Re: [Qemu-devel] [PATCH v4 5/5] replay: introduce block devices record/replay

[Pavel Dovgalyuk]

> From: Stefan Hajnoczi [mailto:stefa...@redhat.com]
> On Thu, Mar 10, 2016 at 02:56:20PM +0300, Pavel Dovgalyuk wrote:
> > +static void block_request_create(uint64_t reqid, BlockDriverState *bs,
> > + Coroutine *co)
> > +{
> > +Request *req = g_new(Request, 1);
> > +*req = (Request) {
> > +.co = co,
> > +.bh = aio_bh_new(bdrv_get_aio_context(bs), blkreplay_bh_cb, req),
> > +};
> > +replay_block_event(req->bh, reqid);
> 
> Regarding thread safety: is replay_block_event() thread-safe?

It is. Replay module has its own mutex for file and data structures protection.

> 
> If QEMU runs with IOThreads then this might not be called under the QEMU
> global mutex.


Pavel Dovgalyuk

Re: [Qemu-devel] [PATCH v4 5/5] replay: introduce block devices record/replay

[Pavel Dovgalyuk]

> From: Stefan Hajnoczi [mailto:stefa...@redhat.com]
> On Thu, Mar 10, 2016 at 02:56:20PM +0300, Pavel Dovgalyuk wrote:
> > @@ -135,7 +138,7 @@ void replay_add_event(ReplayAsyncEventKind event_kind,
> >
> >  void replay_bh_schedule_event(QEMUBH *bh)
> >  {
> > -if (replay_mode != REPLAY_MODE_NONE) {
> > +if (replay_mode != REPLAY_MODE_NONE && events_enabled) {
> >  uint64_t id = replay_get_current_step();
> >  replay_add_event(REPLAY_ASYNC_EVENT_BH, bh, NULL, id);
> >  } else {
> 
> Is this hunk a fix that should be in a separate patch or squashed into a
> previous patch?

Right, this is a fix of a separate bug. It manifests itself only
with this block patch, but I can separate it for clearness.

Pavel Dovgalyuk

Re: [Qemu-devel] [PATCH] correct comment of MemoryHotplugState

[Cao jin]

Hi,
Is anyone gonna take this one?

On 03/03/2016 09:59 PM, Igor Mammedov wrote:

On Thu, 3 Mar 2016 17:24:12 +0800
Cao jin  wrote:


correct comment and remove an unused macro. commit adcb4ee6 already
correct its type

Signed-off-by: Cao jin 

Reviewed-by: Igor Mammedov 





--
Yours Sincerely,

Cao jin

[Qemu-devel] [PATCH v4 1/4] hw/timer: Add ASPEED timer device model

[Andrew Jeffery]

Implement basic ASPEED timer functionality for the AST2400 SoC[1]: Up to
8 timers can independently be configured, enabled, reset and disabled.
Some hardware features are not implemented, namely clock value matching
and pulse generation, but the implementation is enough to boot the Linux
kernel configured with aspeed_defconfig.

[1] http://www.aspeedtech.com/products.php?fPath=20=376

Signed-off-by: Andrew Jeffery 
---
Since v3:
  * Drop unnecessary mention of VMStateDescription in timer_to_ctrl description
  * Mention hw/timer/a9gtimer.c with respect to clock value matching
  * Add missing VMSTATE_END_OF_LIST() to vmstate_aspeed_timer_state

Since v2:
  * Improve handling of timer configuration with respect to enabled state
  * Remove redundant enabled member from AspeedTimer
  * Implement VMStateDescriptions
  * Fix interrupt behaviour (edge triggered, both edges)
  * Fix various issues with trace-event declarations
  * Include qemu/osdep.h

Since v1:
  * Refactor initialisation of and respect requested clock rates (APB/External)
  * Simplify some index calculations
  * Use tracing infrastructure instead of internal DPRINTF
  * Enforce access size constraints and alignment in MemoryRegionOps

 default-configs/arm-softmmu.mak |   1 +
 hw/timer/Makefile.objs  |   1 +
 hw/timer/aspeed_timer.c | 451 
 include/hw/timer/aspeed_timer.h |  59 ++
 trace-events|   9 +
 5 files changed, 521 insertions(+)
 create mode 100644 hw/timer/aspeed_timer.c
 create mode 100644 include/hw/timer/aspeed_timer.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index a9f82a1..2bcd236 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -110,3 +110,4 @@ CONFIG_IOH3420=y
 CONFIG_I82801B11=y
 CONFIG_ACPI=y
 CONFIG_SMBIOS=y
+CONFIG_ASPEED_SOC=y
diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index 5cfea6e..003c14f 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -32,3 +32,4 @@ obj-$(CONFIG_MC146818RTC) += mc146818rtc.o
 obj-$(CONFIG_ALLWINNER_A10_PIT) += allwinner-a10-pit.o
 
 common-obj-$(CONFIG_STM32F2XX_TIMER) += stm32f2xx_timer.o
+common-obj-$(CONFIG_ASPEED_SOC) += aspeed_timer.o
diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
new file mode 100644
index 000..0e82178
--- /dev/null
+++ b/hw/timer/aspeed_timer.c
@@ -0,0 +1,452 @@
+/*
+ * ASPEED AST2400 Timer
+ *
+ * Andrew Jeffery 
+ *
+ * Copyright (C) 2016 IBM Corp.
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/ptimer.h"
+#include "hw/sysbus.h"
+#include "hw/timer/aspeed_timer.h"
+#include "qemu-common.h"
+#include "qemu/bitops.h"
+#include "qemu/main-loop.h"
+#include "qemu/timer.h"
+#include "trace.h"
+
+#define TIMER_NR_REGS 4
+
+#define TIMER_CTRL_BITS 4
+#define TIMER_CTRL_MASK ((1 << TIMER_CTRL_BITS) - 1)
+
+#define TIMER_CLOCK_USE_EXT true
+#define TIMER_CLOCK_EXT_HZ 100
+#define TIMER_CLOCK_USE_APB false
+#define TIMER_CLOCK_APB_HZ 2400
+
+#define TIMER_REG_STATUS 0
+#define TIMER_REG_RELOAD 1
+#define TIMER_REG_MATCH_FIRST 2
+#define TIMER_REG_MATCH_SECOND 3
+
+#define TIMER_FIRST_CAP_PULSE 4
+
+enum timer_ctrl_op {
+op_enable = 0,
+op_external_clock,
+op_overflow_interrupt,
+op_pulse_enable
+};
+
+/**
+ * Avoid mutual references between AspeedTimerCtrlState and AspeedTimer
+ * structs, as it's a waste of memory. The ptimer BH callback needs to know
+ * whether a specific AspeedTimer is enabled, but this information is held in
+ * AspeedTimerCtrlState. So, provide a helper to hoist ourselves from an
+ * arbitrary AspeedTimer to AspeedTimerCtrlState.
+ */
+static inline struct AspeedTimerCtrlState *timer_to_ctrl(AspeedTimer *t)
+{
+AspeedTimer (*timers)[] = (void *)t - (t->id * sizeof(*t));
+return container_of(timers, AspeedTimerCtrlState, timers);
+}
+
+static inline bool timer_ctrl_status(AspeedTimer *t, enum timer_ctrl_op op)
+{
+return !!(timer_to_ctrl(t)->ctrl & BIT(t->id * TIMER_CTRL_BITS + op));
+}
+
+static inline bool timer_enabled(AspeedTimer *t)
+{
+return timer_ctrl_status(t, op_enable);
+}
+
+static inline bool timer_overflow_interrupt(AspeedTimer *t)
+{
+return timer_ctrl_status(t, op_overflow_interrupt);
+}
+
+static inline bool timer_can_pulse(AspeedTimer *t)
+{
+return t->id >= TIMER_FIRST_CAP_PULSE;
+}
+
+static void aspeed_timer_expire(void *opaque)
+{
+AspeedTimer *t = opaque;
+
+/* Only support interrupts on match values of zero for the moment - this is
+ * sufficient to boot an aspeed_defconfig Linux kernel.
+ *
+ * TODO: matching on arbitrary values (see e.g. hw/timer/a9gtimer.c)
+ */
+bool match = !(t->match[0] && t->match[1]);
+bool interrupt = timer_overflow_interrupt(t) || match;
+if (timer_enabled(t) && interrupt) {
+

[Qemu-devel] [PATCH v4 4/4] hw/arm: Add opbmc2400, an AST2400 OpenPOWER BMC machine

[Andrew Jeffery]

The new machine, opbmc2400, is a thin layer over the AST2400
ARM926-based SoC[1]. Between the minimal machine and the current SoC
implementation there is enough functionality to boot an aspeed_defconfig
Linux kernel to userspace.

The machine name is a pragmatic choice, as there doesn't appear to be a
common, formal name for the hardware configuration that isn't generic
(e.g. 'BMC' or 'AST2400').

[1] http://www.aspeedtech.com/products.php?fPath=20=376

Signed-off-by: Andrew Jeffery 
---
Since v3:

  * Split the machine from the SoC implementation

I've gone the route of inventing a machine name as it seemed there are very few
cases of appending _soc to the chip name or beginning a machine name with mach_
as an outlet for a lack of creativity. It seems only fair to leave the 'ast2400'
namespace to the SoC itself, as it's unlikely that the OpenPOWER BMC is the
SoC's only consumer. I feel that 'opbmc2400' is a reasonable choice; it's not
overly long, and appending the SoC's marketing number leaves the door open to
future OpenPOWER BMC machines with e.g. the AST2500 series SoC.

Since v2:
  * Implement a SOC model to move code out from the machine definition
  * Rework the machine to better use QOM
  * Include qemu/osdep.h
  * Revert back to qemu_log_mask(LOG_UNIMP, ...) in IO handlers

 hw/arm/Makefile.objs |  2 +-
 hw/arm/opbmc2400.c   | 66 
 2 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/opbmc2400.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index f333b7f..7b80460 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -16,4 +16,4 @@ obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
-obj-$(CONFIG_ASPEED_SOC) += ast2400.o
+obj-$(CONFIG_ASPEED_SOC) += ast2400.o opbmc2400.o
diff --git a/hw/arm/opbmc2400.c b/hw/arm/opbmc2400.c
new file mode 100644
index 000..a428364
--- /dev/null
+++ b/hw/arm/opbmc2400.c
@@ -0,0 +1,66 @@
+/*
+ * OpenPOWER BMC with AST2400 SoC
+ *
+ * Andrew Jeffery 
+ *
+ * Copyright 2016 IBM Corp.
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "exec/address-spaces.h"
+#include "hw/arm/arm.h"
+#include "hw/arm/ast2400.h"
+#include "hw/boards.h"
+
+static struct arm_boot_info opbmc2400_binfo = {
+.loader_start = AST2400_SDRAM_BASE,
+.board_id = 0,
+.nb_cpus = 1,
+};
+
+typedef struct OPBMC2400State {
+AST2400State soc;
+MemoryRegion ram;
+} OPBMC2400State;
+
+static void opbmc2400_init(MachineState *machine)
+{
+OPBMC2400State *opbmc2400;
+
+opbmc2400 = g_new0(OPBMC2400State, 1);
+object_initialize(>soc, (sizeof(opbmc2400->soc)), TYPE_AST2400);
+object_property_add_child(OBJECT(machine), "soc", OBJECT(>soc),
+  _abort);
+
+memory_region_allocate_system_memory(>ram, NULL, "ram",
+ ram_size);
+memory_region_add_subregion(get_system_memory(), AST2400_SDRAM_BASE,
+>ram);
+object_property_add_const_link(OBJECT(>soc), "ram",
+   OBJECT(>ram), _abort);
+object_property_set_bool(OBJECT(>soc), true, "realized",
+ _abort);
+
+opbmc2400_binfo.kernel_filename = machine->kernel_filename;
+opbmc2400_binfo.initrd_filename = machine->initrd_filename;
+opbmc2400_binfo.kernel_cmdline = machine->kernel_cmdline;
+opbmc2400_binfo.ram_size = ram_size;
+arm_load_kernel(ARM_CPU(first_cpu), _binfo);
+}
+
+static void opbmc2400_machine_init(MachineClass *mc)
+{
+mc->desc = "OpenPOWER AST2400 BMC (ARM926EJ-S)";
+mc->init = opbmc2400_init;
+mc->max_cpus = 1;
+mc->no_sdcard = 1;
+mc->no_floppy = 1;
+mc->no_cdrom = 1;
+mc->no_sdcard = 1;
+mc->no_parallel = 1;
+}
+
+DEFINE_MACHINE("opbmc2400", opbmc2400_machine_init);
-- 
2.5.0

[Qemu-devel] [PATCH v4 2/4] hw/intc: Add (new) ASPEED VIC device model

[Andrew Jeffery]

Implement a basic ASPEED VIC device model for the AST2400 SoC[1], with
enough functionality to boot an aspeed_defconfig Linux kernel. The model
implements the 'new' (revised) register set: While the hardware exposes
both the new and legacy register sets, accesses to the model's legacy
register set will not be serviced (however the access will be logged).

[1] http://www.aspeedtech.com/products.php?fPath=20=376

Signed-off-by: Andrew Jeffery 
---
Since v3:
  * Switch from g_assert() to qemu_log_mask(LOG_GUEST_ERROR, ...) in guest path

Since v2:
  * Implement all supported interrupt types and configurations
  * Implement a VMStateDescription
  * Log accesses to legacy IO space
  * Add documentation on some implementation and hardware details
  * Switch to extract64/deposit64 where possible
  * Drop int_ prefix from some struct member names
  * Fix various issues with trace-event declarations
  * Include qemu/osdep.h

 hw/intc/Makefile.objs|   1 +
 hw/intc/aspeed_vic.c | 339 +++
 include/hw/intc/aspeed_vic.h |  48 ++
 trace-events |   7 +
 4 files changed, 395 insertions(+)
 create mode 100644 hw/intc/aspeed_vic.c
 create mode 100644 include/hw/intc/aspeed_vic.h

diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 6a13a39..0e47f0f 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -31,3 +31,4 @@ obj-$(CONFIG_XICS_KVM) += xics_kvm.o
 obj-$(CONFIG_ALLWINNER_A10_PIC) += allwinner-a10-pic.o
 obj-$(CONFIG_S390_FLIC) += s390_flic.o
 obj-$(CONFIG_S390_FLIC_KVM) += s390_flic_kvm.o
+obj-$(CONFIG_ASPEED_SOC) += aspeed_vic.o
diff --git a/hw/intc/aspeed_vic.c b/hw/intc/aspeed_vic.c
new file mode 100644
index 000..b025de9
--- /dev/null
+++ b/hw/intc/aspeed_vic.c
@@ -0,0 +1,339 @@
+/*
+ * ASPEED Interrupt Controller (New)
+ *
+ * Andrew Jeffery 
+ *
+ * Copyright 2015, 2016 IBM Corp.
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+/* The hardware exposes two register sets, a legacy set and a 'new' set. The
+ * model implements the 'new' register set, and logs warnings on accesses to
+ * the legacy IO space.
+ *
+ * The hardware uses 32bit registers to manage 51 IRQs, with low and high
+ * registers for each conceptual register. The device model's implementation
+ * uses 64bit data types to store both low and high register values (in the one
+ * member), but must cope with access offset values in multiples of 4 passed to
+ * the callbacks. As such the read() and write() implementations process the
+ * provided offset to understand whether the access is requesting the lower or
+ * upper 32 bits of the 64bit member.
+ *
+ * Additionally, the "Interrupt Enable", "Edge Status" and "Software Interrupt"
+ * fields have separate "enable"/"status" and "clear" registers, where set bits
+ * are written to one or the other to change state (avoiding a
+ * read-modify-write sequence).
+ */
+
+#include "qemu/osdep.h"
+#include 
+#include "hw/intc/aspeed_vic.h"
+#include "qemu/bitops.h"
+#include "trace.h"
+
+#define AVIC_NEW_BASE_OFFSET 0x80
+
+#define AVIC_L_MASK 0xU
+#define AVIC_H_MASK 0x0007U
+#define AVIC_EVENT_W_MASK (0x78000ULL << 32)
+
+static void aspeed_vic_update(AspeedVICState *s)
+{
+uint64_t new = (s->raw & s->enable);
+uint64_t flags;
+
+flags = new & s->select;
+trace_aspeed_vic_update_fiq(!!flags);
+qemu_set_irq(s->fiq, !!flags);
+
+flags = new & ~s->select;
+trace_aspeed_vic_update_irq(!!flags);
+qemu_set_irq(s->irq, !!flags);
+}
+
+static void aspeed_vic_set_irq(void *opaque, int irq, int level)
+{
+uint64_t irq_mask;
+bool raise;
+AspeedVICState *s = (AspeedVICState *)opaque;
+
+if (irq > ASPEED_VIC_NR_IRQS) {
+qemu_log_mask(LOG_GUEST_ERROR, "%s: Invalid interrupt number: %d\n",
+  __func__, irq);
+return;
+}
+
+trace_aspeed_vic_set_irq(irq, level);
+
+irq_mask = BIT(irq);
+if (s->sense & irq_mask) {
+/* level-triggered */
+if (s->event & irq_mask) {
+/* high-sensitive */
+raise = level;
+} else {
+/* low-sensitive */
+raise = !level;
+}
+s->raw = deposit64(s->raw, irq, 1, raise);
+} else {
+uint64_t old_level = s->level & irq_mask;
+
+/* edge-triggered */
+if (s->dual_edge & irq_mask) {
+raise = (!!old_level) != (!!level);
+} else {
+if (s->event & irq_mask) {
+/* rising-sensitive */
+raise = !old_level && level;
+} else {
+/* falling-sensitive */
+raise = old_level && !level;
+}
+}
+if (raise) {
+s->raw = deposit64(s->raw, irq, 1, raise);
+}
+}
+s->level = deposit64(s->level, irq, 1, level);
+

[Qemu-devel] [PATCH v4 3/4] hw/arm: Add ASPEED AST2400 SoC model

[Andrew Jeffery]

While the ASPEED AST2400 SoC[1] has a broad range of capabilities this
implementation is minimal, comprising an ARM926 processor, ASPEED VIC
and timer devices, and a 8250 UART.

[1] http://www.aspeedtech.com/products.php?fPath=20=376

Signed-off-by: Andrew Jeffery 
---
Since v3:

  * Split the SoC from the machine implementation

Since v2:
  * Implement a SOC model to move code out from the machine definition
  * Rework the machine to better use QOM
  * Include qemu/osdep.h
  * Revert back to qemu_log_mask(LOG_UNIMP, ...) in IO handlers

 hw/arm/Makefile.objs |   1 +
 hw/arm/ast2400.c | 137 +++
 include/hw/arm/ast2400.h |  35 
 3 files changed, 173 insertions(+)
 create mode 100644 hw/arm/ast2400.c
 create mode 100644 include/hw/arm/ast2400.h

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index a711e4d..f333b7f 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -16,3 +16,4 @@ obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
 obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
+obj-$(CONFIG_ASPEED_SOC) += ast2400.o
diff --git a/hw/arm/ast2400.c b/hw/arm/ast2400.c
new file mode 100644
index 000..ecd9e1e
--- /dev/null
+++ b/hw/arm/ast2400.c
@@ -0,0 +1,137 @@
+/*
+ * AST2400 SoC
+ *
+ * Andrew Jeffery 
+ * Jeremy Kerr 
+ *
+ * Copyright 2016 IBM Corp.
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "exec/address-spaces.h"
+#include "hw/arm/ast2400.h"
+#include "hw/char/serial.h"
+
+#define AST2400_UART_5_BASE  0x00184000
+#define AST2400_IOMEM_SIZE   0x0020
+#define AST2400_IOMEM_BASE   0x1E60
+#define AST2400_VIC_BASE 0x1E6C
+#define AST2400_TIMER_BASE   0x1E782000
+
+static const int uart_irqs[] = { 9, 32, 33, 34, 10 };
+static const int timer_irqs[] = { 16, 17, 18, 35, 36, 37, 38, 39, };
+
+/*
+ * IO handlers: simply catch any reads/writes to IO addresses that aren't
+ * handled by a device mapping.
+ */
+
+static uint64_t ast2400_io_read(void *p, hwaddr offset, unsigned size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " [%u]\n",
+  __func__, offset, size);
+return 0;
+}
+
+static void ast2400_io_write(void *opaque, hwaddr offset, uint64_t value,
+unsigned size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " <- 0x%" PRIx64 " [%u]\n",
+  __func__, offset, value, size);
+}
+
+static const MemoryRegionOps ast2400_io_ops = {
+.read = ast2400_io_read,
+.write = ast2400_io_write,
+.endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void ast2400_init(Object *obj)
+{
+AST2400State *s = AST2400(obj);
+
+s->cpu = cpu_arm_init("arm926");
+
+object_initialize(>vic, sizeof(s->vic), TYPE_ASPEED_VIC);
+object_property_add_child(obj, "vic", OBJECT(>vic), NULL);
+qdev_set_parent_bus(DEVICE(>vic), sysbus_get_default());
+
+object_initialize(>timerctrl, sizeof(s->timerctrl), TYPE_ASPEED_TIMER);
+object_property_add_child(obj, "timerctrl", OBJECT(>timerctrl), NULL);
+qdev_set_parent_bus(DEVICE(>timerctrl), sysbus_get_default());
+}
+
+static void ast2400_realize(DeviceState *dev, Error **errp)
+{
+int i;
+AST2400State *s = AST2400(dev);
+Error *err = NULL;
+
+/* IO space */
+memory_region_init_io(>iomem, NULL, _io_ops, NULL,
+"ast2400.io", AST2400_IOMEM_SIZE);
+memory_region_add_subregion_overlap(get_system_memory(), 
AST2400_IOMEM_BASE,
+>iomem, -1);
+
+/* VIC */
+object_property_set_bool(OBJECT(>vic), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+sysbus_mmio_map(SYS_BUS_DEVICE(>vic), 0, AST2400_VIC_BASE);
+sysbus_connect_irq(SYS_BUS_DEVICE(>vic), 0,
+   qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_IRQ));
+sysbus_connect_irq(SYS_BUS_DEVICE(>vic), 1,
+   qdev_get_gpio_in(DEVICE(s->cpu), ARM_CPU_FIQ));
+
+/* Timer */
+object_property_set_bool(OBJECT(>timerctrl), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+sysbus_mmio_map(SYS_BUS_DEVICE(>timerctrl), 0, AST2400_TIMER_BASE);
+for (i = 0; i < ARRAY_SIZE(timer_irqs); i++) {
+qemu_irq irq = qdev_get_gpio_in(DEVICE(>vic), timer_irqs[i]);
+sysbus_connect_irq(SYS_BUS_DEVICE(>timerctrl), i, irq);
+}
+
+/* UART - attach an 8250 to the IO space as our UART5 */
+if (serial_hds[0]) {
+qemu_irq uart5 = qdev_get_gpio_in(DEVICE(>vic), uart_irqs[4]);
+serial_mm_init(>iomem, AST2400_UART_5_BASE, 2,
+   uart5, 38400, serial_hds[0], DEVICE_LITTLE_ENDIAN);
+}
+}
+
+static void ast2400_class_init(ObjectClass 

[Qemu-devel] [PATCH v4 0/4] Add ASPEED AST2400 SoC and OpenPower BMC machine

[Andrew Jeffery]

This patch series models enough of the ASPEED AST2400 ARM9 SoC[0] to boot an
aspeed_defconfig Linux kernel[1][2]. Specifically, the series implements the
ASPEED timer and VIC devices, integrates them into an AST2400 SoC and exposes
it all through a new opbmc2400 machine. The device model patches only partially
implement the hardware features of the timer and VIC, again mostly just enough
to boot Linux.

Unfortunately the datasheet describing the devices is not generally available,
but I'll try to add comments to any unclear areas.

The addition of the AST2400 to QEMU is motivated by use of the SoC as a BMC in
OpenPOWER[2][3] machines and the ongoing development of OpenBMC[4]. The
presence of a machine model utilising the AST2400 will help with development
and testing of the OpenBMC stack.

Cheers,

Andrew

[0] http://www.aspeedtech.com/products.php?fPath=20=376
[1] https://github.com/openbmc/linux/tree/dev-4.3
[2] git fetch g...@github.com:openbmc/linux.git dev-4.3
[3] http://openpowerfoundation.org/
[4] https://github.com/open-power/
[5] https://github.com/openbmc/openbmc

Changes since v3:

  Address comments from Peter Maydell, splitting the machine model from
  hw/arm/ast2400.c into hw/arm/opbmc2400.c amongst other minor cleanups to the
  timer and VIC.

Changes since v2:

  This re-roll is a reasonable rework of the patches in the series, which may
  make it difficult to compare v1 to v2.

  Addressed reviews/comments from:
  * Peter Maydell
  * Alexey Kardashevskiy
  * Joel Stanley

Changes since v1:

  Addressed reviews/comments from:
  * Cédric Le Goater

Andrew Jeffery (4):
  hw/timer: Add ASPEED timer device model
  hw/intc: Add (new) ASPEED VIC device model
  hw/arm: Add an ASPEED AST2400 SoC
  hw/arm: Add opbmc2400, an AST2400-based OpenPOWER BMC machine

 default-configs/arm-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/ast2400.c| 137 
 hw/arm/opbmc2400.c  |  66 ++
 hw/intc/Makefile.objs   |   1 +
 hw/intc/aspeed_vic.c| 339 ++
 hw/timer/Makefile.objs  |   1 +
 hw/timer/aspeed_timer.c | 451 
 include/hw/arm/ast2400.h|  35 
 include/hw/intc/aspeed_vic.h|  48 +
 include/hw/timer/aspeed_timer.h |  59 ++
 trace-events|  16 ++
 12 files changed, 1155 insertions(+)
 create mode 100644 hw/arm/ast2400.c
 create mode 100644 hw/arm/opbmc2400.c
 create mode 100644 hw/intc/aspeed_vic.c
 create mode 100644 hw/timer/aspeed_timer.c
 create mode 100644 include/hw/arm/ast2400.h
 create mode 100644 include/hw/intc/aspeed_vic.h
 create mode 100644 include/hw/timer/aspeed_timer.h

-- 
2.5.0

Re: [Qemu-devel] [PATCH 1/2] i386: Prepare for interrupt remapping

[Peter Xu]

On Fri, Mar 11, 2016 at 08:27:57AM +0100, Jan Kiszka wrote:
[...]
> >> @@ -282,7 +288,7 @@ static void vtd_generate_interrupt(IntelIOMMUState *s, 
> >> hwaddr mesg_addr_reg,
> >>  data = vtd_get_long_raw(s, mesg_data_reg);
> >>  
> >>  VTD_DPRINTF(FLOG, "msi: addr 0x%"PRIx64 " data 0x%"PRIx32, addr, 
> >> data);
> >> -address_space_stl_le(_space_memory, addr, data,
> >> +address_space_stl_le(get_dma_address_space(), addr, data,
> >>   MEMTXATTRS_UNSPECIFIED, NULL);
> >>  }
> > 
> > Would this work? AFAIU, IOMMU generated fault interrupts does not
> > need any translation at all.
> 
> get_dma_address_space() returns the native one, untranslated. If you
> look at the succeeding patch, we replace the address spaces of those
> devices that are under IOMMU control. And the IOMMU continues to use
> this one.

I did misunderstood. Thanks to point out.

> 
> > 
> > One more question about the design itself: I see that one new AS is
> > created for DMA address space named dma_address_space. Could you
> > help explain why we need this? I am still naive on QEMU memory, what
> > I feel is that, current memory framework can work nicely without
> > this extra address space, using existing address translation
> > mechanisms, like the implementation in the following patch:
> > 
> > https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg04393.html
> > 
> > With the new address space, we will need more loops when doing
> > memory address translation for IR (in address_space_translate()). 
> 
> At the time of designing this (about 1.5 years ago), there were no
> memory region attributes yet. So the per device address spaces also
> helped with identifying MSI request sources. Of course, they also helped
> with modelling which devices get remapped and which not. We need to
> rethink this now, in the light of memory region attributes.

Yes. IMHO we should be able to get source information (in this case,
BDF) even without both MR attributes and above changes? E.g., still
in the patch:

https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg04393.html

Currently in vtd_mem_ir_write(), "void *opaque" is not used yet. If
we pass "VTDAddressSpace" instead of "IntelIOMMUState" when creating
the memory region, then we will be able to get BDF in
vtd_mem_ir_write(), like:

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 34aa1fa..34946c8 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -2057,7 +2057,7 @@ VTDAddressSpace *vtd_find_add_as(IntelIOMMUState *s, 
PCIBus *bus, int devfn)
 memory_region_init_iommu(_dev_as->iommu, OBJECT(s),
  >iommu_ops, "intel_iommu", UINT64_MAX);
 memory_region_init_io(_dev_as->iommu_ir, OBJECT(s),
-  _mem_ir_ops, s, "intel_iommu_ir",
+  _mem_ir_ops, vtd_dev_as, "intel_iommu_ir",
   VTD_INTERRUPT_ADDR_SIZE);
 memory_region_add_subregion(_dev_as->iommu, 
VTD_INTERRUPT_ADDR_FIRST,
 _dev_as->iommu_ir);

Then, we can do further source validation checks as usual in
vtd_mem_ir_write().

This is not considering IOAPIC, etc.. Sure we may need more changes
(e.g., creating IOMMU address spaces for IOAPIC devices as well,
just like in current patch) to fully enable source validation of
IR.

Anyway, we should be able to avoid the extra "int_remap_as" and more
loops of translations between different address spaces, right?
Please correct me if I am wrong.

[...]

> >>  static void kvm_apic_reset(APICCommonState *s)
> >> @@ -182,8 +186,10 @@ static void kvm_apic_realize(DeviceState *dev, Error 
> >> **errp)
> >>  {
> >>  APICCommonState *s = APIC_COMMON(dev);
> >>  
> >> -memory_region_init_io(>io_memory, NULL, _apic_io_ops, s, 
> >> "kvm-apic-msi",
> >> -  APIC_SPACE_SIZE);
> >> +memory_region_init(>io_memory, NULL, "kvm-apic", APIC_SPACE_SIZE);
> >> +
> >> +memory_region_init_io(>msi_region, NULL, _msi_region_ops, NULL,
> >> +  "kvm-msi", MSI_REGION_SIZE);
> > 
> > I do not quite understand why we need to have two MRs. Could you
> > help explain too?
> 
> MSI requests from the devices have nothing to do with APIC access from
> the CPUs - two different sources, two different target (a CPU can't
> trigger MSIs, and devices can't access the APICs). This is currently
> mangled due to past limitations of QEMU, and that should be cleaned up
> eventually. E.g. by introducing a DMA address spaces.

Seems make sense. I just started to curious about what would happen
if we write to MSI from CPU... If we can do that, it would be cool
too, when we want to inject some manual interrupts. Never know the
truth.

Thanks.
Peter

Re: [Qemu-devel] [PATCH v4 04/26] crypto: add support for anti-forensic split algorithm

[Fam Zheng]

On Fri, 03/11 16:55, Daniel P. Berrange wrote:
> On Mon, Mar 07, 2016 at 01:51:40PM +0800, Fam Zheng wrote:
> > On Mon, 02/29 12:00, Daniel P. Berrange wrote:
> > > The LUKS format specifies an anti-forensic split algorithm which
> > > is used to artificially expand the size of the key material on
> > > disk. This is an implementation of that algorithm.
> > > 
> > > Signed-off-by: Daniel P. Berrange 
> > > ---
> > >  crypto/Makefile.objs|   1 +
> > >  crypto/afsplit.c| 158 
> > >  include/crypto/afsplit.h| 135 +++
> > >  tests/.gitignore|   1 +
> > >  tests/Makefile  |   2 +
> > >  tests/test-crypto-afsplit.c | 190 
> > > 
> > >  6 files changed, 487 insertions(+)
> > >  create mode 100644 crypto/afsplit.c
> > >  create mode 100644 include/crypto/afsplit.h
> > >  create mode 100644 tests/test-crypto-afsplit.c
> > > 
> 
> > > +static int qcrypto_afsplit_hash(QCryptoHashAlgorithm hash,
> > > +size_t blocklen,
> > > +uint8_t *block,
> > > +Error **errp)
> > > +{
> > > +size_t digestlen = qcrypto_hash_digest_len(hash);
> > > +
> > > +size_t hashcount = blocklen / digestlen;
> > 
> > Do you want to use DIV_ROUND_UP? Because if blocklen < digestlen, hashcount 
> > is
> > 0, and your for loop below will be skipped.
> 
> It is not needed actually - look a couple of lines
> further where we do  'if (finallen) { hashcount ++ }'.
> This achieves the same end result.

Yes you're right.

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] Reg: GSoc 2016

[Fam Zheng]

On Thu, 03/10 15:41, seshu wrote:
> Hello sir
> My Name is seshagiri rao,
> I'm currently a second year undergraduate student of computer
> science and engineering  at Indian Institute of Technology Madras.
> 
> Of all the organizations I found qemu to be the one I'm really
> interested in. I have been using the qemu for more than a year and i
> am really fascinated by it. I have a good knowledge of Operating
> systems and really good in assembly language programming. I feel
> this is is a opportunity for me to work on my favorite  area
> Virtualization.
> 
> Looking forward to contribute to your Organization

Hello Seshagiri Rao,

It's great that you are interested in QEMU. I hope you are already familiar
with the general GSoC project, and you can find out more about the application
process in

http://qemu-project.org/Google_Summer_of_Code_2016#Application_Process

So, what project are you interested in QEMU?  We have prepared a project idea
list in

http://qemu-project.org/Google_Summer_of_Code_2016

for students, but you are also free to come up with your own ideas, in which
case we would need to find you a mentor.

As a reminder, please make sure you're eligible for GSoC and that you will
have time to focus on GSoC full time during the May-August time frame.

Looking forward to hearing from you again.

Thanks,

Fam

Re: [Qemu-devel] Tracking the VM making an IO request

[Fam Zheng]

On Sat, 03/12 16:17, Aarian P. Aleahmad wrote:
> Thanks for helping me. what should I do in case of using KVM?

The said method works exactly the same with or without -enable-kvm.

Fam

> 
> On Wed, Feb 10, 2016 at 4:10 PM, Paolo Bonzini  wrote:
> 
> >
> >
> > On 10/02/2016 11:23, Stefan Hajnoczi wrote:
> > > On Wed, Feb 10, 2016 at 12:35:54PM +0330, Aarian P. Aleahmad
> > > wrote:
> > >> I'm a student, engaged in a project in which QEMU is a candidate
> > >> to be used to make some studies about IO usage etc. I need to
> > >> track the IO requests made to the block devices (e.g. HDD, SSD,
> > >> etc.). I check the source code but I was confused. What I want to
> > >> know is that when an IO request is made, find out that which on
> > >> of the VMs has made that request. I'll thank you if you help me
> > >> on this issue.
> > >
> > > There are trace events that you can use.  See docs/tracing.txt and
> > > trace-events.
> > >
> > > virtio_blk_handle_write and virtio_blk_handle_read can be used if
> > > your guest has virtio-blk.
> > >
> > > The QEMU block layer also has trace events named bdrv_aio_*.
> > >
> > > Or you could use blktrace(8) in the guest or on the host, depending
> > > on how you've set up storage.
> >
> > It's the third time I've gotten the question recently which makes me
> > believe the others were friends with Aarian...
> >
> > Each QEMU process represents a single VM.  Therefore, it is simple to
> > answer the question "which VM is making the request"; the answer is
> > "the one for the QEMU process you are tracing".
> >
> > You probably want to use blktrace if you care about multiple VMs.
> > Alternatively, you can use tracing as mentioned by Stefan.  If you
> > compile QEMU with --enable-trace-backend=simple, the resulting files
> > can be parsed with Python programs (see scripts/simpletrace.py).  The
> > trace files include the pid and a timestamp based on CLOCK_MONOTONIC,
> > so it should be easy to merge the traces together.
> >
> > Paolo
> >

Re: [Qemu-devel] [PATCH] hw/9pfs: Add CephFS support in VirtFS

[Jevon Qiao]

Hi Greg,

Thank you very much for reviewing the code, I've revised the code per 
your comments, will post it later. Meanwhile, please see my answers to 
your questions below.



+}
+fs->dir = (DIR *)result;
+if (!fs->dir) {
+fprintf(stderr, "ceph_opendir return NULL for ceph_dir_result\n");

Hmm... is this a message for the QEMU user, so that she can fix something and
retry ? I suspect it is more for debugging purposes, in which case I'd rather
add a result argument to trace_cephfs_opendir_return() above.

Actually, this message is mainly used for debugging.

And BTW, can ceph_opendir() return success without filling the structure ?

I double checked the Ceph code, it can not. I've removed this error message.

+
+# hw/9pfs/9p-cephfs.c
+cephfs_lstat_return(char *path, int stmode, int stuid, int stgid, int stsize, int ret) 
"path %s stmode %d stuid %d stgid %d stsize %d ret %d"
+cephfs_readlink_return(char *path, int ret) "path %s ret %d"
+cephfs_open_return(char *path, int flags, int mode, int fd) "path %s flags %d mode 
%d fd %d"
+cephfs_opendir_return(char *path, int ret) "path %s ret %d"
+cephfs_rewinddir(void *dir) "dir %p"
+cephfs_telldir(void *dir) "dir %p"
+cephfs_readdir_r_return(void *tmpent, void *entry, int ret) "tmpent %p entry %p ret 
%d"
+cephfs_seekdir(void *dir, int off) "dir %p off %d"
+cephfs_preadv(int iovcnt, int len) "iovcnt %d len %d"
+cephfs_preadv_return(int iovcnt, int len, long ret) "iovcnt %d len %d ret %l"

ret %ld


+cephfs_pwritev(int iovcnt, int len, int offset) "iovcnt %d len %d offset %d"
+cephfs_pwritev_return(int iovcnt, int len, int offset, long ret) "iovcnt %d len %d offset %d 
ret %l"cephfs_chmod(char *path, int fcmode) "path %s fcmode %d"

ret %ld for cephfs_pwritev_return() and missing newline before cephfs_chmod()

I'm wondering if this patch was build tested before being posted to the list.
Good catch. Yes, the code had been compiled and tested. However, it 
seems the compiler will not report this error until the trace point is 
used. Since 'cephfs_chmod' is not used in 9p-cephfs.c, so I just forget 
to test it. That's why the error was not found. I've already removed 
this trace point in the revision.


Thanks,
Jevon

+cephfs_chmod_return(char *path, int fcmode, int ret) "path %s fcmode %d ret %d"
+cephfs_mknod_return(char *path, int fcmode, uint32_t fcrdev, int ret) "path %s 
fcmode %d fcrdev %u ret %d"
+cephfs_mkdir_return(char *path, int fcmode, int ret) " path %s fcmode %d ret 
%d"
+cephfs_fstat_return(int fidtype, int fd, int stuid, int stgid, int stsize, int ret) 
"fidtype %d fd %d stuid %d stgid %d stsize %d ret %d"
+cephfs_open2_return(char *path, int flags, int fcmode) "path %s flags %d fcmode 
%d"

Re: [Qemu-devel] [PATCH] quorum: Fix crash in quorum_aio_cb()

[Changlong Xie]

On 03/11/2016 04:25 PM, Alberto Garcia wrote:

On Fri 11 Mar 2016 02:31:31 AM CET, Wen Congyang wrote:

On 03/10/2016 08:13 PM, Alberto Garcia wrote:

quorum_aio_cb() emits the QUORUM_REPORT_BAD event if there's
an I/O error in a Quorum child. However sacb->aiocb must be
correctly initialized for this to happen. read_quorum_children() and
read_fifo_child() are not doing this, which results in a QEMU crash.


If we use FIFO mode, we don't call quorum_report_bad() in
quorum_aio_cb().  But it is OK to iniialize sacb->aiocb for it.




Hi betro


You're right. I still think it's a good idea to leave it initialized in
case we change that in the future.


Yes.



And now that we're at it, shouldn't we call quorum_report_bad() in FIFO
mode as well? Or is there any reason not to do it?


IMO, no reason not to do it.

Thanks
-Xie



Berto

Re: [Qemu-devel] [PULL 16/53] virtio-pci: call pci reset variant when guest requests reset.

[Laszlo Ersek]

On 03/14/16 02:36, Laszlo Ersek wrote:
> On 03/11/16 16:08, Michael S. Tsirkin wrote:
>> From: Gerd Hoffmann 
>>
>> Actually fixes linux not finding virtio 1.0 device virtqueues after
>> reboot.  Which is new I think, any chance linux kernel virtio code
>> became more strict in 4.3?
>>
>> Signed-off-by: Gerd Hoffmann 
>> Reviewed-by: Michael S. Tsirkin 
>> Signed-off-by: Michael S. Tsirkin 
>> Reviewed-by: Fam Zheng 
>> Tested-by: Fam Zheng 
>> ---
>>  hw/virtio/virtio-pci.c | 11 ---
>>  1 file changed, 4 insertions(+), 7 deletions(-)
>>
>> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
>> index 440776c..0dadb66 100644
>> --- a/hw/virtio/virtio-pci.c
>> +++ b/hw/virtio/virtio-pci.c
>> @@ -47,6 +47,7 @@
>>  
>>  static void virtio_pci_bus_new(VirtioBusState *bus, size_t bus_size,
>> VirtIOPCIProxy *dev);
>> +static void virtio_pci_reset(DeviceState *qdev);
>>  
>>  /* virtio device */
>>  /* DeviceState to VirtIOPCIProxy. For use off data-path. TODO: use QOM. */
>> @@ -404,9 +405,7 @@ static void virtio_ioport_write(void *opaque, uint32_t 
>> addr, uint32_t val)
>>  case VIRTIO_PCI_QUEUE_PFN:
>>  pa = (hwaddr)val << VIRTIO_PCI_QUEUE_ADDR_SHIFT;
>>  if (pa == 0) {
>> -virtio_pci_stop_ioeventfd(proxy);
>> -virtio_reset(vdev);
>> -msix_unuse_all_vectors(>pci_dev);
>> +virtio_pci_reset(DEVICE(proxy));
>>  }
>>  else
>>  virtio_queue_set_addr(vdev, vdev->queue_sel, pa);
>> @@ -432,8 +431,7 @@ static void virtio_ioport_write(void *opaque, uint32_t 
>> addr, uint32_t val)
>>  }
>>  
>>  if (vdev->status == 0) {
>> -virtio_reset(vdev);
>> -msix_unuse_all_vectors(>pci_dev);
>> +virtio_pci_reset(DEVICE(proxy));
>>  }
>>  
>>  /* Linux before 2.6.34 drives the device without enabling
>> @@ -1353,8 +1351,7 @@ static void virtio_pci_common_write(void *opaque, 
>> hwaddr addr,
>>  }
>>  
>>  if (vdev->status == 0) {
>> -virtio_reset(vdev);
>> -msix_unuse_all_vectors(>pci_dev);
>> +virtio_pci_reset(DEVICE(proxy));
>>  }
>>  
>>  break;
>>
> 
> I spent about two days hunting this, and was just about to send a patch.
> Nice to see you've already gotten to it. :)
> 
> The specific problem was that the queue_enable field was not cleared
> (for all possible queues of the device) on device reset, only on system
> reset.

... If you wonder, it is not only needed for after reboot, but also for
when OVMF hands off the devices to the kernel (but resets them first in
the appropriate ExitBootServices() callbacks). It took me so long
because when you work on new guest driver code and things break, you
don't immediately suspect the host! :) Oh the hours I spent
instrumenting the guest kernel. Sigh. :)

Thanks
Laszlo

Re: [Qemu-devel] [Patch 1/1] net/net: Allocating Large sized arrays to heap

[Li Zhijian]

could you explain why we need this change ?


On 03/12/2016 04:39 PM, Pooja Dhannawat wrote:

Signed-off-by: Pooja Dhannawat 
---
  net/net.c | 8 ++--
  1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/net.c b/net/net.c
index b0c832e..5399758 100644
--- a/net/net.c
+++ b/net/net.c
@@ -709,16 +709,18 @@ ssize_t qemu_send_packet_raw(NetClientState *nc, const 
uint8_t *buf, int size)
  static ssize_t nc_sendv_compat(NetClientState *nc, const struct iovec *iov,
 int iovcnt, unsigned flags)
  {
-uint8_t buf[NET_BUFSIZE];
+uint8_t *buf;
  uint8_t *buffer;
  size_t offset;

+buf = g_new(uint8_t, 1);
+
  if (iovcnt == 1) {
  buffer = iov[0].iov_base;
  offset = iov[0].iov_len;
  } else {
  buffer = buf;
-offset = iov_to_buf(iov, iovcnt, 0, buf, sizeof(buf));
+offset = iov_to_buf(iov, iovcnt, 0, (uint8_t *)buf, sizeof(uint8_t));
  }

  if (flags & QEMU_NET_PACKET_FLAG_RAW && nc->info->receive_raw) {
@@ -726,6 +728,8 @@ static ssize_t nc_sendv_compat(NetClientState *nc, const 
struct iovec *iov,
  } else {

forget to release 'buf'


  return nc->info->receive(nc, buffer, offset);
  }
+
+g_free(buf);
  }

  ssize_t qemu_deliver_packet_iov(NetClientState *sender,



--
Best regards.
Li Zhijian

Re: [Qemu-devel] about correctness of IDE emulation

[Fam Zheng]

On Sun, 03/13 14:37, Huaicheng Li (coperd) wrote:
> Hi all, 
> 
> What I’m confused about is that:
> 
> If one I/O is too large and may need several rounds (say 2) of DMA transfers,
> it seems the second round transfer begins only after the completion of the
> first part, by reading data from **IDEState**. But the IDEState info may have
> been changed by VCPU threads (by writing new I/Os to it) when the first
> transfer finishes. From the code, I see that IDE r/w call back function will
> continue the second transfer by referencing IDEState’s information. Wouldn’t
> this be problematic? Am I missing anything here?

Can you give an concrete example? I/O in VCPU threads that changes IDEState
must also take care of the DMA transfers, for example ide_reset() has
blk_aio_cancel and clears s->nsectors. If an I/O handler fails to do so, it is
a bug.

Fam

[Qemu-devel] [PATCH] hw/i386/acpi-build: place qword descriptors in bridge _CRS's when needed

[Laszlo Ersek]

In build_crs(), the calculation & merging of the ranges already happens in
64-bit, but the entry boundaries are silently truncated to 32-bit in the
call to aml_dword_memory(). Use aml_qword_memory() when necessary -- this
fixes 64-bit BARs behind PXBs.

Cc: Marcel Apfelbaum 
Cc: Michael S. Tsirkin 
Signed-off-by: Laszlo Ersek 
---
 hw/i386/acpi-build.c | 24 ++--
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index b88800883944..3157cc36db98 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -938,13 +938,25 @@ static Aml *build_crs(PCIHostState *host,
 
 crs_range_merge(host_mem_ranges);
 for (i = 0; i < host_mem_ranges->len; i++) {
+Aml *mem;
+uint64_t length;
+
 entry = g_ptr_array_index(host_mem_ranges, i);
-aml_append(crs,
-   aml_dword_memory(AML_POS_DECODE, AML_MIN_FIXED,
-AML_MAX_FIXED, AML_NON_CACHEABLE,
-AML_READ_WRITE,
-0, entry->base, entry->limit, 0,
-entry->limit - entry->base + 1));
+length = entry->limit - entry->base + 1;
+if (entry->limit <= UINT32_MAX && length <= UINT32_MAX) {
+  mem = aml_dword_memory(AML_POS_DECODE, AML_MIN_FIXED,
+ AML_MAX_FIXED, AML_NON_CACHEABLE,
+ AML_READ_WRITE,
+ 0, entry->base, entry->limit, 0,
+ length);
+} else {
+  mem = aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED,
+ AML_MAX_FIXED, AML_NON_CACHEABLE,
+ AML_READ_WRITE,
+ 0, entry->base, entry->limit, 0,
+ length);
+}
+aml_append(crs, mem);
 crs_range_insert(mem_ranges, entry->base, entry->limit);
 }
 g_ptr_array_free(host_mem_ranges, true);
-- 
1.8.3.1

Re: [Qemu-devel] [PULL 16/53] virtio-pci: call pci reset variant when guest requests reset.

[Laszlo Ersek]

On 03/11/16 16:08, Michael S. Tsirkin wrote:
> From: Gerd Hoffmann 
> 
> Actually fixes linux not finding virtio 1.0 device virtqueues after
> reboot.  Which is new I think, any chance linux kernel virtio code
> became more strict in 4.3?
> 
> Signed-off-by: Gerd Hoffmann 
> Reviewed-by: Michael S. Tsirkin 
> Signed-off-by: Michael S. Tsirkin 
> Reviewed-by: Fam Zheng 
> Tested-by: Fam Zheng 
> ---
>  hw/virtio/virtio-pci.c | 11 ---
>  1 file changed, 4 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index 440776c..0dadb66 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -47,6 +47,7 @@
>  
>  static void virtio_pci_bus_new(VirtioBusState *bus, size_t bus_size,
> VirtIOPCIProxy *dev);
> +static void virtio_pci_reset(DeviceState *qdev);
>  
>  /* virtio device */
>  /* DeviceState to VirtIOPCIProxy. For use off data-path. TODO: use QOM. */
> @@ -404,9 +405,7 @@ static void virtio_ioport_write(void *opaque, uint32_t 
> addr, uint32_t val)
>  case VIRTIO_PCI_QUEUE_PFN:
>  pa = (hwaddr)val << VIRTIO_PCI_QUEUE_ADDR_SHIFT;
>  if (pa == 0) {
> -virtio_pci_stop_ioeventfd(proxy);
> -virtio_reset(vdev);
> -msix_unuse_all_vectors(>pci_dev);
> +virtio_pci_reset(DEVICE(proxy));
>  }
>  else
>  virtio_queue_set_addr(vdev, vdev->queue_sel, pa);
> @@ -432,8 +431,7 @@ static void virtio_ioport_write(void *opaque, uint32_t 
> addr, uint32_t val)
>  }
>  
>  if (vdev->status == 0) {
> -virtio_reset(vdev);
> -msix_unuse_all_vectors(>pci_dev);
> +virtio_pci_reset(DEVICE(proxy));
>  }
>  
>  /* Linux before 2.6.34 drives the device without enabling
> @@ -1353,8 +1351,7 @@ static void virtio_pci_common_write(void *opaque, 
> hwaddr addr,
>  }
>  
>  if (vdev->status == 0) {
> -virtio_reset(vdev);
> -msix_unuse_all_vectors(>pci_dev);
> +virtio_pci_reset(DEVICE(proxy));
>  }
>  
>  break;
> 

I spent about two days hunting this, and was just about to send a patch.
Nice to see you've already gotten to it. :)

The specific problem was that the queue_enable field was not cleared
(for all possible queues of the device) on device reset, only on system
reset.

Thanks
Laszlo

Re: [Qemu-devel] [PATCH v12 2/3] quorum: implement bdrv_add_child() and bdrv_del_child()

[Changlong Xie]

On 03/11/2016 08:21 PM, Alberto Garcia wrote:

On Thu 10 Mar 2016 03:49:40 AM CET, Changlong Xie wrote:

@@ -81,6 +82,8 @@ typedef struct BDRVQuorumState {
  bool rewrite_corrupted;/* true if the driver must rewrite-on-read 
corrupted
  * block if Quorum is reached.
  */
+unsigned long *index_bitmap;
+int bsize;

   [...]

+static int get_new_child_index(BDRVQuorumState *s)

   [...]

+static void remove_child_index(BDRVQuorumState *s, int index)

   [...]

Sorry if I missed a previous discussion, but why is this necessary?


Hi Betro

Currently we implement this for COLO, we need the capability to hotplug 
NBD child in COLO mode.


More detail please reference 
http://wiki.qemu.org/Features/BlockReplication.


Thanks
-Xie



Berto


.

Re: [Qemu-devel] [Patch 1/1] net/socket: Allocating Large sized arrays to heap

[Li Zhijian]

Don't get why we need this changes, could you explain more for it?
and it seem it's not exactly correct, see below.

On 03/12/2016 11:28 AM, Pooja Dhannawat wrote:

Signed-off-by: Pooja Dhannawat 
---
  net/socket.c | 6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/socket.c b/net/socket.c
index e32e3cb..483dcac 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -147,10 +147,10 @@ static void net_socket_send(void *opaque)
  NetSocketState *s = opaque;
  int size, err;
  unsigned l;
-uint8_t buf1[NET_BUFSIZE];
+uint8_t *buf1 = g_new(uint8_t, 1);
  const uint8_t *buf;

-size = qemu_recv(s->fd, buf1, sizeof(buf1), 0);
+size = qemu_recv(s->fd, (uint8_t *)buf1, sizeof(uint8_t), 0);

one byte for each reading, it looks expensive



  if (size < 0) {
  err = socket_error();
  if (err != EWOULDBLOCK)
@@ -170,7 +170,6 @@ static void net_socket_send(void *opaque)
  s->index = 0;
  s->packet_len = 0;
  s->nc.link_down = true;
-memset(s->buf, 0, sizeof(s->buf));
  memset(s->nc.info_str, 0, sizeof(s->nc.info_str));


forget to release buf1.

Thanks
Li ZHijian


  return;
@@ -222,6 +221,7 @@ static void net_socket_send(void *opaque)
  break;
  }
  }
+g_free(buf1);
  }

  static void net_socket_send_dgram(void *opaque)

[Qemu-devel] [V7 1/4] hw/i386: Introduce AMD IOMMU

[David Kiarie]

Add AMD IOMMU emulaton to Qemu in addition to Intel IOMMU
The IOMMU does basic translation, error checking and has a
mininal IOTLB implementation

Signed-off-by: David Kiarie 
---
 hw/i386/Makefile.objs |1 +
 hw/i386/amd_iommu.c   | 1431 +
 hw/i386/amd_iommu.h   |  398 ++
 include/hw/pci/pci.h  |2 +
 4 files changed, 1832 insertions(+)
 create mode 100644 hw/i386/amd_iommu.c
 create mode 100644 hw/i386/amd_iommu.h

diff --git a/hw/i386/Makefile.objs b/hw/i386/Makefile.objs
index b52d5b8..2f1a265 100644
--- a/hw/i386/Makefile.objs
+++ b/hw/i386/Makefile.objs
@@ -3,6 +3,7 @@ obj-y += multiboot.o
 obj-y += pc.o pc_piix.o pc_q35.o
 obj-y += pc_sysfw.o
 obj-y += intel_iommu.o
+obj-y += amd_iommu.o
 obj-$(CONFIG_XEN) += ../xenpv/ xen/
 
 obj-y += kvmvapic.o
diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
new file mode 100644
index 000..ff967b3
--- /dev/null
+++ b/hw/i386/amd_iommu.c
@@ -0,0 +1,1431 @@
+/*
+ * QEMU emulation of AMD IOMMU (AMD-Vi)
+ *
+ * Copyright (C) 2011 Eduard - Gabriel Munteanu
+ * Copyright (C) 2015 David Kiarie, 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ *
+ * Cache implementation inspired by hw/i386/intel_iommu.c
+ *
+ */
+#include "qemu/osdep.h"
+#include "hw/i386/amd_iommu.h"
+
+/*#define DEBUG_AMD_IOMMU*/
+#ifdef DEBUG_AMD_IOMMU
+enum {
+DEBUG_GENERAL, DEBUG_CAPAB, DEBUG_MMIO, DEBUG_ELOG,
+DEBUG_CACHE, DEBUG_COMMAND, DEBUG_MMU, DEBUG_CUSTOM
+};
+
+#define IOMMU_DBGBIT(x)   (1 << DEBUG_##x)
+static int iommu_dbgflags = IOMMU_DBGBIT(CUSTOM);
+
+#define IOMMU_DPRINTF(what, fmt, ...) do { \
+if (iommu_dbgflags & IOMMU_DBGBIT(what)) { \
+fprintf(stderr, "(amd-iommu)%s: " fmt "\n", __func__, \
+## __VA_ARGS__); } \
+} while (0)
+#else
+#define IOMMU_DPRINTF(what, fmt, ...) do {} while (0)
+#endif
+
+#define ENCODE_EVENT(devid, info, addr, rshift) do { \
+*(uint16_t *)[0] = devid; \
+*(uint8_t *)[3]  = info;  \
+*(uint64_t *)[4] = rshift ? cpu_to_le64(addr):\
+   cpu_to_le64(addr) >> rshift; \
+} while (0)
+
+typedef struct AMDIOMMUAddressSpace {
+uint8_t bus_num;/* bus number   */
+uint8_t devfn;  /* device function  */
+AMDIOMMUState *iommu_state; /* IOMMU - one per machine  */
+MemoryRegion iommu; /* Device's iommu region*/
+AddressSpace as;/* device's corresponding address space */
+} AMDIOMMUAddressSpace;
+
+/* IOMMU cache entry */
+typedef struct IOMMUIOTLBEntry {
+uint64_t gfn;
+uint16_t domid;
+uint64_t devid;
+uint64_t perms;
+uint64_t translated_addr;
+} IOMMUIOTLBEntry;
+
+/* configure MMIO registers at startup/reset */
+static void amd_iommu_set_quad(AMDIOMMUState *s, hwaddr addr, uint64_t val,
+   uint64_t romask, uint64_t w1cmask)
+{
+stq_le_p(>mmior[addr], val);
+stq_le_p(>romask[addr], romask);
+stq_le_p(>w1cmask[addr], w1cmask);
+}
+
+static uint16_t amd_iommu_readw(AMDIOMMUState *s, hwaddr addr)
+{
+return lduw_le_p(>mmior[addr]);
+}
+
+static uint32_t amd_iommu_readl(AMDIOMMUState *s, hwaddr addr)
+{
+return ldl_le_p(>mmior[addr]);
+}
+
+static uint64_t amd_iommu_readq(AMDIOMMUState *s, hwaddr addr)
+{
+return ldq_le_p(>mmior[addr]);
+}
+
+/* internal write */
+static void amd_iommu_writeq_raw(AMDIOMMUState *s, uint64_t val, hwaddr addr)
+{
+stq_le_p(>mmior[addr], val);
+}
+
+/* external write */
+static void amd_iommu_writew(AMDIOMMUState *s, hwaddr addr, uint16_t val)
+{
+uint16_t romask = lduw_le_p(>romask[addr]);
+uint16_t w1cmask = lduw_le_p(>w1cmask[addr]);
+uint16_t oldval = lduw_le_p(>mmior[addr]);
+stw_le_p(>mmior[addr], (val & ~(val & w1cmask)) | (romask & oldval));
+}
+
+static void amd_iommu_writel(AMDIOMMUState *s, hwaddr addr, uint32_t val)
+{
+uint32_t romask = ldl_le_p(>romask[addr]);
+uint32_t w1cmask = ldl_le_p(>w1cmask[addr]);
+uint32_t oldval = ldl_le_p(>mmior[addr]);
+stl_le_p(>mmior[addr], (val & ~(val & w1cmask)) | (romask & oldval));
+}
+
+static void amd_iommu_writeq(AMDIOMMUState *s, hwaddr addr, uint64_t val)
+{
+uint64_t romask = ldq_le_p(>romask[addr]);
+uint64_t w1cmask = 

[Qemu-devel] [V7 4/4] hw/pci-host: Emulate AMD IOMMU

[David Kiarie]

Add AMD IOMMU emulation support to q35 chipset

Signed-off-by: David Kiarie 
---
 hw/pci-host/q35.c | 21 +++--
 include/hw/i386/intel_iommu.h |  1 +
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
index 115fb8c..5f6298e 100644
--- a/hw/pci-host/q35.c
+++ b/hw/pci-host/q35.c
@@ -31,6 +31,7 @@
 #include "hw/hw.h"
 #include "hw/pci-host/q35.h"
 #include "qapi/visitor.h"
+#include "hw/i386/amd_iommu.h"
 
 /
  * Q35 host
@@ -447,6 +448,19 @@ static void mch_init_dmar(MCHPCIState *mch)
 pci_setup_iommu(pci_bus, q35_host_dma_iommu, mch->iommu);
 }
 
+static void mch_init_amdvi(MCHPCIState *mch)
+{
+AMDIOMMUState *iommu_state;
+PCIBus *bus = PCI_BUS(qdev_get_parent_bus(DEVICE(mch)));
+PCIDevice *iommu;
+
+iommu = pci_create_simple(bus, 0x20, TYPE_AMD_IOMMU_DEVICE);
+
+iommu_state = AMD_IOMMU_DEVICE(iommu);
+
+pci_setup_iommu(bus, bridge_host_amd_iommu, iommu_state);
+}
+
 static void mch_realize(PCIDevice *d, Error **errp)
 {
 int i;
@@ -505,8 +519,11 @@ static void mch_realize(PCIDevice *d, Error **errp)
  mch->pci_address_space, >pam_regions[i+1],
  PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE);
 }
-/* Intel IOMMU (VT-d) */
-if (object_property_get_bool(qdev_get_machine(), "iommu", NULL)) {
+
+if (object_property_get_bool(qdev_get_machine(), "iommu", NULL) &&
+object_property_get_bool(qdev_get_machine(), "amd-iommu", NULL)) {
+mch_init_amdvi(mch);
+} else if (object_property_get_bool(qdev_get_machine(), "iommu", NULL)) {
 mch_init_dmar(mch);
 }
 }
diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
index 7e511e1..5a520f3 100644
--- a/include/hw/i386/intel_iommu.h
+++ b/include/hw/i386/intel_iommu.h
@@ -28,6 +28,7 @@
 #define TYPE_INTEL_IOMMU_DEVICE "intel-iommu"
 #define INTEL_IOMMU_DEVICE(obj) \
  OBJECT_CHECK(IntelIOMMUState, (obj), TYPE_INTEL_IOMMU_DEVICE)
+#define INTEL_IOMMU_STR "intel"
 
 /* DMAR Hardware Unit Definition address (IOMMU unit) */
 #define Q35_HOST_BRIDGE_IOMMU_ADDR  0xfed9ULL
-- 
2.1.4

[Qemu-devel] [V7 2/4] hw/i386: ACPI table for AMD IOMMU

[David Kiarie]

Add IVRS table for AMD IOMMU. Generate IVRS or DMAR
depending on emulated IOMMU

Signed-off-by: David Kiarie 
---
 hw/i386/acpi-build.c  | 98 ++-
 include/hw/acpi/acpi-defs.h   | 55 
 include/hw/i386/intel_iommu.h |  1 +
 3 files changed, 143 insertions(+), 11 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index b888008..f6ab533 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -51,6 +51,7 @@
 #include "hw/pci/pci_bus.h"
 #include "hw/pci-host/q35.h"
 #include "hw/i386/intel_iommu.h"
+#include "hw/i386/amd_iommu.h"
 #include "hw/timer/hpet.h"
 
 #include "hw/acpi/aml-build.h"
@@ -121,6 +122,12 @@ typedef struct AcpiBuildPciBusHotplugState {
 bool pcihp_bridge_en;
 } AcpiBuildPciBusHotplugState;
 
+typedef enum iommu_type {
+TYPE_AMD,
+TYPE_INTEL,
+TYPE_NONE
+} iommu_type;
+
 static
 int acpi_add_cpu_info(Object *o, void *opaque)
 {
@@ -2542,6 +2549,78 @@ build_dmar_q35(GArray *table_data, GArray *linker)
  "DMAR", table_data->len - dmar_start, 1, NULL, NULL);
 }
 
+static void
+build_amd_iommu(GArray *table_data, GArray *linker)
+{
+int iommu_start = table_data->len;
+bool iommu_ambig;
+
+AcpiAMDIOMMUIVRS *ivrs;
+AcpiAMDIOMMUHardwareUnit *iommu;
+
+/* IVRS definition */
+ivrs = acpi_data_push(table_data, sizeof(*ivrs));
+ivrs->revision = cpu_to_le16(ACPI_IOMMU_IVRS_TYPE);
+ivrs->length = cpu_to_le16((sizeof(*ivrs) + sizeof(*iommu)));
+ivrs->v_common_info = cpu_to_le64(AMD_IOMMU_HOST_ADDRESS_WIDTH << 8);
+
+AMDIOMMUState *s = (AMDIOMMUState *)object_resolve_path_type("",
+TYPE_AMD_IOMMU_DEVICE, _ambig);
+
+/* IVDB definition - type 10h */
+iommu = acpi_data_push(table_data, sizeof(*iommu));
+if (!iommu_ambig) {
+iommu->type = cpu_to_le16(0x10);
+/* IVHD flags */
+iommu->flags = cpu_to_le16(iommu->flags);
+iommu->flags = cpu_to_le16(IVHD_HT_TUNEN | IVHD_PPRSUP | IVHD_IOTLBSUP
+   | IVHD_PREFSUP);
+iommu->length = cpu_to_le16(sizeof(*iommu));
+iommu->device_id = cpu_to_le16(PCI_DEVICE_ID_RD890_IOMMU);
+iommu->capability_offset = cpu_to_le16(s->capab_offset);
+iommu->mmio_base = cpu_to_le64(s->mmio.addr);
+iommu->pci_segment = 0;
+iommu->interrupt_info = 0;
+/* EFR features */
+iommu->efr_register = cpu_to_le64(IVHD_EFR_GTSUP | IVHD_EFR_HATS
+  | IVHD_EFR_GATS);
+iommu->efr_register = cpu_to_le64(iommu->efr_register);
+/* device entries */
+memset(iommu->dev_entries, 0, 20);
+/* Add device flags here
+ *  This is are 4-byte device entries currently reporting the range of
+ *  devices 00h - h; all devices
+ *
+ *  Device setting affecting all devices should be made here
+ *
+ *  Refer to
+ *  (http://developer.amd.com/wordpress/media/2012/10/488821.pdf)
+ *  5.2.2.1
+ */
+iommu->dev_entries[12] = 3;
+iommu->dev_entries[16] = 4;
+iommu->dev_entries[17] = 0xff;
+iommu->dev_entries[18] = 0xff;
+}
+
+build_header(linker, table_data, (void *)(table_data->data + iommu_start),
+ "IVRS", table_data->len - iommu_start, 1, NULL, NULL);
+}
+
+static iommu_type has_iommu(void)
+{
+bool ambiguous;
+
+if (object_resolve_path_type("", TYPE_AMD_IOMMU_DEVICE, )
+&& !ambiguous)
+return TYPE_AMD;
+else if (object_resolve_path_type("", TYPE_INTEL_IOMMU_DEVICE, )
+&& !ambiguous)
+return TYPE_INTEL;
+else
+return TYPE_NONE;
+}
+
 static GArray *
 build_rsdp(GArray *rsdp_table, GArray *linker, unsigned rsdt)
 {
@@ -2600,16 +2679,6 @@ static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
 return true;
 }
 
-static bool acpi_has_iommu(void)
-{
-bool ambiguous;
-Object *intel_iommu;
-
-intel_iommu = object_resolve_path_type("", TYPE_INTEL_IOMMU_DEVICE,
-   );
-return intel_iommu && !ambiguous;
-}
-
 static bool acpi_has_nvdimm(void)
 {
 PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
@@ -2630,6 +2699,7 @@ void acpi_build(AcpiBuildTables *tables)
 AcpiMcfgInfo mcfg;
 PcPciInfo pci;
 uint8_t *u;
+iommu_type type = has_iommu();
 size_t aml_len = 0;
 GArray *tables_blob = tables->table_data;
 AcpiSlicOem slic_oem = { .id = NULL, .table_id = NULL };
@@ -2696,7 +2766,13 @@ void acpi_build(AcpiBuildTables *tables)
 acpi_add_table(table_offsets, tables_blob);
 build_mcfg_q35(tables_blob, tables->linker, );
 }
-if (acpi_has_iommu()) {
+
+if (type == TYPE_AMD) {
+acpi_add_table(table_offsets, tables_blob);
+build_amd_iommu(tables_blob, tables->linker);
+}
+
+if (type == TYPE_INTEL) {
 

[Qemu-devel] [V7 3/4] hw/core: Add AMD IOMMU to machine properties

[David Kiarie]

Add IOMMU as a string to machine properties which is
used to control whether and the type of IOMMU to emulate

Signed-off-by: David Kiarie 
---
 hw/core/machine.c   | 27 ---
 include/hw/boards.h |  1 +
 qemu-options.hx |  7 +--
 util/qemu-config.c  |  4 ++--
 4 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index a8c4680..ce23b3d 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -14,6 +14,8 @@
 #include "hw/boards.h"
 #include "qapi-visit.h"
 #include "qapi/visitor.h"
+#include "hw/i386/amd_iommu.h"
+#include "hw/i386/intel_iommu.h"
 #include "hw/sysbus.h"
 #include "sysemu/sysemu.h"
 #include "qemu/error-report.h"
@@ -298,6 +300,20 @@ static void machine_set_iommu(Object *obj, bool value, 
Error **errp)
 ms->iommu = value;
 }
 
+static bool machine_get_amd_iommu_override(Object *obj, Error **errp)
+{
+MachineState *ms = MACHINE(obj);
+
+return ms->amd_iommu_type;
+}
+
+static void machine_set_amd_iommu_override(Object *obj, bool value, Error 
**errp)
+{
+MachineState *ms = MACHINE(obj);
+
+ms->amd_iommu_type = value;
+}
+
 static void machine_set_suppress_vmdesc(Object *obj, bool value, Error **errp)
 {
 MachineState *ms = MACHINE(obj);
@@ -471,10 +487,15 @@ static void machine_initfn(Object *obj)
 "Firmware image",
 NULL);
 object_property_add_bool(obj, "iommu",
- machine_get_iommu,
- machine_set_iommu, NULL);
+machine_get_iommu, machine_set_iommu, NULL);
 object_property_set_description(obj, "iommu",
-"Set on/off to enable/disable Intel IOMMU 
(VT-d)",
+"Set on to enable IOMMU emulation",
+NULL);
+object_property_add_bool(obj, "amd-iommu",
+machine_get_amd_iommu_override,
+machine_set_amd_iommu_override, NULL);
+object_property_set_description(obj, "amd-iommu",
+"Set on to override emulated IOMMU to AMD 
IOMMU",
 NULL);
 object_property_add_bool(obj, "suppress-vmdesc",
  machine_get_suppress_vmdesc,
diff --git a/include/hw/boards.h b/include/hw/boards.h
index b5d7eae..5bdd0bb 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -126,6 +126,7 @@ struct MachineState {
 bool igd_gfx_passthru;
 char *firmware;
 bool iommu;
+bool amd_iommu_type;
 bool suppress_vmdesc;
 bool enforce_config_section;
 
diff --git a/qemu-options.hx b/qemu-options.hx
index 0cf7bb9..de3f02e 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -38,7 +38,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
 "kvm_shadow_mem=size of KVM shadow MMU\n"
 "dump-guest-core=on|off include guest memory in a core 
dump (default=on)\n"
 "mem-merge=on|off controls memory merge support (default: 
on)\n"
-"iommu=on|off controls emulated Intel IOMMU (VT-d) support 
(default=off)\n"
+"iommu=on|off controls emulated IOMMU support(default: 
off)\n"
+"amd-iommu=on|off overrides emulated IOMMU to AMD IOMMU 
(default: off)\n"
 "igd-passthru=on|off controls IGD GFX passthrough support 
(default=off)\n"
 "aes-key-wrap=on|off controls support for AES key wrapping 
(default=on)\n"
 "dea-key-wrap=on|off controls support for DEA key wrapping 
(default=on)\n"
@@ -74,7 +75,9 @@ Enables or disables memory merge support. This feature, when 
supported by
 the host, de-duplicates identical memory pages among VMs instances
 (enabled by default).
 @item iommu=on|off
-Enables or disables emulated Intel IOMMU (VT-d) support. The default is off.
+Enables and disables IOMMU emulation. The default is off.
+@item amd-iommu=on|off
+Overrides emulated IOMMU from AMD IOMMU. By default Intel IOMMU is emulated.
 @item aes-key-wrap=on|off
 Enables or disables AES key wrapping support on s390-ccw hosts. This feature
 controls whether AES wrapping keys will be created to allow
diff --git a/util/qemu-config.c b/util/qemu-config.c
index fb97307..f1b5a3b 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -213,8 +213,8 @@ static QemuOptsList machine_opts = {
 .help = "firmware image",
 },{
 .name = "iommu",
-.type = QEMU_OPT_BOOL,
-.help = "Set on/off to enable/disable Intel IOMMU (VT-d)",
+.type =  QEMU_OPT_STRING,
+.help = "Enables IOMMU and sets the emulated type",
 },{
 .name = "suppress-vmdesc",
 .type = QEMU_OPT_BOOL,
-- 
2.1.4

[Qemu-devel] [V7 0/4] AMD IOMMU

[David Kiarie]

Hello there,

This series adds AMD IOMMU emulation support to Qemu.

The only main change since V6 is:
  -Fixed a cache bug that caused the issue reported by Jan

I have assummed that we are running one IOMMU and users don't have the freedom 
to run many IOMMUs. For instance, I've decided to stick with 
'pci_create_simple' since if I change this and manually create the the device 
inorder to set the addr, I'll be repeating exactly what 'pci_create_simple' 
does while there is no immediate benefit. Being able to run multiple IOMMUs is 
a plus but at the moment I experience a few problems with the code while there 
is no immediate benefit.

Other than these patches there's also an planned GSoC project to add features 
to feature-limited AMD IO MMU listed here[1]. It could also look at the the 
possibility of running multiple IOMMUs. GSoC is a program that offers students 
stipends to work on open source projects. You can read more about GSoC here[2]. 
Am a student and am willing to take up this IO MMU related project but I've not 
got a full mentor. Yeah, you're right, there are mentors listed on the 
project's details but they would only want to co-mentor as they may not have 
much time. They were listed there mainly for purposes of listing the project. 
I'd like to know if anyone is willing to mentor this project mainly the people 
involved in the review process or anyone else! 

David Kiarie (4):
  hw/i386: Introduce AMD IOMMU
  hw/i386: ACPI table for AMD IOMMU
  hw/core: Add AMD IOMMU to machine properties
  hw/pci-host: Emulate AMD IOMMU

 hw/core/machine.c |   27 +-
 hw/i386/Makefile.objs |1 +
 hw/i386/acpi-build.c  |   98 ++-
 hw/i386/amd_iommu.c   | 1431 +
 hw/i386/amd_iommu.h   |  398 
 hw/pci-host/q35.c |   21 +-
 include/hw/acpi/acpi-defs.h   |   55 ++
 include/hw/boards.h   |1 +
 include/hw/i386/intel_iommu.h |2 +
 include/hw/pci/pci.h  |2 +
 qemu-options.hx   |7 +-
 util/qemu-config.c|4 +-
 12 files changed, 2027 insertions(+), 20 deletions(-)
 create mode 100644 hw/i386/amd_iommu.c
 create mode 100644 hw/i386/amd_iommu.h

[1]http://qemu-project.org/Google_Summer_of_Code_2016#Qemu_AMD_IO_MMU_emulation
[2]https://summerofcode.withgoogle.com/
-- 
2.1.4

[Qemu-devel] about correctness of IDE emulation

[Huaicheng Li (coperd)]

Hi all, 

I meet some trouble in understanding IDE emulation:

(1) IDE I/O Down Path (In VCPU thread): 
upon KVM_EXIT_IO, corresponding disk ioport write function will write IO info 
to IDEState, then ide read callback function will eventually split it into 
**several DMA transfers** and eventually submit them to the AIO request list 
for handling. 

(2). I/O Up Path (worker thread —>  QEMU main loop thread)
when the request in AIO request list has been successfully handled, the worker 
thread will signal the QEMU main thread this I/O completion event, which is 
later handled by its callback (posix_aio_read). posix_aio_read will then 
eventually return to IDE callback function, where virtual interrupt is 
generated to signal guest about I/O completion.

What I’m confused about is that:

If one I/O is too large and may need several rounds (say 2) of DMA transfers, 
it seems the second round transfer begins only after the completion of the 
first part, by reading data from **IDEState**. But the IDEState info may have 
been changed by VCPU threads (by writing new I/Os to it) when the first 
transfer finishes. From the code, I see that IDE r/w call back function will 
continue the second transfer by referencing IDEState’s information. Wouldn’t 
this be problematic? Am I missing anything here?

Thanks.

Best,
Huaicheng

Re: [Qemu-devel] [PATCH 1/5] address_space: replaced function calls

[Peter Maydell]

On 13 March 2016 at 18:56, Mriyam Tamuli  wrote:
> replaced calls named cpu_physical_memory_* with address_space_*
>
> cpus.c
> cputlb.c
> disas.c
> exec.c
> ---
>  cpus.c   |  2 +-
>  cputlb.c |  8 
>  disas.c  |  2 +-
>  exec.c   | 60 ++--
>  4 files changed, 36 insertions(+), 36 deletions(-)
>
> diff --git a/cpus.c b/cpus.c
> index bc774e2..d73cd7b 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -1662,7 +1662,7 @@ void qmp_pmemsave(int64_t addr, int64_t size, const 
> char *filename,
>  l = sizeof(buf);
>  if (l > size)
>  l = size;
> -cpu_physical_memory_read(addr, buf, l);
> +address_space_read(addr, buf, l);

address_space_read() takes five arguments, not three -- surely
this change won't compile?

> --- a/exec.c
> +++ b/exec.c
> @@ -991,9 +991,9 @@ static void tlb_reset_dirty_range_all(ram_addr_t start, 
> ram_addr_t length)
>  }
>
>  /* Note: start and end must be within the same ram block.  */
> -bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
> -  ram_addr_t length,
> -  unsigned client)
> +bool address_space_test_and_clear_dirty(ram_addr_t start,
> +ram_addr_t length,
> +unsigned client)

This doesn't look right either -- a function address_space_*
should take an AddressSpace* as argument.

The idea of the item on the BiteSizedTasks list is to
convert code (and in particular device model code) which uses
cpu_physical_memory_read() or cpu_physical_memory_write() from
using those functions (which implicitly act on the CPU's
default address space) to instead use functions which specify
their address space explicitly. This might involve changing
the devices to allow board code to pass the device a memory
region that it should use for DMA type accesses. In any case
it is not as simple as a pure search and replace operation.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 2/5] address_space: replaced function calls

[Jan Kiszka]

On 2016-03-13 19:56, Mriyam Tamuli wrote:
> replaced calls named cpu_physical_memory_* with address_space_*

Hmm, did you check if the signatures of both calls are identical? If
not, did you try to build the result of the patch? I'm afraid there is a
bit more work to do.

Jan

> 
> hw/arm/armv7m.c
> hw/arm/boot.c
> hw/arm/musicpal.c
> hw/arm/nseries.c
> ---
>  hw/arm/armv7m.c   | 18 +-
>  hw/arm/boot.c |  8 
>  hw/arm/musicpal.c | 14 +++---
>  hw/arm/nseries.c  |  8 
>  4 files changed, 24 insertions(+), 24 deletions(-)
> 
> diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
> index ed7d97f..5275e3a 100644
> --- a/hw/arm/armv7m.c
> +++ b/hw/arm/armv7m.c
> @@ -31,7 +31,7 @@ static inline uint32_t bitband_addr(void * opaque, uint32_t 
> addr)
>  static uint32_t bitband_readb(void *opaque, hwaddr offset)
>  {
>  uint8_t v;
> -cpu_physical_memory_read(bitband_addr(opaque, offset), , 1);
> +address_space_read(bitband_addr(opaque, offset), , 1);
>  return (v & (1 << ((offset >> 2) & 7))) != 0;
>  }
>  
> @@ -43,12 +43,12 @@ static void bitband_writeb(void *opaque, hwaddr offset,
>  uint8_t v;
>  addr = bitband_addr(opaque, offset);
>  mask = (1 << ((offset >> 2) & 7));
> -cpu_physical_memory_read(addr, , 1);
> +address_space_read(addr, , 1);
>  if (value & 1)
>  v |= mask;
>  else
>  v &= ~mask;
> -cpu_physical_memory_write(addr, , 1);
> +address_space_write(addr, , 1);
>  }
>  
>  static uint32_t bitband_readw(void *opaque, hwaddr offset)
> @@ -59,7 +59,7 @@ static uint32_t bitband_readw(void *opaque, hwaddr offset)
>  addr = bitband_addr(opaque, offset) & ~1;
>  mask = (1 << ((offset >> 2) & 15));
>  mask = tswap16(mask);
> -cpu_physical_memory_read(addr, , 2);
> +address_space_read(addr, , 2);
>  return (v & mask) != 0;
>  }
>  
> @@ -72,12 +72,12 @@ static void bitband_writew(void *opaque, hwaddr offset,
>  addr = bitband_addr(opaque, offset) & ~1;
>  mask = (1 << ((offset >> 2) & 15));
>  mask = tswap16(mask);
> -cpu_physical_memory_read(addr, , 2);
> +address_space_read(addr, , 2);
>  if (value & 1)
>  v |= mask;
>  else
>  v &= ~mask;
> -cpu_physical_memory_write(addr, , 2);
> +address_space_write(addr, , 2);
>  }
>  
>  static uint32_t bitband_readl(void *opaque, hwaddr offset)
> @@ -88,7 +88,7 @@ static uint32_t bitband_readl(void *opaque, hwaddr offset)
>  addr = bitband_addr(opaque, offset) & ~3;
>  mask = (1 << ((offset >> 2) & 31));
>  mask = tswap32(mask);
> -cpu_physical_memory_read(addr, , 4);
> +address_space_read(addr, , 4);
>  return (v & mask) != 0;
>  }
>  
> @@ -101,12 +101,12 @@ static void bitband_writel(void *opaque, hwaddr offset,
>  addr = bitband_addr(opaque, offset) & ~3;
>  mask = (1 << ((offset >> 2) & 31));
>  mask = tswap32(mask);
> -cpu_physical_memory_read(addr, , 4);
> +address_space_read(addr, , 4);
>  if (value & 1)
>  v |= mask;
>  else
>  v &= ~mask;
> -cpu_physical_memory_write(addr, , 4);
> +address_space_write(addr, , 4);
>  }
>  
>  static const MemoryRegionOps bitband_ops = {
> diff --git a/hw/arm/boot.c b/hw/arm/boot.c
> index 8ba0e42..c89b533 100644
> --- a/hw/arm/boot.c
> +++ b/hw/arm/boot.c
> @@ -281,8 +281,8 @@ static void set_kernel_args(const struct arm_boot_info 
> *info)
>  int cmdline_size;
>  
>  cmdline_size = strlen(info->kernel_cmdline);
> -cpu_physical_memory_write(p + 8, info->kernel_cmdline,
> -  cmdline_size + 1);
> +address_space_write(p + 8, info->kernel_cmdline,
> +cmdline_size + 1);
>  cmdline_size = (cmdline_size >> 2) + 1;
>  WRITE_WORD(p, cmdline_size + 2);
>  WRITE_WORD(p, 0x54410009);
> @@ -296,7 +296,7 @@ static void set_kernel_args(const struct arm_boot_info 
> *info)
>  atag_board_len = (info->atag_board(info, atag_board_buf) + 3) & ~3;
>  WRITE_WORD(p, (atag_board_len + 8) >> 2);
>  WRITE_WORD(p, 0x414f4d50);
> -cpu_physical_memory_write(p, atag_board_buf, atag_board_len);
> +address_space_write(p, atag_board_buf, atag_board_len);
>  p += atag_board_len;
>  }
>  /* ATAG_END */
> @@ -372,7 +372,7 @@ static void set_kernel_args_old(const struct 
> arm_boot_info *info)
>  }
>  s = info->kernel_cmdline;
>  if (s) {
> -cpu_physical_memory_write(p, s, strlen(s) + 1);
> +address_space_write(p, s, strlen(s) + 1);
>  } else {
>  WRITE_WORD(p, 0);
>  }
> diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
> index 54548f3..e624d51 100644
> --- a/hw/arm/musicpal.c
> +++ b/hw/arm/musicpal.c
> @@ -175,12 +175,12 @@ static void eth_rx_desc_put(uint32_t addr, 
> mv88w8618_rx_desc *desc)
>  cpu_to_le16s(>buffer_size);
>  cpu_to_le32s(>buffer);
>  cpu_to_le32s(>next);
> -

[Qemu-devel] [PATCH 5/5] address_space: replaced function calls

[Mriyam Tamuli]

replaced calls named cpu_physical_memory_* with address_space_*

hw/display/omap_lcdc.c
hw/display/pxa2xx_lcd.c
hw/display/virtio-gpu.c
hw/dma/etraxfs_dma.c
---
 hw/display/omap_lcdc.c  |  8 
 hw/display/pxa2xx_lcd.c |  4 ++--
 hw/display/virtio-gpu.c |  6 +++---
 hw/dma/etraxfs_dma.c| 34 +-
 4 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/hw/display/omap_lcdc.c b/hw/display/omap_lcdc.c
index ce1058b..9f6e38c 100644
--- a/hw/display/omap_lcdc.c
+++ b/hw/display/omap_lcdc.c
@@ -128,9 +128,9 @@ static void omap_update_display(void *opaque)
 
 frame_offset = 0;
 if (omap_lcd->plm != 2) {
-cpu_physical_memory_read(omap_lcd->dma->phys_framebuffer[
-  omap_lcd->dma->current_frame],
- (void *)omap_lcd->palette, 0x200);
+address_space_read(omap_lcd->dma->phys_framebuffer[
+   omap_lcd->dma->current_frame],
+   (void *)omap_lcd->palette, 0x200);
 switch (omap_lcd->palette[0] >> 12 & 7) {
 case 3 ... 7:
 frame_offset += 0x200;
@@ -280,7 +280,7 @@ static void omap_lcd_update(struct omap_lcd_panel_s *s) {
 s->dma->phys_framebuffer[1] = s->dma->src_f2_top;
 
 if (s->plm != 2 && !s->palette_done) {
-cpu_physical_memory_read(
+address_space_read(
 s->dma->phys_framebuffer[s->dma->current_frame],
 (void *)s->palette, 0x200);
 s->palette_done = 1;
diff --git a/hw/display/pxa2xx_lcd.c b/hw/display/pxa2xx_lcd.c
index 845521c..67b9a53 100644
--- a/hw/display/pxa2xx_lcd.c
+++ b/hw/display/pxa2xx_lcd.c
@@ -309,7 +309,7 @@ static void pxa2xx_descriptor_load(PXA2xxLCDState *s)
 continue;
 }
 
-cpu_physical_memory_read(descptr, , sizeof(desc));
+address_space_read(descptr, , sizeof(desc));
 s->dma_ch[i].descriptor = le32_to_cpu(desc.fdaddr);
 s->dma_ch[i].source = le32_to_cpu(desc.fsaddr);
 s->dma_ch[i].id = le32_to_cpu(desc.fidr);
@@ -853,7 +853,7 @@ static void pxa2xx_update_display(void *opaque)
 }
 
 if (s->dma_ch[ch].command & LDCMD_PAL) {
-cpu_physical_memory_read(fbptr, s->dma_ch[ch].pbuffer,
+address_space_read(fbptr, s->dma_ch[ch].pbuffer,
 MAX(LDCMD_LENGTH(s->dma_ch[ch].command),
 sizeof(s->dma_ch[ch].pbuffer)));
 pxa2xx_palette_parse(s, ch, s->bpp);
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index ddf3bfb..2a97b04 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -622,7 +622,7 @@ int virtio_gpu_create_mapping_iov(struct 
virtio_gpu_resource_attach_backing *ab,
 for (i = 0; i < ab->nr_entries; i++) {
 hwaddr len = ents[i].length;
 (*iov)[i].iov_len = ents[i].length;
-(*iov)[i].iov_base = cpu_physical_memory_map(ents[i].addr, , 1);
+(*iov)[i].iov_base = address_space_map(ents[i].addr, , 1);
 if (!(*iov)[i].iov_base || len != ents[i].length) {
 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for"
   " resource %d element %d\n",
@@ -642,8 +642,8 @@ void virtio_gpu_cleanup_mapping_iov(struct iovec *iov, 
uint32_t count)
 int i;
 
 for (i = 0; i < count; i++) {
-cpu_physical_memory_unmap(iov[i].iov_base, iov[i].iov_len, 1,
-  iov[i].iov_len);
+address_space_unmap(iov[i].iov_base, iov[i].iov_len, 1,
+iov[i].iov_len);
 }
 g_free(iov);
 }
diff --git a/hw/dma/etraxfs_dma.c b/hw/dma/etraxfs_dma.c
index d5650eb..4b49528 100644
--- a/hw/dma/etraxfs_dma.c
+++ b/hw/dma/etraxfs_dma.c
@@ -223,9 +223,9 @@ static void channel_load_g(struct fs_dma_ctrl *ctrl, int c)
hwaddr addr = channel_reg(ctrl, c, RW_GROUP);
 
/* Load and decode. FIXME: handle endianness.  */
-   cpu_physical_memory_read (addr, 
- (void *) >channels[c].current_g, 
- sizeof ctrl->channels[c].current_g);
+address_space_read(addr,
+  (void *) >channels[c].current_g,
+  sizeof ctrl->channels[c].current_g);
 }
 
 static void dump_c(int ch, struct dma_descr_context *c)
@@ -255,9 +255,9 @@ static void channel_load_c(struct fs_dma_ctrl *ctrl, int c)
hwaddr addr = channel_reg(ctrl, c, RW_GROUP_DOWN);
 
/* Load and decode. FIXME: handle endianness.  */
-   cpu_physical_memory_read (addr, 
- (void *) >channels[c].current_c, 
- sizeof ctrl->channels[c].current_c);
+address_space_read(addr,
+  (void *) >channels[c].current_c,
+  sizeof ctrl->channels[c].current_c);
 
D(dump_c(c, >channels[c].current_c));
/* I guess this should update the current pos.  */
@@ 

[Qemu-devel] [PATCH 4/5] address_space: replaced function calls

[Mriyam Tamuli]

replaced calls named cpu_physical_memory_* with address_space_*

hw/core/loader.c
hw/display/exynos4210_fimd.c
hw/display/milkymist-tmu2.c
hw/display/omap_dss.c
---
 hw/core/loader.c |  4 ++--
 hw/display/exynos4210_fimd.c |  6 +++---
 hw/display/milkymist-tmu2.c  | 16 
 hw/display/omap_dss.c|  8 
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/hw/core/loader.c b/hw/core/loader.c
index 8e8031c..19fa77a 100644
--- a/hw/core/loader.c
+++ b/hw/core/loader.c
@@ -1000,8 +1000,8 @@ static void rom_reset(void *unused)
 void *host = memory_region_get_ram_ptr(rom->mr);
 memcpy(host, rom->data, rom->datasize);
 } else {
-cpu_physical_memory_write_rom(_space_memory,
-  rom->addr, rom->data, rom->datasize);
+address_space_write_rom(_space_memory,
+rom->addr, rom->data, rom->datasize);
 }
 if (rom->isrom) {
 /* rom needs to be written only once */
diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c
index 728eb21..cc3e38c 100644
--- a/hw/display/exynos4210_fimd.c
+++ b/hw/display/exynos4210_fimd.c
@@ -1130,7 +1130,7 @@ static void 
fimd_update_memory_section(Exynos4210fimdState *s, unsigned win)
 }
 
 if (w->host_fb_addr) {
-cpu_physical_memory_unmap(w->host_fb_addr, w->fb_len, 0, 0);
+address_space_unmap(w->host_fb_addr, w->fb_len, 0, 0);
 w->host_fb_addr = NULL;
 w->fb_len = 0;
 }
@@ -1161,7 +1161,7 @@ static void 
fimd_update_memory_section(Exynos4210fimdState *s, unsigned win)
 goto error_return;
 }
 
-w->host_fb_addr = cpu_physical_memory_map(fb_start_addr, _mapped_len, 
0);
+w->host_fb_addr = address_space_map(fb_start_addr, _mapped_len, 0);
 if (!w->host_fb_addr) {
 DPRINT_ERROR("Failed to map window %u framebuffer\n", win);
 goto error_return;
@@ -1170,7 +1170,7 @@ static void 
fimd_update_memory_section(Exynos4210fimdState *s, unsigned win)
 if (fb_mapped_len != w->fb_len) {
 DPRINT_ERROR("Window %u mapped framebuffer length is less then "
 "expected\n", win);
-cpu_physical_memory_unmap(w->host_fb_addr, fb_mapped_len, 0, 0);
+address_space_unmap(w->host_fb_addr, fb_mapped_len, 0, 0);
 goto error_return;
 }
 memory_region_set_log(w->mem_section.mr, true, DIRTY_MEMORY_VGA);
diff --git a/hw/display/milkymist-tmu2.c b/hw/display/milkymist-tmu2.c
index 9bc88f9..cf3bf97 100644
--- a/hw/display/milkymist-tmu2.c
+++ b/hw/display/milkymist-tmu2.c
@@ -213,7 +213,7 @@ static void tmu2_start(MilkymistTMU2State *s)
 glGenTextures(1, );
 glBindTexture(GL_TEXTURE_2D, texture);
 fb_len = 2*s->regs[R_TEXHRES]*s->regs[R_TEXVRES];
-fb = cpu_physical_memory_map(s->regs[R_TEXFBUF], _len, 0);
+fb = address_space_map(s->regs[R_TEXFBUF], _len, 0);
 if (fb == NULL) {
 glDeleteTextures(1, );
 glXMakeContextCurrent(s->dpy, None, None, NULL);
@@ -222,7 +222,7 @@ static void tmu2_start(MilkymistTMU2State *s)
 }
 glTexImage2D(GL_TEXTURE_2D, 0, 3, s->regs[R_TEXHRES], s->regs[R_TEXVRES],
 0, GL_RGB, GL_UNSIGNED_SHORT_5_6_5, fb);
-cpu_physical_memory_unmap(fb, fb_len, 0, fb_len);
+address_space_unmap(fb, fb_len, 0, fb_len);
 
 /* Set up texturing options */
 /* WARNING:
@@ -257,7 +257,7 @@ static void tmu2_start(MilkymistTMU2State *s)
 
 /* Read the QEMU dest. framebuffer into the OpenGL framebuffer */
 fb_len = 2 * s->regs[R_DSTHRES] * s->regs[R_DSTVRES];
-fb = cpu_physical_memory_map(s->regs[R_DSTFBUF], _len, 0);
+fb = address_space_map(s->regs[R_DSTFBUF], _len, 0);
 if (fb == NULL) {
 glDeleteTextures(1, );
 glXMakeContextCurrent(s->dpy, None, None, NULL);
@@ -267,7 +267,7 @@ static void tmu2_start(MilkymistTMU2State *s)
 
 glDrawPixels(s->regs[R_DSTHRES], s->regs[R_DSTVRES], GL_RGB,
 GL_UNSIGNED_SHORT_5_6_5, fb);
-cpu_physical_memory_unmap(fb, fb_len, 0, fb_len);
+address_space_unmap(fb, fb_len, 0, fb_len);
 glViewport(0, 0, s->regs[R_DSTHRES], s->regs[R_DSTVRES]);
 glMatrixMode(GL_PROJECTION);
 glLoadIdentity();
@@ -276,7 +276,7 @@ static void tmu2_start(MilkymistTMU2State *s)
 
 /* Map the texture */
 mesh_len = MESH_MAXSIZE*MESH_MAXSIZE*sizeof(struct vertex);
-mesh = cpu_physical_memory_map(s->regs[R_VERTICESADDR], _len, 0);
+mesh = address_space_map(s->regs[R_VERTICESADDR], _len, 0);
 if (mesh == NULL) {
 glDeleteTextures(1, );
 glXMakeContextCurrent(s->dpy, None, None, NULL);
@@ -289,11 +289,11 @@ static void tmu2_start(MilkymistTMU2State *s)
 s->regs[R_HMESHLAST], s->regs[R_VMESHLAST],
 s->regs[R_DSTHOFFSET], s->regs[R_DSTVOFFSET],
 s->regs[R_DSTSQUAREW], s->regs[R_DSTSQUAREH]);
-cpu_physical_memory_unmap(mesh, mesh_len, 0, mesh_len);
+

[Qemu-devel] [PATCH 3/5] address_space: replaced function calls

[Mriyam Tamuli]

replaced calls named cpu_physical_memory_* with address_space_*

hw/arm/omap1.c
hw/arm/pxa2xx.c
hw/audio/marvell_88w8618.c
hw/audio/milkymist-ac97.c
---
 hw/arm/omap1.c | 12 ++--
 hw/arm/pxa2xx.c|  4 ++--
 hw/audio/marvell_88w8618.c |  2 +-
 hw/audio/milkymist-ac97.c  |  4 ++--
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
index 6f68130..211e335 100644
--- a/hw/arm/omap1.c
+++ b/hw/arm/omap1.c
@@ -35,7 +35,7 @@ uint32_t omap_badwidth_read8(void *opaque, hwaddr addr)
 uint8_t ret;
 
 OMAP_8B_REG(addr);
-cpu_physical_memory_read(addr, , 1);
+address_space_read(addr, , 1);
 return ret;
 }
 
@@ -45,7 +45,7 @@ void omap_badwidth_write8(void *opaque, hwaddr addr,
 uint8_t val8 = value;
 
 OMAP_8B_REG(addr);
-cpu_physical_memory_write(addr, , 1);
+address_space_write(addr, , 1);
 }
 
 uint32_t omap_badwidth_read16(void *opaque, hwaddr addr)
@@ -53,7 +53,7 @@ uint32_t omap_badwidth_read16(void *opaque, hwaddr addr)
 uint16_t ret;
 
 OMAP_16B_REG(addr);
-cpu_physical_memory_read(addr, , 2);
+address_space_read(addr, , 2);
 return ret;
 }
 
@@ -63,7 +63,7 @@ void omap_badwidth_write16(void *opaque, hwaddr addr,
 uint16_t val16 = value;
 
 OMAP_16B_REG(addr);
-cpu_physical_memory_write(addr, , 2);
+address_space_write(addr, , 2);
 }
 
 uint32_t omap_badwidth_read32(void *opaque, hwaddr addr)
@@ -71,7 +71,7 @@ uint32_t omap_badwidth_read32(void *opaque, hwaddr addr)
 uint32_t ret;
 
 OMAP_32B_REG(addr);
-cpu_physical_memory_read(addr, , 4);
+address_space_read(addr, , 4);
 return ret;
 }
 
@@ -79,7 +79,7 @@ void omap_badwidth_write32(void *opaque, hwaddr addr,
 uint32_t value)
 {
 OMAP_32B_REG(addr);
-cpu_physical_memory_write(addr, , 4);
+address_space_write(addr, , 4);
 }
 
 /* MPU OS timers */
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index ff6ac7a..c8172c8 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -292,9 +292,9 @@ static void pxa2xx_pwrmode_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 
 #if 0
 buffer = 0xe59ff000; /* ldr pc, [pc, #0] */
-cpu_physical_memory_write(0, , 4);
+address_space_write(0, , 4);
 buffer = s->pm_regs[PSPR >> 2];
-cpu_physical_memory_write(8, , 4);
+address_space_write(8, , 4);
 #endif
 
 /* Suspend */
diff --git a/hw/audio/marvell_88w8618.c b/hw/audio/marvell_88w8618.c
index a6ca180..5e6175b 100644
--- a/hw/audio/marvell_88w8618.c
+++ b/hw/audio/marvell_88w8618.c
@@ -82,7 +82,7 @@ static void mv88w8618_audio_callback(void *opaque, int 
free_out, int free_in)
 if (block_size > 4096) {
 return;
 }
-cpu_physical_memory_read(s->target_buffer + s->play_pos, buf, block_size);
+address_space_read(s->target_buffer + s->play_pos, buf, block_size);
 mem_buffer = buf;
 if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE) {
 if (s->playback_mode & MP_AUDIO_MONO) {
diff --git a/hw/audio/milkymist-ac97.c b/hw/audio/milkymist-ac97.c
index 6a3b536..a5dae59 100644
--- a/hw/audio/milkymist-ac97.c
+++ b/hw/audio/milkymist-ac97.c
@@ -203,7 +203,7 @@ static void ac97_in_cb(void *opaque, int avail_b)
 break;
 }
 
-cpu_physical_memory_write(addr, buf, acquired);
+address_space_write(addr, buf, acquired);
 
 temp -= acquired;
 addr += acquired;
@@ -241,7 +241,7 @@ static void ac97_out_cb(void *opaque, int free_b)
 int copied, to_copy;
 
 to_copy = audio_MIN(temp, sizeof(buf));
-cpu_physical_memory_read(addr, buf, to_copy);
+address_space_read(addr, buf, to_copy);
 copied = AUD_write(s->voice_out, buf, to_copy);
 if (!copied) {
 break;
-- 
2.5.0

[Qemu-devel] [PATCH 3/5] address_space: replaced function calls

[Mriyam Tamuli]

replaced calls named cpu_physical_memory_* with address_space_*

hw/arm/omap1.c
hw/arm/pxa2xx.c
hw/audio/marvell_88w8618.c
hw/audio/milkymist-ac97.c
---
 hw/arm/omap1.c | 12 ++--
 hw/arm/pxa2xx.c|  4 ++--
 hw/audio/marvell_88w8618.c |  2 +-
 hw/audio/milkymist-ac97.c  |  4 ++--
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
index 6f68130..211e335 100644
--- a/hw/arm/omap1.c
+++ b/hw/arm/omap1.c
@@ -35,7 +35,7 @@ uint32_t omap_badwidth_read8(void *opaque, hwaddr addr)
 uint8_t ret;
 
 OMAP_8B_REG(addr);
-cpu_physical_memory_read(addr, , 1);
+address_space_read(addr, , 1);
 return ret;
 }
 
@@ -45,7 +45,7 @@ void omap_badwidth_write8(void *opaque, hwaddr addr,
 uint8_t val8 = value;
 
 OMAP_8B_REG(addr);
-cpu_physical_memory_write(addr, , 1);
+address_space_write(addr, , 1);
 }
 
 uint32_t omap_badwidth_read16(void *opaque, hwaddr addr)
@@ -53,7 +53,7 @@ uint32_t omap_badwidth_read16(void *opaque, hwaddr addr)
 uint16_t ret;
 
 OMAP_16B_REG(addr);
-cpu_physical_memory_read(addr, , 2);
+address_space_read(addr, , 2);
 return ret;
 }
 
@@ -63,7 +63,7 @@ void omap_badwidth_write16(void *opaque, hwaddr addr,
 uint16_t val16 = value;
 
 OMAP_16B_REG(addr);
-cpu_physical_memory_write(addr, , 2);
+address_space_write(addr, , 2);
 }
 
 uint32_t omap_badwidth_read32(void *opaque, hwaddr addr)
@@ -71,7 +71,7 @@ uint32_t omap_badwidth_read32(void *opaque, hwaddr addr)
 uint32_t ret;
 
 OMAP_32B_REG(addr);
-cpu_physical_memory_read(addr, , 4);
+address_space_read(addr, , 4);
 return ret;
 }
 
@@ -79,7 +79,7 @@ void omap_badwidth_write32(void *opaque, hwaddr addr,
 uint32_t value)
 {
 OMAP_32B_REG(addr);
-cpu_physical_memory_write(addr, , 4);
+address_space_write(addr, , 4);
 }
 
 /* MPU OS timers */
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index ff6ac7a..c8172c8 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -292,9 +292,9 @@ static void pxa2xx_pwrmode_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 
 #if 0
 buffer = 0xe59ff000; /* ldr pc, [pc, #0] */
-cpu_physical_memory_write(0, , 4);
+address_space_write(0, , 4);
 buffer = s->pm_regs[PSPR >> 2];
-cpu_physical_memory_write(8, , 4);
+address_space_write(8, , 4);
 #endif
 
 /* Suspend */
diff --git a/hw/audio/marvell_88w8618.c b/hw/audio/marvell_88w8618.c
index a6ca180..5e6175b 100644
--- a/hw/audio/marvell_88w8618.c
+++ b/hw/audio/marvell_88w8618.c
@@ -82,7 +82,7 @@ static void mv88w8618_audio_callback(void *opaque, int 
free_out, int free_in)
 if (block_size > 4096) {
 return;
 }
-cpu_physical_memory_read(s->target_buffer + s->play_pos, buf, block_size);
+address_space_read(s->target_buffer + s->play_pos, buf, block_size);
 mem_buffer = buf;
 if (s->playback_mode & MP_AUDIO_16BIT_SAMPLE) {
 if (s->playback_mode & MP_AUDIO_MONO) {
diff --git a/hw/audio/milkymist-ac97.c b/hw/audio/milkymist-ac97.c
index 6a3b536..a5dae59 100644
--- a/hw/audio/milkymist-ac97.c
+++ b/hw/audio/milkymist-ac97.c
@@ -203,7 +203,7 @@ static void ac97_in_cb(void *opaque, int avail_b)
 break;
 }
 
-cpu_physical_memory_write(addr, buf, acquired);
+address_space_write(addr, buf, acquired);
 
 temp -= acquired;
 addr += acquired;
@@ -241,7 +241,7 @@ static void ac97_out_cb(void *opaque, int free_b)
 int copied, to_copy;
 
 to_copy = audio_MIN(temp, sizeof(buf));
-cpu_physical_memory_read(addr, buf, to_copy);
+address_space_read(addr, buf, to_copy);
 copied = AUD_write(s->voice_out, buf, to_copy);
 if (!copied) {
 break;
-- 
2.5.0

[Qemu-devel] [PATCH 2/5] address_space: replaced function calls

[Mriyam Tamuli]

replaced calls named cpu_physical_memory_* with address_space_*

hw/arm/armv7m.c
hw/arm/boot.c
hw/arm/musicpal.c
hw/arm/nseries.c
---
 hw/arm/armv7m.c   | 18 +-
 hw/arm/boot.c |  8 
 hw/arm/musicpal.c | 14 +++---
 hw/arm/nseries.c  |  8 
 4 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index ed7d97f..5275e3a 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -31,7 +31,7 @@ static inline uint32_t bitband_addr(void * opaque, uint32_t 
addr)
 static uint32_t bitband_readb(void *opaque, hwaddr offset)
 {
 uint8_t v;
-cpu_physical_memory_read(bitband_addr(opaque, offset), , 1);
+address_space_read(bitband_addr(opaque, offset), , 1);
 return (v & (1 << ((offset >> 2) & 7))) != 0;
 }
 
@@ -43,12 +43,12 @@ static void bitband_writeb(void *opaque, hwaddr offset,
 uint8_t v;
 addr = bitband_addr(opaque, offset);
 mask = (1 << ((offset >> 2) & 7));
-cpu_physical_memory_read(addr, , 1);
+address_space_read(addr, , 1);
 if (value & 1)
 v |= mask;
 else
 v &= ~mask;
-cpu_physical_memory_write(addr, , 1);
+address_space_write(addr, , 1);
 }
 
 static uint32_t bitband_readw(void *opaque, hwaddr offset)
@@ -59,7 +59,7 @@ static uint32_t bitband_readw(void *opaque, hwaddr offset)
 addr = bitband_addr(opaque, offset) & ~1;
 mask = (1 << ((offset >> 2) & 15));
 mask = tswap16(mask);
-cpu_physical_memory_read(addr, , 2);
+address_space_read(addr, , 2);
 return (v & mask) != 0;
 }
 
@@ -72,12 +72,12 @@ static void bitband_writew(void *opaque, hwaddr offset,
 addr = bitband_addr(opaque, offset) & ~1;
 mask = (1 << ((offset >> 2) & 15));
 mask = tswap16(mask);
-cpu_physical_memory_read(addr, , 2);
+address_space_read(addr, , 2);
 if (value & 1)
 v |= mask;
 else
 v &= ~mask;
-cpu_physical_memory_write(addr, , 2);
+address_space_write(addr, , 2);
 }
 
 static uint32_t bitband_readl(void *opaque, hwaddr offset)
@@ -88,7 +88,7 @@ static uint32_t bitband_readl(void *opaque, hwaddr offset)
 addr = bitband_addr(opaque, offset) & ~3;
 mask = (1 << ((offset >> 2) & 31));
 mask = tswap32(mask);
-cpu_physical_memory_read(addr, , 4);
+address_space_read(addr, , 4);
 return (v & mask) != 0;
 }
 
@@ -101,12 +101,12 @@ static void bitband_writel(void *opaque, hwaddr offset,
 addr = bitband_addr(opaque, offset) & ~3;
 mask = (1 << ((offset >> 2) & 31));
 mask = tswap32(mask);
-cpu_physical_memory_read(addr, , 4);
+address_space_read(addr, , 4);
 if (value & 1)
 v |= mask;
 else
 v &= ~mask;
-cpu_physical_memory_write(addr, , 4);
+address_space_write(addr, , 4);
 }
 
 static const MemoryRegionOps bitband_ops = {
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index 8ba0e42..c89b533 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -281,8 +281,8 @@ static void set_kernel_args(const struct arm_boot_info 
*info)
 int cmdline_size;
 
 cmdline_size = strlen(info->kernel_cmdline);
-cpu_physical_memory_write(p + 8, info->kernel_cmdline,
-  cmdline_size + 1);
+address_space_write(p + 8, info->kernel_cmdline,
+cmdline_size + 1);
 cmdline_size = (cmdline_size >> 2) + 1;
 WRITE_WORD(p, cmdline_size + 2);
 WRITE_WORD(p, 0x54410009);
@@ -296,7 +296,7 @@ static void set_kernel_args(const struct arm_boot_info 
*info)
 atag_board_len = (info->atag_board(info, atag_board_buf) + 3) & ~3;
 WRITE_WORD(p, (atag_board_len + 8) >> 2);
 WRITE_WORD(p, 0x414f4d50);
-cpu_physical_memory_write(p, atag_board_buf, atag_board_len);
+address_space_write(p, atag_board_buf, atag_board_len);
 p += atag_board_len;
 }
 /* ATAG_END */
@@ -372,7 +372,7 @@ static void set_kernel_args_old(const struct arm_boot_info 
*info)
 }
 s = info->kernel_cmdline;
 if (s) {
-cpu_physical_memory_write(p, s, strlen(s) + 1);
+address_space_write(p, s, strlen(s) + 1);
 } else {
 WRITE_WORD(p, 0);
 }
diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
index 54548f3..e624d51 100644
--- a/hw/arm/musicpal.c
+++ b/hw/arm/musicpal.c
@@ -175,12 +175,12 @@ static void eth_rx_desc_put(uint32_t addr, 
mv88w8618_rx_desc *desc)
 cpu_to_le16s(>buffer_size);
 cpu_to_le32s(>buffer);
 cpu_to_le32s(>next);
-cpu_physical_memory_write(addr, desc, sizeof(*desc));
+address_space_write(addr, desc, sizeof(*desc));
 }
 
 static void eth_rx_desc_get(uint32_t addr, mv88w8618_rx_desc *desc)
 {
-cpu_physical_memory_read(addr, desc, sizeof(*desc));
+address_space_read(addr, desc, sizeof(*desc));
 le32_to_cpus(>cmdstat);
 le16_to_cpus(>bytes);
 le16_to_cpus(>buffer_size);
@@ -203,8 +203,8 @@ static ssize_t eth_receive(NetClientState *nc, const 
uint8_t *buf, size_t size)
  

[Qemu-devel] [PATCH 1/5] address_space: replaced function calls

[Mriyam Tamuli]

replaced calls named cpu_physical_memory_* with address_space_*

cpus.c
cputlb.c
disas.c
exec.c
---
 cpus.c   |  2 +-
 cputlb.c |  8 
 disas.c  |  2 +-
 exec.c   | 60 ++--
 4 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/cpus.c b/cpus.c
index bc774e2..d73cd7b 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1662,7 +1662,7 @@ void qmp_pmemsave(int64_t addr, int64_t size, const char 
*filename,
 l = sizeof(buf);
 if (l > size)
 l = size;
-cpu_physical_memory_read(addr, buf, l);
+address_space_read(addr, buf, l);
 if (fwrite(buf, 1, l, f) != l) {
 error_setg(errp, QERR_IO_ERROR);
 goto exit;
diff --git a/cputlb.c b/cputlb.c
index 2f7a166..19aeb6a 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -222,15 +222,15 @@ void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong 
addr, ...)
can be detected */
 void tlb_protect_code(ram_addr_t ram_addr)
 {
-cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
- DIRTY_MEMORY_CODE);
+address_space_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
+   DIRTY_MEMORY_CODE);
 }
 
 /* update the TLB so that writes in physical page 'phys_addr' are no longer
tested for self modifying code */
 void tlb_unprotect_code(ram_addr_t ram_addr)
 {
-cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE);
+address_space_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE);
 }
 
 static bool tlb_is_dirty_ram(CPUTLBEntry *tlbe)
@@ -416,7 +416,7 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong 
vaddr,
 /* Write access calls the I/O callback.  */
 te->addr_write = address | TLB_MMIO;
 } else if (memory_region_is_ram(section->mr)
-   && cpu_physical_memory_is_clean(
+   && address_space_is_clean(
 memory_region_get_ram_addr(section->mr) + xlat)) {
 te->addr_write = address | TLB_NOTDIRTY;
 } else {
diff --git a/disas.c b/disas.c
index 05a7a12..c6128e3 100644
--- a/disas.c
+++ b/disas.c
@@ -356,7 +356,7 @@ monitor_read_memory (bfd_vma memaddr, bfd_byte *myaddr, int 
length,
 CPUDebug *s = container_of(info, CPUDebug, info);
 
 if (monitor_disas_is_physical) {
-cpu_physical_memory_read(memaddr, myaddr, length);
+address_space_read(memaddr, myaddr, length);
 } else {
 cpu_memory_rw_debug(s->cpu, memaddr, myaddr, length, 0);
 }
diff --git a/exec.c b/exec.c
index f09dd4e..e266e68 100644
--- a/exec.c
+++ b/exec.c
@@ -991,9 +991,9 @@ static void tlb_reset_dirty_range_all(ram_addr_t start, 
ram_addr_t length)
 }
 
 /* Note: start and end must be within the same ram block.  */
-bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
-  ram_addr_t length,
-  unsigned client)
+bool address_space_test_and_clear_dirty(ram_addr_t start,
+ram_addr_t length,
+unsigned client)
 {
 DirtyMemoryBlocks *blocks;
 unsigned long end, page;
@@ -1523,9 +1523,9 @@ int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, 
Error **errp)
 return -EINVAL;
 }
 
-cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
+address_space_clear_dirty_range(block->offset, block->used_length);
 block->used_length = newsize;
-cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
+address_space_set_dirty_range(block->offset, block->used_length,
 DIRTY_CLIENTS_ALL);
 memory_region_set_size(block->mr, newsize);
 if (block->resized) {
@@ -1638,9 +1638,9 @@ static void ram_block_add(RAMBlock *new_block, Error 
**errp)
 ram_list.version++;
 qemu_mutex_unlock_ramlist();
 
-cpu_physical_memory_set_dirty_range(new_block->offset,
-new_block->used_length,
-DIRTY_CLIENTS_ALL);
+address_space_set_dirty_range(new_block->offset,
+  new_block->used_length,
+  DIRTY_CLIENTS_ALL);
 
 if (new_block->host) {
 qemu_ram_setup_dump(new_block->host, new_block->max_length);
@@ -2035,7 +2035,7 @@ MemoryRegion *qemu_ram_addr_from_host(void *ptr, 
ram_addr_t *ram_addr)
 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
uint64_t val, unsigned size)
 {
-if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
+if (!address_space_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
 tb_invalidate_phys_page_fast(ram_addr, size);
 }
 switch (size) {
@@ -2054,11 +2054,11 @@ static void notdirty_mem_write(void *opaque, 

Re: [Qemu-devel] [PATCH] target-arm: Fix descriptor address masking in ARM address translation

[Sergey Sorokin]

12.03.2016, 03:18, "Peter Maydell" :
>On 12 March 2016 at 06:44, Sergey Sorokin  wrote:
>> 11.03.2016, 11:41, "Peter Maydell" :
>>>On 4 March 2016 at 23:04, Sergey Sorokin  wrote:
 There is a bug in ARM address translation regime with a long-descriptor
 format. On the descriptor reading its address is formed from an index
 which is a part of the input address. And on the first iteration this index
 is incorrectly masked with 'grainsize' mask. But it can be wider according
 to pseudo-code.
 On the other hand on the iterations other than first the descriptor address
 is formed from the previous level descriptor by masking with 'descaddrmask'
 value. It always clears just 12 lower bits, but it must clear 'grainsize'
 lower bits instead according to pseudo-code.
 The patch fixes both cases.
>>>
>>>This is pretty confusing to understand -- it might help if you
>>>could give an example.
>>
>> According to documentation (ARMv8 ARM DDI 0487A.i J1.1.5:
>> aarch64/translation/walk/AArch64.TranslationTableWalk):
>>
>> bits(48) index = ZeroExtend(inputaddr:'000');
>> descaddr.paddress.physicaladdress = baseaddress OR index;
>>
>> For a first iteration of the descriptor reading:
>>
>> addrselecttop = inputsize - 1;
>> addrselectbottom = (3-level)*stride + grainsize;
>>
>> Let's assume grainsize == 12 (so stride == 9), level == 1, inputsize == 43.
>> Then index is
>> inputaddr<42:30>:'000';
>
>...which is more than 9 bits, so when does this happen?
>I think this can only happen for the Stage-2 only
>concatenated translation-tables case...
>
>(I agree we have a bug here, I'm just trying to work out when it
>can trigger; if it's only possible for S2 page tables then it's
>not a visible bug yet because no CPUs have EL2 support enabled.)

I can not anwer you to this question. The bug was found by our internal
corporate test suite with EL2 enabled.

>
 -/* The address field in the descriptor goes up to bit 39 for ARMv7
 - * but up to bit 47 for ARMv8.
 +/* The address field in the descriptor goes up to bit 39 for AArch32
 + * but up to bit 47 for AArch64.
   */
>>>
>>>This is not correct -- the descriptor field widths are as the comment
>>>states before your patch:
>>> * up to bit 39 for ARMv7
>>> * up to bit 47 for ARMv8 (whether AArch32 or AArch64)
>>>
>>>See the v8 ARM ARM AArch32.TranslationTableWalkLD pseudocode and in
>>>particular note the width which it uses for AddressSizeFault checks.
>>
>> I see in ARMv8 ARM DDI 0487A.i J1.2.4
>> aarch32/translation/walk/AArch32.TranslationTableWalkLD:
>>
>> Before 'repeat' cycle:
>> baseaddress = baseregister<39:baselowerbound>:Zeros(baselowerbound);
>>
>> Inside the cycle:
>> baseaddress = desc<39:grainsize>:Zeros(grainsize);
>
>Yes, but this happens only after we have done the check:
>
>  if !IsZero(desc<47:40>) then
> [take the AddressSize fault]
>
>which tells us that the descriptor field really is up to bit 48.
>We just haven't yet implemented the check in QEMU which will
>generate the AddressSize fault if the top bits are nonzero.
>(In contrast, in ARMv7 there really are only 40 bits there.)
>
>If you want to implement the AddressSize checks that's fine,
>but otherwise please leave this bit of the code alone.

You said me that my code is not correct, I have proved that it conforms
to the documentation.
It's a bit obfuscating when the doc explicitly says to take bits up to 39
from the descriptor, but in QEMU we take bits up to 47 relying on the check in
another part of the code, even if both ways are correct.

Nevertheless there is another bug in descaddrmask in QEMU.
>From ARM ARM:
baseaddress = desc<39:grainsize>:Zeros(grainsize);

But currently QEMU does:
descaddrmask = 0xf000ULL;

It assumes that grainsize is always 12, but it can be greater
in AArch64 translation regime.
The patch fixes the bug,
and completely conforms to the doc, doesn't it?

Re: [Qemu-devel] [PATCH v4 4/4] hw/input/adb.c: implement QKeyCode support

[Peter Maydell]

On 13 March 2016 at 16:39, Programmingkid  wrote:
> I did try this but a bunch of errors showed up.

> /include/migration/vmstate.h:248:48: error: invalid operands to binary - 
> (have 'uint8_t (*)[256]' and 'uint16_t (*)[128]')
>  #define type_check_array(t1,t2,n) ((t1(*)[n])0 - (t2*)0)
>
> /include/migration/vmstate.h:261:6: note: in expansion of macro 
> 'type_check_array'
>   type_check_array(_type, typeof_field(_state, _field), _num))
>
> So I'm not sure now changing the type to 16 bit is the best thing to do. It 
> would require a lot more changes to other files.

Right, you would need to also change the migration state
to say the array was 16 bit. (This is a migration compat
break, so awkward anyway.)

I made a typo in that email which unfortunately completely
reversed the meaning -- I meant to say "we should just
take option (b)"...

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 4/4] hw/input/adb.c: implement QKeyCode support

[Programmingkid]

On Mar 13, 2016, at 11:40 AM, Peter Maydell wrote:

> On 12 March 2016 at 05:40, Programmingkid  wrote:
>> 
>> On Mar 11, 2016, at 10:30 PM, Peter Maydell wrote:
>> 
>>> 
 +}
 +keycode = s->data[s->rptr];
 +if (++s->rptr == sizeof(s->data)) {
 +s->rptr = 0;
}
 +s->count--;
 +
 +obuf[0] = keycode;
>>> 
>>> You are still trying to put a two byte keycode (ADB_KEY_POWER)
>>> into this one-byte array slot. I don't know what the right way to
>>> send a two-byte keycode is but this is obviously not it, as
>>> I said before.
>>> 
 +/* NOTE: could put a second keycode if needed */
 +obuf[1] = 0xff;
 +olen = 2;
 +
return olen;
 }
>> 
>> Is this ok?
>> 
>>/* The power key is the only two byte value key, so it is a special case. 
>> */
>>if (keycode == (ADB_KEY_POWER & 0x00ff)) {
>>obuf[0] = ADB_KEY_POWER & 0x00ff;
>>obuf[1] = ADB_KEY_POWER & 0xff00 >> 8;
>>olen = 2;
>>} else {
>>obuf[0] = keycode;
>>/* NOTE: could put a second keycode if needed */
>>obuf[1] = 0xff;
>>olen = 2;
>>}
>> 
>> The keycode value comes from an 8 bit array so holding the
>> full value of the power key is not possible.
> 
> Ah, I hadn't noticed that -- that is not a good approach.
> You should either:
> (a) deal with the fact that ADB_KEY values may be 16 bits
> all the way through (including having that array be uint16_t
> rather than uint8_t)

I did try this but a bunch of errors showed up. To see all the errors just make 
this change in adb.c:

typedef struct KBDState {
/*< private >*/
ADBDevice parent_obj;
/*< public >*/

uint16_t data[128];  <- was uint8_t
int rptr, wptr, count;
} KBDState;

The errors:

/include/migration/vmstate.h:248:48: error: invalid operands to binary - (have 
'uint8_t (*)[256]' and 'uint16_t (*)[128]')
 #define type_check_array(t1,t2,n) ((t1(*)[n])0 - (t2*)0)

/include/migration/vmstate.h:261:6: note: in expansion of macro 
'type_check_array'
  type_check_array(_type, typeof_field(_state, _field), _num))

So I'm not sure now changing the type to 16 bit is the best thing to do. It 
would require a lot more changes to other files. 

Re: [Qemu-devel] [RFC] [tcg] Idea on refactoring target code generation loop (gen_intermediate_code)

[Peter Maydell]

On 13 March 2016 at 13:16, Lluís Vilanova  wrote:
> Peter Maydell writes:
>> I would be more interested in a proposal to move parts of QEMU
>> to Rust, or just about anything else except C++...
>
> QEMU is pretty low-level, so I'm not sure other languages will fit the bill as
> good, and for the parts relevant to QEMU you have just as much control of
> low-level details as with C (having a very close syntax also helps
> transition).
>
> But I'm curious, what'd be the advantage of rust? Cross-language
> bindings are usually expensive, and require some duplication for
> defining structures across them (maybe it's not the case for rust).

It's a systems programming language that's not insanely huge
and designed by continuous accretion of features, that's all.
(More positively, it has the usual nice features of newer languages
such as not letting you write code that's exploitable by a
malicious guest via buffer overflows.) But I'm not so much
trying to advocate for Rust (which I have not investigated at all)
as expressing an opinion that if we move away from C I'd rather
it to be a language that's nicer than C rather than one that's
uglier and larger and still retains all of C's flaws.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 3/4] adb-keys.h: initial commit

[Peter Maydell]

On 11 March 2016 at 02:29, Programmingkid  wrote:
> This commit implements the adb-keys.h file. It holds information on adb 
> keycode
> values.
>
> Signed-off-by: John Arbuckle 

> +
> +ADB_KEY_GRAVE_ACCENT = 50,
> +ADB_KEY_MINUS = 27,
> +ADB_KEY_EQUAL = 24,
> +ADB_KEY_DELETE = 51,
> +ADB_KEY_CAPS_LOCK = 57,
> +ADB_KEY_TAB = 48,
> +ADB_KEY_RETURN = 36,
> +ADB_KEY_LEFT_BRACKET = 33,
> +ADB_KEY_RIGHT_BRACKET = 30,
> +ADB_KEY_BACKSLASH = 42,
> +ADB_KEY_SEMICOLON = 41,
> +ADB_KEY_APOSTROPHE = 39,
> +ADB_KEY_COMMA = 43,
> +ADB_KEY_PERIOD = 47,
> +ADB_KEY_FORWARD_SLASH = 44,
> +ADB_KEY_LEFT_SHIFT = 56,
> +ADB_KEY_RIGHT_SHIFT = 60,
> +ADB_KEY_SPACEBAR = 49,
> +ADB_KEY_LEFT_CONTROL = 59,
> +ADB_KEY_RIGHT_CONTROL = 62,
> +ADB_KEY_LEFT_OPTION = 58,
> +ADB_KEY_RIGHT_OPTION = 61,
> +ADB_KEY_LEFT_COMMAND = 55,
> +ADB_KEY_RIGHT_COMMAND = 54,

> +ADB_KEY_UP = 126,
> +ADB_KEY_DOWN = 125,
> +ADB_KEY_LEFT = 123,
> +ADB_KEY_RIGHT = 124,

Looking at
http://www.archive.org/stream/apple-guide-macintosh-family-hardware/Apple_Guide_to_the_Macintosh_Family_Hardware_2e#page/n347/mode/2up

page 308/309, the codes you have here appear to be the
"keyboard driver codes", ie the ones you get after MacOS
has remapped them, not the "transition codes", ie the ones
the hardware actually generates.

In particular the transition codes for the right shift/option/control
are 0x7B/7C/7D, which are what you have here for KEY_LEFT/RIGHT/DOWN,
which is probably why you're then getting weird behaviour.

I suggest rechecking all these ADB keycodes against the
diagram on page 308.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] adb: change handler only when recognized

[Peter Maydell]

On 12 March 2016 at 20:31, Hervé Poussineau  wrote:
> Of course, I've no real documentation for Standard Keyboard vs Extended
> Keyboard...

Try
http://www.archive.org/stream/apple-guide-macintosh-family-hardware/Apple_Guide_to_the_Macintosh_Family_Hardware_2e#page/n345/mode/2up

pages 306 and 308 ?

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 4/4] hw/input/adb.c: implement QKeyCode support

[Peter Maydell]

On 12 March 2016 at 04:27, Programmingkid  wrote:
>
> On Mar 11, 2016, at 10:30 PM, Peter Maydell wrote:
>
>> On 11 March 2016 at 09:32, Programmingkid  wrote:
>>> Remove the old pc_to_adb_keycode array and replace it with QKeyCode support.
>>>
>>> Signed-off-by: John Arbuckle 
>>> ---
>>> Some of the keys do not translate as logically as we would think they 
>>> would. For
>>> example the Q_KEY_CODE_CTRL_R does not work with ADB_KEY_RIGHT_CONTROL. The
>>> wrong key would show up in the guest. These problem keys are commmented out 
>>> and
>>> replaced with the number that does work correctly. This patch can be easily
>>> tested with the Linux command xev or Mac OS's Key Caps.
>>
>> I'm not sure what you mean here. If you press right-control on the host
>> then shouldn't this correspond to right-control on the guest ?
>
> It should. It makes logical sense. But when I tried it using a Mac OS X and
> Linux guest, the wrong key would be pressed. The theories I have are
> incorrect keyboard detection to CUDA translation problems.
>

>>> +[Q_KEY_CODE_SHIFT] = ADB_KEY_LEFT_SHIFT,
>>> +[Q_KEY_CODE_SHIFT_R]   = 123, /* ADB_KEY_RIGHT_SHIFT, */
>>
>> These should definitely be using some ADB_KEY_* constant on
>> the RHS, not a decimal constant.
>
> Ok. It would look something like this:
> [Q_KEY_CODE_SHIFT_R]   = ADB_KEY_LEFT,

I think we definitely need to figure out what is going on here.
Sending the key-left code for right-shift is definitely wrong.
(Presumably this also implies that the actual left-arrow key
is broken...)

Possibly relatedly, the Apple Extended Keyboard apparently won't send
the separate keycodes for right-shift, right-option, right-control
until the guest OS sends the keyboard a command to enable them.
(see
http://www.archive.org/stream/apple-guide-macintosh-family-hardware/Apple_Guide_to_the_Macintosh_Family_Hardware_2e#page/n347/mode/2up
page 309).

I suggest that for this patchset you leave the code so that
it continues to send the same ADB keycodes for these keys
that it has done before (whatever those are). Then once
we've got the conversion to using qcodes in we can look
at fixing this bug as a separate patch.

(Similarly, you might want to split out the code to support
the power key as a separate patch.)

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 4/4] hw/input/adb.c: implement QKeyCode support

[Peter Maydell]

On 12 March 2016 at 05:40, Programmingkid  wrote:
>
> On Mar 11, 2016, at 10:30 PM, Peter Maydell wrote:
>
>>
>>> +}
>>> +keycode = s->data[s->rptr];
>>> +if (++s->rptr == sizeof(s->data)) {
>>> +s->rptr = 0;
>>> }
>>> +s->count--;
>>> +
>>> +obuf[0] = keycode;
>>
>> You are still trying to put a two byte keycode (ADB_KEY_POWER)
>> into this one-byte array slot. I don't know what the right way to
>> send a two-byte keycode is but this is obviously not it, as
>> I said before.
>>
>>> +/* NOTE: could put a second keycode if needed */
>>> +obuf[1] = 0xff;
>>> +olen = 2;
>>> +
>>> return olen;
>>> }
>
> Is this ok?
>
> /* The power key is the only two byte value key, so it is a special case. 
> */
> if (keycode == (ADB_KEY_POWER & 0x00ff)) {
> obuf[0] = ADB_KEY_POWER & 0x00ff;
> obuf[1] = ADB_KEY_POWER & 0xff00 >> 8;
> olen = 2;
> } else {
> obuf[0] = keycode;
> /* NOTE: could put a second keycode if needed */
> obuf[1] = 0xff;
> olen = 2;
> }
>
> The keycode value comes from an 8 bit array so holding the
> full value of the power key is not possible.

Ah, I hadn't noticed that -- that is not a good approach.
You should either:
 (a) deal with the fact that ADB_KEY values may be 16 bits
all the way through (including having that array be uint16_t
rather than uint8_t)
 (b) have the power key be a completely special case which
is handled by
 if (qcode == Q_KEY_CODE_POWER) {
/* put power key into buffer */
[...]
 } else {
keycode = qcode_to_adb_keycode[...];
etc;
 }
and not put it into the array at all.

Also, you need to handle the power-key key-release
scancode; as far as I can tell (by looking for info via
google about the ADB protocol) power-key-down is
0x7f 0x7f, and power-key-up is 0xff 0xff. (This is
kind of weird and suggests we should just take option
(a) and special case the power key completely.)

thanks
-- PMM

Re: [Qemu-devel] [PATCH 3/5] ipmi: Add SMBIOS table entry

[Michael S. Tsirkin]

On Wed, Feb 24, 2016 at 12:59:14PM -0600, miny...@acm.org wrote:
> From: Corey Minyard 
> 
> Add an IPMI table entry to the SMBIOS.
> 
> Signed-off-by: Corey Minyard 
> Acked-by: Michael S. Tsirkin 
> ---
>  default-configs/i386-softmmu.mak   |  1 +
>  default-configs/x86_64-softmmu.mak |  1 +
>  hw/smbios/Makefile.objs|  2 +
>  hw/smbios/ipmi.c   | 76 
> ++
>  hw/smbios/noipmi.c | 14 +++
>  hw/smbios/smbios.c |  2 +
>  include/hw/smbios/ipmi.h   | 15 
>  7 files changed, 111 insertions(+)
>  create mode 100644 hw/smbios/ipmi.c
>  create mode 100644 hw/smbios/noipmi.c
>  create mode 100644 include/hw/smbios/ipmi.h
> 
> diff --git a/default-configs/i386-softmmu.mak 
> b/default-configs/i386-softmmu.mak
> index b177e52..c94431d 100644
> --- a/default-configs/i386-softmmu.mak
> +++ b/default-configs/i386-softmmu.mak
> @@ -20,6 +20,7 @@ CONFIG_I8254=y
>  CONFIG_PCSPK=y
>  CONFIG_PCKBD=y
>  CONFIG_FDC=y
> +CONFIG_SMBIOS=y
>  CONFIG_ACPI=y
>  CONFIG_ACPI_X86=y
>  CONFIG_ACPI_X86_ICH=y
> diff --git a/default-configs/x86_64-softmmu.mak 
> b/default-configs/x86_64-softmmu.mak
> index 6e3b312..256294d 100644
> --- a/default-configs/x86_64-softmmu.mak
> +++ b/default-configs/x86_64-softmmu.mak
> @@ -20,6 +20,7 @@ CONFIG_I8254=y
>  CONFIG_PCSPK=y
>  CONFIG_PCKBD=y
>  CONFIG_FDC=y
> +CONFIG_SMBIOS=y
>  CONFIG_ACPI=y
>  CONFIG_ACPI_X86=y
>  CONFIG_ACPI_X86_ICH=y
> diff --git a/hw/smbios/Makefile.objs b/hw/smbios/Makefile.objs
> index f69a92f..5578f51 100644
> --- a/hw/smbios/Makefile.objs
> +++ b/hw/smbios/Makefile.objs
> @@ -1 +1,3 @@
>  common-obj-$(CONFIG_SMBIOS) += smbios.o
> +common-obj-$(call land,$(CONFIG_SMBIOS),$(CONFIG_IPMI)) += ipmi.o
> +common-obj-$(call land,$(CONFIG_SMBIOS),$(call lnot,$(CONFIG_IPMI))) += 
> noipmi.o
> diff --git a/hw/smbios/ipmi.c b/hw/smbios/ipmi.c
> new file mode 100644
> index 000..3874431
> --- /dev/null
> +++ b/hw/smbios/ipmi.c
> @@ -0,0 +1,76 @@
> +/*
> + * IPMI SMBIOS firmware handling
> + *
> + * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "hw/ipmi/ipmi.h"
> +#include "hw/smbios/ipmi.h"
> +#include "hw/smbios/smbios.h"
> +#include "qemu/error-report.h"
> +#include "smbios_build.h"
> +
> +/* SMBIOS type 38 - IPMI */
> +struct smbios_type_38 {
> +struct smbios_structure_header header;
> +uint8_t interface_type;
> +uint8_t ipmi_spec_revision;
> +uint8_t i2c_slave_address;
> +uint8_t nv_storage_device_address;
> +uint64_t base_address;
> +uint8_t base_address_modifier;
> +uint8_t interrupt_number;
> +} QEMU_PACKED;
> +
> +static void ipmi_encode_one_smbios(IPMIFwInfo *info)
> +{
> +uint64_t baseaddr = info->base_address;
> +SMBIOS_BUILD_TABLE_PRE(38, 0x3000, true);
> +
> +t->interface_type = info->interface_type;
> +t->ipmi_spec_revision = ((info->ipmi_spec_major_revision << 4)
> + | info->ipmi_spec_minor_revision);
> +t->i2c_slave_address = info->i2c_slave_address;
> +t->nv_storage_device_address = 0;
> +
> +/* or 1 to set it to I/O space */
> +switch (info->memspace) {
> +case IPMI_MEMSPACE_IO: baseaddr |= 1; break;
> +case IPMI_MEMSPACE_MEM32: break;
> +case IPMI_MEMSPACE_MEM64: break;
> +case IPMI_MEMSPACE_SMBUS: baseaddr <<= 1; break;
> +}
> +
> +t->base_address = cpu_to_le64(baseaddr);
> +

trailing whitespace

> +t->base_address_modifier = 0;
> +if (info->irq_type == IPMI_LEVEL_IRQ) {
> +t->base_address_modifier |= 1;
> +}
> +switch (info->register_spacing) {
> +case 1: break;
> +case 4: t->base_address_modifier |= 1 << 6; break;
> +case 16: t->base_address_modifier |= 2 << 6; break;
> +default:
> +error_report("IPMI register spacing %d is not compatible with"
> + " SMBIOS, ignoring this entry.", 
> info->register_spacing);
> +return;
> +}
> +t->interrupt_number = info->interrupt_number;
> +
> +SMBIOS_BUILD_TABLE_POST;
> +}
> +
> +void smbios_build_type_38_table(void)
> +{
> +IPMIFwInfo *info = ipmi_first_fwinfo();
> +
> +while (info) {
> +ipmi_encode_one_smbios(info);
> +info = ipmi_next_fwinfo(info);
> +}
> +}
> diff --git a/hw/smbios/noipmi.c b/hw/smbios/noipmi.c
> new file mode 100644
> index 000..ad669a4
> --- /dev/null
> +++ b/hw/smbios/noipmi.c
> @@ -0,0 +1,14 @@
> +/*
> + * IPMI SMBIOS firmware handling
> + *
> + * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + */
> +
> +#include "hw/smbios/ipmi.h"
> +

Re: [Qemu-devel] [PATCH 2/5] pc: Postpone SMBIOS table installation to post machine init

[Michael S. Tsirkin]

On Wed, Feb 24, 2016 at 12:59:13PM -0600, miny...@acm.org wrote:
> From: Corey Minyard 
> 
> This is the same place that the ACPI SSDT table gets added, so that
> devices can add themselves to the SMBIOS table.
> 
> Signed-off-by: Corey Minyard 

This changes the order of fw cfg files, which
is guest visible.
Need to make it depend on either machine type
or the presence of ipmi somehow.

> ---
>  hw/i386/pc.c | 11 ++-
>  1 file changed, 6 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 0aeefd2..da8fc76 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -778,8 +778,6 @@ static FWCfgState *bochs_bios_init(AddressSpace *as)
>   acpi_tables, acpi_tables_len);
>  fw_cfg_add_i32(fw_cfg, FW_CFG_IRQ0_OVERRIDE, kvm_allows_irq0_override());
>  
> -pc_build_smbios(fw_cfg);
> -
>  fw_cfg_add_bytes(fw_cfg, FW_CFG_E820_TABLE,
>   _reserve, sizeof(e820_reserve));
>  fw_cfg_add_file(fw_cfg, "etc/e820", e820_table,
> @@ -1161,6 +1159,7 @@ void pc_machine_done(Notifier *notifier, void *data)
>  {
>  PCMachineState *pcms = container_of(notifier,
>  PCMachineState, machine_done);
> +FWCfgState *fw_cfg = pcms->fw_cfg;
>  PCIBus *bus = pcms->bus;
>  
>  if (bus) {
> @@ -1172,15 +1171,17 @@ void pc_machine_done(Notifier *notifier, void *data)
>  extra_hosts++;
>  }
>  }
> -if (extra_hosts && pcms->fw_cfg) {
> +if (extra_hosts && fw_cfg) {
>  uint64_t *val = g_malloc(sizeof(*val));
>  *val = cpu_to_le64(extra_hosts);
> -fw_cfg_add_file(pcms->fw_cfg,
> -"etc/extra-pci-roots", val, sizeof(*val));
> +fw_cfg_add_file(fw_cfg, "etc/extra-pci-roots", val, 
> sizeof(*val));
>  }
>  }
>  
>  acpi_setup();
> +if (fw_cfg) {
> +pc_build_smbios(fw_cfg);
> +}
>  }
>  
>  void pc_guest_info_init(PCMachineState *pcms)
> -- 
> 2.5.0

Re: [Qemu-devel] [V6 4/4] hw/pci-host: Emulate AMD IOMMU

[Michael S. Tsirkin]

On Sun, Mar 13, 2016 at 03:14:37AM +0300, David Kiarie wrote:
> On Fri, Mar 11, 2016 at 4:22 PM, Michael S. Tsirkin  wrote:
> > On Sun, Feb 21, 2016 at 09:11:00PM +0300, David Kiarie wrote:
> >> Add AMD IOMMU emulation support to q35 chipset
> >>
> >> Signed-off-by: David Kiarie 
> >> ---
> >>  hw/pci-host/piix.c|  1 +
> >>  hw/pci-host/q35.c | 14 --
> >>  include/hw/i386/intel_iommu.h |  1 +
> >>  3 files changed, 14 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
> >> index 41aa66f..ab2e24a 100644
> >> --- a/hw/pci-host/piix.c
> >> +++ b/hw/pci-host/piix.c
> >> @@ -36,6 +36,7 @@
> >>  #include "hw/i386/ioapic.h"
> >>  #include "qapi/visitor.h"
> >>  #include "qemu/error-report.h"
> >> +#include "hw/i386/amd_iommu.h"
> >>
> >>  /*
> >>   * I440FX chipset data sheet.
> >
> > Why is this needed?
> >
> >> diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
> >> index 115fb8c..355fb32 100644
> >> --- a/hw/pci-host/q35.c
> >> +++ b/hw/pci-host/q35.c
> >> @@ -31,6 +31,7 @@
> >>  #include "hw/hw.h"
> >>  #include "hw/pci-host/q35.h"
> >>  #include "qapi/visitor.h"
> >> +#include "hw/i386/amd_iommu.h"
> >>
> >>  
> >> /
> >>   * Q35 host
> >> @@ -505,9 +506,18 @@ static void mch_realize(PCIDevice *d, Error **errp)
> >>   mch->pci_address_space, >pam_regions[i+1],
> >>   PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE);
> >>  }
> >> -/* Intel IOMMU (VT-d) */
> >> -if (object_property_get_bool(qdev_get_machine(), "iommu", NULL)) {
> >> +
> >> +if (g_strcmp0(MACHINE(qdev_get_machine())->iommu, INTEL_IOMMU_STR) == 
> >> 0) {
> >> +/* Intel IOMMU (VT-d) */
> >>  mch_init_dmar(mch);
> >> +} else if (g_strcmp0(MACHINE(qdev_get_machine())->iommu, 
> >> AMD_IOMMU_STR)
> >> +   == 0) {
> >> +AMDIOMMUState *iommu_state;
> >> +PCIDevice *iommu;
> >> +PCIBus *bus = PCI_BUS(qdev_get_parent_bus(DEVICE(mch)));
> >> +iommu = pci_create_simple(bus, 0x20, TYPE_AMD_IOMMU_DEVICE);
> >
> > address can be set through a property.
> 
> I missed something here, what is the problem ?Is it the hardcoded address ?

As long as you use pci_create_simple, it's not a problem.
If eventually we manage to switch to using -device,
it'll be useful that by setting address property
machine can influence address for the device.


> >
> >> +iommu_state = AMD_IOMMU_DEVICE(iommu);
> >> +pci_setup_iommu(bus, bridge_host_amd_iommu, iommu_state);
> >
> >
> > It would be better to move this chunk to a separate function.
> >
> >>  }
> >>  }
> >>
> >> diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
> >> index b024ffa..539530c 100644
> >> --- a/include/hw/i386/intel_iommu.h
> >> +++ b/include/hw/i386/intel_iommu.h
> >> @@ -27,6 +27,7 @@
> >>  #define TYPE_INTEL_IOMMU_DEVICE "intel-iommu"
> >>  #define INTEL_IOMMU_DEVICE(obj) \
> >>   OBJECT_CHECK(IntelIOMMUState, (obj), TYPE_INTEL_IOMMU_DEVICE)
> >> +#define INTEL_IOMMU_STR "intel"
> >>
> >>  /* DMAR Hardware Unit Definition address (IOMMU unit) */
> >>  #define Q35_HOST_BRIDGE_IOMMU_ADDR  0xfed9ULL
> >> --
> >> 2.1.4

Re: [Qemu-devel] [RFC] [tcg] Idea on refactoring target code generation loop (gen_intermediate_code)

[Lluís Vilanova]

Peter Maydell writes:

> On 10 March 2016 at 05:29, Lluís Vilanova  wrote:
>> Richard Henderson writes:
>>> Alternately... can we broach the subject of C++?  Honestly, it
>>> seems we work too hard sometimes to re-implement templates and
>>> classes in C.
>> 
>> Whooo, I'd really *love* to switch to C++ just for templates and
>> classes... But last time this was discussed, the idea wasn't met
>> with much joy :)

> I would be more interested in a proposal to move parts of QEMU
> to Rust, or just about anything else except C++...

QEMU is pretty low-level, so I'm not sure other languages will fit the bill as
good, and for the parts relevant to QEMU you have just as much control of
low-level details as with C (having a very close syntax also helps
transition).

But I'm curious, what'd be the advantage of rust? Cross-language bindings are
usually expensive, and require some duplication for defining structures across
them (maybe it's not the case for rust).


Lluis

[Qemu-devel] [PATCH] hw/acpi: fix GSI links UID

[Marcel Apfelbaum]

According to the ACPI spec, each UID must be unique.
Use the irq number as UID for GSI links.

Suggested-by: Michael S. Tsirkin 
Signed-off-by: Marcel Apfelbaum 
---

Hi,

This patch was tested with Windows XP/2003/2012R2/7/10 and Fedora.

Thanks,
Marcel

 hw/i386/acpi-build.c | 20 
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index adbf354..83e031d 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1748,18 +1748,14 @@ static void build_q35_pci0_int(Aml *table)
 aml_append(sb_scope, build_link_dev("LNKG", 6, aml_name("PRQG")));
 aml_append(sb_scope, build_link_dev("LNKH", 7, aml_name("PRQH")));
 
-/*
- * TODO: UID probably shouldn't be the same for GSIx devices
- * but that's how it was in original ASL so keep it for now
- */
-aml_append(sb_scope, build_gsi_link_dev("GSIA", 0, 0x10));
-aml_append(sb_scope, build_gsi_link_dev("GSIB", 0, 0x11));
-aml_append(sb_scope, build_gsi_link_dev("GSIC", 0, 0x12));
-aml_append(sb_scope, build_gsi_link_dev("GSID", 0, 0x13));
-aml_append(sb_scope, build_gsi_link_dev("GSIE", 0, 0x14));
-aml_append(sb_scope, build_gsi_link_dev("GSIF", 0, 0x15));
-aml_append(sb_scope, build_gsi_link_dev("GSIG", 0, 0x16));
-aml_append(sb_scope, build_gsi_link_dev("GSIH", 0, 0x17));
+aml_append(sb_scope, build_gsi_link_dev("GSIA", 0x10, 0x10));
+aml_append(sb_scope, build_gsi_link_dev("GSIB", 0x11, 0x11));
+aml_append(sb_scope, build_gsi_link_dev("GSIC", 0x12, 0x12));
+aml_append(sb_scope, build_gsi_link_dev("GSID", 0x13, 0x13));
+aml_append(sb_scope, build_gsi_link_dev("GSIE", 0x14, 0x14));
+aml_append(sb_scope, build_gsi_link_dev("GSIF", 0x15, 0x15));
+aml_append(sb_scope, build_gsi_link_dev("GSIG", 0x16, 0x16));
+aml_append(sb_scope, build_gsi_link_dev("GSIH", 0x17, 0x17));
 
 aml_append(table, sb_scope);
 }
-- 
2.4.3

Re: [Qemu-devel] [PATCH 1/1] Converted malloc calls to g_malloc and g_new

[Alex Bennée]

Mriyam Tamuli  writes:

> Thanks a lot for the feedback. I will do as you suggested. I have two more
> questions, though -
>
> 1. So after a patch is submitted, there will be a review in sometime by
> someone? Is that how I will come to know if my changes are correct?

To answer the first part first. You are responsible for testing your
changes. For simple things like this a compile check is usually enough
(although make check is good practice).

For more involved changes you should either ensure the code is exercised
by the unit test code or manually devise a test that exercises the code
paths you have just changed. For some more involved things this can be
quite hard to do - it is not unknown to add printfs as a temporary patch
to check something gets exercised while booting a kernel and then
removing the printfs for the submission ;-)

> 2. If I split the patch into smaller parts and send to qemu-trivial, do I
> need to cc qemu-devel?

Generally yes. qemu-devel is the master development mailing list. Other
lists like qemu-trivial and qemu-$ARCH are convenience lists that help
with sorting patches out for reviewers.

>
> Warm regards,
> Mriyam
>
> On Sat 12 Mar, 2016 10:50 pm Stefan Weil,  wrote:
>
>> Am 12.03.2016 um 12:51 schrieb Mriyam Tamuli:
>> > Signed-off-by: Mriyam Tamuli 
>> > ---
>> >  block/iscsi.c  |  2 +-
>> >  bsd-user/elfload.c | 12 ++--
>> >  bsd-user/qemu.h|  2 +-
>> >  configure  |  4 ++--
>> >  disas/ia64.c   |  2 +-
>> >  5 files changed, 11 insertions(+), 11 deletions(-)
>> >
>> > diff --git a/block/iscsi.c b/block/iscsi.c
>> > index 128ea79..2d6e5b4 100644
>> > --- a/block/iscsi.c
>> > +++ b/block/iscsi.c
>> > @@ -840,7 +840,7 @@ static BlockAIOCB *iscsi_aio_ioctl(BlockDriverState
>> *bs,
>> >  return >common;
>> >  }
>> >
>> > -acb->task = malloc(sizeof(struct scsi_task));
>> > +acb->task = g_malloc(sizeof(struct scsi_task));
>>
>> I suggest using g_new(struct scsi_task, 1) here.
>> The following NULL check should be removed as it is not needed with
>> g_malloc / g_new.
>>
>> >  if (acb->task == NULL) {
>> >  error_report("iSCSI: Failed to allocate task for scsi command.
>> %s",
>> >   iscsi_get_error(iscsi));
>> > diff --git a/bsd-user/elfload.c b/bsd-user/elfload.c
>> > index 0a6092b..74d7c79 100644
>> > --- a/bsd-user/elfload.c
>> > +++ b/bsd-user/elfload.c
>> > @@ -868,7 +868,7 @@ static abi_ulong load_elf_interp(struct elfhdr *
>> interp_elf_ex,
>> >  return ~(abi_ulong)0UL;
>> >
>> >  elf_phdata =  (struct elf_phdr *)
>> > -malloc(sizeof(struct elf_phdr) *
>> interp_elf_ex->e_phnum);
>> > +g_malloc(sizeof(struct elf_phdr) *
>> interp_elf_ex->e_phnum);
>>
>> Use g_new and remove type cast and following NULL check.
>>
>> >
>> >  if (!elf_phdata)
>> >return ~((abi_ulong)0UL);
>> > @@ -1064,13 +1064,13 @@ static void load_symbols(struct elfhdr *hdr, int
>> fd)
>> >
>> >   found:
>> >  /* Now know where the strtab and symtab are.  Snarf them. */
>> > -s = malloc(sizeof(*s));
>> > -syms = malloc(symtab.sh_size);
>> > +s = g_malloc(sizeof(*s));
>> Maybe g_new here.
>> > +syms = g_malloc(symtab.sh_size);
>>
>> No NULL check needed.
>>
>> >  if (!syms) {
>> >  free(s);
>> >  return;
>> >  }
>> > -s->disas_strtab = strings = malloc(strtab.sh_size);
>> > +s->disas_strtab = strings = g_malloc(strtab.sh_size);
>>
>> No NULL check needed.
>>
>> >  if (!s->disas_strtab) {
>> >  free(s);
>> >  free(syms);
>> > @@ -1191,7 +1191,7 @@ int load_elf_binary(struct linux_binprm * bprm,
>> struct target_pt_regs * regs,
>> >  }
>> >
>> >  /* Now read in all of the header information */
>> > -elf_phdata = (struct elf_phdr
>> *)malloc(elf_ex.e_phentsize*elf_ex.e_phnum);
>> > +elf_phdata = g_new(elf_ex.e_phentsize * elf_ex.e_phnum);
>>
>> g_new(elf_ex.e_phentsize, elf_ex.e_phnum)
>>
>> No NULL check needed.
>>
>> >  if (elf_phdata == NULL) {
>> >  return -ENOMEM;
>> >  }
>> > @@ -1244,7 +1244,7 @@ int load_elf_binary(struct linux_binprm * bprm,
>> struct target_pt_regs * regs,
>> >   * is an a.out format binary
>> >   */
>> >
>> > -elf_interpreter = (char *)malloc(elf_ppnt->p_filesz);
>> > +elf_interpreter = g_new(elf_ppnt->p_filesz);
>>
>> Wrong number of parameters.
>>
>> No NULL check needed.
>>
>> >
>> >  if (elf_interpreter == NULL) {
>> >  free (elf_phdata);
>> > diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
>> > index 03b502a..ada4360 100644
>> > --- a/bsd-user/qemu.h
>> > +++ b/bsd-user/qemu.h
>> > @@ -357,7 +357,7 @@ static inline void *lock_user(int type, abi_ulong
>> guest_addr, long len, int copy
>> >  #ifdef DEBUG_REMAP
>> >  {
>> >  void *addr;
>> > -addr = malloc(len);
>> > +

Re: [Qemu-devel] [PATCH 1/1] Converted malloc calls to g_malloc and g_new

[Alex Bennée]

Mriyam Tamuli  writes:

> Can anyone please comment on this? Am I doing anything wrong here?

It's best to wait a few days. Most QEMU hackers work 9-5 jobs so
activity on the mailing list is fairly light over the weekend.

>
> On Sat, Mar 12, 2016 at 5:22 PM Mriyam Tamuli  wrote:
>>
>> Signed-off-by: Mriyam Tamuli 
>> ---
>>  block/iscsi.c  |  2 +-
>>  bsd-user/elfload.c | 12 ++--
>>  bsd-user/qemu.h|  2 +-
>>  configure  |  4 ++--
>>  disas/ia64.c   |  2 +-
>>  5 files changed, 11 insertions(+), 11 deletions(-)
>>
>> diff --git a/block/iscsi.c b/block/iscsi.c
>> index 128ea79..2d6e5b4 100644
>> --- a/block/iscsi.c
>> +++ b/block/iscsi.c
>> @@ -840,7 +840,7 @@ static BlockAIOCB *iscsi_aio_ioctl(BlockDriverState *bs,
>>  return >common;
>>  }
>>
>> -acb->task = malloc(sizeof(struct scsi_task));
>> +acb->task = g_malloc(sizeof(struct scsi_task));
>>  if (acb->task == NULL) {
>>  error_report("iSCSI: Failed to allocate task for scsi command. %s",
>>   iscsi_get_error(iscsi));
>> diff --git a/bsd-user/elfload.c b/bsd-user/elfload.c
>> index 0a6092b..74d7c79 100644
>> --- a/bsd-user/elfload.c
>> +++ b/bsd-user/elfload.c
>> @@ -868,7 +868,7 @@ static abi_ulong load_elf_interp(struct elfhdr * 
>> interp_elf_ex,
>>  return ~(abi_ulong)0UL;
>>
>>  elf_phdata =  (struct elf_phdr *)
>> -malloc(sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
>> +g_malloc(sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
>>
>>  if (!elf_phdata)
>>return ~((abi_ulong)0UL);
>> @@ -1064,13 +1064,13 @@ static void load_symbols(struct elfhdr *hdr, int fd)
>>
>>   found:
>>  /* Now know where the strtab and symtab are.  Snarf them. */
>> -s = malloc(sizeof(*s));
>> -syms = malloc(symtab.sh_size);
>> +s = g_malloc(sizeof(*s));
>> +syms = g_malloc(symtab.sh_size);
>>  if (!syms) {
>>  free(s);
>>  return;
>>  }
>> -s->disas_strtab = strings = malloc(strtab.sh_size);
>> +s->disas_strtab = strings = g_malloc(strtab.sh_size);
>>  if (!s->disas_strtab) {
>>  free(s);
>>  free(syms);
>> @@ -1191,7 +1191,7 @@ int load_elf_binary(struct linux_binprm * bprm, struct 
>> target_pt_regs * regs,
>>  }
>>
>>  /* Now read in all of the header information */
>> -elf_phdata = (struct elf_phdr 
>> *)malloc(elf_ex.e_phentsize*elf_ex.e_phnum);
>> +elf_phdata = g_new(elf_ex.e_phentsize * elf_ex.e_phnum);
>>  if (elf_phdata == NULL) {
>>  return -ENOMEM;
>>  }
>> @@ -1244,7 +1244,7 @@ int load_elf_binary(struct linux_binprm * bprm, struct 
>> target_pt_regs * regs,
>>   * is an a.out format binary
>>   */
>>
>> -elf_interpreter = (char *)malloc(elf_ppnt->p_filesz);
>> +elf_interpreter = g_new(elf_ppnt->p_filesz);
>>
>>  if (elf_interpreter == NULL) {
>>  free (elf_phdata);
>> diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
>> index 03b502a..ada4360 100644
>> --- a/bsd-user/qemu.h
>> +++ b/bsd-user/qemu.h
>> @@ -357,7 +357,7 @@ static inline void *lock_user(int type, abi_ulong 
>> guest_addr, long len, int copy
>>  #ifdef DEBUG_REMAP
>>  {
>>  void *addr;
>> -addr = malloc(len);
>> +addr = g_malloc(len);
>>  if (copy)
>>  memcpy(addr, g2h(guest_addr), len);
>>  else
>> diff --git a/configure b/configure
>> index 2b32876..5df672b 100755
>> --- a/configure
>> +++ b/configure
>> @@ -3512,7 +3512,7 @@ fi
>>  if test "$tcmalloc" = "yes" ; then
>>cat > $TMPC << EOF
>>  #include 
>> -int main(void) { malloc(1); return 0; }
>> +int main(void) { g_malloc(1); return 0; }
>>  EOF
>>
>>if compile_prog "" "-ltcmalloc" ; then
>> @@ -3528,7 +3528,7 @@ fi
>>  if test "$jemalloc" = "yes" ; then
>>cat > $TMPC << EOF
>>  #include 
>> -int main(void) { malloc(1); return 0; }
>> +int main(void) { g_malloc(1); return 0; }
>>  EOF
>>
>>if compile_prog "" "-ljemalloc" ; then
>> diff --git a/disas/ia64.c b/disas/ia64.c
>> index 140754c..b0733ed 100644
>> --- a/disas/ia64.c
>> +++ b/disas/ia64.c
>> @@ -10268,7 +10268,7 @@ static struct ia64_opcode *
>>  make_ia64_opcode (ia64_insn opcode, const char *name, int place, int depind)
>>  {
>>struct ia64_opcode *res =
>> -(struct ia64_opcode *) malloc (sizeof (struct ia64_opcode));
>> +g_new(sizeof(struct ia64_opcode));
>>res->name = strdup (name);
>>res->type = main_table[place].opcode_type;
>>res->num_outputs = main_table[place].num_outputs;
>> --
>> 2.5.0
>>


--
Alex Bennée

Re: [Qemu-devel] [PATCH 1/1] Converted malloc calls to g_malloc and g_new

[Alex Bennée]

Mriyam Tamuli  writes:

> Signed-off-by: Mriyam Tamuli 

While this is a good change you still need to ensure any corresponding
free's are converted to g_free (and g_delete for g_new).

> ---
>  block/iscsi.c  |  2 +-
>  bsd-user/elfload.c | 12 ++--
>  bsd-user/qemu.h|  2 +-
>  configure  |  4 ++--
>  disas/ia64.c   |  2 +-
>  5 files changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/block/iscsi.c b/block/iscsi.c
> index 128ea79..2d6e5b4 100644
> --- a/block/iscsi.c
> +++ b/block/iscsi.c
> @@ -840,7 +840,7 @@ static BlockAIOCB *iscsi_aio_ioctl(BlockDriverState *bs,
>  return >common;
>  }
>
> -acb->task = malloc(sizeof(struct scsi_task));
> +acb->task = g_malloc(sizeof(struct scsi_task));
>  if (acb->task == NULL) {

g_malloc can't fail so the error leg can be removed.

>  error_report("iSCSI: Failed to allocate task for scsi command. %s",
>   iscsi_get_error(iscsi));
> diff --git a/bsd-user/elfload.c b/bsd-user/elfload.c
> index 0a6092b..74d7c79 100644
> --- a/bsd-user/elfload.c
> +++ b/bsd-user/elfload.c
> @@ -868,7 +868,7 @@ static abi_ulong load_elf_interp(struct elfhdr * 
> interp_elf_ex,
>  return ~(abi_ulong)0UL;
>
>  elf_phdata =  (struct elf_phdr *)
> -malloc(sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
> +g_malloc(sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
>
>  if (!elf_phdata)
>return ~((abi_ulong)0UL);

Again error checking becomes redundant.

> @@ -1064,13 +1064,13 @@ static void load_symbols(struct elfhdr *hdr, int fd)
>
>   found:
>  /* Now know where the strtab and symtab are.  Snarf them. */
> -s = malloc(sizeof(*s));
> -syms = malloc(symtab.sh_size);
> +s = g_malloc(sizeof(*s));
> +syms = g_malloc(symtab.sh_size);
>  if (!syms) {
>  free(s);
>  return;
>  }

And here.

> -s->disas_strtab = strings = malloc(strtab.sh_size);
> +s->disas_strtab = strings = g_malloc(strtab.sh_size);
>  if (!s->disas_strtab) {
>  free(s);
>  free(syms);

And here

> @@ -1191,7 +1191,7 @@ int load_elf_binary(struct linux_binprm * bprm, struct 
> target_pt_regs * regs,
>  }
>
>  /* Now read in all of the header information */
> -elf_phdata = (struct elf_phdr 
> *)malloc(elf_ex.e_phentsize*elf_ex.e_phnum);
> +elf_phdata = g_new(elf_ex.e_phentsize * elf_ex.e_phnum);
>  if (elf_phdata == NULL) {
>  return -ENOMEM;
>  }
> @@ -1244,7 +1244,7 @@ int load_elf_binary(struct linux_binprm * bprm, struct 
> target_pt_regs * regs,
>   * is an a.out format binary
>   */
>
> -elf_interpreter = (char *)malloc(elf_ppnt->p_filesz);
> +elf_interpreter = g_new(elf_ppnt->p_filesz);
>
>  if (elf_interpreter == NULL) {

And here.

>  free (elf_phdata);
> diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
> index 03b502a..ada4360 100644
> --- a/bsd-user/qemu.h
> +++ b/bsd-user/qemu.h
> @@ -357,7 +357,7 @@ static inline void *lock_user(int type, abi_ulong 
> guest_addr, long len, int copy
>  #ifdef DEBUG_REMAP
>  {
>  void *addr;
> -addr = malloc(len);
> +addr = g_malloc(len);
>  if (copy)
>  memcpy(addr, g2h(guest_addr), len);
>  else
> diff --git a/configure b/configure
> index 2b32876..5df672b 100755
> --- a/configure
> +++ b/configure
> @@ -3512,7 +3512,7 @@ fi
>  if test "$tcmalloc" = "yes" ; then
>cat > $TMPC << EOF
>  #include 
> -int main(void) { malloc(1); return 0; }
> +int main(void) { g_malloc(1); return 0; }

I wouldn't touch the configure cases. There are used for probing the
library support and in this case I don't see how it woould work
considering only stdlib.h was included.

>  EOF
>
>if compile_prog "" "-ltcmalloc" ; then
> @@ -3528,7 +3528,7 @@ fi
>  if test "$jemalloc" = "yes" ; then
>cat > $TMPC << EOF
>  #include 
> -int main(void) { malloc(1); return 0; }
> +int main(void) { g_malloc(1); return 0; }
>  EOF
>
>if compile_prog "" "-ljemalloc" ; then
> diff --git a/disas/ia64.c b/disas/ia64.c
> index 140754c..b0733ed 100644
> --- a/disas/ia64.c
> +++ b/disas/ia64.c
> @@ -10268,7 +10268,7 @@ static struct ia64_opcode *
>  make_ia64_opcode (ia64_insn opcode, const char *name, int place, int depind)
>  {
>struct ia64_opcode *res =
> -(struct ia64_opcode *) malloc (sizeof (struct ia64_opcode));
> +g_new(sizeof(struct ia64_opcode));
>res->name = strdup (name);
>res->type = main_table[place].opcode_type;
>res->num_outputs = main_table[place].num_outputs;


--
Alex Bennée

Re: [Qemu-devel] Regarding TB retranslation code.

[Alex Bennée]

Venkatesh N  writes:

> This is regarding  TB retranslation code.
>
> [Qemu-devel] [RFC 00/20] Do away with TB retranslation, Richard Henderson <=
>
> Though i understood the code to avoid the retranslation, i could not
> get picture on how "host" or backend registers are ensured to have the
> older contents when the guest PC is restored from
> "cpu_restore_state_from_tb"
>
> For e.g, lets take these two Guest Instruction.
>
> Instruction 1.  Mov r1, [r2];
> Instruction 2.  mov [r1], r3 < faulted instruction
>
> In the above example if r1 is stored in x86 register EAX of the Host
> and r3 is stored in EBX of the host.

The key thing to realise is the guests register state is not set until
the host temporary registers are stored back to the memory representing
the guest register state.

This does mean the TCG has to ensure the values of guest registers are
written back to memory before another potentially faulting instruction
can occur. While there are mechanisms we could use to track where the
current value of a guest register is currently held we don't do this
currently.

>
> the return from fault ensures that guest PC [EIP ] is recovered. But,
> How does tcg ensures that execution of TB from the restored PC ensures
> that HOST registers contents  have instruction 1 context also.
>
> Can somebody please share how this is done are there any assumption
> when inserting TCG-Opcode INDEX_op_insn_start is done.


--
Alex Bennée