[PATCH v2] seccomp: Get actual errno value from failed seccomp functions

[Michal Privoznik]

Upon failure, a libseccomp API returns actual errno value very
rarely. Fortunately, after its commit 34bf78ab (contained in
2.5.0 release), the SCMP_FLTATR_API_SYSRAWRC attribute can be set
which makes subsequent APIs return true errno on failure.

This is especially critical when seccomp_load() fails, because
generic -ECANCELED says nothing.

Signed-off-by: Michal Privoznik 
Reviewed-by: Philippe Mathieu-Daudé 
---

v2 of:

https://lists.gnu.org/archive/html/qemu-devel/2022-10/msg04509.html

diff to v1:
- added comment when setting SYSRAWRC attribute per Philippe's
  suggestion

 meson.build|  9 +
 softmmu/qemu-seccomp.c | 13 +
 2 files changed, 22 insertions(+)

diff --git a/meson.build b/meson.build
index b686dfef75..5f114c89d9 100644
--- a/meson.build
+++ b/meson.build
@@ -636,10 +636,16 @@ if vmnet.found() and not 
cc.has_header_symbol('vmnet/vmnet.h',
 endif
 
 seccomp = not_found
+seccomp_has_sysrawrc = false
 if not get_option('seccomp').auto() or have_system or have_tools
   seccomp = dependency('libseccomp', version: '>=2.3.0',
required: get_option('seccomp'),
method: 'pkg-config', kwargs: static_kwargs)
+  if seccomp.found()
+seccomp_has_sysrawrc = cc.has_header_symbol('seccomp.h',
+'SCMP_FLTATR_API_SYSRAWRC',
+dependencies: seccomp)
+  endif
 endif
 
 libcap_ng = not_found
@@ -1849,6 +1855,9 @@ config_host_data.set('CONFIG_RDMA', rdma.found())
 config_host_data.set('CONFIG_SDL', sdl.found())
 config_host_data.set('CONFIG_SDL_IMAGE', sdl_image.found())
 config_host_data.set('CONFIG_SECCOMP', seccomp.found())
+if seccomp.found()
+  config_host_data.set('CONFIG_SECCOMP_SYSRAWRC', seccomp_has_sysrawrc)
+endif
 config_host_data.set('CONFIG_SNAPPY', snappy.found())
 config_host_data.set('CONFIG_TPM', have_tpm)
 config_host_data.set('CONFIG_USB_LIBUSB', libusb.found())
diff --git a/softmmu/qemu-seccomp.c b/softmmu/qemu-seccomp.c
index deaf8a4ef5..d66a2a1226 100644
--- a/softmmu/qemu-seccomp.c
+++ b/softmmu/qemu-seccomp.c
@@ -312,6 +312,19 @@ static int seccomp_start(uint32_t seccomp_opts, Error 
**errp)
 goto seccomp_return;
 }
 
+#if defined(CONFIG_SECCOMP_SYSRAWRC)
+/*
+ * This must be the first seccomp_attr_set() call to have full
+ * error propagation from subsequent seccomp APIs.
+ */
+rc = seccomp_attr_set(ctx, SCMP_FLTATR_API_SYSRAWRC, 1);
+if (rc != 0) {
+error_setg_errno(errp, -rc,
+ "failed to set seccomp rawrc attribute");
+goto seccomp_return;
+}
+#endif
+
 rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
 if (rc != 0) {
 error_setg_errno(errp, -rc,
-- 
2.37.4

Re: [PATCH] chardev/char-win-stdio: Pass Ctrl+C to guest with a multiplexed monitor

[Marc-André Lureau]

On Tue, Oct 25, 2022 at 6:15 PM Bin Meng  wrote:
>
> At present when pressing Ctrl+C from a guest running on QEMU Windows
> with a multiplexed monitor, e.g.: -serial mon:stdio, QEMU executable
> just exits. This behavior is inconsistent with the Linux version.
>
> Such behavior is caused by unconditionally setting the input mode
> ENABLE_PROCESSED_INPUT for a console's input buffer. Fix this by
> testing whether the chardev is allowed to do so.
>
> Signed-off-by: Bin Meng 

Reviewed-by: Marc-André Lureau 


> ---
>
>  chardev/char-win-stdio.c | 8 +++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/chardev/char-win-stdio.c b/chardev/char-win-stdio.c
> index a4771ab82e..eb830eabd9 100644
> --- a/chardev/char-win-stdio.c
> +++ b/chardev/char-win-stdio.c
> @@ -146,6 +146,8 @@ static void qemu_chr_open_stdio(Chardev *chr,
>  bool *be_opened,
>  Error **errp)
>  {
> +ChardevStdio *opts = backend->u.stdio.data;
> +bool stdio_allow_signal = !opts->has_signal || opts->signal;
>  WinStdioChardev *stdio = WIN_STDIO_CHARDEV(chr);
>  DWORD  dwMode;
>  intis_console = 0;
> @@ -193,7 +195,11 @@ static void qemu_chr_open_stdio(Chardev *chr,
>  if (is_console) {
>  /* set the terminal in raw mode */
>  /* ENABLE_QUICK_EDIT_MODE | ENABLE_EXTENDED_FLAGS */
> -dwMode |= ENABLE_PROCESSED_INPUT;
> +if (stdio_allow_signal) {
> +dwMode |= ENABLE_PROCESSED_INPUT;
> +} else {
> +dwMode &= ~ENABLE_PROCESSED_INPUT;
> +}
>  }
>
>  SetConsoleMode(stdio->hStdIn, dwMode);
> --
> 2.25.1
>
>


-- 
Marc-André Lureau

Re: [PULL v2 00/11] Dump patches

[Marc-André Lureau]

Hi Janosch

On Wed, Oct 26, 2022 at 1:37 AM Stefan Hajnoczi  wrote:

> Please solve this CI failure:
>
> c++ -o qemu-system-s390x ...
> /usr/bin/ld: libqemu-s390x-softmmu.fa.p/target_s390x_arch_dump.c.o: in
> function `arch_sections_add':
>
> /home/gitlab-runner/builds/Y1MP9VSY/0/qemu-project/qemu/build/../target/s390x/arch_dump.c:392:
> undefined reference to `kvm_s390_get_protected_dump'
> /usr/bin/ld: libqemu-s390x-softmmu.fa.p/target_s390x_arch_dump.c.o: in
> function `cpu_get_dump_info':
>
> /home/gitlab-runner/builds/Y1MP9VSY/0/qemu-project/qemu/build/../target/s390x/arch_dump.c:452:
> undefined reference to `kvm_s390_get_protected_dump'
> collect2: error: ld returned 1 exit status
>
> https://gitlab.com/qemu-project/qemu/-/jobs/3226673649
>
>
Ok to squash this with "s390x: Add protected dump cap" patch ? that should
solve it hopefully.

diff --git a/target/s390x/kvm/stubs.c b/target/s390x/kvm/stubs.c
new file mode 100644
index 00..5fd63b9a7e
--- /dev/null
+++ b/target/s390x/kvm/stubs.c
@@ -0,0 +1,12 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+
+#include "kvm_s390x.h"
+
+int kvm_s390_get_protected_dump(void)
+{
+return false;
+}
diff --git a/target/s390x/kvm/meson.build b/target/s390x/kvm/meson.build
index d1356356b1..aef52b6686 100644
--- a/target/s390x/kvm/meson.build
+++ b/target/s390x/kvm/meson.build
@@ -1,6 +1,8 @@

 s390x_ss.add(when: 'CONFIG_KVM', if_true: files(
   'kvm.c'
+), if_false: files(
+  'stubs.c'
 ))

Re: [PATCH v2 1/4] hw/virtio: incorporate backend features in features

[Alex Bennée]

Yajun Wu  writes:

> Hi Alex,
>
> With this change, VHOST_USER_F_PROTOCOL_FEATURES bit will be set to
> backend for virtio block device (previously not).
>
> From https://www.qemu.org/docs/master/interop/vhost-user.html spec:
> If VHOST_USER_F_PROTOCOL_FEATURES has not been negotiated, the ring starts 
> directly in the enabled state.
> If VHOST_USER_F_PROTOCOL_FEATURES has been negotiated, the ring is
> initialized in a disabled state and is enabled by
> VHOST_USER_SET_VRING_ENABLE with parameter 1.
>
> Vhost-user-blk won't send out VHOST_USER_SET_VRING_ENABLE today. 
> Backend gets VHOST_USER_F_PROTOCOL_FEATURES negotiated and can't get 
> VHOST_USER_SET_VRING_ENABLE.
> VQs keep in disabled state.

If the backend advertises protocol features but the stub doesn't support
it how does it get enabled?

The testing I did was mostly by hand with the gpio backend and using the
qtests. I Think we need to add some acceptance testing into avocado with
some real daemons because I don't think we have enough coverage with the
current qtest approach.

>
> Can you check on this scenario?
>
> Thanks
>
> -Original Message-
> From: Qemu-devel  On Behalf 
> Of Alex Bennée
> Sent: Thursday, July 28, 2022 9:55 PM
> To: qemu-devel@nongnu.org
> Cc: m...@redhat.com; Alex Bennée 
> Subject: [PATCH v2 1/4] hw/virtio: incorporate backend features in features
>
> External email: Use caution opening links or attachments
>
>
> There are some extra bits used over a vhost-user connection which are hidden 
> from the device itself. We need to set them here to ensure we enable things 
> like the protocol extensions.
>
> Currently net/vhost-user.c has it's own inscrutable way of persisting this 
> data but it really should live in the core vhost_user code.
>
> Signed-off-by: Alex Bennée 
> Message-Id: <20220726192150.2435175-7-alex.ben...@linaro.org>
> ---
>  hw/virtio/vhost-user.c | 9 -
>  1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 
> 75b8df21a4..1936a44e82 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -1460,7 +1460,14 @@ static int vhost_user_set_features(struct vhost_dev 
> *dev,
>   */
>  bool log_enabled = features & (0x1ULL << VHOST_F_LOG_ALL);
>
> -return vhost_user_set_u64(dev, VHOST_USER_SET_FEATURES, features,
> +/*
> + * We need to include any extra backend only feature bits that
> + * might be needed by our device. Currently this includes the
> + * VHOST_USER_F_PROTOCOL_FEATURES bit for enabling protocol
> + * features.
> + */
> +return vhost_user_set_u64(dev, VHOST_USER_SET_FEATURES,
> +  features | dev->backend_features,
>log_enabled);  }


-- 
Alex Bennée

[PATCH v2 1/2] xen/pt: fix syntax error that causes FTBFS in some configurations

[Chuck Zmudzinski]

When Qemu is built with --enable-xen and --disable-xen-pci-passthrough
and the target os is linux, the build fails with:

meson.build:3477:2: ERROR: File xen_pt_stub.c does not exist.

Fixes: 582ea95f5f93 ("meson: convert hw/xen")

Signed-off-by: Chuck Zmudzinski 
---
v2: Remove From:  tag at top of commit message

 hw/xen/meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/xen/meson.build b/hw/xen/meson.build
index 08dc1f6857..ae0ace3046 100644
--- a/hw/xen/meson.build
+++ b/hw/xen/meson.build
@@ -18,7 +18,7 @@ if have_xen_pci_passthrough
 'xen_pt_msi.c',
   ))
 else
-  xen_specific_ss.add('xen_pt_stub.c')
+  xen_specific_ss.add(files('xen_pt_stub.c'))
 endif
 
 specific_ss.add_all(when: ['CONFIG_XEN', xen], if_true: xen_specific_ss)
-- 
2.37.2

[PATCH v2 2/2] xen/pt: reserve PCI slot 2 for Intel igd-passthru

[Chuck Zmudzinski]

Intel specifies that the Intel IGD must occupy slot 2 on the PCI bus,
as noted in docs/igd-assign.txt in the Qemu source code.

Currently, when the xl toolstack is used to configure a Xen HVM guest with
Intel IGD passthrough to the guest with the Qemu upstream device model,
a Qemu emulated PCI device will occupy slot 2 and the Intel IGD will occupy
a different slot. This problem often prevents the guest from booting.

The only available workaround is not good: Configure Xen HVM guests to use
the old and no longer maintained Qemu traditional device model available
from xenbits.xen.org which does reserve slot 2 for the Intel IGD.

To implement this feature in the Qemu upstream device model for Xen HVM
guests, introduce the following new class, functions, types, and macros:

* XEN_PT_DEVICE_CLASS declaration, based on the existing TYPE_XEN_PT_DEVICE
* XEN_PT_DEVICE_GET_CLASS macro helper function for XEN_PT_DEVICE_CLASS
* typedef XenPTQdevRealize function pointer
* XEN_PCI_IGD_SLOT_MASK, the value of slot_reserved_mask to reserve slot 2
* xen_igd_reserve_slot and xen_igd_clear_slot functions

The new xen_igd_reserve_slot function uses the existing slot_reserved_mask
member of PCIBus to reserve PCI slot 2 for Xen HVM guests configured using
the xl toolstack with the gfx_passthru option enabled, which sets the
igd-passthru=on option to Qemu for the Xen HVM machine type.

The new xen_igd_reserve_slot function also needs to be implemented in
hw/xen/xen_pt_stub.c to prevent FTBFS during the link stage for the case
when Qemu is configured with --enable-xen and --disable-xen-pci-passthrough,
in which case it does nothing.

The new xen_igd_clear_slot function overrides qdev->realize of the parent
PCI device class to enable the Intel IGD to occupy slot 2 on the PCI bus
since slot 2 was reserved by xen_igd_reserve_slot when the PCI bus was
created in hw/i386/pc_piix.c for the case when igd-passthru=on.

Signed-off-by: Chuck Zmudzinski 
---
Notes that might be helpful to reviewers of patched code in hw/xen:

The new functions and types are based on recommendations from Qemu docs:
https://qemu.readthedocs.io/en/latest/devel/qom.html

Notes that might be helpful to reviewers of patched code in hw/i386:

The small patch to hw/i386/pc_piix.c is protected by CONFIG_XEN so it does
not affect builds that do not have CONFIG_XEN defined.

xen_igd_gfx_pt_enabled() in the patched hw/i386/pc_piix.c file is an
existing function that is only true when Qemu is built with
xen-pci-passthrough enabled and the administrator has configured the Xen
HVM guest with Qemu's igd-passthru=on option.

v2: Remove From:  tag at top of commit message

 hw/i386/pc_piix.c|  3 +++
 hw/xen/xen_pt.c  | 25 +
 hw/xen/xen_pt.h  | 16 
 hw/xen/xen_pt_stub.c |  4 
 4 files changed, 48 insertions(+)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 0b1a79c0fa..a0f04ad62e 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -402,6 +402,9 @@ static void pc_xen_hvm_init(MachineState *machine)
 }
 
 pc_xen_hvm_init_pci(machine);
+if (xen_igd_gfx_pt_enabled()) {
+xen_igd_reserve_slot(pcms->bus);
+}
 pci_create_simple(pcms->bus, -1, "xen-platform");
 }
 #endif
diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
index 0ec7e52183..ec42f47fac 100644
--- a/hw/xen/xen_pt.c
+++ b/hw/xen/xen_pt.c
@@ -950,11 +950,35 @@ static void xen_pci_passthrough_instance_init(Object *obj)
 PCI_DEVICE(obj)->cap_present |= QEMU_PCI_CAP_EXPRESS;
 }
 
+void xen_igd_reserve_slot(PCIBus *pci_bus)
+{
+XEN_PT_LOG(0, "Reserving PCI slot 2 for IGD\n");
+pci_bus->slot_reserved_mask |= XEN_PCI_IGD_SLOT_MASK;
+}
+
+static void xen_igd_clear_slot(DeviceState *qdev, Error **errp)
+{
+PCIDevice *pci_dev = (PCIDevice *)qdev;
+XenPCIPassthroughState *s = XEN_PT_DEVICE(pci_dev);
+XenPTDeviceClass *xptc = XEN_PT_DEVICE_GET_CLASS(s);
+PCIBus *pci_bus = pci_get_bus(pci_dev);
+
+if (is_igd_vga_passthrough(&s->real_device) &&
+(s->real_device.vendor_id == PCI_VENDOR_ID_INTEL)) {
+pci_bus->slot_reserved_mask &= ~XEN_PCI_IGD_SLOT_MASK;
+XEN_PT_LOG(pci_dev, "Intel IGD found, using slot 2\n");
+}
+xptc->pci_qdev_realize(qdev, errp);
+}
+
 static void xen_pci_passthrough_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
 
+XenPTDeviceClass *xptc = XEN_PT_DEVICE_CLASS(klass);
+xptc->pci_qdev_realize = dc->realize;
+dc->realize = xen_igd_clear_slot;
 k->realize = xen_pt_realize;
 k->exit = xen_pt_unregister_device;
 k->config_read = xen_pt_pci_read_config;
@@ -977,6 +1001,7 @@ static const TypeInfo xen_pci_passthrough_info = {
 .instance_size = sizeof(XenPCIPassthroughState),
 .instance_finalize = xen_pci_passthrough_finalize,
 .class_init = xen_pci_passthrough_class_init,
+.class_size = sizeof(XenPTDeviceClass),
 .instance_init = xe

[PATCH v2 0/2] xen/pt: fix FTBFS and reserve PCI slot 2 for the Intel IGD

[Chuck Zmudzinski]

This is a series of two patches:

The first fixes FTBFS when --enable-xen and --disable-xen-pci-passthrough
configure options are set with when building for the linux target os.

The second fixes a regression that was introduced many years ago with the
upgrade from the Qemu traditional device model that is still available
from xenbits.xen.org and based on very old Qemu version 0.10.2.

The regression is that the Qemu traditional device model reserves slot 2
for the Intel IGD on the PCI bus when the Intel IGD is passed through
to a Xen HVM domain, but the current Qemu upsream device model does not
and in fact results in a different slot assigned to the Intel IGD.

This behavior does not conform to the requirement that the Intel IGD must
be assigned to slot 2, as noted in docs/igd-assign.txt in the Qemu source
code: "IGD must be given address 02.0 on the PCI root bus in the VM."

I have used the second patch of the series for the past two years with
no problems. Without the patch, the reliability of PCI passthrough of the
Intel IGD to a Xen HVM guest is very poor, and in some cases the guest
fails to start without the patch.

v2: Remove From:  tag at top of message

Chuck Zmudzinski (2):
  xen/pt: fix syntax error that causes FTBFS in some configurations
  xen/pt: reserve PCI slot 2 for Intel igd-passthru

 hw/i386/pc_piix.c|  3 +++
 hw/xen/meson.build   |  2 +-
 hw/xen/xen_pt.c  | 25 +
 hw/xen/xen_pt.h  | 16 
 hw/xen/xen_pt_stub.c |  4 
 5 files changed, 49 insertions(+), 1 deletion(-)

-- 
2.37.2

Re: [PATCH 3/3] target/tricore: Rename csfr.def -> csfr.h.inc

[Bastian Koppelmann]

On Wed, Oct 26, 2022 at 01:50:06AM +0200, Philippe Mathieu-Daudé wrote:
> We use the .h.inc extension to include C headers. To be consistent
> with the rest of the codebase, rename the C headers using the .def
> extension.
> 
> IDE/tools using our .editorconfig / .gitattributes will leverage
> this consistency.
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  target/tricore/{csfr.def => csfr.h.inc} | 0
>  target/tricore/translate.c  | 4 ++--
>  2 files changed, 2 insertions(+), 2 deletions(-)
>  rename target/tricore/{csfr.def => csfr.h.inc} (100%)

Reviewed-by: Bastian Koppelmann 

Cheers,
Bastian

Re: [PULL v2 00/11] Dump patches

[Janosch Frank]

On 10/26/22 09:42, Marc-André Lureau wrote:

Hi Janosch

On Wed, Oct 26, 2022 at 1:37 AM Stefan Hajnoczi  wrote:


Please solve this CI failure:

c++ -o qemu-system-s390x ...
/usr/bin/ld: libqemu-s390x-softmmu.fa.p/target_s390x_arch_dump.c.o: in
function `arch_sections_add':

/home/gitlab-runner/builds/Y1MP9VSY/0/qemu-project/qemu/build/../target/s390x/arch_dump.c:392:
undefined reference to `kvm_s390_get_protected_dump'
/usr/bin/ld: libqemu-s390x-softmmu.fa.p/target_s390x_arch_dump.c.o: in
function `cpu_get_dump_info':

/home/gitlab-runner/builds/Y1MP9VSY/0/qemu-project/qemu/build/../target/s390x/arch_dump.c:452:
undefined reference to `kvm_s390_get_protected_dump'
collect2: error: ld returned 1 exit status

https://gitlab.com/qemu-project/qemu/-/jobs/3226673649



Ok to squash this with "s390x: Add protected dump cap" patch ? that should
solve it hopefully.


Sure, LGTM



diff --git a/target/s390x/kvm/stubs.c b/target/s390x/kvm/stubs.c
new file mode 100644
index 00..5fd63b9a7e
--- /dev/null
+++ b/target/s390x/kvm/stubs.c
@@ -0,0 +1,12 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+
+#include "kvm_s390x.h"
+
+int kvm_s390_get_protected_dump(void)
+{
+return false;
+}
diff --git a/target/s390x/kvm/meson.build b/target/s390x/kvm/meson.build
index d1356356b1..aef52b6686 100644
--- a/target/s390x/kvm/meson.build
+++ b/target/s390x/kvm/meson.build
@@ -1,6 +1,8 @@

  s390x_ss.add(when: 'CONFIG_KVM', if_true: files(
'kvm.c'
+), if_false: files(
+  'stubs.c'
  ))

Re: [PATCH v10 1/9] s390x/cpu topology: core_id sets s390x CPU topology

[Pierre Morel]

On 10/25/22 21:58, Janis Schoetterl-Glausch wrote:

On Wed, 2022-10-12 at 18:20 +0200, Pierre Morel wrote:

In the S390x CPU topology the core_id specifies the CPU address
and the position of the core withing the topology.

Let's build the topology based on the core_id.
s390x/cpu topology: core_id sets s390x CPU topology

In the S390x CPU topology the core_id specifies the CPU address
and the position of the cpu withing the topology.

Let's build the topology based on the core_id.

Signed-off-by: Pierre Morel 
---
  include/hw/s390x/cpu-topology.h |  45 +++
  hw/s390x/cpu-topology.c | 132 
  hw/s390x/s390-virtio-ccw.c  |  21 +
  hw/s390x/meson.build|   1 +
  4 files changed, 199 insertions(+)
  create mode 100644 include/hw/s390x/cpu-topology.h
  create mode 100644 hw/s390x/cpu-topology.c


[...]


+/**
+ * s390_topology_realize:
+ * @dev: the device state
+ * @errp: the error pointer (not used)
+ *
+ * During realize the machine CPU topology is initialized with the
+ * QEMU -smp parameters.
+ * The maximum count of CPU TLE in the all Topology can not be greater
+ * than the maximum CPUs.
+ */
+static void s390_topology_realize(DeviceState *dev, Error **errp)
+{
+MachineState *ms = MACHINE(qdev_get_machine());
+S390Topology *topo = S390_CPU_TOPOLOGY(dev);
+
+topo->cpus = ms->smp.cores * ms->smp.threads;


Currently threads are not supported, effectively increasing the number of cpus,
so this is currently correct. Once the machine version limits the threads to 1,
it is also correct. However, once we support multiple threads, this becomes 
incorrect.
I wonder if it's ok from a backward compatibility point of view to modify the 
smp values
by doing cores *= threads, threads = 1 for old machines.


Right, this will become incorrect with thread support.
What about having a dedicated function:

topo->cpus = s390_get_cpus(ms);

This function will use the S390CcwMachineClass->max_thread introduced 
later to report the correct number of CPUs.




Then you can just use the cores value and it is always correct.
In any case, if you keep it as is, I'd like to see a comment here saying that 
this
is correct only so long as we don't support threads.

+
+topo->socket = g_new0(S390TopoContainer, ms->smp.sockets);
+topo->tle = g_new0(S390TopoTLE, ms->smp.max_cpus);
+
+topo->ms = ms;
+}
+

[...]


--
Pierre Morel
IBM Lab Boeblingen

[PATCH v1] block/rbd: Add support for layered encryption

[Or Ozeri]

Starting from ceph Reef, RBD has built-in support for layered encryption,
where each ancestor image (in a cloned image setting) can be possibly
encrypted using a unique passphrase.

A new function, rbd_encryption_load2, was added to librbd API.
This new function supports an array of passphrases (via "spec" structs).

This commit extends the qemu rbd driver API to use this new librbd API,
in order to support this new layered encryption feature.

Signed-off-by: Or Ozeri 
---
 block/rbd.c  | 134 ++-
 qapi/block-core.json |  33 ++-
 2 files changed, 163 insertions(+), 4 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index f826410f40..09953687c9 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -71,6 +71,16 @@ static const char rbd_luks2_header_verification[
 'L', 'U', 'K', 'S', 0xBA, 0xBE, 0, 2
 };
 
+static const char rbd_layered_luks_header_verification[
+RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN] = {
+'R', 'B', 'D', 'L', 0xBA, 0xBE, 0, 1
+};
+
+static const char rbd_layered_luks2_header_verification[
+RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN] = {
+'R', 'B', 'D', 'L', 0xBA, 0xBE, 0, 2
+};
+
 typedef enum {
 RBD_AIO_READ,
 RBD_AIO_WRITE,
@@ -470,6 +480,9 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
 size_t passphrase_len;
 rbd_encryption_luks1_format_options_t luks_opts;
 rbd_encryption_luks2_format_options_t luks2_opts;
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+rbd_encryption_luks_format_options_t luks_all_opts;
+#endif
 rbd_encryption_format_t format;
 rbd_encryption_options_t opts;
 size_t opts_size;
@@ -505,6 +518,23 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
 luks2_opts.passphrase_size = passphrase_len;
 break;
 }
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+case RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ALL: {
+memset(&luks_all_opts, 0, sizeof(luks_all_opts));
+format = RBD_ENCRYPTION_FORMAT_LUKS;
+opts = &luks_all_opts;
+opts_size = sizeof(luks_all_opts);
+r = qemu_rbd_convert_luks_options(
+
qapi_RbdEncryptionOptionsLUKSAll_base(&encrypt->u.luks_all),
+&passphrase, &passphrase_len, errp);
+if (r < 0) {
+return r;
+}
+luks_all_opts.passphrase = passphrase;
+luks_all_opts.passphrase_size = passphrase_len;
+break;
+}
+#endif
 default: {
 r = -ENOTSUP;
 error_setg_errno(
@@ -522,6 +552,87 @@ static int qemu_rbd_encryption_load(rbd_image_t image,
 
 return 0;
 }
+
+#ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2
+static int qemu_rbd_encryption_load2(rbd_image_t image,
+ RbdEncryptionOptions *encrypt,
+ Error **errp)
+{
+int r = 0;
+int encryption_options_count = 1;
+int spec_count = 0;
+int passphrase_count = 0;
+int i;
+RbdEncryptionOptions *curr_encrypt;
+rbd_encryption_spec_t *specs;
+rbd_encryption_spec_t *curr_spec;
+rbd_encryption_luks_format_options_t* luks_all_opts;
+char **passphrases;
+char **curr_passphrase;
+
+/* count encryption options */
+for (curr_encrypt = encrypt; curr_encrypt->has_parent;
+ curr_encrypt = curr_encrypt->parent, ++encryption_options_count) {
+}
+
+specs = g_new0(rbd_encryption_spec_t, encryption_options_count);
+passphrases = g_new0(char*, encryption_options_count);
+
+curr_encrypt = encrypt;
+for (i = 0; i < encryption_options_count; ++i) {
+if (curr_encrypt->format != RBD_IMAGE_ENCRYPTION_FORMAT_LUKS_ALL) {
+r = -ENOTSUP;
+error_setg_errno(
+errp, -r, "unknown image encryption format: %u",
+curr_encrypt->format);
+goto exit;
+}
+
+curr_spec = &specs[i];
+curr_passphrase = &passphrases[i];
+curr_spec->format = RBD_ENCRYPTION_FORMAT_LUKS;
+curr_spec->opts_size = sizeof(rbd_encryption_luks_format_options_t);
+
+luks_all_opts = g_new0(rbd_encryption_luks_format_options_t, 1);
+curr_spec->opts = luks_all_opts;
+++spec_count;
+memset(luks_all_opts, 0, sizeof(rbd_encryption_luks_format_options_t));
+
+r = qemu_rbd_convert_luks_options(
+qapi_RbdEncryptionOptionsLUKSAll_base(
+&curr_encrypt->u.luks_all),
+curr_passphrase, &luks_all_opts->passphrase_size,
+errp);
+if (r < 0) {
+goto exit;
+}
+
+++passphrase_count;
+luks_all_opts->passphrase = *curr_passphrase;
+
+curr_encrypt = curr_encrypt->parent;
+}
+
+r = rbd_encryption_load2(image, specs, spec_count);
+if (r < 0) {
+error_setg_errno(errp, -r, "encryption load (2) fail");
+goto e

[PULL v3 01/11] dump: Use a buffer for ELF section data and headers

[marcandre . lureau]

From: Janosch Frank 

Currently we're writing the NULL section header if we overflow the
physical header number in the ELF header. But in the future we'll add
custom section headers AND section data.

To facilitate this we need to rearange section handling a bit. As with
the other ELF headers we split the code into a prepare and a write
step.

Signed-off-by: Janosch Frank 
Reviewed-by: Marc-André Lureau 
Message-Id: <20221017083822.43118-2-fran...@linux.ibm.com>
---
 include/sysemu/dump.h |  2 ++
 dump/dump.c   | 75 +--
 2 files changed, 53 insertions(+), 24 deletions(-)

diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
index b62513d87d..9995f65dc8 100644
--- a/include/sysemu/dump.h
+++ b/include/sysemu/dump.h
@@ -177,6 +177,8 @@ typedef struct DumpState {
 int64_t filter_area_begin;  /* Start address of partial guest memory area 
*/
 int64_t filter_area_length; /* Length of partial guest memory area */
 
+void *elf_section_hdrs; /* Pointer to section header buffer */
+
 uint8_t *note_buf;  /* buffer for notes */
 size_t note_buf_offset; /* the writing place in note_buf */
 uint32_t nr_cpus;   /* number of guest's cpu */
diff --git a/dump/dump.c b/dump/dump.c
index 236559b03a..e7a3b54ebe 100644
--- a/dump/dump.c
+++ b/dump/dump.c
@@ -380,31 +380,60 @@ static void write_elf_phdr_note(DumpState *s, Error 
**errp)
 }
 }
 
-static void write_elf_section(DumpState *s, int type, Error **errp)
+static void prepare_elf_section_hdr_zero(DumpState *s)
 {
-Elf32_Shdr shdr32;
-Elf64_Shdr shdr64;
-int shdr_size;
-void *shdr;
-int ret;
+if (dump_is_64bit(s)) {
+Elf64_Shdr *shdr64 = s->elf_section_hdrs;
 
-if (type == 0) {
-shdr_size = sizeof(Elf32_Shdr);
-memset(&shdr32, 0, shdr_size);
-shdr32.sh_info = cpu_to_dump32(s, s->phdr_num);
-shdr = &shdr32;
+shdr64->sh_info = cpu_to_dump32(s, s->phdr_num);
 } else {
-shdr_size = sizeof(Elf64_Shdr);
-memset(&shdr64, 0, shdr_size);
-shdr64.sh_info = cpu_to_dump32(s, s->phdr_num);
-shdr = &shdr64;
+Elf32_Shdr *shdr32 = s->elf_section_hdrs;
+
+shdr32->sh_info = cpu_to_dump32(s, s->phdr_num);
+}
+}
+
+static void prepare_elf_section_hdrs(DumpState *s)
+{
+size_t len, sizeof_shdr;
+
+/*
+ * Section ordering:
+ * - HDR zero
+ */
+sizeof_shdr = dump_is_64bit(s) ? sizeof(Elf64_Shdr) : sizeof(Elf32_Shdr);
+len = sizeof_shdr * s->shdr_num;
+s->elf_section_hdrs = g_malloc0(len);
+
+/*
+ * The first section header is ALWAYS a special initial section
+ * header.
+ *
+ * The header should be 0 with one exception being that if
+ * phdr_num is PN_XNUM then the sh_info field contains the real
+ * number of segment entries.
+ *
+ * As we zero allocate the buffer we will only need to modify
+ * sh_info for the PN_XNUM case.
+ */
+if (s->phdr_num >= PN_XNUM) {
+prepare_elf_section_hdr_zero(s);
 }
+}
 
-ret = fd_write_vmcore(shdr, shdr_size, s);
+static void write_elf_section_headers(DumpState *s, Error **errp)
+{
+size_t sizeof_shdr = dump_is_64bit(s) ? sizeof(Elf64_Shdr) : 
sizeof(Elf32_Shdr);
+int ret;
+
+prepare_elf_section_hdrs(s);
+
+ret = fd_write_vmcore(s->elf_section_hdrs, s->shdr_num * sizeof_shdr, s);
 if (ret < 0) {
-error_setg_errno(errp, -ret,
- "dump: failed to write section header table");
+error_setg_errno(errp, -ret, "dump: failed to write section headers");
 }
+
+g_free(s->elf_section_hdrs);
 }
 
 static void write_data(DumpState *s, void *buf, int length, Error **errp)
@@ -591,12 +620,10 @@ static void dump_begin(DumpState *s, Error **errp)
 return;
 }
 
-/* write section to vmcore */
-if (s->shdr_num) {
-write_elf_section(s, 1, errp);
-if (*errp) {
-return;
-}
+/* write section headers to vmcore */
+write_elf_section_headers(s, errp);
+if (*errp) {
+return;
 }
 
 /* write notes to vmcore */
-- 
2.37.3

[PULL v3 00/11] Dump patches

[marcandre . lureau]

From: Marc-André Lureau 

The following changes since commit e750a7ace492f0b450653d4ad368a77d6f660fb8:

  Merge tag 'pull-9p-20221024' of https://github.com/cschoenebeck/qemu into 
staging (2022-10-24 14:27:12 -0400)

are available in the Git repository at:

  https://gitlab.com/marcandre.lureau/qemu.git tags/dump-pull-request

for you to fetch changes up to e38c24cb580735883769558801d9e2f2ba9f04c1:

  dump/win_dump: limit number of processed PRCBs (2022-10-26 12:55:00 +0400)


dump queue

Hi

The "dump" queue, with:
- [PATCH v3/v4 0/9] dump: Cleanup and consolidation
- [PATCH v4 0/4] dump: add 32-bit guest Windows support



Janosch Frank (10):
  dump: Use a buffer for ELF section data and headers
  dump: Write ELF section headers right after ELF header
  dump: Reorder struct DumpState
  dump: Reintroduce memory_offset and section_offset
  dump: Add architecture section and section string table support
  s390x: Add protected dump cap
  s390x: Introduce PV query interface
  include/elf.h: add s390x note types
  s390x: Add KVM PV dump interface
  s390x: pv: Add dump support

Viktor Prutyanov (1):
  dump/win_dump: limit number of processed PRCBs

 include/elf.h|   2 +
 include/hw/s390x/pv.h|  19 +++
 include/sysemu/dump-arch.h   |   3 +
 include/sysemu/dump.h|  26 +++-
 target/s390x/kvm/kvm_s390x.h |   1 +
 dump/dump.c  | 288 +++
 dump/win_dump.c  |   7 +
 hw/s390x/pv.c| 112 ++
 hw/s390x/s390-virtio-ccw.c   |   6 +
 target/s390x/arch_dump.c | 262 +++
 target/s390x/kvm/kvm.c   |   7 +
 target/s390x/kvm/stubs.c |  12 ++
 target/s390x/kvm/meson.build |   2 +
 13 files changed, 649 insertions(+), 98 deletions(-)
 create mode 100644 target/s390x/kvm/stubs.c

-- 
2.37.3

[PULL v3 02/11] dump: Write ELF section headers right after ELF header

[marcandre . lureau]

From: Janosch Frank 

Let's start bundling the writes of the headers and of the data so we
have a clear ordering between them. Since the ELF header uses offsets
to the headers we can freely order them.

