Re: [PATCH] tests/qtest: npcm7xx-emc-test: Skip checking MAC

[Thomas Huth]

On 20/09/2022 00.37, Patrick Venture wrote:



On Mon, Sep 19, 2022 at 5:44 AM Thomas Huth > wrote:


On 06/09/2022 18.31, Patrick Venture wrote:
 > The register tests walks all the registers to verify they are initially
 > 0 when appropriate.  However, if the MAC address is set in the register
 >    space, this should not be checked against 0.
 >
 > Reviewed-by: Hao Wu mailto:wuhao...@google.com>>
 > Change-Id: I02426e39bdab33ceedd42c49d233e8680d4ec058

What's that change-id good for?


Oops, sorry about that.  I can send out a v2 without it, or during 
application someone can nicely trim it? :)


I can take the patch through my qtest branch - I'll drop the line there.


Basically ack, but one question: Where should that non-zero MAC address
come
from / when did you hit a problem here? If QEMU is started without any mac
settings at all (like it is done here), the register never contains a
non-zero value, does it?


So, there's a bug in the emc device presently where that value isn't set 
when it should be.  I have that bug fixed, but for whatever reason, probably 
not enough caffeine, I didn't bundle the two patches together.


OK, makes sense now, thanks for the explanation!

 Thomas

Re: [PATCH 0/8] RFC: Pass tests for x86_64 machine types compiled individually

[Thomas Huth]

On 02/09/2022 19.34, Juan Quintela wrote:
[...]

There are interesting cases, and are the tests are run with the
default machine type (pc) but that work with either of them

[...]

This tests can be run with both machine types, but as we can't easily
put -machine on them (several of them are supposed to run on other
architectures), it is not "trivial to fix".  I have a "hack" on my
tree that gets the 1st machine available for this kind of tests and
changed qtest_init() to qtest_init_first() that does exactly that.
But I am not sure that is the way to go.


I don't think that this would be a reliable solution, e.g. with 
qemu-system-ppc64 or -aarch64, there are plenty of different machine types 
and you cannot simply grab the first one to hope that it is good enough to 
run the tests.



Another way for me to fix it
is just to change the Q35 machine to be the default for x86_64 when
I400FX is not compiled in, but it has other kind of troubles.


I think there was a consensus in the past to rather get away from default 
machine types, so I think that's also the wrong way to go.



I
started this wanting than all tests showed an explicit machine type,
but there is nothing easier to be done for this multiarch tests.


What about this idea: Introduce a "qtest_default_machine()" function that 
looks like this:


const char *qtest_default_machine(void)
{
if (g_strequal(arch, "i386") || g_strequal(arch, "x86_64")) {
if (qtest_has_machine("pc")) {
return "-machine pc";
} else if (qtest_has_machine("q35")) {
return "-machine q35";
} else {
abort(); // Or skip the test somehow?
}
}

if (g_strequal(arch, "arm") || g_strequal(arch, "aarch64")) {
/* ARM does not have a default machine, so use "virt" */
if (qtest_has_machine("virt")) {
return "-machine virt";
} else {
abort(); // Or skip the test somehow?
}

// ... similar logic for m68k, riscv, rx, avr and tricore ...

/* For all others use the default machine */
return "";
}

Then you could use this à la:

qts = qtest_init("%s ...", gtest_default_machine(), ...);

Or even add a wrapper function qtest_init_default_machine() for this?

 HTH,
  Thomas

Re: [PATCH 8/8] meson-build: test-crypto-secret depends on CONFIG_SECRET_KEYRING

[Daniel P . Berrangé]

On Fri, Sep 02, 2022 at 06:51:26PM +0200, Juan Quintela wrote:
> With this change "make check" works when configured with --disable-keyring.
> 
> Signed-off-by: Juan Quintela 
> ---
>  tests/unit/meson.build | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/unit/meson.build b/tests/unit/meson.build
> index b497a41378..988aed27cb 100644
> --- a/tests/unit/meson.build
> +++ b/tests/unit/meson.build
> @@ -78,7 +78,6 @@ if have_block
>  'test-crypto-hmac': [crypto],
>  'test-crypto-cipher': [crypto],
>  'test-crypto-akcipher': [crypto],
> -'test-crypto-secret': [crypto, keyutils],
>  'test-crypto-der': [crypto],
>  'test-authz-simple': [authz],
>  'test-authz-list': [authz],
> @@ -122,6 +121,9 @@ if have_block
>if config_host_data.get('CONFIG_EPOLL_CREATE1')
>  tests += {'test-fdmon-epoll': [testblock]}
>endif
> +  if config_host_data.get('CONFIG_SECRET_KEYRING')
> +tests += {'test-crypto-secret': [crypto, keyutils]}
> +  endif
>  endif

This is not right, as it disables testing on all non-Linux platforms.
The code in test-crypto-secret is already conditional on CONFIG_KEYUTILS
so it can run on all platforms. The code just needs changing to be using
CONFIG_SECRET_KEYRING instead of CONFIG_KEYUTILS as the former is more
general. Don't touch the meson rules at all.


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[PATCH 1/3] Hexagon (target/hexagon) add instruction attributes from archlib

[Taylor Simpson]

The imported files from the architecture library have added some
instruction attributes.  Some of these will be used in a subsequent
patch for determing the size of a store.

Signed-off-by: Taylor Simpson 
---
 target/hexagon/attribs_def.h.inc  |  37 +++-
 target/hexagon/imported/ldst.idef | 122 +-
 target/hexagon/imported/subinsns.idef |  72 +++
 3 files changed, 133 insertions(+), 98 deletions(-)

diff --git a/target/hexagon/attribs_def.h.inc b/target/hexagon/attribs_def.h.inc
index dc890a557f..222ad95fb0 100644
--- a/target/hexagon/attribs_def.h.inc
+++ b/target/hexagon/attribs_def.h.inc
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -38,6 +38,16 @@ DEF_ATTRIB(SUBINSN, "sub-instruction", "", "")
 /* Load and Store attributes */
 DEF_ATTRIB(LOAD, "Loads from memory", "", "")
 DEF_ATTRIB(STORE, "Stores to memory", "", "")
+DEF_ATTRIB(STOREIMMED, "Stores immed to memory", "", "")
+DEF_ATTRIB(MEMSIZE_0B, "Memory width is 0 byte", "", "")
+DEF_ATTRIB(MEMSIZE_1B, "Memory width is 1 byte", "", "")
+DEF_ATTRIB(MEMSIZE_2B, "Memory width is 2 bytes", "", "")
+DEF_ATTRIB(MEMSIZE_4B, "Memory width is 4 bytes", "", "")
+DEF_ATTRIB(MEMSIZE_8B, "Memory width is 8 bytes", "", "")
+DEF_ATTRIB(REGWRSIZE_1B, "Memory width is 1 byte", "", "")
+DEF_ATTRIB(REGWRSIZE_2B, "Memory width is 2 bytes", "", "")
+DEF_ATTRIB(REGWRSIZE_4B, "Memory width is 4 bytes", "", "")
+DEF_ATTRIB(REGWRSIZE_8B, "Memory width is 8 bytes", "", "")
 DEF_ATTRIB(MEMLIKE, "Memory-like instruction", "", "")
 DEF_ATTRIB(MEMLIKE_PACKET_RULES, "follows Memory-like packet rules", "", "")
 
@@ -71,6 +81,11 @@ DEF_ATTRIB(COF, "Change-of-flow instruction", "", "")
 DEF_ATTRIB(CONDEXEC, "May be cancelled by a predicate", "", "")
 DEF_ATTRIB(DOTNEWVALUE, "Uses a register value generated in this pkt", "", "")
 DEF_ATTRIB(NEWCMPJUMP, "Compound compare and jump", "", "")
+DEF_ATTRIB(NVSTORE, "New-value store", "", "")
+DEF_ATTRIB(MEMOP, "memop", "", "")
+
+DEF_ATTRIB(ROPS_2, "Compound instruction worth 2 RISC-ops", "", "")
+DEF_ATTRIB(ROPS_3, "Compound instruction worth 3 RISC-ops", "", "")
 
 /* access to implicit registers */
 DEF_ATTRIB(IMPLICIT_WRITES_LR, "Writes the link register", "", "UREG.LR")
@@ -87,6 +102,9 @@ DEF_ATTRIB(IMPLICIT_WRITES_P3, "May write Predicate 3", "", 
"UREG.P3")
 DEF_ATTRIB(IMPLICIT_READS_PC, "Reads the PC register", "", "")
 DEF_ATTRIB(IMPLICIT_WRITES_USR, "May write USR", "", "")
 DEF_ATTRIB(WRITES_PRED_REG, "Writes a predicate register", "", "")
+DEF_ATTRIB(COMMUTES, "The operation is communitive", "", "")
+DEF_ATTRIB(DEALLOCRET, "dealloc_return", "", "")
+DEF_ATTRIB(DEALLOCFRAME, "deallocframe", "", "")
 
 DEF_ATTRIB(CRSLOT23, "Can execute in slot 2 or slot 3 (CR)", "", "")
 DEF_ATTRIB(IT_NOP, "nop instruction", "", "")
@@ -94,17 +112,21 @@ DEF_ATTRIB(IT_EXTENDER, "constant extender instruction", 
"", "")
 
 
 /* Restrictions to make note of */
+DEF_ATTRIB(RESTRICT_COF_MAX1, "One change-of-flow per packet", "", "")
+DEF_ATTRIB(RESTRICT_NOPACKET, "Not allowed in a packet", "", "")
 DEF_ATTRIB(RESTRICT_SLOT0ONLY, "Must execute on slot0", "", "")
 DEF_ATTRIB(RESTRICT_SLOT1ONLY, "Must execute on slot1", "", "")
 DEF_ATTRIB(RESTRICT_SLOT2ONLY, "Must execute on slot2", "", "")
 DEF_ATTRIB(RESTRICT_SLOT3ONLY, "Must execute on slot3", "", "")
 DEF_ATTRIB(RESTRICT_NOSLOT1, "No slot 1 instruction in parallel", "", "")
 DEF_ATTRIB(RESTRICT_PREFERSLOT0, "Try to encode into slot 0", "", "")
+DEF_ATTRIB(RESTRICT_PACKET_AXOK, "May exist with A-type or X-type", "", "")
 
 DEF_ATTRIB(ICOP, "Instruction cache op", "", "")
 
 DEF_ATTRIB(HWLOOP0_END, "Ends HW loop0", "", "")
 DEF_ATTRIB(HWLOOP1_END, "Ends HW loop1", "", "")
+DEF_ATTRIB(RET_TYPE, "return type", "", "")
 DEF_ATTRIB(DCZEROA, "dczeroa type", "", "")
 DEF_ATTRIB(ICFLUSHOP, "icflush op type", "", "")
 DEF_ATTRIB(DCFLUSHOP, "dcflush op type", "", "")
@@ -116,5 +138,18 @@ DEF_ATTRIB(L2FETCH, "Instruction is l2fetch type", "", "")
 DEF_ATTRIB(ICINVA, "icinva", "", "")
 DEF_ATTRIB(DCCLEANINVA, "dccleaninva", "", "")
 
+/* Documentation Notes */
+DEF_ATTRIB(NOTE_CONDITIONAL, "can be conditionally executed", "", "")
+DEF_ATTRIB(NOTE_NEWVAL_SLOT0, "New-value oprnd must execute on slot 0", "", "")
+DEF_ATTRIB(NOTE_PRIV, "Monitor-level feature", "", "")
+DEF_ATTRIB(NOTE_NOPACKET, "solo instruction", "", "")
+DEF_ATTRIB(NOTE_AXOK, "May only be grouped with ALU32 or non-FP XTYPE.", "", 
"")
+DEF_ATTRIB(NOTE_LATEPRED, "The predicate can not be used as a .new", "", "")
+DEF_ATTRIB(NOTE_NVSLOT0, "Can execute only in slot 0 (ST)", "", "")
+
+/* Restrictions to make note of */
+DEF_ATTRIB(RESTRICT_NOSLOT1_STORE, "Packet must not have slot 1 store", "", "")
+DEF_ATTRIB(RES

[PATCH 0/3] Hexagon (target/hexagon) improve store handling

[Taylor Simpson]

Make store handling faster and more robust

Taylor Simpson (3):
  Hexagon (target/hexagon) add instruction attributes from archlib
  Hexagon (target/hexagon) move store size tracking to translation
  Hexagon (target/hexagon) Change decision to set pkt_has_store_s[01]

 target/hexagon/macros.h   |   8 +-
 target/hexagon/attribs_def.h.inc  |  38 +++-
 target/hexagon/decode.c   |  17 ++--
 target/hexagon/genptr.c   |  36 +++-
 target/hexagon/translate.c|  36 +++-
 target/hexagon/hex_common.py  |   3 +-
 target/hexagon/imported/ldst.idef | 122 +-
 target/hexagon/imported/subinsns.idef |  72 +++
 8 files changed, 196 insertions(+), 136 deletions(-)

-- 
2.17.1

Re: Maximum QMP reply size

[Daniel P . Berrangé]

On Mon, Sep 19, 2022 at 08:45:07AM +0200, Markus Armbruster wrote:
> Daniel P. Berrangé  writes:
> 
> > On Fri, Sep 16, 2022 at 04:12:00PM +0100, Peter Maydell wrote:
> >> On Thu, 15 Sept 2022 at 16:21, Dr. David Alan Gilbert
> >>  wrote:
> >> >
> >> > * Peter Maydell (peter.mayd...@linaro.org) wrote:
> >> > > On Tue, 6 Sept 2022 at 20:41, John Snow  wrote:
> >> > > > Hi, I suspect I have asked this before, but I didn't write it down in
> >> > > > a comment, so I forget my justification...
> >> > > >
> >> > > > In the QMP lib, we need to set a buffering limit for how big a QMP
> >> > > > message can be -- In practice, I found that the largest possible
> >> > > > response was the QAPI schema reply, and I set the code to this:
> >> > > >
> >> > > > # Maximum allowable size of read buffer
> >> > > > _limit = (64 * 1024)
> >> > > >
> >> > > > However, I didn't document if this was a reasonable limit or just a
> >> > > > "worksforme" one. I assume that there's no hard limit for the 
> >> > > > protocol
> >> > > > or the implementation thereof in QEMU. Is there any kind of value 
> >> > > > here
> >> > > > that would be more sensible than another?
> >> > > >
> >> > > > I'm worried that if replies get bigger in the future (possibly in 
> >> > > > some
> >> > > > degenerate case I am presently unaware of) that the library default
> >> > > > will become nonsensical.
> >> > >
> >> > > There are some QMP commands which return lists of things
> >> > > where we put no inherent limit on how many things there
> >> > > are in the list, like qom-list-types. We'd have to be getting
> >> > > a bit enthusiastic about defining types for that to get
> >> > > up towards 64K's worth of response, but it's not inherently
> >> > > impossible. I think using human-monitor-command to send
> >> > > an 'xp' HMP command is also a way to get back an arbitrarily
> >> > > large string (just ask for a lot of memory to be dumped).
> >> >
> >> > We could put size limits on xp; most Humans will only dump a few kB
> >> > maximum like that, any larger and you can dump to file.
> >> 
> >> Sure, we could, but why? It's not clear to me why a consumer
> >> of QMP needs to impose a maximum message size limit on it:
> >> I thought it was just JSON. Fixed buffer sizes are very 1980s :-)
> >
> > Well even if they parse the JSON as it streams in, rather than
> > reading the whole doc and then parsing it in one go, you still
> > need to have limits on any sane QMP client.
> >
> > The QEMU process is an untrusted component in the stack, talking
> > to a trusted mgmt layer. If the QEMU process sends a 1 TB JSON
> > message as a QMP reply, the mgmt layer must not try to parse
> > that as they'll let loose the kraken^H^H^H^H^H OOM killer.
> >
> > To be robust against either a malicious or mis-behaving QEMU
> > they need to impose a limit on the size of QMP response they'll
> > be willing to process. The challenge is figuring out what limit
> > is big enough to handle any conceivable valid message, while
> > being small enough to minimize denial of service risks.
> 
> Yes.
> 
> QEMU does this for QMP input.
> 
> Trying to defend against malicious QMP input would of course be
> pointless; if you can send QMP input, you "own" QEMU anyway.  It's
> defense against *accidents*.
> 
> The limits are extremely (overly?) generous: each command is limited to
> 1024 levels of nesting to protect the stack, 64MiB of total token size
> and 2Mi[*] tokens to protect the heap.
> 
> > NB, that's not the only thing clients need todo to protect from
> > a bad QEMU. Rate limiting consumption is potentially important too
> > lest a bad QEMU inflict a DoS on the CPU by sending such frequent
> > messages that the QMP client is burning 100% CPU just parsing
> > them.  I've not seen any QMP client do this in practice though,
> > not even libvirt has attempted it.
> 
> What could a management application do when it detects it can't /
> doesn't want to keep up with QMP output?

Gratuitously killing the VM is an option, but likely too harsh for
most scenarios.

Another option is to disconnect from QMP and then immediately connect
again, in the hope it was just a transient confused QEMU.

Another option would be to simply mark the VM as "broken", leave it
running but stop talking to QMP entirely. THe guest owner can still
use their VM, but can't make mgmt app changes and loose some monitoring
features. Possibly allow user to attempt a "repair" - ie disconnect
and reconnect.

Another option is to have a dedicated OS thread for handling the QMP
client side, and ensure that thread is under the same CPU usage limits
as the VM as a whole, so any excess CPU usage is accounted to the VM.

> >> If this is a common requirement then should we define something
> >> in the protocol where the client says "I can support messages
> >> up to this big" and then the server has to split things up?
> >
> > Splitting doesn't help protect against the DoS, because the QMP
> > client would have to reassembl

[PATCH 2/3] Hexagon (target/hexagon) move store size tracking to translation

[Taylor Simpson]

The store width is needed for packet commit, so it is stored in
ctx->store_width.  Currently, it is set when a store has a TCG
override instead of a QEMU helper.  In the QEMU helper case, the
ctx->store_width is not set, we invoke a helper during packet commit
that uses the runtime store width.

This patch ensures ctx->store_width is set for all store instructions,
so performance is improved because packet commit can generate the proper
TCG store rather than the generic helper.

We do this by
- Use the attributes from the instructions during translation to
  set ctx->store_width
- Remove setting of ctx->store_width from genptr.c

Signed-off-by: Taylor Simpson 
---
 target/hexagon/macros.h|  8 
 target/hexagon/genptr.c| 36 
 target/hexagon/translate.c | 26 ++
 3 files changed, 42 insertions(+), 28 deletions(-)

diff --git a/target/hexagon/macros.h b/target/hexagon/macros.h
index 92eb8bbf05..c8805bdaeb 100644
--- a/target/hexagon/macros.h
+++ b/target/hexagon/macros.h
@@ -156,7 +156,7 @@
 __builtin_choose_expr(TYPE_TCGV(X), \
 gen_store1, (void)0))
 #define MEM_STORE1(VA, DATA, SLOT) \
-MEM_STORE1_FUNC(DATA)(cpu_env, VA, DATA, ctx, SLOT)
+MEM_STORE1_FUNC(DATA)(cpu_env, VA, DATA, SLOT)
 
 #define MEM_STORE2_FUNC(X) \
 __builtin_choose_expr(TYPE_INT(X), \
@@ -164,7 +164,7 @@
 __builtin_choose_expr(TYPE_TCGV(X), \
 gen_store2, (void)0))
 #define MEM_STORE2(VA, DATA, SLOT) \
-MEM_STORE2_FUNC(DATA)(cpu_env, VA, DATA, ctx, SLOT)
+MEM_STORE2_FUNC(DATA)(cpu_env, VA, DATA, SLOT)
 
 #define MEM_STORE4_FUNC(X) \
 __builtin_choose_expr(TYPE_INT(X), \
@@ -172,7 +172,7 @@
 __builtin_choose_expr(TYPE_TCGV(X), \
 gen_store4, (void)0))
 #define MEM_STORE4(VA, DATA, SLOT) \
-MEM_STORE4_FUNC(DATA)(cpu_env, VA, DATA, ctx, SLOT)
+MEM_STORE4_FUNC(DATA)(cpu_env, VA, DATA, SLOT)
 
 #define MEM_STORE8_FUNC(X) \
 __builtin_choose_expr(TYPE_INT(X), \
@@ -180,7 +180,7 @@
 __builtin_choose_expr(TYPE_TCGV_I64(X), \
 gen_store8, (void)0))
 #define MEM_STORE8(VA, DATA, SLOT) \
-MEM_STORE8_FUNC(DATA)(cpu_env, VA, DATA, ctx, SLOT)
+MEM_STORE8_FUNC(DATA)(cpu_env, VA, DATA, SLOT)
 #else
 #define MEM_LOAD1s(VA) ((int8_t)mem_load1(env, slot, VA))
 #define MEM_LOAD1u(VA) ((uint8_t)mem_load1(env, slot, VA))
diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
index 8a334ba07b..806d0974ff 100644
--- a/target/hexagon/genptr.c
+++ b/target/hexagon/genptr.c
@@ -401,62 +401,50 @@ static inline void gen_store32(TCGv vaddr, TCGv src, int 
width, int slot)
 tcg_gen_mov_tl(hex_store_val32[slot], src);
 }
 
-static inline void gen_store1(TCGv_env cpu_env, TCGv vaddr, TCGv src,
-  DisasContext *ctx, int slot)
+static inline void gen_store1(TCGv_env cpu_env, TCGv vaddr, TCGv src, int slot)
 {
 gen_store32(vaddr, src, 1, slot);
-ctx->store_width[slot] = 1;
 }
 
-static inline void gen_store1i(TCGv_env cpu_env, TCGv vaddr, int32_t src,
-   DisasContext *ctx, int slot)
+static inline void gen_store1i(TCGv_env cpu_env, TCGv vaddr, int32_t src, int 
slot)
 {
 TCGv tmp = tcg_constant_tl(src);
-gen_store1(cpu_env, vaddr, tmp, ctx, slot);
+gen_store1(cpu_env, vaddr, tmp, slot);
 }
 
-static inline void gen_store2(TCGv_env cpu_env, TCGv vaddr, TCGv src,
-  DisasContext *ctx, int slot)
+static inline void gen_store2(TCGv_env cpu_env, TCGv vaddr, TCGv src, int slot)
 {
 gen_store32(vaddr, src, 2, slot);
-ctx->store_width[slot] = 2;
 }
 
-static inline void gen_store2i(TCGv_env cpu_env, TCGv vaddr, int32_t src,
-   DisasContext *ctx, int slot)
+static inline void gen_store2i(TCGv_env cpu_env, TCGv vaddr, int32_t src, int 
slot)
 {
 TCGv tmp = tcg_constant_tl(src);
-gen_store2(cpu_env, vaddr, tmp, ctx, slot);
+gen_store2(cpu_env, vaddr, tmp, slot);
 }
 
-static inline void gen_store4(TCGv_env cpu_env, TCGv vaddr, TCGv src,
-  DisasContext *ctx, int slot)
+static inline void gen_store4(TCGv_env cpu_env, TCGv vaddr, TCGv src, int slot)
 {
 gen_store32(vaddr, src, 4, slot);
-ctx->store_width[slot] = 4;
 }
 
-static inline void gen_store4i(TCGv_env cpu_env, TCGv vaddr, int32_t src,
-   DisasContext *ctx, int slot)
+static inline void gen_store4i(TCGv_env cpu_env, TCGv vaddr, int32_t src, int 
slot)
 {
 TCGv tmp = tcg_constant_tl(src);
-gen_store4(cpu_env, vaddr, tmp, ctx, slot);
+gen_store4(cpu_env, vaddr, tmp, slot);
 }
 
-static inline void gen_store8(TCGv_env cpu_env, TCGv vaddr, TCGv_i64 src,
-  DisasContext *ctx, int slot)
+static inline void gen_store8(TCGv_env cpu_env, TCGv vaddr, TCGv_i64 src, int 
slot)
 {
 tcg_gen_mov_tl(hex_store_addr[slot], vaddr);
 tcg_gen_movi_tl(hex_store_width[slot], 8);
   

[PATCH v1 1/1] hw/arm/xlnx-zynqmp: Connect ZynqMP's USB controllers

[Francisco Iglesias]

From: Francisco Iglesias 

Connect ZynqMP's USB controllers.

Signed-off-by: Francisco Iglesias 
---
 hw/arm/xlnx-zynqmp.c | 36 
 include/hw/arm/xlnx-zynqmp.h |  3 +++
 2 files changed, 39 insertions(+)

diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 383e177a00..335cfc417d 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -143,6 +143,14 @@ static const int adma_ch_intr[XLNX_ZYNQMP_NUM_ADMA_CH] = {
 77, 78, 79, 80, 81, 82, 83, 84
 };
 
+static const uint64_t usb_addr[XLNX_ZYNQMP_NUM_USB] = {
+0xFE20, 0xFE30
+};
+
+static const int usb_intr[XLNX_ZYNQMP_NUM_USB] = {
+65, 70
+};
+
 typedef struct XlnxZynqMPGICRegion {
 int region_index;
 uint32_t address;
@@ -428,6 +436,10 @@ static void xlnx_zynqmp_init(Object *obj)
 object_initialize_child(obj, "qspi-dma", &s->qspi_dma, TYPE_XLNX_CSU_DMA);
 object_initialize_child(obj, "qspi-irq-orgate",
 &s->qspi_irq_orgate, TYPE_OR_IRQ);
+
+for (i = 0; i < XLNX_ZYNQMP_NUM_USB; i++) {
+object_initialize_child(obj, "usb[*]", &s->usb[i], TYPE_USB_DWC3);
+}
 }
 
 static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
@@ -814,6 +826,30 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
**errp)
 object_property_add_alias(OBJECT(s), bus_name,
   OBJECT(&s->qspi), target_bus);
 }
+
+for (i = 0; i < XLNX_ZYNQMP_NUM_USB; i++) {
+if (!object_property_set_link(OBJECT(&s->usb[i].sysbus_xhci), "dma",
+  OBJECT(system_memory), errp)) {
+return;
+}
+
+qdev_prop_set_uint32(DEVICE(&s->usb[i].sysbus_xhci), "intrs", 4);
+qdev_prop_set_uint32(DEVICE(&s->usb[i].sysbus_xhci), "slots", 2);
+
+if (!sysbus_realize(SYS_BUS_DEVICE(&s->usb[i]), errp)) {
+return;
+}
+
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->usb[i]), 0, usb_addr[i]);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->usb[i].sysbus_xhci), 0,
+   gic_spi[usb_intr[i]]);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->usb[i].sysbus_xhci), 1,
+   gic_spi[usb_intr[i] + 1]);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->usb[i].sysbus_xhci), 2,
+   gic_spi[usb_intr[i] + 2]);
+sysbus_connect_irq(SYS_BUS_DEVICE(&s->usb[i].sysbus_xhci), 3,
+   gic_spi[usb_intr[i] + 3]);
+}
 }
 
 static Property xlnx_zynqmp_props[] = {
diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
index 85fd9f53da..20bdf894aa 100644
--- a/include/hw/arm/xlnx-zynqmp.h
+++ b/include/hw/arm/xlnx-zynqmp.h
@@ -42,6 +42,7 @@
 #include "hw/misc/xlnx-zynqmp-apu-ctrl.h"
 #include "hw/misc/xlnx-zynqmp-crf.h"
 #include "hw/timer/cadence_ttc.h"
+#include "hw/usb/hcd-dwc3.h"
 
 #define TYPE_XLNX_ZYNQMP "xlnx-zynqmp"
 OBJECT_DECLARE_SIMPLE_TYPE(XlnxZynqMPState, XLNX_ZYNQMP)
@@ -56,6 +57,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(XlnxZynqMPState, XLNX_ZYNQMP)
 #define XLNX_ZYNQMP_NUM_SPIS 2
 #define XLNX_ZYNQMP_NUM_GDMA_CH 8
 #define XLNX_ZYNQMP_NUM_ADMA_CH 8
+#define XLNX_ZYNQMP_NUM_USB 2
 
 #define XLNX_ZYNQMP_NUM_QSPI_BUS 2
 #define XLNX_ZYNQMP_NUM_QSPI_BUS_CS 2
@@ -132,6 +134,7 @@ struct XlnxZynqMPState {
 XlnxZynqMPAPUCtrl apu_ctrl;
 XlnxZynqMPCRF crf;
 CadenceTTCState ttc[XLNX_ZYNQMP_NUM_TTC];
+USBDWC3 usb[XLNX_ZYNQMP_NUM_USB];
 
 char *boot_cpu;
 ARMCPU *boot_cpu_ptr;
-- 
2.20.1

[PATCH 3/3] Hexagon (target/hexagon) Change decision to set pkt_has_store_s[01]

[Taylor Simpson]

We have found cases where pkt_has_store_s[01] is set incorrectly.
This leads to generating an unnecessary store that is left over
from a previous packet.

Add an attribute to determine if an instruction is a scalar store
The attribute is attached to the fSTORE macro (hex_common.py)
Simplify the logic in decode.c that sets pkt_has_store_s[01]

Signed-off-by: Taylor Simpson 
---
 target/hexagon/attribs_def.h.inc |  1 +
 target/hexagon/decode.c  | 17 -
 target/hexagon/translate.c   | 10 ++
 target/hexagon/hex_common.py |  3 ++-
 4 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/target/hexagon/attribs_def.h.inc b/target/hexagon/attribs_def.h.inc
index 222ad95fb0..5d2a102c18 100644
--- a/target/hexagon/attribs_def.h.inc
+++ b/target/hexagon/attribs_def.h.inc
@@ -44,6 +44,7 @@ DEF_ATTRIB(MEMSIZE_1B, "Memory width is 1 byte", "", "")
 DEF_ATTRIB(MEMSIZE_2B, "Memory width is 2 bytes", "", "")
 DEF_ATTRIB(MEMSIZE_4B, "Memory width is 4 bytes", "", "")
 DEF_ATTRIB(MEMSIZE_8B, "Memory width is 8 bytes", "", "")
+DEF_ATTRIB(SCALAR_STORE, "Store is scalar", "", "")
 DEF_ATTRIB(REGWRSIZE_1B, "Memory width is 1 byte", "", "")
 DEF_ATTRIB(REGWRSIZE_2B, "Memory width is 2 bytes", "", "")
 DEF_ATTRIB(REGWRSIZE_4B, "Memory width is 4 bytes", "", "")
diff --git a/target/hexagon/decode.c b/target/hexagon/decode.c
index 6f0f27b4ba..2ba94a77de 100644
--- a/target/hexagon/decode.c
+++ b/target/hexagon/decode.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -402,10 +402,17 @@ static void decode_set_insn_attr_fields(Packet *pkt)
 }
 
 if (GET_ATTRIB(opcode, A_STORE)) {
-if (pkt->insn[i].slot == 0) {
-pkt->pkt_has_store_s0 = true;
-} else {
-pkt->pkt_has_store_s1 = true;
+if (GET_ATTRIB(opcode, A_SCALAR_STORE) &&
+!GET_ATTRIB(opcode, A_MEMSIZE_0B)) {
+g_assert(GET_ATTRIB(opcode, A_MEMSIZE_1B) ||
+ GET_ATTRIB(opcode, A_MEMSIZE_2B) ||
+ GET_ATTRIB(opcode, A_MEMSIZE_4B) ||
+ GET_ATTRIB(opcode, A_MEMSIZE_8B));
+if (pkt->insn[i].slot == 0) {
+pkt->pkt_has_store_s0 = true;
+} else {
+pkt->pkt_has_store_s1 = true;
+}
 }
 }
 
diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
index bc02870b9f..efe7d2264e 100644
--- a/target/hexagon/translate.c
+++ b/target/hexagon/translate.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -525,10 +525,12 @@ static void process_store_log(DisasContext *ctx, Packet 
*pkt)
  *  slot 1 and then slot 0.  This will be important when
  *  the memory accesses overlap.
  */
-if (pkt->pkt_has_store_s1 && !pkt->pkt_has_dczeroa) {
+if (pkt->pkt_has_store_s1) {
+g_assert(!pkt->pkt_has_dczeroa);
 process_store(ctx, pkt, 1);
 }
-if (pkt->pkt_has_store_s0 && !pkt->pkt_has_dczeroa) {
+if (pkt->pkt_has_store_s0) {
+g_assert(!pkt->pkt_has_dczeroa);
 process_store(ctx, pkt, 0);
 }
 }
@@ -691,7 +693,7 @@ static void gen_commit_packet(CPUHexagonState *env, 
DisasContext *ctx,
  * The dczeroa will be the store in slot 0, check that we don't have
  * a store in slot 1 or an HVX store.
  */
-g_assert(has_store_s0 && !has_store_s1 && !has_hvx_store);
+g_assert(!has_store_s1 && !has_hvx_store);
 process_dczeroa(ctx, pkt);
 } else if (has_hvx_store) {
 TCGv mem_idx = tcg_constant_tl(ctx->mem_idx);
diff --git a/target/hexagon/hex_common.py b/target/hexagon/hex_common.py
index c81aca8d2a..d9ba7df786 100755
--- a/target/hexagon/hex_common.py
+++ b/target/hexagon/hex_common.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 
 ##
-##  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+##  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
 ##
 ##  This program is free software; you can redistribute it and/or modify
 ##  it under the terms of the GNU General Public License as published by
@@ -75,6 +75,7 @@ def calculate_attribs():
 add_qemu_macro_attrib('fWRITE_P3', 'A_WRITES_PRED_REG')
 add_qemu_macro_attrib('fSET_OVERFLOW', 'A_IMPLICIT_WRITES_USR')
 add_qemu_macro_attrib('fSET_LPCFG', 'A_IMPLICIT_WRITES_USR')
+ad

[PATCH] This patch is to solve the problem that bitmaps in memory are lost after dirve-mirror is completed.

