date:20120803

Il 03/08/2012 06:02, Cong Meng ha scritto:
 Correct the command names of opcode 0x85 and 0xa1, and calculate
 their xfer size from CDB.
 
 ChangeLog:
 v2: For opcode 0xa1 on TYPE_ROM device, do not calc the xfer size
 v3: Complete xfer calculation of all situations
 
 Signed-off-by: Cong Meng m...@linux.vnet.ibm.com

Thanks, applied to block branch.

Paolo

Re: [Qemu-devel] [PATCH] add support for ATA_PASSTHROUGH_xx scsi command

Il 03/08/2012 08:57, Paolo Bonzini ha scritto:
 Il 03/08/2012 06:02, Cong Meng ha scritto:
  Correct the command names of opcode 0x85 and 0xa1, and calculate
  their xfer size from CDB.
  
  ChangeLog:
  v2: For opcode 0xa1 on TYPE_ROM device, do not calc the xfer size
  v3: Complete xfer calculation of all situations
  
  Signed-off-by: Cong Meng m...@linux.vnet.ibm.com
 Thanks, applied to block branch.

Ehm, scsi-next.

[Qemu-devel] [PATCH] build: change dist target to use xz

2012-08-03 Thread Brad Smith

If a compression format other than gzip is used we might
as well move to xz instead of bzip2.

11.0M qemu-1.1.1-1.tar.gz
9.2M  qemu-1.1.1-1.tar.bz2
7.3M  qemu-1.1.1-1.tar.xz

---
 Makefile |6 +++---
 scripts/make-release |2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 621cb86..9fbaa0e 100644
--- a/Makefile
+++ b/Makefile
@@ -234,10 +234,10 @@ clean:
 
 VERSION ?= $(shell cat VERSION)
 
-dist: qemu-$(VERSION).tar.bz2
+dist: qemu-$(VERSION).tar.xz
 
-qemu-%.tar.bz2:
-   $(SRC_PATH)/scripts/make-release $(SRC_PATH) $(patsubst 
qemu-%.tar.bz2,%,$@)
+qemu-%.tar.xz:
+   $(SRC_PATH)/scripts/make-release $(SRC_PATH) $(patsubst 
qemu-%.tar.xz,%,$@)
 
 distclean: clean
rm -f config-host.mak config-host.h* config-host.ld $(DOCS) 
qemu-options.texi qemu-img-cmds.texi qemu-monitor.texi
diff --git a/scripts/make-release b/scripts/make-release
index 196c755..2237afd 100755
--- a/scripts/make-release
+++ b/scripts/make-release
@@ -20,5 +20,5 @@ git checkout v${version}
 git submodule update --init
 rm -rf .git roms/*/.git
 popd
-tar cfj ${destination}.tar.bz2 ${destination}
+XZ_OPT=-9 tar cfJ ${destination}.tar.xz ${destination}
 rm -rf ${destination}
-- 
1.7.6


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

[Qemu-devel] Smc support in qemu

2012-08-03 Thread Itaru Kitayama

The recent upstream highbank kernel uses smc to enable its L2 cache,
but on a qemu virt machine
it is not supported yet. Is it likely supported by qemu soon? What is
the time frame for that?

If support can not be expected any time soon, how do we work around
the issue? I have been using
qemu-linaro-1.1.50-2012.07.

Itaru

Re: [Qemu-devel] [PATCH] [RFC] libqblock draft code v1

2012-08-03 Thread Wenchao Xia


于 2012-8-2 19:13, Paolo Bonzini 写道:

Il 02/08/2012 13:11, Daniel P. Berrange ha scritto:

Please include GPLv2+ license headers in new source files you create.
See existing code like include/qemu/object.h for the license header
text.


Actually, LGPLv2+ (or compatible, like BSD), if you plan on making this
a reusable library.  GPLv2+ is too strict for libvirt to use directly.

NB, i don't see libvirt being able to use this library regardless
of license, due to its reliance on glib + abort-on-OOM behaviour


Regarding glib, perhaps we could provide a small wrapper with the few
functions we actually use.


   That is what I expect, replace g_malloc and g_free in
the library, and reports OOM. This may changes some code in qemu block
layer.


Paolo




--
Best Regards

Wenchao Xia

[Qemu-devel] [PULL 00/10] SCSI patches for 2012-08-03

Anthony,

The following changes since commit 5e3bc7144edd6e4fa2824944e5eb16c28197dd5a:

  Merge remote-tracking branch 'mst/tags/for_anthony' into staging (2012-07-30 
10:00:48 -0500)

are available in the git repository at:


  git://github.com/bonzini/qemu.git scsi-next

for you to fetch changes up to b71760ef6180662cc2dff1f6cf673a53508c59f1:

  scsi: add support for ATA_PASSTHROUGH_xx scsi command (2012-08-03 10:04:37 
+0200)

The main change here is re-enabling megasas, but there's also Herve's
retro HBA and a couple of random fixes.


Cong Meng (1):
  scsi: add support for ATA_PASSTHROUGH_xx scsi command

Hannes Reinecke (1):
  megasas: static SAS addresses

Hervé Poussineau (2):
  esp: add missing const on TypeInfo structures
  esp: add Tekram DC-390 emulation (PC SCSI adapter)

Paolo Bonzini (3):
  scsi-disk: fix compilation with DEBUG_SCSI
  Revert megasas: disable due to build breakage
  esp: enable for all PCI machines

Ronnie Sahlberg (2):
  SCSI: Update the sense code for PREVENT REMOVAL errors
  SCSI: STARTSTOPUNIT only eject/load media if powercondition is 0

Stefan Weil (1):
  megasas: Update function megasys_scsi_uninit

 default-configs/i386-softmmu.mak |1 -
 default-configs/pci.mak  |2 +
 hw/esp.c |  130 +-
 hw/megasas.c |   68 ++--
 hw/mfi.h |1 +
 hw/scsi-bus.c|   92 +--
 hw/scsi-defs.h   |4 +-
 hw/scsi-disk.c   |   29 +
 8 files changed, 286 insertions(+), 41 deletions(-)
-- 
1.7.10.4

[Qemu-devel] [PATCH 03/10] megasas: Update function megasys_scsi_uninit

From: Stefan Weil s...@weilnetz.de

Commit f90c2bcdbc69e41e575f868b984c3e2de8f51bac changed
PCIUnregisterFunc, therefore the function prototype
needs an update.

megasas.o is currently not linked, so this bug was not
detected by the buildbots.

Signed-off-by: Stefan Weil s...@weilnetz.de
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/megasas.c |3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/megasas.c b/hw/megasas.c
index 9a0eab1..8a4960f 100644
--- a/hw/megasas.c
+++ b/hw/megasas.c
@@ -2040,7 +2040,7 @@ static const VMStateDescription vmstate_megasas = {
 }
 };
 
-static int megasas_scsi_uninit(PCIDevice *d)
+static void megasas_scsi_uninit(PCIDevice *d)
 {
 MegasasState *s = DO_UPCAST(MegasasState, dev, d);
 
@@ -2050,7 +2050,6 @@ static int megasas_scsi_uninit(PCIDevice *d)
 memory_region_destroy(s-mmio_io);
 memory_region_destroy(s-port_io);
 memory_region_destroy(s-queue_io);
-return 0;
 }
 
 static const struct SCSIBusInfo megasas_scsi_info = {
-- 
1.7.10.4

[Qemu-devel] [PATCH 05/10] megasas: static SAS addresses

From: Hannes Reinecke h...@suse.de

This patch introduces a new property 'sas_address' which
allows the user to specify the SAS address for the HBA.
The default address is following the NAA locally assigned
identifier format with the locally assigned address
0x525400 as used eg for the MAC addresses.
The lower bytes are set to the pci address which
will ensure uniqueness for the local machine.

The port addresses are now calculated based on the magic
number 0x1221 (which is found in real hardware, too) plus
the device number.

Signed-off-by: Hannes Reinecke h...@suse.de
Cc: Paolo Bonzini pbonz...@redhat.com
Cc: Andreas Faerber afaer...@suse.de
Cc: Anthony Liguori anth...@codemonkey.ws
Cc: Alexander Graf ag...@suse.de
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/megasas.c |   65 +++---
 hw/mfi.h |1 +
 2 files changed, 49 insertions(+), 17 deletions(-)

diff --git a/hw/megasas.c b/hw/megasas.c
index 8a4960f..c35a15d 100644
--- a/hw/megasas.c
+++ b/hw/megasas.c
@@ -38,6 +38,9 @@
 #define MEGASAS_MAX_SECTORS 0x  /* No real limit */
 #define MEGASAS_MAX_ARRAYS 128
 
+#define NAA_LOCALLY_ASSIGNED_ID 0x3ULL
+#define IEEE_COMPANY_LOCALLY_ASSIGNED 0x525400
+
 #define MEGASAS_FLAG_USE_JBOD  0
 #define MEGASAS_MASK_USE_JBOD  (1  MEGASAS_FLAG_USE_JBOD)
 #define MEGASAS_FLAG_USE_MSIX  1
@@ -89,6 +92,8 @@ typedef struct MegasasState {
 int shutdown_event;
 int boot_event;
 
+uint64_t sas_addr;
+
 uint64_t reply_queue_pa;
 void *reply_queue;
 int reply_queue_len;
@@ -372,14 +377,16 @@ static uint64_t megasas_fw_time(void)
 return bcd_time;
 }
 
-static uint64_t megasas_gen_sas_addr(uint64_t id)
+/*
+ * Default disk sata address
+ * 0x1221 is the magic number as
+ * present in real hardware,
+ * so use it here, too.
+ */
+static uint64_t megasas_get_sata_addr(uint16_t id)
 {
-uint64_t addr;
-
-addr = 0x5001a4aULL  36;
-addr |= id  0xf;
-
-return addr;
+uint64_t addr = (0x1221ULL  48);
+return addr  (id  24);
 }
 
 /*
@@ -652,10 +659,7 @@ static int megasas_ctrl_get_info(MegasasState *s, 
MegasasCmd *cmd)
 size_t dcmd_size = sizeof(info);
 BusChild *kid;
 int num_ld_disks = 0;
-
-QTAILQ_FOREACH(kid, s-bus.qbus.children, sibling) {
-num_ld_disks++;
-}
+uint16_t sdev_id;
 
 memset(info, 0x0, cmd-iov_size);
 if (cmd-iov_size  dcmd_size) {
@@ -669,10 +673,29 @@ static int megasas_ctrl_get_info(MegasasState *s, 
MegasasCmd *cmd)
 info.pci.subvendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
 info.pci.subdevice = cpu_to_le16(0x1013);
 
-info.host.type = MFI_INFO_HOST_PCIX;
+/*
+ * For some reason the firmware supports
+ * only up to 8 device ports.
+ * Despite supporting a far larger number
+ * of devices for the physical devices.
+ * So just display the first 8 devices
+ * in the device port list, independent
+ * of how many logical devices are actually
+ * present.
+ */
+info.host.type = MFI_INFO_HOST_PCIE;
 info.device.type = MFI_INFO_DEV_SAS3G;
-info.device.port_count = 2;
-info.device.port_addr[0] = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
+info.device.port_count = 8;
+QTAILQ_FOREACH(kid, s-bus.qbus.children, sibling) {
+SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, kid-child);
+
+if (num_ld_disks  8) {
+sdev_id = ((sdev-id  0xFF)  8) | (sdev-lun  0xFF);
+info.device.port_addr[num_ld_disks] =
+cpu_to_le64(megasas_get_sata_addr(sdev_id));
+}
+num_ld_disks++;
+}
 
 memcpy(info.product_name, MegaRAID SAS 8708EM2, 20);
 snprintf(info.serial_number, 32, QEMU%08lx,
@@ -761,7 +784,7 @@ static int megasas_mfc_get_defaults(MegasasState *s, 
MegasasCmd *cmd)
 return MFI_STAT_INVALID_PARAMETER;
 }
 
-info.sas_addr = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
+info.sas_addr = cpu_to_le64(s-sas_addr);
 info.stripe_size = 3;
 info.flush_time = 4;
 info.background_rate = 30;
@@ -891,7 +914,7 @@ static int megasas_dcmd_pd_get_list(MegasasState *s, 
MegasasCmd *cmd)
 info.addr[num_pd_disks].scsi_dev_type = sdev-type;
 info.addr[num_pd_disks].connect_port_bitmap = 0x1;
 info.addr[num_pd_disks].sas_addr[0] =
-cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
+cpu_to_le64(megasas_get_sata_addr(sdev_id));
 num_pd_disks++;
 offset += sizeof(struct mfi_pd_address);
 }
@@ -994,7 +1017,7 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, 
int lun,
 info-slot_number = (sdev-id  0xFF);
 info-path_info.count = 1;
 info-path_info.sas_addr[0] =
-cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
+cpu_to_le64(megasas_get_sata_addr(sdev_id));
 info-connected_port_bitmap = 0x1;
 info-device_speed = 1;
 info-link_speed = 1;
@@ -2102,6 +2125,13 @@ static

[Qemu-devel] [PATCH 04/10] scsi-disk: fix compilation with DEBUG_SCSI

Reported-by: Gerhard Wiesinger li...@wiesinger.com
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/scsi-disk.c |   23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index e2ec177..a9c7279 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -447,7 +447,7 @@ static void scsi_write_complete(void * opaque, int ret)
 return;
 } else {
 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
-DPRINTF(Write complete tag=0x%x more=%d\n, r-req.tag, r-qiov.size);
+DPRINTF(Write complete tag=0x%x more=%zd\n, r-req.tag, 
r-qiov.size);
 scsi_req_data(r-req, r-qiov.size);
 }
 
@@ -1277,7 +1277,7 @@ static void scsi_disk_emulate_read_data(SCSIRequest *req)
 int buflen = r-iov.iov_len;
 
 if (buflen) {
-DPRINTF(Read buf_len=%zd\n, buflen);
+DPRINTF(Read buf_len=%d\n, buflen);
 r-iov.iov_len = 0;
 r-started = true;
 scsi_req_data(r-req, buflen);
@@ -1455,7 +1455,7 @@ static void scsi_disk_emulate_write_data(SCSIRequest *req)
 
 if (r-iov.iov_len) {
 int buflen = r-iov.iov_len;
-DPRINTF(Write buf_len=%zd\n, buflen);
+DPRINTF(Write buf_len=%d\n, buflen);
 r-iov.iov_len = 0;
 scsi_req_data(r-req, buflen);
 return;
@@ -2093,23 +2093,24 @@ static SCSIRequest *scsi_new_request(SCSIDevice *d, 
uint32_t tag, uint32_t lun,
 const SCSIReqOps *ops;
 uint8_t command;
 
+command = buf[0];
+ops = scsi_disk_reqops_dispatch[command];
+if (!ops) {
+ops = scsi_disk_emulate_reqops;
+}
+req = scsi_req_alloc(ops, s-qdev, tag, lun, hba_private);
+
 #ifdef DEBUG_SCSI
-DPRINTF(Command: lun=%d tag=0x%x data=0x%02x, lun, buf[0]);
+DPRINTF(Command: lun=%d tag=0x%x data=0x%02x, lun, tag, buf[0]);
 {
 int i;
-for (i = 1; i  r-req.cmd.len; i++) {
+for (i = 1; i  req-cmd.len; i++) {
 printf( 0x%02x, buf[i]);
 }
 printf(\n);
 }
 #endif
 
-command = buf[0];
-ops = scsi_disk_reqops_dispatch[command];
-if (!ops) {
-ops = scsi_disk_emulate_reqops;
-}
-req = scsi_req_alloc(ops, s-qdev, tag, lun, hba_private);
 return req;
 }
 
-- 
1.7.10.4

[Qemu-devel] [PATCH 06/10] Revert megasas: disable due to build breakage

This reverts commit 92336855975805d88c7979f53bc05c2d47abab04.

Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 default-configs/pci.mak |1 +
 1 file changed, 1 insertion(+)

diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 9d3e1db..4b49c00 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -10,6 +10,7 @@ CONFIG_EEPRO100_PCI=y
 CONFIG_PCNET_PCI=y
 CONFIG_PCNET_COMMON=y
 CONFIG_LSI_SCSI_PCI=y
+CONFIG_MEGASAS_SCSI_PCI=y
 CONFIG_RTL8139_PCI=y
 CONFIG_E1000_PCI=y
 CONFIG_IDE_CORE=y
-- 
1.7.10.4

[Qemu-devel] [PATCH 10/10] scsi: add support for ATA_PASSTHROUGH_xx scsi command

From: Cong Meng m...@linux.vnet.ibm.com

Correct the command names of opcode 0x85 and 0xa1, and calculate
their xfer size from CDB.

Signed-off-by: Cong Meng m...@linux.vnet.ibm.com
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/scsi-bus.c  |   88 ++--
 hw/scsi-defs.h |4 +--
 2 files changed, 87 insertions(+), 5 deletions(-)

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 68049f6..6120cc8 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -733,6 +733,72 @@ static int scsi_get_performance_length(int num_desc, int 
type, int data_type)
 }
 }
 
+static int ata_passthrough_xfer_unit(SCSIDevice *dev, uint8_t *buf)
+{
+int byte_block = (buf[2]  2)  0x1;
+int type = (buf[2]  4)  0x1;
+int xfer_unit;
+
+if (byte_block) {
+if (type) {
+xfer_unit = dev-blocksize;
+} else {
+xfer_unit = 512;
+}
+} else {
+xfer_unit = 1;
+}
+
+return xfer_unit;
+}
+
+static int ata_passthrough_12_xfer_size(SCSIDevice *dev, uint8_t *buf)
+{
+int length = buf[2]  0x3;
+int xfer;
+int unit = ata_passthrough_xfer_unit(dev, buf);
+
+switch (length) {
+case 0:
+case 3: /* USB-specific.  */
+xfer = 0;
+break;
+case 1:
+xfer = buf[3];
+break;
+case 2:
+xfer = buf[4];
+break;
+}
+
+return xfer * unit;
+}
+
+static int ata_passthrough_16_xfer_size(SCSIDevice *dev, uint8_t *buf)
+{
+int extend = buf[1]  0x1;
+int length = buf[2]  0x3;
+int xfer;
+int unit = ata_passthrough_xfer_unit(dev, buf);
+
+switch (length) {
+case 0:
+case 3: /* USB-specific.  */
+xfer = 0;
+break;
+case 1:
+xfer = buf[4];
+xfer |= (extend ? buf[3]  8 : 0);
+break;
+case 2:
+xfer = buf[6];
+xfer |= (extend ? buf[5]  8 : 0);
+break;
+}
+
+return xfer * unit;
+}
+
 static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf)
 {
 switch (buf[0]  5) {
@@ -867,6 +933,17 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice 
*dev, uint8_t *buf)
 cmd-xfer = buf[9] | (buf[8]  8);
 }
 break;
+case ATA_PASSTHROUGH_12:
+if (dev-type == TYPE_ROM) {
+/* BLANK command of MMC */
+cmd-xfer = 0;
+} else {
+cmd-xfer = ata_passthrough_12_xfer_size(dev, buf);
+}
+break;
+case ATA_PASSTHROUGH_16:
+cmd-xfer = ata_passthrough_16_xfer_size(dev, buf);
+break;
 }
 return 0;
 }
@@ -996,9 +1073,14 @@ static void scsi_cmd_xfer_mode(SCSICommand *cmd)
 case SEND_DVD_STRUCTURE:
 case PERSISTENT_RESERVE_OUT:
 case MAINTENANCE_OUT:
-case ATA_PASSTHROUGH:
 cmd-mode = SCSI_XFER_TO_DEV;
 break;
+case ATA_PASSTHROUGH_12:
+case ATA_PASSTHROUGH_16:
+/* T_DIR */
+cmd-mode = (cmd-buf[2]  0x8) ?
+   SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV;
+break;
 default:
 cmd-mode = SCSI_XFER_FROM_DEV;
 break;
@@ -1335,7 +1417,7 @@ static const char *scsi_command_name(uint8_t cmd)
 [ PERSISTENT_RESERVE_OUT   ] = PERSISTENT_RESERVE_OUT,
 [ WRITE_FILEMARKS_16   ] = WRITE_FILEMARKS_16,
 [ EXTENDED_COPY] = EXTENDED_COPY,
-[ ATA_PASSTHROUGH  ] = ATA_PASSTHROUGH,
+[ ATA_PASSTHROUGH_16   ] = ATA_PASSTHROUGH_16,
 [ ACCESS_CONTROL_IN] = ACCESS_CONTROL_IN,
 [ ACCESS_CONTROL_OUT   ] = ACCESS_CONTROL_OUT,
 [ READ_16  ] = READ_16,
@@ -1352,7 +1434,7 @@ static const char *scsi_command_name(uint8_t cmd)
 [ SERVICE_ACTION_IN_16 ] = SERVICE_ACTION_IN_16,
 [ WRITE_LONG_16] = WRITE_LONG_16,
 [ REPORT_LUNS  ] = REPORT_LUNS,
-[ BLANK] = BLANK,
+[ ATA_PASSTHROUGH_12   ] = BLANK/ATA_PASSTHROUGH_12,
 [ MOVE_MEDIUM  ] = MOVE_MEDIUM,
 [ EXCHANGE_MEDIUM  ] = EXCHANGE MEDIUM,
 [ LOAD_UNLOAD  ] = LOAD_UNLOAD,
diff --git a/hw/scsi-defs.h b/hw/scsi-defs.h
index 8a73f74..d7a4019 100644
--- a/hw/scsi-defs.h
+++ b/hw/scsi-defs.h
@@ -100,7 +100,7 @@
 #define READ_REVERSE_16   0x81
 #define ALLOW_OVERWRITE   0x82
 #define EXTENDED_COPY 0x83
-#define ATA_PASSTHROUGH   0x85
+#define ATA_PASSTHROUGH_160x85
 #define ACCESS_CONTROL_IN 0x86
 #define ACCESS_CONTROL_OUT0x87
 #define READ_16   0x88
@@ -117,7 +117,7 @@
 #define SERVICE_ACTION_IN_16  0x9e
 #define WRITE_LONG_16 0x9f
 #define REPORT_LUNS   0xa0
-#define BLANK 0xa1
+#define ATA_PASSTHROUGH_120xa1
 #define MAINTENANCE_IN0xa3
 #define MAINTENANCE_OUT   0xa4
 #define MOVE_MEDIUM   0xa5
-- 
1.7.10.4

Re: [Qemu-devel] Smc support in qemu

2012-08-03 Thread Laurent Desnogues

On Thu, Aug 2, 2012 at 2:20 PM, Itaru Kitayama kitay...@cl.bb4u.ne.jp wrote:
 The recent upstream highbank kernel uses smc to enable its L2 cache,
 but on a qemu virt machine
 it is not supported yet. Is it likely supported by qemu soon? What is
 the time frame for that?

For other people reading this, SMC is the instruction used by ARM
processors to call routines written in the Secure world.  The issue
here is that even if you had support for that instruction, it wouldn't
be enough because each platform has different SMC
implementations, which code of course is not public, and quite
often even the API is undocumented.

Riku Voipio has a branch which implements some basic security
stuff here:

http://git.linaro.org/gitweb?p=people/rikuvoipio/qemu.git;a=shortlog;h=refs/heads/linaro

(That branch is old, but it can help to understand the basic
stuff needed.)

In helper.c:

 case EXCP_SMC:
 if (semihosting_enabled) {
 cpu_abort(env, SMC handling under semihosting not implemented\n);
 return;
 }
 if ((env-uncached_cpsr  CPSR_M) == ARM_CPU_MODE_SMC) {
 env-cp15.c1_secfg = ~1;
 }
 offset = env-thumb ? 2 : 0;
 new_mode = ARM_CPU_MODE_SMC;
 addr = 0x08;
 mask = CPSR_A | CPSR_I | CPSR_F;
 break;

If you know the SMC API, you could perhaps plug some code
to run when semihosting_enabled is set (though that might
conflict with the other uses of that flag, so one could perhaps
use some other flag that would say if we simulate SMC code
for OMAP, or Calxeda, or Tegra 3, etc.).

 If support can not be expected any time soon, how do we work around
 the issue? I have been using
 qemu-linaro-1.1.50-2012.07.

I'm afraid the easiest way is to patch the kernel.


Laurent

Re: [Qemu-devel] [PATCH 1/6 v11] docs: spec for add-cow file format

On Fri, Aug 3, 2012 at 6:56 AM, Dong Xu Wang wdon...@linux.vnet.ibm.com wrote:
 On Thu, Aug 2, 2012 at 6:44 PM, Stefan Hajnoczi stefa...@gmail.com wrote:
 On Thu, Aug 2, 2012 at 8:09 AM, Dong Xu Wang wdon...@linux.vnet.ibm.com 
 wrote:
 On Wed, Aug 1, 2012 at 9:55 PM, Stefan Hajnoczi stefa...@gmail.com wrote:
 On Tue, Jul 31, 2012 at 5:51 PM, Dong Xu Wang
 wdon...@linux.vnet.ibm.com wrote:
 +test.raw may be larger than ubuntu.img, in that case, the size of 
 test.add-cow
 +will be calculated by the size of ubuntu.img, test.raw will be used from 
 the
 +1st byte, the rest part can be used for other purpose.

 This is not how backing files normally work.  With qcow2 or qed a
 smaller backing file just means that the guest reads zeroes from the
 areas beyond the end of the backing file.  Is there a special reason
 why you want to implement the behavior you described in the spec?
 Otherwise I suggest implementing the same behavior as qcow2/qed.

 The size of add-cow will be caclulated by the size of backing_file, if
 backing_file can be smaller, how can I get the size of add-cow while
 being created?

 Do you mean like following steps?
 1) qemu-img create -f qcow2 source.qcow2 *8G*
 2) qemu-img create -f t.add-cow -o backing_file=source.qcow2,image_file=t 
 *10G*
 And then reading un-allocated bytes from add-cow after 8G will be 0?

 Yes.  You could also get the virtual disk size from the size of the
 image_file during creation.

 Eric said I shoud make sure  we also support a raw file larger than
 the backing file. so
 add-cow will have the same virtual size with image_file, and their
 virtual size can be larger
 than backing_file's.

Yes.  Please update the spec because it says the opposite:

test.raw may be larger than ubuntu.img, in that case, the size of
test.add-cow will be calculated by the size of ubuntu.img

It should use the size of test.raw.

Stefan

[Qemu-devel] [PATCH 07/10] esp: enable for all PCI machines

Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 default-configs/i386-softmmu.mak |1 -
 default-configs/pci.mak  |1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index fee8cde..2c78175 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -25,4 +25,3 @@ CONFIG_HPET=y
 CONFIG_APPLESMC=y
 CONFIG_I8259=y
 CONFIG_PFLASH_CFI01=y
-CONFIG_ESP=y
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 4b49c00..9febb47 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -17,3 +17,4 @@ CONFIG_IDE_CORE=y
 CONFIG_IDE_QDEV=y
 CONFIG_IDE_PCI=y
 CONFIG_AHCI=y
+CONFIG_ESP=y
-- 
1.7.10.4

[Qemu-devel] [PATCH 01/10] SCSI: Update the sense code for PREVENT REMOVAL errors

From: Ronnie Sahlberg ronniesahlb...@gmail.com

Change the sense codes for failures to eject a device that is locked
by PREVENT_ALLOW_MEDIUM_REMOVAL from
the generic MEDIA_LOAD_OR_EJECT_FAILED to the more specific
MEDIUM_REMOVAL_PREVENTED.

The second sense code is more accurate, and is also listed in MMC annex F
for the recommended sense codes for MMC devices while the first sense code is 
not.

