Re: [Qemu-devel] [Qemu-ppc] [PATCH 4/5] target-ppc: Handle ibm, nmi-register RTAS call

[Aravinda Prasad]

On Monday 08 September 2014 02:17 AM, Alexander Graf wrote:
 
 
 On 25.08.14 15:45, Aravinda Prasad wrote:
 This patch adds FWNMI support in qemu for powerKVM
 guests by handling the ibm,nmi-register rtas call.
 Whenever OS issues ibm,nmi-register RTAS call, the
 machine check notification address is saved and the
 machine check interrupt vector 0x200 is patched to
 issue a private hcall.

 Signed-off-by: Aravinda Prasad aravi...@linux.vnet.ibm.com
 ---
  hw/ppc/spapr_rtas.c|   91 
 
  include/hw/ppc/spapr.h |8 
  2 files changed, 98 insertions(+), 1 deletion(-)

 diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
 index 02ddbf9..1135d2b 100644
 --- a/hw/ppc/spapr_rtas.c
 +++ b/hw/ppc/spapr_rtas.c
 @@ -277,6 +277,91 @@ static void rtas_ibm_set_system_parameter(PowerPCCPU 
 *cpu,
  rtas_st(rets, 0, ret);
  }
  
 +static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
 +  sPAPREnvironment *spapr,
 +  uint32_t token, uint32_t nargs,
 +  target_ulong args,
 +  uint32_t nret, target_ulong rets)
 +{
 +int i;
 +uint32_t branch_inst = 0x4802;
 +target_ulong guest_machine_check_addr;
 +PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 +/*
 + * Trampoline saves r3 in sprg2 and issues private hcall
 + * to request qemu to build error log. QEMU builds the
 + * error log, copies to rtas-blob and returns the address.
 + * The initial 16 bytes in rtas-blob consists of saved srr0
 + * and srr1 which we restore and pass on the actual error
 + * log address to OS handled mcachine check notification
 + * routine
 + */
 +uint32_t trampoline[] = {
 +0x7c7243a6,/* mtspr   SPRN_SPRG2,r3 */
 +0x3860,/* li  r3,0   */
 +/* 0xf004 is the KVMPPC_H_REPORT_ERR private HCALL */
 +0x6063f004,/* ori r3,r3,f004  */
 +/* Issue H_CALL */
 +0x4422,/*  sc  1 */
 +0x7c9243a6,/* mtspr r4 sprg2 */
 +0xe883,/* ld r4, 0(r3) */
 +0x7c9a03a6,/* mtspr r4, srr0 */
 +0xe8830008,/* ld r4, 8(r3) */
 +0x7c9b03a6,/* mtspr r4, srr1 */
 +0x38630010,/* addi r3,r3,16 */
 +0x7c9242a6,/* mfspr r4 sprg2 */
 +0x4802,/* Branch to address registered
 +* by OS. The branch address is
 +* patched below */
 +0x4800,/* b . */
 
 So how about we just completely change the layout of the RTAS blob?
 
 Imagine something like the following (completely untested):
 
 
 
 / index table /
 .long rtas_entry
 .long nmi_register
 .long nmi_register_final_branch
 .long nmi_data
 
 / RTAS handling code /
 .align 1024
 rtas_entry:
   ...
 nmi_register:
   ...
 nmi_register_final_branch:
   ba .
 
 / RTAS data regions /
 .align 4096
 nmi_data:
 .long 0
 .align 4096
 
 
 
 With this we should be able to have a nice hybrid between easily tunable
 asm code and an easy to load and handle blob.

Sorry, I was out of office hence could not respond.

Yes, even I prefer something like this.

BTB, did you intend to have this in spapr-rtas.S? The spapr-rtas.S is
compiled into a binary and is read into spapr-rtas_blob. If we want to
have rtas-blob layout something similar to above then we may need to
link the object file of spapr-rtas.S to QEMU so that the symbols in
index table and other places could be resolved inside QEMU.

If this is fine I will include it in v3.

Regards,
Aravinda

 
 
 Alex
 

-- 
Regards,
Aravinda

[Qemu-devel] [PATCH 0/2] guest-agent: make CPU's online/offline state persistent

[Igor Mammedov]

Make sure that VCPU online state managed with
 virsh setvcpus --guest 
is not lost on reboot.

Igor Mammedov (2):
  guest-agent: keep persistent state on persistent storage
  guest-agent: preserve online/offline state of VCPUs on guest reboot

 qga/main.c | 107 +++--
 1 file changed, 105 insertions(+), 2 deletions(-)

-- 
1.8.3.1

[Qemu-devel] [PATCH 2/2] guest-agent: preserve online/offline state of VCPUs on guest reboot

[Igor Mammedov]

Fixes issue when CPU was offlined via libvirt using command:
 virsh setvcpus --guest myguest NR_CPUS
but it became onlined again after guest was rebooted.

Fix issue by storing current state of CPUs online state
on persistent storage when GA is being stopped and restore
it when it's started at system boot time.

Signed-off-by: Igor Mammedov imamm...@redhat.com
---
 qga/main.c | 102 +
 1 file changed, 102 insertions(+)

diff --git a/qga/main.c b/qga/main.c
index 5afba01..1173ca9 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -32,6 +32,7 @@
 #include qapi/qmp/dispatch.h
 #include qga/channel.h
 #include qemu/bswap.h
+#include qga-qmp-commands.h
 #ifdef _WIN32
 #include qga/service-win32.h
 #include qga/vss-win32.h
@@ -57,6 +58,7 @@
 #define QGA_FSFREEZE_HOOK_DEFAULT CONFIG_QEMU_CONFDIR /fsfreeze-hook
 #endif
 #define QGA_SENTINEL_BYTE 0xFF
+#define QGA_CPU_STATE_GROUP CPU online states
 
 static struct {
 const char *state_dir;
@@ -66,6 +68,7 @@ static struct {
 typedef struct GAPersistentState {
 #define QGA_PSTATE_DEFAULT_FD_COUNTER 1000
 int64_t fd_counter;
+GuestLogicalProcessorList *vcpus;
 } GAPersistentState;
 
 struct GAState {
@@ -770,6 +773,40 @@ static void 
persistent_state_from_keyfile(GAPersistentState *pstate,
 pstate-fd_counter =
 g_key_file_get_integer(keyfile, global, fd_counter, NULL);
 }
+
+if (g_key_file_has_group(keyfile, QGA_CPU_STATE_GROUP)) {
+bool state;
+char **cpu_id_str;
+GuestLogicalProcessor *vcpu;
+GuestLogicalProcessorList *entry;
+GuestLogicalProcessorList *head, **link;
+char **cpus_list = g_key_file_get_keys(keyfile, QGA_CPU_STATE_GROUP,
+  NULL, NULL);
+
+head = NULL;
+link = head;
+for (cpu_id_str = cpus_list; *cpu_id_str; ++cpu_id_str) {
+state = g_key_file_get_boolean(keyfile, QGA_CPU_STATE_GROUP,
+   *cpu_id_str, NULL);
+
+vcpu = g_malloc0(sizeof *vcpu);
+vcpu-logical_id = g_ascii_strtoll(*cpu_id_str, NULL, 0);
+vcpu-online = state;
+vcpu-has_can_offline = true;
+
+entry = g_malloc0(sizeof *entry);
+entry-value = vcpu;
+
+*link = entry;
+link = entry-next;
+}
+pstate-vcpus = head;
+
+g_strfreev(cpus_list);
+}
+if (pstate-vcpus == NULL) {
+pstate-vcpus = qmp_guest_get_vcpus(NULL);
+}
 }
 
 static void persistent_state_to_keyfile(const GAPersistentState *pstate,
@@ -779,6 +816,27 @@ static void persistent_state_to_keyfile(const 
GAPersistentState *pstate,
 g_assert(keyfile);
 
 g_key_file_set_integer(keyfile, global, fd_counter, 
pstate-fd_counter);
+
+if (pstate-vcpus) {
+GuestLogicalProcessorList *vcpus = pstate-vcpus;
+
+while (vcpus != NULL) {
+char *logical_id;
+GuestLogicalProcessor *vcpu = vcpus-value;
+
+if (vcpu-can_offline == false) {
+vcpus = vcpus-next;
+continue;
+}
+
+logical_id = g_strdup_printf(% PRId64, vcpu-logical_id);
+g_key_file_set_boolean(keyfile, QGA_CPU_STATE_GROUP,
+   logical_id, vcpu-online);
+g_free(logical_id);
+
+vcpus = vcpus-next;
+}
+}
 }
 
 static gboolean write_persistent_state(const GAPersistentState *pstate,
@@ -820,6 +878,47 @@ out:
 return ret;
 }
 
+static void ga_clean_vcpu_pstate(GAPersistentState *pstate)
+{
+if (pstate-vcpus) {
+qapi_free_GuestLogicalProcessorList(pstate-vcpus);
+pstate-vcpus = NULL;
+}
+}
+
+static void ga_clean_pstate(GAPersistentState *pstate)
+{
+ga_clean_vcpu_pstate(pstate);
+}
+
+#if defined(__linux__)
+
+static void ga_update_vcpu_pstate(GAPersistentState *pstate, const char *path)
+{
+Error *local_err = NULL;
+
+ga_clean_vcpu_pstate(pstate);
+pstate-vcpus = qmp_guest_get_vcpus(local_err);
+
+if (local_err != NULL) {
+g_critical(%s, error_get_pretty(local_err));
+error_free(local_err);
+return;
+}
+
+if (!write_persistent_state(pstate, path)) {
+g_critical(failed to commit CPU persistent state to disk);
+}
+}
+
+#else
+
+static void ga_update_vcpu_pstate(GAPersistentState *pstate, const char *path)
+{
+}
+
+#endif
+
 static gboolean read_persistent_state(GAPersistentState *pstate,
   const gchar *path, gboolean frozen)
 {
@@ -878,6 +977,7 @@ static gboolean read_persistent_state(GAPersistentState 
*pstate,
 }
 
 persistent_state_from_keyfile(pstate, keyfile);
+qmp_guest_set_vcpus(pstate-vcpus, error_abort);
 
 out:
 if (keyfile) {
@@ -1185,6 +1285,8 @@ int main(int argc, char **argv)
 
 ga_command_state_cleanup_all(ga_state-command_state);
 

[Qemu-devel] [PATCH 1/2] guest-agent: keep persistent state on persistent storage

[Igor Mammedov]

GA was keepeing persistent state info in /var/run/qga.state
file. However it's lost after every reboot since /var/run
usually is located on tmpfs or cleaned on start-up.

Fix issue by keeping state file in /var/lib/qemu-ga/
directory, which is intended for keeping persistent
local state according to FHS.

Signed-off-by: Igor Mammedov imamm...@redhat.com
---
 qga/main.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/qga/main.c b/qga/main.c
index 227f2bd..5afba01 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -45,7 +45,8 @@
 
 #ifndef _WIN32
 #define QGA_VIRTIO_PATH_DEFAULT /dev/virtio-ports/org.qemu.guest_agent.0
-#define QGA_STATE_RELATIVE_DIR  run
+#define QGA_VOLATILE_STATE_RELATIVE_DIR  run
+#define QGA_STATE_RELATIVE_DIR  lib/qemu-ga
 #define QGA_SERIAL_PATH_DEFAULT /dev/ttyS0
 #else
 #define QGA_VIRTIO_PATH_DEFAULT .\\Global\\org.qemu.guest_agent.0
@@ -121,7 +122,7 @@ init_dfl_pathnames(void)
 dfl_pathnames.state_dir = qemu_get_local_state_pathname(
   QGA_STATE_RELATIVE_DIR);
 dfl_pathnames.pidfile   = qemu_get_local_state_pathname(
-  QGA_STATE_RELATIVE_DIR G_DIR_SEPARATOR_S qemu-ga.pid);
+  QGA_VOLATILE_STATE_RELATIVE_DIR G_DIR_SEPARATOR_S qemu-ga.pid);
 }
 
 static void quit_handler(int sig)
-- 
1.8.3.1

Re: [Qemu-devel] Fullscreen Bug with GTK

[Gerd Hoffmann]

  Hi,

 There is a bug where the GTK (SDL appears to be broken due to some sdl2
 incompatibility, as I understood) menu bar won't hide in fullscreen:

SDL-1 support is still there.

 https://bugs.launchpad.net/qemu/+bug/1294898
 
 A patch was provided by the initial reporter a long time ago.

Patch trades one bug for another.  Hiding the menu bar also kills the
accelerator keys, which is especially problematic for the fullscreen
hotkey as there is no way out of fullscreen mode then.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH 10/17] mm: rmap preparation for remap_anon_pages

[Dr. David Alan Gilbert]

* Linus Torvalds (torva...@linux-foundation.org) wrote:
 On Fri, Oct 3, 2014 at 10:08 AM, Andrea Arcangeli aarca...@redhat.com wrote:
 
  Overall this looks a fairly small change to the rmap code, notably
  less intrusive than the nonlinear vmas created by remap_file_pages.
 
 Considering that remap_file_pages() was an unmitigated disaster, and
 -mm has a patch to remove it entirely, I'm not at all convinced this
 is a good argument.
 
 We thought remap_file_pages() was a good idea, and it really really
 really wasn't. Almost nobody used it, why would the anonymous page
 case be any different?

I've posted code that uses this interface to qemu-devel and it works nicely;
so chalk up at least one user.

For the postcopy case I'm using it for, we need to place a page, atomically
  some thread might try and access it, and must either
 1) get caught by userfault etc or
 2) must succeed in it's access

and we'll have that happening somewhere between thousands and millions of times
to pages in no particular order, so we need to avoid creating millions of 
mappings.

Dave



 
 Linus
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [Bug 638955] Re: emulated netcards don't work with recent sunos kernel

[Stefan Hajnoczi]

On Sun, Oct 5, 2014 at 9:57 PM, dblade listm...@triad.rr.com wrote:
 I have this problem (as describe in OP) on a Solaris 11.2 install using
 the text iso.  Archlinux Qemu 2.1.0.  It appears that the above patch
 has been applied to qemu for some time now (its also in my version).

 Are there any new workarounds?

Hi,
It's been a long time since that fix was developed.

At this point it would be necessary to debug the problem from scratch.
I don't have time to work on this in the near future, sorry.

Maybe someone else wants to figure out what is wrong.

Stefan

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/638955

Title:
  emulated netcards don't work with recent sunos kernel

Status in QEMU:
  New

Bug description:
  hi there,

  i'm using qemu-kvm backend in version: # qemu-kvm -version
  QEMU PC emulator version 0.12.5 (qemu-kvm-0.12.5), Copyright (c) 2003-2008 
Fabrice Bellard

  and there are just *not working any of model=$type with combinations
  of recent sunos (solaris, openindiana, opensolaris, ..) ..

  you can download for testing purposes iso from here: http://dlc-
  origin.openindiana.org/isos/147/ or from here:
  http://genunix.org/distributions/indiana/  osol and oi are also
  bubuntu-like *live cds, so no need to bother with installing

  behaviour is as follows:
  e1000 - receiving doesn't work, transmitting works .. dladm (tool for handle 
ethers) shows that is all ok, correct mode is loaded up, it just seems like 
this driver works at 100% but ..

  rtl8169|pcnet - works in 10Mbit mode with several other issues like
  high cpu utilization and so .. dladm is unable to recognize options
  for this kind of -nic

  others - just don't work

  .. i experienced this issue several times in past .. woraround was,
  that rtl8169 worked so-so .. with recent sunos kernel it doesn't.

  it's easy to reproduce, this is why i'm not putting here more then
  launching script for my virtual machine:

  # cat openindiana.sh
  qemu-kvm -hda /home/kvm/openindiana/openindiana.img -m 2048 -localtime -cdrom 
/home/kvm/+images/oi-dev-147-x86.iso -boot d \
  -vga std -vnc :9 -k en-us -monitor 
unix:/home/kvm/openindiana/instance,server,nowait \
  -net nic,model=e1000,vlan=1 -net tap,ifname=oi0,script=no,vlan=1 

  sleep 2;
  ip l set oi0 up;
  ip a a 192.168.99.9/24 dev oi0;

  regards by daniel

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/638955/+subscriptions

Re: [Qemu-devel] [PATCH 1/3] libqos: Remove PCI assumptions in virtio driver

[Stefan Hajnoczi]

On Fri, Oct 03, 2014 at 01:53:13PM +0200, Marc Marí wrote:
 El Thu, 2 Oct 2014 13:02:25 +0100
 Stefan Hajnoczi stefa...@redhat.com escribió:
  On Thu, Sep 04, 2014 at 06:24:37PM +0200, Marc Marí wrote:
   @@ -60,25 +60,25 @@ static void
   qvirtio_pci_assign_device(QVirtioDevice *d, void *data) *vpcidev =
   (QVirtioPCIDevice *)d; }

   -static uint8_t qvirtio_pci_config_readb(QVirtioDevice *d, void
   *addr) +static uint8_t qvirtio_pci_config_readb(QVirtioDevice *d,
   uint64_t addr) {
QVirtioPCIDevice *dev = (QVirtioPCIDevice *)d;
   -return qpci_io_readb(dev-pdev, addr);
   +return qpci_io_readb(dev-pdev, (void *)addr);
  
  You do not need casts in C for void* to any pointer type or any
  pointer type to void*.  Please drop them.
 
 addr is of type uint64_t, not a pointer. So if there's no cast it will
 fail to compile (expected ‘void *’ but argument is of type ‘uint64_t’)

Hmm...on 32-bit hosts that causes an error:

a.c:7:17: warning: cast to pointer from integer of different size 
[-Wint-to-pointer-cast]
  printf(%p\n, (void*)u64);

You need to cast to uintptr_t first:

  (void*)(uintptr_t)addr

This assumes that PCI IO Space addresses are 32-bit when running 32-bit
hosts.  Not sure whether or not that's true, but at least for x86 it
works since the legacy PIO address space is 16-bit.

Stefan


pgpXV1y11jlrF.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH 0/2 V5] Virtual Machine Generation ID

[Daniel P. Berrange]

On Wed, Sep 17, 2014 at 02:39:50PM +0300, Gal Hammer wrote:
 Hi,
 
 A two parts patch to add a QEmu support for Microsoft's Virtual Machine
 Generation ID device.
 
 The first one add a new ACPI directive which allow to use a 16-bytes
 buffer in an ACPI table. This buffer is for storing the VM's UUID.
 
 The second is the ACPI tables changes and the actual device.
 
 Your comment are welcomed.

There are some rules on when the VM generation ID *must* change

 Virtual machine is paused or resumed: No
 Virtual machine reboots: No
 Virtual machine host reboots: No
 Virtual machine starts executing a snapshot (every time): Yes
 Virtual machine is recovered from backup: Yes
 Virtual machine is failed over in a disaster recovery environment: Yes
 Virtual machine is live migrated: No
 Virtual machine is imported, copied, or cloned: Yes
 Virtual machine is failed over in a clustered environment: No
 Virtual machine's configuration changes: Unspecified

Now this can largely be accomplished by libvirt by simply changing the
value of the -vmgenid command line parameter, because most of these
scenarios involve the spawning of a new QEMU process. The exception
I think is when a running guest is reverted to a previous snapshot,
because that is done via a monitor command and not restarting QEMU.
So for this VM Generation ID work to be considered complete we need
to have a way to dynamically change the VM generation ID on the fly,
atomatically with reverting snapshots from the POV of the guest.
eg we must load the snapshot state, change the generation ID, and
only then start CPUs again.

IOW I think this patch series is incomplete wrt the Microsoft spec
on generation ID semantics.

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] Fullscreen Bug with GTK

[Dr. David Alan Gilbert]

* Gerd Hoffmann (kra...@redhat.com) wrote:
   Hi,
 
  There is a bug where the GTK (SDL appears to be broken due to some sdl2
  incompatibility, as I understood) menu bar won't hide in fullscreen:
 
 SDL-1 support is still there.

Are you recommending building against SDL-1 even when SDL-2 is available?
(Does that lose you anything?)
(I've cc'd Cole in since Fedora's virt-preview is building it with 
SDL-2).

  https://bugs.launchpad.net/qemu/+bug/1294898
  
  A patch was provided by the initial reporter a long time ago.
 
 Patch trades one bug for another.  Hiding the menu bar also kills the
 accelerator keys, which is especially problematic for the fullscreen
 hotkey as there is no way out of fullscreen mode then.

Dave
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH 1/8] virtio-gpu/2d: add hardware spec include file

[Gerd Hoffmann]

  Hi,

   +VIRTIO_GPU_FORMAT_B5G5R5A1_UNORM  = 5,
   +VIRTIO_GPU_FORMAT_B5G6R5_UNORM= 7,
  
  Ok.  But for 2D we can just not support it, right?
 
 We can, I expect some pushback at some point, people still want to
 test with 16bpp for other areas, and it would be nice to know they
 can. But I don't really care about it personally. I just though we
 should provide at least a basic number of working bpps (8,16,32).

Lets try to get away with 32bpp only in 2d mode then.

bochsdrm likewise supports 32bpp only and I yet have to see a request
for 16bpp or even 8bpp support.

 I think we should probably move a few more formats from the 3D side
 into the 2D side, so we can have the guests just pick the LE format
 it requires
 
 http://cgit.freedesktop.org/mesa/mesa/tree/src/gallium/include/pipe/p_format.h#n354
 
 is what gallium currently does, and we could just provide XRGB, XBGR
 formats in both endianness
 and have the guest pick the one it wants to use.

   PIPE_FORMAT_R8G8B8A8_UNORM  = 67,
   PIPE_FORMAT_X8B8G8R8_UNORM  = 68,

   PIPE_FORMAT_A8B8G8R8_UNORM  = 121,
   PIPE_FORMAT_R8G8B8X8_UNORM  = 134,

With the last two ones being in a /* TODO: re-order these */ block.
How stable are these numbers?

 The 2D pixman code would need updating to provide 2D support for these
 formats as well.

Yep.  Mapping the 32bpp formats to pixmap formats is easy.

 I suspect I could add an endian cap for the 3D bits that I could pass
 through from guest to host.

I was thinking about using virtio feature bit.  Advantage is that the
guest will tell the host which features it'll use.

Initially this doesn't matter much as the host will support only one
endianness anyway. 

But in case we get the byteswapping work reasonable well some day and
the host supports both be and le virgl we'll know that way which
endianness the guest is using.

 How do you test guests with big endian? Isn't it really slow?

emulated pseries machine with fedora ppc64.  Yes, it is slow.  Building
a kernel with virtio-gpu driver takes a day or so.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v2 1/1] xen-hvm.c: Add support for Xen access to vmport

[Stefano Stabellini]

On Fri, 3 Oct 2014, Don Slutz wrote:
 On 10/03/14 12:23, Stefano Stabellini wrote:
  On Fri, 3 Oct 2014, Don Slutz wrote:
   On 10/03/14 05:52, Stefano Stabellini wrote:
On Thu, 2 Oct 2014, Don Slutz wrote:
 This adds synchronisation of the 6 vcpu registers (only 32bits of
 them) that vmport.c needs between Xen and QEMU.
 
 ...
}
-static void handle_ioreq(ioreq_t *req)
 +static void regs_to_cpu(XenIOState *state, vmware_ioreq_t
 *vmport_req)
 +{
 +X86CPU *cpu;
 +CPUX86State *env;
 +
 +if (!state-cpu_by_ioreq_id[0]) {
 +CPUState *cpu_state;
 +
 +CPU_FOREACH(cpu_state) {
 +state-cpu_by_ioreq_id[cpu_state-cpu_index] = cpu_state;
 +}
 +}
This is just the initialization, isn't it?
It would be best to move it to an initialization function then.

   A new initialization function would need to be added.  A new call to it
   would
   need
   to be added (not sure where the best place is).  Since the overhead here
   is
   small I went with the less intrusive change.
  I'd prefer the initialization function if it is possible.
  
  
  
 
 Ok, how does:
 
 
 @@ -1023,6 +1028,11 @@ static void xen_main_loop_prepare(XenIOState *state)
   state);
 
  if (evtchn_fd != -1) {
 +CPUState *cpu_state;
 +
 +CPU_FOREACH(cpu_state) {
 +state-cpu_by_ioreq_id[cpu_state-cpu_index] = cpu_state;
 +}
  qemu_set_fd_handler(evtchn_fd, cpu_handle_ioreq, NULL, state);
  }
  }
 
 Look?

It looks fine

Re: [Qemu-devel] [PATCH 1/2] guest-agent: keep persistent state on persistent storage

[Laszlo Ersek]

On 10/06/14 09:44, Igor Mammedov wrote:
 GA was keepeing persistent state info in /var/run/qga.state
 file. However it's lost after every reboot since /var/run
 usually is located on tmpfs or cleaned on start-up.
 
 Fix issue by keeping state file in /var/lib/qemu-ga/
 directory, which is intended for keeping persistent
 local state according to FHS.
 
 Signed-off-by: Igor Mammedov imamm...@redhat.com
 ---
  qga/main.c | 5 +++--
  1 file changed, 3 insertions(+), 2 deletions(-)
 
 diff --git a/qga/main.c b/qga/main.c
 index 227f2bd..5afba01 100644
 --- a/qga/main.c
 +++ b/qga/main.c
 @@ -45,7 +45,8 @@
  
  #ifndef _WIN32
  #define QGA_VIRTIO_PATH_DEFAULT /dev/virtio-ports/org.qemu.guest_agent.0
 -#define QGA_STATE_RELATIVE_DIR  run
 +#define QGA_VOLATILE_STATE_RELATIVE_DIR  run
 +#define QGA_STATE_RELATIVE_DIR  lib/qemu-ga
  #define QGA_SERIAL_PATH_DEFAULT /dev/ttyS0
  #else
  #define QGA_VIRTIO_PATH_DEFAULT .\\Global\\org.qemu.guest_agent.0
 @@ -121,7 +122,7 @@ init_dfl_pathnames(void)
  dfl_pathnames.state_dir = qemu_get_local_state_pathname(
QGA_STATE_RELATIVE_DIR);
  dfl_pathnames.pidfile   = qemu_get_local_state_pathname(
 -  QGA_STATE_RELATIVE_DIR G_DIR_SEPARATOR_S qemu-ga.pid);
 +  QGA_VOLATILE_STATE_RELATIVE_DIR G_DIR_SEPARATOR_S qemu-ga.pid);
  }
  
  static void quit_handler(int sig)
 

I think this patch is right, but perhaps another hunk should be added.

According to commit 39097daf, persistent state should indeed survive
guest reboots. This seems appropriate for at least fd_counter.

However we store qga.state.isfrozen too in the state directory
(state_filepath_isfrozen). According to commit f789aa7b, that file
should survive qemu-ga crashes and restarts, but I think it shouldn't
survive entire *guest* restarts. (When the guest reboots, its
filesystems certainly won't be frozen, and the qga.state.isfrozen will
be stale.)

What we have now is:
- state (including fd_counter and isfrozen status) is lost across guest
reboot. This is wrong for fd_counter, but right for isfrozen.

If you make the state persistent for real, then:
- fd_counter will work more safely, but isfrozen will (theoretically)
regress.

Hence I think that state_filepath_isfrozen should also use
QGA_VOLATILE_STATE_RELATIVE_DIR.

And that's a huge mess then, because:
- in Windows guests, we only have one state dir, and
  the state_filepath_isfrozen assignment is currently guest-type
  independent
- in Linux guests, we'd have two state dirs (non-volatile and
  volatile), but the user can control only one with the -t option.

I don't know what to recommend for this. Anyway I have some worries
about the 2nd patch, let me continue there.

Thanks
Laszlo

Re: [Qemu-devel] [PATCH v2 1/1] -machine vmport=off: Allow disabling of VMWare ioport emulation

[Richard W.M. Jones]

On Fri, Oct 03, 2014 at 05:33:37PM -0400, Don Slutz wrote:
 From: Dr. David Alan Gilbert dgilb...@redhat.com
 
 This is a pc  q35 only machine opt.
 
 VMWare apparently doesn't like running under QEMU due to our
 incomplete emulation of it's special IO Port.  This adds a
 pc  q35 property to allow it to be turned off.
 
 Signed-off-by: Dr. David Alan Gilbert dgilb...@redhat.com
 Signed-off-by: Don Slutz dsl...@verizon.com
 ---
  hw/i386/pc.c | 19 +++
  hw/i386/pc_piix.c|  4 ++--
  hw/i386/pc_q35.c |  3 ++-
  include/hw/i386/pc.h |  2 ++
  qemu-options.hx  |  3 +++
  vl.c |  4 
  6 files changed, 32 insertions(+), 3 deletions(-)
 
 diff --git a/hw/i386/pc.c b/hw/i386/pc.c
 index 82a7daa..8e37a99 100644
 --- a/hw/i386/pc.c
 +++ b/hw/i386/pc.c
 @@ -1687,6 +1687,20 @@ static void pc_machine_set_max_ram_below_4g(Object 
 *obj, Visitor *v,
  pcms-max_ram_below_4g = value;
  }
  
 +static bool pc_machine_get_vmport(Object *obj, Error **errp)
 +{
 +PCMachineState *pcms = PC_MACHINE(obj);
 +
 +return pcms-vmport;
 +}
 +
 +static void pc_machine_set_vmport(Object *obj, bool value, Error **errp)
 +{
 +PCMachineState *pcms = PC_MACHINE(obj);
 +
 +pcms-vmport = value;
 +}
 +
  static void pc_machine_initfn(Object *obj)
  {
  PCMachineState *pcms = PC_MACHINE(obj);
 @@ -1699,6 +1713,11 @@ static void pc_machine_initfn(Object *obj)
  pc_machine_get_max_ram_below_4g,
  pc_machine_set_max_ram_below_4g,
  NULL, NULL, NULL);
 +pcms-vmport = !xen_enabled();
 +object_property_add_bool(obj, PC_MACHINE_VMPORT,
 + pc_machine_get_vmport,
 + pc_machine_set_vmport,
 + NULL);
  }
  
  static void pc_machine_class_init(ObjectClass *oc, void *data)
 diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
 index 103d756..03a73ce 100644
 --- a/hw/i386/pc_piix.c
 +++ b/hw/i386/pc_piix.c
 @@ -234,8 +234,8 @@ static void pc_init1(MachineState *machine,
  pc_vga_init(isa_bus, pci_enabled ? pci_bus : NULL);
  
  /* init basic PC hardware */
 -pc_basic_device_init(isa_bus, gsi, rtc_state, floppy, xen_enabled(),
 -0x4);
 +pc_basic_device_init(isa_bus, gsi, rtc_state, floppy,
 + !pc_machine-vmport, 0x4);
  
  pc_nic_init(isa_bus, pci_bus);
  
 diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
 index d4a907c..c5ba93d 100644
 --- a/hw/i386/pc_q35.c
 +++ b/hw/i386/pc_q35.c
 @@ -241,7 +241,8 @@ static void pc_q35_init(MachineState *machine)
  pc_register_ferr_irq(gsi[13]);
  
  /* init basic PC hardware */
 -pc_basic_device_init(isa_bus, gsi, rtc_state, floppy, false, 0xff0104);
 +pc_basic_device_init(isa_bus, gsi, rtc_state, floppy,
 + !pc_machine-vmport, 0xff0104);
  
  /* connect pm stuff to lpc */
  ich9_lpc_pm_init(lpc);
 diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
 index 77316d5..96febb9 100644
 --- a/include/hw/i386/pc.h
 +++ b/include/hw/i386/pc.h
 @@ -35,11 +35,13 @@ struct PCMachineState {
  HotplugHandler *acpi_dev;
  
  uint64_t max_ram_below_4g;
 +bool vmport;
  };
  
  #define PC_MACHINE_ACPI_DEVICE_PROP acpi-device
  #define PC_MACHINE_MEMHP_REGION_SIZE hotplug-memory-region-size
  #define PC_MACHINE_MAX_RAM_BELOW_4G max-ram-below-4g
 +#define PC_MACHINE_VMPORT   vmport
  
  /**
   * PCMachineClass:
 diff --git a/qemu-options.hx b/qemu-options.hx
 index 365b56c..fe6b6e5 100644
 --- a/qemu-options.hx
 +++ b/qemu-options.hx
 @@ -33,6 +33,7 @@ DEF(machine, HAS_ARG, QEMU_OPTION_machine, \
  property accel=accel1[:accel2[:...]] selects 
 accelerator\n
  supported accelerators are kvm, xen, tcg (default: 
 tcg)\n
  kernel_irqchip=on|off controls accelerated irqchip 
 support\n
 +vmport=on|off controls emulation of vmport (default: 
 on)\n
  kvm_shadow_mem=size of KVM shadow MMU\n
  dump-guest-core=on|off include guest memory in a core 
 dump (default=on)\n
  mem-merge=on|off controls memory merge support 
 (default: on)\n
 @@ -51,6 +52,8 @@ than one accelerator specified, the next one is used if the 
 previous one fails
  to initialize.
  @item kernel_irqchip=on|off
  Enables in-kernel irqchip support for the chosen accelerator when available.
 +@item vmport=on|off
 +Enables emulation of VMWare IO port, for vmmouse etc. (enabled by default)
  @item kvm_shadow_mem=size
  Defines the size of the KVM shadow MMU.
  @item dump-guest-core=on|off
 diff --git a/vl.c b/vl.c
 index 9d2aaaf..26fa864 100644
 --- a/vl.c
 +++ b/vl.c
 @@ -389,6 +389,10 @@ static QemuOptsList qemu_machine_opts = {
  .name = PC_MACHINE_MAX_RAM_BELOW_4G,
  .type = QEMU_OPT_SIZE,
  .help = maximum ram below the 4G boundary (32bit 

Re: [Qemu-devel] [PATCH 10/11] block: let commit blockjob run in BDS AioContext

[Stefan Hajnoczi]

On Sat, Oct 04, 2014 at 11:28:22PM +0200, Max Reitz wrote:
 On 01.10.2014 19:01, Stefan Hajnoczi wrote:
 The commit block job must run in the BlockDriverState AioContext so that
 it works with dataplane.
 
