proposes how to improve the snapshot performance in the complex way,
> allowing to use the asyncronous writings when needed.
>
> This is an RFC series, as I didn't confident that I fully understand all
> qemu-file use cases. I tried to make the series in a safe way to not break
> anything related to qemu-file using in other places, like migration.
>
> All comments are *VERY* appriciated!
>
> Thanks,
> Denis
>
> Denis Plotnikov (3):
>   qemu-file: introduce current buffer
>   qemu-file: add buffered mode
>   migration/savevm: use qemu-file buffered mode for non-cached bdrv
>
>  include/qemu/typedefs.h |   2 +
>  migration/qemu-file.c   | 479 
> +---
>  migration/qemu-file.h   |   9 +
>  migration/savevm.c  |  38 +++-
>  4 files changed, 456 insertions(+), 72 deletions(-)
>

Re: [PATCH v2 0/6] Automation of Coverity Scan uploads (via Docker)

[Peter Maydell]

What's your view on this series, Paolo? Personally I'd like
to put it into master, because at least then we have something
that we can do Coverity runs on, whereas AIUI at the moment
we don't. But I'd rather not put it in after rc3, which is
tomorrow...

thanks
-- PMM

On Thu, 19 Mar 2020 at 19:33, Peter Maydell  wrote:
>
> v1 of this series was over a year ago:
> https://patchew.org/QEMU/20181113184641.4492-1-peter.mayd...@linaro.org/
>
> I dusted it off and fixed some stuff because Paolo reports that the
> machine he was previously using for uploads can't run the Coverity
> tools any more.
>
> The first four patches are fixes for problems that cause the Coverity
> tool not to be able to scan everything.  The first one in particular
> meant that every compilation unit failed, which would block uploads.
> The other 3 would reduce the scan coverage but weren't fatal.  (The
> only remaining warnings in the log are where Coverity complains about
> asm intrinsics system headers.)
>
> With these scripts you can do an upload with
> COVERITY_TOKEN=n ./scripts/coverity-scan/run-coverity-scan --docker
> (where  is the project's secret token which admins can
> get from the Coverity web UI).
>
> I did in fact do an upload to test it, so the currently visible
> results on the website are the result of a scan on ce73691e258 plus
> this series.
>
> The new upload has +112 defects, which is quite a lot, but I don't
> think it's so many that it is "defects we rejected as false positives
> coming back again"; my guess is a combination of the fixes in the
> first 4 patches increasing coverage plus we haven't run a test in a
> while plus maybe the script has some more config options enabled that
> Paolo's box did not.  (In the web UI defects that were dismissed as
> FPs seem still to be considered present-but-dismissed, so I think
> that's OK.)
>
> Not much has changed since v1; I didn't get very much feedback
> the first time around[*]. Docker still seems to do the "download
> the Coverity tools" part more often than I expect. On the other
> hand "actually automated with a script in the tree" beats "not
> automated and currently broken" so maybe this patchset as it
> stands is good enough, given that basically 1 or 2 people ever
> will be running the script ?
>
> [*] Eric will note that yes, the script still uses set -e.
>
> (Like v1 this doesn't try to tie it into Travis, but we could
> in theory do that some day, or have some other automated once
> a week run of the script.)
>
> thanks
> -- PMM
>
> Peter Maydell (6):
>   osdep.h: Drop no-longer-needed Coverity workarounds
>   thread.h: Fix Coverity version of qemu_cond_timedwait()
>   thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock()
> etc
>   linux-user/flatload.c: Use "" for include of QEMU header target_flat.h
>   scripts/run-coverity-scan: Script to run Coverity Scan build
>   scripts/coverity-scan: Add Docker support
>
>  include/qemu/osdep.h   |  14 -
>  include/qemu/thread.h  |  12 +-
>  linux-user/flatload.c  |   2 +-
>  MAINTAINERS|   5 +
>  scripts/coverity-scan/coverity-scan.docker | 131 +++
>  scripts/coverity-scan/run-coverity-scan| 401 +
>  6 files changed, 544 insertions(+), 21 deletions(-)
>  create mode 100644 scripts/coverity-scan/coverity-scan.docker
>  create mode 100755 scripts/coverity-scan/run-coverity-scan
>
> --
> 2.20.1

Re: [PATCH v18 0/4] qcow2: Implement zstd cluster compression method

[Denis Plotnikov]

Ping! Is there something to be fixed in the series?

Thanks,
Denis

On 02.04.2020 09:36, Denis Plotnikov wrote:

v18:
* 04: add quotes to all file name variables [Vladimir]
* 04: add Vladimir's comment according to "qemu-io write -s"
  option issue.

v17:
* 03: remove incorrect comment in zstd decompress [Vladimir]
* 03: remove "paraniod" and rewrite the comment on decompress [Vladimir]
* 03: fix dead assignment [Vladimir]
* 04: add and remove quotes [Vladimir]
* 04: replace long offset form with the short one [Vladimir]

v16:
* 03: ssize_t for ret, size_t for zstd_ret [Vladimir]
* 04: small fixes according to the comments [Vladimir]

v15:
* 01: aiming qemu 5.1 [Eric]
* 03: change zstd_res definition place [Vladimir]
* 04: add two new test cases [Eric]
  1. test adjacent cluster compression with zstd
  2. test incompressible cluster processing
* 03, 04: many rewording and gramma fixing [Eric]

v14:
* fix bug on compression - looping until compress == 0 [Me]
* apply reworked Vladimir's suggestions:
   1. not mixing ssize_t with size_t
   2. safe check for ENOMEM in compression part - avoid overflow
   3. tolerate sanity check allow zstd to make progress only
  on one of the buffers
v13:
* 03: add progress sanity check to decompression loop [Vladimir]
  03: add successful decompression check [Me]

v12:
* 03: again, rework compression and decompression loops
  to make them more correct [Vladimir]
  03: move assert in compression to more appropriate place
  [Vladimir]
v11:
* 03: the loops don't need "do{}while" form anymore and
  the they were buggy (missed "do" in the beginning)
  replace them with usual "while(){}" loops [Vladimir]
v10:
* 03: fix zstd (de)compressed loops for multi-frame
  cases [Vladimir]
v9:
* 01: fix error checking and reporting in qcow2_amend compression type part 
[Vladimir]
* 03: replace asserts with -EIO in qcow2_zstd_decompression [Vladimir, 
Alberto]
* 03: reword/amend/add comments, fix typos [Vladimir]

v8:
* 03: switch zstd API from simple to stream [Eric]
  No need to state a special cluster layout for zstd
  compressed clusters.
v7:
* use qapi_enum_parse instead of the open-coding [Eric]
* fix wording, typos and spelling [Eric]

v6:
* "block/qcow2-threads: fix qcow2_decompress" is removed from the series
   since it has been accepted by Max already
* add compile time checking for Qcow2Header to be a multiple of 8 [Max, 
Alberto]
* report error on qcow2 amending when the compression type is actually 
chnged [Max]
* remove the extra space and the extra new line [Max]
* re-arrange acks and signed-off-s [Vladimir]

v5:
* replace -ENOTSUP with abort in qcow2_co_decompress [Vladimir]
* set cluster size for all test cases in the beginning of the 287 test

v4:
* the series is rebased on top of 01 "block/qcow2-threads: fix 
qcow2_decompress"
* 01 is just a no-change resend to avoid extra dependencies. Still, it may 
be merged in separate

v3:
* remove redundant max compression type value check [Vladimir, Eric]
  (the switch below checks everything)
* prevent compression type changing on "qemu-img amend" [Vladimir]
* remove zstd config setting, since it has been added already by
  "migration" patches [Vladimir]
* change the compression type error message [Vladimir]
* fix alignment and 80-chars exceeding [Vladimir]

v2:
* rework compression type setting [Vladimir]
* squash iotest changes to the compression type introduction patch 
[Vladimir, Eric]
* fix zstd availability checking in zstd iotest [Vladimir]
* remove unnecessry casting [Eric]
* remove rudundant checks [Eric]
* fix compressed cluster layout in qcow2 spec [Vladimir]
* fix wording [Eric, Vladimir]
* fix compression type filtering in iotests [Eric]

v1:
the initial series



Denis Plotnikov (4):
   qcow2: introduce compression type feature
   qcow2: rework the cluster compression routine
   qcow2: add zstd cluster compression
   iotests: 287: add qcow2 compression type test

  docs/interop/qcow2.txt   |   1 +
  configure|   2 +-
  qapi/block-core.json |  23 +++-
  block/qcow2.h|  20 ++-
  include/block/block_int.h|   1 +
  block/qcow2-threads.c| 228 +--
  block/qcow2.c| 120 
  tests/qemu-iotests/031.out   |  14 +-
  tests/qemu-iotests/036.out   |   4 +-
  tests/qemu-iotests/049.out   | 102 +++---
  tests/qemu-iotests/060.out   |   1 +
  tests/qemu-iotests/061.out   |  34 +++--
  tests/qemu-iotests/065   |  28 ++--
  tests/qemu-iotests/080   |   2 +-
  tests/qemu-iotests/144.out   |   4 +-
  tests/qemu-iotests/182.out   |  

Re: [PATCH v2 0/6] Automation of Coverity Scan uploads (via Docker)

[Paolo Bonzini]

Yes, go ahead. I would like to add a docker-coverity Makefile target but I
can do that later.

Il lun 13 apr 2020, 14:13 Peter Maydell  ha
scritto:

> What's your view on this series, Paolo? Personally I'd like
> to put it into master, because at least then we have something
> that we can do Coverity runs on, whereas AIUI at the moment
> we don't. But I'd rather not put it in after rc3, which is
> tomorrow...
>
> thanks
> -- PMM
>
> On Thu, 19 Mar 2020 at 19:33, Peter Maydell 
> wrote:
> >
> > v1 of this series was over a year ago:
> > https://patchew.org/QEMU/20181113184641.4492-1-peter.mayd...@linaro.org/
> >
> > I dusted it off and fixed some stuff because Paolo reports that the
> > machine he was previously using for uploads can't run the Coverity
> > tools any more.
> >
> > The first four patches are fixes for problems that cause the Coverity
> > tool not to be able to scan everything.  The first one in particular
> > meant that every compilation unit failed, which would block uploads.
> > The other 3 would reduce the scan coverage but weren't fatal.  (The
> > only remaining warnings in the log are where Coverity complains about
> > asm intrinsics system headers.)
> >
> > With these scripts you can do an upload with
> > COVERITY_TOKEN=n ./scripts/coverity-scan/run-coverity-scan
> --docker
> > (where  is the project's secret token which admins can
> > get from the Coverity web UI).
> >
> > I did in fact do an upload to test it, so the currently visible
> > results on the website are the result of a scan on ce73691e258 plus
> > this series.
> >
> > The new upload has +112 defects, which is quite a lot, but I don't
> > think it's so many that it is "defects we rejected as false positives
> > coming back again"; my guess is a combination of the fixes in the
> > first 4 patches increasing coverage plus we haven't run a test in a
> > while plus maybe the script has some more config options enabled that
> > Paolo's box did not.  (In the web UI defects that were dismissed as
> > FPs seem still to be considered present-but-dismissed, so I think
> > that's OK.)
> >
> > Not much has changed since v1; I didn't get very much feedback
> > the first time around[*]. Docker still seems to do the "download
> > the Coverity tools" part more often than I expect. On the other
> > hand "actually automated with a script in the tree" beats "not
> > automated and currently broken" so maybe this patchset as it
> > stands is good enough, given that basically 1 or 2 people ever
> > will be running the script ?
> >
> > [*] Eric will note that yes, the script still uses set -e.
> >
> > (Like v1 this doesn't try to tie it into Travis, but we could
> > in theory do that some day, or have some other automated once
> > a week run of the script.)
> >
> > thanks
> > -- PMM
> >
> > Peter Maydell (6):
> >   osdep.h: Drop no-longer-needed Coverity workarounds
> >   thread.h: Fix Coverity version of qemu_cond_timedwait()
> >   thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock()
> > etc
> >   linux-user/flatload.c: Use "" for include of QEMU header target_flat.h
> >   scripts/run-coverity-scan: Script to run Coverity Scan build
> >   scripts/coverity-scan: Add Docker support
> >
> >  include/qemu/osdep.h   |  14 -
> >  include/qemu/thread.h  |  12 +-
> >  linux-user/flatload.c  |   2 +-
> >  MAINTAINERS|   5 +
> >  scripts/coverity-scan/coverity-scan.docker | 131 +++
> >  scripts/coverity-scan/run-coverity-scan| 401 +
> >  6 files changed, 544 insertions(+), 21 deletions(-)
> >  create mode 100644 scripts/coverity-scan/coverity-scan.docker
> >  create mode 100755 scripts/coverity-scan/run-coverity-scan
> >
> > --
> > 2.20.1
>
>

Re: colo: qemu 4.2.0 vs. qemu 5.0.0-rc2 performance regression

[Lukas Straub]

On Sat, 11 Apr 2020 19:16:54 +0200
Lukas Straub  wrote:

> Hello Everyone,
> I did some Benchmarking with iperf3 and memtester (to dirty some guest memory)
> of colo performance in qemu 4.2.0 and in qemu 5.0.0-rc2
> with my bugfixes on top.( 
> https://lists.nongnu.org/archive/html/qemu-devel/2020-04/msg01432.html )
> 
> I have taken the average over 4 runs.
> Client-to-server tcp bandwidth rose slightly from ~83.98 Mbit/s to ~89.40 
> Mbits.
> Server-to-client tcp bandwidth fell from ~9.73 Mbit/s to ~1.79 Mbit/s.
> Client-to-server udp bandwidth stayed the same at 1.05 Mbit/s
> and jitter rose from ~5.12 ms to ~10.77 ms.
> Server-to-client udp bandwidth fell from ~380.5 Kbit/s to ~33.6 Kbit/s
> and jitter rose from ~41.74 ms to ~83976.15 ms (!).
> 
> I haven't looked closely into it, but i think
> 0393031a16735835a441b6d6e0495a1bd14adb90 "COLO: Optimize memory back-up 
> process"
> is the culprint as it reduces vm downtime for the checkpoints but increases
> the overall checkpoint time and we can only release miscompared primary 
> packets
> after the checkpoint is completely finished.
> 
> Another thing that I noticed: With 4.2.0, the secondary qemu uses thrice
> the amount of gest memory. With 5.0.0-rc2 it's just double the amount of
> guest memory. So maybe the ram cache isn't working properly?
> 
> Regards,
> Lukas Straub

Hmm,
I looked at my test again and saw that the results where very noisy, so qemu 
5.0.0-rc2
being slower was just a coincidence. I did increase the test time and the 
results are 
more meaningful now. Now qemu 5.0.0-rc2 is around the same speed and still 
faster
in the client-to-server tcp case.

Sorry for the noise.

Regards,
Lukas Straub


pgp6dUmlTa8z_.pgp
Description: OpenPGP digital signature

Re: [RFC patch v1 0/3] qemu-file writing performance improving

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/1586776334-641239-1-git-send-email-dplotni...@virtuozzo.com/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

/tmp/qemu-test/src/migration/qemu-file.c:415: undefined reference to 
`aio_task_pool_start_task'
/usr/bin/ld: migration/qemu-file.o: in function `qemu_file_switch_current_buf':
/tmp/qemu-test/src/migration/qemu-file.c:380: undefined reference to 
`aio_task_pool_wait_slot'
clang-8: error: linker command failed with exit code 1 (use -v to see 
invocation)
make: *** [/tmp/qemu-test/src/rules.mak:124: tests/test-vmstate] Error 1
make: *** Waiting for unfinished jobs
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 664, in 
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=305548e9be434ddeb3a06c706e9dab1a', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 
'TARGET_LIST=x86_64-softmmu', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 
'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', 
'-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-aounzkok/src/docker-src.2020-04-13-09.44.50.27035:/var/tmp/qemu:z,ro',
 'qemu:fedora', '/var/tmp/qemu/run', 'test-debug']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=305548e9be434ddeb3a06c706e9dab1a
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-aounzkok/src'
make: *** [docker-run-test-debug@fedora] Error 2

real6m39.403s
user0m9.069s


The full log is available at
http://patchew.org/logs/1586776334-641239-1-git-send-email-dplotni...@virtuozzo.com/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PULL v2 0/8] Misc patches for QEMU 5.0-rc3

[Peter Maydell]

On Mon, 13 Apr 2020 at 08:05, Paolo Bonzini  wrote:
>
> The following changes since commit 53ef8a92eb04ee19640f5aad3bff36cd4a36c250:
>
>   Merge remote-tracking branch 
> 'remotes/pmaydell/tags/pull-target-arm-20200406' into staging (2020-04-06 
> 12:36:45 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 267514b33ffa3f315adc26fc14d89f92e90840f5:
>
>   module: increase dirs array size by one (2020-04-13 02:56:18 -0400)
>
> 
> Bugfixes, and reworking of the atomics documentation.
>
> 


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.

-- PMM

Re: [PATCH v2] gdbstub: Fix segment fault for i386 target

[Alex Bennée]

Changbin Du  writes:

> With GByteArray, we should pass the object itself but not to plus an offset.
>
> gdb log:
> Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
> __memmove_avx_unaligned_erms () at 
> ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:384
> 384   ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file 
> or directory.
>
> Fixes: a010bdbe71 ("gdbstub: extend GByteArray to read register helpers")
> Signed-off-by: Changbin Du 
>
> ---
> v2: remove m68k fix since it's already queued.

I also have Peter Xu's fix for i386:

  
https://patchew.org/QEMU/20200409211529.5269-1-alex.ben...@linaro.org/20200409211529.5269-10-alex.ben...@linaro.org/

But I'll happily add your Reported-by credit to that patch.

