Re: [Qemu-devel] [PATCH] s390: Move hw files to hw/s390x
On 25/01/13 01:18, Alexander Graf wrote: This moves all files only used by s390 system emulation to hw/s390x. Signed-off-by: Alexander Graf ag...@suse.de makes sense Acked-by: Christian Borntraeger borntrae...@de.ibm.com --- hw/s390x/Makefile.objs |2 -- hw/{ = s390x}/s390-virtio-bus.c |8 hw/{ = s390x}/s390-virtio-bus.h | 12 ++-- hw/s390x/s390-virtio-hcall.c |2 +- hw/{ = s390x}/s390-virtio.c | 10 +- hw/{ = s390x}/s390-virtio.h |0 6 files changed, 16 insertions(+), 18 deletions(-) rename hw/{ = s390x}/s390-virtio-bus.c (99%) rename hw/{ = s390x}/s390-virtio-bus.h (95%) rename hw/{ = s390x}/s390-virtio.c (98%) rename hw/{ = s390x}/s390-virtio.h (100%) diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs index f6b461b..e4ee456 100644 --- a/hw/s390x/Makefile.objs +++ b/hw/s390x/Makefile.objs @@ -1,6 +1,4 @@ obj-y = s390-virtio-bus.o s390-virtio.o - -obj-y := $(addprefix ../,$(obj-y)) obj-y += s390-virtio-hcall.o obj-y += sclp.o obj-y += event-facility.o diff --git a/hw/s390-virtio-bus.c b/hw/s390x/s390-virtio-bus.c similarity index 99% rename from hw/s390-virtio-bus.c rename to hw/s390x/s390-virtio-bus.c index 6858db0..32f63b0 100644 --- a/hw/s390-virtio-bus.c +++ b/hw/s390x/s390-virtio-bus.c @@ -17,12 +17,12 @@ * License along with this library; if not, see http://www.gnu.org/licenses/. */ -#include hw.h +#include hw/hw.h #include block/block.h #include sysemu/sysemu.h -#include boards.h +#include hw/boards.h #include monitor/monitor.h -#include loader.h +#include hw/loader.h #include elf.h #include hw/virtio.h #include hw/virtio-rng.h @@ -31,7 +31,7 @@ #include hw/sysbus.h #include sysemu/kvm.h -#include hw/s390-virtio-bus.h +#include hw/s390x/s390-virtio-bus.h #include hw/virtio-bus.h /* #define DEBUG_S390 */ diff --git a/hw/s390-virtio-bus.h b/hw/s390x/s390-virtio-bus.h similarity index 95% rename from hw/s390-virtio-bus.h rename to hw/s390x/s390-virtio-bus.h index 438b37f..4aacf83 100644 --- a/hw/s390-virtio-bus.h +++ b/hw/s390x/s390-virtio-bus.h @@ -19,12 +19,12 @@ #ifndef HW_S390_VIRTIO_BUS_H #define HW_S390_VIRTIO_BUS_H 1 -#include virtio-blk.h -#include virtio-net.h -#include virtio-rng.h -#include virtio-serial.h -#include virtio-scsi.h -#include virtio-bus.h +#include hw/virtio-blk.h +#include hw/virtio-net.h +#include hw/virtio-rng.h +#include hw/virtio-serial.h +#include hw/virtio-scsi.h +#include hw/virtio-bus.h #define VIRTIO_DEV_OFFS_TYPE 0 /* 8 bits */ #define VIRTIO_DEV_OFFS_NUM_VQ 1 /* 8 bits */ diff --git a/hw/s390x/s390-virtio-hcall.c b/hw/s390x/s390-virtio-hcall.c index d7938c0..ee62649 100644 --- a/hw/s390x/s390-virtio-hcall.c +++ b/hw/s390x/s390-virtio-hcall.c @@ -10,7 +10,7 @@ */ #include cpu.h -#include hw/s390-virtio.h +#include hw/s390x/s390-virtio.h #define MAX_DIAG_SUBCODES 255 diff --git a/hw/s390-virtio.c b/hw/s390x/s390-virtio.c similarity index 98% rename from hw/s390-virtio.c rename to hw/s390x/s390-virtio.c index 6e0f53b..a8a489d 100644 --- a/hw/s390-virtio.c +++ b/hw/s390x/s390-virtio.c @@ -21,22 +21,22 @@ * License along with this library; if not, see http://www.gnu.org/licenses/. */ -#include hw.h +#include hw/hw.h #include block/block.h #include sysemu/blockdev.h #include sysemu/sysemu.h #include net/net.h -#include boards.h +#include hw/boards.h #include monitor/monitor.h -#include loader.h +#include hw/loader.h #include hw/virtio.h #include hw/sysbus.h #include sysemu/kvm.h #include exec/address-spaces.h -#include hw/s390-virtio-bus.h +#include hw/s390x/s390-virtio-bus.h #include hw/s390x/sclp.h -#include hw/s390-virtio.h +#include hw/s390x/s390-virtio.h //#define DEBUG_S390 diff --git a/hw/s390-virtio.h b/hw/s390x/s390-virtio.h similarity index 100% rename from hw/s390-virtio.h rename to hw/s390x/s390-virtio.h
[Qemu-devel] [PATCH for-1.4?] i2c: Drop I2C_SLAVE_FROM_QDEV() macro
It is not being used in hot paths and is obsoleted by I2C_SLAVE() QOM cast macro. Clean it up using a scripted conversion, so that it doesn't get used in new code. Some of its callers were combining it with FROM_I2C_SLAVE() macro, which is equally obsolete but needs to be replaced in a type-specific way. Signed-off-by: Andreas Färber afaer...@suse.de Cc: Kuo-Jung Su dant...@faraday-tech.com --- hw/ds1338.c |2 +- hw/i2c.c |4 ++-- hw/i2c.h |1 - hw/lm832x.c |2 +- hw/max7310.c |2 +- hw/pxa2xx.c |2 +- hw/wm8750.c |2 +- 7 Dateien geändert, 7 Zeilen hinzugefügt(+), 8 Zeilen entfernt(-) diff --git a/hw/ds1338.c b/hw/ds1338.c index 3792206..6f70538 100644 --- a/hw/ds1338.c +++ b/hw/ds1338.c @@ -198,7 +198,7 @@ static int ds1338_init(I2CSlave *i2c) static void ds1338_reset(DeviceState *dev) { -DS1338State *s = FROM_I2C_SLAVE(DS1338State, I2C_SLAVE_FROM_QDEV(dev)); +DS1338State *s = FROM_I2C_SLAVE(DS1338State, I2C_SLAVE(dev)); /* The clock is running and synchronized with the host */ s-offset = 0; diff --git a/hw/i2c.c b/hw/i2c.c index 119e96b..ec314a4 100644 --- a/hw/i2c.c +++ b/hw/i2c.c @@ -92,7 +92,7 @@ int i2c_start_transfer(i2c_bus *bus, uint8_t address, int recv) QTAILQ_FOREACH(kid, bus-qbus.children, sibling) { DeviceState *qdev = kid-child; -I2CSlave *candidate = I2C_SLAVE_FROM_QDEV(qdev); +I2CSlave *candidate = I2C_SLAVE(qdev); if (candidate-address == address) { slave = candidate; break; @@ -204,7 +204,7 @@ const VMStateDescription vmstate_i2c_slave = { static int i2c_slave_qdev_init(DeviceState *dev) { -I2CSlave *s = I2C_SLAVE_FROM_QDEV(dev); +I2CSlave *s = I2C_SLAVE(dev); I2CSlaveClass *sc = I2C_SLAVE_GET_CLASS(s); return sc-init(s); diff --git a/hw/i2c.h b/hw/i2c.h index 883b5c5..0e80d5a 100644 --- a/hw/i2c.h +++ b/hw/i2c.h @@ -59,7 +59,6 @@ void i2c_nack(i2c_bus *bus); int i2c_send(i2c_bus *bus, uint8_t data); int i2c_recv(i2c_bus *bus); -#define I2C_SLAVE_FROM_QDEV(dev) DO_UPCAST(I2CSlave, qdev, dev) #define FROM_I2C_SLAVE(type, dev) DO_UPCAST(type, i2c, dev) DeviceState *i2c_create_slave(i2c_bus *bus, const char *name, uint8_t addr); diff --git a/hw/lm832x.c b/hw/lm832x.c index af49dd6..94b8ae0 100644 --- a/hw/lm832x.c +++ b/hw/lm832x.c @@ -476,7 +476,7 @@ static int lm8323_init(I2CSlave *i2c) void lm832x_key_event(DeviceState *dev, int key, int state) { -LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, I2C_SLAVE_FROM_QDEV(dev)); +LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, I2C_SLAVE(dev)); if ((s-status INT_ERROR) (s-error ERR_FIFOOVR)) return; diff --git a/hw/max7310.c b/hw/max7310.c index de2221b..c2df0b4 100644 --- a/hw/max7310.c +++ b/hw/max7310.c @@ -25,7 +25,7 @@ typedef struct { static void max7310_reset(DeviceState *dev) { -MAX7310State *s = FROM_I2C_SLAVE(MAX7310State, I2C_SLAVE_FROM_QDEV(dev)); +MAX7310State *s = FROM_I2C_SLAVE(MAX7310State, I2C_SLAVE(dev)); s-level = s-direction; s-direction = 0xff; s-polarity = 0xf0; diff --git a/hw/pxa2xx.c b/hw/pxa2xx.c index 2367c6a..373d061 100644 --- a/hw/pxa2xx.c +++ b/hw/pxa2xx.c @@ -1468,7 +1468,7 @@ PXA2xxI2CState *pxa2xx_i2c_init(hwaddr base, s = FROM_SYSBUS(PXA2xxI2CState, i2c_dev); /* FIXME: Should the slave device really be on a separate bus? */ dev = i2c_create_slave(i2c_init_bus(NULL, dummy), pxa2xx-i2c-slave, 0); -s-slave = FROM_I2C_SLAVE(PXA2xxI2CSlaveState, I2C_SLAVE_FROM_QDEV(dev)); +s-slave = FROM_I2C_SLAVE(PXA2xxI2CSlaveState, I2C_SLAVE(dev)); s-slave-host = s; return s; diff --git a/hw/wm8750.c b/hw/wm8750.c index bb85064..d3ea5ba 100644 --- a/hw/wm8750.c +++ b/hw/wm8750.c @@ -632,7 +632,7 @@ static void wm8750_fini(I2CSlave *i2c) void wm8750_data_req_set(DeviceState *dev, void (*data_req)(void *, int, int), void *opaque) { -WM8750State *s = FROM_I2C_SLAVE(WM8750State, I2C_SLAVE_FROM_QDEV(dev)); +WM8750State *s = FROM_I2C_SLAVE(WM8750State, I2C_SLAVE(dev)); s-data_req = data_req; s-opaque = opaque; } -- 1.7.10.4
[Qemu-devel] [PATCH] add fd limitations for avoiding a buffer overflow
FD_SET() and FD_CLR() are used to add and remove one descriptor from a set, the 'fd' should be less than FD_SETSIZE. Glibc will give a warning and crash the qemu when we set a fd (1024) to a set. # qemu -device virtio-net-pci,netdev=macvtap_netdev,mac=92:ff:8a:11:fe:57 -netdev tap,id=macvtap_netdev,fd=1024 1024/dev/tap4 *** buffer overflow detected ***: x86_64-softmmu/qemu-system-x86_64 terminated === Backtrace: = /lib64/libc.so.6(__fortify_fail+0x37)[0x7f842a2134a7] /lib64/libc.so.6(+0x35e9d08620)[0x7f842a211620] /lib64/libc.so.6(+0x35e9d0a417)[0x7f842a213417] x86_64-softmmu/qemu-system-x86_64(+0x1901fd)[0x7f842f09f1fd] x86_64-softmmu/qemu-system-x86_64(+0x198388)[0x7f842f0a7388] x86_64-softmmu/qemu-system-x86_64(main+0xfa9)[0x7f842ef897a9] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f842a12aa05] x86_64-softmmu/qemu-system-x86_64(+0x7ed49)[0x7f842ef8dd49] === Memory map: This patch added limitations when init tap device and set fd handler for synchronous IO. Signed-off-by: Amos Kong ak...@redhat.com --- iohandler.c |3 +++ net/tap.c |3 ++- 2 files changed, 5 insertions(+), 1 deletions(-) diff --git a/iohandler.c b/iohandler.c index 2523adc..c22edab 100644 --- a/iohandler.c +++ b/iohandler.c @@ -66,6 +66,9 @@ int qemu_set_fd_handler2(int fd, } } } else { +if (fd = FD_SETSIZE) { +return 1; +} QLIST_FOREACH(ioh, io_handlers, next) { if (ioh-fd == fd) goto found; diff --git a/net/tap.c b/net/tap.c index eb40c42..be856dd 100644 --- a/net/tap.c +++ b/net/tap.c @@ -618,7 +618,8 @@ int net_init_tap(const NetClientOptions *opts, const char *name, } fd = monitor_handle_fd_param(cur_mon, tap-fd); -if (fd == -1) { +if (fd == -1 || fd = FD_SETSIZE) { +error_report(Invalid fd : %d, fd); return -1; } -- 1.7.1
Re: [Qemu-devel] [PATCH] PPC: Move ppc specific hw emulation to hw/ppc
Am 25.01.2013 02:12, schrieb Alexander Graf: diff --git a/MAINTAINERS b/MAINTAINERS index 35c260d..3664dc8 100644 --- a/MAINTAINERS +++ b/MAINTAINERS [...] New World M: Alexander Graf ag...@suse.de L: qemu-...@nongnu.org S: Maintained -F: hw/ppc_newworld.c -F: hw/unin_pci.c -F: hw/dec_pci.[hc] +F: hw/ppc/ppc_newworld.c F: hw/ppc/mac_newworld.c +F: hw/ppc/unin_pci.c +F: hw/ppc/dec_pci.[hc] Old World M: Alexander Graf ag...@suse.de L: qemu-...@nongnu.org S: Maintained -F: hw/ppc_oldworld.c -F: hw/grackle_pci.c +F: hw/ppc/ppc_oldworld.c F: hw/ppc/mac_oldworld.c +F: hw/ppc/grackle_pci.c PReP M: Andreas FÀrber andreas.faer...@web.de My bad. I'll send you a diff to fix-up my movement patch. Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [RFC] qemu snapshot enchancement
Thanks for declaration, one more question: 3) will have a big image file, will you back up it or just leave it there, not backup for internal snapshot? Sorry, I do not understand that question. Why will I have a 'a big image file', and what do you mean by 'backup' exactly? To make data safe, I guess usually there would be two copy of image data, one is the VM used, one is on another data restore server. There are choices about how to store the data: One is do a full clone of image disk, at each time user want to protect his data. One is only do a full lone of image disk at first time, later at each time, only copy out the delta data, which is obvious better. Again, I would not mix VM backup and VM snapshots. This is something different, and it is very confusing to mix them. But yes, in general there is 'full backup', and 'incremental backup' (delta). But IMHO 'incremental backup' is not obviously better. I currently also thing about storing backups to some dedup database - then you can have full backups with space requirements of incremental backups. internal snapshot increase the image file size, for eg, after internal snapshot 10G image will become 10.1G, and it seems no way to get the 100M delta data and store it in data restore server, so you will have do a clone of 10.1G data again. So I asked whether you have done a snapshot data copy to restore server in the following. Our current backup tool always stores the current data, so any snapshot data is not contained in the backups. Note: The proposed backup patches (already sent to the list) make backups without creating internal/external snapshot. Consistency is guaranteed by using COW.
[Qemu-devel] [PATCH v2 06/20] arm: add Faraday FTMAC110 10/100Mbps ethernet support
From: Kuo-Jung Su dant...@faraday-tech.com The FTMAC110 is a high quality 10/100 Ethernet controller with DMA function. It includes an AHB wrapper, DMA engine, on-chip memories (TX FIFO and RX FIFO), MAC, and MII or RMII interface. The FTMAC110 is an Ethernet controller that provides AHB master capability and is in full compliance with the IEEE 802.3 10/100 Mbps specifications. The FTMAC110 DMA controller handles all data transfers between system memory and on-chip memories. It supports half-word data transfer for Linux. With the DMA engine, it can reduce CPU loading, maximize the performance and minimize the FIFO size. It also has on-chip memories for buffering, so an external local buffer memory is not needed. The MII or RMII interface can support two specific data rates, 10 Mbps and 100 Mbps. The functionality is identical at both data rates, as is the signal timing relationship. The only difference between 10 and 100 Mbps operations is the nominal clock frequency. It also supports Wake-On-LAN function with three wake-up events: Link status change, magic packet, and wake-up frame. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftmac110.c | 591 + hw/ftmac110.h | 131 + 2 files changed, 722 insertions(+) create mode 100644 hw/ftmac110.c create mode 100644 hw/ftmac110.h diff --git a/hw/ftmac110.c b/hw/ftmac110.c new file mode 100644 index 000..4c2c125 --- /dev/null +++ b/hw/ftmac110.c @@ -0,0 +1,591 @@ +/* + * QEMU model of the FTMAC110 Controller + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + */ + +#include sysbus.h +#include sysemu/sysemu.h +#include net/net.h + +#include faraday.h +#include ftmac110.h + +#define TYPE_FTMAC110ftmac110 + +typedef struct Ftmac110State { +SysBusDevice busdev; +MemoryRegion mmio; + +QEMUTimer *qtimer; +qemu_irq irq; +NICState *nic; +NICConf conf; + +uint32_t isr; +uint32_t ier; +uint32_t mhash[2]; +uint32_t tx_bar; +uint32_t rx_bar; +uint32_t tx_idx; +uint32_t rx_idx; +uint32_t maccr; +uint32_t macsr; +uint32_t phycr; +uint32_t phycr_rd; + +struct { +uint8_t buf[2048]; +uint32_t len; +} txbuff; + +uint32_t rx_pkt; +uint32_t rx_bcst; +uint32_t rx_mcst; +uint16_t rx_runt; +uint16_t rx_drop; +uint16_t rx_crc; +uint16_t rx_ftl; +uint32_t tx_pkt; + +} ftmac110_state; + +#define FTMAC110(obj) \ +OBJECT_CHECK(ftmac110_state, obj, TYPE_FTMAC110) + +static uint8_t bitrev8(uint8_t v) +{ +int i; +uint8_t r = 0; +for (i = 0; i 8; ++i) { +if (v (1 i)) { +r |= (1 (7 - i)); +} +} +return r; +} + +static int ftmac110_mcast_hash(int len, const uint8_t *p) +{ +#define CRCPOLY_LE 0xedb88320 +int i; +uint32_t crc = 0x; + +while (len--) { +crc ^= *p++; +for (i = 0; i 8; i++) { +crc = (crc 1) ^ ((crc 1) ? CRCPOLY_LE : 0); +} +} + +/* Reverse CRC32 and return MSB 6 bits only */ +return bitrev8(crc 24) 2; +} + +static void ftmac110_read_desc(hwaddr addr, void *desc) +{ +int i; +uint32_t *p = desc; + +cpu_physical_memory_read(addr, desc, 16); + +for (i = 0; i 16; i += 4) { +*p = le32_to_cpu(*p); +} +} + +static void ftmac110_write_desc(hwaddr addr, void *desc) +{ +int i; +uint32_t *p = desc; + +for (i = 0; i 16; i += 4) { +*p = cpu_to_le32(*p); +} + +cpu_physical_memory_write(addr, desc, 16); +} + +static void ftmac110_update_irq(ftmac110_state *s) +{ +if (s-isr s-ier) { +qemu_set_irq(s-irq, 1); +} else { +qemu_set_irq(s-irq, 0); +} +} + +static int ftmac110_can_receive(NetClientState *nc) +{ +ftmac110_state *s = FTMAC110(DO_UPCAST(NICState, nc, nc)-opaque); +ftmac110_rxdesc_t rxd; +hwaddr off = s-rx_bar + s-rx_idx * sizeof(rxd); + +if ((s-maccr (MACCR_RCV_EN | MACCR_RDMA_EN)) +!= (MACCR_RCV_EN | MACCR_RDMA_EN)) { +return 0; +} + +ftmac110_read_desc(off, rxd); + +return rxd.owner; +} + +static ssize_t ftmac110_receive(NetClientState *nc, +const uint8_t *buf, +size_t size) +{ +const uint8_t *ptr = buf; +hwaddr off; +size_t len; +ftmac110_rxdesc_t rxd; +ftmac110_state *s = FTMAC110(DO_UPCAST(NICState, nc, nc)-opaque); +int bcst, mcst; + +if ((s-maccr (MACCR_RCV_EN | MACCR_RDMA_EN)) +!= (MACCR_RCV_EN | MACCR_RDMA_EN)) { +return -1; +} + +/* if it's a broadcast */ +if ((buf[0] == 0xff) (buf[1] == 0xff) (buf[2] == 0xff) + (buf[3] == 0xff) (buf[4] == 0xff) (buf[5] == 0xff)) { +bcst = 1; +if (!(s-maccr MACCR_RCV_ALL) !(s-maccr MACCR_RX_BROADPKT)) { +
[Qemu-devel] [PATCH v2 04/20] arm: add Faraday FTDMAC020 AHB DMA support
From: Kuo-Jung Su dant...@faraday-tech.com The Faraday FTDMAC020 is designed to enhance the system performance and reduce the processor-interrupt generation. The system efficiency is improved by employing the high-speed data transfers between the system and device. The DMA controller provides eight configurable channels for the memory-to-memory, memory-to-peripheral, peripheral-to-peripheral, and peripheral-to-memory transfers with shared buffer. Each DMA channel supports chain transfer and can be programmed to one of the 16 handshaking channels in the hardware handshake mode. The main function of the hardware handshake mode is to provide an indication of the device status. Users can also disable the hardware handshake mode by programming the register when a DMA transfer is not necessary of referring to the handshaking channels. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftdmac020.c | 667 hw/ftdmac020.h | 105 + 2 files changed, 772 insertions(+) create mode 100644 hw/ftdmac020.c create mode 100644 hw/ftdmac020.h diff --git a/hw/ftdmac020.c b/hw/ftdmac020.c new file mode 100644 index 000..58b453e --- /dev/null +++ b/hw/ftdmac020.c @@ -0,0 +1,667 @@ +/* + * QEMU model of the FTDMAC020 DMA Controller + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + * + * Note: The FTDMAC020 decreasing address mode is not implemented. + */ + +#include sysbus.h +#include sysemu/sysemu.h +#include sysemu/blockdev.h + +#include ftdmac020.h + +#define TYPE_FTDMAC020ftdmac020 + +enum ftdmac020_irqpin { +IRQ_ALL = 0, +IRQ_TC, +IRQ_ERR, +}; + +typedef struct ftdmac020_state ftdmac020_state; + +/** + * struct ftdmac020_lld - hardware link list descriptor. + * @src: source physical address + * @dst: destination physical addr + * @next: phsical address to the next link list descriptor + * @ctrl: control field + * @size: transfer size + * + * should be word aligned + */ +typedef struct ftdmac020_lld { +uint32_t src; +uint32_t dst; +uint32_t next; +uint32_t ctrl; +uint32_t size; +} ftdmac020_lld; + +typedef struct ftdmac020_chan { +ftdmac020_state *chip; + +int id; +int burst; +int llp_cnt; +int src_bw; +int src_stride; +int dst_bw; +int dst_stride; + +/* HW register cache */ +uint32_t ccr; +uint32_t cfg; +uint32_t src; +uint32_t dst; +uint32_t llp; +uint32_t len; +} ftdmac020_chan; + +typedef struct ftdmac020_state { +SysBusDevice busdev; +MemoryRegion iomem; +qemu_irq irq[3]; + +ftdmac020_chan chan[8]; +qemu_irq ack[16]; +uint32_t req; + +int busy;/* Busy Channel ID */ +QEMUTimer *qtimer; + +/* HW register cache */ +uint32_t tcisr; +uint32_t eaisr; +uint32_t tcsr; +uint32_t easr; +uint32_t cesr; +uint32_t cbsr; +uint32_t csr; +uint32_t sync; +} ftdmac020_state; + +#define FTDMAC020(obj) \ +OBJECT_CHECK(ftdmac020_state, obj, TYPE_FTDMAC020) + +static void ftdmac020_update_irq(ftdmac020_state *s) +{ +uint32_t tc, err; + +/* 1. Checking TC interrupts */ +tc = s-tcisr 0xff; +qemu_set_irq(s-irq[IRQ_TC], tc ? 1 : 0); + +/* 2. Checking Error/Abort interrupts */ +err = s-eaisr 0x00ff00ff; +qemu_set_irq(s-irq[IRQ_ERR], err ? 1 : 0); + +/* 3. Checking interrupt summary (TC | Error | Abort) */ +qemu_set_irq(s-irq[IRQ_ALL], (tc || err) ? 1 : 0); +} + +static void ftdmac020_chan_ccr_decode(ftdmac020_chan *c) +{ +uint32_t tmp; + +/* 1. decode burst size */ +tmp = (c-ccr 16) 0x07; +c-burst = 1 (tmp ? tmp + 1 : 0); + +/* 2. decode source width */ +tmp = (c-ccr 11) 0x03; +c-src_bw = 8 tmp; + +/* 3. decode destination width */ +tmp = (c-ccr 8) 0x03; +c-dst_bw = 8 tmp; + +/* 4. decode source address stride */ +tmp = (c-ccr 5) 0x03; +if (tmp == 2) { +c-src_stride = 0; +} else { +c-src_stride = c-src_bw 3; +} + +/* 5. decode destination address stride */ +tmp = (c-ccr 3) 0x03; +if (tmp == 2) { +c-dst_stride = 0; +} else { +c-dst_stride = c-dst_bw 3; +} +} + +static void ftdmac020_chan_start(ftdmac020_chan *c) +{ +ftdmac020_state *s = c-chip; +hwaddr src, dst, src_len, dst_len; +int src_hs, dst_hs; +const uint8_t *src_map = NULL, *src_ptr = NULL; +uint8_t *dst_map = NULL, *dst_ptr = NULL; +uint8_t buf[4096]; +ftdmac020_lld desc; +int len = 0; + +if (!(c-ccr 0x01)) { +return; +} + +s-busy = c-id; + +/* DMA src/dst address */ +src = c-src; +dst = c-dst; +/* DMA hardware handshake id */ +src_hs = (c-cfg 0x0080) ? ((c-cfg 3) 0x0f) : -1; +dst_hs = (c-cfg 0x2000) ? ((c-cfg 9) 0x0f) : -1; +/* DMA src/dst data length */ +src_len = c-src_stride
[Qemu-devel] [PATCH v2 01/20] arm: add Faraday a36x SoC platform support
From: Kuo-Jung Su dant...@faraday-tech.com The Faraday A360/A369 EVB is a Faraday platform main board used for the Faraday IP functional verification based on the well-known ARM AMBA 2.0 architecture. This main board provides a fully verified microprocessor platform, ATA-II, OTG 2.0 and USB 2.0 host connectivity. Faraday A360 EVB provides the on-board DDR2-SODIMM (256 MB), NAND Flash (128 MB), USB2.0 interface, two PCI Express interfaces, two I2C interfaces, two SSP ports, Secure Digital interface, and a 12-bit A/D converter in addition to many other features. Faraday A369 EVB provides the on-board DDR2-SODIMM (512 MB), NAND Flash (256 MB), SPI Flash ROM (16 MB), I2C EPROM, Giga-bit Ethernet, IDE, SATA host, OTG 2.0 and USB 2.0 host connectors, video output interface, TV encoder for video output, LCD controller interface, SD/MMC card reader interface, I2S codec, UART(X2), Multi-ICE, 80 ports, and an AHB extension bus. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/a360.c| 271 +++ hw/a369.c| 581 ++ hw/arm/Makefile.objs |6 + hw/faraday.h | 21 ++ 4 files changed, 879 insertions(+) create mode 100644 hw/a360.c create mode 100644 hw/a369.c create mode 100644 hw/faraday.h diff --git a/hw/a360.c b/hw/a360.c new file mode 100644 index 000..cb0a588 --- /dev/null +++ b/hw/a360.c @@ -0,0 +1,271 @@ +/* + * Faraday A360 Evalution Board + * + * Copyright (c) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This code is licensed under GNU GPL v2. + */ + +#include sysbus.h +#include arm-misc.h +#include devices.h +#include net/net.h +#include sysemu/sysemu.h +#include sysemu/blockdev.h +#include exec/address-spaces.h +#include i2c.h +#include boards.h +#include flash.h +#include serial.h +#include ssi.h +#include faraday.h + +typedef struct A360State { +ARMCPU *cpu; +DeviceState *hdma;/* AHB DMA */ +DeviceState *pdma;/* APB DMA */ + +MemoryRegion *as; +MemoryRegion *ram; + +i2c_bus *i2c[2]; + +struct { +MemoryRegion iomem; +} pmu; +} a360_state; + +/* PMU block */ +static uint64_t +a360_pmu_read(void *opaque, hwaddr addr, unsigned size) +{ +uint64_t ret = 0; + +switch (addr) { +case 0x30: +ret = 27 3; +break; +} + +return ret; +} + +static void +a360_pmu_write(void *opaque, hwaddr addr, uint64_t val, unsigned size) +{ +} + +static const MemoryRegionOps a360_pmu_ops = { +.read = a360_pmu_read, +.write = a360_pmu_write, +.endianness = DEVICE_LITTLE_ENDIAN, +}; + +static int +a360_pmu_init(a360_state *s, hwaddr base) +{ +MemoryRegion *iomem = s-pmu.iomem; +memory_region_init_io(iomem, a360_pmu_ops, s, a360_pmu, 0x1000); +memory_region_add_subregion(s-as, base, iomem); +return 0; +} + +/* Board init. */ +static void +a360_device_init(a360_state *s) +{ +qemu_irq *pic; +qemu_irq ack, req; +qemu_irq cs_line; +DeviceState *ds; +int i, done_nic = 0, nr_flash = 1; +SSIBus *spi; +DeviceState *fl; + +/* Interrupt Controller */ +pic = ftintc020_init(0x9880, s-cpu); + +/* Timer */ +ds = qdev_create(NULL, fttmr010); +qdev_prop_set_uint32(ds, freq, 66 * 100); +qdev_init_nofail(ds); +sysbus_mmio_map(SYS_BUS_DEVICE(ds), 0, 0x9840); +sysbus_connect_irq(SYS_BUS_DEVICE(ds), 0, pic[42]); +sysbus_connect_irq(SYS_BUS_DEVICE(ds), 1, pic[19]); +sysbus_connect_irq(SYS_BUS_DEVICE(ds), 2, pic[14]); +sysbus_connect_irq(SYS_BUS_DEVICE(ds), 3, pic[15]); + +/* Serial (FTUART010 which is 16550A compatible) */ +if (serial_hds[0]) { +serial_mm_init(s-as, + 0x9820, + 2, + pic[10], + 18432000 / 16, + serial_hds[0], + DEVICE_LITTLE_ENDIAN); +} +if (serial_hds[1]) { +serial_mm_init(s-as, + 0x9830, + 2, + pic[11], + 18432000 / 16, + serial_hds[1], + DEVICE_LITTLE_ENDIAN); +} + +/* pmu */ +a360_pmu_init(s, 0x9810); + +/* ftdmac020 */ +s-hdma = sysbus_create_varargs(ftdmac020, +0x9040, +pic[21], /* ALL */ +pic[40], /* TC */ +pic[41], /* ERR */ +NULL); + +/* ftapbbrg020 */ +s-pdma = sysbus_create_simple(ftapbbrg020, 0x9050, pic[24]); + +/* ftsdc010 */ +ds = sysbus_create_simple(ftsdc010, 0x9070, pic[5]); +ack = qdev_get_gpio_in(ds, 0); +req = qdev_get_gpio_in(s-hdma, 0); +qdev_connect_gpio_out(s-hdma, 0, ack); +qdev_connect_gpio_out(ds, 0, req); + +
[Qemu-devel] [PATCH v2 03/20] arm: add Faraday FTAPBBRG020 APB DMA support