Signed-off-by: Janosch Frank 
Reviewed-by: Marc-André Lureau 
Message-Id: <20221017083822.43118-3-fran...@linux.ibm.com>
---
 dump/dump.c | 31 ++-
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/dump/dump.c b/dump/dump.c
index e7a3b54ebe..b168a25321 100644
--- a/dump/dump.c
+++ b/dump/dump.c
@@ -583,6 +583,8 @@ static void dump_begin(DumpState *s, Error **errp)
  *   --
  *   |  elf header |
  *   --
+ *   |  sctn_hdr   |
+ *   --
  *   |  PT_NOTE|
  *   --
  *   |  PT_LOAD|
@@ -591,8 +593,6 @@ static void dump_begin(DumpState *s, Error **errp)
  *   --
  *   |  PT_LOAD|
  *   --
- *   |  sec_hdr|
- *   --
  *   |  elf note   |
  *   --
  *   |  memory |
@@ -608,20 +608,20 @@ static void dump_begin(DumpState *s, Error **errp)
 return;
 }
 
-/* write PT_NOTE to vmcore */
-write_elf_phdr_note(s, errp);
+/* write section headers to vmcore */
+write_elf_section_headers(s, errp);
 if (*errp) {
 return;
 }
 
-/* write all PT_LOADs to vmcore */
-write_elf_phdr_loads(s, errp);
+/* write PT_NOTE to vmcore */
+write_elf_phdr_note(s, errp);
 if (*errp) {
 return;
 }
 
-/* write section headers to vmcore */
-write_elf_section_headers(s, errp);
+/* write all PT_LOADs to vmcore */
+write_elf_phdr_loads(s, errp);
 if (*errp) {
 return;
 }
@@ -1868,16 +1868,13 @@ static void dump_init(DumpState *s, int fd, bool 
has_format,
 }
 
 if (dump_is_64bit(s)) {
-s->phdr_offset = sizeof(Elf64_Ehdr);
-s->shdr_offset = s->phdr_offset + sizeof(Elf64_Phdr) * s->phdr_num;
-s->note_offset = s->shdr_offset + sizeof(Elf64_Shdr) * s->shdr_num;
-s->memory_offset = s->note_offset + s->note_size;
+s->shdr_offset = sizeof(Elf64_Ehdr);
+s->phdr_offset = s->shdr_offset + sizeof(Elf64_Shdr) * s->shdr_num;
+s->note_offset = s->phdr_offset + sizeof(Elf64_Phdr) * s->phdr_num;
 } else {
-
-s->phdr_offset = sizeof(Elf32_Ehdr);
-s->shdr_offset = s->phdr_offset + sizeof(Elf32_Phdr) * s->phdr_num;
-s->note_offset = s->shdr_offset + sizeof(Elf32_Shdr) * s->shdr_num;
-s->memory_offset = s->note_offset + s->note_size;
+s->shdr_offset = sizeof(Elf32_Ehdr);
+s->phdr_offset = s->shdr_offset + sizeof(Elf32_Shdr) * s->shdr_num;
+s->note_offset = s->phdr_offset + sizeof(Elf32_Phdr) * s->phdr_num;
 }
 
 return;
-- 
2.37.3

[PULL v3 07/11] s390x: Introduce PV query interface

[marcandre . lureau]

From: Janosch Frank 

Introduce an interface over which we can get information about UV data.

Signed-off-by: Janosch Frank 
Reviewed-by: Steffen Eiden 
Reviewed-by: Janis Schoetterl-Glausch 
Acked-by: Thomas Huth 
Message-Id: <20221017083822.43118-8-fran...@linux.ibm.com>
---
 include/hw/s390x/pv.h  | 10 +++
 hw/s390x/pv.c  | 61 ++
 hw/s390x/s390-virtio-ccw.c |  6 
 3 files changed, 77 insertions(+)

diff --git a/include/hw/s390x/pv.h b/include/hw/s390x/pv.h
index 1f1f545bfc..e5ea0eca16 100644
--- a/include/hw/s390x/pv.h
+++ b/include/hw/s390x/pv.h
@@ -38,6 +38,7 @@ static inline bool s390_is_pv(void)
 return ccw->pv;
 }
 
+int s390_pv_query_info(void);
 int s390_pv_vm_enable(void);
 void s390_pv_vm_disable(void);
 int s390_pv_set_sec_parms(uint64_t origin, uint64_t length);
@@ -46,8 +47,13 @@ void s390_pv_prep_reset(void);
 int s390_pv_verify(void);
 void s390_pv_unshare(void);
 void s390_pv_inject_reset_error(CPUState *cs);
+uint64_t kvm_s390_pv_dmp_get_size_cpu(void);
+uint64_t kvm_s390_pv_dmp_get_size_mem_state(void);
+uint64_t kvm_s390_pv_dmp_get_size_completion_data(void);
+bool kvm_s390_pv_info_basic_valid(void);
 #else /* CONFIG_KVM */
 static inline bool s390_is_pv(void) { return false; }
+static inline int s390_pv_query_info(void) { return 0; }
 static inline int s390_pv_vm_enable(void) { return 0; }
 static inline void s390_pv_vm_disable(void) {}
 static inline int s390_pv_set_sec_parms(uint64_t origin, uint64_t length) { 
return 0; }
@@ -56,6 +62,10 @@ static inline void s390_pv_prep_reset(void) {}
 static inline int s390_pv_verify(void) { return 0; }
 static inline void s390_pv_unshare(void) {}
 static inline void s390_pv_inject_reset_error(CPUState *cs) {};
+static inline uint64_t kvm_s390_pv_dmp_get_size_cpu(void) { return 0; }
+static inline uint64_t kvm_s390_pv_dmp_get_size_mem_state(void) { return 0; }
+static inline uint64_t kvm_s390_pv_dmp_get_size_completion_data(void) { return 
0; }
+static inline bool kvm_s390_pv_info_basic_valid(void) { return false; }
 #endif /* CONFIG_KVM */
 
 int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp);
diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 401b63d6cb..4c012f2eeb 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -20,6 +20,11 @@
 #include "exec/confidential-guest-support.h"
 #include "hw/s390x/ipl.h"
 #include "hw/s390x/pv.h"
+#include "target/s390x/kvm/kvm_s390x.h"
+
+static bool info_valid;
+static struct kvm_s390_pv_info_vm info_vm;
+static struct kvm_s390_pv_info_dump info_dump;
 
 static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data)
 {
@@ -56,6 +61,42 @@ static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, 
void *data)
 }  \
 }
 
+int s390_pv_query_info(void)
+{
+struct kvm_s390_pv_info info = {
+.header.id = KVM_PV_INFO_VM,
+.header.len_max = sizeof(info.header) + sizeof(info.vm),
+};
+int rc;
+
+/* Info API's first user is dump so they are bundled */
+if (!kvm_s390_get_protected_dump()) {
+return 0;
+}
+
+rc = s390_pv_cmd(KVM_PV_INFO, &info);
+if (rc) {
+error_report("KVM PV INFO cmd %x failed: %s",
+ info.header.id, strerror(-rc));
+return rc;
+}
+memcpy(&info_vm, &info.vm, sizeof(info.vm));
+
+info.header.id = KVM_PV_INFO_DUMP;
+info.header.len_max = sizeof(info.header) + sizeof(info.dump);
+rc = s390_pv_cmd(KVM_PV_INFO, &info);
+if (rc) {
+error_report("KVM PV INFO cmd %x failed: %s",
+ info.header.id, strerror(-rc));
+return rc;
+}
+
+memcpy(&info_dump, &info.dump, sizeof(info.dump));
+info_valid = true;
+
+return rc;
+}
+
 int s390_pv_vm_enable(void)
 {
 return s390_pv_cmd(KVM_PV_ENABLE, NULL);
@@ -114,6 +155,26 @@ void s390_pv_inject_reset_error(CPUState *cs)
 env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
 }
 
+uint64_t kvm_s390_pv_dmp_get_size_cpu(void)
+{
+return info_dump.dump_cpu_buffer_len;
+}
+
+uint64_t kvm_s390_pv_dmp_get_size_completion_data(void)
+{
+return info_dump.dump_config_finalize_len;
+}
+
+uint64_t kvm_s390_pv_dmp_get_size_mem_state(void)
+{
+return info_dump.dump_config_mem_buffer_per_1m;
+}
+
+bool kvm_s390_pv_info_basic_valid(void)
+{
+return info_valid;
+}
+
 #define TYPE_S390_PV_GUEST "s390-pv-guest"
 OBJECT_DECLARE_SIMPLE_TYPE(S390PVGuest, S390_PV_GUEST)
 
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 03855c7231..1cc20d8717 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -366,6 +366,12 @@ static int s390_machine_protect(S390CcwMachineState *ms)
 
 ms->pv = true;
 
+/* Will return 0 if API is not available since it's not vital */
+rc = s390_pv_query_info();
+if (rc) {
+goto out_err;
+}
+
 /* Set SE header and unpack */
 rc = s390_ipl_prepare_pv_header();
 if (rc) {
-- 
2.37.3

[PULL v3 04/11] dump: Reintroduce memory_offset and section_offset

[marcandre . lureau]

From: Janosch Frank 

section_offset will later be used to store the offset to the section
data which will be stored last. For now memory_offset is only needed
to make section_offset look nicer.

Signed-off-by: Janosch Frank 
Reviewed-by: Marc-André Lureau 
Message-Id: <20221017083822.43118-5-fran...@linux.ibm.com>
---
 dump/dump.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dump/dump.c b/dump/dump.c
index b168a25321..626f7b2fd0 100644
--- a/dump/dump.c
+++ b/dump/dump.c
@@ -1876,6 +1876,8 @@ static void dump_init(DumpState *s, int fd, bool 
has_format,
 s->phdr_offset = s->shdr_offset + sizeof(Elf32_Shdr) * s->shdr_num;
 s->note_offset = s->phdr_offset + sizeof(Elf32_Phdr) * s->phdr_num;
 }
+s->memory_offset = s->note_offset + s->note_size;
+s->section_offset = s->memory_offset + s->total_size;
 
 return;
 
-- 
2.37.3

[PULL v3 11/11] dump/win_dump: limit number of processed PRCBs

[marcandre . lureau]

From: Viktor Prutyanov 

When number of CPUs utilized by guest Windows is less than defined in
QEMU (i.e., desktop versions of Windows severely limits number of CPU
sockets), patch_and_save_context routine accesses non-existent PRCB and
fails. So, limit number of processed PRCBs by NumberProcessors taken
from guest Windows driver.

Signed-off-by: Viktor Prutyanov 
Reviewed-by: Marc-André Lureau 
Message-Id: <20221019235948.656411-1-viktor.prutya...@redhat.com>
---
 dump/win_dump.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/dump/win_dump.c b/dump/win_dump.c
index fd91350fbb..f20b6051b6 100644
--- a/dump/win_dump.c
+++ b/dump/win_dump.c
@@ -273,6 +273,13 @@ static void patch_and_save_context(WinDumpHeader *h, bool 
x64,
 uint64_t Context;
 WinContext ctx;
 
+if (i >= WIN_DUMP_FIELD(NumberProcessors)) {
+warn_report("win-dump: number of QEMU CPUs is bigger than"
+" NumberProcessors (%u) in guest Windows",
+WIN_DUMP_FIELD(NumberProcessors));
+return;
+}
+
 if (cpu_read_ptr(x64, first_cpu,
 KiProcessorBlock + i * win_dump_ptr_size(x64),
 &Prcb)) {
-- 
2.37.3

[PULL v3 06/11] s390x: Add protected dump cap

[marcandre . lureau]

From: Janosch Frank 

Add a protected dump capability for later feature checking.

Signed-off-by: Janosch Frank 
Reviewed-by: Steffen Eiden 
Reviewed-by: Thomas Huth 
Reviewed-by: Janis Schoetterl-Glausch 
Message-Id: <20221017083822.43118-7-fran...@linux.ibm.com>
[ Marc-André - Add missing stubs when !kvm ]
Signed-off-by: Marc-André Lureau 
---
 target/s390x/kvm/kvm_s390x.h |  1 +
 target/s390x/kvm/kvm.c   |  7 +++
 target/s390x/kvm/stubs.c | 12 
 target/s390x/kvm/meson.build |  2 ++
 4 files changed, 22 insertions(+)
 create mode 100644 target/s390x/kvm/stubs.c

diff --git a/target/s390x/kvm/kvm_s390x.h b/target/s390x/kvm/kvm_s390x.h
index aaae8570de..f9785564d0 100644
--- a/target/s390x/kvm/kvm_s390x.h
+++ b/target/s390x/kvm/kvm_s390x.h
@@ -26,6 +26,7 @@ int kvm_s390_set_cpu_state(S390CPU *cpu, uint8_t cpu_state);
 void kvm_s390_vcpu_interrupt_pre_save(S390CPU *cpu);
 int kvm_s390_vcpu_interrupt_post_load(S390CPU *cpu);
 int kvm_s390_get_hpage_1m(void);
+int kvm_s390_get_protected_dump(void);
 int kvm_s390_get_ri(void);
 int kvm_s390_get_zpci_op(void);
 int kvm_s390_get_clock(uint8_t *tod_high, uint64_t *tod_clock);
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
index 508c24cfec..04cae0b999 100644
--- a/target/s390x/kvm/kvm.c
+++ b/target/s390x/kvm/kvm.c
@@ -158,6 +158,7 @@ static int cap_hpage_1m;
 static int cap_vcpu_resets;
 static int cap_protected;
 static int cap_zpci_op;
+static int cap_protected_dump;
 
 static bool mem_op_storage_key_support;
 
@@ -364,6 +365,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 cap_vcpu_resets = kvm_check_extension(s, KVM_CAP_S390_VCPU_RESETS);
 cap_protected = kvm_check_extension(s, KVM_CAP_S390_PROTECTED);
 cap_zpci_op = kvm_check_extension(s, KVM_CAP_S390_ZPCI_OP);
+cap_protected_dump = kvm_check_extension(s, KVM_CAP_S390_PROTECTED_DUMP);
 
 kvm_vm_enable_cap(s, KVM_CAP_S390_USER_SIGP, 0);
 kvm_vm_enable_cap(s, KVM_CAP_S390_VECTOR_REGISTERS, 0);
@@ -2045,6 +2047,11 @@ int kvm_s390_assign_subch_ioeventfd(EventNotifier 
*notifier, uint32_t sch,
 return kvm_vm_ioctl(kvm_state, KVM_IOEVENTFD, &kick);
 }
 
+int kvm_s390_get_protected_dump(void)
+{
+return cap_protected_dump;
+}
+
 int kvm_s390_get_ri(void)
 {
 return cap_ri;
diff --git a/target/s390x/kvm/stubs.c b/target/s390x/kvm/stubs.c
new file mode 100644
index 00..5fd63b9a7e
--- /dev/null
+++ b/target/s390x/kvm/stubs.c
@@ -0,0 +1,12 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+
+#include "kvm_s390x.h"
+
+int kvm_s390_get_protected_dump(void)
+{
+return false;
+}
diff --git a/target/s390x/kvm/meson.build b/target/s390x/kvm/meson.build
index d1356356b1..aef52b6686 100644
--- a/target/s390x/kvm/meson.build
+++ b/target/s390x/kvm/meson.build
@@ -1,6 +1,8 @@
 
 s390x_ss.add(when: 'CONFIG_KVM', if_true: files(
   'kvm.c'
+), if_false: files(
+  'stubs.c'
 ))
 
 # Newer kernels on s390 check for an S390_PGSTE program header and
-- 
2.37.3

[PULL v3 05/11] dump: Add architecture section and section string table support

[marcandre . lureau]

From: Janosch Frank 

Add hooks which architectures can use to add arbitrary data to custom
sections.

Also add a section name string table in order to identify section
contents

Signed-off-by: Janosch Frank 
Reviewed-by: Marc-André Lureau 
Message-Id: <20221017113210.41674-1-fran...@linux.ibm.com>
---
 include/sysemu/dump-arch.h |   3 +
 include/sysemu/dump.h  |   3 +
 dump/dump.c| 186 +++--
 3 files changed, 166 insertions(+), 26 deletions(-)

diff --git a/include/sysemu/dump-arch.h b/include/sysemu/dump-arch.h
index e25b02e990..59bbc9be38 100644
--- a/include/sysemu/dump-arch.h
+++ b/include/sysemu/dump-arch.h
@@ -21,6 +21,9 @@ typedef struct ArchDumpInfo {
 uint32_t page_size;  /* The target's page size. If it's variable and
   * unknown, then this should be the maximum. */
 uint64_t phys_base;  /* The target's physmem base. */
+void (*arch_sections_add_fn)(DumpState *s);
+uint64_t (*arch_sections_write_hdr_fn)(DumpState *s, uint8_t *buff);
+int (*arch_sections_write_fn)(DumpState *s, uint8_t *buff);
 } ArchDumpInfo;
 
 struct GuestPhysBlockList; /* memory_mapping.h */
diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
index 9ed811b313..38ccac7190 100644
--- a/include/sysemu/dump.h
+++ b/include/sysemu/dump.h
@@ -180,6 +180,9 @@ typedef struct DumpState {
 hwaddr note_offset;
 
 void *elf_section_hdrs; /* Pointer to section header buffer */
+void *elf_section_data; /* Pointer to section data buffer */
+uint64_t elf_section_data_size; /* Size of section data */
+GArray *string_table_buf;   /* String table data buffer */
 
 uint8_t *note_buf;  /* buffer for notes */
 size_t note_buf_offset; /* the writing place in note_buf */
diff --git a/dump/dump.c b/dump/dump.c
index 626f7b2fd0..9428d1fde9 100644
--- a/dump/dump.c
+++ b/dump/dump.c
@@ -103,6 +103,7 @@ static int dump_cleanup(DumpState *s)
 memory_mapping_list_free(&s->list);
 close(s->fd);
 g_free(s->guest_note);
+g_array_unref(s->string_table_buf);
 s->guest_note = NULL;
 if (s->resume) {
 if (s->detached) {
@@ -152,11 +153,10 @@ static void prepare_elf64_header(DumpState *s, Elf64_Ehdr 
*elf_header)
 elf_header->e_phoff = cpu_to_dump64(s, s->phdr_offset);
 elf_header->e_phentsize = cpu_to_dump16(s, sizeof(Elf64_Phdr));
 elf_header->e_phnum = cpu_to_dump16(s, phnum);
-if (s->shdr_num) {
-elf_header->e_shoff = cpu_to_dump64(s, s->shdr_offset);
-elf_header->e_shentsize = cpu_to_dump16(s, sizeof(Elf64_Shdr));
-elf_header->e_shnum = cpu_to_dump16(s, s->shdr_num);
-}
+elf_header->e_shoff = cpu_to_dump64(s, s->shdr_offset);
+elf_header->e_shentsize = cpu_to_dump16(s, sizeof(Elf64_Shdr));
+elf_header->e_shnum = cpu_to_dump16(s, s->shdr_num);
+elf_header->e_shstrndx = cpu_to_dump16(s, s->shdr_num - 1);
 }
 
 static void prepare_elf32_header(DumpState *s, Elf32_Ehdr *elf_header)
@@ -180,11 +180,10 @@ static void prepare_elf32_header(DumpState *s, Elf32_Ehdr 
*elf_header)
 elf_header->e_phoff = cpu_to_dump32(s, s->phdr_offset);
 elf_header->e_phentsize = cpu_to_dump16(s, sizeof(Elf32_Phdr));
 elf_header->e_phnum = cpu_to_dump16(s, phnum);
-if (s->shdr_num) {
-elf_header->e_shoff = cpu_to_dump32(s, s->shdr_offset);
-elf_header->e_shentsize = cpu_to_dump16(s, sizeof(Elf32_Shdr));
-elf_header->e_shnum = cpu_to_dump16(s, s->shdr_num);
-}
+elf_header->e_shoff = cpu_to_dump32(s, s->shdr_offset);
+elf_header->e_shentsize = cpu_to_dump16(s, sizeof(Elf32_Shdr));
+elf_header->e_shnum = cpu_to_dump16(s, s->shdr_num);
+elf_header->e_shstrndx = cpu_to_dump16(s, s->shdr_num - 1);
 }
 
 static void write_elf_header(DumpState *s, Error **errp)
@@ -195,6 +194,8 @@ static void write_elf_header(DumpState *s, Error **errp)
 void *header_ptr;
 int ret;
 
+/* The NULL header and the shstrtab are always defined */
+assert(s->shdr_num >= 2);
 if (dump_is_64bit(s)) {
 prepare_elf64_header(s, &elf64_header);
 header_size = sizeof(elf64_header);
@@ -393,17 +394,49 @@ static void prepare_elf_section_hdr_zero(DumpState *s)
 }
 }
 
-static void prepare_elf_section_hdrs(DumpState *s)
+static void prepare_elf_section_hdr_string(DumpState *s, void *buff)
+{
+uint64_t index = s->string_table_buf->len;
+const char strtab[] = ".shstrtab";
+Elf32_Shdr shdr32 = {};
+Elf64_Shdr shdr64 = {};
+int shdr_size;
+void *shdr;
+
+g_array_append_vals(s->string_table_buf, strtab, sizeof(strtab));
+if (dump_is_64bit(s)) {
+shdr_size = sizeof(Elf64_Shdr);
+shdr64.sh_type = SHT_STRTAB;
+shdr64.sh_offset = s->section_offset + s->elf_section_data_size;
+shdr64.sh_name = index;
+shdr64.sh_size = s->string_table_buf->len;
+shdr = &shdr64;
+} else {
+shdr_size = sizeof(Elf32_S

[PULL v3 10/11] s390x: pv: Add dump support

[marcandre . lureau]

From: Janosch Frank 

Sometimes dumping a guest from the outside is the only way to get the
data that is needed. This can be the case if a dumping mechanism like
KDUMP hasn't been configured or data needs to be fetched at a specific
point. Dumping a protected guest from the outside without help from
fw/hw doesn't yield sufficient data to be useful. Hence we now
introduce PV dump support.

The PV dump support works by integrating the firmware into the dump
process. New Ultravisor calls are used to initiate the dump process,
dump cpu data, dump memory state and lastly complete the dump process.
The UV calls are exposed by KVM via the new KVM_PV_DUMP command and
its subcommands. The guest's data is fully encrypted and can only be
decrypted by the entity that owns the customer communication key for
the dumped guest. Also dumping needs to be allowed via a flag in the
SE header.

On the QEMU side of things we store the PV dump data in the newly
introduced architecture ELF sections (storage state and completion
data) and the cpu notes (for cpu dump data).

Users can use the zgetdump tool to convert the encrypted QEMU dump to an
unencrypted one.

Signed-off-by: Janosch Frank 
Reviewed-by: Steffen Eiden 
Message-Id: <20221017083822.43118-11-fran...@linux.ibm.com>
---
 include/sysemu/dump.h|   5 +
 dump/dump.c  |  12 +-
 target/s390x/arch_dump.c | 262 +++
 3 files changed, 246 insertions(+), 33 deletions(-)

diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
index 38ccac7190..4ffed0b659 100644
--- a/include/sysemu/dump.h
+++ b/include/sysemu/dump.h
@@ -215,4 +215,9 @@ typedef struct DumpState {
 uint16_t cpu_to_dump16(DumpState *s, uint16_t val);
 uint32_t cpu_to_dump32(DumpState *s, uint32_t val);
 uint64_t cpu_to_dump64(DumpState *s, uint64_t val);
+
+int64_t dump_filtered_memblock_size(GuestPhysBlock *block, int64_t 
filter_area_start,
+int64_t filter_area_length);
+int64_t dump_filtered_memblock_start(GuestPhysBlock *block, int64_t 
filter_area_start,
+ int64_t filter_area_length);
 #endif
diff --git a/dump/dump.c b/dump/dump.c
index 9428d1fde9..df117c847f 100644
--- a/dump/dump.c
+++ b/dump/dump.c
@@ -708,9 +708,9 @@ static void dump_begin(DumpState *s, Error **errp)
 write_elf_notes(s, errp);
 }
 
-static int64_t dump_filtered_memblock_size(GuestPhysBlock *block,
-   int64_t filter_area_start,
-   int64_t filter_area_length)
+int64_t dump_filtered_memblock_size(GuestPhysBlock *block,
+int64_t filter_area_start,
+int64_t filter_area_length)
 {
 int64_t size, left, right;
 
@@ -728,9 +728,9 @@ static int64_t dump_filtered_memblock_size(GuestPhysBlock 
*block,
 return size;
 }
 
-static int64_t dump_filtered_memblock_start(GuestPhysBlock *block,
-int64_t filter_area_start,
-int64_t filter_area_length)
+int64_t dump_filtered_memblock_start(GuestPhysBlock *block,
+ int64_t filter_area_start,
+ int64_t filter_area_length)
 {
 if (filter_area_length) {
 /* return -1 if the block is not within filter area */
diff --git a/target/s390x/arch_dump.c b/target/s390x/arch_dump.c
index f60a14920d..a2329141e8 100644
--- a/target/s390x/arch_dump.c
+++ b/target/s390x/arch_dump.c
@@ -12,11 +12,13 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "cpu.h"
 #include "s390x-internal.h"
 #include "elf.h"
 #include "sysemu/dump.h"
-
+#include "hw/s390x/pv.h"
+#include "kvm/kvm_s390x.h"
 
 struct S390xUserRegsStruct {
 uint64_t psw[2];
@@ -76,9 +78,16 @@ typedef struct noteStruct {
 uint64_t todcmp;
 uint32_t todpreg;
 uint64_t ctrs[16];
+uint8_t dynamic[1];  /*
+  * Would be a flexible array member, if
+  * that was legal inside a union. Real
+  * size comes from PV info interface.
+  */
 } contents;
 } QEMU_PACKED Note;
 
+static bool pv_dump_initialized;
+
 static void s390x_write_elf64_prstatus(Note *note, S390CPU *cpu, int id)
 {
 int i;
@@ -177,28 +186,39 @@ static void s390x_write_elf64_prefix(Note *note, S390CPU 
*cpu, int id)
 note->contents.prefix = cpu_to_be32((uint32_t)(cpu->env.psa));
 }
 
+static void s390x_write_elf64_pv(Note *note, S390CPU *cpu, int id)
+{
+note->hdr.n_type = cpu_to_be32(NT_S390_PV_CPU_DATA);
+if (!pv_dump_initialized) {
+return;
+}
+kvm_s390_dump_cpu(cpu, ¬e->contents.dynamic);
+}
 
 typedef struct NoteFuncDescStruct {
 int contents_size;
+uint64_t (*note_size_func)(void); /* NULL for non-dynamic sized contents */
 void (*note_conte

[PULL v3 08/11] include/elf.h: add s390x note types

[marcandre . lureau]

From: Janosch Frank 

Adding two s390x note types

Signed-off-by: Janosch Frank 
Reviewed-by: Thomas Huth 
Message-Id: <20221017083822.43118-9-fran...@linux.ibm.com>
---
 include/elf.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/elf.h b/include/elf.h
index 3d6b9062c0..8bf1e72720 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -1650,6 +1650,8 @@ typedef struct elf64_shdr {
 #define NT_TASKSTRUCT  4
 #define NT_AUXV6
 #define NT_PRXFPREG 0x46e62b7f  /* copied from 
gdb5.1/include/elf/common.h */
+#define NT_S390_PV_CPU_DATA0x30e   /* s390 protvirt cpu dump data */
+#define NT_S390_RI_CB  0x30d   /* s390 runtime instrumentation */
 #define NT_S390_GS_CB   0x30b   /* s390 guarded storage registers */
 #define NT_S390_VXRS_HIGH 0x30a /* s390 vector registers 16-31 */
 #define NT_S390_VXRS_LOW  0x309 /* s390 vector registers 0-15 (lower 
half) */
-- 
2.37.3

[PULL v3 09/11] s390x: Add KVM PV dump interface

[marcandre . lureau]

From: Janosch Frank 

Let's add a few bits of code which hide the new KVM PV dump API from
us via new functions.

Signed-off-by: Janosch Frank 
Reviewed-by: Janis Schoetterl-Glausch 
Reviewed-by: Steffen Eiden 
[ Marc-André: fix up for compilation issue ]
Signed-off-by: Marc-André Lureau 
Message-Id: <20221017083822.43118-10-fran...@linux.ibm.com>
---
 include/hw/s390x/pv.h |  9 
 hw/s390x/pv.c | 51 +++
 2 files changed, 60 insertions(+)

diff --git a/include/hw/s390x/pv.h b/include/hw/s390x/pv.h
index e5ea0eca16..9360aa1091 100644
--- a/include/hw/s390x/pv.h
+++ b/include/hw/s390x/pv.h
@@ -51,6 +51,10 @@ uint64_t kvm_s390_pv_dmp_get_size_cpu(void);
 uint64_t kvm_s390_pv_dmp_get_size_mem_state(void);
 uint64_t kvm_s390_pv_dmp_get_size_completion_data(void);
 bool kvm_s390_pv_info_basic_valid(void);
+int kvm_s390_dump_init(void);
+int kvm_s390_dump_cpu(S390CPU *cpu, void *buff);
+int kvm_s390_dump_mem_state(uint64_t addr, size_t len, void *dest);
+int kvm_s390_dump_completion_data(void *buff);
 #else /* CONFIG_KVM */
 static inline bool s390_is_pv(void) { return false; }
 static inline int s390_pv_query_info(void) { return 0; }
@@ -66,6 +70,11 @@ static inline uint64_t kvm_s390_pv_dmp_get_size_cpu(void) { 
return 0; }
 static inline uint64_t kvm_s390_pv_dmp_get_size_mem_state(void) { return 0; }
 static inline uint64_t kvm_s390_pv_dmp_get_size_completion_data(void) { return 
0; }
 static inline bool kvm_s390_pv_info_basic_valid(void) { return false; }
+static inline int kvm_s390_dump_init(void) { return 0; }
+static inline int kvm_s390_dump_cpu(S390CPU *cpu, void *buff) { return 0; }
+static inline int kvm_s390_dump_mem_state(uint64_t addr, size_t len,
+  void *dest) { return 0; }
+static inline int kvm_s390_dump_completion_data(void *buff) { return 0; }
 #endif /* CONFIG_KVM */
 
 int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp);
diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 4c012f2eeb..728ba24547 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -175,6 +175,57 @@ bool kvm_s390_pv_info_basic_valid(void)
 return info_valid;
 }
 
+static int s390_pv_dump_cmd(uint64_t subcmd, uint64_t uaddr, uint64_t gaddr,
+uint64_t len)
+{
+struct kvm_s390_pv_dmp dmp = {
+.subcmd = subcmd,
+.buff_addr = uaddr,
+.buff_len = len,
+.gaddr = gaddr,
+};
+int ret;
+
+ret = s390_pv_cmd(KVM_PV_DUMP, (void *)&dmp);
+if (ret) {
+error_report("KVM DUMP command %ld failed", subcmd);
+}
+return ret;
+}
+
+int kvm_s390_dump_cpu(S390CPU *cpu, void *buff)
+{
+struct kvm_s390_pv_dmp dmp = {
+.subcmd = KVM_PV_DUMP_CPU,
+.buff_addr = (uint64_t)buff,
+.gaddr = 0,
+.buff_len = info_dump.dump_cpu_buffer_len,
+};
+struct kvm_pv_cmd pv = {
+.cmd = KVM_PV_DUMP,
+.data = (uint64_t)&dmp,
+};
+
+return kvm_vcpu_ioctl(CPU(cpu), KVM_S390_PV_CPU_COMMAND, &pv);
+}
+
+int kvm_s390_dump_init(void)
+{
+return s390_pv_dump_cmd(KVM_PV_DUMP_INIT, 0, 0, 0);
+}
+
+int kvm_s390_dump_mem_state(uint64_t gaddr, size_t len, void *dest)
+{
+return s390_pv_dump_cmd(KVM_PV_DUMP_CONFIG_STOR_STATE, (uint64_t)dest,
+gaddr, len);
+}
+
+int kvm_s390_dump_completion_data(void *buff)
+{
+return s390_pv_dump_cmd(KVM_PV_DUMP_COMPLETE, (uint64_t)buff, 0,
+info_dump.dump_config_finalize_len);
+}
+
 #define TYPE_S390_PV_GUEST "s390-pv-guest"
 OBJECT_DECLARE_SIMPLE_TYPE(S390PVGuest, S390_PV_GUEST)
 
-- 
2.37.3

[PULL v3 03/11] dump: Reorder struct DumpState

[marcandre . lureau]

From: Janosch Frank 

Let's move ELF related members into one block and guest memory related
ones into another to improve readability.

Signed-off-by: Janosch Frank 
Reviewed-by: Richard Henderson 
Reviewed-by: Marc-André Lureau 
Message-Id: <20221017083822.43118-4-fran...@linux.ibm.com>
---
 include/sysemu/dump.h | 16 +---
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
index 9995f65dc8..9ed811b313 100644
--- a/include/sysemu/dump.h
+++ b/include/sysemu/dump.h
@@ -154,15 +154,8 @@ typedef struct DumpState {
 GuestPhysBlockList guest_phys_blocks;
 ArchDumpInfo dump_info;
 MemoryMappingList list;
-uint32_t phdr_num;
-uint32_t shdr_num;
 bool resume;
 bool detached;
-ssize_t note_size;
-hwaddr shdr_offset;
-hwaddr phdr_offset;
-hwaddr section_offset;
-hwaddr note_offset;
 hwaddr memory_offset;
 int fd;
 
@@ -177,6 +170,15 @@ typedef struct DumpState {
 int64_t filter_area_begin;  /* Start address of partial guest memory area 
*/
 int64_t filter_area_length; /* Length of partial guest memory area */
 
+/* Elf dump related data */
+uint32_t phdr_num;
+uint32_t shdr_num;
+ssize_t note_size;
+hwaddr shdr_offset;
+hwaddr phdr_offset;
+hwaddr section_offset;
+hwaddr note_offset;
+
 void *elf_section_hdrs; /* Pointer to section header buffer */
 
 uint8_t *note_buf;  /* buffer for notes */
-- 
2.37.3

Re: [PATCH v10 7/9] s390x/cpu topology: add max_threads machine class attribute

[Pierre Morel]

On 10/18/22 19:36, Cédric Le Goater wrote:

On 10/12/22 18:21, Pierre Morel wrote:

The S390 CPU topology accepts the smp.threads argument while
in reality it does not effectively allow multthreading.

Let's keep this behavior for machines older than 7.3 and
refuse to use threads in newer machines until multithreading
is really proposed to the guest by the machine.