 Acquire the AioContext in blockdev.c so starting the block job is safe.
 One detail here is that the bdrv_drain_all() must be moved inside the
 aio_context_acquire() region so requests cannot sneak in between the
 drain and acquire.
 
 Hm, I see the intent, but in patch 5 you said bdrv_drain_all() should never
 be called outside of the main loop (at least that's how it appeared to me).
 Wouldn't it be enough to use bdrv_drain() on the source BDS, like in patch
 9?

There is no contradiction here because qmp_block_commit() is invoked by
the QEMU monitor from the main loop.

The problem with bdrv_drain_all() is that it acquires AioContexts.  If
called outside the main loop without taking special care, it could
result in lock ordering problems (e.g. two threads trying to acquire all
AioContexts at the same time while already holding their respective
contexts).

qmp_block_commit() is just traditional QEMU global mutex code so it is
allowed to call bdrv_drain_all().

 @@ -140,27 +173,14 @@ wait:
   ret = 0;
 -if (!block_job_is_cancelled(s-common)  sector_num == end) {
 -/* success */
 -ret = bdrv_drop_intermediate(active, top, base, 
 s-backing_file_str);
 +out:
 +if (buf) {
 +qemu_vfree(buf);
   }
 
 Is this new condition really necessary? However, it won't hurt, so:

This was a mistake.  Since commit
94c8ff3a01d9bd1005f066a0ee3fe43c842a43b7 (w32: Make qemu_vfree() accept
NULL like the POSIX implementation) it is no longer necessary to check
for NULL pointers.

You can't teach an old dog new tricks :).

Thanks, will fix in the next revision!

 Reviewed-by: Max Reitz mre...@redhat.com
 
 A general question regarding the assertions here and in patch 8: I tried to
 break them, but it couldn't find a way. The way I tried was by creating two
 devices in different threads with just one qcow2 behind each of them, and
 then trying to attach on of those qcow2 BDS to the other as a backing file.
 I couldn't find out, how, but I guess this is something we might want to
 support in the future. Can we actually be sure that all of the BDS in one
 tree are always running in the same AIO context? Are we already enforcing
 this?

bdrv_set_aio_context() is recursive so it also sets all the child nodes.
That is the only mechanism to ensure AioContext is consistent across
nodes.

When the BDS graph is manipulated (e.g. attaching new roots, swapping
nodes, etc) we don't perform checks today.

Markus has asked that I add the appropriate assertions so errors are
caught early.  I haven't done that yet but it's a good next step.

As far as I'm aware, these patches don't introduce cases where we would
make the AioContext in the graph inconsistent.  So I see the AioContext
consistency assertions as a separate patch series (which I will work on
next...hopefully not to discover horrible problems!).

 And furthermore, basically all the calls to acquire an AIO context are of
 the form aio_context = bdrv_get_aio_context(bs);
 aio_context_acquire(aio_context);. It is *extremely* unlikely if possible
 at all, but wouldn't it be possible to change the BDS's AIO context from
 another thread after the first function returned and before the lock is
 acquired? If that is really the case, I think we should have some atomic
 bdrv_acquire_aio_context() function.

No, because only the main loop calls bdrv_set_aio_context().  At the
moment the case you mentioned cannot happen.

Ultimately, we should move away from this only works in the main loop
constraints.  In order to provide atomic BDS AioContext acquire we need
a global root that is thread-safe.  That doesn't exist today -
bdrv_states is protected by the QEMU global mutex only.

I thought about adding the infrastructure in this patch series but it is
not necessary yet and would make the series more complicated.

The idea is:

 * Add bdrv_states_lock to protect the global list of BlockDriverStates
 * Integrate bdrv_ref()/bdrv_unref() as well as bdrv_get_aio_context()
   so they are atomic and protected by the bdrv_states_lock

So bdrv_find() and other functions that access bdrv_states become the
entry points to acquiring BlockDriverStates in a thread-safe fashion.
bdrv_unref() will need rethinking too to prevent races between freeing a
BDS and bdrv_find().

Can you think of a place where we need this today?  I haven't found one
yet but would like one to develop the code against.

Stefan


pgpVoludAPiMl.pgp
Description: PGP signature

Re: [Qemu-devel] [Qemu-ppc] [PATCH 4/5] target-ppc: Handle ibm, nmi-register RTAS call

[Alexander Graf]

On 06.10.14 08:32, Aravinda Prasad wrote:
 
 
 On Monday 08 September 2014 02:17 AM, Alexander Graf wrote:


 On 25.08.14 15:45, Aravinda Prasad wrote:
 This patch adds FWNMI support in qemu for powerKVM
 guests by handling the ibm,nmi-register rtas call.
 Whenever OS issues ibm,nmi-register RTAS call, the
 machine check notification address is saved and the
 machine check interrupt vector 0x200 is patched to
 issue a private hcall.

 Signed-off-by: Aravinda Prasad aravi...@linux.vnet.ibm.com
 ---
  hw/ppc/spapr_rtas.c|   91 
 
  include/hw/ppc/spapr.h |8 
  2 files changed, 98 insertions(+), 1 deletion(-)

 diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
 index 02ddbf9..1135d2b 100644
 --- a/hw/ppc/spapr_rtas.c
 +++ b/hw/ppc/spapr_rtas.c
 @@ -277,6 +277,91 @@ static void rtas_ibm_set_system_parameter(PowerPCCPU 
 *cpu,
  rtas_st(rets, 0, ret);
  }
  
 +static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
 +  sPAPREnvironment *spapr,
 +  uint32_t token, uint32_t nargs,
 +  target_ulong args,
 +  uint32_t nret, target_ulong rets)
 +{
 +int i;
 +uint32_t branch_inst = 0x4802;
 +target_ulong guest_machine_check_addr;
 +PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 +/*
 + * Trampoline saves r3 in sprg2 and issues private hcall
 + * to request qemu to build error log. QEMU builds the
 + * error log, copies to rtas-blob and returns the address.
 + * The initial 16 bytes in rtas-blob consists of saved srr0
 + * and srr1 which we restore and pass on the actual error
 + * log address to OS handled mcachine check notification
 + * routine
 + */
 +uint32_t trampoline[] = {
 +0x7c7243a6,/* mtspr   SPRN_SPRG2,r3 */
 +0x3860,/* li  r3,0   */
 +/* 0xf004 is the KVMPPC_H_REPORT_ERR private HCALL */
 +0x6063f004,/* ori r3,r3,f004  */
 +/* Issue H_CALL */
 +0x4422,/*  sc  1 */
 +0x7c9243a6,/* mtspr r4 sprg2 */
 +0xe883,/* ld r4, 0(r3) */
 +0x7c9a03a6,/* mtspr r4, srr0 */
 +0xe8830008,/* ld r4, 8(r3) */
 +0x7c9b03a6,/* mtspr r4, srr1 */
 +0x38630010,/* addi r3,r3,16 */
 +0x7c9242a6,/* mfspr r4 sprg2 */
 +0x4802,/* Branch to address registered
 +* by OS. The branch address is
 +* patched below */
 +0x4800,/* b . */

 So how about we just completely change the layout of the RTAS blob?

 Imagine something like the following (completely untested):

 

 / index table /
 .long rtas_entry
 .long nmi_register
 .long nmi_register_final_branch
 .long nmi_data

 / RTAS handling code /
 .align 1024
 rtas_entry:
  ...
 nmi_register:
  ...
 nmi_register_final_branch:
  ba .

 / RTAS data regions /
 .align 4096
 nmi_data:
 .long 0
 .align 4096

 

 With this we should be able to have a nice hybrid between easily tunable
 asm code and an easy to load and handle blob.
 
 Sorry, I was out of office hence could not respond.
 
 Yes, even I prefer something like this.
 
 BTB, did you intend to have this in spapr-rtas.S? The spapr-rtas.S is
 compiled into a binary and is read into spapr-rtas_blob. If we want to
 have rtas-blob layout something similar to above then we may need to
 link the object file of spapr-rtas.S to QEMU so that the symbols in
 index table and other places could be resolved inside QEMU.
 
 If this is fine I will include it in v3.

You can't link against the object file with QEMU, since QEMU could be
executed on an x86 machine which can't compile the rtas blob.

In my proposal above, you would maintain a table of entry points at well
known locations in the binary blob (starting from 0 is probably the
easiest).


Alex

Re: [Qemu-devel] Fullscreen Bug with GTK

[Gerd Hoffmann]

On Mo, 2014-10-06 at 10:14 +0100, Dr. David Alan Gilbert wrote:
 * Gerd Hoffmann (kra...@redhat.com) wrote:
Hi,
  
   There is a bug where the GTK (SDL appears to be broken due to some sdl2
   incompatibility, as I understood) menu bar won't hide in fullscreen:
  
  SDL-1 support is still there.
 
 Are you recommending building against SDL-1 even when SDL-2 is available?
 (Does that lose you anything?)

There are some rough edges still, I havn't flipped the default to SDL-2
yet in upstream qemu because of that.

So unless you depend on something new only provided by SDL2 (such as
multi-window support) your best bet is building with SDL1 instead.
Unfortunately we can't build both and switch at runtime.

Patches are accepted too ;)

cheers,
  Gerd

Re: [Qemu-devel] [PATCH 2/2] guest-agent: preserve online/offline state of VCPUs on guest reboot

[Laszlo Ersek]

On 10/06/14 09:44, Igor Mammedov wrote:
 Fixes issue when CPU was offlined via libvirt using command:
  virsh setvcpus --guest myguest NR_CPUS
 but it became onlined again after guest was rebooted.
 
 Fix issue by storing current state of CPUs online state
 on persistent storage when GA is being stopped and restore
 it when it's started at system boot time.
 
 Signed-off-by: Igor Mammedov imamm...@redhat.com
 ---
  qga/main.c | 102 
 +
  1 file changed, 102 insertions(+)
 
 diff --git a/qga/main.c b/qga/main.c
 index 5afba01..1173ca9 100644
 --- a/qga/main.c
 +++ b/qga/main.c
 @@ -32,6 +32,7 @@
  #include qapi/qmp/dispatch.h
  #include qga/channel.h
  #include qemu/bswap.h
 +#include qga-qmp-commands.h
  #ifdef _WIN32
  #include qga/service-win32.h
  #include qga/vss-win32.h
 @@ -57,6 +58,7 @@
  #define QGA_FSFREEZE_HOOK_DEFAULT CONFIG_QEMU_CONFDIR /fsfreeze-hook
  #endif
  #define QGA_SENTINEL_BYTE 0xFF
 +#define QGA_CPU_STATE_GROUP CPU online states
  
  static struct {
  const char *state_dir;
 @@ -66,6 +68,7 @@ static struct {
  typedef struct GAPersistentState {
  #define QGA_PSTATE_DEFAULT_FD_COUNTER 1000
  int64_t fd_counter;
 +GuestLogicalProcessorList *vcpus;
  } GAPersistentState;
  
  struct GAState {
 @@ -770,6 +773,40 @@ static void 
 persistent_state_from_keyfile(GAPersistentState *pstate,
  pstate-fd_counter =
  g_key_file_get_integer(keyfile, global, fd_counter, NULL);
  }
 +
 +if (g_key_file_has_group(keyfile, QGA_CPU_STATE_GROUP)) {
 +bool state;
 +char **cpu_id_str;
 +GuestLogicalProcessor *vcpu;
 +GuestLogicalProcessorList *entry;
 +GuestLogicalProcessorList *head, **link;
 +char **cpus_list = g_key_file_get_keys(keyfile, QGA_CPU_STATE_GROUP,
 +  NULL, NULL);
 +
 +head = NULL;
 +link = head;
 +for (cpu_id_str = cpus_list; *cpu_id_str; ++cpu_id_str) {
 +state = g_key_file_get_boolean(keyfile, QGA_CPU_STATE_GROUP,
 +   *cpu_id_str, NULL);
 +
 +vcpu = g_malloc0(sizeof *vcpu);
 +vcpu-logical_id = g_ascii_strtoll(*cpu_id_str, NULL, 0);
 +vcpu-online = state;
 +vcpu-has_can_offline = true;
 +
 +entry = g_malloc0(sizeof *entry);
 +entry-value = vcpu;
 +
 +*link = entry;
 +link = entry-next;
 +}
 +pstate-vcpus = head;
 +
 +g_strfreev(cpus_list);
 +}
 +if (pstate-vcpus == NULL) {
 +pstate-vcpus = qmp_guest_get_vcpus(NULL);
 +}
  }
  
  static void persistent_state_to_keyfile(const GAPersistentState *pstate,
 @@ -779,6 +816,27 @@ static void persistent_state_to_keyfile(const 
 GAPersistentState *pstate,
  g_assert(keyfile);
  
  g_key_file_set_integer(keyfile, global, fd_counter, 
 pstate-fd_counter);
 +
 +if (pstate-vcpus) {
 +GuestLogicalProcessorList *vcpus = pstate-vcpus;
 +
 +while (vcpus != NULL) {
 +char *logical_id;
 +GuestLogicalProcessor *vcpu = vcpus-value;
 +
 +if (vcpu-can_offline == false) {
 +vcpus = vcpus-next;
 +continue;
 +}
 +
 +logical_id = g_strdup_printf(% PRId64, vcpu-logical_id);
 +g_key_file_set_boolean(keyfile, QGA_CPU_STATE_GROUP,
 +   logical_id, vcpu-online);
 +g_free(logical_id);
 +
 +vcpus = vcpus-next;
 +}
 +}
  }
  
  static gboolean write_persistent_state(const GAPersistentState *pstate,
 @@ -820,6 +878,47 @@ out:
  return ret;
  }
  
 +static void ga_clean_vcpu_pstate(GAPersistentState *pstate)
 +{
 +if (pstate-vcpus) {
 +qapi_free_GuestLogicalProcessorList(pstate-vcpus);
 +pstate-vcpus = NULL;
 +}
 +}
 +
 +static void ga_clean_pstate(GAPersistentState *pstate)
 +{
 +ga_clean_vcpu_pstate(pstate);
 +}
 +
 +#if defined(__linux__)
 +
 +static void ga_update_vcpu_pstate(GAPersistentState *pstate, const char 
 *path)
 +{
 +Error *local_err = NULL;
 +
 +ga_clean_vcpu_pstate(pstate);
 +pstate-vcpus = qmp_guest_get_vcpus(local_err);
 +
 +if (local_err != NULL) {
 +g_critical(%s, error_get_pretty(local_err));
 +error_free(local_err);
 +return;
 +}
 +
 +if (!write_persistent_state(pstate, path)) {
 +g_critical(failed to commit CPU persistent state to disk);
 +}
 +}
 +
 +#else
 +
 +static void ga_update_vcpu_pstate(GAPersistentState *pstate, const char 
 *path)
 +{
 +}
 +
 +#endif
 +
  static gboolean read_persistent_state(GAPersistentState *pstate,
const gchar *path, gboolean frozen)
  {
 @@ -878,6 +977,7 @@ static gboolean read_persistent_state(GAPersistentState 
 *pstate,
  }
  
  persistent_state_from_keyfile(pstate, keyfile);
 +

Re: [Qemu-devel] [PATCH v2 0/1] -machine vmport=off: Allow disabling of VMWare ioport emulation

[Dr. David Alan Gilbert]

* Don Slutz (dsl...@verizon.com) wrote:
 Changes v1 to v2 (Don Slutz):
   make vmport a pc  q35 only machine opt I.E. a machine property.
 
 Dr. David Alan Gilbert (1):
   -machine vmport=off: Allow disabling of VMWare ioport emulation

Thanks for updating this!

Dave

 
  hw/i386/pc.c | 19 +++
  hw/i386/pc_piix.c|  4 ++--
  hw/i386/pc_q35.c |  3 ++-
  include/hw/i386/pc.h |  2 ++
  qemu-options.hx  |  3 +++
  vl.c |  4 
  6 files changed, 32 insertions(+), 3 deletions(-)
 
 -- 
 1.8.4
 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [RFC PATCH] block/migration: Disable cache invalidate for incoming migration

[Stefan Hajnoczi]

On Fri, Oct 03, 2014 at 02:12:06PM +1000, Alexey Kardashevskiy wrote:
 BDRV_O_INCOMING is only set when QEMU is about to receive migration and
 we do not want QEMU to check the file at opening time as there is likely
 garbage. Is there any other use of BDRV_O_INCOMING? There must be some as
 bdrv_clear_incoming_migration_all() is called at the end of live
 migration and I believe there must be a reason for it (cache does not
 migrate, does it?).

BDRV_O_INCOMING is just for live migration.  The cached data is not
migrated, this is why it must be refreshed upon migration handover.

 bdrv_invalidate_cache() flushes cache as it could be already initialized
 even if QEMU is receiving migration - QEMU could have cached some of real
 disk data. Is that correct? I do not really understand why it would
 happen if there is BDRV_O_INCOMING set but ok.

.bdrv_open() can load metadata from image files (such as the qcow2 L1
tables) and it does this even when BDRV_O_INCOMING is set.  That data
needs to be re-read at migration handover to prevent the destination
QEMU from running with stale image metadata.

 diff --git a/nbd.c b/nbd.c
 index e9b539b..953c378 100644
 - --- a/nbd.c
 +++ b/nbd.c
 @@ -972,6 +972,7 @@ NBDExport *nbd_export_new(BlockDriverState *bs, off_t
 dev_offset,
  exp-ctx = bdrv_get_aio_context(bs);
  bdrv_ref(bs);
  bdrv_add_aio_context_notifier(bs, bs_aio_attached, bs_aio_detach, exp);
 +bdrv_invalidate_cache(bs, NULL);
  return exp;
  }

Please add a comment to explain why this call is necessary:

/* NBD exports are used for non-shared storage migration.  Make sure
 * that BDRV_O_INCOMING is cleared and the image is ready for write
 * access since the export could be available before migration handover.
 */

If someone can come up with a 2- or 3-line comment that explains it
better, great.

The rest of the patch looks like it will work.  I'm not thrilled about
putting BDRV_O_INCOMING logical inside bdrv_invalidate_cache() because
there was no coupling there before, but the code seems correct now.


pgpmK5p8VuhKd.pgp
Description: PGP signature

Re: [Qemu-devel] Fullscreen Bug with GTK

[Cedric Sodhi]

  https://bugs.launchpad.net/qemu/+bug/1294898
 
  A patch was provided by the initial reporter a long time ago.
 
 Patch trades one bug for another. Hiding the menu bar also kills the
 accelerator keys, which is especially problematic for the fullscreen
 hotkey as there is no way out of fullscreen mode then.

How do you come to that conclusion? The reporter explicitly mentioned that 
removing the Menu disables the Accels and therefore he has provided a patch 
which attaches the Accels to the Window instead (which, in fact, is how it 
should be done).

[Qemu-devel] [Bug 1294898] Re: gtk: menubar visible in fullscreen mode with gtk3

[ManDay]

For what it's worth, Gerd replied on the list that

 Patch trades one bug for another. Hiding the menu bar also kills the
 accelerator keys, which is especially problematic for the fullscreen
 hotkey as there is no way out of fullscreen mode then.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1294898

Title:
  gtk: menubar visible in fullscreen mode with gtk3

Status in QEMU:
  New

Bug description:
  Using the gtk UI, compiled with gtk3, the menu bar is fully visible in
  full screen mode. On gtk2 it's hidden. The set_size_request call isn't
  abided on gtk3 it seems.

  Simple fix is:

  diff --git a/ui/gtk.c b/ui/gtk.c
  index 66e886f..7b3bd3d 100644
  --- a/ui/gtk.c
  +++ b/ui/gtk.c
  @@ -805,7 +805,7 @@ static void gd_menu_full_screen(GtkMenuItem *item, void 
*opaque)
   
   if (!s-full_screen) {
   gtk_notebook_set_show_tabs(GTK_NOTEBOOK(s-notebook), FALSE);
  -gtk_widget_set_size_request(s-menu_bar, 0, 0);
  +gtk_widget_hide(s-menu_bar);
   gtk_widget_set_size_request(s-drawing_area, -1, -1);
   gtk_window_fullscreen(GTK_WINDOW(s-window));
   if (gd_on_vga(s)) {
  @@ -815,7 +815,7 @@ static void gd_menu_full_screen(GtkMenuItem *item, void 
*opaque)
   } else {
   gtk_window_unfullscreen(GTK_WINDOW(s-window));
   gd_menu_show_tabs(GTK_MENU_ITEM(s-show_tabs_item), s);
  -gtk_widget_set_size_request(s-menu_bar, -1, -1);
  +gtk_widget_show(s-menu_bar);
   gtk_widget_set_size_request(s-drawing_area,
   surface_width(s-ds),
   surface_height(s-ds));

  
  The problem with that is that hiding the menu bar means all its associated 
accelerators are no longer usable, so there's way to exit fullscreen mode. 
That's kind of a problem :)

  We can install the accelerators on the window, but make sure the menu
  item still shows the accelerator short cut. Example with the
  fullscreen accelerator:

  diff --git a/ui/gtk.c b/ui/gtk.c
  index 66e886f..fbce2b0 100644
  --- a/ui/gtk.c
  +++ b/ui/gtk.c
  @@ -799,7 +799,7 @@ static void gd_menu_show_tabs(GtkMenuItem *item, void 
*opaque)
   }
   }
   
  -static void gd_menu_full_screen(GtkMenuItem *item, void *opaque)
  +static void gd_do_full_screen(void *opaque)
   {
   GtkDisplayState *s = opaque;
   
  @@ -828,6 +828,11 @@ static void gd_menu_full_screen(GtkMenuItem *item, void 
*opaque)
   gd_update_cursor(s, FALSE);
   }
   
  +static void gd_menu_full_screen(GtkMenuItem *item, void *opaque)
  +{
  +gd_do_full_screen(opaque);
  +}
  +
   static void gd_menu_zoom_in(GtkMenuItem *item, void *opaque)
   {
   GtkDisplayState *s = opaque;
  @@ -1304,10 +1309,11 @@ static GtkWidget *gd_create_menu_view(GtkDisplayState 
*s, GtkAccelGroup *accel_g
   gtk_menu_set_accel_group(GTK_MENU(view_menu), accel_group);
   
   s-full_screen_item = gtk_menu_item_new_with_mnemonic(_(_Fullscreen));
  -gtk_menu_item_set_accel_path(GTK_MENU_ITEM(s-full_screen_item),
  - QEMU/View/Full Screen);
  -gtk_accel_map_add_entry(QEMU/View/Full Screen, GDK_KEY_f,
  -HOTKEY_MODIFIERS);
  +gtk_accel_group_connect(accel_group, GDK_KEY_f, HOTKEY_MODIFIERS, 0,
  + g_cclosure_new_swap(G_CALLBACK(gd_do_full_screen), s, NULL));
  +gtk_accel_label_set_accel(
  +GTK_ACCEL_LABEL(gtk_bin_get_child(GTK_BIN(s-full_screen_item))),
  +GDK_KEY_f, HOTKEY_MODIFIERS);
   gtk_menu_shell_append(GTK_MENU_SHELL(view_menu), s-full_screen_item);
   
   separator = gtk_separator_menu_item_new();

  
  However gtk_accel_label_set_accel, which shows the accel key sequence in the 
menu, is gtk 3.8+ :/ So older versions wouldn't have any visual indication of 
the shortcuts. Maybe that's not a problem, SDL didn't have any indication of 
shortcuts either.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1294898/+subscriptions

Re: [Qemu-devel] Fullscreen Bug with GTK

[Gerd Hoffmann]

On Mo, 2014-10-06 at 12:14 +0200, Cedric Sodhi wrote:
   https://bugs.launchpad.net/qemu/+bug/1294898
  
   A patch was provided by the initial reporter a long time ago.
  
  Patch trades one bug for another. Hiding the menu bar also kills the
  accelerator keys, which is especially problematic for the fullscreen
  hotkey as there is no way out of fullscreen mode then.
 
 How do you come to that conclusion?

I've tried to fix that before, without success.

 The reporter explicitly mentioned that removing the Menu disables the
 Accels and therefore he has provided a patch which attaches the Accels
 to the Window instead (which, in fact, is how it should be done).

Oh, missed that detail.  /me recommends submitting the patches to
qemu-devel then (and cc me so I don't miss them).

cheers,
  Gerd

Re: [Qemu-devel] [Qemu-ppc] [PATCH 4/5] target-ppc: Handle ibm, nmi-register RTAS call

[Aravinda Prasad]

On Monday 06 October 2014 03:10 PM, Alexander Graf wrote:
 
 
 On 06.10.14 08:32, Aravinda Prasad wrote:


 On Monday 08 September 2014 02:17 AM, Alexander Graf wrote:


 On 25.08.14 15:45, Aravinda Prasad wrote:
 This patch adds FWNMI support in qemu for powerKVM
 guests by handling the ibm,nmi-register rtas call.
 Whenever OS issues ibm,nmi-register RTAS call, the
 machine check notification address is saved and the
 machine check interrupt vector 0x200 is patched to
 issue a private hcall.

 Signed-off-by: Aravinda Prasad aravi...@linux.vnet.ibm.com
 ---
  hw/ppc/spapr_rtas.c|   91 
 
  include/hw/ppc/spapr.h |8 
  2 files changed, 98 insertions(+), 1 deletion(-)

 diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
 index 02ddbf9..1135d2b 100644
 --- a/hw/ppc/spapr_rtas.c
 +++ b/hw/ppc/spapr_rtas.c
 @@ -277,6 +277,91 @@ static void rtas_ibm_set_system_parameter(PowerPCCPU 
 *cpu,
  rtas_st(rets, 0, ret);
  }
  
 +static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
 +  sPAPREnvironment *spapr,
 +  uint32_t token, uint32_t nargs,
 +  target_ulong args,
 +  uint32_t nret, target_ulong rets)
 +{
 +int i;
 +uint32_t branch_inst = 0x4802;
 +target_ulong guest_machine_check_addr;
 +PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 +/*
 + * Trampoline saves r3 in sprg2 and issues private hcall
 + * to request qemu to build error log. QEMU builds the
 + * error log, copies to rtas-blob and returns the address.
 + * The initial 16 bytes in rtas-blob consists of saved srr0
 + * and srr1 which we restore and pass on the actual error
 + * log address to OS handled mcachine check notification
 + * routine
 + */
 +uint32_t trampoline[] = {
 +0x7c7243a6,/* mtspr   SPRN_SPRG2,r3 */
 +0x3860,/* li  r3,0   */
 +/* 0xf004 is the KVMPPC_H_REPORT_ERR private HCALL */
 +0x6063f004,/* ori r3,r3,f004  */
 +/* Issue H_CALL */
 +0x4422,/*  sc  1 */
 +0x7c9243a6,/* mtspr r4 sprg2 */
 +0xe883,/* ld r4, 0(r3) */
 +0x7c9a03a6,/* mtspr r4, srr0 */
 +0xe8830008,/* ld r4, 8(r3) */
 +0x7c9b03a6,/* mtspr r4, srr1 */
 +0x38630010,/* addi r3,r3,16 */
 +0x7c9242a6,/* mfspr r4 sprg2 */
 +0x4802,/* Branch to address registered
 +* by OS. The branch address is
 +* patched below */
 +0x4800,/* b . */

 So how about we just completely change the layout of the RTAS blob?

 Imagine something like the following (completely untested):

 

 / index table /
 .long rtas_entry
 .long nmi_register
 .long nmi_register_final_branch
 .long nmi_data

 / RTAS handling code /
 .align 1024
 rtas_entry:
 ...
 nmi_register:
 ...
 nmi_register_final_branch:
 ba .

 / RTAS data regions /
 .align 4096
 nmi_data:
 .long 0
 .align 4096

 

 With this we should be able to have a nice hybrid between easily tunable
 asm code and an easy to load and handle blob.

 Sorry, I was out of office hence could not respond.

 Yes, even I prefer something like this.

 BTB, did you intend to have this in spapr-rtas.S? The spapr-rtas.S is
 compiled into a binary and is read into spapr-rtas_blob. If we want to
 have rtas-blob layout something similar to above then we may need to
 link the object file of spapr-rtas.S to QEMU so that the symbols in
 index table and other places could be resolved inside QEMU.

 If this is fine I will include it in v3.
 
 You can't link against the object file with QEMU, since QEMU could be
 executed on an x86 machine which can't compile the rtas blob.
 
 In my proposal above, you would maintain a table of entry points at well
 known locations in the binary blob (starting from 0 is probably the
 easiest).

ok. I will include it in v3 of my patch.

 
 
 Alex
 

-- 
Regards,
Aravinda

Re: [Qemu-devel] Fullscreen Bug with GTK

[Peter Maydell]

On 6 October 2014 11:28, Gerd Hoffmann kra...@redhat.com wrote:
 On Mo, 2014-10-06 at 12:14 +0200, Cedric Sodhi wrote:
 The reporter explicitly mentioned that removing the Menu disables the
 Accels and therefore he has provided a patch which attaches the Accels
 to the Window instead (which, in fact, is how it should be done).

 Oh, missed that detail.  /me recommends submitting the patches to
 qemu-devel then (and cc me so I don't miss them).

...with the appropriate signed-off-by lines, which are
missing from the patch in the bug.

thanks
-- PMM

[Qemu-devel] [PATCH v3 0/2] monitor: add peripheral device del completion support

[Zhu Guihua]

After inputting device_del command in monitor, we expect to list all
hotpluggable devices automatically by pressing tab key. This patchset provides
the function to list all peripheral devices such as memory devices.

v3:
- commit message changes (Igor)
- rename function in patch 1 (Igor)
- use 'hotpluggable' property to discard non-hotpluggable devices (Igor)

v2:
- use object_child_foreach() to simplify the implementation (Andreas)


Zhu Guihua (2):
  qdev: add qdev_build_hotpluggable_device_list helper
  monitor: add del completion for peripheral device

 hw/core/qdev.c | 14 ++
 include/hw/qdev-core.h |  2 ++
 monitor.c  | 24 
 3 files changed, 40 insertions(+)

-- 
1.9.3

[Qemu-devel] [PATCH v3 1/2] qdev: add qdev_build_hotpluggable_device_list helper

[Zhu Guihua]

For peripheral device del completion, add a function to build a list for
hotpluggable devices.

