[Qemu-devel] [PATCH V3 1/2] arm64: Add an option to turn on/off vPMU support

[Wei Huang]

This patch adds a pmu=[on/off] option to enable/disable vPMU support
in guest vCPU. This option is only available for cortex-a57/cortex-53/
host under both TCG and KVM modes, but unavailable on ARMv7 and other
processors. It allows virt tools, such as libvirt, to determine the
exsitence of vPMU and configure it. Note that this option, turned off
by default, can only be turned on under KVM mode; otherwise a warning
message will be printed out.

Signed-off-by: Wei Huang 
---
 hw/arm/virt-acpi-build.c |  2 +-
 hw/arm/virt.c|  2 +-
 target-arm/cpu.c | 22 ++
 target-arm/cpu.h |  1 +
 target-arm/cpu64.c   |  2 ++
 target-arm/kvm64.c   | 19 +++
 6 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 295ec86..8b3083e 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -540,7 +540,7 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
VirtGuestInfo *guest_info)
 gicc->uid = i;
 gicc->flags = cpu_to_le32(ACPI_GICC_ENABLED);
 
-if (armcpu->has_pmu) {
+if (arm_feature(>env, ARM_FEATURE_PMU)) {
 gicc->performance_interrupt = cpu_to_le32(PPI(VIRTUAL_PMU_IRQ));
 }
 }
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a193b5a..a781ad0 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -477,7 +477,7 @@ static void fdt_add_pmu_nodes(const VirtBoardInfo *vbi, int 
gictype)
 
 CPU_FOREACH(cpu) {
 armcpu = ARM_CPU(cpu);
-if (!armcpu->has_pmu ||
+if (!arm_feature(>env, ARM_FEATURE_PMU) ||
 !kvm_arm_pmu_create(cpu, PPI(VIRTUAL_PMU_IRQ))) {
 return;
 }
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index ce8b8f4..d304597 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -19,6 +19,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "cpu.h"
 #include "internals.h"
@@ -509,6 +510,10 @@ static Property arm_cpu_rvbar_property =
 static Property arm_cpu_has_el3_property =
 DEFINE_PROP_BOOL("has_el3", ARMCPU, has_el3, true);
 
+/* use property name "pmu" to match other archs and virt tools */
+static Property arm_cpu_has_pmu_property =
+DEFINE_PROP_BOOL("pmu", ARMCPU, has_pmu, false);
+
 static Property arm_cpu_has_mpu_property =
 DEFINE_PROP_BOOL("has-mpu", ARMCPU, has_mpu, true);
 
@@ -552,6 +557,11 @@ static void arm_cpu_post_init(Object *obj)
 #endif
 }
 
+if (arm_feature(>env, ARM_FEATURE_PMU)) {
+qdev_property_add_static(DEVICE(obj), _cpu_has_pmu_property,
+ _abort);
+}
+
 if (arm_feature(>env, ARM_FEATURE_MPU)) {
 qdev_property_add_static(DEVICE(obj), _cpu_has_mpu_property,
  _abort);
@@ -576,6 +586,7 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 ARMCPU *cpu = ARM_CPU(dev);
 ARMCPUClass *acc = ARM_CPU_GET_CLASS(dev);
 CPUARMState *env = >env;
+static bool pmu_warned;
 
 /* Some features automatically imply others: */
 if (arm_feature(env, ARM_FEATURE_V8)) {
@@ -648,6 +659,17 @@ static void arm_cpu_realizefn(DeviceState *dev, Error 
**errp)
 cpu->id_aa64pfr0 &= ~0xf000;
 }
 
+if (cpu->has_pmu && !kvm_enabled()) {
+cpu->has_pmu = false;
+if (!pmu_warned) {
+error_report("warning: pmu can't be enabled without KVM 
acceleration");
+pmu_warned = true;
+}
+}
+if (!cpu->has_pmu) {
+unset_feature(env, ARM_FEATURE_PMU);
+}
+
 if (!arm_feature(env, ARM_FEATURE_EL2)) {
 /* Disable the hypervisor feature bits in the processor feature
  * registers if we don't have EL2. These are id_pfr1[15:12] and
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 76d824d..5d9e6e7 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -1129,6 +1129,7 @@ enum arm_features {
 ARM_FEATURE_V8_SHA256, /* implements SHA256 part of v8 Crypto Extensions */
 ARM_FEATURE_V8_PMULL, /* implements PMULL part of v8 Crypto Extensions */
 ARM_FEATURE_THUMB_DSP, /* DSP insns supported in the Thumb encodings */
+ARM_FEATURE_PMU, /* has PMU support */
 };
 
 static inline int arm_feature(CPUARMState *env, int feature)
diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
index 1635deb..549cb1e 100644
--- a/target-arm/cpu64.c
+++ b/target-arm/cpu64.c
@@ -111,6 +111,7 @@ static void aarch64_a57_initfn(Object *obj)
 set_feature(>env, ARM_FEATURE_V8_PMULL);
 set_feature(>env, ARM_FEATURE_CRC);
 set_feature(>env, ARM_FEATURE_EL3);
+set_feature(>env, ARM_FEATURE_PMU);
 cpu->kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A57;
 cpu->midr = 0x411fd070;
 cpu->revidr = 0x;
@@ -166,6 +167,7 @@ static void aarch64_a53_initfn(Object *obj)
 set_feature(>env, ARM_FEATURE_V8_PMULL);
 set_feature(>env, ARM_FEATURE_CRC);
 

[Qemu-devel] [PATCH V3 0/2] Add option to configure guest vPMU

[Wei Huang]

This patchset adds a pmu=[on/off] option to enable/disable vPMU support 
for guest VM. There are several reasons to justify this option. First,
vPMU can be problematic for cross-migration between different SoC as perf
counters are architecture-dependent. It is more flexible to have an option
to turn it on/off. Secondly Secondly this option matches the "pmu" option
as supported in libvirt. To make sure backward compatible, a PMU property
is added to mach-virt machine types.