Signed-off-by: Pierre Morel 
---
  include/hw/s390x/s390-virtio-ccw.h |  1 +
  hw/s390x/s390-virtio-ccw.c | 10 ++
  2 files changed, 11 insertions(+)

diff --git a/include/hw/s390x/s390-virtio-ccw.h 
b/include/hw/s390x/s390-virtio-ccw.h

index 6c4b4645fc..319dfac1bb 100644
--- a/include/hw/s390x/s390-virtio-ccw.h
+++ b/include/hw/s390x/s390-virtio-ccw.h
@@ -48,6 +48,7 @@ struct S390CcwMachineClass {
  bool css_migration_enabled;
  bool hpage_1m_allowed;
  bool topology_allowed;
+    int max_threads;
  };
  /* runtime-instrumentation allowed by the machine */
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 3a13fad4df..d6ce31d168 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -85,8 +85,15 @@ out:
  static void s390_init_cpus(MachineState *machine)
  {
  MachineClass *mc = MACHINE_GET_CLASS(machine);
+    S390CcwMachineClass *s390mc = S390_CCW_MACHINE_CLASS(mc);
  int i;
+    if (machine->smp.threads > s390mc->max_threads) {
+    error_report("S390 does not support more than %d threads.",
+ s390mc->max_threads);
+    exit(1);
+    }
+
  /* initialize possible_cpus */
  mc->possible_cpu_arch_ids(machine);
@@ -617,6 +624,7 @@ static void ccw_machine_class_init(ObjectClass 
*oc, void *data)

  s390mc->css_migration_enabled = true;
  s390mc->hpage_1m_allowed = true;
  s390mc->topology_allowed = true;
+    s390mc->max_threads = 1;
  mc->init = ccw_init;
  mc->reset = s390_machine_reset;
  mc->block_default_type = IF_VIRTIO;
@@ -887,12 +895,14 @@ static void 
ccw_machine_7_2_class_options(MachineClass *mc)

  S390CcwMachineClass *s390mc = S390_CCW_MACHINE_CLASS(mc);
  static GlobalProperty compat[] = {
  { TYPE_S390_CPU_TOPOLOGY, "topology-allowed", "off", },
+    { TYPE_S390_CPU_TOPOLOGY, "max_threads", "off", },


I don't understand this change.


hum, this was a try to understand how GlobalProperty_compat works and I 
forgot to remove it.

I must say I did not understand exactly how it works.




C.



  };
  ccw_machine_7_3_class_options(mc);
  compat_props_add(mc->compat_props, hw_compat_7_2, 
hw_compat_7_2_len);

  compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
  s390mc->topology_allowed = false;
+    s390mc->max_threads = S390_MAX_CPUS;
  }
  DEFINE_CCW_MACHINE(7_2, "7.2", false);




--
Pierre Morel
IBM Lab Boeblingen

Re: [PATCH] aspeed: Add Supermicro X11 SPI machine type

[Philippe Mathieu-Daudé]

On 25/10/22 18:51, Guenter Roeck wrote:

supermicrox11-bmc is configured with ast2400-a1 SoC. This does not match
the Supermicro documentation for X11 BMCs, and it does not match the
devicetree file in the Linux kernel.

As it turns out, some Supermicro X11 motherboards use AST2400 SoCs,
while others use AST2500.

Introduce new machine type supermicrox11-spi-bmc with AST2500 SoC
to match the devicetree description in the Linux kernel. Hardware
configuration details for this machine type are guesswork and taken
from defaults as well as from the Linux kernel devicetree file.

The new machine type was tested with aspeed-bmc-supermicro-x11spi.dts
from the Linux kernel and with Linux versions 6.0.3 and 6.1-rc2.
Linux booted successfully from initrd and from both SPI interfaces.
Ethernet interfaces were confirmed to be operational.

Signed-off-by: Guenter Roeck 
---
  hw/arm/aspeed.c | 33 +
  1 file changed, 33 insertions(+)


Reviewed-by: Philippe Mathieu-Daudé 

Re: Issue with VDUSE (QSD vduse-blk export) and vhost-vdpa

[Yongji Xie]

Hi Stefano,

On Wed, Oct 26, 2022 at 5:12 PM Stefano Garzarella  wrote:
>
> Hi Xie,
> I was testing libblkio [1] with QSD vduse-blk export and had some
> issues.
>
> In a nutshell, QSD prints me the following messages when using
> vhost-vdpa to access the device:
>
>   Failed to get vq[0] iova mapping
>   Failed to update vring for vq[0]
>
> This happens only with vhost-vdpa, using virtio-vdpa instead the device
> works fine.
> I'm using Linux v6.0 and QEMU master (commit
> 214a8da23651f2472b296b3293e619fd58d9e212).
>
> I haven't had much time to investigate, I hope to do it next week, but
> maybe it's much faster for you.
>
> I saw that ioctl(VDUSE_IOTLB_GET_FD) in libvduse.c returns -1 (EPERM),
> so IIUC in the kernel vduse_dev_broken() was called, and the device is
> in a broken state.
>
>
> We will use libblkio in QEMU [2] to access vDPA devices via vhost-vdpa.
> But I'm doing these tests without QEMU for now, using an example inside
> the libblkio repo:
>
> # Build libblkio and examples
> # Fedora/CentOS/RHEL
> dnf install -y git meson rust cargo python3-docutils rustfmt
> # Debian/Ubuntu
> apt-get install -y git meson rustc cargo python3-docutils
>
> git clone https://gitlab.com/libblkio/libblkio.git
>
> cd libblkio
> git checkout v1.1.0
>
> meson setup build
> meson compile -C build
>
>
> # On terminal 1
> modprobe vduse
> modprobe vhost-vdpa
>
> qemu-img create -f qcow2 -o preallocation=full /path/to/test.qcow2 1g
>
> qemu-storage-daemon \
>   --blockdev 
> file,filename=/path/to/test.qcow2,cache.direct=on,aio=native,node-name=file \
>   --blockdev qcow2,file=file,node-name=qcow2 \
>   --object iothread,id=iothread0 \
>   --export 
> vduse-blk,id=vduse0,name=vduse0,num-queues=1,node-name=qcow2,writable=on,iothread=iothread0
>
>
> # On terminal 2
> vdpa dev add name vduse0 mgmtdev vduse
>
> cd libblkio/build
>
> # blkio-bench executes
> ./examples/blkio-bench virtio-blk-vhost-vdpa \
>   path=/dev/vhost-vdpa-0 --runtime=5 --readwrite=randread
>
> # after this step, QSD (running on terminal 1) prints the following 
> messages:
>   Failed to get vq[0] iova mapping
>   Failed to update vring for vq[0]
>
> I don't know if I'm doing something wrong or in libblkio we have some
> issue, but using vdpa-sim-blk works correctly, so maybe there is
> something in vduse that is missing.
>
> Any help or suggestion is welcome :-)
>

I'd like to know whether bio-bench uses the shared memory
(tmpfs/hugetlbfs) as the vdpa memory region. This is what VDUSE needs.

Thanks,
Yongji

Re: [PATCH v2 19/43] hw/isa/piix3: Allow board to provide PCI interrupt routes

[Bernhard Beschow]

Hi Phil,

Am 25. Oktober 2022 23:34:15 UTC schrieb "Philippe Mathieu-Daudé" 
:
>On 22/10/22 17:04, Bernhard Beschow wrote:
>> PIIX3 initializes the PIRQx route control registers to the default
>> values as described in the 82371AB PCI-TO-ISA/IDE XCELERATOR (PIIX4)
>> April 1997 manual. PIIX4, however, initializes the routes according to
>> the Malta™ User’s Manual, ch 6.6, which are IRQs 10 and 11. In order to
>> allow the reset methods to be consolidated, allow board code to specify
>> the routes.
>> 
>> Signed-off-by: Bernhard Beschow 
>> ---
>>   hw/isa/piix3.c| 12 
>>   include/hw/southbridge/piix.h |  1 +
>>   2 files changed, 9 insertions(+), 4 deletions(-)
>> 
>> diff --git a/hw/isa/piix3.c b/hw/isa/piix3.c
>> index aa32f43e4a..c6a8f1f27d 100644
>> --- a/hw/isa/piix3.c
>> +++ b/hw/isa/piix3.c
>> @@ -168,10 +168,10 @@ static void piix3_reset(DeviceState *dev)
>>   pci_conf[0x4c] = 0x4d;
>>   pci_conf[0x4e] = 0x03;
>>   pci_conf[0x4f] = 0x00;
>> -pci_conf[0x60] = 0x80;
>> -pci_conf[0x61] = 0x80;
>> -pci_conf[0x62] = 0x80;
>> -pci_conf[0x63] = 0x80;
>
>These values are the correct reset ones however (also for PIIX4).
>
>The problem is the Malta machine abuse of the PIIX4 model. IOW
>this doesn't seem the correct approach, we should fix how Malta
>use the PIIX4 (in the emulated tiny boot loader). I'll try to
>write smth before reviewing the rest of this series, because
>it might simplify your refactor.

Indeed my first approach for the refactor was to implement MachineClass::reset 
for Malta where the Malta-specific values would be set. I could redo that if 
you want. Just let me know.

Best regards,
Bernhard
>
>> +pci_conf[PIIX_PIRQCA] = d->pci_irq_reset_mappings[0];
>> +pci_conf[PIIX_PIRQCB] = d->pci_irq_reset_mappings[1];
>> +pci_conf[PIIX_PIRQCC] = d->pci_irq_reset_mappings[2];
>> +pci_conf[PIIX_PIRQCD] = d->pci_irq_reset_mappings[3];
>>   pci_conf[0x69] = 0x02;
>>   pci_conf[0x70] = 0x80;
>>   pci_conf[0x76] = 0x0c;
>> @@ -383,6 +383,10 @@ static void pci_piix3_init(Object *obj)
>> static Property pci_piix3_props[] = {
>>   DEFINE_PROP_UINT32("smb_io_base", PIIX3State, smb_io_base, 0),
>> +DEFINE_PROP_UINT8("pirqa", PIIX3State, pci_irq_reset_mappings[0], 0x80),
>> +DEFINE_PROP_UINT8("pirqb", PIIX3State, pci_irq_reset_mappings[1], 0x80),
>> +DEFINE_PROP_UINT8("pirqc", PIIX3State, pci_irq_reset_mappings[2], 0x80),
>> +DEFINE_PROP_UINT8("pirqd", PIIX3State, pci_irq_reset_mappings[3], 0x80),
>>   DEFINE_PROP_BOOL("has-acpi", PIIX3State, has_acpi, true),
>>   DEFINE_PROP_BOOL("has-usb", PIIX3State, has_usb, true),
>>   DEFINE_PROP_BOOL("smm-enabled", PIIX3State, smm_enabled, false),
>> diff --git a/include/hw/southbridge/piix.h b/include/hw/southbridge/piix.h
>> index 1f22eb1444..df3e0084c5 100644
>> --- a/include/hw/southbridge/piix.h
>> +++ b/include/hw/southbridge/piix.h
>> @@ -54,6 +54,7 @@ struct PIIXState {
>> /* This member isn't used. Just for save/load compatibility */
>>   int32_t pci_irq_levels_vmstate[PIIX_NUM_PIRQS];
>> +uint8_t pci_irq_reset_mappings[PIIX_NUM_PIRQS];
>> ISAPICState pic;
>>   RTCState rtc;
>

Re: [PATCH 0/3] target: Rename headers using .def extension to .h.inc

[Alex Bennée]

Philippe Mathieu-Daudé  writes:

> We use the .h.inc extension to include C headers. To be consistent
> with the rest of the codebase, rename the C headers using the .def
> extension.
>
> IDE/tools using our .editorconfig / .gitattributes will leverage
> this consistency.

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

[PATCH 2/3] virtio_net: Handle _F_STATUS emulation in virtio_net_get_config

[Eugenio Pérez]

At this moment this code path is not reached, but vdpa devices can offer
VIRTIO_NET_F_STATUS unconditionally. While the guest must assume that
link is always up by the standard, qemu will set the status bit to 1
always in this case.

This makes little use by itself, but VIRTIO_NET_F_STATUS is needed for
the guest to read status bit VIRTIO_NET_F_GUEST_ANNOUNCE, used by feature
VIRTIO_NET_F_GUEST_ANNOUNCE. So qemu must emulate status feature in case
it needs to emulate the guest announce feature.

Signed-off-by: Eugenio Pérez 
---
 hw/net/virtio-net.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 56ff219196..6d4d75615b 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -156,8 +156,9 @@ static void virtio_net_get_config(VirtIODevice *vdev, 
uint8_t *config)
  * disconnect/reconnect a VDPA peer.
  */
 if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
-ret = vhost_net_get_config(get_vhost_net(nc->peer), (uint8_t *)&netcfg,
-   n->config_size);
+struct vhost_net *net = get_vhost_net(nc->peer);
+
+ret = vhost_net_get_config(net, (uint8_t *)&netcfg, n->config_size);
 if (ret == -1) {
 return;
 }
@@ -173,6 +174,12 @@ static void virtio_net_get_config(VirtIODevice *vdev, 
uint8_t *config)
 memcpy(netcfg.mac, n->mac, ETH_ALEN);
 }
 
+if (vdev->guest_features & BIT_ULL(VIRTIO_NET_F_STATUS) &&
+!(net->dev.features & BIT_ULL(VIRTIO_NET_F_STATUS))) {
+/* Emulating link up in qemu */
+netcfg.status |= virtio_tswap16(vdev, VIRTIO_NET_S_LINK_UP);
+}
+
 memcpy(config, &netcfg, n->config_size);
 }
 }
-- 
2.31.1

[PATCH 3/3] vdpa: Expose VIRTIO_NET_F_STATUS unconditionally

[Eugenio Pérez]

Now that qemu can handle and emulate it if the vdpa backend does not
support it we can offer it always.

Signed-off-by: Eugenio Pérez 
---
 include/net/vhost-vdpa.h |  1 +
 hw/net/vhost_net.c   | 16 ++--
 net/vhost-vdpa.c |  3 +++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/include/net/vhost-vdpa.h b/include/net/vhost-vdpa.h
index b81f9a6f2a..cfbcce6427 100644
--- a/include/net/vhost-vdpa.h
+++ b/include/net/vhost-vdpa.h
@@ -17,5 +17,6 @@
 struct vhost_net *vhost_vdpa_get_vhost_net(NetClientState *nc);
 
 extern const int vdpa_feature_bits[];
+extern const uint64_t vhost_vdpa_net_added_feature_bits;
 
 #endif /* VHOST_VDPA_H */
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index d28f8b974b..7c15cc6e8f 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -109,10 +109,22 @@ static const int *vhost_net_get_feature_bits(struct 
vhost_net *net)
 return feature_bits;
 }
 
+static uint64_t vhost_net_add_feature_bits(struct vhost_net *net)
+{
+if (net->nc->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
+return vhost_vdpa_net_added_feature_bits;
+}
+
+return 0;
+}
+
 uint64_t vhost_net_get_features(struct vhost_net *net, uint64_t features)
 {
-return vhost_get_features(&net->dev, vhost_net_get_feature_bits(net),
-features);
+uint64_t ret = vhost_get_features(&net->dev,
+  vhost_net_get_feature_bits(net),
+  features);
+
+return ret | vhost_net_add_feature_bits(net);
 }
 int vhost_net_get_config(struct vhost_net *net,  uint8_t *config,
  uint32_t config_len)
diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 6d64000202..24d2857593 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -99,6 +99,9 @@ static const uint64_t vdpa_svq_device_features =
 BIT_ULL(VIRTIO_NET_F_RSC_EXT) |
 BIT_ULL(VIRTIO_NET_F_STANDBY);
 
+const uint64_t vhost_vdpa_net_added_feature_bits =
+BIT_ULL(VIRTIO_NET_F_STATUS);
+
 VHostNetState *vhost_vdpa_get_vhost_net(NetClientState *nc)
 {
 VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
-- 
2.31.1

[PATCH 1/3] virtio_net: Modify virtio_net_get_config to early return

[Eugenio Pérez]

Next patches introduce more code on vhost-vdpa branch, with already have
too much indentation.

Signed-off-by: Eugenio Pérez 
---
 hw/net/virtio-net.c | 28 +++-
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index e9f696b4cf..56ff219196 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -158,20 +158,22 @@ static void virtio_net_get_config(VirtIODevice *vdev, 
uint8_t *config)
 if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
 ret = vhost_net_get_config(get_vhost_net(nc->peer), (uint8_t *)&netcfg,
n->config_size);
-if (ret != -1) {
-/*
- * Some NIC/kernel combinations present 0 as the mac address.  As
- * that is not a legal address, try to proceed with the
- * address from the QEMU command line in the hope that the
- * address has been configured correctly elsewhere - just not
- * reported by the device.
- */
-if (memcmp(&netcfg.mac, &zero, sizeof(zero)) == 0) {
-info_report("Zero hardware mac address detected. Ignoring.");
-memcpy(netcfg.mac, n->mac, ETH_ALEN);
-}
-memcpy(config, &netcfg, n->config_size);
+if (ret == -1) {
+return;
 }
+
+/*
+ * Some NIC/kernel combinations present 0 as the mac address.  As that
+ * is not a legal address, try to proceed with the address from the
+ * QEMU command line in the hope that the address has been configured
+ * correctly elsewhere - just not reported by the device.
+ */
+if (memcmp(&netcfg.mac, &zero, sizeof(zero)) == 0) {
+info_report("Zero hardware mac address detected. Ignoring.");
+memcpy(netcfg.mac, n->mac, ETH_ALEN);
+}
+
+memcpy(config, &netcfg, n->config_size);
 }
 }
 
-- 
2.31.1

[PATCH 0/3] Emulate status feature in vhost-vdpa net

[Eugenio Pérez]

The net config space is already copied from the device so it can me modified
by qemu. In particular, this is already done to fix cases where the NIC does
not expose the right fields.

It's trivial to emulate _F_STATE with qemu if not supported by the device,
sice a valid approach is to always show the link as up. If the feature is
already supported by the device, no config space modification is needed.

This is a pre requisite to use other features like _F_GUEST_ANNOUNCE, since
_F_STATUS is needed for the guest to access the status.

These patches are sent on top of [1] series, so trivial conflicts could arise
if it is applied directly on master. Future versions can be not based on
it is more convenient.

Eugenio Pérez (3):
  virtio_net: Modify virtio_net_get_config to early return
  virtio_net: Handle _F_STATUS emulation in virtio_net_get_config
  vdpa: Expose VIRTIO_NET_F_STATUS unconditionally

 include/net/vhost-vdpa.h |  1 +
 hw/net/vhost_net.c   | 16 ++--
 hw/net/virtio-net.c  | 39 ---
 net/vhost-vdpa.c |  3 +++
 4 files changed, 42 insertions(+), 17 deletions(-)

-- 
2.31.1

Re: [PATCH 1/3] target/m68k: Rename qregs.def -> qregs.h.inc

[Laurent Vivier]

Le 26/10/2022 à 01:50, Philippe Mathieu-Daudé a écrit :

We use the .h.inc extension to include C headers. To be consistent
with the rest of the codebase, rename the C headers using the .def
extension.

IDE/tools using our .editorconfig / .gitattributes will leverage
this consistency.

Signed-off-by: Philippe Mathieu-Daudé 
---
  target/m68k/{qregs.def => qregs.h.inc} | 0
  target/m68k/translate.c| 4 ++--
  2 files changed, 2 insertions(+), 2 deletions(-)
  rename target/m68k/{qregs.def => qregs.h.inc} (100%)

diff --git a/target/m68k/qregs.def b/target/m68k/qregs.h.inc
similarity index 100%
rename from target/m68k/qregs.def
rename to target/m68k/qregs.h.inc
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 9df17aa4b2..f018fa9eb0 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -39,7 +39,7 @@
  
  #define DEFO32(name, offset) static TCGv QREG_##name;

  #define DEFO64(name, offset) static TCGv_i64 QREG_##name;
-#include "qregs.def"
+#include "qregs.h.inc"
  #undef DEFO32
  #undef DEFO64
  
@@ -75,7 +75,7 @@ void m68k_tcg_init(void)

  #define DEFO64(name, offset) \
  QREG_##name = tcg_global_mem_new_i64(cpu_env, \
  offsetof(CPUM68KState, offset), #name);
-#include "qregs.def"
+#include "qregs.h.inc"
  #undef DEFO32
  #undef DEFO64
  


Reviewed-by: Laurent Vivier 

Re: Issue with VDUSE (QSD vduse-blk export) and vhost-vdpa

[Stefano Garzarella]

On Wed, Oct 26, 2022 at 05:39:23PM +0800, Yongji Xie wrote:

Hi Stefano,

On Wed, Oct 26, 2022 at 5:12 PM Stefano Garzarella  wrote:


Hi Xie,
I was testing libblkio [1] with QSD vduse-blk export and had some
issues.

In a nutshell, QSD prints me the following messages when using
vhost-vdpa to access the device:

  Failed to get vq[0] iova mapping
  Failed to update vring for vq[0]

This happens only with vhost-vdpa, using virtio-vdpa instead the device
works fine.
I'm using Linux v6.0 and QEMU master (commit
214a8da23651f2472b296b3293e619fd58d9e212).

I haven't had much time to investigate, I hope to do it next week, but
maybe it's much faster for you.

I saw that ioctl(VDUSE_IOTLB_GET_FD) in libvduse.c returns -1 (EPERM),
so IIUC in the kernel vduse_dev_broken() was called, and the device is
in a broken state.


We will use libblkio in QEMU [2] to access vDPA devices via vhost-vdpa.
But I'm doing these tests without QEMU for now, using an example inside
the libblkio repo:

# Build libblkio and examples
# Fedora/CentOS/RHEL
dnf install -y git meson rust cargo python3-docutils rustfmt
# Debian/Ubuntu
apt-get install -y git meson rustc cargo python3-docutils

git clone https://gitlab.com/libblkio/libblkio.git

cd libblkio
git checkout v1.1.0

meson setup build
meson compile -C build


# On terminal 1
modprobe vduse
modprobe vhost-vdpa

qemu-img create -f qcow2 -o preallocation=full /path/to/test.qcow2 1g

qemu-storage-daemon \
  --blockdev 
file,filename=/path/to/test.qcow2,cache.direct=on,aio=native,node-name=file \
  --blockdev qcow2,file=file,node-name=qcow2 \
  --object iothread,id=iothread0 \
  --export 
vduse-blk,id=vduse0,name=vduse0,num-queues=1,node-name=qcow2,writable=on,iothread=iothread0


# On terminal 2
vdpa dev add name vduse0 mgmtdev vduse

cd libblkio/build

# blkio-bench executes
./examples/blkio-bench virtio-blk-vhost-vdpa \
  path=/dev/vhost-vdpa-0 --runtime=5 --readwrite=randread

# after this step, QSD (running on terminal 1) prints the following 
messages:
  Failed to get vq[0] iova mapping
  Failed to update vring for vq[0]

I don't know if I'm doing something wrong or in libblkio we have some
issue, but using vdpa-sim-blk works correctly, so maybe there is
something in vduse that is missing.

Any help or suggestion is welcome :-)



I'd like to know whether bio-bench uses the shared memory
(tmpfs/hugetlbfs) as the vdpa memory region. This is what VDUSE needs.


Okay, so IIUC every memory regions should have an associated fd.

The buffers in libblkio are already allocated in this way, but it is not 
true for the virtqueue memory, I'll change it and test.


Thanks for the help :-)
Stefano

Re: [PATCH v2 0/3] Performance optimizations for PPC64

[Daniel Henrique Barboza]

Patches 2 and 3 queued in ppc-next (Richard is queueing patch 1 via
tcg-next).


Thanks,

Daniel

On 10/25/22 17:24, Leandro Lupori wrote:

Changes from v1:
- Turn macro into an inline function
- Rename functions

Leandro Lupori (3):
   accel/tcg: Add a quicker check for breakpoints
   target/ppc: Add new PMC HFLAGS
   target/ppc: Increment PMC5 with inline insns

  accel/tcg/cpu-exec.c | 15 
  target/ppc/cpu.h |  4 ++-
  target/ppc/helper.h  |  1 +
  target/ppc/helper_regs.c |  6 
  target/ppc/power8-pmu.c  | 74 +---
  target/ppc/power8-pmu.h  |  3 ++
  target/ppc/translate.c   | 32 +++--
  7 files changed, 89 insertions(+), 46 deletions(-)

Re: [PATCH v6 5/7] hw/arm/virt: Improve high memory region address assignment

[Cornelia Huck]

On Wed, Oct 26 2022, Gavin Shan  wrote:

> Hi Eric,
>
> On 10/26/22 12:29 AM, Eric Auger wrote:
>> On 10/24/22 05:54, Gavin Shan wrote:
>>> There are three high memory regions, which are VIRT_HIGH_REDIST2,
>>> VIRT_HIGH_PCIE_ECAM and VIRT_HIGH_PCIE_MMIO. Their base addresses
>>> are floating on highest RAM address. However, they can be disabled
>>> in several cases.
>>>
>>> (1) One specific high memory region is likely to be disabled by
>>>  code by toggling vms->highmem_{redists, ecam, mmio}.
>>>
>>> (2) VIRT_HIGH_PCIE_ECAM region is disabled on machine, which is
>>>  'virt-2.12' or ealier than it.
>>>
>>> (3) VIRT_HIGH_PCIE_ECAM region is disabled when firmware is loaded
>>>  on 32-bits system.
>>>
>>> (4) One specific high memory region is disabled when it breaks the
>>>  PA space limit.
>>>
>>> The current implementation of virt_set_{memmap, high_memmap}() isn't
>>> optimized because the high memory region's PA space is always reserved,
>>> regardless of whatever the actual state in the corresponding
>>> vms->highmem_{redists, ecam, mmio} flag. In the code, 'base' and
>>> 'vms->highest_gpa' are always increased for case (1), (2) and (3).
>>> It's unnecessary since the assigned PA space for the disabled high
>>> memory region won't be used afterwards.
>>>
>>> Improve the address assignment for those three high memory region by
>>> skipping the address assignment for one specific high memory region if
>>> it has been disabled in case (1), (2) and (3). The memory layout may
>>> be changed after the improvement is applied, which leads to potential
>>> migration breakage. So 'vms->highmem_compact' is added to control if
>>> the improvement should be applied. For now, 'vms->highmem_compact' is
>>> set to false, meaning that we don't have memory layout change until it
>>> becomes configurable through property 'compact-highmem' in next patch.
>>>
>>> Signed-off-by: Gavin Shan 
>>> Reviewed-by: Cornelia Huck 
>> the code has quite changed since Connie's R-b
>
> Right. Connie, could you please check if the changes make sense to you
> and I can regain your R-B? :)

My R-b still holds.

>
>>> Tested-by: Zhenyu Zhang 
>>> ---
>>>   hw/arm/virt.c | 15 ++-
>>>   include/hw/arm/virt.h |  1 +
>>>   2 files changed, 11 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
>>> index ee98a8a3b6..4896f600b4 100644
>>> --- a/hw/arm/virt.c
>>> +++ b/hw/arm/virt.c
>>> @@ -1721,18 +1721,23 @@ static void virt_set_high_memmap(VirtMachineState 
>>> *vms,
>>>   vms->memmap[i].size = region_size;
>>>   
>>>   /*
>>> - * Check each device to see if they fit in the PA space,
>>> - * moving highest_gpa as we go.
>>> + * Check each device to see if it fits in the PA space,
>>> + * moving highest_gpa as we go. For compatibility, move
>>> + * highest_gpa for disabled fitting devices as well, if
>>> + * the compact layout has been disabled.
>>>*
>>>* For each device that doesn't fit, disable it.
>>>*/
>>>   fits = (region_base + region_size) <= BIT_ULL(pa_bits);
>>> -if (fits) {
>>> -vms->highest_gpa = region_base + region_size - 1;
>>> +*region_enabled &= fits;
>>> +if (vms->highmem_compact && !*region_enabled) {
>>> +continue;
>>>   }
>>>   
>>> -*region_enabled &= fits;
>>>   base = region_base + region_size;
>>> +if (fits) {
>>> +vms->highest_gpa = region_base + region_size - 1;
>> 
>> vms->highest_gpa = base - 1;
>> 
>
> It's personal taste actually. I was thinking of using 'base - 1', but
> 'region_base + region_size - 1' looks more like a direct way. I don't
> have strong sense though and lets use 'base - 1' in next respin.

I don't really have a preference for one or the other.

Re: [PATCH 0/4] Allow to pass pre-created VFIO container/group to QEMU

[Andrey Ryabinin]

On 10/17/22 14:05, Daniel P. Berrangé wrote:
> On Mon, Oct 17, 2022 at 01:54:03PM +0300, Andrey Ryabinin wrote:
>> These patches add possibility to pass VFIO device to QEMU using file
>> descriptors of VFIO container/group, instead of creating those by QEMU.
>> This allows to take away permissions to open /dev/vfio/* from QEMU and
>> delegate that to managment layer like libvirt.
>>
>> The VFIO API doen't allow to pass just fd of device, since we also need to 
>> have
>> VFIO container and group. So these patches allow to pass created VFIO 
>> container/group
>> to QEMU via command line/QMP, e.g. like this:
>> -object vfio-container,id=ct,fd=5 \
>> -object vfio-group,id=grp,fd=6,container=ct \
>> -device vfio-pci,host=05:00.0,group=grp
>>
>> A bit more detailed example can be found in the test:
>> tests/avocado/vfio.py
>>
>>  *Possible future steps*
>>
>> Also these patches could be a step for making local migration (within one 
>> host)
>> of the QEMU with VFIO devices.
>> I've built some prototype on top of these patches to try such idea.
>> In short the scheme of such migration is following:
>>  - migrate source VM to file.
>>  - retrieve fd numbers of VFIO container/group/device via new property and 
>> qom-get command
>>  - get the actual file descriptor via SCM_RIGHTS using new qmp command 
>> 'returnfd' which
>>sends fd from QEMU by the number: { 'command': 'returnfd', 'data': {'fd': 
>> 'int'}}
>>  - shutdown source VM
>>  - launch destination VM, plug VFIO devices using obtained file descriptors.
>>  - PCI device reset duriing plugging the device avoided with the help of new 
>> parameter
>> on vfio-pci device.
> 
> Is there a restriction by VFIO on how many processes can have the FD
> open concurrently ? I guess it must be, as with SCM_RIGHTS, both src
> QEMU and libvirt will have the FD open concurrently for at least a
> short period, as you can't atomically close the FD at the exact same
> time as SCM_RIGHTS sends it.
> 

There is no such restriction. Several opened descriptors is what allows us to 
survive
PCI device reset. The kernel reset device on the first open.
Obviously we shouldn't use these descriptors concurrently and can't in many 
cases
(ioctl()s will fail), but there is no problem with just saving/passing FD 
between processes.


> With migration it is *highly* desirable to never stop the source VM's
> QEMU until the new QEMU has completed migration and got its vCPUs
> running, in order to have best chance of successful rollback upon
> failure
> 
> So assuming both QEMU's can have the FD open, provided they don't
> both concurrently operate on it, could src QEMU just pass the FDs
> to the target QEMU as part of the migration stream. eg use a UNIX
> socket between the 2 QEMUs, and SCM_RIGHTS to pass the FDs across,
> avoiding libvirt needing to be in the middle of the FD passing
> dance. Since target QEMU gets the FDs as part of the migration
> stream, it would inherantly know that it shold skip device reset
> in that flow, without requiring any new param.
> 

Yeah, I had similar idea, but this would require a lot of rework of VFIO 
initialization
phase in QEMU. The main problem here is all initialization happens on device 
addition, which will fail
if device already used by another QEMU. I guess we would  need to move lot's of 
initialization to the
->post_load() hook.

Re: [PATCH v6 7/7] hw/arm/virt: Add properties to disable high memory regions

[Cornelia Huck]

On Wed, Oct 26 2022, Gavin Shan  wrote:

> Hi Connie,
>
> On 10/25/22 6:54 PM, Cornelia Huck wrote:
>> On Mon, Oct 24 2022, Gavin Shan  wrote:
>> 
>>> These 3 high memory regions are usually enabled by default, but
>> 
>> s/These 3/The/ ?
>> 
>
> Ok.
>
>>> they may be not used. For example, VIRT_HIGH_GIC_REDIST2 isn't
>>> needed by GICv2. This leads to waste in the PA space.
>> 
>> When building the command line, do we have enough information on when
>> the regions provide something useful, and when they just waste space?
>> 
>
> I think the help messages are already indicative. For example, the help
> messages for 'highmem-redist2' indicate the region is only needed by
> GICv3 or GICv4. 'highmem-ecam' and 'highmem-mmio' are needed by PCI ECAM
> and MMIO and the key words 'high' indicates they're the corresponding
> second window.
>
> #./qemu-system-aarch64 -M virt,?
> highmem-ecam=- Set on/off to enable/disable high memory region for 
> PCI ECAM
> highmem-mmio=- Set on/off to enable/disable high memory region for 
> PCI MMIO
> highmem-redists= - Set on/off to enable/disable high memory region for 
> GICv3 or GICv4 redistributor

OK, hopefully this is enough for anyone building a command line
directly. (Do we want to encourage management software like libvirt to
switch off regions that are not needed?)

>
>>>
>>> Add properties to allow users selectively disable them if needed:
>>> "highmem-redists", "highmem-ecam", "highmem-mmio".
>>>
>>> Suggested-by: Marc Zyngier 
>>> Signed-off-by: Gavin Shan 
>>> ---
>>>   docs/system/arm/virt.rst | 12 
>>>   hw/arm/virt.c| 64 
>>>   2 files changed, 76 insertions(+)
>>>
>>> diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
>>> index 4454706392..a1668a969d 100644
>>> --- a/docs/system/arm/virt.rst
>>> +++ b/docs/system/arm/virt.rst
>>> @@ -98,6 +98,18 @@ compact-highmem
>>> Set ``on``/``off`` to enable/disable the compact layout for high memory 
>>> regions.
>>> The default is ``on`` for machine types later than ``virt-7.2``.
>>>   
>>> +highmem-redists
>>> +  Set ``on``/``off`` to enable/disable the high memry region for GICv3/4
>> 
>> s/memry/memory/
>> 
>
> Ok, copy-and-paste error. Will be fixed.
>
>>> +  redistributor. The default is ``on``.
>> 
>> Do we need to add a note about what effects setting this to "off" may
>> have, e.g. "Setting this to ``off`` may limit the maximum number of
>> cpus." or so? And/or "Setting this to ``off`` when using GICv2 will save
>> some space."?
>> 
>
> We may not mention GICv2 since GICv3/v4 are already mentioned. It's a
> good idea to mention that the maximum number of CPUs is reduced when
> it's turned off. I will have something like below in next respin if
> you agree.
>
> highmem-redists
>Set ``on``/``off`` to enable/disable the high memroy region for GICv3 or
>GICv4 redistributor. The default is ``on``. Setting this to ``off`` will
>limit the maximum number of CPUs when GICv3 or GICv4 is used.

OK, sounds reasonable to me.

>
> Since 'vms->highmem_redists' is changeable, the 'virt_max_cpus' in
> machvirt_init() needs to be recalculated based on that. The code change
> will be included into next respin. Besides, the follow-up error message
> will be improved to something like below.
>
>error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
> "supported by machine 'mach-virt' (%d). The high memory "
> "region for GICv3 or GICv4 redistributor has been %s",
> max_cpus, virt_max_cpus,
> vms->highmem_redists ? "enabled" : "disabled");

Hm, the doc for error_report() states that "The resulting message should
be a single phrase, with no newline or trailing punctuation." Maybe

if (max_cpus > virt_max_cpus) {
error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
 "supported by machine 'mach-virt' (%d)",
 max_cpus, virt_max_cpus);
if (vms->gic_version != VIRT_GIC_VERSION_2 &&
!vms->higmem_redists) {
error_printf("Try 'highmem-redists=on' for more CPUs\n");
}
exit(1);
}

[RESEND PATCH v2] target/i386: Switch back XFRM value

[Yang Zhong]

The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with
FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}, which made
SGX enclave only supported SSE and x87 feature(xfrm=0x3).

Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")

Signed-off-by: Yang Zhong 
---
 target/i386/cpu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ad623d91e4..19aaed877b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5584,8 +5584,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 } else {
 *eax &= env->features[FEAT_SGX_12_1_EAX];
 *ebx &= 0; /* ebx reserve */
-*ecx &= env->features[FEAT_XSAVE_XSS_LO];
-*edx &= env->features[FEAT_XSAVE_XSS_HI];
+*ecx &= env->features[FEAT_XSAVE_XCR0_LO];
+*edx &= env->features[FEAT_XSAVE_XCR0_HI];
 
 /* FP and SSE are always allowed regardless of XSAVE/XCR0. */
 *ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK;
-- 
2.30.2

Re: [PATCH 0/4] Allow to pass pre-created VFIO container/group to QEMU

[Andrey Ryabinin]

On 10/17/22 18:21, Alex Williamson wrote:
> On Mon, 17 Oct 2022 13:54:03 +0300
> Andrey Ryabinin  wrote:
> 
>> These patches add possibility to pass VFIO device to QEMU using file
>> descriptors of VFIO container/group, instead of creating those by QEMU.
>> This allows to take away permissions to open /dev/vfio/* from QEMU and
>> delegate that to managment layer like libvirt.
>>
>> The VFIO API doen't allow to pass just fd of device, since we also need to 
>> have
>> VFIO container and group. So these patches allow to pass created VFIO 
>> container/group
>> to QEMU via command line/QMP, e.g. like this:
>> -object vfio-container,id=ct,fd=5 \
>> -object vfio-group,id=grp,fd=6,container=ct \
>> -device vfio-pci,host=05:00.0,group=grp
> 
> This suggests that management tools need to become intimately familiar
> with container and group association restrictions for implicit
> dependencies, such as device AddressSpace.  We had considered this
> before and intentionally chosen to allow QEMU to manage that
> relationship.  Things like PCI bus type and presence of a vIOMMU factor
> into these relationships.
> 

This is already the case. These patches doesn't change much.
QEMU doesn't allow to adding device from one group to several address spaces.
So the management tool needs to know whether devices are in the same group or 
not
and whether QEMU will create separate address spaces for these devices or not.

E.g.
qemu-system-x86_64 -nodefaults -M q35,accel=kvm,kernel-irqchip=split \
-device intel-iommu,intremap=on,caching-mode=on \
-device vfio-pci,host=00:1f.3 \
-device vfio-pci,host=00:1f.4 
qemu-system-x86_64: -device vfio-pci,host=00:1f.4: vfio :00:1f.4: group 14 
used in multiple address spaces

> In the above example, what happens in a mixed environment, for example
> if we then add '-device vfio-pci,host=06:00.0' to the command line?
> Isn't QEMU still going to try to re-use the container if it exists in
> the same address space? Potentially this device could also be a member
> of the same group.  How would the management tool know when to expect
> the provided fds be released?
> 

Valid point, container indeed will be reused and second device will occupy it.
But we could make new container instead. Using several containers in one address
space won't be a problem, right?
Of course several devices from same group won't be allowed to be added in mixed 
way.


> We also have an outstanding RFC for iommufd that already proposes an fd
> passing interface, where iommufd removes many of the issues of the vfio
> container by supporting multiple address spaces within a single fd
> context, avoiding the duplicate locked page accounting issues between
> containers, and proposing a direct device fd interface for vfio.  Why at
> this point in time would we choose to expand the QEMU vfio interface in
> this way?  Thanks,
> 

It sounds nice, but iommufd is new API which doesn't exist in any kernel yet.
These patches is something that can be used on existing, already deployed 
kernels.

Re: [PATCH v2] seccomp: Get actual errno value from failed seccomp functions

[Daniel P . Berrangé]

On Wed, Oct 26, 2022 at 09:30:24AM +0200, Michal Privoznik wrote:
> Upon failure, a libseccomp API returns actual errno value very
> rarely. Fortunately, after its commit 34bf78ab (contained in
> 2.5.0 release), the SCMP_FLTATR_API_SYSRAWRC attribute can be set
> which makes subsequent APIs return true errno on failure.
> 
> This is especially critical when seccomp_load() fails, because
> generic -ECANCELED says nothing.
> 
> Signed-off-by: Michal Privoznik 
> Reviewed-by: Philippe Mathieu-Daudé 
> ---
> 
> v2 of:
> 
> https://lists.gnu.org/archive/html/qemu-devel/2022-10/msg04509.html
> 
> diff to v1:
> - added comment when setting SYSRAWRC attribute per Philippe's
>   suggestion
> 
>  meson.build|  9 +
>  softmmu/qemu-seccomp.c | 13 +
>  2 files changed, 22 insertions(+)

Reviewed-by: Daniel P. Berrangé 

With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [PATCH 21/24] accel/tcg: Move page_{get, set}_flags to user-exec.c

[Alex Bennée]

Richard Henderson  writes:

> This page tracking implementation is specific to user-only,
> since the system softmmu version is in cputlb.c.  Move it
> out of translate-all.c to user-exec.c.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

Re: [PATCH 1/3] qemu-img: Add checksum command

[Hanna Reitz]

On 01.09.22 16:32, Nir Soffer wrote:

The checksum command compute a checksum for disk image content using the
blkhash library[1]. The blkhash library is not packaged yet, but it is
available via copr[2].

Example run:

 $ ./qemu-img checksum -p fedora-35.qcow2
 6e5c00c995056319d52395f8d91c7f84725ae3da69ffcba4de4c7d22cff713a5  
fedora-35.qcow2

The block checksum is constructed by splitting the image to fixed sized
blocks and computing a digest of every block. The image checksum is the
digest of the all block digests.

The checksum uses internally the "sha256" algorithm but it cannot be
compared with checksums created by other tools such as `sha256sum`.

The blkhash library supports sparse images, zero detection, and
optimizes zero block hashing (they are practically free). The library
uses multiple threads to speed up the computation.

Comparing to `sha256sum`, `qemu-img checksum` is 3.5-4800[3] times
faster, depending on the amount of data in the image:

 $ ./qemu-img info /scratch/50p.raw
 file format: raw
 virtual size: 6 GiB (6442450944 bytes)
 disk size: 2.91 GiB

 $ hyperfine -w2 -r5 -p "sleep 1" "./qemu-img checksum /scratch/50p.raw" \
  "sha256sum /scratch/50p.raw"
 Benchmark 1: ./qemu-img checksum /scratch/50p.raw
   Time (mean ± σ):  1.849 s ±  0.037 s[User: 7.764 s, System: 
0.962 s]
   Range (min … max):1.813 s …  1.908 s5 runs

 Benchmark 2: sha256sum /scratch/50p.raw
   Time (mean ± σ): 14.585 s ±  0.072 s[User: 13.537 s, System: 
1.003 s]
   Range (min … max):   14.501 s … 14.697 s5 runs

 Summary
   './qemu-img checksum /scratch/50p.raw' ran
 7.89 ± 0.16 times faster than 'sha256sum /scratch/50p.raw'

The new command is available only when `blkhash` is available during
build. To test the new command please install the `blkhash-devel`
package:

 $ dnf copr enable nsoffer/blkhash
 $ sudo dnf install blkhash-devel

[1] https://gitlab.com/nirs/blkhash
[2] https://copr.fedorainfracloud.org/coprs/nsoffer/blkhash/
[3] Computing checksum for 8T empty image: qemu-img checksum: 3.7s,
 sha256sum (estimate): 17,749s

Signed-off-by: Nir Soffer 
---
  docs/tools/qemu-img.rst |  22 +
  meson.build |  10 ++-
  meson_options.txt   |   2 +
  qemu-img-cmds.hx|   8 ++
  qemu-img.c  | 191 
  5 files changed, 232 insertions(+), 1 deletion(-)

diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
index 85a6e05b35..8be9c45cbf 100644
--- a/docs/tools/qemu-img.rst
+++ b/docs/tools/qemu-img.rst
@@ -347,20 +347,42 @@ Command description:
  Check completed, image is corrupted
3
  Check completed, image has leaked clusters, but is not corrupted
63
  Checks are not supported by the image format
  
If ``-r`` is specified, exit codes representing the image state refer to the

state after (the attempt at) repairing it. That is, a successful ``-r all``
will yield the exit code 0, independently of the image state before.
  
+.. option:: checksum [--object OBJECTDEF] [--image-opts] [-f FMT] [-T SRC_CACHE] [-p] FILENAME

+
+  Print a checksum for image *FILENAME* guest visible content.


Why not say which kind of checksum it is?


 Images with
+  different format or settings wil have the same checksum.


s/wil/will/


+
+  The format is probed unless you specify it by ``-f``.
+
+  The checksum is computed for guest visible content. Allocated areas full of
+  zeroes, zero clusters, and unallocated areas are read as zeros so they will
+  have the same checksum. Images with single or multiple files or backing files
+  will have the same checksums if the guest will see the same content when
+  reading the image.
+
+  Image metadata that is not visible to the guest such as dirty bitmaps does
+  not affect the checksum.
+
+  Computing a checksum requires a read-only image. You cannot compute a
+  checksum of an active image used by a guest,


Makes me ask: Why not?  Other subcommands have the -U flag for this.


 but you can compute a checksum
+  of a guest during pull mode incremental backup using NBD URL.
+
+  The checksum is not compatible with other tools such as *sha256sum*.


Why not?  I can see it differs even for raw images, but why?  I would 
have very much assumed that this gives me exactly what sha256sum in the 
guest on the guest device would yield.



+
  .. option:: commit [--object OBJECTDEF] [--image-opts] [-q] [-f FMT] [-t 
CACHE] [-b BASE] [-r RATE_LIMIT] [-d] [-p] FILENAME
  
Commit the changes recorded in *FILENAME* in its base image or backing file.

If the backing file is smaller than the snapshot, then the backing file 
will be
resized to be the same size as the snapshot.  If the snapshot is smaller 
than
the backing file, 

Re: [PATCH v5 0/7] qga: Add FreeBSD support

[Alexander Ivanov]

Could you please clarify the status of the patchset?

Thank you.

On 17.10.2022 09:28, Alexander Ivanov wrote:

Add freeze/thaw, shutdown/halt/reboot, password setting and
guest-network-get-interfaces command support for FreeBSD.

v5:
2: Left ga_wait_child() static in commands-posix.c.

v4:
6,7: Return bool instead int in guest_get_hw_addr().

v3:
1: Add a comment about echo suppressing.
5: Replace code moving by splitting the code into a few blocks under
architecture conditions.
5,6: Move actions with dumb qmp_guest_set_user_password() to
  the appropriate patch.
6: Fix error/obtained return.

v2:
1: Reject the idea to move all the Linux-specific code to a separate file.
First commit now adds initial support of FreeBSD. Fixed device paths
and fixed virtio device initialization (disable echo). Add comment why
we should disable the code under HAVE_GETIFADDRS in FreeBSD.
2: Replace the second commit (which now is the first) by moving
Linux-specific freeze/thaw code to a separate file commands-linux.c.
3: Add error raising if stat() returns error. Replaced strcmp() calls by
g_str_equal(). Add a comment explaining why UFSRESUME isn't necessary.
4: Replace #elifdef by #elif defined().
5: Now the code doesn't move from one file to aanother but still is
moving inside file so the patch doesn't become easier to review. =(
Fixed typos.
6,7: New patches. Add guest-network-get-interfaces command support.

Alexander Ivanov (7):
   qga: Add initial FreeBSD support
   qga: Move Linux-specific FS freeze/thaw code to a separate file
   qga: Add UFS freeze/thaw support for FreeBSD
   qga: Add shutdown/halt/reboot support for FreeBSD
   qga: Add support for user password setting in FreeBSD
   qga: Move HW address getting to a separate function
   qga: Add HW address getting for FreeBSD

  meson.build   |   2 +-
  qga/channel-posix.c   |  19 ++
  qga/commands-bsd.c| 200 +
  qga/commands-common.h |  51 
  qga/commands-linux.c  | 286 +++
  qga/commands-posix.c  | 639 ++
  qga/main.c|  13 +-
  qga/meson.build   |   6 +
  8 files changed, 778 insertions(+), 438 deletions(-)
  create mode 100644 qga/commands-bsd.c
  create mode 100644 qga/commands-linux.c

Re: [PATCH 2/3] iotests: Test qemu-img checksum

[Hanna Reitz]

On 01.09.22 16:32, Nir Soffer wrote:

Add simple tests creating an image with all kinds of extents, different
formats, different backing chain, different protocol, and different
image options. Since all images have the same guest visible content they
must have the same checksum.

To help debugging in case of failures, the output includes a json map of
every test image.

Signed-off-by: Nir Soffer 
---
  tests/qemu-iotests/tests/qemu-img-checksum| 149 ++
  .../qemu-iotests/tests/qemu-img-checksum.out  |  74 +
  2 files changed, 223 insertions(+)
  create mode 100755 tests/qemu-iotests/tests/qemu-img-checksum
  create mode 100644 tests/qemu-iotests/tests/qemu-img-checksum.out

diff --git a/tests/qemu-iotests/tests/qemu-img-checksum 
b/tests/qemu-iotests/tests/qemu-img-checksum
new file mode 100755
index 00..3a85ba33f2
--- /dev/null
+++ b/tests/qemu-iotests/tests/qemu-img-checksum
@@ -0,0 +1,149 @@
+#!/usr/bin/env python3
+# group: rw auto quick
+#
+# Test cases for qemu-img checksum.
+#
+# Copyright (C) 2022 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+
+import re
+
+import iotests
+
+from iotests import (
+filter_testfiles,
+qemu_img,
+qemu_img_log,
+qemu_io,
+qemu_nbd_popen,
+)
+
+
+def checksum_available():
+out = qemu_img("--help").stdout
+return re.search(r"\bchecksum .+ filename\b", out) is not None
+
+
+if not checksum_available():
+iotests.notrun("checksum command not available")
+
+iotests.script_initialize(
+supported_fmts=["raw", "qcow2"],
+supported_cache_modes=["none", "writeback"],


It doesn’t work with writeback, though, because it uses -T none below.

Which by the way is a heavy cost, because I usually run tests in tmpfs, 
where this won’t work.  Is there any way of not doing the -T none below?



+supported_protocols=["file", "nbd"],
+required_fmts=["raw", "qcow2"],
+)
+
+print()
+print("=== Test images ===")
+print()
+
+disk_raw = iotests.file_path('raw')
+qemu_img("create", "-f", "raw", disk_raw, "10m")
+qemu_io("-f", "raw",
+"-c", "write -P 0x1 0 2m",  # data
+"-c", "write -P 0x0 2m 2m", # data with zeroes
+"-c", "write -z 4m 2m", # zero allocated
+"-c", "write -z -u 6m 2m",  # zero hole
+# unallocated
+disk_raw)
+print(filter_testfiles(disk_raw))
+qemu_img_log("map", "--output", "json", disk_raw)
+
+disk_qcow2 = iotests.file_path('qcow2')
+qemu_img("create", "-f", "qcow2", disk_qcow2, "10m")
+qemu_io("-f", "qcow2",
+"-c", "write -P 0x1 0 2m",  # data
+"-c", "write -P 0x0 2m 2m", # data with zeroes
+"-c", "write -z 4m 2m", # zero allocated
+"-c", "write -z -u 6m 2m",  # zero hole
+# unallocated
+disk_qcow2)
+print(filter_testfiles(disk_qcow2))
+qemu_img_log("map", "--output", "json", disk_qcow2)


This isn’t how iotests work, generally.  When run with -qcow2 -file, it 
should only test qcow2 on file, not raw on file, not raw on nbd. Perhaps 
this way this test could even support other formats than qcow2 and raw.


Hanna

[PATCH 3/4] hw/i386/acpi-build: Resolve PIIX ISA bridge rather than ACPI controller

[Bernhard Beschow]

Resolving the PIIX ISA bridge rather than the PIIX ACPI controller mirrors
the ICH9 code one line below.

Signed-off-by: Bernhard Beschow 
---
 hw/i386/acpi-build.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index f3131fee60..f0a20c8b21 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1437,7 +1437,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
AcpiPmInfo *pm, AcpiMiscInfo *misc,
Range *pci_hole, Range *pci_hole64, MachineState *machine)
 {
-Object *piix = object_resolve_type_unambiguous(TYPE_PIIX4_PM);
+Object *piix = object_resolve_type_unambiguous(TYPE_PIIX3_PCI_DEVICE);
 Object *ich9 = object_resolve_type_unambiguous(TYPE_ICH9_LPC_DEVICE);
 CrsRangeEntry *entry;
 Aml *dsdt, *sb_scope, *scope, *dev, *method, *field, *pkg, *crs;
-- 
2.38.1

[PATCH 0/4] Cleanup AML generation for north and south bridges

[Bernhard Beschow]

While refactoring of PCI AML generation seems to be still ongoing, this series
attempts to be an intermediate, short-term step to improve comprehensibility of
the code. It also simplifies experimentation with different south bridges (PIIX4
and VT82xx) in the pc machine.

Testing done:
* `mache check`
* Start a live CD using "pc" and "q35" machine types

Bernhard Beschow (4):
  hw/i386/acpi-build: Remove unused struct
  hw/i386/acpi-build: Resolve redundant attribute
  hw/i386/acpi-build: Resolve PIIX ISA bridge rather than ACPI
controller
  hw/i386/acpi-build: Generate AML for north and south bridges
separately

 hw/i386/acpi-build.c | 45 ++--
 1 file changed, 18 insertions(+), 27 deletions(-)

-- 
2.38.1

[PATCH 1/4] hw/i386/acpi-build: Remove unused struct

[Bernhard Beschow]

Ammends commit b23046abe78f48498a423b802d6d86ba0172d57f 'pc: acpi-build:
simplify PCI bus tree generation'.

Signed-off-by: Bernhard Beschow 
---
 hw/i386/acpi-build.c | 7 ---
 1 file changed, 7 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 4f54b61904..b4d9a05760 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -121,13 +121,6 @@ typedef struct AcpiMiscInfo {
 unsigned dsdt_size;
 } AcpiMiscInfo;
 
-typedef struct AcpiBuildPciBusHotplugState {
-GArray *device_table;
-GArray *notify_table;
-struct AcpiBuildPciBusHotplugState *parent;
-bool pcihp_bridge_en;
-} AcpiBuildPciBusHotplugState;
-
 typedef struct FwCfgTPMConfig {
 uint32_t tpmppi_address;
 uint8_t tpm_version;
-- 
2.38.1

[PATCH 4/4] hw/i386/acpi-build: Generate AML for north and south bridges separately

[Bernhard Beschow]

The code currently assumes Q35 iff ICH9 and i440fx iff PIIX. This is
slightly confusing when trying to understand the code. Split north and
south bridge code to communicate which piece of code assumes which type
of bridge.

Signed-off-by: Bernhard Beschow 
---
 hw/i386/acpi-build.c | 22 ++
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index f0a20c8b21..8fbe223d08 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -60,6 +60,7 @@
 #include "hw/i386/fw_cfg.h"
 #include "hw/i386/ich9.h"
 #include "hw/pci/pci_bus.h"
+#include "hw/pci-host/i440fx.h"
 #include "hw/pci-host/q35.h"
 #include "hw/i386/x86-iommu.h"
 
@@ -1437,6 +1438,8 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
AcpiPmInfo *pm, AcpiMiscInfo *misc,
Range *pci_hole, Range *pci_hole64, MachineState *machine)
 {
+Object *i440fx = 
object_resolve_type_unambiguous(TYPE_I440FX_PCI_HOST_BRIDGE);
+Object *q35 = object_resolve_type_unambiguous(TYPE_Q35_HOST_DEVICE);
 Object *piix = object_resolve_type_unambiguous(TYPE_PIIX3_PCI_DEVICE);
 Object *ich9 = object_resolve_type_unambiguous(TYPE_ICH9_LPC_DEVICE);
 CrsRangeEntry *entry;
@@ -1459,13 +1462,14 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
 AcpiTable table = { .sig = "DSDT", .rev = 1, .oem_id = x86ms->oem_id,
 .oem_table_id = x86ms->oem_table_id };
 
+assert(!!i440fx != !!q35);
 assert(!!piix != !!ich9);
 
 acpi_table_begin(&table, table_data);
 dsdt = init_aml_allocator();
 
 build_dbg_aml(dsdt);
-if (piix) {
+if (i440fx) {
 sb_scope = aml_scope("_SB");
 dev = aml_device("PCI0");
 aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03")));
@@ -1473,13 +1477,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
 aml_append(dev, aml_name_decl("_UID", aml_int(pcmc->pci_root_uid)));
 aml_append(sb_scope, dev);
 aml_append(dsdt, sb_scope);
-
-build_piix4_isa_bridge(dsdt);
-if (pm->pcihp_bridge_en || pm->pcihp_root_en) {
-build_x86_acpi_pci_hotplug(dsdt, pm->pcihp_io_base);
-}
-build_piix4_pci0_int(dsdt);
-} else if (ich9) {
+} else if (q35) {
 sb_scope = aml_scope("_SB");
 dev = aml_device("PCI0");
 aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08")));
@@ -1518,7 +1516,15 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
 }
 
 aml_append(dsdt, sb_scope);
+}
 
+if (piix) {
+build_piix4_isa_bridge(dsdt);
+if (pm->pcihp_bridge_en || pm->pcihp_root_en) {
+build_x86_acpi_pci_hotplug(dsdt, pm->pcihp_io_base);
+}
+build_piix4_pci0_int(dsdt);
+} else if (ich9) {
 build_q35_isa_bridge(dsdt);
 if (pm->pcihp_bridge_en) {
 build_x86_acpi_pci_hotplug(dsdt, pm->pcihp_io_base);
-- 
2.38.1

Re: [PATCH 1/3] virtio_net: Modify virtio_net_get_config to early return

[Philippe Mathieu-Daudé]

On 26/10/22 11:53, Eugenio Pérez wrote:

Next patches introduce more code on vhost-vdpa branch, with already have
too much indentation.

Signed-off-by: Eugenio Pérez 
---
  hw/net/virtio-net.c | 28 +++-
  1 file changed, 15 insertions(+), 13 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

[PATCH 2/4] hw/i386/acpi-build: Resolve redundant attribute

[Bernhard Beschow]

The is_piix4 attribute is set once in one location and read once in
another. Doing both in one location allows for removing the attribute
altogether.

Signed-off-by: Bernhard Beschow 
---
 hw/i386/acpi-build.c | 20 ++--
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index b4d9a05760..f3131fee60 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -112,7 +112,6 @@ typedef struct AcpiPmInfo {
 } AcpiPmInfo;
 
 typedef struct AcpiMiscInfo {
-bool is_piix4;
 bool has_hpet;
 #ifdef CONFIG_TPM
 TPMVersion tpm_version;
@@ -281,17 +280,6 @@ static void acpi_get_pm_info(MachineState *machine, 
AcpiPmInfo *pm)
 
 static void acpi_get_misc_info(AcpiMiscInfo *info)
 {
-Object *piix = object_resolve_type_unambiguous(TYPE_PIIX4_PM);
-Object *lpc = object_resolve_type_unambiguous(TYPE_ICH9_LPC_DEVICE);
-assert(!!piix != !!lpc);
-
-if (piix) {
-info->is_piix4 = true;
-}
-if (lpc) {
-info->is_piix4 = false;
-}
-
 info->has_hpet = hpet_find();
 #ifdef CONFIG_TPM
 info->tpm_version = tpm_get_version(tpm_find());
@@ -1449,6 +1437,8 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
AcpiPmInfo *pm, AcpiMiscInfo *misc,
Range *pci_hole, Range *pci_hole64, MachineState *machine)
 {
+Object *piix = object_resolve_type_unambiguous(TYPE_PIIX4_PM);
+Object *ich9 = object_resolve_type_unambiguous(TYPE_ICH9_LPC_DEVICE);
 CrsRangeEntry *entry;
 Aml *dsdt, *sb_scope, *scope, *dev, *method, *field, *pkg, *crs;
 CrsRangeSet crs_range_set;
@@ -1469,11 +1459,13 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
 AcpiTable table = { .sig = "DSDT", .rev = 1, .oem_id = x86ms->oem_id,
 .oem_table_id = x86ms->oem_table_id };
 
+assert(!!piix != !!ich9);
+
 acpi_table_begin(&table, table_data);
 dsdt = init_aml_allocator();
 
 build_dbg_aml(dsdt);
-if (misc->is_piix4) {
+if (piix) {
 sb_scope = aml_scope("_SB");
 dev = aml_device("PCI0");
 aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03")));
@@ -1487,7 +1479,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
 build_x86_acpi_pci_hotplug(dsdt, pm->pcihp_io_base);
 }
 build_piix4_pci0_int(dsdt);
-} else {
+} else if (ich9) {
 sb_scope = aml_scope("_SB");
 dev = aml_device("PCI0");
 aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08")));
-- 
2.38.1

Re: [PATCH 22/24] accel/tcg: Use interval tree for user-only page tracking

[Alex Bennée]

Richard Henderson  writes:

> Finish weaning user-only away from PageDesc.
>
> Using an interval tree to track page permissions means that
> we can represent very large regions efficiently.
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/290
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/967
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1214
> Signed-off-by: Richard Henderson 
> ---
>  accel/tcg/internal.h   |   4 +-
>  accel/tcg/tb-maint.c   |  20 +-
>  accel/tcg/user-exec.c  | 614 ++---
>  tests/tcg/multiarch/test-vma.c |  22 ++
>  4 files changed, 451 insertions(+), 209 deletions(-)
>  create mode 100644 tests/tcg/multiarch/test-vma.c
>
> diff --git a/accel/tcg/internal.h b/accel/tcg/internal.h
> index 250f0daac9..c7e157d1cd 100644
> --- a/accel/tcg/internal.h
> +++ b/accel/tcg/internal.h
> @@ -24,9 +24,7 @@
>  #endif
>  
>  typedef struct PageDesc {
> -#ifdef CONFIG_USER_ONLY
> -unsigned long flags;
> -#else
> +#ifndef CONFIG_USER_ONLY
>  QemuSpin lock;
>  /* list of TBs intersecting this ram page */
>  uintptr_t first_tb;
> diff --git a/accel/tcg/tb-maint.c b/accel/tcg/tb-maint.c
> index 14e8e47a6a..694440cb4a 100644
> --- a/accel/tcg/tb-maint.c
> +++ b/accel/tcg/tb-maint.c
> @@ -68,15 +68,23 @@ static void page_flush_tb(void)

>  
>  int page_get_flags(target_ulong address)
>  {
> -PageDesc *p;
> +PageFlagsNode *p = pageflags_find(address, address);
>  
> -p = page_find(address >> TARGET_PAGE_BITS);
> +/*
> + * See util/interval-tree.c re lockless lookups: no false positives but
> + * there are false negatives.  If we find nothing, retry with the mmap
> + * lock acquired.
> + */
>  if (!p) {
> -return 0;
> +if (have_mmap_lock()) {
> +return 0;
> +}
> +mmap_lock();
> +p = pageflags_find(address, address);
> +mmap_unlock();
> +if (!p) {
> +return 0;
> +}
>  }
>  return p->flags;

To avoid the brain twisting following locks and multiple return legs how about 
this:

  int page_get_flags(target_ulong address)
  {
  PageFlagsNode *p = pageflags_find(address, address);

  /*
   * See util/interval-tree.c re lockless lookups: no false positives but
   * there are false negatives.  If we had the lock and found
   * nothing we are done, otherwise retry with the mmap lock acquired.
   */
  if (have_mmap_lock()) {
  return p ? p->flags : 0;
  }

  mmap_lock();
  p = pageflags_find(address, address);
  mmap_unlock();

  return p ? p->flags : 0;
  }


> diff --git a/tests/tcg/multiarch/test-vma.c b/tests/tcg/multiarch/test-vma.c
> new file mode 100644
> index 00..2893d60334
> --- /dev/null
> +++ b/tests/tcg/multiarch/test-vma.c
> @@ -0,0 +1,22 @@
> +/*
> + * Test very large vma allocations.
> + * The qemu out-of-memory condition was within the mmap syscall itself.
> + * If the syscall actually returns with MAP_FAILED, the test succeeded.
> + */
> +#include 
> +
> +int main()
> +{
> +int n = sizeof(size_t) == 4 ? 32 : 45;
> +
> +for (int i = 28; i < n; i++) {
> +size_t l = (size_t)1 << i;
> +void *p = mmap(0, l, PROT_NONE,
> +   MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0);
> +if (p == MAP_FAILED) {
> +break;
> +}
> +munmap(p, l);
> +}
> +return 0;
> +}

So is the failure mode here we actually seg or bus out?

-- 
Alex Bennée

Re: [PATCH 24/24] accel/tcg: Move remainder of page locking to tb-maint.c

[Alex Bennée]

Richard Henderson  writes:

> The only thing that still touches PageDesc in translate-all.c
> are some locking routines related to tb-maint.c which have not
> yet been moved.  Do so now.
>
> Move some code up in tb-maint.c as well, to untangle the maze
> of ifdefs, and allow a sensible final ordering.
>
> Move some declarations from exec/translate-all.h to internal.h,
> as they are only used within accel/tcg/.
>
> Signed-off-by: Richard Henderson 

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

Re: [PATCH 3/3] qemu-img: Speed up checksum

[Hanna Reitz]

On 01.09.22 16:32, Nir Soffer wrote:

Add coroutine based loop inspired by `qemu-img convert` design.

Changes compared to `qemu-img convert`:

- State for the entire image is kept in ImgChecksumState

- State for single worker coroutine is kept in ImgChecksumworker.

- "Writes" are always in-order, ensured using a queue.

- Calling block status once per image extent, when the current extent is
   consumed by the workers.

- Using 1m buffer size - testings shows that this gives best read
   performance both with buffered and direct I/O.


Why does patch 1 then choose to use 2 MB?


- Number of coroutines is not configurable. Testing does not show
   improvement when using more than 8 coroutines.

- Progress include entire image, not only the allocated state.

Comparing to the simple read loop shows that this version is up to 4.67
times faster when computing a checksum for an image full of zeroes. For
real images it is 1.59 times faster with direct I/O, and with buffered
I/O there is no difference.

Test results on Dell PowerEdge R640 in a CentOS Stream 9 container:

| image| size | i/o   | before | after  | change |
|--|--|---||||
| zero [1] |   6g | buffered  | 1.600s ±0.014s | 0.342s ±0.016s |  x4.67 |
| zero |   6g | direct| 4.684s ±0.093s | 2.211s ±0.009s |  x2.12 |
| real [2] |   6g | buffered  | 1.841s ±0.075s | 1.806s ±0.036s |  x1.02 |
| real |   6g | direct| 3.094s ±0.079s | 1.947s ±0.017s |  x1.59 |
| nbd  [3] |   6g | buffered  | 2.455s ±0.183s | 1.808s ±0.016s |  x1.36 |
| nbd  |   6g | direct| 3.540s ±0.020s | 1.749s ±0.018s |  x2.02 |

[1] raw image full of zeroes
[2] raw fedora 35 image with additional random data, 50% full
[3] image [2] exported by qemu-nbd via unix socket

Signed-off-by: Nir Soffer 
---
  qemu-img.c | 343 +
  1 file changed, 270 insertions(+), 73 deletions(-)


Looks good!

Just a couple of style comments below.


diff --git a/qemu-img.c b/qemu-img.c
index 7edcfe4bc8..bfa8e2862f 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1613,48 +1613,288 @@ out:
  qemu_vfree(buf2);
  blk_unref(blk2);
  out2:
  blk_unref(blk1);
  out3:
  qemu_progress_end();
  return ret;
  }
  
  #ifdef CONFIG_BLKHASH

+
+#define CHECKSUM_COROUTINES 8
+#define CHECKSUM_BUF_SIZE (1 * MiB)
+#define CHECKSUM_ZERO_SIZE MIN(16 * GiB, SIZE_MAX)
+
+typedef struct ImgChecksumState ImgChecksumState;
+
+typedef struct ImgChecksumWorker {
+QTAILQ_ENTRY(ImgChecksumWorker) entry;
+ImgChecksumState *state;
+Coroutine *co;
+uint8_t *buf;
+
+/* The current chunk. */
+int64_t offset;
+int64_t length;
+bool zero;
+
+/* Always true for zero extent, false for data extent. Set to true
+ * when reading the chunk completes. */


Qemu codestyle requires /* and */ to be on separate lines for multi-line 
comments (see checkpatch.pl).



+bool ready;
+} ImgChecksumWorker;
+
+struct ImgChecksumState {
+const char *filename;
+BlockBackend *blk;
+BlockDriverState *bs;
+int64_t total_size;
+
+/* Current extent, modified in checksum_co_next. */
+int64_t offset;
+int64_t length;
+bool zero;
+
+int running_coroutines;
+CoMutex lock;
+ImgChecksumWorker workers[CHECKSUM_COROUTINES];
+
+/* Ensure in-order updates. Update are scheduled at the tail of the
+ * queue and processed from the head of the queue when a worker is
+ * ready. */


Qemu codestyle requires /* and */ to be on separate lines for multi-line 
comments.



+QTAILQ_HEAD(, ImgChecksumWorker) update_queue;
+
+struct blkhash *hash;
+int ret;
+};


[...]


+static coroutine_fn bool checksum_co_next(ImgChecksumWorker *w)
+{
+ImgChecksumState *s = w->state;
+
+qemu_co_mutex_lock(&s->lock);
+
+if (s->offset == s->total_size || s->ret != -EINPROGRESS) {
+qemu_co_mutex_unlock(&s->lock);
+return false;
+}
+
+if (s->length == 0 && checksum_block_status(s)) {


I’d prefer `checksum_block_status(s) < 0` so that it is clear that 
negative values indicate errors.  Otherwise, based on this code alone, 
it looks to me more like `checksum_block_status()` returned a boolean, 
where `false` would generally indicate an error, which is confusing.


Same in other places below.


+qemu_co_mutex_unlock(&s->lock);
+return false;
+}


[...]


+/* Enter the next worker coroutine if the worker is ready. */
+static void coroutine_fn checksum_co_enter_next(ImgChecksumWorker *w)
+{
+ImgChecksumState *s = w->state;
+ImgChecksumWorker *next;
+
+if (!QTAILQ_EMPTY(&s->update_queue)) {
+next = QTAILQ_FIRST(&s->update_queue);
+if (next->ready)
+qemu_coroutine_enter(next->co);


Qemu codestyle requires braces here.

Hanna

Re: [PULL 0/8] Linux user for 7.2 patches

[Stefan Hajnoczi]

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.2 for any 
user-visible changes.


signature.asc
Description: PGP signature

Re: [PULL 00/11] Trivial branch for 7.2 patches

[Stefan Hajnoczi]

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.2 for any 
user-visible changes.


signature.asc
Description: PGP signature

Re: [PATCH v4 5/5] test/acpi/bios-tables-test: SSDT: update golden master binaries

[Michael S. Tsirkin]

On Thu, Sep 22, 2022 at 08:21:55PM +0800, Robert Hoo wrote:
> And empty bios-tables-test-allowed-diff.h.
> 
> Diff of ASL form, from qtest testlog.txt:
> 
> --- /tmp/asl-RFWZS1.dsl   2022-09-22 18:25:06.191519589 +0800
> +++ /tmp/asl-B1ZZS1.dsl   2022-09-22 18:25:06.187519182 +0800

Adding --- is what broke things here and why this does not apply.
You need to prefix each line e.g. with a space.