From: Kuo-Jung Su dant...@faraday-tech.com The FTAPBBRG020 supports the DMA functions for the AHB-to-AHB, AHB-to-APB, APB-to-AHB, and APB-to-APB transactions. The DMA engine can support up to 4 DMA channels (A, B, C, and D) and 15 handshaking channels. A DMA channel granted by the arbiter block is the only channel starts transfers. Each DMA channel can be programmed to one of the 15 handshaking channels in the hardware handshake mode to act as the source device or act as the destination device. The main function of the hardware handshake mode is to provide an indication of the device status. Users can also disable the hardware handshake mode by programming the register when a DMA transfer is not necessary of referring to the handshaking channels. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftapbbrg020.c | 502 ++ hw/ftapbbrg020.h | 41 + 2 files changed, 543 insertions(+) create mode 100644 hw/ftapbbrg020.c create mode 100644 hw/ftapbbrg020.h diff --git a/hw/ftapbbrg020.c b/hw/ftapbbrg020.c new file mode 100644 index 000..e32b022 --- /dev/null +++ b/hw/ftapbbrg020.c @@ -0,0 +1,502 @@ +/* + * QEMU model of the FTAPBBRG020 DMA Controller + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + * + * Note: The FTAPBBRG020 DMA decreasing address mode is not implemented. + */ + +#include sysbus.h +#include sysemu/sysemu.h +#include sysemu/blockdev.h + +#include ftapbbrg020.h + +#define TYPE_FTAPBBRG020ftapbbrg020 + +typedef struct ftapbbrg020_state ftapbbrg020_state; + +typedef struct ftapbbrg020_chan { +ftapbbrg020_state *chip; + +int id; +int burst; +int src_bw; +int src_stride; +int dst_bw; +int dst_stride; + +/* HW register caches */ +uint32_t src; +uint32_t dst; +uint32_t len; +uint32_t cmd; +} ftapbbrg020_chan; + +typedef struct ftapbbrg020_state { +SysBusDevice busdev; +MemoryRegion iomem; +qemu_irq irq; + +ftapbbrg020_chan chan[4]; +qemu_irq ack[16]; +uint32_t req; + +int busy;/* Busy Channel ID */ +QEMUTimer *qtimer; +} ftapbbrg020_state; + +#define FTAPBBRG020(obj) \ +OBJECT_CHECK(ftapbbrg020_state, obj, TYPE_FTAPBBRG020) + +static uint32_t ftapbbrg020_get_isr(ftapbbrg020_state *s) +{ +int i; +uint32_t isr = 0; +ftapbbrg020_chan *chan; + +for (i = 0; i 4; ++i) { +chan = s-chan + i; +isr |= (chan-cmd CMD_INTR_STATUS); +} + +return isr; +} + +static void ftapbbrg020_update_irq(ftapbbrg020_state *s) +{ +uint32_t isr = ftapbbrg020_get_isr(s); + +qemu_set_irq(s-irq, isr ? 1 : 0); +} + +static void ftapbbrg020_chan_cmd_decode(ftapbbrg020_chan *c) +{ +uint32_t tmp; + +/* 1. decode burst size */ +c-burst = (c-cmd CMD_BURST4) ? 4 : 1; + +/* 2. decode source/destination width */ +tmp = (c-cmd 20) 0x03; +if (tmp 2) { +tmp = 2; +} +c-src_bw = c-dst_bw = 8 (2 - tmp); + +/* 3. decode source address stride */ +switch ((c-cmd 8) 0x03) { +case 0: +c-src_stride = 0; +break; +case 1: +c-src_stride = c-src_bw 3; +break; +case 2: +c-src_stride = 2 * (c-src_bw 3); +break; +case 3: +c-src_stride = 4 * (c-src_bw 3); +break; +} + +/* 4. decode destination address stride */ +switch ((c-cmd 12) 0x03) { +case 0: +c-dst_stride = 0; +break; +case 1: +c-dst_stride = c-dst_bw 3; +break; +case 2: +c-dst_stride = 2 * (c-dst_bw 3); +break; +case 3: +c-dst_stride = 4 * (c-dst_bw 3); +break; +} +} + +static void ftapbbrg020_chan_start(ftapbbrg020_chan *c) +{ +ftapbbrg020_state *s = c-chip; +hwaddr src, dst, src_len, dst_len; +const uint8_t *src_map = NULL, *src_ptr = NULL; +uint8_t *dst_map = NULL, *dst_ptr = NULL; +uint8_t buf[4096]; +int src_hs = 0, dst_hs = 0, len = 0; + +if (!(c-cmd CMD_START)) { +return; +} + +s-busy = c-id; + +/* DMA src/dst address */ +src = c-src; +dst = c-dst; +/* DMA hardware handshake id */ +src_hs = (c-cmd 24) 0xf; +dst_hs = (c-cmd 16) 0xf; +/* DMA src/dst data length */ +src_len = c-src_stride ? (c-len * (c-src_bw 3)) : (c-src_bw 3); +dst_len = c-dst_stride ? (c-len * (c-dst_bw 3)) : (c-dst_bw 3); +if (!cpu_physical_memory_is_io(c-src)) { +src_map = src_ptr = cpu_physical_memory_map(c-src, src_len, 0); +} +if (!cpu_physical_memory_is_io(c-dst)) { +dst_map = dst_ptr = cpu_physical_memory_map(c-dst, dst_len, 1); +} + +while (c-len 0) { +/* + * Postpone this DMA action + * if the corresponding dma request is not asserted + */ +if (src_hs !(s-req (1 src_hs))) { +break; +
[Qemu-devel] [PATCH v2 15/20] arm: add Faraday FTWDT010 watchdog timer support
From: Kuo-Jung Su dant...@faraday-tech.com The FTWDT010 is used to prevent system from infinite loop while software gets trapped in the deadlock. Under the normal operation, users should restart FTWDT010 at the regular intervals before counter counts down to 0. If the counter does reach 0, FTWDT010 will try to reset the system by generating one or a combination of signals, system reset, system interrupt, and external interrupt. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftwdt010.c | 213 + 1 file changed, 213 insertions(+) create mode 100644 hw/ftwdt010.c diff --git a/hw/ftwdt010.c b/hw/ftwdt010.c new file mode 100644 index 000..3620f61 --- /dev/null +++ b/hw/ftwdt010.c @@ -0,0 +1,213 @@ +/* + * QEMU model of the FTWDT010 WatchDog Timer + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + */ + +#include sysbus.h +#include sysemu/sysemu.h +#include qemu/timer.h + +/* Hardware registers */ +#define REG_COUNTER 0x00/* counter register */ +#define REG_LOAD0x04/* (re)load register */ +#define REG_RESTART 0x08/* restart register */ +#define REG_CR 0x0C/* control register */ +#define REG_SR 0x10/* status register */ +#define REG_SCR 0x14/* status clear register */ +#define REG_INTR_LEN0x18/* interrupt length register */ +#define REG_REV 0x1C + +#define TYPE_FTWDT010 ftwdt010 + +typedef struct Ftwdt010State { +SysBusDevice busdev; +MemoryRegion mmio; + +qemu_irq irq; + +QEMUTimer *qtimer; + +uint64_t timeout; +uint32_t load; +uint32_t cr; +uint32_t sr; + +uint32_t freq;/* desired source clock */ +uint32_t step;/* get_ticks_per_sec() / freq */ +int running; +} ftwdt010_state; + +#define FTWDT010(obj) \ +OBJECT_CHECK(ftwdt010_state, obj, TYPE_FTWDT010) + +static uint64_t ftwdt010_mem_read(void *opaque, hwaddr addr, unsigned size) +{ +ftwdt010_state *s = FTWDT010(opaque); +uint32_t rc = 0; + +switch (addr) { +case REG_COUNTER: +if (s-cr 0x01) { +return (s-timeout - qemu_get_clock_ns(vm_clock)) / s-step; +} else { +return s-load; +} +case REG_LOAD: +return s-load; +case REG_CR: +return s-cr; +case REG_SR: +return s-sr; +case REG_REV: +return 0x00010601; +default: +break; +} + +return rc; +} + +static void ftwdt010_mem_write(void*opaque, + hwaddr addr, + uint64_t val, + unsigned size) +{ +ftwdt010_state *s = FTWDT010(opaque); + +switch (addr) { +case REG_LOAD: +s-load = (uint32_t)val; +break; +case REG_RESTART: +if ((s-cr 0x01) (val == 0x5ab9)) { +s-timeout = (uint64_t)s-step * (uint64_t)s-load ++ qemu_get_clock_ns(vm_clock); +qemu_mod_timer(s-qtimer, s-timeout); +} +break; +case REG_CR: +s-cr = (uint32_t)val; +if (s-cr 0x01) { +if (!s-running) { +s-running = 1; +s-timeout = (uint64_t)s-step * (uint64_t)s-load ++ qemu_get_clock_ns(vm_clock); +qemu_mod_timer(s-qtimer, s-timeout); +} +} else { +s-running = 0; +qemu_del_timer(s-qtimer); +} +break; +case REG_SCR: +s-sr = ~(uint32_t)(val 0x01); +break; +default: +break; +} +} + +static const MemoryRegionOps ftwdt010_ops = { +.read = ftwdt010_mem_read, +.write = ftwdt010_mem_write, +.endianness = DEVICE_LITTLE_ENDIAN, +.valid = { +.min_access_size = 4, +.max_access_size = 4 +} +}; + +static void ftwdt010_timer_tick(void *opaque) +{ +ftwdt010_state *s = FTWDT010(opaque); + +s-sr = 1; + +/* send interrupt signal */ +qemu_set_irq(s-irq, (s-cr (1 2)) ? 1 : 0); + +/* send system reset */ +if (s-cr (1 1)) { +qemu_system_reset_request(); +} +} + +static void ftwdt010_reset(DeviceState *ds) +{ +SysBusDevice *busdev = SYS_BUS_DEVICE(ds); +ftwdt010_state *s = FTWDT010(FROM_SYSBUS(ftwdt010_state, busdev)); + +s-cr = 0; +s-sr = 0; +s-load= 0x3ef1480; +s-timeout = 0; +} + +static int ftwdt010_init(SysBusDevice *dev) +{ +ftwdt010_state *s = FTWDT010(FROM_SYSBUS(ftwdt010_state, dev)); + +s-step = (uint64_t)get_ticks_per_sec() / (uint64_t)s-freq; +s-qtimer = qemu_new_timer_ns(vm_clock, ftwdt010_timer_tick, s); + +memory_region_init_io(s-mmio, + ftwdt010_ops, + s, + TYPE_FTWDT010, + 0x1000); +
[Qemu-devel] [PATCH v2 10/20] arm: add Faraday FTSDC010 MMC/SD controller support
From: Kuo-Jung Su dant...@faraday-tech.com The FTSDC010 functions as the master in an SD memory card interface. It controls the communication between the AHB/APB bus and the SD card. Its core supports the SD bus of the SD/SDIO operations and the MMC bus of the MMC operation as well. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftsdc010.c | 363 + hw/ftsdc010.h | 88 ++ 2 files changed, 451 insertions(+) create mode 100644 hw/ftsdc010.c create mode 100644 hw/ftsdc010.h diff --git a/hw/ftsdc010.c b/hw/ftsdc010.c new file mode 100644 index 000..36a6ed3 --- /dev/null +++ b/hw/ftsdc010.c @@ -0,0 +1,363 @@ +/* + * QEMU model of the FTSDC010 MMC/SD Host Controller + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + */ + +#include sysbus.h +#include sysemu/sysemu.h +#include sysemu/blockdev.h +#include sd.h + +#include ftsdc010.h + +#define TYPE_FTSDC010 ftsdc010 + +typedef struct Ftsdc010State { +SysBusDevice busdev; +MemoryRegion iomem; +SDState *card; +qemu_irq irq; + +/* DMA hardware handshake */ +qemu_irq req; + +uint32_t datacnt; + +/* HW register cache */ +uint32_t cmd; +uint32_t arg; +uint32_t rsp[4]; +uint32_t rspcmd; +uint32_t dcr; +uint32_t dtr; +uint32_t dlr; +uint32_t status; +uint32_t ier; +uint32_t pwr; +uint32_t clk; +} ftsdc010_state; + +#define FTSDC010(obj) \ +OBJECT_CHECK(ftsdc010_state, obj, TYPE_FTSDC010) + +static void ftsdc010_update_irq(ftsdc010_state *s) +{ +if (s-ier s-status) { +qemu_set_irq(s-irq, 1); +} else { +qemu_set_irq(s-irq, 0); +} +} + +static void ftsdc010_handle_ack(void *opaque, int line, int level) +{ +ftsdc010_state *s = FTSDC010(opaque); + +if (!(s-dcr DCR_DMA)) { +return; +} + +if (level) { +qemu_set_irq(s-req, 0); +} else if (s-datacnt 0) { +qemu_set_irq(s-req, 1); +} +} + +static void ftsdc010_send_command(ftsdc010_state *s) +{ +SDRequest request; +uint8_t response[16]; +int rlen; + +request.cmd = s-cmd CMD_IDX; +request.arg = s-arg; + +rlen = sd_do_command(s-card, request, response); +if (rlen 0) { +goto error; +} +if (s-cmd CMD_WAIT_RSP) { +#define RWORD(n) ((response[n] 24) | (response[n + 1] 16) \ + | (response[n + 2] 8) | response[n + 3]) +if (rlen == 0 || (rlen == 4 (s-cmd CMD_LONG_RSP))) { +goto error; +} +if (rlen != 4 rlen != 16) { +goto error; +} +if (rlen == 4) { +s-rsp[0] = RWORD(0); +s-rsp[1] = s-rsp[2] = s-rsp[3] = 0; +} else { +s-rsp[3] = RWORD(0); +s-rsp[2] = RWORD(4); +s-rsp[1] = RWORD(8); +s-rsp[0] = RWORD(12) ~1; +} +s-rspcmd = (s-cmd CMD_IDX); +s-rspcmd |= (s-cmd 0x100) ? (1 6) : 0; +s-status |= STR_RSP; +#undef RWORD +} else { +s-status |= STR_CMD; +} + +if ((s-dcr DCR_DMA) (s-datacnt 0)) { +qemu_set_irq(s-req, 1); +} + +return; + +error: +s-status |= STR_RSP_TIMEOUT; +} + +static void ftsdc010_chip_reset(ftsdc010_state *s) +{ +s-cmd = 0; +s-arg = 0; +s-rsp[0] = 0; +s-rsp[1] = 0; +s-rsp[2] = 0; +s-rsp[3] = 0; +s-rspcmd = 0; +s-dcr = 0; +s-dtr = 0; +s-dlr = 0; +s-datacnt = 0; +s-status = ~(STR_CARD_REMOVED | STR_WPROT); +s-status |= STR_TXRDY | STR_RXRDY; +s-ier = 0; +s-pwr = 0; +s-clk = 0; +} + +static uint64_t ftsdc010_mem_read(void *opaque, hwaddr addr, unsigned size) +{ +ftsdc010_state *s = FTSDC010(opaque); +uint32_t ret = 0; + +switch (addr) { +case REG_STR: +return s-status; +case REG_DWR: +if (!(s-dcr DCR_WR) (s-datacnt 0)) { +ret = sd_read_data(s-card) +| sd_read_data(s-card) 8 +| sd_read_data(s-card) 16 +| sd_read_data(s-card) 24; +s-datacnt -= 4; +if (s-datacnt = 0) { +s-status |= STR_DAT_END; +} +s-status |= STR_DAT; +} +break; +case REG_DCR: +return s-dcr; +case REG_DTR: +return s-dtr; +case REG_DLR: +return s-dlr; +case REG_CMD: +return s-cmd; +case REG_ARG: +return s-arg; +case REG_RSP0: +return s-rsp[0]; +case REG_RSP1: +return s-rsp[1]; +case REG_RSP2: +return s-rsp[2]; +case REG_RSP3: +return s-rsp[3]; +case REG_RSPCMD: +return s-rspcmd; +case REG_IER: +return s-ier; +case REG_PWR: +return s-pwr; +case REG_CLK: +return s-clk; +case REG_BUS: +return 0x0009; +case REG_FEA: +return
[Qemu-devel] [PATCH v2 19/20] arm: add Faraday FTKBC010 support for A369
From: Kuo-Jung Su dant...@faraday-tech.com Faraday keyboard/mouse controller (FTKBC010) is compliant with the IBM PS/2 interface. The interface uses the bidirectional clock and data lines to perform the half-duplex synchronous serial interface. It also provides the configurable scan matrix for the embedded or external keypad. FTKBC010 performs a serial-to-parallel conversion to receive the data from the keyboard/mouse interface, and a parallel-to-serial conversion for transmitting the data to the keyboard/mouse interface. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftkbc010.c | 226 + 1 file changed, 226 insertions(+) create mode 100644 hw/ftkbc010.c diff --git a/hw/ftkbc010.c b/hw/ftkbc010.c new file mode 100644 index 000..c142bd0 --- /dev/null +++ b/hw/ftkbc010.c @@ -0,0 +1,226 @@ +/* + * Faraday FTKBC010 emulator for A369. + * + * Copyright (c) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This code is licensed under the GPL v2. + */ + +#include hw.h +#include qemu/timer.h +#include sysemu/sysemu.h +#include sysbus.h +#include ui/console.h +#include devices.h + +/* Key codes */ +#define KEYCODE_ESC 1 +#define KEYCODE_BACKSPACE 14 +#define KEYCODE_ENTER 28 +#define KEYCODE_SPACE 57 +#define KEYCODE_MENU139/* Menu (show menu) */ + +#define TYPE_FTKBC010 ftkbc010 + +typedef struct Ftkbc010State { +SysBusDevice busdev; +MemoryRegion iomem; +qemu_irq irq; + +int x; +int y; + +/* HW registers */ +uint32_t cr; +uint32_t isr; +} ftkbc010_state; + +#define FTKBC010(obj) \ +OBJECT_CHECK(ftkbc010_state, obj, TYPE_FTKBC010) + +static void ftkbc010_update(ftkbc010_state *s) +{ +uint32_t ier = 0; + +/* keypad interrupt */ +ier |= (s-cr (1 8)) ? (1 2) : 0; +/* tx interrupt */ +ier |= (s-cr (1 3)) ? (1 1) : 0; +/* rx interrupt */ +ier |= (s-cr (1 4)) ? (1 0) : 0; + +if (ier s-isr) { +qemu_irq_raise(s-irq); +} else { +qemu_irq_lower(s-irq); +} +} + +static uint64_t ftkbc010_mem_read(void *opaque, hwaddr addr, unsigned size) +{ +ftkbc010_state *s = FTKBC010(opaque); + +switch (addr) { +case 0x00: +return s-cr; +case 0x10: +return s-isr; +case 0x30: +return ~(1 s-x); +case 0x34: +return ~(1 s-y); +case 0x50:/* revision */ +return 0x00010403; +case 0x54:/* feature */ +return 0x0808; +default: +break; +} + +return 0; +} + +static void ftkbc010_mem_write(void*opaque, + hwaddr addr, + uint64_t val, + unsigned size) +{ +ftkbc010_state *s = FTKBC010(opaque); + +switch (addr) { +case 0x00: +s-cr = (uint32_t)val; +/* if ftkbc010 enabled */ +if (!(s-cr (1 2))) { +break; +} +/* if keypad interrupt cleared */ +if (s-cr (1 10)) { +s-cr = ~(1 10); +s-isr = ~(1 2); +} +/* if rx interrupt cleared */ +if (s-cr (1 7)) { +s-cr = ~(1 7); +s-isr = ~(1 0); +} +/* if tx interrupt cleared */ +if (s-cr (1 6)) { +s-cr = ~(1 6); +s-isr = ~(1 1); +} +ftkbc010_update(s); +break; +default: +break; +} +} + +static const MemoryRegionOps ftkbc010_mem_ops = { +.read = ftkbc010_mem_read, +.write = ftkbc010_mem_write, +.endianness = DEVICE_LITTLE_ENDIAN, +}; + +static void ftkbc010_key_event(void *opaque, int scancode) +{ +ftkbc010_state *s = FTKBC010(opaque); +int released = 0; + +/* key release from qemu */ +if (scancode 0x80) { +released = 1; +} + +/* strip qemu key release bit */ +scancode = ~0x80; + +/* keypad interrupt */ +if (!released (s-cr (1 8))) { +switch (scancode) { +case KEYCODE_ESC: +case KEYCODE_BACKSPACE: +s-x = 1; +break; +case KEYCODE_ENTER: +case KEYCODE_MENU: +case KEYCODE_SPACE: +s-x = 3; +break; +default: +s-x = 2;/* KEY_HOME */ +break; +} +s-y = 0; +s-isr |= (1 2); +ftkbc010_update(s); +} +} + +static void ftkbc010_reset(DeviceState *ds) +{ +SysBusDevice *busdev = SYS_BUS_DEVICE(ds); +ftkbc010_state *s = FTKBC010(FROM_SYSBUS(ftkbc010_state, busdev)); + +qemu_irq_lower(s-irq); +} + +static int ftkbc010_init(SysBusDevice *dev) +{ +ftkbc010_state *s = FTKBC010(FROM_SYSBUS(ftkbc010_state, dev)); + +s-cr = 0; +s-isr = 0; +s-x = 0; +s-y = 0; + +memory_region_init_io(s-iomem, + ftkbc010_mem_ops, +
Re: [Qemu-devel] [PATCH V3 07/11] block: export function bdrv_find_snapshot()
Eric Blake ebl...@redhat.com writes: On 01/15/2013 03:24 AM, Wenchao Xia wrote: +int bdrv_snapshot_find(BlockDriverState *bs, QEMUSnapshotInfo *sn_info, + const char *name) +if (!strcmp(sn-id_str, name) || !strcmp(sn-name, name)) { This code comparison favors ids over names; so if I request to delvm 2, I end up removing the second snapshot, not the first. This is okay, but probably worth documenting, how about: /* if id is not NULL, try find it with id, if not exist, return NULL * if id is NULL and name is not NULL, try find it with name. */ if id and name is NULL, direct return fail. int bdrv_snapshot_find(BlockDriverState *bs, QEMUSnapshotInfo *sn_info, const char *id, const char *name) That would be pushing the burden onto the callers to decide whether they are doing an id lookup, a name lookup, or both. In QMP terms, that means that your QMP command to delete a snapshot would now need an additional optional argument to decide whether the associated name is only an id, only a name, or can match either. But I'm not sure you want that. What I was trying to get at is that given a single string 2, it does seem nicer to do both an id and a name lookup, and return the first hit; you just need to document that ids take preference over names (and thus, naming a snapshot 2 may make the snapshot become invisible by name, but not by id, if a later snapshot creation causes id 2 to be used). Then your QMP command for deleting a snapshot no longer needs to care whether 2 is an id or a name, just whether it matches. Hmm, while typing this, I thought of another snag. Suppose you have a VM with two disks, but where only the first disk previously had a snapshot with id 1. If I create a new snapshot across both disks, does that mean disk 1 gets id 2 while disk 2 gets id 1, or do both disks get id 2, even though that means disk 2 skips over id 1? As long as the snapshot is named, you can refer to the name to get the same snapshot across both disks, regardless of what id it has. But if the name is numeric, and id takes preference over name when doing a lookup, we could get ourselves into the situation where a snapshot created with name 2 can eventually never be restored in one piece, because the individual disks have different ids for the same snapshot name. So maybe we DO need a way after all for QMP to specify whether a name lookup is for id, name, or both. Once you move beyond a single image, internal snapshots provide effectively nothing at all to ensure machine-level consistency. Besides the name vs. ID confusion you mentioned, there's hotplug. Save snapshot, unplug a disk, restore snapshot, disk is still gone. Plug it back, disk is still in the future. Save snapshot, plug another disk, restore snapshot fails, because the new disk doesn't have it. In my opinion, the sane mental model for dealing with internal snapshots is to treat them strictly as a per disk thing, plus a funky way to save/restore the machine state along with the disk state. Perhaps something that's actually useful at the (non-toy, multi-image) machine-level can be built from them. But why bother; external snapshots exist.
[Qemu-devel] [PATCH v2 07/20] arm: add Faraday FTI2C010 I2C controller support
From: Kuo-Jung Su dant...@faraday-tech.com The FTI2C010 allows the host processor to serve as a master or slave in the I2C bus. Data are transmitted to and received from the I2C bus via a buffered interface. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/fti2c010.c | 205 + hw/fti2c010.h | 62 + 2 files changed, 267 insertions(+) create mode 100644 hw/fti2c010.c create mode 100644 hw/fti2c010.h diff --git a/hw/fti2c010.c b/hw/fti2c010.c new file mode 100644 index 000..6f6b440 --- /dev/null +++ b/hw/fti2c010.c @@ -0,0 +1,205 @@ +/* + * QEMU model of the FTI2C010 Controller + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + */ + +#include sysbus.h +#include sysemu/sysemu.h +#include i2c.h +#include fti2c010.h + +#define I2C_RD 1 +#define I2C_WR 0 + +#define TYPE_FTI2C010 fti2c010 + +typedef struct Fti2c010State { +SysBusDevice busdev; +MemoryRegion mmio; + +qemu_irq irq; +i2c_bus *bus; + +uint32_t cr; +uint32_t sr; +uint32_t cdr; +uint32_t dr; +uint32_t tgsr; + +uint8_t recv;/* I2C RD = 1; I2C WR = 0 */ +uint8_t addr;/* 7-bits device address */ + +} fti2c010_state; + +#define FTI2C010(obj) \ +OBJECT_CHECK(fti2c010_state, obj, TYPE_FTI2C010) + +static uint64_t fti2c010_mem_read(void *opaque, hwaddr addr, unsigned size) +{ +fti2c010_state *s = FTI2C010(opaque); +uint32_t rc = 0; + +switch (addr) { +case REG_CR: +return s-cr; +case REG_SR: +rc = s-sr | (i2c_bus_busy(s-bus) ? SR_BB : 0); +s-sr = 0xf00f; +qemu_set_irq(s-irq, 0); +break; +case REG_CDR: +return s-cdr; +case REG_DR: +return s-dr; +case REG_TGSR: +return s-tgsr; +case REG_BMR: +return 0x0003; +case 0x30:/* revision register */ +return 0x00011000; +default: +break; +} + +return rc; +} + +static void fti2c010_mem_write(void*opaque, + hwaddr addr, + uint64_t val, + unsigned size) +{ +fti2c010_state *s = FTI2C010(opaque); + +switch (addr) { +case REG_CR: +s-cr = (uint32_t)val; +if (s-cr CR_I2CRST) { +s-dr = 0; +s-sr = 0; +} else if ((s-cr (CR_MASTER_EN | CR_TBEN)) +== (CR_MASTER_EN | CR_TBEN)) { +s-sr = ~SR_ACK; +if (s-cr CR_START) { +s-recv = (s-dr I2C_RD) ? 1 : 0; +s-addr = (s-dr 1) 0x7f; +if (i2c_start_transfer(s-bus, s-addr, s-recv) == 0) { +s-sr |= SR_DT | SR_ACK; +} else { +s-sr = ~SR_DT; +} +} else { +if (s-recv) { +s-dr = i2c_recv(s-bus); +s-sr |= SR_DR; +} else { +i2c_send(s-bus, (uint8_t)s-dr); +s-sr |= SR_DT; +} +if (s-cr CR_NACK) { +i2c_nack(s-bus); +} +s-sr |= SR_ACK; +if (s-cr CR_STOP) { +i2c_end_transfer(s-bus); +} +} +} +s-cr = 0xff7e;/* clear TB_EN, I2C_RST */ +if ((s-sr 4) (s-cr 8)) { +qemu_set_irq(s-irq, 1); +} +break; +case REG_CDR: +s-cdr = (uint32_t)val; +break; +case REG_DR: +s-dr = (uint32_t)val 0xff; +break; +case REG_TGSR: +s-tgsr = (uint32_t)val; +break; +default: +break; +} +} + +static const MemoryRegionOps fti2c010_ops = { +.read = fti2c010_mem_read, +.write = fti2c010_mem_write, +.endianness = DEVICE_LITTLE_ENDIAN, +.valid = { +.min_access_size = 4, +.max_access_size = 4 +} +}; + +static void fti2c010_reset(DeviceState *ds) +{ +SysBusDevice *busdev = SYS_BUS_DEVICE(ds); +fti2c010_state *s = FTI2C010(FROM_SYSBUS(fti2c010_state, busdev)); + +s-cr = 0; +s-sr = 0; +s-cdr = 0; +s-tgsr = 0x0401; + +qemu_set_irq(s-irq, 0); +} + +static int fti2c010_init(SysBusDevice *dev) +{ +fti2c010_state *s = FTI2C010(FROM_SYSBUS(fti2c010_state, dev)); + +s-bus = i2c_init_bus(dev-qdev, i2c); + +memory_region_init_io(s-mmio, fti2c010_ops, s, TYPE_FTI2C010, 0x1000); +sysbus_init_mmio(dev, s-mmio); +sysbus_init_irq(dev, s-irq); + +return 0; +} + +static const VMStateDescription vmstate_fti2c010 = { +.name = TYPE_FTI2C010, +.version_id = 1, +.minimum_version_id = 1, +.minimum_version_id_old = 1, +.fields = (VMStateField[]) { +VMSTATE_UINT32(cr, fti2c010_state), +VMSTATE_UINT32(sr,
[Qemu-devel] [PATCH v2 09/20] arm: add Faraday FTNANDC021 nand flash controller support
From: Kuo-Jung Su dant...@faraday-tech.com The FTNANDC021 NAND flash host controller allows the users to access the NAND flash memory simply by reading or writing into the registers. It provides the hardware-based NAND host controller so that data can be transferred in the high speed mode. The ECC information will be automatically generated in the programming operation and will be checked in the read operation. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftnandc021.c | 514 +++ hw/ftnandc021.h | 55 ++ 2 files changed, 569 insertions(+) create mode 100644 hw/ftnandc021.c create mode 100644 hw/ftnandc021.h diff --git a/hw/ftnandc021.c b/hw/ftnandc021.c new file mode 100644 index 000..cf28c6e --- /dev/null +++ b/hw/ftnandc021.c @@ -0,0 +1,514 @@ +/* + * QEMU model of the FTNANDC021 NAND Flash Controller + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + */ + +#include sysbus.h +#include devices.h +#include sysemu/blockdev.h +#include flash.h + +#include ftnandc021.h + +#define TYPE_FTNANDC021 ftnandc021 + +typedef struct Ftnandc021State { +SysBusDevice busdev; +MemoryRegion mmio; + +qemu_irq irq; +DeviceState *flash; + +/* DMA hardware handshake */ +qemu_irq req; + +uint8_t manf_id, chip_id; + +int cmd; +int len;/* buffer length for page read/write */ +int pi;/* page index */ +int bw;/* bus width (8-bits, 16-bits) */ + +uint64_t size;/* flash size (maximum access range) */ +uint32_t pgsz;/* page size (Bytes) */ +uint32_t bksz;/* block size (Bytes) */ +uint32_t alen;/* address length (cycle) */ + +uint32_t id[2]; +uint8_t oob[8];/* 5 bytes for 512/2048 page; 7 bytes for 4096 page */ + +/* HW register caches */ +uint32_t sr; +uint32_t fcr; +uint32_t mcr; +uint32_t ier; +uint32_t bcr; +} ftnandc021_state; + +#define FTNANDC021(obj) \ +OBJECT_CHECK(ftnandc021_state, obj, TYPE_FTNANDC021) + +static void ftnandc021_update_irq(ftnandc021_state *s) +{ +if (s-ier (1 7)) { +if ((s-ier 0x0f) (s-sr 2)) { +qemu_set_irq(s-irq, 1); +} else { +qemu_set_irq(s-irq, 0); +} +} +} + +static void ftnandc021_set_idle(ftnandc021_state *s) +{ +/* CLE=0, ALE=0, CS=1 */ +nand_setpins(s-flash, 0, 0, 1, 1, 0); + +/* Set command compelete */ +s-sr |= (1 2); + +/* Update IRQ signal */ +ftnandc021_update_irq(s); +} + +static void ftnandc021_set_cmd(ftnandc021_state *s, uint8_t cmd) +{ +/* CLE=1, ALE=0, CS=0 */ +nand_setpins(s-flash, 1, 0, 0, 1, 0); + +/* Write out command code */ +nand_setio(s-flash, cmd); +} + +static void ftnandc021_set_addr(ftnandc021_state *s, int col, int row) +{ +/* CLE=0, ALE=1, CS=0 */ +nand_setpins(s-flash, 0, 1, 0, 1, 0); + +if (col 0 row 0) { +/* special case for READ_ID (0x90) */ +nand_setio(s-flash, 0); +} else { +/* column address */ +if (col = 0) { +nand_setio(s-flash, (col 0x00ff) 0); +nand_setio(s-flash, (col 0xff00) 8); +} +/* row address */ +if (row = 0) { +nand_setio(s-flash, (row 0xff) 0); +if (s-alen = 4) { +nand_setio(s-flash, (row 0x00ff00) 8); +} +if (s-alen = 5) { +nand_setio(s-flash, (row 0xff) 16); +} +} +} +} + +static void ftnandc021_handle_ack(void *opaque, int line, int level) +{ +ftnandc021_state *s = FTNANDC021(opaque); + +if (!s-bcr) { +return; +} + +if (level) { +qemu_set_irq(s-req, 0); +} else if (s-len 0) { +qemu_set_irq(s-req, 1); +} +} + +static void ftnandc021_command(ftnandc021_state *s, uint32_t cmd) +{ +int i; + +s-sr = ~(1 2); +s-cmd = cmd; + +switch (cmd) { +case FTNANDC021_CMD_RDID:/* read id */ +ftnandc021_set_cmd(s, 0x90); +ftnandc021_set_addr(s, -1, -1); +nand_setpins(s-flash, 0, 0, 0, 1, 0); +if (s-bw == 8) { +s-id[0] = (nand_getio(s-flash) 0) + | (nand_getio(s-flash) 8) + | (nand_getio(s-flash) 16) + | (nand_getio(s-flash) 24); +s-id[1] = (nand_getio(s-flash) 0); +} else { +s-id[0] = (nand_getio(s-flash) 0) + | (nand_getio(s-flash) 16); +s-id[1] = (nand_getio(s-flash) 0); +} +break; +case FTNANDC021_CMD_RESET:/* reset */ +ftnandc021_set_cmd(s, 0xff); +break; +case FTNANDC021_CMD_RDST:/* read status */ +ftnandc021_set_cmd(s, 0x70); +nand_setpins(s-flash, 0, 0, 0, 1, 0); +s-id[1] = (nand_getio(s-flash) 0); +break;
[Qemu-devel] [PATCH v2 08/20] arm: add Faraday FTLCDC200 LCD controller support
