Re: [Qemu-devel] [PATCH 0/8] ivshmem: test msi=off, remove CharDriver

2016-01-29 Thread Markus Armbruster 
Marc-André Lureau  writes:

> Hi
>
> On Mon, Dec 21, 2015 at 12:30 PM,   wrote:
>> From: Marc-André Lureau 
>>
>> This is a ivshmem series with various bits:
>> - add a test for a recently introduced regression
>> - the fix is included in the series but was sent separatly to cc -stable
>> - fix some test leaks
>> - get rid of CharDriver usage for eventfd
>> - simplify event callback
>>
>
> Adding a few people in CC who might help with reviewing.

The last patch doesn't apply anymore.  I'll look over the series anyway.

[Qemu-devel] [PATCH v9 10/16] block: Make bdrv_close() static

2016-01-29 Thread Max Reitz 
There are no users of bdrv_close() left, except for one of bdrv_open()'s
failure paths, bdrv_close_all() and bdrv_delete(), and that is good.
Make bdrv_close() static so nobody makes the mistake of directly using
bdrv_close() again.

Signed-off-by: Max Reitz 
Reviewed-by: Eric Blake 
Reviewed-by: Alberto Garcia 
Reviewed-by: Kevin Wolf 
Reviewed-by: Fam Zheng 
---
 block.c   | 4 +++-
 include/block/block.h | 1 -
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/block.c b/block.c
index f4312d9..e076f10 100644
--- a/block.c
+++ b/block.c
@@ -93,6 +93,8 @@ static void bdrv_release_named_dirty_bitmaps(BlockDriverState 
*bs);
 /* If non-zero, use only whitelisted block drivers */
 static int use_bdrv_whitelist;
 
+static void bdrv_close(BlockDriverState *bs);
+
 #ifdef _WIN32
 static int is_windows_drive_prefix(const char *filename)
 {
@@ -2134,7 +2136,7 @@ void bdrv_reopen_abort(BDRVReopenState *reopen_state)
 }
 
 
-void bdrv_close(BlockDriverState *bs)
+static void bdrv_close(BlockDriverState *bs)
 {
 BdrvAioNotifier *ban, *ban_next;
 
diff --git a/include/block/block.h b/include/block/block.h
index cfb86e7..0035ad8 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -226,7 +226,6 @@ int bdrv_reopen_prepare(BDRVReopenState *reopen_state,
 BlockReopenQueue *queue, Error **errp);
 void bdrv_reopen_commit(BDRVReopenState *reopen_state);
 void bdrv_reopen_abort(BDRVReopenState *reopen_state);
-void bdrv_close(BlockDriverState *bs);
 int bdrv_read(BlockDriverState *bs, int64_t sector_num,
   uint8_t *buf, int nb_sectors);
 int bdrv_read_unthrottled(BlockDriverState *bs, int64_t sector_num,
-- 
2.7.0

[Qemu-devel] [PATCH v9 11/16] block: Add list of all BlockDriverStates

2016-01-29 Thread Max Reitz 
We need this list so that bdrv_close_all() can keep track of which BDSs
are still open after having removed the BDSs from all of the BBs and
having released all monitor BDS references.

Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
Reviewed-by: Fam Zheng 
---
 block.c   | 7 +++
 include/block/block_int.h | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/block.c b/block.c
index e076f10..d687d2c 100644
--- a/block.c
+++ b/block.c
@@ -79,6 +79,9 @@ struct BdrvStates bdrv_states = 
QTAILQ_HEAD_INITIALIZER(bdrv_states);
 static QTAILQ_HEAD(, BlockDriverState) graph_bdrv_states =
 QTAILQ_HEAD_INITIALIZER(graph_bdrv_states);
 
+static QTAILQ_HEAD(, BlockDriverState) all_bdrv_states =
+QTAILQ_HEAD_INITIALIZER(all_bdrv_states);
+
 static QLIST_HEAD(, BlockDriver) bdrv_drivers =
 QLIST_HEAD_INITIALIZER(bdrv_drivers);
 
@@ -267,6 +270,8 @@ BlockDriverState *bdrv_new(void)
 bs->refcnt = 1;
 bs->aio_context = qemu_get_aio_context();
 
+QTAILQ_INSERT_TAIL(_bdrv_states, bs, bs_list);
+
 return bs;
 }
 
@@ -2371,6 +2376,8 @@ static void bdrv_delete(BlockDriverState *bs)
 /* remove from list, if necessary */
 bdrv_make_anon(bs);
 
+QTAILQ_REMOVE(_bdrv_states, bs, bs_list);
+
 g_free(bs);
 }
 
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 2db8c79..26c4e74 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -444,6 +444,8 @@ struct BlockDriverState {
 QTAILQ_ENTRY(BlockDriverState) node_list;
 /* element of the list of "drives" the guest sees */
 QTAILQ_ENTRY(BlockDriverState) device_list;
+/* element of the list of all BlockDriverStates (all_bdrv_states) */
+QTAILQ_ENTRY(BlockDriverState) bs_list;
 QLIST_HEAD(, BdrvDirtyBitmap) dirty_bitmaps;
 int refcnt;
 
-- 
2.7.0

Re: [Qemu-devel] [PATCH] arm: virt-acpi: each MADT.GICC entry as enabled unconditionally

2016-01-29 Thread Shannon Zhao 



On 2016/1/29 23:26, Andrew Jones wrote:

On Fri, Jan 29, 2016 at 10:59:32PM +0800, Shannon Zhao wrote:

>
>
>On 2016/1/29 22:24, Igor Mammedov wrote:

> >in current impl. condition
> >
> >build_madt() {
> >   ...
> >   if (test_bit(i, cpuinfo->found_cpus))
> >
> >is always true since loop handles only present CPUs
> >in range [0..smp_cpus).
> >But to fill usless cpuinfo->found_cpus we do unnecessary
> >scan over QOM tree to find the same CPUs.
> >So mark GICC as present always and drop not needed
> >code that fills cpuinfo->found_cpus.
> >
> >Signed-off-by: Igor Mammedov
> >---
> >It's just simple cleanup but I'm trying to generalize
> >a bit CPU related ACPI tables and as part of it get rid
> >of found_cpus bitmap and if possible cpu_index usage
> >in ACPI parts of code.
> >---
> >  hw/arm/virt-acpi-build.c | 26 +++---
> >  1 file changed, 3 insertions(+), 23 deletions(-)
> >
> >diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> >index 87fbe7c..3ed39fc 100644
> >--- a/hw/arm/virt-acpi-build.c
> >+++ b/hw/arm/virt-acpi-build.c
> >@@ -46,20 +46,6 @@
> >  #define ARM_SPI_BASE 32
> >  #define ACPI_POWER_BUTTON_DEVICE "PWRB"
> >
> >-typedef struct VirtAcpiCpuInfo {
> >-DECLARE_BITMAP(found_cpus, VIRT_ACPI_CPU_ID_LIMIT);
> >-} VirtAcpiCpuInfo;
> >-
> >-static void virt_acpi_get_cpu_info(VirtAcpiCpuInfo *cpuinfo)
> >-{
> >-CPUState *cpu;
> >-
> >-memset(cpuinfo->found_cpus, 0, sizeof cpuinfo->found_cpus);
> >-CPU_FOREACH(cpu) {
> >-set_bit(cpu->cpu_index, cpuinfo->found_cpus);
> >-}
> >-}
> >-
> >  static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
> >  {
> >  uint16_t i;
> >@@ -458,8 +444,7 @@ build_gtdt(GArray *table_data, GArray *linker)
> >
> >  /* MADT */
> >  static void
> >-build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info,
> >-   VirtAcpiCpuInfo *cpuinfo)
> >+build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
> >  {
> >  int madt_start = table_data->len;
> >  const MemMapEntry *memmap = guest_info->memmap;
> >@@ -489,9 +474,7 @@ build_madt(GArray *table_data, GArray *linker, 
VirtGuestInfo *guest_info,
> >  gicc->cpu_interface_number = i;
> >  gicc->arm_mpidr = armcpu->mp_affinity;
> >  gicc->uid = i;
> >-if (test_bit(i, cpuinfo->found_cpus)) {
> >-gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
> >-}
> >+gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
> >  }

>Ah, yes, it uses smp_cpus not max_cpus. But we still needs to support
>max_cpus usage even though it doesn't support vcpu hotplug currently. So we
>may need to introduce guest_info->max_cpus and use it here.

We should leave that for when the hotplug patches come, and we should
probably leave the hotplug patches until we see what Igor plans for
sharing more ACPI code between x86 and ARM.

Even if ignoring the vcpu hotplug, we still need to support max_cpus and 
smp_cpus usage like -smp 1,maxcpus=4.



>And below check in virt.c is not right while it should compare the global
>max_cpus with the max_cpus GIC supports.
>
> if (smp_cpus > max_cpus) {
> error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
>  "supported by machine 'mach-virt' (%d)",
>  smp_cpus, max_cpus);
> exit(1);
> }

max_cpus is getting set to the number the gic supports just above this
check. So max_cpus == gic_supported_cpus already, and this check is just
confirming the number of cpus the user has selected is OK.
No, the global max_cpus (which is defined in vl.c and exported in 
sysemu/sysemu.h) is not the local variable max_cpus.


--
Shannon

[Qemu-devel] [PATCH v3] linux-user: Fix qemu-binfmt-conf.h to store config across reboot

2016-01-29 Thread Laurent Vivier 
Original qemu-binfmt-conf.h is only able to write configuration
into /proc/sys/fs/binfmt_misc, and the configuration is lost on reboot.

This script can configure debian and systemd services to restore
configuration on reboot. Moreover, it is able to manage binfmt
credential and to configure the path of the interpreter.

List of supported CPU is:

i386 i486 alpha arm sparc32plus ppc ppc64 ppc64le
m68k mips mipsel mipsn32 mipsn32el mips64 mips64el
sh4 sh4eb s390x aarch64

Usage: qemu-binfmt-conf.sh [--qemu-path PATH][--debian][--systemd CPU]
   [--help][--credential yes|no][--exportdir PATH]

   Configure binfmt_misc to use qemu interpreter

   --help:   display this usage
   --qemu-path:  set path to qemu interpreter (/usr/local/bin)
   --debian: don't write into /proc,
 instead generate update-binfmts templates
   --systemd:don't write into /proc,
 instead generate file for systemd-binfmt.service
 for the given CPU
   --exportdir:  define where to write configuration files
 (default: /etc/binfmt.d or /usr/share/binfmts)
   --credential: if yes, credential an security tokens are
 calculated according to the binary to interpret

To import templates with update-binfmts, use :

sudo update-binfmts --importdir /usr/share/binfmts --import qemu-CPU

To remove interpreter, use :

sudo update-binfmts --package qemu-CPU --remove qemu-CPU /usr/local/bin

With systemd, binfmt files are loaded by systemd-binfmt.service

The environment variable HOST_ARCH allows to override 'uname' to generate
configuration files for a different architecture than the current one.

Signed-off-by: Laurent Vivier 
---
v3: change subject to be shorter
fix typo
remove "!EOF", "echo -n" and "[ ... -o ... ]"
check cpu given by --systemd is in the list
v2: replace some ERRORS by WARNINGS to be able to use the script inside a 
package build
check only the right to write in the directory, no need to be root
merge systemd and binfmt_misc configuration generation
s/qemu_generate_packages/qemu_generate_debian/
add support of HOST_ARCH from debian, and update CPU families.
allow to use --exportdir with --systemd and update "Usage".

 scripts/qemu-binfmt-conf.sh | 389 
 1 file changed, 320 insertions(+), 69 deletions(-)
 mode change 100644 => 100755 scripts/qemu-binfmt-conf.sh

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
old mode 100644
new mode 100755
index 289b1a3..de4d1c1
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -1,72 +1,323 @@
 #!/bin/sh
 # enable automatic i386/ARM/M68K/MIPS/SPARC/PPC/s390 program execution by the 
kernel
 
-# load the binfmt_misc module
-if [ ! -d /proc/sys/fs/binfmt_misc ]; then
-  /sbin/modprobe binfmt_misc
-fi
-if [ ! -f /proc/sys/fs/binfmt_misc/register ]; then
-  mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc
-fi
-
-# probe cpu type
-cpu=`uname -m`
-case "$cpu" in
-  i386|i486|i586|i686|i86pc|BePC|x86_64)
-cpu="i386"
-  ;;
-  m68k)
-cpu="m68k"
-  ;;
-  mips*)
-cpu="mips"
-  ;;
-  "Power Macintosh"|ppc|ppc64)
-cpu="ppc"
-  ;;
-  armv[4-9]*)
-cpu="arm"
-  ;;
-esac
-
-# register the interpreter for each cpu except for the native one
-if [ $cpu != "i386" ] ; then
-echo 
':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-i386:'
 > /proc/sys/fs/binfmt_misc/register
-echo 
':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-i386:'
 > /proc/sys/fs/binfmt_misc/register
-fi
-if [ $cpu != "alpha" ] ; then
-echo 
':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-alpha:'
 > /proc/sys/fs/binfmt_misc/register
-fi
-if [ $cpu != "arm" ] ; then
-echo   
':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-arm:'
 > /proc/sys/fs/binfmt_misc/register
-echo   
':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-armeb:'
 > /proc/sys/fs/binfmt_misc/register
-fi
-if [ $cpu != "aarch64" ] ; then
-echo 
':aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-aarch64:'
 >

Re: [Qemu-devel] [Qemu-arm] [PATCH 6/8] target-arm: Handle exception return from AArch64 to non-EL0 AArch32

2016-01-29 Thread Sergey Fedorov 
On 14.01.2016 21:34, Peter Maydell wrote:
> Remove the assumptions that the AArch64 exception return code was
> making about a return to AArch32 always being a return to EL0.
> This includes pulling out the illegal-SPSR checks so we can apply
> them for return to 32 bit as well as return to 64-bit.

Reviewed-by: Sergey Fedorov 

> Signed-off-by: Peter Maydell 
> ---
>  target-arm/op_helper.c | 80 
> +-
>  1 file changed, 59 insertions(+), 21 deletions(-)
>
> diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
> index e42d287..38d46d8 100644
> --- a/target-arm/op_helper.c
> +++ b/target-arm/op_helper.c
> @@ -640,12 +640,51 @@ void HELPER(pre_smc)(CPUARMState *env, uint32_t 
> syndrome)
>  }
>  }
>  
> +static int el_from_spsr(uint32_t spsr)
> +{
> +/* Return the exception level that this SPSR is requesting a return to,
> + * or -1 if it is invalid (an illegal return)
> + */
> +if (spsr & PSTATE_nRW) {
> +switch (spsr & CPSR_M) {
> +case ARM_CPU_MODE_USR:
> +return 0;
> +case ARM_CPU_MODE_HYP:
> +return 2;
> +case ARM_CPU_MODE_FIQ:
> +case ARM_CPU_MODE_IRQ:
> +case ARM_CPU_MODE_SVC:
> +case ARM_CPU_MODE_ABT:
> +case ARM_CPU_MODE_UND:
> +case ARM_CPU_MODE_SYS:
> +return 1;
> +case ARM_CPU_MODE_MON:
> +/* Returning to Mon from AArch64 is never possible,
> + * so this is an illegal return.
> + */
> +default:
> +return -1;
> +}
> +} else {
> +if (extract32(spsr, 1, 1)) {
> +/* Return with reserved M[1] bit set */
> +return -1;
> +}
> +if (extract32(spsr, 0, 4) == 1) {
> +/* return to EL0 with M[0] bit set */
> +return -1;
> +}
> +return extract32(spsr, 2, 2);
> +}
> +}
> +
>  void HELPER(exception_return)(CPUARMState *env)
>  {
>  int cur_el = arm_current_el(env);
>  unsigned int spsr_idx = aarch64_banked_spsr_index(cur_el);
>  uint32_t spsr = env->banked_spsr[spsr_idx];
>  int new_el;
> +bool return_to_aa64 = (spsr & PSTATE_nRW) == 0;
>  
>  aarch64_save_sp(env, cur_el);
>  
> @@ -662,35 +701,34 @@ void HELPER(exception_return)(CPUARMState *env)
>  spsr &= ~PSTATE_SS;
>  }
>  
> -if (spsr & PSTATE_nRW) {
> -/* TODO: We currently assume EL1/2/3 are running in AArch64.  */
> +new_el = el_from_spsr(spsr);
> +if (new_el == -1) {
> +goto illegal_return;
> +}
> +if (new_el > cur_el
> +|| (new_el == 2 && !arm_feature(env, ARM_FEATURE_EL2))) {
> +/* Disallow return to an EL which is unimplemented or higher
> + * than the current one.
> + */
> +goto illegal_return;
> +}
> +
> +if (new_el != 0 && arm_el_is_aa64(env, new_el) != return_to_aa64) {
> +/* Return to an EL which is configured for a different register 
> width */
> +goto illegal_return;
> +}
> +
> +if (!return_to_aa64) {
>  env->aarch64 = 0;
> -new_el = 0;
> -env->uncached_cpsr = 0x10;
> +env->uncached_cpsr = spsr & CPSR_M;
>  cpsr_write(env, spsr, ~0);
>  if (!arm_singlestep_active(env)) {
>  env->uncached_cpsr &= ~PSTATE_SS;
>  }
>  aarch64_sync_64_to_32(env);
>  
> -env->regs[15] = env->elr_el[1] & ~0x1;
> +env->regs[15] = env->elr_el[cur_el] & ~0x1;
>  } else {
> -new_el = extract32(spsr, 2, 2);
> -if (new_el > cur_el
> -|| (new_el == 2 && !arm_feature(env, ARM_FEATURE_EL2))) {
> -/* Disallow return to an EL which is unimplemented or higher
> - * than the current one.
> - */
> -goto illegal_return;
> -}
> -if (extract32(spsr, 1, 1)) {
> -/* Return with reserved M[1] bit set */
> -goto illegal_return;
> -}
> -if (new_el == 0 && (spsr & PSTATE_SP)) {
> -/* Return to EL0 with M[0] bit set */
> -goto illegal_return;
> -}
>  env->aarch64 = 1;
>  pstate_write(env, spsr);
>  if (!arm_singlestep_active(env)) {

Re: [Qemu-devel] [PATCH v7 01/13] machine: Don't allow CPU toplogies with partially filled cores

2016-01-29 Thread Igor Mammedov 
On Fri, 29 Jan 2016 13:36:05 -0200
Eduardo Habkost  wrote:

> On Fri, Jan 29, 2016 at 04:10:47PM +0100, Igor Mammedov wrote:
> > On Fri, 29 Jan 2016 12:24:18 -0200
> > Eduardo Habkost  wrote:
> >   
> > > On Fri, Jan 29, 2016 at 02:52:30PM +1100, David Gibson wrote:  
> > > > On Thu, Jan 28, 2016 at 11:19:43AM +0530, Bharata B Rao wrote:
> > > > > Prevent guests from booting with CPU topologies that have partially
> > > > > filled CPU cores or can result in partially filled CPU cores after
> > > > > CPU hotplug like
> > > > > 
> > > > > -smp 15,sockets=1,cores=4,threads=4,maxcpus=16 or
> > > > > -smp 15,sockets=1,cores=4,threads=4,maxcpus=17.
> > > > > 
> > > > > This is enforced by introducing MachineClass::validate_smp_config()
> > > > > that gets called from generic SMP parsing code. Machine type versions
> > > > > that want to enforce this can define this to the generic version
> > > > > provided.
> > > > > 
> > > > > Only sPAPR and PC machine types starting from version 2.6 enforce 
> > > > > this in
> > > > > this patch.
> > > > > 
> > > > > Signed-off-by: Bharata B Rao 
> > > > 
> > > > I've been kind of lost in the back and forth about
> > > > threads/cores/sockets.
> > > > 
> > > > What, in the end, is the rationale for allowing partially filled
> > > > sockets, but not partially filled cores?
> > > 
> > > I don't think there's a good reason for that (at least for PC).
> > > 
> > > It's easier to relax the requirements later if necessary, than
> > > dealing with compatibility issues again when making the code more
> > > strict. So I suggest we make validate_smp_config_generic() also
> > > check if smp_cpus % (smp_threads * smp_cores) == 0.  
> > 
> > that would break exiting setups.  
> 
> Not if we do that only on newer machine classes.
> validate_smp_config_generic() will be used only on *-2.6 and
> newer.
> 
> 
> > 
> > Also in case of cpu hotplug this patch will break migration
> > as target QEMU might refuse starting with hotplugged CPU thread.  
> 
> This won't change older machine-types.
> 
> But I think you are right: it can break migration on pc-2.6, too.
> But: isn't migration already broken when creating other sets of
> CPUs that can't represented using -smp?
> 
> How exactly would you migrate a machine today, if you run:
> 
>   $ qemu-system-x86_64 -smp 16,sockets=2,cores=2,threads=2,maxcpus=32
>   (QMP) cpu-add id=31
that's invalid topology and should exit with error at start-up,
however it shouldn't be smp_cpus vs sockets,cores,threads check
but rather max_cpus vs sockets,cores,threads,maxcpus check.
something like this:

diff --git a/vl.c b/vl.c
index f043009..3afa0b6 100644
--- a/vl.c
+++ b/vl.c
@@ -1239,9 +1239,9 @@ static void smp_parse(QemuOpts *opts)
 }
 
 max_cpus = qemu_opt_get_number(opts, "maxcpus", cpus);
-if (sockets * cores * threads > max_cpus) {
-error_report("cpu topology: "
- "sockets (%u) * cores (%u) * threads (%u) > "
+if (sockets * cores * threads == max_cpus) {
+error_report("invalid cpu topology: "
+ "sockets (%u) * cores (%u) * threads (%u) not equal "
  "maxcpus (%u)",
  sockets, cores, threads, max_cpus);
 exit(1);

> 
> 
> > 
> > Perhaps this check should be enforced per target/machine if
> > arch requires it.  
> 
> It is. Please see the patch. It introduces a validate_smp_config
> method.
> 
> But we need your input to clarify if
> validate_smp_config_generic() is safe for pc-2.6 too.
it breaks migration as it could prevent target from starting if
there is hotplugged CPUs on source side.

Re: [Qemu-devel] [PATCH] arm: virt-acpi: each MADT.GICC entry as enabled unconditionally

2016-01-29 Thread Andrew Jones 
On Fri, Jan 29, 2016 at 10:59:32PM +0800, Shannon Zhao wrote:
> 
> 
> On 2016/1/29 22:24, Igor Mammedov wrote:
> >in current impl. condition
> >
> >build_madt() {
> >   ...
> >   if (test_bit(i, cpuinfo->found_cpus))
> >
> >is always true since loop handles only present CPUs
> >in range [0..smp_cpus).
> >But to fill usless cpuinfo->found_cpus we do unnecessary
> >scan over QOM tree to find the same CPUs.
> >So mark GICC as present always and drop not needed
> >code that fills cpuinfo->found_cpus.
> >
> >Signed-off-by: Igor Mammedov
> >---
> >It's just simple cleanup but I'm trying to generalize
> >a bit CPU related ACPI tables and as part of it get rid
> >of found_cpus bitmap and if possible cpu_index usage
> >in ACPI parts of code.
> >---
> >  hw/arm/virt-acpi-build.c | 26 +++---
> >  1 file changed, 3 insertions(+), 23 deletions(-)
> >
> >diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> >index 87fbe7c..3ed39fc 100644
> >--- a/hw/arm/virt-acpi-build.c
> >+++ b/hw/arm/virt-acpi-build.c
> >@@ -46,20 +46,6 @@
> >  #define ARM_SPI_BASE 32
> >  #define ACPI_POWER_BUTTON_DEVICE "PWRB"
> >
> >-typedef struct VirtAcpiCpuInfo {
> >-DECLARE_BITMAP(found_cpus, VIRT_ACPI_CPU_ID_LIMIT);
> >-} VirtAcpiCpuInfo;
> >-
> >-static void virt_acpi_get_cpu_info(VirtAcpiCpuInfo *cpuinfo)
> >-{
> >-CPUState *cpu;
> >-
> >-memset(cpuinfo->found_cpus, 0, sizeof cpuinfo->found_cpus);
> >-CPU_FOREACH(cpu) {
> >-set_bit(cpu->cpu_index, cpuinfo->found_cpus);
> >-}
> >-}
> >-
> >  static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
> >  {
> >  uint16_t i;
> >@@ -458,8 +444,7 @@ build_gtdt(GArray *table_data, GArray *linker)
> >
> >  /* MADT */
> >  static void
> >-build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info,
> >-   VirtAcpiCpuInfo *cpuinfo)
> >+build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
> >  {
> >  int madt_start = table_data->len;
> >  const MemMapEntry *memmap = guest_info->memmap;
> >@@ -489,9 +474,7 @@ build_madt(GArray *table_data, GArray *linker, 
> >VirtGuestInfo *guest_info,
> >  gicc->cpu_interface_number = i;
> >  gicc->arm_mpidr = armcpu->mp_affinity;
> >  gicc->uid = i;
> >-if (test_bit(i, cpuinfo->found_cpus)) {
> >-gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
> >-}
> >+gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
> >  }
> Ah, yes, it uses smp_cpus not max_cpus. But we still needs to support
> max_cpus usage even though it doesn't support vcpu hotplug currently. So we
> may need to introduce guest_info->max_cpus and use it here.

We should leave that for when the hotplug patches come, and we should
probably leave the hotplug patches until we see what Igor plans for
sharing more ACPI code between x86 and ARM.

> And below check in virt.c is not right while it should compare the global
> max_cpus with the max_cpus GIC supports.
> 
> if (smp_cpus > max_cpus) {
> error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
>  "supported by machine 'mach-virt' (%d)",
>  smp_cpus, max_cpus);
> exit(1);
> }

max_cpus is getting set to the number the gic supports just above this
check. So max_cpus == gic_supported_cpus already, and this check is just
confirming the number of cpus the user has selected is OK.

drew

Re: [Qemu-devel] [PATCH v1 2/5] configure: ensure ldflags propagated to config_host

2016-01-29 Thread Alex Bennée 

Paolo Bonzini  writes:

> On 28/01/2016 11:15, Alex Bennée wrote:
>> diff --git a/configure b/configure
>> index bd29ba7..148b79a 100755
>> --- a/configure
>> +++ b/configure
>> @@ -5871,7 +5871,7 @@ if test "$target_linux_user" = "yes" -o 
>> "$target_bsd_user" = "yes" ; then
>>ldflags="$ldflags $textseg_ldflags"
>>  fi
>>
>> -echo "LDFLAGS+=$ldflags" >> $config_target_mak
>> +echo "LDFLAGS+=$ldflags" >> $config_host_mak
>>  echo "QEMU_CFLAGS+=$cflags" >> $config_target_mak
>>
>>  done # for target in $targets
>
> Hmm wait, it's not okay.
>
> This adds the *target* LDFLAGS to config-host.mak, and adds them a
> zillion times.  extra-ldflags is already added to LDFLAGS in
> config-host.mak:
>
>   --extra-ldflags=*) LDFLAGS="$LDFLAGS $optarg"
>  EXTRA_LDFLAGS="$optarg"
>   ;;
>
> ...
>
> echo "LDFLAGS=$LDFLAGS" >> $config_host_mak
>
> So I'm totally confused as to what this patch is trying to achieve...

It seems so was I. So I was having problems with ancillary binaries
failing to link against tsan but as you point out this should work with
"-fsantiize=thread" in the ldflags which are already available to
config_host.mak

On my Gentoo (GCC 4.9) system without this I can build with:

  ./configure ${TARGETS} --extra-cflags="-fsanitize=thread -fPIE" \
--extra-ldflags="-pie -fsanitize=thread" --with-coroutine=gthread

Although I get make check failures:

GTESTER tests/check-qdict
FATAL: ThreadSanitizer can not mmap the shadow memory (something is
mapped at 0x4000 < 0x7cf0)
FATAL: Make sure to compile with -fPIE and to link with -pie.
/home/alex/lsrc/qemu/qemu.git/tests/Makefile:629: recipe for target
'check-tests/check-qdict' failed
make: *** [check-tests/check-qdict] Error 1

But I suspect this is possibly an ASLR issue.

I think this patch can be dropped altogether.

With the other patches can you build with tsan the proper way? What are
you running? I'll add it to the VMs I have to double check.

--
Alex Bennée

Re: [Qemu-devel] [PATCH v5] qom, qmp, hmp, qapi: create qom-type-prop-list for class properties

2016-01-29 Thread Eduardo Habkost 
On Fri, Jan 29, 2016 at 01:03:38PM +0300, Valentin Rakush wrote:
> Hi Eduardo, hi Daniel,
> 
> I checked most of the classes that are used for x86_64 qemu simulation with
> this command line:
> x86_64-softmmu/qemu-system-x86_64 -qmp tcp:localhost:,server,nowait
> -machine pc -cpu core2duo
> 
> Here are some of the classes that cannot provide properties with
> device_list_properties call:
> /object/machine/generic-pc-machine/pc-0.13-machine
> /object/bus/i2c-bus
> /interface/user-creatable
> /object/tls-creds/tls-creds-anon
> /object/memory-backend/memory-backend-file
> /object/qemu:memory-region
> /object/rng-backend/rng-random
> /object/tpm-backend/tpm-passthrough
> /object/tls-creds/tls-creds-x509
> /object/secret
> 
> They cannot provide properties because these classes cannot be casted to
> TYPE_DEVICE. This is done intentionally because TYPE_DEVICE has its own
> properties.

Can you clarify what you mean by "TYPE_DEVICE has its own
properties"? TYPE_DEVICE properties are registered as normal QOM
properties.

We can still add a new command that's not specific for
TYPE_DEVICE (if necessary). The point is that it shouldn't return
arbitrarily different (and incomplete) data from the existing
mechanism to list properties.

In other words, I don't see why the output of "qom-type-prop-list
" can't be as good as the output of "device-list-properties
". If we make return only class-properties, it will be less
complete and less useful.


> Also TYPE_MACHINE has own properties of type GlobalProperty.

I don't understand what you mean, here. GlobalProperties are not
machine properties, they are just property=value pairs to be
registered as global properties. They are unrelated to the
properties TYPE_MACHINE actually has.

> Here are two ways (AFAICS):
> - we refactor TYPE_DEVICE and TYPE_MACHINE so they store their properties
> in the ObjectClass properties.

Too many classes need to be converted. We would still need
something to use during the transiation.

> - we change device_list_properties so it process different classes
> differently.

Could you clarify what you mean by "process different classes
differently"?

A third option is to just use object_new(), like
qmp_device_list_properties() already does.

> 
> The disadvantage of the second approach, is that it is complicating code in
> favor of simplifying qapi interface. I like first approach with
> refactoring, although it is more complex. The first approach should put all
> properties in the base classes and then use this properties everywhere
> (command line help, qmp etc.) The simplest way the refactoring can be done,
> is by moving TYPE_DEVICE properties to ObjectClass and merging them somehow
> with TYPE_MACHINE GlobalProperty. Then we will use these properties for all
> other types of classes.
> 
> Of course, we can leave device_list_properties as it is and use
> qom-type-prop-list instead.
> 
> What do you think? Does these design options make sense for you?

We can add a new command if we don't want to change how
device-list-properties work. But first I would like to understand
the actual reasons for the new command, because we can't argue
about it if we don't know what the command output will be used
for. How exactly would callers qom-type-prop-list use that
information?

I see 3 cases where property names are used:

1) QMP QOM commands (qom-get/qom-set):

These properties are available using qom-list, already.

2) -device/device_add options:

These properties are available in device-list-properties,
already.

3) -object/object-add options:

In this case, if you want to return complete data, you only have
two options: a) convert all TYPE_USER_CREATABLE classes to use
class-properties; or b) use the same approach used by
qmp_device_list_properties() (object_new() followed by
enumeration of properteis).

4) -machine options:

This is similar to -object: the list will be incomplete unless
all machine subclasses are converted to use only
class-properties, or the new command uses object_new().

5) -cpu options:

Ditto. the list will be incomplete unless all CPU subclasses are
converted to use only class-properties, or the new command uses
object_new().


That doesn't mean we don't want to convert other classes to use
class-properties later to simplify internal QEMU code. But if you
want to propose a new QMP command, let's make one that returns
useful data for real use cases.

I am not sure the list above is complete, so I would like to
understand how exactly the data you want to return will be used.
So for each of the classes you mentioned, I would like to know:

> /object/machine/generic-pc-machine/pc-0.13-machine

What exactly do you think the caller use the output of
"qom-type-prop-list pc-0.13-machine" for? How exactly? Would it
use them in the QEMU command-line? In other QMP commands? Which
ones?

> /object/bus/i2c-bus

Ditto, what exactly do you tink the caller would do with the
output of "qom-type-prop-list i2c-bus"?

>

[Qemu-devel] [PATCH v9 07/16] block: Remove BDS close notifier

2016-01-29 Thread Max Reitz 
It is unused now, so we can remove it.

Signed-off-by: Max Reitz 
Reviewed-by: Fam Zheng 
Reviewed-by: Kevin Wolf 
---
 block.c| 8 
 block/block-backend.c  | 7 ---
 include/block/block.h  | 1 -
 include/block/block_int.h  | 2 --
 include/sysemu/block-backend.h | 1 -
 5 files changed, 19 deletions(-)

diff --git a/block.c b/block.c
index 41ab00e..f4312d9 100644
--- a/block.c
+++ b/block.c
@@ -259,7 +259,6 @@ BlockDriverState *bdrv_new(void)
 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
 QLIST_INIT(>op_blockers[i]);
 }
-notifier_list_init(>close_notifiers);
 notifier_with_return_list_init(>before_write_notifiers);
 qemu_co_queue_init(>throttled_reqs[0]);
 qemu_co_queue_init(>throttled_reqs[1]);
@@ -269,11 +268,6 @@ BlockDriverState *bdrv_new(void)
 return bs;
 }
 
-void bdrv_add_close_notifier(BlockDriverState *bs, Notifier *notify)
-{
-notifier_list_add(>close_notifiers, notify);
-}
-
 BlockDriver *bdrv_find_format(const char *format_name)
 {
 BlockDriver *drv1;
@@ -2157,8 +2151,6 @@ void bdrv_close(BlockDriverState *bs)
 bdrv_flush(bs);
 bdrv_drain(bs); /* in case flush left pending I/O */
 
-notifier_list_notify(>close_notifiers, bs);
-
 bdrv_release_named_dirty_bitmaps(bs);
 assert(QLIST_EMPTY(>dirty_bitmaps));
 
diff --git a/block/block-backend.c b/block/block-backend.c
index 1872191..621787c 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -1146,13 +1146,6 @@ void blk_add_insert_bs_notifier(BlockBackend *blk, 
Notifier *notify)
 notifier_list_add(>insert_bs_notifiers, notify);
 }
 
-void blk_add_close_notifier(BlockBackend *blk, Notifier *notify)
-{
-if (blk->bs) {
-bdrv_add_close_notifier(blk->bs, notify);
-}
-}
-
 void blk_io_plug(BlockBackend *blk)
 {
 if (blk->bs) {
diff --git a/include/block/block.h b/include/block/block.h
index ee845a9..cfb86e7 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -227,7 +227,6 @@ int bdrv_reopen_prepare(BDRVReopenState *reopen_state,
 void bdrv_reopen_commit(BDRVReopenState *reopen_state);
 void bdrv_reopen_abort(BDRVReopenState *reopen_state);
 void bdrv_close(BlockDriverState *bs);
-void bdrv_add_close_notifier(BlockDriverState *bs, Notifier *notify);
 int bdrv_read(BlockDriverState *bs, int64_t sector_num,
   uint8_t *buf, int nb_sectors);
 int bdrv_read_unthrottled(BlockDriverState *bs, int64_t sector_num,
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 5f1f433..2db8c79 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -404,8 +404,6 @@ struct BlockDriverState {
 BdrvChild *backing;
 BdrvChild *file;
 
-NotifierList close_notifiers;
-
 /* Callback before write request is processed */
 NotifierWithReturnList before_write_notifiers;
 
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index e12be67..ae4efb4 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -166,7 +166,6 @@ void blk_remove_aio_context_notifier(BlockBackend *blk,
  void *opaque);
 void blk_add_remove_bs_notifier(BlockBackend *blk, Notifier *notify);
 void blk_add_insert_bs_notifier(BlockBackend *blk, Notifier *notify);
-void blk_add_close_notifier(BlockBackend *blk, Notifier *notify);
 void blk_io_plug(BlockBackend *blk);
 void blk_io_unplug(BlockBackend *blk);
 BlockAcctStats *blk_get_stats(BlockBackend *blk);
-- 
2.7.0

[Qemu-devel] [PATCH v9 02/16] iotests: Add test for eject under NBD server

2016-01-29 Thread Max Reitz 
This patch adds a test for ejecting the BlockBackend an NBD server is
connected to (the NBD server is supposed to stop).