> @@ -1,30 +1,30 @@
>  /*
>   * Intel ACPI Component Architecture
>   * AML/ASL+ Disassembler version 20180629 (64-bit version)
>   * Copyright (c) 2000 - 2018 Intel Corporation
>   *
>   * Disassembling to symbolic ASL+ operators
>   *
> - * Disassembly of tests/data/acpi/pc/SSDT.dimmpxm, Thu Sep 22 18:25:06 2022
> + * Disassembly of /tmp/aml-YYZZS1, Thu Sep 22 18:25:06 2022
>   *
>   * Original Table Header:
>   * Signature"SSDT"
> - * Length   0x02DE (734)
> + * Length   0x0717 (1815)
>   * Revision 0x01
> - * Checksum 0x56
> + * Checksum 0xBC
>   * OEM ID   "BOCHS "
>   * OEM Table ID "NVDIMM"
>   * OEM Revision 0x0001 (1)
>   * Compiler ID  "BXPC"
>   * Compiler Version 0x0001 (1)
>   */
>  DefinitionBlock ("", "SSDT", 1, "BOCHS ", "NVDIMM", 0x0001)
>  {
>  Scope (\_SB)
>  {
>  Device (NVDR)
>  {
>  Name (_HID, "ACPI0012" /* NVDIMM Root Device */)  // _HID: 
> Hardware ID
>  Method (NCAL, 5, Serialized)
>  {
>  Local6 = MEMA /* \MEMA */
> @@ -49,52 +49,52 @@
>  ODAT,   32736
>  }
> 
>  If ((Arg4 == Zero))
>  {
>  Local0 = ToUUID ("2f10e7a4-9e91-11e4-89d3-123b93f75cba")
>  }
>  ElseIf ((Arg4 == 0x0001))
>  {
>  Local0 = ToUUID ("648b9cf2-cda1-4312-8ad9-49c4af32bd62")
>  }
>  Else
>  {
>  Local0 = ToUUID ("4309ac30-0d11-11e4-9191-0800200c9a66")
>  }
> 
> -If (((Local6 == Zero) | (Arg0 != Local0)))
> +If (((Local6 == Zero) || (Arg0 != Local0)))
>  {
>  If ((Arg2 == Zero))
>  {
>  Return (Buffer (One)
>  {
>   0x00
>  // .
>  })
>  }
> 
>  Return (Buffer (One)
>  {
>   0x01 // 
> .
>  })
>  }
> 
>  HDLE = Arg4
>  REVS = Arg1
>  FUNC = Arg2
> -If (((ObjectType (Arg3) == 0x04) & (SizeOf (Arg3) == One)))
> +If (((ObjectType (Arg3) == 0x04) && (SizeOf (Arg3) == One)))
>  {
>  Local2 = Arg3 [Zero]
>  Local3 = DerefOf (Local2)
>  FARG = Local3
>  }
> 
>  NTFI = Local6
>  Local1 = (RLEN - 0x04)
>  If ((Local1 < 0x08))
>  {
>  Local2 = Zero
>  Name (TBUF, Buffer (One)
>  {
>   0x00 // 
> .
>  })
>  Local7 = Buffer (Zero){}
> @@ -161,45 +161,234 @@
>  Else
>  {
>  If ((Local1 == Zero))
>  {
>  Return (Local2)
>  }
> 
>  Local3 += Local1
>  Concatenate (Local2, Local0, Local2)
>  }
>  }
>  }
> 
>  Device (NV00)
>  {
>  Name (_ADR, One)  // _ADR: Address
> +Method (_LSI, 0, Serialized)  // _LSI: Label Storage 
> Information
> +{
> +Local0 = NCAL (ToUUID 
> ("4309ac30-0d11-11e4-9191-0800200c9a66"), One, 0x04, Zero, One)
> +CreateDWordField (Local0, Zero, STTS)
> +CreateDWordField (Local0, 0x04, SLSA)
> +CreateDWordField (Local0, 0x08, MAXT)
> +Local1 = Package (0x03)
> +{
> +STTS,
> +SLSA,
> +MAXT
> +}
> +Return (Local1)
> +}
> +
> +Method (_LSR, 2, Serialized)  // _LSR: Label Storage Read
> +{
> +Name (INPT, Buffer (0x08)
> +{
> +   

Re: [PULL 00/30] target-arm queue

[Stefan Hajnoczi]

On Tue, 25 Oct 2022 at 12:51, Peter Maydell  wrote:
> target-arm queue:
>  * Implement FEAT_E0PD
>  * Implement FEAT_HAFDBS

This commit breaks CI:

i686-w64-mingw32-gcc -m32 -Ilibqemu-aarch64-softmmu.fa.p -I. -I..
-Itarget/arm -I../target/arm -I../dtc/libfdt -Iqapi -Itrace -Iui
-Iui/shader -I/usr/i686-w64-mingw32/sys-root/mingw/include/pixman-1
-I/usr/i686-w64-mingw32/sys-root/mingw/include/glib-2.0
-I/usr/i686-w64-mingw32/sys-root/mingw/lib/glib-2.0/include
-fdiagnostics-color=auto -Wall -Winvalid-pch -Werror -std=gnu11 -O2 -g
-iquote . -iquote /builds/qemu-project/qemu -iquote
/builds/qemu-project/qemu/include -iquote
/builds/qemu-project/qemu/tcg/i386 -mms-bitfields -U_FORTIFY_SOURCE
-D_FORTIFY_SOURCE=2 -fno-pie -no-pie -D_GNU_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes
-Wredundant-decls -Wundef -Wwrite-strings -Wmissing-prototypes
-fno-strict-aliasing -fno-common -fwrapv -Wold-style-declaration
-Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k
-Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs
-Wendif-labels -Wexpansion-to-defined -Wimplicit-fallthrough=2
-Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi
-fstack-protector-strong -DNEED_CPU_H
'-DCONFIG_TARGET="aarch64-softmmu-config-target.h"'
'-DCONFIG_DEVICES="aarch64-softmmu-config-devices.h"' -MD -MQ
libqemu-aarch64-softmmu.fa.p/target_arm_ptw.c.obj -MF
libqemu-aarch64-softmmu.fa.p/target_arm_ptw.c.obj.d -o
libqemu-aarch64-softmmu.fa.p/target_arm_ptw.c.obj -c
../target/arm/ptw.c
../target/arm/ptw.c: In function 'S1_ptw_translate':
../target/arm/ptw.c:269:36: error: 'PROT_WRITE' undeclared (first use
in this function); did you mean 'OF_WRITE'?
269 | ptw->out_rw = full->prot & PROT_WRITE;
| ^~
| OF_WRITE
../target/arm/ptw.c:269:36: note: each undeclared identifier is
reported only once for each function it appears in

https://gitlab.com/qemu-project/qemu/-/jobs/3230968840

Stefan

Re: [PULL 00/30] target-arm queue

[Stefan Hajnoczi]

On Tue, 25 Oct 2022 at 12:51, Peter Maydell  wrote:
> target-arm queue:
>  * Implement FEAT_E0PD
>  * Implement FEAT_HAFDBS

A second CI failure:

arm-linux-gnueabi-gcc -Ilibqemu-aarch64-softmmu.fa.p -I. -I..
-Itarget/arm -I../target/arm -Iqapi -Itrace -Iui -Iui/shader
-I/usr/include/pixman-1 -I/usr/include/capstone
-I/usr/include/spice-server -I/usr/include/spice-1
-I/usr/include/glib-2.0 -I/usr/lib/arm-linux-gnueabi/glib-2.0/include
-fdiagnostics-color=auto -Wall -Winvalid-pch -Werror -std=gnu11 -O2 -g
-isystem /builds/qemu-project/qemu/linux-headers -isystem
linux-headers -iquote . -iquote /builds/qemu-project/qemu -iquote
/builds/qemu-project/qemu/include -iquote
/builds/qemu-project/qemu/tcg/arm -pthread -U_FORTIFY_SOURCE
-D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
-D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wundef
-Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common
-fwrapv -Wold-style-declaration -Wold-style-definition -Wtype-limits
-Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers
-Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined
-Wimplicit-fallthrough=2 -Wno-missing-include-dirs
-Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -fPIE
-isystem../linux-headers -isystemlinux-headers -DNEED_CPU_H
'-DCONFIG_TARGET="aarch64-softmmu-config-target.h"'
'-DCONFIG_DEVICES="aarch64-softmmu-config-devices.h"' -MD -MQ
libqemu-aarch64-softmmu.fa.p/target_arm_ptw.c.o -MF
libqemu-aarch64-softmmu.fa.p/target_arm_ptw.c.o.d -o
libqemu-aarch64-softmmu.fa.p/target_arm_ptw.c.o -c ../target/arm/ptw.c
../target/arm/ptw.c: In function ‘arm_casq_ptw’:
../target/arm/ptw.c:449:19: error: implicit declaration of function
‘qemu_mutex_iothread_locked’; did you mean ‘qemu_mutex_trylock’?
[-Werror=implicit-function-declaration]
449 | bool locked = qemu_mutex_iothread_locked();
| ^~
| qemu_mutex_trylock
../target/arm/ptw.c:449:19: error: nested extern declaration of
‘qemu_mutex_iothread_locked’ [-Werror=nested-externs]
../target/arm/ptw.c:451:8: error: implicit declaration of function
‘qemu_mutex_lock_iothread’; did you mean ‘qemu_mutex_lock__raw’?
[-Werror=implicit-function-declaration]
451 | qemu_mutex_lock_iothread();
| ^~~~
| qemu_mutex_lock__raw
../target/arm/ptw.c:451:8: error: nested extern declaration of
‘qemu_mutex_lock_iothread’ [-Werror=nested-externs]
../target/arm/ptw.c:465:9: error: implicit declaration of function
‘qemu_mutex_unlock_iothread’; did you mean ‘qemu_mutex_unlock_impl’?
[-Werror=implicit-function-declaration]
465 | qemu_mutex_unlock_iothread();
| ^~
| qemu_mutex_unlock_impl
../target/arm/ptw.c:465:9: error: nested extern declaration of
‘qemu_mutex_unlock_iothread’ [-Werror=nested-externs]

https://gitlab.com/qemu-project/qemu/-/jobs/3230968787

Stefan

Re: [PATCH 0/4] Only generate cluster node in PPTT when specified

[Michael S. Tsirkin]

On Thu, Sep 22, 2022 at 09:11:39PM +0800, Yicong Yang wrote:
> From: Yicong Yang 
> 
> This series mainly change the policy for building a cluster topology node
> in PPTT. Previously we'll always build a cluster node in PPTT without
> asking the user, after this set the cluster node will be built only the
> the user specify through "-smp clusters=X".
> 
> Update the tests and test tables accordingly.


This will need an ack from virt maintainers.

And I think what people are asking is about the impact
of this patch on guests.

> Yicong Yang (4):
>   hw/acpi/aml-build: Only generate cluster node in PPTT when specified
>   tests: virt: update expected ACPI tables for virt test
>   tests: acpi: aarch64: add topology test for aarch64
>   tests: acpi: aarch64: add *.topology tables
> 
>  hw/acpi/aml-build.c|   2 +-
>  hw/core/machine-smp.c  |   3 +++
>  include/hw/boards.h|   2 ++
>  tests/data/acpi/virt/APIC.pxb  | Bin 0 -> 168 bytes
>  tests/data/acpi/virt/APIC.topology | Bin 0 -> 700 bytes
>  tests/data/acpi/virt/DBG2.memhp| Bin 0 -> 87 bytes
>  tests/data/acpi/virt/DBG2.numamem  | Bin 0 -> 87 bytes
>  tests/data/acpi/virt/DBG2.pxb  | Bin 0 -> 87 bytes
>  tests/data/acpi/virt/DBG2.topology | Bin 0 -> 87 bytes
>  tests/data/acpi/virt/DSDT.topology | Bin 0 -> 5398 bytes
>  tests/data/acpi/virt/FACP.pxb  | Bin 0 -> 268 bytes
>  tests/data/acpi/virt/FACP.topology | Bin 0 -> 268 bytes
>  tests/data/acpi/virt/GTDT.pxb  | Bin 0 -> 96 bytes
>  tests/data/acpi/virt/GTDT.topology | Bin 0 -> 96 bytes
>  tests/data/acpi/virt/IORT.topology | Bin 0 -> 128 bytes
>  tests/data/acpi/virt/MCFG.pxb  | Bin 0 -> 60 bytes
>  tests/data/acpi/virt/MCFG.topology | Bin 0 -> 60 bytes
>  tests/data/acpi/virt/PPTT  | Bin 96 -> 76 bytes
>  tests/data/acpi/virt/PPTT.memhp| Bin 0 -> 76 bytes
>  tests/data/acpi/virt/PPTT.numamem  | Bin 0 -> 76 bytes
>  tests/data/acpi/virt/PPTT.pxb  | Bin 0 -> 76 bytes
>  tests/data/acpi/virt/PPTT.topology | Bin 0 -> 336 bytes
>  tests/data/acpi/virt/SPCR.pxb  | Bin 0 -> 80 bytes
>  tests/data/acpi/virt/SPCR.topology | Bin 0 -> 80 bytes
>  tests/qtest/bios-tables-test.c |  22 ++
>  25 files changed, 28 insertions(+), 1 deletion(-)
>  create mode 100644 tests/data/acpi/virt/APIC.pxb
>  create mode 100644 tests/data/acpi/virt/APIC.topology
>  create mode 100644 tests/data/acpi/virt/DBG2.memhp
>  create mode 100644 tests/data/acpi/virt/DBG2.numamem
>  create mode 100644 tests/data/acpi/virt/DBG2.pxb
>  create mode 100644 tests/data/acpi/virt/DBG2.topology
>  create mode 100644 tests/data/acpi/virt/DSDT.topology
>  create mode 100644 tests/data/acpi/virt/FACP.pxb
>  create mode 100644 tests/data/acpi/virt/FACP.topology
>  create mode 100644 tests/data/acpi/virt/GTDT.pxb
>  create mode 100644 tests/data/acpi/virt/GTDT.topology
>  create mode 100644 tests/data/acpi/virt/IORT.topology
>  create mode 100644 tests/data/acpi/virt/MCFG.pxb
>  create mode 100644 tests/data/acpi/virt/MCFG.topology
>  create mode 100644 tests/data/acpi/virt/PPTT.memhp
>  create mode 100644 tests/data/acpi/virt/PPTT.numamem
>  create mode 100644 tests/data/acpi/virt/PPTT.pxb
>  create mode 100644 tests/data/acpi/virt/PPTT.topology
>  create mode 100644 tests/data/acpi/virt/SPCR.pxb
>  create mode 100644 tests/data/acpi/virt/SPCR.topology
> 
> -- 
> 2.24.0

Re: [PATCH 0/2] Fix the virito features negotiation flaw

[Michael S. Tsirkin]

I guess I'll apply this. Can you fix a typo in subject though?
Would also be nice if we had a test for this behaviour.


On Wed, Oct 05, 2022 at 04:17:30PM +0800, Hyman Huang wrote:
> Ping,
>Hi, Michael and Jason, how does this patchset feel think? :)
>Sorry if i made noise.
> 
> Yong
> 
> 在 2022/9/26 14:36, huang...@chinatelecom.cn 写道:
> > From: "Hyman Huang(黄勇)" 
> > 
> > This patchset aim to fix the unexpected negotiation features for
> > vhost-user netdev interface.
> > 
> > Steps to reproduce the issue:
> > Prepare a vm (CentOS 8 in my work scenario) with vhost-user
> > backend interface and configure qemu as server mode. So dpdk
> > would connect qemu's unix socket periodically.
> > 
> > 1. start vm in background and restart openvswitch service
> > concurrently and repeatedly in the process of vm start.
> > 
> > 2. check if negotiated virtio features of port is "0x4000" at
> > dpdk side by executing:
> > ovs-vsctl list interface | grep features | grep {port_socket_path}
> > 3. if features equals "0x4000", go to the vm and check if sending
> > arp package works, executing:
> > arping {IP_ADDR}
> > if vm interface is configured to boot with dhcp protocol, it
> > would get no ip.
> > 
> > After doing above steps, we'll find the arping not work, the ovs on
> > host side has forwarded unexpected arp packages, which be added 0x
> > in the head of ethenet frame.  Though qemu report some error when
> > read/write cmd of vhost protocol during the process of vm start,
> > like the following:
> > 
> > "Failed to set msg fds"
> > "vhost VQ 0 ring restore failed: -22: Invalid argument (22)"
> > 
> > The vm does not stop or report more suggestive error message, it
> > seems that everthing is ok.
> > 
> > The root cause is that dpdk port negotiated nothing but only one
> > VHOST_USER_F_PROTOCOL_FEATURES feature with vhost-user interface at
> > qemu side, which is an unexpected behavior. qemu only load the
> > VHOST_USER_F_PROTOCOL_FEATURES when VHOST_USER_SET_FEATURES and loss
> > the guest features configured by front-end virtio driver using the
> > VIRTIO_PCI_COMMON_GF addr, which is stored in acked_features field
> > of struct vhost_dev.
> > 
> > To explain how the acked_features disappear, we may need to know the
> > lifecyle of acked_features in vhost_dev during feature negotiation.
> > 
> > 1. qemu init acked_features field of struct vhost_dev in vhost_net_init()
> > by calling vhost_net_ack_features(), the init value fetched from
> > acked_features field of struct NetVhostUserState, which is the backup
> > role after vhost stopping or unix socket closed.
> > In the first time, the acked_features of struct NetVhostUserState is 0
> > so the init value of vhost_dev's acked_features also 0.
> > 
> > 2. when guest virtio driver set features, qemu accept the features and
> > call virtio_set_features to store the features as acked_features in
> > vhost_dev.
> > 
> > 3. when unix socket closed or vhost_dev device doesn't work and be
> > stopped unexpectedly, qemu will call chr_closed_bh or vhost_user_stop,
> > which will copy acked_features from vhost_dev to NetVhostUserState and
> > cleanup the vhost_dev. Since virtio driver not allowed to set features
> > once status of virtio device changes to VIRTIO_CONFIG_S_FEATURE_OK,
> > qemu need to backup it in case of loss.
> > 4. once unix socket return to normal and get connected, qemu will
> > call vhost_user_start to restore the vhost_dev and fetch the
> > acked_features stored in NetVhostUserState previously.
> > 
> > The above flow works fine in the normal scenarios, but it doesn't cover
> > the scenario that openvswitch service restart in the same time of
> > virtio features negotiation.
> > 
> > Let's analyze such scenario:
> > qemu dpdk
> > 
> > vhost_net_init()
> >   |  systemctl stop openvswitch.service
> > virtio_set_features() |
> >   |  systemctl start openvswitch.service
> > virtio_set_status()
> > 
> > Ovs stop service before guset setting virtio features, chr_closed_bh()
> > be called and fetch acked_features in vhost_dev, if may store the
> > incomplete features to NetVhostUserState since it doesn't include
> > guest features, eg "0x4000".
> > 
> > Guest set virtio features with another features, eg "0x7060a782",
> > this value will store in acked_features of vhost_dev, which is the
> > right and up-to-date features.
> > 
> > After ovs service show up, qemu unix socket get connected and call
> > vhost_user_start(), which will restore acked_features of vhost_dev
> > using NetVhostUserState and "0x4000" be loaded, which is obsolete.
> > 
> > Guest set virtio device status and therefore qemu call
> > virtio_net_vhost_status finally, checking if vhost-net device has
> > started, start it if not, consequently the obsolete ac

Re: [PATCH v2 0/2] linux-user: handle /proc/self/exe with execve() syscall

[Michael Tokarev]

27.09.2022 15:43, Laurent Vivier wrote:

Use exec_path to re-execute the binary from /proc/self/exe

Fix do_openat() that should not use execfd.

v2:
- don't use execfd as it can't be closed and is usable by the child


Why can't it be closed? I mean, how about O_CLOEXEC?

Your initial usage of execveat() seemed very elegant.

Thanks,

/mjt

Re: [PULL 00/30] target-arm queue

[Jason A. Donenfeld]

On Wed, Oct 26, 2022 at 10:49:18AM -0400, Stefan Hajnoczi wrote:
> On Tue, 25 Oct 2022 at 12:51, Peter Maydell  wrote:
> > target-arm queue:
> >  * Implement FEAT_E0PD
> >  * Implement FEAT_HAFDBS
> 
> This commit breaks CI:

Ah, so when this is respun, there'll be an opportunity for Peter to pull
in the left-out commit from my series now that I've posted a fixed
version of that. Pfiew! Count down til the soft freeze... :)

Jason

Re: [PATCH 1/4] hw/i386/acpi-build: Remove unused struct

[Philippe Mathieu-Daudé]

On 26/10/22 15:31, Bernhard Beschow wrote:

Ammends commit b23046abe78f48498a423b802d6d86ba0172d57f 'pc: acpi-build:
simplify PCI bus tree generation'.

Signed-off-by: Bernhard Beschow 
---
  hw/i386/acpi-build.c | 7 ---
  1 file changed, 7 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

[PATCH v3 2/2] qtests/arm: add some mte tests

[Cornelia Huck]

Signed-off-by: Cornelia Huck 
---
 tests/qtest/arm-cpu-features.c | 76 ++
 1 file changed, 76 insertions(+)

diff --git a/tests/qtest/arm-cpu-features.c b/tests/qtest/arm-cpu-features.c
index 5a145273860c..e264d2178a8b 100644
--- a/tests/qtest/arm-cpu-features.c
+++ b/tests/qtest/arm-cpu-features.c
@@ -22,6 +22,7 @@
 
 #define MACHINE "-machine virt,gic-version=max -accel tcg "
 #define MACHINE_KVM "-machine virt,gic-version=max -accel kvm -accel tcg "
+#define MACHINE_MTE "-machine virt,gic-version=max,mte=on -accel tcg "
 #define QUERY_HEAD  "{ 'execute': 'query-cpu-model-expansion', " \
 "  'arguments': { 'type': 'full', "
 #define QUERY_TAIL  "}}"
@@ -155,6 +156,18 @@ static bool resp_get_feature(QDict *resp, const char 
*feature)
 g_assert(qdict_get_bool(_props, feature) == (expected_value)); \
 })
 
+#define resp_assert_feature_str(resp, feature, expected_value) \
+({ \
+QDict *_props; \
+   \
+g_assert(_resp);   \
+g_assert(resp_has_props(_resp));   \
+_props = resp_get_props(_resp);\
+g_assert(qdict_get(_props, feature));  \
+g_assert_cmpstr(qdict_get_try_str(_props, feature), ==,\
+expected_value);   \
+})
+
 #define assert_feature(qts, cpu_type, feature, expected_value) \
 ({ \
 QDict *_resp;  \
@@ -165,6 +178,16 @@ static bool resp_get_feature(QDict *resp, const char 
*feature)
 qobject_unref(_resp);  \
 })
 
+#define assert_feature_str(qts, cpu_type, feature, expected_value) \
+({ \
+QDict *_resp;  \
+   \
+_resp = do_query_no_props(qts, cpu_type);  \
+g_assert(_resp);   \
+resp_assert_feature_str(_resp, feature, expected_value);   \
+qobject_unref(_resp);  \
+})
+
 #define assert_set_feature(qts, cpu_type, feature, value)  \
 ({ \
 const char *_fmt = (value) ? "{ %s: true }" : "{ %s: false }"; \
@@ -176,6 +199,16 @@ static bool resp_get_feature(QDict *resp, const char 
*feature)
 qobject_unref(_resp);  \
 })
 
+#define assert_set_feature_str(qts, cpu_type, feature, value, _fmt)\
+({ \
+QDict *_resp;  \
+   \
+_resp = do_query(qts, cpu_type, _fmt, feature);\
+g_assert(_resp);   \
+resp_assert_feature_str(_resp, feature, value);\
+qobject_unref(_resp);  \
+})
+
 #define assert_has_feature_enabled(qts, cpu_type, feature) \
 assert_feature(qts, cpu_type, feature, true)
 
@@ -412,6 +445,24 @@ static void sve_tests_sve_off_kvm(const void *data)
 qtest_quit(qts);
 }
 
+static void mte_tests_tag_memory_on(const void *data)
+{
+QTestState *qts;
+
+qts = qtest_init(MACHINE_MTE "-cpu max");
+
+/*
+ * With tag memory, "mte" should default to on, and explicitly specifying
+ * either on or off should be fine.
+ */
+assert_has_feature(qts, "max", "mte");
+
+assert_set_feature_str(qts, "max", "mte", "off", "{ 'mte': 'off' }");
+assert_set_feature_str(qts, "max", "mte", "on", "{ 'mte': 'on' }");
+
+qtest_quit(qts);
+}
+
 static void pauth_tests_default(QTestState *qts, const char *cpu_type)
 {
 assert_has_feature_enabled(qts, cpu_type, "pauth");
@@ -424,6 +475,21 @@ static void pauth_tests_default(QTestState *qts, const 
char *cpu_type)
  "{ 'pauth': false, 'pauth-impdef': true }");
 }
 
+static void mte_tests_default(QTestState *qts, const char *cpu_type)
+{
+assert_has_feature(qts, cpu_type, "mte");
+
+/*
+ * Without tag memory, mte will be off under tcg.
+ * Explicitly enabling it yields an error.
+ */
+assert_has_feature(qts, cpu_type, "mte");
+
+assert_set_feature_str(qts, "max", "mte", "off", "{ 'mte': 'off' }");
+assert_error(qts, cpu

[PATCH v3 0/2] arm: enable MTE for QEMU + kvm

[Cornelia Huck]

After wayyy too long (last version was sent in *July*), a respin of my
kvm/mte series. Still no migration support. I've been hacking around on
a device for transferring tags while stopped, but don't really have anything
to show, probably because I get distra- 

...I guess you get the point :(

Anyway, I wanted to post this as non-RFC; likely too late for 7.2, but maybe
for 8.0 (and I'd get a chance to make at least pre-copy migration work; I'm open
to suggestions for that. Support for post-copy needs kernel-side changes.) 
Tested
on the FVP models; qtests only on a non-MTE KVM host.

Changes v2->v3:
- rebase to current master
- drop some parts of the qtests that didn't actually work
- really minor stuff
- drop RFC

Cornelia Huck (2):
  arm/kvm: add support for MTE
  qtests/arm: add some mte tests

 docs/system/arm/cpu-features.rst |  21 +
 target/arm/cpu.c |  18 ++---
 target/arm/cpu.h |   1 +
 target/arm/cpu64.c   | 133 +++
 target/arm/internals.h   |   1 +
 target/arm/kvm64.c   |   5 ++
 target/arm/kvm_arm.h |  12 +++
 target/arm/monitor.c |   1 +
 tests/qtest/arm-cpu-features.c   |  76 ++
 9 files changed, 256 insertions(+), 12 deletions(-)

-- 
2.37.3

[PATCH v3 1/2] arm/kvm: add support for MTE

[Cornelia Huck]

Introduce a new cpu feature flag to control MTE support. To preserve
backwards compatibility for tcg, MTE will continue to be enabled as
long as tag memory has been provided.

If MTE has been enabled, we need to disable migration, as we do not
yet have a way to migrate the tags as well. Therefore, MTE will stay
off with KVM unless requested explicitly.

Signed-off-by: Cornelia Huck 
---
 docs/system/arm/cpu-features.rst |  21 +
 target/arm/cpu.c |  18 ++---
 target/arm/cpu.h |   1 +
 target/arm/cpu64.c   | 133 +++
 target/arm/internals.h   |   1 +
 target/arm/kvm64.c   |   5 ++
 target/arm/kvm_arm.h |  12 +++
 target/arm/monitor.c |   1 +
 8 files changed, 180 insertions(+), 12 deletions(-)

diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
index c2c01ec7d265..9e35b70138d0 100644
--- a/docs/system/arm/cpu-features.rst
+++ b/docs/system/arm/cpu-features.rst
@@ -443,3 +443,24 @@ As with ``sve-default-vector-length``, if the default 
length is larger
 than the maximum vector length enabled, the actual vector length will
 be reduced.  If this property is set to ``-1`` then the default vector
 length is set to the maximum possible length.
+
+MTE CPU Property
+
+
+The ``mte`` property controls the Memory Tagging Extension. For TCG, it 
requires
+presence of tag memory (which can be turned on for the ``virt`` machine via
+``mte=on``). For KVM, it requires the ``KVM_CAP_ARM_MTE`` capability; until
+proper migration support is implemented, enabling MTE will install a migration
+blocker.
+
+If not specified explicitly via ``on`` or ``off``, MTE will be available
+according to the following rules:
+
+* When TCG is used, MTE will be available iff tag memory is available; i.e. it
+  preserves the behaviour prior to introduction of the feature.
+
+* When KVM is used, MTE will default to off, so that migration will not
+  unintentionally be blocked.
+
+* Other accelerators currently don't support MTE.
+
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 94ca6f163f78..2425473e1ced 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1479,6 +1479,11 @@ void arm_cpu_finalize_features(ARMCPU *cpu, Error **errp)
 error_propagate(errp, local_err);
 return;
 }
+arm_cpu_mte_finalize(cpu, &local_err);
+if (local_err != NULL) {
+error_propagate(errp, local_err);
+return;
+}
 }
 #endif
 
@@ -1555,7 +1560,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 }
 if (cpu->tag_memory) {
 error_setg(errp,
-   "Cannot enable %s when guest CPUs has MTE enabled",
+   "Cannot enable %s when guest CPUs has tag memory 
enabled",
current_accel_name());
 return;
 }
@@ -1934,17 +1939,6 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
ID_PFR1, VIRTUALIZATION, 0);
 }
 
-#ifndef CONFIG_USER_ONLY
-if (cpu->tag_memory == NULL && cpu_isar_feature(aa64_mte, cpu)) {
-/*
- * Disable the MTE feature bits if we do not have tag-memory
- * provided by the machine.
- */
-cpu->isar.id_aa64pfr1 =
-FIELD_DP64(cpu->isar.id_aa64pfr1, ID_AA64PFR1, MTE, 0);
-}
-#endif
-
 if (tcg_enabled()) {
 /*
  * Don't report the Statistical Profiling Extension in the ID
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index e3dbef5be865..53d1efdf9a76 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1027,6 +1027,7 @@ struct ArchCPU {
 bool prop_pauth;
 bool prop_pauth_impdef;
 bool prop_lpa2;
+OnOffAuto prop_mte;
 
 /* DCZ blocksize, in log_2(words), ie low 4 bits of DCZID_EL0 */
 uint32_t dcz_blocksize;
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 85e0d1daf1c7..c81cf8932407 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -35,6 +35,13 @@
 #include "qapi/visitor.h"
 #include "hw/qdev-properties.h"
 #include "internals.h"
+#include "migration/blocker.h"
+#include "qapi/qapi-visit-common.h"
+#include "hw/arm/virt.h"
+
+#ifdef CONFIG_KVM
+static Error *mte_migration_blocker;
+#endif
 
 static void aarch64_a35_initfn(Object *obj)
 {
@@ -1034,6 +1041,130 @@ static void aarch64_neoverse_n1_initfn(Object *obj)
 cpu->isar.reset_pmcr_el0 = 0x410c3000;
 }
 
+static void aarch64_cpu_get_mte(Object *obj, Visitor *v, const char *name,
+void *opaque, Error **errp)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+OnOffAuto mte = cpu->prop_mte;
+
+visit_type_OnOffAuto(v, name, &mte, errp);
+}
+
+static void aarch64_cpu_set_mte(Object *obj, Visitor *v, const char *name,
+void *opaque, Error **errp)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+
+visit_type_OnOffAuto

Re: [PATCH] tests: Create fifo for test-io-channel-command

[Alex Bennée]

Daniel P. Berrangé  writes:

> CC'ing Marc-André as original author of the change
>
> On Tue, Oct 25, 2022 at 01:57:23PM +0100, Alex Bennée wrote:
>> 
>> Juan Quintela  writes:
>> 
>> > Previous commit removed the creation of the fifo.  Without it, I get
>> > random failure during tests with high load, please consider
>> > reintroduce it.
>> >
>> > My guess is that there is a race between the two socats when we leave
>> > them to create the channel, better return to the previous behavior.
>> >
>> > I can't reproduce the problem when I run ./test-io-channel-command
>> > test alone, I need to do the make check.  And any (unrelated) change
>> > can make it dissapear.
>> 
>> I was chasing a similar problem with this test although I don't see it
>> timeout while running (I don't think our unit tests time out). I'm
>> provisionally queuing this to testing/next unless anyone objects.
>
> It won't build on Win32 since that platform lacks mkfifo.
>
> The test normally works since socat will call mknod to create
> the fifo.
>
> I think the problem is that we have a race condition where the
> client socat runs before the server socat, and so won't see the
> fifo. This will be where high load triggers problems.

Ok I shall drop the patch from testing/next - we need a better solution.

-- 
Alex Bennée

Re: [PATCH v3] target/i386: Set maximum APIC ID to KVM prior to vCPU creation

[Paolo Bonzini]

Queued, thanks.

Paolo

Re: [PATCH 0/2] Fix the virito features negotiation flaw

[Hyman Huang]

在 2022/10/26 23:00, Michael S. Tsirkin 写道:

I guess I'll apply this. Can you fix a typo in subject though?

Of course yes. :)

Would also be nice if we had a test for this behaviour.

Ok, i'll add a test patch next version.



On Wed, Oct 05, 2022 at 04:17:30PM +0800, Hyman Huang wrote:

Ping,
Hi, Michael and Jason, how does this patchset feel think? :)
Sorry if i made noise.

Yong

在 2022/9/26 14:36, huang...@chinatelecom.cn 写道:

From: "Hyman Huang(黄勇)" 

This patchset aim to fix the unexpected negotiation features for
vhost-user netdev interface.

Steps to reproduce the issue:
Prepare a vm (CentOS 8 in my work scenario) with vhost-user
backend interface and configure qemu as server mode. So dpdk
would connect qemu's unix socket periodically.

1. start vm in background and restart openvswitch service
 concurrently and repeatedly in the process of vm start.

2. check if negotiated virtio features of port is "0x4000" at
 dpdk side by executing:
 ovs-vsctl list interface | grep features | grep {port_socket_path}
3. if features equals "0x4000", go to the vm and check if sending
 arp package works, executing:
 arping {IP_ADDR}
 if vm interface is configured to boot with dhcp protocol, it
 would get no ip.

After doing above steps, we'll find the arping not work, the ovs on
host side has forwarded unexpected arp packages, which be added 0x
in the head of ethenet frame.  Though qemu report some error when
read/write cmd of vhost protocol during the process of vm start,
like the following:

"Failed to set msg fds"
"vhost VQ 0 ring restore failed: -22: Invalid argument (22)"

The vm does not stop or report more suggestive error message, it
seems that everthing is ok.

The root cause is that dpdk port negotiated nothing but only one
VHOST_USER_F_PROTOCOL_FEATURES feature with vhost-user interface at
qemu side, which is an unexpected behavior. qemu only load the
VHOST_USER_F_PROTOCOL_FEATURES when VHOST_USER_SET_FEATURES and loss
the guest features configured by front-end virtio driver using the
VIRTIO_PCI_COMMON_GF addr, which is stored in acked_features field
of struct vhost_dev.

To explain how the acked_features disappear, we may need to know the
lifecyle of acked_features in vhost_dev during feature negotiation.

1. qemu init acked_features field of struct vhost_dev in vhost_net_init()
 by calling vhost_net_ack_features(), the init value fetched from
 acked_features field of struct NetVhostUserState, which is the backup
 role after vhost stopping or unix socket closed.
 In the first time, the acked_features of struct NetVhostUserState is 0
 so the init value of vhost_dev's acked_features also 0.

2. when guest virtio driver set features, qemu accept the features and
 call virtio_set_features to store the features as acked_features in
 vhost_dev.

3. when unix socket closed or vhost_dev device doesn't work and be
 stopped unexpectedly, qemu will call chr_closed_bh or vhost_user_stop,
 which will copy acked_features from vhost_dev to NetVhostUserState and
 cleanup the vhost_dev. Since virtio driver not allowed to set features
 once status of virtio device changes to VIRTIO_CONFIG_S_FEATURE_OK,
 qemu need to backup it in case of loss.
4. once unix socket return to normal and get connected, qemu will
 call vhost_user_start to restore the vhost_dev and fetch the
 acked_features stored in NetVhostUserState previously.

