Re: [Qemu-devel] [PATCH 4/4] target-ppc: ensure we include the decrementer value during migration

[Mark Cave-Ayland]

On 11/01/16 04:55, David Gibson wrote:

> On Mon, Jan 11, 2016 at 12:18:31PM +1100, Alexey Kardashevskiy wrote:
>> On 01/09/2016 01:21 AM, Mark Cave-Ayland wrote:
>>> On 08/01/16 02:47, Alexey Kardashevskiy wrote:
>>>
 On 01/07/2016 05:22 AM, Mark Cave-Ayland wrote:
> During local testing with TCG, intermittent errors were found when
> trying to
> migrate Darwin OS images.
>
> The underlying cause was that Darwin resets the decrementer value to
> fairly
> small values on each interrupt. cpu_ppc_set_tb_clk() sets the default
> value
> of the decrementer to 0x during initialisation which typically
> corresponds to several seconds. Hence when restoring the image, the guest
> would effectively "lose" decrementer interrupts during this time causing
> confusion in the guest.
>
> NOTE: there does seem to be some overlap here with the
> vmstate_ppc_timebase
> code, however it doesn't seem to handle multiple CPUs which is why
> I've gone
> for an independent implementation.

 It does handle multiple CPUs:

 static int timebase_post_load(void *opaque, int version_id)
 {
 ...
  /* Set new offset to all CPUs */
  CPU_FOREACH(cpu) {
  PowerPCCPU *pcpu = POWERPC_CPU(cpu);
  pcpu->env.tb_env->tb_offset = tb_off_adj;
  }


 It does not transfer DECR though, it transfers the offset instead, one
 for all CPUs.


 The easier solution would be just adding this instead of the whole patch:

 spr_register(env, SPR_DECR, "DECR",
  SPR_NOACCESS, SPR_NOACCESS,
  _read_decr, _write_decr,
  0x);

 somewhere in target-ppc/translate_init.c for CPUs you want to support,
 gen_tbl() seems to be the right place for this. As long as it is just
 spr_register() and not spr_register_kvm(), I suppose it should not break
 KVM and pseries.
>>>
>>> I've just tried adding that but it then gives the following error on
>>> startup:
>>>
>>> Error: Trying to register SPR 22 (016) twice !
>>>
>>> Based upon this, the existing registration seems fine. I think the
>>> problem is that I can't see anything in __cpu_ppc_store_decr() that
>>> updates the spr[SPR_DECR] value when the decrementer register is
>>> changed, so it needs to be explicitly added to
>>> cpu_pre_save()/cpu_post_load():
>>>
>>>
>>> diff --git a/target-ppc/machine.c b/target-ppc/machine.c
>>> index 251a84b..495e58d 100644
>>> --- a/target-ppc/machine.c
>>> +++ b/target-ppc/machine.c
>>> @@ -141,6 +141,7 @@ static void cpu_pre_save(void *opaque)
>>>  env->spr[SPR_CFAR] = env->cfar;
>>>  #endif
>>>  env->spr[SPR_BOOKE_SPEFSCR] = env->spe_fscr;
>>> +env->spr[SPR_DECR] = cpu_ppc_load_decr(env);
>>>
>>>  for (i = 0; (i < 4) && (i < env->nb_BATs); i++) {
>>>  env->spr[SPR_DBAT0U + 2*i] = env->DBAT[0][i];
>>> @@ -175,6 +176,7 @@ static int cpu_post_load(void *opaque, int version_id)
>>>  env->cfar = env->spr[SPR_CFAR];
>>>  #endif
>>>  env->spe_fscr = env->spr[SPR_BOOKE_SPEFSCR];
>>> +cpu_ppc_store_decr(env, env->spr[SPR_DECR]);
>>>
>>>  for (i = 0; (i < 4) && (i < env->nb_BATs); i++) {
>>>  env->DBAT[0][i] = env->spr[SPR_DBAT0U + 2*i];
>>>
>>>
>>> I've just tried the diff above instead of my original version and
>>> repeated my savevm/loadvm pair test with a Darwin installation and it
>>> also fixes the random hang I was seeing on loadvm.
>>>
>>> Seemingly this should work on KVM in that cpu_ppc_load_decr() and
>>> cpu_ppc_store_decr() become no-ops as long as KVM maintains
>>> env->spr[SPR_DECR], but a second set of eyeballs would be useful here.
>>>
>>> If you can let me know if this is suitable then I'll update the patchset
>>> based upon your feedback and send out a v2.
>>
>>
>> Looks good to me, I'd just wait a day or two in the case if David wants to
>> comment.
> 
> I was on holiday and missed the start of this thread, I'm afraid, so I
> don't fully understand the context here.

It's part of a patchset I posted which fixes up problems I had with
migrating g3beige/mac99 machines under TCG:
https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00544.html.

Apologies for not adding you as CC directly - are you still helping to
cover ppc-next for Alex?

> Am I right in thinking that this change will essentially freeze the
> decrementer across the migration downtime?  That doesn't seem right,
> since the decrementer is supposed to be linked to the timebase and
> represent real time passing.

Yes, that's correct.

> In other words, isn't this just skipping the decrementer interrupts at
> the qemu level rather than the guest level?
> 
> It seems that instead we should be reconstructing the decrementer on
> the destination based on an offset from the timebase.

Well I haven't really looked at how time warping works during in
migration for QEMU, however this seems to be the method 

Re: [Qemu-devel] [PATCH] linux-user/syscall.c: Use SOL_SOCKET instead of level for setsockopt()

[Laurent Vivier]

Le 11/01/2016 06:58, cheng...@emindsoft.com.cn a écrit :
> From: Chen Gang 
> 
> In this case, level is TARGET_SOL_SOCKET, but we need SOL_SOCKET for
> setsockopt().
> 
> Signed-off-by: Chen Gang 
> ---
>  linux-user/syscall.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 95b1762..44485f2 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -1596,7 +1596,8 @@ set_timeout:
>   addr_ifname = alloca(IFNAMSIZ);
>   memcpy(addr_ifname, dev_ifname, optlen);
>   addr_ifname[optlen] = 0;
> - ret = get_errno(setsockopt(sockfd, level, optname, addr_ifname, 
> optlen));
> + ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
> +   addr_ifname, optlen));
>   unlock_user (dev_ifname, optval_addr, 0);
>   return ret;
>   }
> 
Reviewed-by: Laurent Vivier 

Re: [Qemu-devel] [PATCH] ether/slirp: Avoid redefinition of the same constants

[Jason Wang]

On 01/09/2016 12:25 AM, Alex Bennée wrote:
> Dr. David Alan Gilbert (git)  writes:
>
>> From: "Dr. David Alan Gilbert" 
>>
>> eth.h and slirp.h both define ETH_ALEN and ETH_P_IP
>> rtl8139.c and eth.h both define ETH_HLEN
>>
>> Move the related constant (ETH_P_ARP) from slirp.h to eth.h, and
>> remove the duplicates; make slirp.h include eth.h
> Reviewed-by: Alex Bennée 

Applied, thanks.

[Qemu-devel] [PULL 02/24] net/vmxnet3: use %zu for size_t in printf

[Jason Wang]

From: Miao Yan 

Use %zu specifier for size_t in printf, otherwise build would fail
on platforms where size_t is not unsigned long

Signed-off-by: Miao Yan 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index b41a35c..a5dd79a 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -138,7 +138,7 @@ static inline void vmxnet3_ring_init(Vmxnet3Ring *ring,
 }
 
 #define VMXNET3_RING_DUMP(macro, ring_name, ridx, r) \
-macro("%s#%d: base %" PRIx64 " size %lu cell_size %lu gen %d next %lu",  \
+macro("%s#%d: base %" PRIx64 " size %zu cell_size %zu gen %d next %zu",  \
   (ring_name), (ridx),   \
   (r)->pa, (r)->size, (r)->cell_size, (r)->gen, (r)->next)
 
@@ -925,7 +925,7 @@ static void vmxnet3_rx_need_csum_calculate(struct 
VmxnetRxPkt *pkt,
 
 /* Validate packet len: csum_start + scum_offset + length of csum field */
 if (pkt_len < (vhdr->csum_start + vhdr->csum_offset + 2)) {
-VMW_PKPRN("packet len:%lu < csum_start(%d) + csum_offset(%d) + 2, "
+VMW_PKPRN("packet len:%zu < csum_start(%d) + csum_offset(%d) + 2, "
   "cannot calculate checksum",
   pkt_len, vhdr->csum_start, vhdr->csum_offset);
 return;
@@ -1974,7 +1974,7 @@ vmxnet3_receive(NetClientState *nc, const uint8_t *buf, 
size_t size)
 vmxnet_rx_pkt_attach_data(s->rx_pkt, buf, size, s->rx_vlan_stripping);
 bytes_indicated = vmxnet3_indicate_packet(s) ? size : -1;
 if (bytes_indicated < size) {
-VMW_PKPRN("RX: %lu of %lu bytes indicated", bytes_indicated, size);
+VMW_PKPRN("RX: %zu of %zu bytes indicated", bytes_indicated, size);
 }
 } else {
 VMW_PKPRN("Packet dropped by RX filter");
-- 
2.5.0

[Qemu-devel] [PULL 00/24] Net patches

[Jason Wang]

The following changes since commit 6bb9ead762bf749af11ea225fc2a74db1b93c105:

  Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160108-1' into 
staging (2016-01-08 12:50:19 +)

are available in the git repository at:

  https://github.com/jasowang/qemu.git tags/net-pull-request

for you to fetch changes up to 9c7ffe266485c87e8e76d59af22e96866c202e42:

  ether/slirp: Avoid redefinition of the same constants (2016-01-11 11:01:35 
+0800)




Alexis Dambricourt (1):
  l2tpv3: fix cookie decoding

Dr. David Alan Gilbert (1):
  ether/slirp: Avoid redefinition of the same constants

Li Zhijian (2):
  net/dump: fix nfds->filename leak
  net/filter: fix nf->netdev_id leak

Miao Yan (9):
  net/vmxnet3: fix a build error when enabling debug output
  net/vmxnet3: use %zu for size_t in printf
  net/vmxnet3: fix debug macro pattern for vmxnet3
  net/vmxnet3: remove redundant VMW_SHPRN(...) definition
  net/vmxnet3: return 1 on device activation failure
  net/vmxnet3: return correct value for VMXNET3_CMD_GET_DID_* command
  net/vmxnet3: return correct value for VMXNET3_CMD_GET_DEV_EXTRA_INFO
  net/vmxnet3: return 0 on unknown command
  net/vmxnet3: rename VMXNET3_DEVICE_VERSION to VMXNET3_UPT_REVISION

P J P (1):
  net: vmxnet3: avoid memory leakage in activate_device

Prasad J Pandit (2):
  net: rocker: fix an incorrect array bounds check
  net: ne2000: fix bounds check in ioport operations

Shmulik Ladkani (7):
  vmxnet3: Change offsets of msi/msix pci capabilities
  vmxnet3: Change the offset of the MSIX PBA table
  vmxnet3: Introduce 'x-old-msi-offsets' back-compat property
  vmxnet3: coding: Introduce VMXNET3Class
  vmxnet3: The vmxnet3 device is a PCIE endpoint
  vmxnet3: Report the Device Serial Number capability
  vmxnet3: Introduce 'x-disable-pcie' back-compat property

Thomas Huth (1):
  MAINTAINERS: Add an entry for the net/slirp.c file

 MAINTAINERS|   1 +
 hw/net/ne2000.c|  10 +--
 hw/net/rocker/rocker.c |   8 +--
 hw/net/rtl8139.c   |   1 -
 hw/net/vmware_utils.h  |   5 +-
 hw/net/vmxnet3.c   | 175 ++---
 hw/net/vmxnet_debug.h  | 139 ---
 include/hw/compat.h|  10 ++-
 include/net/eth.h  |   4 +-
 net/dump.c |   8 +++
 net/filter.c   |   1 +
 net/l2tpv3.c   |   2 +-
 slirp/slirp.h  |   7 +-
 13 files changed, 274 insertions(+), 97 deletions(-)

[Qemu-devel] [PULL 07/24] net/vmxnet3: return 1 on device activation failure

[Jason Wang]

From: Miao Yan 

When reading device status, 0 means device is successfully
activated and 1 means error.

This behavior can be observed by the following steps:

1) run a Linux distro on esxi server (5.5+)
2) modify vmxnet3 Linux driver to give it an invalid
   address to 'adapter->shared_pa' which is the
   shared memory for guest/host communication

This will trigger device activation failure and kernel
log will have the following message:

   [ 7138.403256] vmxnet3 :03:00.0 eth1: Failed to activate dev: error 1

So return 1 on device activation failure instead of -1;

Signed-off-by: Miao Yan 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 9c1adfc..8a992d3 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1662,7 +1662,7 @@ static uint64_t vmxnet3_get_command_status(VMXNET3State 
*s)
 
 switch (s->last_command) {
 case VMXNET3_CMD_ACTIVATE_DEV:
-ret = (s->device_active) ? 0 : -1;
+ret = (s->device_active) ? 0 : 1;
 VMW_CFPRN("Device active: %" PRIx64, ret);
 break;
 
-- 
2.5.0

[Qemu-devel] [PULL 03/24] net/vmxnet3: fix debug macro pattern for vmxnet3

[Jason Wang]

From: Miao Yan 

Vmxnet3 uses the following debug macro style:

 #ifdef SOME_DEBUG
 #  define debug(...) do{ printf(...); } while (0)
 # else
 #  define debug(...) do{ } while (0)
 #endif

If SOME_DEBUG is undefined, then format string inside the
debug macro will never be checked by compiler. Code is
likely to break in the future when SOME_DEBUG is enabled
 because of lack of testing. This patch changes this
to the following:

 #define debug(...) \
  do { if (SOME_DEBUG_ENABLED) printf(...); } while (0)

Signed-off-by: Miao Yan 
Reviewed-by: Eric Blake 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet_debug.h | 139 +++---
 1 file changed, 86 insertions(+), 53 deletions(-)

diff --git a/hw/net/vmxnet_debug.h b/hw/net/vmxnet_debug.h
index 96dae0f..96495db 100644
--- a/hw/net/vmxnet_debug.h
+++ b/hw/net/vmxnet_debug.h
@@ -20,94 +20,127 @@
 
 #define VMXNET_DEVICE_NAME "vmxnet3"
 
-/* #define VMXNET_DEBUG_CB */
 #define VMXNET_DEBUG_WARNINGS
 #define VMXNET_DEBUG_ERRORS
-/* #define VMXNET_DEBUG_INTERRUPTS */
-/* #define VMXNET_DEBUG_CONFIG */
-/* #define VMXNET_DEBUG_RINGS */
-/* #define VMXNET_DEBUG_PACKETS */
-/* #define VMXNET_DEBUG_SHMEM_ACCESS */
+
+#undef VMXNET_DEBUG_CB
+#undef VMXNET_DEBUG_INTERRUPTS
+#undef VMXNET_DEBUG_CONFIG
+#undef VMXNET_DEBUG_RINGS
+#undef VMXNET_DEBUG_PACKETS
+#undef VMXNET_DEBUG_SHMEM_ACCESS
+
+#ifdef VMXNET_DEBUG_CB
+#  define VMXNET_DEBUG_CB_ENABLED 1
+#else
+#  define VMXNET_DEBUG_CB_ENABLED 0
+#endif
+
+#ifdef VMXNET_DEBUG_WARNINGS
+#  define VMXNET_DEBUG_WARNINGS_ENABLED 1
+#else
+#  define VMXNET_DEBUG_WARNINGS_ENABLED 0
+#endif
+
+#ifdef VMXNET_DEBUG_ERRORS
+#  define VMXNET_DEBUG_ERRORS_ENABLED 1
+#else
+#  define VMXNET_DEBUG_ERRORS_ENABLED 0
+#endif
+
+#ifdef VMXNET_DEBUG_CONFIG
+#  define VMXNET_DEBUG_CONFIG_ENABLED 1
+#else
+#  define VMXNET_DEBUG_CONFIG_ENABLED 0
+#endif
+
+#ifdef VMXNET_DEBUG_RINGS
+#  define VMXNET_DEBUG_RINGS_ENABLED 1
+#else
+#  define VMXNET_DEBUG_RINGS_ENABLED 0
+#endif
+
+#ifdef VMXNET_DEBUG_PACKETS
+#  define VMXNET_DEBUG_PACKETS_ENABLED 1
+#else
+#  define VMXNET_DEBUG_PACKETS_ENABLED 0
+#endif
+
+#ifdef VMXNET_DEBUG_INTERRUPTS
+#  define VMXNET_DEBUG_INTERRUPTS_ENABLED 1
+#else
+#  define VMXNET_DEBUG_INTERRUPTS_ENABLED 0
+#endif
 
 #ifdef VMXNET_DEBUG_SHMEM_ACCESS
+#  define VMXNET_DEBUG_SHMEM_ACCESS_ENABLED 1
+#else
+#  define VMXNET_DEBUG_SHMEM_ACCESS_ENABLED 0
+#endif
+
 #define VMW_SHPRN(fmt, ...)   \
 do {  \
-printf("[%s][SH][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__,   \
-## __VA_ARGS__);  \
+if (VMXNET_DEBUG_SHMEM_ACCESS_ENABLED) {  \
+printf("[%s][SH][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__,   \
+## __VA_ARGS__);  \
+   }  \
 } while (0)
-#else
-#define VMW_SHPRN(fmt, ...) do {} while (0)
-#endif
 
-#ifdef VMXNET_DEBUG_CB
 #define VMW_CBPRN(fmt, ...)   \
 do {  \
-printf("[%s][CB][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__,   \
-## __VA_ARGS__);  \
+if (VMXNET_DEBUG_CB_ENABLED) {\
+printf("[%s][CB][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__,   \
+## __VA_ARGS__);  \
+} \
 } while (0)
-#else
-#define VMW_CBPRN(fmt, ...) do {} while (0)
-#endif
 
-#ifdef VMXNET_DEBUG_PACKETS
 #define VMW_PKPRN(fmt, ...)   \
 do {  \
-printf("[%s][PK][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__,   \
-## __VA_ARGS__);  \
+if (VMXNET_DEBUG_PACKETS_ENABLED) {   \
+printf("[%s][PK][%s]: " fmt "\n", VMXNET_DEVICE_NAME, __func__,   \
+## __VA_ARGS__);  \
+} \
 } while (0)
-#else
-#define VMW_PKPRN(fmt, ...) do {} while (0)
-#endif
 
-#ifdef VMXNET_DEBUG_WARNINGS
 #define VMW_WRPRN(fmt, ...)   \
 do {  \
-

[Qemu-devel] [PULL 01/24] net/vmxnet3: fix a build error when enabling debug output

[Jason Wang]

From: Miao Yan 

Macro MAC_FMT and MAC_ARG are not defined, but used in vmxnet3_net_init().
This will cause build error when debug level is raised in
vmxnet3_debug.h (enable all VMXNET3_DEBUG_xxx).

Use VMXNET_MF and VXMNET_MA instead.

Signed-off-by: Miao Yan 
Reviewed-by: Eric Blake 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 37373e5..b41a35c 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -2043,7 +2043,7 @@ static void vmxnet3_net_init(VMXNET3State *s)
 
 s->link_status_and_speed = VMXNET3_LINK_SPEED | VMXNET3_LINK_STATUS_UP;
 
-VMW_CFPRN("Permanent MAC: " MAC_FMT, MAC_ARG(s->perm_mac.a));
+VMW_CFPRN("Permanent MAC: " VMXNET_MF, VMXNET_MA(s->perm_mac.a));
 
 s->nic = qemu_new_nic(_vmxnet3_info, >conf,
   object_get_typename(OBJECT(s)),
-- 
2.5.0

[Qemu-devel] [PULL 04/24] net/vmxnet3: remove redundant VMW_SHPRN(...) definition

[Jason Wang]

From: Miao Yan 

Macro VMW_SHPRN(...) is already defined vmxnet3_debug.h,
so remove the duplication

Signed-off-by: Miao Yan 
Reviewed-by: Eric Blake 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Jason Wang 
---
 hw/net/vmware_utils.h | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/hw/net/vmware_utils.h b/hw/net/vmware_utils.h
index 1099df6..c2c2f90 100644
--- a/hw/net/vmware_utils.h
+++ b/hw/net/vmware_utils.h
@@ -18,10 +18,7 @@
 #define VMWARE_UTILS_H
 
 #include "qemu/range.h"
-
-#ifndef VMW_SHPRN
-#define VMW_SHPRN(fmt, ...) do {} while (0)
-#endif
+#include "vmxnet_debug.h"
 
 /*
  * Shared memory access functions with byte swap support
-- 
2.5.0

[Qemu-devel] [PULL 19/24] vmxnet3: Report the Device Serial Number capability

[Jason Wang]

From: Shmulik Ladkani 

Report the DSN extended PCI capability at 0x100.
DSN value is a transformation of device MAC address, as calculated
by VMware virtual hardware.

DSN is reported only if device is pcie.

Signed-off-by: Shmulik Ladkani 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 28 ++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 4dc7519..aee218c 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -49,6 +49,7 @@
 ((s)->compat_flags & VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS ? 0x50 : 0x84)
 #define VMXNET3_MSIX_OFFSET(s) \
 ((s)->compat_flags & VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS ? 0 : 0x9c)
+#define VMXNET3_DSN_OFFSET (0x100)
 
 #define VMXNET3_BAR0_IDX  (0)
 #define VMXNET3_BAR1_IDX  (1)
@@ -2253,6 +2254,22 @@ static const MemoryRegionOps b1_ops = {
 },
 };
 
+static uint8_t *vmxnet3_device_serial_num(VMXNET3State *s)
+{
+static uint64_t dsn_payload;
+uint8_t *dsnp = (uint8_t *)_payload;
+
+dsnp[0] = 0xfe;
+dsnp[1] = s->conf.macaddr.a[3];
+dsnp[2] = s->conf.macaddr.a[4];
+dsnp[3] = s->conf.macaddr.a[5];
+dsnp[4] = s->conf.macaddr.a[0];
+dsnp[5] = s->conf.macaddr.a[1];
+dsnp[6] = s->conf.macaddr.a[2];
+dsnp[7] = 0xff;
+return dsnp;
+}
+
 static void vmxnet3_pci_realize(PCIDevice *pci_dev, Error **errp)
 {
 DeviceState *dev = DEVICE(pci_dev);
@@ -2290,8 +2307,15 @@ static void vmxnet3_pci_realize(PCIDevice *pci_dev, 
Error **errp)
 
 vmxnet3_net_init(s);
 
-if (pci_is_express(pci_dev) && pci_bus_is_express(pci_dev->bus)) {
-pcie_endpoint_cap_init(pci_dev, VMXNET3_EXP_EP_OFFSET);
+if (pci_is_express(pci_dev)) {
+if (pci_bus_is_express(pci_dev->bus)) {
+pcie_endpoint_cap_init(pci_dev, VMXNET3_EXP_EP_OFFSET);
+}
+
+pcie_add_capability(pci_dev, PCI_EXT_CAP_ID_DSN, 0x1,
+VMXNET3_DSN_OFFSET, PCI_EXT_CAP_DSN_SIZEOF);
+memcpy(pci_dev->config + VMXNET3_DSN_OFFSET + 4,
+   vmxnet3_device_serial_num(s), sizeof(uint64_t));
 }
 
 register_savevm(dev, "vmxnet3-msix", -1, 1,
-- 
2.5.0

[Qemu-devel] [PULL 06/24] MAINTAINERS: Add an entry for the net/slirp.c file

[Jason Wang]

From: Thomas Huth 

The file net/slirp.c should be listed in the SLIRP section, too.

Signed-off-by: Thomas Huth 
Signed-off-by: Jason Wang 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 5a62ecd..ccfa34b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1199,6 +1199,7 @@ SLIRP
 M: Jan Kiszka 
 S: Maintained
 F: slirp/
+F: net/slirp.c
 T: git git://git.kiszka.org/qemu.git queues/slirp
 
 Tracing
-- 
2.5.0

[Qemu-devel] [PULL 08/24] net/vmxnet3: return correct value for VMXNET3_CMD_GET_DID_* command

[Jason Wang]

From: Miao Yan 

VMXNET3_CMD_GET_DID_LO should return PCI ID of the device
and VMXNET3_CMD_GET_DID_HI should return vmxnet3 revision ID.

This behavior can be observed by the following steps:

1) run a Linux distro on esxi server (5.x+)
2) modify vmxnet3 Linux driver to read DID_HI and DID_LO:

  VMXNET3_WRITE_BAR1_REG(adapter, VMXNET3_REG_CMD, VMXNET3_CMD_GET_DID_LO);
  lo =  VMXNET3_READ_BAR1_REG(adapter, VMXNET3_REG_CMD);

  VMXNET3_WRITE_BAR1_REG(adapter, VMXNET3_REG_CMD, VMXNET3_CMD_GET_DID_HI);
  high =  VMXNET3_READ_BAR1_REG(adapter, VMXNET3_REG_CMD);
  pr_info("vmxnet3 DID lo: 0x%x, high: 0x%x\n", lo, high);

The kernel log will have something like the following message:

  [ 7005.70] vmxnet3 DID lo: 0x7b0, high: 0x1

Signed-off-by: Miao Yan 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 8a992d3..0aff0d4 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1650,6 +1650,14 @@ static void vmxnet3_handle_command(VMXNET3State *s, 
uint64_t cmd)
   "adaptive ring info flags");
 break;
 
+case VMXNET3_CMD_GET_DID_LO:
+VMW_CBPRN("Set: Get lower part of device ID");
+break;
+
+case VMXNET3_CMD_GET_DID_HI:
+VMW_CBPRN("Set: Get upper part of device ID");
+break;
+
 default:
 VMW_CBPRN("Received unknown command: %" PRIx64, cmd);
 break;
@@ -1693,6 +1701,14 @@ static uint64_t vmxnet3_get_command_status(VMXNET3State 
*s)
 ret = VMXNET3_DISABLE_ADAPTIVE_RING;
 break;
 
+case VMXNET3_CMD_GET_DID_LO:
+ret = PCI_DEVICE_ID_VMWARE_VMXNET3;
+break;
+
+case VMXNET3_CMD_GET_DID_HI:
+ret = VMXNET3_DEVICE_REVISION;
+break;
+
 default:
 VMW_WRPRN("Received request for unknown command: %x", s->last_command);
 ret = -1;
-- 
2.5.0

[Qemu-devel] [PULL 12/24] net/dump: fix nfds->filename leak

[Jason Wang]

From: Li Zhijian 

Cc: Jason Wang 
Signed-off-by: Li Zhijian 
Cc: qemu-sta...@nongnu.org
Signed-off-by: Jason Wang 
---
 net/dump.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/net/dump.c b/net/dump.c
index ce16a4b..347b5ca 100644
--- a/net/dump.c
+++ b/net/dump.c
@@ -329,6 +329,13 @@ static void filter_dump_instance_init(Object *obj)
 file_dump_set_filename, NULL);
 }
 
+static void filter_dump_instance_finalize(Object *obj)
+{
+NetFilterDumpState *nfds = FILTER_DUMP(obj);
+
+g_free(nfds->filename);
+}
+
 static void filter_dump_class_init(ObjectClass *oc, void *data)
 {
 NetFilterClass *nfc = NETFILTER_CLASS(oc);
@@ -343,6 +350,7 @@ static const TypeInfo filter_dump_info = {
 .parent = TYPE_NETFILTER,
 .class_init = filter_dump_class_init,
 .instance_init = filter_dump_instance_init,
+.instance_finalize = filter_dump_instance_finalize,
 .instance_size = sizeof(NetFilterDumpState),
 };
 
-- 
2.5.0

[Qemu-devel] [PULL 05/24] net: vmxnet3: avoid memory leakage in activate_device

[Jason Wang]

From: P J P 

Vmxnet3 device emulator does not check if the device is active
before activating it, also it did not free the transmit & receive
buffers while deactivating the device, thus resulting in memory
leakage on the host. This patch fixes both these issues to avoid
host memory leakage.