From: Kuo-Jung Su dant...@faraday-tech.com The FTLCDC200 is an LCD controller that is compliant with the AMBA 2.0. It is a reusable soft-IP block and provides all the necessary control signals for a variety of TFT/CSTN/STN LCD panels. It was designed for portable electronics, including Personal Digital Assistants (PDAs), smart phones, hand-helds, and portable color-screen game terminals. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftlcdc200.c | 505 +++ hw/ftlcdc200.h | 110 +++ hw/ftlcdc200_template.h | 439 3 files changed, 1054 insertions(+) create mode 100644 hw/ftlcdc200.c create mode 100644 hw/ftlcdc200.h create mode 100644 hw/ftlcdc200_template.h diff --git a/hw/ftlcdc200.c b/hw/ftlcdc200.c new file mode 100644 index 000..9ff7c6e --- /dev/null +++ b/hw/ftlcdc200.c @@ -0,0 +1,505 @@ +/* + * Faraday FTLCDC200 Color LCD Controller + * + * base is pl110.c + * + * Copyright (c) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This code is licensed under the GNU LGPL + */ + +#include sysbus.h +#include ui/console.h +#include framebuffer.h +#include ui/pixel_ops.h + +#include ftlcdc200.h + +enum ftlcdc200_irqpin { +IRQ_ALL = 0, +IRQ_VSTATUS, +IRQ_BASEUPT, +IRQ_FIFOUR, +IRQ_BUSERR, +}; + +enum ftlcdc200_bppmode { +BPP_1 = 0, +BPP_2, +BPP_4, +BPP_8, +BPP_16, +BPP_32, +BPP_16_565, +BPP_12, +}; + +#define TYPE_FTLCDC200 ftlcdc200 + +typedef struct Ftlcdc200State { +SysBusDevice busdev; +MemoryRegion iomem; +DisplayState *ds; +qemu_irq irq[5]; +int cols; +int rows; +enum ftlcdc200_bppmode bpp; +int invalidate; +uint32_t palette[256]; +uint32_t raw_palette[128]; + +/* hw register caches */ + +uint32_t fer; /* function enable register */ +uint32_t ppr; /* panel pixel register */ +uint32_t ier; /* interrupt enable register */ +uint32_t isr; /* interrupt status register */ +uint32_t sppr; /* serail panel pixel register */ + +uint32_t fb[4]; /* frame buffer base address register */ +uint32_t ht;/* horizontal timing control register */ +uint32_t vt0; /* vertital timing control register 0 */ +uint32_t vt1; /* vertital timing control register 1 */ +uint32_t pol; /* polarity */ + +} ftlcdc200_state; + +#define FTLCDC200(obj) \ +OBJECT_CHECK(ftlcdc200_state, obj, TYPE_FTLCDC200) + +static const VMStateDescription vmstate_ftlcdc200 = { +.name = TYPE_FTLCDC200, +.version_id = 2, +.minimum_version_id = 1, +.fields = (VMStateField[]) { +VMSTATE_INT32(cols, ftlcdc200_state), +VMSTATE_INT32(rows, ftlcdc200_state), +VMSTATE_UINT32(bpp, ftlcdc200_state), +VMSTATE_INT32(invalidate, ftlcdc200_state), +VMSTATE_UINT32_ARRAY(palette, ftlcdc200_state, 256), +VMSTATE_UINT32_ARRAY(raw_palette, ftlcdc200_state, 128), +VMSTATE_UINT32(fer, ftlcdc200_state), +VMSTATE_UINT32(ppr, ftlcdc200_state), +VMSTATE_UINT32(ier, ftlcdc200_state), +VMSTATE_UINT32(isr, ftlcdc200_state), +VMSTATE_UINT32(sppr, ftlcdc200_state), +VMSTATE_UINT32_ARRAY(fb, ftlcdc200_state, 4), +VMSTATE_UINT32(ht, ftlcdc200_state), +VMSTATE_UINT32(vt0, ftlcdc200_state), +VMSTATE_UINT32(vt1, ftlcdc200_state), +VMSTATE_UINT32(pol, ftlcdc200_state), +VMSTATE_END_OF_LIST() +} +}; + +#define BITS 8 +#include ftlcdc200_template.h +#define BITS 15 +#include ftlcdc200_template.h +#define BITS 16 +#include ftlcdc200_template.h +#define BITS 24 +#include ftlcdc200_template.h +#define BITS 32 +#include ftlcdc200_template.h + +static int ftlcdc200_enabled(ftlcdc200_state *s) +{ +uint32_t mask = FER_EN | FER_ON; +return ((s-fer mask) == mask) + s-bpp s-cols s-rows s-fb[0]; +} + +/* Update interrupts. */ +static void ftlcdc200_update_irq(ftlcdc200_state *s) +{ +uint32_t mask = s-ier s-isr; + +if (mask) { +qemu_irq_raise(s-irq[IRQ_ALL]); +qemu_set_irq(s-irq[IRQ_FIFOUR], (mask 0x01) ? 1 : 0); +qemu_set_irq(s-irq[IRQ_BASEUPT], (mask 0x02) ? 1 : 0); +qemu_set_irq(s-irq[IRQ_VSTATUS], (mask 0x04) ? 1 : 0); +qemu_set_irq(s-irq[IRQ_BUSERR], (mask 0x08) ? 1 : 0); +} else { +qemu_irq_lower(s-irq[IRQ_ALL]); +qemu_irq_lower(s-irq[IRQ_VSTATUS]); +qemu_irq_lower(s-irq[IRQ_BASEUPT]); +qemu_irq_lower(s-irq[IRQ_FIFOUR]); +qemu_irq_lower(s-irq[IRQ_BUSERR]); +} +} + +static void ftlcdc200_update_display(void *opaque) +{ +ftlcdc200_state *s = FTLCDC200(opaque); +drawfn *fntable; +drawfn fn; +int dest_width; +int src_width; +int bpp_offset; +int first; +int last; + +if (!ftlcdc200_enabled(s)) { +return; +} + +switch (ds_get_bits_per_pixel(s-ds)) { +
[Qemu-devel] [PATCH v2 12/20] arm: add Faraday FTSSP010 multi-function controller support
From: Kuo-Jung Su dant...@faraday-tech.com The FTSSP010 is a synchronous serial port interface that allows the host processor to serve as a master or a slave. Various devices can be connected to this controller by using the serial protocol. It supports the TI Synchronous Serial Port (SSP), the Motorola Serial Peripheral Interface (SPI), National Semiconductor MICROWIRE, Philips I2S, Intel AC-link, and SPDIF. The serial data formats may range from 4 bits to 128 bits in length. The Faraday SSP controller can be accessed with Faraday AHB/APB DMA to directly transfer data between the external serial device and the system memory without the intervention from the processor. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftssp010.c | 552 + hw/ftssp010.h | 91 ++ 2 files changed, 643 insertions(+) create mode 100644 hw/ftssp010.c create mode 100644 hw/ftssp010.h diff --git a/hw/ftssp010.c b/hw/ftssp010.c new file mode 100644 index 000..4b85bd6 --- /dev/null +++ b/hw/ftssp010.c @@ -0,0 +1,552 @@ +/* + * QEMU model of the FTSSP010 Controller + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + */ + +#include sysbus.h +#include sysemu/sysemu.h +#include fifo.h +#include i2c.h +#include ssi.h +#include ftssp010.h + +#define CFG_FIFO_DEPTH16 + +#define TYPE_FTSSP010 ftssp010 + +typedef struct Ftssp010State { +SysBusDevice busdev; +MemoryRegion mmio; + +qemu_irq irq; +SSIBus *spi; + +uint8_t num_cs; +qemu_irq *cs_lines; + +Fifo8 rx_fifo; +Fifo8 tx_fifo; + +uint8_t tx_thres; +uint8_t rx_thres; + +int busy; +uint8_t bw; + +/* I2S */ +void *codec_i2c; +char *codec_name; +uint8_t codec_addr; +void *codec; +void (*codec_out)(void *, uint32_t); +uint32_t (*codec_in)(void *); + +/* DMA hardware handshake */ +qemu_irq req[2];/* 0 - Tx, 1 - Rx */ + +/* HW register caches */ + +uint32_t cr0; +uint32_t cr1; +uint32_t cr2; +uint32_t icr;/* interrupt control register */ +uint32_t isr;/* interrupt status register */ + +} ftssp010_state; + +#define FTSSP010(obj) \ +OBJECT_CHECK(ftssp010_state, obj, TYPE_FTSSP010) + +/* Update interrupts. */ +static void ftssp010_update(ftssp010_state *s) +{ +if (!(s-cr2 CR2_SSPEN)) { +return; +} + +/* tx fifo status update */ +if ((s-tx_fifo.num / (s-bw 3)) = s-tx_thres) { +s-isr |= ISR_TFTHI; +if (s-icr ICR_TFDMA) { +qemu_set_irq(s-req[0], 1); +} +} else { +s-isr = ~ISR_TFTHI; +} + +/* rx fifo status update */ +switch (s-cr0 0x7000) { +case CR0_FFMT_SPI: +s-isr |= ISR_RFTHI; +if (s-icr ICR_RFDMA) { +qemu_set_irq(s-req[1], 1); +} +break; +default: +if ((s-rx_fifo.num / (s-bw 3)) = s-rx_thres) { +s-isr |= ISR_RFTHI; +if (s-icr ICR_RFDMA) { +qemu_set_irq(s-req[1], 1); +} +} else { +s-isr = ~ISR_RFTHI; +} +break; +} + +/* update the interrupt signal */ +if ((s-icr s-isr) 0x0f) { +qemu_set_irq(s-irq, 1); +} else { +qemu_set_irq(s-irq, 0); +} +} + +static void ftssp010_handle_ack(void *opaque, int line, int level) +{ +ftssp010_state *s = FTSSP010(opaque); + +switch (line) { +case 0:/* Tx */ +if (s-icr ICR_TFDMA) { +if (level) { +qemu_set_irq(s-req[0], 0); +} +if ((s-tx_fifo.num / (s-bw 3)) = s-tx_thres) { +qemu_set_irq(s-req[0], 1); +} +} +break; +case 1:/* Rx */ +if (s-icr ICR_RFDMA) { +if (level) { +qemu_set_irq(s-req[1], 0); +} +switch (s-cr0 0x7000) { +case CR0_FFMT_SPI: +qemu_set_irq(s-req[1], 1); +break; +default: +if ((s-rx_fifo.num / (s-bw 3)) = s-rx_thres) { +qemu_set_irq(s-req[1], 1); +} +break; +} +} +break; +default: +break; +} +} + +static void ftssp010_i2s_data_req(void *opaque, int tx, int rx) +{ +int len; +uint32_t sample; +ftssp010_state *s = FTSSP010(opaque); + +if (!(s-cr2 CR2_SSPEN)) { +return; +} + +if ((s-cr0 0x7000) != CR0_FFMT_I2S) { +return; +} + +s-busy = 1; + +if ((s-cr2 (CR2_TXEN | CR2_TXDOE)) == (CR2_TXEN | CR2_TXDOE)) { +len = tx * (s-bw / 8); +while (!fifo8_is_empty(s-tx_fifo) len 0) { +sample = fifo8_pop(s-tx_fifo) 0; +--len; +if (s-bw 8) { +sample |= fifo8_pop(s-tx_fifo) 8; +--len;
[Qemu-devel] [PATCH v2 18/20] arm: add Faraday FTINTC020 interrupt controller
From: Kuo-Jung Su dant...@faraday-tech.com The FTINTC020 interrupt controller supports both FIQ and IRQ signals to the microprocessor. It can handle up to 64 configurable IRQ sources and 64 FIQ sources. The output signals to the microprocessor can be configured as level-high/low active or edge-rising/falling triggered. To solve the problem of the interrupt latency, the FTINTC020 supports the AHB interface and 16 vectored IRQ interrupts. The interrupt priority hardware engine supports the fix-order, fix-prior, and round-robin schemes. The priority schemes should be programmable. It also supports the software-triggered interrupts, which are useful in dealing with the inter-processor communication. If the vectored IRQs are not enabled, this controller will be fully compatible to FTINTC010. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftintc020.c | 354 1 file changed, 354 insertions(+) create mode 100644 hw/ftintc020.c diff --git a/hw/ftintc020.c b/hw/ftintc020.c new file mode 100644 index 000..7c5baa2 --- /dev/null +++ b/hw/ftintc020.c @@ -0,0 +1,354 @@ +/* + * Faraday FTINTC020 Programmable Interrupt Controller. + * + * Copyright (c) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This code is licensed under the GPL v2. + */ + +#include hw.h +#include sysbus.h + +#define TYPE_FTINTC020 ftintc020 + +typedef struct Ftintc020State { +SysBusDevice busdev; +MemoryRegion iomem; +ARMCPU *cpu; +qemu_irq irqs[64]; + +uint32_t irq_pin[2];/* IRQ pin state */ +uint32_t fiq_pin[2];/* IRQ pin state */ + +/* HW register caches */ +uint32_t irq_src[2];/* IRQ source register */ +uint32_t irq_ena[2];/* IRQ enable register */ +uint32_t irq_mod[2];/* IRQ mode register */ +uint32_t irq_lvl[2];/* IRQ level register */ +uint32_t fiq_src[2];/* FIQ source register */ +uint32_t fiq_ena[2];/* FIQ enable register */ +uint32_t fiq_mod[2];/* FIQ mode register */ +uint32_t fiq_lvl[2];/* FIQ level register */ +} ftintc020_state; + +#define FTINTC020(obj) \ +OBJECT_CHECK(ftintc020_state, obj, TYPE_FTINTC020) + +qemu_irq *ftintc020_init(hwaddr base, ARMCPU *cpu); + +static void ftintc020_update(ftintc020_state *s) +{ +uint32_t mask[2]; + +/* FIQ */ +mask[0] = s-fiq_src[0] s-fiq_ena[0]; +mask[1] = s-fiq_src[1] s-fiq_ena[1]; + +if (mask[0] || mask[1]) { +cpu_interrupt(s-cpu-env, CPU_INTERRUPT_FIQ); +} else { +cpu_reset_interrupt(s-cpu-env, CPU_INTERRUPT_FIQ); +} + +/* IRQ */ +mask[0] = s-irq_src[0] s-irq_ena[0]; +mask[1] = s-irq_src[1] s-irq_ena[1]; + +if (mask[0] || mask[1]) { +cpu_interrupt(s-cpu-env, CPU_INTERRUPT_HARD); +} else { +cpu_reset_interrupt(s-cpu-env, CPU_INTERRUPT_HARD); +} +} + +/* Note: Here level means state of the signal on a pin */ +static void ftintc020_set_irq(void *opaque, int irq, int level) +{ +ftintc020_state *s = FTINTC020(opaque); +uint32_t i = irq / 32; +uint32_t mask = 1 (irq % 32); + +if (s-irq_mod[i] mask) { +/* Edge Triggered */ +if (s-irq_lvl[i] mask) { +/* Falling Active */ +if ((s-irq_pin[i] mask) !level) { +s-irq_src[i] |= mask; +s-fiq_src[i] |= mask; +} +} else { +/* Rising Active */ +if (!(s-irq_pin[i] mask) level) { +s-irq_src[i] |= mask; +s-fiq_src[i] |= mask; +} +} +} else { +/* Level Triggered */ +if (s-irq_lvl[i] mask) { +/* Low Active */ +if (level) { +s-irq_src[i] = ~mask; +s-fiq_src[i] = ~mask; +} else { +s-irq_src[i] |= mask; +s-fiq_src[i] |= mask; +} +} else { +/* High Active */ +if (!level) { +s-irq_src[i] = ~mask; +s-fiq_src[i] = ~mask; +} else { +s-irq_src[i] |= mask; +s-fiq_src[i] |= mask; +} +} +} + +/* update IRQ/FIQ pin states */ +if (level) { +s-irq_pin[i] |= mask; +s-fiq_pin[i] |= mask; +} else { +s-irq_pin[i] = ~mask; +s-fiq_pin[i] = ~mask; +} + +ftintc020_update(s); +} + +static uint64_t ftintc020_mem_read(void *opaque, hwaddr offset, unsigned size) +{ +ftintc020_state *s = FTINTC020(opaque); + +switch (offset) { +/* + * IRQ + */ +case 0x:/* IRQ source register */ +return s-irq_src[0]; +case 0x0004:/* IRQ enable register */ +return s-irq_ena[0]; +case 0x000C:/* IRQ trigger-mode register */ +return s-irq_mod[0]; +case 0x0010:/* IRQ trigger-level register */ +return s-irq_lvl[0]; +case
[Qemu-devel] [PATCH v2 20/20] arm: add generic ROM model for Faraday SoC platforms
From: Kuo-Jung Su dant...@faraday-tech.com Since the NAND and SPI flash memories do not support random access, so most of the systems which use such memory as main storages usually has some bootstrap code stored inside the embedded ROM of its SoC, and the bootstrap code is responsible for SDRAM initialization and then load the specific software(i.e. u-boot/linux) into SDRAM, and finally jumps into the loaded primary software. This QEMU model simply emulates the behavior of the embedded ROM for bootstrap code execution. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/rom.c | 119 ++ 1 file changed, 119 insertions(+) create mode 100644 hw/rom.c diff --git a/hw/rom.c b/hw/rom.c new file mode 100644 index 000..aff2666 --- /dev/null +++ b/hw/rom.c @@ -0,0 +1,119 @@ +/* + * QEMU model of ROM + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + */ + +#include sysbus.h +#include sysemu/sysemu.h +#include sysemu/blockdev.h + +#define TYPE_ROMrom + +typedef struct ROMState { +SysBusDevice busdev; +MemoryRegion mem; +MemoryRegion *mem_mappings;/* array; one per mapping */ +MemoryRegion orig_mem; +BlockDriverState *bdrv; +uint8_t *storage; +uint32_t size; +} rom_state; + +#define ROM(obj) \ +OBJECT_CHECK(rom_state, obj, TYPE_ROM) + +static uint64_t +rom_mem_read(void *opaque, hwaddr addr, unsigned int size) +{ +return 0; +} + +static void +rom_mem_write(void *opaque, hwaddr addr, uint64_t val, unsigned size) +{ +} + +static const MemoryRegionOps rom_ops = { +.read = rom_mem_read, +.write = rom_mem_write, +.endianness = DEVICE_NATIVE_ENDIAN, +.valid = { +.min_access_size = 1, +.max_access_size = 8 +} +}; + +static int rom_init(SysBusDevice *dev) +{ +rom_state *s = ROM(FROM_SYSBUS(rom_state, dev)); +DriveInfo *dinfo; + +memory_region_init_rom_device(s-orig_mem, rom_ops, s, rom, s-size); +vmstate_register_ram(s-orig_mem, DEVICE(s)); +s-storage = memory_region_get_ram_ptr(s-orig_mem); + +dinfo = drive_get_next(IF_PFLASH); +if (dinfo dinfo-bdrv) { +s-bdrv = dinfo-bdrv; +/* read the initial flash content */ +bdrv_read(s-bdrv, 0, s-storage, +DIV_ROUND_UP(s-size, BDRV_SECTOR_SIZE)); +} else { +memset(s-storage, 0x00, s-size); +} + +memory_region_init(s-mem, rom, s-size); +s-mem_mappings = g_new(MemoryRegion, 1); +memory_region_init_alias(s-mem_mappings[0], + rom-alias, + s-orig_mem, + 0, + s-size); +memory_region_add_subregion(s-mem, 0, s-mem_mappings[0]); + +sysbus_init_mmio(dev, s-mem); +return 0; +} + +static Property rom_properties[] = { +DEFINE_PROP_UINT32(size, rom_state, size, 16384), +DEFINE_PROP_END_OF_LIST(), +}; + +static const VMStateDescription vmstate_rom = { +.name = rom, +.version_id = 1, +.minimum_version_id = 1, +.minimum_version_id_old = 1, +.fields = (VMStateField[]) { +VMSTATE_END_OF_LIST() +} +}; + +static void rom_class_init(ObjectClass *klass, void *data) +{ +DeviceClass *dc = DEVICE_CLASS(klass); +SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); + +k-init = rom_init; +dc-props = rom_properties; +dc-vmsd = vmstate_rom; +} + +static const TypeInfo rom_info = { +.name = TYPE_ROM, +.parent = TYPE_SYS_BUS_DEVICE, +.instance_size = sizeof(rom_state), +.class_init = rom_class_init, +}; + +static void rom_register_types(void) +{ +type_register_static(rom_info); +} + +type_init(rom_register_types) -- 1.7.9.5
Re: [Qemu-devel] [PATCH] add fd limitations for avoiding a buffer overflow
On 01/25/13 09:14, Amos Kong wrote: FD_SET() and FD_CLR() are used to add and remove one descriptor from a set, the 'fd' should be less than FD_SETSIZE. Glibc will give a warning and crash the qemu when we set a fd (1024) to a set. # qemu -device virtio-net-pci,netdev=macvtap_netdev,mac=92:ff:8a:11:fe:57 -netdev tap,id=macvtap_netdev,fd=1024 1024/dev/tap4 *** buffer overflow detected ***: x86_64-softmmu/qemu-system-x86_64 terminated === Backtrace: = /lib64/libc.so.6(__fortify_fail+0x37)[0x7f842a2134a7] /lib64/libc.so.6(+0x35e9d08620)[0x7f842a211620] /lib64/libc.so.6(+0x35e9d0a417)[0x7f842a213417] x86_64-softmmu/qemu-system-x86_64(+0x1901fd)[0x7f842f09f1fd] x86_64-softmmu/qemu-system-x86_64(+0x198388)[0x7f842f0a7388] x86_64-softmmu/qemu-system-x86_64(main+0xfa9)[0x7f842ef897a9] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f842a12aa05] x86_64-softmmu/qemu-system-x86_64(+0x7ed49)[0x7f842ef8dd49] === Memory map: This patch added limitations when init tap device and set fd handler for synchronous IO. Signed-off-by: Amos Kong ak...@redhat.com --- iohandler.c |3 +++ net/tap.c |3 ++- 2 files changed, 5 insertions(+), 1 deletions(-) diff --git a/iohandler.c b/iohandler.c index 2523adc..c22edab 100644 --- a/iohandler.c +++ b/iohandler.c @@ -66,6 +66,9 @@ int qemu_set_fd_handler2(int fd, } } } else { +if (fd = FD_SETSIZE) { +return 1; +} qemu_set_fd_handler2() -- and consequently, qemu_set_fd_handler() -- could never fail before. I tried to check their call sites, and most of those don't bother to check for the return value; they assume these functions always succeed. Wouldn't it be better to abort() here (or exit with an error message) instead of returning 1? (Not suggesting, just asking.) Thanks, Laszlo QLIST_FOREACH(ioh, io_handlers, next) { if (ioh-fd == fd) goto found; diff --git a/net/tap.c b/net/tap.c index eb40c42..be856dd 100644 --- a/net/tap.c +++ b/net/tap.c @@ -618,7 +618,8 @@ int net_init_tap(const NetClientOptions *opts, const char *name, } fd = monitor_handle_fd_param(cur_mon, tap-fd); -if (fd == -1) { +if (fd == -1 || fd = FD_SETSIZE) { +error_report(Invalid fd : %d, fd); return -1; }
[Qemu-devel] [PATCH v2 16/20] arm: add Faraday FTTMR010 timer support
From: Kuo-Jung Su dant...@faraday-tech.com The FTTMR010 provides three independent sets of sub-timers. Each sub-timer can use either the internal system clock (PCLK) or the external clock (EXTCLK) for clock counting. Two match registers are provided for each sub-timer, whenever the value of the match registers equals any one value of the sub-timers, the timer interrupt will be immediately triggered. And it would also issue an interrupt when an overflow occurs. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/fttmr010.c | 468 + 1 file changed, 468 insertions(+) create mode 100644 hw/fttmr010.c diff --git a/hw/fttmr010.c b/hw/fttmr010.c new file mode 100644 index 000..d0ad93f --- /dev/null +++ b/hw/fttmr010.c @@ -0,0 +1,468 @@ +/* + * Faraday FTTMR010 Timer. + * + * Copyright (c) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This code is licensed under the GNU GPL v2. + */ + +#include hw.h +#include qemu/timer.h +#include sysemu/sysemu.h +#include sysbus.h + +#define REG_TMR_ID(off) ((off) 4) +#define REG_TMR_COUNTER 0x00 +#define REG_TMR_RELOAD 0x04 +#define REG_TMR_MATCH1 0x08 +#define REG_TMR_MATCH2 0x0C + +#define REG_CR 0x30 +#define REG_ISR 0x34 +#define REG_IMR 0x38 +#define REG_REV 0x3C + +/* timer enable */ +#define CR_TMR_EN(id) (0x01 ((id) * 3)) +/* timer overflow interrupt enable */ +#define CR_TMR_OFEN(id) (0x04 ((id) * 3)) +/* timer count-up mode */ +#define CR_TMR_COUNTUP(id) (0x01 (9 + (id))) + +/* timer match 1 */ +#define ISR_MATCH1(id) (0x01 ((id) * 3)) +/* timer match 2 */ +#define ISR_MATCH2(id) (0x02 ((id) * 3)) +/* timer overflow */ +#define ISR_OF(id) (0x04 ((id) * 3)) + +#define TYPE_FTTMR010 fttmr010 +#define TYPE_FTTMR010_TIMER fttmr010_timer + +typedef struct Fttmr010State fttmr010_state; + +typedef struct Fttmr010Timer { +int id; +int up; +fttmr010_state *chip; +qemu_irq irq; +QEMUTimer *qtimer; +uint64_t start; +uint32_t intr_match1:1; +uint32_t intr_match2:1; + +/* HW register caches */ +uint64_t counter; +uint64_t reload; +uint32_t match1; +uint32_t match2; + +} fttmr010_timer; + +struct Fttmr010State { +SysBusDevice busdev; +MemoryRegion iomem; +qemu_irq irq; +fttmr010_timer timer[3]; +uint32_t freq;/* desired source clock */ +uint64_t step;/* get_ticks_per_sec() / freq */ + +/* HW register caches */ +uint32_t cr; +uint32_t isr; +uint32_t imr; +}; + +#define FTTMR010(obj) \ +OBJECT_CHECK(fttmr010_state, obj, TYPE_FTTMR010) + +static void fttmr010_timer_restart(fttmr010_timer *t) +{ +fttmr010_state *s = t-chip; +uint64_t interval; +int pending = 0; + +t-intr_match1 = 0; +t-intr_match2 = 0; + +/* check match1 */ +if (t-up t-match1 = t-counter) { +t-intr_match1 = 1; +} +if (!t-up t-match1 = t-counter) { +t-intr_match1 = 1; +} +if (t-match1 == t-counter) { +s-isr |= ISR_MATCH1(t-id); +++pending; +} + +/* check match2 */ +if (t-up t-match2 = t-counter) { +t-intr_match2 = 1; +} +if (!t-up t-match2 = t-counter) { +t-intr_match2 = 1; +} +if (t-match2 == t-counter) { +s-isr |= ISR_MATCH2(t-id); +++pending; +} + +/* determine delay interval */ +if (t-up) { +if ((t-match1 t-counter) (t-match2 t-counter)) { +interval = MIN(t-match1, t-match2) - t-counter; +} else if (t-match1 t-counter) { +interval = t-match1 - t-counter; +} else if (t-match2 t-reload) { +interval = t-match2 - t-counter; +} else { +interval = 0xULL - t-counter; +} +} else { +if ((t-match1 t-counter) (t-match2 t-counter)) { +interval = t-counter - MAX(t-match1, t-match2); +} else if (t-match1 t-reload) { +interval = t-counter - t-match1; +} else if (t-match2 t-reload) { +interval = t-counter - t-match2; +} else { +interval = t-counter; +} +} + +if (pending) { +qemu_irq_pulse(s-irq); +qemu_irq_pulse(t-irq); +} +t-start = qemu_get_clock_ns(vm_clock); +qemu_mod_timer(t-qtimer, t-start + interval * s-step); +} + +static uint64_t fttmr010_update_counter(fttmr010_timer *t) +{ +fttmr010_state *s = t-chip; +uint64_t now = qemu_get_clock_ns(vm_clock); +uint64_t elapsed; +int pending = 0; + +if (s-cr CR_TMR_EN(t-id)) { +/* get elapsed time */ +elapsed = (now - t-start) / s-step; + +/* convert to count-up/count-down value */ +if (t-up) { +t-counter = t-counter + elapsed; +} else { +if (t-counter elapsed) { +t-counter -=
Re: [Qemu-devel] [BUG, RFC] block/vmdk.c: File name with space fails to open
Philipp Hahn h...@univention.de writes: Hello, I tried to open a twoGbMaxExtentSparse VMDK file, which uses spaces in its own and for the referenced file names. This breaks in line 646 of block/vmdk.c because %511s stops at the first space and thus fname is incomplete: ret = sscanf(p, %10s % SCNd64 %10s %511s % SCNd64, access, sectors, type, fname, flat_offset); I've only checked with our very old VMware workstation version, which refuses to create new images with unsupported characters with the following message: The characters !#%^*:;'/? cannot be used. So it looks like spaces are valid, at least we have several VMs with spaces in their name. If the quotes around the file name are required, the simpliest solution would be to change %511s to %511[^]: diff --git a/block/vmdk.c b/block/vmdk.c index 19298c2..045f6a1 100644 --- a/block/vmdk.c +++ b/block/vmdk.c @@ -641,7 +641,7 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs, * RW [size in sectors] SPARSE file-name.vmdk */ flat_offset = -1; -ret = sscanf(p, %10s % SCNd64 %10s %511s % SCNd64, +ret = sscanf(p, %10s % SCNd64 %10s \%511[^\]\ % SCNd64, access, sectors, type, fname, flat_offset); if (ret 4 || strcmp(access, RW)) { goto next_line; Suggest to include '\n' in the stop set, like \%511[^\\n]\, to better detect malformed input. I don't know how portable %[ together with a maximum width is, because the manual page for sscanf() doesn't mention max width for %[, but it works with Debian/GNU Linux Squeeze. It's fine according to my reading of C89. I'm afraid your patch is flawed. For RW 1048576 FLAT test-f001.vmdk 0 fname is now test-f001.vmdk instead of \test-f001.vmdk\. That's because you change sscanf() to ignore the double-quotes without dropping the quote stripping code below. Care to post a fixed up patch?
Re: [Qemu-devel] [PATCH] add fd limitations for avoiding a buffer overflow
On 01/25/2013 04:14 PM, Amos Kong wrote: FD_SET() and FD_CLR() are used to add and remove one descriptor from a set, the 'fd' should be less than FD_SETSIZE. Glibc will give a warning and crash the qemu when we set a fd (1024) to a set. # qemu -device virtio-net-pci,netdev=macvtap_netdev,mac=92:ff:8a:11:fe:57 -netdev tap,id=macvtap_netdev,fd=1024 1024/dev/tap4 *** buffer overflow detected ***: x86_64-softmmu/qemu-system-x86_64 terminated === Backtrace: = /lib64/libc.so.6(__fortify_fail+0x37)[0x7f842a2134a7] /lib64/libc.so.6(+0x35e9d08620)[0x7f842a211620] /lib64/libc.so.6(+0x35e9d0a417)[0x7f842a213417] x86_64-softmmu/qemu-system-x86_64(+0x1901fd)[0x7f842f09f1fd] x86_64-softmmu/qemu-system-x86_64(+0x198388)[0x7f842f0a7388] x86_64-softmmu/qemu-system-x86_64(main+0xfa9)[0x7f842ef897a9] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f842a12aa05] x86_64-softmmu/qemu-system-x86_64(+0x7ed49)[0x7f842ef8dd49] === Memory map: This patch added limitations when init tap device and set fd handler for synchronous IO. Signed-off-by: Amos Kong ak...@redhat.com --- iohandler.c |3 +++ net/tap.c |3 ++- 2 files changed, 5 insertions(+), 1 deletions(-) diff --git a/iohandler.c b/iohandler.c index 2523adc..c22edab 100644 --- a/iohandler.c +++ b/iohandler.c @@ -66,6 +66,9 @@ int qemu_set_fd_handler2(int fd, } } } else { +if (fd = FD_SETSIZE) { +return 1; +} QLIST_FOREACH(ioh, io_handlers, next) { if (ioh-fd == fd) goto found; diff --git a/net/tap.c b/net/tap.c index eb40c42..be856dd 100644 --- a/net/tap.c +++ b/net/tap.c @@ -618,7 +618,8 @@ int net_init_tap(const NetClientOptions *opts, const char *name, } fd = monitor_handle_fd_param(cur_mon, tap-fd); -if (fd == -1) { +if (fd == -1 || fd = FD_SETSIZE) { +error_report(Invalid fd : %d, fd); return -1; } I think at least you need check all user of monitor_handler_fd_param() or just does the check inside it.
Re: [Qemu-devel] [PATCH] add fd limitations for avoiding a buffer overflow
Laszlo Ersek ler...@redhat.com writes: On 01/25/13 09:14, Amos Kong wrote: FD_SET() and FD_CLR() are used to add and remove one descriptor from a set, the 'fd' should be less than FD_SETSIZE. Glibc will give a warning and crash the qemu when we set a fd (1024) to a set. # qemu -device virtio-net-pci,netdev=macvtap_netdev,mac=92:ff:8a:11:fe:57 -netdev tap,id=macvtap_netdev,fd=1024 1024/dev/tap4 *** buffer overflow detected ***: x86_64-softmmu/qemu-system-x86_64 terminated === Backtrace: = /lib64/libc.so.6(__fortify_fail+0x37)[0x7f842a2134a7] /lib64/libc.so.6(+0x35e9d08620)[0x7f842a211620] /lib64/libc.so.6(+0x35e9d0a417)[0x7f842a213417] x86_64-softmmu/qemu-system-x86_64(+0x1901fd)[0x7f842f09f1fd] x86_64-softmmu/qemu-system-x86_64(+0x198388)[0x7f842f0a7388] x86_64-softmmu/qemu-system-x86_64(main+0xfa9)[0x7f842ef897a9] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f842a12aa05] x86_64-softmmu/qemu-system-x86_64(+0x7ed49)[0x7f842ef8dd49] === Memory map: This patch added limitations when init tap device and set fd handler for synchronous IO. Signed-off-by: Amos Kong ak...@redhat.com --- iohandler.c |3 +++ net/tap.c |3 ++- 2 files changed, 5 insertions(+), 1 deletions(-) diff --git a/iohandler.c b/iohandler.c index 2523adc..c22edab 100644 --- a/iohandler.c +++ b/iohandler.c @@ -66,6 +66,9 @@ int qemu_set_fd_handler2(int fd, } } } else { +if (fd = FD_SETSIZE) { +return 1; +} qemu_set_fd_handler2() -- and consequently, qemu_set_fd_handler() -- could never fail before. I tried to check their call sites, and most of those don't bother to check for the return value; they assume these functions always succeed. Wouldn't it be better to abort() here (or exit with an error message) instead of returning 1? (Not suggesting, just asking.) Never check for an error you don't know how to handle ;-) What we've done for other functions where some callers can't be bothered to check for errors[*] is to create a wrapper void FOO_nofail() around int FOO() that aborts on error, then slap QEMU_WARN_UNUSED_RESULT onto FOO(), and fix the resulting warnings, either by adding error handling, or by switching to FOO_nofail(). [*] Sometimes even legitimately, because we *know* errors can't happen.