The above flow works fine in the normal scenarios, but it doesn't cover
the scenario that openvswitch service restart in the same time of
virtio features negotiation.

Let's analyze such scenario:
 qemu dpdk

 vhost_net_init()
   |  systemctl stop openvswitch.service
 virtio_set_features() |
   |  systemctl start openvswitch.service
 virtio_set_status()

Ovs stop service before guset setting virtio features, chr_closed_bh()
be called and fetch acked_features in vhost_dev, if may store the
incomplete features to NetVhostUserState since it doesn't include
guest features, eg "0x4000".

Guest set virtio features with another features, eg "0x7060a782",
this value will store in acked_features of vhost_dev, which is the
right and up-to-date features.

After ovs service show up, qemu unix socket get connected and call
vhost_user_start(), which will restore acked_features of vhost_dev
using NetVhostUserState and "0x4000" be loaded, which is obsolete.

Guest set virtio device status and therefore qemu call
virtio_net_vhost_status finally, checking if vhost-net device has
started, start it if not, consequently the obsolete acked_features
"0x4000" be negotiated after calling vhost_dev_set_features().

So the key point of solving this issue making the acked_features
in NetVhostUserState up-to-date, these patchset provide this
solution.

[PATCH 1/2]: Abstract the existing 

[PATCH v3 0/2] xen/pt: fix FTBFS and reserve PCI slot 2 for the Intel IGD

[Chuck Zmudzinski]

This is a series of two patches:

The first fixes FTBFS when --enable-xen and --disable-xen-pci-passthrough
configure options are set with when building for the linux target os.

The second fixes a regression that was introduced many years ago with the
upgrade from the Qemu traditional device model that is still available
from xenbits.xen.org and based on very old Qemu version 0.10.2.

The regression is that the Qemu traditional device model reserves slot 2
for the Intel IGD on the PCI bus when the Intel IGD is passed through
to a Xen HVM domain, but the current Qemu upsream device model does not
and in fact results in a different slot assigned to the Intel IGD.

This behavior does not conform to the requirement that the Intel IGD must
be assigned to slot 2, as noted in docs/igd-assign.txt in the Qemu source
code: "IGD must be given address 02.0 on the PCI root bus in the VM."

I have used the second patch of the series for the past two years with
no problems. Without the patch, the reliability of PCI passthrough of the
Intel IGD to a Xen HVM guest is very poor, and in some cases the guest
fails to start without the patch.

v2: Remove From:  tag at top of message

v3: No change to this cover letter since v2

Chuck Zmudzinski (2):
  xen/pt: fix syntax error that causes FTBFS in some configurations
  xen/pt: reserve PCI slot 2 for Intel igd-passthru

 hw/i386/pc_piix.c|  3 +++
 hw/xen/meson.build   |  2 +-
 hw/xen/xen_pt.c  | 25 +
 hw/xen/xen_pt.h  | 16 
 hw/xen/xen_pt_stub.c |  4 
 5 files changed, 49 insertions(+), 1 deletion(-)

-- 
2.37.2

Re: [PATCH v4 5/7] hw/ppc/e500: Implement pflash handling

[Daniel Henrique Barboza]

On 10/18/22 18:01, Bernhard Beschow wrote:

Allows e500 boards to have their root file system reside on flash using
only builtin devices located in the eLBC memory region.

Note that the flash memory area is only created when a -pflash argument is
given, and that the size is determined by the given file. The idea is to
put users into control.

Signed-off-by: Bernhard Beschow 
---


Reviewed-by: Daniel Henrique Barboza 


  docs/system/ppc/ppce500.rst | 16 
  hw/ppc/Kconfig  |  1 +
  hw/ppc/e500.c   | 79 +
  3 files changed, 96 insertions(+)

diff --git a/docs/system/ppc/ppce500.rst b/docs/system/ppc/ppce500.rst
index 7b5eb3c4ee..38f8ceb0cf 100644
--- a/docs/system/ppc/ppce500.rst
+++ b/docs/system/ppc/ppce500.rst
@@ -165,3 +165,19 @@ if “-device eTSEC” is given to QEMU:
  .. code-block:: bash
  
-netdev tap,ifname=tap0,script=no,downscript=no,id=net0 -device eTSEC,netdev=net0

+
+Root file system on flash drive
+---
+
+Rather than using a root file system on ram disk, it is possible to have it on
+CFI flash. Given an ext2 image whose size must be a power of two, it can be 
used
+as follows:
+
+.. code-block:: bash
+
+  $ qemu-system-ppc64 -M ppce500 -cpu e500mc -smp 4 -m 2G \
+  -display none -serial stdio \
+  -kernel vmlinux \
+  -drive if=pflash,file=/path/to/rootfs.ext2,format=raw \
+  -append "rootwait root=/dev/mtdblock0"
+
diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index 791fe78a50..769a1ead1c 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -126,6 +126,7 @@ config E500
  select ETSEC
  select GPIO_MPC8XXX
  select OPENPIC
+select PFLASH_CFI01
  select PLATFORM_BUS
  select PPCE500_PCI
  select SERIAL
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 3e950ea3ba..73198adac8 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -23,8 +23,10 @@
  #include "e500-ccsr.h"
  #include "net/net.h"
  #include "qemu/config-file.h"
+#include "hw/block/flash.h"
  #include "hw/char/serial.h"
  #include "hw/pci/pci.h"
+#include "sysemu/block-backend-io.h"
  #include "sysemu/sysemu.h"
  #include "sysemu/kvm.h"
  #include "sysemu/reset.h"
@@ -267,6 +269,31 @@ static void sysbus_device_create_devtree(SysBusDevice 
*sbdev, void *opaque)
  }
  }
  
+static void create_devtree_flash(SysBusDevice *sbdev,

+ PlatformDevtreeData *data)
+{
+g_autofree char *name = NULL;
+uint64_t num_blocks = object_property_get_uint(OBJECT(sbdev),
+   "num-blocks",
+   &error_fatal);
+uint64_t sector_length = object_property_get_uint(OBJECT(sbdev),
+  "sector-length",
+  &error_fatal);
+uint64_t bank_width = object_property_get_uint(OBJECT(sbdev),
+   "width",
+   &error_fatal);
+hwaddr flashbase = 0;
+hwaddr flashsize = num_blocks * sector_length;
+void *fdt = data->fdt;
+
+name = g_strdup_printf("%s/nor@%" PRIx64, data->node, flashbase);
+qemu_fdt_add_subnode(fdt, name);
+qemu_fdt_setprop_string(fdt, name, "compatible", "cfi-flash");
+qemu_fdt_setprop_sized_cells(fdt, name, "reg",
+ 1, flashbase, 1, flashsize);
+qemu_fdt_setprop_cell(fdt, name, "bank-width", bank_width);
+}
+
  static void platform_bus_create_devtree(PPCE500MachineState *pms,
  void *fdt, const char *mpic)
  {
@@ -276,6 +303,8 @@ static void platform_bus_create_devtree(PPCE500MachineState 
*pms,
  uint64_t addr = pmc->platform_bus_base;
  uint64_t size = pmc->platform_bus_size;
  int irq_start = pmc->platform_bus_first_irq;
+SysBusDevice *sbdev;
+bool ambiguous;
  
  /* Create a /platform node that we can put all devices into */
  
@@ -302,6 +331,13 @@ static void platform_bus_create_devtree(PPCE500MachineState *pms,

  /* Loop through all dynamic sysbus devices and create nodes for them */
  foreach_dynamic_sysbus_device(sysbus_device_create_devtree, &data);
  
+sbdev = SYS_BUS_DEVICE(object_resolve_path_type("", TYPE_PFLASH_CFI01,

+&ambiguous));
+if (sbdev) {
+assert(!ambiguous);
+create_devtree_flash(sbdev, &data);
+}
+
  g_free(node);
  }
  
@@ -856,6 +892,7 @@ void ppce500_init(MachineState *machine)

  unsigned int pci_irq_nrs[PCI_NUM_PINS] = {1, 2, 3, 4};
  IrqLines *irqs;
  DeviceState *dev, *mpicdev;
+DriveInfo *dinfo;
  CPUPPCState *firstenv = NULL;
  MemoryRegion *ccsr_addr_space;
  SysBusDevice *s;
@@ -1024,6 +1061,48 @@ void ppce500_init(MachineState *machine)
  pmc->platform_bus_base,
  

[PATCH v3 2/2] xen/pt: reserve PCI slot 2 for Intel igd-passthru

[Chuck Zmudzinski]

Intel specifies that the Intel IGD must occupy slot 2 on the PCI bus,
as noted in docs/igd-assign.txt in the Qemu source code.

Currently, when the xl toolstack is used to configure a Xen HVM guest with
Intel IGD passthrough to the guest with the Qemu upstream device model,
a Qemu emulated PCI device will occupy slot 2 and the Intel IGD will occupy
a different slot. This problem often prevents the guest from booting.

The only available workaround is not good: Configure Xen HVM guests to use
the old and no longer maintained Qemu traditional device model available
from xenbits.xen.org which does reserve slot 2 for the Intel IGD.

To implement this feature in the Qemu upstream device model for Xen HVM
guests, introduce the following new class, functions, types, and macros:

* XEN_PT_DEVICE_CLASS declaration, based on the existing TYPE_XEN_PT_DEVICE
* XEN_PT_DEVICE_GET_CLASS macro helper function for XEN_PT_DEVICE_CLASS
* typedef XenPTQdevRealize function pointer
* XEN_PCI_IGD_SLOT_MASK, the value of slot_reserved_mask to reserve slot 2
* xen_igd_reserve_slot and xen_igd_clear_slot functions

The new xen_igd_reserve_slot function uses the existing slot_reserved_mask
member of PCIBus to reserve PCI slot 2 for Xen HVM guests configured using
the xl toolstack with the gfx_passthru option enabled, which sets the
igd-passthru=on option to Qemu for the Xen HVM machine type.

The new xen_igd_reserve_slot function also needs to be implemented in
hw/xen/xen_pt_stub.c to prevent FTBFS during the link stage for the case
when Qemu is configured with --enable-xen and --disable-xen-pci-passthrough,
in which case it does nothing.

The new xen_igd_clear_slot function overrides qdev->realize of the parent
PCI device class to enable the Intel IGD to occupy slot 2 on the PCI bus
since slot 2 was reserved by xen_igd_reserve_slot when the PCI bus was
created in hw/i386/pc_piix.c for the case when igd-passthru=on.

Signed-off-by: Chuck Zmudzinski 
---
Notes that might be helpful to reviewers of patched code in hw/xen:

The new functions and types are based on recommendations from Qemu docs:
https://qemu.readthedocs.io/en/latest/devel/qom.html

Notes that might be helpful to reviewers of patched code in hw/i386:

The small patch to hw/i386/pc_piix.c is protected by CONFIG_XEN so it does
not affect builds that do not have CONFIG_XEN defined.

xen_igd_gfx_pt_enabled() in the patched hw/i386/pc_piix.c file is an
existing function that is only true when Qemu is built with
xen-pci-passthrough enabled and the administrator has configured the Xen
HVM guest with Qemu's igd-passthru=on option.

v2: Remove From:  tag at top of commit message

v3: Changed the test for the Intel IGD in xen_igd_clear_slot:

if (is_igd_vga_passthrough(&s->real_device) &&
(s->real_device.vendor_id == PCI_VENDOR_ID_INTEL)) {

is changed to

if (xen_igd_gfx_pt_enabled() && (s->hostaddr.slot == 2)
&& (s->hostaddr.function == 0)) {

I hoped that I could use the test in v2, since it matches the
other tests for the Intel IGD in Qemu and Xen, but those tests
do not work because the necessary data structures are not set with
their values yet. So instead use the test that the administrator
has enabled gfx_passthru and the device address on the host is
02.0. This test does detect the Intel IGD correctly.

Sorry for the extra noise.

 hw/i386/pc_piix.c|  3 +++
 hw/xen/xen_pt.c  | 25 +
 hw/xen/xen_pt.h  | 16 
 hw/xen/xen_pt_stub.c |  4 
 4 files changed, 48 insertions(+)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 0b1a79c0fa..a0f04ad62e 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -402,6 +402,9 @@ static void pc_xen_hvm_init(MachineState *machine)
 }
 
 pc_xen_hvm_init_pci(machine);
+if (xen_igd_gfx_pt_enabled()) {
+xen_igd_reserve_slot(pcms->bus);
+}
 pci_create_simple(pcms->bus, -1, "xen-platform");
 }
 #endif
diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
index 0ec7e52183..c62f03dd9f 100644
--- a/hw/xen/xen_pt.c
+++ b/hw/xen/xen_pt.c
@@ -950,11 +950,35 @@ static void xen_pci_passthrough_instance_init(Object *obj)
 PCI_DEVICE(obj)->cap_present |= QEMU_PCI_CAP_EXPRESS;
 }
 
+void xen_igd_reserve_slot(PCIBus *pci_bus)
+{
+XEN_PT_LOG(0, "Reserving PCI slot 2 for IGD\n");
+pci_bus->slot_reserved_mask |= XEN_PCI_IGD_SLOT_MASK;
+}
+
+static void xen_igd_clear_slot(DeviceState *qdev, Error **errp)
+{
+PCIDevice *pci_dev = (PCIDevice *)qdev;
+XenPCIPassthroughState *s = XEN_PT_DEVICE(pci_dev);
+XenPTDeviceClass *xptc = XEN_PT_DEVICE_GET_CLASS(s);
+PCIBus *pci_bus = pci_get_bus(pci_dev);
+
+if (xen_igd_gfx_pt_enabled() && (s->hostaddr.slot == 2)
+&& (s->hostaddr.function == 0)) {
+pci_bus->slot_reserved_mask &= ~XEN_PCI_IGD_SLOT_MASK;
+XEN_PT_LOG(pci_dev, "Intel IGD found, using slot 2\n");
+}
+xptc->pci_qdev_realize(qdev, errp);
+}
+
 static void xen_pci

[PATCH v3 1/2] xen/pt: fix syntax error that causes FTBFS in some configurations

[Chuck Zmudzinski]

When Qemu is built with --enable-xen and --disable-xen-pci-passthrough
and the target os is linux, the build fails with:

meson.build:3477:2: ERROR: File xen_pt_stub.c does not exist.

Fixes: 582ea95f5f93 ("meson: convert hw/xen")

Signed-off-by: Chuck Zmudzinski 
---
v2: Remove From:  tag at top of commit message

v3: No change to this patch since v2

 hw/xen/meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/xen/meson.build b/hw/xen/meson.build
index 08dc1f6857..ae0ace3046 100644
--- a/hw/xen/meson.build
+++ b/hw/xen/meson.build
@@ -18,7 +18,7 @@ if have_xen_pci_passthrough
 'xen_pt_msi.c',
   ))
 else
-  xen_specific_ss.add('xen_pt_stub.c')
+  xen_specific_ss.add(files('xen_pt_stub.c'))
 endif
 
 specific_ss.add_all(when: ['CONFIG_XEN', xen], if_true: xen_specific_ss)
-- 
2.37.2

Re: [PATCH v4 7/7] hw/ppc/e500: Add Freescale eSDHC to e500plat

[Daniel Henrique Barboza]

On 10/18/22 18:01, Bernhard Beschow wrote:

Adds missing functionality to e500plat machine which increases the
chance of given "real" firmware images to access SD cards.

Signed-off-by: Bernhard Beschow 
---


Reviewed-by: Daniel Henrique Barboza 


  docs/system/ppc/ppce500.rst | 12 
  hw/ppc/Kconfig  |  1 +
  hw/ppc/e500.c   | 35 ++-
  hw/ppc/e500.h   |  1 +
  hw/ppc/e500plat.c   |  1 +
  5 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/docs/system/ppc/ppce500.rst b/docs/system/ppc/ppce500.rst
index 38f8ceb0cf..c9fe0915dc 100644
--- a/docs/system/ppc/ppce500.rst
+++ b/docs/system/ppc/ppce500.rst
@@ -19,6 +19,7 @@ The ``ppce500`` machine supports the following devices:
  * Power-off functionality via one GPIO pin
  * 1 Freescale MPC8xxx PCI host controller
  * VirtIO devices via PCI bus
+* 1 Freescale Enhanced Secure Digital Host controller (eSDHC)
  * 1 Freescale Enhanced Triple Speed Ethernet controller (eTSEC)
  
  Hardware configuration information

@@ -181,3 +182,14 @@ as follows:
-drive if=pflash,file=/path/to/rootfs.ext2,format=raw \
-append "rootwait root=/dev/mtdblock0"
  
+Alternatively, the root file system can also reside on an emulated SD card

+whose size must again be a power of two:
+
+.. code-block:: bash
+
+  $ qemu-system-ppc64 -M ppce500 -cpu e500mc -smp 4 -m 2G \
+  -display none -serial stdio \
+  -kernel vmlinux \
+  -device sd-card,drive=mydrive \
+  -drive id=mydrive,if=none,file=/path/to/rootfs.ext2,format=raw \
+  -append "rootwait root=/dev/mmcblk0"
diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index 769a1ead1c..6e31f568ba 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -129,6 +129,7 @@ config E500
  select PFLASH_CFI01
  select PLATFORM_BUS
  select PPCE500_PCI
+select SDHCI
  select SERIAL
  select MPC_I2C
  select FDT_PPC
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 73198adac8..15d1f5ea00 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -48,6 +48,7 @@
  #include "hw/net/fsl_etsec/etsec.h"
  #include "hw/i2c/i2c.h"
  #include "hw/irq.h"
+#include "hw/sd/sdhci.h"
  
  #define EPAPR_MAGIC(0x45504150)

  #define DTC_LOAD_PAD   0x180
@@ -66,11 +67,14 @@
  #define MPC8544_SERIAL1_REGS_OFFSET 0x4600ULL
  #define MPC8544_PCI_REGS_OFFSET0x8000ULL
  #define MPC8544_PCI_REGS_SIZE  0x1000ULL
+#define MPC85XX_ESDHC_REGS_OFFSET  0x2e000ULL
+#define MPC85XX_ESDHC_REGS_SIZE0x1000ULL
  #define MPC8544_UTIL_OFFSET0xeULL
  #define MPC8XXX_GPIO_OFFSET0x000FF000ULL
  #define MPC8544_I2C_REGS_OFFSET0x3000ULL
  #define MPC8XXX_GPIO_IRQ   47
  #define MPC8544_I2C_IRQ43
+#define MPC85XX_ESDHC_IRQ  72
  #define RTC_REGS_OFFSET0x68
  
  #define PLATFORM_CLK_FREQ_HZ   (400 * 1000 * 1000)

@@ -203,6 +207,22 @@ static void dt_i2c_create(void *fdt, const char *soc, 
const char *mpic,
  g_free(i2c);
  }
  
+static void dt_sdhc_create(void *fdt, const char *parent, const char *mpic)

+{
+hwaddr mmio = MPC85XX_ESDHC_REGS_OFFSET;
+hwaddr size = MPC85XX_ESDHC_REGS_SIZE;
+int irq = MPC85XX_ESDHC_IRQ;
+g_autofree char *name = NULL;
+
+name = g_strdup_printf("%s/sdhc@%" PRIx64, parent, mmio);
+qemu_fdt_add_subnode(fdt, name);
+qemu_fdt_setprop(fdt, name, "sdhci,auto-cmd12", NULL, 0);
+qemu_fdt_setprop_phandle(fdt, name, "interrupt-parent", mpic);
+qemu_fdt_setprop_cells(fdt, name, "bus-width", 4);
+qemu_fdt_setprop_cells(fdt, name, "interrupts", irq, 0x2);
+qemu_fdt_setprop_cells(fdt, name, "reg", mmio, size);
+qemu_fdt_setprop_string(fdt, name, "compatible", "fsl,esdhc");
+}
  
  typedef struct PlatformDevtreeData {

  void *fdt;
@@ -553,6 +573,10 @@ static int ppce500_load_device_tree(PPCE500MachineState 
*pms,
  
  dt_rtc_create(fdt, "i2c", "rtc");
  
+/* sdhc */

+if (pmc->has_esdhc) {
+dt_sdhc_create(fdt, soc, mpic);
+}
  
  gutil = g_strdup_printf("%s/global-utilities@%llx", soc,

  MPC8544_UTIL_OFFSET);
@@ -982,7 +1006,8 @@ void ppce500_init(MachineState *machine)
 0, qdev_get_gpio_in(mpicdev, 42), 399193,
 serial_hd(1), DEVICE_BIG_ENDIAN);
  }
-/* I2C */
+
+/* I2C */
  dev = qdev_new("mpc-i2c");
  s = SYS_BUS_DEVICE(dev);
  sysbus_realize_and_unref(s, &error_fatal);
@@ -992,6 +1017,14 @@ void ppce500_init(MachineState *machine)
  i2c = (I2CBus *)qdev_get_child_bus(dev, "i2c");
  i2c_slave_create_simple(i2c, "ds1338", RTC_REGS_OFFSET);
  
+/* eSDHC */

+if (pmc->has_esdhc) {
+dev = qdev_new(TYPE_FSL_ESDHC);
+s = SYS_BUS_DEVICE(dev);
+sysbus_realize_and_unref(s, &error_fatal);
+sysbus_mmio_map(s, 0, pmc->ccsrbar_base + MPC85XX_ESDHC_REGS_OFFSET);
+sysbus_connect_irq(s, 0, qdev_get_gp

Re: [PATCH v4 0/7] ppc/e500: Add support for two types of flash, cleanup

[Daniel Henrique Barboza]

Hi,

Since this is being sent to qemu-ppc and has to do with e500 I decided to
take a look. I acked the e500 related patches, 5 and 7. Patch 6 LGTM as well
but I'd rather not ack it it's SD specific code.

I'll send a PowerPC pull request this week. I can grab this series via the ppc
tree if someone with SD authority acks patch 6.


Thanks,


Daniel





On 10/18/22 18:01, Bernhard Beschow wrote:

Cover letter:
~

This series adds support for -pflash and direct SD card access to the
PPC e500 boards. The idea is to increase compatibility with "real" firmware
images where only the bare minimum of drivers is compiled in.

The series is structured as follows:

Patches 1-4 perform some general cleanup which paves the way for the rest of
the series.

Patch 5 adds -pflash handling where memory-mapped flash can be added on
user's behalf. That is, the flash memory region in the eLBC is only added if
the -pflash argument is supplied. Note that the cfi01 device model becomes
stricter in checking the size of the emulated flash space.

Patches 6 and 7 add a new device model - the Freescale eSDHC - to the e500
boards which was missing so far.

User documentation is also added as the new features become available.

Tesing done:
* `qeu-system-ppc -M ppce500 -cpu e500mc -m 256 -kernel uImage -append
"console=ttyS0 rootwait root=/dev/mtdblock0 nokaslr" -drive
if=pflash,file=rootfs.ext2,format=raw`
* `qemu-system-ppc -M ppce500 -cpu e500mc -m 256 -kernel uImage -append
"console=ttyS0 rootwait root=/dev/mmcblk0" -device sd-card,drive=mydrive -drive
id=mydrive,if=none,file=rootfs.ext2,format=raw`

The load was created using latest Buildroot with `make
qemu_ppc_e500mc_defconfig` where the rootfs was configured to be of ext2 type.
In both cases it was possible to log in and explore the root file system.

v4:
~~~
Zoltan:
- Don't suggest presence of qemu-system-ppc32 in documentation

Bin:
- New patch: docs/system/ppc/ppce500: Use qemu-system-ppc64 across the board(s)

Peter:
- Inline pflash_cfi01_register() rather than modify it (similar to v2)

v3:
~~~
Phil:
- Also add power-of-2 fix to pflash_cfi02
- Resolve cfi01-specific assertion in e500 code
- Resolve unused define in eSDHC device model
- Resolve redundant alignment checks in eSDHC device model

Bin:
- Add dedicated flash chapter to documentation

Bernhard:
- Use is_power_of_2() instead of ctpop64() for better readability
- Only instantiate eSDHC device model in ppce500 (not used in MPC8544DS)
- Rebase onto gitlab.com/danielhb/qemu/tree/ppc-next