V2->V3:
  * revise patch 1 commit msg and if-else statement (Drew) 
  * move property field into VirtMachineClass (Drew)

V1->V2:
  * keep the original field name as "has_pmu"
  * add a warning message when PMU is turned on without KVM
  * use the feature bit to check PMU availability, instead of using has_pmu
  * add PMU compat support to mach-virt machine type

RFC->V1:
  * set default pmu=off
  * change struct ARMCPU field name "has_pmu" ==> "has_host_pmu"
  * like el3, add a new feature ARM_FEATURE_HOST_PMU
  * "pmu" property becomes CPU dependent. Only cortex-a53/cortex-a57/host
running on kvm supports this option.

-Wei

Wei Huang (2):
  arm64: Add an option to turn on/off vPMU support
  arm: virt: add PMU property to mach-virt machine type

 hw/arm/virt-acpi-build.c |  2 +-
 hw/arm/virt.c| 15 ++-
 target-arm/cpu.c | 22 ++
 target-arm/cpu.h |  1 +
 target-arm/cpu64.c   |  2 ++
 target-arm/kvm64.c   | 19 +++
 6 files changed, 55 insertions(+), 6 deletions(-)

-- 
1.8.3.1

[Qemu-devel] [PATCH V3 2/2] arm: virt: add PMU property to mach-virt machine type

[Wei Huang]

CPU vPMU is now turned off by default, but it was ON in virt-2.7
machine type. To solve this problem, this patch adds a PMU option
in machine state, which is used to control CPU's vPMU status. This
PMU option is not exposed to command line and is turned on in
virt-2.7 machine type to make sure it is backward compatible.

Signed-off-by: Wei Huang 
---
 hw/arm/virt.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a781ad0..a3fc454 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -84,6 +84,7 @@ typedef struct {
 MachineClass parent;
 VirtBoardInfo *daughterboard;
 bool disallow_affinity_adjustment;
+bool pmu_default_on;
 } VirtMachineClass;
 
 typedef struct {
@@ -1317,6 +1318,11 @@ static void machvirt_init(MachineState *machine)
 }
 }
 
+if (vmc->pmu_default_on) {
+/* Property name is "pmu", defined in arm_cpu_has_pmu_property */
+object_property_set_bool(cpuobj, true, "pmu", NULL);
+}
+
 if (object_property_find(cpuobj, "reset-cbar", NULL)) {
 object_property_set_int(cpuobj, vbi->memmap[VIRT_CPUPERIPHS].base,
 "reset-cbar", _abort);
@@ -1514,6 +1520,9 @@ static void virt_2_7_instance_init(Object *obj)
 
 static void virt_machine_2_7_options(MachineClass *mc)
 {
+VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
+
+vmc->pmu_default_on = true;
 }
 DEFINE_VIRT_MACHINE_AS_LATEST(2, 7)
 
@@ -1532,5 +1541,9 @@ static void virt_machine_2_6_options(MachineClass *mc)
 virt_machine_2_7_options(mc);
 SET_MACHINE_COMPAT(mc, VIRT_COMPAT_2_6);
 vmc->disallow_affinity_adjustment = true;
+/* Disable PMU for 2.6 and down as PMU support was first introduced
+ * and enabled in 2.7.
+ */
+vmc->pmu_default_on = false;
 }
 DEFINE_VIRT_MACHINE(2, 6)
-- 
1.8.3.1

Re: [Qemu-devel] [RFC PATCH v1 13/22] hmp: update 'info kvm' to display SEV status

[Michael S. Tsirkin]

On Wed, Sep 14, 2016 at 11:16:12AM -0500, Brijesh Singh wrote:
> Hi Eric,
> 
> Thanks for feedback.
> 
> > >  # @present: true if KVM acceleration is built into this executable
> > >  #
> > > +# @sev: true if SEV is active
> > 
> > Worth expanding what the acronym stands for.  Also needs a '(since 2.8)'
> > designator.
> > 
> will fix in v2.
> 
> > > +#
> > >  # Since: 0.14.0
> > >  ##
> > > -{ 'struct': 'KvmInfo', 'data': {'enabled': 'bool', 'present': 'bool'} }
> > > +{ 'struct': 'KvmInfo', 'data': {'enabled': 'bool', 'present': 'bool', 
> > > 'sev' : 'bool'} }
> > 
> > Long line; please wrap to keep it under 80 columns.
> > 
> will fix in v2.

So memory-encryption : bool
Etc everywhere.

-- 
MST

Re: [Qemu-devel] [PATCH] pc: apic: introduce APIC macro

[Michael S. Tsirkin]

On Thu, Sep 15, 2016 at 08:43:33AM +0800, Wanpeng Li wrote:
> From: Wanpeng Li 
> 
> Introduce a new APIC macro to replace APIC_COMMON macro in 
> hw/intc/apic.c in order to capture access LAPIC in qemu 
> even if LAPIC is emulated in kvm.
> 
> Suggested-by: Paolo Bonzini 
> Cc: Paolo Bonzini 
> Cc: Radim Krčmář 
> Cc: Michael S. Tsirkin 
> Cc: Eduardo Habkost 
> Signed-off-by: Wanpeng Li 