Re: [Qemu-devel] [PATCH v2 02/20] arm: add Faraday FUSBH200 EHCI controller
Am 25.01.2013 09:19, schrieb Kuo-Jung Su: From: Kuo-Jung Su dant...@faraday-tech.com Faraday FUSBH200 is a one-port host controller for USB 2.0, which is fully compliant with the USB 2.0 specification and the Enhanced Host Controller Interface (EHCI) specification. This host controller supports the HS/FS/LS transactions, Isochronous/Interrupt/Control/Bulk transfers, and split/preamble transaction for the hub. Without intervening by the software, this host controller can deal with the transaction-based data structure to offload the CPU and automatically transmit and receive the data on the USB bus. The native system bus of FUSBH200 is a PVCI 32-bit bus interface. However, by using the wrappers, FUSBH200 can also support the AMBA AHB 32-bit bus or RISC 8051 bus. The transceiver interface is UTMI+ level 3, which supports the HS/FS/LS device and HS/FS hub. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com Please CC all relevant maintainers, in this case Gerd Hoffmann for USB. To automate this, you can use git-send-email's --cccmd=scripts/get_maintainer.pl --nogit-fallback argument (or config option). --- .gitignore |1 + hw/usb/hcd-ehci-sysbus.c | 23 + hw/usb/hcd-ehci.c| 51 ++ hw/usb/hcd-ehci.h| 14 +++-- 4 files changed, 75 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index 53fe9c3..0fd6a51 100644 --- a/.gitignore +++ b/.gitignore @@ -55,6 +55,7 @@ fsdev/virtfs-proxy-helper.pod .gdbinit *.a *.aux +*.bak *.cp *.dvi *.exe This hunk seems unrelated, please drop it from this series. diff --git a/hw/usb/hcd-ehci-sysbus.c b/hw/usb/hcd-ehci-sysbus.c index b68a66a..b1147f3 100644 --- a/hw/usb/hcd-ehci-sysbus.c +++ b/hw/usb/hcd-ehci-sysbus.c @@ -40,6 +40,8 @@ static int usb_ehci_sysbus_initfn(SysBusDevice *dev) s-capsbase = sec-capsbase; s-opregbase = sec-opregbase; +s-portscbase = sec-portscbase; +s-portnr = sec-portnr; Since NB_PORTS in the max. number of ports, maybe you should assert that here? s-dma = dma_context_memory; usb_ehci_initfn(s, DEVICE(dev)); @@ -73,6 +75,8 @@ static void ehci_xlnx_class_init(ObjectClass *oc, void *data) sec-capsbase = 0x100; sec-opregbase = 0x140; +sec-portscbase = 0x44; +sec-portnr = NB_PORTS; } static const TypeInfo ehci_xlnx_type_info = { @@ -87,6 +91,8 @@ static void ehci_exynos4210_class_init(ObjectClass *oc, void *data) sec-capsbase = 0x0; sec-opregbase = 0x10; +sec-portscbase = 0x44; +sec-portnr = NB_PORTS; } static const TypeInfo ehci_exynos4210_type_info = { @@ -95,11 +101,28 @@ static const TypeInfo ehci_exynos4210_type_info = { .class_init= ehci_exynos4210_class_init, }; +static void ehci_faraday_class_init(ObjectClass *oc, void *data) +{ +SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc); + +sec-capsbase = 0x00; +sec-opregbase = 0x10; +sec-portscbase = 0x20; +sec-portnr = 1; +} + +static const TypeInfo ehci_faraday_type_info = { +.name = TYPE_FARADAY_EHCI, +.parent= TYPE_SYS_BUS_EHCI, +.class_init= ehci_faraday_class_init, +}; + static void ehci_sysbus_register_types(void) { type_register_static(ehci_type_info); type_register_static(ehci_xlnx_type_info); type_register_static(ehci_exynos4210_type_info); +type_register_static(ehci_faraday_type_info); } type_init(ehci_sysbus_register_types) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 7040659..6e42086 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -10,7 +10,8 @@ * * EHCI project was started by Mark Burkley, with contributions by * Niels de Vos. David S. Ahern continued working on it. Kevin Wolf, - * Jan Kiszka and Vincent Palatin contributed bugfixes. + * Jan Kiszka and Vincent Palatin contributed bugfixes. Kuo-Jung Su + * contributed Faraday extension. * * * This library is free software; you can redistribute it and/or @@ -988,7 +989,7 @@ static uint64_t ehci_port_read(void *ptr, hwaddr addr, uint32_t val; val = s-portsc[addr 2]; -trace_usb_ehci_portsc_read(addr + PORTSC_BEGIN, addr 2, val); +trace_usb_ehci_portsc_read(addr + s-portscbase, addr 2, val); return val; } @@ -1029,7 +1030,7 @@ static void ehci_port_write(void *ptr, hwaddr addr, uint32_t old = *portsc; USBDevice *dev = s-ports[port].dev; -trace_usb_ehci_portsc_write(addr + PORTSC_BEGIN, addr 2, val); +trace_usb_ehci_portsc_write(addr + s-portscbase, addr 2, val); /* Clear rwc bits */ *portsc = ~(val PORTSC_RWC_MASK); @@ -1062,7 +1063,7 @@ static void ehci_port_write(void *ptr, hwaddr addr, *portsc = ~PORTSC_RO_MASK; *portsc |= val; -trace_usb_ehci_portsc_change(addr + PORTSC_BEGIN, addr
[Qemu-devel] [PATCH v2 05/20] arm: add Faraday FTGMAC100 1Gbps ethernet support
From: Kuo-Jung Su dant...@faraday-tech.com The FTGMAC100 is a high-quality Ethernet controller with DMA function. It includes the AHB wrapper, DMA engine, on-chip memories (TX FIFO and RX FIFO), MAC, and MII/GMII interfaces. The FTGMAC100 is an Ethernet controller that provides AHB master capability and full compliance with IEEE 802.3 specification for 10/100 Mbps Ethernet and IEEE 802.3z specification for 1000 Mbps Ethernet. FTGMAC100 Ethernet controller with DMA function handles all data transfers between the system memory and on-chip memories. With the DMA engine, it can reduce the CPU loading, maximize the performance and minimize the FIFO size. It also has on-chip memories for buffering, so that the external local-buffer memory is not needed. The MII interfaces support two specific data rates, 10 Mbps and 100 Mbps. The GMII interfaces support 1000 Mbps data rate. In order to reduce the processing load of the host CPU, the FTGMAC100 implements TCP, UDP, and IP V4 checksum generation and validation, and supports VLAN tagging. For QoS and CoS requirements, it supports high-priority queues to reduce the processing load of hosts CPU for transmitting packets. The FTGMAC100 also provides a Wake-On-LAN function. It supports three wake-up events: link status change, magic packet, and wake-up frame. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftgmac100.c | 647 hw/ftgmac100.h | 177 2 files changed, 824 insertions(+) create mode 100644 hw/ftgmac100.c create mode 100644 hw/ftgmac100.h diff --git a/hw/ftgmac100.c b/hw/ftgmac100.c new file mode 100644 index 000..48f10bb --- /dev/null +++ b/hw/ftgmac100.c @@ -0,0 +1,647 @@ +/* + * QEMU model of the FTGMAC100 Controller + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + */ + +#include sysbus.h +#include sysemu/sysemu.h +#include net/net.h + +#include faraday.h +#include ftgmac100.h + +#define TYPE_FTGMAC100ftgmac100 + +typedef struct Ftgmac100State { +SysBusDevice busdev; +MemoryRegion mmio; + +QEMUTimer *qtimer; +qemu_irq irq; +NICState *nic; +NICConf conf; + +uint32_t isr; +uint32_t ier; +uint32_t mhash[2]; +uint32_t tx_bar; +uint32_t rx_bar; +uint32_t hptx_bar; +uint32_t tx_idx; +uint32_t rx_idx; +uint32_t hptx_idx; +uint32_t maccr; +uint32_t macsr; +uint32_t phycr; +uint32_t phycr_rd; + +struct { +uint8_t buf[2048]; +uint32_t len; +} txbuff; + +uint32_t rx_pkt; +uint32_t rx_bcst; +uint32_t rx_mcst; +uint16_t rx_runt; +uint16_t rx_drop; +uint16_t rx_crc; +uint16_t rx_ftl; +uint32_t tx_pkt; + +} ftgmac100_state; + +#define FTGMAC100(obj) \ +OBJECT_CHECK(ftgmac100_state, obj, TYPE_FTGMAC100) + +static uint8_t bitrev8(uint8_t v) +{ +int i; +uint8_t r = 0; +for (i = 0; i 8; ++i) { +if (v (1 i)) { +r |= (1 (7 - i)); +} +} +return r; +} + +static int ftgmac100_mcast_hash(ftgmac100_state *s, const uint8_t *data) +{ +#define CRCPOLY_BE0x04c11db7 +int i, len; +uint32_t crc = 0x; + +if (s-maccr MACCR_GMODE) { +len = 5; +} else { +len = 6; +} + +while (len--) { +uint32_t c = *(data++); +for (i = 0; i 8; ++i) { +crc = (crc 1) ^ crc 31) ^ c) 0x01) ? CRCPOLY_BE : 0); +c = 1; +} +} +crc = ~crc; + +/* Reverse CRC32 and return MSB 6 bits only */ +return bitrev8(crc 24) 2; +} + +static void ftgmac100_read_desc(hwaddr addr, void *desc) +{ +int i; +uint32_t *p = desc; + +cpu_physical_memory_read(addr, desc, 16); + +for (i = 0; i 16; i += 4) { +*p = le32_to_cpu(*p); +} +} + +static void ftgmac100_write_desc(hwaddr addr, void *desc) +{ +int i; +uint32_t *p = desc; + +for (i = 0; i 16; i += 4) { +*p = cpu_to_le32(*p); +} + +cpu_physical_memory_write(addr, desc, 16); +} + +static void ftgmac100_update_irq(ftgmac100_state *s) +{ +if (s-isr s-ier) { +qemu_set_irq(s-irq, 1); +} else { +qemu_set_irq(s-irq, 0); +} +} + +static int ftgmac100_can_receive(NetClientState *nc) +{ +ftgmac100_state *s = FTGMAC100(DO_UPCAST(NICState, nc, nc)-opaque); +ftgmac100_rxdesc_t rxd; +hwaddr off = s-rx_bar + s-rx_idx * sizeof(rxd); + +if ((s-maccr (MACCR_RCV_EN | MACCR_RDMA_EN)) +!= (MACCR_RCV_EN | MACCR_RDMA_EN)) { +return 0; +} + +ftgmac100_read_desc(off, rxd); + +return !rxd.owner; +} + +static ssize_t ftgmac100_receive(NetClientState *nc, + const uint8_t *buf, + size_t size) +{ +const uint8_t *ptr = buf; +hwaddr off; +size_t len; +ftgmac100_rxdesc_t rxd; +
Re: [Qemu-devel] [PATCH] vnc: Clean up vncws_send_handshake_response()
Hi Markus, thanks for your input. On Wed, 2013-01-23 at 18:16 +0100, Markus Armbruster wrote: Use appropriate types, drop superfluous casts, use sizeof, don't exploit that this particular call of gnutls_fingerprint() doesn't change its last argument. your patch does work fine but if we expect gnutls_fingerprint to change the hash_size there has to be an additional check if the hash_size is bigger than SHA1_DIGEST_LEN. For example: diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c index de7e74c..e64c895 100644 --- a/ui/vnc-ws.c +++ b/ui/vnc-ws.c @@ -132,7 +132,7 @@ static void vncws_send_handshake_response(VncState *vs, const char* key) in.data = (void *)combined_key; in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN; if (gnutls_fingerprint(GNUTLS_DIG_SHA1, in, hash, hash_size) -== GNUTLS_E_SUCCESS) { +== GNUTLS_E_SUCCESS hash_size = SHA1_DIGEST_LEN) { accept = g_base64_encode(hash, hash_size); } if (accept == NULL) { -- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany T: +49 (0) 911 74053-0 F: +49 (0) 911 74053-483 http://www.suse.de/ signature.asc Description: This is a digitally signed message part
Re: [Qemu-devel] [RFC v5 0/8] QEMU: Support KVM on ARM
Il 24/01/2013 16:43, Peter Maydell ha scritto: Round 5 of the QEMU patches to support KVM for ARM on Cortex-A15 hardware. It's intended for use with the kernel tree at git://github.com/virtualopensystems/linux-kvm-arm.git kvm-arm-v17-vgic-timers Still RFC pending the kernel patches actually being accepted upstream... Apart from patch 2, Reviewed-by: Paolo Bonzini pbonz...@redhat.com Paolo
Re: [Qemu-devel] [PATCH v2 02/20] arm: add Faraday FUSBH200 EHCI controller
Hi, +static uint64_t +ehci_faraday_read(void *ptr, hwaddr addr, unsigned size) +{ +hwaddr off = 0x34 + addr; + +switch (off) { +case 0x34: /* fusbh200: EOF/Async. Sleep Timer Register */ +return 0x0041; +case 0x40: /* fusbh200: Bus Monitor Control/Status Register */ +/* High-Speed, VBUS valid, interrupt level-high active */ +return (2 9) | (1 8) | (1 3); +} + +return 0; +} + +static void +ehci_faraday_write(void *ptr, hwaddr addr, uint64_t val, unsigned size) +{ +} + +static const MemoryRegionOps ehci_mmio_faraday_ops = { +.read = ehci_faraday_read, +.write = ehci_faraday_write, +.valid.min_access_size = 4, +.valid.max_access_size = 4, +.endianness = DEVICE_LITTLE_ENDIAN, +}; This should go to hcd-ehci-sysbus.c +memory_region_init_io(s-mem_faraday, ehci_mmio_faraday_ops, s, + faraday, 0x4c); I don't think this is good design... Can't you do the Faraday part from your own instance_init / initfn / realizefn function? Yes, please. Just add your own usb_ehci_sysbus_${board}_initfn, call usb_ehci_sysbus_initfn for the common stuff, then add your hardware-specific memory region. The define - class/state movements look fine to me as continuation of our previous effort. Optionally this patch could be split into two - preparing the fields and updating all define users, and then introduce your new model. Agree, splitting would be nice: one patch making portbase + nports runtime configurable, one patch adding the new ehci controller. cheers, Gerd
[Qemu-devel] [PATCH v2 02/20] arm: add Faraday FUSBH200 EHCI controller
From: Kuo-Jung Su dant...@faraday-tech.com Faraday FUSBH200 is a one-port host controller for USB 2.0, which is fully compliant with the USB 2.0 specification and the Enhanced Host Controller Interface (EHCI) specification. This host controller supports the HS/FS/LS transactions, Isochronous/Interrupt/Control/Bulk transfers, and split/preamble transaction for the hub. Without intervening by the software, this host controller can deal with the transaction-based data structure to offload the CPU and automatically transmit and receive the data on the USB bus. The native system bus of FUSBH200 is a PVCI 32-bit bus interface. However, by using the wrappers, FUSBH200 can also support the AMBA AHB 32-bit bus or RISC 8051 bus. The transceiver interface is UTMI+ level 3, which supports the HS/FS/LS device and HS/FS hub. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- .gitignore |1 + hw/usb/hcd-ehci-sysbus.c | 23 + hw/usb/hcd-ehci.c| 51 ++ hw/usb/hcd-ehci.h| 14 +++-- 4 files changed, 75 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index 53fe9c3..0fd6a51 100644 --- a/.gitignore +++ b/.gitignore @@ -55,6 +55,7 @@ fsdev/virtfs-proxy-helper.pod .gdbinit *.a *.aux +*.bak *.cp *.dvi *.exe diff --git a/hw/usb/hcd-ehci-sysbus.c b/hw/usb/hcd-ehci-sysbus.c index b68a66a..b1147f3 100644 --- a/hw/usb/hcd-ehci-sysbus.c +++ b/hw/usb/hcd-ehci-sysbus.c @@ -40,6 +40,8 @@ static int usb_ehci_sysbus_initfn(SysBusDevice *dev) s-capsbase = sec-capsbase; s-opregbase = sec-opregbase; +s-portscbase = sec-portscbase; +s-portnr = sec-portnr; s-dma = dma_context_memory; usb_ehci_initfn(s, DEVICE(dev)); @@ -73,6 +75,8 @@ static void ehci_xlnx_class_init(ObjectClass *oc, void *data) sec-capsbase = 0x100; sec-opregbase = 0x140; +sec-portscbase = 0x44; +sec-portnr = NB_PORTS; } static const TypeInfo ehci_xlnx_type_info = { @@ -87,6 +91,8 @@ static void ehci_exynos4210_class_init(ObjectClass *oc, void *data) sec-capsbase = 0x0; sec-opregbase = 0x10; +sec-portscbase = 0x44; +sec-portnr = NB_PORTS; } static const TypeInfo ehci_exynos4210_type_info = { @@ -95,11 +101,28 @@ static const TypeInfo ehci_exynos4210_type_info = { .class_init= ehci_exynos4210_class_init, }; +static void ehci_faraday_class_init(ObjectClass *oc, void *data) +{ +SysBusEHCIClass *sec = SYS_BUS_EHCI_CLASS(oc); + +sec-capsbase = 0x00; +sec-opregbase = 0x10; +sec-portscbase = 0x20; +sec-portnr = 1; +} + +static const TypeInfo ehci_faraday_type_info = { +.name = TYPE_FARADAY_EHCI, +.parent= TYPE_SYS_BUS_EHCI, +.class_init= ehci_faraday_class_init, +}; + static void ehci_sysbus_register_types(void) { type_register_static(ehci_type_info); type_register_static(ehci_xlnx_type_info); type_register_static(ehci_exynos4210_type_info); +type_register_static(ehci_faraday_type_info); } type_init(ehci_sysbus_register_types) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 7040659..6e42086 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -10,7 +10,8 @@ * * EHCI project was started by Mark Burkley, with contributions by * Niels de Vos. David S. Ahern continued working on it. Kevin Wolf, - * Jan Kiszka and Vincent Palatin contributed bugfixes. + * Jan Kiszka and Vincent Palatin contributed bugfixes. Kuo-Jung Su + * contributed Faraday extension. * * * This library is free software; you can redistribute it and/or @@ -988,7 +989,7 @@ static uint64_t ehci_port_read(void *ptr, hwaddr addr, uint32_t val; val = s-portsc[addr 2]; -trace_usb_ehci_portsc_read(addr + PORTSC_BEGIN, addr 2, val); +trace_usb_ehci_portsc_read(addr + s-portscbase, addr 2, val); return val; } @@ -1029,7 +1030,7 @@ static void ehci_port_write(void *ptr, hwaddr addr, uint32_t old = *portsc; USBDevice *dev = s-ports[port].dev; -trace_usb_ehci_portsc_write(addr + PORTSC_BEGIN, addr 2, val); +trace_usb_ehci_portsc_write(addr + s-portscbase, addr 2, val); /* Clear rwc bits */ *portsc = ~(val PORTSC_RWC_MASK); @@ -1062,7 +1063,7 @@ static void ehci_port_write(void *ptr, hwaddr addr, *portsc = ~PORTSC_RO_MASK; *portsc |= val; -trace_usb_ehci_portsc_change(addr + PORTSC_BEGIN, addr 2, *portsc, old); +trace_usb_ehci_portsc_change(addr + s-portscbase, addr 2, *portsc, old); } static void ehci_opreg_write(void *ptr, hwaddr addr, @@ -2501,6 +2502,35 @@ const VMStateDescription vmstate_ehci = { } }; +static uint64_t +ehci_faraday_read(void *ptr, hwaddr addr, unsigned size) +{ +hwaddr off = 0x34 + addr; + +switch (off) { +case 0x34: /* fusbh200: EOF/Async. Sleep Timer Register */ +return 0x0041; +case 0x40: /* fusbh200: Bus Monitor Control/Status
[Qemu-devel] [PATCH v2 14/20] arm: add Faraday FTRTC011 RTC timer support
From: Kuo-Jung Su dant...@faraday-tech.com The FTRTC011 is a flexible, small-area, and low-power Real Time Clock (RTC). It accepts two clock sources: APB bus clock (PCLK) and 32.768 kHz clock. When the system enters the sleep mode, the PCLK clock will be gated by the system while RTC will keep on counting. This mechanism promises the lowest power consumption when the system is asleep. It provides separate second, minute, hour, and day counters. The second counter is toggled each second, the minute counter is toggled each minute, the hour counter is toggled each hour, and the day counter is toggled each day. Because the second counter consumes the most power when the system is asleep, the second toggled bits have to be separated. This counter separation mechanism reduces the total power consumption when the system is in the sleep mode. The counter separation mechanism also reduces the complexity of the software. The software does not have to calculate the minute, hour, or day information. It only needs to read the counter values and calculate the current time. The FTRTC011 provides a programmable auto-alarm function. When the second auto-alarm function is turned on, the RTC will automatically trigger an interrupt each second. The automatic minute and hour alarms can be turned on as well. This function is useful for implementing a clock. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftrtc011.c | 315 + 1 file changed, 315 insertions(+) create mode 100644 hw/ftrtc011.c diff --git a/hw/ftrtc011.c b/hw/ftrtc011.c new file mode 100644 index 000..71dd421 --- /dev/null +++ b/hw/ftrtc011.c @@ -0,0 +1,315 @@ +/* + * QEMU model of the FTRTC011 RTC Timer + * + * Copyright (C) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + */ + +#include sysbus.h +#include sysemu/sysemu.h +#include qemu/timer.h + +/* Hardware registers */ +#define REG_SEC 0x00 +#define REG_MIN 0x04 +#define REG_HOUR0x08 +#define REG_DAY 0x0C + +#define REG_ALARM_SEC 0x10 +#define REG_ALARM_MIN 0x14 +#define REG_ALARM_HOUR 0x18 + +#define REG_CR 0x20 +#define REG_WSEC0x24 +#define REG_WMIN0x28 +#define REG_WHOUR 0x2C +#define REG_WDAY0x30 +#define REG_ISR 0x34 + +#define REG_REV 0x3C +#define REG_CURRENT 0x44 + +enum ftrtc011_irqpin { +IRQ_ALARM_LEVEL = 0, +IRQ_ALARM_EDGE, +IRQ_SEC, +IRQ_MIN, +IRQ_HOUR, +IRQ_DAY, +}; + +#define TYPE_FTRTC011 ftrtc011 + +typedef struct Ftrtc011State { +SysBusDevice busdev; +MemoryRegion mmio; + +qemu_irq irq[6]; + +QEMUTimer *qtimer; + +uint8_t sec; +uint8_t min; +uint8_t hr; +uint32_t day; + +uint8_t alarm_sec; +uint8_t alarm_min; +uint8_t alarm_hr; + +uint32_t cr; +uint32_t isr; + +} ftrtc011_state; + +#define FTRTC011(obj) \ +OBJECT_CHECK(ftrtc011_state, obj, TYPE_FTRTC011) + +/* Update interrupts. */ +static void ftrtc011_update_irq(ftrtc011_state *s) +{ +uint32_t mask = ((s-cr 1) 0x1f) s-isr; + +qemu_set_irq(s-irq[IRQ_ALARM_LEVEL], (mask 0x10) ? 1 : 0); + +if (mask) { +if (mask 0x01) { +qemu_irq_pulse(s-irq[IRQ_SEC]); +} +if (mask 0x02) { +qemu_irq_pulse(s-irq[IRQ_MIN]); +} +if (mask 0x04) { +qemu_irq_pulse(s-irq[IRQ_HOUR]); +} +if (mask 0x08) { +qemu_irq_pulse(s-irq[IRQ_DAY]); +} +if (mask 0x10) { +qemu_irq_pulse(s-irq[IRQ_ALARM_EDGE]); +} +} +} + +static uint64_t ftrtc011_mem_read(void *opaque, hwaddr addr, unsigned size) +{ +ftrtc011_state *s = FTRTC011(opaque); +uint32_t rc = 0; + +switch (addr) { +case REG_SEC: +return s-sec; +case REG_MIN: +return s-min; +case REG_HOUR: +return s-hr; +case REG_DAY: +return s-day; +case REG_ALARM_SEC: +return s-alarm_sec; +case REG_ALARM_MIN: +return s-alarm_min; +case REG_ALARM_HOUR: +return s-alarm_hr; +case REG_CR: +return s-cr; +case REG_ISR: +return s-isr; +case REG_REV: +return 0x0001; +case REG_CURRENT: +return (s-day 17) | (s-hr 12) | (s-min 6) | (s-sec); +default: +break; +} + +return rc; +} + +static void ftrtc011_mem_write(void*opaque, + hwaddr addr, + uint64_t val, + unsigned size) +{ +ftrtc011_state *s = FTRTC011(opaque); + +switch (addr) { +case REG_ALARM_SEC: +s-alarm_sec = (uint32_t)val; +break; +case REG_ALARM_MIN: +s-alarm_min = (uint32_t)val; +break; +case REG_ALARM_HOUR: +s-alarm_hr = (uint32_t)val; +break; +case REG_WSEC: +
[Qemu-devel] [PATCH v2 17/20] arm: add Faraday FTPWMTMR010 timer support
From: Kuo-Jung Su dant...@faraday-tech.com The FTPWMTMR010 is an APB device which provides up to 8 independent timers. Each timer can use either the internal system clock (The PCLK of APB) or external clock. These timers can be used to generate internal interrupts to the CPU. They can also be used to trigger DMA transfers. In addition, each timer supports PWM (Pulse Width Modulation) function, which can generate PWM signals for motor control or power level control. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftpwmtmr010.c | 244 ++ 1 file changed, 244 insertions(+) create mode 100644 hw/ftpwmtmr010.c diff --git a/hw/ftpwmtmr010.c b/hw/ftpwmtmr010.c new file mode 100644 index 000..0857523 --- /dev/null +++ b/hw/ftpwmtmr010.c @@ -0,0 +1,244 @@ +/* + * Faraday FTPWMTMR010 Timer. + * + * Copyright (c) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This code is licensed under GPL v2. + */ + +#include hw.h +#include qdev.h +#include qemu/timer.h +#include sysemu/sysemu.h +#include sysbus.h + +#define TYPE_FTPWMTMR010ftpwmtmr010 +#define TYPE_FTPWMTMR010_TIMER ftpwmtmr010_timer + +typedef struct Ftpwmtmr010State ftpwmtmr010_state; + +typedef struct Ftpwmtmr010Timer { +uint32_t ctrl; +uint32_t cntb; +int id; +uint64_t timeout; +uint64_t countdown; +qemu_irq irq; +QEMUTimer *qtimer; +ftpwmtmr010_state *chip; +} ftpwmtmr010_timer; + +struct Ftpwmtmr010State { +SysBusDevice busdev; + +MemoryRegion iomem; +ftpwmtmr010_timer timer[8]; +uint32_t freq;/* desired source clock */ +uint32_t step;/* get_ticks_per_sec() / freq */ +uint32_t stat; +}; + +#define FTPWMTMR010(obj) \ +OBJECT_CHECK(ftpwmtmr010_state, obj, TYPE_FTPWMTMR010) + +static uint64_t ftpwmtmr010_mem_read(void *opaque, hwaddr addr, unsigned size) +{ +ftpwmtmr010_state *s = FTPWMTMR010(opaque); +ftpwmtmr010_timer *t; +uint64_t now = qemu_get_clock_ns(vm_clock); +uint64_t ret = 0; + +if (addr == 0x00) { +ret = s-stat; +} else if (addr = 0x10 addr 0x90) { +t = s-timer + (addr 4) - 1; +switch (addr 0x0f) { +case 0x00: +return t-ctrl; +case 0x04: +return t-cntb; +case 0x0c: +if ((t-ctrl 0x02) (t-timeout now)) { +ret = (t-timeout - now) / s-step; +} +break; +} +} + +return ret; +} + +static void ftpwmtmr010_mem_write(void*opaque, + hwaddr addr, + uint64_t val, + unsigned size) +{ +ftpwmtmr010_state *s = FTPWMTMR010(opaque); +ftpwmtmr010_timer *t; + +if (addr == 0x00) { +int i; +s-stat = ~((uint32_t)val 0x); +for (i = 0; i 8; ++i) { +if (val (1 i)) { +qemu_irq_lower(s-timer[i].irq); +} +} +} else if (addr = 0x10 addr 0x90) { +t = s-timer + (addr 4) - 1; +switch (addr 0x0f) { +case 0x00: +t-ctrl = (uint32_t)val; +if (t-ctrl (1 2)) { +t-countdown = (uint64_t)t-cntb * (uint64_t)s-step; +} +if (t-ctrl (1 1)) { +t-timeout = t-countdown + qemu_get_clock_ns(vm_clock); +qemu_mod_timer(t-qtimer, t-timeout); +} +break; +case 0x04: +t-cntb = (uint32_t)val; +break; +} +} +} + +static const MemoryRegionOps ftpwmtmr010_ops = { +.read = ftpwmtmr010_mem_read, +.write = ftpwmtmr010_mem_write, +.endianness = DEVICE_LITTLE_ENDIAN, +}; + +static void ftpwmtmr010_timer_tick(void *opaque) +{ +ftpwmtmr010_timer *t = opaque; +ftpwmtmr010_state *s = t-chip; + +/* if the timer has been enabled/started */ +if (!(t-ctrl (1 1))) { +return; +} + +/* if the interrupt enabled */ +if (t-ctrl (1 5)) { +s-stat |= 1 t-id; +if (t-ctrl (1 6)) { +qemu_irq_pulse(t-irq); +} else { +qemu_irq_raise(t-irq); +} +} + +/* if auto-reload is enabled */ +if (t-ctrl (1 4)) { +t-timeout = t-countdown + qemu_get_clock_ns(vm_clock); +qemu_mod_timer(t-qtimer, t-timeout); +} else { +t-ctrl = ~(1 1); +} +} + +static void ftpwmtmr010_reset(DeviceState *ds) +{ +SysBusDevice *busdev = SYS_BUS_DEVICE(ds); +ftpwmtmr010_state *s = FTPWMTMR010(FROM_SYSBUS(ftpwmtmr010_state, busdev)); +int i; + +s-stat = 0; + +for (i = 0; i 8; ++i) { +s-timer[i].ctrl = 0; +s-timer[i].cntb = 0; +s-timer[i].timeout = 0; +qemu_irq_lower(s-timer[i].irq); +qemu_del_timer(s-timer[i].qtimer); +} +} + +static int ftpwmtmr010_init(SysBusDevice *busdev) +{ +ftpwmtmr010_state
Re: [Qemu-devel] [PATCH] build: remove *.lo, *.a, *.la files from all subdirectories on make clean
Il 15/01/2013 09:49, Paolo Bonzini ha scritto: .lo files in stubs/, util/ and libcacard/ were not cleaned. Fix this. Cc: Blue Swirl blauwir...@gmail.com Reported-by: Stefan Hajnoczi stefa...@redhat.com Signed-off-by: Paolo Bonzini pbonz...@redhat.com --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index cfa2fa6..6cee692 100644 --- a/Makefile +++ b/Makefile @@ -214,9 +214,9 @@ clean: # avoid old build problems by removing potentially incorrect old files rm -f config.mak op-i386.h opc-i386.h gen-op-i386.h op-arm.h opc-arm.h gen-op-arm.h rm -f qemu-options.def - find . -name '*.[od]' -type f -exec rm -f {} + - rm -f *.a *.lo $(TOOLS) $(HELPERS-y) qemu-ga TAGS cscope.* *.pod *~ */*~ - rm -f *.la + find . -name '*.[oda]' -type f -exec rm -f {} + + find . -name '*.l[oa]' -type f -exec rm -f {} + + rm -f $(TOOLS) $(HELPERS-y) qemu-ga TAGS cscope.* *.pod *~ */*~ rm -Rf .libs rm -f qemu-img-cmds.h @# May not be present in GENERATED_HEADERS Ping. Paolo
Re: [Qemu-devel] [PATCH] Makefile: remove *.lo files when make clean
Il 25/01/2013 06:25, liguang ha scritto: remove *.lo files, they will bring errors during build after a make clean, e.g. make clean make lt LINK libcacard.la gcc: stubs/.libs/arch-query-cpu-def.o: No such file or directory gcc: stubs/.libs/clock-warp.o: No such file or directory gcc: stubs/.libs/cpu-get-clock.o: No such file or directory Signed-off-by: liguang lig.f...@cn.fujitsu.com --- Makefile |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/Makefile b/Makefile index 73adf42..5d64b58 100644 --- a/Makefile +++ b/Makefile @@ -215,7 +215,8 @@ clean: rm -f config.mak op-i386.h opc-i386.h gen-op-i386.h op-arm.h opc-arm.h gen-op-arm.h rm -f qemu-options.def find . -name '*.[od]' -type f -exec rm -f {} + - rm -f *.a *.lo $(TOOLS) $(HELPERS-y) qemu-ga TAGS cscope.* *.pod *~ */*~ + find . -name '*.lo' -type f -exec rm -f {} + + rm -f *.a $(TOOLS) $(HELPERS-y) qemu-ga TAGS cscope.* *.pod *~ */*~ rm -f *.la rm -Rf .libs rm -f qemu-img-cmds.h See the similar patch at http://permalink.gmane.org/gmane.comp.emulators.qemu/188686 Paolo
Re: [Qemu-devel] [PATCH for 1.4 0/4] Simplify Makefile.objs some more
Il 19/01/2013 11:06, Paolo Bonzini ha scritto: This small series makes some more simplifications to Makefile.objs, removing two more variables: universal-obj-y and extra-obj-y, all unified into common-obj-y. It also removes what remains of user-obj-y, unifying that into common-obj-y as well. To achieve this, the CONFIG_SOFTMMU and CONFIG_USER_ONLY symbols are defined in the toplevel Makefile like we do with devices and disassemblers. Another symbol, CONFIG_ALL, is defined only in the toplevel Makefile and takes the place of extra-obj-y. With this change the structure of Makefile.objs is finally reduced to only six recursive variables (stub-obj-y, util-obj-y, qga-obj-y, block-obj-y, common-obj-y, obj-y). More important, the simpler structure should help people modifying the build system, avoiding future proliferation of variables as well. The patches are mostly mechanical substitutions, and there is no user-visible change---neither in total build time, nor in the files that are linked into the executables. Please apply, thanks! Paolo Paolo Bonzini (4): build: move around libcacard-y definition build: use -$(CONFIG_SECCOMP) instead of ifeq build: remove universal-obj-y build: remove extra-obj-y Makefile |9 - Makefile.objs| 43 ++- Makefile.target |3 +-- disas/Makefile.objs | 30 +++--- fsdev/Makefile.objs |8 hw/Makefile.objs | 10 +- hw/pci/Makefile.objs |2 +- qom/Makefile.objs|4 ++-- 8 files changed, 50 insertions(+), 59 deletions(-) Ping. As far as I understood, Andreas did not have any objections on the contents of this patch, which doesn't make things any better or worse from his point of view. Paolo
[Qemu-devel] [PATCH v2 11/20] arm: add Faraday FTTSC010 touchscreen controller support
From: Kuo-Jung Su dant...@faraday-tech.com The FTTSC010 provides controlling signals to handle ADC conversion and panel driver. The control signal is base on Faraday 12-bit ADC IP of FXADC140HC0H_TPANEL, which is a 12-bit SAR ADC with 8-to-1 multiplexer, IPGA and panel driver. The ADC provides 8-channel analog input via a multiplexer. There are 4 channels, including the panel drivers, are used to measure the x-y position. One of the channels embeds an IPGA, inputs the programmable gain amplifier to record voice. The other three channels are auxiliary analog inputs, and can be used to measure the system environment parameter, for example battery, chip temperature and so on. The FTTSC010 provides two operation modes to sample the analog input voltage. The manual operation mode needs to program and control the panel drivers by software step-by-step for the x-y position measurement. The auto-scan mode provides a periodic sampling method to convert the analog input. It also enables the function of auto-position measurement to automatically control the panel drivers of ADC for the x-y position measurement. It will auto-store these ADC conversion values that are X+, X-, Y+, Y- references and the x-y position values from the four channels of ADC. Users can easily read these values from six registers. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/fttsc010.c | 260 + hw/fttsc010.h | 23 + 2 files changed, 283 insertions(+) create mode 100644 hw/fttsc010.c create mode 100644 hw/fttsc010.h diff --git a/hw/fttsc010.c b/hw/fttsc010.c new file mode 100644 index 000..40e2c38 --- /dev/null +++ b/hw/fttsc010.c @@ -0,0 +1,260 @@ +/* + * Faraday FTTSC010 emulator. + * + * Copyright (c) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This code is licensed under GNU GPL v2. + */ + +#include hw.h +#include qemu/timer.h +#include sysemu/sysemu.h +#include sysbus.h +#include ui/console.h +#include devices.h + +#include fttsc010.h + +#define X_AXIS_DMAX 3470 +#define X_AXIS_MIN 290 +#define Y_AXIS_DMAX 3450 +#define Y_AXIS_MIN 200 + +#define ADS_XPOS(x, y) \ +(X_AXIS_MIN + ((X_AXIS_DMAX * (x)) 15)) +#define ADS_YPOS(x, y) \ +(Y_AXIS_MIN + ((Y_AXIS_DMAX * (y)) 15)) +#define ADS_Z1POS(x, y) \ +(8) +#define ADS_Z2POS(x, y) \ +((1600 + ADS_XPOS(x, y)) * ADS_Z1POS(x, y) / ADS_XPOS(x, y)) + +#define TYPE_FTTSC010 fttsc010 + +typedef struct Fttsc010State { +SysBusDevice busdev; +MemoryRegion iomem; +qemu_irq irq; + +uint64_t interval; +QEMUTimer *qtimer; + +int x, y; +int z1, z2; + +/* HW registers */ +uint32_t cr; +uint32_t isr; +uint32_t imr; +uint32_t csr; +uint32_t pfr; +uint32_t dcr; +} fttsc010_state; + +#define FTTSC010(obj) \ +OBJECT_CHECK(fttsc010_state, obj, TYPE_FTTSC010) + +static void fttsc010_update_irq(fttsc010_state *s) +{ +if (s-imr s-isr) { +qemu_irq_raise(s-irq); +} else { +qemu_irq_lower(s-irq); +} +} + +static uint64_t fttsc010_mem_read(void *opaque, hwaddr addr, unsigned size) +{ +fttsc010_state *s = FTTSC010(opaque); + +switch (addr) { +case REG_CR: +return s-cr; +case REG_ISR: +return s-isr; +case REG_IMR: +return s-imr; +case REG_VER: +return 0x0001; +case REG_CSR: +return s-csr; +case REG_PFR: +return s-pfr; +case REG_DCR: +return s-dcr; +case REG_XYR: +return (s-x 0x0fff) | ((s-y 0x0fff) 16); +case REG_ZR: +return (s-z1 0x0fff) | ((s-z2 0x0fff) 16); +default: +break; +} + +return 0; +} + +static void fttsc010_mem_write(void*opaque, + hwaddr addr, + uint64_t val, + unsigned size) +{ +fttsc010_state *s = FTTSC010(opaque); + +switch (addr) { +case REG_CR: +s-cr = (uint32_t)val; +if (s-cr (3 30)) { +qemu_mod_timer(s-qtimer, +s-interval + qemu_get_clock_ns(vm_clock)); +} else { +qemu_del_timer(s-qtimer); +} +break; +case REG_ISR: +s-isr = ~((uint32_t)val); +fttsc010_update_irq(s); +break; +case REG_IMR: +s-imr = (uint32_t)val; +fttsc010_update_irq(s); +break; +case REG_CSR: +s-csr = (uint32_t)val; +break; +case REG_PFR: +s-pfr = (uint32_t)val; +break; +case REG_DCR: +s-dcr = (uint32_t)val; +break; +default: +break; +} +} + +static const MemoryRegionOps fttsc010_ops = { +.read = fttsc010_mem_read, +.write = fttsc010_mem_write, +.endianness = DEVICE_LITTLE_ENDIAN, +}; + +static void fttsc010_timer_tick(void *opaque) +{ +fttsc010_state *s = FTTSC010(opaque); + +/* if auto-scan enabled */ +if
