from:"carl"



  
  
OK, I think the problem is the handling of dc->fsr_qne in
  trans_STDFQ, lines 4583 and 4593 -- the code is evaluating
  dc->fsr_qne at translation time and not at runtime. 

On 8/16/24 14:19, Carl Hauser wrote:


  
  Hi Richard,
  I applied the 6 patches and then ran a divide-by-zero test on
the Solaris image. The result was a crash
  
  (qemu) qemu:
fatal: Trap 0x08 (FPU Exception) while interrupts disabled,
Error state 
  pc: f0066d80  npc: f0066d84 
  %g0-7:  01086002  2000  fc067b80
  0001 f638b180 
  %o0-7: f025ef5c   f6376648  
  fc067b80 f004149c  
  %l0-7: 04401087 00010a10 00010a14 fc067b80 fc067f70 0080
  0001 fc067b80  
  %i0-7:  0108 0008 0002 0f80 ef718cb0
  e510 000109ec  
  %f00:    
   
  %f08:  4040  
   
  %f16:    
   
  %f24:    
   
  psr: 04001087 (icc:  SPE: S--) wim: 0002 
  fsr: 0109 y: 
  
  

  I've
  seen that PC address before -- I'm pretty sure it is the STDFQ
  instruction in the kernel trap handler, and if I'm reading the
  fsr correctly that is confirmed by the fact that it is
  sequence-error type FPE which only occurs for STDFQ. Without a
  bit of further poking around with the debugger I don't know
  what's happening beyond that. I will keep looking but thought
  I'd provide immediate results in case this rings a bell for
  you.
  

  If
  it would be helpful, I could share a disk image with Solaris,
  gnu tools, the test examples, etc. It's under 500MB compressed
  and I think I have enough google drive space to accommodate
  that at the moment. 
    
  

  --
  Carl

  On 8/16/24 00:23, Richard Henderson
    wrote:
  
  
Hi Carl,

While digging through the manual to figure out if we were really
doing the right thing raising the fp exception, I found the fpu
exception state machine.  I'm not sure it's worth emulating the
fp_exception_pending state, but it's certainly easy enough to
emulate the fp_executing/fp_exception states.

In addition, this simplifies the implementation of STDFQ,
restricts FQ to sparc32 system mode, and handles migration.

Would you please double-check this against your Solaris images?


r~


Carl Hauser (2):
  target/sparc: Add FQ and FSR.QNE
  target/sparc: Populate sparc32 FQ when raising fp exception

Richard Henderson (4):
  target/sparc: Restrict STQF to sparcv9
  target/sparc: Add FSR_QNE to tb_flags
  target/sparc: Implement STDFQ
  target/sparc: Add gen_trap_if_nofpu_fpexception

 target/sparc/cpu.h  |  30 -
 target/sparc/fop_helper.c   |   4 ++
 target/sparc/int32_helper.c |  32 -
 target/sparc/machine.c  |  25 +++
 target/sparc/translate.c| 126 ++--
 target/sparc/insns.decode   |   4 +-
 6 files changed, 169 insertions(+), 52 deletions(-)

Re: [PATCH for-9.2 v3 0/6] target/sparc: emulate floating point queue when raising fp traps



  
  
Hi Richard,
I applied the 6 patches and then ran a divide-by-zero test on the
  Solaris image. The result was a crash

(qemu) qemu:
  fatal: Trap 0x08 (FPU Exception) while interrupts disabled,
  Error state

pc: f0066d80  npc: f0066d84

%g0-7:  01086002  2000  fc067b80
0001 f638b180

%o0-7: f025ef5c   f6376648  
fc067b80 f004149c  
%l0-7: 04401087 00010a10 00010a14 fc067b80 fc067f70 0080
0001 fc067b80  
%i0-7:  0108 0008 0002 0f80 ef718cb0
e510 000109ec  
%f00:    


%f08:  4040  


%f16:    


%f24:    


psr: 04001087 (icc:  SPE: S--) wim: 0002

fsr: 0109 y: 


  
I've
seen that PC address before -- I'm pretty sure it is the STDFQ
instruction in the kernel trap handler, and if I'm reading the
fsr correctly that is confirmed by the fact that it is
sequence-error type FPE which only occurs for STDFQ. Without a
bit of further poking around with the debugger I don't know
what's happening beyond that. I will keep looking but thought
I'd provide immediate results in case this rings a bell for you.

  
If
it would be helpful, I could share a disk image with Solaris,
gnu tools, the test examples, etc. It's under 500MB compressed
and I think I have enough google drive space to accommodate that
at the moment. 
      

  
--
Carl
  
On 8/16/24 00:23, Richard Henderson
  wrote:


  Hi Carl,

While digging through the manual to figure out if we were really
doing the right thing raising the fp exception, I found the fpu
exception state machine.  I'm not sure it's worth emulating the
fp_exception_pending state, but it's certainly easy enough to
emulate the fp_executing/fp_exception states.

In addition, this simplifies the implementation of STDFQ,
restricts FQ to sparc32 system mode, and handles migration.

Would you please double-check this against your Solaris images?


r~


Carl Hauser (2):
  target/sparc: Add FQ and FSR.QNE
  target/sparc: Populate sparc32 FQ when raising fp exception

Richard Henderson (4):
  target/sparc: Restrict STQF to sparcv9
  target/sparc: Add FSR_QNE to tb_flags
  target/sparc: Implement STDFQ
  target/sparc: Add gen_trap_if_nofpu_fpexception

 target/sparc/cpu.h  |  30 -
 target/sparc/fop_helper.c   |   4 ++
 target/sparc/int32_helper.c |  32 -
 target/sparc/machine.c  |  25 +++
 target/sparc/translate.c| 126 ++--
 target/sparc/insns.decode   |   4 +-
 6 files changed, 169 insertions(+), 52 deletions(-)

Re: [PATCH for-9.2 v3 0/6] target/sparc: emulate floating point queue when raising fp traps



  
  
Yes, but ...
isn't the state of dc->fsr_qne at translation time irrelevant?
  And changing it at translation time (line 4593) is dangerous
  (because it pertains to runtime, not translation time); i.e. why
  is 0 stored at both translation time (4593) and at runtime (4591)?
  I think that the if on line 4583 needs to be a run-time test. But
  I get very tangled up in these distinctions. For me, generating a
  call to a helper function instead of trying to generate all the
  correct logic made it easier to keep straight what was happening.

On 8/16/24 15:05, Richard Henderson
  wrote:

On
  8/17/24 07:46, Carl Hauser wrote:
  
  OK, I think the problem is the handling of
dc->fsr_qne in trans_STDFQ, lines 4583 and 4593 -- the code
is evaluating dc->fsr_qne at translation time and not at
runtime.

  
  
  That's what patch 4 does, ensure that the runtime value is
  available at translation time.
  
  
  
  r~

Re: [PATCH for-9.2 v3 0/6] target/sparc: emulate floating point queue when raising fp traps



  
  
Further info: 
netbsd panics in the kernel trap handler; unfortunately it does
  not include the fsr in the panic message, but I expect it will be
  the same as on Solaris.

linux raises SIGFPE in the application that caused the exception.
  Not surprising since we've seen before that linux is blissfully
  unaware of the floating point queue.
    -- Carl

On 8/16/24 15:05, Richard Henderson
  wrote:

On
  8/17/24 07:46, Carl Hauser wrote:
  
  OK, I think the problem is the handling of
dc->fsr_qne in trans_STDFQ, lines 4583 and 4593 -- the code
is evaluating dc->fsr_qne at translation time and not at
runtime.

  
  
  That's what patch 4 does, ensure that the runtime value is
  available at translation time.
  
  
  
  r~

Re: [PATCH for-9.2 v3 0/6] target/sparc: emulate floating point queue when raising fp traps

2024-08-17 Thread Carl Hauser



  
  
I changed target.c:4597 from return true; to return
  advance_pc(dc); and it worked.