[Hongleilee]

Signed-off-by: Hongleilee <281773...@qq.com>
---
 block/mirror.c | 29 +
 1 file changed, 29 insertions(+)

diff --git a/block/mirror.c b/block/mirror.c
index 3c4ab1159d..86d2cd6b67 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -24,6 +24,7 @@
 #include "qemu/ratelimit.h"
 #include "qemu/bitmap.h"
 #include "qemu/memalign.h"
+#include "qemu/queue.h"
 
 #define MAX_IN_FLIGHT 16
 #define MAX_IO_BYTES (1 << 20) /* 1 Mb */
@@ -654,7 +655,10 @@ static int mirror_exit_common(Job *job)
 BlockDriverState *target_bs;
 BlockDriverState *mirror_top_bs;
 Error *local_err = NULL;
+BdrvDirtyBitmap *bm, *next, *bt_mp;
+HBitmap *hb;
 bool abort = job->ret < 0;
+int i, j;
 int ret = 0;
 
 if (s->prepared) {
@@ -671,6 +675,31 @@ static int mirror_exit_common(Job *job)
 bdrv_unfreeze_backing_chain(mirror_top_bs, target_bs);
 }
 
+QLIST_INIT(&target_bs->dirty_bitmaps);
+QLIST_FOREACH_SAFE(bm, &src->dirty_bitmaps, list, next) {
+if (bm->name) {
+bt_mp = g_new0(BdrvDirtyBitmap, 1);
+hb = g_new0(struct HBitmap, 1);
+hb->count = bm->bitmap->count;
+hb->size = bm->bitmap->size;
+hb->granularity = bm->bitmap->granularity;
+for (i = 0; i < HBITMAP_LEVELS; i++) {
+hb->sizes[i] = bm->bitmap->sizes[i];
+hb->levels[i] = g_new0(unsigned long, bm->bitmap->sizes[i]);
+for (j = 0; j < bm->bitmap->sizes[i]; j++) {
+hb->levels[i][j] = bm->bitmap->levels[i][j];
+}
+}
+bt_mp->mutex = &target_bs->dirty_bitmap_mutex;
+bt_mp->bitmap = hb;
+bt_mp->size = bm->size;
+bt_mp->name = g_strdup(bm->name);
+qemu_mutex_lock(&target_bs->dirty_bitmap_mutex);
+QLIST_INSERT_HEAD(&target_bs->dirty_bitmaps, bt_mp, list);
+qemu_mutex_unlock(&target_bs->dirty_bitmap_mutex);
+}
+}
+
 bdrv_release_dirty_bitmap(s->dirty_bitmap);
 
 /* Make sure that the source BDS doesn't go away during bdrv_replace_node,
-- 
2.37.3.windows.1

Re: QEMU's FreeBSD 13 CI job is failing

[Thomas Huth]

On 20/09/2022 10.21, Daniel P. Berrangé wrote:

On Tue, Sep 20, 2022 at 08:44:27AM +0200, Thomas Huth wrote:


Seen here for example:

https://gitlab.com/qemu-project/qemu/-/jobs/3050165356#L2543

ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by
/usr/local/lib/libpython3.9.so.1.0 not found
ERROR: Cannot use '/usr/local/bin/python3', Python >= 3.6 is required.

... looks like the Python binary is not working anymore? Does anybody know
what happened here?


FreeBSD ports is only guaranteed to work with latest minor release
base image. The python binary recently started relying on symbols
in the 13.1 base image, and we're using 13.0.

I updated lcitool last week to pick 13.1, so we just need a refresh
on the QEMU side to pick this up.


OK ... Alex, IIRC you have a patch queued to update the files that are 
refreshed by lcitool ... does that already contain the update for FreeBSD, too?


 Thomas

Re: QEMU's FreeBSD 13 CI job is failing

[Daniel P . Berrangé]

On Tue, Sep 20, 2022 at 10:23:56AM +0200, Thomas Huth wrote:
> On 20/09/2022 10.21, Daniel P. Berrangé wrote:
> > On Tue, Sep 20, 2022 at 08:44:27AM +0200, Thomas Huth wrote:
> > > 
> > > Seen here for example:
> > > 
> > > https://gitlab.com/qemu-project/qemu/-/jobs/3050165356#L2543
> > > 
> > > ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by
> > > /usr/local/lib/libpython3.9.so.1.0 not found
> > > ERROR: Cannot use '/usr/local/bin/python3', Python >= 3.6 is required.
> > > 
> > > ... looks like the Python binary is not working anymore? Does anybody know
> > > what happened here?
> > 
> > FreeBSD ports is only guaranteed to work with latest minor release
> > base image. The python binary recently started relying on symbols
> > in the 13.1 base image, and we're using 13.0.
> > 
> > I updated lcitool last week to pick 13.1, so we just need a refresh
> > on the QEMU side to pick this up.
> 
> OK ... Alex, IIRC you have a patch queued to update the files that are
> refreshed by lcitool ... does that already contain the update for FreeBSD,
> too?

Oh actually, I'm forgetting that QEMU doesn't use the 'lcitool manifest'
command for auto-generating the gitlab-ci.yml file. In QEMU's case just
manually edit .gitlab-ci.d/cirrus.yml to change

CIRRUS_VM_IMAGE_NAME: freebsd-13-0


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH v14 0/5] Improve PMU support

[Atish Kumar Patra]

On Mon, Sep 19, 2022 at 3:08 PM Alistair Francis 
wrote:

> On Thu, Aug 25, 2022 at 8:22 AM Atish Patra  wrote:
> >
> > The latest version of the SBI specification includes a Performance
> Monitoring
> > Unit(PMU) extension[1] which allows the supervisor to
> start/stop/configure
> > various PMU events. The Sscofpmf ('Ss' for Privileged arch and
> Supervisor-level
> > extensions, and 'cofpmf' for Count OverFlow and Privilege Mode Filtering)
> > extension[2] allows the perf like tool to handle overflow interrupts and
> > filtering support.
> >
> > This series implements remaining PMU infrastructure to support
> > PMU in virt machine. The first seven patches from the original series
> > have been merged already.
> >
> > This will allow us to add any PMU events in future.
> > Currently, this series enables the following omu events.
> > 1. cycle count
> > 2. instruction count
> > 3. DTLB load/store miss
> > 4. ITLB prefetch miss
> >
> > The first two are computed using host ticks while last three are counted
> during
> > cpu_tlb_fill. We can do both sampling and count from guest userspace.
> > This series has been tested on both RV64 and RV32. Both Linux[3] and
> Opensbi[4]
> > patches are required to get the perf working.
> >
> > Here is an output of perf stat/report while running hackbench with latest
> > OpenSBI & Linux kernel.
> >
> > Perf stat:
> > ==
> > [root@fedora-riscv ~]# perf stat -e cycles -e instructions -e
> dTLB-load-misses -e dTLB-store-misses -e iTLB-load-misses \
> > > perf bench sched messaging -g 1 -l 10
> > # Running 'sched/messaging' benchmark:
> > # 20 sender and receiver processes per group
> > # 1 groups == 40 processes run
> >
> >  Total time: 0.265 [sec]
> >
> >  Performance counter stats for 'perf bench sched messaging -g 1 -l 10':
> >
> >  4,167,825,362  cycles
> >  4,166,609,256  instructions  #1.00  insn per
> cycle
> >  3,092,026  dTLB-load-misses
> >258,280  dTLB-store-misses
> >  2,068,966  iTLB-load-misses
> >
> >0.585791767 seconds time elapsed
> >
> >0.373802000 seconds user
> >1.042359000 seconds sys
> >
> > Perf record:
> > 
> > [root@fedora-riscv ~]# perf record -e cycles -e instructions \
> > > -e dTLB-load-misses -e dTLB-store-misses -e iTLB-load-misses -c 1 \
> > > perf bench sched messaging -g 1 -l 10
> > # Running 'sched/messaging' benchmark:
> > # 20 sender and receiver processes per group
> > # 1 groups == 40 processes run
> >
> >  Total time: 1.397 [sec]
> > [ perf record: Woken up 10 times to write data ]
> > Check IO/CPU overload!
> > [ perf record: Captured and wrote 8.211 MB perf.data (214486 samples) ]
> >
> > [root@fedora-riscv riscv]# perf report
> > Available samples
> > 107K cycles
>   ◆
> > 107K instructions
>   ▒
> > 250 dTLB-load-misses
>▒
> > 13 dTLB-store-misses
>▒
> > 172 iTLB-load-misses
> > ..
> >
> > Changes from v13->v14:
> > 1. Added sanity check for the hashtable in pmu.c
> >
> > Changes from v12->v13:
> > 1. Rebased on top of the apply-next.
> > 2. Addressed comments about space & comment block.
> >
> > Changes from v11->v12:
> > 1. Rebased on top of the apply-next.
> > 2. Aligned the write function & .min_priv to the previous line.
> > 3. Fixed the FDT generations for multi-socket scenario.
> > 4. Dropped interrupt property from the DT.
> > 5. Generate illegal instruction fault instead of virtual instruction
> fault
> >for VS/VU access while mcounteren is not set.
> >
> > Changes from v10->v11:
> > 1. Rebased on top of the master where first 7 patches were already
> merged.
> > 2. Removed unnecessary additional check in ctr predicate function.
> > 3. Removed unnecessary priv version checks in mcountinhibit read/write.
> > 4. Added Heiko's reviewed-by/tested-by tags.
> >
> > Changes from v8->v9:
> > 1. Added the write_done flags to the vmstate.
> > 2. Fixed the hpmcounter read access from M-mode.
> >
> > Changes from v7->v8:
> > 1. Removeding ordering constraints for mhpmcounter & mhpmevent.
> >
> > Changes from v6->v7:
> > 1. Fixed all the compilation errors for the usermode.
> >
> > Changes from v5->v6:
> > 1. Fixed compilation issue with PATCH 1.
> > 2. Addressed other comments.
> >
> > Changes from v4->v5:
> > 1. Rebased on top of the -next with following patches.
> >- isa extension
> >- priv 1.12 spec
> > 2. Addressed all the comments on v4
> > 3. Removed additional isa-ext DT node in favor of riscv,isa string update
> >
> > Changes from v3->v4:
> > 1. Removed the dummy events from pmu DT node.
> > 2. Fixed pmu_avail_counters mask generation.
> > 3. Added a patch to simplify the predicate function for counters.
> >
> > Changes from v2->v3:
> > 1. Addressed all the comments on PATCH1-4.
> > 2. Split patch1 into two separate patches.
> > 3. Added explicit comments to explain the event types in DT node.
> > 4. Rebased on latest Qemu.
> >
> > Changes from v1->v2:
> > 1. Dropped 

Re: QEMU's FreeBSD 13 CI job is failing

[Daniel P . Berrangé]

On Tue, Sep 20, 2022 at 08:44:27AM +0200, Thomas Huth wrote:
> 
> Seen here for example:
> 
> https://gitlab.com/qemu-project/qemu/-/jobs/3050165356#L2543
> 
> ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by
> /usr/local/lib/libpython3.9.so.1.0 not found
> ERROR: Cannot use '/usr/local/bin/python3', Python >= 3.6 is required.
> 
> ... looks like the Python binary is not working anymore? Does anybody know
> what happened here?

FreeBSD ports is only guaranteed to work with latest minor release
base image. The python binary recently started relying on symbols
in the 13.1 base image, and we're using 13.0.

I updated lcitool last week to pick 13.1, so we just need a refresh
on the QEMU side to pick this up.

With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH v9 3/7] block: add block layer APIs resembling Linux ZonedBlockDevice ioctls

[Klaus Jensen]

On Sep 10 13:27, Sam Li wrote:
> Add a new zoned_host_device BlockDriver. The zoned_host_device option
> accepts only zoned host block devices. By adding zone management
> operations in this new BlockDriver, users can use the new block
> layer APIs including Report Zone and four zone management operations
> (open, close, finish, reset).
> 
> Qemu-io uses the new APIs to perform zoned storage commands of the device:
> zone_report(zrp), zone_open(zo), zone_close(zc), zone_reset(zrs),
> zone_finish(zf).
> 
> For example, to test zone_report, use following command:
> $ ./build/qemu-io --image-opts -n driver=zoned_host_device, 
> filename=/dev/nullb0
> -c "zrp offset nr_zones"
> 
> Signed-off-by: Sam Li 
> Reviewed-by: Hannes Reinecke 
> ---
>  block/block-backend.c | 145 ++
>  block/file-posix.c| 323 +-
>  block/io.c|  41 
>  include/block/block-io.h  |   7 +
>  include/block/block_int-common.h  |  21 ++
>  include/block/raw-aio.h   |   6 +-
>  include/sysemu/block-backend-io.h |  17 ++
>  meson.build   |   1 +
>  qapi/block-core.json  |   8 +-
>  qemu-io-cmds.c| 143 +
>  10 files changed, 708 insertions(+), 4 deletions(-)
> 
> +/*
> + * zone management operations - Execute an operation on a zone
> + */
> +static int coroutine_fn raw_co_zone_mgmt(BlockDriverState *bs, BlockZoneOp 
> op,
> +int64_t offset, int64_t len) {
> +#if defined(CONFIG_BLKZONED)
> +BDRVRawState *s = bs->opaque;
> +RawPosixAIOData acb;
> +int64_t zone_sector, zone_sector_mask;
> +const char *zone_op_name;
> +unsigned long zone_op;
> +bool is_all = false;
> +
> +zone_sector = bs->bl.zone_sectors;
> +zone_sector_mask = zone_sector - 1;
> +if (offset & zone_sector_mask) {
> +error_report("sector offset %" PRId64 " is not aligned to zone size "
> + "%" PRId64 "", offset, zone_sector);
> +return -EINVAL;
> +}
> +
> +if (len & zone_sector_mask) {
> +error_report("number of sectors %" PRId64 " is not aligned to zone 
> size"
> +  " %" PRId64 "", len, zone_sector);
> +return -EINVAL;
> +}

These checks impose a power-of-two constraint on the zone size. Can they
be changed to divisions to lift that constraint? I don't see anything in
this patch set that relies on power of two zone sizes.


signature.asc
Description: PGP signature

Re: [PATCH v3 4/5] acpi/nvdimm: Implement ACPI NVDIMM Label Methods

[Igor Mammedov]

On Fri, 16 Sep 2022 21:15:35 +0800
Robert Hoo  wrote:

> On Fri, 2022-09-16 at 09:37 +0200, Igor Mammedov wrote:
> 
> > > Fine, get your point now.
> > > In ASL it will look like this:
> > > Local1 = Package (0x3) {STTS, SLSA, MAXT}
> > > Return (Local1)  
> > 
> >   
> > > 
> > > But as for 
> > > CreateDWordField (Local0, Zero, STTS)  //
> > > Status
> > > CreateDWordField (Local0, 0x04, SLSA)  //
> > > SizeofLSA
> > > CreateDWordField (Local0, 0x08, MAXT)  // Max
> > > Trans
> > > 
> > > I cannot figure out how to substitute with LocalX. Can you shed
> > > more
> > > light?  
> > 
> > Leave this as is, there is no way to make it anonymous/local with
> > FooField.
> > 
> > (well one might try to use Index and copy field's bytes into a buffer
> > and
> > then explicitly convert to Integer, but that's a rather convoluted
> > way
> > around limitation so I'd not go this route)
> >   
> OK, pls. take a look, how about this?
> 
> Method (_LSI, 0, Serialized)  // _LSI: Label Storage Information
> {   
> Local0 = NCAL (ToUUID("4309ac30-0d11-11e4-9191-0800200c9a66"),
> 0x02, 0x04, Zero, One)// Buffer
> CreateDWordField (Local0, Zero, STTS)  // Status
> CreateDWordField (Local0, 0x04, SLSA)  // Size of LSA
> CreateDWordField (Local0, 0x08, MAXT)  // Max Transfer Size
> Local1 = Package (0x3) {STTS, SLSA, MAXT}
> Return (Local1)
> }
> 
> Method (_LSR, 2, Serialized)  // _LSR: Label Storage Read
> {
> Name (INPT, Buffer(8) {})
> CreateDWordField (INPT, Zero, OFST);
> CreateDWordField (INPT, 4, LEN);
why do you have to create and use INPT, wouldn't local be enough to keep the 
buffer?

> OFST = Arg0
> LEN = Arg1
> Local0 = Package (0x01) {INPT}
> Local3 = NCAL (ToUUID("4309ac30-0d11-11e4-9191-0800200c9a66"),
> 0x02, 0x05, Local0, One)
> CreateDWordField (Local3, Zero, STTS)
> CreateField (Local3, 32, LEN << 3, LDAT)
> Local1 = Package (0x2) {STTS, toBuffer(LDAT)}
> Return (Local1)
> }
> 
> Method (_LSW, 3, Serialized)  // _LSW: Label Storage Write
> {
> Local2 = Arg2
> Name (INPT, Buffer(8) {})
ditto

> CreateDWordField (INPT, Zero, OFST);
> CreateDWordField (INPT, 4, TLEN);
> OFST = Arg0
> TLEN = Arg1
> Concatenate(INPT, Local2, INPT)
> Local0 = Package (0x01)
> {
> INPT
> }
> Local3 = NCAL (ToUUID ("4309ac30-0d11-11e4-9191-0800200c9a66"),
> 0x02, 0x06, Local0, One)
> CreateDWordField (Local3, 0, STTS)
> Return (STTS)
> }
> 
> 
> 

Re: [PATCH 8/9] softmmu/physmem: Let SysBusState absorb memory region and address space singletons

[BALATON Zoltan]

On Tue, 20 Sep 2022, Philippe Mathieu-Daudé via wrote:


On 20/9/22 01:17, Bernhard Beschow wrote:

These singletons are actually properties of the system bus but so far it
hasn't been modelled that way. Fix this to make this relationship very
obvious.

The idea of the patch is to restrain futher proliferation of the use of
get_system_memory() and get_system_io() which are "temprary interfaces"


"further", "temporary"


"until a proper bus interface is available". This should now be the
case.

Note that the new attributes are values rather than a pointers. This
trades pointer dereferences for pointer arithmetic. The idea is to
reduce cache misses - a rule of thumb says that every pointer
dereference causes a cache miss while arithmetic is basically free.

Signed-off-by: Bernhard Beschow 
---
  include/exec/address-spaces.h | 19 ---
  include/hw/sysbus.h   |  6 +
  softmmu/physmem.c | 46 ++-
  3 files changed, 45 insertions(+), 26 deletions(-)

diff --git a/include/exec/address-spaces.h b/include/exec/address-spaces.h
index d5c8cbd718..b31bd8dcf0 100644
--- a/include/exec/address-spaces.h
+++ b/include/exec/address-spaces.h
@@ -23,17 +23,28 @@
#ifndef CONFIG_USER_ONLY
  -/* Get the root memory region.  This interface should only be used 
temporarily

- * until a proper bus interface is available.
+/**
+ * Get the root memory region.  This is a legacy function, provided for
+ * compatibility. Prefer using SysBusState::system_memory directly.
   */
  MemoryRegion *get_system_memory(void);



diff --git a/include/hw/sysbus.h b/include/hw/sysbus.h
index 5bb3b88501..516e9091dc 100644
--- a/include/hw/sysbus.h
+++ b/include/hw/sysbus.h
@@ -17,6 +17,12 @@ struct SysBusState {
  /*< private >*/
  BusState parent_obj;
  /*< public >*/
+
+MemoryRegion system_memory;
+MemoryRegion system_io;
+
+AddressSpace address_space_io;
+AddressSpace address_space_memory;


Alternatively (renaming doc accordingly):

  struct {
  MemoryRegion mr;
  AddressSpace as;
  } io, memory;


Do we really need that? Isn't mr just the same as as.root so it would be 
enough to store as only? Or is caching mr and not going through as to get 
it saves time in accessing these? Now we'll go through SysBusState anyway 
instead of accessing globals so is there a performance impact?


Regards,
BALATON Zoltan


  };
#define TYPE_SYS_BUS_DEVICE "sys-bus-device"
diff --git a/softmmu/physmem.c b/softmmu/physmem.c
index 0ac920d446..07e9a9171c 100644
--- a/softmmu/physmem.c
+++ b/softmmu/physmem.c
@@ -86,12 +86,6 @@
   */
  RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
  -static MemoryRegion *system_memory;
-static MemoryRegion *system_io;
-
-static AddressSpace address_space_io;
-static AddressSpace address_space_memory;
-
  static MemoryRegion io_mem_unassigned;
typedef struct PhysPageEntry PhysPageEntry;
@@ -146,7 +140,7 @@ typedef struct subpage_t {
  #define PHYS_SECTION_UNASSIGNED 0
static void io_mem_init(void);
-static void memory_map_init(void);
+static void memory_map_init(SysBusState *sysbus);
  static void tcg_log_global_after_sync(MemoryListener *listener);
  static void tcg_commit(MemoryListener *listener);
  @@ -2667,37 +2661,45 @@ static void tcg_commit(MemoryListener *listener)
  tlb_flush(cpuas->cpu);
  }
  -static void memory_map_init(void)
+static void memory_map_init(SysBusState *sysbus)
  {


No need to pass a singleton by argument.

  assert(current_machine);

You can use get_system_memory() and get_system_io() in place :)

LGTM otherwise, great!


-system_memory = g_malloc(sizeof(*system_memory));
+MemoryRegion *system_memory = &sysbus->system_memory;
+MemoryRegion *system_io = &sysbus->system_io;
memory_region_init(system_memory, NULL, "system", UINT64_MAX);
-address_space_init(&address_space_memory, system_memory, "memory");
+address_space_init(&sysbus->address_space_memory, system_memory, 
"memory");

  -system_io = g_malloc(sizeof(*system_io));
  memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, 
"io",

65536);
-address_space_init(&address_space_io, system_io, "I/O");
+address_space_init(&sysbus->address_space_io, system_io, "I/O");
  }
MemoryRegion *get_system_memory(void)
  {
-return system_memory;
+assert(current_machine);
+
+return ¤t_machine->main_system_bus.system_memory;
  }
MemoryRegion *get_system_io(void)
  {
-return system_io;
+assert(current_machine);
+
+return ¤t_machine->main_system_bus.system_io;
  }
AddressSpace *get_address_space_memory(void)
  {
-return &address_space_memory;
+assert(current_machine);
+
+return ¤t_machine->main_system_bus.address_space_memory;
  }
AddressSpace *get_address_space_io(void)
  {
-return &address_space_io;
+assert(current_machine);
+
+return ¤t_machine->main_sy

Re: [kvm-unit-tests PATCH v4 07/12] arm: pmu: Basic event counter Tests

[Eric Auger]

Hi Zenghui,

On 9/19/22 16:30, Zenghui Yu wrote:
> Hi Eric,
>
> A few comments when looking through the PMU test code (2 years after
> the series was merged).

Thank you for reviewing even after this time! Do you want to address the
issues yourself and send a patch series or do you prefer I proceed?

Thanks

Eric
> On 2020/4/3 15:13, Eric Auger wrote:
>> Adds the following tests:
>> - event-counter-config: test event counter configuration
>> - basic-event-count:
>>   - programs counters #0 and #1 to count 2 required events
>>   (resp. CPU_CYCLES and INST_RETIRED). Counter #0 is preset
>>   to a value close enough to the 32b
>>   overflow limit so that we check the overflow bit is set
>>   after the execution of the asm loop.
>> - mem-access: counts MEM_ACCESS event on counters #0 and #1
>>   with and without 32-bit overflow.
>>
>> Signed-off-by: Eric Auger 
>> Reviewed-by: Andre Przywara 
>
> [...]
>
>> diff --git a/arm/pmu.c b/arm/pmu.c
>> index 8c49e50..45dccf7 100644
>> --- a/arm/pmu.c
>> +++ b/arm/pmu.c
>> @@ -38,6 +43,7 @@
>>  #define SW_INCR    0x0
>>  #define INST_RETIRED    0x8
>>  #define CPU_CYCLES    0x11
>> +#define MEM_ACCESS    0x13
>>  #define INST_PREC    0x1B
>
> The spec spells event 0x001B as INST_SPEC.
>
>>  #define STALL_FRONTEND    0x23
>>  #define STALL_BACKEND    0x24
>
> [...]
>
>> @@ -175,6 +188,11 @@ static inline void precise_instrs_loop(int loop,
>> uint32_t pmcr)
>>  }
>>  
>>  #define PMCEID1_EL0 sys_reg(3, 3, 9, 12, 7)
>> +#define PMCNTENSET_EL0 sys_reg(3, 3, 9, 12, 1)
>> +#define PMCNTENCLR_EL0 sys_reg(3, 3, 9, 12, 2)
>> +
>> +#define PMEVTYPER_EXCLUDE_EL1 BIT(31)
>
> Unused macro.
>
>> +#define PMEVTYPER_EXCLUDE_EL0 BIT(30)
>>  
>>  static bool is_event_supported(uint32_t n, bool warn)
>>  {
>> @@ -228,6 +246,224 @@ static void test_event_introspection(void)
>>  report(required_events, "Check required events are implemented");
>>  }
>>  
>> +/*
>> + * Extra instructions inserted by the compiler would be difficult to
>> compensate
>> + * for, so hand assemble everything between, and including, the PMCR
>> accesses
>> + * to start and stop counting. isb instructions are inserted to make
>> sure
>> + * pmccntr read after this function returns the exact instructions
>> executed
>> + * in the controlled block. Loads @loop times the data at @address
>> into x9.
>> + */
>> +static void mem_access_loop(void *addr, int loop, uint32_t pmcr)
>> +{
>> +asm volatile(
>> +    "   msr pmcr_el0, %[pmcr]\n"
>> +    "   isb\n"
>> +    "   mov x10, %[loop]\n"
>> +    "1: sub x10, x10, #1\n"
>> +    "   ldr    x9, [%[addr]]\n"
>> +    "   cmp x10, #0x0\n"
>> +    "   b.gt    1b\n"
>> +    "   msr pmcr_el0, xzr\n"
>> +    "   isb\n"
>> +    :
>> +    : [addr] "r" (addr), [pmcr] "r" (pmcr), [loop] "r" (loop)
>> +    : "x9", "x10", "cc");
>> +}
>> +
>> +static void pmu_reset(void)
>> +{
>> +    /* reset all counters, counting disabled at PMCR level*/
>> +    set_pmcr(pmu.pmcr_ro | PMU_PMCR_LC | PMU_PMCR_C | PMU_PMCR_P);
>> +    /* Disable all counters */
>> +    write_sysreg_s(ALL_SET, PMCNTENCLR_EL0);
>> +    /* clear overflow reg */
>> +    write_sysreg(ALL_SET, pmovsclr_el0);
>> +    /* disable overflow interrupts on all counters */
>> +    write_sysreg(ALL_SET, pmintenclr_el1);
>> +    isb();
>> +}
>> +
>> +static void test_event_counter_config(void)
>> +{
>> +    int i;
>> +
>> +    if (!pmu.nb_implemented_counters) {
>> +    report_skip("No event counter, skip ...");
>> +    return;
>> +    }
>> +
>> +    pmu_reset();
>> +
>> +    /*
>> + * Test setting through PMESELR/PMXEVTYPER and PMEVTYPERn read,
>
> s/PMESELR/PMSELR/ ?
>
>> + * select counter 0
>> + */
>> +    write_sysreg(1, PMSELR_EL0);
>> +    /* program this counter to count unsupported event */
>> +    write_sysreg(0xEA, PMXEVTYPER_EL0);
>> +    write_sysreg(0xdeadbeef, PMXEVCNTR_EL0);
>> +    report((read_regn_el0(pmevtyper, 1) & 0xFFF) == 0xEA,
>> +    "PMESELR/PMXEVTYPER/PMEVTYPERn");
>
> Ditto
>
>> +    report((read_regn_el0(pmevcntr, 1) == 0xdeadbeef),
>> +    "PMESELR/PMXEVCNTR/PMEVCNTRn");
>
> Ditto
>
>> +
>> +    /* try to configure an unsupported event within the range [0x0,
>> 0x3F] */
>> +    for (i = 0; i <= 0x3F; i++) {
>> +    if (!is_event_supported(i, false))
>> +    break;
>> +    }
>> +    if (i > 0x3F) {
>> +    report_skip("pmevtyper: all events within [0x0, 0x3F] are
>> supported");
>> +    return;
>> +    }
>> +
>> +    /* select counter 0 */
>> +    write_sysreg(0, PMSELR_EL0);
>> +    /* program this counter to count unsupported event */
>
> We get the unsupported event number *i* but don't program it into
> PMXEVTYPER_EL0 (or PMEVTYPER0_EL0). Is it intentional?
>
>> +    write_sysreg(i, PMXEVCNTR_EL0);
>> +    /* read the counter value */
>> +    read_sysreg(PMXEVCNTR_EL0);
>> +    report(read_sysreg(PMXEVCNTR_EL0) == i,
>> +    "read of a counter programmed with 

[PATCH] This patch is to solve the problem that the bitmap file in memory is lost after creating a snapshot

[Hongleilee]

From: Hongleili Li (李红磊)-云数据中心集团 

Signed-off-by: Hongleili Li (李红磊)-云数据中心集团 
---
 blockdev.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/blockdev.c b/blockdev.c
index 9230888e34..a6b85d06b7 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -1534,6 +1534,10 @@ static void external_snapshot_prepare(BlkActionState 
*common,
 
 state->new_bs = bdrv_open(new_image_file, snapshot_ref, options, flags,
   errp);
+
+state->new_bs->dirty_bitmaps = state->old_bs->dirty_bitmaps;
+QLIST_INIT(&state->old_bs->dirty_bitmaps);
+
 /* We will manually add the backing_hd field to the bs later */
 if (!state->new_bs) {
 goto out;
-- 
2.37.3.windows.1

Re: [PATCH 1/8] qtest: "-display none" is set in qtest_init()

[Thomas Huth]

On 02/09/2022 18.51, Juan Quintela wrote:

So we don't need to set anywhere else.

Signed-off-by: Juan Quintela 
---

...

diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
index afc1d20355..94b00288d9 100644
--- a/tests/qtest/fuzz/generic_fuzz.c
+++ b/tests/qtest/fuzz/generic_fuzz.c
@@ -981,8 +981,7 @@ static GString *generic_fuzz_cmdline(FuzzTarget *t)
  if (!getenv("QEMU_FUZZ_ARGS")) {
  usage();
  }
-g_string_append_printf(cmd_line, " -display none \
-  -machine accel=qtest, \
+g_string_append_printf(cmd_line, " -machine accel=qtest, \
-m 512M %s ", getenv("QEMU_FUZZ_ARGS"));
  return cmd_line;
  }
diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c
index b17fc725df..f2c729493f 100644
--- a/tests/qtest/fuzz/i440fx_fuzz.c
+++ b/tests/qtest/fuzz/i440fx_fuzz.c
@@ -157,7 +157,7 @@ static void i440fx_fuzz_qos_fork(QTestState *s,
  }
  
  static const char *i440fx_qtest_argv = TARGET_NAME " -machine accel=qtest"

-   " -m 0 -display none";
+   " -m 0";
  static GString *i440fx_argv(FuzzTarget *t)
  {
  return g_string_new(i440fx_qtest_argv);
diff --git a/tests/qtest/fuzz/qos_fuzz.c b/tests/qtest/fuzz/qos_fuzz.c
index 3a3d9c16dd..fd431849a5 100644
--- a/tests/qtest/fuzz/qos_fuzz.c
+++ b/tests/qtest/fuzz/qos_fuzz.c
@@ -85,7 +85,7 @@ static GString *qos_build_main_args(void)
  }
  /* Prepend the arguments that we need */
  g_string_prepend(cmd_line,
-TARGET_NAME " -display none -machine accel=qtest -m 64 ");
+TARGET_NAME " -machine accel=qtest -m 64 ");
  return cmd_line;
  }
  


This seems to break the build-oss-fuzz CI job:

 https://gitlab.com/thuth/qemu/-/jobs/3052856828#L3774

Please double-check whether it's ok to remove the "-display none" here.

 Thomas

Re: [PATCH 9/9] exec/address-spaces: Inline legacy functions

[BALATON Zoltan]

On Tue, 20 Sep 2022, Philippe Mathieu-Daudé via wrote:


On 20/9/22 01:17, Bernhard Beschow wrote:

The functions just access a global pointer and perform some pointer
arithmetic on top. Allow the compiler to see through this by inlining.


I thought about this while reviewing the previous patch, ...