Re: [Qemu-devel] [RFC] qemu snapshot enchancement
于 2013-1-24 17:47, Stefan Hajnoczi 写道: Case 3: * What does blank data mean? Besides that the use case makes sense. Will remove the words. * When discussing this use case in the past it was suggested that the guest doesn't need to be paused during the LVM snapshot. Instead the QEMU block layer might be able to queue I/O requests, allowing the guest to run. That is a good idea, but seems need more work(event, block layer...), hope it can be added as an enchancement of this case. Now let the dedicated storage software/hardware take the job by pausing for a while (200ms?) Yes, allowing the guest to continue but queuing I/O will require extra block layer work and maybe a QMP command. There is a also a risk: if the snapshot takes too long to complete, the guest may notice that its I/O request are taking a long time. It may decide that they have timed out and report an error to the application or in the message logs. In the beginning it's easier to pause the VM but let's keep queuing I/O in mind so it can be added later, if necessary. Yep, the code should leave a room for queuing. I have updated the wiki, which added the step details of the cases . Cases 3 are fixed, which have best performance in qemu management type. But I am not sure if it is workable in theory to export base data of an qcow2 image having internal snapshot, what do you think of it? -- Best Regards Wenchao Xia
Re: [Qemu-devel] [BUG, RFC] block/vmdk.c: File name with space fails to open
On Thu, Jan 24, 2013 at 05:29:27PM +0100, Philipp Hahn wrote: Hello, I tried to open a twoGbMaxExtentSparse VMDK file, which uses spaces in its own and for the referenced file names. This breaks in line 646 of block/vmdk.c because %511s stops at the first space and thus fname is incomplete: ret = sscanf(p, %10s % SCNd64 %10s %511s % SCNd64, access, sectors, type, fname, flat_offset); I've only checked with our very old VMware workstation version, which refuses to create new images with unsupported characters with the following message: The characters !#%^*:;'/? cannot be used. So it looks like spaces are valid, at least we have several VMs with spaces in their name. If the quotes around the file name are required, the simpliest solution would be to change %511s to %511[^]: diff --git a/block/vmdk.c b/block/vmdk.c index 19298c2..045f6a1 100644 --- a/block/vmdk.c +++ b/block/vmdk.c @@ -641,7 +641,7 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs, * RW [size in sectors] SPARSE file-name.vmdk */ flat_offset = -1; -ret = sscanf(p, %10s % SCNd64 %10s %511s % SCNd64, +ret = sscanf(p, %10s % SCNd64 %10s \%511[^\]\ % SCNd64, access, sectors, type, fname, flat_offset); if (ret 4 || strcmp(access, RW)) { goto next_line; I don't know how portable %[ together with a maximum width is, because the manual page for sscanf() doesn't mention max width for %[, but it works with Debian/GNU Linux Squeeze. sscanf(3) is from the C standard. I checked that C99 specifies the length modifier for %[ in 7.19.6.2 The fscanf function paragraph 12. I also did a quick sample of vmdk parsers on the net. It seems filenames are always double-quoted. The file format specification also shows it this way but never explicitly states if they are optional or not. Your fix looks good. Please also drop the '' trimming code below and resend with Signed-off-by:. Thanks, Stefan
Re: [Qemu-devel] [PATCH v2 00/12] qdev: correct reference counting
Il 21/01/2013 13:30, Paolo Bonzini ha scritto: This series makes the ref_count field of device and bus objects actually match the number of references that the objects have. Once this is done, the question how do I delete an object? has a simple answer: use object_unparent if the object is reachable from the QOM tree, else use object_unref. qdev_free and qbus_free become equivalent to simply object_unparent. object_delete instead is replaced by object_unref. Patches 1-3 fix some warts in the last minute patches that went in 1.3. Patches 4-9 are the bulk of the series. Patches 11-12 touches the CPU classes instead. There is a new patch (#4) that documents how link properties are reference counted, and the transfer of ownership when the property is created/deleted. I renamed qbus_remove_children to bus_unparent, and rebased for the conversion of -state to -realized. PPC was also using object_delete for its CPU, too. Otherwise, there are no changes. Paolo Paolo Bonzini (12): qdev: export and use qbus_init qdev: use object_new, not g_malloc to create buses qom: preserve object while unparenting it qom: document reference counting of link properties qdev: add reference count to a device for the BusChild qdev: move deletion of children from finalize to unparent qdev: move unrealization of devices from finalize to unparent qdev: add reference for the bus while it is referred to by the DeviceState qdev: inline object_delete into qbus_free/qdev_free qdev: drop extra references at creation time cpu: do not use object_delete qom: remove object_delete hw/pci/pci.c| 11 +++-- hw/pci/pci.h| 5 --- hw/qdev-core.h | 1 + hw/qdev-monitor.c | 5 ++- hw/qdev.c | 105 +--- hw/sysbus.c | 6 +-- include/qom/object.h| 22 +++--- linux-user/syscall.c| 2 +- qom/object.c| 9 +--- target-i386/helper.c| 4 +- target-ppc/translate_init.c | 2 +- target-sparc/cpu.c | 2 +- vl.c| 1 + 13 files changed, 88 insertions(+), 87 deletions(-) Ping. Paolo
[Qemu-devel] [PATCH v2 00/20] Add Faraday A36x SoC platform support
From: Kuo-Jung Su dant...@faraday-tech.com These patches introduce Faraday A36x SoC platform support. Faraday provides ARMv4/ARMv5TE compatible solutions, and focus on ASIC design service. Here are some public documents for you reference. http://www.faraday-tech.com/html/documentation/index.html The pre-built images are also available at my Google Drive: https://docs.google.com/folder/d/0BwfiewvSmUgAX2pTTmtUMGFCZW8/edit Here is the image file list: 1. android-4.0.4/zImage: A369 linux-3.0.31 2. android-4.0.4/romfs-4.0.4.tar.bz2: android-4.0.4 3. nand.img.bz2: A369 nand flash image 4. rom.img.bz2: A369 embedded ROM image 5. u-boot: A369 u-boot-2012.10 ELF file 6. zImage: A369 linux-3.4.12 + initramfs 7. README Changes for v2: 1. coding style fixes (verified with checkpatch.pl) 2. add Faraday A360 support 3. add Faraday USB 2.0 EHCI support 4. merge a369_scu.c into a369.c 5. introduce QOM coding style 6. remove lowercase Macros: min(), max() 7. name all struct as CamelCase style 8. move function prototypes from .c to faraday.h 9. use switch instead of if statement in a369_ahbc_write 10. remove debug prints 11. update all uarts in A36x to DEVICE_LITTLE_ENDIAN. 12. move the variable definitions to the start of the function, instead of inside a do { } while(0) 13. remove disabled and commented out code. 14. use hw_error() and exit() upon pflash register failed. 15. add const prior to TypeInfo (i.e. static *const* TypeInfo ftrtc011_info) 16. add le32_to_cpu/cpu_to_le32 to the descriptor processing in FTGMAC100/FTMAC110. 17. update the GPL license to GPL v2 (except for FTLCDC200, it's based on pl110.c which is LGPL.) 18. add const to src_* in the DMA controllers (FTAPBBRG020/FTDMAC020) Note: 1. Thanks to the comments from KONRAD, Andreas, Paul and Blue. But if there is still something missed, please kindly remind me to fix. Thanks! 2. There are still two coding style errors reported by checkpatch.pl, but I think they might be false alarms, here is the error log: ERROR: need consistent spacing around '*' (ctx:WxV) #74: FILE: hw/a360.c:32: +i2c_bus *i2c[2];^ ERROR: open brace '{' following function declarations go on the next line #4680: FILE: hw/ftlcdc200_template.h:59: +static drawfn glue(ftlcdc200_draw_fn_, BITS)[48] = { Kuo-Jung Su (20): arm: add Faraday a36x SoC platform support arm: add Faraday FUSBH200 EHCI controller support arm: add Faraday FTAPBBRG020 APB DMA support arm: add Faraday FTDMAC020 AHB DMA support arm: add Faraday FTGMAC100 1Gbps ethernet support arm: add Faraday FTMAC110 10/100Mbps ethernet support arm: add Faraday FTI2C010 I2C controller support arm: add Faraday FTLCDC200 LCD controller support arm: add Faraday FTNANDC021 nand flash controller support arm: add Faraday FTSDC010 MMC/SD controller support arm: add Faraday FTTSC010 touchscreen controller support arm: add Faraday FTSSP010 multi-function controller support arm: add Faraday FTSPI020 spi flash controller support arm: add Faraday FTRTC011 RTC timer support arm: add Faraday FTWDT010 watchdog timer support arm: add Faraday FTTMR010 timer support arm: add Faraday FTPWMTMR010 timer support arm: add Faraday FTINTC020 interrupt controller support arm: add Faraday FTKBC010 support for A369 arm: add generic ROM model for Faraday SoC platforms .gitignore |1 + hw/a360.c| 271 +++ hw/a369.c| 581 hw/arm/Makefile.objs |6 + hw/faraday.h | 21 ++ hw/ftapbbrg020.c | 502 ++ hw/ftapbbrg020.h | 41 +++ hw/ftdmac020.c | 667 ++ hw/ftdmac020.h | 105 hw/ftgmac100.c | 647 hw/ftgmac100.h | 177 hw/fti2c010.c| 205 ++ hw/fti2c010.h| 62 + hw/ftintc020.c | 354 hw/ftkbc010.c| 226 hw/ftlcdc200.c | 505 +++ hw/ftlcdc200.h | 110 hw/ftlcdc200_template.h | 439 ++ hw/ftmac110.c| 591 hw/ftmac110.h| 131 + hw/ftnandc021.c | 514 +++ hw/ftnandc021.h | 55 hw/ftpwmtmr010.c | 244 + hw/ftrtc011.c| 315 ++ hw/ftsdc010.c| 363 + hw/ftsdc010.h| 88 ++ hw/ftspi020.c| 345 hw/ftspi020.h| 50 hw/ftssp010.c| 552
Re: [Qemu-devel] [PATCH v2 00/12] qdev: correct reference counting
Am 25.01.2013 10:10, schrieb Paolo Bonzini: Il 21/01/2013 13:30, Paolo Bonzini ha scritto: This series makes the ref_count field of device and bus objects actually match the number of references that the objects have. Once this is done, the question how do I delete an object? has a simple answer: use object_unparent if the object is reachable from the QOM tree, else use object_unref. qdev_free and qbus_free become equivalent to simply object_unparent. object_delete instead is replaced by object_unref. Patches 1-3 fix some warts in the last minute patches that went in 1.3. Patches 4-9 are the bulk of the series. Patches 11-12 touches the CPU classes instead. There is a new patch (#4) that documents how link properties are reference counted, and the transfer of ownership when the property is created/deleted. I renamed qbus_remove_children to bus_unparent, and rebased for the conversion of -state to -realized. PPC was also using object_delete for its CPU, too. Otherwise, there are no changes. Paolo Paolo Bonzini (12): qdev: export and use qbus_init qdev: use object_new, not g_malloc to create buses qom: preserve object while unparenting it qom: document reference counting of link properties qdev: add reference count to a device for the BusChild qdev: move deletion of children from finalize to unparent qdev: move unrealization of devices from finalize to unparent qdev: add reference for the bus while it is referred to by the DeviceState qdev: inline object_delete into qbus_free/qdev_free qdev: drop extra references at creation time cpu: do not use object_delete qom: remove object_delete hw/pci/pci.c| 11 +++-- hw/pci/pci.h| 5 --- hw/qdev-core.h | 1 + hw/qdev-monitor.c | 5 ++- hw/qdev.c | 105 +--- hw/sysbus.c | 6 +-- include/qom/object.h| 22 +++--- linux-user/syscall.c| 2 +- qom/object.c| 9 +--- target-i386/helper.c| 4 +- target-ppc/translate_init.c | 2 +- target-sparc/cpu.c | 2 +- vl.c| 1 + 13 files changed, 88 insertions(+), 87 deletions(-) Ping. I believe I was still waiting for an explanation why this qbus_init() function must be exposed rather than one _new() and one _initialize() function... Not getting feedback on that, I was already considering sending you an alternative patch for the initial two. Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [PATCH v2 01/20] arm: add Faraday a36x SoC platform support
Am 25.01.2013 09:19, schrieb Kuo-Jung Su: From: Kuo-Jung Su dant...@faraday-tech.com The Faraday A360/A369 EVB is a Faraday platform main board used for the Faraday IP functional verification based on the well-known ARM AMBA 2.0 architecture. This main board provides a fully verified microprocessor platform, ATA-II, OTG 2.0 and USB 2.0 host connectivity. Faraday A360 EVB provides the on-board DDR2-SODIMM (256 MB), NAND Flash (128 MB), USB2.0 interface, two PCI Express interfaces, two I2C interfaces, two SSP ports, Secure Digital interface, and a 12-bit A/D converter in addition to many other features. Faraday A369 EVB provides the on-board DDR2-SODIMM (512 MB), NAND Flash (256 MB), SPI Flash ROM (16 MB), I2C EPROM, Giga-bit Ethernet, IDE, SATA host, OTG 2.0 and USB 2.0 host connectors, video output interface, TV encoder for video output, LCD controller interface, SD/MMC card reader interface, I2S codec, UART(X2), Multi-ICE, 80 ports, and an AHB extension bus. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/a360.c| 271 +++ hw/a369.c| 581 ++ hw/arm/Makefile.objs |6 + hw/faraday.h | 21 ++ 4 files changed, 879 insertions(+) create mode 100644 hw/a360.c create mode 100644 hw/a369.c create mode 100644 hw/faraday.h diff --git a/hw/a360.c b/hw/a360.c new file mode 100644 index 000..cb0a588 --- /dev/null +++ b/hw/a360.c @@ -0,0 +1,271 @@ +/* + * Faraday A360 Evalution Board + * + * Copyright (c) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This code is licensed under GNU GPL v2. Can you please license this and any other files as v2 or (at your option) any later version? Cf. http://wiki.qemu.org/Relicensing Also, there is work underway to move target-specific files to the subdirectories of hw/, i.e. suggest the new ARM machine should go to hw/arm/faraday_a360.c as hw/ is terribly crowded today and a360 is pretty generic. For devices it depends on whether they are tightly coupled to the ARM SoC or reusable in any target (x86 etc.). Regards, Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [PATCH] vnc: Clean up vncws_send_handshake_response()
Tim Hardeck thard...@suse.de writes: Hi Markus, thanks for your input. On Wed, 2013-01-23 at 18:16 +0100, Markus Armbruster wrote: Use appropriate types, drop superfluous casts, use sizeof, don't exploit that this particular call of gnutls_fingerprint() doesn't change its last argument. your patch does work fine but if we expect gnutls_fingerprint to change the hash_size there has to be an additional check if the hash_size is bigger than SHA1_DIGEST_LEN. For example: diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c index de7e74c..e64c895 100644 --- a/ui/vnc-ws.c +++ b/ui/vnc-ws.c @@ -132,7 +132,7 @@ static void vncws_send_handshake_response(VncState *vs, const char* key) in.data = (void *)combined_key; in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN; if (gnutls_fingerprint(GNUTLS_DIG_SHA1, in, hash, hash_size) -== GNUTLS_E_SUCCESS) { +== GNUTLS_E_SUCCESS hash_size = SHA1_DIGEST_LEN) { accept = g_base64_encode(hash, hash_size); } if (accept == NULL) { Makes sense. I'll respin. Thanks!
Re: [Qemu-devel] [PATCH for 1.4 0/4] Simplify Makefile.objs some more
Am 25.01.2013 10:11, schrieb Paolo Bonzini: Il 19/01/2013 11:06, Paolo Bonzini ha scritto: This small series makes some more simplifications to Makefile.objs, removing two more variables: universal-obj-y and extra-obj-y, all unified into common-obj-y. It also removes what remains of user-obj-y, unifying that into common-obj-y as well. To achieve this, the CONFIG_SOFTMMU and CONFIG_USER_ONLY symbols are defined in the toplevel Makefile like we do with devices and disassemblers. Another symbol, CONFIG_ALL, is defined only in the toplevel Makefile and takes the place of extra-obj-y. With this change the structure of Makefile.objs is finally reduced to only six recursive variables (stub-obj-y, util-obj-y, qga-obj-y, block-obj-y, common-obj-y, obj-y). More important, the simpler structure should help people modifying the build system, avoiding future proliferation of variables as well. The patches are mostly mechanical substitutions, and there is no user-visible change---neither in total build time, nor in the files that are linked into the executables. Please apply, thanks! Paolo Paolo Bonzini (4): build: move around libcacard-y definition build: use -$(CONFIG_SECCOMP) instead of ifeq build: remove universal-obj-y build: remove extra-obj-y Makefile |9 - Makefile.objs| 43 ++- Makefile.target |3 +-- disas/Makefile.objs | 30 +++--- fsdev/Makefile.objs |8 hw/Makefile.objs | 10 +- hw/pci/Makefile.objs |2 +- qom/Makefile.objs|4 ++-- 8 files changed, 50 insertions(+), 59 deletions(-) Ping. As far as I understood, Andreas did not have any objections on the contents of this patch, which doesn't make things any better or worse from his point of view. I didn't receive a patch to fix cpu.c yet so I'll do that on my own. Paolo, please check for any other uses of CONFIG_USER_ONLY in the files you are moving and make sure that the respective maintainers are aware of and understand the impact of your changes. Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [PATCH] Makefile: remove *.lo files when make clean
在 2013-01-25五的 10:10 +0100,Paolo Bonzini写道: Il 25/01/2013 06:25, liguang ha scritto: remove *.lo files, they will bring errors during build after a make clean, e.g. make clean make lt LINK libcacard.la gcc: stubs/.libs/arch-query-cpu-def.o: No such file or directory gcc: stubs/.libs/clock-warp.o: No such file or directory gcc: stubs/.libs/cpu-get-clock.o: No such file or directory Signed-off-by: liguang lig.f...@cn.fujitsu.com --- Makefile |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/Makefile b/Makefile index 73adf42..5d64b58 100644 --- a/Makefile +++ b/Makefile @@ -215,7 +215,8 @@ clean: rm -f config.mak op-i386.h opc-i386.h gen-op-i386.h op-arm.h opc-arm.h gen-op-arm.h rm -f qemu-options.def find . -name '*.[od]' -type f -exec rm -f {} + - rm -f *.a *.lo $(TOOLS) $(HELPERS-y) qemu-ga TAGS cscope.* *.pod *~ */*~ + find . -name '*.lo' -type f -exec rm -f {} + + rm -f *.a $(TOOLS) $(HELPERS-y) qemu-ga TAGS cscope.* *.pod *~ */*~ rm -f *.la rm -Rf .libs rm -f qemu-img-cmds.h See the similar patch at http://permalink.gmane.org/gmane.comp.emulators.qemu/188686 Paolo Oh, sorry, didn't notice it. but, seems rm libcacard.la is overshoot, it doesn't hurt, am I right? -- regards! li guang
Re: [Qemu-devel] [RFC] qemu snapshot enchancement
于 2013-1-25 16:19, Dietmar Maurer 写道: Thanks for declaration, one more question: 3) will have a big image file, will you back up it or just leave it there, not backup for internal snapshot? Sorry, I do not understand that question. Why will I have a 'a big image file', and what do you mean by 'backup' exactly? To make data safe, I guess usually there would be two copy of image data, one is the VM used, one is on another data restore server. There are choices about how to store the data: One is do a full clone of image disk, at each time user want to protect his data. One is only do a full lone of image disk at first time, later at each time, only copy out the delta data, which is obvious better. Again, I would not mix VM backup and VM snapshots. This is something different, and it is very confusing to mix them. But yes, in general there is 'full backup', and 'incremental backup' (delta). But IMHO 'incremental backup' is not obviously better. I currently also thing about storing backups to some dedup database - then you can have full backups with space requirements of incremental backups. 'incremental backup' is the right word, sorry I haven't thought out this word to describe my idea. I think it is better to avoid duplicating the data at beginning. internal snapshot increase the image file size, for eg, after internal snapshot 10G image will become 10.1G, and it seems no way to get the 100M delta data and store it in data restore server, so you will have do a clone of 10.1G data again. So I asked whether you have done a snapshot data copy to restore server in the following. Our current backup tool always stores the current data, so any snapshot data is not contained in the backups. OK, I got it, internal snapshots are ignored. Note: The proposed backup patches (already sent to the list) make backups without creating internal/external snapshot. Consistency is guaranteed by using COW. I guess this can be implemented, or may already exist in 3rd party components, such as LVM2. We may first enable qemu snapshot I/O drain case and then let dedicated storage tools take the job. -- Best Regards Wenchao Xia
[Qemu-devel] [PATCH v2 13/20] arm: add Faraday FTSPI020 spi flash controller support
From: Kuo-Jung Su dant...@faraday-tech.com The FTSPI020 is primariy designed for high-speed spi flash support. It supports double data rate and fast-read dual/quad for spi flash. It use one AHB slave port and one SPI interface controller to execute the SPI Flash command. Moreover, it also provides the PIO mode or DMA mode to access the data from the AHB data port. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- hw/ftspi020.c | 345 + hw/ftspi020.h | 50 + 2 files changed, 395 insertions(+) create mode 100644 hw/ftspi020.c create mode 100644 hw/ftspi020.h diff --git a/hw/ftspi020.c b/hw/ftspi020.c new file mode 100644 index 000..f7633e0 --- /dev/null +++ b/hw/ftspi020.c @@ -0,0 +1,345 @@ +/* + * Faraday FTSPI020 Flash Controller + * + * Copyright (c) 2012 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This code is licensed under GNU GPL v2. + */ + +#include hw.h +#include sysemu/sysemu.h +#include sysbus.h +#include ssi.h + +#include ftspi020.h + +#define TYPE_FTSPI020 ftspi020 + +typedef struct Ftspi020State { +SysBusDevice busdev; +MemoryRegion iomem; +qemu_irq irq; + +/* DMA hardware handshake */ +qemu_irq req; + +SSIBus *spi; +uint8_t num_cs; +qemu_irq *cs_lines; + +int wip;/* SPI Flash Status: Write In Progress BIT shift */ +uint32_t datacnt; + +/* HW register caches */ +uint32_t cmd[4]; +uint32_t ctrl; +uint32_t timing; +uint32_t icr; +uint32_t isr; +uint32_t rdsr; +} ftspi020_state; + +#define FTSPI020(obj) \ +OBJECT_CHECK(ftspi020_state, obj, TYPE_FTSPI020) + +static void ftspi020_update_irq(ftspi020_state *s) +{ +if (s-isr) { +qemu_set_irq(s-irq, 1); +} else { +qemu_set_irq(s-irq, 0); +} +} + +static void ftspi020_handle_ack(void *opaque, int line, int level) +{ +ftspi020_state *s = FTSPI020(opaque); + +if (!(s-icr 0x01)) { +return; +} + +if (level) { +qemu_set_irq(s-req, 0); +} else if (s-datacnt 0) { +qemu_set_irq(s-req, 1); +} +} + +static int ftspi020_do_command(ftspi020_state *s) +{ +int cs = (s-cmd[3] 8) 0x03; +int cmd = (s-cmd[3] 24) 0xff; +int ilen = (s-cmd[1] 24) 0x03; +int alen = (s-cmd[1] 0) 0x07; +int dcyc = (s-cmd[1] 16) 0xff; + +/* make sure the spi flash is de-activated */ +qemu_set_irq(s-cs_lines[cs], 1); + +/* activate the spi flash */ +qemu_set_irq(s-cs_lines[cs], 0); + +/* if it's a SPI flash READ_STATUS command */ +if ((s-cmd[3] 0x06) == 0x04) { +do { +ssi_transfer(s-spi, cmd); +s-rdsr = ssi_transfer(s-spi, 0x00); +if (s-cmd[3] 0x08) { +break; +} +} while (s-rdsr (1 s-wip)); +} else { +/* otherwise */ +int i; + +ilen = MIN(ilen, 2); +alen = MIN(alen, 4); + +/* command cycles */ +for (i = 0; i ilen; ++i) { +ssi_transfer(s-spi, cmd); +} +/* address cycles */ +for (i = alen - 1; i = 0; --i) { +ssi_transfer(s-spi, (s-cmd[0] (8 * i)) 0xff); +} +/* dummy cycles */ +for (i = 0; i (dcyc 3); ++i) { +ssi_transfer(s-spi, 0x00); +} +} + +if (s-datacnt = 0) { +qemu_set_irq(s-cs_lines[cs], 1); +} else if (s-icr 0x01) { +qemu_set_irq(s-req, 1); +} + +if (s-cmd[3] 0x01) { +s-isr |= 0x01; +} +ftspi020_update_irq(s); + +return 0; +} + +static void ftspi020_chip_reset(ftspi020_state *s) +{ +int i; + +s-datacnt = 0; +for (i = 0; i 4; ++i) { +s-cmd[i] = 0; +} +s-wip = 0; +s-ctrl = 0; +s-timing = 0; +s-icr = 0; +s-isr = 0; +s-rdsr = 0; + +qemu_set_irq(s-irq, 0); +} + +static uint64_t ftspi020_mem_read(void *opaque, hwaddr addr, unsigned size) +{ +ftspi020_state *s = FTSPI020(opaque); +uint64_t ret = 0; + +switch (addr) { +case REG_DATA: +if (!(s-cmd[3] 0x02)) { +if (s-datacnt 0) { +ret |= (uint32_t)(ssi_transfer(s-spi, 0x00) 0xff) 0; +ret |= (uint32_t)(ssi_transfer(s-spi, 0x00) 0xff) 8; +ret |= (uint32_t)(ssi_transfer(s-spi, 0x00) 0xff) 16; +ret |= (uint32_t)(ssi_transfer(s-spi, 0x00) 0xff) 24; +s-datacnt = (s-datacnt 4) ? 0 : (s-datacnt - 4); +} +if (s-datacnt == 0) { +uint8_t cs = (s-cmd[3] 8) 0x03; +qemu_set_irq(s-cs_lines[cs], 1); +if (s-cmd[3] 0x01) { +s-isr |= 0x01; +} +ftspi020_update_irq(s); +} +} +break; +case REG_RDST: +return s-rdsr; +case REG_CMD0: +return s-cmd[0]; +case REG_CMD1: +return s-cmd[1]; +case REG_CMD2:
Re: [Qemu-devel] [PATCH] block: Create proper size file for disk mirror
On Thu, Jan 24, 2013 at 10:00:40AM -0800, Vishvananda Ishaya wrote: The qmp monitor command to mirror a disk was passing -1 for size along with the disk's backing file. This size of the resulting disk is the size of the backing file, which is incorrect if the disk has been resized. Therefore we should always pass in the size of the current disk. Signed-off-by: Vishvananda Ishaya vishvana...@gmail.com --- Fixes https://bugs.launchpad.net/qemu/+bug/1103903 blockdev.c |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Also CCed Paolo Bonzini who wrote the code. Reviewed-by: Stefan Hajnoczi stefa...@redhat.com
[Qemu-devel] [PATCH v2] vnc: Clean up vncws_send_handshake_response()
Use appropriate types, drop superfluous casts, use sizeof, don't exploit that this particular call of gnutls_fingerprint() doesn't change its last argument. Signed-off-by: Markus Armbruster arm...@redhat.com --- ui/vnc-ws.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c index 9ccdc19..3e30209 100644 --- a/ui/vnc-ws.c +++ b/ui/vnc-ws.c @@ -120,10 +120,11 @@ static char *vncws_extract_handshake_entry(const char *handshake, static void vncws_send_handshake_response(VncState *vs, const char* key) { char combined_key[WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1]; -char hash[SHA1_DIGEST_LEN]; -size_t hash_size = SHA1_DIGEST_LEN; +unsigned char hash[SHA1_DIGEST_LEN]; +size_t hash_size = sizeof(hash); char *accept = NULL, *response = NULL; gnutls_datum_t in; +int ret; g_strlcpy(combined_key, key, WS_CLIENT_KEY_LEN + 1); g_strlcat(combined_key, WS_GUID, WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1); @@ -131,9 +132,9 @@ static void vncws_send_handshake_response(VncState *vs, const char* key) /* hash and encode it */ in.data = (void *)combined_key; in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN; -if (gnutls_fingerprint(GNUTLS_DIG_SHA1, in, hash, hash_size) -== GNUTLS_E_SUCCESS) { -accept = g_base64_encode((guchar *)hash, SHA1_DIGEST_LEN); +ret = gnutls_fingerprint(GNUTLS_DIG_SHA1, in, hash, hash_size); +if (ret == GNUTLS_E_SUCCESS hash_size = SHA1_DIGEST_LEN) { +accept = g_base64_encode(hash, hash_size); } if (accept == NULL) { VNC_DEBUG(Hashing Websocket combined key failed\n); -- 1.7.11.7
Re: [Qemu-devel] [PATCH v2] hw/wm8731: add WM8731 codec support
Am 25.01.2013 08:16, schrieb Kuo-Jung Su: From: Kuo-Jung Su dant...@faraday-tech.com Wolfson WM8731 is a simple audio codec for embedded systems. It has 2 input and 1 output ports: ** Input ** 1. Linue-In 2. Microphone ** Output ** 1. Headphone out BTW it's based on hw/wm8750.c with 16bit I2S support by default. Signed-off-by: Kuo-Jung Su dant...@faraday-tech.com --- Changes for v2: - introduce QOM coding style - coding style fixes, howeve there are still some false alarms. for examples: ERROR: need consistent spacing around '*' (ctx:WxV) #9997: FILE: hw/wm8731.c:33: +SWVoiceIn *adc_voice[IN_PORT_N]; --- default-configs/arm-softmmu.mak |1 + hw/Makefile.objs|1 + hw/i2c.h|6 + hw/wm8731.c | 488 +++ 4 files changed, 496 insertions(+) create mode 100644 hw/wm8731.c diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak index 2f1a5c9..c86d0f2 100644 --- a/default-configs/arm-softmmu.mak +++ b/default-configs/arm-softmmu.mak @@ -10,6 +10,7 @@ CONFIG_SERIAL=y CONFIG_PTIMER=y CONFIG_SD=y CONFIG_MAX7310=y +CONFIG_WM8731=y CONFIG_WM8750=y CONFIG_TWL92230=y CONFIG_TSC2005=y diff --git a/hw/Makefile.objs b/hw/Makefile.objs index 23ac249..1da2a34 100644 --- a/hw/Makefile.objs +++ b/hw/Makefile.objs @@ -166,6 +166,7 @@ common-obj-$(CONFIG_REALLY_VIRTFS) += 9pfs/ common-obj-y += usb/ common-obj-$(CONFIG_PTIMER) += ptimer.o common-obj-$(CONFIG_MAX7310) += max7310.o +common-obj-$(CONFIG_WM8731) += wm8731.o common-obj-$(CONFIG_WM8750) += wm8750.o common-obj-$(CONFIG_TWL92230) += twl92230.o common-obj-$(CONFIG_TSC2005) += tsc2005.o diff --git a/hw/i2c.h b/hw/i2c.h index 883b5c5..89d63cd 100644 --- a/hw/i2c.h +++ b/hw/i2c.h @@ -64,6 +64,12 @@ int i2c_recv(i2c_bus *bus); DeviceState *i2c_create_slave(i2c_bus *bus, const char *name, uint8_t addr); +/* wm8731.c */ +void wm8731_data_req_set(DeviceState *dev, +void (*data_req)(void *, int, int), void *opaque); +void wm8731_dac_dat(void *opaque, uint32_t sample); +uint32_t wm8731_adc_dat(void *opaque); + /* wm8750.c */ void wm8750_data_req_set(DeviceState *dev, void (*data_req)(void *, int, int), void *opaque); diff --git a/hw/wm8731.c b/hw/wm8731.c new file mode 100644 index 000..328cb7f --- /dev/null +++ b/hw/wm8731.c @@ -0,0 +1,488 @@ +/* + * WM8731 audio CODEC. + * + * base is wm8750.c + * + * Copyright (c) 2013 Faraday Technology + * Written by Dante Su dant...@faraday-tech.com + * + * This file is licensed under GNU GPL v2. + */ + +#include hw.h +#include i2c.h +#include audio/audio.h + +#define IN_PORT_N 2 +#define OUT_PORT_N 1 + +#define TYPE_WM8731 wm8731 + +typedef struct WMRate { +int adc; +int adc_hz; +int dac; +int dac_hz; +} wmrate; + +typedef struct WM8731State { +I2CSlave i2c; +uint8_t i2c_data[2]; +int i2c_len; +QEMUSoundCard card; +SWVoiceIn *adc_voice[IN_PORT_N]; +SWVoiceOut *dac_voice[OUT_PORT_N]; +void (*data_req)(void *, int, int); +void *opaque; +uint8_t data_in[4096]; +uint8_t data_out[4096]; +int idx_in, req_in; +int idx_out, req_out; + +SWVoiceOut **out[2]; +uint8_t outvol[2]; +SWVoiceIn **in[2]; +uint8_t invol[2], inmute[2], mutemic; + +uint8_t mute; +uint8_t power, format, active; +const wmrate *rate; +uint8_t rate_vmstate; +int adc_hz, dac_hz, ext_adc_hz, ext_dac_hz, master; +} wm8731_state; + +#define WM8731(obj) \ +OBJECT_CHECK(wm8731_state, obj, TYPE_WM8731) While I appreciate you adding the QOM macro here, the CamelCase type name WM8731State in v1 was totally correct, please change it back. Same for WMRate and any other type names. + +#define WM8731_OUTVOL_TRANSFORM(x) (x 1) +#define WM8731_INVOL_TRANSFORM(x) (x 3) + +static inline void wm8731_in_load(wm8731_state *s) +{ +if (s-idx_in + s-req_in = sizeof(s-data_in)) { +return; +} +s-idx_in = audio_MAX(0, (int) sizeof(s-data_in) - s-req_in); +AUD_read(*s-in[0], s-data_in + s-idx_in, + sizeof(s-data_in) - s-idx_in); +} + +static inline void wm8731_out_flush(wm8731_state *s) +{ +int sent = 0; +while (sent s-idx_out) { +sent += AUD_write(*s-out[0], s-data_out + sent, s-idx_out - sent) + ? 0 : s-idx_out; +} +s-idx_out = 0; +} + +static void wm8731_audio_in_cb(void *opaque, int avail_b) +{ +wm8731_state *s = WM8731(opaque); +s-req_in = avail_b; +/* 16 bit samples */ +s-data_req(s-opaque, s-req_out 1, avail_b 1); +} + +static void wm8731_audio_out_cb(void *opaque, int free_b) +{ +wm8731_state *s = WM8731(opaque); + +if (s-idx_out = free_b) { +s-idx_out = free_b; +
Re: [Qemu-devel] [RFC] qemu snapshot enchancement
Note: The proposed backup patches (already sent to the list) make backups without creating internal/external snapshot. Consistency is guaranteed by using COW. I guess this can be implemented, or may already exist in 3rd party components, such as LVM2. We used LVM to provide snapshots for backups for more than 4 years now. (in production at many customer sites). It is a constant PITA. If interested, you can grab our support forum about problems with LVM snapshots (http://forum.proxmox.com). The new backup approach is much better an avoids most of the problems we had. (the backup patches contains a list of advantages).