Signed-off-by: Zhu Guihua zhugh.f...@cn.fujitsu.com
---
 hw/core/qdev.c | 14 ++
 include/hw/qdev-core.h |  2 ++
 2 files changed, 16 insertions(+)

diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index fcb1638..5f4b2b9 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -801,6 +801,20 @@ void qdev_alias_all_properties(DeviceState *target, Object 
*source)
 } while (class != object_class_by_name(TYPE_DEVICE));
 }
 
+int qdev_build_hotpluggable_device_list(Object *obj, void *opaque)
+{
+GSList **list = opaque;
+DeviceState *dev = DEVICE(obj);
+DeviceClass *dc = DEVICE_GET_CLASS(dev);
+
+if (dev-realized  dc-hotpluggable) {
+*list = g_slist_append(*list, dev);
+}
+
+object_child_foreach(obj, qdev_build_hotpluggable_device_list, opaque);
+return 0;
+}
+
 static bool device_get_realized(Object *obj, Error **errp)
 {
 DeviceState *dev = DEVICE(obj);
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index 178fee2..aa76fdc 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -361,6 +361,8 @@ extern int qdev_hotplug;
 
 char *qdev_get_dev_path(DeviceState *dev);
 
+int qdev_build_hotpluggable_device_list(Object *obj, void *opaque);
+
 static inline void qbus_set_hotplug_handler(BusState *bus, DeviceState 
*handler,
 Error **errp)
 {
-- 
1.9.3

[Qemu-devel] [PATCH v3 2/2] monitor: add del completion for peripheral device

[Zhu Guihua]

Add peripheral_device_del_completion() to let peripheral device del completion
be possible.

Signed-off-by: Zhu Guihua zhugh.f...@cn.fujitsu.com
---
 monitor.c | 24 
 1 file changed, 24 insertions(+)

diff --git a/monitor.c b/monitor.c
index 667efb7..ffe5405 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4351,6 +4351,29 @@ static void device_del_bus_completion(ReadLineState *rs, 
 BusState *bus,
 }
 }
 
+static void peripheral_device_del_completion(ReadLineState *rs,
+ const char *str, size_t len)
+{
+Object *peripheral;
+GSList *list = NULL, *item;
+
+peripheral = object_resolve_path(/machine/peripheral/, NULL);
+
+if (peripheral == NULL) {
+return;
+}
+
+object_child_foreach(peripheral, qdev_build_hotpluggable_device_list,
+ list);
+
+for (item = list; item; item = g_slist_next(item)) {
+DeviceState *dev = item-data;
+if (!strncmp(str, dev-id, len)) {
+readline_add_completion(rs, dev-id);
+}
+}
+}
+
 void chardev_remove_completion(ReadLineState *rs, int nb_args, const char *str)
 {
 size_t len;
@@ -4424,6 +4447,7 @@ void device_del_completion(ReadLineState *rs, int 
nb_args, const char *str)
 len = strlen(str);
 readline_set_completion_index(rs, len);
 device_del_bus_completion(rs, sysbus_get_default(), str, len);
+peripheral_device_del_completion(rs, str, len);
 }
 
 void object_del_completion(ReadLineState *rs, int nb_args, const char *str)
-- 
1.9.3

Re: [Qemu-devel] [PULL 00/23] Block patches

[Peter Maydell]

On 4 October 2014 21:24, Stefan Hajnoczi stefa...@redhat.com wrote:
 The following changes since commit b00a0ddb31a393b8386d30a9bef4d9bbb249e7ec:

   Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-20141002-1' 
 into staging (2014-10-02 15:01:48 +0100)

 are available in the git repository at:


   git://github.com/stefanha/qemu.git tags/block-pull-request

 for you to fetch changes up to 767c86d3e752dfc68ff5d018c3b0b63b71b2:

   blockdev-test: Test device_del after drive_del (2014-10-04 19:28:39 +0100)

 

Applied, thanks.

-- PMM

Re: [Qemu-devel] Fullscreen Bug with GTK

[Cedric Sodhi]

Sorry but whom do you expect to sign them off? I'm not a dev.
 
 
On 6 October 2014 11:28, Gerd Hoffmann kra...@redhat.com wrote:
 On Mo, 2014-10-06 at 12:14 +0200, Cedric Sodhi wrote:
 The reporter explicitly mentioned that removing the Menu disables the
 Accels and therefore he has provided a patch which attaches the Accels
 to the Window instead (which, in fact, is how it should be done).

 Oh, missed that detail. /me recommends submitting the patches to
 qemu-devel then (and cc me so I don't miss them).

...with the appropriate signed-off-by lines, which are
missing from the patch in the bug.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 0/2 V5] Virtual Machine Generation ID

[Paolo Bonzini]

Il 06/10/2014 11:06, Daniel P. Berrange ha scritto:
 Now this can largely be accomplished by libvirt by simply changing the
 value of the -vmgenid command line parameter, because most of these
 scenarios involve the spawning of a new QEMU process. The exception
 I think is when a running guest is reverted to a previous snapshot,
 because that is done via a monitor command and not restarting QEMU.
 So for this VM Generation ID work to be considered complete we need
 to have a way to dynamically change the VM generation ID on the fly,
 atomatically with reverting snapshots from the POV of the guest.
 eg we must load the snapshot state, change the generation ID, and
 only then start CPUs again.
 
 IOW I think this patch series is incomplete wrt the Microsoft spec
 on generation ID semantics.

I think this should not be a problem, as long as there is an idea of how
to implement on-the-fly changes to the vmgenid.

Gal, do you know how to find back the address of the VM generation ID?
Can we put the offset into the DSDT in the migration stream, and then
find the ACPI tables in the f-segment at post_load time?

Paolo

Re: [Qemu-devel] [PATCH 0/6] pc: bring ACPI table size below to 2.0 levels, try fixing -initrd for good

[Paolo Bonzini]

Il 02/10/2014 15:49, Michael S. Tsirkin ha scritto:
 The issue is that incoming migration might have a different
 fw_cfg size from what we have.

 Understood now.

 I think migrating this value will solve the issue in a cleaner way.

 Perhaps.  The question is whether it would complicate the
 forwards-migration code beyond what is sane.  I think we are practically
 speaking stuck with RAM.
 
 Migrating RAM size is actually useful too, I think someone asked for it.

Migrating RAM size was discussed for BIOS and option ROMs, in order to
support migration from old versions of QEMU.  It was floated around for
some time, but ultimately we ended up shipping two copies of affected
firmware (128k/256k BIOS, and non-EFI/EFI option ROMs).

For BIOS it wouldn't be enough, because the BIOS size affects the memory
map.  Of course ACPI tables aren't mapped anywhere, but I'd be wary of
adding code to migration that is half-broken and almost never used.

Also, RAM blocks that have different size would be yet another thing
that makes machine types almost compatible with the QEMU version
they're supposed to represent.  In a scenario similar to John's, with
mutable RAM sizes, would have likely broken all machine types, because
we would not have bothered doing full backwards-compatibility.

I'm not an advocate of backwards bug-compatibility, but I think RAM
block sizes are way beyond the line of what we should be allowed to
modify between machine types.

Paolo

Re: [Qemu-devel] [PATCH 0/6] pc: bring ACPI table size below to 2.0 levels, try fixing -initrd for good

[Paolo Bonzini]

Il 06/10/2014 15:52, Michael S. Tsirkin ha scritto:
 Maybe we should just modify ACPI and rom files in general to use
 something else, not RAM?
 It looked like a good fit initially so we went ahead with it,
 but these things are fairly small, so it's not a problem to
 migrate them as part of the device state.

Yes, that would have been a good design too, but I'm not sure it's worth
changing it now.  So far, it has certainly helped us; it both revealed
bugs (though a bit too late) and kept us honest.

These patches would be easy to revert from now till 2.2 release, they're
just an incremental improvement on top of 2.1.2.

I'll post a v2 that includes the linuxboot changes to look at the memory
map, and keep the 160k padding for the sake of old linuxboot option ROMs
being migrated to 2.2.

Paolo

Re: [Qemu-devel] [PATCH 0/6] pc: bring ACPI table size below to 2.0 levels, try fixing -initrd for good

[Michael S. Tsirkin]

On Mon, Oct 06, 2014 at 03:42:01PM +0200, Paolo Bonzini wrote:
 Il 02/10/2014 15:49, Michael S. Tsirkin ha scritto:
  The issue is that incoming migration might have a different
  fw_cfg size from what we have.
 
  Understood now.
 
  I think migrating this value will solve the issue in a cleaner way.
 
  Perhaps.  The question is whether it would complicate the
  forwards-migration code beyond what is sane.  I think we are practically
  speaking stuck with RAM.
  
  Migrating RAM size is actually useful too, I think someone asked for it.
 
 Migrating RAM size was discussed for BIOS and option ROMs, in order to
 support migration from old versions of QEMU.  It was floated around for
 some time, but ultimately we ended up shipping two copies of affected
 firmware (128k/256k BIOS, and non-EFI/EFI option ROMs).
 
 For BIOS it wouldn't be enough, because the BIOS size affects the memory
 map.  Of course ACPI tables aren't mapped anywhere, but I'd be wary of
 adding code to migration that is half-broken and almost never used.
 
 Also, RAM blocks that have different size would be yet another thing
 that makes machine types almost compatible with the QEMU version
 they're supposed to represent.  In a scenario similar to John's, with
 mutable RAM sizes, would have likely broken all machine types, because
 we would not have bothered doing full backwards-compatibility.
 
 I'm not an advocate of backwards bug-compatibility, but I think RAM
 block sizes are way beyond the line of what we should be allowed to
 modify between machine types.
 
 Paolo

Maybe we should just modify ACPI and rom files in general to use
something else, not RAM?
It looked like a good fit initially so we went ahead with it,
but these things are fairly small, so it's not a problem to
migrate them as part of the device state.

-- 
MST

Re: [Qemu-devel] [PATCH 0/6] pc: bring ACPI table size below to 2.0 levels, try fixing -initrd for good

[Michael S. Tsirkin]

On Mon, Oct 06, 2014 at 03:55:49PM +0200, Paolo Bonzini wrote:
 Il 06/10/2014 15:52, Michael S. Tsirkin ha scritto:
  Maybe we should just modify ACPI and rom files in general to use
  something else, not RAM?
  It looked like a good fit initially so we went ahead with it,
  but these things are fairly small, so it's not a problem to
  migrate them as part of the device state.
 
 Yes, that would have been a good design too, but I'm not sure it's worth
 changing it now.  So far, it has certainly helped us; it both revealed
 bugs (though a bit too late) and kept us honest.

Bugs that surface too late is exactly what worries me.
I'll try to look at how hard to implement the above change is.

 These patches would be easy to revert from now till 2.2 release, they're
 just an incremental improvement on top of 2.1.2.
 
 I'll post a v2 that includes the linuxboot changes to look at the memory
 map,

Pls keep linuxboot things a separate patchset.

 and keep the 160k padding for the sake of old linuxboot option ROMs
 being migrated to 2.2.
 
 Paolo

I think we can drop this for 2.2 machine type.
We can also drop the fw cfg file for new machine types.

-- 
MST

Re: [Qemu-devel] [PATCH 04/17] mm: gup: make get_user_pages_fast and __get_user_pages_fast latency conscious

[Andrea Arcangeli]

Hello,

On Fri, Oct 03, 2014 at 11:23:53AM -0700, Linus Torvalds wrote:
 On Fri, Oct 3, 2014 at 10:07 AM, Andrea Arcangeli aarca...@redhat.com wrote:
  This teaches gup_fast and __gup_fast to re-enable irqs and
  cond_resched() if possible every BATCH_PAGES.
 
 This is disgusting.
 
 Many (most?) __gup_fast() users just want a single page, and the
 stupid overhead of the multi-page version is already unnecessary.
 This just makes things much worse.
 
 Quite frankly, we should make a single-page version of __gup_fast(),
 and convert existign users to use that. After that, the few multi-page
 users could have this extra latency control stuff.

Ok. I didn't think at a better way to add the latency control other
than to reduce nr_pages in a outer loop instead of altering the inner
calls, but this is what I got after implementing it... If somebody has
a cleaner way to implement the latency control stuff that's welcome
and I'd be glad to replace it.

 And yes, the single-page version of get_user_pages_fast() is actually
 latency-critical. shared futexes hit it hard, and yes, I've seen this
 in profiles.

KVM would save a few cycles from a single-page version too. I just
thought further optimizations could be added later and this was better
than nothing.

Considering I've no better idea how to implement the latency control
stuff, for now I'll just drop this controversial patch, and I'll
convert those get_user_pages to gup_unlocked instead of converting
them to gup_fast, which is more than enough to obtain the mmap_sem
holding scalability improvement (that also solves the mmap_sem trouble
for the userfaultfd). gup_unlocked isn't as good as gup_fast but it's
at least better than the current get_user_pages().

I got into this gup_fast latency control stuff purely because there
were a few get_user_pages that could have been converted to
get_user_pages_fast as they were using current and current-mm as the
first two parameters, except for the risk of disabling irq for
long. So I tried to do the right thing and fix gup_fast but I'll leave
this further optimization queued for later.

About the missing commit header for the other patch Paolo already
replied to it, to clarify this a bit further in short I expect that
FOLL_TRIED flag to be merged through the KVM git tree which already
contains it. I'll add a comment to the commit header to specify
it. Sorry for the confusion about that patch.

Thanks,
Andrea

[Qemu-devel] [PATCH] aio / timers: De-document -clock

[Markus Armbruster]

Commit 6d32717 aio / timers: Remove alarm timers has issues:

1. It silently ignores -clock for backward compatibility.
Incompatible change: -clock help no longer terminates the program.
Tolerable.

2. Failed to update option documentation.  In particular, -help still
advises users to try -clock help for available timers.  Drop all
documentation on -clock.

3. The 'query-alarm-clock' example in docs/writing-commands.txt no
longer works, and needs to be redone.  Can't do that right now, so I
just stick in a FIXME.

Signed-off-by: Markus Armbruster arm...@redhat.com
---
 docs/writing-qmp-commands.txt |  2 ++
 qemu-options.hx   | 12 ++--
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/docs/writing-qmp-commands.txt b/docs/writing-qmp-commands.txt
index 4d86c24..f3df206 100644
--- a/docs/writing-qmp-commands.txt
+++ b/docs/writing-qmp-commands.txt
@@ -365,6 +365,8 @@ documentation for information about the other types.
 
 === User Defined Types ===
 
+FIXME This example needs to be redone after commit 6d32717
+
 For this example we will write the query-alarm-clock command, which returns
 information about QEMU's timer alarm. For more information about it, please
 check the -clock command-line option.
diff --git a/qemu-options.hx b/qemu-options.hx
index 365b56c..778d0de 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2983,16 +2983,8 @@ Load the contents of @var{file} as an option ROM.
 This option is useful to load things like EtherBoot.
 ETEXI
 
-DEF(clock, HAS_ARG, QEMU_OPTION_clock, \
--clock  force the use of the given methods for timer alarm.\n \
-To see what timers are available use '-clock help'\n,
-QEMU_ARCH_ALL)
-STEXI
-@item -clock @var{method}
-@findex -clock
-Force the use of the given methods for timer alarm. To see what timers
-are available use @code{-clock help}.
-ETEXI
+HXCOMM Silently ignored for compatibility
+DEF(clock, HAS_ARG, QEMU_OPTION_clock, , QEMU_ARCH_ALL)
 
 HXCOMM Options deprecated by -rtc
 DEF(localtime, 0, QEMU_OPTION_localtime, , QEMU_ARCH_ALL)
-- 
1.9.3

[Qemu-devel] [PATCH] block/curl: Improve type safety of s-timeout.

[Richard W.M. Jones]

qemu_opt_get_number returns a uint64_t, and curl_easy_setopt expects a
long (not an int).

Store the timeout (which is a positive number of seconds) as a
uint64_t.  Check that the number given by the user is reasonable.
Cast it to long before calling curl_easy_setopt.

Example error message after this change has been applied:

$ ./qemu-img create -f qcow2 /tmp/test.qcow2 \
-b 'json: { file.driver:https,
file.url:https://foo/bar;,
file.timeout:-1 }'
qemu-img: /tmp/test.qcow2: Could not open 'json: { file.driver:https, 
file.url:https://foo/bar;, file.timeout:-1 }': timeout parameter is too 
large or negative: Invalid argument

Signed-off-by: Richard W.M. Jones rjo...@redhat.com
---
 block/curl.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/block/curl.c b/block/curl.c
index 225407c..5233ff6 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -112,7 +112,7 @@ typedef struct BDRVCURLState {
 char *url;
 size_t readahead_size;
 bool sslverify;
-int timeout;
+uint64_t timeout;
 char *cookie;
 bool accept_range;
 AioContext *aio_context;
@@ -390,7 +390,7 @@ static CURLState *curl_init_state(BlockDriverState *bs, 
BDRVCURLState *s)
 if (s-cookie) {
 curl_easy_setopt(state-curl, CURLOPT_COOKIE, s-cookie);
 }
-curl_easy_setopt(state-curl, CURLOPT_TIMEOUT, s-timeout);
+curl_easy_setopt(state-curl, CURLOPT_TIMEOUT, (long)s-timeout);
 curl_easy_setopt(state-curl, CURLOPT_WRITEFUNCTION,
  (void *)curl_read_cb);
 curl_easy_setopt(state-curl, CURLOPT_WRITEDATA, (void *)state);
@@ -546,6 +546,10 @@ static int curl_open(BlockDriverState *bs, QDict *options, 
int flags,
 
 s-timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
  CURL_TIMEOUT_DEFAULT);
+if (s-timeout  10) {
+error_setg(errp, timeout parameter is too large or negative);
+goto out_noclean;
+}
 
 s-sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
 
-- 
2.0.4

[Qemu-devel] [PULL 5/5] translate-all.c: memory walker initial address miscalculation

[riku . voipio]

From: Mikhail Ilyin m.i...@samsung.com

The initial base address is miscalculated in walk_memory_regions().
It has to be shifted TARGET_PAGE_BITS more. Holder variables are
extended to target_ulong size otherwise they don't fit for MIPS N32
(a 32-bit ABI with a 64-bit address space) and qemu won't compile.
The issue led to incorrect debug output of memory maps and a
mis-formed coredumped file.

Signed-off-by: Mikhail Ilyin m.i...@samsung.com
Signed-off-by: Riku Voipio riku.voi...@linaro.org
---
 include/exec/cpu-all.h |  4 ++--
 linux-user/elfload.c   | 18 +-
 translate-all.c| 33 -
 3 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index f9d132f..c085804 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -232,8 +232,8 @@ extern uintptr_t qemu_host_page_mask;
 #if defined(CONFIG_USER_ONLY)
 void page_dump(FILE *f);
 
-typedef int (*walk_memory_regions_fn)(void *, abi_ulong,
-  abi_ulong, unsigned long);
+typedef int (*walk_memory_regions_fn)(void *, target_ulong,
+  target_ulong, unsigned long);
 int walk_memory_regions(void *, walk_memory_regions_fn);
 
 int page_get_flags(target_ulong address);
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index bea803b..1c04fcf 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2355,9 +2355,9 @@ struct elf_note_info {
 };
 
 struct vm_area_struct {
-abi_ulong   vma_start;  /* start vaddr of memory region */
-abi_ulong   vma_end;/* end vaddr of memory region */
-abi_ulong   vma_flags;  /* protection etc. flags for the region */
+target_ulong   vma_start;  /* start vaddr of memory region */
+target_ulong   vma_end;/* end vaddr of memory region */
+abi_ulong  vma_flags;  /* protection etc. flags for the region */
 QTAILQ_ENTRY(vm_area_struct) vma_link;
 };
 
@@ -2368,13 +2368,13 @@ struct mm_struct {
 
 static struct mm_struct *vma_init(void);
 static void vma_delete(struct mm_struct *);
-static int vma_add_mapping(struct mm_struct *, abi_ulong,
-   abi_ulong, abi_ulong);
+static int vma_add_mapping(struct mm_struct *, target_ulong,
+   target_ulong, abi_ulong);
 static int vma_get_mapping_count(const struct mm_struct *);
 static struct vm_area_struct *vma_first(const struct mm_struct *);
 static struct vm_area_struct *vma_next(struct vm_area_struct *);
 static abi_ulong vma_dump_size(const struct vm_area_struct *);
-static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
+static int vma_walker(void *priv, target_ulong start, target_ulong end,
   unsigned long flags);
 
 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
@@ -2466,8 +2466,8 @@ static void vma_delete(struct mm_struct *mm)
 g_free(mm);
 }
 
-static int vma_add_mapping(struct mm_struct *mm, abi_ulong start,
-   abi_ulong end, abi_ulong flags)
+static int vma_add_mapping(struct mm_struct *mm, target_ulong start,
+   target_ulong end, abi_ulong flags)
 {
 struct vm_area_struct *vma;
 
@@ -2535,7 +2535,7 @@ static abi_ulong vma_dump_size(const struct 
vm_area_struct *vma)
 return (vma-vma_end - vma-vma_start);
 }
 
-static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
+static int vma_walker(void *priv, target_ulong start, target_ulong end,
   unsigned long flags)
 {
 struct mm_struct *mm = (struct mm_struct *)priv;
diff --git a/translate-all.c b/translate-all.c
index 2e0265a..ba5c840 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1660,30 +1660,30 @@ void cpu_interrupt(CPUState *cpu, int mask)
 struct walk_memory_regions_data {
 walk_memory_regions_fn fn;
 void *priv;
-uintptr_t start;
+target_ulong start;
 int prot;
 };
 
 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
-   abi_ulong end, int new_prot)
+   target_ulong end, int new_prot)
 {
-if (data-start != -1ul) {
+if (data-start != -1u) {
 int rc = data-fn(data-priv, data-start, end, data-prot);
 if (rc != 0) {
 return rc;
 }
 }
 
-data-start = (new_prot ? end : -1ul);
+data-start = (new_prot ? end : -1u);
 data-prot = new_prot;
 
 return 0;
 }
 
 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
- abi_ulong base, int level, void **lp)
+ target_ulong base, int level, void **lp)
 {
-abi_ulong pa;
+target_ulong pa;
 int i, rc;
 
 if (*lp == NULL) {
@@ -1708,7 +1708,7 @@ static int walk_memory_regions_1(struct 
walk_memory_regions_data *data,
 void **pp = *lp;
 
 for (i = 0; i  V_L2_SIZE; ++i) {
-

[Qemu-devel] [PULL 3/5] linux-user: Simplify timerid checks on g_posix_timers range

[riku . voipio]

From: Alexander Graf ag...@suse.de

We check whether the passed in timer id is negative on all calls
that involve g_posix_timers.

However, these checks are bogus. First off we limit the timer_id to
16 bits which is not what Linux does. Then we check whether it's negative
which it can't be because we masked it.

We can safely remove the masking. For the negativity check we can just
treat the timerid as unsigned and only check for upper boundaries.

Signed-off-by: Alexander Graf ag...@suse.de
Signed-off-by: Riku Voipio riku.voi...@linaro.org
---
 linux-user/syscall.c | 30 +-
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index dcb9df9..7087a56 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9615,11 +9615,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 {
 /* args: timer_t timerid, int flags, const struct itimerspec 
*new_value,
  * struct itimerspec * old_value */
-arg1 = 0x;
-if (arg3 == 0 || arg1  0 || arg1 = ARRAY_SIZE(g_posix_timers)) {
+target_ulong timerid = arg1;
+
+if (arg3 == 0 || timerid = ARRAY_SIZE(g_posix_timers)) {
 ret = -TARGET_EINVAL;
 } else {
-timer_t htimer = g_posix_timers[arg1];
+timer_t htimer = g_posix_timers[timerid];
 struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
 
 target_to_host_itimerspec(hspec_new, arg3);
@@ -9635,13 +9636,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 case TARGET_NR_timer_gettime:
 {
 /* args: timer_t timerid, struct itimerspec *curr_value */
-arg1 = 0x;
+target_ulong timerid = arg1;
+
 if (!arg2) {
 return -TARGET_EFAULT;
-} else if (arg1  0 || arg1 = ARRAY_SIZE(g_posix_timers)) {
+} else if (timerid = ARRAY_SIZE(g_posix_timers)) {
 ret = -TARGET_EINVAL;
 } else {
-timer_t htimer = g_posix_timers[arg1];
+timer_t htimer = g_posix_timers[timerid];
 struct itimerspec hspec;
 ret = get_errno(timer_gettime(htimer, hspec));
 
@@ -9657,11 +9659,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 case TARGET_NR_timer_getoverrun:
 {
 /* args: timer_t timerid */
-arg1 = 0x;
-if (arg1  0 || arg1 = ARRAY_SIZE(g_posix_timers)) {
+target_ulong timerid = arg1;
+
+if (timerid = ARRAY_SIZE(g_posix_timers)) {
 ret = -TARGET_EINVAL;
 } else {
-timer_t htimer = g_posix_timers[arg1];
+timer_t htimer = g_posix_timers[timerid];
 ret = get_errno(timer_getoverrun(htimer));
 }
 break;
@@ -9672,13 +9675,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 case TARGET_NR_timer_delete:
 {
 /* args: timer_t timerid */
-arg1 = 0x;
-if (arg1  0 || arg1 = ARRAY_SIZE(g_posix_timers)) {
+target_ulong timerid = arg1;
+
+if (timerid = ARRAY_SIZE(g_posix_timers)) {
 ret = -TARGET_EINVAL;
 } else {
-timer_t htimer = g_posix_timers[arg1];
+timer_t htimer = g_posix_timers[timerid];
 ret = get_errno(timer_delete(htimer));
-g_posix_timers[arg1] = 0;
+g_posix_timers[timerid] = 0;
 }
 break;
 }
-- 
2.0.1

[Qemu-devel] [PULL 4/5] linux-user: don't include timerfd if not needed

[riku . voipio]

From: Riku Voipio riku.voi...@linaro.org

Without this, builds on older systems fail with:

qemu/linux-user/syscall.c:61:25: warning: sys/timerfd.h: No such file or 
directory
Signed-off-by: Riku Voipio riku.voi...@linaro.org
---
 linux-user/syscall.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7087a56..e8f1136 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -58,7 +58,9 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
 #include sys/shm.h
 #include sys/sem.h
 #include sys/statfs.h
+#ifdef CONFIG_TIMERFD
 #include sys/timerfd.h
+#endif
 #include utime.h
 #include sys/sysinfo.h
 //#include sys/user.h
-- 
2.0.1

[Qemu-devel] [PULL 0/5] linux-user patches for 2.2

[riku . voipio]

From: Riku Voipio riku.voi...@linaro.org

The following changes since commit 1831e150606a221898bf46ffaf0453e9952cbbc4:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging 
(2014-09-30 16:45:35 +0100)

are available in the git repository at:

  git://git.linaro.org/people/riku.voipio/qemu.git tags/pull-linux-user-20141006

for you to fetch changes up to 88555b7dfa79d7d21100d0b90730bf43d25d735b:

  translate-all.c: memory walker initial address miscalculation (2014-10-01 
16:16:14 +0300)


linux-user pull for 2.2

Clearest linux-user patches sent to the list since august,
Apart from Mikhails patch, the rest are quite trivial.


Alexander Graf (2):
  linux-user: Convert blkpg to use a special subop handler
  linux-user: Simplify timerid checks on g_posix_timers range

Mikhail Ilyin (1):
  translate-all.c: memory walker initial address miscalculation

Peter Maydell (1):
  linux-user: Enable epoll_pwait syscall for ARM

Riku Voipio (1):
  linux-user: don't include timerfd if not needed

 include/exec/cpu-all.h  |  4 ++--
 linux-user/arm/syscall_nr.h |  2 +-
 linux-user/elfload.c| 18 +-
 linux-user/ioctls.h |  3 ++-
 linux-user/syscall.c| 85 
-
 linux-user/syscall_types.h  |  2 +-
 translate-all.c | 33 -
 7 files changed, 103 insertions(+), 44 deletions(-)

-- 
2.0.1

[Qemu-devel] [PULL 2/5] linux-user: Convert blkpg to use a special subop handler

[riku . voipio]

From: Alexander Graf ag...@suse.de

The blkpg ioctl can take different payloads depending on the opcode in
its payload structure. Create a new special ioctl handler that can only
deal with partition style ones for now.

This patch fixes running parted for me.

Signed-off-by: Alexander Graf ag...@suse.de
Signed-off-by: Riku Voipio riku.voi...@linaro.org
---
 linux-user/ioctls.h|  3 ++-
 linux-user/syscall.c   | 53 ++
 linux-user/syscall_types.h |  2 +-
 3 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 609b27c..e672655 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -78,7 +78,8 @@
  IOCTL(BLKRAGET, IOC_R, MK_PTR(TYPE_LONG))
  IOCTL(BLKSSZGET, IOC_R, MK_PTR(TYPE_LONG))
  IOCTL(BLKBSZGET, IOC_R, MK_PTR(TYPE_INT))
- IOCTL(BLKPG, IOC_W, MK_PTR(MK_STRUCT(STRUCT_blkpg_ioctl_arg)))
+ IOCTL_SPECIAL(BLKPG, IOC_W, do_ioctl_blkpg,
+   MK_PTR(MK_STRUCT(STRUCT_blkpg_ioctl_arg)))
 #ifdef FIBMAP
  IOCTL(FIBMAP, IOC_W | IOC_R, MK_PTR(TYPE_LONG))
 #endif
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8fe9df7..dcb9df9 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3696,6 +3696,59 @@ out:
 return ret;
 }
 
+static abi_long do_ioctl_blkpg(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
+   abi_long cmd, abi_long arg)
+{
+void *argptr;
+int target_size;
+const argtype *arg_type = ie-arg_type;
+const argtype part_arg_type[] = { MK_STRUCT(STRUCT_blkpg_partition) };
+abi_long ret;
+
+struct blkpg_ioctl_arg *host_blkpg = (void*)buf_temp;
+struct blkpg_partition host_part;
+
+/* Read and convert blkpg */
+arg_type++;
+target_size = thunk_type_size(arg_type, 0);
+argptr = lock_user(VERIFY_READ, arg, target_size, 1);
+if (!argptr) {
+ret = -TARGET_EFAULT;
+goto out;
+}
+thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
+unlock_user(argptr, arg, 0);
+
+switch (host_blkpg-op) {
+case BLKPG_ADD_PARTITION:
+case BLKPG_DEL_PARTITION:
+/* payload is struct blkpg_partition */
+break;
+default:
+/* Unknown opcode */
+ret = -TARGET_EINVAL;
+goto out;
+}
+
+/* Read and convert blkpg-data */
+arg = (abi_long)(uintptr_t)host_blkpg-data;
+target_size = thunk_type_size(part_arg_type, 0);
+argptr = lock_user(VERIFY_READ, arg, target_size, 1);
+if (!argptr) {
+ret = -TARGET_EFAULT;
+goto out;
+}
+thunk_convert(host_part, argptr, part_arg_type, THUNK_HOST);
+unlock_user(argptr, arg, 0);
+
+/* Swizzle the data pointer to our local copy and call! */
+host_blkpg-data = host_part;
+ret = get_errno(ioctl(fd, ie-host_cmd, host_blkpg));
+
+out:
+return ret;
+}
+
 static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
 int fd, abi_long cmd, abi_long arg)
 {
diff --git a/linux-user/syscall_types.h b/linux-user/syscall_types.h
index 9d0c92d..1fd4ee0 100644
--- a/linux-user/syscall_types.h
+++ b/linux-user/syscall_types.h
@@ -252,4 +252,4 @@ STRUCT(blkpg_ioctl_arg,
TYPE_INT, /* op */
TYPE_INT, /* flags */
TYPE_INT, /* datalen */
-   MK_PTR(MK_STRUCT(STRUCT_blkpg_partition))) /* data */
+   TYPE_PTRVOID) /* data */
-- 
2.0.1

[Qemu-devel] [PULL 1/5] linux-user: Enable epoll_pwait syscall for ARM

[riku . voipio]

From: Peter Maydell peter.mayd...@linaro.org

We have support for the epoll_pwait syscall, but it wasn't enabled for
ARM guests because we hadn't defined the syscall number; correct this
deficiency.