Signed-off-by: Bernhard Beschow 
---
  include/exec/address-spaces.h | 30 ++
  softmmu/physmem.c | 28 
  2 files changed, 26 insertions(+), 32 deletions(-)

diff --git a/include/exec/address-spaces.h b/include/exec/address-spaces.h
index b31bd8dcf0..182af27cad 100644
--- a/include/exec/address-spaces.h
+++ b/include/exec/address-spaces.h
@@ -23,29 +23,51 @@
#ifndef CONFIG_USER_ONLY
  +#include "hw/boards.h"


... but I'm not a fan of including this header here. It is restricted to 
system emulation, but still... Let see what the others think.


Had the same thought first if this would break user emulation but I don't 
know how that works (and this include is withing !CONFIG_USER_ONLY). I've 
checked in configure now and it seems that softmmu is enabled/disabled 
with system, which reminded me to a previous conversation where I've 
suggested renaming softmmu to sysemu as that better shows what it's really 
used for and maybe the real softmmu part should be split from it but I 
don't remember the details. If it still works with --enable-user 
--disable-system then maybe it's OK and only confusing because of 
misnaming sysemu as softmmu.


Reagrds,
BALATON Zoltan


  /**
   * Get the root memory region.  This is a legacy function, provided for
   * compatibility. Prefer using SysBusState::system_memory directly.
   */
-MemoryRegion *get_system_memory(void);
+inline MemoryRegion *get_system_memory(void)
+{
+assert(current_machine);
+
+return ¤t_machine->main_system_bus.system_memory;
+}
/**
   * Get the root I/O port region.  This is a legacy function, provided for
   * compatibility. Prefer using SysBusState::system_io directly.
   */
-MemoryRegion *get_system_io(void);
+inline MemoryRegion *get_system_io(void)
+{
+assert(current_machine);
+
+return ¤t_machine->main_system_bus.system_io;
+}
/**
   * Get the root memory address space.  This is a legacy function, 
provided for
   * compatibility. Prefer using SysBusState::address_space_memory 
directly.

   */
-AddressSpace *get_address_space_memory(void);
+inline AddressSpace *get_address_space_memory(void)
+{
+assert(current_machine);
+
+return ¤t_machine->main_system_bus.address_space_memory;
+}
/**
   * Get the root I/O port address space.  This is a legacy function, 
provided
   * for compatibility. Prefer using SysBusState::address_space_io 
directly.

   */
-AddressSpace *get_address_space_io(void);
+inline AddressSpace *get_address_space_io(void)
+{
+assert(current_machine);
+
+return ¤t_machine->main_system_bus.address_space_io;
+}
#endif
  diff --git a/softmmu/physmem.c b/softmmu/physmem.c
index 07e9a9171c..dce088f55c 100644
--- a/softmmu/physmem.c
+++ b/softmmu/physmem.c
@@ -2674,34 +2674,6 @@ static void memory_map_init(SysBusState *sysbus)
  address_space_init(&sysbus->address_space_io, system_io, "I/O");
  }
  -MemoryRegion *get_system_memory(void)
-{
-assert(current_machine);
-
-return ¤t_machine->main_system_bus.system_memory;
-}
-
-MemoryRegion *get_system_io(void)
-{
-assert(current_machine);
-
-return ¤t_machine->main_system_bus.system_io;
-}
-
-AddressSpace *get_address_space_memory(void)
-{
-assert(current_machine);
-
-return ¤t_machine->main_system_bus.address_space_memory;
-}
-
-AddressSpace *get_address_space_io(void)
-{
-assert(current_machine);
-
-return ¤t_machine->main_system_bus.address_space_io;
-}
-
  static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
   hwaddr length)
  {

[PULL v2 4/9] hw/loongarch: Add platform bus support

[Song Gao]

From: Xiaojuan Yang 

Add platform bus support and add the bus information such as address,
size, irq number to FDT table.

Signed-off-by: Xiaojuan Yang 
Acked-by: Song Gao 
Message-Id: <20220908094623.73051-5-yangxiaoj...@loongson.cn>
Signed-off-by: Song Gao 
---
 hw/loongarch/Kconfig|  1 +
 hw/loongarch/virt.c | 33 +
 include/hw/loongarch/virt.h |  1 +
 include/hw/pci-host/ls7a.h  |  5 +
 4 files changed, 40 insertions(+)

diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig
index 1deea83626..fef55c5638 100644
--- a/hw/loongarch/Kconfig
+++ b/hw/loongarch/Kconfig
@@ -8,6 +8,7 @@ config LOONGARCH_VIRT
 select SERIAL
 select SERIAL_ISA
 select VIRTIO_PCI
+select PLATFORM_BUS
 select LOONGARCH_IPI
 select LOONGARCH_PCH_PIC
 select LOONGARCH_PCH_MSI
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 68b59a6c9f..5fd3834c0a 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -37,6 +37,8 @@
 #include "hw/mem/nvdimm.h"
 #include "sysemu/device_tree.h"
 #include 
+#include "hw/core/sysbus-fdt.h"
+#include "hw/platform-bus.h"
 
 static void create_fdt(LoongArchMachineState *lams)
 {
@@ -345,6 +347,31 @@ static DeviceState *create_acpi_ged(DeviceState *pch_pic, 
LoongArchMachineState
 return dev;
 }
 
+static DeviceState *create_platform_bus(DeviceState *pch_pic)
+{
+DeviceState *dev;
+SysBusDevice *sysbus;
+int i, irq;
+MemoryRegion *sysmem = get_system_memory();
+
+dev = qdev_new(TYPE_PLATFORM_BUS_DEVICE);
+dev->id = g_strdup(TYPE_PLATFORM_BUS_DEVICE);
+qdev_prop_set_uint32(dev, "num_irqs", VIRT_PLATFORM_BUS_NUM_IRQS);
+qdev_prop_set_uint32(dev, "mmio_size", VIRT_PLATFORM_BUS_SIZE);
+sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
+
+sysbus = SYS_BUS_DEVICE(dev);
+for (i = 0; i < VIRT_PLATFORM_BUS_NUM_IRQS; i++) {
+irq = VIRT_PLATFORM_BUS_IRQ - PCH_PIC_IRQ_OFFSET + i;
+sysbus_connect_irq(sysbus, i, qdev_get_gpio_in(pch_pic, irq));
+}
+
+memory_region_add_subregion(sysmem,
+VIRT_PLATFORM_BUS_BASEADDRESS,
+sysbus_mmio_get_region(sysbus, 0));
+return dev;
+}
+
 static void loongarch_devices_init(DeviceState *pch_pic, LoongArchMachineState 
*lams)
 {
 DeviceState *gpex_dev;
@@ -420,6 +447,8 @@ static void loongarch_devices_init(DeviceState *pch_pic, 
LoongArchMachineState *
 memory_region_add_subregion(get_system_memory(), PM_BASE, pm_mem);
 /* acpi ged */
 lams->acpi_ged = create_acpi_ged(pch_pic, lams);
+/* platform bus */
+lams->platform_bus_dev = create_platform_bus(pch_pic);
 }
 
 static void loongarch_irq_init(LoongArchMachineState *lams)
@@ -725,6 +754,10 @@ static void loongarch_init(MachineState *machine)
 /* Initialize the IO interrupt subsystem */
 loongarch_irq_init(lams);
 fdt_add_irqchip_node(lams);
+platform_bus_add_all_fdt_nodes(machine->fdt, "/intc",
+   VIRT_PLATFORM_BUS_BASEADDRESS,
+   VIRT_PLATFORM_BUS_SIZE,
+   VIRT_PLATFORM_BUS_IRQ);
 lams->machine_done.notify = virt_machine_done;
 qemu_add_machine_init_done_notifier(&lams->machine_done);
 fdt_add_pcie_node(lams);
diff --git a/include/hw/loongarch/virt.h b/include/hw/loongarch/virt.h
index 92b84de1c5..64c90b80d2 100644
--- a/include/hw/loongarch/virt.h
+++ b/include/hw/loongarch/virt.h
@@ -49,6 +49,7 @@ struct LoongArchMachineState {
 char *oem_table_id;
 DeviceState  *acpi_ged;
 int  fdt_size;
+DeviceState *platform_bus_dev;
 };
 
 #define TYPE_LOONGARCH_MACHINE  MACHINE_TYPE_NAME("virt")
diff --git a/include/hw/pci-host/ls7a.h b/include/hw/pci-host/ls7a.h
index cdde0af1f8..9bd875ca8b 100644
--- a/include/hw/pci-host/ls7a.h
+++ b/include/hw/pci-host/ls7a.h
@@ -42,4 +42,9 @@
 #define VIRT_RTC_REG_BASE(VIRT_MISC_REG_BASE + 0x00050100)
 #define VIRT_RTC_LEN 0x100
 #define VIRT_SCI_IRQ (PCH_PIC_IRQ_OFFSET + 4)
+
+#define VIRT_PLATFORM_BUS_BASEADDRESS   0x1600
+#define VIRT_PLATFORM_BUS_SIZE  0x200
+#define VIRT_PLATFORM_BUS_NUM_IRQS  2
+#define VIRT_PLATFORM_BUS_IRQ   69
 #endif
-- 
2.31.1

[PULL v2 1/9] hw/loongarch: Remove vga device when loongarch init

[Song Gao]

From: Xiaojuan Yang 

Remove the vga device when loongarch machine init and
we will support other display device in the future.

Signed-off-by: Xiaojuan Yang 
Acked-by: Song Gao 
Message-Id: <20220908094623.73051-2-yangxiaoj...@loongson.cn>
Signed-off-by: Song Gao 
---
 hw/loongarch/Kconfig | 1 -
 hw/loongarch/virt.c  | 3 ---
 2 files changed, 4 deletions(-)

diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig
index a99aa387c3..73c52b093e 100644
--- a/hw/loongarch/Kconfig
+++ b/hw/loongarch/Kconfig
@@ -2,7 +2,6 @@ config LOONGARCH_VIRT
 bool
 select PCI
 select PCI_EXPRESS_GENERIC_BRIDGE
-imply VGA_PCI
 imply VIRTIO_VGA
 imply PCI_DEVICES
 select ISA_BUS
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 5cc0b05538..b56820ecda 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -378,9 +378,6 @@ static void loongarch_devices_init(DeviceState *pch_pic, 
LoongArchMachineState *
 pci_nic_init_nofail(nd, pci_bus, nd->model, NULL);
 }
 
-/* VGA setup */
-pci_vga_init(pci_bus);
-
 /*
  * There are some invalid guest memory access.
  * Create some unimplemented devices to emulate this.
-- 
2.31.1

Re: [PATCH 0/9] Deprecate sysbus_get_default() and get_system_memory() et. al

[Peter Maydell]

On Tue, 20 Sept 2022 at 00:18, Bernhard Beschow  wrote:
>
> In address-spaces.h it can be read that get_system_memory() and
> get_system_io() are temporary interfaces which "should only be used 
> temporarily
> until a proper bus interface is available". This statement certainly extends 
> to
> the address_space_memory and address_space_io singletons.

This is a long standing "we never really completed a cleanup"...

> This series attempts
> to stop further proliferation of their use by turning TYPE_SYSTEM_BUS into an
> object-oriented, "proper bus interface" inspired by PCIBus.
>
> While at it, also the main_system_bus singleton is turned into an attribute of
> MachineState. Together, this resolves five singletons in total, making the
> ownership relations much more obvious which helps comprehension.

...but I don't think this is the direction we want to go.
Overall the reason that the "system memory" and "system IO"
singletons are weird is that in theory they should not be necessary
at all -- board code should create devices and map them into an
entirely arbitrary MemoryRegion or set of MemoryRegions corresponding
to address space(s) for the CPU and for DMA-capable devices. But we
keep them around because
 (a) there is a ton of legacy code that assumes there's only one
 address space in the system and this is it
 (b) when modelling the kind of board where there really is only
 one address space, having the 'system memory' global makes
 the APIs for creating and connecting devices a lot simpler

Retaining the whole-system singleton but shoving it into MachineState
doesn't really change much, IMHO.

More generally, sysbus is rather weird because it isn't really a
bus. Every device in the system of TYPE_SYS_BUS_DEVICE is "on"
the unique TYPE_SYSTEM_BUS bus, but that doesn't mean they're
all in the same address space or that in real hardware they'd
all be on the same bus. sysbus has essentially degraded into a
hack for having devices get reset. I really really need to make
some time to have another look at reset handling. If we get that
right then I think it's probably possible to collapse the few
things TYPE_SYS_BUS_DEVICE does that TYPE_DEVICE does not down
into TYPE_DEVICE and get rid of sysbus altogether...

thanks
-- PMM

[PULL v2 0/9] loongarch-to-apply queue

[Song Gao]

The following changes since commit d29201ff34a135cdfc197f4413c1c5047e4f58bb:

  Merge tag 'pull-hmp-20220915a' of https://gitlab.com/dagrh/qemu into staging 
(2022-09-17 10:31:11 -0400)

are available in the Git repository at:

  https://gitlab.com/gaosong/qemu.git tags/pull-loongarch-20220920

for you to fetch changes up to 1895b967922890f76ad0ba8eefad6019e0328606:

  hw/loongarch: Improve acpi dsdt table (2022-09-20 15:44:25 +0800)


v2: fix compile error.


Xiaojuan Yang (9):
  hw/loongarch: Remove vga device when loongarch init
  hw/loongarch: Support fw_cfg dma function
  hw/loongarch: Add interrupt information to FDT table
  hw/loongarch: Add platform bus support
  hw/loongarch: Add hotplug handler for machine
  hw/loongarch: Add RAMFB to dynamic_sysbus_devices list
  hw/loongarch: Fix acpi ged irq number in dsdt table
  hw/loongarch: Support memory hotplug
  hw/loongarch: Improve acpi dsdt table

 hw/loongarch/Kconfig|   5 +-
 hw/loongarch/acpi-build.c   | 191 ++---
 hw/loongarch/fw_cfg.c   |   3 +-
 hw/loongarch/virt.c | 204 +++-
 include/hw/loongarch/virt.h |   2 +
 include/hw/pci-host/ls7a.h  |   5 ++
 6 files changed, 258 insertions(+), 152 deletions(-)

[PULL v2 2/9] hw/loongarch: Support fw_cfg dma function

[Song Gao]

From: Xiaojuan Yang 

Support fw_cfg dma function for LoongArch virt machine.

Signed-off-by: Xiaojuan Yang 
Acked-by: Song Gao 
Message-Id: <20220908094623.73051-3-yangxiaoj...@loongson.cn>
Signed-off-by: Song Gao 
---
 hw/loongarch/Kconfig  | 1 +
 hw/loongarch/fw_cfg.c | 3 ++-
 hw/loongarch/virt.c   | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig
index 73c52b093e..1deea83626 100644
--- a/hw/loongarch/Kconfig
+++ b/hw/loongarch/Kconfig
@@ -16,3 +16,4 @@ config LOONGARCH_VIRT
 select SMBIOS
 select ACPI_PCI
 select ACPI_HW_REDUCED
+select FW_CFG_DMA
diff --git a/hw/loongarch/fw_cfg.c b/hw/loongarch/fw_cfg.c
index f6503d5607..f15a17416c 100644
--- a/hw/loongarch/fw_cfg.c
+++ b/hw/loongarch/fw_cfg.c
@@ -23,7 +23,8 @@ FWCfgState *loongarch_fw_cfg_init(ram_addr_t ram_size, 
MachineState *ms)
 int max_cpus = ms->smp.max_cpus;
 int smp_cpus = ms->smp.cpus;
 
-fw_cfg = fw_cfg_init_mem_wide(VIRT_FWCFG_BASE + 8, VIRT_FWCFG_BASE, 8, 0, 
NULL);
+fw_cfg = fw_cfg_init_mem_wide(VIRT_FWCFG_BASE + 8, VIRT_FWCFG_BASE, 8,
+  VIRT_FWCFG_BASE + 16, &address_space_memory);
 fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
 fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
 fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)smp_cpus);
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index b56820ecda..4f833a2044 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -118,7 +118,7 @@ static void fdt_add_fw_cfg_node(const LoongArchMachineState 
*lams)
 qemu_fdt_setprop_string(ms->fdt, nodename,
 "compatible", "qemu,fw-cfg-mmio");
 qemu_fdt_setprop_sized_cells(ms->fdt, nodename, "reg",
- 2, base, 2, 0x8);
+ 2, base, 2, 0x18);
 qemu_fdt_setprop(ms->fdt, nodename, "dma-coherent", NULL, 0);
 g_free(nodename);
 }
-- 
2.31.1

[PULL v2 5/9] hw/loongarch: Add hotplug handler for machine

[Song Gao]

From: Xiaojuan Yang 

Add hotplug handler for LoongArch virt machine and now only support
the dynamic sysbus device.

Signed-off-by: Xiaojuan Yang 
Acked-by: Song Gao 
Message-Id: <20220908094623.73051-6-yangxiaoj...@loongson.cn>
Signed-off-by: Song Gao 
---
 hw/loongarch/virt.c | 32 
 1 file changed, 32 insertions(+)

diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 5fd3834c0a..eedff10758 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -803,9 +803,35 @@ static void loongarch_machine_initfn(Object *obj)
 lams->oem_table_id = g_strndup(ACPI_BUILD_APPNAME8, 8);
 }
 
+static void loongarch_machine_device_plug_cb(HotplugHandler *hotplug_dev,
+DeviceState *dev, Error **errp)
+{
+LoongArchMachineState *lams = LOONGARCH_MACHINE(hotplug_dev);
+MachineClass *mc = MACHINE_GET_CLASS(lams);
+
+if (device_is_dynamic_sysbus(mc, dev)) {
+if (lams->platform_bus_dev) {
+
platform_bus_link_device(PLATFORM_BUS_DEVICE(lams->platform_bus_dev),
+ SYS_BUS_DEVICE(dev));
+}
+}
+}
+
+static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine,
+DeviceState *dev)
+{
+MachineClass *mc = MACHINE_GET_CLASS(machine);
+
+if (device_is_dynamic_sysbus(mc, dev)) {
+return HOTPLUG_HANDLER(machine);
+}
+return NULL;
+}
+
 static void loongarch_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
+HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
 
 mc->desc = "Loongson-3A5000 LS7A1000 machine";
 mc->init = loongarch_init;
@@ -818,6 +844,8 @@ static void loongarch_class_init(ObjectClass *oc, void 
*data)
 mc->block_default_type = IF_VIRTIO;
 mc->default_boot_order = "c";
 mc->no_cdrom = 1;
+mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
+hc->plug = loongarch_machine_device_plug_cb;
 
 object_class_property_add(oc, "acpi", "OnOffAuto",
 loongarch_get_acpi, loongarch_set_acpi,
@@ -833,6 +861,10 @@ static const TypeInfo loongarch_machine_types[] = {
 .instance_size  = sizeof(LoongArchMachineState),
 .class_init = loongarch_class_init,
 .instance_init = loongarch_machine_initfn,
+.interfaces = (InterfaceInfo[]) {
+ { TYPE_HOTPLUG_HANDLER },
+ { }
+},
 }
 };
 
-- 
2.31.1

[PULL v2 9/9] hw/loongarch: Improve acpi dsdt table

[Song Gao]

From: Xiaojuan Yang 

Cleanup the previous pci information in acpi dsdt table.
And using the common acpi_dsdt_add_gpex function to build
the gpex and pci information.

Signed-off-by: Xiaojuan Yang 
Acked-by: Song Gao 
Message-Id: <20220908094623.73051-10-yangxiaoj...@loongson.cn>
Signed-off-by: Song Gao 
---
 hw/loongarch/acpi-build.c   | 159 +---
 hw/loongarch/virt.c |   1 +
 include/hw/loongarch/virt.h |   1 +
 3 files changed, 21 insertions(+), 140 deletions(-)

diff --git a/hw/loongarch/acpi-build.c b/hw/loongarch/acpi-build.c
index 92ee62c11a..378a6d9d38 100644
--- a/hw/loongarch/acpi-build.c
+++ b/hw/loongarch/acpi-build.c
@@ -30,6 +30,7 @@
 #include "qom/qom-qobject.h"
 
 #include "hw/acpi/generic_event_device.h"
+#include "hw/pci-host/gpex.h"
 
 #define ACPI_BUILD_ALIGN_SIZE 0x1000
 #define ACPI_BUILD_TABLE_SIZE 0x2
@@ -206,108 +207,6 @@ struct AcpiBuildState {
 MemoryRegion *linker_mr;
 } AcpiBuildState;
 
-static void build_gpex_pci0_int(Aml *table)
-{
-Aml *sb_scope = aml_scope("_SB");
-Aml *pci0_scope = aml_scope("PCI0");
-Aml *prt_pkg = aml_varpackage(128);
-int slot, pin;
-
-for (slot = 0; slot < PCI_SLOT_MAX; slot++) {
-for (pin = 0; pin < PCI_NUM_PINS; pin++) {
-Aml *pkg = aml_package(4);
-aml_append(pkg, aml_int((slot << 16) | 0x));
-aml_append(pkg, aml_int(pin));
-aml_append(pkg, aml_int(0));
-aml_append(pkg, aml_int(80 + (slot + pin) % 4));
-aml_append(prt_pkg, pkg);
-}
-}
-aml_append(pci0_scope, aml_name_decl("_PRT", prt_pkg));
-aml_append(sb_scope, pci0_scope);
-aml_append(table, sb_scope);
-}
-
-static void build_dbg_aml(Aml *table)
-{
-Aml *field;
-Aml *method;
-Aml *while_ctx;
-Aml *scope = aml_scope("\\");
-Aml *buf = aml_local(0);
-Aml *len = aml_local(1);
-Aml *idx = aml_local(2);
-
-aml_append(scope,
-   aml_operation_region("DBG", AML_SYSTEM_IO, aml_int(0x0402), 0x01));
-field = aml_field("DBG", AML_BYTE_ACC, AML_NOLOCK, AML_PRESERVE);
-aml_append(field, aml_named_field("DBGB", 8));
-aml_append(scope, field);
-
-method = aml_method("DBUG", 1, AML_NOTSERIALIZED);
-
-aml_append(method, aml_to_hexstring(aml_arg(0), buf));
-aml_append(method, aml_to_buffer(buf, buf));
-aml_append(method, aml_subtract(aml_sizeof(buf), aml_int(1), len));
-aml_append(method, aml_store(aml_int(0), idx));
-
-while_ctx = aml_while(aml_lless(idx, len));
-aml_append(while_ctx,
-aml_store(aml_derefof(aml_index(buf, idx)), aml_name("DBGB")));
-aml_append(while_ctx, aml_increment(idx));
-aml_append(method, while_ctx);
-aml_append(method, aml_store(aml_int(0x0A), aml_name("DBGB")));
-aml_append(scope, method);
-aml_append(table, scope);
-}
-
-static Aml *build_osc_method(void)
-{
-Aml *if_ctx;
-Aml *if_ctx2;
-Aml *else_ctx;
-Aml *method;
-Aml *a_cwd1 = aml_name("CDW1");
-Aml *a_ctrl = aml_local(0);
-
-method = aml_method("_OSC", 4, AML_NOTSERIALIZED);
-aml_append(method, aml_create_dword_field(aml_arg(3), aml_int(0), "CDW1"));
-
-if_ctx = aml_if(aml_equal(
-aml_arg(0), aml_touuid("33DB4D5B-1FF7-401C-9657-7441C03DD766")));
-aml_append(if_ctx, aml_create_dword_field(aml_arg(3), aml_int(4), "CDW2"));
-aml_append(if_ctx, aml_create_dword_field(aml_arg(3), aml_int(8), "CDW3"));
-aml_append(if_ctx, aml_store(aml_name("CDW3"), a_ctrl));
-
-/*
- * Always allow native PME, AER (no dependencies)
- * Allow SHPC (PCI bridges can have SHPC controller)
- */
-aml_append(if_ctx, aml_and(a_ctrl, aml_int(0x1F), a_ctrl));
-
-if_ctx2 = aml_if(aml_lnot(aml_equal(aml_arg(1), aml_int(1;
-/* Unknown revision */
-aml_append(if_ctx2, aml_or(a_cwd1, aml_int(0x08), a_cwd1));
-aml_append(if_ctx, if_ctx2);
-
-if_ctx2 = aml_if(aml_lnot(aml_equal(aml_name("CDW3"), a_ctrl)));
-/* Capabilities bits were masked */
-aml_append(if_ctx2, aml_or(a_cwd1, aml_int(0x10), a_cwd1));
-aml_append(if_ctx, if_ctx2);
-
-/* Update DWORD3 in the buffer */
-aml_append(if_ctx, aml_store(a_ctrl, aml_name("CDW3")));
-aml_append(method, if_ctx);
-
-else_ctx = aml_else();
-/* Unrecognized UUID */
-aml_append(else_ctx, aml_or(a_cwd1, aml_int(4), a_cwd1));
-aml_append(method, else_ctx);
-
-aml_append(method, aml_return(aml_arg(3)));
-return method;
-}
-
 static void build_uart_device_aml(Aml *table)
 {
 Aml *dev;
@@ -360,57 +259,37 @@ build_la_ged_aml(Aml *dsdt, MachineState *machine)
 }
 }
 
+static void build_pci_device_aml(Aml *scope, LoongArchMachineState *lams)
+{
+struct GPEXConfig cfg = {
+.mmio64.base = VIRT_PCI_MEM_BASE,
+.mmio64.size = VIRT_PCI_MEM_SIZE,
+.pio.base= VIRT_PCI_IO_BASE,
+.pio.size= VIRT_PCI_IO_SIZE,
+.ecam.base   = VIRT_PCI_CFG_BASE,
+   

[PULL v2 3/9] hw/loongarch: Add interrupt information to FDT table

[Song Gao]

From: Xiaojuan Yang 

Add interrupt information to FDT table, such as interrupt
controller info, compatiable info, etc.

Signed-off-by: Xiaojuan Yang 
Acked-by: Song Gao 
Message-Id: <20220908094623.73051-4-yangxiaoj...@loongson.cn>
Signed-off-by: Song Gao 
---
 hw/loongarch/virt.c | 28 
 1 file changed, 28 insertions(+)

diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 4f833a2044..68b59a6c9f 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -158,6 +158,33 @@ static void fdt_add_pcie_node(const LoongArchMachineState 
*lams)
 qemu_fdt_dumpdtb(ms->fdt, lams->fdt_size);
 }
 
+static void fdt_add_irqchip_node(LoongArchMachineState *lams)
+{
+MachineState *ms = MACHINE(lams);
+char *nodename;
+uint32_t irqchip_phandle;
+
+irqchip_phandle = qemu_fdt_alloc_phandle(ms->fdt);
+qemu_fdt_setprop_cell(ms->fdt, "/", "interrupt-parent", irqchip_phandle);
+
+nodename = g_strdup_printf("/intc@%lx", VIRT_IOAPIC_REG_BASE);
+qemu_fdt_add_subnode(ms->fdt, nodename);
+qemu_fdt_setprop_cell(ms->fdt, nodename, "#interrupt-cells", 3);
+qemu_fdt_setprop(ms->fdt, nodename, "interrupt-controller", NULL, 0);
+qemu_fdt_setprop_cell(ms->fdt, nodename, "#address-cells", 0x2);
+qemu_fdt_setprop_cell(ms->fdt, nodename, "#size-cells", 0x2);
+qemu_fdt_setprop(ms->fdt, nodename, "ranges", NULL, 0);
+
+qemu_fdt_setprop_string(ms->fdt, nodename, "compatible",
+"loongarch,ls7a");
+
+qemu_fdt_setprop_sized_cells(ms->fdt, nodename, "reg",
+ 2, VIRT_IOAPIC_REG_BASE,
+ 2, PCH_PIC_ROUTE_ENTRY_OFFSET);
+
+qemu_fdt_setprop_cell(ms->fdt, nodename, "phandle", irqchip_phandle);
+g_free(nodename);
+}
 
 #define PM_BASE 0x1008
 #define PM_SIZE 0x100
@@ -697,6 +724,7 @@ static void loongarch_init(MachineState *machine)
 }
 /* Initialize the IO interrupt subsystem */
 loongarch_irq_init(lams);
+fdt_add_irqchip_node(lams);
 lams->machine_done.notify = virt_machine_done;
 qemu_add_machine_init_done_notifier(&lams->machine_done);
 fdt_add_pcie_node(lams);
-- 
2.31.1

[PATCH v2 02/39] tests/qtest: i440fx-test: Rewrite create_blob_file() to be portable

[Bin Meng]

From: Bin Meng 

Previously request_{bios, pflash} cases were skipped on win32, mainly
due to create_blob_file() calling mmap() which does not exist on win32.
This rewirtes create_blob_file() to be portable, so that we can enable
these cases on Windows.

Suggested-by: Marc-André Lureau 
Signed-off-by: Bin Meng 
---

Changes in v2:
- new patch: "tests/qtest: i440fx-test: Rewrite create_blob_file() to be 
portable"

 tests/qtest/i440fx-test.c | 53 +++
 1 file changed, 14 insertions(+), 39 deletions(-)

diff --git a/tests/qtest/i440fx-test.c b/tests/qtest/i440fx-test.c
index 3890f1237c..202bc6022c 100644
--- a/tests/qtest/i440fx-test.c
+++ b/tests/qtest/i440fx-test.c
@@ -278,8 +278,6 @@ static void test_i440fx_pam(gconstpointer opaque)
 qtest_end();
 }
 
-#ifndef _WIN32
-
 #define BLOB_SIZE ((size_t)65536)
 #define ISA_BIOS_MAXSZ ((size_t)(128 * 1024))
 
@@ -290,44 +288,25 @@ static void test_i440fx_pam(gconstpointer opaque)
  */
 static char *create_blob_file(void)
 {
-int ret, fd;
+int i, fd;
 char *pathname;
-GError *error = NULL;
+GError *error;
+g_autofree uint8_t *buf = g_malloc(BLOB_SIZE);
 
-ret = -1;
+error = NULL;
 fd = g_file_open_tmp("blob_XX", &pathname, &error);
-if (fd == -1) {
-fprintf(stderr, "unable to create blob file: %s\n", error->message);
-g_error_free(error);
-} else {
-if (ftruncate(fd, BLOB_SIZE) == -1) {
-fprintf(stderr, "ftruncate(\"%s\", %zu): %s\n", pathname,
-BLOB_SIZE, strerror(errno));
-} else {
-void *buf;
-
-buf = mmap(NULL, BLOB_SIZE, PROT_WRITE, MAP_SHARED, fd, 0);
-if (buf == MAP_FAILED) {
-fprintf(stderr, "mmap(\"%s\", %zu): %s\n", pathname, BLOB_SIZE,
-strerror(errno));
-} else {
-size_t i;
-
-for (i = 0; i < BLOB_SIZE; ++i) {
-((uint8_t *)buf)[i] = i;
-}
-munmap(buf, BLOB_SIZE);
-ret = 0;
-}
-}
-close(fd);
-if (ret == -1) {
-unlink(pathname);
-g_free(pathname);
-}
+g_assert_no_error(error);
+close(fd);
+
+for (i = 0; i < BLOB_SIZE; i++) {
+buf[i] = i;
 }
 
-return ret == -1 ? NULL : pathname;
+error = NULL;
+g_file_set_contents(pathname, (char *)buf, BLOB_SIZE, &error);
+g_assert_no_error(error);
+
+return pathname;
 }
 
 static void test_i440fx_firmware(FirmwareTestFixture *fixture,
@@ -398,8 +377,6 @@ static void request_pflash(FirmwareTestFixture *fixture,
 fixture->is_bios = false;
 }
 
-#endif /* _WIN32 */
-
 int main(int argc, char **argv)
 {
 TestData data;
@@ -410,10 +387,8 @@ int main(int argc, char **argv)
 
 qtest_add_data_func("i440fx/defaults", &data, test_i440fx_defaults);
 qtest_add_data_func("i440fx/pam", &data, test_i440fx_pam);
-#ifndef _WIN32
 add_firmware_test("i440fx/firmware/bios", request_bios);
 add_firmware_test("i440fx/firmware/pflash", request_pflash);
-#endif
 
 return g_test_run();
 }
-- 
2.34.1

[PULL v2 7/9] hw/loongarch: Fix acpi ged irq number in dsdt table

[Song Gao]

From: Xiaojuan Yang 

In dsdt, acpi ged irq should use gsi number, and the
VIRT_SCI_IRQ means it.

Signed-off-by: Xiaojuan Yang 
Acked-by: Song Gao 
Message-Id: <20220908094623.73051-8-yangxiaoj...@loongson.cn>
Signed-off-by: Song Gao 
---
 hw/loongarch/acpi-build.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/loongarch/acpi-build.c b/hw/loongarch/acpi-build.c
index d0f01a6485..95e30975a8 100644
--- a/hw/loongarch/acpi-build.c
+++ b/hw/loongarch/acpi-build.c
@@ -367,7 +367,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, 
MachineState *machine)
 if (lams->acpi_ged) {
 build_ged_aml(dsdt, "\\_SB."GED_DEVICE,
   HOTPLUG_HANDLER(lams->acpi_ged),
-  VIRT_SCI_IRQ - PCH_PIC_IRQ_OFFSET, AML_SYSTEM_MEMORY,
+  VIRT_SCI_IRQ, AML_SYSTEM_MEMORY,
   VIRT_GED_EVT_ADDR);
 }
 
-- 
2.31.1

[PULL v2 6/9] hw/loongarch: Add RAMFB to dynamic_sysbus_devices list

[Song Gao]

From: Xiaojuan Yang 

Add RAMFB device to dynamic_sysbus_devices list so that it can be
hotpluged to the machine.