Reported-by: Qinghao Tang 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Prasad J Pandit 
Cc: qemu-sta...@nongnu.org
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 24 
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index a5dd79a..9c1adfc 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
 
 static void vmxnet3_deactivate_device(VMXNET3State *s)
 {
-VMW_CBPRN("Deactivating vmxnet3...");
-s->device_active = false;
+if (s->device_active) {
+VMW_CBPRN("Deactivating vmxnet3...");
+vmxnet_tx_pkt_reset(s->tx_pkt);
+vmxnet_tx_pkt_uninit(s->tx_pkt);
+vmxnet_rx_pkt_uninit(s->rx_pkt);
+s->device_active = false;
+}
 }
 
 static void vmxnet3_reset(VMXNET3State *s)
@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s)
 
 vmxnet3_deactivate_device(s);
 vmxnet3_reset_interrupt_states(s);
-vmxnet_tx_pkt_reset(s->tx_pkt);
 s->drv_shmem = 0;
 s->tx_sop = true;
 s->skip_current_tx_pkt = false;
@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
 return;
 }
 
+/* Verify if device is active */
+if (s->device_active) {
+VMW_CFPRN("Vmxnet3 device is active");
+return;
+}
+
 vmxnet3_adjust_by_guest_type(s);
 vmxnet3_update_features(s);
 vmxnet3_update_pm_state(s);
@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, 
uint64_t cmd)
 break;
 
 case VMXNET3_CMD_QUIESCE_DEV:
-VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
+VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
 vmxnet3_deactivate_device(s);
 break;
 
@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque,
  * shared address only after we get the high part
  */
 if (val == 0) {
-s->device_active = false;
+vmxnet3_deactivate_device(s);
 }
 s->temp_shared_guest_driver_memory = val;
 s->drv_shmem = 0;
@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
 static void vmxnet3_net_uninit(VMXNET3State *s)
 {
 g_free(s->mcast_list);
-vmxnet_tx_pkt_reset(s->tx_pkt);
-vmxnet_tx_pkt_uninit(s->tx_pkt);
-vmxnet_rx_pkt_uninit(s->rx_pkt);
+vmxnet3_deactivate_device(s);
 qemu_del_nic(s->nic);
 }
 
-- 
2.5.0

[Qemu-devel] [PULL 10/24] net/vmxnet3: return 0 on unknown command

[Jason Wang]

From: Miao Yan 

Return 0 on unknown command, this is what esxi (5.x+) behaves.

Signed-off-by: Miao Yan 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index da59d7d..6ba7c75 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1716,7 +1716,7 @@ static uint64_t vmxnet3_get_command_status(VMXNET3State 
*s)
 
 default:
 VMW_WRPRN("Received request for unknown command: %x", s->last_command);
-ret = -1;
+ret = 0;
 break;
 }
 
-- 
2.5.0

[Qemu-devel] [PULL 09/24] net/vmxnet3: return correct value for VMXNET3_CMD_GET_DEV_EXTRA_INFO

[Jason Wang]

From: Miao Yan 

VMXNET3_CMD_GET_DEV_EXTRA_INFO should return 0 for emulation
mode

This behavior can be observed by the following steps:

1) run a Linux distro on esxi server (5.x+)
2) modify vmxnet3 Linux driver to read the register:

  VMXNET3_WRITE_BAR1_REG(adapter, VMXNET3_REG_CMD, 
VMXNET3_CMD_GET_DEV_EXTRA_INFO);
  ret =  VMXNET3_READ_BAR1_REG(adapter, VMXNET3_REG_CMD);
  pr_info("vmxnet3 dev_info: 0x%x\n", ret);

The kernel log will have some like the following message:

  [ 7005.70] vmxnet3 dev_info: 0x0

Signed-off-by: Miao Yan 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 0aff0d4..da59d7d 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1658,6 +1658,10 @@ static void vmxnet3_handle_command(VMXNET3State *s, 
uint64_t cmd)
 VMW_CBPRN("Set: Get upper part of device ID");
 break;
 
+case VMXNET3_CMD_GET_DEV_EXTRA_INFO:
+VMW_CBPRN("Set: Get device extra info");
+break;
+
 default:
 VMW_CBPRN("Received unknown command: %" PRIx64, cmd);
 break;
@@ -1677,6 +1681,7 @@ static uint64_t vmxnet3_get_command_status(VMXNET3State 
*s)
 case VMXNET3_CMD_RESET_DEV:
 case VMXNET3_CMD_QUIESCE_DEV:
 case VMXNET3_CMD_GET_QUEUE_STATUS:
+case VMXNET3_CMD_GET_DEV_EXTRA_INFO:
 ret = 0;
 break;
 
-- 
2.5.0

[Qemu-devel] [PULL 11/24] net/vmxnet3: rename VMXNET3_DEVICE_VERSION to VMXNET3_UPT_REVISION

[Jason Wang]

From: Miao Yan 

VMXNET3_DEVICE_VERSION is used as return value for accessing
UPT Revision Report and Selection register. So rename it
to VMXNET3_UPT_REVISION.

Signed-off-by: Miao Yan 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 6ba7c75..63692c5 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -50,7 +50,7 @@
 #define VMXNET3_LINK_STATUS_UP  0x1
 
 /* Least significant bit should be set for revision and version */
-#define VMXNET3_DEVICE_VERSION0x1
+#define VMXNET3_UPT_REVISION  0x1
 #define VMXNET3_DEVICE_REVISION   0x1
 
 /* Number of interrupt vectors for non-MSIx modes */
@@ -1847,7 +1847,7 @@ vmxnet3_io_bar1_read(void *opaque, hwaddr addr, unsigned 
size)
 /* UPT Version Report Selection */
 case VMXNET3_REG_UVRS:
 VMW_CBPRN("Read BAR1 [VMXNET3_REG_UVRS], size %d", size);
-ret = VMXNET3_DEVICE_VERSION;
+ret = VMXNET3_UPT_REVISION;
 break;
 
 /* Command */
-- 
2.5.0

[Qemu-devel] [PULL 22/24] net: ne2000: fix bounds check in ioport operations

[Jason Wang]

From: Prasad J Pandit 

While doing ioport r/w operations, ne2000 device emulation suffers
from OOB r/w errors. Update respective array bounds check to avoid
OOB access.

Reported-by: Ling Liu 
Cc: qemu-sta...@nongnu.org
Signed-off-by: Prasad J Pandit 
Signed-off-by: Jason Wang 
---
 hw/net/ne2000.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
index 010f9ef..a3d 100644
--- a/hw/net/ne2000.c
+++ b/hw/net/ne2000.c
@@ -467,8 +467,9 @@ static inline void ne2000_mem_writel(NE2000State *s, 
uint32_t addr,
  uint32_t val)
 {
 addr &= ~1; /* XXX: check exact behaviour if not even */
-if (addr < 32 ||
-(addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
+if (addr < 32
+|| (addr >= NE2000_PMEM_START
+&& addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
 stl_le_p(s->mem + addr, val);
 }
 }
@@ -497,8 +498,9 @@ static inline uint32_t ne2000_mem_readw(NE2000State *s, 
uint32_t addr)
 static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
 {
 addr &= ~1; /* XXX: check exact behaviour if not even */
-if (addr < 32 ||
-(addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
+if (addr < 32
+|| (addr >= NE2000_PMEM_START
+&& addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) {
 return ldl_le_p(s->mem + addr);
 } else {
 return 0x;
-- 
2.5.0

[Qemu-devel] [PULL 20/24] vmxnet3: Introduce 'x-disable-pcie' back-compat property

[Jason Wang]

From: Shmulik Ladkani 

Following the previous patch which changed vmxnet3 to be a pci express
device, this patch introduces a boolean property 'x-disable-pcie' whose
default is false.

Setting 'x-disable-pcie' to 'on' preserves the old 'pci device' (non
express) behavior. This allows migration to older versions.

Signed-off-by: Shmulik Ladkani 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c| 2 ++
 include/hw/compat.h | 4 
 2 files changed, 6 insertions(+)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index aee218c..67abad3 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -2663,6 +2663,8 @@ static Property vmxnet3_properties[] = {
 DEFINE_NIC_PROPERTIES(VMXNET3State, conf),
 DEFINE_PROP_BIT("x-old-msi-offsets", VMXNET3State, compat_flags,
 VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS_BIT, false),
+DEFINE_PROP_BIT("x-disable-pcie", VMXNET3State, compat_flags,
+VMXNET3_COMPAT_FLAG_DISABLE_PCIE_BIT, false),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/include/hw/compat.h b/include/hw/compat.h
index fd20d0e..98df0dd 100644
--- a/include/hw/compat.h
+++ b/include/hw/compat.h
@@ -6,6 +6,10 @@
 .driver   = "vmxnet3",\
 .property = "x-old-msi-offsets",\
 .value= "on",\
+},{\
+.driver   = "vmxnet3",\
+.property = "x-disable-pcie",\
+.value= "on",\
 },
 
 #define HW_COMPAT_2_4 \
-- 
2.5.0

[Qemu-devel] [PULL 15/24] vmxnet3: Change the offset of the MSIX PBA table

[Jason Wang]

From: Shmulik Ladkani 

Place the PBA table at 0x1000, as placed by VMware virtual hardware.

Signed-off-by: Shmulik Ladkani 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 0097f4b..4e1534b 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -51,7 +51,8 @@
 #define VMXNET3_MSIX_BAR_IDX  (2)
 
 #define VMXNET3_OFF_MSIX_TABLE (0x000)
-#define VMXNET3_OFF_MSIX_PBA   (0x800)
+#define VMXNET3_OFF_MSIX_PBA(s) \
+((s)->compat_flags & VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS ? 0x800 : 0x1000)
 
 /* Link speed in Mbps should be shifted by 16 */
 #define VMXNET3_LINK_SPEED  (1000 << 16)
@@ -2143,7 +2144,7 @@ vmxnet3_init_msix(VMXNET3State *s)
 >msix_bar,
 VMXNET3_MSIX_BAR_IDX, VMXNET3_OFF_MSIX_TABLE,
 >msix_bar,
-VMXNET3_MSIX_BAR_IDX, VMXNET3_OFF_MSIX_PBA,
+VMXNET3_MSIX_BAR_IDX, VMXNET3_OFF_MSIX_PBA(s),
 VMXNET3_MSIX_OFFSET(s));
 
 if (0 > res) {
-- 
2.5.0

[Qemu-devel] [PULL 13/24] net/filter: fix nf->netdev_id leak

[Jason Wang]

From: Li Zhijian 

Cc: Jason Wang 
Cc: qemu-sta...@nongnu.org
Signed-off-by: Li Zhijian 
Signed-off-by: Jason Wang 
---
 net/filter.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/filter.c b/net/filter.c
index 1365bad..f777ba2 100644
--- a/net/filter.c
+++ b/net/filter.c
@@ -204,6 +204,7 @@ static void netfilter_finalize(Object *obj)
 if (nf->netdev && !QTAILQ_EMPTY(>netdev->filters)) {
 QTAILQ_REMOVE(>netdev->filters, nf, next);
 }
+g_free(nf->netdev_id);
 }
 
 static void netfilter_class_init(ObjectClass *oc, void *data)
-- 
2.5.0

[Qemu-devel] [PULL 16/24] vmxnet3: Introduce 'x-old-msi-offsets' back-compat property

[Jason Wang]

From: Shmulik Ladkani 

Following the previous patches, where vmxnet3's pci's msi/msix
capability offsets and msix's PBA table offsets have been changed, this
patch introduces a boolean property 'x-old-msi-offsets' to vmxnet3,
whose default is false.

Setting 'x-old-msi-offsets' to 'on' preserves the old offsets behavior,
which allows migration to older versions.

Signed-off-by: Shmulik Ladkani 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c| 2 ++
 include/hw/compat.h | 6 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 4e1534b..f398dea 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -2593,6 +2593,8 @@ static const VMStateDescription vmstate_vmxnet3 = {
 
 static Property vmxnet3_properties[] = {
 DEFINE_NIC_PROPERTIES(VMXNET3State, conf),
+DEFINE_PROP_BIT("x-old-msi-offsets", VMXNET3State, compat_flags,
+VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS_BIT, false),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/include/hw/compat.h b/include/hw/compat.h
index 3d8d2a9..fd20d0e 100644
--- a/include/hw/compat.h
+++ b/include/hw/compat.h
@@ -2,7 +2,11 @@
 #define HW_COMPAT_H
 
 #define HW_COMPAT_2_5 \
-/* empty */
+{\
+.driver   = "vmxnet3",\
+.property = "x-old-msi-offsets",\
+.value= "on",\
+},
 
 #define HW_COMPAT_2_4 \
 {\
-- 
2.5.0

[Qemu-devel] [PULL 23/24] l2tpv3: fix cookie decoding

[Jason Wang]

From: Alexis Dambricourt 

If a 32 bits l2tpv3 frame cookie MSB if set to 1, the cast to uint64_t
cookie will spread 1 to the four most significant bytes.
Then the condition (cookie != s->rx_cookie) becomes false.

Signed-off-by: Alexis Dambricourt 
Signed-off-by: Jason Wang 
---
 net/l2tpv3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/l2tpv3.c b/net/l2tpv3.c
index 8e68e54..21d6119 100644
--- a/net/l2tpv3.c
+++ b/net/l2tpv3.c
@@ -325,7 +325,7 @@ static int l2tpv3_verify_header(NetL2TPV3State *s, uint8_t 
*buf)
 if (s->cookie_is_64) {
 cookie = ldq_be_p(buf + s->cookie_offset);
 } else {
-cookie = ldl_be_p(buf + s->cookie_offset);
+cookie = ldl_be_p(buf + s->cookie_offset) & 0xULL;
 }
 if (cookie != s->rx_cookie) {
 if (!s->header_mismatch) {
-- 
2.5.0

[Qemu-devel] [PULL 14/24] vmxnet3: Change offsets of msi/msix pci capabilities

[Jason Wang]

From: Shmulik Ladkani 

Place device reported PCI capabilities at the same offsets as placed by
the VMware virtual hardware: MSI at [84], MSI-X at [9c].

Signed-off-by: Shmulik Ladkani 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 18 +++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 63692c5..0097f4b 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -36,6 +36,16 @@
 #define VMXNET3_MSIX_BAR_SIZE 0x2000
 #define MIN_BUF_SIZE 60
 
+/* Compatability flags for migration */
+#define VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS_BIT 0
+#define VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS \
+(1 << VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS_BIT)
+
+#define VMXNET3_MSI_OFFSET(s) \
+((s)->compat_flags & VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS ? 0x50 : 0x84)
+#define VMXNET3_MSIX_OFFSET(s) \
+((s)->compat_flags & VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS ? 0 : 0x9c)
+
 #define VMXNET3_BAR0_IDX  (0)
 #define VMXNET3_BAR1_IDX  (1)
 #define VMXNET3_MSIX_BAR_IDX  (2)
@@ -313,6 +323,9 @@ typedef struct {
 MACAddr *mcast_list;
 uint32_t mcast_list_len;
 uint32_t mcast_list_buff_size; /* needed for live migration. */
+
+/* Compatability flags for migration */
+uint32_t compat_flags;
 } VMXNET3State;
 
 /* Interrupt management */
@@ -2131,7 +2144,7 @@ vmxnet3_init_msix(VMXNET3State *s)
 VMXNET3_MSIX_BAR_IDX, VMXNET3_OFF_MSIX_TABLE,
 >msix_bar,
 VMXNET3_MSIX_BAR_IDX, VMXNET3_OFF_MSIX_PBA,
-0);
+VMXNET3_MSIX_OFFSET(s));
 
 if (0 > res) {
 VMW_WRPRN("Failed to initialize MSI-X, error %d", res);
@@ -2159,7 +2172,6 @@ vmxnet3_cleanup_msix(VMXNET3State *s)
 }
 }
 
-#define VMXNET3_MSI_OFFSET(0x50)
 #define VMXNET3_USE_64BIT (true)
 #define VMXNET3_PER_VECTOR_MASK   (false)
 
@@ -2169,7 +2181,7 @@ vmxnet3_init_msi(VMXNET3State *s)
 PCIDevice *d = PCI_DEVICE(s);
 int res;
 
-res = msi_init(d, VMXNET3_MSI_OFFSET, VMXNET3_MAX_NMSIX_INTRS,
+res = msi_init(d, VMXNET3_MSI_OFFSET(s), VMXNET3_MAX_NMSIX_INTRS,
VMXNET3_USE_64BIT, VMXNET3_PER_VECTOR_MASK);
 if (0 > res) {
 VMW_WRPRN("Failed to initialize MSI, error %d", res);
-- 
2.5.0

[Qemu-devel] [PULL 24/24] ether/slirp: Avoid redefinition of the same constants

[Jason Wang]

From: "Dr. David Alan Gilbert" 

eth.h and slirp.h both define ETH_ALEN and ETH_P_IP
rtl8139.c and eth.h both define ETH_HLEN

Move the related constant (ETH_P_ARP) from slirp.h to eth.h, and
remove the duplicates; make slirp.h include eth.h

Signed-off-by: Dr. David Alan Gilbert 
Reviewed-by: Alex Bennée 
Signed-off-by: Jason Wang 
---
 hw/net/rtl8139.c  | 1 -
 include/net/eth.h | 4 +++-
 slirp/slirp.h | 7 +--
 3 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index 68e43f3..d192d57 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -74,7 +74,6 @@
 ( ( input ) & ( size - 1 )  )
 
 #define ETHER_TYPE_LEN 2
-#define ETH_HLEN (ETH_ALEN * 2 + ETHER_TYPE_LEN)
 #define ETH_MTU 1500
 
 #define VLAN_TCI_LEN 2
diff --git a/include/net/eth.h b/include/net/eth.h
index b3273b8..84384fe 100644
--- a/include/net/eth.h
+++ b/include/net/eth.h
@@ -32,6 +32,7 @@
 #include "qemu/iov.h"
 
 #define ETH_ALEN 6
+#define ETH_HLEN 14
 
 struct eth_header {
 uint8_t  h_dest[ETH_ALEN];   /* destination eth addr */
@@ -170,7 +171,8 @@ struct tcp_hdr {
 #define IP_HEADER_VERSION(ip) \
 ((ip->ip_ver_len >> 4)&0xf)
 
-#define ETH_P_IP  (0x0800)
+#define ETH_P_IP  (0x0800)  /* Internet Protocol packet  */
+#define ETH_P_ARP (0x0806)  /* Address Resolution packet */
 #define ETH_P_IPV6(0x86dd)
 #define ETH_P_VLAN(0x8100)
 #define ETH_P_DVLAN   (0x88a8)
diff --git a/slirp/slirp.h b/slirp/slirp.h
index 6589d7e..ec0a4c2 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -135,6 +135,7 @@ void free(void *ptr);
 
 #include "qemu/queue.h"
 #include "qemu/sockets.h"
+#include "net/eth.h"
 
 #include "libslirp.h"
 #include "ip.h"
@@ -158,12 +159,6 @@ void free(void *ptr);
 #include "bootp.h"
 #include "tftp.h"
 
-#define ETH_ALEN 6
-#define ETH_HLEN 14
-
-#define ETH_P_IP  0x0800/* Internet Protocol packet  */
-#define ETH_P_ARP 0x0806/* Address Resolution packet */
-
 #define ARPOP_REQUEST 1 /* ARP request */
 #define ARPOP_REPLY   2 /* ARP reply   */
 
-- 
2.5.0

[Qemu-devel] [PULL 17/24] vmxnet3: coding: Introduce VMXNET3Class

[Jason Wang]

From: Shmulik Ladkani 

Introduce a class type for vmxnet3, and the usual
DEVICE_CLASS/DEVICE_GET_CLASS macros.

No semantic change.

Signed-off-by: Shmulik Ladkani 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index f398dea..3044711 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -119,9 +119,18 @@
 
 #define VMXNET_FLAG_IS_SET(field, flag) (((field) & (flag)) == (flag))
 
+typedef struct VMXNET3Class {
+PCIDeviceClass parent_class;
+} VMXNET3Class;
+
 #define TYPE_VMXNET3 "vmxnet3"
 #define VMXNET3(obj) OBJECT_CHECK(VMXNET3State, (obj), TYPE_VMXNET3)
 
+#define VMXNET3_DEVICE_CLASS(klass) \
+OBJECT_CLASS_CHECK(VMXNET3Class, (klass), TYPE_VMXNET3)
+#define VMXNET3_DEVICE_GET_CLASS(obj) \
+OBJECT_GET_CLASS(VMXNET3Class, (obj), TYPE_VMXNET3)
+
 /* Cyclic ring abstraction */
 typedef struct {
 hwaddr pa;
@@ -2621,6 +2630,7 @@ static void vmxnet3_class_init(ObjectClass *class, void 
*data)
 static const TypeInfo vmxnet3_info = {
 .name  = TYPE_VMXNET3,
 .parent= TYPE_PCI_DEVICE,
+.class_size= sizeof(VMXNET3Class),
 .instance_size = sizeof(VMXNET3State),
 .class_init= vmxnet3_class_init,
 .instance_init = vmxnet3_instance_init,
-- 
2.5.0

[Qemu-devel] [PATCH 0/2] block: Reject negative values for throttling options

[Fam Zheng]

Now the negative values are silently converted to a huge positive number
because we are doing implicit casting from uint64_t to double. Fix it and add a
test case (this was once fixed in 7d81c1413c9 but regressed when the block
device option parsing code was changed).



Fam Zheng (2):
  blockdev: Error out on negative throttling option values
  iotests: Test that negative throttle values are rejected

 blockdev.c| 26 +-
 tests/qemu-iotests/051| 11 +++
 tests/qemu-iotests/051.out| 21 +
 tests/qemu-iotests/051.pc.out | 21 +
 4 files changed, 66 insertions(+), 13 deletions(-)

-- 
2.4.3

[Qemu-devel] [PULL 18/24] vmxnet3: The vmxnet3 device is a PCIE endpoint

[Jason Wang]

From: Shmulik Ladkani 

Report the 'express endpoint' capability if on a PCIE bus.

Signed-off-by: Shmulik Ladkani 
Signed-off-by: Jason Wang 
---
 hw/net/vmxnet3.c | 53 -
 1 file changed, 52 insertions(+), 1 deletion(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 3044711..4dc7519 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -40,7 +40,11 @@
 #define VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS_BIT 0
 #define VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS \
 (1 << VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS_BIT)
+#define VMXNET3_COMPAT_FLAG_DISABLE_PCIE_BIT 1
+#define VMXNET3_COMPAT_FLAG_DISABLE_PCIE \
+(1 << VMXNET3_COMPAT_FLAG_DISABLE_PCIE_BIT)
 
+#define VMXNET3_EXP_EP_OFFSET (0x48)
 #define VMXNET3_MSI_OFFSET(s) \
 ((s)->compat_flags & VMXNET3_COMPAT_FLAG_OLD_MSI_OFFSETS ? 0x50 : 0x84)
 #define VMXNET3_MSIX_OFFSET(s) \
@@ -121,6 +125,7 @@
 
 typedef struct VMXNET3Class {
 PCIDeviceClass parent_class;
+DeviceRealize parent_dc_realize;
 } VMXNET3Class;
 
 #define TYPE_VMXNET3 "vmxnet3"
@@ -2285,6 +2290,10 @@ static void vmxnet3_pci_realize(PCIDevice *pci_dev, 
Error **errp)
 
 vmxnet3_net_init(s);
 
+if (pci_is_express(pci_dev) && pci_bus_is_express(pci_dev->bus)) {
+pcie_endpoint_cap_init(pci_dev, VMXNET3_EXP_EP_OFFSET);
+}
+
 register_savevm(dev, "vmxnet3-msix", -1, 1,
 vmxnet3_msix_save, vmxnet3_msix_load, s);
 }
@@ -2554,6 +2563,29 @@ static const VMStateInfo int_state_info = {
 .put = vmxnet3_put_int_state
 };
 
+static bool vmxnet3_vmstate_need_pcie_device(void *opaque)
+{
+VMXNET3State *s = VMXNET3(opaque);
+
+return !(s->compat_flags & VMXNET3_COMPAT_FLAG_DISABLE_PCIE);
+}
+
+static bool vmxnet3_vmstate_test_pci_device(void *opaque, int version_id)
+{
+return !vmxnet3_vmstate_need_pcie_device(opaque);
+}
+
+static const VMStateDescription vmstate_vmxnet3_pcie_device = {
+.name = "vmxnet3/pcie",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = vmxnet3_vmstate_need_pcie_device,
+.fields = (VMStateField[]) {
+VMSTATE_PCIE_DEVICE(parent_obj, VMXNET3State),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_vmxnet3 = {
 .name = "vmxnet3",
 .version_id = 1,
@@ -2561,7 +2593,9 @@ static const VMStateDescription vmstate_vmxnet3 = {
 .pre_save = vmxnet3_pre_save,
 .post_load = vmxnet3_post_load,
 .fields = (VMStateField[]) {
-VMSTATE_PCI_DEVICE(parent_obj, VMXNET3State),
+VMSTATE_STRUCT_TEST(parent_obj, VMXNET3State,
+vmxnet3_vmstate_test_pci_device, 0,
+vmstate_pci_device, PCIDevice),
 VMSTATE_BOOL(rx_packets_compound, VMXNET3State),
 VMSTATE_BOOL(rx_vlan_stripping, VMXNET3State),
 VMSTATE_BOOL(lro_supported, VMXNET3State),
@@ -2596,6 +2630,7 @@ static const VMStateDescription vmstate_vmxnet3 = {
 },
 .subsections = (const VMStateDescription*[]) {
 _vmxnet3_mcast_list,
+_vmxnet3_pcie_device,
 NULL
 }
 };
@@ -2607,10 +2642,24 @@ static Property vmxnet3_properties[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
+static void vmxnet3_realize(DeviceState *qdev, Error **errp)
+{
+VMXNET3Class *vc = VMXNET3_DEVICE_GET_CLASS(qdev);
+PCIDevice *pci_dev = PCI_DEVICE(qdev);
+VMXNET3State *s = VMXNET3(qdev);
+
+if (!(s->compat_flags & VMXNET3_COMPAT_FLAG_DISABLE_PCIE)) {
+pci_dev->cap_present |= QEMU_PCI_CAP_EXPRESS;
+}
+
+vc->parent_dc_realize(qdev, errp);
+}
+
 static void vmxnet3_class_init(ObjectClass *class, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(class);
 PCIDeviceClass *c = PCI_DEVICE_CLASS(class);
+VMXNET3Class *vc = VMXNET3_DEVICE_CLASS(class);
 
 c->realize = vmxnet3_pci_realize;
 c->exit = vmxnet3_pci_uninit;
@@ -2620,6 +2669,8 @@ static void vmxnet3_class_init(ObjectClass *class, void 
*data)
 c->class_id = PCI_CLASS_NETWORK_ETHERNET;
 c->subsystem_vendor_id = PCI_VENDOR_ID_VMWARE;
 c->subsystem_id = PCI_DEVICE_ID_VMWARE_VMXNET3;
+vc->parent_dc_realize = dc->realize;
+dc->realize = vmxnet3_realize;
 dc->desc = "VMWare Paravirtualized Ethernet v3";
 dc->reset = vmxnet3_qdev_reset;
 dc->vmsd = _vmxnet3;
-- 
2.5.0

[Qemu-devel] [PATCH 2/2] iotests: Test that negative throttle values are rejected

[Fam Zheng]

Signed-off-by: Fam Zheng 
---
 tests/qemu-iotests/051| 11 +++
 tests/qemu-iotests/051.out| 21 +
 tests/qemu-iotests/051.pc.out | 21 +
 3 files changed, 53 insertions(+)

diff --git a/tests/qemu-iotests/051 b/tests/qemu-iotests/051
index d91f80b..2c9b07e 100755
--- a/tests/qemu-iotests/051
+++ b/tests/qemu-iotests/051
@@ -263,6 +263,17 @@ run_qemu -drive 
file="$TEST_IMG",iops_size=1234,throttling.iops-size=5678
 run_qemu -drive file="$TEST_IMG",readonly=on,read-only=off
 
 echo
+echo === Catching nagative throttling values ===
+echo
+
+run_qemu -drive file="$TEST_IMG",iops=-1
+run_qemu -drive file="$TEST_IMG",bps=-2
+run_qemu -drive file="$TEST_IMG",bps_rd=-3
+run_qemu -drive file="$TEST_IMG",bps_rd_max=-3
+run_qemu -drive file="$TEST_IMG",throttling.iops-total=-4
+run_qemu -drive file="$TEST_IMG",throttling.bps-total=-5
+
+echo
 echo === Parsing protocol from file name ===
 echo
 
diff --git a/tests/qemu-iotests/051.out b/tests/qemu-iotests/051.out
index bf886ce..a8c0679 100644
--- a/tests/qemu-iotests/051.out
+++ b/tests/qemu-iotests/051.out
@@ -285,6 +285,27 @@ Testing: -drive 
file=TEST_DIR/t.qcow2,readonly=on,read-only=off
 QEMU_PROG: -drive file=TEST_DIR/t.qcow2,readonly=on,read-only=off: 'read-only' 
and its alias 'readonly' can't be used at the same time
 
 
+=== Catching nagative throttling values ===
+
+Testing: -drive file=TEST_DIR/t.qcow2,iops=-1
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,iops=-1: bps/iops/maxs values must be 
0 or greater
+
+Testing: -drive file=TEST_DIR/t.qcow2,bps=-2
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,bps=-2: bps/iops/maxs values must be 0 
or greater
+
+Testing: -drive file=TEST_DIR/t.qcow2,bps_rd=-3
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,bps_rd=-3: bps/iops/maxs values must 
be 0 or greater
+
+Testing: -drive file=TEST_DIR/t.qcow2,bps_rd_max=-3
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,bps_rd_max=-3: bps/iops/maxs values 
must be 0 or greater
+
+Testing: -drive file=TEST_DIR/t.qcow2,throttling.iops-total=-4
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,throttling.iops-total=-4: 
bps/iops/maxs values must be 0 or greater
+
+Testing: -drive file=TEST_DIR/t.qcow2,throttling.bps-total=-5
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,throttling.bps-total=-5: bps/iops/maxs 
values must be 0 or greater
+
+
 === Parsing protocol from file name ===
 
 Testing: -hda foo:bar
diff --git a/tests/qemu-iotests/051.pc.out b/tests/qemu-iotests/051.pc.out
index a5dfc33..b455411 100644
--- a/tests/qemu-iotests/051.pc.out
+++ b/tests/qemu-iotests/051.pc.out
@@ -379,6 +379,27 @@ Testing: -drive 
file=TEST_DIR/t.qcow2,readonly=on,read-only=off
 QEMU_PROG: -drive file=TEST_DIR/t.qcow2,readonly=on,read-only=off: 'read-only' 
and its alias 'readonly' can't be used at the same time
 
 
+=== Catching nagative throttling values ===
+
+Testing: -drive file=TEST_DIR/t.qcow2,iops=-1
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,iops=-1: bps/iops/maxs values must be 
0 or greater
+
+Testing: -drive file=TEST_DIR/t.qcow2,bps=-2
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,bps=-2: bps/iops/maxs values must be 0 
or greater
+
+Testing: -drive file=TEST_DIR/t.qcow2,bps_rd=-3
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,bps_rd=-3: bps/iops/maxs values must 
be 0 or greater
+
+Testing: -drive file=TEST_DIR/t.qcow2,bps_rd_max=-3
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,bps_rd_max=-3: bps/iops/maxs values 
must be 0 or greater
+
+Testing: -drive file=TEST_DIR/t.qcow2,throttling.iops-total=-4
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,throttling.iops-total=-4: 
bps/iops/maxs values must be 0 or greater
+
+Testing: -drive file=TEST_DIR/t.qcow2,throttling.bps-total=-5
+QEMU_PROG: -drive file=TEST_DIR/t.qcow2,throttling.bps-total=-5: bps/iops/maxs 
values must be 0 or greater
+
+
 === Parsing protocol from file name ===
 
 Testing: -hda foo:bar
-- 
2.4.3

[Qemu-devel] [PULL 21/24] net: rocker: fix an incorrect array bounds check

[Jason Wang]

From: Prasad J Pandit 

While processing transmit(tx) descriptors in 'tx_consume' routine
the switch emulator suffers from an off-by-one error, if a
descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
fragments. Fix an incorrect bounds check to avoid it.