Reviewed-by: Michael S. Tsirkin 

> ---
>  hw/intc/apic.c  | 20 ++--
>  include/hw/i386/apic_internal.h |  4 
>  2 files changed, 14 insertions(+), 10 deletions(-)
> 
> diff --git a/hw/intc/apic.c b/hw/intc/apic.c
> index 45887d9..577f095 100644
> --- a/hw/intc/apic.c
> +++ b/hw/intc/apic.c
> @@ -163,7 +163,7 @@ static void apic_local_deliver(APICCommonState *s, int 
> vector)
>  
>  void apic_deliver_pic_intr(DeviceState *dev, int level)
>  {
> -APICCommonState *s = APIC_COMMON(dev);
> +APICCommonState *s = APIC(dev);
>  
>  if (level) {
>  apic_local_deliver(s, APIC_LVT_LINT0);
> @@ -373,7 +373,7 @@ static void apic_update_irq(APICCommonState *s)
>  
>  void apic_poll_irq(DeviceState *dev)
>  {
> -APICCommonState *s = APIC_COMMON(dev);
> +APICCommonState *s = APIC(dev);
>  
>  apic_sync_vapic(s, SYNC_FROM_VAPIC);
>  apic_update_irq(s);
> @@ -479,7 +479,7 @@ static void apic_startup(APICCommonState *s, int 
> vector_num)
>  
>  void apic_sipi(DeviceState *dev)
>  {
> -APICCommonState *s = APIC_COMMON(dev);
> +APICCommonState *s = APIC(dev);
>  
>  cpu_reset_interrupt(CPU(s->cpu), CPU_INTERRUPT_SIPI);
>  
> @@ -493,7 +493,7 @@ static void apic_deliver(DeviceState *dev, uint8_t dest, 
> uint8_t dest_mode,
>   uint8_t delivery_mode, uint8_t vector_num,
>   uint8_t trigger_mode)
>  {
> -APICCommonState *s = APIC_COMMON(dev);
> +APICCommonState *s = APIC(dev);
>  uint32_t deliver_bitmask[MAX_APIC_WORDS];
>  int dest_shorthand = (s->icr[0] >> 18) & 3;
>  APICCommonState *apic_iter;
> @@ -550,7 +550,7 @@ static bool apic_check_pic(APICCommonState *s)
>  
>  int apic_get_interrupt(DeviceState *dev)
>  {
> -APICCommonState *s = APIC_COMMON(dev);
> +APICCommonState *s = APIC(dev);
>  int intno;
>  
>  /* if the APIC is installed or enabled, we let the 8259 handle the
> @@ -584,7 +584,7 @@ int apic_get_interrupt(DeviceState *dev)
>  
>  int apic_accept_pic_intr(DeviceState *dev)
>  {
> -APICCommonState *s = APIC_COMMON(dev);
> +APICCommonState *s = APIC(dev);
>  uint32_t lvt0;
>  
>  if (!s)
> @@ -663,7 +663,7 @@ static uint32_t apic_mem_readl(void *opaque, hwaddr addr)
>  if (!dev) {
>  return 0;
>  }
> -s = APIC_COMMON(dev);
> +s = APIC(dev);
>  
>  index = (addr >> 4) & 0xff;
>  switch(index) {
> @@ -766,7 +766,7 @@ static void apic_mem_writel(void *opaque, hwaddr addr, 
> uint32_t val)
>  if (!dev) {
>  return;
>  }
> -s = APIC_COMMON(dev);
> +s = APIC(dev);
>  
>  trace_apic_mem_writel(addr, val);
>  
> @@ -870,7 +870,7 @@ static const MemoryRegionOps apic_io_ops = {
>  
>  static void apic_realize(DeviceState *dev, Error **errp)
>  {
> -APICCommonState *s = APIC_COMMON(dev);
> +APICCommonState *s = APIC(dev);
>  
>  if (s->id >= MAX_APICS) {
>  error_setg(errp, "%s initialization failed. APIC ID %d is invalid",
> @@ -889,7 +889,7 @@ static void apic_realize(DeviceState *dev, Error **errp)
>  
>  static void apic_unrealize(DeviceState *dev, Error **errp)
>  {
> -APICCommonState *s = APIC_COMMON(dev);
> +APICCommonState *s = APIC(dev);
>  
>  timer_del(s->timer);
>  timer_free(s->timer);
> diff --git a/include/hw/i386/apic_internal.h b/include/hw/i386/apic_internal.h
> index 06c4e9f..5e36016 100644
> --- a/include/hw/i386/apic_internal.h
> +++ b/include/hw/i386/apic_internal.h
> @@ -131,6 +131,10 @@ typedef struct APICCommonState APICCommonState;
>  #define APIC_COMMON_GET_CLASS(obj) \
>   OBJECT_GET_CLASS(APICCommonClass, (obj), TYPE_APIC_COMMON)
>  
> +#define TYPE_APIC "apic"
> +#define APIC(obj) \
> +OBJECT_CHECK(APICCommonState, (obj), TYPE_APIC)
> +
>  typedef struct APICCommonClass
>  {
>  DeviceClass parent_class;
> -- 
> 1.9.1

Re: [Qemu-devel] [PATCH v7 0/2] qemu-qdisk: Implementation of grant copy operation.

[Stefano Stabellini]

Hi Wei,

I am happy to queue up this for QEMU, but I'll wait for the first patch
to be committed to Xen before sending a pull request. Is that OK?