On 8/16/24 17:16, Richard Henderson
  wrote:

On
  8/17/24 09:48, Carl Hauser wrote:
  
  netbsd panics in the kernel trap handler;
unfortunately it does not include the fsr in the panic message,
but I expect it will be the same as on Solaris.

  
  
  Ok, I have reproduced this with netbsd 9.3.
  
  I'll have a look.
  
  
  
  r~

Re: [PATCH for-9.2 v3 0/6] target/sparc: emulate floating point queue when raising fp traps -- CORRECTION

2024-08-17 Thread Carl Hauser



  
  
I changed translate.c:4597 from return true; to return
  advance_pc(dc); and it worked.

On 8/16/24 17:16, Richard Henderson
  wrote:

On
  8/17/24 09:48, Carl Hauser wrote: 
  netbsd panics in the kernel trap handler;
unfortunately it does not include the fsr in the panic message,
but I expect it will be the same as on Solaris. 
  
  
  Ok, I have reproduced this with netbsd 9.3. 
  I'll have a look. 
  
  
  r~

[PATCH] hw/char: suppress sunmouse events with no changes

2024-08-19 Thread Carl Hauser


From f155cbd57b37fa600c580ed30d593f47383ecd38 Mon Sep 17 00:00:00 2001
From: Carl Hauser 
Date: Fri, 16 Aug 2024 09:20:36 -0700
Subject: [PATCH] hw/char: suppress sunmouse events with no changes

Sun optical mice circa 1993 were based on the Mouse Systems
Corp. optical mice. The technical manual for those mice
states that mice only send events when there is motion or the
button state changes. The Solaris 2.5.6 mouse driver seems
to be confused by updates that don't follow this specification.

This patch adds a field to the ESCCChannelState to contain
the button state sent in the last event and uses that in
sunmouse_event to avoid sending unnecessary updates.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2518
Signed-off-by: Carl Hauser 
---
 hw/char/escc.c | 10 ++
 include/hw/char/escc.h |  1 +
 2 files changed, 11 insertions(+)

diff --git a/hw/char/escc.c b/hw/char/escc.c
index d450d70eda..7732141cf5 100644
--- a/hw/char/escc.c
+++ b/hw/char/escc.c
@@ -287,6 +287,7 @@ static void escc_reset_chn(ESCCChannelState *s)
 s->rxint = s->txint = 0;
 s->rxint_under_svc = s->txint_under_svc = 0;
 s->e0_mode = s->led_mode = s->caps_lock_mode = s->num_lock_mode = 0;
+s->sunmouse_prev_state = 0;
 clear_queue(s);
 }

@@ -959,6 +960,15 @@ static void sunmouse_event(void *opaque,
 int ch;

 trace_escc_sunmouse_event(dx, dy, buttons_state);
+
+/* Don't send duplicate events without motion */
+if (dx == 0 &&
+dy == 0 &&
+(s->sunmouse_prev_state ^ buttons_state) == 0) {
+return;
+}
+s->sunmouse_prev_state = buttons_state;
+
 ch = 0x80 | 0x7; /* protocol start byte, no buttons pressed */

 if (buttons_state & MOUSE_EVENT_LBUTTON) {
diff --git a/include/hw/char/escc.h b/include/hw/char/escc.h
index 5669a5b811..bc5ba4f564 100644
--- a/include/hw/char/escc.h
+++ b/include/hw/char/escc.h
@@ -46,6 +46,7 @@ typedef struct ESCCChannelState {
 uint8_t rx, tx;
 QemuInputHandlerState *hs;
 char *sunkbd_layout;
+int sunmouse_prev_state;
 } ESCCChannelState;

 struct ESCCState {
--
2.34.1

Re: [PATCH] hw/char: suppress sunmouse events with no changes

2024-08-20 Thread Carl Hauser



  
  
Yes, just equality, no masking needed. Boneheaded.
I think I could figure out how to do the state migration if
  that's the direction you want to go.
I don't think I could do the migration to
  qemu_input_handler_register, especially as I would think that the
  keyboard should be done at the same time.
I'll wait on a V2 patch with the equality fix for a decision
  about migration/vs new style.
    
-- Carl

On 8/20/24 00:34, Richard Henderson
  wrote:

On
  8/20/24 09:18, Carl Hauser wrote:
  
  @@ -959,6 +960,15 @@ static void
sunmouse_event(void *opaque,

  int ch;


  trace_escc_sunmouse_event(dx, dy, buttons_state);

+

+    /* Don't send duplicate events without motion */

+    if (dx == 0 &&

+    dy == 0 &&

+    (s->sunmouse_prev_state ^ buttons_state) == 0) {

  
  
  Were you intending to mask vs MOUSE_EVENT_*BUTTON?
  
  Otherwise this is just plain equality.
  
  
  diff --git a/include/hw/char/escc.h
b/include/hw/char/escc.h

index 5669a5b811..bc5ba4f564 100644

--- a/include/hw/char/escc.h

+++ b/include/hw/char/escc.h

@@ -46,6 +46,7 @@ typedef struct ESCCChannelState {

  uint8_t rx, tx;

  QemuInputHandlerState *hs;

  char *sunkbd_layout;

+    int sunmouse_prev_state;

  
  
  This adds new state that must be migrated.
  
  
  While the patch is relatively simple, I do wonder if this code
  could be improved by converting away from the legacy mouse
  interface to qemu_input_handler_register. Especially if that might
  help avoid needing to add migration state that isn't "really" part
  of the device.
  
  
  Mark?
  
  
  
  r~

Re: [PATCH for-9.2 v3 0/6] target/sparc: emulate floating point queue when raising fp traps -- CORRECTION

2024-08-20 Thread Carl Hauser



  
  
Do you want me to submit a patch set fixing this or will you?
-- Carl

On 8/18/24 19:42, Richard Henderson
  wrote:

On
  8/18/24 10:03, Carl Hauser wrote:
  
  I changed translate.c:4597 from return
true; to return advance_pc(dc); and it worked.

  
  
  Whoops, yes indeed.  Thanks for the catch.
  
  
  
  r~

Re: [PATCH v4 0/5] target/sparc: emulate floating point queue when raising fp traps

2024-09-10 Thread Carl Hauser



  
  
On 9/9/24 11:07, Richard Henderson
  wrote:


  Changes for v5:
  - Fix stdfq advance_pc.

r~

Carl Hauser (2):
  target/sparc: Add FQ and FSR.QNE
  target/sparc: Populate sparc32 FQ when raising fp exception

Richard Henderson (3):
  target/sparc: Add FSR_QNE to tb_flags
  target/sparc: Implement STDFQ
  target/sparc: Add gen_trap_if_nofpu_fpexception

 target/sparc/cpu.h  |  30 -
 target/sparc/fop_helper.c   |   4 ++
 target/sparc/int32_helper.c |  40 ++-
 target/sparc/machine.c  |  25 +++
 target/sparc/translate.c| 128 ++--
 target/sparc/insns.decode   |   2 +-
 6 files changed, 178 insertions(+), 51 deletions(-)



I did very basic tests that IEEE exceptions are raised
  successfully and the quad precision instructions are emulated. 

Tested-by: Carl Hauser

[Qemu-devel] boot order=d bug?

2017-05-07 Thread Carl Karsten

In the real world I will have a machine with a sata hd and boot the
installer from a usb stick. I want to test this with 2 disk image files.

The usb stick will be built like so:
https://github.com/CarlFK/video-stack-deploy/blob/usbstick/scripts/mk_usb_installer.sh

but this will demo the problem I have run into with qemu:  how do I boot
from boot.img without using boot=menu?