Signed-off-by: Max Reitz 
Reviewed-by: Fam Zheng 
Reviewed-by: Kevin Wolf 
---
 tests/qemu-iotests/140 | 92 ++
 tests/qemu-iotests/140.out | 16 
 tests/qemu-iotests/group   |  1 +
 3 files changed, 109 insertions(+)
 create mode 100755 tests/qemu-iotests/140
 create mode 100644 tests/qemu-iotests/140.out

diff --git a/tests/qemu-iotests/140 b/tests/qemu-iotests/140
new file mode 100755
index 000..f78c317
--- /dev/null
+++ b/tests/qemu-iotests/140
@@ -0,0 +1,92 @@
+#!/bin/bash
+#
+# Test case for ejecting a BB with an NBD server attached to it
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mre...@redhat.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+_cleanup_test_img
+rm -f "$TEST_DIR/nbd"
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.qemu
+
+_supported_fmt generic
+_supported_proto file
+_supported_os Linux
+
+_make_test_img 64k
+
+$QEMU_IO -c 'write -P 42 0 64k' "$TEST_IMG" | _filter_qemu_io
+
+keep_stderr=y \
+_launch_qemu -drive if=ide,media=cdrom,id=drv,file="$TEST_IMG",format=$IMGFMT \
+2> >(_filter_nbd)
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'qmp_capabilities' }" \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'nbd-server-start',
+   'arguments': { 'addr': { 'type': 'unix',
+'data': { 'path': '$TEST_DIR/nbd' " \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'nbd-server-add',
+   'arguments': { 'device': 'drv' }}" \
+'return'
+
+$QEMU_IO_PROG -f raw -c 'read -P 42 0 64k' \
+"nbd+unix:///drv?socket=$TEST_DIR/nbd" 2>&1 \
+| _filter_qemu_io | _filter_nbd
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'eject',
+   'arguments': { 'device': 'drv' }}" \
+'return'
+
+$QEMU_IO_PROG -f raw -c close \
+"nbd+unix:///drv?socket=$TEST_DIR/nbd" 2>&1 \
+| _filter_qemu_io | _filter_nbd
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'quit' }" \
+'return'
+
+wait=1 _cleanup_qemu
+
+# success, all done
+echo '*** done'
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/140.out b/tests/qemu-iotests/140.out
new file mode 100644
index 000..fdedeb3
--- /dev/null
+++ b/tests/qemu-iotests/140.out
@@ -0,0 +1,16 @@
+QA output created by 140
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=65536
+wrote 65536/65536 bytes at offset 0
+64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+{"return": {}}
+{"return": {}}
+{"return": {}}
+read 65536/65536 bytes at offset 0
+64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"DEVICE_TRAY_MOVED", "data": {"device": "drv", "tray-open": true}}
+{"return": {}}
+can't open device nbd+unix:///drv?socket=TEST_DIR/nbd: Failed to read export 
length
+no file open, try 'help open'
+{"return": {}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"SHUTDOWN"}
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index ac6a959..ff1ff0d 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -141,5 +141,6 @@
 137 rw auto
 138 rw auto quick
 139 rw auto quick
+140 rw auto quick
 142 auto
 143 auto quick
-- 
2.7.0

[Qemu-devel] [PATCH v9 03/16] block: Add BB-BDS remove/insert notifiers

2016-01-29 Thread Max Reitz 
bdrv_close() no longer signifies ejection of a medium, this is now done
by removing the BDS from the BB. Therefore, we want to have a notifier
for that in the BB instead of a close notifier in the BDS. The former is
added now, the latter is removed later.

Symmetrically, another notifier list is added that is invoked whenever a
BDS is inserted. We will need that for virtio-blk and virtio-scsi, which
can then remove their op blockers on BDS ejection and set them up on
insertion.

Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
Reviewed-by: Fam Zheng 
---
 block/block-backend.c  | 20 
 include/sysemu/block-backend.h |  2 ++
 2 files changed, 22 insertions(+)

diff --git a/block/block-backend.c b/block/block-backend.c
index a4208f1..1872191 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -49,6 +49,8 @@ struct BlockBackend {
 BlockdevOnError on_read_error, on_write_error;
 bool iostatus_enabled;
 BlockDeviceIoStatus iostatus;
+
+NotifierList remove_bs_notifiers, insert_bs_notifiers;
 };
 
 typedef struct BlockBackendAIOCB {
@@ -99,6 +101,8 @@ BlockBackend *blk_new(const char *name, Error **errp)
 blk = g_new0(BlockBackend, 1);
 blk->name = g_strdup(name);
 blk->refcnt = 1;
+notifier_list_init(>remove_bs_notifiers);
+notifier_list_init(>insert_bs_notifiers);
 QTAILQ_INSERT_TAIL(_backends, blk, link);
 return blk;
 }
@@ -167,6 +171,8 @@ static void blk_delete(BlockBackend *blk)
 bdrv_unref(blk->bs);
 blk->bs = NULL;
 }
+assert(QLIST_EMPTY(>remove_bs_notifiers.notifiers));
+assert(QLIST_EMPTY(>insert_bs_notifiers.notifiers));
 if (blk->root_state.throttle_state) {
 g_free(blk->root_state.throttle_group);
 throttle_group_unref(blk->root_state.throttle_state);
@@ -345,6 +351,8 @@ void blk_hide_on_behalf_of_hmp_drive_del(BlockBackend *blk)
  */
 void blk_remove_bs(BlockBackend *blk)
 {
+notifier_list_notify(>remove_bs_notifiers, blk);
+
 blk_update_root_state(blk);
 
 blk->bs->blk = NULL;
@@ -361,6 +369,8 @@ void blk_insert_bs(BlockBackend *blk, BlockDriverState *bs)
 bdrv_ref(bs);
 blk->bs = bs;
 bs->blk = blk;
+
+notifier_list_notify(>insert_bs_notifiers, blk);
 }
 
 /*
@@ -1126,6 +1136,16 @@ void blk_remove_aio_context_notifier(BlockBackend *blk,
 }
 }
 
+void blk_add_remove_bs_notifier(BlockBackend *blk, Notifier *notify)
+{
+notifier_list_add(>remove_bs_notifiers, notify);
+}
+
+void blk_add_insert_bs_notifier(BlockBackend *blk, Notifier *notify)
+{
+notifier_list_add(>insert_bs_notifiers, notify);
+}
+
 void blk_add_close_notifier(BlockBackend *blk, Notifier *notify)
 {
 if (blk->bs) {
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 1568554..e12be67 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -164,6 +164,8 @@ void blk_remove_aio_context_notifier(BlockBackend *blk,
   void *),
  void (*detach_aio_context)(void *),
  void *opaque);
+void blk_add_remove_bs_notifier(BlockBackend *blk, Notifier *notify);
+void blk_add_insert_bs_notifier(BlockBackend *blk, Notifier *notify);
 void blk_add_close_notifier(BlockBackend *blk, Notifier *notify);
 void blk_io_plug(BlockBackend *blk);
 void blk_io_unplug(BlockBackend *blk);
-- 
2.7.0

[Qemu-devel] [PATCH v9 13/16] block: Add blk_remove_all_bs()

2016-01-29 Thread Max Reitz 
When bdrv_close_all() is called, instead of force-closing all root
BlockDriverStates, it is better to just drop the reference from all
BlockBackends and let them be closed automatically. This prevents BDS
from getting closed that are still referenced by other BDS, which may
result in loss of cached data.

This patch adds a function for doing that, but does not yet incorporate
it in bdrv_close_all().

Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
---
 block/block-backend.c  | 15 +++
 include/sysemu/block-backend.h |  1 +
 2 files changed, 16 insertions(+)

diff --git a/block/block-backend.c b/block/block-backend.c
index 7f5ad59..ebdf78a 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -223,6 +223,21 @@ void blk_unref(BlockBackend *blk)
 }
 }
 
+void blk_remove_all_bs(void)
+{
+BlockBackend *blk;
+
+QTAILQ_FOREACH(blk, _backends, link) {
+AioContext *ctx = blk_get_aio_context(blk);
+
+aio_context_acquire(ctx);
+if (blk->bs) {
+blk_remove_bs(blk);
+}
+aio_context_release(ctx);
+}
+}
+
 /*
  * Return the BlockBackend after @blk.
  * If @blk is null, return the first one.
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index ae4efb4..ec30331 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -68,6 +68,7 @@ BlockBackend *blk_new_open(const char *name, const char 
*filename,
 int blk_get_refcnt(BlockBackend *blk);
 void blk_ref(BlockBackend *blk);
 void blk_unref(BlockBackend *blk);
+void blk_remove_all_bs(void);
 const char *blk_name(BlockBackend *blk);
 BlockBackend *blk_by_name(const char *name);
 BlockBackend *blk_next(BlockBackend *blk);
-- 
2.7.0

Re: [Qemu-devel] [PATCH 6/8] ivshmem: generalize ivshmem_setup_interrupts

2016-01-29 Thread Markus Armbruster 
marcandre.lur...@redhat.com writes:

> From: Marc-André Lureau 
>
> Call ivshmem_setup_interrupts() with or without MSI, always allocate
> msi_vectors that is going to be used in all case in the following patch.
>
> Signed-off-by: Marc-André Lureau 
> ---
>  hw/misc/ivshmem.c | 27 +--
>  1 file changed, 17 insertions(+), 10 deletions(-)
>
> diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
> index dcfc8cc..11780b1 100644
> --- a/hw/misc/ivshmem.c
> +++ b/hw/misc/ivshmem.c
> @@ -768,19 +768,28 @@ static void ivshmem_reset(DeviceState *d)
>  ivshmem_use_msix(s);
>  }
>  
> -static int ivshmem_setup_msi(IVShmemState * s)
> +static int ivshmem_setup_interrupts(IVShmemState *s, Error **errp)
>  {
> -if (msix_init_exclusive_bar(PCI_DEVICE(s), s->vectors, 1)) {
> -return -1;
> +/* allocate QEMU callback data for receiving interrupts */
> +s->msi_vectors = g_malloc0(s->vectors * sizeof(MSIVector));
> +if (!s->msi_vectors) {

Happens exactly when s->vectors is zero.  Is that a legitimate
configuration?

> +goto fail;
>  }
>  
> -IVSHMEM_DPRINTF("msix initialized (%d vectors)\n", s->vectors);
> +if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
> +if (msix_init_exclusive_bar(PCI_DEVICE(s), s->vectors, 1)) {
> +goto fail;
> +}
>  
> -/* allocate QEMU char devices for receiving interrupts */
> -s->msi_vectors = g_malloc0(s->vectors * sizeof(MSIVector));
> +IVSHMEM_DPRINTF("msix initialized (%d vectors)\n", s->vectors);
> +ivshmem_use_msix(s);
> +}
>  
> -ivshmem_use_msix(s);
>  return 0;
> +
> +fail:
> +error_setg(errp, "failed to initialize interrupts");
> +return -1;
>  }

Recommend not to move the error_setg().  Keeps this function simpler, at
no cost.

>  
>  static void ivshmem_enable_irqfd(IVShmemState *s)
> @@ -946,9 +955,7 @@ static void pci_ivshmem_realize(PCIDevice *dev, Error 
> **errp)
>  IVSHMEM_DPRINTF("using shared memory server (socket = %s)\n",
>  s->server_chr->filename);
>  
> -if (ivshmem_has_feature(s, IVSHMEM_MSI) &&
> -ivshmem_setup_msi(s)) {
> -error_setg(errp, "msix initialization failed");
> +if (ivshmem_setup_interrupts(s, errp) < 0) {
>  return;
>  }

Yup, the only change is we now allocate s->msi_vectors whether we have
IVSHMEM_MSI or not.

Re: [Qemu-devel] [PATCH 7/8] ivshmem: use a single eventfd callback, get rid of CharDriver

2016-01-29 Thread Markus Armbruster 
marcandre.lur...@redhat.com writes:

> From: Marc-André Lureau 
>
> Simplify the interrupt handling by having a single callback on irq
> cases. Remove usage of CharDriver, replace it with
> qemu_set_fd_handler(). Use event_notifier_test_and_clear() to read the
> eventfd.
>
> Signed-off-by: Marc-André Lureau 
> ---
>  hw/misc/ivshmem.c | 55 
> ++-
>  1 file changed, 18 insertions(+), 37 deletions(-)
>
> diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
> index 11780b1..9eb8a81 100644
> --- a/hw/misc/ivshmem.c
> +++ b/hw/misc/ivshmem.c
> @@ -263,15 +263,6 @@ static const MemoryRegionOps ivshmem_mmio_ops = {
>  },
>  };
>  
> -static void ivshmem_receive(void *opaque, const uint8_t *buf, int size)
> -{
> -IVShmemState *s = opaque;
> -
> -IVSHMEM_DPRINTF("ivshmem_receive 0x%02x size: %d\n", *buf, size);
> -
> -ivshmem_IntrStatus_write(s, *buf);

Before your patch, we write the first byte received to s->intrstatus.
This is odd; ivshmem_device_spec.txt says "The status register is set to
1 when an interrupt occurs."

> -}
> -
>  static int ivshmem_can_receive(void * opaque)
>  {
>  return sizeof(int64_t);
> @@ -282,15 +273,24 @@ static void ivshmem_event(void *opaque, int event)
>  IVSHMEM_DPRINTF("ivshmem_event %d\n", event);
>  }
>  
> -static void fake_irqfd(void *opaque, const uint8_t *buf, int size) {
> -
> +static void ivshmem_vector_notify(void *opaque)
> +{
>  MSIVector *entry = opaque;
>  PCIDevice *pdev = entry->pdev;
>  IVShmemState *s = IVSHMEM(pdev);
>  int vector = entry - s->msi_vectors;
> +EventNotifier *n = >peers[s->vm_id].eventfds[vector];
> +
> +if (!event_notifier_test_and_clear(n)) {
> +return;
> +}
>  
>  IVSHMEM_DPRINTF("interrupt on vector %p %d\n", pdev, vector);
> -msix_notify(pdev, vector);
> +if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
> +msix_notify(pdev, vector);
> +} else {
> +ivshmem_IntrStatus_write(s, 1);

After the patch, we write 1 to s->intrstatus.  May well be an
improvement, or even a bug fix, but it needs to be explained in the
commit message.

> +}
>  }
>  
>  static int ivshmem_vector_unmask(PCIDevice *dev, unsigned vector,
> @@ -350,35 +350,16 @@ static void ivshmem_vector_poll(PCIDevice *dev,
>  }
>  }
>  
> -static CharDriverState* create_eventfd_chr_device(IVShmemState *s,
> -  EventNotifier *n,
> -  int vector)
> +static void watch_vector_notifier(IVShmemState *s, EventNotifier *n,
> + int vector)
>  {
> -/* create a event character device based on the passed eventfd */
>  int eventfd = event_notifier_get_fd(n);
> -CharDriverState *chr;
> -
> -chr = qemu_chr_open_eventfd(eventfd);
> -
> -if (chr == NULL) {
> -error_report("creating chardriver for eventfd %d failed", eventfd);
> -return NULL;
> -}
> -qemu_chr_fe_claim_no_fail(chr);
>  
>  /* if MSI is supported we need multiple interrupts */
> -if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
> -s->msi_vectors[vector].pdev = PCI_DEVICE(s);
> -
> -qemu_chr_add_handlers(chr, ivshmem_can_receive, fake_irqfd,
> -  ivshmem_event, >msi_vectors[vector]);
> -} else {
> -qemu_chr_add_handlers(chr, ivshmem_can_receive, ivshmem_receive,
> -  ivshmem_event, s);
> -}
> -
> -return chr;
> +s->msi_vectors[vector].pdev = PCI_DEVICE(s);
>  
> +qemu_set_fd_handler(eventfd, ivshmem_vector_notify,
> +NULL, >msi_vectors[vector]);
>  }
>  
>  static int check_shm_size(IVShmemState *s, int fd, Error **errp)
> @@ -587,7 +568,7 @@ static void setup_interrupt(IVShmemState *s, int vector)
>  
>  if (!with_irqfd) {
>  IVSHMEM_DPRINTF("with eventfd");
> -s->eventfd_chr[vector] = create_eventfd_chr_device(s, n, vector);
> +watch_vector_notifier(s, n, vector);
>  } else if (msix_enabled(pdev)) {
>  IVSHMEM_DPRINTF("with irqfd");
>  if (ivshmem_add_kvm_msi_virq(s, vector) < 0) {

I like the looks of it, not least because it enables removal of
qemu_chr_open_eventfd() in the next patch.  But I recommend to get an
R-by from someone who actually understands this chardev stuff.  Paolo,
perhaps?

Re: [Qemu-devel] [PATCH] arm: virt-acpi: each MADT.GICC entry as enabled unconditionally

2016-01-29 Thread Igor Mammedov 
On Fri, 29 Jan 2016 22:59:32 +0800
Shannon Zhao  wrote:

> On 2016/1/29 22:24, Igor Mammedov wrote:
> > in current impl. condition
> >
> > build_madt() {
> >...
> >if (test_bit(i, cpuinfo->found_cpus))
> >
> > is always true since loop handles only present CPUs
> > in range [0..smp_cpus).
> > But to fill usless cpuinfo->found_cpus we do unnecessary
> > scan over QOM tree to find the same CPUs.
> > So mark GICC as present always and drop not needed
> > code that fills cpuinfo->found_cpus.
> >
> > Signed-off-by: Igor Mammedov
> > ---
> > It's just simple cleanup but I'm trying to generalize
> > a bit CPU related ACPI tables and as part of it get rid
> > of found_cpus bitmap and if possible cpu_index usage
> > in ACPI parts of code.
> > ---
> >   hw/arm/virt-acpi-build.c | 26 +++---
> >   1 file changed, 3 insertions(+), 23 deletions(-)
> >
> > diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> > index 87fbe7c..3ed39fc 100644
> > --- a/hw/arm/virt-acpi-build.c
> > +++ b/hw/arm/virt-acpi-build.c
> > @@ -46,20 +46,6 @@
> >   #define ARM_SPI_BASE 32
> >   #define ACPI_POWER_BUTTON_DEVICE "PWRB"
> >
> > -typedef struct VirtAcpiCpuInfo {
> > -DECLARE_BITMAP(found_cpus, VIRT_ACPI_CPU_ID_LIMIT);
> > -} VirtAcpiCpuInfo;
> > -
> > -static void virt_acpi_get_cpu_info(VirtAcpiCpuInfo *cpuinfo)
> > -{
> > -CPUState *cpu;
> > -
> > -memset(cpuinfo->found_cpus, 0, sizeof cpuinfo->found_cpus);
> > -CPU_FOREACH(cpu) {
> > -set_bit(cpu->cpu_index, cpuinfo->found_cpus);
> > -}
> > -}
> > -
> >   static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
> >   {
> >   uint16_t i;
> > @@ -458,8 +444,7 @@ build_gtdt(GArray *table_data, GArray *linker)
> >
> >   /* MADT */
> >   static void
> > -build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info,
> > -   VirtAcpiCpuInfo *cpuinfo)
> > +build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
> >   {
> >   int madt_start = table_data->len;
> >   const MemMapEntry *memmap = guest_info->memmap;
> > @@ -489,9 +474,7 @@ build_madt(GArray *table_data, GArray *linker, 
> > VirtGuestInfo *guest_info,
> >   gicc->cpu_interface_number = i;
> >   gicc->arm_mpidr = armcpu->mp_affinity;
> >   gicc->uid = i;
> > -if (test_bit(i, cpuinfo->found_cpus)) {
> > -gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
> > -}
> > +gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
> >   }  
> Ah, yes, it uses smp_cpus not max_cpus. But we still needs to support 
> max_cpus usage even though it doesn't support vcpu hotplug currently. So
> we may need to introduce guest_info->max_cpus and use it here.

We should support max_cpus but only when hotplug is supported.
Problem with hotplug is that currently it's assumed that
cpu_index is in range [0..max_cpus) and that works for now but
with a large number of CPUs that won't scale, that's a problem
we are facing now in x86.
I'm trying to re-factor CPU related ACPI parts to use CPU id
used in hardware (APIC ID for x86) and while it make it reusable
for ARM as well where as such ID we could use 'mpidr'.

So this clean up beside of removing not needed code also
reduces ACPI dependency on cpu_index.

> And below check in virt.c is not right while it should compare the 
> global max_cpus with the max_cpus GIC supports.
> 
>  if (smp_cpus > max_cpus) {
>  error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
>   "supported by machine 'mach-virt' (%d)",
>   smp_cpus, max_cpus);
>  exit(1);
>  }
> 
> Thanks,

Re: [Qemu-devel] [PATCH v4] Add optionrom compatible with fw_cfg DMA version

2016-01-29 Thread Stefan Hajnoczi 
On Fri, Jan 29, 2016 at 12:12:24PM +0100, Marc Marí wrote:
> This optionrom is based on linuxboot.S.
> 
> Added changes proposed by Gerd Hoffman, Stefan Hajnoczi and Kevin O'Connor.
> 
> All optionroms are now compiled in 32 bits. This also forces to not use any
> standard C header because this would need cross-compiling support check and a
> big modification on the configuration script.
> 
> Signed-off-by: Marc Marí 
> ---
>  .gitignore|   4 +
>  hw/i386/pc.c  |   9 +-
>  hw/nvram/fw_cfg.c |   2 +-
>  include/hw/nvram/fw_cfg.h |   1 +
>  pc-bios/optionrom/Makefile|   7 +-
>  pc-bios/optionrom/linuxboot_dma.c | 288 
> ++
>  6 files changed, 306 insertions(+), 5 deletions(-)
>  create mode 100644 pc-bios/optionrom/linuxboot_dma.c

Please include a changelog when sending new revisions of a patch.
Thanks!

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v9 09/16] blockdev: Use blk_remove_bs() in do_drive_del()

2016-01-29 Thread Max Reitz 
Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
Reviewed-by: Fam Zheng 
---
 blockdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blockdev.c b/blockdev.c
index 1044a6a..09d4621 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2792,7 +2792,7 @@ void hmp_drive_del(Monitor *mon, const QDict *qdict)
 return;
 }
 
-bdrv_close(bs);
+blk_remove_bs(blk);
 }
 
 /* if we have a device attached to this BlockDriverState
-- 
2.7.0

[Qemu-devel] [PATCH v9 05/16] virtio-scsi: Catch BDS-BB removal/insertion

2016-01-29 Thread Max Reitz 
Make use of the BDS-BB removal and insertion notifiers to remove or set
up, respectively, virtio-scsi's op blockers.

Signed-off-by: Max Reitz 
---
 hw/scsi/virtio-scsi.c   | 55 +
 include/hw/virtio/virtio-scsi.h | 10 
 2 files changed, 65 insertions(+)

diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index 607593c..de2655b 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -757,6 +757,22 @@ static void virtio_scsi_change(SCSIBus *bus, SCSIDevice 
*dev, SCSISense sense)
 }
 }
 
+static void virtio_scsi_blk_insert_notifier(Notifier *n, void *data)
+{
+VirtIOSCSIBlkChangeNotifier *cn = DO_UPCAST(VirtIOSCSIBlkChangeNotifier,
+n, n);
+assert(cn->sd->conf.blk == data);
+blk_op_block_all(cn->sd->conf.blk, cn->s->blocker);
+}
+
+static void virtio_scsi_blk_remove_notifier(Notifier *n, void *data)
+{
+VirtIOSCSIBlkChangeNotifier *cn = DO_UPCAST(VirtIOSCSIBlkChangeNotifier,
+n, n);
+assert(cn->sd->conf.blk == data);
+blk_op_unblock_all(cn->sd->conf.blk, cn->s->blocker);
+}
+
 static void virtio_scsi_hotplug(HotplugHandler *hotplug_dev, DeviceState *dev,
 Error **errp)
 {
@@ -765,6 +781,8 @@ static void virtio_scsi_hotplug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 SCSIDevice *sd = SCSI_DEVICE(dev);
 
 if (s->ctx && !s->dataplane_disabled) {
+VirtIOSCSIBlkChangeNotifier *insert_notifier, *remove_notifier;
+
 if (blk_op_is_blocked(sd->conf.blk, BLOCK_OP_TYPE_DATAPLANE, errp)) {
 return;
 }
@@ -772,6 +790,20 @@ static void virtio_scsi_hotplug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 aio_context_acquire(s->ctx);
 blk_set_aio_context(sd->conf.blk, s->ctx);
 aio_context_release(s->ctx);
+
+insert_notifier = g_new0(VirtIOSCSIBlkChangeNotifier, 1);
+insert_notifier->n.notify = virtio_scsi_blk_insert_notifier;
+insert_notifier->s = s;
+insert_notifier->sd = sd;
+blk_add_insert_bs_notifier(sd->conf.blk, _notifier->n);
+QTAILQ_INSERT_TAIL(>insert_notifiers, insert_notifier, next);
+
+remove_notifier = g_new0(VirtIOSCSIBlkChangeNotifier, 1);
+remove_notifier->n.notify = virtio_scsi_blk_remove_notifier;
+remove_notifier->s = s;
+remove_notifier->sd = sd;
+blk_add_remove_bs_notifier(sd->conf.blk, _notifier->n);
+QTAILQ_INSERT_TAIL(>remove_notifiers, remove_notifier, next);
 }
 
 if (virtio_vdev_has_feature(vdev, VIRTIO_SCSI_F_HOTPLUG)) {
@@ -787,6 +819,7 @@ static void virtio_scsi_hotunplug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 VirtIODevice *vdev = VIRTIO_DEVICE(hotplug_dev);
 VirtIOSCSI *s = VIRTIO_SCSI(vdev);
 SCSIDevice *sd = SCSI_DEVICE(dev);
+VirtIOSCSIBlkChangeNotifier *insert_notifier, *remove_notifier;
 
 if (virtio_vdev_has_feature(vdev, VIRTIO_SCSI_F_HOTPLUG)) {
 virtio_scsi_push_event(s, sd,
@@ -797,6 +830,25 @@ static void virtio_scsi_hotunplug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 if (s->ctx) {
 blk_op_unblock_all(sd->conf.blk, s->blocker);
 }
+
+QTAILQ_FOREACH(insert_notifier, >insert_notifiers, next) {
+if (insert_notifier->sd == sd) {
+notifier_remove(_notifier->n);
+QTAILQ_REMOVE(>insert_notifiers, insert_notifier, next);
+g_free(insert_notifier);
+break;
+}
+}
+
+QTAILQ_FOREACH(remove_notifier, >remove_notifiers, next) {
+if (remove_notifier->sd == sd) {
+notifier_remove(_notifier->n);
+QTAILQ_REMOVE(>remove_notifiers, remove_notifier, next);
+g_free(remove_notifier);
+break;
+}
+}
+
 qdev_simple_device_unplug_cb(hotplug_dev, dev, errp);
 }
 
@@ -911,6 +963,9 @@ static void virtio_scsi_device_realize(DeviceState *dev, 
Error **errp)
 add_migration_state_change_notifier(>migration_state_notifier);
 
 error_setg(>blocker, "block device is in use by data plane");
+
+QTAILQ_INIT(>insert_notifiers);
+QTAILQ_INIT(>remove_notifiers);
 }
 
 static void virtio_scsi_instance_init(Object *obj)
diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h
index 088fe9f..0394eb2 100644
--- a/include/hw/virtio/virtio-scsi.h
+++ b/include/hw/virtio/virtio-scsi.h
@@ -76,6 +76,13 @@ typedef struct VirtIOSCSICommon {
 VirtQueue **cmd_vqs;
 } VirtIOSCSICommon;
 
+typedef struct VirtIOSCSIBlkChangeNotifier {
+Notifier n;
+struct VirtIOSCSI *s;
+SCSIDevice *sd;
+QTAILQ_ENTRY(VirtIOSCSIBlkChangeNotifier) next;
+} VirtIOSCSIBlkChangeNotifier;
+
 typedef struct VirtIOSCSI {
 VirtIOSCSICommon parent_obj;
 
@@ -86,6 +93,9 @@ typedef struct VirtIOSCSI {
 /* Fields for dataplane below */
 AioContext *ctx; /* one iothread per

[Qemu-devel] [PATCH v9 16/16] iotests: Add test for block jobs and BDS ejection

2016-01-29 Thread Max Reitz 
Suggested-by: Paolo Bonzini 
Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
---
 tests/qemu-iotests/141 | 186 +
 tests/qemu-iotests/141.out |  59 ++
 tests/qemu-iotests/group   |   1 +
 3 files changed, 246 insertions(+)
 create mode 100755 tests/qemu-iotests/141
 create mode 100644 tests/qemu-iotests/141.out

diff --git a/tests/qemu-iotests/141 b/tests/qemu-iotests/141
new file mode 100755
index 000..f7c28b4
--- /dev/null
+++ b/tests/qemu-iotests/141
@@ -0,0 +1,186 @@
+#!/bin/bash
+#
+# Test case for ejecting BDSs with block jobs still running on them
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mre...@redhat.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+_cleanup_test_img
+rm -f "$TEST_DIR/{b,m,o}.$IMGFMT"
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.qemu
+
+# Needs backing file and backing format support
+_supported_fmt qcow2 qed
+_supported_proto file
+_supported_os Linux
+
+
+test_blockjob()
+{
+_send_qemu_cmd $QEMU_HANDLE \
+"{'execute': 'blockdev-add',
+  'arguments': {
+  'options': {
+  'id': 'drv0',
+  'driver': '$IMGFMT',
+  'file': {
+  'driver': 'file',
+  'filename': '$TEST_IMG'
+  " \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"$1" \
+"$2" \
+| _filter_img_create
+
+# We want this to return an error because the block job is still running
+_send_qemu_cmd $QEMU_HANDLE \
+"{'execute': 'x-blockdev-remove-medium',
+  'arguments': {'device': 'drv0'}}" \
+'error'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{'execute': 'block-job-cancel',
+  'arguments': {'device': 'drv0'}}" \
+"$3"
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{'execute': 'x-blockdev-del',
+  'arguments': {'id': 'drv0'}}" \
+'return'
+}
+
+
+TEST_IMG="$TEST_DIR/b.$IMGFMT" _make_test_img 1M
+TEST_IMG="$TEST_DIR/m.$IMGFMT" _make_test_img -b "$TEST_DIR/b.$IMGFMT" 1M
+_make_test_img -b "$TEST_DIR/m.$IMGFMT" 1M
+
+_launch_qemu -nodefaults
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{'execute': 'qmp_capabilities'}" \
+'return'
+
+echo
+echo '=== Testing drive-backup ==='
+echo
+
+# drive-backup will not send BLOCK_JOB_READY by itself, and cancelling the job
+# will consequently result in BLOCK_JOB_CANCELLED being emitted.
+
+test_blockjob \
+"{'execute': 'drive-backup',
+  'arguments': {'device': 'drv0',
+'target': '$TEST_DIR/o.$IMGFMT',
+'format': '$IMGFMT',
+'sync': 'none'}}" \
+'return' \
+'BLOCK_JOB_CANCELLED'
+
+echo
+echo '=== Testing drive-mirror ==='
+echo
+
+# drive-mirror will send BLOCK_JOB_READY basically immediately, and cancelling
+# the job will consequently result in BLOCK_JOB_COMPLETED being emitted.
+
+test_blockjob \
+"{'execute': 'drive-mirror',
+  'arguments': {'device': 'drv0',
+'target': '$TEST_DIR/o.$IMGFMT',
+'format': '$IMGFMT',
+'sync': 'none'}}" \
+'BLOCK_JOB_READY' \
+'BLOCK_JOB_COMPLETED'
+
+echo
+echo '=== Testing active block-commit ==='
+echo
+
+# An active block-commit will send BLOCK_JOB_READY basically immediately, and
+# cancelling the job will consequently result in BLOCK_JOB_COMPLETED being
+# emitted.
+
+test_blockjob \
+"{'execute': 'block-commit',
+  'arguments': {'device': 'drv0'}}" \
+'BLOCK_JOB_READY' \
+'BLOCK_JOB_COMPLETED'
+
+echo
+echo '=== Testing non-active block-commit ==='
+echo
+
+# Give block-commit something to work on, otherwise it would be done
+# immediately, send a BLOCK_JOB_COMPLETED and ejecting the BDS would work just
+# fine without the block job still running.
+
+$QEMU_IO -c 'write 0 1M' "$TEST_DIR/m.$IMGFMT" | _filter_qemu_io
+
+test_blockjob \
+"{'execute': 'block-commit',
+  'arguments': {'device': 'drv0',
+'top':'$TEST_DIR/m.$IMGFMT',
+

[Qemu-devel] [PATCH v9 01/16] block: Release named dirty bitmaps in bdrv_close()

2016-01-29 Thread Max Reitz 
bdrv_delete() is not very happy about deleting BlockDriverStates with
dirty bitmaps still attached to them. In the past, we got around that
very easily by relying on bdrv_close_all() bypassing bdrv_delete(), and
bdrv_close() simply ignoring that condition. We should fix that by
releasing all named dirty bitmaps in bdrv_close() (there should not be
any unnamed bitmaps left) and moving the assertion from bdrv_delete()
there.

Signed-off-by: Max Reitz 
---
 block.c | 39 +++
 1 file changed, 31 insertions(+), 8 deletions(-)

diff --git a/block.c b/block.c
index 5709d3d..41ab00e 100644
--- a/block.c
+++ b/block.c
@@ -88,6 +88,8 @@ static int bdrv_open_inherit(BlockDriverState **pbs, const 
char *filename,
  const BdrvChildRole *child_role, Error **errp);
 
 static void bdrv_dirty_bitmap_truncate(BlockDriverState *bs);
+static void bdrv_release_named_dirty_bitmaps(BlockDriverState *bs);
+
 /* If non-zero, use only whitelisted block drivers */
 static int use_bdrv_whitelist;
 
@@ -2157,6 +2159,9 @@ void bdrv_close(BlockDriverState *bs)
 
 notifier_list_notify(>close_notifiers, bs);
 
+bdrv_release_named_dirty_bitmaps(bs);
+assert(QLIST_EMPTY(>dirty_bitmaps));
+
 if (bs->blk) {
 blk_dev_change_media_cb(bs->blk, false);
 }
@@ -2366,7 +2371,6 @@ static void bdrv_delete(BlockDriverState *bs)
 assert(!bs->job);
 assert(bdrv_op_blocker_is_empty(bs));
 assert(!bs->refcnt);
-assert(QLIST_EMPTY(>dirty_bitmaps));
 
 bdrv_close(bs);
 
@@ -3582,21 +3586,40 @@ static void bdrv_dirty_bitmap_truncate(BlockDriverState 
*bs)
 }
 }
 
-void bdrv_release_dirty_bitmap(BlockDriverState *bs, BdrvDirtyBitmap *bitmap)
+static void bdrv_do_release_matching_dirty_bitmap(BlockDriverState *bs,
+  BdrvDirtyBitmap *bitmap,
+  bool only_named)
 {
 BdrvDirtyBitmap *bm, *next;
 QLIST_FOREACH_SAFE(bm, >dirty_bitmaps, list, next) {
-if (bm == bitmap) {
+if ((!bitmap || bm == bitmap) && (!only_named || bm->name)) {
 assert(!bdrv_dirty_bitmap_frozen(bm));
-QLIST_REMOVE(bitmap, list);
-hbitmap_free(bitmap->bitmap);
-g_free(bitmap->name);
-g_free(bitmap);
-return;
+QLIST_REMOVE(bm, list);
+hbitmap_free(bm->bitmap);
+g_free(bm->name);
+g_free(bm);
+
+if (bitmap) {
+return;
+}
 }
 }
 }
 
+void bdrv_release_dirty_bitmap(BlockDriverState *bs, BdrvDirtyBitmap *bitmap)
+{
+bdrv_do_release_matching_dirty_bitmap(bs, bitmap, false);
+}
+
+/**
+ * Release all named dirty bitmaps attached to a BDS (for use in bdrv_close()).
+ * There must not be any frozen bitmaps attached.
+ */
+static void bdrv_release_named_dirty_bitmaps(BlockDriverState *bs)
+{
+bdrv_do_release_matching_dirty_bitmap(bs, NULL, true);
+}
+
 void bdrv_disable_dirty_bitmap(BdrvDirtyBitmap *bitmap)
 {
 assert(!bdrv_dirty_bitmap_frozen(bitmap));
-- 
2.7.0

Re: [Qemu-devel] [PATCH v7 12/13] qmp: Add query-ppc-cpu-cores command

2016-01-29 Thread Igor Mammedov 
On Thu, 28 Jan 2016 11:19:54 +0530
Bharata B Rao  wrote:

> Show the details of PPC CPU cores via a new QMP command.
> 
> TODO: update qmp-commands.hx with example
> 
> Signed-off-by: Bharata B Rao 
> ---
>  hw/ppc/cpu-core.c   | 77 
> +
>  qapi-schema.json| 31 +
>  qmp-commands.hx | 51 +++
>  stubs/Makefile.objs |  1 +
>  stubs/qmp_query_ppc_cpu_cores.c | 10 ++
>  5 files changed, 170 insertions(+)
>  create mode 100644 stubs/qmp_query_ppc_cpu_cores.c
> 
> diff --git a/hw/ppc/cpu-core.c b/hw/ppc/cpu-core.c
> index aa96e79..652a5aa 100644
> --- a/hw/ppc/cpu-core.c
> +++ b/hw/ppc/cpu-core.c
> @@ -9,7 +9,84 @@
>  #include "hw/ppc/cpu-core.h"
>  #include "hw/boards.h"
>  #include 
> +#include 
>  #include "qemu/error-report.h"
> +#include "qmp-commands.h"
> +
> +/*
> + * QMP: info ppc-cpu-cores
> + */
> +static int qmp_ppc_cpu_list(Object *obj, void *opaque)
> +{
> +CpuInfoList ***prev = opaque;
> +
> +if (object_dynamic_cast(obj, TYPE_POWERPC_CPU)) {
> +CpuInfoList *elem = g_new0(CpuInfoList, 1);
> +CpuInfo *s = g_new0(CpuInfo, 1);
> +CPUState *cs = CPU(obj);
> +PowerPCCPU *cpu = POWERPC_CPU(cs);
> +CPUPPCState *env = >env;
> +
> +cpu_synchronize_state(cs);
> +s->arch = CPU_INFO_ARCH_PPC;
> +s->current = (cs == first_cpu);
> +s->CPU = cs->cpu_index;
> +s->qom_path = object_get_canonical_path(obj);
> +s->halted = cs->halted;
> +s->thread_id = cs->thread_id;
> +s->u.ppc = g_new0(CpuInfoPPC, 1);
> +s->u.ppc->nip = env->nip;
> +
> +elem->value = s;
> +elem->next = NULL;
> +**prev = elem;
> +*prev = >next;
> +}
> +object_child_foreach(obj, qmp_ppc_cpu_list, opaque);
> +return 0;
> +}
> +
> +static int qmp_ppc_cpu_core_list(Object *obj, void *opaque)
> +{
> +PPCCPUCoreList ***prev = opaque;
> +
> +if (object_dynamic_cast(obj, TYPE_POWERPC_CPU_CORE)) {
> +DeviceClass *dc = DEVICE_GET_CLASS(obj);
> +DeviceState *dev = DEVICE(obj);
> +
> +if (dev->realized) {
> +PPCCPUCoreList *elem = g_new0(PPCCPUCoreList, 1);
> +PPCCPUCore *s = g_new0(PPCCPUCore, 1);
> +CpuInfoList *cpu_head = NULL;
> +CpuInfoList **cpu_prev = _head;
> +
> +if (dev->id) {
> +s->has_id = true;
> +s->id = g_strdup(dev->id);
> +}
> +s->hotplugged = dev->hotplugged;
> +s->hotpluggable = dc->hotpluggable;
> +qmp_ppc_cpu_list(obj, _prev);
> +s->threads = cpu_head;
> +elem->value = s;
> +elem->next = NULL;
> +**prev = elem;
> +*prev = >next;
> +}
> +}
> +
> +object_child_foreach(obj, qmp_ppc_cpu_core_list, opaque);
> +return 0;
> +}
> +
> +PPCCPUCoreList *qmp_query_ppc_cpu_cores(Error **errp)
> +{
> +PPCCPUCoreList *head = NULL;
> +PPCCPUCoreList **prev = 
> +
> +qmp_ppc_cpu_core_list(qdev_get_machine(), );
> +return head;
> +}
>  
>  static int ppc_cpu_core_realize_child(Object *child, void *opaque)
>  {
> diff --git a/qapi-schema.json b/qapi-schema.json
> index 8d04897..0902697 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -4083,3 +4083,34 @@
>  ##
>  { 'enum': 'ReplayMode',
>'data': [ 'none', 'record', 'play' ] }
> +
> +##
> +# @PPCCPUCore:
> +#
> +# Information about PPC CPU core devices
> +#
> +# @hotplugged: true if device was hotplugged
> +#
> +# @hotpluggable: true if device if could be added/removed while machine is 
> running
> +#
> +# Since: 2.6
> +##
> +
> +{ 'struct': 'PPCCPUCore',
> +  'data': { '*id': 'str',
> +'hotplugged': 'bool',
> +'hotpluggable': 'bool',
> +'threads' : ['CpuInfo']
> +  }
> +}
Could it be made more arch independent?
Perhaps it might make sense to replace 'threads'
with qom-path so tools could inspect it in more detail
if needed?

Also looking from cpu hotplug pov it would be nice
to have at top level
  - device type that tools could use with device_add
  - display supported least granularity from topology pov
like node,socket[,core,[thread]] 'address' parameters
  - display in CPU list also possible CPUs where only
'type' and 'address' parameters are present.

so above could look like:
{ 'struct': 'CPU',
  'data': {
'type': 'str'
'node': 'int',
'socket': 'int',
'*core' : 'int',
'*thread' : 'int',
'*id': 'str',
'*hotplugged': 'bool',
'*hotpluggable': 'bool',
'*qom-path' : 'str'
  }
}

in addition qom-path could replaced with generic {CPUCore{CPUThread,...},...},
where CPUThread is CPUInfo, I'm not sure if CPUCore could

Re: [Qemu-devel] [PATCH v1 3/5] include/qemu/atomic.h: default to __atomic functions

2016-01-29 Thread Alex Bennée 

Paolo Bonzini  writes:

> On 28/01/2016 11:15, Alex Bennée wrote:
>> +/* atomic_mb_read/set semantics map Java volatile variables. They are
>> + * less expensive on some platforms (notably POWER & ARM) than fully
>> + * sequentially consistent operations.
>> + *
>> + * As long as they are used as paired operations they are safe to
>> + * use. See docs/atomic.txt for more discussion.
>> + */
>> +
>> +#define atomic_mb_read(ptr) \
>> +({  \
>> +typeof(*ptr) _val;  \
>> + __atomic_load(ptr, &_val, __ATOMIC_RELAXED);   \
>> + smp_rmb(); \
>> +_val;   \
>> +})
>> +
>> +#define atomic_mb_set(ptr, i)  do { \
>> +typeof(*ptr) _val = (i);\
>> +smp_wmb();  \
>> +__atomic_store(ptr, &_val, __ATOMIC_RELAXED);   \
>> +smp_mb();   \
>> +} while(0)
>
> Great... I'll change this to
>
> #if defined(_ARCH_PPC)
> #define atomic_mb_read(ptr) \
> ({  \
> typeof(*ptr) _val;  \
>  __atomic_load(ptr, &_val, __ATOMIC_RELAXED);   \
>  smp_rmb(); \
> _val;   \
> })
>
> #define atomic_mb_set(ptr, i)  do { \
> typeof(*ptr) _val = (i);\
> smp_wmb();  \
> __atomic_store(ptr, &_val, __ATOMIC_RELAXED);   \
> smp_mb();   \
> } while(0)
> #else
> #define atomic_mb_read(ptr)   \
> ({\
> typeof(*ptr) _val;\
>  __atomic_load(ptr, &_val, __ATOMIC_SEQ_CST); \
> _val; \
> })
>
> #define atomic_mb_set(ptr, i)  do {   \
> typeof(*ptr) _val = (i);  \
> __atomic_store(ptr, &_val, __ATOMIC_SEQ_CST); \
> } while(0)
> #endif
>
> since this benefits x86 (which can generate mov/xchg respectively) and
> aarch64 (where atomic_mb_read/atomic_mb_set map directly to
> ldar/stlr).

The original comment mentioned both POWER and ARM so I wondering if we
should also special case for the ARMv7?

>
>> +/* Returns the eventual value, failed or not */

Yeah this comment in bogus.

>> +#define atomic_cmpxchg(ptr, old, new)   \
>> +({  \
>> +typeof(*ptr) _old = (old), _new = (new);\
>> +__atomic_compare_exchange(ptr, &_old, &_new, false, \
>> +  __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);  \
>> +_old; /* can this race if cmpxchg not used elsewhere? */\
>> +})
>
> How so?

My mistake, I was having a worry that we weren't following the old
semantics. In fact having read even more closely I understand that _old is
updated by the __atomic function if the update fails. In fact _old is a
poor name because its _expected at the start and _current in the case it
fails. In fact:

This compares the contents of *ptr with the contents of *expected. If
equal, the operation is a read-modify-write operation that writes
desired into *ptr. If they are not equal, the operation is a read and
the current contents of *ptr are written into *expected. ...

If desired is written into *ptr then true is returned and memory is
affected according to the memory order specified by success_memorder.
There are no restrictions on what memory order can be used here.

I was wondering if this was subtly different from the old
__sync_val_compare_and_swap:

The “val” version returns the contents of *ptr before the operation.

I think we are OK because if cmpxchg succeeds _old was by definition
what was already there but it is confusing and leads to funny code like
this:

if (atomic_cmpxchg([i].n, 0, 3) == 0) {
data[i].ret = -ECANCELED;
...

and

if (atomic_cmpxchg(>state, old_state, new_state) == old_state) {
   ...

Which might be easier to read if atomic_cmpxchg used the bool
semantics, i.e. return true for a successful cmpxchg.

The old code even has a atomic_bool_cmpxchg which no one seems to use. I
wonder if the correct solution is to convert atomic_cmpxchg calls to use
atomic_cmpxchg_bool calls and remove atomic_cmpxchg from atomic.h?

What do you think?

>
> Paolo


--
Alex Bennée

[Qemu-devel] [PATCH] coroutine: drop GThread coroutine backend

2016-01-29 Thread Stefan Hajnoczi 
The GThread coroutine backend was a portable coroutine implementation.
Over the years all platforms got their own optimized coroutine
implementations and nothing uses the GThread backend anymore.

In fact, ./configure mentions the GThread backend doesn't work but might
be useful for debugging.  Since GDB macros were added to ease debugging
of ucontext coroutines, there seems little point in keeping a broken
backend around.

Signed-off-by: Stefan Hajnoczi 
---
 configure|  19 ++---
 util/coroutine-gthread.c | 198 ---
 2 files changed, 5 insertions(+), 212 deletions(-)
 delete mode 100644 util/coroutine-gthread.c

diff --git a/configure b/configure
index 3506e44..789fd7d 100755
--- a/configure
+++ b/configure
@@ -1322,7 +1322,7 @@ Advanced options (experts only):
   --oss-libpath to OSS library
   --cpu=CPUBuild for host CPU [$cpu]
   --with-coroutine=BACKEND coroutine backend. Supported options:
-   gthread, ucontext, sigaltstack, windows
+   ucontext, sigaltstack, windows
   --enable-gcovenable test coverage analysis with gcov
   --gcov=GCOV  use specified gcov [$gcov_tool]
   --disable-blobs  disable installing provided firmware blobs
@@ -4314,10 +4314,8 @@ fi
 # check and set a backend for coroutine
 
 # We prefer ucontext, but it's not always possible. The fallback
-# is sigcontext. gthread is not selectable except explicitly, because
-# it is not functional enough to run QEMU proper. (It is occasionally
-# useful for debugging purposes.)  On Windows the only valid backend
-# is the Windows-specific one.
+# is sigcontext.  On Windows the only valid backend is the Windows-specific
+# one.
 
 ucontext_works=no
 if test "$darwin" != "yes"; then
@@ -4356,7 +4354,7 @@ else
   feature_not_found "ucontext"
 fi
 ;;
-  gthread|sigaltstack)
+  sigaltstack)
 if test "$mingw32" = "yes"; then
   error_exit "only the 'windows' coroutine backend is valid for Windows"
 fi
@@ -4368,14 +4366,7 @@ else
 fi
 
 if test "$coroutine_pool" = ""; then
-  if test "$coroutine" = "gthread"; then
-coroutine_pool=no
-  else
-coroutine_pool=yes
-  fi
-fi
-if test "$coroutine" = "gthread" -a "$coroutine_pool" = "yes"; then
-  error_exit "'gthread' coroutine backend does not support pool (use 
--disable-coroutine-pool)"
+  coroutine_pool=yes
 fi
 
 ##
diff --git a/util/coroutine-gthread.c b/util/coroutine-gthread.c
deleted file mode 100644
index 0bcd778..000
--- a/util/coroutine-gthread.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
- * GThread coroutine initialization code
- *
- * Copyright (C) 2006  Anthony Liguori 
- * Copyright (C) 2011  Aneesh Kumar K.V 
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.0 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see .
- */
-
-#include 
-#include "qemu-common.h"
-#include "qemu/coroutine_int.h"
-
-typedef struct {
-Coroutine base;
-GThread *thread;
-bool runnable;
-bool free_on_thread_exit;
-CoroutineAction action;
-} CoroutineGThread;
-
-static CompatGMutex coroutine_lock;
-static CompatGCond coroutine_cond;
-
-/* GLib 2.31 and beyond deprecated various parts of the thread API,
- * but the new interfaces are not available in older GLib versions
- * so we have to cope with both.
- */
-#if GLIB_CHECK_VERSION(2, 31, 0)
-/* Awkwardly, the GPrivate API doesn't provide a way to update the
- * GDestroyNotify handler for the coroutine key dynamically. So instead
- * we track whether or not the CoroutineGThread should be freed on
- * thread exit / coroutine key update using the free_on_thread_exit
- * field.
- */
-static void coroutine_destroy_notify(gpointer data)
-{
-CoroutineGThread *co = data;
-if (co && co->free_on_thread_exit) {
-g_free(co);
-}
-}
-
-static GPrivate coroutine_key = G_PRIVATE_INIT(coroutine_destroy_notify);
-
-static inline CoroutineGThread *get_coroutine_key(void)
-{
-return g_private_get(_key);
-}
-
-static inline void set_coroutine_key(CoroutineGThread *co,
- bool free_on_thread_exit)
-{
-/* Unlike g_static_private_set() this does not call the GDestroyNotify
- * if the previous value of the key was NULL.

Re: [Qemu-devel] [PATCH] coroutine: drop GThread coroutine backend

2016-01-29 Thread Alex Bennée 

Stefan Hajnoczi  writes:

> The GThread coroutine backend was a portable coroutine implementation.
> Over the years all platforms got their own optimized coroutine
> implementations and nothing uses the GThread backend anymore.
>
> In fact, ./configure mentions the GThread backend doesn't work but might
> be useful for debugging.  Since GDB macros were added to ease debugging
> of ucontext coroutines, there seems little point in keeping a broken
> backend around.

Except I found that I couldn't run the ThreadSanitizer without using the
gthread co-routines. So while I totally agree we should dump stuff
that's not used lets make sure no one else relies on it for debugging
stuff as well.

>
> Signed-off-by: Stefan Hajnoczi 
> ---
>  configure|  19 ++---
>  util/coroutine-gthread.c | 198 
> ---
>  2 files changed, 5 insertions(+), 212 deletions(-)
>  delete mode 100644 util/coroutine-gthread.c
>
> diff --git a/configure b/configure
> index 3506e44..789fd7d 100755
> --- a/configure
> +++ b/configure
> @@ -1322,7 +1322,7 @@ Advanced options (experts only):
>--oss-libpath to OSS library
>--cpu=CPUBuild for host CPU [$cpu]
>--with-coroutine=BACKEND coroutine backend. Supported options:
> -   gthread, ucontext, sigaltstack, windows
> +   ucontext, sigaltstack, windows
>--enable-gcovenable test coverage analysis with gcov
>--gcov=GCOV  use specified gcov [$gcov_tool]
>--disable-blobs  disable installing provided firmware blobs
> @@ -4314,10 +4314,8 @@ fi
>  # check and set a backend for coroutine
>
>  # We prefer ucontext, but it's not always possible. The fallback
> -# is sigcontext. gthread is not selectable except explicitly, because
> -# it is not functional enough to run QEMU proper. (It is occasionally
> -# useful for debugging purposes.)  On Windows the only valid backend
> -# is the Windows-specific one.
> +# is sigcontext.  On Windows the only valid backend is the Windows-specific
> +# one.
>
>  ucontext_works=no
>  if test "$darwin" != "yes"; then
> @@ -4356,7 +4354,7 @@ else
>feature_not_found "ucontext"
>  fi
>  ;;
> -  gthread|sigaltstack)
> +  sigaltstack)
>  if test "$mingw32" = "yes"; then
>error_exit "only the 'windows' coroutine backend is valid for Windows"
>  fi
> @@ -4368,14 +4366,7 @@ else
>  fi
>
>  if test "$coroutine_pool" = ""; then
> -  if test "$coroutine" = "gthread"; then
> -coroutine_pool=no
> -  else
> -coroutine_pool=yes
> -  fi
> -fi
> -if test "$coroutine" = "gthread" -a "$coroutine_pool" = "yes"; then
> -  error_exit "'gthread' coroutine backend does not support pool (use 
> --disable-coroutine-pool)"
> +  coroutine_pool=yes
>  fi
>
>  ##
> diff --git a/util/coroutine-gthread.c b/util/coroutine-gthread.c
> deleted file mode 100644
> index 0bcd778..000
> --- a/util/coroutine-gthread.c
> +++ /dev/null
> @@ -1,198 +0,0 @@
> -/*
> - * GThread coroutine initialization code
> - *
> - * Copyright (C) 2006  Anthony Liguori 
> - * Copyright (C) 2011  Aneesh Kumar K.V 
> - *
> - * This library is free software; you can redistribute it and/or
> - * modify it under the terms of the GNU Lesser General Public
> - * License as published by the Free Software Foundation; either
> - * version 2.0 of the License, or (at your option) any later version.
> - *
> - * This library is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> - * Lesser General Public License for more details.
> - *
> - * You should have received a copy of the GNU Lesser General Public
> - * License along with this library; if not, see 
> .
> - */
> -
> -#include 
> -#include "qemu-common.h"
> -#include "qemu/coroutine_int.h"
> -
> -typedef struct {
> -Coroutine base;
> -GThread *thread;
> -bool runnable;
> -bool free_on_thread_exit;
> -CoroutineAction action;
> -} CoroutineGThread;
> -
> -static CompatGMutex coroutine_lock;
> -static CompatGCond coroutine_cond;
> -
> -/* GLib 2.31 and beyond deprecated various parts of the thread API,
> - * but the new interfaces are not available in older GLib versions
> - * so we have to cope with both.
> - */
> -#if GLIB_CHECK_VERSION(2, 31, 0)
> -/* Awkwardly, the GPrivate API doesn't provide a way to update the
> - * GDestroyNotify handler for the coroutine key dynamically. So instead
> - * we track whether or not the CoroutineGThread should be freed on
> - * thread exit / coroutine key update using the free_on_thread_exit
> - * field.
> - */
> -static void coroutine_destroy_notify(gpointer data)
> -{
> -CoroutineGThread *co =

Re: [Qemu-devel] [Qemu-arm] [PATCH 8/8] target-arm: ignore ELR_ELx[1] for exception return to 32-bit ARM mode

2016-01-29 Thread Sergey Fedorov 
On 14.01.2016 21:34, Peter Maydell wrote:
> The architecture requires that for an exception return to AArch32 the
> low bits of ELR_ELx are ignored when the PC is set from them:
>  * if returning to Thumb mode, ignore ELR_ELx[0]
>  * if returning to ARM mode, ignore ELR_ELx[1:0]
>
> We were only squashing bit 0; also squash bit 1 if the SPSR T bit
> indicates this is a return to ARM code.

Reviewed-by: Sergey Fedorov 

> Signed-off-by: Peter Maydell 
> ---
>  target-arm/op_helper.c | 6 +-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
> index 5789ccb..171d6b8 100644
> --- a/target-arm/op_helper.c
> +++ b/target-arm/op_helper.c
> @@ -738,7 +738,11 @@ void HELPER(exception_return)(CPUARMState *env)
>  }
>  aarch64_sync_64_to_32(env);
>  
> -env->regs[15] = env->elr_el[cur_el] & ~0x1;
> +if (spsr & CPSR_T) {
> +env->regs[15] = env->elr_el[cur_el] & ~0x1;
> +} else {
> +env->regs[15] = env->elr_el[cur_el] & ~0x3;
> +}
>  } else {
>  env->aarch64 = 1;
>  pstate_write(env, spsr);

[Qemu-devel] [PATCH v9 08/16] block: Use blk_remove_bs() in blk_delete()

2016-01-29 Thread Max Reitz 
Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
Reviewed-by: Fam Zheng 
---
 block/block-backend.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index 621787c..7f5ad59 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -166,10 +166,7 @@ static void blk_delete(BlockBackend *blk)
 assert(!blk->refcnt);
 assert(!blk->dev);
 if (blk->bs) {
-assert(blk->bs->blk == blk);
-blk->bs->blk = NULL;
-bdrv_unref(blk->bs);
-blk->bs = NULL;
+blk_remove_bs(blk);
 }
 assert(QLIST_EMPTY(>remove_bs_notifiers.notifiers));
 assert(QLIST_EMPTY(>insert_bs_notifiers.notifiers));
@@ -351,6 +348,8 @@ void blk_hide_on_behalf_of_hmp_drive_del(BlockBackend *blk)
  */
 void blk_remove_bs(BlockBackend *blk)
 {
+assert(blk->bs->blk == blk);
+
 notifier_list_notify(>remove_bs_notifiers, blk);
 
 blk_update_root_state(blk);
-- 
2.7.0

[Qemu-devel] [PATCH v9 04/16] virtio-blk: Functions for op blocker management

2016-01-29 Thread Max Reitz 
Put the code for setting up and removing op blockers into an own
function, respectively. Then, we can invoke those functions whenever a
BDS is removed from an virtio-blk BB or inserted into it.

Signed-off-by: Max Reitz 
Reviewed-by: Fam Zheng 
Reviewed-by: Kevin Wolf 
---
 hw/block/dataplane/virtio-blk.c | 77 +++--
 1 file changed, 59 insertions(+), 18 deletions(-)

diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index bc34046..ee0c4d4 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -40,6 +40,8 @@ struct VirtIOBlockDataPlane {
 EventNotifier *guest_notifier;  /* irq */
 QEMUBH *bh; /* bh for guest notification */
 
+Notifier insert_notifier, remove_notifier;
+
 /* Note that these EventNotifiers are assigned by value.  This is
  * fine as long as you do not call event_notifier_cleanup on them
  * (because you don't own the file descriptor or handle; you just
@@ -137,6 +139,54 @@ static void handle_notify(EventNotifier *e)
 blk_io_unplug(s->conf->conf.blk);
 }
 
+static void data_plane_set_up_op_blockers(VirtIOBlockDataPlane *s)
+{
+assert(!s->blocker);
+error_setg(>blocker, "block device is in use by data plane");
+blk_op_block_all(s->conf->conf.blk, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_RESIZE, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_DRIVE_DEL, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_BACKUP_SOURCE, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_CHANGE, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_COMMIT_SOURCE, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_COMMIT_TARGET, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_EJECT, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_EXTERNAL_SNAPSHOT,
+   s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT,
+   s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT_DELETE,
+   s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_MIRROR_SOURCE, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_STREAM, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_REPLACE, s->blocker);
+}
+
+static void data_plane_remove_op_blockers(VirtIOBlockDataPlane *s)
+{
+if (s->blocker) {
+blk_op_unblock_all(s->conf->conf.blk, s->blocker);
+error_free(s->blocker);
+s->blocker = NULL;
+}
+}
+
+static void data_plane_blk_insert_notifier(Notifier *n, void *data)
+{
+VirtIOBlockDataPlane *s = container_of(n, VirtIOBlockDataPlane,
+   insert_notifier);
+assert(s->conf->conf.blk == data);
+data_plane_set_up_op_blockers(s);
+}
+
+static void data_plane_blk_remove_notifier(Notifier *n, void *data)
+{
+VirtIOBlockDataPlane *s = container_of(n, VirtIOBlockDataPlane,
+   remove_notifier);
+assert(s->conf->conf.blk == data);
+data_plane_remove_op_blockers(s);
+}
+
 /* Context: QEMU global mutex held */
 void virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf,
   VirtIOBlockDataPlane **dataplane,
@@ -179,22 +229,12 @@ void virtio_blk_data_plane_create(VirtIODevice *vdev, 
VirtIOBlkConf *conf,
 s->ctx = iothread_get_aio_context(s->iothread);
 s->bh = aio_bh_new(s->ctx, notify_guest_bh, s);
 
-error_setg(>blocker, "block device is in use by data plane");
-blk_op_block_all(conf->conf.blk, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_RESIZE, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_DRIVE_DEL, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_BACKUP_SOURCE, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_CHANGE, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_COMMIT_SOURCE, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_COMMIT_TARGET, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_EJECT, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_EXTERNAL_SNAPSHOT, 
s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT, 
s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT_DELETE,
-   s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_MIRROR_SOURCE, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_STREAM, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_REPLACE, s->blocker);
+s->insert_notifier.notify = data_plane_blk_insert_notifier;
+s->remove_notifier.notify = data_plane_blk_remove_notifier;
+

Re: [Qemu-devel] [PATCH v7 01/13] machine: Don't allow CPU toplogies with partially filled cores

2016-01-29 Thread Eduardo Habkost 
On Fri, Jan 29, 2016 at 04:10:47PM +0100, Igor Mammedov wrote:
> On Fri, 29 Jan 2016 12:24:18 -0200
> Eduardo Habkost  wrote:
> 
> > On Fri, Jan 29, 2016 at 02:52:30PM +1100, David Gibson wrote:
> > > On Thu, Jan 28, 2016 at 11:19:43AM +0530, Bharata B Rao wrote:  
> > > > Prevent guests from booting with CPU topologies that have partially
> > > > filled CPU cores or can result in partially filled CPU cores after
> > > > CPU hotplug like
> > > > 
> > > > -smp 15,sockets=1,cores=4,threads=4,maxcpus=16 or
> > > > -smp 15,sockets=1,cores=4,threads=4,maxcpus=17.
> > > > 
> > > > This is enforced by introducing MachineClass::validate_smp_config()
> > > > that gets called from generic SMP parsing code. Machine type versions
> > > > that want to enforce this can define this to the generic version
> > > > provided.
> > > > 
> > > > Only sPAPR and PC machine types starting from version 2.6 enforce this 
> > > > in
> > > > this patch.
> > > > 
> > > > Signed-off-by: Bharata B Rao   
> > > 
> > > I've been kind of lost in the back and forth about
> > > threads/cores/sockets.
> > > 
> > > What, in the end, is the rationale for allowing partially filled
> > > sockets, but not partially filled cores?  
> > 
> > I don't think there's a good reason for that (at least for PC).
> > 
> > It's easier to relax the requirements later if necessary, than
> > dealing with compatibility issues again when making the code more
> > strict. So I suggest we make validate_smp_config_generic() also
> > check if smp_cpus % (smp_threads * smp_cores) == 0.
> 
> that would break exiting setups.

Not if we do that only on newer machine classes.
validate_smp_config_generic() will be used only on *-2.6 and
newer.


> 
> Also in case of cpu hotplug this patch will break migration
> as target QEMU might refuse starting with hotplugged CPU thread.

This won't change older machine-types.

But I think you are right: it can break migration on pc-2.6, too.
But: isn't migration already broken when creating other sets of
CPUs that can't represented using -smp?

How exactly would you migrate a machine today, if you run:

  $ qemu-system-x86_64 -smp 16,sockets=2,cores=2,threads=2,maxcpus=32
  (QMP) cpu-add id=31


> 
> Perhaps this check should be enforced per target/machine if
> arch requires it.

It is. Please see the patch. It introduces a validate_smp_config
method.

But we need your input to clarify if
validate_smp_config_generic() is safe for pc-2.6 too.

-- 
Eduardo

Re: [Qemu-devel] [PATCH] arm: virt-acpi: each MADT.GICC entry as enabled unconditionally

2016-01-29 Thread Andrew Jones 
On Fri, Jan 29, 2016 at 11:44:24PM +0800, Shannon Zhao wrote:
> 
> 
> On 2016/1/29 23:26, Andrew Jones wrote:
> >On Fri, Jan 29, 2016 at 10:59:32PM +0800, Shannon Zhao wrote:
> >>>
> >>>
> >>>On 2016/1/29 22:24, Igor Mammedov wrote:
>  >in current impl. condition
>  >
>  >build_madt() {
>  >   ...
>  >   if (test_bit(i, cpuinfo->found_cpus))
>  >
>  >is always true since loop handles only present CPUs
>  >in range [0..smp_cpus).
>  >But to fill usless cpuinfo->found_cpus we do unnecessary
>  >scan over QOM tree to find the same CPUs.
>  >So mark GICC as present always and drop not needed
>  >code that fills cpuinfo->found_cpus.
>  >
>  >Signed-off-by: Igor Mammedov
>  >---
>  >It's just simple cleanup but I'm trying to generalize
>  >a bit CPU related ACPI tables and as part of it get rid
>  >of found_cpus bitmap and if possible cpu_index usage
>  >in ACPI parts of code.
>  >---
>  >  hw/arm/virt-acpi-build.c | 26 +++---
>  >  1 file changed, 3 insertions(+), 23 deletions(-)
>  >
>  >diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
>  >index 87fbe7c..3ed39fc 100644
>  >--- a/hw/arm/virt-acpi-build.c
>  >+++ b/hw/arm/virt-acpi-build.c
>  >@@ -46,20 +46,6 @@
>  >  #define ARM_SPI_BASE 32
>  >  #define ACPI_POWER_BUTTON_DEVICE "PWRB"
>  >
>  >-typedef struct VirtAcpiCpuInfo {
>  >-DECLARE_BITMAP(found_cpus, VIRT_ACPI_CPU_ID_LIMIT);
>  >-} VirtAcpiCpuInfo;
>  >-
>  >-static void virt_acpi_get_cpu_info(VirtAcpiCpuInfo *cpuinfo)
>  >-{
>  >-CPUState *cpu;
>  >-
>  >-memset(cpuinfo->found_cpus, 0, sizeof cpuinfo->found_cpus);
>  >-CPU_FOREACH(cpu) {
>  >-set_bit(cpu->cpu_index, cpuinfo->found_cpus);
>  >-}
>  >-}
>  >-
>  >  static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
>  >  {
>  >  uint16_t i;
>  >@@ -458,8 +444,7 @@ build_gtdt(GArray *table_data, GArray *linker)
>  >
>  >  /* MADT */
>  >  static void
>  >-build_madt(GArray *table_data, GArray *linker, VirtGuestInfo 
>  >*guest_info,
>  >-   VirtAcpiCpuInfo *cpuinfo)
>  >+build_madt(GArray *table_data, GArray *linker, VirtGuestInfo 
>  >*guest_info)
>  >  {
>  >  int madt_start = table_data->len;
>  >  const MemMapEntry *memmap = guest_info->memmap;
>  >@@ -489,9 +474,7 @@ build_madt(GArray *table_data, GArray *linker, 
>  >VirtGuestInfo *guest_info,
>  >  gicc->cpu_interface_number = i;
>  >  gicc->arm_mpidr = armcpu->mp_affinity;
>  >  gicc->uid = i;
>  >-if (test_bit(i, cpuinfo->found_cpus)) {
>  >-gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
>  >-}
>  >+gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
>  >  }
> >>>Ah, yes, it uses smp_cpus not max_cpus. But we still needs to support
> >>>max_cpus usage even though it doesn't support vcpu hotplug currently. So we
> >>>may need to introduce guest_info->max_cpus and use it here.
> >We should leave that for when the hotplug patches come, and we should
> >probably leave the hotplug patches until we see what Igor plans for
> >sharing more ACPI code between x86 and ARM.
> >
> Even if ignoring the vcpu hotplug, we still need to support max_cpus and
> smp_cpus usage like -smp 1,maxcpus=4.

OK, without hotplug, max > smp doesn't gain anything, max < smp results
in an error, and therefore the only useful case is max == smp.

> 
> >>>And below check in virt.c is not right while it should compare the global
> >>>max_cpus with the max_cpus GIC supports.
> >>>
> >>> if (smp_cpus > max_cpus) {
> >>> error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
> >>>  "supported by machine 'mach-virt' (%d)",
> >>>  smp_cpus, max_cpus);
> >>> exit(1);
> >>> }
> >max_cpus is getting set to the number the gic supports just above this
> >check. So max_cpus == gic_supported_cpus already, and this check is just
> >confirming the number of cpus the user has selected is OK.
> No, the global max_cpus (which is defined in vl.c and exported in
> sysemu/sysemu.h) is not the local variable max_cpus.

I now see what you mean though. If we don't want something like
-smp 1,maxcpus=9 to erroneously succeed on a gicv2 machine, then we
should be checking the global max_cpus here. I agree it should be
fixed, because, even though it changes nothing atm, we don't want to
allow invalid command lines.

Will you send the patch?

Thanks,
drew

Re: [Qemu-devel] [PATCH 00/37] clean include files to use osdep.h

2016-01-29 Thread Peter Maydell 
On 27 January 2016 at 08:03, Paolo Bonzini  wrote:
>
>
> On 26/01/2016 19:16, Peter Maydell wrote:
>> I propose to apply this directly to master in the not too
>> distant future, since the consensus appears to be that that's
>> overall less painful than trying to split it all between
>> maintainer trees for a purely mechanical change.
>>
>> There will then be another similar series which picks up
>> the remaining stuff.
>
> Agreed, thanks for doing this!

This series now pushed to master.

thanks
-- PMM

[Qemu-devel] [PATCH] ui/cocoa.m: Include qemu/osdep.h

2016-01-29 Thread Peter Maydell 
Include "qemu/osdep.h". (This is a manual commit equivalent
to what the clean-includes script would do, because that
script can't handle ObjectiveC source files.)

Signed-off-by: Peter Maydell 
---
 ui/cocoa.m | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index d866f23..3ee5549 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -22,6 +22,8 @@
  * THE SOFTWARE.
  */
 
+#include "qemu/osdep.h"
+
 #import 
 #include 
 
-- 
1.9.1

[Qemu-devel] [PATCH v5 0/2] trace: Show vCPU info in guest code events

2016-01-29 Thread Lluís Vilanova 
NOTE: This series should complete the framework for guest code tracing. From
  here on, other series can concurrently add actual events and improve the
  guest code tracing features and performance (e.g., control tracing
  independently on each vCPU).

This series introduces the "vcpu" property for tracing events. This property
identifies events that are tied to a particular virtual CPU (e.g., executing an
instruction).

Events with this property have an implicit vcpu argument, which is shown in the
trace. In the case of events executed at TCG translation time, two implicit
arguments are added:

* The vCPU performing the code translation (shown in the translation-time trace)
* The vCPU executing the translated code (shown in the execution-time trace)

Note that the "vcpu" and "tcg" properties are not merged into a single one,
since events can be defined that relate to a vCPU but are never raised from TCG
code (e.g., interrupts).


Changes in v5
=

* Rebase on 357e81c.
* Split from the previous (larger and more complex) v4 series.


Changes in v4
=

* Fix typo in commit message (Stefan Hajnoczi).
* Simplify per-vCPU tracing state initialization (Stefan Hajnoczi).
* Update copyright years.


Changes in v3
=

* Update QAPI version (Eric Blake).
* Fix '#optional' annotation in QAPI (Eric Blake).


Changes in v2
=

* Rebase on 5522a84.
* Improve patch descriptions.
* Refactor code generation into a separate patch.
* Fix forward declarations (Stefan Hajnoczi & Eduardo Habkost).
* Fix "since" tags in QAPI interface (Eric Blake).
* Unify QAPI/QMP interface with an optional 'vcpu' argument (Eric Blake).
* Fix QMP+GTK header workaround (Stefan Hajnoczi).


Signed-off-by: Lluís Vilanova 
Acked-by: Stefan Hajnoczi 
---

Lluís Vilanova (2):
  trace: Add support for vCPU pointers in trace events
  trace: Add 'vcpu' event property to trace guest vCPU


 docs/tracing.txt |   40 ++
 include/qemu/typedefs.h  |1 +
 scripts/tracetool/__init__.py|   24 +-
 scripts/tracetool/format/h.py|3 ++
 scripts/tracetool/format/tcg_h.py|   13 --
 scripts/tracetool/format/ust_events_c.py |1 +
 scripts/tracetool/transform.py   |9 ++-
 target-alpha/translate.c |2 +-
 target-arm/translate.c   |2 +-
 target-arm/translate.h   |2 +-
 target-cris/translate.c  |2 +-
 target-i386/translate.c  |2 +-
 target-lm32/translate.c  |2 +-
 target-m68k/translate.c  |2 +-
 target-microblaze/translate.c|2 +-
 target-mips/translate.c  |2 +-
 target-moxie/translate.c |2 +-
 target-openrisc/translate.c  |2 +-
 target-ppc/translate.c   |2 +-
 target-s390x/translate.c |2 +-
 target-sh4/translate.c   |2 +-
 target-sparc/translate.c |5 ++--
 target-tilegx/translate.c|2 +-
 target-tricore/translate.c   |2 +-
 target-unicore32/translate.c |2 +-
 target-xtensa/translate.c|2 +-
 tcg/tcg-op.h |2 --
 tcg/tcg.h|6 +
 trace/control.h  |3 ++
 29 files changed, 113 insertions(+), 30 deletions(-)


To: qemu-devel@nongnu.org
Cc: Stefan Hajnoczi 
Cc: Eduardo Habkost 
Cc: Eric Blake

[Qemu-devel] [PATCH v5 2/2] trace: Add 'vcpu' event property to trace guest vCPU

2016-01-29 Thread Lluís Vilanova 
This property identifies events that trace vCPU-specific information.

It adds a "CPUState*" argument to events with the property, identifying
the vCPU raising the event. TCG translation events also have a
"TCGv_cpu" implicit argument that is later used as the "CPUState*"
argument at execution time.

Signed-off-by: Lluís Vilanova 
---
 docs/tracing.txt |   40 ++
 scripts/tracetool/__init__.py|   24 +-
 scripts/tracetool/format/h.py|3 ++
 scripts/tracetool/format/tcg_h.py|   13 --
 scripts/tracetool/format/ust_events_c.py |1 +
 5 files changed, 75 insertions(+), 6 deletions(-)

diff --git a/docs/tracing.txt b/docs/tracing.txt
index 3853a6a..ade39e0 100644
--- a/docs/tracing.txt
+++ b/docs/tracing.txt
@@ -347,3 +347,43 @@ This will immediately call:
 and will generate the TCG code to call:
 
 void trace_foo(uint8_t a1, uint32_t a2);
+
+=== "vcpu" ===
+
+Identifies events that trace vCPU-specific information. The property adds a
+"CPUState*" argument that identifies the vCPU raising the event. If used
+together with the "tcg" property, it adds a second "TCGv_cpu" argument that
+identifies the vCPU when guest code is executed.
+
+The following example events:
+
+foo(uint32_t a) "a=%x"
+vcpu bar(uint32_t a) "cpu=%p a=%x"
+tcg vcpu baz(uint32_t a) "cpu=%p a=%x", "cpu=%p a=%x"
+
+Can be used as:
+
+#include "trace-tcg.h"
+
+CPUArchState *env;
+TCGv_ptr cpu_env;
+
+void some_disassembly_func(...)
+{
+/* trace emitted at this point */
+trace_foo(0xd1);
+/* trace emitted at this point */
+trace_bar(ENV_GET_CPU(env), 0xd2);
+/* trace emitted at this point (env) and when guest code is executed 
(cpu_env) */
+trace_baz_tcg(ENV_GET_CPU(env), cpu_env, 0xd3);
+}
+
+If we assume code is translated by the vCPU with address 0xc1 and executed by
+the vCPU with address 0xc2, this would be an example output:
+
+// at guest code translation
+foo a=0xd1
+bar cpu=0xc1 a=0xd2
+baz_trans cpu=0xc1 a=0xd3
+// at guest code execution
+baz_exec cpu=0xc2 a=0xd3
diff --git a/scripts/tracetool/__init__.py b/scripts/tracetool/__init__.py
index 181675f..41feb23 100644
--- a/scripts/tracetool/__init__.py
+++ b/scripts/tracetool/__init__.py
@@ -6,7 +6,7 @@ Machinery for generating tracing-related intermediate files.
 """
 
 __author__ = "Lluís Vilanova "
-__copyright__  = "Copyright 2012-2014, Lluís Vilanova "
+__copyright__  = "Copyright 2012-2016, Lluís Vilanova "
 __license__= "GPL version 2 or (at your option) any later version"
 
 __maintainer__ = "Stefan Hajnoczi"
@@ -146,7 +146,7 @@ class Event(object):
   "(?:(?:(?P\".+),)?\s*(?P\".+))?"
   "\s*")
 
-_VALID_PROPS = set(["disable", "tcg", "tcg-trans", "tcg-exec"])
+_VALID_PROPS = set(["disable", "tcg", "tcg-trans", "tcg-exec", "vcpu"])
 
 def __init__(self, name, props, fmt, args, orig=None):
 """
@@ -215,6 +215,19 @@ class Event(object):
 if "tcg" in props and isinstance(fmt, str):
 raise ValueError("Events with 'tcg' property must have two 
formats")
 
+# add implicit arguments when using the 'vcpu' property
+if "vcpu" in props:
+assert "tcg-trans" not in props and "tcg-exec" not in props
+# events with 'tcg-trans' and 'tcg-exec' are auto-generated, they
+# have already been transformed
+if "tcg" in props:
+types = ["TCGv_cpu"] + args.types()
+names = ["_tcg_cpu"] + args.names()
+else:
+types = ["CPUState *"] + args.types()
+names = ["_cpu"] + args.names()
+args = Arguments(zip(types, names))
+
 return Event(name, props, fmt, args)
 
 def __repr__(self):
@@ -270,6 +283,7 @@ def _read_events(fobj):
 event_trans.name += "_trans"
 event_trans.properties += ["tcg-trans"]
 event_trans.fmt = event.fmt[0]
+# ignore TCG arguments
 args_trans = []
 for atrans, aorig in zip(
 event_trans.transform(tracetool.transform.TCG_2_HOST).args,
@@ -279,6 +293,12 @@ def _read_events(fobj):
 event_trans.args = Arguments(args_trans)
 event_trans = event_trans.copy()
 
+# trace the vCPU performing the translation
+if "vcpu" in event_trans.properties:
+event_trans.args = Arguments(zip(
+["CPUState *"] + list(event_trans.args.types()),
+["_cpu"] + list(event_trans.args.names(
+
 event_exec = event.copy()
 event_exec.name += "_exec"
 event_exec.properties += ["tcg-exec"]
diff --git a/scripts/tracetool/format/h.py

Re: [Qemu-devel] [PATCH 2/8] target-arm: Move aarch64_cpu_do_interrupt() to helper.c

2016-01-29 Thread Sergey Fedorov 
On 14.01.2016 21:34, Peter Maydell wrote:
> Move the aarch64_cpu_do_interrupt() function to helper.c. We want
> to be able to call this from code that isn't AArch64-only, and
> the move allows us to avoid awkward #ifdeffery at the callsite.

Reviewed-by: Sergey Fedorov 

> Signed-off-by: Peter Maydell 
> ---
>  target-arm/cpu-qom.h|   2 +-
>  target-arm/helper-a64.c | 104 
> 
>  target-arm/helper.c | 100 ++
>  3 files changed, 101 insertions(+), 105 deletions(-)
>
> diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
> index e4d4270..bda2af8 100644
> --- a/target-arm/cpu-qom.h
> +++ b/target-arm/cpu-qom.h
> @@ -247,8 +247,8 @@ void arm_gt_stimer_cb(void *opaque);
>  #ifdef TARGET_AARCH64
>  int aarch64_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
>  int aarch64_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
> +#endif
>  
>  void aarch64_cpu_do_interrupt(CPUState *cs);
> -#endif
>  
>  #endif
> diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c
> index fc3ccdf..a322e7b 100644
> --- a/target-arm/helper-a64.c
> +++ b/target-arm/helper-a64.c
> @@ -25,7 +25,6 @@
>  #include "qemu/bitops.h"
>  #include "internals.h"
>  #include "qemu/crc32c.h"
> -#include "sysemu/kvm.h"
>  #include  /* For crc32 */
>  
>  /* C2.4.7 Multiply and divide */
> @@ -443,106 +442,3 @@ uint64_t HELPER(crc32c_64)(uint64_t acc, uint64_t val, 
> uint32_t bytes)
>  /* Linux crc32c converts the output to one's complement.  */
>  return crc32c(acc, buf, bytes) ^ 0x;
>  }
> -
> -#if !defined(CONFIG_USER_ONLY)
> -
> -/* Handle a CPU exception.  */
> -void aarch64_cpu_do_interrupt(CPUState *cs)
> -{
> -ARMCPU *cpu = ARM_CPU(cs);
> -CPUARMState *env = >env;
> -unsigned int new_el = env->exception.target_el;
> -target_ulong addr = env->cp15.vbar_el[new_el];
> -unsigned int new_mode = aarch64_pstate_mode(new_el, true);
> -
> -if (arm_current_el(env) < new_el) {
> -if (env->aarch64) {
> -addr += 0x400;
> -} else {
> -addr += 0x600;
> -}
> -} else if (pstate_read(env) & PSTATE_SP) {
> -addr += 0x200;
> -}
> -
> -arm_log_exception(cs->exception_index);
> -qemu_log_mask(CPU_LOG_INT, "...from EL%d to EL%d\n", arm_current_el(env),
> -  new_el);
> -if (qemu_loglevel_mask(CPU_LOG_INT)
> -&& !excp_is_internal(cs->exception_index)) {
> -qemu_log_mask(CPU_LOG_INT, "...with ESR %x/0x%" PRIx32 "\n",
> -  env->exception.syndrome >> ARM_EL_EC_SHIFT,
> -  env->exception.syndrome);
> -}
> -
> -if (arm_is_psci_call(cpu, cs->exception_index)) {
> -arm_handle_psci_call(cpu);
> -qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n");
> -return;
> -}
> -
> -switch (cs->exception_index) {
> -case EXCP_PREFETCH_ABORT:
> -case EXCP_DATA_ABORT:
> -env->cp15.far_el[new_el] = env->exception.vaddress;
> -qemu_log_mask(CPU_LOG_INT, "...with FAR 0x%" PRIx64 "\n",
> -  env->cp15.far_el[new_el]);
> -/* fall through */
> -case EXCP_BKPT:
> -case EXCP_UDEF:
> -case EXCP_SWI:
> -case EXCP_HVC:
> -case EXCP_HYP_TRAP:
> -case EXCP_SMC:
> -env->cp15.esr_el[new_el] = env->exception.syndrome;
> -break;
> -case EXCP_IRQ:
> -case EXCP_VIRQ:
> -addr += 0x80;
> -break;
> -case EXCP_FIQ:
> -case EXCP_VFIQ:
> -addr += 0x100;
> -break;
> -case EXCP_SEMIHOST:
> -qemu_log_mask(CPU_LOG_INT,
> -  "...handling as semihosting call 0x%" PRIx64 "\n",
> -  env->xregs[0]);
> -env->xregs[0] = do_arm_semihosting(env);
> -return;
> -default:
> -cpu_abort(cs, "Unhandled exception 0x%x\n", cs->exception_index);
> -}
> -
> -if (is_a64(env)) {
> -env->banked_spsr[aarch64_banked_spsr_index(new_el)] = 
> pstate_read(env);
> -aarch64_save_sp(env, arm_current_el(env));
> -env->elr_el[new_el] = env->pc;
> -} else {
> -env->banked_spsr[aarch64_banked_spsr_index(new_el)] = cpsr_read(env);
> -if (!env->thumb) {
> -env->cp15.esr_el[new_el] |= 1 << 25;
> -}
> -env->elr_el[new_el] = env->regs[15];
> -
> -aarch64_sync_32_to_64(env);
> -
> -env->condexec_bits = 0;
> -}
> -qemu_log_mask(CPU_LOG_INT, "...with ELR 0x%" PRIx64 "\n",
> -  env->elr_el[new_el]);
> -
> -pstate_write(env, PSTATE_DAIF | new_mode);
> -env->aarch64 = 1;
> -aarch64_restore_sp(env, new_el);
> -
> -env->pc = addr;
> -
> -qemu_log_mask(CPU_LOG_INT, "...to EL%d PC 0x%" PRIx64 " PSTATE 0x%x\n",
> -  new_el, env->pc, pstate_read(env));
> -
> -if (!kvm_enabled()) {
> -

Re: [Qemu-devel] [Qemu-arm] [PATCH 3/8] target-arm: Use a single entry point for AArch64 and AArch32 exceptions

2016-01-29 Thread Sergey Fedorov 
On 14.01.2016 21:34, Peter Maydell wrote:
> If EL2 or EL3 is present on an AArch64 CPU, then exceptions can be
> taken to an exception level which is running AArch32 (if only EL0
> and EL1 are present then EL1 must be AArch64 and all exceptions are
> taken to AArch64). To support this we need to have a single
> implementation of the CPU do_interrupt() method which can handle both
> 32 and 64 bit exception entry.
>
> Pull the common parts of aarch64_cpu_do_interrupt() and
> arm_cpu_do_interrupt() out into a new function which calls
> either the AArch32 or AArch64 specific entry code once it has
> worked out which one is needed.
>
> We temporarily special-case the handling of EXCP_SEMIHOST to
> avoid an assertion in arm_el_is_aa64(); the next patch will
> pull all the semihosting handling out to the arm_cpu_do_interrupt()
> level (since semihosting semantics depend on the register width
> of the calling code, not on that of any higher EL).

Reviewed-by: Sergey Fedorov 

> Signed-off-by: Peter Maydell 
> ---
>  target-arm/cpu-qom.h |  2 --
>  target-arm/cpu64.c   |  3 ---
>  target-arm/helper.c  | 75 
> ++--
>  3 files changed, 44 insertions(+), 36 deletions(-)
>
> diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
> index bda2af8..eae6cd1 100644
> --- a/target-arm/cpu-qom.h
> +++ b/target-arm/cpu-qom.h
> @@ -249,6 +249,4 @@ int aarch64_cpu_gdb_read_register(CPUState *cpu, uint8_t 
> *buf, int reg);
>  int aarch64_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
>  #endif
>  
> -void aarch64_cpu_do_interrupt(CPUState *cs);
> -
>  #endif
> diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
> index 63c8b1c..edb41f7 100644
> --- a/target-arm/cpu64.c
> +++ b/target-arm/cpu64.c
> @@ -290,9 +290,6 @@ static void aarch64_cpu_class_init(ObjectClass *oc, void 
> *data)
>  {
>  CPUClass *cc = CPU_CLASS(oc);
>  
> -#if !defined(CONFIG_USER_ONLY)
> -cc->do_interrupt = aarch64_cpu_do_interrupt;
> -#endif
>  cc->cpu_exec_interrupt = arm_cpu_exec_interrupt;
>  cc->set_pc = aarch64_cpu_set_pc;
>  cc->gdb_read_register = aarch64_cpu_gdb_read_register;
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 519f066..962bb3c 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -5707,8 +5707,7 @@ void aarch64_sync_64_to_32(CPUARMState *env)
>  env->regs[15] = env->pc;
>  }
>  
> -/* Handle a CPU exception.  */
> -void arm_cpu_do_interrupt(CPUState *cs)
> +static void arm_cpu_do_interrupt_aarch32(CPUState *cs)
>  {
>  ARMCPU *cpu = ARM_CPU(cs);
>  CPUARMState *env = >env;
> @@ -5718,16 +5717,6 @@ void arm_cpu_do_interrupt(CPUState *cs)
>  uint32_t offset;
>  uint32_t moe;
>  
> -assert(!IS_M(env));
> -
> -arm_log_exception(cs->exception_index);
> -
> -if (arm_is_psci_call(cpu, cs->exception_index)) {
> -arm_handle_psci_call(cpu);
> -qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n");
> -return;
> -}
> -
>  /* If this is a debug exception we must update the DBGDSCR.MOE bits */
>  switch (env->exception.syndrome >> ARM_EL_EC_SHIFT) {
>  case EC_BREAKPOINT:
> @@ -5899,11 +5888,10 @@ void arm_cpu_do_interrupt(CPUState *cs)
>  }
>  env->regs[14] = env->regs[15] + offset;
>  env->regs[15] = addr;
> -cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
>  }
>  
> -/* Handle a CPU exception.  */
> -void aarch64_cpu_do_interrupt(CPUState *cs)
> +/* Handle exception entry to a target EL which is using AArch64 */
> +static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
>  {
>  ARMCPU *cpu = ARM_CPU(cs);
>  CPUARMState *env = >env;
> @@ -5921,22 +5909,6 @@ void aarch64_cpu_do_interrupt(CPUState *cs)
>  addr += 0x200;
>  }
>  
> -arm_log_exception(cs->exception_index);
> -qemu_log_mask(CPU_LOG_INT, "...from EL%d to EL%d\n", arm_current_el(env),
> -  new_el);
> -if (qemu_loglevel_mask(CPU_LOG_INT)
> -&& !excp_is_internal(cs->exception_index)) {
> -qemu_log_mask(CPU_LOG_INT, "...with ESR %x/0x%" PRIx32 "\n",
> -  env->exception.syndrome >> ARM_EL_EC_SHIFT,
> -  env->exception.syndrome);
> -}
> -
> -if (arm_is_psci_call(cpu, cs->exception_index)) {
> -arm_handle_psci_call(cpu);
> -qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n");
> -return;
> -}
> -
>  switch (cs->exception_index) {
>  case EXCP_PREFETCH_ABORT:
>  case EXCP_DATA_ABORT:
> @@ -5996,6 +5968,47 @@ void aarch64_cpu_do_interrupt(CPUState *cs)
>  
>  qemu_log_mask(CPU_LOG_INT, "...to EL%d PC 0x%" PRIx64 " PSTATE 0x%x\n",
>new_el, env->pc, pstate_read(env));
> +}
> +
> +/* Handle a CPU exception for A and R profile CPUs.
> + * Do any appropriate logging, handle PSCI calls, and then hand off
> + * to the AArch64-entry or AArch32-entry function depending on the
>

Re: [Qemu-devel] [PATCH 4/8] target-arm: Pull semihosting handling out to arm_cpu_do_interrupt()

2016-01-29 Thread Sergey Fedorov 
On 14.01.2016 21:34, Peter Maydell wrote:
> Handling of semihosting calls should depend on the register width
> of the calling code, not on that of any higher exception level,
> so we need to identify and handle semihosting calls before we
> decide whether to deliver the exception as an entry to AArch32
> or AArch64. (EXCP_SEMIHOST is also an "internal exception" so
> it has no target exception level in the first place.)
>
> This will allow AArch32 EL1 code to use semihosting calls when
> running under an AArch64 EL3.

Reviewed-by: Sergey Fedorov 

> Signed-off-by: Peter Maydell 
> ---
>  target-arm/helper.c | 120 
> +++-
>  1 file changed, 81 insertions(+), 39 deletions(-)
>
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 962bb3c..d37c82c 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -5754,27 +5754,6 @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs)
>  offset = 4;
>  break;
>  case EXCP_SWI:
> -if (semihosting_enabled()) {
> -/* Check for semihosting interrupt.  */
> -if (env->thumb) {
> -mask = arm_lduw_code(env, env->regs[15] - 2, env->bswap_code)
> -& 0xff;
> -} else {
> -mask = arm_ldl_code(env, env->regs[15] - 4, env->bswap_code)
> -& 0xff;
> -}
> -/* Only intercept calls from privileged modes, to provide some
> -   semblance of security.  */
> -if (((mask == 0x123456 && !env->thumb)
> -|| (mask == 0xab && env->thumb))
> -  && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
> -qemu_log_mask(CPU_LOG_INT,
> -  "...handling as semihosting call 0x%x\n",
> -  env->regs[0]);
> -env->regs[0] = do_arm_semihosting(env);
> -return;
> -}
> -}
>  new_mode = ARM_CPU_MODE_SVC;
>  addr = 0x08;
>  mask = CPSR_I;
> @@ -5782,19 +5761,6 @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs)
>  offset = 0;
>  break;
>  case EXCP_BKPT:
> -/* See if this is a semihosting syscall.  */
> -if (env->thumb && semihosting_enabled()) {
> -mask = arm_lduw_code(env, env->regs[15], env->bswap_code) & 0xff;
> -if (mask == 0xab
> -  && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
> -env->regs[15] += 2;
> -qemu_log_mask(CPU_LOG_INT,
> -  "...handling as semihosting call 0x%x\n",
> -  env->regs[0]);
> -env->regs[0] = do_arm_semihosting(env);
> -return;
> -}
> -}
>  env->exception.fsr = 2;
>  /* Fall through to prefetch abort.  */
>  case EXCP_PREFETCH_ABORT:
> @@ -5970,6 +5936,78 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
>new_el, env->pc, pstate_read(env));
>  }
>  
> +static inline bool check_for_semihosting(CPUState *cs)
> +{
> +/* Check whether this exception is a semihosting call; if so
> + * then handle it and return true; otherwise return false.
> + */
> +ARMCPU *cpu = ARM_CPU(cs);
> +CPUARMState *env = >env;
> +
> +if (is_a64(env)) {
> +if (cs->exception_index == EXCP_SEMIHOST) {
> +/* This is always the 64-bit semihosting exception.
> + * The "is this usermode" and "is semihosting enabled"
> + * checks have been done at translate time.
> + */
> +qemu_log_mask(CPU_LOG_INT,
> +  "...handling as semihosting call 0x%" PRIx64 "\n",
> +  env->xregs[0]);
> +env->xregs[0] = do_arm_semihosting(env);
> +return true;
> +}
> +return false;
> +} else {
> +uint32_t imm;
> +
> +/* Only intercept calls from privileged modes, to provide some
> + * semblance of security.
> + */
> +if (!semihosting_enabled() ||
> +((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_USR)) {
> +return false;
> +}
> +
> +switch (cs->exception_index) {
> +case EXCP_SWI:
> +/* Check for semihosting interrupt.  */
> +if (env->thumb) {
> +imm = arm_lduw_code(env, env->regs[15] - 2, env->bswap_code)
> +& 0xff;
> +if (imm == 0xab) {
> +break;
> +}
> +} else {
> +imm = arm_ldl_code(env, env->regs[15] - 4, env->bswap_code)
> +& 0xff;
> +if (imm == 0x123456) {
> +break;
> +}
> +}
> +

[Qemu-devel] [RFC v2 3/8] Generic PCIe host bridge INTx determination for INTx routing

2016-01-29 Thread Eric Auger 
This patch stores information about assigned legacy interrupt numbers in
GPEX host structure.
This is used during GPEX INTx number determination from a pin during
INTx routing.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Tushar Jagad 
---
 hw/arm/virt.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 15658f4..3839c68 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -826,6 +826,7 @@ static void create_pcie(const VirtBoardInfo *vbi, qemu_irq 
*pic,
 char *nodename;
 int i;
 PCIHostState *pci;
+GPEXHost *s;
 
 dev = qdev_create(NULL, TYPE_GPEX_HOST);
 qdev_init_nofail(dev);
@@ -861,8 +862,11 @@ static void create_pcie(const VirtBoardInfo *vbi, qemu_irq 
*pic,
 /* Map IO port space */
 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 2, base_pio);
 
+s = GPEX_HOST(dev);
+
 for (i = 0; i < GPEX_NUM_IRQS; i++) {
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, pic[irq + i]);
+s->irq_num[i] = irq + i;
 }
 
 pci = PCI_HOST_BRIDGE(dev);
-- 
1.9.1

[Qemu-devel] [RFC v2 8/8] hw: vfio: common: adapt vfio_listeners for reserved_iova region

2016-01-29 Thread Eric Auger 
In case of reserved iova region, let's declare this region to the
kernel so that it can use it for IOVA/PA bindings.

Signed-off-by: Eric Auger 
---
 hw/vfio/common.c | 46 --
 1 file changed, 28 insertions(+), 18 deletions(-)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 247c87b..ee957ba 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -217,10 +217,8 @@ static int vfio_dma_unmap(VFIOContainer *container,
  *
  * unregistration is handled using vfio_dma_unmap
  */
-int vfio_register_reserved_iova(VFIOContainer *container, hwaddr iova,
-ram_addr_t size);
-int vfio_register_reserved_iova(VFIOContainer *container, hwaddr iova,
-ram_addr_t size)
+static int vfio_register_reserved_iova(VFIOContainer *container, hwaddr iova,
+   ram_addr_t size)
 {
 struct vfio_iommu_type1_dma_map map = {
 .argsz = sizeof(map),
@@ -271,6 +269,7 @@ static int vfio_dma_map(VFIOContainer *container, hwaddr 
iova,
 static bool vfio_listener_skipped_section(MemoryRegionSection *section)
 {
 return (!memory_region_is_ram(section->mr) &&
+!memory_region_is_reserved_iova(section->mr) &&
 !memory_region_is_iommu(section->mr)) ||
/*
 * Sizing an enabled 64-bit BAR can cause spurious mappings to
@@ -354,7 +353,7 @@ static void vfio_listener_region_add(MemoryListener 
*listener,
 hwaddr iova, end;
 Int128 llend;
 void *vaddr;
-int ret;
+int ret = -1;
 
 if (vfio_listener_skipped_section(section)) {
 trace_vfio_listener_region_add_skip(
@@ -418,24 +417,35 @@ static void vfio_listener_region_add(MemoryListener 
*listener,
 return;
 }
 
-/* Here we assume that memory_region_is_ram(section->mr)==true */
+/* Here we assume that the memory region is ram or reserved iova */
 
-vaddr = memory_region_get_ram_ptr(section->mr) +
-section->offset_within_region +
-(iova - section->offset_within_address_space);
+if (memory_region_is_ram(section->mr)) {
+vaddr = memory_region_get_ram_ptr(section->mr) +
+section->offset_within_region +
+(iova - section->offset_within_address_space);
 
-trace_vfio_listener_region_add_ram(iova, end - 1, vaddr);
+trace_vfio_listener_region_add_ram(iova, end - 1, vaddr);
 
-ret = vfio_dma_map(container, iova, end - iova, vaddr, section->readonly);
-if (ret) {
-error_report("vfio_dma_map(%p, 0x%"HWADDR_PRIx", "
- "0x%"HWADDR_PRIx", %p) = %d (%m)",
- container, iova, end - iova, vaddr, ret);
-goto fail;
+ret = vfio_dma_map(container, iova, end - iova, vaddr,
+   section->readonly);
+if (ret) {
+error_report("vfio_dma_map(%p, 0x%"HWADDR_PRIx", "
+ "0x%"HWADDR_PRIx", %p) = %d (%m)",
+ container, iova, end - iova, vaddr, ret);
+goto fail;
+}
+return;
+} else if (memory_region_is_reserved_iova(section->mr)) {
+ret = vfio_register_reserved_iova(container, iova, end - iova);
+if (ret) {
+error_report("vfio_register_reserved_iova(%p, 0x%"HWADDR_PRIx", "
+ "0x%"HWADDR_PRIx") = %d (%m)",
+ container, iova, end - iova, ret);
+goto fail;
+}
+return;
 }
 
-return;
-
 fail:
 /*
  * On the initfn path, store the first error in the container so we
-- 
1.9.1

Re: [Qemu-devel] [PATCH RFC V5 0/9] Implement GIC-500 from GICv3 family for arm64

2016-01-29 Thread Christopher Covington 
On 10/20/2015 01:22 PM, Shlomo Pongratz wrote:
> From: Shlomo Pongratz 
> 
> This patch is a first step multicores support for arm64.
> 
> This implemntation was tested up to 100 cores.
> 
> Things left to do:
> 
> Support SPI, ITS and ITS CONTROL, note that this patch porpose is to enable
> running multi cores using the "virt" virtual machine and this goal is achived
> without that.
> 
> Add GICv2 backwards competability. Since there is a GICv2 implementation I
> can't see the pusprose for it.
> 
> Special thanks to Peter Crostwaite whose patch to th Linux (kernel) i.e.
> Implement cpu_relax as yield solved the problem of the boot process getting
> stuck for 24 cores and more.
> 
> Figure out why virtual machine name changed from virt-v3 to virt-v3-machine

Hi Shlomo,

Were you planning on another revision of this patchset? Are there any
things you would like help with?

Peter,

Do you have any thoughts about what is essential and what isn't for a
first wave of TCG GICv3 patches to be mergeable?

Thanks,
Christopher Covington

-- 
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project

Re: [Qemu-devel] [PATCH 1/1] arm: virt: change GPIO trigger interrupt to pulse

2016-01-29 Thread Peter Maydell 
On 29 January 2016 at 15:13, Wei Huang  wrote:
>
>
> On 01/29/2016 08:50 AM, Peter Maydell wrote:
>> I wonder if we should be asserting the GPIO pin in the powerdown-request
>> hook and then deasserting it on system reset somewhere...
>
> This is another possibility. We can try to reset the pl061 state by
> hooking up with dc->reset and see what happens.

Ah, yes, PL061 hasn't been updated to implement reset. That is almost
certainly your problem.

thanks
-- PMM

[Qemu-devel] [PATCH v9 00/16] block: Rework bdrv_close_all()

2016-01-29 Thread Max Reitz 
Currently, bdrv_close_all() force-closes all BDSs with a BlockBackend,
which can lead to data corruption (see the iotest added in the final
patch of this series) and is most certainly very ugly.

This series reworks bdrv_close_all() to instead eject the BDS trees from
all BlockBackends and then close the monitor-owned BDS trees, which are
the only BDSs without a BB. In effect, all BDSs are closed just by
getting closed automatically due to their reference count becoming 0.

Note that the approach taken here leaks all BlockBackends. This does not
really matter, however, since qemu is about to exit anyway.


*** Note: This series is based on Kevin's block branch ***


v9:
- Patch 1: Only release named dirty bitmaps, and assert that there are
  no unnamed left [Fam]
- Patches 2, 15, 16: Bumped year from 2015 to 2016; I kept the R-bs
  because this seemed like a very straightforward change to me
  [Eric]
- Patch 5: Set up the notifiers only after the last (and only) error
  path in virtio_scsi_hotplug() in order not to leak them [Kevin]
- Patch 12:
  - Added a note to the commit message about the change to
qmp_x_blockdev_del() [Fam]
  - Dropped the !QLIST_EMPTY() check in qmp_x_blockdev_del(); the newly
introduced check fulfills the same task while being more explicit
about it [Kevin]
- Patch 14:
  - Changed the order of blk_remove_all_bs() and
blockdev_close_all_bdrv_states() [Fam]
  - Dropped the aio_poll() loop; it is unneccessary now that
block_job_cancel_sync() effectively calls block_job_unref() by
itself


git-backport-diff against v8:

Key:
[] : patches are identical
[] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/16:[down] 'block: Release named dirty bitmaps in bdrv_close()'
002/16:[0002] [FC] 'iotests: Add test for eject under NBD server'
003/16:[] [--] 'block: Add BB-BDS remove/insert notifiers'
004/16:[] [--] 'virtio-blk: Functions for op blocker management'
005/16:[0002] [FC] 'virtio-scsi: Catch BDS-BB removal/insertion'
006/16:[] [--] 'nbd: Switch from close to eject notifier'
007/16:[] [-C] 'block: Remove BDS close notifier'
008/16:[] [--] 'block: Use blk_remove_bs() in blk_delete()'
009/16:[] [--] 'blockdev: Use blk_remove_bs() in do_drive_del()'
010/16:[] [-C] 'block: Make bdrv_close() static'
011/16:[] [--] 'block: Add list of all BlockDriverStates'
012/16:[0004] [FC] 'blockdev: Keep track of monitor-owned BDS'
013/16:[] [--] 'block: Add blk_remove_all_bs()'
014/16:[0013] [FC] 'block: Rewrite bdrv_close_all()'
015/16:[0002] [FC] 'iotests: Add test for multiple BB on BDS tree'
016/16:[0002] [FC] 'iotests: Add test for block jobs and BDS ejection'


Max Reitz (16):
  block: Release named dirty bitmaps in bdrv_close()
  iotests: Add test for eject under NBD server
  block: Add BB-BDS remove/insert notifiers
  virtio-blk: Functions for op blocker management
  virtio-scsi: Catch BDS-BB removal/insertion
  nbd: Switch from close to eject notifier
  block: Remove BDS close notifier
  block: Use blk_remove_bs() in blk_delete()
  blockdev: Use blk_remove_bs() in do_drive_del()
  block: Make bdrv_close() static
  block: Add list of all BlockDriverStates
  blockdev: Keep track of monitor-owned BDS
  block: Add blk_remove_all_bs()
  block: Rewrite bdrv_close_all()
  iotests: Add test for multiple BB on BDS tree
  iotests: Add test for block jobs and BDS ejection

 block.c|  90 +++-
 block/block-backend.c  |  43 ++--
 blockdev-nbd.c |  40 +--
 blockdev.c |  30 +-
 hw/block/dataplane/virtio-blk.c|  77 ++
 hw/scsi/virtio-scsi.c  |  55 ++
 include/block/block.h  |   2 -
 include/block/block_int.h  |   8 +-
 include/hw/virtio/virtio-scsi.h|  10 ++
 include/sysemu/block-backend.h |   4 +-
 nbd/server.c   |  13 +++
 stubs/Makefile.objs|   1 +
 stubs/blockdev-close-all-bdrv-states.c |   5 +
 tests/qemu-iotests/117 |  86 +++
 tests/qemu-iotests/117.out |  14 +++
 tests/qemu-iotests/140 |  92 
 tests/qemu-iotests/140.out |  16 +++
 tests/qemu-iotests/141 | 186 +
 tests/qemu-iotests/141.out |  59 +++
 tests/qemu-iotests/group   |   3 +
 20 files changed, 742 insertions(+), 92 deletions(-)
 create mode 100644 stubs/blockdev-close-all-bdrv-states.c
 create mode 100755 tests/qemu-iotests/117
 create mode 100644 tests/qemu-iotests/117.out
 create mode 100755 tests/qemu-iotests/140
 create mode 100644 tests/qemu-iotests/140.out
 create mode 100755 tests/qemu-iotests/141
 create mode 100644

[Qemu-devel] [PATCH v9 06/16] nbd: Switch from close to eject notifier

2016-01-29 Thread Max Reitz 
The NBD code uses the BDS close notifier to determine when a medium is
ejected. However, now it should use the BB's BDS removal notifier for
that instead of the BDS's close notifier.

Signed-off-by: Max Reitz 
Reviewed-by: Fam Zheng 
Reviewed-by: Kevin Wolf 
---
 blockdev-nbd.c | 40 +---
 nbd/server.c   | 13 +
 2 files changed, 18 insertions(+), 35 deletions(-)

diff --git a/blockdev-nbd.c b/blockdev-nbd.c
index 4a758ac..9d6a21c 100644
--- a/blockdev-nbd.c
+++ b/blockdev-nbd.c
@@ -45,37 +45,11 @@ void qmp_nbd_server_start(SocketAddress *addr, Error **errp)
 }
 }
 
-/*
- * Hook into the BlockBackend notifiers to close the export when the
- * backend is closed.
- */
-typedef struct NBDCloseNotifier {
-Notifier n;
-NBDExport *exp;
-QTAILQ_ENTRY(NBDCloseNotifier) next;
-} NBDCloseNotifier;
-
-static QTAILQ_HEAD(, NBDCloseNotifier) close_notifiers =
-QTAILQ_HEAD_INITIALIZER(close_notifiers);
-
-static void nbd_close_notifier(Notifier *n, void *data)
-{
-NBDCloseNotifier *cn = DO_UPCAST(NBDCloseNotifier, n, n);
-
-notifier_remove(>n);
-QTAILQ_REMOVE(_notifiers, cn, next);
-
-nbd_export_close(cn->exp);
-nbd_export_put(cn->exp);
-g_free(cn);
-}
-
 void qmp_nbd_server_add(const char *device, bool has_writable, bool writable,
 Error **errp)
 {
 BlockBackend *blk;
 NBDExport *exp;
-NBDCloseNotifier *n;
 
 if (server_fd == -1) {
 error_setg(errp, "NBD server not running");
@@ -113,19 +87,15 @@ void qmp_nbd_server_add(const char *device, bool 
has_writable, bool writable,
 
 nbd_export_set_name(exp, device);
 
-n = g_new0(NBDCloseNotifier, 1);
-n->n.notify = nbd_close_notifier;
-n->exp = exp;
-blk_add_close_notifier(blk, >n);
-QTAILQ_INSERT_TAIL(_notifiers, n, next);
+/* The list of named exports has a strong reference to this export now and
+ * our only way of accessing it is through nbd_export_find(), so we can 
drop
+ * the strong reference that is @exp. */
+nbd_export_put(exp);
 }
 
 void qmp_nbd_server_stop(Error **errp)
 {
-while (!QTAILQ_EMPTY(_notifiers)) {
-NBDCloseNotifier *cn = QTAILQ_FIRST(_notifiers);
-nbd_close_notifier(>n, nbd_export_get_blockdev(cn->exp));
-}
+nbd_export_close_all();
 
 if (server_fd != -1) {
 qemu_set_fd_handler(server_fd, NULL, NULL, NULL);
diff --git a/nbd/server.c b/nbd/server.c
index 5169b59..2045f7c 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -64,6 +64,8 @@ struct NBDExport {
 QTAILQ_ENTRY(NBDExport) next;
 
 AioContext *ctx;
+
+Notifier eject_notifier;
 };
 
 static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
@@ -644,6 +646,12 @@ static void blk_aio_detach(void *opaque)
 exp->ctx = NULL;
 }
 
+static void nbd_eject_notifier(Notifier *n, void *data)
+{
+NBDExport *exp = container_of(n, NBDExport, eject_notifier);
+nbd_export_close(exp);
+}
+
 NBDExport *nbd_export_new(BlockBackend *blk, off_t dev_offset, off_t size,
   uint32_t nbdflags, void (*close)(NBDExport *),
   Error **errp)
@@ -666,6 +674,10 @@ NBDExport *nbd_export_new(BlockBackend *blk, off_t 
dev_offset, off_t size,
 exp->ctx = blk_get_aio_context(blk);
 blk_ref(blk);
 blk_add_aio_context_notifier(blk, blk_aio_attached, blk_aio_detach, exp);
+
+exp->eject_notifier.notify = nbd_eject_notifier;
+blk_add_remove_bs_notifier(blk, >eject_notifier);
+
 /*
  * NBD exports are used for non-shared storage migration.  Make sure
  * that BDRV_O_INACTIVE is cleared and the image is ready for write
@@ -745,6 +757,7 @@ void nbd_export_put(NBDExport *exp)
 }
 
 if (exp->blk) {
+notifier_remove(>eject_notifier);
 blk_remove_aio_context_notifier(exp->blk, blk_aio_attached,
 blk_aio_detach, exp);
 blk_unref(exp->blk);
-- 
2.7.0

[Qemu-devel] [PATCH v9 12/16] blockdev: Keep track of monitor-owned BDS

2016-01-29 Thread Max Reitz 
As a side effect, we can now make x-blockdev-del's check whether a BDS
is actually owned by the monitor explicit.

Signed-off-by: Max Reitz 
---
 blockdev.c | 28 +++-
 include/block/block_int.h  |  4 
 stubs/Makefile.objs|  1 +
 stubs/blockdev-close-all-bdrv-states.c |  5 +
 4 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 stubs/blockdev-close-all-bdrv-states.c

diff --git a/blockdev.c b/blockdev.c
index 09d4621..35e1e5c 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -50,6 +50,9 @@
 #include "trace.h"
 #include "sysemu/arch_init.h"
 
+static QTAILQ_HEAD(, BlockDriverState) monitor_bdrv_states =
+QTAILQ_HEAD_INITIALIZER(monitor_bdrv_states);
+
 static const char *const if_name[IF_COUNT] = {
 [IF_NONE] = "none",
 [IF_IDE] = "ide",
@@ -702,6 +705,19 @@ fail:
 return NULL;
 }
 
+void blockdev_close_all_bdrv_states(void)
+{
+BlockDriverState *bs, *next_bs;
+
+QTAILQ_FOREACH_SAFE(bs, _bdrv_states, monitor_list, next_bs) {
+AioContext *ctx = bdrv_get_aio_context(bs);
+
+aio_context_acquire(ctx);
+bdrv_unref(bs);
+aio_context_release(ctx);
+}
+}
+
 static void qemu_opt_rename(QemuOpts *opts, const char *from, const char *to,
 Error **errp)
 {
@@ -3875,12 +3891,15 @@ void qmp_blockdev_add(BlockdevOptions *options, Error 
**errp)
 if (!bs) {
 goto fail;
 }
+
+QTAILQ_INSERT_TAIL(_bdrv_states, bs, monitor_list);
 }
 
 if (bs && bdrv_key_required(bs)) {
 if (blk) {
 blk_unref(blk);
 } else {
+QTAILQ_REMOVE(_bdrv_states, bs, monitor_list);
 bdrv_unref(bs);
 }
 error_setg(errp, "blockdev-add doesn't support encrypted devices");
@@ -3940,7 +3959,13 @@ void qmp_x_blockdev_del(bool has_id, const char *id,
 goto out;
 }
 
-if (bs->refcnt > 1 || !QLIST_EMPTY(>parents)) {
+if (!blk && !bs->monitor_list.tqe_prev) {
+error_setg(errp, "Node %s is not owned by the monitor",
+   bs->node_name);
+goto out;
+}
+
+if (bs->refcnt > 1) {
 error_setg(errp, "Block device %s is in use",
bdrv_get_device_or_node_name(bs));
 goto out;
@@ -3950,6 +3975,7 @@ void qmp_x_blockdev_del(bool has_id, const char *id,
 if (blk) {
 blk_unref(blk);
 } else {
+QTAILQ_REMOVE(_bdrv_states, bs, monitor_list);
 bdrv_unref(bs);
 }
 
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 26c4e74..9ef823a 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -446,6 +446,8 @@ struct BlockDriverState {
 QTAILQ_ENTRY(BlockDriverState) device_list;
 /* element of the list of all BlockDriverStates (all_bdrv_states) */
 QTAILQ_ENTRY(BlockDriverState) bs_list;
+/* element of the list of monitor-owned BDS */
+QTAILQ_ENTRY(BlockDriverState) monitor_list;
 QLIST_HEAD(, BdrvDirtyBitmap) dirty_bitmaps;
 int refcnt;
 
@@ -708,4 +710,6 @@ bool bdrv_requests_pending(BlockDriverState *bs);
 void bdrv_clear_dirty_bitmap(BdrvDirtyBitmap *bitmap, HBitmap **out);
 void bdrv_undo_clear_dirty_bitmap(BdrvDirtyBitmap *bitmap, HBitmap *in);
 
+void blockdev_close_all_bdrv_states(void);
+
 #endif /* BLOCK_INT_H */
diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs
index d7898a0..e922de9 100644
--- a/stubs/Makefile.objs
+++ b/stubs/Makefile.objs
@@ -1,5 +1,6 @@
 stub-obj-y += arch-query-cpu-def.o
 stub-obj-y += bdrv-commit-all.o
+stub-obj-y += blockdev-close-all-bdrv-states.o
 stub-obj-y += clock-warp.o
 stub-obj-y += cpu-get-clock.o
 stub-obj-y += cpu-get-icount.o
diff --git a/stubs/blockdev-close-all-bdrv-states.c 
b/stubs/blockdev-close-all-bdrv-states.c
new file mode 100644
index 000..12d2442
--- /dev/null
+++ b/stubs/blockdev-close-all-bdrv-states.c
@@ -0,0 +1,5 @@
+#include "block/block_int.h"
+
+void blockdev_close_all_bdrv_states(void)
+{
+}
-- 
2.7.0

Re: [Qemu-devel] [PATCH v14 7/8] Implement new driver for block replication

2016-01-29 Thread Stefan Hajnoczi 
On Fri, Jan 29, 2016 at 11:13:42AM +0800, Changlong Xie wrote:
> On 01/28/2016 11:15 PM, Stefan Hajnoczi wrote:
> >On Thu, Jan 28, 2016 at 09:13:24AM +0800, Wen Congyang wrote:
> >>On 01/27/2016 10:46 PM, Stefan Hajnoczi wrote:
> >>>On Wed, Jan 13, 2016 at 05:18:31PM +0800, Changlong Xie wrote:
> >I'm concerned that the bdrv_drain_all() in vm_stop() can take a long
> >time if the disk is slow/failing.  bdrv_drain_all() blocks until all
> >in-flight I/O requests have completed.  What does the Primary do if the
> >Secondary becomes unresponsive?
> 
> Actually, we knew this problem. But currently, there seems no better way to
> resolve it. If you have any ideas?

Is it possible to hold the checkpoint information and acknowledge the
checkpoint right away, without waiting for bdrv_drain_all() or any
Secondory guest activity to complete?

I think this really means falling back to microcheckpointing until the
Secondary guest can checkpoint.  Instead of a blocking vm_stop() we
would prevent vcpus from running and when the last pending I/O finishes
the Secondary could apply the last checkpoint.  This approach does not
block QEMU (the monitor, etc).


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 4/8] libqos: remove some leaks

2016-01-29 Thread Markus Armbruster 
marcandre.lur...@redhat.com writes:

> From: Marc-André Lureau 
>
> qpci_device_find() returns allocated data, don't leak it.
>
> Signed-off-by: Marc-André Lureau 
> ---
>  tests/libqos/pci.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/tests/libqos/pci.c b/tests/libqos/pci.c
> index 4e630c2..80b1a21 100644
> --- a/tests/libqos/pci.c
> +++ b/tests/libqos/pci.c
> @@ -34,11 +34,13 @@ void qpci_device_foreach(QPCIBus *bus, int vendor_id, int 
> device_id,
   for (slot = 0; slot < 32; slot++) {
   int fn;

   for (fn = 0; fn < 8; fn++) {
   QPCIDevice *dev;

   dev = qpci_device_find(bus, QPCI_DEVFN(slot, fn));
   if (!dev) {
   continue;
   }
>  
>  if (vendor_id != -1 &&
>  qpci_config_readw(dev, PCI_VENDOR_ID) != vendor_id) {
> +g_free(dev);
>  continue;
>  }
>  
>  if (device_id != -1 &&
>  qpci_config_readw(dev, PCI_DEVICE_ID) != device_id) {
> +g_free(dev);
>  continue;
>  }

   func(dev, QPCI_DEVFN(slot, fn), data);
   }
   }
   }

The existing users pass a func that saves dev, and free the saved dev
later.  Works as long as we call func() at most once.  If multiple
devices match, all but the last one are leaked.  Can this happen?

[Qemu-devel] [PATCH v5 1/2] trace: Add support for vCPU pointers in trace events

2016-01-29 Thread Lluís Vilanova 
The tracing infrastructure later needs to differentiate between regular
pointers and pointers to vCPUs.

Also changes all targets to use the new 'TCGv_cpu' type instead of the
generic 'TCGv_ptr'. As of now, the change is merely cosmetic ('TCGv_cpu'
translates into 'TCGv_ptr'), but that could change in the future to
enforce the difference.

Signed-off-by: Lluís Vilanova 
---
 include/qemu/typedefs.h|1 +
 scripts/tracetool/transform.py |9 -
 target-alpha/translate.c   |2 +-
 target-arm/translate.c |2 +-
 target-arm/translate.h |2 +-
 target-cris/translate.c|2 +-
 target-i386/translate.c|2 +-
 target-lm32/translate.c|2 +-
 target-m68k/translate.c|2 +-
 target-microblaze/translate.c  |2 +-
 target-mips/translate.c|2 +-
 target-moxie/translate.c   |2 +-
 target-openrisc/translate.c|2 +-
 target-ppc/translate.c |2 +-
 target-s390x/translate.c   |2 +-
 target-sh4/translate.c |2 +-
 target-sparc/translate.c   |5 +++--
 target-tilegx/translate.c  |2 +-
 target-tricore/translate.c |2 +-
 target-unicore32/translate.c   |2 +-
 target-xtensa/translate.c  |2 +-
 tcg/tcg-op.h   |2 --
 tcg/tcg.h  |6 ++
 trace/control.h|3 ++-
 24 files changed, 38 insertions(+), 24 deletions(-)

diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 78fe6e8..efbc8a9 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -18,6 +18,7 @@ typedef struct BusState BusState;
 typedef struct CharDriverState CharDriverState;
 typedef struct CompatProperty CompatProperty;
 typedef struct CPUAddressSpace CPUAddressSpace;
+typedef struct CPUState CPUState;
 typedef struct DeviceListener DeviceListener;
 typedef struct DeviceState DeviceState;
 typedef struct DisplayChangeListener DisplayChangeListener;
diff --git a/scripts/tracetool/transform.py b/scripts/tracetool/transform.py
index fc5e679..8a43a4e 100644
--- a/scripts/tracetool/transform.py
+++ b/scripts/tracetool/transform.py
@@ -6,7 +6,7 @@ Type-transformation rules.
 """
 
 __author__ = "Lluís Vilanova "
-__copyright__  = "Copyright 2012-2014, Lluís Vilanova "
+__copyright__  = "Copyright 2012-2016, Lluís Vilanova "
 __license__= "GPL version 2 or (at your option) any later version"
 
 __maintainer__ = "Stefan Hajnoczi"
@@ -74,6 +74,7 @@ TCG_2_HOST = {
 "TCGv_i32": "uint32_t",
 "TCGv_i64": "uint64_t",
 "TCGv_ptr": "void *",
+"TCGv_cpu": "CPUState *",
 None: _tcg_2_host,
 }
 
@@ -98,6 +99,7 @@ HOST_2_TCG = {
 "uint32_t": "TCGv_i32",
 "uint64_t": "TCGv_i64",
 "void *"  : "TCGv_ptr",
+"CPUState *": "TCGv_cpu",
 None: _host_2_tcg,
 }
 
@@ -115,6 +117,8 @@ TCG_2_TCG_HELPER_DEF = {
 "TCGv_i32": "uint32_t",
 "TCGv_i64": "uint64_t",
 "TCGv_ptr": "void *",
+"TCGv_cpu": "void *",
+"CPUState *": "void *",
 None: _tcg_2_helper_def,
 }
 
@@ -130,6 +134,7 @@ TCG_2_TCG_HELPER_DECL = {
 "TCGv_ptr": "ptr",
 "TCGv_i32": "i32",
 "TCGv_i64": "i64",
+"TCGv_cpu": "ptr",
 None: _tcg_2_tcg_helper_decl_error,
 }
 
@@ -146,6 +151,7 @@ HOST_2_TCG_TMP_NEW = {
 "uint32_t": "tcg_const_i32",
 "uint64_t": "tcg_const_i64",
 "void *"  : "tcg_const_ptr",
+"CPUState *": "tcg_const_ptr",
 None: _host_2_tcg_tmp_new,
 }
 
@@ -162,5 +168,6 @@ HOST_2_TCG_TMP_FREE = {
 "uint32_t": "tcg_temp_free_i32",
 "uint64_t": "tcg_temp_free_i64",
 "void *"  : "tcg_temp_free_ptr",
+"CPUState *": "tcg_temp_free_ptr",
 None: _host_2_tcg_tmp_free,
 }
diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 9909c70..d631f74 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -91,7 +91,7 @@ typedef enum {
 } ExitStatus;
 
 /* global register indexes */
-static TCGv_ptr cpu_env;
+static TCGv_cpu cpu_env;
 static TCGv cpu_std_ir[31];
 static TCGv cpu_fir[31];
 static TCGv cpu_pc;
diff --git a/target-arm/translate.c b/target-arm/translate.c
index cff511b..07ca2c1 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -55,7 +55,7 @@
 #define IS_USER(s) (s->user)
 #endif
 
-TCGv_ptr cpu_env;
+TCGv_cpu cpu_env;
 /* We reuse the same 64-bit temporaries for efficiency.  */
 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
 static TCGv_i32 cpu_R[16];
diff --git a/target-arm/translate.h b/target-arm/translate.h
index 53ef971..6e8eb7d 100644
--- a/target-arm/translate.h
+++ b/target-arm/translate.h
@@ -70,7 +70,7 @@ typedef struct DisasCompare {
 } DisasCompare;
 
 /* Share the TCG temporaries common between 32 and 64 bit modes.  */
-extern TCGv_ptr cpu_env;
+extern TCGv_cpu cpu_env;
 extern TCGv_i32 cpu_NF, cpu_ZF, cpu_CF, cpu_VF;
 extern TCGv_i64 cpu_exclusive_addr;
 extern TCGv_i64

Re: [Qemu-devel] [PATCH 1/8] target-arm: Properly support EL2 and EL3 in arm_el_is_aa64()

2016-01-29 Thread Sergey Fedorov 
On 14.01.2016 21:34, Peter Maydell wrote:
> Support EL2 and EL3 in arm_el_is_aa64() by implementing the
> logic for checking the SCR_EL3 and HCR_EL2 register-width bits
> as appropriate to determine the register width of lower exception
> levels.

Reviewed-by: Sergey Fedorov 

>
> Signed-off-by: Peter Maydell 
> ---
>  target-arm/cpu.h | 33 -
>  1 file changed, 24 insertions(+), 9 deletions(-)
>
> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> index 5f81342..b8b3364 100644
> --- a/target-arm/cpu.h
> +++ b/target-arm/cpu.h
> @@ -969,18 +969,33 @@ static inline bool arm_is_secure(CPUARMState *env)
>  /* Return true if the specified exception level is running in AArch64 state. 
> */
>  static inline bool arm_el_is_aa64(CPUARMState *env, int el)
>  {
> -/* We don't currently support EL2, and this isn't valid for EL0
> - * (if we're in EL0, is_a64() is what you want, and if we're not in EL0
> - * then the state of EL0 isn't well defined.)
> +/* This isn't valid for EL0 (if we're in EL0, is_a64() is what you want,
> + * and if we're not in EL0 then the state of EL0 isn't well defined.)
>   */
> -assert(el == 1 || el == 3);
> +assert(el >= 1 && el <= 3);
> +bool aa64 = arm_feature(env, ARM_FEATURE_AARCH64);
>  
> -/* AArch64-capable CPUs always run with EL1 in AArch64 mode. This
> - * is a QEMU-imposed simplification which we may wish to change later.
> - * If we in future support EL2 and/or EL3, then the state of lower
> - * exception levels is controlled by the HCR.RW and SCR.RW bits.
> +/* The highest exception level is always at the maximum supported
> + * register width, and then lower levels have a register width controlled
> + * by bits in the SCR or HCR registers.
>   */
> -return arm_feature(env, ARM_FEATURE_AARCH64);
> +if (el == 3) {
> +return aa64;
> +}
> +
> +if (arm_feature(env, ARM_FEATURE_EL3)) {
> +aa64 = aa64 && (env->cp15.scr_el3 & SCR_RW);
> +}
> +
> +if (el == 2) {
> +return aa64;
> +}
> +
> +if (arm_feature(env, ARM_FEATURE_EL2) && !arm_is_secure_below_el3(env)) {
> +aa64 = aa64 && (env->cp15.hcr_el2 & HCR_RW);
> +}
> +
> +return aa64;
>  }
>  
>  /* Function for determing whether guest cp register reads and writes should

Re: [Qemu-devel] [PATCH 5/8] target-arm: Fix wrong AArch64 entry offset for EL2/EL3 target

2016-01-29 Thread Sergey Fedorov 
On 14.01.2016 21:34, Peter Maydell wrote:
> The entry offset when taking an exception to AArch64 from a lower
> exception level may be 0x400 or 0x600. 0x400 is used if the
> implemented exception level immediately lower than the target level
> is using AArch64, and 0x600 if it is using AArch32. We were
> incorrectly implementing this as checking the exception level
> that the exception was taken from. (The two can be different if
> for example we take an exception from EL0 to AArch64 EL3; we should
> in this case be checking EL2 if EL2 is implemented, and EL1 if
> EL2 is not implemented.)

Reviewed-by: Sergey Fedorov 

> Signed-off-by: Peter Maydell 
> ---
>  target-arm/helper.c | 21 -
>  1 file changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index d37c82c..196c111 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -5866,7 +5866,26 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
>  unsigned int new_mode = aarch64_pstate_mode(new_el, true);
>  
>  if (arm_current_el(env) < new_el) {
> -if (env->aarch64) {
> +/* Entry vector offset depends on whether the implemented EL
> + * immediately lower than the target level is using AArch32 or 
> AArch64
> + */
> +bool is_aa64;
> +
> +switch (new_el) {
> +case 3:
> +is_aa64 = (env->cp15.scr_el3 & SCR_RW) != 0;
> +break;
> +case 2:
> +is_aa64 = (env->cp15.hcr_el2 & HCR_RW) != 0;
> +break;
> +case 1:
> +is_aa64 = is_a64(env);
> +break;
> +default:
> +g_assert_not_reached();
> +}
> +
> +if (is_aa64) {
>  addr += 0x400;
>  } else {
>  addr += 0x600;

Re: [Qemu-devel] [PATCH 7/8] target-arm: Implement remaining illegal return event checks

2016-01-29 Thread Sergey Fedorov 
On 14.01.2016 21:34, Peter Maydell wrote:
> We already implement almost all the checks for the illegal
> return events from AArch64 state described in the ARM ARM section
> D1.11.2. Add the two missing ones:
>  * return to EL2 when EL3 is implemented and SCR_EL3.NS is 0
>  * return to Non-secure EL1 when EL2 is implemented and HCR_EL2.TGE is 1
>
> (We don't implement external debug, so the case of "debug state exit
> from EL0 using AArch64 state to EL0 using AArch32 state" doesn't apply
> for QEMU.)

Reviewed-by: Sergey Fedorov 

> Signed-off-by: Peter Maydell 
> ---
>  target-arm/op_helper.c | 11 +++
>  1 file changed, 11 insertions(+)
>
> diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
> index 38d46d8..5789ccb 100644
> --- a/target-arm/op_helper.c
> +++ b/target-arm/op_helper.c
> @@ -718,6 +718,17 @@ void HELPER(exception_return)(CPUARMState *env)
>  goto illegal_return;
>  }
>  
> +if (new_el == 2 && arm_is_secure_below_el3(env)) {
> +/* Return to the non-existent secure-EL2 */
> +goto illegal_return;
> +}
> +
> +if (new_el == 1 &&
> +arm_feature(env, ARM_FEATURE_EL2) && (env->cp15.hcr_el2 & HCR_TGE)
> +&& !arm_is_secure_below_el3(env)) {
> +goto illegal_return;
> +}
> +
>  if (!return_to_aa64) {
>  env->aarch64 = 0;
>  env->uncached_cpsr = spsr & CPSR_M;

[Qemu-devel] [RFC v2 1/8] linux-headers: partial update for VFIO reserved IOVA registration

2016-01-29 Thread Eric Auger 
This is a partial update aiming at enhancing the VFIO user API
according to not yet upstreamed kernel developments available at:

https://git.linaro.org/people/eric.auger/linux.git/shortlog/refs/heads/v4.5-rc1-pcie-passthrough-v1

See https://lkml.org/lkml/2016/1/26/371 for more details.

Signed-off-by: Eric Auger 
---
 linux-headers/linux/vfio.h | 15 ---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
index aa276bc..ac6032e 100644
--- a/linux-headers/linux/vfio.h
+++ b/linux-headers/linux/vfio.h
@@ -8,8 +8,8 @@
  * it under the terms of the GNU General Public License version 2 as
  * published by the Free Software Foundation.
  */
-#ifndef VFIO_H
-#define VFIO_H
+#ifndef _UAPIVFIO_H
+#define _UAPIVFIO_H
 
 #include 
 #include 
@@ -393,6 +393,7 @@ struct vfio_iommu_type1_info {
__u32   argsz;
__u32   flags;
 #define VFIO_IOMMU_INFO_PGSIZES (1 << 0)   /* supported page sizes info */
+#define VFIO_IOMMU_INFO_REQUIRE_MSI_MAP (1 << 1)/* MSI must be mapped */
__u64   iova_pgsizes;   /* Bitmap of supported page sizes */
 };
 
@@ -403,12 +404,20 @@ struct vfio_iommu_type1_info {
  *
  * Map process virtual addresses to IO virtual addresses using the
  * provided struct vfio_dma_map. Caller sets argsz. READ &/ WRITE required.
+ *
+ * In case MSI_RESERVED_IOVA is set, the API only aims at registering an IOVA
+ * region which will be used on some platforms to map the host MSI frame.
+ * in that specific case, vaddr is ignored. The requirement for provisioning
+ * such IOVA range can be checked by calling VFIO_IOMMU_GET_INFO with the
+ * VFIO_IOMMU_INFO_REQUIRE_MSI_MAP attribute.
  */
 struct vfio_iommu_type1_dma_map {
__u32   argsz;
__u32   flags;
 #define VFIO_DMA_MAP_FLAG_READ (1 << 0)/* readable from device 
*/
 #define VFIO_DMA_MAP_FLAG_WRITE (1 << 1)   /* writable from device */
+/* reserved iova for MSI vectors*/
+#define VFIO_DMA_MAP_FLAG_MSI_RESERVED_IOVA (1 << 2)
__u64   vaddr;  /* Process virtual address */
__u64   iova;   /* IO virtual address */
__u64   size;   /* Size of mapping (bytes) */
@@ -591,4 +600,4 @@ struct vfio_iommu_spapr_tce_remove {
 
 /* * */
 
-#endif /* VFIO_H */
+#endif /* _UAPIVFIO_H */
-- 
1.9.1

[Qemu-devel] [RFC v2 5/8] memory: add reserved_iova region type

2016-01-29 Thread Eric Auger 
Introduce a new reserved_iova region type. This type of iova region
is bound to be used by the kernel to map some host physical addresses.

A new initializer, memory_region_init_reserved_iova is introduced, as
well as a test function, memory_region_is_reserved_iova.

Signed-off-by: Eric Auger 
---
 include/exec/memory.h | 29 +
 memory.c  | 11 +++
 2 files changed, 40 insertions(+)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index c92734a..616cb86 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -165,6 +165,7 @@ struct MemoryRegion {
 /* The following fields should fit in a cache line */
 bool romd_mode;
 bool ram;
+bool reserved_iova;
 bool subpage;
 bool readonly; /* For RAM regions */
 bool rom_device;
@@ -359,6 +360,21 @@ void memory_region_init_ram(MemoryRegion *mr,
 Error **errp);
 
 /**
+ * memory_region_init_reserved_iova:  Initialize reserved iova memory region
+ *
+ * @mr: the #MemoryRegion to be initialized.
+ * @owner: the object that tracks the region's reference count
+ * @name: the name of the region.
+ * @size: size of the region.
+ * @errp: pointer to Error*, to store an error if it happens.
+ */
+void memory_region_init_reserved_iova(MemoryRegion *mr,
+  struct Object *owner,
+  const char *name,
+  uint64_t size,
+  Error **errp);
+
+/**
  * memory_region_init_resizeable_ram:  Initialize memory region with resizeable
  * RAM.  Accesses into the region will
  * modify memory directly.  Only an initial
@@ -531,6 +547,19 @@ static inline bool memory_region_is_ram(MemoryRegion *mr)
 }
 
 /**
+ * memory_region_is_reserved_iova: check whether a memory region corresponds to
+   reserved iova
+ *
+ * Returns %true is a memory region is reserved iova
+ *
+ * @mr: the memory region being queried
+ */
+static inline bool memory_region_is_reserved_iova(MemoryRegion *mr)
+{
+return mr->reserved_iova;
+}
+
+/**
  * memory_region_is_skip_dump: check whether a memory region should not be
  * dumped
  *
diff --git a/memory.c b/memory.c
index d2d0a92..d9ff1b7 100644
--- a/memory.c
+++ b/memory.c
@@ -1231,6 +1231,17 @@ void memory_region_init_ram(MemoryRegion *mr,
 mr->dirty_log_mask = tcg_enabled() ? (1 << DIRTY_MEMORY_CODE) : 0;
 }
 
+void memory_region_init_reserved_iova(MemoryRegion *mr,
+  Object *owner,
+  const char *name,
+  uint64_t size,
+  Error **errp)
+{
+memory_region_init(mr, owner, name, size);
+mr->reserved_iova = true;
+mr->terminates = true;
+}
+
 void memory_region_init_resizeable_ram(MemoryRegion *mr,
Object *owner,
const char *name,
-- 
1.9.1

[Qemu-devel] [RFC v2 7/8] hw: arm: virt: register reserved IOVA region

2016-01-29 Thread Eric Auger 
Registers a 16x64kB reserved iova region. Currently this iova
region is used by the host kernel to map host MSI controller frames
(GICv2m, GITS_TRANSLATER). The host kernel needs this iova window
since it cannot program the PCIe device with MSI frame physical
address (as opposed to x86) since the MSI write transactions go
through the IOMMU.

The reserved region is mapped on the platform bus.

Signed-off-by: Eric Auger 

---

RFC v1 -> RFC v2:
- use the platform bus to map the reserved iova region
---
 hw/arm/virt.c | 19 ++-
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 3839c68..4b2a891 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -805,7 +805,7 @@ static void create_pcie_irq_map(const VirtBoardInfo *vbi, 
uint32_t gic_phandle,
 }
 
 static void create_pcie(const VirtBoardInfo *vbi, qemu_irq *pic,
-bool use_highmem)
+bool use_highmem, MemoryRegion **reserved_reg)
 {
 hwaddr base_mmio = vbi->memmap[VIRT_PCIE_MMIO].base;
 hwaddr size_mmio = vbi->memmap[VIRT_PCIE_MMIO].size;
@@ -920,10 +920,16 @@ static void create_pcie(const VirtBoardInfo *vbi, 
qemu_irq *pic,
 qemu_fdt_setprop_cell(vbi->fdt, nodename, "#interrupt-cells", 1);
 create_pcie_irq_map(vbi, vbi->gic_phandle, irq, nodename);
 
+/* initialize the reserved iova region for MSI binding (16 x 64kb) */
+*reserved_reg = g_new0(MemoryRegion, 1);
+memory_region_init_reserved_iova(*reserved_reg, OBJECT(dev),
+ "reserved-iova",
+ 0x10, _fatal);
+
 g_free(nodename);
 }
 
-static void create_platform_bus(VirtBoardInfo *vbi, qemu_irq *pic)
+static PlatformBusDevice *create_platform_bus(VirtBoardInfo *vbi, qemu_irq 
*pic)
 {
 DeviceState *dev;
 SysBusDevice *s;
@@ -962,6 +968,7 @@ static void create_platform_bus(VirtBoardInfo *vbi, 
qemu_irq *pic)
 memory_region_add_subregion(sysmem,
 platform_bus_params.platform_bus_base,
 sysbus_mmio_get_region(s, 0));
+return PLATFORM_BUS_DEVICE(dev);
 }
 
 static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size)
@@ -1015,7 +1022,7 @@ static void machvirt_init(MachineState *machine)
 VirtMachineState *vms = VIRT_MACHINE(machine);
 qemu_irq pic[NUM_IRQS];
 MemoryRegion *sysmem = get_system_memory();
-MemoryRegion *secure_sysmem = NULL;
+MemoryRegion *secure_sysmem = NULL, *reserved_reg;
 int gic_version = vms->gic_version;
 int n, max_cpus;
 MemoryRegion *ram = g_new(MemoryRegion, 1);
@@ -1024,6 +1031,7 @@ static void machvirt_init(MachineState *machine)
 VirtGuestInfoState *guest_info_state = g_malloc0(sizeof *guest_info_state);
 VirtGuestInfo *guest_info = _info_state->info;
 char **cpustr;
+PlatformBusDevice *pbus;
 
 if (!cpu_model) {
 cpu_model = "cortex-a15";
@@ -1161,7 +1169,7 @@ static void machvirt_init(MachineState *machine)
 
 create_rtc(vbi, pic);
 
-create_pcie(vbi, pic, vms->highmem);
+create_pcie(vbi, pic, vms->highmem, _reg);
 
 create_gpio(vbi, pic);
 
@@ -1200,7 +1208,8 @@ static void machvirt_init(MachineState *machine)
  * another notifier is registered which adds platform bus nodes.
  * Notifiers are executed in registration reverse order.
  */
-create_platform_bus(vbi, pic);
+pbus = create_platform_bus(vbi, pic);
+platform_bus_map_region(pbus, reserved_reg);
 }
 
 static bool virt_get_secure(Object *obj, Error **errp)
-- 
1.9.1

[Qemu-devel] [PATCH v9 14/16] block: Rewrite bdrv_close_all()

2016-01-29 Thread Max Reitz 
This patch rewrites bdrv_close_all(): Until now, all root BDSs have been
force-closed. This is bad because it can lead to cached data not being
flushed to disk.

Instead, try to make all reference holders relinquish their reference
voluntarily:

1. All BlockBackend users are handled by making all BBs simply eject
   their BDS tree. Since a BDS can never be on top of a BB, this will
   not cause any of the issues as seen with the force-closing of BDSs.
   The references will be relinquished and any further access to the BB
   will fail gracefully.
2. All BDSs which are owned by the monitor itself (because they do not
   have a BB) are relinquished next.
3. Besides BBs and the monitor, block jobs and other BDSs are the only
   things left that can hold a reference to BDSs. After every remaining
   block job has been canceled, there should not be any BDSs left (and
   the loop added here will always terminate (as long as NDEBUG is not
   defined), because either all_bdrv_states will be empty or there will
   not be any block job left to cancel, failing the assertion).

Signed-off-by: Max Reitz 
---
 block.c | 34 ++
 1 file changed, 26 insertions(+), 8 deletions(-)

diff --git a/block.c b/block.c
index d687d2c..ff1aafc 100644
--- a/block.c
+++ b/block.c
@@ -2145,9 +2145,7 @@ static void bdrv_close(BlockDriverState *bs)
 {
 BdrvAioNotifier *ban, *ban_next;
 
-if (bs->job) {
-block_job_cancel_sync(bs->job);
-}
+assert(!bs->job);
 
 /* Disable I/O limits and drain all pending throttled requests */
 if (bs->throttle_state) {
@@ -2214,13 +2212,33 @@ static void bdrv_close(BlockDriverState *bs)
 void bdrv_close_all(void)
 {
 BlockDriverState *bs;
+AioContext *aio_context;
 
-QTAILQ_FOREACH(bs, _states, device_list) {
-AioContext *aio_context = bdrv_get_aio_context(bs);
+/* Drop references from requests still in flight, such as canceled block
+ * jobs whose AIO context has not been polled yet */
+bdrv_drain_all();
 
-aio_context_acquire(aio_context);
-bdrv_close(bs);
-aio_context_release(aio_context);
+blk_remove_all_bs();
+blockdev_close_all_bdrv_states();
+
+/* Cancel all block jobs */
+while (!QTAILQ_EMPTY(_bdrv_states)) {
+QTAILQ_FOREACH(bs, _bdrv_states, bs_list) {
+aio_context = bdrv_get_aio_context(bs);
+
+aio_context_acquire(aio_context);
+if (bs->job) {
+block_job_cancel_sync(bs->job);
+aio_context_release(aio_context);
+break;
+}
+aio_context_release(aio_context);
+}
+
+/* All the remaining BlockDriverStates are referenced directly or
+ * indirectly from block jobs, so there needs to be at least one BDS
+ * directly used by a block job */
+assert(bs);
 }
 }
 
-- 
2.7.0

[Qemu-devel] [PATCH v9 15/16] iotests: Add test for multiple BB on BDS tree

2016-01-29 Thread Max Reitz 
This adds a test for having multiple BlockBackends in one BDS tree. In
this case, there is one BB for the protocol BDS and one BB for the
format BDS in a simple two-BDS tree (with the protocol BDS and BB added
first).

When bdrv_close_all() is executed, no cached data from any BDS should be
lost; the protocol BDS may not be closed until the format BDS is closed.
Otherwise, metadata updates may be lost.

Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
---
 tests/qemu-iotests/117 | 86 ++
 tests/qemu-iotests/117.out | 14 
 tests/qemu-iotests/group   |  1 +
 3 files changed, 101 insertions(+)
 create mode 100755 tests/qemu-iotests/117
 create mode 100644 tests/qemu-iotests/117.out

diff --git a/tests/qemu-iotests/117 b/tests/qemu-iotests/117
new file mode 100755
index 000..969750d
--- /dev/null
+++ b/tests/qemu-iotests/117
@@ -0,0 +1,86 @@
+#!/bin/bash
+#
+# Test case for shared BDS between backend trees
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mre...@redhat.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+   _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.qemu
+
+_supported_fmt qcow2
+_supported_proto file
+_supported_os Linux
+
+_make_test_img 64k
+
+_launch_qemu
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'qmp_capabilities' }" \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'blockdev-add',
+   'arguments': { 'options': { 'id': 'protocol',
+   'driver': 'file',
+   'filename': '$TEST_IMG' } } }" \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'blockdev-add',
+   'arguments': { 'options': { 'id': 'format',
+   'driver': '$IMGFMT',
+   'file': 'protocol' } } }" \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'human-monitor-command',
+   'arguments': { 'command-line': 'qemu-io format \"write -P 42 0 64k\"' } 
}" \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'quit' }" \
+'return'
+
+wait=1 _cleanup_qemu
+
+_check_test_img
+
+$QEMU_IO -c 'read -P 42 0 64k' "$TEST_IMG" | _filter_qemu_io
+
+# success, all done
+echo '*** done'
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/117.out b/tests/qemu-iotests/117.out
new file mode 100644
index 000..f52dc1a
--- /dev/null
+++ b/tests/qemu-iotests/117.out
@@ -0,0 +1,14 @@
+QA output created by 117
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=65536
+{"return": {}}
+{"return": {}}
+{"return": {}}
+wrote 65536/65536 bytes at offset 0
+64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+{"return": ""}
+{"return": {}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"SHUTDOWN"}
+No errors were found on the image.
+read 65536/65536 bytes at offset 0
+64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index ff1ff0d..e89f076 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -122,6 +122,7 @@
 114 rw auto quick
 115 rw auto
 116 rw auto quick
+117 rw auto
 118 rw auto
 119 rw auto quick
 120 rw auto quick
-- 
2.7.0

Re: [Qemu-devel] [PATCH] usb: ehci: add capability mmio write function

2016-01-29 Thread P J P 
   Hello Gerd,

+-- On Fri, 29 Jan 2016, Gerd Hoffmann wrote --+
| On Fr, 2016-01-29 at 18:30 +0530, P J P wrote:
| > pointer dereference issue. Add a do nothing 'ehci_caps_write'
| > definition to avoid it; Do nothing because capability registers
| > are Read Only(RO).
| 
| Surely makes sense, xhci does the same, I'll pick it up.

  Cool! Thank you.
 
| Maybe we should have a generic nop_write function somewhere.  Not that there

  True. Would one nop_write function serve them all? I mean do they share the 
same prototype/syntax?

--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Re: [Qemu-devel] [PATCH 1/8] target-arm: Properly support EL2 and EL3 in arm_el_is_aa64()

2016-01-29 Thread Sergey Fedorov 
On 29.01.2016 19:45, Sergey Fedorov wrote:
> On 14.01.2016 21:34, Peter Maydell wrote:
>> > Support EL2 and EL3 in arm_el_is_aa64() by implementing the
>> > logic for checking the SCR_EL3 and HCR_EL2 register-width bits
>> > as appropriate to determine the register width of lower exception
>> > levels.
> Reviewed-by: Sergey Fedorov 

Oops... I should put this below the following "Signed-off-by" statement :)

>
>> >
>> > Signed-off-by: Peter Maydell

[Qemu-devel] [RFC v2 2/8] Add a function to determine interrupt number for INTx routing

2016-01-29 Thread Eric Auger 
This patch adds a PCI bus specific function pointer "route_intx_to_irq"
for GPEX. This is used in detemining PCI INTx number from pin.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Tushar Jagad 
---
 hw/pci-host/gpex.c | 12 
 include/hw/pci-host/gpex.h |  1 +
 2 files changed, 13 insertions(+)

diff --git a/hw/pci-host/gpex.c b/hw/pci-host/gpex.c
index 9d8fb5a..d0d1250 100644
--- a/hw/pci-host/gpex.c
+++ b/hw/pci-host/gpex.c
@@ -42,6 +42,17 @@ static void gpex_set_irq(void *opaque, int irq_num, int 
level)
 qemu_set_irq(s->irq[irq_num], level);
 }
 
+static PCIINTxRoute gpex_route_intx_pin_to_irq(void *opaque, int pin)
+{
+PCIINTxRoute route;
+GPEXHost *s = opaque;
+
+route.mode = PCI_INTX_ENABLED;
+route.irq = (int)s->irq_num[pin];
+
+return route;
+}
+
 static void gpex_host_realize(DeviceState *dev, Error **errp)
 {
 PCIHostState *pci = PCI_HOST_BRIDGE(dev);
@@ -66,6 +77,7 @@ static void gpex_host_realize(DeviceState *dev, Error **errp)
 >io_ioport, 0, 4, TYPE_PCIE_BUS);
 
 qdev_set_parent_bus(DEVICE(>gpex_root), BUS(pci->bus));
+pci_bus_set_route_irq_fn(pci->bus, gpex_route_intx_pin_to_irq);
 qdev_init_nofail(DEVICE(>gpex_root));
 }
 
diff --git a/include/hw/pci-host/gpex.h b/include/hw/pci-host/gpex.h
index 68c9348..7df1c16 100644
--- a/include/hw/pci-host/gpex.h
+++ b/include/hw/pci-host/gpex.h
@@ -51,6 +51,7 @@ typedef struct GPEXHost {
 MemoryRegion io_ioport;
 MemoryRegion io_mmio;
 qemu_irq irq[GPEX_NUM_IRQS];
+uint32_t irq_num[GPEX_NUM_IRQS];
 } GPEXHost;
 
 #endif /* HW_GPEX_H */
-- 
1.9.1

[Qemu-devel] [RFC v2 4/8] hw: vfio: common: introduce vfio_register_reserved_iova

2016-01-29 Thread Eric Auger 
vfio_register_reserved_iova allows to register the reserved IOVA region,
typically for MSI frame binding purpose. The kernel allows registering
a single reserved IOVA region.

Unregistration is handled through legacy vfio_dma_unmap.

The function will become static in subsequent patches. However, since
there is no user yet, the compiler argues; the function is currently
not static and a dummy declaration needs to be added.

Signed-off-by: Eric Auger 
---
 hw/vfio/common.c | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 6797208..247c87b 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -208,6 +208,36 @@ static int vfio_dma_unmap(VFIOContainer *container,
 return 0;
 }
 
+/**
+ * vfio_register_reserved_iova: registers the iova reserved region
+ *
+ * @container: container handle
+ * @iova: base iova of the reserved region
+ * @size: reserved region size
+ *
+ * unregistration is handled using vfio_dma_unmap
+ */
+int vfio_register_reserved_iova(VFIOContainer *container, hwaddr iova,
+ram_addr_t size);
+int vfio_register_reserved_iova(VFIOContainer *container, hwaddr iova,
+ram_addr_t size)
+{
+struct vfio_iommu_type1_dma_map map = {
+.argsz = sizeof(map),
+.flags = VFIO_DMA_MAP_FLAG_MSI_RESERVED_IOVA,
+.iova = iova,
+.size = size,
+};
+
+if (ioctl(container->fd, VFIO_IOMMU_MAP_DMA, ) == 0) {
+return 0;
+}
+
+error_report("VFIO_MAP_DMA/MSI_RESERVED_IOVA: %d", -errno);
+return -errno;
+
+}
+
 static int vfio_dma_map(VFIOContainer *container, hwaddr iova,
 ram_addr_t size, void *vaddr, bool readonly)
 {
-- 
1.9.1

[Qemu-devel] [RFC v2 6/8] hw: platform-bus: enable to map any memory region onto the platform-bus

2016-01-29 Thread Eric Auger 
The platform bus currently is used to map dynamically instantiable
platform device MMIO regions. The platform bus also can be seen as a
pool of free guest physical addresses. We would like to use that pool
to allocate a contiguous reserved IOVA region usable for MSI message
address IOMMU mapping.

This patch introduces platform_bus_map_region which enables to map any
memory region onto the platform bus.

Signed-off-by: Eric Auger 
---
 hw/core/platform-bus.c| 26 --
 include/hw/platform-bus.h |  7 +++
 2 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/hw/core/platform-bus.c b/hw/core/platform-bus.c
index aa55d01..7d0f5e0 100644
--- a/hw/core/platform-bus.c
+++ b/hw/core/platform-bus.c
@@ -128,16 +128,14 @@ static void platform_bus_map_irq(PlatformBusDevice *pbus, 
SysBusDevice *sbdev,
 sysbus_connect_irq(sbdev, n, pbus->irqs[irqn]);
 }
 
-static void platform_bus_map_mmio(PlatformBusDevice *pbus, SysBusDevice *sbdev,
-  int n)
+void platform_bus_map_region(PlatformBusDevice *pbus, MemoryRegion *mr)
 {
-MemoryRegion *sbdev_mr = sysbus_mmio_get_region(sbdev, n);
-uint64_t size = memory_region_size(sbdev_mr);
+uint64_t size = memory_region_size(mr);
 uint64_t alignment = (1ULL << (63 - clz64(size + size - 1)));
 uint64_t off;
 bool found_region = false;
 
-if (memory_region_is_mapped(sbdev_mr)) {
+if (memory_region_is_mapped(mr)) {
 /* Region is already mapped, nothing to do */
 return;
 }
@@ -154,13 +152,21 @@ static void platform_bus_map_mmio(PlatformBusDevice 
*pbus, SysBusDevice *sbdev,
 }
 
 if (!found_region) {
-error_report("Platform Bus: Can not fit MMIO region of size %"PRIx64,
- size);
-exit(1);
+error_setg(_fatal,
+   "Platform Bus: Can not fit region %s of size %"PRIx64,
+   mr->name, size);
 }
 
-/* Map the device's region into our Platform Bus MMIO space */
-memory_region_add_subregion(>mmio, off, sbdev_mr);
+/* Map the region into our Platform Bus MMIO space */
+memory_region_add_subregion(>mmio, off, mr);
+}
+
+static void platform_bus_map_mmio(PlatformBusDevice *pbus, SysBusDevice *sbdev,
+  int n)
+{
+MemoryRegion *sbdev_mr = sysbus_mmio_get_region(sbdev, n);
+
+platform_bus_map_region(pbus, sbdev_mr);
 }
 
 /*
diff --git a/include/hw/platform-bus.h b/include/hw/platform-bus.h
index bd42b83..ee19674 100644
--- a/include/hw/platform-bus.h
+++ b/include/hw/platform-bus.h
@@ -54,4 +54,11 @@ int platform_bus_get_irqn(PlatformBusDevice *platform_bus, 
SysBusDevice *sbdev,
 hwaddr platform_bus_get_mmio_addr(PlatformBusDevice *pbus, SysBusDevice *sbdev,
   int n);
 
+/**
+ * platform_bus_map_region: map a region into the platform bus
+ * @pbus: platform bus handle
+ * @mr: memory region handle
+ */
+void platform_bus_map_region(PlatformBusDevice *pbus, MemoryRegion *mr);
+
 #endif /* !HW_PLATFORM_BUS_H */
-- 
1.9.1

[Qemu-devel] [RFC v2 0/8] KVM PCI/MSI passthrough with mach-virt

2016-01-29 Thread Eric Auger 
This series enables KVM PCI/MSI passthrough with mach-virt.

A new memory region type is introduced (reserved iova). On
vfio_listener_region_add this IOVA region is registered to the kernel with
VFIO_IOMMU_MAP_DMA (using the new VFIO_DMA_MAP_FLAG_MSI_RESERVED_IOVA flag).

The host VFIO PCI driver then can use this IOVA window to map some host
physical addresses, accessed by passthrough'ed PCI devices, through the IOMMU.
The first goal is to map host MSI controller frames (GICv2M, GITS_TRANSLATER).

mach-virt currently instantiates a 16x64kB reserved IOVA window. This
provisions for future usage. Most probably this exceeds MSI binding needs.
To avoid wasting guest PA, we now map the reserved region onto the
platform bus MMIO.

The series includes Pranav/Tushar' series:
QEMU, [v2 0/2] Generic PCIe host bridge INTx determination for INTx routing
((https://lists.nongnu.org/archive/html/qemu-devel/2015-04/msg04361.html))

Those patches are not mandated for PCI/MSI passthrough to work but without
those, the following warning is observed and can puzzle the end-user:
"qemu-system-aarch64: PCI: Bug - unimplemented PCI INTx routing (gpex-pcihost)"

Best Regards

Eric

Dependencies:
The series depends on kernel series: "[PATCH 00/10] KVM PCIe/MSI passthrough on
ARM/ARM64", (https://lkml.org/lkml/2016/1/26/371)

Git:
QEMU:
https://git.linaro.org/people/eric.auger/qemu.git/shortlog/refs/heads/v2.5.0-pci-passthrough-rfc-v2

Kernel:
https://git.linaro.org/people/eric.auger/linux.git/shortlog/refs/heads/v4.5-rc1-pcie-passthrough-v1

Testing:
- on ARM64 AMD Overdrive HW with one e1000e PCIe card.

History:
RFC v1 -> RFC v2:
- now uses platform bus MMIO for mapping reserved IOVA region; hence the
  new patch file:
  "hw: platform-bus: enable to map any memory region onto the platform-bus"

Eric Auger (8):
  linux-headers: partial update for VFIO reserved IOVA registration
  Add a function to determine interrupt number for INTx routing
  Generic PCIe host bridge INTx determination for INTx routing
  hw: vfio: common: introduce vfio_register_reserved_iova
  memory: add reserved_iova region type
  hw: platform-bus: enable to map any memory region onto the
platform-bus
  hw: arm: virt: register reserved IOVA region
  hw: vfio: common: adapt vfio_listeners for reserved_iova region

 hw/arm/virt.c  | 23 
 hw/core/platform-bus.c | 26 +++---
 hw/pci-host/gpex.c | 12 
 hw/vfio/common.c   | 68 --
 include/exec/memory.h  | 29 
 include/hw/pci-host/gpex.h |  1 +
 include/hw/platform-bus.h  |  7 +
 linux-headers/linux/vfio.h | 15 --
 memory.c   | 11 
 9 files changed, 160 insertions(+), 32 deletions(-)

-- 
1.9.1

Re: [Qemu-devel] [PATCH v7 01/13] machine: Don't allow CPU toplogies with partially filled cores

2016-01-29 Thread Eduardo Habkost 
On Fri, Jan 29, 2016 at 05:52:15PM +0100, Igor Mammedov wrote:
> On Fri, 29 Jan 2016 13:36:05 -0200
> Eduardo Habkost  wrote:
> 
> > On Fri, Jan 29, 2016 at 04:10:47PM +0100, Igor Mammedov wrote:
> > > On Fri, 29 Jan 2016 12:24:18 -0200
> > > Eduardo Habkost  wrote:
> > >   
> > > > On Fri, Jan 29, 2016 at 02:52:30PM +1100, David Gibson wrote:  
> > > > > On Thu, Jan 28, 2016 at 11:19:43AM +0530, Bharata B Rao wrote:
> > > > > > Prevent guests from booting with CPU topologies that have partially
> > > > > > filled CPU cores or can result in partially filled CPU cores after
> > > > > > CPU hotplug like
> > > > > > 
> > > > > > -smp 15,sockets=1,cores=4,threads=4,maxcpus=16 or
> > > > > > -smp 15,sockets=1,cores=4,threads=4,maxcpus=17.
> > > > > > 
> > > > > > This is enforced by introducing MachineClass::validate_smp_config()
> > > > > > that gets called from generic SMP parsing code. Machine type 
> > > > > > versions
> > > > > > that want to enforce this can define this to the generic version
> > > > > > provided.
> > > > > > 
> > > > > > Only sPAPR and PC machine types starting from version 2.6 enforce 
> > > > > > this in
> > > > > > this patch.
> > > > > > 
> > > > > > Signed-off-by: Bharata B Rao 
> > > > > 
> > > > > I've been kind of lost in the back and forth about
> > > > > threads/cores/sockets.
> > > > > 
> > > > > What, in the end, is the rationale for allowing partially filled
> > > > > sockets, but not partially filled cores?
> > > > 
> > > > I don't think there's a good reason for that (at least for PC).
> > > > 
> > > > It's easier to relax the requirements later if necessary, than
> > > > dealing with compatibility issues again when making the code more
> > > > strict. So I suggest we make validate_smp_config_generic() also
> > > > check if smp_cpus % (smp_threads * smp_cores) == 0.  
> > > 
> > > that would break exiting setups.  
> > 
> > Not if we do that only on newer machine classes.
> > validate_smp_config_generic() will be used only on *-2.6 and
> > newer.
> > 
> > 
> > > 
> > > Also in case of cpu hotplug this patch will break migration
> > > as target QEMU might refuse starting with hotplugged CPU thread.  
> > 
> > This won't change older machine-types.
> > 
> > But I think you are right: it can break migration on pc-2.6, too.
> > But: isn't migration already broken when creating other sets of
> > CPUs that can't represented using -smp?
> > 
> > How exactly would you migrate a machine today, if you run:
> > 
> >   $ qemu-system-x86_64 -smp 16,sockets=2,cores=2,threads=2,maxcpus=32
> >   (QMP) cpu-add id=31
> that's invalid topology and should exit with error at start-up,

Oops, my mistake. Now the same question with the right numbers:

How exactly would you migrate a machine today, if you do the
following?

  $ qemu-system-x86_64 -smp 8,sockets=2,cores=2,threads=2,maxcpus=16
  (QMP) cpu-add id=15


> however it shouldn't be smp_cpus vs sockets,cores,threads check
> but rather max_cpus vs sockets,cores,threads,maxcpus check.
> something like this:
> 
> diff --git a/vl.c b/vl.c
> index f043009..3afa0b6 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -1239,9 +1239,9 @@ static void smp_parse(QemuOpts *opts)
>  }
>  
>  max_cpus = qemu_opt_get_number(opts, "maxcpus", cpus);
> -if (sockets * cores * threads > max_cpus) {
> -error_report("cpu topology: "
> - "sockets (%u) * cores (%u) * threads (%u) > "
> +if (sockets * cores * threads == max_cpus) {
> +error_report("invalid cpu topology: "
> + "sockets (%u) * cores (%u) * threads (%u) not equal 
> "
>   "maxcpus (%u)",
>   sockets, cores, threads, max_cpus);
>  exit(1);
> 
> > 
> > 
> > > 
> > > Perhaps this check should be enforced per target/machine if
> > > arch requires it.  
> > 
> > It is. Please see the patch. It introduces a validate_smp_config
> > method.
> > 
> > But we need your input to clarify if
> > validate_smp_config_generic() is safe for pc-2.6 too.
> it breaks migration as it could prevent target from starting if
> there is hotplugged CPUs on source side.

It looks like this is a problem only if the machine allows
hotplug of individual threads. What if we just add this to the
beginning of validate_smp_config_generic():

if (mc->hot_add_cpu && max_cpus > smp_cpus) {
/* hot_add_cpu() allows hotplug of individual threads,
 * allowing incomplete cores/sockets, so we can't prevent
 * it from running.
 */
 return 0;
}

-- 
Eduardo

[Qemu-devel] [PULL 01/48] block: Add blk_dev_has_tray()

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

Pull out the check whether a block device has a tray from
blk_dev_is_tray_open() into its own function so both attributes (whether
there is a tray vs. whether that tray is open) can be queried
independently.

Cc: qemu-stable 
Signed-off-by: Max Reitz 
Reviewed-by: Eric Blake 
Reviewed-by: Alberto Garcia 
Signed-off-by: Kevin Wolf 
---
 block/block-backend.c | 10 +-
 include/block/block_int.h |  1 +
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index efd6146..a4208f1 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -459,6 +459,14 @@ bool blk_dev_has_removable_media(BlockBackend *blk)
 }
 
 /*
+ * Does @blk's attached device model have a tray?
+ */
+bool blk_dev_has_tray(BlockBackend *blk)
+{
+return blk->dev_ops && blk->dev_ops->is_tray_open;
+}
+
+/*
  * Notify @blk's attached device model of a media eject request.
  * If @force is true, the medium is about to be yanked out forcefully.
  */
@@ -474,7 +482,7 @@ void blk_dev_eject_request(BlockBackend *blk, bool force)
  */
 bool blk_dev_is_tray_open(BlockBackend *blk)
 {
-if (blk->dev_ops && blk->dev_ops->is_tray_open) {
+if (blk_dev_has_tray(blk)) {
 return blk->dev_ops->is_tray_open(blk->dev_opaque);
 }
 return false;
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 428fa33..ec31df1 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -695,6 +695,7 @@ void blk_set_bs(BlockBackend *blk, BlockDriverState *bs);
 
 void blk_dev_change_media_cb(BlockBackend *blk, bool load);
 bool blk_dev_has_removable_media(BlockBackend *blk);
+bool blk_dev_has_tray(BlockBackend *blk);
 void blk_dev_eject_request(BlockBackend *blk, bool force);
 bool blk_dev_is_tray_open(BlockBackend *blk);
 bool blk_dev_is_medium_locked(BlockBackend *blk);
-- 
1.8.3.1

[Qemu-devel] [PULL 09/48] iotests: Change coding style of _filter_nbd in 083

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

In order to be able to move _filter_nbd to common.filter in the next
patch, its coding style needs to be adapted to that of common.filter.
That means, we have to convert tabs to four spaces, adjust the alignment
of the last line (done with spaces already, assuming one tab equals
eight spaces), fix the line length of the comment, and add a line break
before the opening brace.

Signed-off-by: Max Reitz 
Reviewed-by: Eric Blake 
Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/083 | 19 ++-
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/tests/qemu-iotests/083 b/tests/qemu-iotests/083
index 13495bc..36e6de8 100755
--- a/tests/qemu-iotests/083
+++ b/tests/qemu-iotests/083
@@ -49,15 +49,16 @@ wait_for_tcp_port() {
done
 }
 
-_filter_nbd() {
-   # nbd.c error messages contain function names and line numbers that are 
prone
-   # to change.  Message ordering depends on timing between send and 
receive
-   # callbacks sometimes, making them unreliable.
-   #
-   # Filter out the TCP port number since this changes between runs.
-   sed -e 's#^.*nbd/.*\.c:.*##g' \
-   -e 's#nbd:127\.0\.0\.1:[^:]*:#nbd:127\.0\.0\.1:PORT:#g' \
--e 's#\(exportname=foo\|PORT\): Failed to .*$#\1#'
+_filter_nbd()
+{
+# nbd.c error messages contain function names and line numbers that are
+# prone to change.  Message ordering depends on timing between send and
+# receive callbacks sometimes, making them unreliable.
+#
+# Filter out the TCP port number since this changes between runs.
+sed -e 's#^.*nbd/.*\.c:.*##g' \
+-e 's#nbd:127\.0\.0\.1:[^:]*:#nbd:127\.0\.0\.1:PORT:#g' \
+-e 's#\(exportname=foo\|PORT\): Failed to .*$#\1#'
 }
 
 check_disconnect() {
-- 
1.8.3.1

[Qemu-devel] [PULL 06/48] iotests: Limit supported formats for 118

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

Image formats used in test 118 need to support image creation.

Reported-by: Markus Armbruster 
Signed-off-by: Max Reitz 
Reviewed-by: Markus Armbruster 
Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/118 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/118 b/tests/qemu-iotests/118
index 7caa38c..9e5951f 100755
--- a/tests/qemu-iotests/118
+++ b/tests/qemu-iotests/118
@@ -672,4 +672,6 @@ if __name__ == '__main__':
 # We need floppy and IDE CD-ROM
 iotests.notrun('not suitable for this machine type: %s' %
iotests.qemu_default_machine)
-iotests.main()
+# Need to support image creation
+iotests.main(supported_fmts=['vpc', 'parallels', 'qcow', 'vdi', 'qcow2',
+ 'vmdk', 'raw', 'vhdx', 'qed'])
-- 
1.8.3.1

[Qemu-devel] [PULL 36/48] raw: Assign bs to file in raw_co_get_block_status

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Signed-off-by: Fam Zheng 
Message-id: 1453780743-16806-5-git-send-email-f...@redhat.com
Reviewed-by: Max Reitz 
Signed-off-by: Max Reitz 
---
 block/raw-posix.c | 1 +
 block/raw_bsd.c   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/block/raw-posix.c b/block/raw-posix.c
index 3ef9b25..8866121 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -1861,6 +1861,7 @@ static int64_t coroutine_fn 
raw_co_get_block_status(BlockDriverState *bs,
 *pnum = MIN(nb_sectors, (data - start) / BDRV_SECTOR_SIZE);
 ret = BDRV_BLOCK_ZERO;
 }
+*file = bs;
 return ret | BDRV_BLOCK_OFFSET_VALID | start;
 }
 
diff --git a/block/raw_bsd.c b/block/raw_bsd.c
index 9a8933b..ea16a23 100644
--- a/block/raw_bsd.c
+++ b/block/raw_bsd.c
@@ -119,6 +119,7 @@ static int64_t coroutine_fn 
raw_co_get_block_status(BlockDriverState *bs,
 BlockDriverState **file)
 {
 *pnum = nb_sectors;
+*file = bs->file->bs;
 return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID | BDRV_BLOCK_DATA |
(sector_num << BDRV_SECTOR_BITS);
 }
-- 
1.8.3.1

[Qemu-devel] [PULL 21/48] nbd: Switch from close to eject notifier

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

The NBD code uses the BDS close notifier to determine when a medium is
ejected. However, now it should use the BB's BDS removal notifier for
that instead of the BDS's close notifier.

Signed-off-by: Max Reitz 
Reviewed-by: Fam Zheng 
Reviewed-by: Kevin Wolf 
Signed-off-by: Kevin Wolf 
---
 blockdev-nbd.c | 40 +---
 nbd/server.c   | 13 +
 2 files changed, 18 insertions(+), 35 deletions(-)

diff --git a/blockdev-nbd.c b/blockdev-nbd.c
index 4a758ac..9d6a21c 100644
--- a/blockdev-nbd.c
+++ b/blockdev-nbd.c
@@ -45,37 +45,11 @@ void qmp_nbd_server_start(SocketAddress *addr, Error **errp)
 }
 }
 
-/*
- * Hook into the BlockBackend notifiers to close the export when the
- * backend is closed.
- */
-typedef struct NBDCloseNotifier {
-Notifier n;
-NBDExport *exp;
-QTAILQ_ENTRY(NBDCloseNotifier) next;
-} NBDCloseNotifier;
-
-static QTAILQ_HEAD(, NBDCloseNotifier) close_notifiers =
-QTAILQ_HEAD_INITIALIZER(close_notifiers);
-
-static void nbd_close_notifier(Notifier *n, void *data)
-{
-NBDCloseNotifier *cn = DO_UPCAST(NBDCloseNotifier, n, n);
-
-notifier_remove(>n);
-QTAILQ_REMOVE(_notifiers, cn, next);
-
-nbd_export_close(cn->exp);
-nbd_export_put(cn->exp);
-g_free(cn);
-}
-
 void qmp_nbd_server_add(const char *device, bool has_writable, bool writable,
 Error **errp)
 {
 BlockBackend *blk;
 NBDExport *exp;
-NBDCloseNotifier *n;
 
 if (server_fd == -1) {
 error_setg(errp, "NBD server not running");
@@ -113,19 +87,15 @@ void qmp_nbd_server_add(const char *device, bool 
has_writable, bool writable,
 
 nbd_export_set_name(exp, device);
 
-n = g_new0(NBDCloseNotifier, 1);
-n->n.notify = nbd_close_notifier;
-n->exp = exp;
-blk_add_close_notifier(blk, >n);
-QTAILQ_INSERT_TAIL(_notifiers, n, next);
+/* The list of named exports has a strong reference to this export now and
+ * our only way of accessing it is through nbd_export_find(), so we can 
drop
+ * the strong reference that is @exp. */
+nbd_export_put(exp);
 }
 
 void qmp_nbd_server_stop(Error **errp)
 {
-while (!QTAILQ_EMPTY(_notifiers)) {
-NBDCloseNotifier *cn = QTAILQ_FIRST(_notifiers);
-nbd_close_notifier(>n, nbd_export_get_blockdev(cn->exp));
-}
+nbd_export_close_all();
 
 if (server_fd != -1) {
 qemu_set_fd_handler(server_fd, NULL, NULL, NULL);
diff --git a/nbd/server.c b/nbd/server.c
index 5169b59..2045f7c 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -64,6 +64,8 @@ struct NBDExport {
 QTAILQ_ENTRY(NBDExport) next;
 
 AioContext *ctx;
+
+Notifier eject_notifier;
 };
 
 static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
@@ -644,6 +646,12 @@ static void blk_aio_detach(void *opaque)
 exp->ctx = NULL;
 }
 
+static void nbd_eject_notifier(Notifier *n, void *data)
+{
+NBDExport *exp = container_of(n, NBDExport, eject_notifier);
+nbd_export_close(exp);
+}
+
 NBDExport *nbd_export_new(BlockBackend *blk, off_t dev_offset, off_t size,
   uint32_t nbdflags, void (*close)(NBDExport *),
   Error **errp)
@@ -666,6 +674,10 @@ NBDExport *nbd_export_new(BlockBackend *blk, off_t 
dev_offset, off_t size,
 exp->ctx = blk_get_aio_context(blk);
 blk_ref(blk);
 blk_add_aio_context_notifier(blk, blk_aio_attached, blk_aio_detach, exp);
+
+exp->eject_notifier.notify = nbd_eject_notifier;
+blk_add_remove_bs_notifier(blk, >eject_notifier);
+
 /*
  * NBD exports are used for non-shared storage migration.  Make sure
  * that BDRV_O_INACTIVE is cleared and the image is ready for write
@@ -745,6 +757,7 @@ void nbd_export_put(NBDExport *exp)
 }
 
 if (exp->blk) {
+notifier_remove(>eject_notifier);
 blk_remove_aio_context_notifier(exp->blk, blk_aio_attached,
 blk_aio_detach, exp);
 blk_unref(exp->blk);
-- 
1.8.3.1

[Qemu-devel] [PULL 32/48] block: acquire in bdrv_query_image_info

2016-01-29 Thread Kevin Wolf 
From: Paolo Bonzini 

NFS calls aio_poll inside bdrv_get_allocated_size.  This requires
acquiring the AioContext.

Signed-off-by: Paolo Bonzini 
Message-id: 1450867706-19860-1-git-send-email-pbonz...@redhat.com
Reviewed-by: Fam Zheng 
Signed-off-by: Max Reitz 
---
 block/qapi.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index bbe0c9d..2e83105 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -211,11 +211,13 @@ void bdrv_query_image_info(BlockDriverState *bs,
 Error *err = NULL;
 ImageInfo *info;
 
+aio_context_acquire(bdrv_get_aio_context(bs));
+
 size = bdrv_getlength(bs);
 if (size < 0) {
 error_setg_errno(errp, -size, "Can't get size of device '%s'",
  bdrv_get_device_name(bs));
-return;
+goto out;
 }
 
 info = g_new0(ImageInfo, 1);
@@ -283,10 +285,13 @@ void bdrv_query_image_info(BlockDriverState *bs,
 default:
 error_propagate(errp, err);
 qapi_free_ImageInfo(info);
-return;
+goto out;
 }
 
 *p_info = info;
+
+out:
+aio_context_release(bdrv_get_aio_context(bs));
 }
 
 /* @p_info will be set only on success. */
-- 
1.8.3.1

[Qemu-devel] [PULL 46/48] qemu-img: In "map", use the returned "file" from bdrv_get_block_status

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Now all drivers should return a correct "file", we can make use of it,
even with the recursion into backing chain above.