Reported-by: Dave Flogeras dfloger...@gmail.com
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Signed-off-by: Riku Voipio riku.voi...@linaro.org
---
 linux-user/arm/syscall_nr.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/arm/syscall_nr.h b/linux-user/arm/syscall_nr.h
index bef847c..7d7be7c 100644
--- a/linux-user/arm/syscall_nr.h
+++ b/linux-user/arm/syscall_nr.h
@@ -350,7 +350,7 @@
 #define TARGET_NR_vmsplice (343)
 #define TARGET_NR_move_pages   (344)
 #define TARGET_NR_getcpu   (345)
-   /* 346 for epoll_pwait */
+#define TARGET_NR_epoll_pwait   (346)
 #define TARGET_NR_kexec_load   (347)
 #define TARGET_NR_utimensat(348)
 #define TARGET_NR_signalfd (349)
-- 
2.0.1

Re: [Qemu-devel] [PATCH] block/curl: Improve type safety of s-timeout.

[Laszlo Ersek]

On 10/06/14 16:32, Richard W.M. Jones wrote:
 qemu_opt_get_number returns a uint64_t, and curl_easy_setopt expects a
 long (not an int).
 
 Store the timeout (which is a positive number of seconds) as a
 uint64_t.  Check that the number given by the user is reasonable.
 Cast it to long before calling curl_easy_setopt.
 
 Example error message after this change has been applied:
 
 $ ./qemu-img create -f qcow2 /tmp/test.qcow2 \
 -b 'json: { file.driver:https,
 file.url:https://foo/bar;,
 file.timeout:-1 }'
 qemu-img: /tmp/test.qcow2: Could not open 'json: { file.driver:https, 
 file.url:https://foo/bar;, file.timeout:-1 }': timeout parameter is too 
 large or negative: Invalid argument
 
 Signed-off-by: Richard W.M. Jones rjo...@redhat.com
 ---
  block/curl.c | 8 ++--
  1 file changed, 6 insertions(+), 2 deletions(-)
 
 diff --git a/block/curl.c b/block/curl.c
 index 225407c..5233ff6 100644
 --- a/block/curl.c
 +++ b/block/curl.c
 @@ -112,7 +112,7 @@ typedef struct BDRVCURLState {
  char *url;
  size_t readahead_size;
  bool sslverify;
 -int timeout;
 +uint64_t timeout;
  char *cookie;
  bool accept_range;
  AioContext *aio_context;
 @@ -390,7 +390,7 @@ static CURLState *curl_init_state(BlockDriverState *bs, 
 BDRVCURLState *s)
  if (s-cookie) {
  curl_easy_setopt(state-curl, CURLOPT_COOKIE, s-cookie);
  }
 -curl_easy_setopt(state-curl, CURLOPT_TIMEOUT, s-timeout);
 +curl_easy_setopt(state-curl, CURLOPT_TIMEOUT, (long)s-timeout);
  curl_easy_setopt(state-curl, CURLOPT_WRITEFUNCTION,
   (void *)curl_read_cb);
  curl_easy_setopt(state-curl, CURLOPT_WRITEDATA, (void *)state);
 @@ -546,6 +546,10 @@ static int curl_open(BlockDriverState *bs, QDict 
 *options, int flags,
  
  s-timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
   CURL_TIMEOUT_DEFAULT);
 +if (s-timeout  10) {
 +error_setg(errp, timeout parameter is too large or negative);
 +goto out_noclean;
 +}
  
  s-sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
  
 

Since we're validating s-timeout -- is a zero value okay?

Thanks
Laszlo

Re: [Qemu-devel] [PATCH] block/curl: Improve type safety of s-timeout.

[Richard W.M. Jones]

On Mon, Oct 06, 2014 at 04:38:59PM +0200, Laszlo Ersek wrote:
 On 10/06/14 16:32, Richard W.M. Jones wrote:
  qemu_opt_get_number returns a uint64_t, and curl_easy_setopt expects a
  long (not an int).
  
  Store the timeout (which is a positive number of seconds) as a
  uint64_t.  Check that the number given by the user is reasonable.
  Cast it to long before calling curl_easy_setopt.
  
  Example error message after this change has been applied:
  
  $ ./qemu-img create -f qcow2 /tmp/test.qcow2 \
  -b 'json: { file.driver:https,
  file.url:https://foo/bar;,
  file.timeout:-1 }'
  qemu-img: /tmp/test.qcow2: Could not open 'json: { file.driver:https, 
  file.url:https://foo/bar;, file.timeout:-1 }': timeout parameter is 
  too large or negative: Invalid argument
  
  Signed-off-by: Richard W.M. Jones rjo...@redhat.com
  ---
   block/curl.c | 8 ++--
   1 file changed, 6 insertions(+), 2 deletions(-)
  
  diff --git a/block/curl.c b/block/curl.c
  index 225407c..5233ff6 100644
  --- a/block/curl.c
  +++ b/block/curl.c
  @@ -112,7 +112,7 @@ typedef struct BDRVCURLState {
   char *url;
   size_t readahead_size;
   bool sslverify;
  -int timeout;
  +uint64_t timeout;
   char *cookie;
   bool accept_range;
   AioContext *aio_context;
  @@ -390,7 +390,7 @@ static CURLState *curl_init_state(BlockDriverState *bs, 
  BDRVCURLState *s)
   if (s-cookie) {
   curl_easy_setopt(state-curl, CURLOPT_COOKIE, s-cookie);
   }
  -curl_easy_setopt(state-curl, CURLOPT_TIMEOUT, s-timeout);
  +curl_easy_setopt(state-curl, CURLOPT_TIMEOUT, (long)s-timeout);
   curl_easy_setopt(state-curl, CURLOPT_WRITEFUNCTION,
(void *)curl_read_cb);
   curl_easy_setopt(state-curl, CURLOPT_WRITEDATA, (void *)state);
  @@ -546,6 +546,10 @@ static int curl_open(BlockDriverState *bs, QDict 
  *options, int flags,
   
   s-timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
CURL_TIMEOUT_DEFAULT);
  +if (s-timeout  10) {
  +error_setg(errp, timeout parameter is too large or negative);
  +goto out_noclean;
  +}
   
   s-sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
   
  
 
 Since we're validating s-timeout -- is a zero value okay?

Yes it's OK.  It means wait forever:

   CURLOPT_TIMEOUT
  Pass a long as parameter containing the maximum time in  seconds
  that you allow the libcurl transfer operation to take. Normally,
  name lookups can take a considerable time  and  limiting  opera‐
  tions  to less than a few minutes risk aborting perfectly normal
  operations. This option will cause curl to use  the  SIGALRM  to
  enable time-outing system calls.

  In unix-like systems, this might cause signals to be used unless
  CURLOPT_NOSIGNAL is set.

  Default timeout is 0 (zero) which means it never times out.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

Re: [Qemu-devel] [PATCH] block/curl: Improve type safety of s-timeout.

[Laszlo Ersek]

On 10/06/14 16:40, Richard W.M. Jones wrote:
 On Mon, Oct 06, 2014 at 04:38:59PM +0200, Laszlo Ersek wrote:
 On 10/06/14 16:32, Richard W.M. Jones wrote:
 qemu_opt_get_number returns a uint64_t, and curl_easy_setopt expects a
 long (not an int).

 Store the timeout (which is a positive number of seconds) as a
 uint64_t.  Check that the number given by the user is reasonable.
 Cast it to long before calling curl_easy_setopt.

 Example error message after this change has been applied:

 $ ./qemu-img create -f qcow2 /tmp/test.qcow2 \
 -b 'json: { file.driver:https,
 file.url:https://foo/bar;,
 file.timeout:-1 }'
 qemu-img: /tmp/test.qcow2: Could not open 'json: { file.driver:https, 
 file.url:https://foo/bar;, file.timeout:-1 }': timeout parameter is 
 too large or negative: Invalid argument

 Signed-off-by: Richard W.M. Jones rjo...@redhat.com
 ---
  block/curl.c | 8 ++--
  1 file changed, 6 insertions(+), 2 deletions(-)

 diff --git a/block/curl.c b/block/curl.c
 index 225407c..5233ff6 100644
 --- a/block/curl.c
 +++ b/block/curl.c
 @@ -112,7 +112,7 @@ typedef struct BDRVCURLState {
  char *url;
  size_t readahead_size;
  bool sslverify;
 -int timeout;
 +uint64_t timeout;
  char *cookie;
  bool accept_range;
  AioContext *aio_context;
 @@ -390,7 +390,7 @@ static CURLState *curl_init_state(BlockDriverState *bs, 
 BDRVCURLState *s)
  if (s-cookie) {
  curl_easy_setopt(state-curl, CURLOPT_COOKIE, s-cookie);
  }
 -curl_easy_setopt(state-curl, CURLOPT_TIMEOUT, s-timeout);
 +curl_easy_setopt(state-curl, CURLOPT_TIMEOUT, (long)s-timeout);
  curl_easy_setopt(state-curl, CURLOPT_WRITEFUNCTION,
   (void *)curl_read_cb);
  curl_easy_setopt(state-curl, CURLOPT_WRITEDATA, (void *)state);
 @@ -546,6 +546,10 @@ static int curl_open(BlockDriverState *bs, QDict 
 *options, int flags,
  
  s-timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
   CURL_TIMEOUT_DEFAULT);
 +if (s-timeout  10) {
 +error_setg(errp, timeout parameter is too large or negative);
 +goto out_noclean;
 +}
  
  s-sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
  


 Since we're validating s-timeout -- is a zero value okay?
 
 Yes it's OK.  It means wait forever:
 
CURLOPT_TIMEOUT
   Pass a long as parameter containing the maximum time in  seconds
   that you allow the libcurl transfer operation to take. Normally,
   name lookups can take a considerable time  and  limiting  opera‐
   tions  to less than a few minutes risk aborting perfectly normal
   operations. This option will cause curl to use  the  SIGALRM  to
   enable time-outing system calls.
 
   In unix-like systems, this might cause signals to be used unless
   CURLOPT_NOSIGNAL is set.
 
   Default timeout is 0 (zero) which means it never times out.
 
 Rich.
 

Reviewed-by: Laszlo Ersek ler...@redhat.com

Re: [Qemu-devel] [PATCH] gdbstub: Allow target CPUs to specify watchpoint STOP_BEFORE_ACCESS flag

[Peter Maydell]

On 5 October 2014 23:07, Michael Walle mich...@walle.cc wrote:
 Am Sonntag, 5. Oktober 2014, 22:48:05 schrieb Peter Maydell:
 On 5 October 2014 22:36, Peter Maydell peter.mayd...@linaro.org wrote:
  On 5 October 2014 22:00, Michael Walle mich...@walle.cc wrote:
  I can confirm that your patch makes qemu stop one instruction earlier.
  Without your patch the program is stopped at (3). With your patch
  applied the program is stopped at (2). But I guess the correct point to
  stop is (1), right?
  No, gdb wants execution to stop with the PC just after the
  instruction which issued the memory access, with whatever
  effects the instruction had having already taken place.
  So (2) is correct. (I think nicer UI would indeed be to
  stop at (1) but you can't get that effect on CPUs like
  x86 which only stop after the wp insn has executed, and
  they'd rather be consistent.)

 ...and incidentally the way it achieves this for stop before
 wp insn CPU targets is that it unsets the watchpoint
 and automatically steps one instruction before returning
 control to the gdb user. (You can see this if you turn
 gdb's remote-protocol debug on.)

 Ah, now it makes sense :)

 Tested-by: Michael Walle mich...@walle.cc (for lm32)

Thanks to all for review/testing; applied to master.

-- PMM

Re: [Qemu-devel] [PATCH v5 01/33] target-arm: increase arrays of registers R13 R14

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 Increasing banked_r13 and banked_r14 to store LR_mon and SP_mon (bank
 index 7).

 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Reviewed-by: Edgar E. Iglesias edgar.igles...@xilinx.com
 Signed-off-by: Greg Bellows greg.bell...@linaro.org
 ---
  target-arm/cpu.h | 4 ++--
  target-arm/machine.c | 4 ++--
  2 files changed, 4 insertions(+), 4 deletions(-)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index 65a3417..81fffd2 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -153,8 +153,8 @@ typedef struct CPUARMState {

  /* Banked registers.  */
  uint64_t banked_spsr[8];
 -uint32_t banked_r13[6];
 -uint32_t banked_r14[6];
 +uint32_t banked_r13[8];
 +uint32_t banked_r14[8];

  /* These hold r8-r12.  */
  uint32_t usr_regs[5];
 diff --git a/target-arm/machine.c b/target-arm/machine.c
 index ddb7d05..7e69127 100644
 --- a/target-arm/machine.c
 +++ b/target-arm/machine.c
 @@ -238,8 +238,8 @@ const VMStateDescription vmstate_arm_cpu = {
  },
  VMSTATE_UINT32(env.spsr, ARMCPU),
  VMSTATE_UINT64_ARRAY(env.banked_spsr, ARMCPU, 8),
 -VMSTATE_UINT32_ARRAY(env.banked_r13, ARMCPU, 6),
 -VMSTATE_UINT32_ARRAY(env.banked_r14, ARMCPU, 6),
 +VMSTATE_UINT32_ARRAY(env.banked_r13, ARMCPU, 8),
 +VMSTATE_UINT32_ARRAY(env.banked_r14, ARMCPU, 8),
  VMSTATE_UINT32_ARRAY(env.usr_regs, ARMCPU, 5),
  VMSTATE_UINT32_ARRAY(env.fiq_regs, ARMCPU, 5),
  VMSTATE_UINT64_ARRAY(env.elr_el, ARMCPU, 4),

You need to bump the vmstate version fields if
you change fields like this.

thanks
-- PMM

[Qemu-devel] [PATCH] linuxboot: compute initrd loading address

[Paolo Bonzini]

Even though hw/i386/pc.c tries to compute a valid loading address for the
initrd, close to the top of RAM, this does not take into account other
data that is malloced into that memory by SeaBIOS.

Luckily we can easily look at the memory map to find out how much memory is
used up there.  This patch places the initrd in the first four gigabytes,
below the first hole (as returned by INT 15h, AX=e801h).

Without this patch:
[0.00] init_memory_mapping: [mem 0x0700-0x07fd]
[0.00] RAMDISK: [mem 0x0710a000-0x07fd7fff]

With this patch:
[0.00] init_memory_mapping: [mem 0x0700-0x07fd]
[0.00] RAMDISK: [mem 0x07112000-0x07fd]

So linuxboot is able to use the 64k that were added as padding for
QEMU = 2.1.

Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 pc-bios/linuxboot.bin | Bin 1024 - 1024 bytes
 pc-bios/optionrom/linuxboot.S |  47 ++
 pc-bios/optionrom/optionrom.h |  21 ---
 3 files changed, 61 insertions(+), 7 deletions(-)

diff --git a/pc-bios/linuxboot.bin b/pc-bios/linuxboot.bin
index 
e7c36694f997c3c34f7f4af3c2923bd2ef6094e7..130103fb739228a6869aaf1b174b9d20c13378fc
 100644
GIT binary patch
delta 168
zcmZqRXyBNj#e9V6V4+-#yc2a7@jn|bXJt}WGMdrBas8gPpg4G+*OE29`Ab?LX5F
zKIeMP(|Cx15y-mOxh}WRz3ZJf7D0oZ-X|7o31)0*E19C!O5XCq~0;uRf+QA1b
zX{7|eo$aa3kRw;nki|IC(Q;0c%?4;T_@=t7IoTF$qbirKj~bOE57or0rk;0)C|f
SJtz7Oyqvi?nJI*kFF^X7ev$m

delta 107
zcmZqRXyBNj#azSGI8k@yWCKP?#+1okj0#LU*e5$O$xYtNXvD|`VlnOD22!$yBUQi
zzh^99+93|DjwV+!H~8~fR%ya{VqY)Kk1)y(snQa0l(6Lo)disUOwEsnkj^F@_gl
G#(w~}wj;0r

diff --git a/pc-bios/optionrom/linuxboot.S b/pc-bios/optionrom/linuxboot.S
index 748c831..5bc0af0 100644
--- a/pc-bios/optionrom/linuxboot.S
+++ b/pc-bios/optionrom/linuxboot.S
@@ -76,14 +76,45 @@ boot_kernel:
 
 
 copy_kernel:
+   /* Compute initrd address */
+   mov $0xe801, %ax
+   xor %cx, %cx
+   xor %dx, %dx
+   int $0x15
+
+   /* Output could be in AX/BX or CX/DX */
+   or  %cx, %cx
+   jnz 1f
+   or  %dx, %dx
+   jnz 1f
+   mov %ax, %cx
+   mov %bx, %dx
+1:
+
+   or  %dx, %dx
+   jnz 2f
+   addw$1024, %cx/* add 1 MB */
+   movzwl  %cx, %edi
+   shll$10, %edi /* convert to bytes */
+   jmp 3f
+
+2:
+   addw$16777216  16, %dx  /* add 16 MB */
+   movzwl  %dx, %edi
+   shll$16, %edi /* convert to bytes */
+
+3:
+   read_fw FW_CFG_INITRD_SIZE
+   subl%eax, %edi
+   andl$-4096, %edi  /* EDI = start of initrd */
 
/* We need to load the kernel into memory we can't access in 16 bit
   mode, so let's get into 32 bit mode, write the kernel and jump
   back again. */
 
/* Reserve space on the stack for our GDT descriptor. */
-   mov %esp, %ebp
-   sub $16, %esp
+   mov %esp, %ebp
+   sub $16, %esp
 
/* Now create the GDT descriptor */
movw$((3 * 8) - 1), -16(%bp)
@@ -108,10 +139,18 @@ copy_kernel:
/* We're now running in 16-bit CS, but 32-bit ES! */
 
/* Load kernel and initrd */
+   pushl   %edi
+   read_fw_blob_addr32_edi(FW_CFG_INITRD)
read_fw_blob_addr32(FW_CFG_KERNEL)
-   read_fw_blob_addr32(FW_CFG_INITRD)
read_fw_blob_addr32(FW_CFG_CMDLINE)
-   read_fw_blob_addr32(FW_CFG_SETUP)
+
+   read_fw FW_CFG_SETUP_ADDR
+   mov %eax, %edi
+   mov %eax, %ebx
+   read_fw_blob_addr32_edi(FW_CFG_SETUP)
+
+   /* Update the header with the initrd address we chose above */
+   popl%es:0x218(%ebx)
 
/* And now jump into Linux! */
mov $0, %eax
diff --git a/pc-bios/optionrom/optionrom.h b/pc-bios/optionrom/optionrom.h
index ce43608..f1a9021 100644
--- a/pc-bios/optionrom/optionrom.h
+++ b/pc-bios/optionrom/optionrom.h
@@ -51,8 +51,6 @@
 .endm
 
 #define read_fw_blob_pre(var)  \
-   read_fw var ## _ADDR;   \
-   mov %eax, %edi; \
read_fw var ## _SIZE;   \
mov %eax, %ecx; \
mov $var ## _DATA, %ax; \
@@ -68,6 +66,8 @@
  * Clobbers:   %eax, %edx, %es, %ecx, %edi
  */
 #define read_fw_blob(var)  \
+   read_fw var ## _ADDR;   \
+   mov %eax, %edi; \
read_fw_blob_pre(var);  \
/* old as(1) doesn't like this insn so emit the bytes instead: \
rep insb(%dx), 

Re: [Qemu-devel] [PATCH] aio / timers: De-document -clock

[Alex Bligh]

OK by me - sorry about that.

Alex

On 6 Oct 2014, at 15:19, Markus Armbruster arm...@redhat.com wrote:

 Commit 6d32717 aio / timers: Remove alarm timers has issues:
 
 1. It silently ignores -clock for backward compatibility.
 Incompatible change: -clock help no longer terminates the program.
 Tolerable.
 
 2. Failed to update option documentation.  In particular, -help still
 advises users to try -clock help for available timers.  Drop all
 documentation on -clock.
 
 3. The 'query-alarm-clock' example in docs/writing-commands.txt no
 longer works, and needs to be redone.  Can't do that right now, so I
 just stick in a FIXME.
 
 Signed-off-by: Markus Armbruster arm...@redhat.com

Reviewed-by: Alex Bligh a...@alex.org.uk

 ---
 docs/writing-qmp-commands.txt |  2 ++
 qemu-options.hx   | 12 ++--
 2 files changed, 4 insertions(+), 10 deletions(-)
 
 diff --git a/docs/writing-qmp-commands.txt b/docs/writing-qmp-commands.txt
 index 4d86c24..f3df206 100644
 --- a/docs/writing-qmp-commands.txt
 +++ b/docs/writing-qmp-commands.txt
 @@ -365,6 +365,8 @@ documentation for information about the other types.
 
 === User Defined Types ===
 
 +FIXME This example needs to be redone after commit 6d32717
 +
 For this example we will write the query-alarm-clock command, which returns
 information about QEMU's timer alarm. For more information about it, please
 check the -clock command-line option.
 diff --git a/qemu-options.hx b/qemu-options.hx
 index 365b56c..778d0de 100644
 --- a/qemu-options.hx
 +++ b/qemu-options.hx
 @@ -2983,16 +2983,8 @@ Load the contents of @var{file} as an option ROM.
 This option is useful to load things like EtherBoot.
 ETEXI
 
 -DEF(clock, HAS_ARG, QEMU_OPTION_clock, \
 --clock  force the use of the given methods for timer alarm.\n \
 -To see what timers are available use '-clock help'\n,
 -QEMU_ARCH_ALL)
 -STEXI
 -@item -clock @var{method}
 -@findex -clock
 -Force the use of the given methods for timer alarm. To see what timers
 -are available use @code{-clock help}.
 -ETEXI
 +HXCOMM Silently ignored for compatibility
 +DEF(clock, HAS_ARG, QEMU_OPTION_clock, , QEMU_ARCH_ALL)
 
 HXCOMM Options deprecated by -rtc
 DEF(localtime, 0, QEMU_OPTION_localtime, , QEMU_ARCH_ALL)
 -- 
 1.9.3
 
 
 

-- 
Alex Bligh

[Qemu-devel] [RFC PATCH] target-i386: move generic memory hotplug methods to DSDTs

[Paolo Bonzini]

This makes it simpler to keep the SSDT byte-for-byte identical for a
given machine type, which is a goal we want to have for 2.2 and newer
types.

This is not tested well and is still missing update of make check
data, but I wanted to throw this out for an early look.

Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/i386/acpi-dsdt-mem-hotplug.dsl   | 176 
 hw/i386/acpi-dsdt.dsl   |   3 +-
 hw/i386/acpi-dsdt.hex.generated | 795 ++-
 hw/i386/q35-acpi-dsdt.dsl   |   3 +-
 hw/i386/q35-acpi-dsdt.hex.generated | 797 +++-
 hw/i386/ssdt-mem.hex.generated  |   8 +-
 hw/i386/ssdt-misc.dsl   | 156 ---
 hw/i386/ssdt-misc.hex.generated | 787 +--
 8 files changed, 1773 insertions(+), 952 deletions(-)
 create mode 100644 hw/i386/acpi-dsdt-mem-hotplug.dsl

diff --git a/hw/i386/acpi-dsdt-mem-hotplug.dsl 
b/hw/i386/acpi-dsdt-mem-hotplug.dsl
new file mode 100644
index 000..2a36c47
--- /dev/null
+++ b/hw/i386/acpi-dsdt-mem-hotplug.dsl
@@ -0,0 +1,176 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see http://www.gnu.org/licenses/.
+ */
+
+External(MEMORY_SLOT_NOTIFY_METHOD, MethodObj)
+
+Scope(\_SB.PCI0) {
+Device(MEMORY_HOTPLUG_DEVICE) {
+Name(_HID, PNP0A06)
+Name(_UID, Memory hotplug resources)
+External(MEMORY_SLOTS_NUMBER, IntObj)
+
+/* Memory hotplug IO registers */
+OperationRegion(MEMORY_HOTPLUG_IO_REGION, SystemIO,
+ACPI_MEMORY_HOTPLUG_BASE,
+ACPI_MEMORY_HOTPLUG_IO_LEN)
+
+Name(_CRS, ResourceTemplate() {
+IO(Decode16, ACPI_MEMORY_HOTPLUG_BASE, 
ACPI_MEMORY_HOTPLUG_BASE,
+   0, ACPI_MEMORY_HOTPLUG_IO_LEN, IO)
+})
+
+Method(_STA, 0) {
+If (LEqual(MEMORY_SLOTS_NUMBER, Zero)) {
+Return(0x0)
+}
+/* present, functioning, decoding, not shown in UI */
+Return(0xB)
+}
+
+Field(MEMORY_HOTPLUG_IO_REGION, DWordAcc, NoLock, Preserve) {
+MEMORY_SLOT_ADDR_LOW, 32,  // read only
+MEMORY_SLOT_ADDR_HIGH, 32, // read only
+MEMORY_SLOT_SIZE_LOW, 32,  // read only
+MEMORY_SLOT_SIZE_HIGH, 32, // read only
+MEMORY_SLOT_PROXIMITY, 32, // read only
+}
+Field(MEMORY_HOTPLUG_IO_REGION, ByteAcc, NoLock, Preserve) {
+Offset(20),
+MEMORY_SLOT_ENABLED,  1, // 1 if enabled, read only
+MEMORY_SLOT_INSERT_EVENT, 1, // (read) 1 if has a insert 
event. (write) 1 to clear event
+}
+
+Mutex (MEMORY_SLOT_LOCK, 0)
+Field (MEMORY_HOTPLUG_IO_REGION, DWordAcc, NoLock, Preserve) {
+MEMORY_SLOT_SLECTOR, 32,  // DIMM selector, write only
+MEMORY_SLOT_OST_EVENT, 32,  // _OST event code, write only
+MEMORY_SLOT_OST_STATUS, 32,  // _OST status code, write only
+}
+
+Method(MEMORY_SLOT_SCAN_METHOD, 0) {
+If (LEqual(MEMORY_SLOTS_NUMBER, Zero)) {
+ Return(Zero)
+}
+
+Store(Zero, Local0) // Mem devs iterrator
+Acquire(MEMORY_SLOT_LOCK, 0x)
+while (LLess(Local0, MEMORY_SLOTS_NUMBER)) {
+Store(Local0, MEMORY_SLOT_SLECTOR) // select Local0 DIMM
+If (LEqual(MEMORY_SLOT_INSERT_EVENT, One)) { // Memory 
device needs check
+MEMORY_SLOT_NOTIFY_METHOD(Local0, 1)
+Store(1, MEMORY_SLOT_INSERT_EVENT)
+}
+// TODO: handle memory eject request
+Add(Local0, One, Local0) // goto next DIMM
+}
+Release(MEMORY_SLOT_LOCK)
+Return(One)
+}
+
+Method(MEMORY_SLOT_STATUS_METHOD, 1) {
+Store(Zero, Local0)
+
+Acquire(MEMORY_SLOT_LOCK, 0x)
+Store(ToInteger(Arg0), MEMORY_SLOT_SLECTOR) // select DIMM
+
+If (LEqual(MEMORY_SLOT_ENABLED, One)) {
+Store(0xF, Local0)
+}
+
+

Re: [Qemu-devel] [PATCH] virtio-pci: fix migration for pci bus master

[Greg Kurz]

On Wed, 17 Sep 2014 20:39:25 +0300
Michael S. Tsirkin m...@redhat.com wrote:

 On Wed, Sep 17, 2014 at 07:21:09PM +0200, Greg Kurz wrote:
  On Sun, 14 Sep 2014 21:30:36 +0300
  Michael S. Tsirkin m...@redhat.com wrote:
  
   Current support for bus master (clearing OK bit)
   together with the need to support guests which do not
   enable PCI bus mastering, leads to extra state in
   VIRTIO_PCI_FLAG_BUS_MASTER_BUG bit, which isn't robust
   in case of cross-version migration for the case when
   guests use the device before setting DRIVER_OK.
   
   Rip out VIRTIO_PCI_FLAG_BUS_MASTER_BUG and implement a simpler
   work-around: treat clearing of PCI_COMMAND as a virtio reset.  Old
   guests never touch this bit so they will work.
   
   As reset clears device status, DRIVER and MASTER bits are
   now in sync, so we can fix up cross-version migration simply
   by synchronising them, without need to detect a buggy guest
   explicitly.
   
   Drop tracking VIRTIO_PCI_FLAG_BUS_MASTER_BUG completely.
   
   As reset makes the device quiescent, in the future we'll be able to drop
   checking OK bit in a bunch of places.
   
   Cc: Jason Wang jasow...@redhat.com
   Cc: Greg Kurz gk...@linux.vnet.ibm.com
   Signed-off-by: Michael S. Tsirkin m...@redhat.com
   ---
  
  Hi Michael,
  
  I am not quite sure how to test this patch with my pseries based setup...
  Migrating from qemu-2.1 to qemu-master ?
  
  Cheers.
  
  --
  Greg
 
 Exactly. And back! Pls don't forget to specify the 2.1 machine type.
 Thanks!
 

Michael,

Nikunj and I had started to investigate the pseries breakage: the QEMU
originated reset brought by this patch clears the vq and breaks SLOF.
This isn't a surprise since reset should always come from the driver,
not the device.

Since commit 45363e46aeebfc99753389649eac7c7fc22bfe52 has reverted this
patch, QEMU works again for pseries and virtio. :)

So back to the initial issue, I've tried to migrate a pseries-2.1 guest running
rhel65, from QEMU v2.1.2 to QEMU master, back and forth, several times and it
always succeeded... what symptom this patch was expected to fix ?

Cheers.

--
Greg

hw/virtio/virtio-pci.c | 39 ---
1 file changed, 20 insertions(+), 19 deletions(-)
   
   diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
   index a827cd4..f560814 100644
   --- a/hw/virtio/virtio-pci.c
   +++ b/hw/virtio/virtio-pci.c
   @@ -86,9 +86,6 @@
 * 12 is historical, and due to x86 page size. */
#define VIRTIO_PCI_QUEUE_ADDR_SHIFT12
   
   -/* Flags track per-device state like workarounds for quirks in older 
   guests. */
   -#define VIRTIO_PCI_FLAG_BUS_MASTER_BUG  (1  0)
   -
static void virtio_pci_bus_new(VirtioBusState *bus, size_t bus_size,
   VirtIOPCIProxy *dev);
   
   @@ -323,14 +320,6 @@ static void virtio_ioport_write(void *opaque, 
   uint32_t addr, uint32_t val)
 proxy-pci_dev.config[PCI_COMMAND] |
 PCI_COMMAND_MASTER, 1);
}
   -
   -/* Linux before 2.6.34 sets the device as OK without enabling
   -   the PCI device bus master bit. In this case we need to disable
   -   some safety checks. */
   -if ((val  VIRTIO_CONFIG_S_DRIVER_OK) 
   -!(proxy-pci_dev.config[PCI_COMMAND]  PCI_COMMAND_MASTER)) {
   -proxy-flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
   -}
break;
case VIRTIO_MSI_CONFIG_VECTOR:
msix_vector_unuse(proxy-pci_dev, vdev-config_vector);
   @@ -480,13 +469,18 @@ static void virtio_write_config(PCIDevice *pci_dev, 
   uint32_t address,
VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
VirtIODevice *vdev = virtio_bus_get_device(proxy-bus);
   
   +uint8_t cmd = proxy-pci_dev.config[PCI_COMMAND];
   +
pci_default_write_config(pci_dev, address, val, len);
   
if (range_covers_byte(address, len, PCI_COMMAND) 
!(pci_dev-config[PCI_COMMAND]  PCI_COMMAND_MASTER) 
   -!(proxy-flags  VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
   +(cmd  PCI_COMMAND_MASTER)) {
   +/* Bus driver disables bus mastering - make it act
   + * as a kind of reset to render the device quiescent. */
virtio_pci_stop_ioeventfd(proxy);
   -virtio_set_status(vdev, vdev-status  
   ~VIRTIO_CONFIG_S_DRIVER_OK);
   +virtio_reset(vdev);
   +msix_unuse_all_vectors(proxy-pci_dev);
}
}
   
   @@ -895,11 +889,19 @@ static void virtio_pci_vmstate_change(DeviceState 
   *d, bool running)
VirtIODevice *vdev = virtio_bus_get_device(proxy-bus);
   
if (running) {
   -/* Try to find out if the guest has bus master disabled, but is
   -   in ready state. Then we have a buggy guest OS. */
   -if ((vdev-status  VIRTIO_CONFIG_S_DRIVER_OK) 
   -

[Qemu-devel] [PATCH v2 0/3] Migration-safe ACPI table sizing algorithm

[Paolo Bonzini]

In the emergency last-minute patches of QEMU 2.1 we did two things:

- fixed migration problems from 1.7 or 2.0 to 2.1 due to changes in
  ACPI table sizes

- ensured that future versions will not break migration compatibility
  with 2.2 for reasonable configurations (with ACPI tables smaller
  than a hundred kilobytes, roughly)

However, this came at the cost of wasting 128 KB unconditionally on
even the smaller configuration, and we didn't provide a mechanism to
ensure compatibility with larger configurations.