# make a blank disk to install to
qemu-img create -f qcow2 disk.cow 8G

# get an installer image
wget
http://ftp.debian.org/debian/dists/stretch/main/installer-amd64/current/images/hd-media/boot.img.gz
gunzip boot.img.gz

qemu-system-x86_64 -m 256 -display curses  \
-drive file=disk.cow,index=0 \
-drive file=boot.img,index=1 \
-boot menu=on

# Hit esc and then #2 to boot the installer.

Press ESC for boot menu.
Select boot device:
1. ata0-0: QEMU HARDDISK ATA-7 Hard-Disk (8192 MiBytes)
2. ata0-1: QEMU HARDDISK ATA-7 Hard-Disk (953 MiBytes)
3. Legacy option rom
4. Floppy [drive A]
5. DVD/CD [ata1-0: QEMU DVD-ROM ATAPI-4 DVD/CD]
6. iPXE (PCI 00:03.0)


juser@gator:~/temp/video-stack-deploy/scripts$ qemu-system-x86_64 -version
QEMU emulator version 2.8.1(Debian 1:2.8+dfsg-4+b1)
Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers


-- 
Carl K

Re: [Qemu-devel] boot order=d bug?

2017-05-07 Thread Carl Karsten

neat.  missed that.

except it doesn't work.

juser@gator:~/temp$ qemu-system-x86_64 -drive
file=boot.img,format=raw,bootindex=1
qemu-system-x86_64: -drive file=boot.img,format=raw,bootindex=1: Block
format 'raw' does not support the option 'bootindex'

juser@gator:~/temp$ qemu-system-x86_64 -drive
file=boot.img,bootindex=1WARNING: Image format was not specified for
'boot.img' and probing guessed raw.
 Automatically detecting the format is dangerous for raw images,
write operations on block 0 will be restricted.
 Specify the 'raw' format explicitly to remove the restrictions.
qemu-system-x86_64: -drive file=boot.img,bootindex=1: Block format 'raw'
does not support the option 'bootindex'

Is there a "yes you do --force" option ?

On Sun, May 7, 2017 at 9:02 PM, Thomas Huth  wrote:

> On 07.05.2017 07:42, Carl Karsten wrote:
> > In the real world I will have a machine with a sata hd and boot the
> > installer from a usb stick. I want to test this with 2 disk image files.
> >
> > The usb stick will be built like so:
> > https://github.com/CarlFK/video-stack-deploy/blob/
> usbstick/scripts/mk_usb_installer.sh
> >
> > but this will demo the problem I have run into with qemu:  how do I boot
> > from boot.img without using boot=menu?
>
> Have you already tried to use the bootindex property? See:
>
> http://git.qemu.org/?p=qemu.git;a=blob;f=docs/bootindex.txt
>
>  Thomas
>
>

-- 
Carl K

[Qemu-devel] format=raw,readonly errors

2017-05-07 Thread Carl Karsten

juser@gator:~/temp$ qemu-system-x86_64 -m 256 -display curses  -drive
file=disk.cow -drive file=boot.img
WARNING: Image format was not specified for 'boot.img' and probing guessed
raw.
 Automatically detecting the format is dangerous for raw images,
write operations on block 0 will be restricted.
 Specify the 'raw' format explicitly to remove the restrictions.

This is OK, as I don't want anything writing to that thing anyway.  So to
get rid of the waring:

juser@gator:~/temp$ qemu-system-x86_64 -drive
file=boot.img,format=raw,readonly qemu-system-x86_64: Can't use a read-only
drive
qemu-system-x86_64: Initialization of device ide-hd failed: Device
initialization failed.

hmm... one more try:

juser@gator:~/temp$ qemu-system-x86_64 -m 256 -display curses  -drive
file=disk.cow,readonly
qemu-system-x86_64: Can't use a read-only drive
qemu-system-x86_64: Initialization of device ide-hd failed: Device
initialization failed.




-- 
Carl K

Re: [Qemu-devel] format=raw,readonly errors

On Mon, May 8, 2017 at 3:51 AM, Markus Armbruster  wrote:

> Carl Karsten  writes:
>
> > juser@gator:~/temp$ qemu-system-x86_64 -m 256 -display curses  -drive
> > file=disk.cow -drive file=boot.img
> > WARNING: Image format was not specified for 'boot.img' and probing
> guessed
> > raw.
> >  Automatically detecting the format is dangerous for raw images,
> > write operations on block 0 will be restricted.
> >  Specify the 'raw' format explicitly to remove the restrictions.
> >
> > This is OK, as I don't want anything writing to that thing anyway.  So to
> > get rid of the waring:
> >
> > juser@gator:~/temp$ qemu-system-x86_64 -drive
> > file=boot.img,format=raw,readonly qemu-system-x86_64: Can't use a
> read-only
> > drive
> > qemu-system-x86_64: Initialization of device ide-hd failed: Device
> > initialization failed.
>
> -drive without if=... creates an IDE disk[*].  IDE disks can't do
> read-only.  Have you tried omitting ",readonly"?
>


omitting works, but my goal was for the drive to be read only.




>
> > hmm... one more try:
> >
> > juser@gator:~/temp$ qemu-system-x86_64 -m 256 -display curses  -drive
> > file=disk.cow,readonly
> > qemu-system-x86_64: Can't use a read-only drive
> > qemu-system-x86_64: Initialization of device ide-hd failed: Device
> > initialization failed.
>
>
> [*] It actually depends on the machine, but I figure that's of no
> interest to you.
>



-- 
Carl K

Re: [Qemu-devel] boot order=d bug?

On Mon, May 8, 2017 at 2:57 AM, Thomas Huth  wrote:

> On 08.05.2017 06:22, Carl Karsten wrote:
> > neat.  missed that.
> >
> > except it doesn't work.
> >
> > juser@gator:~/temp$ qemu-system-x86_64 -drive
> > file=boot.img,format=raw,bootindex=1
> > qemu-system-x86_64: -drive file=boot.img,format=raw,bootindex=1: Block
> > format 'raw' does not support the option 'bootindex'
>
> bootindex is a property of the "-device" parameter, not of "-drive", so
> you've got to specify both parameters here (with "if=none" for -drive).
> See bootindex.txt for details.
>

got it.  Thank you and IRC folks for this:

qemu-system-x86_64 -m 256 \
-drive file=disk.cow,index=0 \
-drive file=/dev/sdb,index=1,format=raw,if=none,id=thumb \
  -device ide-hd,drive=thumb,bootindex=1




>
>  Thomas
>
> > On Sun, May 7, 2017 at 9:02 PM, Thomas Huth  wrote:
> >
> >> On 07.05.2017 07:42, Carl Karsten wrote:
> >>> In the real world I will have a machine with a sata hd and boot the
> >>> installer from a usb stick. I want to test this with 2 disk image
> files.
> >>>
> >>> The usb stick will be built like so:
> >>> https://github.com/CarlFK/video-stack-deploy/blob/
> >> usbstick/scripts/mk_usb_installer.sh
> >>>
> >>> but this will demo the problem I have run into with qemu:  how do I
> boot
> >>> from boot.img without using boot=menu?
> >>
> >> Have you already tried to use the bootindex property? See:
> >>
> >> http://git.qemu.org/?p=qemu.git;a=blob;f=docs/bootindex.txt
> >>
> >>  Thomas
> >>
> >>
> >
> >
>
>


-- 
Carl K

Re: [Qemu-devel] format=raw,readonly errors

On Mon, May 8, 2017 at 10:32 AM, John Snow  wrote:

