[PULL 00/37] Build system + accel + record/replay patches for 2020-10-06

[Paolo Bonzini]

The following changes since commit 0ac0b47c44b4be6cbce26777a1a5968cc8f025a5:

  Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into 
staging (2020-10-05 13:12:55 +0100)

are available in the Git repository at:

  https://gitlab.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to be52eca309788aa69dc10a8cae63e8a40de7a2f7:

  tests/acceptance: add reverse debugging test (2020-10-06 08:34:50 +0200)


* Reverse debugging (Pavel)
* CFLAGS cleanup (Paolo)
* ASLR fix (Mark)
* cpus.c refactoring (Claudio)


Claudio Fontana (17):
  cpu-timers, icount: new modules
  icount: rename functions to be consistent with the module name
  cpus: prepare new CpusAccel cpu accelerator interface
  cpus: extract out TCG-specific code to accel/tcg
  cpus: extract out qtest-specific code to accel/qtest
  cpus: extract out kvm-specific code to accel/kvm
  cpus: extract out hax-specific code to target/i386/
  cpus: extract out whpx-specific code to target/i386/
  cpus: extract out hvf-specific code to target/i386/hvf/
  cpus: cleanup now unneeded includes
  cpus: remove checks for non-NULL cpus_accel
  cpus: add handle_interrupt to the CpusAccel interface
  hvf: remove hvf specific functions from global includes
  whpx: remove whpx specific functions from global includes
  hax: remove hax specific functions from global includes
  kvm: remove kvm specific functions from global includes
  accel/tcg: use current_machine as it is always set for softmmu

Dr. David Alan Gilbert (1):
  kvm: kvm_init_vcpu take Error pointer

Mark Cave-Ayland (1):
  configure: don't enable ASLR for --enable-debug Windows builds

Paolo Bonzini (4):
  slirp: Convert Makefile bits to meson bits
  dtc: Convert Makefile bits to meson bits
  configure: do not clobber environment CFLAGS/CXXFLAGS/LDFLAGS
  configure: consistently pass CFLAGS/CXXFLAGS/LDFLAGS to meson

Pavel Dovgaluk (10):
  replay: provide an accessor for rr filename
  qapi: introduce replay.json for record/replay-related stuff
  replay: introduce info hmp/qmp command
  replay: introduce breakpoint at the specified step
  replay: implement replay-seek command
  replay: flush rr queue before loading the vmstate
  gdbstub: add reverse step support in replay mode
  gdbstub: add reverse continue support in replay mode
  replay: describe reverse debugging in docs/replay.txt
  tests/acceptance: add reverse debugging test

Pavel Dovgalyuk (4):
  replay: don't record interrupt poll
  qcow2: introduce icount field for snapshots
  migration: introduce icount field for snapshots
  replay: create temporary snapshot at debugger connection

 MAINTAINERS  |7 +-
 Makefile |   28 +-
 accel/kvm/kvm-all.c  |   33 +-
 accel/kvm/kvm-cpus.c |   84 +
 accel/kvm/kvm-cpus.h |   24 +
 accel/kvm/meson.build|5 +-
 accel/kvm/trace-events   |1 +
 accel/meson.build|2 +-
 accel/qtest/meson.build  |7 +
 accel/qtest/qtest-cpus.c |   91 +
 accel/qtest/qtest-cpus.h |   17 +
 accel/{ => qtest}/qtest.c|   13 +-
 accel/stubs/hax-stub.c   |   10 -
 accel/stubs/hvf-stub.c   |   30 -
 accel/stubs/kvm-stub.c   |   23 -
 accel/stubs/meson.build  |2 -
 accel/stubs/whpx-stub.c  |   47 -
 accel/tcg/cpu-exec.c |   64 +-
 accel/tcg/meson.build|2 +-
 accel/tcg/tcg-all.c  |   42 +-
 accel/tcg/tcg-cpus.c |  570 +++
 accel/tcg/tcg-cpus.h |   17 +
 accel/tcg/translate-all.c|3 +-
 accel/tcg/translator.c   |1 +
 block/qapi.c |   18 +-
 block/qcow2-snapshot.c   |9 +
 block/qcow2.h|3 +
 blockdev.c   |   10 +
 configure|  231 +--
 default-configs/targets/aarch64-softmmu.mak  |1 +
 default-configs/targets/arm-softmmu.mak  |1 +
 default-configs/targets/microblaze-softmmu.mak   |1 +
 default-configs/targets/microblazeel-softmmu.mak |1 +
 default-configs/targets/mips64el-softmmu.mak |1 +
 default-configs/targets/ppc-softmmu.mak  |1 +
 default-configs/

[PULL 03/37] cpus: prepare new CpusAccel cpu accelerator interface

[Paolo Bonzini]

From: Claudio Fontana 

The new interface starts unused, will start being used by the
next patches.

It provides methods for each accelerator to start a vcpu, kick a vcpu,
synchronize state, get cpu virtual clock and elapsed ticks.

In qemu_wait_io_event, make it clear that APC is used only for HAX
on Windows.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 hw/core/cpu.c  |   1 +
 hw/i386/x86.c  |   2 +-
 include/sysemu/cpu-timers.h|   9 +-
 include/sysemu/cpus.h  |  36 ++
 include/sysemu/hw_accel.h  |  69 +---
 softmmu/cpu-timers.c   |   9 +-
 softmmu/cpus.c | 195 ++---
 stubs/cpu-synchronize-state.c  |   9 ++
 stubs/cpus-get-virtual-clock.c |   8 ++
 stubs/meson.build  |   2 +
 util/qemu-timer.c  |   8 +-
 11 files changed, 225 insertions(+), 123 deletions(-)
 create mode 100644 stubs/cpu-synchronize-state.c
 create mode 100644 stubs/cpus-get-virtual-clock.c

diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index c55c09f734..d596182621 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -33,6 +33,7 @@
 #include "hw/qdev-properties.h"
 #include "trace/trace-root.h"
 #include "qemu/plugin.h"
+#include "sysemu/hw_accel.h"
 
 CPUInterruptHandler cpu_interrupt_handler;
 
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index 953083e063..3137a20085 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -522,7 +522,7 @@ static long get_file_size(FILE *f)
 /* TSC handling */
 uint64_t cpu_get_tsc(CPUX86State *env)
 {
-return cpu_get_ticks();
+return cpus_get_elapsed_ticks();
 }
 
 /* IRQ handling */
diff --git a/include/sysemu/cpu-timers.h b/include/sysemu/cpu-timers.h
index 7726e005cd..ed6ee5c46c 100644
--- a/include/sysemu/cpu-timers.h
+++ b/include/sysemu/cpu-timers.h
@@ -70,9 +70,8 @@ void cpu_enable_ticks(void);
 void cpu_disable_ticks(void);
 
 /*
- * return the time elapsed in VM between vm_start and vm_stop.  Unless
- * icount is active, cpu_get_ticks() uses units of the host CPU cycle
- * counter.
+ * return the time elapsed in VM between vm_start and vm_stop.
+ * cpu_get_ticks() uses units of the host CPU cycle counter.
  */
 int64_t cpu_get_ticks(void);
 
@@ -84,4 +83,8 @@ int64_t cpu_get_clock(void);
 
 void qemu_timer_notify_cb(void *opaque, QEMUClockType type);
 
+/* get the VIRTUAL clock and VM elapsed ticks via the cpus accel interface */
+int64_t cpus_get_virtual_clock(void);
+int64_t cpus_get_elapsed_ticks(void);
+
 #endif /* SYSEMU_CPU_TIMERS_H */
diff --git a/include/sysemu/cpus.h b/include/sysemu/cpus.h
index 149de000a0..26171697f5 100644
--- a/include/sysemu/cpus.h
+++ b/include/sysemu/cpus.h
@@ -4,7 +4,43 @@
 #include "qemu/timer.h"
 
 /* cpus.c */
+
+/* CPU execution threads */
+
+typedef struct CpusAccel {
+void (*create_vcpu_thread)(CPUState *cpu); /* MANDATORY */
+void (*kick_vcpu_thread)(CPUState *cpu);
+
+void (*synchronize_post_reset)(CPUState *cpu);
+void (*synchronize_post_init)(CPUState *cpu);
+void (*synchronize_state)(CPUState *cpu);
+void (*synchronize_pre_loadvm)(CPUState *cpu);
+
+int64_t (*get_virtual_clock)(void);
+int64_t (*get_elapsed_ticks)(void);
+} CpusAccel;
+
+/* register accel-specific cpus interface implementation */
+void cpus_register_accel(const CpusAccel *i);
+
+/* interface available for cpus accelerator threads */
+
+/* For temporary buffers for forming a name */
+#define VCPU_THREAD_NAME_SIZE 16
+
+void cpus_kick_thread(CPUState *cpu);
+bool cpu_work_list_empty(CPUState *cpu);
+bool cpu_thread_is_idle(CPUState *cpu);
 bool all_cpu_threads_idle(void);
+bool cpu_can_run(CPUState *cpu);
+void qemu_wait_io_event_common(CPUState *cpu);
+void qemu_wait_io_event(CPUState *cpu);
+void cpu_thread_signal_created(CPUState *cpu);
+void cpu_thread_signal_destroyed(CPUState *cpu);
+void cpu_handle_guest_debug(CPUState *cpu);
+
+/* end interface for cpus accelerator threads */
+
 bool qemu_in_vcpu_thread(void);
 void qemu_init_cpu_loop(void);
 void resume_all_vcpus(void);
diff --git a/include/sysemu/hw_accel.h b/include/sysemu/hw_accel.h
index e128f8b06b..ffed6192a3 100644
--- a/include/sysemu/hw_accel.h
+++ b/include/sysemu/hw_accel.h
@@ -1,5 +1,5 @@
 /*
- * QEMU Hardware accelertors support
+ * QEMU Hardware accelerators support
  *
  * Copyright 2016 Google, Inc.
  *
@@ -17,68 +17,9 @@
 #include "sysemu/hvf.h"
 #include "sysemu/whpx.h"
 
-static inline void cpu_synchronize_state(CPUState *cpu)
-{
-if (kvm_enabled()) {
-kvm_cpu_synchronize_state(cpu);
-}
-if (hax_enabled()) {
-hax_cpu_synchronize_state(cpu);
-}
-if (hvf_enabled()) {
-hvf_cpu_synchronize_state(cpu);
-}
-if (whpx_enabled()) {
-whpx_cpu_synchronize_state(cpu);
-}
-}
-
-static inline void cpu_synchronize_post_reset(CPUState *cpu)
-{
-if (kvm_enabled()) {
-kvm_cpu_synchronize_post_reset(cpu);
-}
-if (hax_enabled()) {
-  

[PULL 08/37] cpus: extract out whpx-specific code to target/i386/

[Paolo Bonzini]

From: Claudio Fontana 

register a "CpusAccel" interface for WHPX as well.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS |  1 +
 softmmu/cpus.c  | 79 -
 target/i386/meson.build |  5 ++-
 target/i386/whpx-all.c  |  3 ++
 target/i386/whpx-cpus.c | 96 +
 target/i386/whpx-cpus.h | 17 
 6 files changed, 121 insertions(+), 80 deletions(-)
 create mode 100644 target/i386/whpx-cpus.c
 create mode 100644 target/i386/whpx-cpus.h

diff --git a/MAINTAINERS b/MAINTAINERS
index ecc45dfac4..231f854437 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -451,6 +451,7 @@ WHPX CPUs
 M: Sunil Muthuswamy 
 S: Supported
 F: target/i386/whpx-all.c
+F: target/i386/whpx-cpus.c
 F: target/i386/whp-dispatch.h
 F: accel/stubs/whpx-stub.c
 F: include/sysemu/whpx.h
diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 900fff827a..067dae12eb 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -34,7 +34,6 @@
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "sysemu/hvf.h"
-#include "sysemu/whpx.h"
 #include "exec/exec-all.h"
 #include "qemu/thread.h"
 #include "qemu/plugin.h"
@@ -178,9 +177,6 @@ void cpu_synchronize_state(CPUState *cpu)
 if (cpus_accel && cpus_accel->synchronize_state) {
 cpus_accel->synchronize_state(cpu);
 }
-if (whpx_enabled()) {
-whpx_cpu_synchronize_state(cpu);
-}
 }
 
 void cpu_synchronize_post_reset(CPUState *cpu)
@@ -188,9 +184,6 @@ void cpu_synchronize_post_reset(CPUState *cpu)
 if (cpus_accel && cpus_accel->synchronize_post_reset) {
 cpus_accel->synchronize_post_reset(cpu);
 }
-if (whpx_enabled()) {
-whpx_cpu_synchronize_post_reset(cpu);
-}
 }
 
 void cpu_synchronize_post_init(CPUState *cpu)
@@ -198,9 +191,6 @@ void cpu_synchronize_post_init(CPUState *cpu)
 if (cpus_accel && cpus_accel->synchronize_post_init) {
 cpus_accel->synchronize_post_init(cpu);
 }
-if (whpx_enabled()) {
-whpx_cpu_synchronize_post_init(cpu);
-}
 }
 
 void cpu_synchronize_pre_loadvm(CPUState *cpu)
@@ -211,9 +201,6 @@ void cpu_synchronize_pre_loadvm(CPUState *cpu)
 if (hvf_enabled()) {
 hvf_cpu_synchronize_pre_loadvm(cpu);
 }
-if (whpx_enabled()) {
-whpx_cpu_synchronize_pre_loadvm(cpu);
-}
 }
 
 int64_t cpus_get_virtual_clock(void)
@@ -445,48 +432,6 @@ static void *qemu_hvf_cpu_thread_fn(void *arg)
 return NULL;
 }
 
-static void *qemu_whpx_cpu_thread_fn(void *arg)
-{
-CPUState *cpu = arg;
-int r;
-
-rcu_register_thread();
-
-qemu_mutex_lock_iothread();
-qemu_thread_get_self(cpu->thread);
-cpu->thread_id = qemu_get_thread_id();
-current_cpu = cpu;
-
-r = whpx_init_vcpu(cpu);
-if (r < 0) {
-fprintf(stderr, "whpx_init_vcpu failed: %s\n", strerror(-r));
-exit(1);
-}
-
-/* signal CPU creation */
-cpu_thread_signal_created(cpu);
-qemu_guest_random_seed_thread_part2(cpu->random_seed);
-
-do {
-if (cpu_can_run(cpu)) {
-r = whpx_vcpu_exec(cpu);
-if (r == EXCP_DEBUG) {
-cpu_handle_guest_debug(cpu);
-}
-}
-while (cpu_thread_is_idle(cpu)) {
-qemu_cond_wait(cpu->halt_cond, &qemu_global_mutex);
-}
-qemu_wait_io_event_common(cpu);
-} while (!cpu->unplug || cpu_can_run(cpu));
-
-whpx_destroy_vcpu(cpu);
-cpu_thread_signal_destroyed(cpu);
-qemu_mutex_unlock_iothread();
-rcu_unregister_thread();
-return NULL;
-}
-
 void cpus_kick_thread(CPUState *cpu)
 {
 #ifndef _WIN32
@@ -501,12 +446,6 @@ void cpus_kick_thread(CPUState *cpu)
 fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
 exit(1);
 }
-#else /* _WIN32 */
-if (!qemu_cpu_is_self(cpu)) {
-if (whpx_enabled()) {
-whpx_vcpu_kick(cpu);
-}
-}
 #endif
 }
 
@@ -681,22 +620,6 @@ static void qemu_hvf_start_vcpu(CPUState *cpu)
cpu, QEMU_THREAD_JOINABLE);
 }
 
-static void qemu_whpx_start_vcpu(CPUState *cpu)
-{
-char thread_name[VCPU_THREAD_NAME_SIZE];
-
-cpu->thread = g_malloc0(sizeof(QemuThread));
-cpu->halt_cond = g_malloc0(sizeof(QemuCond));
-qemu_cond_init(cpu->halt_cond);
-snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/WHPX",
- cpu->cpu_index);
-qemu_thread_create(cpu->thread, thread_name, qemu_whpx_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
-#ifdef _WIN32
-cpu->hThread = qemu_thread_get_handle(cpu->thread);
-#endif
-}
-
 void cpus_register_accel(const CpusAccel *ca)
 {
 assert(ca != NULL);
@@ -726,8 +649,6 @@ void qemu_init_vcpu(CPUState *cpu)
 cpus_accel->create_vcpu_thread(cpu);
 } else if (hvf_enabled()) {
 qemu_hvf_start_vcpu(cpu);
-} else if (whpx_enabled()) {
-qemu_whpx_start_vcpu(cpu);
 } else {
 g_assert_n

[PULL 05/37] cpus: extract out qtest-specific code to accel/qtest

[Paolo Bonzini]

From: Claudio Fontana 

register a "CpusAccel" interface for qtest as well.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS   |  2 +-
 accel/meson.build |  2 +-
 accel/qtest/meson.build   |  7 +++
 accel/qtest/qtest-cpus.c  | 91 +++
 accel/qtest/qtest-cpus.h  | 17 
 accel/{ => qtest}/qtest.c |  7 +++
 softmmu/cpus.c| 64 +--
 7 files changed, 125 insertions(+), 65 deletions(-)
 create mode 100644 accel/qtest/meson.build
 create mode 100644 accel/qtest/qtest-cpus.c
 create mode 100644 accel/qtest/qtest-cpus.h
 rename accel/{ => qtest}/qtest.c (86%)

diff --git a/MAINTAINERS b/MAINTAINERS
index a59be84de6..ecc45dfac4 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2492,7 +2492,7 @@ M: Laurent Vivier 
 R: Paolo Bonzini 
 S: Maintained
 F: softmmu/qtest.c
-F: accel/qtest.c
+F: accel/qtest/
 F: tests/qtest/
 X: tests/qtest/bios-tables-test-allowed-diff.h
 
diff --git a/accel/meson.build b/accel/meson.build
index 26c503e480..bb00d0fd13 100644
--- a/accel/meson.build
+++ b/accel/meson.build
@@ -1,6 +1,6 @@
 softmmu_ss.add(files('accel.c'))
-specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_POSIX'], if_true: 
files('qtest.c'))
 
+subdir('qtest')
 subdir('kvm')
 subdir('tcg')
 subdir('xen')
diff --git a/accel/qtest/meson.build b/accel/qtest/meson.build
new file mode 100644
index 00..e477cb2ae2
--- /dev/null
+++ b/accel/qtest/meson.build
@@ -0,0 +1,7 @@
+qtest_ss = ss.source_set()
+qtest_ss.add(files(
+  'qtest.c',
+  'qtest-cpus.c',
+))
+
+specific_ss.add_all(when: ['CONFIG_SOFTMMU', 'CONFIG_POSIX'], if_true: 
qtest_ss)
diff --git a/accel/qtest/qtest-cpus.c b/accel/qtest/qtest-cpus.c
new file mode 100644
index 00..7c5399ed9d
--- /dev/null
+++ b/accel/qtest/qtest-cpus.c
@@ -0,0 +1,91 @@
+/*
+ * QTest accelerator code
+ *
+ * Copyright IBM, Corp. 2011
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/rcu.h"
+#include "qapi/error.h"
+#include "qemu/module.h"
+#include "qemu/option.h"
+#include "qemu/config-file.h"
+#include "sysemu/accel.h"
+#include "sysemu/qtest.h"
+#include "sysemu/cpus.h"
+#include "sysemu/cpu-timers.h"
+#include "qemu/guest-random.h"
+#include "qemu/main-loop.h"
+#include "hw/core/cpu.h"
+
+#include "qtest-cpus.h"
+
+static void *qtest_cpu_thread_fn(void *arg)
+{
+#ifdef _WIN32
+error_report("qtest is not supported under Windows");
+exit(1);
+#else
+CPUState *cpu = arg;
+sigset_t waitset;
+int r;
+
+rcu_register_thread();
+
+qemu_mutex_lock_iothread();
+qemu_thread_get_self(cpu->thread);
+cpu->thread_id = qemu_get_thread_id();
+cpu->can_do_io = 1;
+current_cpu = cpu;
+
+sigemptyset(&waitset);
+sigaddset(&waitset, SIG_IPI);
+
+/* signal CPU creation */
+cpu_thread_signal_created(cpu);
+qemu_guest_random_seed_thread_part2(cpu->random_seed);
+
+do {
+qemu_mutex_unlock_iothread();
+do {
+int sig;
+r = sigwait(&waitset, &sig);
+} while (r == -1 && (errno == EAGAIN || errno == EINTR));
+if (r == -1) {
+perror("sigwait");
+exit(1);
+}
+qemu_mutex_lock_iothread();
+qemu_wait_io_event(cpu);
+} while (!cpu->unplug);
+
+qemu_mutex_unlock_iothread();
+rcu_unregister_thread();
+return NULL;
+#endif
+}
+
+static void qtest_start_vcpu_thread(CPUState *cpu)
+{
+char thread_name[VCPU_THREAD_NAME_SIZE];
+
+cpu->thread = g_malloc0(sizeof(QemuThread));
+cpu->halt_cond = g_malloc0(sizeof(QemuCond));
+qemu_cond_init(cpu->halt_cond);
+snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/DUMMY",
+ cpu->cpu_index);
+qemu_thread_create(cpu->thread, thread_name, qtest_cpu_thread_fn, cpu,
+   QEMU_THREAD_JOINABLE);
+}
+
+const CpusAccel qtest_cpus = {
+.create_vcpu_thread = qtest_start_vcpu_thread,
+.get_virtual_clock = qtest_get_virtual_clock,
+};
diff --git a/accel/qtest/qtest-cpus.h b/accel/qtest/qtest-cpus.h
new file mode 100644
index 00..739519a472
--- /dev/null
+++ b/accel/qtest/qtest-cpus.h
@@ -0,0 +1,17 @@
+/*
+ * Accelerator CPUS Interface
+ *
+ * Copyright 2020 SUSE LLC
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef QTEST_CPUS_H
+#define QTEST_CPUS_H
+
+#include "sysemu/cpus.h"
+
+extern const CpusAccel qtest_cpus;
+
+#endif /* QTEST_CPUS_H */
diff --git a/accel/qtest.c b/accel/qtest/qtest.c
similarity index 86%
rename from accel/qtest.c
rename to accel/qtest/qtest.c
index 119d0f16a4..537e8b449c 100644
--- a/accel/qtest.c
+++ b/accel/qtest/qtest.c
@@ -12,6 +12,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "q

[PULL 02/37] icount: rename functions to be consistent with the module name

[Paolo Bonzini]

From: Claudio Fontana 

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
---
 accel/tcg/cpu-exec.c|  6 +++---
 docs/replay.txt |  6 +++---
 include/sysemu/cpu-timers.h | 16 +++---
 include/sysemu/replay.h |  4 ++--
 replay/replay.c |  2 +-
 softmmu/cpu-timers.c|  6 +++---
 softmmu/cpus.c  |  6 +++---
 softmmu/icount.c| 42 ++---
 softmmu/vl.c|  2 +-
 stubs/icount.c  | 16 +++---
 target/arm/helper.c |  4 ++--
 target/riscv/csr.c  |  4 ++--
 util/main-loop.c|  2 +-
 util/qemu-timer.c   |  4 ++--
 14 files changed, 60 insertions(+), 60 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 35bfe2ca92..0dbe67acf5 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -71,7 +71,7 @@ static void align_clocks(SyncClocks *sc, CPUState *cpu)
 }
 
 cpu_icount = cpu->icount_extra + cpu_neg(cpu)->icount_decr.u16.low;
-sc->diff_clk += cpu_icount_to_ns(sc->last_cpu_icount - cpu_icount);
+sc->diff_clk += icount_to_ns(sc->last_cpu_icount - cpu_icount);
 sc->last_cpu_icount = cpu_icount;
 
 if (sc->diff_clk > VM_CLOCK_ADVANCE) {
@@ -665,7 +665,7 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, 
TranslationBlock *tb,
 assert(icount_enabled());
 #ifndef CONFIG_USER_ONLY
 /* Ensure global icount has gone forward */
-cpu_update_icount(cpu);
+icount_update(cpu);
 /* Refill decrementer and continue execution.  */
 insns_left = MIN(0x, cpu->icount_budget);
 cpu_neg(cpu)->icount_decr.u16.low = insns_left;
@@ -775,7 +775,7 @@ void dump_drift_info(void)
 }
 
 qemu_printf("Host - Guest clock  %"PRIi64" ms\n",
-(cpu_get_clock() - cpu_get_icount()) / SCALE_MS);
+(cpu_get_clock() - icount_get()) / SCALE_MS);
 if (icount_align_option) {
 qemu_printf("Max guest delay %"PRIi64" ms\n",
 -max_delay / SCALE_MS);
diff --git a/docs/replay.txt b/docs/replay.txt
index 70c27edb36..8952e6d852 100644
--- a/docs/replay.txt
+++ b/docs/replay.txt
@@ -184,11 +184,11 @@ is then incremented (which is called "warping" the 
virtual clock) as
 soon as the timer fires or the CPUs need to go out of the idle state.
 Two functions are used for this purpose; because these actions change
 virtual machine state and must be deterministic, each of them creates a
-checkpoint.  qemu_start_warp_timer checks if the CPUs are idle and if so
-starts accounting real time to virtual clock.  qemu_account_warp_timer
+checkpoint.  icount_start_warp_timer checks if the CPUs are idle and if so
+starts accounting real time to virtual clock.  icount_account_warp_timer
 is called when the CPUs get an interrupt or when the warp timer fires,
 and it warps the virtual clock by the amount of real time that has passed
-since qemu_start_warp_timer.
+since icount_start_warp_timer.
 
 Bottom halves
 -
diff --git a/include/sysemu/cpu-timers.h b/include/sysemu/cpu-timers.h
index 4b621fea51..7726e005cd 100644
--- a/include/sysemu/cpu-timers.h
+++ b/include/sysemu/cpu-timers.h
@@ -35,30 +35,30 @@ extern int use_icount;
  * Update the icount with the executed instructions. Called by
  * cpus-tcg vCPU thread so the main-loop can see time has moved forward.
  */
-void cpu_update_icount(CPUState *cpu);
+void icount_update(CPUState *cpu);
 
 /* get raw icount value */
-int64_t cpu_get_icount_raw(void);
+int64_t icount_get_raw(void);
 
 /* return the virtual CPU time in ns, based on the instruction counter. */
-int64_t cpu_get_icount(void);
+int64_t icount_get(void);
 /*
  * convert an instruction counter value to ns, based on the icount shift.
  * This shift is set as a fixed value with the icount "shift" option
  * (precise mode), or it is constantly approximated and corrected at
  * runtime in adaptive mode.
  */
-int64_t cpu_icount_to_ns(int64_t icount);
+int64_t icount_to_ns(int64_t icount);
 
 /* configure the icount options, including "shift" */
-void configure_icount(QemuOpts *opts, Error **errp);
+void icount_configure(QemuOpts *opts, Error **errp);
 
 /* used by tcg vcpu thread to calc icount budget */
-int64_t qemu_icount_round(int64_t count);
+int64_t icount_round(int64_t count);
 
 /* if the CPUs are idle, start accounting real time to virtual clock. */
-void qemu_start_warp_timer(void);
-void qemu_account_warp_timer(void);
+void icount_start_warp_timer(void);
+void icount_account_warp_timer(void);
 
 /*
  * CPU Ticks and Clock
diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index 5471bb514d..a140d69a73 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -109,12 +109,12 @@ int64_t replay_read_clock(ReplayClockKind kind);
 #define REPLAY_CLOCK(clock, value)  \
 (replay_mode == REPLAY_MODE_PLAY ? 

[PULL 09/37] cpus: extract out hvf-specific code to target/i386/hvf/

[Paolo Bonzini]

From: Claudio Fontana 

register a "CpusAccel" interface for HVF as well.

Signed-off-by: Claudio Fontana 
Reviewed-by: Roman Bolshakov 
[added const]
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 softmmu/cpus.c  |  66 --
 target/i386/hvf/hvf-cpus.c  | 131 
 target/i386/hvf/hvf-cpus.h  |  17 +
 target/i386/hvf/hvf.c   |   3 +
 target/i386/hvf/meson.build |   1 +
 5 files changed, 152 insertions(+), 66 deletions(-)
 create mode 100644 target/i386/hvf/hvf-cpus.c
 create mode 100644 target/i386/hvf/hvf-cpus.h

diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 067dae12eb..adc20eb3de 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -33,7 +33,6 @@
 #include "exec/gdbstub.h"
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
-#include "sysemu/hvf.h"
 #include "exec/exec-all.h"
 #include "qemu/thread.h"
 #include "qemu/plugin.h"
@@ -198,9 +197,6 @@ void cpu_synchronize_pre_loadvm(CPUState *cpu)
 if (cpus_accel && cpus_accel->synchronize_pre_loadvm) {
 cpus_accel->synchronize_pre_loadvm(cpu);
 }
-if (hvf_enabled()) {
-hvf_cpu_synchronize_pre_loadvm(cpu);
-}
 }
 
 int64_t cpus_get_virtual_clock(void)
@@ -390,48 +386,6 @@ void qemu_wait_io_event(CPUState *cpu)
 qemu_wait_io_event_common(cpu);
 }
 
-/* The HVF-specific vCPU thread function. This one should only run when the 
host
- * CPU supports the VMX "unrestricted guest" feature. */
-static void *qemu_hvf_cpu_thread_fn(void *arg)
-{
-CPUState *cpu = arg;
-
-int r;
-
-assert(hvf_enabled());
-
-rcu_register_thread();
-
-qemu_mutex_lock_iothread();
-qemu_thread_get_self(cpu->thread);
-
-cpu->thread_id = qemu_get_thread_id();
-cpu->can_do_io = 1;
-current_cpu = cpu;
-
-hvf_init_vcpu(cpu);
-
-/* signal CPU creation */
-cpu_thread_signal_created(cpu);
-qemu_guest_random_seed_thread_part2(cpu->random_seed);
-
-do {
-if (cpu_can_run(cpu)) {
-r = hvf_vcpu_exec(cpu);
-if (r == EXCP_DEBUG) {
-cpu_handle_guest_debug(cpu);
-}
-}
-qemu_wait_io_event(cpu);
-} while (!cpu->unplug || cpu_can_run(cpu));
-
-hvf_vcpu_destroy(cpu);
-cpu_thread_signal_destroyed(cpu);
-qemu_mutex_unlock_iothread();
-rcu_unregister_thread();
-return NULL;
-}
-
 void cpus_kick_thread(CPUState *cpu)
 {
 #ifndef _WIN32
@@ -602,24 +556,6 @@ void cpu_remove_sync(CPUState *cpu)
 qemu_mutex_lock_iothread();
 }
 
-static void qemu_hvf_start_vcpu(CPUState *cpu)
-{
-char thread_name[VCPU_THREAD_NAME_SIZE];
-
-/* HVF currently does not support TCG, and only runs in
- * unrestricted-guest mode. */
-assert(hvf_enabled());
-
-cpu->thread = g_malloc0(sizeof(QemuThread));
-cpu->halt_cond = g_malloc0(sizeof(QemuCond));
-qemu_cond_init(cpu->halt_cond);
-
-snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HVF",
- cpu->cpu_index);
-qemu_thread_create(cpu->thread, thread_name, qemu_hvf_cpu_thread_fn,
-   cpu, QEMU_THREAD_JOINABLE);
-}
-
 void cpus_register_accel(const CpusAccel *ca)
 {
 assert(ca != NULL);
@@ -647,8 +583,6 @@ void qemu_init_vcpu(CPUState *cpu)
 if (cpus_accel) {
 /* accelerator already implements the CpusAccel interface */
 cpus_accel->create_vcpu_thread(cpu);
-} else if (hvf_enabled()) {
-qemu_hvf_start_vcpu(cpu);
 } else {
 g_assert_not_reached();
 }
diff --git a/target/i386/hvf/hvf-cpus.c b/target/i386/hvf/hvf-cpus.c
new file mode 100644
index 00..817b3d7452
--- /dev/null
+++ b/target/i386/hvf/hvf-cpus.c
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2008 IBM Corporation
+ *   2008 Red Hat, Inc.
+ * Copyright 2011 Intel Corporation
+ * Copyright 2016 Veertu, Inc.
+ * Copyright 2017 The Android Open Source Project
+ *
+ * QEMU Hypervisor.framework support
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ *
+ * This file contain code under public domain from the hvdos project:
+ * https://github.com/mist64/hvdos
+ *
+ * Parts Copyright (c) 2011 NetApp, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice

[PULL 04/37] cpus: extract out TCG-specific code to accel/tcg

[Paolo Bonzini]

From: Claudio Fontana 

TCG is the first accelerator to register a "CpusAccel" interface
on initialization, providing functions for starting a vcpu,
kicking a vcpu, sychronizing state and getting virtual clock
and ticks.

Signed-off-by: Claudio Fontana 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
[added const]
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
---
 accel/tcg/meson.build |   2 +-
 accel/tcg/tcg-all.c   |  11 +-
 accel/tcg/tcg-cpus.c  | 551 ++
 accel/tcg/tcg-cpus.h  |  17 ++
 softmmu/cpus.c| 505 +-
 5 files changed, 576 insertions(+), 510 deletions(-)
 create mode 100644 accel/tcg/tcg-cpus.c
 create mode 100644 accel/tcg/tcg-cpus.h

diff --git a/accel/tcg/meson.build b/accel/tcg/meson.build
index 96a76ed23d..19b9343d5b 100644
--- a/accel/tcg/meson.build
+++ b/accel/tcg/meson.build
@@ -12,4 +12,4 @@ tcg_ss.add(when: 'CONFIG_SOFTMMU', if_false: 
files('user-exec-stub.c'))
 tcg_ss.add(when: 'CONFIG_PLUGIN', if_true: [files('plugin-gen.c'), libdl])
 specific_ss.add_all(when: 'CONFIG_TCG', if_true: tcg_ss)
 
-specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TCG'], if_true: 
files('tcg-all.c', 'cputlb.c'))
+specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TCG'], if_true: 
files('tcg-all.c', 'cputlb.c', 'tcg-cpus.c'))
diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c
index 2d13df3f72..000fe4dbd9 100644
--- a/accel/tcg/tcg-all.c
+++ b/accel/tcg/tcg-all.c
@@ -24,18 +24,15 @@
  */
 
 #include "qemu/osdep.h"
-#include "sysemu/accel.h"
+#include "qemu-common.h"
 #include "sysemu/tcg.h"
-#include "qom/object.h"
-#include "cpu.h"
-#include "sysemu/cpus.h"
 #include "sysemu/cpu-timers.h"
-#include "qemu/main-loop.h"
 #include "tcg/tcg.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
 #include "hw/boards.h"
 #include "qapi/qapi-builtin-visit.h"
+#include "tcg-cpus.h"
 
 struct TCGState {
 AccelState parent_obj;
@@ -124,6 +121,8 @@ static void tcg_accel_instance_init(Object *obj)
 s->mttcg_enabled = default_mttcg_enabled();
 }
 
+bool mttcg_enabled;
+
 static int tcg_init(MachineState *ms)
 {
 TCGState *s = TCG_STATE(current_accel());
@@ -131,6 +130,8 @@ static int tcg_init(MachineState *ms)
 tcg_exec_init(s->tb_size * 1024 * 1024);
 cpu_interrupt_handler = tcg_handle_interrupt;
 mttcg_enabled = s->mttcg_enabled;
+cpus_register_accel(&tcg_cpus);
+
 return 0;
 }
 
diff --git a/accel/tcg/tcg-cpus.c b/accel/tcg/tcg-cpus.c
new file mode 100644
index 00..4f15c7f0de
--- /dev/null
+++ b/accel/tcg/tcg-cpus.c
@@ -0,0 +1,551 @@
+/*
+ * QEMU System Emulator
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ * Copyright (c) 2014 Red Hat Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "sysemu/tcg.h"
+#include "sysemu/replay.h"
+#include "qemu/main-loop.h"
+#include "qemu/guest-random.h"
+#include "exec/exec-all.h"
+#include "hw/boards.h"
+
+#include "tcg-cpus.h"
+
+/* Kick all RR vCPUs */
+static void qemu_cpu_kick_rr_cpus(void)
+{
+CPUState *cpu;
+
+CPU_FOREACH(cpu) {
+cpu_exit(cpu);
+};
+}
+
+static void tcg_kick_vcpu_thread(CPUState *cpu)
+{
+if (qemu_tcg_mttcg_enabled()) {
+cpu_exit(cpu);
+} else {
+qemu_cpu_kick_rr_cpus();
+}
+}
+
+/*
+ * TCG vCPU kick timer
+ *
+ * The kick timer is responsible for moving single threaded vCPU
+ * emulation on to the next vCPU. If more than one vCPU is running a
+ * timer event with force a cpu->exit so the next vCPU can get
+ * scheduled.
+ *
+ * The timer is removed if all vCPUs are idle and restarted again once
+ * idleness is complete.
+ */
+
+static QEMUTimer *tcg_kick_vcpu_timer;
+static CPUState *tcg_current_rr_cpu;
+
+#define TCG_KICK_PERIOD (NANOSECONDS_PER_SECOND / 10)
+
+static inline int64_t qe

[PULL 23/37] configure: don't enable ASLR for --enable-debug Windows builds

[Paolo Bonzini]

From: Mark Cave-Ayland 

Unlike other OSs it is not possible for gdb to temporarily disable ASLR when
debugging executables on Windows which causes gdb to fail with memory access
errors when trying to debug QEMU.

Keep ASLR enabled by default on Windows via the --dynamicbase compiler flag
except for --enable-debug builds when there is a clear expectation that a
functioning gdb is expected at the cost of slightly less security.

Signed-off-by: Mark Cave-Ayland 
Message-Id: <20201005133434.12614-1-mark.cave-ayl...@ilande.co.uk>
Signed-off-by: Paolo Bonzini 
---
 configure | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index 04c8cc017c..28df227db5 100755
--- a/configure
+++ b/configure
@@ -5882,7 +5882,14 @@ fi
 
 # Use ASLR, no-SEH and DEP if available
 if test "$mingw32" = "yes" ; then
-for flag in --dynamicbase --no-seh --nxcompat; do
+flags="--no-seh --nxcompat"
+
+# Disable ASLR for debug builds to allow debugging with gdb
+if test "$debug" = "no" ; then
+flags="--dynamicbase $flags"
+fi
+
+for flag in $flags; do
 if ld_has $flag ; then
 QEMU_LDFLAGS="-Wl,$flag $QEMU_LDFLAGS"
 fi
-- 
2.26.2

[PULL 07/37] cpus: extract out hax-specific code to target/i386/

[Paolo Bonzini]

From: Claudio Fontana 

register a "CpusAccel" interface for HAX as well.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 softmmu/cpus.c| 80 +---
 target/i386/hax-all.c |  6 ++-
 target/i386/hax-cpus.c| 85 +++
 target/i386/hax-cpus.h| 17 
 target/i386/hax-i386.h|  2 +
 target/i386/hax-posix.c   | 12 ++
 target/i386/hax-windows.c | 20 +
 target/i386/meson.build   |  9 -
 8 files changed, 149 insertions(+), 82 deletions(-)
 create mode 100644 target/i386/hax-cpus.c
 create mode 100644 target/i386/hax-cpus.h

diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 9fa73735a2..900fff827a 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -33,7 +33,6 @@
 #include "exec/gdbstub.h"
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
-#include "sysemu/hax.h"
 #include "sysemu/hvf.h"
 #include "sysemu/whpx.h"
 #include "exec/exec-all.h"
@@ -179,9 +178,6 @@ void cpu_synchronize_state(CPUState *cpu)
 if (cpus_accel && cpus_accel->synchronize_state) {
 cpus_accel->synchronize_state(cpu);
 }
-if (hax_enabled()) {
-hax_cpu_synchronize_state(cpu);
-}
 if (whpx_enabled()) {
 whpx_cpu_synchronize_state(cpu);
 }
@@ -192,9 +188,6 @@ void cpu_synchronize_post_reset(CPUState *cpu)
 if (cpus_accel && cpus_accel->synchronize_post_reset) {
 cpus_accel->synchronize_post_reset(cpu);
 }
-if (hax_enabled()) {
-hax_cpu_synchronize_post_reset(cpu);
-}
 if (whpx_enabled()) {
 whpx_cpu_synchronize_post_reset(cpu);
 }
@@ -205,9 +198,6 @@ void cpu_synchronize_post_init(CPUState *cpu)
 if (cpus_accel && cpus_accel->synchronize_post_init) {
 cpus_accel->synchronize_post_init(cpu);
 }
-if (hax_enabled()) {
-hax_cpu_synchronize_post_init(cpu);
-}
 if (whpx_enabled()) {
 whpx_cpu_synchronize_post_init(cpu);
 }
@@ -218,9 +208,6 @@ void cpu_synchronize_pre_loadvm(CPUState *cpu)
 if (cpus_accel && cpus_accel->synchronize_pre_loadvm) {
 cpus_accel->synchronize_pre_loadvm(cpu);
 }
-if (hax_enabled()) {
-hax_cpu_synchronize_pre_loadvm(cpu);
-}
 if (hvf_enabled()) {
 hvf_cpu_synchronize_pre_loadvm(cpu);
 }
@@ -416,35 +403,6 @@ void qemu_wait_io_event(CPUState *cpu)
 qemu_wait_io_event_common(cpu);
 }
 
-static void *qemu_hax_cpu_thread_fn(void *arg)
-{
-CPUState *cpu = arg;
-int r;
-
-rcu_register_thread();
-qemu_mutex_lock_iothread();
-qemu_thread_get_self(cpu->thread);
-
-cpu->thread_id = qemu_get_thread_id();
-current_cpu = cpu;
-hax_init_vcpu(cpu);
-cpu_thread_signal_created(cpu);
-qemu_guest_random_seed_thread_part2(cpu->random_seed);
-
-do {
-if (cpu_can_run(cpu)) {
-r = hax_smp_cpu_exec(cpu);
-if (r == EXCP_DEBUG) {
-cpu_handle_guest_debug(cpu);
-}
-}
-
-qemu_wait_io_event(cpu);
-} while (!cpu->unplug || cpu_can_run(cpu));
-rcu_unregister_thread();
-return NULL;
-}
-
 /* The HVF-specific vCPU thread function. This one should only run when the 
host
  * CPU supports the VMX "unrestricted guest" feature. */
 static void *qemu_hvf_cpu_thread_fn(void *arg)
@@ -529,12 +487,6 @@ static void *qemu_whpx_cpu_thread_fn(void *arg)
 return NULL;
 }
 
-#ifdef _WIN32
-static void CALLBACK dummy_apc_func(ULONG_PTR unused)
-{
-}
-#endif
-
 void cpus_kick_thread(CPUState *cpu)
 {
 #ifndef _WIN32
@@ -553,10 +505,6 @@ void cpus_kick_thread(CPUState *cpu)
 if (!qemu_cpu_is_self(cpu)) {
 if (whpx_enabled()) {
 whpx_vcpu_kick(cpu);
-} else if (!QueueUserAPC(dummy_apc_func, cpu->hThread, 0)) {
-fprintf(stderr, "%s: QueueUserAPC failed with error %lu\n",
-__func__, GetLastError());
-exit(1);
 }
 }
 #endif
@@ -567,14 +515,7 @@ void qemu_cpu_kick(CPUState *cpu)
 qemu_cond_broadcast(cpu->halt_cond);
 if (cpus_accel && cpus_accel->kick_vcpu_thread) {
 cpus_accel->kick_vcpu_thread(cpu);
-} else {
-if (hax_enabled()) {
-/*
- * FIXME: race condition with the exit_request check in
- * hax_vcpu_hax_exec
- */
-cpu->exit_request = 1;
-}
+} else { /* default */
 cpus_kick_thread(cpu);
 }
 }
@@ -722,23 +663,6 @@ void cpu_remove_sync(CPUState *cpu)
 qemu_mutex_lock_iothread();
 }
 
-static void qemu_hax_start_vcpu(CPUState *cpu)
-{
-char thread_name[VCPU_THREAD_NAME_SIZE];
-
-cpu->thread = g_malloc0(sizeof(QemuThread));
-cpu->halt_cond = g_malloc0(sizeof(QemuCond));
-qemu_cond_init(cpu->halt_cond);
-
-snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HAX",
- cpu->cpu_index);
-qemu_thread_create(cpu->thread, thread_name, qemu_hax_cpu_thread_fn,
- 

[PULL 15/37] hax: remove hax specific functions from global includes

[Paolo Bonzini]

From: Claudio Fontana 

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 accel/stubs/hax-stub.c| 10 --
 include/sysemu/hax.h  | 17 -
 target/i386/hax-all.c |  1 -
 target/i386/hax-cpus.c|  1 -
 target/i386/hax-cpus.h| 16 
 target/i386/hax-mem.c |  2 +-
 target/i386/hax-posix.c   |  3 +--
 target/i386/hax-windows.c |  2 +-
 target/i386/hax-windows.h |  2 ++
 9 files changed, 21 insertions(+), 33 deletions(-)

diff --git a/accel/stubs/hax-stub.c b/accel/stubs/hax-stub.c
index 7ad190cae2..1a9da83185 100644
--- a/accel/stubs/hax-stub.c
+++ b/accel/stubs/hax-stub.c
@@ -21,13 +21,3 @@ int hax_sync_vcpus(void)
 {
 return 0;
 }
-
-int hax_init_vcpu(CPUState *cpu)
-{
-return -ENOSYS;
-}
-
-int hax_smp_cpu_exec(CPUState *cpu)
-{
-return -ENOSYS;
-}
diff --git a/include/sysemu/hax.h b/include/sysemu/hax.h
index 9b27e65cc7..12fb54f990 100644
--- a/include/sysemu/hax.h
+++ b/include/sysemu/hax.h
@@ -22,29 +22,12 @@
 #ifndef QEMU_HAX_H
 #define QEMU_HAX_H
 
-
 int hax_sync_vcpus(void);
-int hax_init_vcpu(CPUState *cpu);
-int hax_smp_cpu_exec(CPUState *cpu);
-int hax_populate_ram(uint64_t va, uint64_t size);
-
-void hax_cpu_synchronize_state(CPUState *cpu);
-void hax_cpu_synchronize_post_reset(CPUState *cpu);
-void hax_cpu_synchronize_post_init(CPUState *cpu);
-void hax_cpu_synchronize_pre_loadvm(CPUState *cpu);
 
 #ifdef CONFIG_HAX
 
 int hax_enabled(void);
 
-#include "qemu/bitops.h"
-#include "exec/memory.h"
-int hax_vcpu_destroy(CPUState *cpu);
-void hax_raise_event(CPUState *cpu);
-void hax_reset_vcpu_state(void *opaque);
-#include "target/i386/hax-interface.h"
-#include "target/i386/hax-i386.h"
-
 #else /* CONFIG_HAX */
 
 #define hax_enabled() (0)
diff --git a/target/i386/hax-all.c b/target/i386/hax-all.c
index fd1ab673d7..fecfe8cd6e 100644
--- a/target/i386/hax-all.c
+++ b/target/i386/hax-all.c
@@ -28,7 +28,6 @@
 #include "exec/address-spaces.h"
 
 #include "qemu-common.h"
-#include "hax-i386.h"
 #include "sysemu/accel.h"
 #include "sysemu/reset.h"
 #include "sysemu/runstate.h"
diff --git a/target/i386/hax-cpus.c b/target/i386/hax-cpus.c
index 9aad98bc7a..99770e590c 100644
--- a/target/i386/hax-cpus.c
+++ b/target/i386/hax-cpus.c
@@ -22,7 +22,6 @@
 #include "qemu/osdep.h"
 #include "qemu/error-report.h"
 #include "qemu/main-loop.h"
-#include "hax-i386.h"
 #include "sysemu/runstate.h"
 #include "sysemu/cpus.h"
 #include "qemu/guest-random.h"
diff --git a/target/i386/hax-cpus.h b/target/i386/hax-cpus.h
index a64417fe2d..ee8ab7a631 100644
--- a/target/i386/hax-cpus.h
+++ b/target/i386/hax-cpus.h
@@ -14,4 +14,20 @@
 
 extern const CpusAccel hax_cpus;
 
+#include "hax-interface.h"
+#include "hax-i386.h"
+
+int hax_init_vcpu(CPUState *cpu);
+int hax_smp_cpu_exec(CPUState *cpu);
+int hax_populate_ram(uint64_t va, uint64_t size);
+
+void hax_cpu_synchronize_state(CPUState *cpu);
+void hax_cpu_synchronize_post_reset(CPUState *cpu);
+void hax_cpu_synchronize_post_init(CPUState *cpu);
+void hax_cpu_synchronize_pre_loadvm(CPUState *cpu);
+
+int hax_vcpu_destroy(CPUState *cpu);
+void hax_raise_event(CPUState *cpu);
+void hax_reset_vcpu_state(void *opaque);
+
 #endif /* HAX_CPUS_H */
diff --git a/target/i386/hax-mem.c b/target/i386/hax-mem.c
index 6bb5a24917..71e637cf16 100644
--- a/target/i386/hax-mem.c
+++ b/target/i386/hax-mem.c
@@ -13,7 +13,7 @@
 #include "exec/address-spaces.h"
 #include "qemu/error-report.h"
 
-#include "target/i386/hax-i386.h"
+#include "hax-cpus.h"
 #include "qemu/queue.h"
 
 #define DEBUG_HAX_MEM 0
diff --git a/target/i386/hax-posix.c b/target/i386/hax-posix.c
index 6fb7867d11..735a749d4b 100644
--- a/target/i386/hax-posix.c
+++ b/target/i386/hax-posix.c
@@ -14,9 +14,8 @@
 #include "qemu/osdep.h"
 #include 
 
-#include "target/i386/hax-i386.h"
-
 #include "sysemu/cpus.h"
+#include "hax-cpus.h"
 
 hax_fd hax_mod_open(void)
 {
diff --git a/target/i386/hax-windows.c b/target/i386/hax-windows.c
index 469b48e608..6c82dfb54f 100644
--- a/target/i386/hax-windows.c
+++ b/target/i386/hax-windows.c
@@ -12,7 +12,7 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
-#include "hax-i386.h"
+#include "hax-cpus.h"
 
 /*
  * return 0 when success, -1 when driver not loaded,
diff --git a/target/i386/hax-windows.h b/target/i386/hax-windows.h
index 12cbd813dc..a5ce12d663 100644
--- a/target/i386/hax-windows.h
+++ b/target/i386/hax-windows.h
@@ -23,6 +23,8 @@
 #include 
 #include 
 
+#include "hax-cpus.h"
+
 #define HAX_INVALID_FD INVALID_HANDLE_VALUE
 
 static inline void hax_mod_close(struct hax_state *hax)
-- 
2.26.2

[PULL 01/37] cpu-timers, icount: new modules

[Paolo Bonzini]

From: Claudio Fontana 

refactoring of cpus.c continues with cpu timer state extraction.

cpu-timers: responsible for the softmmu cpu timers state,
including cpu clocks and ticks.

icount: counts the TCG instructions executed. As such it is specific to
the TCG accelerator. Therefore, it is built only under CONFIG_TCG.

One complication is due to qtest, which uses an icount field to warp time
as part of qtest (qtest_clock_warp).

In order to solve this problem, provide a separate counter for qtest.

This requires fixing assumptions scattered in the code that
qtest_enabled() implies icount_enabled(), checking each specific case.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
[remove redundant initialization with qemu_spice_init]
Reviewed-by: Alex Bennée 
[fix lingering calls to icount_get]
Signed-off-by: Claudio Fontana 
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS  |   2 +
 accel/qtest.c|   6 +-
 accel/tcg/cpu-exec.c |  39 +-
 accel/tcg/tcg-all.c  |   7 +-
 accel/tcg/translate-all.c|   3 +-
 dma-helpers.c|   4 +-
 exec.c   |   4 -
 hw/core/ptimer.c |   8 +-
 hw/i386/x86.c|   1 +
 include/exec/cpu-all.h   |   4 +
 include/exec/exec-all.h  |   4 +-
 include/qemu/timer.h |  24 +-
 include/sysemu/cpu-timers.h  |  87 
 include/sysemu/cpus.h|  12 +-
 include/sysemu/qtest.h   |   2 +
 replay/replay.c  |   4 +-
 softmmu/cpu-timers.c | 284 +
 softmmu/cpus.c   | 744 +--
 softmmu/icount.c | 492 +++
 softmmu/meson.build  |  10 +-
 softmmu/qtest.c  |  34 +-
 softmmu/timers-state.h   |  69 
 softmmu/vl.c |   6 +-
 stubs/clock-warp.c   |   7 -
 stubs/cpu-get-clock.c|   3 +-
 stubs/cpu-get-icount.c   |  16 -
 stubs/icount.c   |  45 +++
 stubs/meson.build|   4 +-
 stubs/qemu-timer-notify-cb.c |   2 +-
 stubs/qtest.c|   5 +
 target/alpha/translate.c |   3 +-
 target/arm/helper.c  |   3 +-
 target/riscv/csr.c   |   4 +-
 tests/ptimer-test-stubs.c|   5 +-
 tests/test-timed-average.c   |   2 +-
 util/main-loop.c |  12 +-
 util/qemu-timer.c|  10 +-
 37 files changed, 1128 insertions(+), 843 deletions(-)
 create mode 100644 include/sysemu/cpu-timers.h
 create mode 100644 softmmu/cpu-timers.c
 create mode 100644 softmmu/icount.c
 create mode 100644 softmmu/timers-state.h
 delete mode 100644 stubs/clock-warp.c
 delete mode 100644 stubs/cpu-get-icount.c
 create mode 100644 stubs/icount.c

diff --git a/MAINTAINERS b/MAINTAINERS
index b76fb31861..a59be84de6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2321,6 +2321,8 @@ F: softmmu/vl.c
 F: softmmu/main.c
 F: softmmu/cpus.c
 F: softmmu/cpu-throttle.c
+F: softmmu/cpu-timers.c
+F: softmmu/icount.c
 F: qapi/run-state.json
 
 Read, Copy, Update (RCU)
diff --git a/accel/qtest.c b/accel/qtest.c
index 5b88f55921..119d0f16a4 100644
--- a/accel/qtest.c
+++ b/accel/qtest.c
@@ -19,14 +19,10 @@
 #include "sysemu/accel.h"
 #include "sysemu/qtest.h"
 #include "sysemu/cpus.h"
+#include "sysemu/cpu-timers.h"
 
 static int qtest_init_accel(MachineState *ms)
 {
-QemuOpts *opts = qemu_opts_create(qemu_find_opts("icount"), NULL, 0,
-  &error_abort);
-qemu_opt_set(opts, "shift", "0", &error_abort);
-configure_icount(opts, &error_abort);
-qemu_opts_del(opts);
 return 0;
 }
 
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index e10b46283c..35bfe2ca92 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -19,6 +19,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu-common.h"
+#include "qemu/qemu-print.h"
 #include "cpu.h"
 #include "trace.h"
 #include "disas/disas.h"
@@ -36,6 +37,8 @@
 #include "hw/i386/apic.h"
 #endif
 #include "sysemu/cpus.h"
+#include "exec/cpu-all.h"
+#include "sysemu/cpu-timers.h"
 #include "sysemu/replay.h"
 
 /* -icount align implementation. */
@@ -56,6 +59,9 @@ typedef struct SyncClocks {
 #define MAX_DELAY_PRINT_RATE 20LL
 #define MAX_NB_PRINTS 100
 
+static int64_t max_delay;
+static int64_t max_advance;
+
 static void align_clocks(SyncClocks *sc, CPUState *cpu)
 {
 int64_t cpu_icount;
@@ -98,9 +104,9 @@ static void print_delay(const SyncClocks *sc)
 (-sc->diff_clk / (float)10LL <
  (threshold_delay - THRESHOLD_REDUCE))) {
 threshold_delay = (-sc->diff_clk / 10LL) + 1;
-printf("Warning: The guest is now late by %.1f to %.1f seconds\n",
-   threshold_delay - 1,
-   threshold_delay);
+qemu_printf("Warning: The guest is now late by %.1f to %.1f 
seconds\n",
+threshold_delay - 1,
+threshold_delay);
 nb_prin

[PULL 18/37] accel/tcg: use current_machine as it is always set for softmmu

[Paolo Bonzini]

From: Claudio Fontana 

current_machine is always set before accelerators are initialized,
so use that instead of MACHINE(qdev_get_machine()).

Signed-off-by: Claudio Fontana 
Signed-off-by: Paolo Bonzini 
---
 accel/tcg/tcg-cpus.c | 11 +--
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/accel/tcg/tcg-cpus.c b/accel/tcg/tcg-cpus.c
index cedd1e6c4f..da1c63d8f6 100644
--- a/accel/tcg/tcg-cpus.c
+++ b/accel/tcg/tcg-cpus.c
@@ -479,16 +479,7 @@ static void tcg_start_vcpu_thread(CPUState *cpu)
 if (!tcg_region_inited) {
 tcg_region_inited = 1;
 tcg_region_init();
-/*
- * If MTTCG, and we will create multiple cpus,
- * then we will have cpus running in parallel.
- */
-if (qemu_tcg_mttcg_enabled()) {
-MachineState *ms = MACHINE(qdev_get_machine());
-if (ms->smp.max_cpus > 1) {
-parallel_cpus = true;
-}
-}
+parallel_cpus = qemu_tcg_mttcg_enabled() && 
current_machine->smp.max_cpus > 1;
 }
 
 if (qemu_tcg_mttcg_enabled() || !single_tcg_cpu_thread) {
-- 
2.26.2

[PULL 32/37] replay: flush rr queue before loading the vmstate

[Paolo Bonzini]

From: Pavel Dovgalyuk 

Non-empty record/replay queue prevents saving and loading the VM state,
because it includes pending bottom halves and block coroutines.
But when the new VM state is loaded, we don't have to preserve the consistency
of the current state anymore. Therefore this patch just flushes the queue
allowing the coroutines to finish and removes checking for empty rr queue
for load_snapshot function.

Signed-off-by: Pavel Dovgalyuk 
Reviewed-by: Alex Bennée 
Message-Id: <160174521762.12451.15752448887893855757.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini 
---
 include/sysemu/replay.h  |  2 ++
 migration/savevm.c   | 12 ++--
 replay/replay-events.c   |  4 
 replay/replay-internal.h |  2 --
 4 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index d6026ed8e5..c486c3afb2 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -149,6 +149,8 @@ void replay_disable_events(void);
 void replay_enable_events(void);
 /*! Returns true when saving events is enabled */
 bool replay_events_enabled(void);
+/* Flushes events queue */
+void replay_flush_events(void);
 /*! Adds bottom half event to the queue */
 void replay_bh_schedule_event(QEMUBH *bh);
 /* Adds oneshot bottom half event to the queue */
diff --git a/migration/savevm.c b/migration/savevm.c
index 0e8dc78684..d2e141f7b1 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -2881,12 +2881,6 @@ int load_snapshot(const char *name, Error **errp)
 AioContext *aio_context;
 MigrationIncomingState *mis = migration_incoming_get_current();
 
-if (!replay_can_snapshot()) {
-error_setg(errp, "Record/replay does not allow loading snapshot "
-   "right now. Try once more later.");
-return -EINVAL;
-}
-
 if (!bdrv_all_can_snapshot(&bs)) {
 error_setg(errp,
"Device '%s' is writable but does not support snapshots",
@@ -2920,6 +2914,12 @@ int load_snapshot(const char *name, Error **errp)
 return -EINVAL;
 }
 
+/*
+ * Flush the record/replay queue. Now the VM state is going
+ * to change. Therefore we don't need to preserve its consistency
+ */
+replay_flush_events();
+
 /* Flush all IO requests so they don't interfere with the new state.  */
 bdrv_drain_all_begin();
 
diff --git a/replay/replay-events.c b/replay/replay-events.c
index 302b84043a..a1c6bb934e 100644
--- a/replay/replay-events.c
+++ b/replay/replay-events.c
@@ -77,6 +77,10 @@ bool replay_has_events(void)
 
 void replay_flush_events(void)
 {
+if (replay_mode == REPLAY_MODE_NONE) {
+return;
+}
+
 g_assert(replay_mutex_locked());
 
 while (!QTAILQ_EMPTY(&events_list)) {
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index 2f6145ec7c..97649ed8d7 100644
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -149,8 +149,6 @@ void replay_read_next_clock(unsigned int kind);
 void replay_init_events(void);
 /*! Clears internal data structures for events handling */
 void replay_finish_events(void);
-/*! Flushes events queue */
-void replay_flush_events(void);
 /*! Returns true if there are any unsaved events in the queue */
 bool replay_has_events(void);
 /*! Saves events from queue into the file */
-- 
2.26.2

[PULL 11/37] cpus: remove checks for non-NULL cpus_accel

[Paolo Bonzini]

From: Claudio Fontana 

now that all accelerators support the CpusAccel interface,
we can remove most checks for non-NULL cpus_accel,
we just add a sanity check/assert at vcpu creation.

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 softmmu/cpus.c | 33 +
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 1180103ede..99f418437b 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -166,34 +166,46 @@ void cpu_synchronize_all_pre_loadvm(void)
 
 void cpu_synchronize_state(CPUState *cpu)
 {
-if (cpus_accel && cpus_accel->synchronize_state) {
+if (cpus_accel->synchronize_state) {
 cpus_accel->synchronize_state(cpu);
 }
 }
 
 void cpu_synchronize_post_reset(CPUState *cpu)
 {
-if (cpus_accel && cpus_accel->synchronize_post_reset) {
+if (cpus_accel->synchronize_post_reset) {
 cpus_accel->synchronize_post_reset(cpu);
 }
 }
 
 void cpu_synchronize_post_init(CPUState *cpu)
 {
-if (cpus_accel && cpus_accel->synchronize_post_init) {
+if (cpus_accel->synchronize_post_init) {
 cpus_accel->synchronize_post_init(cpu);
 }
 }
 
 void cpu_synchronize_pre_loadvm(CPUState *cpu)
 {
-if (cpus_accel && cpus_accel->synchronize_pre_loadvm) {
+if (cpus_accel->synchronize_pre_loadvm) {
 cpus_accel->synchronize_pre_loadvm(cpu);
 }
 }
 
 int64_t cpus_get_virtual_clock(void)
 {
+/*
+ * XXX
+ *
+ * need to check that cpus_accel is not NULL, because qcow2 calls
+ * qemu_get_clock_ns(CLOCK_VIRTUAL) without any accel initialized and
+ * with ticks disabled in some io-tests:
+ * 030 040 041 060 099 120 127 140 156 161 172 181 191 192 195 203 229 249 
256 267
+ *
+ * is this expected?
+ *
+ * XXX
+ */
 if (cpus_accel && cpus_accel->get_virtual_clock) {
 return cpus_accel->get_virtual_clock();
 }
@@ -207,7 +219,7 @@ int64_t cpus_get_virtual_clock(void)
  */
 int64_t cpus_get_elapsed_ticks(void)
 {
-if (cpus_accel && cpus_accel->get_elapsed_ticks) {
+if (cpus_accel->get_elapsed_ticks) {
 return cpus_accel->get_elapsed_ticks();
 }
 return cpu_get_ticks();
@@ -399,7 +411,7 @@ void cpus_kick_thread(CPUState *cpu)
 void qemu_cpu_kick(CPUState *cpu)
 {
 qemu_cond_broadcast(cpu->halt_cond);
-if (cpus_accel && cpus_accel->kick_vcpu_thread) {
+if (cpus_accel->kick_vcpu_thread) {
 cpus_accel->kick_vcpu_thread(cpu);
 } else { /* default */
 cpus_kick_thread(cpu);
@@ -573,12 +585,9 @@ void qemu_init_vcpu(CPUState *cpu)
 cpu_address_space_init(cpu, 0, "cpu-memory", cpu->memory);
 }
 
-if (cpus_accel) {
-/* accelerator already implements the CpusAccel interface */
-cpus_accel->create_vcpu_thread(cpu);
-} else {
-g_assert_not_reached();
-}
+/* accelerators all implement the CpusAccel interface */
+g_assert(cpus_accel != NULL && cpus_accel->create_vcpu_thread != NULL);
+cpus_accel->create_vcpu_thread(cpu);
 
 while (!cpu->created) {
 qemu_cond_wait(&qemu_cpu_cond, &qemu_global_mutex);
-- 
2.26.2

[PULL 06/37] cpus: extract out kvm-specific code to accel/kvm

[Paolo Bonzini]

From: Claudio Fontana 

register a "CpusAccel" interface for KVM as well.

Signed-off-by: Claudio Fontana 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
[added const]
Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c| 14 ++-
 accel/kvm/kvm-cpus.c   | 88 ++
 accel/kvm/kvm-cpus.h   | 17 
 accel/kvm/meson.build  |  5 ++-
 accel/stubs/kvm-stub.c |  3 +-
 include/sysemu/kvm.h   |  2 +-
 softmmu/cpus.c | 77 
 7 files changed, 124 insertions(+), 82 deletions(-)
 create mode 100644 accel/kvm/kvm-cpus.c
 create mode 100644 accel/kvm/kvm-cpus.h

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index e4bbf78366..784e9dad55 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -44,6 +44,9 @@
 #include "qapi/qapi-types-common.h"
 #include "qapi/qapi-visit-common.h"
 #include "sysemu/reset.h"
+#include "qemu/guest-random.h"
+#include "sysemu/hw_accel.h"
+#include "kvm-cpus.h"
 
 #include "hw/boards.h"
 
@@ -378,7 +381,7 @@ err:
 return ret;
 }
 
-int kvm_destroy_vcpu(CPUState *cpu)
+static int do_kvm_destroy_vcpu(CPUState *cpu)
 {
 KVMState *s = kvm_state;
 long mmap_size;
@@ -412,6 +415,14 @@ err:
 return ret;
 }
 
+void kvm_destroy_vcpu(CPUState *cpu)
+{
+if (do_kvm_destroy_vcpu(cpu) < 0) {
+error_report("kvm_destroy_vcpu failed");
+exit(EXIT_FAILURE);
+}
+}
+
 static int kvm_get_vcpu(KVMState *s, unsigned long vcpu_id)
 {
 struct KVMParkedVcpu *cpu;
@@ -2232,6 +2243,7 @@ static int kvm_init(MachineState *ms)
 assert(!ret);
 }
 
+cpus_register_accel(&kvm_cpus);
 return 0;
 
 err:
diff --git a/accel/kvm/kvm-cpus.c b/accel/kvm/kvm-cpus.c
new file mode 100644
index 00..a120601564
--- /dev/null
+++ b/accel/kvm/kvm-cpus.c
@@ -0,0 +1,88 @@
+/*
+ * QEMU KVM support
+ *
+ * Copyright IBM, Corp. 2008
+ *   Red Hat, Inc. 2008
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *  Glauber Costa 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "sysemu/kvm_int.h"
+#include "sysemu/runstate.h"
+#include "sysemu/cpus.h"
+#include "qemu/guest-random.h"
+
+#include "kvm-cpus.h"
+
+static void *kvm_vcpu_thread_fn(void *arg)
+{
+CPUState *cpu = arg;
+int r;
+
+rcu_register_thread();
+
+qemu_mutex_lock_iothread();
+qemu_thread_get_self(cpu->thread);
+cpu->thread_id = qemu_get_thread_id();
+cpu->can_do_io = 1;
+current_cpu = cpu;
+
+r = kvm_init_vcpu(cpu);
+if (r < 0) {
+error_report("kvm_init_vcpu failed: %s", strerror(-r));
+exit(1);
+}
+
+kvm_init_cpu_signals(cpu);
+
+/* signal CPU creation */
+cpu_thread_signal_created(cpu);
+qemu_guest_random_seed_thread_part2(cpu->random_seed);
+
+do {
+if (cpu_can_run(cpu)) {
+r = kvm_cpu_exec(cpu);
+if (r == EXCP_DEBUG) {
+cpu_handle_guest_debug(cpu);
+}
+}
+qemu_wait_io_event(cpu);
+} while (!cpu->unplug || cpu_can_run(cpu));
+
+kvm_destroy_vcpu(cpu);
+cpu_thread_signal_destroyed(cpu);
+qemu_mutex_unlock_iothread();
+rcu_unregister_thread();
+return NULL;
+}
+
+static void kvm_start_vcpu_thread(CPUState *cpu)
+{
+char thread_name[VCPU_THREAD_NAME_SIZE];
+
+cpu->thread = g_malloc0(sizeof(QemuThread));
+cpu->halt_cond = g_malloc0(sizeof(QemuCond));
+qemu_cond_init(cpu->halt_cond);
+snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/KVM",
+ cpu->cpu_index);
+qemu_thread_create(cpu->thread, thread_name, kvm_vcpu_thread_fn,
+   cpu, QEMU_THREAD_JOINABLE);
+}
+
+const CpusAccel kvm_cpus = {
+.create_vcpu_thread = kvm_start_vcpu_thread,
+
+.synchronize_post_reset = kvm_cpu_synchronize_post_reset,
+.synchronize_post_init = kvm_cpu_synchronize_post_init,
+.synchronize_state = kvm_cpu_synchronize_state,
+.synchronize_pre_loadvm = kvm_cpu_synchronize_pre_loadvm,
+};
diff --git a/accel/kvm/kvm-cpus.h b/accel/kvm/kvm-cpus.h
new file mode 100644
index 00..547fbee111
--- /dev/null
+++ b/accel/kvm/kvm-cpus.h
@@ -0,0 +1,17 @@
+/*
+ * Accelerator CPUS Interface
+ *
+ * Copyright 2020 SUSE LLC
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef KVM_CPUS_H
+#define KVM_CPUS_H
+
+#include "sysemu/cpus.h"
+
+extern const CpusAccel kvm_cpus;
+
+#endif /* KVM_CPUS_H */
diff --git a/accel/kvm/meson.build b/accel/kvm/meson.build
index 4db2388e2f..7e9dafe24c 100644
--- a/accel/kvm/meson.build
+++ b/accel/kvm/meson.build
@@ -1,5 +1,8 @@
 kvm_ss = ss.source_set()
-kvm_ss.add(files('kvm-all.c'))
+kv

[PULL 10/37] cpus: cleanup now unneeded includes

[Paolo Bonzini]

From: Claudio Fontana 

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Reviewed-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
---
 softmmu/cpus.c | 7 ---
 1 file changed, 7 deletions(-)

diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index adc20eb3de..1180103ede 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -29,20 +29,13 @@
 #include "qapi/qapi-commands-misc.h"
 #include "qapi/qapi-events-run-state.h"
 #include "qapi/qmp/qerror.h"
-#include "sysemu/tcg.h"
 #include "exec/gdbstub.h"
 #include "sysemu/hw_accel.h"
-#include "sysemu/kvm.h"
 #include "exec/exec-all.h"
 #include "qemu/thread.h"
 #include "qemu/plugin.h"
 #include "sysemu/cpus.h"
-#include "qemu/main-loop.h"
-#include "qemu/option.h"
-#include "qemu/bitmap.h"
-#include "qemu/seqlock.h"
 #include "qemu/guest-random.h"
-#include "tcg/tcg.h"
 #include "hw/nmi.h"
 #include "sysemu/replay.h"
 #include "sysemu/runstate.h"
-- 
2.26.2

[PULL 25/37] replay: provide an accessor for rr filename

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch adds an accessor function for the name of the record/replay
log file. Adding an accessor instead of making variable global,
prevents accidental modification of this variable by other modules.

Signed-off-by: Pavel Dovgalyuk 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <160174517710.12451.17645787545733927488.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini 
---
 include/sysemu/replay.h | 2 ++
 replay/replay.c | 5 +
 2 files changed, 7 insertions(+)

diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index a140d69a73..7d963139e5 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -72,6 +72,8 @@ void replay_start(void);
 void replay_finish(void);
 /*! Adds replay blocker with the specified error description */
 void replay_add_blocker(Error *reason);
+/* Returns name of the replay log file */
+const char *replay_get_filename(void);
 
 /* Processing the instructions */
 
diff --git a/replay/replay.c b/replay/replay.c
index 4c1457b07e..797b6a5b15 100644
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -399,3 +399,8 @@ void replay_add_blocker(Error *reason)
 {
 replay_blockers = g_slist_prepend(replay_blockers, reason);
 }
+
+const char *replay_get_filename(void)
+{
+return replay_filename;
+}
-- 
2.26.2

[PULL 20/37] dtc: Convert Makefile bits to meson bits

[Paolo Bonzini]

Build the library via the main meson.build just like for capstone.
This improves the current state of affairs in that we will re-link
the qemu executables against a changed libfdt.a, which we wouldn't
do before-hand, and lets us remove the whole recursive make machinery.

Tested-by: Richard Henderson 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 Makefile  | 23 +
 configure | 93 ---
 default-configs/targets/aarch64-softmmu.mak   |  1 +
 default-configs/targets/arm-softmmu.mak   |  1 +
 .../targets/microblaze-softmmu.mak|  1 +
 .../targets/microblazeel-softmmu.mak  |  1 +
 default-configs/targets/mips64el-softmmu.mak  |  1 +
 default-configs/targets/ppc-softmmu.mak   |  1 +
 default-configs/targets/ppc64-softmmu.mak |  1 +
 default-configs/targets/riscv32-softmmu.mak   |  1 +
 default-configs/targets/riscv64-softmmu.mak   |  1 +
 default-configs/targets/rx-softmmu.mak|  1 +
 meson.build   | 61 ++--
 meson_options.txt |  3 +
 14 files changed, 84 insertions(+), 106 deletions(-)

diff --git a/Makefile b/Makefile
index 9d6b7fc8c0..c37e513431 100644
--- a/Makefile
+++ b/Makefile
@@ -142,28 +142,7 @@ SUBDIR_MAKEFLAGS=$(if $(V),,--no-print-directory --quiet)
 include $(SRC_PATH)/tests/Makefile.include
 
 all: recurse-all
-Makefile: $(addsuffix /all, $(SUBDIRS))
-
-# LIBFDT_lib="": avoid breaking existing trees with objects requiring -fPIC
-DTC_MAKE_ARGS=-I$(SRC_PATH)/dtc VPATH=$(SRC_PATH)/dtc -C dtc V="$(V)" 
LIBFDT_lib=""
-DTC_CFLAGS=$(CFLAGS) $(QEMU_CFLAGS)
-DTC_CPPFLAGS=-I$(SRC_PATH)/dtc/libfdt
-
-.PHONY: dtc/all
-dtc/all: .git-submodule-status dtc/libfdt
-   $(call quiet-command,$(MAKE) $(DTC_MAKE_ARGS) 
CPPFLAGS="$(DTC_CPPFLAGS)" CFLAGS="$(DTC_CFLAGS)" LDFLAGS="$(QEMU_LDFLAGS)" 
ARFLAGS="$(ARFLAGS)" CC="$(CC)" AR="$(AR)" LD="$(LD)" $(SUBDIR_MAKEFLAGS) 
libfdt,)
-
-dtc/%: .git-submodule-status
-   @mkdir -p $@
-
-# Retain for a while so that incremental build across this patch
-# does not raise an error for missing target "capstone/all", which
-# comes from the saved SUBDIRS value.
-.PHONY: capstone/all
-capstone/all:
-
-.PHONY: slirp/all
-slirp/all:
+Makefile:
 
 ROM_DIRS = $(addprefix pc-bios/, $(ROMS))
 ROM_DIRS_RULES=$(foreach t, all clean, $(addsuffix /$(t), $(ROM_DIRS)))
diff --git a/configure b/configure
index 51f4e978be..2fdb4339e8 100755
--- a/configure
+++ b/configure
@@ -296,7 +296,7 @@ brlapi=""
 curl=""
 curses=""
 docs=""
-fdt=""
+fdt="auto"
 netmap="no"
 sdl="auto"
 sdl_image="auto"
@@ -1181,9 +1181,13 @@ for opt do
   ;;
   --enable-curl) curl="yes"
   ;;
-  --disable-fdt) fdt="no"
+  --disable-fdt) fdt="disabled"
   ;;
-  --enable-fdt) fdt="yes"
+  --enable-fdt) fdt="enabled"
+  ;;
+  --enable-fdt=git) fdt="internal"
+  ;;
+  --enable-fdt=system) fdt="system"
   ;;
   --disable-linux-aio) linux_aio="no"
   ;;
@@ -3941,67 +3945,15 @@ fi
 
 ##
 # fdt probe
-# fdt support is mandatory for at least some target architectures,
-# so insist on it if we're building those system emulators.
-fdt_required=no
-for target in $target_list; do
-  case $target in
-
aarch64*-softmmu|arm*-softmmu|ppc*-softmmu|microblaze*-softmmu|mips64el-softmmu|riscv*-softmmu|rx-softmmu)
-  fdt_required=yes
-;;
-  esac
-done
-
-if test "$fdt_required" = "yes"; then
-  if test "$fdt" = "no"; then
-error_exit "fdt disabled but some requested targets require it." \
-  "You can turn off fdt only if you also disable all the system emulation" 
\
-  "targets which need it (by specifying a cut down --target-list)."
-  fi
-  fdt=yes
-elif test "$fdt" != "yes" ; then
-  fdt=no
-fi
-
-# fdt is only required when building softmmu targets
-if test -z "$fdt" -a "$softmmu" != "yes" ; then
-fdt="no"
-fi
 
-if test "$fdt" != "no" ; then
-  fdt_libs="-lfdt"
-  # explicitly check for libfdt_env.h as it is missing in some stable installs
-  # and test for required functions to make sure we are on a version >= 1.4.2
-  cat > $TMPC << EOF
-#include 
-#include 
-int main(void) { fdt_check_full(NULL, 0); return 0; }
-EOF
-  if compile_prog "" "$fdt_libs" ; then
-# system DTC is good - use it
-fdt=system
-  else
-  # have GIT checkout, so activate dtc submodule
-  if test -e "${source_path}/.git" ; then
-  git_submodules="${git_submodules} dtc"
-  fi
-  if test -d "${source_path}/dtc/libfdt" || test -e "${source_path}/.git" 
; then
-  fdt=git
-  mkdir -p dtc
-  fdt_cflags="-I${source_path}/dtc/libfdt"
-  fdt_ldflags="-Ldtc/libfdt"
-  fdt_libs="$fdt_libs"
-  elif test "$fdt" = "yes" ; then
-  # Not a git build & no libfdt found, prompt for system install
-  error_exit "DTC (libfdt) version >= 1.4.2 not present." \
- "Please install the DTC (libfdt) d

[PULL 34/37] gdbstub: add reverse continue support in replay mode

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch adds support of the reverse continue operation for gdbstub.
Reverse continue finds the last breakpoint that would happen in normal
execution from the beginning to the current moment.
Implementation of the reverse continue replays the execution twice:
to find the breakpoints that were hit and to seek to the last breakpoint.
Reverse continue loads the previous snapshot and tries to find the breakpoint
since that moment. If there are no such breakpoints, it proceeds to
the earlier snapshot, and so on. When no breakpoints or watchpoints were
hit at all, execution stops at the beginning of the replay log.

Signed-off-by: Pavel Dovgalyuk 
Message-Id: <160174522930.12451.6994758004725016836.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini 
---
 exec.c|  1 +
 gdbstub.c | 10 +-
 include/sysemu/replay.h   |  8 +
 replay/replay-debugging.c | 72 +++
 softmmu/cpus.c|  5 +++
 stubs/replay.c|  5 +++
 6 files changed, 100 insertions(+), 1 deletion(-)

diff --git a/exec.c b/exec.c
index d8072668ea..ec68f4a9ca 100644
--- a/exec.c
+++ b/exec.c
@@ -2753,6 +2753,7 @@ void cpu_check_watchpoint(CPUState *cpu, vaddr addr, 
vaddr len,
  * Don't process the watchpoints when we are
  * in a reverse debugging operation.
  */
+replay_breakpoint();
 return;
 }
 if (flags == BP_MEM_READ) {
diff --git a/gdbstub.c b/gdbstub.c
index 79e8ccc050..ac92273018 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1907,6 +1907,13 @@ static void handle_backward(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 put_packet("E14");
 }
 return;
+case 'c':
+if (replay_reverse_continue()) {
+gdb_continue();
+} else {
+put_packet("E14");
+}
+return;
 }
 }
 
@@ -2161,7 +2168,8 @@ static void handle_query_supported(GdbCmdContext 
*gdb_ctx, void *user_ctx)
 }
 
 if (replay_mode == REPLAY_MODE_PLAY) {
-g_string_append(gdbserver_state.str_buf, ";ReverseStep+");
+g_string_append(gdbserver_state.str_buf,
+";ReverseStep+;ReverseContinue+");
 }
 
 if (gdb_ctx->num_params &&
diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index 90bbb5d825..172b20c60c 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -81,11 +81,19 @@ const char *replay_get_filename(void);
  * Returns true on success.
  */
 bool replay_reverse_step(void);
+/*
+ * Start searching the last breakpoint/watchpoint.
+ * Used by gdbstub for backwards debugging.
+ * Returns true if the process successfully started.
+ */
+bool replay_reverse_continue(void);
 /*
  * Returns true if replay module is processing
  * reverse_continue or reverse_step request
  */
 bool replay_running_debug(void);
+/* Called in reverse debugging mode to collect breakpoint information */
+void replay_breakpoint(void);
 
 /* Processing the instructions */
 
diff --git a/replay/replay-debugging.c b/replay/replay-debugging.c
index 1e1dec0295..30ca38e5dd 100644
--- a/replay/replay-debugging.c
+++ b/replay/replay-debugging.c
@@ -23,6 +23,8 @@
 #include "migration/snapshot.h"
 
 static bool replay_is_debugging;
+static int64_t replay_last_breakpoint;
+static int64_t replay_last_snapshot;
 
 bool replay_running_debug(void)
 {
@@ -246,3 +248,73 @@ bool replay_reverse_step(void)
 
 return false;
 }
+
+static void replay_continue_end(void)
+{
+replay_is_debugging = false;
+vm_stop(RUN_STATE_DEBUG);
+replay_delete_break();
+}
+
+static void replay_continue_stop(void *opaque)
+{
+Error *err = NULL;
+if (replay_last_breakpoint != -1LL) {
+replay_seek(replay_last_breakpoint, replay_stop_vm_debug, &err);
+if (err) {
+error_free(err);
+replay_continue_end();
+}
+return;
+}
+/*
+ * No breakpoints since the last snapshot.
+ * Find previous snapshot and try again.
+ */
+if (replay_last_snapshot != 0) {
+replay_seek(replay_last_snapshot - 1, replay_continue_stop, &err);
+if (err) {
+error_free(err);
+replay_continue_end();
+}
+replay_last_snapshot = replay_get_current_icount();
+return;
+} else {
+/* Seek to the very first step */
+replay_seek(0, replay_stop_vm_debug, &err);
+if (err) {
+error_free(err);
+replay_continue_end();
+}
+return;
+}
+replay_continue_end();
+}
+
+bool replay_reverse_continue(void)
+{
+Error *err = NULL;
+
+assert(replay_mode == REPLAY_MODE_PLAY);
+
+if (replay_get_current_icount() != 0) {
+replay_seek(replay_get_current_icount() - 1,
+replay_continue_stop, &err);
+if (err) {
+error_free

[PULL 27/37] migration: introduce icount field for snapshots

[Paolo Bonzini]

From: Pavel Dovgalyuk 

Saving icount as a parameters of the snapshot allows navigation between
them in the execution replay scenario.
This information can be used for finding a specific snapshot for proceeding
the recorded execution to the specific moment of the time.
E.g., 'reverse step' action (introduced in one of the following patches)
needs to load the nearest snapshot which is prior to the current moment
of time.
This patch also updates snapshot test which verifies qemu monitor output.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Markus Armbruster 
Acked-by: Kevin Wolf 

--

v4 changes:
 - squashed format update with test output update
v7 changes:
 - introduced the spaces between the fields in snapshot info output
 - updated the test to match new field widths
Message-Id: <160174518865.12451.14327573383978752463.stgit@pasha-ThinkPad-X280>

Signed-off-by: Paolo Bonzini 
---
 block/qapi.c   | 18 ++
 block/qcow2-snapshot.c |  2 ++
 blockdev.c | 10 
 include/block/snapshot.h   |  1 +
 migration/savevm.c |  5 
 qapi/block-core.json   | 10 ++--
 stubs/replay.c |  5 
 tests/qemu-iotests/261 |  4 ++--
 tests/qemu-iotests/267.out | 48 +++---
 9 files changed, 71 insertions(+), 32 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index f423ece98c..036da085ee 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -230,6 +230,8 @@ int bdrv_query_snapshot_info_list(BlockDriverState *bs,
 info->date_nsec = sn_tab[i].date_nsec;
 info->vm_clock_sec  = sn_tab[i].vm_clock_nsec / 10;
 info->vm_clock_nsec = sn_tab[i].vm_clock_nsec % 10;
+info->icount= sn_tab[i].icount;
+info->has_icount= sn_tab[i].icount != -1ULL;
 
 info_list = g_new0(SnapshotInfoList, 1);
 info_list->value = info;
@@ -694,14 +696,15 @@ BlockStatsList *qmp_query_blockstats(bool has_query_nodes,
 void bdrv_snapshot_dump(QEMUSnapshotInfo *sn)
 {
 char date_buf[128], clock_buf[128];
+char icount_buf[128] = {0};
 struct tm tm;
 time_t ti;
 int64_t secs;
 char *sizing = NULL;
 
 if (!sn) {
-qemu_printf("%-10s%-20s%11s%20s%15s",
-"ID", "TAG", "VM SIZE", "DATE", "VM CLOCK");
+qemu_printf("%-10s%-18s%7s%20s%13s%11s",
+"ID", "TAG", "VM SIZE", "DATE", "VM CLOCK", "ICOUNT");
 } else {
 ti = sn->date_sec;
 localtime_r(&ti, &tm);
@@ -715,11 +718,16 @@ void bdrv_snapshot_dump(QEMUSnapshotInfo *sn)
  (int)(secs % 60),
  (int)((sn->vm_clock_nsec / 100) % 1000));
 sizing = size_to_str(sn->vm_state_size);
-qemu_printf("%-10s%-20s%11s%20s%15s",
+if (sn->icount != -1ULL) {
+snprintf(icount_buf, sizeof(icount_buf),
+"%"PRId64, sn->icount);
+}
+qemu_printf("%-9s %-17s %7s%20s%13s%11s",
 sn->id_str, sn->name,
 sizing,
 date_buf,
-clock_buf);
+clock_buf,
+icount_buf);
 }
 g_free(sizing);
 }
@@ -881,6 +889,8 @@ void bdrv_image_info_dump(ImageInfo *info)
 .date_nsec = elem->value->date_nsec,
 .vm_clock_nsec = elem->value->vm_clock_sec * 10ULL +
  elem->value->vm_clock_nsec,
+.icount = elem->value->has_icount ?
+  elem->value->icount : -1ULL,
 };
 
 pstrcpy(sn.id_str, sizeof(sn.id_str), elem->value->id);
diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index d68b25e0c5..2e98c7f4b6 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -663,6 +663,7 @@ int qcow2_snapshot_create(BlockDriverState *bs, 
QEMUSnapshotInfo *sn_info)
 sn->date_sec = sn_info->date_sec;
 sn->date_nsec = sn_info->date_nsec;
 sn->vm_clock_nsec = sn_info->vm_clock_nsec;
+sn->icount = sn_info->icount;
 sn->extra_data_size = sizeof(QCowSnapshotExtraData);
 
 /* Allocate the L1 table of the snapshot and copy the current one there. */
@@ -1007,6 +1008,7 @@ int qcow2_snapshot_list(BlockDriverState *bs, 
QEMUSnapshotInfo **psn_tab)
 sn_info->date_sec = sn->date_sec;
 sn_info->date_nsec = sn->date_nsec;
 sn_info->vm_clock_nsec = sn->vm_clock_nsec;
+sn_info->icount = sn->icount;
 }
 *psn_tab = sn_tab;
 return s->nb_snapshots;
diff --git a/blockdev.c b/blockdev.c
index bebd3ba1c3..a6ae475dac 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -59,6 +59,7 @@
 #include "sysemu/arch_init.h"
 #include "sysemu/qtest.h"
 #include "sysemu/runstate.h"
+#include "sysemu/replay.h"
 #include "qemu/cutils.h"
 #include "qemu/help_option.h"
 #include "qemu/main-loop.h"
@@ -1190,6 +1191,10 @@ SnapshotInfo 
*qmp_blockdev_snapshot_delete_internal_sync(const char *device,
 info->v

[PULL 30/37] replay: introduce breakpoint at the specified step

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch introduces replay_break, replay_delete_break
qmp and hmp commands.
These commands allow stopping at the specified instruction.
It may be useful for debugging when there are some known
events that should be investigated.
replay_break command has one argument - number of instructions
executed since the start of the replay.
replay_delete_break removes previously set breakpoint.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Markus Armbruster 

--

v4 changes:
 - removed useless error_free call
Message-Id: <160174520606.12451.7056879546045599378.stgit@pasha-ThinkPad-X280>

Signed-off-by: Paolo Bonzini 
---
 hmp-commands.hx   | 32 +++
 include/monitor/hmp.h |  2 +
 qapi/replay.json  | 36 +
 replay/replay-debugging.c | 84 +++
 replay/replay-internal.h  |  4 ++
 replay/replay.c   | 17 
 6 files changed, 175 insertions(+)

diff --git a/hmp-commands.hx b/hmp-commands.hx
index 1088d64503..7680d0b380 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1804,6 +1804,38 @@ SRST
   Set QOM property *property* of object at location *path* to value *value*
 ERST
 
+{
+.name   = "replay_break",
+.args_type  = "icount:i",
+.params = "icount",
+.help   = "set breakpoint at the specified instruction count",
+.cmd= hmp_replay_break,
+},
+
+SRST
+``replay_break`` *icount*
+  Set replay breakpoint at instruction count *icount*.
+  Execution stops when the specified instruction is reached.
+  There can be at most one breakpoint. When breakpoint is set, any prior
+  one is removed.  The breakpoint may be set only in replay mode and only
+  "in the future", i.e. at instruction counts greater than the current one.
+  The current instruction count can be observed with ``info replay``.
+ERST
+
+{
+.name   = "replay_delete_break",
+.args_type  = "",
+.params = "",
+.help   = "remove replay breakpoint",
+.cmd= hmp_replay_delete_break,
+},
+
+SRST
+``replay_delete_break``
+  Remove replay breakpoint which was previously set with ``replay_break``.
+  The command is ignored when there are no replay breakpoints.
+ERST
+
 {
 .name   = "info",
 .args_type  = "item:s?",
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
index f297fccce8..809ad638bb 100644
--- a/include/monitor/hmp.h
+++ b/include/monitor/hmp.h
@@ -130,5 +130,7 @@ void hmp_info_vm_generation_id(Monitor *mon, const QDict 
*qdict);
 void hmp_info_memory_size_summary(Monitor *mon, const QDict *qdict);
 void hmp_info_sev(Monitor *mon, const QDict *qdict);
 void hmp_info_replay(Monitor *mon, const QDict *qdict);
+void hmp_replay_break(Monitor *mon, const QDict *qdict);
+void hmp_replay_delete_break(Monitor *mon, const QDict *qdict);
 
 #endif
diff --git a/qapi/replay.json b/qapi/replay.json
index e6b3f6001d..173ba76107 100644
--- a/qapi/replay.json
+++ b/qapi/replay.json
@@ -63,3 +63,39 @@
 ##
 { 'command': 'query-replay',
   'returns': 'ReplayInfo' }
+
+##
+# @replay-break:
+#
+# Set replay breakpoint at instruction count @icount.
+# Execution stops when the specified instruction is reached.
+# There can be at most one breakpoint. When breakpoint is set, any prior
+# one is removed.  The breakpoint may be set only in replay mode and only
+# "in the future", i.e. at instruction counts greater than the current one.
+# The current instruction count can be observed with @query-replay.
+#
+# @icount: instruction count to stop at
+#
+# Since: 5.2
+#
+# Example:
+#
+# -> { "execute": "replay-break", "data": { "icount": 220414 } }
+#
+##
+{ 'command': 'replay-break', 'data': { 'icount': 'int' } }
+
+##
+# @replay-delete-break:
+#
+# Remove replay breakpoint which was set with @replay-break.
+# The command is ignored when there are no replay breakpoints.
+#
+# Since: 5.2
+#
+# Example:
+#
+# -> { "execute": "replay-delete-break" }
+#
+##
+{ 'command': 'replay-delete-break' }
diff --git a/replay/replay-debugging.c b/replay/replay-debugging.c
index 51a6de4e81..3dc23b84fc 100644
--- a/replay/replay-debugging.c
+++ b/replay/replay-debugging.c
@@ -12,10 +12,13 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "sysemu/replay.h"
+#include "sysemu/runstate.h"
 #include "replay-internal.h"
 #include "monitor/hmp.h"
 #include "monitor/monitor.h"
 #include "qapi/qapi-commands-replay.h"
+#include "qapi/qmp/qdict.h"
+#include "qemu/timer.h"
 
 void hmp_info_replay(Monitor *mon, const QDict *qdict)
 {
@@ -41,3 +44,84 @@ ReplayInfo *qmp_query_replay(Error **errp)
 retval->icount = replay_get_current_icount();
 return retval;
 }
+
+static void replay_break(uint64_t icount, QEMUTimerCB callback, void *opaque)
+{
+assert(replay_mode == REPLAY_MODE_PLAY);
+assert(replay_mutex_locked());
+assert(replay_break_icount >= replay_get_current_icount());
+assert(callback);
+
+repla

[PULL 12/37] cpus: add handle_interrupt to the CpusAccel interface

[Paolo Bonzini]

From: Claudio Fontana 

kvm: uses the generic handler
qtest: uses the generic handler
whpx: changed to use the generic handler (identical implementation)
hax: changed to use the generic handler (identical implementation)
hvf: changed to use the generic handler (identical implementation)
tcg: adapt tcg-cpus to point to the tcg-specific handler

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 accel/tcg/tcg-all.c| 26 --
 accel/tcg/tcg-cpus.c   | 28 
 hw/core/cpu.c  | 13 -
 include/hw/core/cpu.h  | 14 --
 include/sysemu/cpus.h  |  2 ++
 softmmu/cpus.c | 18 ++
 target/i386/hax-all.c  | 10 --
 target/i386/hvf/hvf.c  |  9 -
 target/i386/whpx-all.c | 10 --
 9 files changed, 48 insertions(+), 82 deletions(-)

diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c
index 000fe4dbd9..fa1208158f 100644
--- a/accel/tcg/tcg-all.c
+++ b/accel/tcg/tcg-all.c
@@ -47,31 +47,6 @@ typedef struct TCGState TCGState;
 DECLARE_INSTANCE_CHECKER(TCGState, TCG_STATE,
  TYPE_TCG_ACCEL)
 
-/* mask must never be zero, except for A20 change call */
-static void tcg_handle_interrupt(CPUState *cpu, int mask)
-{
-int old_mask;
-g_assert(qemu_mutex_iothread_locked());
-
-old_mask = cpu->interrupt_request;
-cpu->interrupt_request |= mask;
-
-/*
- * If called from iothread context, wake the target cpu in
- * case its halted.
- */
-if (!qemu_cpu_is_self(cpu)) {
-qemu_cpu_kick(cpu);
-} else {
-qatomic_set(&cpu_neg(cpu)->icount_decr.u16.high, -1);
-if (icount_enabled() &&
-!cpu->can_do_io
-&& (mask & ~old_mask) != 0) {
-cpu_abort(cpu, "Raised interrupt while not in I/O function");
-}
-}
-}
-
 /*
  * We default to false if we know other options have been enabled
  * which are currently incompatible with MTTCG. Otherwise when each
@@ -128,7 +103,6 @@ static int tcg_init(MachineState *ms)
 TCGState *s = TCG_STATE(current_accel());
 
 tcg_exec_init(s->tb_size * 1024 * 1024);
-cpu_interrupt_handler = tcg_handle_interrupt;
 mttcg_enabled = s->mttcg_enabled;
 cpus_register_accel(&tcg_cpus);
 
diff --git a/accel/tcg/tcg-cpus.c b/accel/tcg/tcg-cpus.c
index 4f15c7f0de..cedd1e6c4f 100644
--- a/accel/tcg/tcg-cpus.c
+++ b/accel/tcg/tcg-cpus.c
@@ -543,9 +543,37 @@ static int64_t tcg_get_elapsed_ticks(void)
 return cpu_get_ticks();
 }
 
+/* mask must never be zero, except for A20 change call */
+static void tcg_handle_interrupt(CPUState *cpu, int mask)
+{
+int old_mask;
+g_assert(qemu_mutex_iothread_locked());
+
+old_mask = cpu->interrupt_request;
+cpu->interrupt_request |= mask;
+
+/*
+ * If called from iothread context, wake the target cpu in
+ * case its halted.
+ */
+if (!qemu_cpu_is_self(cpu)) {
+qemu_cpu_kick(cpu);
+} else {
+qatomic_set(&cpu_neg(cpu)->icount_decr.u16.high, -1);
+if (icount_enabled() &&
+!cpu->can_do_io
+&& (mask & ~old_mask) != 0) {
+cpu_abort(cpu, "Raised interrupt while not in I/O function");
+}
+}
+}
+
 const CpusAccel tcg_cpus = {
 .create_vcpu_thread = tcg_start_vcpu_thread,
 .kick_vcpu_thread = tcg_kick_vcpu_thread,
+
+.handle_interrupt = tcg_handle_interrupt,
+
 .get_virtual_clock = tcg_get_virtual_clock,
 .get_elapsed_ticks = tcg_get_elapsed_ticks,
 };
diff --git a/hw/core/cpu.c b/hw/core/cpu.c
index d596182621..8654550d39 100644
--- a/hw/core/cpu.c
+++ b/hw/core/cpu.c
@@ -35,8 +35,6 @@
 #include "qemu/plugin.h"
 #include "sysemu/hw_accel.h"
 
-CPUInterruptHandler cpu_interrupt_handler;
-
 CPUState *cpu_by_arch_id(int64_t id)
 {
 CPUState *cpu;
@@ -394,17 +392,6 @@ static vaddr cpu_adjust_watchpoint_address(CPUState *cpu, 
vaddr addr, int len)
 return addr;
 }
 
-static void generic_handle_interrupt(CPUState *cpu, int mask)
-{
-cpu->interrupt_request |= mask;
-
-if (!qemu_cpu_is_self(cpu)) {
-qemu_cpu_kick(cpu);
-}
-}
-
-CPUInterruptHandler cpu_interrupt_handler = generic_handle_interrupt;
-
 static void cpu_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 6c34798c8b..4879f25026 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -844,12 +844,6 @@ bool cpu_exists(int64_t id);
  */
 CPUState *cpu_by_arch_id(int64_t id);
 
-#ifndef CONFIG_USER_ONLY
-
-typedef void (*CPUInterruptHandler)(CPUState *, int);
-
-extern CPUInterruptHandler cpu_interrupt_handler;
-
 /**
  * cpu_interrupt:
  * @cpu: The CPU to set an interrupt on.
@@ -857,17 +851,9 @@ extern CPUInterruptHandler cpu_interrupt_handler;
  *
  * Invokes the interrupt handler.
  */
-static inline void cpu_interrupt(CPUState *cpu, int mask)
-{
-cpu_interrupt_ha

[PULL 36/37] replay: create temporary snapshot at debugger connection

[Paolo Bonzini]

From: Pavel Dovgalyuk 

When record/replay does not uses overlays for storing the snapshots,
user is not capable of issuing reverse debugging commands.
This patch adds creation of the VM snapshot on the temporary
overlay image, when the debugger connects to QEMU.
Therefore the execution can be rewind to the moment
of the debugger connection while debugging the virtual machine.

Signed-off-by: Pavel Dovgalyuk 

--

v6:
 - dropped unused error processing (suggested by Philippe Mathieu-Daudé)
Message-Id: <160174524096.12451.11651270339216758643.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini 
---
 gdbstub.c |  1 +
 include/sysemu/replay.h   |  2 ++
 replay/replay-debugging.c | 14 ++
 3 files changed, 17 insertions(+)

diff --git a/gdbstub.c b/gdbstub.c
index ac92273018..f19f98ab1a 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -3321,6 +3321,7 @@ static void gdb_chr_event(void *opaque, QEMUChrEvent 
event)
 s->g_cpu = s->c_cpu;
 
 vm_stop(RUN_STATE_PAUSED);
+replay_gdb_attached();
 gdb_has_xml = false;
 break;
 default:
diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index 172b20c60c..56c0c17c30 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -94,6 +94,8 @@ bool replay_reverse_continue(void);
 bool replay_running_debug(void);
 /* Called in reverse debugging mode to collect breakpoint information */
 void replay_breakpoint(void);
+/* Called when gdb is attached to gdbstub */
+void replay_gdb_attached(void);
 
 /* Processing the instructions */
 
diff --git a/replay/replay-debugging.c b/replay/replay-debugging.c
index 30ca38e5dd..ee9e86daa9 100644
--- a/replay/replay-debugging.c
+++ b/replay/replay-debugging.c
@@ -318,3 +318,17 @@ void replay_breakpoint(void)
 assert(replay_mode == REPLAY_MODE_PLAY);
 replay_last_breakpoint = replay_get_current_icount();
 }
+
+void replay_gdb_attached(void)
+{
+/*
+ * Create VM snapshot on temporary overlay to allow reverse
+ * debugging even if snapshots were not enabled.
+ */
+if (replay_mode == REPLAY_MODE_PLAY
+&& !replay_snapshot) {
+if (save_snapshot("start_debugging", NULL) != 0) {
+/* Can't create the snapshot. Continue conventional debugging. */
+}
+}
+}
-- 
2.26.2

[PULL 35/37] replay: describe reverse debugging in docs/replay.txt

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch updates the documentation and describes usage of the reverse
debugging in QEMU+GDB.

Signed-off-by: Pavel Dovgalyuk 
Reviewed-by: Alex Bennée 

--

v4 changes:
 - added an example of the command line for reverse debugging of
   the diskless machine
Message-Id: <160174523509.12451.1409905901920738979.stgit@pasha-ThinkPad-X280>

Signed-off-by: Paolo Bonzini 
---
 docs/replay.txt | 46 ++
 1 file changed, 46 insertions(+)

diff --git a/docs/replay.txt b/docs/replay.txt
index 8952e6d852..87a64ae068 100644
--- a/docs/replay.txt
+++ b/docs/replay.txt
@@ -265,6 +265,16 @@ of the original disk image, use overlay files linked to 
the original images.
 Therefore all new snapshots (including the starting one) will be saved in
 overlays and the original image remains unchanged.
 
+When you need to use snapshots with diskless virtual machine,
+it must be started with 'orphan' qcow2 image. This image will be used
+for storing VM snapshots. Here is the example of the command line for this:
+
+  qemu-system-i386 -icount shift=3,rr=replay,rrfile=record.bin,rrsnapshot=init 
\
+-net none -drive file=empty.qcow2,if=none,id=rr
+
+empty.qcow2 drive does not connected to any virtual block device and used
+for VM snapshots only.
+
 Network devices
 ---
 
@@ -294,6 +304,42 @@ for recording and replaying must contain identical number 
of ports in record
 and replay modes, but their backends may differ.
 E.g., '-serial stdio' in record mode, and '-serial null' in replay mode.
 
+Reverse debugging
+-
+
+Reverse debugging allows "executing" the program in reverse direction.
+GDB remote protocol supports "reverse step" and "reverse continue"
+commands. The first one steps single instruction backwards in time,
+and the second one finds the last breakpoint in the past.
+
+Recorded executions may be used to enable reverse debugging. QEMU can't
+execute the code in backwards direction, but can load a snapshot and
+replay forward to find the desired position or breakpoint.
+
+The following GDB commands are supported:
+ - reverse-stepi (or rsi) - step one instruction backwards
+ - reverse-continue (or rc) - find last breakpoint in the past
+
+Reverse step loads the nearest snapshot and replays the execution until
+the required instruction is met.
+
+Reverse continue may include several passes of examining the execution
+between the snapshots. Each of the passes include the following steps:
+ 1. loading the snapshot
+ 2. replaying to examine the breakpoints
+ 3. if breakpoint or watchpoint was met
+- loading the snaphot again
+- replaying to the required breakpoint
+ 4. else
+- proceeding to the p.1 with the earlier snapshot
+
+Therefore usage of the reverse debugging requires at least one snapshot
+created in advance. This can be done by omitting 'snapshot' option
+for the block drives and adding 'rrsnapshot' for both record and replay
+command lines.
+See the "Snapshotting" section to learn more about running record/replay
+and creating the snapshot in these modes.
+
 Replay log format
 -
 
-- 
2.26.2

[PULL 13/37] hvf: remove hvf specific functions from global includes

[Paolo Bonzini]

From: Claudio Fontana 

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Reviewed-by: Roman Bolshakov 
Signed-off-by: Paolo Bonzini 
---
 accel/stubs/hvf-stub.c | 30 --
 accel/stubs/meson.build|  1 -
 include/sysemu/hvf.h   |  8 
 target/i386/hvf/hvf-cpus.h |  8 
 target/i386/hvf/x86hvf.c   |  2 ++
 target/i386/hvf/x86hvf.h   |  1 -
 6 files changed, 10 insertions(+), 40 deletions(-)
 delete mode 100644 accel/stubs/hvf-stub.c

diff --git a/accel/stubs/hvf-stub.c b/accel/stubs/hvf-stub.c
deleted file mode 100644
index e81dfe888c..00
--- a/accel/stubs/hvf-stub.c
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * QEMU HVF support
- *
- * Copyright 2017 Red Hat, Inc.
- *
- * This software is licensed under the terms of the GNU General Public
- * License version 2 or later, as published by the Free Software Foundation,
- * and may be copied, distributed, and modified under those terms.
- *
- * See the COPYING file in the top-level directory.
- *
- */
-
-#include "qemu/osdep.h"
-#include "cpu.h"
-#include "sysemu/hvf.h"
-
-int hvf_init_vcpu(CPUState *cpu)
-{
-return -ENOSYS;
-}
-
-int hvf_vcpu_exec(CPUState *cpu)
-{
-return -ENOSYS;
-}
-
-void hvf_vcpu_destroy(CPUState *cpu)
-{
-}
diff --git a/accel/stubs/meson.build b/accel/stubs/meson.build
index 314e3cfff4..3fbe34e5bb 100644
--- a/accel/stubs/meson.build
+++ b/accel/stubs/meson.build
@@ -1,6 +1,5 @@
 specific_ss.add(when: 'CONFIG_HAX', if_false: files('hax-stub.c'))
 specific_ss.add(when: 'CONFIG_XEN', if_false: files('xen-stub.c'))
-specific_ss.add(when: 'CONFIG_HVF', if_false: files('hvf-stub.c'))
 specific_ss.add(when: 'CONFIG_KVM', if_false: files('kvm-stub.c'))
 specific_ss.add(when: 'CONFIG_TCG', if_false: files('tcg-stub.c'))
 specific_ss.add(when: 'CONFIG_WHPX', if_false: files('whpx-stub.c'))
diff --git a/include/sysemu/hvf.h b/include/sysemu/hvf.h
index 1398679458..f893768df9 100644
--- a/include/sysemu/hvf.h
+++ b/include/sysemu/hvf.h
@@ -26,14 +26,6 @@ extern bool hvf_allowed;
 #define hvf_get_supported_cpuid(func, idx, reg) 0
 #endif /* !CONFIG_HVF */
 
-int hvf_init_vcpu(CPUState *);
-int hvf_vcpu_exec(CPUState *);
-void hvf_cpu_synchronize_state(CPUState *);
-void hvf_cpu_synchronize_post_reset(CPUState *);
-void hvf_cpu_synchronize_post_init(CPUState *);
-void hvf_cpu_synchronize_pre_loadvm(CPUState *);
-void hvf_vcpu_destroy(CPUState *);
-
 #define TYPE_HVF_ACCEL ACCEL_CLASS_NAME("hvf")
 
 typedef struct HVFState HVFState;
diff --git a/target/i386/hvf/hvf-cpus.h b/target/i386/hvf/hvf-cpus.h
index 262e449fd6..ced31b82c0 100644
--- a/target/i386/hvf/hvf-cpus.h
+++ b/target/i386/hvf/hvf-cpus.h
@@ -14,4 +14,12 @@
 
 extern const CpusAccel hvf_cpus;
 
+int hvf_init_vcpu(CPUState *);
+int hvf_vcpu_exec(CPUState *);
+void hvf_cpu_synchronize_state(CPUState *);
+void hvf_cpu_synchronize_post_reset(CPUState *);
+void hvf_cpu_synchronize_post_init(CPUState *);
+void hvf_cpu_synchronize_pre_loadvm(CPUState *);
+void hvf_vcpu_destroy(CPUState *);
+
 #endif /* HVF_CPUS_H */
diff --git a/target/i386/hvf/x86hvf.c b/target/i386/hvf/x86hvf.c
index 5cbcb32ab6..b986213c0f 100644
--- a/target/i386/hvf/x86hvf.c
+++ b/target/i386/hvf/x86hvf.c
@@ -32,6 +32,8 @@
 #include 
 #include 
 
+#include "hvf-cpus.h"
+
 void hvf_set_segment(struct CPUState *cpu, struct vmx_segment *vmx_seg,
  SegmentCache *qseg, bool is_tr)
 {
diff --git a/target/i386/hvf/x86hvf.h b/target/i386/hvf/x86hvf.h
index 79539f7282..4fabc6d582 100644
--- a/target/i386/hvf/x86hvf.h
+++ b/target/i386/hvf/x86hvf.h
@@ -35,5 +35,4 @@ void hvf_get_msrs(CPUState *cpu_state);
 void vmx_clear_int_window_exiting(CPUState *cpu);
 void hvf_get_segments(CPUState *cpu_state);
 void vmx_update_tpr(CPUState *cpu);
-void hvf_cpu_synchronize_state(CPUState *cpu_state);
 #endif
-- 
2.26.2

[PULL 31/37] replay: implement replay-seek command

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch adds hmp/qmp commands replay_seek/replay-seek that proceed
the execution to the specified instruction count.
The command automatically loads nearest snapshot and replays the execution
to find the desired instruction count.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Markus Armbruster 

--

v4 changes:
 - fixed HMP command description indent
 - removed useless error_free call
Message-Id: <160174521180.12451.14033112911009278753.stgit@pasha-ThinkPad-X280>

Signed-off-by: Paolo Bonzini 
---
 hmp-commands.hx   | 18 
 include/monitor/hmp.h |  1 +
 qapi/replay.json  | 20 +
 replay/replay-debugging.c | 87 +++
 4 files changed, 126 insertions(+)

diff --git a/hmp-commands.hx b/hmp-commands.hx
index 7680d0b380..e43ce600b8 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1836,6 +1836,24 @@ SRST
   The command is ignored when there are no replay breakpoints.
 ERST
 
+{
+.name   = "replay_seek",
+.args_type  = "icount:i",
+.params = "icount",
+.help   = "replay execution to the specified instruction count",
+.cmd= hmp_replay_seek,
+},
+
+SRST
+``replay_seek`` *icount*
+  Automatically proceed to the instruction count *icount*, when
+  replaying the execution. The command automatically loads nearest
+  snapshot and replays the execution to find the desired instruction.
+  When there is no preceding snapshot or the execution is not replayed,
+  then the command fails.
+  *icount* for the reference may be observed with ``info replay`` command.
+ERST
+
 {
 .name   = "info",
 .args_type  = "item:s?",
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
index 809ad638bb..ed2913fd18 100644
--- a/include/monitor/hmp.h
+++ b/include/monitor/hmp.h
@@ -132,5 +132,6 @@ void hmp_info_sev(Monitor *mon, const QDict *qdict);
 void hmp_info_replay(Monitor *mon, const QDict *qdict);
 void hmp_replay_break(Monitor *mon, const QDict *qdict);
 void hmp_replay_delete_break(Monitor *mon, const QDict *qdict);
+void hmp_replay_seek(Monitor *mon, const QDict *qdict);
 
 #endif
diff --git a/qapi/replay.json b/qapi/replay.json
index 173ba76107..bfd83d7591 100644
--- a/qapi/replay.json
+++ b/qapi/replay.json
@@ -99,3 +99,23 @@
 #
 ##
 { 'command': 'replay-delete-break' }
+
+##
+# @replay-seek:
+#
+# Automatically proceed to the instruction count @icount, when
+# replaying the execution. The command automatically loads nearest
+# snapshot and replays the execution to find the desired instruction.
+# When there is no preceding snapshot or the execution is not replayed,
+# then the command fails.
+# icount for the reference may be obtained with @query-replay command.
+#
+# @icount: target instruction count
+#
+# Since: 5.2
+#
+# Example:
+#
+# -> { "execute": "replay-seek", "data": { "icount": 220414 } }
+##
+{ 'command': 'replay-seek', 'data': { 'icount': 'int' } }
diff --git a/replay/replay-debugging.c b/replay/replay-debugging.c
index 3dc23b84fc..e1fe6b8661 100644
--- a/replay/replay-debugging.c
+++ b/replay/replay-debugging.c
@@ -19,6 +19,8 @@
 #include "qapi/qapi-commands-replay.h"
 #include "qapi/qmp/qdict.h"
 #include "qemu/timer.h"
+#include "block/snapshot.h"
+#include "migration/snapshot.h"
 
 void hmp_info_replay(Monitor *mon, const QDict *qdict)
 {
@@ -125,3 +127,88 @@ void hmp_replay_delete_break(Monitor *mon, const QDict 
*qdict)
 return;
 }
 }
+
+static char *replay_find_nearest_snapshot(int64_t icount,
+  int64_t *snapshot_icount)
+{
+BlockDriverState *bs;
+QEMUSnapshotInfo *sn_tab;
+QEMUSnapshotInfo *nearest = NULL;
+char *ret = NULL;
+int nb_sns, i;
+AioContext *aio_context;
+
+*snapshot_icount = -1;
+
+bs = bdrv_all_find_vmstate_bs();
+if (!bs) {
+goto fail;
+}
+aio_context = bdrv_get_aio_context(bs);
+
+aio_context_acquire(aio_context);
+nb_sns = bdrv_snapshot_list(bs, &sn_tab);
+aio_context_release(aio_context);
+
+for (i = 0; i < nb_sns; i++) {
+if (bdrv_all_find_snapshot(sn_tab[i].name, &bs) == 0) {
+if (sn_tab[i].icount != -1ULL
+&& sn_tab[i].icount <= icount
+&& (!nearest || nearest->icount < sn_tab[i].icount)) {
+nearest = &sn_tab[i];
+}
+}
+}
+if (nearest) {
+ret = g_strdup(nearest->name);
+*snapshot_icount = nearest->icount;
+}
+g_free(sn_tab);
+
+fail:
+return ret;
+}
+
+static void replay_seek(int64_t icount, QEMUTimerCB callback, Error **errp)
+{
+char *snapshot = NULL;
+int64_t snapshot_icount;
+
+if (replay_mode != REPLAY_MODE_PLAY) {
+error_setg(errp, "replay must be enabled to seek");
+return;
+}
+
+snapshot = replay_find_nearest_snapshot(icount, &snapshot_icount);
+if (snapshot) {
+if (icount < replay_get_current_icount()

[PULL 14/37] whpx: remove whpx specific functions from global includes

[Paolo Bonzini]

From: Claudio Fontana 

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 accel/stubs/meson.build |  1 -
 accel/stubs/whpx-stub.c | 47 -
 include/sysemu/whpx.h   | 19 -
 target/i386/whpx-cpus.h | 17 +++
 4 files changed, 17 insertions(+), 67 deletions(-)
 delete mode 100644 accel/stubs/whpx-stub.c

diff --git a/accel/stubs/meson.build b/accel/stubs/meson.build
index 3fbe34e5bb..12dd1539af 100644
--- a/accel/stubs/meson.build
+++ b/accel/stubs/meson.build
@@ -2,4 +2,3 @@ specific_ss.add(when: 'CONFIG_HAX', if_false: 
files('hax-stub.c'))
 specific_ss.add(when: 'CONFIG_XEN', if_false: files('xen-stub.c'))
 specific_ss.add(when: 'CONFIG_KVM', if_false: files('kvm-stub.c'))
 specific_ss.add(when: 'CONFIG_TCG', if_false: files('tcg-stub.c'))
-specific_ss.add(when: 'CONFIG_WHPX', if_false: files('whpx-stub.c'))
diff --git a/accel/stubs/whpx-stub.c b/accel/stubs/whpx-stub.c
deleted file mode 100644
index 1efb89f25e..00
--- a/accel/stubs/whpx-stub.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * QEMU Windows Hypervisor Platform accelerator (WHPX) stub
- *
- * Copyright Microsoft Corp. 2017
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- */
-
-#include "qemu/osdep.h"
-#include "cpu.h"
-#include "sysemu/whpx.h"
-
-int whpx_init_vcpu(CPUState *cpu)
-{
-return -1;
-}
-
-int whpx_vcpu_exec(CPUState *cpu)
-{
-return -1;
-}
-
-void whpx_destroy_vcpu(CPUState *cpu)
-{
-}
-
-void whpx_vcpu_kick(CPUState *cpu)
-{
-}
-
-void whpx_cpu_synchronize_state(CPUState *cpu)
-{
-}
-
-void whpx_cpu_synchronize_post_reset(CPUState *cpu)
-{
-}
-
-void whpx_cpu_synchronize_post_init(CPUState *cpu)
-{
-}
-
-void whpx_cpu_synchronize_pre_loadvm(CPUState *cpu)
-{
-}
diff --git a/include/sysemu/whpx.h b/include/sysemu/whpx.h
index a84b49e749..59edf13742 100644
--- a/include/sysemu/whpx.h
+++ b/include/sysemu/whpx.h
@@ -13,18 +13,6 @@
 #ifndef QEMU_WHPX_H
 #define QEMU_WHPX_H
 
-
-int whpx_init_vcpu(CPUState *cpu);
-int whpx_vcpu_exec(CPUState *cpu);
-void whpx_destroy_vcpu(CPUState *cpu);
-void whpx_vcpu_kick(CPUState *cpu);
-
-
-void whpx_cpu_synchronize_state(CPUState *cpu);
-void whpx_cpu_synchronize_post_reset(CPUState *cpu);
-void whpx_cpu_synchronize_post_init(CPUState *cpu);
-void whpx_cpu_synchronize_pre_loadvm(CPUState *cpu);
-
 #ifdef CONFIG_WHPX
 
 int whpx_enabled(void);
@@ -35,11 +23,4 @@ int whpx_enabled(void);
 
 #endif /* CONFIG_WHPX */
 
-/* state subset only touched by the VCPU itself during runtime */
-#define WHPX_SET_RUNTIME_STATE   1
-/* state subset modified during VCPU reset */
-#define WHPX_SET_RESET_STATE 2
-/* full state set, modified during initialization or on vmload */
-#define WHPX_SET_FULL_STATE  3
-
 #endif /* QEMU_WHPX_H */
diff --git a/target/i386/whpx-cpus.h b/target/i386/whpx-cpus.h
index 2393944954..bdb367d1d0 100644
--- a/target/i386/whpx-cpus.h
+++ b/target/i386/whpx-cpus.h
@@ -14,4 +14,21 @@
 
 extern const CpusAccel whpx_cpus;
 
+int whpx_init_vcpu(CPUState *cpu);
+int whpx_vcpu_exec(CPUState *cpu);
+void whpx_destroy_vcpu(CPUState *cpu);
+void whpx_vcpu_kick(CPUState *cpu);
+
+void whpx_cpu_synchronize_state(CPUState *cpu);
+void whpx_cpu_synchronize_post_reset(CPUState *cpu);
+void whpx_cpu_synchronize_post_init(CPUState *cpu);
+void whpx_cpu_synchronize_pre_loadvm(CPUState *cpu);
+
+/* state subset only touched by the VCPU itself during runtime */
+#define WHPX_SET_RUNTIME_STATE   1
+/* state subset modified during VCPU reset */
+#define WHPX_SET_RESET_STATE 2
+/* full state set, modified during initialization or on vmload */
+#define WHPX_SET_FULL_STATE  3
+
 #endif /* WHPX_CPUS_H */
-- 
2.26.2

[PULL 37/37] tests/acceptance: add reverse debugging test

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This is a test for GDB reverse debugging commands: reverse step and reverse 
continue.
Every test in this suite consists of two phases: record and replay.
Recording saves the execution of some instructions and makes an initial
VM snapshot to allow reverse execution.
Replay saves the order of the first instructions and then checks that they
are executed backwards in the correct order.
After that the execution is replayed to the end, and reverse continue
command is checked by setting several breakpoints, and asserting
that the execution is stopped at the last of them.

Signed-off-by: Pavel Dovgalyuk 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Willian Rampazzo 

--

v5:
 - disabled (as some other tests) when running on gitlab
   due to the unidentified timeout problem
Message-Id: <160174524678.12451.13258942849173670277.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS   |   1 +
 tests/acceptance/reverse_debugging.py | 208 ++
 2 files changed, 209 insertions(+)
 create mode 100644 tests/acceptance/reverse_debugging.py

diff --git a/MAINTAINERS b/MAINTAINERS
index 417fca5f57..e9d85cc873 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2696,6 +2696,7 @@ F: include/sysemu/replay.h
 F: docs/replay.txt
 F: stubs/replay.c
 F: tests/acceptance/replay_kernel.py
+F: tests/acceptance/reverse_debugging.py
 F: qapi/replay.json
 
 IOVA Tree
diff --git a/tests/acceptance/reverse_debugging.py 
b/tests/acceptance/reverse_debugging.py
new file mode 100644
index 00..b72fdf6cdc
--- /dev/null
+++ b/tests/acceptance/reverse_debugging.py
@@ -0,0 +1,208 @@
+# Reverse debugging test
+#
+# Copyright (c) 2020 ISP RAS
+#
+# Author:
+#  Pavel Dovgalyuk 
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or
+# later.  See the COPYING file in the top-level directory.
+import os
+import logging
+
+from avocado import skipIf
+from avocado_qemu import BUILD_DIR
+from avocado.utils import gdb
+from avocado.utils import process
+from avocado.utils.path import find_command
+from boot_linux_console import LinuxKernelTest
+
+class ReverseDebugging(LinuxKernelTest):
+"""
+Test GDB reverse debugging commands: reverse step and reverse continue.
+Recording saves the execution of some instructions and makes an initial
+VM snapshot to allow reverse execution.
+Replay saves the order of the first instructions and then checks that they
+are executed backwards in the correct order.
+After that the execution is replayed to the end, and reverse continue
+command is checked by setting several breakpoints, and asserting
+that the execution is stopped at the last of them.
+"""
+
+timeout = 10
+STEPS = 10
+endian_is_le = True
+
+def run_vm(self, record, shift, args, replay_path, image_path):
+logger = logging.getLogger('replay')
+vm = self.get_vm()
+vm.set_console()
+if record:
+logger.info('recording the execution...')
+mode = 'record'
+else:
+logger.info('replaying the execution...')
+mode = 'replay'
+vm.add_args('-s', '-S')
+vm.add_args('-icount', 'shift=%s,rr=%s,rrfile=%s,rrsnapshot=init' %
+(shift, mode, replay_path),
+'-net', 'none')
+vm.add_args('-drive', 'file=%s,if=none' % image_path)
+if args:
+vm.add_args(*args)
+vm.launch()
+return vm
+
+@staticmethod
+def get_reg_le(g, reg):
+res = g.cmd(b'p%x' % reg)
+num = 0
+for i in range(len(res))[-2::-2]:
+num = 0x100 * num + int(res[i:i + 2], 16)
+return num
+
+@staticmethod
+def get_reg_be(g, reg):
+res = g.cmd(b'p%x' % reg)
+return int(res, 16)
+
+def get_reg(self, g, reg):
+# value may be encoded in BE or LE order
+if self.endian_is_le:
+return self.get_reg_le(g, reg)
+else:
+return self.get_reg_be(g, reg)
+
+def get_pc(self, g):
+return self.get_reg(g, self.REG_PC)
+
+def check_pc(self, g, addr):
+pc = self.get_pc(g)
+if pc != addr:
+self.fail('Invalid PC (read %x instead of %x)' % (pc, addr))
+
+@staticmethod
+def gdb_step(g):
+g.cmd(b's', b'T05thread:01;')
+
+@staticmethod
+def gdb_bstep(g):
+g.cmd(b'bs', b'T05thread:01;')
+
+@staticmethod
+def vm_get_icount(vm):
+return vm.qmp('query-replay')['return']['icount']
+
+def reverse_debugging(self, shift=7, args=None):
+logger = logging.getLogger('replay')
+
+# create qcow2 for snapshots
+logger.info('creating qcow2 image for VM snapshots')
+image_path = os.path.join(self.workdir, 'disk.qcow2')
+qemu_img = os.path.join(BUILD_DIR, 'qemu-img')
+if not os.path.exists(qemu_img):
+qemu_img = find_command('qemu-img'

Re: [PATCH v3] scripts: Convert qemu-version.sh to qemu-version.py

[Paolo Bonzini]

On 05/10/20 21:51, Yonggang Luo wrote:
> The sh script are harder to maintain for compatible different
> xsh environment so convert it to python script
> Also incorporate the fixes in
> https://patchew.org/QEMU/20200929143654.518157-1-marcandre.lur...@redhat.com/
> 
> Testing args length and if not enough, setting pkgversion and version to ''
> 
> Signed-off-by: Yonggang Luo 
> ---
>  meson.build |  2 +-
>  scripts/qemu-version.py | 37 +
>  scripts/qemu-version.sh | 25 -
>  3 files changed, 38 insertions(+), 26 deletions(-)
>  create mode 100644 scripts/qemu-version.py
>  delete mode 100755 scripts/qemu-version.sh
> 
> diff --git a/meson.build b/meson.build
> index 95a532bd29..20f653b6eb 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -1072,7 +1072,7 @@ tracetool = [
> '--backend=' + config_host['TRACE_BACKENDS']
>  ]
>  
> -qemu_version_cmd = [find_program('scripts/qemu-version.sh'),
> +qemu_version_cmd = [find_program('scripts/qemu-version.py'),
>  meson.current_source_dir(),
>  config_host['PKGVERSION'], meson.project_version()]
>  qemu_version = custom_target('qemu-version.h',
> diff --git a/scripts/qemu-version.py b/scripts/qemu-version.py
> new file mode 100644
> index 00..fc1531ef2b
> --- /dev/null
> +++ b/scripts/qemu-version.py
> @@ -0,0 +1,37 @@
> +#!/usr/bin/env python3
> +
> +#
> +# Script for retrieve qemu git version information
> +#
> +# Author: Yonggang Luo 
> +#
> +# This work is licensed under the terms of the GNU GPL, version 2.  See
> +# the COPYING file in the top-level directory.
> +#
> +
> +import sys
> +import subprocess
> +
> +def main(args):
> +pkgversion = ''
> +version = ''
> +if len(args) > 3:
> +dir = args[1]
> +pkgversion = args[2]
> +version = args[3]
> +if len(pkgversion) == 0:
> +pc = subprocess.run(['git', 'describe', '--match', "'v*'", 
> '--dirty', '--always'],
> +stdout=subprocess.PIPE, 
> stderr=subprocess.DEVNULL, cwd=dir)
> +if pc.returncode == 0:
> +pkgversion = pc.stdout.decode('utf8').strip()
> +
> +fullversion = version
> +if len(pkgversion) > 0:
> +fullversion = "{} ({})".format(version, pkgversion)
> +
> +version_header = '''#define QEMU_PKGVERSION "{}"
> +#define QEMU_FULL_VERSION "{}"'''.format(pkgversion, fullversion)
> +sys.stdout.buffer.write(version_header.encode('utf8'))
> +
> +if __name__ == "__main__":
> +main(sys.argv)

Can you apply the changes I suggested in v2?

Paolo

> diff --git a/scripts/qemu-version.sh b/scripts/qemu-version.sh
> deleted file mode 100755
> index 03128c56a2..00
> --- a/scripts/qemu-version.sh
> +++ /dev/null
> @@ -1,25 +0,0 @@
> -#!/bin/sh
> -
> -set -eu
> -
> -dir="$1"
> -pkgversion="$2"
> -version="$3"
> -
> -if [ -z "$pkgversion" ]; then
> -cd "$dir"
> -if [ -e .git ]; then
> -pkgversion=$(git describe --match 'v*' --dirty | echo "")
> -fi
> -fi
> -
> -if [ -n "$pkgversion" ]; then
> -fullversion="$version ($pkgversion)"
> -else
> -fullversion="$version"
> -fi
> -
> -cat < -#define QEMU_PKGVERSION "$pkgversion"
> -#define QEMU_FULL_VERSION "$fullversion"
> -EOF
> 

Re: Emulate Rpi with QEMU fails

[Paul Zimmerman]

On Mon, Oct 5, 2020 at 11:58 PM Thomas Schneider <74cmo...@gmail.com> wrote:
>
> Hello Paul,
>
> many thanks for sharing this info.
>
> Can you confirm that the emulated RPi with your command will use
> "internal QEMU" network, means the client cannot be accessed from any
> other device in LAN?
> If yes, what is required to setup a TAP connected to host's network bridge?
>
> Regards
> Thomas

That sets up User networking, so yes, generally you cannot access the
client from the outside network.

If you set up a bridge device on the host using TAP, then you can change
the "-netdev user,id=net0" in the command line to
"-netdev tap,helper=/usr/local/libexec/qemu-bridge-helper,id=net0"
(assuming your qemu was installed in /usr/local) and you should get a fully
functional network connection. I found that the bridge device must be named
"br0" or this will not work.

I found that setting up a bridge device is pretty finicky, though. You can
google for instructions on how to do it. I *think* these are the steps I
followed to make it work for me. This is on Ubuntu, other Linux
distributions work differently I believe. My ethernet device is 'eth0'
and my host ip address is '192.168.0.54', so you should change those
as needed for your environment.

sudo ip link add br0 type bridge
sudo ip tuntap add dev tap0 mode tap
sudo ip link set dev tap0 master br0
sudo ip link set dev eth0 master br0
sudo ip link set dev br0 up
sudo ip address delete 192.168.0.54/24 dev eth0
sudo ip address add 192.168.0.54/24 dev br0
sudo ip route add default via 192.168.0.1 dev br0

- Paul

>
> Am 06.10.2020 um 00:08 schrieb Paul Zimmerman:
> > If you can upgrade to Qemu 5.1 or newer, you should be able to use the
> > builtin raspi2 or raspi3 emulation directly. Version 5.1 adds support for 
> > the
> > USB controller on the Pi.
> >
> > There is no limitation on the amount of memory you can use with this
> > method, and the networking should work.
> >
> > Here is the command line I use to run the Raspbian image
> > 2019-09-26-raspbian-buster. I extracted bcm2709-rpi-2-b and
> > kernel7.img from the FAT partition inside the image file.
> >
> > qemu-system-arm -M raspi2 -drive
> > file=bootpi/2019-09-26-raspbian-buster.img,format=raw,if=sd -dtb
> > bcm2709-rpi-2-b.dtb -kernel kernel7.img -append 'rw
> > earlycon=pl011,0x3f201000 console=ttyAMA0 loglevel=8
> > root=/dev/mmcblk0p2 fsck.repair=yes net.ifnames=0 rootwait memtest=1
> > dwc_otg.fiq_fsm_enable=0' -serial stdio -no-reboot -netdev
> > user,id=net0 -usb -device usb-kbd -device usb-tablet -device
> > usb-net,netdev=net0
> >
> > Hope this helps.
> >
> > On Mon, Oct 5, 2020 at 3:51 AM Thomas Schneider <74cmo...@gmail.com> wrote:
> >> Hello,
> >>
> >> thanks for your replies.
> >>
> >> I must admit that I don't fully understand your analysis.
> >> However you made some conclusions that are correct.
> >>
> >> In fact I have found a Github repo
> >>  where a specific kernel
> >> and versatile-pb are provided + instructions for lauching the emulation
> >> with the original RPi image file:
> >> $ qemu-system-arm \
> >> -M versatilepb \
> >> -cpu arm1176 \
> >> -m 256 \
> >> -drive
> >> "file=/.../2020-05-27-raspios-buster-lite-armhf.img,if=none,index=0,media=disk,format=raw,id=disk0"
> >> \
> >> -device
> >> "virtio-blk-pci,drive=disk0,disable-modern=on,disable-legacy=off" \
> >> -net "user,hostfwd=tcp::5022-:22" \
> >> -dtb /.../versatile-pb-buster-5.4.51.dtb \
> >> -kernel /.../kernel-qemu-5.4.51-buster \
> >> -append 'root=/dev/vda2 panic=1' \
> >> -no-reboot
> >>
> >> This means it is more recent than the Raspberry Pi Geek article, and the
> >> emulation works.
> >> But I'm not sure if this usable considering the added models -M raspi2
> >> and -M raspi3.
> >>
> >> Can you please advise how to proceed?
> >>
> >> In addition I would like to know if there's a memory limitation using
> >> models -M raspi2 and -M raspi3?
> >> To my understanding there's a limitation to 256MB using -M versatilepb.
> >> If yes, I consider to another raw image located on host's temporary
> >> filesystem and use this a swap in the client.
> >>
> >> And how can I make use of a client network device that is based on
> >> host's tap device connected to a network bridge?
> >>
> >> THX
> >>
> >>
> >> Am 05.10.2020 um 11:40 schrieb Alex Bennée:
> >>> Peter Maydell  writes:
> >>>
>  On Sun, 4 Oct 2020 at 18:44, Alex Bennée  wrote:
> > Thomas <74cmo...@gmail.com> writes:
> >> I'm trying to emulate Rpi with QEMU.
> >> I found
> >> [url=1]this[/url]
> >> arcticle in Raspberry Pi Geek documenting the steps including 
> >> persistent
> >> storage on host.
> >>
> >> However when starting the emulation with command
> >> qemu-system-arm -M versatilepb -cpu arm1176 -m 256 -serial stdio -hda
> >> 2020-08-20-raspios-buster-armhf-lite.img -net
> >> "user,hostfwd=tcp::5022-:22" -dtb versatile-pb-bus

[Bug 1772165] Re: arm raspi2/raspi3 emulation has no USB support

[Dims]

Command lines I use are like following

$QEMU_EXE \
-kernel qemu-rpi-kernel/kernel-qemu-4.4.34-jessie \
-cpu arm1176 \
-m 256 \
-M versatilepb \
-append "dwc_otg.lpm_enable=0 root=/dev/sda2 panic=1" \
-hda 2017-07-05-raspbian-jessie.img \
-usb \
-nic user \
-serial stdio \
-no-reboot \


# -device usb-dwc2 \
# -device usb-host,hostbus=1,hostport=3 \


# -usb \
# -device qemu-xhci,id=xhci \


# -device usb-net,netdev=mynet0 \
# -netdev user,id=mynet0,net=192.168.10.0/24,dhcpstart=192.168.10.1 \


#-usb \
   
# -device qemu-xhci \
# -device usb-ehci,id=ehci \

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772165

Title:
  arm raspi2/raspi3 emulation has no USB support

Status in QEMU:
  Confirmed

Bug description:
  Using Qemu 2.12.0 on ArchLinux.

  Trying to emulate arm device with `qemu-system-arm` and attach usb
  device for unput using

  ` -usb -device usb-host,bus=001,vendorid=0x1d6b,productid=0x0002 `

  # lsusb returns

  Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
  Bus 001 Device 014: ID 13d3:3487 IMC Networks 
  Bus 001 Device 004: ID 0457:11af Silicon Integrated Systems Corp. 
  Bus 001 Device 003: ID 0bda:57e6 Realtek Semiconductor Corp. 
  Bus 001 Device 002: ID 0bda:0129 Realtek Semiconductor Corp. RTS5129 Card 
Reader Controller
  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

  # qemu returns
  qemu-system-arm: -device usb-host,bus=001,vendorid=0x1d6b,productid=0x0002: 
Bus '001' not found

  
  Tried with connecting external usb keyboard but that didn't seem to work 
either.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772165/+subscriptions

[Bug 1772165] Re: arm raspi2/raspi3 emulation has no USB support

[Dims]

I did this, but still can't access USB device, connected to host, from
guest.

Also I have

$ lsusb
unable to initalize libusb: -99

on guest.

Playing with usb options gave nothing.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772165

Title:
  arm raspi2/raspi3 emulation has no USB support

Status in QEMU:
  Confirmed

Bug description:
  Using Qemu 2.12.0 on ArchLinux.

  Trying to emulate arm device with `qemu-system-arm` and attach usb
  device for unput using

  ` -usb -device usb-host,bus=001,vendorid=0x1d6b,productid=0x0002 `

  # lsusb returns

  Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
  Bus 001 Device 014: ID 13d3:3487 IMC Networks 
  Bus 001 Device 004: ID 0457:11af Silicon Integrated Systems Corp. 
  Bus 001 Device 003: ID 0bda:57e6 Realtek Semiconductor Corp. 
  Bus 001 Device 002: ID 0bda:0129 Realtek Semiconductor Corp. RTS5129 Card 
Reader Controller
  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

  # qemu returns
  qemu-system-arm: -device usb-host,bus=001,vendorid=0x1d6b,productid=0x0002: 
Bus '001' not found

  
  Tried with connecting external usb keyboard but that didn't seem to work 
either.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772165/+subscriptions

[PULL 21/37] configure: do not clobber environment CFLAGS/CXXFLAGS/LDFLAGS

[Paolo Bonzini]

If the CFLAGS, CXXFLAGS or LDFLAGS variables are present in the environment,
any modification made within the configure script is passed down to Meson.
This is particularly undesirable for the "-pie" option, since it overrides
"-shared" and thus messes up the linker flags for shared modules.

Using a separate variable therefore fixes the bug, while clarifying that
the scope of these CFLAGS is just the configure script.

We also do not need to pass those variables in config-host.mak; they
were only used for printing the summary now that all submodules are
built with handwritten Meson rules).  For now synthesize CFLAGS in the
configuration summary, the next patch will also pass them in a cleaner
way using the cross file.

Reported-by: Frederic Bezies
Analyzed-by: Toolybird
Tested-by: Richard Henderson 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
Message-Id: <20200923092617.1593722-4-pbonz...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 configure   | 38 +-
 meson.build |  3 ++-
 2 files changed, 19 insertions(+), 22 deletions(-)

diff --git a/configure b/configure
index 2fdb4339e8..1b173276ea 100755
--- a/configure
+++ b/configure
@@ -155,7 +155,7 @@ update_cxxflags() {
 # options which some versions of GCC's C++ compiler complain about
 # because they only make sense for C programs.
 QEMU_CXXFLAGS="$QEMU_CXXFLAGS -D__STDC_LIMIT_MACROS 
-D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS"
-CXXFLAGS=$(echo "$CFLAGS" | sed s/-std=gnu99/-std=gnu++11/)
+CONFIGURE_CXXFLAGS=$(echo "$CONFIGURE_CFLAGS" | sed 
s/-std=gnu99/-std=gnu++11/)
 for arg in $QEMU_CFLAGS; do
 case $arg in
 -Wstrict-prototypes|-Wmissing-prototypes|-Wnested-externs|\
@@ -170,13 +170,14 @@ update_cxxflags() {
 
 compile_object() {
   local_cflags="$1"
-  do_cc $CFLAGS $QEMU_CFLAGS $local_cflags -c -o $TMPO $TMPC
+  do_cc $CFLAGS $CONFIGURE_CFLAGS $QEMU_CFLAGS $local_cflags -c -o $TMPO $TMPC
 }
 
 compile_prog() {
   local_cflags="$1"
   local_ldflags="$2"
-  do_cc $CFLAGS $QEMU_CFLAGS $local_cflags -o $TMPE $TMPC $LDFLAGS 
$QEMU_LDFLAGS $local_ldflags
+  do_cc $CFLAGS $CONFIGURE_CFLAGS $QEMU_CFLAGS $local_cflags -o $TMPE $TMPC \
+  $LDFLAGS $CONFIGURE_LDFLAGS $QEMU_LDFLAGS $local_ldflags
 }
 
 # symbolically link $1 to $2.  Portable version of "ln -sf".
@@ -537,7 +538,10 @@ QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls 
$QEMU_CFLAGS"
 QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
$QEMU_CFLAGS"
 QEMU_INCLUDES="-iquote . -iquote ${source_path} -iquote 
${source_path}/accel/tcg -iquote ${source_path}/include"
 QEMU_INCLUDES="$QEMU_INCLUDES -iquote ${source_path}/disas/libvixl"
-CFLAGS="-std=gnu99 -Wall"
+
+# Flags that are needed during configure but later taken care of by Meson
+CONFIGURE_CFLAGS="-std=gnu99 -Wall"
+CONFIGURE_LDFLAGS=
 
 
 check_define() {
@@ -851,7 +855,7 @@ if test "$mingw32" = "yes" ; then
   EXESUF=".exe"
   HOST_DSOSUF=".dll"
   # MinGW needs -mthreads for TLS and macro _MT.
-  CFLAGS="-mthreads $CFLAGS"
+  CONFIGURE_CFLAGS="-mthreads $CONFIGURE_CFLAGS"
   write_c_skeleton;
   prefix="/qemu"
   qemu_suffix=""
@@ -2109,7 +2113,7 @@ fi
 
 if test "$static" = "yes"; then
   if test "$pie" != "no" && compile_prog "-Werror -fPIE -DPIE" "-static-pie"; 
then
-CFLAGS="-fPIE -DPIE $CFLAGS"
+CONFIGURE_CFLAGS="-fPIE -DPIE $CONFIGURE_CFLAGS"
 QEMU_LDFLAGS="-static-pie $QEMU_LDFLAGS"
 pie="yes"
   elif test "$pie" = "yes"; then
@@ -2119,11 +2123,11 @@ if test "$static" = "yes"; then
 pie="no"
   fi
 elif test "$pie" = "no"; then
-  CFLAGS="$CFLAGS_NOPIE $CFLAGS"
-  LDFLAGS="$LDFLAGS_NOPIE $LDFLAGS"
+  CONFIGURE_CFLAGS="$CFLAGS_NOPIE $CONFIGURE_CFLAGS"
+  CONFIGURE_LDFLAGS="$LDFLAGS_NOPIE $CONFIGURE_LDFLAGS"
 elif compile_prog "-Werror -fPIE -DPIE" "-pie"; then
-  CFLAGS="-fPIE -DPIE $CFLAGS"
-  LDFLAGS="-pie $LDFLAGS"
+  CONFIGURE_CFLAGS="-fPIE -DPIE $CONFIGURE_CFLAGS"
+  CONFIGURE_LDFLAGS="-pie $CONFIGURE_LDFLAGS"
   pie="yes"
 elif test "$pie" = "yes"; then
   error_exit "PIE not available due to missing toolchain support"
@@ -3667,7 +3671,7 @@ EOF
 if ! compile_prog "$glib_cflags -Werror" "$glib_libs" ; then
 if cc_has_warning_flag "-Wno-unknown-attributes"; then
 glib_cflags="-Wno-unknown-attributes $glib_cflags"
-CFLAGS="-Wno-unknown-attributes $CFLAGS"
+CONFIGURE_CFLAGS="-Wno-unknown-attributes $CONFIGURE_CFLAGS"
 fi
 fi
 
@@ -3687,7 +3691,7 @@ EOF
 if ! compile_prog "$glib_cflags -Werror" "$glib_libs" ; then
 if cc_has_warning_flag "-Wno-unused-function"; then
 glib_cflags="$glib_cflags -Wno-unused-function"
-CFLAGS="$CFLAGS -Wno-unused-function"
+CONFIGURE_CFLAGS="$CONFIGURE_CFLAGS -Wno-unused-function"
 fi
 fi
 
@@ -5814,13 +5818,6 @@ elif test "$fortify_source" = "yes" ; then
   QEMU_CFLAGS="-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $QEMU_CFLAGS"
   debug=no
 fi
-if test "$debug_info" = "yes"; then
-  CFLAGS="-g $CFLAGS"
-  

[PULL 22/37] configure: consistently pass CFLAGS/CXXFLAGS/LDFLAGS to meson

[Paolo Bonzini]

Environment variables like CFLAGS are easy to accidentally change.  Meson
warns if that happens, but in a project with a lot of configuration that
is easy to lose.  It is also surprising behavior since meson caches -D
options and remembers those on reconfiguration (which we rely on,
since configure options become -D options).

By placing the user-provided CFLAGS, CXXFLAGS and LDFLAGS in the
cross file, we at least get consistent behavior.  These environment
variables are still ugly and not really recommended, but there are
distros that rely on them.  For the gory details, refer to
https://github.com/mesonbuild/meson/issues/4664.

Tested-by: Richard Henderson 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
Message-Id: <20200923092617.1593722-5-pbonz...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 configure   | 25 +++--
 meson.build | 14 --
 2 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/configure b/configure
index 1b173276ea..04c8cc017c 100755
--- a/configure
+++ b/configure
@@ -7130,24 +7130,29 @@ echo "export PYTHON='$python'" >> "$iotests_common_env"
 if test "$skip_meson" = no; then
 cross="config-meson.cross.new"
 meson_quote() {
-echo "['$(echo $* | sed "s/ /','/g")']"
+echo "'$(echo $* | sed "s/ /','/g")'"
 }
 
 echo "# Automatically generated by configure - do not modify" > $cross
 echo "[properties]" >> $cross
 test -z "$cxx" && echo "link_language = 'c'" >> $cross
+echo "[built-in options]" >> $cross
+echo "c_args = [${CFLAGS:+$(meson_quote $CFLAGS)}]" >> $cross
+echo "cpp_args = [${CXXFLAGS:+$(meson_quote $CXXFLAGS)}]" >> $cross
+echo "c_link_args = [${LDFLAGS:+$(meson_quote $LDFLAGS)}]" >> $cross
+echo "cpp_link_args = [${LDFLAGS:+$(meson_quote $LDFLAGS)}]" >> $cross
 echo "[binaries]" >> $cross
-echo "c = $(meson_quote $cc)" >> $cross
-test -n "$cxx" && echo "cpp = $(meson_quote $cxx)" >> $cross
-echo "ar = $(meson_quote $ar)" >> $cross
-echo "nm = $(meson_quote $nm)" >> $cross
-echo "pkgconfig = $(meson_quote $pkg_config_exe)" >> $cross
-echo "ranlib = $(meson_quote $ranlib)" >> $cross
+echo "c = [$(meson_quote $cc)]" >> $cross
+test -n "$cxx" && echo "cpp = [$(meson_quote $cxx)]" >> $cross
+echo "ar = [$(meson_quote $ar)]" >> $cross
+echo "nm = [$(meson_quote $nm)]" >> $cross
+echo "pkgconfig = [$(meson_quote $pkg_config_exe)]" >> $cross
+echo "ranlib = [$(meson_quote $ranlib)]" >> $cross
 if has $sdl2_config; then
-  echo "sdl2-config = $(meson_quote $sdl2_config)" >> $cross
+  echo "sdl2-config = [$(meson_quote $sdl2_config)]" >> $cross
 fi
-echo "strip = $(meson_quote $strip)" >> $cross
-echo "windres = $(meson_quote $windres)" >> $cross
+echo "strip = [$(meson_quote $strip)]" >> $cross
+echo "windres = [$(meson_quote $windres)]" >> $cross
 if test -n "$cross_prefix"; then
 cross_arg="--cross-file config-meson.cross"
 echo "[host_machine]" >> $cross
diff --git a/meson.build b/meson.build
index 8904f7d79b..17c89c87c6 100644
--- a/meson.build
+++ b/meson.build
@@ -1771,8 +1771,18 @@ if targetos == 'darwin'
   summary_info += {'Objective-C compiler': 
meson.get_compiler('objc').cmd_array()[0]}
 endif
 summary_info += {'ARFLAGS':   config_host['ARFLAGS']}
-summary_info += {'CFLAGS':'-O' + get_option('optimization')
-   + (get_option('debug') ? ' -g' : 
'')}
+summary_info += {'CFLAGS':' '.join(get_option('c_args')
+   + ['-O' + 
get_option('optimization')]
+   + (get_option('debug') ? ['-g'] 
: []))}
+if link_language == 'cpp'
+  summary_info += {'CXXFLAGS':' '.join(get_option('cpp_args')
+   + ['-O' + 
get_option('optimization')]
+   + (get_option('debug') ? ['-g'] 
: []))}
+endif
+link_args = get_option(link_language + '_link_args')
+if link_args.length() > 0
+  summary_info += {'LDFLAGS': ' '.join(link_args)}
+endif
 summary_info += {'QEMU_CFLAGS':   config_host['QEMU_CFLAGS']}
 summary_info += {'QEMU_LDFLAGS':  config_host['QEMU_LDFLAGS']}
 summary_info += {'make':  config_host['MAKE']}
-- 
2.26.2

[PULL 24/37] replay: don't record interrupt poll

[Paolo Bonzini]

From: Pavel Dovgalyuk 

Interrupt poll is not a real interrupt event. It is needed only for
thread safety. This interrupt is used for i386 and converted
to hardware interrupt by cpu_handle_interrupt function.
Therefore it is not needed to be recorded, because hardware
interrupt will be recorded after converting.

Signed-off-by: Pavel Dovgalyuk 
Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 

--

v4 changes:
 - Condition check refactoring (suggested by Alex Bennée)
Message-Id: <160174517124.12451.12983410242461131737.stgit@pasha-ThinkPad-X280>

Signed-off-by: Paolo Bonzini 
---
 accel/tcg/cpu-exec.c | 21 ++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 0dbe67acf5..58aea605d8 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -436,8 +436,7 @@ static inline bool cpu_handle_halt(CPUState *cpu)
 {
 if (cpu->halted) {
 #if defined(TARGET_I386) && !defined(CONFIG_USER_ONLY)
-if ((cpu->interrupt_request & CPU_INTERRUPT_POLL)
-&& replay_interrupt()) {
+if (cpu->interrupt_request & CPU_INTERRUPT_POLL) {
 X86CPU *x86_cpu = X86_CPU(cpu);
 qemu_mutex_lock_iothread();
 apic_poll_irq(x86_cpu->apic_state);
@@ -533,6 +532,20 @@ static inline bool cpu_handle_exception(CPUState *cpu, int 
*ret)
 return false;
 }
 
+/*
+ * CPU_INTERRUPT_POLL is a virtual event which gets converted into a
+ * "real" interrupt event later. It does not need to be recorded for
+ * replay purposes.
+ */
+static inline bool need_replay_interrupt(int interrupt_request)
+{
+#if defined(TARGET_I386)
+return !(interrupt_request & CPU_INTERRUPT_POLL);
+#else
+return true;
+#endif
+}
+
 static inline bool cpu_handle_interrupt(CPUState *cpu,
 TranslationBlock **last_tb)
 {
@@ -594,7 +607,9 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
and via longjmp via cpu_loop_exit.  */
 else {
 if (cc->cpu_exec_interrupt(cpu, interrupt_request)) {
-replay_interrupt();
+if (need_replay_interrupt(interrupt_request)) {
+replay_interrupt();
+}
 /*
  * After processing the interrupt, ensure an EXCP_DEBUG is
  * raised when single-stepping so that GDB doesn't miss the
-- 
2.26.2

[PULL 16/37] kvm: remove kvm specific functions from global includes

[Paolo Bonzini]

From: Claudio Fontana 

Signed-off-by: Claudio Fontana 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-cpus.h   |  7 +++
 accel/stubs/kvm-stub.c | 22 --
 include/sysemu/kvm.h   |  7 ---
 3 files changed, 7 insertions(+), 29 deletions(-)

diff --git a/accel/kvm/kvm-cpus.h b/accel/kvm/kvm-cpus.h
index 547fbee111..60c5a554c2 100644
--- a/accel/kvm/kvm-cpus.h
+++ b/accel/kvm/kvm-cpus.h
@@ -14,4 +14,11 @@
 
 extern const CpusAccel kvm_cpus;
 
+int kvm_init_vcpu(CPUState *cpu);
+int kvm_cpu_exec(CPUState *cpu);
+void kvm_destroy_vcpu(CPUState *cpu);
+void kvm_cpu_synchronize_post_reset(CPUState *cpu);
+void kvm_cpu_synchronize_post_init(CPUState *cpu);
+void kvm_cpu_synchronize_pre_loadvm(CPUState *cpu);
+
 #endif /* KVM_CPUS_H */
diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c
index 69f8a842da..680e099463 100644
--- a/accel/stubs/kvm-stub.c
+++ b/accel/stubs/kvm-stub.c
@@ -32,15 +32,6 @@ bool kvm_readonly_mem_allowed;
 bool kvm_ioeventfd_any_length_allowed;
 bool kvm_msi_use_devid;
 
-void kvm_destroy_vcpu(CPUState *cpu)
-{
-}
-
-int kvm_init_vcpu(CPUState *cpu)
-{
-return -ENOSYS;
-}
-
 void kvm_flush_coalesced_mmio_buffer(void)
 {
 }
@@ -49,19 +40,6 @@ void kvm_cpu_synchronize_state(CPUState *cpu)
 {
 }
 
-void kvm_cpu_synchronize_post_reset(CPUState *cpu)
-{
-}
-
-void kvm_cpu_synchronize_post_init(CPUState *cpu)
-{
-}
-
-int kvm_cpu_exec(CPUState *cpu)
-{
-abort();
-}
-
 bool kvm_has_sync_mmu(void)
 {
 return false;
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 07937454d2..fe7dab1466 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -223,10 +223,6 @@ int kvm_has_many_ioeventfds(void);
 int kvm_has_gsi_routing(void);
 int kvm_has_intx_set_mask(void);
 
-int kvm_init_vcpu(CPUState *cpu);
-int kvm_cpu_exec(CPUState *cpu);
-void kvm_destroy_vcpu(CPUState *cpu);
-
 /**
  * kvm_arm_supports_user_irq
  *
@@ -486,9 +482,6 @@ int kvm_physical_memory_addr_from_host(KVMState *s, void 
*ram_addr,
 #endif /* NEED_CPU_H */
 
 void kvm_cpu_synchronize_state(CPUState *cpu);
-void kvm_cpu_synchronize_post_reset(CPUState *cpu);
-void kvm_cpu_synchronize_post_init(CPUState *cpu);
-void kvm_cpu_synchronize_pre_loadvm(CPUState *cpu);
 
 void kvm_init_cpu_signals(CPUState *cpu);
 
-- 
2.26.2

[PULL 17/37] kvm: kvm_init_vcpu take Error pointer

[Paolo Bonzini]

From: "Dr. David Alan Gilbert" 

Clean up the error handling in kvm_init_vcpu so we can see what went
wrong more easily.

Make it take an Error ** and fill it out with what failed, including
the cpu id, so you can tell if it only fails at a given ID.

Replace the remaining DPRINTF by a trace.

This turns a:
kvm_init_vcpu failed: Invalid argument

into:
kvm_init_vcpu: kvm_get_vcpu failed (256): Invalid argument

and with the trace you then get to see:

19049@1595520414.310107:kvm_init_vcpu index: 169 id: 212
19050@1595520414.310635:kvm_init_vcpu index: 170 id: 256
qemu-system-x86_64: kvm_init_vcpu: kvm_get_vcpu failed (256): Invalid argument

which makes stuff a lot more obvious.

Signed-off-by: Dr. David Alan Gilbert 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20200723160915.129069-1-dgilb...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c| 19 ++-
 accel/kvm/kvm-cpus.c   |  8 ++--
 accel/kvm/kvm-cpus.h   |  2 +-
 accel/kvm/trace-events |  1 +
 4 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 784e9dad55..9ef5daf4c5 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -441,17 +441,18 @@ static int kvm_get_vcpu(KVMState *s, unsigned long 
vcpu_id)
 return kvm_vm_ioctl(s, KVM_CREATE_VCPU, (void *)vcpu_id);
 }
 
-int kvm_init_vcpu(CPUState *cpu)
+int kvm_init_vcpu(CPUState *cpu, Error **errp)
 {
 KVMState *s = kvm_state;
 long mmap_size;
 int ret;
 
-DPRINTF("kvm_init_vcpu\n");
+trace_kvm_init_vcpu(cpu->cpu_index, kvm_arch_vcpu_id(cpu));
 
 ret = kvm_get_vcpu(s, kvm_arch_vcpu_id(cpu));
 if (ret < 0) {
-DPRINTF("kvm_create_vcpu failed\n");
+error_setg_errno(errp, -ret, "kvm_init_vcpu: kvm_get_vcpu failed 
(%lu)",
+ kvm_arch_vcpu_id(cpu));
 goto err;
 }
 
@@ -462,7 +463,8 @@ int kvm_init_vcpu(CPUState *cpu)
 mmap_size = kvm_ioctl(s, KVM_GET_VCPU_MMAP_SIZE, 0);
 if (mmap_size < 0) {
 ret = mmap_size;
-DPRINTF("KVM_GET_VCPU_MMAP_SIZE failed\n");
+error_setg_errno(errp, -mmap_size,
+ "kvm_init_vcpu: KVM_GET_VCPU_MMAP_SIZE failed");
 goto err;
 }
 
@@ -470,7 +472,9 @@ int kvm_init_vcpu(CPUState *cpu)
 cpu->kvm_fd, 0);
 if (cpu->kvm_run == MAP_FAILED) {
 ret = -errno;
-DPRINTF("mmap'ing vcpu state failed\n");
+error_setg_errno(errp, ret,
+ "kvm_init_vcpu: mmap'ing vcpu state failed (%lu)",
+ kvm_arch_vcpu_id(cpu));
 goto err;
 }
 
@@ -480,6 +484,11 @@ int kvm_init_vcpu(CPUState *cpu)
 }
 
 ret = kvm_arch_init_vcpu(cpu);
+if (ret < 0) {
+error_setg_errno(errp, -ret,
+ "kvm_init_vcpu: kvm_arch_init_vcpu failed (%lu)",
+ kvm_arch_vcpu_id(cpu));
+}
 err:
 return ret;
 }
diff --git a/accel/kvm/kvm-cpus.c b/accel/kvm/kvm-cpus.c
index a120601564..d809b1e74c 100644
--- a/accel/kvm/kvm-cpus.c
+++ b/accel/kvm/kvm-cpus.c
@@ -20,6 +20,7 @@
 #include "sysemu/runstate.h"
 #include "sysemu/cpus.h"
 #include "qemu/guest-random.h"
+#include "qapi/error.h"
 
 #include "kvm-cpus.h"
 
@@ -36,12 +37,7 @@ static void *kvm_vcpu_thread_fn(void *arg)
 cpu->can_do_io = 1;
 current_cpu = cpu;
 
-r = kvm_init_vcpu(cpu);
-if (r < 0) {
-error_report("kvm_init_vcpu failed: %s", strerror(-r));
-exit(1);
-}
-
+r = kvm_init_vcpu(cpu, &error_fatal);
 kvm_init_cpu_signals(cpu);
 
 /* signal CPU creation */
diff --git a/accel/kvm/kvm-cpus.h b/accel/kvm/kvm-cpus.h
index 60c5a554c2..3df732b816 100644
--- a/accel/kvm/kvm-cpus.h
+++ b/accel/kvm/kvm-cpus.h
@@ -14,7 +14,7 @@
 
 extern const CpusAccel kvm_cpus;
 
-int kvm_init_vcpu(CPUState *cpu);
+int kvm_init_vcpu(CPUState *cpu, Error **errp);
 int kvm_cpu_exec(CPUState *cpu);
 void kvm_destroy_vcpu(CPUState *cpu);
 void kvm_cpu_synchronize_post_reset(CPUState *cpu);
diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events
index a68eb66534..e15ae8980d 100644
--- a/accel/kvm/trace-events
+++ b/accel/kvm/trace-events
@@ -8,6 +8,7 @@ kvm_run_exit(int cpu_index, uint32_t reason) "cpu_index %d, 
reason %d"
 kvm_device_ioctl(int fd, int type, void *arg) "dev fd %d, type 0x%x, arg %p"
 kvm_failed_reg_get(uint64_t id, const char *msg) "Warning: Unable to retrieve 
ONEREG %" PRIu64 " from KVM: %s"
 kvm_failed_reg_set(uint64_t id, const char *msg) "Warning: Unable to set 
ONEREG %" PRIu64 " to KVM: %s"
+kvm_init_vcpu(int cpu_index, unsigned long arch_cpu_id) "index: %d id: %lu"
 kvm_irqchip_commit_routes(void) ""
 kvm_irqchip_add_msi_route(char *name, int vector, int virq) "dev %s vector %d 
virq %d"
 kvm_irqchip_update_msi_route(int virq) "Updating MSI route virq=%d"
-- 
2.26.2

[PATCH] target/i386: avoid theoretical leak on MCE injection

[Paolo Bonzini]

g_strdup_printf is used twice to write to the same variable, which
can theoretically cause a leak.  In practice, it is extremely
unlikely that a guest is seeing a recursive MCE and has disabled
CR4.MCE between the first and the second error, but we can fix it
and we can also make a slight improvement on the logic: CR4.MCE=0
causes a triple fault even for a non-recursive machine check, so
let's place its test first.

Signed-off-by: Paolo Bonzini 
---
 target/i386/helper.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/target/i386/helper.c b/target/i386/helper.c
index 32fa21a7bb..f64379367d 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -908,16 +908,14 @@ static void do_inject_x86_mce(CPUState *cs, 
run_on_cpu_data data)
 return;
 }
 
-if (recursive) {
-need_reset = true;
-msg = g_strdup_printf("CPU %d: Previous MCE still in progress, "
-  "raising triple fault", cs->cpu_index);
-}
-
 if (!(cenv->cr[4] & CR4_MCE_MASK)) {
 need_reset = true;
 msg = g_strdup_printf("CPU %d: MCE capability is not enabled, "
   "raising triple fault", cs->cpu_index);
+} else if (recursive) {
+need_reset = true;
+msg = g_strdup_printf("CPU %d: Previous MCE still in progress, "
+  "raising triple fault", cs->cpu_index);
 }
 
 if (need_reset) {
-- 
2.26.2

[PULL 19/37] slirp: Convert Makefile bits to meson bits

[Paolo Bonzini]

SLIRP uses Meson so it could become a subproject in the future,
but our choice of configure options is not yet supported in Meson
(https://github.com/mesonbuild/meson/pull/7740).

For now, build the library via the main meson.build just like for
capstone.

This improves the current state of affairs in that we will re-link
the qemu executables against a changed libslirp.a, which we wouldn't
do before-hand.

Tested-by: Richard Henderson 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 Makefile|  7 +---
 configure   | 68 ---
 meson.build | 90 +
 meson_options.txt   |  3 ++
 net/meson.build |  2 +-
 tests/qtest/meson.build |  6 +--
 6 files changed, 99 insertions(+), 77 deletions(-)

diff --git a/Makefile b/Makefile
index f27bd4b2eb..9d6b7fc8c0 100644
--- a/Makefile
+++ b/Makefile
@@ -163,12 +163,7 @@ dtc/%: .git-submodule-status
 capstone/all:
 
 .PHONY: slirp/all
-slirp/all: .git-submodule-status
-   $(call quiet-command,$(MAKE) -C $(SRC_PATH)/slirp   \
-   BUILD_DIR="$(BUILD_DIR)/slirp"  \
-   PKG_CONFIG="$(PKG_CONFIG)"  \
-   CC="$(CC)" AR="$(AR)"   LD="$(LD)" RANLIB="$(RANLIB)"   \
-   CFLAGS="$(QEMU_CFLAGS) $(CFLAGS)" LDFLAGS="$(QEMU_LDFLAGS)")
+slirp/all:
 
 ROM_DIRS = $(addprefix pc-bios/, $(ROMS))
 ROM_DIRS_RULES=$(foreach t, all clean, $(addsuffix /$(t), $(ROM_DIRS)))
diff --git a/configure b/configure
index 66641099fc..51f4e978be 100755
--- a/configure
+++ b/configure
@@ -349,7 +349,7 @@ modules="no"
 module_upgrades="no"
 prefix="/usr/local"
 qemu_suffix="qemu"
-slirp=""
+slirp="auto"
 oss_lib=""
 bsd="no"
 linux="no"
@@ -1058,9 +1058,9 @@ for opt do
   ;;
   --enable-vnc-png) vnc_png="enabled"
   ;;
-  --disable-slirp) slirp="no"
+  --disable-slirp) slirp="disabled"
   ;;
-  --enable-slirp=git) slirp="git"
+  --enable-slirp=git) slirp="internal"
   ;;
   --enable-slirp=system) slirp="system"
   ;;
@@ -5806,56 +5806,12 @@ fi
 ##
 # check for slirp
 
-# slirp is only required when building softmmu targets
-if test -z "$slirp" -a "$softmmu" != "yes" ; then
-slirp="no"
-fi
-
 case "$slirp" in
-  "" | yes)
-if $pkg_config slirp; then
-  slirp=system
-elif test -e "${source_path}/.git" && test $git_update = 'yes' ; then
-  slirp=git
-elif test -e "${source_path}/slirp/Makefile" ; then
-  slirp=internal
-elif test -z "$slirp" ; then
-  slirp=no
-else
-  feature_not_found "slirp" "Install slirp devel or git submodule"
-fi
-;;
-
-  system)
-if ! $pkg_config slirp; then
-  feature_not_found "slirp" "Install slirp devel"
-fi
-;;
-esac
-
-case "$slirp" in
-  git | internal)
-if test "$slirp" = git; then
+  auto | enabled | internal)
+# Simpler to always update submodule, even if not needed.
+if test -e "${source_path}/.git" && test $git_update = 'yes' ; then
   git_submodules="${git_submodules} slirp"
 fi
-mkdir -p slirp
-slirp_cflags="-I${source_path}/slirp/src -Islirp/src"
-slirp_libs="-Lslirp -lslirp"
-if test "$mingw32" = "yes" ; then
-  slirp_libs="$slirp_libs -lws2_32 -liphlpapi"
-fi
-;;
-
-  system)
-slirp_version=$($pkg_config --modversion slirp 2>/dev/null)
-slirp_cflags=$($pkg_config --cflags slirp 2>/dev/null)
-slirp_libs=$($pkg_config --libs slirp 2>/dev/null)
-;;
-
-  no)
-;;
-  *)
-error_exit "Unknown state for slirp: $slirp"
 ;;
 esac
 
@@ -6256,16 +6212,8 @@ fi
 if test "$guest_agent" = "yes" ; then
   echo "CONFIG_GUEST_AGENT=y" >> $config_host_mak
 fi
-if test "$slirp" != "no"; then
-  echo "CONFIG_SLIRP=y" >> $config_host_mak
-  echo "CONFIG_SMBD_COMMAND=\"$smbd\"" >> $config_host_mak
-  echo "SLIRP_CFLAGS=$slirp_cflags" >> $config_host_mak
-  echo "SLIRP_LIBS=$slirp_libs" >> $config_host_mak
-fi
+echo "CONFIG_SMBD_COMMAND=\"$smbd\"" >> $config_host_mak
 subdirs=
-if [ "$slirp" = "git" -o "$slirp" = "internal" ]; then
-  subdirs="$subdirs slirp"
-fi
 if test "$vde" = "yes" ; then
   echo "CONFIG_VDE=y" >> $config_host_mak
   echo "VDE_LIBS=$vde_libs" >> $config_host_mak
@@ -7321,7 +7269,7 @@ NINJA=${ninja:-$PWD/ninjatool} $meson setup \
-Dcocoa=$cocoa -Dmpath=$mpath -Dsdl=$sdl -Dsdl_image=$sdl_image \
-Dvnc=$vnc -Dvnc_sasl=$vnc_sasl -Dvnc_jpeg=$vnc_jpeg -Dvnc_png=$vnc_png 
\
-Dgettext=$gettext -Dxkbcommon=$xkbcommon -Du2f=$u2f \
-   -Dcapstone=$capstone \
+   -Dcapstone=$capstone -Dslirp=$slirp \
 $cross_arg \
 "$PWD" "$source_path"
 
diff --git a/meson.build b/meson.build
index a02c743794..165716ddad 100644
--- a/meson.build
+++ b/meson.build
@@ -300,11 +300,6 @@ else
   xkbcommon = dependency('xkbcommon', required: get_option('xkbcommon'),
  method: 'pkg-config', static: enable_static)
 endif
-s

[PULL 26/37] qcow2: introduce icount field for snapshots

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch introduces the icount field for saving within the snapshot.
It is required for navigation between the snapshots in record/replay mode.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Kevin Wolf 

--

v7 changes:
 - also fix the test which checks qcow2 snapshot extra data
Message-Id: <160174518284.12451.2301137308458777398.stgit@pasha-ThinkPad-X280>

Signed-off-by: Paolo Bonzini 
---
 block/qcow2-snapshot.c |  7 ++
 block/qcow2.h  |  3 +++
 docs/interop/qcow2.txt |  5 
 tests/qemu-iotests/261 | 15 ++-
 tests/qemu-iotests/261.out | 51 +-
 5 files changed, 58 insertions(+), 23 deletions(-)

diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index 9b68690f56..d68b25e0c5 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -164,6 +164,12 @@ static int qcow2_do_read_snapshots(BlockDriverState *bs, 
bool repair,
 sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE;
 }
 
+if (sn->extra_data_size >= endof(QCowSnapshotExtraData, icount)) {
+sn->icount = be64_to_cpu(extra.icount);
+} else {
+sn->icount = -1ULL;
+}
+
 if (sn->extra_data_size > sizeof(extra)) {
 uint64_t extra_data_end;
 size_t unknown_extra_data_size;
@@ -333,6 +339,7 @@ int qcow2_write_snapshots(BlockDriverState *bs)
 memset(&extra, 0, sizeof(extra));
 extra.vm_state_size_large = cpu_to_be64(sn->vm_state_size);
 extra.disk_size = cpu_to_be64(sn->disk_size);
+extra.icount = cpu_to_be64(sn->icount);
 
 id_str_size = strlen(sn->id_str);
 name_size = strlen(sn->name);
diff --git a/block/qcow2.h b/block/qcow2.h
index b71e444fca..125ea9679b 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -206,6 +206,7 @@ typedef struct QEMU_PACKED QCowSnapshotHeader {
 typedef struct QEMU_PACKED QCowSnapshotExtraData {
 uint64_t vm_state_size_large;
 uint64_t disk_size;
+uint64_t icount;
 } QCowSnapshotExtraData;
 
 
@@ -219,6 +220,8 @@ typedef struct QCowSnapshot {
 uint32_t date_sec;
 uint32_t date_nsec;
 uint64_t vm_clock_nsec;
+/* icount value for the moment when snapshot was taken */
+uint64_t icount;
 /* Size of all extra data, including QCowSnapshotExtraData if available */
 uint32_t extra_data_size;
 /* Data beyond QCowSnapshotExtraData, if any */
diff --git a/docs/interop/qcow2.txt b/docs/interop/qcow2.txt
index 7da0d81df8..0463f761ef 100644
--- a/docs/interop/qcow2.txt
+++ b/docs/interop/qcow2.txt
@@ -707,6 +707,11 @@ Snapshot table entry:
 
 Byte 48 - 55:   Virtual disk size of the snapshot in bytes
 
+Byte 56 - 63:   icount value which corresponds to
+the record/replay instruction count
+when the snapshot was taken. Set to -1
+if icount was disabled
+
 Version 3 images must include extra data at least up to
 byte 55.
 
diff --git a/tests/qemu-iotests/261 b/tests/qemu-iotests/261
index ddcb04f285..848ffa760d 100755
--- a/tests/qemu-iotests/261
+++ b/tests/qemu-iotests/261
@@ -91,7 +91,10 @@ print_snapshot_table()
 if [ $extra_len -ge 16 ]; then
 echo "Disk size: $(peek_file_be "$1" $((extra_ofs + 8)) 8)"
 fi
-if [ $extra_len -gt 16 ]; then
+if [ $extra_len -ge 24 ]; then
+echo "Icount: $(peek_file_be "$1" $((extra_ofs + 16)) 8)"
+fi
+if [ $extra_len -gt 24 ]; then
 echo 'Unknown extra data:' \
 "$(peek_file_raw "$1" $((extra_ofs + 16)) $((extra_len - 16)) \
| tr -d '\0')"
@@ -198,12 +201,12 @@ truncate -s 0 "$TEST_DIR/sn0-extra"
 truncate -s $(($(snapshot_table_entry_size "$TEST_DIR/sn0-pre") - 40)) \
 "$TEST_DIR/sn0-post"
 
-# Set sn1's extra data size to 42
-poke_file "$TEST_DIR/sn1-pre" 36 '\x00\x00\x00\x2a'
-truncate -s 42 "$TEST_DIR/sn1-extra"
-poke_file "$TEST_DIR/sn1-extra" 16 'very important data'
+# Set sn1's extra data size to 50
+poke_file "$TEST_DIR/sn1-pre" 36 '\x00\x00\x00\x32'
+truncate -s 50 "$TEST_DIR/sn1-extra"
+poke_file "$TEST_DIR/sn1-extra" 24 'very important data'
 # Grow sn1-post to pad
-truncate -s $(($(snapshot_table_entry_size "$TEST_DIR/sn1-pre") - 82)) \
+truncate -s $(($(snapshot_table_entry_size "$TEST_DIR/sn1-pre") - 90)) \
 "$TEST_DIR/sn1-post"
 
 # Set sn2's extra data size to 8
diff --git a/tests/qemu-iotests/261.out b/tests/qemu-iotests/261.out
index 2600354566..612433ae40 100644
--- a/tests/qemu-iotests/261.out
+++ b/tests/qemu-iotests/261.out
@@ -12,9 +12,10 @@ Snapshots in TEST_DIR/t.IMGFMT.v2.orig:
   [1]
 ID: 2
 Name: sn1
-Extra data size: 42
+Extra data size: 50
 VM state size: 0
 Disk size: 67108864
+Icount: 0
 Unknown extra data: very important da

[PULL 28/37] qapi: introduce replay.json for record/replay-related stuff

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch adds replay.json file. It will be
used for adding record/replay-related data structures and commands.

Signed-off-by: Pavel Dovgalyuk 
Reviewed-by: Markus Armbruster 
Reviewed-by: Alex Bennée 
Message-Id: <160174519444.12451.3472949430004845434.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS |  1 +
 include/sysemu/replay.h |  1 +
 qapi/meson.build|  1 +
 qapi/misc.json  | 18 --
 qapi/qapi-schema.json   |  1 +
 qapi/replay.json| 26 ++
 6 files changed, 30 insertions(+), 18 deletions(-)
 create mode 100644 qapi/replay.json

diff --git a/MAINTAINERS b/MAINTAINERS
index 231f854437..417fca5f57 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2696,6 +2696,7 @@ F: include/sysemu/replay.h
 F: docs/replay.txt
 F: stubs/replay.c
 F: tests/acceptance/replay_kernel.py
+F: qapi/replay.json
 
 IOVA Tree
 M: Peter Xu 
diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index 7d963139e5..d6026ed8e5 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -14,6 +14,7 @@
 
 #include "qapi/qapi-types-misc.h"
 #include "qapi/qapi-types-run-state.h"
+#include "qapi/qapi-types-replay.h"
 #include "qapi/qapi-types-ui.h"
 #include "block/aio.h"
 
diff --git a/qapi/meson.build b/qapi/meson.build
index ea359a0148..0e98146f1f 100644
--- a/qapi/meson.build
+++ b/qapi/meson.build
@@ -39,6 +39,7 @@ qapi_all_modules = [
   'pci',
   'qom',
   'rdma',
+  'replay',
   'rocker',
   'run-state',
   'sockets',
diff --git a/qapi/misc.json b/qapi/misc.json
index 694d2142f3..7d1e2e9aae 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -757,24 +757,6 @@
  'returns': ['CommandLineOptionInfo'],
  'allow-preconfig': true }
 
-##
-# @ReplayMode:
-#
-# Mode of the replay subsystem.
-#
-# @none: normal execution mode. Replay or record are not enabled.
-#
-# @record: record mode. All non-deterministic data is written into the
-#  replay log.
-#
-# @play: replay mode. Non-deterministic data required for system execution
-#is read from the log.
-#
-# Since: 2.5
-##
-{ 'enum': 'ReplayMode',
-  'data': [ 'none', 'record', 'play' ] }
-
 ##
 # @xen-load-devices-state:
 #
diff --git a/qapi/qapi-schema.json b/qapi/qapi-schema.json
index 8d567e1386..0b444b76d2 100644
--- a/qapi/qapi-schema.json
+++ b/qapi/qapi-schema.json
@@ -85,6 +85,7 @@
 { 'include': 'qdev.json' }
 { 'include': 'machine.json' }
 { 'include': 'machine-target.json' }
+{ 'include': 'replay.json' }
 { 'include': 'misc.json' }
 { 'include': 'misc-target.json' }
 { 'include': 'audio.json' }
diff --git a/qapi/replay.json b/qapi/replay.json
new file mode 100644
index 00..9e13551d20
--- /dev/null
+++ b/qapi/replay.json
@@ -0,0 +1,26 @@
+# -*- Mode: Python -*-
+#
+
+##
+# = Record/replay
+##
+
+{ 'include': 'common.json' }
+
+##
+# @ReplayMode:
+#
+# Mode of the replay subsystem.
+#
+# @none: normal execution mode. Replay or record are not enabled.
+#
+# @record: record mode. All non-deterministic data is written into the
+#  replay log.
+#
+# @play: replay mode. Non-deterministic data required for system execution
+#is read from the log.
+#
+# Since: 2.5
+##
+{ 'enum': 'ReplayMode',
+  'data': [ 'none', 'record', 'play' ] }
-- 
2.26.2

[PULL 29/37] replay: introduce info hmp/qmp command

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch introduces 'info replay' monitor command and
corresponding qmp request.
These commands request the current record/replay mode, replay log file
name, and the instruction count (number of recorded/replayed
instructions).  The instruction count can be used with the
replay_seek/replay_break commands added in the next two patches.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Dr. David Alan Gilbert 
Acked-by: Markus Armbruster 
Message-Id: <160174520026.12451.13112161947433306561.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini 
---
 hmp-commands-info.hx  | 11 ++
 include/monitor/hmp.h |  1 +
 qapi/block-core.json  |  3 ++-
 qapi/replay.json  | 39 +++
 replay/meson.build|  1 +
 replay/replay-debugging.c | 43 +++
 6 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 replay/replay-debugging.c

diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
index 30209e3903..117ba25f91 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
@@ -881,4 +881,15 @@ SRST
 Show SEV information.
 ERST
 
+{
+.name   = "replay",
+.args_type  = "",
+.params = "",
+.help   = "show record/replay information",
+.cmd= hmp_info_replay,
+},
 
+SRST
+  ``info replay``
+Display the record/replay information: mode and the current icount.
+ERST
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
index 642e9e91f9..f297fccce8 100644
--- a/include/monitor/hmp.h
+++ b/include/monitor/hmp.h
@@ -129,5 +129,6 @@ void hmp_hotpluggable_cpus(Monitor *mon, const QDict 
*qdict);
 void hmp_info_vm_generation_id(Monitor *mon, const QDict *qdict);
 void hmp_info_memory_size_summary(Monitor *mon, const QDict *qdict);
 void hmp_info_sev(Monitor *mon, const QDict *qdict);
+void hmp_info_replay(Monitor *mon, const QDict *qdict);
 
 #endif
diff --git a/qapi/block-core.json b/qapi/block-core.json
index fdc2e5cb28..3758ea9912 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -29,7 +29,8 @@
 #
 # @icount: Current instruction count. Appears when execution record/replay
 #  is enabled. Used for "time-traveling" to match the moment
-#  in the recorded execution with the snapshots. (since 5.2)
+#  in the recorded execution with the snapshots. This counter may
+#  be obtained through @query-replay command (since 5.2)
 #
 # Since: 1.3
 #
diff --git a/qapi/replay.json b/qapi/replay.json
index 9e13551d20..e6b3f6001d 100644
--- a/qapi/replay.json
+++ b/qapi/replay.json
@@ -24,3 +24,42 @@
 ##
 { 'enum': 'ReplayMode',
   'data': [ 'none', 'record', 'play' ] }
+
+##
+# @ReplayInfo:
+#
+# Record/replay information.
+#
+# @mode: current mode.
+#
+# @filename: name of the record/replay log file.
+#It is present only in record or replay modes, when the log
+#is recorded or replayed.
+#
+# @icount: current number of executed instructions.
+#
+# Since: 5.2
+#
+##
+{ 'struct': 'ReplayInfo',
+  'data': { 'mode': 'ReplayMode', '*filename': 'str', 'icount': 'int' } }
+
+##
+# @query-replay:
+#
+# Retrieve the record/replay information.
+# It includes current instruction count which may be used for
+# @replay-break and @replay-seek commands.
+#
+# Returns: record/replay information.
+#
+# Since: 5.2
+#
+# Example:
+#
+# -> { "execute": "query-replay" }
+# <- { "return": { "mode": "play", "filename": "log.rr", "icount": 220414 } }
+#
+##
+{ 'command': 'query-replay',
+  'returns': 'ReplayInfo' }
diff --git a/replay/meson.build b/replay/meson.build
index 8783aea7c8..f91163fb1e 100644
--- a/replay/meson.build
+++ b/replay/meson.build
@@ -9,4 +9,5 @@ softmmu_ss.add(files(
   'replay-net.c',
   'replay-audio.c',
   'replay-random.c',
+  'replay-debugging.c',
 ))
diff --git a/replay/replay-debugging.c b/replay/replay-debugging.c
new file mode 100644
index 00..51a6de4e81
--- /dev/null
+++ b/replay/replay-debugging.c
@@ -0,0 +1,43 @@
+/*
+ * replay-debugging.c
+ *
+ * Copyright (c) 2010-2020 Institute for System Programming
+ * of the Russian Academy of Sciences.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "sysemu/replay.h"
+#include "replay-internal.h"
+#include "monitor/hmp.h"
+#include "monitor/monitor.h"
+#include "qapi/qapi-commands-replay.h"
+
+void hmp_info_replay(Monitor *mon, const QDict *qdict)
+{
+if (replay_mode == REPLAY_MODE_NONE) {
+monitor_printf(mon, "Record/replay is not active\n");
+} else {
+monitor_printf(mon,
+"%s execution '%s': instruction count = %"PRId64"\n",
+replay_mode == REPLAY_MODE_RECORD ? "Recording" : "Replaying",
+replay_get_filename(), replay_get_current_icount());
+}
+}
+
+ReplayInfo *qmp_quer

[PULL 33/37] gdbstub: add reverse step support in replay mode

[Paolo Bonzini]

From: Pavel Dovgalyuk 

GDB remote protocol supports two reverse debugging commands:
reverse step and reverse continue.
This patch adds support of the first one to the gdbstub.
Reverse step is intended to step one instruction in the backwards
direction. This is not possible in regular execution.
But replayed execution is deterministic, therefore we can load one of
the prior snapshots and proceed to the desired step. It is equivalent
to stepping one instruction back.
There should be at least one snapshot preceding the debugged part of
the replay log.

Signed-off-by: Pavel Dovgalyuk 
Reviewed-by: Alex Bennée 

--

v4 changes:
 - inverted condition in cpu_handle_guest_debug (suggested by Alex Bennée)
Message-Id: <160174522341.12451.1498758422543765253.stgit@pasha-ThinkPad-X280>

Signed-off-by: Paolo Bonzini 
---
 accel/tcg/translator.c|  1 +
 exec.c|  7 +
 gdbstub.c | 55 +--
 include/sysemu/replay.h   | 11 
 replay/replay-debugging.c | 34 
 softmmu/cpus.c| 14 +++---
 stubs/replay.c|  5 
 7 files changed, 122 insertions(+), 5 deletions(-)

diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index 603d17ff83..fb1e19c585 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -17,6 +17,7 @@
 #include "exec/log.h"
 #include "exec/translator.h"
 #include "exec/plugin-gen.h"
+#include "sysemu/replay.h"
 
 /* Pairs with tcg_clear_temp_count.
To be called by #TranslatorOps.{translate_insn,tb_stop} if
diff --git a/exec.c b/exec.c
index 2305f5553e..d8072668ea 100644
--- a/exec.c
+++ b/exec.c
@@ -2748,6 +2748,13 @@ void cpu_check_watchpoint(CPUState *cpu, vaddr addr, 
vaddr len,
 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
 if (watchpoint_address_matches(wp, addr, len)
 && (wp->flags & flags)) {
+if (replay_running_debug()) {
+/*
+ * Don't process the watchpoints when we are
+ * in a reverse debugging operation.
+ */
+return;
+}
 if (flags == BP_MEM_READ) {
 wp->flags |= BP_WATCHPOINT_HIT_READ;
 } else {
diff --git a/gdbstub.c b/gdbstub.c
index 9dfb6e4142..79e8ccc050 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -51,6 +51,7 @@
 #include "sysemu/runstate.h"
 #include "hw/semihosting/semihost.h"
 #include "exec/exec-all.h"
+#include "sysemu/replay.h"
 
 #ifdef CONFIG_USER_ONLY
 #define GDB_ATTACHED "0"
@@ -375,6 +376,20 @@ typedef struct GDBState {
  */
 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
 
+/* Retrieves flags for single step mode. */
+static int get_sstep_flags(void)
+{
+/*
+ * In replay mode all events written into the log should be replayed.
+ * That is why NOIRQ flag is removed in this mode.
+ */
+if (replay_mode != REPLAY_MODE_NONE) {
+return SSTEP_ENABLE;
+} else {
+return sstep_flags;
+}
+}
+
 static GDBState gdbserver_state;
 
 static void init_gdbserver_state(void)
@@ -501,7 +516,7 @@ static int gdb_continue_partial(char *newstates)
 break; /* nothing to do here */
 case 's':
 trace_gdbstub_op_stepping(cpu->cpu_index);
-cpu_single_step(cpu, sstep_flags);
+cpu_single_step(cpu, get_sstep_flags());
 cpu_resume(cpu);
 flag = 1;
 break;
@@ -1874,10 +1889,31 @@ static void handle_step(GdbCmdContext *gdb_ctx, void 
*user_ctx)
 gdb_set_cpu_pc((target_ulong)gdb_ctx->params[0].val_ull);
 }
 
-cpu_single_step(gdbserver_state.c_cpu, sstep_flags);
+cpu_single_step(gdbserver_state.c_cpu, get_sstep_flags());
 gdb_continue();
 }
 
+static void handle_backward(GdbCmdContext *gdb_ctx, void *user_ctx)
+{
+if (replay_mode != REPLAY_MODE_PLAY) {
+put_packet("E22");
+}
+if (gdb_ctx->num_params == 1) {
+switch (gdb_ctx->params[0].opcode) {
+case 's':
+if (replay_reverse_step()) {
+gdb_continue();
+} else {
+put_packet("E14");
+}
+return;
+}
+}
+
+/* Default invalid command */
+put_packet("");
+}
+
 static void handle_v_cont_query(GdbCmdContext *gdb_ctx, void *user_ctx)
 {
 put_packet("vCont;c;C;s;S");
@@ -2124,6 +2160,10 @@ static void handle_query_supported(GdbCmdContext 
*gdb_ctx, void *user_ctx)
 g_string_append(gdbserver_state.str_buf, ";qXfer:features:read+");
 }
 
+if (replay_mode == REPLAY_MODE_PLAY) {
+g_string_append(gdbserver_state.str_buf, ";ReverseStep+");
+}
+
 if (gdb_ctx->num_params &&
 strstr(gdb_ctx->params[0].data, "multiprocess+")) {
 gdbserver_state.multiprocess = true;
@@ -2460,6 +2500,17 @@ static int gdb_handle_packet(const char *line_buf)
 cmd_parser = &step_cmd_desc;

Re: [PATCH v2] scripts: Convert qemu-version.sh to qemu-version.py

[Paolo Bonzini]

On 05/10/20 21:22, Peter Maydell wrote:
>> +def main(args):
>> +if len(args) <= 3:
>> +sys.exit(0)
>> +
>> +dir = args[1]
>> +pkgversion = args[2]
>> +version = args[3]

In addition to what Peter pointed out, all these lines can be changed to

def main(dir, pkgversion, version, *unused):

and below

if __name__ == "__main__":
main(*sys.argv)

>> +pc = subprocess.run(['git', 'describe', '--match', "'v*'", '--dirty', 
>> '--always'],
>> +stdout=subprocess.PIPE, stderr=subprocess.DEVNULL, cwd=dir)
>> +if pc.returncode == 0:
>> +pkgversion = pc.stdout.decode('utf8').strip()
>> +fullversion = version
>> +if len(pkgversion) > 0:

Just "if pkgversion:" please.

>> +fullversion = "{} ({})".format(version, pkgversion)
>> +
>> +version_header = '''#define QEMU_PKGVERSION "{}"
>> +#define QEMU_FULL_VERSION "{}"'''.format(pkgversion, fullversion)
>> +sys.stdout.buffer.write(version_header.encode('utf8'))

No need to use buffer and encode, just

print('#define QEMU_PKGVERSION "%s"' % pkgversion)
print('#define QEMU_FULLVERSION "%s"' % fullversion)

It is still a bit more clunky than a shell script, but at least not as much.

Paolo

Re: [RFC PATCH 1/3] qom: Always register FW_CFG_DATA_GENERATOR_INTERFACE

[Laszlo Ersek]

On 10/05/20 12:54, Philippe Mathieu-Daudé wrote:
> While the FW_CFG_DATA_GENERATOR_INTERFACE is only consumed
> by a device only available using system-mode (fw_cfg), it is
> implemented by a crypto component (tls-cipher-suites) which
> is always available when crypto is used.
> 
> Commit 69699f3055 introduced the following error in the
> qemu-storage-daemon binary:
> 
>   $ echo -e \
> '{"execute": "qmp_capabilities"}\r\n{"execute": 
> "qom-list-types"}\r\n{"execute": "quit"}\r\n' \
> | storage-daemon/qemu-storage-daemon --chardev stdio,id=qmp0  --monitor 
> qmp0
>   {"QMP": {"version": {"qemu": {"micro": 50, "minor": 1, "major": 5}, 
> "package": ""}, "capabilities": ["oob"]}}
>   {"return": {}}
>   missing interface 'fw_cfg-data-generator' for object 'tls-creds'
>   Aborted (core dumped)
> 
> Since QOM dependencies are resolved at runtime, this issue
> could not be triggered at linktime,

O_o

I'll defer the review of this work to others with actual QOM knowledge.

Please ping me when the series is otherwise ready; I'll be happy to ACK
the fw_cfg parts (if any).

Laszlo

> and we don't have test
> running the qemu-storage-daemon binary.
> 
> Fix by always registering the QOM interface.
> 
> Reported-by: Kevin Wolf 
> Fixes: 69699f3055 ("crypto/tls-cipher-suites: Produce fw_cfg consumable blob")
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> I first used:
> 
> +if config_host.has_key('CONFIG_GNUTLS') or have_system
> +  qom_ss.add(files('fw_cfg_interface.c'))
> +endif
> 
> but then realized anything could implement a QOM interface,
> so better keep this generic.
> ---
>  hw/nvram/fw_cfg.c  |  7 ---
>  qom/fw_cfg_interface.c | 15 +++
>  MAINTAINERS|  1 +
>  qom/meson.build|  5 +
>  4 files changed, 21 insertions(+), 7 deletions(-)
>  create mode 100644 qom/fw_cfg_interface.c
> 
> diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
> index 0e95d057fd..08539a1aab 100644
> --- a/hw/nvram/fw_cfg.c
> +++ b/hw/nvram/fw_cfg.c
> @@ -1360,18 +1360,11 @@ static const TypeInfo fw_cfg_mem_info = {
>  .class_init= fw_cfg_mem_class_init,
>  };
>  
> -static const TypeInfo fw_cfg_data_generator_interface_info = {
> -.parent = TYPE_INTERFACE,
> -.name = TYPE_FW_CFG_DATA_GENERATOR_INTERFACE,
> -.class_size = sizeof(FWCfgDataGeneratorClass),
> -};
> -
>  static void fw_cfg_register_types(void)
>  {
>  type_register_static(&fw_cfg_info);
>  type_register_static(&fw_cfg_io_info);
>  type_register_static(&fw_cfg_mem_info);
> -type_register_static(&fw_cfg_data_generator_interface_info);
>  }
>  
>  type_init(fw_cfg_register_types)
> diff --git a/qom/fw_cfg_interface.c b/qom/fw_cfg_interface.c
> new file mode 100644
> index 00..2b19502ffe
> --- /dev/null
> +++ b/qom/fw_cfg_interface.c
> @@ -0,0 +1,15 @@
> +#include "qemu/osdep.h"
> +#include "hw/nvram/fw_cfg.h"
> +
> +static const TypeInfo fw_cfg_data_generator_interface_info = {
> +.parent = TYPE_INTERFACE,
> +.name = TYPE_FW_CFG_DATA_GENERATOR_INTERFACE,
> +.class_size = sizeof(FWCfgDataGeneratorClass),
> +};
> +
> +static void fw_cfg_register_types(void)
> +{
> +type_register_static(&fw_cfg_data_generator_interface_info);
> +}
> +
> +type_init(fw_cfg_register_types)
> diff --git a/MAINTAINERS b/MAINTAINERS
> index b76fb31861..9c89d54b41 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -2055,6 +2055,7 @@ R: Gerd Hoffmann 
>  S: Supported
>  F: docs/specs/fw_cfg.txt
>  F: hw/nvram/fw_cfg.c
> +F: qom/fw_cfg_interface.c
>  F: stubs/fw_cfg.c
>  F: include/hw/nvram/fw_cfg.h
>  F: include/standard-headers/linux/qemu_fw_cfg.h
> diff --git a/qom/meson.build b/qom/meson.build
> index a1cd03c82c..7335f8c8a2 100644
> --- a/qom/meson.build
> +++ b/qom/meson.build
> @@ -7,6 +7,11 @@ qom_ss.add(files(
>'qom-qobject.c',
>  ))
>  
> +# interfaces any object might implement
> +qom_ss.add(files(
> +  'fw_cfg_interface.c',
> +))
> +
>  qmp_ss.add(files('qom-qmp-cmds.c'))
>  softmmu_ss.add(files('qom-hmp-cmds.c'))
>  
> 

Re: [PATCH v2 2/3] qga: add implementation of guest-get-disks for Linux

[Tomáš Golembiovský]

On Tue, Sep 29, 2020 at 07:22:00PM +0400, Marc-André Lureau wrote:
> Hi
> 
> On Mon, Sep 7, 2020 at 1:17 PM Tomáš Golembiovský 
> wrote:
> 
> > The command lists all disks (real and virtual) as well as disk
> > partitions. For each disk the list of slave disks is also listed and
> > /dev path is used as a handle so it can be matched with "name" filed of
> >
> 
> field
> 
> other returned disk entries. For disk partitions the "slave" list is
> > populated with the the parent device for easier tracking of hierarchy.
> >
> > Example output:
> > {
> >   "return": [
> > ...
> > {
> >   "name": "/dev/dm-0",
> >   "partition": false,
> >   "slaves": [
> > "/dev/sda2"
> >   ],
> >   "alias": "luks-7062202e-5b9b-433e-81e8-6628c40da9f7"
> > },
> > {
> >   "name": "/dev/sda2",
> >   "partition": true,
> >   "slaves": [
> > "/dev/sda"
> >   ]
> > },
> > {
> >   "name": "/dev/sda",
> >   "partition": false,
> >   "address": {
> > "serial": "SAMSUNG_MZ7LN512HCHP-000L1_S1ZKNXAG822493",
> > "bus-type": "sata",
> > ...
> > "dev": "/dev/sda",
> > "target": 0
> >   },
> >   "slaves": []
> > },
> > ...
> >   ]
> > }
> >
> > Signed-off-by: Tomáš Golembiovský 
> > ---
> >  qga/commands-posix.c | 247 +--
> >  1 file changed, 240 insertions(+), 7 deletions(-)
> >
> > diff --git a/qga/commands-posix.c b/qga/commands-posix.c
> > index f99731af51..3babc25c09 100644
> > --- a/qga/commands-posix.c
> > +++ b/qga/commands-posix.c
> > @@ -62,6 +62,9 @@ extern char **environ;
> >  #endif
> >  #endif
> >
> > +G_DEFINE_AUTOPTR_CLEANUP_FUNC(GuestFilesystemInfo,
> > +qapi_free_GuestFilesystemInfo)
> > +
> >
> 
> This will now conflict with qapi-gen generated headers.
> 
>  static void ga_wait_child(pid_t pid, int *status, Error **errp)
> >  {
> >  pid_t rpid;
> > @@ -1150,6 +1153,21 @@ static void
> > build_guest_fsinfo_for_virtual_device(char const *syspath,
> >  closedir(dir);
> >  }
> >
> > +static bool is_disk_virtual(const char *devpath, Error **errp)
> > +{
> > +g_autofree char *syspath = realpath(devpath, NULL);
> > +
> > +if (!syspath) {
> > +error_setg_errno(errp, errno, "realpath(\"%s\")", devpath);
> >
> +return false;
> > +}
> > +if (strstr(syspath, "/devices/virtual/block/")) {
> > +return true;
> > +} else {
> > +return false;
> > +}
> >
> 
>  simply to "return strstr(syspath, "/devices/virtual/block/") != NULL;" ?
> (Or strstr(syspath, "/devices/virtual/block/") ? true : false )
> 
> +}
> > +
> >  /* Dispatch to functions for virtual/real device */
> >  static void build_guest_fsinfo_for_device(char const *devpath,
> >GuestFilesystemInfo *fs,
> > @@ -1168,6 +1186,7 @@ static void build_guest_fsinfo_for_device(char const
> > *devpath,
> >
> >  g_debug("  parse sysfs path '%s'", syspath);
> >
> > +/* TODO: use is_disk_virtual() */
> >
> 
> just do it, no?

It's great that I put a note there otherwise I might have forgotten to
do it. ;)

> 
>  if (strstr(syspath, "/devices/virtual/block/")) {
> >  build_guest_fsinfo_for_virtual_device(syspath, fs, errp);
> >  } else {
> > @@ -1177,6 +1196,225 @@ static void build_guest_fsinfo_for_device(char
> > const *devpath,
> >  free(syspath);
> >  }
> >
> > +#ifdef CONFIG_LIBUDEV
> > +
> > +/*
> > + * Wrapper around build_guest_fsinfo_for_device() for getting just
> > + * the disk address.
> > + */
> > +static GuestDiskAddress *get_disk_address(const char *syspath, Error
> > **errp)
> > +{
> > +g_autoptr(GuestFilesystemInfo) fs = NULL;
> > +
> > +fs = g_new0(GuestFilesystemInfo, 1);
> >
> 
> Heap allocation / auto wasn't really necessary here, but ok.

I used it so that qapi_free_GuestFilesystemInfo() is called on function
exit in all cases. I am not sure if I could do that if `fs` were on the
stack.


> 
> 
> > +build_guest_fsinfo_for_device(syspath, fs, errp);
> > +if (fs->disk != NULL) {
> > +return g_steal_pointer(&fs->disk->value);
> > +}
> > +return NULL;
> >
> 
> Could also be a onliner, but perhaps less readable.

Yeah, I prefer it this way.

> 
> +}
> > +
> > +static char *get_alias_for_syspath(const char *syspath)
> > +{
> > +struct udev *udev = NULL;
> > +struct udev_device *udevice = NULL;
> > +char *ret = NULL;
> > +
> > +udev = udev_new();
> >
> 
> I would have g_return_val_if_fail(udev != NULL, NULL); here as,
> 
> +udevice = udev_device_new_from_syspath(udev, syspath);
> >
> 
> udev_device_new_from_syspath() might crash otherwise.

That is probably true. This may require fixes at other places too.

> 
> 
> > +if (udev == NULL || udevice == NULL) {
> > +g_debug("failed to query udev");
> > +} else {
> > +const char *alias = udev_device_get_property_value(
> > +udevice, "DM_

[Bug 1772165] Re: arm raspi2/raspi3 emulation has no USB support

[Paul Zimmerman]

You need to use -M raspi2 (or -M raspi3 for 64-bit kernels) to enable
the Raspberry Pi emulation. And you need version 5.1 or newer of Qemu to
get the dwc2 USB emulation. I don't think any Linux distributions
provide that new of a Qemu, so you might have to build it yourself.

Here is the command line I use to run the Raspbian image 2019-09-26
-raspbian-buster.img. I extracted bcm2709-rpi-2-b.dtb and kernel7.img
from the FAT partition inside the image file.

qemu-system-arm -M raspi2 -drive file=2019-09-26-raspbian-
buster.img,format=raw,if=sd -dtb bcm2709-rpi-2-b.dtb -kernel kernel7.img
-append 'rw earlycon=pl011,0x3f201000 console=ttyAMA0 loglevel=8
root=/dev/mmcblk0p2 fsck.repair=yes net.ifnames=0 rootwait memtest=1
dwc_otg.fiq_fsm_enable=0' -serial stdio -no-reboot -netdev user,id=net0
-usb -device usb-kbd -device usb-tablet -device usb-net,netdev=net0

That should give you a graphical emulation with working keyboard, mouse
and networking. Mass-storage also works, but I left that out for
simplicity.

But note that if you absolutely must pass-through a USB device from the
host, it probably won't work. That's because the dwc2 controller
emulation is connected through a full-speed hub emulation, so unless
your USB device is connected at full-speed on the host, it probably
won't work.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772165

Title:
  arm raspi2/raspi3 emulation has no USB support

Status in QEMU:
  Confirmed

Bug description:
  Using Qemu 2.12.0 on ArchLinux.

  Trying to emulate arm device with `qemu-system-arm` and attach usb
  device for unput using

  ` -usb -device usb-host,bus=001,vendorid=0x1d6b,productid=0x0002 `

  # lsusb returns

  Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
  Bus 001 Device 014: ID 13d3:3487 IMC Networks 
  Bus 001 Device 004: ID 0457:11af Silicon Integrated Systems Corp. 
  Bus 001 Device 003: ID 0bda:57e6 Realtek Semiconductor Corp. 
  Bus 001 Device 002: ID 0bda:0129 Realtek Semiconductor Corp. RTS5129 Card 
Reader Controller
  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

  # qemu returns
  qemu-system-arm: -device usb-host,bus=001,vendorid=0x1d6b,productid=0x0002: 
Bus '001' not found

  
  Tried with connecting external usb keyboard but that didn't seem to work 
either.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772165/+subscriptions

Re: [PATCH v2 1/3] qga: add command guest-get-disks

[Daniel P . Berrangé]

On Mon, Sep 07, 2020 at 11:14:40AM +0200, Tomáš Golembiovský wrote:
> Add API and stubs for new guest-get-disks command.
> 
> The command guest-get-fsinfo can be used to list information about disks
> and partitions but it is limited only to mounted disks with filesystem.
> This new command should allow listing information about disks of the VM
> regardles whether they are mounted or not. This can be usefull for
> management applications for mapping virtualized devices or pass-through
> devices to device names in the guest OS.
> 
> Signed-off-by: Tomáš Golembiovský 
> ---
>  qga/commands-posix.c |  6 ++
>  qga/commands-win32.c |  6 ++
>  qga/qapi-schema.json | 29 +
>  3 files changed, 41 insertions(+)
> 
> diff --git a/qga/commands-posix.c b/qga/commands-posix.c
> index 744c2b5a5d..f99731af51 100644
> --- a/qga/commands-posix.c
> +++ b/qga/commands-posix.c
> @@ -3042,3 +3042,9 @@ GuestOSInfo *qmp_guest_get_osinfo(Error **errp)
>  
>  return info;
>  }
> +
> +GuestDiskInfoList *qmp_guest_get_disks(Error **errp)
> +{
> +error_setg(errp, QERR_UNSUPPORTED);
> +return NULL;
> +}
> diff --git a/qga/commands-win32.c b/qga/commands-win32.c
> index aaa71f147b..e9976a0c46 100644
> --- a/qga/commands-win32.c
> +++ b/qga/commands-win32.c
> @@ -2229,3 +2229,9 @@ GuestOSInfo *qmp_guest_get_osinfo(Error **errp)
>  
>  return info;
>  }
> +
> +GuestDiskInfoList *qmp_guest_get_disks(Error **errp)
> +{
> +error_setg(errp, QERR_UNSUPPORTED);
> +return NULL;
> +}
> diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
> index 408a662ea5..70b54e0d07 100644
> --- a/qga/qapi-schema.json
> +++ b/qga/qapi-schema.json
> @@ -862,6 +862,35 @@
> 'bus': 'int', 'target': 'int', 'unit': 'int',
> '*serial': 'str', '*dev': 'str'} }
>  
> +##
> +# @GuestDiskInfo:
> +#
> +# @name: device node (Linux) or device UNC (Windows)
> +# @partition: whether this is a partition or disk
> +# @slaves: list of slave devices (Linux)

What are "slave devices" ?

For that matter, please don't use the term "slaves" at all in any
new code.

> +# @address: disk address information (only for non-virtual devices)
> +# @alias: optional alias assigned to the disk, on Linux this is a name 
> assigned
> +# by device mapper
> +#
> +# Since 5.2
> +##
> +{ 'struct': 'GuestDiskInfo',
> +  'data': {'name': 'str', 'partition': 'bool', 'slaves': ['str'],
> +   '*address': 'GuestDiskAddress', '*alias': 'str'} }

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PULL 5/5] crypto/tls-cipher-suites: Produce fw_cfg consumable blob

[Laszlo Ersek]

On 10/05/20 11:16, Philippe Mathieu-Daudé wrote:
> Hi Laszlo,
> 
> On 10/1/20 9:18 AM, Laszlo Ersek wrote:
>> On 09/29/20 17:46, Kevin Wolf wrote:
>>> Am 04.07.2020 um 18:39 hat Philippe Mathieu-Daudé geschrieben:
 Since our format is consumable by the fw_cfg device,
 we can implement the FW_CFG_DATA_GENERATOR interface.

 Example of use to dump the cipher suites (if tracing enabled):

   $ qemu-system-x86_64 -S \
 -object tls-cipher-suites,id=mysuite1,priority=@SYSTEM \
 -fw_cfg name=etc/path/to/ciphers,gen_id=mysuite1 \
 -trace qcrypto\*
   159066.197123:qcrypto_tls_cipher_suite_priority priority: @SYSTEM
   159066.197219:qcrypto_tls_cipher_suite_info data=[0x13,0x02] 
 version=TLS1.3 name=TLS_AES_256_GCM_SHA384
   159066.197228:qcrypto_tls_cipher_suite_info data=[0x13,0x03] 
 version=TLS1.3 name=TLS_CHACHA20_POLY1305_SHA256
   159066.197233:qcrypto_tls_cipher_suite_info data=[0x13,0x01] 
 version=TLS1.3 name=TLS_AES_128_GCM_SHA256
   159066.197236:qcrypto_tls_cipher_suite_info data=[0x13,0x04] 
 version=TLS1.3 name=TLS_AES_128_CCM_SHA256
   159066.197240:qcrypto_tls_cipher_suite_info data=[0xc0,0x30] 
 version=TLS1.2 name=TLS_ECDHE_RSA_AES_256_GCM_SHA384
   159066.197245:qcrypto_tls_cipher_suite_info data=[0xcc,0xa8] 
 version=TLS1.2 name=TLS_ECDHE_RSA_CHACHA20_POLY1305
   159066.197250:qcrypto_tls_cipher_suite_info data=[0xc0,0x14] 
 version=TLS1.0 name=TLS_ECDHE_RSA_AES_256_CBC_SHA1
   159066.197254:qcrypto_tls_cipher_suite_info data=[0xc0,0x2f] 
 version=TLS1.2 name=TLS_ECDHE_RSA_AES_128_GCM_SHA256
   159066.197258:qcrypto_tls_cipher_suite_info data=[0xc0,0x13] 
 version=TLS1.0 name=TLS_ECDHE_RSA_AES_128_CBC_SHA1
   159066.197261:qcrypto_tls_cipher_suite_info data=[0xc0,0x2c] 
 version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_GCM_SHA384
   159066.197266:qcrypto_tls_cipher_suite_info data=[0xcc,0xa9] 
 version=TLS1.2 name=TLS_ECDHE_ECDSA_CHACHA20_POLY1305
   159066.197270:qcrypto_tls_cipher_suite_info data=[0xc0,0xad] 
 version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_CCM
   159066.197274:qcrypto_tls_cipher_suite_info data=[0xc0,0x0a] 
 version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_256_CBC_SHA1
   159066.197278:qcrypto_tls_cipher_suite_info data=[0xc0,0x2b] 
 version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
   159066.197283:qcrypto_tls_cipher_suite_info data=[0xc0,0xac] 
 version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_CCM
   159066.197287:qcrypto_tls_cipher_suite_info data=[0xc0,0x09] 
 version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_128_CBC_SHA1
   159066.197291:qcrypto_tls_cipher_suite_info data=[0x00,0x9d] 
 version=TLS1.2 name=TLS_RSA_AES_256_GCM_SHA384
   159066.197296:qcrypto_tls_cipher_suite_info data=[0xc0,0x9d] 
 version=TLS1.2 name=TLS_RSA_AES_256_CCM
   159066.197300:qcrypto_tls_cipher_suite_info data=[0x00,0x35] 
 version=TLS1.0 name=TLS_RSA_AES_256_CBC_SHA1
   159066.197304:qcrypto_tls_cipher_suite_info data=[0x00,0x9c] 
 version=TLS1.2 name=TLS_RSA_AES_128_GCM_SHA256
   159066.197308:qcrypto_tls_cipher_suite_info data=[0xc0,0x9c] 
 version=TLS1.2 name=TLS_RSA_AES_128_CCM
   159066.197312:qcrypto_tls_cipher_suite_info data=[0x00,0x2f] 
 version=TLS1.0 name=TLS_RSA_AES_128_CBC_SHA1
   159066.197316:qcrypto_tls_cipher_suite_info data=[0x00,0x9f] 
 version=TLS1.2 name=TLS_DHE_RSA_AES_256_GCM_SHA384
   159066.197320:qcrypto_tls_cipher_suite_info data=[0xcc,0xaa] 
 version=TLS1.2 name=TLS_DHE_RSA_CHACHA20_POLY1305
   159066.197325:qcrypto_tls_cipher_suite_info data=[0xc0,0x9f] 
 version=TLS1.2 name=TLS_DHE_RSA_AES_256_CCM
   159066.197329:qcrypto_tls_cipher_suite_info data=[0x00,0x39] 
 version=TLS1.0 name=TLS_DHE_RSA_AES_256_CBC_SHA1
   159066.197333:qcrypto_tls_cipher_suite_info data=[0x00,0x9e] 
 version=TLS1.2 name=TLS_DHE_RSA_AES_128_GCM_SHA256
   159066.197337:qcrypto_tls_cipher_suite_info data=[0xc0,0x9e] 
 version=TLS1.2 name=TLS_DHE_RSA_AES_128_CCM
   159066.197341:qcrypto_tls_cipher_suite_info data=[0x00,0x33] 
 version=TLS1.0 name=TLS_DHE_RSA_AES_128_CBC_SHA1
   159066.197345:qcrypto_tls_cipher_suite_count count: 29

 Signed-off-by: Philippe Mathieu-Daudé 
 Reviewed-by: Daniel P. Berrangé 
 Acked-by: Laszlo Ersek 
 Message-Id: <20200623172726.21040-6-phi...@redhat.com>
>>>
>>> I noticed only now that this breaks '--object help' in
>>> qemu-storage-daemon:
>>>
>>> $ qemu-storage-daemon --object help
>>> List of user creatable objects:
>>> qemu-storage-daemon: missing interface 'fw_cfg-data-generator' for object 
>>> 'tls-creds'
>>> Aborted (core dumped)
>>>
>>> The reason is that we don't (and can't) link hw/nvram/fw_cfg.c into the
>>> storage daemon because it requires other syst

Re: [PATCH v2 2/3] qga: add implementation of guest-get-disks for Linux

[Marc-André Lureau]

Hi

On Tue, Oct 6, 2020 at 12:31 PM Tomáš Golembiovský 
wrote:

> On Tue, Sep 29, 2020 at 07:22:00PM +0400, Marc-André Lureau wrote:
>
> > > +if (getline(&line, &n, fp) == -1) {
> > > +g_debug("  failed to read disk size");
> > >
> >
> > line: getline(3) "This buffer should be freed by the user program even if
> > getline() failed."
>
> That is handled by the g_autofree, or am I missing something? `line`
> will get out of scope after every interation (even with continue). Or do
>
>
Ah right, I got confused.

thanks

-- 
Marc-André Lureau

Re: [PATCH v2 10/15] hw/misc/bcm2835_cprman: add a clock mux skeleton implementation

[Philippe Mathieu-Daudé]

On 10/5/20 9:56 PM, Luc Michel wrote:
> The clock multiplexers are the last clock stage in the CPRMAN. Each mux
> outputs one clock signal that goes out of the CPRMAN to the SoC
> peripherals.
> 
> Each mux has at most 10 sources. The sources 0 to 3 are common to all
> muxes. They are:
>0. ground (no clock signal)
>1. the main oscillator (xosc)
>2. "test debug 0" clock
>3. "test debug 1" clock
> 
> Test debug 0 and 1 are actual clock muxes that can be used as sources to
> other muxes (for debug purpose).
> 
> Sources 4 to 9 are mux specific and can be unpopulated (grounded). Those
> sources are fed by the PLL channels outputs.
> 
> One corner case exists for DSI0E and DSI0P muxes. They have their source
> number 4 connected to an intermediate multiplexer that can select
> between PLLA-DSI0 and PLLD-DSI0 channel. This multiplexer is called
> DSI0HSCK and is not a clock mux as such. It is really a simple mux from
> the hardware point of view (see https://elinux.org/The_Undocumented_Pi).
> This mux is not implemented in this commit.
> 
> Note that there is some muxes for which sources are unknown (because of
> a lack of documentation). For those cases all the sources are connected
> to ground in this implementation.
> 
> Each clock mux output is exported by the CPRMAN at the qdev level,
> adding the suffix '-out' to the mux name to form the output clock name.
> (E.g. the 'uart' mux sees its output exported as 'uart-out' at the
> CPRMAN level.)
> 
> Tested-by: Philippe Mathieu-Daudé 
> Signed-off-by: Luc Michel 
> ---
>  include/hw/misc/bcm2835_cprman.h   |  84 
>  include/hw/misc/bcm2835_cprman_internals.h | 421 +
>  hw/misc/bcm2835_cprman.c   | 150 
>  3 files changed, 655 insertions(+)
[...]

> +#define FILL_CLOCK_MUX_INIT_INFO(clock_, kind_) \
> +.cm_offset = R_CM_ ## clock_ ## CTL,\
> +FILL_CLOCK_MUX_SRC_MAPPING_INIT_INFO(kind_)
> +
> +static ClockMuxInitInfo CLOCK_MUX_INIT_INFO[] = {
> +[CPRMAN_CLOCK_GNRIC] = {
> +.name = "gnric",
> +FILL_CLOCK_MUX_INIT_INFO(GNRIC, unknown),
> +},
[...]

> +static inline void update_mux_from_cm(BCM2835CprmanState *s, size_t idx)
> +{
> +size_t i;
> +
> +for (i = 0; i < CPRMAN_NUM_CLOCK_MUX; i++) {
> +if ((CLOCK_MUX_INIT_INFO[i].cm_offset == idx) ||
> +(CLOCK_MUX_INIT_INFO[i].cm_offset == idx + 4)) {

Maybe add a /* Matches DIV or CTL */ comment. Anyway
FILL_CLOCK_MUX_INIT_INFO() only uses CTL, not DIV, so
+4 check is not necessary.

Otherwise:
Reviewed-by: Philippe Mathieu-Daudé 

> +clock_mux_update(&s->clock_muxes[i]);
> +return;
> +}
> +}
> +}
> +
>  #define CASE_PLL_A2W_REGS(pll_) \
>  case R_A2W_ ## pll_ ## _CTRL: \
>  case R_A2W_ ## pll_ ## _ANA0: \
>  case R_A2W_ ## pll_ ## _ANA1: \
>  case R_A2W_ ## pll_ ## _ANA2: \
> @@ -363,10 +438,19 @@ static void cprman_write(void *opaque, hwaddr offset,
>  case R_A2W_PLLH_RCAL:
>  case R_A2W_PLLH_PIX:
>  case R_A2W_PLLB_ARM:
>  update_channel_from_a2w(s, idx);
>  break;
> +
> +case R_CM_GNRICCTL ... R_CM_SMIDIV:
> +case R_CM_TCNTCNT ... R_CM_VECDIV:
> +case R_CM_PULSECTL ... R_CM_PULSEDIV:
> +case R_CM_SDCCTL ... R_CM_ARMCTL:
> +case R_CM_AVEOCTL ... R_CM_EMMCDIV:
> +case R_CM_EMMC2CTL ... R_CM_EMMC2DIV:
> +update_mux_from_cm(s, idx);
> +break;
>  }
>  }
[...]

[Bug 1772165] Re: arm raspi2/raspi3 emulation has no USB support

[Paul Zimmerman]

Here is that command line again, hopefully readable this time:

qemu-system-arm -M raspi2 \
-drive file=2019-09-26-raspbian-buster.img,format=raw,if=sd \
-dtb bcm2709-rpi-2-b.dtb \
-kernel kernel7.img \
-append 'rw earlycon=pl011,0x3f201000 console=ttyAMA0 \
loglevel=8 root=/dev/mmcblk0p2 fsck.repair=yes \
net.ifnames=0 rootwait memtest=1 \
dwc_otg.fiq_fsm_enable=0' \
-serial stdio -no-reboot \
-netdev user,id=net0 \
-usb -device usb-kbd -device usb-tablet \
-device usb-net,netdev=net0

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1772165

Title:
  arm raspi2/raspi3 emulation has no USB support

Status in QEMU:
  Confirmed

Bug description:
  Using Qemu 2.12.0 on ArchLinux.

  Trying to emulate arm device with `qemu-system-arm` and attach usb
  device for unput using

  ` -usb -device usb-host,bus=001,vendorid=0x1d6b,productid=0x0002 `

  # lsusb returns

  Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
  Bus 001 Device 014: ID 13d3:3487 IMC Networks 
  Bus 001 Device 004: ID 0457:11af Silicon Integrated Systems Corp. 
  Bus 001 Device 003: ID 0bda:57e6 Realtek Semiconductor Corp. 
  Bus 001 Device 002: ID 0bda:0129 Realtek Semiconductor Corp. RTS5129 Card 
Reader Controller
  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

  # qemu returns
  qemu-system-arm: -device usb-host,bus=001,vendorid=0x1d6b,productid=0x0002: 
Bus '001' not found

  
  Tried with connecting external usb keyboard but that didn't seem to work 
either.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1772165/+subscriptions

Re: [PATCH v2 11/15] hw/misc/bcm2835_cprman: implement clock mux behaviour

[Philippe Mathieu-Daudé]

On 10/5/20 9:56 PM, Luc Michel wrote:
> A clock mux can be configured to select one of its 10 sources through
> the CM_CTL register. It also embeds yet another clock divider, composed
> of an integer part and a fractional part. The number of bits of each
> part is mux dependent.
> 
> Tested-by: Philippe Mathieu-Daudé 
> Signed-off-by: Luc Michel 
> ---
>  hw/misc/bcm2835_cprman.c | 44 +++-
>  1 file changed, 43 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/misc/bcm2835_cprman.c b/hw/misc/bcm2835_cprman.c
> index a470ce2026..7d59423367 100644
> --- a/hw/misc/bcm2835_cprman.c
> +++ b/hw/misc/bcm2835_cprman.c
> @@ -229,19 +229,61 @@ static const TypeInfo cprman_pll_channel_info = {
>  };
>  
>  
>  /* clock mux */
>  
> +static bool clock_mux_is_enabled(CprmanClockMuxState *mux)
> +{
> +return FIELD_EX32(*mux->reg_cm, CM_CLOCKx_CTL, ENABLE);
> +}
> +
>  static void clock_mux_update(CprmanClockMuxState *mux)
>  {
> -clock_update(mux->out, 0);
> +uint64_t freq;
> +uint32_t div, src = FIELD_EX32(*mux->reg_cm, CM_CLOCKx_CTL, SRC);
> +bool enabled = clock_mux_is_enabled(mux);
> +
> +*mux->reg_cm = FIELD_DP32(*mux->reg_cm, CM_CLOCKx_CTL, BUSY, enabled);
> +
> +if (!enabled) {
> +clock_update(mux->out, 0);
> +return;
> +}
> +
> +freq = clock_get_hz(mux->srcs[src]);
> +
> +if (mux->int_bits == 0 && mux->frac_bits == 0) {
> +clock_update_hz(mux->out, freq);
> +return;
> +}
> +
> +/*
> + * The divider has an integer and a fractional part. The size of each 
> part
> + * varies with the muxes (int_bits and frac_bits). Both parts are
> + * concatenated, with the integer part always starting at bit 12.
> + */
> +div = mux->reg_cm[1] >> (R_CM_CLOCKx_DIV_FRAC_LENGTH - mux->frac_bits);
> +div &= (1 << (mux->int_bits + mux->frac_bits)) - 1;

I understand the description as:

   0
  [ 12-bit][ 12-bit][   reserved...   ]
 CM_CLOCKx_DIV[  FRAC ][  INT  ][ ]
  [ ][  ][ ]
^

What about:

   div = extract32(mux->reg_cm[1],
   R_CM_CLOCKx_DIV_FRAC_LENGTH - mux->frac_bits,
   mux->frac_bits, mux->int_bits);

Also consider adding the register visual representation if it is
correct.

> +
> +if (!div) {
> +clock_update(mux->out, 0);
> +}
> +
> +freq = muldiv64(freq, 1 << mux->frac_bits, div);
> +
> +clock_update_hz(mux->out, freq);
>  }
>  
>  static void clock_mux_src_update(void *opaque)
>  {
>  CprmanClockMuxState **backref = opaque;
>  CprmanClockMuxState *s = *backref;
> +CprmanClockMuxSource src = backref - s->backref;
> +
> +if (FIELD_EX32(*s->reg_cm, CM_CLOCKx_CTL, SRC) != src) {
> +return;
> +}
>  
>  clock_mux_update(s);
>  }
>  
>  static void clock_mux_init(Object *obj)
> 

Re: [PATCH v2 2/3] qga: add implementation of guest-get-disks for Linux

[Daniel P . Berrangé]

On Mon, Sep 07, 2020 at 11:14:41AM +0200, Tomáš Golembiovský wrote:
> The command lists all disks (real and virtual) as well as disk
> partitions. For each disk the list of slave disks is also listed and
> /dev path is used as a handle so it can be matched with "name" filed of
> other returned disk entries. For disk partitions the "slave" list is
> populated with the the parent device for easier tracking of hierarchy.
> 
> Example output:
> {
>   "return": [
> ...
> {
>   "name": "/dev/dm-0",
>   "partition": false,
>   "slaves": [
> "/dev/sda2"
>   ],
>   "alias": "luks-7062202e-5b9b-433e-81e8-6628c40da9f7"
> },
> {
>   "name": "/dev/sda2",
>   "partition": true,
>   "slaves": [
> "/dev/sda"
>   ]
> },
> {
>   "name": "/dev/sda",
>   "partition": false,
>   "address": {
> "serial": "SAMSUNG_MZ7LN512HCHP-000L1_S1ZKNXAG822493",
> "bus-type": "sata",
> ...
> "dev": "/dev/sda",
> "target": 0
>   },
>   "slaves": []
> },
> ...
>   ]
> }
> 
> Signed-off-by: Tomáš Golembiovský 
> ---
>  qga/commands-posix.c | 247 +--
>  1 file changed, 240 insertions(+), 7 deletions(-)
> 
> diff --git a/qga/commands-posix.c b/qga/commands-posix.c
> index f99731af51..3babc25c09 100644
> --- a/qga/commands-posix.c
> +++ b/qga/commands-posix.c
> @@ -62,6 +62,9 @@ extern char **environ;
>  #endif
>  #endif
>  
> +G_DEFINE_AUTOPTR_CLEANUP_FUNC(GuestFilesystemInfo,
> +qapi_free_GuestFilesystemInfo)
> +
>  static void ga_wait_child(pid_t pid, int *status, Error **errp)
>  {
>  pid_t rpid;
> @@ -1150,6 +1153,21 @@ static void build_guest_fsinfo_for_virtual_device(char 
> const *syspath,
>  closedir(dir);
>  }
>  
> +static bool is_disk_virtual(const char *devpath, Error **errp)
> +{
> +g_autofree char *syspath = realpath(devpath, NULL);
> +
> +if (!syspath) {
> +error_setg_errno(errp, errno, "realpath(\"%s\")", devpath);
> +return false;
> +}
> +if (strstr(syspath, "/devices/virtual/block/")) {
> +return true;
> +} else {
> +return false;
> +}
> +}
> +
>  /* Dispatch to functions for virtual/real device */
>  static void build_guest_fsinfo_for_device(char const *devpath,
>GuestFilesystemInfo *fs,
> @@ -1168,6 +1186,7 @@ static void build_guest_fsinfo_for_device(char const 
> *devpath,
>  
>  g_debug("  parse sysfs path '%s'", syspath);
>  
> +/* TODO: use is_disk_virtual() */
>  if (strstr(syspath, "/devices/virtual/block/")) {
>  build_guest_fsinfo_for_virtual_device(syspath, fs, errp);
>  } else {
> @@ -1177,6 +1196,225 @@ static void build_guest_fsinfo_for_device(char const 
> *devpath,
>  free(syspath);
>  }
>  
> +#ifdef CONFIG_LIBUDEV
> +
> +/*
> + * Wrapper around build_guest_fsinfo_for_device() for getting just
> + * the disk address.
> + */
> +static GuestDiskAddress *get_disk_address(const char *syspath, Error **errp)
> +{
> +g_autoptr(GuestFilesystemInfo) fs = NULL;
> +
> +fs = g_new0(GuestFilesystemInfo, 1);
> +build_guest_fsinfo_for_device(syspath, fs, errp);
> +if (fs->disk != NULL) {
> +return g_steal_pointer(&fs->disk->value);
> +}
> +return NULL;
> +}
> +
> +static char *get_alias_for_syspath(const char *syspath)
> +{
> +struct udev *udev = NULL;
> +struct udev_device *udevice = NULL;
> +char *ret = NULL;
> +
> +udev = udev_new();
> +udevice = udev_device_new_from_syspath(udev, syspath);
> +if (udev == NULL || udevice == NULL) {
> +g_debug("failed to query udev");
> +} else {
> +const char *alias = udev_device_get_property_value(
> +udevice, "DM_NAME");
> +if (alias != NULL && *alias != 0) {
> +ret = g_strdup(alias);
> +}
> +}
> +
> +udev_unref(udev);
> +udev_device_unref(udevice);
> +return ret;
> +}
> +
> +static char *get_device_for_syspath(const char *syspath)
> +{
> +struct udev *udev = NULL;
> +struct udev_device *udevice = NULL;
> +char *ret = NULL;
> +
> +udev = udev_new();
> +udevice = udev_device_new_from_syspath(udev, syspath);
> +if (udev == NULL || udevice == NULL) {
> +g_debug("failed to query udev");
> +} else {
> +ret = g_strdup(udev_device_get_devnode(udevice));
> +}
> +udev_unref(udev);
> +udev_device_unref(udevice);
> +return ret;
> +}
> +
> +GuestDiskInfoList *qmp_guest_get_disks(Error **errp)
> +{
> +GuestDiskInfoList *item, *ret = NULL;
> +GuestDiskInfo *disk, *partition;
> +DIR *dp = NULL;
> +struct dirent *de = NULL;
> +
> +g_debug("listing /sys/block directory");
> +dp = opendir("/sys/block");
> +if (dp == NULL) {
> +error_setg_errno(errp, errno, "Can't open directory \"/sys/block\"");
> +return NULL;
> +}
> +while ((de = readdir(dp)) != 

Re: [PATCH v2 15/15] hw/arm/bcm2835_peripherals: connect the UART clock

[Philippe Mathieu-Daudé]

On 10/5/20 9:56 PM, Luc Michel wrote:
> Connect the 'uart-out' clock from the CPRMAN to the PL011 instance.
> 
> Signed-off-by: Luc Michel 
> ---
>  hw/arm/bcm2835_peripherals.c | 2 ++
>  1 file changed, 2 insertions(+)

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v2 09/15] hw/misc/bcm2835_cprman: implement PLL channels behaviour

[Philippe Mathieu-Daudé]

On 10/5/20 9:56 PM, Luc Michel wrote:
> A PLL channel is able to further divide the generated PLL frequency.
> The divider is given in the CTRL_A2W register. Some channels have an
> additional fixed divider which is always applied to the signal.
> 
> Tested-by: Philippe Mathieu-Daudé 
> Signed-off-by: Luc Michel 
> ---
>  hw/misc/bcm2835_cprman.c | 33 -
>  1 file changed, 32 insertions(+), 1 deletion(-)

Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v2 03/15] hw/core/clock: add the clock_new helper function

[Philippe Mathieu-Daudé]

On 10/5/20 9:56 PM, Luc Michel wrote:
> This function creates a clock a parent it to another object with a given
> name. It calls clock_setup_canonical_path before returning the new
> clock.
> 
> This function is useful to create clocks in devices when one doesn't
> want to expose it at the qdev level (as an input or an output).
> 
> Suggested-by: Philippe Mathieu-Daudé 
> Signed-off-by: Luc Michel 
> ---
>  include/hw/clock.h | 26 ++
>  1 file changed, 26 insertions(+)
> 
> diff --git a/include/hw/clock.h b/include/hw/clock.h
> index c93e6113cd..a67c4c008b 100644
> --- a/include/hw/clock.h
> +++ b/include/hw/clock.h
> @@ -93,10 +93,36 @@ extern const VMStateDescription vmstate_clock;
>   *
>   * compute the canonical path of the clock (used by log messages)
>   */
>  void clock_setup_canonical_path(Clock *clk);
>  
> +/**
> + * clock_new:
> + * @parent: the clock parent
> + * @name: the clock object name
> + *
> + * Helper function to create a new clock and parent it to @parent. There is 
> no
> + * need to call clock_setup_canonical_path on the returned clock as it is 
> done
> + * by this function.
> + *
> + * @return the newly created clock
> + */
> +static inline Clock *clock_new(Object *parent, const char *name)
> +{
> +Object *obj;
> +Clock *clk;
> +
> +obj = object_new(TYPE_CLOCK);
> +object_property_add_child(parent, name, obj);
> +object_unref(obj);
> +
> +clk = CLOCK(obj);
> +clock_setup_canonical_path(clk);

Thanks for adding this function. It doesn't seem justified
to have it inlined. Can you move it to hw/core/clock.c?

> +
> +return clk;
> +}
> +
>  /**
>   * clock_set_callback:
>   * @clk: the clock to register the callback into
>   * @cb: the callback function
>   * @opaque: the argument to the callback
> 

Re: [RFC PATCH 08/21] contrib/gitdm: Add Mentor Graphics to the domain map

[Philippe Mathieu-Daudé]

On 10/6/20 6:01 AM, Jan Kiszka wrote:
> On 05.10.20 22:52, Joseph Myers wrote:
>> On Mon, 5 Oct 2020, Alex Bennée wrote:
>>
>>> Joseph Myers  writes:
>>>
 On Sun, 4 Oct 2020, Philippe Mathieu-Daudé wrote:

> There is a number of contributors from this domain,
> add its own entry to the gitdm domain map.

 At some point the main branding will be Siemens; not sure how you want to 
 handle that.
>>>
>>> We've already done something similar with WaveComp who have rolled up
>>> the various mips and imgtec contributions into
>>> contrib/gitdm/group-map-wavecomp.
>>>
>>> It's really up to you and which corporate entity would like internet
>>> bragging points. The only Siemens contributor I could find is Jan Kiszka
>>> but he has contributed a fair amount ;-)
>>
>> Given that the Mentor branding is going away (and the "Mentor Graphics" 
>> version largely has gone away, "Mentor, a Siemens Business" is what's 
>> currently used as a Mentor brand), probably it makes sense to use Siemens 
>> for both codesourcery.com and mentor.com addresses.
>>
> 
> I think the key question is what this map is used for: Is it supposed to
> document the historic status, who was who at the time of contribution?
> Or is its purpose to help identifying the copyright holder of a
> contribution today?

My understanding is it is useful to document the historic status
(who was who at the time of contribution). The tool support such
granularity [*]:

EmailMap file

Map email addresses onto employers.  These files contain lines
like:

[user@]domain  employer  [< -mm-dd]

If the "user@" portion is missing, all email from the given domain
will be treated as being associated with the given employer.  If a
date is provided, the entry is only valid up to that date;
otherwise it is considered valid into the indefinite future.  This
feature can be useful for properly tracking developers' work when
they change employers but do not change email addresses.

[*] https://repo.or.cz/git-dm.git/blob/098408bc4d:/README#l122

Regards,

Phil.

[PATCH 0/2] Move more code to softmmu/

[Paolo Bonzini]

This small series moves more files to the softmmu/ directory.
Patch 1 covers files that can be moved completely, while
patch 2 splits exec.c into common and softmmu parts.

Based-on: <20201006072947.487729-1-pbonz...@redhat.com>

Paolo Bonzini (2):
  softmmu: move more files to softmmu/
  exec: split out non-softmmu-specific parts

 MAINTAINERS  |   4 +-
 cpu.c| 452 ++
 include/exec/cpu-common.h|   3 +
 meson.build  |  12 +-
 bootdevice.c => softmmu/bootdevice.c |   0
 device_tree.c => softmmu/device_tree.c   |   0
 dma-helpers.c => softmmu/dma-helpers.c   |   0
 softmmu/meson.build  |  11 +
 exec.c => softmmu/physmem.c  | 454 +--
 qdev-monitor.c => softmmu/qdev-monitor.c |   0
 qemu-seccomp.c => softmmu/qemu-seccomp.c |   0
 tpm.c => softmmu/tpm.c   |   0
 12 files changed, 476 insertions(+), 460 deletions(-)
 create mode 100644 cpu.c
 rename bootdevice.c => softmmu/bootdevice.c (100%)
 rename device_tree.c => softmmu/device_tree.c (100%)
 rename dma-helpers.c => softmmu/dma-helpers.c (100%)
 rename exec.c => softmmu/physmem.c (91%)
 rename qdev-monitor.c => softmmu/qdev-monitor.c (100%)
 rename qemu-seccomp.c => softmmu/qemu-seccomp.c (100%)
 rename tpm.c => softmmu/tpm.c (100%)

-- 
2.26.2

[PATCH 1/2] softmmu: move more files to softmmu/

[Paolo Bonzini]

Keep most softmmu_ss files into the system-emulation-specific
directory.

Signed-off-by: Paolo Bonzini 
---
 meson.build  | 10 --
 bootdevice.c => softmmu/bootdevice.c |  0
 device_tree.c => softmmu/device_tree.c   |  0
 dma-helpers.c => softmmu/dma-helpers.c   |  0
 softmmu/meson.build  | 10 ++
 qdev-monitor.c => softmmu/qdev-monitor.c |  0
 qemu-seccomp.c => softmmu/qemu-seccomp.c |  0
 tpm.c => softmmu/tpm.c   |  0
 8 files changed, 10 insertions(+), 10 deletions(-)
 rename bootdevice.c => softmmu/bootdevice.c (100%)
 rename device_tree.c => softmmu/device_tree.c (100%)
 rename dma-helpers.c => softmmu/dma-helpers.c (100%)
 rename qdev-monitor.c => softmmu/qdev-monitor.c (100%)
 rename qemu-seccomp.c => softmmu/qemu-seccomp.c (100%)
 rename tpm.c => softmmu/tpm.c (100%)

diff --git a/meson.build b/meson.build
index 17c89c87c6..0e0577e81e 100644
--- a/meson.build
+++ b/meson.build
@@ -1360,17 +1360,7 @@ blockdev_ss.add(files(
 # os-win32.c does not
 blockdev_ss.add(when: 'CONFIG_POSIX', if_true: files('os-posix.c'))
 softmmu_ss.add(when: 'CONFIG_WIN32', if_true: [files('os-win32.c')])
-
 softmmu_ss.add_all(blockdev_ss)
-softmmu_ss.add(files(
-  'bootdevice.c',
-  'dma-helpers.c',
-  'qdev-monitor.c',
-), sdl)
-
-softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c'))
-softmmu_ss.add(when: 'CONFIG_SECCOMP', if_true: [files('qemu-seccomp.c'), 
seccomp])
-softmmu_ss.add(when: fdt, if_true: files('device_tree.c'))
 
 common_ss.add(files('cpus-common.c'))
 
diff --git a/bootdevice.c b/softmmu/bootdevice.c
similarity index 100%
rename from bootdevice.c
rename to softmmu/bootdevice.c
diff --git a/device_tree.c b/softmmu/device_tree.c
similarity index 100%
rename from device_tree.c
rename to softmmu/device_tree.c
diff --git a/dma-helpers.c b/softmmu/dma-helpers.c
similarity index 100%
rename from dma-helpers.c
rename to softmmu/dma-helpers.c
diff --git a/softmmu/meson.build b/softmmu/meson.build
index 36c96e7b15..862ab24878 100644
--- a/softmmu/meson.build
+++ b/softmmu/meson.build
@@ -14,3 +14,13 @@ specific_ss.add(when: 'CONFIG_SOFTMMU', if_true: [files(
 specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TCG'], if_true: [files(
   'icount.c'
 )])
+
+softmmu_ss.add(files(
+  'bootdevice.c',
+  'dma-helpers.c',
+  'qdev-monitor.c',
+), sdl)
+
+softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c'))
+softmmu_ss.add(when: 'CONFIG_SECCOMP', if_true: [files('qemu-seccomp.c'), 
seccomp])
+softmmu_ss.add(when: fdt, if_true: files('device_tree.c'))
diff --git a/qdev-monitor.c b/softmmu/qdev-monitor.c
similarity index 100%
rename from qdev-monitor.c
rename to softmmu/qdev-monitor.c
diff --git a/qemu-seccomp.c b/softmmu/qemu-seccomp.c
similarity index 100%
rename from qemu-seccomp.c
rename to softmmu/qemu-seccomp.c
diff --git a/tpm.c b/softmmu/tpm.c
similarity index 100%
rename from tpm.c
rename to softmmu/tpm.c
-- 
2.26.2

[PATCH 2/2] exec: split out non-softmmu-specific parts

[Paolo Bonzini]

Over the years, most parts of exec.c that were not specific to softmmu
have been moved to accel/tcg; what's left is mostly the low-level part
of the memory API, which includes RAMBlock and AddressSpaceDispatch.
However exec.c also hosts 4-500 lines of code for the target specific
parts of the CPU QOM object, plus a few functions for user-mode
emulation that do not have a better place (they are not TCG-specific so
accel/tcg/user-exec.c is not a good place either).

Move these parts to a new file, so that exec.c can be moved to
softmmu/physmem.c.

Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS |   4 +-
 cpu.c   | 452 +++
 include/exec/cpu-common.h   |   3 +
 meson.build |   2 +-
 softmmu/meson.build |   3 +-
 exec.c => softmmu/physmem.c | 454 +---
 6 files changed, 467 insertions(+), 451 deletions(-)
 create mode 100644 cpus.c
 rename exec.c => softmmu/physmem.c (91%)

diff --git a/MAINTAINERS b/MAINTAINERS
index e9d85cc873..ddd1490767 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -117,7 +117,6 @@ R: Paolo Bonzini 
 S: Maintained
 F: softmmu/cpus.c
 F: cpus-common.c
-F: exec.c
 F: accel/tcg/
 F: accel/stubs/tcg-stub.c
 F: scripts/decodetree.py
@@ -1525,6 +1524,7 @@ Machine core
 M: Eduardo Habkost 
 M: Marcel Apfelbaum 
 S: Supported
+F: cpu.c
 F: hw/core/cpu.c
 F: hw/core/machine-qmp-cmds.c
 F: hw/core/machine.c
@@ -2283,8 +2283,8 @@ F: include/exec/ram_addr.h
 F: include/exec/ramblock.h
 F: softmmu/ioport.c
 F: softmmu/memory.c
+F: softmmu/physmem.c
 F: include/exec/memory-internal.h
-F: exec.c
 F: scripts/coccinelle/memory-region-housekeeping.cocci
 
 SPICE
diff --git a/cpu.c b/cpu.c
new file mode 100644
index 00..0be5dcb6f3
--- /dev/null
+++ b/cpu.c
@@ -0,0 +1,452 @@
+/*
+ * Target-specific parts of the CPU object
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+
+#include "exec/target_page.h"
+#include "hw/qdev-core.h"
+#include "hw/qdev-properties.h"
+#include "qemu/error-report.h"
+#include "migration/vmstate.h"
+#ifdef CONFIG_USER_ONLY
+#include "qemu.h"
+#else
+#include "exec/address-spaces.h"
+#endif
+#include "sysemu/tcg.h"
+#include "sysemu/kvm.h"
+#include "sysemu/replay.h"
+#include "translate-all.h"
+#include "exec/log.h"
+
+uintptr_t qemu_host_page_size;
+intptr_t qemu_host_page_mask;
+
+#ifndef CONFIG_USER_ONLY
+static int cpu_common_post_load(void *opaque, int version_id)
+{
+CPUState *cpu = opaque;
+
+/* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
+   version_id is increased. */
+cpu->interrupt_request &= ~0x01;
+tlb_flush(cpu);
+
+/* loadvm has just updated the content of RAM, bypassing the
+ * usual mechanisms that ensure we flush TBs for writes to
+ * memory we've translated code from. So we must flush all TBs,
+ * which will now be stale.
+ */
+tb_flush(cpu);
+
+return 0;
+}
+
+static int cpu_common_pre_load(void *opaque)
+{
+CPUState *cpu = opaque;
+
+cpu->exception_index = -1;
+
+return 0;
+}
+
+static bool cpu_common_exception_index_needed(void *opaque)
+{
+CPUState *cpu = opaque;
+
+return tcg_enabled() && cpu->exception_index != -1;
+}
+
+static const VMStateDescription vmstate_cpu_common_exception_index = {
+.name = "cpu_common/exception_index",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = cpu_common_exception_index_needed,
+.fields = (VMStateField[]) {
+VMSTATE_INT32(exception_index, CPUState),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static bool cpu_common_crash_occurred_needed(void *opaque)
+{
+CPUState *cpu = opaque;
+
+return cpu->crash_occurred;
+}
+
+static const VMStateDescription vmstate_cpu_common_crash_occurred = {
+.name = "cpu_common/crash_occurred",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = cpu_common_crash_occurred_needed,
+.fields = (VMStateField[]) {
+VMSTATE_BOOL(crash_occurred, CPUState),
+VMSTATE_END_OF_LIST()
+}
+};
+
+const VMStateDescription vmstate_cpu_common = {
+.name = "cpu_common",
+.version_id = 1,
+.minimum_version_id = 1,
+.pre_load = cpu_common_pre_load,
+.post_load 

Re: [PULL 5/5] crypto/tls-cipher-suites: Produce fw_cfg consumable blob

[Philippe Mathieu-Daudé]

On 10/6/20 10:41 AM, Laszlo Ersek wrote:
> On 10/05/20 11:16, Philippe Mathieu-Daudé wrote:
>> Hi Laszlo,
>>
>> On 10/1/20 9:18 AM, Laszlo Ersek wrote:
>>> On 09/29/20 17:46, Kevin Wolf wrote:
 Am 04.07.2020 um 18:39 hat Philippe Mathieu-Daudé geschrieben:
> Since our format is consumable by the fw_cfg device,
> we can implement the FW_CFG_DATA_GENERATOR interface.
>
> Example of use to dump the cipher suites (if tracing enabled):
>
>   $ qemu-system-x86_64 -S \
> -object tls-cipher-suites,id=mysuite1,priority=@SYSTEM \
> -fw_cfg name=etc/path/to/ciphers,gen_id=mysuite1 \
> -trace qcrypto\*
>   159066.197123:qcrypto_tls_cipher_suite_priority priority: @SYSTEM
>   159066.197219:qcrypto_tls_cipher_suite_info data=[0x13,0x02] 
> version=TLS1.3 name=TLS_AES_256_GCM_SHA384
>   159066.197228:qcrypto_tls_cipher_suite_info data=[0x13,0x03] 
> version=TLS1.3 name=TLS_CHACHA20_POLY1305_SHA256
>   159066.197233:qcrypto_tls_cipher_suite_info data=[0x13,0x01] 
> version=TLS1.3 name=TLS_AES_128_GCM_SHA256
>   159066.197236:qcrypto_tls_cipher_suite_info data=[0x13,0x04] 
> version=TLS1.3 name=TLS_AES_128_CCM_SHA256
>   159066.197240:qcrypto_tls_cipher_suite_info data=[0xc0,0x30] 
> version=TLS1.2 name=TLS_ECDHE_RSA_AES_256_GCM_SHA384
>   159066.197245:qcrypto_tls_cipher_suite_info data=[0xcc,0xa8] 
> version=TLS1.2 name=TLS_ECDHE_RSA_CHACHA20_POLY1305
>   159066.197250:qcrypto_tls_cipher_suite_info data=[0xc0,0x14] 
> version=TLS1.0 name=TLS_ECDHE_RSA_AES_256_CBC_SHA1
>   159066.197254:qcrypto_tls_cipher_suite_info data=[0xc0,0x2f] 
> version=TLS1.2 name=TLS_ECDHE_RSA_AES_128_GCM_SHA256
>   159066.197258:qcrypto_tls_cipher_suite_info data=[0xc0,0x13] 
> version=TLS1.0 name=TLS_ECDHE_RSA_AES_128_CBC_SHA1
>   159066.197261:qcrypto_tls_cipher_suite_info data=[0xc0,0x2c] 
> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_GCM_SHA384
>   159066.197266:qcrypto_tls_cipher_suite_info data=[0xcc,0xa9] 
> version=TLS1.2 name=TLS_ECDHE_ECDSA_CHACHA20_POLY1305
>   159066.197270:qcrypto_tls_cipher_suite_info data=[0xc0,0xad] 
> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_256_CCM
>   159066.197274:qcrypto_tls_cipher_suite_info data=[0xc0,0x0a] 
> version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_256_CBC_SHA1
>   159066.197278:qcrypto_tls_cipher_suite_info data=[0xc0,0x2b] 
> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
>   159066.197283:qcrypto_tls_cipher_suite_info data=[0xc0,0xac] 
> version=TLS1.2 name=TLS_ECDHE_ECDSA_AES_128_CCM
>   159066.197287:qcrypto_tls_cipher_suite_info data=[0xc0,0x09] 
> version=TLS1.0 name=TLS_ECDHE_ECDSA_AES_128_CBC_SHA1
>   159066.197291:qcrypto_tls_cipher_suite_info data=[0x00,0x9d] 
> version=TLS1.2 name=TLS_RSA_AES_256_GCM_SHA384
>   159066.197296:qcrypto_tls_cipher_suite_info data=[0xc0,0x9d] 
> version=TLS1.2 name=TLS_RSA_AES_256_CCM
>   159066.197300:qcrypto_tls_cipher_suite_info data=[0x00,0x35] 
> version=TLS1.0 name=TLS_RSA_AES_256_CBC_SHA1
>   159066.197304:qcrypto_tls_cipher_suite_info data=[0x00,0x9c] 
> version=TLS1.2 name=TLS_RSA_AES_128_GCM_SHA256
>   159066.197308:qcrypto_tls_cipher_suite_info data=[0xc0,0x9c] 
> version=TLS1.2 name=TLS_RSA_AES_128_CCM
>   159066.197312:qcrypto_tls_cipher_suite_info data=[0x00,0x2f] 
> version=TLS1.0 name=TLS_RSA_AES_128_CBC_SHA1
>   159066.197316:qcrypto_tls_cipher_suite_info data=[0x00,0x9f] 
> version=TLS1.2 name=TLS_DHE_RSA_AES_256_GCM_SHA384
>   159066.197320:qcrypto_tls_cipher_suite_info data=[0xcc,0xaa] 
> version=TLS1.2 name=TLS_DHE_RSA_CHACHA20_POLY1305
>   159066.197325:qcrypto_tls_cipher_suite_info data=[0xc0,0x9f] 
> version=TLS1.2 name=TLS_DHE_RSA_AES_256_CCM
>   159066.197329:qcrypto_tls_cipher_suite_info data=[0x00,0x39] 
> version=TLS1.0 name=TLS_DHE_RSA_AES_256_CBC_SHA1
>   159066.197333:qcrypto_tls_cipher_suite_info data=[0x00,0x9e] 
> version=TLS1.2 name=TLS_DHE_RSA_AES_128_GCM_SHA256
>   159066.197337:qcrypto_tls_cipher_suite_info data=[0xc0,0x9e] 
> version=TLS1.2 name=TLS_DHE_RSA_AES_128_CCM
>   159066.197341:qcrypto_tls_cipher_suite_info data=[0x00,0x33] 
> version=TLS1.0 name=TLS_DHE_RSA_AES_128_CBC_SHA1
>   159066.197345:qcrypto_tls_cipher_suite_count count: 29
>
> Signed-off-by: Philippe Mathieu-Daudé 
> Reviewed-by: Daniel P. Berrangé 
> Acked-by: Laszlo Ersek 
> Message-Id: <20200623172726.21040-6-phi...@redhat.com>

 I noticed only now that this breaks '--object help' in
 qemu-storage-daemon:

 $ qemu-storage-daemon --object help
 List of user creatable objects:
 qemu-storage-daemon: missing interface 'fw_cfg-data-generator' for object 
 'tls-creds'
 Aborted (core dumped)

Re: QEMU API cleanup initiative - Let's chat during the KVM call

[Paolo Bonzini]

On 05/10/20 16:52, John Snow wrote:
> - Markus considers the platonic ideal of a CLI one in which each flag is
> a configuration directive, and each directive that references another
> directive must appear after the directive in which it references.
> 
> - I tend to consider the ideal configuration to be a static object that
> has no inherent order from one key to the next, e.g. a JSON object or
> static flat file that can be used to configure the sysemu.
> 
> They're not compatible visions; and they have implications for error
> ordering and messages and so on.

I think they aren't incompatible.  Even your idea would probably forbid
cycles, so it only takes a topological sort to go from an unordered
configuration to an ordered one.  The only difference is whether it's
the user or the program that does it.

> For the meantime, Markus's vision is closer to what QEMU already does,
> so it's likely the winning answer for now and if a conversion to the
> other idea is required at a time later, we'll have to tackle it then. (I
> think.)
> 
> It's a good subject of discussion. (Also relevant: if parsing is to
> occur in more than the CLI context, the existing contextual CLI parser
> error system needs to be reworked to avoid monitor-unsafe error calls.
> It's not trivial, I think.)

I think parsing should occur in CLI context only, but errors can occur
elsewhere too.

I think the idea for this kind of refactoring is always to first make
the code behave the way you want, and only then change the
implementation to look the way you want.

Currently we have:

switch (...) {
case QEMU_OPT_...:
/* something has side effects, something is just parsing */
}

init1();
qemu_opts_foreach(something_opts, configure_something);
init2();
qemu_opts_foreach(some_more_opts, configure_some_more);
init3();

enter_preconfig();

We should first of all change it to

parse_command_line() {
apply_simple_options()l
qemu_opts_foreach(something_opts, configure_something);
qemu_opts_foreach(some_more_opts, configure_some_more);
}

switch (...) {
case QEMU_OPT_...:
/* no side effects on the initN() calls below */
}

init1();
init2();
init3();

parse_command_line()

enter_preconfig();

more_init_that_needs_side_effects();

This way, the parse_command_line() and its qemu_opts_foreach callbacks
can become changed into a series of qmp_*() commands.  The commands can
be called within the appropriate loc_push() though.

Problem is, it's 1000 lines of initialization interspersed with
qemu_opts_foreach calls.  But it's doable.

Paolo

Re: [PATCH 1/2] softmmu: move more files to softmmu/

[Philippe Mathieu-Daudé]

On 10/6/20 11:19 AM, Paolo Bonzini wrote:
> Keep most softmmu_ss files into the system-emulation-specific
> directory.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  meson.build  | 10 --
>  bootdevice.c => softmmu/bootdevice.c |  0
>  device_tree.c => softmmu/device_tree.c   |  0
>  dma-helpers.c => softmmu/dma-helpers.c   |  0
>  softmmu/meson.build  | 10 ++
>  qdev-monitor.c => softmmu/qdev-monitor.c |  0
>  qemu-seccomp.c => softmmu/qemu-seccomp.c |  0
>  tpm.c => softmmu/tpm.c   |  0
>  8 files changed, 10 insertions(+), 10 deletions(-)
>  rename bootdevice.c => softmmu/bootdevice.c (100%)
>  rename device_tree.c => softmmu/device_tree.c (100%)
>  rename dma-helpers.c => softmmu/dma-helpers.c (100%)
>  rename qdev-monitor.c => softmmu/qdev-monitor.c (100%)

TIL qdev-monitor.c :)

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

>  rename qemu-seccomp.c => softmmu/qemu-seccomp.c (100%)
>  rename tpm.c => softmmu/tpm.c (100%)

Re: [PATCH 1/2] softmmu: move more files to softmmu/

[Philippe Mathieu-Daudé]

On 10/6/20 11:34 AM, Philippe Mathieu-Daudé wrote:
> On 10/6/20 11:19 AM, Paolo Bonzini wrote:
>> Keep most softmmu_ss files into the system-emulation-specific
>> directory.

Oops, you forgot to update MAINTAINERS.

>>
>> Signed-off-by: Paolo Bonzini 
>> ---
>>  meson.build  | 10 --
>>  bootdevice.c => softmmu/bootdevice.c |  0
>>  device_tree.c => softmmu/device_tree.c   |  0
>>  dma-helpers.c => softmmu/dma-helpers.c   |  0
>>  softmmu/meson.build  | 10 ++
>>  qdev-monitor.c => softmmu/qdev-monitor.c |  0
>>  qemu-seccomp.c => softmmu/qemu-seccomp.c |  0
>>  tpm.c => softmmu/tpm.c   |  0
>>  8 files changed, 10 insertions(+), 10 deletions(-)
>>  rename bootdevice.c => softmmu/bootdevice.c (100%)

"Gonglei (Arei)"  (maintainer:Bootdevice)

>>  rename device_tree.c => softmmu/device_tree.c (100%)

Alistair Francis  (maintainer:Device Tree)
David Gibson  (reviewer:Device Tree)

>>  rename dma-helpers.c => softmmu/dma-helpers.c (100%)

No maintainers.

>>  rename qdev-monitor.c => softmmu/qdev-monitor.c (100%)

Paolo Bonzini  (supporter:QOM)
"Daniel P. Berrangé"  (reviewer:QOM)
Eduardo Habkost  (reviewer:QOM)

> 
> TIL qdev-monitor.c :)
> 
> Reviewed-by: Philippe Mathieu-Daudé 
> Tested-by: Philippe Mathieu-Daudé 
> 
>>  rename qemu-seccomp.c => softmmu/qemu-seccomp.c (100%)

Eduardo Otubo  (supporter:Seccomp)

>>  rename tpm.c => softmmu/tpm.c (100%)

Stefan Berger  (maintainer:TPM)

Re: QEMU API cleanup initiative - Let's chat during the KVM call

[Daniel P . Berrangé]

On Tue, Oct 06, 2020 at 11:30:20AM +0200, Paolo Bonzini wrote:
> On 05/10/20 16:52, John Snow wrote:
> > - Markus considers the platonic ideal of a CLI one in which each flag is
> > a configuration directive, and each directive that references another
> > directive must appear after the directive in which it references.
> > 
> > - I tend to consider the ideal configuration to be a static object that
> > has no inherent order from one key to the next, e.g. a JSON object or
> > static flat file that can be used to configure the sysemu.
> > 
> > They're not compatible visions; and they have implications for error
> > ordering and messages and so on.
> 
> I think they aren't incompatible.  Even your idea would probably forbid
> cycles, so it only takes a topological sort to go from an unordered
> configuration to an ordered one.  The only difference is whether it's
> the user or the program that does it.
> 
> > For the meantime, Markus's vision is closer to what QEMU already does,
> > so it's likely the winning answer for now and if a conversion to the
> > other idea is required at a time later, we'll have to tackle it then. (I
> > think.)
> > 
> > It's a good subject of discussion. (Also relevant: if parsing is to
> > occur in more than the CLI context, the existing contextual CLI parser
> > error system needs to be reworked to avoid monitor-unsafe error calls.
> > It's not trivial, I think.)
> 
> I think parsing should occur in CLI context only, but errors can occur
> elsewhere too.
> 
> I think the idea for this kind of refactoring is always to first make
> the code behave the way you want, and only then change the
> implementation to look the way you want.
> 
> Currently we have:
> 
> switch (...) {
> case QEMU_OPT_...:
> /* something has side effects, something is just parsing */
> }
> 
> init1();
> qemu_opts_foreach(something_opts, configure_something);
> init2();
> qemu_opts_foreach(some_more_opts, configure_some_more);
> init3();
> 
> enter_preconfig();
> 
> We should first of all change it to
> 
> parse_command_line() {
> apply_simple_options()l
> qemu_opts_foreach(something_opts, configure_something);
> qemu_opts_foreach(some_more_opts, configure_some_more);
> }
> 
> switch (...) {
> case QEMU_OPT_...:
> /* no side effects on the initN() calls below */
> }
> 
> init1();
> init2();
> init3();
> 
> parse_command_line()
> 
> enter_preconfig();
> 
> more_init_that_needs_side_effects();
> 
> This way, the parse_command_line() and its qemu_opts_foreach callbacks
> can become changed into a series of qmp_*() commands.  The commands can
> be called within the appropriate loc_push() though.
> 
> Problem is, it's 1000 lines of initialization interspersed with
> qemu_opts_foreach calls.  But it's doable.

I feel that both of these approaches are equally broken, as they don't
honour the order in which arguments are passed by the caller when
creating resources.

This leads to the crazy hacks we have with -object where we have to
create certain objects at certain stages.

To make QEMU CLI parsing sane we need to be able to create objects as
we parse them.

   while (n++ < argc) {
switch (argv[n]) {
   case QEMU_OPT_foo:
 ...parse argv[n]...
 ...create argv[n]...
}
   }

IOW, all usage of 'qemu_opts_foreach' should be targetted for complete
elimination.

I'm not convinced that your proposed change takes us in direction, if
anything it is encoding the current split of parsing vs creation even
more strongly.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[PATCH v4 2/4] pc-bios: s390x: Save PSW rework

[Janosch Frank]

We don't need to save the ipl_continue variable in lowcore and have it
limited to 32 bits because of the lowcore layout. Let's move it to a
new 64 bit variable and get rid of the reset info struct.

Signed-off-by: Janosch Frank 
Reviewed-by: Thomas Huth 
---
 pc-bios/s390-ccw/jump2ipl.c | 33 +
 1 file changed, 13 insertions(+), 20 deletions(-)

diff --git a/pc-bios/s390-ccw/jump2ipl.c b/pc-bios/s390-ccw/jump2ipl.c
index 767012bf0c..b6aad32def 100644
--- a/pc-bios/s390-ccw/jump2ipl.c
+++ b/pc-bios/s390-ccw/jump2ipl.c
@@ -13,20 +13,17 @@
 #define KERN_IMAGE_START 0x01UL
 #define RESET_PSW_MASK (PSW_MASK_SHORTPSW | PSW_MASK_64)
 
-typedef struct ResetInfo {
-uint64_t ipl_psw;
-uint32_t ipl_continue;
-} ResetInfo;
+static uint64_t *reset_psw = 0, save_psw, ipl_continue;
 
-static ResetInfo save;
-
-static void jump_to_IPL_2(void)
+static void jump_to_IPL_addr(void)
 {
-ResetInfo *current = 0;
+__attribute__((noreturn)) void (*ipl)(void) = (void *)ipl_continue;
 
-void (*ipl)(void) = (void *) (uint64_t) current->ipl_continue;
-*current = save;
-ipl(); /* should not return */
+/* Restore reset PSW */
+*reset_psw = save_psw;
+
+ipl();
+/* should not return */
 }
 
 void jump_to_IPL_code(uint64_t address)
@@ -46,15 +43,11 @@ void jump_to_IPL_code(uint64_t address)
  * content of non-BIOS memory after we loaded the guest, so we
  * save the original content and restore it in jump_to_IPL_2.
  */
-ResetInfo *current = 0;
-
-save = *current;
-
-current->ipl_psw = (uint64_t) &jump_to_IPL_2;
-current->ipl_psw |= RESET_PSW_MASK;
-current->ipl_continue = address & PSW_MASK_SHORT_ADDR;
-
-debug_print_int("set IPL addr to", current->ipl_continue);
+save_psw = *reset_psw;
+*reset_psw = (uint64_t) &jump_to_IPL_addr;
+*reset_psw |= RESET_PSW_MASK;
+ipl_continue = address;
+debug_print_int("set IPL addr to", ipl_continue);
 
 /* Ensure the guest output starts fresh */
 sclp_print("\n");
-- 
2.25.1

[PATCH v4 4/4] pc-bios: s390x: Go into disabled wait when encountering a PGM exception

[Janosch Frank]

Let's setup a PGM PSW, so we won't load 0s when a program exception
happens. Instead we'll load a disabled wait PSW.

Signed-off-by: Janosch Frank 
Reviewed-by: Christian Borntraeger 
Reviewed-by: Thomas Huth 
---
 pc-bios/s390-ccw/start.S | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pc-bios/s390-ccw/start.S b/pc-bios/s390-ccw/start.S
index ce519300a1..4d5ad21653 100644
--- a/pc-bios/s390-ccw/start.S
+++ b/pc-bios/s390-ccw/start.S
@@ -34,7 +34,10 @@ remainder:
larl%r2,memsetxc
ex  %r3,0(%r2)
 done:
-   j  main /* And call C */
+/* set up a pgm exception disabled wait psw */
+larl   %r2, disabled_wait_psw
+mvc0x01d0(16), 0(%r2)
+j  main/* And call C */
 
 memsetxc:
xc  0(1,%r1),0(%r1)
-- 
2.25.1

[PATCH v4 3/4] pc-bios: s390x: Use reset PSW if avaliable

[Janosch Frank]

If a blob provides a reset PSW then we should use it instead of
branching to the PSW address and using our own mask.

Signed-off-by: Janosch Frank 
Reviewed-by: Thomas Huth 
---
 pc-bios/s390-ccw/bootmap.c  |  6 --
 pc-bios/s390-ccw/jump2ipl.c | 26 +++---
 pc-bios/s390-ccw/s390-ccw.h |  1 +
 3 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index 8747c4ea26..88bd12d5d7 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -273,7 +273,8 @@ static void run_eckd_boot_script(block_number_t 
bmt_block_nr,
 
 IPL_assert(bms->entry[i].type == BOOT_SCRIPT_EXEC,
"Unknown script entry type");
-jump_to_IPL_code(bms->entry[i].address.load_address); /* no return */
+write_reset_psw(bms->entry[i].address.load_address); /* no return */
+jump_to_IPL_code(0); /* no return */
 }
 
 static void ipl_eckd_cdl(void)
@@ -515,7 +516,8 @@ static void zipl_run(ScsiBlockPtr *pte)
 IPL_assert(entry->component_type == ZIPL_COMP_ENTRY_EXEC, "No EXEC entry");
 
 /* should not return */
-jump_to_IPL_code(entry->compdat.load_psw & PSW_MASK_SHORT_ADDR);
+write_reset_psw(entry->compdat.load_psw);
+jump_to_IPL_code(0);
 }
 
 static void ipl_scsi(void)
diff --git a/pc-bios/s390-ccw/jump2ipl.c b/pc-bios/s390-ccw/jump2ipl.c
index b6aad32def..63afa4a349 100644
--- a/pc-bios/s390-ccw/jump2ipl.c
+++ b/pc-bios/s390-ccw/jump2ipl.c
@@ -12,15 +12,21 @@
 
 #define KERN_IMAGE_START 0x01UL
 #define RESET_PSW_MASK (PSW_MASK_SHORTPSW | PSW_MASK_64)
+#define RESET_PSW ((uint64_t)&jump_to_IPL_addr | RESET_PSW_MASK)
 
 static uint64_t *reset_psw = 0, save_psw, ipl_continue;
 
+void write_reset_psw(uint64_t psw)
+{
+*reset_psw = psw;
+}
+
 static void jump_to_IPL_addr(void)
 {
 __attribute__((noreturn)) void (*ipl)(void) = (void *)ipl_continue;
 
 /* Restore reset PSW */
-*reset_psw = save_psw;
+write_reset_psw(save_psw);
 
 ipl();
 /* should not return */
@@ -43,11 +49,12 @@ void jump_to_IPL_code(uint64_t address)
  * content of non-BIOS memory after we loaded the guest, so we
  * save the original content and restore it in jump_to_IPL_2.
  */
-save_psw = *reset_psw;
-*reset_psw = (uint64_t) &jump_to_IPL_addr;
-*reset_psw |= RESET_PSW_MASK;
-ipl_continue = address;
-debug_print_int("set IPL addr to", ipl_continue);
+if (address) {
+save_psw = *reset_psw;
+write_reset_psw(RESET_PSW);
+ipl_continue = address;
+}
+debug_print_int("set IPL addr to", address ? address : *reset_psw & 
PSW_MASK_SHORT_ADDR);
 
 /* Ensure the guest output starts fresh */
 sclp_print("\n");
@@ -77,7 +84,12 @@ void jump_to_low_kernel(void)
 
 /* Trying to get PSW at zero address */
 if (*((uint64_t *)0) & RESET_PSW_MASK) {
-jump_to_IPL_code((*((uint64_t *)0)) & PSW_MASK_SHORT_ADDR);
+/*
+ * Surely nobody will try running directly from lowcore, so
+ * let's use 0 as an indication that we want to load the reset
+ * psw at 0x0 and not jump to the entry.
+ */
+jump_to_IPL_code(0);
 }
 
 /* No other option left, so use the Linux kernel start address */
diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
index 36b884cced..7090720422 100644
--- a/pc-bios/s390-ccw/s390-ccw.h
+++ b/pc-bios/s390-ccw/s390-ccw.h
@@ -78,6 +78,7 @@ int virtio_read(ulong sector, void *load_addr);
 void zipl_load(void);
 
 /* jump2ipl.c */
+void write_reset_psw(uint64_t psw);
 void jump_to_IPL_code(uint64_t address);
 void jump_to_low_kernel(void);
 
-- 
2.25.1

[PATCH v4 1/4] pc-bios: s390x: Fix bootmap.c zipl component entry data handling

[Janosch Frank]

The two main types of zipl component entries are execute and
load/data. The last member of the component entry struct therefore
denotes either a PSW or an address. Let's make this a bit more clear
by introducing a union and cleaning up the code that uses that struct
member.

The execute type component entries written by zipl contain short PSWs,
not addresses. Let's mask them and only pass the address part to
jump_to_IPL_code(uint64_t address) because it expects an address as
visible by the name of the argument.

Signed-off-by: Janosch Frank 
Reviewed-by: Thomas Huth 
---
 pc-bios/s390-ccw/bootmap.c | 5 +++--
 pc-bios/s390-ccw/bootmap.h | 7 ++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index 97205674e5..8747c4ea26 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -10,6 +10,7 @@
 
 #include "libc.h"
 #include "s390-ccw.h"
+#include "s390-arch.h"
 #include "bootmap.h"
 #include "virtio.h"
 #include "bswap.h"
@@ -436,7 +437,7 @@ static void zipl_load_segment(ComponentEntry *entry)
 char *blk_no = &err_msg[30]; /* where to print blockno in (those ZZs) */
 
 blockno = entry->data.blockno;
-address = entry->load_address;
+address = entry->compdat.load_addr;
 
 debug_print_int("loading segment at block", blockno);
 debug_print_int("addr", address);
@@ -514,7 +515,7 @@ static void zipl_run(ScsiBlockPtr *pte)
 IPL_assert(entry->component_type == ZIPL_COMP_ENTRY_EXEC, "No EXEC entry");
 
 /* should not return */
-jump_to_IPL_code(entry->load_address);
+jump_to_IPL_code(entry->compdat.load_psw & PSW_MASK_SHORT_ADDR);
 }
 
 static void ipl_scsi(void)
diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h
index 12a0166aae..3946aa3f8d 100644
--- a/pc-bios/s390-ccw/bootmap.h
+++ b/pc-bios/s390-ccw/bootmap.h
@@ -64,11 +64,16 @@ typedef struct BootMapTable {
 BootMapPointer entry[];
 } __attribute__ ((packed)) BootMapTable;
 
+typedef union ComponentEntryData {
+uint64_t load_psw;
+uint64_t load_addr;
+} ComponentEntryData;
+
 typedef struct ComponentEntry {
 ScsiBlockPtr data;
 uint8_t pad[7];
 uint8_t component_type;
-uint64_t load_address;
+ComponentEntryData compdat;
 } __attribute((packed)) ComponentEntry;
 
 typedef struct ComponentHeader {
-- 
2.25.1

[PATCH v4 0/4] pc-bios: s390x: Cleanup part 2

[Janosch Frank]

So, here are a few more cleanup patches mostly cleaning up ipl code
and some of the assembly.

The patches are available here:
https://github.com/frankjaa/qemu/pull/new/cleanup_bios2

CI:
https://gitlab.com/frankja/qemu/-/pipelines/198568601

v4:
* Dropped ext/io new PSW patch to speed up review

v3:
* Split PSW save rework again
* Added noreturn annotation
* Minor cleanup

v2:
* Fixed psw saving in use reset psw patch (thanks Jason)
* Dropped a lot of patches which weren't strictly necessary
* Added disabled wait patch
* Added RFC PSW save patch

Janosch Frank (4):
  pc-bios: s390x: Fix bootmap.c zipl component entry data handling
  pc-bios: s390x: Save PSW rework
  pc-bios: s390x: Use reset PSW if avaliable
  pc-bios: s390x: Go into disabled wait when encountering a PGM
exception

 pc-bios/s390-ccw/bootmap.c  |  9 ---
 pc-bios/s390-ccw/bootmap.h  |  7 +-
 pc-bios/s390-ccw/jump2ipl.c | 47 -
 pc-bios/s390-ccw/s390-ccw.h |  1 +
 pc-bios/s390-ccw/start.S|  5 +++-
 5 files changed, 43 insertions(+), 26 deletions(-)

-- 
2.25.1

Re: [RFC PATCH 08/21] contrib/gitdm: Add Mentor Graphics to the domain map

[Alex Bennée]

Jan Kiszka  writes:

> On 05.10.20 22:52, Joseph Myers wrote:
>> On Mon, 5 Oct 2020, Alex Bennée wrote:
>> 
>>> Joseph Myers  writes:
>>>
 On Sun, 4 Oct 2020, Philippe Mathieu-Daudé wrote:

> There is a number of contributors from this domain,
> add its own entry to the gitdm domain map.

 At some point the main branding will be Siemens; not sure how you want to 
 handle that.
>>>
>>> We've already done something similar with WaveComp who have rolled up
>>> the various mips and imgtec contributions into
>>> contrib/gitdm/group-map-wavecomp.
>>>
>>> It's really up to you and which corporate entity would like internet
>>> bragging points. The only Siemens contributor I could find is Jan Kiszka
>>> but he has contributed a fair amount ;-)
>> 
>> Given that the Mentor branding is going away (and the "Mentor Graphics" 
>> version largely has gone away, "Mentor, a Siemens Business" is what's 
>> currently used as a Mentor brand), probably it makes sense to use Siemens 
>> for both codesourcery.com and mentor.com addresses.
>> 
>
> I think the key question is what this map is used for: Is it supposed to
> document the historic status, who was who at the time of contribution?
> Or is its purpose to help identifying the copyright holder of a
> contribution today?

I don't know what others use them for but for me it was just an easy way
to get a survey of the companies and individuals involved over the last
year (2y, 3y, 5y... etc) of development. The consolidation of
contributions isn't overly distorting IMO. The biggest user is probably
the end of year state of the nation surveys wanting to see what impact
various organisations are having on a project and consolidation just
helps push you up the table a little more.

The biggest counter example we have at the moment is RedHat/IBM which
AFAICT is because the RedHat guys are treated as a separate business
unit with their own unique identity.

Either way I don't think it's a major issue - hence it is up to the
hackers to make the choice.

-- 
Alex Bennée

Re: [PATCH 2/2] exec: split out non-softmmu-specific parts

[Philippe Mathieu-Daudé]

On 10/6/20 11:19 AM, Paolo Bonzini wrote:
> Over the years, most parts of exec.c that were not specific to softmmu
> have been moved to accel/tcg; what's left is mostly the low-level part
> of the memory API, which includes RAMBlock and AddressSpaceDispatch.
> However exec.c also hosts 4-500 lines of code for the target specific
> parts of the CPU QOM object, plus a few functions for user-mode
> emulation that do not have a better place (they are not TCG-specific so
> accel/tcg/user-exec.c is not a good place either).
> 
> Move these parts to a new file, so that exec.c can be moved to
> softmmu/physmem.c.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  MAINTAINERS |   4 +-
>  cpu.c   | 452 +++
>  include/exec/cpu-common.h   |   3 +
>  meson.build |   2 +-
>  softmmu/meson.build |   3 +-
>  exec.c => softmmu/physmem.c | 454 +---
>  6 files changed, 467 insertions(+), 451 deletions(-)
>  create mode 100644 cpus.c
>  rename exec.c => softmmu/physmem.c (91%)

I suppose it would be easier to review split in 2 patches,
first extract cpu.c, then move to physmem.c, but it is
now reviewed.

[...]
> diff --git a/exec.c b/softmmu/physmem.c
> similarity index 91%
> rename from exec.c
> rename to softmmu/physmem.c
> index ec68f4a9ca..6acd220f53 100644
> --- a/exec.c
> +++ b/softmmu/physmem.c
> @@ -1,5 +1,5 @@
>  /*
> - *  Virtual page mapping
> + * RAM allocation and memory access
[...]

This comment and the one from softmmu/memory.c are confusing:

  /*
   * Physical memory management
   *
   ...

Otherwise:

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

Re: [PATCH 1/2] softmmu: move more files to softmmu/

[BALATON Zoltan via]

On Tue, 6 Oct 2020, Paolo Bonzini wrote:

Keep most softmmu_ss files into the system-emulation-specific
directory.


The name of this dir may be misleading. I think it originally stood for 
the actual MMU emulation but now it seems everything related to system 
emulation is dumped here. Is it better to keep MMU emulation separate and 
put other files in a "sysemu" dir or rename this dir if it keeps mixing 
MMU emulation and system emulation parts? (I think the MMU emulation is a 
weak part of QEMU regarding performance so it would be better to keep that 
cleanly separated so that it's easier to analyse and optimise it in the 
future, which is more difficult if it's mixed with other parts where it's 
not even clear what constitutes the actual MMU emulation. So I vote for 
keeping it separate.)


Regards,
BALATON Zoltan



Signed-off-by: Paolo Bonzini 
---
meson.build  | 10 --
bootdevice.c => softmmu/bootdevice.c |  0
device_tree.c => softmmu/device_tree.c   |  0
dma-helpers.c => softmmu/dma-helpers.c   |  0
softmmu/meson.build  | 10 ++
qdev-monitor.c => softmmu/qdev-monitor.c |  0
qemu-seccomp.c => softmmu/qemu-seccomp.c |  0
tpm.c => softmmu/tpm.c   |  0
8 files changed, 10 insertions(+), 10 deletions(-)
rename bootdevice.c => softmmu/bootdevice.c (100%)
rename device_tree.c => softmmu/device_tree.c (100%)
rename dma-helpers.c => softmmu/dma-helpers.c (100%)
rename qdev-monitor.c => softmmu/qdev-monitor.c (100%)
rename qemu-seccomp.c => softmmu/qemu-seccomp.c (100%)
rename tpm.c => softmmu/tpm.c (100%)

diff --git a/meson.build b/meson.build
index 17c89c87c6..0e0577e81e 100644
--- a/meson.build
+++ b/meson.build
@@ -1360,17 +1360,7 @@ blockdev_ss.add(files(
# os-win32.c does not
blockdev_ss.add(when: 'CONFIG_POSIX', if_true: files('os-posix.c'))
softmmu_ss.add(when: 'CONFIG_WIN32', if_true: [files('os-win32.c')])
-
softmmu_ss.add_all(blockdev_ss)
-softmmu_ss.add(files(
-  'bootdevice.c',
-  'dma-helpers.c',
-  'qdev-monitor.c',
-), sdl)
-
-softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c'))
-softmmu_ss.add(when: 'CONFIG_SECCOMP', if_true: [files('qemu-seccomp.c'), 
seccomp])
-softmmu_ss.add(when: fdt, if_true: files('device_tree.c'))

common_ss.add(files('cpus-common.c'))

diff --git a/bootdevice.c b/softmmu/bootdevice.c
similarity index 100%
rename from bootdevice.c
rename to softmmu/bootdevice.c
diff --git a/device_tree.c b/softmmu/device_tree.c
similarity index 100%
rename from device_tree.c
rename to softmmu/device_tree.c
diff --git a/dma-helpers.c b/softmmu/dma-helpers.c
similarity index 100%
rename from dma-helpers.c
rename to softmmu/dma-helpers.c
diff --git a/softmmu/meson.build b/softmmu/meson.build
index 36c96e7b15..862ab24878 100644
--- a/softmmu/meson.build
+++ b/softmmu/meson.build
@@ -14,3 +14,13 @@ specific_ss.add(when: 'CONFIG_SOFTMMU', if_true: [files(
specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TCG'], if_true: [files(
  'icount.c'
)])
+
+softmmu_ss.add(files(
+  'bootdevice.c',
+  'dma-helpers.c',
+  'qdev-monitor.c',
+), sdl)
+
+softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c'))
+softmmu_ss.add(when: 'CONFIG_SECCOMP', if_true: [files('qemu-seccomp.c'), 
seccomp])
+softmmu_ss.add(when: fdt, if_true: files('device_tree.c'))
diff --git a/qdev-monitor.c b/softmmu/qdev-monitor.c
similarity index 100%
rename from qdev-monitor.c
rename to softmmu/qdev-monitor.c
diff --git a/qemu-seccomp.c b/softmmu/qemu-seccomp.c
similarity index 100%
rename from qemu-seccomp.c
rename to softmmu/qemu-seccomp.c
diff --git a/tpm.c b/softmmu/tpm.c
similarity index 100%
rename from tpm.c
rename to softmmu/tpm.c

Re: [PATCH] vhost-user: add separate memslot counter for vhost-user

[Igor Mammedov]

On Mon, 28 Sep 2020 21:17:31 +0800
Jiajun Chen  wrote:

> Used_memslots is equal to dev->mem->nregions now, it is true for
> vhost kernel, but not for vhost user, which uses the memory regions
> that have file descriptor. In fact, not all of the memory regions
> have file descriptor.
> It is usefully in some scenarios, e.g. used_memslots is 8, and only
> 5 memory slots can be used by vhost user, it is failed to hot plug
> a new memory RAM because vhost_has_free_slot just returned false,
> but we can hot plug it safely in fact.

I had an impression that all guest RAM has to be shared with vhost,
so combination of anon and fd based RAM couldn't work.
Am I wrong?

> 
> --
> ChangeList:
> v3:
> -make used_memslots a member of struct vhost_dev instead of a global static 
> value
it's global resource, so why?

> 
> v2:
> -eliminating useless used_memslots_exceeded variable and 
> used_memslots_is_exceeded() API
> 
> v1:
> -vhost-user: add separate memslot counter for vhost-user
> 
> Signed-off-by: Jiajun Chen 
> Signed-off-by: Jianjay Zhou 
> ---
>  hw/virtio/vhost-backend.c | 12 ++
>  hw/virtio/vhost-user.c| 25 +
>  hw/virtio/vhost.c | 37 +++
>  include/hw/virtio/vhost-backend.h |  5 +
>  include/hw/virtio/vhost.h |  1 +
>  net/vhost-user.c  |  7 ++
>  6 files changed, 78 insertions(+), 9 deletions(-)
> 
> diff --git a/hw/virtio/vhost-backend.c b/hw/virtio/vhost-backend.c
> index 782b1d67d9..7016f23ec5 100644
> --- a/hw/virtio/vhost-backend.c
> +++ b/hw/virtio/vhost-backend.c
> @@ -238,6 +238,16 @@ static void vhost_kernel_set_iotlb_callback(struct 
> vhost_dev *dev,
>  qemu_set_fd_handler((uintptr_t)dev->opaque, NULL, NULL, NULL);
>  }
>  
> +static void vhost_kernel_set_used_memslots(struct vhost_dev *dev)
> +{
> +dev->used_memslots = dev->mem->nregions;
> +}
> +
> +static unsigned int vhost_kernel_get_used_memslots(struct vhost_dev *dev)
> +{
> +return dev->used_memslots;
> +}
> +
>  static const VhostOps kernel_ops = {
>  .backend_type = VHOST_BACKEND_TYPE_KERNEL,
>  .vhost_backend_init = vhost_kernel_init,
> @@ -269,6 +279,8 @@ static const VhostOps kernel_ops = {
>  #endif /* CONFIG_VHOST_VSOCK */
>  .vhost_set_iotlb_callback = vhost_kernel_set_iotlb_callback,
>  .vhost_send_device_iotlb_msg = vhost_kernel_send_device_iotlb_msg,
> +.vhost_set_used_memslots = vhost_kernel_set_used_memslots,
> +.vhost_get_used_memslots = vhost_kernel_get_used_memslots,
>  };
>  #endif
>  
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 31231218dc..5dea64d8a8 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -2354,6 +2354,29 @@ void vhost_user_cleanup(VhostUserState *user)
>  user->chr = NULL;
>  }
>  
> +static void vhost_user_set_used_memslots(struct vhost_dev *dev)
> +{
> +int i;
> +dev->used_memslots = 0;
> +
> +for (i = 0; i < dev->mem->nregions; ++i) {
> +struct vhost_memory_region *reg = dev->mem->regions + i;
> +ram_addr_t offset;
> +MemoryRegion *mr;
> +int fd;
> +
> +mr = vhost_user_get_mr_data(reg->userspace_addr, &offset, &fd);
> +if (mr && fd > 0) {
> +dev->used_memslots++;
> +}
> +}
> +}
> +
> +static unsigned int vhost_user_get_used_memslots(struct vhost_dev *dev)
> +{
> +return dev->used_memslots;
> +}
> +
>  const VhostOps user_ops = {
>  .backend_type = VHOST_BACKEND_TYPE_USER,
>  .vhost_backend_init = vhost_user_backend_init,
> @@ -2387,4 +2410,6 @@ const VhostOps user_ops = {
>  .vhost_backend_mem_section_filter = vhost_user_mem_section_filter,
>  .vhost_get_inflight_fd = vhost_user_get_inflight_fd,
>  .vhost_set_inflight_fd = vhost_user_set_inflight_fd,
> +.vhost_set_used_memslots = vhost_user_set_used_memslots,
> +.vhost_get_used_memslots = vhost_user_get_used_memslots,
>  };
> diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> index 1a1384e7a6..98b967669b 100644
> --- a/hw/virtio/vhost.c
> +++ b/hw/virtio/vhost.c
> @@ -45,20 +45,20 @@
>  static struct vhost_log *vhost_log;
>  static struct vhost_log *vhost_log_shm;
>  
> -static unsigned int used_memslots;
>  static QLIST_HEAD(, vhost_dev) vhost_devices =
>  QLIST_HEAD_INITIALIZER(vhost_devices);
>  
>  bool vhost_has_free_slot(void)
>  {
> -unsigned int slots_limit = ~0U;
>  struct vhost_dev *hdev;
>  
>  QLIST_FOREACH(hdev, &vhost_devices, entry) {
> -unsigned int r = hdev->vhost_ops->vhost_backend_memslots_limit(hdev);
> -slots_limit = MIN(slots_limit, r);
> +if (hdev->vhost_ops->vhost_get_used_memslots(hdev) >=
> +hdev->vhost_ops->vhost_backend_memslots_limit(hdev)) {
> +return false;
> +}
>  }
> -return slots_limit > used_memslots;
> +return true;
>  }
>  
>  static void vhost_dev_sync_r

Re: [RFC PATCH 1/3] qom: Always register FW_CFG_DATA_GENERATOR_INTERFACE

[Philippe Mathieu-Daudé]

On 10/5/20 3:22 PM, Daniel P. Berrangé wrote:
> On Mon, Oct 05, 2020 at 12:54:40PM +0200, Philippe Mathieu-Daudé wrote:
>> While the FW_CFG_DATA_GENERATOR_INTERFACE is only consumed
>> by a device only available using system-mode (fw_cfg), it is
>> implemented by a crypto component (tls-cipher-suites) which
>> is always available when crypto is used.
>>
>> Commit 69699f3055 introduced the following error in the
>> qemu-storage-daemon binary:
>>
>>   $ echo -e \
>> '{"execute": "qmp_capabilities"}\r\n{"execute": 
>> "qom-list-types"}\r\n{"execute": "quit"}\r\n' \
>> | storage-daemon/qemu-storage-daemon --chardev stdio,id=qmp0  --monitor 
>> qmp0
>>   {"QMP": {"version": {"qemu": {"micro": 50, "minor": 1, "major": 5}, 
>> "package": ""}, "capabilities": ["oob"]}}
>>   {"return": {}}
>>   missing interface 'fw_cfg-data-generator' for object 'tls-creds'
>>   Aborted (core dumped)
>>
>> Since QOM dependencies are resolved at runtime, this issue
>> could not be triggered at linktime, and we don't have test
>> running the qemu-storage-daemon binary.
>>
>> Fix by always registering the QOM interface.
>>
>> Reported-by: Kevin Wolf 
>> Fixes: 69699f3055 ("crypto/tls-cipher-suites: Produce fw_cfg consumable 
>> blob")
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>> I first used:
>>
>> +if config_host.has_key('CONFIG_GNUTLS') or have_system
>> +  qom_ss.add(files('fw_cfg_interface.c'))
>> +endif
>>
>> but then realized anything could implement a QOM interface,
>> so better keep this generic.
>> ---
>>  hw/nvram/fw_cfg.c  |  7 ---
>>  qom/fw_cfg_interface.c | 15 +++
> 
> I feel this should be left in hw/nvram, but still added to qom_ss.
> 
> The code location should reflect the functional area and maintainership,
> so we shouldn't move code just to satisfy linkage problems.

I thought Meson would conditionally include subdir() meson.build
like the Makefile based previous buildsys, but I was wrong, all
subdir are processed.
I'll respin with your suggestion, thanks.

Phil.

Re: QEMU API cleanup initiative - Let's chat during the KVM call

[Daniel P . Berrangé]

On Mon, Oct 05, 2020 at 10:52:41AM -0400, John Snow wrote:
> - Markus considers the platonic ideal of a CLI one in which each flag is a
> configuration directive, and each directive that references another
> directive must appear after the directive in which it references.

In this view you would be creating resources in the order in which they
appear in the understanding that the mgmt app knows what dependancies
it placed between cli options. ie it knows that it wants "-object secret"
created before "-chardev foo", because the chardev depends on the secret
to exist.

Despite the fact that QEMU does not correctly honour the CLI arg order
today, libvirt will place arguments in the order in which they must be
created already. IOW, we know the order they appear in the CLI or
configuration will always work correctly, as long as QEMU honours it.

QEMU has had todo various hacks to deal with the fact that it doesn't
honour ordering, such as creating different -object types at different
stages in startup. This is a really horrible part of QEMU that constantly
causes us pain.

> - I tend to consider the ideal configuration to be a static object that has
> no inherent order from one key to the next, e.g. a JSON object or static
> flat file that can be used to configure the sysemu.

If you treat the configuration as un-ordered, then QEMU needs to be
intelligent enough to figure out the correct order to create all the
resources in. This requires some pieces of code to have a complete
view of all configuration, and know which attrs express dependencies.
It then has to be able to traverse the configuration in the correct
topological sorted order to create things.

Anything is possible, but from where QEMU is starting right now this
feels like a massive task to put in front of ourselves. We basically
have to solve the entire global configuration problem in order to get
this working as you can only do the topological sorting if you can see
the full picture.

The concern I have is that it also injects an element of non-determinism
into the startup procedure that can make things painful to debug. eg there
are theoretically many possible sort orders that are correct for creation,
but if things have unexpected side-effects during creation, these different
orders will not be strictly equivalent in reality.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: QEMU API cleanup initiative - Let's chat during the KVM call

[Paolo Bonzini]

On 06/10/20 11:40, Daniel P. Berrangé wrote:
>> Currently we have:
>>
>> switch (...) {
>> case QEMU_OPT_...:
>> /* something has side effects, something is just parsing */
>> }
>>
>> init1();
>> qemu_opts_foreach(something_opts, configure_something);
>> init2();
>> qemu_opts_foreach(some_more_opts, configure_some_more);
>> init3();
>>
>> enter_preconfig();
>>
>> We should first of all change it to
>>
>> parse_command_line() {
>> apply_simple_options()l
>> qemu_opts_foreach(something_opts, configure_something);
>> qemu_opts_foreach(some_more_opts, configure_some_more);
>> }
>>
>> switch (...) {
>> case QEMU_OPT_...:
>> /* no side effects on the initN() calls below */
>> }
>>
>> init1();
>> init2();
>> init3();
>>
>> parse_command_line()
>>
>> enter_preconfig();
>>
>> more_init_that_needs_side_effects();
>>
>> This way, the parse_command_line() and its qemu_opts_foreach callbacks
>> can become changed into a series of qmp_*() commands.  The commands can
>> be called within the appropriate loc_push() though.
> 
> I feel that both of these approaches are equally broken, as they don't
> honour the order in which arguments are passed by the caller when
> creating resources.

By design, in that I'm only looking at a backwards-compatible approach.

But once you have reached the second step, you can add QMP commands for
each command-line option (that matters), and configure the VM via QMP
commands.  That _will_ honor the order in which commands are executed by
the caller, obviously.

> I'm not convinced that your proposed change takes us in direction, if
> anything it is encoding the current split of parsing vs creation even
> more strongly.

Yes, but it enables the right way too.  Doing things in steps is the
only way to do them.

Paolo

Re: [PATCH 1/2] softmmu: move more files to softmmu/

[Paolo Bonzini]

On 06/10/20 11:43, BALATON Zoltan wrote:
> 
> The name of this dir may be misleading. I think it originally stood
> for the actual MMU emulation but now it seems everything related to
> system emulation is dumped here. Is it better to keep MMU emulation
> separate and put other files in a "sysemu" dir or rename this dir if
> it keeps mixing MMU emulation and system emulation parts? (I think
> the MMU emulation is a weak part of QEMU regarding performance so it
> would be better to keep that cleanly separated so that it's easier to
> analyse and optimise it in the future, which is more difficult if
> it's mixed with other parts where it's not even clear what
> constitutes the actual MMU emulation. So I vote for keeping it
> separate.)

I agree that softmmu/ should have been called sysemu/.  But I think it's
unnecessary churn to do that now.

Paolo

Re: Emulate Rpi with QEMU fails

[Alex Bennée]

Thomas Schneider <74cmo...@gmail.com> writes:

> Hello Paul,
>
> many thanks for sharing this info.
>
> Can you confirm that the emulated RPi with your command will use 
> "internal QEMU" network, means the client cannot be accessed from any 
> other device in LAN?

The support for user-mode and TAP networking is orthogonal to the
emulated device. However if you only want a few ports it's quite easy to
use port forwarding, e.g:

  -netdev user,id=unet,hostfwd=tcp::-:22

which forwards  to port 22 on the device. I have an alias in
.ssh/config for accessing my QEMU devices.

> If yes, what is required to setup a TAP connected to host's network
> bridge?

I'll defer to others for this but generally when I want proper bridged
networking for a VM I use virt-manager/libvirt to configure it because
it can be quite fiddly to do by hand.

-- 
Alex Bennée

[PATCH] virtiofsd: avoid /proc/self/fd tempdir

[Stefan Hajnoczi]

In order to prevent /proc/self/fd escapes a temporary directory is
created where /proc/self/fd is bind-mounted. This doesn't work on
read-only file systems.

Avoid the temporary directory by bind-mounting /proc/self/fd over /proc.
This does not affect other processes since we remounted / with MS_REC |
MS_SLAVE. /proc must exist and virtiofsd does not use it so it's safe to
do this.

Path traversal can be tested with the following function:

  static void test_proc_fd_escape(struct lo_data *lo)
  {
  int fd;
  int level = 0;
  ino_t last_ino = 0;

  fd = lo->proc_self_fd;
  for (;;) {
  struct stat st;

  if (fstat(fd, &st) != 0) {
  perror("fstat");
  return;
  }
  if (last_ino && st.st_ino == last_ino) {
  fprintf(stderr, "inode number unchanged, stopping\n");
  return;
  }
  last_ino = st.st_ino;

  fprintf(stderr, "Level %d dev %lu ino %lu\n", level,
  (unsigned long)st.st_dev,
  (unsigned long)last_ino);
  fd = openat(fd, "..", O_PATH | O_DIRECTORY | O_NOFOLLOW);
  level++;
  }
  }

Before and after this patch only Level 0 is displayed. Without
/proc/self/fd bind-mount protection it is possible to traverse parent
directories.

Fixes: 397ae982f4df4 ("virtiofsd: jail lo->proc_self_fd")
Cc: Miklos Szeredi 
Cc: Jens Freimann 
Signed-off-by: Stefan Hajnoczi 
---
 tools/virtiofsd/passthrough_ll.c | 34 +++-
 1 file changed, 11 insertions(+), 23 deletions(-)

diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 0b229ebd57..6ae7ffcdd7 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2393,8 +2393,6 @@ static void setup_wait_parent_capabilities(void)
 static void setup_namespaces(struct lo_data *lo, struct fuse_session *se)
 {
 pid_t child;
-char template[] = "virtiofsd-XX";
-char *tmpdir;
 
 /*
  * Create a new pid namespace for *child* processes.  We'll have to
@@ -2458,33 +2456,23 @@ static void setup_namespaces(struct lo_data *lo, struct 
fuse_session *se)
 exit(1);
 }
 
-tmpdir = mkdtemp(template);
-if (!tmpdir) {
-fuse_log(FUSE_LOG_ERR, "tmpdir(%s): %m\n", template);
+/*
+ * We only need /proc/self/fd. Prevent ".." from accessing parent
+ * directories of /proc/self/fd by bind-mounting it over /proc. Since / was
+ * previously remounted with MS_REC | MS_SLAVE this mount change only
+ * affects our process.
+ */
+if (mount("/proc/self/fd", "/proc", NULL, MS_BIND, NULL) < 0) {
+fuse_log(FUSE_LOG_ERR, "mount(/proc/self/fd, MS_BIND): %m\n");
 exit(1);
 }
 
-if (mount("/proc/self/fd", tmpdir, NULL, MS_BIND, NULL) < 0) {
-fuse_log(FUSE_LOG_ERR, "mount(/proc/self/fd, %s, MS_BIND): %m\n",
- tmpdir);
-exit(1);
-}
-
-/* Now we can get our /proc/self/fd directory file descriptor */
-lo->proc_self_fd = open(tmpdir, O_PATH);
+/* Get the /proc (actually /proc/self/fd, see above) file descriptor */
+lo->proc_self_fd = open("/proc", O_PATH);
 if (lo->proc_self_fd == -1) {
-fuse_log(FUSE_LOG_ERR, "open(%s, O_PATH): %m\n", tmpdir);
+fuse_log(FUSE_LOG_ERR, "open(/proc, O_PATH): %m\n");
 exit(1);
 }
-
-if (umount2(tmpdir, MNT_DETACH) < 0) {
-fuse_log(FUSE_LOG_ERR, "umount2(%s, MNT_DETACH): %m\n", tmpdir);
-exit(1);
-}
-
-if (rmdir(tmpdir) < 0) {
-fuse_log(FUSE_LOG_ERR, "rmdir(%s): %m\n", tmpdir);
-}
 }
 
 /*
-- 
2.26.2

Re: [PATCH] vhost: Ignore vrings in dirty log when using a vIOMMU

[Greg Kurz]

On Mon, 5 Oct 2020 10:18:03 -0400
"Michael S. Tsirkin"  wrote:

> On Mon, Sep 28, 2020 at 09:37:18AM +0200, Greg Kurz wrote:
> > On Mon, 28 Sep 2020 16:23:43 +1000
> > David Gibson  wrote:
> > 
> > > On Fri, Sep 25, 2020 at 07:29:43PM +0200, Greg Kurz wrote:
> > > > When a vIOMMU is present, any address comming from the guest is an IO
> > > > virtual address, including those of the vrings. The backend's accesses
> > > > to the vrings happen through vIOMMU translation : the backend hence
> > > > only logs the final guest physical address, not the IO virtual one.
> > > > It thus doesn't make sense to make room for the vring addresses in the
> > > > dirty log in this case.
> > > > 
> > > > This fixes a crash of the source when migrating a guest using in-kernel
> > > > vhost-net and iommu_platform=on on POWER, because DMA regions are put
> > > > at very high addresses and the resulting log size is likely to cause
> > > > g_malloc0() to abort.
> > > > 
> > > > BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1879349
> > > > Signed-off-by: Greg Kurz 
> > > 
> > > I'm a little confused as to what's going on here.  Obviously
> > > allocating dirty bitmaps in IOVA space doesn't make much sense.
> > > But.. in all cases isn't the ring ending up in guest memory, whether
> > > translated or not.  So why do specific addresses of the ring make a
> > > difference in *any* case.
> > > 
> > 
> > I admit I'm a bit surprised as well... I can't think of a scenario
> > where the address of the used ring would be higher than the guest
> > memory... Maybe MST can shed some light here ?
> 
> So the original idea was that vring itself is specified in
> terms of HVA as opposed to rest of stuff which is specified
> in terms of GPA.

The vring itself is indeed described in term of HVA (vq->used) but
when it comes to the dirty log, QEMU passes the GPA of the used
structure to the vhost backend:

From vhost_virtqueue_set_addr():

addr.log_guest_addr = vq->used_phys;
  ^^ GPA ^^
addr.flags = enable_log ? (1 << VHOST_VRING_F_LOG) : 0;
r = dev->vhost_ops->vhost_set_vring_addr(dev, &addr);

And the sizing of the bitmap computed in vhost_get_log_size() is
also based on this GPA:

for (i = 0; i < dev->nvqs; ++i) {
struct vhost_virtqueue *vq = dev->vqs + i;

if (!vq->used_phys && !vq->used_size) {
continue;
}

uint64_t last = vq->used_phys + vq->used_size - 1;
^^ GPA ^^
log_size = MAX(log_size, last / VHOST_LOG_CHUNK + 1);
}

With platform_iommu=off, I couldn't find a case where this second
loop in vhost_get_log_size() increases the log size actually... and
when platform_iommu=on, vq->used_phys is a GIOVA that my other patches
you've already merged in the kernel explicitly ignore when it comes to
the dirty log... So it really seems that this loop is useless for the
general case. If it is there to address some corner case, I guess it
deserves a comment at the very least.

Cheers,

--
Greg

> This way we wanted to support e.g. migration by vhost writing into
> qemu address space, qemu copying data to guest memory.
> 
> 
> 
> 
> > > > ---
> > > >  hw/virtio/vhost.c |   38 --
> > > >  1 file changed, 24 insertions(+), 14 deletions(-)
> > > > 
> > > > diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> > > > index 1a1384e7a642..0b83d6b8e65e 100644
> > > > --- a/hw/virtio/vhost.c
> > > > +++ b/hw/virtio/vhost.c
> > > > @@ -106,6 +106,20 @@ static void vhost_dev_sync_region(struct vhost_dev 
> > > > *dev,
> > > >  }
> > > >  }
> > > >  
> > > > +static int vhost_dev_has_iommu(struct vhost_dev *dev)
> > > > +{
> > > > +VirtIODevice *vdev = dev->vdev;
> > > > +
> > > > +/*
> > > > + * For vhost, VIRTIO_F_IOMMU_PLATFORM means the backend support
> > > > + * incremental memory mapping API via IOTLB API. For platform that
> > > > + * does not have IOMMU, there's no need to enable this feature
> > > > + * which may cause unnecessary IOTLB miss/update trnasactions.
> > > > + */
> > > > +return vdev->dma_as != &address_space_memory &&
> > > > +   virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
> > > > +}
> > > > +
> > > >  static int vhost_sync_dirty_bitmap(struct vhost_dev *dev,
> > > > MemoryRegionSection *section,
> > > > hwaddr first,
> > > > @@ -130,6 +144,11 @@ static int vhost_sync_dirty_bitmap(struct 
> > > > vhost_dev *dev,
> > > >range_get_last(reg->guest_phys_addr,
> > > >   reg->memory_size));
> > > >  }
> > > > +
> > > > +if (vhost_dev_has_iommu(dev)) {
> > > > +return 0;
> > > > +}
> > > > +
> > > >  for (i = 0; i < dev->nvqs; ++i) {
> > > >  struct vhost_virtqueue *vq = dev->vqs + i;
> > > >  
> > > > @@ -172,6 +191,11 @@ static uint64_t vhost_get_l

Re: [PATCH 1/2] softmmu: move more files to softmmu/

[Philippe Mathieu-Daudé]

On 10/6/20 11:54 AM, Paolo Bonzini wrote:
> On 06/10/20 11:43, BALATON Zoltan wrote:
>>
>> The name of this dir may be misleading. I think it originally stood
>> for the actual MMU emulation but now it seems everything related to
>> system emulation is dumped here. Is it better to keep MMU emulation
>> separate and put other files in a "sysemu" dir or rename this dir if
>> it keeps mixing MMU emulation and system emulation parts? (I think
>> the MMU emulation is a weak part of QEMU regarding performance so it
>> would be better to keep that cleanly separated so that it's easier to
>> analyse and optimise it in the future, which is more difficult if
>> it's mixed with other parts where it's not even clear what
>> constitutes the actual MMU emulation. So I vote for keeping it
>> separate.)
> 
> I agree that softmmu/ should have been called sysemu/.  But I think it's
> unnecessary churn to do that now.

It is not necessary, but there are so many files moved around recently
so it is not a bad time to clarify it neither :)

OTOH yes many files have been moved around recently, so we might wait
for the next release before attacking this cleanup.

> 
> Paolo
> 
> 

Re: [RFC 1/1] tools/virtiofsd: create temporary directory in /tmp

[Stefan Hajnoczi]

On Thu, Oct 01, 2020 at 08:15:19AM +0200, Jens Freimann wrote:
> mkdtemp() will try to create a current directory in the working
> directory of the process. In this case it's trying to create it in /.
> This is a problem when the process doesn't have write access there.
> 
> This patch changes the template string and prepends "/tmp" which is
> typically writable.
> 
> Signed-off-by: Jens Freimann 
> ---
>  tools/virtiofsd/passthrough_ll.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/virtiofsd/passthrough_ll.c 
> b/tools/virtiofsd/passthrough_ll.c
> index 0b229ebd57..f79bcce0d7 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -2393,7 +2393,7 @@ static void setup_wait_parent_capabilities(void)
>  static void setup_namespaces(struct lo_data *lo, struct fuse_session *se)
>  {
>  pid_t child;
> -char template[] = "virtiofsd-XX";
> +char template[] = "/tmp/virtiofsd-XX";

Hi Jens,
Let's get rid of the temporary directory completely. I have sent a patch
that bind-mounts /proc/self/fd on top of /proc (which we don't need
anymore).

Stefan


signature.asc
Description: PGP signature

Re: [PATCH v2 4/9] microvm: add usb support

[Igor Mammedov]

On Thu,  1 Oct 2020 10:28:29 +0200
Gerd Hoffmann  wrote:

> Wire up "usb=on" machine option, when enabled add
> a sysbus xhci controller with 8 ports.

first pci, and now usb - not so micro anymore.

why not just reuse pci to add usb controller?
what/how much do we win avoiding PCI?

> 
> Signed-off-by: Gerd Hoffmann 
> ---
>  include/hw/i386/microvm.h |  5 -
>  hw/i386/acpi-microvm.c|  9 +
>  hw/i386/microvm.c | 13 +
>  3 files changed, 26 insertions(+), 1 deletion(-)
> 
> diff --git a/include/hw/i386/microvm.h b/include/hw/i386/microvm.h
> index 91b064575d55..0fc21600 100644
> --- a/include/hw/i386/microvm.h
> +++ b/include/hw/i386/microvm.h
> @@ -41,7 +41,7 @@
>   *   7 |  parallel  |
>   *   8 |  rtc   | rtc (rtc=on)
>   *   9 |  acpi  | acpi (ged)
> - *  10 |  pci lnk   |
> + *  10 |  pci lnk   | xhci (usb=on)
>   *  11 |  pci lnk   |
>   *  12 |  ps2   | pcie
>   *  13 |  fpu   | pcie
> @@ -60,6 +60,9 @@
>  #define GED_MMIO_BASE_REGS(GED_MMIO_BASE + 0x200)
>  #define GED_MMIO_IRQ  9
>  
> +#define MICROVM_XHCI_BASE 0xfe90
> +#define MICROVM_XHCI_IRQ  10
> +
>  #define PCIE_MMIO_BASE0xc000
>  #define PCIE_MMIO_SIZE0x2000
>  #define PCIE_ECAM_BASE0xe000
> diff --git a/hw/i386/acpi-microvm.c b/hw/i386/acpi-microvm.c
> index f16f2311955c..7e8a6894ba26 100644
> --- a/hw/i386/acpi-microvm.c
> +++ b/hw/i386/acpi-microvm.c
> @@ -35,6 +35,7 @@
>  #include "hw/i386/microvm.h"
>  #include "hw/pci/pci.h"
>  #include "hw/pci/pcie_host.h"
> +#include "hw/usb/xhci.h"
>  #include "hw/virtio/virtio-mmio.h"
>  
>  #include "acpi-common.h"
> @@ -89,6 +90,13 @@ static void acpi_dsdt_add_virtio(Aml *scope,
>  }
>  }
>  
> +static void acpi_dsdt_add_xhci(Aml *scope, MicrovmMachineState *mms)
> +{
> +if (machine_usb(MACHINE(mms))) {
> +xhci_sysbus_build_aml(scope, MICROVM_XHCI_BASE, MICROVM_XHCI_IRQ);
> +}
> +}
> +
>  static void acpi_dsdt_add_pci(Aml *scope, MicrovmMachineState *mms)
>  {
>  if (mms->pcie != ON_OFF_AUTO_ON) {
> @@ -123,6 +131,7 @@ build_dsdt_microvm(GArray *table_data, BIOSLinker *linker,
>GED_MMIO_IRQ, AML_SYSTEM_MEMORY, GED_MMIO_BASE);
>  acpi_dsdt_add_power_button(sb_scope);
>  acpi_dsdt_add_virtio(sb_scope, mms);
> +acpi_dsdt_add_xhci(sb_scope, mms);
>  acpi_dsdt_add_pci(sb_scope, mms);
>  aml_append(dsdt, sb_scope);
>  
> diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
> index 17e3f2f15265..0f61fc61ca44 100644
> --- a/hw/i386/microvm.c
> +++ b/hw/i386/microvm.c
> @@ -47,6 +47,7 @@
>  #include "hw/acpi/acpi.h"
>  #include "hw/acpi/generic_event_device.h"
>  #include "hw/pci-host/gpex.h"
> +#include "hw/usb/xhci.h"
>  
>  #include "cpu.h"
>  #include "elf.h"
> @@ -197,6 +198,18 @@ static void microvm_devices_init(MicrovmMachineState 
> *mms)
>  x86ms->acpi_dev = HOTPLUG_HANDLER(dev);
>  }
>  
> +if (x86_machine_is_acpi_enabled(x86ms) && machine_usb(MACHINE(mms))) {
> +DeviceState *dev = qdev_new(TYPE_XHCI_SYSBUS);
> +qdev_prop_set_uint32(dev, "intrs", 1);
> +qdev_prop_set_uint32(dev, "slots", XHCI_MAXSLOTS);
> +qdev_prop_set_uint32(dev, "p2", 8);
> +qdev_prop_set_uint32(dev, "p3", 8);
> +sysbus_realize(SYS_BUS_DEVICE(dev), &error_fatal);
> +sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, MICROVM_XHCI_BASE);
> +sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0,
> +   x86ms->gsi[MICROVM_XHCI_IRQ]);
> +}
> +
>  if (x86_machine_is_acpi_enabled(x86ms) && mms->pcie == ON_OFF_AUTO_ON) {
>  /* use topmost 25% of the address space available */
>  hwaddr phys_size = (hwaddr)1 << X86_CPU(first_cpu)->phys_bits;

Re: [PATCH v2] hw/arm: Restrict APEI tables generation to the 'virt' machine

[Igor Mammedov]

On Thu,  1 Oct 2020 18:22:07 +0200
Philippe Mathieu-Daudé  wrote:

> While APEI is a generic ACPI feature (usable by X86 and ARM64), only
> the 'virt' machine uses it, by enabling the RAS Virtualization. See
> commit 2afa8c8519: "hw/arm/virt: Introduce a RAS machine option").
> 
> Restrict the APEI tables generation code to the single user: the virt
> machine. If another machine wants to use it, it simply has to 'select
> ACPI_APEI' in its Kconfig.
> 
> Fixes: aa16508f1d ("ACPI: Build related register address fields via hardware 
> error fw_cfg blob")
> Acked-by: Michael S. Tsirkin 
> Reviewed-by: Dongjiu Geng 
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Igor Mammedov 

> ---
> v2: Reworded
> 
> Cc: Laszlo Ersek 
> Cc: Xiang Zheng 
> Cc: Jonathan Cameron 
> Cc: Igor Mammedov 
> ---
>  default-configs/arm-softmmu.mak | 1 -
>  hw/arm/Kconfig  | 1 +
>  2 files changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
> index 9a94ebd0be..08a32123b4 100644
> --- a/default-configs/arm-softmmu.mak
> +++ b/default-configs/arm-softmmu.mak
> @@ -43,4 +43,3 @@ CONFIG_FSL_IMX7=y
>  CONFIG_FSL_IMX6UL=y
>  CONFIG_SEMIHOSTING=y
>  CONFIG_ALLWINNER_H3=y
> -CONFIG_ACPI_APEI=y
> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> index f303c6bead..7d040827af 100644
> --- a/hw/arm/Kconfig
> +++ b/hw/arm/Kconfig
> @@ -26,6 +26,7 @@ config ARM_VIRT
>  select ACPI_MEMORY_HOTPLUG
>  select ACPI_HW_REDUCED
>  select ACPI_NVDIMM
> +select ACPI_APEI
>  
>  config CHEETAH
>  bool

[Bug 1880066] Re: Microphone input dies in guest when switching evdev input

[Chris]

** Also affects: qemu (Fedora)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1880066

Title:
  Microphone input dies in guest when switching evdev input

Status in QEMU:
  New
Status in qemu package in Fedora:
  New

Bug description:
  justin@justin-3900x:~$ lsb_release -a
  No LSB modules are available.
  Distributor ID:   Ubuntu
  Description:  Ubuntu 20.04 LTS
  Release:  20.04
  Codename: focal


  justin@justin-3900x:~$ apt list --installed | egrep '*qemu*|*kvm*'

  WARNING: apt does not have a stable CLI interface. Use with caution in
  scripts.

  ipxe-qemu-256k-compat-efi-roms/focal,focal,now 
1.0.0+git-20150424.a25a16d-0ubuntu4 all [installed,automatic]
  ipxe-qemu/focal,focal,now 1.0.0+git-20190109.133f4c4-0ubuntu3 all 
[installed,automatic]
  libvirt-daemon-driver-qemu/focal,now 6.0.0-0ubuntu8 amd64 
[installed,automatic]
  qemu-block-extra/focal-updates,focal-security,now 1:4.2-3ubuntu6.1 amd64 
[installed,automatic]
  qemu-kvm/focal-updates,focal-security,now 1:4.2-3ubuntu6.1 amd64 [installed]
  qemu-system-common/focal-updates,focal-security,now 1:4.2-3ubuntu6.1 amd64 
[installed,automatic]
  
qemu-system-data/focal-updates,focal-updates,focal-security,focal-security,now 
1:4.2-3ubuntu6.1 all [installed,automatic]
  qemu-system-gui/focal-updates,focal-security,now 1:4.2-3ubuntu6.1 amd64 
[installed,automatic]
  qemu-system-x86/focal-updates,focal-security,now 1:4.2-3ubuntu6.1 amd64 
[installed]
  qemu-utils/focal-updates,focal-security,now 1:4.2-3ubuntu6.1 amd64 
[installed,automatic]
  qemu/focal-updates,focal-security,now 1:4.2-3ubuntu6.1 amd64 [installed]
  justin@justin-3900x:~$ 

  This did not happen in Eoan (qemu 4.0.0). I was able to switch in/out
  of a VM with my audio coming through fine. I enabled Eoan in my
  sources.list, downgraded all my qemu packages, and the issue was
  resolved.

  This happens on the latest Windows 10 guest when a sound device is
  listening for the microphone.

  /var/log/libvirt/qemu/.log spews this error out when I switch
  with evdev (which is just the keyboard and mouse, the audio is passed
  through I assume spice):

  
  audio: live=228193 hw->conv_buf->size=1920
  A bug was just triggered in audio_get_avail
  Context:
  audio: live=228675 sw->hw->conv_buf->size=1920
  A bug was just triggered in audio_pcm_hw_get_live_in
  Context:
  audio: live=228675 hw->conv_buf->size=1920
  A bug was just triggered in audio_get_avail
  Context:
  audio: live=229156 sw->hw->conv_buf->size=1920
  A bug was just triggered in audio_pcm_hw_get_live_in
  Context:
  audio: live=229156 hw->conv_buf->size=1920
  A bug was just triggered in audio_get_avail
  Context:
  audio: live=229638 sw->hw->conv_buf->size=1920
  A bug was just triggered in audio_pcm_hw_get_live_in
  Context:
  audio: live=229638 hw->conv_buf->size=1920
  A bug was just triggered in audio_get_avail
  Context:
  audio: live=230119 sw->hw->conv_buf->size=1920
  A bug was just triggered in audio_pcm_hw_get_live_in
  Context:
  audio: live=230119 hw->conv_buf->size=1920
  A bug was just triggered in audio_get_avail
  Context:
  audio: live=230600 sw->hw->conv_buf->size=1920
  A bug was just triggered in audio_pcm_hw_get_live_in
  Context:
  audio: live=230600 hw->conv_buf->size=1920
  A bug was just triggered in audio_get_avail
  Context:
  audio: live=231081 sw->hw->conv_buf->size=1920

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1880066/+subscriptions

Re: [PATCH v2 2/3] docs: add qemu-storage-daemon(1) man page

[Kevin Wolf]

Am 10.09.2020 um 16:43 hat Stefan Hajnoczi geschrieben:
> Document the qemu-storage-daemon tool. Most of the command-line options
> are identical to their QEMU counterparts. Perhaps Sphinx hxtool
> integration could be extended to extract documentation for individual
> command-line options so they can be shared. For now the
> qemu-storage-daemon simply refers to the qemu(1) man page where the
> command-line options are identical.
> 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  docs/tools/conf.py |   2 +
>  docs/tools/index.rst   |   1 +
>  docs/tools/qemu-storage-daemon.rst | 121 +
>  3 files changed, 124 insertions(+)
>  create mode 100644 docs/tools/qemu-storage-daemon.rst
> 
> diff --git a/docs/tools/conf.py b/docs/tools/conf.py
> index 9052d17d6d..c16290e716 100644
> --- a/docs/tools/conf.py
> +++ b/docs/tools/conf.py
> @@ -20,6 +20,8 @@ html_theme_options['description'] = \
>  man_pages = [
>  ('qemu-img', 'qemu-img', u'QEMU disk image utility',
>   ['Fabrice Bellard'], 1),
> +('qemu-storage-daemon', 'qemu-storage-daemon', u'QEMU storage daemon',
> + [], 1),
>  ('qemu-nbd', 'qemu-nbd', u'QEMU Disk Network Block Device Server',
>   ['Anthony Liguori '], 8),

> diff --git a/docs/tools/index.rst b/docs/tools/index.rst
> index 232ce9f3e4..9b076adb62 100644
> --- a/docs/tools/index.rst
> +++ b/docs/tools/index.rst
> @@ -11,6 +11,7 @@ Contents:
> :maxdepth: 2
>  
> qemu-img
> +   qemu-storage-daemon
> qemu-nbd
> qemu-trace-stap
> virtfs-proxy-helper
> diff --git a/docs/tools/qemu-storage-daemon.rst 
> b/docs/tools/qemu-storage-daemon.rst
> new file mode 100644
> index 00..a0b8b1a2bf
> --- /dev/null
> +++ b/docs/tools/qemu-storage-daemon.rst
> @@ -0,0 +1,121 @@
> +QEMU Storage Daemon
> +===
> +
> +Synopsis
> +
> +
> +**qemu-storage-daemon** [options]
> +
> +Description
> +---
> +
> +qemu-storage-daemon provides disk image functionality from QEMU, qemu-img, 
> and
> +qemu-nbd in a long-running process controlled via QMP commands without 
> running
> +a virtual machine. It can export disk images over NBD, run block job

While this is true today, I think we should phrase it in a more generic
way so that we don't have to modify it each time we add something.

Specifically, I wouldn't mention NBD here, but just say "can export disk
images". If you want, you can add something like "(e.g. over NBD)" to
make clear that this won't be the only option.

> +operations, and perform other disk-related operations. The daemon is 
> controlled
> +via a QMP monitor socket and initial configuration from the command-line.

Likewise I would s/socket// because you can have the QMP monitor on any
chardev. It could be a socket, it could be stdio, maybe there is even a
third option that makes sense.

> +The daemon offers the following subset of QEMU features:
> +
> +* Blockdev nodes

I think we call this "Block nodes" usually in documentation.

> +* Block jobs
> +* NBD server

Let's make this "Block exports"

> +* Character devices
> +* Crypto and secrets
> +* QMP

If we mention crypto/secrets, should we also mention iothreads
explicitly? Or throttle groups?

Or again more generically something like "User-creatable QOM objects
such as crypto secrets and iothread"?

> +Commands can be sent over a QEMU Monitor Protocol (QMP) connection. See the
> +:manpage:`qemu-storage-daemon-qmp-ref(7)` manual page for a description of 
> the
> +commands.
> +
> +The daemon runs until it is stopped using the ``quit`` QMP command or
> +SIGINT/SIGHUP/SIGTERM.
> +
> +**Warning:** Never modify images in use by a running virtual machine or any
> +other process; this may destroy the image. Also, be aware that querying an
> +image that is being modified by another process may encounter inconsistent
> +state.
> +
> +Options
> +---
> +
> +.. program:: qemu-storage-daemon
> +
> +Standard options:
> +
> +.. option:: -h, --help
> +
> +  Display this help and exit

It's not "this" help in the man page.

> +.. option:: -V, --version
> +
> +  Display version information and exit
> +
> +.. option:: -T, --trace [[enable=]PATTERN][,events=FILE][,file=FILE]
> +
> +  .. include:: ../qemu-option-trace.rst.inc
> +
> +.. option:: --blockdev BLOCKDEVDEF
> +
> +  is a blockdev node definition. See the :manpage:`qemu(1)` manual page for a
> +  description of blockdev node properties and the
> +  :manpage:`qemu-block-drivers(7)` manual page for a description of
> +  driver-specific parameters.

s/blockdev/block/g

qemu-block-drivers(7) was originally a list of options for 'qemu-img
create'. I see that it now describes runtime options for some drivers (in
particular the network drivers), but not the image format drivers.

I guess this needs some cleanup so that create options and runtime
options are clearly separated, and that runtime options for format
drivers are documented.

It doesn't have to stop this patch, though the reference coul

[PATCH] version.texi.in: remove

[Paolo Bonzini]

This is not needed anymore, since there aren't any more Texinfo
sources.

Signed-off-by: Paolo Bonzini 
---
 version.texi.in | 2 --
 1 file changed, 2 deletions(-)
 delete mode 100644 version.texi.in

diff --git a/version.texi.in b/version.texi.in
deleted file mode 100644
index 0a723b8be6..00
--- a/version.texi.in
+++ /dev/null
@@ -1,2 +0,0 @@
-@set VERSION @VERSION@
-@set CONFDIR @qemu_confdir@
-- 
2.26.2

Re: [PATCH v4 0/4] pc-bios: s390x: Cleanup part 2

[Thomas Huth]

On 06/10/2020 11.42, Janosch Frank wrote:

So, here are a few more cleanup patches mostly cleaning up ipl code
and some of the assembly.

The patches are available here:
https://github.com/frankjaa/qemu/pull/new/cleanup_bios2

CI:
https://gitlab.com/frankja/qemu/-/pipelines/198568601

v4:
* Dropped ext/io new PSW patch to speed up review


Thanks, I've queued the patches to my s390-ccw-bios branch:

 https://gitlab.com/huth/qemu/-/commits/s390-ccw-bios/

  Thomas

Re: [PATCH v2 1/3] docs: generate qemu-storage-daemon-qmp-ref(7) man page

[Kevin Wolf]

Am 10.09.2020 um 16:43 hat Stefan Hajnoczi geschrieben:
> Although qemu-storage-daemon QMP commands are identical to QEMU QMP
> commands they are a subset. Generate a manual page of just the commands
> supported by qemu-storage-daemon so that users know exactly what is
> available in qemu-storage-daemon.
> 
> Add an h1 heading in storage-daemon/qapi/qapi-schema.json so that
> block-core.json is at the h2 heading level.
> 
> Signed-off-by: Stefan Hajnoczi 

As the series doesn't apply any more, I can't actually try it out
easily, but is the order of includes in the schema right now?

I seem to remember that in v1 we discussed that nested includes result
in an unexpected section structure in the documentation in some cases
(such as generic jobs being documented in a subsection of block
devices), and that we need to reorder includes in qapi-schema.json to
fix this because a more clever doc generator wasn't considered worth the
effort.

Kevin

Re: [PATCH v2 3/3] MAINTAINERS: add Kevin Wolf as storage daemon maintainer

[Kevin Wolf]

Am 10.09.2020 um 16:44 hat Stefan Hajnoczi geschrieben:
> The MAINTAINERS file was not updated when the storage daemon was merged.
> 
> Signed-off-by: Stefan Hajnoczi 

Acked-by: Kevin Wolf 

Re: [PATCH v3] scripts: Convert qemu-version.sh to qemu-version.py

[Peter Maydell]

On Mon, 5 Oct 2020 at 20:51, Yonggang Luo  wrote:
>
> The sh script are harder to maintain for compatible different
> xsh environment so convert it to python script
> Also incorporate the fixes in
> https://patchew.org/QEMU/20200929143654.518157-1-marcandre.lur...@redhat.com/
>
> Testing args length and if not enough, setting pkgversion and version to ''
>
> +#
> +# Script for retrieve qemu git version information
> +#
> +# Author: Yonggang Luo 
> +#
> +# This work is licensed under the terms of the GNU GPL, version 2.  See
> +# the COPYING file in the top-level directory.

Does this have to be GPL-v2-only ? We strongly prefer
v2-or-later...

thanks
-- PMM

Re: [Bug 1772165] Re: arm raspi2/raspi3 emulation has no USB support

[Peter Maydell]

On Mon, 5 Oct 2020 at 21:38, mcandre <1772...@bugs.launchpad.net> wrote:
> Which Beagle boards, Jetson Nano, other devices have rich support from
> qemu? ARM is critical going forward.

If you just want to be able to run a Linux kernel and Arm
userspace code and you don't have a strong preference
for which board to use, we recommend using the 'virt'
board. See the notes on choosing a board model in the docs:
https://www.qemu.org/docs/master/system/target-arm.html#choosing-a-board-model

thanks
-- PMM

Re: [PATCH] vhost: Ignore vrings in dirty log when using a vIOMMU

[Michael S. Tsirkin]

On Tue, Oct 06, 2020 at 11:58:50AM +0200, Greg Kurz wrote:
> On Mon, 5 Oct 2020 10:18:03 -0400
> "Michael S. Tsirkin"  wrote:
> 
> > On Mon, Sep 28, 2020 at 09:37:18AM +0200, Greg Kurz wrote:
> > > On Mon, 28 Sep 2020 16:23:43 +1000
> > > David Gibson  wrote:
> > > 
> > > > On Fri, Sep 25, 2020 at 07:29:43PM +0200, Greg Kurz wrote:
> > > > > When a vIOMMU is present, any address comming from the guest is an IO
> > > > > virtual address, including those of the vrings. The backend's accesses
> > > > > to the vrings happen through vIOMMU translation : the backend hence
> > > > > only logs the final guest physical address, not the IO virtual one.
> > > > > It thus doesn't make sense to make room for the vring addresses in the
> > > > > dirty log in this case.
> > > > > 
> > > > > This fixes a crash of the source when migrating a guest using 
> > > > > in-kernel
> > > > > vhost-net and iommu_platform=on on POWER, because DMA regions are put
> > > > > at very high addresses and the resulting log size is likely to cause
> > > > > g_malloc0() to abort.
> > > > > 
> > > > > BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1879349
> > > > > Signed-off-by: Greg Kurz 
> > > > 
> > > > I'm a little confused as to what's going on here.  Obviously
> > > > allocating dirty bitmaps in IOVA space doesn't make much sense.
> > > > But.. in all cases isn't the ring ending up in guest memory, whether
> > > > translated or not.  So why do specific addresses of the ring make a
> > > > difference in *any* case.
> > > > 
> > > 
> > > I admit I'm a bit surprised as well... I can't think of a scenario
> > > where the address of the used ring would be higher than the guest
> > > memory... Maybe MST can shed some light here ?
> > 
> > So the original idea was that vring itself is specified in
> > terms of HVA as opposed to rest of stuff which is specified
> > in terms of GPA.
> 
> The vring itself is indeed described in term of HVA (vq->used) but
> when it comes to the dirty log, QEMU passes the GPA of the used
> structure to the vhost backend:
> 
> >From vhost_virtqueue_set_addr():
> 
> addr.log_guest_addr = vq->used_phys;
>   ^^ GPA ^^
> addr.flags = enable_log ? (1 << VHOST_VRING_F_LOG) : 0;
> r = dev->vhost_ops->vhost_set_vring_addr(dev, &addr);

Right. The point being we either use the log bitmap or the ring aliasing
trick to track memory changes, not both. If we used the ring aliasing
trick then presumably VHOST_VRING_F_LOG would be clear and then
log_guest_addr is unused.

> And the sizing of the bitmap computed in vhost_get_log_size() is
> also based on this GPA:
> 
> for (i = 0; i < dev->nvqs; ++i) {
> struct vhost_virtqueue *vq = dev->vqs + i;
> 
> if (!vq->used_phys && !vq->used_size) {
> continue;
> }
> 
> uint64_t last = vq->used_phys + vq->used_size - 1;
> ^^ GPA ^^
> log_size = MAX(log_size, last / VHOST_LOG_CHUNK + 1);
> }
>
> With platform_iommu=off, I couldn't find a case where this second
> loop in vhost_get_log_size() increases the log size actually... and
> when platform_iommu=on, vq->used_phys is a GIOVA that my other patches
> you've already merged in the kernel explicitly ignore when it comes to
> the dirty log... So it really seems that this loop is useless for the
> general case. If it is there to address some corner case, I guess it
> deserves a comment at the very least.
> 
> Cheers,
> 
> --
> Greg
> 
> > This way we wanted to support e.g. migration by vhost writing into
> > qemu address space, qemu copying data to guest memory.
> > 
> > 
> > 
> > 
> > > > > ---
> > > > >  hw/virtio/vhost.c |   38 --
> > > > >  1 file changed, 24 insertions(+), 14 deletions(-)
> > > > > 
> > > > > diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> > > > > index 1a1384e7a642..0b83d6b8e65e 100644
> > > > > --- a/hw/virtio/vhost.c
> > > > > +++ b/hw/virtio/vhost.c
> > > > > @@ -106,6 +106,20 @@ static void vhost_dev_sync_region(struct 
> > > > > vhost_dev *dev,
> > > > >  }
> > > > >  }
> > > > >  
> > > > > +static int vhost_dev_has_iommu(struct vhost_dev *dev)
> > > > > +{
> > > > > +VirtIODevice *vdev = dev->vdev;
> > > > > +
> > > > > +/*
> > > > > + * For vhost, VIRTIO_F_IOMMU_PLATFORM means the backend support
> > > > > + * incremental memory mapping API via IOTLB API. For platform 
> > > > > that
> > > > > + * does not have IOMMU, there's no need to enable this feature
> > > > > + * which may cause unnecessary IOTLB miss/update trnasactions.
> > > > > + */
> > > > > +return vdev->dma_as != &address_space_memory &&
> > > > > +   virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
> > > > > +}
> > > > > +
> > > > >  static int vhost_sync_dirty_bitmap(struct vhost_dev *dev,
> > > > > MemoryRegionSection *section,
> > > > > hwaddr first,
> 

Re: [RFC PATCH 09/21] contrib/gitdm: Add Nutanix to the domain map

[Prerna Saxena]

On 04/10/20, 11:35 PM, "Philippe Mathieu-Daudé"  wrote:

There is a number of contributors from this domain,
add its own entry to the gitdm domain map.

Cc: Ani Sinha 
Cc: David Vrabel 
Cc: Felipe Franciosi 
Cc: Jonathan Davies 
Cc: Malcolm Crossley 
Cc: Mike Cui 
Cc: Peter Turschmid 
Cc: Prerna Saxena 
Cc: Raphael Norwitz 
Cc: Swapnil Ingle 
Cc: Ani Sinha 
Signed-off-by: Philippe Mathieu-Daudé 
---
One Reviewed-by/Ack-by from someone from this domain
should be sufficient to get this patch merged.

Ani, can you confirm the a...@anisinha.ca email?
Should it go into 'individual contributors' instead?
---
 contrib/gitdm/domain-map| 1 +
 contrib/gitdm/group-map-nutanix | 2 ++
 gitdm.config| 1 +
 3 files changed, 4 insertions(+)
 create mode 100644 contrib/gitdm/group-map-nutanix

diff --git a/contrib/gitdm/domain-map b/contrib/gitdm/domain-map
index 4850eab4c4..39251fd97c 100644
--- a/contrib/gitdm/domain-map
+++ b/contrib/gitdm/domain-map
@@ -24,6 +24,7 @@ linaro.org  Linaro
 codesourcery.com Mentor Graphics
 microsoft.com   Microsoft
 nokia.com   Nokia
+nutanix.com Nutanix
 oracle.com  Oracle
 proxmox.com Proxmox
 redhat.com  Red Hat
diff --git a/contrib/gitdm/group-map-nutanix 
b/contrib/gitdm/group-map-nutanix
new file mode 100644
index 00..a3f11425b3
--- /dev/null
+++ b/contrib/gitdm/group-map-nutanix
@@ -0,0 +1,2 @@
+raphael.s.norw...@gmail.com
+a...@anisinha.ca
diff --git a/gitdm.config b/gitdm.config
index c01c219078..4f821ab8ba 100644
--- a/gitdm.config
+++ b/gitdm.config
@@ -37,6 +37,7 @@ GroupMap contrib/gitdm/group-map-cadence Cadence Design 
Systems
 GroupMap contrib/gitdm/group-map-codeweavers CodeWeavers
 GroupMap contrib/gitdm/group-map-ibm IBM
 GroupMap contrib/gitdm/group-map-janustech Janus Technologies
+GroupMap contrib/gitdm/group-map-nutanix Nutanix

-- 
2.26.2

LGTM. Raphael is still a part of Nutanix. I see Ani has already responded about 
him not being with the company anymore, so you might want to add him to the 
individual contributors' list.

Regards,
Prerna

Re: [PATCH] virtiofsd: avoid /proc/self/fd tempdir

[Dr. David Alan Gilbert]

* Stefan Hajnoczi (stefa...@redhat.com) wrote:
> In order to prevent /proc/self/fd escapes a temporary directory is
> created where /proc/self/fd is bind-mounted. This doesn't work on
> read-only file systems.
> 
> Avoid the temporary directory by bind-mounting /proc/self/fd over /proc.
> This does not affect other processes since we remounted / with MS_REC |
> MS_SLAVE. /proc must exist and virtiofsd does not use it so it's safe to
> do this.
> 
> Path traversal can be tested with the following function:
> 
>   static void test_proc_fd_escape(struct lo_data *lo)
>   {
>   int fd;
>   int level = 0;
>   ino_t last_ino = 0;
> 
>   fd = lo->proc_self_fd;
>   for (;;) {
>   struct stat st;
> 
>   if (fstat(fd, &st) != 0) {
>   perror("fstat");
>   return;
>   }
>   if (last_ino && st.st_ino == last_ino) {
>   fprintf(stderr, "inode number unchanged, stopping\n");
>   return;
>   }
>   last_ino = st.st_ino;
> 
>   fprintf(stderr, "Level %d dev %lu ino %lu\n", level,
>   (unsigned long)st.st_dev,
>   (unsigned long)last_ino);
>   fd = openat(fd, "..", O_PATH | O_DIRECTORY | O_NOFOLLOW);
>   level++;
>   }
>   }
> 
> Before and after this patch only Level 0 is displayed. Without
> /proc/self/fd bind-mount protection it is possible to traverse parent
> directories.
> 
> Fixes: 397ae982f4df4 ("virtiofsd: jail lo->proc_self_fd")
> Cc: Miklos Szeredi 
> Cc: Jens Freimann 
> Signed-off-by: Stefan Hajnoczi 

Yes, getting rid of the tmpdir altogether seems better.


Reviewed-by: Dr. David Alan Gilbert 

> ---
>  tools/virtiofsd/passthrough_ll.c | 34 +++-
>  1 file changed, 11 insertions(+), 23 deletions(-)
> 
> diff --git a/tools/virtiofsd/passthrough_ll.c 
> b/tools/virtiofsd/passthrough_ll.c
> index 0b229ebd57..6ae7ffcdd7 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -2393,8 +2393,6 @@ static void setup_wait_parent_capabilities(void)
>  static void setup_namespaces(struct lo_data *lo, struct fuse_session *se)
>  {
>  pid_t child;
> -char template[] = "virtiofsd-XX";
> -char *tmpdir;
>  
>  /*
>   * Create a new pid namespace for *child* processes.  We'll have to
> @@ -2458,33 +2456,23 @@ static void setup_namespaces(struct lo_data *lo, 
> struct fuse_session *se)
>  exit(1);
>  }
>  
> -tmpdir = mkdtemp(template);
> -if (!tmpdir) {
> -fuse_log(FUSE_LOG_ERR, "tmpdir(%s): %m\n", template);
> +/*
> + * We only need /proc/self/fd. Prevent ".." from accessing parent
> + * directories of /proc/self/fd by bind-mounting it over /proc. Since / 
> was
> + * previously remounted with MS_REC | MS_SLAVE this mount change only
> + * affects our process.
> + */
> +if (mount("/proc/self/fd", "/proc", NULL, MS_BIND, NULL) < 0) {
> +fuse_log(FUSE_LOG_ERR, "mount(/proc/self/fd, MS_BIND): %m\n");
>  exit(1);
>  }
>  
> -if (mount("/proc/self/fd", tmpdir, NULL, MS_BIND, NULL) < 0) {
> -fuse_log(FUSE_LOG_ERR, "mount(/proc/self/fd, %s, MS_BIND): %m\n",
> - tmpdir);
> -exit(1);
> -}
> -
> -/* Now we can get our /proc/self/fd directory file descriptor */
> -lo->proc_self_fd = open(tmpdir, O_PATH);
> +/* Get the /proc (actually /proc/self/fd, see above) file descriptor */
> +lo->proc_self_fd = open("/proc", O_PATH);
>  if (lo->proc_self_fd == -1) {
> -fuse_log(FUSE_LOG_ERR, "open(%s, O_PATH): %m\n", tmpdir);
> +fuse_log(FUSE_LOG_ERR, "open(/proc, O_PATH): %m\n");
>  exit(1);
>  }
> -
> -if (umount2(tmpdir, MNT_DETACH) < 0) {
> -fuse_log(FUSE_LOG_ERR, "umount2(%s, MNT_DETACH): %m\n", tmpdir);
> -exit(1);
> -}
> -
> -if (rmdir(tmpdir) < 0) {
> -fuse_log(FUSE_LOG_ERR, "rmdir(%s): %m\n", tmpdir);
> -}
>  }
>  
>  /*
> -- 
> 2.26.2
> 
-- 
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [PATCH v3] scripts: Convert qemu-version.sh to qemu-version.py

[Yonggang Luo]

On Tue, Oct 6, 2020 at 6:33 PM Peter Maydell 
wrote:
>
> On Mon, 5 Oct 2020 at 20:51, Yonggang Luo  wrote:
> >
> > The sh script are harder to maintain for compatible different
> > xsh environment so convert it to python script
> > Also incorporate the fixes in
> >
https://patchew.org/QEMU/20200929143654.518157-1-marcandre.lur...@redhat.com/
> >
> > Testing args length and if not enough, setting pkgversion and version
to ''
> >
> > +#
> > +# Script for retrieve qemu git version information
> > +#
> > +# Author: Yonggang Luo 
> > +#
> > +# This work is licensed under the terms of the GNU GPL, version 2.  See
> > +# the COPYING file in the top-level directory.
>
> Does this have to be GPL-v2-only ? We strongly prefer
> v2-or-later...
Directly copy from other python script, do you have a template for this?
>
> thanks
> -- PMM



--
 此致
礼
罗勇刚
Yours
sincerely,
Yonggang Luo

[PATCH 00/10] meson: Move the creation of the library to the main meson.build

[Philippe Mathieu-Daudé]

Make Meson machinery more consistent, as requested by Paolo.

Philippe Mathieu-Daudé (10):
  migration: Only add migration files to the Meson sourceset
  meson.build: Add comments to clarify code organization
  meson.build: Sort sourcesets alphabetically
  hw/core: Move the creation of the library to the main meson.build
  chardev: Move the creation of the library to the main meson.build
  migration: Move the creation of the library to the main meson.build
  io: Move the creation of the library to the main meson.build
  crypto: Move the creation of the library to the main meson.build
  authz: Move the creation of the library to the main meson.build
  qom: Move the creation of the library to the main meson.build

 meson.build   | 86 ++-
 authz/meson.build | 10 -
 chardev/meson.build   |  6 ---
 crypto/meson.build| 10 -
 hw/core/meson.build   |  6 ---
 io/meson.build| 10 -
 migration/meson.build |  8 +---
 qom/meson.build   |  8 
 8 files changed, 77 insertions(+), 67 deletions(-)

-- 
2.26.2

[PATCH 07/10] io: Move the creation of the library to the main meson.build

[Philippe Mathieu-Daudé]

Be consistent creating all the libraries in the main meson.build file.

Suggested-by: Paolo Bonzini 
Signed-off-by: Philippe Mathieu-Daudé 
---
 meson.build| 10 ++
 io/meson.build | 10 --
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/meson.build b/meson.build
index 55966c3b60..70545efd74 100644
--- a/meson.build
+++ b/meson.build
@@ -1064,6 +1064,7 @@ block_ss = ss.source_set()
 bsd_user_ss = ss.source_set()
 chardev_ss = ss.source_set()
 common_ss = ss.source_set()
+io_ss = ss.source_set()
 linux_user_ss = ss.source_set()
 qmp_ss = ss.source_set()
 softmmu_ss = ss.source_set()
@@ -1328,6 +1329,15 @@ qemu_syms = custom_target('qemu.syms', output: 
'qemu.syms',
 # Library dependencies #
 
 
+io_ss = io_ss.apply(config_host, strict: false)
+libio = static_library('io', io_ss.sources() + genh,
+   dependencies: [io_ss.dependencies()],
+   link_with: libqemuutil,
+   name_suffix: 'fa',
+   build_by_default: false)
+
+io = declare_dependency(link_whole: libio, dependencies: [crypto, qom])
+
 libmigration = static_library('migration', sources: migration_files + genh,
   name_suffix: 'fa',
   build_by_default: false)
diff --git a/io/meson.build b/io/meson.build
index 768c1b5ec3..bcd8b1e737 100644
--- a/io/meson.build
+++ b/io/meson.build
@@ -1,4 +1,3 @@
-io_ss = ss.source_set()
 io_ss.add(genh)
 io_ss.add(files(
   'channel-buffer.c',
@@ -14,12 +13,3 @@ io_ss.add(files(
   'net-listener.c',
   'task.c',
 ))
-
-io_ss = io_ss.apply(config_host, strict: false)
-libio = static_library('io', io_ss.sources() + genh,
-   dependencies: [io_ss.dependencies()],
-   link_with: libqemuutil,
-   name_suffix: 'fa',
-   build_by_default: false)
-
-io = declare_dependency(link_whole: libio, dependencies: [crypto, qom])
-- 
2.26.2