This series provides this mechanism.  As mentioned early, the design
is to consider the SSDT immutable and versioned (together with other
non-AML tables such as HPET, TPMA and MADT, SRAT, MCFG, DMAR).
The DSDT instead can change more or less arbitrarily.  To do this,
we add padding after the DSDT to allow for future growth (patch 1).

Once we do this, the size of the ACPI table fw_cfg file is constant
given a machine type and a command-line, so we do not need anymore the
larger 128KB padding (patch 2).

Patch 3 is just cleanups.

Paolo

v1-v2: drop linuxboot changes, instead modify the option ROM
in a separate patch

Paolo Bonzini (3):
  pc: introduce new ACPI table sizing algorithm
  pc: go back to smaller ACPI tables
  pc: clean up pre-2.1 compatibility code

 hw/i386/acpi-build.c | 20 +++-
 hw/i386/pc_piix.c| 20 +++-
 hw/i386/pc_q35.c |  6 --
 include/hw/i386/pc.h |  2 ++
 4 files changed, 36 insertions(+), 12 deletions(-)

-- 
2.1.0

[Qemu-devel] [PATCH v2 1/3] pc: introduce new ACPI table sizing algorithm

[Paolo Bonzini]

Add padding after the DSDT.  Tables that vary depending on the
command-line arguments will have to be byte-equivalent across QEMU
versions = 2.2, while fixed tables (including the DSDT) can be
changed freely.

This new algorithm will let us present smaller ACPI blobs to
the guest, which avoids bugs with -kernel/-initrd and 32-bit
RHEL5 guests.  However, this patch does not change the size of
the blobs yet; for now, the values of the parameters are tuned
to have 2.1-compatible sizes.

Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/i386/acpi-build.c | 11 +++
 hw/i386/pc_piix.c|  5 +
 include/hw/i386/pc.h |  2 ++
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index a313321..6bffc75 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -65,8 +65,6 @@
 #define ACPI_BUILD_LEGACY_CPU_AML_SIZE97
 #define ACPI_BUILD_ALIGN_SIZE 0x1000
 
-#define ACPI_BUILD_TABLE_SIZE 0x2
-
 typedef struct AcpiCpuInfo {
 DECLARE_BITMAP(found_cpus, ACPI_CPU_HOTPLUG_ID_LIMIT);
 } AcpiCpuInfo;
@@ -1597,6 +1595,10 @@ void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables 
*tables)
 acpi_add_table(table_offsets, tables-table_data);
 build_fadt(tables-table_data, tables-linker, pm, facs, dsdt);
 
+if (guest_info-fixed_table_align) {
+acpi_align_size(tables-table_data, guest_info-fixed_table_align);
+}
+
 ssdt = tables-table_data-len;
 acpi_add_table(table_offsets, tables-table_data);
 build_ssdt(tables-table_data, tables-linker, cpu, pm, misc, pci,
@@ -1681,14 +1683,15 @@ void acpi_build(PcGuestInfo *guest_info, 
AcpiBuildTables *tables)
 g_array_set_size(tables-table_data, legacy_table_size);
 } else {
 /* Make sure we have a buffer in case we need to resize the tables. */
-if (tables-table_data-len  ACPI_BUILD_TABLE_SIZE / 2) {
+if (!guest_info-fixed_table_align 
+   tables-table_data-len  guest_info-acpi_table_align / 2) {
 /* As of QEMU 2.1, this fires with 160 VCPUs and 255 memory slots. 
 */
 error_report(Warning: ACPI tables are larger than 64k.);
 error_report(Warning: migration may not work.);
 error_report(Warning: please remove CPUs, NUMA nodes, 
  memory slots or PCI bridges.);
 }
-acpi_align_size(tables-table_data, ACPI_BUILD_TABLE_SIZE);
+acpi_align_size(tables-table_data, guest_info-acpi_table_align);
 }
 
 acpi_align_size(tables-linker, ACPI_BUILD_ALIGN_SIZE);
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 103d756..060f6ec 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -61,6 +61,8 @@ static const int ide_irq[MAX_IDE_BUS] = { 14, 15 };
 
 static bool has_acpi_build = true;
 static int legacy_acpi_table_size;
+static int fixed_table_align = 0;
+static int acpi_table_align = 131072;
 static bool smbios_defaults = true;
 static bool smbios_legacy_mode;
 /* Make sure that guest addresses aligned at 1Gbyte boundaries get mapped to
@@ -164,6 +166,8 @@ static void pc_init1(MachineState *machine,
 
 guest_info-has_acpi_build = has_acpi_build;
 guest_info-legacy_acpi_table_size = legacy_acpi_table_size;
+guest_info-fixed_table_align = fixed_table_align;
+guest_info-acpi_table_align = acpi_table_align;
 
 guest_info-isapc_ram_fw = !pci_enabled;
 guest_info-has_reserved_memory = has_reserved_memory;
@@ -321,6 +325,7 @@ static void pc_compat_2_0(MachineState *machine)
  * QEMU 1.7 it is 6414.  For RHEL/CentOS 7.0 it is 6418.
  */
 legacy_acpi_table_size = 6652;
+acpi_table_align = 4096;
 smbios_legacy_mode = true;
 has_reserved_memory = false;
 pc_set_legacy_acpi_data_size();
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 77316d5..517e729 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -94,6 +94,8 @@ struct PcGuestInfo {
 uint64_t *node_cpu;
 FWCfgState *fw_cfg;
 int legacy_acpi_table_size;
+int fixed_table_align;
+int acpi_table_align;
 bool has_acpi_build;
 bool has_reserved_memory;
 };
-- 
2.1.0

[Qemu-devel] [PATCH v2 2/3] pc: go back to smaller ACPI tables

[Paolo Bonzini]

The new algorithm introduced by the previous patch lets us make tables
smaller and avoid bugs due to large tables.

Use it for 2.2+ machine types by tweaking the default fixed_table_align
and acpi_table_align values.  At the same time, preserve backwards-compatible
logic for pc-i440fx-2.1.

Without this patch:
[0.00] BIOS-e820: [mem 0x0010-0x07fd] usable
[0.00] BIOS-e820: [mem 0x07fe-0x07ff] reserved
...
[0.00] init_memory_mapping: [mem 0x0700-0x07fd] usable
[0.00] RAMDISK: [mem 0x07112000-0x07fd]

With this patch:
[0.00] BIOS-e820: [mem 0x0010-0x07ffafff] usable
[0.00] BIOS-e820: [mem 0x07ffb000-0x07ff] reserved
...
[0.00] init_memory_mapping: [mem 0x0700-0x07ffafff]
[0.00] RAMDISK: [mem 0x07122000-0x07fe]

Thanks to the new linuxboot option ROM, the initrd is loaded 64k above.

Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/i386/pc_piix.c | 19 ---
 hw/i386/pc_q35.c  |  6 --
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 060f6ec..0d3a191 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -61,8 +61,8 @@ static const int ide_irq[MAX_IDE_BUS] = { 14, 15 };
 
 static bool has_acpi_build = true;
 static int legacy_acpi_table_size;
-static int fixed_table_align = 0;
-static int acpi_table_align = 131072;
+static int fixed_table_align = 16384;
+static int acpi_table_align = 4096;
 static bool smbios_defaults = true;
 static bool smbios_legacy_mode;
 /* Make sure that guest addresses aligned at 1Gbyte boundaries get mapped to
@@ -306,6 +306,12 @@ static void pc_init_pci(MachineState *machine)
 pc_init1(machine, 1, 1);
 }
 
+static void pc_compat_2_1(MachineState *machine)
+{
+fixed_table_align = 0;
+acpi_table_align = 131072;
+}
+
 static void pc_compat_2_0(MachineState *machine)
 {
 /* This value depends on the actual DSDT and SSDT compiled into
@@ -324,6 +330,7 @@ static void pc_compat_2_0(MachineState *machine)
  * 6652 is valid for QEMU 2.0, the right value for pc-i440fx-1.7 on
  * QEMU 1.7 it is 6414.  For RHEL/CentOS 7.0 it is 6418.
  */
+pc_compat_2_1(machine);
 legacy_acpi_table_size = 6652;
 acpi_table_align = 4096;
 smbios_legacy_mode = true;
@@ -373,6 +380,12 @@ static void pc_compat_1_2(MachineState *machine)
 x86_cpu_compat_disable_kvm_features(FEAT_KVM, KVM_FEATURE_PV_EOI);
 }
 
+static void pc_init_pci_2_1(MachineState *machine)
+{
+pc_compat_2_1(machine);
+pc_init_pci(machine);
+}
+
 static void pc_init_pci_2_0(MachineState *machine)
 {
 pc_compat_2_0(machine);
@@ -476,7 +489,7 @@ static QEMUMachine pc_i440fx_machine_v2_2 = {
 static QEMUMachine pc_i440fx_machine_v2_1 = {
 PC_I440FX_2_1_MACHINE_OPTIONS,
 .name = pc-i440fx-2.1,
-.init = pc_init_pci,
+.init = pc_init_pci_2_1,
 .compat_props = (GlobalProperty[]) {
 PC_COMPAT_2_1,
 { /* end of list */ }
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index d4a907c..3443f32 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -153,10 +153,12 @@ static void pc_q35_init(MachineState *machine)
 guest_info-has_acpi_build = has_acpi_build;
 guest_info-has_reserved_memory = has_reserved_memory;
 
-/* Migration was not supported in 2.0 for Q35, so do not bother
- * with this hack (see hw/i386/acpi-build.c).
+/* Migration was not supported in 2.0 for Q35, so do not bother with
+ * hacks around the ACPI table size (see hw/i386/acpi-build.c).
  */
 guest_info-legacy_acpi_table_size = 0;
+guest_info-fixed_table_align = 16384;
+guest_info-acpi_table_align = 4096;
 
 if (smbios_defaults) {
 MachineClass *mc = MACHINE_GET_CLASS(machine);
-- 
2.1.0

Re: [Qemu-devel] [PATCH v5 02/33] target-arm: add arm_is_secure() function

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 arm_is_secure() function allows to determine CPU security state
 if the CPU implements Security Extensions/EL3.
 arm_is_secure_below_el3() returns true if CPU is in secure state
 below EL3.

 Signed-off-by: Sergey Fedorov s.fedo...@samsung.com
 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org
 ---
  target-arm/cpu.h | 38 ++
  1 file changed, 38 insertions(+)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index 81fffd2..10afef0 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -753,6 +753,44 @@ static inline int arm_feature(CPUARMState *env, int 
 feature)
  return (env-features  (1ULL  feature)) != 0;
  }

 +
 +/* Return true if exception level below EL3 is in secure state */
 +static inline bool arm_is_secure_below_el3(CPUARMState *env)
 +{
 +#if !defined(CONFIG_USER_ONLY)
 +if (arm_feature(env, ARM_FEATURE_EL3)) {
 +return !(env-cp15.scr_el3  SCR_NS);
 +} else if (arm_feature(env, ARM_FEATURE_EL2)) {
 +return false;
 +} else {
 +/* IMPDEF: QEMU defaults to non-secure */
 +return false;

I would be happy to fold both these identical 'return false'
cases together and have a comment that it's only IMPDEF
if EL2 isn't implemented.

 +}
 +#else
 +return false;
 +#endif
 +}
 +
 +/* Return true if the processor is in secure state */
 +static inline bool arm_is_secure(CPUARMState *env)
 +{
 +#if !defined(CONFIG_USER_ONLY)
 +if (arm_feature(env, ARM_FEATURE_EL3)) {
 +if (env-aarch64  extract32(env-pstate, 2, 2) == 3) {
 +/* CPU currently in Aarch64 state and EL3 */

Nit: AArch64 with two capital 'A's (here and elsewhere).

 +return true;
 +} else if (!env-aarch64 
 +(env-uncached_cpsr  CPSR_M) == ARM_CPU_MODE_MON) {
 +/* CPU currently in Aarch32 state and monitor mode */
 +return true;
 +}
 +}
 +return arm_is_secure_below_el3(env);
 +#else
 +return false;
 +#endif
 +}

I checked your git tree and we don't actually use
arm_is_secure_below_el3() anywhere except in
arm_is_secure(), do we? That suggests to me we should
just fold the two functions together.

Can these functions live in internals.h rather than cpu.h?
(The difference is that internals.h is restricted to only
target-arm/ code whereas cpu.h is auto-included for a much
wider set of files.)

thanks
-- PMM

[Qemu-devel] [PATCH v2 3/3] pc: clean up pre-2.1 compatibility code

[Paolo Bonzini]

Now that the alignment is parameterized, we can share the call to
acpi_align_size between all three (1.7-2.0/2.1/2.2+) sizing algorithms.

Also, with the new rule that SSDT cannot change except with
machine-type compat code, the magic 97 constant for a CPU's
AML size is not anymore legacy, so rename it.

Signed-off-by: Paolo Bonzini pbonz...@redhat.com
---
 hw/i386/acpi-build.c | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 6bffc75..ec6828e 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -62,8 +62,8 @@
  * a little bit, there should be plenty of free space since the DSDT
  * shrunk by ~1.5k between QEMU 2.0 and QEMU 2.1.
  */
-#define ACPI_BUILD_LEGACY_CPU_AML_SIZE97
-#define ACPI_BUILD_ALIGN_SIZE 0x1000
+#define ACPI_BUILD_CPU_AML_SIZE97
+#define ACPI_BUILD_ALIGN_SIZE  0x1000
 
 typedef struct AcpiCpuInfo {
 DECLARE_BITMAP(found_cpus, ACPI_CPU_HOTPLUG_ID_LIMIT);
@@ -1672,10 +1672,9 @@ void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables 
*tables)
  */
 int legacy_aml_len =
 guest_info-legacy_acpi_table_size +
-ACPI_BUILD_LEGACY_CPU_AML_SIZE * max_cpus;
+ACPI_BUILD_CPU_AML_SIZE * max_cpus;
 int legacy_table_size =
-ROUND_UP(tables-table_data-len - aml_len + legacy_aml_len,
- ACPI_BUILD_ALIGN_SIZE);
+tables-table_data-len - aml_len + legacy_aml_len;
 if (tables-table_data-len  legacy_table_size) {
 /* Should happen only with PCI bridges and -M pc-i440fx-2.0.  */
 error_report(Warning: migration may not work.);
@@ -1691,8 +1690,8 @@ void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables 
*tables)
 error_report(Warning: please remove CPUs, NUMA nodes, 
  memory slots or PCI bridges.);
 }
-acpi_align_size(tables-table_data, guest_info-acpi_table_align);
 }
+acpi_align_size(tables-table_data, guest_info-acpi_table_align);
 
 acpi_align_size(tables-linker, ACPI_BUILD_ALIGN_SIZE);
 
-- 
2.1.0

Re: [Qemu-devel] [PULL 0/5] linux-user patches for 2.2

[Peter Maydell]

On 6 October 2014 15:34,  riku.voi...@linaro.org wrote:
 From: Riku Voipio riku.voi...@linaro.org

 The following changes since commit 1831e150606a221898bf46ffaf0453e9952cbbc4:

   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
 staging (2014-09-30 16:45:35 +0100)

 are available in the git repository at:

   git://git.linaro.org/people/riku.voipio/qemu.git 
 tags/pull-linux-user-20141006

 for you to fetch changes up to 88555b7dfa79d7d21100d0b90730bf43d25d735b:

   translate-all.c: memory walker initial address miscalculation (2014-10-01 
 16:16:14 +0300)

 
 linux-user pull for 2.2

 Clearest linux-user patches sent to the list since august,
 Apart from Mikhails patch, the rest are quite trivial.

 
 Alexander Graf (2):
   linux-user: Convert blkpg to use a special subop handler
   linux-user: Simplify timerid checks on g_posix_timers range

 Mikhail Ilyin (1):
   translate-all.c: memory walker initial address miscalculation

 Peter Maydell (1):
   linux-user: Enable epoll_pwait syscall for ARM

 Riku Voipio (1):
   linux-user: don't include timerfd if not needed

Hi. I'm afraid this doesn't compile on my ARM box:

/root/qemu/linux-user/syscall.c: In function ‘do_syscall’:
/root/qemu/linux-user/syscall.c:9695:9: error: implicit declaration of
function ‘timerfd_create’ [-Werror=implicit-function-declaration]
/root/qemu/linux-user/syscall.c:9695:9: error: nested extern
declaration of ‘timerfd_create’ [-Werror=nested-externs]
/root/qemu/linux-user/syscall.c:9705:13: error: implicit declaration
of function ‘timerfd_gettime’ [-Werror=implicit-function-declaration]
/root/qemu/linux-user/syscall.c:9705:13: error: nested extern
declaration of ‘timerfd_gettime’ [-Werror=nested-externs]
/root/qemu/linux-user/syscall.c:9728:13: error: implicit declaration
of function ‘timerfd_settime’ [-Werror=implicit-function-declaration]
/root/qemu/linux-user/syscall.c:9728:13: error: nested extern
declaration of ‘timerfd_settime’ [-Werror=nested-externs]
cc1: all warnings being treated as errors

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 03/33] target-arm: reject switching to monitor mode

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Sergey Fedorov s.fedo...@samsung.com

 ...from non-secure state.

 Signed-off-by: Sergey Fedorov s.fedo...@samsung.com
 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Reviewed-by: Edgar E. Iglesias edgar.igles...@xilinx.com
 Signed-off-by: Greg Bellows greg.bell...@linaro.org

Reviewed-by: Peter Maydell peter.mayd...@linaro.org

though as a style nit I would prefer the commit to
read:

===
Subject: target-arm: reject switching to monitor mode if NS

Reject switching to monitor mode from non-secure state.
===

since the oneline summary should stand on its own.

PS: please drop Sergey's now-bouncing Samsung address
from the CC list when you send v6 of this series :-)


 ---
  target-arm/helper.c | 2 ++
  1 file changed, 2 insertions(+)

 diff --git a/target-arm/helper.c b/target-arm/helper.c
 index 2669e15..d6e3b52 100644
 --- a/target-arm/helper.c
 +++ b/target-arm/helper.c
 @@ -3531,6 +3531,8 @@ static int bad_mode_switch(CPUARMState *env, int mode)
  case ARM_CPU_MODE_IRQ:
  case ARM_CPU_MODE_FIQ:
  return 0;
 +case ARM_CPU_MODE_MON:
 +return !arm_is_secure(env);
  default:
  return 1;
  }
 --
 1.8.3.2

thanks
-- PMM

Re: [Qemu-devel] [PATCH] gdb: provide the name of the architecture in the target.xml

[Cornelia Huck]

On Tue, 30 Sep 2014 17:23:47 +0200
Jens Freimann jf...@linux.vnet.ibm.com wrote:

 From: David Hildenbrand d...@linux.vnet.ibm.com
 
 This patch provides the name of the architecture in the target.xml if 
 available.
 
 This allows the remote gdb to detect the target architecture on its own - so
 there is no need to specify it manually (e.g. if gdb is started without a
 binary) using set arch *arch_name*.
 
 The name of the architecture has been added to all archs that provide a
 target.xml (by supplying a gdb_core_xml_file) and have a unique architecture
 name in gdb's feature xml files.
 
 Signed-off-by: David Hildenbrand d...@linux.vnet.ibm.com
 Acked-by: Cornelia Huck cornelia.h...@de.ibm.com
 Acked-by: Christian Borntraeger borntrae...@de.ibm.com
 Signed-off-by: Jens Freimann jf...@linux.vnet.ibm.com
 Reviewed-by: Andreas Färber afaer...@suse.de
 Cc: Andrzej Zaborowski balr...@gmail.com
 Cc: Peter Maydell peter.mayd...@linaro.org
 Cc: Vassili Karpov (malc) av1...@comtv.ru
 CC: Edgar Iglesias edgar.igles...@gmail.com
 CC: Richard Henderson r...@twiddle.net
 ---
  gdbstub.c   | 19 ---
  include/qom/cpu.h   |  2 ++
  target-arm/cpu64.c  |  1 +
  target-ppc/translate_init.c |  2 ++
  target-s390x/cpu.c  |  1 +
  5 files changed, 18 insertions(+), 7 deletions(-)
 
I will send this with the next pile of s390x updates, unless someone on
cc: has any objections.

Re: [Qemu-devel] [PATCH v5 04/33] target-arm: rename arm_current_pl to arm_current_el

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 Renamed the arm_current_pl CPU function to more accurately represent that it
 returns the ARMv8 EL rather than ARMv7 PL.

 Signed-off-by: Greg Bellows greg.bell...@linaro.org
 ---
  target-arm/cpu.h   | 18 +-
  target-arm/helper-a64.c|  6 +++---
  target-arm/helper.c| 22 +++---
  target-arm/internals.h |  2 +-
  target-arm/op_helper.c | 16 
  target-arm/translate-a64.c |  2 +-
  target-arm/translate.c |  2 +-
  7 files changed, 34 insertions(+), 34 deletions(-)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index 10afef0..101d139 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -982,7 +982,7 @@ static inline bool cptype_valid(int cptype)
  #define PL1_RW (PL1_R | PL1_W)
  #define PL0_RW (PL0_R | PL0_W)

 -static inline int arm_current_pl(CPUARMState *env)
 +static inline int arm_current_el(CPUARMState *env)

I suggest we add a brief comment before the function:
/* Return the current Exception Level (as per ARMv8;
 * note that this differs from the ARMv7 Privilege Level).
 */

You should also fix the PL2 and PL3 references in
the comments to read EL2 and EL3.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 05/33] target-arm: make arm_current_pl() return PL3

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 Make arm_current_pl() return PL3 for secure PL1 and monitor mode.
 Increase MMU modes since mmu_index is directly infered from arm_
 current_pl(). Changes assertion in arm_el_is_aa64() to allow EL3.

 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org
 ---
  target-arm/cpu.h | 15 +--
  1 file changed, 9 insertions(+), 6 deletions(-)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index 101d139..c000716 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -100,7 +100,7 @@ typedef uint32_t ARMReadCPFunc(void *opaque, int cp_info,

  struct arm_boot_info;

 -#define NB_MMU_MODES 2
 +#define NB_MMU_MODES 4

  /* We currently assume float and double are IEEE single and double
 precision respectively.
 @@ -753,7 +753,6 @@ static inline int arm_feature(CPUARMState *env, int 
 feature)
  return (env-features  (1ULL  feature)) != 0;
  }

 -

Stray whitespace change.

  /* Return true if exception level below EL3 is in secure state */
  static inline bool arm_is_secure_below_el3(CPUARMState *env)
  {
 @@ -794,11 +793,12 @@ static inline bool arm_is_secure(CPUARMState *env)
  /* Return true if the specified exception level is running in AArch64 state. 
 */
  static inline bool arm_el_is_aa64(CPUARMState *env, int el)
  {
 -/* We don't currently support EL2 or EL3, and this isn't valid for EL0
 +/* We don't currently support EL2, and this isn't valid for EL0
   * (if we're in EL0, is_a64() is what you want, and if we're not in EL0
   * then the state of EL0 isn't well defined.)
   */
 -assert(el == 1);
 +assert(el == 1 || el == 3);
 +
  /* AArch64-capable CPUs always run with EL1 in AArch64 mode. This
   * is a QEMU-imposed simplification which we may wish to change later.
   * If we in future support EL2 and/or EL3, then the state of lower

 @@ -990,9 +990,12 @@ static inline int arm_current_el(CPUARMState *env)

  if ((env-uncached_cpsr  0x1f) == ARM_CPU_MODE_USR) {
  return 0;
 +} else if (arm_is_secure(env)) {
 +/* Secure PL1 and monitor mode are mapped to PL3 */
 +return 3;

This isn't correct. Secure privileged !Mon AArch32 modes are only
EL3 if EL3 is AArch32. If EL3 is AArch64 then the !Mon AArch32
modes are EL1.

  }
 -/* We don't currently implement the Virtualization or TrustZone
 - * extensions, so PL2 and PL3 don't exist for us.
 +/* We currently do not implement the Virtualization extensions, so PL2 
 does
 + * not exist for us.
   */
  return 1;

Now that we've added the complications for handling secure mode,
we might as well also have the trivial code for Hyp too. So
that means the function looks something like:

if (env-aarch64) {
return extract32(env-pstate, 2, 2);
}

switch (env-uncached_cpsr  CPSR_M) {
case ARM_CPU_MODE_USR:
return 0;
case ARM_CPU_MODE_HYP:
return 2;
case ARM_CPU_MODE_MON:
return 3;
default:
if (arm_is_secure(env)  !arm_el_is_aa64(env, 3)) {
/* If EL3 is 32-bit then all secure privileged modes run in EL3 */
return 3;
}
return 1;
}

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 06/33] target-arm: A32: Emulate the SMC instruction

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 Implements SMC instruction in Aarch32 using the A32 syndrome. When executing
 SMC instruction from monitor CPU mode SCR.NS bit is reset.

 Signed-off-by: Sergey Fedorov s.fedo...@samsung.com
 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org

 --
 v4 - v5
 - Merge pre_smc upstream changes and incorporated ss_advance
 ---
  target-arm/helper.c| 11 +++
  target-arm/internals.h |  7 ++-
  target-arm/op_helper.c |  3 +--
  target-arm/translate.c | 39 +--
  4 files changed, 47 insertions(+), 13 deletions(-)

 diff --git a/target-arm/helper.c b/target-arm/helper.c
 index 2381e6f..7f3f049 100644
 --- a/target-arm/helper.c
 +++ b/target-arm/helper.c
 @@ -4090,6 +4090,12 @@ void arm_cpu_do_interrupt(CPUState *cs)
  mask = CPSR_A | CPSR_I | CPSR_F;
  offset = 4;
  break;
 +case EXCP_SMC:
 +new_mode = ARM_CPU_MODE_MON;
 +addr = 0x08;
 +mask = CPSR_A | CPSR_I | CPSR_F;
 +offset = 0;
 +break;
  default:
  cpu_abort(cs, Unhandled exception 0x%x\n, cs-exception_index);
  return; /* Never happens.  Keep compiler happy.  */
 @@ -4108,6 +4114,11 @@ void arm_cpu_do_interrupt(CPUState *cs)
   */
  addr += env-cp15.vbar_el[1];
  }
 +
 +if ((env-uncached_cpsr  CPSR_M) == ARM_CPU_MODE_MON) {
 +env-cp15.scr_el3 = ~SCR_NS;
 +}
 +
  switch_mode (env, new_mode);
  /* For exceptions taken to AArch32 we must clear the SS bit in both
   * PSTATE and in the old-state value we save to SPSR_mode, so zero it 
 now.
 diff --git a/target-arm/internals.h b/target-arm/internals.h
 index fd69a83..43a2e7d 100644
 --- a/target-arm/internals.h
 +++ b/target-arm/internals.h
 @@ -236,7 +236,12 @@ static inline uint32_t syn_aa32_svc(uint32_t imm16, bool 
 is_thumb)
  | (is_thumb ? 0 : ARM_EL_IL);
  }

 -static inline uint32_t syn_aa64_bkpt(uint32_t imm16)
 +static inline uint32_t syn_aa32_smc(void)
 +{
 +return (EC_AA32_SMC  ARM_EL_EC_SHIFT) | ARM_EL_IL;
 +}
 +
 +static inline uint32_t syn_aa64_bkpt(uint16_t imm16)

Bogus change (probably introduced by accident in a merge
conflict fixup).

  {
  return (EC_AA64_BKPT  ARM_EL_EC_SHIFT) | ARM_EL_IL | (imm16  0x);
  }
 diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
 index 0809d63..8ed8ee9 100644
 --- a/target-arm/op_helper.c
 +++ b/target-arm/op_helper.c
 @@ -419,8 +419,7 @@ void HELPER(pre_hvc)(CPUARMState *env)
  void HELPER(pre_smc)(CPUARMState *env, uint32_t syndrome)
  {
  int cur_el = arm_current_el(env);
 -/* FIXME: Use real secure state.  */
 -bool secure = false;
 +bool secure = arm_is_secure(env);;

Doubled semicolon.

  bool smd = env-cp15.scr_el3  SCR_SMD;
  /* On ARMv8 AArch32, SMD only applies to NS state.
   * On ARMv7 SMD only applies to NS state and only if EL2 is available.
 diff --git a/target-arm/translate.c b/target-arm/translate.c
 index f6404be..3f3ddfb 100644
 --- a/target-arm/translate.c
 +++ b/target-arm/translate.c
 @@ -7872,15 +7872,27 @@ static void disas_arm_insn(CPUARMState * env, 
 DisasContext *s)
  case 7:
  {
  int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12)  
 4);
 -/* SMC instruction (op1 == 3)
 -   and undefined instructions (op1 == 0 || op1 == 2)
 -   will trap */
 -if (op1 != 1) {
 +if (op1 == 1) {
 +/* bkpt */
 +ARCH(5);
 +gen_exception_insn(s, 4, EXCP_BKPT,
 +syn_aa32_bkpt(imm16, false));
 +} else if (op1 == 3) {
 +/* smi/smc */
 +if (!arm_dc_feature(s, ARM_FEATURE_EL3) ||
 +s-current_pl == 0) {
 +goto illegal_op;
 +}
 +gen_set_pc_im(s, s-pc);

This should be s-pc - 4, because if the pre_smc helper throws
an UNDEF exception you want the PC to point to the SMC insn,
not the insn after. (If the SMC executes as an SMC then the
PC for the EXCP_SMC will be correct because of the 0 offset
passed to gen_exception_insn below.)

 +tmp = tcg_const_i32(syn_aa32_smc());
 +gen_helper_pre_smc(cpu_env, tmp);
 +tcg_temp_free_i32(tmp);
 +gen_ss_advance(s);
 +gen_exception_insn(s, 0, EXCP_SMC, syn_aa32_smc());
 +break;
 +} else {
  goto illegal_op;
  }

That said, I have a feeling we might want to put the SMC
handling into the end-of-loop processing for A32/T32,
the same way we do SVC. Ard has a patch onlist which does
that, though it is on my todo list to try to fix because
it has its own issues...

-- PMM

Re: [Qemu-devel] [PATCH v5 07/33] target-arm: extend async excp masking

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 This patch extends arm_excp_unmasked() according to ARM ARMv7 and
 ARM ARMv8 (all EL running in Aarch32) and adds comments.

AA (just do a search and replace through the whole patchset,
please.)


 If EL3 is using Aarch64 IRQ/FIQ masking is ignored in
 all exception levels other than EL3 if SCR.{FIQ|IRQ} is
 set to 1 (routed to EL3).

 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org

 --
 v4 - v5
 - Merge with v4 patch 10
 ---
  target-arm/cpu.h | 116 
 ++-
  1 file changed, 106 insertions(+), 10 deletions(-)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index c000716..30f57fd 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -1226,11 +1226,8 @@ static inline bool arm_excp_unmasked(CPUState *cs, 
 unsigned int excp_idx)
  {
  CPUARMState *env = cs-env_ptr;
  unsigned int cur_el = arm_current_el(env);
 -unsigned int target_el = arm_excp_target_el(cs, excp_idx);
 -/* FIXME: Use actual secure state.  */
 -bool secure = false;
 -/* If in EL1/0, Physical IRQ routing to EL2 only happens from NS state.  
 */
 -bool irq_can_hyp = !secure  cur_el  2  target_el == 2;
 +bool secure = arm_is_secure(env);
 +
  /* ARMv7-M interrupt return works by loading a magic value
   * into the PC.  On real hardware the load causes the
   * return to occur.  The qemu implementation performs the
 @@ -1245,19 +1242,118 @@ static inline bool arm_excp_unmasked(CPUState *cs, 
 unsigned int excp_idx)
   (!IS_M(env) || env-regs[15]  0xfff0);

  /* Don't take exceptions if they target a lower EL.  */
 -if (cur_el  target_el) {
 +if (cur_el  arm_excp_target_el(cs, excp_idx)) {
  return false;
  }

 +/* ARM ARMv7 B1.8.6  Asynchronous exception masking (table B1-12/B1-13)
 + * ARM ARMv8 G1.11.3 Asynchronous exception masking controls
 + * (table G1-18/G1-19) */

*/ goes on its own line.

  switch (excp_idx) {
  case EXCP_FIQ:
 -if (irq_can_hyp  (env-cp15.hcr_el2  HCR_FMO)) {
 -return true;
 +if (arm_feature(env, ARM_FEATURE_EL3)  arm_el_is_aa64(env, 3)) {
 +/* If EL3 is using Aarch64 and FIQs are routed to EL3 masking is
 + * ignored in all exception levels except EL3.
 + */
 +if ((env-cp15.scr_el3  SCR_FIQ)  cur_el  3) {
 +return true;
 +}
 +/* If we are in EL3 but FIQs are not routed to EL3 the exception
 + * is not taken but remains pending.
 + */
 +if (!(env-cp15.scr_el3  SCR_FIQ)  cur_el == 3) {
 +return false;
 +}
 +}

This is all kind of confusing. What is the division of work
between this function and arm_phys_excp_target_el(),
conceptually? Why isn't we're in EL3 but FIQs aren't going
to EL3 handled by the cur_el  arm_excp_target_el() check
above, for instance?

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 08/33] target-arm: add async excp target_el function

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 Adds a dedicated function for IRQ and FIQ exceptions to determine
 target_el and mode (Aarch32) according to tables in ARM ARMv8 and
 ARM ARM v7.

 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org

 --
 v4 - v5
 - Simplify target EL function including removal of mode which was unused
 - Merged with patch that plugs in the use of the function

 v3 - v4
 - Fixed arm_phys_excp_target_el() 0/0/0 case to return excp_mode when EL2
   rather than ABORT.
 ---
  target-arm/cpu.h|   2 +
  target-arm/helper.c | 103 
 ++--
  2 files changed, 85 insertions(+), 20 deletions(-)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index 30f57fd..601f8fe 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -809,6 +809,8 @@ static inline bool arm_el_is_aa64(CPUARMState *env, int 
 el)

  void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf);
  unsigned int arm_excp_target_el(CPUState *cs, unsigned int excp_idx);
 +inline uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
 +uint32_t cur_el, bool secure);

This is only used in helper.c which is also the place where it
is defined, so why are we making it a global function with
a prototype here rather than having it be 'static'?


  /* Interface between CPU and Interrupt controller.  */
  void armv7m_nvic_set_pending(void *opaque, int irq);
 diff --git a/target-arm/helper.c b/target-arm/helper.c
 index 7f3f049..a10f459 100644
 --- a/target-arm/helper.c
 +++ b/target-arm/helper.c
 @@ -3706,6 +3706,12 @@ uint32_t HELPER(get_r13_banked)(CPUARMState *env, 
 uint32_t mode)
  return 0;
  }

 +inline uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
 +uint32_t cur_el, bool secure)
 +{
 +return 1;
 +}
 +

This version is never used, so I think it can be deleted?

  unsigned int arm_excp_target_el(CPUState *cs, unsigned int excp_idx)
  {
  return 1;
 @@ -3767,6 +3773,80 @@ void switch_mode(CPUARMState *env, int mode)
  }

  /*
 + * Determine the target EL for physical exceptions

What's a physical exception ?

 + */
 +inline uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
 +uint32_t cur_el, bool secure)
 +{
 +CPUARMState *env = cs-env_ptr;
 +uint32_t target_el = 1;
 +
 +/* There is no SCR or HCR routing unless the respective EL3 and EL2
 + * extensions are supported.  This initial setting affects whether any
 + * other conditions matter.
 + */
 +bool scr_routing = arm_feature(env, ARM_FEATURE_EL3); /* IRQ, FIQ, EA */
 +bool hcr_routing = arm_feature(env, ARM_FEATURE_EL2); /* IMO, FMO, AMO */
 +
 +/* Fast-path if EL2 and EL3 are not enabled */
 +if (!scr_routing  !hcr_routing) {
 +return target_el;
 +}
 +
 +switch (excp_idx) {
 +case EXCP_IRQ:
 +scr_routing = ((env-cp15.scr_el3  SCR_IRQ) == SCR_IRQ);
 +hcr_routing = ((env-cp15.hcr_el2  HCR_IMO) == HCR_IMO);
 +break;
 +case EXCP_FIQ:
 +scr_routing = ((env-cp15.scr_el3  SCR_FIQ) == SCR_FIQ);
 +hcr_routing = ((env-cp15.hcr_el2  HCR_FMO) == HCR_FMO);
 +}
 +
 +/* If SCR routing is enabled we always go to EL3 regardless of EL3
 + * execution state
 + */
 +if (scr_routing) {
 +/* IRQ|FIQ|EA == 1 */
 +return 3;
 +}
 +
 +/* If HCR.TGE is set all exceptions that would be routed to EL1 are
 + * routed to EL2 (in non-secure world).
 + */
 +hcr_routing = (env-cp15.hcr_el2  HCR_TGE) == HCR_TGE;
 +
 +/* Determine target EL according to ARM ARMv8 tables G1-15 and G1-16 */
 +if (arm_el_is_aa64(env, 3)) {
 +/* EL3 in Aarch64 */
 +if (!secure) {
 +/* If non-secure, we may route to EL2 depending on other state.
 + * If we are coming from the secure world then we always route to
 + * EL1.
 + */
 +if (hcr_routing ||
 +(cur_el == 2  !(env-cp15.scr_el3  SCR_RW))) {
 +/* If HCR.FMO/IMO is set or we already in EL2 and it is not
 + * configured to be AArch64 then route to EL2.
 + */
 +target_el = 2;
 +}
 +}
 +} else {
 +/* EL3 in Aarch32 */
 +if (secure) {
 +/* If coming from secure always route to EL3 */
 +target_el = 3;
 +} else if (hcr_routing || cur_el == 2) {
 +/* If HCR.FMO/IMO is set or we are already EL2 then route to EL2 
 */
 +target_el = 2;
 +}
 +}
 +
 +return target_el;
 +}
 +
 +/*
   * Determine the target EL for a given exception type.
   */
  unsigned int arm_excp_target_el(CPUState *cs, unsigned int excp_idx)
 @@ 

Re: [Qemu-devel] [PATCH v5 09/33] target-arm: add macros to access banked registers

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 If EL3 is in Aarch32 state certain cp registers are banked (secure and
 non-secure instance). When reading or writing to coprocessor registers
 the following macros can be used.

 - A32_BANKED macros are used for choosing the banked register based on 
 provided
   input security argument.  This macro is used to choose the bank during
   translation of MRC/MCR instructions that are dependent on something other
   than the current secure state.
 - A32_BANKED_CURRENT macros are used for choosing the banked register based on
   current secure state.  This is NOT to be used for choosing the bank used
   during translation as it breaks monitor mode.

 If EL3 is operating in Aarch64 state coprocessor registers are not
 banked anymore. The macros use the non-secure instance (_ns) in this
 case, which is architecturally mapped to the Aarch64 EL register.

 Signed-off-by: Sergey Fedorov s.fedo...@samsung.com
 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org

 --
 v4 - v5
 - Cleaned-up macros to try and alleviate misuse.  Made A32_BANKED macros take
   secure arg indicator rather than relying on USE_SECURE_REG.  Incorporated 
 the
   A32_BANKED macros into the A32_BANKED_CURRENT.  CURRENT is now the only one
   that automatically chooses based on current secure state.
 ---
  target-arm/cpu.h | 36 
  1 file changed, 36 insertions(+)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index 601f8fe..c58fdf5 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -807,6 +807,42 @@ static inline bool arm_el_is_aa64(CPUARMState *env, int 
 el)
  return arm_feature(env, ARM_FEATURE_AARCH64);
  }

 +/* Macro for determing whether to use the secure or non-secure bank of a CP
 + * register.  When EL3 is operating in Aarch32 state, the NS-bit determines
 + * whether the secure instance of a cp-register should be used.
 + */
 +#define USE_SECURE_REG(_env) (   \
 +arm_feature((_env), ARM_FEATURE_EL3) \
 +!arm_el_is_aa64((_env), 3)   \
 +!((_env)-cp15.scr_el3  SCR_NS))

Better to use an inline function for this rather than a macro,
I think.

 +
 +/* Macros for accessing a specified CP register bank */
 +#define A32_BANKED_REG_GET(_env, _regname, _secure)\
 +((_secure) ? (_env)-cp15._regname##_s : (_env)-cp15._regname##_ns)
 +
 +#define A32_BANKED_REG_SET(_env, _regname, _secure, _val)   \
 +do {\
 +if (_secure) {   \
 +(_env)-cp15._regname##_s = (_val);\
 +} else {\
 +(_env)-cp15._regname##_ns = (_val);   \
 +}   \
 +} while (0)
 +
 +/* Macros for automatically accessing a specific CP register bank depending 
 on
 + * the current secure state of the system.  These macros are not intended for
 + * supporting instruction translation reads/writes as these are dependent
 + * solely on the SCR.NS bit and not the mode.
 + */
 +#define A32_BANKED_CURRENT_REG_GET(_env, _regname)\
 +A32_BANKED_REG_GET((_env), _regname,\
 +   ((!arm_el_is_aa64((_env), 3)  arm_is_secure(_env
 +
 +#define A32_BANKED_CURRENT_REG_SET(_env, _regname, _val) 
   \
 +A32_BANKED_REG_SET((_env), _regname,\
 +   ((!arm_el_is_aa64((_env), 3)  
 arm_is_secure(_env))),  \
 +   (_val))
 +

...though these all have to be macros because of the regname handling.

(Do we use !arm_el_is_aa64((env), 3)  arm_is_secure(env)
often enough to make it worth a utility function? I can't
think of a good name though, so maybe not...)

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 10/33] target-arm: add non-secure Translation Block flag

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Sergey Fedorov s.fedo...@samsung.com

 This patch is based on idea found in patch at
 git://github.com/jowinter/qemu-trustzone.git
 f3d955c6c0ed8c46bc0eb10b634201032a651dd2 by
 Johannes Winter johannes.win...@iaik.tugraz.at.

 This flag prevents QEMU from executing TCG code generated for other CPU
 security state. It also allows to generate different TCG code depending on
 CPU secure state.

This doesn't quite seem to line up with the code:
the commit message says the flag is for the CPU's
current security state, but the code is using the
which register bank setting.

 Signed-off-by: Sergey Fedorov s.fedo...@samsung.com
 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org

 --
 v4 - v5
 - Merge changes
 - Fixed issue where TB secure state flag was incorrectly being set based on
   secure state rather than NS setting.  This caused an issue where monitor 
 mode
   MRC/MCR accesses were always secure rather than being based on NS bit
   setting.
 - Added separate 64/32 TB secure state flags
 - Unconditionalized the setting of the DC ns bit
 - Removed IS_NS macro and replaced with direct usage.
 ---
  target-arm/cpu.h   | 14 ++
  target-arm/translate-a64.c |  1 +
  target-arm/translate.c |  1 +
  target-arm/translate.h |  1 +
  4 files changed, 17 insertions(+)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index c58fdf5..1700676 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -1528,6 +1528,8 @@ static inline bool arm_singlestep_active(CPUARMState 
 *env)
   */
  #define ARM_TBFLAG_XSCALE_CPAR_SHIFT 20
  #define ARM_TBFLAG_XSCALE_CPAR_MASK (3  ARM_TBFLAG_XSCALE_CPAR_SHIFT)
 +#define ARM_TBFLAG_NS_SHIFT 22
 +#define ARM_TBFLAG_NS_MASK  (1  ARM_TBFLAG_NS_SHIFT)

  /* Bit usage when in AArch64 state */
  #define ARM_TBFLAG_AA64_EL_SHIFT0
 @@ -1538,6 +1540,8 @@ static inline bool arm_singlestep_active(CPUARMState 
 *env)
  #define ARM_TBFLAG_AA64_SS_ACTIVE_MASK (1  ARM_TBFLAG_AA64_SS_ACTIVE_SHIFT)
  #define ARM_TBFLAG_AA64_PSTATE_SS_SHIFT 4
  #define ARM_TBFLAG_AA64_PSTATE_SS_MASK (1  ARM_TBFLAG_AA64_PSTATE_SS_SHIFT)
 +#define ARM_TBFLAG_AA64_NS_SHIFT5
 +#define ARM_TBFLAG_AA64_NS_MASK (1  ARM_TBFLAG_AA64_NS_SHIFT)

  /* some convenience accessor macros */
  #define ARM_TBFLAG_AARCH64_STATE(F) \
 @@ -1572,6 +1576,10 @@ static inline bool arm_singlestep_active(CPUARMState 
 *env)
  (((F)  ARM_TBFLAG_AA64_SS_ACTIVE_MASK)  
 ARM_TBFLAG_AA64_SS_ACTIVE_SHIFT)
  #define ARM_TBFLAG_AA64_PSTATE_SS(F) \
  (((F)  ARM_TBFLAG_AA64_PSTATE_SS_MASK)  
 ARM_TBFLAG_AA64_PSTATE_SS_SHIFT)
 +#define ARM_TBFLAG_NS(F) \
 +(((F)  ARM_TBFLAG_NS_MASK)  ARM_TBFLAG_NS_SHIFT)
 +#define ARM_TBFLAG_AA64_NS(F) \
 +(((F)  ARM_TBFLAG_AA64_NS_MASK)  ARM_TBFLAG_AA64_NS_SHIFT)

  static inline void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
  target_ulong *cs_base, int *flags)
 @@ -1605,6 +1613,9 @@ static inline void cpu_get_tb_cpu_state(CPUARMState 
 *env, target_ulong *pc,
  *flags |= ARM_TBFLAG_AA64_PSTATE_SS_MASK;
  }
  }
 +if (!(USE_SECURE_REG(env))) {
 +*flags |= ARM_TBFLAG_AA64_NS_MASK;
 +}

What's this for? If we're in AArch64 mode then we know that
EL3 (if it exists) must also be AArch64, and so USE_SECURE_REG
always returns false...

  } else {
  int privmode;
  *pc = env-regs[15];
 @@ -1621,6 +1632,9 @@ static inline void cpu_get_tb_cpu_state(CPUARMState 
 *env, target_ulong *pc,
  if (privmode) {
  *flags |= ARM_TBFLAG_PRIV_MASK;
  }
 +if (!(USE_SECURE_REG(env))) {
 +*flags |= ARM_TBFLAG_NS_MASK;
 +}
  if (env-vfp.xregs[ARM_VFP_FPEXC]  (1  30)
  || arm_el_is_aa64(env, 1)) {
  *flags |= ARM_TBFLAG_VFPEN_MASK;
 diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
 index f53dc0f..dfc8c58 100644
 --- a/target-arm/translate-a64.c
 +++ b/target-arm/translate-a64.c
 @@ -10926,6 +10926,7 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
  #if !defined(CONFIG_USER_ONLY)
  dc-user = (ARM_TBFLAG_AA64_EL(tb-flags) == 0);
  #endif
 +dc-ns = ARM_TBFLAG_AA64_NS(tb-flags);
  dc-cpacr_fpen = ARM_TBFLAG_AA64_FPEN(tb-flags);
  dc-vec_len = 0;
  dc-vec_stride = 0;
 diff --git a/target-arm/translate.c b/target-arm/translate.c
 index 3f3ddfb..5e1d677 100644
 --- a/target-arm/translate.c
 +++ b/target-arm/translate.c
 @@ -10958,6 +10958,7 @@ static inline void 
 gen_intermediate_code_internal(ARMCPU *cpu,
  #if !defined(CONFIG_USER_ONLY)
  dc-user = (ARM_TBFLAG_PRIV(tb-flags) == 0);
  #endif
 +dc-ns = ARM_TBFLAG_NS(tb-flags);
  dc-cpacr_fpen = ARM_TBFLAG_CPACR_FPEN(tb-flags);
  dc-vfp_enabled = ARM_TBFLAG_VFPEN(tb-flags);
  dc-vec_len = 

Re: [Qemu-devel] [PATCH v5 11/33] target-arm: arrayfying fieldoffset for banking

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 Prepare ARMCPRegInfo to support specifying two fieldoffsets per
 register definition. This will allow us to keep one register
 definition for banked registers (different offsets for secure/
 non-secure world).

 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org

 --
 v4 - v5
 - Added ARM CP register secure and non-secure bank flags
 - Added setting of secure and non-secure flags furing registration
 ---
  target-arm/cpu.h| 23 +++-
  target-arm/helper.c | 60 
 +
  2 files changed, 65 insertions(+), 18 deletions(-)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index 1700676..9681d45 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -958,10 +958,12 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
  #define ARM_CP_CURRENTEL (ARM_CP_SPECIAL | (4  8))
  #define ARM_CP_DC_ZVA (ARM_CP_SPECIAL | (5  8))
  #define ARM_LAST_SPECIAL ARM_CP_DC_ZVA
 +#define ARM_CP_BANK_S   (1  16)
 +#define ARM_CP_BANK_NS  (2  16)

I thought we were going to put these flags into a reginfo-secure
field? Mixing them into the 'type' bits seems unnecessarily
confusing to me.

  /* Used only as a terminator for ARMCPRegInfo lists */
 -#define ARM_CP_SENTINEL 0x
 +#define ARM_CP_SENTINEL 0xff
  /* Mask of only the flag bits in a type field */
 -#define ARM_CP_FLAG_MASK 0x7f
 +#define ARM_CP_FLAG_MASK 0x3007f

  /* Valid values for ARMCPRegInfo state field, indicating which of
   * the AArch32 and AArch64 execution states this register is visible in.
 @@ -1096,6 +1098,7 @@ struct ARMCPRegInfo {
  uint8_t opc0;
  uint8_t opc1;
  uint8_t opc2;
 +

Stray whitespace change.

  /* Execution state in which this register is visible: ARM_CP_STATE_* */
  int state;
  /* Register type: ARM_CP_* bits/values */
 @@ -,12 +1114,22 @@ struct ARMCPRegInfo {
   * fieldoffset is non-zero, the reset value of the register.
   */
  uint64_t resetvalue;
 -/* Offset of the field in CPUARMState for this register. This is not
 - * needed if either:
 +/* Offsets of the fields (secure/non-secure) in CPUARMState for this
 + * register. The array will be accessed by the ns bit which means the
 + * secure instance has to be at [0] while the non-secure instance must be
 + * at [1]. If a register is not banked .fieldoffset can be used, which 
 maps
 + * to the non-secure bank.
 + * This is not needed if either:
   *  1. type is ARM_CP_CONST or one of the ARM_CP_SPECIALs
   *  2. both readfn and writefn are specified
   */
 -ptrdiff_t fieldoffset; /* offsetof(CPUARMState, field) */
 +union { /* offsetof(CPUARMState, field) */
 +struct {
 +ptrdiff_t fieldoffset_padding;
 +ptrdiff_t fieldoffset;

...why is the padding field first? Given that we always write
fieldoffset when we put the banked versions into the hash table
I don't think it should matter, should it?

 +};
 +ptrdiff_t bank_fieldoffsets[2];
 +};
  /* Function for making any access checks for this register in addition to
   * those specified by the 'access' permissions bits. If NULL, no extra
   * checks required. The access check is performed at runtime, not at
 diff --git a/target-arm/helper.c b/target-arm/helper.c
 index a10f459..ab38b68 100644
 --- a/target-arm/helper.c
 +++ b/target-arm/helper.c
 @@ -3296,22 +3296,56 @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const 
 ARMCPRegInfo *r,
  uint32_t *key = g_new(uint32_t, 1);
  ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
  int is64 = (r-type  ARM_CP_64BIT) ? 1 : 0;
 -if (r-state == ARM_CP_STATE_BOTH  state == ARM_CP_STATE_AA32) {
 -/* The AArch32 view of a shared register sees the lower 32 bits
 - * of a 64 bit backing field. It is not migratable as the AArch64
 - * view handles that. AArch64 also handles reset.
 - * We assume it is a cp15 register if the .cp field is left unset.
 - */
 -if (r2-cp == 0) {
 -r2-cp = 15;
 +
 +if (state == ARM_CP_STATE_AA32) {
 +/* Clear the secure state flags and set based on incoming nsbit */
 +r2-type = ~(ARM_CP_BANK_S | ARM_CP_BANK_NS);
 +r2-type |= ARM_CP_BANK_S  nsbit;
 +
 +if (r-bank_fieldoffsets[0]  r-bank_fieldoffsets[1]) {
 +/* Register is banked (using both entries in array).
 + * Overwriting fieldoffset as the array was only used to define
 + * banked registers but later only fieldoffset is used.
 + */
 +r2-fieldoffset = r-bank_fieldoffsets[nsbit];
 +
 +/* If V8 is enabled then we don't need to migrate or reset the
 + * AArch32 version of the banked registers as this will be 
 handled
 +   

Re: [Qemu-devel] [PATCH] virtio-pci: fix migration for pci bus master

[Michael S. Tsirkin]

On Mon, Oct 06, 2014 at 04:51:35PM +0200, Greg Kurz wrote:
 On Wed, 17 Sep 2014 20:39:25 +0300
 Michael S. Tsirkin m...@redhat.com wrote:
 
  On Wed, Sep 17, 2014 at 07:21:09PM +0200, Greg Kurz wrote:
   On Sun, 14 Sep 2014 21:30:36 +0300
   Michael S. Tsirkin m...@redhat.com wrote:
   
Current support for bus master (clearing OK bit)
together with the need to support guests which do not
enable PCI bus mastering, leads to extra state in
VIRTIO_PCI_FLAG_BUS_MASTER_BUG bit, which isn't robust
in case of cross-version migration for the case when
guests use the device before setting DRIVER_OK.

Rip out VIRTIO_PCI_FLAG_BUS_MASTER_BUG and implement a simpler
work-around: treat clearing of PCI_COMMAND as a virtio reset.  Old
guests never touch this bit so they will work.

As reset clears device status, DRIVER and MASTER bits are
now in sync, so we can fix up cross-version migration simply
by synchronising them, without need to detect a buggy guest
explicitly.

Drop tracking VIRTIO_PCI_FLAG_BUS_MASTER_BUG completely.

As reset makes the device quiescent, in the future we'll be able to drop
checking OK bit in a bunch of places.

Cc: Jason Wang jasow...@redhat.com
Cc: Greg Kurz gk...@linux.vnet.ibm.com
Signed-off-by: Michael S. Tsirkin m...@redhat.com
---
   
   Hi Michael,
   
   I am not quite sure how to test this patch with my pseries based setup...
   Migrating from qemu-2.1 to qemu-master ?
   
   Cheers.
   
   --
   Greg
  
  Exactly. And back! Pls don't forget to specify the 2.1 machine type.
  Thanks!
  
 
 Michael,
 
 Nikunj and I had started to investigate the pseries breakage: the QEMU
 originated reset brought by this patch clears the vq and breaks SLOF.
 This isn't a surprise since reset should always come from the driver,
 not the device.
 
 Since commit 45363e46aeebfc99753389649eac7c7fc22bfe52 has reverted this
 patch, QEMU works again for pseries and virtio. :)
 
 So back to the initial issue, I've tried to migrate a pseries-2.1 guest 
 running
 rhel65, from QEMU v2.1.2 to QEMU master, back and forth, several times and it
 always succeeded... what symptom this patch was expected to fix ?
 
 Cheers.
 
 --
 Greg
 
 hw/virtio/virtio-pci.c | 39 ---
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index a827cd4..f560814 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -86,9 +86,6 @@
  * 12 is historical, and due to x86 page size. */
 #define VIRTIO_PCI_QUEUE_ADDR_SHIFT12

-/* Flags track per-device state like workarounds for quirks in older 
guests. */
-#define VIRTIO_PCI_FLAG_BUS_MASTER_BUG  (1  0)
-
 static void virtio_pci_bus_new(VirtioBusState *bus, size_t bus_size,
VirtIOPCIProxy *dev);

@@ -323,14 +320,6 @@ static void virtio_ioport_write(void *opaque, 
uint32_t addr, uint32_t val)
  
proxy-pci_dev.config[PCI_COMMAND] |
  PCI_COMMAND_MASTER, 1);
 }
-
-/* Linux before 2.6.34 sets the device as OK without enabling
-   the PCI device bus master bit. In this case we need to 
disable
-   some safety checks. */
-if ((val  VIRTIO_CONFIG_S_DRIVER_OK) 
-!(proxy-pci_dev.config[PCI_COMMAND]  
PCI_COMMAND_MASTER)) {
-proxy-flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
-}
 break;
 case VIRTIO_MSI_CONFIG_VECTOR:
 msix_vector_unuse(proxy-pci_dev, vdev-config_vector);
@@ -480,13 +469,18 @@ static void virtio_write_config(PCIDevice 
*pci_dev, uint32_t address,
 VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, 
pci_dev);
 VirtIODevice *vdev = virtio_bus_get_device(proxy-bus);

+uint8_t cmd = proxy-pci_dev.config[PCI_COMMAND];
+
 pci_default_write_config(pci_dev, address, val, len);

 if (range_covers_byte(address, len, PCI_COMMAND) 
 !(pci_dev-config[PCI_COMMAND]  PCI_COMMAND_MASTER) 
-!(proxy-flags  VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
+(cmd  PCI_COMMAND_MASTER)) {
+/* Bus driver disables bus mastering - make it act
+ * as a kind of reset to render the device quiescent. */
 virtio_pci_stop_ioeventfd(proxy);
-virtio_set_status(vdev, vdev-status  
~VIRTIO_CONFIG_S_DRIVER_OK);
+virtio_reset(vdev);
+msix_unuse_all_vectors(proxy-pci_dev);
 }
 }

@@ -895,11 +889,19 @@ static void virtio_pci_vmstate_change(DeviceState 
*d, bool running)
 VirtIODevice *vdev = virtio_bus_get_device(proxy-bus);

 if (running) {
-/* Try to find out if 

Re: [Qemu-devel] [PATCH v5 12/33] target-arm: insert Aarch32 cpregs twice into hashtable

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 Prepare for cp register banking by inserting every cp register twice,
 once for secure world and once for non-secure world.

 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org

 --
 v4 - v5
 - Added use of ARM CP secure/non-secure bank flags during register processing
   in define_one_arm_cp_reg_with_opaque().  We now only register the specified
   bank if only one flag is specified, otherwise we register both a secure and
   non-secure instance.
 ---
  target-arm/cpu.h   | 14 +++---
  target-arm/helper.c| 30 ++
  target-arm/translate.c | 14 +-
  3 files changed, 46 insertions(+), 12 deletions(-)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index 9681d45..220571c 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -864,6 +864,7 @@ void armv7m_nvic_complete_irq(void *opaque, int irq);
   *  Crn, Crm, opc1, opc2 fields
   *  32 or 64 bit register (ie is it accessed via MRC/MCR
   *or via MRRC/MCRR?)
 + *  non-secure/secure bank (Aarch32 only)

...so if this is an AArch64 register is the bit in the hash
table key set or clear?

   * We allow 4 bits for opc1 because MRRC/MCRR have a 4 bit field.
   * (In this case crn and opc2 should be zero.)
   * For AArch64, there is no 32/64 bit size distinction;
 @@ -881,9 +882,16 @@ void armv7m_nvic_complete_irq(void *opaque, int irq);
  #define CP_REG_AA64_SHIFT 28
  #define CP_REG_AA64_MASK (1  CP_REG_AA64_SHIFT)

 -#define ENCODE_CP_REG(cp, is64, crn, crm, opc1, opc2)   \
 -(((cp)  16) | ((is64)  15) | ((crn)  11) |\
 - ((crm)  7) | ((opc1)  3) | (opc2))
 +/* To enable banking of coprocessor registers depending on ns-bit we
 + * add a bit to distinguish between secure and non-secure cpregs in the
 + * hashtable.
 + */
 +#define CP_REG_NS_SHIFT 27
 +#define CP_REG_NS_MASK(nsbit) (nsbit  CP_REG_NS_SHIFT)

Bit 27 is already used, as part of the COPROC field.
There's a reason the AA64 bit is 28...

 +
 +#define ENCODE_CP_REG(cp, is64, crn, crm, opc1, opc2, ns)   \
 +(CP_REG_NS_MASK(ns) | ((cp)  16) | ((is64)  15) |   \
 + ((crn)  11) | ((crm)  7) | ((opc1)  3) | (opc2))

Doesn't this break KVM's accessing of the hashtable?
You probably need to make kvm_to_cpreg_id OR in the NS
bit as appropriate, and cpreg_to_kvm_id mask it out, since
if we're using KVM then we're always non-secure.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 32/33] target-arm: add GDB scr register

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 Added the ability to print the scr register like can be done with the cpsr.

 Signed-off-by: Greg Bellows greg.bell...@linaro.org

Not sure you can just arbitrarily add new core registers
if gdb isn't expecting them, and in any case if we want
to do this we should probably do it via some more generic
mechanism than manually adding registers one at a time.
I recommend you just drop this patch for now.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 33/33] target-arm: add cpu feature EL3 to CPUs with Security Extensions

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 Set ARM_FEATURE_EL3 feature for CPUs that implement Security Extensions.

 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org

(as we've discussed, but just as a note for the wider audience:)
This is the patch we can't commit til we've thought through
possible back-compatibility breakage a bit more carefully.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 00/33] target-arm: add Security Extensions for CPUs

[Peter Maydell]

On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 Version 5 of the ARM processor security extension (TrustZone) support.
 This patchset includes changes to support the processor security extensions
 on ARMv7 aarch32 with hooks for later enabling v8 aarch64/32.

Thanks. I've reviewed the first dozen or so patches, and
I think at that point the later patches start to need enough
changes based on review comments on the first ones that it's
not worth reviewing them at the moment. If you could respin
and send out a v6 with the comments so far addressed that
would be great.

We're into soft freeze at this point, so my intention with
these patches is to commit as many of the preliminary ones
as we can get definitely reviewed over the next week or so,
since they don't actually change behaviour for the existing
CPUs. After that the freeze starts to get solid enough that
anything remaining we'll just have to do review on so it's
ready to commit when we finish the 2.2 release in early
December, I'm afraid.

-- PMM

Re: [Qemu-devel] [PATCH 10/17] mm: rmap preparation for remap_anon_pages

[Andrea Arcangeli]

Hello,

On Mon, Oct 06, 2014 at 09:55:41AM +0100, Dr. David Alan Gilbert wrote:
 * Linus Torvalds (torva...@linux-foundation.org) wrote:
  On Fri, Oct 3, 2014 at 10:08 AM, Andrea Arcangeli aarca...@redhat.com 
  wrote:
  
   Overall this looks a fairly small change to the rmap code, notably
   less intrusive than the nonlinear vmas created by remap_file_pages.
  
  Considering that remap_file_pages() was an unmitigated disaster, and
  -mm has a patch to remove it entirely, I'm not at all convinced this
  is a good argument.
  
  We thought remap_file_pages() was a good idea, and it really really
  really wasn't. Almost nobody used it, why would the anonymous page
  case be any different?
 
 I've posted code that uses this interface to qemu-devel and it works nicely;
 so chalk up at least one user.
 
 For the postcopy case I'm using it for, we need to place a page, atomically
   some thread might try and access it, and must either
  1) get caught by userfault etc or
  2) must succeed in it's access
 
 and we'll have that happening somewhere between thousands and millions of 
 times
 to pages in no particular order, so we need to avoid creating millions of 
 mappings.

Yes, that's our current use case.

Of course if somebody has better ideas on how to resolve an anonymous
userfault they're welcome.

How to resolve an userfault is orthogonal on how to detect it and to
notify userland about it and to be notified when the userfault has
been resolved. The latter is what the userfault and userfaultfd
do. The former is what remap_anon_pages is used for but we could use
something else too if there are better ways. mremap would clearly work
too, but it would be less strict (it could lead to silent data
corruption if there are bugs in the userland code), it would be slower
and it would eventually a hit a -ENOMEM failure because there would be
too many vmas.

I could in theory drop remap_anon_pages from this patchset, but
without an optimal way to resolve an userfault, the rest isn't so
useful.

We're currently discussing on what would be the best way to resolve a
MAP_SHARED userfault on tmpfs in fact (that's not sorted yet), but so
far, it seems remap_anon_pages fits the bill for anonymous memory.

remap_anon_pages is not as problematic to maintain as remap_file_pages
for the reason explained in the commit header, but there are other
reasons: it doesn't require special pte_file and it changes nothing of
how anonymous page faults works. All it requires is a loop to catch a
changed page-index (previously page-index couldn't change, not it
can, that's the only thing it changes).

remap_file_pages complexity derives from not being allowed to change
page-index during a move because the page_mapping may be bigger than
1, while that is precisely what remap_anon_pages does.

As long as this rmap preparation is the only constraints that
remap_anon_pages introduces in terms of rmap, it looks a nice
not-too-intrusive solution to resolve anonymous userfaults
efficiently.

Introducing remap_anon_pages in fact doesn't reduce the
simplification derived from the removal of remap_file_pages.

As opposed removing remap_anon_pages later would only have the benefit
of removing this very patch 10/17 and no other benefit.

In short remap_anon_pages does this (heavily simplified):

   pte = *src_pte;
   *src_pte = 0;
   pte_page(pte)-index = adjusted according to src_vma/dst_vma-vm_pgoff
   *dst_pte = pte;

It guarantees not to modify the vmas and in turn it doesn't require to
take the mmap_sem for writing.

To use remap_anon_pages, each thread has to create its own temporary
vma with MADV_DONTFORK set on it (not formally required by the syscall
strict checks, but then the application must never fork if
MADV_DONTFORK isn't set or remap_anon_pages could return -EBUSY:
there's no risk of silent data corruption even if the thread forks
without setting MADV_DONTFORK) as source region where receive data
through the network. Then after the data is fully received
rmap_anon_pages moves the page from the temporary vma to the address
where the userfault triggered atomically (while other threads may be
attempting to access the userfault address too, thanks to
remap_anon_pages atomic behavior they won't risk to ever see partial
data coming from the network).

remap_anon_pages as side effect creates an hole in the temporary
(source) vma, so the next recv() syscall receiving data from the
network will fault-in a new anonymous page without requiring any
further malloc/free or other kind of vma mangling.

Thanks,
Andrea

Re: [Qemu-devel] [PATCH] virtio-pci: fix migration for pci bus master

[Greg Kurz]

On Mon, 6 Oct 2014 19:26:21 +0300
Michael S. Tsirkin m...@redhat.com wrote:
 On Mon, Oct 06, 2014 at 04:51:35PM +0200, Greg Kurz wrote:
  On Wed, 17 Sep 2014 20:39:25 +0300
  Michael S. Tsirkin m...@redhat.com wrote:
  
   On Wed, Sep 17, 2014 at 07:21:09PM +0200, Greg Kurz wrote:
On Sun, 14 Sep 2014 21:30:36 +0300
Michael S. Tsirkin m...@redhat.com wrote:

 Current support for bus master (clearing OK bit)
 together with the need to support guests which do not
 enable PCI bus mastering, leads to extra state in
 VIRTIO_PCI_FLAG_BUS_MASTER_BUG bit, which isn't robust
 in case of cross-version migration for the case when
 guests use the device before setting DRIVER_OK.
 
 Rip out VIRTIO_PCI_FLAG_BUS_MASTER_BUG and implement a simpler
 work-around: treat clearing of PCI_COMMAND as a virtio reset.  Old
 guests never touch this bit so they will work.
 
 As reset clears device status, DRIVER and MASTER bits are
 now in sync, so we can fix up cross-version migration simply
 by synchronising them, without need to detect a buggy guest
 explicitly.
 
 Drop tracking VIRTIO_PCI_FLAG_BUS_MASTER_BUG completely.
 
 As reset makes the device quiescent, in the future we'll be able to 
 drop
 checking OK bit in a bunch of places.
 
 Cc: Jason Wang jasow...@redhat.com
 Cc: Greg Kurz gk...@linux.vnet.ibm.com
 Signed-off-by: Michael S. Tsirkin m...@redhat.com
 ---

Hi Michael,

I am not quite sure how to test this patch with my pseries based 
setup...
Migrating from qemu-2.1 to qemu-master ?

Cheers.

--
Greg
   
   Exactly. And back! Pls don't forget to specify the 2.1 machine type.
   Thanks!
   
  
  Michael,
  
  Nikunj and I had started to investigate the pseries breakage: the QEMU
  originated reset brought by this patch clears the vq and breaks SLOF.
  This isn't a surprise since reset should always come from the driver,
  not the device.
  
  Since commit 45363e46aeebfc99753389649eac7c7fc22bfe52 has reverted this
  patch, QEMU works again for pseries and virtio. :)
  
  So back to the initial issue, I've tried to migrate a pseries-2.1 guest 
  running
  rhel65, from QEMU v2.1.2 to QEMU master, back and forth, several times and 
  it
  always succeeded... what symptom this patch was expected to fix ?
  
  Cheers.
  
  --
  Greg
  
  hw/virtio/virtio-pci.c | 39 ---
  1 file changed, 20 insertions(+), 19 deletions(-)
 
 diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
 index a827cd4..f560814 100644
 --- a/hw/virtio/virtio-pci.c
 +++ b/hw/virtio/virtio-pci.c
 @@ -86,9 +86,6 @@
   * 12 is historical, and due to x86 page size. */
  #define VIRTIO_PCI_QUEUE_ADDR_SHIFT12
 
 -/* Flags track per-device state like workarounds for quirks in older 
 guests. */
 -#define VIRTIO_PCI_FLAG_BUS_MASTER_BUG  (1  0)
 -
  static void virtio_pci_bus_new(VirtioBusState *bus, size_t bus_size,
 VirtIOPCIProxy *dev);
 
 @@ -323,14 +320,6 @@ static void virtio_ioport_write(void *opaque, 
 uint32_t addr, uint32_t val)
   
 proxy-pci_dev.config[PCI_COMMAND] |
   PCI_COMMAND_MASTER, 1);
  }
 -
 -/* Linux before 2.6.34 sets the device as OK without enabling
 -   the PCI device bus master bit. In this case we need to 
 disable
 -   some safety checks. */
 -if ((val  VIRTIO_CONFIG_S_DRIVER_OK) 
 -!(proxy-pci_dev.config[PCI_COMMAND]  
 PCI_COMMAND_MASTER)) {
 -proxy-flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
 -}
  break;
  case VIRTIO_MSI_CONFIG_VECTOR:
  msix_vector_unuse(proxy-pci_dev, vdev-config_vector);
 @@ -480,13 +469,18 @@ static void virtio_write_config(PCIDevice 
 *pci_dev, uint32_t address,
  VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, 
 pci_dev);
  VirtIODevice *vdev = virtio_bus_get_device(proxy-bus);
 
 +uint8_t cmd = proxy-pci_dev.config[PCI_COMMAND];
 +
  pci_default_write_config(pci_dev, address, val, len);
 
  if (range_covers_byte(address, len, PCI_COMMAND) 
  !(pci_dev-config[PCI_COMMAND]  PCI_COMMAND_MASTER) 
 -!(proxy-flags  VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
 +(cmd  PCI_COMMAND_MASTER)) {
 +/* Bus driver disables bus mastering - make it act
 + * as a kind of reset to render the device quiescent. */
  virtio_pci_stop_ioeventfd(proxy);
 -virtio_set_status(vdev, vdev-status  
 ~VIRTIO_CONFIG_S_DRIVER_OK);
 +virtio_reset(vdev);
 +msix_unuse_all_vectors(proxy-pci_dev);
  }
  }
 
 @@ 

Re: [Qemu-devel] [PULL 0/5] linux-user patches for 2.2

[Peter Maydell]

On 6 October 2014 15:59, Peter Maydell peter.mayd...@linaro.org wrote:
 Hi. I'm afraid this doesn't compile on my ARM box:

 /root/qemu/linux-user/syscall.c: In function ‘do_syscall’:
 /root/qemu/linux-user/syscall.c:9695:9: error: implicit declaration of
 function ‘timerfd_create’ [-Werror=implicit-function-declaration]
 /root/qemu/linux-user/syscall.c:9695:9: error: nested extern
 declaration of ‘timerfd_create’ [-Werror=nested-externs]
 /root/qemu/linux-user/syscall.c:9705:13: error: implicit declaration
 of function ‘timerfd_gettime’ [-Werror=implicit-function-declaration]
 /root/qemu/linux-user/syscall.c:9705:13: error: nested extern
 declaration of ‘timerfd_gettime’ [-Werror=nested-externs]
 /root/qemu/linux-user/syscall.c:9728:13: error: implicit declaration
 of function ‘timerfd_settime’ [-Werror=implicit-function-declaration]
 /root/qemu/linux-user/syscall.c:9728:13: error: nested extern
 declaration of ‘timerfd_settime’ [-Werror=nested-externs]
 cc1: all warnings being treated as errors

Specifically, this is because of the patch which adds
#ifdef CONFIG_TIMERFD ... #endif -- it is doing so
earlier in the file than the include of qemu-common.h
which pulls in the file defining the CONFIG_* macros,
so sys/timerfd.h is now never included.

-- PMM

Re: [Qemu-devel] Question on qemu threads

[Al Patel]

Thank You, Brian and Stefan!

-a


On Thu, Oct 2, 2014 at 11:15 AM, Stefan Hajnoczi stefa...@gmail.com wrote:

 On Tue, Sep 30, 2014 at 01:44:48PM -0400, Al Patel wrote:
  In the current system, what are the extra threads?

 The set of thread is dynamic because worker threads are started and
 terminated depending on guest activity.  You cannot make assumptions
 about threads and QEMU provides monitor commands that expose the tids.

  Secondly, I am currently not using libvirt and having to start qemu from
  command line. I still want to pin the vcpu to a pcpu and want to use
  taskset on a thread. Unless I know which thread is emulating the vcpu
  how can I pin that thread?
 
  Do you have any other thoughts on the pinning part?

 Use libvirt if you can.  It will save you a ton of time.

 If you really cannot use it, you can still look at its source code to
 understand how it does what it does.  See qemuProcessDetectVcpuPIDs() in
 libvirt and the QEMU query-cpus QMP command.

 Stefan

Re: [Qemu-devel] [PATCH] gdb: provide the name of the architecture in the target.xml

[Peter Maydell]

On 6 October 2014 16:08, Cornelia Huck cornelia.h...@de.ibm.com wrote:
 On Tue, 30 Sep 2014 17:23:47 +0200
 Jens Freimann jf...@linux.vnet.ibm.com wrote:

 From: David Hildenbrand d...@linux.vnet.ibm.com

 This patch provides the name of the architecture in the target.xml if 
 available.

 This allows the remote gdb to detect the target architecture on its own - so
 there is no need to specify it manually (e.g. if gdb is started without a
 binary) using set arch *arch_name*.

 The name of the architecture has been added to all archs that provide a
 target.xml (by supplying a gdb_core_xml_file) and have a unique architecture
 name in gdb's feature xml files.

 Signed-off-by: David Hildenbrand d...@linux.vnet.ibm.com
 Acked-by: Cornelia Huck cornelia.h...@de.ibm.com
 Acked-by: Christian Borntraeger borntrae...@de.ibm.com
 Signed-off-by: Jens Freimann jf...@linux.vnet.ibm.com
 Reviewed-by: Andreas Färber afaer...@suse.de
 Cc: Andrzej Zaborowski balr...@gmail.com
 Cc: Peter Maydell peter.mayd...@linaro.org
 Cc: Vassili Karpov (malc) av1...@comtv.ru
 CC: Edgar Iglesias edgar.igles...@gmail.com
 CC: Richard Henderson r...@twiddle.net
 ---
  gdbstub.c   | 19 ---
  include/qom/cpu.h   |  2 ++
  target-arm/cpu64.c  |  1 +
  target-ppc/translate_init.c |  2 ++
  target-s390x/cpu.c  |  1 +
  5 files changed, 18 insertions(+), 7 deletions(-)

 I will send this with the next pile of s390x updates, unless someone on
 cc: has any objections.

I'm still hoping for an answer about why this is setting
the name for 64 bit ARM and not 32 bit ARM, and whether
there are any cases which need to actually be able to set
the architecture name in a more complicated name than
simply a string. I raised those in the last lot of review
and there doesn't seem to have been any answer.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] gdb: provide the name of the architecture in the target.xml

[Peter Maydell]

On 30 September 2014 16:23, Jens Freimann jf...@linux.vnet.ibm.com wrote:
 From: David Hildenbrand d...@linux.vnet.ibm.com

 This patch provides the name of the architecture in the target.xml if 
 available.

 This allows the remote gdb to detect the target architecture on its own - so
 there is no need to specify it manually (e.g. if gdb is started without a
 binary) using set arch *arch_name*.

 The name of the architecture has been added to all archs that provide a
 target.xml (by supplying a gdb_core_xml_file) and have a unique architecture
 name in gdb's feature xml files.

gdb seems to support more than one powerpc architecture
name. Do we need to report powerpc:e500 for
our e500 cpu models, for instance?

-- PMM

Re: [Qemu-devel] [PATCH] virtio-pci: fix migration for pci bus master

[Michael S. Tsirkin]

On Mon, Oct 06, 2014 at 06:46:17PM +0200, Greg Kurz wrote:
 On Mon, 6 Oct 2014 19:26:21 +0300
 Michael S. Tsirkin m...@redhat.com wrote:
  On Mon, Oct 06, 2014 at 04:51:35PM +0200, Greg Kurz wrote:
   On Wed, 17 Sep 2014 20:39:25 +0300
   Michael S. Tsirkin m...@redhat.com wrote:
   
On Wed, Sep 17, 2014 at 07:21:09PM +0200, Greg Kurz wrote:
 On Sun, 14 Sep 2014 21:30:36 +0300
 Michael S. Tsirkin m...@redhat.com wrote:
 
  Current support for bus master (clearing OK bit)
  together with the need to support guests which do not
  enable PCI bus mastering, leads to extra state in
  VIRTIO_PCI_FLAG_BUS_MASTER_BUG bit, which isn't robust
  in case of cross-version migration for the case when
  guests use the device before setting DRIVER_OK.
  
  Rip out VIRTIO_PCI_FLAG_BUS_MASTER_BUG and implement a simpler
  work-around: treat clearing of PCI_COMMAND as a virtio reset.  Old
  guests never touch this bit so they will work.
  
  As reset clears device status, DRIVER and MASTER bits are
  now in sync, so we can fix up cross-version migration simply
  by synchronising them, without need to detect a buggy guest
  explicitly.
  
  Drop tracking VIRTIO_PCI_FLAG_BUS_MASTER_BUG completely.
  
  As reset makes the device quiescent, in the future we'll be able to 
  drop
  checking OK bit in a bunch of places.
  
  Cc: Jason Wang jasow...@redhat.com
  Cc: Greg Kurz gk...@linux.vnet.ibm.com
  Signed-off-by: Michael S. Tsirkin m...@redhat.com
  ---
 
 Hi Michael,
 
 I am not quite sure how to test this patch with my pseries based 
 setup...
 Migrating from qemu-2.1 to qemu-master ?
 
 Cheers.
 
 --
 Greg

Exactly. And back! Pls don't forget to specify the 2.1 machine type.
Thanks!

   
   Michael,
   
   Nikunj and I had started to investigate the pseries breakage: the QEMU
   originated reset brought by this patch clears the vq and breaks SLOF.
   This isn't a surprise since reset should always come from the driver,
   not the device.
   
   Since commit 45363e46aeebfc99753389649eac7c7fc22bfe52 has reverted this
   patch, QEMU works again for pseries and virtio. :)
   
   So back to the initial issue, I've tried to migrate a pseries-2.1 guest 
   running
   rhel65, from QEMU v2.1.2 to QEMU master, back and forth, several times 
   and it
   always succeeded... what symptom this patch was expected to fix ?
   
   Cheers.
   
   --
   Greg
   
   hw/virtio/virtio-pci.c | 39 ---
   1 file changed, 20 insertions(+), 19 deletions(-)
  
  diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
  index a827cd4..f560814 100644
  --- a/hw/virtio/virtio-pci.c
  +++ b/hw/virtio/virtio-pci.c
  @@ -86,9 +86,6 @@
* 12 is historical, and due to x86 page size. */
   #define VIRTIO_PCI_QUEUE_ADDR_SHIFT12
  
  -/* Flags track per-device state like workarounds for quirks in 
  older guests. */
  -#define VIRTIO_PCI_FLAG_BUS_MASTER_BUG  (1  0)
  -
   static void virtio_pci_bus_new(VirtioBusState *bus, size_t 
  bus_size,
  VirtIOPCIProxy *dev);
  
  @@ -323,14 +320,6 @@ static void virtio_ioport_write(void *opaque, 
  uint32_t addr, uint32_t val)

  proxy-pci_dev.config[PCI_COMMAND] |
PCI_COMMAND_MASTER, 1);
   }
  -
  -/* Linux before 2.6.34 sets the device as OK without 
  enabling
  -   the PCI device bus master bit. In this case we need to 
  disable
  -   some safety checks. */
  -if ((val  VIRTIO_CONFIG_S_DRIVER_OK) 
  -!(proxy-pci_dev.config[PCI_COMMAND]  
  PCI_COMMAND_MASTER)) {
  -proxy-flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
  -}
   break;
   case VIRTIO_MSI_CONFIG_VECTOR:
   msix_vector_unuse(proxy-pci_dev, vdev-config_vector);
  @@ -480,13 +469,18 @@ static void virtio_write_config(PCIDevice 
  *pci_dev, uint32_t address,
   VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, 
  pci_dev);
   VirtIODevice *vdev = virtio_bus_get_device(proxy-bus);
  
  +uint8_t cmd = proxy-pci_dev.config[PCI_COMMAND];
  +
   pci_default_write_config(pci_dev, address, val, len);
  
   if (range_covers_byte(address, len, PCI_COMMAND) 
   !(pci_dev-config[PCI_COMMAND]  PCI_COMMAND_MASTER) 
  -!(proxy-flags  VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
  +(cmd  PCI_COMMAND_MASTER)) {
  +/* Bus driver disables bus mastering - make it act
  + * as a kind of reset to render the device quiescent. */
   virtio_pci_stop_ioeventfd(proxy);
  -   

Re: [Qemu-devel] [PATCH 08/17] mm: madvise MADV_USERFAULT

[Andrea Arcangeli]

Hi,

On Sat, Oct 04, 2014 at 08:13:36AM +0900, Mike Hommey wrote:
 On Fri, Oct 03, 2014 at 07:07:58PM +0200, Andrea Arcangeli wrote:
  MADV_USERFAULT is a new madvise flag that will set VM_USERFAULT in the
  vma flags. Whenever VM_USERFAULT is set in an anonymous vma, if
  userland touches a still unmapped virtual address, a sigbus signal is
  sent instead of allocating a new page. The sigbus signal handler will
  then resolve the page fault in userland by calling the
  remap_anon_pages syscall.
 
 What does unmapped virtual address mean in this context?

To clarify this I added this in a second sentence in the commit
header:

still unmapped virtual address of the previous sentence in this
context means that the pte/trans_huge_pmd is null. It means it's an
hole inside the anonymous vma (the kind of hole that doesn't account
for RSS but only virtual size of the process). It is the same state
all anonymous virtual memory is, right after mmap. The same state that
if you read from it, will map a zeropage into the faulting virtual
address. If the page is swapped out, it will not trigger userfaults.

If something isn't clear let me know.

Thanks,
Andrea

Re: [Qemu-devel] [PATCH v5 02/33] target-arm: add arm_is_secure() function

[Sergey Fedorov]

On 06.10.2014 07:56, Peter Maydell wrote:
 On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Fabian Aggeler aggel...@ethz.ch

 arm_is_secure() function allows to determine CPU security state
 if the CPU implements Security Extensions/EL3.
 arm_is_secure_below_el3() returns true if CPU is in secure state
 below EL3.

 Signed-off-by: Sergey Fedorov s.fedo...@samsung.com
 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org
 ---
  target-arm/cpu.h | 38 ++
  1 file changed, 38 insertions(+)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index 81fffd2..10afef0 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -753,6 +753,44 @@ static inline int arm_feature(CPUARMState *env, int 
 feature)
  return (env-features  (1ULL  feature)) != 0;
  }

 +
 +/* Return true if exception level below EL3 is in secure state */
 +static inline bool arm_is_secure_below_el3(CPUARMState *env)
 +{
 +#if !defined(CONFIG_USER_ONLY)
 +if (arm_feature(env, ARM_FEATURE_EL3)) {
 +return !(env-cp15.scr_el3  SCR_NS);
 +} else if (arm_feature(env, ARM_FEATURE_EL2)) {
 +return false;
 +} else {
 +/* IMPDEF: QEMU defaults to non-secure */
 +return false;
 I would be happy to fold both these identical 'return false'
 cases together and have a comment that it's only IMPDEF
 if EL2 isn't implemented.

 +}
 +#else
 +return false;
 +#endif
 +}
 +
 +/* Return true if the processor is in secure state */
 +static inline bool arm_is_secure(CPUARMState *env)
 +{
 +#if !defined(CONFIG_USER_ONLY)
 +if (arm_feature(env, ARM_FEATURE_EL3)) {
 +if (env-aarch64  extract32(env-pstate, 2, 2) == 3) {
 +/* CPU currently in Aarch64 state and EL3 */
 Nit: AArch64 with two capital 'A's (here and elsewhere).

 +return true;
 +} else if (!env-aarch64 
 +(env-uncached_cpsr  CPSR_M) == ARM_CPU_MODE_MON) {
 +/* CPU currently in Aarch32 state and monitor mode */
 +return true;
 +}
 +}
 +return arm_is_secure_below_el3(env);
 +#else
 +return false;
 +#endif
 +}
 I checked your git tree and we don't actually use
 arm_is_secure_below_el3() anywhere except in
 arm_is_secure(), do we? That suggests to me we should
 just fold the two functions together.

 Can these functions live in internals.h rather than cpu.h?
 (The difference is that internals.h is restricted to only
 target-arm/ code whereas cpu.h is auto-included for a much
 wider set of files.)

Probably arm_is_secure() would be used by ARM GIC emulation until there
is no better way to determine memory transaction NS tag.


 thanks
 -- PMM

[Qemu-devel] [PATCH 0/2] qemu-char: Clean up socket reporting

[minyard]

The first patch fixes some reporting issues for reconnect sockets
that fail to connect.  It prevents a constant stream of error messages,
and reports the error immediately instead of delaying it.  This
required a small restructure, but nothing big.

The second adds an error to non-blocking connect reporting.  The
error was available, it just wasn't being passed.  Hopefully this
makes the error easier to diagnose.

-corey

[Qemu-devel] [PATCH 1/2] qemu-char: Fix reconnect socket error reporting

[minyard]

From: Corey Minyard cminy...@mvista.com

If reconnect was set, errors wouldn't always be reported.
Fix that and also only report a connect error once until a
connection has been made.

The primary purpose of this is to tell the user that a
connection failed so they can know they need to figure out
what went wrong.  So we don't want to spew too much
out here, just enough so they know.

Signed-off-by: Corey Minyard cminy...@mvista.com
---
 qemu-char.c | 47 ---
 1 file changed, 32 insertions(+), 15 deletions(-)

diff --git a/qemu-char.c b/qemu-char.c
index 62af0ef..fb895c7 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2509,6 +2509,7 @@ typedef struct {
 
 guint reconnect_timer;
 int64_t reconnect_time;
+bool connect_err_reported;
 } TCPCharDriver;
 
 static gboolean socket_reconnect_timeout(gpointer opaque);
@@ -2521,6 +2522,17 @@ static void 
qemu_chr_socket_restart_timer(CharDriverState *chr)
socket_reconnect_timeout, chr);
 }
 
+static void check_report_connect_error(CharDriverState *chr, const char *str)
+{
+TCPCharDriver *s = chr-opaque;
+
+if (!s-connect_err_reported) {
+error_report(%s char device %s\n, str, chr-label);
+s-connect_err_reported = 1;
+}
+qemu_chr_socket_restart_timer(chr);
+}
+
 static gboolean tcp_chr_accept(GIOChannel *chan, GIOCondition cond, void 
*opaque);
 
 #ifndef _WIN32
@@ -3045,12 +3057,14 @@ static void 
qemu_chr_finish_socket_connection(CharDriverState *chr, int fd)
 static void qemu_chr_socket_connected(int fd, void *opaque)
 {
 CharDriverState *chr = opaque;
+TCPCharDriver *s = chr-opaque;
 
 if (fd  0) {
-qemu_chr_socket_restart_timer(chr);
+check_report_connect_error(chr, Unable to connect to);
 return;
 }
 
+s-connect_err_reported = 0;
 qemu_chr_finish_socket_connection(chr, fd);
 }
 
@@ -4066,11 +4080,19 @@ static CharDriverState 
*qmp_chardev_open_parallel(ChardevHostdev *parallel,
 
 #endif /* WIN32 */
 
+static void socket_try_connect(CharDriverState *chr)
+{
+Error *err = NULL;
+
+if (!qemu_chr_open_socket_fd(chr, err)) {
+check_report_connect_error(chr, Unable to start connection to);
+}
+}
+
 static gboolean socket_reconnect_timeout(gpointer opaque)
 {
 CharDriverState *chr = opaque;
 TCPCharDriver *s = chr-opaque;
-Error *err;
 
 s-reconnect_timer = 0;
 
@@ -4078,10 +4100,7 @@ static gboolean socket_reconnect_timeout(gpointer opaque)
 return false;
 }
 
-if (!qemu_chr_open_socket_fd(chr, err)) {
-error_report(Unable to connect to char device %s\n, chr-label);
-qemu_chr_socket_restart_timer(chr);
-}
+socket_try_connect(chr);
 
 return false;
 }
@@ -4133,15 +4152,13 @@ static CharDriverState 
*qmp_chardev_open_socket(ChardevSocket *sock,
 s-reconnect_time = reconnect;
 }
 
-if (!qemu_chr_open_socket_fd(chr, errp)) {
-if (s-reconnect_time) {
-qemu_chr_socket_restart_timer(chr);
-} else {
-g_free(s);
-g_free(chr-filename);
-g_free(chr);
-return NULL;
-}
+if (s-reconnect_time) {
+socket_try_connect(chr);
+} else if (!qemu_chr_open_socket_fd(chr, errp)) {
+g_free(s);
+g_free(chr-filename);
+g_free(chr);
+return NULL;
 }
 
 if (is_listen  is_waitconnect) {
-- 
1.8.3.1

[Qemu-devel] [PATCH 2/2] qemu-sockets: Add error to non-blocking connect handler

[minyard]

From: Corey Minyard cminy...@mvista.com

An error value here would be quite handy and more consistent
with the rest of the code.

Corey Minyard cminy...@mvista.com
---
 include/qemu/sockets.h |  2 +-
 migration-tcp.c|  4 ++--
 migration-unix.c   |  4 ++--
 qemu-char.c| 12 +++-
 util/qemu-sockets.c| 19 ++-
 5 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
index fdbb196..f47dae6 100644
--- a/include/qemu/sockets.h
+++ b/include/qemu/sockets.h
@@ -47,7 +47,7 @@ int recv_all(int fd, void *buf, int len1, bool single_read);
 /* callback function for nonblocking connect
  * valid fd on success, negative error code on failure
  */
-typedef void NonBlockingConnectHandler(int fd, void *opaque);
+typedef void NonBlockingConnectHandler(int fd, Error *errp, void *opaque);
 
 InetSocketAddress *inet_parse(const char *str, Error **errp);
 int inet_listen_opts(QemuOpts *opts, int port_offset, Error **errp);
diff --git a/migration-tcp.c b/migration-tcp.c
index 2e34517..91c9cf3 100644
--- a/migration-tcp.c
+++ b/migration-tcp.c
@@ -33,12 +33,12 @@
 do { } while (0)
 #endif
 
-static void tcp_wait_for_connect(int fd, void *opaque)
+static void tcp_wait_for_connect(int fd, Error *err, void *opaque)
 {
 MigrationState *s = opaque;
 
 if (fd  0) {
-DPRINTF(migrate connect error\n);
+DPRINTF(migrate connect error: %s\n, error_get_pretty(err));
 s-file = NULL;
 migrate_fd_error(s);
 } else {
diff --git a/migration-unix.c b/migration-unix.c
index 0a5f8a1..1cdadfb 100644
--- a/migration-unix.c
+++ b/migration-unix.c
@@ -33,12 +33,12 @@
 do { } while (0)
 #endif
 
-static void unix_wait_for_connect(int fd, void *opaque)
+static void unix_wait_for_connect(int fd, Error *err, void *opaque)
 {
 MigrationState *s = opaque;
 
 if (fd  0) {
-DPRINTF(migrate connect error\n);
+DPRINTF(migrate connect error: %s\n, error_get_pretty(err));
 s-file = NULL;
 migrate_fd_error(s);
 } else {
diff --git a/qemu-char.c b/qemu-char.c
index fb895c7..22a2eb7 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2522,12 +2522,14 @@ static void 
qemu_chr_socket_restart_timer(CharDriverState *chr)
socket_reconnect_timeout, chr);
 }
 
-static void check_report_connect_error(CharDriverState *chr, const char *str)
+static void check_report_connect_error(CharDriverState *chr, const char *str,
+   Error *err)
 {
 TCPCharDriver *s = chr-opaque;
 
 if (!s-connect_err_reported) {
-error_report(%s char device %s\n, str, chr-label);
+error_report(%s char device %s: %s\n, str, chr-label,
+ error_get_pretty(err));
 s-connect_err_reported = 1;
 }
 qemu_chr_socket_restart_timer(chr);
@@ -3054,13 +3056,13 @@ static void 
qemu_chr_finish_socket_connection(CharDriverState *chr, int fd)
 }
 }
 
-static void qemu_chr_socket_connected(int fd, void *opaque)
+static void qemu_chr_socket_connected(int fd, Error *err, void *opaque)
 {
 CharDriverState *chr = opaque;
 TCPCharDriver *s = chr-opaque;
 
 if (fd  0) {
-check_report_connect_error(chr, Unable to connect to);
+check_report_connect_error(chr, Unable to connect to, err);
 return;
 }
 
@@ -4085,7 +4087,7 @@ static void socket_try_connect(CharDriverState *chr)
 Error *err = NULL;
 
 if (!qemu_chr_open_socket_fd(chr, err)) {
-check_report_connect_error(chr, Unable to start connection to);
+check_report_connect_error(chr, Unable to start connection to, err);
 }
 }
 
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 1eef590..e6a9644 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -234,6 +234,7 @@ static void wait_for_connect(void *opaque)
 int val = 0, rc = 0;
 socklen_t valsize = sizeof(val);
 bool in_progress;
+Error *err = NULL;
 
 qemu_set_fd_handler2(s-fd, NULL, NULL, NULL, NULL);
 
@@ -248,6 +249,7 @@ static void wait_for_connect(void *opaque)
 
 /* connect error */
 if (rc  0) {
+error_setg_errno(err, errno, Error connecting to socket);
 closesocket(s-fd);
 s-fd = rc;
 }
@@ -257,9 +259,14 @@ static void wait_for_connect(void *opaque)
 while (s-current_addr-ai_next != NULL  s-fd  0) {
 s-current_addr = s-current_addr-ai_next;
 s-fd = inet_connect_addr(s-current_addr, in_progress, s, NULL);
+if (s-fd  0) {
+error_free(err);
+err = NULL;
+error_setg_errno(err, errno, Unable to start socket 
connect);
+}
 /* connect in progress */
 if (in_progress) {
-return;
+goto out;
 }
 }
 
@@ -267,9 +274,11 @@ static void wait_for_connect(void *opaque)
 }
 
 

Re: [Qemu-devel] [PATCH v5 02/33] target-arm: add arm_is_secure() function

[Peter Maydell]

On 6 October 2014 18:57, Sergey Fedorov serge.f...@gmail.com wrote:
 On 06.10.2014 07:56, Peter Maydell wrote:
 Can these functions live in internals.h rather than cpu.h?
 (The difference is that internals.h is restricted to only
 target-arm/ code whereas cpu.h is auto-included for a much
 wider set of files.)

 Probably arm_is_secure() would be used by ARM GIC emulation until there
 is no better way to determine memory transaction NS tag.

We could have the GIC code temporarily include
internals.h, which would be a nice big red flag that
it was doing things the wrong way :-)

-- PMM

Re: [Qemu-devel] [PATCH v5 10/33] target-arm: add non-secure Translation Block flag

[Sergey Fedorov]

On 06.10.2014 09:13, Peter Maydell wrote:
 On 30 September 2014 22:49, Greg Bellows greg.bell...@linaro.org wrote:
 From: Sergey Fedorov s.fedo...@samsung.com

 This patch is based on idea found in patch at
 git://github.com/jowinter/qemu-trustzone.git
 f3d955c6c0ed8c46bc0eb10b634201032a651dd2 by
 Johannes Winter johannes.win...@iaik.tugraz.at.

 This flag prevents QEMU from executing TCG code generated for other CPU
 security state. It also allows to generate different TCG code depending on
 CPU secure state.
 This doesn't quite seem to line up with the code:
 the commit message says the flag is for the CPU's
 current security state, but the code is using the
 which register bank setting.

Right, the original patch used !arm_is_secure(env) as a condition for
setting this flag. But that was changed at some point without correcting
commit message.


 Signed-off-by: Sergey Fedorov s.fedo...@samsung.com
 Signed-off-by: Fabian Aggeler aggel...@ethz.ch
 Signed-off-by: Greg Bellows greg.bell...@linaro.org

 --
 v4 - v5
 - Merge changes
 - Fixed issue where TB secure state flag was incorrectly being set based on
   secure state rather than NS setting.  This caused an issue where monitor 
 mode
   MRC/MCR accesses were always secure rather than being based on NS bit
   setting.
 - Added separate 64/32 TB secure state flags
 - Unconditionalized the setting of the DC ns bit
 - Removed IS_NS macro and replaced with direct usage.
 ---
  target-arm/cpu.h   | 14 ++
  target-arm/translate-a64.c |  1 +
  target-arm/translate.c |  1 +
  target-arm/translate.h |  1 +
  4 files changed, 17 insertions(+)

 diff --git a/target-arm/cpu.h b/target-arm/cpu.h
 index c58fdf5..1700676 100644
 --- a/target-arm/cpu.h
 +++ b/target-arm/cpu.h
 @@ -1528,6 +1528,8 @@ static inline bool arm_singlestep_active(CPUARMState 
 *env)
   */
  #define ARM_TBFLAG_XSCALE_CPAR_SHIFT 20
  #define ARM_TBFLAG_XSCALE_CPAR_MASK (3  ARM_TBFLAG_XSCALE_CPAR_SHIFT)
 +#define ARM_TBFLAG_NS_SHIFT 22
 +#define ARM_TBFLAG_NS_MASK  (1  ARM_TBFLAG_NS_SHIFT)

  /* Bit usage when in AArch64 state */
  #define ARM_TBFLAG_AA64_EL_SHIFT0
 @@ -1538,6 +1540,8 @@ static inline bool arm_singlestep_active(CPUARMState 
 *env)
  #define ARM_TBFLAG_AA64_SS_ACTIVE_MASK (1  
 ARM_TBFLAG_AA64_SS_ACTIVE_SHIFT)
  #define ARM_TBFLAG_AA64_PSTATE_SS_SHIFT 4
  #define ARM_TBFLAG_AA64_PSTATE_SS_MASK (1  
 ARM_TBFLAG_AA64_PSTATE_SS_SHIFT)
 +#define ARM_TBFLAG_AA64_NS_SHIFT5
 +#define ARM_TBFLAG_AA64_NS_MASK (1  ARM_TBFLAG_AA64_NS_SHIFT)

  /* some convenience accessor macros */
  #define ARM_TBFLAG_AARCH64_STATE(F) \
 @@ -1572,6 +1576,10 @@ static inline bool arm_singlestep_active(CPUARMState 
 *env)
  (((F)  ARM_TBFLAG_AA64_SS_ACTIVE_MASK)  
 ARM_TBFLAG_AA64_SS_ACTIVE_SHIFT)
  #define ARM_TBFLAG_AA64_PSTATE_SS(F) \
  (((F)  ARM_TBFLAG_AA64_PSTATE_SS_MASK)  
 ARM_TBFLAG_AA64_PSTATE_SS_SHIFT)
 +#define ARM_TBFLAG_NS(F) \
 +(((F)  ARM_TBFLAG_NS_MASK)  ARM_TBFLAG_NS_SHIFT)
 +#define ARM_TBFLAG_AA64_NS(F) \
 +(((F)  ARM_TBFLAG_AA64_NS_MASK)  ARM_TBFLAG_AA64_NS_SHIFT)

  static inline void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
  target_ulong *cs_base, int *flags)
 @@ -1605,6 +1613,9 @@ static inline void cpu_get_tb_cpu_state(CPUARMState 
 *env, target_ulong *pc,
  *flags |= ARM_TBFLAG_AA64_PSTATE_SS_MASK;
  }
  }
 +if (!(USE_SECURE_REG(env))) {
 +*flags |= ARM_TBFLAG_AA64_NS_MASK;
 +}
 What's this for? If we're in AArch64 mode then we know that
 EL3 (if it exists) must also be AArch64, and so USE_SECURE_REG
 always returns false...

  } else {
  int privmode;
  *pc = env-regs[15];
 @@ -1621,6 +1632,9 @@ static inline void cpu_get_tb_cpu_state(CPUARMState 
 *env, target_ulong *pc,
  if (privmode) {
  *flags |= ARM_TBFLAG_PRIV_MASK;
  }
 +if (!(USE_SECURE_REG(env))) {
 +*flags |= ARM_TBFLAG_NS_MASK;
 +}
  if (env-vfp.xregs[ARM_VFP_FPEXC]  (1  30)
  || arm_el_is_aa64(env, 1)) {
  *flags |= ARM_TBFLAG_VFPEN_MASK;
 diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
 index f53dc0f..dfc8c58 100644
 --- a/target-arm/translate-a64.c
 +++ b/target-arm/translate-a64.c
 @@ -10926,6 +10926,7 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
  #if !defined(CONFIG_USER_ONLY)
  dc-user = (ARM_TBFLAG_AA64_EL(tb-flags) == 0);
  #endif
 +dc-ns = ARM_TBFLAG_AA64_NS(tb-flags);
  dc-cpacr_fpen = ARM_TBFLAG_AA64_FPEN(tb-flags);
  dc-vec_len = 0;
  dc-vec_stride = 0;
 diff --git a/target-arm/translate.c b/target-arm/translate.c
 index 3f3ddfb..5e1d677 100644
 --- a/target-arm/translate.c
 +++ b/target-arm/translate.c
 @@ -10958,6 +10958,7 @@ static inline void 
 gen_intermediate_code_internal(ARMCPU *cpu,
  #if !defined(CONFIG_USER_ONLY)
  dc-user = 

Re: [Qemu-devel] [PATCH 1/2] qemu-char: Fix reconnect socket error reporting

[Eric Blake]

On 10/06/2014 11:59 AM, miny...@acm.org wrote:
 From: Corey Minyard cminy...@mvista.com
 
 If reconnect was set, errors wouldn't always be reported.
 Fix that and also only report a connect error once until a
 connection has been made.
 
 The primary purpose of this is to tell the user that a
 connection failed so they can know they need to figure out
 what went wrong.  So we don't want to spew too much
 out here, just enough so they know.
 
 Signed-off-by: Corey Minyard cminy...@mvista.com
 ---
  qemu-char.c | 47 ---
  1 file changed, 32 insertions(+), 15 deletions(-)

 +bool connect_err_reported;
  } TCPCharDriver;
  
  static gboolean socket_reconnect_timeout(gpointer opaque);
 @@ -2521,6 +2522,17 @@ static void 
 qemu_chr_socket_restart_timer(CharDriverState *chr)
 socket_reconnect_timeout, 
 chr);
  }
  
 +static void check_report_connect_error(CharDriverState *chr, const char *str)
 +{
 +TCPCharDriver *s = chr-opaque;
 +
 +if (!s-connect_err_reported) {
 +error_report(%s char device %s\n, str, chr-label);

No \n at the end of an error_report() message.

 +s-connect_err_reported = 1;

s/1/true/ since you typed it as bool.

 +}
 +qemu_chr_socket_restart_timer(chr);
 +}
 +
  static gboolean tcp_chr_accept(GIOChannel *chan, GIOCondition cond, void 
 *opaque);
  
  #ifndef _WIN32
 @@ -3045,12 +3057,14 @@ static void 
 qemu_chr_finish_socket_connection(CharDriverState *chr, int fd)
  static void qemu_chr_socket_connected(int fd, void *opaque)
  {
  CharDriverState *chr = opaque;
 +TCPCharDriver *s = chr-opaque;
  
  if (fd  0) {
 -qemu_chr_socket_restart_timer(chr);
 +check_report_connect_error(chr, Unable to connect to);

Works in English, but if there is ever translation of the message
printed in check_report_connect_error, you are probably doing
translators a disservice by splitting a sentence into two parts
separated by a number of lines of code.  (Spoken by one who has never
contributed a translation, so take with a grain of salt)

  return;
  }
  
 +s-connect_err_reported = 0;

s/0/false/



-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v4 38/47] Add assertion to check migration_dirty_pages

[Dr. David Alan Gilbert]

* Paolo Bonzini (pbonz...@redhat.com) wrote:
 Il 03/10/2014 19:47, Dr. David Alan Gilbert (git) ha scritto:
  
  I've seen it go negative once during dev, it shouldn't
  happen.
 
 You can move it earlier, perhaps even as patch 1, since it does not have
 any dependency on postcopy and can go in at any time.

OK, I moved it to the 2nd patch - just after the docs (Eric previously said
he liked those at the start of a patch set).

Dave

 
 Paolo
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v4 20/47] Add migration-capability boolean for postcopy-ram.

[Eric Blake]

On 10/03/2014 11:47 AM, Dr. David Alan Gilbert (git) wrote:
 From: Dr. David Alan Gilbert dgilb...@redhat.com
 
 Signed-off-by: Dr. David Alan Gilbert dgilb...@redhat.com
 Reviewed-by: Eric Blake ebl...@redhat.com
 ---
  include/migration/migration.h | 1 +
  migration.c   | 9 +
  qapi-schema.json  | 6 +-
  3 files changed, 15 insertions(+), 1 deletion(-)
 

  #
 +# @x-postcopy-ram: Start executing on the migration target before all of RAM 
 has been
 +#  migrated, pulling the remaining pages along as needed. NOTE: If 
 the
 +#  migration fails during postcopy the VM will fail.  (since 2.2)
 +#
  # Since: 1.2
  ##
  { 'enum': 'MigrationCapability',
 -  'data': ['xbzrle', 'rdma-pin-all', 'auto-converge', 'zero-blocks'] }
 +  'data': ['xbzrle', 'rdma-pin-all', 'auto-converge', 'zero-blocks', 
 'x-postcopy-ram'] }

Can we wrap this to keep things in 80 columns?  Also, the question was
raised on the libvirt list on whether the interface is stable enough to
name this 'postcopy-ram' from the get-go (rather than marking the
interface experimental), so that libvirt can start using it sooner.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v4 32/47] postcopy: ram_enable_notify to switch on userfault

[Dr. David Alan Gilbert]

* Paolo Bonzini (pbonz...@redhat.com) wrote:
 Il 03/10/2014 19:47, Dr. David Alan Gilbert (git) ha scritto:
  +static int postcopy_ram_sensitise_area(const char *block_name, void 
  *host_addr,
  +   ram_addr_t offset, ram_addr_t 
  length,
  +   void *opaque)
 
 Weird name, and I'm not referring to the British -ise. :)
 
 Perhaps ram_block_enable_userfault or ram_block_enable_notify?  It helps
 clarity to limit the use of the postcopy_ram_ prefix for static function.

Yep, that's fair enough; I'll make it ram_block_enable_notify.

Dave

 Paolo
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PULL 0/5] linux-user patches for 2.2

[Riku Voipio]

On Mon, Oct 06, 2014 at 05:49:14PM +0100, Peter Maydell wrote:
 On 6 October 2014 15:59, Peter Maydell peter.mayd...@linaro.org wrote:
  Hi. I'm afraid this doesn't compile on my ARM box:
 
  /root/qemu/linux-user/syscall.c: In function ‘do_syscall’:
  /root/qemu/linux-user/syscall.c:9695:9: error: implicit declaration of
  function ‘timerfd_create’ [-Werror=implicit-function-declaration]
  /root/qemu/linux-user/syscall.c:9695:9: error: nested extern
  declaration of ‘timerfd_create’ [-Werror=nested-externs]
  /root/qemu/linux-user/syscall.c:9705:13: error: implicit declaration
  of function ‘timerfd_gettime’ [-Werror=implicit-function-declaration]
  /root/qemu/linux-user/syscall.c:9705:13: error: nested extern
  declaration of ‘timerfd_gettime’ [-Werror=nested-externs]
  /root/qemu/linux-user/syscall.c:9728:13: error: implicit declaration
  of function ‘timerfd_settime’ [-Werror=implicit-function-declaration]
  /root/qemu/linux-user/syscall.c:9728:13: error: nested extern
  declaration of ‘timerfd_settime’ [-Werror=nested-externs]
  cc1: all warnings being treated as errors
 
 Specifically, this is because of the patch which adds
 #ifdef CONFIG_TIMERFD ... #endif -- it is doing so
 earlier in the file than the include of qemu-common.h
 which pulls in the file defining the CONFIG_* macros,
 so sys/timerfd.h is now never included.

Sorry, will fix it quickly.

Riku

Re: [Qemu-devel] [PATCH v4 20/47] Add migration-capability boolean for postcopy-ram.

[Dr. David Alan Gilbert]

* Eric Blake (ebl...@redhat.com) wrote:
 On 10/03/2014 11:47 AM, Dr. David Alan Gilbert (git) wrote:
  From: Dr. David Alan Gilbert dgilb...@redhat.com
  
  Signed-off-by: Dr. David Alan Gilbert dgilb...@redhat.com
  Reviewed-by: Eric Blake ebl...@redhat.com
  ---
   include/migration/migration.h | 1 +
   migration.c   | 9 +
   qapi-schema.json  | 6 +-
   3 files changed, 15 insertions(+), 1 deletion(-)
  
 
   #
  +# @x-postcopy-ram: Start executing on the migration target before all of 
  RAM has been
  +#  migrated, pulling the remaining pages along as needed. NOTE: If 
  the
  +#  migration fails during postcopy the VM will fail.  (since 2.2)
  +#
   # Since: 1.2
   ##
   { 'enum': 'MigrationCapability',
  -  'data': ['xbzrle', 'rdma-pin-all', 'auto-converge', 'zero-blocks'] }
  +  'data': ['xbzrle', 'rdma-pin-all', 'auto-converge', 'zero-blocks', 
  'x-postcopy-ram'] }
 
 Can we wrap this to keep things in 80 columns?

Done.

 Also, the question was
 raised on the libvirt list on whether the interface is stable enough to
 name this 'postcopy-ram' from the get-go (rather than marking the
 interface experimental), so that libvirt can start using it sooner.

I'm still nervous about that, what I intend to do is add one
patch at the end of the series that removes the x-  so that can
get discussed separately.

While I'm confident that the interface to libvirt is stable, removing the x-
declares that the whole thing is stable and I then have to maintain
migration compatibility; and it seemed sensible to let people try it for 
a release; however if libvirt have no way to support QEMUs ability to have
experimental features, I guess no one is actually going to try it, which is
very disappointing.

Dave

 -- 
 Eric Blake   eblake redhat com+1-919-301-3266
 Libvirt virtualization library http://libvirt.org
 


--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PULL v2 2/5] linux-user: Convert blkpg to use a special subop handler

[riku . voipio]

From: Alexander Graf ag...@suse.de

The blkpg ioctl can take different payloads depending on the opcode in
its payload structure. Create a new special ioctl handler that can only
deal with partition style ones for now.

This patch fixes running parted for me.

Signed-off-by: Alexander Graf ag...@suse.de
Signed-off-by: Riku Voipio riku.voi...@linaro.org
---
 linux-user/ioctls.h|  3 ++-
 linux-user/syscall.c   | 53 ++
 linux-user/syscall_types.h |  2 +-
 3 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 609b27c..e672655 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -78,7 +78,8 @@
  IOCTL(BLKRAGET, IOC_R, MK_PTR(TYPE_LONG))
  IOCTL(BLKSSZGET, IOC_R, MK_PTR(TYPE_LONG))
  IOCTL(BLKBSZGET, IOC_R, MK_PTR(TYPE_INT))
- IOCTL(BLKPG, IOC_W, MK_PTR(MK_STRUCT(STRUCT_blkpg_ioctl_arg)))
+ IOCTL_SPECIAL(BLKPG, IOC_W, do_ioctl_blkpg,
+   MK_PTR(MK_STRUCT(STRUCT_blkpg_ioctl_arg)))
 #ifdef FIBMAP
  IOCTL(FIBMAP, IOC_W | IOC_R, MK_PTR(TYPE_LONG))
 #endif
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8fe9df7..dcb9df9 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3696,6 +3696,59 @@ out:
 return ret;
 }
 
+static abi_long do_ioctl_blkpg(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
+   abi_long cmd, abi_long arg)
+{
+void *argptr;
+int target_size;
+const argtype *arg_type = ie-arg_type;
+const argtype part_arg_type[] = { MK_STRUCT(STRUCT_blkpg_partition) };
+abi_long ret;
+
+struct blkpg_ioctl_arg *host_blkpg = (void*)buf_temp;
+struct blkpg_partition host_part;
+
+/* Read and convert blkpg */
+arg_type++;
+target_size = thunk_type_size(arg_type, 0);
+argptr = lock_user(VERIFY_READ, arg, target_size, 1);
+if (!argptr) {
+ret = -TARGET_EFAULT;
+goto out;
+}
+thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
+unlock_user(argptr, arg, 0);
+
+switch (host_blkpg-op) {
+case BLKPG_ADD_PARTITION:
+case BLKPG_DEL_PARTITION:
+/* payload is struct blkpg_partition */
+break;
+default:
+/* Unknown opcode */
+ret = -TARGET_EINVAL;
+goto out;
+}
+
+/* Read and convert blkpg-data */
+arg = (abi_long)(uintptr_t)host_blkpg-data;
+target_size = thunk_type_size(part_arg_type, 0);
+argptr = lock_user(VERIFY_READ, arg, target_size, 1);
+if (!argptr) {
+ret = -TARGET_EFAULT;
+goto out;
+}
+thunk_convert(host_part, argptr, part_arg_type, THUNK_HOST);
+unlock_user(argptr, arg, 0);
+
+/* Swizzle the data pointer to our local copy and call! */
+host_blkpg-data = host_part;
+ret = get_errno(ioctl(fd, ie-host_cmd, host_blkpg));
+
+out:
+return ret;
+}
+
 static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
 int fd, abi_long cmd, abi_long arg)
 {
diff --git a/linux-user/syscall_types.h b/linux-user/syscall_types.h
index 9d0c92d..1fd4ee0 100644
--- a/linux-user/syscall_types.h
+++ b/linux-user/syscall_types.h
@@ -252,4 +252,4 @@ STRUCT(blkpg_ioctl_arg,
TYPE_INT, /* op */
TYPE_INT, /* flags */
TYPE_INT, /* datalen */
-   MK_PTR(MK_STRUCT(STRUCT_blkpg_partition))) /* data */
+   TYPE_PTRVOID) /* data */
-- 
2.0.1

[Qemu-devel] [PULL v2 3/5] linux-user: Simplify timerid checks on g_posix_timers range

[riku . voipio]

From: Alexander Graf ag...@suse.de

We check whether the passed in timer id is negative on all calls
that involve g_posix_timers.

However, these checks are bogus. First off we limit the timer_id to
16 bits which is not what Linux does. Then we check whether it's negative
which it can't be because we masked it.

We can safely remove the masking. For the negativity check we can just
treat the timerid as unsigned and only check for upper boundaries.

Signed-off-by: Alexander Graf ag...@suse.de
Signed-off-by: Riku Voipio riku.voi...@linaro.org
---
 linux-user/syscall.c | 30 +-
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index dcb9df9..7087a56 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9615,11 +9615,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 {
 /* args: timer_t timerid, int flags, const struct itimerspec 
*new_value,
  * struct itimerspec * old_value */
-arg1 = 0x;
-if (arg3 == 0 || arg1  0 || arg1 = ARRAY_SIZE(g_posix_timers)) {
+target_ulong timerid = arg1;
+
+if (arg3 == 0 || timerid = ARRAY_SIZE(g_posix_timers)) {
 ret = -TARGET_EINVAL;
 } else {
-timer_t htimer = g_posix_timers[arg1];
+timer_t htimer = g_posix_timers[timerid];
 struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
 
 target_to_host_itimerspec(hspec_new, arg3);
@@ -9635,13 +9636,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 case TARGET_NR_timer_gettime:
 {
 /* args: timer_t timerid, struct itimerspec *curr_value */
-arg1 = 0x;
+target_ulong timerid = arg1;
+
 if (!arg2) {
 return -TARGET_EFAULT;
-} else if (arg1  0 || arg1 = ARRAY_SIZE(g_posix_timers)) {
+} else if (timerid = ARRAY_SIZE(g_posix_timers)) {
 ret = -TARGET_EINVAL;
 } else {
-timer_t htimer = g_posix_timers[arg1];
+timer_t htimer = g_posix_timers[timerid];
 struct itimerspec hspec;
 ret = get_errno(timer_gettime(htimer, hspec));
 
@@ -9657,11 +9659,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 case TARGET_NR_timer_getoverrun:
 {
 /* args: timer_t timerid */
-arg1 = 0x;
-if (arg1  0 || arg1 = ARRAY_SIZE(g_posix_timers)) {
+target_ulong timerid = arg1;
+
+if (timerid = ARRAY_SIZE(g_posix_timers)) {
 ret = -TARGET_EINVAL;
 } else {
-timer_t htimer = g_posix_timers[arg1];
+timer_t htimer = g_posix_timers[timerid];
 ret = get_errno(timer_getoverrun(htimer));
 }
 break;
@@ -9672,13 +9675,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 case TARGET_NR_timer_delete:
 {
 /* args: timer_t timerid */
-arg1 = 0x;
-if (arg1  0 || arg1 = ARRAY_SIZE(g_posix_timers)) {
+target_ulong timerid = arg1;
+
+if (timerid = ARRAY_SIZE(g_posix_timers)) {
 ret = -TARGET_EINVAL;
 } else {
-timer_t htimer = g_posix_timers[arg1];
+timer_t htimer = g_posix_timers[timerid];
 ret = get_errno(timer_delete(htimer));
-g_posix_timers[arg1] = 0;
+g_posix_timers[timerid] = 0;
 }
 break;
 }
-- 
2.0.1

[Qemu-devel] [PULL v2 1/5] linux-user: Enable epoll_pwait syscall for ARM

[riku . voipio]

From: Peter Maydell peter.mayd...@linaro.org

We have support for the epoll_pwait syscall, but it wasn't enabled for
ARM guests because we hadn't defined the syscall number; correct this
deficiency.

Reported-by: Dave Flogeras dfloger...@gmail.com
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Signed-off-by: Riku Voipio riku.voi...@linaro.org
---
 linux-user/arm/syscall_nr.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/arm/syscall_nr.h b/linux-user/arm/syscall_nr.h
index bef847c..7d7be7c 100644
--- a/linux-user/arm/syscall_nr.h
+++ b/linux-user/arm/syscall_nr.h
@@ -350,7 +350,7 @@
 #define TARGET_NR_vmsplice (343)
 #define TARGET_NR_move_pages   (344)
 #define TARGET_NR_getcpu   (345)
-   /* 346 for epoll_pwait */
+#define TARGET_NR_epoll_pwait   (346)
 #define TARGET_NR_kexec_load   (347)
 #define TARGET_NR_utimensat(348)
 #define TARGET_NR_signalfd (349)
-- 
2.0.1

[Qemu-devel] [PULL v2 5/5] translate-all.c: memory walker initial address miscalculation

[riku . voipio]

From: Mikhail Ilyin m.i...@samsung.com

The initial base address is miscalculated in walk_memory_regions().
It has to be shifted TARGET_PAGE_BITS more. Holder variables are
extended to target_ulong size otherwise they don't fit for MIPS N32
(a 32-bit ABI with a 64-bit address space) and qemu won't compile.
The issue led to incorrect debug output of memory maps and a
mis-formed coredumped file.

Signed-off-by: Mikhail Ilyin m.i...@samsung.com
Signed-off-by: Riku Voipio riku.voi...@linaro.org
---
 include/exec/cpu-all.h |  4 ++--
 linux-user/elfload.c   | 18 +-
 translate-all.c| 33 -
 3 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index f9d132f..c085804 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -232,8 +232,8 @@ extern uintptr_t qemu_host_page_mask;
 #if defined(CONFIG_USER_ONLY)
 void page_dump(FILE *f);
 
-typedef int (*walk_memory_regions_fn)(void *, abi_ulong,
-  abi_ulong, unsigned long);
+typedef int (*walk_memory_regions_fn)(void *, target_ulong,
+  target_ulong, unsigned long);
 int walk_memory_regions(void *, walk_memory_regions_fn);
 
 int page_get_flags(target_ulong address);
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index bea803b..1c04fcf 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2355,9 +2355,9 @@ struct elf_note_info {
 };
 
 struct vm_area_struct {
-abi_ulong   vma_start;  /* start vaddr of memory region */
-abi_ulong   vma_end;/* end vaddr of memory region */
-abi_ulong   vma_flags;  /* protection etc. flags for the region */
+target_ulong   vma_start;  /* start vaddr of memory region */
+target_ulong   vma_end;/* end vaddr of memory region */
+abi_ulong  vma_flags;  /* protection etc. flags for the region */
 QTAILQ_ENTRY(vm_area_struct) vma_link;
 };
 
@@ -2368,13 +2368,13 @@ struct mm_struct {
 
 static struct mm_struct *vma_init(void);
 static void vma_delete(struct mm_struct *);
-static int vma_add_mapping(struct mm_struct *, abi_ulong,
-   abi_ulong, abi_ulong);
+static int vma_add_mapping(struct mm_struct *, target_ulong,
+   target_ulong, abi_ulong);
 static int vma_get_mapping_count(const struct mm_struct *);
 static struct vm_area_struct *vma_first(const struct mm_struct *);
 static struct vm_area_struct *vma_next(struct vm_area_struct *);
 static abi_ulong vma_dump_size(const struct vm_area_struct *);
-static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
+static int vma_walker(void *priv, target_ulong start, target_ulong end,
   unsigned long flags);
 
 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
@@ -2466,8 +2466,8 @@ static void vma_delete(struct mm_struct *mm)
 g_free(mm);
 }
 
-static int vma_add_mapping(struct mm_struct *mm, abi_ulong start,
-   abi_ulong end, abi_ulong flags)
+static int vma_add_mapping(struct mm_struct *mm, target_ulong start,
+   target_ulong end, abi_ulong flags)
 {
 struct vm_area_struct *vma;
 
@@ -2535,7 +2535,7 @@ static abi_ulong vma_dump_size(const struct 
vm_area_struct *vma)
 return (vma-vma_end - vma-vma_start);
 }
 
-static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
+static int vma_walker(void *priv, target_ulong start, target_ulong end,
   unsigned long flags)
 {
 struct mm_struct *mm = (struct mm_struct *)priv;
diff --git a/translate-all.c b/translate-all.c
index 2e0265a..ba5c840 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1660,30 +1660,30 @@ void cpu_interrupt(CPUState *cpu, int mask)
 struct walk_memory_regions_data {
 walk_memory_regions_fn fn;
 void *priv;
-uintptr_t start;
+target_ulong start;
 int prot;
 };
 
 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
-   abi_ulong end, int new_prot)
+   target_ulong end, int new_prot)
 {
-if (data-start != -1ul) {
+if (data-start != -1u) {
 int rc = data-fn(data-priv, data-start, end, data-prot);
 if (rc != 0) {
 return rc;
 }
 }
 
-data-start = (new_prot ? end : -1ul);
+data-start = (new_prot ? end : -1u);
 data-prot = new_prot;
 
 return 0;
 }
 
 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
- abi_ulong base, int level, void **lp)
+ target_ulong base, int level, void **lp)
 {
-abi_ulong pa;
+target_ulong pa;
 int i, rc;
 
 if (*lp == NULL) {
@@ -1708,7 +1708,7 @@ static int walk_memory_regions_1(struct 
walk_memory_regions_data *data,
 void **pp = *lp;
 
 for (i = 0; i  V_L2_SIZE; ++i) {
-

[Qemu-devel] [PULL v2 0/5] linux-user patches for 2.2

[riku . voipio]

From: Riku Voipio riku.voi...@linaro.org

The following changes since commit 2472b6c07bb50179019589af1c22f43935ab7f5c:

  gdbstub: Allow target CPUs to specify watchpoint STOP_BEFORE_ACCESS flag 
(2014-10-06 14:25:43 +0100)

are available in the git repository at:

  git://git.linaro.org/people/riku.voipio/qemu.git 
tags/pull-linux-user-20141006-2

for you to fetch changes up to 1a1c4db9b298956e89caf53b09b6a7a960d55d66:

  translate-all.c: memory walker initial address miscalculation (2014-10-06 
21:53:35 +0300)


linux-user pull for 2.2

Clearest linux-user patches sent to the list since august,
Apart from Mikhails patch, the rest are quite trivial.

v2: check for CONFIG_TIMERFD only after it has been defined


Alexander Graf (2):
  linux-user: Convert blkpg to use a special subop handler
  linux-user: Simplify timerid checks on g_posix_timers range

Mikhail Ilyin (1):
  translate-all.c: memory walker initial address miscalculation

Peter Maydell (1):
  linux-user: Enable epoll_pwait syscall for ARM

Riku Voipio (1):
  linux-user: don't include timerfd if not needed

 include/exec/cpu-all.h  |  4 ++--
 linux-user/arm/syscall_nr.h |  2 +-
 linux-user/elfload.c| 18 +-
 linux-user/ioctls.h |  3 ++-
 linux-user/syscall.c| 87 
+--
 linux-user/syscall_types.h  |  2 +-
 translate-all.c | 33 -
 7 files changed, 104 insertions(+), 45 deletions(-)

-- 
2.0.1

[Qemu-devel] [PULL v2 4/5] linux-user: don't include timerfd if not needed

[riku . voipio]

From: Riku Voipio riku.voi...@linaro.org

Without this, builds on older systems fail with:

qemu/linux-user/syscall.c:61:25: warning: sys/timerfd.h: No such file or 
directory

v2: fix the usual case where CONFIG_TIMERFD is enabled..

Signed-off-by: Riku Voipio riku.voi...@linaro.org
---
 linux-user/syscall.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7087a56..a175cc1 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -58,7 +58,6 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
 #include sys/shm.h
 #include sys/sem.h
 #include sys/statfs.h
-#include sys/timerfd.h
 #include utime.h
 #include sys/sysinfo.h
 //#include sys/user.h
@@ -67,6 +66,9 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
 #include linux/wireless.h
 #include linux/icmp.h
 #include qemu-common.h
+#ifdef CONFIG_TIMERFD
+#include sys/timerfd.h
+#endif
 #ifdef TARGET_GPROF
 #include sys/gmon.h
 #endif
-- 
2.0.1