>
>
> On 05/08/2017 10:15 AM, Carl Karsten wrote:
> > On Mon, May 8, 2017 at 3:51 AM, Markus Armbruster 
> wrote:
> >
> >> Carl Karsten  writes:
> >>
> >>> juser@gator:~/temp$ qemu-system-x86_64 -m 256 -display curses  -drive
> >>> file=disk.cow -drive file=boot.img
> >>> WARNING: Image format was not specified for 'boot.img' and probing
> >> guessed
> >>> raw.
> >>>  Automatically detecting the format is dangerous for raw
> images,
> >>> write operations on block 0 will be restricted.
> >>>  Specify the 'raw' format explicitly to remove the
> restrictions.
> >>>
> >>> This is OK, as I don't want anything writing to that thing anyway.  So
> to
> >>> get rid of the waring:
> >>>
> >>> juser@gator:~/temp$ qemu-system-x86_64 -drive
> >>> file=boot.img,format=raw,readonly qemu-system-x86_64: Can't use a
> >> read-only
> >>> drive
> >>> qemu-system-x86_64: Initialization of device ide-hd failed: Device
> >>> initialization failed.
> >>
> >> -drive without if=... creates an IDE disk[*].  IDE disks can't do
> >> read-only.  Have you tried omitting ",readonly"?
> >>
> >
> >
> > omitting works, but my goal was for the drive to be read only.
> >
> >
>
> I don't think there's a way to make physical IDE drives "read only." I
> don't think there's any jumper settings or any of the like which can
> accomplish this.
>
> Unlike floppy disks (which you could notch the corner of) or SD cards
> (which have the write lock), I don't think ATA disks have a method for
> being "read only," so this isn't a feature QEMU can support.
>
> What you CAN do, however, is to use -snapshot or otherwise use something
> like a qcow2 overlay to trap all writes to a temporary file that you can
> discard at a later point in time, effectively keeping your original
> image "read only."
>
> I believe that SCSI disks support a read-only mode, though.
>


k - that all makes sense.

kinda ;)

 "write operations on block 0 will be restricted."

Is there a way to explicitly enable that?

The installer on the usb stick keeps stepping on itself rendering it
broken, both physical usb drive and a dd image.

I can play with OS permissions too, but that restricted warning made me
think that would be 'best'.

but but, now that I have index/bootindex working I probably won't be
trashing my installer any more, so non-issue.



-- 
Carl K

Re: [Qemu-devel] format=raw,readonly errors

On Mon, May 8, 2017 at 11:29 AM, Eric Blake  wrote:

> On 05/08/2017 10:56 AM, Carl Karsten wrote:
>
> >>>>> juser@gator:~/temp$ qemu-system-x86_64 -m 256 -display curses
> -drive
> >>>>> file=disk.cow -drive file=boot.img
> >>>>> WARNING: Image format was not specified for 'boot.img' and probing
> >>>> guessed
> >>>>> raw.
> >>>>>  Automatically detecting the format is dangerous for raw
> >> images,
> >>>>> write operations on block 0 will be restricted.
> >>>>>  Specify the 'raw' format explicitly to remove the
> >> restrictions.
>
> >  "write operations on block 0 will be restricted."
> >
> > Is there a way to explicitly enable that?
>
> Yes. Pass format=raw at the right place (in other words, instead of
> getting the 'raw' format driver by default, explicitly mentioning that
> you KNOW you want the 'raw' format driver is enough to shut up the
> warning).
>

according to the warning: "Specify the 'raw' format explicitly to remove
the restrictions."

I want the restriction.

format=raw, (write operations on block 0)=restricted



>
> --
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.   +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org
>
>


-- 
Carl K

[Qemu-devel] [Bug 1612908] [NEW] qom-[list, tree, get, set] don't accept tcp endpoint arg

2016-08-13 Thread Carl Allendorph

Public bug reported:

Hi,

I'm using origin/master [60ac13...]. When I run any of the commands
in 'qemu/scripts/qmp/qom-[list,tree,get,set]', the help text says that
it can connect to a QEMU instance by passing either a path to a unix
socket or a tcp endpoint in the format "host:port". The unix socket
variant works but the tcp endpoint variant does not. QEMUMonitorProtocol
accepts either a string (unix socket) or a tuple (host,port). None of
the qom-* scripts actually massage the '-s' argument into a tuple.

I have a patch to fix this issue that I can submit to the developer
list.

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: python qom qom-list qom-tree scripts

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1612908

Title:
  qom-[list,tree,get,set] don't accept tcp endpoint arg

Status in QEMU:
  New

Bug description:
  Hi,

  I'm using origin/master [60ac13...]. When I run any of the
  commands in 'qemu/scripts/qmp/qom-[list,tree,get,set]', the help text
  says that it can connect to a QEMU instance by passing either a path
  to a unix socket or a tcp endpoint in the format "host:port". The unix
  socket variant works but the tcp endpoint variant does not.
  QEMUMonitorProtocol accepts either a string (unix socket) or a tuple
  (host,port). None of the qom-* scripts actually massage the '-s'
  argument into a tuple.

  I have a patch to fix this issue that I can submit to the developer
  list.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1612908/+subscriptions

[Qemu-devel] ARM MCU Target Structure Question

2016-08-14 Thread Carl Allendorph

Hello All,

I'm working on a new microcontroller target (Atmel ATSAM4E) for the
qemu-system-arm executable. I've successfully setup a machine and created
some peripherals. I have some questions about how to structure the files
for contributing this target to the qemu project.

In the current "hw" directory, there seems to be a mashup of MCU/board
machines, peripherals for these machines, and devices that would
communicate with these peripherals like I2C or SPI slave devices. There are
also general definitions for buses like I2C and SPI. There seem to be
peripherals for certain machines spread over several different directories.

For example, the omap*.c files are defined in the "arm" sub directory, and
then several of the peripherals are defined in the ssi/i2c/gpio/etc
directories. This seems inefficient from a development perspective because
the omap i2c/ssi/gpio peripherals are unlikely to be reused by other MCUs
or targets (except by derivatives in the OMAP family perhaps).

My preferred way to contribute to the project would be to create a new set
of directories in "hw/arm" that would have the following hierarchy:

  hw/arm/atmel/
- utils/
- atsam4/
  - common/<-- Common Peripherals in family
  - atsam4e/   <-- Machine and Peripheral Definitions
  - atsam4n/
...
- atsam3/<-- Other families in the future?

Similarly, I would create an "include" structure for headers:

  include/hw/arm/atmel/
- utils/
- atsam4/
  - common/
  - atsam4e/
  - atsam4n/
...
- atsam3/


Is this reasonable and acceptable?

I think refactoring the code in "hw" directory to organize machine targets
using similar logic for SOCs and moving slave device targets into a
separate subdirectory would be useful. I'm new to this project so perhaps
I'm missing something. I hope this does not come across as stepping on
anyones toes; that was not my intent.

Thanks in advanced for any comments or advice.

Re: [Qemu-devel] ARM MCU Target Structure Question

2016-08-15 Thread Carl Allendorph

On Mon, Aug 15, 2016 at 3:18 AM, Peter Maydell 
wrote:

> This broadly matches the directory arrangement principles used
> by the Linux kernel sources, which is where we've borrowed it from.
>

Ok - I'll pursue the current directory structure.

Thanks,
~C

[Qemu-devel] [Bug 1725707] Re: QEMU sends excess VNC data to websockify even when network is poor

2017-10-21 Thread Carl Brassey

** Attachment added: "Used with other VNC servers.jpg"

https://bugs.launchpad.net/qemu/+bug/1725707/+attachment/4982277/+files/Used%20with%20other%20VNC%20servers.jpg

** Description changed:

Description of problem
-
In my latest topic, I reported a bug relate to QEMU's websocket:
https://bugs.launchpad.net/qemu/+bug/1718964

It has been fixed but someone mentioned that he met the same problem when
using QEMU with a standalone websocket proxy.
That makes me confused because in that scenario QEMU will get a "RAW" VNC
connection.
So I did a test and found that there indeed existed some problems. The
problem is:

When the client's network is poor (on a low speed WAN), QEMU still sends
a lot of data to the websocket proxy, then the client get stuck. It
seems that only QEMU has this problem, other VNC servers works fine.