Signed-off-by: Xiaojuan Yang 
Acked-by: Song Gao 
Message-Id: <20220908094623.73051-7-yangxiaoj...@loongson.cn>
Signed-off-by: Song Gao 
---
 hw/loongarch/virt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index eedff10758..0dd57935b0 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -39,6 +39,7 @@
 #include 
 #include "hw/core/sysbus-fdt.h"
 #include "hw/platform-bus.h"
+#include "hw/display/ramfb.h"
 
 static void create_fdt(LoongArchMachineState *lams)
 {
@@ -852,6 +853,7 @@ static void loongarch_class_init(ObjectClass *oc, void 
*data)
 NULL, NULL);
 object_class_property_set_description(oc, "acpi",
 "Enable ACPI");
+machine_class_allow_dynamic_sysbus_dev(mc, TYPE_RAMFB_DEVICE);
 }
 
 static const TypeInfo loongarch_machine_types[] = {
-- 
2.31.1

[PULL v2 8/9] hw/loongarch: Support memory hotplug

[Song Gao]

From: Xiaojuan Yang 

Add hotplug/unplug interface for memory device.

Signed-off-by: Xiaojuan Yang 
Acked-by: Song Gao 
Message-Id: <20220908094623.73051-9-yangxiaoj...@loongson.cn>
Signed-off-by: Song Gao 
---
 hw/loongarch/Kconfig  |   2 +
 hw/loongarch/acpi-build.c |  32 +---
 hw/loongarch/virt.c   | 105 +-
 3 files changed, 132 insertions(+), 7 deletions(-)

diff --git a/hw/loongarch/Kconfig b/hw/loongarch/Kconfig
index fef55c5638..17d15b6c90 100644
--- a/hw/loongarch/Kconfig
+++ b/hw/loongarch/Kconfig
@@ -4,6 +4,7 @@ config LOONGARCH_VIRT
 select PCI_EXPRESS_GENERIC_BRIDGE
 imply VIRTIO_VGA
 imply PCI_DEVICES
+imply NVDIMM
 select ISA_BUS
 select SERIAL
 select SERIAL_ISA
@@ -18,3 +19,4 @@ config LOONGARCH_VIRT
 select ACPI_PCI
 select ACPI_HW_REDUCED
 select FW_CFG_DMA
+select DIMM
diff --git a/hw/loongarch/acpi-build.c b/hw/loongarch/acpi-build.c
index 95e30975a8..92ee62c11a 100644
--- a/hw/loongarch/acpi-build.c
+++ b/hw/loongarch/acpi-build.c
@@ -186,6 +186,12 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
MachineState *machine)
 build_srat_memory(table_data, VIRT_HIGHMEM_BASE, machine->ram_size - 
VIRT_LOWMEM_SIZE,
   0, MEM_AFFINITY_ENABLED);
 
+if (ms->device_memory) {
+build_srat_memory(table_data, ms->device_memory->base,
+  memory_region_size(&ms->device_memory->mr),
+  0, MEM_AFFINITY_HOTPLUGGABLE | MEM_AFFINITY_ENABLED);
+}
+
 acpi_table_end(linker, &table);
 }
 
@@ -335,6 +341,25 @@ static void build_uart_device_aml(Aml *table)
 aml_append(table, scope);
 }
 
+static void
+build_la_ged_aml(Aml *dsdt, MachineState *machine)
+{
+uint32_t event;
+LoongArchMachineState *lams = LOONGARCH_MACHINE(machine);
+
+build_ged_aml(dsdt, "\\_SB."GED_DEVICE,
+  HOTPLUG_HANDLER(lams->acpi_ged),
+  VIRT_SCI_IRQ, AML_SYSTEM_MEMORY,
+  VIRT_GED_EVT_ADDR);
+event = object_property_get_uint(OBJECT(lams->acpi_ged),
+ "ged-event", &error_abort);
+if (event & ACPI_GED_MEM_HOTPLUG_EVT) {
+build_memory_hotplug_aml(dsdt, machine->ram_slots, "\\_SB", NULL,
+ AML_SYSTEM_MEMORY,
+ VIRT_GED_MEM_ADDR);
+}
+}
+
 /* build DSDT */
 static void
 build_dsdt(GArray *table_data, BIOSLinker *linker, MachineState *machine)
@@ -364,12 +389,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, 
MachineState *machine)
 
 build_gpex_pci0_int(dsdt);
 build_uart_device_aml(dsdt);
-if (lams->acpi_ged) {
-build_ged_aml(dsdt, "\\_SB."GED_DEVICE,
-  HOTPLUG_HANDLER(lams->acpi_ged),
-  VIRT_SCI_IRQ, AML_SYSTEM_MEMORY,
-  VIRT_GED_EVT_ADDR);
-}
+build_la_ged_aml(dsdt, machine);
 
 scope = aml_scope("\\_SB.PCI0");
 /* Build PCI0._CRS */
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 0dd57935b0..fe175e873b 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -40,6 +40,7 @@
 #include "hw/core/sysbus-fdt.h"
 #include "hw/platform-bus.h"
 #include "hw/display/ramfb.h"
+#include "hw/mem/pc-dimm.h"
 
 static void create_fdt(LoongArchMachineState *lams)
 {
@@ -718,6 +719,35 @@ static void loongarch_init(MachineState *machine)
  machine->ram, offset, highram_size);
 memory_region_add_subregion(address_space_mem, 0x9000, &lams->highmem);
 memmap_add_entry(0x9000, highram_size, 1);
+
+/* initialize device memory address space */
+if (machine->ram_size < machine->maxram_size) {
+machine->device_memory = g_malloc0(sizeof(*machine->device_memory));
+ram_addr_t device_mem_size = machine->maxram_size - machine->ram_size;
+
+if (machine->ram_slots > ACPI_MAX_RAM_SLOTS) {
+error_report("unsupported amount of memory slots: %"PRIu64,
+ machine->ram_slots);
+exit(EXIT_FAILURE);
+}
+
+if (QEMU_ALIGN_UP(machine->maxram_size,
+  TARGET_PAGE_SIZE) != machine->maxram_size) {
+error_report("maximum memory size must by aligned to multiple of "
+ "%d bytes", TARGET_PAGE_SIZE);
+exit(EXIT_FAILURE);
+}
+/* device memory base is the top of high memory address. */
+machine->device_memory->base = 0x9000 + highram_size;
+machine->device_memory->base =
+ROUND_UP(machine->device_memory->base, 1 * GiB);
+
+memory_region_init(&machine->device_memory->mr, OBJECT(lams),
+   "device-memory", device_mem_size);
+memory_region_add_subregion(address_space_mem, 
machine->device_memory->base,
+&machine->device_memory->mr);
+}
+
 /* Add isa io region */
 m

[PATCH v2 05/39] tcg: Avoid using hardcoded /tmp

[Bin Meng]

From: Bin Meng 

Use g_get_tmp_dir() to get the directory to use for temporary files.

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

Changes in v2:
- Use g_autofree to declare the variable

 tcg/tcg.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index 0f9cfe96f2..8847053176 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -4729,7 +4729,8 @@ static void tcg_register_jit_int(const void *buf_ptr, 
size_t buf_size,
 /* Enable this block to be able to debug the ELF image file creation.
One can use readelf, objdump, or other inspection utilities.  */
 {
-FILE *f = fopen("/tmp/qemu.jit", "w+b");
+g_autofree char *jit = g_strdup_printf("%s/qemu.jit", g_get_tmp_dir());
+FILE *f = fopen(jit, "w+b");
 if (f) {
 if (fwrite(img, img_size, 1, f) != img_size) {
 /* Avoid stupid unused return value warning for fwrite.  */
-- 
2.34.1

[PATCH] gitlab-ci: Update the FreeBSD 13 job from 13.0 to 13.1

[Thomas Huth]

The FreeBSD 13 job in our CI started failing since the python port
stopped working after 13.1 has been released. Thus update our CI
job to FreeBSD 13.1 to get it working again.

Suggested-by: Daniel P. Berrangé 
Signed-off-by: Thomas Huth 
---
 .gitlab-ci.d/cirrus.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.d/cirrus.yml b/.gitlab-ci.d/cirrus.yml
index 609c364308..d70da61248 100644
--- a/.gitlab-ci.d/cirrus.yml
+++ b/.gitlab-ci.d/cirrus.yml
@@ -63,7 +63,7 @@ x64-freebsd-13-build:
 NAME: freebsd-13
 CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
 CIRRUS_VM_IMAGE_SELECTOR: image_family
-CIRRUS_VM_IMAGE_NAME: freebsd-13-0
+CIRRUS_VM_IMAGE_NAME: freebsd-13-1
 CIRRUS_VM_CPUS: 8
 CIRRUS_VM_RAM: 8G
 UPDATE_COMMAND: pkg update
-- 
2.31.1

[PATCH v2 10/39] hw/usb: dev-mtp: Use g_mkdir()

[Bin Meng]

From: Bin Meng 

Use g_mkdir() to create a directory on all platforms.

Signed-off-by: Bin Meng 
---

Changes in v2:
- Change to use g_mkdir()

 hw/usb/dev-mtp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index 5831395cef..1cac1cd435 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -14,7 +14,7 @@
 #include "qemu/error-report.h"
 #include 
 #include 
-
+#include 
 #include 
 
 
@@ -1622,7 +1622,7 @@ static void usb_mtp_write_data(MTPState *s, uint32_t 
handle)
 if (s->dataset.filename) {
 path = g_strdup_printf("%s/%s", parent->path, s->dataset.filename);
 if (s->dataset.format == FMT_ASSOCIATION) {
-ret = mkdir(path, mask);
+ret = g_mkdir(path, mask);
 if (!ret) {
 usb_mtp_queue_result(s, RES_OK, d->trans, 3,
  QEMU_STORAGE_ID,
-- 
2.34.1

Re: [PATCH v2] hw/net/can: fix Xilinx ZynqMP CAN RX FIFO logic

[Peter Maydell]

On Wed, 17 Aug 2022 at 15:33, Peter Maydell  wrote:
>
> On Wed, 17 Aug 2022 at 15:24, Anton Kochkov  wrote:
> >
> > For consistency, function "update_rx_fifo()" should use
> > the RX FIFO register names, not the TX FIFO ones even if
>
> "register field names"
>
> > they refer to the same memory region.
>
> "same bit positions in the register".
>
> (No need to spin a v3 just for that; if there's no other
> issues with the patch I'll fix it up when I take it into
> target-arm.next.)



Applied to target-arm.next, thanks.

-- PMM

[PATCH v2 14/39] accel/qtest: Implement a portable qtest accelerator

[Bin Meng]

From: Xuzhou Cheng 

Currently signal SIGIPI [=SIGUSR1] is used to kick the dummy CPU
when qtest accelerator is used. However SIGUSR1 is unsupported on
Windows. To support Windows, we add a QemuSemaphore CPUState::sem
to kick the dummy CPU instead.

As a result of this, the POSIX implementation via signal is no
longer needed and can use the same path as Windows.

Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

Changes in v2:
- Replace signal by the semaphore on posix too

 include/hw/core/cpu.h   |  1 +
 accel/dummy-cpus.c  | 15 ++-
 softmmu/cpus.c  | 10 +-
 accel/meson.build   |  1 +
 accel/qtest/meson.build |  1 +
 5 files changed, 6 insertions(+), 22 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 500503da13..2f46c37dc1 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -326,6 +326,7 @@ struct CPUState {
 #ifdef _WIN32
 HANDLE hThread;
 #endif
+QemuSemaphore sem;
 int thread_id;
 bool running, has_waiter;
 struct QemuCond *halt_cond;
diff --git a/accel/dummy-cpus.c b/accel/dummy-cpus.c
index 10429fdfb2..3769d3db0a 100644
--- a/accel/dummy-cpus.c
+++ b/accel/dummy-cpus.c
@@ -21,8 +21,6 @@
 static void *dummy_cpu_thread_fn(void *arg)
 {
 CPUState *cpu = arg;
-sigset_t waitset;
-int r;
 
 rcu_register_thread();
 
@@ -32,23 +30,13 @@ static void *dummy_cpu_thread_fn(void *arg)
 cpu->can_do_io = 1;
 current_cpu = cpu;
 
-sigemptyset(&waitset);
-sigaddset(&waitset, SIG_IPI);
-
 /* signal CPU creation */
 cpu_thread_signal_created(cpu);
 qemu_guest_random_seed_thread_part2(cpu->random_seed);
 
 do {
 qemu_mutex_unlock_iothread();
-do {
-int sig;
-r = sigwait(&waitset, &sig);
-} while (r == -1 && (errno == EAGAIN || errno == EINTR));
-if (r == -1) {
-perror("sigwait");
-exit(1);
-}
+qemu_sem_wait(&cpu->sem);
 qemu_mutex_lock_iothread();
 qemu_wait_io_event(cpu);
 } while (!cpu->unplug);
@@ -67,6 +55,7 @@ void dummy_start_vcpu_thread(CPUState *cpu)
 qemu_cond_init(cpu->halt_cond);
 snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/DUMMY",
  cpu->cpu_index);
+qemu_sem_init(&cpu->sem, 0);
 qemu_thread_create(cpu->thread, thread_name, dummy_cpu_thread_fn, cpu,
QEMU_THREAD_JOINABLE);
 }
diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 23b30484b2..2a992d0d5f 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -437,19 +437,11 @@ void qemu_wait_io_event(CPUState *cpu)
 
 void cpus_kick_thread(CPUState *cpu)
 {
-#ifndef _WIN32
-int err;
-
 if (cpu->thread_kicked) {
 return;
 }
 cpu->thread_kicked = true;
-err = pthread_kill(cpu->thread->thread, SIG_IPI);
-if (err && err != ESRCH) {
-fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
-exit(1);
-}
-#endif
+qemu_sem_post(&cpu->sem);
 }
 
 void qemu_cpu_kick(CPUState *cpu)
diff --git a/accel/meson.build b/accel/meson.build
index b9a963cf80..b21c85dc0a 100644
--- a/accel/meson.build
+++ b/accel/meson.build
@@ -17,4 +17,5 @@ dummy_ss.add(files(
 ))
 
 specific_ss.add_all(when: ['CONFIG_SOFTMMU', 'CONFIG_POSIX'], if_true: 
dummy_ss)
+specific_ss.add_all(when: ['CONFIG_WIN32'], if_true: dummy_ss)
 specific_ss.add_all(when: ['CONFIG_XEN'], if_true: dummy_ss)
diff --git a/accel/qtest/meson.build b/accel/qtest/meson.build
index 4c65600293..a4876fc0f2 100644
--- a/accel/qtest/meson.build
+++ b/accel/qtest/meson.build
@@ -1,2 +1,3 @@
 qtest_module_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_POSIX'],
 if_true: files('qtest.c'))
+qtest_module_ss.add(when: ['CONFIG_WIN32'], if_true: files('qtest.c'))
-- 
2.34.1

Re: [PATCH] target/arm: Fix alignment for VLD4.32

[Peter Maydell]

On Wed, 14 Sept 2022 at 14:11, Richard Henderson
 wrote:
>
> On 9/14/22 11:50, Clément Chigot wrote:
> > When requested, the alignment for VLD4.32 is 8 and not 16.
> >
> > See ARM documentation about VLD4 encoding:
> >  ebytes = 1 << UInt(size);
> >  if size == '10' then
> >  alignment = if a == '0' then 1 else 8;
> >  else
> >  alignment = if a == '0' then 1 else 4*ebytes;
> >
> > Signed-off-by: Clément Chigot 
>
> Reviewed-by: Richard Henderson 



Applied to target-arm.next, thanks.

-- PMM

Re: [PATCH v2] hw/arm: fix the position of vcram for raspi

[Peter Maydell]

On Sat, 27 Aug 2022 at 21:09, Frederik van Hövell  wrote:
>
> From: Alex Bennée 
>
> The previous calculation fell over when I tried to create a 8gb Pi 4
> because the values were only 32 bit. However the quirk of the Pi
> hardware is the vcram can only appear in the first 1gb of address
> space. This also limits where the initial kernel and DTB can be
> loaded (notice the DTS for the 8gb Pi4 still only uses 32 bit sizes).
> Fix this cleaning up setup_boot to directly use vcram_base and
> documenting what is going on.
>
> NB: the aliases are confusing.

Hi Frederik -- could you say why you've re-sent this patch from
Alex's rpi4 RFC patchset? As I understand it, the code as it is
at the moment works OK for the rpi models we have so far, because
they happen not to have enough RAM to trigger the problem, so
this patch would only be needed with the rpi4 model. Or is there
a setup with our existing rpi models where this fix is needed?

thanks
-- PMM

[PATCH v2 15/39] tests/qtest: libqtest: Adapt global_qtest declaration for win32

[Bin Meng]

From: Xuzhou Cheng 

Commit dd2107497275 ("tests/libqtest: Use libqtest-single.h in tests that 
require global_qtest")
moved global_qtest to libqtest-single.h, by declaring global_qtest
attribute to be common and weak.

This trick unfortunately does not work on Windows, and building
qtest test cases results in multiple definition errors of the weak
symbol global_qtest, as Windows PE does not have the concept of
the so-called weak symbol like ELF in the *nix world.

However Windows does provide a trick to declare a variable to be
a common symbol, via __declspec(selectany) [1]. It does not provide
the "strong override weak" effect but we don't need it in our use
case anyway. So let's use it for win32.

[1] https://docs.microsoft.com/en-us/cpp/cpp/selectany

Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 
---

Changes in v2:
- Use __declspec(selectany) for the common weak symbol on Windows

 tests/qtest/libqtest-single.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/tests/qtest/libqtest-single.h b/tests/qtest/libqtest-single.h
index 4e7d0ae1dc..851724cbcb 100644
--- a/tests/qtest/libqtest-single.h
+++ b/tests/qtest/libqtest-single.h
@@ -13,7 +13,11 @@
 
 #include "libqtest.h"
 
+#ifndef _WIN32
 QTestState *global_qtest __attribute__((common, weak));
+#else
+__declspec(selectany) QTestState *global_qtest;
+#endif
 
 /**
  * qtest_start:
-- 
2.34.1

Re: [PATCH] gitlab-ci: Update the FreeBSD 13 job from 13.0 to 13.1

[Daniel P . Berrangé]

On Tue, Sep 20, 2022 at 12:20:41PM +0200, Thomas Huth wrote:
> The FreeBSD 13 job in our CI started failing since the python port
> stopped working after 13.1 has been released. Thus update our CI
> job to FreeBSD 13.1 to get it working again.
> 
> Suggested-by: Daniel P. Berrangé 
> Signed-off-by: Thomas Huth 
> ---
>  .gitlab-ci.d/cirrus.yml | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrangé 


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PULL v3 00/20] tcg patch queue

[Thomas Huth]

On 06/09/2022 10.37, Richard Henderson wrote:

v2: Fix incorretly resolved rebase conflict in patch 16.
v3: Work around clang preprocessor bug in patch 3.


r~


The following changes since commit fd28528ece590dc709d1a893fce2ff2f68ddca70:

   Merge tag 'pull-or1k-20220904' of https://github.com/stffrdhrn/qemu into 
staging (2022-09-05 18:01:02 -0400)

are available in the Git repository at:

   https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220906

for you to fetch changes up to 00c07344fa245b22e895b363320ba4cd0ec1088a:

   target/riscv: Make translator stop before the end of a page (2022-09-06 
08:04:26 +0100)


Respect PROT_EXEC in user-only mode.
Fix s390x, i386 and riscv for translations crossing a page.


Ilya Leoshkevich (4):
   linux-user: Clear translations on mprotect()
   accel/tcg: Introduce is_same_page()
   target/s390x: Make translator stop before the end of a page
   target/i386: Make translator stop before the end of a page

Richard Henderson (16):
   linux-user/arm: Mark the commpage executable
   linux-user/hppa: Allocate page zero as a commpage
   linux-user/x86_64: Allocate vsyscall page as a commpage
   linux-user: Honor PT_GNU_STACK
   tests/tcg/i386: Move smc_code2 to an executable section
   accel/tcg: Properly implement get_page_addr_code for user-only
   accel/tcg: Unlock mmap_lock after longjmp
   accel/tcg: Make tb_htable_lookup static
   accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c
   accel/tcg: Use probe_access_internal for softmmu get_page_addr_code_hostp
   accel/tcg: Document the faulting lookup in tb_lookup_cmp
   accel/tcg: Remove translator_ldsw
   accel/tcg: Add pc and host_pc params to gen_intermediate_code
   accel/tcg: Add fast path for translator_ld*
   target/riscv: Add MAX_INSN_LEN and insn_len
   target/riscv: Make translator stop before the end of a page


 Hi Richard!

Since your pull request has been merged, the Travis CI now constantly shows 
a failure, see:


 https://app.travis-ci.com/gitlab/qemu-project/qemu/builds/255231855

The previous runs were all green, so I assume this has been introduced by 
one of the patches in here. Could you please have a look?


 Thanks,
  Thomas

[PATCH v2 19/39] tests/qtest: Support libqtest to build and run on Windows

[Bin Meng]

From: Bin Meng 

At present the libqtest codes were written to depend on several
POSIX APIs, including fork(), kill() and waitpid(). Unfortunately
these APIs are not available on Windows.

This commit implements the corresponding functionalities using
win32 native APIs. With this change, all qtest cases can build
successfully on a Windows host, and we can start qtest testing
on Windows now.

Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 
---

Changes in v2:
- Move the enabling of building qtests on Windows to a separate
  patch to keep bisectablity
- Call socket_init() unconditionally
- Add a missing CloseHandle() call

 tests/qtest/libqtest.c | 98 +-
 1 file changed, 96 insertions(+), 2 deletions(-)

diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c
index f46a21fa45..5d15e39289 100644
--- a/tests/qtest/libqtest.c
+++ b/tests/qtest/libqtest.c
@@ -16,9 +16,11 @@
 
 #include "qemu/osdep.h"
 
+#ifndef _WIN32
 #include 
 #include 
 #include 
+#endif /* _WIN32 */
 #ifdef __linux__
 #include 
 #endif /* __linux__ */
@@ -27,6 +29,7 @@
 #include "libqmp.h"
 #include "qemu/ctype.h"
 #include "qemu/cutils.h"
+#include "qemu/sockets.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qlist.h"
@@ -35,6 +38,16 @@
 #define MAX_IRQ 256
 #define SOCKET_TIMEOUT 50
 
+#ifndef _WIN32
+# define CMD_EXEC   "exec "
+# define DEV_STDERR "/dev/fd/2"
+# define DEV_NULL   "/dev/null"
+#else
+# define CMD_EXEC   ""
+# define DEV_STDERR "2"
+# define DEV_NULL   "nul"
+#endif
+
 typedef void (*QTestSendFn)(QTestState *s, const char *buf);
 typedef void (*ExternalSendFn)(void *s, const char *buf);
 typedef GString* (*QTestRecvFn)(QTestState *);
@@ -66,6 +79,9 @@ struct QTestState
 };
 
 static GHookList abrt_hooks;
+#ifdef _WIN32
+typedef void (*sighandler_t)(int);
+#endif
 static sighandler_t sighandler_old;
 
 static int qtest_query_target_endianness(QTestState *s);
@@ -118,10 +134,19 @@ bool qtest_probe_child(QTestState *s)
 pid_t pid = s->qemu_pid;
 
 if (pid != -1) {
+#ifndef _WIN32
 pid = waitpid(pid, &s->wstatus, WNOHANG);
 if (pid == 0) {
 return true;
 }
+#else
+DWORD exit_code;
+GetExitCodeProcess((HANDLE)pid, &exit_code);
+if (exit_code == STILL_ACTIVE) {
+return true;
+}
+CloseHandle((HANDLE)pid);
+#endif
 s->qemu_pid = -1;
 }
 return false;
@@ -135,13 +160,23 @@ void qtest_set_expected_status(QTestState *s, int status)
 void qtest_kill_qemu(QTestState *s)
 {
 pid_t pid = s->qemu_pid;
+#ifndef _WIN32
 int wstatus;
+#else
+DWORD ret, exit_code;
+#endif
 
 /* Skip wait if qtest_probe_child already reaped.  */
 if (pid != -1) {
+#ifndef _WIN32
 kill(pid, SIGTERM);
 TFR(pid = waitpid(s->qemu_pid, &s->wstatus, 0));
 assert(pid == s->qemu_pid);
+#else
+TerminateProcess((HANDLE)pid, s->expected_status);
+ret = WaitForSingleObject((HANDLE)pid, INFINITE);
+assert(ret == WAIT_OBJECT_0);
+#endif
 s->qemu_pid = -1;
 }
 
@@ -149,6 +184,7 @@ void qtest_kill_qemu(QTestState *s)
  * Check whether qemu exited with expected exit status; anything else is
  * fishy and should be logged with as much detail as possible.
  */
+#ifndef _WIN32
 wstatus = s->wstatus;
 if (WIFEXITED(wstatus) && WEXITSTATUS(wstatus) != s->expected_status) {
 fprintf(stderr, "%s:%d: kill_qemu() tried to terminate QEMU "
@@ -165,6 +201,16 @@ void qtest_kill_qemu(QTestState *s)
 __FILE__, __LINE__, sig, signame, dump);
 abort();
 }
+#else
+GetExitCodeProcess((HANDLE)pid, &exit_code);
+CloseHandle((HANDLE)pid);
+if (exit_code != s->expected_status) {
+fprintf(stderr, "%s:%d: kill_qemu() tried to terminate QEMU "
+"process but encountered exit status %ld (expected %d)\n",
+__FILE__, __LINE__, exit_code, s->expected_status);
+abort();
+}
+#endif
 }
 
 static void kill_qemu_hook_func(void *s)
@@ -243,6 +289,38 @@ static const char *qtest_qemu_binary(void)
 return qemu_bin;
 }
 
+#ifdef _WIN32
+static pid_t qtest_create_process(char *cmd)
+{
+STARTUPINFO si;
+PROCESS_INFORMATION pi;
+BOOL ret;
+
+ZeroMemory(&si, sizeof(si));
+si.cb = sizeof(si);
+ZeroMemory(&pi, sizeof(pi));
+
+ret = CreateProcess(NULL,   /* module name */
+cmd,/* command line */
+NULL,   /* process handle not inheritable */
+NULL,   /* thread handle not inheritable */
+FALSE,  /* set handle inheritance to FALSE */
+0,  /* No creation flags */
+NULL,   /* use parent's environment block */
+NULL,   /* use parent's starting directory */
+&si,/* pointer to STARTUPINFO structure */
+   

[PATCH v2 06/39] util/qemu-sockets: Use g_get_tmp_dir() to get the directory for temporary files

[Bin Meng]

From: Bin Meng 

Replace the existing logic to get the directory for temporary files
with g_get_tmp_dir(), which works for win32 too.

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

(no changes since v1)

 util/qemu-sockets.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 83f4bd6fd2..0c41ca9e42 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -919,9 +919,8 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
 if (saddr->path[0] || abstract) {
 path = saddr->path;
 } else {
-const char *tmpdir = getenv("TMPDIR");
-tmpdir = tmpdir ? tmpdir : "/tmp";
-path = pathbuf = g_strdup_printf("%s/qemu-socket-XX", tmpdir);
+path = pathbuf = g_strdup_printf("%s/qemu-socket-XX",
+ g_get_tmp_dir());
 }
 
 pathlen = strlen(path);
-- 
2.34.1

[PATCH v2 01/39] tests: Change to use g_mkdir()

[Bin Meng]

From: Bin Meng 

Commit 413bebc04603 ("tests: Use g_mkdir_with_parents()") replaces
the mkdir() call in the test codes with glib's g_mkdir_with_parents(),
but the exact portable replacement for mkdir() should be g_mkdir().

I probably was misled by the GTK glib doc [1] before, thinking that
g_mkdir() is not a supported API from glib. But the glib sources do
not support this statement. It is probably that the GTK documentation
was not built to include all APIs.

[1] https://docs.gtk.org/glib/?q=mkdir

Fixes: 413bebc04603 ("tests: Use g_mkdir_with_parents()")
Signed-off-by: Bin Meng 
---

Changes in v2:
- new patch: "tests: Change to use g_mkdir()"

 tests/migration/stress.c  | 3 ++-
 tests/qtest/migration-test.c  | 7 ---
 tests/unit/test-crypto-tlscredsx509.c | 5 +++--
 tests/unit/test-crypto-tlssession.c   | 7 ---
 tests/unit/test-io-channel-tls.c  | 7 ---
 5 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/tests/migration/stress.c b/tests/migration/stress.c
index 88acf8dc25..76b91851ad 100644
--- a/tests/migration/stress.c
+++ b/tests/migration/stress.c
@@ -19,6 +19,7 @@
 
 #include "qemu/osdep.h"
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -232,7 +233,7 @@ static void stress(unsigned long long ramsizeGB, int ncpus)
 
 static int mount_misc(const char *fstype, const char *dir)
 {
-if (g_mkdir_with_parents(dir, 0755) < 0 && errno != EEXIST) {
+if (g_mkdir(dir, 0755) < 0 && errno != EEXIST) {
 fprintf(stderr, "%s (%05d): ERROR: cannot create %s: %s\n",
 argv0, gettid(), dir, strerror(errno));
 return -1;
diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 4728d528bb..55892b3798 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -11,6 +11,7 @@
  */
 
 #include "qemu/osdep.h"
+#include 
 
 #include "libqtest.h"
 #include "qapi/error.h"
@@ -761,14 +762,14 @@ test_migrate_tls_psk_start_common(QTestState *from,
 data->workdir = g_strdup_printf("%s/tlscredspsk0", tmpfs);
 data->pskfile = g_strdup_printf("%s/%s", data->workdir,
 QCRYPTO_TLS_CREDS_PSKFILE);
-g_mkdir_with_parents(data->workdir, 0700);
+g_mkdir(data->workdir, 0700);
 test_tls_psk_init(data->pskfile);
 
 if (mismatch) {
 data->workdiralt = g_strdup_printf("%s/tlscredspskalt0", tmpfs);
 data->pskfilealt = g_strdup_printf("%s/%s", data->workdiralt,
QCRYPTO_TLS_CREDS_PSKFILE);
-g_mkdir_with_parents(data->workdiralt, 0700);
+g_mkdir(data->workdiralt, 0700);
 test_tls_psk_init_alt(data->pskfilealt);
 }
 
@@ -873,7 +874,7 @@ test_migrate_tls_x509_start_common(QTestState *from,
 data->clientcert = g_strdup_printf("%s/client-cert.pem", 
data->workdir);
 }
 
-g_mkdir_with_parents(data->workdir, 0700);
+g_mkdir(data->workdir, 0700);
 
 test_tls_init(data->keyfile);
 #ifndef _WIN32
diff --git a/tests/unit/test-crypto-tlscredsx509.c 
b/tests/unit/test-crypto-tlscredsx509.c
index 3c25d75ca1..03fa48a3c5 100644
--- a/tests/unit/test-crypto-tlscredsx509.c
+++ b/tests/unit/test-crypto-tlscredsx509.c
@@ -19,6 +19,7 @@
  */
 
 #include "qemu/osdep.h"
+#include 
 
 #include "crypto-tls-x509-helpers.h"
 #include "crypto/tlscredsx509.h"
@@ -75,7 +76,7 @@ static void test_tls_creds(const void *opaque)
 QCryptoTLSCreds *creds;
 
 #define CERT_DIR "tests/test-crypto-tlscredsx509-certs/"
-g_mkdir_with_parents(CERT_DIR, 0700);
+g_mkdir(CERT_DIR, 0700);
 
 unlink(CERT_DIR QCRYPTO_TLS_CREDS_X509_CA_CERT);
 if (data->isServer) {
@@ -141,7 +142,7 @@ int main(int argc, char **argv)
 g_test_init(&argc, &argv, NULL);
 g_setenv("GNUTLS_FORCE_FIPS_MODE", "2", 1);
 
-g_mkdir_with_parents(WORKDIR, 0700);
+g_mkdir(WORKDIR, 0700);
 
 test_tls_init(KEYFILE);
 
diff --git a/tests/unit/test-crypto-tlssession.c 
b/tests/unit/test-crypto-tlssession.c
index 615a1344b4..356afbadfb 100644
--- a/tests/unit/test-crypto-tlssession.c
+++ b/tests/unit/test-crypto-tlssession.c
@@ -19,6 +19,7 @@
  */
 
 #include "qemu/osdep.h"
+#include 
 
 #include "crypto-tls-x509-helpers.h"
 #include "crypto-tls-psk-helpers.h"
@@ -249,8 +250,8 @@ static void test_crypto_tls_session_x509(const void *opaque)
 
 #define CLIENT_CERT_DIR "tests/test-crypto-tlssession-client/"
 #define SERVER_CERT_DIR "tests/test-crypto-tlssession-server/"
-g_mkdir_with_parents(CLIENT_CERT_DIR, 0700);
-g_mkdir_with_parents(SERVER_CERT_DIR, 0700);
+g_mkdir(CLIENT_CERT_DIR, 0700);
+g_mkdir(SERVER_CERT_DIR, 0700);
 
 unlink(SERVER_CERT_DIR QCRYPTO_TLS_CREDS_X509_CA_CERT);
 unlink(SERVER_CERT_DIR QCRYPTO_TLS_CREDS_X509_SERVER_CERT);
@@ -398,7 +399,7 @@ int main(int argc, char **argv)
 g_test_init(&argc, &argv, NULL);
 g_setenv("GNUTLS_FORCE_FIPS_MODE", "2", 1);
 
-g_mkdir_with_parents(WORKDIR, 0700);
+g_mkdir(WORKDIR, 0700);
 
 test_tls_

[PATCH v2 20/39] tests/qtest: {ahci, ide}-test: Use relative path for temporary files for win32

[Bin Meng]

From: Bin Meng 

These test cases uses "blkdebug:path/to/config:path/to/image" for
testing. On Windows, absolute file paths contain the delimiter ':'
which causes the blkdebug filename parser fail to parse filenames.