v2:
~~~
Bin:
- Add source for MPC8544DS platform bus' memory map in commit message.
- Keep "ESDHC" in comment referring to Linux driver.
- Use "qemu-system-ppc{64|32} in documentation.
- Use g_autofree in device tree code.
- Remove unneeded device tree properties.
- Error out if pflash size doesn't fit into eLBC memory window.
- Remove unused ESDHC defines.
- Define macro ESDHC_WML for register offset with magic constant.
- Fix some whitespace issues when adding eSDHC device to e500.

Phil:
- Fix tense in commit message.

Bernhard Beschow (7):
   docs/system/ppc/ppce500: Use qemu-system-ppc64 across the board(s)
   hw/block/pflash_cfi0{1,2}: Error out if device length isn't a power of
 two
   hw/sd/sdhci-internal: Unexport ESDHC defines
   hw/sd/sdhci: Rename ESDHC_* defines to USDHC_*
   hw/ppc/e500: Implement pflash handling
   hw/sd/sdhci: Implement Freescale eSDHC device model
   hw/ppc/e500: Add Freescale eSDHC to e500plat

  docs/system/ppc/ppce500.rst |  38 +++-
  hw/block/pflash_cfi01.c |   8 +-
  hw/block/pflash_cfi02.c |   5 +
  hw/ppc/Kconfig  |   2 +
  hw/ppc/e500.c   | 114 +-
  hw/ppc/e500.h   |   1 +
  hw/ppc/e500plat.c   |   1 +
  hw/sd/sdhci-internal.h  |  20 
  hw/sd/sdhci.c   | 183 +++-
  include/hw/sd/sdhci.h   |   3 +
  10 files changed, 324 insertions(+), 51 deletions(-)

Re: [PATCH 0/4] Allow to pass pre-created VFIO container/group to QEMU

[Alex Williamson]

On Wed, 26 Oct 2022 15:07:32 +0300
Andrey Ryabinin  wrote:

> On 10/17/22 18:21, Alex Williamson wrote:
> > On Mon, 17 Oct 2022 13:54:03 +0300
> > Andrey Ryabinin  wrote:
> >   
> >> These patches add possibility to pass VFIO device to QEMU using file
> >> descriptors of VFIO container/group, instead of creating those by QEMU.
> >> This allows to take away permissions to open /dev/vfio/* from QEMU and
> >> delegate that to managment layer like libvirt.
> >>
> >> The VFIO API doen't allow to pass just fd of device, since we also need to 
> >> have
> >> VFIO container and group. So these patches allow to pass created VFIO 
> >> container/group
> >> to QEMU via command line/QMP, e.g. like this:
> >> -object vfio-container,id=ct,fd=5 \
> >> -object vfio-group,id=grp,fd=6,container=ct \
> >> -device vfio-pci,host=05:00.0,group=grp  
> > 
> > This suggests that management tools need to become intimately familiar
> > with container and group association restrictions for implicit
> > dependencies, such as device AddressSpace.  We had considered this
> > before and intentionally chosen to allow QEMU to manage that
> > relationship.  Things like PCI bus type and presence of a vIOMMU factor
> > into these relationships.
> >   
> 
> This is already the case. These patches doesn't change much.
> QEMU doesn't allow to adding device from one group to several address spaces.
> So the management tool needs to know whether devices are in the same group or 
> not
> and whether QEMU will create separate address spaces for these devices or not.
> 
> E.g.
> qemu-system-x86_64 -nodefaults -M q35,accel=kvm,kernel-irqchip=split \
> -device intel-iommu,intremap=on,caching-mode=on \
> -device vfio-pci,host=00:1f.3 \
> -device vfio-pci,host=00:1f.4 
> qemu-system-x86_64: -device vfio-pci,host=00:1f.4: vfio :00:1f.4: group 
> 14 used in multiple address spaces

Obviously QEMU fails this configuration.  It must.  How does that
suggest that a management tool, like libvirt, is already aware of this
requirement.  In fact, libvirt will happily validate xml creating such
a configuration.  The point was that tools like libvirt would need to
provide these group and container file descriptors and they currently
impose no restrictions or working knowledge on the relationship between
devices, groups, containers, and address spaces.

> > In the above example, what happens in a mixed environment, for example
> > if we then add '-device vfio-pci,host=06:00.0' to the command line?
> > Isn't QEMU still going to try to re-use the container if it exists in
> > the same address space? Potentially this device could also be a member
> > of the same group.  How would the management tool know when to expect
> > the provided fds be released?
> >   
> 
> Valid point, container indeed will be reused and second device will occupy it.
> But we could make new container instead. Using several containers in one 
> address
> space won't be a problem, right?
> Of course several devices from same group won't be allowed to be added in 
> mixed way.

Potentially, yes, that is a problem.  Each container represents a
separate IOMMU context, separate DMA map and unmap operations, and
separate locked page accounting.  So if libvirt chooses the more
trivial solution to impose a new container for every group, that
translates to space, time, and process accounting overhead.

> > We also have an outstanding RFC for iommufd that already proposes an fd
> > passing interface, where iommufd removes many of the issues of the vfio
> > container by supporting multiple address spaces within a single fd
> > context, avoiding the duplicate locked page accounting issues between
> > containers, and proposing a direct device fd interface for vfio.  Why at
> > this point in time would we choose to expand the QEMU vfio interface in
> > this way?  Thanks,
> >   
> 
> It sounds nice, but iommufd is new API which doesn't exist in any kernel yet.
> These patches is something that can be used on existing, already deployed 
> kernels.

OTOH, we expect iommufd in the near term, non-RFC patches are posted.
The vfio kernel modules have undergone significant churn in recent
kernels to align with the development goals of iommufd.  QEMU support to
accept file descriptors for "legacy" implementations of vfio is only
the beginning, where the next step would require the management tools
to be sufficiently enlightened to implement file descriptor passing.
All of that suggests development and maintenance effort for something
we're actively trying to replace.  Thanks,

Alex

Re: [PATCH] qga: add channel path to error messages

[Konstantin Kostiuk]

Reviewed-by: Konstantin Kostiuk 

On Fri, Oct 21, 2022 at 1:04 AM Bjørn Forsman 
wrote:

> It's useful to know which device was used if/when it fails.
>
> channel-win32.c had this since 2015, with
> c69403fcd4a0cb89f838a212ab71e4a1a3464c95 ("qemu-ga: debug printouts to
> help troubleshoot installation"), this brings channel-posix.c up to
> speed.
>
> Signed-off-by: Bjørn Forsman 
> ---
>  qga/channel-posix.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/qga/channel-posix.c b/qga/channel-posix.c
> index 6796a02cff..e6dce985ae 100644
> --- a/qga/channel-posix.c
> +++ b/qga/channel-posix.c
> @@ -138,7 +138,7 @@ static gboolean ga_channel_open(GAChannel *c, const
> gchar *path,
>  0
>  );
>  if (fd == -1) {
> -error_setg_errno(errp, errno, "error opening channel");
> +error_setg_errno(errp, errno, "error opening channel '%s'",
> path);
>  return false;
>  }
>  #ifdef CONFIG_SOLARIS
> @@ -163,7 +163,7 @@ static gboolean ga_channel_open(GAChannel *c, const
> gchar *path,
>  assert(fd < 0);
>  fd = qga_open_cloexec(path, O_RDWR | O_NOCTTY | O_NONBLOCK, 0);
>  if (fd == -1) {
> -error_setg_errno(errp, errno, "error opening channel");
> +error_setg_errno(errp, errno, "error opening channel '%s'",
> path);
>  return false;
>  }
>  tcgetattr(fd, &tio);
> --
> 2.36.2
>
>

Re: [PATCH v9 1/8] mm: Introduce memfd_restricted system call to create restricted user memory

[Isaku Yamahata]

On Tue, Oct 25, 2022 at 11:13:37PM +0800,
Chao Peng  wrote:

> +int restrictedmem_get_page(struct file *file, pgoff_t offset,
> +struct page **pagep, int *order)
> +{
> + struct restrictedmem_data *data = file->f_mapping->private_data;
> + struct file *memfd = data->memfd;
> + struct page *page;
> + int ret;
> +
> + ret = shmem_getpage(file_inode(memfd), offset, &page, SGP_WRITE);

shmem_getpage() was removed.
https://lkml.kernel.org/r/20220902194653.1739778-34-wi...@infradead.org

I needed the following fix to compile.

thanks,

diff --git a/mm/restrictedmem.c b/mm/restrictedmem.c
index e5bf8907e0f8..4694dd5609d6 100644
--- a/mm/restrictedmem.c
+++ b/mm/restrictedmem.c
@@ -231,13 +231,15 @@ int restrictedmem_get_page(struct file *file, pgoff_t 
offset,
 {
struct restrictedmem_data *data = file->f_mapping->private_data;
struct file *memfd = data->memfd;
+   struct folio *folio = NULL;
struct page *page;
int ret;
 
-   ret = shmem_getpage(file_inode(memfd), offset, &page, SGP_WRITE);
+   ret = shmem_get_folio(file_inode(memfd), offset, &folio, SGP_WRITE);
if (ret)
return ret;
 
+   page = folio_file_page(folio, offset);
*pagep = page;
if (order)
*order = thp_order(compound_head(page));
-- 
Isaku Yamahata 

[PULL 6/8] qga: Move HW address getting to a separate function

[Konstantin Kostiuk]

From: Alexander Ivanov 

In the next patch FreeBSD support for guest-network-get-interfaces will be
added. Previously move Linux-specific code of HW address getting to a
separate functions and add a dumb function to commands-bsd.c.

Reviewed-by: Konstantin Kostiuk 
Reviewed-by: Marc-André Lureau 
Signed-off-by: Alexander Ivanov 
Signed-off-by: Konstantin Kostiuk 
---
 qga/commands-bsd.c| 16 +++
 qga/commands-common.h |  6 +++
 qga/commands-posix.c  | 98 ---
 3 files changed, 78 insertions(+), 42 deletions(-)

diff --git a/qga/commands-bsd.c b/qga/commands-bsd.c
index ca06692179..ebf0fb8b0f 100644
--- a/qga/commands-bsd.c
+++ b/qga/commands-bsd.c
@@ -167,3 +167,19 @@ GuestCpuStatsList *qmp_guest_get_cpustats(Error **errp)
 return NULL;
 }
 #endif /* CONFIG_FSFREEZE */
+
+#ifdef HAVE_GETIFADDRS
+/*
+ * Fill "buf" with MAC address by ifaddrs. Pointer buf must point to a
+ * buffer with ETHER_ADDR_LEN length at least.
+ *
+ * Returns false in case of an error, otherwise true. "obtained" arguument
+ * is true if a MAC address was obtained successful, otherwise false.
+ */
+bool guest_get_hw_addr(struct ifaddrs *ifa, unsigned char *buf,
+   bool *obtained, Error **errp)
+{
+*obtained = false;
+return true;
+}
+#endif /* HAVE_GETIFADDRS */
diff --git a/qga/commands-common.h b/qga/commands-common.h
index d0583c6ddb..8c1c56aac9 100644
--- a/qga/commands-common.h
+++ b/qga/commands-common.h
@@ -56,6 +56,12 @@ int64_t qmp_guest_fsfreeze_do_freeze_list(bool 
has_mountpoints,
 int qmp_guest_fsfreeze_do_thaw(Error **errp);
 #endif /* CONFIG_FSFREEZE */
 
+#ifdef HAVE_GETIFADDRS
+#include 
+bool guest_get_hw_addr(struct ifaddrs *ifa, unsigned char *buf,
+   bool *obtained, Error **errp);
+#endif
+
 typedef struct GuestFileHandle GuestFileHandle;
 
 GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp);
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index e0ee0bea00..32493d6383 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -41,20 +41,12 @@
 #endif
 #endif
 
-#ifdef __FreeBSD__
-/*
- * The code under HAVE_GETIFADDRS condition can't be compiled in FreeBSD.
- * Fix it in one of the following patches.
- */
-#undef HAVE_GETIFADDRS
-#endif
-
 #ifdef HAVE_GETIFADDRS
 #include 
 #include 
 #include 
+#include 
 #include 
-#include 
 #ifdef CONFIG_SOLARIS
 #include 
 #endif
@@ -2889,6 +2881,57 @@ static int guest_get_network_stats(const char *name,
 return -1;
 }
 
+#ifndef __FreeBSD__
+/*
+ * Fill "buf" with MAC address by ifaddrs. Pointer buf must point to a
+ * buffer with ETHER_ADDR_LEN length at least.
+ *
+ * Returns false in case of an error, otherwise true. "obtained" argument
+ * is true if a MAC address was obtained successful, otherwise false.
+ */
+bool guest_get_hw_addr(struct ifaddrs *ifa, unsigned char *buf,
+   bool *obtained, Error **errp)
+{
+struct ifreq ifr;
+int sock;
+
+*obtained = false;
+
+/* we haven't obtained HW address yet */
+sock = socket(PF_INET, SOCK_STREAM, 0);
+if (sock == -1) {
+error_setg_errno(errp, errno, "failed to create socket");
+return false;
+}
+
+memset(&ifr, 0, sizeof(ifr));
+pstrcpy(ifr.ifr_name, IF_NAMESIZE, ifa->ifa_name);
+if (ioctl(sock, SIOCGIFHWADDR, &ifr) == -1) {
+/*
+ * We can't get the hw addr of this interface, but that's not a
+ * fatal error.
+ */
+if (errno == EADDRNOTAVAIL) {
+/* The interface doesn't have a hw addr (e.g. loopback). */
+g_debug("failed to get MAC address of %s: %s",
+ifa->ifa_name, strerror(errno));
+} else{
+g_warning("failed to get MAC address of %s: %s",
+  ifa->ifa_name, strerror(errno));
+}
+} else {
+#ifdef CONFIG_SOLARIS
+memcpy(buf, &ifr.ifr_addr.sa_data, ETHER_ADDR_LEN);
+#else
+memcpy(buf, &ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN);
+#endif
+*obtained = true;
+}
+close(sock);
+return true;
+}
+#endif /* __FreeBSD__ */
+
 /*
  * Build information about guest interfaces
  */
@@ -2909,9 +2952,8 @@ GuestNetworkInterfaceList 
*qmp_guest_network_get_interfaces(Error **errp)
 GuestNetworkInterfaceStat *interface_stat = NULL;
 char addr4[INET_ADDRSTRLEN];
 char addr6[INET6_ADDRSTRLEN];
-int sock;
-struct ifreq ifr;
-unsigned char *mac_addr;
+unsigned char mac_addr[ETHER_ADDR_LEN];
+bool obtained;
 void *p;
 
 g_debug("Processing %s interface", ifa->ifa_name);
@@ -2926,45 +2968,17 @@ GuestNetworkInterfaceList 
*qmp_guest_network_get_interfaces(Error **errp)
 }
 
 if (!info->has_hardware_address) {
-/* we haven't obtained HW address yet */
-sock = socket(PF_INET, SOCK_STREAM, 0);
-if (sock == -1) {
-error_setg_errno(errp, err

[PULL 2/8] qga: Move Linux-specific FS freeze/thaw code to a separate file

[Konstantin Kostiuk]

From: Alexander Ivanov 

In the next patches we are going to add FreeBSD support for QEMU Guest
Agent. In the result, code in commands-posix.c will be too cumbersome.

Move Linux-specific FS freeze/thaw code to a separate file commands-linux.c
keeping common POSIX code in commands-posix.c.

Reviewed-by: Konstantin Kostiuk 
Reviewed-by: Marc-André Lureau 
Signed-off-by: Alexander Ivanov 
Signed-off-by: Konstantin Kostiuk 
---
 qga/commands-common.h |  34 +
 qga/commands-linux.c  | 286 +
 qga/commands-posix.c  | 287 +++---
 qga/meson.build   |   3 +
 4 files changed, 338 insertions(+), 272 deletions(-)
 create mode 100644 qga/commands-linux.c

diff --git a/qga/commands-common.h b/qga/commands-common.h
index d0e4a9696f..cb51b1c6e9 100644
--- a/qga/commands-common.h
+++ b/qga/commands-common.h
@@ -10,6 +10,40 @@
 #define QGA_COMMANDS_COMMON_H
 
 #include "qga-qapi-types.h"
+#include "guest-agent-core.h"
+#include "qemu/queue.h"
+
+#if defined(__linux__)
+#include 
+#ifdef FIFREEZE
+#define CONFIG_FSFREEZE
+#endif
+#ifdef FITRIM
+#define CONFIG_FSTRIM
+#endif
+#endif /* __linux__ */
+
+#if defined(CONFIG_FSFREEZE) || defined(CONFIG_FSTRIM)
+typedef struct FsMount {
+char *dirname;
+char *devtype;
+unsigned int devmajor, devminor;
+QTAILQ_ENTRY(FsMount) next;
+} FsMount;
+
+typedef QTAILQ_HEAD(FsMountList, FsMount) FsMountList;
+
+bool build_fs_mount_list(FsMountList *mounts, Error **errp);
+void free_fs_mount_list(FsMountList *mounts);
+#endif /* CONFIG_FSFREEZE || CONFIG_FSTRIM */
+
+#if defined(CONFIG_FSFREEZE)
+int64_t qmp_guest_fsfreeze_do_freeze_list(bool has_mountpoints,
+  strList *mountpoints,
+  FsMountList mounts,
+  Error **errp);
+int qmp_guest_fsfreeze_do_thaw(Error **errp);
+#endif /* CONFIG_FSFREEZE */
 
 typedef struct GuestFileHandle GuestFileHandle;
 
diff --git a/qga/commands-linux.c b/qga/commands-linux.c
new file mode 100644
index 00..214e408fcd
--- /dev/null
+++ b/qga/commands-linux.c
@@ -0,0 +1,286 @@
+/*
+ * QEMU Guest Agent Linux-specific command implementations
+ *
+ * Copyright IBM Corp. 2011
+ *
+ * Authors:
+ *  Michael Roth  
+ *  Michal Privoznik  
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "commands-common.h"
+#include "cutils.h"
+#include 
+#include 
+
+#if defined(CONFIG_FSFREEZE) || defined(CONFIG_FSTRIM)
+static int dev_major_minor(const char *devpath,
+   unsigned int *devmajor, unsigned int *devminor)
+{
+struct stat st;
+
+*devmajor = 0;
+*devminor = 0;
+
+if (stat(devpath, &st) < 0) {
+slog("failed to stat device file '%s': %s", devpath, strerror(errno));
+return -1;
+}
+if (S_ISDIR(st.st_mode)) {
+/* It is bind mount */
+return -2;
+}
+if (S_ISBLK(st.st_mode)) {
+*devmajor = major(st.st_rdev);
+*devminor = minor(st.st_rdev);
+return 0;
+}
+return -1;
+}
+
+static bool build_fs_mount_list_from_mtab(FsMountList *mounts, Error **errp)
+{
+struct mntent *ment;
+FsMount *mount;
+char const *mtab = "/proc/self/mounts";
+FILE *fp;
+unsigned int devmajor, devminor;
+
+fp = setmntent(mtab, "r");
+if (!fp) {
+error_setg(errp, "failed to open mtab file: '%s'", mtab);
+return false;
+}
+
+while ((ment = getmntent(fp))) {
+/*
+ * An entry which device name doesn't start with a '/' is
+ * either a dummy file system or a network file system.
+ * Add special handling for smbfs and cifs as is done by
+ * coreutils as well.
+ */
+if ((ment->mnt_fsname[0] != '/') ||
+(strcmp(ment->mnt_type, "smbfs") == 0) ||
+(strcmp(ment->mnt_type, "cifs") == 0)) {
+continue;
+}
+if (dev_major_minor(ment->mnt_fsname, &devmajor, &devminor) == -2) {
+/* Skip bind mounts */
+continue;
+}
+
+mount = g_new0(FsMount, 1);
+mount->dirname = g_strdup(ment->mnt_dir);
+mount->devtype = g_strdup(ment->mnt_type);
+mount->devmajor = devmajor;
+mount->devminor = devminor;
+
+QTAILQ_INSERT_TAIL(mounts, mount, next);
+}
+
+endmntent(fp);
+return true;
+}
+
+static void decode_mntname(char *name, int len)
+{
+int i, j = 0;
+for (i = 0; i <= len; i++) {
+if (name[i] != '\\') {
+name[j++] = name[i];
+} else if (name[i + 1] == '\\') {
+name[j++] = '\\';
+i++;
+} else if (name[i + 1] >= '0' && name[i + 1] <= '3' &&
+   name[i + 2] >= '0' && name[i + 2] <= '7' &&
+   name[i + 3] >=

[PULL 5/8] qga: Add support for user password setting in FreeBSD

[Konstantin Kostiuk]

From: Alexander Ivanov 

Move qmp_guest_set_user_password() from __linux__ condition to
(__linux__ || __FreeBSD__) condition. Add command and arguments
for password setting in FreeBSD.

Reviewed-by: Konstantin Kostiuk 
Reviewed-by: Marc-André Lureau 
Signed-off-by: Alexander Ivanov 
Signed-off-by: Konstantin Kostiuk 
---
 qga/commands-posix.c | 35 +--
 1 file changed, 25 insertions(+), 10 deletions(-)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index b0b467ebdb..e0ee0bea00 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -2122,7 +2122,9 @@ int64_t qmp_guest_set_vcpus(GuestLogicalProcessorList 
*vcpus, Error **errp)
 
 return processed;
 }
+#endif /* __linux__ */
 
+#if defined(__linux__) || defined(__FreeBSD__)
 void qmp_guest_set_user_password(const char *username,
  const char *password,
  bool crypted,
@@ -2156,10 +2158,15 @@ void qmp_guest_set_user_password(const char *username,
 goto out;
 }
 
+#ifdef __FreeBSD__
+chpasswddata = g_strdup(rawpasswddata);
+passwd_path = g_find_program_in_path("pw");
+#else
 chpasswddata = g_strdup_printf("%s:%s\n", username, rawpasswddata);
-chpasswdlen = strlen(chpasswddata);
-
 passwd_path = g_find_program_in_path("chpasswd");
+#endif
+
+chpasswdlen = strlen(chpasswddata);
 
 if (!passwd_path) {
 error_setg(errp, "cannot find 'passwd' program in PATH");
@@ -2180,11 +2187,17 @@ void qmp_guest_set_user_password(const char *username,
 reopen_fd_to_null(1);
 reopen_fd_to_null(2);
 
+#ifdef __FreeBSD__
+const char *h_arg;
+h_arg = (crypted) ? "-H" : "-h";
+execl(passwd_path, "pw", "usermod", "-n", username, h_arg, "0", NULL);
+#else
 if (crypted) {
 execl(passwd_path, "chpasswd", "-e", NULL);
 } else {
 execl(passwd_path, "chpasswd", NULL);
 }
+#endif
 _exit(EXIT_FAILURE);
 } else if (pid < 0) {
 error_setg_errno(errp, errno, "failed to create child process");
@@ -2227,7 +2240,17 @@ out:
 close(datafd[1]);
 }
 }
+#else /* __linux__ || __FreeBSD__ */
+void qmp_guest_set_user_password(const char *username,
+ const char *password,
+ bool crypted,
+ Error **errp)
+{
+error_setg(errp, QERR_UNSUPPORTED);
+}
+#endif /* __linux__ || __FreeBSD__ */
 
+#ifdef __linux__
 static void ga_read_sysfs_file(int dirfd, const char *pathname, char *buf,
int size, Error **errp)
 {
@@ -2764,14 +2787,6 @@ int64_t qmp_guest_set_vcpus(GuestLogicalProcessorList 
*vcpus, Error **errp)
 return -1;
 }
 
-void qmp_guest_set_user_password(const char *username,
- const char *password,
- bool crypted,
- Error **errp)
-{
-error_setg(errp, QERR_UNSUPPORTED);
-}
-
 GuestMemoryBlockList *qmp_guest_get_memory_blocks(Error **errp)
 {
 error_setg(errp, QERR_UNSUPPORTED);
-- 
2.25.1

[PULL 1/8] qga: Add initial FreeBSD support

[Konstantin Kostiuk]

From: Alexander Ivanov 

- Fix device path.
- Fix virtio-serial channel initialization.
- Make the code buildable in FreeBSD.

Reviewed-by: Konstantin Kostiuk 
Acked-by: Marc-André Lureau 
Signed-off-by: Alexander Ivanov 
Signed-off-by: Konstantin Kostiuk 
---
 meson.build  |  2 +-
 qga/channel-posix.c  | 19 +++
 qga/commands-posix.c |  8 
 qga/main.c   |  6 +-
 4 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/meson.build b/meson.build
index b686dfef75..71fe72ea06 100644
--- a/meson.build
+++ b/meson.build
@@ -75,7 +75,7 @@ have_tools = get_option('tools') \
   .allowed()
 have_ga = get_option('guest_agent') \
   .disable_auto_if(not have_system and not have_tools) \
-  .require(targetos in ['sunos', 'linux', 'windows'],
+  .require(targetos in ['sunos', 'linux', 'windows', 'freebsd'],
error_message: 'unsupported OS for QEMU guest agent') \
   .allowed()
 have_block = have_system or have_tools
diff --git a/qga/channel-posix.c b/qga/channel-posix.c
index 6796a02cff..568350ded4 100644
--- a/qga/channel-posix.c
+++ b/qga/channel-posix.c
@@ -149,6 +149,25 @@ static gboolean ga_channel_open(GAChannel *c, const gchar 
*path,
 return false;
 }
 #endif
+#ifdef __FreeBSD__
+/*
+ * In the default state channel sends echo of every command to a
+ * client. The client programm doesn't expect this and raises an
+ * error. Suppress echo by resetting ECHO terminal flag.
+ */
+struct termios tio;
+if (tcgetattr(fd, &tio) < 0) {
+error_setg_errno(errp, errno, "error getting channel termios 
attrs");
+close(fd);
+return false;
+}
+tio.c_lflag &= ~ECHO;
+if (tcsetattr(fd, TCSAFLUSH, &tio) < 0) {
+error_setg_errno(errp, errno, "error setting channel termios 
attrs");
+close(fd);
+return false;
+}
+#endif /* __FreeBSD__ */
 ret = ga_channel_client_add(c, fd);
 if (ret) {
 error_setg(errp, "error adding channel to main loop");
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index eea819cff0..16d67e9f6d 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -51,6 +51,14 @@
 #endif
 #endif
 
+#ifdef __FreeBSD__
+/*
+ * The code under HAVE_GETIFADDRS condition can't be compiled in FreeBSD.
+ * Fix it in one of the following patches.
+ */
+#undef HAVE_GETIFADDRS
+#endif
+
 #ifdef HAVE_GETIFADDRS
 #include 
 #include 
diff --git a/qga/main.c b/qga/main.c
index 5a9d8252e0..0d27c97d38 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -45,9 +45,13 @@
 #endif
 
 #ifndef _WIN32
+#ifdef __FreeBSD__
+#define QGA_VIRTIO_PATH_DEFAULT "/dev/vtcon/org.qemu.guest_agent.0"
+#else /* __FreeBSD__ */
 #define QGA_VIRTIO_PATH_DEFAULT "/dev/virtio-ports/org.qemu.guest_agent.0"
-#define QGA_STATE_RELATIVE_DIR  "run"
+#endif /* __FreeBSD__ */
 #define QGA_SERIAL_PATH_DEFAULT "/dev/ttyS0"
+#define QGA_STATE_RELATIVE_DIR  "run"
 #else
 #define QGA_VIRTIO_PATH_DEFAULT ".\\Global\\org.qemu.guest_agent.0"
 #define QGA_STATE_RELATIVE_DIR  "qemu-ga"
-- 
2.25.1

[PULL 8/8] qga: add channel path to error messages

[Konstantin Kostiuk]

From: Bjørn Forsman 

It's useful to know which device was used if/when it fails.

channel-win32.c had this since 2015, with
c69403fcd4a0cb89f838a212ab71e4a1a3464c95 ("qemu-ga: debug printouts to
help troubleshoot installation"), this brings channel-posix.c up to
speed.

Signed-off-by: Bjørn Forsman 
Reviewed-by: Konstantin Kostiuk 
Signed-off-by: Konstantin Kostiuk 
---
 qga/channel-posix.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/qga/channel-posix.c b/qga/channel-posix.c
index 568350ded4..0c5175d957 100644
--- a/qga/channel-posix.c
+++ b/qga/channel-posix.c
@@ -138,7 +138,7 @@ static gboolean ga_channel_open(GAChannel *c, const gchar 
*path,
 0
 );
 if (fd == -1) {
-error_setg_errno(errp, errno, "error opening channel");
+error_setg_errno(errp, errno, "error opening channel '%s'", path);
 return false;
 }
 #ifdef CONFIG_SOLARIS
@@ -182,7 +182,7 @@ static gboolean ga_channel_open(GAChannel *c, const gchar 
*path,
 assert(fd < 0);
 fd = qga_open_cloexec(path, O_RDWR | O_NOCTTY | O_NONBLOCK, 0);
 if (fd == -1) {
-error_setg_errno(errp, errno, "error opening channel");
+error_setg_errno(errp, errno, "error opening channel '%s'", path);
 return false;
 }
 tcgetattr(fd, &tio);
-- 
2.25.1

[PULL 7/8] qga: Add HW address getting for FreeBSD

[Konstantin Kostiuk]

From: Alexander Ivanov 

Replace a dumb function in commands-bsd.c by the code of HW address
getting.

Reviewed-by: Konstantin Kostiuk 
Reviewed-by: Marc-André Lureau 
Signed-off-by: Alexander Ivanov 
Signed-off-by: Konstantin Kostiuk 
---
 qga/commands-bsd.c | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/qga/commands-bsd.c b/qga/commands-bsd.c
index ebf0fb8b0f..15cade2d4c 100644
--- a/qga/commands-bsd.c
+++ b/qga/commands-bsd.c
@@ -20,6 +20,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 #include 
 
 #if defined(CONFIG_FSFREEZE) || defined(CONFIG_FSTRIM)
@@ -179,7 +181,20 @@ GuestCpuStatsList *qmp_guest_get_cpustats(Error **errp)
 bool guest_get_hw_addr(struct ifaddrs *ifa, unsigned char *buf,
bool *obtained, Error **errp)
 {
+struct sockaddr_dl *sdp;
+
 *obtained = false;
+
+if (ifa->ifa_addr->sa_family != AF_LINK) {
+/* We can get HW address only for AF_LINK family. */
+g_debug("failed to get MAC address of %s", ifa->ifa_name);
+return true;
+}
+
+sdp = (struct sockaddr_dl *)ifa->ifa_addr;
+memcpy(buf, sdp->sdl_data + sdp->sdl_nlen, ETHER_ADDR_LEN);
+*obtained = true;
+
 return true;
 }
 #endif /* HAVE_GETIFADDRS */
-- 
2.25.1

Re: [PATCH v5 0/7] qga: Add FreeBSD support

[Konstantin Kostiuk]

Thanks for the reminder. PR was sent
https://patchew.org/QEMU/20221026175518.2636846-1-kkost...@redhat.com/

Best Regards,
Konstantin Kostiuk.


On Wed, Oct 26, 2022 at 4:25 PM Alexander Ivanov <
alexander.iva...@virtuozzo.com> wrote:

> Could you please clarify the status of the patchset?
>
> Thank you.
>
> On 17.10.2022 09:28, Alexander Ivanov wrote:
> > Add freeze/thaw, shutdown/halt/reboot, password setting and
> > guest-network-get-interfaces command support for FreeBSD.
> >
> > v5:
> > 2: Left ga_wait_child() static in commands-posix.c.
> >
> > v4:
> > 6,7: Return bool instead int in guest_get_hw_addr().
> >
> > v3:
> > 1: Add a comment about echo suppressing.
> > 5: Replace code moving by splitting the code into a few blocks under
> > architecture conditions.
> > 5,6: Move actions with dumb qmp_guest_set_user_password() to
> >   the appropriate patch.
> > 6: Fix error/obtained return.
> >
> > v2:
> > 1: Reject the idea to move all the Linux-specific code to a separate
> file.
> > First commit now adds initial support of FreeBSD. Fixed device paths
> > and fixed virtio device initialization (disable echo). Add comment
> why
> > we should disable the code under HAVE_GETIFADDRS in FreeBSD.
> > 2: Replace the second commit (which now is the first) by moving
> > Linux-specific freeze/thaw code to a separate file commands-linux.c.
> > 3: Add error raising if stat() returns error. Replaced strcmp() calls by
> > g_str_equal(). Add a comment explaining why UFSRESUME isn't
> necessary.
> > 4: Replace #elifdef by #elif defined().
> > 5: Now the code doesn't move from one file to aanother but still is
> > moving inside file so the patch doesn't become easier to review. =(
> > Fixed typos.
> > 6,7: New patches. Add guest-network-get-interfaces command support.
> >
> > Alexander Ivanov (7):
> >qga: Add initial FreeBSD support
> >qga: Move Linux-specific FS freeze/thaw code to a separate file
> >qga: Add UFS freeze/thaw support for FreeBSD
> >qga: Add shutdown/halt/reboot support for FreeBSD
> >qga: Add support for user password setting in FreeBSD
> >qga: Move HW address getting to a separate function
> >qga: Add HW address getting for FreeBSD
> >
> >   meson.build   |   2 +-
> >   qga/channel-posix.c   |  19 ++
> >   qga/commands-bsd.c| 200 +
> >   qga/commands-common.h |  51 
> >   qga/commands-linux.c  | 286 +++
> >   qga/commands-posix.c  | 639 ++
> >   qga/main.c|  13 +-
> >   qga/meson.build   |   6 +
> >   8 files changed, 778 insertions(+), 438 deletions(-)
> >   create mode 100644 qga/commands-bsd.c
> >   create mode 100644 qga/commands-linux.c
> >
>
>

Re: [PATCH] qga: add channel path to error messages

[Konstantin Kostiuk]

PR was sent
https://patchew.org/QEMU/20221026175518.2636846-1-kkost...@redhat.com/

On Wed, Oct 26, 2022 at 8:31 PM Konstantin Kostiuk 
wrote:

> Reviewed-by: Konstantin Kostiuk 
>
> On Fri, Oct 21, 2022 at 1:04 AM Bjørn Forsman 
> wrote:
>
>> It's useful to know which device was used if/when it fails.
>>
>> channel-win32.c had this since 2015, with
>> c69403fcd4a0cb89f838a212ab71e4a1a3464c95 ("qemu-ga: debug printouts to
>> help troubleshoot installation"), this brings channel-posix.c up to
>> speed.
>>
>> Signed-off-by: Bjørn Forsman 
>> ---
>>  qga/channel-posix.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/qga/channel-posix.c b/qga/channel-posix.c
>> index 6796a02cff..e6dce985ae 100644
>> --- a/qga/channel-posix.c
>> +++ b/qga/channel-posix.c
>> @@ -138,7 +138,7 @@ static gboolean ga_channel_open(GAChannel *c, const
>> gchar *path,
>>  0
>>  );
>>  if (fd == -1) {
>> -error_setg_errno(errp, errno, "error opening channel");
>> +error_setg_errno(errp, errno, "error opening channel '%s'",
>> path);
>>  return false;
>>  }
>>  #ifdef CONFIG_SOLARIS
>> @@ -163,7 +163,7 @@ static gboolean ga_channel_open(GAChannel *c, const
>> gchar *path,
>>  assert(fd < 0);
>>  fd = qga_open_cloexec(path, O_RDWR | O_NOCTTY | O_NONBLOCK, 0);
>>  if (fd == -1) {
>> -error_setg_errno(errp, errno, "error opening channel");
>> +error_setg_errno(errp, errno, "error opening channel '%s'",
>> path);
>>  return false;
>>  }
>>  tcgetattr(fd, &tio);
>> --
>> 2.36.2
>>
>>

[PULL 3/8] qga: Add UFS freeze/thaw support for FreeBSD

[Konstantin Kostiuk]

From: Alexander Ivanov 

UFS supports FS freezing through ioctl UFSSUSPEND on /dev/ufssuspend.
Frozen FS can be thawed by closing /dev/ufssuspend file descriptior.

Use getmntinfo to get a list of mounted FS.

Reviewed-by: Konstantin Kostiuk 
Reviewed-by: Marc-André Lureau 
Signed-off-by: Alexander Ivanov 
Signed-off-by: Konstantin Kostiuk 
---
 qga/commands-bsd.c| 169 +++
 qga/commands-common.h |  11 ++
 qga/commands-posix.c  | 308 --
 qga/main.c|   7 +-
 qga/meson.build   |   3 +
 5 files changed, 334 insertions(+), 164 deletions(-)
 create mode 100644 qga/commands-bsd.c

diff --git a/qga/commands-bsd.c b/qga/commands-bsd.c
new file mode 100644
index 00..ca06692179
--- /dev/null
+++ b/qga/commands-bsd.c
@@ -0,0 +1,169 @@
+/*
+ * QEMU Guest Agent BSD-specific command implementations
+ *
+ * Copyright (c) Virtuozzo International GmbH.
+ *
+ * Authors:
+ *  Alexander Ivanov  
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qga-qapi-commands.h"
+#include "qapi/qmp/qerror.h"
+#include "qapi/error.h"
+#include "qemu/queue.h"
+#include "commands-common.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#if defined(CONFIG_FSFREEZE) || defined(CONFIG_FSTRIM)
+bool build_fs_mount_list(FsMountList *mounts, Error **errp)
+{
+FsMount *mount;
+struct statfs *mntbuf, *mntp;
+struct stat statbuf;
+int i, count, ret;
+
+count = getmntinfo(&mntbuf, MNT_NOWAIT);
+if (count == 0) {
+error_setg_errno(errp, errno, "getmntinfo failed");
+return false;
+}
+
+for (i = 0; i < count; i++) {
+mntp = &mntbuf[i];
+ret = stat(mntp->f_mntonname, &statbuf);
+if (ret != 0) {
+error_setg_errno(errp, errno, "stat failed on %s",
+ mntp->f_mntonname);
+return false;
+}
+
+mount = g_new0(FsMount, 1);
+
+mount->dirname = g_strdup(mntp->f_mntonname);
+mount->devtype = g_strdup(mntp->f_fstypename);
+mount->devmajor = major(mount->dev);
+mount->devminor = minor(mount->dev);
+mount->fsid = mntp->f_fsid;
+mount->dev = statbuf.st_dev;
+
+QTAILQ_INSERT_TAIL(mounts, mount, next);
+}
+return true;
+}
+#endif /* CONFIG_FSFREEZE || CONFIG_FSTRIM */
+
+#if defined(CONFIG_FSFREEZE)
+static int ufssuspend_fd = -1;
+static int ufssuspend_cnt;
+
+int64_t qmp_guest_fsfreeze_do_freeze_list(bool has_mountpoints,
+  strList *mountpoints,
+  FsMountList mounts,
+  Error **errp)
+{
+int ret;
+strList *list;
+struct FsMount *mount;
+
+if (ufssuspend_fd != -1) {
+error_setg(errp, "filesystems have already frozen");
+return -1;
+}
+
+ufssuspend_cnt = 0;
+ufssuspend_fd = qemu_open(_PATH_UFSSUSPEND, O_RDWR, errp);
+if (ufssuspend_fd == -1) {
+return -1;
+}
+
+QTAILQ_FOREACH_REVERSE(mount, &mounts, next) {
+/*
+ * To issue fsfreeze in the reverse order of mounts, check if the
+ * mount is listed in the list here
+ */
+if (has_mountpoints) {
+for (list = mountpoints; list; list = list->next) {
+if (g_str_equal(list->value, mount->dirname)) {
+break;
+}
+}
+if (!list) {
+continue;
+}
+}
+
+/* Only UFS supports suspend */
+if (!g_str_equal(mount->devtype, "ufs")) {
+continue;
+}
+
+ret = ioctl(ufssuspend_fd, UFSSUSPEND, &mount->fsid);
+if (ret == -1) {
+/*
+ * ioctl returns EBUSY for all the FS except the first one
+ * that was suspended
+ */
+if (errno == EBUSY) {
+continue;
+}
+error_setg_errno(errp, errno, "failed to freeze %s",
+ mount->dirname);
+goto error;
+}
+ufssuspend_cnt++;
+}
+return ufssuspend_cnt;
+error:
+close(ufssuspend_fd);
+ufssuspend_fd = -1;
+return -1;
+
+}
+
+/*
+ * We don't need to call UFSRESUME ioctl because all the frozen FS
+ * are thawed on /dev/ufssuspend closing.
+ */
+int qmp_guest_fsfreeze_do_thaw(Error **errp)
+{
+int ret = ufssuspend_cnt;
+ufssuspend_cnt = 0;
+if (ufssuspend_fd != -1) {
+close(ufssuspend_fd);
+ufssuspend_fd = -1;
+}
+return ret;
+}
+
+GuestFilesystemInfoList *qmp_guest_get_fsinfo(Error **errp)
+{
+error_setg(errp, QERR_UNSUPPORTED);
+return NULL;
+}
+
+GuestDiskInfoList *qmp_guest_get_disks(Error **errp)
+{
+error_setg(errp, QERR_UNSUPPORTED);
+return NULL;
+}
+
+GuestDiskStatsInfoLi

[PULL 4/8] qga: Add shutdown/halt/reboot support for FreeBSD

[Konstantin Kostiuk]

From: Alexander Ivanov 

Add appropriate shutdown command arguments to qmp_guest_shutdown()
for FreeBSD.

Reviewed-by: Konstantin Kostiuk 
Reviewed-by: Marc-André Lureau 
Signed-off-by: Alexander Ivanov 
Signed-off-by: Konstantin Kostiuk 
---
 qga/commands-posix.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 6875ea..b0b467ebdb 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -90,6 +90,10 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, 