Re: [Qemu-devel] [PATCH for-1.4 v4 01/12] ppc: Move Mac machines to hw/ppc/
Am 24.01.2013 10:03, schrieb Andreas Färber: Signed-off-by: Andreas Färber afaer...@suse.de --- hw/cuda.c |2 +- hw/grackle_pci.c |2 +- hw/heathrow_pic.c |2 +- hw/ide/macio.c|6 +++--- hw/mac_nvram.c|2 +- hw/macio.c|2 +- hw/openpic.c |2 +- hw/ppc/Makefile.objs |9 + hw/{ppc_mac.h = ppc/mac.h} |0 hw/{ppc_newworld.c = ppc/mac_newworld.c} | 28 ++-- hw/{ppc_oldworld.c = ppc/mac_oldworld.c} | 26 +- hw/unin_pci.c |2 +- 12 Dateien geändert, 42 Zeilen hinzugefügt(+), 41 Zeilen entfernt(-) rename hw/{ppc_mac.h = ppc/mac.h} (100%) rename hw/{ppc_newworld.c = ppc/mac_newworld.c} (98%) rename hw/{ppc_oldworld.c = ppc/mac_oldworld.c} (97%) As you noticed I forgot to update MAINTAINERS. Please squash the following fix: diff --git a/MAINTAINERS b/MAINTAINERS index 35c260d..9dd4c20 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -380,7 +380,7 @@ New World M: Alexander Graf ag...@suse.de L: qemu-...@nongnu.org S: Maintained -F: hw/ppc_newworld.c +F: hw/ppc/mac_newworld.c F: hw/unin_pci.c F: hw/dec_pci.[hc] @@ -388,7 +388,7 @@ Old World M: Alexander Graf ag...@suse.de L: qemu-...@nongnu.org S: Maintained -F: hw/ppc_oldworld.c +F: hw/ppc/mac_oldworld.c F: hw/grackle_pci.c PReP Thanks, Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [PATCH] block: Create proper size file for disk mirror
Am 24.01.2013 19:00, schrieb Vishvananda Ishaya: The qmp monitor command to mirror a disk was passing -1 for size along with the disk's backing file. This size of the resulting disk is the size of the backing file, which is incorrect if the disk has been resized. Therefore we should always pass in the size of the current disk. Signed-off-by: Vishvananda Ishaya vishvana...@gmail.com Thanks, applied to the block branch. Can you send a qemu-iotests test case that tests this condition? (Probably best as an extension to case 041) Kevin
Re: [Qemu-devel] [PATCH] build: remove *.lo, *.a, *.la files from all subdirectories on make clean
On 15.01.2013 09:49, Paolo Bonzini wrote: .lo files in stubs/, util/ and libcacard/ were not cleaned. Fix this. Cc: Blue Swirl blauwir...@gmail.com Reported-by: Stefan Hajnoczi stefa...@redhat.com Signed-off-by: Paolo Bonzini pbonz...@redhat.com --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Reviewed-by: Michal Privoznik mpriv...@redhat.com
Re: [Qemu-devel] [PATCH][TRIVIAL] vl: coding style cleanups
Hi, Am 25.01.2013 00:04, schrieb Jesse Larrew: Reformat the option parsing code in main() and various supporting functions to conform to the QEMU coding style. Signed-off-by: Jesse Larrew jlar...@linux.vnet.ibm.com --- vl.c | 476 +-- 1 file changed, 260 insertions(+), 216 deletions(-) On a brief look this doesn't look wrong. What is the purpose of this patch though? Is it intended for the s390x SCLP patch to be rebased upon, or is it preparing some other actual refactoring or addition? We don't usually do pure Coding Style refactorings without follow-ups. Regards, Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [PATCH][TRIVIAL] vl: coding style cleanups
Am 25.01.2013 um 10:47 schrieb Andreas Färber afaer...@suse.de: Hi, Am 25.01.2013 00:04, schrieb Jesse Larrew: Reformat the option parsing code in main() and various supporting functions to conform to the QEMU coding style. Signed-off-by: Jesse Larrew jlar...@linux.vnet.ibm.com --- vl.c | 476 +-- 1 file changed, 260 insertions(+), 216 deletions(-) On a brief look this doesn't look wrong. What is the purpose of this patch though? Is it intended for the s390x SCLP patch to be rebased upon, or is it preparing some other actual refactoring or addition? We don't usually do pure Coding Style refactorings without follow-ups. We only don't do it because nobody wanted to sit down and actually convert the code to adhere to the new coding style guidelines. I think it's a great idea to fix vl.c's coding style once and for all. Alex Regards, Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [PATCH for 1.4 0/4] Simplify Makefile.objs some more
Il 25/01/2013 10:23, Andreas Färber ha scritto: As far as I understood, Andreas did not have any objections on the contents of this patch, which doesn't make things any better or worse from his point of view. I didn't receive a patch to fix cpu.c yet so I'll do that on my own. Paolo, please check for any other uses of CONFIG_USER_ONLY in the files you are moving and make sure that the respective maintainers are aware of and understand the impact of your changes. But I'm not moving anything! :) Not with these patches at least. Which is why I haven't sent the CONFIG_USER_ONLY patch yet. Things seem to work, have been like this for over a month, as long as we don't forget there's no hurry really. The patches are mostly mechanical substitutions, and there is no user-visible change---neither in total build time, nor in the files that are linked into the executables. I did this check when I eliminated libuser, and there was none. Unfortunately, the patch that introduced CONFIG_USER_ONLY went in with the same round of merges on Dec 19. It was a merge conflict, that's it. Paolo
Re: [Qemu-devel] [PATCH][TRIVIAL] vl: coding style cleanups
Am 25.01.2013 10:56, schrieb Alexander Graf: Am 25.01.2013 um 10:47 schrieb Andreas Färber afaer...@suse.de: Am 25.01.2013 00:04, schrieb Jesse Larrew: Reformat the option parsing code in main() and various supporting functions to conform to the QEMU coding style. Signed-off-by: Jesse Larrew jlar...@linux.vnet.ibm.com --- vl.c | 476 +-- 1 file changed, 260 insertions(+), 216 deletions(-) On a brief look this doesn't look wrong. What is the purpose of this patch though? Is it intended for the s390x SCLP patch to be rebased upon, or is it preparing some other actual refactoring or addition? We don't usually do pure Coding Style refactorings without follow-ups. We only don't do it because nobody wanted to sit down and actually convert the code to adhere to the new coding style guidelines. That's not true. Pure Coding Style refactorings have been rejected in the past for unnecessarily clobbering git-blame history, therefore my question. I think it's a great idea to fix vl.c's coding style once and for all. No objection here. I also need to do some reindentations for my CPUState refactorings that I could send out. Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [RFC 3/3] virtio-balloon: add auto-ballooning support
On (Mon) 14 Jan 2013 [09:58:30], Luiz Capitulino wrote: On Sat, 12 Jan 2013 02:02:32 +0530 Amit Shah amit.s...@redhat.com wrote: Hi Luiz, On (Tue) 18 Dec 2012 [18:16:55], Luiz Capitulino wrote: The auto-ballooning feature automatically performs balloon inflate or deflate based on host and guest memory pressure. This can help to avoid swapping or worse in both, host and guest. Auto-ballooning has a host and a guest part. The host performs automatic inflate by requesting the guest to inflate its balloon when the host is facing memory pressure. The guest performs automatic deflate when it's facing memory pressure itself. It's expected that auto-inflate and auto-deflate will balance each other over time. What does this last line mean? When qemu does auto-inflate, the guest memory will be reduced. Then it's expected that something will increase it again. That something is auto-deflate. However, if we deflate too much, than the host may face memory pressure, and then auto-inflate will take place again. It's expected that that sequence of auto-inflate and auto-deflate will reach a balance in some point in time. This all depends on the loads on the systems and other external factors; we never know how things might behave. Let's just leave this line out. How about emitting a QMP message to notify management of auto-ballooning? I could think about that if they are interested. I think they would be - no harm in asking. o this shouldn't override balloon changes done by the user manually Can you think of examples here? If the user (host admin) has ballooned an 8G guest down to 4G, auto-balloon will only further shrink down the guest RAM, so there's no real 'overriding' happening that I can think of. Of course, a guest can expand itself to, say, 5G, but that should be allowed as the guest might be under pressure. Yes, that's exactly my point above. I mean, taking your example, if the user has ballooned an 8G down to 4G, should auto-balloon be allowed to balloon to 5G or even back to 8G? I think it should be allowed by default, and tunable by user/management (i.e. qemu shouldn't create policy, but enforce one if provided). Amit
Re: [Qemu-devel] [PATCH v2 00/12] qdev: correct reference counting
Il 25/01/2013 10:21, Andreas Färber ha scritto: Ping. I believe I was still waiting for an explanation why this qbus_init() function must be exposed rather than one _new() and one _initialize() function... Not getting feedback on that, I was already considering sending you an alternative patch for the initial two. Because you cannot object_initialize the result of object_new. It would overwrite the free callback and leak memory. So you need three functions: _new() (which is usually called foo_create for buses), _initialize() (which is usually foo_create_inplace), and a third which I called _init(). Paolo
Re: [Qemu-devel] [PATCH for 1.4 0/4] Simplify Makefile.objs some more
Am 25.01.2013 11:08, schrieb Paolo Bonzini: Il 25/01/2013 10:23, Andreas Färber ha scritto: As far as I understood, Andreas did not have any objections on the contents of this patch, which doesn't make things any better or worse from his point of view. I didn't receive a patch to fix cpu.c yet so I'll do that on my own. Paolo, please check for any other uses of CONFIG_USER_ONLY in the files you are moving and make sure that the respective maintainers are aware of and understand the impact of your changes. But I'm not moving anything! :) Not with these patches at least. Which is why I haven't sent the CONFIG_USER_ONLY patch yet. Things seem to work, have been like this for over a month, as long as we don't forget there's no hurry really. My hurry is due to the freezes, but being a true bug it would qualify for Hard Freeze. Still I am queuing all bugfixes I can find now already. The patches are mostly mechanical substitutions, and there is no user-visible change---neither in total build time, nor in the files that are linked into the executables. I did this check when I eliminated libuser, and there was none. Unfortunately, the patch that introduced CONFIG_USER_ONLY went in with the same round of merges on Dec 19. It was a merge conflict, that's it. To clarify: My comment was not restricted to this series, it was directed at refactoring the build system in general; I also had the BSD breakage (for which the fix was still not committed?) in mind, which was not a mismerge but an oversight on your part. But I admit checking qom/cpu.c wouldn't have found it, by contrast, at whatever point (because hidden in the included header file). Cheers, Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [PATCH v2 00/12] qdev: correct reference counting
Am 25.01.2013 11:25, schrieb Paolo Bonzini: Il 25/01/2013 10:21, Andreas Färber ha scritto: Ping. I believe I was still waiting for an explanation why this qbus_init() function must be exposed rather than one _new() and one _initialize() function... Not getting feedback on that, I was already considering sending you an alternative patch for the initial two. Because you cannot object_initialize the result of object_new. It would overwrite the free callback and leak memory. I never suggested that. So you need three functions: _new() (which is usually called foo_create for buses), _initialize() (which is usually foo_create_inplace), and a third which I called _init(). My question still is, *why* do we need a third one? My suggestion is foo_bus_initialize() - bus_initialize() - object_initialize() and foo_bus_new() - bus_new() - object_new(). Code sharing can be done static-qbus_realize()-style (call that qbus_init if you like but don't expose this detail). Regards, Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
Re: [Qemu-devel] [PATCH v2] target-arm: add Faraday ARMv5TE processors support
On 25 January 2013 07:18, Kuo-Jung Su dant...@gmail.com wrote: From: Kuo-Jung Su dant...@faraday-tech.com Faraday processors are a series of ARMv4/ARMv5TE clone. * ARMv4 series (FA526, FA626). All of them are now out-of-date, so I have no plan for them. * ARMv5TE series (FA606TE, FA626TE, FA616TE, FA726TE) All the single core RISC listed above are included in this patch. And there are two Faraday CP15 extensions (AUX and I/D-Scratchpad) have been implemented as a read/write value without any extra actions. I'm going to need pointers to the CPU documentation to be able to review this patch, though it looks mostly ok. One point: you've added new CPU state fields so you must add save and restore code for them in target-arm/machine.c (and increment CPU_SAVE_VERSION in target-arm/cpu.h.) thanks -- PMM
Re: [Qemu-devel] [PATCH] s390: Move hw files to hw/s390x
On 25 January 2013 00:18, Alexander Graf ag...@suse.de wrote: This moves all files only used by s390 system emulation to hw/s390x. This only makes sense if our plan is to rearrange the hw/ source files for all targets -- are we going to? Do files for arch-specific kvm devices go in hw/kvm/ or hw/$arch/ ? -- PMM
Re: [Qemu-devel] [PATCH v2 00/12] qdev: correct reference counting
Il 25/01/2013 11:33, Andreas Färber ha scritto: Am 25.01.2013 11:25, schrieb Paolo Bonzini: Il 25/01/2013 10:21, Andreas Färber ha scritto: Ping. I believe I was still waiting for an explanation why this qbus_init() function must be exposed rather than one _new() and one _initialize() function... Not getting feedback on that, I was already considering sending you an alternative patch for the initial two. Because you cannot object_initialize the result of object_new. It would overwrite the free callback and leak memory. I never suggested that. So you need three functions: _new() (which is usually called foo_create for buses), _initialize() (which is usually foo_create_inplace), and a third which I called _init(). My question still is, *why* do we need a third one? My suggestion is foo_bus_initialize() - bus_initialize() - object_initialize() and foo_bus_new() - bus_new() - object_new(). Code sharing can be done static-qbus_realize()-style (call that qbus_init if you like but don't expose this detail). Ok, so you suggest keeping the third one but making it static. That works for me. Paolo
Re: [Qemu-devel] [PATCH for-1.4 v4 01/12] ppc: Move Mac machines to hw/ppc/
On 24 January 2013 09:03, Andreas Färber afaer...@suse.de wrote: [PATCH for-1.4 v4 01/12] ppc: Move Mac machines to hw/ppc/ ...so why is a big code movement patch 1.4 material? I would prefer us to wait for 1.5, and then we have a reasonable chance of saying release goal for 1.5 is to have moved all the arch-specific hw files to their new homes. If we commit this for 1.4 then at 1.4 release the source tree will be in an odd halfway statet. -- PMM
[Qemu-devel] [PATCH V2 00/20] Multiqueue virtio-net
Hello all: This seires is an update of last version of multiqueue virtio-net support. This series tries to brings multiqueue support to virtio-net through a multiqueue support tap backend and multiple vhost threads. To support this, multiqueue nic support were added to qemu. This is done by introducing an array of NetClientStates in NICState, and make each pair of peers to be an queue of the nic. This is done in patch 1-7. Tap were also converted to be able to create a multiple queue backend. Currently, only linux support this by issuing TUNSETIFF N times with the same device name to create N queues. Each fd returned by TUNSETIFF were a queue supported by kernel. Three new command lines were introduced, queues were used to tell how many queues will be created by qemu; fds were used to pass multiple pre-created tap file descriptors to qemu; vhostfds were used to pass multiple pre-created vhost descriptors to qemu. This is done in patch 8-13. A method of deleting a queue and queue_index were also introduce for virtio, this is done in patch 14-15. Vhost were also changed to support multiqueue by introducing a start vq index which tracks the first virtqueue that will be used by vhost instead of the assumption that the vhost always use virtqueue from index 0. This is done in patch 16. The last part is the multiqueue userspace changes, this is done in patch 17-20. With this changes, user could start a multiqueue virtio-net device through ./qemu -netdev tap,id=hn0,queues=2,vhost=on -device virtio-net-pci,netdev=hn0 Management tools such as libvirt can pass multiple pre-created fds/vhostfds through ./qemu -netdev tap,id=hn0,fds=X:Y,vhostfds=M:N -device virtio-net-pci,netdev=hn0 No git tree this round since github is unavailable in China... Changes from V1: - silent checkpatch (Blue) - use fds/vhostfds instead of fd/vhostfd (Stefan) - use fds=X:Y:Z instead of fd=X,fd=Y,fd=Z (Anthony) - split patches (Stefan) - typos in commit log (Stefan) - Warn 'queues=' when fds/vhostfds is used (Stefan) - rename __net_init_tap to net_init_tap_one (Stefan) - check the consistency of vnet_hdr of multiple tap fds (Stefan) - disable multiqueue support for bridge-helper (Stefan) - rename tap_attach()/tap_detach() to tap_enable()/tap_disable() (Stefan) - fix booting with legacy guest (WanLong) - don't bump the version when doing migration (Michael) - simplify the interface between virtio-net and multiqueue vhost_net (Michael) - rebase the patches to latest - re-order the patches that let the net part comes first to simplify the reviewing - simplify the interface between virtio-net and multiqueue vhost_net - move the guest notifiers setup from vhost to vhost_net - fix a build issue of hw/mcf_fce.c Changes from RFC v2: - rebase the codes to latest qemu - align the multiqueue virtio-net implementation to virtio spec - split the patches into more smaller patches - set_link and hotplug support Changes from RFC V1: - rebase to the latest - fix memory leak in parse_netdev - fix guest notifiers assignment/de-assignment - changes the command lines to: qemu -netdev tap,queues=2 -device virtio-net-pci,queues=2 Reference: V1: http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg03558.html RFC v2: http://lists.gnu.org/archive/html/qemu-devel/2012-06/msg04108.html RFC v1: http://comments.gmane.org/gmane.comp.emulators.qemu/100481 Perf Numbers: - norm is short for normalize result - trans.rate is short for transaction rate Two Intel Xeon 5620 with direct connected intel 82599EB Host/Guest kernel: David net tree vhost enabled - lots of improvents of both latency and cpu utilization in request-reponse test - get regression of guest sending small packets which because TCP tends to batch less when the latency were improved 1q/2q/4q TCP_RR size #sessions trans.rate norm trans.rate norm trans.rate norm 1 1 9393.26 595.64 9408.18 597.34 9375.19 584.12 1 2072162.1 2214.24 129880.22 2456.13 196949.81 2298.13 1 50107513.38 2653.99 139721.93 2490.58 259713.82 2873.57 1 100 126734.63 2676.54 145553.5 2406.63 265252.68 2943 64 19453.42 632.33 9371.37 616.13 9338.19 615.97 64 20 70620.03 2093.68 125155.75 2409.15 191239.91 2253.32 64 50 1069662448.29 146518.67 2514.47 242134.07 2720.91 64 100 117046.35 2394.56 190153.09 2696.82 238881.29 2704.41 256 1 8733.29 736.36 8701.07 680.83 8608.92 530.1 256 20 69279.89 2274.45 115103.07 2299.76 144555.16 1963.53 256 50 97676.02 2296.09 150719.57 2522.92 254510.5 3028.44 256 100 150221.55 2949.56 197569.3 2790.92 300695.78 3494.83 TCP_CRR size #sessions trans.rate norm trans.rate norm trans.rate norm 1 1 2848.37 163.41 2230.39 130.89 2013.09 120.47 1 2023434.5 562.11 31057.43 531.07 49488.28 564.41 1 5028514.88 582.17 40494.23 605.92 60113.35 654.97 1 100 28827.22 584.73 48813.25 661.6 61783.62 676.56 64 12780.08 159.4 2201.07 127.96 2006.8 117.63 64 20 23318.51 564.47 30982.44 530.24
[Qemu-devel] [PATCH V2 01/20] net: introduce qemu_get_queue()
To support multiqueue, the patch introduce a helper qemu_get_queue() which is used to get the NetClientState of a device. The following patches would refactor this helper to support multiqueue. Signed-off-by: Jason Wang jasow...@redhat.com --- hw/cadence_gem.c|9 +++-- hw/dp8393x.c|9 +++-- hw/e1000.c | 24 --- hw/eepro100.c | 12 hw/etraxfs_eth.c|4 +- hw/lan9118.c| 10 +++--- hw/mcf_fec.c|4 +- hw/milkymist-minimac2.c |4 +- hw/mipsnet.c|4 +- hw/musicpal.c |2 +- hw/ne2000-isa.c |2 +- hw/ne2000.c |7 ++-- hw/opencores_eth.c |6 ++-- hw/pcnet-pci.c |2 +- hw/pcnet.c |7 ++-- hw/rtl8139.c| 14 hw/smc91c111.c |4 +- hw/spapr_llan.c |4 +- hw/stellaris_enet.c |5 ++- hw/usb/dev-network.c| 10 +++--- hw/virtio-net.c | 76 ++- hw/xen_nic.c| 13 +--- hw/xgmac.c |4 +- hw/xilinx_axienet.c |4 +- hw/xilinx_ethlite.c |4 +- include/net/net.h |1 + net/net.c |5 +++ savevm.c|2 +- 28 files changed, 138 insertions(+), 114 deletions(-) diff --git a/hw/cadence_gem.c b/hw/cadence_gem.c index 0d83442..9de688f 100644 --- a/hw/cadence_gem.c +++ b/hw/cadence_gem.c @@ -389,10 +389,10 @@ static void gem_init_register_masks(GemState *s) */ static void phy_update_link(GemState *s) { -DB_PRINT(down %d\n, s-nic-nc.link_down); +DB_PRINT(down %d\n, qemu_get_queue(s-nic)-link_down); /* Autonegotiation status mirrors link status. */ -if (s-nic-nc.link_down) { +if (qemu_get_queue(s-nic)-link_down) { s-phy_regs[PHY_REG_STATUS] = ~(PHY_REG_STATUS_ANEGCMPL | PHY_REG_STATUS_LINK); s-phy_regs[PHY_REG_INT_ST] |= PHY_REG_INT_ST_LINKC; @@ -906,9 +906,10 @@ static void gem_transmit(GemState *s) /* Send the packet somewhere */ if (s-phy_loop) { -gem_receive(s-nic-nc, tx_packet, total_bytes); +gem_receive(qemu_get_queue(s-nic), tx_packet, total_bytes); } else { -qemu_send_packet(s-nic-nc, tx_packet, total_bytes); +qemu_send_packet(qemu_get_queue(s-nic), tx_packet, + total_bytes); } /* Prepare for next packet */ diff --git a/hw/dp8393x.c b/hw/dp8393x.c index b501450..c2d0bc8 100644 --- a/hw/dp8393x.c +++ b/hw/dp8393x.c @@ -339,6 +339,7 @@ static void do_receiver_disable(dp8393xState *s) static void do_transmit_packets(dp8393xState *s) { +NetClientState *nc = qemu_get_queue(s-nic); uint16_t data[12]; int width, size; int tx_len, len; @@ -408,13 +409,13 @@ static void do_transmit_packets(dp8393xState *s) if (s-regs[SONIC_RCR] (SONIC_RCR_LB1 | SONIC_RCR_LB0)) { /* Loopback */ s-regs[SONIC_TCR] |= SONIC_TCR_CRSL; -if (s-nic-nc.info-can_receive(s-nic-nc)) { +if (nc-info-can_receive(nc)) { s-loopback_packet = 1; -s-nic-nc.info-receive(s-nic-nc, s-tx_buffer, tx_len); +nc-info-receive(nc, s-tx_buffer, tx_len); } } else { /* Transmit packet */ -qemu_send_packet(s-nic-nc, s-tx_buffer, tx_len); +qemu_send_packet(nc, s-tx_buffer, tx_len); } s-regs[SONIC_TCR] |= SONIC_TCR_PTX; @@ -903,7 +904,7 @@ void dp83932_init(NICInfo *nd, hwaddr base, int it_shift, s-nic = qemu_new_nic(net_dp83932_info, s-conf, nd-model, nd-name, s); -qemu_format_nic_info_str(s-nic-nc, s-conf.macaddr.a); +qemu_format_nic_info_str(qemu_get_queue(s-nic), s-conf.macaddr.a); qemu_register_reset(nic_reset, s); nic_reset(s); diff --git a/hw/e1000.c b/hw/e1000.c index ef06ca1..7b310d7 100644 --- a/hw/e1000.c +++ b/hw/e1000.c @@ -167,11 +167,11 @@ set_phy_ctrl(E1000State *s, int index, uint16_t val) { if ((val MII_CR_AUTO_NEG_EN) (val MII_CR_RESTART_AUTO_NEG)) { /* no need auto-negotiation if link was down */ -if (s-nic-nc.link_down) { +if (qemu_get_queue(s-nic)-link_down) { s-phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE; return; } -s-nic-nc.link_down = true; +qemu_get_queue(s-nic)-link_down = true; e1000_link_down(s); s-phy_reg[PHY_STATUS] = ~MII_SR_AUTONEG_COMPLETE; DBGOUT(PHY, Start link auto negotiation\n); @@ -183,7 +183,7 @@ static void e1000_autoneg_timer(void *opaque) { E1000State *s = opaque; -s-nic-nc.link_down = false; +qemu_get_queue(s-nic)-link_down = false; e1000_link_up(s); s-phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE;
[Qemu-devel] [PATCH V2 07/20] net: multiqueue support
This patch adds basic multiqueue support for qemu. The idea is simple, an array of NetClientStates were introduced in NICState, parse_netdev() were extended to find and match all NetClientStates belongs to the backend and place their pointers in NICConf. Then qemu_new_nic can setup a N:N mapping between NICStates that belongs to a nic and NICStates belongs to the netdev. And a queue_index were introduced in NetClientState to track its index. After this, each peers of a NICState were abstracted as a queue. After this change, all NetClientState that belongs to the same backend/nic has the same id. When use want to change the link status, all NetClientStates that belongs to the same backend/nic will be also changed. When user want to delete a device or netdev, all NetClientStates that belongs to the same backend/nic will be deleted also. Changing or deleting an specific queue is not allowed. Signed-off-by: Jason Wang jasow...@redhat.com --- hw/dp8393x.c|2 +- hw/mcf_fec.c|2 +- hw/qdev-properties-system.c | 46 +++--- hw/qdev-properties.h|6 +- include/net/net.h | 18 +-- net/net.c | 113 +++ 6 files changed, 139 insertions(+), 48 deletions(-) diff --git a/hw/dp8393x.c b/hw/dp8393x.c index 0273fad..808157b 100644 --- a/hw/dp8393x.c +++ b/hw/dp8393x.c @@ -900,7 +900,7 @@ void dp83932_init(NICInfo *nd, hwaddr base, int it_shift, s-regs[SONIC_SR] = 0x0004; /* only revision recognized by Linux */ s-conf.macaddr = nd-macaddr; -s-conf.peer = nd-netdev; +s-conf.peers.ncs[0] = nd-netdev; s-nic = qemu_new_nic(net_dp83932_info, s-conf, nd-model, nd-name, s); diff --git a/hw/mcf_fec.c b/hw/mcf_fec.c index 909e32b..8e60f09 100644 --- a/hw/mcf_fec.c +++ b/hw/mcf_fec.c @@ -472,7 +472,7 @@ void mcf_fec_init(MemoryRegion *sysmem, NICInfo *nd, memory_region_add_subregion(sysmem, base, s-iomem); s-conf.macaddr = nd-macaddr; -s-conf.peer = nd-netdev; +s-conf.peers.ncs[0] = nd-netdev; s-nic = qemu_new_nic(net_mcf_fec_info, s-conf, nd-model, nd-name, s); diff --git a/hw/qdev-properties-system.c b/hw/qdev-properties-system.c index ce0f793..ce3af22 100644 --- a/hw/qdev-properties-system.c +++ b/hw/qdev-properties-system.c @@ -173,16 +173,47 @@ PropertyInfo qdev_prop_chr = { static int parse_netdev(DeviceState *dev, const char *str, void **ptr) { -NetClientState *netdev = qemu_find_netdev(str); +NICPeers *peers_ptr = (NICPeers *)ptr; +NICConf *conf = container_of(peers_ptr, NICConf, peers); +NetClientState **ncs = peers_ptr-ncs; +NetClientState *peers[MAX_QUEUE_NUM]; +int queues, i = 0; +int ret; -if (netdev == NULL) { -return -ENOENT; +queues = qemu_find_net_clients_except(str, peers, + NET_CLIENT_OPTIONS_KIND_NIC, + MAX_QUEUE_NUM); +if (queues == 0) { +ret = -ENOENT; +goto err; } -if (netdev-peer) { -return -EEXIST; + +if (queues MAX_QUEUE_NUM) { +ret = -E2BIG; +goto err; +} + +for (i = 0; i queues; i++) { +if (peers[i] == NULL) { +ret = -ENOENT; +goto err; +} + +if (peers[i]-peer) { +ret = -EEXIST; +goto err; +} + +ncs[i] = peers[i]; +ncs[i]-queue_index = i; } -*ptr = netdev; + +conf-queues = queues; + return 0; + +err: +return ret; } static const char *print_netdev(void *ptr) @@ -249,7 +280,8 @@ static void set_vlan(Object *obj, Visitor *v, void *opaque, { DeviceState *dev = DEVICE(obj); Property *prop = opaque; -NetClientState **ptr = qdev_get_prop_ptr(dev, prop); +NICPeers *peers_ptr = qdev_get_prop_ptr(dev, prop); +NetClientState **ptr = peers_ptr-ncs[0]; Error *local_err = NULL; int32_t id; NetClientState *hubport; diff --git a/hw/qdev-properties.h b/hw/qdev-properties.h index ddcf774..20c67f3 100644 --- a/hw/qdev-properties.h +++ b/hw/qdev-properties.h @@ -31,7 +31,7 @@ extern PropertyInfo qdev_prop_pci_host_devaddr; .name = (_name),\ .info = (_prop), \ .offset= offsetof(_state, _field)\ -+ type_check(_type,typeof_field(_state, _field)),\ ++ type_check(_type, typeof_field(_state, _field)), \ } #define DEFINE_PROP_DEFAULT(_name, _state, _field, _defval, _prop, _type) { \ .name = (_name), \ @@ -77,9 +77,9 @@ extern PropertyInfo qdev_prop_pci_host_devaddr; #define DEFINE_PROP_STRING(_n, _s, _f) \ DEFINE_PROP(_n, _s, _f, qdev_prop_string, char*) #define DEFINE_PROP_NETDEV(_n, _s, _f) \ -DEFINE_PROP(_n, _s, _f,
[Qemu-devel] [PATCH V2 13/20] tap: multiqueue support
Recently, linux support multiqueue tap which could let userspace call TUNSETIFF for a signle device many times to create multiple file descriptors as independent queues. User could also enable/disabe a specific queue through TUNSETQUEUE. The patch adds the generic infrastructure to create multiqueue taps. To achieve this a new parameter queues were introduced to specify how many queues were expected to be created for tap by qemu itself. Alternatively, management could also pass multiple pre-created tap file descriptors separated with ':' through a new parameter fds like -netdev tap,id=hn0,fds=X:Y:..:Z. Multiple vhost file descriptors could also be passed in this way. Each TAPState were still associated to a tap fd, which mean multiple TAPStates were created when user needs multiqueue taps. Since each TAPState contains one NetClientState, with the multiqueue nic support, an N peers of NetClientState were built up. A new parameter, mq_required were introduce in tap_open() to create multiqueue tap fds. Signed-off-by: Jason Wang jasow...@redhat.com --- include/net/tap.h |1 - net/tap-aix.c |3 +- net/tap-bsd.c |3 +- net/tap-haiku.c |3 +- net/tap-linux.c |4 +- net/tap-solaris.c |3 +- net/tap.c | 158 + net/tap_int.h |3 +- qapi-schema.json |5 +- 9 files changed, 139 insertions(+), 44 deletions(-) diff --git a/include/net/tap.h b/include/net/tap.h index c523ff0..0caf8c4 100644 --- a/include/net/tap.h +++ b/include/net/tap.h @@ -37,7 +37,6 @@ void tap_set_offload(NetClientState *nc, int csum, int tso4, int tso6, int ecn, void tap_set_vnet_hdr_len(NetClientState *nc, int len); int tap_enable(NetClientState *nc); int tap_disable(NetClientState *nc); -int tap_get_ifname(NetClientState *nc, char *ifname); int tap_get_fd(NetClientState *nc); diff --git a/net/tap-aix.c b/net/tap-aix.c index e760e9a..804d164 100644 --- a/net/tap-aix.c +++ b/net/tap-aix.c @@ -25,7 +25,8 @@ #include tap_int.h #include stdio.h -int tap_open(char *ifname, int ifname_size, int *vnet_hdr, int vnet_hdr_required) +int tap_open(char *ifname, int ifname_size, int *vnet_hdr, + int vnet_hdr_required, int mq_required) { fprintf(stderr, no tap on AIX\n); return -1; diff --git a/net/tap-bsd.c b/net/tap-bsd.c index 4f22109..bcdb268 100644 --- a/net/tap-bsd.c +++ b/net/tap-bsd.c @@ -33,7 +33,8 @@ #include net/if_tap.h #endif -int tap_open(char *ifname, int ifname_size, int *vnet_hdr, int vnet_hdr_required) +int tap_open(char *ifname, int ifname_size, int *vnet_hdr, + int vnet_hdr_required, int mq_required) { int fd; #ifdef TAPGIFNAME diff --git a/net/tap-haiku.c b/net/tap-haiku.c index b3b5fbb..e5ce436 100644 --- a/net/tap-haiku.c +++ b/net/tap-haiku.c @@ -25,7 +25,8 @@ #include tap_int.h #include stdio.h -int tap_open(char *ifname, int ifname_size, int *vnet_hdr, int vnet_hdr_required) +int tap_open(char *ifname, int ifname_size, int *vnet_hdr, + int vnet_hdr_required, int mq_required) { fprintf(stderr, no tap on Haiku\n); return -1; diff --git a/net/tap-linux.c b/net/tap-linux.c index 6827c2a..a1a6128 100644 --- a/net/tap-linux.c +++ b/net/tap-linux.c @@ -36,12 +36,12 @@ #define PATH_NET_TUN /dev/net/tun -int tap_open(char *ifname, int ifname_size, int *vnet_hdr, int vnet_hdr_required) +int tap_open(char *ifname, int ifname_size, int *vnet_hdr, + int vnet_hdr_required, int mq_required) { struct ifreq ifr; int fd, ret; int len = sizeof(struct virtio_net_hdr); -int mq_required = 0; TFR(fd = open(PATH_NET_TUN, O_RDWR)); if (fd 0) { diff --git a/net/tap-solaris.c b/net/tap-solaris.c index 214d95e..9c7278f 100644 --- a/net/tap-solaris.c +++ b/net/tap-solaris.c @@ -173,7 +173,8 @@ static int tap_alloc(char *dev, size_t dev_size) return tap_fd; } -int tap_open(char *ifname, int ifname_size, int *vnet_hdr, int vnet_hdr_required) +int tap_open(char *ifname, int ifname_size, int *vnet_hdr, + int vnet_hdr_required, int mq_required) { char dev[10]=; int fd; diff --git a/net/tap.c b/net/tap.c index 95e557b..072e166 100644 --- a/net/tap.c +++ b/net/tap.c @@ -560,17 +560,10 @@ int net_init_bridge(const NetClientOptions *opts, const char *name, static int net_tap_init(const NetdevTapOptions *tap, int *vnet_hdr, const char *setup_script, char *ifname, -size_t ifname_sz) +size_t ifname_sz, int mq_required) { int fd, vnet_hdr_required; -if (tap-has_ifname) { -pstrcpy(ifname, ifname_sz, tap-ifname); -} else { -assert(ifname_sz 0); -ifname[0] = '\0'; -} - if (tap-has_vnet_hdr) { *vnet_hdr = tap-vnet_hdr; vnet_hdr_required = *vnet_hdr; @@ -579,7 +572,8 @@ static int net_tap_init(const NetdevTapOptions *tap, int *vnet_hdr,