> ---
>  target/i386/gdbstub.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/i386/gdbstub.c b/target/i386/gdbstub.c
> index f3d23b614e..b98a99500a 100644
> --- a/target/i386/gdbstub.c
> +++ b/target/i386/gdbstub.c
> @@ -106,7 +106,7 @@ int x86_cpu_gdb_read_register(CPUState *cs, GByteArray 
> *mem_buf, int n)
>  } else if (n >= IDX_FP_REGS && n < IDX_FP_REGS + 8) {
>  floatx80 *fp = (floatx80 *) &env->fpregs[n - IDX_FP_REGS];
>  int len = gdb_get_reg64(mem_buf, cpu_to_le64(fp->low));
> -len += gdb_get_reg16(mem_buf + len, cpu_to_le16(fp->high));
> +len += gdb_get_reg16(mem_buf, cpu_to_le16(fp->high));
>  return len;
>  } else if (n >= IDX_XMM_REGS && n < IDX_XMM_REGS + CPU_NB_REGS) {
>  n -= IDX_XMM_REGS;


-- 
Alex Bennée

Re: [PATCH 09/31] target/arm: Implement SVE2 integer pairwise arithmetic

[Laurent Desnogues]

On Fri, Mar 27, 2020 at 12:16 AM Richard Henderson
 wrote:
[...]
> diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
> index 5d75aed7b7..d7c181ddb8 100644
> --- a/target/arm/sve_helper.c
> +++ b/target/arm/sve_helper.c
> @@ -681,6 +681,73 @@ DO_ZPZZ_D(sve2_uhsub_zpzz_d, uint64_t, DO_HSUB_D)
>  #undef DO_ZPZZ
>  #undef DO_ZPZZ_D
>
> +/*
> + * Three operand expander, operating on element pairs.
> + * If the slot I is even, the elements from from VN {I, I+1}.
> + * If the slot I is odd, the elements from from VM {I-1, I}.
> + */
> +#define DO_ZPZZ_PAIR(NAME, TYPE, H, OP) \
> +void HELPER(NAME)(void *vd, void *vn, void *vm, void *vg, uint32_t desc) \
> +{   \
> +intptr_t i, opr_sz = simd_oprsz(desc);  \
> +for (i = 0; i < opr_sz; ) { \
> +uint16_t pg = *(uint16_t *)(vg + H1_2(i >> 3)); \
> +do {\
> +if (pg & 1) {   \
> +void *p = (i & 1 ? vm : vn);\
> +TYPE nn = *(TYPE *)(p + H(i & ~1)); \
> +TYPE mm = *(TYPE *)(p + H(i | 1));  \
> +*(TYPE *)(vd + H(i)) = OP(nn, mm);  \
> +}   \
> +i += sizeof(TYPE), pg >>= sizeof(TYPE); \
> +} while (i & 15);   \
> +}   \
> +}

You should not use 1 as mask but sizeof(TYPE).
A temporary should be used because vd also is a source.

> +/* Similarly, specialized for 64-bit operands.  */
> +#define DO_ZPZZ_PAIR_D(NAME, TYPE, OP)  \
> +void HELPER(NAME)(void *vd, void *vn, void *vm, void *vg, uint32_t desc) \
> +{   \
> +intptr_t i, opr_sz = simd_oprsz(desc) / 8;  \
> +TYPE *d = vd, *n = vn, *m = vm; \
> +uint8_t *pg = vg;   \
> +for (i = 0; i < opr_sz; i += 1) {   \
> +if (pg[H1(i)] & 1) {\
> +TYPE *p = (i & 1 ? m : n) + (i & ~1);   \
> +TYPE nn = p[0], mm = p[1];  \
> +d[i] = OP(nn, mm);  \
> +}   \
> +}   \
> +}

A temporary should be used because vd also is a source.

Laurent

Re: [PATCH-for-5.1 v3 01/24] various: Remove suspicious '\' character outside of #define in C code

[Alistair Francis]

On Sun, Apr 12, 2020 at 3:38 PM Philippe Mathieu-Daudé  wrote:
>
> Fixes the following coccinelle warnings:
>
>   $ spatch --sp-file --verbose-parsing  ... \
>   scripts/coccinelle/remove_local_err.cocci
>   ...
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/ppc/translate_init.inc.c:5213
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/ppc/translate_init.inc.c:5261
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/microblaze/cpu.c:166
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/microblaze/cpu.c:167
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/microblaze/cpu.c:169
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/microblaze/cpu.c:170
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/microblaze/cpu.c:171
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/microblaze/cpu.c:172
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/microblaze/cpu.c:173
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/i386/cpu.c:5787
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/i386/cpu.c:5789
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/i386/cpu.c:5800
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/i386/cpu.c:5801
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/i386/cpu.c:5802
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/i386/cpu.c:5804
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/i386/cpu.c:5805
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/i386/cpu.c:5806
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./target/i386/cpu.c:6329
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./hw/sd/sdhci.c:1133
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./hw/scsi/scsi-disk.c:3081
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./hw/net/virtio-net.c:1529
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./hw/riscv/sifive_u.c:468
>   SUSPICIOUS: a \ character appears outside of a #define at ./dump/dump.c:1895
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./block/vhdx.c:2209
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./block/vhdx.c:2215
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./block/vhdx.c:2221
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./block/vhdx.c:
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./block/replication.c:172
>   SUSPICIOUS: a \ character appears outside of a #define at 
> ./block/replication.c:173
>
> Reviewed-by: Marc-André Lureau 
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  block/replication.c |  4 ++--
>  block/vhdx.c|  8 
>  dump/dump.c |  2 +-
>  hw/net/virtio-net.c |  2 +-
>  hw/riscv/sifive_u.c |  2 +-
>  hw/scsi/scsi-disk.c |  2 +-
>  hw/sd/sdhci.c   |  2 +-
>  target/i386/cpu.c   | 18 +-
>  target/microblaze/cpu.c | 14 +++---
>  target/ppc/translate_init.inc.c |  4 ++--
>  10 files changed, 29 insertions(+), 29 deletions(-)
>
> diff --git a/block/replication.c b/block/replication.c
> index da013c2041..971f0fe266 100644
> --- a/block/replication.c
> +++ b/block/replication.c
> @@ -172,8 +172,8 @@ static void replication_child_perm(BlockDriverState *bs, 
> BdrvChild *c,
>  if ((bs->open_flags & (BDRV_O_INACTIVE | BDRV_O_RDWR)) == BDRV_O_RDWR) {
>  *nperm |= BLK_PERM_WRITE;
>  }
> -*nshared = BLK_PERM_CONSISTENT_READ \
> -   | BLK_PERM_WRITE \
> +*nshared = BLK_PERM_CONSISTENT_READ
> +   | BLK_PERM_WRITE
> | BLK_PERM_WRITE_UNCHANGED;
>  return;
>  }
> diff --git a/block/vhdx.c b/block/vhdx.c
> index 33e57cd656..e16fdc2f2d 100644
> --- a/block/vhdx.c
> +++ b/block/vhdx.c
> @@ -2206,20 +2206,20 @@ static QemuOptsList vhdx_create_opts = {
> .name = VHDX_BLOCK_OPT_BLOCK_SIZE,
> .type = QEMU_OPT_SIZE,
> .def_value_str = stringify(0),
> -   .help = "Block Size; min 1MB, max 256MB. " \
> +   .help = "Block Size; min 1MB, max 256MB. "
> "0 means auto-calculate based on image size."
> },
> {
> .name = BLOCK_OPT_SUBFMT,
> .type = QEMU_OPT_STRING,
> -   .help = "VHDX format type, can be either 'dynamic' or 'fixed'. "\
> +   .help = "VHDX format type, can be either 'dynamic' or 'fixed'. "
> "Default is 'dynamic'."
> },
> {
> .name = VHDX_BLOCK_OPT_ZERO,
>   

Re: [PATCH-for-5.1 v3 06/23] hw/arm/msf2-soc: Add missing error-propagation code

[Alistair Francis]

On Sun, Apr 12, 2020 at 3:53 PM Philippe Mathieu-Daudé  wrote:
>
> Patch created mechanically by running:
>
>   $ spatch \
> --macro-file scripts/cocci-macro-file.h --include-headers \
> --sp-file scripts/coccinelle/use-error_propagate-in-realize.cocci \
> --keep-comments --smpl-spacing --in-place --dir hw
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/arm/msf2-soc.c | 24 
>  1 file changed, 20 insertions(+), 4 deletions(-)
>
> diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c
> index e448b0ab74..7619e71cfa 100644
> --- a/hw/arm/msf2-soc.c
> +++ b/hw/arm/msf2-soc.c
> @@ -93,7 +93,11 @@ static void m2sxxx_soc_realize(DeviceState *dev_soc, Error 
> **errp)
>  MemoryRegion *system_memory = get_system_memory();
>
>  memory_region_init_rom(&s->nvm, OBJECT(dev_soc), "MSF2.eNVM", 
> s->envm_size,
> -   &error_fatal);
> +   &err);
> +if (err) {
> +error_propagate(errp, err);
> +return;
> +}
>  /*
>   * On power-on, the eNVM region 0x6000 is automatically
>   * remapped to the Cortex-M3 processor executable region
> @@ -107,7 +111,11 @@ static void m2sxxx_soc_realize(DeviceState *dev_soc, 
> Error **errp)
>  memory_region_add_subregion(system_memory, 0, &s->nvm_alias);
>
>  memory_region_init_ram(&s->sram, NULL, "MSF2.eSRAM", s->esram_size,
> -   &error_fatal);
> +   &err);
> +if (err) {
> +error_propagate(errp, err);
> +return;
> +}
>  memory_region_add_subregion(system_memory, SRAM_BASE_ADDRESS, &s->sram);
>
>  armv7m = DEVICE(&s->armv7m);
> @@ -115,7 +123,11 @@ static void m2sxxx_soc_realize(DeviceState *dev_soc, 
> Error **errp)
>  qdev_prop_set_string(armv7m, "cpu-type", s->cpu_type);
>  qdev_prop_set_bit(armv7m, "enable-bitband", true);
>  object_property_set_link(OBJECT(&s->armv7m), OBJECT(get_system_memory()),
> - "memory", &error_abort);
> + "memory", &err);
> +if (err) {
> +error_propagate(errp, err);
> +return;
> +}
>  object_property_set_bool(OBJECT(&s->armv7m), true, "realized", &err);
>  if (err != NULL) {
>  error_propagate(errp, err);
> @@ -184,8 +196,12 @@ static void m2sxxx_soc_realize(DeviceState *dev_soc, 
> Error **errp)
>  bus_name = g_strdup_printf("spi%d", i);
>  object_property_add_alias(OBJECT(s), bus_name,
>OBJECT(&s->spi[i]), "spi",
> -  &error_abort);
> +  &err);
>  g_free(bus_name);
> +if (err) {
> +error_propagate(errp, err);
> +return;
> +}
>  }
>
>  /* Below devices are not modelled yet. */
> --
> 2.21.1
>
>

Re: [PATCH 11/31] target/arm: Implement SVE2 integer add/subtract long

[Laurent Desnogues]

On Fri, Mar 27, 2020 at 12:09 AM Richard Henderson
 wrote:
[...]
> diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
> index bee00eaa44..7d7a59f620 100644
> --- a/target/arm/sve_helper.c
> +++ b/target/arm/sve_helper.c
> @@ -1088,6 +1088,49 @@ DO_ZZW(sve_lsl_zzw_s, uint32_t, uint64_t, H1_4, DO_LSL)
>  #undef DO_ZPZ
>  #undef DO_ZPZ_D
>
> +/*
> + * Three-operand expander, unpredicated, in which the two inputs are
> + * selected from the top or bottom half of the wide column.
> + */
> +#define DO_ZZZ_TB(NAME, TYPE, TYPEN, OP) \
> +void HELPER(NAME)(void *vd, void *vn, void *vm, uint32_t desc) \
> +{  \
> +intptr_t i, opr_sz = simd_oprsz(desc); \
> +int sel1 = (simd_data(desc) & 1) * sizeof(TYPE);   \
> +int sel2 = (simd_data(desc) & 2) * (sizeof(TYPE) / 2); \
> +for (i = 0; i < opr_sz; i += sizeof(TYPE)) {   \
> +TYPE nn = (TYPEN)(*(TYPE *)(vn + i) >> sel1);  \
> +TYPE mm = (TYPEN)(*(TYPE *)(vm + i) >> sel2);  \
> +*(TYPE *)(vd + i) = OP(nn, mm);\
> +}  \
> +}

For sel1/sel2 the multiplicand should be the number of bits in TYPEN.

Laurent

Re: [PATCH 13/31] target/arm: Implement SVE2 integer add/subtract wide

[Laurent Desnogues]

On Fri, Mar 27, 2020 at 12:17 AM Richard Henderson
 wrote:
[...]
> diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
> index 7d7a59f620..44503626e4 100644
> --- a/target/arm/sve_helper.c
> +++ b/target/arm/sve_helper.c
> @@ -1131,6 +1131,36 @@ DO_ZZZ_TB(sve2_uabdl_d, uint64_t, uint32_t, DO_ABD)
>
>  #undef DO_ZZZ_TB
>
> +#define DO_ZZZ_WTB(NAME, TYPE, TYPEN, OP) \
> +void HELPER(NAME)(void *vd, void *vn, void *vm, uint32_t desc) \
> +{  \
> +intptr_t i, opr_sz = simd_oprsz(desc); \
> +int sel2 = (simd_data(desc) & 1) * sizeof(TYPE);   \
> +for (i = 0; i < opr_sz; i += sizeof(TYPE)) {   \
> +TYPE nn = *(TYPE *)(vn + i);   \
> +TYPE mm = (TYPEN)(*(TYPE *)(vm + i) >> sel2);  \
> +*(TYPE *)(vd + i) = OP(nn, mm);\
> +}  \
> +}

For sel2 the multiplicand should be the number of bits of TYPEN.

Laurent

Re: [PATCH 21/31] target/arm: Implement SVE2 integer absolute difference and accumulate long

[Laurent Desnogues]

On Fri, Mar 27, 2020 at 12:18 AM Richard Henderson
 wrote:
[...]
> diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
> index a3653007ac..a0995d95c7 100644
> --- a/target/arm/sve_helper.c
> +++ b/target/arm/sve_helper.c
> @@ -1216,6 +1216,30 @@ DO_ZZZ_NTB(sve2_eoril_d, uint64_t, , DO_EOR)
>
>  #undef DO_ZZZ_NTB
>
> +#define DO_ABAL(NAME, TYPE, TYPEN) \
> +void HELPER(NAME)(void *vd, void *va, void *vn, void *vm, uint32_t desc) \
> +{  \
> +intptr_t i, opr_sz = simd_oprsz(desc); \
> +int sel1 = (simd_data(desc) & 1) * sizeof(TYPE);   \
> +int sel2 = (simd_data(desc) & 2) * (sizeof(TYPE) / 2); \
> +for (i = 0; i < opr_sz; i += sizeof(TYPE)) {   \
> +TYPE nn = (TYPEN)(*(TYPE *)(vn + i) >> sel1);  \
> +TYPE mm = (TYPEN)(*(TYPE *)(vm + i) >> sel2);  \
> +TYPE aa = *(TYPE *)(va + i);   \
> +*(TYPE *)(vd + i) = DO_ABD(nn, mm) + aa;   \
> +}  \
> +}

ABAL is either top or bottom not a mix of two.  So only sel1 is needed
and its multiplicand should be the number of bits of TYPEN.
vd is both a source and a destination so a temporary should be used.

Laurent

Re: [PATCH 22/31] target/arm: Implement SVE2 integer add/subtract long with carry

[Laurent Desnogues]

On Fri, Mar 27, 2020 at 12:17 AM Richard Henderson
 wrote:
[...]
> diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
> index a0995d95c7..aa330f75c3 100644
> --- a/target/arm/sve_helper.c
> +++ b/target/arm/sve_helper.c
[...]
> +void HELPER(sve2_adcl_d)(void *vd, void *va, void *vn, void *vm, uint32_t 
> desc)
> +{
> +intptr_t i, opr_sz = simd_oprsz(desc);
> +int sel = extract32(desc, SIMD_DATA_SHIFT, 1) * 32;
> +uint64_t inv = -(uint64_t)extract32(desc, SIMD_DATA_SHIFT + 1, 1);
> +uint64_t *d = vd, *a = va, *n = vn, *m = vm;
> +
> +for (i = 0; i < opr_sz / 8; i += 2) {
> +Int128 e1 = int128_make64(a[i]);
> +Int128 e2 = int128_make64(n[i + sel] ^ inv);
> +Int128 c = int128_make64(m[i + 1] & 1);
> +Int128 r = int128_add(int128_add(e1, e2), c);
> +d[i + 0] = int128_getlo(r);
> +d[i + 1] = int128_gethi(r);
> +}
> +}

sel should not be multiplied by 32.

Laurent

Re: [PATCH 20/31] target/arm: Implement SVE2 complex integer add

[Laurent Desnogues]

On Fri, Mar 27, 2020 at 12:20 AM Richard Henderson
 wrote:
[...]
> diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
> index b5afa34efe..a3653007ac 100644
> --- a/target/arm/sve_helper.c
> +++ b/target/arm/sve_helper.c
> @@ -1289,6 +1289,48 @@ DO_BITPERM(sve2_bgrp_d, uint64_t, bitgroup)
>
>  #undef DO_BITPERM
>
> +#define DO_CADD(NAME, TYPE, H, ADD_OP, SUB_OP)  \
> +void HELPER(NAME)(void *vd, void *vn, void *vm, uint32_t desc)  \
> +{   \
> +intptr_t i, opr_sz = simd_oprsz(desc);  \
> +int sub_r = simd_data(desc);\
> +if (sub_r) {\
> +for (i = 0; i < opr_sz; i += 2 * sizeof(TYPE)) {\
> +TYPE acc_r = *(TYPE *)(vn + H(i));  \
> +TYPE acc_i = *(TYPE *)(vn + H(i + sizeof(TYPE)));   \
> +TYPE el2_r = *(TYPE *)(vm + H(i));  \
> +TYPE el2_i = *(TYPE *)(vm + H(i + sizeof(TYPE)));   \
> +acc_r = SUB_OP(acc_r, el2_i);   \
> +acc_i = ADD_OP(acc_i, el2_r);   \
> +*(TYPE *)(vd + H(i)) = acc_r;   \
> +*(TYPE *)(vd + H(i + sizeof(TYPE))) = acc_i;\
> +}   \
> +} else {\
> +for (i = 0; i < opr_sz; i += 2 * sizeof(TYPE)) {\
> +TYPE acc_r = *(TYPE *)(vn + H(i));  \
> +TYPE acc_i = *(TYPE *)(vn + H(i + sizeof(TYPE)));   \
> +TYPE el2_r = *(TYPE *)(vm + H(i));  \
> +TYPE el2_i = *(TYPE *)(vm + H(i + sizeof(TYPE)));   \
> +acc_r = ADD_OP(acc_r, el2_i);   \
> +acc_i = SUB_OP(acc_i, el2_r);   \
> +*(TYPE *)(vd + H(i)) = acc_r;   \
> +*(TYPE *)(vd + H(i + sizeof(TYPE))) = acc_i;\
> +}   \
> +}   \
> +}

The then/else branches of if (sub_r) are swapped.

Laurent

[PATCH] .gitignore: include common build sub-directories

[Alex Bennée]

As out-of-tree builds become more common (or rather building in a
subdir) we can add a lot of load to "git ls-files" as it hunts down
sub-directories that are irrelevant to the source tree. This is
especially annoying if you have a prompt that attempts to summarise
the current git status on command completion.

Signed-off-by: Alex Bennée 
---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 0c5af83aa74..7757dc08a08 100644
--- a/.gitignore
+++ b/.gitignore
@@ -141,6 +141,8 @@ cscope.*
 tags
 TAGS
 docker-src.*
+build
+builds
 *~
 *.ast_raw
 *.depend_raw
-- 
2.20.1

Re: [PATCH v4 30/30] iotests: Add tests for qcow2 images with extended L2 entries

[Alberto Garcia]

On Thu 09 Apr 2020 02:22:37 PM CEST, Max Reitz wrote:
>> +### Write subcluster #31-#34 (cluster overlap) ###
>
> #31-#34, I think.