Environment
-
All of the following versions have been tested:

QEMU: 2.8.1.1 / 2.9.1 / 2.10.1 / master (Up to date)
Host OS: Ubuntu 16.04 Server LTS / CentOS 7 x86_64_1611
Websocket Proxy: websockify 0.6.0 / 0.7.0 / 0.8.0 / master
VNC Web Client: noVNC 0.5.1 / 0.61 / 0.62 / master
Other VNC Servers: TigerVNC 1.8 / x11vnc 0.9.13 / TightVNC 2.8.8

Steps to reproduce:
-
100% reproducible.

1. Launch a QEMU instance (No need websocket option):
qemu-system-x86_64 -enable-kvm -m 6G ./win_x64.qcow2 -vnc :0

2. Launch websockify on a separate host and connect to QEMU's VNC port

3. Open VNC Web Client (noVNC/vnc.html) in browser and connect to
websockify

4. Play a video (e.g. Watch YouTube) on VM (To produce a lot of frame
buffer update)

5. Limit (e.g. Use NetLimiter) the client inbound bandwidth to 300KB/S
(To simulate a low speed WAN)

6. Then client's output gets stuck(less than 1 fps), the cursor is
almost impossible to move

7. Monitor network traffic on the proxy server

Current result:
-
Monitor Downlink/Uplink network traffic on the proxy server
(Refer to the attachments for more details).

1. Used with QEMU
- D: 5.9 MB/s U: 5.7 MB/s (Client on LAN)
- D: 4.3 MB/s U: 334 KB/s (Client on WAN)

2. Used with other VNC servers
- D: 5.9 MB/s U: 5.6 MB/s (Client on LAN)
- D: 369 KB/s U: 328 KB/s (Client on WAN)

- It is found that when the client's network is poor, all the VNC servers
(tigervnc/x11vnc/tightvnc)
- will reduce the VNC data send to websocket proxy (uplink and downlink
symmetry), but QEMU never drop any frames and still sends a lot of data to
websockify, the client has no capacity to accept so much data, more and more
data are accumulated in the websockify, then it crashes.
+ It is found that when the client's network is poor, all the VNC servers
+ (tigervnc/x11vnc/tightvnc) will reduce the VNC data send to websocket
+ proxy (uplink and downlink symmetry), but QEMU never drop any frames and
+ still sends a lot of data to websockify, the client has no capacity to
+ accept so much data, more and more data are accumulated in the
+ websockify, then it crashes.

Expected results:
-
When the client's network is poor (WAN), QEMU will reduce the VNC data send
to websocket proxy.

--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1725707

Title:
QEMU sends excess VNC data to websockify even when network is poor

Status in QEMU:
New

Bug description:
Description of problem
-
In my latest topic, I reported a bug relate to QEMU's websocket:
https://bugs.launchpad.net/qemu/+bug/1718964

When the client's network is poor (on a low speed WAN), QEMU still
sends a lot of data to the websocket proxy, then the client get stuck.
It seems that only QEMU has this problem, other VNC servers works
fine.

Environment
-
All of the following versions have been tested:

Steps to reproduce:
-
100% reproducible.

1. Launch a QEMU instance (No need websocket option):
qemu-system-x86_64 -enable-kvm -m 6G ./win_x64.qcow2 -vnc :0

2. Launch websockify on a separate host and connect to QEMU's VNC port

3. Open VNC Web Client (noVNC/vnc.html) in browser and connect to
websockify

[Qemu-devel] [Bug 1725707] Re: QEMU sends excess VNC data to websockify even when network is poor

2017-10-21 Thread Carl Brassey

** Attachment added: "Used with QEMU.jpg"

https://bugs.launchpad.net/qemu/+bug/1725707/+attachment/4982276/+files/Used%20with%20QEMU.jpg

--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1725707

Title:
QEMU sends excess VNC data to websockify even when network is poor

Status in QEMU:
New

Bug description:
Description of problem
-
In my latest topic, I reported a bug relate to QEMU's websocket:
https://bugs.launchpad.net/qemu/+bug/1718964

When the client's network is poor (on a low speed WAN), QEMU still
sends a lot of data to the websocket proxy, then the client get stuck.
It seems that only QEMU has this problem, other VNC servers works
fine.

Environment
-
All of the following versions have been tested:

Steps to reproduce:
-
100% reproducible.

1. Launch a QEMU instance (No need websocket option):
qemu-system-x86_64 -enable-kvm -m 6G ./win_x64.qcow2 -vnc :0

2. Launch websockify on a separate host and connect to QEMU's VNC port

3. Open VNC Web Client (noVNC/vnc.html) in browser and connect to
websockify

4. Play a video (e.g. Watch YouTube) on VM (To produce a lot of frame
buffer update)

5. Limit (e.g. Use NetLimiter) the client inbound bandwidth to 300KB/S
(To simulate a low speed WAN)

6. Then client's output gets stuck(less than 1 fps), the cursor is
almost impossible to move

7. Monitor network traffic on the proxy server

Current result:
-
Monitor Downlink/Uplink network traffic on the proxy server
(Refer to the attachments for more details).

1. Used with QEMU
- D: 5.9 MB/s U: 5.7 MB/s (Client on LAN)
- D: 4.3 MB/s U: 334 KB/s (Client on WAN)

2. Used with other VNC servers
- D: 5.9 MB/s U: 5.6 MB/s (Client on LAN)
- D: 369 KB/s U: 328 KB/s (Client on WAN)

It is found that when the client's network is poor, all the VNC
servers (tigervnc/x11vnc/tightvnc) will reduce the VNC data send to
websocket proxy (uplink and downlink symmetry), but QEMU never drop
any frames and still sends a lot of data to websockify, the client has
no capacity to accept so much data, more and more data are accumulated
in the websockify, then it crashes.

Expected results:
-
When the client's network is poor (WAN), QEMU will reduce the VNC data send
to websocket proxy.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1725707/+subscriptions

[Qemu-devel] [Bug 1725707] [NEW] QEMU sends excess VNC data to websockify even when network is poor

2017-10-21 Thread Carl Brassey

Public bug reported:

Description of problem
-
In my latest topic, I reported a bug relate to QEMU's websocket:
https://bugs.launchpad.net/qemu/+bug/1718964

It has been fixed but someone mentioned that he met the same problem when using 
QEMU with a standalone websocket proxy.
That makes me confused because in that scenario QEMU will get a "RAW" VNC 
connection.
So I did a test and found that there indeed existed some problems. The problem 
is:

When the client's network is poor (on a low speed WAN), QEMU still sends
a lot of data to the websocket proxy, then the client get stuck. It
seems that only QEMU has this problem, other VNC servers works fine.

Environment
-
All of the following versions have been tested:

QEMU: 2.8.1.1 / 2.9.1 / 2.10.1 / master (Up to date)
Host OS: Ubuntu 16.04 Server LTS / CentOS 7 x86_64_1611
Websocket Proxy: websockify 0.6.0 / 0.7.0 / 0.8.0 / master
VNC Web Client: noVNC 0.5.1 / 0.61 / 0.62 / master
Other VNC Servers: TigerVNC 1.8 / x11vnc 0.9.13 / TightVNC 2.8.8

Steps to reproduce:
-
100% reproducible.

1. Launch a QEMU instance (No need websocket option):
qemu-system-x86_64 -enable-kvm -m 6G ./win_x64.qcow2 -vnc :0

2. Launch websockify on a separate host and connect to QEMU's VNC port

3. Open VNC Web Client (noVNC/vnc.html) in browser and connect to
websockify

4. Play a video (e.g. Watch YouTube) on VM (To produce a lot of frame
buffer update)

5. Limit (e.g. Use NetLimiter) the client inbound bandwidth to 300KB/S
(To simulate a low speed WAN)

6. Then client's output gets stuck(less than 1 fps), the cursor is
almost impossible to move

7. Monitor network traffic on the proxy server

Current result:
-
Monitor Downlink/Uplink network traffic on the proxy server
(Refer to the attachments for more details).