Signed-off-by: Bin Meng 
---

(no changes since v1)

 tests/qtest/ahci-test.c | 21 ++---
 tests/qtest/ide-test.c  | 20 ++--
 2 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/tests/qtest/ahci-test.c b/tests/qtest/ahci-test.c
index 00524f14c6..c57576b08c 100644
--- a/tests/qtest/ahci-test.c
+++ b/tests/qtest/ahci-test.c
@@ -1833,7 +1833,7 @@ static void create_ahci_io_test(enum IOMode type, enum 
AddrMode addr,
 
 int main(int argc, char **argv)
 {
-const char *arch;
+const char *arch, *base;
 int ret;
 int fd;
 int c;
@@ -1871,8 +1871,22 @@ int main(int argc, char **argv)
 return 0;
 }
 
+/*
+ * "base" stores the starting point where we create temporary files.
+ *
+ * On Windows, this is set to the relative path of current working
+ * directory, because the absolute path causes the blkdebug filename
+ * parser fail to parse "blkdebug:path/to/config:path/to/image".
+ */
+#ifndef _WIN32
+base = g_get_tmp_dir();
+#else
+base = ".";
+#endif
+
 /* Create a temporary image */
-fd = g_file_open_tmp("qtest.XX", &tmp_path, NULL);
+tmp_path = g_strdup_printf("%s/qtest.XX", base);
+fd = g_mkstemp(tmp_path);
 g_assert(fd >= 0);
 if (have_qemu_img()) {
 imgfmt = "qcow2";
@@ -1889,7 +1903,8 @@ int main(int argc, char **argv)
 close(fd);
 
 /* Create temporary blkdebug instructions */
-fd = g_file_open_tmp("qtest-blkdebug.XX", &debug_path, NULL);
+debug_path = g_strdup_printf("%s/qtest-blkdebug.XX", base);
+fd = g_mkstemp(debug_path);
 g_assert(fd >= 0);
 close(fd);
 
diff --git a/tests/qtest/ide-test.c b/tests/qtest/ide-test.c
index 25302be6dc..5e3e28aea2 100644
--- a/tests/qtest/ide-test.c
+++ b/tests/qtest/ide-test.c
@@ -1011,16 +1011,32 @@ static void test_cdrom_dma(void)
 
 int main(int argc, char **argv)
 {
+const char *base;
 int fd;
 int ret;
 
+/*
+ * "base" stores the starting point where we create temporary files.
+ *
+ * On Windows, this is set to the relative path of current working
+ * directory, because the absolute path causes the blkdebug filename
+ * parser fail to parse "blkdebug:path/to/config:path/to/image".
+ */
+#ifndef _WIN32
+base = g_get_tmp_dir();
+#else
+base = ".";
+#endif
+
 /* Create temporary blkdebug instructions */
-fd = g_file_open_tmp("qtest-blkdebug.XX", &debug_path, NULL);
+debug_path = g_strdup_printf("%s/qtest-blkdebug.XX", base);
+fd = g_mkstemp(debug_path);
 g_assert(fd >= 0);
 close(fd);
 
 /* Create a temporary raw image */
-fd = g_file_open_tmp("qtest.XX", &tmp_path, NULL);
+tmp_path = g_strdup_printf("%s/qtest.XX", base);
+fd = g_mkstemp(tmp_path);
 g_assert(fd >= 0);
 ret = ftruncate(fd, TEST_IMAGE_SIZE);
 g_assert(ret == 0);
-- 
2.34.1

[PATCH v2 00/39] tests/qtest: Enable running qtest on Windows

[Bin Meng]

In preparation to adding virtio-9p support on Windows, this series
enables running qtest on Windows, so that we can run the virtio-9p
tests on Windows to make sure it does not break accidently.

Changes in v2:
- new patch: "tests: Change to use g_mkdir()"
- new patch: "tests/qtest: i440fx-test: Rewrite create_blob_file() to be 
portable"
- Use g_autofree to declare the variable
- Use g_dir_make_tmp(), g_file_open_tmp() when appropriate
- Change to use g_mkdir()
- Change to use g_mkdir()
- Change to use g_mkdir()
- Change to skip only part of the virtio-net-test cases that require
  socketpair() intead of disabling all of them
- Introduce a new variable qtests_filter and add that to the
  qtests_ARCH variables
- Add a comment in the code to explain why test_qmp_oob test case
  is skipped on win32
- Replace signal by the semaphore on posix too
- Use __declspec(selectany) for the common weak symbol on Windows
- Introduce qemu_send_full() and use it
- Move the enabling of building qtests on Windows to a separate
  patch to keep bisectablity
- Call socket_init() unconditionally
- Add a missing CloseHandle() call
- Change the place that sets IO redirection in the command line
- Drop ahci-test.c changes that are no longer needed
- Update commit message to include the use case why we should set
  FILE_SHARE_WRITE when openning the file for win32
- Change to a busy wait after migration is canceled
- new patch: "hw/pci-host: pnv_phb{3,4}: Fix heap out-of-bound access failure"
- new patch: "io/channel-watch: Drop the unnecessary cast"
- Change the timeout limit to 90 minutes
- new patch: Display meson test logs in the Windows CI
- new patch: "tests/qtest: Enable qtest build on Windows"
- Minor wording changes
- Drop patches that were already applied in the mainline
- Drop patch: "qga/commands-posix-ssh: Use g_mkdir_with_parents()"
- Drop patch: "tests: Skip iotests and qtest when '--without-default-devices'"
- Drop patch: "tests/qtest: Fix ERROR_SHARING_VIOLATION for win32"

Bin Meng (30):
  tests: Change to use g_mkdir()
  tests/qtest: i440fx-test: Rewrite create_blob_file() to be portable
  block: Unify the get_tmp_filename() implementation
  semihosting/arm-compat-semi: Avoid using hardcoded /tmp
  tcg: Avoid using hardcoded /tmp
  util/qemu-sockets: Use g_get_tmp_dir() to get the directory for
temporary files
  tests: Avoid using hardcoded /tmp in test cases
  block/vvfat: Unify the mkdir() call
  fsdev/virtfs-proxy-helper: Use g_mkdir()
  hw/usb: dev-mtp: Use g_mkdir()
  tests/qtest: Skip running virtio-net-test cases that require
socketpair() for win32
  tests/qtest: Build test-filter-{mirror,redirector} cases for posix
only
  tests/qtest: qmp-test: Skip running test_qmp_oob for win32
  tests/qtest: libqtest: Exclude the *_fds APIs for win32
  tests/qtest: libqtest: Install signal handler via signal()
  tests/qtest: Support libqtest to build and run on Windows
  tests/qtest: {ahci,ide}-test: Use relative path for temporary files
for win32
  tests/qtest: bios-tables-test: Adapt the case for win32
  tests/qtest: migration-test: Disable IO redirection for win32
  tests/qtest: microbit-test: Fix socket access for win32
  tests/qtest: libqtest: Replace the call to close a socket with
closesocket()
  tests/qtest: libqtest: Correct the timeout unit of blocking receive
calls for win32
  io/channel-watch: Drop a superfluous '#ifdef WIN32'
  io/channel-watch: Drop the unnecessary cast
  io/channel-watch: Fix socket watch on Windows
  tests/qtest: migration-test: Skip running some TLS cases for win32
  .gitlab-ci.d/windows.yml: Increase the timeout to 90 minutes
  .gitlab-ci.d/windows.yml: Display meson test logs
  tests/qtest: Enable qtest build on Windows
  docs/devel: testing: Document writing portable test cases

Xuzhou Cheng (9):
  accel/qtest: Implement a portable qtest accelerator
  tests/qtest: libqtest: Adapt global_qtest declaration for win32
  tests/qtest: Use send/recv for socket communication
  tests/qtest: ide-test: Open file in binary mode
  tests/qtest: virtio-net-failover: Disable migration tests for win32
  chardev/char-file: Add FILE_SHARE_WRITE when openning the file for
win32
  tests/qtest: migration-test: Make sure QEMU process "to" exited after
migration is canceled
  hw/ppc: spapr: Use qemu_vfree() to free spapr->htab
  hw/pci-host: pnv_phb{3,4}: Fix heap out-of-bound access failure

 docs/devel/testing.rst  |  30 +
 include/hw/core/cpu.h   |   1 +
 include/qemu/sockets.h  |   2 +
 tests/qtest/fuzz/generic_fuzz_configs.h |   4 +-
 tests/qtest/libqtest-single.h   |   4 +
 tests/qtest/libqtest.h  |   8 ++
 accel/dummy-cpus.c  |  15 +--
 block.c |  16 +--
 block/vvfat.c   |   9 +-
 chardev/char-file.c |   4 +-
 fsdev/virtfs-proxy-helper.c |   3 +-
 hw/pci-host/pnv_phb3.c  |

[PATCH v2 13/39] tests/qtest: qmp-test: Skip running test_qmp_oob for win32

[Bin Meng]

From: Bin Meng 

The test_qmp_oob test case calls mkfifo() which does not exist on
win32. Exclude it.

Signed-off-by: Bin Meng 
Reviewed-by: Thomas Huth 
---

Changes in v2:
- Add a comment in the code to explain why test_qmp_oob test case
  is skipped on win32

 tests/qtest/qmp-test.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/tests/qtest/qmp-test.c b/tests/qtest/qmp-test.c
index 0fa00c12dc..074953fdf0 100644
--- a/tests/qtest/qmp-test.c
+++ b/tests/qtest/qmp-test.c
@@ -159,6 +159,8 @@ static void test_qmp_protocol(void)
 qtest_quit(qts);
 }
 
+#ifndef _WIN32
+
 /* Out-of-band tests */
 
 char *tmpdir;
@@ -279,6 +281,8 @@ static void test_qmp_oob(void)
 qtest_quit(qts);
 }
 
+#endif /* _WIN32 */
+
 /* Preconfig tests */
 
 static void test_qmp_preconfig(void)
@@ -338,7 +342,10 @@ int main(int argc, char *argv[])
 g_test_init(&argc, &argv, NULL);
 
 qtest_add_func("qmp/protocol", test_qmp_protocol);
+#ifndef _WIN32
+/* This case calls mkfifo() which does not exist on win32 */
 qtest_add_func("qmp/oob", test_qmp_oob);
+#endif
 qtest_add_func("qmp/preconfig", test_qmp_preconfig);
 qtest_add_func("qmp/missing-any-arg", test_qmp_missing_any_arg);
 
-- 
2.34.1

[PATCH v2 17/39] tests/qtest: libqtest: Exclude the *_fds APIs for win32

[Bin Meng]

From: Bin Meng 

libqmp.c::qmp_fd_vsend_fds() is not available on Windows, hence any
APIs in libqtest that call libqmp.c::qmp_fd_vsend_fds() should be
excluded for win32 too. This includes the following:

  * qtest_qmp_vsend_fds()
  * qtest_vqmp_fds()
  * qtest_qmp_fds()
  * qtest_qmp_add_client()

Note qtest_qmp_vsend() was wrongly written to call qmp_fd_vsend_fds()
previously, but it should call the non fds version API qmp_fd_vsend().

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

(no changes since v1)

 tests/qtest/libqtest.h |  8 
 tests/qtest/libqtest.c | 10 +-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/tests/qtest/libqtest.h b/tests/qtest/libqtest.h
index 94b187837d..3abc75964d 100644
--- a/tests/qtest/libqtest.h
+++ b/tests/qtest/libqtest.h
@@ -94,6 +94,7 @@ void qtest_kill_qemu(QTestState *s);
  */
 void qtest_quit(QTestState *s);
 
+#ifndef _WIN32
 /**
  * qtest_qmp_fds:
  * @s: #QTestState instance to operate on.
@@ -108,6 +109,7 @@ void qtest_quit(QTestState *s);
 QDict *qtest_qmp_fds(QTestState *s, int *fds, size_t fds_num,
  const char *fmt, ...)
 G_GNUC_PRINTF(4, 5);
+#endif /* _WIN32 */
 
 /**
  * qtest_qmp:
@@ -152,6 +154,7 @@ void qtest_qmp_send_raw(QTestState *s, const char *fmt, ...)
  */
 int qtest_socket_server(const char *socket_path);
 
+#ifndef _WIN32
 /**
  * qtest_vqmp_fds:
  * @s: #QTestState instance to operate on.
@@ -167,6 +170,7 @@ int qtest_socket_server(const char *socket_path);
 QDict *qtest_vqmp_fds(QTestState *s, int *fds, size_t fds_num,
   const char *fmt, va_list ap)
 G_GNUC_PRINTF(4, 0);
+#endif /* _WIN32 */
 
 /**
  * qtest_vqmp:
@@ -181,6 +185,7 @@ QDict *qtest_vqmp_fds(QTestState *s, int *fds, size_t 
fds_num,
 QDict *qtest_vqmp(QTestState *s, const char *fmt, va_list ap)
 G_GNUC_PRINTF(2, 0);
 
+#ifndef _WIN32
 /**
  * qtest_qmp_vsend_fds:
  * @s: #QTestState instance to operate on.
@@ -196,6 +201,7 @@ QDict *qtest_vqmp(QTestState *s, const char *fmt, va_list 
ap)
 void qtest_qmp_vsend_fds(QTestState *s, int *fds, size_t fds_num,
  const char *fmt, va_list ap)
 G_GNUC_PRINTF(4, 0);
+#endif /* _WIN32 */
 
 /**
  * qtest_qmp_vsend:
@@ -743,6 +749,7 @@ void qtest_qmp_device_add_qdict(QTestState *qts, const char 
*drv,
 void qtest_qmp_device_add(QTestState *qts, const char *driver, const char *id,
   const char *fmt, ...) G_GNUC_PRINTF(4, 5);
 
+#ifndef _WIN32
 /**
  * qtest_qmp_add_client:
  * @qts: QTestState instance to operate on
@@ -752,6 +759,7 @@ void qtest_qmp_device_add(QTestState *qts, const char 
*driver, const char *id,
  * Call QMP ``getfd`` followed by ``add_client`` with the given @fd.
  */
 void qtest_qmp_add_client(QTestState *qts, const char *protocol, int fd);
+#endif /* _WIN32 */
 
 /**
  * qtest_qmp_device_del:
diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c
index a25a8b47d0..8b804faade 100644
--- a/tests/qtest/libqtest.c
+++ b/tests/qtest/libqtest.c
@@ -592,17 +592,20 @@ int qtest_socket_server(const char *socket_path)
 return sock;
 }
 
+#ifndef _WIN32
 void qtest_qmp_vsend_fds(QTestState *s, int *fds, size_t fds_num,
  const char *fmt, va_list ap)
 {
 qmp_fd_vsend_fds(s->qmp_fd, fds, fds_num, fmt, ap);
 }
+#endif
 
 void qtest_qmp_vsend(QTestState *s, const char *fmt, va_list ap)
 {
-qmp_fd_vsend_fds(s->qmp_fd, NULL, 0, fmt, ap);
+qmp_fd_vsend(s->qmp_fd, fmt, ap);
 }
 
+#ifndef _WIN32
 QDict *qtest_vqmp_fds(QTestState *s, int *fds, size_t fds_num,
   const char *fmt, va_list ap)
 {
@@ -611,6 +614,7 @@ QDict *qtest_vqmp_fds(QTestState *s, int *fds, size_t 
fds_num,
 /* Receive reply */
 return qtest_qmp_receive(s);
 }
+#endif
 
 QDict *qtest_vqmp(QTestState *s, const char *fmt, va_list ap)
 {
@@ -620,6 +624,7 @@ QDict *qtest_vqmp(QTestState *s, const char *fmt, va_list 
ap)
 return qtest_qmp_receive(s);
 }
 
+#ifndef _WIN32
 QDict *qtest_qmp_fds(QTestState *s, int *fds, size_t fds_num,
  const char *fmt, ...)
 {
@@ -631,6 +636,7 @@ QDict *qtest_qmp_fds(QTestState *s, int *fds, size_t 
fds_num,
 va_end(ap);
 return response;
 }
+#endif
 
 QDict *qtest_qmp(QTestState *s, const char *fmt, ...)
 {
@@ -1327,6 +1333,7 @@ void qtest_qmp_device_add(QTestState *qts, const char 
*driver, const char *id,
 qobject_unref(args);
 }
 
+#ifndef _WIN32
 void qtest_qmp_add_client(QTestState *qts, const char *protocol, int fd)
 {
 QDict *resp;
@@ -1346,6 +1353,7 @@ void qtest_qmp_add_client(QTestState *qts, const char 
*protocol, int fd)
 g_assert(!qdict_haskey(resp, "error"));
 qobject_unref(resp);
 }
+#endif
 
 /*
  * Generic hot-unplugging test via the device_del QMP command.
-- 
2.34.1

[PATCH v2 11/39] tests/qtest: Skip running virtio-net-test cases that require socketpair() for win32

[Bin Meng]

From: Bin Meng 

Some of the virtio-net-test test cases require socketpair() to do the
test setup. Skip them for win32.

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

Changes in v2:
- Change to skip only part of the virtio-net-test cases that require
  socketpair() intead of disabling all of them

 tests/qtest/virtio-net-test.c | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/tests/qtest/virtio-net-test.c b/tests/qtest/virtio-net-test.c
index 6ded252901..dff43f0f60 100644
--- a/tests/qtest/virtio-net-test.c
+++ b/tests/qtest/virtio-net-test.c
@@ -165,8 +165,6 @@ static void stop_cont_test(void *obj, void *data, 
QGuestAllocator *t_alloc)
 rx_stop_cont_test(dev, t_alloc, rx, sv[0]);
 }
 
-#endif
-
 static void hotplug(void *obj, void *data, QGuestAllocator *t_alloc)
 {
 QVirtioPCIDevice *dev = obj;
@@ -286,6 +284,8 @@ static void *virtio_net_test_setup(GString *cmd_line, void 
*arg)
 return sv;
 }
 
+#endif /* _WIN32 */
+
 static void large_tx(void *obj, void *data, QGuestAllocator *t_alloc)
 {
 QVirtioNet *dev = obj;
@@ -319,16 +319,15 @@ static void *virtio_net_test_setup_nosocket(GString 
*cmd_line, void *arg)
 
 static void register_virtio_net_test(void)
 {
-QOSGraphTestOptions opts = {
-.before = virtio_net_test_setup,
-};
+QOSGraphTestOptions opts = { 0 };
 
-qos_add_test("hotplug", "virtio-net-pci", hotplug, &opts);
 #ifndef _WIN32
+opts.before = virtio_net_test_setup;
+qos_add_test("hotplug", "virtio-net-pci", hotplug, &opts);
 qos_add_test("basic", "virtio-net", send_recv_test, &opts);
 qos_add_test("rx_stop_cont", "virtio-net", stop_cont_test, &opts);
-#endif
 qos_add_test("announce-self", "virtio-net", announce_self, &opts);
+#endif
 
 /* These tests do not need a loopback backend.  */
 opts.before = virtio_net_test_setup_nosocket;
-- 
2.34.1

[PATCH v2 03/39] block: Unify the get_tmp_filename() implementation

[Bin Meng]

From: Bin Meng 

At present get_tmp_filename() has platform specific implementations
to get the directory to use for temporary files. Switch over to use
g_get_tmp_dir() which works on all supported platforms.

Signed-off-by: Bin Meng 
---

(no changes since v1)

 block.c | 16 ++--
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/block.c b/block.c
index bc85f46eed..d06df47f72 100644
--- a/block.c
+++ b/block.c
@@ -864,21 +864,10 @@ int bdrv_probe_geometry(BlockDriverState *bs, HDGeometry 
*geo)
  */
 int get_tmp_filename(char *filename, int size)
 {
-#ifdef _WIN32
-char temp_dir[MAX_PATH];
-/* GetTempFileName requires that its output buffer (4th param)
-   have length MAX_PATH or greater.  */
-assert(size >= MAX_PATH);
-return (GetTempPath(MAX_PATH, temp_dir)
-&& GetTempFileName(temp_dir, "qem", 0, filename)
-? 0 : -GetLastError());
-#else
 int fd;
 const char *tmpdir;
-tmpdir = getenv("TMPDIR");
-if (!tmpdir) {
-tmpdir = "/var/tmp";
-}
+tmpdir = g_get_tmp_dir();
+
 if (snprintf(filename, size, "%s/vl.XX", tmpdir) >= size) {
 return -EOVERFLOW;
 }
@@ -891,7 +880,6 @@ int get_tmp_filename(char *filename, int size)
 return -errno;
 }
 return 0;
-#endif
 }
 
 /*
-- 
2.34.1

[PATCH v2 27/39] hw/ppc: spapr: Use qemu_vfree() to free spapr->htab

[Bin Meng]

From: Xuzhou Cheng 

spapr->htab is allocated by qemu_memalign(), hence we should use
qemu_vfree() to free it.

Fixes: c5f54f3e31bf ("pseries: Move hash page table allocation to reset time")
Fixes: b4db54132ffe ("target/ppc: Implement H_REGISTER_PROCESS_TABLE H_CALL"")
Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 
Reviewed-by: Daniel Henrique Barboza 
Reviewed-by: Marc-André Lureau 
---

(no changes since v1)

 hw/ppc/spapr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index fb790b61e4..cc1adc23fa 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1522,7 +1522,7 @@ int spapr_hpt_shift_for_ramsize(uint64_t ramsize)
 
 void spapr_free_hpt(SpaprMachineState *spapr)
 {
-g_free(spapr->htab);
+qemu_vfree(spapr->htab);
 spapr->htab = NULL;
 spapr->htab_shift = 0;
 close_htab_fd(spapr);
-- 
2.34.1

[PATCH v2 12/39] tests/qtest: Build test-filter-{mirror, redirector} cases for posix only

[Bin Meng]

From: Bin Meng 

The test-filter-{mirror,redirector} cases use socketpair() API that
is only available on POSIX and should only be built for POSIX.

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

Changes in v2:
- Introduce a new variable qtests_filter and add that to the
  qtests_ARCH variables

 tests/qtest/meson.build | 36 
 1 file changed, 16 insertions(+), 20 deletions(-)

diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index e910cb32ca..455f1bbb7e 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -39,9 +39,14 @@ qtests_pci = \
 qtests_cxl = \
   (config_all_devices.has_key('CONFIG_CXL') ? ['cxl-test'] : [])
 
+qtests_filter = \
+  (slirp.found() ? ['test-netfilter'] : []) + \
+  (config_host.has_key('CONFIG_POSIX') ? ['test-filter-mirror'] : []) + \
+  (config_host.has_key('CONFIG_POSIX') ? ['test-filter-redirector'] : [])
+
 qtests_i386 = \
-  (slirp.found() ? ['pxe-test', 'test-netfilter'] : []) + \
-  (config_host.has_key('CONFIG_POSIX') ? ['test-filter-mirror'] : []) +
 \
+  (slirp.found() ? ['pxe-test'] : []) + \
+  qtests_filter + \
   (have_tools ? ['ahci-test'] : []) +  
 \
   (config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? ['endianness-test'] : 
[]) +   \
   (config_all_devices.has_key('CONFIG_SGA') ? ['boot-serial-test'] : []) + 
 \
@@ -95,8 +100,7 @@ qtests_i386 = \
'vmgenid-test',
'migration-test',
'test-x86-cpuid-compat',
-   'numa-test',
-   'test-filter-redirector'
+   'numa-test'
   ]
 
 if dbus_display
@@ -120,30 +124,25 @@ endif
 qtests_x86_64 = qtests_i386
 
 qtests_alpha = ['boot-serial-test'] + \
-  ['test-filter-mirror', 'test-filter-redirector'] + \
-  (slirp.found() ? ['test-netfilter'] : []) + \
+  qtests_filter + \
   (config_all_devices.has_key('CONFIG_VGA') ? ['display-vga-test'] : [])
 
 qtests_avr = [ 'boot-serial-test' ]
 
 qtests_hppa = ['boot-serial-test'] + \
-  ['test-filter-mirror', 'test-filter-redirector'] + \
-  (slirp.found() ? ['test-netfilter'] : []) + \
+  qtests_filter + \
   (config_all_devices.has_key('CONFIG_VGA') ? ['display-vga-test'] : [])
 
 qtests_m68k = ['boot-serial-test'] + \
-  ['test-filter-mirror', 'test-filter-redirector'] + \
-  (slirp.found() ? ['test-netfilter'] : [])
+  qtests_filter
 
 qtests_microblaze = ['boot-serial-test'] + \
-  ['test-filter-mirror', 'test-filter-redirector'] + \
-  (slirp.found() ? ['test-netfilter'] : [])
+  qtests_filter
 
 qtests_microblazeel = qtests_microblaze
 
 qtests_mips = \
-  ['test-filter-mirror', 'test-filter-redirector'] + \
-  (slirp.found() ? ['test-netfilter'] : []) + \
+  qtests_filter + \
   (config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? ['endianness-test'] : 
[]) +\
   (config_all_devices.has_key('CONFIG_VGA') ? ['display-vga-test'] : [])
 
@@ -152,8 +151,7 @@ qtests_mips64 = qtests_mips
 qtests_mips64el = qtests_mips
 
 qtests_ppc = \
-  ['test-filter-mirror', 'test-filter-redirector'] + \
-  (slirp.found() ? ['test-netfilter'] : []) + \
+  qtests_filter + \
   (config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? ['endianness-test'] : 
[]) +\
   (config_all_devices.has_key('CONFIG_M48T59') ? ['m48t59-test'] : []) +   
  \
   (config_all_devices.has_key('CONFIG_TCG') ? ['prom-env-test'] : []) +
  \
@@ -174,13 +172,11 @@ qtests_sh4 = 
(config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? ['endianness-te
 qtests_sh4eb = (config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? 
['endianness-test'] : [])
 
 qtests_sparc = ['prom-env-test', 'm48t59-test', 'boot-serial-test'] + \
-  ['test-filter-mirror', 'test-filter-redirector'] + \
-  (slirp.found() ? ['test-netfilter'] : [])
+  qtests_filter
 
 qtests_sparc64 = \
   (config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? ['endianness-test'] : 
[]) +\
-  (slirp.found() ? ['test-netfilter'] : []) + \
-  ['test-filter-mirror', 'test-filter-redirector'] + \
+  qtests_filter + \
   ['prom-env-test', 'boot-serial-test']
 
 qtests_npcm7xx = \
-- 
2.34.1

[PATCH v2 16/39] tests/qtest: Use send/recv for socket communication

[Bin Meng]

From: Xuzhou Cheng 

Socket communication in the libqtest and libqmp codes uses read()
and write() which work on any file descriptor on *nix, and sockets
in *nix are an example of a file descriptor.

However sockets on Windows do not use *nix-style file descriptors,
so read() and write() cannot be used on sockets on Windows.
Switch over to use send() and recv() instead which work on both
Windows and *nix.

Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 
---

Changes in v2:
- Introduce qemu_send_full() and use it

 include/qemu/sockets.h |  2 ++
 tests/qtest/libqmp.c   |  5 +++--
 tests/qtest/libqtest.c |  4 ++--
 util/osdep.c   | 33 +
 4 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
index 038faa157f..8ff7832eba 100644
--- a/include/qemu/sockets.h
+++ b/include/qemu/sockets.h
@@ -15,6 +15,8 @@ int inet_aton(const char *cp, struct in_addr *ia);
 bool fd_is_socket(int fd);
 int qemu_socket(int domain, int type, int protocol);
 int qemu_accept(int s, struct sockaddr *addr, socklen_t *addrlen);
+ssize_t qemu_send_full(int s, const void *buf, size_t count)
+G_GNUC_WARN_UNUSED_RESULT;
 int socket_set_cork(int fd, int v);
 int socket_set_nodelay(int fd);
 void qemu_socket_set_block(int fd);
diff --git a/tests/qtest/libqmp.c b/tests/qtest/libqmp.c
index ade26c15f0..2b08382e5d 100644
--- a/tests/qtest/libqmp.c
+++ b/tests/qtest/libqmp.c
@@ -23,6 +23,7 @@
 #endif
 
 #include "qemu/cutils.h"
+#include "qemu/sockets.h"
 #include "qapi/error.h"
 #include "qapi/qmp/json-parser.h"
 #include "qapi/qmp/qjson.h"
@@ -36,7 +37,7 @@ typedef struct {
 
 static void socket_send(int fd, const char *buf, size_t size)
 {
-size_t res = qemu_write_full(fd, buf, size);
+ssize_t res = qemu_send_full(fd, buf, size);
 
 assert(res == size);
 }
@@ -69,7 +70,7 @@ QDict *qmp_fd_receive(int fd)
 ssize_t len;
 char c;
 
-len = read(fd, &c, 1);
+len = recv(fd, &c, 1, 0);
 if (len == -1 && errno == EINTR) {
 continue;
 }
diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c
index a0f28ddf8e..a25a8b47d0 100644
--- a/tests/qtest/libqtest.c
+++ b/tests/qtest/libqtest.c
@@ -436,7 +436,7 @@ void qtest_quit(QTestState *s)
 
 static void socket_send(int fd, const char *buf, size_t size)
 {
-size_t res = qemu_write_full(fd, buf, size);
+ssize_t res = qemu_send_full(fd, buf, size);
 
 assert(res == size);
 }
@@ -468,7 +468,7 @@ static GString *qtest_client_socket_recv_line(QTestState *s)
 ssize_t len;
 char buffer[1024];
 
-len = read(s->fd, buffer, sizeof(buffer));
+len = recv(s->fd, buffer, sizeof(buffer), 0);
 if (len == -1 && errno == EINTR) {
 continue;
 }
diff --git a/util/osdep.c b/util/osdep.c
index 60fcbbaebe..0342e754e1 100644
--- a/util/osdep.c
+++ b/util/osdep.c
@@ -502,6 +502,39 @@ int qemu_accept(int s, struct sockaddr *addr, socklen_t 
*addrlen)
 return ret;
 }
 
+/*
+ * A variant of send(2) which handles partial send.
+ *
+ * Return the number of bytes transferred over the socket.
+ * Set errno if fewer than `count' bytes are sent.
+ *
+ * This function don't work with non-blocking socket's.
+ * Any of the possibilities with non-blocking socket's is bad:
+ *   - return a short write (then name is wrong)
+ *   - busy wait adding (errno == EAGAIN) to the loop
+ */
+ssize_t qemu_send_full(int s, const void *buf, size_t count)
+{
+ssize_t ret = 0;
+ssize_t total = 0;
+
+while (count) {
+ret = send(s, buf, count, 0);
+if (ret < 0) {
+if (errno == EINTR) {
+continue;
+}
+break;
+}
+
+count -= ret;
+buf += ret;
+total += ret;
+}
+
+return total;
+}
+
 void qemu_set_hw_version(const char *version)
 {
 hw_version = version;
-- 
2.34.1

[PATCH v2 04/39] semihosting/arm-compat-semi: Avoid using hardcoded /tmp

[Bin Meng]

From: Bin Meng 

Use g_get_tmp_dir() to get the directory to use for temporary files.

Signed-off-by: Bin Meng 
---

(no changes since v1)

 semihosting/arm-compat-semi.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/semihosting/arm-compat-semi.c b/semihosting/arm-compat-semi.c
index e741674238..d5e66cc298 100644
--- a/semihosting/arm-compat-semi.c
+++ b/semihosting/arm-compat-semi.c
@@ -503,7 +503,8 @@ void do_common_semihosting(CPUState *cs)
 GET_ARG(0);
 GET_ARG(1);
 GET_ARG(2);
-len = asprintf(&s, "/tmp/qemu-%x%02x", getpid(), (int)arg1 & 0xff);
+len = asprintf(&s, "%s/qemu-%x%02x", g_get_tmp_dir(),
+   getpid(), (int)arg1 & 0xff);
 if (len < 0) {
 common_semi_set_ret(cs, -1);
 break;
-- 
2.34.1

[PATCH v2 18/39] tests/qtest: libqtest: Install signal handler via signal()

[Bin Meng]

From: Bin Meng 

At present the codes uses sigaction() to install signal handler with
a flag SA_RESETHAND. Such usage can be covered by the signal() API
that is a simplified interface to the general sigaction() facility.