Error **errp)
 const char *powerdown_flag = "-i5";
 const char *halt_flag = "-i0";
 const char *reboot_flag = "-i6";
+#elif defined(CONFIG_BSD)
+const char *powerdown_flag = "-p";
+const char *halt_flag = "-h";
+const char *reboot_flag = "-r";
 #else
 const char *powerdown_flag = "-P";
 const char *halt_flag = "-H";
@@ -120,6 +124,9 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, 
Error **errp)
 #ifdef CONFIG_SOLARIS
 execl("/sbin/shutdown", "shutdown", shutdown_flag, "-g0", "-y",
   "hypervisor initiated shutdown", (char *)NULL);
+#elif defined(CONFIG_BSD)
+execl("/sbin/shutdown", "shutdown", shutdown_flag, "+0",
+   "hypervisor initiated shutdown", (char *)NULL);
 #else
 execl("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0",
"hypervisor initiated shutdown", (char *)NULL);
-- 
2.25.1

[PULL 0/8] QEMU Guest Agent patches

[Konstantin Kostiuk]

The following changes since commit 79fc2fb685f35a5e71e23629760ef4025d6aba31:

  Merge tag 'trivial-branch-for-7.2-pull-request' of 
https://gitlab.com/laurent_vivier/qemu into staging (2022-10-25 11:37:17 -0400)

are available in the Git repository at:

  g...@github.com:kostyanf14/qemu.git tags/qga-pull-2022-10-26

for you to fetch changes up to 38458b783680d12a005b493c0959a995f800:

  qga: add channel path to error messages (2022-10-26 20:35:20 +0300)


qga-pull-2022-10-26


Alexander Ivanov (7):
  qga: Add initial FreeBSD support
  qga: Move Linux-specific FS freeze/thaw code to a separate file
  qga: Add UFS freeze/thaw support for FreeBSD
  qga: Add shutdown/halt/reboot support for FreeBSD
  qga: Add support for user password setting in FreeBSD
  qga: Move HW address getting to a separate function
  qga: Add HW address getting for FreeBSD

Bjørn Forsman (1):
  qga: add channel path to error messages

 meson.build   |   2 +-
 qga/channel-posix.c   |  23 +-
 qga/commands-bsd.c| 200 
 qga/commands-common.h |  51 
 qga/commands-linux.c  | 286 ++
 qga/commands-posix.c  | 639 +-
 qga/main.c|  13 +-
 qga/meson.build   |   6 +
 8 files changed, 780 insertions(+), 440 deletions(-)
 create mode 100644 qga/commands-bsd.c
 create mode 100644 qga/commands-linux.c

--
2.25.1

[PULL v2 02/28] qapi: Tidy up whitespace in generated code

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20221018062849.3420573-3-arm...@redhat.com>
---
 docs/devel/qapi-code-gen.rst | 1 -
 scripts/qapi/commands.py | 7 +++
 scripts/qapi/events.py   | 1 -
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/docs/devel/qapi-code-gen.rst b/docs/devel/qapi-code-gen.rst
index 997313fce7..b56ea4546d 100644
--- a/docs/devel/qapi-code-gen.rst
+++ b/docs/devel/qapi-code-gen.rst
@@ -1664,7 +1664,6 @@ Example::
 $ cat qapi-generated/example-qapi-commands.c
 [Uninteresting stuff omitted...]
 
-
 static void qmp_marshal_output_UserDefOne(UserDefOne *ret_in,
 QObject **ret_out, Error **errp)
 {
diff --git a/scripts/qapi/commands.py b/scripts/qapi/commands.py
index 38ca38a7b9..cf68aaf0bf 100644
--- a/scripts/qapi/commands.py
+++ b/scripts/qapi/commands.py
@@ -83,7 +83,7 @@ def gen_call(name: str,
 
 trace_qmp_enter_%(name)s(req_json->str);
 }
-''',
+''',
  upper=upper, name=name)
 
 ret += mcgen('''
@@ -124,13 +124,13 @@ def gen_call(name: str,
 
 trace_qmp_exit_%(name)s(ret_json->str, true);
 }
-''',
+''',
  upper=upper, name=name)
 else:
 ret += mcgen('''
 
 trace_qmp_exit_%(name)s("{}", true);
-''',
+''',
  name=name)
 
 return ret
@@ -316,7 +316,6 @@ def _begin_user_module(self, name: str) -> None:
 #include "qapi/error.h"
 #include "%(visit)s.h"
 #include "%(commands)s.h"
-
 ''',
  commands=commands, visit=visit))
 
diff --git a/scripts/qapi/events.py b/scripts/qapi/events.py
index 27b44c49f5..e762d53d19 100644
--- a/scripts/qapi/events.py
+++ b/scripts/qapi/events.py
@@ -196,7 +196,6 @@ def _begin_user_module(self, name: str) -> None:
 #include "qapi/error.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp-event.h"
-
 ''',
  events=events, visit=visit,
  prefix=self._prefix))
-- 
2.37.3

[PULL v2 19/28] qapi replay: Elide redundant has_FOO in generated C

[Markus Armbruster]

The has_FOO for pointer-valued FOO are redundant, except for arrays.
They are also a nuisance to work with.  Recent commit "qapi: Start to
elide redundant has_FOO in generated C" provided the means to elide
them step by step.  This is the step for qapi/replay.json.

Said commit explains the transformation in more detail.  The invariant
violations mentioned there do not occur here.

Cc: Pavel Dovgalyuk 
Cc: Paolo Bonzini 
Signed-off-by: Markus Armbruster 
Message-Id: <20221018062849.3420573-20-arm...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé 
---
 replay/replay-debugging.c | 1 -
 scripts/qapi/schema.py| 1 -
 2 files changed, 2 deletions(-)

diff --git a/replay/replay-debugging.c b/replay/replay-debugging.c
index 1cde50e9f3..3e60549a4a 100644
--- a/replay/replay-debugging.c
+++ b/replay/replay-debugging.c
@@ -50,7 +50,6 @@ ReplayInfo *qmp_query_replay(Error **errp)
 retval->mode = replay_mode;
 if (replay_get_filename()) {
 retval->filename = g_strdup(replay_get_filename());
-retval->has_filename = true;
 }
 retval->icount = replay_get_current_icount();
 return retval;
diff --git a/scripts/qapi/schema.py b/scripts/qapi/schema.py
index c74c26bda3..2b6644f1c3 100644
--- a/scripts/qapi/schema.py
+++ b/scripts/qapi/schema.py
@@ -759,7 +759,6 @@ def need_has(self):
 assert self.type
 # Temporary hack to support dropping the has_FOO in reviewable chunks
 opt_out = [
-'qapi/replay.json',
 'qapi/rocker.json',
 'qapi/run-state.json',
 'qapi/stats.json',
-- 
2.37.3

[PULL v2 04/28] qapi: Start to elide redundant has_FOO in generated C

[Markus Armbruster]

In QAPI, absent optional members are distinct from any present value.
We thus represent an optional schema member FOO as two C members: a
FOO with the member's type, and a bool has_FOO.  Likewise for function
arguments.

However, has_FOO is actually redundant for a pointer-valued FOO, which
can be null only when has_FOO is false, i.e. has_FOO == !!FOO.  Except
for arrays, where we a null FOO can also be a present empty array.

The redundant has_FOO are a nuisance to work with.  Improve the
generator to elide them.  Uses of has_FOO need to be replaced as
follows.

Tests of has_FOO become the equivalent comparison of FOO with null.
For brevity, this is commonly done by implicit conversion to bool.

Assignments to has_FOO get dropped.

Likewise for arguments to has_FOO parameters.

Beware: code may violate the invariant has_FOO == !!FOO before the
transformation, and get away with it.  The above transformation can
then break things.  Two cases:

* Absent: if code ignores FOO entirely when !has_FOO (except for
  freeing it if necessary), even non-null / uninitialized FOO works.
  Such code is known to exist.

* Present: if code ignores FOO entirely when has_FOO, even null FOO
  works.  Such code should not exist.

In both cases, replacing tests of has_FOO by FOO reverts their sense.
We have to fix the value of FOO then.

To facilitate review of the necessary updates to handwritten code, add
means to opt out of this change, and opt out for all QAPI schema
modules where the change requires updates to handwritten code.  The
next few commits will remove these opt-outs in reviewable chunks, then
drop the means to opt out.

Signed-off-by: Markus Armbruster 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20221018062849.3420573-5-arm...@redhat.com>
---
 docs/devel/qapi-code-gen.rst|  5 +--
 docs/devel/writing-monitor-commands.rst | 14 
 scripts/qapi/commands.py|  2 +-
 scripts/qapi/events.py  |  2 +-
 scripts/qapi/gen.py |  2 +-
 scripts/qapi/schema.py  | 48 +
 scripts/qapi/types.py   |  2 +-
 scripts/qapi/visit.py   | 17 +++--
 8 files changed, 77 insertions(+), 15 deletions(-)

diff --git a/docs/devel/qapi-code-gen.rst b/docs/devel/qapi-code-gen.rst
index 3a817ba498..5edc49aa74 100644
--- a/docs/devel/qapi-code-gen.rst
+++ b/docs/devel/qapi-code-gen.rst
@@ -1410,7 +1410,6 @@ Example::
 
 struct UserDefOne {
 int64_t integer;
-bool has_string;
 char *string;
 bool has_flag;
 bool flag;
@@ -1525,10 +1524,12 @@ Example::
 
 bool visit_type_UserDefOne_members(Visitor *v, UserDefOne *obj, Error 
**errp)
 {
+bool has_string = !!obj->string;
+
 if (!visit_type_int(v, "integer", &obj->integer, errp)) {
 return false;
 }
-if (visit_optional(v, "string", &obj->has_string)) {
+if (visit_optional(v, "string", &has_string)) {
 if (!visit_type_str(v, "string", &obj->string, errp)) {
 return false;
 }
diff --git a/docs/devel/writing-monitor-commands.rst 
b/docs/devel/writing-monitor-commands.rst
index 2fefedcd98..2c11e71665 100644
--- a/docs/devel/writing-monitor-commands.rst
+++ b/docs/devel/writing-monitor-commands.rst
@@ -166,9 +166,9 @@ and user defined types.
 
 Now, let's update our C implementation in monitor/qmp-cmds.c::
 
- void qmp_hello_world(bool has_message, const char *message, Error **errp)
+ void qmp_hello_world(const char *message, Error **errp)
  {
- if (has_message) {
+ if (message) {
  printf("%s\n", message);
  } else {
  printf("Hello, world\n");
@@ -210,9 +210,9 @@ file. Basically, most errors are set by calling the 
error_setg() function.
 Let's say we don't accept the string "message" to contain the word "love". If
 it does contain it, we want the "hello-world" command to return an error::
 
- void qmp_hello_world(bool has_message, const char *message, Error **errp)
+ void qmp_hello_world(const char *message, Error **errp)
  {
- if (has_message) {
+ if (message) {
  if (strstr(message, "love")) {
  error_setg(errp, "the word 'love' is not allowed");
  return;
@@ -467,9 +467,9 @@ There are a number of things to be noticed:
allocated by the regular g_malloc0() function. Note that we chose to
initialize the memory to zero. This is recommended for all QAPI types, as
it helps avoiding bad surprises (specially with booleans)
-4. Remember that "next_deadline" is optional? All optional members have a
-   'has_TYPE_NAME' member that should be properly set by the implementation,
-   as shown above
+4. Remember that "next_deadline" is optional? Non-pointer optional
+   members have a 'has_TYPE_NAME' member that should be properly set
+   by the implementation, as shown above
 5. Even static strings, such as "alarm_timer->name", should be dynamically
   

[PULL v2 03/28] docs/devel/qapi-code-gen: Extend example for next commit's change

[Markus Armbruster]

The next commit will change the code generated for some optional
members.  The example schema contains an optional member affected by
the change.  Add one that is not affected.

Signed-off-by: Markus Armbruster 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20221018062849.3420573-4-arm...@redhat.com>
---
 docs/devel/qapi-code-gen.rst | 21 -
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/docs/devel/qapi-code-gen.rst b/docs/devel/qapi-code-gen.rst
index b56ea4546d..3a817ba498 100644
--- a/docs/devel/qapi-code-gen.rst
+++ b/docs/devel/qapi-code-gen.rst
@@ -1357,7 +1357,7 @@ qmp_my_command(); everything else is produced by the 
generator. ::
 
 $ cat example-schema.json
 { 'struct': 'UserDefOne',
-  'data': { 'integer': 'int', '*string': 'str' } }
+  'data': { 'integer': 'int', '*string': 'str', '*flag': 'bool' } }
 
 { 'command': 'my-command',
   'data': { 'arg1': ['UserDefOne'] },
@@ -1412,6 +1412,8 @@ Example::
 int64_t integer;
 bool has_string;
 char *string;
+bool has_flag;
+bool flag;
 };
 
 void qapi_free_UserDefOne(UserDefOne *obj);
@@ -1531,6 +1533,11 @@ Example::
 return false;
 }
 }
+if (visit_optional(v, "flag", &obj->has_flag)) {
+if (!visit_type_bool(v, "flag", &obj->flag, errp)) {
+return false;
+}
+}
 return true;
 }
 
@@ -1916,6 +1923,12 @@ Example::
 { "type", QLIT_QSTR("str"), },
 {}
 })),
+QLIT_QDICT(((QLitDictEntry[]) {
+{ "default", QLIT_QNULL, },
+{ "name", QLIT_QSTR("flag"), },
+{ "type", QLIT_QSTR("bool"), },
+{}
+})),
 {}
 })), },
 { "meta-type", QLIT_QSTR("object"), },
@@ -1949,6 +1962,12 @@ Example::
 { "name", QLIT_QSTR("str"), },
 {}
 })),
+QLIT_QDICT(((QLitDictEntry[]) {
+{ "json-type", QLIT_QSTR("boolean"), },
+{ "meta-type", QLIT_QSTR("builtin"), },
+{ "name", QLIT_QSTR("bool"), },
+{}
+})),
 {}
 }));
 
-- 
2.37.3

[PULL v2 16/28] qapi net: Elide redundant has_FOO in generated C

[Markus Armbruster]

The has_FOO for pointer-valued FOO are redundant, except for arrays.
They are also a nuisance to work with.  Recent commit "qapi: Start to
elide redundant has_FOO in generated C" provided the means to elide
them step by step.  This is the step for qapi/net.json.

Said commit explains the transformation in more detail.  The invariant
violations mentioned there do not occur here.

Cc: Jason Wang 
Signed-off-by: Markus Armbruster 
Message-Id: <20221018062849.3420573-17-arm...@redhat.com>
---
 hw/net/virtio-net.c|  3 +--
 monitor/hmp-cmds.c |  1 -
 net/announce.c |  8 +++
 net/hub.c  |  2 +-
 net/l2tpv3.c   |  2 +-
 net/net.c  | 25 ++---
 net/slirp.c|  4 ++--
 net/socket.c   | 18 +++
 net/tap-win32.c|  2 +-
 net/tap.c  | 51 +-
 scripts/qapi/schema.py |  1 -
 11 files changed, 56 insertions(+), 61 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index e9f696b4cf..02f4f18e5a 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -447,8 +447,7 @@ static void rxfilter_notify(NetClientState *nc)
 
 if (nc->rxfilter_notify_enabled) {
 char *path = object_get_canonical_path(OBJECT(n->qdev));
-qapi_event_send_nic_rx_filter_changed(!!n->netclient_name,
-  n->netclient_name, path);
+qapi_event_send_nic_rx_filter_changed(n->netclient_name, path);
 g_free(path);
 
 /* disable event notification to avoid events flooding */
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index 63baf3f8c6..fc9a0617fe 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -1125,7 +1125,6 @@ void hmp_announce_self(Monitor *mon, const QDict *qdict)
 params->interfaces = strList_from_comma_list(interfaces_str);
 params->has_interfaces = params->interfaces != NULL;
 params->id = g_strdup(id);
-params->has_id = !!params->id;
 qmp_announce_self(params, NULL);
 qapi_free_AnnounceParameters(params);
 }
diff --git a/net/announce.c b/net/announce.c
index 62c60192a3..9e99044422 100644
--- a/net/announce.c
+++ b/net/announce.c
@@ -46,7 +46,7 @@ void qemu_announce_timer_del(AnnounceTimer *timer, bool 
free_named)
 }
 qapi_free_strList(timer->params.interfaces);
 timer->params.interfaces = NULL;
-if (free_named && timer->params.has_id) {
+if (free_named && timer->params.id) {
 AnnounceTimer *list_timer;
 /*
  * Sanity check: There should only be one timer on the list with
@@ -157,7 +157,7 @@ static void qemu_announce_self_iter(NICState *nic, void 
*opaque)
 skip = false;
 }
 
-trace_qemu_announce_self_iter(timer->params.has_id ? timer->params.id : 
"_",
+trace_qemu_announce_self_iter(timer->params.id ?: "_",
   nic->ncs->name,
   qemu_ether_ntoa(&nic->conf->macaddr), skip);
 
@@ -199,9 +199,9 @@ void qemu_announce_self(AnnounceTimer *timer, 
AnnounceParameters *params)
 void qmp_announce_self(AnnounceParameters *params, Error **errp)
 {
 AnnounceTimer *named_timer;
-if (!params->has_id) {
+
+if (!params->id) {
 params->id = g_strdup("");
-params->has_id = true;
 }
 
 named_timer = g_datalist_get_data(&named_timers, params->id);
diff --git a/net/hub.c b/net/hub.c
index 1375738bf1..e142573b6d 100644
--- a/net/hub.c
+++ b/net/hub.c
@@ -274,7 +274,7 @@ int net_init_hubport(const Netdev *netdev, const char *name,
 assert(!peer);
 hubport = &netdev->u.hubport;
 
-if (hubport->has_netdev) {
+if (hubport->netdev) {
 hubpeer = qemu_find_netdev(hubport->netdev);
 if (!hubpeer) {
 error_setg(errp, "netdev '%s' not found", hubport->netdev);
diff --git a/net/l2tpv3.c b/net/l2tpv3.c
index af373e5c30..32a4da80e3 100644
--- a/net/l2tpv3.c
+++ b/net/l2tpv3.c
@@ -578,7 +578,7 @@ int net_init_l2tpv3(const Netdev *netdev,
 
 if (l2tpv3->has_udp && l2tpv3->udp) {
 s->udp = true;
-if (!(l2tpv3->has_srcport && l2tpv3->has_dstport)) {
+if (!(l2tpv3->srcport && l2tpv3->dstport)) {
 error_setg(errp, "need both src and dst port for udp");
 goto outerr;
 } else {
diff --git a/net/net.c b/net/net.c
index 2db160e063..8b58c3979f 100644
--- a/net/net.c
+++ b/net/net.c
@@ -943,7 +943,7 @@ static int net_init_nic(const Netdev *netdev, const char 
*name,
 
 memset(nd, 0, sizeof(*nd));
 
-if (nic->has_netdev) {
+if (nic->netdev) {
 nd->netdev = qemu_find_netdev(nic->netdev);
 if (!nd->netdev) {
 error_setg(errp, "netdev '%s' not found", nic->netdev);
@@ -954,19 +954,19 @@ static int net_init_nic(const Netdev *netdev, const char 
*name,
 nd->netdev = peer;
 }
 nd->name = g_strdup(name);
-if (nic->has_model) {
+if (nic->model) {
 nd->model = g_strdup(nic->m

[PULL v2 20/28] qapi rocker: Elide redundant has_FOO in generated C

[Markus Armbruster]

The has_FOO for pointer-valued FOO are redundant, except for arrays.
They are also a nuisance to work with.  Recent commit "qapi: Start to
elide redundant has_FOO in generated C" provided the means to elide
them step by step.  This is the step for qapi/rocker.json.

Said commit explains the transformation in more detail.  The invariant
violations mentioned there do not occur here.

Cc: Jiri Pirko 
Signed-off-by: Markus Armbruster 
Message-Id: <20221018062849.3420573-21-arm...@redhat.com>
---
 hw/net/rocker/rocker_of_dpa.c | 13 ++---
 monitor/hmp-cmds.c| 22 +++---
 scripts/qapi/schema.py|  1 -
 3 files changed, 13 insertions(+), 23 deletions(-)

diff --git a/hw/net/rocker/rocker_of_dpa.c b/hw/net/rocker/rocker_of_dpa.c
index b3b8c5bb6d..dfe4754469 100644
--- a/hw/net/rocker/rocker_of_dpa.c
+++ b/hw/net/rocker/rocker_of_dpa.c
@@ -2348,23 +2348,19 @@ static void of_dpa_flow_fill(void *cookie, void *value, 
void *user_data)
 
 if (memcmp(key->eth.src.a, zero_mac.a, ETH_ALEN) ||
 memcmp(mask->eth.src.a, zero_mac.a, ETH_ALEN)) {
-nkey->has_eth_src = true;
 nkey->eth_src = qemu_mac_strdup_printf(key->eth.src.a);
 }
 
-if (nkey->has_eth_src && memcmp(mask->eth.src.a, ff_mac.a, ETH_ALEN)) {
-nmask->has_eth_src = true;
+if (nkey->eth_src && memcmp(mask->eth.src.a, ff_mac.a, ETH_ALEN)) {
 nmask->eth_src = qemu_mac_strdup_printf(mask->eth.src.a);
 }
 
 if (memcmp(key->eth.dst.a, zero_mac.a, ETH_ALEN) ||
 memcmp(mask->eth.dst.a, zero_mac.a, ETH_ALEN)) {
-nkey->has_eth_dst = true;
 nkey->eth_dst = qemu_mac_strdup_printf(key->eth.dst.a);
 }
 
-if (nkey->has_eth_dst && memcmp(mask->eth.dst.a, ff_mac.a, ETH_ALEN)) {
-nmask->has_eth_dst = true;
+if (nkey->eth_dst && memcmp(mask->eth.dst.a, ff_mac.a, ETH_ALEN)) {
 nmask->eth_dst = qemu_mac_strdup_printf(mask->eth.dst.a);
 }
 
@@ -2400,7 +2396,6 @@ static void of_dpa_flow_fill(void *cookie, void *value, 
void *user_data)
 if (key->ipv4.addr.dst || mask->ipv4.addr.dst) {
 char *dst = inet_ntoa(*(struct in_addr *)&key->ipv4.addr.dst);
 int dst_len = of_dpa_mask2prefix(mask->ipv4.addr.dst);
-nkey->has_ip_dst = true;
 nkey->ip_dst = g_strdup_printf("%s/%d", dst, dst_len);
 }
 break;
@@ -2501,12 +2496,10 @@ static void of_dpa_group_fill(void *key, void *value, 
void *user_data)
 ngroup->set_vlan_id = ntohs(group->l2_rewrite.vlan_id);
 }
 if (memcmp(group->l2_rewrite.src_mac.a, zero_mac.a, ETH_ALEN)) {
-ngroup->has_set_eth_src = true;
 ngroup->set_eth_src =
 qemu_mac_strdup_printf(group->l2_rewrite.src_mac.a);
 }
 if (memcmp(group->l2_rewrite.dst_mac.a, zero_mac.a, ETH_ALEN)) {
-ngroup->has_set_eth_dst = true;
 ngroup->set_eth_dst =
 qemu_mac_strdup_printf(group->l2_rewrite.dst_mac.a);
 }
@@ -2532,12 +2525,10 @@ static void of_dpa_group_fill(void *key, void *value, 
void *user_data)
 ngroup->set_vlan_id = ntohs(group->l3_unicast.vlan_id);
 }
 if (memcmp(group->l3_unicast.src_mac.a, zero_mac.a, ETH_ALEN)) {
-ngroup->has_set_eth_src = true;
 ngroup->set_eth_src =
 qemu_mac_strdup_printf(group->l3_unicast.src_mac.a);
 }
 if (memcmp(group->l3_unicast.dst_mac.a, zero_mac.a, ETH_ALEN)) {
-ngroup->has_set_eth_dst = true;
 ngroup->set_eth_dst =
 qemu_mac_strdup_printf(group->l3_unicast.dst_mac.a);
 }
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index b180c6fc6b..8f8bd93df1 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -2031,35 +2031,35 @@ void hmp_rocker_of_dpa_flows(Monitor *mon, const QDict 
*qdict)
 }
 }
 
-if (key->has_eth_src) {
+if (key->eth_src) {
 if ((strcmp(key->eth_src, "01:00:00:00:00:00") == 0) &&
-(mask->has_eth_src) &&
+mask->eth_src &&
 (strcmp(mask->eth_src, "01:00:00:00:00:00") == 0)) {
 monitor_printf(mon, " src ");
 } else if ((strcmp(key->eth_src, "00:00:00:00:00:00") == 0) &&
-(mask->has_eth_src) &&
+mask->eth_src &&
 (strcmp(mask->eth_src, "01:00:00:00:00:00") == 0)) {
 monitor_printf(mon, " src ");
 } else {
 monitor_printf(mon, " src %s", key->eth_src);
-if (mask->has_eth_src) {
+if (mask->eth_src) {
 monitor_printf(mon, "(%s)", mask->eth_src);
 }
 }
 }
 
-if (key->has_eth_dst) {
+if (key->eth_dst) {
 if ((strcmp(key->eth_dst, "01:00:00:00:00:00") == 0) &&
-(mask->has_eth_dst) &&
+   

[PULL v2 17/28] qapi pci: Elide redundant has_FOO in generated C

[Markus Armbruster]

The has_FOO for pointer-valued FOO are redundant, except for arrays.
They are also a nuisance to work with.  Recent commit "qapi: Start to
elide redundant has_FOO in generated C" provided the means to elide
them step by step.  This is the step for qapi/pci.json.

Said commit explains the transformation in more detail.  The invariant
violations mentioned there do not occur here.

Cc: Michael S. Tsirkin 
Cc: Marcel Apfelbaum 
Signed-off-by: Markus Armbruster 
Message-Id: <20221018062849.3420573-18-arm...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/pci/pci.c   | 2 --
 monitor/hmp-cmds.c | 6 +++---
 scripts/qapi/schema.py | 1 -
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 2f450f6a72..e6292d8060 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -1879,7 +1879,6 @@ static PciDeviceInfo *qmp_query_pci_device(PCIDevice 
*dev, PCIBus *bus,
 info->class_info->q_class = class;
 desc = get_class_desc(class);
 if (desc->desc) {
-info->class_info->has_desc = true;
 info->class_info->desc = g_strdup(desc->desc);
 }
 
@@ -1897,7 +1896,6 @@ static PciDeviceInfo *qmp_query_pci_device(PCIDevice 
*dev, PCIBus *bus,
 
 type = dev->config[PCI_HEADER_TYPE] & ~PCI_HEADER_TYPE_MULTI_FUNCTION;
 if (type == PCI_HEADER_TYPE_BRIDGE) {
-info->has_pci_bridge = true;
 info->pci_bridge = qmp_query_pci_bridge(dev, bus, bus_num);
 } else if (type == PCI_HEADER_TYPE_NORMAL) {
 info->id->has_subsystem = info->id->has_subsystem_vendor = true;
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index fc9a0617fe..b180c6fc6b 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -730,7 +730,7 @@ static void hmp_info_pci_device(Monitor *mon, const 
PciDeviceInfo *dev)
dev->slot, dev->function);
 monitor_printf(mon, "");
 
-if (dev->class_info->has_desc) {
+if (dev->class_info->desc) {
 monitor_puts(mon, dev->class_info->desc);
 } else {
 monitor_printf(mon, "Class %04" PRId64, dev->class_info->q_class);
@@ -748,7 +748,7 @@ static void hmp_info_pci_device(Monitor *mon, const 
PciDeviceInfo *dev)
dev->irq, (char)('A' + dev->irq_pin - 1));
 }
 
-if (dev->has_pci_bridge) {
+if (dev->pci_bridge) {
 monitor_printf(mon, "  BUS %" PRId64 ".\n",
dev->pci_bridge->bus->number);
 monitor_printf(mon, "  secondary bus %" PRId64 ".\n",
@@ -794,7 +794,7 @@ static void hmp_info_pci_device(Monitor *mon, const 
PciDeviceInfo *dev)
 
 monitor_printf(mon, "  id \"%s\"\n", dev->qdev_id);
 
-if (dev->has_pci_bridge) {
+if (dev->pci_bridge) {
 if (dev->pci_bridge->has_devices) {
 PciDeviceInfoList *cdev;
 for (cdev = dev->pci_bridge->devices; cdev; cdev = cdev->next) {
diff --git a/scripts/qapi/schema.py b/scripts/qapi/schema.py
index 930dffd780..388b90812b 100644
--- a/scripts/qapi/schema.py
+++ b/scripts/qapi/schema.py
@@ -759,7 +759,6 @@ def need_has(self):
 assert self.type
 # Temporary hack to support dropping the has_FOO in reviewable chunks
 opt_out = [
-'qapi/pci.json',
 'qapi/qdev.json',
 'qapi/qom.json',
 'qapi/replay.json',
-- 
2.37.3

[PULL v2 10/28] qapi crypto: Elide redundant has_FOO in generated C

[Markus Armbruster]

The has_FOO for pointer-valued FOO are redundant, except for arrays.
They are also a nuisance to work with.  Recent commit "qapi: Start to
elide redundant has_FOO in generated C" provided the means to elide
them step by step.  This is the step for qapi/crypto.json.

Said commit explains the transformation in more detail.  The invariant
violations mentioned there do not occur here.

Cc: Daniel P. Berrangé" 
Signed-off-by: Markus Armbruster 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20221018062849.3420573-11-arm...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé 
---
 crypto/block-luks.c| 16 
 tests/unit/test-crypto-block.c |  6 --
 scripts/qapi/schema.py |  1 -
 3 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index f62be6836b..4205bc491e 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -1629,13 +1629,13 @@ qcrypto_block_luks_amend_add_keyslot(QCryptoBlock 
*block,
 g_autofree char *new_password = NULL;
 g_autofree uint8_t *master_key = NULL;
 
-char *secret = opts_luks->has_secret ? opts_luks->secret : luks->secret;
+char *secret = opts_luks->secret ?: luks->secret;
 
-if (!opts_luks->has_new_secret) {
+if (!opts_luks->new_secret) {
 error_setg(errp, "'new-secret' is required to activate a keyslot");
 return -1;
 }
-if (opts_luks->has_old_secret) {
+if (opts_luks->old_secret) {
 error_setg(errp,
"'old-secret' must not be given when activating keyslots");
 return -1;
@@ -1709,7 +1709,7 @@ qcrypto_block_luks_amend_erase_keyslots(QCryptoBlock 
*block,
 g_autofree uint8_t *tmpkey = NULL;
 g_autofree char *old_password = NULL;
 
-if (opts_luks->has_new_secret) {
+if (opts_luks->new_secret) {
 error_setg(errp,
"'new-secret' must not be given when erasing keyslots");
 return -1;
@@ -1719,14 +1719,14 @@ qcrypto_block_luks_amend_erase_keyslots(QCryptoBlock 
*block,
"'iter-time' must not be given when erasing keyslots");
 return -1;
 }
-if (opts_luks->has_secret) {
+if (opts_luks->secret) {
 error_setg(errp,
"'secret' must not be given when erasing keyslots");
 return -1;
 }
 
 /* Load the old password if given */
-if (opts_luks->has_old_secret) {
+if (opts_luks->old_secret) {
 old_password = qcrypto_secret_lookup_as_utf8(opts_luks->old_secret,
  errp);
 if (!old_password) {
@@ -1751,7 +1751,7 @@ qcrypto_block_luks_amend_erase_keyslots(QCryptoBlock 
*block,
 return -1;
 }
 
-if (opts_luks->has_old_secret) {
+if (opts_luks->old_secret) {
 int rv = qcrypto_block_luks_load_key(block,
  keyslot,
  old_password,
@@ -1793,7 +1793,7 @@ qcrypto_block_luks_amend_erase_keyslots(QCryptoBlock 
*block,
 }
 
 /* Erase all keyslots that match the given old password */
-} else if (opts_luks->has_old_secret) {
+} else if (opts_luks->old_secret) {
 
 unsigned long slots_to_erase_bitmap = 0;
 size_t i;
diff --git a/tests/unit/test-crypto-block.c b/tests/unit/test-crypto-block.c
index 3417b67be5..6bef471afb 100644
--- a/tests/unit/test-crypto-block.c
+++ b/tests/unit/test-crypto-block.c
@@ -39,7 +39,6 @@
 static QCryptoBlockCreateOptions qcow_create_opts = {
 .format = Q_CRYPTO_BLOCK_FORMAT_QCOW,
 .u.qcow = {
-.has_key_secret = true,
 .key_secret = (char *)"sec0",
 },
 };
@@ -47,7 +46,6 @@ static QCryptoBlockCreateOptions qcow_create_opts = {
 static QCryptoBlockOpenOptions qcow_open_opts = {
 .format = Q_CRYPTO_BLOCK_FORMAT_QCOW,
 .u.qcow = {
-.has_key_secret = true,
 .key_secret = (char *)"sec0",
 },
 };
@@ -57,7 +55,6 @@ static QCryptoBlockOpenOptions qcow_open_opts = {
 static QCryptoBlockOpenOptions luks_open_opts = {
 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
 .u.luks = {
-.has_key_secret = true,
 .key_secret = (char *)"sec0",
 },
 };
@@ -67,7 +64,6 @@ static QCryptoBlockOpenOptions luks_open_opts = {
 static QCryptoBlockCreateOptions luks_create_opts_default = {
 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
 .u.luks = {
-.has_key_secret = true,
 .key_secret = (char *)"sec0",
 },
 };
@@ -77,7 +73,6 @@ static QCryptoBlockCreateOptions luks_create_opts_default = {
 static QCryptoBlockCreateOptions luks_create_opts_aes256_cbc_plain64 = {
 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
 .u.luks = {
-.has_key_secret = true,
 .key_secret = (char *)"sec0",
 .has_cipher_alg = true,
 .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
@@ -92,7 +87,6 @@ static QCryptoBlockCreateOptions 
luks_create_opts_aes256_cbc_plain64 = {
 static QCr

[PULL v2 25/28] qapi ui: Elide redundant has_FOO in generated C

[Markus Armbruster]

The has_FOO for pointer-valued FOO are redundant, except for arrays.
They are also a nuisance to work with.  Recent commit "qapi: Start to
elide redundant has_FOO in generated C" provided the means to elide
them step by step.  This is the step for qapi/ui.json.

Said commit explains the transformation in more detail.  The invariant
violations mentioned there do not occur here.

Cc: Gerd Hoffmann 
Signed-off-by: Markus Armbruster 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20221018062849.3420573-26-arm...@redhat.com>
---
 monitor/hmp-cmds.c | 12 
 ui/console.c   |  4 ++--
 ui/input.c |  4 ++--
 ui/spice-core.c|  5 -
 ui/vnc.c   | 10 --
 scripts/qapi/schema.py |  1 -
 6 files changed, 8 insertions(+), 28 deletions(-)

diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index 378f5b083d..5285d7f2fe 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -569,11 +569,9 @@ static void hmp_info_vnc_clients(Monitor *mon, 
VncClientInfoList *client)
 
 hmp_info_VncBasicInfo(mon, qapi_VncClientInfo_base(cinfo), "Client");
 monitor_printf(mon, "x509_dname: %s\n",
-   cinfo->has_x509_dname ?
-   cinfo->x509_dname : "none");
+   cinfo->x509_dname ?: "none");
 monitor_printf(mon, "sasl_username: %s\n",
-   cinfo->has_sasl_username ?
-   cinfo->sasl_username : "none");
+   cinfo->sasl_username ?: "none");
 
 client = client->next;
 }
@@ -618,7 +616,7 @@ void hmp_info_vnc(Monitor *mon, const QDict *qdict)
 hmp_info_vnc_authcrypt(mon, "  ", info->auth,
info->has_vencrypt ? &info->vencrypt : NULL);
 }
-if (info->has_display) {
+if (info->display) {
 monitor_printf(mon, "  Display: %s\n", info->display);
 }
 info2l = info2l->next;
@@ -1422,7 +1420,6 @@ void hmp_set_password(Monitor *mon, const QDict *qdict)
 }
 
 if (opts.protocol == DISPLAY_PROTOCOL_VNC) {
-opts.u.vnc.has_display = !!display;
 opts.u.vnc.display = (char *)display;
 }
 
@@ -1450,7 +1447,6 @@ void hmp_expire_password(Monitor *mon, const QDict *qdict)
 }
 
 if (opts.protocol == DISPLAY_PROTOCOL_VNC) {
-opts.u.vnc.has_display = !!display;
 opts.u.vnc.display = (char *)display;
 }
 
@@ -1735,7 +1731,7 @@ hmp_screendump(Monitor *mon, const QDict *qdict)
 goto end;
 }
 
-qmp_screendump(filename, id != NULL, id, id != NULL, head,
+qmp_screendump(filename, id, id != NULL, head,
input_format != NULL, format, &err);
 end:
 hmp_handle_error(mon, err);
diff --git a/ui/console.c b/ui/console.c
index 49da6a91df..35b5680812 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -407,7 +407,7 @@ static void graphic_hw_update_bh(void *con)
 
 /* Safety: coroutine-only, concurrent-coroutine safe, main thread only */
 void coroutine_fn
-qmp_screendump(const char *filename, bool has_device, const char *device,
+qmp_screendump(const char *filename, const char *device,
bool has_head, int64_t head,
bool has_format, ImageFormat format, Error **errp)
 {
@@ -416,7 +416,7 @@ qmp_screendump(const char *filename, bool has_device, const 
char *device,
 DisplaySurface *surface;
 int fd;
 
-if (has_device) {
+if (device) {
 con = qemu_console_lookup_by_device_name(device, has_head ? head : 0,
  errp);
 if (!con) {
diff --git a/ui/input.c b/ui/input.c
index e2a90af889..8f4a87d1d7 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -124,7 +124,7 @@ qemu_input_find_handler(uint32_t mask, QemuConsole *con)
 return NULL;
 }
 
-void qmp_input_send_event(bool has_device, const char *device,
+void qmp_input_send_event(const char *device,
   bool has_head, int64_t head,
   InputEventList *events, Error **errp)
 {
@@ -133,7 +133,7 @@ void qmp_input_send_event(bool has_device, const char 
*device,
 Error *err = NULL;
 
 con = NULL;
-if (has_device) {
+if (device) {
 if (!has_head) {
 head = 0;
 }
diff --git a/ui/spice-core.c b/ui/spice-core.c
index c3ac20ad43..72f8f1681c 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -222,7 +222,6 @@ static void channel_event(int event, SpiceChannelEventInfo 
*info)
 break;
 case SPICE_CHANNEL_EVENT_INITIALIZED:
 if (auth) {
-server->has_auth = true;
 server->auth = g_strdup(auth);
 }
 add_channel_info(client, info);
@@ -522,13 +521,9 @@ static SpiceInfo *qmp_query_spice_real(Error **errp)
 port = qemu_opt_get_number(opts, "port", 0);
 tls_port = qemu_opt_get_number(opts, "tls-port", 0);
 
-info->has_auth = true;
 info->auth = g_strdup(auth);
-
-info->has_host = t

[PULL v2 24/28] qapi transaction: Elide redundant has_FOO in generated C

[Markus Armbruster]

The has_FOO for pointer-valued FOO are redundant, except for arrays.
They are also a nuisance to work with.  Recent commit "qapi: Start to
elide redundant has_FOO in generated C" provided the means to elide
them step by step.  This is the step for qapi/transaction.json.

Said commit explains the transformation in more detail.  The invariant
violations mentioned there do not occur here.

Cc: Kevin Wolf 
Cc: Hanna Reitz 
Cc: qemu-bl...@nongnu.org
Signed-off-by: Markus Armbruster 
Message-Id: <20221018062849.3420573-25-arm...@redhat.com>
---
 blockdev.c | 3 +--
 scripts/qapi/schema.py | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index 6a3b8cdbc6..0900a38ca6 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -1048,7 +1048,7 @@ static void blockdev_do_action(TransactionAction *action, 
Error **errp)
 
 list.value = action;
 list.next = NULL;
-qmp_transaction(&list, false, NULL, errp);
+qmp_transaction(&list, NULL, errp);
 }
 
 void qmp_blockdev_snapshot_sync(const char *device, const char *node_name,
@@ -2288,7 +2288,6 @@ static TransactionProperties *get_transaction_properties(
  * Always run under BQL.
  */
 void qmp_transaction(TransactionActionList *dev_list,
- bool has_props,
  struct TransactionProperties *props,
  Error **errp)
 {
diff --git a/scripts/qapi/schema.py b/scripts/qapi/schema.py
index f0726af876..3673296ad8 100644
--- a/scripts/qapi/schema.py
+++ b/scripts/qapi/schema.py
@@ -759,7 +759,6 @@ def need_has(self):
 assert self.type
 # Temporary hack to support dropping the has_FOO in reviewable chunks
 opt_out = [
-'qapi/transaction.json',
 'qapi/ui.json',
 'qapi/virtio.json',
 'qga/qapi-schema.json']
-- 
2.37.3