Cheers,

Stefano

On Wed, 14 Sep 2016, Paulina Szubarczyk wrote:
> Hi,
> 
> It is a proposition for implementation of grant copy operation in qemu-qdisk 
> and interface in libxc/libs. 
> 
> Changes since v6:
> qemu-qdisk:
> -removed blank lines
> -renamed functions free_buffers -> ioreq_free_copy_buffers,
>  ioreq_copy -> ioreq_grant_copy
> -merged the if(ioreq_copy) with the conditions above
> 
> Changes since v5:
> qemu-qdisk:
> -added checking of every interface in the configure file. Based on
>  the Roger's comment that xengnttab_map_grant_ref was added prior
>  xengnttab_grant_copy, thus do not need to be check again here
>  I dropped this check.
> 
> Changes since v4:
> Interface:
> - changed the subject line
> - changed the comment in libs/gnttab/include/xengnttab.h according
>   to the David's suggestion.
> - removed unnecessary braces.
> 
> qemu-qdisk:
> - in the configure file check only if xengnttab_grant_copy is
>   implemented to verify 480 version of Xen.
> - remove r variable and initialization of count to 0 in
>   ioreq_copy.
> 
> - surround free_buffers, ioreq_init_copy_buffers and ioreq_copy
>   by "#if CONFIG_XEN_CTRL_INTERFACE_VERSION >= 480" abort in else
>   path because the function should not be called in that case.
> - replace the definition of struct xengnttab_grant_copy_segment
>   and a typedef to it with
>   'typedef void* xengnttab_grant_copy_segment_t'.
> - moved the new code in the xen_common.h to the end of the file.
> 
> Changes since v3:
> Interface:
> - revert to cast from xengnttab_grant_copy_segment_t
>   to ioctl_gntdev_grant_copy.
> - added compile-time check to compare the libs
>   xengnttab_grant_copy_segment_t with the ioctl structure.
>   The patch relies on Wei patch introducing XENGNTTAB_BUILD_BUG_ON in 
> libs/gnttab.
> 
> qemu-qdisk:
> - qemu_memalign/qemu_free is used instead function allocating
>   memory from xc.
> - removed the get_buffer function instead there is a direct call
>   to qemu_memalign.
> - moved ioreq_copy for write operation to ioreq_runio_qemu_aio.
> - added struct xengnttab_grant_copy_segment_t and stub in
>   xen_common.h for version of Xen earlier then 480.
> - added checking for version 480 to configure. The test repeats
>   all the operation that are required for version < 480 and
>   checks if xengnttab_grant_copy() is implemented.
> 
> Changes since v2:
> Interface:
> - dropped the changes in libxc/include/xenctrl_compat
> - changed the MINOR version in Makefile
> - replaced 'return -1' -> 'abort()'in libs/gnttab/gnttab_unimp.c
> - moved the struct 'xengnttab_copy_grant_segment' to 
>   libs/gnttab/include/xengnttab.h
> - added explicit assingment to ioctl_gntdev_grant_copy_segment 
>   to the linux part
> 
> qemu-qdisk:
> - to use the xengnttab_* function directly added -lxengnttab to configure
>   and include  in include/hw/xen/xen_common.h
> - in ioreq_copy removed an out path, changed a log level, made explicit 
>   assignement to 'xengnttab_copy_grant_segment'
> * I did not change the way of testing if grant_copy operation is implemented.
>   As far as I understand if the code from gnttab_unimp.c is used then the 
> gnttab 
>   device is unavailable and the handler to gntdev would be invalid. But 
>   if the handler is valid then the ioctl should return operation 
> unimplemented 
>   if the gntdev does not implement the operation.
> 
> 
> Changes since v1:
> Interface:
> - changed the interface to call grant copy operation to match ioctl
>   int xengnttab_grant_copy(xengnttab_handle *xgt,
>uint32_t count,
>xengnttab_grant_copy_segment_t* segs)
> 
> - added a struct 'xengnttab_copy_grant_segment' definition to tools/libs  
>   /gnttab/private.h, tools/libxc/include/xenctrl_compat.h
> 
> - changed the function 'osdep_gnttab_grant_copy' which right now just
>   call the ioctl
> 
> - added a new VER1.1 to tools/libs/gnttab/libxengnttab.map 
> 
> qemu-qdisk:
> - removed the 'ioreq_write','ioreq_read_init','ioreq_read' functions 
> - implemented 'ioreq_init_copy_buffers', 'ioreq_copy' 
> - reverted the removal of grant map and introduced conditional invoking
>   grant copy or grant map
> - resigned from caching the local buffers on behalf of allocating the 
>   required amount of pages at once. The cached structure would require 
>   to have an lock guard and I suppose that the performance improvement 
>   would degraded. 
>  
> 
> For the functional test I attached the device with a qdisk backend to the 
> guest, mounted, performed some reads and writes.
> 
> I run fio tests[1] with different iodepth and size of the block. The test can 
> be 
> accessed on my github[2] but mainly after the warm up I run for 60 seconds:
> fio --time_based \
>   --clocksource=clock_gettime \
>   

Re: [Qemu-devel] [PATCH RESEND v2 11/17] target-ppc: implement darn instruction

[David Gibson]

On Mon, Sep 12, 2016 at 12:11:40PM +0530, Nikunj A Dadhania wrote:
> From: Ravi Bangoria 
> 
> darn: Deliver A Random Number
> 
> Currently return invalid random number for all the case. This needs
> proper algorithm to provide cryptographically suitable random data.
> Reading from /dev/random can block and that is not an expected behaviour
> while the cpu instruction is getting executed. Moreover, /dev/random
> would only work for linux-user
> 
> Signed-off-by: Ravi Bangoria 
> Signed-off-by: Nikunj A Dadhania 
> ---
>  target-ppc/helper.h |  2 ++
>  target-ppc/int_helper.c | 16 
>  target-ppc/translate.c  | 18 ++
>  3 files changed, 36 insertions(+)
> 
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index e75d070..966f2ce 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -50,6 +50,8 @@ DEF_HELPER_FLAGS_1(cnttzd, TCG_CALL_NO_RWG_SE, tl, tl)
>  DEF_HELPER_FLAGS_1(popcntd, TCG_CALL_NO_RWG_SE, tl, tl)
>  DEF_HELPER_FLAGS_2(bpermd, TCG_CALL_NO_RWG_SE, i64, i64, i64)
>  DEF_HELPER_3(srad, tl, env, tl, tl)
> +DEF_HELPER_0(darn32, tl)
> +DEF_HELPER_0(darn64, tl)
>  #endif
>  
>  DEF_HELPER_FLAGS_1(cntlsw32, TCG_CALL_NO_RWG_SE, i32, i32)
> diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
> index 291fba0..51a9ac5 100644
> --- a/target-ppc/int_helper.c
> +++ b/target-ppc/int_helper.c
> @@ -182,6 +182,22 @@ target_ulong helper_cnttzd(target_ulong t)
>  {
>  return ctz64(t);
>  }
> +
> +/* Return invalid random number.
> + *
> + * FIXME: Add rng backend or other mechanism to get cryptographically 
> suitable
> + * random number
> + */
> +target_ulong helper_darn32(void)
> +{
> +return -1;
> +}
> +
> +target_ulong helper_darn64(void)
> +{
> +return -1;
> +}
> +

TBH, I think you're going to want a single helper for both 32-bit and
64-bit cases.

>  #endif
>  
>  #if defined(TARGET_PPC64)
> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> index 133c531..e9dad3f 100644
> --- a/target-ppc/translate.c
> +++ b/target-ppc/translate.c
> @@ -528,6 +528,8 @@ EXTRACT_HELPER(FPW, 16, 1);
>  
>  /* addpcis */
>  EXTRACT_HELPER_DXFORM(DX, 10, 6, 6, 5, 16, 1, 1, 0, 0)
> +/* darn */
> +EXTRACT_HELPER(L, 16, 2);
>  
>  /***Jump target decoding   
> ***/
>  /* Immediate address */
> @@ -1895,6 +1897,21 @@ static void gen_cnttzd(DisasContext *ctx)
>  gen_set_Rc0(ctx, cpu_gpr[rA(ctx->opcode)]);
>  }
>  }
> +
> +/* darn */
> +static void gen_darn(DisasContext *ctx)
> +{
> +int l = L(ctx->opcode);
> +
> +if (l == 0) {
> +gen_helper_darn32(cpu_gpr[rD(ctx->opcode)]);
> +} else if (l <= 2) {
> +/* Return 64-bit random for both CRN and RRN */
> +gen_helper_darn64(cpu_gpr[rD(ctx->opcode)]);

So it might be simpler to just leave out the helper stubs for now, and
always return the invalid value from the generated code.

> +} else {
> +tcg_gen_movi_i64(cpu_gpr[rD(ctx->opcode)], -1);
> +}
> +}
>  #endif
>  
>  /*** Integer rotate
> ***/
> @@ -6212,6 +6229,7 @@ GEN_HANDLER_E(prtyw, 0x1F, 0x1A, 0x04, 0xF801, 
> PPC_NONE, PPC2_ISA205),
>  GEN_HANDLER(popcntd, 0x1F, 0x1A, 0x0F, 0xF801, PPC_POPCNTWD),
>  GEN_HANDLER(cntlzd, 0x1F, 0x1A, 0x01, 0x, PPC_64B),
>  GEN_HANDLER_E(cnttzd, 0x1F, 0x1A, 0x11, 0x, PPC_NONE, PPC2_ISA300),
> +GEN_HANDLER_E(darn, 0x1F, 0x13, 0x17, 0x001CF801, PPC_NONE, PPC2_ISA300),
>  GEN_HANDLER_E(prtyd, 0x1F, 0x1A, 0x05, 0xF801, PPC_NONE, PPC2_ISA205),
>  GEN_HANDLER_E(bpermd, 0x1F, 0x1C, 0x07, 0x0001, PPC_NONE, 
> PPC2_PERM_ISA206),
>  #endif

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH RESEND v2 15/17] target-ppc: add lxvb16x and lxvh8x

[David Gibson]

On Mon, Sep 12, 2016 at 12:11:44PM +0530, Nikunj A Dadhania wrote:
> lxvb16x: Load VSX Vector Byte*16
> lxvh8x:  Load VSX Vector Halfword*8
> 
> Signed-off-by: Nikunj A Dadhania 
> ---
>  target-ppc/helper.h |  1 +
>  target-ppc/mem_helper.c |  6 
>  target-ppc/translate/vsx-impl.inc.c | 57 
> +
>  target-ppc/translate/vsx-ops.inc.c  |  2 ++
>  4 files changed, 66 insertions(+)
> 
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index 1bbeac4..6de0db7 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -298,6 +298,7 @@ DEF_HELPER_3(lvebx, void, env, avr, tl)
>  DEF_HELPER_3(lvehx, void, env, avr, tl)
>  DEF_HELPER_3(lvewx, void, env, avr, tl)
>  DEF_HELPER_1(bswap32x2, i64, i64)
> +DEF_HELPER_1(bswap16x4, i64, i64)
>  DEF_HELPER_3(stvebx, void, env, avr, tl)
>  DEF_HELPER_3(stvehx, void, env, avr, tl)
>  DEF_HELPER_3(stvewx, void, env, avr, tl)
> diff --git a/target-ppc/mem_helper.c b/target-ppc/mem_helper.c
> index a56051a..608803f 100644
> --- a/target-ppc/mem_helper.c
> +++ b/target-ppc/mem_helper.c
> @@ -290,6 +290,12 @@ uint64_t helper_bswap32x2(uint64_t x)
>  return deposit64((x >> 32), 32, 32, (x));
>  }
>  
> +uint64_t helper_bswap16x4(uint64_t x)
> +{
> +uint64_t m = 0x00ff00ff00ff00ffull;
> +return ((x & m) << 8) | ((x >> 8) & m);
> +}

This doesn't seem to match the bswap32x2 function above.  bswap32x2
just swaps the two 32-bit words in the 64-bit word.  This one swaps
the bytes in each individual 16 bit work in the 64-bit word.

I suspect the bswap32x2 is wrong, which would explain why the previous
patch didn't seem to make sense.

> +
>  #undef HI_IDX
>  #undef LO_IDX
>  
> diff --git a/target-ppc/translate/vsx-impl.inc.c 
> b/target-ppc/translate/vsx-impl.inc.c
> index e3374df..caa6660 100644
> --- a/target-ppc/translate/vsx-impl.inc.c
> +++ b/target-ppc/translate/vsx-impl.inc.c
> @@ -108,6 +108,63 @@ static void gen_lxvw4x(DisasContext *ctx)
>  tcg_temp_free(EA);
>  }
>  
> +static void gen_lxvb16x(DisasContext *ctx)
> +{
> +TCGv EA;
> +TCGv_i64 xth = cpu_vsrh(xT(ctx->opcode));
> +TCGv_i64 xtl = cpu_vsrl(xT(ctx->opcode));
> +
> +if (unlikely(!ctx->vsx_enabled)) {
> +gen_exception(ctx, POWERPC_EXCP_VSXU);
> +return;
> +}
> +gen_set_access_type(ctx, ACCESS_INT);
> +EA = tcg_temp_new();
> +gen_addr_reg_index(ctx, EA);
> +if (ctx->le_mode) {
> +tcg_gen_qemu_ld_i64(xth, EA, ctx->mem_idx, MO_BEQ);
> +tcg_gen_addi_tl(EA, EA, 8);
> +tcg_gen_qemu_ld_i64(xtl, EA, ctx->mem_idx, MO_BEQ);
> +} else {
> +tcg_gen_qemu_ld_i64(xth, EA, ctx->mem_idx, MO_LEQ);
> +gen_helper_bswap32x2(xth, xth);

I really don't understand how a bswap32x2 helps here, either as it's
defined now, or as I suspect it should be defined by analogy with
bswap16x4.

> +tcg_gen_addi_tl(EA, EA, 8);
> +tcg_gen_qemu_ld_i64(xtl, EA, ctx->mem_idx, MO_LEQ);
> +gen_helper_bswap32x2(xtl, xtl);

Also.. if I'm understanding the ISA correctly, this instruction loads
subsequent higher-address bytes into subsequent (i.e. less signficant,
since IBM uses BE bit/byte numbering) bytes in the vector.  Doesn't
that mean you want a BE load in all cases, not just the LE guest case?

> +}
> +tcg_temp_free(EA);
> +}
> +
> +static void gen_lxvh8x(DisasContext *ctx)
> +{
> +TCGv EA;
> +TCGv_i64 xth = cpu_vsrh(xT(ctx->opcode));
> +TCGv_i64 xtl = cpu_vsrl(xT(ctx->opcode));
> +
> +if (unlikely(!ctx->vsx_enabled)) {
> +gen_exception(ctx, POWERPC_EXCP_VSXU);
> +return;
> +}
> +gen_set_access_type(ctx, ACCESS_INT);
> +EA = tcg_temp_new();
> +gen_addr_reg_index(ctx, EA);
> +
> +if (ctx->le_mode) {
> +tcg_gen_qemu_ld_i64(xth, EA, ctx->mem_idx, MO_BEQ);
> +gen_helper_bswap16x4(xth, xth);
> +tcg_gen_addi_tl(EA, EA, 8);
> +tcg_gen_qemu_ld_i64(xtl, EA, ctx->mem_idx, MO_BEQ);
> +gen_helper_bswap16x4(xtl, xtl);
> +} else {
> +tcg_gen_qemu_ld_i64(xth, EA, ctx->mem_idx, MO_LEQ);
> +gen_helper_bswap32x2(xth, xth);
> +tcg_gen_addi_tl(EA, EA, 8);
> +tcg_gen_qemu_ld_i64(xtl, EA, ctx->mem_idx, MO_LEQ);
> +gen_helper_bswap32x2(xtl, xtl);

Again, I think you want a BE load in both cases, and the bswap32x2
makes no sense to me.

> +}
> +tcg_temp_free(EA);
> +}
> +
>  #define VSX_STORE_SCALAR(name, operation) \
>  static void gen_##name(DisasContext *ctx) \
>  { \
> diff --git a/target-ppc/translate/vsx-ops.inc.c 
> b/target-ppc/translate/vsx-ops.inc.c
> index 414b73b..598b349 100644
> --- a/target-ppc/translate/vsx-ops.inc.c
> +++ b/target-ppc/translate/vsx-ops.inc.c
> @@ -7,6 +7,8 @@ GEN_HANDLER_E(lxsspx, 0x1F, 0x0C, 0x10, 0, PPC_NONE, 
> PPC2_VSX207),
>  GEN_HANDLER_E(lxvd2x, 0x1F, 

Re: [Qemu-devel] [PATCH RESEND v2 17/17] target-ppc: add stxvb16x and stxvh8x

[David Gibson]

On Mon, Sep 12, 2016 at 12:11:46PM +0530, Nikunj A Dadhania wrote:
> stxvb16x: Store VSX Vector Byte*16
> stxvh8x:  Store VSX Vector Halfword*8
> 
> Signed-off-by: Nikunj A Dadhania 

Basically the same comments as on the load side - this looks bogus to
me.

I think it would make sense to fold together the corresponding load
and store patches - makes it easier to review that they're doing
matching things.

> ---
>  target-ppc/translate/vsx-impl.inc.c | 55 
> +
>  target-ppc/translate/vsx-ops.inc.c  |  2 ++
>  2 files changed, 57 insertions(+)
> 
> diff --git a/target-ppc/translate/vsx-impl.inc.c 
> b/target-ppc/translate/vsx-impl.inc.c
> index f2fc5f9..20afe3b 100644
> --- a/target-ppc/translate/vsx-impl.inc.c
> +++ b/target-ppc/translate/vsx-impl.inc.c
> @@ -165,6 +165,61 @@ static void gen_lxvh8x(DisasContext *ctx)
>  tcg_temp_free(EA);
>  }
>  
> +static void gen_stxvb16x(DisasContext *ctx)
> +{
> +TCGv_i64 xsh = cpu_vsrh(xS(ctx->opcode));
> +TCGv_i64 xsl = cpu_vsrl(xS(ctx->opcode));
> +TCGv EA;
> +
> +if (unlikely(!ctx->vsx_enabled)) {
> +gen_exception(ctx, POWERPC_EXCP_VSXU);
> +return;
> +}
> +gen_set_access_type(ctx, ACCESS_INT);
> +EA = tcg_temp_new();
> +gen_addr_reg_index(ctx, EA);
> +
> +if (ctx->le_mode) {
> +tcg_gen_qemu_st_i64(xsh, EA, ctx->mem_idx, MO_BEQ);
> +tcg_gen_addi_tl(EA, EA, 8);
> +tcg_gen_qemu_st_i64(xsl, EA, ctx->mem_idx, MO_BEQ);
> +} else {
> +gen_helper_bswap32x2(xsh, xsh);
> +tcg_gen_qemu_st_i64(xsh, EA, ctx->mem_idx, MO_LEQ);
> +tcg_gen_addi_tl(EA, EA, 8);
> +gen_helper_bswap32x2(xsl, xsl);
> +tcg_gen_qemu_st_i64(xsl, EA, ctx->mem_idx, MO_LEQ);
> +}
> +tcg_temp_free(EA);
> +}
> +
> +static void gen_stxvh8x(DisasContext *ctx)
> +{
> +TCGv_i64 xsh = cpu_vsrh(xS(ctx->opcode));
> +TCGv_i64 xsl = cpu_vsrl(xS(ctx->opcode));
> +TCGv EA;
> +
> +if (unlikely(!ctx->vsx_enabled)) {
> +gen_exception(ctx, POWERPC_EXCP_VSXU);
> +return;
> +}
> +gen_set_access_type(ctx, ACCESS_INT);
> +EA = tcg_temp_new();
> +gen_addr_reg_index(ctx, EA);
> +if (ctx->le_mode) {
> +tcg_gen_qemu_st_i64(xsh, EA, ctx->mem_idx, MO_BEQ);
> +tcg_gen_addi_tl(EA, EA, 8);
> +tcg_gen_qemu_st_i64(xsl, EA, ctx->mem_idx, MO_BEQ);
> +} else {
> +gen_helper_bswap32x2(xsh, xsh);
> +tcg_gen_qemu_st_i64(xsh, EA, ctx->mem_idx, MO_LEQ);
> +tcg_gen_addi_tl(EA, EA, 8);
> +gen_helper_bswap32x2(xsl, xsl);
> +tcg_gen_qemu_st_i64(xsl, EA, ctx->mem_idx, MO_LEQ);
> +}
> +tcg_temp_free(EA);
> +}
> +
>  #define VSX_STORE_SCALAR(name, operation) \
>  static void gen_##name(DisasContext *ctx) \
>  { \
> diff --git a/target-ppc/translate/vsx-ops.inc.c 
> b/target-ppc/translate/vsx-ops.inc.c
> index 598b349..f5afa0f 100644
> --- a/target-ppc/translate/vsx-ops.inc.c
> +++ b/target-ppc/translate/vsx-ops.inc.c
> @@ -17,6 +17,8 @@ GEN_HANDLER_E(stxsiwx, 0x1F, 0xC, 0x04, 0, PPC_NONE, 
> PPC2_VSX207),
>  GEN_HANDLER_E(stxsspx, 0x1F, 0xC, 0x14, 0, PPC_NONE, PPC2_VSX207),
>  GEN_HANDLER_E(stxvd2x, 0x1F, 0xC, 0x1E, 0, PPC_NONE, PPC2_VSX),
>  GEN_HANDLER_E(stxvw4x, 0x1F, 0xC, 0x1C, 0, PPC_NONE, PPC2_VSX),
> +GEN_HANDLER_E(stxvh8x, 0x1F, 0x0C, 0x1D, 0, PPC_NONE,  PPC2_ISA300),
> +GEN_HANDLER_E(stxvb16x, 0x1F, 0x0C, 0x1F, 0, PPC_NONE, PPC2_ISA300),
>  
>  GEN_HANDLER_E(mfvsrwz, 0x1F, 0x13, 0x03, 0xF800, PPC_NONE, PPC2_VSX207),
>  GEN_HANDLER_E(mtvsrwa, 0x1F, 0x13, 0x06, 0xF800, PPC_NONE, PPC2_VSX207),

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH RESEND v2 16/17] target-ppc: improve stxvw4x implementation

[David Gibson]

On Mon, Sep 12, 2016 at 12:11:45PM +0530, Nikunj A Dadhania wrote:
> Manipulate data and store 8bytes instead of 4bytes.
> 
> Signed-off-by: Nikunj A Dadhania 
> ---
>  target-ppc/translate/vsx-impl.inc.c | 27 +--
>  1 file changed, 13 insertions(+), 14 deletions(-)
> 
> diff --git a/target-ppc/translate/vsx-impl.inc.c 
> b/target-ppc/translate/vsx-impl.inc.c
> index caa6660..f2fc5f9 100644
> --- a/target-ppc/translate/vsx-impl.inc.c
> +++ b/target-ppc/translate/vsx-impl.inc.c
> @@ -205,7 +205,8 @@ static void gen_stxvd2x(DisasContext *ctx)
>  
>  static void gen_stxvw4x(DisasContext *ctx)
>  {
> -TCGv_i64 tmp;
> +TCGv_i64 xsh = cpu_vsrh(xS(ctx->opcode));
> +TCGv_i64 xsl = cpu_vsrl(xS(ctx->opcode));
>  TCGv EA;
>  if (unlikely(!ctx->vsx_enabled)) {
>  gen_exception(ctx, POWERPC_EXCP_VSXU);
> @@ -214,21 +215,19 @@ static void gen_stxvw4x(DisasContext *ctx)
>  gen_set_access_type(ctx, ACCESS_INT);
>  EA = tcg_temp_new();
>  gen_addr_reg_index(ctx, EA);
> -tmp = tcg_temp_new_i64();
> -
> -tcg_gen_shri_i64(tmp, cpu_vsrh(xS(ctx->opcode)), 32);
> -gen_qemu_st32_i64(ctx, tmp, EA);
> -tcg_gen_addi_tl(EA, EA, 4);
> -gen_qemu_st32_i64(ctx, cpu_vsrh(xS(ctx->opcode)), EA);
> -
> -tcg_gen_shri_i64(tmp, cpu_vsrl(xS(ctx->opcode)), 32);
> -tcg_gen_addi_tl(EA, EA, 4);
> -gen_qemu_st32_i64(ctx, tmp, EA);
> -tcg_gen_addi_tl(EA, EA, 4);
> -gen_qemu_st32_i64(ctx, cpu_vsrl(xS(ctx->opcode)), EA);
>  
> +if (ctx->le_mode) {
> +tcg_gen_qemu_st_i64(xsh, EA, ctx->mem_idx, MO_BEQ);

This looks wrong again.  The BE store will storethe two 32-bit halves
in the right order, but nothing swaps the bytes within those halves
back to LE.