Update to use signal() to install the signal handler, as it is
available on Windows which we are going to support.

Signed-off-by: Bin Meng 
---

(no changes since v1)

 tests/qtest/libqtest.c | 14 +++---
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c
index 8b804faade..f46a21fa45 100644
--- a/tests/qtest/libqtest.c
+++ b/tests/qtest/libqtest.c
@@ -66,7 +66,7 @@ struct QTestState
 };
 
 static GHookList abrt_hooks;
-static struct sigaction sigact_old;
+static sighandler_t sighandler_old;
 
 static int qtest_query_target_endianness(QTestState *s);
 
@@ -179,20 +179,12 @@ static void sigabrt_handler(int signo)
 
 static void setup_sigabrt_handler(void)
 {
-struct sigaction sigact;
-
-/* Catch SIGABRT to clean up on g_assert() failure */
-sigact = (struct sigaction){
-.sa_handler = sigabrt_handler,
-.sa_flags = SA_RESETHAND,
-};
-sigemptyset(&sigact.sa_mask);
-sigaction(SIGABRT, &sigact, &sigact_old);
+sighandler_old = signal(SIGABRT, sigabrt_handler);
 }
 
 static void cleanup_sigabrt_handler(void)
 {
-sigaction(SIGABRT, &sigact_old, NULL);
+signal(SIGABRT, sighandler_old);
 }
 
 static bool hook_list_is_empty(GHookList *hook_list)
-- 
2.34.1

[PATCH v2 25/39] chardev/char-file: Add FILE_SHARE_WRITE when openning the file for win32

[Bin Meng]

From: Xuzhou Cheng 

The combination of GENERIC_WRITE and FILE_SHARE_READ options does
not allow the same file to be opened again by CreateFile() from
another QEMU process with the same options when the previous QEMU
process still holds the file handle opened.

This was triggered by running the test_multifd_tcp_cancel() case on
Windows, which cancels the migration, and launches another QEMU
process to migrate with the same file opened for write. Chances are
that the previous QEMU process does not quit before the new QEMU
process runs hence the old one still holds the file handle that does
not allow shared write permission then the new QEMU process will fail.

As per [1] we should add FILE_SHARE_WRITE to the share mode to allow
such use case. This change makes the behavior be consistent with the
POSIX platforms.

[1] 
https://docs.microsoft.com/en-us/windows/win32/fileio/creating-and-opening-files

Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 
---

Changes in v2:
- Update commit message to include the use case why we should set
  FILE_SHARE_WRITE when openning the file for win32

 chardev/char-file.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/chardev/char-file.c b/chardev/char-file.c
index 2fd80707e5..66385211eb 100644
--- a/chardev/char-file.c
+++ b/chardev/char-file.c
@@ -60,8 +60,8 @@ static void qmp_chardev_open_file(Chardev *chr,
 flags = CREATE_ALWAYS;
 }
 
-out = CreateFile(file->out, accessmode, FILE_SHARE_READ, NULL, flags,
- FILE_ATTRIBUTE_NORMAL, NULL);
+out = CreateFile(file->out, accessmode, FILE_SHARE_READ | FILE_SHARE_WRITE,
+ NULL, flags, FILE_ATTRIBUTE_NORMAL, NULL);
 if (out == INVALID_HANDLE_VALUE) {
 error_setg(errp, "open %s failed", file->out);
 return;
-- 
2.34.1

[PATCH v2 28/39] hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure

[Bin Meng]

From: Xuzhou Cheng 

pnv_phb3_root_bus_info and pnv_phb4_root_bus_info are missing the
instance_size initialization. This results in accessing out-of-bound
memory when setting 'chip-id' and 'phb-id', and eventually crashes
glib's malloc functionality with the following message:

  "qemu-system-ppc64: GLib: ../glib-2.72.3/glib/gmem.c:131: failed to allocate 
3232 bytes"

This issue was noticed only when running qtests with QEMU Windows
32-bit executable. Windows 64-bit, Linux 32/64-bit do not expose
this bug though.

Fixes: 9ae1329ee2fe ("ppc/pnv: Add models for POWER8 PHB3 PCIe Host bridge")
Fixes: 4f9924c4d4cf ("ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge")
Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 
---

Changes in v2:
- new patch: "hw/pci-host: pnv_phb{3,4}: Fix heap out-of-bound access failure"

 hw/pci-host/pnv_phb3.c | 1 +
 hw/pci-host/pnv_phb4.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/hw/pci-host/pnv_phb3.c b/hw/pci-host/pnv_phb3.c
index af8575c007..9054c393a2 100644
--- a/hw/pci-host/pnv_phb3.c
+++ b/hw/pci-host/pnv_phb3.c
@@ -1169,6 +1169,7 @@ static void pnv_phb3_root_bus_class_init(ObjectClass 
*klass, void *data)
 static const TypeInfo pnv_phb3_root_bus_info = {
 .name = TYPE_PNV_PHB3_ROOT_BUS,
 .parent = TYPE_PCIE_BUS,
+.instance_size = sizeof(PnvPHB3RootBus),
 .class_init = pnv_phb3_root_bus_class_init,
 };
 
diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
index 824e1a73fb..ccbde841fc 100644
--- a/hw/pci-host/pnv_phb4.c
+++ b/hw/pci-host/pnv_phb4.c
@@ -1773,6 +1773,7 @@ static void pnv_phb4_root_bus_class_init(ObjectClass 
*klass, void *data)
 static const TypeInfo pnv_phb4_root_bus_info = {
 .name = TYPE_PNV_PHB4_ROOT_BUS,
 .parent = TYPE_PCIE_BUS,
+.instance_size = sizeof(PnvPHB4RootBus),
 .class_init = pnv_phb4_root_bus_class_init,
 };
 
-- 
2.34.1

[PATCH v2 29/39] tests/qtest: microbit-test: Fix socket access for win32

[Bin Meng]

From: Bin Meng 

Sockets on Windows do not use *nix-style file descriptors, so
write()/read()/close() do not work on Windows.

Switch over to use send()/recv()/closesocket() which work with
sockets on all platforms.

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

(no changes since v1)

 tests/qtest/microbit-test.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/qtest/microbit-test.c b/tests/qtest/microbit-test.c
index b71daae9a9..4bc267020b 100644
--- a/tests/qtest/microbit-test.c
+++ b/tests/qtest/microbit-test.c
@@ -51,7 +51,7 @@ static void uart_rw_to_rxd(QTestState *qts, int sock_fd, 
const char *in,
 {
 int i, in_len = strlen(in);
 
-g_assert_true(write(sock_fd, in, in_len) == in_len);
+g_assert_true(send(sock_fd, in, in_len, 0) == in_len);
 for (i = 0; i < in_len; i++) {
 g_assert_true(uart_wait_for_event(qts, NRF51_UART_BASE +
A_UART_RXDRDY));
@@ -77,7 +77,7 @@ static void test_nrf51_uart(void)
 char s[10];
 QTestState *qts = qtest_init_with_serial("-M microbit", &sock_fd);
 
-g_assert_true(write(sock_fd, "c", 1) == 1);
+g_assert_true(send(sock_fd, "c", 1, 0) == 1);
 g_assert_cmphex(qtest_readl(qts, NRF51_UART_BASE + A_UART_RXD), ==, 0x00);
 
 qtest_writel(qts, NRF51_UART_BASE + A_UART_ENABLE, 0x04);
@@ -97,17 +97,17 @@ static void test_nrf51_uart(void)
 
 qtest_writel(qts, NRF51_UART_BASE + A_UART_STARTTX, 0x01);
 uart_w_to_txd(qts, "d");
-g_assert_true(read(sock_fd, s, 10) == 1);
+g_assert_true(recv(sock_fd, s, 10, 0) == 1);
 g_assert_cmphex(s[0], ==, 'd');
 
 qtest_writel(qts, NRF51_UART_BASE + A_UART_SUSPEND, 0x01);
 qtest_writel(qts, NRF51_UART_BASE + A_UART_TXD, 'h');
 qtest_writel(qts, NRF51_UART_BASE + A_UART_STARTTX, 0x01);
 uart_w_to_txd(qts, "world");
-g_assert_true(read(sock_fd, s, 10) == 5);
+g_assert_true(recv(sock_fd, s, 10, 0) == 5);
 g_assert_true(memcmp(s, "world", 5) == 0);
 
-close(sock_fd);
+closesocket(sock_fd);
 
 qtest_quit(qts);
 }
-- 
2.34.1

[PATCH v2 07/39] tests: Avoid using hardcoded /tmp in test cases

[Bin Meng]

From: Bin Meng 

Lots of test cases were written to use hardcoded /tmp directory for
temporary files. To avoid this, we update them to use g_dir_make_tmp()
or g_file_open_tmp() when appropriate.

Signed-off-by: Bin Meng 
---

Changes in v2:
- Use g_dir_make_tmp(), g_file_open_tmp() when appropriate

 tests/qtest/fuzz/generic_fuzz_configs.h |  4 ++--
 tests/qtest/ahci-test.c | 19 +++
 tests/qtest/aspeed_smc-test.c   |  5 ++---
 tests/qtest/boot-serial-test.c  |  9 +
 tests/qtest/cxl-test.c  | 15 ++-
 tests/qtest/fdc-test.c  |  5 +++--
 tests/qtest/fuzz/virtio_blk_fuzz.c  |  4 ++--
 tests/qtest/hd-geo-test.c   | 24 +++-
 tests/qtest/ide-test.c  | 10 ++
 tests/qtest/libqtest.c  | 12 
 tests/qtest/migration-test.c|  7 ---
 tests/qtest/pflash-cfi02-test.c |  8 +---
 tests/qtest/qmp-test.c  |  6 --
 tests/qtest/vhost-user-blk-test.c   |  3 ++-
 tests/qtest/vhost-user-test.c   |  8 
 tests/qtest/virtio-blk-test.c   |  4 ++--
 tests/qtest/virtio-scsi-test.c  |  4 ++--
 tests/unit/test-image-locking.c |  8 
 tests/unit/test-qga.c   |  2 +-
 tests/vhost-user-bridge.c   |  3 +--
 20 files changed, 85 insertions(+), 75 deletions(-)

diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h 
b/tests/qtest/fuzz/generic_fuzz_configs.h
index 0775e6702b..a825b78c14 100644
--- a/tests/qtest/fuzz/generic_fuzz_configs.h
+++ b/tests/qtest/fuzz/generic_fuzz_configs.h
@@ -20,8 +20,8 @@ typedef struct generic_fuzz_config {
 } generic_fuzz_config;
 
 static inline gchar *generic_fuzzer_virtio_9p_args(void){
-char tmpdir[] = "/tmp/qemu-fuzz.XX";
-g_assert_nonnull(g_mkdtemp(tmpdir));
+g_autofree char *tmpdir = g_dir_make_tmp("qemu-fuzz.XX", NULL);
+g_assert_nonnull(tmpdir);
 
 return g_strdup_printf("-machine q35 -nodefaults "
 "-device virtio-9p,fsdev=hshare,mount_tag=hshare "
diff --git a/tests/qtest/ahci-test.c b/tests/qtest/ahci-test.c
index f1e510b0ac..00524f14c6 100644
--- a/tests/qtest/ahci-test.c
+++ b/tests/qtest/ahci-test.c
@@ -44,9 +44,9 @@
 #define TEST_IMAGE_SIZE_MB_SMALL 64
 
 /*** Globals ***/
-static char tmp_path[] = "/tmp/qtest.XX";
-static char debug_path[] = "/tmp/qtest-blkdebug.XX";
-static char mig_socket[] = "/tmp/qtest-migration.XX";
+static char *tmp_path;
+static char *debug_path;
+static char *mig_socket;
 static bool ahci_pedantic;
 static const char *imgfmt;
 static unsigned test_image_size_mb;
@@ -1437,10 +1437,10 @@ static void test_ncq_simple(void)
 
 static int prepare_iso(size_t size, unsigned char **buf, char **name)
 {
-char cdrom_path[] = "/tmp/qtest.iso.XX";
+g_autofree char *cdrom_path;
 unsigned char *patt;
 ssize_t ret;
-int fd = mkstemp(cdrom_path);
+int fd = g_file_open_tmp("qtest.iso.XX", &cdrom_path, NULL);
 
 g_assert(fd != -1);
 g_assert(buf);
@@ -1872,7 +1872,7 @@ int main(int argc, char **argv)
 }
 
 /* Create a temporary image */
-fd = mkstemp(tmp_path);
+fd = g_file_open_tmp("qtest.XX", &tmp_path, NULL);
 g_assert(fd >= 0);
 if (have_qemu_img()) {
 imgfmt = "qcow2";
@@ -1889,12 +1889,12 @@ int main(int argc, char **argv)
 close(fd);
 
 /* Create temporary blkdebug instructions */
-fd = mkstemp(debug_path);
+fd = g_file_open_tmp("qtest-blkdebug.XX", &debug_path, NULL);
 g_assert(fd >= 0);
 close(fd);
 
 /* Reserve a hollow file to use as a socket for migration tests */
-fd = mkstemp(mig_socket);
+fd = g_file_open_tmp("qtest-migration.XX", &mig_socket, NULL);
 g_assert(fd >= 0);
 close(fd);
 
@@ -1947,8 +1947,11 @@ int main(int argc, char **argv)
 
 /* Cleanup */
 unlink(tmp_path);
+g_free(tmp_path);
 unlink(debug_path);
+g_free(debug_path);
 unlink(mig_socket);
+g_free(mig_socket);
 
 return ret;
 }
diff --git a/tests/qtest/aspeed_smc-test.c b/tests/qtest/aspeed_smc-test.c
index 05ce941566..5e16b5c9a5 100644
--- a/tests/qtest/aspeed_smc-test.c
+++ b/tests/qtest/aspeed_smc-test.c
@@ -608,16 +608,15 @@ static void test_write_block_protect_bottom_bit(void)
 flash_reset();
 }
 
-static char tmp_path[] = "/tmp/qtest.m25p80.XX";
-
 int main(int argc, char **argv)
 {
+g_autofree char *tmp_path;
 int ret;
 int fd;
 
 g_test_init(&argc, &argv, NULL);
 
-fd = mkstemp(tmp_path);
+fd = g_file_open_tmp("qtest.m25p80.XX", &tmp_path, NULL);
 g_assert(fd >= 0);
 ret = ftruncate(fd, FLASH_SIZE);
 g_assert(ret == 0);
diff --git a/tests/qtest/boot-serial-test.c b/tests/qtest/boot-serial-test.c
index 2f99d71cab..ce6e3d3eb8 100644
--- a/tests/qtest/boot-serial-test.c
+++ b/tests/qtest/boot-serial-test.c
@@ -224,14 +224,14 @@ static bool check_guest_out

[PATCH v2 21/39] tests/qtest: bios-tables-test: Adapt the case for win32

[Bin Meng]

From: Bin Meng 

Single quotes in the arguments (oem_id='CRASH ') are not removed in
the Windows environment before it is passed to the QEMU executable.
The space in the argument causes the "-acpitable" option parser to
think that all of its parameters are done, hence it complains:

  '-acpitable' requires one of 'data' or 'file'

Change to use double quotes which works fine on all platforms.

Also /dev/null does not work on win32, and nul should be used.

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

(no changes since v1)

 tests/qtest/bios-tables-test.c | 12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
index 36783966b0..0148ce388c 100644
--- a/tests/qtest/bios-tables-test.c
+++ b/tests/qtest/bios-tables-test.c
@@ -1615,6 +1615,12 @@ static void test_acpi_virt_viot(void)
 free_test_data(&data);
 }
 
+#ifndef _WIN32
+# define DEV_NULL "/dev/null"
+#else
+# define DEV_NULL "nul"
+#endif
+
 static void test_acpi_q35_slic(void)
 {
 test_data data = {
@@ -1622,9 +1628,9 @@ static void test_acpi_q35_slic(void)
 .variant = ".slic",
 };
 
-test_acpi_one("-acpitable sig=SLIC,oem_id='CRASH ',oem_table_id='ME',"
-  "oem_rev=2210,asl_compiler_id='qemu',"
-  "asl_compiler_rev=,data=/dev/null",
+test_acpi_one("-acpitable sig=SLIC,oem_id=\"CRASH \",oem_table_id=ME,"
+  "oem_rev=2210,asl_compiler_id=qemu,"
+  "asl_compiler_rev=,data=" DEV_NULL,
   &data);
 free_test_data(&data);
 }
-- 
2.34.1

[PATCH v2 33/39] io/channel-watch: Drop the unnecessary cast

[Bin Meng]

From: Bin Meng 

There is no need to do a type cast on ssource->socket as it is
already declared as a SOCKET.

Suggested-by: Marc-André Lureau 
Signed-off-by: Bin Meng 
---

Changes in v2:
- new patch: "io/channel-watch: Drop the unnecessary cast"

 io/channel-watch.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/io/channel-watch.c b/io/channel-watch.c
index 89f3c8a88a..43d38494f7 100644
--- a/io/channel-watch.c
+++ b/io/channel-watch.c
@@ -130,13 +130,13 @@ qio_channel_socket_source_check(GSource *source)
 FD_ZERO(&wfds);
 FD_ZERO(&xfds);
 if (ssource->condition & G_IO_IN) {
-FD_SET((SOCKET)ssource->socket, &rfds);
+FD_SET(ssource->socket, &rfds);
 }
 if (ssource->condition & G_IO_OUT) {
-FD_SET((SOCKET)ssource->socket, &wfds);
+FD_SET(ssource->socket, &wfds);
 }
 if (ssource->condition & G_IO_PRI) {
-FD_SET((SOCKET)ssource->socket, &xfds);
+FD_SET(ssource->socket, &xfds);
 }
 ssource->revents = 0;
 if (select(0, &rfds, &wfds, &xfds, &tv0) == 0) {
-- 
2.34.1

[PATCH v2 08/39] block/vvfat: Unify the mkdir() call

[Bin Meng]

From: Bin Meng 

There is a difference in the mkdir() call for win32 and non-win32
platforms, and currently is handled in the codes with #ifdefs.

glib provides a portable g_mkdir() API and we can use it to unify
the codes without #ifdefs.

Signed-off-by: Bin Meng 
---

Changes in v2:
- Change to use g_mkdir()

 block/vvfat.c | 9 +++--
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/block/vvfat.c b/block/vvfat.c
index d6dd919683..723beef025 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -25,6 +25,7 @@
 
 #include "qemu/osdep.h"
 #include 
+#include 
 #include "qapi/error.h"
 #include "block/block_int.h"
 #include "block/qdict.h"
@@ -2726,13 +2727,9 @@ static int handle_renames_and_mkdirs(BDRVVVFATState* s)
 mapping_t* mapping;
 int j, parent_path_len;
 
-#ifdef __MINGW32__
-if (mkdir(commit->path))
+if (g_mkdir(commit->path, 0755)) {
 return -5;
-#else
-if (mkdir(commit->path, 0755))
-return -5;
-#endif
+}
 
 mapping = insert_mapping(s, commit->param.mkdir.cluster,
 commit->param.mkdir.cluster + 1);
-- 
2.34.1

[PATCH v2 30/39] tests/qtest: libqtest: Replace the call to close a socket with closesocket()

[Bin Meng]

From: Bin Meng 

close() is a *nix function. It works on any file descriptor, and
sockets in *nix are an example of a file descriptor.

closesocket() is a Windows-specific function, which works only
specifically with sockets. Sockets on Windows do not use *nix-style
file descriptors, and socket() returns a handle to a kernel object
instead, so it must be closed with closesocket().

In QEMU there is already a logic to handle such platform difference
in os-posix.h and os-win32.h, that:

  * closesocket maps to close on POSIX
  * closesocket maps to a wrapper that calls the real closesocket()
on Windows

Replace the call to close a socket with closesocket() instead.

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

(no changes since v1)

 tests/qtest/libqtest.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c
index 5d15e39289..08c4e76ffe 100644
--- a/tests/qtest/libqtest.c
+++ b/tests/qtest/libqtest.c
@@ -113,7 +113,7 @@ static int socket_accept(int sock)
(void *)&timeout, sizeof(timeout))) {
 fprintf(stderr, "%s failed to set SO_RCVTIMEO: %s\n",
 __func__, strerror(errno));
-close(sock);
+closesocket(sock);
 return -1;
 }
 
@@ -124,7 +124,7 @@ static int socket_accept(int sock)
 if (ret == -1) {
 fprintf(stderr, "%s failed: %s\n", __func__, strerror(errno));
 }
-close(sock);
+closesocket(sock);
 
 return ret;
 }
@@ -507,8 +507,8 @@ void qtest_quit(QTestState *s)
 qtest_remove_abrt_handler(s);
 
 qtest_kill_qemu(s);
-close(s->fd);
-close(s->qmp_fd);
+closesocket(s->fd);
+closesocket(s->qmp_fd);
 g_string_free(s->rx, true);
 
 for (GList *it = s->pending_events; it != NULL; it = it->next) {
-- 
2.34.1

[PATCH v2 22/39] tests/qtest: migration-test: Disable IO redirection for win32

[Bin Meng]

From: Bin Meng 

On Windows the QEMU executable is created via CreateProcess() and
IO redirection does not work, so don't bother adding IO redirection
to the command line.

Signed-off-by: Bin Meng 
---

Changes in v2:
- Change the place that sets IO redirection in the command line

 tests/qtest/migration-test.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index 9925691ead..c87afad9e8 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -648,7 +648,16 @@ static int test_migrate_start(QTestState **from, 
QTestState **to,
 }
 
 if (!getenv("QTEST_LOG") && args->hide_stderr) {
+#ifndef _WIN32
 ignore_stderr = "2>/dev/null";
+#else
+/*
+ * On Windows the QEMU executable is created via CreateProcess() and
+ * IO redirection does not work, so don't bother adding IO redirection
+ * to the command line.
+ */
+ignore_stderr = "";
+#endif
 } else {
 ignore_stderr = "";
 }
-- 
2.34.1

[PATCH v2 35/39] tests/qtest: migration-test: Skip running some TLS cases for win32

[Bin Meng]

From: Bin Meng 

Some migration test cases use TLS to communicate, but they fail on
Windows with the following error messages:

  qemu-system-x86_64: TLS handshake failed: Insufficient credentials for that 
request.
  qemu-system-x86_64: TLS handshake failed: Error in the pull function.
  query-migrate shows failed migration: TLS handshake failed: Error in the pull 
function.

Disable them temporarily.

Signed-off-by: Bin Meng 
---
I am not familar with the gnutls and simply enabling the gnutls debug
output does not give me an immedidate hint on why it's failing on
Windows. Disable these cases for now until someone or maintainers
who may want to test this on Windows.

(no changes since v1)

 tests/qtest/migration-test.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index aedd9ddb72..dbee9b528a 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -1403,6 +1403,7 @@ static void test_precopy_unix_dirty_ring(void)
 }
 
 #ifdef CONFIG_GNUTLS
+#ifndef _WIN32
 static void test_precopy_unix_tls_psk(void)
 {
 g_autofree char *uri = g_strdup_printf("unix:%s/migsocket", tmpfs);
@@ -1415,6 +1416,7 @@ static void test_precopy_unix_tls_psk(void)
 
 test_precopy_common(&args);
 }
+#endif /* _WIN32 */
 
 #ifdef CONFIG_TASN1
 static void test_precopy_unix_tls_x509_default_host(void)
@@ -1523,6 +1525,7 @@ static void test_precopy_tcp_plain(void)
 }
 
 #ifdef CONFIG_GNUTLS
+#ifndef _WIN32
 static void test_precopy_tcp_tls_psk_match(void)
 {
 MigrateCommon args = {
@@ -1533,6 +1536,7 @@ static void test_precopy_tcp_tls_psk_match(void)
 
 test_precopy_common(&args);
 }
+#endif /* _WIN32 */
 
 static void test_precopy_tcp_tls_psk_mismatch(void)
 {
@@ -1930,6 +1934,7 @@ static void test_multifd_tcp_zstd(void)
 #endif
 
 #ifdef CONFIG_GNUTLS
+#ifndef _WIN32
 static void *
 test_migrate_multifd_tcp_tls_psk_start_match(QTestState *from,
  QTestState *to)
@@ -1937,6 +1942,7 @@ test_migrate_multifd_tcp_tls_psk_start_match(QTestState 
*from,
 test_migrate_precopy_tcp_multifd_start_common(from, to, "none");
 return test_migrate_tls_psk_start_match(from, to);
 }
+#endif /* _WIN32 */
 
 static void *
 test_migrate_multifd_tcp_tls_psk_start_mismatch(QTestState *from,
@@ -1988,6 +1994,7 @@ 
test_migrate_multifd_tls_x509_start_reject_anon_client(QTestState *from,
 }
 #endif /* CONFIG_TASN1 */
 
+#ifndef _WIN32
 static void test_multifd_tcp_tls_psk_match(void)
 {
 MigrateCommon args = {
@@ -1997,6 +2004,7 @@ static void test_multifd_tcp_tls_psk_match(void)
 };
 test_precopy_common(&args);
 }
+#endif /* _WIN32 */
 
 static void test_multifd_tcp_tls_psk_mismatch(void)
 {
@@ -2497,8 +2505,10 @@ int main(int argc, char **argv)
 qtest_add_func("/migration/precopy/unix/plain", test_precopy_unix_plain);
 qtest_add_func("/migration/precopy/unix/xbzrle", test_precopy_unix_xbzrle);
 #ifdef CONFIG_GNUTLS
+#ifndef _WIN32
 qtest_add_func("/migration/precopy/unix/tls/psk",
test_precopy_unix_tls_psk);
+#endif
 
 if (has_uffd) {
 /*
@@ -2524,8 +2534,10 @@ int main(int argc, char **argv)
 
 qtest_add_func("/migration/precopy/tcp/plain", test_precopy_tcp_plain);
 #ifdef CONFIG_GNUTLS
+#ifndef _WIN32
 qtest_add_func("/migration/precopy/tcp/tls/psk/match",
test_precopy_tcp_tls_psk_match);
+#endif
 qtest_add_func("/migration/precopy/tcp/tls/psk/mismatch",
test_precopy_tcp_tls_psk_mismatch);
 #ifdef CONFIG_TASN1
@@ -2569,8 +2581,10 @@ int main(int argc, char **argv)
test_multifd_tcp_zstd);
 #endif
 #ifdef CONFIG_GNUTLS
+#ifndef _WIN32
 qtest_add_func("/migration/multifd/tcp/tls/psk/match",
test_multifd_tcp_tls_psk_match);
+#endif
 qtest_add_func("/migration/multifd/tcp/tls/psk/mismatch",
test_multifd_tcp_tls_psk_mismatch);
 #ifdef CONFIG_TASN1
-- 
2.34.1

[PATCH v2 09/39] fsdev/virtfs-proxy-helper: Use g_mkdir()

[Bin Meng]

From: Bin Meng 

Use g_mkdir() to create a directory on all platforms.

Signed-off-by: Bin Meng 
---

Changes in v2:
- Change to use g_mkdir()

 fsdev/virtfs-proxy-helper.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index 2dde27922f..5cafcd7703 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -10,6 +10,7 @@
  */
 
 #include "qemu/osdep.h"
+#include 
 #include 
 #include 
 #include 
@@ -639,7 +640,7 @@ static int do_create_others(int type, struct iovec *iovec)
 if (retval < 0) {
 goto err_out;
 }
-retval = mkdir(path.data, mode);
+retval = g_mkdir(path.data, mode);
 break;
 case T_SYMLINK:
 retval = proxy_unmarshal(iovec, offset, "ss", &oldpath, &path);
-- 
2.34.1

Re: [PATCH v3 4/6] accel/tcg: Introduce probe_access_full

[Peter Maydell]

On Mon, 5 Sept 2022 at 21:26, Richard Henderson
 wrote:
>
> Add an interface to return the CPUTLBEntryFull struct
> that goes with the lookup.  The result is not intended
> to be valid across multiple lookups, so the user must
> use the results immediately.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Peter Maydell 

thanks
-- PMM

[PATCH v2 39/39] docs/devel: testing: Document writing portable test cases

[Bin Meng]

From: Bin Meng 

Update the best practices of how to write portable test cases that
can be built and run successfully on both Linux and Windows hosts.

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

Changes in v2:
- Minor wording changes

 docs/devel/testing.rst | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index f35f117d95..eb65401ad2 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -115,6 +115,36 @@ check-block
 are in the "auto" group).
 See the "QEMU iotests" section below for more information.
 
+Writing portable test cases
+~~~
+Both unit tests and qtests can run on POSIX hosts as well as a Windows host.
+Care must be taken when writing portable test cases that can be built and run
+successfully on various hosts. The following are some best practices:
+
+* Use portable APIs from glib whenever necessary, e.g.: g_setenv(),
+  g_mkdtemp(), g_mkdir().
+* Avoid using hardcoded /tmp for temporary file directory.
+  Use g_get_tmp_dir() instead.
+* Bear in mind that Windows has different special string representation for
+  stdin/stdout/stderr and null devices. For example if your test case uses
+  "/dev/fd/2" and "/dev/null" on Linux, remember to use "2" and "nul" on
+  Windows instead. Also IO redirection does not work on Windows, so avoid
+  using "2>nul" whenever necessary.
+* If your test cases uses the blkdebug feature, use relative path to pass
+  the config and image file paths in the command line as Windows absolute
+  path contains the delimeter ":" which will confuse the blkdebug parser.
+* Use double quotes in your extra QEMU commmand line in your test cases
+  instead of single quotes, as Windows does not drop single quotes when
+  passing the command line to QEMU.
+* Windows opens a file in text mode by default, while a POSIX compliant
+  implementation treats text files and binary files the same. So if your
+  test cases opens a file to write some data and later wants to compare the
+  written data with the original one, be sure to pass the letter 'b' as
+  part of the mode string to fopen(), or O_BINARY flag for the open() call.
+* If a certain test case can only run on POSIX or Linux hosts, use a proper
+  #ifdef in the codes. If the whole test suite cannot run on Windows, disable
+  the build in the meson.build file.
+
 QEMU iotests
 
 
-- 
2.34.1

[PATCH v2 26/39] tests/qtest: migration-test: Make sure QEMU process "to" exited after migration is canceled

[Bin Meng]

From: Xuzhou Cheng 

Make sure QEMU process "to" exited before launching another target
for migration in the test_multifd_tcp_cancel case.

Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

Changes in v2:
- Change to a busy wait after migration is canceled

 tests/qtest/migration-test.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c
index c87afad9e8..aedd9ddb72 100644
--- a/tests/qtest/migration-test.c
+++ b/tests/qtest/migration-test.c
@@ -2133,6 +2133,10 @@ static void test_multifd_tcp_cancel(void)
 wait_for_migration_pass(from);
 
 migrate_cancel(from);
+/* Make sure QEMU process "to" exited */
+while (qtest_probe_child(to)) {
+;
+}
 
 args = (MigrateStart){
 .only_target = true,
-- 
2.34.1

[PATCH v2 23/39] tests/qtest: ide-test: Open file in binary mode

[Bin Meng]

From: Xuzhou Cheng 

By default Windows opens file in text mode, while a POSIX compliant
implementation treats text files and binary files the same.

The fopen() 'mode' string can include the letter 'b' to indicate
binary mode shall be used. POSIX spec says the character 'b' shall
have no effect, but is allowed for ISO C standard conformance.
Let's add the letter 'b' which works on both POSIX and Windows.

Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

Changes in v2:
- Drop ahci-test.c changes that are no longer needed

 tests/qtest/ide-test.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/qtest/ide-test.c b/tests/qtest/ide-test.c
index 5e3e28aea2..4ea89c26c9 100644
--- a/tests/qtest/ide-test.c
+++ b/tests/qtest/ide-test.c
@@ -892,7 +892,7 @@ static void cdrom_pio_impl(int nblocks)
 
 /* Prepopulate the CDROM with an interesting pattern */
 generate_pattern(pattern, patt_len, ATAPI_BLOCK_SIZE);
-fh = fopen(tmp_path, "w+");
+fh = fopen(tmp_path, "wb+");
 ret = fwrite(pattern, ATAPI_BLOCK_SIZE, patt_blocks, fh);
 g_assert_cmpint(ret, ==, patt_blocks);
 fclose(fh);
@@ -993,7 +993,7 @@ static void test_cdrom_dma(void)
 prdt[0].size = cpu_to_le32(len | PRDT_EOT);
 
 generate_pattern(pattern, ATAPI_BLOCK_SIZE * 16, ATAPI_BLOCK_SIZE);
-fh = fopen(tmp_path, "w+");
+fh = fopen(tmp_path, "wb+");
 ret = fwrite(pattern, ATAPI_BLOCK_SIZE, 16, fh);
 g_assert_cmpint(ret, ==, 16);
 fclose(fh);
-- 
2.34.1

[PATCH v2 31/39] tests/qtest: libqtest: Correct the timeout unit of blocking receive calls for win32

[Bin Meng]

From: Bin Meng 

Some qtest cases don't get response from the QEMU executable under
test in time on Windows. It turns out that the socket receive call
got timeout before it receive the complete response.

The timeout value is supposed to be set to 50 seconds via the
setsockopt() call, but there is a difference among platforms.
The timeout unit of blocking receive calls is measured in
seconds on non-Windows platforms but milliseconds on Windows.

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

(no changes since v1)

 tests/qtest/libqtest.c | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c
index 08c4e76ffe..f6df0e35ac 100644
--- a/tests/qtest/libqtest.c
+++ b/tests/qtest/libqtest.c
@@ -36,13 +36,14 @@
 #include "qapi/qmp/qstring.h"
 
 #define MAX_IRQ 256
-#define SOCKET_TIMEOUT 50
 
 #ifndef _WIN32
+# define SOCKET_TIMEOUT 50
 # define CMD_EXEC   "exec "
 # define DEV_STDERR "/dev/fd/2"
 # define DEV_NULL   "/dev/null"
 #else
+# define SOCKET_TIMEOUT 5
 # define CMD_EXEC   ""
 # define DEV_STDERR "2"
 # define DEV_NULL   "nul"
@@ -106,8 +107,16 @@ static int socket_accept(int sock)
 struct sockaddr_un addr;
 socklen_t addrlen;
 int ret;
+/*
+ * timeout unit of blocking receive calls is different among platfoms.
+ * It's in seconds on non-Windows platforms but milliseconds on Windows.
+ */
+#ifndef _WIN32
 struct timeval timeout = { .tv_sec = SOCKET_TIMEOUT,
.tv_usec = 0 };
+#else
+DWORD timeout = SOCKET_TIMEOUT;
+#endif
 
 if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO,
(void *)&timeout, sizeof(timeout))) {
-- 
2.34.1

[PATCH v4 4/7] tests/x86: Add 'q35' machine type to drive_del-test

[Michael Labiuk via]

Configure pci bridge setting to run tests on 'q35' machine type.

Signed-off-by: Michael Labiuk 
---
 tests/qtest/drive_del-test.c | 111 +++
 1 file changed, 111 insertions(+)

diff --git a/tests/qtest/drive_del-test.c b/tests/qtest/drive_del-test.c
index 5e6d58b4dd..3a2ddecf22 100644
--- a/tests/qtest/drive_del-test.c
+++ b/tests/qtest/drive_del-test.c
@@ -258,6 +258,27 @@ static void test_cli_device_del(void)
 qtest_quit(qts);
 }
 
+static void test_cli_device_del_q35(void)
+{
+QTestState *qts;
+
+/*
+ * -drive/-device and device_del.  Start with a drive used by a
+ * device that unplugs after reset.
+ */
+qts = qtest_initf("-drive if=none,id=drive0,file=null-co://,"
+  "file.read-zeroes=on,format=raw "
+  "-machine q35 -device pcie-root-port,id=p1 "
+  "-device pcie-pci-bridge,bus=p1,id=b1 "
+  "-device virtio-blk-%s,drive=drive0,bus=b1,id=dev0",
+  qvirtio_get_dev_type());
+
+device_del(qts, true);
+g_assert(!has_drive(qts));
+
+qtest_quit(qts);
+}
+
 static void test_empty_device_del(void)
 {
 QTestState *qts;
@@ -294,6 +315,45 @@ static void test_device_add_and_del(void)
 qtest_quit(qts);
 }
 
+static void device_add_q35(QTestState *qts)
+{
+QDict *response;
+char driver[32];
+snprintf(driver, sizeof(driver), "virtio-blk-%s",
+ qvirtio_get_dev_type());
+
+response = qtest_qmp(qts, "{'execute': 'device_add',"
+  " 'arguments': {"
+  "   'driver': %s,"
+  "   'drive': 'drive0',"
+  "   'id': 'dev0',"
+  "   'bus': 'b1'"
+  "}}", driver);
+g_assert(response);
+g_assert(qdict_haskey(response, "return"));
+qobject_unref(response);
+}
+
+static void test_device_add_and_del_q35(void)
+{
+QTestState *qts;
+
+/*
+ * -drive/device_add and device_del.  Start with a drive used by a
+ * device that unplugs after reset.
+ */
+qts = qtest_initf("-machine q35 -device pcie-root-port,id=p1 "
+ "-device pcie-pci-bridge,bus=p1,id=b1 "
+ "-drive if=none,id=drive0,file=null-co://,"
+ "file.read-zeroes=on,format=raw");
+
+device_add_q35(qts);
+device_del(qts, true);
+g_assert(!has_drive(qts));
+
+qtest_quit(qts);
+}
+
 static void test_drive_add_device_add_and_del(void)
 {
 QTestState *qts;
@@ -318,6 +378,25 @@ static void test_drive_add_device_add_and_del(void)
 qtest_quit(qts);
 }
 
+static void test_drive_add_device_add_and_del_q35(void)
+{
+QTestState *qts;
+
+qts = qtest_init("-machine q35 -device pcie-root-port,id=p1 "
+ "-device pcie-pci-bridge,bus=p1,id=b1");
+
+/*
+ * drive_add/device_add and device_del.  The drive is used by a
+ * device that unplugs after reset.
+ */
+drive_add_with_media(qts);
+device_add_q35(qts);
+device_del(qts, true);
+g_assert(!has_drive(qts));
+
+qtest_quit(qts);
+}
+
 static void test_blockdev_add_device_add_and_del(void)
 {
 QTestState *qts;
@@ -342,8 +421,29 @@ static void test_blockdev_add_device_add_and_del(void)
 qtest_quit(qts);
 }
 
+static void test_blockdev_add_device_add_and_del_q35(void)
+{
+QTestState *qts;
+
+qts = qtest_init("-machine q35 -device pcie-root-port,id=p1 "
+ "-device pcie-pci-bridge,bus=p1,id=b1");
+
+/*
+ * blockdev_add/device_add and device_del.  The it drive is used by a
+ * device that unplugs after reset, but it doesn't go away.
+ */
+blockdev_add_with_media(qts);
+device_add_q35(qts);
+device_del(qts, true);
+g_assert(has_blockdev(qts));
+
+qtest_quit(qts);
+}
+
 int main(int argc, char **argv)
 {
+const char *arch = qtest_get_arch();
+
 g_test_init(&argc, &argv, NULL);
 
 qtest_add_func("/drive_del/without-dev", test_drive_without_dev);
@@ -363,6 +463,17 @@ int main(int argc, char **argv)
test_empty_device_del);
 qtest_add_func("/device_del/blockdev",
test_blockdev_add_device_add_and_del);
+
+if (!strcmp(arch, "x86_64")) {
+qtest_add_func("/device_del/drive/cli_device_q35",
+   test_cli_device_del_q35);
+qtest_add_func("/device_del/drive/device_add_q35",
+   test_device_add_and_del_q35);
+qtest_add_func("/device_del/drive/drive_add_device_add_q35",
+   test_drive_add_device_add_and_del_q35);
+qtest_add_func("/device_del/blockdev_q35",
+   test_blockdev_add_device_add_and_del_q35);
+}
 }
 
 return g_test_run();
-- 
2.34.1

[PATCH v2 24/39] tests/qtest: virtio-net-failover: Disable migration tests for win32

[Bin Meng]

From: Xuzhou Cheng 

These tests use the exec migration protocol, which is unsupported
on Windows as of today. Disable these tests for now.

Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 
---

(no changes since v1)

 tests/qtest/virtio-net-failover.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tests/qtest/virtio-net-failover.c 
b/tests/qtest/virtio-net-failover.c
index 443ee56de9..4a809590bf 100644
--- a/tests/qtest/virtio-net-failover.c
+++ b/tests/qtest/virtio-net-failover.c
@@ -588,6 +588,7 @@ static void test_hotplug_2_reverse(void)
 machine_stop(qts);
 }
 
+#ifndef _WIN32
 static QDict *migrate_status(QTestState *qts)
 {
 QDict *resp, *ret;
@@ -1827,6 +1828,7 @@ static void test_multi_in(gconstpointer opaque)
 
 machine_stop(qts);
 }
+#endif /* _WIN32 */
 
 int main(int argc, char **argv)
 {
@@ -1857,7 +1859,11 @@ int main(int argc, char **argv)
 qtest_add_func("failover-virtio-net/hotplug/2_reverse",
test_hotplug_2_reverse);
 
-/* migration tests */
+#ifndef _WIN32
+/*
+ * These migration tests cases use the exec migration protocol,
+ * which is unsupported on Windows.
+ */
 qtest_add_data_func("failover-virtio-net/migrate/on/out", tmpfile,
 test_migrate_out);
 qtest_add_data_func("failover-virtio-net/migrate/on/in", tmpfile,
@@ -1886,6 +1892,7 @@ int main(int argc, char **argv)
 tmpfile, test_multi_out);
 qtest_add_data_func("failover-virtio-net/migrate/multi/in",
tmpfile, test_multi_in);
+#endif /* _WIN32 */
 
 ret = g_test_run();
 
-- 
2.34.1

[PATCH v4 6/7] tests/x86: Refactor hot unplug hd-geo-test

[Michael Labiuk via]

Moving common code to function.

Signed-off-by: Michael Labiuk 
---
 tests/qtest/hd-geo-test.c | 133 +++---
 1 file changed, 53 insertions(+), 80 deletions(-)

diff --git a/tests/qtest/hd-geo-test.c b/tests/qtest/hd-geo-test.c
index 58b1107d64..d488ad9ac0 100644
--- a/tests/qtest/hd-geo-test.c
+++ b/tests/qtest/hd-geo-test.c
@@ -898,13 +898,55 @@ static void test_override_zero_chs_q35(void)
 test_override(args, "q35", expected);
 }
 
+static void test_override_hot_unplug(TestArgs *args, const char *devid,
+ CHSResult expected[], CHSResult 
expected2[])
+{
+QTestState *qts;
+char *joined_args;
+QFWCFG *fw_cfg;
+QDict *response;
+int i;
+
+joined_args = g_strjoinv(" ", args->argv);
+
+qts = qtest_initf("%s", joined_args);
+fw_cfg = pc_fw_cfg_init(qts);
+
+read_bootdevices(fw_cfg, expected);
+
+/* unplug device an restart */
+response = qtest_qmp(qts,
+ "{ 'execute': 'device_del',"
+ "  'arguments': {'id': %s }}", devid);
+g_assert(response);
+g_assert(!qdict_haskey(response, "error"));
+qobject_unref(response);
+response = qtest_qmp(qts,
+ "{ 'execute': 'system_reset', 'arguments': { }}");
+g_assert(response);
+g_assert(!qdict_haskey(response, "error"));
+qobject_unref(response);
+
+qtest_qmp_eventwait(qts, "RESET");
+
+read_bootdevices(fw_cfg, expected2);
+
+g_free(joined_args);
+qtest_quit(qts);
+
+g_free(fw_cfg);
+
+for (i = 0; i < args->n_drives; i++) {
+unlink(args->drives[i]);
+free(args->drives[i]);
+}
+g_free(args->drives);
+g_strfreev(args->argv);
+g_free(args);
+}
+
 static void test_override_scsi_hot_unplug(void)
 {
-QTestState *qts;
-char *joined_args;
-QFWCFG *fw_cfg;
-QDict *response;
-int i;
 TestArgs *args = create_args();
 CHSResult expected[] = {
 {"/pci@i0cf8/scsi@2/channel@0/disk@0,0", {1, 120, 30} },
@@ -921,51 +963,14 @@ static void test_override_scsi_hot_unplug(void)
 add_scsi_disk(args, 0, 0, 0, 0, 0, 1, 120, 30);
 add_scsi_disk(args, 1, 0, 0, 1, 0, 20, 20, 20);
 
-joined_args = g_strjoinv(" ", args->argv);
+args->argc = append_arg(args->argc, args->argv, ARGV_SIZE,
+g_strdup("-machine pc"));
 
-qts = qtest_initf("-machine pc %s", joined_args);
-fw_cfg = pc_fw_cfg_init(qts);
-
-read_bootdevices(fw_cfg, expected);
-
-/* unplug device an restart */
-response = qtest_qmp(qts,
- "{ 'execute': 'device_del',"
- "  'arguments': {'id': 'scsi-disk0' }}");
-g_assert(response);
-g_assert(!qdict_haskey(response, "error"));
-qobject_unref(response);
-response = qtest_qmp(qts,
- "{ 'execute': 'system_reset', 'arguments': { }}");
-g_assert(response);
-g_assert(!qdict_haskey(response, "error"));
-qobject_unref(response);
-
-qtest_qmp_eventwait(qts, "RESET");
-
-read_bootdevices(fw_cfg, expected2);
-
-g_free(joined_args);
-qtest_quit(qts);
-
-g_free(fw_cfg);
-
-for (i = 0; i < args->n_drives; i++) {
-unlink(args->drives[i]);
-free(args->drives[i]);
-}
-g_free(args->drives);
-g_strfreev(args->argv);
-g_free(args);
+test_override_hot_unplug(args, "scsi-disk0", expected, expected2);
 }
 
 static void test_override_virtio_hot_unplug(void)
 {
-QTestState *qts;
-char *joined_args;
-QFWCFG *fw_cfg;
-QDict *response;
-int i;
 TestArgs *args = create_args();
 CHSResult expected[] = {
 {"/pci@i0cf8/scsi@2/disk@0,0", {1, 120, 30} },
@@ -981,42 +986,10 @@ static void test_override_virtio_hot_unplug(void)
 add_virtio_disk(args, 0, "pci.0", 2, 1, 120, 30);
 add_virtio_disk(args, 1, "pci.0", 3, 20, 20, 20);
 
-joined_args = g_strjoinv(" ", args->argv);
+args->argc = append_arg(args->argc, args->argv, ARGV_SIZE,
+g_strdup("-machine pc"));
 
-qts = qtest_initf("-machine pc %s", joined_args);
-fw_cfg = pc_fw_cfg_init(qts);
-
-read_bootdevices(fw_cfg, expected);
-
-/* unplug device an restart */
-response = qtest_qmp(qts,
- "{ 'execute': 'device_del',"
- "  'arguments': {'id': 'virtio-disk0' }}");
-g_assert(response);
-g_assert(!qdict_haskey(response, "error"));
-qobject_unref(response);
-response = qtest_qmp(qts,
- "{ 'execute': 'system_reset', 'arguments': { }}");
-g_assert(response);
-g_assert(!qdict_haskey(response, "error"));
-qobject_unref(response);
-
-qtest_qmp_eventwait(qts, "RESET");
-
-read_bootdevices(fw_cfg, expected2);
-
-g_free(joined_args);
-qtest_quit(qts);
-
-g_free(fw_cfg);
-
-for (i = 0; i < args->n_drives; i++) {
-unlink(args->drives[

Re: [PATCH v3 1/6] accel/tcg: Rename CPUIOTLBEntry to CPUTLBEntryFull

[Peter Maydell]

On Mon, 5 Sept 2022 at 21:23, Richard Henderson
 wrote:
>
> This structure will shortly contain more than just
> data for accessing MMIO.  Rename the 'addr' member
> to 'xlat_section' to more clearly indicate its purpose.
>
> Signed-off-by: Richard Henderson 
> ---

Reviewed-by: Peter Maydell 

thanks
-- PMM

[PATCH v2 32/39] io/channel-watch: Drop a superfluous '#ifdef WIN32'

[Bin Meng]

From: Bin Meng 

In the win32 version qio_channel_create_socket_watch() body there is
no need to do a '#ifdef WIN32'.

Signed-off-by: Bin Meng 
Reviewed-by: Marc-André Lureau 
---

(no changes since v1)

 io/channel-watch.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/io/channel-watch.c b/io/channel-watch.c
index 0289b3647c..89f3c8a88a 100644
--- a/io/channel-watch.c
+++ b/io/channel-watch.c
@@ -285,11 +285,9 @@ GSource *qio_channel_create_socket_watch(QIOChannel *ioc,
 GSource *source;
 QIOChannelSocketSource *ssource;
 
-#ifdef WIN32
 WSAEventSelect(socket, ioc->event,
FD_READ | FD_ACCEPT | FD_CLOSE |
FD_CONNECT | FD_WRITE | FD_OOB);
-#endif
 
 source = g_source_new(&qio_channel_socket_source_funcs,
   sizeof(QIOChannelSocketSource));
-- 
2.34.1

[PATCH v2 38/39] tests/qtest: Enable qtest build on Windows

[Bin Meng]

From: Bin Meng 

Now that we have fixed various test case issues as seen when running
on Windows, let's enable the qtest build on Windows.

Signed-off-by: Bin Meng 
---

Changes in v2:
- new patch: "tests/qtest: Enable qtest build on Windows"

 tests/qtest/meson.build | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index 455f1bbb7e..ceab141824 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -1,6 +1,5 @@
-# All QTests for now are POSIX-only, but the dependencies are
-# really in libqtest, not in the testcases themselves.
-if not config_host.has_key('CONFIG_POSIX')
+# Build all QTests for POSIX and Windows
+if not config_host.has_key('CONFIG_POSIX') and not 
config_host.has_key('CONFIG_WIN32')
   subdir_done()
 endif
 
-- 
2.34.1

[PATCH v2 34/39] io/channel-watch: Fix socket watch on Windows

[Bin Meng]

From: Bin Meng 

Random failure was observed when running qtests on Windows due to
"Broken pipe" detected by qmp_fd_receive(). What happened is that
the qtest executable sends testing data over a socket to the QEMU
under test but no response is received. The errno of the recv()
call from the qtest executable indicates ETIMEOUT, due to the qmp
chardev's tcp_chr_read() is never called to receive testing data
hence no response is sent to the other side.

tcp_chr_read() is registered as the callback of the socket watch
GSource. The reason of the callback not being called by glib, is
that the source check fails to indicate the source is ready. There
are two socket watch sources created to monitor the same socket
event object from the char-socket backend in update_ioc_handlers().
During the source check phase, qio_channel_socket_source_check()
calls WSAEnumNetworkEvents() to discover occurrences of network
events for the indicated socket, clear internal network event records,
and reset the event object. Testing shows that if we don't reset the
event object by not passing the event handle to WSAEnumNetworkEvents()
the symptom goes away and qtest runs very stably.

It seems we don't need to call WSAEnumNetworkEvents() at all, as we
don't parse the result of WSANETWORKEVENTS returned from this API.
We use select() to poll the socket status. Fix this instability by
dropping the WSAEnumNetworkEvents() call.

Some side notes:

During the testing, I removed the following codes in update_ioc_handlers():

  remove_hup_source(s);
  s->hup_source = qio_channel_create_watch(s->ioc, G_IO_HUP);
  g_source_set_callback(s->hup_source, (GSourceFunc)tcp_chr_hup,
chr, NULL);
  g_source_attach(s->hup_source, chr->gcontext);

and such change also makes the symptom go away.

And if I moved the above codes to the beginning, before the call to
io_add_watch_poll(), the symptom also goes away.

It seems two sources watching on the same socket event object is
the key that leads to the instability. The order of adding a source
watch seems to also play a role but I can't explain why.
Hopefully a Windows and glib expert could explain this behavior.

Signed-off-by: Bin Meng 
---

(no changes since v1)

 io/channel-watch.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/io/channel-watch.c b/io/channel-watch.c
index 43d38494f7..ad7c568a84 100644
--- a/io/channel-watch.c
+++ b/io/channel-watch.c
@@ -115,17 +115,13 @@ static gboolean
 qio_channel_socket_source_check(GSource *source)
 {
 static struct timeval tv0;
-
 QIOChannelSocketSource *ssource = (QIOChannelSocketSource *)source;
-WSANETWORKEVENTS ev;
 fd_set rfds, wfds, xfds;
 
 if (!ssource->condition) {
 return 0;
 }
 
-WSAEnumNetworkEvents(ssource->socket, ssource->ioc->event, &ev);
-
 FD_ZERO(&rfds);
 FD_ZERO(&wfds);
 FD_ZERO(&xfds);
-- 
2.34.1

Re: [PATCH v3 6/6] include/exec: Introduce TARGET_PAGE_ENTRY_EXTRA

[Peter Maydell]

On Mon, 5 Sept 2022 at 21:26, Richard Henderson
 wrote:
>
> Allow the target to cache items from the guest page tables.
>
> Signed-off-by: Richard Henderson 
> ---
>  include/exec/cpu-defs.h | 9 +
>  1 file changed, 9 insertions(+)
>
> diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
> index 5e12cc1854..67239b4e5e 100644
> --- a/include/exec/cpu-defs.h
> +++ b/include/exec/cpu-defs.h
> @@ -163,6 +163,15 @@ typedef struct CPUTLBEntryFull {
>
>  /* @lg_page_size contains the log2 of the page size. */
>  uint8_t lg_page_size;
> +
> +/*
> + * Allow target-specific additions to this structure.
> + * This may be used to cache items from the guest cpu
> + * page tables for later use by the implementation.
> + */
> +#ifdef TARGET_PAGE_ENTRY_EXTRA
> +TARGET_PAGE_ENTRY_EXTRA
> +#endif
>  } CPUTLBEntryFull;

Reviewed-by: Peter Maydell 

Shouldn't be too painful to adjust in future if we decide we don't
like doing it by macro magic, I guess.

thanks
-- PMM

[PATCH v4 0/7] Add 'q35' machine type to hotplug tests

[Michael Labiuk via]

Add pci bridge setting to run hotplug tests on q35 machine type.
Hotplug tests was bounded to 'pc' machine type by commit 7b172333f1b

Changes from v3:

* Moving helper function process_device_remove() to separate commit.
* Refactoring hd-geo-test to avoid code duplication.

Michael Labiuk (7):
  tests/x86: Move common code to function in device-plug-test
  tests/x86: Add subtest with 'q35' machine type to device-plug-test
  tests/x86: Add 'q35' machine type to ivshmem-test
  tests/x86: Add 'q35' machine type to drive_del-test
  tests/x86: Add 'q35' machine type to override-tests in hd-geo-test
  tests/x86: Refactor hot unplug hd-geo-test
  tests/x86: Add 'q35' machine type to hotplug hd-geo-test

 tests/qtest/device-plug-test.c |  83 ++---
 tests/qtest/drive_del-test.c   | 111 
 tests/qtest/hd-geo-test.c  | 318 -
 tests/qtest/ivshmem-test.c |  30 
 4 files changed, 428 insertions(+), 114 deletions(-)

-- 
2.34.1

[PATCH v2 36/39] .gitlab-ci.d/windows.yml: Increase the timeout to 90 minutes

[Bin Meng]

From: Bin Meng 

commit 9f8e6cad65a6 ("gitlab-ci: Speed up the msys2-64bit job by using 
--without-default-devices"
changed to compile QEMU with the --without-default-devices switch for
the msys2-64bit job, due to the build could not complete within the
project timeout (1h), and also mentioned that a bigger timeout was
getting ignored on the shared Gitlab-CI Windows runners.

However as of today it seems the shared Gitlab-CI Windows runners does
honor the job timeout, and the runner has the timeout limit of 2h, so
let's increase the timeout to 90 minutes and drop the configure switch
"--without-default-devices" to get a larger build coverage.

Signed-off-by: Bin Meng 
---

Changes in v2:
- Change the timeout limit to 90 minutes

 .gitlab-ci.d/windows.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.d/windows.yml b/.gitlab-ci.d/windows.yml
index da6013904a..818676662a 100644
--- a/.gitlab-ci.d/windows.yml
+++ b/.gitlab-ci.d/windows.yml
@@ -10,7 +10,7 @@
   - ${CI_PROJECT_DIR}/msys64/var/cache
   needs: []
   stage: build
-  timeout: 70m
+  timeout: 90m
   before_script:
   - If ( !(Test-Path -Path msys64\var\cache ) ) {
   mkdir msys64\var\cache
@@ -59,7 +59,7 @@ msys2-64bit:
   - $env:MSYSTEM = 'MINGW64' # Start a 64 bit Mingw environment
   - $env:MSYS = 'winsymlinks:native' # Enable native Windows symlink
   - .\msys64\usr\bin\bash -lc './configure --target-list=x86_64-softmmu
-  --enable-capstone --without-default-devices'
+  --enable-capstone'
   - .\msys64\usr\bin\bash -lc "sed -i '/^ROMS=/d' build/config-host.mak"
   - .\msys64\usr\bin\bash -lc 'make'
   - .\msys64\usr\bin\bash -lc 'make check'
-- 
2.34.1

[PATCH v4 7/7] tests/x86: Add 'q35' machine type to hotplug hd-geo-test

[Michael Labiuk via]

Add pci bridge setting to test hotplug.
Duplicate tests for plugging scsi and virtio devices for q35 machine type.

Signed-off-by: Michael Labiuk 
---
 tests/qtest/hd-geo-test.c | 76 +++
 1 file changed, 76 insertions(+)

diff --git a/tests/qtest/hd-geo-test.c b/tests/qtest/hd-geo-test.c
index d488ad9ac0..ada80d8828 100644
--- a/tests/qtest/hd-geo-test.c
+++ b/tests/qtest/hd-geo-test.c
@@ -969,6 +969,42 @@ static void test_override_scsi_hot_unplug(void)
 test_override_hot_unplug(args, "scsi-disk0", expected, expected2);
 }
 
+static void test_override_scsi_hot_unplug_q35(void)
+{
+TestArgs *args = create_args();
+CHSResult expected[] = {
+{
+"/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@2/channel@0/disk@0,0",
+{1, 120, 30}
+},
+{
+"/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@2/channel@0/disk@1,0",
+{20, 20, 20}
+},
+{NULL, {0, 0, 0} }
+};
+CHSResult expected2[] = {
+{
+"/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@2/channel@0/disk@1,0",
+{20, 20, 20}
+},
+{NULL, {0, 0, 0} }
+};
+
+args->argc = append_arg(args->argc, args->argv, ARGV_SIZE,
+g_strdup("-device pcie-root-port,id=p0 "
+ "-device pcie-pci-bridge,bus=p0,id=b1 "
+ "-machine q35"));
+
+add_drive_with_mbr(args, empty_mbr, 1);
+add_drive_with_mbr(args, empty_mbr, 1);
+add_scsi_controller(args, "virtio-scsi-pci", "b1", 2);
+add_scsi_disk(args, 0, 0, 0, 0, 0, 1, 120, 30);
+add_scsi_disk(args, 1, 0, 0, 1, 0, 20, 20, 20);
+
+test_override_hot_unplug(args, "scsi-disk0", expected, expected2);
+}
+
 static void test_override_virtio_hot_unplug(void)
 {
 TestArgs *args = create_args();
@@ -992,6 +1028,41 @@ static void test_override_virtio_hot_unplug(void)
 test_override_hot_unplug(args, "virtio-disk0", expected, expected2);
 }
 
+static void test_override_virtio_hot_unplug_q35(void)
+{
+TestArgs *args = create_args();
+CHSResult expected[] = {
+{
+"/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@2/disk@0,0",
+{1, 120, 30}
+},
+{
+"/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@3/disk@0,0",
+{20, 20, 20}
+},
+{NULL, {0, 0, 0} }
+};
+CHSResult expected2[] = {
+{
+"/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@3/disk@0,0",
+{20, 20, 20}
+},
+{NULL, {0, 0, 0} }
+};
+
+args->argc = append_arg(args->argc, args->argv, ARGV_SIZE,
+g_strdup("-device pcie-root-port,id=p0 "
+ "-device pcie-pci-bridge,bus=p0,id=b1 "
+ "-machine q35"));
+
+add_drive_with_mbr(args, empty_mbr, 1);
+add_drive_with_mbr(args, empty_mbr, 1);
+add_virtio_disk(args, 0, "b1", 2, 1, 120, 30);
+add_virtio_disk(args, 1, "b1", 3, 20, 20, 20);
+
+test_override_hot_unplug(args, "virtio-disk0", expected, expected2);
+}
+
 int main(int argc, char **argv)
 {
 Backend i;
@@ -1038,8 +1109,13 @@ int main(int argc, char **argv)
test_override_zero_chs_q35);
 qtest_add_func("hd-geo/override/scsi_hot_unplug",
test_override_scsi_hot_unplug);
+qtest_add_func("hd-geo/override/scsi_hot_unplug_q35",
+   test_override_scsi_hot_unplug_q35);
 qtest_add_func("hd-geo/override/virtio_hot_unplug",
test_override_virtio_hot_unplug);
+qtest_add_func("hd-geo/override/virtio_hot_unplug_q35",
+   test_override_virtio_hot_unplug_q35);
+
 } else {
 g_test_message("QTEST_QEMU_IMG not set or qemu-img missing; "
"skipping hd-geo/override/* tests");
-- 
2.34.1

Re: [PATCH v2 28/39] hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure

[Cédric Le Goater]

On 9/20/22 12:31, Bin Meng wrote:

From: Xuzhou Cheng 

pnv_phb3_root_bus_info and pnv_phb4_root_bus_info are missing the
instance_size initialization. This results in accessing out-of-bound
memory when setting 'chip-id' and 'phb-id', and eventually crashes
glib's malloc functionality with the following message:

   "qemu-system-ppc64: GLib: ../glib-2.72.3/glib/gmem.c:131: failed to allocate 3232 
bytes"

This issue was noticed only when running qtests with QEMU Windows
32-bit executable. Windows 64-bit, Linux 32/64-bit do not expose
this bug though.

Fixes: 9ae1329ee2fe ("ppc/pnv: Add models for POWER8 PHB3 PCIe Host bridge")
Fixes: 4f9924c4d4cf ("ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge")
Signed-off-by: Xuzhou Cheng 
Signed-off-by: Bin Meng 


Nice !

Reviewed-by: Cédric Le Goater 

Thanks,

C.


---

Changes in v2:
- new patch: "hw/pci-host: pnv_phb{3,4}: Fix heap out-of-bound access failure"

  hw/pci-host/pnv_phb3.c | 1 +
  hw/pci-host/pnv_phb4.c | 1 +
  2 files changed, 2 insertions(+)

diff --git a/hw/pci-host/pnv_phb3.c b/hw/pci-host/pnv_phb3.c
index af8575c007..9054c393a2 100644
--- a/hw/pci-host/pnv_phb3.c
+++ b/hw/pci-host/pnv_phb3.c
@@ -1169,6 +1169,7 @@ static void pnv_phb3_root_bus_class_init(ObjectClass 
*klass, void *data)
  static const TypeInfo pnv_phb3_root_bus_info = {
  .name = TYPE_PNV_PHB3_ROOT_BUS,
  .parent = TYPE_PCIE_BUS,
+.instance_size = sizeof(PnvPHB3RootBus),
  .class_init = pnv_phb3_root_bus_class_init,
  };
  
diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c

index 824e1a73fb..ccbde841fc 100644
--- a/hw/pci-host/pnv_phb4.c
+++ b/hw/pci-host/pnv_phb4.c
@@ -1773,6 +1773,7 @@ static void pnv_phb4_root_bus_class_init(ObjectClass 
*klass, void *data)
  static const TypeInfo pnv_phb4_root_bus_info = {
  .name = TYPE_PNV_PHB4_ROOT_BUS,
  .parent = TYPE_PCIE_BUS,
+.instance_size = sizeof(PnvPHB4RootBus),
  .class_init = pnv_phb4_root_bus_class_init,
  };
  

Re: [PATCH v3 5/6] accel/tcg: Introduce tlb_set_page_full

[Peter Maydell]

On Mon, 5 Sept 2022 at 21:29, Richard Henderson
 wrote:
>
> Now that we have collected all of the page data into
> CPUTLBEntryFull, provide an interface to record that
> all in one go, instead of using 4 arguments.  This interface
> allows CPUTLBEntryFull to be extended without having to
> change the number of arguments.
>
> Signed-off-by: Richard Henderson 
> ---
>  include/exec/cpu-defs.h | 14 ++
>  include/exec/exec-all.h | 22 +++
>  accel/tcg/cputlb.c  | 62 -
>  3 files changed, 78 insertions(+), 20 deletions(-)
>
> diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
> index f70f54d850..5e12cc1854 100644
> --- a/include/exec/cpu-defs.h
> +++ b/include/exec/cpu-defs.h
> @@ -148,7 +148,21 @@ typedef struct CPUTLBEntryFull {
>   * + the offset within the target MemoryRegion (otherwise)
>   */
>  hwaddr xlat_section;
> +
> +/*
> + * @phys_addr contains the physical address in the address space
> + * given by cpu_asidx_from_attrs(cpu, @attrs).
> + */
> +hwaddr phys_addr;
> +
> +/* @attrs contains the memory transaction attributes for the page. */
>  MemTxAttrs attrs;
> +
> +/* @prot contains the complete protections for the page. */
> +uint8_t prot;
> +
> +/* @lg_page_size contains the log2 of the page size. */
> +uint8_t lg_page_size;
>  } CPUTLBEntryFull;
>
>  /*
> diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
> index 758cf6bcc7..1a30c857f4 100644
> --- a/include/exec/exec-all.h
> +++ b/include/exec/exec-all.h
> @@ -257,6 +257,28 @@ void tlb_flush_range_by_mmuidx_all_cpus_synced(CPUState 
> *cpu,
> uint16_t idxmap,
> unsigned bits);
>
> +/**
> + * tlb_set_page_full:
> + * @cpu: CPU context
> + * @mmu_idx: mmu index of the tlb to modify
> + * @vaddr: virtual address of the entry to add
> + * @full: the details of the tlb entry
> + *
> + * Add an entry to @cpu tlb index @mmu_idx.  All of the fields of
> + * @full must be filled, except for xlat_section, and constitute
> + * the complete description of the translated page.
> + *
> + * This is generally called by the target tlb_fill function after
> + * having performed a successful page table walk to find the physical
> + * address and attributes for the translation.
> + *
> + * At most one entry for a given virtual address is permitted. Only a
> + * single TARGET_PAGE_SIZE region is mapped; @full->ld_page_size is only

typo: lg_page_size

> + * used by tlb_flush_page.
> + */
> +void tlb_set_page_full(CPUState *cpu, int mmu_idx, target_ulong vaddr,
> +   CPUTLBEntryFull *full);
> +
>  /**
>   * tlb_set_page_with_attrs:
>   * @cpu: CPU to add this TLB entry for

> @@ -1272,15 +1275,34 @@ void tlb_set_page_with_attrs(CPUState *cpu, 
> target_ulong vaddr,
>  qemu_spin_unlock(&tlb->c.lock);
>  }
>
> -/* Add a new TLB entry, but without specifying the memory
> - * transaction attributes to be used.
> - */
> +void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
> + hwaddr paddr, MemTxAttrs attrs, int prot,
> + int mmu_idx, target_ulong size)
> +{
> +CPUTLBEntryFull full = {
> +.phys_addr = paddr,
> +.attrs = attrs,
> +.prot = prot,
> +.lg_page_size = ctz64(size)
> +};
> +
> +assert(is_power_of_2(size));
> +tlb_set_page_full(cpu, mmu_idx, vaddr, &full);
> +}
> +
>  void tlb_set_page(CPUState *cpu, target_ulong vaddr,
>hwaddr paddr, int prot,
>int mmu_idx, target_ulong size)
>  {
> -tlb_set_page_with_attrs(cpu, vaddr, paddr, MEMTXATTRS_UNSPECIFIED,
> -prot, mmu_idx, size);
> +CPUTLBEntryFull full = {
> +.phys_addr = paddr,
> +.attrs = MEMTXATTRS_UNSPECIFIED,
> +.prot = prot,
> +.lg_page_size = ctz64(size)
> +};
> +
> +assert(is_power_of_2(size));
> +tlb_set_page_full(cpu, mmu_idx, vaddr, &full);
>  }

Why not just leave tlb_set_page() the way it was? Writing
it out results in this code duplication...

Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

[PATCH v4 2/7] tests/x86: Add subtest with 'q35' machine type to device-plug-test

[Michael Labiuk via]

Configure pci bridge setting to plug pci device and unplug.

Signed-off-by: Michael Labiuk 
---
 tests/qtest/device-plug-test.c | 41 ++
 1 file changed, 41 insertions(+)

diff --git a/tests/qtest/device-plug-test.c b/tests/qtest/device-plug-test.c
index e595b45b66..d66c386ef4 100644
--- a/tests/qtest/device-plug-test.c
+++ b/tests/qtest/device-plug-test.c
@@ -90,6 +90,19 @@ static void test_pci_unplug_request(void)
 qtest_quit(qtest);
 }
 
+static void test_q35_pci_unplug_request(void)
+{
+
+QTestState *qtest = qtest_initf("-machine q35 "
+"-device pcie-root-port,id=p1 "
+"-device pcie-pci-bridge,bus=p1,id=b1 "
+"-device virtio-mouse-pci,bus=b1,id=dev0");
+
+process_device_remove(qtest, "dev0");
+
+qtest_quit(qtest);
+}
+
 static void test_pci_unplug_json_request(void)
 {
 const char *arch = qtest_get_arch();
@@ -108,6 +121,27 @@ static void test_pci_unplug_json_request(void)
 qtest_quit(qtest);
 }
 
+static void test_q35_pci_unplug_json_request(void)
+{
+const char *port = "-device '{\"driver\": \"pcie-root-port\", "
+  "\"id\": \"p1\"}'";
+
+const char *bridge = "-device '{\"driver\": \"pcie-pci-bridge\", "
+   "\"id\": \"b1\", "
+   "\"bus\": \"p1\"}'";
+
+const char *device = "-device '{\"driver\": \"virtio-mouse-pci\", "
+   "\"bus\": \"b1\", "
+   "\"id\": \"dev0\"}'";
+
+QTestState *qtest = qtest_initf("-machine q35 %s %s %s",
+port, bridge, device);
+
+process_device_remove(qtest, "dev0");
+
+qtest_quit(qtest);
+}
+
 static void test_ccw_unplug(void)
 {
 QTestState *qtest = qtest_initf("-device virtio-balloon-ccw,id=dev0");
@@ -187,5 +221,12 @@ int main(int argc, char **argv)
test_spapr_phb_unplug_request);
 }
 
+if (!strcmp(arch, "x86_64")) {
+qtest_add_func("/device-plug/q35-pci-unplug-request",
+   test_q35_pci_unplug_request);
+qtest_add_func("/device-plug/q35-pci-unplug-json-request",
+   test_q35_pci_unplug_json_request);
+}
+
 return g_test_run();
 }
-- 
2.34.1

Re: [PATCH v2 10/39] hw/usb: dev-mtp: Use g_mkdir()

[Gerd Hoffmann]

On Tue, Sep 20, 2022 at 06:31:30PM +0800, Bin Meng wrote:
> From: Bin Meng 
> 
> Use g_mkdir() to create a directory on all platforms.
> 
> Signed-off-by: Bin Meng 

Acked-by: Gerd Hoffmann 

[PATCH v2 37/39] .gitlab-ci.d/windows.yml: Display meson test logs

[Bin Meng]

From: Bin Meng 

When CI fails we don't know what causes the failure. Displaying the
meson test logs can be helpful.

Signed-off-by: Bin Meng 
---

Changes in v2:
- new patch: Display meson test logs in the Windows CI

 .gitlab-ci.d/windows.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.d/windows.yml b/.gitlab-ci.d/windows.yml
index 818676662a..dcd553a081 100644
--- a/.gitlab-ci.d/windows.yml
+++ b/.gitlab-ci.d/windows.yml
@@ -62,7 +62,7 @@ msys2-64bit:
   --enable-capstone'
   - .\msys64\usr\bin\bash -lc "sed -i '/^ROMS=/d' build/config-host.mak"
   - .\msys64\usr\bin\bash -lc 'make'
-  - .\msys64\usr\bin\bash -lc 'make check'
+  - .\msys64\usr\bin\bash -lc 'make check || { cat 
build/meson-logs/testlog.txt; exit 1; } ;'
 
 msys2-32bit:
   extends: .shared_msys2_builder
@@ -95,4 +95,4 @@ msys2-32bit:
   - cd output
   - ..\msys64\usr\bin\bash -lc "../configure --target-list=ppc64-softmmu"
   - ..\msys64\usr\bin\bash -lc 'make'
-  - ..\msys64\usr\bin\bash -lc 'make check'
+  - ..\msys64\usr\bin\bash -lc 'make check || { cat meson-logs/testlog.txt; 
exit 1; } ;'
-- 
2.34.1

Re: [PATCH v3 3/6] accel/tcg: Suppress auto-invalidate in probe_access_internal

[Peter Maydell]

On Mon, 5 Sept 2022 at 21:26, Richard Henderson
 wrote:
>
> When PAGE_WRITE_INV is set when calling tlb_set_page,
> we immediately set TLB_INVALID_MASK in order to force
> tlb_fill to be called on the next lookup.  Here in
> probe_access_internal, we have just called tlb_fill
> and eliminated true misses, thus the lookup must be valid.
>
> This allows us to remove a warning comment from s390x.
> There doesn't seem to be a reason to change the code though.

I looked at the s390 code and although it seems a bit awkward
to still have the action-at-a-distance env->tlb_fill_exc, I
couldn't think of an obviously neater way to do it. So
assuming the s390 folks are happy with this,

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [PATCH v3 2/6] accel/tcg: Drop addr member from SavedIOTLB

[Peter Maydell]

On Mon, 5 Sept 2022 at 21:27, Richard Henderson
 wrote:
>
> This field is only written, not read; remove it.
>
> Signed-off-by: Richard Henderson 
> ---

Reviewed-by: Peter Maydell 

thanks
-- PMM

[PATCH v4 1/7] tests/x86: Move common code to function in device-plug-test

[Michael Labiuk via]

Move common code for device removing to function.

Signed-off-by: Michael Labiuk 
---
 tests/qtest/device-plug-test.c | 42 ++
 1 file changed, 17 insertions(+), 25 deletions(-)

diff --git a/tests/qtest/device-plug-test.c b/tests/qtest/device-plug-test.c
index a1fb99c8ff..e595b45b66 100644
--- a/tests/qtest/device-plug-test.c
+++ b/tests/qtest/device-plug-test.c
@@ -61,6 +61,18 @@ static void wait_device_deleted_event(QTestState *qtest, 
const char *id)
 }
 }
 
+static void process_device_remove(QTestState *qtest, const char *id)
+{
+/*
+ * Request device removal. As the guest is not running, the request won't
+ * be processed. However during system reset, the removal will be
+ * handled, removing the device.
+ */
+device_del(qtest, id);
+system_reset(qtest);
+wait_device_deleted_event(qtest, id);
+}
+
 static void test_pci_unplug_request(void)
 {
 const char *arch = qtest_get_arch();
@@ -73,14 +85,7 @@ static void test_pci_unplug_request(void)
 QTestState *qtest = qtest_initf("%s -device virtio-mouse-pci,id=dev0",
 machine_addition);
 
-/*
- * Request device removal. As the guest is not running, the request won't
- * be processed. However during system reset, the removal will be
- * handled, removing the device.
- */
-device_del(qtest, "dev0");
-system_reset(qtest);
-wait_device_deleted_event(qtest, "dev0");
+process_device_remove(qtest, "dev0");
 
 qtest_quit(qtest);
 }
@@ -98,14 +103,7 @@ static void test_pci_unplug_json_request(void)
 "%s -device \"{'driver': 'virtio-mouse-pci', 'id': 'dev0'}\"",
 machine_addition);
 
-/*
- * Request device removal. As the guest is not running, the request won't
- * be processed. However during system reset, the removal will be
- * handled, removing the device.
- */
-device_del(qtest, "dev0");
-system_reset(qtest);
-wait_device_deleted_event(qtest, "dev0");
+process_device_remove(qtest, "dev0");
 
 qtest_quit(qtest);
 }
@@ -128,9 +126,7 @@ static void test_spapr_cpu_unplug_request(void)
 "-device 
power9_v2.0-spapr-cpu-core,core-id=1,id=dev0");
 
 /* similar to test_pci_unplug_request */
-device_del(qtest, "dev0");
-system_reset(qtest);
-wait_device_deleted_event(qtest, "dev0");
+process_device_remove(qtest, "dev0");
 
 qtest_quit(qtest);
 }
@@ -144,9 +140,7 @@ static void test_spapr_memory_unplug_request(void)
 "-device pc-dimm,id=dev0,memdev=mem0");
 
 /* similar to test_pci_unplug_request */
-device_del(qtest, "dev0");
-system_reset(qtest);
-wait_device_deleted_event(qtest, "dev0");
+process_device_remove(qtest, "dev0");
 
 qtest_quit(qtest);
 }
@@ -158,9 +152,7 @@ static void test_spapr_phb_unplug_request(void)
 qtest = qtest_initf("-device spapr-pci-host-bridge,index=1,id=dev0");
 
 /* similar to test_pci_unplug_request */
-device_del(qtest, "dev0");
-system_reset(qtest);
-wait_device_deleted_event(qtest, "dev0");
+process_device_remove(qtest, "dev0");
 
 qtest_quit(qtest);
 }
-- 
2.34.1

[PATCH v4 3/7] tests/x86: Add 'q35' machine type to ivshmem-test

[Michael Labiuk via]

Configure pci bridge setting to test ivshmem on 'q35'.

Signed-off-by: Michael Labiuk 
---
 tests/qtest/ivshmem-test.c | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/tests/qtest/ivshmem-test.c b/tests/qtest/ivshmem-test.c
index 9611d05eb5..0f9755abc6 100644
--- a/tests/qtest/ivshmem-test.c
+++ b/tests/qtest/ivshmem-test.c
@@ -378,6 +378,32 @@ static void test_ivshmem_server(void)
 close(thread.pipe[0]);
 }
 
+static void device_del(QTestState *qtest, const char *id)
+{
+QDict *resp;
+
+resp = qtest_qmp(qtest,
+ "{'execute': 'device_del',"
+ " 'arguments': { 'id': %s } }", id);
+
+g_assert(qdict_haskey(resp, "return"));
+qobject_unref(resp);
+}
+
+static void test_ivshmem_hotplug_q35(void)
+{
+QTestState *qts = qtest_init("-object memory-backend-ram,size=1M,id=mb1 "
+ "-device pcie-root-port,id=p1 "
+ "-device pcie-pci-bridge,bus=p1,id=b1 "
+ "-machine q35");
+
+qtest_qmp_device_add(qts, "ivshmem-plain", "iv1",
+ "{'memdev': 'mb1', 'bus': 'b1'}");
+device_del(qts, "iv1");
+
+qtest_quit(qts);
+}
+
 #define PCI_SLOT_HP 0x06
 
 static void test_ivshmem_hotplug(void)
@@ -469,6 +495,7 @@ int main(int argc, char **argv)
 {
 int ret, fd;
 gchar dir[] = "/tmp/ivshmem-test.XX";
+const char *arch = qtest_get_arch();
 
 g_test_init(&argc, &argv, NULL);
 
@@ -494,6 +521,9 @@ int main(int argc, char **argv)
 qtest_add_func("/ivshmem/pair", test_ivshmem_pair);
 qtest_add_func("/ivshmem/server", test_ivshmem_server);
 }
+if (!strcmp(arch, "x86_64")) {
+qtest_add_func("/ivshmem/hotplug-q35", test_ivshmem_hotplug_q35);
+}
 
 out:
 ret = g_test_run();
-- 
2.34.1

[PATCH v4 5/7] tests/x86: Add 'q35' machine type to override-tests in hd-geo-test

[Michael Labiuk via]

Signed-off-by: Michael Labiuk 
---
 tests/qtest/hd-geo-test.c | 105 +++---
 1 file changed, 98 insertions(+), 7 deletions(-)

diff --git a/tests/qtest/hd-geo-test.c b/tests/qtest/hd-geo-test.c
index 413cf964c0..58b1107d64 100644
--- a/tests/qtest/hd-geo-test.c
+++ b/tests/qtest/hd-geo-test.c
@@ -693,7 +693,8 @@ static void add_virtio_disk(TestArgs *args,
 args->n_virtio_disks++;
 }
 
-static void test_override(TestArgs *args, CHSResult expected[])
+static void test_override(TestArgs *args, const char *arch,
+  CHSResult expected[])
 {
 QTestState *qts;
 char *joined_args;
@@ -702,7 +703,7 @@ static void test_override(TestArgs *args, CHSResult 
expected[])
 
 joined_args = g_strjoinv(" ", args->argv);
 
-qts = qtest_initf("-machine pc %s", joined_args);
+qts = qtest_initf("-machine %s %s", arch, joined_args);
 fw_cfg = pc_fw_cfg_init(qts);
 
 read_bootdevices(fw_cfg, expected);
@@ -739,7 +740,28 @@ static void test_override_ide(void)
 add_ide_disk(args, 1, 0, 1, 9000, 120, 30);
 add_ide_disk(args, 2, 1, 0, 0, 1, 1);
 add_ide_disk(args, 3, 1, 1, 1, 0, 0);
-test_override(args, expected);
+test_override(args, "pc", expected);
+}
+
+static void test_override_sata(void)
+{
+TestArgs *args = create_args();
+CHSResult expected[] = {
+{"/pci@i0cf8/pci8086,2922@1f,2/drive@0/disk@0", {1, 120, 30} },
+{"/pci@i0cf8/pci8086,2922@1f,2/drive@1/disk@0", {9000, 120, 30} },
+{"/pci@i0cf8/pci8086,2922@1f,2/drive@2/disk@0", {0, 1, 1} },
+{"/pci@i0cf8/pci8086,2922@1f,2/drive@3/disk@0", {1, 0, 0} },
+{NULL, {0, 0, 0} }
+};
+add_drive_with_mbr(args, empty_mbr, 1);
+add_drive_with_mbr(args, empty_mbr, 1);
+add_drive_with_mbr(args, empty_mbr, 1);
+add_drive_with_mbr(args, empty_mbr, 1);
+add_ide_disk(args, 0, 0, 0, 1, 120, 30);
+add_ide_disk(args, 1, 1, 0, 9000, 120, 30);
+add_ide_disk(args, 2, 2, 0, 0, 1, 1);
+add_ide_disk(args, 3, 3, 0, 1, 0, 0);
+test_override(args, "q35", expected);
 }
 
 static void test_override_scsi(void)
@@ -761,7 +783,43 @@ static void test_override_scsi(void)
 add_scsi_disk(args, 1, 0, 0, 1, 0, 9000, 120, 30);
 add_scsi_disk(args, 2, 0, 0, 2, 0, 1, 0, 0);
 add_scsi_disk(args, 3, 0, 0, 3, 0, 0, 1, 0);
-test_override(args, expected);
+test_override(args, "pc", expected);
+}
+
+static void setup_pci_bridge(TestArgs *args, const char *id, const char 
*rootid)
+{
+
+char *root, *br;
+root = g_strdup_printf("-device pcie-root-port,id=%s", rootid);
+br = g_strdup_printf("-device pcie-pci-bridge,bus=%s,id=%s", rootid, id);
+
+args->argc = append_arg(args->argc, args->argv, ARGV_SIZE, root);
+args->argc = append_arg(args->argc, args->argv, ARGV_SIZE, br);
+}
+
+static void test_override_scsi_q35(void)
+{
+TestArgs *args = create_args();
+CHSResult expected[] = {
+{   "/pci@i0cf8/pci-bridge@1/scsi@3/channel@0/disk@0,0",
+{1, 120, 30}
+},
+{"/pci@i0cf8/pci-bridge@1/scsi@3/channel@0/disk@1,0", {9000, 120, 30} 
},
+{"/pci@i0cf8/pci-bridge@1/scsi@3/channel@0/disk@2,0", {1, 0, 0} },
+{"/pci@i0cf8/pci-bridge@1/scsi@3/channel@0/disk@3,0", {0, 1, 0} },
+{NULL, {0, 0, 0} }
+};
+add_drive_with_mbr(args, empty_mbr, 1);
+add_drive_with_mbr(args, empty_mbr, 1);
+add_drive_with_mbr(args, empty_mbr, 1);
+add_drive_with_mbr(args, empty_mbr, 1);
+setup_pci_bridge(args, "pcie.0", "br");
+add_scsi_controller(args, "lsi53c895a", "br", 3);
+add_scsi_disk(args, 0, 0, 0, 0, 0, 1, 120, 30);
+add_scsi_disk(args, 1, 0, 0, 1, 0, 9000, 120, 30);
+add_scsi_disk(args, 2, 0, 0, 2, 0, 1, 0, 0);
+add_scsi_disk(args, 3, 0, 0, 3, 0, 0, 1, 0);
+test_override(args, "q35", expected);
 }
 
 static void test_override_scsi_2_controllers(void)
@@ -784,7 +842,7 @@ static void test_override_scsi_2_controllers(void)
 add_scsi_disk(args, 1, 0, 0, 1, 0, 9000, 120, 30);
 add_scsi_disk(args, 2, 1, 0, 0, 1, 1, 0, 0);
 add_scsi_disk(args, 3, 1, 0, 1, 2, 0, 1, 0);
-test_override(args, expected);
+test_override(args, "pc", expected);
 }
 
 static void test_override_virtio_blk(void)
@@ -799,7 +857,23 @@ static void test_override_virtio_blk(void)
 add_drive_with_mbr(args, empty_mbr, 1);
 add_virtio_disk(args, 0, "pci.0", 3, 1, 120, 30);
 add_virtio_disk(args, 1, "pci.0", 4, 9000, 120, 30);
-test_override(args, expected);
+test_override(args, "pc", expected);
+}
+
+static void test_override_virtio_blk_q35(void)
+{
+TestArgs *args = create_args();
+CHSResult expected[] = {
+{"/pci@i0cf8/pci-bridge@2/scsi@3/disk@0,0", {1, 120, 30} },
+{"/pci@i0cf8/pci-bridge@2/scsi@4/disk@0,0", {9000, 120, 30} },
+{NULL, {0, 0, 0} }
+};
+add_drive_with_mbr(args, empty_mbr, 1);
+add_drive_with_mbr(args, empty_mbr, 1);
+setup_pci_bridg

Re: [kvm-unit-tests PATCH v4 07/12] arm: pmu: Basic event counter Tests

[Zenghui Yu via]

Hi Eric,

On 2022/9/20 17:23, Eric Auger wrote:

Hi Zenghui,

On 9/19/22 16:30, Zenghui Yu wrote:

Hi Eric,

A few comments when looking through the PMU test code (2 years after
the series was merged).


Thank you for reviewing even after this time! Do you want to address the
issues yourself and send a patch series or do you prefer I proceed?


It'd be great if you could help to proceed. I'm afraid that I don't
have enough time to deal with it in the next few days.

Thanks,
Zenghui

Re: [PATCH v4 for 7.2 00/22] virtio-gpio and various virtio cleanups

[Alex Bennée]

Stefan Hajnoczi  writes:

> [[PGP Signed Part:Undecided]]
> On Fri, Sep 16, 2022 at 07:51:40AM +0100, Alex Bennée wrote:
>> 
>> Alex Bennée  writes:
>> 
>> > Hi,
>> >
>> > This is an update to the previous series which fixes the last few
>> > niggling CI failures I was seeing.
>> >
>> >Subject: [PATCH v3 for 7.2 00/21] virtio-gpio and various virtio 
>> > cleanups
>> >Date: Tue, 26 Jul 2022 20:21:29 +0100
>> >Message-Id: <20220726192150.2435175-1-alex.ben...@linaro.org>
>> >
>> > The CI failures were tricky to track down because they didn't occur
>> > locally but after patching to dump backtraces they all seem to involve
>> > updates to virtio_set_status() as the machine was torn down. I think
>> > patch that switches all users to use virtio_device_started() along
>> > with consistent checking of vhost_dev->started stops this from
>> > happening. The clean-up seems worthwhile in reducing boilerplate
>> > anyway.
>> >
>> > The following patches still need review:
>> >
>> >   - tests/qtest: enable tests for virtio-gpio
>> >   - tests/qtest: add a get_features op to vhost-user-test
>> >   - tests/qtest: implement stub for VHOST_USER_GET_CONFIG
>> >   - tests/qtest: add assert to catch bad features
>> >   - tests/qtest: plain g_assert for VHOST_USER_F_PROTOCOL_FEATURES
>> >   - tests/qtest: catch unhandled vhost-user messages
>> >   - tests/qtest: use qos_printf instead of g_test_message
>> >   - tests/qtest: pass stdout/stderr down to subtests
>> >   - hw/virtio: move vhd->started check into helper and add FIXME
>> >   - hw/virtio: move vm_running check to virtio_device_started
>> >   - hw/virtio: add some vhost-user trace events
>> >   - hw/virtio: log potentially buggy guest drivers
>> >   - hw/virtio: fix some coding style issues
>> >   - include/hw: document vhost_dev feature life-cycle
>> >   - include/hw/virtio: more comment for VIRTIO_F_BAD_FEATURE
>> >   - hw/virtio: fix vhost_user_read tracepoint
>> >   - hw/virtio: handle un-configured shutdown in virtio-pci
>> >   - hw/virtio: gracefully handle unset vhost_dev vdev
>> >   - hw/virtio: incorporate backend features in features
>> 
>> 
>> Ping?
>
> Who are you pinging?
>
> Only qemu-devel is on To and there are a bunch of people on Cc.

Well I guess MST is the maintainer for the sub-system but I was hoping
other virtio contributors had some sort of view. The process of
up-streaming a simple vhost-user stub has flushed out all sorts of
stuff.

>
> Stefan
>
> [[End of PGP Signed Part]]


-- 
Alex Bennée

Re: [RFC PATCH] libvduse: Do not truncate terminating NUL character with strncpy()

[Markus Armbruster]

Philippe Mathieu-Daudé  writes:

> GCC 8 added a -Wstringop-truncation warning:
>
>   The -Wstringop-truncation warning added in GCC 8.0 via r254630 for
>   bug 81117 is specifically intended to highlight likely unintended
>   uses of the strncpy function that truncate the terminating NUL
>   character from the source string.
>
> Here the next line indeed unconditionally zeroes the last byte, so
> we can call strncpy() on the buffer size less the last byte.

Actually, the buffer is all zero to begin with, so we could do this even
without the next line's assignment.

>  This
> fixes when using gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0:
>
>   [42/666] Compiling C object subprojects/libvduse/libvduse.a.p/libvduse.c.o
>   FAILED: subprojects/libvduse/libvduse.a.p/libvduse.c.o
>   cc -m64 -mcx16 -Isubprojects/libvduse/libvduse.a.p -Isubprojects/libvduse 
> -I../../subprojects/libvduse [...] -o 
> subprojects/libvduse/libvduse.a.p/libvduse.c.o -c 
> ../../subprojects/libvduse/libvduse.c
>   In file included from /usr/include/string.h:495,
>from ../../subprojects/libvduse/libvduse.c:24:
>   In function ‘strncpy’,
>   inlined from ‘vduse_dev_create’ at 
> ../../subprojects/libvduse/libvduse.c:1312:5:
>   /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: 
> ‘__builtin_strncpy’ specified bound 256 equals destination size 
> [-Werror=stringop-truncation]
> 106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos 
> (__dest));
> |  
> ^~
>   cc1: all warnings being treated as errors
>   ninja: build stopped: cannot make progress due to previous errors.
>
> Fixes: d9cf16c0be ("libvduse: Replace strcpy() with strncpy()")
> Signed-off-by: Philippe Mathieu-Daudé 

The subject feels a bit too alarming to me.  This patch suppresses a
warning, no less, no more.  Behavior doesn't change.  Perhaps

libvduse: Avoid warning about dangerous use of strncpy()

> ---
> Cc: Xie Yongji 
> Cc: Markus Armbruster 
> Cc: Kevin Wolf 
>
> RFC: Any better idea? We can't use strpadcpy() because libvduse
> doesn't depend on QEMU.

There's no need for padding: the destination calloc'ed.  So, pstrcpy()
would do, but it's just as unavailable.  Can we use GLib?  There's
g_strlcpy().

Outside this patch's scope: is silent truncation what we want?

> ---
>  subprojects/libvduse/libvduse.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
> index 1a5981445c..e460780ce3 100644
> --- a/subprojects/libvduse/libvduse.c
> +++ b/subprojects/libvduse/libvduse.c
> @@ -1309,7 +1309,7 @@ VduseDev *vduse_dev_create(const char *name, uint32_t 
> device_id,
>  goto err_dev;
>  }
>  
> -strncpy(dev_config->name, name, VDUSE_NAME_MAX);
> +strncpy(dev_config->name, name, VDUSE_NAME_MAX - 1);
>  dev_config->name[VDUSE_NAME_MAX - 1] = '\0';
>  dev_config->device_id = device_id;
>  dev_config->vendor_id = vendor_id;

Since the buffer is known to be all zero, the padding done by strncpy()
is unnecessary, and so is the assignment that follows it.  I don't mind.

Reviewed-by: Markus Armbruster 

Re: [PATCH 1/9] hw/riscv/sifive_e: Fix inheritance of SiFiveEState

[Markus Armbruster]

Alistair Francis  writes:

> On Tue, Sep 20, 2022 at 9:18 AM Bernhard Beschow  wrote:
>>
>> SiFiveEState inherits from SysBusDevice while it's TypeInfo claims it to
>> inherit from TYPE_MACHINE. This is an inconsistency which can cause
>> undefined behavior such as memory corruption.
>>
>> Change SiFiveEState to inherit from MachineState since it is registered
>> as a machine.
>>
>> Signed-off-by: Bernhard Beschow 
>
> Reviewed-by: Alistair Francis 

To the SiFive maintainers: since this is a bug fix, let's merge it right
away.

Re: [PULL v3 00/20] tcg patch queue

[Ilya Leoshkevich]

On Tue, 2022-09-20 at 12:27 +0200, Thomas Huth wrote:
> On 06/09/2022 10.37, Richard Henderson wrote:
> > v2: Fix incorretly resolved rebase conflict in patch 16.
> > v3: Work around clang preprocessor bug in patch 3.
> > 
> > 
> > r~
> > 
> > 
> > The following changes since commit
> > fd28528ece590dc709d1a893fce2ff2f68ddca70:
> > 
> >    Merge tag 'pull-or1k-20220904' of
> > https://github.com/stffrdhrn/qemu into staging (2022-09-05 18:01:02
> > -0400)
> > 
> > are available in the Git repository at:
> > 
> >    https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220906
> > 
> > for you to fetch changes up to
> > 00c07344fa245b22e895b363320ba4cd0ec1088a:
> > 
> >    target/riscv: Make translator stop before the end of a page
> > (2022-09-06 08:04:26 +0100)
> > 
> > 
> > Respect PROT_EXEC in user-only mode.
> > Fix s390x, i386 and riscv for translations crossing a page.
> > 
> > 
> > Ilya Leoshkevich (4):
> >    linux-user: Clear translations on mprotect()
> >    accel/tcg: Introduce is_same_page()
> >    target/s390x: Make translator stop before the end of a page
> >    target/i386: Make translator stop before the end of a page
> > 
> > Richard Henderson (16):
> >    linux-user/arm: Mark the commpage executable
> >    linux-user/hppa: Allocate page zero as a commpage
> >    linux-user/x86_64: Allocate vsyscall page as a commpage
> >    linux-user: Honor PT_GNU_STACK
> >    tests/tcg/i386: Move smc_code2 to an executable section
> >    accel/tcg: Properly implement get_page_addr_code for user-
> > only
> >    accel/tcg: Unlock mmap_lock after longjmp
> >    accel/tcg: Make tb_htable_lookup static
> >    accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c
> >    accel/tcg: Use probe_access_internal for softmmu
> > get_page_addr_code_hostp
> >    accel/tcg: Document the faulting lookup in tb_lookup_cmp
> >    accel/tcg: Remove translator_ldsw
> >    accel/tcg: Add pc and host_pc params to
> > gen_intermediate_code
> >    accel/tcg: Add fast path for translator_ld*
> >    target/riscv: Add MAX_INSN_LEN and insn_len
> >    target/riscv: Make translator stop before the end of a page
> 
>   Hi Richard!
> 
> Since your pull request has been merged, the Travis CI now constantly
> shows 
> a failure, see:
> 
>   https://app.travis-ci.com/gitlab/qemu-project/qemu/builds/255231855
> 
> The previous runs were all green, so I assume this has been
> introduced by 
> one of the patches in here. Could you please have a look?
> 
>   Thanks,
>    Thomas
> 

The reason seems to be that vstl instruction (used by libc's memcpy)
is not treated as a write for purposes of self-modifying-code
detection. This causes qemu to incorrectly forward SEGV to the guest
program.

I will prepare a patch.

[PATCH] linux-user/host/s390: Add vector instructions to host_signal_write()

[Ilya Leoshkevich]

The new noexec test fails on s390x with "unexpected SEGV". This test
overwrites code using libc's memcpy(), which uses VSTL instruction.
host_signal_write() does not recognize it, which causes SEGV to be
incorrectly forwarded to the test.

Add all vector instructions that write to memory to
host_signal_write().

Reported-by: Thomas Huth 
Fixes: ab12c95d3f19 ("target/s390x: Make translator stop before the end of a 
page")
Signed-off-by: Ilya Leoshkevich 
---
 linux-user/include/host/s390/host-signal.h | 25 ++
 1 file changed, 25 insertions(+)

diff --git a/linux-user/include/host/s390/host-signal.h 
b/linux-user/include/host/s390/host-signal.h
index 25fefa00bd..e6d3ec26dc 100644
--- a/linux-user/include/host/s390/host-signal.h
+++ b/linux-user/include/host/s390/host-signal.h
@@ -87,6 +87,31 @@ static inline bool host_signal_write(siginfo_t *info, 
host_sigcontext *uc)
 return true;
 }
 break;
+case 0xe6:
+switch (pinsn[2] & 0xff) {
+case 0x09: /* VSTEBRH */
+case 0x0a: /* VSTEBRG */
+case 0x0b: /* VSTEBRF */
+case 0x0e: /* VSTBR */
+case 0x0f: /* VSTER */
+case 0x3f: /* VSTRLR */
+return true;
+}
+break;
+case 0xe7:
+switch (pinsn[2] & 0xff) {
+case 0x08: /* VSTEB */
+case 0x09: /* VSTEH */
+case 0x0a: /* VSTEG */
+case 0x0b: /* VSTEF */
+case 0x0e: /* VST */
+case 0x1a: /* VSCEG */
+case 0x1b: /* VSCEF */
+case 0x3e: /* VSTM */
+case 0x3f: /* VSTL */
+return true;
+}
+break;
 case 0xeb: /* RSY format insns */
 switch (pinsn[2] & 0xff) {
 case 0x14: /* CSY */
-- 
2.37.2