[Qemu-devel] [PATCH V2 15/20] virtio: introduce virtio_del_queue()
Some device (such as virtio-net) needs the ability to destroy or re-order the virtqueues, this patch adds a helper to do this. Signed-off-by: Jason Wang jasowang --- hw/virtio.c |9 + hw/virtio.h |2 ++ 2 files changed, 11 insertions(+), 0 deletions(-) diff --git a/hw/virtio.c b/hw/virtio.c index ca170c3..d8c77b0 100644 --- a/hw/virtio.c +++ b/hw/virtio.c @@ -701,6 +701,15 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, return vdev-vq[i]; } +void virtio_del_queue(VirtIODevice *vdev, int n) +{ +if (n 0 || n = VIRTIO_PCI_QUEUE_MAX) { +abort(); +} + +vdev-vq[n].vring.num = 0; +} + void virtio_irq(VirtQueue *vq) { trace_virtio_irq(vq); diff --git a/hw/virtio.h b/hw/virtio.h index 9cc7b85..d3da1d2 100644 --- a/hw/virtio.h +++ b/hw/virtio.h @@ -181,6 +181,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, void (*handle_output)(VirtIODevice *, VirtQueue *)); +void virtio_del_queue(VirtIODevice *vdev, int n); + void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem, unsigned int len); void virtqueue_flush(VirtQueue *vq, unsigned int count); -- 1.7.1
[Qemu-devel] [PATCH V2 14/20] vhost: multiqueue support
This patch lets vhost support multiqueue. The idea is simple, just launching multiple threads of vhost and let each of vhost thread processing a subset of the virtqueues of the device. After this change each emulated device can have multiple vhost threads as its backend. To do this, a virtqueue index were introduced to record to first virtqueue that will be handled by this vhost_net device. Based on this and nvqs, vhost could calculate its relative index to setup vhost_net device. Since we may have many vhost/net devices for a virtio-net device. The setting of guest notifiers were moved out of the starting/stopping of a specific vhost thread. The vhost_net_{start|stop}() were renamed to vhost_net_{start|stop}_one(), and a new vhost_net_{start|stop}() were introduced to configure the guest notifiers and start/stop all vhost/vhost_net devices. Signed-off-by: Jason Wang jasow...@redhat.com --- hw/vhost.c | 82 +--- hw/vhost.h |2 + hw/vhost_net.c | 92 ++- hw/vhost_net.h |6 ++- hw/virtio-net.c |4 +- 5 files changed, 128 insertions(+), 58 deletions(-) diff --git a/hw/vhost.c b/hw/vhost.c index cee8aad..38257b9 100644 --- a/hw/vhost.c +++ b/hw/vhost.c @@ -619,14 +619,17 @@ static int vhost_virtqueue_start(struct vhost_dev *dev, { hwaddr s, l, a; int r; +int vhost_vq_index = idx - dev-vq_index; struct vhost_vring_file file = { -.index = idx, +.index = vhost_vq_index }; struct vhost_vring_state state = { -.index = idx, +.index = vhost_vq_index }; struct VirtQueue *vvq = virtio_get_queue(vdev, idx); +assert(idx = dev-vq_index idx dev-vq_index + dev-nvqs); + vq-num = state.num = virtio_queue_get_num(vdev, idx); r = ioctl(dev-control, VHOST_SET_VRING_NUM, state); if (r) { @@ -669,11 +672,12 @@ static int vhost_virtqueue_start(struct vhost_dev *dev, goto fail_alloc_ring; } -r = vhost_virtqueue_set_addr(dev, vq, idx, dev-log_enabled); +r = vhost_virtqueue_set_addr(dev, vq, vhost_vq_index, dev-log_enabled); if (r 0) { r = -errno; goto fail_alloc; } + file.fd = event_notifier_get_fd(virtio_queue_get_host_notifier(vvq)); r = ioctl(dev-control, VHOST_SET_VRING_KICK, file); if (r) { @@ -709,9 +713,10 @@ static void vhost_virtqueue_stop(struct vhost_dev *dev, unsigned idx) { struct vhost_vring_state state = { -.index = idx, +.index = idx - dev-vq_index }; int r; +assert(idx = dev-vq_index idx dev-vq_index + dev-nvqs); r = ioctl(dev-control, VHOST_GET_VRING_BASE, state); if (r 0) { fprintf(stderr, vhost VQ %d ring restore failed: %d\n, idx, r); @@ -867,7 +872,9 @@ int vhost_dev_enable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev) } for (i = 0; i hdev-nvqs; ++i) { -r = vdev-binding-set_host_notifier(vdev-binding_opaque, i, true); +r = vdev-binding-set_host_notifier(vdev-binding_opaque, + hdev-vq_index + i, + true); if (r 0) { fprintf(stderr, vhost VQ %d notifier binding failed: %d\n, i, -r); goto fail_vq; @@ -877,7 +884,9 @@ int vhost_dev_enable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev) return 0; fail_vq: while (--i = 0) { -r = vdev-binding-set_host_notifier(vdev-binding_opaque, i, false); +r = vdev-binding-set_host_notifier(vdev-binding_opaque, + hdev-vq_index + i, + false); if (r 0) { fprintf(stderr, vhost VQ %d notifier cleanup error: %d\n, i, -r); fflush(stderr); @@ -898,7 +907,9 @@ void vhost_dev_disable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev) int i, r; for (i = 0; i hdev-nvqs; ++i) { -r = vdev-binding-set_host_notifier(vdev-binding_opaque, i, false); +r = vdev-binding-set_host_notifier(vdev-binding_opaque, + hdev-vq_index + i, + false); if (r 0) { fprintf(stderr, vhost VQ %d notifier cleanup failed: %d\n, i, -r); fflush(stderr); @@ -912,8 +923,9 @@ void vhost_dev_disable_notifiers(struct vhost_dev *hdev, VirtIODevice *vdev) */ bool vhost_virtqueue_pending(struct vhost_dev *hdev, int n) { -struct vhost_virtqueue *vq = hdev-vqs + n; +struct vhost_virtqueue *vq = hdev-vqs + n - hdev-vq_index; assert(hdev-started); +assert(n = hdev-vq_index n hdev-vq_index + hdev-nvqs); return event_notifier_test_and_clear(vq-masked_notifier); } @@ -922,15 +934,16 @@ void vhost_virtqueue_mask(struct vhost_dev *hdev, VirtIODevice *vdev, int
[Qemu-devel] [PATCH V2 19/20] virtio-net: migration support for multiqueue
This patch add migration support for multiqueue virtio-net. Instead of bumping the version, we conditionally send the info of multiqueue only when the device support more than one queue to maintain the backward compatibility. Signed-off-by: Jason Wang jasow...@redhat.com --- hw/virtio-net.c | 35 +-- 1 files changed, 29 insertions(+), 6 deletions(-) diff --git a/hw/virtio-net.c b/hw/virtio-net.c index cec91a7..4eb191f 100644 --- a/hw/virtio-net.c +++ b/hw/virtio-net.c @@ -1069,8 +1069,8 @@ static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue, int ctrl) static void virtio_net_save(QEMUFile *f, void *opaque) { +int i; VirtIONet *n = opaque; -VirtIONetQueue *q = n-vqs[0]; /* At this point, backend must be stopped, otherwise * it might keep writing to memory. */ @@ -1078,7 +1078,7 @@ static void virtio_net_save(QEMUFile *f, void *opaque) virtio_save(n-vdev, f); qemu_put_buffer(f, n-mac, ETH_ALEN); -qemu_put_be32(f, q-tx_waiting); +qemu_put_be32(f, n-vqs[0].tx_waiting); qemu_put_be32(f, n-mergeable_rx_bufs); qemu_put_be16(f, n-status); qemu_put_byte(f, n-promisc); @@ -1094,13 +1094,19 @@ static void virtio_net_save(QEMUFile *f, void *opaque) qemu_put_byte(f, n-nouni); qemu_put_byte(f, n-nobcast); qemu_put_byte(f, n-has_ufo); +if (n-max_queues 1) { +qemu_put_be16(f, n-max_queues); +qemu_put_be16(f, n-curr_queues); +for (i = 1; i n-curr_queues; i++) { +qemu_put_be32(f, n-vqs[i].tx_waiting); +} +} } static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) { VirtIONet *n = opaque; -VirtIONetQueue *q = n-vqs[0]; -int ret, i; +int ret, i, link_down; if (version_id 2 || version_id VIRTIO_NET_VM_VERSION) return -EINVAL; @@ -,7 +1117,7 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) } qemu_get_buffer(f, n-mac, ETH_ALEN); -q-tx_waiting = qemu_get_be32(f); +n-vqs[0].tx_waiting = qemu_get_be32(f); virtio_net_set_mrg_rx_bufs(n, qemu_get_be32(f)); @@ -1181,6 +1187,20 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) } } +if (n-max_queues 1) { +if (n-max_queues != qemu_get_be16(f)) { +error_report(virtio-net: different max_queues ); +return -1; +} + +n-curr_queues = qemu_get_be16(f); +for (i = 1; i n-curr_queues; i++) { +n-vqs[i].tx_waiting = qemu_get_be32(f); +} +} + +virtio_net_set_queues(n); + /* Find the first multicast entry in the saved MAC filter */ for (i = 0; i n-mac_table.in_use; i++) { if (n-mac_table.macs[i * ETH_ALEN] 1) { @@ -1191,7 +1211,10 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) /* nc.link_down can't be migrated, so infer link_down according * to link status bit in n-status */ -qemu_get_queue(n-nic)-link_down = (n-status VIRTIO_NET_S_LINK_UP) == 0; +link_down = (n-status VIRTIO_NET_S_LINK_UP) == 0; +for (i = 0; i n-max_queues; i++) { +qemu_get_subqueue(n-nic, i)-link_down = link_down; +} return 0; } -- 1.7.1
[Qemu-devel] [PATCH V2 20/20] virtio-net: compat multiqueue support
Disable multiqueue support for pre 1.4. Signed-off-by: Jason Wang jasow...@redhat.com --- hw/pc_piix.c |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/hw/pc_piix.c b/hw/pc_piix.c index 0a6923d..7bc3563 100644 --- a/hw/pc_piix.c +++ b/hw/pc_piix.c @@ -297,6 +297,10 @@ static QEMUMachine pc_i440fx_machine_v1_4 = { .driver = usb-tablet,\ .property = usb_version,\ .value= stringify(1),\ +},{ \ +.driver = virtio-net-pci, \ +.property = mq, \ +.value= off, \ } static QEMUMachine pc_machine_v1_3 = { -- 1.7.1
Re: [Qemu-devel] [PATCH] s390: Move hw files to hw/s390x
Am 25.01.2013 um 11:40 schrieb Peter Maydell peter.mayd...@linaro.org: On 25 January 2013 00:18, Alexander Graf ag...@suse.de wrote: This moves all files only used by s390 system emulation to hw/s390x. This only makes sense if our plan is to rearrange the hw/ source files for all targets -- are we going to? Do files for arch-specific kvm devices go in hw/kvm/ or hw/$arch/ ? I'd say let's sort out the obvious ones and then tackle the hard parts. But I don't want my targets to be scattered around through hw/ and hw/$arch as it is the case today. Alex -- PMM
Re: [Qemu-devel] [PATCH for-1.4 v4 01/12] ppc: Move Mac machines to hw/ppc/
Am 25.01.2013 um 11:43 schrieb Peter Maydell peter.mayd...@linaro.org: On 24 January 2013 09:03, Andreas Färber afaer...@suse.de wrote: [PATCH for-1.4 v4 01/12] ppc: Move Mac machines to hw/ppc/ ...so why is a big code movement patch 1.4 material? I would prefer us to wait for 1.5, and then we have a reasonable chance of saying release goal for 1.5 is to have moved all the arch-specific hw files to their new homes. If we commit this for 1.4 then at 1.4 release the source tree will be in an odd halfway statet. It already is. Check out the current source tree. Alex -- PMM
Re: [Qemu-devel] [Openstack][Sheepdog][Libvirt][Qemu]Add a new block storage driver by Libvirt/Qemu way for Openstack
On Sat, Jan 19, 2013 at 10:04 PM, MORITA Kazutaka morita.kazut...@gmail.com wrote: [...] If you do the above work, I think you can use your file system with OpenStack. But I suggest doing them step by step. If your file system is not supported in QEMU, I think libvirt won't support it. If libvirt doesn't support it, OpenStack shouldn't support it too. Hi Mortita, If i just wanna test sheepdog driver in Libvirt separately(without QEMU and Openstack), how should i do this job. You can suppose i wanna test if sheepdog driver, you add, is working well in Libvirt. Could you please give me some suggestions? Thanks in advance ;-) PS: Your patch for Libvirt can be seen here: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=036ad5052b43fe9f0d197e89fd16715950408e1d -- Thanks Harry Wei
[Qemu-devel] [PATCH V2 18/20] virtio-net: multiqueue support
This patch implements both userspace and vhost support for multiple queue virtio-net (VIRTIO_NET_F_MQ). This is done by introducing an array of VirtIONetQueue to VirtIONet. Signed-off-by: Jason Wang jasow...@redhat.com --- hw/virtio-net.c | 317 +++ hw/virtio-net.h | 28 +- 2 files changed, 275 insertions(+), 70 deletions(-) diff --git a/hw/virtio-net.c b/hw/virtio-net.c index ef522d5..cec91a7 100644 --- a/hw/virtio-net.c +++ b/hw/virtio-net.c @@ -44,7 +44,7 @@ typedef struct VirtIONet VirtIODevice vdev; uint8_t mac[ETH_ALEN]; uint16_t status; -VirtIONetQueue vq; +VirtIONetQueue vqs[MAX_QUEUE_NUM]; VirtQueue *ctrl_vq; NICState *nic; uint32_t tx_timeout; @@ -70,14 +70,24 @@ typedef struct VirtIONet } mac_table; uint32_t *vlans; DeviceState *qdev; +int multiqueue; +uint16_t max_queues; +uint16_t curr_queues; +bool queues_changed; } VirtIONet; -static VirtIONetQueue *virtio_net_get_queue(NetClientState *nc) +static VirtIONetQueue *virtio_net_get_subqueue(NetClientState *nc) { VirtIONet *n = qemu_get_nic_opaque(nc); -return n-vq; +return n-vqs[nc-queue_index]; } + +static int vq2q(int queue_index) +{ +return queue_index / 2; +} + /* TODO * - we could suppress RX interrupt if we were so inclined. */ @@ -93,6 +103,7 @@ static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config) struct virtio_net_config netcfg; stw_p(netcfg.status, n-status); +stw_p(netcfg.max_virtqueue_pairs, n-max_queues); memcpy(netcfg.mac, n-mac, ETH_ALEN); memcpy(config, netcfg, sizeof(netcfg)); } @@ -119,6 +130,7 @@ static bool virtio_net_started(VirtIONet *n, uint8_t status) static void virtio_net_vhost_status(VirtIONet *n, uint8_t status) { NetClientState *nc = qemu_get_queue(n-nic); +int queues = n-multiqueue ? n-max_queues : 1; if (!nc-peer) { return; @@ -130,26 +142,27 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t status) if (!tap_get_vhost_net(nc-peer)) { return; } -if (!!n-vhost_started == virtio_net_started(n, status) - !nc-peer-link_down) { + +if (!n-queues_changed +!!n-vhost_started == +(virtio_net_started(n, status) !nc-peer-link_down)) { return; } -if (!n-vhost_started) { +if (!n-vhost_started || n-queues_changed) { int r; if (!vhost_net_query(tap_get_vhost_net(nc-peer), n-vdev)) { return; } n-vhost_started = 1; -r = vhost_net_start(n-vdev, nc, 1, 1); +r = vhost_net_start(n-vdev, n-nic-ncs, n-curr_queues, queues); if (r 0) { error_report(unable to start vhost net: %d: falling back on userspace virtio, -r); n-vhost_started = 0; -} else { -n-vhost_started = 1; } +n-queues_changed = false; } else { -vhost_net_stop(n-vdev, nc, 1, 1); +vhost_net_stop(n-vdev, n-nic-ncs, n-curr_queues, queues); n-vhost_started = 0; } } @@ -157,26 +170,38 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t status) static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status) { VirtIONet *n = to_virtio_net(vdev); -VirtIONetQueue *q = n-vq; +VirtIONetQueue *q; +int i; +uint8_t queue_status; virtio_net_vhost_status(n, status); -if (!q-tx_waiting) { -return; -} +for (i = 0; i n-max_queues; i++) { +q = n-vqs[i]; -if (virtio_net_started(n, status) !n-vhost_started) { -if (q-tx_timer) { -qemu_mod_timer(q-tx_timer, - qemu_get_clock_ns(vm_clock) + n-tx_timeout); +if ((!n-multiqueue i != 0) || i = n-curr_queues) { +queue_status = 0; } else { -qemu_bh_schedule(q-tx_bh); +queue_status = status; } -} else { -if (q-tx_timer) { -qemu_del_timer(q-tx_timer); + +if (!q-tx_waiting) { +continue; +} + +if (virtio_net_started(n, queue_status) !n-vhost_started) { +if (q-tx_timer) { +qemu_mod_timer(q-tx_timer, + qemu_get_clock_ns(vm_clock) + n-tx_timeout); +} else { +qemu_bh_schedule(q-tx_bh); +} } else { -qemu_bh_cancel(q-tx_bh); +if (q-tx_timer) { +qemu_del_timer(q-tx_timer); +} else { +qemu_bh_cancel(q-tx_bh); +} } } } @@ -208,6 +233,9 @@ static void virtio_net_reset(VirtIODevice *vdev) n-nomulti = 0; n-nouni = 0; n-nobcast = 0; +/* multiqueue is disabled by default */ +n-curr_queues = 1; +n-queues_changed = 0; /* Flush any MAC and VLAN filter table
Re: [Qemu-devel] [PATCH] s390: Move hw files to hw/s390x
Il 25/01/2013 11:40, Peter Maydell ha scritto: On 25 January 2013 00:18, Alexander Graf ag...@suse.de wrote: This moves all files only used by s390 system emulation to hw/s390x. This only makes sense if our plan is to rearrange the hw/ source files for all targets -- are we going to? Do files for arch-specific kvm devices go in hw/kvm/ or hw/$arch/ ? I'd say hw/$arch/kvm :) Paolo
[Qemu-devel] [PATCH V2 04/20] net: introduce qemu_find_net_clients_except()
In multiqueue, all NetClientState that belongs to the same netdev or nic has the same id. So this patches introduces an helper qemu_find_net_clients_except() which finds all NetClientState with the same id. This will be used by multiqueue networking. Signed-off-by: Jason Wang jasow...@redhat.com --- include/net/net.h |2 ++ net/net.c | 21 + 2 files changed, 23 insertions(+), 0 deletions(-) diff --git a/include/net/net.h b/include/net/net.h index f0d1aa2..995df5c 100644 --- a/include/net/net.h +++ b/include/net/net.h @@ -68,6 +68,8 @@ typedef struct NICState { } NICState; NetClientState *qemu_find_netdev(const char *id); +int qemu_find_net_clients_except(const char *id, NetClientState **ncs, + NetClientOptionsKind type, int max); NetClientState *qemu_new_net_client(NetClientInfo *info, NetClientState *peer, const char *model, diff --git a/net/net.c b/net/net.c index 8999f8d..6457fc0 100644 --- a/net/net.c +++ b/net/net.c @@ -508,6 +508,27 @@ NetClientState *qemu_find_netdev(const char *id) return NULL; } +int qemu_find_net_clients_except(const char *id, NetClientState **ncs, + NetClientOptionsKind type, int max) +{ +NetClientState *nc; +int ret = 0; + +QTAILQ_FOREACH(nc, net_clients, next) { +if (nc-info-type == type) { +continue; +} +if (!strcmp(nc-name, id)) { +if (ret max) { +ncs[ret] = nc; +} +ret++; +} +} + +return ret; +} + static int nic_get_free_idx(void) { int index; -- 1.7.1
Re: [Qemu-devel] [PATCH for-1.4 v4 01/12] ppc: Move Mac machines to hw/ppc/
On 25.01.2013, at 10:36, Andreas Färber wrote: Am 24.01.2013 10:03, schrieb Andreas Färber: Signed-off-by: Andreas Färber afaer...@suse.de --- hw/cuda.c |2 +- hw/grackle_pci.c |2 +- hw/heathrow_pic.c |2 +- hw/ide/macio.c|6 +++--- hw/mac_nvram.c|2 +- hw/macio.c|2 +- hw/openpic.c |2 +- hw/ppc/Makefile.objs |9 + hw/{ppc_mac.h = ppc/mac.h} |0 hw/{ppc_newworld.c = ppc/mac_newworld.c} | 28 ++-- hw/{ppc_oldworld.c = ppc/mac_oldworld.c} | 26 +- hw/unin_pci.c |2 +- 12 Dateien geändert, 42 Zeilen hinzugefügt(+), 41 Zeilen entfernt(-) rename hw/{ppc_mac.h = ppc/mac.h} (100%) rename hw/{ppc_newworld.c = ppc/mac_newworld.c} (98%) rename hw/{ppc_oldworld.c = ppc/mac_oldworld.c} (97%) As you noticed I forgot to update MAINTAINERS. Please squash the following fix: Done, thanks :) Alex
Re: [Qemu-devel] [Qemu-ppc] [PATCH 3/6] target-ppc: Synchronize more SPRs to KVM using ONE_REG interface
On 25.01.2013, at 03:39, David Gibson wrote: On Thu, Jan 24, 2013 at 05:32:42PM +0100, Alexander Graf wrote: On 24.01.2013, at 04:20, David Gibson wrote: There are currently a batch of occasionally used SPRs whose state we do not synchronize with KVM. This might be a problem for debugging, and will definitely be a problem for savevm / migration. KVM now supports accessing these registers via the KVM_{GET,SET}_ONE_REG interface, so this patch wires up the code to use this on the qemu side. Signed-off-by: David Gibson da...@gibson.dropbear.id.au --- target-ppc/cpu.h |4 ++ target-ppc/kvm.c | 142 ++ 2 files changed, 136 insertions(+), 10 deletions(-) diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h index 953146e..6cb79fe 100644 --- a/target-ppc/cpu.h +++ b/target-ppc/cpu.h @@ -1319,6 +1319,7 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp) #define SPR_MPC_CMPH (0x09B) #define SPR_MPC_LCTRL1(0x09C) #define SPR_MPC_LCTRL2(0x09D) +#define SPR_UAMOR (0x09D) #define SPR_MPC_ICTRL (0x09E) #define SPR_MPC_BAR (0x09F) #define SPR_VRSAVE(0x100) @@ -1535,6 +1536,7 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp) #define SPR_UPERF0(0x310) #define SPR_UPERF1(0x311) #define SPR_UPERF2(0x312) +#define SPR_MMCRA (0x312) #define SPR_UPERF3(0x313) #define SPR_620_PMC1W (0x313) #define SPR_UPERF4(0x314) @@ -1544,7 +1546,9 @@ static inline void cpu_clone_regs(CPUPPCState *env, target_ulong newsp) #define SPR_UPERF7(0x317) #define SPR_UPERF8(0x318) #define SPR_UPERF9(0x319) +#define SPR_PMC7 (0x319) #define SPR_UPERFA(0x31A) +#define SPR_PMC8 (0x31A) #define SPR_UPERFB(0x31B) #define SPR_620_MMCR0W(0x31B) #define SPR_UPERFC(0x31C) diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c index 2f4f068..7604d0b 100644 --- a/target-ppc/kvm.c +++ b/target-ppc/kvm.c @@ -61,6 +61,7 @@ static int cap_ppc_smt; static int cap_ppc_rma; static int cap_spapr_tce; static int cap_hior; +static int cap_one_reg; /* XXX We have a race condition where we actually have a level triggered * interrupt, but the infrastructure can't expose that yet, so the guest @@ -89,6 +90,7 @@ int kvm_arch_init(KVMState *s) cap_ppc_smt = kvm_check_extension(s, KVM_CAP_PPC_SMT); cap_ppc_rma = kvm_check_extension(s, KVM_CAP_PPC_RMA); cap_spapr_tce = kvm_check_extension(s, KVM_CAP_SPAPR_TCE); +cap_one_reg = kvm_check_extension(s, KVM_CAP_ONE_REG); cap_hior = kvm_check_extension(s, KVM_CAP_PPC_HIOR); if (!cap_interrupt_level) { @@ -444,6 +446,76 @@ static void kvm_sw_tlb_put(PowerPCCPU *cpu) g_free(bitmap); } +static void kvm_get_one_spr(CPUState *cs, uint64_t id, int spr) +{ +PowerPCCPU *cpu = POWERPC_CPU(cs); +CPUPPCState *env = cpu-env; +union { +uint32_t u32; +uint64_t u64; +} val; +struct kvm_one_reg reg = { +.id = id, +.addr = (uintptr_t) val, +}; +int ret; + +ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, reg); +if (ret != 0) { +fprintf(stderr, Warning: Unable to retrieve SPR %d from KVM: %s\n, +spr, strerror(errno)); Any way you could make this a WARN_ONCE style message? Uh.. I guess. Afaict, qemu doesn't have any infrastructure for that, so I'd have to roll my own. As I stated in a later patch review, I think it makes sense to just not print anything by default. Usually, you would do if (cap_foo) { get_one_spr(...); } right? With one_reg I consciously omitted caps for every register, because you can just as well read and push the reg itself and thus know whether it works. So if you translate that to the above code, it would mean get_one_spr(...); without error message would be semantically identical to the first version. It would however make sense to have a debug print version in case you want to know why something goes wrong. It might also make sense to have an initial get_one_spr() or so for a FULL register push to warn the user that live migration will not work on his machine. Alex
Re: [Qemu-devel] [RFC 1/3] qtest: Prepare hypercall support
On 23.01.2013, at 11:01, Andreas Färber wrote: Signed-off-by: Andreas Färber afaer...@suse.de --- include/sysemu/qtest.h |2 ++ qtest.c| 26 ++ stubs/Makefile.objs|1 + stubs/qtest.c | 12 tests/libqtest.c | 21 + tests/libqtest.h | 17 + 6 Dateien geändert, 79 Zeilen hinzugefügt(+) create mode 100644 stubs/qtest.c diff --git a/include/sysemu/qtest.h b/include/sysemu/qtest.h index 723a4f9..75ab29d 100644 --- a/include/sysemu/qtest.h +++ b/include/sysemu/qtest.h @@ -32,6 +32,8 @@ static inline int qtest_available(void) } int qtest_init(void); +bool qtest_hypercall_supported(void); +int qtest_hypercall(uint64_t code, uint64_t *args); #else static inline bool qtest_enabled(void) { diff --git a/qtest.c b/qtest.c index c9b58ce..a5b54e3 100644 --- a/qtest.c +++ b/qtest.c @@ -117,6 +117,11 @@ static bool qtest_opened; * where NUM is an IRQ number. For the PC, interrupts can be intercepted * simply with irq_intercept_in ioapic (note that IRQ0 comes out with * NUM=0 even though it is remapped to GSI 2). + * + * Hypercalls: + * + * hypercall CODE + * OK */ static int hex2nib(char ch) @@ -344,6 +349,27 @@ static void qtest_process_command(CharDriverState *chr, gchar **words) qtest_clock_warp(ns); qtest_send_prefix(chr); qtest_send(chr, OK %PRIi64\n, (int64_t)qemu_get_clock_ns(vm_clock)); +} else if (strcmp(words[0], hypercall) == 0 I don't think we will be able to find a common dominator for hypercall ABIs across the board. So this one should be called s390_kvm_hypercall, as that's what you are really modeling :). Alex + qtest_hypercall_supported()) { +uint64_t code; +uint64_t args[13]; +int ret, i; + +g_assert(words[1] != NULL); +code = strtoull(words[1], NULL, 0); + +memset(args, 0, sizeof(args)); +for (i = 0; i 13 words[2 + i] != NULL; i++) { +args[i] = strtoull(words[2 + i], NULL, 0); +} + +ret = qtest_hypercall(code, args); +qtest_send_prefix(chr); +if (ret 0) { +qtest_send(chr, ERR 0x%x\n, ret); +return; +} +qtest_send(chr, OK 0x%x\n, ret); } else { qtest_send_prefix(chr); qtest_send(chr, FAIL Unknown command `%s'\n, words[0]); diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs index a260394..50fb2a7 100644 --- a/stubs/Makefile.objs +++ b/stubs/Makefile.objs @@ -15,6 +15,7 @@ stub-obj-y += mon-printf.o stub-obj-y += mon-print-filename.o stub-obj-y += mon-protocol-event.o stub-obj-y += mon-set-error.o +stub-obj-y += qtest.o stub-obj-y += reset.o stub-obj-y += set-fd-handler.o stub-obj-y += slirp.o diff --git a/stubs/qtest.c b/stubs/qtest.c new file mode 100644 index 000..8860e4f --- /dev/null +++ b/stubs/qtest.c @@ -0,0 +1,12 @@ +#include qemu-common.h +#include sysemu/qtest.h + +bool qtest_hypercall_supported(void) +{ +return false; +} + +int qtest_hypercall(uint64_t code, uint64_t *args) +{ +return -EINVAL; +} diff --git a/tests/libqtest.c b/tests/libqtest.c index 913fa05..5eb9521 100644 --- a/tests/libqtest.c +++ b/tests/libqtest.c @@ -476,3 +476,24 @@ void qtest_memwrite(QTestState *s, uint64_t addr, const void *data, size_t size) qtest_sendf(s, \n); qtest_rsp(s, 0); } + +uint64_t qtest_hypercall(QTestState *s, uint64_t code, int argc, ...) +{ +va_list va; +gchar **args; +uint64_t resp, arg; +int i; + +qtest_sendf(s, hypercall 0x% PRIx64, code); +va_start(va, argc); +for (i = 0; i argc; i++) { +arg = va_arg(va, uint64_t); +qtest_sendf(s, 0x% PRIx64, arg); +} +va_end(va); +qtest_sendf(s, \n); +args = qtest_rsp(s, 2); +resp = g_ascii_strtoull(args[1], NULL, 0); +g_strfreev(args); +return resp; +} diff --git a/tests/libqtest.h b/tests/libqtest.h index c8ade85..3a5a8f9 100644 --- a/tests/libqtest.h +++ b/tests/libqtest.h @@ -187,6 +187,15 @@ int64_t qtest_clock_step(QTestState *s, int64_t step); int64_t qtest_clock_set(QTestState *s, int64_t val); /** + * qtest_hypercall: + * @s: QTestState instance to operate on. + * @code: Hypercall code to call. + * + * Peform a hypercall @code on the guest. + */ +uint64_t qtest_hypercall(QTestState *s, uint64_t code, int argc, ...); + +/** * qtest_get_arch: * * Returns the architecture for the QEMU executable under test. @@ -349,4 +358,12 @@ void qtest_add_func(const char *str, void (*fn)); */ #define clock_set(val) qtest_clock_set(global_qtest, val) +/** + * hypercall: + * @code: Hypercall code. + * + * Invokes a hypercall in the guest. + */ +#define hypercall(code, argc, ...) qtest_hypercall(global_qtest, code, argc, ## __VA_ARGS__) + #endif -- 1.7.10.4
[Qemu-devel] [PATCH V2 09/20] tap: factor out common tap initialization
This patch factors out the common initialization of tap into a new helper net_init_tap_one(). This will be used by multiqueue tap patches. Signed-off-by: Jason Wang jasow...@redhat.com --- net/tap.c | 130 ++--- 1 files changed, 73 insertions(+), 57 deletions(-) diff --git a/net/tap.c b/net/tap.c index eb40c42..67080f1 100644 --- a/net/tap.c +++ b/net/tap.c @@ -593,6 +593,73 @@ static int net_tap_init(const NetdevTapOptions *tap, int *vnet_hdr, return fd; } +static int net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, +const char *model, const char *name, +const char *ifname, const char *script, +const char *downscript, const char *vhostfdname, +int vnet_hdr, int fd) +{ +TAPState *s; + +s = net_tap_fd_init(peer, model, name, fd, vnet_hdr); +if (!s) { +close(fd); +return -1; +} + +if (tap_set_sndbuf(s-fd, tap) 0) { +return -1; +} + +if (tap-has_fd) { +snprintf(s-nc.info_str, sizeof(s-nc.info_str), fd=%d, fd); +} else if (tap-has_helper) { +snprintf(s-nc.info_str, sizeof(s-nc.info_str), helper=%s, + tap-helper); +} else { +const char *downscript; + +downscript = tap-has_downscript ? tap-downscript : +DEFAULT_NETWORK_DOWN_SCRIPT; + +snprintf(s-nc.info_str, sizeof(s-nc.info_str), + ifname=%s,script=%s,downscript=%s, ifname, script, + downscript); + +if (strcmp(downscript, no) != 0) { +snprintf(s-down_script, sizeof(s-down_script), %s, downscript); +snprintf(s-down_script_arg, sizeof(s-down_script_arg), + %s, ifname); +} +} + +if (tap-has_vhost ? tap-vhost : +vhostfdname || (tap-has_vhostforce tap-vhostforce)) { +int vhostfd; + +if (tap-has_vhostfd) { +vhostfd = monitor_handle_fd_param(cur_mon, vhostfdname); +if (vhostfd == -1) { +return -1; +} +} else { +vhostfd = -1; +} + +s-vhost_net = vhost_net_init(s-nc, vhostfd, + tap-has_vhostforce tap-vhostforce); +if (!s-vhost_net) { +error_report(vhost-net requested but could not be initialized); +return -1; +} +} else if (tap-has_vhostfd) { +error_report(vhostfd= is not valid without vhost); +return -1; +} + +return 0; +} + int net_init_tap(const NetClientOptions *opts, const char *name, NetClientState *peer) { @@ -600,10 +667,10 @@ int net_init_tap(const NetClientOptions *opts, const char *name, int fd, vnet_hdr = 0; const char *model; -TAPState *s; /* for the no-fd, no-helper case */ const char *script = NULL; /* suppress wrong uninit'd use gcc warning */ +const char *downscript = NULL; char ifname[128]; assert(opts-kind == NET_CLIENT_OPTIONS_KIND_TAP); @@ -649,6 +716,8 @@ int net_init_tap(const NetClientOptions *opts, const char *name, } else { script = tap-has_script ? tap-script : DEFAULT_NETWORK_SCRIPT; +downscript = tap-has_downscript ? tap-downscript : +DEFAULT_NETWORK_DOWN_SCRIPT; fd = net_tap_init(tap, vnet_hdr, script, ifname, sizeof ifname); if (fd == -1) { return -1; @@ -657,62 +726,9 @@ int net_init_tap(const NetClientOptions *opts, const char *name, model = tap; } -s = net_tap_fd_init(peer, model, name, fd, vnet_hdr); -if (!s) { -close(fd); -return -1; -} - -if (tap_set_sndbuf(s-fd, tap) 0) { -return -1; -} - -if (tap-has_fd) { -snprintf(s-nc.info_str, sizeof(s-nc.info_str), fd=%d, fd); -} else if (tap-has_helper) { -snprintf(s-nc.info_str, sizeof(s-nc.info_str), helper=%s, - tap-helper); -} else { -const char *downscript; - -downscript = tap-has_downscript ? tap-downscript : - DEFAULT_NETWORK_DOWN_SCRIPT; - -snprintf(s-nc.info_str, sizeof(s-nc.info_str), - ifname=%s,script=%s,downscript=%s, ifname, script, - downscript); - -if (strcmp(downscript, no) != 0) { -snprintf(s-down_script, sizeof(s-down_script), %s, downscript); -snprintf(s-down_script_arg, sizeof(s-down_script_arg), %s, ifname); -} -} - -if (tap-has_vhost ? tap-vhost : -tap-has_vhostfd || (tap-has_vhostforce tap-vhostforce)) { -int vhostfd; - -if (tap-has_vhostfd) { -vhostfd = monitor_handle_fd_param(cur_mon, tap-vhostfd); -if (vhostfd == -1) { -return -1; -} -} else { -vhostfd =
Re: [Qemu-devel] [PATCH for-1.4] s390-virtio: Check for NULL device in reset hypercall
On 23.01.2013, at 10:24, Andreas Färber wrote: s390_virtio_bus_find_mem() may return a NULL VirtIOS390Device. If called with, e.g., args[0] == 0, this leads to a segfault. Fix this by adding error handling as done for other hypercalls. Present since baf0b55a9e57b909b1f8b0f732c0b10242867418 (Implement virtio reset). Cc: qemu-sta...@nongnu.org Signed-off-by: Andreas Färber afaer...@suse.de Thanks, applied to s390-next. Alex