Reviewed-by: Eric Blake 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Fam Zheng 
Message-id: 1453780743-16806-15-git-send-email-f...@redhat.com
Signed-off-by: Max Reitz 
---
 qemu-img.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qemu-img.c b/qemu-img.c
index e653b2f..c8bc63f 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2236,7 +2236,7 @@ static int get_block_status(BlockDriverState *bs, int64_t 
sector_num,
 e->flags = ret & ~BDRV_BLOCK_OFFSET_MASK;
 e->offset = ret & BDRV_BLOCK_OFFSET_MASK;
 e->depth = depth;
-e->bs = bs;
+e->bs = file;
 return 0;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 37/48] iscsi: Assign bs to file in iscsi_co_get_block_status

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Reviewed-by: Eric Blake 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Fam Zheng 
Message-id: 1453780743-16806-6-git-send-email-f...@redhat.com
Signed-off-by: Max Reitz 
---
 block/iscsi.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/block/iscsi.c b/block/iscsi.c
index e182557..9fe76f4 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -625,6 +625,9 @@ out:
 if (iTask.task != NULL) {
 scsi_free_scsi_task(iTask.task);
 }
+if (ret > 0 && ret & BDRV_BLOCK_OFFSET_VALID) {
+*file = bs;
+}
 return ret;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 31/48] iotests: Add test for block jobs and BDS ejection

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

Suggested-by: Paolo Bonzini 
Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/141 | 186 +
 tests/qemu-iotests/141.out |  59 ++
 tests/qemu-iotests/group   |   1 +
 3 files changed, 246 insertions(+)
 create mode 100755 tests/qemu-iotests/141
 create mode 100644 tests/qemu-iotests/141.out

diff --git a/tests/qemu-iotests/141 b/tests/qemu-iotests/141
new file mode 100755
index 000..f7c28b4
--- /dev/null
+++ b/tests/qemu-iotests/141
@@ -0,0 +1,186 @@
+#!/bin/bash
+#
+# Test case for ejecting BDSs with block jobs still running on them
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mre...@redhat.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+_cleanup_test_img
+rm -f "$TEST_DIR/{b,m,o}.$IMGFMT"
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.qemu
+
+# Needs backing file and backing format support
+_supported_fmt qcow2 qed
+_supported_proto file
+_supported_os Linux
+
+
+test_blockjob()
+{
+_send_qemu_cmd $QEMU_HANDLE \
+"{'execute': 'blockdev-add',
+  'arguments': {
+  'options': {
+  'id': 'drv0',
+  'driver': '$IMGFMT',
+  'file': {
+  'driver': 'file',
+  'filename': '$TEST_IMG'
+  " \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"$1" \
+"$2" \
+| _filter_img_create
+
+# We want this to return an error because the block job is still running
+_send_qemu_cmd $QEMU_HANDLE \
+"{'execute': 'x-blockdev-remove-medium',
+  'arguments': {'device': 'drv0'}}" \
+'error'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{'execute': 'block-job-cancel',
+  'arguments': {'device': 'drv0'}}" \
+"$3"
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{'execute': 'x-blockdev-del',
+  'arguments': {'id': 'drv0'}}" \
+'return'
+}
+
+
+TEST_IMG="$TEST_DIR/b.$IMGFMT" _make_test_img 1M
+TEST_IMG="$TEST_DIR/m.$IMGFMT" _make_test_img -b "$TEST_DIR/b.$IMGFMT" 1M
+_make_test_img -b "$TEST_DIR/m.$IMGFMT" 1M
+
+_launch_qemu -nodefaults
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{'execute': 'qmp_capabilities'}" \
+'return'
+
+echo
+echo '=== Testing drive-backup ==='
+echo
+
+# drive-backup will not send BLOCK_JOB_READY by itself, and cancelling the job
+# will consequently result in BLOCK_JOB_CANCELLED being emitted.
+
+test_blockjob \
+"{'execute': 'drive-backup',
+  'arguments': {'device': 'drv0',
+'target': '$TEST_DIR/o.$IMGFMT',
+'format': '$IMGFMT',
+'sync': 'none'}}" \
+'return' \
+'BLOCK_JOB_CANCELLED'
+
+echo
+echo '=== Testing drive-mirror ==='
+echo
+
+# drive-mirror will send BLOCK_JOB_READY basically immediately, and cancelling
+# the job will consequently result in BLOCK_JOB_COMPLETED being emitted.
+
+test_blockjob \
+"{'execute': 'drive-mirror',
+  'arguments': {'device': 'drv0',
+'target': '$TEST_DIR/o.$IMGFMT',
+'format': '$IMGFMT',
+'sync': 'none'}}" \
+'BLOCK_JOB_READY' \
+'BLOCK_JOB_COMPLETED'
+
+echo
+echo '=== Testing active block-commit ==='
+echo
+
+# An active block-commit will send BLOCK_JOB_READY basically immediately, and
+# cancelling the job will consequently result in BLOCK_JOB_COMPLETED being
+# emitted.
+
+test_blockjob \
+"{'execute': 'block-commit',
+  'arguments': {'device': 'drv0'}}" \
+'BLOCK_JOB_READY' \
+'BLOCK_JOB_COMPLETED'
+
+echo
+echo '=== Testing non-active block-commit ==='
+echo
+
+# Give block-commit something to work on, otherwise it would be done
+# immediately, send a BLOCK_JOB_COMPLETED and ejecting the BDS would work just
+# fine without the block job still running.
+
+$QEMU_IO -c 'write 0 1M' "$TEST_DIR/m.$IMGFMT" | _filter_qemu_io
+
+test_blockjob \
+"{'execute': 'block-commit',
+  'arguments':

[Qemu-devel] [PATCH 14/15] contrib: Clean up includes

2016-01-29 Thread Peter Maydell 
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell 
---
 contrib/ivshmem-client/ivshmem-client.c | 2 +-
 contrib/ivshmem-client/main.c   | 1 +
 contrib/ivshmem-server/ivshmem-server.c | 2 +-
 contrib/ivshmem-server/main.c   | 1 +
 4 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/contrib/ivshmem-client/ivshmem-client.c 
b/contrib/ivshmem-client/ivshmem-client.c
index 31619d8..44ae364 100644
--- a/contrib/ivshmem-client/ivshmem-client.c
+++ b/contrib/ivshmem-client/ivshmem-client.c
@@ -6,7 +6,7 @@
  * top-level directory.
  */
 
-#include 
+#include "qemu/osdep.h"
 #include 
 #include 
 
diff --git a/contrib/ivshmem-client/main.c b/contrib/ivshmem-client/main.c
index c004870..33ae1da 100644
--- a/contrib/ivshmem-client/main.c
+++ b/contrib/ivshmem-client/main.c
@@ -6,6 +6,7 @@
  * top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 
 #include "ivshmem-client.h"
diff --git a/contrib/ivshmem-server/ivshmem-server.c 
b/contrib/ivshmem-server/ivshmem-server.c
index d9e26b0..bfd0fad 100644
--- a/contrib/ivshmem-server/ivshmem-server.c
+++ b/contrib/ivshmem-server/ivshmem-server.c
@@ -5,11 +5,11 @@
  * (at your option) any later version.  See the COPYING file in the
  * top-level directory.
  */
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qemu/sockets.h"
 
 #include 
-#include 
 #include 
 #include 
 #ifdef CONFIG_LINUX
diff --git a/contrib/ivshmem-server/main.c b/contrib/ivshmem-server/main.c
index 9b0d6e2..cca1061 100644
--- a/contrib/ivshmem-server/main.c
+++ b/contrib/ivshmem-server/main.c
@@ -6,6 +6,7 @@
  * top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 
 #include "ivshmem-server.h"
-- 
1.9.1

[Qemu-devel] [PULL 48/48] iotests: Add "qemu-img map" test for VMDK extents

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Signed-off-by: Fam Zheng 
Message-id: 1453780743-16806-17-git-send-email-f...@redhat.com
Reviewed-by: Max Reitz 
Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/059 | 10 ++
 tests/qemu-iotests/059.out | 25 +
 2 files changed, 35 insertions(+)

diff --git a/tests/qemu-iotests/059 b/tests/qemu-iotests/059
index 0ded0c3..0332bbb 100755
--- a/tests/qemu-iotests/059
+++ b/tests/qemu-iotests/059
@@ -133,6 +133,16 @@ $QEMU_IO -c "write -P 0xa 900G 512" "$TEST_IMG" | 
_filter_qemu_io
 $QEMU_IO -c "read -v 900G 1024" "$TEST_IMG" | _filter_qemu_io
 
 echo
+echo "=== Testing qemu-img map on extents ==="
+for fmt in monolithicSparse twoGbMaxExtentSparse; do
+IMGOPTS="subformat=$fmt" _make_test_img 31G
+$QEMU_IO -c "write 65024 1k" "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -c "write 2147483136 1k" "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -c "write 5G 1k" "$TEST_IMG" | _filter_qemu_io
+$QEMU_IMG map "$TEST_IMG" | _filter_testdir
+done
+
+echo
 echo "=== Testing afl image with a very large capacity ==="
 _use_sample_img afl9.vmdk.bz2
 _img_info
diff --git a/tests/qemu-iotests/059.out b/tests/qemu-iotests/059.out
index 9d506cb..678adb4 100644
--- a/tests/qemu-iotests/059.out
+++ b/tests/qemu-iotests/059.out
@@ -2335,6 +2335,31 @@ e103f0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00  
 read 1024/1024 bytes at offset 966367641600
 1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 
+=== Testing qemu-img map on extents ===
+Formatting 'TEST_DIR/iotest-version3.IMGFMT', fmt=IMGFMT size=33285996544 
subformat=monolithicSparse
+wrote 1024/1024 bytes at offset 65024
+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 1024/1024 bytes at offset 2147483136
+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 1024/1024 bytes at offset 5368709120
+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Offset  Length  Mapped to   File
+0   0x2 0x3fTEST_DIR/iotest-version3.vmdk
+0x7fff  0x2 0x41TEST_DIR/iotest-version3.vmdk
+0x14000 0x1 0x43TEST_DIR/iotest-version3.vmdk
+Formatting 'TEST_DIR/iotest-version3.IMGFMT', fmt=IMGFMT size=33285996544 
subformat=twoGbMaxExtentSparse
+wrote 1024/1024 bytes at offset 65024
+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 1024/1024 bytes at offset 2147483136
+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 1024/1024 bytes at offset 5368709120
+1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Offset  Length  Mapped to   File
+0   0x2 0x5 
TEST_DIR/iotest-version3-s001.vmdk
+0x7fff  0x1 0x7 
TEST_DIR/iotest-version3-s001.vmdk
+0x8000  0x1 0x5 
TEST_DIR/iotest-version3-s002.vmdk
+0x14000 0x1 0x5 
TEST_DIR/iotest-version3-s003.vmdk
+
 === Testing afl image with a very large capacity ===
 qemu-img: Can't get size of device 'image': File too large
 *** done
-- 
1.8.3.1

[Qemu-devel] [PATCH 04/15] backends: Clean up includes

2016-01-29 Thread Peter Maydell 
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell 
---
 backends/baum.c | 1 +
 backends/hostmem-file.c | 1 +
 backends/hostmem-ram.c  | 1 +
 backends/hostmem.c  | 1 +
 backends/msmouse.c  | 2 +-
 backends/rng-egd.c  | 1 +
 backends/rng-random.c   | 1 +
 backends/rng.c  | 1 +
 backends/testdev.c  | 1 +
 backends/tpm.c  | 1 +
 10 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/backends/baum.c b/backends/baum.c
index ba32b61..374562a 100644
--- a/backends/baum.c
+++ b/backends/baum.c
@@ -21,6 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "sysemu/char.h"
 #include "qemu/timer.h"
diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c
index e9b6d21..fd59482 100644
--- a/backends/hostmem-file.c
+++ b/backends/hostmem-file.c
@@ -9,6 +9,7 @@
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
  */
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "sysemu/hostmem.h"
 #include "sysemu/sysemu.h"
diff --git a/backends/hostmem-ram.c b/backends/hostmem-ram.c
index a67a134..44fb390 100644
--- a/backends/hostmem-ram.c
+++ b/backends/hostmem-ram.c
@@ -9,6 +9,7 @@
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
  */
+#include "qemu/osdep.h"
 #include "sysemu/hostmem.h"
 #include "qom/object_interfaces.h"
 
diff --git a/backends/hostmem.c b/backends/hostmem.c
index 1b4eb45..60e882c 100644
--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -9,6 +9,7 @@
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
  */
+#include "qemu/osdep.h"
 #include "sysemu/hostmem.h"
 #include "hw/boards.h"
 #include "qapi/visitor.h"
diff --git a/backends/msmouse.c b/backends/msmouse.c
index 476dab5..9a82efd 100644
--- a/backends/msmouse.c
+++ b/backends/msmouse.c
@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
-#include 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "sysemu/char.h"
 #include "ui/console.h"
diff --git a/backends/rng-egd.c b/backends/rng-egd.c
index 6c13409..2de5cd5 100644
--- a/backends/rng-egd.c
+++ b/backends/rng-egd.c
@@ -10,6 +10,7 @@
  * See the COPYING file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "sysemu/rng.h"
 #include "sysemu/char.h"
 #include "qapi/qmp/qerror.h"
diff --git a/backends/rng-random.c b/backends/rng-random.c
index 4e51f46..8cdad6a 100644
--- a/backends/rng-random.c
+++ b/backends/rng-random.c
@@ -10,6 +10,7 @@
  * See the COPYING file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "sysemu/rng-random.h"
 #include "sysemu/rng.h"
 #include "qapi/qmp/qerror.h"
diff --git a/backends/rng.c b/backends/rng.c
index 5065fdc..b7820ef 100644
--- a/backends/rng.c
+++ b/backends/rng.c
@@ -10,6 +10,7 @@
  * See the COPYING file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "sysemu/rng.h"
 #include "qapi/qmp/qerror.h"
 #include "qom/object_interfaces.h"
diff --git a/backends/testdev.c b/backends/testdev.c
index 26d5c73..3ab1c90 100644
--- a/backends/testdev.c
+++ b/backends/testdev.c
@@ -23,6 +23,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "sysemu/char.h"
 
diff --git a/backends/tpm.c b/backends/tpm.c
index a512693..d53da18 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -12,6 +12,7 @@
  * Based on backends/rng.c by Anthony Liguori
  */
 
+#include "qemu/osdep.h"
 #include "sysemu/tpm_backend.h"
 #include "qapi/qmp/qerror.h"
 #include "sysemu/tpm.h"
-- 
1.9.1

Re: [Qemu-devel] [PATCH 1/8] target-arm: Properly support EL2 and EL3 in arm_el_is_aa64()

2016-01-29 Thread Sergey Fedorov 
On 29.01.2016 20:05, Peter Maydell wrote:
> On 29 January 2016 at 16:45, Sergey Fedorov  wrote:
>> > On 14.01.2016 21:34, Peter Maydell wrote:
>>> >> Support EL2 and EL3 in arm_el_is_aa64() by implementing the
>>> >> logic for checking the SCR_EL3 and HCR_EL2 register-width bits
>>> >> as appropriate to determine the register width of lower exception
>>> >> levels.
>> >
>> > Reviewed-by: Sergey Fedorov 
> Thanks for the review, but this series went into master last week :-)

Heh, I missed that somehow :) Anyway, great patches!

[Qemu-devel] [PULL 00/48] Block patches

2016-01-29 Thread Kevin Wolf 
The following changes since commit 047e363b05679724d6b784c6ec6310697fe48ba0:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-softfloat-20160122' 
into staging (2016-01-22 15:19:21 +)

are available in the git repository at:


  git://repo.or.cz/qemu/kevin.git tags/for-upstream

for you to fetch changes up to ae873754e7b51f66f2b944f49b7baff2730ec511:

  Merge remote-tracking branch 'mreitz/tags/pull-block-for-kevin-2016-01-29' 
into queue-block (2016-01-29 18:11:39 +0100)



Block layer patches


Fam Zheng (18):
  vmdk: Fix converting to streamOptimized
  block: Remove unused struct definition BlockFinishData
  block: Add "file" output parameter to block status query functions
  qcow: Assign bs->file->bs to file in qcow_co_get_block_status
  qcow2: Assign bs->file->bs to file in qcow2_co_get_block_status
  raw: Assign bs to file in raw_co_get_block_status
  iscsi: Assign bs to file in iscsi_co_get_block_status
  parallels: Assign bs->file->bs to file in parallels_co_get_block_status
  qed: Assign bs->file->bs to file in bdrv_qed_co_get_block_status
  sheepdog: Assign bs to file in sd_co_get_block_status
  vdi: Assign bs->file->bs to file in vdi_co_get_block_status
  vpc: Assign bs->file->bs to file in vpc_co_get_block_status
  vmdk: Fix calculation of block status's offset
  vmdk: Return extent's file in bdrv_get_block_status
  block: Use returned *file in bdrv_co_get_block_status
  qemu-img: In "map", use the returned "file" from bdrv_get_block_status
  qemu-img: Make MapEntry a QAPI struct
  iotests: Add "qemu-img map" test for VMDK extents

Kevin Wolf (1):
  Merge remote-tracking branch 
'mreitz/tags/pull-block-for-kevin-2016-01-29' into queue-block

Max Reitz (29):
  block: Add blk_dev_has_tray()
  blockdev: Fix 'change' for slot devices
  Revert "hw/block/fdc: Implement tray status"
  block/qapi: Emit tray_open only if there is a tray
  iotests: Limit supported formats for 118
  nbd: client_close on error in nbd_co_client_start
  iotests: Rename filter_nbd to _filter_nbd in 083
  iotests: Change coding style of _filter_nbd in 083
  iotests: Move _filter_nbd into common.filter
  iotests: Make _filter_nbd drop log lines
  iotests: Make _filter_nbd support more URL types
  iotests: Make redirecting qemu's stderr optional
  iotests: Add test for a nonexistent NBD export
  block: Release named dirty bitmaps in bdrv_close()
  iotests: Add test for eject under NBD server
  block: Add BB-BDS remove/insert notifiers
  virtio-blk: Functions for op blocker management
  virtio-scsi: Catch BDS-BB removal/insertion
  nbd: Switch from close to eject notifier
  block: Remove BDS close notifier
  block: Use blk_remove_bs() in blk_delete()
  blockdev: Use blk_remove_bs() in do_drive_del()
  block: Make bdrv_close() static
  block: Add list of all BlockDriverStates
  blockdev: Keep track of monitor-owned BDS
  block: Add blk_remove_all_bs()
  block: Rewrite bdrv_close_all()
  iotests: Add test for multiple BB on BDS tree
  iotests: Add test for block jobs and BDS ejection

Paolo Bonzini (1):
  block: acquire in bdrv_query_image_info

 block.c|  90 +++-
 block/block-backend.c  |  53 --
 block/io.c |  44 +---
 block/iscsi.c  |   9 +-
 block/mirror.c |   3 +-
 block/parallels.c  |   3 +-
 block/qapi.c   |  11 +-
 block/qcow.c   |   3 +-
 block/qcow2.c  |   3 +-
 block/qed.c|   6 +-
 block/raw-posix.c  |   4 +-
 block/raw_bsd.c|   4 +-
 block/sheepdog.c   |   5 +-
 block/vdi.c|   3 +-
 block/vmdk.c   |  18 ++--
 block/vpc.c|   4 +-
 block/vvfat.c  |   2 +-
 blockdev-nbd.c |  40 +--
 blockdev.c |  61 ++-
 blockjob.c |   8 --
 hw/block/dataplane/virtio-blk.c|  77 ++
 hw/block/fdc.c |  20 +---
 hw/scsi/virtio-scsi.c  |  55 ++
 include/block/block.h  |  13 +--
 include/block/block_int.h  |  12 ++-
 include/hw/virtio/virtio-scsi.h|  10 ++
 include/sysemu/block-backend.h |   4 +-
 nbd/server.c   |  16 ++-
 qapi/block-core.json   |  34 +-
 qemu-img.c |  84 +--
 stubs/Makefile.objs

[Qemu-devel] [PULL 05/48] vmdk: Fix converting to streamOptimized

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Commit d62d9dc4b8 lifted streamOptimized images's version to 3, but we
now refuse to open version 3 images read-write.  We need to make
streamOptimized an exception to allow converting to it. This fixes the
accidentally broken iotests case 059 for the same reason.

Signed-off-by: Fam Zheng 
Signed-off-by: Kevin Wolf 
---
 block/vmdk.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/block/vmdk.c b/block/vmdk.c
index 698679d..4a5850b 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -571,6 +571,7 @@ static int vmdk_open_vmdk4(BlockDriverState *bs,
 VmdkExtent *extent;
 BDRVVmdkState *s = bs->opaque;
 int64_t l1_backup_offset = 0;
+bool compressed;
 
 ret = bdrv_pread(file->bs, sizeof(magic), , sizeof(header));
 if (ret < 0) {
@@ -645,6 +646,8 @@ static int vmdk_open_vmdk4(BlockDriverState *bs,
 header = footer.header;
 }
 
+compressed =
+le16_to_cpu(header.compressAlgorithm) == VMDK4_COMPRESSION_DEFLATE;
 if (le32_to_cpu(header.version) > 3) {
 char buf[64];
 snprintf(buf, sizeof(buf), "VMDK version %" PRId32,
@@ -652,7 +655,8 @@ static int vmdk_open_vmdk4(BlockDriverState *bs,
 error_setg(errp, QERR_UNKNOWN_BLOCK_FORMAT_FEATURE,
bdrv_get_device_or_node_name(bs), "vmdk", buf);
 return -ENOTSUP;
-} else if (le32_to_cpu(header.version) == 3 && (flags & BDRV_O_RDWR)) {
+} else if (le32_to_cpu(header.version) == 3 && (flags & BDRV_O_RDWR) &&
+   !compressed) {
 /* VMware KB 2064959 explains that version 3 added support for
  * persistent changed block tracking (CBT), and backup software can
  * read it as version=1 if it doesn't care about the changed area
-- 
1.8.3.1

[Qemu-devel] [PULL 18/48] block: Add BB-BDS remove/insert notifiers

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

bdrv_close() no longer signifies ejection of a medium, this is now done
by removing the BDS from the BB. Therefore, we want to have a notifier
for that in the BB instead of a close notifier in the BDS. The former is
added now, the latter is removed later.

Symmetrically, another notifier list is added that is invoked whenever a
BDS is inserted. We will need that for virtio-blk and virtio-scsi, which
can then remove their op blockers on BDS ejection and set them up on
insertion.

Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
Reviewed-by: Fam Zheng 
Signed-off-by: Kevin Wolf 
---
 block/block-backend.c  | 20 
 include/sysemu/block-backend.h |  2 ++
 2 files changed, 22 insertions(+)

diff --git a/block/block-backend.c b/block/block-backend.c
index a4208f1..1872191 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -49,6 +49,8 @@ struct BlockBackend {
 BlockdevOnError on_read_error, on_write_error;
 bool iostatus_enabled;
 BlockDeviceIoStatus iostatus;
+
+NotifierList remove_bs_notifiers, insert_bs_notifiers;
 };
 
 typedef struct BlockBackendAIOCB {
@@ -99,6 +101,8 @@ BlockBackend *blk_new(const char *name, Error **errp)
 blk = g_new0(BlockBackend, 1);
 blk->name = g_strdup(name);
 blk->refcnt = 1;
+notifier_list_init(>remove_bs_notifiers);
+notifier_list_init(>insert_bs_notifiers);
 QTAILQ_INSERT_TAIL(_backends, blk, link);
 return blk;
 }
@@ -167,6 +171,8 @@ static void blk_delete(BlockBackend *blk)
 bdrv_unref(blk->bs);
 blk->bs = NULL;
 }
+assert(QLIST_EMPTY(>remove_bs_notifiers.notifiers));
+assert(QLIST_EMPTY(>insert_bs_notifiers.notifiers));
 if (blk->root_state.throttle_state) {
 g_free(blk->root_state.throttle_group);
 throttle_group_unref(blk->root_state.throttle_state);
@@ -345,6 +351,8 @@ void blk_hide_on_behalf_of_hmp_drive_del(BlockBackend *blk)
  */
 void blk_remove_bs(BlockBackend *blk)
 {
+notifier_list_notify(>remove_bs_notifiers, blk);
+
 blk_update_root_state(blk);
 
 blk->bs->blk = NULL;
@@ -361,6 +369,8 @@ void blk_insert_bs(BlockBackend *blk, BlockDriverState *bs)
 bdrv_ref(bs);
 blk->bs = bs;
 bs->blk = blk;
+
+notifier_list_notify(>insert_bs_notifiers, blk);
 }
 
 /*
@@ -1126,6 +1136,16 @@ void blk_remove_aio_context_notifier(BlockBackend *blk,
 }
 }
 
+void blk_add_remove_bs_notifier(BlockBackend *blk, Notifier *notify)
+{
+notifier_list_add(>remove_bs_notifiers, notify);
+}
+
+void blk_add_insert_bs_notifier(BlockBackend *blk, Notifier *notify)
+{
+notifier_list_add(>insert_bs_notifiers, notify);
+}
+
 void blk_add_close_notifier(BlockBackend *blk, Notifier *notify)
 {
 if (blk->bs) {
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 1568554..e12be67 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -164,6 +164,8 @@ void blk_remove_aio_context_notifier(BlockBackend *blk,
   void *),
  void (*detach_aio_context)(void *),
  void *opaque);
+void blk_add_remove_bs_notifier(BlockBackend *blk, Notifier *notify);
+void blk_add_insert_bs_notifier(BlockBackend *blk, Notifier *notify);
 void blk_add_close_notifier(BlockBackend *blk, Notifier *notify);
 void blk_io_plug(BlockBackend *blk);
 void blk_io_unplug(BlockBackend *blk);
-- 
1.8.3.1

[Qemu-devel] [PULL 14/48] iotests: Add test for a nonexistent NBD export

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

Trying to connect to a nonexistent NBD export should not crash the
server.

Signed-off-by: Max Reitz 
Reviewed-by: Eric Blake 
Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/143 | 73 ++
 tests/qemu-iotests/143.out |  7 +
 tests/qemu-iotests/group   |  1 +
 3 files changed, 81 insertions(+)
 create mode 100755 tests/qemu-iotests/143
 create mode 100644 tests/qemu-iotests/143.out

diff --git a/tests/qemu-iotests/143 b/tests/qemu-iotests/143
new file mode 100755
index 000..6207368
--- /dev/null
+++ b/tests/qemu-iotests/143
@@ -0,0 +1,73 @@
+#!/bin/bash
+#
+# Test case for connecting to a non-existing NBD export name
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mre...@redhat.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+rm -f "$TEST_DIR/nbd"
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.qemu
+
+_supported_fmt generic
+_supported_proto generic
+_supported_os Linux
+
+keep_stderr=y \
+_launch_qemu 2> >(_filter_nbd)
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'qmp_capabilities' }" \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'nbd-server-start',
+   'arguments': { 'addr': { 'type': 'unix',
+'data': { 'path': '$TEST_DIR/nbd' " \
+'return'
+
+# This should just result in a client error, not in the server crashing
+$QEMU_IO_PROG -f raw -c quit \
+"nbd+unix:///no_such_export?socket=$TEST_DIR/nbd" 2>&1 \
+| _filter_qemu_io | _filter_nbd
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'quit' }" \
+'return'
+
+wait=1 _cleanup_qemu
+
+# success, all done
+echo '*** done'
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/143.out b/tests/qemu-iotests/143.out
new file mode 100644
index 000..dad2024
--- /dev/null
+++ b/tests/qemu-iotests/143.out
@@ -0,0 +1,7 @@
+QA output created by 143
+{"return": {}}
+{"return": {}}
+can't open device nbd+unix:///no_such_export?socket=TEST_DIR/nbd: Failed to 
read export length
+{"return": {}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"SHUTDOWN"}
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index d6e9219..ac6a959 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -142,3 +142,4 @@
 138 rw auto quick
 139 rw auto quick
 142 auto
+143 auto quick
-- 
1.8.3.1

[Qemu-devel] [PULL 07/48] nbd: client_close on error in nbd_co_client_start

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

Use client_close() if an error in nbd_co_client_start() occurs instead
of manually inlining parts of it. This fixes an assertion error on the
server side if nbd_negotiate() fails.

Signed-off-by: Max Reitz 
Acked-by: Paolo Bonzini 
Reviewed-by: Eric Blake 
Signed-off-by: Kevin Wolf 
---
 nbd/server.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index 2265cb0..5169b59 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1080,8 +1080,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
 nbd_export_get(exp);
 }
 if (nbd_negotiate(data)) {
-shutdown(client->sock, 2);
-client->close(client);
+client_close(client);
 goto out;
 }
 qemu_co_mutex_init(>send_lock);
-- 
1.8.3.1

[Qemu-devel] [PULL 44/48] vmdk: Return extent's file in bdrv_get_block_status

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Signed-off-by: Fam Zheng 
Message-id: 1453780743-16806-13-git-send-email-f...@redhat.com
Reviewed-by: Max Reitz 
Signed-off-by: Max Reitz 
---
 block/vmdk.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/vmdk.c b/block/vmdk.c
index 9d5a18a..a8db5d9 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -1291,12 +1291,12 @@ static int64_t coroutine_fn 
vmdk_co_get_block_status(BlockDriverState *bs,
 break;
 case VMDK_OK:
 ret = BDRV_BLOCK_DATA;
-if (extent->file == bs->file && !extent->compressed) {
+if (!extent->compressed) {
 ret |= BDRV_BLOCK_OFFSET_VALID;
 ret |= (offset + (index_in_cluster << BDRV_SECTOR_BITS))
 & BDRV_BLOCK_OFFSET_MASK;
 }
-
+*file = extent->file->bs;
 break;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 22/48] block: Remove BDS close notifier

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

It is unused now, so we can remove it.

Signed-off-by: Max Reitz 
Reviewed-by: Fam Zheng 
Reviewed-by: Kevin Wolf 
Signed-off-by: Kevin Wolf 
---
 block.c| 8 
 block/block-backend.c  | 7 ---
 include/block/block.h  | 1 -
 include/block/block_int.h  | 2 --
 include/sysemu/block-backend.h | 1 -
 5 files changed, 19 deletions(-)

diff --git a/block.c b/block.c
index 41ab00e..f4312d9 100644
--- a/block.c
+++ b/block.c
@@ -259,7 +259,6 @@ BlockDriverState *bdrv_new(void)
 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
 QLIST_INIT(>op_blockers[i]);
 }
-notifier_list_init(>close_notifiers);
 notifier_with_return_list_init(>before_write_notifiers);
 qemu_co_queue_init(>throttled_reqs[0]);
 qemu_co_queue_init(>throttled_reqs[1]);
@@ -269,11 +268,6 @@ BlockDriverState *bdrv_new(void)
 return bs;
 }
 
-void bdrv_add_close_notifier(BlockDriverState *bs, Notifier *notify)
-{
-notifier_list_add(>close_notifiers, notify);
-}
-
 BlockDriver *bdrv_find_format(const char *format_name)
 {
 BlockDriver *drv1;
@@ -2157,8 +2151,6 @@ void bdrv_close(BlockDriverState *bs)
 bdrv_flush(bs);
 bdrv_drain(bs); /* in case flush left pending I/O */
 
-notifier_list_notify(>close_notifiers, bs);
-
 bdrv_release_named_dirty_bitmaps(bs);
 assert(QLIST_EMPTY(>dirty_bitmaps));
 
diff --git a/block/block-backend.c b/block/block-backend.c
index 1872191..621787c 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -1146,13 +1146,6 @@ void blk_add_insert_bs_notifier(BlockBackend *blk, 
Notifier *notify)
 notifier_list_add(>insert_bs_notifiers, notify);
 }
 
-void blk_add_close_notifier(BlockBackend *blk, Notifier *notify)
-{
-if (blk->bs) {
-bdrv_add_close_notifier(blk->bs, notify);
-}
-}
-
 void blk_io_plug(BlockBackend *blk)
 {
 if (blk->bs) {
diff --git a/include/block/block.h b/include/block/block.h
index 25f36dc..c7345de 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -226,7 +226,6 @@ int bdrv_reopen_prepare(BDRVReopenState *reopen_state,
 void bdrv_reopen_commit(BDRVReopenState *reopen_state);
 void bdrv_reopen_abort(BDRVReopenState *reopen_state);
 void bdrv_close(BlockDriverState *bs);
-void bdrv_add_close_notifier(BlockDriverState *bs, Notifier *notify);
 int bdrv_read(BlockDriverState *bs, int64_t sector_num,
   uint8_t *buf, int nb_sectors);
 int bdrv_read_unthrottled(BlockDriverState *bs, int64_t sector_num,
diff --git a/include/block/block_int.h b/include/block/block_int.h
index ec31df1..8730cf6 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -403,8 +403,6 @@ struct BlockDriverState {
 BdrvChild *backing;
 BdrvChild *file;
 
-NotifierList close_notifiers;
-
 /* Callback before write request is processed */
 NotifierWithReturnList before_write_notifiers;
 
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index e12be67..ae4efb4 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -166,7 +166,6 @@ void blk_remove_aio_context_notifier(BlockBackend *blk,
  void *opaque);
 void blk_add_remove_bs_notifier(BlockBackend *blk, Notifier *notify);
 void blk_add_insert_bs_notifier(BlockBackend *blk, Notifier *notify);
-void blk_add_close_notifier(BlockBackend *blk, Notifier *notify);
 void blk_io_plug(BlockBackend *blk);
 void blk_io_unplug(BlockBackend *blk);
 BlockAcctStats *blk_get_stats(BlockBackend *blk);
-- 
1.8.3.1

[Qemu-devel] [PATCH 09/15] slirp: Clean up includes

2016-01-29 Thread Peter Maydell 
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell 
---
 slirp/arp_table.c  | 1 +
 slirp/bootp.c  | 1 +
 slirp/cksum.c  | 1 +
 slirp/dnssearch.c  | 4 +---
 slirp/if.c | 1 +
 slirp/ip_icmp.c| 1 +
 slirp/ip_input.c   | 1 +
 slirp/ip_output.c  | 1 +
 slirp/mbuf.c   | 1 +
 slirp/misc.c   | 1 +
 slirp/sbuf.c   | 1 +
 slirp/slirp.c  | 1 +
 slirp/socket.c | 1 +
 slirp/tcp_input.c  | 1 +
 slirp/tcp_output.c | 1 +
 slirp/tcp_subr.c   | 1 +
 slirp/tcp_timer.c  | 1 +
 slirp/tftp.c   | 1 +
 slirp/udp.c| 1 +
 19 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/slirp/arp_table.c b/slirp/arp_table.c
index bcaeb44..3547043 100644
--- a/slirp/arp_table.c
+++ b/slirp/arp_table.c
@@ -22,6 +22,7 @@
  * THE SOFTWARE.
  */
 
+#include "qemu/osdep.h"
 #include "slirp.h"
 
 void arp_table_add(Slirp *slirp, uint32_t ip_addr, uint8_t ethaddr[ETH_ALEN])
diff --git a/slirp/bootp.c b/slirp/bootp.c
index 1baaab1..ba953ae 100644
--- a/slirp/bootp.c
+++ b/slirp/bootp.c
@@ -21,6 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#include "qemu/osdep.h"
 #include 
 
 #if defined(_WIN32)
diff --git a/slirp/cksum.c b/slirp/cksum.c
index 6328660..bc0d017 100644
--- a/slirp/cksum.c
+++ b/slirp/cksum.c
@@ -30,6 +30,7 @@
  * in_cksum.c,v 1.2 1994/08/02 07:48:16 davidg Exp
  */
 
+#include "qemu/osdep.h"
 #include 
 
 /*
diff --git a/slirp/dnssearch.c b/slirp/dnssearch.c
index 4c9064e..aed2f13 100644
--- a/slirp/dnssearch.c
+++ b/slirp/dnssearch.c
@@ -22,9 +22,7 @@
  * THE SOFTWARE.
  */
 
-#include 
-#include 
-#include 
+#include "qemu/osdep.h"
 #include 
 #include "slirp.h"
 
diff --git a/slirp/if.c b/slirp/if.c
index 8325a2a..93d7cc0 100644
--- a/slirp/if.c
+++ b/slirp/if.c
@@ -5,6 +5,7 @@
  * terms and conditions of the copyright.
  */
 
+#include "qemu/osdep.h"
 #include 
 #include "qemu/timer.h"
 
diff --git a/slirp/ip_icmp.c b/slirp/ip_icmp.c
index 23b9f0f..92b04d7 100644
--- a/slirp/ip_icmp.c
+++ b/slirp/ip_icmp.c
@@ -30,6 +30,7 @@
  * ip_icmp.c,v 1.7 1995/05/30 08:09:42 rgrimes Exp
  */
 
+#include "qemu/osdep.h"
 #include "slirp.h"
 #include "ip_icmp.h"
 
diff --git a/slirp/ip_input.c b/slirp/ip_input.c
index 7d436e6..e4855ae 100644
--- a/slirp/ip_input.c
+++ b/slirp/ip_input.c
@@ -38,6 +38,7 @@
  * terms and conditions of the copyright.
  */
 
+#include "qemu/osdep.h"
 #include 
 #include 
 #include "ip_icmp.h"
diff --git a/slirp/ip_output.c b/slirp/ip_output.c
index 1254d0d..0d6b3b8 100644
--- a/slirp/ip_output.c
+++ b/slirp/ip_output.c
@@ -38,6 +38,7 @@
  * terms and conditions of the copyright.
  */
 
+#include "qemu/osdep.h"
 #include 
 
 /* Number of packets queued before we start sending
diff --git a/slirp/mbuf.c b/slirp/mbuf.c
index 795fc29..8b99a28 100644
--- a/slirp/mbuf.c
+++ b/slirp/mbuf.c
@@ -15,6 +15,7 @@
  * the flags
  */
 
+#include "qemu/osdep.h"
 #include 
 
 #define MBUF_THRESH 30
diff --git a/slirp/misc.c b/slirp/misc.c
index 5497161..e2eea2e 100644
--- a/slirp/misc.c
+++ b/slirp/misc.c
@@ -5,6 +5,7 @@
  * terms and conditions of the copyright.
  */
 
+#include "qemu/osdep.h"
 #include 
 #include 
 
diff --git a/slirp/sbuf.c b/slirp/sbuf.c
index b8c3db7..dd4cb8c 100644
--- a/slirp/sbuf.c
+++ b/slirp/sbuf.c
@@ -5,6 +5,7 @@
  * terms and conditions of the copyright.
  */
 
+#include "qemu/osdep.h"
 #include 
 #include 
 
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 35f819a..d3dc609 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -21,6 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qemu/timer.h"
 #include "sysemu/char.h"
diff --git a/slirp/socket.c b/slirp/socket.c
index 1673e3a..634b532 100644
--- a/slirp/socket.c
+++ b/slirp/socket.c
@@ -5,6 +5,7 @@
  * terms and conditions of the copyright.
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include 
 #include "ip_icmp.h"
diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c
index 6b096ec..de610e3 100644
--- a/slirp/tcp_input.c
+++ b/slirp/tcp_input.c
@@ -38,6 +38,7 @@
  * terms and conditions of the copyright.
  */
 
+#include "qemu/osdep.h"
 #include 
 #include "ip_icmp.h"
 
diff --git a/slirp/tcp_output.c b/slirp/tcp_output.c
index fafca58..34e4d2e 100644
--- a/slirp/tcp_output.c
+++ b/slirp/tcp_output.c
@@ -38,6 +38,7 @@
  * terms and conditions of the copyright.
  */
 
+#include "qemu/osdep.h"
 #include 
 
 static const u_char  tcp_outflags[TCP_NSTATES] = {
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index e161ed2..499eec3 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -38,6 +38,7 @@
  * terms and conditions of the copyright.
  */
 
+#include "qemu/osdep.h"
 #include 
 
 /* patchable/settable parameters for tcp */
diff --git

[Qemu-devel] [PULL 41/48] vdi: Assign bs->file->bs to file in vdi_co_get_block_status

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Fam Zheng 
Message-id: 1453780743-16806-10-git-send-email-f...@redhat.com
Signed-off-by: Max Reitz 
---
 block/vdi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/vdi.c b/block/vdi.c
index 294c438..b403243 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -551,6 +551,7 @@ static int64_t coroutine_fn 
vdi_co_get_block_status(BlockDriverState *bs,
 offset = s->header.offset_data +
   (uint64_t)bmap_entry * s->block_size +
   sector_in_block * SECTOR_SIZE;
+*file = bs->file->bs;
 return BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID | offset;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PATCH 11/15] qobject: Clean up includes

2016-01-29 Thread Peter Maydell 
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell 
---
 qobject/json-lexer.c| 2 +-
 qobject/json-parser.c   | 2 +-
 qobject/json-streamer.c | 1 +
 qobject/qbool.c | 1 +
 qobject/qdict.c | 1 +
 qobject/qfloat.c| 1 +
 qobject/qint.c  | 1 +
 qobject/qjson.c | 1 +
 qobject/qlist.c | 1 +
 qobject/qnull.c | 1 +
 qobject/qobject.c   | 1 +
 qobject/qstring.c   | 1 +
 12 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c
index 92798ae..496374d9 100644
--- a/qobject/json-lexer.c
+++ b/qobject/json-lexer.c
@@ -11,9 +11,9 @@
  *
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qapi/qmp/json-lexer.h"
-#include 
 
 #define MAX_TOKEN_SIZE (64ULL << 20)
 
diff --git a/qobject/json-parser.c b/qobject/json-parser.c
index 3c5d35d..77c9382 100644
--- a/qobject/json-parser.c
+++ b/qobject/json-parser.c
@@ -11,7 +11,7 @@
  *
  */
 
-#include 
+#include "qemu/osdep.h"
 
 #include "qemu-common.h"
 #include "qapi/qmp/qstring.h"
diff --git a/qobject/json-streamer.c b/qobject/json-streamer.c
index a4db4b8..0251685 100644
--- a/qobject/json-streamer.c
+++ b/qobject/json-streamer.c
@@ -11,6 +11,7 @@
  *
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qapi/qmp/json-lexer.h"
 #include "qapi/qmp/json-streamer.h"
diff --git a/qobject/qbool.c b/qobject/qbool.c
index 856c743..0606bbd 100644
--- a/qobject/qbool.c
+++ b/qobject/qbool.c
@@ -11,6 +11,7 @@
  *
  */
 
+#include "qemu/osdep.h"
 #include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qobject.h"
 #include "qemu-common.h"
diff --git a/qobject/qdict.c b/qobject/qdict.c
index 19df837..9833bd0 100644
--- a/qobject/qdict.c
+++ b/qobject/qdict.c
@@ -10,6 +10,7 @@
  * See the COPYING.LIB file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qapi/qmp/qint.h"
 #include "qapi/qmp/qfloat.h"
 #include "qapi/qmp/qdict.h"
diff --git a/qobject/qfloat.c b/qobject/qfloat.c
index 87d89a7..d5da847 100644
--- a/qobject/qfloat.c
+++ b/qobject/qfloat.c
@@ -11,6 +11,7 @@
  *
  */
 
+#include "qemu/osdep.h"
 #include "qapi/qmp/qfloat.h"
 #include "qapi/qmp/qobject.h"
 #include "qemu-common.h"
diff --git a/qobject/qint.c b/qobject/qint.c
index 7cba9ad..d7d1b30 100644
--- a/qobject/qint.c
+++ b/qobject/qint.c
@@ -10,6 +10,7 @@
  * See the COPYING.LIB file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qapi/qmp/qint.h"
 #include "qapi/qmp/qobject.h"
 #include "qemu-common.h"
diff --git a/qobject/qjson.c b/qobject/qjson.c
index a3e6a7c..b8cc4ca 100644
--- a/qobject/qjson.c
+++ b/qobject/qjson.c
@@ -11,6 +11,7 @@
  *
  */
 
+#include "qemu/osdep.h"
 #include "qapi/qmp/json-lexer.h"
 #include "qapi/qmp/json-parser.h"
 #include "qapi/qmp/json-streamer.h"
diff --git a/qobject/qlist.c b/qobject/qlist.c
index 3c045ae..1ec74de 100644
--- a/qobject/qlist.c
+++ b/qobject/qlist.c
@@ -10,6 +10,7 @@
  * See the COPYING.LIB file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qobject.h"
 #include "qemu/queue.h"
diff --git a/qobject/qnull.c b/qobject/qnull.c
index 5f7ba4d..c124d05 100644
--- a/qobject/qnull.c
+++ b/qobject/qnull.c
@@ -10,6 +10,7 @@
  * or later.  See the COPYING.LIB file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qapi/qmp/qobject.h"
 
diff --git a/qobject/qobject.c b/qobject/qobject.c
index a3ef14e..cd41fb9 100644
--- a/qobject/qobject.c
+++ b/qobject/qobject.c
@@ -7,6 +7,7 @@
  * or later.  See the COPYING.LIB file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
diff --git a/qobject/qstring.c b/qobject/qstring.c
index f44c5c4..5da7b5f 100644
--- a/qobject/qstring.c
+++ b/qobject/qstring.c
@@ -10,6 +10,7 @@
  * See the COPYING.LIB file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qapi/qmp/qobject.h"
 #include "qapi/qmp/qstring.h"
 #include "qemu-common.h"
-- 
1.9.1

[Qemu-devel] [PATCH 10/15] net: Clean up includes

2016-01-29 Thread Peter Maydell 
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell 
---
 net/checksum.c  | 1 +
 net/dump.c  | 1 +
 net/eth.c   | 1 +
 net/filter-buffer.c | 1 +
 net/filter.c| 1 +
 net/hub.c   | 1 +
 net/l2tpv3.c| 2 +-
 net/net.c   | 2 +-
 net/netmap.c| 3 +--
 net/queue.c | 1 +
 net/slirp.c | 2 +-
 net/socket.c| 2 +-
 net/tap-aix.c   | 2 +-
 net/tap-bsd.c   | 1 +
 net/tap-haiku.c | 2 +-
 net/tap-linux.c | 1 +
 net/tap-solaris.c   | 2 +-
 net/tap-win32.c | 2 +-
 net/tap.c   | 3 +--
 net/util.c  | 3 +--
 net/vde.c   | 2 +-
 net/vhost-user.c| 1 +
 22 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/net/checksum.c b/net/checksum.c
index 14c0855..b5016ab 100644
--- a/net/checksum.c
+++ b/net/checksum.c
@@ -15,6 +15,7 @@
  *  along with this program; if not, see .
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "net/checksum.h"
 
diff --git a/net/dump.c b/net/dump.c
index 88d9582..dc0f339 100644
--- a/net/dump.c
+++ b/net/dump.c
@@ -22,6 +22,7 @@
  * THE SOFTWARE.
  */
 
+#include "qemu/osdep.h"
 #include "clients.h"
 #include "qemu-common.h"
 #include "qemu/error-report.h"
diff --git a/net/eth.c b/net/eth.c
index 7c61132..7e32d27 100644
--- a/net/eth.c
+++ b/net/eth.c
@@ -15,6 +15,7 @@
  *
  */
 
+#include "qemu/osdep.h"
 #include "net/eth.h"
 #include "net/checksum.h"
 #include "qemu-common.h"
diff --git a/net/filter-buffer.c b/net/filter-buffer.c
index 57be149..2353d5b 100644
--- a/net/filter-buffer.c
+++ b/net/filter-buffer.c
@@ -6,6 +6,7 @@
  * later.  See the COPYING file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "net/filter.h"
 #include "net/queue.h"
 #include "qemu-common.h"
diff --git a/net/filter.c b/net/filter.c
index 5d90f83..19f0f61 100644
--- a/net/filter.c
+++ b/net/filter.c
@@ -6,6 +6,7 @@
  * later.  See the COPYING file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qapi/qmp/qerror.h"
 #include "qemu/error-report.h"
diff --git a/net/hub.c b/net/hub.c
index 9ae9f01..b6d44fd 100644
--- a/net/hub.c
+++ b/net/hub.c
@@ -12,6 +12,7 @@
  *
  */
 
+#include "qemu/osdep.h"
 #include "monitor/monitor.h"
 #include "net/net.h"
 #include "clients.h"
diff --git a/net/l2tpv3.c b/net/l2tpv3.c
index 21d6119..824161c 100644
--- a/net/l2tpv3.c
+++ b/net/l2tpv3.c
@@ -23,9 +23,9 @@
  * THE SOFTWARE.
  */
 
+#include "qemu/osdep.h"
 #include 
 #include 
-#include "config-host.h"
 #include "net/net.h"
 #include "clients.h"
 #include "qemu-common.h"
diff --git a/net/net.c b/net/net.c
index 87dd356..01ba117 100644
--- a/net/net.c
+++ b/net/net.c
@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
-#include "config-host.h"
+#include "qemu/osdep.h"
 
 #include "net/net.h"
 #include "clients.h"
diff --git a/net/netmap.c b/net/netmap.c
index 5558368..a39ca4b 100644
--- a/net/netmap.c
+++ b/net/netmap.c
@@ -23,11 +23,10 @@
  */
 
 
+#include "qemu/osdep.h"
 #include 
 #include 
 #include 
-#include 
-#include 
 #define NETMAP_WITH_LIBS
 #include 
 #include 
diff --git a/net/queue.c b/net/queue.c
index de8b9d3..9c32abd 100644
--- a/net/queue.c
+++ b/net/queue.c
@@ -21,6 +21,7 @@
  * THE SOFTWARE.
  */
 
+#include "qemu/osdep.h"
 #include "net/queue.h"
 #include "qemu/queue.h"
 #include "net/net.h"
diff --git a/net/slirp.c b/net/slirp.c
index f505570..e2b500b 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -21,9 +21,9 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#include "qemu/osdep.h"
 #include "net/slirp.h"
 
-#include "config-host.h"
 
 #ifndef _WIN32
 #include 
diff --git a/net/socket.c b/net/socket.c
index e8605d4..e32e3cb 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -21,7 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
-#include "config-host.h"
+#include "qemu/osdep.h"
 
 #include "net/net.h"
 #include "clients.h"
diff --git a/net/tap-aix.c b/net/tap-aix.c
index e84fc39..9d830b7 100644
--- a/net/tap-aix.c
+++ b/net/tap-aix.c
@@ -22,8 +22,8 @@
  * THE SOFTWARE.
  */
 
+#include "qemu/osdep.h"
 #include "tap_int.h"
-#include 
 
 int tap_open(char *ifname, int ifname_size, int *vnet_hdr,
  int vnet_hdr_required, int mq_required, Error **errp)
diff --git a/net/tap-bsd.c b/net/tap-bsd.c
index 0103a97..83de19a 100644
--- a/net/tap-bsd.c
+++ b/net/tap-bsd.c
@@ -22,6 +22,7 @@
  * THE SOFTWARE.
  */
 
+#include "qemu/osdep.h"
 #include "tap_int.h"
 #include "qemu-common.h"
 #include "sysemu/sysemu.h"
diff --git a/net/tap-haiku.c b/net/tap-haiku.c
index 2e738ec..397e532 100644
--- a/net/tap-haiku.c
+++

Re: [Qemu-devel] [PULL 00/48] Block patches

2016-01-29 Thread Peter Maydell 
On 29 January 2016 at 17:37, Kevin Wolf  wrote:
> The following changes since commit 047e363b05679724d6b784c6ec6310697fe48ba0:
>
>   Merge remote-tracking branch 
> 'remotes/pmaydell/tags/pull-softfloat-20160122' into staging (2016-01-22 
> 15:19:21 +)
>
> are available in the git repository at:
>
>
>   git://repo.or.cz/qemu/kevin.git tags/for-upstream
>
> for you to fetch changes up to ae873754e7b51f66f2b944f49b7baff2730ec511:
>
>   Merge remote-tracking branch 'mreitz/tags/pull-block-for-kevin-2016-01-29' 
> into queue-block (2016-01-29 18:11:39 +0100)
>
> 
>
> Block layer patches

Hi. I'm afraid this has some conflicts in hw/block/fdc.c which aren't
immediately obvious how to resolve. (Looks like clash between the
'add pick_drive' patch in John's recent IDE pull and Max's tray
status stuff here.)

Can you fix up and resend, please?

thanks
-- PMM

Re: [Qemu-devel] [PATCH 1/8] target-arm: Properly support EL2 and EL3 in arm_el_is_aa64()

2016-01-29 Thread Peter Maydell 
On 29 January 2016 at 16:45, Sergey Fedorov  wrote:
> On 14.01.2016 21:34, Peter Maydell wrote:
>> Support EL2 and EL3 in arm_el_is_aa64() by implementing the
>> logic for checking the SCR_EL3 and HCR_EL2 register-width bits
>> as appropriate to determine the register width of lower exception
>> levels.
>
> Reviewed-by: Sergey Fedorov 

Thanks for the review, but this series went into master last week :-)

-- PMM

[Qemu-devel] [PULL 10/48] iotests: Move _filter_nbd into common.filter

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

_filter_nbd can be useful for other NBD tests, too, therefore it should
reside in common.filter.

Signed-off-by: Max Reitz 
Reviewed-by: Eric Blake 
Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/083   | 12 
 tests/qemu-iotests/common.filter | 12 
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/tests/qemu-iotests/083 b/tests/qemu-iotests/083
index 36e6de8..aa99278 100755
--- a/tests/qemu-iotests/083
+++ b/tests/qemu-iotests/083
@@ -49,18 +49,6 @@ wait_for_tcp_port() {
done
 }
 
-_filter_nbd()
-{
-# nbd.c error messages contain function names and line numbers that are
-# prone to change.  Message ordering depends on timing between send and
-# receive callbacks sometimes, making them unreliable.
-#
-# Filter out the TCP port number since this changes between runs.
-sed -e 's#^.*nbd/.*\.c:.*##g' \
--e 's#nbd:127\.0\.0\.1:[^:]*:#nbd:127\.0\.0\.1:PORT:#g' \
--e 's#\(exportname=foo\|PORT\): Failed to .*$#\1#'
-}
-
 check_disconnect() {
event=$1
when=$2
diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter
index cfdb633..33ed1e4 100644
--- a/tests/qemu-iotests/common.filter
+++ b/tests/qemu-iotests/common.filter
@@ -230,5 +230,17 @@ _filter_qemu_img_map()
 -e 's/Mapped to *//' | _filter_testdir | _filter_imgfmt
 }
 
+_filter_nbd()
+{
+# nbd.c error messages contain function names and line numbers that are
+# prone to change.  Message ordering depends on timing between send and
+# receive callbacks sometimes, making them unreliable.
+#
+# Filter out the TCP port number since this changes between runs.
+sed -e 's#^.*nbd/.*\.c:.*##g' \
+-e 's#nbd:127\.0\.0\.1:[^:]*:#nbd:127\.0\.0\.1:PORT:#g' \
+-e 's#\(exportname=foo\|PORT\): Failed to .*$#\1#'
+}
+
 # make sure this script returns success
 true
-- 
1.8.3.1

[Qemu-devel] [PULL 19/48] virtio-blk: Functions for op blocker management

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

Put the code for setting up and removing op blockers into an own
function, respectively. Then, we can invoke those functions whenever a
BDS is removed from an virtio-blk BB or inserted into it.

Signed-off-by: Max Reitz 
Reviewed-by: Fam Zheng 
Reviewed-by: Kevin Wolf 
Signed-off-by: Kevin Wolf 
---
 hw/block/dataplane/virtio-blk.c | 77 +++--
 1 file changed, 59 insertions(+), 18 deletions(-)

diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index bc34046..ee0c4d4 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -40,6 +40,8 @@ struct VirtIOBlockDataPlane {
 EventNotifier *guest_notifier;  /* irq */
 QEMUBH *bh; /* bh for guest notification */
 
+Notifier insert_notifier, remove_notifier;
+
 /* Note that these EventNotifiers are assigned by value.  This is
  * fine as long as you do not call event_notifier_cleanup on them
  * (because you don't own the file descriptor or handle; you just
@@ -137,6 +139,54 @@ static void handle_notify(EventNotifier *e)
 blk_io_unplug(s->conf->conf.blk);
 }
 
+static void data_plane_set_up_op_blockers(VirtIOBlockDataPlane *s)
+{
+assert(!s->blocker);
+error_setg(>blocker, "block device is in use by data plane");
+blk_op_block_all(s->conf->conf.blk, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_RESIZE, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_DRIVE_DEL, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_BACKUP_SOURCE, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_CHANGE, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_COMMIT_SOURCE, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_COMMIT_TARGET, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_EJECT, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_EXTERNAL_SNAPSHOT,
+   s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT,
+   s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT_DELETE,
+   s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_MIRROR_SOURCE, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_STREAM, s->blocker);
+blk_op_unblock(s->conf->conf.blk, BLOCK_OP_TYPE_REPLACE, s->blocker);
+}
+
+static void data_plane_remove_op_blockers(VirtIOBlockDataPlane *s)
+{
+if (s->blocker) {
+blk_op_unblock_all(s->conf->conf.blk, s->blocker);
+error_free(s->blocker);
+s->blocker = NULL;
+}
+}
+
+static void data_plane_blk_insert_notifier(Notifier *n, void *data)
+{
+VirtIOBlockDataPlane *s = container_of(n, VirtIOBlockDataPlane,
+   insert_notifier);
+assert(s->conf->conf.blk == data);
+data_plane_set_up_op_blockers(s);
+}
+
+static void data_plane_blk_remove_notifier(Notifier *n, void *data)
+{
+VirtIOBlockDataPlane *s = container_of(n, VirtIOBlockDataPlane,
+   remove_notifier);
+assert(s->conf->conf.blk == data);
+data_plane_remove_op_blockers(s);
+}
+
 /* Context: QEMU global mutex held */
 void virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf,
   VirtIOBlockDataPlane **dataplane,
@@ -179,22 +229,12 @@ void virtio_blk_data_plane_create(VirtIODevice *vdev, 
VirtIOBlkConf *conf,
 s->ctx = iothread_get_aio_context(s->iothread);
 s->bh = aio_bh_new(s->ctx, notify_guest_bh, s);
 
-error_setg(>blocker, "block device is in use by data plane");
-blk_op_block_all(conf->conf.blk, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_RESIZE, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_DRIVE_DEL, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_BACKUP_SOURCE, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_CHANGE, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_COMMIT_SOURCE, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_COMMIT_TARGET, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_EJECT, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_EXTERNAL_SNAPSHOT, 
s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT, 
s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT_DELETE,
-   s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_MIRROR_SOURCE, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_STREAM, s->blocker);
-blk_op_unblock(conf->conf.blk, BLOCK_OP_TYPE_REPLACE, s->blocker);
+s->insert_notifier.notify = data_plane_blk_insert_notifier;
+

[Qemu-devel] [PULL 15/48] block: Remove unused struct definition BlockFinishData

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Unused since 94db6d2d3.

Signed-off-by: Fam Zheng 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Kevin Wolf 
---
 blockjob.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/blockjob.c b/blockjob.c
index 80adb9d..a692142 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -278,14 +278,6 @@ void block_job_iostatus_reset(BlockJob *job)
 }
 }
 
-struct BlockFinishData {
-BlockJob *job;
-BlockCompletionFunc *cb;
-void *opaque;
-bool cancelled;
-int ret;
-};
-
 static int block_job_finish_sync(BlockJob *job,
  void (*finish)(BlockJob *, Error **errp),
  Error **errp)
-- 
1.8.3.1

[Qemu-devel] [PULL 08/48] iotests: Rename filter_nbd to _filter_nbd in 083

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

In the patch after the next, this function is moved to common.filter.
Therefore, its name should be preceded by an underscore to signify its
global availability.

To keep the code motion patch clean, we cannot rename it in the same
patch, so we need to choose some order of renaming vs. motion. It is
better to keep a supposedly global function used by only a single test
in that test than to keep a supposedly local function in a common* file
and use it from a test, so we should rename the function before moving
it.

Signed-off-by: Max Reitz 
Reviewed-by: John Snow 
Reviewed-by: Fam Zheng 
Reviewed-by: Kevin Wolf 
Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/083 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/083 b/tests/qemu-iotests/083
index 566da99..13495bc 100755
--- a/tests/qemu-iotests/083
+++ b/tests/qemu-iotests/083
@@ -49,7 +49,7 @@ wait_for_tcp_port() {
done
 }
 
-filter_nbd() {
+_filter_nbd() {
# nbd.c error messages contain function names and line numbers that are 
prone
# to change.  Message ordering depends on timing between send and 
receive
# callbacks sometimes, making them unreliable.
@@ -84,7 +84,7 @@ EOF
 
$PYTHON nbd-fault-injector.py $extra_args "127.0.0.1:$port" 
"$TEST_DIR/nbd-fault-injector.conf" 2>&1 >/dev/null &
wait_for_tcp_port "127\\.0\\.0\\.1:$port"
-   $QEMU_IO -c "read 0 512" "$nbd_url" 2>&1 | _filter_qemu_io | filter_nbd
+   $QEMU_IO -c "read 0 512" "$nbd_url" 2>&1 | _filter_qemu_io | _filter_nbd
 
echo
 }
-- 
1.8.3.1

[Qemu-devel] [PULL 23/48] block: Use blk_remove_bs() in blk_delete()

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
Reviewed-by: Fam Zheng 
Signed-off-by: Kevin Wolf 
---
 block/block-backend.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index 621787c..7f5ad59 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -166,10 +166,7 @@ static void blk_delete(BlockBackend *blk)
 assert(!blk->refcnt);
 assert(!blk->dev);
 if (blk->bs) {
-assert(blk->bs->blk == blk);
-blk->bs->blk = NULL;
-bdrv_unref(blk->bs);
-blk->bs = NULL;
+blk_remove_bs(blk);
 }
 assert(QLIST_EMPTY(>remove_bs_notifiers.notifiers));
 assert(QLIST_EMPTY(>insert_bs_notifiers.notifiers));
@@ -351,6 +348,8 @@ void blk_hide_on_behalf_of_hmp_drive_del(BlockBackend *blk)
  */
 void blk_remove_bs(BlockBackend *blk)
 {
+assert(blk->bs->blk == blk);
+
 notifier_list_notify(>remove_bs_notifiers, blk);
 
 blk_update_root_state(blk);
-- 
1.8.3.1

[Qemu-devel] [PULL 34/48] qcow: Assign bs->file->bs to file in qcow_co_get_block_status

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Reviewed-by: Eric Blake 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Fam Zheng 
Message-id: 1453780743-16806-3-git-send-email-f...@redhat.com
Signed-off-by: Max Reitz 
---
 block/qcow.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/qcow.c b/block/qcow.c
index 4202797..251910c 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -510,6 +510,7 @@ static int64_t coroutine_fn 
qcow_co_get_block_status(BlockDriverState *bs,
 return BDRV_BLOCK_DATA;
 }
 cluster_offset |= (index_in_cluster << BDRV_SECTOR_BITS);
+*file = bs->file->bs;
 return BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID | cluster_offset;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 45/48] block: Use returned *file in bdrv_co_get_block_status

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Now that all drivers return the right "file" pointer, we can use it.

Signed-off-by: Fam Zheng 
Reviewed-by: Max Reitz 
Message-id: 1453780743-16806-14-git-send-email-f...@redhat.com
Signed-off-by: Max Reitz 
---
 block/io.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/io.c b/block/io.c
index ea040be..343ff1f 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1554,13 +1554,13 @@ static int64_t coroutine_fn 
bdrv_co_get_block_status(BlockDriverState *bs,
 }
 }
 
-if (bs->file &&
+if (*file && *file != bs &&
 (ret & BDRV_BLOCK_DATA) && !(ret & BDRV_BLOCK_ZERO) &&
 (ret & BDRV_BLOCK_OFFSET_VALID)) {
 BlockDriverState *file2;
 int file_pnum;
 
-ret2 = bdrv_co_get_block_status(bs->file->bs, ret >> BDRV_SECTOR_BITS,
+ret2 = bdrv_co_get_block_status(*file, ret >> BDRV_SECTOR_BITS,
 *pnum, _pnum, );
 if (ret2 >= 0) {
 /* Ignore errors.  This is just providing extra information, it
-- 
1.8.3.1

[Qemu-devel] [PULL 24/48] blockdev: Use blk_remove_bs() in do_drive_del()

2016-01-29 Thread Kevin Wolf 
From: Max Reitz 

Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
Reviewed-by: Fam Zheng 
Signed-off-by: Kevin Wolf 
---
 blockdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blockdev.c b/blockdev.c
index 1044a6a..09d4621 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2792,7 +2792,7 @@ void hmp_drive_del(Monitor *mon, const QDict *qdict)
 return;
 }
 
-bdrv_close(bs);
+blk_remove_bs(blk);
 }
 
 /* if we have a device attached to this BlockDriverState
-- 
1.8.3.1

[Qemu-devel] [PATCH 01/15] ui: Clean up includes

2016-01-29 Thread Peter Maydell 
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell 
---
 ui/console-gl.c  | 1 +
 ui/console.c | 1 +
 ui/curses.c  | 1 +
 ui/cursor.c  | 1 +
 ui/egl-context.c | 1 +
 ui/egl-helpers.c | 9 +
 ui/gtk-egl.c | 1 +
 ui/gtk-gl-area.c | 1 +
 ui/gtk.c | 1 +
 ui/input-keymap.c| 1 +
 ui/input-legacy.c| 2 +-
 ui/input.c   | 1 +
 ui/keymaps.c | 1 +
 ui/qemu-pixman.c | 1 +
 ui/sdl.c | 1 +
 ui/sdl2-2d.c | 1 +
 ui/sdl2-gl.c | 1 +
 ui/sdl2-input.c  | 1 +
 ui/sdl2.c| 1 +
 ui/sdl_zoom.c| 4 +---
 ui/shader.c  | 1 +
 ui/spice-core.c  | 1 +
 ui/spice-display.c   | 1 +
 ui/spice-input.c | 5 +
 ui/vnc-auth-sasl.c   | 1 +
 ui/vnc-auth-vencrypt.c   | 1 +
 ui/vnc-enc-hextile.c | 1 +
 ui/vnc-enc-tight.c   | 3 +--
 ui/vnc-enc-zlib.c| 1 +
 ui/vnc-enc-zrle-template.c   | 2 +-
 ui/vnc-enc-zrle.c| 1 +
 ui/vnc-enc-zywrle-template.c | 1 +
 ui/vnc-jobs.c| 1 +
 ui/vnc-palette.c | 2 +-
 ui/vnc-ws.c  | 1 +
 ui/vnc.c | 2 +-
 ui/x_keymap.c| 1 +
 37 files changed, 37 insertions(+), 21 deletions(-)

diff --git a/ui/console-gl.c b/ui/console-gl.c
index baf397b..74b1bed 100644
--- a/ui/console-gl.c
+++ b/ui/console-gl.c
@@ -24,6 +24,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "ui/console.h"
 #include "ui/shader.h"
diff --git a/ui/console.c b/ui/console.c
index fe950c6..309e10a 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -21,6 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "ui/console.h"
 #include "hw/qdev-core.h"
diff --git a/ui/curses.c b/ui/curses.c
index 274e09b..b475589 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -21,6 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#include "qemu/osdep.h"
 #include 
 
 #ifndef _WIN32
diff --git a/ui/cursor.c b/ui/cursor.c
index 2b8dd3f..a276e01 100644
--- a/ui/cursor.c
+++ b/ui/cursor.c
@@ -1,3 +1,4 @@
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "ui/console.h"
 
diff --git a/ui/egl-context.c b/ui/egl-context.c
index 40102e3..3a02b68 100644
--- a/ui/egl-context.c
+++ b/ui/egl-context.c
@@ -1,3 +1,4 @@
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "ui/egl-context.h"
 
diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c
index 87d77af..4c83834 100644
--- a/ui/egl-helpers.c
+++ b/ui/egl-helpers.c
@@ -1,11 +1,4 @@
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
+#include "qemu/osdep.h"
 #include 
 
 #include "ui/egl-helpers.h"
diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c
index 500c42c..431457c 100644
--- a/ui/gtk-egl.c
+++ b/ui/gtk-egl.c
@@ -11,6 +11,7 @@
  * See the COPYING file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 
 #include "trace.h"
diff --git a/ui/gtk-gl-area.c b/ui/gtk-gl-area.c
index dec3edb..b86ff3c 100644
--- a/ui/gtk-gl-area.c
+++ b/ui/gtk-gl-area.c
@@ -7,6 +7,7 @@
  * See the COPYING file in the top-level directory.
  */
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 
 #include "trace.h"
diff --git a/ui/gtk.c b/ui/gtk.c
index ce7018e..a4f5399 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -34,6 +34,7 @@
 #define GETTEXT_PACKAGE "qemu"
 #define LOCALEDIR "po"
 
+#include "qemu/osdep.h"
 #include "qemu-common.h"
 
 #include "ui/console.h"
diff --git a/ui/input-keymap.c b/ui/input-keymap.c
index 63d71d2..fd2c09d 100644
--- a/ui/input-keymap.c
+++ b/ui/input-keymap.c
@@ -1,3 +1,4 @@
+#include "qemu/osdep.h"
 #include "sysemu/sysemu.h"
 #include "ui/keymaps.h"
 #include "ui/input.h"
diff --git a/ui/input-legacy.c b/ui/input-legacy.c
index 35dfc27..093f3d1 100644
--- a/ui/input-legacy.c
+++ b/ui/input-legacy.c
@@ -22,9 +22,9 @@
  * THE SOFTWARE.
  */
 
+#include "qemu/osdep.h"
 #include "sysemu/sysemu.h"
 #include "ui/console.h"
-#include "qapi/error.h"
 #include "qmp-commands.h"
 #include "qapi-types.h"
 #include "ui/keymaps.h"
diff --git a/ui/input.c b/ui/input.c
index 006667b..bdcb974 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -1,3 +1,4 @@
+#include "qemu/osdep.h"
 #include "hw/qdev.h"
 #include "sysemu/sysemu.h"
 #include "qapi-types.h"
diff --git a/ui/keymaps.c b/ui/keymaps.c
index 1b9ba3f..8899a0b 100644
--- a/ui/keymaps.c
+++

[Qemu-devel] [PULL 42/48] vpc: Assign bs->file->bs to file in vpc_co_get_block_status

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Fam Zheng 
Message-id: 1453780743-16806-11-git-send-email-f...@redhat.com
Signed-off-by: Max Reitz 
---
 block/vpc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/block/vpc.c b/block/vpc.c
index a070307..f504536 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -589,6 +589,7 @@ static int64_t coroutine_fn 
vpc_co_get_block_status(BlockDriverState *bs,
 
 if (be32_to_cpu(footer->type) == VHD_FIXED) {
 *pnum = nb_sectors;
+*file = bs->file->bs;
 return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID | BDRV_BLOCK_DATA |
(sector_num << BDRV_SECTOR_BITS);
 }
@@ -610,6 +611,7 @@ static int64_t coroutine_fn 
vpc_co_get_block_status(BlockDriverState *bs,
 /* *pnum can't be greater than one block for allocated
  * sectors since there is always a bitmap in between. */
 if (allocated) {
+*file = bs->file->bs;
 return BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID | start;
 }
 if (nb_sectors == 0) {
-- 
1.8.3.1

[Qemu-devel] [PULL 43/48] vmdk: Fix calculation of block status's offset

2016-01-29 Thread Kevin Wolf 
From: Fam Zheng 

"offset" is the offset of cluster and sector_num doesn't necessarily
refer to the start of it, it should add index_in_cluster.

Signed-off-by: Fam Zheng 
Message-id: 1453780743-16806-12-git-send-email-f...@redhat.com
Reviewed-by: Max Reitz 
Signed-off-by: Max Reitz 
---
 block/vmdk.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/block/vmdk.c b/block/vmdk.c
index 109fd5f..9d5a18a 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -1278,6 +1278,7 @@ static int64_t coroutine_fn 
vmdk_co_get_block_status(BlockDriverState *bs,
  0, 0);
 qemu_co_mutex_unlock(>lock);
 
+index_in_cluster = vmdk_find_index_in_cluster(extent, sector_num);
 switch (ret) {
 case VMDK_ERROR:
 ret = -EIO;
@@ -1291,13 +1292,14 @@ static int64_t coroutine_fn 
vmdk_co_get_block_status(BlockDriverState *bs,
 case VMDK_OK:
 ret = BDRV_BLOCK_DATA;
 if (extent->file == bs->file && !extent->compressed) {
-ret |= BDRV_BLOCK_OFFSET_VALID | offset;
+ret |= BDRV_BLOCK_OFFSET_VALID;
+ret |= (offset + (index_in_cluster << BDRV_SECTOR_BITS))
+& BDRV_BLOCK_OFFSET_MASK;
 }
 
 break;
 }
 
-index_in_cluster = vmdk_find_index_in_cluster(extent, sector_num);
 n = extent->cluster_sectors - index_in_cluster;
 if (n > nb_sectors) {
 n = nb_sectors;
-- 
1.8.3.1

<    1   2   3   4   >