Reported-by: Qinghao Tang 
Cc: qemu-sta...@nongnu.org
Signed-off-by: Prasad J Pandit 
Signed-off-by: Jason Wang 
---
 hw/net/rocker/rocker.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
index c57f1a6..2e77e50 100644
--- a/hw/net/rocker/rocker.c
+++ b/hw/net/rocker/rocker.c
@@ -232,6 +232,9 @@ static int tx_consume(Rocker *r, DescInfo *info)
 frag_addr = rocker_tlv_get_le64(tlvs[ROCKER_TLV_TX_FRAG_ATTR_ADDR]);
 frag_len = rocker_tlv_get_le16(tlvs[ROCKER_TLV_TX_FRAG_ATTR_LEN]);
 
+if (iovcnt >= ROCKER_TX_FRAGS_MAX) {
+goto err_too_many_frags;
+}
 iov[iovcnt].iov_len = frag_len;
 iov[iovcnt].iov_base = g_malloc(frag_len);
 if (!iov[iovcnt].iov_base) {
@@ -244,10 +247,7 @@ static int tx_consume(Rocker *r, DescInfo *info)
 err = -ROCKER_ENXIO;
 goto err_bad_io;
 }
-
-if (++iovcnt > ROCKER_TX_FRAGS_MAX) {
-goto err_too_many_frags;
-}
+iovcnt++;
 }
 
 if (iovcnt) {
-- 
2.5.0

[Qemu-devel] [PATCH 1/2] blockdev: Error out on negative throttling option values

[Fam Zheng]

The implicit casting from unsigned int to double changes negative values
into large positive numbers, whereas explicitly casting to signed
integer first will let us catch the invalid value and report error
correctly:

$ qemu-system-x86_64 -drive file=null-co://,iops=-1
qemu-system-x86_64: -drive file=null-co://,iops=-1: bps/iops/maxs
values must be 0 or greater

Signed-off-by: Fam Zheng 
---
 blockdev.c | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index 2df0c6d..8b6b398 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -407,33 +407,33 @@ static void extract_common_blockdev_options(QemuOpts 
*opts, int *bdrv_flags,
 if (throttle_cfg) {
 memset(throttle_cfg, 0, sizeof(*throttle_cfg));
 throttle_cfg->buckets[THROTTLE_BPS_TOTAL].avg =
-qemu_opt_get_number(opts, "throttling.bps-total", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.bps-total", 0);
 throttle_cfg->buckets[THROTTLE_BPS_READ].avg  =
-qemu_opt_get_number(opts, "throttling.bps-read", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.bps-read", 0);
 throttle_cfg->buckets[THROTTLE_BPS_WRITE].avg =
-qemu_opt_get_number(opts, "throttling.bps-write", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.bps-write", 0);
 throttle_cfg->buckets[THROTTLE_OPS_TOTAL].avg =
-qemu_opt_get_number(opts, "throttling.iops-total", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.iops-total", 0);
 throttle_cfg->buckets[THROTTLE_OPS_READ].avg =
-qemu_opt_get_number(opts, "throttling.iops-read", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.iops-read", 0);
 throttle_cfg->buckets[THROTTLE_OPS_WRITE].avg =
-qemu_opt_get_number(opts, "throttling.iops-write", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.iops-write", 0);
 
 throttle_cfg->buckets[THROTTLE_BPS_TOTAL].max =
-qemu_opt_get_number(opts, "throttling.bps-total-max", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.bps-total-max", 0);
 throttle_cfg->buckets[THROTTLE_BPS_READ].max  =
-qemu_opt_get_number(opts, "throttling.bps-read-max", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.bps-read-max", 0);
 throttle_cfg->buckets[THROTTLE_BPS_WRITE].max =
-qemu_opt_get_number(opts, "throttling.bps-write-max", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.bps-write-max", 0);
 throttle_cfg->buckets[THROTTLE_OPS_TOTAL].max =
-qemu_opt_get_number(opts, "throttling.iops-total-max", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.iops-total-max", 0);
 throttle_cfg->buckets[THROTTLE_OPS_READ].max =
-qemu_opt_get_number(opts, "throttling.iops-read-max", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.iops-read-max", 0);
 throttle_cfg->buckets[THROTTLE_OPS_WRITE].max =
-qemu_opt_get_number(opts, "throttling.iops-write-max", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.iops-write-max", 0);
 
 throttle_cfg->op_size =
-qemu_opt_get_number(opts, "throttling.iops-size", 0);
+(int64_t)qemu_opt_get_number(opts, "throttling.iops-size", 0);
 
 if (!check_throttle_config(throttle_cfg, errp)) {
 return;
-- 
2.4.3

Re: [Qemu-devel] [PATCH] hw/arm/virt: Initialize NICs configured in PCI bus

[Jason Wang]

On 01/07/2016 11:21 PM, Paolo Bonzini wrote:
>
> On 07/01/2016 15:47, Peter Maydell wrote:
>> I think my current inclination is to say that virt should
>> support -net, because I would prefer to avoid having yet
>> another speedbump in the path of people trying to move to
>> using KVM-on-ARM based on their previous experience with
>> KVM-on-x86.
> I agree.
>
> Paolo

+1

Re: [Qemu-devel] [PATCH 1/2] nbd: Interface tweak of nbd_client_new

[Fam Zheng]

On Fri, 01/08 19:24, Paolo Bonzini wrote:
> 
> 
> On 08/01/2016 17:24, Daniel P. Berrange wrote:
> >> >  if (nbd_send_negotiate(client)) {
> >> > +shutdown(csock, 2);
> >> > +close(csock);
> >> >  g_free(client);
> >> > -return NULL;
> >> > +ret = -1;
> >> > +goto out;
> > If you simply make this failure code branch call close_fn() then I
> > think you can adding needing the new NBDClientNewCB entirely if
> 
> Good idea, but note that close_fn will call nbd_client_put, so the
> close/g_free must be removed.  It's probably cleanest to change csock to
> client->sock in the shutdown call, too.

Good suggestions, will update and resend. Thanks!

Fam

[Qemu-devel] [PULL 12/16] pseries: Improve setting of default machine version

[David Gibson]

This tweaks the way the default machine version is controlled, so that
there will be a bit less churn when each new version is introduced.

Signed-off-by: David Gibson 
Reviewed-by: Alexey Kardashevskiy 
---
 hw/ppc/spapr.c | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 5af3d13..8b8eb18 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2308,12 +2308,16 @@ static const TypeInfo spapr_machine_info = {
 },
 };
 
-#define DEFINE_SPAPR_MACHINE(suffix, verstr) \
+#define DEFINE_SPAPR_MACHINE(suffix, verstr, latest) \
 static void spapr_machine_##suffix##_class_init(ObjectClass *oc, \
 void *data)  \
 {\
 MachineClass *mc = MACHINE_CLASS(oc);\
 spapr_machine_##suffix##_class_options(mc);  \
+if (latest) {\
+mc->alias = "pseries";   \
+mc->is_default = 1;  \
+}\
 }\
 static void spapr_machine_##suffix##_instance_init(Object *obj)  \
 {\
@@ -2342,11 +2346,9 @@ static void 
spapr_machine_2_5_instance_options(MachineState *machine)
 static void spapr_machine_2_5_class_options(MachineClass *mc)
 {
 /* Defaults for the latest behaviour inherited from the base class */
-mc->alias = "pseries";
-mc->is_default = 1;
 }
 
-DEFINE_SPAPR_MACHINE(2_5, "2.5");
+DEFINE_SPAPR_MACHINE(2_5, "2.5", true);
 
 /*
  * pseries-2.4
@@ -2364,13 +2366,11 @@ static void 
spapr_machine_2_4_class_options(MachineClass *mc)
 sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
 
 spapr_machine_2_5_class_options(mc);
-mc->alias = NULL;
-mc->is_default = 0;
 smc->dr_lmb_enabled = false;
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_4);
 }
 
-DEFINE_SPAPR_MACHINE(2_4, "2.4");
+DEFINE_SPAPR_MACHINE(2_4, "2.4", false);
 
 /*
  * pseries-2.3
@@ -2396,7 +2396,7 @@ static void spapr_machine_2_3_class_options(MachineClass 
*mc)
 spapr_machine_2_4_class_options(mc);
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_3);
 }
-DEFINE_SPAPR_MACHINE(2_3, "2.3");
+DEFINE_SPAPR_MACHINE(2_3, "2.3", false);
 
 /*
  * pseries-2.2
@@ -2421,7 +2421,7 @@ static void spapr_machine_2_2_class_options(MachineClass 
*mc)
 spapr_machine_2_3_class_options(mc);
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_2);
 }
-DEFINE_SPAPR_MACHINE(2_2, "2.2");
+DEFINE_SPAPR_MACHINE(2_2, "2.2", false);
 
 /*
  * pseries-2.1
@@ -2440,7 +2440,7 @@ static void spapr_machine_2_1_class_options(MachineClass 
*mc)
 spapr_machine_2_2_class_options(mc);
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_1);
 }
-DEFINE_SPAPR_MACHINE(2_1, "2.1");
+DEFINE_SPAPR_MACHINE(2_1, "2.1", false);
 
 static void spapr_machine_register_types(void)
 {
-- 
2.5.0

[Qemu-devel] [PULL 03/16] spapr: Add /system-id

[David Gibson]

From: Alexey Kardashevskiy 

Section B.6.2.1 Root Node Properties of PAPR specification defines
a set of properties which shall be present in the device tree root,
one of these properties is "system-id" which "should be unique across
all systems and all manufacturers". Since UUID is meant to be unique,
it makes sense to use it as "system-id".

This adds "system-id" property to the device tree root when not empty.

Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 6bfb908..29a16b7 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -375,6 +375,9 @@ static void *spapr_create_fdt_skel(hwaddr initrd_base,
   qemu_uuid[14], qemu_uuid[15]);
 
 _FDT((fdt_property_string(fdt, "vm,uuid", buf)));
+if (qemu_uuid_set) {
+_FDT((fdt_property_string(fdt, "system-id", buf)));
+}
 g_free(buf);
 
 if (qemu_get_vm_name()) {
-- 
2.5.0

[Qemu-devel] [PULL 16/16] hw/ppc/spapr: fix spapr->kvm_type leak

[David Gibson]

Cc: David Gibson 
Cc: Alexander Graf 
Cc: qemu-...@nongnu.org
Signed-off-by: Li Zhijian 
[fixed return type of spapr_machine_finalizefn()]
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 580b75d..414e0f9b 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2108,6 +2108,13 @@ static void spapr_machine_initfn(Object *obj)
 NULL);
 }
 
+static void spapr_machine_finalizefn(Object *obj)
+{
+sPAPRMachineState *spapr = SPAPR_MACHINE(obj);
+
+g_free(spapr->kvm_type);
+}
+
 static void ppc_cpu_do_nmi_on_cpu(void *arg)
 {
 CPUState *cs = arg;
@@ -2302,6 +2309,7 @@ static const TypeInfo spapr_machine_info = {
 .abstract  = true,
 .instance_size = sizeof(sPAPRMachineState),
 .instance_init = spapr_machine_initfn,
+.instance_finalize = spapr_machine_finalizefn,
 .class_size= sizeof(sPAPRMachineClass),
 .class_init= spapr_machine_class_init,
 .interfaces = (InterfaceInfo[]) {
-- 
2.5.0

[Qemu-devel] [PULL 08/16] Move SET_MACHINE_COMPAT macro to boards.h

[David Gibson]

pc.h defines a SET_MACHINE_COMPAT macro to make setting up compat_props
for the various PC machine versions less verbose.  There's nothing
inherently PC specific about it, though, so move it to boards.h where other
versioned machine types (like pseries-*) can use it.

While we're doing that, change it's indentation to be a bit more regular.

Signed-off-by: David Gibson 
Reviewed-by: Thomas Huth 
Reviewed-by: Eduardo Habkost 
Reviewed-by: Alexey Kardashevskiy 
---
 include/hw/boards.h  | 9 +
 include/hw/i386/pc.h | 8 
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/include/hw/boards.h b/include/hw/boards.h
index 051db5e..0f30959 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -157,4 +157,13 @@ struct MachineState {
 } \
 machine_init(machine_initfn##_register_types)
 
+#define SET_MACHINE_COMPAT(m, COMPAT) \
+do {  \
+static GlobalProperty props[] = {   \
+COMPAT  \
+{ /* end of list */ }   \
+};  \
+(m)->compat_props = props;  \
+} while (0)
+
 #endif
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index b0d6283..2e0d05e 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -855,13 +855,5 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 } \
 machine_init(pc_machine_init_##suffix)
 
-#define SET_MACHINE_COMPAT(m, COMPAT) do { \
-static GlobalProperty props[] = { \
-COMPAT \
-{ /* end of list */ } \
-}; \
-(m)->compat_props = props; \
-} while (0)
-
 extern void igd_passthrough_isa_bridge_create(PCIBus *bus, uint16_t 
gpu_dev_id);
 #endif
-- 
2.5.0

[Qemu-devel] [PULL 01/16] hw/ppc/spapr_rtc: Remove bad class_size value

[David Gibson]

From: Thomas Huth 

class_size = sizeof(XICSStateClass) does not make much sense
in the RTC code and likely was just a copy-n-paste error.
Let's simply remove it.

Signed-off-by: Thomas Huth 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_rtc.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/ppc/spapr_rtc.c b/hw/ppc/spapr_rtc.c
index 34b27db..b591a8e 100644
--- a/hw/ppc/spapr_rtc.c
+++ b/hw/ppc/spapr_rtc.c
@@ -200,7 +200,6 @@ static const TypeInfo spapr_rtc_info = {
 .name  = TYPE_SPAPR_RTC,
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(sPAPRRTCState),
-.class_size = sizeof(XICSStateClass),
 .class_init= spapr_rtc_class_init,
 };
 
-- 
2.5.0

Re: [Qemu-devel] [RFC PATCH v2 02/10] Jhash: add linux kernel jhashtable in qemu

[Zhang Chen]

On 01/08/2016 08:08 PM, Dr. David Alan Gilbert wrote:

* Zhang Chen (zhangchen.f...@cn.fujitsu.com) wrote:

From: zhangchen 

Jhash used by colo-proxy to save and lookup
net connection info

Signed-off-by: zhangchen 
Signed-off-by: zhanghailiang 
---
  include/qemu/jhash.h | 61 
  1 file changed, 61 insertions(+)
  create mode 100644 include/qemu/jhash.h

diff --git a/include/qemu/jhash.h b/include/qemu/jhash.h
new file mode 100644
index 000..5b82d02
--- /dev/null
+++ b/include/qemu/jhash.h
@@ -0,0 +1,61 @@
+/* jhash.h: Jenkins hash support.
+  *
+  * Copyright (C) 2006. Bob Jenkins (bob_jenk...@burtleburtle.net)
+  *
+  * http://burtleburtle.net/bob/hash/
+  *
+  * These are the credits from Bob's sources:
+  *
+  * lookup3.c, by Bob Jenkins, May 2006, Public Domain.
+  *
+  * These are functions for producing 32-bit hashes for hash table lookup.
+  * hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final()
+  * are externally useful functions.  Routines to test the hash are
+included
+  * if SELF_TEST is defined.  You can use this free for any purpose.
+It's in
+  * the public domain.  It has no warranty.
+  *
+  * Copyright (C) 2009-2010 Jozsef Kadlecsik (kad...@blackhole.kfki.hu)
+  *
+  * I've modified Bob's hash to be useful in the Linux kernel, and
+  * any bugs present are my fault.
+  * Jozsef
+  */
+
+#ifndef QEMU_JHASH_H__
+#define QEMU_JHASH_H__
+
+#include "qemu/bitopt.h"

That does not build, the header in qemu is bitop*s*.h.

Dave


I'm very sorry for it, fix it to

#include "qemu/bitopts.h"

Thanks
zhangchen



+
+/*
+ * hashtable relation copy from linux kernel jhash
+ */
+
+/* __jhash_mix -- mix 3 32-bit values reversibly. */
+#define __jhash_mix(a, b, c)\
+{   \
+a -= c;  a ^= rol32(c, 4);  c += b; \
+b -= a;  b ^= rol32(a, 6);  a += c; \
+c -= b;  c ^= rol32(b, 8);  b += a; \
+a -= c;  a ^= rol32(c, 16); c += b; \
+b -= a;  b ^= rol32(a, 19); a += c; \
+c -= b;  c ^= rol32(b, 4);  b += a; \
+}
+
+/* __jhash_final - final mixing of 3 32-bit values (a,b,c) into c */
+#define __jhash_final(a, b, c)  \
+{   \
+c ^= b; c -= rol32(b, 14);  \
+a ^= c; a -= rol32(c, 11);  \
+b ^= a; b -= rol32(a, 25);  \
+c ^= b; c -= rol32(b, 16);  \
+a ^= c; a -= rol32(c, 4);   \
+b ^= a; b -= rol32(a, 14);  \
+c ^= b; c -= rol32(b, 24);  \
+}
+
+/* An arbitrary initial parameter */
+#define JHASH_INITVAL   0xdeadbeef
+
+#endif /* QEMU_JHASH_H__ */
--
1.9.1




--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK


.



--
Thanks
zhangchen

[Qemu-devel] [PATCH v2 1/2] nbd: Always call "close_fn" in nbd_client_new

[Fam Zheng]

Rename the parameter "close" to "close_fn" to disambiguous with
close(2).

This unifies error handling paths of NBDClient allocation:
nbd_client_new will shutdown the socket and call the "close_fn" callback
if negotiation failed, so the caller don't need a different path than
the normal close.

The returned pointer is never used, make it void in preparation for the
next patch.

Signed-off-by: Fam Zheng 
---
 blockdev-nbd.c  |  5 ++---
 include/block/nbd.h |  3 +--
 nbd.c   | 11 +--
 qemu-nbd.c  | 10 +++---
 4 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/blockdev-nbd.c b/blockdev-nbd.c
index bcdd18b..4a758ac 100644
--- a/blockdev-nbd.c
+++ b/blockdev-nbd.c
@@ -27,9 +27,8 @@ static void nbd_accept(void *opaque)
 socklen_t addr_len = sizeof(addr);
 
 int fd = accept(server_fd, (struct sockaddr *), _len);
-if (fd >= 0 && !nbd_client_new(NULL, fd, nbd_client_put)) {
-shutdown(fd, 2);
-close(fd);
+if (fd >= 0) {
+nbd_client_new(NULL, fd, nbd_client_put);
 }
 }
 
diff --git a/include/block/nbd.h b/include/block/nbd.h
index 65f409d..7eccb41 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -98,8 +98,7 @@ NBDExport *nbd_export_find(const char *name);
 void nbd_export_set_name(NBDExport *exp, const char *name);
 void nbd_export_close_all(void);
 
-NBDClient *nbd_client_new(NBDExport *exp, int csock,
-  void (*close)(NBDClient *));
+void nbd_client_new(NBDExport *exp, int csock, void (*close_fn)(NBDClient *));
 void nbd_client_get(NBDClient *client);
 void nbd_client_put(NBDClient *client);
 
diff --git a/nbd.c b/nbd.c
index b3d9654..f8d0221 100644
--- a/nbd.c
+++ b/nbd.c
@@ -1475,8 +1475,7 @@ static void nbd_update_can_read(NBDClient *client)
 }
 }
 
-NBDClient *nbd_client_new(NBDExport *exp, int csock,
-  void (*close)(NBDClient *))
+void nbd_client_new(NBDExport *exp, int csock, void (*close_fn)(NBDClient *))
 {
 NBDClient *client;
 client = g_malloc0(sizeof(NBDClient));
@@ -1485,10 +1484,11 @@ NBDClient *nbd_client_new(NBDExport *exp, int csock,
 client->sock = csock;
 client->can_read = true;
 if (nbd_send_negotiate(client)) {
-g_free(client);
-return NULL;
+shutdown(client->sock, 2);
+close_fn(client);
+return;
 }
-client->close = close;
+client->close = close_fn;
 qemu_co_mutex_init(>send_lock);
 nbd_set_handlers(client);
 
@@ -1496,5 +1496,4 @@ NBDClient *nbd_client_new(NBDExport *exp, int csock,
 QTAILQ_INSERT_TAIL(>clients, client, next);
 nbd_export_get(exp);
 }
-return client;
 }
diff --git a/qemu-nbd.c b/qemu-nbd.c
index 65dc30c..31c58eb 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -335,13 +335,9 @@ static void nbd_accept(void *opaque)
 return;
 }
 
-if (nbd_client_new(exp, fd, nbd_client_closed)) {
-nb_fds++;
-nbd_update_server_fd_handler(server_fd);
-} else {
-shutdown(fd, 2);
-close(fd);
-}
+nb_fds++;
+nbd_update_server_fd_handler(server_fd);
+nbd_client_new(exp, fd, nbd_client_closed);
 }
 
 static void nbd_update_server_fd_handler(int fd)
-- 
2.4.3

[Qemu-devel] [PATCH v2 0/2] nbd: Async built-in server negotiation

[Fam Zheng]

v2: Adopt Daniel and Paolo's idea: always call close_fn.

During nbd_send_negotiate, if the client simply doesn't respond, the function
will not return, and the whole event loop is blocked.

Make the I/O effectively asynchronous by using coroutine read/write, so that a
malicious or disappeared client cannot make a hang.

Fam


Fam Zheng (2):
  nbd: Always call "close_fn" in nbd_client_new
  nbd: Coroutine based nbd_send_negotiate

 blockdev-nbd.c  |  5 ++--
 include/block/nbd.h |  3 +--
 nbd.c   | 73 ++---
 qemu-nbd.c  | 10 +++-
 4 files changed, 58 insertions(+), 33 deletions(-)

-- 
2.4.3

[Qemu-devel] [PATCH v2 2/2] nbd: Coroutine based nbd_send_negotiate

[Fam Zheng]

Create a coroutine in nbd_client_new, so that nbd_send_negotiate doesn't
need qemu_set_block().

A handler is needed for csock fd in case the coroutine yields during
I/O.

With this, if the other end disappears in the middle of the negotiation,
we don't block the whole event loop.

Signed-off-by: Fam Zheng 
---
 nbd.c | 68 +--
 1 file changed, 50 insertions(+), 18 deletions(-)

diff --git a/nbd.c b/nbd.c
index f8d0221..8f288a0 100644
--- a/nbd.c
+++ b/nbd.c
@@ -238,10 +238,9 @@ ssize_t nbd_wr_sync(int fd, void *buffer, size_t size, 
bool do_read)
 
 static ssize_t read_sync(int fd, void *buffer, size_t size)
 {
-/* Sockets are kept in blocking mode in the negotiation phase.  After
- * that, a non-readable socket simply means that another thread stole
- * our request/reply.  Synchronization is done with recv_coroutine, so
- * that this is coroutine-safe.
+/* A non-readable socket simply means that another thread stole our
+ * request/reply.  Synchronization is done with recv_coroutine, so that
+ * this is coroutine-safe.
  */
 return nbd_wr_sync(fd, buffer, size, true);
 }
@@ -504,13 +503,25 @@ static int nbd_receive_options(NBDClient *client)
 }
 }
 
-static int nbd_send_negotiate(NBDClient *client)
+typedef struct {
+NBDClient *client;
+Coroutine *co;
+} NBDClientNewData;
+
+static void nbd_negotiate_continue(void *opaque)
 {
+qemu_coroutine_enter(opaque, NULL);
+}
+
+static coroutine_fn int nbd_send_negotiate(NBDClientNewData *data)
+{
+NBDClient *client = data->client;
 int csock = client->sock;
 char buf[8 + 8 + 8 + 128];
 int rc;
 const int myflags = (NBD_FLAG_HAS_FLAGS | NBD_FLAG_SEND_TRIM |
  NBD_FLAG_SEND_FLUSH | NBD_FLAG_SEND_FUA);
+AioContext *ctx = client->exp ? client->exp->ctx : qemu_get_aio_context();
 
 /* Negotiation header without options:
 [ 0 ..   7]   passwd   ("NBDMAGIC")
@@ -531,9 +542,11 @@ static int nbd_send_negotiate(NBDClient *client)
 [28 .. 151]   reserved (0)
  */
 
-qemu_set_block(csock);
 rc = -EINVAL;
 
+aio_set_fd_handler(ctx, client->sock, true,
+   nbd_negotiate_continue,
+   nbd_negotiate_continue, data->co);
 TRACE("Beginning negotiation.");
 memset(buf, 0, sizeof(buf));
 memcpy(buf, "NBDMAGIC", 8);
@@ -575,7 +588,8 @@ static int nbd_send_negotiate(NBDClient *client)
 TRACE("Negotiation succeeded.");
 rc = 0;
 fail:
-qemu_set_nonblock(csock);
+aio_set_fd_handler(ctx, client->sock, true,
+   NULL, NULL, NULL);
 return rc;
 }
 
@@ -1475,25 +1489,43 @@ static void nbd_update_can_read(NBDClient *client)
 }
 }
 
+static coroutine_fn void nbd_co_client_start(void *opaque)
+{
+NBDClientNewData *data = opaque;
+NBDClient *client = data->client;
+NBDExport *exp = client->exp;
+
+if (exp) {
+nbd_export_get(exp);
+}
+if (nbd_send_negotiate(data)) {
+shutdown(client->sock, 2);
+client->close(client);
+goto out;
+}
+qemu_co_mutex_init(>send_lock);
+nbd_set_handlers(client);
+
+if (exp) {
+QTAILQ_INSERT_TAIL(>clients, client, next);
+}
+out:
+g_free(data);
+}
+
 void nbd_client_new(NBDExport *exp, int csock, void (*close_fn)(NBDClient *))
 {
 NBDClient *client;
+NBDClientNewData *data = g_new(NBDClientNewData, 1);
+
 client = g_malloc0(sizeof(NBDClient));
 client->refcount = 1;
 client->exp = exp;
 client->sock = csock;
 client->can_read = true;
-if (nbd_send_negotiate(client)) {
-shutdown(client->sock, 2);
-close_fn(client);
-return;
-}
 client->close = close_fn;
-qemu_co_mutex_init(>send_lock);
-nbd_set_handlers(client);
 
-if (exp) {
-QTAILQ_INSERT_TAIL(>clients, client, next);
-nbd_export_get(exp);
-}
+data->client = client;
+data->co = qemu_coroutine_create(nbd_co_client_start);
+qemu_coroutine_enter(data->co, data);
 }
-- 
2.4.3

[Qemu-devel] [PULL 07/16] pseries: Remove versions from mc->desc

[David Gibson]

Currently, the versioned spapr machine types put the machine type version
into the description string.  PC does not do this, using just the name
itself to distinguish.  Doing the same lets us move setting the description
into the common base class, simplifying the code slightly.

Signed-off-by: David Gibson 
Reviewed-by: Thomas Huth 
Reviewed-by: Alexey Kardashevskiy 
---
 hw/ppc/spapr.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index c7c6517..b08d338 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2265,6 +2265,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 NMIClass *nc = NMI_CLASS(oc);
 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
 
+mc->desc = "pSeries Logical Partition (PAPR compliant)";
 mc->init = ppc_spapr_init;
 mc->reset = ppc_spapr_reset;
 mc->block_default_type = IF_SCSI;
@@ -2309,7 +2310,6 @@ static void spapr_machine_2_5_class_init(ObjectClass *oc, 
void *data)
 MachineClass *mc = MACHINE_CLASS(oc);
 sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(oc);
 
-mc->desc = "pSeries Logical Partition (PAPR compliant) v2.5";
 mc->alias = "pseries";
 mc->is_default = 1;
 smc->dr_lmb_enabled = true;
@@ -2335,7 +2335,6 @@ static void spapr_machine_2_4_class_init(ObjectClass *oc, 
void *data)
 };
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->desc = "pSeries Logical Partition (PAPR compliant) v2.4";
 mc->compat_props = compat_props;
 }
 
@@ -2376,7 +2375,6 @@ static void spapr_machine_2_3_class_init(ObjectClass *oc, 
void *data)
 };
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->desc = "pSeries Logical Partition (PAPR compliant) v2.3";
 mc->compat_props = compat_props;
 }
 
@@ -2418,7 +2416,6 @@ static void spapr_machine_2_2_class_init(ObjectClass *oc, 
void *data)
 };
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->desc = "pSeries Logical Partition (PAPR compliant) v2.2";
 mc->compat_props = compat_props;
 }
 
@@ -2454,7 +2451,6 @@ static void spapr_machine_2_1_class_init(ObjectClass *oc, 
void *data)
 { /* end of list */ }
 };
 
-mc->desc = "pSeries Logical Partition (PAPR compliant) v2.1";
 mc->compat_props = compat_props;
 }
 
-- 
2.5.0

[Qemu-devel] [PULL 10/16] pseries: DEFINE_SPAPR_MACHINE

[David Gibson]

At the moment all the class_init functions and TypeInfo structures for the
various versioned pseries machine types are open-coded.  As more versions
are created this is getting increasingly clumsy.

This patch borrows the approach used in PC, using a DEFINE_SPAPR_MACHINE()
macro to construct most of the boilerplate from simpler 'class_options' and
'instance_options' functions.

This patch makes a small semantic change - the versioned machine types are
now registered through machine_init() instead of type_init().  Since the
new way is how PC already did it, I'm assuming that's correct.

Signed-off-by: David Gibson 
Reviewed-by: Sam Bobroff 
Reviewed-by: Alexey Kardashevskiy 
---
 hw/ppc/spapr.c | 119 -
 1 file changed, 49 insertions(+), 70 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 3078e60..4f645f3 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2302,24 +2302,47 @@ static const TypeInfo spapr_machine_info = {
 },
 };
 
+#define DEFINE_SPAPR_MACHINE(suffix, verstr) \
+static void spapr_machine_##suffix##_class_init(ObjectClass *oc, \
+void *data)  \
+{\
+MachineClass *mc = MACHINE_CLASS(oc);\
+spapr_machine_##suffix##_class_options(mc);  \
+}\
+static void spapr_machine_##suffix##_instance_init(Object *obj)  \
+{\
+MachineState *machine = MACHINE(obj);\
+spapr_machine_##suffix##_instance_options(machine);  \
+}\
+static const TypeInfo spapr_machine_##suffix##_info = {  \
+.name = MACHINE_TYPE_NAME("pseries-" verstr),\
+.parent = TYPE_SPAPR_MACHINE,\
+.class_init = spapr_machine_##suffix##_class_init,   \
+.instance_init = spapr_machine_##suffix##_instance_init, \
+};   \
+static void spapr_machine_register_##suffix(void)\
+{\
+type_register(_machine_##suffix##_info);   \
+}\
+machine_init(spapr_machine_register_##suffix)
+
 /*
  * pseries-2.5
  */
-static void spapr_machine_2_5_class_init(ObjectClass *oc, void *data)
+static void spapr_machine_2_5_instance_options(MachineState *machine)
 {
-MachineClass *mc = MACHINE_CLASS(oc);
-sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(oc);
+}
+
+static void spapr_machine_2_5_class_options(MachineClass *mc)
+{
+sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
 
 mc->alias = "pseries";
 mc->is_default = 1;
 smc->dr_lmb_enabled = true;
 }
 
-static const TypeInfo spapr_machine_2_5_info = {
-.name  = MACHINE_TYPE_NAME("pseries-2.5"),
-.parent= TYPE_SPAPR_MACHINE,
-.class_init= spapr_machine_2_5_class_init,
-};
+DEFINE_SPAPR_MACHINE(2_5, "2.5");
 
 /*
  * pseries-2.4
@@ -2327,18 +2350,17 @@ static const TypeInfo spapr_machine_2_5_info = {
 #define SPAPR_COMPAT_2_4 \
 HW_COMPAT_2_4
 
-static void spapr_machine_2_4_class_init(ObjectClass *oc, void *data)
+static void spapr_machine_2_4_instance_options(MachineState *machine)
 {
-MachineClass *mc = MACHINE_CLASS(oc);
+spapr_machine_2_5_instance_options(machine);
+}
 
+static void spapr_machine_2_4_class_options(MachineClass *mc)
+{
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_4);
 }
 
-static const TypeInfo spapr_machine_2_4_info = {
-.name  = MACHINE_TYPE_NAME("pseries-2.4"),
-.parent= TYPE_SPAPR_MACHINE,
-.class_init= spapr_machine_2_4_class_init,
-};
+DEFINE_SPAPR_MACHINE(2_4, "2.4");
 
 /*
  * pseries-2.3
@@ -2352,30 +2374,18 @@ static const TypeInfo spapr_machine_2_4_info = {
 .value= "off",\
 },
 
-static void spapr_compat_2_3(Object *obj)
+static void spapr_machine_2_3_instance_options(MachineState *machine)
 {
+spapr_machine_2_4_instance_options(machine);
 savevm_skip_section_footers();
 global_state_set_optional();
 }
 
-static void spapr_machine_2_3_instance_init(Object *obj)
-{
-spapr_compat_2_3(obj);
-}
-
-static void spapr_machine_2_3_class_init(ObjectClass *oc, void *data)
+static void spapr_machine_2_3_class_options(MachineClass *mc)
 {
-MachineClass *mc = MACHINE_CLASS(oc);
-
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_3);
 }
-
-static const TypeInfo spapr_machine_2_3_info = {
-.name  = 

[Qemu-devel] [PULL 06/16] pseries: Remove redundant calls to spapr_machine_initfn()

[David Gibson]

The instance_init() functions for several of the pseries-x.y versioned
machine types explicitly call spapr_machine_initfn().  But that's the
instance_init function for the common parent of all those machine types,
so will already have been called beforehand by the QOM infrastructure.

Remove the redundant calls.

Signed-off-by: David Gibson 
Reviewed-by: Thomas Huth 
Reviewed-by: Alexey Kardashevskiy 
---
 hw/ppc/spapr.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index c126e10..c7c6517 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2366,7 +2366,6 @@ static void spapr_compat_2_3(Object *obj)
 static void spapr_machine_2_3_instance_init(Object *obj)
 {
 spapr_compat_2_3(obj);
-spapr_machine_initfn(obj);
 }
 
 static void spapr_machine_2_3_class_init(ObjectClass *oc, void *data)
@@ -2409,7 +2408,6 @@ static void spapr_compat_2_2(Object *obj)
 static void spapr_machine_2_2_instance_init(Object *obj)
 {
 spapr_compat_2_2(obj);
-spapr_machine_initfn(obj);
 }
 
 static void spapr_machine_2_2_class_init(ObjectClass *oc, void *data)
@@ -2446,7 +2444,6 @@ static void spapr_compat_2_1(Object *obj)
 static void spapr_machine_2_1_instance_init(Object *obj)
 {
 spapr_compat_2_1(obj);
-spapr_machine_initfn(obj);
 }
 
 static void spapr_machine_2_1_class_init(ObjectClass *oc, void *data)
-- 
2.5.0

[Qemu-devel] [PULL 13/16] pseries: Add pseries-2.6 machine type

[David Gibson]

Signed-off-by: David Gibson 
Reviewed-by: Alexey Kardashevskiy 
---
 hw/ppc/spapr.c | 22 --
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 8b8eb18..7f6b118 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2337,18 +2337,36 @@ static const TypeInfo spapr_machine_info = {
 machine_init(spapr_machine_register_##suffix)
 
 /*
+ * pseries-2.6
+ */
+static void spapr_machine_2_6_instance_options(MachineState *machine)
+{
+}
+
+static void spapr_machine_2_6_class_options(MachineClass *mc)
+{
+/* Defaults for the latest behaviour inherited from the base class */
+}
+
+DEFINE_SPAPR_MACHINE(2_6, "2.6", true);
+
+/*
  * pseries-2.5
  */
+#define SPAPR_COMPAT_2_5 \
+HW_COMPAT_2_5
+
 static void spapr_machine_2_5_instance_options(MachineState *machine)
 {
 }
 
 static void spapr_machine_2_5_class_options(MachineClass *mc)
 {
-/* Defaults for the latest behaviour inherited from the base class */
+spapr_machine_2_6_class_options(mc);
+SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_5);
 }
 
-DEFINE_SPAPR_MACHINE(2_5, "2.5", true);
+DEFINE_SPAPR_MACHINE(2_5, "2.5", false);
 
 /*
  * pseries-2.4
-- 
2.5.0

[Qemu-devel] [PULL 00/16] ppc-for-2.6 queue 20160111

[David Gibson]

The following changes since commit 6bb9ead762bf749af11ea225fc2a74db1b93c105:

  Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160108-1' into 
staging (2016-01-08 12:50:19 +)

are available in the git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-2.6-20160111

for you to fetch changes up to 87bbdd9cafe58ce50d462307394d51af98d50d74:

  hw/ppc/spapr: fix spapr->kvm_type leak (2016-01-11 15:29:05 +1100)


ppc patch queue 2016-01-11

Biggest content is a thorough cleanups of spapr machine type handling.
Also contains several other minor cleanups, bugfixes and extensions.


Alexey Kardashevskiy (1):
  spapr: Add /system-id

Cao jin (1):
  spapr vio: fix to incomplete QOMify

David Gibson (11):
  pseries: Remove redundant setting of mc->name for pseries-2.5 machine
  pseries: Rearrange versioned machine type code
  pseries: Remove redundant calls to spapr_machine_initfn()
  pseries: Remove versions from mc->desc
  Move SET_MACHINE_COMPAT macro to boards.h
  pseries: Use SET_MACHINE_COMPAT
  pseries: DEFINE_SPAPR_MACHINE
  pseries: Restructure class_options functions
  pseries: Improve setting of default machine version
  pseries: Add pseries-2.6 machine type
  hw/ppc/spapr: fix spapr->kvm_type leak

Sukadev Bhattiprolu (1):
  target-ppc: Define kvmppc_read_int_dt()

Thomas Huth (2):
  hw/ppc/spapr_rtc: Remove bad class_size value
  hw/ppc/spapr: Use XHCI as host controller for new spapr machines

 hw/ppc/spapr.c | 262 -
 hw/ppc/spapr_rtc.c |   1 -
 hw/ppc/spapr_vio.c |  12 +--
 include/hw/boards.h|   9 ++
 include/hw/i386/pc.h   |   8 --
 include/hw/ppc/spapr.h |   3 +-
 include/hw/ppc/spapr_vio.h |   2 +-
 target-ppc/kvm.c   |  36 ---
 8 files changed, 180 insertions(+), 153 deletions(-)

[Qemu-devel] [PULL 05/16] pseries: Rearrange versioned machine type code

[David Gibson]

hw/ppc/spapr.c has a number of definitions related to the various versioned
machine types ("pseries-2.1" .. "pseries-2.5") it defines.  These are
mostly arranged by type of function first, then machine version second, and
it's not consistent about whether it goes in increasing or decreasing
version order.

This rearranges the code to keep all the definitions for a particular
machine version together, and arrange then consistently in order most
recent to least recent.

This brings us closer to matching the way PC does things, and makes later
cleanups easier to follow.

Apart from adding some comments marking each section, this is a pure
mechanical rearrangement with no semantic changes.

Signed-off-by: David Gibson 
Reviewed-by: Thomas Huth 
Reviewed-by: Alexey Kardashevskiy 
---
 hw/ppc/spapr.c | 180 +++--
 1 file changed, 98 insertions(+), 82 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index a69856f..c126e10 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2301,9 +2301,53 @@ static const TypeInfo spapr_machine_info = {
 },
 };
 
+/*
+ * pseries-2.5
+ */
+static void spapr_machine_2_5_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(oc);
+
+mc->desc = "pSeries Logical Partition (PAPR compliant) v2.5";
+mc->alias = "pseries";
+mc->is_default = 1;
+smc->dr_lmb_enabled = true;
+}
+
+static const TypeInfo spapr_machine_2_5_info = {
+.name  = MACHINE_TYPE_NAME("pseries-2.5"),
+.parent= TYPE_SPAPR_MACHINE,
+.class_init= spapr_machine_2_5_class_init,
+};
+
+/*
+ * pseries-2.4
+ */
 #define SPAPR_COMPAT_2_4 \
 HW_COMPAT_2_4
 
+static void spapr_machine_2_4_class_init(ObjectClass *oc, void *data)
+{
+static GlobalProperty compat_props[] = {
+SPAPR_COMPAT_2_4
+{ /* end of list */ }
+};
+MachineClass *mc = MACHINE_CLASS(oc);
+
+mc->desc = "pSeries Logical Partition (PAPR compliant) v2.4";
+mc->compat_props = compat_props;
+}
+
+static const TypeInfo spapr_machine_2_4_info = {
+.name  = MACHINE_TYPE_NAME("pseries-2.4"),
+.parent= TYPE_SPAPR_MACHINE,
+.class_init= spapr_machine_2_4_class_init,
+};
+
+/*
+ * pseries-2.3
+ */
 #define SPAPR_COMPAT_2_3 \
 SPAPR_COMPAT_2_4 \
 HW_COMPAT_2_3 \
@@ -2313,72 +2357,61 @@ static const TypeInfo spapr_machine_info = {
 .value= "off",\
 },
 
-#define SPAPR_COMPAT_2_2 \
-SPAPR_COMPAT_2_3 \
-HW_COMPAT_2_2 \
-{\
-.driver   = TYPE_SPAPR_PCI_HOST_BRIDGE,\
-.property = "mem_win_size",\
-.value= "0x2000",\
-},
-
-#define SPAPR_COMPAT_2_1 \
-SPAPR_COMPAT_2_2 \
-HW_COMPAT_2_1
-
 static void spapr_compat_2_3(Object *obj)
 {
 savevm_skip_section_footers();
 global_state_set_optional();
 }
 
-static void spapr_compat_2_2(Object *obj)
-{
-spapr_compat_2_3(obj);
-}
-
-static void spapr_compat_2_1(Object *obj)
-{
-spapr_compat_2_2(obj);
-}
-
 static void spapr_machine_2_3_instance_init(Object *obj)
 {
 spapr_compat_2_3(obj);
 spapr_machine_initfn(obj);
 }
 
-static void spapr_machine_2_2_instance_init(Object *obj)
-{
-spapr_compat_2_2(obj);
-spapr_machine_initfn(obj);
-}
-
-static void spapr_machine_2_1_instance_init(Object *obj)
-{
-spapr_compat_2_1(obj);
-spapr_machine_initfn(obj);
-}
-
-static void spapr_machine_2_1_class_init(ObjectClass *oc, void *data)
+static void spapr_machine_2_3_class_init(ObjectClass *oc, void *data)
 {
-MachineClass *mc = MACHINE_CLASS(oc);
 static GlobalProperty compat_props[] = {
-SPAPR_COMPAT_2_1
+SPAPR_COMPAT_2_3
 { /* end of list */ }
 };
+MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->desc = "pSeries Logical Partition (PAPR compliant) v2.1";
+mc->desc = "pSeries Logical Partition (PAPR compliant) v2.3";
 mc->compat_props = compat_props;
 }
 
-static const TypeInfo spapr_machine_2_1_info = {
-.name  = MACHINE_TYPE_NAME("pseries-2.1"),
+static const TypeInfo spapr_machine_2_3_info = {
+.name  = MACHINE_TYPE_NAME("pseries-2.3"),
 .parent= TYPE_SPAPR_MACHINE,
-.class_init= spapr_machine_2_1_class_init,
-.instance_init = spapr_machine_2_1_instance_init,
+.class_init= spapr_machine_2_3_class_init,
+.instance_init = spapr_machine_2_3_instance_init,
 };
 
+/*
+ * pseries-2.2
+ */
+
+#define SPAPR_COMPAT_2_2 \
+SPAPR_COMPAT_2_3 \
+HW_COMPAT_2_2 \
+{\
+.driver   = TYPE_SPAPR_PCI_HOST_BRIDGE,\
+.property = "mem_win_size",\
+.value= "0x2000",\
+},
+
+static void spapr_compat_2_2(Object *obj)
+{
+spapr_compat_2_3(obj);
+}
+
+static void spapr_machine_2_2_instance_init(Object 

[Qemu-devel] [PULL 09/16] pseries: Use SET_MACHINE_COMPAT

[David Gibson]

To make the spapr_machine_*_class_init() functions a little less bulky.

Signed-off-by: David Gibson 
Reviewed-by: Thomas Huth 
Reviewed-by: Alexey Kardashevskiy 
---
 hw/ppc/spapr.c | 24 
 1 file changed, 4 insertions(+), 20 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index b08d338..3078e60 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2329,13 +2329,9 @@ static const TypeInfo spapr_machine_2_5_info = {
 
 static void spapr_machine_2_4_class_init(ObjectClass *oc, void *data)
 {
-static GlobalProperty compat_props[] = {
-SPAPR_COMPAT_2_4
-{ /* end of list */ }
-};
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->compat_props = compat_props;
+SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_4);
 }
 
 static const TypeInfo spapr_machine_2_4_info = {
@@ -2369,13 +2365,9 @@ static void spapr_machine_2_3_instance_init(Object *obj)
 
 static void spapr_machine_2_3_class_init(ObjectClass *oc, void *data)
 {
-static GlobalProperty compat_props[] = {
-SPAPR_COMPAT_2_3
-{ /* end of list */ }
-};
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->compat_props = compat_props;
+SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_3);
 }
 
 static const TypeInfo spapr_machine_2_3_info = {
@@ -2410,13 +2402,9 @@ static void spapr_machine_2_2_instance_init(Object *obj)
 
 static void spapr_machine_2_2_class_init(ObjectClass *oc, void *data)
 {
-static GlobalProperty compat_props[] = {
-SPAPR_COMPAT_2_2
-{ /* end of list */ }
-};
 MachineClass *mc = MACHINE_CLASS(oc);
 
-mc->compat_props = compat_props;
+SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_2);
 }
 
 static const TypeInfo spapr_machine_2_2_info = {
@@ -2446,12 +2434,8 @@ static void spapr_machine_2_1_instance_init(Object *obj)
 static void spapr_machine_2_1_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
-static GlobalProperty compat_props[] = {
-SPAPR_COMPAT_2_1
-{ /* end of list */ }
-};
 
-mc->compat_props = compat_props;
+SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_1);
 }
 
 static const TypeInfo spapr_machine_2_1_info = {
-- 
2.5.0

Re: [Qemu-devel] [Xen-devel] [PATCH v4] igd-passthrough-i440FX: convert to realize()

[Hao, Xudong]

Qemu with the patch can't boot VM with IGD pass-through, I'm checking if it 
works w/o this patch to eliminate the environment influence.

Thanks,
-Xudong


> -Original Message-
> From: Stefano Stabellini [mailto:stefano.stabell...@eu.citrix.com]
> Sent: Friday, January 8, 2016 7:57 PM
> To: Hao, Xudong 
> Cc: Stefano Stabellini ; Lars Kurth
> ; Lars Kurth ; Cao jin
> ; xen-de...@lists.xensource.com; Stefano Stabellini
> ; qemu-devel@nongnu.org; Michael S. Tsirkin
> 
> Subject: RE: [Xen-devel] [PATCH v4] igd-passthrough-i440FX: convert to 
> realize()
> 
> Since you are at it, could you please let me know how well igd passthrough
> works without this bugfix:
> 
> http://marc.info/?l=qemu-devel=145172165010604
> 
> which is about to land in QEMU.  I guess it doesn't work at all?
> 
> I am asking because I would like to know the level of support we need to 
> provide
> to igd passthrough with the latest QEMU release (2.5).
> 
> 
> On Thu, 7 Jan 2016, Hao, Xudong wrote:
> > Sure. I'll test it soon.
> >
> > Thanks,
> > -Xudong
> >
> > > -Original Message-
> > > From: Stefano Stabellini [mailto:stefano.stabell...@eu.citrix.com]
> > > Sent: Wednesday, January 6, 2016 8:18 PM
> > > To: Lars Kurth 
> > > Cc: Stefano Stabellini ; Hao,
> > > Xudong ; Lars Kurth ;
> > > Cao jin ; xen-de...@lists.xensource.com;
> > > Stefano Stabellini ;
> > > qemu-devel@nongnu.org; Michael S. Tsirkin 
> > > Subject: Re: [Xen-devel] [PATCH v4] igd-passthrough-i440FX: convert
> > > to realize()
> > >
> > > Hello Xudong,
> > >
> > > please test this patch:
> > >
> > > http://marc.info/?l=qemu-devel=145137863501079
> > >
> > > with an intel graphic card assigned to a Xen guest. If everything
> > > still works as expected, please reply with your Tested-by.
> > >
> > > Thanks,
> > >
> > > Stefano
> > >
> > > On Wed, 6 Jan 2016, Lars Kurth wrote:
> > > > Hi folks,
> > > > let me introduce you to Xudong from Intel, who is willing to help out.
> > > > Best Regards
> > > > Lars
> > > >
> > > > > On 4 Jan 2016, at 15:41, Stefano Stabellini
> > > > > 
> > > wrote:
> > > > >
> > > > > On Mon, 4 Jan 2016, Lars Kurth wrote:
> > > > >> On 04/01/2016 14:47, "Stefano Stabellini"
> > > > >>  wrote:
> > > > >>
> > > > >>> Unfortunately I don't have a setup to test this either. Maybe
> > > > >>> Lars can find out who should be involved on the Intel side on this.
> > > > >>
> > > > >> I can certainly help to this and get back to you. What exactly
> > > > >> are we asking Intel to do?
> > > > >> It is not clear to me from this email thread
> > > > >
> > > > > Tiejun Chen, the author of the Intel graphic card passthrough
> > > > > patches for QEMU, seems to have left the company. It would be
> > > > > nice if somebody else tested this patch with an intel graphic
> > > > > card assigned to a guest VM.
> > > > >
> > > > > ___
> > > > > Xen-devel mailing list
> > > > > xen-de...@lists.xen.org
> > > > > http://lists.xen.org/xen-devel
> > > >
> >

Re: [Qemu-devel] [PATCH v2 3/7] device_tree: introduce qemu_fdt_node_path

[David Gibson]

On Wed, Jan 06, 2016 at 03:13:21PM +, Eric Auger wrote:
> This new helper routine returns the node path of a device
> referred to by its node name and compat string.

What if there are multiple nodes matching the name and compat?

> 
> Signed-off-by: Eric Auger 
> 
> ---
> 
> v1 -> v2:
> - move doc comment in header file
> - do not use a fixed size buffer
> - break on errors in while loop
> - use strcmp instead of strncmp
> 
> RFC -> v1:
> - improve error handling according to Alex' comments
> ---
>  device_tree.c| 37 +
>  include/sysemu/device_tree.h | 14 ++
>  2 files changed, 51 insertions(+)
> 
> diff --git a/device_tree.c b/device_tree.c
> index b262c2d..8441e01 100644
> --- a/device_tree.c
> +++ b/device_tree.c
> @@ -231,6 +231,43 @@ static int findnode_nofail(void *fdt, const char 
> *node_path)
>  return offset;
>  }
>  
> +int qemu_fdt_node_path(void *fdt, const char *name, char *compat,
> +   char **node_path)
> +{
> +int offset, len, ret;
> +const char *iter_name;
> +unsigned int path_len = 16;
> +char *path;
> +
> +*node_path = NULL;
> +offset = fdt_node_offset_by_compatible(fdt, -1, compat);
> +
> +while (offset >= 0) {
> +iter_name = fdt_get_name(fdt, offset, );
> +if (!iter_name) {
> +offset = len;
> +break;
> +}
> +if (!strcmp(iter_name, name)) {
> +goto found;
> +}
> +offset = fdt_node_offset_by_compatible(fdt, offset, compat);
> +}
> +return offset;
> +
> +found:
> +path = g_malloc(path_len);
> +while ((ret = fdt_get_path(fdt, offset, path, path_len))
> +== -FDT_ERR_NOSPACE) {
> +path_len += 16;
> +path = g_realloc(path, path_len);
> +}
> +if (!ret) {
> +*node_path = path;
> +}
> +return ret;
> +}
> +
>  int qemu_fdt_setprop(void *fdt, const char *node_path,
>   const char *property, const void *val, int size)
>  {
> diff --git a/include/sysemu/device_tree.h b/include/sysemu/device_tree.h
> index fdf25a4..269cb1c 100644
> --- a/include/sysemu/device_tree.h
> +++ b/include/sysemu/device_tree.h
> @@ -20,6 +20,20 @@ void *load_device_tree(const char *filename_path, int 
> *sizep);
>  void *load_device_tree_from_sysfs(void);
>  #endif
>  
> +/**
> + * qemu_fdt_node_path: return the node path of a device, given its
> + * node name and its compat string
> + * @fdt: pointer to the dt blob
> + * @name: device node name
> + * @compat: compatibility string of the device
> + * @node_path: returned node path
> + *
> + * upon success, the path is output at node_path address
> + * returns 0 on success, < 0 on failure
> + */
> +int qemu_fdt_node_path(void *fdt, const char *name, char *compat,
> +   char **node_path);
> +
>  int qemu_fdt_setprop(void *fdt, const char *node_path,
>   const char *property, const void *val, int size);
>  int qemu_fdt_setprop_cell(void *fdt, const char *node_path,

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PULL 15/16] spapr vio: fix to incomplete QOMify

[David Gibson]

From: Cao jin 

Signed-off-by: Cao jin 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_vio.c | 12 +---
 include/hw/ppc/spapr_vio.h |  2 +-
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/hw/ppc/spapr_vio.c b/hw/ppc/spapr_vio.c
index c51eb8e..46f3b8d 100644
--- a/hw/ppc/spapr_vio.c
+++ b/hw/ppc/spapr_vio.c
@@ -388,7 +388,7 @@ static void rtas_quiesce(PowerPCCPU *cpu, sPAPRMachineState 
*spapr,
 
 static VIOsPAPRDevice *reg_conflict(VIOsPAPRDevice *dev)
 {
-VIOsPAPRBus *bus = DO_UPCAST(VIOsPAPRBus, bus, dev->qdev.parent_bus);
+VIOsPAPRBus *bus = SPAPR_VIO_BUS(dev->qdev.parent_bus);
 BusChild *kid;
 VIOsPAPRDevice *other;
 
@@ -449,7 +449,7 @@ static void spapr_vio_busdev_realize(DeviceState *qdev, 
Error **errp)
 }
 } else {
 /* Need to assign an address */
-VIOsPAPRBus *bus = DO_UPCAST(VIOsPAPRBus, bus, dev->qdev.parent_bus);
+VIOsPAPRBus *bus = SPAPR_VIO_BUS(dev->qdev.parent_bus);
 
 do {
 dev->reg = bus->next_reg++;
@@ -523,13 +523,12 @@ VIOsPAPRBus *spapr_vio_bus_init(void)
 DeviceState *dev;
 
 /* Create bridge device */
-dev = qdev_create(NULL, "spapr-vio-bridge");
+dev = qdev_create(NULL, TYPE_SPAPR_VIO_BRIDGE);
 qdev_init_nofail(dev);
 
 /* Create bus on bridge device */
-
 qbus = qbus_create(TYPE_SPAPR_VIO_BUS, dev, "spapr-vio");
-bus = DO_UPCAST(VIOsPAPRBus, bus, qbus);
+bus = SPAPR_VIO_BUS(qbus);
 bus->next_reg = 0x7100;
 
 /* hcall-vio */
@@ -567,9 +566,8 @@ static void spapr_vio_bridge_class_init(ObjectClass *klass, 
void *data)
 }
 
 static const TypeInfo spapr_vio_bridge_info = {
-.name  = "spapr-vio-bridge",
+.name  = TYPE_SPAPR_VIO_BRIDGE,
 .parent= TYPE_SYS_BUS_DEVICE,
-.instance_size = sizeof(SysBusDevice),
 .class_init= spapr_vio_bridge_class_init,
 };
 
diff --git a/include/hw/ppc/spapr_vio.h b/include/hw/ppc/spapr_vio.h
index 2299a54..c9733e7 100644
--- a/include/hw/ppc/spapr_vio.h
+++ b/include/hw/ppc/spapr_vio.h
@@ -34,7 +34,7 @@
 #define TYPE_SPAPR_VIO_BUS "spapr-vio-bus"
 #define SPAPR_VIO_BUS(obj) OBJECT_CHECK(VIOsPAPRBus, (obj), TYPE_SPAPR_VIO_BUS)
 
-struct VIOsPAPRDevice;
+#define TYPE_SPAPR_VIO_BRIDGE "spapr-vio-bridge"
 
 typedef struct VIOsPAPR_CRQ {
 uint64_t qladdr;
-- 
2.5.0

[Qemu-devel] [PULL 02/16] target-ppc: Define kvmppc_read_int_dt()

[David Gibson]

From: Sukadev Bhattiprolu 

Extract code from the function kvmppc_read_int_cpu_dt() that actually
reads the file into a separate function, so it can be called from
other places.

Signed-off-by: Sukadev Bhattiprolu 
Signed-off-by: David Gibson 
---
 target-ppc/kvm.c | 36 ++--
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index ac70f08..9940a90 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -1838,13 +1838,8 @@ static int kvmppc_find_cpu_dt(char *buf, int buf_len)
 return 0;
 }
 
-/* Read a CPU node property from the host device tree that's a single
- * integer (32-bit or 64-bit).  Returns 0 if anything goes wrong
- * (can't find or open the property, or doesn't understand the
- * format) */
-static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
+static uint64_t kvmppc_read_int_dt(const char *filename)
 {
-char buf[PATH_MAX], *tmp;
 union {
 uint32_t v32;
 uint64_t v64;
@@ -1852,14 +1847,7 @@ static uint64_t kvmppc_read_int_cpu_dt(const char 
*propname)
 FILE *f;
 int len;
 
-if (kvmppc_find_cpu_dt(buf, sizeof(buf))) {
-return -1;
-}
-
-tmp = g_strdup_printf("%s/%s", buf, propname);
-
-f = fopen(tmp, "rb");
-g_free(tmp);
+f = fopen(filename, "rb");
 if (!f) {
 return -1;
 }
@@ -1877,6 +1865,26 @@ static uint64_t kvmppc_read_int_cpu_dt(const char 
*propname)
 return 0;
 }
 
+/* Read a CPU node property from the host device tree that's a single
+ * integer (32-bit or 64-bit).  Returns 0 if anything goes wrong
+ * (can't find or open the property, or doesn't understand the
+ * format) */
+static uint64_t kvmppc_read_int_cpu_dt(const char *propname)
+{
+char buf[PATH_MAX], *tmp;
+uint64_t val;
+
+if (kvmppc_find_cpu_dt(buf, sizeof(buf))) {
+return -1;
+}
+
+tmp = g_strdup_printf("%s/%s", buf, propname);
+val = kvmppc_read_int_dt(tmp);
+g_free(tmp);
+
+return val;
+}
+
 uint64_t kvmppc_get_clockfreq(void)
 {
 return kvmppc_read_int_cpu_dt("clock-frequency");
-- 
2.5.0

Re: [Qemu-devel] [PATCH v2 5/7] hw/arm/sysbus-fdt: helpers for clock node generation

[David Gibson]

On Wed, Jan 06, 2016 at 03:13:23PM +, Eric Auger wrote:
> Some passthrough'ed devices depend on clock nodes. Those need to be
> generated in the guest device tree. This patch introduces some helpers
> to build a clock node from information retrieved in the host device tree.
> 
> - inherit_properties copies properties from a host device tree node to
>   a guest device tree node

I dislike the name, since the first thing I think when I see "inherit"
is that it's about a node inheriting a property from an ancestor node,
not the guest inheriting properties from the host.  Maybe
"passthrough_properties()"?

> - fdt_build_clock_node builds a guest clock node and checks the host
>   fellow clock is a fixed one.
> 
> fdt_build_clock_node will become static as soon as it gets used. A
> dummy pre-declaration is needed for compilation of this patch.
> 
> Signed-off-by: Eric Auger 
> 
> ---
> 
> v1 -> v2:
> - inherit properties now outputs an error message in case
>   qemu_fdt_getprop fails for an existing optional property
> - no hardcoded fixed buffer length
> - fdt_build_clock_node becomes void and auto-asserts on error
> - use boolean values when defining the clock properties
> 
> RFC -> v1:
> - use the new proto of qemu_fdt_getprop
> - remove newline in error_report
> - fix some style issues
> ---
>  hw/arm/sysbus-fdt.c | 120 
> 
>  1 file changed, 120 insertions(+)
> 
> diff --git a/hw/arm/sysbus-fdt.c b/hw/arm/sysbus-fdt.c
> index 9d28797..a1cf57b 100644
> --- a/hw/arm/sysbus-fdt.c
> +++ b/hw/arm/sysbus-fdt.c
> @@ -21,6 +21,7 @@
>   *
>   */
>  
> +#include 
>  #include "hw/arm/sysbus-fdt.h"
>  #include "qemu/error-report.h"
>  #include "sysemu/device_tree.h"
> @@ -56,6 +57,125 @@ typedef struct NodeCreationPair {
>  int (*add_fdt_node_fn)(SysBusDevice *sbdev, void *opaque);
>  } NodeCreationPair;
>  
> +/* helpers */
> +
> +typedef struct HostProperty {
> +const char *name;
> +bool optional;
> +} HostProperty;
> +
> +/**
> + * inherit_properties
> + *
> + * copies properties listed in an array from host device tree to
> + * guest device tree. If a non optional property is not found, the
> + * function self-asserts. An optional property is ignored if not found
> + * in the host device tree.
> + * @props: array of HostProperty to copy
> + * @nb_props: number of properties in the array
> + * @host_dt: host device tree blob
> + * @guest_dt: guest device tree blob
> + * @node_path: host dt node path where the property is supposed to be
> +  found
> + * @nodename: guest node name the properties should be added to
> + */
> +static void inherit_properties(HostProperty *props, int nb_props,
> +   void *host_fdt, void *guest_fdt,
> +   char *node_path, char *nodename)
> +{
> +int i, prop_len;
> +const void *r;
> +Error *err = NULL;
> +
> +for (i = 0; i < nb_props; i++) {
> +r = qemu_fdt_getprop(host_fdt, node_path,
> + props[i].name,
> + _len,
> + props[i].optional ?  : _fatal);
> +if (r) {
> +qemu_fdt_setprop(guest_fdt, nodename,
> + props[i].name, r, prop_len);
> +} else {
> +if (prop_len != -FDT_ERR_NOTFOUND) {
> +/* optional property not returned although property exists */
> +error_report_err(err);
> +} else {
> +error_free(err);
> +}
> +}
> +}
> +}
> +
> +/* clock properties whose values are copied/pasted from host */
> +static HostProperty clock_inherited_properties[] = {
> +{"compatible", false},
> +{"#clock-cells", false},
> +{"clock-frequency", true},
> +{"clock-output-names", true},
> +};
> +
> +/**
> + * fdt_build_clock_node
> + *
> + * Build a guest clock node, used as a dependency from a passthrough'ed
> + * device. Most information are retrieved from the host clock node.
> + * Also check the host clock is a fixed one.
> + *
> + * @host_fdt: host device tree blob from which info are retrieved
> + * @guest_fdt: guest device tree blob where the clock node is added
> + * @host_phandle: phandle of the clock in host device tree
> + * @guest_phandle: phandle to assign to the guest node
> + */
> +void fdt_build_clock_node(void *host_fdt, void *guest_fdt,
> + uint32_t host_phandle,
> + uint32_t guest_phandle);
> +void fdt_build_clock_node(void *host_fdt, void *guest_fdt,
> + uint32_t host_phandle,
> + uint32_t guest_phandle)
> +{
> +char *node_path = NULL;
> +char *nodename;
> +const void *r;
> +int ret, node_offset, prop_len, path_len = 16;
> +
> +node_offset = fdt_node_offset_by_phandle(host_fdt, host_phandle);
> +if (node_offset <= 0) {
> +error_setg(_fatal,

Re: [Qemu-devel] [PATCH v2 7/7] hw/arm/sysbus-fdt: remove qemu_fdt_setprop returned value check

[David Gibson]

On Wed, Jan 06, 2016 at 03:13:25PM +, Eric Auger wrote:
> qemu_fdt_setprop self-exists in case of error hence no need to check
> the returned value.
> 
> Signed-off-by: Eric Auger 

This change is fine, but in general I'm disinclined to invest too much
in the qemu interfaces for manipulating flattened trees.

I think our device tree manipulation in qemu is now complicated enough
that we should move towards using an unflattened (i.e. pointer based)
DT representation inside qemu, which is generally more suitable for
complex manipulation.

That would then get flattened into a blob for the guest in a single
pass at reset time.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PULL 11/16] pseries: Restructure class_options functions

[David Gibson]

Currently each of the *_class_options() functions for the pseries-2.1 ..
pseries-2.5 machine types are standalone.  This will become harder to
maintain as new versions are added.

This patch restructures them similarly to x86 where each function calls
the one from the next version, then overrides anything necessary for
compatibility with the specific version and older.

The default behaviour - that for the most recent machine are set up in
the base class initializer spapr_machine_class_init().  Previously it had
some things set up to default to older behaviour with the more recent
machines overriding it.

Signed-off-by: David Gibson 
Reviewed-by: Alexey Kardashevskiy 
---
 hw/ppc/spapr.c | 21 +
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 4f645f3..5af3d13 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2266,6 +2266,12 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
 
 mc->desc = "pSeries Logical Partition (PAPR compliant)";
+
+/*
+ * We set up the default / latest behaviour here.  The class_init
+ * functions for the specific versioned machine types can override
+ * these details for backwards compatibility
+ */
 mc->init = ppc_spapr_init;
 mc->reset = ppc_spapr_reset;
 mc->block_default_type = IF_SCSI;
@@ -2281,7 +2287,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 hc->unplug = spapr_machine_device_unplug;
 mc->cpu_index_to_socket_id = spapr_cpu_index_to_socket_id;
 
-smc->dr_lmb_enabled = false;
+smc->dr_lmb_enabled = true;
 fwc->get_dev_path = spapr_get_fw_dev_path;
 nc->nmi_monitor_handler = spapr_nmi;
 }
@@ -2335,11 +2341,9 @@ static void 
spapr_machine_2_5_instance_options(MachineState *machine)
 
 static void spapr_machine_2_5_class_options(MachineClass *mc)
 {
-sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
-
+/* Defaults for the latest behaviour inherited from the base class */
 mc->alias = "pseries";
 mc->is_default = 1;
-smc->dr_lmb_enabled = true;
 }
 
 DEFINE_SPAPR_MACHINE(2_5, "2.5");
@@ -2357,6 +2361,12 @@ static void 
spapr_machine_2_4_instance_options(MachineState *machine)
 
 static void spapr_machine_2_4_class_options(MachineClass *mc)
 {
+sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
+
+spapr_machine_2_5_class_options(mc);
+mc->alias = NULL;
+mc->is_default = 0;
+smc->dr_lmb_enabled = false;
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_4);
 }
 
@@ -2383,6 +2393,7 @@ static void 
spapr_machine_2_3_instance_options(MachineState *machine)
 
 static void spapr_machine_2_3_class_options(MachineClass *mc)
 {
+spapr_machine_2_4_class_options(mc);
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_3);
 }
 DEFINE_SPAPR_MACHINE(2_3, "2.3");
@@ -2407,6 +2418,7 @@ static void 
spapr_machine_2_2_instance_options(MachineState *machine)
 
 static void spapr_machine_2_2_class_options(MachineClass *mc)
 {
+spapr_machine_2_3_class_options(mc);
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_2);
 }
 DEFINE_SPAPR_MACHINE(2_2, "2.2");
@@ -2425,6 +2437,7 @@ static void 
spapr_machine_2_1_instance_options(MachineState *machine)
 
 static void spapr_machine_2_1_class_options(MachineClass *mc)
 {
+spapr_machine_2_2_class_options(mc);
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_1);
 }
 DEFINE_SPAPR_MACHINE(2_1, "2.1");
-- 
2.5.0

[Qemu-devel] [PULL 04/16] pseries: Remove redundant setting of mc->name for pseries-2.5 machine

[David Gibson]

98cec76 "machine: Set MachineClass::name automatically" removed the setting
of mc->name for the pseries machine types, since it can be derived
automatically from the type names constructed with MACHINE_TYPE_NAME().

Unfortunately fb0fc8f "spapr: Create pseries-2.5 machine" went in later and
brought one of them back.

This removes it again.

Signed-off-by: David Gibson 
Reviewed-by: Thomas Huth 
Reviewed-by: Alexey Kardashevskiy 
---
 hw/ppc/spapr.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 29a16b7..a69856f 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2440,7 +2440,6 @@ static void spapr_machine_2_5_class_init(ObjectClass *oc, 
void *data)
 MachineClass *mc = MACHINE_CLASS(oc);
 sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(oc);
 
-mc->name = "pseries-2.5";
 mc->desc = "pSeries Logical Partition (PAPR compliant) v2.5";
 mc->alias = "pseries";
 mc->is_default = 1;
-- 
2.5.0

[Qemu-devel] [PULL 14/16] hw/ppc/spapr: Use XHCI as host controller for new spapr machines

[David Gibson]

From: Thomas Huth 

The OHCI has some bugs and performance issues, so for
newer machines it's preferable to use XHCI instead.

Signed-off-by: Thomas Huth 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c | 9 -
 include/hw/ppc/spapr.h | 3 ++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 7f6b118..580b75d 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1917,7 +1917,11 @@ static void ppc_spapr_init(MachineState *machine)
 }
 
 if (machine->usb) {
-pci_create_simple(phb->bus, -1, "pci-ohci");
+if (smc->use_ohci_by_default) {
+pci_create_simple(phb->bus, -1, "pci-ohci");
+} else {
+pci_create_simple(phb->bus, -1, "nec-usb-xhci");
+}
 
 if (spapr->has_graphics) {
 USBBus *usb_bus = usb_bus_find(-1);
@@ -2362,7 +2366,10 @@ static void 
spapr_machine_2_5_instance_options(MachineState *machine)
 
 static void spapr_machine_2_5_class_options(MachineClass *mc)
 {
+sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
+
 spapr_machine_2_6_class_options(mc);
+smc->use_ohci_by_default = true;
 SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_5);
 }
 
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 5baa906..53af76a 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -35,7 +35,8 @@ struct sPAPRMachineClass {
 MachineClass parent_class;
 
 /*< public >*/
-bool dr_lmb_enabled; /* enable dynamic-reconfig/hotplug of LMBs */
+bool dr_lmb_enabled;   /* enable dynamic-reconfig/hotplug of LMBs */
+bool use_ohci_by_default;  /* use USB-OHCI instead of XHCI */
 };
 
 /**
-- 
2.5.0

Re: [Qemu-devel] [PATCH 4/4] target-ppc: ensure we include the decrementer value during migration

[David Gibson]

On Mon, Jan 11, 2016 at 12:18:31PM +1100, Alexey Kardashevskiy wrote:
> On 01/09/2016 01:21 AM, Mark Cave-Ayland wrote:
> >On 08/01/16 02:47, Alexey Kardashevskiy wrote:
> >
> >>On 01/07/2016 05:22 AM, Mark Cave-Ayland wrote:
> >>>During local testing with TCG, intermittent errors were found when
> >>>trying to
> >>>migrate Darwin OS images.
> >>>
> >>>The underlying cause was that Darwin resets the decrementer value to
> >>>fairly
> >>>small values on each interrupt. cpu_ppc_set_tb_clk() sets the default
> >>>value
> >>>of the decrementer to 0x during initialisation which typically
> >>>corresponds to several seconds. Hence when restoring the image, the guest
> >>>would effectively "lose" decrementer interrupts during this time causing
> >>>confusion in the guest.
> >>>
> >>>NOTE: there does seem to be some overlap here with the
> >>>vmstate_ppc_timebase
> >>>code, however it doesn't seem to handle multiple CPUs which is why
> >>>I've gone
> >>>for an independent implementation.
> >>
> >>It does handle multiple CPUs:
> >>
> >>static int timebase_post_load(void *opaque, int version_id)
> >>{
> >>...
> >>  /* Set new offset to all CPUs */
> >>  CPU_FOREACH(cpu) {
> >>  PowerPCCPU *pcpu = POWERPC_CPU(cpu);
> >>  pcpu->env.tb_env->tb_offset = tb_off_adj;
> >>  }
> >>
> >>
> >>It does not transfer DECR though, it transfers the offset instead, one
> >>for all CPUs.
> >>
> >>
> >>The easier solution would be just adding this instead of the whole patch:
> >>
> >>spr_register(env, SPR_DECR, "DECR",
> >>  SPR_NOACCESS, SPR_NOACCESS,
> >>  _read_decr, _write_decr,
> >>  0x);
> >>
> >>somewhere in target-ppc/translate_init.c for CPUs you want to support,
> >>gen_tbl() seems to be the right place for this. As long as it is just
> >>spr_register() and not spr_register_kvm(), I suppose it should not break
> >>KVM and pseries.
> >
> >I've just tried adding that but it then gives the following error on
> >startup:
> >
> >Error: Trying to register SPR 22 (016) twice !
> >
> >Based upon this, the existing registration seems fine. I think the
> >problem is that I can't see anything in __cpu_ppc_store_decr() that
> >updates the spr[SPR_DECR] value when the decrementer register is
> >changed, so it needs to be explicitly added to
> >cpu_pre_save()/cpu_post_load():
> >
> >
> >diff --git a/target-ppc/machine.c b/target-ppc/machine.c
> >index 251a84b..495e58d 100644
> >--- a/target-ppc/machine.c
> >+++ b/target-ppc/machine.c
> >@@ -141,6 +141,7 @@ static void cpu_pre_save(void *opaque)
> >  env->spr[SPR_CFAR] = env->cfar;
> >  #endif
> >  env->spr[SPR_BOOKE_SPEFSCR] = env->spe_fscr;
> >+env->spr[SPR_DECR] = cpu_ppc_load_decr(env);
> >
> >  for (i = 0; (i < 4) && (i < env->nb_BATs); i++) {
> >  env->spr[SPR_DBAT0U + 2*i] = env->DBAT[0][i];
> >@@ -175,6 +176,7 @@ static int cpu_post_load(void *opaque, int version_id)
> >  env->cfar = env->spr[SPR_CFAR];
> >  #endif
> >  env->spe_fscr = env->spr[SPR_BOOKE_SPEFSCR];
> >+cpu_ppc_store_decr(env, env->spr[SPR_DECR]);
> >
> >  for (i = 0; (i < 4) && (i < env->nb_BATs); i++) {
> >  env->DBAT[0][i] = env->spr[SPR_DBAT0U + 2*i];
> >
> >
> >I've just tried the diff above instead of my original version and
> >repeated my savevm/loadvm pair test with a Darwin installation and it
> >also fixes the random hang I was seeing on loadvm.
> >
> >Seemingly this should work on KVM in that cpu_ppc_load_decr() and
> >cpu_ppc_store_decr() become no-ops as long as KVM maintains
> >env->spr[SPR_DECR], but a second set of eyeballs would be useful here.
> >
> >If you can let me know if this is suitable then I'll update the patchset
> >based upon your feedback and send out a v2.
> 
> 
> Looks good to me, I'd just wait a day or two in the case if David wants to
> comment.

I was on holiday and missed the start of this thread, I'm afraid, so I
don't fully understand the context here.

Am I right in thinking that this change will essentially freeze the
decrementer across the migration downtime?  That doesn't seem right,
since the decrementer is supposed to be linked to the timebase and
represent real time passing.

In other words, isn't this just skipping the decrementer interrupts at
the qemu level rather than the guest level?

It seems that instead we should be reconstructing the decrementer on
the destination based on an offset from the timebase.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH] linux-user/syscall.c: Use SOL_SOCKET instead of level for setsockopt()

[chengang]

From: Chen Gang 

In this case, level is TARGET_SOL_SOCKET, but we need SOL_SOCKET for
setsockopt().

Signed-off-by: Chen Gang 
---
 linux-user/syscall.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 95b1762..44485f2 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1596,7 +1596,8 @@ set_timeout:
addr_ifname = alloca(IFNAMSIZ);
memcpy(addr_ifname, dev_ifname, optlen);
addr_ifname[optlen] = 0;
-   ret = get_errno(setsockopt(sockfd, level, optname, addr_ifname, 
optlen));
+   ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
+   addr_ifname, optlen));
unlock_user (dev_ifname, optval_addr, 0);
return ret;
}
-- 
1.9.1

Re: [Qemu-devel] [PATCH] linux-user/syscall.c: Add SO_RCVTIMEO and SO_SNDTIMEO for getsockopt

[Chen Gang]

Oh, sorry, after check again, I guess, we need continue to discuss.

On 2016年01月08日 17:40, Chen Gang wrote:
> 
> On 2016年01月08日 16:25, Laurent Vivier wrote:
>>
>>> +if (optlen < sizeof(struct target_timeval)) {
>>> +return -TARGET_EINVAL;
>>> +}
>>
>> You don't have to check the len (kernel doesn't), EINVAL is not listed
>> in the getsockopt() error cases, it should be an EFAULT, and this will
>> be managed by copy_to_user_timeval().
>>
 

After "man getsockopt", there is EINVAL in its error cases.

> OK.
> 
>>> +lv = sizeof(tv);
>>> +ret = get_errno(getsockopt(sockfd, level, optname, , ));
>>> +if (ret < 0) {
>>> +return ret;
>>> +}
>>
>>  if (len > lv)
>> len = lv;
>>

For me, len is for target, lv is for host, they cann't be compared with
each other.

> 
> OK.
> 
>>> +if (copy_to_user_timeval(optval_addr, )) {
>>> +return -TARGET_EFAULT;
>>> +}
>>> +if (put_user_u32(sizeof(struct target_timeval), optlen)) {
>>> +return -TARGET_EFAULT;
>>> +}
>>
>> if (put_user_u32(len, optlen))
>> return -TARGET_EFAULT;
>>

For me, we still need put sizeof(struct target_timeval) to optlen, since
the host lengh should be sizeof(struct timeval).

> 
> OK. I shall send patch v2 for it, in the next week.
> 
> 

Thanks.
-- 
Chen Gang (陈刚)

Open, share, and attitude like air, water, and life which God blessed

[Qemu-devel] [PATCH v2] linux-user: syscall: Add SO_LINGER for setsockopt

[chengang]

From: Chen Gang 

Just implement it according to the other features implementations.

Signed-off-by: Chen Gang 
---
 linux-user/syscall.c  | 18 +-
 linux-user/syscall_defs.h |  5 +
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 4c68800..fcdca2a 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1410,6 +1410,9 @@ static abi_long do_setsockopt(int sockfd, int level, int 
optname,
 int val;
 struct ip_mreqn *ip_mreq;
 struct ip_mreq_source *ip_mreq_source;
+struct linger lg;
+struct target_linger *tlg;
+
 
 switch(level) {
 case SOL_TCP:
@@ -1661,7 +1664,20 @@ set_timeout:
 case TARGET_SO_RCVLOWAT:
optname = SO_RCVLOWAT;
break;
-break;
+case TARGET_SO_LINGER:
+optname = SO_LINGER;
+if (optlen != sizeof(struct target_linger)) {
+return -TARGET_EINVAL;
+}
+if (!lock_user_struct(VERIFY_READ, tlg, optval_addr, 1)) {
+return -TARGET_EFAULT;
+}
+__get_user(lg.l_onoff, >l_onoff);
+__get_user(lg.l_linger, >l_linger);
+ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
+, sizeof(lg)));
+unlock_user_struct(tlg, optval_addr, 0);
+return ret;
 default:
 goto unimplemented;
 }
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index f996acf..6591e74 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -166,6 +166,11 @@ struct target_ip_mreq_source {
 uint32_t imr_sourceaddr;
 };
 
+struct target_linger {
+abi_int l_onoff;/* Linger active*/
+abi_int l_linger;   /* How long to linger for   */
+};
+
 struct target_timeval {
 abi_long tv_sec;
 abi_long tv_usec;
-- 
1.9.1

Re: [Qemu-devel] [PATCH] hmp: avoid redundant null termination of buffer

[P J P]

  Hello,

+-- On Sun, 10 Jan 2016, Michael Tokarev wrote --+
| So, what's the status of this issue now?
| (it is CVE-2015-8619 btw, maybe worth to mention this in the commit message)

  Yes, if the patch is not yet merged upstream, it'd be good to include this 
CVE in the commit message.

--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Re: [Qemu-devel] [PATCH v2 for v2.3.0] fw_cfg: add check to validate current entry value

[P J P]

  Hello,

+-- On Wed, 6 Jan 2016, P J P wrote --+
| When processing firmware configurations, an OOB r/w access occurs
| if 's->cur_entry' is set to be invalid(FW_CFG_INVALID=0x).
| Add a check to validate 's->cur_entry' to avoid such access.
| 
| Reported-by: Donghai Zdh 
| Signed-off-by: Prasad J Pandit 
| ---
|  hw/nvram/fw_cfg.c | 12 
|  1 file changed, 8 insertions(+), 4 deletions(-)
| 
| Updated as per review in
|   -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00398.html


  -> https://patchwork.ozlabs.org/patch/563706/

Ping...! Does it look okay? (just checking)

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Re: [Qemu-devel] [PATCH] Convert to realize()

[Cao jin]

Hi mjt,
seems the patch is still pending in qemu-trivial, and besides, I 
have several others also pending in there，may I know how are they going?


On 12/18/2015 08:55 PM, Markus Armbruster wrote:

Copying qemu-trivial.

Cao jin  writes:


for educational PCI device

Signed-off-by: Cao jin 
---
  hw/misc/edu.c | 6 ++
  1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/misc/edu.c b/hw/misc/edu.c
index fe50b42..43d5b18 100644
--- a/hw/misc/edu.c
+++ b/hw/misc/edu.c
@@ -327,7 +327,7 @@ static void *edu_fact_thread(void *opaque)
  return NULL;
  }

-static int pci_edu_init(PCIDevice *pdev)
+static void pci_edu_realize(PCIDevice *pdev, Error **errp)
  {
  EduState *edu = DO_UPCAST(EduState, pdev, pdev);
  uint8_t *pci_conf = pdev->config;
@@ -344,8 +344,6 @@ static int pci_edu_init(PCIDevice *pdev)
  memory_region_init_io(>mmio, OBJECT(edu), _mmio_ops, edu,
  "edu-mmio", 1 << 20);
  pci_register_bar(pdev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, >mmio);
-
-return 0;
  }

  static void pci_edu_uninit(PCIDevice *pdev)
@@ -385,7 +383,7 @@ static void edu_class_init(ObjectClass *class, void *data)
  {
  PCIDeviceClass *k = PCI_DEVICE_CLASS(class);

-k->init = pci_edu_init;
+k->realize = pci_edu_realize;
  k->exit = pci_edu_uninit;
  k->vendor_id = PCI_VENDOR_ID_QEMU;
  k->device_id = 0x11e8;


Reviewed-by: Markus Armbruster 


.



--
Yours Sincerely,

Cao jin

Re: [Qemu-devel] [PATCH v10 2/7] hw/ptimer: Perform tick and counter wrap around if timer already expired

[Dmitry Osipenko]

10.01.2016 03:44, Peter Crosthwaite пишет:

On Sat, Jan 9, 2016 at 9:39 AM, Dmitry Osipenko  wrote:

ptimer_get_count() might be called while QEMU timer already been expired.
In that case ptimer would return counter = 0, which might be undesirable
in case of polled timer. Do counter wrap around for periodic timer to keep
it distributed. In order to achieve more accurate emulation behaviour of
certain hardware, don't perform wrap around when in icount mode and return
counter = 0 in that case (that doesn't affect polled counter distribution).

In addition, there is no reason to keep expired timer tick deferred, so
just perform the tick from ptimer_get_count().

Signed-off-by: Dmitry Osipenko 
---
  hw/core/ptimer.c | 26 +++---
  1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/hw/core/ptimer.c b/hw/core/ptimer.c
index c3d31cb..cf329eb 100644
--- a/hw/core/ptimer.c
+++ b/hw/core/ptimer.c
@@ -83,14 +83,17 @@ static void ptimer_tick(void *opaque)

  uint64_t ptimer_get_count(ptimer_state *s)
  {
-int64_t now;
+int enabled = s->enabled;


You haven't added any additional usages of s->enabled to really
warrant the new local variable, I think it should just stay as
s->enabled to avoid churn.



Compiler doesn't know that ptimer struct is supposed to be thread-safe there and 
infers memory load instructions rather than use pure cpu registers. Local 
variable would help to produce somewhat more rational. However, given how 
optimized and complex modern cpu's, I'm not really sure that it would bring any 
benefit and agree that it might not worth churning. Thanks for review!


--
Dmitry

Re: [Qemu-devel] [PATCH] linux-user/syscall.c: Let tilegx support sigaltstack

[Laurent Vivier]

Michael Tokarev has already enable sigaltstack() for all architecture:

https://patchwork.ozlabs.org/patch/561514/

It is in the "-for-upstream" tree of Riku.

Laurent

Le 10/01/2016 06:56, cheng...@emindsoft.com.cn a écrit :
> From: Chen Gang 
> 
> Simply enable it, and notice about 80 columns coding styles.
> 
> Signed-off-by: Chen Gang 
> ---
>  linux-user/syscall.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 6c64ba6..8d4bcf6 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -8294,7 +8294,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
> arg1,
>  case TARGET_NR_sigaltstack:
>  #if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_MIPS) || \
>  defined(TARGET_SPARC) || defined(TARGET_PPC) || defined(TARGET_ALPHA) || 
> \
> -defined(TARGET_M68K) || defined(TARGET_S390X) || defined(TARGET_OPENRISC)
> +defined(TARGET_M68K) || defined(TARGET_S390X) || defined(TARGET_TILEGX) 
> || \
> +defined(TARGET_OPENRISC)
>  ret = do_sigaltstack(arg1, arg2, get_sp_from_cpustate((CPUArchState 
> *)cpu_env));
>  break;
>  #else
> 

Re: [Qemu-devel] [PATCH] linux-user/syscall.c: Let tilegx support sigaltstack

[Chen Gang]

On 1/10/16 18:43, Laurent Vivier wrote:
> Michael Tokarev has already enable sigaltstack() for all architecture:
> 
> https://patchwork.ozlabs.org/patch/561514/
> 
> It is in the "-for-upstream" tree of Riku.
> 

OK, thanks. I shall continue solving existing issues for qemu tilegx,
during my free time.


Thanks.
-- 
Chen Gang (陈刚)

Open, share, and attitude like air, water, and life which God blessed

[Qemu-devel] [PATCH v2 05/19] i8257: rename functions to start with i8257_ prefix

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/dma/i8257.c | 91 +-
 1 file changed, 46 insertions(+), 45 deletions(-)

diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index e0713a5..b525063 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -80,11 +80,11 @@ enum {
 
 };
 
-static void DMA_run (void);
+static void i8257_dma_run(void);
 
 static int channels[8] = {-1, 2, 3, 1, -1, -1, -1, 0};
 
-static void write_page (void *opaque, uint32_t nport, uint32_t data)
+static void i8257_write_page(void *opaque, uint32_t nport, uint32_t data)
 {
 I8257State *d = opaque;
 int ichan;
@@ -97,7 +97,7 @@ static void write_page (void *opaque, uint32_t nport, 
uint32_t data)
 d->regs[ichan].page = data;
 }
 
-static void write_pageh (void *opaque, uint32_t nport, uint32_t data)
+static void i8257_write_pageh(void *opaque, uint32_t nport, uint32_t data)
 {
 I8257State *d = opaque;
 int ichan;
@@ -110,7 +110,7 @@ static void write_pageh (void *opaque, uint32_t nport, 
uint32_t data)
 d->regs[ichan].pageh = data;
 }
 
-static uint32_t read_page (void *opaque, uint32_t nport)
+static uint32_t i8257_read_page(void *opaque, uint32_t nport)
 {
 I8257State *d = opaque;
 int ichan;
@@ -123,7 +123,7 @@ static uint32_t read_page (void *opaque, uint32_t nport)
 return d->regs[ichan].page;
 }
 
-static uint32_t read_pageh (void *opaque, uint32_t nport)
+static uint32_t i8257_read_pageh(void *opaque, uint32_t nport)
 {
 I8257State *d = opaque;
 int ichan;
@@ -136,7 +136,7 @@ static uint32_t read_pageh (void *opaque, uint32_t nport)
 return d->regs[ichan].pageh;
 }
 
-static inline void init_chan(I8257State *d, int ichan)
+static inline void i8257_init_chan(I8257State *d, int ichan)
 {
 I8257Regs *r;
 
@@ -145,7 +145,7 @@ static inline void init_chan(I8257State *d, int ichan)
 r->now[COUNT] = 0;
 }
 
-static inline int getff(I8257State *d)
+static inline int i8257_getff(I8257State *d)
 {
 int ff;
 
@@ -154,7 +154,7 @@ static inline int getff(I8257State *d)
 return ff;
 }
 
-static uint64_t read_chan(void *opaque, hwaddr nport, unsigned size)
+static uint64_t i8257_read_chan(void *opaque, hwaddr nport, unsigned size)
 {
 I8257State *d = opaque;
 int ichan, nreg, iport, ff, val, dir;
@@ -166,7 +166,7 @@ static uint64_t read_chan(void *opaque, hwaddr nport, 
unsigned size)
 r = d->regs + ichan;
 
 dir = ((r->mode >> 5) & 1) ? -1 : 1;
-ff = getff (d);
+ff = i8257_getff(d);
 if (nreg)
 val = (r->base[COUNT] << d->dshift) - r->now[COUNT];
 else
@@ -176,8 +176,8 @@ static uint64_t read_chan(void *opaque, hwaddr nport, 
unsigned size)
 return (val >> (d->dshift + (ff << 3))) & 0xff;
 }
 
-static void write_chan(void *opaque, hwaddr nport, uint64_t data,
-   unsigned size)
+static void i8257_write_chan(void *opaque, hwaddr nport, uint64_t data,
+ unsigned int size)
 {
 I8257State *d = opaque;
 int iport, ichan, nreg;
@@ -187,16 +187,16 @@ static void write_chan(void *opaque, hwaddr nport, 
uint64_t data,
 ichan = iport >> 1;
 nreg = iport & 1;
 r = d->regs + ichan;
-if (getff (d)) {
+if (i8257_getff(d)) {
 r->base[nreg] = (r->base[nreg] & 0xff) | ((data << 8) & 0xff00);
-init_chan (d, ichan);
+i8257_init_chan(d, ichan);
 } else {
 r->base[nreg] = (r->base[nreg] & 0xff00) | (data & 0xff);
 }
 }
 
-static void write_cont(void *opaque, hwaddr nport, uint64_t data,
-   unsigned size)
+static void i8257_write_cont(void *opaque, hwaddr nport, uint64_t data,
+ unsigned int size)
 {
 I8257State *d = opaque;
 int iport, ichan = 0;
@@ -220,7 +220,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t 
data,
 d->status &= ~(1 << (ichan + 4));
 }
 d->status &= ~(1 << ichan);
-DMA_run();
+i8257_dma_run();
 break;
 
 case 0x02:  /* single mask */
@@ -228,7 +228,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t 
data,
 d->mask |= 1 << (data & 3);
 else
 d->mask &= ~(1 << (data & 3));
-DMA_run();
+i8257_dma_run();
 break;
 
 case 0x03:  /* mode */
@@ -263,12 +263,12 @@ static void write_cont(void *opaque, hwaddr nport, 
uint64_t data,
 
 case 0x06:  /* clear mask for all channels */
 d->mask = 0;
-DMA_run();
+i8257_dma_run();
 break;
 
 case 0x07:  /* write mask for all channels */
 d->mask = data;
-DMA_run();
+i8257_dma_run();
 break;
 
 default:
@@ -284,7 +284,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t 
data,
 #endif
 }
 
-static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
+static uint64_t 

[Qemu-devel] [PATCH v2 08/19] i8257: QOM'ify

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/dma/i8257.c | 160 ++---
 1 file changed, 107 insertions(+), 53 deletions(-)

diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index 186a48a..2eb6d42 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -26,6 +26,10 @@
 #include "qemu/main-loop.h"
 #include "trace.h"
 
+#define TYPE_I8257 "i8257"
+#define I8257(obj) \
+OBJECT_CHECK(I8257State, (obj), TYPE_I8257)
+
 /* #define DEBUG_DMA */
 
 #define dolog(...) fprintf (stderr, "dma: " __VA_ARGS__)
@@ -53,11 +57,17 @@ typedef struct I8257Regs {
 #define COUNT 1
 
 typedef struct I8257State {
+ISADevice parent_obj;
+
+int32_t base;
+int32_t page_base;
+int32_t pageh_base;
+int32_t dshift;
+
 uint8_t status;
 uint8_t command;
 uint8_t mask;
 uint8_t flip_flop;
-int dshift;
 I8257Regs regs[4];
 MemoryRegion channel_io;
 MemoryRegion cont_io;
@@ -67,7 +77,7 @@ typedef struct I8257State {
 int running;
 } I8257State;
 
-static I8257State dma_controllers[2];
+static I8257State *dma_controllers[2];
 
 enum {
 CMD_MEMORY_TO_MEMORY = 0x01,
@@ -313,7 +323,7 @@ static uint64_t i8257_read_cont(void *opaque, hwaddr nport, 
unsigned size)
 
 int DMA_get_channel_mode (int nchan)
 {
-return dma_controllers[nchan > 3].regs[nchan & 3].mode;
+return dma_controllers[nchan > 3]->regs[nchan & 3].mode;
 }
 
 void DMA_hold_DREQ (int nchan)
@@ -323,8 +333,8 @@ void DMA_hold_DREQ (int nchan)
 ncont = nchan > 3;
 ichan = nchan & 3;
 linfo ("held cont=%d chan=%d\n", ncont, ichan);
-dma_controllers[ncont].status |= 1 << (ichan + 4);
-i8257_dma_run(_controllers[ncont]);
+dma_controllers[ncont]->status |= 1 << (ichan + 4);
+i8257_dma_run(dma_controllers[ncont]);
 }
 
 void DMA_release_DREQ (int nchan)
@@ -334,8 +344,8 @@ void DMA_release_DREQ (int nchan)
 ncont = nchan > 3;
 ichan = nchan & 3;
 linfo ("released cont=%d chan=%d\n", ncont, ichan);
-dma_controllers[ncont].status &= ~(1 << (ichan + 4));
-i8257_dma_run(_controllers[ncont]);
+dma_controllers[ncont]->status &= ~(1 << (ichan + 4));
+i8257_dma_run(dma_controllers[ncont]);
 }
 
 static void i8257_channel_run(I8257State *d, int ichan)
@@ -405,14 +415,14 @@ void DMA_register_channel (int nchan,
 ncont = nchan > 3;
 ichan = nchan & 3;
 
-r = dma_controllers[ncont].regs + ichan;
+r = dma_controllers[ncont]->regs + ichan;
 r->transfer_handler = transfer_handler;
 r->opaque = opaque;
 }
 
 int DMA_read_memory (int nchan, void *buf, int pos, int len)
 {
-I8257Regs *r = _controllers[nchan > 3].regs[nchan & 3];
+I8257Regs *r = _controllers[nchan > 3]->regs[nchan & 3];
 hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
 
 if (r->mode & 0x20) {
@@ -434,7 +444,7 @@ int DMA_read_memory (int nchan, void *buf, int pos, int len)
 
 int DMA_write_memory (int nchan, void *buf, int pos, int len)
 {
-I8257Regs *r = _controllers[nchan > 3].regs[nchan & 3];
+I8257Regs *r = _controllers[nchan > 3]->regs[nchan & 3];
 hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
 
 if (r->mode & 0x20) {
@@ -459,15 +469,15 @@ int DMA_write_memory (int nchan, void *buf, int pos, int 
len)
  */
 void DMA_schedule(void)
 {
-if (dma_controllers[0].dma_bh_scheduled ||
-dma_controllers[1].dma_bh_scheduled) {
+if (dma_controllers[0]->dma_bh_scheduled ||
+dma_controllers[1]->dma_bh_scheduled) {
 qemu_notify_event();
 }
 }
 
-static void i8257_reset(void *opaque)
+static void i8257_reset(DeviceState *dev)
 {
-I8257State *d = opaque;
+I8257State *d = I8257(dev);
 i8257_write_cont(d, (0x05 << d->dshift), 0, 1);
 }
 
@@ -513,40 +523,6 @@ static const MemoryRegionOps cont_io_ops = {
 },
 };
 
-/* dshift = 0: 8 bit DMA, 1 = 16 bit DMA */
-static void dma_init2(I8257State *d, int base, int dshift,
-  int page_base, int pageh_base)
-{
-int i;
-
-d->dshift = dshift;
-
-memory_region_init_io(>channel_io, NULL, _io_ops, d,
-  "dma-chan", 8 << d->dshift);
-memory_region_add_subregion(isa_address_space_io(NULL),
-base, >channel_io);
-
-isa_register_portio_list(NULL, page_base, page_portio_list, d,
- "dma-page");
-if (pageh_base >= 0) {
-isa_register_portio_list(NULL, pageh_base, pageh_portio_list, d,
- "dma-pageh");
-}
-
-memory_region_init_io(>cont_io, NULL, _io_ops, d, "dma-cont",
-  8 << d->dshift);
-memory_region_add_subregion(isa_address_space_io(NULL),
-base + (8 << d->dshift), >cont_io);
-
-qemu_register_reset(i8257_reset, d);
-i8257_reset(d);
-for (i = 0; i < ARRAY_SIZE (d->regs); ++i) {
-d->regs[i].transfer_handler = i8257_phony_handler;
-

[Qemu-devel] [PATCH v2 10/19] isa: add an ISA DMA interface, and store it within the ISA bus

[Hervé Poussineau]

This will permit to deprecate global DMA_*() functions.

Signed-off-by: Hervé Poussineau 
---
 hw/isa/isa-bus.c| 21 +
 include/hw/isa/isa.h| 38 ++
 include/qemu/typedefs.h |  1 +
 3 files changed, 60 insertions(+)

diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index 43e0cd8..8887433 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -36,6 +36,12 @@ static void isa_bus_class_init(ObjectClass *klass, void 
*data)
 k->get_fw_dev_path = isabus_get_fw_dev_path;
 }
 
+static const TypeInfo isa_dma_info = {
+.name = TYPE_ISADMA,
+.parent = TYPE_INTERFACE,
+.class_size = sizeof(IsaDmaClass),
+};
+
 static const TypeInfo isa_bus_info = {
 .name = TYPE_ISA_BUS,
 .parent = TYPE_BUS,
@@ -92,6 +98,20 @@ void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq)
 dev->nirqs++;
 }
 
+void isa_bus_dma(ISABus *bus, IsaDma *dma8, IsaDma *dma16)
+{
+assert(bus && dma8 && dma16);
+assert(!bus->dma[0] && !bus->dma[1]);
+bus->dma[0] = dma8;
+bus->dma[1] = dma16;
+}
+
+IsaDma *isa_get_dma(ISABus *bus, int nchan)
+{
+assert(bus);
+return bus->dma[nchan > 3 ? 1 : 0];
+}
+
 static inline void isa_init_ioport(ISADevice *dev, uint16_t ioport)
 {
 if (dev && (dev->ioport_id == 0 || ioport < dev->ioport_id)) {
@@ -233,6 +253,7 @@ static const TypeInfo isa_device_type_info = {
 
 static void isabus_register_types(void)
 {
+type_register_static(_dma_info);
 type_register_static(_bus_info);
 type_register_static(_bridge_info);
 type_register_static(_device_type_info);
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index d84852b..6326070 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -34,6 +34,41 @@ static inline uint16_t applesmc_port(void)
 return 0;
 }
 
+#define TYPE_ISADMA "isa-dma"
+
+#define ISADMA_CLASS(klass) \
+OBJECT_CLASS_CHECK(IsaDmaClass, (klass), TYPE_ISADMA)
+#define ISADMA_GET_CLASS(obj) \
+OBJECT_GET_CLASS(IsaDmaClass, (obj), TYPE_ISADMA)
+#define ISADMA(obj) \
+INTERFACE_CHECK(IsaDma, (obj), TYPE_ISADMA)
+
+typedef struct IsaDma {
+Object parent;
+};
+
+typedef enum {
+ISADMA_TRANSFER_VERIFY,
+ISADMA_TRANSFER_READ,
+ISADMA_TRANSFER_WRITE,
+ISADMA_TRANSFER_ILLEGAL,
+} IsaDmaTransferMode;
+
+typedef struct IsaDmaClass {
+InterfaceClass parent;
+
+IsaDmaTransferMode (*get_transfer_mode)(IsaDma *obj, int nchan);
+bool (*has_autoinitialization)(IsaDma *obj, int nchan);
+int (*read_memory)(IsaDma *obj, int nchan, void *buf, int pos, int len);
+int (*write_memory)(IsaDma *obj, int nchan, void *buf, int pos, int len);
+void (*hold_DREQ)(IsaDma *obj, int nchan);
+void (*release_DREQ)(IsaDma *obj, int nchan);
+void (*schedule)(IsaDma *obj);
+void (*register_channel)(IsaDma *obj, int nchan,
+ DMA_transfer_handler transfer_handler,
+ void *opaque);
+} IsaDmaClass;
+
 typedef struct ISADeviceClass {
 DeviceClass parent_class;
 } ISADeviceClass;
@@ -46,6 +81,7 @@ struct ISABus {
 MemoryRegion *address_space;
 MemoryRegion *address_space_io;
 qemu_irq *irqs;
+IsaDma *dma[2];
 };
 
 struct ISADevice {
@@ -63,6 +99,8 @@ ISABus *isa_bus_new(DeviceState *dev, MemoryRegion 
*address_space,
 void isa_bus_irqs(ISABus *bus, qemu_irq *irqs);
 qemu_irq isa_get_irq(ISADevice *dev, int isairq);
 void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq);
+void isa_bus_dma(ISABus *bus, IsaDma *dma8, IsaDma *dma16);
+IsaDma *isa_get_dma(ISABus *bus, int nchan);
 MemoryRegion *isa_address_space(ISADevice *dev);
 MemoryRegion *isa_address_space_io(ISADevice *dev);
 ISADevice *isa_create(ISABus *bus, const char *name);
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 78fe6e8..6ed91b4 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -33,6 +33,7 @@ typedef struct I2CBus I2CBus;
 typedef struct I2SCodec I2SCodec;
 typedef struct ISABus ISABus;
 typedef struct ISADevice ISADevice;
+typedef struct IsaDma IsaDma;
 typedef struct LoadStateEntry LoadStateEntry;
 typedef struct MACAddr MACAddr;
 typedef struct MachineClass MachineClass;
-- 
2.1.4

[Qemu-devel] [PATCH v2 17/19] gus: use IsaDma interface instead of global DMA_* functions

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/audio/gus.c | 20 +---
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/hw/audio/gus.c b/hw/audio/gus.c
index e0c8a4e..b027eb5 100644
--- a/hw/audio/gus.c
+++ b/hw/audio/gus.c
@@ -57,6 +57,7 @@ typedef struct GUSState {
 SWVoiceOut *voice;
 int64_t last_ticks;
 qemu_irq pic;
+IsaDma *isa_dma;
 } GUSState;
 
 static uint32_t gus_readb(void *opaque, uint32_t nport)
@@ -167,34 +168,36 @@ void GUS_irqclear (GUSEmuState *emu, int hwirq)
 #endif
 }
 
-void GUS_dmarequest (GUSEmuState *der)
+void GUS_dmarequest (GUSEmuState *emu)
 {
-/* GUSState *s = (GUSState *) der; */
+GUSState *s = emu->opaque;
+IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
 ldebug ("dma request %d\n", der->gusdma);
-DMA_hold_DREQ (der->gusdma);
+k->hold_DREQ(s->isa_dma, s->emu.gusdma);
 }
 
 static int GUS_read_DMA (void *opaque, int nchan, int dma_pos, int dma_len)
 {
 GUSState *s = opaque;
+IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
 char tmpbuf[4096];
 int pos = dma_pos, mode, left = dma_len - dma_pos;
 
 ldebug ("read DMA %#x %d\n", dma_pos, dma_len);
-mode = DMA_get_channel_mode (s->emu.gusdma);
+mode = k->has_autoinitialization(s->isa_dma, s->emu.gusdma);
 while (left) {
 int to_copy = audio_MIN ((size_t) left, sizeof (tmpbuf));
 int copied;
 
 ldebug ("left=%d to_copy=%d pos=%d\n", left, to_copy, pos);
-copied = DMA_read_memory (nchan, tmpbuf, pos, to_copy);
+copied = k->read_memory(s->isa_dma, nchan, tmpbuf, pos, to_copy);
 gus_dma_transferdata (>emu, tmpbuf, copied, left == copied);
 left -= copied;
 pos += copied;
 }
 
 if (((mode >> 4) & 1) == 0) {
-DMA_release_DREQ (s->emu.gusdma);
+k->release_DREQ(s->isa_dma, s->emu.gusdma);
 }
 return dma_len;
 }
@@ -231,6 +234,7 @@ static void gus_realizefn (DeviceState *dev, Error **errp)
 {
 ISADevice *d = ISA_DEVICE(dev);
 GUSState *s = GUS (dev);
+IsaDmaClass *k;
 struct audsettings as;
 
 AUD_register_card ("gus", >card);
@@ -263,7 +267,9 @@ static void gus_realizefn (DeviceState *dev, Error **errp)
 isa_register_portio_list (d, (s->port + 0x100) & 0xf00,
   gus_portio_list2, s, "gus");
 
-DMA_register_channel (s->emu.gusdma, GUS_read_DMA, s);
+s->isa_dma = isa_get_dma(isa_bus_from_device(d), s->emu.gusdma);
+k = ISADMA_GET_CLASS(s->isa_dma);
+k->register_channel(s->isa_dma, s->emu.gusdma, GUS_read_DMA, s);
 s->emu.himemaddr = s->himem;
 s->emu.gusdatapos = s->emu.himemaddr + 1024 * 1024 + 32;
 s->emu.opaque = s;
-- 
2.1.4

[Qemu-devel] [PATCH v2 19/19] dma: remove now useless DMA_* functions

[Hervé Poussineau]

Keep only DMA_init function as a wrapper around DMA controllers creation.

Signed-off-by: Hervé Poussineau 
---
 hw/dma/i8257.c   | 65 
 hw/sparc/sun4m.c | 22 --
 hw/sparc64/sun4u.c   | 22 --
 include/hw/isa/isa.h | 11 +
 4 files changed, 1 insertion(+), 119 deletions(-)

diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index 291435d..c985c26 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -595,70 +595,6 @@ static void i8257_class_init(ObjectClass *klass, void 
*data)
 idc->register_channel = i8257_dma_register_channel;
 }
 
-static ISABus *i8257_bus;
-
-int DMA_get_channel_mode(int nchan)
-{
-IsaDma *dma = isa_get_dma(i8257_bus, nchan);
-IsaDmaClass *k = ISADMA_GET_CLASS(dma);
-uint8_t res = 0;
-
-res |= k->has_autoinitialization(dma, nchan) ? 0 : 0x10;
-res |= k->get_transfer_mode(dma, nchan) << 2;
-
-return res;
-}
-
-int DMA_read_memory(int nchan, void *buf, int pos, int size)
-{
-IsaDma *dma = isa_get_dma(i8257_bus, nchan);
-IsaDmaClass *k = ISADMA_GET_CLASS(dma);
-return k->read_memory(dma, nchan, buf, pos, size);
-}
-
-int DMA_write_memory(int nchan, void *buf, int pos, int size)
-{
-IsaDma *dma = isa_get_dma(i8257_bus, nchan);
-IsaDmaClass *k = ISADMA_GET_CLASS(dma);
-return k->write_memory(dma, nchan, buf, pos, size);
-}
-
-void DMA_hold_DREQ(int nchan)
-{
-IsaDma *dma = isa_get_dma(i8257_bus, nchan);
-IsaDmaClass *k = ISADMA_GET_CLASS(dma);
-k->hold_DREQ(dma, nchan);
-}
-
-void DMA_release_DREQ(int nchan)
-{
-IsaDma *dma = isa_get_dma(i8257_bus, nchan);
-IsaDmaClass *k = ISADMA_GET_CLASS(dma);
-k->release_DREQ(dma, nchan);
-}
-
-void DMA_schedule(void)
-{
-IsaDma *dma;
-IsaDmaClass *k;
-int i;
-
-for (i = 0; i < 2; i++) {
-dma = isa_get_dma(i8257_bus, i << 2);
-k = ISADMA_GET_CLASS(dma);
-k->schedule(dma);
-}
-}
-
-void DMA_register_channel(int nchan,
-  DMA_transfer_handler transfer_handler,
-  void *opaque)
-{
-IsaDma *dma = isa_get_dma(i8257_bus, nchan);
-IsaDmaClass *k = ISADMA_GET_CLASS(dma);
-k->register_channel(dma, nchan, transfer_handler, opaque);
-}
-
 static const TypeInfo i8257_info = {
 .name = TYPE_I8257,
 .parent = TYPE_ISA_DEVICE,
@@ -699,5 +635,4 @@ void DMA_init(ISABus *bus, int high_page_enable)
 qdev_init_nofail(d);
 
 isa_bus_dma(bus, ISADMA(isa1), ISADMA(isa2));
-i8257_bus = bus;
 }
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index bf6a7da..420d26b 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -95,32 +95,10 @@ struct sun4m_hwdef {
 uint8_t nvram_machine_id;
 };
 
-int DMA_get_channel_mode (int nchan)
-{
-return 0;
-}
-int DMA_read_memory (int nchan, void *buf, int pos, int size)
-{
-return 0;
-}
-int DMA_write_memory (int nchan, void *buf, int pos, int size)
-{
-return 0;
-}
-void DMA_hold_DREQ (int nchan) {}
-void DMA_release_DREQ (int nchan) {}
-void DMA_schedule(void) {}
-
 void DMA_init(ISABus *bus, int high_page_enable)
 {
 }
 
-void DMA_register_channel (int nchan,
-   DMA_transfer_handler transfer_handler,
-   void *opaque)
-{
-}
-
 static void fw_cfg_boot_set(void *opaque, const char *boot_device,
 Error **errp)
 {
diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 5b3716b..aa1483f 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -98,32 +98,10 @@ typedef struct EbusState {
 MemoryRegion bar1;
 } EbusState;
 
-int DMA_get_channel_mode (int nchan)
-{
-return 0;
-}
-int DMA_read_memory (int nchan, void *buf, int pos, int size)
-{
-return 0;
-}
-int DMA_write_memory (int nchan, void *buf, int pos, int size)
-{
-return 0;
-}
-void DMA_hold_DREQ (int nchan) {}
-void DMA_release_DREQ (int nchan) {}
-void DMA_schedule(void) {}
-
 void DMA_init(ISABus *bus, int high_page_enable)
 {
 }
 
-void DMA_register_channel (int nchan,
-   DMA_transfer_handler transfer_handler,
-   void *opaque)
-{
-}
-
 static void fw_cfg_boot_set(void *opaque, const char *boot_device,
 Error **errp)
 {
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index 70c986f..93b11cc 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -144,15 +144,6 @@ static inline ISABus *isa_bus_from_device(ISADevice *d)
 return ISA_BUS(qdev_get_parent_bus(DEVICE(d)));
 }
 
-/* dma.c */
-int DMA_get_channel_mode (int nchan);
-int DMA_read_memory (int nchan, void *buf, int pos, int size);
-int DMA_write_memory (int nchan, void *buf, int pos, int size);
-void DMA_hold_DREQ (int nchan);
-void DMA_release_DREQ (int nchan);
-void DMA_schedule(void);
+/* i8257.c */
 void DMA_init(ISABus *bus, int high_page_enable);
-void DMA_register_channel (int nchan,
-

[Qemu-devel] [PATCH v2 14/19] sparc64: disable floppy DMA

[Hervé Poussineau]

All functions relative to DMA (DMA_*() functions) are stubs on sparc64 platform.
Disable the DMA of the floppy controller, instead of calling these stubs.

Signed-off-by: Hervé Poussineau 
---
 hw/sparc64/sun4u.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 3b9b450..5b3716b 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -839,6 +839,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 qemu_irq *ivec_irqs, *pbm_irqs;
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 DriveInfo *fd[MAX_FD];
+DeviceState *dev;
 FWCfgState *fw_cfg;
 
 /* init CPUs */
@@ -875,10 +876,20 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 pci_cmd646_ide_init(pci_bus, hd, 1);
 
 isa_create_simple(isa_bus, "i8042");
+
+/* Floppy */
 for(i = 0; i < MAX_FD; i++) {
 fd[i] = drive_get(IF_FLOPPY, 0, i);
 }
-fdctrl_init_isa(isa_bus, fd);
+dev = DEVICE(isa_create(isa_bus, TYPE_ISA_FDC));
+if (fd[0]) {
+qdev_prop_set_drive_nofail(dev, "driveA", blk_by_legacy_dinfo(fd[0]));
+}
+if (fd[1]) {
+qdev_prop_set_drive_nofail(dev, "driveB", blk_by_legacy_dinfo(fd[1]));
+}
+qdev_prop_set_uint32(dev, "dma", -1);
+qdev_init_nofail(dev);
 
 /* Map NVRAM into I/O (ebus) space */
 nvram = m48t59_init(NULL, 0, 0, NVRAM_SIZE, 1968, 59);
-- 
2.1.4

Re: [Qemu-devel] [PATCH] crypto: Fix typo in example

[Michael Tokarev]

21.12.2015 18:54, Eric Blake wrote:
> The example code wouldn't even compile, since it did not use
> a consistent spelling for the Error ** parameter.


Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] Convert to realize()

[Michael Tokarev]

18.12.2015 11:55, Cao jin wrote:
> for educational PCI device

Applied to -trivial, adding "hw/misc/edu:" prefix to the subject line, thanks!

10.01.2016 13:14, Cao jin wrote:
> Hi mjt,
> seems the patch is still pending in qemu-trivial, and besides, I have 
> several others also pending in there，may I know how are they going?

I didn't process almost anything before 2.5.0 release, and next
there were Cristmas and New Year holidays.  As you can see, some
patches are now going.

Thanks,

/mjt

[Qemu-devel] [PATCH v2 15/19] fdc: use IsaDma interface instead of global DMA_* functions

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/block/fdc.c | 63 ++
 1 file changed, 46 insertions(+), 17 deletions(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 4069c46..e3ba751 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -534,6 +534,7 @@ struct FDCtrl {
 QEMUTimer *result_timer;
 int dma_chann;
 uint8_t phase;
+IsaDma *dma;
 /* Controller's identification */
 uint8_t version;
 /* HW */
@@ -1313,7 +1314,8 @@ static void fdctrl_stop_transfer(FDCtrl *fdctrl, uint8_t 
status0,
 fdctrl->fifo[6] = FD_SECTOR_SC;
 fdctrl->data_dir = FD_DIR_READ;
 if (!(fdctrl->msr & FD_MSR_NONDMA)) {
-DMA_release_DREQ(fdctrl->dma_chann);
+IsaDmaClass *k = ISADMA_GET_CLASS(fdctrl->dma);
+k->release_DREQ(fdctrl->dma, fdctrl->dma_chann);
 }
 fdctrl->msr |= FD_MSR_RQM | FD_MSR_DIO;
 fdctrl->msr &= ~FD_MSR_NONDMA;
@@ -1399,27 +1401,43 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int 
direction)
 }
 fdctrl->eot = fdctrl->fifo[6];
 if (fdctrl->dor & FD_DOR_DMAEN) {
-int dma_mode;
+IsaDmaTransferMode dma_mode;
+IsaDmaClass *k = ISADMA_GET_CLASS(fdctrl->dma);
+bool dma_mode_ok;
 /* DMA transfer are enabled. Check if DMA channel is well programmed */
-dma_mode = DMA_get_channel_mode(fdctrl->dma_chann);
-dma_mode = (dma_mode >> 2) & 3;
+dma_mode = k->get_transfer_mode(fdctrl->dma, fdctrl->dma_chann);
 FLOPPY_DPRINTF("dma_mode=%d direction=%d (%d - %d)\n",
dma_mode, direction,
(128 << fdctrl->fifo[5]) *
(cur_drv->last_sect - ks + 1), fdctrl->data_len);
-if (((direction == FD_DIR_SCANE || direction == FD_DIR_SCANL ||
-  direction == FD_DIR_SCANH) && dma_mode == 0) ||
-(direction == FD_DIR_WRITE && dma_mode == 2) ||
-(direction == FD_DIR_READ && dma_mode == 1) ||
-(direction == FD_DIR_VERIFY)) {
+switch (direction) {
+case FD_DIR_SCANE:
+case FD_DIR_SCANL:
+case FD_DIR_SCANH:
+dma_mode_ok = (dma_mode == ISADMA_TRANSFER_VERIFY);
+break;
+case FD_DIR_WRITE:
+dma_mode_ok = (dma_mode == ISADMA_TRANSFER_WRITE);
+break;
+case FD_DIR_READ:
+dma_mode_ok = (dma_mode == ISADMA_TRANSFER_READ);
+break;
+case FD_DIR_VERIFY:
+dma_mode_ok = true;
+break;
+default:
+dma_mode_ok = false;
+break;
+}
+if (dma_mode_ok) {
 /* No access is allowed until DMA transfer has completed */
 fdctrl->msr &= ~FD_MSR_RQM;
 if (direction != FD_DIR_VERIFY) {
 /* Now, we just have to wait for the DMA controller to
  * recall us...
  */
-DMA_hold_DREQ(fdctrl->dma_chann);
-DMA_schedule();
+k->hold_DREQ(fdctrl->dma, fdctrl->dma_chann);
+k->schedule(fdctrl->dma);
 } else {
 /* Start transfer */
 fdctrl_transfer_handler(fdctrl, fdctrl->dma_chann, 0,
@@ -1458,12 +1476,14 @@ static int fdctrl_transfer_handler (void *opaque, int 
nchan,
 FDrive *cur_drv;
 int len, start_pos, rel_pos;
 uint8_t status0 = 0x00, status1 = 0x00, status2 = 0x00;
+IsaDmaClass *k;
 
 fdctrl = opaque;
 if (fdctrl->msr & FD_MSR_RQM) {
 FLOPPY_DPRINTF("Not in DMA transfer mode !\n");
 return 0;
 }
+k = ISADMA_GET_CLASS(fdctrl->dma);
 cur_drv = get_cur_drv(fdctrl);
 if (fdctrl->data_dir == FD_DIR_SCANE || fdctrl->data_dir == FD_DIR_SCANL ||
 fdctrl->data_dir == FD_DIR_SCANH)
@@ -1502,8 +1522,8 @@ static int fdctrl_transfer_handler (void *opaque, int 
nchan,
 switch (fdctrl->data_dir) {
 case FD_DIR_READ:
 /* READ commands */
-DMA_write_memory (nchan, fdctrl->fifo + rel_pos,
-  fdctrl->data_pos, len);
+k->write_memory(fdctrl->dma, nchan, fdctrl->fifo + rel_pos,
+fdctrl->data_pos, len);
 break;
 case FD_DIR_WRITE:
 /* WRITE commands */
@@ -1517,8 +1537,8 @@ static int fdctrl_transfer_handler (void *opaque, int 
nchan,
 goto transfer_error;
 }
 
-DMA_read_memory (nchan, fdctrl->fifo + rel_pos,
- fdctrl->data_pos, len);
+k->read_memory(fdctrl->dma, nchan, fdctrl->fifo + rel_pos,
+   fdctrl->data_pos, len);
 if (blk_write(cur_drv->blk, fd_sector(cur_drv),
   fdctrl->fifo, 1) < 0) {
 FLOPPY_DPRINTF("error writing sector %d\n",
@@ -1535,7 +1555,8 @@ static int fdctrl_transfer_handler (void *opaque, int 

Re: [Qemu-devel] [PATCH v2] net: convert qemu_log to error_report, fix message

[Michael Tokarev]

04.12.2015 15:38, Paolo Bonzini wrote:
> Ensure that the error is printed with the proper timestamp.

Applied to -trivial, thank you!

/mjt

Re: [Qemu-devel] [PATCH 2/2] configure: fix trace backend check

[Michael Tokarev]

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH v10 7/7] arm_mptimer: Convert to use ptimer

[Dmitry Osipenko]

10.01.2016 21:05, Dmitry Osipenko пишет:

I missed case where periodic timer should stop in the following case:

load = 0, counter != 0 -> run -> set counter = 0 -> should stop

Test added. Will fix it in V11.



Forgot to mention that prescaler must be 0 in that case. Prescaler != 0 would 
result in unclearable IRQ while periodic timer is enabled and counter = load = 0.


--
Dmitry

Re: [Qemu-devel] [PATCH 1/5] SH PCI Host: convert to realize()

[Michael Tokarev]

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH trivial v2] xen/Makefile.objs: simplify

[Michael Tokarev]

29.12.2015 15:39, Cao jin wrote:
> merge last two lines, keep alphabetic order.

Applied to -trivial, thank you!

/mjt

[Qemu-devel] [PATCH v2 09/19] i8257: move state definition to new independent header

[Hervé Poussineau]

We will now be able to embed the i8257 interrupt controller in another object.

Signed-off-by: Hervé Poussineau 
---
 hw/dma/i8257.c | 35 +--
 include/hw/isa/i8257.h | 42 ++
 2 files changed, 43 insertions(+), 34 deletions(-)
 create mode 100644 include/hw/isa/i8257.h

diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index 2eb6d42..5210e0e 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -23,10 +23,10 @@
  */
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
+#include "hw/isa/i8257.h"
 #include "qemu/main-loop.h"
 #include "trace.h"
 
-#define TYPE_I8257 "i8257"
 #define I8257(obj) \
 OBJECT_CHECK(I8257State, (obj), TYPE_I8257)
 
@@ -41,42 +41,9 @@
 #define ldebug(...)
 #endif
 
-typedef struct I8257Regs {
-int now[2];
-uint16_t base[2];
-uint8_t mode;
-uint8_t page;
-uint8_t pageh;
-uint8_t dack;
-uint8_t eop;
-DMA_transfer_handler transfer_handler;
-void *opaque;
-} I8257Regs;
-
 #define ADDR 0
 #define COUNT 1
 
-typedef struct I8257State {
-ISADevice parent_obj;
-
-int32_t base;
-int32_t page_base;
-int32_t pageh_base;
-int32_t dshift;
-
-uint8_t status;
-uint8_t command;
-uint8_t mask;
-uint8_t flip_flop;
-I8257Regs regs[4];
-MemoryRegion channel_io;
-MemoryRegion cont_io;
-
-QEMUBH *dma_bh;
-bool dma_bh_scheduled;
-int running;
-} I8257State;
-
 static I8257State *dma_controllers[2];
 
 enum {
diff --git a/include/hw/isa/i8257.h b/include/hw/isa/i8257.h
new file mode 100644
index 000..8d34ed1
--- /dev/null
+++ b/include/hw/isa/i8257.h
@@ -0,0 +1,42 @@
+#ifndef HW_I8257_H
+#define HW_I8257_H
+
+#define TYPE_I8257 "i8257"
+
+typedef struct I8257Regs {
+int now[2];
+uint16_t base[2];
+uint8_t mode;
+uint8_t page;
+uint8_t pageh;
+uint8_t dack;
+uint8_t eop;
+DMA_transfer_handler transfer_handler;
+void *opaque;
+} I8257Regs;
+
+typedef struct I8257State {
+/*  */
+ISADevice parent_obj;
+
+/*  */
+int32_t base;
+int32_t page_base;
+int32_t pageh_base;
+int32_t dshift;
+
+uint8_t status;
+uint8_t command;
+uint8_t mask;
+uint8_t flip_flop;
+I8257Regs regs[4];
+MemoryRegion channel_io;
+MemoryRegion cont_io;
+
+QEMUBH *dma_bh;
+bool dma_bh_scheduled;
+int running;
+} I8257State;
+
+#endif
+
-- 
2.1.4

[Qemu-devel] [PATCH v2 01/19] i82374: device only existed as ISA device, so simplify device

[Hervé Poussineau]

Merge ISAi82374State fields into parent structure I82374State.

Signed-off-by: Hervé Poussineau 
---
 hw/dma/i82374.c | 58 +++--
 1 file changed, 19 insertions(+), 39 deletions(-)

diff --git a/hw/dma/i82374.c b/hw/dma/i82374.c
index f630971..daa8042 100644
--- a/hw/dma/i82374.c
+++ b/hw/dma/i82374.c
@@ -24,6 +24,9 @@
 
 #include "hw/isa/isa.h"
 
+#define TYPE_I82374 "i82374"
+#define I82374(obj) OBJECT_CHECK(I82374State, (obj), TYPE_I82374)
+
 //#define DEBUG_I82374
 
 #ifdef DEBUG_I82374
@@ -37,6 +40,9 @@ do {} while (0)
 do { fprintf(stderr, "i82374 ERROR: " fmt , ## __VA_ARGS__); } while (0)
 
 typedef struct I82374State {
+ISADevice parent_obj;
+
+uint32_t iobase;
 uint8_t commands[8];
 PortioList port_list;
 } I82374State;
@@ -98,32 +104,6 @@ static uint32_t i82374_read_descriptor(void *opaque, 
uint32_t nport)
 return val;
 }
 
-static void i82374_realize(I82374State *s, Error **errp)
-{
-DMA_init(1);
-memset(s->commands, 0, sizeof(s->commands));
-}
-
-#define TYPE_I82374 "i82374"
-#define I82374(obj) OBJECT_CHECK(ISAi82374State, (obj), TYPE_I82374)
-
-typedef struct ISAi82374State {
-ISADevice parent_obj;
-
-uint32_t iobase;
-I82374State state;
-} ISAi82374State;
-
-static const VMStateDescription vmstate_isa_i82374 = {
-.name = "isa-i82374",
-.version_id = 0,
-.minimum_version_id = 0,
-.fields = (VMStateField[]) {
-VMSTATE_STRUCT(state, ISAi82374State, 0, vmstate_i82374, I82374State),
-VMSTATE_END_OF_LIST()
-},
-};
-
 static const MemoryRegionPortio i82374_portio_list[] = {
 { 0x0A, 1, 1, .read = i82374_read_isr, },
 { 0x10, 8, 1, .write = i82374_write_command, },
@@ -133,21 +113,21 @@ static const MemoryRegionPortio i82374_portio_list[] = {
 PORTIO_END_OF_LIST(),
 };
 
-static void i82374_isa_realize(DeviceState *dev, Error **errp)
+static void i82374_realize(DeviceState *dev, Error **errp)
 {
-ISAi82374State *isa = I82374(dev);
-I82374State *s = >state;
+I82374State *s = I82374(dev);
 
-portio_list_init(>port_list, OBJECT(isa), i82374_portio_list, s,
+portio_list_init(>port_list, OBJECT(s), i82374_portio_list, s,
  "i82374");
-portio_list_add(>port_list, isa_address_space_io(>parent_obj),
-isa->iobase);
+portio_list_add(>port_list, isa_address_space_io(>parent_obj),
+s->iobase);
 
-i82374_realize(s, errp);
+DMA_init(1);
+memset(s->commands, 0, sizeof(s->commands));
 }
 
 static Property i82374_properties[] = {
-DEFINE_PROP_UINT32("iobase", ISAi82374State, iobase, 0x400),
+DEFINE_PROP_UINT32("iobase", I82374State, iobase, 0x400),
 DEFINE_PROP_END_OF_LIST()
 };
 
@@ -155,21 +135,21 @@ static void i82374_class_init(ObjectClass *klass, void 
*data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 
-dc->realize = i82374_isa_realize;
-dc->vmsd = _isa_i82374;
+dc->realize = i82374_realize;
+dc->vmsd = _i82374;
 dc->props = i82374_properties;
 }
 
-static const TypeInfo i82374_isa_info = {
+static const TypeInfo i82374_info = {
 .name  = TYPE_I82374,
 .parent = TYPE_ISA_DEVICE,
-.instance_size  = sizeof(ISAi82374State),
+.instance_size  = sizeof(I82374State),
 .class_init = i82374_class_init,
 };
 
 static void i82374_register_types(void)
 {
-type_register_static(_isa_info);
+type_register_static(_info);
 }
 
 type_init(i82374_register_types)
-- 
2.1.4

[Qemu-devel] [PATCH v2 04/19] i8257: rename struct dma_regs to I8257Regs

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/dma/i8257.c | 40 
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index f4fcf39..e0713a5 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -37,7 +37,7 @@
 #define ldebug(...)
 #endif
 
-struct dma_regs {
+typedef struct I8257Regs {
 int now[2];
 uint16_t base[2];
 uint8_t mode;
@@ -47,7 +47,7 @@ struct dma_regs {
 uint8_t eop;
 DMA_transfer_handler transfer_handler;
 void *opaque;
-};
+} I8257Regs;
 
 #define ADDR 0
 #define COUNT 1
@@ -58,7 +58,7 @@ typedef struct I8257State {
 uint8_t mask;
 uint8_t flip_flop;
 int dshift;
-struct dma_regs regs[4];
+I8257Regs regs[4];
 MemoryRegion channel_io;
 MemoryRegion cont_io;
 } I8257State;
@@ -138,7 +138,7 @@ static uint32_t read_pageh (void *opaque, uint32_t nport)
 
 static inline void init_chan(I8257State *d, int ichan)
 {
-struct dma_regs *r;
+I8257Regs *r;
 
 r = d->regs + ichan;
 r->now[ADDR] = r->base[ADDR] << d->dshift;
@@ -158,7 +158,7 @@ static uint64_t read_chan(void *opaque, hwaddr nport, 
unsigned size)
 {
 I8257State *d = opaque;
 int ichan, nreg, iport, ff, val, dir;
-struct dma_regs *r;
+I8257Regs *r;
 
 iport = (nport >> d->dshift) & 0x0f;
 ichan = iport >> 1;
@@ -181,7 +181,7 @@ static void write_chan(void *opaque, hwaddr nport, uint64_t 
data,
 {
 I8257State *d = opaque;
 int iport, ichan, nreg;
-struct dma_regs *r;
+I8257Regs *r;
 
 iport = (nport >> d->dshift) & 0x0f;
 ichan = iport >> 1;
@@ -337,7 +337,7 @@ void DMA_release_DREQ (int nchan)
 static void channel_run (int ncont, int ichan)
 {
 int n;
-struct dma_regs *r = _controllers[ncont].regs[ichan];
+I8257Regs *r = _controllers[ncont].regs[ichan];
 #ifdef DEBUG_DMA
 int dir, opmode;
 
@@ -408,7 +408,7 @@ void DMA_register_channel (int nchan,
DMA_transfer_handler transfer_handler,
void *opaque)
 {
-struct dma_regs *r;
+I8257Regs *r;
 int ichan, ncont;
 
 ncont = nchan > 3;
@@ -421,7 +421,7 @@ void DMA_register_channel (int nchan,
 
 int DMA_read_memory (int nchan, void *buf, int pos, int len)
 {
-struct dma_regs *r = _controllers[nchan > 3].regs[nchan & 3];
+I8257Regs *r = _controllers[nchan > 3].regs[nchan & 3];
 hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
 
 if (r->mode & 0x20) {
@@ -443,7 +443,7 @@ int DMA_read_memory (int nchan, void *buf, int pos, int len)
 
 int DMA_write_memory (int nchan, void *buf, int pos, int len)
 {
-struct dma_regs *r = _controllers[nchan > 3].regs[nchan & 3];
+I8257Regs *r = _controllers[nchan > 3].regs[nchan & 3];
 hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
 
 if (r->mode & 0x20) {
@@ -552,18 +552,18 @@ static void dma_init2(I8257State *d, int base, int dshift,
 }
 }
 
-static const VMStateDescription vmstate_dma_regs = {
+static const VMStateDescription vmstate_i8257_regs = {
 .name = "dma_regs",
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
-VMSTATE_INT32_ARRAY(now, struct dma_regs, 2),
-VMSTATE_UINT16_ARRAY(base, struct dma_regs, 2),
-VMSTATE_UINT8(mode, struct dma_regs),
-VMSTATE_UINT8(page, struct dma_regs),
-VMSTATE_UINT8(pageh, struct dma_regs),
-VMSTATE_UINT8(dack, struct dma_regs),
-VMSTATE_UINT8(eop, struct dma_regs),
+VMSTATE_INT32_ARRAY(now, I8257Regs, 2),
+VMSTATE_UINT16_ARRAY(base, I8257Regs, 2),
+VMSTATE_UINT8(mode, I8257Regs),
+VMSTATE_UINT8(page, I8257Regs),
+VMSTATE_UINT8(pageh, I8257Regs),
+VMSTATE_UINT8(dack, I8257Regs),
+VMSTATE_UINT8(eop, I8257Regs),
 VMSTATE_END_OF_LIST()
 }
 };
@@ -585,8 +585,8 @@ static const VMStateDescription vmstate_dma = {
 VMSTATE_UINT8(mask, I8257State),
 VMSTATE_UINT8(flip_flop, I8257State),
 VMSTATE_INT32(dshift, I8257State),
-VMSTATE_STRUCT_ARRAY(regs, I8257State, 4, 1, vmstate_dma_regs,
- struct dma_regs),
+VMSTATE_STRUCT_ARRAY(regs, I8257State, 4, 1, vmstate_i8257_regs,
+ I8257Regs),
 VMSTATE_END_OF_LIST()
 }
 };
-- 
2.1.4

[Qemu-devel] [PATCH v2 12/19] magnum: disable floppy DMA for now

[Hervé Poussineau]

Floppy uses the DMA controller in rc4030 chipset, and not the i8259 from the 
ISA bus.
It's better to disable DMA than to call the wrong DMA controller.

Signed-off-by: Hervé Poussineau 
---
 hw/mips/mips_jazz.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index 64a0de2..37ab71a 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -296,7 +296,8 @@ static void mips_jazz_init(MachineState *machine,
 for (n = 0; n < MAX_FD; n++) {
 fds[n] = drive_get(IF_FLOPPY, 0, n);
 }
-fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), 0, 0x80003000, fds);
+/* FIXME: we should enable DMA with a custom IsaDma device */
+fdctrl_init_sysbus(qdev_get_gpio_in(rc4030, 1), -1, 0x80003000, fds);
 
 /* Real time clock */
 rtc_init(isa_bus, 1980, NULL);
-- 
2.1.4

Re: [Qemu-devel] [PATCH] misc: spelling

[Michael Tokarev]

18.12.2015 13:06, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau 

This patch does not have a required Signed-off-By tag, sorry.

Thanks,

/mjt

> ---
>  monitor.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/monitor.c b/monitor.c
> index e7e7ae2..51ec4c3 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -311,7 +311,7 @@ static void monitor_flush_locked(Monitor *mon)
>  return;
>  }
>  if (rc > 0) {
> -/* partinal write */
> +/* partial write */
>  QString *tmp = qstring_from_str(buf + rc);
>  QDECREF(mon->outbuf);
>  mon->outbuf = tmp;
> 

Re: [Qemu-devel] [PATCH] iscsi: fix readcapacity error message

[Michael Tokarev]

16.12.2015 07:40, Zhu Lingshan wrote:
> fix:The error message for readcapacity 16 incorrectly mentioned
> a readcapacity 10 failure, fixed the error message.

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] MAINTAINERS: Add the correct device_tree.h file

[Michael Tokarev]

17.12.2015 17:25, Thomas Huth wrote:
> device_tree.h is not in the main directory, but under
> include/sysemu/ nowadays.

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH 1/2] configure: remove unused or undefined variables

[Michael Tokarev]

10.12.2015 03:47, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau 
> 
> Found thanks to shellcheck!
> 
> Signed-off-by: Marc-André Lureau 
> ---
>  configure | 6 --
>  1 file changed, 6 deletions(-)
> 
> diff --git a/configure b/configure
> index b55dcdd..6a971a2 100755
> --- a/configure
> +++ b/configure
> @@ -3994,7 +3994,6 @@ EOF
>  fi
>  
>  # check for smartcard support
> -smartcard_cflags=""
>  if test "$smartcard" != "no"; then
>  if $pkg_config libcacard; then
>  libcacard_cflags=$($pkg_config --cflags libcacard)
> @@ -4356,7 +4355,6 @@ fi
>  # If we can't selectively disable warning in the code, disable -Werror so 
> that
>  # the build doesn't fail anyway.
>  
> -pragma_disable_unused_but_set=no
>  cat > $TMPC << EOF
>  #pragma GCC diagnostic push
>  #pragma GCC diagnostic ignored "-Wunused-but-set-variable"
> @@ -4791,9 +4789,6 @@ if test "$vnc" = "yes" ; then
>  echo "VNC JPEG support  $vnc_jpeg"
>  echo "VNC PNG support   $vnc_png"
>  fi
> -if test -n "$sparc_cpu"; then
> -echo "Target Sparc Arch $sparc_cpu"
> -fi
>  echo "xen support   $xen"
>  if test "$xen" = "yes" ; then
>echo "xen ctrl version  $xen_ctrl_version"
> @@ -5285,7 +5280,6 @@ if test "$qom_cast_debug" = "yes" ; then
>  fi
>  if test "$rbd" = "yes" ; then
>echo "CONFIG_RBD=m" >> $config_host_mak
> -  echo "RBD_CFLAGS=$rbd_cflags" >> $config_host_mak

RBD_CFLAGS is used in block/Makefile.objs.  We should either
drop that variable from there or actually define rbd_cflags
in configure.  Without either of these, this patch is incomplete.

Thanks,

/mjt

>echo "RBD_LIBS=$rbd_libs" >> $config_host_mak
>  fi
>  
> 

Re: [Qemu-devel] [PATCH 4/5] gt64120: convert to realize()

[Michael Tokarev]

Applied to -trivial, thanks!

/mjt

[Qemu-devel] [PATCH v2 03/19] i8257: rename struct dma_cont to I8257State

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/dma/i8257.c | 43 +++
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index 4d0b49d..f4fcf39 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -52,7 +52,7 @@ struct dma_regs {
 #define ADDR 0
 #define COUNT 1
 
-static struct dma_cont {
+typedef struct I8257State {
 uint8_t status;
 uint8_t command;
 uint8_t mask;
@@ -61,7 +61,9 @@ static struct dma_cont {
 struct dma_regs regs[4];
 MemoryRegion channel_io;
 MemoryRegion cont_io;
-} dma_controllers[2];
+} I8257State;
+
+static I8257State dma_controllers[2];
 
 enum {
 CMD_MEMORY_TO_MEMORY = 0x01,
@@ -84,7 +86,7 @@ static int channels[8] = {-1, 2, 3, 1, -1, -1, -1, 0};
 
 static void write_page (void *opaque, uint32_t nport, uint32_t data)
 {
-struct dma_cont *d = opaque;
+I8257State *d = opaque;
 int ichan;
 
 ichan = channels[nport & 7];
@@ -97,7 +99,7 @@ static void write_page (void *opaque, uint32_t nport, 
uint32_t data)
 
 static void write_pageh (void *opaque, uint32_t nport, uint32_t data)
 {
-struct dma_cont *d = opaque;
+I8257State *d = opaque;
 int ichan;
 
 ichan = channels[nport & 7];
@@ -110,7 +112,7 @@ static void write_pageh (void *opaque, uint32_t nport, 
uint32_t data)
 
 static uint32_t read_page (void *opaque, uint32_t nport)
 {
-struct dma_cont *d = opaque;
+I8257State *d = opaque;
 int ichan;
 
 ichan = channels[nport & 7];
@@ -123,7 +125,7 @@ static uint32_t read_page (void *opaque, uint32_t nport)
 
 static uint32_t read_pageh (void *opaque, uint32_t nport)
 {
-struct dma_cont *d = opaque;
+I8257State *d = opaque;
 int ichan;
 
 ichan = channels[nport & 7];
@@ -134,7 +136,7 @@ static uint32_t read_pageh (void *opaque, uint32_t nport)
 return d->regs[ichan].pageh;
 }
 
-static inline void init_chan (struct dma_cont *d, int ichan)
+static inline void init_chan(I8257State *d, int ichan)
 {
 struct dma_regs *r;
 
@@ -143,7 +145,7 @@ static inline void init_chan (struct dma_cont *d, int ichan)
 r->now[COUNT] = 0;
 }
 
-static inline int getff (struct dma_cont *d)
+static inline int getff(I8257State *d)
 {
 int ff;
 
@@ -154,7 +156,7 @@ static inline int getff (struct dma_cont *d)
 
 static uint64_t read_chan(void *opaque, hwaddr nport, unsigned size)
 {
-struct dma_cont *d = opaque;
+I8257State *d = opaque;
 int ichan, nreg, iport, ff, val, dir;
 struct dma_regs *r;
 
@@ -177,7 +179,7 @@ static uint64_t read_chan(void *opaque, hwaddr nport, 
unsigned size)
 static void write_chan(void *opaque, hwaddr nport, uint64_t data,
unsigned size)
 {
-struct dma_cont *d = opaque;
+I8257State *d = opaque;
 int iport, ichan, nreg;
 struct dma_regs *r;
 
@@ -196,7 +198,7 @@ static void write_chan(void *opaque, hwaddr nport, uint64_t 
data,
 static void write_cont(void *opaque, hwaddr nport, uint64_t data,
unsigned size)
 {
-struct dma_cont *d = opaque;
+I8257State *d = opaque;
 int iport, ichan = 0;
 
 iport = (nport >> d->dshift) & 0x0f;
@@ -284,7 +286,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t 
data,
 
 static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
 {
-struct dma_cont *d = opaque;
+I8257State *d = opaque;
 int iport, val;
 
 iport = (nport >> d->dshift) & 0x0f;
@@ -361,7 +363,7 @@ static bool dma_bh_scheduled;
 
 static void DMA_run (void)
 {
-struct dma_cont *d;
+I8257State *d;
 int icont, ichan;
 int rearm = 0;
 static int running = 0;
@@ -473,7 +475,7 @@ void DMA_schedule(void)
 
 static void dma_reset(void *opaque)
 {
-struct dma_cont *d = opaque;
+I8257State *d = opaque;
 write_cont(d, (0x05 << d->dshift), 0, 1);
 }
 
@@ -519,7 +521,7 @@ static const MemoryRegionOps cont_io_ops = {
 };
 
 /* dshift = 0: 8 bit DMA, 1 = 16 bit DMA */
-static void dma_init2(struct dma_cont *d, int base, int dshift,
+static void dma_init2(I8257State *d, int base, int dshift,
   int page_base, int pageh_base)
 {
 int i;
@@ -579,11 +581,12 @@ static const VMStateDescription vmstate_dma = {
 .minimum_version_id = 1,
 .post_load = dma_post_load,
 .fields = (VMStateField[]) {
-VMSTATE_UINT8(command, struct dma_cont),
-VMSTATE_UINT8(mask, struct dma_cont),
-VMSTATE_UINT8(flip_flop, struct dma_cont),
-VMSTATE_INT32(dshift, struct dma_cont),
-VMSTATE_STRUCT_ARRAY(regs, struct dma_cont, 4, 1, vmstate_dma_regs, 
struct dma_regs),
+VMSTATE_UINT8(command, I8257State),
+VMSTATE_UINT8(mask, I8257State),
+VMSTATE_UINT8(flip_flop, I8257State),
+VMSTATE_INT32(dshift, I8257State),
+VMSTATE_STRUCT_ARRAY(regs, I8257State, 4, 1, vmstate_dma_regs,
+ struct dma_regs),
 VMSTATE_END_OF_LIST()
 }

[Qemu-devel] [PATCH v2 00/19] ISA DMA controllers cleanup (i8257, i82374)

[Hervé Poussineau]

Hi,

This patchset is a cleanup of the i8257/i82374 ISA DMA controllers.
Global DMA_* functions will be obsoleted and then deleted, and ISA devices will 
not
be tied anymore to i8257 DMA device implementation.

This paves the way to fix support for floppy DMA operations on 
sparc/sparc64/MIPS Magnum
platforms (which don't use a i8257 DMA controller), and to support multiple ISA 
buses on
the same machine.

Patch 1 cleans up the i82374 DMA controller, by removing device inheritance.
Patches 2 to 9 change i8257 to current standards (structures and functions 
renaming, QOM)
Patches 10 to 18 create and use a IsaDma interface, to separate devices from 
i8257
device implementation.
Patch 19 removes now unused DMA_* functions.

Hervé

Changes since v1:
- added patches 4 and 9
- simplify patch 12, so that it compiles alone (John Snow)
- fix warning with clang (John Snow)

Hervé Poussineau (19):
  i82374: device only existed as ISA device, so simplify device
  i8257: pass ISA bus to DMA_init() function
  i8257: rename struct dma_cont to I8257State
  i8257: rename struct dma_regs to I8257Regs
  i8257: rename functions to start with i8257_ prefix
  i8257: make the DMA running method per controller
  i8257: add missing const
  i8257: QOM'ify
  i8257: move state definition to new independent header
  isa: add an ISA DMA interface, and store it within the ISA bus
  i8257: implement the IsaDma interface
  magnum: disable floppy DMA for now
  sparc: disable floppy DMA
  sparc64: disable floppy DMA
  fdc: use IsaDma interface instead of global DMA_* functions
  cs4231a: use IsaDma interface instead of global DMA_* functions
  gus: use IsaDma interface instead of global DMA_* functions
  sb16: use IsaDma interface instead of global DMA_* functions
  dma: remove now useless DMA_* functions

 hw/audio/cs4231a.c  |  23 ++-
 hw/audio/gus.c  |  20 ++-
 hw/audio/sb16.c |  23 ++-
 hw/block/fdc.c  |  65 +---
 hw/dma/i82374.c |  58 +++
 hw/dma/i8257.c  | 395 ++--
 hw/i386/pc.c|   2 +-
 hw/isa/isa-bus.c|  21 +++
 hw/mips/mips_fulong2e.c |   2 +-
 hw/mips/mips_jazz.c |   5 +-
 hw/mips/mips_malta.c|   2 +-
 hw/sparc/sun4m.c|  24 +--
 hw/sparc64/sun4u.c  |  37 ++---
 include/hw/isa/i8257.h  |  42 +
 include/hw/isa/isa.h|  51 +--
 include/qemu/typedefs.h |   1 +
 16 files changed, 454 insertions(+), 317 deletions(-)
 create mode 100644 include/hw/isa/i8257.h

-- 
2.1.4

[Qemu-devel] [PATCH v2 07/19] i8257: add missing const

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/dma/i8257.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index 9f70144..186a48a 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -86,7 +86,7 @@ enum {
 
 static void i8257_dma_run(void *opaque);
 
-static int channels[8] = {-1, 2, 3, 1, -1, -1, -1, 0};
+static const int channels[8] = {-1, 2, 3, 1, -1, -1, -1, 0};
 
 static void i8257_write_page(void *opaque, uint32_t nport, uint32_t data)
 {
-- 
2.1.4

[Qemu-devel] [PATCH v2 02/19] i8257: pass ISA bus to DMA_init() function

[Hervé Poussineau]

i8257 DMA controller exists on one ISA bus, so let's specify it at 
initialization.

Signed-off-by: Hervé Poussineau 
---
 hw/dma/i82374.c | 2 +-
 hw/dma/i8257.c  | 2 +-
 hw/i386/pc.c| 2 +-
 hw/mips/mips_fulong2e.c | 2 +-
 hw/mips/mips_jazz.c | 2 +-
 hw/mips/mips_malta.c| 2 +-
 hw/sparc/sun4m.c| 2 +-
 hw/sparc64/sun4u.c  | 2 +-
 include/hw/isa/isa.h| 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/hw/dma/i82374.c b/hw/dma/i82374.c
index daa8042..96a7a48 100644
--- a/hw/dma/i82374.c
+++ b/hw/dma/i82374.c
@@ -122,7 +122,7 @@ static void i82374_realize(DeviceState *dev, Error **errp)
 portio_list_add(>port_list, isa_address_space_io(>parent_obj),
 s->iobase);
 
-DMA_init(1);
+DMA_init(isa_bus_from_device(ISA_DEVICE(dev)), 1);
 memset(s->commands, 0, sizeof(s->commands));
 }
 
diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index 1398424..4d0b49d 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -588,7 +588,7 @@ static const VMStateDescription vmstate_dma = {
 }
 };
 
-void DMA_init(int high_page_enable)
+void DMA_init(ISABus *bus, int high_page_enable)
 {
 dma_init2(_controllers[0], 0x00, 0, 0x80, high_page_enable ? 0x480 : 
-1);
 dma_init2(_controllers[1], 0xc0, 1, 0x88, high_page_enable ? 0x488 : 
-1);
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 459260b..130d0c5 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1543,7 +1543,7 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
 port92 = isa_create_simple(isa_bus, "port92");
 port92_init(port92, _line[1]);
 
-DMA_init(0);
+DMA_init(isa_bus, 0);
 
 for(i = 0; i < MAX_FD; i++) {
 fd[i] = drive_get(IF_FLOPPY, 0, i);
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 5988a88..ea59a61 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -365,7 +365,7 @@ static void mips_fulong2e_init(MachineState *machine)
 
 /* init other devices */
 pit = pit_init(isa_bus, 0x40, 0, NULL);
-DMA_init(0);
+DMA_init(isa_bus, 0);
 
 /* Super I/O */
 isa_create_simple(isa_bus, "i8042");
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index 1ab885b..64a0de2 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -224,7 +224,7 @@ static void mips_jazz_init(MachineState *machine,
 /* ISA devices */
 i8259 = i8259_init(isa_bus, env->irq[4]);
 isa_bus_irqs(isa_bus, i8259);
-DMA_init(0);
+DMA_init(isa_bus, 0);
 pit = pit_init(isa_bus, 0x40, 0, NULL);
 pcspk_init(isa_bus, pit);
 
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 91c36ba..2acca4d 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1165,7 +1165,7 @@ void mips_malta_init(MachineState *machine)
 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
 g_free(smbus_eeprom_buf);
 pit = pit_init(isa_bus, 0x40, 0, NULL);
-DMA_init(0);
+DMA_init(isa_bus, 0);
 
 /* Super I/O */
 isa_create_simple(isa_bus, "i8042");
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 230dac9..bf6a7da 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -111,7 +111,7 @@ void DMA_hold_DREQ (int nchan) {}
 void DMA_release_DREQ (int nchan) {}
 void DMA_schedule(void) {}
 
-void DMA_init(int high_page_enable)
+void DMA_init(ISABus *bus, int high_page_enable)
 {
 }
 
diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 7a433d3..3b9b450 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -114,7 +114,7 @@ void DMA_hold_DREQ (int nchan) {}
 void DMA_release_DREQ (int nchan) {}
 void DMA_schedule(void) {}
 
-void DMA_init(int high_page_enable)
+void DMA_init(ISABus *bus, int high_page_enable)
 {
 }
 
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index d758b39..d84852b 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -113,7 +113,7 @@ int DMA_write_memory (int nchan, void *buf, int pos, int 
size);
 void DMA_hold_DREQ (int nchan);
 void DMA_release_DREQ (int nchan);
 void DMA_schedule(void);
-void DMA_init(int high_page_enable);
+void DMA_init(ISABus *bus, int high_page_enable);
 void DMA_register_channel (int nchan,
DMA_transfer_handler transfer_handler,
void *opaque);
-- 
2.1.4

[Qemu-devel] [PATCH v2 13/19] sparc: disable floppy DMA

[Hervé Poussineau]

All functions relative to DMA (DMA_*() functions) are stubs on sparc platform.
Disable the DMA in the floppy controller, instead of calling these stubs.

Signed-off-by: Hervé Poussineau 
---
 hw/block/fdc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 4292ece..4069c46 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -2375,6 +2375,8 @@ static void sun4m_fdc_initfn(Object *obj)
 FDCtrlSysBus *sys = SYSBUS_FDC(obj);
 FDCtrl *fdctrl = >state;
 
+fdctrl->dma_chann = -1;
+
 memory_region_init_io(>iomem, obj, _mem_strict_ops,
   fdctrl, "fdctrl", 0x08);
 sysbus_init_mmio(sbd, >iomem);
-- 
2.1.4

[Qemu-devel] [PATCH v2 18/19] sb16: use IsaDma interface instead of global DMA_* functions

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/audio/sb16.c | 23 ++-
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/hw/audio/sb16.c b/hw/audio/sb16.c
index 995435f..9973e77 100644
--- a/hw/audio/sb16.c
+++ b/hw/audio/sb16.c
@@ -55,6 +55,8 @@ typedef struct SB16State {
 uint32_t hdma;
 uint32_t port;
 uint32_t ver;
+IsaDma *isa_dma;
+IsaDma *isa_hdma;
 
 int in_index;
 int out_data_len;
@@ -165,16 +167,18 @@ static void speaker (SB16State *s, int on)
 static void control (SB16State *s, int hold)
 {
 int dma = s->use_hdma ? s->hdma : s->dma;
+IsaDma *isa_dma = s->use_hdma ? s->isa_hdma : s->isa_dma;
+IsaDmaClass *k = ISADMA_GET_CLASS(isa_dma);
 s->dma_running = hold;
 
 ldebug ("hold %d high %d dma %d\n", hold, s->use_hdma, dma);
 
 if (hold) {
-DMA_hold_DREQ (dma);
+k->hold_DREQ(isa_dma, dma);
 AUD_set_active_out (s->voice, 1);
 }
 else {
-DMA_release_DREQ (dma);
+k->release_DREQ(isa_dma, dma);
 AUD_set_active_out (s->voice, 0);
 }
 }
@@ -1136,6 +1140,8 @@ static uint32_t mixer_read(void *opaque, uint32_t nport)
 static int write_audio (SB16State *s, int nchan, int dma_pos,
 int dma_len, int len)
 {
+IsaDma *isa_dma = nchan == s->dma ? s->isa_dma : s->isa_hdma;
+IsaDmaClass *k = ISADMA_GET_CLASS(isa_dma);
 int temp, net;
 uint8_t tmpbuf[4096];
 
@@ -1152,7 +1158,7 @@ static int write_audio (SB16State *s, int nchan, int 
dma_pos,
 to_copy = sizeof (tmpbuf);
 }
 
-copied = DMA_read_memory (nchan, tmpbuf, dma_pos, to_copy);
+copied = k->read_memory(isa_dma, nchan, tmpbuf, dma_pos, to_copy);
 copied = AUD_write (s->voice, tmpbuf, copied);
 
 temp -= copied;
@@ -1354,6 +1360,7 @@ static void sb16_realizefn (DeviceState *dev, Error 
**errp)
 {
 ISADevice *isadev = ISA_DEVICE (dev);
 SB16State *s = SB16 (dev);
+IsaDmaClass *k;
 
 isa_init_irq (isadev, >pic, s->irq);
 
@@ -1372,8 +1379,14 @@ static void sb16_realizefn (DeviceState *dev, Error 
**errp)
 
 isa_register_portio_list (isadev, s->port, sb16_ioport_list, s, "sb16");
 
-DMA_register_channel (s->hdma, SB_read_DMA, s);
-DMA_register_channel (s->dma, SB_read_DMA, s);
+s->isa_hdma = isa_get_dma(isa_bus_from_device(isadev), s->hdma);
+k = ISADMA_GET_CLASS(s->isa_hdma);
+k->register_channel(s->isa_hdma, s->hdma, SB_read_DMA, s);
+
+s->isa_dma = isa_get_dma(isa_bus_from_device(isadev), s->dma);
+k = ISADMA_GET_CLASS(s->isa_dma);
+k->register_channel(s->isa_dma, s->dma, SB_read_DMA, s);
+
 s->can_write = 1;
 
 AUD_register_card ("sb16", >card);
-- 
2.1.4

[Qemu-devel] [PATCH v2 16/19] cs4231a: use IsaDma interface instead of global DMA_* functions

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/audio/cs4231a.c | 23 +++
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/hw/audio/cs4231a.c b/hw/audio/cs4231a.c
index f96f561..d84f83f 100644
--- a/hw/audio/cs4231a.c
+++ b/hw/audio/cs4231a.c
@@ -69,6 +69,7 @@ typedef struct CSState {
 uint32_t irq;
 uint32_t dma;
 uint32_t port;
+IsaDma *isa_dma;
 int shift;
 int dma_running;
 int audio_free;
@@ -264,6 +265,7 @@ static void cs_reset_voices (CSState *s, uint32_t val)
 {
 int xtal;
 struct audsettings as;
+IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
 
 #ifdef DEBUG_XLAW
 if (val == 0 || val == 32)
@@ -327,7 +329,7 @@ static void cs_reset_voices (CSState *s, uint32_t val)
 
 if (s->dregs[Interface_Configuration] & PEN) {
 if (!s->dma_running) {
-DMA_hold_DREQ (s->dma);
+k->hold_DREQ(s->isa_dma, s->dma);
 AUD_set_active_out (s->voice, 1);
 s->transferred = 0;
 }
@@ -335,7 +337,7 @@ static void cs_reset_voices (CSState *s, uint32_t val)
 }
 else {
 if (s->dma_running) {
-DMA_release_DREQ (s->dma);
+k->release_DREQ(s->isa_dma, s->dma);
 AUD_set_active_out (s->voice, 0);
 }
 s->dma_running = 0;
@@ -344,7 +346,7 @@ static void cs_reset_voices (CSState *s, uint32_t val)
 
  error:
 if (s->dma_running) {
-DMA_release_DREQ (s->dma);
+k->release_DREQ(s->isa_dma, s->dma);
 AUD_set_active_out (s->voice, 0);
 }
 }
@@ -452,7 +454,8 @@ static void cs_write (void *opaque, hwaddr addr,
 }
 else {
 if (s->dma_running) {
-DMA_release_DREQ (s->dma);
+IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
+k->release_DREQ(s->isa_dma, s->dma);
 AUD_set_active_out (s->voice, 0);
 s->dma_running = 0;
 }
@@ -517,6 +520,7 @@ static int cs_write_audio (CSState *s, int nchan, int 
dma_pos,
 {
 int temp, net;
 uint8_t tmpbuf[4096];
+IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
 
 temp = len;
 net = 0;
@@ -531,7 +535,7 @@ static int cs_write_audio (CSState *s, int nchan, int 
dma_pos,
 to_copy = sizeof (tmpbuf);
 }
 
-copied = DMA_read_memory (nchan, tmpbuf, dma_pos, to_copy);
+copied = k->read_memory(s->isa_dma, nchan, tmpbuf, dma_pos, to_copy);
 if (s->tab) {
 int i;
 int16_t linbuf[4096];
@@ -599,7 +603,8 @@ static int cs4231a_pre_load (void *opaque)
 CSState *s = opaque;
 
 if (s->dma_running) {
-DMA_release_DREQ (s->dma);
+IsaDmaClass *k = ISADMA_GET_CLASS(s->isa_dma);
+k->release_DREQ(s->isa_dma, s->dma);
 AUD_set_active_out (s->voice, 0);
 }
 s->dma_running = 0;
@@ -655,13 +660,15 @@ static void cs4231a_realizefn (DeviceState *dev, Error 
**errp)
 {
 ISADevice *d = ISA_DEVICE (dev);
 CSState *s = CS4231A (dev);
+IsaDmaClass *k;
 
 isa_init_irq (d, >pic, s->irq);
+s->isa_dma = isa_get_dma(isa_bus_from_device(d), s->dma);
+k = ISADMA_GET_CLASS(s->isa_dma);
+k->register_channel(s->isa_dma, s->dma, cs_dma_read, s);
 
 isa_register_ioport (d, >ioports, s->port);
 
-DMA_register_channel (s->dma, cs_dma_read, s);
-
 AUD_register_card ("cs4231a", >card);
 }
 
-- 
2.1.4

Re: [Qemu-devel] [PATCH] Add missing syscall nrs. This updates the QEMU syscall tables to more recent Linux kernels.

[Michael Tokarev]

25.12.2015 01:31, Johan Ouwerkerk wrote:
> This change covers arm, aarch64, mips. Others to follow?
> 
> The change was prompted by QEMU warning about a syscall 384 (get_random()) 
> with Debian armhf binaries (ARMv7).

Applied to -trivial after word-wrapping the commit message
and trimming subject line a bit.  Thanks!

/mjt

[Qemu-devel] [PATCH v2 11/19] i8257: implement the IsaDma interface

[Hervé Poussineau]

Rewrite the global DMA_*() functions to use the IsaDma interface.
Note that these functions will be deleted in a few commits.

Signed-off-by: Hervé Poussineau 
---
 hw/dma/i8257.c   | 148 ---
 include/hw/isa/isa.h |   2 +-
 2 files changed, 118 insertions(+), 32 deletions(-)

diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index 5210e0e..291435d 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -44,8 +44,6 @@
 #define ADDR 0
 #define COUNT 1
 
-static I8257State *dma_controllers[2];
-
 enum {
 CMD_MEMORY_TO_MEMORY = 0x01,
 CMD_FIXED_ADDRESS= 0x02,
@@ -288,31 +286,36 @@ static uint64_t i8257_read_cont(void *opaque, hwaddr 
nport, unsigned size)
 return val;
 }
 
-int DMA_get_channel_mode (int nchan)
+static IsaDmaTransferMode i8257_dma_get_transfer_mode(IsaDma *obj, int nchan)
+{
+I8257State *d = I8257(obj);
+return (d->regs[nchan & 3].mode >> 2) & 3;
+}
+
+static bool i8257_dma_has_autoinitialization(IsaDma *obj, int nchan)
 {
-return dma_controllers[nchan > 3]->regs[nchan & 3].mode;
+I8257State *d = I8257(obj);
+return (d->regs[nchan & 3].mode >> 4) & 1;
 }
 
-void DMA_hold_DREQ (int nchan)
+static void i8257_dma_hold_DREQ(IsaDma *obj, int nchan)
 {
-int ncont, ichan;
+I8257State *d = I8257(obj);
+int ichan;
 
-ncont = nchan > 3;
 ichan = nchan & 3;
-linfo ("held cont=%d chan=%d\n", ncont, ichan);
-dma_controllers[ncont]->status |= 1 << (ichan + 4);
-i8257_dma_run(dma_controllers[ncont]);
+d->status |= 1 << (ichan + 4);
+i8257_dma_run(d);
 }
 
-void DMA_release_DREQ (int nchan)
+static void i8257_dma_release_DREQ(IsaDma *obj, int nchan)
 {
-int ncont, ichan;
+I8257State *d = I8257(obj);
+int ichan;
 
-ncont = nchan > 3;
 ichan = nchan & 3;
-linfo ("released cont=%d chan=%d\n", ncont, ichan);
-dma_controllers[ncont]->status &= ~(1 << (ichan + 4));
-i8257_dma_run(dma_controllers[ncont]);
+d->status &= ~(1 << (ichan + 4));
+i8257_dma_run(d);
 }
 
 static void i8257_channel_run(I8257State *d, int ichan)
@@ -372,24 +375,26 @@ out:
 }
 }
 
-void DMA_register_channel (int nchan,
-   DMA_transfer_handler transfer_handler,
-   void *opaque)
+static void i8257_dma_register_channel(IsaDma *obj, int nchan,
+   DMA_transfer_handler transfer_handler,
+   void *opaque)
 {
+I8257State *d = I8257(obj);
 I8257Regs *r;
-int ichan, ncont;
+int ichan;
 
-ncont = nchan > 3;
 ichan = nchan & 3;
 
-r = dma_controllers[ncont]->regs + ichan;
+r = d->regs + ichan;
 r->transfer_handler = transfer_handler;
 r->opaque = opaque;
 }
 
-int DMA_read_memory (int nchan, void *buf, int pos, int len)
+static int i8257_dma_read_memory(IsaDma *obj, int nchan, void *buf, int pos,
+ int len)
 {
-I8257Regs *r = _controllers[nchan > 3]->regs[nchan & 3];
+I8257State *d = I8257(obj);
+I8257Regs *r = >regs[nchan & 3];
 hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
 
 if (r->mode & 0x20) {
@@ -409,9 +414,11 @@ int DMA_read_memory (int nchan, void *buf, int pos, int 
len)
 return len;
 }
 
-int DMA_write_memory (int nchan, void *buf, int pos, int len)
+static int i8257_dma_write_memory(IsaDma *obj, int nchan, void *buf, int pos,
+ int len)
 {
-I8257Regs *r = _controllers[nchan > 3]->regs[nchan & 3];
+I8257State *s = I8257(obj);
+I8257Regs *r = >regs[nchan & 3];
 hwaddr addr = ((r->pageh & 0x7f) << 24) | (r->page << 16) | r->now[ADDR];
 
 if (r->mode & 0x20) {
@@ -434,10 +441,10 @@ int DMA_write_memory (int nchan, void *buf, int pos, int 
len)
 /* request the emulator to transfer a new DMA memory block ASAP (even
  * if the idle bottom half would not have exited the iothread yet).
  */
-void DMA_schedule(void)
+static void i8257_dma_schedule(IsaDma *obj)
 {
-if (dma_controllers[0]->dma_bh_scheduled ||
-dma_controllers[1]->dma_bh_scheduled) {
+I8257State *d = I8257(obj);
+if (d->dma_bh_scheduled) {
 qemu_notify_event();
 }
 }
@@ -571,11 +578,85 @@ static Property i8257_properties[] = {
 static void i8257_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
+IsaDmaClass *idc = ISADMA_CLASS(klass);
 
 dc->realize = i8257_realize;
 dc->reset = i8257_reset;
 dc->vmsd = _i8257;
 dc->props = i8257_properties;
+
+idc->get_transfer_mode = i8257_dma_get_transfer_mode;
+idc->has_autoinitialization = i8257_dma_has_autoinitialization;
+idc->read_memory = i8257_dma_read_memory;
+idc->write_memory = i8257_dma_write_memory;
+idc->hold_DREQ = i8257_dma_hold_DREQ;
+idc->release_DREQ = i8257_dma_release_DREQ;
+idc->schedule = i8257_dma_schedule;
+idc->register_channel =