[Qemu-devel] [PATCH V2 05/20] net: introduce qemu_net_client_setup()
This patch separates the setup of NetClientState from its allocation, this will allow allocating an arrays of NetClientState and does the initialization one by one which is what multiqueue needs. Signed-off-by: Jason Wang jasow...@redhat.com --- net/net.c | 29 +++-- 1 files changed, 19 insertions(+), 10 deletions(-) diff --git a/net/net.c b/net/net.c index 6457fc0..4e84d54 100644 --- a/net/net.c +++ b/net/net.c @@ -182,17 +182,12 @@ static char *assign_name(NetClientState *nc1, const char *model) return g_strdup(buf); } -NetClientState *qemu_new_net_client(NetClientInfo *info, -NetClientState *peer, -const char *model, -const char *name) +static void qemu_net_client_setup(NetClientState *nc, + NetClientInfo *info, + NetClientState *peer, + const char *model, + const char *name) { -NetClientState *nc; - -assert(info-size = sizeof(NetClientState)); - -nc = g_malloc0(info-size); - nc-info = info; nc-model = g_strdup(model); if (name) { @@ -210,6 +205,20 @@ NetClientState *qemu_new_net_client(NetClientInfo *info, nc-send_queue = qemu_new_net_queue(nc); +} + +NetClientState *qemu_new_net_client(NetClientInfo *info, +NetClientState *peer, +const char *model, +const char *name) +{ +NetClientState *nc; + +assert(info-size = sizeof(NetClientState)); + +nc = g_malloc0(info-size); +qemu_net_client_setup(nc, info, peer, model, name); + return nc; } -- 1.7.1
Re: [Qemu-devel] [PATCH 1/8] fw_cfg: Replace debug prints by tracepoints
On Thu, Jan 24, 2013 at 11:46:28AM +0100, Peter Lieven wrote: Am 24.01.2013 um 11:41 schrieb Andreas Färber afaer...@suse.de: Am 24.01.2013 11:32, schrieb Markus Armbruster: Peter Lieven p...@dlhnet.de writes: Latest git doesn't compile with this patch: hw/fw_cfg.c: In function 'fw_cfg_write': hw/fw_cfg.c:207:5: error: implicit declaration of function trace_fw_cfg_write' [-Werror=implicit-function-declaration] hw/fw_cfg.c:207:5: error: nested extern declaration of trace_fw_cfg_write' [-Werror=nested-externs] hw/fw_cfg.c: In function 'fw_cfg_select': hw/fw_cfg.c:232:5: error: implicit declaration of function trace_fw_cfg_select' [-Werror=implicit-function-declaration] hw/fw_cfg.c:232:5: error: nested extern declaration of trace_fw_cfg_select' [-Werror=nested-externs] hw/fw_cfg.c: In function 'fw_cfg_read': hw/fw_cfg.c:247:5: error: implicit declaration of function trace_fw_cfg_read' [-Werror=implicit-function-declaration] hw/fw_cfg.c:247:5: error: nested extern declaration of trace_fw_cfg_read' [-Werror=nested-externs] hw/fw_cfg.c: In function 'fw_cfg_add_file': hw/fw_cfg.c:460:13: error: implicit declaration of function trace_fw_cfg_add_file_dupe' [-Werror=implicit-function-declaration] hw/fw_cfg.c:460:13: error: nested extern declaration of trace_fw_cfg_add_file_dupe' [-Werror=nested-externs] hw/fw_cfg.c:467:5: error: implicit declaration of function trace_fw_cfg_add_file' [-Werror=implicit-function-declaration] hw/fw_cfg.c:467:5: error: nested extern declaration of trace_fw_cfg_add_file' [-Werror=nested-externs] cc1: all warnings being treated as errors make: *** [hw/fw_cfg.o] Error 1 Compiles fine for me. What happens if you blow away your build tree and start over? In my experience, rebuilding of trace-related stuff is rather fragile... There were some recent changes ... there's probably a stale trace.h and trace.c in the build directory. removing trace.c and trace.h is not enough, but a fresh clone of the repository works. are there any more such files? If you hit other issues you can avoid them using a build directory: $ mkdir build $ cd build $ path/to/qemu/configure ... $ make It places all generated files and build products into this directory. Simply 'rm -rf build' to start from a clean slate. Stefan
[Qemu-devel] [PATCH V2 16/20] virtio: add a queue_index to VirtQueue
Add a queue_index to VirtQueue and a helper to fetch it, this could be used by multiqueue supported device. Signed-off-by: Jason Wang jasow...@redhat.com --- hw/virtio.c |8 hw/virtio.h |1 + 2 files changed, 9 insertions(+), 0 deletions(-) diff --git a/hw/virtio.c b/hw/virtio.c index d8c77b0..e259348 100644 --- a/hw/virtio.c +++ b/hw/virtio.c @@ -73,6 +73,8 @@ struct VirtQueue /* Notification enabled? */ bool notification; +uint16_t queue_index; + int inuse; uint16_t vector; @@ -931,6 +933,7 @@ void virtio_init(VirtIODevice *vdev, const char *name, for (i = 0; i VIRTIO_PCI_QUEUE_MAX; i++) { vdev-vq[i].vector = VIRTIO_NO_VECTOR; vdev-vq[i].vdev = vdev; +vdev-vq[i].queue_index = i; } vdev-name = name; @@ -1018,6 +1021,11 @@ VirtQueue *virtio_get_queue(VirtIODevice *vdev, int n) return vdev-vq + n; } +uint16_t virtio_get_queue_index(VirtQueue *vq) +{ +return vq-queue_index; +} + static void virtio_queue_guest_notifier_read(EventNotifier *n) { VirtQueue *vq = container_of(n, VirtQueue, guest_notifier); diff --git a/hw/virtio.h b/hw/virtio.h index d3da1d2..a29a54d 100644 --- a/hw/virtio.h +++ b/hw/virtio.h @@ -280,6 +280,7 @@ hwaddr virtio_queue_get_ring_size(VirtIODevice *vdev, int n); uint16_t virtio_queue_get_last_avail_idx(VirtIODevice *vdev, int n); void virtio_queue_set_last_avail_idx(VirtIODevice *vdev, int n, uint16_t idx); VirtQueue *virtio_get_queue(VirtIODevice *vdev, int n); +uint16_t virtio_get_queue_index(VirtQueue *vq); int virtio_queue_get_id(VirtQueue *vq); EventNotifier *virtio_queue_get_guest_notifier(VirtQueue *vq); void virtio_queue_set_guest_notifier_fd_handler(VirtQueue *vq, bool assign, -- 1.7.1
[Qemu-devel] [PATCH V2 10/20] tap: add Linux multiqueue support
This patch add basic multiqueue support for Linux. When multiqueue is needed, we will first check whether kernel support multiqueue tap before creating more queues. Two new functions tap_fd_enable() and tap_fd_disable() were introduced to enable and disable a specific queue. Since the multiqueue is only supported in Linux, return error on other platforms. Signed-off-by: Jason Wang jasow...@redhat.com --- net/tap-aix.c | 10 ++ net/tap-bsd.c | 11 +++ net/tap-haiku.c | 11 +++ net/tap-linux.c | 52 net/tap-solaris.c | 11 +++ net/tap_int.h |2 ++ 6 files changed, 97 insertions(+), 0 deletions(-) diff --git a/net/tap-aix.c b/net/tap-aix.c index aff6c52..66e0574 100644 --- a/net/tap-aix.c +++ b/net/tap-aix.c @@ -59,3 +59,13 @@ void tap_fd_set_offload(int fd, int csum, int tso4, int tso6, int ecn, int ufo) { } + +int tap_fd_enable(int fd) +{ +return -1; +} + +int tap_fd_disable(int fd) +{ +return -1; +} diff --git a/net/tap-bsd.c b/net/tap-bsd.c index 01c705b..cfc7a28 100644 --- a/net/tap-bsd.c +++ b/net/tap-bsd.c @@ -145,3 +145,14 @@ void tap_fd_set_offload(int fd, int csum, int tso4, int tso6, int ecn, int ufo) { } + +int tap_fd_enable(int fd) +{ +return -1; +} + +int tap_fd_disable(int fd) +{ +return -1; +} + diff --git a/net/tap-haiku.c b/net/tap-haiku.c index 08cc034..664d40f 100644 --- a/net/tap-haiku.c +++ b/net/tap-haiku.c @@ -59,3 +59,14 @@ void tap_fd_set_offload(int fd, int csum, int tso4, int tso6, int ecn, int ufo) { } + +int tap_fd_enable(int fd) +{ +return -1; +} + +int tap_fd_disable(int fd) +{ +return -1; +} + diff --git a/net/tap-linux.c b/net/tap-linux.c index 059f5f3..60ea8d0 100644 --- a/net/tap-linux.c +++ b/net/tap-linux.c @@ -41,6 +41,7 @@ int tap_open(char *ifname, int ifname_size, int *vnet_hdr, int vnet_hdr_required struct ifreq ifr; int fd, ret; int len = sizeof(struct virtio_net_hdr); +int mq_required = 0; TFR(fd = open(PATH_NET_TUN, O_RDWR)); if (fd 0) { @@ -76,6 +77,20 @@ int tap_open(char *ifname, int ifname_size, int *vnet_hdr, int vnet_hdr_required ioctl(fd, TUNSETVNETHDRSZ, len); } +if (mq_required) { +unsigned int features; + +if ((ioctl(fd, TUNGETFEATURES, features) != 0) || +!(features IFF_MULTI_QUEUE)) { +error_report(multiqueue required, but no kernel + support for IFF_MULTI_QUEUE available); +close(fd); +return -1; +} else { +ifr.ifr_flags |= IFF_MULTI_QUEUE; +} +} + if (ifname[0] != '\0') pstrcpy(ifr.ifr_name, IFNAMSIZ, ifname); else @@ -209,3 +224,40 @@ void tap_fd_set_offload(int fd, int csum, int tso4, } } } + +/* Enable a specific queue of tap. */ +int tap_fd_enable(int fd) +{ +struct ifreq ifr; +int ret; + +memset(ifr, 0, sizeof(ifr)); + +ifr.ifr_flags = IFF_ATTACH_QUEUE; +ret = ioctl(fd, TUNSETQUEUE, (void *) ifr); + +if (ret != 0) { +error_report(could not enable queue); +} + +return ret; +} + +/* Disable a specific queue of tap/ */ +int tap_fd_disable(int fd) +{ +struct ifreq ifr; +int ret; + +memset(ifr, 0, sizeof(ifr)); + +ifr.ifr_flags = IFF_DETACH_QUEUE; +ret = ioctl(fd, TUNSETQUEUE, (void *) ifr); + +if (ret != 0) { +error_report(could not disable queue); +} + +return ret; +} + diff --git a/net/tap-solaris.c b/net/tap-solaris.c index 486a7ea..12cc392 100644 --- a/net/tap-solaris.c +++ b/net/tap-solaris.c @@ -225,3 +225,14 @@ void tap_fd_set_offload(int fd, int csum, int tso4, int tso6, int ecn, int ufo) { } + +int tap_fd_enable(int fd) +{ +return -1; +} + +int tap_fd_disable(int fd) +{ +return -1; +} + diff --git a/net/tap_int.h b/net/tap_int.h index 1dffe12..ca1c21b 100644 --- a/net/tap_int.h +++ b/net/tap_int.h @@ -42,5 +42,7 @@ int tap_probe_vnet_hdr_len(int fd, int len); int tap_probe_has_ufo(int fd); void tap_fd_set_offload(int fd, int csum, int tso4, int tso6, int ecn, int ufo); void tap_fd_set_vnet_hdr_len(int fd, int len); +int tap_fd_enable(int fd); +int tap_fd_disable(int fd); #endif /* QEMU_TAP_H */ -- 1.7.1
[Qemu-devel] [PATCH V2 12/20] tap: introduce a helper to get the name of an interface
This patch introduces a helper tap_get_ifname() to get the device name of tap device. This is needed when ifname is unspecified in the command line and qemu were asked to create tap device by itself. In this situation, the name were allocated by kernel, so if multiqueue is asked, we need to fetch its name after creating the first queue. Only linux has this support since it's the only platform that supports multiqueue tap. Signed-off-by: Jason Wang jasow...@redhat.com --- include/net/tap.h |1 + net/tap-aix.c |6 ++ net/tap-bsd.c |4 net/tap-haiku.c |4 net/tap-linux.c | 13 + net/tap-solaris.c |4 net/tap_int.h |1 + 7 files changed, 33 insertions(+), 0 deletions(-) diff --git a/include/net/tap.h b/include/net/tap.h index 0caf8c4..c523ff0 100644 --- a/include/net/tap.h +++ b/include/net/tap.h @@ -37,6 +37,7 @@ void tap_set_offload(NetClientState *nc, int csum, int tso4, int tso6, int ecn, void tap_set_vnet_hdr_len(NetClientState *nc, int len); int tap_enable(NetClientState *nc); int tap_disable(NetClientState *nc); +int tap_get_ifname(NetClientState *nc, char *ifname); int tap_get_fd(NetClientState *nc); diff --git a/net/tap-aix.c b/net/tap-aix.c index 66e0574..e760e9a 100644 --- a/net/tap-aix.c +++ b/net/tap-aix.c @@ -69,3 +69,9 @@ int tap_fd_disable(int fd) { return -1; } + +int tap_fd_get_ifname(int fd, char *ifname) +{ +return -1; +} + diff --git a/net/tap-bsd.c b/net/tap-bsd.c index cfc7a28..4f22109 100644 --- a/net/tap-bsd.c +++ b/net/tap-bsd.c @@ -156,3 +156,7 @@ int tap_fd_disable(int fd) return -1; } +int tap_fd_get_ifname(int fd, char *ifname) +{ +return -1; +} diff --git a/net/tap-haiku.c b/net/tap-haiku.c index 664d40f..b3b5fbb 100644 --- a/net/tap-haiku.c +++ b/net/tap-haiku.c @@ -70,3 +70,7 @@ int tap_fd_disable(int fd) return -1; } +int tap_fd_get_ifname(int fd, char *ifname) +{ +return -1; +} diff --git a/net/tap-linux.c b/net/tap-linux.c index 60ea8d0..6827c2a 100644 --- a/net/tap-linux.c +++ b/net/tap-linux.c @@ -261,3 +261,16 @@ int tap_fd_disable(int fd) return ret; } +int tap_fd_get_ifname(int fd, char *ifname) +{ +struct ifreq ifr; + +if (ioctl(fd, TUNGETIFF, ifr) != 0) { +error_report(TUNGETIFF ioctl() failed: %s, + strerror(errno)); +return -1; +} + +pstrcpy(ifname, sizeof(ifr.ifr_name), ifr.ifr_name); +return 0; +} diff --git a/net/tap-solaris.c b/net/tap-solaris.c index 12cc392..214d95e 100644 --- a/net/tap-solaris.c +++ b/net/tap-solaris.c @@ -236,3 +236,7 @@ int tap_fd_disable(int fd) return -1; } +int tap_fd_get_ifname(int fd, char *ifname) +{ +return -1; +} diff --git a/net/tap_int.h b/net/tap_int.h index ca1c21b..125f83d 100644 --- a/net/tap_int.h +++ b/net/tap_int.h @@ -44,5 +44,6 @@ void tap_fd_set_offload(int fd, int csum, int tso4, int tso6, int ecn, int ufo); void tap_fd_set_vnet_hdr_len(int fd, int len); int tap_fd_enable(int fd); int tap_fd_disable(int fd); +int tap_fd_get_ifname(int fd, char *ifname); #endif /* QEMU_TAP_H */ -- 1.7.1
[Qemu-devel] [PATCH V2 17/20] virtio-net: separate virtqueue from VirtIONet
To support multiqueue virtio-net, the first step is to separate the virtqueue related fields from VirtIONet to a new structure VirtIONetQueue. The following patches will add an array of VirtIONetQueue to VirtIONet based on this patch. Signed-off-by: Jason Wang jasow...@redhat.com --- hw/virtio-net.c | 195 --- 1 files changed, 114 insertions(+), 81 deletions(-) diff --git a/hw/virtio-net.c b/hw/virtio-net.c index 2f49fd8..ef522d5 100644 --- a/hw/virtio-net.c +++ b/hw/virtio-net.c @@ -26,28 +26,33 @@ #define MAC_TABLE_ENTRIES64 #define MAX_VLAN(1 12) /* Per 802.1Q definition */ +typedef struct VirtIONetQueue { +VirtQueue *rx_vq; +VirtQueue *tx_vq; +QEMUTimer *tx_timer; +QEMUBH *tx_bh; +int tx_waiting; +struct { +VirtQueueElement elem; +ssize_t len; +} async_tx; +struct VirtIONet *n; +} VirtIONetQueue; + typedef struct VirtIONet { VirtIODevice vdev; uint8_t mac[ETH_ALEN]; uint16_t status; -VirtQueue *rx_vq; -VirtQueue *tx_vq; +VirtIONetQueue vq; VirtQueue *ctrl_vq; NICState *nic; -QEMUTimer *tx_timer; -QEMUBH *tx_bh; uint32_t tx_timeout; int32_t tx_burst; -int tx_waiting; uint32_t has_vnet_hdr; size_t host_hdr_len; size_t guest_hdr_len; uint8_t has_ufo; -struct { -VirtQueueElement elem; -ssize_t len; -} async_tx; int mergeable_rx_bufs; uint8_t promisc; uint8_t allmulti; @@ -67,6 +72,12 @@ typedef struct VirtIONet DeviceState *qdev; } VirtIONet; +static VirtIONetQueue *virtio_net_get_queue(NetClientState *nc) +{ +VirtIONet *n = qemu_get_nic_opaque(nc); + +return n-vq; +} /* TODO * - we could suppress RX interrupt if we were so inclined. */ @@ -134,6 +145,8 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t status) error_report(unable to start vhost net: %d: falling back on userspace virtio, -r); n-vhost_started = 0; +} else { +n-vhost_started = 1; } } else { vhost_net_stop(n-vdev, nc, 1, 1); @@ -144,25 +157,26 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t status) static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status) { VirtIONet *n = to_virtio_net(vdev); +VirtIONetQueue *q = n-vq; virtio_net_vhost_status(n, status); -if (!n-tx_waiting) { +if (!q-tx_waiting) { return; } if (virtio_net_started(n, status) !n-vhost_started) { -if (n-tx_timer) { -qemu_mod_timer(n-tx_timer, +if (q-tx_timer) { +qemu_mod_timer(q-tx_timer, qemu_get_clock_ns(vm_clock) + n-tx_timeout); } else { -qemu_bh_schedule(n-tx_bh); +qemu_bh_schedule(q-tx_bh); } } else { -if (n-tx_timer) { -qemu_del_timer(n-tx_timer); +if (q-tx_timer) { +qemu_del_timer(q-tx_timer); } else { -qemu_bh_cancel(n-tx_bh); +qemu_bh_cancel(q-tx_bh); } } } @@ -474,35 +488,40 @@ static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq) static int virtio_net_can_receive(NetClientState *nc) { VirtIONet *n = qemu_get_nic_opaque(nc); +VirtIONetQueue *q = virtio_net_get_queue(nc); + if (!n-vdev.vm_running) { return 0; } -if (!virtio_queue_ready(n-rx_vq) || -!(n-vdev.status VIRTIO_CONFIG_S_DRIVER_OK)) +if (!virtio_queue_ready(q-rx_vq) || +!(n-vdev.status VIRTIO_CONFIG_S_DRIVER_OK)) { return 0; +} return 1; } -static int virtio_net_has_buffers(VirtIONet *n, int bufsize) +static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize) { -if (virtio_queue_empty(n-rx_vq) || +VirtIONet *n = q-n; +if (virtio_queue_empty(q-rx_vq) || (n-mergeable_rx_bufs - !virtqueue_avail_bytes(n-rx_vq, bufsize, 0))) { -virtio_queue_set_notification(n-rx_vq, 1); + !virtqueue_avail_bytes(q-rx_vq, bufsize, 0))) { +virtio_queue_set_notification(q-rx_vq, 1); /* To avoid a race condition where the guest has made some buffers * available after the above check but before notification was * enabled, check for available buffers again. */ -if (virtio_queue_empty(n-rx_vq) || +if (virtio_queue_empty(q-rx_vq) || (n-mergeable_rx_bufs - !virtqueue_avail_bytes(n-rx_vq, bufsize, 0))) + !virtqueue_avail_bytes(q-rx_vq, bufsize, 0))) { return 0; +} } -virtio_queue_set_notification(n-rx_vq, 0); +virtio_queue_set_notification(q-rx_vq, 0); return 1; } @@ -605,6 +624,7 @@ static int receive_filter(VirtIONet *n, const uint8_t *buf, int size) static ssize_t virtio_net_receive(NetClientState *nc,
Re: [Qemu-devel] [PATCH v3 12/12] qom: remove object_delete
Am 25.01.2013 12:47, schrieb Paolo Bonzini: This is now unused. Signed-off-by: Paolo Bonzini pbonz...@redhat.com --- include/qom/object.h | 17 ++--- qom/object.c | 7 --- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/include/qom/object.h b/include/qom/object.h index 5e8e528..2ac35a5 100644 --- a/include/qom/object.h +++ b/include/qom/object.h @@ -553,9 +553,7 @@ struct InterfaceClass * object_new: * @typename: The name of the type of the object to instantiate. * - * This function will initialize a new object using heap allocated memory. This - * function should be paired with object_delete() to free the resources - * associated with the object. + * This function will initialize a new object using heap allocated memory. * * Returns: The newly allocated and instantiated object. */ [snip] Why not just update object_delete() - object_unref() within the documentation comment? At least somewhere we should prominently document how these functions are to be used together. Could be done in a follow-up of course. Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
[Qemu-devel] [PATCH V2 08/20] tap: import linux multiqueue constants
Import multiqueue constants from if_tun.h from 3.8-rc3. A new ifr flag IFF_MULTI_QUEUE were introduced to create a multiqueue backend by calling TUNSETIFF with the this flag and with the same interface name many times. A new ioctl TUNSETQUEUE were introduced. When doing this ioctl with IFF_DETACH_QUEUE, the queue were disabled in the linux kernel. When doing this ioctl with IFF_ATTACH_QUEUE, the queue were enabled in the linux kernel. Signed-off-by: Jason Wang jasow...@redhat.com --- net/tap-linux.h |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/net/tap-linux.h b/net/tap-linux.h index cb2a6d4..65087e1 100644 --- a/net/tap-linux.h +++ b/net/tap-linux.h @@ -29,6 +29,7 @@ #define TUNSETSNDBUF _IOW('T', 212, int) #define TUNGETVNETHDRSZ _IOR('T', 215, int) #define TUNSETVNETHDRSZ _IOW('T', 216, int) +#define TUNSETQUEUE _IOW('T', 217, int) #endif @@ -36,6 +37,9 @@ #define IFF_TAP0x0002 #define IFF_NO_PI 0x1000 #define IFF_VNET_HDR 0x4000 +#define IFF_MULTI_QUEUE 0x0100 +#define IFF_ATTACH_QUEUE 0x0200 +#define IFF_DETACH_QUEUE 0x0400 /* Features for GSO (TUNSETOFFLOAD). */ #define TUN_F_CSUM 0x01/* You can hand me unchecksummed packets. */ -- 1.7.1
[Qemu-devel] [PATCH V2 11/20] tap: support enabling or disabling a queue
This patch introduce a new bit - enabled in TAPState which tracks whether a specific queue/fd is enabled. The tap/fd is enabled during initialization and could be enabled/disabled by tap_enalbe() and tap_disable() which calls platform specific helpers to do the real work. Polling of a tap fd can only done when the tap was enabled. Signed-off-by: Jason Wang jasow...@redhat.com --- include/net/tap.h |2 ++ net/tap-win32.c | 10 ++ net/tap.c | 43 --- 3 files changed, 52 insertions(+), 3 deletions(-) diff --git a/include/net/tap.h b/include/net/tap.h index bb7efb5..0caf8c4 100644 --- a/include/net/tap.h +++ b/include/net/tap.h @@ -35,6 +35,8 @@ int tap_has_vnet_hdr_len(NetClientState *nc, int len); void tap_using_vnet_hdr(NetClientState *nc, int using_vnet_hdr); void tap_set_offload(NetClientState *nc, int csum, int tso4, int tso6, int ecn, int ufo); void tap_set_vnet_hdr_len(NetClientState *nc, int len); +int tap_enable(NetClientState *nc); +int tap_disable(NetClientState *nc); int tap_get_fd(NetClientState *nc); diff --git a/net/tap-win32.c b/net/tap-win32.c index 265369c..a2cd94b 100644 --- a/net/tap-win32.c +++ b/net/tap-win32.c @@ -764,3 +764,13 @@ void tap_set_vnet_hdr_len(NetClientState *nc, int len) { assert(0); } + +int tap_enable(NetClientState *nc) +{ +assert(0); +} + +int tap_disable(NetClientState *nc) +{ +assert(0); +} diff --git a/net/tap.c b/net/tap.c index 67080f1..95e557b 100644 --- a/net/tap.c +++ b/net/tap.c @@ -59,6 +59,7 @@ typedef struct TAPState { unsigned int write_poll : 1; unsigned int using_vnet_hdr : 1; unsigned int has_ufo: 1; +unsigned int enabled : 1; VHostNetState *vhost_net; unsigned host_vnet_hdr_len; } TAPState; @@ -72,9 +73,9 @@ static void tap_writable(void *opaque); static void tap_update_fd_handler(TAPState *s) { qemu_set_fd_handler2(s-fd, - s-read_poll ? tap_can_send : NULL, - s-read_poll ? tap_send : NULL, - s-write_poll ? tap_writable : NULL, + s-read_poll s-enabled ? tap_can_send : NULL, + s-read_poll s-enabled ? tap_send : NULL, + s-write_poll s-enabled ? tap_writable : NULL, s); } @@ -339,6 +340,7 @@ static TAPState *net_tap_fd_init(NetClientState *peer, s-host_vnet_hdr_len = vnet_hdr ? sizeof(struct virtio_net_hdr) : 0; s-using_vnet_hdr = 0; s-has_ufo = tap_probe_has_ufo(s-fd); +s-enabled = 1; tap_set_offload(s-nc, 0, 0, 0, 0, 0); /* * Make sure host header length is set correctly in tap: @@ -737,3 +739,38 @@ VHostNetState *tap_get_vhost_net(NetClientState *nc) assert(nc-info-type == NET_CLIENT_OPTIONS_KIND_TAP); return s-vhost_net; } + +int tap_enable(NetClientState *nc) +{ +TAPState *s = DO_UPCAST(TAPState, nc, nc); +int ret; + +if (s-enabled) { +return 0; +} else { +ret = tap_fd_enable(s-fd); +if (ret == 0) { +s-enabled = 1; +tap_update_fd_handler(s); +} +return ret; +} +} + +int tap_disable(NetClientState *nc) +{ +TAPState *s = DO_UPCAST(TAPState, nc, nc); +int ret; + +if (s-enabled == 0) { +return 0; +} else { +ret = tap_fd_disable(s-fd); +if (ret == 0) { +qemu_purge_queued_packets(nc); +s-enabled = 0; +tap_update_fd_handler(s); +} +return ret; +} +} -- 1.7.1
Re: [Qemu-devel] [PATCH v3 01/12] qdev: remove duplication between qbus_create and qbus_create_inplace
Am 25.01.2013 12:46, schrieb Paolo Bonzini: Move the common part to qbus_realize. Signed-off-by: Paolo Bonzini pbonz...@redhat.com Acked-by: Andreas Färber afaer...@suse.de Thanks, Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
[Qemu-devel] [PATCH v3 11/12] cpu: do not use object_delete
CPUs are never added to the composition tree, so delete is achieved simply by removing the last references to them. Signed-off-by: Paolo Bonzini pbonz...@redhat.com --- linux-user/syscall.c| 2 +- target-i386/helper.c| 4 ++-- target-ppc/translate_init.c | 2 +- target-sparc/cpu.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 693e66f..a148d9f 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -5202,7 +5202,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, NULL, NULL, 0); } thread_env = NULL; - object_delete(OBJECT(ENV_GET_CPU(cpu_env))); + object_unref(OBJECT(ENV_GET_CPU(cpu_env))); g_free(ts); pthread_exit(NULL); } diff --git a/target-i386/helper.c b/target-i386/helper.c index 547c25e..269549d 100644 --- a/target-i386/helper.c +++ b/target-i386/helper.c @@ -1276,14 +1276,14 @@ X86CPU *cpu_x86_init(const char *cpu_model) env-cpu_model_str = cpu_model; if (cpu_x86_register(cpu, cpu_model) 0) { -object_delete(OBJECT(cpu)); +object_unref(OBJECT(cpu)); return NULL; } x86_cpu_realize(OBJECT(cpu), error); if (error) { error_free(error); -object_delete(OBJECT(cpu)); +object_unref(OBJECT(cpu)); return NULL; } return cpu; diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c index 2d78529..ee51419 100644 --- a/target-ppc/translate_init.c +++ b/target-ppc/translate_init.c @@ -10346,7 +10346,7 @@ PowerPCCPU *cpu_ppc_init(const char *cpu_model) if (err != NULL) { fprintf(stderr, %s\n, error_get_pretty(err)); error_free(err); -object_delete(OBJECT(cpu)); +object_unref(OBJECT(cpu)); return NULL; } diff --git a/target-sparc/cpu.c b/target-sparc/cpu.c index f404aa8..4bc1afc 100644 --- a/target-sparc/cpu.c +++ b/target-sparc/cpu.c @@ -119,7 +119,7 @@ SPARCCPU *cpu_sparc_init(const char *cpu_model) } if (cpu_sparc_register(env, cpu_model) 0) { -object_delete(OBJECT(cpu)); +object_unref(OBJECT(cpu)); return NULL; } qemu_init_vcpu(env); -- 1.8.1
[Qemu-devel] [PATCH v3 01/12] qdev: remove duplication between qbus_create and qbus_create_inplace
Move the common part to qbus_realize. Signed-off-by: Paolo Bonzini pbonz...@redhat.com --- hw/qdev.c | 18 +++--- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/hw/qdev.c b/hw/qdev.c index 9761016..59dce62 100644 --- a/hw/qdev.c +++ b/hw/qdev.c @@ -390,14 +390,16 @@ DeviceState *qdev_find_recursive(BusState *bus, const char *id) return NULL; } -static void qbus_realize(BusState *bus) +static void qbus_realize(BusState *bus, DeviceState *parent, const char *name) { const char *typename = object_get_typename(OBJECT(bus)); char *buf; int i,len; -if (bus-name) { -/* use supplied name */ +bus-parent = parent; + +if (name) { +bus-name = g_strdup(name); } else if (bus-parent bus-parent-id) { /* parent device has id - use it for bus name */ len = strlen(bus-parent-id) + 16; @@ -430,10 +432,7 @@ void qbus_create_inplace(BusState *bus, const char *typename, DeviceState *parent, const char *name) { object_initialize(bus, typename); - -bus-parent = parent; -bus-name = name ? g_strdup(name) : NULL; -qbus_realize(bus); +qbus_realize(bus, parent, name); } BusState *qbus_create(const char *typename, DeviceState *parent, const char *name) @@ -441,10 +440,7 @@ BusState *qbus_create(const char *typename, DeviceState *parent, const char *nam BusState *bus; bus = BUS(object_new(typename)); - -bus-parent = parent; -bus-name = name ? g_strdup(name) : NULL; -qbus_realize(bus); +qbus_realize(bus, parent, name); return bus; } -- 1.8.1
Re: [Qemu-devel] [PATCH v3 02/12] pci: use qbus_create in pci_bus_new
Am 25.01.2013 12:46, schrieb Paolo Bonzini: Remove knowledge of QOM innards. The common part of pci_bus_new and pci_bus_new_inplace is moved to a new function pci_bus_init. Signed-off-by: Paolo Bonzini pbonz...@redhat.com --- hw/pci/pci.c | 21 +++-- 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 5fd1bcf..82b0ef8 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -274,13 +274,12 @@ int pci_find_domain(const PCIBus *bus) return -1; } -void pci_bus_new_inplace(PCIBus *bus, DeviceState *parent, +static void pci_bus_init(PCIBus *bus, DeviceState *parent, const char *name, MemoryRegion *address_space_mem, MemoryRegion *address_space_io, uint8_t devfn_min) { -qbus_create_inplace(bus-qbus, TYPE_PCI_BUS, parent, name); assert(PCI_FUNC(devfn_min) == 0); bus-devfn_min = devfn_min; bus-address_space_mem = address_space_mem; @@ -293,6 +292,17 @@ void pci_bus_new_inplace(PCIBus *bus, DeviceState *parent, vmstate_register(NULL, -1, vmstate_pcibus, bus); } +void pci_bus_new_inplace(PCIBus *bus, DeviceState *parent, + const char *name, + MemoryRegion *address_space_mem, + MemoryRegion *address_space_io, + uint8_t devfn_min) +{ +qbus_create_inplace(BUS(bus), TYPE_PCI_BUS, parent, name); This needs to be (BusState*) as-is. The object initialization is done inside qbus_create_inplace() after BUS(), resulting in an assertion. In a previous version I therefore suggested to change the argument type to void* to avoid such casts. Otherwise looking good. Regards, Andreas +pci_bus_init(bus, parent, name, address_space_mem, + address_space_io, devfn_min); +} + PCIBus *pci_bus_new(DeviceState *parent, const char *name, MemoryRegion *address_space_mem, MemoryRegion *address_space_io, @@ -300,10 +310,9 @@ PCIBus *pci_bus_new(DeviceState *parent, const char *name, { PCIBus *bus; -bus = g_malloc0(sizeof(*bus)); -pci_bus_new_inplace(bus, parent, name, address_space_mem, -address_space_io, devfn_min); -OBJECT(bus)-free = g_free; +bus = PCI_BUS(qbus_create(TYPE_PCI_BUS, parent, name)); +pci_bus_init(bus, parent, name, address_space_mem, + address_space_io, devfn_min); return bus; } -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
[Qemu-devel] [PATCH V2 06/20] net: introduce NetClientState destructor
To allow allocating an array of NetClientState and free it once, this patch introduces destructor of NetClientState. Which could do type specific free, which could be used by multiqueue to free the array once. Signed-off-by: Jason Wang jasow...@redhat.com --- include/net/net.h |2 ++ net/net.c | 17 + 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/include/net/net.h b/include/net/net.h index 995df5c..22adc99 100644 --- a/include/net/net.h +++ b/include/net/net.h @@ -35,6 +35,7 @@ typedef ssize_t (NetReceive)(NetClientState *, const uint8_t *, size_t); typedef ssize_t (NetReceiveIOV)(NetClientState *, const struct iovec *, int); typedef void (NetCleanup) (NetClientState *); typedef void (LinkStatusChanged)(NetClientState *); +typedef void (NetClientDestructor)(NetClientState *); typedef struct NetClientInfo { NetClientOptionsKind type; @@ -58,6 +59,7 @@ struct NetClientState { char *name; char info_str[256]; unsigned receive_disabled : 1; +NetClientDestructor *destructor; }; typedef struct NICState { diff --git a/net/net.c b/net/net.c index 4e84d54..6368896 100644 --- a/net/net.c +++ b/net/net.c @@ -182,11 +182,17 @@ static char *assign_name(NetClientState *nc1, const char *model) return g_strdup(buf); } +static void qemu_net_client_destructor(NetClientState *nc) +{ +g_free(nc); +} + static void qemu_net_client_setup(NetClientState *nc, NetClientInfo *info, NetClientState *peer, const char *model, - const char *name) + const char *name, + NetClientDestructor *destructor) { nc-info = info; nc-model = g_strdup(model); @@ -204,7 +210,7 @@ static void qemu_net_client_setup(NetClientState *nc, QTAILQ_INSERT_TAIL(net_clients, nc, next); nc-send_queue = qemu_new_net_queue(nc); - +nc-destructor = destructor; } NetClientState *qemu_new_net_client(NetClientInfo *info, @@ -217,7 +223,8 @@ NetClientState *qemu_new_net_client(NetClientInfo *info, assert(info-size = sizeof(NetClientState)); nc = g_malloc0(info-size); -qemu_net_client_setup(nc, info, peer, model, name); +qemu_net_client_setup(nc, info, peer, model, name, + qemu_net_client_destructor); return nc; } @@ -279,7 +286,9 @@ static void qemu_free_net_client(NetClientState *nc) } g_free(nc-name); g_free(nc-model); -g_free(nc); +if (nc-destructor) { +nc-destructor(nc); +} } void qemu_del_net_client(NetClientState *nc) -- 1.7.1
Re: [Qemu-devel] [PATCH v3 03/12] qom: preserve object while unparenting it
Am 25.01.2013 12:46, schrieb Paolo Bonzini: Avoid that the object disappears after it's deleted from the QOM composition tree, in case that was the only reference to it. Signed-off-by: Paolo Bonzini pbonz...@redhat.com Thought I had already added Acked-by: Andreas Färber afaer...@suse.de Andreas --- qom/object.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/qom/object.c b/qom/object.c index 03e6f24..1a123da 100644 --- a/qom/object.c +++ b/qom/object.c @@ -361,12 +361,14 @@ static void object_property_del_child(Object *obj, Object *child, Error **errp) void object_unparent(Object *obj) { +object_ref(obj); if (obj-parent) { object_property_del_child(obj-parent, obj, NULL); } if (obj-class-unparent) { (obj-class-unparent)(obj); } +object_unref(obj); } static void object_deinit(Object *obj, TypeImpl *type) -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg