Re: [Qemu-devel] [PATCH v11 04/28] x86-iommu: q35: generalize find_add_as()

[David Kiarie]

On Mon, Jul 11, 2016 at 8:32 AM, Peter Xu  wrote:
> On Sat, Jul 09, 2016 at 10:14:48AM +0200, Jan Kiszka wrote:
>> On 2016-07-05 10:19, Peter Xu wrote:
>> > Remove VT-d calls in common q35 codes. Instead, we provide a general
>> > find_add_as() for x86-iommu type.
>> >
>> > Signed-off-by: Peter Xu 
>> > ---
>> >  hw/i386/intel_iommu.c | 15 ---
>> >  include/hw/i386/intel_iommu.h |  5 -
>> >  include/hw/i386/x86-iommu.h   |  3 +++
>> >  3 files changed, 11 insertions(+), 12 deletions(-)
>>
>> You claim to remove something from "common q35 code", but I don't see
>> changes to it. Instead, the patch introduces a method that seems to
>> remain unused outside the implementing class (I just grep'ed your tree).
>> Anything missing?
>
> Right. The commit message lost its point after I did the rebase to
> Marcel's "-device intel_iommu" patches... Thanks for pointing it out.

I think Jan is mainly asking about where the method 'find_add_as()' is
being used. Unless I'm too missing something It doesn't seem to be
used anywhere outside the implementing class.

>
> Before the rebase, there is one q35_host_dma_iommu() in pc_q35.c, and
> originally this patch did remove something from q35. While in Marcel's
> commit (621d983a1f), q35_host_dma_iommu() is renamed to
> vtd_host_dma_iommu(), and it's put inside intel_iommu.c. After that,
> this commit message stopped making sense.
>
> So I think at least the commit message of this patch could be fixed
> into something like:
>
>"Introduce common find_add_as() interface for x86-iommu."
>
> And if I now see this... A better solution is to provide a more common
> interface directly in x86-iommu.c to find address spaces, and let
> Intel/AMD IOMMUs share this functionality. After all, we are doing
> merely the same thing to maintain namespaces in both Intel/AMD IOMMUs
> (vtd_find_add_as() and bridge_host_amdvi()). So, do you (and mst?)
> think I should respin to a v12, or we can first fix commit message of
> this patch, then I post another patch basd on this series for a better
> cleanup?
>
> Thanks,
>
> -- peterx

Re: [Qemu-devel] [RFC PATCH V5 2/4] colo-compare: track connection and enqueue packet

[Jason Wang]

On 2016年07月08日 17:56, Zhang Chen wrote:



On 07/08/2016 12:07 PM, Jason Wang wrote:



On 2016年06月23日 19:34, Zhang Chen wrote:

In this patch we use kernel jhash table to track
connection, and then enqueue net packet like this:

+ CompareState ++
|   |
+---+   +---+ +---+
|conn list  +--->conn +->conn   |
+---+   +---+ +---+
|   | |   | |  |
+---+ +---v+  +---v++---v+ +---v+
   |primary |  |secondary|primary | |secondary
   |packet  |  |packet  +|packet  | |packet +
   ++  ++++ ++
   |   | |  |
   +---v+  +---v++---v+ +---v+
   |primary |  |secondary|primary | |secondary
   |packet  |  |packet  +|packet  | |packet +
   ++  ++++ ++
   |   | |  |
   +---v+  +---v++---v+ +---v+
   |primary |  |secondary|primary | |secondary
   |packet  |  |packet  +|packet  | |packet +
   ++  ++++ ++


A paragraph to describe the above would be more than welcomed.


I will add some comments for it.




Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
  include/qemu/jhash.h |  61 
  net/Makefile.objs|   1 +
  net/colo-base.c  | 194 
+++

  net/colo-base.h  |  88 +++
  net/colo-compare.c   | 138 +++-
  trace-events |   3 +
  6 files changed, 483 insertions(+), 2 deletions(-)
  create mode 100644 include/qemu/jhash.h
  create mode 100644 net/colo-base.c
  create mode 100644 net/colo-base.h

diff --git a/include/qemu/jhash.h b/include/qemu/jhash.h
new file mode 100644
index 000..0fcd875
--- /dev/null
+++ b/include/qemu/jhash.h
@@ -0,0 +1,61 @@
+/* jhash.h: Jenkins hash support.
+  *
+  * Copyright (C) 2006. Bob Jenkins (bob_jenk...@burtleburtle.net)
+  *
+  * http://burtleburtle.net/bob/hash/
+  *
+  * These are the credits from Bob's sources:
+  *
+  * lookup3.c, by Bob Jenkins, May 2006, Public Domain.
+  *
+  * These are functions for producing 32-bit hashes for hash table 
lookup.
+  * hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and 
final()

+  * are externally useful functions.  Routines to test the hash are
+included
+  * if SELF_TEST is defined.  You can use this free for any purpose.
+It's in
+  * the public domain.  It has no warranty.
+  *
+  * Copyright (C) 2009-2010 Jozsef Kadlecsik 
(kad...@blackhole.kfki.hu)

+  *
+  * I've modified Bob's hash to be useful in the Linux kernel, and
+  * any bugs present are my fault.
+  * Jozsef
+  */
+
+#ifndef QEMU_JHASH_H__
+#define QEMU_JHASH_H__
+
+#include "qemu/bitops.h"
+
+/*
+ * hashtable relation copy from linux kernel jhash
+ */
+
+/* __jhash_mix -- mix 3 32-bit values reversibly. */
+#define __jhash_mix(a, b, c)\
+{   \
+a -= c;  a ^= rol32(c, 4);  c += b; \
+b -= a;  b ^= rol32(a, 6);  a += c; \
+c -= b;  c ^= rol32(b, 8);  b += a; \
+a -= c;  a ^= rol32(c, 16); c += b; \
+b -= a;  b ^= rol32(a, 19); a += c; \
+c -= b;  c ^= rol32(b, 4);  b += a; \
+}
+
+/* __jhash_final - final mixing of 3 32-bit values (a,b,c) into c */
+#define __jhash_final(a, b, c)  \
+{   \
+c ^= b; c -= rol32(b, 14);  \
+a ^= c; a -= rol32(c, 11);  \
+b ^= a; b -= rol32(a, 25);  \
+c ^= b; c -= rol32(b, 16);  \
+a ^= c; a -= rol32(c, 4);   \
+b ^= a; b -= rol32(a, 14);  \
+c ^= b; c -= rol32(b, 24);  \
+}
+
+/* An arbitrary initial parameter */
+#define JHASH_INITVAL   0xdeadbeef
+
+#endif /* QEMU_JHASH_H__ */


Please split jhash into another patch.


Split to a independent patch in this patch set or not?


Better this series since it was the first user.







diff --git a/net/Makefile.objs b/net/Makefile.objs
index ba92f73..119589f 100644
--- a/net/Makefile.objs
+++ b/net/Makefile.objs
@@ -17,3 +17,4 @@ common-obj-y += filter.o
  common-obj-y += filter-buffer.o
  common-obj-y += filter-mirror.o
  common-obj-y += colo-compare.o
+common-obj-y += colo-base.o
diff --git a/net/colo-base.c b/net/colo-base.c
new file mode 100644
index 000..7e263e8
--- /dev/null
+++ b/net/colo-base.c
@@ -0,0 +1,194 @@
+/*
+ * COarse-grain LOck-stepping Virtual Machines for Non-stop Service 
(COLO)

+ * (a.k.a. Fault Tolerance or Continuous Replication)
+ *
+ * 

Re: [Qemu-devel] [PATCH v11 04/28] x86-iommu: q35: generalize find_add_as()

[Peter Xu]

On Sat, Jul 09, 2016 at 10:14:48AM +0200, Jan Kiszka wrote:
> On 2016-07-05 10:19, Peter Xu wrote:
> > Remove VT-d calls in common q35 codes. Instead, we provide a general
> > find_add_as() for x86-iommu type.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  hw/i386/intel_iommu.c | 15 ---
> >  include/hw/i386/intel_iommu.h |  5 -
> >  include/hw/i386/x86-iommu.h   |  3 +++
> >  3 files changed, 11 insertions(+), 12 deletions(-)
> 
> You claim to remove something from "common q35 code", but I don't see
> changes to it. Instead, the patch introduces a method that seems to
> remain unused outside the implementing class (I just grep'ed your tree).
> Anything missing?

Right. The commit message lost its point after I did the rebase to
Marcel's "-device intel_iommu" patches... Thanks for pointing it out.

Before the rebase, there is one q35_host_dma_iommu() in pc_q35.c, and
originally this patch did remove something from q35. While in Marcel's
commit (621d983a1f), q35_host_dma_iommu() is renamed to
vtd_host_dma_iommu(), and it's put inside intel_iommu.c. After that,
this commit message stopped making sense.

So I think at least the commit message of this patch could be fixed
into something like:

   "Introduce common find_add_as() interface for x86-iommu."

And if I now see this... A better solution is to provide a more common
interface directly in x86-iommu.c to find address spaces, and let
Intel/AMD IOMMUs share this functionality. After all, we are doing
merely the same thing to maintain namespaces in both Intel/AMD IOMMUs
(vtd_find_add_as() and bridge_host_amdvi()). So, do you (and mst?)
think I should respin to a v12, or we can first fix commit message of
this patch, then I post another patch basd on this series for a better
cleanup?

Thanks,

-- peterx

Re: [Qemu-devel] [RFC PATCH V5 1/4] colo-compare: introduce colo compare initialization

[Zhang Chen]

On 07/08/2016 05:12 PM, Jason Wang wrote:



On 2016年07月08日 16:21, Zhang Chen wrote:



On 07/08/2016 11:40 AM, Jason Wang wrote:



On 2016年06月23日 19:34, Zhang Chen wrote:

Packets coming from the primary char indev will be sent to outdev
Packets coming from the secondary char dev will be dropped

usage:

primary:
-netdev 
tap,id=hn0,vhost=off,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown

-device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66
-chardev socket,id=mirror0,host=3.3.3.3,port=9003,server,nowait
-chardev socket,id=compare1,host=3.3.3.3,port=9004,server,nowait
-chardev socket,id=compare0,host=3.3.3.3,port=9001,server,nowait
-chardev socket,id=compare0-0,host=3.3.3.3,port=9001
-chardev socket,id=compare_out,host=3.3.3.3,port=9005,server,nowait
-chardev socket,id=compare_out0,host=3.3.3.3,port=9005
-object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0
-object 
filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out
-object 
filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0
-object 
colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0


secondary:
-netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,down 
script=/etc/qemu-ifdown

-device e1000,netdev=hn0,mac=52:a4:00:12:78:66
-chardev socket,id=red0,host=3.3.3.3,port=9003
-chardev socket,id=red1,host=3.3.3.3,port=9004
-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1


Consider we finally want a non-rfc patch, it's better to have a some 
explanations on the above configurations since it was not easy to 
for starters at first glance.Maybe you can use either a ascii figure 
or a paragraph. Also need to explain the parameter of colo-compare 
in detail.


Make sense,I will add a ascii figure and some comments to explain it.





Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
  net/Makefile.objs  |   1 +
  net/colo-compare.c | 231 
+

  qemu-options.hx|  34 
  vl.c   |   3 +-
  4 files changed, 268 insertions(+), 1 deletion(-)
  create mode 100644 net/colo-compare.c

diff --git a/net/Makefile.objs b/net/Makefile.objs
index b7c22fd..ba92f73 100644
--- a/net/Makefile.objs
+++ b/net/Makefile.objs
@@ -16,3 +16,4 @@ common-obj-$(CONFIG_NETMAP) += netmap.o
  common-obj-y += filter.o
  common-obj-y += filter-buffer.o
  common-obj-y += filter-mirror.o
+common-obj-y += colo-compare.o
diff --git a/net/colo-compare.c b/net/colo-compare.c
new file mode 100644
index 000..a3e1456
--- /dev/null
+++ b/net/colo-compare.c
@@ -0,0 +1,231 @@
+/*
+ * COarse-grain LOck-stepping Virtual Machines for Non-stop 
Service (COLO)

+ * (a.k.a. Fault Tolerance or Continuous Replication)
+ *
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 FUJITSU LIMITED
+ * Copyright (c) 2016 Intel Corporation
+ *
+ * Author: Zhang Chen 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "qemu-common.h"
+#include "qapi/qmp/qerror.h"
+#include "qapi/error.h"
+#include "net/net.h"
+#include "net/vhost_net.h"
+#include "qom/object_interfaces.h"
+#include "qemu/iov.h"
+#include "qom/object.h"
+#include "qemu/typedefs.h"
+#include "net/queue.h"
+#include "sysemu/char.h"
+#include "qemu/sockets.h"
+#include "qapi-visit.h"
+#include "trace.h"


Looks like trace were not really used in the patch, you can delay 
the inclusion until is was really used.


OK~~~




+
+#define TYPE_COLO_COMPARE "colo-compare"
+#define COLO_COMPARE(obj) \
+OBJECT_CHECK(CompareState, (obj), TYPE_COLO_COMPARE)
+
+#define COMPARE_READ_LEN_MAX NET_BUFSIZE
+
+static QTAILQ_HEAD(, CompareState) net_compares =
+   QTAILQ_HEAD_INITIALIZER(net_compares);


What's the usage of this? A comment would be better.


If we need compare more than one netdev,we should use
more than one colo-compare. we do checkpoint should flush
all enqueued packet in colo-compare when work with colo-frame.
we use this queue to find all colo-compare.
So, look like no need here, I will move it to after patch.


Yes unless you want a single colo comparing threads to do comparing 
for all netdevs. (But I agree, looks not need).








+
+typedef struct CompareState {
+Object parent;
+
+char *pri_indev;
+char *sec_indev;
+char *outdev;
+CharDriverState *chr_pri_in;
+CharDriverState *chr_sec_in;
+CharDriverState *chr_out;
+QTAILQ_ENTRY(CompareState) next;
+SocketReadState pri_rs;
+SocketReadState sec_rs;
+} CompareState;
+
+typedef struct CompareClass {
+ObjectClass parent_class;
+} CompareClass;
+
+static char *compare_get_pri_indev(Object *obj, Error **errp)

Re: [Qemu-devel] ext4 error when testing virtio-scsi & vhost-scsi

[Zhangfei Gao]

Hi

Does qemu process need flush data before closing?

In the test of virtio_scsi & vhost_scsi, the first time read & write
to the mounted disk have no problem.
But after reboot, remount the disk, error happen immediately when
remove the files created in the first time.

For example:
# targetcli
/> cd backstores/iblock
/backstores/iblock> create name=block_backend dev=/dev/sda3
/backstores/iblock> cd /vhost
/vhost> create wwn=naa.60014053c5cc00ac
/vhost> ls
o- vhost  [1 Target]
  o- naa.60014053c5cc00ac .. [1 TPG]
o- tpg1 . [naa.6001405830beacfa]
  o- luns . [0 LUNs]
/vhost> cd naa.60014053c5cc00ac/tpg1/luns
/vhost/naa.60...0ac/tpg1/luns> create /backstores/iblock/block_backend

qemu.git/aarch64-softmmu/qemu-system-aarch64 \
-enable-kvm -nographic -kernel Image \
-device vhost-scsi-pci,wwpn=naa.60014053c5cc00ac \
-m 512 -M virt -cpu host \
-append "earlyprintk console=ttyAMA0 mem=512M"

in qemu system:
mount /dev/sda /mnt;

sync; date; dd if=/dev/zero of=/mnt/test bs=1M count=100; sync; date;

no problem for several times.

Reboot
targetcli config -> start qemu again.
in qemu:

mount /dev/sda /mnt;

root@(none)$ rm test
[   12.900540] EXT4-fs error (device sda): ext4_mb_generate_buddy:758: group 3s
[   12.908844] EXT4-fs error (device sda): ext4_mb_generate_buddy:758: group 3s
[   12.911154] JBD2: Spotted dirty metadata buffer (dev = sda, blocknr = 0). T.

Error happens immediately removing the files, which is created in the
first time.

Thanks


On Sun, Jun 12, 2016 at 11:23 AM, Zhangfei Gao  wrote:
> Here is one question about testing virtio-scsi & vhost-scsi.
> I met ext4 error using fileio or iblock.
> And after the error, the filesystem can not be remount next time in
> guest os except mkfs.ext4 again.
>
> Any suggestions?
> Thanks in advance.
>
>
> Basic steps.
> fileio:
> mount /dev/sda3 /mnt
> dd if=/dev/zero of=test bs=1M count=1024
>
>
> #targetcli
>
> (targetcli) /> cd backstores/fileio
>
> (targetcli) /> create name=file_backend file_or_dev=/mnt/test size=1G
>
> (targetcli) /> cd /vhost
>
> (targetcli) /> create wwn=naa.60014052cc816bf4
>
> (targetcli) /> cd naa.60014052cc816bf4/tpgt1/luns
>
> (targetcli) /> create /backstores/fileio/file_backend
>
> (targetcli) /> cd /
>
> (targetcli) /> saveconfig
>
> (targetcli) /> exit
>
> qemu.git/aarch64-softmmu/qemu-system-aarch64 \
>
>-enable-kvm -nographic -kernel Image \
>
>-device vhost-scsi-pci,wwpn=naa.60014052cc816bf4 \
>
>-m 512 -M virt -cpu host \
>
>-append "earlyprintk console=ttyAMA0 mem=512M rw"
>
>
> After guest kernel is boot,
>
> Mkfs.ext4 /dev/sda
>
> Mount /dev/sda /mnt
>
>
> sync; date; dd if=/dev/zero of=test bs=1M count=100; sync; date;
>
>
> Ext4 error:
>
> And can not be mounted next time.
>
> [  762.387457] EXT4-fs error (device sda) in
> ext4_reserve_inode_write:5172: Corrupt filesystem
>
> [  762.395622] EXT4-fs error (device sda) in
> ext4_reserve_inode_write:5172: Corrupt filesystem
>
> [  762.403915] EXT4-fs error (device sda) in
> ext4_reserve_inode_write:5172: Corrupt filesystem
>
> [  762.412263] EXT4-fs error (device sda) in ext4_ext_truncate:4661:
> Corrupt filesystem
>
> [  762.420613] EXT4-fs error (device sda) in
> ext4_reserve_inode_write:5172: Corrupt filesystem
>
> [  762.428913] EXT4-fs error (device sda) in ext4_orphan_del:2896:
> Corrupt filesystem
>
> [  762.437262] EXT4-fs error (device sda) in
> ext4_reserve_inode_write:5172: Corrupt filesystem
>
> [  762.445614] EXT4-fs error (device sda) in
> ext4_reserve_inode_write:5172: Corrupt filesystem
>
> [  762.454516] EXT4-fs error (device sda) in
> ext4_reserve_inode_write:5172: Corrupt filesystem
>
> [  762.462283] EXT4-fs error (device sda) in
> ext4_reserve_inode_write:5172: Corrupt filesystem
>
> [  767.370571] jbd2_journal_bmap: journal block not found at offset 13 on 
> sda-8
>
> [  767.371458] Aborting journal on device sda-8.
>
> [  767.395583] EXT4-fs error: 564 callbacks suppressed
>
> [  767.396173] EXT4-fs error (device sda) in ext4_da_write_end:2841: IO 
> failure
>
> [  767.412221] EXT4-fs error (device sda):
> ext4_journal_check_start:56: Detected aborted journal
>
> [  767.413325] EXT4-fs (sda): Remounting filesystem read-only
>
> dd: writing '/mnt/test.bin': Read-only file system
>
>
> blockio:
>
> # targetcli
>
> /> cd backstores/iblock
>
> /backstores/iblock> create name=block_backend dev=/dev/sda4
>
> /backstores/iblock> cd /vhost
>
> /vhost> create
>
> /vhost> ls
>
> o- vhost  [1 
> Target]
>
>  o- naa.60014053c5cc00ac .. [1 
> TPG]
>
>o- tpg1 . 
> [naa.6001405830beacfa]
>
>  o- luns 

Re: [Qemu-devel] [RFC PATCH v2 3/5] spapr: Set stable_cpu_id for threads of CPU cores

[David Gibson]

On Fri, Jul 08, 2016 at 12:59:59PM +0200, Igor Mammedov wrote:
> On Fri, 8 Jul 2016 17:39:52 +1000
> David Gibson  wrote:
> 
> > On Fri, Jul 08, 2016 at 12:11:12PM +0530, Bharata B Rao wrote:
> > > On Fri, Jul 08, 2016 at 03:24:13PM +1000, David Gibson wrote:  
> > > > On Thu, Jul 07, 2016 at 08:20:23PM +0530, Bharata B Rao wrote:  
> > > > > Conditonally set stable_cpu_id for CPU threads that are created as 
> > > > > part
> > > > > of spapr CPU cores. The use of stable_cpu_id is enabled for 
> > > > > pseries-2.7
> > > > > onwards.
> > > > > 
> > > > > Signed-off-by: Bharata B Rao 
> > > > > ---
> > > > >  hw/ppc/spapr_cpu_core.c | 7 +++
> > > > >  1 file changed, 7 insertions(+)
> > > > > 
> > > > > diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> > > > > index b104778..0ec3513 100644
> > > > > --- a/hw/ppc/spapr_cpu_core.c
> > > > > +++ b/hw/ppc/spapr_cpu_core.c
> > > > > @@ -293,8 +293,15 @@ static void spapr_cpu_core_realize(DeviceState 
> > > > > *dev, Error **errp)
> > > > >  for (i = 0; i < cc->nr_threads; i++) {
> > > > >  char id[32];
> > > > >  obj = sc->threads + i * size;
> > > > > +CPUState *cs;
> > > > >  
> > > > >  object_initialize(obj, size, typename);
> > > > > +cs = CPU(obj);
> > > > > +
> > > > > +/* Use core_id (which is actually cpu_dt_id) as stable CPU 
> > > > > id */
> > > > > +if (cs->has_stable_cpu_id) {
> > > > > +cs->stable_cpu_id = cc->core_id + i;
> > > > > +}  
> > > > 
> > > > Testing cs->has_stable_cpu_id here in machine type specific code seems
> > > > really weird.  It's the machine type that knows whether it has a
> > > > stable ID to give to the CPU or not, rather than the other way around.
> > > > 
> > > > Since we haven't yet had a release with cpu cores, I think the right
> > > > thing is for cpu_core to unconditionally set the stable ID (and set
> > > > has_stable_id to true).  
> > > 
> > > Right, we can set cpu_stable_id unconditionally here since this code path
> > > (core realize) will be taken only for pseries-2.7 onwards. has_stable_id
> > > will get set as part of the property we defined in SPAPR_COMPAT_2_7.  
> > 
> > Hrm, that's true.  But when you describe it like that it sounds like a
> > really non-obvious and fragile dependency between different components.
> that's how compat stuff is typically done for devices,
> CPUs shouldn't be an exception. 
> (consistency with other devices helps here in long run)
>  
> > > > The backup path that does thread-based cpu
> > > > init, can set has_stable_id to false (if that's not the default).  
> > > 
> > > Default is off, but turning it on for 2.7 will be inherited by 2.6
> > > and others below. Hence I have code to explicitly disable this prop
> > > for 2.6 and below via SPAPR_COMPAT_2_6.  
> > 
> > This is all seeming terribly awkward.
> Typically default is set the way so new machine type doesn't have
> to enable it explicitly.
> 
> However the way it's done here helps not to touch/check every user
> that uses cpu_index, limiting series impact only to code that
> asks for it, it look a lot safer to got this rout for now.
> 
> 
> >  Can we try investigating a
> > different approach:
> > 
> > 1. Rename cpu_index to cpu_id, but it's still used in the same
> >places it's used.
> > 
> > 2. Remove assumptions that cpu_id values are contiguous or
> >dense
> > 
> > 3. Machine type decides whether it wants to populate the cpu_id
> >values explicitly, or leave it to generic code to calculate
> >them as cpu_index is calculated now.
> > 
> > 4. Ideally, generic code enforces that the machine type populates
> >either all or none of the cpu_id values.
> > 
> > Does that seem workable?
> Ideally we will get there some day (and may be get rid of cpu_index 
> altogether),
> but for now it seems too invasive with a lot of chances to introduce non 
> obvious
> regression.

Yes, that's a risk.  But I'm basically no longer convinced that it's
any higher than the risk of the same thing with the current approach.

> So I'd keep approach used in this series.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [RFC PATCH v2 2/5] cpu: Introduce CPUState::stable_cpu_id

[Bharata B Rao]

On Mon, Jul 11, 2016 at 01:22:37PM +1000, David Gibson wrote:
> On Fri, Jul 08, 2016 at 01:11:02PM +0200, Igor Mammedov wrote:
> > On Fri, 8 Jul 2016 15:19:58 +1000
> > David Gibson  wrote:
> > 
> > > On Thu, Jul 07, 2016 at 08:20:22PM +0530, Bharata B Rao wrote:
> > > > Add CPUState::stable_cpu_id and use that as instance_id in
> > > > vmstate_register() call.
> > > > 
> > > > Introduce has-stable_cpu_id property that allows target machines to
> > > > optionally switch to using stable_cpu_id instead of cpu_index.
> > > > This will help allow successful migration in cases where holes are
> > > > introduced in cpu_index range after CPU hot removals.
> > > > 
> > > > Suggested-by: Igor Mammedov 
> > > > Signed-off-by: Bharata B Rao 
> > > > ---
> > > >  exec.c| 6 --
> > > >  include/qom/cpu.h | 5 +
> > > >  qom/cpu.c | 6 ++
> > > >  3 files changed, 15 insertions(+), 2 deletions(-)
> > > > 
> > > > diff --git a/exec.c b/exec.c
> > > > index fb73910..3b36fe5 100644
> > > > --- a/exec.c
> > > > +++ b/exec.c
> > > > @@ -619,12 +619,14 @@ static void cpu_release_index(CPUState *cpu)
> > > >  void cpu_vmstate_register(CPUState *cpu)
> > > >  {
> > > >  CPUClass *cc = CPU_GET_CLASS(cpu);
> > > > +int instance_id = cpu->has_stable_cpu_id ? cpu->stable_cpu_id :
> > > > +  cpu->cpu_index;
> > > >  
> > > >  if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
> > > > -vmstate_register(NULL, cpu->cpu_index, _cpu_common, 
> > > > cpu);
> > > > +vmstate_register(NULL, instance_id, _cpu_common, cpu);
> > > >  }
> > > >  if (cc->vmsd != NULL) {
> > > > -vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
> > > > +vmstate_register(NULL, instance_id, cc->vmsd, cpu);
> > > >  }
> > > >  }
> > > >  
> > > > diff --git a/include/qom/cpu.h b/include/qom/cpu.h
> > > > index 331386f..527c021 100644
> > > > --- a/include/qom/cpu.h
> > > > +++ b/include/qom/cpu.h
> > > > @@ -273,6 +273,9 @@ struct qemu_work_item {
> > > >   * @kvm_fd: vCPU file descriptor for KVM.
> > > >   * @work_mutex: Lock to prevent multiple access to queued_work_*.
> > > >   * @queued_work_first: First asynchronous work pending.
> > > > + * @stable_cpu_id: Use as instance_id argument in cpu vmstate_register 
> > > > calls
> > > > + * @has_stable_cpu_id: Set to enforce the use of @stable_cpu_id
> > > > + * over cpu_index during vmstate registration.
> > > >   *
> > > >   * State of one CPU core or thread.
> > > >   */
> > > > @@ -360,6 +363,8 @@ struct CPUState {
> > > > (absolute value) offset as small as possible.  This reduces code
> > > > size, especially for hosts without large memory offsets.  */
> > > >  uint32_t tcg_exit_req;
> > > > +int stable_cpu_id;
> > > > +bool has_stable_cpu_id;
> > > >  };
> > > >  
> > > >  QTAILQ_HEAD(CPUTailQ, CPUState);
> > > > diff --git a/qom/cpu.c b/qom/cpu.c
> > > > index 1095ea1..bae1bf7 100644
> > > > --- a/qom/cpu.c
> > > > +++ b/qom/cpu.c
> > > > @@ -363,6 +363,11 @@ static int64_t cpu_common_get_arch_id(CPUState 
> > > > *cpu)
> > > >  return cpu->cpu_index;
> > > >  }
> > > >  
> > > > +static Property cpu_common_properties[] = {
> > > > +DEFINE_PROP_BOOL("has-stable-cpu-id", CPUState, has_stable_cpu_id, 
> > > > false),  
> > > 
> > > It seems odd to me that stable_cpu_id itself isn't exposed as a
> > > property.  Even if we don't need to set it externally for now, it
> > > really should be QOM introspectable.
> > Should it? Why?
> 
> Well, for one thing it's really strange to have the boolean flag
> exposed, but not the value itself.

How about just the property which starts with a deafult value (-1 ?)
based on which we can either use stable_cpu_id or cpu_index with
vmstate_register() calls ? Machine types that want to use stable_cpu_id
can explicitly set this property to a valid "non -1" value ?

I remember you were suggesting something like this earlier.

Regards,
Bharata.

Re: [Qemu-devel] [RFC PATCH 1/2] qapi: Add vcpu id to query-hotpluggable-cpus output

[David Gibson]

On Fri, 8 Jul 2016 13:40:38 +0200
Igor Mammedov  wrote:

> On Fri, 8 Jul 2016 12:18:55 +1000
> David Gibson  wrote:
> 
> > On Thu,  7 Jul 2016 17:17:13 +0200
> > Peter Krempa  wrote:
> >   
> > > Add 'vcpu index' to the output of query hotpluggable cpus. This output
> > > is identical to the linear cpu index taken by the 'cpus' attribute
> > > passed to -numa.
> > 
> > 
> > The problem is, the vcpu index of what?  Each entry in the hotpluggable
> > cpus table could represent more than one vcpu.  
> agreed,
> -numa cpus should take socket/core/thread-ids instead so that mgmt
> could do layout at start-up time
> 
> for example if mgmt specifies
>   -smp cpus=1,sockets=2,cores=2,maxcpus=4
> it knows socket/core layout and can assign them as desired
>   -numa nodeid=0,cpu=[socket-id=0,core-id=0] \
>   -numa nodeid=1,cpu=[socket-id=0,core-id=1] \
>   -numa nodeid=2,cpu=[socket-id=1]
> 
> that of cause assuming that QEMU would guarantee IDs are are ranges 
> [0..sockets), ...
> it's so for x86, can we guarantee it for spapr?

Urgh.. we could for spapr, but I think it's bad idea to do that in
general.  For powernv (or others) we might want to use socket ids with
a physical meaning (e.g. actual values of chip select lines) and those
might not be contiguous.


> 
> >   
> > > This will allow to reliably map the cpu number to a given topology
> > > element without making mgmt apps to reimplement the mapping.
> > > 
> > > Signed-off-by: Peter Krempa 
> > > ---
> > >  hmp.c| 1 +
> > >  hw/i386/pc.c | 1 +
> > >  hw/ppc/spapr.c   | 1 +
> > >  qapi-schema.json | 2 ++
> > >  4 files changed, 5 insertions(+)
> > > 
> > > diff --git a/hmp.c b/hmp.c
> > > index 0cf5baa..613601e 100644
> > > --- a/hmp.c
> > > +++ b/hmp.c
> > > @@ -2450,6 +2450,7 @@ void hmp_hotpluggable_cpus(Monitor *mon, const 
> > > QDict *qdict)
> > >  monitor_printf(mon, "  type: \"%s\"\n", l->value->type);
> > >  monitor_printf(mon, "  vcpus_count: \"%" PRIu64 "\"\n",
> > > l->value->vcpus_count);
> > > +monitor_printf(mon, "  vcpu_id: \"%" PRIu64 "\"\n", 
> > > l->value->vcpu_id);
> > >  if (l->value->has_qom_path) {
> > >  monitor_printf(mon, "  qom_path: \"%s\"\n", 
> > > l->value->qom_path);
> > >  }
> > > diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> > > index f293a0c..4ba02c4 100644
> > > --- a/hw/i386/pc.c
> > > +++ b/hw/i386/pc.c
> > > @@ -2131,6 +2131,7 @@ static HotpluggableCPUList 
> > > *pc_query_hotpluggable_cpus(MachineState *machine)
> > > 
> > >  cpu_item->type = g_strdup(cpu_type);
> > >  cpu_item->vcpus_count = 1;
> > > +cpu_item->vcpu_id = i;
> > >  cpu_props->has_socket_id = true;
> > >  cpu_props->socket_id = topo.pkg_id;
> > >  cpu_props->has_core_id = true;
> > > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > > index 7f33a1b..d1f5195 100644
> > > --- a/hw/ppc/spapr.c
> > > +++ b/hw/ppc/spapr.c
> > > @@ -2378,6 +2378,7 @@ static HotpluggableCPUList 
> > > *spapr_query_hotpluggable_cpus(MachineState *machine)
> > > 
> > >  cpu_item->type = spapr_get_cpu_core_type(machine->cpu_model);
> > >  cpu_item->vcpus_count = smp_threads;
> > > +cpu_item->vcpu_id = i;
> > 
> > This is wrong.  This is the index of the core.  The individual vcpus
> > within the core will have ids starting at core_id and working up.
> >   
> > >  cpu_props->has_core_id = true;
> > >  cpu_props->core_id = i * smt;
> > >  /* TODO: add 'has_node/node' here to describe
> > > diff --git a/qapi-schema.json b/qapi-schema.json
> > > index ba3bf14..6db9294 100644
> > > --- a/qapi-schema.json
> > > +++ b/qapi-schema.json
> > > @@ -4292,6 +4292,7 @@
> > >  # @type: CPU object type for usage with device_add command
> > >  # @props: list of properties to be used for hotplugging CPU
> > >  # @vcpus-count: number of logical VCPU threads @HotpluggableCPU provides
> > > +# @vcpu-id: linear index of the vcpu
> > >  # @qom-path: #optional link to existing CPU object if CPU is present or
> > >  #omitted if CPU is not present.
> > >  #
> > > @@ -4300,6 +4301,7 @@
> > >  { 'struct': 'HotpluggableCPU',
> > >'data': { 'type': 'str',
> > >  'vcpus-count': 'int',
> > > +'vcpu-id': 'int',
> > >  'props': 'CpuInstanceProperties',
> > >  '*qom-path': 'str'
> > >}
> > > -- 
> > > 2.9.0
> > > 
> > 
> >   
> 


-- 
David Gibson 
Senior Software Engineer, Virtualization, Red Hat


pgpLYxQ_x24xI.pgp
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH v2 3/5] spapr: Set stable_cpu_id for threads of CPU cores

[David Gibson]

On Fri, Jul 08, 2016 at 05:24:24PM +0200, Greg Kurz wrote:
> On Fri, 8 Jul 2016 17:59:07 +1000
> David Gibson  wrote:
> 
> > On Fri, Jul 08, 2016 at 09:46:47AM +0200, Greg Kurz wrote:
> > > On Fri, 8 Jul 2016 15:25:33 +1000
> > > David Gibson  wrote:
> > >   
> > > > On Thu, Jul 07, 2016 at 06:11:31PM +0200, Greg Kurz wrote:  
> > > > > On Thu,  7 Jul 2016 20:20:23 +0530
> > > > > Bharata B Rao  wrote:
> > > > > 
> > > > > > Conditonally set stable_cpu_id for CPU threads that are created as 
> > > > > > part
> > > > > > of spapr CPU cores. The use of stable_cpu_id is enabled for 
> > > > > > pseries-2.7
> > > > > > onwards.
> > > > > > 
> > > > > 
> > > > > The last sentence is a bit confusing since the enablement actually 
> > > > > happens
> > > > > in patch 5/5.
> > > > > 
> > > > > > Signed-off-by: Bharata B Rao 
> > > > > > ---
> > > > > >  hw/ppc/spapr_cpu_core.c | 7 +++
> > > > > >  1 file changed, 7 insertions(+)
> > > > > > 
> > > > > > diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> > > > > > index b104778..0ec3513 100644
> > > > > > --- a/hw/ppc/spapr_cpu_core.c
> > > > > > +++ b/hw/ppc/spapr_cpu_core.c
> > > > > > @@ -293,8 +293,15 @@ static void spapr_cpu_core_realize(DeviceState 
> > > > > > *dev, Error **errp)
> > > > > >  for (i = 0; i < cc->nr_threads; i++) {
> > > > > >  char id[32];
> > > > > >  obj = sc->threads + i * size;
> > > > > > +CPUState *cs;
> > > > > >  
> > > > > >  object_initialize(obj, size, typename);
> > > > > > +cs = CPU(obj);
> > > > > > +
> > > > > > +/* Use core_id (which is actually cpu_dt_id) as stable CPU 
> > > > > > id */
> > > > > 
> > > > > It isn't what I had in mind. More something like below:
> > > > > 
> > > > > In ppc_spapr_init():
> > > > > 
> > > > > for (i = 0; i < spapr_max_cores; i++) {
> > > > > spapr->cores[i]->stable_id = i * smp_threads;
> > > > > }
> > > > > 
> > > > > 
> > > > > In spapr_cpu_core_realize():
> > > > > 
> > > > > for (j = 0; j < cc->nr_threads; j++) {
> > > > > stable_cpu_id = cc->stable_id + j;
> > > > > }
> > > > > 
> > > > > So we need to introduce cc->stable_id.
> > > > 
> > > > No, we don't.  Cores have had a stable ID since they were introduced.
> > > >   
> > > 
> > > I agree core_dt_id is stable but it is a DT concept.  
> > 
> > There is no core_dt_id.  There's just core-id, which is machine
> > assigned (via the query hotpluggable cpus interface) and stable.
> > 
> > > static void ppc_spapr_init(MachineState *machine)
> > > {
> > > [...]
> > > for (i = 0; i < spapr_max_cores; i++) {
> > > int core_dt_id = i * smt;  
> > 
> > ..uh, ok, except for that poorly named variable.  But that's because
> > this is in the machine type, and it knows it's going to use the same
> > ids to give to the core object and to put in the device tree.
> > 
> 
> It is core_id everywhere else.
> 
> $ git grep core_id hw/ppc/
> hw/ppc/spapr.c:cpu_props->has_core_id = true;
> hw/ppc/spapr.c:cpu_props->core_id = i * smt;
> hw/ppc/spapr_cpu_core.c:spapr->cores[cc->core_id / smt] = NULL;
> hw/ppc/spapr_cpu_core.c:drc = 
> spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, cc->core_id);
> hw/ppc/spapr_cpu_core.c:index = cc->core_id / smt;
> hw/ppc/spapr_cpu_core.c:if (cc->core_id % smt) {
> hw/ppc/spapr_cpu_core.c:error_setg(_err, "invalid core id 
> %d\n", cc->core_id);
> hw/ppc/spapr_cpu_core.c:index = cc->core_id / smt;
> hw/ppc/spapr_cpu_core.c:error_setg(_err, "core id %d out of 
> range", cc->core_id);
> hw/ppc/spapr_cpu_core.c:error_setg(_err, "core %d already 
> populated", cc->core_id);
> 
> $ git grep core_dt_id hw/ppc/
> hw/ppc/spapr.c:int core_dt_id = i * smt;
> hw/ppc/spapr.c:   
> SPAPR_DR_CONNECTOR_TYPE_CPU, core_dt_id);
> hw/ppc/spapr.c:object_property_set_int(core, core_dt_id, 
> CPU_CORE_PROP_CORE_ID,
> 
> I got confused because the current code still puts cpu_dt_id of thread0 in the
> device tree. And since cpu_dt_id is still being computed on cpu_index, it is
> a different beast (which needs to be killed since it even crashes simple
> hotplug/unplug scenarios).
> 
> > > [...]
> > > object_property_set_int(core, core_dt_id, 
> > > CPU_CORE_PROP_CORE_ID,
> > > _fatal);
> > > 
> > > This patch produces stable_cpu_id in the [0...smt * smp_cores) range. I 
> > > find it
> > > awkward it depends on the host setup.  
> > 
> > True.  Possibly we should set these as i * (maximum plausible number
> > of threads).
> > 
> > The gotcha is that currently we're using the same "dt_id" to control
> > KVM's cpu id and that in turn controls the SMT level.  That's a poor
> > interface on the kernel side (my bad), 

Re: [Qemu-devel] [RFC PATCH v2 2/5] cpu: Introduce CPUState::stable_cpu_id

[David Gibson]

On Fri, Jul 08, 2016 at 01:11:02PM +0200, Igor Mammedov wrote:
> On Fri, 8 Jul 2016 15:19:58 +1000
> David Gibson  wrote:
> 
> > On Thu, Jul 07, 2016 at 08:20:22PM +0530, Bharata B Rao wrote:
> > > Add CPUState::stable_cpu_id and use that as instance_id in
> > > vmstate_register() call.
> > > 
> > > Introduce has-stable_cpu_id property that allows target machines to
> > > optionally switch to using stable_cpu_id instead of cpu_index.
> > > This will help allow successful migration in cases where holes are
> > > introduced in cpu_index range after CPU hot removals.
> > > 
> > > Suggested-by: Igor Mammedov 
> > > Signed-off-by: Bharata B Rao 
> > > ---
> > >  exec.c| 6 --
> > >  include/qom/cpu.h | 5 +
> > >  qom/cpu.c | 6 ++
> > >  3 files changed, 15 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/exec.c b/exec.c
> > > index fb73910..3b36fe5 100644
> > > --- a/exec.c
> > > +++ b/exec.c
> > > @@ -619,12 +619,14 @@ static void cpu_release_index(CPUState *cpu)
> > >  void cpu_vmstate_register(CPUState *cpu)
> > >  {
> > >  CPUClass *cc = CPU_GET_CLASS(cpu);
> > > +int instance_id = cpu->has_stable_cpu_id ? cpu->stable_cpu_id :
> > > +  cpu->cpu_index;
> > >  
> > >  if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
> > > -vmstate_register(NULL, cpu->cpu_index, _cpu_common, cpu);
> > > +vmstate_register(NULL, instance_id, _cpu_common, cpu);
> > >  }
> > >  if (cc->vmsd != NULL) {
> > > -vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
> > > +vmstate_register(NULL, instance_id, cc->vmsd, cpu);
> > >  }
> > >  }
> > >  
> > > diff --git a/include/qom/cpu.h b/include/qom/cpu.h
> > > index 331386f..527c021 100644
> > > --- a/include/qom/cpu.h
> > > +++ b/include/qom/cpu.h
> > > @@ -273,6 +273,9 @@ struct qemu_work_item {
> > >   * @kvm_fd: vCPU file descriptor for KVM.
> > >   * @work_mutex: Lock to prevent multiple access to queued_work_*.
> > >   * @queued_work_first: First asynchronous work pending.
> > > + * @stable_cpu_id: Use as instance_id argument in cpu vmstate_register 
> > > calls
> > > + * @has_stable_cpu_id: Set to enforce the use of @stable_cpu_id
> > > + * over cpu_index during vmstate registration.
> > >   *
> > >   * State of one CPU core or thread.
> > >   */
> > > @@ -360,6 +363,8 @@ struct CPUState {
> > > (absolute value) offset as small as possible.  This reduces code
> > > size, especially for hosts without large memory offsets.  */
> > >  uint32_t tcg_exit_req;
> > > +int stable_cpu_id;
> > > +bool has_stable_cpu_id;
> > >  };
> > >  
> > >  QTAILQ_HEAD(CPUTailQ, CPUState);
> > > diff --git a/qom/cpu.c b/qom/cpu.c
> > > index 1095ea1..bae1bf7 100644
> > > --- a/qom/cpu.c
> > > +++ b/qom/cpu.c
> > > @@ -363,6 +363,11 @@ static int64_t cpu_common_get_arch_id(CPUState *cpu)
> > >  return cpu->cpu_index;
> > >  }
> > >  
> > > +static Property cpu_common_properties[] = {
> > > +DEFINE_PROP_BOOL("has-stable-cpu-id", CPUState, has_stable_cpu_id, 
> > > false),  
> > 
> > It seems odd to me that stable_cpu_id itself isn't exposed as a
> > property.  Even if we don't need to set it externally for now, it
> > really should be QOM introspectable.
> Should it? Why?

Well, for one thing it's really strange to have the boolean flag
exposed, but not the value itself.

> It's QEMU internal detail and outside world preferably shouldn't
> know anything about it.

Hrm.. I guess kinda.  But I think it's less an internal detail than
the existing cpu_index is.

> As example look at cpu_index which were/is used in HMP and -numa
> interfaces and now mgmt tries make some sense of it.
> 
> Cleaner way should be teaching -numa to handle cpus specified by
> socket/core/thread IDs so that mgmt would actually know what CPUs
> it assigns to what nodes and not to look at/invent/generate some
> internal cpu_id.
> 
> > 
> > > +DEFINE_PROP_END_OF_LIST()
> > > +};
> > > +
> > >  static void cpu_class_init(ObjectClass *klass, void *data)
> > >  {
> > >  DeviceClass *dc = DEVICE_CLASS(klass);
> > > @@ -394,6 +399,7 @@ static void cpu_class_init(ObjectClass *klass, void 
> > > *data)
> > >   * IRQs, adding reset handlers, halting non-first CPUs, ...
> > >   */
> > >  dc->cannot_instantiate_with_device_add_yet = true;
> > > +dc->props = cpu_common_properties;
> > >  }
> > >  
> > >  static const TypeInfo cpu_type_info = {  
> > 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH RFC v4 0/4] docker: Support building qemu-user powered docker test images

[Fam Zheng]

Alex,

This is the result of my fiddling around docker + qemu-user in the weekend. It
can do most of the work except the injection of qemu-user binary from host
build.  We can try to integrate your "docker.py update" into Makefile to do
that, but an open question is how to handle the dependency cleanly: we
intentionally allow "make docker-foo" w/o configure or build, but the qemu-user
case is very different.

The major change is using "FROM debian" and build thing in the container so
that qemu-arm, fakeroot and debootstrap are not required on the system (the
docker file installs qemu-user-static). This way the pre script is not needed.

The upside is debootstrap can make use of docker cache, so updating is easy,
but we have to handle chroot in run script, before running the test command.

This seems cleaner in host side dependencies to me, what do you think?

Fam

Fam Zheng (4):
  docker: More sensible run script
  docker: Fix exit code if $CMD failed
  docker: Support "QEMU_CHROOT" in dockerfiles
  docker: Add debootstrap-arm image

 tests/docker/Makefile.include   |  5 ++--
 tests/docker/dockerfiles/debootstrap-arm.docker | 35 +
 tests/docker/run| 28 +---
 3 files changed, 62 insertions(+), 6 deletions(-)
 create mode 100644 tests/docker/dockerfiles/debootstrap-arm.docker

-- 
2.7.4

[Qemu-devel] [PATCH RFC v4 1/4] docker: More sensible run script

[Fam Zheng]

It is very easy to figure out current directory and bash option from the
execution, so do less in the Makefile invocation command line, and
figure both options in the script.

This makes the next patch easier.

Signed-off-by: Fam Zheng 
---
 tests/docker/Makefile.include |  4 +---
 tests/docker/run  | 12 +---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index f88c0a7..c5546ee 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -114,10 +114,8 @@ docker-run-%: docker-qemu-src
-e CCACHE_DIR=/var/tmp/ccache \
-v $$(realpath 
$(DOCKER_SRC_COPY)):/var/tmp/qemu:z$(COMMA)ro \
-v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \
-   -w /var/tmp/qemu \
qemu:$(IMAGE) \
-   $(if $V,/bin/bash -x ,) \
-   ./run \
+   /var/tmp/qemu/run \
$(CMD); \
, "  RUN $(CMD) in $(IMAGE)")))
 
diff --git a/tests/docker/run b/tests/docker/run
index ec3d119..575e732 100755
--- a/tests/docker/run
+++ b/tests/docker/run
@@ -11,6 +11,12 @@
 # or (at your option) any later version. See the COPYING file in
 # the top-level directory.
 
+if test -n "$V"; then
+set -x
+fi
+
+BASE="$(dirname $(realpath $0))"
+
 # Prepare the environment
 . /etc/profile || true
 export PATH=/usr/lib/ccache:$PATH
@@ -24,10 +30,10 @@ export TEST_DIR=/tmp/qemu-test
 mkdir -p $TEST_DIR/{src,build,install}
 
 # Extract the source tarballs
-tar -C $TEST_DIR/src -xzf qemu.tgz
+tar -C $TEST_DIR/src -xzf $BASE/qemu.tgz
 for p in dtc pixman; do
-if test -f $p.tgz; then
-tar -C $TEST_DIR/src/$p -xzf $p.tgz
+if test -f $BASE/$p.tgz; then
+tar -C $TEST_DIR/src/$p -xzf $BASE/$p.tgz
 export FEATURES="$FEATURES $p"
 fi
 done
-- 
2.7.4

[Qemu-devel] [PATCH RFC v4 4/4] docker: Add debootstrap-arm image

[Fam Zheng]

Signed-off-by: Fam Zheng 
---
 tests/docker/dockerfiles/debootstrap-arm.docker | 35 +
 1 file changed, 35 insertions(+)
 create mode 100644 tests/docker/dockerfiles/debootstrap-arm.docker

diff --git a/tests/docker/dockerfiles/debootstrap-arm.docker 
b/tests/docker/dockerfiles/debootstrap-arm.docker
new file mode 100644
index 000..cb15f2f
--- /dev/null
+++ b/tests/docker/dockerfiles/debootstrap-arm.docker
@@ -0,0 +1,35 @@
+FROM debian:testing
+
+RUN apt-get update
+RUN apt-get install -y fakeroot debootstrap qemu-user-static
+
+RUN mkdir /debootstrap-arm
+
+RUN cd /debootstrap-arm && fakeroot debootstrap --variant=buildd --foreign \
+--arch=armhf testing . http://httpredir.debian.org/debian
+
+RUN sed -i 's/in_target mount/echo not for docker in_target mount/g' \
+/debootstrap-arm/debootstrap/functions
+
+RUN mkdir -p /debootstrap-arm/usr/local/bin
+
+RUN ln /usr/bin/qemu-arm-static /debootstrap-arm/usr/bin/qemu-arm && \
+ln /usr/bin/qemu-arm-static /debootstrap-arm/usr/bin/qemu-arm-static && \
+ln /usr/bin/qemu-arm-static /debootstrap-arm/usr/local/bin/qemu-arm && \
+ln /usr/bin/qemu-arm-static /debootstrap-arm/usr/local/bin/qemu-arm-static
+
+# Run stage 2
+RUN if ! chroot /debootstrap-arm /debootstrap/debootstrap --second-stage; then 
\
+echo "Failed to chroot and do stage 2"; \
+echo "Please set up binfmt_misc to point arm binary to one of:"; \
+echo "  /usr/bin/qemu-arm"; \
+echo "  /usr/bin/qemu-arm-static"; \
+echo "  /usr/local/bin/qemu-arm"; \
+echo "  /usr/local/bin/qemu-arm-static"; \
+exit 1; \
+fi
+RUN chroot /debootstrap-arm sh -c 'cat /etc/apt/sources.list | sed 
"s/deb/deb-src/" >> /etc/apt/sources.list'
+RUN chroot /debootstrap-arm apt-get update
+RUN chroot /debootstrap-arm apt-get build-dep -y qemu
+RUN chroot /debootstrap-arm apt-get install -y ccache
+ENV QEMU_CHROOT /debootstrap-arm
-- 
2.7.4

[Qemu-devel] [PATCH RFC v4 3/4] docker: Support "QEMU_CHROOT" in dockerfiles

[Fam Zheng]

This allows a docker file to say "ENV QEMU_CHROOT /path/to/new/root" to
indicate that the test execution should be done in a chroot in the
container.

Bind mount dev,sys,proc into QEMU_CHROOT to make them avaiable for
testing scripts.

The SYS_ADMIN is a required capability for mount, add it to the
docker run command line.

Signed-off-by: Fam Zheng 
---
 tests/docker/Makefile.include |  1 +
 tests/docker/run  | 12 
 2 files changed, 13 insertions(+)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index c5546ee..e9821ba 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -107,6 +107,7 @@ docker-run-%: docker-qemu-src
$(call quiet-command,\
$(SRC_PATH)/tests/docker/docker.py run $(if $V,,--rm) \
-t \
+   --cap-add SYS_ADMIN \
$(if $(DEBUG),-i,--net=none) \
-e TARGET_LIST=$(TARGET_LIST) \
-e EXTRA_CONFIGURE_OPTS=$(EXTRA_CONFIGURE_OPTS) 
\
diff --git a/tests/docker/run b/tests/docker/run
index 38ce789..4e80cc3 100755
--- a/tests/docker/run
+++ b/tests/docker/run
@@ -19,6 +19,18 @@ fi
 
 BASE="$(dirname $(realpath $0))"
 
+# cp files into the chroot and execute there
+if test -n "$QEMU_CHROOT"; then
+mkdir -p $QEMU_CHROOT/$BASE
+cp $BASE/* $QEMU_CHROOT/$BASE
+QEMU_CHROOT_SAVE="$QEMU_CHROOT"
+for bp in dev sys proc; do
+mount --bind /$bp $QEMU_CHROOT/$bp
+done
+QEMU_CHROOT="" chroot $QEMU_CHROOT_SAVE $BASE/run "$@"
+exit 0
+fi
+
 # Prepare the environment
 . /etc/profile || true
 export PATH=/usr/lib/ccache:$PATH
-- 
2.7.4

[Qemu-devel] [PATCH RFC v4 2/4] docker: Fix exit code if $CMD failed

[Fam Zheng]

Signed-off-by: Fam Zheng 
---
 tests/docker/run | 4 
 1 file changed, 4 insertions(+)

diff --git a/tests/docker/run b/tests/docker/run
index 575e732..38ce789 100755
--- a/tests/docker/run
+++ b/tests/docker/run
@@ -11,6 +11,8 @@
 # or (at your option) any later version. See the COPYING file in
 # the top-level directory.
 
+set -e
+
 if test -n "$V"; then
 set -x
 fi
@@ -61,4 +63,6 @@ elif test -n "$DEBUG"; then
 echo
 # Force error after shell exits
 $SHELL && exit 1
+else
+exit 1
 fi
-- 
2.7.4

Re: [Qemu-devel] [RFC PATCH v2 3/5] spapr: Set stable_cpu_id for threads of CPU cores

[Bharata B Rao]

On Fri, Jul 08, 2016 at 12:59:59PM +0200, Igor Mammedov wrote:
> On Fri, 8 Jul 2016 17:39:52 +1000
> David Gibson  wrote:
> 
> > On Fri, Jul 08, 2016 at 12:11:12PM +0530, Bharata B Rao wrote:
> > > On Fri, Jul 08, 2016 at 03:24:13PM +1000, David Gibson wrote:  
> > > > On Thu, Jul 07, 2016 at 08:20:23PM +0530, Bharata B Rao wrote:  
> > > > > Conditonally set stable_cpu_id for CPU threads that are created as 
> > > > > part
> > > > > of spapr CPU cores. The use of stable_cpu_id is enabled for 
> > > > > pseries-2.7
> > > > > onwards.
> > > > > 
> > > > > Signed-off-by: Bharata B Rao 
> > > > > ---
> > > > >  hw/ppc/spapr_cpu_core.c | 7 +++
> > > > >  1 file changed, 7 insertions(+)
> > > > > 
> > > > > diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> > > > > index b104778..0ec3513 100644
> > > > > --- a/hw/ppc/spapr_cpu_core.c
> > > > > +++ b/hw/ppc/spapr_cpu_core.c
> > > > > @@ -293,8 +293,15 @@ static void spapr_cpu_core_realize(DeviceState 
> > > > > *dev, Error **errp)
> > > > >  for (i = 0; i < cc->nr_threads; i++) {
> > > > >  char id[32];
> > > > >  obj = sc->threads + i * size;
> > > > > +CPUState *cs;
> > > > >  
> > > > >  object_initialize(obj, size, typename);
> > > > > +cs = CPU(obj);
> > > > > +
> > > > > +/* Use core_id (which is actually cpu_dt_id) as stable CPU 
> > > > > id */
> > > > > +if (cs->has_stable_cpu_id) {
> > > > > +cs->stable_cpu_id = cc->core_id + i;
> > > > > +}  
> > > > 
> > > > Testing cs->has_stable_cpu_id here in machine type specific code seems
> > > > really weird.  It's the machine type that knows whether it has a
> > > > stable ID to give to the CPU or not, rather than the other way around.
> > > > 
> > > > Since we haven't yet had a release with cpu cores, I think the right
> > > > thing is for cpu_core to unconditionally set the stable ID (and set
> > > > has_stable_id to true).  
> > > 
> > > Right, we can set cpu_stable_id unconditionally here since this code path
> > > (core realize) will be taken only for pseries-2.7 onwards. has_stable_id
> > > will get set as part of the property we defined in SPAPR_COMPAT_2_7.  
> > 
> > Hrm, that's true.  But when you describe it like that it sounds like a
> > really non-obvious and fragile dependency between different components.
> that's how compat stuff is typically done for devices,
> CPUs shouldn't be an exception. 
> (consistency with other devices helps here in long run)
> 
> > > > The backup path that does thread-based cpu
> > > > init, can set has_stable_id to false (if that's not the default).  
> > > 
> > > Default is off, but turning it on for 2.7 will be inherited by 2.6
> > > and others below. Hence I have code to explicitly disable this prop
> > > for 2.6 and below via SPAPR_COMPAT_2_6.  
> > 
> > This is all seeming terribly awkward.
> Typically default is set the way so new machine type doesn't have
> to enable it explicitly.
> 
> However the way it's done here helps not to touch/check every user
> that uses cpu_index, limiting series impact only to code that
> asks for it, it look a lot safer to got this rout for now.

David,

- I believe there's a consensus on using core-id as the stable_cpu_id.
- You weren't liking the use of a separate property user-stable-cpu-id to
  control/enable the use of stable_cpu_id. After Igor's reply above, should
  we stick with that approach ?
- I am planning to drop the code that introduces cpu_common_unrealize()
  and that moves vmstate_[un]register() calls to qom/cpu.c as that affects
  all other archs. Instead lets just check for use_stable_cpu_id from exec.c
  itself and use it appropriately.

If you are ok with all the above, I shall post the next version on top
of Greg's patchset.

Regards,
Bharata.

Re: [Qemu-devel] [Qemu-ppc] [PULL 05/23] ppc: Enforce setting MSR:EE, IR and DR when MSR:PR is set

[Alfonso Gamboa]

I removed OpenTransport and other extensions and control panels as well as
patched the System Suitcase on some of those iso's on the emaculation.com
forum. They are not stock images.  Perhaps we still need further work.   As
far as 9.0.4 booting,  I have never succeeded in booting that,  awesome!

Mark: do you have a link to the latest working openbios-ppc?

Regards,
Alfonso
On 07/09/2016 07:42 PM, G 3 wrote:
>> On 07/09/2016 02:43 AM, Mark Cave-Ayland wrote:
>>
>>> On 01/07/16 07:41, David Gibson wrote:
>>>
>>>
 From: Benjamin Herrenschmidt 

 The architecture specifies that any instruction that sets MSR:PR will
also
 set MSR:EE, IR and DR.

 Signed-off-by: Benjamin Herrenschmidt 
 Signed-off-by: C?dric Le Goater 
 Signed-off-by: David Gibson 
 ---
  target-ppc/helper_regs.h | 4 
  1 file changed, 4 insertions(+)

 diff --git a/target-ppc/helper_regs.h b/target-ppc/helper_regs.h
 index 8fc0934..8fdfa5c 100644
 --- a/target-ppc/helper_regs.h
 +++ b/target-ppc/helper_regs.h
 @@ -136,6 +136,10 @@ static inline int hreg_store_msr(CPUPPCState
*env, target_ulong value,
  /* Change the exception prefix on PowerPC 601 */
  env->excp_prefix = ((value >> MSR_EP) & 1) * 0xFFF0;
  }
 +/* If PR=1 then EE, IR and DR must be 1 */
 +if ((value >> MSR_PR) & 1) {
 +value |= (1 << MSR_EE) | (1 << MSR_DR) | (1 << MSR_IR);
 +}
  #endif
  env->msr = value;
  hreg_compute_hflags(env);


>>>
>>> Unfortunately this patch causes a regression and breaks booting OS 9 and
>>> OS X under qemu-system-ppc.
>>>
>>
>> Ah This is curious.
>>
>>
>> I used :
>>
>> qemu-system-ppc -M g3beige -cdrom darwinppc-602.cdr -boot d
>> qemu-system-ppc -M mac99 -cdrom darwinppc-602.cdr -boot d
>> qemu-system-ppc64 -M g3beige -cdrom darwinppc-602.cdr -boot d
>>
>> which "work" as they reach the installation prompt :
>>
>> The following devices are available for installation.
>>
>> This one hangs :
>>
>> qemu-system-ppc64 -M mac99 -cdrom darwinppc-602.cdr -boot d
>>
>> But that is expected for a 970 cpu.
>>
>> The login prompt is reached with a full Darwin disk image.
>>
>> So I must be missing a scenario :/
>>
>> Thanks,
>>
>> C.
>
>
> I suggest you use a more up-to-date version of Darwin for PowerPC 64-bit
support:
>
> https://opensource.apple.com/static/iso/darwinppc-801.cdr.gz

ok. Will do.


Mark,

For OS 9, do you plan to commit these openbios patches soon ?


https://lists.nongnu.org/archive/html/qemu-devel/2015-11/msg02824.html

as we just gave them a good test. Or may be, include them under
a github branch to make them easier to find.


Also, I found out that some OS 9 isos are not supported by qemu.
These are ok :


http://www.emaculation.com/forum/viewtopic.php?f=34=7047=0ef8922b24a51d2a9d546300aea69c64=250

But the one under :

http://c-obrien.org/qemu-os9/testing/

does not boot. It loops on some CUDA commands and then hangs.
I did not dig further. Is that a known issue ?

Thanks,

C.

Re: [Qemu-devel] [PATCH 6/9] Convert cpu_memory_rw_debug to use MMUAccessType

[David Gibson]

On Sun, Jul 10, 2016 at 08:32:32PM +0100, Peter Maydell wrote:
> On 8 July 2016 at 04:42, David Gibson  wrote:
> > My only concern here is that the constants are named
> > *MMU*_DATA_... whereas these are physical memory accesses not
> > involving the MMU.  I can't actually see any current users of
> > MMUAccessType which makes me a bit confused as to what it's intended
> > meaning was
> 
> If you grep for MMU_DATA_LOAD/MMU_DATA_STORE/MMU_INST_FETCH
> you'll see the uses. A lot of the softmmu code uses the
> convention of 0=read,1=write,2=insn (which developed I
> think historically from a bool "is_write", which you'll
> still see in some function argument names, that was
> augmented to handle insn-fetch separately). The enum
> gives us some symbolic names for the constant values.
> (There's a proposed patch somewhere to change the
> 'int is_write' arguments to actually use the enum type.)

Ah, yes, I see.  Still surprisingly few, actually.

My concern about the potentially misleading name still stands..

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-ppc] [PATCH] spapr: fix core unplug crash

[David Gibson]

On Fri, Jul 08, 2016 at 05:47:01PM +0200, Greg Kurz wrote:
> On Fri, 08 Jul 2016 15:12:07 +0200
> Greg Kurz  wrote:
> 
> > If the host has 8 threads/core and the guest is started with:
> > 
> > -smp cores=1,threads=4,maxcpus=12
> > 
> > It is possible to crash QEMU by doing:
> > 
> > (qemu) device_add host-spapr-cpu-core,core-id=16,id=foo
> > (qemu) device_del foo
> > Segmentation fault
> > 
> > This is caused because spapr_core_unplug() assumes cpu_dt_id == core_id.
> > Even if it happens to be the case when the host and guest have the same
> > number of threads per core, it is conceptually wrong and we may pass a
> > bogus id to spapr_dr_connector_by_id() and spapr_core_release() crashes.
> > 
> > Let's use cc->core_id, which is the id that was used to create th DR
> > connector.
> 
> My bad, I got excited and pointed out the wrong culprit... it is cpu_index
> again of course ! Please find an updated explanation to be put in the
> changelog after "Segmentation fault":
> 
> 
> This happens because spapr_core_unplug() assumes cpu_dt_id == core_id.
> As long as cpu_dt_id is derived from the non-table cpu_index, this is
> only true when you plug cores with contiguous ids.
> 
> It is safer to be consistent: the DR connector was created with an
> index that is immediately written to cc->core_id, and spapr_core_plug()
> also relies on cc->core_id.
> 
> Let's use it also in spapr_core_unplug().
> 

Reworded in place, thanks.

> 
> > 
> > Signed-off-by: Greg Kurz 
> > ---
> >  hw/ppc/spapr_cpu_core.c |6 ++
> >  1 file changed, 2 insertions(+), 4 deletions(-)
> > 
> > diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> > index 70b6b0b5ee17..106eaf45b399 100644
> > --- a/hw/ppc/spapr_cpu_core.c
> > +++ b/hw/ppc/spapr_cpu_core.c
> > @@ -126,11 +126,9 @@ static void spapr_core_release(DeviceState *dev, void 
> > *opaque)
> >  void spapr_core_unplug(HotplugHandler *hotplug_dev, DeviceState *dev,
> > Error **errp)
> >  {
> > -sPAPRCPUCore *core = SPAPR_CPU_CORE(OBJECT(dev));
> > -PowerPCCPU *cpu = POWERPC_CPU(core->threads);
> > -int id = ppc_get_vcpu_dt_id(cpu);
> > +CPUCore *cc = CPU_CORE(dev);
> >  sPAPRDRConnector *drc =
> > -spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, id);
> > +spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, cc->core_id);
> >  sPAPRDRConnectorClass *drck;
> >  Error *local_err = NULL;
> >  
> > 
> > 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2] Fix confusing argument names in some common functions

[David Gibson]

I'm afraid your mailer has turned this into an unreadable HTML mess.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2] ppc: Fix support for odd MSR combinations

[David Gibson]

On Sat, Jul 09, 2016 at 01:41:31PM +1000, Benjamin Herrenschmidt wrote:
> MacOS uses an architecturally illegal MSR combination that
> seems nonetheless supported by 32-bit processors, which is
> to have MSR[PR]=1 and one or more of MSR[DR/IR/EE]=0.
> 
> This adds support for it. To work properly we need to also
> properly include support for PR=1,{I,D}R=0 to the MMU index
> used by the qemu TLB.
> 
> Signed-off-by: Benjamin Herrenschmidt 

Applied to ppc-for-2.7, thanks.


> ---
> 
> v2. Use the correct flags
> 
>  target-ppc/helper_regs.h | 46 ++
>  1 file changed, 22 insertions(+), 24 deletions(-)
> 
> diff --git a/target-ppc/helper_regs.h b/target-ppc/helper_regs.h
> index 8fdfa5c..466ad67 100644
> --- a/target-ppc/helper_regs.h
> +++ b/target-ppc/helper_regs.h
> @@ -41,17 +41,19 @@ static inline void hreg_swap_gpr_tgpr(CPUPPCState *env)
>  
>  static inline void hreg_compute_mem_idx(CPUPPCState *env)
>  {
> -/* This is our encoding for server processors
> +/* This is our encoding for server processors. The architecture
> + * specifies that there is no such thing as userspace with
> + * translation off, however it appears that MacOS does it and
> + * some 32-bit CPUs support it. Weird...
>   *
>   *   0 = Guest User space virtual mode
>   *   1 = Guest Kernel space virtual mode
> - *   2 = Guest Kernel space real mode
> - *   3 = HV User space virtual mode
> - *   4 = HV Kernel space virtual mode
> - *   5 = HV Kernel space real mode
> - *
> - * The combination PR=1 IR=0 is invalid, we will treat
> - * it as IR=DR=1
> + *   2 = Guest User space real mode
> + *   3 = Guest Kernel space real mode
> + *   4 = HV User space virtual mode
> + *   5 = HV Kernel space virtual mode
> + *   6 = HV User space real mode
> + *   7 = HV Kernel space real mode
>   *
>   * For BookE, we need 8 MMU modes as follow:
>   *
> @@ -71,20 +73,11 @@ static inline void hreg_compute_mem_idx(CPUPPCState *env)
>  env->immu_idx += msr_gs ? 4 : 0;
>  env->dmmu_idx += msr_gs ? 4 : 0;
>  } else {
> -/* First calucalte a base value independent of HV */
> -if (msr_pr != 0) {
> -/* User space, ignore IR and DR */
> -env->immu_idx = env->dmmu_idx = 0;
> -} else {
> -/* Kernel, setup a base I/D value */
> -env->immu_idx = msr_ir ? 1 : 2;
> -env->dmmu_idx = msr_dr ? 1 : 2;
> -}
> -/* Then offset it for HV */
> -if (msr_hv) {
> -env->immu_idx += 3;
> -env->dmmu_idx += 3;
> -}
> +env->immu_idx = env->dmmu_idx = msr_pr ? 0 : 1;
> +env->immu_idx += msr_ir ? 0 : 2;
> +env->dmmu_idx += msr_dr ? 0 : 2;
> +env->immu_idx += msr_hv ? 4 : 0;
> +env->dmmu_idx += msr_hv ? 4 : 0;
>  }
>  }
>  
> @@ -136,8 +129,13 @@ static inline int hreg_store_msr(CPUPPCState *env, 
> target_ulong value,
>  /* Change the exception prefix on PowerPC 601 */
>  env->excp_prefix = ((value >> MSR_EP) & 1) * 0xFFF0;
>  }
> -/* If PR=1 then EE, IR and DR must be 1 */
> -if ((value >> MSR_PR) & 1) {
> +/* If PR=1 then EE, IR and DR must be 1
> + *
> + * Note: We only enforce this on 64-bit processors. It appears that
> + * 32-bit implementations supports PR=1 and EE/DR/IR=0 and MacOS
> + * exploits it.
> + */
> +if ((env->insns_flags & PPC_64B) && ((value >> MSR_PR) & 1)) {
>  value |= (1 << MSR_EE) | (1 << MSR_DR) | (1 << MSR_IR);
>  }
>  #endif
> 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] spapr: fix core unplug crash

[David Gibson]

On Fri, Jul 08, 2016 at 03:12:07PM +0200, Greg Kurz wrote:
> If the host has 8 threads/core and the guest is started with:
> 
> -smp cores=1,threads=4,maxcpus=12
> 
> It is possible to crash QEMU by doing:
> 
> (qemu) device_add host-spapr-cpu-core,core-id=16,id=foo
> (qemu) device_del foo
> Segmentation fault
> 
> This is caused because spapr_core_unplug() assumes cpu_dt_id == core_id.
> Even if it happens to be the case when the host and guest have the same
> number of threads per core, it is conceptually wrong and we may pass a
> bogus id to spapr_dr_connector_by_id() and spapr_core_release() crashes.
> 
> Let's use cc->core_id, which is the id that was used to create th DR
> connector.
> 
> Signed-off-by: Greg Kurz 

Thanks,  applied to ppc-for-2.7.

> ---
>  hw/ppc/spapr_cpu_core.c |6 ++
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> index 70b6b0b5ee17..106eaf45b399 100644
> --- a/hw/ppc/spapr_cpu_core.c
> +++ b/hw/ppc/spapr_cpu_core.c
> @@ -126,11 +126,9 @@ static void spapr_core_release(DeviceState *dev, void 
> *opaque)
>  void spapr_core_unplug(HotplugHandler *hotplug_dev, DeviceState *dev,
> Error **errp)
>  {
> -sPAPRCPUCore *core = SPAPR_CPU_CORE(OBJECT(dev));
> -PowerPCCPU *cpu = POWERPC_CPU(core->threads);
> -int id = ppc_get_vcpu_dt_id(cpu);
> +CPUCore *cc = CPU_CORE(dev);
>  sPAPRDRConnector *drc =
> -spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, id);
> +spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, cc->core_id);
>  sPAPRDRConnectorClass *drck;
>  Error *local_err = NULL;
>  
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 0/6] dbdma: improve logging and various fixes

[David Gibson]

On Sun, Jul 10, 2016 at 07:08:52PM +0100, Mark Cave-Ayland wrote:
> This patchset is based upon some work Ben H did to fix various DBDMA issues
> found whilst trying to boot MacOS 9 (effectively a minimal rework of a
> WIP diff). With this patch, along with the patch for odd MSR combinations,
> it becomes possible to boot MacOS 9 relibably in QEMU.
> 
> It has been part of my local tests for a few weeks now, however since the
> PowerNV work has caused regressions in my MacOS 9 tests, Ben suggested 
> that I submit the patchset anyway with his Ack to allow others to test their
> latest patches before submission.
> 
> Signed-off-by: Mark Cave-Ayland 

Series applied to ppc-for-2.7, thanks.
> 
> Mark Cave-Ayland (6):
>   dbdma: always define DBDMA_DPRINTF and enable debug with DEBUG_DBDMA
>   dbdma: add per-channel debugging enabled via DEBUG_DBDMA_CHANMASK
>   dbdma: fix endian of DBDMA_CMDPTR_LO during branch
>   dbdma: fix load_word/store_word value endianness
>   dbdma: set FLUSH bit upon reception of flush command for unassigned
> DBDMA channels
>   dbdma: reset io->processing flag for unassigned DBDMA channel rw
> accesses
> 
>  hw/misc/macio/mac_dbdma.c |  125 
> +++--
>  1 file changed, 65 insertions(+), 60 deletions(-)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [RFC PATCH V2] qemu-char: Fix context for g_source_attach()

[Zhang Chen]

On 07/08/2016 10:27 PM, Paolo Bonzini wrote:


On 08/07/2016 10:54, Daniel P. Berrange wrote:

On Fri, Jul 08, 2016 at 09:48:23AM +0800, Fam Zheng wrote:

On Wed, 06/22 18:49, Zhang Chen wrote:

We want to poll and handle chardev in another thread
other than main loop. But qemu_chr_add_handlers() can only
work for global default context other than thread default context.
So we use g_source_attach(xx, g_main_context_get_thread_default())
replace g_source_attach(xx, NULL) to attach g_source.
Comments from jason.

Signed-off-by: Zhang Chen 
Signed-off-by: Jason Wang 
---
  io/channel.c | 2 +-
  qemu-char.c  | 6 +++---
  2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/io/channel.c b/io/channel.c
index 692eb17..cd25677 100644
--- a/io/channel.c
+++ b/io/channel.c
@@ -146,7 +146,7 @@ guint qio_channel_add_watch(QIOChannel *ioc,
  
  g_source_set_callback(source, (GSourceFunc)func, user_data, notify);
  
-id = g_source_attach(source, NULL);

+id = g_source_attach(source, g_main_context_get_thread_default());
  g_source_unref(source);
  
  return id;

diff --git a/qemu-char.c b/qemu-char.c
index 84f49ac..4340457 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -859,7 +859,7 @@ static gboolean io_watch_poll_prepare(GSource *source, gint 
*timeout_)
  iwp->src = qio_channel_create_watch(
  iwp->ioc, G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL);
  g_source_set_callback(iwp->src, iwp->fd_read, iwp->opaque, NULL);
-g_source_attach(iwp->src, NULL);
+g_source_attach(iwp->src, g_main_context_get_thread_default());
  } else {
  g_source_destroy(iwp->src);
  g_source_unref(iwp->src);
@@ -918,7 +918,7 @@ static guint io_add_watch_poll(QIOChannel *ioc,
  iwp->fd_read = (GSourceFunc) fd_read;
  iwp->src = NULL;
  
-tag = g_source_attach(>parent, NULL);

+tag = g_source_attach(>parent, g_main_context_get_thread_default());
  g_source_unref(>parent);
  return tag;
  }
@@ -3982,7 +3982,7 @@ int qemu_chr_fe_add_watch(CharDriverState *s, 
GIOCondition cond,
  }
  
  g_source_set_callback(src, (GSourceFunc)func, user_data, NULL);

-tag = g_source_attach(src, NULL);
+tag = g_source_attach(src, g_main_context_get_thread_default());
  g_source_unref(src);
  
  return tag;

--

IIRC this opens a gate for your special thread (COLO compare thread?) to use
QIOChannel.

I've no real objection to this proposed patch, though it is fairly pointless
to take it now without seeing any following patch that actually makes use
of this added feature.

I agree.


Should I move this patch to the "[RFC PATCH V5 0/4] Introduce COLO-compare"
patch set? that can show how it works.

you can see this patch for how to use:
http://lists.nongnu.org/archive/html/qemu-devel/2016-06/msg06754.html





I think in the long run it is better to think about allowing integrating QIO to
AioContext, to support its usage outside main loop.  Given how opaque GSource
is, I'm not sure how feasible that is, or how useful it will be.  Anyway we
should definitely hear more opinions from Daniel and Paolo.

Personally I think it is preferable to stick as close to the standard GSource
model as possible, as that's widely used & well understood API, compared to the
QEMU specific AioContext.

AioContext is more optimized for the case where the callbacks are
static.  In general this is not the case for qemu-char.c.


I don't sure AioContext can do this job good, but I think
we can make qemu more flexible to do same one job.
All roads lead to Rome.

Thanks
Zhang Chen



Paolo


.



--
Thanks
zhangchen

[Qemu-devel] [Qemu-ppc] [PATCH 0/6] dbdma: improve logging and various fixes

[Programmingkid]

On Jul 10, 2016, at 2:09 PM, qemu-ppc-requ...@nongnu.org wrote:

> This patchset is based upon some work Ben H did to fix various DBDMA issues
> found whilst trying to boot MacOS 9 (effectively a minimal rework of a
> WIP diff). With this patch, along with the patch for odd MSR combinations,
> it becomes possible to boot MacOS 9 relibably in QEMU.
> 
> It has been part of my local tests for a few weeks now, however since the
> PowerNV work has caused regressions in my MacOS 9 tests, Ben suggested 
> that I submit the patchset anyway with his Ack to allow others to test their
> latest patches before submission.
> 
> Signed-off-by: Mark Cave-Ayland 
> 
> Mark Cave-Ayland (6):
>  dbdma: always define DBDMA_DPRINTF and enable debug with DEBUG_DBDMA
>  dbdma: add per-channel debugging enabled via DEBUG_DBDMA_CHANMASK
>  dbdma: fix endian of DBDMA_CMDPTR_LO during branch
>  dbdma: fix load_word/store_word value endianness
>  dbdma: set FLUSH bit upon reception of flush command for unassigned
>DBDMA channels
>  dbdma: reset io->processing flag for unassigned DBDMA channel rw
>accesses
> 
> hw/misc/macio/mac_dbdma.c |  125 +++--
> 1 file changed, 65 insertions(+), 60 deletions(-)
> 
> -- 
> 1.7.10.4

Your patch set makes Mac OS 9.0.4 work in QEMU. My installation boots with all 
Apple extensions enabled. I was able to open an MPEG file in Quicktime player 
for the first time. It didn't play very well, and there was no sound, but I am 
so glad you made this progress.

Re: [Qemu-devel] [Qemu-ppc] [PULL 05/23] ppc: Enforce setting MSR:EE, IR and DR when MSR:PR is set

[Cédric Le Goater]

On 07/09/2016 07:42 PM, G 3 wrote:
>> On 07/09/2016 02:43 AM, Mark Cave-Ayland wrote:
>>
>>> On 01/07/16 07:41, David Gibson wrote:
>>>
>>>
 From: Benjamin Herrenschmidt 

 The architecture specifies that any instruction that sets MSR:PR will also
 set MSR:EE, IR and DR.

 Signed-off-by: Benjamin Herrenschmidt 
 Signed-off-by: C?dric Le Goater 
 Signed-off-by: David Gibson 
 ---
  target-ppc/helper_regs.h | 4 
  1 file changed, 4 insertions(+)

 diff --git a/target-ppc/helper_regs.h b/target-ppc/helper_regs.h
 index 8fc0934..8fdfa5c 100644
 --- a/target-ppc/helper_regs.h
 +++ b/target-ppc/helper_regs.h
 @@ -136,6 +136,10 @@ static inline int hreg_store_msr(CPUPPCState *env, 
 target_ulong value,
  /* Change the exception prefix on PowerPC 601 */
  env->excp_prefix = ((value >> MSR_EP) & 1) * 0xFFF0;
  }
 +/* If PR=1 then EE, IR and DR must be 1 */
 +if ((value >> MSR_PR) & 1) {
 +value |= (1 << MSR_EE) | (1 << MSR_DR) | (1 << MSR_IR);
 +}
  #endif
  env->msr = value;
  hreg_compute_hflags(env);


>>>
>>> Unfortunately this patch causes a regression and breaks booting OS 9 and
>>> OS X under qemu-system-ppc.
>>>
>>
>> Ah This is curious.
>>
>>
>> I used :
>>
>> qemu-system-ppc -M g3beige -cdrom darwinppc-602.cdr -boot d
>> qemu-system-ppc -M mac99 -cdrom darwinppc-602.cdr -boot d
>> qemu-system-ppc64 -M g3beige -cdrom darwinppc-602.cdr -boot d
>>
>> which "work" as they reach the installation prompt :
>>
>> The following devices are available for installation.
>>
>> This one hangs :
>>
>> qemu-system-ppc64 -M mac99 -cdrom darwinppc-602.cdr -boot d
>>
>> But that is expected for a 970 cpu.
>>
>> The login prompt is reached with a full Darwin disk image.
>>
>> So I must be missing a scenario :/
>>
>> Thanks,
>>
>> C.
> 
> 
> I suggest you use a more up-to-date version of Darwin for PowerPC 64-bit 
> support:
> 
> https://opensource.apple.com/static/iso/darwinppc-801.cdr.gz

ok. Will do.


Mark, 

For OS 9, do you plan to commit these openbios patches soon ? 

https://lists.nongnu.org/archive/html/qemu-devel/2015-11/msg02824.html

as we just gave them a good test. Or may be, include them under 
a github branch to make them easier to find.


Also, I found out that some OS 9 isos are not supported by qemu. 
These are ok : 


http://www.emaculation.com/forum/viewtopic.php?f=34=7047=0ef8922b24a51d2a9d546300aea69c64=250

But the one under :

http://c-obrien.org/qemu-os9/testing/

does not boot. It loops on some CUDA commands and then hangs. 
I did not dig further. Is that a known issue ? 
 
Thanks,

C.

Re: [Qemu-devel] [gdbstub] qemu is killed by gdb

[Alon Bar-Lev]

Hi,
Is someone interested in making gdb work when debugging qemu using -s -S?
Currently qemu just quits, see below.
Thanks!
Alon

On 5 July 2016 at 22:50, Alon Bar-Lev  wrote:
> Hello,
>
> I am aware that this was discussed many times, however, problem remains.
>
> Use case loading u-boot.
>
> 1. Run qemu in debug mode:
> $ qemu-system-mips -M malta -nographic -m 256 -s -S
>
> 2. Run gdb:
> $ mips-unknown-linux-uclibceabi-gdb
> (gdb) target remote :1234
> (gdb) load u-boot
> (gdb) target exec
>
> In this case qemu master is killed by the gdb while it should remain
> running, it used to work in older versions of qemu.
>
> There was a patch that was reverted[1] with a solution that apparently
> not working.
>
> Is there any other sequence to load and run ELF into qemu by gdb?
>
> Thanks,
> Alon
>
> [1] 
> https://git.greensocs.com/fkonrad/mttcg/commit/ce0274f730eacbd24c706523ddbbabb6b95d0659

Re: [Qemu-devel] [RFC v4 2/6] target-arm: move gicv3_class_name from machine to kvm_arm.h

[Auger Eric]

Hi
On 06/07/2016 11:46, Eric Auger wrote:
> Machine.c contains code related to migration. Let's move
> gicv3_class_name to kvm_arm.h instead.
> 
> Signed-off-by: Eric Auger 
> Suggested-by: Peter Maydell 
> 
> ---
> 
> v4: creation
> ---
>  target-arm/kvm_arm.h | 16 +++-
>  target-arm/machine.c | 16 
>  2 files changed, 15 insertions(+), 17 deletions(-)
> 
> diff --git a/target-arm/kvm_arm.h b/target-arm/kvm_arm.h
> index 544e404..4fb6d15 100644
> --- a/target-arm/kvm_arm.h
> +++ b/target-arm/kvm_arm.h
> @@ -223,7 +223,21 @@ static inline const char *gic_class_name(void)
>   *
>   * Returns: class name to use
>   */
> -const char *gicv3_class_name(void);
> +static inline const char *gicv3_class_name(void)
> +{
> +if (kvm_irqchip_in_kernel()) {
> +#ifdef TARGET_AARCH64
> +return "kvm-arm-gicv3";
> +#else
> +error_report("KVM GICv3 acceleration is not supported on this "
> + "platform");
this fails to compile without adding
#include "qemu/error-report.h"

I will correct this on the next version.

Sorry for the oversight.

Best Regards

Eric
> +#endif
> +} else {
> +return "arm-gicv3";
> +}
> +
> +exit(1);
> +}
>  
>  /**
>   * kvm_arm_handle_debug:
> diff --git a/target-arm/machine.c b/target-arm/machine.c
> index 2dbeb82..d90943b 100644
> --- a/target-arm/machine.c
> +++ b/target-arm/machine.c
> @@ -331,19 +331,3 @@ const VMStateDescription vmstate_arm_cpu = {
>  NULL
>  }
>  };
> -
> -const char *gicv3_class_name(void)
> -{
> -if (kvm_irqchip_in_kernel()) {
> -#ifdef TARGET_AARCH64
> -return "kvm-arm-gicv3";
> -#else
> -error_report("KVM GICv3 acceleration is not supported on this "
> - "platform");
> -#endif
> -} else {
> -return "arm-gicv3";
> -}
> -
> -exit(1);
> -}
> 

Re: [Qemu-devel] [PATCH 6/9] Convert cpu_memory_rw_debug to use MMUAccessType

[Peter Maydell]

On 8 July 2016 at 04:42, David Gibson  wrote:
> My only concern here is that the constants are named
> *MMU*_DATA_... whereas these are physical memory accesses not
> involving the MMU.  I can't actually see any current users of
> MMUAccessType which makes me a bit confused as to what it's intended
> meaning was

If you grep for MMU_DATA_LOAD/MMU_DATA_STORE/MMU_INST_FETCH
you'll see the uses. A lot of the softmmu code uses the
convention of 0=read,1=write,2=insn (which developed I
think historically from a bool "is_write", which you'll
still see in some function argument names, that was
augmented to handle insn-fetch separately). The enum
gives us some symbolic names for the constant values.
(There's a proposed patch somewhere to change the
'int is_write' arguments to actually use the enum type.)

thanks
-- PMM

[Qemu-devel] [PATCH 4/6] dbdma: fix load_word/store_word value endianness

[Mark Cave-Ayland]

The values to read/write to/from physical memory are copied directly to the
physical address with no endian swapping required.

Also add some extra information to debugging output while we are here.

Signed-off-by: Mark Cave-Ayland 
Acked-by: Benjamin Herrenschmidt 
---
 hw/misc/macio/mac_dbdma.c |   24 +---
 1 file changed, 5 insertions(+), 19 deletions(-)

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index bb52cb9..f437a55 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -350,9 +350,8 @@ static void load_word(DBDMA_channel *ch, int key, uint32_t 
addr,
  uint16_t len)
 {
 dbdma_cmd *current = >current;
-uint32_t val;
 
-DBDMA_DPRINTFCH(ch, "load_word\n");
+DBDMA_DPRINTFCH(ch, "load_word %d bytes, addr=%08x\n", len, addr);
 
 /* only implements KEY_SYSTEM */
 
@@ -362,14 +361,7 @@ static void load_word(DBDMA_channel *ch, int key, uint32_t 
addr,
 return;
 }
 
-dma_memory_read(_space_memory, addr, , len);
-
-if (len == 2)
-val = (val << 16) | (current->cmd_dep & 0x);
-else if (len == 1)
-val = (val << 24) | (current->cmd_dep & 0x00ff);
-
-current->cmd_dep = val;
+dma_memory_read(_space_memory, addr, >cmd_dep, len);
 
 if (conditional_wait(ch))
 goto wait;
@@ -389,9 +381,9 @@ static void store_word(DBDMA_channel *ch, int key, uint32_t 
addr,
   uint16_t len)
 {
 dbdma_cmd *current = >current;
-uint32_t val;
 
-DBDMA_DPRINTFCH(ch, "store_word\n");
+DBDMA_DPRINTFCH(ch, "store_word %d bytes, addr=%08x pa=%x\n",
+len, addr, le32_to_cpu(current->cmd_dep));
 
 /* only implements KEY_SYSTEM */
 
@@ -401,13 +393,7 @@ static void store_word(DBDMA_channel *ch, int key, 
uint32_t addr,
 return;
 }
 
-val = current->cmd_dep;
-if (len == 2)
-val >>= 16;
-else if (len == 1)
-val >>= 24;
-
-dma_memory_write(_space_memory, addr, , len);
+dma_memory_write(_space_memory, addr, >cmd_dep, len);
 
 if (conditional_wait(ch))
 goto wait;
-- 
1.7.10.4

[Qemu-devel] [PATCH 5/6] dbdma: set FLUSH bit upon reception of flush command for unassigned DBDMA channels

[Mark Cave-Ayland]

This fixes MacOS 9 whereby it continually flushes and polls the status bits
until they are set to indicate a successful flush.

Signed-off-by: Mark Cave-Ayland 
Acked-by: Benjamin Herrenschmidt 
---
 hw/misc/macio/mac_dbdma.c |   10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index f437a55..cb740c1 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -783,8 +783,18 @@ static void dbdma_unassigned_rw(DBDMA_io *io)
 static void dbdma_unassigned_flush(DBDMA_io *io)
 {
 DBDMA_channel *ch = io->channel;
+dbdma_cmd *current = >current;
+uint16_t cmd;
 qemu_log_mask(LOG_GUEST_ERROR, "%s: use of unassigned channel %d\n",
   __func__, ch->channel);
+
+cmd = le16_to_cpu(current->command) & COMMAND_MASK;
+if (cmd == OUTPUT_MORE || cmd == OUTPUT_LAST ||
+cmd == INPUT_MORE || cmd == INPUT_LAST) {
+current->xfer_status = cpu_to_le16(ch->regs[DBDMA_STATUS] | FLUSH);
+current->res_count = cpu_to_le16(io->len);
+dbdma_cmdptr_save(ch);
+}
 }
 
 void* DBDMA_init (MemoryRegion **dbdma_mem)
-- 
1.7.10.4

[Qemu-devel] [PATCH 2/6] dbdma: add per-channel debugging enabled via DEBUG_DBDMA_CHANMASK

[Mark Cave-Ayland]

By default large amounts of DBDMA debugging are produced when often it is just
1 or 2 channels that are of interest. Introduce DEBUG_DBDMA_CHANMASK to allow
the developer to select the channels of interest at compile time, and then
further add the extra channel information to each debug statement where
possible.

Also clearly mark the start/end of DBDMA_run_bh to allow tracking the bottom
half execution.

Signed-off-by: Mark Cave-Ayland 
Acked-by: Benjamin Herrenschmidt 
---
 hw/misc/macio/mac_dbdma.c |   75 +
 1 file changed, 42 insertions(+), 33 deletions(-)

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index b6639f4..8e4b208 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -46,6 +46,7 @@
 
 /* debug DBDMA */
 #define DEBUG_DBDMA 0
+#define DEBUG_DBDMA_CHANMASK ((1ul << DBDMA_CHANNELS) - 1)
 
 #define DBDMA_DPRINTF(fmt, ...) do { \
 if (DEBUG_DBDMA) { \
@@ -53,6 +54,14 @@
 } \
 } while (0);
 
+#define DBDMA_DPRINTFCH(ch, fmt, ...) do { \
+if (DEBUG_DBDMA) { \
+if ((1ul << (ch)->channel) & DEBUG_DBDMA_CHANMASK) { \
+printf("DBDMA[%02x]: " fmt , (ch)->channel, ## __VA_ARGS__); \
+} \
+} \
+} while (0);
+
 /*
  */
 
@@ -79,26 +88,26 @@ static void dump_dbdma_cmd(dbdma_cmd *cmd)
 #endif
 static void dbdma_cmdptr_load(DBDMA_channel *ch)
 {
-DBDMA_DPRINTF("dbdma_cmdptr_load 0x%08x\n",
-  ch->regs[DBDMA_CMDPTR_LO]);
+DBDMA_DPRINTFCH(ch, "dbdma_cmdptr_load 0x%08x\n",
+ch->regs[DBDMA_CMDPTR_LO]);
 dma_memory_read(_space_memory, ch->regs[DBDMA_CMDPTR_LO],
 >current, sizeof(dbdma_cmd));
 }
 
 static void dbdma_cmdptr_save(DBDMA_channel *ch)
 {
-DBDMA_DPRINTF("dbdma_cmdptr_save 0x%08x\n",
-  ch->regs[DBDMA_CMDPTR_LO]);
-DBDMA_DPRINTF("xfer_status 0x%08x res_count 0x%04x\n",
-  le16_to_cpu(ch->current.xfer_status),
-  le16_to_cpu(ch->current.res_count));
+DBDMA_DPRINTFCH(ch, "dbdma_cmdptr_save 0x%08x\n",
+ch->regs[DBDMA_CMDPTR_LO]);
+DBDMA_DPRINTFCH(ch, "xfer_status 0x%08x res_count 0x%04x\n",
+le16_to_cpu(ch->current.xfer_status),
+le16_to_cpu(ch->current.res_count));
 dma_memory_write(_space_memory, ch->regs[DBDMA_CMDPTR_LO],
  >current, sizeof(dbdma_cmd));
 }
 
 static void kill_channel(DBDMA_channel *ch)
 {
-DBDMA_DPRINTF("kill_channel\n");
+DBDMA_DPRINTFCH(ch, "kill_channel\n");
 
 ch->regs[DBDMA_STATUS] |= DEAD;
 ch->regs[DBDMA_STATUS] &= ~ACTIVE;
@@ -114,7 +123,7 @@ static void conditional_interrupt(DBDMA_channel *ch)
 uint32_t status;
 int cond;
 
-DBDMA_DPRINTF("%s\n", __func__);
+DBDMA_DPRINTFCH(ch, "%s\n", __func__);
 
 intr = le16_to_cpu(current->command) & INTR_MASK;
 
@@ -123,7 +132,7 @@ static void conditional_interrupt(DBDMA_channel *ch)
 return;
 case INTR_ALWAYS: /* always interrupt */
 qemu_irq_raise(ch->irq);
-DBDMA_DPRINTF("%s: raise\n", __func__);
+DBDMA_DPRINTFCH(ch, "%s: raise\n", __func__);
 return;
 }
 
@@ -138,13 +147,13 @@ static void conditional_interrupt(DBDMA_channel *ch)
 case INTR_IFSET:  /* intr if condition bit is 1 */
 if (cond) {
 qemu_irq_raise(ch->irq);
-DBDMA_DPRINTF("%s: raise\n", __func__);
+DBDMA_DPRINTFCH(ch, "%s: raise\n", __func__);
 }
 return;
 case INTR_IFCLR:  /* intr if condition bit is 0 */
 if (!cond) {
 qemu_irq_raise(ch->irq);
-DBDMA_DPRINTF("%s: raise\n", __func__);
+DBDMA_DPRINTFCH(ch, "%s: raise\n", __func__);
 }
 return;
 }
@@ -158,7 +167,7 @@ static int conditional_wait(DBDMA_channel *ch)
 uint32_t status;
 int cond;
 
-DBDMA_DPRINTF("conditional_wait\n");
+DBDMA_DPRINTFCH(ch, "conditional_wait\n");
 
 wait = le16_to_cpu(current->command) & WAIT_MASK;
 
@@ -217,7 +226,7 @@ static void conditional_branch(DBDMA_channel *ch)
 uint32_t status;
 int cond;
 
-DBDMA_DPRINTF("conditional_branch\n");
+DBDMA_DPRINTFCH(ch, "conditional_branch\n");
 
 /* check if we must branch */
 
@@ -262,7 +271,7 @@ static void dbdma_end(DBDMA_io *io)
 DBDMA_channel *ch = io->channel;
 dbdma_cmd *current = >current;
 
-DBDMA_DPRINTF("%s\n", __func__);
+DBDMA_DPRINTFCH(ch, "%s\n", __func__);
 
 if (conditional_wait(ch))
 goto wait;
@@ -288,13 +297,13 @@ wait:
 static void start_output(DBDMA_channel *ch, int key, uint32_t addr,
 uint16_t req_count, int is_last)
 {
-DBDMA_DPRINTF("start_output\n");
+DBDMA_DPRINTFCH(ch, "start_output\n");
 
 /* KEY_REGS, KEY_DEVICE and KEY_STREAM
  * are not implemented in the mac-io chip
  */
 
-DBDMA_DPRINTF("addr 0x%x key 

[Qemu-devel] [PATCH 6/6] dbdma: reset io->processing flag for unassigned DBDMA channel rw accesses

[Mark Cave-Ayland]

Otherwise MacOS 9 hangs upon shutdown.

Signed-off-by: Mark Cave-Ayland 
Acked-by: Benjamin Herrenschmidt 
---
 hw/misc/macio/mac_dbdma.c |1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index cb740c1..335a5e4 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -778,6 +778,7 @@ static void dbdma_unassigned_rw(DBDMA_io *io)
 DBDMA_channel *ch = io->channel;
 qemu_log_mask(LOG_GUEST_ERROR, "%s: use of unassigned channel %d\n",
   __func__, ch->channel);
+ch->io.processing = false;
 }
 
 static void dbdma_unassigned_flush(DBDMA_io *io)
-- 
1.7.10.4

[Qemu-devel] [PATCH 1/6] dbdma: always define DBDMA_DPRINTF and enable debug with DEBUG_DBDMA

[Mark Cave-Ayland]

Enabling DBDMA_DPRINTF unconditionally ensures that any errors in debug
statements are picked up immediately.

Signed-off-by: Mark Cave-Ayland 
Acked-by: Benjamin Herrenschmidt 
---
 hw/misc/macio/mac_dbdma.c |   15 +++
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index f116f9c..b6639f4 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -45,14 +45,13 @@
 #include "sysemu/dma.h"
 
 /* debug DBDMA */
-//#define DEBUG_DBDMA
+#define DEBUG_DBDMA 0
 
-#ifdef DEBUG_DBDMA
-#define DBDMA_DPRINTF(fmt, ...) \
-do { printf("DBDMA: " fmt , ## __VA_ARGS__); } while (0)
-#else
-#define DBDMA_DPRINTF(fmt, ...)
-#endif
+#define DBDMA_DPRINTF(fmt, ...) do { \
+if (DEBUG_DBDMA) { \
+printf("DBDMA: " fmt , ## __VA_ARGS__); \
+} \
+} while (0);
 
 /*
  */
@@ -62,7 +61,7 @@ static DBDMAState *dbdma_from_ch(DBDMA_channel *ch)
 return container_of(ch, DBDMAState, channels[ch->channel]);
 }
 
-#ifdef DEBUG_DBDMA
+#if DEBUG_DBDMA
 static void dump_dbdma_cmd(dbdma_cmd *cmd)
 {
 printf("dbdma_cmd %p\n", cmd);
-- 
1.7.10.4

[Qemu-devel] [PATCH 3/6] dbdma: fix endian of DBDMA_CMDPTR_LO during branch

[Mark Cave-Ayland]

The current DBDMA command is stored in little-endian format, so make sure
we convert it to match our CPU when updating the DBDMA_CMDPTR_LO register.

Signed-off-by: Mark Cave-Ayland 
Acked-by: Benjamin Herrenschmidt 
---
 hw/misc/macio/mac_dbdma.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index 8e4b208..bb52cb9 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -213,7 +213,7 @@ static void branch(DBDMA_channel *ch)
 {
 dbdma_cmd *current = >current;
 
-ch->regs[DBDMA_CMDPTR_LO] = current->cmd_dep;
+ch->regs[DBDMA_CMDPTR_LO] = le32_to_cpu(current->cmd_dep);
 ch->regs[DBDMA_STATUS] |= BT;
 dbdma_cmdptr_load(ch);
 }
-- 
1.7.10.4

[Qemu-devel] [PATCH 0/6] dbdma: improve logging and various fixes

[Mark Cave-Ayland]

This patchset is based upon some work Ben H did to fix various DBDMA issues
found whilst trying to boot MacOS 9 (effectively a minimal rework of a
WIP diff). With this patch, along with the patch for odd MSR combinations,
it becomes possible to boot MacOS 9 relibably in QEMU.

It has been part of my local tests for a few weeks now, however since the
PowerNV work has caused regressions in my MacOS 9 tests, Ben suggested 
that I submit the patchset anyway with his Ack to allow others to test their
latest patches before submission.

Signed-off-by: Mark Cave-Ayland 

Mark Cave-Ayland (6):
  dbdma: always define DBDMA_DPRINTF and enable debug with DEBUG_DBDMA
  dbdma: add per-channel debugging enabled via DEBUG_DBDMA_CHANMASK
  dbdma: fix endian of DBDMA_CMDPTR_LO during branch
  dbdma: fix load_word/store_word value endianness
  dbdma: set FLUSH bit upon reception of flush command for unassigned
DBDMA channels
  dbdma: reset io->processing flag for unassigned DBDMA channel rw
accesses

 hw/misc/macio/mac_dbdma.c |  125 +++--
 1 file changed, 65 insertions(+), 60 deletions(-)

-- 
1.7.10.4

[Qemu-devel] [PULL 2/2] build: Use $(AS) for optionrom explicitly

[Richard Henderson]

For clang before 3.5, -fno-integrated-as does not exist,
so the workaround in 5f6f0e27fb24 fails to build.

Use clang's default assembler for linux-user/safe-syscall.S,
and explicitly change to use the system assembler for the
option roms.

Tested-by: Alex Bennée 
Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
 configure  | 10 +++---
 pc-bios/optionrom/Makefile |  3 +++
 rules.mak  |  2 +-
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/configure b/configure
index e9090a0..5ada56d 100755
--- a/configure
+++ b/configure
@@ -368,6 +368,7 @@ else
 fi
 
 ar="${AR-${cross_prefix}ar}"
+as="${AS-${cross_prefix}as}"
 ccas="${CCAS-$cc}"
 cpp="${CPP-$cc -E}"
 objcopy="${OBJCOPY-${cross_prefix}objcopy}"
@@ -4490,13 +4491,6 @@ if test "$fortify_source" != "no"; then
   fi
 fi
 
-#
-# clang does not support the 16-bit assembly for roms
-
-if echo | $ccas -dM -E - | grep __clang__ > /dev/null 2>&1 ; then
-  ccas="$ccas -fno-integrated-as"
-fi
-
 ##
 # check if struct fsxattr is available via linux/fs.h
 
@@ -5515,6 +5509,7 @@ echo "CXX=$cxx" >> $config_host_mak
 echo "OBJCC=$objcc" >> $config_host_mak
 echo "AR=$ar" >> $config_host_mak
 echo "ARFLAGS=$ARFLAGS" >> $config_host_mak
+echo "AS=$as" >> $config_host_mak
 echo "CCAS=$ccas" >> $config_host_mak
 echo "CPP=$cpp" >> $config_host_mak
 echo "OBJCOPY=$objcopy" >> $config_host_mak
@@ -5988,6 +5983,7 @@ for rom in seabios vgabios ; do
 config_mak=roms/$rom/config.mak
 echo "# Automatically generated by configure - do not modify" > $config_mak
 echo "SRC_PATH=$source_path/roms/$rom" >> $config_mak
+echo "AS=$as" >> $config_mak
 echo "CCAS=$ccas" >> $config_mak
 echo "CC=$cc" >> $config_mak
 echo "BCC=bcc" >> $config_mak
diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index ce4852a..2cdda87 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -20,6 +20,9 @@ build-all: multiboot.bin linuxboot.bin kvmvapic.bin
 # suppress auto-removal of intermediate files
 .SECONDARY:
 
+%.o: %.S
+   $(call quiet-command,$(CPP) $(QEMU_INCLUDES) $(QEMU_DGFLAGS) $(CFLAGS) 
-c -o - $< | $(AS) $(ASFLAGS) -o $@,"  AS$(TARGET_DIR)$@")
+
 %.img: %.o
$(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -Ttext 0 -e _start -s -o $@ 
$<,"  Building $(TARGET_DIR)$@")
 
diff --git a/rules.mak b/rules.mak
index 7d7d83b..ed8e482 100644
--- a/rules.mak
+++ b/rules.mak
@@ -69,7 +69,7 @@ LINK = $(call quiet-command, $(LINKPROG) $(QEMU_CFLAGS) 
$(CFLAGS) $(LDFLAGS) -o
$(version-obj-y) $(call extract-libs,$1) $(LIBS),"  LINK  
$(TARGET_DIR)$@")
 
 %.o: %.S
-   $(call quiet-command,$(CCAS) $(QEMU_INCLUDES) $(QEMU_CFLAGS) 
$(QEMU_DGFLAGS) $(CFLAGS) -c -o $@ $<,"  AS$(TARGET_DIR)$@")
+   $(call quiet-command,$(CCAS) $(QEMU_INCLUDES) $(QEMU_CFLAGS) 
$(QEMU_DGFLAGS) $(CFLAGS) -c -o $@ $<,"  CCAS  $(TARGET_DIR)$@")
 
 %.o: %.cc
$(call quiet-command,$(CXX) $(QEMU_INCLUDES) $(QEMU_CXXFLAGS) 
$(QEMU_DGFLAGS) $(CFLAGS) $($@-cflags) -c -o $@ $<,"  CXX   $(TARGET_DIR)$@")
-- 
2.7.4

[Qemu-devel] [PULL 0/2] build fix for clang 3.4

[Richard Henderson]

Our Travis CI system uses clang 3.4, and is currently
broken by a patch from me that required clang 3.5.


r~



The following changes since commit 4f4a9ca4a4386c137301b3662faba076455ff15a:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20160707' 
into staging (2016-07-07 14:49:38 +0100)

are available in the git repository at:

  git://github.com/rth7680/qemu.git pull-rth-20160710

for you to fetch changes up to cdbd727c20ad7aac7797dc8c95e485e1a4c6901b:

  build: Use $(AS) for optionrom explicitly (2016-07-10 10:05:46 -0700)


build fix for travis


Richard Henderson (2):
  linux-user: Fix i386 safe-syscall.S
  build: Use $(AS) for optionrom explicitly

 configure   | 10 +++---
 linux-user/host/i386/safe-syscall.inc.S | 24 ++--
 pc-bios/optionrom/Makefile  |  3 +++
 rules.mak   |  2 +-
 4 files changed, 13 insertions(+), 26 deletions(-)

[Qemu-devel] [PULL 1/2] linux-user: Fix i386 safe-syscall.S

[Richard Henderson]

Clang insists that "cmp" is ambiguous with a memory destination,
requiring an explicit size suffix.

There was a true error in the use of .cfi_def_cfa_offset in the
epilogue, but changing to use the proper .cfi_adjust_cfa_offset
runs afoul of a clang bug wrt .cfi_restore_state.  Better to
fold the two epilogues so that we don't trigger the bug.

Signed-off-by: Richard Henderson 
---
 linux-user/host/i386/safe-syscall.inc.S | 24 ++--
 1 file changed, 6 insertions(+), 18 deletions(-)

diff --git a/linux-user/host/i386/safe-syscall.inc.S 
b/linux-user/host/i386/safe-syscall.inc.S
index 766d0de..9e58fc6 100644
--- a/linux-user/host/i386/safe-syscall.inc.S
+++ b/linux-user/host/i386/safe-syscall.inc.S
@@ -69,7 +69,7 @@ safe_syscall_base:
 safe_syscall_start:
/* if signal_pending is non-zero, don't do the call */
mov 4+16(%esp), %eax/* signal_pending */
-   cmp $0, (%eax)
+   cmpl$0, (%eax)
jnz 1f
mov 8+16(%esp), %eax/* syscall number */
int $0x80
@@ -77,16 +77,16 @@ safe_syscall_end:
/* code path for having successfully executed the syscall */
pop %ebx
.cfi_remember_state
-   .cfi_def_cfa_offset -4
+   .cfi_adjust_cfa_offset -4
.cfi_restore ebx
pop %edi
-   .cfi_def_cfa_offset -4
+   .cfi_adjust_cfa_offset -4
.cfi_restore edi
pop %esi
-   .cfi_def_cfa_offset -4
+   .cfi_adjust_cfa_offset -4
.cfi_restore esi
pop %ebp
-   .cfi_def_cfa_offset -4
+   .cfi_adjust_cfa_offset -4
.cfi_restore ebp
ret
 
@@ -94,19 +94,7 @@ safe_syscall_end:
/* code path when we didn't execute the syscall */
.cfi_restore_state
mov $-TARGET_ERESTARTSYS, %eax
-   pop %ebx
-   .cfi_def_cfa_offset -4
-   .cfi_restore ebx
-   pop %edi
-   .cfi_def_cfa_offset -4
-   .cfi_restore edi
-   pop %esi
-   .cfi_def_cfa_offset -4
-   .cfi_restore esi
-   pop %ebp
-   .cfi_def_cfa_offset -4
-   .cfi_restore ebp
-   ret
+   jmp safe_syscall_end
.cfi_endproc
 
.size   safe_syscall_base, .-safe_syscall_base
-- 
2.7.4

Re: [Qemu-devel] [Qemu-ppc] [PATCH] spapr: fix core unplug crash

[Bharata B Rao]

On Fri, Jul 08, 2016 at 05:47:01PM +0200, Greg Kurz wrote:
> On Fri, 08 Jul 2016 15:12:07 +0200
> Greg Kurz  wrote:
> 
> > If the host has 8 threads/core and the guest is started with:
> > 
> > -smp cores=1,threads=4,maxcpus=12
> > 
> > It is possible to crash QEMU by doing:
> > 
> > (qemu) device_add host-spapr-cpu-core,core-id=16,id=foo
> > (qemu) device_del foo
> > Segmentation fault
> > 
> > This is caused because spapr_core_unplug() assumes cpu_dt_id == core_id.
> > Even if it happens to be the case when the host and guest have the same
> > number of threads per core, it is conceptually wrong and we may pass a
> > bogus id to spapr_dr_connector_by_id() and spapr_core_release() crashes.
> > 
> > Let's use cc->core_id, which is the id that was used to create th DR
> > connector.
> 
> My bad, I got excited and pointed out the wrong culprit... it is cpu_index
> again of course ! Please find an updated explanation to be put in the
> changelog after "Segmentation fault":
> 
> 
> This happens because spapr_core_unplug() assumes cpu_dt_id == core_id.
> As long as cpu_dt_id is derived from the non-table cpu_index, this is
> only true when you plug cores with contiguous ids.
> 
> It is safer to be consistent: the DR connector was created with an
> index that is immediately written to cc->core_id, and spapr_core_plug()
> also relies on cc->core_id.
> 
> Let's use it also in spapr_core_unplug().
> 
> 
> > 
> > Signed-off-by: Greg Kurz 

Reviewed-by: Bharata B Rao 

This prevents the crash, but unplug still fails and that will be fixed
only by having your patchset where device tree id is derived from
core index.

Regards,
Bharata.

[Qemu-devel] [Bug 1600563] [NEW] min_io_size is currently limited to size uint16_t

[Alex]

Public bug reported:

I am using LVM VGs on MD-raid1 for hosting my KVM volumes. On the host,
a VG looks like this:

Disk /dev/vm/vol202a: 60 GiB, 64424509440 bytes, 125829120 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 131072 bytes / 131072 bytes

In order to replicate the block device characteristics in the guest, I
am using the following extra parameters:

-set device.scsi0-0-0-0.logical_block_size=512
-set device.scsi0-0-0-0.physical_block_size=4096
-set device.scsi0-0-0-0.min_io_size=131072

This doesn't work as qemu complains that min_io_size needs to be of type
uint16_t.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1600563

Title:
  min_io_size is currently limited to size uint16_t

Status in QEMU:
  New

Bug description:
  I am using LVM VGs on MD-raid1 for hosting my KVM volumes. On the
  host, a VG looks like this:

  Disk /dev/vm/vol202a: 60 GiB, 64424509440 bytes, 125829120 sectors
  Units: sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 4096 bytes
  I/O size (minimum/optimal): 131072 bytes / 131072 bytes

  In order to replicate the block device characteristics in the guest, I
  am using the following extra parameters:

  -set device.scsi0-0-0-0.logical_block_size=512
  -set device.scsi0-0-0-0.physical_block_size=4096
  -set device.scsi0-0-0-0.min_io_size=131072

  This doesn't work as qemu complains that min_io_size needs to be of
  type uint16_t.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1600563/+subscriptions

[Qemu-devel] [PATCH 18/19] Qemu-Xen-vTPM: Qemu vTPM xenstubdoms backend

[Emil Condrea]

This Patch provides the glue for the TPM_TIS(Qemu frontend) to Xen
stubdom vTPM domain that provides the actual TPM functionality. It
sends data and TPM commends with xen_vtpm_frontend. It is similar as
another two vTPM backends:
  *vTPM passthrough backend Since QEMU 1.5.
  *vTPM libtpms-based backend.

Some details:
This part of the patch provides support for the spawning of a thread
that will interact with stubdom vTPM domain by the xen_vtpm_frontend.
It expects a signal from the frontend to wake and pick up the TPM
command that is supposed to be processed and delivers the response
packet using a callback function provided by the frontend.

The backend connects itself to the frontend by filling out an interface
structure with pointers to the function implementing support for various
operations.

(QEMU) vTPM XenStubdoms backend is initialized by Qemu command line options,
  "-tpmdev xenstubdoms,id=xenvtpm0 -device tpm-tis,tpmdev=xenvtpm0"

Signed-off-by: Quan Xu 
Signed-off-by: Emil Condrea 
Reviewed-by: Stefan Berger 

---
Changes in v9:
 * added reset_tpm_established_flag and get_tpm_version for TPMDriverOps
 * readded tpm_backend_thread_tpm_reset which was removed because it
was not used
 * tpm_xenstubdoms_unix_transfer use xenstore_vtpm_dev instead of xenstore_dev
---
 backends/tpm.c   |  11 ++
 hw/tpm/Makefile.objs |   2 +-
 hw/tpm/tpm_xenstubdoms.c | 284 +++
 include/sysemu/tpm_backend_int.h |   2 +
 4 files changed, 298 insertions(+), 1 deletion(-)
 create mode 100644 hw/tpm/tpm_xenstubdoms.c

diff --git a/backends/tpm.c b/backends/tpm.c
index 536f262..9e0dfaa 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -181,6 +181,17 @@ void tpm_backend_thread_end(TPMBackendThread *tbt)
 }
 }
 
+void tpm_backend_thread_tpm_reset(TPMBackendThread *tbt,
+  GFunc func, gpointer user_data)
+{
+if (!tbt->pool) {
+tpm_backend_thread_create(tbt, func, user_data);
+} else {
+g_thread_pool_push(tbt->pool, (gpointer)TPM_BACKEND_CMD_TPM_RESET,
+   NULL);
+}
+}
+
 static const TypeInfo tpm_backend_info = {
 .name = TYPE_TPM_BACKEND,
 .parent = TYPE_OBJECT,
diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
index 16b1447..5e1e282 100644
--- a/hw/tpm/Makefile.objs
+++ b/hw/tpm/Makefile.objs
@@ -1,3 +1,3 @@
 common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o tpm_util.o
 common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o tpm_util.o
-common-obj-$(CONFIG_TPM_XENSTUBDOMS) += xen_vtpm_frontend.o
+common-obj-$(CONFIG_TPM_XENSTUBDOMS) += xen_vtpm_frontend.o tpm_xenstubdoms.o
diff --git a/hw/tpm/tpm_xenstubdoms.c b/hw/tpm/tpm_xenstubdoms.c
new file mode 100644
index 000..55223bf
--- /dev/null
+++ b/hw/tpm/tpm_xenstubdoms.c
@@ -0,0 +1,284 @@
+/*
+ * Xen Stubdom vTPM driver
+ *
+ *  Copyright (c) 2015 Intel Corporation
+ *  Authors:
+ *Quan Xu 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see 
+ */
+
+#include "qemu/osdep.h"
+#include "sysemu/tpm_backend.h"
+#include "tpm_int.h"
+#include "tpm_util.h"
+#include "hw/xen/xen_pvdev.h"
+#include "sysemu/tpm_backend_int.h"
+#include "hw/tpm/xen_vtpm_frontend.h"
+
+#define DEBUG_TPM 0
+#define DPRINTF(fmt, ...) do { \
+if (DEBUG_TPM) { \
+fprintf(stderr, fmt, ## __VA_ARGS__); \
+} \
+} while (0)
+
+#define TYPE_TPM_XENSTUBDOMS "tpm-xenstubdoms"
+#define TPM_XENSTUBDOMS(obj) \
+OBJECT_CHECK(TPMXenstubdomsState, (obj), TYPE_TPM_XENSTUBDOMS)
+
+static const TPMDriverOps tpm_xenstubdoms_driver;
+
+/* Data structures */
+typedef struct TPMXenstubdomsThreadParams {
+TPMState *tpm_state;
+TPMRecvDataCB *recv_data_callback;
+TPMBackend *tb;
+} TPMXenstubdomsThreadParams;
+
+struct TPMXenstubdomsState {
+TPMBackend parent;
+TPMBackendThread tbt;
+TPMXenstubdomsThreadParams tpm_thread_params;
+bool had_startup_error;
+};
+
+typedef struct TPMXenstubdomsState TPMXenstubdomsState;
+
+/* Functions */
+static void tpm_xenstubdoms_cancel_cmd(TPMBackend *tb);
+
+static int tpm_xenstubdoms_unix_transfer(const TPMLocality *locty_data,
+ bool *selftest_done)
+{
+size_t rlen;
+struct XenDevice *xendev;
+int ret;
+

[Qemu-devel] [PATCH 17/19] Qemu-Xen-vTPM: Move tpm_passthrough_is_selftest() into tpm_util.c

[Emil Condrea]

Also rename it to tpm_util_is_selftest().

Signed-off-by: Quan Xu 
Signed-off-by: Emil Condrea 
Reviewed-by: Stefan Berger 
---
 hw/tpm/Makefile.objs |  2 +-
 hw/tpm/tpm_passthrough.c | 13 +
 hw/tpm/tpm_util.c| 11 +++
 hw/tpm/tpm_util.h|  1 +
 4 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
index b0a821c..16b1447 100644
--- a/hw/tpm/Makefile.objs
+++ b/hw/tpm/Makefile.objs
@@ -1,3 +1,3 @@
-common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
+common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o tpm_util.o
 common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o tpm_util.o
 common-obj-$(CONFIG_TPM_XENSTUBDOMS) += xen_vtpm_frontend.o
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index e88c0d2..dba408b 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -137,17 +137,6 @@ static void tpm_write_fatal_error_response(uint8_t *out, 
uint32_t out_len)
 }
 }
 
-static bool tpm_passthrough_is_selftest(const uint8_t *in, uint32_t in_len)
-{
-struct tpm_req_hdr *hdr = (struct tpm_req_hdr *)in;
-
-if (in_len >= sizeof(*hdr)) {
-return (be32_to_cpu(hdr->ordinal) == TPM_ORD_ContinueSelfTest);
-}
-
-return false;
-}
-
 static int tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt,
 const uint8_t *in, uint32_t in_len,
 uint8_t *out, uint32_t out_len,
@@ -161,7 +150,7 @@ static int tpm_passthrough_unix_tx_bufs(TPMPassthruState 
*tpm_pt,
 tpm_pt->tpm_executing = true;
 *selftest_done = false;
 
-is_selftest = tpm_passthrough_is_selftest(in, in_len);
+is_selftest = tpm_util_is_selftest(in, in_len);
 
 ret = tpm_passthrough_unix_write(tpm_pt->tpm_fd, in, in_len);
 if (ret != in_len) {
diff --git a/hw/tpm/tpm_util.c b/hw/tpm/tpm_util.c
index 7b35429..323f4ae 100644
--- a/hw/tpm/tpm_util.c
+++ b/hw/tpm/tpm_util.c
@@ -125,3 +125,14 @@ int tpm_util_test_tpmdev(int tpm_fd, TPMVersion 
*tpm_version)
 
 return 1;
 }
+
+bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len)
+{
+struct tpm_req_hdr *hdr = (struct tpm_req_hdr *)in;
+
+if (in_len >= sizeof(*hdr)) {
+return (be32_to_cpu(hdr->ordinal) == TPM_ORD_ContinueSelfTest);
+}
+
+return false;
+}
diff --git a/hw/tpm/tpm_util.h b/hw/tpm/tpm_util.h
index e7f354a..b629663 100644
--- a/hw/tpm/tpm_util.h
+++ b/hw/tpm/tpm_util.h
@@ -24,5 +24,6 @@
 #include "sysemu/tpm_backend.h"
 
 int tpm_util_test_tpmdev(int tpm_fd, TPMVersion *tpm_version);
+bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len);
 
 #endif /* TPM_TPM_UTILS_H */
-- 
1.9.1

[Qemu-devel] [PATCH 16/19] Qemu-Xen-vTPM: Register Xen stubdom vTPM frontend driver

[Emil Condrea]

This driver transfers any request/repond between TPM xenstubdoms
driver and Xen vTPM stubdom, and facilitates communications between
Xen vTPM stubdom domain and vTPM xenstubdoms driver. It is a glue for
the TPM xenstubdoms driver and Xen stubdom vTPM domain that provides
the actual TPM functionality.

(Xen) Xen backend driver should run before running this frontend, and
initialize XenStore as the following for communication.

[XenStore]

for example:

Domain 0: runs QEMU for guest A
Domain 1: vtpmmgr
Domain 2: vTPM for guest A
Domain 3: HVM guest A

[...]
 local = ""
   domain = ""
0 = ""
 frontend = ""
  vtpm = ""
   2 = ""
0 = ""
 backend = "/local/domain/2/backend/vtpm/0/0"
 backend-id = "2"
 state = "*"
 handle = "0"
 domain = "Domain3's name"
 ring-ref = "*"
 event-channel = "*"
 feature-protocol-v2 = "1"
 backend = ""
  qdisk = ""
   [...]
  console = ""
  vif = ""
   [...]
2 = ""
 [...]
 backend = ""
  vtpm = ""
   0 = ""
0 = ""
 frontend = "/local/domain/0/frontend/vtpm/2/0"
 frontend-id = "0" ('0', frontend is running in Domain-0)
 [...]
3 = ""
 [...]
 device = "" (frontend device, the backend is running in QEMU/.etc)
  vkbd = ""
   [...]
  vif = ""
   [...]

 ..

(QEMU) xen_vtpmdev_ops is initialized with the following process:
  xen_hvm_init()
[...]
-->xen_fe_register("vtpm", ...)
  -->xenstore_fe_scan()
-->xen_fe_try_init(ops)
  --> XenDevOps.init()
-->xen_fe_get_xendev()
  --> XenDevOps.alloc()
-->xen_fe_check()
  -->xen_fe_try_initialise()
--> XenDevOps.initialise()
  -->xen_fe_try_connected()
--> XenDevOps.connected()
-->xs_watch()
[...]

Signed-off-by: Quan Xu 
Signed-off-by: Emil Condrea 
Reviewed-by: Stefan Berger 

---
Changed in v9:
 * instead of xen_frontend.c global variable xenstore_dev, use vtpm specific
xenstore_vtpm_dev (since it will be needed just for tpm_xenstubdoms qemu driver)
 * added xen_vtpm_frontend.h
 * move vtpm_backend_changed -> xen_fe_backend_changed to xen_frontend.c
 * use libxengnttab, libxenevtchn stable API instead of xc_* calls:
- xc_gntshr_share_pages -> xengntshr_share_pages
- xc_gntshr_munmap -> xengntshr_unshare
- xc_interface_close -> xengntshr_close
- xc_evtchn_unmask -> xenevtchn_unmask
---
 hw/tpm/Makefile.objs  |   1 +
 hw/tpm/xen_vtpm_frontend.c| 303 ++
 hw/tpm/xen_vtpm_frontend.h|  10 ++
 hw/xen/xen_frontend.c |  20 +++
 include/hw/xen/xen_backend.h  |   1 +
 include/hw/xen/xen_frontend.h |   1 +
 xen-hvm.c |   6 +
 7 files changed, 342 insertions(+)
 create mode 100644 hw/tpm/xen_vtpm_frontend.c
 create mode 100644 hw/tpm/xen_vtpm_frontend.h

diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
index 64cecc3..b0a821c 100644
--- a/hw/tpm/Makefile.objs
+++ b/hw/tpm/Makefile.objs
@@ -1,2 +1,3 @@
 common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
 common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o tpm_util.o
+common-obj-$(CONFIG_TPM_XENSTUBDOMS) += xen_vtpm_frontend.o
diff --git a/hw/tpm/xen_vtpm_frontend.c b/hw/tpm/xen_vtpm_frontend.c
new file mode 100644
index 000..cf3eb5e
--- /dev/null
+++ b/hw/tpm/xen_vtpm_frontend.c
@@ -0,0 +1,303 @@
+/*
+ * Connect to Xen vTPM stubdom domain
+ *
+ *  Copyright (c) 2015 Intel Corporation
+ *  Authors:
+ *Quan Xu 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see 
+ */
+
+#include "qemu/osdep.h"
+
+#include "xen_vtpm_frontend.h"
+#include "hw/xen/xen_frontend.h"
+#include "hw/xen/xen_backend.h"
+
+int xenstore_vtpm_dev;
+#ifndef XS_STUBDOM_VTPM_ENABLE
+#define XS_STUBDOM_VTPM_ENABLE"1"
+#endif
+
+#ifndef VTPM_PAGE_SIZE
+#define VTPM_PAGE_SIZE  4096
+#endif
+
+enum tpmif_state {
+/* No contents, vTPM idle, cancel complete */
+TPMIF_STATE_IDLE,
+/* Request ready or vTPM working */
+TPMIF_STATE_SUBMIT,
+/* Response ready or vTPM idle */
+TPMIF_STATE_FINISH,
+/* Cancel requested or vTPM working */
+TPMIF_STATE_CANCEL,
+};
+
+static AioContext *vtpm_aio_ctx;
+
+enum 

[Qemu-devel] [PATCH 15/19] Qemu-Xen-vTPM: Xen frontend driver infrastructure

[Emil Condrea]

This patch adds infrastructure for xen front drivers living in qemu,
so drivers don't need to implement common stuff on their own.  It's
mostly xenbus management stuff: some functions to access XenStore,
setting up XenStore watches, callbacks on device discovery and state
changes, and handle event channel between the virtual machines.

Call xen_fe_register() function to register XenDevOps, and make sure,
XenDevOps's flags is DEVOPS_FLAG_FE, which is flag bit to point out
the XenDevOps is Xen frontend.

Signed-off-by: Quan Xu 
Signed-off-by: Emil Condrea 

---
Changes in v9:
 * xenstore_dev should not be global, it will not work correctly with
multiple xen frontends living in qemu
 * reuse some common functions:
- xen_fe_printf -> xen_pv_printf
- xen_fe_evtchn_event -> xen_pv_evtchn_event
 * use libxenevtchn stable API instead of xc_* calls:
- xc_evtchn_fd -> xenevtchn_fd
- xc_evtchn_close -> xenevtchn_close
- xc_evtchn_bind_unbound_port -> xenevtchn_bind_unbound_port
---
 hw/xen/xen_frontend.c | 308 ++
 hw/xen/xen_pvdev.c|  15 ++
 include/hw/xen/xen_frontend.h |   6 +
 include/hw/xen/xen_pvdev.h|   1 +
 4 files changed, 330 insertions(+)

diff --git a/hw/xen/xen_frontend.c b/hw/xen/xen_frontend.c
index 6b92cf1..7b305ce 100644
--- a/hw/xen/xen_frontend.c
+++ b/hw/xen/xen_frontend.c
@@ -3,6 +3,10 @@
  *
  *  (c) 2008 Gerd Hoffmann 
  *
+ *  Copyright (c) 2015 Intel Corporation
+ *  Authors:
+ *Quan Xu 
+ *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
@@ -23,6 +27,8 @@
 #include "hw/xen/xen_frontend.h"
 #include "hw/xen/xen_backend.h"
 
+static int debug = 0;
+
 char *xenstore_read_fe_str(struct XenDevice *xendev, const char *node)
 {
 return xenstore_read_str(xendev->fe, node);
@@ -86,3 +92,305 @@ void xenstore_update_fe(char *watch, struct XenDevice 
*xendev)
 xen_fe_frontend_changed(xendev, node);
 xen_be_check_state(xendev);
 }
+
+struct XenDevice *xen_fe_get_xendev(const char *type, int dom, int dev,
+char *backend, struct XenDevOps *ops)
+{
+struct XenDevice *xendev;
+
+xendev = xen_pv_find_xendev(type, dom, dev);
+if (xendev) {
+return xendev;
+}
+
+/* init new xendev */
+xendev = g_malloc0(ops->size);
+xendev->type  = type;
+xendev->dom   = dom;
+xendev->dev   = dev;
+xendev->ops   = ops;
+
+/*return if the ops->flags is not DEVOPS_FLAG_FE*/
+if (!(ops->flags & DEVOPS_FLAG_FE)) {
+return NULL;
+}
+
+snprintf(xendev->be, sizeof(xendev->be), "%s", backend);
+snprintf(xendev->name, sizeof(xendev->name), "%s-%d",
+ xendev->type, xendev->dev);
+
+xendev->debug = debug;
+xendev->local_port = -1;
+
+xendev->evtchndev = xenevtchn_open(NULL, 0);
+if (xendev->evtchndev == NULL) {
+xen_pv_printf(NULL, 0, "can't open evtchn device\n");
+g_free(xendev);
+return NULL;
+}
+fcntl(xenevtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC);
+
+if (ops->flags & DEVOPS_FLAG_NEED_GNTDEV) {
+xendev->gnttabdev = xengnttab_open(NULL, 0);
+if (xendev->gnttabdev == NULL) {
+xen_pv_printf(NULL, 0, "can't open gnttab device\n");
+xenevtchn_close(xendev->evtchndev);
+g_free(xendev);
+return NULL;
+}
+} else {
+xendev->gnttabdev = NULL;
+}
+
+xen_pv_insert_xendev(xendev);
+
+if (xendev->ops->alloc) {
+xendev->ops->alloc(xendev);
+}
+
+return xendev;
+}
+
+int xen_fe_alloc_unbound(struct XenDevice *xendev, int dom, int remote_dom){
+xendev->local_port = xenevtchn_bind_unbound_port(xendev->evtchndev,
+ remote_dom);
+if (xendev->local_port == -1) {
+xen_pv_printf(xendev, 0, "xenevtchn_bind_unbound_port failed\n");
+return -1;
+}
+xen_pv_printf(xendev, 2, "bind evtchn port %d\n", xendev->local_port);
+qemu_set_fd_handler(xenevtchn_fd(xendev->evtchndev),
+xen_pv_evtchn_event, NULL, xendev);
+return 0;
+}
+
+/*
+ * Make sure, initialize the 'xendev->fe' in xendev->ops->init() or
+ * xendev->ops->initialize()
+ */
+int xenbus_switch_state(struct XenDevice *xendev, enum xenbus_state xbus)
+{
+xs_transaction_t xbt = XBT_NULL;
+
+if (xendev->fe_state == xbus) {
+return 0;
+}
+
+xendev->fe_state = xbus;
+if (xendev->fe == NULL) {
+xen_pv_printf(NULL, 0, "xendev->fe is NULL\n");
+return -1;
+}
+
+retry_transaction:
+xbt = xs_transaction_start(xenstore);
+if (xbt == XBT_NULL) {
+goto abort_transaction;
+}
+
+if (xenstore_write_int(xendev->fe, "state", xbus)) 

[Qemu-devel] [PATCH 13/19] xen: Distinguish between frontend and backend devops

[Emil Condrea]

xen_be_check_state should not be called for frontends
Use DEVOPS_FLAG_FE flag to distinguish a frontend.

Signed-off-by: Emil Condrea 
Signed-off-by: Quan Xu 

---
Changes in v9:
 * Removed not needed strstr from xenstore_update_be
It was left over from first patch series when domu was included in xenstore
schema: "%s/backend/%s/%d/%d"
---
 hw/xen/xen_backend.c   | 4 +++-
 include/hw/xen/xen_pvdev.h | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index d0e3f50..3931128 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -488,7 +488,9 @@ void xenstore_update_be(char *watch, char *type, int dom,
 } else {
 free(bepath);
 xen_be_backend_changed(xendev, path);
-xen_be_check_state(xendev);
+if (!(ops->flags & DEVOPS_FLAG_FE)) {
+xen_be_check_state(xendev);
+}
 }
 }
 }
diff --git a/include/hw/xen/xen_pvdev.h b/include/hw/xen/xen_pvdev.h
index c19e1df..c985a9d 100644
--- a/include/hw/xen/xen_pvdev.h
+++ b/include/hw/xen/xen_pvdev.h
@@ -14,6 +14,8 @@ struct XenDevice;
 #define DEVOPS_FLAG_NEED_GNTDEV   1
 /* don't expect frontend doing correct state transitions (aka console quirk) */
 #define DEVOPS_FLAG_IGNORE_STATE  2
+/*dev is frontend device*/
+#define DEVOPS_FLAG_FE4
 
 struct XenDevOps {
 size_tsize;
-- 
1.9.1

[Qemu-devel] [PATCH 14/19] Qemu-Xen-vTPM: Support for Xen stubdom vTPM command line options

[Emil Condrea]

Signed-off-by: Quan Xu 
Signed-off-by: Emil Condrea 
Reviewed-by: Eric Blake 

---
Changes in v9:
 * Replace `type` with `struct` as required by 895a2a80e
 * Change `qpm_query_tpm_inst` as required by ce21131a0
---
 configure| 14 ++
 hmp.c|  2 ++
 qapi-schema.json | 16 ++--
 qemu-options.hx  | 13 +++--
 tpm.c|  7 ++-
 5 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/configure b/configure
index e9090a0..29e982e 100755
--- a/configure
+++ b/configure
@@ -3242,6 +3242,16 @@ else
 fi
 
 ##
+# TPM xenstubdoms is only on x86 Linux
+
+if test "$targetos" = Linux && test "$cpu" = i386 -o "$cpu" = x86_64 && \
+   test "$xen" = "yes"; then
+  tpm_xenstubdoms=$tpm
+else
+  tpm_xenstubdoms=no
+fi
+
+##
 # attr probe
 
 if test "$attr" != "no" ; then
@@ -4891,6 +4901,7 @@ echo "gcov  $gcov_tool"
 echo "gcov enabled  $gcov"
 echo "TPM support   $tpm"
 echo "libssh2 support   $libssh2"
+echo "TPM xenstubdoms   $tpm_xenstubdoms"
 echo "TPM passthrough   $tpm_passthrough"
 echo "QOM debugging $qom_cast_debug"
 echo "vhdx  $vhdx"
@@ -5431,6 +5442,9 @@ if test "$tpm" = "yes"; then
   if test "$tpm_passthrough" = "yes"; then
 echo "CONFIG_TPM_PASSTHROUGH=y" >> $config_host_mak
   fi
+  if test "$tpm_xenstubdoms" = "yes"; then
+echo "CONFIG_TPM_XENSTUBDOMS=y" >> $config_host_mak
+  fi
 fi
 
 echo "TRACE_BACKENDS=$trace_backends" >> $config_host_mak
diff --git a/hmp.c b/hmp.c
index 0cf5baa..1ed7a28 100644
--- a/hmp.c
+++ b/hmp.c
@@ -883,6 +883,8 @@ void hmp_info_tpm(Monitor *mon, const QDict *qdict)
tpo->has_cancel_path ? ",cancel-path=" : "",
tpo->has_cancel_path ? tpo->cancel_path : "");
 break;
+case TPM_TYPE_OPTIONS_KIND_XENSTUBDOMS:
+break;
 case TPM_TYPE_OPTIONS_KIND__MAX:
 break;
 }
diff --git a/qapi-schema.json b/qapi-schema.json
index d2d6506..12efb23 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -3502,9 +3502,11 @@
 #
 # @passthrough: TPM passthrough type
 #
+# @xenstubdoms: TPM xenstubdoms type (since 2.7)
+#
 # Since: 1.5
 ##
-{ 'enum': 'TpmType', 'data': [ 'passthrough' ] }
+{ 'enum': 'TpmType', 'data': [ 'passthrough', 'xenstubdoms' ] }
 
 ##
 # @query-tpm-types:
@@ -3533,6 +3535,15 @@
  '*cancel-path' : 'str'} }
 
 ##
+# @TPMXenstubdomsOptions:
+#
+# Information about the TPM xenstubdoms type
+#
+# Since: 2.7
+##
+{ 'struct': 'TPMXenstubdomsOptions', 'data': {  } }
+
+##
 # @TpmTypeOptions:
 #
 # A union referencing different TPM backend types' configuration options
@@ -3542,7 +3553,8 @@
 # Since: 1.5
 ##
 { 'union': 'TpmTypeOptions',
-   'data': { 'passthrough' : 'TPMPassthroughOptions' } }
+  'data': { 'passthrough' : 'TPMPassthroughOptions',
+'xenstubdoms' : 'TPMXenstubdomsOptions' } }
 
 ##
 # @TpmInfo:
diff --git a/qemu-options.hx b/qemu-options.hx
index 8e0d9a5..748fb62 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2748,7 +2748,8 @@ DEF("tpmdev", HAS_ARG, QEMU_OPTION_tpmdev, \
 "-tpmdev passthrough,id=id[,path=path][,cancel-path=path]\n"
 "use path to provide path to a character device; default 
is /dev/tpm0\n"
 "use cancel-path to provide path to TPM's cancel sysfs 
entry; if\n"
-"not provided it will be searched for in 
/sys/class/misc/tpm?/device\n",
+"not provided it will be searched for in 
/sys/class/misc/tpm?/device\n"
+"-tpmdev xenstubdoms,id=id\n",
 QEMU_ARCH_ALL)
 STEXI
 
@@ -2758,7 +2759,8 @@ The general form of a TPM device option is:
 @item -tpmdev @var{backend} ,id=@var{id} [,@var{options}]
 @findex -tpmdev
 Backend type must be:
-@option{passthrough}.
+@option{passthrough}, or
+@option{xenstubdoms}.
 
 The specific backend type will determine the applicable options.
 The @code{-tpmdev} option creates the TPM backend and requires a
@@ -2808,6 +2810,13 @@ To create a passthrough TPM use the following two 
options:
 Note that the @code{-tpmdev} id is @code{tpm0} and is referenced by
 @code{tpmdev=tpm0} in the device option.
 
+To create a xenstubdoms TPM use the following two options:
+@example
+-tpmdev xenstubdoms,id=tpm0 -device tpm-tis,tpmdev=tpm0
+@end example
+Note that the @code{-tpmdev} id is @code{tpm0} and is referenced by
+@code{tpmdev=tpm0} in the device option.
+
 @end table
 
 ETEXI
diff --git a/tpm.c b/tpm.c
index 9a7c711..df1b9b0 100644
--- a/tpm.c
+++ b/tpm.c
@@ -25,7 +25,7 @@ static QLIST_HEAD(, TPMBackend) tpm_backends =
 
 
 #define TPM_MAX_MODELS  1
-#define TPM_MAX_DRIVERS 1
+#define TPM_MAX_DRIVERS 2
 
 static TPMDriverOps const *be_drivers[TPM_MAX_DRIVERS] = {
 NULL,
@@ -253,6 +253,7 @@ static TPMInfo 

[Qemu-devel] [PATCH 12/19] xen: Rename xen_be_frontend_changed

[Emil Condrea]

xen_be_frontend_changed -> xen_fe_frontend_changed

Signed-off-by: Emil Condrea 
---
 hw/xen/xen_backend.c  | 2 +-
 hw/xen/xen_frontend.c | 4 ++--
 include/hw/xen/xen_frontend.h | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index 9efe4b9..d0e3f50 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -262,7 +262,7 @@ static int xen_be_try_setup(struct XenDevice *xendev)
 xen_be_set_state(xendev, XenbusStateInitialising);
 
 xen_be_backend_changed(xendev, NULL);
-xen_be_frontend_changed(xendev, NULL);
+xen_fe_frontend_changed(xendev, NULL);
 return 0;
 }
 
diff --git a/hw/xen/xen_frontend.c b/hw/xen/xen_frontend.c
index 474c74a..6b92cf1 100644
--- a/hw/xen/xen_frontend.c
+++ b/hw/xen/xen_frontend.c
@@ -38,7 +38,7 @@ int xenstore_read_fe_uint64(struct XenDevice *xendev, const 
char *node, uint64_t
 return xenstore_read_uint64(xendev->fe, node, uval);
 }
 
-void xen_be_frontend_changed(struct XenDevice *xendev, const char *node)
+void xen_fe_frontend_changed(struct XenDevice *xendev, const char *node)
 {
 int fe_state;
 
@@ -83,6 +83,6 @@ void xenstore_update_fe(char *watch, struct XenDevice *xendev)
 }
 node = watch + len + 1;
 
-xen_be_frontend_changed(xendev, node);
+xen_fe_frontend_changed(xendev, node);
 xen_be_check_state(xendev);
 }
diff --git a/include/hw/xen/xen_frontend.h b/include/hw/xen/xen_frontend.h
index ae587e1..5d03f4e 100644
--- a/include/hw/xen/xen_frontend.h
+++ b/include/hw/xen/xen_frontend.h
@@ -8,6 +8,6 @@ int xenstore_read_fe_int(struct XenDevice *xendev, const char 
*node, int *ival);
 int xenstore_read_fe_uint64(struct XenDevice *xendev, const char *node, 
uint64_t *uval);
 void xenstore_update_fe(char *watch, struct XenDevice *xendev);
 
-void xen_be_frontend_changed(struct XenDevice *xendev, const char *node);
+void xen_fe_frontend_changed(struct XenDevice *xendev, const char *node);
 
 #endif /* QEMU_HW_XEN_FRONTEND_H */
-- 
1.9.1

[Qemu-devel] [PATCH 07/19] xen: Rename xen_be_unbind_evtchn

[Emil Condrea]

Prepare xen_be_unbind_evtchn to be shared with frontends:
 * xen_be_unbind_evtchn -> xen_pv_unbind_evtchn

Signed-off-by: Emil Condrea 
---
 hw/block/xen_disk.c| 2 +-
 hw/char/xen_console.c  | 2 +-
 hw/display/xenfb.c | 2 +-
 hw/net/xen_nic.c   | 2 +-
 hw/xen/xen_pvdev.c | 2 +-
 include/hw/xen/xen_pvdev.h | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index ad3f519..0716ca2 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -1048,7 +1048,7 @@ static void blk_disconnect(struct XenDevice *xendev)
 blk_unref(blkdev->blk);
 blkdev->blk = NULL;
 }
-xen_be_unbind_evtchn(>xendev);
+xen_pv_unbind_evtchn(>xendev);
 
 if (blkdev->sring) {
 xengnttab_unmap(blkdev->xendev.gnttabdev, blkdev->sring, 1);
diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
index e6bae67..889f7b2 100644
--- a/hw/char/xen_console.c
+++ b/hw/char/xen_console.c
@@ -263,7 +263,7 @@ static void con_disconnect(struct XenDevice *xendev)
 qemu_chr_add_handlers(con->chr, NULL, NULL, NULL, NULL);
 qemu_chr_fe_release(con->chr);
 }
-xen_be_unbind_evtchn(>xendev);
+xen_pv_unbind_evtchn(>xendev);
 
 if (con->sring) {
 if (!xendev->dev) {
diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index b1e8b3b..250dbc2 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -112,7 +112,7 @@ static int common_bind(struct common *c)
 
 static void common_unbind(struct common *c)
 {
-xen_be_unbind_evtchn(>xendev);
+xen_pv_unbind_evtchn(>xendev);
 if (c->page) {
 xenforeignmemory_unmap(xen_fmem, c->page, 1);
c->page = NULL;
diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c
index 91126b5..1fc6a22 100644
--- a/hw/net/xen_nic.c
+++ b/hw/net/xen_nic.c
@@ -367,7 +367,7 @@ static void net_disconnect(struct XenDevice *xendev)
 {
 struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
 
-xen_be_unbind_evtchn(>xendev);
+xen_pv_unbind_evtchn(>xendev);
 
 if (netdev->txs) {
 xengnttab_unmap(netdev->xendev.gnttabdev, netdev->txs, 1);
diff --git a/hw/xen/xen_pvdev.c b/hw/xen/xen_pvdev.c
index 7375b43..6bf1ae4 100644
--- a/hw/xen/xen_pvdev.c
+++ b/hw/xen/xen_pvdev.c
@@ -193,7 +193,7 @@ void xen_be_evtchn_event(void *opaque)
 }
 }
 
-void xen_be_unbind_evtchn(struct XenDevice *xendev)
+void xen_pv_unbind_evtchn(struct XenDevice *xendev)
 {
 if (xendev->local_port == -1) {
 return;
diff --git a/include/hw/xen/xen_pvdev.h b/include/hw/xen/xen_pvdev.h
index 3e2dfd8..5c27184 100644
--- a/include/hw/xen/xen_pvdev.h
+++ b/include/hw/xen/xen_pvdev.h
@@ -71,7 +71,7 @@ void xen_pv_insert_xendev(struct XenDevice *xendev);
 struct XenDevice *xen_be_del_xendev(int dom, int dev);
 struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev);
 
-void xen_be_unbind_evtchn(struct XenDevice *xendev);
+void xen_pv_unbind_evtchn(struct XenDevice *xendev);
 int xen_be_send_notify(struct XenDevice *xendev);
 
 void xen_pv_printf(struct XenDevice *xendev, int msg_level, const char *fmt, 
...)
-- 
1.9.1

[Qemu-devel] [PATCH 11/19] xen: Rename xen_be_del_xendev

[Emil Condrea]

Prepare xen_be_del_xendev to be shared with frontends:
 * xen_be_del_xendev -> xen_pv_del_xendev

Signed-off-by: Emil Condrea 
---
 hw/xen/xen_backend.c   | 2 +-
 hw/xen/xen_pvdev.c | 2 +-
 include/hw/xen/xen_pvdev.h | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index 51afb1c..9efe4b9 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -484,7 +484,7 @@ void xenstore_update_be(char *watch, char *type, int dom,
 if (xendev != NULL) {
 bepath = xs_read(xenstore, 0, xendev->be, );
 if (bepath == NULL) {
-xen_be_del_xendev(dom, dev);
+xen_pv_del_xendev(dom, dev);
 } else {
 free(bepath);
 xen_be_backend_changed(xendev, path);
diff --git a/hw/xen/xen_pvdev.c b/hw/xen/xen_pvdev.c
index 24266fa..394ddc1 100644
--- a/hw/xen/xen_pvdev.c
+++ b/hw/xen/xen_pvdev.c
@@ -233,7 +233,7 @@ struct XenDevice *xen_pv_find_xendev(const char *type, int 
dom, int dev)
 /*
  * release xen backend device.
  */
-struct XenDevice *xen_be_del_xendev(int dom, int dev)
+struct XenDevice *xen_pv_del_xendev(int dom, int dev)
 {
 struct XenDevice *xendev, *xnext;
 
diff --git a/include/hw/xen/xen_pvdev.h b/include/hw/xen/xen_pvdev.h
index f26d82a..c19e1df 100644
--- a/include/hw/xen/xen_pvdev.h
+++ b/include/hw/xen/xen_pvdev.h
@@ -68,7 +68,7 @@ const char *xenbus_strstate(enum xenbus_state state);
 
 void xen_pv_evtchn_event(void *opaque);
 void xen_pv_insert_xendev(struct XenDevice *xendev);
-struct XenDevice *xen_be_del_xendev(int dom, int dev);
+struct XenDevice *xen_pv_del_xendev(int dom, int dev);
 struct XenDevice *xen_pv_find_xendev(const char *type, int dom, int dev);
 
 void xen_pv_unbind_evtchn(struct XenDevice *xendev);
-- 
1.9.1

[Qemu-devel] [PATCH 10/19] xen: Rename xen_be_find_xendev

[Emil Condrea]

Prepare xen_be_find_xendev to be shared with frontends:
 * xen_be_find_xendev -> xen_pv_find_xendev

Signed-off-by: Emil Condrea 
---
 hw/display/xenfb.c | 4 ++--
 hw/xen/xen_backend.c   | 2 +-
 hw/xen/xen_pvdev.c | 2 +-
 include/hw/xen/xen_pvdev.h | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index 01ae00f..df13912 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -978,8 +978,8 @@ void xen_init_display(int domid)
 wait_more:
 i++;
 main_loop_wait(true);
-xfb = xen_be_find_xendev("vfb", domid, 0);
-xin = xen_be_find_xendev("vkbd", domid, 0);
+xfb = xen_pv_find_xendev("vfb", domid, 0);
+xin = xen_pv_find_xendev("vkbd", domid, 0);
 if (!xfb || !xin) {
 if (i < 256) {
 usleep(1);
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index d6c04c7..51afb1c 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -148,7 +148,7 @@ static struct XenDevice *xen_be_get_xendev(const char 
*type, int dom, int dev,
 {
 struct XenDevice *xendev;
 
-xendev = xen_be_find_xendev(type, dom, dev);
+xendev = xen_pv_find_xendev(type, dom, dev);
 if (xendev) {
 return xendev;
 }
diff --git a/hw/xen/xen_pvdev.c b/hw/xen/xen_pvdev.c
index 5482ab0..24266fa 100644
--- a/hw/xen/xen_pvdev.c
+++ b/hw/xen/xen_pvdev.c
@@ -211,7 +211,7 @@ int xen_pv_send_notify(struct XenDevice *xendev)
 
 /* - */
 
-struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev)
+struct XenDevice *xen_pv_find_xendev(const char *type, int dom, int dev)
 {
 struct XenDevice *xendev;
 
diff --git a/include/hw/xen/xen_pvdev.h b/include/hw/xen/xen_pvdev.h
index a06afb6..f26d82a 100644
--- a/include/hw/xen/xen_pvdev.h
+++ b/include/hw/xen/xen_pvdev.h
@@ -69,7 +69,7 @@ const char *xenbus_strstate(enum xenbus_state state);
 void xen_pv_evtchn_event(void *opaque);
 void xen_pv_insert_xendev(struct XenDevice *xendev);
 struct XenDevice *xen_be_del_xendev(int dom, int dev);
-struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev);
+struct XenDevice *xen_pv_find_xendev(const char *type, int dom, int dev);
 
 void xen_pv_unbind_evtchn(struct XenDevice *xendev);
 int xen_pv_send_notify(struct XenDevice *xendev);
-- 
1.9.1

[Qemu-devel] [PATCH 08/19] xen: Rename xen_be_send_notify

[Emil Condrea]

Prepare xen_be_send_notify to be shared with frontends:
 * xen_be_send_notify -> xen_pv_send_notify

Signed-off-by: Emil Condrea 
---
 hw/block/xen_disk.c| 4 ++--
 hw/char/xen_console.c  | 4 ++--
 hw/display/xenfb.c | 8 
 hw/net/xen_nic.c   | 4 ++--
 hw/xen/xen_pvdev.c | 2 +-
 include/hw/xen/xen_pvdev.h | 2 +-
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index 0716ca2..c36b08b 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -659,7 +659,7 @@ static void blk_send_response_all(struct XenBlkDev *blkdev)
 ioreq_release(ioreq, true);
 }
 if (send_notify) {
-xen_be_send_notify(>xendev);
+xen_pv_send_notify(>xendev);
 }
 }
 
@@ -729,7 +729,7 @@ static void blk_handle_requests(struct XenBlkDev *blkdev)
 };
 
 if (blk_send_response_one(ioreq)) {
-xen_be_send_notify(>xendev);
+xen_pv_send_notify(>xendev);
 }
 ioreq_release(ioreq, false);
 continue;
diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c
index 889f7b2..94e6ab0 100644
--- a/hw/char/xen_console.c
+++ b/hw/char/xen_console.c
@@ -72,7 +72,7 @@ static void buffer_append(struct XenConsole *con)
 
 xen_mb();
 intf->out_cons = cons;
-xen_be_send_notify(>xendev);
+xen_pv_send_notify(>xendev);
 
 if (buffer->max_capacity &&
buffer->size > buffer->max_capacity) {
@@ -140,7 +140,7 @@ static void xencons_receive(void *opaque, const uint8_t 
*buf, int len)
 }
 xen_wmb();
 intf->in_prod = prod;
-xen_be_send_notify(>xendev);
+xen_pv_send_notify(>xendev);
 }
 
 static void xencons_send(struct XenConsole *con)
diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index 250dbc2..01ae00f 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -215,7 +215,7 @@ static int xenfb_kbd_event(struct XenInput *xenfb,
 XENKBD_IN_RING_REF(page, prod) = *event;
 xen_wmb(); /* ensure ring contents visible */
 page->in_prod = prod + 1;
-return xen_be_send_notify(>c.xendev);
+return xen_pv_send_notify(>c.xendev);
 }
 
 /* Send a keyboard (or mouse button) event */
@@ -397,7 +397,7 @@ static void input_event(struct XenDevice *xendev)
 if (page->out_prod == page->out_cons)
return;
 page->out_cons = page->out_prod;
-xen_be_send_notify(>c.xendev);
+xen_pv_send_notify(>c.xendev);
 }
 
 /*  */
@@ -664,7 +664,7 @@ static void xenfb_send_event(struct XenFB *xenfb, union 
xenfb_in_event *event)
 xen_wmb();  /* ensure ring contents visible */
 page->in_prod = prod + 1;
 
-xen_be_send_notify(>c.xendev);
+xen_pv_send_notify(>c.xendev);
 }
 
 static void xenfb_send_refresh_period(struct XenFB *xenfb, int period)
@@ -935,7 +935,7 @@ static void fb_event(struct XenDevice *xendev)
 struct XenFB *xenfb = container_of(xendev, struct XenFB, c.xendev);
 
 xenfb_handle_events(xenfb);
-xen_be_send_notify(>c.xendev);
+xen_pv_send_notify(>c.xendev);
 }
 
 /*  */
diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c
index 1fc6a22..f46c745 100644
--- a/hw/net/xen_nic.c
+++ b/hw/net/xen_nic.c
@@ -70,7 +70,7 @@ static void net_tx_response(struct XenNetDev *netdev, 
netif_tx_request_t *txp, i
 netdev->tx_ring.rsp_prod_pvt = ++i;
 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(>tx_ring, notify);
 if (notify) {
-xen_be_send_notify(>xendev);
+xen_pv_send_notify(>xendev);
 }
 
 if (i == netdev->tx_ring.req_cons) {
@@ -218,7 +218,7 @@ static void net_rx_response(struct XenNetDev *netdev,
 netdev->rx_ring.rsp_prod_pvt = ++i;
 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(>rx_ring, notify);
 if (notify) {
-xen_be_send_notify(>xendev);
+xen_pv_send_notify(>xendev);
 }
 }
 
diff --git a/hw/xen/xen_pvdev.c b/hw/xen/xen_pvdev.c
index 6bf1ae4..3d8b2c2 100644
--- a/hw/xen/xen_pvdev.c
+++ b/hw/xen/xen_pvdev.c
@@ -204,7 +204,7 @@ void xen_pv_unbind_evtchn(struct XenDevice *xendev)
 xendev->local_port = -1;
 }
 
-int xen_be_send_notify(struct XenDevice *xendev)
+int xen_pv_send_notify(struct XenDevice *xendev)
 {
 return xenevtchn_notify(xendev->evtchndev, xendev->local_port);
 }
diff --git a/include/hw/xen/xen_pvdev.h b/include/hw/xen/xen_pvdev.h
index 5c27184..80e242f 100644
--- a/include/hw/xen/xen_pvdev.h
+++ b/include/hw/xen/xen_pvdev.h
@@ -72,7 +72,7 @@ struct XenDevice *xen_be_del_xendev(int dom, int dev);
 struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev);
 
 void xen_pv_unbind_evtchn(struct XenDevice *xendev);
-int xen_be_send_notify(struct XenDevice *xendev);
+int xen_pv_send_notify(struct XenDevice *xendev);
 
 void xen_pv_printf(struct XenDevice *xendev, int msg_level, const char *fmt, 
...)

[Qemu-devel] [PATCH 04/19] xen: Move evtchn functions to xen_pvdev.c

[Emil Condrea]

The name of the functions moved:
 * xen_be_evtchn_event
 * xen_be_unbind_evtchn
 * xen_be_send_notify

Signed-off-by: Emil Condrea 
---
 hw/xen/xen_backend.c | 37 +
 hw/xen/xen_pvdev.c   | 35 +++
 include/hw/xen/xen_backend.h |  2 --
 include/hw/xen/xen_pvdev.h   |  4 
 4 files changed, 40 insertions(+), 38 deletions(-)

diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index 0a9f9bb..5f2821a 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -561,25 +561,6 @@ void xenstore_update_be(char *watch, char *type, int dom,
 }
 }
 
-static void xen_be_evtchn_event(void *opaque)
-{
-struct XenDevice *xendev = opaque;
-evtchn_port_t port;
-
-port = xenevtchn_pending(xendev->evtchndev);
-if (port != xendev->local_port) {
-xen_be_printf(xendev, 0,
-  "xenevtchn_pending returned %d (expected %d)\n",
-  port, xendev->local_port);
-return;
-}
-xenevtchn_unmask(xendev->evtchndev, port);
-
-if (xendev->ops->event) {
-xendev->ops->event(xendev);
-}
-}
-
 /*  */
 
 int xen_be_init(void)
@@ -646,22 +627,6 @@ int xen_be_bind_evtchn(struct XenDevice *xendev)
 return 0;
 }
 
-void xen_be_unbind_evtchn(struct XenDevice *xendev)
-{
-if (xendev->local_port == -1) {
-return;
-}
-qemu_set_fd_handler(xenevtchn_fd(xendev->evtchndev), NULL, NULL, NULL);
-xenevtchn_unbind(xendev->evtchndev, xendev->local_port);
-xen_be_printf(xendev, 2, "unbind evtchn port %d\n", xendev->local_port);
-xendev->local_port = -1;
-}
-
-int xen_be_send_notify(struct XenDevice *xendev)
-{
-return xenevtchn_notify(xendev->evtchndev, xendev->local_port);
-}
-
 
 static int xen_sysdev_init(SysBusDevice *dev)
 {
@@ -693,4 +658,4 @@ static void xenbe_register_types(void)
 type_register_static(_info);
 }
 
-type_init(xenbe_register_types);
+type_init(xenbe_register_types);
\ No newline at end of file
diff --git a/hw/xen/xen_pvdev.c b/hw/xen/xen_pvdev.c
index 001fda2..7876724 100644
--- a/hw/xen/xen_pvdev.c
+++ b/hw/xen/xen_pvdev.c
@@ -171,3 +171,38 @@ void xen_be_printf(struct XenDevice *xendev, int 
msg_level, const char *fmt, ...
 }
 qemu_log_flush();
 }
+
+void xen_be_evtchn_event(void *opaque)
+{
+struct XenDevice *xendev = opaque;
+evtchn_port_t port;
+
+port = xenevtchn_pending(xendev->evtchndev);
+if (port != xendev->local_port) {
+xen_be_printf(xendev, 0,
+  "xenevtchn_pending returned %d (expected %d)\n",
+  port, xendev->local_port);
+return;
+}
+xenevtchn_unmask(xendev->evtchndev, port);
+
+if (xendev->ops->event) {
+xendev->ops->event(xendev);
+}
+}
+
+void xen_be_unbind_evtchn(struct XenDevice *xendev)
+{
+if (xendev->local_port == -1) {
+return;
+}
+qemu_set_fd_handler(xenevtchn_fd(xendev->evtchndev), NULL, NULL, NULL);
+xenevtchn_unbind(xendev->evtchndev, xendev->local_port);
+xen_be_printf(xendev, 2, "unbind evtchn port %d\n", xendev->local_port);
+xendev->local_port = -1;
+}
+
+int xen_be_send_notify(struct XenDevice *xendev)
+{
+return xenevtchn_notify(xendev->evtchndev, xendev->local_port);
+}
diff --git a/include/hw/xen/xen_backend.h b/include/hw/xen/xen_backend.h
index 4832f79..60b634e 100644
--- a/include/hw/xen/xen_backend.h
+++ b/include/hw/xen/xen_backend.h
@@ -29,8 +29,6 @@ int xen_be_init(void);
 int xen_be_register(const char *type, struct XenDevOps *ops);
 int xen_be_set_state(struct XenDevice *xendev, enum xenbus_state state);
 int xen_be_bind_evtchn(struct XenDevice *xendev);
-void xen_be_unbind_evtchn(struct XenDevice *xendev);
-int xen_be_send_notify(struct XenDevice *xendev);
 
 /* actual backend drivers */
 extern struct XenDevOps xen_console_ops;  /* xen_console.c */
diff --git a/include/hw/xen/xen_pvdev.h b/include/hw/xen/xen_pvdev.h
index cc49636..f269b04 100644
--- a/include/hw/xen/xen_pvdev.h
+++ b/include/hw/xen/xen_pvdev.h
@@ -66,6 +66,10 @@ void xenstore_update(void *unused);
 
 const char *xenbus_strstate(enum xenbus_state state);
 
+void xen_be_evtchn_event(void *opaque);
+void xen_be_unbind_evtchn(struct XenDevice *xendev);
+int xen_be_send_notify(struct XenDevice *xendev);
+
 void xen_be_printf(struct XenDevice *xendev, int msg_level, const char *fmt, 
...)
 GCC_FMT_ATTR(3, 4);
 
-- 
1.9.1

[Qemu-devel] [PATCH 19/19] Qemu-Xen-vTPM: QEMU machine class is initialized before tpm_init()

[Emil Condrea]

make sure QEMU machine class is initialized and QEMU has registered
Xen stubdom vTPM driver when call tpm_init()

Signed-off-by: Quan Xu 
Signed-off-by: Emil Condrea 
Reviewed-by: Stefan Berger 
---
 vl.c | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/vl.c b/vl.c
index 5cd0f2a..a22b0c9 100644
--- a/vl.c
+++ b/vl.c
@@ -4353,12 +4353,6 @@ int main(int argc, char **argv, char **envp)
 exit(1);
 }
 
-#ifdef CONFIG_TPM
-if (tpm_init() < 0) {
-exit(1);
-}
-#endif
-
 /* init the bluetooth world */
 if (foreach_device_config(DEV_BT, bt_parse))
 exit(1);
@@ -4477,6 +4471,17 @@ int main(int argc, char **argv, char **envp)
 exit(1);
 }
 
+/*
+ * For compatible with Xen stubdom vTPM driver, make
+ * sure QEMU machine class is initialized and QEMU has
+ * registered Xen stubdom vTPM driver.
+ */
+#ifdef CONFIG_TPM
+if (tpm_init() < 0) {
+exit(1);
+}
+#endif
+
 /* Check if IGD GFX passthrough. */
 igd_gfx_passthru();
 
-- 
1.9.1

[Qemu-devel] [PATCH 09/19] xen: Rename xen_be_evtchn_event

[Emil Condrea]

Prepare xen_be_evtchn_event to be shared with frontends:
 * xen_be_evtchn_event -> xen_pv_evtchn_event

Signed-off-by: Emil Condrea 
---
 hw/xen/xen_backend.c   | 2 +-
 hw/xen/xen_pvdev.c | 2 +-
 include/hw/xen/xen_pvdev.h | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index 46e1944..d6c04c7 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -555,7 +555,7 @@ int xen_be_bind_evtchn(struct XenDevice *xendev)
 }
 xen_pv_printf(xendev, 2, "bind evtchn port %d\n", xendev->local_port);
 qemu_set_fd_handler(xenevtchn_fd(xendev->evtchndev),
-xen_be_evtchn_event, NULL, xendev);
+xen_pv_evtchn_event, NULL, xendev);
 return 0;
 }
 
diff --git a/hw/xen/xen_pvdev.c b/hw/xen/xen_pvdev.c
index 3d8b2c2..5482ab0 100644
--- a/hw/xen/xen_pvdev.c
+++ b/hw/xen/xen_pvdev.c
@@ -174,7 +174,7 @@ void xen_pv_printf(struct XenDevice *xendev, int msg_level, 
const char *fmt, ...
 qemu_log_flush();
 }
 
-void xen_be_evtchn_event(void *opaque)
+void xen_pv_evtchn_event(void *opaque)
 {
 struct XenDevice *xendev = opaque;
 evtchn_port_t port;
diff --git a/include/hw/xen/xen_pvdev.h b/include/hw/xen/xen_pvdev.h
index 80e242f..a06afb6 100644
--- a/include/hw/xen/xen_pvdev.h
+++ b/include/hw/xen/xen_pvdev.h
@@ -66,7 +66,7 @@ void xenstore_update(void *unused);
 
 const char *xenbus_strstate(enum xenbus_state state);
 
-void xen_be_evtchn_event(void *opaque);
+void xen_pv_evtchn_event(void *opaque);
 void xen_pv_insert_xendev(struct XenDevice *xendev);
 struct XenDevice *xen_be_del_xendev(int dom, int dev);
 struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev);
-- 
1.9.1

[Qemu-devel] [PATCH 02/19] xen: Create a new file xen_frontend.c

[Emil Condrea]

Its purpose is to store frontend related functions.

Signed-off-by: Quan Xu 
Signed-off-by: Emil Condrea 
---
 hw/block/xen_disk.c   |  1 +
 hw/display/xenfb.c|  1 +
 hw/net/xen_nic.c  |  1 +
 hw/xen/Makefile.objs  |  2 +-
 hw/xen/xen_backend.c  | 47 +
 hw/xen/xen_frontend.c | 70 +++
 include/hw/xen/xen_backend.h  |  3 --
 include/hw/xen/xen_frontend.h | 10 +++
 8 files changed, 85 insertions(+), 50 deletions(-)
 create mode 100644 hw/xen/xen_frontend.c
 create mode 100644 include/hw/xen/xen_frontend.h

diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index 90aca73..28fbf24 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -25,6 +25,7 @@
 
 #include "hw/hw.h"
 #include "hw/xen/xen_backend.h"
+#include "hw/xen/xen_frontend.h"
 #include "xen_blkif.h"
 #include "sysemu/blockdev.h"
 #include "sysemu/block-backend.h"
diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index 46b7d5e..5751113 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -30,6 +30,7 @@
 #include "ui/console.h"
 #include "sysemu/char.h"
 #include "hw/xen/xen_backend.h"
+#include "hw/xen/xen_frontend.h"
 
 #include 
 #include 
diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c
index 0b4ddae..bdfa789 100644
--- a/hw/net/xen_nic.c
+++ b/hw/net/xen_nic.c
@@ -29,6 +29,7 @@
 #include "net/checksum.h"
 #include "net/util.h"
 #include "hw/xen/xen_backend.h"
+#include "hw/xen/xen_frontend.h"
 
 #include 
 
diff --git a/hw/xen/Makefile.objs b/hw/xen/Makefile.objs
index 591cdc2..1000294 100644
--- a/hw/xen/Makefile.objs
+++ b/hw/xen/Makefile.objs
@@ -1,5 +1,5 @@
 # xen backend driver support
-common-obj-$(CONFIG_XEN_BACKEND) += xen_backend.o xen_devconfig.o xen_pvdev.o
+common-obj-$(CONFIG_XEN_BACKEND) += xen_backend.o xen_frontend.o 
xen_devconfig.o xen_pvdev.o
 
 obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen-host-pci-device.o
 obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pt.o xen_pt_config_init.o 
xen_pt_graphics.o xen_pt_msi.o
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index a251a4a..7a83a7d 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -30,6 +30,7 @@
 #include "sysemu/char.h"
 #include "qemu/log.h"
 #include "hw/xen/xen_backend.h"
+#include "hw/xen/xen_frontend.h"
 #include "hw/xen/xen_pvdev.h"
 
 #include 
@@ -124,21 +125,6 @@ int xenstore_read_be_int(struct XenDevice *xendev, const 
char *node, int *ival)
 return xenstore_read_int(xendev->be, node, ival);
 }
 
-char *xenstore_read_fe_str(struct XenDevice *xendev, const char *node)
-{
-return xenstore_read_str(xendev->fe, node);
-}
-
-int xenstore_read_fe_int(struct XenDevice *xendev, const char *node, int *ival)
-{
-return xenstore_read_int(xendev->fe, node, ival);
-}
-
-int xenstore_read_fe_uint64(struct XenDevice *xendev, const char *node, 
uint64_t *uval)
-{
-return xenstore_read_uint64(xendev->fe, node, uval);
-}
-
 /* - */
 
 int xen_be_set_state(struct XenDevice *xendev, enum xenbus_state state)
@@ -301,37 +287,6 @@ static void xen_be_backend_changed(struct XenDevice 
*xendev, const char *node)
 }
 }
 
-static void xen_be_frontend_changed(struct XenDevice *xendev, const char *node)
-{
-int fe_state;
-
-if (node == NULL  ||  strcmp(node, "state") == 0) {
-if (xenstore_read_fe_int(xendev, "state", _state) == -1) {
-fe_state = XenbusStateUnknown;
-}
-if (xendev->fe_state != fe_state) {
-xen_be_printf(xendev, 1, "frontend state: %s -> %s\n",
-  xenbus_strstate(xendev->fe_state),
-  xenbus_strstate(fe_state));
-}
-xendev->fe_state = fe_state;
-}
-if (node == NULL  ||  strcmp(node, "protocol") == 0) {
-g_free(xendev->protocol);
-xendev->protocol = xenstore_read_fe_str(xendev, "protocol");
-if (xendev->protocol) {
-xen_be_printf(xendev, 1, "frontend protocol: %s\n", 
xendev->protocol);
-}
-}
-
-if (node) {
-xen_be_printf(xendev, 2, "frontend update: %s\n", node);
-if (xendev->ops->frontend_changed) {
-xendev->ops->frontend_changed(xendev, node);
-}
-}
-}
-
 /* - */
 /* Check for possible state transitions and perform them.*/
 
diff --git a/hw/xen/xen_frontend.c b/hw/xen/xen_frontend.c
new file mode 100644
index 000..b4bf8da
--- /dev/null
+++ b/hw/xen/xen_frontend.c
@@ -0,0 +1,70 @@
+/*
+ * Xen frontend driver infrastructure
+ *
+ *  (c) 2008 Gerd Hoffmann 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) 

[Qemu-devel] [PATCH 03/19] xen: Move xenstore_update to xen_pvdev.c

[Emil Condrea]

 * xenstore_update -> xen_pvdev.c
 * xenstore_update_fe -> xen_frontend.c

Signed-off-by: Emil Condrea 
---
 hw/xen/xen_backend.c  | 43 +--
 hw/xen/xen_frontend.c | 18 ++
 hw/xen/xen_pvdev.c| 24 
 include/hw/xen/xen_backend.h  |  1 +
 include/hw/xen/xen_frontend.h |  1 +
 include/hw/xen/xen_pvdev.h|  1 +
 6 files changed, 46 insertions(+), 42 deletions(-)

diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index 7a83a7d..0a9f9bb 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -527,7 +527,7 @@ static int xenstore_scan(const char *type, int dom, struct 
XenDevOps *ops)
 return 0;
 }
 
-static void xenstore_update_be(char *watch, char *type, int dom,
+void xenstore_update_be(char *watch, char *type, int dom,
struct XenDevOps *ops)
 {
 struct XenDevice *xendev;
@@ -561,47 +561,6 @@ static void xenstore_update_be(char *watch, char *type, 
int dom,
 }
 }
 
-static void xenstore_update_fe(char *watch, struct XenDevice *xendev)
-{
-char *node;
-unsigned int len;
-
-len = strlen(xendev->fe);
-if (strncmp(xendev->fe, watch, len) != 0) {
-return;
-}
-if (watch[len] != '/') {
-return;
-}
-node = watch + len + 1;
-
-xen_be_frontend_changed(xendev, node);
-xen_be_check_state(xendev);
-}
-
-static void xenstore_update(void *unused)
-{
-char **vec = NULL;
-intptr_t type, ops, ptr;
-unsigned int dom, count;
-
-vec = xs_read_watch(xenstore, );
-if (vec == NULL) {
-goto cleanup;
-}
-
-if (sscanf(vec[XS_WATCH_TOKEN], "be:%" PRIxPTR ":%d:%" PRIxPTR,
-   , , ) == 3) {
-xenstore_update_be(vec[XS_WATCH_PATH], (void*)type, dom, (void*)ops);
-}
-if (sscanf(vec[XS_WATCH_TOKEN], "fe:%" PRIxPTR, ) == 1) {
-xenstore_update_fe(vec[XS_WATCH_PATH], (void*)ptr);
-}
-
-cleanup:
-free(vec);
-}
-
 static void xen_be_evtchn_event(void *opaque)
 {
 struct XenDevice *xendev = opaque;
diff --git a/hw/xen/xen_frontend.c b/hw/xen/xen_frontend.c
index b4bf8da..4e01169 100644
--- a/hw/xen/xen_frontend.c
+++ b/hw/xen/xen_frontend.c
@@ -68,3 +68,21 @@ void xen_be_frontend_changed(struct XenDevice *xendev, const 
char *node)
 }
 }
 }
+
+void xenstore_update_fe(char *watch, struct XenDevice *xendev)
+{
+char *node;
+unsigned int len;
+
+len = strlen(xendev->fe);
+if (strncmp(xendev->fe, watch, len) != 0) {
+return;
+}
+if (watch[len] != '/') {
+return;
+}
+node = watch + len + 1;
+
+xen_be_frontend_changed(xendev, node);
+xen_be_check_state(xendev);
+}
diff --git a/hw/xen/xen_pvdev.c b/hw/xen/xen_pvdev.c
index a444855..001fda2 100644
--- a/hw/xen/xen_pvdev.c
+++ b/hw/xen/xen_pvdev.c
@@ -20,6 +20,7 @@
 #include "qemu/osdep.h"
 
 #include "hw/xen/xen_backend.h"
+#include "hw/xen/xen_frontend.h"
 #include "hw/xen/xen_pvdev.h"
 
 static int debug = 0;
@@ -95,6 +96,29 @@ int xenstore_read_uint64(const char *base, const char *node, 
uint64_t *uval)
 return rc;
 }
 
+void xenstore_update(void *unused)
+{
+char **vec = NULL;
+intptr_t type, ops, ptr;
+unsigned int dom, count;
+
+vec = xs_read_watch(xenstore, );
+if (vec == NULL) {
+goto cleanup;
+}
+
+if (sscanf(vec[XS_WATCH_TOKEN], "be:%" PRIxPTR ":%d:%" PRIxPTR,
+   , , ) == 3) {
+xenstore_update_be(vec[XS_WATCH_PATH], (void*)type, dom, (void*)ops);
+}
+if (sscanf(vec[XS_WATCH_TOKEN], "fe:%" PRIxPTR, ) == 1) {
+xenstore_update_fe(vec[XS_WATCH_PATH], (void*)ptr);
+}
+
+cleanup:
+free(vec);
+}
+
 const char *xenbus_strstate(enum xenbus_state state)
 {
 static const char *const name[] = {
diff --git a/include/hw/xen/xen_backend.h b/include/hw/xen/xen_backend.h
index 0daaf7c..4832f79 100644
--- a/include/hw/xen/xen_backend.h
+++ b/include/hw/xen/xen_backend.h
@@ -19,6 +19,7 @@ int xenstore_write_be_int(struct XenDevice *xendev, const 
char *node, int ival);
 int xenstore_write_be_int64(struct XenDevice *xendev, const char *node, 
int64_t ival);
 char *xenstore_read_be_str(struct XenDevice *xendev, const char *node);
 int xenstore_read_be_int(struct XenDevice *xendev, const char *node, int 
*ival);
+void xenstore_update_be(char *watch, char *type, int dom, struct XenDevOps 
*ops);
 
 struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev);
 void xen_be_check_state(struct XenDevice *xendev);
diff --git a/include/hw/xen/xen_frontend.h b/include/hw/xen/xen_frontend.h
index 46485b9..7d87da4 100644
--- a/include/hw/xen/xen_frontend.h
+++ b/include/hw/xen/xen_frontend.h
@@ -4,6 +4,7 @@
 char *xenstore_read_fe_str(struct XenDevice *xendev, const char *node);
 int xenstore_read_fe_int(struct XenDevice *xendev, const char *node, int 
*ival);
 int xenstore_read_fe_uint64(struct XenDevice *xendev, const char *node, 

[Qemu-devel] [PATCH 01/19] xen: Create a new file xen_pvdev.c

[Emil Condrea]

The purpose of the new file is to store generic functions shared by frontend
and backends such as xenstore operations, xendevs.

Signed-off-by: Quan Xu 
Signed-off-by: Emil Condrea 
---
 hw/xen/Makefile.objs |   2 +-
 hw/xen/xen_backend.c | 125 +---
 hw/xen/xen_pvdev.c   | 149 +++
 include/hw/xen/xen_backend.h |  63 +-
 include/hw/xen/xen_pvdev.h   |  71 +
 5 files changed, 223 insertions(+), 187 deletions(-)
 create mode 100644 hw/xen/xen_pvdev.c
 create mode 100644 include/hw/xen/xen_pvdev.h

diff --git a/hw/xen/Makefile.objs b/hw/xen/Makefile.objs
index d367094..591cdc2 100644
--- a/hw/xen/Makefile.objs
+++ b/hw/xen/Makefile.objs
@@ -1,5 +1,5 @@
 # xen backend driver support
-common-obj-$(CONFIG_XEN_BACKEND) += xen_backend.o xen_devconfig.o
+common-obj-$(CONFIG_XEN_BACKEND) += xen_backend.o xen_devconfig.o xen_pvdev.o
 
 obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen-host-pci-device.o
 obj-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pt.o xen_pt_config_init.o 
xen_pt_graphics.o xen_pt_msi.o
diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index bab79b1..a251a4a 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -30,6 +30,7 @@
 #include "sysemu/char.h"
 #include "qemu/log.h"
 #include "hw/xen/xen_backend.h"
+#include "hw/xen/xen_pvdev.h"
 
 #include 
 
@@ -56,8 +57,6 @@ static QTAILQ_HEAD(xs_dirs_head, xs_dirs) xs_cleanup =
 static QTAILQ_HEAD(XenDeviceHead, XenDevice) xendevs = 
QTAILQ_HEAD_INITIALIZER(xendevs);
 static int debug = 0;
 
-/* - */
-
 static void xenstore_cleanup_dir(char *dir)
 {
 struct xs_dirs *d;
@@ -76,34 +75,6 @@ void xen_config_cleanup(void)
 }
 }
 
-int xenstore_write_str(const char *base, const char *node, const char *val)
-{
-char abspath[XEN_BUFSIZE];
-
-snprintf(abspath, sizeof(abspath), "%s/%s", base, node);
-if (!xs_write(xenstore, 0, abspath, val, strlen(val))) {
-return -1;
-}
-return 0;
-}
-
-char *xenstore_read_str(const char *base, const char *node)
-{
-char abspath[XEN_BUFSIZE];
-unsigned int len;
-char *str, *ret = NULL;
-
-snprintf(abspath, sizeof(abspath), "%s/%s", base, node);
-str = xs_read(xenstore, 0, abspath, );
-if (str != NULL) {
-/* move to qemu-allocated memory to make sure
- * callers can savely g_free() stuff. */
-ret = g_strdup(str);
-free(str);
-}
-return ret;
-}
-
 int xenstore_mkdir(char *path, int p)
 {
 struct xs_permissions perms[2] = {
@@ -128,48 +99,6 @@ int xenstore_mkdir(char *path, int p)
 return 0;
 }
 
-int xenstore_write_int(const char *base, const char *node, int ival)
-{
-char val[12];
-
-snprintf(val, sizeof(val), "%d", ival);
-return xenstore_write_str(base, node, val);
-}
-
-int xenstore_write_int64(const char *base, const char *node, int64_t ival)
-{
-char val[21];
-
-snprintf(val, sizeof(val), "%"PRId64, ival);
-return xenstore_write_str(base, node, val);
-}
-
-int xenstore_read_int(const char *base, const char *node, int *ival)
-{
-char *val;
-int rc = -1;
-
-val = xenstore_read_str(base, node);
-if (val && 1 == sscanf(val, "%d", ival)) {
-rc = 0;
-}
-g_free(val);
-return rc;
-}
-
-int xenstore_read_uint64(const char *base, const char *node, uint64_t *uval)
-{
-char *val;
-int rc = -1;
-
-val = xenstore_read_str(base, node);
-if (val && 1 == sscanf(val, "%"SCNu64, uval)) {
-rc = 0;
-}
-g_free(val);
-return rc;
-}
-
 int xenstore_write_be_str(struct XenDevice *xendev, const char *node, const 
char *val)
 {
 return xenstore_write_str(xendev->be, node, val);
@@ -212,20 +141,6 @@ int xenstore_read_fe_uint64(struct XenDevice *xendev, 
const char *node, uint64_t
 
 /* - */
 
-const char *xenbus_strstate(enum xenbus_state state)
-{
-static const char *const name[] = {
-[ XenbusStateUnknown  ] = "Unknown",
-[ XenbusStateInitialising ] = "Initialising",
-[ XenbusStateInitWait ] = "InitWait",
-[ XenbusStateInitialised  ] = "Initialised",
-[ XenbusStateConnected] = "Connected",
-[ XenbusStateClosing  ] = "Closing",
-[ XenbusStateClosed   ] = "Closed",
-};
-return (state < ARRAY_SIZE(name)) ? name[state] : "INVALID";
-}
-
 int xen_be_set_state(struct XenDevice *xendev, enum xenbus_state state)
 {
 int rc;
@@ -833,44 +748,6 @@ int xen_be_send_notify(struct XenDevice *xendev)
 return xenevtchn_notify(xendev->evtchndev, xendev->local_port);
 }
 
-/*
- * msg_level:
- *  0 == errors (stderr + logfile).
- *  1 == informative debug messages (logfile only).
- *  2 == noisy debug messages (logfile only).
- *  3 == will flood your log (logfile only).
- */
-void 

[Qemu-devel] [PATCH 06/19] xen: Rename xen_be_printf to xen_pv_printf

[Emil Condrea]

Prepare xen_be_printf to be used by both backend and frontends:
 * xen_be_printf -> xen_pv_printf

Signed-off-by: Emil Condrea 
---
 hw/block/xen_disk.c| 52 +++---
 hw/char/xen_console.c  | 10 -
 hw/display/xenfb.c | 42 ++---
 hw/net/xen_nic.c   | 22 ++--
 hw/usb/xen-usb.c   | 38 -
 hw/xen/xen_backend.c   | 44 +++
 hw/xen/xen_devconfig.c |  4 ++--
 hw/xen/xen_frontend.c  |  6 +++---
 hw/xen/xen_pvdev.c |  6 +++---
 include/hw/xen/xen_pvdev.h |  2 +-
 xen-common.c   |  4 ++--
 11 files changed, 115 insertions(+), 115 deletions(-)

diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index 28fbf24..ad3f519 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -165,12 +165,12 @@ static void destroy_grant(gpointer pgnt)
 xengnttab_handle *gnt = grant->blkdev->xendev.gnttabdev;
 
 if (xengnttab_unmap(gnt, grant->page, 1) != 0) {
-xen_be_printf(>blkdev->xendev, 0,
+xen_pv_printf(>blkdev->xendev, 0,
   "xengnttab_unmap failed: %s\n",
   strerror(errno));
 }
 grant->blkdev->persistent_gnt_count--;
-xen_be_printf(>blkdev->xendev, 3,
+xen_pv_printf(>blkdev->xendev, 3,
   "unmapped grant %p\n", grant->page);
 g_free(grant);
 }
@@ -182,11 +182,11 @@ static void remove_persistent_region(gpointer data, 
gpointer dev)
 xengnttab_handle *gnt = blkdev->xendev.gnttabdev;
 
 if (xengnttab_unmap(gnt, region->addr, region->num) != 0) {
-xen_be_printf(>xendev, 0,
+xen_pv_printf(>xendev, 0,
   "xengnttab_unmap region %p failed: %s\n",
   region->addr, strerror(errno));
 }
-xen_be_printf(>xendev, 3,
+xen_pv_printf(>xendev, 3,
   "unmapped grant region %p with %d pages\n",
   region->addr, region->num);
 g_free(region);
@@ -253,7 +253,7 @@ static int ioreq_parse(struct ioreq *ioreq)
 size_t len;
 int i;
 
-xen_be_printf(>xendev, 3,
+xen_pv_printf(>xendev, 3,
   "op %d, nr %d, handle %d, id %" PRId64 ", sector %" PRId64 
"\n",
   ioreq->req.operation, ioreq->req.nr_segments,
   ioreq->req.handle, ioreq->req.id, ioreq->req.sector_number);
@@ -273,28 +273,28 @@ static int ioreq_parse(struct ioreq *ioreq)
 case BLKIF_OP_DISCARD:
 return 0;
 default:
-xen_be_printf(>xendev, 0, "error: unknown operation (%d)\n",
+xen_pv_printf(>xendev, 0, "error: unknown operation (%d)\n",
   ioreq->req.operation);
 goto err;
 };
 
 if (ioreq->req.operation != BLKIF_OP_READ && blkdev->mode[0] != 'w') {
-xen_be_printf(>xendev, 0, "error: write req for ro device\n");
+xen_pv_printf(>xendev, 0, "error: write req for ro device\n");
 goto err;
 }
 
 ioreq->start = ioreq->req.sector_number * blkdev->file_blk;
 for (i = 0; i < ioreq->req.nr_segments; i++) {
 if (i == BLKIF_MAX_SEGMENTS_PER_REQUEST) {
-xen_be_printf(>xendev, 0, "error: nr_segments too big\n");
+xen_pv_printf(>xendev, 0, "error: nr_segments too big\n");
 goto err;
 }
 if (ioreq->req.seg[i].first_sect > ioreq->req.seg[i].last_sect) {
-xen_be_printf(>xendev, 0, "error: first > last sector\n");
+xen_pv_printf(>xendev, 0, "error: first > last sector\n");
 goto err;
 }
 if (ioreq->req.seg[i].last_sect * BLOCK_SIZE >= XC_PAGE_SIZE) {
-xen_be_printf(>xendev, 0, "error: page crossing\n");
+xen_pv_printf(>xendev, 0, "error: page crossing\n");
 goto err;
 }
 
@@ -306,7 +306,7 @@ static int ioreq_parse(struct ioreq *ioreq)
 qemu_iovec_add(>v, (void*)mem, len);
 }
 if (ioreq->start + ioreq->v.size > blkdev->file_size) {
-xen_be_printf(>xendev, 0, "error: access beyond end of 
file\n");
+xen_pv_printf(>xendev, 0, "error: access beyond end of 
file\n");
 goto err;
 }
 return 0;
@@ -329,7 +329,7 @@ static void ioreq_unmap(struct ioreq *ioreq)
 return;
 }
 if (xengnttab_unmap(gnt, ioreq->pages, ioreq->num_unmap) != 0) {
-xen_be_printf(>blkdev->xendev, 0,
+xen_pv_printf(>blkdev->xendev, 0,
   "xengnttab_unmap failed: %s\n",
   strerror(errno));
 }
@@ -341,7 +341,7 @@ static void ioreq_unmap(struct ioreq *ioreq)
 continue;
 }
 if (xengnttab_unmap(gnt, ioreq->page[i], 1) != 0) {
-xen_be_printf(>blkdev->xendev, 0,
+xen_pv_printf(>blkdev->xendev, 0,
   "xengnttab_unmap failed: 

[Qemu-devel] [v9 00/19] QEMU:Xen stubdom vTPM for HVM virtual machine(QEMU Part)

[Emil Condrea]

*INTRODUCTION*
The goal of virtual Trusted Platform Module (vTPM) is to provide a TPM
functionality to virtual machines (Fedora, Ubuntu, Redhat, Windows .etc).
This allows programs to interact with a TPM in a virtual machine the same
way they interact with a TPM on the physical system. Each virtual machine
gets its own unique, emulated, software TPM. Each major component of vTPM
is implemented as a stubdom, providing secure separation guaranteed by the
hypervisor.

The vTPM stubdom is a Xen mini-OS domain that emulates a TPM for the virtual
machine to use. It is a small wrapper around the Berlios TPM emulator. TPM
commands are passed from mini-os TPM backend driver.

*ARCHITECTURE*
The architecture of stubdom vTPM for HVM virtual machine:

++
| Windows/Linux DomU | ...
||  ^|
|v  ||
|  Qemu tpm1.2 Tis   |
||  ^|
|v  ||
| XenStubdoms backend|
++
 |  ^
 v  |
++
|  XenDevOps |
++
 |  ^
 v  |
++
|  mini-os/tpmback   |
||  ^|
|v  ||
|   vtpm-stubdom | ...
||  ^|
|v  ||
|  mini-os/tpmfront  |
++
 |  ^
 v  |
++
|  mini-os/tpmback   |
||  ^|
|v  ||
|  vtpmmgr-stubdom   |
||  ^|
|v  ||
|  mini-os/tpm_tis   |
++
 |  ^
 v  |
++
|Hardware TPM|
++

 * Windows/Linux DomU:
The HVM based guest that wants to use a vTPM. There may be
more than one of these.

 * Qemu tpm1.2 Tis:
Implementation of the tpm1.2 Tis interface for HVM virtual
machines. It is Qemu emulation device.

 * vTPM xenstubdoms driver:
Qemu vTPM driver. This driver provides vtpm initialization
and sending data and commends to a para-virtualized vtpm
stubdom.

 * XenDevOps:
Register Xen stubdom vTPM frontend driver, and transfer any
request/repond between TPM xenstubdoms driver and Xen vTPM
stubdom. Facilitate communications between Xen vTPM stubdom
and vTPM xenstubdoms driver.

 * mini-os/tpmback:
Mini-os TPM backend driver. The Linux frontend driver connects
to this backend driver to facilitate communications between the
Linux DomU and its vTPM. This driver is also used by vtpmmgr
stubdom to communicate with vtpm-stubdom.

 * vtpm-stubdom:
A mini-os stub domain that implements a vTPM. There is a
one to one mapping between running vtpm-stubdom instances and
logical vtpms on the system. The vTPM Platform Configuration
Registers (PCRs) are all initialized to zero.

 * mini-os/tpmfront:
Mini-os TPM frontend driver. The vTPM mini-os domain vtpm
stubdom uses this driver to communicate with vtpmmgr-stubdom.
This driver could also be used separately to implement a mini-os
domain that wishes to use a vTPM of its own.

 * vtpmmgr-stubdom:
A mini-os domain that implements the vTPM manager. There is only
one vTPM manager and it should be running during the entire lifetime
of the machine. vtpmmgr domain securely stores encryption keys for
each of the vtpms and accesses to the hardware TPM to get the root of
trust for the entire system.

 * mini-os/tpm_tis:
Mini-os TPM version 1.2 TPM Interface Specification (TIS) driver.
This driver used by vtpmmgr-stubdom to talk directly to the hardware
TPM. Communication is facilitated by mapping hardware memory pages
into vtpmmgr stubdom.

 * Hardware TPM: The physical TPM 1.2 that is soldered onto the motherboard.

---
Changes in v9
High level changes: (each patch has a detailed history versioning)
 * rebase on upstream qemu
 * refactor qemu xendevs, xenstore functions in order to be shared with both 
backend and frontends
 * convert tpm stubdoms to new qapi layout
 * use libxengnttab, libxenevtchn stable API instead of xc_* calls
 * added reset_tpm_established_flag and get_tpm_version for TPMDriverOps
 * instead of xen_frontend.c global variable xenstore_dev, use vtpm specific
xenstore_vtpm_dev (since it will be needed just for tpm_xenstubdoms qemu driver)


Emil Condrea (19):
  xen: Create a new file xen_pvdev.c
  xen: Create a new file xen_frontend.c
  xen: Move xenstore_update to xen_pvdev.c
  xen: Move evtchn functions to xen_pvdev.c
  xen: Prepare 

[Qemu-devel] [PATCH 05/19] xen: Prepare xendev qtail to be shared with frontends

[Emil Condrea]

 * move xendevs qtail to xen_pvdev.c
 * change xen_be_get_xendev to use a new function: xen_pv_insert_xendev

Signed-off-by: Emil Condrea 
---
 hw/xen/xen_backend.c  | 70 +---
 hw/xen/xen_pvdev.c| 75 +++
 include/hw/xen/xen_backend.h  |  1 -
 include/hw/xen/xen_frontend.h |  2 ++
 include/hw/xen/xen_pvdev.h|  4 +++
 5 files changed, 82 insertions(+), 70 deletions(-)

diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
index 5f2821a..2f7f1a6 100644
--- a/hw/xen/xen_backend.c
+++ b/hw/xen/xen_backend.c
@@ -55,7 +55,6 @@ struct xs_dirs {
 static QTAILQ_HEAD(xs_dirs_head, xs_dirs) xs_cleanup =
 QTAILQ_HEAD_INITIALIZER(xs_cleanup);
 
-static QTAILQ_HEAD(XenDeviceHead, XenDevice) xendevs = 
QTAILQ_HEAD_INITIALIZER(xendevs);
 static int debug = 0;
 
 static void xenstore_cleanup_dir(char *dir)
@@ -141,27 +140,6 @@ int xen_be_set_state(struct XenDevice *xendev, enum 
xenbus_state state)
 return 0;
 }
 
-/* - */
-
-struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev)
-{
-struct XenDevice *xendev;
-
-QTAILQ_FOREACH(xendev, , next) {
-if (xendev->dom != dom) {
-continue;
-}
-if (xendev->dev != dev) {
-continue;
-}
-if (strcmp(xendev->type, type) != 0) {
-continue;
-}
-return xendev;
-}
-return NULL;
-}
-
 /*
  * get xen backend device, allocate a new one if it doesn't exist.
  */
@@ -210,7 +188,7 @@ static struct XenDevice *xen_be_get_xendev(const char 
*type, int dom, int dev,
 xendev->gnttabdev = NULL;
 }
 
-QTAILQ_INSERT_TAIL(, xendev, next);
+xen_pv_insert_xendev(xendev);
 
 if (xendev->ops->alloc) {
 xendev->ops->alloc(xendev);
@@ -219,52 +197,6 @@ static struct XenDevice *xen_be_get_xendev(const char 
*type, int dom, int dev,
 return xendev;
 }
 
-/*
- * release xen backend device.
- */
-static struct XenDevice *xen_be_del_xendev(int dom, int dev)
-{
-struct XenDevice *xendev, *xnext;
-
-/*
- * This is pretty much like QTAILQ_FOREACH(xendev, , next) but
- * we save the next pointer in xnext because we might free xendev.
- */
-xnext = xendevs.tqh_first;
-while (xnext) {
-xendev = xnext;
-xnext = xendev->next.tqe_next;
-
-if (xendev->dom != dom) {
-continue;
-}
-if (xendev->dev != dev && dev != -1) {
-continue;
-}
-
-if (xendev->ops->free) {
-xendev->ops->free(xendev);
-}
-
-if (xendev->fe) {
-char token[XEN_BUFSIZE];
-snprintf(token, sizeof(token), "fe:%p", xendev);
-xs_unwatch(xenstore, xendev->fe, token);
-g_free(xendev->fe);
-}
-
-if (xendev->evtchndev != NULL) {
-xenevtchn_close(xendev->evtchndev);
-}
-if (xendev->gnttabdev != NULL) {
-xengnttab_close(xendev->gnttabdev);
-}
-
-QTAILQ_REMOVE(, xendev, next);
-g_free(xendev);
-}
-return NULL;
-}
 
 /*
  * Sync internal data structures on xenstore updates.
diff --git a/hw/xen/xen_pvdev.c b/hw/xen/xen_pvdev.c
index 7876724..042adeb 100644
--- a/hw/xen/xen_pvdev.c
+++ b/hw/xen/xen_pvdev.c
@@ -23,7 +23,9 @@
 #include "hw/xen/xen_frontend.h"
 #include "hw/xen/xen_pvdev.h"
 
+/* private */
 static int debug = 0;
+static QTAILQ_HEAD(XenDeviceHead, XenDevice) xendevs = 
QTAILQ_HEAD_INITIALIZER(xendevs);
 /* - */
 
 int xenstore_write_str(const char *base, const char *node, const char *val)
@@ -206,3 +208,76 @@ int xen_be_send_notify(struct XenDevice *xendev)
 {
 return xenevtchn_notify(xendev->evtchndev, xendev->local_port);
 }
+
+/* - */
+
+struct XenDevice *xen_be_find_xendev(const char *type, int dom, int dev)
+{
+struct XenDevice *xendev;
+
+QTAILQ_FOREACH(xendev, , next) {
+if (xendev->dom != dom) {
+continue;
+}
+if (xendev->dev != dev) {
+continue;
+}
+if (strcmp(xendev->type, type) != 0) {
+continue;
+}
+return xendev;
+}
+return NULL;
+}
+
+/*
+ * release xen backend device.
+ */
+struct XenDevice *xen_be_del_xendev(int dom, int dev)
+{
+struct XenDevice *xendev, *xnext;
+
+/*
+ * This is pretty much like QTAILQ_FOREACH(xendev, , next) but
+ * we save the next pointer in xnext because we might free xendev.
+ */
+xnext = xendevs.tqh_first;
+while (xnext) {
+xendev = xnext;
+xnext = xendev->next.tqe_next;
+
+if (xendev->dom != dom) {
+continue;
+}
+if (xendev->dev != dev && dev != -1) {
+continue;
+}
+
+if