Signed-off-by: Ronnie Sahlberg ronniesahlb...@gmail.com
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/scsi-bus.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index e4ec19e..68049f6 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -1103,7 +1103,7 @@ const struct SCSISense sense_code_NO_MEDIUM = {
 
 /* LUN not ready, medium removal prevented */
 const struct SCSISense sense_code_NOT_READY_REMOVAL_PREVENTED = {
-.key = NOT_READY, .asc = 0x53, .ascq = 0x00
+.key = NOT_READY, .asc = 0x53, .ascq = 0x02
 };
 
 /* Hardware error, internal target failure */
@@ -1153,7 +1153,7 @@ const struct SCSISense sense_code_INCOMPATIBLE_FORMAT = {
 
 /* Illegal request, medium removal prevented */
 const struct SCSISense sense_code_ILLEGAL_REQ_REMOVAL_PREVENTED = {
-.key = ILLEGAL_REQUEST, .asc = 0x53, .ascq = 0x00
+.key = ILLEGAL_REQUEST, .asc = 0x53, .ascq = 0x02
 };
 
 /* Command aborted, I/O process terminated */
-- 
1.7.10.4

[Qemu-devel] [PATCH 08/10] esp: add missing const on TypeInfo structures

From: Hervé Poussineau hpous...@reactos.org

Signed-off-by: Hervé Poussineau hpous...@reactos.org
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/esp.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/esp.c b/hw/esp.c
index a011347..77f5707 100644
--- a/hw/esp.c
+++ b/hw/esp.c
@@ -816,7 +816,7 @@ static void sysbus_esp_class_init(ObjectClass *klass, void 
*data)
 dc-vmsd = vmstate_sysbus_esp_scsi;
 }
 
-static TypeInfo sysbus_esp_info = {
+static const TypeInfo sysbus_esp_info = {
 .name  = esp,
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(SysBusESPState),
@@ -1176,7 +1176,7 @@ static void esp_pci_class_init(ObjectClass *klass, void 
*data)
 dc-vmsd = vmstate_esp_pci_scsi;
 }
 
-static TypeInfo esp_pci_info = {
+static const TypeInfo esp_pci_info = {
 .name = am53c974,
 .parent = TYPE_PCI_DEVICE,
 .instance_size = sizeof(PCIESPState),
-- 
1.7.10.4

Re: [Qemu-devel] Smc support in qemu

On 3 August 2012 09:15, Laurent Desnogues laurent.desnog...@gmail.com wrote:
 On Thu, Aug 2, 2012 at 2:20 PM, Itaru Kitayama kitay...@cl.bb4u.ne.jp wrote:
 The recent upstream highbank kernel uses smc to enable its L2 cache,
 but on a qemu virt machine
 it is not supported yet. Is it likely supported by qemu soon? What is
 the time frame for that?

(cc'd the highbank maintainer)

 For other people reading this, SMC is the instruction used by ARM
 processors to call routines written in the Secure world.  The issue
 here is that even if you had support for that instruction, it wouldn't
 be enough because each platform has different SMC
 implementations, which code of course is not public, and quite
 often even the API is undocumented.

Oh, that SMC. I thought we might be talking about the hardware
manufacturer...

 Riku Voipio has a branch which implements some basic security
 stuff here:

 http://git.linaro.org/gitweb?p=people/rikuvoipio/qemu.git;a=shortlog;h=refs/heads/linaro

That's just a personal (and as you say old) copy of qemu-linaro.
qemu-linaro proper is here:
http://git.linaro.org/gitweb?p=qemu/qemu-linaro.git;a=shortlog;h=refs/heads/rebasing

My proposal for how we should handle SMC is here:
http://lists.gnu.org/archive/html/qemu-devel/2012-05/msg03012.html

(the code in qemu-linaro for SMC is similar to that but not
exactly the same semantics).

-- PMM

[Qemu-devel] [PATCH 09/10] esp: add Tekram DC-390 emulation (PC SCSI adapter)

From: Hervé Poussineau hpous...@reactos.org

Difference with AMD PCscsi is that DC-390 contains a EEPROM.

This has been successfully tested on:
- MS DOS 6.22 (using DC390 ASPI driver)
- MS Windows 98 SE (using DC390 driver)
- MS Windows NT 3.1 (using DC390 driver)
- MS Windows NT 4.0 (using DC390 driver)
- hard disk and cdrom boot

Signed-off-by: Hervé Poussineau hpous...@reactos.org
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/esp.c |  126 +-
 1 file changed, 125 insertions(+), 1 deletion(-)

diff --git a/hw/esp.c b/hw/esp.c
index 77f5707..0bdc8be 100644
--- a/hw/esp.c
+++ b/hw/esp.c
@@ -26,6 +26,7 @@
 #include sysbus.h
 #include pci.h
 #include scsi.h
+#include eeprom93xx.h
 #include esp.h
 #include trace.h
 #include qemu-log.h
@@ -823,6 +824,9 @@ static const TypeInfo sysbus_esp_info = {
 .class_init= sysbus_esp_class_init,
 };
 
+
+#define TYPE_AM53C974_DEVICE am53c974
+
 #define DMA_CMD   0x0
 #define DMA_STC   0x1
 #define DMA_SPA   0x2
@@ -1177,16 +1181,136 @@ static void esp_pci_class_init(ObjectClass *klass, 
void *data)
 }
 
 static const TypeInfo esp_pci_info = {
-.name = am53c974,
+.name = TYPE_AM53C974_DEVICE,
 .parent = TYPE_PCI_DEVICE,
 .instance_size = sizeof(PCIESPState),
 .class_init = esp_pci_class_init,
 };
 
+typedef struct {
+PCIESPState pci;
+eeprom_t *eeprom;
+} DC390State;
+
+#define TYPE_DC390_DEVICE dc390
+#define DC390(obj) \
+OBJECT_CHECK(DC390State, obj, TYPE_DC390_DEVICE)
+
+#define EE_ADAPT_SCSI_ID 64
+#define EE_MODE2 65
+#define EE_DELAY 66
+#define EE_TAG_CMD_NUM   67
+#define EE_ADAPT_OPTIONS 68
+#define EE_BOOT_SCSI_ID  69
+#define EE_BOOT_SCSI_LUN 70
+#define EE_CHKSUM1   126
+#define EE_CHKSUM2   127
+
+#define EE_ADAPT_OPTION_F6_F8_AT_BOOT   0x01
+#define EE_ADAPT_OPTION_BOOT_FROM_CDROM 0x02
+#define EE_ADAPT_OPTION_INT13   0x04
+#define EE_ADAPT_OPTION_SCAM_SUPPORT0x08
+
+
+static uint32_t dc390_read_config(PCIDevice *dev, uint32_t addr, int l)
+{
+DC390State *pci = DC390(dev);
+uint32_t val;
+
+val = pci_default_read_config(dev, addr, l);
+
+if (addr == 0x00  l == 1) {
+/* First byte of address space is AND-ed with EEPROM DO line */
+if (!eeprom93xx_read(pci-eeprom)) {
+val = ~0xff;
+}
+}
+
+return val;
+}
+
+static void dc390_write_config(PCIDevice *dev,
+   uint32_t addr, uint32_t val, int l)
+{
+DC390State *pci = DC390(dev);
+if (addr == 0x80) {
+/* EEPROM write */
+int eesk = val  0x80 ? 1 : 0;
+int eedi = val  0x40 ? 1 : 0;
+eeprom93xx_write(pci-eeprom, 1, eesk, eedi);
+} else if (addr == 0xc0) {
+/* EEPROM CS low */
+eeprom93xx_write(pci-eeprom, 0, 0, 0);
+} else {
+pci_default_write_config(dev, addr, val, l);
+}
+}
+
+static int dc390_scsi_init(PCIDevice *dev)
+{
+DC390State *pci = DC390(dev);
+uint8_t *contents;
+uint16_t chksum = 0;
+int i, ret;
+
+/* init base class */
+ret = esp_pci_scsi_init(dev);
+if (ret  0) {
+return ret;
+}
+
+/* EEPROM */
+pci-eeprom = eeprom93xx_new(DEVICE(dev), 64);
+
+/* set default eeprom values */
+contents = (uint8_t *)eeprom93xx_data(pci-eeprom);
+
+for (i = 0; i  16; i++) {
+contents[i * 2] = 0x57;
+contents[i * 2 + 1] = 0x00;
+}
+contents[EE_ADAPT_SCSI_ID] = 7;
+contents[EE_MODE2] = 0x0f;
+contents[EE_TAG_CMD_NUM] = 0x04;
+contents[EE_ADAPT_OPTIONS] = EE_ADAPT_OPTION_F6_F8_AT_BOOT
+   | EE_ADAPT_OPTION_BOOT_FROM_CDROM
+   | EE_ADAPT_OPTION_INT13;
+
+/* update eeprom checksum */
+for (i = 0; i  EE_CHKSUM1; i += 2) {
+chksum += contents[i] + (((uint16_t)contents[i + 1])  8);
+}
+chksum = 0x1234 - chksum;
+contents[EE_CHKSUM1] = chksum  0xff;
+contents[EE_CHKSUM2] = chksum  8;
+
+return 0;
+}
+
+static void dc390_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+k-init = dc390_scsi_init;
+k-config_read = dc390_read_config;
+k-config_write = dc390_write_config;
+dc-desc = Tekram DC-390 SCSI adapter;
+}
+
+static const TypeInfo dc390_info = {
+.name = dc390,
+.parent = TYPE_AM53C974_DEVICE,
+.instance_size = sizeof(DC390State),
+.class_init = dc390_class_init,
+};
+
+
 static void esp_register_types(void)
 {
 type_register_static(sysbus_esp_info);
 type_register_static(esp_pci_info);
+type_register_static(dc390_info);
 }
 
 type_init(esp_register_types)
-- 
1.7.10.4

Re: [Qemu-devel] Smc support in qemu

2012-08-03 Thread Laurent Desnogues

On Fri, Aug 3, 2012 at 10:37 AM, Peter Maydell peter.mayd...@linaro.org wrote:
[...]
 http://git.linaro.org/gitweb?p=people/rikuvoipio/qemu.git;a=shortlog;h=refs/heads/linaro

 That's just a personal (and as you say old) copy of qemu-linaro.
 qemu-linaro proper is here:
 http://git.linaro.org/gitweb?p=qemu/qemu-linaro.git;a=shortlog;h=refs/heads/rebasing

I should have known better, thanks :-)

 My proposal for how we should handle SMC is here:
 http://lists.gnu.org/archive/html/qemu-devel/2012-05/msg03012.html

 (the code in qemu-linaro for SMC is similar to that but not
 exactly the same semantics).

If I correctly understood your proposal, it would require some
ARM code to simulate the behaviour of the secure ROM,
right?  IMHO that'd be much more complex than what is
needed to solve Itaru Kitayama issue.  In fact, I wonder if
considering all SMC calls as NOPs wouldn't be enough to
run non secure kernels using that feature (of course, one
would still need some of the secure cp15 registers, but
that's not a very difficult task I guess).


Laurent

[Qemu-devel] [PATCH 02/10] SCSI: STARTSTOPUNIT only eject/load media if powercondition is 0

From: Ronnie Sahlberg ronniesahlb...@gmail.com

The START STOP UNIT command will only eject/load media if
power condition is zero.

If power condition is !0 then LOEJ and START will be ignored.

From MMC (sbc contains similar wordings too)
  The Power Conditions field requests the block device to be placed
  in the power condition defined in
  Table 558. If this field has a value other than 0h then the Start
  and LoEj bits shall be ignored.

Signed-off-by: Ronnie Sahlberg ronniesahlb...@gmail.com
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/scsi-disk.c |6 ++
 1 file changed, 6 insertions(+)

diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index 84b63ff..e2ec177 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -1247,6 +1247,12 @@ static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req-dev);
 bool start = req-cmd.buf[4]  1;
 bool loej = req-cmd.buf[4]  2; /* load on start, eject on !start */
+int pwrcnd = req-cmd.buf[4]  0xf0;
+
+if (pwrcnd) {
+/* eject/load only happens for power condition == 0 */
+return 0;
+}
 
 if ((s-features  (1  SCSI_DISK_F_REMOVABLE))  loej) {
 if (!start  !s-tray_open  s-tray_locked) {
-- 
1.7.10.4

Re: [Qemu-devel] [RFC 00/12] Qorum disk image corruption resiliency

On Thu, Aug 2, 2012 at 8:22 PM, Benoît Canet benoit.ca...@irqsave.net wrote:
 I'm not entirely sure I understand the use-case all that well.

 Wouldn't the more typical approach be RAID-5 and the use of parity
 instead of relying on voting?

 Quorum doesn't work well with an odd number of disks whereas RAID-5
 does.  You also get significantly more usable disk space with RAID-5
 then with voting.


 Hello,

 Use case:

 A customer using NFS want to setup redudancy across multiple separate
 rooms of the same datacenter.
 In this case only the network is common.

 Testing prove that synchronisation between high end storage applicances
 fail in this case.
 Something else is required.

 With raid5 a small network glitch between the hypervisor and one
 of the filer can bring down a while md raid-5 disk.
 This involve a rebuild of this disk using heavy parity computation.
 (imagine the load with many disk images)
 Properly done qorum will correct the error on the fly.

 Quorum can correct bitflips induced by the network raid5 cannot.
 (bad case ethernet cable sitting around power cord)

 Quorum require only two read out of three to reach majority in the
 best case.

 Some well known cloud provider already use quorum in their setup

There is discussion about adding end-to-end data integrity checks to NFSv4:

http://www.ietf.org/proceedings/83/slides/slides-83-nfsv4-2.pdf

This doesn't seem to exist yet but I wanted to share the slides.

Stefan

Re: [Qemu-devel] [PATCH v2 0/2] trivial fix of qemu-sockets.c

On Fri, Aug 3, 2012 at 4:06 AM, Amos Kong ak...@redhat.com wrote:
 Those patches fix trivial issues which were found
 in the second review.

 Amos Kong (2):
   remove unused include of error.h
   socket: clean up redundant assignment

  qemu-sockets.c |1 -
  qemu_socket.h  |1 -
  2 files changed, 0 insertions(+), 2 deletions(-)

 Changes from v1:
 - drop wrong patch: [PATCH] socket: remove redundant check

Thanks, merged.  I will update the pending trivial-patches pull
request to include these patches.

https://github.com/stefanha/qemu/commits/trivial-patches

Stefan

Re: [Qemu-devel] [Qemu-trivial] [PATCH 1/2] exec.c: Fix off-by-one error in register_subpage

On Wed, Jul 25, 2012 at 06:45:03PM -0400, Tyler Hall wrote:
 subpage_register() expects end to be the last byte in the mapping.
 Registering a non-page-aligned memory region that extends up to or
 beyond a page boundary causes subpage_register() to silently fail
 through the (end = PAGE_SIZE) check.
 
 This bug does not cause noticeable problems for mappings that do not
 extend to a page boundary, though they do register an extra byte.
 
 Signed-off-by: Tyler Hall tylerwh...@gmail.com
 ---
  exec.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

Thanks, both applied to the trivial patches tree:
https://github.com/stefanha/qemu/commits/trivial-patches

Stefan

Re: [Qemu-devel] [Qemu-trivial] [PATCH] exec.c: Remove out of date comment

On Wed, Aug 01, 2012 at 02:35:47PM +0100, Peter Maydell wrote:
 Remove an out of date comment: this comment used to be attached to
 cpu_register_physical_memory_log(), before commit 0f0cb164 accidentally
 inserted a couple of other functions between the comment and its function.
 It is in any case obsolete since (a) the function arguments it refers
 to have been replaced with a single MemoryRegionSection* argument and
 (b) the inability to handle regions whose offset_within_address_space
 and offset_within_region aren't equally aligned was fixed as part of
 the rewrite of this code.
 
 Signed-off-by: Peter Maydell peter.mayd...@linaro.org
 ---
 Pretty sure my analysis is right and this comment is out of date --
 Avi, could you confirm that please?
 
  exec.c |8 
  1 file changed, 8 deletions(-)

Thanks, applied to the trivial patches tree:
https://github.com/stefanha/qemu/commits/trivial-patches

Stefan

Re: [Qemu-devel] [PATCH 0/2] configure: fix minor issues in Xen checks

2012-08-03 Thread Stefano Stabellini

On Thu, 2 Aug 2012, Peter Maydell wrote:
 These patches fix some minor issues in the Xen checks:
  * the use of subshells meant that the (not yet committed) bail out
on -Werror failure check in do_cc didn't actually cause the
configure run to stop
  * the 4.1 probe code had a set-but-unused-variable warning
 
 Blue: with these two I'm able to do a successful configure
 on Debian testing even with the 11/11 'make errors cause
 configure failures' patch.
 
 Peter Maydell (2):
   configure: Don't run Xen compile checks in subshells
   configure: Fix set-but-not-used warning in Xen 4.1 probe
 
  configure |   33 -
  1 file changed, 16 insertions(+), 17 deletions(-)

They are both fine by me.

Tested-by: Stefano Stabellini stefano.stabell...@eu.citrix.com

[Qemu-devel] [PULL 0/7] Trivial patches for 22 July to 3 August 2012

This pull request subsumes the currently pending request from 1 August.
Patches from Amos Kong, Peter Cong, and Tyler Hall have been added.

The following changes since commit 02d2bd5d57812154cfb978bc2098cf49d551583d:

  Replace 'struct siginfo' with 'siginfo_t'. (2012-08-01 08:54:07 -0500)

are available in the git repository at:

  git://github.com/stefanha/qemu.git trivial-patches

for you to fetch changes up to 48110429ef7a4ecb1665e88ce58ba2ebd9664e4f:

  exec.c: Remove out of date comment (2012-08-03 10:56:07 +0100)


Amos Kong (2):
  remove unused include of error.h
  socket: clean up redundant assignment

Jan Kiszka (2):
  usb: Clean common object and dependency files
  qom: Clean libuser object and dependency files

Peter Maydell (1):
  exec.c: Remove out of date comment

Tyler Hall (2):
  exec.c: Fix off-by-one error in register_subpage
  exec.c: Use subpages for large unaligned mappings

 Makefile   |4 ++--
 exec.c |   23 ++-
 qemu-sockets.c |1 -
 qemu_socket.h  |1 -
 4 files changed, 12 insertions(+), 17 deletions(-)

-- 
1.7.10.4

[Qemu-devel] [PATCH 3/7] remove unused include of error.h

From: Amos Kong ak...@redhat.com

Signed-off-by: Amos Kong ak...@redhat.com
Signed-off-by: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
---
 qemu_socket.h |1 -
 1 file changed, 1 deletion(-)

diff --git a/qemu_socket.h b/qemu_socket.h
index 4689ff3..1a2f517 100644
--- a/qemu_socket.h
+++ b/qemu_socket.h
@@ -27,7 +27,6 @@ int inet_aton(const char *cp, struct in_addr *ia);
 #endif /* !_WIN32 */
 
 #include qemu-option.h
-#include error.h
 #include qerror.h
 
 /* misc helpers */
-- 
1.7.10.4

[Qemu-devel] [PATCH 2/7] qom: Clean libuser object and dependency files

From: Jan Kiszka jan.kis...@siemens.com

Signed-off-by: Jan Kiszka jan.kis...@siemens.com
Signed-off-by: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
---
 Makefile |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index d872d46..000b46c 100644
--- a/Makefile
+++ b/Makefile
@@ -215,7 +215,7 @@ clean:
rm -f *.o *.d *.a *.lo $(TOOLS) $(HELPERS-y) qemu-ga TAGS cscope.* 
*.pod *~ */*~
rm -Rf .libs
rm -f slirp/*.o slirp/*.d audio/*.o audio/*.d block/*.o block/*.d 
net/*.o net/*.d fsdev/*.o fsdev/*.d ui/*.o ui/*.d qapi/*.o qapi/*.d qga/*.o 
qga/*.d
-   rm -f qom/*.o qom/*.d
+   rm -f qom/*.o qom/*.d libuser/qom/*.o libuser/qom/*.d
rm -f hw/usb/*.o hw/usb/*.d hw/*.o hw/*.d
rm -f qemu-img-cmds.h
rm -f trace/*.o trace/*.d
-- 
1.7.10.4

[Qemu-devel] [PATCH 7/7] exec.c: Remove out of date comment

From: Peter Maydell peter.mayd...@linaro.org

Remove an out of date comment: this comment used to be attached to
cpu_register_physical_memory_log(), before commit 0f0cb164 accidentally
inserted a couple of other functions between the comment and its function.
It is in any case obsolete since (a) the function arguments it refers
to have been replaced with a single MemoryRegionSection* argument and
(b) the inability to handle regions whose offset_within_address_space
and offset_within_region aren't equally aligned was fixed as part of
the rewrite of this code.

Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Signed-off-by: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
---
 exec.c |8 
 1 file changed, 8 deletions(-)

diff --git a/exec.c b/exec.c
index e6ac3e7..a42a0b5 100644
--- a/exec.c
+++ b/exec.c
@@ -2240,14 +2240,6 @@ static void phys_sections_clear(void)
 phys_sections_nb = 0;
 }
 
-/* register physical memory.
-   For RAM, 'size' must be a multiple of the target page size.
-   If (phys_offset  ~TARGET_PAGE_MASK) != 0, then it is an
-   io memory page.  The address used when calling the IO function is
-   the offset from the start of the region, plus region_offset.  Both
-   start_addr and region_offset are rounded down to a page boundary
-   before calculating this offset.  This should not be a problem unless
-   the low bits of start_addr and region_offset differ.  */
 static void register_subpage(MemoryRegionSection *section)
 {
 subpage_t *subpage;
-- 
1.7.10.4

[Qemu-devel] [PATCH 6/7] exec.c: Use subpages for large unaligned mappings

From: Tyler Hall tylerwh...@gmail.com

Registering a multi-page memory region that is non-page-aligned results
in a subpage from the start to the page boundary, some number of full
pages, and possibly another subpage from the last page boundary to the
end. The full pages will have a value for offset_within_region that is
not a multiple of TARGET_PAGE_SIZE. Accesses through softmmu are unable
to handle this and will segfault.

Handling full pages through subpages is not optimal, but only
non-page-aligned mappings take the penalty.

Signed-off-by: Tyler Hall tylerwh...@gmail.com
Reviewed-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Avi Kivity a...@redhat.com
Signed-off-by: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
---
 exec.c |   13 +
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/exec.c b/exec.c
index 27b100c..e6ac3e7 100644
--- a/exec.c
+++ b/exec.c
@@ -2305,10 +2305,15 @@ void 
cpu_register_physical_memory_log(MemoryRegionSection *section,
 remain.offset_within_address_space += now.size;
 remain.offset_within_region += now.size;
 }
-now = remain;
-now.size = TARGET_PAGE_MASK;
-if (now.size) {
-register_multipage(now);
+while (remain.size = TARGET_PAGE_SIZE) {
+now = remain;
+if (remain.offset_within_region  ~TARGET_PAGE_MASK) {
+now.size = TARGET_PAGE_SIZE;
+register_subpage(now);
+} else {
+now.size = TARGET_PAGE_MASK;
+register_multipage(now);
+}
 remain.size -= now.size;
 remain.offset_within_address_space += now.size;
 remain.offset_within_region += now.size;
-- 
1.7.10.4

[Qemu-devel] [PATCH 4/7] socket: clean up redundant assignment

From: Amos Kong ak...@redhat.com

Signed-off-by: Amos Kong ak...@redhat.com
Signed-off-by: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
---
 qemu-sockets.c |1 -
 1 file changed, 1 deletion(-)

diff --git a/qemu-sockets.c b/qemu-sockets.c
index 668fa93..beb2bb6 100644
--- a/qemu-sockets.c
+++ b/qemu-sockets.c
@@ -284,7 +284,6 @@ int inet_connect_opts(QemuOpts *opts, Error **errp)
 inet_strfamily(e-ai_family),
 e-ai_canonname, uaddr, uport, strerror(errno));
 closesocket(sock);
-sock = -1;
 continue;
 }
 freeaddrinfo(res);
-- 
1.7.10.4

[Qemu-devel] [PATCH 5/7] exec.c: Fix off-by-one error in register_subpage

From: Tyler Hall tylerwh...@gmail.com

subpage_register() expects end to be the last byte in the mapping.
Registering a non-page-aligned memory region that extends up to or
beyond a page boundary causes subpage_register() to silently fail
through the (end = PAGE_SIZE) check.

This bug does not cause noticeable problems for mappings that do not
extend to a page boundary, though they do register an extra byte.

Signed-off-by: Tyler Hall tylerwh...@gmail.com
Reviewed-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Avi Kivity a...@redhat.com
Signed-off-by: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
---
 exec.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/exec.c b/exec.c
index feb4795..27b100c 100644
--- a/exec.c
+++ b/exec.c
@@ -2271,7 +2271,7 @@ static void register_subpage(MemoryRegionSection *section)
 subpage = container_of(existing-mr, subpage_t, iomem);
 }
 start = section-offset_within_address_space  ~TARGET_PAGE_MASK;
-end = start + section-size;
+end = start + section-size - 1;
 subpage_register(subpage, start, end, phys_section_add(section));
 }
 
-- 
1.7.10.4

[Qemu-devel] [PATCH 1/7] usb: Clean common object and dependency files

From: Jan Kiszka jan.kis...@siemens.com

Signed-off-by: Jan Kiszka jan.kis...@siemens.com
Signed-off-by: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
---
 Makefile |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 621cb86..d872d46 100644
--- a/Makefile
+++ b/Makefile
@@ -216,7 +216,7 @@ clean:
rm -Rf .libs
rm -f slirp/*.o slirp/*.d audio/*.o audio/*.d block/*.o block/*.d 
net/*.o net/*.d fsdev/*.o fsdev/*.d ui/*.o ui/*.d qapi/*.o qapi/*.d qga/*.o 
qga/*.d
rm -f qom/*.o qom/*.d
-   rm -f usb/*.o usb/*.d hw/*.o hw/*.d
+   rm -f hw/usb/*.o hw/usb/*.d hw/*.o hw/*.d
rm -f qemu-img-cmds.h
rm -f trace/*.o trace/*.d
rm -f trace-dtrace.dtrace trace-dtrace.dtrace-timestamp
-- 
1.7.10.4

Re: [Qemu-devel] [PATCH 4/7] s390: sclp event support

2012-08-03 Thread Christian Borntraeger

On 31/07/12 14:59, Andreas Färber wrote:
 +typedef struct EventTypes {
 +BusState qbus;
 +SCLPEventFacility *event_facility;
 +} EventTypes;
 +
 +struct SCLPEventFacility {
 +EventTypes sbus;
 +DeviceState *qdev;
 +/* guest' receive mask */
 +unsigned int receive_mask;
 +};
 
 The naming here strikes me as particularly odd...
 
 IIUC this Event Facility is a device sitting on the SCLP bus.
 
 But why does it expose a bus named EventTypes? Busses are usually
 named ...Bus (PCIBus, IDEBus, etc.). So is this actually a bus? If not,
 and if all you need is an SCLP-specific list API, maybe compare the
 sPAPR hypercall registration API.

So let me explain it and then we can see what is the right thing to do:

The sclp itself is a service processor that will handle service calls and
can send service interrupts. Most service calls deal with one specific thing:
reading info, cpu hotplug, memory hotplug etc.

Some of the service calls are special, because they form an event subsystem:
Events are features that can notify the guest asynchronously. 
(e.g. system_powerdown is wired to signal quiesce which will be seen as
ctrl-alt-del in the guest, or several console types where the input is sent
as an event). 
The service calls are read_event_data, write_event_data and write_event_mask.

write_event_mask is used by the guest to notify the host
about its event capabilities and to the query the host events.

read_event_data allows a guest to get event data - iow host2guest data.

guest2host traffic also goes via the event mechanism, e.g. console output
is send via write_event_data.

So each event implements several callbacks: event_pending to tell that 
this event is pending, read event data to fill in the buffer with the event 
data,
write_event_data if the event allows guest2host traffic. There are also two bits
per event that tell if that specific event will allow read/write event data.

Since some of the events implement complex things (console) a bus seemed 
appropriate,
but there are of course other ways of implementing.
Comments?

Christian

[Qemu-devel] [PATCH v2] configure: Don't implicitly hardcode list of KVM architectures

The code creating the symlink from linux-headers/asm to the
architecture specific linux-headers/asm-$arch directory was
implicitly hardcoding a list of KVM supporting architectures.
Add a default case for the common Linux architecture name and
QEMU CPU name match case, so future architectures will only
need to add code if they've managed to get mismatched names.

Signed-off-by: Peter Maydell peter.mayd...@linaro.org
---
v1-v2 changes: conform to same indent rules as surrounding code

 configure |   14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 9f071b7..eafb81f 100755
--- a/configure
+++ b/configure
@@ -3485,15 +3485,23 @@ if test $linux = yes ; then
   mkdir -p linux-headers
   case $cpu in
   i386|x86_64)
-symlink $source_path/linux-headers/asm-x86 linux-headers/asm
+linux_arch=x86
 ;;
   ppcemb|ppc|ppc64)
-symlink $source_path/linux-headers/asm-powerpc linux-headers/asm
+linux_arch=powerpc
 ;;
   s390x)
-symlink $source_path/linux-headers/asm-s390 linux-headers/asm
+linux_arch=s390
+;;
+  *)
+# For most CPUs the kernel architecture name and QEMU CPU name match.
+linux_arch=$cpu
 ;;
   esac
+# For non-KVM architectures we will not have asm headers
+if [ -e $source_path/linux-headers/asm-$linux_arch ]; then
+  symlink $source_path/linux-headers/asm-$linux_arch linux-headers/asm
+fi
 fi
 
 for target in $target_list; do
-- 
1.7.9.5

Re: [Qemu-devel] [PATCH v2 1/2] remove unused include of error.h

On Fri,  3 Aug 2012 11:06:21 +0800
Amos Kong ak...@redhat.com wrote:

 Signed-off-by: Amos Kong ak...@redhat.com
 ---
  qemu_socket.h |1 -
  1 files changed, 0 insertions(+), 1 deletions(-)
 
 diff --git a/qemu_socket.h b/qemu_socket.h
 index 4689ff3..1a2f517 100644
 --- a/qemu_socket.h
 +++ b/qemu_socket.h
 @@ -27,7 +27,6 @@ int inet_aton(const char *cp, struct in_addr *ia);
  #endif /* !_WIN32 */
  
  #include qemu-option.h
 -#include error.h
  #include qerror.h

This is wrong. There are functions in this header that takes an Error argument
(which is declared in error.h).

qerror.h should be dropped though, as it's deprecated and as such shouldn't
be in a public header like this. If you get build failures, then you can
include it in the .c files where it's missing.

  
  /* misc helpers */

Re: [Qemu-devel] [PATCH v2 2/2] socket: clean up redundant assignment

On Fri,  3 Aug 2012 11:06:22 +0800
Amos Kong ak...@redhat.com wrote:

 Signed-off-by: Amos Kong ak...@redhat.com

Reviewed-by: Luiz Capitulino lcapitul...@redhat.com

 ---
  qemu-sockets.c |1 -
  1 files changed, 0 insertions(+), 1 deletions(-)
 
 diff --git a/qemu-sockets.c b/qemu-sockets.c
 index 668fa93..beb2bb6 100644
 --- a/qemu-sockets.c
 +++ b/qemu-sockets.c
 @@ -284,7 +284,6 @@ int inet_connect_opts(QemuOpts *opts, Error **errp)
  inet_strfamily(e-ai_family),
  e-ai_canonname, uaddr, uport, strerror(errno));
  closesocket(sock);
 -sock = -1;
  continue;
  }
  freeaddrinfo(res);

Re: [Qemu-devel] [PATCH] update-linux-headers.sh: Don't hard code list of architectures

Ping?

patchwork url: http://patchwork.ozlabs.org/patch/171628/

-- PMM

On 18 July 2012 11:11, Peter Maydell peter.mayd...@linaro.org wrote:
 Rather than hardcoding the list of architectures in the kernel
 header update script, just import headers for every architecture
 which supports KVM (with a blacklist exception for ia64 which
 has KVM headers but is dead). This reduces the number of QEMU
 files which need to be updated to add support for a new KVM
 architecture.

 Signed-off-by: Peter Maydell peter.mayd...@linaro.org
 ---
 Changes v1-v2:
  * added a blacklist for ia64, to avoid noise and importing
a pointless set of headers that will get dropped later

  scripts/update-linux-headers.sh |   16 +++-
  1 files changed, 15 insertions(+), 1 deletions(-)

 diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
 index 9d2a4bc..57ce69f 100755
 --- a/scripts/update-linux-headers.sh
 +++ b/scripts/update-linux-headers.sh
 @@ -28,7 +28,21 @@ if [ -z $output ]; then
  output=$PWD
  fi

 -for arch in x86 powerpc s390; do
 +# This will pick up non-directories too (eg Kconfig) but we will
 +# ignore them in the next loop.
 +ARCHLIST=$(cd $linux/arch  echo *)
 +
 +for arch in $ARCHLIST; do
 +# Discard anything which isn't a KVM-supporting architecture
 +if ! [ -e $linux/arch/$arch/include/asm/kvm.h ]; then
 +continue
 +fi
 +
 +# Blacklist architectures which have KVM headers but are actually dead
 +if [ $arch = ia64 ]; then
 +continue
 +fi
 +
  make -C $linux INSTALL_HDR_PATH=$tmpdir SRCARCH=$arch headers_install

  rm -rf $output/linux-headers/asm-$arch
 --
 1.7.5.4

Re: [Qemu-devel] [PATCH 3/7] remove unused include of error.h

On Fri,  3 Aug 2012 11:51:02 +0100
Stefan Hajnoczi stefa...@linux.vnet.ibm.com wrote:

 From: Amos Kong ak...@redhat.com
 
 Signed-off-by: Amos Kong ak...@redhat.com
 Signed-off-by: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
 ---
  qemu_socket.h |1 -
  1 file changed, 1 deletion(-)
 
 diff --git a/qemu_socket.h b/qemu_socket.h
 index 4689ff3..1a2f517 100644
 --- a/qemu_socket.h
 +++ b/qemu_socket.h
 @@ -27,7 +27,6 @@ int inet_aton(const char *cp, struct in_addr *ia);
  #endif /* !_WIN32 */
  
  #include qemu-option.h
 -#include error.h
  #include qerror.h

nack on this one, as it's dropping the wrong file.

qemu_socket.h declares functions that take an Error argument, so it has
to include error.h.

However, qerror.h should be dropped and any build breakage should be
fixed by including qerror.h in the .c files it's missing.

  
  /* misc helpers */

Re: [Qemu-devel] [PATCH v5 6/6] qapi: convert sendkey

On Thu, 2 Aug 2012 21:38:00 -0400 (EDT)
Amos Kong ak...@redhat.com wrote:

 - Original Message -
  On Thu, 26 Jul 2012 12:49:01 +0800
  Amos Kong ak...@redhat.com wrote:
  
   Convert 'sendkey' to use QAPI.
   
   Keys' indexes in the enmu are same as keycodes' indexes in the
   key_defs[], index_from_code() and index_from_key() will return
   Q_KEY_CODE_MAX if the code/key is invalid.
   
   For qmp, QAPI would check invalid key and raise error.
   For hmp, invalid key is checked in hmp_send_key().
   
   'send-key' of QMP doesn't support key in hexadecimal format.
   
   Signed-off-by: Amos Kong ak...@redhat.com
  
  I've some review comments below, besides I'd like to ask you to split
  the addition of the QKeyCode enum and the key_defs table moving to a
  different patch.
 
 Ok.
 
  Other than that this looks quite better, hopefully v6 will be the
  last one.
 
 Thanks for your time :)
 
   ---
console.h|5 +
hmp-commands.hx  |2 +-
hmp.c|   55 
hmp.h|1 +
input.c  |  249

monitor.c|  258
++
qapi-schema.json |   46 ++
qmp-commands.hx  |   28 ++
8 files changed, 393 insertions(+), 251 deletions(-)
   
   diff --git a/console.h b/console.h
   index 4334db5..b2d7af6 100644
   --- a/console.h
   +++ b/console.h
   @@ -6,6 +6,7 @@
#include notify.h
#include monitor.h
#include trace.h
   +#include qapi-types.h

/* keyboard/mouse support */

   @@ -397,4 +398,8 @@ static inline int
   vnc_display_pw_expire(DisplayState *ds, time_t expires)
/* curses.c */
void curses_display_init(DisplayState *ds, int full_screen);

   +/* input.c */
   +extern const int key_defs[];
   +int index_from_key(const char *key);
   +int index_from_keycode(int code);
#endif
   diff --git a/hmp-commands.hx b/hmp-commands.hx
   index 2891d48..8c2be24 100644
   --- a/hmp-commands.hx
   +++ b/hmp-commands.hx
   @@ -505,7 +505,7 @@ ETEXI
.args_type  = keys:s,hold-time:i?,
.params = keys [hold_ms],
.help   = send keys to the VM (e.g. 'sendkey
ctrl-alt-f1', default hold time=100 ms),
   -.mhandler.cmd = do_sendkey,
   +.mhandler.cmd = hmp_send_key,
},

STEXI
   diff --git a/hmp.c b/hmp.c
   index 6b72a64..041555a 100644
   --- a/hmp.c
   +++ b/hmp.c
   @@ -19,6 +19,7 @@
#include qemu-timer.h
#include qmp-commands.h
#include monitor.h
   +#include console.h

static void hmp_handle_error(Monitor *mon, Error **errp)
{
   @@ -1020,3 +1021,57 @@ void hmp_closefd(Monitor *mon, const QDict
   *qdict)
qmp_closefd(fdname, errp);
hmp_handle_error(mon, errp);
}
   +
   +void hmp_send_key(Monitor *mon, const QDict *qdict)
   +{
   +const char *keys = qdict_get_str(qdict, keys);
   +QKeyCodeList *keylist, *head = NULL, *tmp = NULL;
   +int has_hold_time = qdict_haskey(qdict, hold-time);
   +int hold_time = qdict_get_try_int(qdict, hold-time, -1);
   +Error *err = NULL;
   +char keyname_buf[16];
   +char *separator;
   +int keyname_len, idx;
   +
   +while (1) {
   +separator = strchr(keys, '-');
   +keyname_len = separator ? separator - keys : strlen(keys);
   +pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
   +
   +/* Be compatible with old interface, convert user inputted
*/
   +if (!strncmp(keyname_buf, , 1)  keyname_len == 1) {
   +pstrcpy(keyname_buf, sizeof(keyname_buf), less);
   +keyname_len = 4;
   +}
   +keyname_buf[keyname_len] = 0;
   +
   +idx = index_from_key(keyname_buf);
   +if (idx == Q_KEY_CODE_MAX) {
   +error_set(err, QERR_INVALID_PARAMETER, keyname_buf);
  
  No need to use error_set(), you can call monitor_printf() directly.
 
 Nod.
 
   +break;
   +}
   +
   +keylist = g_malloc0(sizeof(*keylist));
   +keylist-value = idx;
   +keylist-next = NULL;
   +
   +if (!head) {
   +head = keylist;
   +}
   +if (tmp) {
   +tmp-next = keylist;
   +}
   +tmp = keylist;
   +
   +if (!separator) {
   +break;
   +}
   +keys = separator + 1;
   +}
   +
   +if (idx != Q_KEY_CODE_MAX) {
   +qmp_send_key(head, has_hold_time, hold_time, err);
   +}
   +hmp_handle_error(mon, err);
   +qapi_free_QKeyCodeList(head);
   +}
   diff --git a/hmp.h b/hmp.h
   index 8d2b0d7..56d67a3 100644
   --- a/hmp.h
   +++ b/hmp.h
   @@ -66,5 +66,6 @@ void hmp_netdev_add(Monitor *mon, const QDict
   *qdict);
void hmp_netdev_del(Monitor *mon, const QDict *qdict);
void hmp_getfd(Monitor *mon, const QDict *qdict);
void hmp_closefd(Monitor *mon,

Re: [Qemu-devel] [PATCH 3/7] remove unused include of error.h

On Fri, Aug 3, 2012 at 2:00 PM, Luiz Capitulino lcapitul...@redhat.com wrote:
 On Fri,  3 Aug 2012 11:51:02 +0100
 Stefan Hajnoczi stefa...@linux.vnet.ibm.com wrote:

 From: Amos Kong ak...@redhat.com

 Signed-off-by: Amos Kong ak...@redhat.com
 Signed-off-by: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
 ---
  qemu_socket.h |1 -
  1 file changed, 1 deletion(-)

 diff --git a/qemu_socket.h b/qemu_socket.h
 index 4689ff3..1a2f517 100644
 --- a/qemu_socket.h
 +++ b/qemu_socket.h
 @@ -27,7 +27,6 @@ int inet_aton(const char *cp, struct in_addr *ia);
  #endif /* !_WIN32 */

  #include qemu-option.h
 -#include error.h
  #include qerror.h

 nack on this one, as it's dropping the wrong file.

 qemu_socket.h declares functions that take an Error argument, so it has
 to include error.h.

 However, qerror.h should be dropped and any build breakage should be
 fixed by including qerror.h in the .c files it's missing.

Okay, let's drop this patch.  I build tested it across all targets, so
at least it doesn't break anything.

Stefan

Re: [Qemu-devel] [PATCH v2 1/2] remove unused include of error.h

On Fri, Aug 3, 2012 at 4:06 AM, Amos Kong ak...@redhat.com wrote:
 Signed-off-by: Amos Kong ak...@redhat.com
 ---
  qemu_socket.h |1 -
  1 files changed, 0 insertions(+), 1 deletions(-)

I have dropped this, see Luiz' comment.

Stefan

Re: [Qemu-devel] [PULL 0/7] Trivial patches for 22 July to 3 August 2012

On Fri, Aug 3, 2012 at 11:50 AM, Stefan Hajnoczi
stefa...@linux.vnet.ibm.com wrote:
 This pull request subsumes the currently pending request from 1 August.
 Patches from Amos Kong, Peter Cong, and Tyler Hall have been added.

 The following changes since commit 02d2bd5d57812154cfb978bc2098cf49d551583d:

   Replace 'struct siginfo' with 'siginfo_t'. (2012-08-01 08:54:07 -0500)

 are available in the git repository at:

   git://github.com/stefanha/qemu.git trivial-patches

 for you to fetch changes up to 48110429ef7a4ecb1665e88ce58ba2ebd9664e4f:

   exec.c: Remove out of date comment (2012-08-03 10:56:07 +0100)

Luiz pointed out an issue with Amos' #include error.h removal patch.
 I have dropped it and the new HEAD is at
c308efe63a875eb0d839f7490e69e58e4595466c.

Thanks,
Stefan

Re: [Qemu-devel] [PATCH v6 5/7] add the QKeyCode enum and the key_defs table

On Fri,  3 Aug 2012 10:48:40 +0800
Amos Kong ak...@redhat.com wrote:

 key_defs[] in monitor.c is a mapping table of keys and keycodes,
 this patch added a QKeyCode enum and a new key_defs table,
 Key's index in the enmu is same as keycode's index in new key_defs[].
 
 Signed-off-by: Amos Kong ak...@redhat.com
 ---
  input.c  |  146 
 ++
  qapi-schema.json |   26 ++
  2 files changed, 172 insertions(+), 0 deletions(-)
 
 diff --git a/input.c b/input.c
 index 6968b31..680d756 100644
 --- a/input.c
 +++ b/input.c
 @@ -37,6 +37,152 @@ static QTAILQ_HEAD(, QEMUPutMouseEntry) mouse_handlers =
  static NotifierList mouse_mode_notifiers = 
  NOTIFIER_LIST_INITIALIZER(mouse_mode_notifiers);
  
 +static const int key_defs[] = {

Weird, I expected this would brake the build, as the new table is unused.

Anyway, what I suggested in my last review was to do the table move in a
different patch, which includes adding the new accessors, dropping key_defs
from the monitor and doing the necessary changes in the monitor functions
which access key_defs directly.

This way, the patch converting sendkey() to the qapi does just the
conversion itself (vs. conversion plus refactorings).

 +[Q_KEY_CODE_SHIFT] = 0x2a,
 +[Q_KEY_CODE_SHIFT_R] = 0x36,
 +
 +[Q_KEY_CODE_ALT] = 0x38,
 +[Q_KEY_CODE_ALT_R] = 0xb8,
 +[Q_KEY_CODE_ALTGR] = 0x64,
 +[Q_KEY_CODE_ALTGR_R] = 0xe4,
 +[Q_KEY_CODE_CTRL] = 0x1d,
 +[Q_KEY_CODE_CTRL_R] = 0x9d,
 +
 +[Q_KEY_CODE_MENU] = 0xdd,
 +
 +[Q_KEY_CODE_ESC] = 0x01,
 +
 +[Q_KEY_CODE_1] = 0x02,
 +[Q_KEY_CODE_2] = 0x03,
 +[Q_KEY_CODE_3] = 0x04,
 +[Q_KEY_CODE_4] = 0x05,
 +[Q_KEY_CODE_5] = 0x06,
 +[Q_KEY_CODE_6] = 0x07,
 +[Q_KEY_CODE_7] = 0x08,
 +[Q_KEY_CODE_8] = 0x09,
 +[Q_KEY_CODE_9] = 0x0a,
 +[Q_KEY_CODE_0] = 0x0b,
 +[Q_KEY_CODE_MINUS] = 0x0c,
 +[Q_KEY_CODE_EQUAL] = 0x0d,
 +[Q_KEY_CODE_BACKSPACE] = 0x0e,
 +
 +[Q_KEY_CODE_TAB] = 0x0f,
 +[Q_KEY_CODE_Q] = 0x10,
 +[Q_KEY_CODE_W] = 0x11,
 +[Q_KEY_CODE_E] = 0x12,
 +[Q_KEY_CODE_R] = 0x13,
 +[Q_KEY_CODE_T] = 0x14,
 +[Q_KEY_CODE_Y] = 0x15,
 +[Q_KEY_CODE_U] = 0x16,
 +[Q_KEY_CODE_I] = 0x17,
 +[Q_KEY_CODE_O] = 0x18,
 +[Q_KEY_CODE_P] = 0x19,
 +[Q_KEY_CODE_BRACKET_LEFT] = 0x1a,
 +[Q_KEY_CODE_BRACKET_RIGHT] = 0x1b,
 +[Q_KEY_CODE_RET] = 0x1c,
 +
 +[Q_KEY_CODE_A] = 0x1e,
 +[Q_KEY_CODE_S] = 0x1f,
 +[Q_KEY_CODE_D] = 0x20,
 +[Q_KEY_CODE_F] = 0x21,
 +[Q_KEY_CODE_G] = 0x22,
 +[Q_KEY_CODE_H] = 0x23,
 +[Q_KEY_CODE_J] = 0x24,
 +[Q_KEY_CODE_K] = 0x25,
 +[Q_KEY_CODE_L] = 0x26,
 +[Q_KEY_CODE_SEMICOLON] = 0x27,
 +[Q_KEY_CODE_APOSTROPHE] = 0x28,
 +[Q_KEY_CODE_GRAVE_ACCENT] = 0x29,
 +
 +[Q_KEY_CODE_BACKSLASH] = 0x2b,
 +[Q_KEY_CODE_Z] = 0x2c,
 +[Q_KEY_CODE_X] = 0x2d,
 +[Q_KEY_CODE_C] = 0x2e,
 +[Q_KEY_CODE_V] = 0x2f,
 +[Q_KEY_CODE_B] = 0x30,
 +[Q_KEY_CODE_N] = 0x31,
 +[Q_KEY_CODE_M] = 0x32,
 +[Q_KEY_CODE_COMMA] = 0x33,
 +[Q_KEY_CODE_DOT] = 0x34,
 +[Q_KEY_CODE_SLASH] = 0x35,
 +
 +[Q_KEY_CODE_ASTERISK] = 0x37,
 +
 +[Q_KEY_CODE_SPC] = 0x39,
 +[Q_KEY_CODE_CAPS_LOCK] = 0x3a,
 +[Q_KEY_CODE_F1] = 0x3b,
 +[Q_KEY_CODE_F2] = 0x3c,
 +[Q_KEY_CODE_F3] = 0x3d,
 +[Q_KEY_CODE_F4] = 0x3e,
 +[Q_KEY_CODE_F5] = 0x3f,
 +[Q_KEY_CODE_F6] = 0x40,
 +[Q_KEY_CODE_F7] = 0x41,
 +[Q_KEY_CODE_F8] = 0x42,
 +[Q_KEY_CODE_F9] = 0x43,
 +[Q_KEY_CODE_F10] = 0x44,
 +[Q_KEY_CODE_NUM_LOCK] = 0x45,
 +[Q_KEY_CODE_SCROLL_LOCK] = 0x46,
 +
 +[Q_KEY_CODE_KP_DIVIDE] = 0xb5,
 +[Q_KEY_CODE_KP_MULTIPLY] = 0x37,
 +[Q_KEY_CODE_KP_SUBTRACT] = 0x4a,
 +[Q_KEY_CODE_KP_ADD] = 0x4e,
 +[Q_KEY_CODE_KP_ENTER] = 0x9c,
 +[Q_KEY_CODE_KP_DECIMAL] = 0x53,
 +[Q_KEY_CODE_SYSRQ] = 0x54,
 +
 +[Q_KEY_CODE_KP_0] = 0x52,
 +[Q_KEY_CODE_KP_1] = 0x4f,
 +[Q_KEY_CODE_KP_2] = 0x50,
 +[Q_KEY_CODE_KP_3] = 0x51,
 +[Q_KEY_CODE_KP_4] = 0x4b,
 +[Q_KEY_CODE_KP_5] = 0x4c,
 +[Q_KEY_CODE_KP_6] = 0x4d,
 +[Q_KEY_CODE_KP_7] = 0x47,
 +[Q_KEY_CODE_KP_8] = 0x48,
 +[Q_KEY_CODE_KP_9] = 0x49,
 +
 +[Q_KEY_CODE_LESS] = 0x56,
 +
 +[Q_KEY_CODE_F11] = 0x57,
 +[Q_KEY_CODE_F12] = 0x58,
 +
 +[Q_KEY_CODE_PRINT] = 0xb7,
 +
 +[Q_KEY_CODE_HOME] = 0xc7,
 +[Q_KEY_CODE_PGUP] = 0xc9,
 +[Q_KEY_CODE_PGDN] = 0xd1,
 +[Q_KEY_CODE_END] = 0xcf,
 +
 +[Q_KEY_CODE_LEFT] = 0xcb,
 +[Q_KEY_CODE_UP] = 0xc8,
 +[Q_KEY_CODE_DOWN] = 0xd0,
 +[Q_KEY_CODE_RIGHT] = 0xcd,
 +
 +[Q_KEY_CODE_INSERT] = 0xd2,
 +[Q_KEY_CODE_DELETE] = 0xd3,
 +#ifdef NEED_CPU_H
 +#if defined(TARGET_SPARC)  !defined(TARGET_SPARC64)
 +[Q_KEY_CODE_STOP] = 0xf0,
 +[Q_KEY_CODE_AGAIN] = 0xf1,
 +[Q_KEY_CODE_PROPS] = 0xf2,
 +[Q_KEY_CODE_UNDO] = 0xf3,
 +[Q_KEY_CODE_FRONT] = 0xf4,
 +[Q_KEY_CODE_COPY] = 0xf5,
 +[Q_KEY_CODE_OPEN] = 0xf6,
 +

Re: [Qemu-devel] Cirrus bugs vs endian: how two bugs cancel each other out

Alon Levy al...@redhat.com writes:

 On Wed, Aug 01, 2012 at 02:22:37PM -0500, Anthony Liguori wrote:
 Andreas Färber afaer...@suse.de writes:
 
  Am 30.07.2012 18:19, schrieb Alon Levy:
  On Mon, Jul 30, 2012 at 09:54:27PM +1000, Benjamin Herrenschmidt wrote:
  On Mon, 2012-07-30 at 14:25 +0300, Avi Kivity wrote:
 
  [...] why not go all the way to qxl?
 
  That will give you better graphics performance with no need to hack.
 
  Well, qxl is pretty awful from what I can see so far. [...]
  
  I would love to hear something more specific about this. I assume you
  are talking about libspice-server and not the device itself, since the
  device itself has nothing specifically matching windows.
 
  I can't comment on what Ben meant, but from my perspective the really
  awful thing about SPICE was its huge tree of dependencies, including a
  very specific version of celt that we now need to package and maintain
  specifically for SPICE. At least during the big QOM refactorings.
 
 Ack.
 
 This is why I've been advocating for a new PV device model that can
 negotiation in full SPICE support.
 
 Then we could keep libspice an optional dependency, but move all guests
 to use a single graphics driver.  Likewise, management tools wouldn't
 need to worry about multiple types of graphics cards.

 This sounds great, but how would that negotiation work? Do you intend
 for a VGA device (i.e. pci vendor  product id's of cirrus) that is also
 a virtio device and a guest driver will recognize this by poking some io
 ports or looking at another pci field?

It would be an VGA/SVGA/VESA/VBE compatible virtio-pci device.  If we
take virtio-pci, do vga_init_common, set the class codes correctly, 
move the vram bar from 0-1 and update the VGA BIOS accordingly, it Just
Works.

With no feature bits negotiated, this is all you get--a plain VESA
compatible interface.

We would then add feature bits to allow you to do basic operations like
setting display mode, damage update, and perhaps some 2d acceleration
like blit.  This all happens through messages on a virtqueue.

While this is totally virtio-pci ABI compatible, we'll need to enhance
the virtio API within Linux to allow the notion of map large memory
region.  It's not entirely clear to me yet how to do this only because
non-PCI transports probably need this memory to be guest allocated.
It's possible that we could add another vring type abstraction layer to
handle this difference.

Anyway, we would then add additional feature bits to things like Spice.
It's not clear to me yet how this would work in detail (I don't know
enough about Spice).  The easiest thing to do is simply introduce a
dedicated virtqueue for Spice and speak exactly the same protocol that
QXL does today.

The trouble with that though is that some of the things in QXL today
probably overlap with features we want if libspice is not available
(like mode setting).

So if it's reasonable, it would be best to negotiate in Spice
feature-by-feature using Spice command format where it makes sense and
something more generic where it makes sense.

QEMU would have to fully decode these commands and hand off the results
to libspice if it was there.

So in QEMU, if libspice is present, QEMU would decode all commands and
hand them to libspice in a form it understands (this may require some
hopefully trivial mapping for things like mode setting).  If libspice
isn't present, QEMU only exposes the features it can handle on its own.

This should give us the best of all worlds.  A legacy VGA compatible
interface that speaks virtio, works on non-PCI architectures, and has
the full capabilities of Spice (with the ability to fallback if libspice
isn't present).

Regards,

Anthony Liguori


 
 Regards,
 
 Anthony Liguori
 
 
  Elsewhere QEMU is built around the principle of opting individual
  features in rather than requiring a whole bunch of stuff just to do a
  basic qxl compile test for patches.
 
  Andreas
 
  -- 
  SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
  GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 2/2] pseries: Use new hook to correct reset sequence

David Gibson da...@gibson.dropbear.id.au writes:

 On Thu, Aug 02, 2012 at 02:40:19PM -0500, Anthony Liguori wrote:
 The root of the composition tree is the machine.  The machine in the
 abstract sense, not the QEMUMachine sense.  QEMUMachine::init() should
 eventually become trivial--just create a handful of devices that
 represent the core components of the machine with everything else being
 created through composition.

 So what code controls the order in which the machine in the abstract
 sense initiates the reset at the top-leve?

There ought to be a hierarchy (based on composition) that reset flows
through.  In the case of the PC, at the top level of the hierarchy are
the CPUs and Northbridge (i440fx).  They either are going to sit on the
same bus or within a container of some kind.  Reset flows through the
bus/container to the CPUs and the Northbridge.  The northbridge then
flows reset through the PCI bus and then to the southbridge and all of
the devices behind it.

 Open coded logic in QEMUMachine::init is always bad.  Handling reset for
 a specific device in QEMUMachine::init is bad.  That goes against the
 idea of making QEMUMachine::init trivial.
 
 However, reset does logically start at QEMUMachine.  That doesn't mean
 that QEMUMachine should be explicitly resetting devices in a specific
 order.  This is why I was quick to comment on David's patch because the
 argument about having a controller that determines reset ordering was
 silly.  While this does exist on some architectures,

 Some platforms; architecture does not imply a particular platform -
 this is one of the more subtle and pervasive x86-isms around.

 it's not at all
 typical.

 So?  If it sometimes exists, we need to support that model.  The
 argument that real hardware never has reset order dependencies is
 simply incorrect.

Support the model is different from make it a first class
abstraction.

-M pseries is not a real machine.  The things it has to do--initialize
all devices, build a device tree, then initialize the CPU with where the
device tree lives, is unique to !not a real machine.

This is what I mean by complex reset logic.  It's not just a matter of
an ordering of some kind, it's reset X, do A, reset Y, do B, reset Z, do
C.  The do [ABC] is the part that we shouldn't be trying to model as a
general mechanism.

I'm not saying that we shouldn't support being able to do this, but this
is an exception, not the way all other platforms should behave.

  Reset should flow with QEMUMachine::reset just playing the
 role of deciding whether it starts propagating from.
 
 The only machines that can have complex reset logic are ones that can
 afford to take an extremely long time to startup--typically doing a
 tremendous amount of self-checks in the process.  These are not common
 among the types of machines QEMU simulates.

 having at least one order dependency in reset != complex and slow
 reset logic.

It's not an issue of dependency.

We're trying to move to a model where everything is a device.
QEMUMachine essentially goes away because a user can create the machine
by just creating individual devices and tying them together.

But this will never be possible with -M pseries because of the do ABC
logic that it requires which doesn't fit within the model of everything
is a device.

That's okay.  We have the same problem with Xen and I anticipate we'll
have the same problem with S390.  We should support this model, but that
doesn't mean we shouldn't work toward moving everything else to
everything is a device.

Regards,

Anthony Liguori


 -- 
 David Gibson  | I'll have my music baroque, and my code
 david AT gibson.dropbear.id.au| minimalist, thank you.  NOT _the_ 
 _other_
   | _way_ _around_!
 http://www.ozlabs.org/~dgibson

Re: [Qemu-devel] [PATCH 2/2] pseries: Use new hook to correct reset sequence

On 3 August 2012 14:50, Anthony Liguori anth...@codemonkey.ws wrote:
 There ought to be a hierarchy (based on composition) that reset flows
 through.

I think saying the reset tree is isomorphic to the composition tree
is making the same mistake that qbus did with the bus tree is
isomorphic to the composition tree. The stakes are lower for reset
and we can probably get away with it, but it really isn't how the
hardware works...

-- PMM

Re: [Qemu-devel] [PATCH 2/2] pseries: Use new hook to correct reset sequence

Peter Maydell peter.mayd...@linaro.org writes:

 On 3 August 2012 14:50, Anthony Liguori anth...@codemonkey.ws wrote:
 There ought to be a hierarchy (based on composition) that reset flows
 through.

 I think saying the reset tree is isomorphic to the composition tree
 is making the same mistake that qbus did with the bus tree is
 isomorphic to the composition tree. The stakes are lower for reset
 and we can probably get away with it, but it really isn't how the
 hardware works...

It flows through the composition tree by default, but can be overridden
at any point.

For instance, the i440fx will absolutely want to override this behavior
such that it can flow reset through the PCI bus (which is how the PIIX3
would be reset).  However, the PIIX3 has no need to override this
behavior.

So this model should work very well for most types of virtual hardware.
But it doesn't provide for a mechanism to after all devices are
initialized, build FDT in guest memory, then set the CPU registers to
point to it.

There's no logical device that has a scope like that that also has the
mechanism to get that type of hook in the reset path.  That's why we
need to have the QEMUMachine::reset() hook.

Regards,

Anthony Liguori


 -- PMM

Re: [Qemu-devel] [PATCH 2/2] pseries: Use new hook to correct reset sequence

On 3 August 2012 15:22, Anthony Liguori anth...@codemonkey.ws wrote:
 Peter Maydell peter.mayd...@linaro.org writes:
 On 3 August 2012 14:50, Anthony Liguori anth...@codemonkey.ws wrote:
 There ought to be a hierarchy (based on composition) that reset flows
 through.

 I think saying the reset tree is isomorphic to the composition tree
 is making the same mistake that qbus did with the bus tree is
 isomorphic to the composition tree. The stakes are lower for reset
 and we can probably get away with it, but it really isn't how the
 hardware works...

 It flows through the composition tree by default, but can be overridden
 at any point.

That doesn't let you model situations where reset doesn't start at
the root of the tree, though. (eg, reset controller wants to trigger
a reset of just the CPUs, or of CPUs + board devices).

 So this model should work very well for most types of virtual hardware.
 But it doesn't provide for a mechanism to after all devices are
 initialized, build FDT in guest memory, then set the CPU registers to
 point to it.

 There's no logical device that has a scope like that that also has the
 mechanism to get that type of hook in the reset path.  That's why we
 need to have the QEMUMachine::reset() hook.

Yeah, I see the need, but I wonder if calling it 'reset' is confusing:
maybe it should be 'post-reset', 'post-realize' or something?

The arm_boot code needs to do set up and run at this point too.

The other oddball case for reset is ARM M-profile cores, where the
initial PC is read from a vector table at reset rather than being
a fixed value. At the moment the mechanism we use for this is deeply
hacky: some more generic mechanism for do this when we come out of
reset but before starting to execute might be useful there.

-- PMM

Re: [Qemu-devel] [PATCH 2/2] pseries: Use new hook to correct reset sequence

Am 02.08.2012 21:40, schrieb Anthony Liguori:
 Andreas Färber afaer...@suse.de writes:
 
 Am 02.08.2012 20:29, schrieb Anthony Liguori:
 Andreas Färber afaer...@suse.de writes:

 Anthony was favoring moving reset code out of machines and expressed
 dislike for looping through CPUs, which my above patch took into
 account. The ordering issue between CPU and devices is still unsolved 
 there.

 Some on-list comments from Anthony would be nice, since we are moving
 into opposing directions here - having the sPAPR machine be more in
 control vs. moving code away from the PC machine into target-i386 CPU
 and/or common CPU code.

 I already commented on the first patch because I had a feeling you'd
 post something like this ;-)

 I was not cc'ed. :(

I did read the reply wrt reset controller chip btw in case you meant
that one, but it doesn't discuss QEMU API at all, only wording changes
to the commit message.

 Regarding reset:

 1) Devices should implement DeviceState::reset()

 2) If a device doesn't implement ::reset(), it should call
 qemu_register_reset()

 3) Reset should propagate through the device model, starting with the
 top-level machine which is logically what's plugged into the wall and
 is the source of power in the first place.

 So you changed your opinion over night?
 
 No.

Ben's cover letter indicated as discussed with Anthony on a call,
suggesting to me that you agree to the solution presented here! Bad
choice of words then.

 I wanted to keep the reset callbacks in the machine. You applied a patch
 breaking that pattern and argued you wanted to move reset code *out* of
 the machine. Now you say the machine should *propagate* reset. Sorry,
 that's unlogical to me...
 
 You're not listening carefully.  Just a friendly piece of advise--
 instead of sending knee-jerk emails, spend some time going back and
 re-reading these discussions.
 
 This has been discussed literally to death now for years.

Mind you, you are communicating with non-native speakers and I had to
look up knee-jerk. If you have a point to make, do it clearly. Your
replies have been anything but helpful to me.

You find my emails knee-jerked, I find your applying Igor's second patch
just before the 1.2 freeze a knee-jerk reaction. Especially considering
that you apply that series but not his earlier initfn one that did not
get objections any more. Two opinions.

Now, I have close to 20,000 unread qemu-devel mails alone. If you have
time to re-read the discussions from several years then I wonder why you
are not processing more uncontroversial patches and PULLs and replying
to mails. Otherwise don't ask people to do what you don't humanly manage
yourself.

Regards,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH] Revert virtio: move common ioeventfd handling out of virtio-pci

This reverts commit b1f416aa8d870fab71030abc9401cfc77b948e8e.

The above commit breaks vhost_net because it always registers the
virtio_pci_host_notifier_read() handler function on the ioeventfd, even
when vhost_net.ko is using the ioeventfd.  The result is both QEMU and
vhost_net.ko polling on the same eventfd and the virtio_net.ko guest
driver seeing inconsistent results:

  # ifconfig eth0 192.168.0.1 netmask 255.255.255.0
  virtio_net virtio0: output:id 0 is not a head!

Cc: Paolo Bonzini pbonz...@redhat.com
Signed-off-by: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
---
 hw/virtio-pci.c |   36 ++--
 hw/virtio.c |   22 --
 hw/virtio.h |1 -
 3 files changed, 34 insertions(+), 25 deletions(-)

diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index 3ab9747..34262cb 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -173,18 +173,46 @@ static int 
virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
  __func__, r);
 return r;
 }
-virtio_queue_set_host_notifier_fd_handler(vq, true);
 memory_region_add_eventfd(proxy-bar, VIRTIO_PCI_QUEUE_NOTIFY, 2,
   true, n, notifier);
 } else {
 memory_region_del_eventfd(proxy-bar, VIRTIO_PCI_QUEUE_NOTIFY, 2,
   true, n, notifier);
-virtio_queue_set_host_notifier_fd_handler(vq, false);
+/* Handle the race condition where the guest kicked and we deassigned
+ * before we got around to handling the kick.
+ */
+if (event_notifier_test_and_clear(notifier)) {
+virtio_queue_notify_vq(vq);
+}
+
 event_notifier_cleanup(notifier);
 }
 return r;
 }
 
+static void virtio_pci_host_notifier_read(void *opaque)
+{
+VirtQueue *vq = opaque;
+EventNotifier *n = virtio_queue_get_host_notifier(vq);
+if (event_notifier_test_and_clear(n)) {
+virtio_queue_notify_vq(vq);
+}
+}
+
+static void virtio_pci_set_host_notifier_fd_handler(VirtIOPCIProxy *proxy,
+int n, bool assign)
+{
+VirtQueue *vq = virtio_get_queue(proxy-vdev, n);
+EventNotifier *notifier = virtio_queue_get_host_notifier(vq);
+if (assign) {
+qemu_set_fd_handler(event_notifier_get_fd(notifier),
+virtio_pci_host_notifier_read, NULL, vq);
+} else {
+qemu_set_fd_handler(event_notifier_get_fd(notifier),
+NULL, NULL, NULL);
+}
+}
+
 static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy)
 {
 int n, r;
@@ -204,6 +232,8 @@ static void virtio_pci_start_ioeventfd(VirtIOPCIProxy 
*proxy)
 if (r  0) {
 goto assign_error;
 }
+
+virtio_pci_set_host_notifier_fd_handler(proxy, n, true);
 }
 proxy-ioeventfd_started = true;
 return;
@@ -214,6 +244,7 @@ assign_error:
 continue;
 }
 
+virtio_pci_set_host_notifier_fd_handler(proxy, n, false);
 r = virtio_pci_set_host_notifier_internal(proxy, n, false);
 assert(r = 0);
 }
@@ -235,6 +266,7 @@ static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy)
 continue;
 }
 
+virtio_pci_set_host_notifier_fd_handler(proxy, n, false);
 r = virtio_pci_set_host_notifier_internal(proxy, n, false);
 assert(r = 0);
 }
diff --git a/hw/virtio.c b/hw/virtio.c
index d146f86..1fab9bb 100644
--- a/hw/virtio.c
+++ b/hw/virtio.c
@@ -1012,28 +1012,6 @@ EventNotifier *virtio_queue_get_guest_notifier(VirtQueue 
*vq)
 {
 return vq-guest_notifier;
 }
-
-static void virtio_queue_host_notifier_read(EventNotifier *n)
-{
-VirtQueue *vq = container_of(n, VirtQueue, host_notifier);
-if (event_notifier_test_and_clear(n)) {
-virtio_queue_notify_vq(vq);
-}
-}
-
-void virtio_queue_set_host_notifier_fd_handler(VirtQueue *vq, bool assign)
-{
-if (assign) {
-event_notifier_set_handler(vq-host_notifier,
-   virtio_queue_host_notifier_read);
-} else {
-event_notifier_set_handler(vq-host_notifier, NULL);
-/* Test and clear notifier before after disabling event,
- * in case poll callback didn't have time to run. */
-virtio_queue_host_notifier_read(vq-host_notifier);
-}
-}
-
 EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq)
 {
 return vq-host_notifier;
diff --git a/hw/virtio.h b/hw/virtio.h
index f8b5535..6ae5b6e 100644
--- a/hw/virtio.h
+++ b/hw/virtio.h
@@ -233,7 +233,6 @@ EventNotifier *virtio_queue_get_guest_notifier(VirtQueue 
*vq);
 void virtio_queue_set_guest_notifier_fd_handler(VirtQueue *vq, bool assign,
 bool with_irqfd);
 EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq);
-void virtio_queue_set_host_notifier_fd_handler(VirtQueue *vq, bool assign);
 void

Re: [Qemu-devel] [PATCH 2/2] pseries: Use new hook to correct reset sequence

Am 02.08.2012 21:40, schrieb Anthony Liguori:
 Reset propagates.  There is unanimous consensus that this is the Right
 Way to model reset.  There is also wide consensus that reset typically
 will propagate through the composition tree although in some cases,
 reset actually propagates through the bus (this mostly affects devices
 that are children of /peripheral paths though).
 
 The root of the composition tree is the machine.  The machine in the
 abstract sense, not the QEMUMachine sense.  QEMUMachine::init() should
 eventually become trivial--just create a handful of devices that
 represent the core components of the machine with everything else being
 created through composition.
 
 Open coded logic in QEMUMachine::init is always bad.  Handling reset for
 a specific device in QEMUMachine::init is bad.  That goes against the
 idea of making QEMUMachine::init trivial.

We don't seem in disagreement so far. No one is questioning bus resets.
The issue at hand is specifically CPU reset, for which there is no bus,
no container and thus must happen somehow at machine level.

I have posted a suggestion where CPU reset is triggered by the machine
as an abstract concept (needs a bit of tweaking still, but the general
idea is there).
Based on that, shouldn't it be rather easy to add a Notifier similar to
machine init done that lets individual machines do post-reset setup?
I.e. not have QEMUMachine trigger and control the reset.

An alternative would be to have a CPUState::reset callback (in addition
to CPUClass::reset) that would by default be NULL but could be used by
the odd machines to piggy-back reset code. I think this is the safest
solution, assuring that on every cpu_reset() the custom reset code is
executed immediately.

The other issue wrt reset callback placement is CPU hotplug, where I
believe we need a callback at machine level in lack of a bus CPUs are
attached to. When the CPU is plugged we need to assure it later gets
reset by someone and added as a QOM child in the proper place. Currently
we don't have that. If we iterate through CPUs as done here we would get
that for free, otherwise we may need to register reset callbacks on
hotplug and unregister on hot-unplug at QEMUMachine level.

I am all ears for practical solutions, but theoretical talk about
containers and reset propagation doesn't seem to get us a solution.
Please say what container you mean and how/where your solutions are
supposed to work in code and how which of the proposals should be improved.

Thanks,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 2/2] pseries: Use new hook to correct reset sequence

Am 03.08.2012 04:31, schrieb David Gibson:
 On Thu, Aug 02, 2012 at 05:44:49PM +0200, Andreas Färber wrote:
 Am 02.08.2012 04:10, schrieb David Gibson:
 A number of things need to occur during reset of the PAPR paravirtualized
 platform in a specific order.  For example, the hash table needs to be
 cleared before the CPUs are reset, so that they initialize their register
 state correctly, and the CPUs need to have their main reset called before
 we set up the entry point state on the boot cpu.  We also need to have
 the main qdev reset happen before the creation and installation of the
 device tree for the new boot, because we need the state of the devices
 settled to correctly construct the device tree.

 Currently reset of pseries is broken in a number of ways, and in other
 cases works largely by accident. This patch uses the new QEMUMachine reset
 hook to correct these problems, by replacing the several existing spapr
 reset hooks with one new machine hook which ensures that the various stages
 happen in the correct order.

 Signed-off-by: David Gibson da...@gibson.dropbear.id.au
 ---
  hw/spapr.c |   66 
 +---
  1 file changed, 36 insertions(+), 30 deletions(-)

 diff --git a/hw/spapr.c b/hw/spapr.c
 index 2453bae..1e60ec1 100644
 --- a/hw/spapr.c
 +++ b/hw/spapr.c
 @@ -582,29 +582,22 @@ static void spapr_reset_htab(sPAPREnvironment *spapr)
  }
  }
  
 -static void spapr_reset(void *opaque)
 +static void spapr_reset_cpu(CPUPPCState *env)
  {
 -sPAPREnvironment *spapr = (sPAPREnvironment *)opaque;
 -
 -/* Reset the hash table  recalc the RMA */
 -spapr_reset_htab(spapr);
 -
 -/* Load the fdt */
 -spapr_finalize_fdt(spapr, spapr-fdt_addr, spapr-rtas_addr,
 -   spapr-rtas_size);
 -}
 -
 -static void spapr_cpu_reset(void *opaque)
 -{
 -PowerPCCPU *cpu = opaque;
 -CPUPPCState *env = cpu-env;
 +PowerPCCPU *cpu = container_of(env, PowerPCCPU, env);

 NACK. Please don't undo the cleanups I have applied! Functions should
 take a QOM PowerPCCPU, not its internal CPUPPCState. Fields are
 gradually being moved from CPUxxxState into CPUState.
 
 Um, ok.  So how do I iterate the PowerPCCPUs instead of the CPUPPCStates?

You can't, yet. The QOM CPUState part 4 series (that got stalled due to
APIC modelling) moved quite some fields to CPUState but not enough to
change the first_cpu type despite the really long (74?) series.

So the solution here is to iterate the CPUPPCState, call
ppc_env_get_cpu() on it and pass that as opaque as before.

I could add a cpu_foreach() function though if that helps in the
meantime? Either way the idea is to limit the number of places to touch
in the upcoming refactorings.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH v2][RFC] Add compare subcommand for qemu-img

2012-08-03 Thread Eric Blake

On 08/03/2012 12:45 AM, Miroslav Rezanina wrote:
 This is second version of  patch adding compare subcommand that compares two
 images. Compare has following criteria:
  - only data part is compared
  - unallocated sectors are not read
  - in case of different image size, exceeding part of bigger disk has
to be zeroed/unallocated to compare rest
  - qemu-img returns:
 - 0 if images are identical
 - 1 if images differ
 - 2 on error
 
 v2:
  - changed option for second image format to -F
  - changed handlig of -f and -F [1]
  - added strict mode (-s)
  - added quiet mode (-q)
  - improved output messages [2]
  - rename variables for larger image handling
  - added man page content
 
 [1] Original patch handling was as following:
  i)   neither -f nor -F  - both images probed for type
  ii)  -f only- both images use specified type
  iii) -F only- first image probed, second image use specified type
  iii) -f and -F  - first image use -f type, second use -F type
 
 This patch change behavior in way that case ii) and iii) has same efect - we
 use specified value for both images.

I still think orthogonality is better than applying one option to both
files.  Probing is sometimes useful, and you have left no way to probe
one file but not the other.

 
 [2] When we hit different sector we print its number out.
 
 Points to dicuss:
 
 i) Handling -f/-F options.
 Currently we have three scenarios - no option
 specified - probe all, one of options specified - use it for both, both option
 specified - use each value for related image. This behavior is based on idea
 that we can use format probing for all images or specify format for all 
 images.
 This preserve state when -f fmt specify input image format (compare is only
 subcomand with more than one input image except convert that uses multiple
 images without possibility to specify different format for each image).
 
 However, there's one more behavior to be considered - to use -f/-F for one
 image only - when only one option is provided, only appropriate image use 
 specified
 format, second one is probed.

I would prefer this, as it would let me compare against a file of
unknown type.


 +++ b/qemu-img-cmds.hx
 @@ -27,6 +27,12 @@ STEXI
  @item commit [-f @var{fmt}] [-t @var{cache}] @var{filename}
  ETEXI
  
 +DEF(compare, img_compare,
 +compare [-f fmt] [-g fmt] [-p] filename1 filename2)

Out of date with the rest of your patch.

 +STEXI
 +@item compare [-f @var{fmt}] [-F @var{fmt}] [-p] [-q] [-s] @var{filename1} 
 @var{filename2}
 +ETEXI
 +
  DEF(convert, img_convert,
  convert [-c] [-p] [-f fmt] [-t cache] [-O output_fmt] [-o options] [-s 
 snapshot_name] [-S sparse_size] filename [filename2 [...]] output_filename)
  STEXI
 diff --git a/qemu-img.c b/qemu-img.c
 index 80cfb9b..6722fa0 100644
 --- a/qemu-img.c
 +++ b/qemu-img.c
 @@ -96,7 +96,11 @@ static void help(void)
   '-a' applies a snapshot (revert disk to saved state)\n
   '-c' creates a snapshot\n
   '-d' deletes a snapshot\n
 - '-l' lists all snapshots in the given image\n;
 + '-l' lists all snapshots in the given image\n
 +   Parameters to compare subcommand:\n
 + '-F' Second image format (in case it differs from first 
 image)\n

If you make -f and -F orthogonal, applying to one image each, this might
be better worded as:

'-F' Second image format (-f applies only to first image)\n

or even just

'-F' Second image format


 +/*
 + * Compares two images. Exit codes:
 + *
 + * 0 - Images are identical
 + * 1 - Images differ
 + * 2 - Error occured

s/occured/occurred/


 +++ b/qemu-img.texi
 @@ -67,6 +67,18 @@ deletes a snapshot
  lists all snapshots in the given image
  @end table
  
 +Parameters to compare subcommand:
 +
 +@table @option
 +
 +@item -F
 +Second image format (in case it differs from first image)

Another instance of wording to be careful of.

 @@ -100,6 +112,27 @@ it doesn't need to be specified separately in this case.
  
  Commit the changes recorded in @var{filename} in its base image.
  
 +@item compare [-f @var{fmt}] [-F @var{fmt}] [-p] [-s] [-q] @var{filename1} 
 @var{filename2}
 +
 +Compare content of two images. You can compare images with different format 
 or
 +settings.
 +
 +Format is probed unless you specify it by @var{-f} and/or @var{-F} option.
 +If only one of these options is specified, it is used for both images.
 +If both options are specfied, @var{-f} is used for @var{filename1} and
 +@var{-F} for @var{filename2}.
 +
 +By default, compare evaluate as identical images with different size where

s/evaluate/evaluates/

 +bigger image contains only unallocated and/or zeroed sectors in area above
 +second image size. In addition, if any sector is not allocated in one image
 +and contains only zero bytes in second, it is evaluated as equal. You can use
 +Strict mode by specifying @var{-s} option. When compare runs in Strict mode,
 +it fails

Re: [Qemu-devel] [PATCH 3/7] s390: sclp base support

Am 24.07.2012 09:37, schrieb Christian Borntraeger:
 diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
 new file mode 100644
 index 000..4095ba6
 --- /dev/null
 +++ b/hw/s390x/sclp.c
[...]
 +
 +static TypeInfo s390_sclp_bridge_info = {

Two minor comments:

static const please.

 +.name  = s390-sclp-bridge,
 +.parent= TYPE_SYS_BUS_DEVICE,
 +.instance_size = sizeof(SysBusDevice),
 +.class_init= s390_sclp_bridge_class_init,
 +};
 +
 +static void s390_sclp_register_types(void)
 +{
 +type_register_static(s390_sclp_bridge_info);
 +type_register_static(s390_sclp_bus_info);
 +}
 +type_init(s390_sclp_register_types)

Please insert a white line between the function and type_init().
Both apply to virtually all following patches as well.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH v4 2/2] block: Support GlusterFS as a QEMU block backend

2012-08-03 Thread Blue Swirl

On Thu, Aug 2, 2012 at 3:55 AM, Bharata B Rao
bhar...@linux.vnet.ibm.com wrote:
 On Wed, Aug 01, 2012 at 06:35:22PM +, Blue Swirl wrote:
  +
  +if (!transport) {
  +uri-transport = strdup(socket);

 g_strdup

 Sorry about that, pitfalls of developing the parsing code out of line :(

  +static int qemu_gluster_parseuri(GlusterURI *uri, const char *filename)
  +{
  +char *token, *saveptr;
  +char *p, *r;
  +int ret = -EINVAL;
  +
  +p = r = g_strdup(filename);

 Why?

 - Are you asking why use 2 variables ? I need them because I loose p and
   need r to free the string.
 - Or are you asking why strdup ? That's because filename is const char *
   and I need to modify the filename when parsing.

OK.


  +static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret, void 
  *arg)
  +{
  +GlusterAIOCB *acb = (GlusterAIOCB *)arg;
  +BDRVGlusterState *s = acb-common.bs-opaque;
  +
  +acb-ret = ret;
  +if (qemu_gluster_send_pipe(s, acb)  0) {
  +error_report(Could not complete read/write/flush from gluster);
  +abort();

 Aborting is a bit drastic, it would be nice to save and exit gracefully.

 I am not sure if there is an easy way to recover sanely and exit from this
 kind of error.

 Here the non-QEMU thread (gluster thread) failed to notify the QEMU thread
 on the read side of the pipe about the IO completion. So essentially
 bdrv_read or bdrv_write will never complete if this error happens.

 Do you have any suggestions on how to exit gracefully here ?

Ignore but set the callback return to -EIO, see for example curl.c:249.


  +static QEMUOptionParameter qemu_gluster_create_options[] = {

 'const'?

 Hmm no precedence of const usage for identical scenario in  other block
 drivers in QEMU.


  +{
  +.name = BLOCK_OPT_SIZE,
  +.type = OPT_SIZE,
  +.help = Virtual disk size
  +},
  +{ NULL }
  +};
  +
  +static BlockDriver bdrv_gluster = {

 'const'?

 Again dodn't see the precedence for this.

OK.


 Thanks for your review.

 Regards,
 Bharata.

Re: [Qemu-devel] [RFC 00/12] Qorum disk image corruption resiliency

2012-08-03 Thread Blue Swirl

On Thu, Aug 2, 2012 at 10:16 AM, Benoît Canet benoit.ca...@gmail.com wrote:
 This patchset create a block driver implementing a qorum using three qemu disk
 images. Writes are mirrored on the three files.
 For the reading part the three files are read at the same time and a vote is
 done to determine which is the majoritary qiov version. It then return this
 majoritary version to the upper layers.
 When three differents versions of the data are returned by the lower layer the
 qorum is broken and the read return -EIO.

It would be pretty easy to make the number of nodes and quorum
threshold values for both read and write selectable. Then you could
have for example 100 nodes and write quorum at 51 (for example, 49
nodes offline). Obviously writing the same data 100 times sequentially
would not give very high performance but it's a start.


 The goal of this patchset is to be turned in a QEMU block filter living just
 above raw-*.c and below qcow2/qed when the required infrastructure will be 
 done.

 Main use of this feature will be people using NFS appliances which can be
 subjected to bitflip errors.

I think this would give pretty easy way to keep distributed replicas in synch.


 usage: -drive file=qorum:image1.raw:image2.raw:image3.raw,if=virtio,cache=none

 Benoît Canet (12):
   qorum: Add GPL v2+ header file.
   qorum: Add QorumSingleAIOCB and QorumAIOCB.
   qorum: Create BDRVQorumState and BlkDriver and do init.
   qorum: Add qorum_open().
   qorum: Add qorum_close().
   qorum: Add qorum_getlength().
   qorum: Add qorum_aio_writev and its dependencies.
   blkverify: Make blkverify_iovec_clone() and blkverify_iovec_compare()
 public
   qorum: Add qorum_co_flush().
   qorum: Add qorum_aio_readv.
   qorum: Add qorum mechanism.
   qorum: build feature into QEMU.

  block/Makefile.objs |1 +
  block/blkverify.c   |8 +-
  block/qorum.c   |  393 
 +++
  3 files changed, 400 insertions(+), 2 deletions(-)
  create mode 100644 block/qorum.c

 --
 1.7.9.5

[Qemu-devel] [untested PATCH] virtio: fix vhost handling

Commit b1f416aa8d870fab71030abc9401cfc77b948e8e breaks vhost_net
because it always registers the virtio_pci_host_notifier_read() handler
function on the ioeventfd, even when vhost_net.ko is using the ioeventfd.
The result is both QEMU and vhost_net.ko polling on the same eventfd
and the virtio_net.ko guest driver seeing inconsistent results:

  # ifconfig eth0 192.168.0.1 netmask 255.255.255.0
  virtio_net virtio0: output:id 0 is not a head!

To fix this, proceed the same as we do for irqfd: add a parameter to
virtio_queue_set_host_notifier_fd_handler and in that case only set
the notifier, not the handler

Cc: Stefan Hajnoczi stefa...@linux.vnet.ibm.com
Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
Interesting, I tested vhost (or thought so).  Can you try this
patch instead?

 hw/virtio-pci.c |   14 +++---
 hw/virtio.c |7 +--
 hw/virtio.h |3 ++-
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index 3ab9747..6133626 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -160,7 +160,7 @@ static int virtio_pci_load_queue(void * opaque, int n, 
QEMUFile *f)
 }
 
 static int virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
- int n, bool assign)
+ int n, bool assign, bool 
with_vhost)
 {
 VirtQueue *vq = virtio_get_queue(proxy-vdev, n);
 EventNotifier *notifier = virtio_queue_get_host_notifier(vq);
@@ -173,13 +173,13 @@ static int 
virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
  __func__, r);
 return r;
 }
-virtio_queue_set_host_notifier_fd_handler(vq, true);
+virtio_queue_set_host_notifier_fd_handler(vq, true, with_vhost);
 memory_region_add_eventfd(proxy-bar, VIRTIO_PCI_QUEUE_NOTIFY, 2,
   true, n, notifier);
 } else {
 memory_region_del_eventfd(proxy-bar, VIRTIO_PCI_QUEUE_NOTIFY, 2,
   true, n, notifier);
-virtio_queue_set_host_notifier_fd_handler(vq, false);
+virtio_queue_set_host_notifier_fd_handler(vq, false, with_vhost);
 event_notifier_cleanup(notifier);
 }
 return r;
@@ -200,7 +200,7 @@ static void virtio_pci_start_ioeventfd(VirtIOPCIProxy 
*proxy)
 continue;
 }
 
-r = virtio_pci_set_host_notifier_internal(proxy, n, true);
+r = virtio_pci_set_host_notifier_internal(proxy, n, true, false);
 if (r  0) {
 goto assign_error;
 }
@@ -214,7 +214,7 @@ assign_error:
 continue;
 }
 
-r = virtio_pci_set_host_notifier_internal(proxy, n, false);
+r = virtio_pci_set_host_notifier_internal(proxy, n, false, false);
 assert(r = 0);
 }
 proxy-ioeventfd_started = false;
@@ -235,7 +235,7 @@ static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy)
 continue;
 }
 
-r = virtio_pci_set_host_notifier_internal(proxy, n, false);
+r = virtio_pci_set_host_notifier_internal(proxy, n, false, false);
 assert(r = 0);
 }
 proxy-ioeventfd_started = false;
@@ -683,7 +683,7 @@ static int virtio_pci_set_host_notifier(void *opaque, int 
n, bool assign)
  * currently only stops on status change away from ok,
  * reset, vmstop and such. If we do add code to start here,
  * need to check vmstate, device state etc. */
-return virtio_pci_set_host_notifier_internal(proxy, n, assign);
+return virtio_pci_set_host_notifier_internal(proxy, n, assign, assign);
 }
 
 static void virtio_pci_vmstate_change(void *opaque, bool running)
diff --git a/hw/virtio.c b/hw/virtio.c
index d146f86..89e6d6f 100644
--- a/hw/virtio.c
+++ b/hw/virtio.c
@@ -1021,13 +1021,16 @@ static void 
virtio_queue_host_notifier_read(EventNotifier *n)
 }
 }
 
-void virtio_queue_set_host_notifier_fd_handler(VirtQueue *vq, bool assign)
+void virtio_queue_set_host_notifier_fd_handler(VirtQueue *vq, bool assign,
+   bool with_vhost)
 {
-if (assign) {
+if (assign  !with_vhost) {
 event_notifier_set_handler(vq-host_notifier,
virtio_queue_host_notifier_read);
 } else {
 event_notifier_set_handler(vq-host_notifier, NULL);
+}
+if (!assign) {
 /* Test and clear notifier before after disabling event,
  * in case poll callback didn't have time to run. */
 virtio_queue_host_notifier_read(vq-host_notifier);
diff --git a/hw/virtio.h b/hw/virtio.h
index f8b5535..d6a8ea3 100644
--- a/hw/virtio.h
+++ b/hw/virtio.h
@@ -233,7 +233,8 @@ EventNotifier *virtio_queue_get_guest_notifier(VirtQueue 
*vq);
 void virtio_queue_set_guest_notifier_fd_handler(VirtQueue *vq, bool assign,
 bool with_irqfd);
 EventNotifier

Re: [Qemu-devel] [PATCH 2/2] pseries: Use new hook to correct reset sequence

Andreas Färber afaer...@suse.de writes:

 Am 02.08.2012 21:40, schrieb Anthony Liguori:
 Reset propagates.  There is unanimous consensus that this is the Right
 Way to model reset.  There is also wide consensus that reset typically
 will propagate through the composition tree although in some cases,
 reset actually propagates through the bus (this mostly affects devices
 that are children of /peripheral paths though).
 
 The root of the composition tree is the machine.  The machine in the
 abstract sense, not the QEMUMachine sense.  QEMUMachine::init() should
 eventually become trivial--just create a handful of devices that
 represent the core components of the machine with everything else being
 created through composition.
 
 Open coded logic in QEMUMachine::init is always bad.  Handling reset for
 a specific device in QEMUMachine::init is bad.  That goes against the
 idea of making QEMUMachine::init trivial.

 We don't seem in disagreement so far. No one is questioning bus resets.
 The issue at hand is specifically CPU reset, for which there is no bus,
 no container and thus must happen somehow at machine level.

 I have posted a suggestion where CPU reset is triggered by the machine
 as an abstract concept (needs a bit of tweaking still, but the general
 idea is there).
 Based on that, shouldn't it be rather easy to add a Notifier similar to
 machine init done that lets individual machines do post-reset setup?
 I.e. not have QEMUMachine trigger and control the reset.

This means that the reset logic will be spread out.  A single hook in
QEMUMachine is much nicer.

 An alternative would be to have a CPUState::reset callback (in addition
 to CPUClass::reset) that would by default be NULL but could be used by
 the odd machines to piggy-back reset code. I think this is the safest
 solution, assuring that on every cpu_reset() the custom reset code is
 executed immediately.

I think the right way to handle reset for CPU's is exactly what's done
today.  The CPUState registers a reset handler via
qemu_register_reset().

Eventually, we would model CPUSocket, CPUCore, CPUThread (which is
essentially what is CPUState today).

Reset of CPUState would propagate its CPUCores, which would then
propagate to CPUThread.

The machine/board device would have 1-N linkCPUSocket properties and
the reset handler for the board would propagate reset to the CPUSocket links.

 The other issue wrt reset callback placement is CPU hotplug, where I
 believe we need a callback at machine level in lack of a bus CPUs are
 attached to. When the CPU is plugged we need to assure it later gets
 reset by someone and added as a QOM child in the proper place.

Reset does two things today: tear down current state and establish
initial state.

The fact that we rely on an external call to reset to establish initial
state after construction is not ideal.  Initial state should be
established during construction either by explicitly calling a function
(it could be reset) or by setting initial state.

 Currently
 we don't have that. If we iterate through CPUs as done here we would get
 that for free, otherwise we may need to register reset callbacks on
 hotplug and unregister on hot-unplug at QEMUMachine level.

If you hotplug a CPUSocket by setting a link on the machine device,
then this all Just Works without any special handling.

This is what makes propagation so attractive.  You don't have to
maintain a list of everything that needs to be reset along with data
descriptions of the order.  That gets figured out lazily during reset.

Regards,

Anthony Liguori


 I am all ears for practical solutions, but theoretical talk about
 containers and reset propagation doesn't seem to get us a solution.
 Please say what container you mean and how/where your solutions are
 supposed to work in code and how which of the proposals should be improved.

 Thanks,
 Andreas

 -- 
 SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
 GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [BUG] BSOD on Win2003 Server when 64bit PCI resource is present

Il 26/07/2012 17:38, Alexey Korolev ha scritto:
 HI,
 
 Current version of Seabios is causing blue screen on Windows2003 when 64bit 
 PCI resource is present and occupies high memory.
 
 BSOD Error code is: 0x00A5 (0x02, 0xfADF6A446880, 0x1, 
 0xFADFAA34690)
 
 The issue is localized, it is related to presence of 64bit resource in _CRS 
 method.
 
 If we disable a 64bit region from _CRS  the Win2003 load normally but this 
 doesn't allow Windows to use 64bit resources.
 
 At the moment I have no idea how to fix this. Please help! 

I wonder if Windows 2003 does not support ConcatenateResTemplate.  The patch 
below
is obviously wrong, but should let you check if this is the issue:

git diff src/acpi-dsdt.dsl
diff --git a/src/acpi-dsdt.dsl b/src/acpi-dsdt.dsl
index 72dc7d8..11a9c92 100644
--- a/src/acpi-dsdt.dsl
+++ b/src/acpi-dsdt.dsl
@@ -175,9 +175,6 @@ DefinitionBlock (
 0x, // Address Translation Offset
 0x1EC0, // Address Length
 ,, PW32, AddressRangeMemory, TypeStatic)
-})
-Name (CR64, ResourceTemplate ()
-{
 QWordMemory (ResourceProducer, PosDecode, MinFixed, MaxFixed, 
Cacheable, ReadWrite,
 0x,  // Address Space Granularity
 0x80,// Address Range Minimum
@@ -221,20 +218,14 @@ DefinitionBlock (
Store (P0EL, PE32)
Store (P0LL, PL32)
 
-   If (LAnd(LEqual(P1SL, 0x00), LEqual(P1SH, 0x00))) {
-   Return (CRES)
-   } Else {
/* fixup 64bit pci io window */
-   CreateQWordField (CR64,\_SB.PCI0.PW64._MIN, PS64)
-   CreateQWordField (CR64,\_SB.PCI0.PW64._MAX, PE64)
-   CreateQWordField (CR64,\_SB.PCI0.PW64._LEN, PL64)
+   CreateQWordField (CRES,\_SB.PCI0.PW64._MIN, PS64)
+   CreateQWordField (CRES,\_SB.PCI0.PW64._MAX, PE64)
+   CreateQWordField (CRES,\_SB.PCI0.PW64._LEN, PL64)
Store (P1S, PS64)
Store (P1E, PE64)
Store (P1L, PL64)
-   /* add window and return result */
-   ConcatenateResTemplate (CRES, CR64, Local0)
-   Return (Local0)
-   }
+   Return (CRES)
 }
 }
 }

Paolo

[Qemu-devel] [PULL 0/4]: QMP queue

A qapi fix from Markus and a new field to query-block by Benoit.

The changes (since 02d2bd5d57812154cfb978bc2098cf49d551583d) are available
in the following repository:

git://repo.or.cz/qemu/qmp-unstable.git queue/qmp

Benoît Canet (3):
  block: create bdrv_get_backing_file_depth()
  block: Use bdrv_get_backing_file_depth()
  hmp: show the backing file depth

Luiz Capitulino (1):
  qapi: qapi.py: allow the ' character to be escaped

 block.c  | 16 
 block.h  |  1 +
 hmp.c|  2 ++
 qapi-schema.json |  9 ++---
 qmp-commands.hx  |  2 ++
 scripts/qapi.py  | 31 +--
 6 files changed, 48 insertions(+), 13 deletions(-)

[Qemu-devel] [PATCH 1/4] qapi: qapi.py: allow the ' character to be escaped

Support escaping the escape character, and make more robust (don't die
for '', handle ' without matching '.

Signed-off-by: Markus Armbruster arm...@redhat.com
Reviewed-by: Peter Maydell peter.mayd...@linaro.org
Signed-off-by: Luiz Capitulino lcapitul...@redhat.com
---
 scripts/qapi.py | 31 +--
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 8082af3..d3b8b4d 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -13,18 +13,29 @@ from ordereddict import OrderedDict
 
 def tokenize(data):
 while len(data):
-if data[0] in ['{', '}', ':', ',', '[', ']']:
-yield data[0]
-data = data[1:]
-elif data[0] in ' \n':
-data = data[1:]
-elif data[0] == ':
-data = data[1:]
+ch = data[0]
+data = data[1:]
+if ch in ['{', '}', ':', ',', '[', ']']:
+yield ch
+elif ch in ' \n':
+None
+elif ch == ':
 string = ''
-while data[0] != ':
-string += data[0]
+esc = False
+while True:
+if (data == ''):
+raise Exception(Mismatched quotes)
+ch = data[0]
 data = data[1:]
-data = data[1:]
+if esc:
+string += ch
+esc = False
+elif ch == \\:
+esc = True
+elif ch == ':
+break
+else:
+string += ch
 yield string
 
 def parse(tokens):
-- 
1.7.11.2.249.g31c7954.dirty

[Qemu-devel] [PATCH 3/4] block: Use bdrv_get_backing_file_depth()

From: Benoît Canet benoit.ca...@gmail.com

Use the dedicated counting function in qmp_query_block in order to
propagate the backing file depth to HMP and add backing_file_depth
to qmp-commands.hx

Signed-off-by: Benoit Canet ben...@irqsave.net
Reviewed-by: Eric Blake ebl...@redhat.com
Signed-off-by: Luiz Capitulino lcapitul...@redhat.com
---
 block.c  | 3 +++
 qapi-schema.json | 9 ++---
 qmp-commands.hx  | 2 ++
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/block.c b/block.c
index 1206bba..24323c1 100644
--- a/block.c
+++ b/block.c
@@ -2450,6 +2450,9 @@ BlockInfoList *qmp_query_block(Error **errp)
 info-value-inserted-backing_file = 
g_strdup(bs-backing_file);
 }
 
+info-value-inserted-backing_file_depth =
+bdrv_get_backing_file_depth(bs);
+
 if (bs-io_limits_enabled) {
 info-value-inserted-bps =
bs-io_limits.bps[BLOCK_IO_LIMIT_TOTAL];
diff --git a/qapi-schema.json b/qapi-schema.json
index bc55ed2..b58f5cd 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -398,6 +398,8 @@
 #
 # @backing_file: #optional the name of the backing file (for copy-on-write)
 #
+# @backing_file_depth: number of files in the backing file chain (since: 1.2)
+#
 # @encrypted: true if the backing device is encrypted
 #
 # @bps: total throughput limit in bytes per second is specified
@@ -418,9 +420,10 @@
 ##
 { 'type': 'BlockDeviceInfo',
   'data': { 'file': 'str', 'ro': 'bool', 'drv': 'str',
-'*backing_file': 'str', 'encrypted': 'bool',
-'bps': 'int', 'bps_rd': 'int', 'bps_wr': 'int',
-'iops': 'int', 'iops_rd': 'int', 'iops_wr': 'int'} }
+'*backing_file': 'str', 'backing_file_depth': 'int',
+'encrypted': 'bool', 'bps': 'int', 'bps_rd': 'int',
+'bps_wr': 'int', 'iops': 'int', 'iops_rd': 'int',
+'iops_wr': 'int'} }
 
 ##
 # @BlockDeviceIoStatus:
diff --git a/qmp-commands.hx b/qmp-commands.hx
index e3cf3c5..ac46638 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -1317,6 +1317,7 @@ Each json-object contain the following:
 nbd, parallels, qcow, qcow2, raw,
 tftp, vdi, vmdk, vpc, vvfat
  - backing_file: backing file name (json-string, optional)
+ - backing_file_depth: number of files in the backing file chain 
(json-int)
  - encrypted: true if encrypted, false otherwise (json-bool)
  - bps: limit total bytes per second (json-int)
  - bps_rd: limit read bytes per second (json-int)
@@ -1345,6 +1346,7 @@ Example:
drv:qcow2,
encrypted:false,
file:disks/test.img,
+   backing_file_depth:0,
bps:100,
bps_rd:0,
bps_wr:0,
-- 
1.7.11.2.249.g31c7954.dirty

[Qemu-devel] [PATCH 2/4] block: create bdrv_get_backing_file_depth()

From: Benoît Canet benoit.ca...@gmail.com

Create bdrv_get_backing_file_depth() in order to be able to show
in QMP and HMP how many ancestors backing an image a block device
have.

Signed-off-by: Benoit Canet ben...@irqsave.net
Reviewed-by: Eric Blake ebl...@redhat.com
Signed-off-by: Luiz Capitulino lcapitul...@redhat.com
---
 block.c | 13 +
 block.h |  1 +
 2 files changed, 14 insertions(+)

diff --git a/block.c b/block.c
index b38940b..1206bba 100644
--- a/block.c
+++ b/block.c
@@ -2754,6 +2754,19 @@ BlockDriverState 
*bdrv_find_backing_image(BlockDriverState *bs,
 return NULL;
 }
 
+int bdrv_get_backing_file_depth(BlockDriverState *bs)
+{
+if (!bs-drv) {
+return 0;
+}
+
+if (!bs-backing_hd) {
+return 0;
+}
+
+return 1 + bdrv_get_backing_file_depth(bs-backing_hd);
+}
+
 #define NB_SUFFIXES 4
 
 char *get_human_readable_size(char *buf, int buf_size, int64_t size)
diff --git a/block.h b/block.h
index c89590d..650d872 100644
--- a/block.h
+++ b/block.h
@@ -174,6 +174,7 @@ int coroutine_fn 
bdrv_co_is_allocated_above(BlockDriverState *top,
 int nb_sectors, int *pnum);
 BlockDriverState *bdrv_find_backing_image(BlockDriverState *bs,
 const char *backing_file);
+int bdrv_get_backing_file_depth(BlockDriverState *bs);
 int bdrv_truncate(BlockDriverState *bs, int64_t offset);
 int64_t bdrv_getlength(BlockDriverState *bs);
 int64_t bdrv_get_allocated_file_size(BlockDriverState *bs);
-- 
1.7.11.2.249.g31c7954.dirty

[Qemu-devel] [PATCH 4/4] hmp: show the backing file depth

From: Benoît Canet benoit.ca...@gmail.com

Signed-off-by: Benoit Canet ben...@irqsave.net
Reviewed-by: Eric Blake ebl...@redhat.com
Signed-off-by: Luiz Capitulino lcapitul...@redhat.com
---
 hmp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hmp.c b/hmp.c
index 6b72a64..25688ab 100644
--- a/hmp.c
+++ b/hmp.c
@@ -227,6 +227,8 @@ void hmp_info_block(Monitor *mon)
 if (info-value-inserted-has_backing_file) {
 monitor_printf(mon,  backing_file=);
 monitor_print_filename(mon, 
info-value-inserted-backing_file);
+monitor_printf(mon,  backing_file_depth=% PRId64,
+info-value-inserted-backing_file_depth);
 }
 monitor_printf(mon,  ro=%d drv=%s encrypted=%d,
info-value-inserted-ro,
-- 
1.7.11.2.249.g31c7954.dirty

Re: [Qemu-devel] [PATCH 01/11] Add migration capabilities

On Thu,  2 Aug 2012 15:44:44 +0300
Orit Wasserman owass...@redhat.com wrote:

 Add migration capabilities that can be queried by the management using
 query-migration-supported-capabilities command.
 The management can query the source QEMU and the destination QEMU in order to
 verify both support some migration capability (currently only XBZRLE).
 
 Signed-off-by: Orit Wasserman owass...@redhat.com
 Signed-off-by: Juan Quintela quint...@redhat.com
 ---
  hmp-commands.hx  |2 ++
  hmp.c|   21 +
  hmp.h|1 +
  migration.c  |   12 
  monitor.c|7 +++
  qapi-schema.json |   39 +++
  qmp-commands.hx  |   25 +
  7 files changed, 107 insertions(+), 0 deletions(-)
 
 diff --git a/hmp-commands.hx b/hmp-commands.hx
 index eea8b32..8267237 100644
 --- a/hmp-commands.hx
 +++ b/hmp-commands.hx
 @@ -1417,6 +1417,8 @@ show CPU statistics
  show user network stack connection states
  @item info migrate
  show migration status
 +@item info migration_supported_capabilities
 +show migration supported capabilities
  @item info balloon
  show balloon information
  @item info qtree
 diff --git a/hmp.c b/hmp.c
 index 6b72a64..2ff71a3 100644
 --- a/hmp.c
 +++ b/hmp.c
 @@ -161,6 +161,27 @@ void hmp_info_migrate(Monitor *mon)
  qapi_free_MigrationInfo(info);
  }
  
 +void hmp_info_migration_supported_capabilities(Monitor *mon)
 +{
 +MigrationCapabilityStatusList *caps_list, *cap;
 +
 +caps_list = qmp_query_migration_supported_capabilities(NULL);
 +if (!caps_list) {
 +monitor_printf(mon, No supported migration capabilities found\n);
 +return;
 +}
 +
 +for (cap = caps_list; cap; cap = cap-next) {
 +monitor_printf(mon, %s: %s ,
 +   MigrationCapability_lookup[cap-value-capability],
 +   cap-value-state ? on : off);
 +}
 +
 +monitor_printf(mon, \n);
 +
 +qapi_free_MigrationCapabilityStatusList(caps_list);
 +}
 +
  void hmp_info_cpus(Monitor *mon)
  {
  CpuInfoList *cpu_list, *cpu;
 diff --git a/hmp.h b/hmp.h
 index 8d2b0d7..8442c22 100644
 --- a/hmp.h
 +++ b/hmp.h
 @@ -25,6 +25,7 @@ void hmp_info_uuid(Monitor *mon);
  void hmp_info_chardev(Monitor *mon);
  void hmp_info_mice(Monitor *mon);
  void hmp_info_migrate(Monitor *mon);
 +void hmp_info_migration_supported_capabilities(Monitor *mon);
  void hmp_info_cpus(Monitor *mon);
  void hmp_info_block(Monitor *mon);
  void hmp_info_blockstats(Monitor *mon);
 diff --git a/migration.c b/migration.c
 index 8db1b43..35444f7 100644
 --- a/migration.c
 +++ b/migration.c
 @@ -166,6 +166,18 @@ MigrationInfo *qmp_query_migrate(Error **errp)
  return info;
  }
  
 +MigrationCapabilityStatusList *
 +qmp_query_migration_supported_capabilities(Error **errp)
 +{
 +MigrationCapabilityStatusList *caps_list = g_malloc0(sizeof(*caps_list));
 +
 +caps_list-value = g_malloc(sizeof(*caps_list-value));
 +caps_list-value-capability = MIGRATION_CAPABILITY_XBZRLE;

This is missing:

caps_list-value-state = true;

 +caps_list-next = NULL;
 +
 +return caps_list;
 +}
 +
  /* shared migration helpers */
  
  static int migrate_fd_cleanup(MigrationState *s)
 diff --git a/monitor.c b/monitor.c
 index 09aa3cd..43f7df5 100644
 --- a/monitor.c
 +++ b/monitor.c
 @@ -2662,6 +2662,13 @@ static mon_cmd_t info_cmds[] = {
  .mhandler.info = hmp_info_migrate,
  },
  {
 +.name   = migration_supported_capabilities,

I'd do s/migration/migrate for all commands you're introducing.

 +.args_type  = ,
 +.params = ,
 +.help   = show migration supported capabilities,
 +.mhandler.info = hmp_info_migration_supported_capabilities,
 +},
 +{
  .name   = balloon,
  .args_type  = ,
  .params = ,
 diff --git a/qapi-schema.json b/qapi-schema.json
 index a92adb1..68d0fbb 100644
 --- a/qapi-schema.json
 +++ b/qapi-schema.json
 @@ -306,6 +306,45 @@
  { 'command': 'query-migrate', 'returns': 'MigrationInfo' }
  
  ##
 +# @MigrationCapability
 +#
 +# Migration capabilities enumeration
 +#
 +# @xbzrle: Migration supports xbzrle (Xor Based Zero Run Length Encoding).
 +#  This feature allows us to minimize migration traffic for certain 
 work
 +#  loads, by sending compressed difference of the pages
 +#
 +# Since: 1.2
 +##
 +{ 'enum': 'MigrationCapability',
 +  'data': ['xbzrle'] }
 +
 +##
 +# @MigrationCapabilityStatus
 +#
 +# Migration capability information
 +#
 +# @capability: capability enum
 +#
 +# @state: capability state bool
 +#
 +# Since: 1.2
 +##
 +{ 'type': 'MigrationCapabilityStatus',
 +  'data': { 'capability' : 'MigrationCapability', 'state' : 'bool' } }
 +
 +##
 +# @query-migration-supported-capabilities
 +#
 +# Returns information about current migration process capabilities.
 +#
 +# Returns: @MigrationCapabilityStatus list
 +#
 +# Since: 1.2
 +##

[Qemu-devel] [Bug 833658] Re: Qemu ppc does not boot Debian 3.1r8

** Tags added: ppc

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/833658

Title:
  Qemu ppc does not boot Debian 3.1r8

Status in QEMU:
  New

Bug description:
  I tried booting the official image debian-31r8-powerpc-binary-1.iso with the 
following commandline:
  qemu-system-ppc -boot d -cdrom ../debian-31r8-powerpc-binary-1.iso -hda 
hd.img. The booting process stops with CPU at 100%. I can choose to boot 
install-2.4 or install which both hangs with the last output being Loading 
ramdisk. I have also tried using the git-tree which crashes qemu with the 
message qemu/memory.c:1183: memory_region_add_subregion_common: Assertion 
`!subregion-parent' failed. before even showing anything.

  Additionally, qemu 0.14.1 shows the same behaviour but qemu 0.13 and
  0.12.5 can boot beyond the Loading ramdisk message but stops
  immediatly afterwards with a messed up console window (letters are
  pushed into another, which makes them barely readable) when using
  install. Also install-2.4 boots with 0.13 and 0.12.5 beyond the
  Loading ramdisk message but stops with the last message being now
  returning 0x0140 from prom_init.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/833658/+subscriptions

[Qemu-devel] [Bug 681613] Re: Failed to convert vmdk on MacOSX ppc

** Tags added: big-endian endian ppc

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/681613

Title:
  Failed to convert vmdk on MacOSX ppc

Status in QEMU:
  New

Bug description:
  qemu-img -O vmdk raw-file.dd vmdk-file.vmdk
  will failed with error.
  This issue will be occured on all big endian environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/681613/+subscriptions

[Qemu-devel] [Bug 623852] Re: PPC emulation loops on booting a FreeBSD kernel

** Tags added: openbios ppc

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/623852

Title:
  PPC emulation loops on booting a FreeBSD kernel

Status in QEMU:
  New

Bug description:
  Has anyone tried booting FreeBSD8.1-ppc under QEMU (Linux x86_64 host;
  PPC guest)?  I can get Linux/PPC to run fine, and FreeBSD8.1-i386 as
  well; but there seems to be a problem with whatever the FreeBSD8.1
  kernel does, that QEMU's PPC emulation can't handle.

  I am using the latest version of QEMU from GIT as of 25/8/10.  I don't
  know how to get a git commit hash, so I can't quote it.

  The kernel starts OK then loops after Kernel entry at 0x100100 

  The command I am running is

  qemu-system-ppc -cdrom FreeBSD-8.1-RELEASE-powerpc-disc1.iso -hda
  freebsd8.1-ppc -m 94 -boot d

  I obtained the kernel from
  ftp://ftp.freebsd.org/pub/FreeBSD/releases/powerpc/ISO-
  IMAGES/8.1/FreeBSD-8.1-RELEASE-powerpc-disc1.iso.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/623852/+subscriptions

[Qemu-devel] [Bug 811683] Re: 7400, 7410, 7450 cpus vector have wrong exception prefix at reset

** Tags added: exceptions ppc

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/811683

Title:
  7400,7410,7450 cpus vector have wrong exception prefix at reset

Status in QEMU:
  New

Bug description:
  I have a proprietary ROM implementing system calls that are executed
  via the 'SC' instruction.

  I use qemu-0.14.1,

  qemu-system-ppc -M prep -cpu $CPU -bios my_bios -kernel my_kernel

  That works fine on a 604 (CPU=0x00040103) - but does not on an emulated 7400 
(CPU=0x000c0209) or 7450 (CPU=0x8201). I found that the emulator jumps to 
0x0c00 instead of 0xfff00c00.
  Probably this is due to a wrong setting in target-ppc/translate_init.c:

  init_excp_604() correctly sets env-hreset_vector=0xfff0UL;

  but

  init_excp_7400() says env-hreset_vector=0xUL;

  which seems wrong. (the 7400 manual says a hard-reset jumps initializes the
  prefix to 0xfff0.)

  Likewise, init_excp_7450() (and probably other, related CPUs) are
  wrong.

  Indeed, when I change the value in init_excp_7400() to 0xfff0UL then
  everything works as expected for me.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/811683/+subscriptions

Re: [Qemu-devel] [PATCH 02/11] Add migrate-set-capabilities and query-migrate-capabilities

On Thu,  2 Aug 2012 15:44:45 +0300
Orit Wasserman owass...@redhat.com wrote:

 The management can enable/disable a capability for the next migration by using
 migrate-set-apabilities QMP command.
 The management can query the current migration capabilities using
 query-migrate-capabilities QMP command.
 The user can use migrate_set_capability and 'info migrate_capabilities' HMP
 commands.
 
 Signed-off-by: Orit Wasserman owass...@redhat.com
 Signed-off-by: Juan Quintela quint...@redhat.com
 ---
  hmp-commands.hx  |   16 +
  hmp.c|   65 
 ++
  hmp.h|2 +
  migration.c  |   46 ++
  migration.h  |2 +
  monitor.c|7 +
  qapi-schema.json |   32 ++
  qmp-commands.hx  |   49 
  8 files changed, 219 insertions(+), 0 deletions(-)
 
 diff --git a/hmp-commands.hx b/hmp-commands.hx
 index 8267237..f4c8495 100644
 --- a/hmp-commands.hx
 +++ b/hmp-commands.hx
 @@ -861,6 +861,20 @@ Set maximum tolerated downtime (in seconds) for 
 migration.
  ETEXI
  
  {
 +.name   = migrate_set_capability,
 +.args_type  = capability:s,state:b,
 +.params = capability state,
 +.help   = Enable/Disable the usage of a capability for 
 migration,
 +.mhandler.cmd = hmp_migrate_set_capability,
 +},
 +
 +STEXI
 +@item migrate_set_capability @var{capability} @var{state}
 +@findex migrate_set_capability
 +Enable/Disable the usage of a capability @var{capability} for migration.
 +ETEXI
 +
 +{
  .name   = client_migrate_info,
  .args_type  = 
 protocol:s,hostname:s,port:i?,tls-port:i?,cert-subject:s?,
  .params = protocol hostname port tls-port cert-subject,
 @@ -1419,6 +1433,8 @@ show user network stack connection states
  show migration status
  @item info migration_supported_capabilities
  show migration supported capabilities
 +@item info migrate_capabilities
 +show current migration capabilities
  @item info balloon
  show balloon information
  @item info qtree
 diff --git a/hmp.c b/hmp.c
 index 2ff71a3..463b730 100644
 --- a/hmp.c
 +++ b/hmp.c
 @@ -131,8 +131,21 @@ void hmp_info_mice(Monitor *mon)
  void hmp_info_migrate(Monitor *mon)
  {
  MigrationInfo *info;
 +MigrationCapabilityStatusList *caps, *cap;
  
  info = qmp_query_migrate(NULL);
 +caps = qmp_query_migrate_capabilities(NULL);
 +
 +/* do not display parameters during setup */
 +if (info-has_status  caps) {
 +monitor_printf(mon, capabilities: );
 +for (cap = caps; cap; cap = cap-next) {
 +monitor_printf(mon, %s: %s ,
 +   
 MigrationCapability_lookup[cap-value-capability],
 +   cap-value-state ? on : off);
 +}
 +monitor_printf(mon, \n);
 +}
  
  if (info-has_status) {
  monitor_printf(mon, Migration status: %s\n, info-status);
 @@ -159,6 +172,7 @@ void hmp_info_migrate(Monitor *mon)
  }
  
  qapi_free_MigrationInfo(info);
 +qapi_free_MigrationCapabilityStatusList(caps);
  }
  
  void hmp_info_migration_supported_capabilities(Monitor *mon)
 @@ -182,6 +196,25 @@ void hmp_info_migration_supported_capabilities(Monitor 
 *mon)
  qapi_free_MigrationCapabilityStatusList(caps_list);
  }
  
 +void hmp_info_migrate_capabilities(Monitor *mon)
 +{
 +MigrationCapabilityStatusList *caps, *cap;
 +
 +caps = qmp_query_migrate_capabilities(NULL);
 +
 +if (caps) {
 +monitor_printf(mon, capabilities: );
 +for (cap = caps; cap; cap = cap-next) {
 +monitor_printf(mon, %s: %s ,
 +   
 MigrationCapability_lookup[cap-value-capability],
 +   cap-value-state ? on : off);
 +}
 +monitor_printf(mon, \n);
 +}
 +
 +qapi_free_MigrationCapabilityStatusList(caps);
 +}
 +
  void hmp_info_cpus(Monitor *mon)
  {
  CpuInfoList *cpu_list, *cpu;
 @@ -756,6 +789,38 @@ void hmp_migrate_set_speed(Monitor *mon, const QDict 
 *qdict)
  qmp_migrate_set_speed(value, NULL);
  }
  
 +void hmp_migrate_set_capability(Monitor *mon, const QDict *qdict)
 +{
 +const char *cap = qdict_get_str(qdict, capability);
 +bool state = qdict_get_bool(qdict, state);
 +Error *err = NULL;
 +MigrationCapabilityStatusList *caps = g_malloc0(sizeof(*caps));
 +int i;
 +
 +for (i = 0; i  MIGRATION_CAPABILITY_MAX; i++) {
 +if (strcmp(cap, MigrationCapability_lookup[i]) == 0) {
 +caps-value = g_malloc0(sizeof(*caps-value));
 +caps-value-capability = i;
 +caps-value-state = state;
 +caps-next = NULL;
 +qmp_migrate_set_capabilities(caps, err);
 +break;
 +}
 +}
 +
 +if (i == MIGRATION_CAPABILITY_MAX) {
 +error_set(err, QERR_INVALID_PARAMETER, cap);
 +}
 +
 +

[Qemu-devel] [Bug 1020309] Re: qemu-system-ppc: no keyboard after savevm/loadvm

** Tags added: ppc savevm

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1020309

Title:
  qemu-system-ppc: no keyboard after savevm/loadvm

Status in QEMU:
  New

Bug description:
  Here the steps to reproduce:

  1. qemu-img create -f qcow2 test.qcow2 100M
  2. qemu-system-ppc -m 1024 -hda test.qcow2
  3. change to the console via Ctrl-Alt-2 and save a snapshot: savevm test
  4. quit
  5. start again and go to the console
  6. load the snapshot via loadvm test
  7. change back to the guest display (Ctrl-Alt-1)
  8. try to type something = no keyboard
  9. the same via console, e.g. sendkey 1 has no effect

  I tried the following branches from git:
  master, stable-1.0, stable-0.15 
  = all behave the same

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1020309/+subscriptions

[Qemu-devel] [Bug 929638] Re: qemu 1.0 unable to compile on the pandaboard ES

** Tags added: arm

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/929638

Title:
  qemu 1.0 unable to compile on the pandaboard ES

Status in QEMU:
  Incomplete

Bug description:
  root@omap:/home/mario/Scrivania/dati/os/qemu# uname -a
  Linux omap 3.1.6-x6 #1 SMP Thu Dec 22 11:17:51 UTC 2011 armv7l armv7l armv7l 
GNU/Linux

  It's running Ubuntu 11.10...

  root@omap:/home/mario/Scrivania/dati/os/qemu# ./configure --disable-kvm 
--enable-tcg-interpreter --enable-curses --enable-sdl --enable-vnc 
--enable-debug-tcg --enable-vhost-net
  Install prefix/usr/local
  BIOS directory/usr/local/share/qemu
  binary directory  /usr/local/bin
  library directory /usr/local/lib
  include directory /usr/local/include
  config directory  /usr/local/etc
  Manual directory  /usr/local/share/man
  ELF interp prefix /usr/gnemul/qemu-%M
  Source path   /home/mario/Scrivania/dati/os/qemu
  C compilergcc
  Host C compiler   gcc
  CFLAGS-O2 -g 
  QEMU_CFLAGS   -Werror -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing  -fstack-protector-all -Wendif-labels 
-Wmissing-include-dirs -Wempty-body -Wnested-externs -Wformat-security 
-Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration 
-Wold-style-definition -Wtype-limits -I/usr/include/libpng12  
  LDFLAGS   -Wl,--warn-common -g 
  make  make
  install   install
  pythonpython
  smbd  /usr/sbin/smbd
  host CPU  arm
  host big endian   no
  target list   i386-softmmu x86_64-softmmu alpha-softmmu arm-softmmu 
cris-softmmu lm32-softmmu m68k-softmmu microblaze-softmmu microblazeel-softmmu 
mips-softmmu mipsel-softmmu mips64-softmmu mips64el-softmmu ppc-softmmu 
ppcemb-softmmu ppc64-softmmu sh4-softmmu sh4eb-softmmu sparc-softmmu 
sparc64-softmmu s390x-softmmu xtensa-softmmu xtensaeb-softmmu i386-linux-user 
x86_64-linux-user alpha-linux-user arm-linux-user armeb-linux-user 
cris-linux-user m68k-linux-user microblaze-linux-user microblazeel-linux-user 
mips-linux-user mipsel-linux-user ppc-linux-user ppc64-linux-user 
ppc64abi32-linux-user sh4-linux-user sh4eb-linux-user sparc-linux-user 
sparc64-linux-user sparc32plus-linux-user unicore32-linux-user s390x-linux-user 
  tcg debug enabled yes
  Mon debug enabled no
  gprof enabled no
  sparse enabledno
  strip binariesyes
  profiler  no
  static build  no
  -Werror enabled   yes
  SDL support   yes
  curses supportyes
  curl support  no
  mingw32 support   no
  Audio drivers oss
  Extra audio cards ac97 es1370 sb16 hda
  Block whitelist   
  Mixer emulation   no
  VNC support   yes
  VNC TLS support   no
  VNC SASL support  no
  VNC JPEG support  no
  VNC PNG support   yes
  VNC threadno
  xen support   no
  brlapi supportno
  bluez  supportno
  Documentation yes
  NPTL support  yes
  GUEST_BASEyes
  PIE   no
  vde support   no
  Linux AIO support no
  ATTR/XATTR support yes
  Install blobs yes
  KVM support   no
  TCG interpreter   yes
  fdt support   no
  preadv supportyes
  fdatasync yes
  madvise   yes
  posix_madvise yes
  uuid support  no
  libcap-ng support no
  vhost-net support yes
  Trace backend nop
  Trace output file trace-pid
  spice support no
  rbd support   no
  xfsctl supportno
  nss used  no
  usb net redir no
  OpenGL supportyes
  libiscsi support  no
  build guest agent yes

  root@omap:/home/mario/Scrivania/dati/os/qemu# make
GEN   i386-softmmu/config-devices.mak
GEN   x86_64-softmmu/config-devices.mak
GEN   alpha-softmmu/config-devices.mak
GEN   arm-softmmu/config-devices.mak
GEN   cris-softmmu/config-devices.mak
GEN   lm32-softmmu/config-devices.mak
GEN   m68k-softmmu/config-devices.mak
GEN   microblaze-softmmu/config-devices.mak
GEN   microblazeel-softmmu/config-devices.mak
GEN   mips-softmmu/config-devices.mak

CCppc-softmmu/op_helper.o
CCppc-softmmu/helper.o
  /home/mario/Scrivania/dati/os/qemu/target-ppc/helper.c: In function 
‘booke206_tlb_to_page_size’:
  /home/mario/Scrivania/dati/os/qemu/target-ppc/helper.c:1296:14: error: 
variable ‘tlbncfg’ set but not used [-Werror=unused-but-set-variable]
  cc1: all warnings being treated as errors

  make[1]: *** [helper.o] Errore 1
  make: *** [subdir-ppc-softmmu] Errore 2

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/929638/+subscriptions

[Qemu-devel] [PATCH v6 3/6] monitor: Clean up fd sets on monitor disconnect

Each fd set has a boolean that keeps track of whether or not the
fd set is in use by a monitor connection.  When a monitor
disconnects, all fds that are members of an fd set with refcount
of zero are closed.  This prevents any fd leakage associated with
a client disconnect prior to using a passed fd.

v5:
 -This patch is new in v5.
 -This support addresses concerns from v4 regarding fd leakage
  if the client disconnects unexpectedly. (ebl...@redhat.com,
  kw...@redhat.com, dberra...@redhat.com)

v6:
 -No changes

Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com
---
 monitor.c |   15 +++
 1 file changed, 15 insertions(+)

diff --git a/monitor.c b/monitor.c
index 9aa9f7e..a46ef8d 100644
--- a/monitor.c
+++ b/monitor.c
@@ -2559,6 +2559,19 @@ FdsetInfoList *qmp_query_fdsets(Error **errp)
 return fdset_list;
 }
 
+static void monitor_fdsets_set_in_use(Monitor *mon, bool in_use)
+{
+mon_fdset_t *mon_fdset;
+mon_fdset_t *mon_fdset_next;
+
+QLIST_FOREACH_SAFE(mon_fdset, mon-fdsets, next, mon_fdset_next) {
+mon_fdset-in_use = in_use;
+if (!in_use) {
+monitor_fdset_cleanup(mon_fdset);
+}
+}
+}
+
 /* mon_cmds and info_cmds would be sorted at runtime */
 static mon_cmd_t mon_cmds[] = {
 #include hmp-commands.h
@@ -4763,9 +4776,11 @@ static void monitor_control_event(void *opaque, int 
event)
 data = get_qmp_greeting();
 monitor_json_emitter(mon, data);
 qobject_decref(data);
+monitor_fdsets_set_in_use(mon, true);
 break;
 case CHR_EVENT_CLOSED:
 json_message_parser_destroy(mon-mc-parser);
+monitor_fdsets_set_in_use(mon, false);
 break;
 }
 }
-- 
1.7.10.4

[Qemu-devel] [PATCH v6 5/6] block: Convert close calls to qemu_close

This patch converts all block layer close calls, that correspond
to qemu_open calls, to qemu_close.

v5:
 -This patch is new in v5. (kw...@redhat.com, ebl...@redhat.com)

v6:
 -No changes

Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com
---
 block/raw-posix.c |   24 
 block/raw-win32.c |2 +-
 block/vmdk.c  |4 ++--
 block/vpc.c   |2 +-
 block/vvfat.c |   12 ++--
 osdep.c   |5 +
 qemu-common.h |1 +
 savevm.c  |4 ++--
 8 files changed, 30 insertions(+), 24 deletions(-)

diff --git a/block/raw-posix.c b/block/raw-posix.c
index 7408a42..a172de3 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -271,7 +271,7 @@ static int raw_open_common(BlockDriverState *bs, const char 
*filename,
 out_free_buf:
 qemu_vfree(s-aligned_buf);
 out_close:
-close(fd);
+qemu_close(fd);
 return -errno;
 }
 
@@ -376,7 +376,7 @@ static void raw_close(BlockDriverState *bs)
 {
 BDRVRawState *s = bs-opaque;
 if (s-fd = 0) {
-close(s-fd);
+qemu_close(s-fd);
 s-fd = -1;
 if (s-aligned_buf != NULL)
 qemu_vfree(s-aligned_buf);
@@ -580,7 +580,7 @@ static int raw_create(const char *filename, 
QEMUOptionParameter *options)
 if (ftruncate(fd, total_size * BDRV_SECTOR_SIZE) != 0) {
 result = -errno;
 }
-if (close(fd) != 0) {
+if (qemu_close(fd) != 0) {
 result = -errno;
 }
 }
@@ -850,7 +850,7 @@ static int hdev_open(BlockDriverState *bs, const char 
*filename, int flags)
 if (fd  0) {
 bsdPath[strlen(bsdPath)-1] = '1';
 } else {
-close(fd);
+qemu_close(fd);
 }
 filename = bsdPath;
 }
@@ -889,7 +889,7 @@ static int fd_open(BlockDriverState *bs)
 last_media_present = (s-fd = 0);
 if (s-fd = 0 
 (get_clock() - s-fd_open_time) = FD_OPEN_TIMEOUT) {
-close(s-fd);
+qemu_close(s-fd);
 s-fd = -1;
 #ifdef DEBUG_FLOPPY
 printf(Floppy closed\n);
@@ -988,7 +988,7 @@ static int hdev_create(const char *filename, 
QEMUOptionParameter *options)
 else if (lseek(fd, 0, SEEK_END)  total_size * BDRV_SECTOR_SIZE)
 ret = -ENOSPC;
 
-close(fd);
+qemu_close(fd);
 return ret;
 }
 
@@ -1038,7 +1038,7 @@ static int floppy_open(BlockDriverState *bs, const char 
*filename, int flags)
 return ret;
 
 /* close fd so that we can reopen it as needed */
-close(s-fd);
+qemu_close(s-fd);
 s-fd = -1;
 s-fd_media_changed = 1;
 
@@ -1070,7 +1070,7 @@ static int floppy_probe_device(const char *filename)
 prio = 100;
 
 outc:
-close(fd);
+qemu_close(fd);
 out:
 return prio;
 }
@@ -1105,14 +1105,14 @@ static void floppy_eject(BlockDriverState *bs, bool 
eject_flag)
 int fd;
 
 if (s-fd = 0) {
-close(s-fd);
+qemu_close(s-fd);
 s-fd = -1;
 }
 fd = qemu_open(bs-filename, s-open_flags | O_NONBLOCK);
 if (fd = 0) {
 if (ioctl(fd, FDEJECT, 0)  0)
 perror(FDEJECT);
-close(fd);
+qemu_close(fd);
 }
 }
 
@@ -1173,7 +1173,7 @@ static int cdrom_probe_device(const char *filename)
 prio = 100;
 
 outc:
-close(fd);
+qemu_close(fd);
 out:
 return prio;
 }
@@ -1281,7 +1281,7 @@ static int cdrom_reopen(BlockDriverState *bs)
  * FreeBSD seems to not notice sometimes...
  */
 if (s-fd = 0)
-close(s-fd);
+qemu_close(s-fd);
 fd = qemu_open(bs-filename, s-open_flags, 0644);
 if (fd  0) {
 s-fd = -1;
diff --git a/block/raw-win32.c b/block/raw-win32.c
index 8d7838d..c56bf83 100644
--- a/block/raw-win32.c
+++ b/block/raw-win32.c
@@ -261,7 +261,7 @@ static int raw_create(const char *filename, 
QEMUOptionParameter *options)
 return -EIO;
 set_sparse(fd);
 ftruncate(fd, total_size * 512);
-close(fd);
+qemu_close(fd);
 return 0;
 }
 
diff --git a/block/vmdk.c b/block/vmdk.c
index 557dc1b..daee426 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -1258,7 +1258,7 @@ static int vmdk_create_extent(const char *filename, 
int64_t filesize,
 
 ret = 0;
  exit:
-close(fd);
+qemu_close(fd);
 return ret;
 }
 
@@ -1506,7 +1506,7 @@ static int vmdk_create(const char *filename, 
QEMUOptionParameter *options)
 }
 ret = 0;
 exit:
-close(fd);
+qemu_close(fd);
 return ret;
 }
 
diff --git a/block/vpc.c b/block/vpc.c
index 60ebf5a..c0b82c4 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -744,7 +744,7 @@ static int vpc_create(const char *filename, 
QEMUOptionParameter *options)
 }
 
  fail:
-close(fd);
+qemu_close(fd);
 return ret;
 }
 
diff --git a/block/vvfat.c b/block/vvfat.c
index 22b586a..59d3c5b 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -1105,7 +1105,7 @@ static inline void 
vvfat_close_current_file(BDRVVVFATState *s)
 if(s-current_mapping) {

[Qemu-devel] [PATCH v6 1/6] qemu-char: Add MSG_CMSG_CLOEXEC flag to recvmsg

Set the close-on-exec flag for the file descriptor received
via SCM_RIGHTS.

v4
 -This patch is new in v4 (ebl...@redhat.com)

v5
 -Fallback to FD_CLOEXEC if MSG_CMSG_CLOEXEC is not available
  (ebl...@redhat.com, stefa...@linux.vnet.ibm.com)

v6
 -Set cloexec on correct fd (ebl...@redhat.com)

Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com
---
 qemu-char.c |   12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/qemu-char.c b/qemu-char.c
index c2aaaee..ab4a928 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2238,6 +2238,9 @@ static void unix_process_msgfd(CharDriverState *chr, 
struct msghdr *msg)
 if (fd  0)
 continue;
 
+#ifndef MSG_CMSG_CLOEXEC
+qemu_set_cloexec(fd);
+#endif
 if (s-msgfd != -1)
 close(s-msgfd);
 s-msgfd = fd;
@@ -2253,6 +2256,7 @@ static ssize_t tcp_chr_recv(CharDriverState *chr, char 
*buf, size_t len)
 struct cmsghdr cmsg;
 char control[CMSG_SPACE(sizeof(int))];
 } msg_control;
+int flags = 0;
 ssize_t ret;
 
 iov[0].iov_base = buf;
@@ -2263,9 +2267,13 @@ static ssize_t tcp_chr_recv(CharDriverState *chr, char 
*buf, size_t len)
 msg.msg_control = msg_control;
 msg.msg_controllen = sizeof(msg_control);
 
-ret = recvmsg(s-fd, msg, 0);
-if (ret  0  s-is_unix)
+#ifdef MSG_CMSG_CLOEXEC
+flags |= MSG_CMSG_CLOEXEC;
+#endif
+ret = recvmsg(s-fd, msg, flags);
+if (ret  0  s-is_unix) {
 unix_process_msgfd(chr, msg);
+}
 
 return ret;
 }
-- 
1.7.10.4

[Qemu-devel] [PATCH v6 6/6] block: Enable qemu_open/close to work with fd sets

When qemu_open is passed a filename of the /dev/fdset/nnn
format (where nnn is the fdset ID), an fd with matching access
mode flags will be searched for within the specified monitor
fd set.  If the fd is found, a dup of the fd will be returned
from qemu_open.

Each fd set has a reference count.  The purpose of the reference
count is to determine if an fd set contains file descriptors that
have open dup() references that have not yet been closed.  It is
incremented on qemu_open and decremented on qemu_close.  It is
not until the refcount is zero that file desriptors in an fd set
can be closed.  If an fd set has dup() references open, then we
must keep the other fds in the fd set open in case a reopen
of the file occurs that requires an fd with a different access
mode.

Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com

v2:
 -Get rid of file_open and move dup code to qemu_open
  (kw...@redhat.com)
 -Use strtol wrapper instead of atoi (kw...@redhat.com)

v3:
 -Add note about fd leakage (ebl...@redhat.com)

v4
 -Moved patch to be later in series (lcapitul...@redhat.com)
 -Update qemu_open to check access mode flags and set flags that
  can be set (ebl...@redhat.com, kw...@redhat.com)

v5:
 -This patch was overhauled quite a bit in this version, with
  the addition of fd set and refcount support.
 -Use qemu_set_cloexec() on dup'd fd (ebl...@redhat.com)
 -Modify flags set by fcntl on dup'd fd (ebl...@redhat.com)
 -Reduce syscalls when setting flags for dup'd fd (ebl...@redhat.com)
 -Fix O_RDWR, O_RDONLY, O_WRONLY checks (ebl...@redhat.com)

v6:
 -Pass only the fd to qemu_close() and keep track of dup fds per fd
  set. (kw...@redhat.com, ebl...@redhat.com)
 -Handle refcount incr/decr in new dup_fd_add/remove fd functions.
 -Use qemu_set_cloexec() appropriately in qemu_dup() (kw...@redhat.com)
 -Simplify setting of setfl_flags in qemu_dup() (kw...@redhat.com)
 -Add preprocessor checks for F_DUPFD_CLOEXEC (ebl...@redhat.com)
 -Simplify flag checking in monitor_fdset_get_fd() (kw...@redhat.com)
---
 cutils.c  |5 +++
 monitor.c |  100 +++
 monitor.h |5 +++
 osdep.c   |  112 +
 qemu-common.h |1 +
 qemu-tool.c   |   21 +++
 6 files changed, 244 insertions(+)

diff --git a/cutils.c b/cutils.c
index 9d4c570..8b0d2bb 100644
--- a/cutils.c
+++ b/cutils.c
@@ -382,3 +382,8 @@ int qemu_parse_fd(const char *param)
 }
 return fd;
 }
+
+int qemu_parse_fdset(const char *param)
+{
+return qemu_parse_fd(param);
+}
diff --git a/monitor.c b/monitor.c
index a46ef8d..66b863f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -155,6 +155,7 @@ struct mon_fdset_t {
 int refcount;
 bool in_use;
 QLIST_HEAD(, mon_fdset_fd_t) fds;
+QLIST_HEAD(, mon_fdset_fd_t) dup_fds;
 QLIST_ENTRY(mon_fdset_t) next;
 };
 
@@ -2572,6 +2573,105 @@ static void monitor_fdsets_set_in_use(Monitor *mon, 
bool in_use)
 }
 }
 
+int monitor_fdset_get_fd(Monitor *mon, int64_t fdset_id, int flags)
+{
+mon_fdset_t *mon_fdset;
+mon_fdset_fd_t *mon_fdset_fd;
+int mon_fd_flags;
+
+if (!mon) {
+errno = ENOENT;
+return -1;
+}
+
+QLIST_FOREACH(mon_fdset, mon-fdsets, next) {
+if (mon_fdset-id != fdset_id) {
+continue;
+}
+QLIST_FOREACH(mon_fdset_fd, mon_fdset-fds, next) {
+if (mon_fdset_fd-removed) {
+continue;
+}
+
+mon_fd_flags = fcntl(mon_fdset_fd-fd, F_GETFL);
+if (mon_fd_flags == -1) {
+return -1;
+}
+
+if ((flags  O_ACCMODE) == (mon_fd_flags  O_ACCMODE)) {
+return mon_fdset_fd-fd;
+}
+}
+errno = EACCES;
+return -1;
+}
+errno = ENOENT;
+return -1;
+}
+
+int monitor_fdset_dup_fd_add(Monitor *mon, int64_t fdset_id, int dup_fd)
+{
+mon_fdset_t *mon_fdset;
+mon_fdset_fd_t *mon_fdset_fd_dup;
+
+if (!mon) {
+return -1;
+}
+
+QLIST_FOREACH(mon_fdset, mon-fdsets, next) {
+if (mon_fdset-id != fdset_id) {
+continue;
+}
+QLIST_FOREACH(mon_fdset_fd_dup, mon_fdset-dup_fds, next) {
+if (mon_fdset_fd_dup-fd == dup_fd) {
+return -1;
+}
+}
+mon_fdset_fd_dup = g_malloc0(sizeof(*mon_fdset_fd_dup));
+mon_fdset_fd_dup-fd = dup_fd;
+QLIST_INSERT_HEAD(mon_fdset-dup_fds, mon_fdset_fd_dup, next);
+mon_fdset-refcount++;
+return 0;
+}
+return -1;
+}
+
+static int _monitor_fdset_dup_fd_find(Monitor *mon, int dup_fd, bool remove)
+{
+mon_fdset_t *mon_fdset;
+mon_fdset_fd_t *mon_fdset_fd_dup;
+
+if (!mon) {
+return -1;
+}
+
+QLIST_FOREACH(mon_fdset, mon-fdsets, next) {
+QLIST_FOREACH(mon_fdset_fd_dup, mon_fdset-dup_fds, next) {
+if (mon_fdset_fd_dup-fd == dup_fd) {
+if

[Qemu-devel] [PATCH v6 2/6] qapi: Introduce add-fd, remove-fd, query-fdsets

This patch adds support that enables passing of file descriptors
to the QEMU monitor where they will be stored in specified file
descriptor sets.

A file descriptor set can be used by a client like libvirt to
store file descriptors for the same file.  This allows the
client to open a file with different access modes (O_RDWR,
O_WRONLY, O_RDONLY) and add/remove the passed fds to/from an fd
set as needed.  This will allow QEMU to (in a later patch in this
series) open and reopen the same file by dup()ing the fd in
the fd set that corresponds to the file, where the fd has the
matching access mode flag that QEMU requests.

The new QMP commands are:
  add-fd: Add a file descriptor to an fd set
  remove-fd: Remove a file descriptor from an fd set
  query-fdsets: Return information describing all fd sets

Note: These commands are not compatible with the existing getfd
and closefd QMP commands.

v5:
 -This patch is new in v5 and replaces the pass-fd QMP command
  from v4.
 -By grouping fds in fd sets, we ease managability with an fd
  set per file, addressing concerns raised in v4 about handling
  reopens and preventing fd leakage. (ebl...@redhat.com,
  kw...@redhat.com, dberra...@redhat.com)

v6
 -Make @fd optional for remove-fd (ebl...@redhat.com)
 -Make @fdset-id optional for add-fd (ebl...@redhat.com)

Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com
---
 monitor.c|  172 +-
 qapi-schema.json |  103 
 qerror.c |4 ++
 qerror.h |3 +
 qmp-commands.hx  |  126 +++
 5 files changed, 407 insertions(+), 1 deletion(-)

diff --git a/monitor.c b/monitor.c
index 49dccfe..9aa9f7e 100644
--- a/monitor.c
+++ b/monitor.c
@@ -140,6 +140,24 @@ struct mon_fd_t {
 QLIST_ENTRY(mon_fd_t) next;
 };
 
+/* file descriptor associated with a file descriptor set */
+typedef struct mon_fdset_fd_t mon_fdset_fd_t;
+struct mon_fdset_fd_t {
+int fd;
+bool removed;
+QLIST_ENTRY(mon_fdset_fd_t) next;
+};
+
+/* file descriptor set containing fds passed via SCM_RIGHTS */
+typedef struct mon_fdset_t mon_fdset_t;
+struct mon_fdset_t {
+int64_t id;
+int refcount;
+bool in_use;
+QLIST_HEAD(, mon_fdset_fd_t) fds;
+QLIST_ENTRY(mon_fdset_t) next;
+};
+
 typedef struct MonitorControl {
 QObject *id;
 JSONMessageParser parser;
@@ -176,7 +194,8 @@ struct Monitor {
 int print_calls_nr;
 #endif
 QError *error;
-QLIST_HEAD(,mon_fd_t) fds;
+QLIST_HEAD(, mon_fd_t) fds;
+QLIST_HEAD(, mon_fdset_t) fdsets;
 QLIST_ENTRY(Monitor) entry;
 };
 
@@ -2389,6 +2408,157 @@ int monitor_get_fd(Monitor *mon, const char *fdname)
 return -1;
 }
 
+static void monitor_fdset_cleanup(mon_fdset_t *mon_fdset)
+{
+mon_fdset_fd_t *mon_fdset_fd;
+mon_fdset_fd_t *mon_fdset_fd_next;
+
+if (mon_fdset-refcount != 0) {
+return;
+}
+
+QLIST_FOREACH_SAFE(mon_fdset_fd, mon_fdset-fds, next, mon_fdset_fd_next) 
{
+if (!mon_fdset-in_use || mon_fdset_fd-removed) {
+close(mon_fdset_fd-fd);
+QLIST_REMOVE(mon_fdset_fd, next);
+g_free(mon_fdset_fd);
+}
+}
+
+if (QLIST_EMPTY(mon_fdset-fds)) {
+QLIST_REMOVE(mon_fdset, next);
+g_free(mon_fdset);
+}
+}
+
+AddfdInfo *qmp_add_fd(bool has_fdset_id, int64_t fdset_id, Error **errp)
+{
+int fd;
+Monitor *mon = cur_mon;
+mon_fdset_t *mon_fdset;
+mon_fdset_fd_t *mon_fdset_fd;
+AddfdInfo *fdinfo;
+
+fd = qemu_chr_fe_get_msgfd(mon-chr);
+if (fd == -1) {
+qerror_report(QERR_FD_NOT_SUPPLIED);
+return NULL;
+}
+
+if (has_fdset_id) {
+QLIST_FOREACH(mon_fdset, mon-fdsets, next) {
+if (mon_fdset-id == fdset_id) {
+break;
+}
+}
+if (mon_fdset == NULL) {
+qerror_report(QERR_FDSET_NOT_FOUND, fdset_id);
+return NULL;
+}
+} else {
+int64_t fdset_id_prev = -1;
+mon_fdset_t *mon_fdset_cur = QLIST_FIRST(mon-fdsets);
+
+/* Use first available fdset ID */
+QLIST_FOREACH(mon_fdset, mon-fdsets, next) {
+mon_fdset_cur = mon_fdset;
+if (fdset_id_prev == mon_fdset_cur-id - 1) {
+fdset_id_prev = mon_fdset_cur-id;
+continue;
+}
+break;
+}
+
+mon_fdset = g_malloc0(sizeof(*mon_fdset));
+mon_fdset-id = fdset_id_prev + 1;
+mon_fdset-refcount = 0;
+mon_fdset-in_use = true;
+
+/* The fdset list is ordered by fdset ID */
+if (mon_fdset-id == 0) {
+QLIST_INSERT_HEAD(mon-fdsets, mon_fdset, next);
+} else if (mon_fdset-id  mon_fdset_cur-id) {
+QLIST_INSERT_BEFORE(mon_fdset_cur, mon_fdset, next);
+} else {
+QLIST_INSERT_AFTER(mon_fdset_cur, mon_fdset, next);
+}
+}
+
+mon_fdset_fd =

[Qemu-devel] [PATCH v6 4/6] block: Convert open calls to qemu_open

This patch converts all block layer open calls to qemu_open.

Note that this adds the O_CLOEXEC flag to the changed open paths
when the O_CLOEXEC macro is defined.

Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com
---
v2:
 -Convert calls to qemu_open instead of file_open (kw...@redhat.com)
 -Mention introduction of O_CLOEXEC (kw...@redhat.com)

v3-v6:
 -No changes
---
 block/raw-posix.c |   18 +-
 block/raw-win32.c |4 ++--
 block/vdi.c   |5 +++--
 block/vmdk.c  |   21 +
 block/vpc.c   |2 +-
 block/vvfat.c |4 ++--
 6 files changed, 26 insertions(+), 28 deletions(-)

diff --git a/block/raw-posix.c b/block/raw-posix.c
index 0dce089..7408a42 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -572,8 +572,8 @@ static int raw_create(const char *filename, 
QEMUOptionParameter *options)
 options++;
 }
 
-fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY,
-  0644);
+fd = qemu_open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY,
+   0644);
 if (fd  0) {
 result = -errno;
 } else {
@@ -846,7 +846,7 @@ static int hdev_open(BlockDriverState *bs, const char 
*filename, int flags)
 if ( bsdPath[ 0 ] != '\0' ) {
 strcat(bsdPath,s0);
 /* some CDs don't have a partition 0 */
-fd = open(bsdPath, O_RDONLY | O_BINARY | O_LARGEFILE);
+fd = qemu_open(bsdPath, O_RDONLY | O_BINARY | O_LARGEFILE);
 if (fd  0) {
 bsdPath[strlen(bsdPath)-1] = '1';
 } else {
@@ -903,7 +903,7 @@ static int fd_open(BlockDriverState *bs)
 #endif
 return -EIO;
 }
-s-fd = open(bs-filename, s-open_flags  ~O_NONBLOCK);
+s-fd = qemu_open(bs-filename, s-open_flags  ~O_NONBLOCK);
 if (s-fd  0) {
 s-fd_error_time = get_clock();
 s-fd_got_error = 1;
@@ -977,7 +977,7 @@ static int hdev_create(const char *filename, 
QEMUOptionParameter *options)
 options++;
 }
 
-fd = open(filename, O_WRONLY | O_BINARY);
+fd = qemu_open(filename, O_WRONLY | O_BINARY);
 if (fd  0)
 return -errno;
 
@@ -1055,7 +1055,7 @@ static int floppy_probe_device(const char *filename)
 if (strstart(filename, /dev/fd, NULL))
 prio = 50;
 
-fd = open(filename, O_RDONLY | O_NONBLOCK);
+fd = qemu_open(filename, O_RDONLY | O_NONBLOCK);
 if (fd  0) {
 goto out;
 }
@@ -1108,7 +1108,7 @@ static void floppy_eject(BlockDriverState *bs, bool 
eject_flag)
 close(s-fd);
 s-fd = -1;
 }
-fd = open(bs-filename, s-open_flags | O_NONBLOCK);
+fd = qemu_open(bs-filename, s-open_flags | O_NONBLOCK);
 if (fd = 0) {
 if (ioctl(fd, FDEJECT, 0)  0)
 perror(FDEJECT);
@@ -1158,7 +1158,7 @@ static int cdrom_probe_device(const char *filename)
 int prio = 0;
 struct stat st;
 
-fd = open(filename, O_RDONLY | O_NONBLOCK);
+fd = qemu_open(filename, O_RDONLY | O_NONBLOCK);
 if (fd  0) {
 goto out;
 }
@@ -1282,7 +1282,7 @@ static int cdrom_reopen(BlockDriverState *bs)
  */
 if (s-fd = 0)
 close(s-fd);
-fd = open(bs-filename, s-open_flags, 0644);
+fd = qemu_open(bs-filename, s-open_flags, 0644);
 if (fd  0) {
 s-fd = -1;
 return -EIO;
diff --git a/block/raw-win32.c b/block/raw-win32.c
index e4b0b75..8d7838d 100644
--- a/block/raw-win32.c
+++ b/block/raw-win32.c
@@ -255,8 +255,8 @@ static int raw_create(const char *filename, 
QEMUOptionParameter *options)
 options++;
 }
 
-fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY,
-  0644);
+fd = qemu_open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY,
+   0644);
 if (fd  0)
 return -EIO;
 set_sparse(fd);
diff --git a/block/vdi.c b/block/vdi.c
index 57325d6..c4f1529 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -653,8 +653,9 @@ static int vdi_create(const char *filename, 
QEMUOptionParameter *options)
 options++;
 }
 
-fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY | O_LARGEFILE,
-  0644);
+fd = qemu_open(filename,
+   O_WRONLY | O_CREAT | O_TRUNC | O_BINARY | O_LARGEFILE,
+   0644);
 if (fd  0) {
 return -errno;
 }
diff --git a/block/vmdk.c b/block/vmdk.c
index 18e9b4c..557dc1b 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -1161,10 +1161,9 @@ static int vmdk_create_extent(const char *filename, 
int64_t filesize,
 VMDK4Header header;
 uint32_t tmp, magic, grains, gd_size, gt_size, gt_count;
 
-fd = open(
-filename,
-O_WRONLY | O_CREAT | O_TRUNC | O_BINARY | O_LARGEFILE,
-0644);
+fd = qemu_open(filename,
+   O_WRONLY | O_CREAT | O_TRUNC | O_BINARY | O_LARGEFILE,
+   0644);
 if (fd  0) {
 return -errno;
 }
@@ -1484,15 +1483,13

[Qemu-devel] [PATCH v6 0/6] file descriptor passing using fd sets

libvirt's sVirt security driver provides SELinux MAC isolation for
Qemu guest processes and their corresponding image files.  In other
words, sVirt uses SELinux to prevent a QEMU process from opening
files that do not belong to it.

sVirt provides this support by labeling guests and resources with
security labels that are stored in file system extended attributes.
Some file systems, such as NFS, do not support the extended
attribute security namespace, and therefore cannot support sVirt
isolation.

A solution to this problem is to provide fd passing support, where
libvirt opens files and passes file descriptors to QEMU.  This,
along with SELinux policy to prevent QEMU from opening files, can
provide image file isolation for NFS files stored on the same NFS
mount.

This patch series adds the add-fd, remove-fd, and query-fdsets
QMP monitor commands, which allow file descriptors to be passed
via SCM_RIGHTS, and assigned to specified fd sets.  This allows
fd sets to be created per file with fds having, for example,
different access rights.  When QEMU needs to reopen a file with
different access rights, it can search for a matching fd in the
fd set.  Fd sets also allow for easy tracking of fds per file,
helping to prevent fd leaks.

Support is also added to the block layer to allow QEMU to dup an
fd from an fdset when the filename is of the /dev/fdset/nnn format,
where nnn is the fd set ID.

No new SELinux policy is required to prevent open of NFS files
(files with type nfs_t).  The virt_use_nfs boolean type simply
needs to be set to false, and open will be prevented (and dup will
be allowed).  For example:

# setsebool virt_use_nfs 0
# getsebool virt_use_nfs
virt_use_nfs -- off

Corey Bryant (6):
  qemu-char: Add MSG_CMSG_CLOEXEC flag to recvmsg
  qapi: Introduce add-fd, remove-fd, query-fdsets
  monitor: Clean up fd sets on monitor disconnect
  block: Convert open calls to qemu_open
  block: Convert close calls to qemu_close
  block: Enable qemu_open/close to work with fd sets

 block/raw-posix.c |   42 
 block/raw-win32.c |6 +-
 block/vdi.c   |5 +-
 block/vmdk.c  |   25 ++---
 block/vpc.c   |4 +-
 block/vvfat.c |   16 +--
 cutils.c  |5 +
 monitor.c |  287 -
 monitor.h |5 +
 osdep.c   |  117 ++
 qapi-schema.json  |  103 +++
 qemu-char.c   |   12 ++-
 qemu-common.h |2 +
 qemu-tool.c   |   21 
 qerror.c  |4 +
 qerror.h  |3 +
 qmp-commands.hx   |  126 +++
 savevm.c  |4 +-
 18 files changed, 732 insertions(+), 55 deletions(-)

-- 
1.7.10.4

Re: [Qemu-devel] [PATCH v6 1/6] qemu-char: Add MSG_CMSG_CLOEXEC flag to recvmsg



If these patches are acceptable, I'll resend and get the version history 
out of the commit message.


--
Regards,
Corey

On 08/03/2012 01:28 PM, Corey Bryant wrote:

Set the close-on-exec flag for the file descriptor received
via SCM_RIGHTS.

v4
  -This patch is new in v4 (ebl...@redhat.com)

v5
  -Fallback to FD_CLOEXEC if MSG_CMSG_CLOEXEC is not available
   (ebl...@redhat.com, stefa...@linux.vnet.ibm.com)

v6
  -Set cloexec on correct fd (ebl...@redhat.com)

Signed-off-by: Corey Bryant cor...@linux.vnet.ibm.com
---
  qemu-char.c |   12 ++--
  1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/qemu-char.c b/qemu-char.c
index c2aaaee..ab4a928 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2238,6 +2238,9 @@ static void unix_process_msgfd(CharDriverState *chr, 
struct msghdr *msg)
  if (fd  0)
  continue;

+#ifndef MSG_CMSG_CLOEXEC
+qemu_set_cloexec(fd);
+#endif
  if (s-msgfd != -1)
  close(s-msgfd);
  s-msgfd = fd;
@@ -2253,6 +2256,7 @@ static ssize_t tcp_chr_recv(CharDriverState *chr, char 
*buf, size_t len)
  struct cmsghdr cmsg;
  char control[CMSG_SPACE(sizeof(int))];
  } msg_control;
+int flags = 0;
  ssize_t ret;

  iov[0].iov_base = buf;
@@ -2263,9 +2267,13 @@ static ssize_t tcp_chr_recv(CharDriverState *chr, char 
*buf, size_t len)
  msg.msg_control = msg_control;
  msg.msg_controllen = sizeof(msg_control);

-ret = recvmsg(s-fd, msg, 0);
-if (ret  0  s-is_unix)
+#ifdef MSG_CMSG_CLOEXEC
+flags |= MSG_CMSG_CLOEXEC;
+#endif
+ret = recvmsg(s-fd, msg, flags);
+if (ret  0  s-is_unix) {
  unix_process_msgfd(chr, msg);
+}

  return ret;
  }

Re: [Qemu-devel] [PATCH 30/34] qemu-ga: switch to the new error format on the wire

2012-08-03 Thread Michael Roth

On Wed, Aug 01, 2012 at 10:02:50PM -0300, Luiz Capitulino wrote:
 IMPORTANT: this BREAKS qemu-ga compatibility for the error response.
 
 Instead of returning something like:
 
 { error: { class: InvalidParameterValue,
  data: {name: mode, expected: halt|powerdown|reboot } } 
 }
 
 qemu-ga now returns:
 
  { error: { class: GenericError,
   desc: Parameter 'mode' expects halt|powerdown|reboot } }

Specific error responses weren't part of the documented API, so I think
anything reliant on those is making invalid assumptions; there
should always be a catch-all for unknown/unexpected error
messages/error payloads.

 
 Notice that this is also a bug fix, as qemu-ga wasn't returning the
 human message.
 
 Signed-off-by: Luiz Capitulino lcapitul...@redhat.com

So, if the libvirt folks are okay with it:

Acked-by: Michael Roth mdr...@linux.vnet.ibm.com

 ---
  Makefile.objs   |  2 +-
  qapi/qmp-core.h |  1 +
  qapi/qmp-dispatch.c | 10 +-
  qemu-ga.c   |  4 ++--
  4 files changed, 13 insertions(+), 4 deletions(-)
 
 diff --git a/Makefile.objs b/Makefile.objs
 index 5ebbcfa..cbfbba5 100644
 --- a/Makefile.objs
 +++ b/Makefile.objs
 @@ -220,7 +220,7 @@ universal-obj-y += $(qapi-obj-y)
  ##
  # guest agent
 
 -qga-obj-y = qga/ qemu-ga.o module.o
 +qga-obj-y = qga/ qemu-ga.o module.o qapi-types.o qapi-visit.o
  qga-obj-$(CONFIG_WIN32) += oslib-win32.o
  qga-obj-$(CONFIG_POSIX) += oslib-posix.o qemu-sockets.o qemu-option.o
 
 diff --git a/qapi/qmp-core.h b/qapi/qmp-core.h
 index b0f64ba..00446cf 100644
 --- a/qapi/qmp-core.h
 +++ b/qapi/qmp-core.h
 @@ -49,6 +49,7 @@ void qmp_disable_command(const char *name);
  void qmp_enable_command(const char *name);
  bool qmp_command_is_enabled(const char *name);
  char **qmp_get_command_list(void);
 +QObject *qmp_build_error_object(Error *errp);
 
  #endif
 
 diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
 index 122c1a2..ec613f8 100644
 --- a/qapi/qmp-dispatch.c
 +++ b/qapi/qmp-dispatch.c
 @@ -14,6 +14,7 @@
  #include qemu-objects.h
  #include qapi/qmp-core.h
  #include json-parser.h
 +#include qapi-types.h
  #include error.h
  #include error_int.h
  #include qerror.h
 @@ -109,6 +110,13 @@ static QObject *do_qmp_dispatch(QObject *request, Error 
 **errp)
  return ret;
  }
 
 +QObject *qmp_build_error_object(Error *errp)
 +{
 +return qobject_from_jsonf({ 'class': %s, 'desc': %s },
 +  ErrorClass_lookup[error_get_class(errp)],
 +  error_get_pretty(errp));
 +}
 +
  QObject *qmp_dispatch(QObject *request)
  {
  Error *err = NULL;
 @@ -119,7 +127,7 @@ QObject *qmp_dispatch(QObject *request)
 
  rsp = qdict_new();
  if (err) {
 -qdict_put_obj(rsp, error, error_get_qobject(err));
 +qdict_put_obj(rsp, error, qmp_build_error_object(err));
  error_free(err);
  } else if (ret) {
  qdict_put_obj(rsp, return, ret);
 diff --git a/qemu-ga.c b/qemu-ga.c
 index 8199da7..f45bc61 100644
 --- a/qemu-ga.c
 +++ b/qemu-ga.c
 @@ -515,7 +515,7 @@ static void process_event(JSONMessageParser *parser, 
 QList *tokens)
  } else {
  g_warning(failed to parse event: %s, error_get_pretty(err));
  }
 -qdict_put_obj(qdict, error, error_get_qobject(err));
 +qdict_put_obj(qdict, error, qmp_build_error_object(err));
  error_free(err);
  } else {
  qdict = qobject_to_qdict(obj);
 @@ -532,7 +532,7 @@ static void process_event(JSONMessageParser *parser, 
 QList *tokens)
  qdict = qdict_new();
  g_warning(unrecognized payload format);
  error_set(err, QERR_UNSUPPORTED);
 -qdict_put_obj(qdict, error, error_get_qobject(err));
 +qdict_put_obj(qdict, error, qmp_build_error_object(err));
  error_free(err);
  }
  ret = send_response(s, QOBJECT(qdict));
 -- 
 1.7.11.2.249.g31c7954.dirty

Re: [Qemu-devel] [PATCH 30/34] qemu-ga: switch to the new error format on the wire

2012-08-03 Thread Eric Blake

On 08/03/2012 11:44 AM, Michael Roth wrote:
 On Wed, Aug 01, 2012 at 10:02:50PM -0300, Luiz Capitulino wrote:
 IMPORTANT: this BREAKS qemu-ga compatibility for the error response.

 Instead of returning something like:

 { error: { class: InvalidParameterValue,
  data: {name: mode, expected: halt|powerdown|reboot } 
 } }

 qemu-ga now returns:

  { error: { class: GenericError,
   desc: Parameter 'mode' expects halt|powerdown|reboot } }
 


 Notice that this is also a bug fix, as qemu-ga wasn't returning the
 human message.

 Signed-off-by: Luiz Capitulino lcapitul...@redhat.com
 
 So, if the libvirt folks are okay with it:

The only use libvirt made of existing qemu-ga errors was to stringify
them in order to pass on an error message to the user when a command
failed.  Existing libvirt attempts to look up the 'desc' field, and when
it is lacking, then attempts to stringify the 'class' field based on a
finite list of known classes.  Qemu is now shrinking the list of known
classes but providing a 'desc' field, so the error message quality in
libvirt will actually improve.  After reading libvirt's
src/qemu/qemu_agent.c, I don't see any problem with this patch from
libvirt's point of view.

Reviewed-by: Eric Blake ebl...@redhat.com


-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v6 5/7] add the QKeyCode enum and the key_defs table

Am 03.08.2012 15:32, schrieb Luiz Capitulino:
 On Fri,  3 Aug 2012 10:48:40 +0800
 Amos Kong ak...@redhat.com wrote:
 
 key_defs[] in monitor.c is a mapping table of keys and keycodes,
 this patch added a QKeyCode enum and a new key_defs table,
 Key's index in the enmu is same as keycode's index in new key_defs[].

 Signed-off-by: Amos Kong ak...@redhat.com
 ---
  input.c  |  146 
 ++
  qapi-schema.json |   26 ++
  2 files changed, 172 insertions(+), 0 deletions(-)

 diff --git a/input.c b/input.c
 index 6968b31..680d756 100644
 --- a/input.c
 +++ b/input.c
 @@ -37,6 +37,152 @@ static QTAILQ_HEAD(, QEMUPutMouseEntry) mouse_handlers =
  static NotifierList mouse_mode_notifiers = 
  NOTIFIER_LIST_INITIALIZER(mouse_mode_notifiers);
  
 +static const int key_defs[] = {
 
 Weird, I expected this would brake the build, as the new table is unused.

That's a side effect of 'const'.

/-F

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 30/34] qemu-ga: switch to the new error format on the wire

On Fri, 03 Aug 2012 11:56:29 -0600
Eric Blake ebl...@redhat.com wrote:

 On 08/03/2012 11:44 AM, Michael Roth wrote:
  On Wed, Aug 01, 2012 at 10:02:50PM -0300, Luiz Capitulino wrote:
  IMPORTANT: this BREAKS qemu-ga compatibility for the error response.
 
  Instead of returning something like:
 
  { error: { class: InvalidParameterValue,
   data: {name: mode, expected: halt|powerdown|reboot 
  } } }
 
  qemu-ga now returns:
 
   { error: { class: GenericError,
desc: Parameter 'mode' expects halt|powerdown|reboot } }
  
 
 
  Notice that this is also a bug fix, as qemu-ga wasn't returning the
  human message.
 
  Signed-off-by: Luiz Capitulino lcapitul...@redhat.com
  
  So, if the libvirt folks are okay with it:
 
 The only use libvirt made of existing qemu-ga errors was to stringify
 them in order to pass on an error message to the user when a command
 failed.  Existing libvirt attempts to look up the 'desc' field, and when
 it is lacking, then attempts to stringify the 'class' field based on a
 finite list of known classes.  Qemu is now shrinking the list of known
 classes but providing a 'desc' field, so the error message quality in
 libvirt will actually improve.  After reading libvirt's
 src/qemu/qemu_agent.c, I don't see any problem with this patch from
 libvirt's point of view.

Yeah, I actually have a request from Michal to do just that (add 'desc'
to qemu-ga's errors).

 
 Reviewed-by: Eric Blake ebl...@redhat.com

Re: [Qemu-devel] [PATCH 08/11] Add migrate_set_cachesize command

On Thu,  2 Aug 2012 15:44:51 +0300
Orit Wasserman owass...@redhat.com wrote:

 Change XBZRLE cache size in bytes (the size should be a power of 2, it will be
 rounded down to the nearest power of 2).
 If XBZRLE cache size is too small there will be many cache miss.
 
 New query-migrate-cache-size QMP command and 'info migrate-cache-size' HMP
 command to query cache value.
 
 Signed-off-by: Benoit Hudzia benoit.hud...@sap.com
 Signed-off-by: Petter Svard pett...@cs.umu.se
 Signed-off-by: Aidan Shribman aidan.shrib...@sap.com
 Signed-off-by: Orit Wasserman owass...@redhat.com

Apart from what Eric spotted, this looks good to me.

 ---
  arch_init.c  |   10 ++
  hmp-commands.hx  |   22 ++
  hmp.c|   19 +++
  hmp.h|2 ++
  migration.c  |   19 +++
  migration.h  |2 ++
  monitor.c|7 +++
  qapi-schema.json |   27 +++
  qmp-commands.hx  |   44 
  9 files changed, 152 insertions(+), 0 deletions(-)
 
 diff --git a/arch_init.c b/arch_init.c
 index 410ba4d..d709ccb 100644
 --- a/arch_init.c
 +++ b/arch_init.c
 @@ -189,6 +189,16 @@ static struct {
  .cache = NULL,
  };
  
 +
 +int64_t xbzrle_cache_resize(int64_t new_size)
 +{
 +if (XBZRLE.cache != NULL) {
 +return cache_resize(XBZRLE.cache, new_size / TARGET_PAGE_SIZE) *
 +TARGET_PAGE_SIZE;
 +}
 +return pow2floor(new_size);
 +}
 +
  static void save_block_hdr(QEMUFile *f, RAMBlock *block, ram_addr_t offset,
  int cont, int flag)
  {
 diff --git a/hmp-commands.hx b/hmp-commands.hx
 index f4c8495..ae98c12 100644
 --- a/hmp-commands.hx
 +++ b/hmp-commands.hx
 @@ -829,6 +829,26 @@ STEXI
  @item migrate_cancel
  @findex migrate_cancel
  Cancel the current VM migration.
 +
 +ETEXI
 +
 +{
 +.name   = migrate_set_cachesize,
 +.args_type  = value:o,
 +.params = value,
 +.help   = set cache size (in bytes) for XBZRLE migrations,
 +  the cache size will be rounded down to the nearest 
 +  power of 2.\n
 +  The cache size affects the number of cache misses.
 +  In case of a high cache miss ratio you need to 
 increase
 +   the cache size,
 +.mhandler.cmd = hmp_migrate_set_cachesize,
 +},
 +
 +STEXI
 +@item migrate_set_cachesize @var{value}
 +@findex migrate_set_cachesize
 +Set cache size to @var{value} (in bytes) for xbzrle migrations.
  ETEXI
  
  {
 @@ -1435,6 +1455,8 @@ show migration status
  show migration supported capabilities
  @item info migrate_capabilities
  show current migration capabilities
 +@item info migrate-cache-size
 +show current migration XBZRLE cache size
  @item info balloon
  show balloon information
  @item info qtree
 diff --git a/hmp.c b/hmp.c
 index 463b730..3a61da5 100644
 --- a/hmp.c
 +++ b/hmp.c
 @@ -215,6 +215,12 @@ void hmp_info_migrate_capabilities(Monitor *mon)
  qapi_free_MigrationCapabilityStatusList(caps);
  }
  
 +void hmp_info_migrate_cache_size(Monitor *mon)
 +{
 +monitor_printf(mon, xbzrel cache size: % PRId64  kbytes\n,
 +   qmp_query_migrate_cache_size(NULL)  10);
 +}
 +
  void hmp_info_cpus(Monitor *mon)
  {
  CpuInfoList *cpu_list, *cpu;
 @@ -783,6 +789,19 @@ void hmp_migrate_set_downtime(Monitor *mon, const QDict 
 *qdict)
  qmp_migrate_set_downtime(value, NULL);
  }
  
 +void hmp_migrate_set_cachesize(Monitor *mon, const QDict *qdict)
 +{
 +int64_t value = qdict_get_int(qdict, value);
 +Error *err = NULL;
 +
 +qmp_migrate_set_cache_size(value, err);
 +if (err) {
 +monitor_printf(mon, %s\n, error_get_pretty(err));
 +error_free(err);
 +return;
 +}
 +}
 +
  void hmp_migrate_set_speed(Monitor *mon, const QDict *qdict)
  {
  int64_t value = qdict_get_int(qdict, value);
 diff --git a/hmp.h b/hmp.h
 index f2a890f..0951a0e 100644
 --- a/hmp.h
 +++ b/hmp.h
 @@ -27,6 +27,7 @@ void hmp_info_mice(Monitor *mon);
  void hmp_info_migrate(Monitor *mon);
  void hmp_info_migration_supported_capabilities(Monitor *mon);
  void hmp_info_migrate_capabilities(Monitor *mon);
 +void hmp_info_migrate_cache_size(Monitor *mon);
  void hmp_info_cpus(Monitor *mon);
  void hmp_info_block(Monitor *mon);
  void hmp_info_blockstats(Monitor *mon);
 @@ -54,6 +55,7 @@ void hmp_migrate_cancel(Monitor *mon, const QDict *qdict);
  void hmp_migrate_set_downtime(Monitor *mon, const QDict *qdict);
  void hmp_migrate_set_speed(Monitor *mon, const QDict *qdict);
  void hmp_migrate_set_capability(Monitor *mon, const QDict *qdict);
 +void hmp_migrate_set_cachesize(Monitor *mon, const QDict *qdict);
  void hmp_set_password(Monitor *mon, const QDict *qdict);
  void hmp_expire_password(Monitor *mon, const QDict *qdict);
  void hmp_eject(Monitor *mon, const QDict *qdict);
 diff --git a/migration.c b/migration.c

Re: [Qemu-devel] [PATCH 17/34] qerror: drop QERR_SOCKET_CONNECT_IN_PROGRESS

2012-08-03 Thread Michael Roth

On Thu, Aug 02, 2012 at 02:08:48PM -0300, Luiz Capitulino wrote:
 On Thu, 2 Aug 2012 11:54:11 -0500
 Michael Roth mdr...@linux.vnet.ibm.com wrote:
 
  On Wed, Aug 01, 2012 at 10:02:37PM -0300, Luiz Capitulino wrote:
   This error is currently returned by inet_connect_opts(), however
   it causes the follow spurious message on HMP:
   
   (qemu) migrate tcp:0:
   migrate: Connection can not be completed immediately
   (qemu)
   
   But migration succeeds.
  
  I think the core issue is that inet_connect_opts() passes back the
  QERR_SOCKET_CONNECT_IN_PROGRESS via Error (which is fine), but that
  we have users that erroneous pass this error up the stack, when really,
  when specifying blocking=on as one of the options, they should be
  expecting and doing specific handling for this error.
 
 You're right here.
 
  So if we fix that (by simply using a local Error when doing the call and
  using error_propagate() for non QSCIP errors), I think we can basically
  drop patches 14-17 by fixing the callers in that manner and just giving 
  QSCIP
  it's own error class.
 
 I don't think QSCIP errors is something we should report to QMP clients, at
 least not for the use-case this patch is about, hence we should not have
 a specific error class for this.

But we do have internal users besides QMP, and in this case they're
interested in a specific error. What if we generalized it to EAGAIN or
something? It's seems to me a fairly reasonable exception since it's one
of the few errno-style errors that we don't generally propagate up the
stack and need to check for explicitly...

 
 As pointed out by Markus in his review, keeping the in_progress flag 
 introduced
 by patch 14/34 should be enough to drop patches 15 and 16.

Although, being an exceptional case I guess having an in_progress field
to functions would use it is reasonable...

I think I'd still prefer a class for QSCIP/EAGAIN that we could use for
socket utility functions, but I'm okay with an in_progress param.

 
  Relying on the errno result was something these socket errors were
  specifically meant to fix, since errno is set multiple times
  throughout the function and extracting an errno reliably requires
  callers to examine all the possible error paths and errno setters. So I
  think it's a regression to go back to the old behavior, and these were
  issues found in inet_connect() when we attempted to generalize it's
  usage for non-blocking connections.
 
 I'm not completely sure I agree because the new error format doesn't allow
 callers to programatically know the cause of an failure. That's what errno

Is error_get_class() not to be used for this purpose? It seems like a
good thing to allow for in the odd circumstances where we do end up
adding new error classes (unless the notion of error classes is purely
legacy support for ones that libvirt is dependent on, and new ones will
never be added?)

 callers to programatically know the cause of an failure. That's what errno
 is for, though.

But it's just simply unusable when calling into a function that has
multiple paths that can set it (or clobber it). Errno values frequently
require the context of the function that set it to do anything intelligent,
which is why QSCIP was added to remove that burden from users of
inet_connect_opts() and friends.

It's good that errors are no longer tethered to the errors
descriptions/parameters and that that has amounted to a big reduction
in the number of error classes we have, but that doesn't mean we shouldn't
be open to added new error classes in the future, where it makes sense.

But, again, an in_progress param seems like a workable compromise here, I
just think prefering this approach over new error classes may lead to
unecessary code churn in the future.

 
 But I'll drop the patch that changes inet_connect() to return errno,
 so it's not worth it to discuss this specific case.

[Qemu-devel] [PATCH v5] vnc: disable VNC password authentication (security type 2) when in FIPS mode

2012-08-03 Thread Paul Moore

FIPS 140-2 requires disabling certain ciphers, including DES, which is used
by VNC to obscure passwords when they are sent over the network.  The
solution for FIPS users is to disable the use of VNC password auth when the
host system is operating in FIPS compliance mode and the user has specified
'-enable-fips' on the QEMU command line.

This patch causes QEMU to emit a message to stderr when the host system is
running in FIPS mode and a VNC password was specified on the commend line.
If the system is not running in FIPS mode, or is running in FIPS mode but
VNC password authentication was not requested, QEMU operates normally.

Signed-off-by: Paul Moore pmo...@redhat.com

--
Changelog
* v5
- Added the '-enable-fips' command line option
* v4
- Removed the use of syslog
* v3
- Use fgetc() instead of fgets() in fips_enabled
- Only emit a syslog message if the caller tries to use VNC password auth
- Suggest alternative auth methods in the stderr notice
* v2
- Protected syslog with _WIN32
- Protected the guts of fips_enabled() with __linux__
- Converted fips_enabled() and the fips flag from int to bool
*v1
- Initial draft
---
 osdep.c |   29 +
 osdep.h |4 
 qemu-doc.texi   |8 +---
 qemu-options.hx |   11 +++
 ui/vnc.c|   10 ++
 vl.c|4 
 6 files changed, 63 insertions(+), 3 deletions(-)

diff --git a/osdep.c b/osdep.c
index 03817f0..c07faf5 100644
--- a/osdep.c
+++ b/osdep.c
@@ -24,6 +24,7 @@
 #include stdlib.h
 #include stdio.h
 #include stdarg.h
+#include stdbool.h
 #include string.h
 #include errno.h
 #include unistd.h
@@ -48,6 +49,8 @@ extern int madvise(caddr_t, size_t, int);
 #include trace.h
 #include qemu_socket.h
 
+static bool fips_enabled = false;
+
 static const char *qemu_version = QEMU_VERSION;
 
 int socket_set_cork(int fd, int v)
@@ -253,3 +256,29 @@ const char *qemu_get_version(void)
 {
 return qemu_version;
 }
+
+void fips_set_state(bool requested)
+{
+#ifdef __linux__
+if (requested) {
+FILE *fds = fopen(/proc/sys/crypto/fips_enabled, r);
+if (fds != NULL) {
+fips_enabled = (fgetc(fds) == '1');
+fclose(fds);
+}
+}
+#else
+fips_enabled = false;
+#endif /* __linux__ */
+
+#ifdef _FIPS_DEBUG
+fprintf(stderr, FIPS mode %s (requested %s)\n,
+   (fips_enabled ? enabled : disabled),
+   (requested ? enabled : disabled));
+#endif
+}
+
+bool fips_get_state(void)
+{
+return fips_enabled;
+}
diff --git a/osdep.h b/osdep.h
index 1e15a4b..d4b887d 100644
--- a/osdep.h
+++ b/osdep.h
@@ -3,6 +3,7 @@
 
 #include stdarg.h
 #include stddef.h
+#include stdbool.h
 #ifdef __OpenBSD__
 #include sys/types.h
 #include sys/signal.h
@@ -154,4 +155,7 @@ void qemu_set_cloexec(int fd);
 void qemu_set_version(const char *);
 const char *qemu_get_version(void);
 
+void fips_set_state(bool requested);
+bool fips_get_state(void);
+
 #endif
diff --git a/qemu-doc.texi b/qemu-doc.texi
index 84dad19..f482fed 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -1124,9 +1124,11 @@ the protocol limits passwords to 8 characters it should 
not be considered
 to provide high security. The password can be fairly easily brute-forced by
 a client making repeat connections. For this reason, a VNC server using 
password
 authentication should be restricted to only listen on the loopback interface
-or UNIX domain sockets. Password authentication is requested with the 
@code{password}
-option, and then once QEMU is running the password is set with the monitor. 
Until
-the monitor is used to set the password all clients will be rejected.
+or UNIX domain sockets. Password authentication is not supported when operating
+in FIPS 140-2 compliance mode as it requires the use of the DES cipher. 
Password
+authentication is requested with the @code{password} option, and then once QEMU
+is running the password is set with the monitor. Until the monitor is used to
+set the password all clients will be rejected.
 
 @example
 qemu-system-i386 [...OPTIONS...] -vnc :1,password -monitor stdio
diff --git a/qemu-options.hx b/qemu-options.hx
index dc68e15..1f114ad 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2783,6 +2783,17 @@ DEF(qtest-log, HAS_ARG, QEMU_OPTION_qtest_log,
 -qtest-log LOG  specify tracing options\n,
 QEMU_ARCH_ALL)
 
+#ifdef __linux__
+DEF(enable-fips, 0, QEMU_OPTION_enablefips,
+-enable-fipsenable FIPS 140-2 compliance\n,
+QEMU_ARCH_ALL)
+#endif
+STEXI
+@item -enable-fips
+@findex -enable-fips
+Enable FIPS 140-2 compliance mode.
+ETEXI
+
 HXCOMM This is the last statement. Insert new options before this line!
 STEXI
 @end table
diff --git a/ui/vnc.c b/ui/vnc.c
index cfc61a7..312ad7f 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -32,6 +32,7 @@
 #include acl.h
 #include qemu-objects.h
 #include qmp-commands.h
+#include osdep.h
 
 #define VNC_REFRESH_INTERVAL_BASE 30
 #define VNC_REFRESH_INTERVAL_INC  50
@@ -2875,6 +2876,15 @@ int

Re: [Qemu-devel] [RFC 00/12] Qorum disk image corruption resiliency

2012-08-03 Thread Benoît Canet

Le Friday 03 Aug 2012 à 16:14:51 (+), Blue Swirl a écrit :
 On Thu, Aug 2, 2012 at 10:16 AM, Benoît Canet benoit.ca...@gmail.com wrote:
  This patchset create a block driver implementing a qorum using three qemu 
  disk
  images. Writes are mirrored on the three files.
  For the reading part the three files are read at the same time and a vote is
  done to determine which is the majoritary qiov version. It then return this
  majoritary version to the upper layers.
  When three differents versions of the data are returned by the lower layer 
  the
  qorum is broken and the read return -EIO.
 
 It would be pretty easy to make the number of nodes and quorum
 threshold values for both read and write selectable. Then you could
 have for example 100 nodes and write quorum at 51 (for example, 49
 nodes offline). Obviously writing the same data 100 times sequentially
 would not give very high performance but it's a start.

For now the number of disk is hardcoded to 3. But most of the code is written
with a variable number of disk in mind: just quorum_open and quorum_vote would 
need
to be rewritten with a few automatic changes across the code.

Re: [Qemu-devel] [PULL 00/10] SCSI patches for 2012-08-03


On 08/03/2012 03:06 AM, Paolo Bonzini wrote:

Anthony,

The following changes since commit 5e3bc7144edd6e4fa2824944e5eb16c28197dd5a:

   Merge remote-tracking branch 'mst/tags/for_anthony' into staging (2012-07-30 
10:00:48 -0500)

are available in the git repository at:


   git://github.com/bonzini/qemu.git scsi-next

for you to fetch changes up to b71760ef6180662cc2dff1f6cf673a53508c59f1:

   scsi: add support for ATA_PASSTHROUGH_xx scsi command (2012-08-03 10:04:37 
+0200)

The main change here is re-enabling megasas, but there's also Herve's
retro HBA and a couple of random fixes.


  CCsparc-softmmu/target-sparc/mmu_helper.o
  CCsparc-softmmu/target-sparc/ldst_helper.o
  CCsparc-softmmu/target-sparc/int32_helper.o
  LINK  sparc-softmmu/qemu-system-sparc
../libhw64/hw/esp.o: In function `dc390_read_config':
/home/anthony/git/qemu/hw/esp.c:1220: undefined reference to 
`pci_default_read_config'

../libhw64/hw/esp.o: In function `dc390_write_config':
/home/anthony/git/qemu/hw/esp.c:1245: undefined reference to 
`pci_default_write_config'

collect2: ld returned 1 exit status
make[1]: *** [qemu-system-sparc] Error 1
make: *** [subdir-sparc-softmmu] Error 2

It looks like sparc does link in esp.c but doesn't support pci (at least pci.o). 
 I must admit, it's not obvious to me whether pci.o should be added to the 
sparc build or whether esp.c needs to be refactored.


Regards,

Anthony Liguori




Cong Meng (1):
   scsi: add support for ATA_PASSTHROUGH_xx scsi command

Hannes Reinecke (1):
   megasas: static SAS addresses

Hervé Poussineau (2):
   esp: add missing const on TypeInfo structures
   esp: add Tekram DC-390 emulation (PC SCSI adapter)

Paolo Bonzini (3):
   scsi-disk: fix compilation with DEBUG_SCSI
   Revert megasas: disable due to build breakage
   esp: enable for all PCI machines

Ronnie Sahlberg (2):
   SCSI: Update the sense code for PREVENT REMOVAL errors
   SCSI: STARTSTOPUNIT only eject/load media if powercondition is 0

Stefan Weil (1):
   megasas: Update function megasys_scsi_uninit

  default-configs/i386-softmmu.mak |1 -
  default-configs/pci.mak  |2 +
  hw/esp.c |  130 +-
  hw/megasas.c |   68 ++--
  hw/mfi.h |1 +
  hw/scsi-bus.c|   92 +--
  hw/scsi-defs.h   |4 +-
  hw/scsi-disk.c   |   29 +
  8 files changed, 286 insertions(+), 41 deletions(-)

[Qemu-devel] Fwd: Re: New Debian iso images

2012-08-03 Thread Nigel Horne

This is a copy of a message I've just sent to the debian-hurd mailing
list. I'm copying here in case anyone has any ideas. I'm 99% it's a
problem with GNU/Hurd rather than QEMU, but you never know and there is
a wealth of experience here which may be able to help and share ideas.

-Nigel

Original Message

I've just downloaded
http://people.debian.org/~sthibault/hurd-i386/installer/cdimage/current/debian-6.0-hurd-i386-DVD-1.iso
and tried to install it under the GIT version of QEMU. I thought you'd
like some feedback.

Here are the arguments I use:

qemu-img create hurd-20120715 4G -f qcow
qemu-system-x86_64 -drive
file=hurd-20120715,index=0,media=disk,cache=writeback,aio=native -drive
file=/d/ISO/hurd-20120715.iso,index=1,media=cdrom -boot d -net
nic,model=rtl8139 -net user,hostname=qemu.bandsman.co.uk -machine
accel=kvm,kernel_irqchip=on -cpu host -m 256 -redir tcp:2232::22

Installing using 'text install', 'automated install' or 'expert install'
loops with the message:
Unknown terminal: gnu-mach-color
Check the TERM environment variable.
Also make sure that the terminal is defined in the terminfo database.
Alternatively, set the TERMCAP environment variable to the desired
termcap entry.

'Pseudo graphical install' works (choosing British English and the UK as
the language and location and ignoring the huge number of hd2 tray open
messages) as far as network installation/configuration. That fails as
expected (see http://www.debian.org/ports/hurd/hurd-install). After I
choose 'Do not configure the network at this time' I get screen which is
all blue except for the bottom line which is black with a blinking
cursor. Nothing more happens.

'Graphical install' fails with Cannot open keyboard (No such file or
directory)

I hope this all helps. Keep up the good work!

-Nigel

[Qemu-devel] [Bug 636446] Re: prep ppc machine no more working

This has long been fixed, at least for v1.0 I believe.

** Changed in: qemu
   Status: Confirmed = Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/636446

Title:
  prep ppc machine no more working

Status in QEMU:
  Fix Released

Bug description:
  I have tried qemu from 0.11 to latest git (as of 11/09/2010), but if i
  want to use PREP PPC machine the error is the same:

  
  qemu: hardware error: PowerPC 601 / 620 / 970 need a 1MB BIOS

  CPU #0:
  NIP    LR  CTR  XER 
  MSR  HID0   HF  idx 0
  TB   DECR 
  GPR00    
  GPR04    
  GPR08    
  GPR12    
  GPR16    
  GPR20    
  GPR24    
  GPR28    
  CR   [ -  -  -  -  -  -  -  -  ] RES 
  FPR00    
  FPR04    
  FPR08    
  FPR12    
  FPR16    
  FPR20    
  FPR24    
  FPR28    
  FPSCR 
  SRR0  SRR1  SDR1 

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/636446/+subscriptions

Re: [Qemu-devel] [PULL 00/10] SCSI patches for 2012-08-03

Il 03/08/2012 21:27, Anthony Liguori ha scritto:
 On 08/03/2012 03:06 AM, Paolo Bonzini wrote:
 Anthony,

 The following changes since commit
 5e3bc7144edd6e4fa2824944e5eb16c28197dd5a:

Merge remote-tracking branch 'mst/tags/for_anthony' into staging
 (2012-07-30 10:00:48 -0500)

 are available in the git repository at:


git://github.com/bonzini/qemu.git scsi-next

 for you to fetch changes up to b71760ef6180662cc2dff1f6cf673a53508c59f1:

scsi: add support for ATA_PASSTHROUGH_xx scsi command (2012-08-03
 10:04:37 +0200)

 The main change here is re-enabling megasas, but there's also Herve's
 retro HBA and a couple of random fixes.
 
   CCsparc-softmmu/target-sparc/mmu_helper.o
   CCsparc-softmmu/target-sparc/ldst_helper.o
   CCsparc-softmmu/target-sparc/int32_helper.o
   LINK  sparc-softmmu/qemu-system-sparc
 ../libhw64/hw/esp.o: In function `dc390_read_config':
 /home/anthony/git/qemu/hw/esp.c:1220: undefined reference to
 `pci_default_read_config'
 ../libhw64/hw/esp.o: In function `dc390_write_config':
 /home/anthony/git/qemu/hw/esp.c:1245: undefined reference to
 `pci_default_write_config'
 collect2: ld returned 1 exit status
 make[1]: *** [qemu-system-sparc] Error 1
 make: *** [subdir-sparc-softmmu] Error 2
 
 It looks like sparc does link in esp.c but doesn't support pci (at least
 pci.o).  I must admit, it's not obvious to me whether pci.o should be
 added to the sparc build or whether esp.c needs to be refactored.

I think the latter.

I removed this patch and pushed the rest (commit e4b6526) at the same
location.  Blue/Herve, can you look at esp.c?

Paolo

[Qemu-devel] [PATCH v2] ahci: fix cdrom read corruption

2012-08-03 Thread Jason Baron

Hi,

While testing q35 I found data corruption on reads from the cdrom on the ahci
controller. The first patch addresses this issue. I also noticed that there is
a memory leak in the ahci code, which is addressed in the second patch.

Thanks,

-Jason


v2:
fprintf - DPRINTF (so can't be triggered by guest)
0 sglist fields


Jason Baron (2):
  ahci: Fix ahci cdrom read corruptions for reads  128k
  ahci: Fix sglist memleak in ahci_dma_rw_buf()

 dma-helpers.c |1 +
 hw/ide/ahci.c |   44 +---
 hw/ide/internal.h |1 +
 3 files changed, 39 insertions(+), 7 deletions(-)

[Qemu-devel] [PATCH 1/2 v2] ahci: Fix ahci cdrom read corruptions for reads 128k

2012-08-03 Thread Jason Baron

While testing q35, which has its cdrom attached to the ahci controller, I found
that the Fedora 17 install would panic on boot. The panic occurs while
squashfs is trying to read from the cdrom. The errors are:

[8.622711] SQUASHFS error: xz_dec_run error, data probably corrupt
[8.625180] SQUASHFS error: squashfs_read_data failed to read block
0x20be48a

I was also able to produce corrupt data reads using an installed piix based
qemu machine, using 'dd'. I found that the corruptions were only occuring when
then read size was greater than 128k. For example, the following command
results in corrupted reads:

dd if=/dev/sr0 of=/tmp/blah bs=256k iflag=direct

The  128k size reads exercise a different code path than 128k and below. In
ide_atapi_cmd_read_dma_cb() s-io_buffer_size is capped at 128k. Thus,
ide_atapi_cmd_read_dma_cb() is called a second time when the read is  128k.
However, ahci_dma_rw_buf() restart the read from offset 0, instead of at 128k.
Thus, resulting in a corrupted read.

To fix this, I've introduced 'io_buffer_offset' field in IDEState to keep
track of the offset. I've also modified ahci_populate_sglist() to take a new
3rd offset argument, so that the sglist is property initialized.

I've tested this patch using 'dd' testing, and Fedora 17 now correctly boots
and installs on q35 with the cdrom ahci controller.

Signed-off-by: Jason Baron jba...@redhat.com
Tested-by: Andreas FÃ¤rber afaer...@suse.de
---
 hw/ide/ahci.c |   41 ++---
 hw/ide/internal.h |1 +
 2 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index efea93f..de580a6 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -636,7 +636,7 @@ static void ahci_write_fis_d2h(AHCIDevice *ad, uint8_t 
*cmd_fis)
 }
 }
 
-static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist)
+static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, int offset)
 {
 AHCICmdHdr *cmd = ad-cur_cmd;
 uint32_t opts = le32_to_cpu(cmd-opts);
@@ -647,6 +647,10 @@ static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList 
*sglist)
 uint8_t *prdt;
 int i;
 int r = 0;
+int sum = 0;
+int off_idx = -1;
+int off_pos = -1;
+int tbl_entry_size;
 
 if (!sglist_alloc_hint) {
 DPRINTF(ad-port_no, no sg list given by guest: 0x%08x\n, opts);
@@ -669,10 +673,31 @@ static int ahci_populate_sglist(AHCIDevice *ad, 
QEMUSGList *sglist)
 /* Get entries in the PRDT, init a qemu sglist accordingly */
 if (sglist_alloc_hint  0) {
 AHCI_SG *tbl = (AHCI_SG *)prdt;
-
-qemu_sglist_init(sglist, sglist_alloc_hint, ad-hba-dma);
+sum = 0;
 for (i = 0; i  sglist_alloc_hint; i++) {
 /* flags_size is zero-based */
+tbl_entry_size = (le32_to_cpu(tbl[i].flags_size) + 1);
+if (offset = (sum + tbl_entry_size)) {
+off_idx = i;
+off_pos = offset - sum;
+break;
+}
+sum += tbl_entry_size;
+}
+if ((off_idx == -1) || (off_pos  0) || (off_pos  tbl_entry_size)) {
+DPRINTF(ad-port_no, %s: Incorrect offset! 
+off_idx: %d, off_pos: %d\n,
+__func__, off_idx, off_pos);
+r = -1;
+goto out;
+}
+
+qemu_sglist_init(sglist, (sglist_alloc_hint - off_idx), ad-hba-dma);
+qemu_sglist_add(sglist, le64_to_cpu(tbl[off_idx].addr + off_pos),
+le32_to_cpu(tbl[off_idx].flags_size) + 1 - off_pos);
+
+for (i = off_idx + 1; i  sglist_alloc_hint; i++) {
+/* flags_size is zero-based */
 qemu_sglist_add(sglist, le64_to_cpu(tbl[i].addr),
 le32_to_cpu(tbl[i].flags_size) + 1);
 }
@@ -745,7 +770,7 @@ static void process_ncq_command(AHCIState *s, int port, 
uint8_t *cmd_fis,
 ncq_tfs-lba, ncq_tfs-lba + ncq_tfs-sector_count - 2,
 s-dev[port].port.ifs[0].nb_sectors - 1);
 
-ahci_populate_sglist(s-dev[port], ncq_tfs-sglist);
+ahci_populate_sglist(s-dev[port], ncq_tfs-sglist, 0);
 ncq_tfs-tag = tag;
 
 switch(ncq_fis-command) {
@@ -970,7 +995,7 @@ static int ahci_start_transfer(IDEDMA *dma)
 goto out;
 }
 
-if (!ahci_populate_sglist(ad, s-sg)) {
+if (!ahci_populate_sglist(ad, s-sg, 0)) {
 has_sglist = 1;
 }
 
@@ -1015,6 +1040,7 @@ static void ahci_start_dma(IDEDMA *dma, IDEState *s,
 DPRINTF(ad-port_no, \n);
 ad-dma_cb = dma_cb;
 ad-dma_status |= BM_STATUS_DMAING;
+s-io_buffer_offset = 0;
 dma_cb(s, 0);
 }
 
@@ -1023,7 +1049,7 @@ static int ahci_dma_prepare_buf(IDEDMA *dma, int is_write)
 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
 IDEState *s = ad-port.ifs[0];
 
-ahci_populate_sglist(ad, s-sg);
+ahci_populate_sglist(ad, s-sg, 0);
 s-io_buffer_size = s-sg.size;
 
 DPRINTF(ad-port_no, len=%#x\n,

[Qemu-devel] [PATCH 2/2 v2] ahci: Fix sglist memleak in ahci_dma_rw_buf()

2012-08-03 Thread Jason Baron

I noticed that in hw/ide/ahci:ahci_dma_rw_buf() we do not free the sglist. Thus,
I've added a call to qemu_sglist_destroy() to fix this memory leak.

In addition, I've adeed a call in qemu_sglist_destroy() to 0 all of the sglist
fields, in case there is some other codepath that tries to free the sglist.

Signed-off-by: Jason Baron jba...@redhat.com
---
 dma-helpers.c |1 +
 hw/ide/ahci.c |3 +++
 2 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/dma-helpers.c b/dma-helpers.c
index 35cb500..13593d1 100644
--- a/dma-helpers.c
+++ b/dma-helpers.c
@@ -65,6 +65,7 @@ void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, 
dma_addr_t len)
 void qemu_sglist_destroy(QEMUSGList *qsg)
 {
 g_free(qsg-sg);
+memset(qsg, 0, sizeof(*qsg));
 }
 
 typedef struct {
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index de580a6..5ea3cad 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1073,6 +1073,9 @@ static int ahci_dma_rw_buf(IDEDMA *dma, int is_write)
 dma_buf_write(p, l, s-sg);
 }
 
+/* free sglist that was created in ahci_populate_sglist() */
+qemu_sglist_destroy(s-sg);
+
 /* update number of transferred bytes */
 ad-cur_cmd-status = cpu_to_le32(le32_to_cpu(ad-cur_cmd-status) + l);
 s-io_buffer_index += l;
-- 
1.7.1

Re: [Qemu-devel] [PULL 00/10] SCSI patches for 2012-08-03