1. Used with QEMU
- D: 5.9 MB/s U: 5.7 MB/s (Client on LAN)
- D: 4.3 MB/s U: 334 KB/s (Client on WAN)

2. Used with other VNC servers
- D: 5.9 MB/s U: 5.6 MB/s (Client on LAN)
- D: 369 KB/s U: 328 KB/s (Client on WAN)

It is found that when the client's network is poor, all the VNC servers
(tigervnc/x11vnc/tightvnc) will reduce the VNC data send to websocket
proxy (uplink and downlink symmetry), but QEMU never drop any frames and
still sends a lot of data to websockify, the client has no capacity to
accept so much data, more and more data are accumulated in the
websockify, then it crashes.

Expected results:
-
When the client's network is poor (WAN), QEMU will reduce the VNC data send to 
websocket proxy.

** Affects: qemu
 Importance: Undecided
 Status: New

** Attachment added: "Topology"
   
https://bugs.launchpad.net/bugs/1725707/+attachment/4982275/+files/Topology.jpg

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1725707

Title:
  QEMU sends excess VNC data to websockify even when network is poor

Status in QEMU:
  New

Bug description:
  Description of problem
  -
  In my latest topic, I reported a bug relate to QEMU's websocket:
  https://bugs.launchpad.net/qemu/+bug/1718964

  It has been fixed but someone mentioned that he met the same problem when 
using QEMU with a standalone websocket proxy.
  That makes me confused because in that scenario QEMU will get a "RAW" VNC 
connection.
  So I did a test and found that there indeed existed some problems. The 
problem is:

  When the client's network is poor (on a low speed WAN), QEMU still
  sends a lot of data to the websocket proxy, then the client get stuck.
  It seems that only QEMU has this problem, other VNC servers works
  fine.

  Environment
  -
  All of the following versions have been tested:

  QEMU: 2.8.1.1 / 2.9.1 / 2.10.1 / master (Up to date)
  Host OS: Ubuntu 16.04 Server LTS / CentOS 7 x86_64_1611
  Websocket Proxy: websockify 0.6.0 / 0.7.0 / 0.8.0 / master
  VNC Web Client: noVNC 0.5.1 / 0.61 / 0.62 / master
  Other VNC Servers: TigerVNC 1.8 / x11vnc 0.9.13 / TightVNC 2.8.8

  Steps to reproduce:
  -
  100% reproducible.

  1. Launch a QEMU instance (No need websocket option):
  qemu-system-x86_64 -enable-kvm -m 6G ./win_x64.qcow2 -vnc :0

  2. Launch websockify on a separate host and connect to QEMU's VNC port

  3. Open VNC Web Client (noVNC/vnc.html) in browser and connect to
  websockify

  4. Play a video (e.g. Watch YouTube) on VM (To produce a lot of frame
  buffer update)

  5. Limit (e.g. Use NetLimiter) the client inbound bandwidth to 300KB/S
  (To simulate a low speed WAN)

  6. Then client's output gets stuck(less than 1 fps), the cursor is
  almost impossible to move

  7. Monitor network traffic on the proxy server

  Current result:
  -
  Monitor Downlink/Uplink network traffic on the proxy server
  (Refer to the attachments for more details).

  1. Used with Q

[Qemu-devel] [Bug 1718964] [NEW] Memory leak when using websocket over a low speed network

2017-09-22 Thread Carl Brassey

Public bug reported:

Description of problem
-

When VNC is connected to QEMU via websocket over a low speed network
(e.g. 300KB/S Wide Area Network), and there is a lot of frame buffer
update, the VNC Client will get stuck, the cursor is almost impossible
to move, which may result in accumulation of a large number of data in
the QEMU process (memory consumption will keep increasing).


Environment
-
All of the following versions have been tested:

QEMU: 2.5.1 / 2.6.0 / 2.8.1.1 / 2.9.0 / 2.10.0
Host OS: Ubuntu 16.04 Server LTS / CentOS 7 x86_64_1611
Guest OS: Windows 7 64bit / Ubuntu 16.04 Desktop LTS
Client OS: Windows 7 64bit / Windows 10 64bit
Client Browser: IE 11.0.9600 / Chrome 60.0.3112 / Firefox 55.0.2
VNC Client: TigerVNC Viewer 1.8 / UltraVNC Viewer 1.2.1.5 / TightVNC Viewer 
2.8.8 
VNC Web Client: noVNC 0.5.1 / noVNC 0.61 / noVNC 0.62
VNC Server: TigerVNC 1.8 / x11vnc 0.9.13 / TightVNC 2.8.8
VNC Client: TigerVNC Viewer 1.8 / UltraVNC Viewer 1.2.1.5 / TightVNC Viewer 
2.8.8


Steps to reproduce:
-
100% reproducible.

1. Launch a QEMU instance with websocket option:
qemu-system-x86_64 -enable-kvm -m 6G ./win_x64.qcow2 -vnc :1,websocket=5701

2. Open VNC Web Client (noVNC/vnc.html) in browser and connect to QEMU
VM via websocket

3. Play a video (e.g. Watch YouTube) on VM (To produce a lot of frame
buffer update)

4. Limit (e.g. Use NetLimiter) the client inbound bandwidth to 300KB/S
(To simulate a low speed WAN)

5. Then client's output gets stuck(less than 1 fps), the cursor is
almost impossible to move

6. Observe QEMU process on the host, more and more data are accumulated
in the process, the consumption of memory continues to keep increasing


Current result:
-
[Top - Initial status]
  PID USER  PR  NIVIRTRESSHR S  %CPU %MEM TIME+ COMMAND 

 2725 root  20   0 7229144 5.910g  23024 S  16.3 18.9   0:12.84 
qemu-system-x86_64

[Top - After an hour's playing w/o limit (6-8MB/S)]
  PID USER  PR  NIVIRTRESSHR S  %CPU %MEM TIME+ COMMAND 

 2725 root  20   0 7370284 6.046g  23132 S  28.0 19.3  35:58.15 
qemu-system-x86_64

[Top - Limit the bandwidth and continue to playing for another an hour 
(300KB/S)]
  PID USER  PR  NIVIRTRESSHR S  %CPU %MEM TIME+ COMMAND 

 2725 root  20   0 11.029g 8.853g  23132 S  20.0 28.2  72:14.17 
qemu-system-x86_64

Also test several other combinations in the same environment:

1. Client(VNC Viewer) - Server(QEMU)
2. Client(VNC Viewer) - Server(tigervnc/x11vnc/tightvnc)
3. Client(noVNC)  - Server(tigervnc/x11vnc/tightvnc)

Likewise, the client's inbound bandwidth is limited to 300KB/S, 
although a lot of frame are lost, all of they still works (at least the mouse 
is movable).

It's found that when connect to QEMU via websocket, it never drop any frames.
QEMU still sends a lot of data to its websocket even when the network is 
congested, 
the process is continually consuming more memory, then it gets stack.


Expected results:
-
When the network is poor (non-LAN), QEMU would reduce the VNC data send to its 
websocket correspondingly, and the memory usage remains stable.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1718964

Title:
  Memory leak when using websocket over a low speed network

Status in QEMU:
  New

Bug description:
  Description of problem
  -

  When VNC is connected to QEMU via websocket over a low speed network
  (e.g. 300KB/S Wide Area Network), and there is a lot of frame buffer
  update, the VNC Client will get stuck, the cursor is almost impossible
  to move, which may result in accumulation of a large number of data in
  the QEMU process (memory consumption will keep increasing).

  
  Environment
  -
  All of the following versions have been tested:

  QEMU: 2.5.1 / 2.6.0 / 2.8.1.1 / 2.9.0 / 2.10.0
  Host OS: Ubuntu 16.04 Server LTS / CentOS 7 x86_64_1611
  Guest OS: Windows 7 64bit / Ubuntu 16.04 Desktop LTS
  Client OS: Windows 7 64bit / Windows 10 64bit
  Client Browser: IE 11.0.9600 / Chrome 60.0.3112 / Firefox 55.0.2
  VNC Client: TigerVNC Viewer 1.8 / UltraVNC Viewer 1.2.1.5 / TightVNC Viewer 
2.8.8 
  VNC Web Client: noVNC 0.5.1 / noVNC 0.61 / noVNC 0.62
  VNC Server: TigerVNC 1.8 / x11vnc 0.9.13 / TightVNC 2.8.8
  VNC Client: TigerVNC Viewer 1.8 / UltraVNC Viewer 1.2.1.5 / TightVNC Viewer 
2.8.8

  
  Steps to reproduce:
  -
  100% reproducible.

  1. Launch a QEMU instance with websocket option:
  qemu-system-x86_64 -enable-kvm -m 6G ./win_x64.qcow2 -vnc :1,websocket=5701

  2. Open VNC Web Client (noVNC/vnc.html) in browser and connect to QEMU
  VM via websocket

  3. Play a video (e.g. Watc

Re: [Qemu-devel] RFC: emulation of system flash

Hi,

as the lead developer of the open source flashrom utility
<http://www.flashrom.org/> I have to say that it would be nice to have
Qemu emulate a flash chip. Right now flashrom is using its own flash
chip emulator for testing, and being able to use flashrom in Qemu would
be a nice addition.

Auf 10.03.2011 05:51, Jordan Justen schrieb:
> I have documented a simple flash-like device which I think could be
> useful for qemu/kvm in some cases.  (Particularly for allowing
> persistent UEFI non-volatile variables.)
>
> http://wiki.qemu.org/Features/System_Flash
>
> Let me know if you have any suggestions or concerns.
>   

Is there any reason why you chose to invent an interface for the flash
chip which is more complicated than the interface used by common flash
chips out there?
Maybe some EFI requirement?

Regards,
Carl-Daniel

Re: [Qemu-devel] Re: RFC: emulation of system flash

Auf 10.03.2011 12:48, Gleb Natapov schrieb:
> On Thu, Mar 10, 2011 at 12:27:55PM +0100, Jan Kiszka wrote:
>   
>> On 2011-03-10 10:47, Gleb Natapov wrote:
>> 
>>> Second. I asked how flash is programmed because interfaces like CFI
>>> where you write into flash memory address range to issue commands cannot
>>> be emulated efficiently in KVM. KVM supports either regular memory slots
>>> or IO memory, but in your proposal the same memory behaves as IO on
>>> write and regular memory on read. Better idea would be to present
>>> non-volatile flash as ISA virtio device. Should be simple to implement.
>>>   
>> Why not enhancing KVM memory slots to support direct read access while
>> writes are trapped and forwarded to a user space device model?
>> 
> Yes we can make memory slot that will be treated as memory on read and
> IO on write, but first relying on that will prevent using flash interface
> on older kernels and second it is not enough to implement the proposal.
> When magic value is written into an address, the address become IO for
> reading too, but KVM slot granularity is page, not byte, so KVM will
> have to remove the slot to make it IO, but KVM can't execute code from
> IO region (yet), so we will not be able to run firmware from flash and
> simultaneously write into the flash.
>   

If you have a Parallel/LPC/FWH flash chip in your mainboard, it is
technically impossible to execute code from flash while you are writing
to _any_ part of the flash chip because every single read from the flash
chip during an active write will toggle one bit of the read data.
So if your code already runs on real x86, you will never hit that problem.

(SPI flash is an exception, but it uses out-of-band access anyway,
usually via some southbridge interface, and that means the IO vs.
execution conflict won't happen there either.)

Regards,
Carl-Daniel

-- 
http://www.hailfinger.org/

Re: [Qemu-devel] Re: RFC: emulation of system flash

Auf 10.03.2011 13:06, Jan Kiszka schrieb:
> BTW, the programming granularity is not bytes but chips with common CFI.
> But that's still tricky if you want to run code from the same chip while
> updating parts of it. The easiest workaround would be handling the
> overlay regions as ROM all the time. Not accurate but realizable without
> kernel changes.
>   

I've yet to see CFI chips on x86.


>> On Thu, Mar 10, 2011 at 12:27:55PM +0100, Jan Kiszka wrote:
>> 
>>> Virtio
>>> means that you have to patch the guest (which might be something else
>>> than flexible Linux...).
>>>
>>>   
>> This intended to be used by firmware only and we control that.
>> 
> I'm thinking beyond this use case, beyond firmware flashes, beyond x86.
>   

If you're thinking beyond x86, most flash is probably using SPI nowadays
because the reduced PCB footprint can save lots of money. And for SPI
you only need OOB access for write and the memory region itself is readonly.

Regards,
Carl-Daniel

-- 
http://www.hailfinger.org/

Re: [Qemu-devel] Re: RFC: emulation of system flash

Auf 10.03.2011 19:43, Jordan Justen schrieb:
> On Thu, Mar 10, 2011 at 01:10, Avi Kivity  wrote:
>   
>> On 03/10/2011 06:51 AM, Jordan Justen wrote:
>> 
>>> http://wiki.qemu.org/Features/System_Flash
>>>
>>>   
>> - make the programming interface the same as an existing device
>> 
> How strongly do you feel about this?
>
> For one thing, real devices are not as flexible as QEMU for flash
> sizes.  QEMU allows for any 64kb multiple bios size.  Real world
> devices generally only support powers of 2 sizes.
>
> Firmware hub devices are somewhat simplistic to emulate, but I think
> they use 16MB of address space, while only providing <= 1MB of flash
> storage.
>   

Up to 4 MB on real hardware, and if you use Parallel flash devices,
there is no limit at all (except cost). The software interface is
identical for read/write/erase/probe.

> SPI devices are available in many sizes, so it might be possible to
> choose a 16MB device to emulate.  But, it would be a lot more complex
> to emulate as it would it involve emulating an SPI contoller + the
> device.
>   

I have written a SPI flash chip emulator (it emulates 3 different
real-world SPI flash chips) and am willing to contribute it to Qemu if
there is interest. The code is pretty small, and adding a SPI host
controller emulator should be a few lines of code extra. Not a big problem.

> I thought this might be a case where deviation from real hardware
> emulation could better serve the VM's needs.
>   

If we have to write the code anyway, and if it can work just fine with
current KVM/Qemu, is there a reason not to use the same interface as
real hardware?

Regards,
Carl-Daniel

-- 
http://www.hailfinger.org/

Re: [Qemu-devel] RFC: emulation of system flash

Auf 10.03.2011 22:55, Jordan Justen schrieb:
> On Thu, Mar 10, 2011 at 13:37, Carl-Daniel Hailfinger
>  wrote:
>   
>> Auf 10.03.2011 05:51, Jordan Justen schrieb:
>> 
>>> I have documented a simple flash-like device which I think could be
>>> useful for qemu/kvm in some cases.  (Particularly for allowing
>>> persistent UEFI non-volatile variables.)
>>>
>>> http://wiki.qemu.org/Features/System_Flash
>>>
>>> Let me know if you have any suggestions or concerns.
>>>
>>>   
>> Is there any reason why you chose to invent an interface for the flash
>> chip which is more complicated than the interface used by common flash
>> chips out there?
>> Maybe some EFI requirement?
>> 
> This is a simpler version than the flash devices I'm used to dealing
> with for x86/x86-64 UEFI systems.  Can you suggest an alternative real
> interface that is simpler?
>   

Pseudocode for the real interface most common on x86 before SPI came along:

Write a page (256 bytes) or a few bytes:
chip_writeb(0xAA, bios_base + 0x);
chip_writeb(0x55, bios_base + 0x2AAA);
chip_writeb(0xA0, bios_base + 0x);
chip_writeb(databyte0, bios_base + addr);
chip_writeb(databyte1, bios_base + addr + 1);
chip_writeb(databyte2, bios_base + addr + 2);
chip_writeb(databyte3, bios_base + addr + 3);
... up to 256 databytes.
chip_readb(bios_base);
The last chip_readb(bios_base) is repeated until the result does not
change anymore.

For me, that looks pretty simple and straightforward, especially
compared to other more exotic flash chip interfaces.

Regards,
Carl-Daniel

-- 
http://www.hailfinger.org/

Re: [Qemu-devel] Re: RFC: emulation of system flash

Auf 10.03.2011 23:14, Jordan Justen schrieb:
> On Thu, Mar 10, 2011 at 13:52, Carl-Daniel Hailfinger
>  wrote:
>   
>> Auf 10.03.2011 19:43, Jordan Justen schrieb:
>> 
>>> I thought this might be a case where deviation from real hardware
>>> emulation could better serve the VM's needs.
>>>   
>> If we have to write the code anyway, and if it can work just fine with
>> current KVM/Qemu, is there a reason not to use the same interface as
>> real hardware?
>> 
> If there was a real device emulated by qemu, I would gladly make use
> of it in OVMF.
>   

Nice. So should I dig up my flash emulator code and check which chips
are supported? Porting the code to Qemu shouldn't be too hard.

> I just thought this proposal would be much easier to implement, and
> not be restricted to any particular size.  (Since -bios currently
> supports any size that is a multiple of 64kb.)  A real device is going
> to imply a certain size.
>   

Right, the constant size argument is definitely a point we need to talk
about.

We could sidestep the issue by always using a 16 MByte flash device
which gets filled from the top with the firmware image, but I'm not sure
if that has other side effects.
Another way to solve this would be to emulate multiple flash chips, one
per power-of-two size between 128 kB and 16 MB. Some SPI flash chip
families encode the size into their ID, so determining the size
algorithmically is as simple as calculating
1 << idbyte3
and emulating this is equally simple.

Regards,
Carl-Daniel

-- 
http://www.hailfinger.org/

Re: [Qemu-devel] Re: RFC: emulation of system flash

Auf 10.03.2011 23:58, Jordan Justen schrieb:
> On Thu, Mar 10, 2011 at 14:31, Carl-Daniel Hailfinger
>  wrote:
>   
>> Right, the constant size argument is definitely a point we need to talk
>> about.
>>
>> We could sidestep the issue by always using a 16 MByte flash device
>> which gets filled from the top with the firmware image, but I'm not sure
>> if that has other side effects.
>> Another way to solve this would be to emulate multiple flash chips, one
>> per power-of-two size between 128 kB and 16 MB. Some SPI flash chip
>> families encode the size into their ID, so determining the size
>> algorithmically is as simple as calculating
>> 1 << idbyte3
>> and emulating this is equally simple.
>> 
> Power of 2 from 128kb to 16MB sounds reasonable to me.
>
> How would the SPI host controller be discovered?

PCI ID of the ISA bridge of the chipset. AFAIK most flashing programs
out there use that criterion. There is one drawback, though: We should
use an interface which works well for all emulated chipsets in Qemu, and
that may a bit harder.
Is there a way to get PCI IDs of all emulated chipsets in Qemu so I can
take a look if there is a chance to to this correctly?

> Would the firmware
> be able to depend on having control of the device at OS runtime?  This
> would be needed for UEFI non-volatile variables to make sure they can
> always be written.
>   

UEFI _should not_ have control of the device at OS runtime on real
hardware for security reasons, unless UEFI slipped a rootkit into the
OS. Not sure about Windows, but I'm pretty sure Linux will not run any
UEFI code (except maybe during early init).

Think flash update. If some flash update software runs under your OS of
choice, and UEFI is allowed to perform read/write accesses to flash at
the same time, you will get random corruption. You could do it like some
AMD chipsets, and provide some sort of semaphore for flash access
coordination between a flash updater and the BIOS/EFI, but I don't think
any Intel chipset can do that. Newer Intel chipsets allow locking out
flash accesses not coming from the management engine, but UEFI does not
run in the management engine, so that feature won't help us here.

That said, if any OS out there indeed runs UEFI code regularly during OS
runtime, and that UEFI code wants to access flash, it has to hope that
nobody else is trying to access flash at the same time. An easy way out
would be to use the ACPI NVS region while the machine is running an OS,
but changes would not automatically be persistent without help from the
OS or some ACPI handler on shutdown.

Regards,
Carl-Daniel

-- 
http://www.hailfinger.org/

Re: [Qemu-devel] RFC: emulation of system flash

Hi Jordan,

thanks for your insights.

Auf 10.03.2011 23:29, Jordan Justen schrieb:
> On Thu, Mar 10, 2011 at 14:10, Carl-Daniel Hailfinger
>  wrote:
>   
>> Auf 10.03.2011 22:55, Jordan Justen schrieb:
>> 
>>> On Thu, Mar 10, 2011 at 13:37, Carl-Daniel Hailfinger
>>>  wrote:
>>>   
>>>> Is there any reason why you chose to invent an interface for the flash
>>>> chip which is more complicated than the interface used by common flash
>>>> chips out there?
>>>> Maybe some EFI requirement?
>>>> 
>>> This is a simpler version than the flash devices I'm used to dealing
>>> with for x86/x86-64 UEFI systems.  Can you suggest an alternative real
>>> interface that is simpler?
>>>   
>> Pseudocode for the real interface most common on x86 before SPI came along:
>>
>> Write a page (256 bytes) or a few bytes:
>> chip_writeb(0xAA, bios_base + 0x);
>> chip_writeb(0x55, bios_base + 0x2AAA);
>> chip_writeb(0xA0, bios_base + 0x);
>> chip_writeb(databyte0, bios_base + addr);
>> chip_writeb(databyte1, bios_base + addr + 1);
>> chip_writeb(databyte2, bios_base + addr + 2);
>> chip_writeb(databyte3, bios_base + addr + 3);
>> ... up to 256 databytes.
>> chip_readb(bios_base);
>> The last chip_readb(bios_base) is repeated until the result does not
>> change anymore.
>>
>> For me, that looks pretty simple and straightforward, especially
>> compared to other more exotic flash chip interfaces.
>> 
> I disagree that you think my proposal is more complicated than this example.
>   

Upon rereading your proposal, I think the unfamiliarity of the proposed
interface and the index/data design triggered my "complicated" reflex.

> But, I would agree, that all other things being equal, emulating a
> real device would be preferable.
>
> I would like to know what people's thoughts are regarding supporting
> various devices sizes.  I think that right now -bios should support
> files sizes that are multiples of 64kb up to ~16MB.  (Perhaps even
> larger.)
>   

On recent Intel chipsets you are limited to 16 MB mapped to the top of
the 32bit address space. The same limitation exists for most other x86
chipsets as well. That said, some people may want bigger images, but for
x86 this may cause conflicts with the HPET region.

> A large -bios file can be interesting for embedding an OS image into
> the rom/flash device...
>   

I've seen people embed coreboot+Linux+X.org into a 4 MB image on x86, so
I think 16 MB are plenty (flash bigger than that is either NAND or
expensive or slow, and would require significant effort to emulate
correctly (NAND) or simply not exist in consumer equipment for
speed/money reasons).

> Carl-Daniel, do you think we can address this while still supporting
> real hardware emulation?
>   

If we restrict ourselves to the 128kB-16MB range, I think I can find a
flash chip family which has the criteria we want. 64 kByte flash chips
still exist, but usually not as part of a family which reaches 16 MByte.

We should decide first if we want SPI flash or Parallel flash, and then
I can try to find a matching flash chip family.

Regards,
Carl-Daniel

-- 
http://www.hailfinger.org/

[Qemu-devel] Re: RFC: emulation of system flash