That's what I wrote :-?

>> +### Partially zeroize an unallocated cluster (#3)
>> +if [ "$use_backing_file" = "yes" ]; then
>> +alloc="`seq 0 15`"; zero=""
>
> Isn’t this a TODO?  (I.e., ideally we’d want the first 16 subclusters
> to be zero, and the last 16 subclusters to be unallocated, right?)
>
> (I’m asking because you did raise a TODO for the “Zero subcluster #1”
> test)

Maybe, but I just implemented zeroize at the subcluster level :-) Wait
for the next version of the series.

>> +echo
>> +echo "### Compressed cluster with subcluster bitmap != 0 - 
>> $corruption_test_cmd test ###"
>> +echo
>> +# We actually don't consider this a corrupted image.
>> +# The bitmap in compressed clusters is unused so QEMU should just 
>> ignore it.
>> +_make_test_img 1M
>> +$QEMU_IO -c 'write -q -P 11 -c 0 64k' "$TEST_IMG"
>> +poke_file "$TEST_IMG" $(($l2_offset+11)) "\x01\x01"
>> +alloc="24"; zero="0"
>> +_verify_l2_bitmap 0 "$alloc" "$zero"
>> +$QEMU_IO -c "$corruption_test_cmd -P 11 0 64k" "$TEST_IMG" | 
>> _filter_qemu_io
>
> It might be interesting to see the bitmap after the write, i.e., that
> it’s just been ignored.

Yeah, why not.

>> +echo "# 16K clusters, 64GB, extended_l2=off" # This needs one L1 table
>
> You mean one full L1 table cluster?
>
>> +$QEMU_IMG measure --size 64G -O qcow2 -o cluster_size=16k,extended_l2=off
>> +echo "# 16K clusters, 64GB, extended_l2=on"  # This needs two L2 tables
>
> And two full L1 table clusters?

You're right, I'll correct that.

Berto

[Bug 1872237] Re: SysTick reload behavior emulated incorrectly

[Bryan Cantrill]

@pmaydell: Thanks for the quick response!  For whatever it's worth, I think
that there's definitely a bunch of interest in the M-profile work:  in the
embedded Rust space (for example) Cortex-M is very much the reference 
platform.  Viz. the Embedded Rust Book:

  https://rust-embedded.github.io/book/

For this, we have been using an xPack QEMU fork:

  https://github.com/xpack-dev-tools/qemu-arm-xpack

Having a QEMU that had first-class support for a widely-available development
platform (e.g., the STM32F Discovery) would be of great interest to this
community -- and I'm sure many others!

To prevent filing of issues that are already known:  is there a list of
known issues with the M-profile with QEMU?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1872237

Title:
  SysTick reload behavior emulated incorrectly

Status in QEMU:
  New

Bug description:
  QEMU's emuation of SysTick on ARM is incorrect with respect to reload
  behavior.  This issue is described here, and also in a repository
  dedicated to the issue:

https://github.com/oxidecomputer/qemu-systick-bug

  
  (What follows is in Markdown, which I understand that Launchpad does
  not support; see the repository linked above for a rendering of it.)

  Take this Rust program:

  ```rust
  #![no_std]
  #![no_main]

  extern crate panic_semihosting;

  use cortex_m_rt::entry;
  use cortex_m_semihosting::hprintln;
  use cortex_m::peripheral::syst::SystClkSource;
  use cortex_m::peripheral::SYST;

  fn delay(syst: &mut cortex_m::peripheral::SYST, ms: u32)
  {
  /*
   * Configured for the LM3S6965, which has a default CPU clock of 12 Mhz
   */
  let reload = 12_000 * ms;

  syst.set_reload(reload);
  syst.clear_current();
  syst.enable_counter();

  hprintln!("waiting for {} ms (SYST_CVR={}) ...",
  ms, SYST::get_current()
  ).unwrap();

  while !syst.has_wrapped() {}

  hprintln!("  ... done (SYST_CVR={})\n",
  SYST::get_current()).unwrap();

  syst.disable_counter();
  }

  #[entry]
  fn main() -> ! {
  let p = cortex_m::Peripherals::take().unwrap();
  let mut syst = p.SYST;

  syst.set_clock_source(SystClkSource::Core);

  loop {
  delay(&mut syst, 1000);
  delay(&mut syst, 100);
  }
  }
  ```

  This program should oscillate between waiting for one second and waiting
  for 100 milliseconds.  Under hardware, this is more or less what it does
  (depending on core clock frequency); e.g., from an STM32F4107 (connected via
  OCD and with semi-hosting enabled):

  ```
  waiting for 1000 ms (SYST_CVR=1149) ...
... done (SYST_CVR=1102)

  waiting for 100 ms (SYST_CVR=1199949) ...
... done (SYST_CVR=1199897)

  waiting for 1000 ms (SYST_CVR=1149) ...
... done (SYST_CVR=11999885)

  waiting for 100 ms (SYST_CVR=1199949) ...
... done (SYST_CVR=1199897)

  waiting for 1000 ms (SYST_CVR=1149) ...
... done (SYST_CVR=11999885)

  ```

  Under QEMU, however, its behavior is quite different:

  ```
  $ cargo run
  Finished dev [unoptimized + debuginfo] target(s) in 0.03s
   Running `qemu-system-arm -cpu cortex-m3 -machine lm3s6965evb -nographic 
-semihosting-config enable=on,target=native -kernel 
target/thumbv7m-none-eabi/debug/qemu-systick-bug`
  waiting for 1000 ms (SYST_CVR=11999658) ...
... done (SYST_CVR=11986226)

  waiting for 100 ms (SYST_CVR=0) ...
... done (SYST_CVR=1186560)

  waiting for 1000 ms (SYST_CVR=1185996) ...
... done (SYST_CVR=11997350)

  waiting for 100 ms (SYST_CVR=0) ...
... done (SYST_CVR=1186581)
  ```

  In addition to the values being strangely wrong, the behavior is wrong:
  the first wait correctly waits for 1000 ms -- but the subsequent wait
  (which should be for 100 ms) is in fact 1000 ms, and the next wait (which
  should be for 1000 ms) is in fact 100 ms.  (That is, it appears as if
  the periods of the two delays have been switched.)

  The problems is that the QEMU ARM emulation code does not reload SYST_CVR from
  SYST_RVR if SYST_CSR.ENABLE is not set -- and moreover, that SYST_CVR is
  not reloaded from SYST_RVR even when SYST_CSR.ENABLE becomes set.  This is
  very explicit; from
  https://github.com/qemu/qemu/blob/8bac3ba57eecc466b7e73dabf7d19328a59f684e/hw/timer/armv7m_systick.c#L42-L60";>hw/timer/armv7m_systick.c:

  ```c
  static void systick_reload(SysTickState *s, int reset)
  {
  /* The Cortex-M3 Devices Generic User Guide says that "When the
   * ENABLE bit is set to 1, the counter loads the RELOAD value from the
   * SYST RVR register and then counts down". So, we need to check the
   * ENABLE bit before reloading the value.
   */
  trace_systick_reload();

  if ((s->control & SYSTICK_ENABLE) == 0) {
  return;
  }

  if (reset) {
  s->tick = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
  }
  s->tick += (s->reloa

Re: [Qemu-devel] [PATCH v3] net: cadence_gem: fix compilation error when debug is on

[Ramon Fried]

Hi.
Just noticed that this patch didn't hit master.
Got lost ?

Thanks,
Ramon.

On Sat, Jun 15, 2019 at 9:16 AM Ramon Fried  wrote:
>
>
>
> On June 15, 2019 8:38:35 AM GMT+03:00, "Philippe Mathieu-Daudé" 
>  wrote:
> >Hi Ramon,
> >
> >On 6/15/19 7:15 AM, Ramon Fried wrote:
> >> defining CADENCE_GEM_ERR_DEBUG causes compilation
> >> errors, fix that.
> >>
> >> Signed-off-by: Ramon Fried 
> >> ---
> >> v2: change %lx to HWADDR_PRIx and %lx to %zdx
> >> v3: change %zdx to %zx
> >>
> >>  hw/net/cadence_gem.c | 6 +++---
> >>  1 file changed, 3 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
> >> index 7f63411430..ecee22525c 100644
> >> --- a/hw/net/cadence_gem.c
> >> +++ b/hw/net/cadence_gem.c
> >> @@ -982,8 +982,8 @@ static ssize_t gem_receive(NetClientState *nc,
> >const uint8_t *buf, size_t size)
> >>  return -1;
> >>  }
> >>
> >> -DB_PRINT("copy %d bytes to 0x%x\n", MIN(bytes_to_copy,
> >rxbufsize),
> >> -rx_desc_get_buffer(s->rx_desc[q]));
> >> +DB_PRINT("copy %d bytes to 0x%" HWADDR_PRIx "\n",
> >MIN(bytes_to_copy, rxbufsize),
> >> +rx_desc_get_buffer(s, s->rx_desc[q]));
> >>
> >>  /* Copy packet data to emulated DMA buffer */
> >>  address_space_write(&s->dma_as, rx_desc_get_buffer(s,
> >s->rx_desc[q]) +
> >> @@ -1156,7 +1156,7 @@ static void gem_transmit(CadenceGEMState *s)
> >>  if (tx_desc_get_length(desc) > sizeof(tx_packet) -
> >> (p - tx_packet)) {
> >>  DB_PRINT("TX descriptor @ 0x%x too large: size 0x%x
> >space " \
> >> - "0x%x\n", (unsigned)packet_desc_addr,
> >> + "0x%zx\n", (unsigned)packet_desc_addr,
> >>   (unsigned)tx_desc_get_length(desc),
> >>   sizeof(tx_packet) - (p - tx_packet));
> >>  break;
> >>
> >
> >I still get an error when trying to build on 32bit host with
> >CADENCE_GEM_ERR_DEBUG enabled (pre-existing to your patch):
> >
> >  CC  hw/net/cadence_gem.o
> >./hw/net/cadence_gem.c: In function 'gem_receive':
> >./hw/net/cadence_gem.c:973:14: error: format '%ld' expects argument of
> >type 'long int', but argument 4 has type 'size_t {aka unsigned int}'
> >[-Werror=format=]
> >DB_PRINT("config bufsize: %d packet size: %ld\n", rxbufsize, size);
> >  ^
> >./hw/net/cadence_gem.c:38:24: note: in definition of macro 'DB_PRINT'
> > fprintf(stderr, ## __VA_ARGS__); \
> >^
> >cc1: all warnings being treated as errors
> >./rules.mak:69: recipe for target 'hw/net/cadence_gem.o' failed
> >make: *** [hw/net/cadence_gem.o] Error 1
> >
> >However the 64bit host is indeed fixed, so I'm fine with your patch:
> >Reviewed-by: Philippe Mathieu-Daudé 
> >Tested-by: Philippe Mathieu-Daudé 
> >
> >Regards,
> >
> >Phil.
> Thanks!
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [PATCH v2] net: cadence_gem: clear RX control descriptor

[Ramon Fried]

Hi.
Just noticed that this patch didn't hit master.
Got lost ?

Thanks,
Ramon.

On Tue, Jul 16, 2019 at 2:58 PM Jason Wang  wrote:
>
>
> On 2019/7/16 下午6:59, Ramon Fried wrote:
> > The RX ring descriptors control field is used for setting
> > SOF and EOF (start of frame and end of frame).
> > The SOF and EOF weren't cleared from the previous descriptors,
> > causing inconsistencies in ring buffer.
> > Fix that by clearing the control field of every descriptors we're
> > processing.
> >
> > Signed-off-by: Ramon Fried 
> > Reviewed-by: Philippe Mathieu-Daudé 
> >
> > ---
> > v2:
> >* change function name to rx_desc_clear_control as proposed by
> >  Jason Wang
> >* Move the function call above the comment, as proposed by
> >  Philippe Mathieu-Daudé
> >
> >   hw/net/cadence_gem.c | 7 +++
> >   1 file changed, 7 insertions(+)
> >
> > diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
> > index ecee22525c..cca3ce7f56 100644
> > --- a/hw/net/cadence_gem.c
> > +++ b/hw/net/cadence_gem.c
> > @@ -406,6 +406,11 @@ static inline void rx_desc_set_sof(uint32_t *desc)
> >   desc[1] |= DESC_1_RX_SOF;
> >   }
> >
> > +static inline void rx_desc_clear_control(uint32_t *desc)
> > +{
> > +desc[1]  = 0;
> > +}
> > +
> >   static inline void rx_desc_set_eof(uint32_t *desc)
> >   {
> >   desc[1] |= DESC_1_RX_EOF;
> > @@ -993,6 +998,8 @@ static ssize_t gem_receive(NetClientState *nc, const 
> > uint8_t *buf, size_t size)
> >   rxbuf_ptr += MIN(bytes_to_copy, rxbufsize);
> >   bytes_to_copy -= MIN(bytes_to_copy, rxbufsize);
> >
> > +rx_desc_clear_control(s->rx_desc[q]);
> > +
> >   /* Update the descriptor.  */
> >   if (first_desc) {
> >   rx_desc_set_sof(s->rx_desc[q]);
>
>
> Applied.
>
> Thanks
>

Re: Domain backup file explodes on s3fs

[Leo Luan]

Hi Eric and all,


When invoking "virsh backup-begin" to do a full backup using qcow2
driver to a new backup

target file that does not have a backing chain, is it safe to not zero
the unallocated

parts of the virtual disk?  Do we still depend on SEEK_DATA support in
this case to avoid

forcing zeros?


It looks like backup_run() in block/backup.c unsets the unallocated
parts of a copy bitmap

before starting the backup loop if s->sync_mode ==
MIRROR_SYNC_MODE_TOP. In a virsh backup-begin

full backup scenario, we observe that the mode is
MIRROR_SYNC_MODE_FULL, and the backup_loop()

function subsequently copies zeros for the entire virtual size,
including the unallocated parts

in the source qcow2 file.  Would it be safe to also unset the
unallocated parts in the copy

map when the sync_mode is MIRROR_SYNC_MODE_FULL if we know there is no
need to force zeros

because the target file is a new empty qcow2 file without a backing
file?  If so, maybe a

knob can be added to effect this behavior?


I guess the related code is changing in 5.0 and this issue may already
be adddressed.

Any updates/insights would be appreciated!


Thanks,

Leo


*From*: Eric Blake
*Subject*: Re: Domain backup file explodes on s3fs
*Date*: Tue, 7 Apr 2020 14:37:26 -0500
*User-agent*: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.6.0
--

[adding libvirt list]

On 4/7/20 2:13 PM, Tim Haley wrote:

Hi all,


Have been playing with `virsh backup-begin` of late and think it's an excellent
feature. I've noticed one behavior I'm not sure I understand.

It looks like https://bugzilla.redhat.com/show_bug.cgi?id=1814664 is a similar
description of the same problem: namely, if qemu is not able to determine
that the destination already reads as zero, then it forcefully zeroes the
destination of a backup job. We may want to copy the fact that qemu 5.0 is
adding 'qemu-img convert --target-is-zero' to add a similar knob to the QMP
commands that trigger disk copying (blockdev-backup, blockdev-mirror,
possibly others) as well as logic to avoid writing zeroes when the
destination is already treated as zero (whether by a probe, or by the knob
being set).

...


If my /backups directory is just XFS, I get a backup file that looks like
it is just the size of data blocks in use

-rw--- 1 root  root  2769551360 Mar 19 16:56
vda.2aa450cc-6d2e-11ea-8de0-52542e0d008a

For a local file, qemu is easily able to probe whether the destination starts
as all zeroes (thanks to lseek(SEEK_DATA));

but if I write to an s3fs (object storage backend) the file blows up to the
whole size of the disk

-rw--- 1 root  root  8591507456 Mar 18 19:03
vda.2aa450cc-6d2e-11ea-8de0-52542e0d008a

whereas for s3fs, it looks like qemu does not have access to a quick test
to learn if the image starts all zero (POSIX does not provide a quick way
for doing this on a generic block device, but if you are aware of an ioctl
or otherwise that qemu could use, that might be helpful). Or maybe the s3fs
really is random contents rather than all zero, in which case forcefully
writing zeroes is the only correct behavior.

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Supported Sphinx Versions (was: Re: [PATCH for-5.0? 0/3] Make docs build work with Sphinx 3)

[John Snow]

On 4/11/20 2:29 PM, Peter Maydell wrote:
> Our current docs don't build with Sphinx 3, as noted in
> https://bugs.launchpad.net/bugs/1872113 -- this is a combination of:
>  (1) we are using the sphinx-build -W option so warnings are treated
>  as errors
>  (3) a kernel-doc script bug meant it was omitting a close-paren
>  when a function parameter was a function pointer; older Sphinx
>  ignored this but Sphinx 3 parses the function declaration and
>  warns about it; and because of (1) this is fatal to the QEMU build
>  (2) Sphinx 3 makes a breaking change in how it wants C structs
>  to be marked up (moving from 'c:type:: struct Foo' to
>  'c:struct:: Foo'); our use of the old syntax provokes a
>  warning, which again because of point (1) is fatal
> 
> Patch 1 extends configure's --disable-werror to cover Sphinx as
> well as the C compiler, so that at least there is a workaround
> (which will be automatic for release builds).
> 
> Patch 2 fixes the trivial kernel-doc bug.
> 
> Patch 3 adds and uses a new --sphinx-version option to kernel-doc,
> so that our Sphinx plugin can pass the Sphinx version down and
> the script can then choose the right syntax.
> 
> I've marked this up as 'for-5.0?' because I think it would be
> nice if at least patch 1 went in. Patch 2 seems uncontroversial
> (though I guess we should forward it up to the kernel folks
> since kernel-doc is from them originally). Patch 3 is the
> expedient change, but you could argue about whether this is
> the best way to tell kernel-doc what to do.
> 
> thanks
> -- PMM
> 

I was curious about our actual version compatibility, so I did some testing.

I modified configure to prefer 'sphinx-build' over 'sphinx-build-3' so
it would use my venv version, and then;

>From my qemu build directory (~/src/qemu/bin/git):

> python3 -m venv 200
> source ./200/bin/activate.fish
> pip install sphinx==2.0.0
> ../../configure --target-list='x86_64-softmmu' --enable-debug
--enable-docs; and cat config-host.mak | grep sphinx; and make html;


Repeat the process for the major versions we believe that we support in
the abstract (1.3.x through 2.4.x):

1.3: Can't even pass the configure check with a blank document.

Exception occurred:
  File
"/home/jhuston/src/qemu/bin/git/130/lib64/python3.7/site-packages/sphinx/environment.py",
line 146, in __init__
FileInput.__init__(self, *args, **kwds)
TypeError: __init__() got an unexpected keyword argument 'handle_io_errors'
The full traceback has been saved in /tmp/sphinx-err-owwisn63.log, if
you want to report the issue to the developers.

No idea.


1.4 - 1.4.9: Fails to build.

Warning, treated as error:
/home/jsnow/src/qemu/docs/system/images.rst:4: SEVERE: Duplicate ID:
"cmdoption-qcow2-arg-encrypt".

It doesn't seem to like the "encrypt.FOO" section names here and
considers them duplicates, cutting off at the '.'.

Not clear if there's a fix, or if it's worth caring about.


1.5 - 1.5.6: Fails to build.

Warning, treated as error:
/home/jsnow/src/qemu/docs/system/invocation.rst:544: WARNING: Malformed
option description '[enable=]PATTERN', should look like "opt", "-opt
args", "--opt args", "/opt args" or "+opt args"

... I actually don't know where this one goes wrong; that's not a valid
line number there. device-url-syntax.rst.inc isn't that long either, so
I don't know what this correlates to, unfortunately.

1.6.1 through 2.2.2 all appear to work just fine, but produce a lot of
warnings about a coming incompatibility with Docutils > 0.16.

2.3.0 - 2.4.4 work silently with Docutils 0.16.

3.0.0: Notably fails, as is the subject of this patch. :)




Conclusion:

Required: >= 1.6.1
Recommended: >= 2.3.0



We can make this a little easier by using python virtual environments as
part of our build tree; we can freeze version dependencies if we want to
get more reproducible python builds.

We might also begin "installing" the QAPI generator module into such a
virtual environment such that the include statements are written in a
more formal manner, which will assist for pylint and mypy gating, but
that's another email.


I want to send patches to:

1. Change configure to try and prefer a virtualenv version of
sphinx-build, when found

2. Change sphinx conf.py to require >= 1.6.1 so that the requirement is
documented

3. Update documentation (somewhere?) explaining our sphinx dependency
and which versions are required and why ("Because 1.5.x does not work
with our tree.")

--js

Re: [Qemu-devel] [PATCH v3] net: cadence_gem: fix compilation error when debug is on

[Ramon Fried]

False alarm, exact same patch was merged by someone else.

On Mon, Apr 13, 2020 at 8:55 PM Ramon Fried  wrote:
>
> Hi.
> Just noticed that this patch didn't hit master.
> Got lost ?
>
> Thanks,
> Ramon.
>
> On Sat, Jun 15, 2019 at 9:16 AM Ramon Fried  wrote:
> >
> >
> >
> > On June 15, 2019 8:38:35 AM GMT+03:00, "Philippe Mathieu-Daudé" 
> >  wrote:
> > >Hi Ramon,
> > >
> > >On 6/15/19 7:15 AM, Ramon Fried wrote:
> > >> defining CADENCE_GEM_ERR_DEBUG causes compilation
> > >> errors, fix that.
> > >>
> > >> Signed-off-by: Ramon Fried 
> > >> ---
> > >> v2: change %lx to HWADDR_PRIx and %lx to %zdx
> > >> v3: change %zdx to %zx
> > >>
> > >>  hw/net/cadence_gem.c | 6 +++---
> > >>  1 file changed, 3 insertions(+), 3 deletions(-)
> > >>
> > >> diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
> > >> index 7f63411430..ecee22525c 100644
> > >> --- a/hw/net/cadence_gem.c
> > >> +++ b/hw/net/cadence_gem.c
> > >> @@ -982,8 +982,8 @@ static ssize_t gem_receive(NetClientState *nc,
> > >const uint8_t *buf, size_t size)
> > >>  return -1;
> > >>  }
> > >>
> > >> -DB_PRINT("copy %d bytes to 0x%x\n", MIN(bytes_to_copy,
> > >rxbufsize),
> > >> -rx_desc_get_buffer(s->rx_desc[q]));
> > >> +DB_PRINT("copy %d bytes to 0x%" HWADDR_PRIx "\n",
> > >MIN(bytes_to_copy, rxbufsize),
> > >> +rx_desc_get_buffer(s, s->rx_desc[q]));
> > >>
> > >>  /* Copy packet data to emulated DMA buffer */
> > >>  address_space_write(&s->dma_as, rx_desc_get_buffer(s,
> > >s->rx_desc[q]) +
> > >> @@ -1156,7 +1156,7 @@ static void gem_transmit(CadenceGEMState *s)
> > >>  if (tx_desc_get_length(desc) > sizeof(tx_packet) -
> > >> (p - tx_packet)) {
> > >>  DB_PRINT("TX descriptor @ 0x%x too large: size 0x%x
> > >space " \
> > >> - "0x%x\n", (unsigned)packet_desc_addr,
> > >> + "0x%zx\n", (unsigned)packet_desc_addr,
> > >>   (unsigned)tx_desc_get_length(desc),
> > >>   sizeof(tx_packet) - (p - tx_packet));
> > >>  break;
> > >>
> > >
> > >I still get an error when trying to build on 32bit host with
> > >CADENCE_GEM_ERR_DEBUG enabled (pre-existing to your patch):
> > >
> > >  CC  hw/net/cadence_gem.o
> > >./hw/net/cadence_gem.c: In function 'gem_receive':
> > >./hw/net/cadence_gem.c:973:14: error: format '%ld' expects argument of
> > >type 'long int', but argument 4 has type 'size_t {aka unsigned int}'
> > >[-Werror=format=]
> > >DB_PRINT("config bufsize: %d packet size: %ld\n", rxbufsize, size);
> > >  ^
> > >./hw/net/cadence_gem.c:38:24: note: in definition of macro 'DB_PRINT'
> > > fprintf(stderr, ## __VA_ARGS__); \
> > >^
> > >cc1: all warnings being treated as errors
> > >./rules.mak:69: recipe for target 'hw/net/cadence_gem.o' failed
> > >make: *** [hw/net/cadence_gem.o] Error 1
> > >
> > >However the 64bit host is indeed fixed, so I'm fine with your patch:
> > >Reviewed-by: Philippe Mathieu-Daudé 
> > >Tested-by: Philippe Mathieu-Daudé 
> > >
> > >Regards,
> > >
> > >Phil.
> > Thanks!
> >
> > --
> > Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [PATCH for-5.0] qcow2: Add incompatibility note between backing files and raw external data files

[Eric Blake]

On 4/10/20 7:18 AM, Alberto Garcia wrote:

Backing files and raw external data files are mutually exclusive.
The documentation of the raw external data bit (in autoclear_features)
already indicates that, but we should also mention it on the other
side.

Suggested-by: Eric Blake 
Signed-off-by: Alberto Garcia 
---
  docs/interop/qcow2.txt | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/docs/interop/qcow2.txt b/docs/interop/qcow2.txt
index 640e0eca40..298a031310 100644
--- a/docs/interop/qcow2.txt
+++ b/docs/interop/qcow2.txt
@@ -25,6 +25,9 @@ The first cluster of a qcow2 image contains the file header:
  is stored (NB: The string is not null terminated). 0 if 
the
  image doesn't have a backing file.
  
+Note: backing files are incompatible with raw external data

+files (auto-clear feature bit 1).
+
   16 - 19:   backing_file_size
  Length of the backing file name in bytes. Must not be
  longer than 1023 bytes. Undefined if the image doesn't 
have



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH] hax: Windows doesn't like posix device names

[Volker Rümelin]

> On 22/03/20 22:02, Volker Rümelin wrote:
>> Patch acb9f95a7c "i386: Fix GCC warning with snprintf when HAX
>> is enabled" replaced Windows device names with posix device
>> names. Revert this.
>>
>> Fixes: acb9f95a7c "i386: Fix GCC warning with snprintf when HAX is enabled"

>> Queued, thanks.
>>
>> Paolo
>>

Hi Paolo,

I would like to remind you that without this patch qemu 5.0 on Windows will not 
work with HAX. There is already a bug report at

https://bugs.launchpad.net/bugs/1871250

With best regards,
Volker

[Bug 1872237] Re: SysTick reload behavior emulated incorrectly

[Peter Maydell]

Other than the systick issue, I think the core M-profile emulation
should be pretty solid (bugs are always possible, of course). We have
support for v6M (cortex-m0), v7M (cortex-m3, m4) and v8M (cortex-m33,
including the security extension) and at least some board models for all
of those. No v8.1M yet (that is next on my todo list). Board and device
support in QEMU is in general more likely to have missing features than
the core cpu emulation, but I can't think of anything specifically
annoyingly missing offhand. Of the upstream board models, the various
MPS2 boards are I think fairly solid, as are the Musca board models. We
also have a Netduino 2 and a Netduino Plus 2 model which I think ought
to be OK. The Stellaris boards (lm3s6965evb and lm3s811evb) are rather
older and I dunno that I'd recommend them unless you have no other
choice.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1872237

Title:
  SysTick reload behavior emulated incorrectly

Status in QEMU:
  New

Bug description:
  QEMU's emuation of SysTick on ARM is incorrect with respect to reload
  behavior.  This issue is described here, and also in a repository
  dedicated to the issue:

https://github.com/oxidecomputer/qemu-systick-bug

  
  (What follows is in Markdown, which I understand that Launchpad does
  not support; see the repository linked above for a rendering of it.)

  Take this Rust program:

  ```rust
  #![no_std]
  #![no_main]

  extern crate panic_semihosting;

  use cortex_m_rt::entry;
  use cortex_m_semihosting::hprintln;
  use cortex_m::peripheral::syst::SystClkSource;
  use cortex_m::peripheral::SYST;

  fn delay(syst: &mut cortex_m::peripheral::SYST, ms: u32)
  {
  /*
   * Configured for the LM3S6965, which has a default CPU clock of 12 Mhz
   */
  let reload = 12_000 * ms;

  syst.set_reload(reload);
  syst.clear_current();
  syst.enable_counter();

  hprintln!("waiting for {} ms (SYST_CVR={}) ...",
  ms, SYST::get_current()
  ).unwrap();

  while !syst.has_wrapped() {}

  hprintln!("  ... done (SYST_CVR={})\n",
  SYST::get_current()).unwrap();

  syst.disable_counter();
  }

  #[entry]
  fn main() -> ! {
  let p = cortex_m::Peripherals::take().unwrap();
  let mut syst = p.SYST;

  syst.set_clock_source(SystClkSource::Core);

  loop {
  delay(&mut syst, 1000);
  delay(&mut syst, 100);
  }
  }
  ```

  This program should oscillate between waiting for one second and waiting
  for 100 milliseconds.  Under hardware, this is more or less what it does
  (depending on core clock frequency); e.g., from an STM32F4107 (connected via
  OCD and with semi-hosting enabled):

  ```
  waiting for 1000 ms (SYST_CVR=1149) ...
... done (SYST_CVR=1102)

  waiting for 100 ms (SYST_CVR=1199949) ...
... done (SYST_CVR=1199897)

  waiting for 1000 ms (SYST_CVR=1149) ...
... done (SYST_CVR=11999885)

  waiting for 100 ms (SYST_CVR=1199949) ...
... done (SYST_CVR=1199897)

  waiting for 1000 ms (SYST_CVR=1149) ...
... done (SYST_CVR=11999885)

  ```

  Under QEMU, however, its behavior is quite different:

  ```
  $ cargo run
  Finished dev [unoptimized + debuginfo] target(s) in 0.03s
   Running `qemu-system-arm -cpu cortex-m3 -machine lm3s6965evb -nographic 
-semihosting-config enable=on,target=native -kernel 
target/thumbv7m-none-eabi/debug/qemu-systick-bug`
  waiting for 1000 ms (SYST_CVR=11999658) ...
... done (SYST_CVR=11986226)

  waiting for 100 ms (SYST_CVR=0) ...
... done (SYST_CVR=1186560)

  waiting for 1000 ms (SYST_CVR=1185996) ...
... done (SYST_CVR=11997350)

  waiting for 100 ms (SYST_CVR=0) ...
... done (SYST_CVR=1186581)
  ```

  In addition to the values being strangely wrong, the behavior is wrong:
  the first wait correctly waits for 1000 ms -- but the subsequent wait
  (which should be for 100 ms) is in fact 1000 ms, and the next wait (which
  should be for 1000 ms) is in fact 100 ms.  (That is, it appears as if
  the periods of the two delays have been switched.)

  The problems is that the QEMU ARM emulation code does not reload SYST_CVR from
  SYST_RVR if SYST_CSR.ENABLE is not set -- and moreover, that SYST_CVR is
  not reloaded from SYST_RVR even when SYST_CSR.ENABLE becomes set.  This is
  very explicit; from
  https://github.com/qemu/qemu/blob/8bac3ba57eecc466b7e73dabf7d19328a59f684e/hw/timer/armv7m_systick.c#L42-L60";>hw/timer/armv7m_systick.c:

  ```c
  static void systick_reload(SysTickState *s, int reset)
  {
  /* The Cortex-M3 Devices Generic User Guide says that "When the
   * ENABLE bit is set to 1, the counter loads the RELOAD value from the
   * SYST RVR register and then counts down". So, we need to check the
   * ENABLE bit before reloading the value.
   */
  trace_systick_reload();

  if ((s->control & SYSTICK_ENABLE) == 0) {
  

Re: Supported Sphinx Versions (was: Re: [PATCH for-5.0? 0/3] Make docs build work with Sphinx 3)

[Peter Maydell]

On Mon, 13 Apr 2020 at 19:08, John Snow  wrote:
> I was curious about our actual version compatibility, so I did some testing.

Thanks for doing the testing.

> 1.6.1 through 2.2.2 all appear to work just fine, but produce a lot of
> warnings about a coming incompatibility with Docutils > 0.16.

FWIW, I don't get this warning with the stock Ubuntu
1.6.7. The only time I did see it was when I'd managed
to accidentally install half of Sphinx 3 to my ~/.local
directory and I think it was the system Sphinx and an
upgraded docutils or some other weird combo.

> Conclusion:
>
> Required: >= 1.6.1
> Recommended: >= 2.3.0

I think that what we actually care about is the usual thing:
do we build OK with the version of sphinx-build shipped by
every distro on our support list?

thanks
-- PMM

Re: [PATCH] .gitignore: include common build sub-directories

[Eric Blake]

On 4/13/20 11:29 AM, Alex Bennée wrote:

As out-of-tree builds become more common (or rather building in a
subdir) we can add a lot of load to "git ls-files" as it hunts down
sub-directories that are irrelevant to the source tree. This is
especially annoying if you have a prompt that attempts to summarise
the current git status on command completion.

Signed-off-by: Alex Bennée 
---
  .gitignore | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 0c5af83aa74..7757dc08a08 100644
--- a/.gitignore
+++ b/.gitignore
@@ -141,6 +141,8 @@ cscope.*
  tags
  TAGS
  docker-src.*
+build
+builds


Would 'build-*' be worth adding as well?

The idea makes sense to me (as I've already done the same in my 
./git/info/exclude locally),

Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: Supported Sphinx Versions (was: Re: [PATCH for-5.0? 0/3] Make docs build work with Sphinx 3)

[John Snow]

On 4/13/20 2:22 PM, Peter Maydell wrote:
> On Mon, 13 Apr 2020 at 19:08, John Snow  wrote:
>> I was curious about our actual version compatibility, so I did some testing.
> 
> Thanks for doing the testing.
> 
>> 1.6.1 through 2.2.2 all appear to work just fine, but produce a lot of
>> warnings about a coming incompatibility with Docutils > 0.16.
> 
> FWIW, I don't get this warning with the stock Ubuntu
> 1.6.7. The only time I did see it was when I'd managed
> to accidentally install half of Sphinx 3 to my ~/.local
> directory and I think it was the system Sphinx and an
> upgraded docutils or some other weird combo.
> 

Yeah, it depends on what versions you pull in. I am using `pip` to
install sphinx straight from PyPI, and the version dependency resolution
opts for "the latest that isn't prohibited by the repository", which
means that I am using (very likely) some cutting edge dependencies for
an older version of sphinx.

That's OK, it works just fine -- just a note, is all. It likely works
completely quietly if you scoot back down to Docutils 0.15.

(The requirements specify only Docutils >= 0.12. Eventually, older
sphinx installations may break when Docutils 0.17 comes out unless you
start pinning versions manually.)

>> Conclusion:
>>
>> Required: >= 1.6.1
>> Recommended: >= 2.3.0
> 
> I think that what we actually care about is the usual thing:
> do we build OK with the version of sphinx-build shipped by
> every distro on our support list?

Sure; if any distro ships a version that's outside of what I laid out
above it would be good to fix and check.

We can also tighten and document the versions so if we do fall outside
of that by accident, we'll catch it during RC testing phase.

I'm using this to make a quick assessment:
https://repology.org/project/python:sphinx/versions

Fedora:
30: 1.8.4
31: 2.1.2

OpenSUSE:
15.1: 1.7.6

Ubuntu:
19.10: 1.8.5
20.04/LTS: 1.8.5

Debian:
8/Jessie: We don't support this anymore AFAIUI.
9/Stretch: 1.4.8 -- Broken at present!
10/Buster: 1.8.3

Ubuntu LTS:
16.04: Dropped
18.04: 1.6.7
20.04: 1.8.5

RHEL:
EPEL7: 1.2.3 -- way, way too old!
RHEL8: 1.7.6 [via CentOS8]



We *might* need to do some surgery to support Stretch, and EPEL7 fell
off the wagon entirely if repology is to believe -- it doesn't support
our stated minimum of simply having the "Alabaster" theme, which comes
in 1.3.

For RHEL7 we *could* start using a virtual environment, which would help
alleviate the wide version spread.

...are we opposed to this kind of thing? Has there been a discussion before?

Targeting the native repo versions is nice (and we should continue to
make a best effort there), but we *could* start offering a virtual
python environment for the builds that grabs very precise versions.

--js

Re: [PULL 0/4] pc: bugfixes, maintainers

[Peter Maydell]

On Mon, 13 Apr 2020 at 12:09, Michael S. Tsirkin  wrote:
>
> The following changes since commit f3bac27cc1e303e1860cc55b9b6889ba39dee587:
>
>   Update version for v5.0.0-rc2 release (2020-04-07 23:13:37 +0100)
>
> are available in the Git repository at:
>
>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>
> for you to fetch changes up to ce4adc0b6e6167091373389ef8befd379c61fddb:
>
>   exec: Fix for qemu_ram_resize() callback (2020-04-13 06:55:54 -0400)
>
> 
> pc: bugfixes, maintainers
>
> A couple of bugfixes.
> Add a new vhost-user-blk maintainer.
>
> Signed-off-by: Michael S. Tsirkin 


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.

-- PMM

[PATCH-for-5.1 v3 6/7] hw/mips/mips_malta: Use &error_abort in MachineClass::init -> create_cps

[Philippe Mathieu-Daudé]

Running the coccinelle script produced:

  $ spatch \
--macro-file scripts/cocci-macro-file.h --include-headers \
--sp-file scripts/coccinelle/find-missing-error_propagate.cocci \
--keep-comments --smpl-spacing --dir .
  HANDLING: ./hw/mips/mips_malta.c
  [[manual check required: error_propagate() might be missing in 
object_property_set_int() ./hw/mips/mips_malta.c:1193:4]]
  [[manual check required: error_propagate() might be missing in 
object_property_set_str() ./hw/mips/mips_malta.c:1192:4]]

Since create_cps() is called from a MachineClass::init(),
replace local Error* by &error_abort.

Suggested-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
v3: Use &error_fatal (rth)
---
 hw/mips/mips_malta.c | 15 +--
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index e4c4de1b4e..477ee6cc5b 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -51,7 +51,6 @@
 #include "sysemu/reset.h"
 #include "sysemu/runstate.h"
 #include "qapi/error.h"
-#include "qemu/error-report.h"
 #include "hw/empty_slot.h"
 #include "sysemu/kvm.h"
 #include "hw/semihosting/semihost.h"
@@ -1185,17 +1184,13 @@ static void create_cpu_without_cps(MachineState *ms,
 static void create_cps(MachineState *ms, MaltaState *s,
qemu_irq *cbus_irq, qemu_irq *i8259_irq)
 {
-Error *err = NULL;
-
 sysbus_init_child_obj(OBJECT(s), "cps", OBJECT(&s->cps), sizeof(s->cps),
   TYPE_MIPS_CPS);
-object_property_set_str(OBJECT(&s->cps), ms->cpu_type, "cpu-type", &err);
-object_property_set_int(OBJECT(&s->cps), ms->smp.cpus, "num-vp", &err);
-object_property_set_bool(OBJECT(&s->cps), true, "realized", &err);
-if (err != NULL) {
-error_report("%s", error_get_pretty(err));
-exit(1);
-}
+object_property_set_str(OBJECT(&s->cps), ms->cpu_type, "cpu-type",
+&error_fatal);
+object_property_set_int(OBJECT(&s->cps), ms->smp.cpus, "num-vp",
+&error_fatal);
+object_property_set_bool(OBJECT(&s->cps), true, "realized", &error_fatal);
 
 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s->cps), 0, 0, 1);
 
-- 
2.21.1

[PATCH] spapr_nvdimm.c: make 'label-size' mandatory

[Daniel Henrique Barboza]

The pseries machine does not support NVDIMM modules without label.
Attempting to do so, even if the overall block size is aligned with
256MB, will seg fault the guest kernel during NVDIMM probe. This
can be avoided by forcing 'label-size' to always be present for
sPAPR NVDIMMs.

The verification was put before the alignment check because the
presence of label-size affects the alignment calculation, so
it's not optimal to warn the user about an alignment error,
then about the lack of label-size, then about a new alignment
error when the user sets a label-size.

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr_nvdimm.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/hw/ppc/spapr_nvdimm.c b/hw/ppc/spapr_nvdimm.c
index 25be8082d7..9abcdcc26b 100644
--- a/hw/ppc/spapr_nvdimm.c
+++ b/hw/ppc/spapr_nvdimm.c
@@ -37,6 +37,12 @@ void spapr_nvdimm_validate_opts(NVDIMMDevice *nvdimm, 
uint64_t size,
 QemuUUID uuid;
 int ret;
 
+if (object_property_get_int(OBJECT(nvdimm), NVDIMM_LABEL_SIZE_PROP,
+&error_abort) == 0) {
+error_setg(errp, "NVDIMM device requires label-size to be set");
+return;
+}
+
 if (size % SPAPR_MINIMUM_SCM_BLOCK_SIZE) {
 error_setg(errp, "NVDIMM memory size excluding the label area"
" must be a multiple of %" PRIu64 "MB",
-- 
2.25.2

[PATCH-for-5.1 v3 7/7] qga/commands-win32: Add missing error-propagation code

[Philippe Mathieu-Daudé]

Running the coccinelle script produced:

  $ spatch \
--macro-file scripts/cocci-macro-file.h --include-headers \
--sp-file scripts/coccinelle/find-missing-error_propagate.cocci \
--keep-comments --smpl-spacing --dir .
  HANDLING: ./qga/commands-win32.c
  [[manual check required: error_propagate() might be missing in 
acquire_privilege() ./qga/commands-win32.c:1344:4]]
  [[manual check required: error_propagate() might be missing in 
acquire_privilege() ./qga/commands-win32.c:1360:4]]
  [[manual check required: error_propagate() might be missing in 
check_suspend_mode() ./qga/commands-win32.c:1343:4]]
  [[manual check required: error_propagate() might be missing in 
check_suspend_mode() ./qga/commands-win32.c:1359:4]]

Add the missing error_propagate() after review.

Signed-off-by: Philippe Mathieu-Daudé 
---
 .../use-error_abort-in-instance_init.cocci| 17 
 qga/commands-win32.c  | 26 +--
 2 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/scripts/coccinelle/use-error_abort-in-instance_init.cocci 
b/scripts/coccinelle/use-error_abort-in-instance_init.cocci
index 8302d74a0c..706c60163c 100644
--- a/scripts/coccinelle/use-error_abort-in-instance_init.cocci
+++ b/scripts/coccinelle/use-error_abort-in-instance_init.cocci
@@ -24,29 +24,22 @@ identifier instance_initfn;
 info.instance_init = instance_initfn;
 
 
-@ use_error_abort @
+@ use_error_abort_in_instance_init @
 identifier match_instance_init.instance_initfn;
-identifier func_with_error;
-expression parentobj, propname, childobj, size, type, errp;
+identifier func_with_error != {qbus_create_inplace, object_initialize_child};
 position pos;
 @@
 void instance_initfn(...)
 {
<+...
-(
-   object_initialize_child(parentobj, propname,
-   childobj, size, type,
-   errp, NULL);
-|
func_with_error@pos(...,
 -   NULL);
 +   &error_abort);
-)
...+>
 }
 
 
-@script:python depends on use_error_abort && !has_qapi_error@
-p << use_error_abort.pos;
+@ depends on use_error_abort_in_instance_init && !has_qapi_error @
 @@
-print('[[manual edit required, %s misses #include "qapi/error.h"]]' % 
p[0].file)
+#include ...
++   #include "qapi/error.h"
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index b49920e201..8b66098056 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -1341,13 +1341,18 @@ void qmp_guest_suspend_disk(Error **errp)
 
 *mode = GUEST_SUSPEND_MODE_DISK;
 check_suspend_mode(*mode, &local_err);
+if (local_err) {
+goto out;
+}
 acquire_privilege(SE_SHUTDOWN_NAME, &local_err);
+if (local_err) {
+goto out;
+}
 execute_async(do_suspend, mode, &local_err);
 
-if (local_err) {
-error_propagate(errp, local_err);
-g_free(mode);
-}
+out:
+error_propagate(errp, local_err);
+g_free(mode);
 }
 
 void qmp_guest_suspend_ram(Error **errp)
@@ -1357,13 +1362,18 @@ void qmp_guest_suspend_ram(Error **errp)
 
 *mode = GUEST_SUSPEND_MODE_RAM;
 check_suspend_mode(*mode, &local_err);
+if (local_err) {
+goto out;
+}
 acquire_privilege(SE_SHUTDOWN_NAME, &local_err);
+if (local_err) {
+goto out;
+}
 execute_async(do_suspend, mode, &local_err);
 
-if (local_err) {
-error_propagate(errp, local_err);
-g_free(mode);
-}
+out:
+error_propagate(errp, local_err);
+g_free(mode);
 }
 
 void qmp_guest_suspend_hybrid(Error **errp)
-- 
2.21.1

[PATCH-for-5.1 v3 1/7] scripts/coccinelle: Use &error_abort in TypeInfo::instance_init()

[Philippe Mathieu-Daudé]

The instance_init() calls are not suppose to fail. Add a
Coccinelle script to use &error_abort instead of ignoring
errors by using a NULL Error*.

Signed-off-by: Philippe Mathieu-Daudé 
---
v3: Improved script (Vladimir Sementsov-Ogievskiy suggestions)

 .../use-error_abort-in-instance_init.cocci| 45 +++
 MAINTAINERS   |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 scripts/coccinelle/use-error_abort-in-instance_init.cocci

diff --git a/scripts/coccinelle/use-error_abort-in-instance_init.cocci 
b/scripts/coccinelle/use-error_abort-in-instance_init.cocci
new file mode 100644
index 00..706c60163c
--- /dev/null
+++ b/scripts/coccinelle/use-error_abort-in-instance_init.cocci
@@ -0,0 +1,45 @@
+// Use &error_abort in TypeInfo::instance_init()
+//
+// Copyright: (C) 2020 Philippe Mathieu-Daudé
+// This work is licensed under the terms of the GNU GPLv2 or later.
+//
+// spatch \
+//  --macro-file scripts/cocci-macro-file.h --include-headers \
+//  --sp-file scripts/coccinelle/use-error_abort-in-instance_init.cocci \
+//  --keep-comments --in-place
+//
+// Inspired by 
https://www.mail-archive.com/qemu-devel@nongnu.org/msg692500.html
+// and https://www.mail-archive.com/qemu-devel@nongnu.org/msg693637.html
+
+
+@ has_qapi_error @
+@@
+#include "qapi/error.h"
+
+
+@ match_instance_init @
+TypeInfo info;
+identifier instance_initfn;
+@@
+info.instance_init = instance_initfn;
+
+
+@ use_error_abort_in_instance_init @
+identifier match_instance_init.instance_initfn;
+identifier func_with_error != {qbus_create_inplace, object_initialize_child};
+position pos;
+@@
+void instance_initfn(...)
+{
+   <+...
+   func_with_error@pos(...,
+-   NULL);
++   &error_abort);
+   ...+>
+}
+
+
+@ depends on use_error_abort_in_instance_init && !has_qapi_error @
+@@
+#include ...
++   #include "qapi/error.h"
diff --git a/MAINTAINERS b/MAINTAINERS
index f996e72780..77b93612bc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2060,6 +2060,7 @@ F: scripts/coccinelle/error-use-after-free.cocci
 F: scripts/coccinelle/error_propagate_null.cocci
 F: scripts/coccinelle/remove_local_err.cocci
 F: scripts/coccinelle/simplify-init-realize-error_propagate.cocci
+F: scripts/coccinelle/use-error_abort-in-instance_init.cocci
 F: scripts/coccinelle/use-error_fatal.cocci
 F: scripts/coccinelle/use-error_propagate-in-realize.cocci
 
-- 
2.21.1

[PATCH-for-5.1 v3 3/7] scripts/coccinelle: Find eventually missing error_propagate() calls

[Philippe Mathieu-Daudé]

In some places in we put an error into a local Error*, but
forget to use it. Add a Coccinelle patch to find such cases
and report them.

Inspired-by: Peter Maydell 
Signed-off-by: Philippe Mathieu-Daudé 
---
 .../find-missing-error_propagate.cocci| 53 +++
 MAINTAINERS   |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 scripts/coccinelle/find-missing-error_propagate.cocci

diff --git a/scripts/coccinelle/find-missing-error_propagate.cocci 
b/scripts/coccinelle/find-missing-error_propagate.cocci
new file mode 100644
index 00..8b75b37b64
--- /dev/null
+++ b/scripts/coccinelle/find-missing-error_propagate.cocci
@@ -0,0 +1,53 @@
+// Find places likely missing error-propagation code, but code is too
+// complex for automatic transformation, so manual analysis is required.
+//
+// Copyright: (C) 2020 Philippe Mathieu-Daudé
+// This work is licensed under the terms of the GNU GPLv2 or later.
+//
+// spatch \
+//  --macro-file scripts/cocci-macro-file.h --include-headers \
+//  --sp-file scripts/coccinelle/find-missing-error_propagate.cocci
+//
+// Inspired by 
https://www.mail-archive.com/qemu-devel@nongnu.org/msg691638.html
+
+
+// First match two subsequent calls using local Error*
+// in function provided a Error** argument
+//
+@discard_func_with_errp_argument@
+typedef Error;
+Error *local_err;
+identifier func, errp, errfunc1, errfunc2;
+@@
+void func(..., Error **errp)
+{
+ <+...
+ errfunc1(..., &local_err);
+ ... when != local_err  // local_err is not used between the calls
+ errfunc2(..., &local_err);
+ ...+>
+}
+
+
+// Again, match two subsequent calls using local Error*
+// but ignoring within functions provided a Error** argument
+//
+@manual depends on never discard_func_with_errp_argument@
+Error *local_err;
+identifier errfunc1, errfunc2;
+position p;
+@@
+ errfunc1@p(..., &local_err);
+ ... when != local_err
+ errfunc2(..., &local_err);
+
+
+// As it is likely too complex to transform, report the hit
+//
+@script:python@
+f << manual.errfunc1;
+p << manual.p;
+@@
+print("[[manual check required: "
+  "error_propagate() might be missing in {}() {}:{}:{}]]".format(
+f, p[0].file, p[0].line, p[0].column))
diff --git a/MAINTAINERS b/MAINTAINERS
index 77b93612bc..1150ec95a8 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2058,6 +2058,7 @@ F: scripts/coccinelle/add-missing-error_propagate.cocci
 F: scripts/coccinelle/err-bad-newline.cocci
 F: scripts/coccinelle/error-use-after-free.cocci
 F: scripts/coccinelle/error_propagate_null.cocci
+F: scripts/coccinelle/find-missing-error_propagate.cocci
 F: scripts/coccinelle/remove_local_err.cocci
 F: scripts/coccinelle/simplify-init-realize-error_propagate.cocci
 F: scripts/coccinelle/use-error_abort-in-instance_init.cocci
-- 
2.21.1

[PATCH-for-5.1 v3 5/7] hw/mips/boston: Add missing error-propagation code

[Philippe Mathieu-Daudé]

Running the coccinelle script produced:

  $ spatch \
--macro-file scripts/cocci-macro-file.h --include-headers \
--sp-file scripts/coccinelle/find-missing-error_propagate.cocci \
--keep-comments --smpl-spacing --dir .
  HANDLING: ./hw/mips/boston.c
  [[manual check required: error_propagate() might be missing in 
object_property_set_int() ./hw/mips/boston.c:462:4]]
  [[manual check required: error_propagate() might be missing in 
object_property_set_str() ./hw/mips/boston.c:460:4]]

Since the uses are inside a MachineClass::init() function,
directly use &error_fatal instead of error_propagate().

Reviewed-by: Peter Maydell 
Reviewed-by: Aleksandar Markovic 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/boston.c | 17 ++---
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/hw/mips/boston.c b/hw/mips/boston.c
index 98ecd25e8e..2e821ca7d6 100644
--- a/hw/mips/boston.c
+++ b/hw/mips/boston.c
@@ -426,7 +426,6 @@ static void boston_mach_init(MachineState *machine)
 {
 DeviceState *dev;
 BostonState *s;
-Error *err = NULL;
 MemoryRegion *flash, *ddr_low_alias, *lcd, *platreg;
 MemoryRegion *sys_mem = get_system_memory();
 XilinxPCIEHost *pcie2;
@@ -458,19 +457,15 @@ static void boston_mach_init(MachineState *machine)
 sysbus_init_child_obj(OBJECT(machine), "cps", OBJECT(&s->cps),
   sizeof(s->cps), TYPE_MIPS_CPS);
 object_property_set_str(OBJECT(&s->cps), machine->cpu_type, "cpu-type",
-&err);
-object_property_set_int(OBJECT(&s->cps), machine->smp.cpus, "num-vp", 
&err);
-object_property_set_bool(OBJECT(&s->cps), true, "realized", &err);
-
-if (err != NULL) {
-error_report("%s", error_get_pretty(err));
-exit(1);
-}
-
+&error_fatal);
+object_property_set_int(OBJECT(&s->cps), machine->smp.cpus, "num-vp",
+&error_fatal);
+object_property_set_bool(OBJECT(&s->cps), true, "realized", &error_fatal);
 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s->cps), 0, 0, 1);
 
 flash =  g_new(MemoryRegion, 1);
-memory_region_init_rom(flash, NULL, "boston.flash", 128 * MiB, &err);
+memory_region_init_rom(flash, NULL, "boston.flash", 128 * MiB,
+   &error_fatal);
 memory_region_add_subregion_overlap(sys_mem, 0x1800, flash, 0);
 
 memory_region_add_subregion_overlap(sys_mem, 0x8000, machine->ram, 0);
-- 
2.21.1

[PATCH-for-5.1 v3 4/7] migration/colo: Add missing error-propagation code

[Philippe Mathieu-Daudé]

Running the coccinelle script produced:

  $ spatch \
--macro-file scripts/cocci-macro-file.h --include-headers \
--sp-file scripts/coccinelle/find-missing-error_propagate.cocci \
--keep-comments --smpl-spacing --dir .
  HANDLING: ./migration/colo.c
  [[manual check required: error_propagate() might be missing in 
migrate_set_block_enabled() ./migration/colo.c:439:4]]

Add the missing error_propagate() after review.

Reviewed-by: Juan Quintela 
Signed-off-by: Philippe Mathieu-Daudé 
---
 migration/colo.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/migration/colo.c b/migration/colo.c
index a54ac84f41..57b2adb0cc 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -437,6 +437,9 @@ static int colo_do_checkpoint_transaction(MigrationState *s,
 
 /* Disable block migration */
 migrate_set_block_enabled(false, &local_err);
+if (local_err) {
+goto out;
+}
 qemu_mutex_lock_iothread();
 
 #ifdef CONFIG_REPLICATION
-- 
2.21.1

Re: [PATCH-for-5.1 v3 03/24] hw/arm/allwinner-a10: Move some code from realize() to init()

[Philippe Mathieu-Daudé]

On 4/13/20 12:35 AM, Philippe Mathieu-Daudé wrote:
> Coccinelle reported:
> 
>   $ spatch ... --timeout 60 --sp-file \
> scripts/coccinelle/simplify-init-realize-error_propagate.cocci
>   HANDLING: ./hw/arm/allwinner-a10.c
>   >>> possible moves from aw_a10_init() to aw_a10_realize() in 
> ./hw/arm/allwinner-a10.c:77
> 
> Move the calls using &error_fatal which don't depend on input
> updated before realize() to init().
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> v3: Typo 'depend of' -> 'depend on' (eblake)
> ---
>  hw/arm/allwinner-a10.c | 26 +-
>  1 file changed, 13 insertions(+), 13 deletions(-)
> 
> diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
> index 62a67a3e1a..f41395734a 100644
> --- a/hw/arm/allwinner-a10.c
> +++ b/hw/arm/allwinner-a10.c
> @@ -60,10 +60,18 @@ static void aw_a10_init(Object *obj)
>  int i;
>  
>  for (i = 0; i < AW_A10_NUM_USB; i++) {
> +char bus[16];
> +
>  sysbus_init_child_obj(obj, "ehci[*]", OBJECT(&s->ehci[i]),
>sizeof(s->ehci[i]), TYPE_PLATFORM_EHCI);
>  sysbus_init_child_obj(obj, "ohci[*]", OBJECT(&s->ohci[i]),
>sizeof(s->ohci[i]), TYPE_SYSBUS_OHCI);
> +object_property_set_bool(OBJECT(&s->ehci[i]), true,
> + "companion-enable", &error_fatal);
> +
> +sprintf(bus, "usb-bus.%d", i);
> +object_property_set_str(OBJECT(&s->ohci[i]), bus, "masterbus",
> +&error_fatal);
>  }
>  }
>  
> @@ -72,6 +80,11 @@ static void aw_a10_init(Object *obj)
>  
>  sysbus_init_child_obj(obj, "rtc", &s->rtc, sizeof(s->rtc),
>TYPE_AW_RTC_SUN4I);
> +
> +memory_region_init_ram(&s->sram_a, obj, "sram A", 48 * KiB,
> +   &error_fatal);
> +memory_region_add_subregion(get_system_memory(), 0x, &s->sram_a);

Unfortunately this makes qtest/device-introspect-test fail:

(qemu) device_add allwinner-a10,help
(qemu) device_add allwinner-a10,help
RAMBlock "sram A" already registered, abort!
Aborted (core dumped)

(gdb) bt
#1  0x75089895 in abort () at /lib64/libc.so.6
#2  0x57324445 in qemu_ram_set_idstr (new_block=0x61426a40,
name=0x602000231a50 "sram A", dev=0x63338800) at exec.c:2023
#3  0x595ed050 in vmstate_register_ram (mr=0x63349610,
dev=0x63338800) at migration/savevm.c:2921
#4  0x57569a85 in memory_region_init_ram (mr=0x63349610,
owner=0x63338800, name=0x5a4da6a0  "sram A", size=49152,
errp=0x5c908d00 )
at memory.c:3170
#5  0x57b7cadf in aw_a10_init (obj=0x63338800) at
hw/arm/allwinner-a10.c:84
#6  0x599b0c09 in object_init_with_type (obj=0x63338800,
ti=0x6131da80) at qom/object.c:376
#7  0x59994350 in object_initialize_with_type
(data=0x63338800, size=97024, type=0x6131da80) at qom/object.c:516
#8  0x59996756 in object_new_with_type (type=0x6131da80) at
qom/object.c:684
#9  0x59996832 in object_new (typename=0x60200022e8b0
"allwinner-a10") at qom/object.c:699
#10 0x5979e809 in qmp_device_list_properties
(typename=0x60200022e8b0 "allwinner-a10", errp=0x7fffafc0) at
qom/qom-qmp-cmds.c:153
#11 0x582b68cd in qdev_device_help (opts=0x607000120130) at
qdev-monitor.c:282


> +create_unimplemented_device("a10-sram-ctrl", 0x01c0, 4 * KiB);
>  }
>  
>  static void aw_a10_realize(DeviceState *dev, Error **errp)
> @@ -113,11 +126,6 @@ static void aw_a10_realize(DeviceState *dev, Error 
> **errp)
>  sysbus_connect_irq(sysbusdev, 4, qdev_get_gpio_in(dev, 67));
>  sysbus_connect_irq(sysbusdev, 5, qdev_get_gpio_in(dev, 68));
>  
> -memory_region_init_ram(&s->sram_a, OBJECT(dev), "sram A", 48 * KiB,
> -   &error_fatal);
> -memory_region_add_subregion(get_system_memory(), 0x, &s->sram_a);
> -create_unimplemented_device("a10-sram-ctrl", 0x01c0, 4 * KiB);
> -
>  /* FIXME use qdev NIC properties instead of nd_table[] */
>  if (nd_table[0].used) {
>  qemu_check_nic_model(&nd_table[0], TYPE_AW_EMAC);
> @@ -149,12 +157,6 @@ static void aw_a10_realize(DeviceState *dev, Error 
> **errp)
>  int i;
>  
>  for (i = 0; i < AW_A10_NUM_USB; i++) {
> -char bus[16];
> -
> -sprintf(bus, "usb-bus.%d", i);
> -
> -object_property_set_bool(OBJECT(&s->ehci[i]), true,
> - "companion-enable", &error_fatal);
>  object_property_set_bool(OBJECT(&s->ehci[i]), true, "realized",
>   &error_fatal);
>  sysbus_mmio_map(SYS_BUS_DEVICE(&s->ehci[i]), 0,
> @@ -162,8 +164,6 @@ static void aw_a10_realize(DeviceState *dev, Error **errp)
>  sysbus_connect_irq(SYS_BUS_DEVICE(&s->ehci[i]), 0,
>

Re: [PATCH 0/7] hw/sparc/leon3: Few fixes and disable HelenOS test

[Philippe Mathieu-Daudé]

[Cc'ing Peter]

On 4/13/20 12:12 PM, KONRAD Frederic wrote:
> Le 4/11/20 à 7:30 PM, Philippe Mathieu-Daudé a écrit :
>> On 3/31/20 12:50 PM, Philippe Mathieu-Daudé wrote:
>>> Philippe Mathieu-Daudé (7):
>>>    hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to AHB PnP
>>>  registers
>>>    hw/misc/grlib_ahb_apb_pnp: Fix AHB PnP 8-bit accesses
>>
>> Ping ^^^ for 5.0?
> 
> Hi Philippe,
> 
> You already have my rb tag for those one, and IMHO they should be good
> candidate
> for 5.0 (if it's not too late).

Yes, thanks for the reviews. I see Mark Cave-Ayland merged this file
first, but you are listed as maintainer :) I was hoping you could send a
pull request.

$ scripts/get_maintainer.pl -f hw/misc/grlib_ahb_apb_pnp.c
Fabien Chouteau  (maintainer:Leon3)
KONRAD Frederic  (maintainer:Leon3)
qemu-devel@nongnu.org (open list:All patches CC here)

This is a bug but not 'security critical', so it might wait 5.1 and go
via qemu-trivial tree.

Regards,

Phil.

> 
> Cheers,
> Fred
> 
>>
>>>    hw/misc/grlib_ahb_apb_pnp: Add trace events on read accesses
>>>    hw/timer/grlib_gptimer: Display frequency in decimal
>>>    target/sparc/int32_helper: Remove DEBUG_PCALL definition
>>>    target/sparc/int32_helper: Extract and use excp_name_str()
>>>
>>>   hw/misc/grlib_ahb_apb_pnp.c | 24 ++--
>>>   target/sparc/int32_helper.c | 23 ---
>>>   hw/misc/trace-events    |  4 
>>>   hw/timer/trace-events   |  2 +-
>>>   tests/acceptance/machine_sparc_leon3.py |  4 
>>>   5 files changed, 43 insertions(+), 14 deletions(-)
>>>
> 

Re: [PATCH-for-5.1 1/3] hw/ide/ahci: Use qdev gpio rather than qemu_allocate_irqs()

[Philippe Mathieu-Daudé]

[sending again as my previous mail was rejected, sorry if you get this
twice]

On 4/12/20 11:29 PM, Philippe Mathieu-Daudé wrote:
> Switch to using the qdev gpio API which is preferred over
> qemu_allocate_irqs(). One step to eventually deprecate and
> remove qemu_allocate_irqs() one day.
> 
> Patch created mechanically using spatch with this script
> inspired from commit d6ef883d9d7:
> 
>   @@
>   typedef qemu_irq;
>   identifier irqs, handler;
>   expression opaque, count, i;
>   @@
>   -   qemu_irq *irqs;
>   ...
>   -   irqs = qemu_allocate_irqs(handler, opaque, count);
>   +   qdev_init_gpio_in(DEVICE(opaque), handler, count);
>   <+...
>   -   irqs[i]
>   +   qdev_get_gpio_in(DEVICE(opaque), i)
>   ...+>
>   ?-  g_free(irqs);
> 
> Inspired-by: Peter Maydell 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/ide/ahci.c | 6 ++
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
> index 13d91e109a..ef0a0a22ee 100644
> --- a/hw/ide/ahci.c
> +++ b/hw/ide/ahci.c
> @@ -1534,19 +1534,18 @@ void ahci_init(AHCIState *s, DeviceState *qdev)
>  
>  void ahci_realize(AHCIState *s, DeviceState *qdev, AddressSpace *as, int 
> ports)
>  {
> -qemu_irq *irqs;
>  int i;
>  
>  s->as = as;
>  s->ports = ports;
>  s->dev = g_new0(AHCIDevice, ports);
>  ahci_reg_init(s);
> -irqs = qemu_allocate_irqs(ahci_irq_set, s, s->ports);
> +qdev_init_gpio_in(DEVICE(s), ahci_irq_set, s->ports);

This is wrong as AHCIState is not a QOM DEVICE... see commit bb639f829f1:

---
diff --git a/hw/ide/ahci.h b/hw/ide/ahci.h
index c055d6ba6b..c9b3805415 100644
--- a/hw/ide/ahci.h
+++ b/hw/ide/ahci.h
@@ -287,6 +287,8 @@ struct AHCIDevice {
 };

 typedef struct AHCIState {
+DeviceState *container;
+
 AHCIDevice *dev;
 AHCIControlRegs control_regs;
 MemoryRegion mem;
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 02d85fa0e9..d83efa47a4 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -121,9 +121,9 @@ static uint32_t  ahci_port_read(AHCIState *s, int
port, int offset)

 static void ahci_irq_raise(AHCIState *s, AHCIDevice *dev)
 {
-AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
-PCIDevice *pci_dev =
-(PCIDevice *)object_dynamic_cast(OBJECT(d), TYPE_PCI_DEVICE);
+DeviceState *dev_state = s->container;
+PCIDevice *pci_dev = (PCIDevice *)
object_dynamic_cast(OBJECT(dev_state),
+
TYPE_PCI_DEVICE);

 DPRINTF(0, "raise irq\n");

@@ -136,9 +136,9 @@ static void ahci_irq_raise(AHCIState *s, AHCIDevice
*dev)

 static void ahci_irq_lower(AHCIState *s, AHCIDevice *dev)
 {
-AHCIPCIState *d = container_of(s, AHCIPCIState, ahci);
-PCIDevice *pci_dev =
-(PCIDevice *)object_dynamic_cast(OBJECT(d), TYPE_PCI_DEVICE);
+DeviceState *dev_state = s->container;
+PCIDevice *pci_dev = (PCIDevice *)
object_dynamic_cast(OBJECT(dev_state),
+
TYPE_PCI_DEVICE);

 DPRINTF(0, "lower irq\n");

@@ -1436,6 +1436,7 @@ void ahci_init(AHCIState *s, DeviceState *qdev,
AddressSpace *as, int ports)
 s->as = as;
 s->ports = ports;
 s->dev = g_new0(AHCIDevice, ports);
+s->container = qdev;
 ahci_reg_init(s);
 /* XXX BAR size should be 1k, but that breaks, so bump it to 4k for
now */
 memory_region_init_io(&s->mem, OBJECT(qdev), &ahci_mem_ops, s,
---

Using s/DEVICE(s)/qdev/ works although.

>  for (i = 0; i < s->ports; i++) {
>  AHCIDevice *ad = &s->dev[i];
>  
>  ide_bus_new(&ad->port, sizeof(ad->port), qdev, i, 1);
> -ide_init2(&ad->port, irqs[i]);
> +ide_init2(&ad->port, qdev_get_gpio_in(DEVICE(s), i));
>  
>  ad->hba = s;
>  ad->port_no = i;
> @@ -1554,7 +1553,6 @@ void ahci_realize(AHCIState *s, DeviceState *qdev, 
> AddressSpace *as, int ports)
>  ad->port.dma->ops = &ahci_dma_ops;
>  ide_register_restart_cb(&ad->port);
>  }
> -g_free(irqs);
>  }
>  
>  void ahci_uninit(AHCIState *s)
> 

Re: [PATCH-for-5.0? 3/3] hw/openrisc/pic_cpu: Use qdev gpio rather than qemu_allocate_irqs()

[Philippe Mathieu-Daudé]

Hi Stafford,

On 4/13/20 1:33 AM, Stafford Horne wrote:
> On Sun, Apr 12, 2020 at 11:29:43PM +0200, Philippe Mathieu-Daudé wrote:
>> Switch to using the qdev gpio API which is preferred over
>> qemu_allocate_irqs(). Doing so we also stop leaking the
>> allocated memory. One step to eventually deprecate and
>> remove qemu_allocate_irqs() one day.
>>
>> Patch created mechanically using spatch with this script
>> inspired from commit d6ef883d9d7:
>>
>>   @@
>>   typedef qemu_irq;
>>   identifier irqs, handler;
>>   expression opaque, count, i;
>>   @@
>>   -   qemu_irq *irqs;
>>   ...
>>   -   irqs = qemu_allocate_irqs(handler, opaque, count);
>>   +   qdev_init_gpio_in(DEVICE(opaque), handler, count);
>>   <+...
>>   -   irqs[i]
>>   +   qdev_get_gpio_in(DEVICE(opaque), i)
>>   ...+>
>>   ?-  g_free(irqs);
>>
>> Inspired-by: Peter Maydell 
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  hw/openrisc/pic_cpu.c | 5 ++---
>>  1 file changed, 2 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/openrisc/pic_cpu.c b/hw/openrisc/pic_cpu.c
>> index 36f9350830..4b0c92f842 100644
>> --- a/hw/openrisc/pic_cpu.c
>> +++ b/hw/openrisc/pic_cpu.c
>> @@ -52,10 +52,9 @@ static void openrisc_pic_cpu_handler(void *opaque, int 
>> irq, int level)
>>  void cpu_openrisc_pic_init(OpenRISCCPU *cpu)
>>  {
>>  int i;
>> -qemu_irq *qi;
>> -qi = qemu_allocate_irqs(openrisc_pic_cpu_handler, cpu, NR_IRQS);
>> +qdev_init_gpio_in(DEVICE(cpu), openrisc_pic_cpu_handler, NR_IRQS);
>>  
>>  for (i = 0; i < NR_IRQS; i++) {
>> -cpu->env.irq[i] = qi[i];
>> +cpu->env.irq[i] = qdev_get_gpio_in(DEVICE(cpu), i);
>>  }
>>  }
> 
> This looks fine to me.
> 
> Why do you have the '5.0?' in the subject?

Simply because similar commit d6ef883d9d7 was merged in 5.0-rc1 (and it
fixes a bug reported by Coverity, I'm not sure why Coverity didn't
reported this too).

> 
> -Stafford
> 

Re: [PATCH] .gitignore: include common build sub-directories

[Alex Bennée]

Eric Blake  writes:

> On 4/13/20 11:29 AM, Alex Bennée wrote:
>> As out-of-tree builds become more common (or rather building in a
>> subdir) we can add a lot of load to "git ls-files" as it hunts down
>> sub-directories that are irrelevant to the source tree. This is
>> especially annoying if you have a prompt that attempts to summarise
>> the current git status on command completion.
>> Signed-off-by: Alex Bennée 
>> ---
>>   .gitignore | 2 ++
>>   1 file changed, 2 insertions(+)
>> diff --git a/.gitignore b/.gitignore
>> index 0c5af83aa74..7757dc08a08 100644
>> --- a/.gitignore
>> +++ b/.gitignore
>> @@ -141,6 +141,8 @@ cscope.*
>>   tags
>>   TAGS
>>   docker-src.*
>> +build
>> +builds
>
> Would 'build-*' be worth adding as well?

Sure - I'll add it to v2.

>
> The idea makes sense to me (as I've already done the same in my
> ./git/info/exclude locally),
> Reviewed-by: Eric Blake 


-- 
Alex Bennée

[PATCH-for-5.1 v3 2/7] various: Use &error_abort in instance_init()

[Philippe Mathieu-Daudé]

Patch created mechanically by running:

  $ spatch \
--macro-file scripts/cocci-macro-file.h \
--include-headers --keep-comments --in-place \
--sp-file \
  scripts/coccinelle/use-error_abort-in-instance_init.cocci

Reviewed-by: Cédric Le Goater 
Acked-by: Cornelia Huck 
Signed-off-by: Philippe Mathieu-Daudé 
---
v3: Include "qapi/error.h" in spapr_llan.c and test-qdev-global-props.c
---
 backends/cryptodev-vhost-user.c |  2 +-
 backends/rng-egd.c  |  2 +-
 backends/rng-random.c   |  2 +-
 backends/vhost-user.c   |  3 ++-
 hw/arm/bcm2835_peripherals.c|  6 --
 hw/arm/vexpress.c   |  8 
 hw/arm/xlnx-zcu102.c|  8 
 hw/block/fdc.c  |  4 ++--
 hw/block/vhost-user-blk.c   |  2 +-
 hw/block/virtio-blk.c   |  2 +-
 hw/core/machine.c   |  6 +++---
 hw/cpu/core.c   |  4 ++--
 hw/display/vga-pci.c|  7 +--
 hw/display/xlnx_dp.c|  4 ++--
 hw/dma/sparc32_dma.c|  2 +-
 hw/gpio/aspeed_gpio.c   |  2 +-
 hw/ide/macio.c  |  4 +++-
 hw/ide/qdev.c   |  4 ++--
 hw/intc/apic_common.c   |  2 +-
 hw/mem/nvdimm.c |  4 ++--
 hw/misc/aspeed_sdmc.c   |  2 +-
 hw/misc/edu.c   |  3 ++-
 hw/misc/macio/macio.c   |  4 ++--
 hw/misc/macio/pmu.c |  3 ++-
 hw/misc/pca9552.c   |  2 +-
 hw/misc/tmp105.c|  2 +-
 hw/misc/tmp421.c|  8 
 hw/net/e1000.c  |  3 ++-
 hw/net/lance.c  |  3 ++-
 hw/net/lasi_i82596.c|  3 ++-
 hw/net/ne2000-isa.c |  4 ++--
 hw/net/spapr_llan.c |  3 ++-
 hw/net/virtio-net.c |  2 +-
 hw/pci-host/grackle.c   |  2 +-
 hw/pci-host/i440fx.c|  8 
 hw/pci-host/prep.c  |  2 +-
 hw/pci-host/q35.c   | 23 ++-
 hw/pci-host/sabre.c |  3 ++-
 hw/pci-host/uninorth.c  |  9 +
 hw/pcmcia/pxa2xx.c  |  3 ++-
 hw/ppc/spapr_drc.c  |  6 +++---
 hw/ppc/spapr_rng.c  |  2 +-
 hw/riscv/sifive_u.c |  4 ++--
 hw/s390x/event-facility.c   |  6 +++---
 hw/s390x/s390-ccw.c |  2 +-
 hw/s390x/s390-skeys.c   |  4 ++--
 hw/s390x/s390-stattrib.c|  4 ++--
 hw/s390x/sclp.c |  2 +-
 hw/scsi/scsi-bus.c  |  2 +-
 hw/ssi/xilinx_spips.c   |  2 +-
 hw/usb/bus.c|  4 ++--
 hw/usb/dev-network.c|  2 +-
 hw/usb/dev-storage.c|  4 ++--
 hw/usb/host-libusb.c|  2 +-
 hw/usb/redirect.c   |  2 +-
 hw/virtio/virtio-balloon.c  |  4 ++--
 net/dump.c  |  4 ++--
 net/filter-buffer.c |  2 +-
 net/filter-mirror.c | 10 +-
 net/filter-rewriter.c   |  3 ++-
 target/arm/cpu64.c  |  4 ++--
 target/i386/cpu.c   | 23 ++-
 target/s390x/cpu.c  |  3 ++-
 tests/check-qom-proplist.c  |  7 ---
 tests/test-qdev-global-props.c  |  5 +++--
 65 files changed, 157 insertions(+), 126 deletions(-)

diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
index 6edada8e9e..2fb28c13ac 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -341,7 +341,7 @@ static void cryptodev_vhost_user_instance_int(Object *obj)
 object_property_add_str(obj, "chardev",
 cryptodev_vhost_user_get_chardev,
 cryptodev_vhost_user_set_chardev,
-NULL);
+&error_abort);
 }
 
 static void cryptodev_vhost_user_finalize(Object *obj)
diff --git a/backends/rng-egd.c b/backends/rng-egd.c
index e380519408..58fb73f03a 100644
--- a/backends/rng-egd.c
+++ b/backends/rng-egd.c
@@ -139,7 +139,7 @@ static void rng_egd_init(Object *obj)
 {
 object_property_add_str(obj, "chardev",
 rng_egd_get_chardev, rng_egd_set_chardev,
-NULL);
+&error_abort);
 }
 
 static void rng_egd_finalize(Object *obj)
diff --git a/backends/rng-random.c b/backends/rng-random.c
index a810581393..6429276a95 100644
--- a/backends/rng-random.c
+++ b/backends/rng-random.c
@@ -111,7 +111,7 @@ static void rng_random_init(Object *obj)
 object_property_add_str(obj, "filename",
 rng_random_get_filename,
 rng_random_set_filename,
-NULL);
+&error_abort);
 
 s->filename = g_strdup("/dev/urandom");
 s->fd = -1;
diff --git a/backends/vhost-user.c b/backends/vhost-user.c
index 2bf3406525..491da81653 100644
--- a/backends/vhost-user.c
+++ b/backends/vhost-user.c
@@ -177,7 +177,8 @@ static char 

Re: [PATCH] .gitignore: include common build sub-directories

[Eric Blake]

On 4/13/20 4:32 PM, Alex Bennée wrote:


Eric Blake  writes:


On 4/13/20 11:29 AM, Alex Bennée wrote:

As out-of-tree builds become more common (or rather building in a
subdir) we can add a lot of load to "git ls-files" as it hunts down
sub-directories that are irrelevant to the source tree. This is
especially annoying if you have a prompt that attempts to summarise
the current git status on command completion.
Signed-off-by: Alex Bennée 
---
   .gitignore | 2 ++
   1 file changed, 2 insertions(+)
diff --git a/.gitignore b/.gitignore
index 0c5af83aa74..7757dc08a08 100644
--- a/.gitignore
+++ b/.gitignore
@@ -141,6 +141,8 @@ cscope.*
   tags
   TAGS
   docker-src.*
+build
+builds


Would 'build-*' be worth adding as well?


Sure - I'll add it to v2.


Or even consolidate it into a single pattern: build* (which would allow 
'build', 'builds', 'build1', 'build23', 'build-fedora', 'build-bug1234', 
...)


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH] .gitignore: include common build sub-directories

[Philippe Mathieu-Daudé]

On 4/13/20 11:42 PM, Eric Blake wrote:
> On 4/13/20 4:32 PM, Alex Bennée wrote:
>>
>> Eric Blake  writes:
>>
>>> On 4/13/20 11:29 AM, Alex Bennée wrote:
 As out-of-tree builds become more common (or rather building in a
 subdir) we can add a lot of load to "git ls-files" as it hunts down
 sub-directories that are irrelevant to the source tree. This is
 especially annoying if you have a prompt that attempts to summarise
 the current git status on command completion.
 Signed-off-by: Alex Bennée 
 ---
    .gitignore | 2 ++
    1 file changed, 2 insertions(+)
 diff --git a/.gitignore b/.gitignore
 index 0c5af83aa74..7757dc08a08 100644
 --- a/.gitignore
 +++ b/.gitignore
 @@ -141,6 +141,8 @@ cscope.*
    tags
    TAGS
    docker-src.*
 +build
 +builds
>>>
>>> Would 'build-*' be worth adding as well?
>>
>> Sure - I'll add it to v2.
> 
> Or even consolidate it into a single pattern: build* (which would allow
> 'build', 'builds', 'build1', 'build23', 'build-fedora', 'build-bug1234',
> ...)

Using 'build*':
Reviewed-by: Philippe Mathieu-Daudé 

[PATCH-for-5.0 v2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation()

[Philippe Mathieu-Daudé]

Zhang Zi Ming reported a heap overflow in the Drawing Engine of
the SM501 companion chip model, in particular in the COPY_AREA()
macro in sm501_2d_operation().

Add a simple check to avoid the heap overflow.

This fixes:

  =
  ==20518==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x7f6f4c3f at pc 0x55b1e1d358f0 bp 0x7ffce464dfb0 sp 0x7ffce464dfa8
  READ of size 1 at 0x7f6f4c3f thread T0
  #0 0x55b1e1d358ef in sm501_2d_operation hw/display/sm501.c:788:13
  #1 0x55b1e1d32c38 in sm501_2d_engine_write hw/display/sm501.c:1466:13
  #2 0x55b1e0cd19d8 in memory_region_write_accessor memory.c:483:5
  #3 0x55b1e0cd1404 in access_with_adjusted_size memory.c:544:18
  #4 0x55b1e0ccfb9d in memory_region_dispatch_write memory.c:1476:16
  #5 0x55b1e0ae55a8 in flatview_write_continue exec.c:3125:23
  #6 0x55b1e0ad3e87 in flatview_write exec.c:3165:14
  #7 0x55b1e0ad3a24 in address_space_write exec.c:3256:18

  0x7f6f4c3f is located 4194303 bytes to the right of 4194304-byte region 
[0x7f6f4bc0,0x7f6f4c00)
  allocated by thread T0 here:
  #0 0x55b1e0a6e715 in __interceptor_posix_memalign 
(ppc64-softmmu/qemu-system-ppc64+0x19c0715)
  #1 0x55b1e31c1482 in qemu_try_memalign util/oslib-posix.c:189:11
  #2 0x55b1e31c168c in qemu_memalign util/oslib-posix.c:205:27
  #3 0x55b1e11a00b3 in spapr_reallocate_hpt hw/ppc/spapr.c:1560:23
  #4 0x55b1e11a0ce4 in spapr_setup_hpt hw/ppc/spapr.c:1593:5
  #5 0x55b1e11c2fba in spapr_machine_reset hw/ppc/spapr.c:1644:9
  #6 0x55b1e1368b01 in qemu_system_reset softmmu/vl.c:1391:9
  #7 0x55b1e1375af3 in qemu_init softmmu/vl.c:4436:5
  #8 0x55b1e2fc8a59 in main softmmu/main.c:48:5
  #9 0x7f6f8150bf42 in __libc_start_main (/lib64/libc.so.6+0x23f42)

  SUMMARY: AddressSanitizer: heap-buffer-overflow hw/display/sm501.c:788:13 in 
sm501_2d_operation
  Shadow bytes around the buggy address:
0x0fee69877fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fee69877fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fee69877fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fee69877fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0fee69877fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  =>0x0fee69877ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
0x0fee69878000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fee69878010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fee69878020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fee69878030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fee69878040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable:   00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone:   fa
Freed heap region:   fd
Poisoned by user:f7
ASan internal:   fe
  ==20518==ABORTING

Cc: qemu-sta...@nongnu.org
Fixes: 07d8a50cb0e ("sm501: add 2D engine copyrect support")
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
Reported-by: Zhang Zi Ming <1015138...@qq.com>
Acked-by: BALATON Zoltan 
Signed-off-by: Philippe Mathieu-Daudé 
---
Since v1: Reword description & add Zoltan's A-b.

Test to verify this bug:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg695421.html

Per the links on
https://bugzilla.redhat.com/show_bug.cgi?id=1808510 there is probably
a CVE assigned to this, but I don't have access to the information,
https://bugzilla.redhat.com/show_bug.cgi?id=1786593 only show:

  You are not authorized to access bug #1786593.
  Most likely the bug has been restricted for internal development processes 
and we cannot grant access.

Anyway as this code is not used in conjunction with a hypervisor,
it is not a 'security bug' as described in
https://www.qemu.org/contribute/security-process/ and
https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case
---
 hw/display/sm501.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index de0ab9d977..902acb3875 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -726,6 +726,12 @@ static void sm501_2d_operation(SM501State *s)
 int crt = (s->dc_crt_control & SM501_DC_CRT_CONTROL_SEL) ? 1 : 0;
 int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt);
 
+if (rtl && (src_x < operation_width || src_y < operation_height)) {
+qemu_log_mask(LOG_GUEST_ERROR, "sm501: Illegal RTL address (%i, %i)\n",
+  src_x, src_y);
+return;
+}
+
 if (addressing != 0x0) {
 printf("%s: only XY addressing is supported.\n", __func__);
 abort();
-- 
2.21.1

Re: [PATCH 3/3] MAINTAINERS: Add myself as fulong2e co-maintainer

[Philippe Mathieu-Daudé]

On 4/10/20 4:37 PM, Aleksandar Markovic wrote:
> 04:39 Čet, 09.04.2020. Jiaxun Yang  > је написао/ла:
>>
>> On Thu, 9 Apr 2020 10:17:46 +0800
>> Huacai Chen mailto:che...@lemote.com>> wrote:
>>
>> > Hi, Aleksandar,
>> >
>> > On Wed, Apr 8, 2020 at 11:30 PM Aleksandar Markovic
>> >  > wrote:
>> > >
>> > > 11:08 Sre, 08.04.2020. Huacai Chen  > је
>> > > написао/ла: 
>> > > >
>> > > > I submitted the MIPS/fulong2e support about ten years ago, and
>> > > > after that I became a MIPS kernel developer. Last year, Philippe
>> > > > Mathieu- Daudé asked me that whether I can be a reviewer of
>> > > > MIPS/fulong2e, and I promised that I will do some QEMU work in
>> > > > the next year (i.e., 2020 and later). I think now (and also in
>> > > > future) I can have some spare time, so I can finally do some real
>> > > > work on QEMU/MIPS. And if possible, I hope I can be a
>> > > > co-maintainer of MIPS/fulong2e.
>> > > >
>> > > > Cc: Jiaxun Yang  >
>> > > > Signed-off-by: Huacai Chen  >
>> > > > ---
>> > > >  MAINTAINERS | 1 +
>> > > >  1 file changed, 1 insertion(+)
>> > > >
>> > > > diff --git a/MAINTAINERS b/MAINTAINERS
>> > > > index 642c8e0..3281ff2 100644
>> > > > --- a/MAINTAINERS
>> > > > +++ b/MAINTAINERS
>> > > > @@ -1073,6 +1073,7 @@ F: hw/mips/mips_r4k.c
>> > > >  Fulong 2E
>> > > >  M: Philippe Mathieu-Daudé  >
>> > > >  M: Aleksandar Markovic  >
>> > > > +M: Huacai Chen mailto:che...@lemote.com>>
>> > > >  S: Odd Fixes
>> > > >  F: hw/mips/mips_fulong2e.c
>> > > >  F: hw/isa/vt82c686.c
>> > > > --
>> > > > 2.7.0
>> > > > 
>> > >
>> > > First of all, I want to express great pleasure and delight seing
>> > > your series, and this patch in particular.
>> > >
>> > > A warm welcome to QEMU developers communities!
>> > >
>> > > We are currenyly very busy preparing QEMU 5.0 release, and
>> > > additionaly, Easter holidays are in next few days or week
>> > > (different parts od Christian world have different calendars), so,
>> > > fot thay and other reasons, don't expect promot replies from us.
>> > >
>> > > I would also like to see Jiaxng at least having official reviewer
>> > > status, but, of course, only if he wants that. 
>> > Thank you for your best wishes, I'm also very glad to see Jiaxun be
>> > an reviewer.
>>
>> Thanks, but I was a primary school student at Loongson-2E's era, so I
>> can do nothing with 2E.
>>
>> My experience with Loongson starts from 2F. And I'm more familiar with
>> 2K and 3A.

Thank you both of you, your help is very welcome :)

I have a simple series renaming "fulo[o]ng" I plan to send when the 5.1
development window opens, I'll include your patch.

>>
> 
> OK, it makes sense. But, if you ever become wanting to be a reviewer for
> Foolong 2e, just give me an email.
> 
>> I'm happy to contribute QEMU support for these platforms.
>>
> 
> I am happy as well.
> 
> Best wishes and best health to you, people from China, and the whole
> region!!
> 
> Yours,
> Aleksandar
> 
>> Thanks.
>>
>> >
>> > Regards,
>> > Huacai
>> > >
>> > > Yours,
>> > > and wishing you and all people from China best health!
>> > >
>> > > Aleksandar 
>>
>> --
>> Jiaxun Yang
> 

Re: [PATCH-for-5.1 v3 11/24] hw/arm/msf2-soc: Store MemoryRegion in MSF2State

[Alistair Francis]

On Sun, Apr 12, 2020 at 3:40 PM Philippe Mathieu-Daudé  wrote:
>
> Coccinelle reported:
>
>   $ spatch ... --timeout 60 --sp-file \
> scripts/coccinelle/simplify-init-realize-error_propagate.cocci
>   HANDLING: ./hw/arm/msf2-soc.c
>   >>> possible moves from m2sxxx_soc_initfn() to m2sxxx_soc_realize() in 
> ./hw/arm/msf2-soc.c:86
>
> While reviewing we notice storing the MemoryRegion in the device
> state, we'll be able to later automatically simplify the error
> propagation calls.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  include/hw/arm/msf2-soc.h |  4 
>  hw/arm/msf2-soc.c | 18 +++---
>  2 files changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/include/hw/arm/msf2-soc.h b/include/hw/arm/msf2-soc.h
> index 3cfe5c76ee..e4c5110036 100644
> --- a/include/hw/arm/msf2-soc.h
> +++ b/include/hw/arm/msf2-soc.h
> @@ -50,6 +50,10 @@ typedef struct MSF2State {
>
>  ARMv7MState armv7m;
>
> +MemoryRegion sram;
> +MemoryRegion nvm;
> +MemoryRegion nvm_alias;
> +
>  char *cpu_type;
>  char *part_name;
>  uint64_t envm_size;
> diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c
> index 588d643b8d..e448b0ab74 100644
> --- a/hw/arm/msf2-soc.c
> +++ b/hw/arm/msf2-soc.c
> @@ -90,13 +90,9 @@ static void m2sxxx_soc_realize(DeviceState *dev_soc, Error 
> **errp)
>  SysBusDevice *busdev;
>  Error *err = NULL;
>  int i;
> -
>  MemoryRegion *system_memory = get_system_memory();
> -MemoryRegion *nvm = g_new(MemoryRegion, 1);
> -MemoryRegion *nvm_alias = g_new(MemoryRegion, 1);
> -MemoryRegion *sram = g_new(MemoryRegion, 1);
>
> -memory_region_init_rom(nvm, OBJECT(dev_soc), "MSF2.eNVM", s->envm_size,
> +memory_region_init_rom(&s->nvm, OBJECT(dev_soc), "MSF2.eNVM", 
> s->envm_size,
> &error_fatal);
>  /*
>   * On power-on, the eNVM region 0x6000 is automatically
> @@ -104,15 +100,15 @@ static void m2sxxx_soc_realize(DeviceState *dev_soc, 
> Error **errp)
>   * start address (0x0). We do not support remapping other eNVM,
>   * eSRAM and DDR regions by guest(via Sysreg) currently.
>   */
> -memory_region_init_alias(nvm_alias, OBJECT(dev_soc), "MSF2.eNVM", nvm, 0,
> - s->envm_size);
> +memory_region_init_alias(&s->nvm_alias, OBJECT(dev_soc), "MSF2.eNVM",
> + &s->nvm, 0, s->envm_size);
>
> -memory_region_add_subregion(system_memory, ENVM_BASE_ADDRESS, nvm);
> -memory_region_add_subregion(system_memory, 0, nvm_alias);
> +memory_region_add_subregion(system_memory, ENVM_BASE_ADDRESS, &s->nvm);
> +memory_region_add_subregion(system_memory, 0, &s->nvm_alias);
>
> -memory_region_init_ram(sram, NULL, "MSF2.eSRAM", s->esram_size,
> +memory_region_init_ram(&s->sram, NULL, "MSF2.eSRAM", s->esram_size,
> &error_fatal);
> -memory_region_add_subregion(system_memory, SRAM_BASE_ADDRESS, sram);
> +memory_region_add_subregion(system_memory, SRAM_BASE_ADDRESS, &s->sram);
>
>  armv7m = DEVICE(&s->armv7m);
>  qdev_prop_set_uint32(armv7m, "num-irq", 81);
> --
> 2.21.1
>
>

Re: [PATCH-for-5.1 v3 12/24] hw/arm/stm32f205_soc: Store MemoryRegion in STM32F205State

[Alistair Francis]

On Sun, Apr 12, 2020 at 3:41 PM Philippe Mathieu-Daudé  wrote:
>
> Coccinelle reported:
>
>   $ spatch ... --timeout 60 --sp-file \
> scripts/coccinelle/simplify-init-realize-error_propagate.cocci
>   HANDLING: ./hw/arm/stm32f205_soc.c
>   >>> possible moves from stm32f205_soc_initfn() to stm32f205_soc_realize() 
> in ./hw/arm/stm32f205_soc.c:83
>
> While reviewing we notice storing the MemoryRegion in the device
> state, we'll be able to later automatically simplify the error
> propagation calls.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  include/hw/arm/stm32f205_soc.h |  4 
>  hw/arm/stm32f205_soc.c | 18 +++---
>  2 files changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/include/hw/arm/stm32f205_soc.h b/include/hw/arm/stm32f205_soc.h
> index 922a733f88..63e7e7c825 100644
> --- a/include/hw/arm/stm32f205_soc.h
> +++ b/include/hw/arm/stm32f205_soc.h
> @@ -56,6 +56,10 @@ typedef struct STM32F205State {
>
>  ARMv7MState armv7m;
>
> +MemoryRegion sram;
> +MemoryRegion flash;
> +MemoryRegion flash_alias;
> +
>  STM32F2XXSyscfgState syscfg;
>  STM32F2XXUsartState usart[STM_NUM_USARTS];
>  STM32F2XXTimerState timer[STM_NUM_TIMERS];
> diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
> index 118c342559..42f4e44134 100644
> --- a/hw/arm/stm32f205_soc.c
> +++ b/hw/arm/stm32f205_soc.c
> @@ -87,23 +87,19 @@ static void stm32f205_soc_realize(DeviceState *dev_soc, 
> Error **errp)
>  SysBusDevice *busdev;
>  Error *err = NULL;
>  int i;
> -
>  MemoryRegion *system_memory = get_system_memory();
> -MemoryRegion *sram = g_new(MemoryRegion, 1);
> -MemoryRegion *flash = g_new(MemoryRegion, 1);
> -MemoryRegion *flash_alias = g_new(MemoryRegion, 1);
>
> -memory_region_init_rom(flash, OBJECT(dev_soc), "STM32F205.flash",
> +memory_region_init_rom(&s->flash, OBJECT(dev_soc), "STM32F205.flash",
> FLASH_SIZE, &error_fatal);
> -memory_region_init_alias(flash_alias, OBJECT(dev_soc),
> - "STM32F205.flash.alias", flash, 0, FLASH_SIZE);
> +memory_region_init_alias(&s->flash_alias, OBJECT(dev_soc),
> + "STM32F205.flash.alias", &s->flash, 0, 
> FLASH_SIZE);
>
> -memory_region_add_subregion(system_memory, FLASH_BASE_ADDRESS, flash);
> -memory_region_add_subregion(system_memory, 0, flash_alias);
> +memory_region_add_subregion(system_memory, FLASH_BASE_ADDRESS, 
> &s->flash);
> +memory_region_add_subregion(system_memory, 0, &s->flash_alias);
>
> -memory_region_init_ram(sram, NULL, "STM32F205.sram", SRAM_SIZE,
> +memory_region_init_ram(&s->sram, NULL, "STM32F205.sram", SRAM_SIZE,
> &error_fatal);
> -memory_region_add_subregion(system_memory, SRAM_BASE_ADDRESS, sram);
> +memory_region_add_subregion(system_memory, SRAM_BASE_ADDRESS, &s->sram);
>
>  armv7m = DEVICE(&s->armv7m);
>  qdev_prop_set_uint32(armv7m, "num-irq", 96);
> --
> 2.21.1
>
>

Re: [PATCH] MAINTAINERS: Add myself as vhost-user-blk maintainer

[Philippe Mathieu-Daudé]

On 4/10/20 2:28 AM, Raphael Norwitz wrote:
> Ping

FYI this patch has been recently merged as commit
b372d79b236a4e07eaa3ce65ee0543569b712326.

> 
> On Thu, Mar 26, 2020 at 04:47:35AM -0400, Raphael Norwitz wrote:
>> As suggested by Michael, let's add me as a maintainer of
>> vhost-user-blk and vhost-user-scsi.
>>
>> CC: Michael S. Tsirkin 
>> CC Peter Maydell 
>> Signed-off-by: Raphael Norwitz 
>> ---
>>  MAINTAINERS | 12 
>>  1 file changed, 12 insertions(+)
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index e580276..239ecc1 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -1845,6 +1845,18 @@ F: hw/display/virtio-gpu*
>>  F: hw/display/virtio-vga.*
>>  F: include/hw/virtio/virtio-gpu.h
>>  
>> +vhost-user-blk
>> +M: Raphael Norwitz 
>> +S: Maintained
>> +F: contrib/vhost-user-blk/
>> +F: contrib/vhost-user-scsi/
>> +F: hw/block/vhost-user-blk.c
>> +F: hw/scsi/vhost-user-scsi.c
>> +F: hw/virtio/vhost-user-blk-pci.c
>> +F: hw/virtio/vhost-user-scsi-pci.c
>> +F: include/hw/virtio/vhost-user-blk.h
>> +F: include/hw/virtio/vhost-user-scsi.h
>> +
>>  vhost-user-gpu
>>  M: Marc-André Lureau 
>>  M: Gerd Hoffmann 
>> -- 
>> 1.8.3.1
> 

Re: [PATCH-for-5.1 v3 13/24] hw/arm/stm32f205_soc: Move some code from realize() to init()

[Alistair Francis]

On Sun, Apr 12, 2020 at 3:42 PM Philippe Mathieu-Daudé  wrote:
>
> Coccinelle reported:
>
>   $ spatch ... --timeout 60 --sp-file \
> scripts/coccinelle/simplify-init-realize-error_propagate.cocci
>   HANDLING: ./hw/arm/stm32f205_soc.c
>   >>> possible moves from stm32f205_soc_initfn() to stm32f205_soc_realize() 
> in ./hw/arm/stm32f205_soc.c:83
>
> Move the calls using &error_fatal which don't depend on input
> updated before realize() to init().
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
> v3: Typo 'depend of' -> 'depend on' (eblake)
> ---
>  hw/arm/stm32f205_soc.c | 20 ++--
>  1 file changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
> index 42f4e44134..76b0b0e9be 100644
> --- a/hw/arm/stm32f205_soc.c
> +++ b/hw/arm/stm32f205_soc.c
> @@ -49,6 +49,7 @@ static const int spi_irq[STM_NUM_SPIS] = {35, 36, 51};
>  static void stm32f205_soc_initfn(Object *obj)
>  {
>  STM32F205State *s = STM32F205_SOC(obj);
> +MemoryRegion *system_memory = get_system_memory();
>  int i;
>
>  sysbus_init_child_obj(obj, "armv7m", &s->armv7m, sizeof(s->armv7m),
> @@ -78,6 +79,14 @@ static void stm32f205_soc_initfn(Object *obj)
>  sysbus_init_child_obj(obj, "spi[*]", &s->spi[i], sizeof(s->spi[i]),
>TYPE_STM32F2XX_SPI);
>  }
> +
> +memory_region_init_ram(&s->sram, NULL, "STM32F205.sram", SRAM_SIZE,
> +   &error_fatal);
> +memory_region_add_subregion(system_memory, SRAM_BASE_ADDRESS, &s->sram);
> +
> +memory_region_init_rom(&s->flash, obj, "STM32F205.flash",
> +   FLASH_SIZE, &error_fatal);
> +memory_region_add_subregion(system_memory, FLASH_BASE_ADDRESS, 
> &s->flash);
>  }
>
>  static void stm32f205_soc_realize(DeviceState *dev_soc, Error **errp)
> @@ -87,19 +96,10 @@ static void stm32f205_soc_realize(DeviceState *dev_soc, 
> Error **errp)
>  SysBusDevice *busdev;
>  Error *err = NULL;
>  int i;
> -MemoryRegion *system_memory = get_system_memory();
>
> -memory_region_init_rom(&s->flash, OBJECT(dev_soc), "STM32F205.flash",
> -   FLASH_SIZE, &error_fatal);
>  memory_region_init_alias(&s->flash_alias, OBJECT(dev_soc),
>   "STM32F205.flash.alias", &s->flash, 0, 
> FLASH_SIZE);
> -
> -memory_region_add_subregion(system_memory, FLASH_BASE_ADDRESS, 
> &s->flash);
> -memory_region_add_subregion(system_memory, 0, &s->flash_alias);
> -
> -memory_region_init_ram(&s->sram, NULL, "STM32F205.sram", SRAM_SIZE,
> -   &error_fatal);
> -memory_region_add_subregion(system_memory, SRAM_BASE_ADDRESS, &s->sram);
> +memory_region_add_subregion(get_system_memory(), 0, &s->flash_alias);
>
>  armv7m = DEVICE(&s->armv7m);
>  qdev_prop_set_uint32(armv7m, "num-irq", 96);
> --
> 2.21.1
>
>

Re: [PATCH-for-5.1 v3 14/24] hw/arm/xlnx-zynqmp: Use single propagate_error() call

[Alistair Francis]

On Sun, Apr 12, 2020 at 3:45 PM Philippe Mathieu-Daudé  wrote:
>
> Coccinelle failed at processing this file:
>
>   $ spatch ... --timeout 60 --sp-file \
> scripts/coccinelle/simplify-init-realize-error_propagate.cocci
>   HANDLING: ./hw/arm/xlnx-zynqmp.c
>   EXN: Coccinelle_modules.Common.Timeout
>
> We are going to manually add the missing propagate_error() calls.
> As there are many Error* calls used, simplify by using an unique
> call to propagate_error().

I'm not a huge fan of goto's so I'm not sure this is simpler.

Alistair

>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/arm/xlnx-zynqmp.c | 61 +---
>  1 file changed, 23 insertions(+), 38 deletions(-)
>
> diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
> index b84d153d56..43d57fa7de 100644
> --- a/hw/arm/xlnx-zynqmp.c
> +++ b/hw/arm/xlnx-zynqmp.c
> @@ -385,15 +385,13 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>  object_property_set_bool(OBJECT(&s->apu_cpu[i]), true, "realized",
>   &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>  }
>
>  object_property_set_bool(OBJECT(&s->gic), true, "realized", &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>
>  assert(ARRAY_SIZE(xlnx_zynqmp_gic_regions) == XLNX_ZYNQMP_GIC_REGIONS);
> @@ -462,8 +460,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>
>  xlnx_zynqmp_create_rpu(ms, s, boot_cpu, &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>
>  if (!s->boot_cpu_ptr) {
> @@ -488,8 +485,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>  &error_abort);
>  object_property_set_bool(OBJECT(&s->gem[i]), true, "realized", &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>  sysbus_mmio_map(SYS_BUS_DEVICE(&s->gem[i]), 0, gem_addr[i]);
>  sysbus_connect_irq(SYS_BUS_DEVICE(&s->gem[i]), 0,
> @@ -500,8 +496,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>  qdev_prop_set_chr(DEVICE(&s->uart[i]), "chardev", serial_hd(i));
>  object_property_set_bool(OBJECT(&s->uart[i]), true, "realized", 
> &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>  sysbus_mmio_map(SYS_BUS_DEVICE(&s->uart[i]), 0, uart_addr[i]);
>  sysbus_connect_irq(SYS_BUS_DEVICE(&s->uart[i]), 0,
> @@ -512,8 +507,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>  &error_abort);
>  object_property_set_bool(OBJECT(&s->sata), true, "realized", &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>
>  sysbus_mmio_map(SYS_BUS_DEVICE(&s->sata), 0, SATA_ADDR);
> @@ -531,23 +525,19 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>   */
>  object_property_set_uint(sdhci, 3, "sd-spec-version", &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>  object_property_set_uint(sdhci, SDHCI_CAPABILITIES, "capareg", &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>  object_property_set_uint(sdhci, UHS_I, "uhs", &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>  object_property_set_bool(sdhci, true, "realized", &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>  sysbus_mmio_map(sbd, 0, sdhci_addr[i]);
>  sysbus_connect_irq(sbd, 0, gic_spi[sdhci_intr[i]]);
> @@ -564,8 +554,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>
>  object_property_set_bool(OBJECT(&s->spi[i]), true, "realized", &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>
>  sysbus_mmio_map(SYS_BUS_DEVICE(&s->spi[i]), 0, spi_addr[i]);
> @@ -582,8 +571,7 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>
>  object_property_set_bool(OBJECT(&s->qspi), true, "realized", &err);
>  if (err) {
> -error_propagate(errp, err);
> -return;
> +goto out_propagate_error;
>  }
>  sysb

Re: [PATCH-for-5.1 v3 16/24] hw/arm/xlnx-zynqmp: Move some code from realize() to init()

[Alistair Francis]

On Sun, Apr 12, 2020 at 3:41 PM Philippe Mathieu-Daudé  wrote:
>
> Coccinelle failed at processing this file:
>
>   $ spatch ... --timeout 60 --sp-file \
> scripts/coccinelle/simplify-init-realize-error_propagate.cocci
>   HANDLING: ./hw/arm/xlnx-zynqmp.c
>   EXN: Coccinelle_modules.Common.Timeout
>
> Move the calls using &error_abort which don't depend on input
> updated before realize() to init().
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
> v3: Typo 'depend of' -> 'depend on' (eblake)
> ---
>  hw/arm/xlnx-zynqmp.c | 22 +++---
>  1 file changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
> index 457057198a..5ec9c24ee7 100644
> --- a/hw/arm/xlnx-zynqmp.c
> +++ b/hw/arm/xlnx-zynqmp.c
> @@ -242,6 +242,11 @@ static void xlnx_zynqmp_init(Object *obj)
>  &s->apu_cpu[i], sizeof(s->apu_cpu[i]),
>  ARM_CPU_TYPE_NAME("cortex-a53"),
>  &error_abort, NULL);
> +
> +object_property_set_int(OBJECT(&s->apu_cpu[i]), 
> QEMU_PSCI_CONDUIT_SMC,
> +"psci-conduit", &error_abort);
> +object_property_set_int(OBJECT(&s->apu_cpu[i]), GIC_BASE_ADDR,
> +"reset-cbar", &error_abort);
>  }
>
>  sysbus_init_child_obj(obj, "gic", &s->gic, sizeof(s->gic),
> @@ -250,6 +255,10 @@ static void xlnx_zynqmp_init(Object *obj)
>  for (i = 0; i < XLNX_ZYNQMP_NUM_GEMS; i++) {
>  sysbus_init_child_obj(obj, "gem[*]", &s->gem[i], sizeof(s->gem[i]),
>TYPE_CADENCE_GEM);
> +object_property_set_int(OBJECT(&s->gem[i]), GEM_REVISION, "revision",
> +&error_abort);
> +object_property_set_int(OBJECT(&s->gem[i]), 2, "num-priority-queues",
> +&error_abort);
>  }
>
>  for (i = 0; i < XLNX_ZYNQMP_NUM_UARTS; i++) {
> @@ -259,6 +268,8 @@ static void xlnx_zynqmp_init(Object *obj)
>
>  sysbus_init_child_obj(obj, "sata", &s->sata, sizeof(s->sata),
>TYPE_SYSBUS_AHCI);
> +object_property_set_int(OBJECT(&s->sata), SATA_NUM_PORTS, "num-ports",
> +&error_abort);
>
>  for (i = 0; i < XLNX_ZYNQMP_NUM_SDHCI; i++) {
>  sysbus_init_child_obj(obj, "sdhci[*]", &s->sdhci[i],
> @@ -370,9 +381,6 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>  for (i = 0; i < num_apus; i++) {
>  char *name;
>
> -object_property_set_int(OBJECT(&s->apu_cpu[i]), 
> QEMU_PSCI_CONDUIT_SMC,
> -"psci-conduit", &error_abort);
> -
>  name = object_get_canonical_path_component(OBJECT(&s->apu_cpu[i]));
>  if (strcmp(name, boot_cpu)) {
>  /* Secondary CPUs start in PSCI powered-down state */
> @@ -387,8 +395,6 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>   s->secure, "has_el3", NULL);
>  object_property_set_bool(OBJECT(&s->apu_cpu[i]),
>   s->virt, "has_el2", NULL);
> -object_property_set_int(OBJECT(&s->apu_cpu[i]), GIC_BASE_ADDR,
> -"reset-cbar", &error_abort);
>  object_property_set_int(OBJECT(&s->apu_cpu[i]), num_apus,
>  "core-count", &error_abort);
>  object_property_set_bool(OBJECT(&s->apu_cpu[i]), true, "realized",
> @@ -490,10 +496,6 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>  qemu_check_nic_model(nd, TYPE_CADENCE_GEM);
>  qdev_set_nic_properties(DEVICE(&s->gem[i]), nd);
>  }
> -object_property_set_int(OBJECT(&s->gem[i]), GEM_REVISION, "revision",
> -&error_abort);
> -object_property_set_int(OBJECT(&s->gem[i]), 2, "num-priority-queues",
> -&error_abort);
>  object_property_set_bool(OBJECT(&s->gem[i]), true, "realized", &err);
>  if (err) {
>  goto out_propagate_error;
> @@ -514,8 +516,6 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
> gic_spi[uart_intr[i]]);
>  }
>
> -object_property_set_int(OBJECT(&s->sata), SATA_NUM_PORTS, "num-ports",
> -&error_abort);
>  object_property_set_bool(OBJECT(&s->sata), true, "realized", &err);
>  if (err) {
>  goto out_propagate_error;
> --
> 2.21.1
>
>

Re: [PATCH-for-5.1 v3 20/24] hw/riscv/sifive_u: Use single type_init()

[Alistair Francis]

On Sun, Apr 12, 2020 at 3:48 PM Philippe Mathieu-Daudé  wrote:
>
> We can use a single type_init() to call multiple type_register*().
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/riscv/sifive_u.c | 12 +++-
>  1 file changed, 3 insertions(+), 9 deletions(-)
>
> diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
> index 998666c91f..9c90c94c33 100644
> --- a/hw/riscv/sifive_u.c
> +++ b/hw/riscv/sifive_u.c
> @@ -601,13 +601,6 @@ static const TypeInfo riscv_sifive_u_soc_type_info = {
>  .class_init = riscv_sifive_u_soc_class_init,
>  };
>
> -static void riscv_sifive_u_soc_register_types(void)
> -{
> -type_register_static(&riscv_sifive_u_soc_type_info);
> -}
> -
> -type_init(riscv_sifive_u_soc_register_types)
> -
>  static void riscv_sifive_u_machine_class_init(ObjectClass *oc, void *data)
>  {
>  MachineClass *mc = MACHINE_CLASS(oc);
> @@ -627,9 +620,10 @@ static const TypeInfo riscv_sifive_u_machine_typeinfo = {
>  .instance_size = sizeof(SiFiveUState),
>  };
>
> -static void riscv_sifive_u_machine_init_register_types(void)
> +static void riscv_sifive_u_register_types(void)
>  {
> +type_register_static(&riscv_sifive_u_soc_type_info);
>  type_register_static(&riscv_sifive_u_machine_typeinfo);
>  }
>
> -type_init(riscv_sifive_u_machine_init_register_types)
> +type_init(riscv_sifive_u_register_types)
> --
> 2.21.1
>
>

Re: [PATCH-for-5.1 v3 08/23] hw/arm/armv7m: Add missing error-propagation code

[Alistair Francis]

On Sun, Apr 12, 2020 at 3:54 PM Philippe Mathieu-Daudé  wrote:
>
> Patch created mechanically by running:
>
>   $ spatch \
> --macro-file scripts/cocci-macro-file.h --include-headers \
> --sp-file scripts/coccinelle/use-error_propagate-in-realize.cocci \
> --keep-comments --smpl-spacing --in-place --dir hw
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/arm/armv7m.c | 12 ++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
> index 7531b97ccd..249a7605f6 100644
> --- a/hw/arm/armv7m.c
> +++ b/hw/arm/armv7m.c
> @@ -168,7 +168,11 @@ static void armv7m_realize(DeviceState *dev, Error 
> **errp)
>  }
>
>  object_property_set_link(OBJECT(s->cpu), OBJECT(&s->container), "memory",
> - &error_abort);
> + &err);
> +if (err) {
> +error_propagate(errp, err);
> +return;
> +}
>  if (object_property_find(OBJECT(s->cpu), "idau", NULL)) {
>  object_property_set_link(OBJECT(s->cpu), s->idau, "idau", &err);
>  if (err != NULL) {
> @@ -256,7 +260,11 @@ static void armv7m_realize(DeviceState *dev, Error 
> **errp)
>  return;
>  }
>  object_property_set_link(obj, OBJECT(s->board_memory),
> - "source-memory", &error_abort);
> + "source-memory", &err);
> +if (err) {
> +error_propagate(errp, err);
> +return;
> +}
>  object_property_set_bool(obj, true, "realized", &err);
>  if (err != NULL) {
>  error_propagate(errp, err);
> --
> 2.21.1
>
>