> +tcg_gen_addi_tl(EA, EA, 8);
> +tcg_gen_qemu_st_i64(xsl, EA, ctx->mem_idx, MO_BEQ);
> +} else {
> +gen_helper_bswap32x2(xsh, xsh);
> +tcg_gen_qemu_st_i64(xsh, EA, ctx->mem_idx, MO_LEQ);

Whereas the LE store here will also get the bytes within each 32-bit
word in the wrong order for a BE guest. (bswap32x2 possibly should be
fixing that, but doesn't).

> +tcg_gen_addi_tl(EA, EA, 8);
> +gen_helper_bswap32x2(xsl, xsl);
> +tcg_gen_qemu_st_i64(xsl, EA, ctx->mem_idx, MO_LEQ);
> +}
>  tcg_temp_free(EA);
> -tcg_temp_free_i64(tmp);
>  }
>  
>  #define MV_VSRW(name, tcgop1, tcgop2, target, source)   \

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH RESEND v2 14/17] target-ppc: improve lxvw4x implementation

[David Gibson]

On Mon, Sep 12, 2016 at 12:11:43PM +0530, Nikunj A Dadhania wrote:
> Load 8byte at a time and manipulate.
> 
> Signed-off-by: Nikunj A Dadhania 
> ---
>  target-ppc/helper.h |  1 +
>  target-ppc/mem_helper.c |  5 +
>  target-ppc/translate/vsx-impl.inc.c | 34 --
>  3 files changed, 26 insertions(+), 14 deletions(-)
> 
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index 966f2ce..1bbeac4 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -297,6 +297,7 @@ DEF_HELPER_2(mtvscr, void, env, avr)
>  DEF_HELPER_3(lvebx, void, env, avr, tl)
>  DEF_HELPER_3(lvehx, void, env, avr, tl)
>  DEF_HELPER_3(lvewx, void, env, avr, tl)
> +DEF_HELPER_1(bswap32x2, i64, i64)
>  DEF_HELPER_3(stvebx, void, env, avr, tl)
>  DEF_HELPER_3(stvehx, void, env, avr, tl)
>  DEF_HELPER_3(stvewx, void, env, avr, tl)
> diff --git a/target-ppc/mem_helper.c b/target-ppc/mem_helper.c
> index 6548715..a56051a 100644
> --- a/target-ppc/mem_helper.c
> +++ b/target-ppc/mem_helper.c
> @@ -285,6 +285,11 @@ STVE(stvewx, cpu_stl_data_ra, bswap32, u32)
>  #undef I
>  #undef LVE
>  
> +uint64_t helper_bswap32x2(uint64_t x)
> +{
> +return deposit64((x >> 32), 32, 32, (x));
> +}
> +
>  #undef HI_IDX
>  #undef LO_IDX
>  
> diff --git a/target-ppc/translate/vsx-impl.inc.c 
> b/target-ppc/translate/vsx-impl.inc.c
> index eee6052..e3374df 100644
> --- a/target-ppc/translate/vsx-impl.inc.c
> +++ b/target-ppc/translate/vsx-impl.inc.c
> @@ -75,7 +75,7 @@ static void gen_lxvdsx(DisasContext *ctx)
>  static void gen_lxvw4x(DisasContext *ctx)
>  {
>  TCGv EA;
> -TCGv_i64 tmp;
> +TCGv_i64 t0, t1;
>  TCGv_i64 xth = cpu_vsrh(xT(ctx->opcode));
>  TCGv_i64 xtl = cpu_vsrl(xT(ctx->opcode));
>  if (unlikely(!ctx->vsx_enabled)) {
> @@ -84,22 +84,28 @@ static void gen_lxvw4x(DisasContext *ctx)
>  }
>  gen_set_access_type(ctx, ACCESS_INT);
>  EA = tcg_temp_new();
> -tmp = tcg_temp_new_i64();
>  
>  gen_addr_reg_index(ctx, EA);
> -gen_qemu_ld32u_i64(ctx, tmp, EA);
> -tcg_gen_addi_tl(EA, EA, 4);
> -gen_qemu_ld32u_i64(ctx, xth, EA);
> -tcg_gen_deposit_i64(xth, xth, tmp, 32, 32);
> -
> -tcg_gen_addi_tl(EA, EA, 4);
> -gen_qemu_ld32u_i64(ctx, tmp, EA);
> -tcg_gen_addi_tl(EA, EA, 4);
> -gen_qemu_ld32u_i64(ctx, xtl, EA);
> -tcg_gen_deposit_i64(xtl, xtl, tmp, 32, 32);
> -
> +if (ctx->le_mode) {
> +t0 = tcg_temp_new_i64();
> +t1 = tcg_temp_new_i64();
> +tcg_gen_qemu_ld_i64(t0, EA, ctx->mem_idx, MO_LEQ);
> +tcg_gen_shri_i64(t1, t0, 32);
> +tcg_gen_deposit_i64(xth, t1, t0, 32, 32);
> +tcg_gen_addi_tl(EA, EA, 8);
> +tcg_gen_qemu_ld_i64(t0, EA, ctx->mem_idx, MO_LEQ);
> +tcg_gen_shri_i64(t1, t0, 32);
> +tcg_gen_deposit_i64(xtl, t1, t0, 32, 32);
> +tcg_temp_free_i64(t0);
> +tcg_temp_free_i64(t1);
> +} else {
> +tcg_gen_qemu_ld_i64(xth, EA, ctx->mem_idx, MO_LEQ);
> +gen_helper_bswap32x2(xth, xth);
> +tcg_gen_addi_tl(EA, EA, 8);
> +tcg_gen_qemu_ld_i64(xtl, EA, ctx->mem_idx, MO_LEQ);
> +gen_helper_bswap32x2(xtl, xtl);
> +}

So.. for starters using a helper for just one endianness is kind of
ugly.  But for going on with, it looks like the two paths are doing
the same thing, just one is doing it with TCG ops and the other via a
helper.

>  tcg_temp_free(EA);
> -tcg_temp_free_i64(tmp);
>  }
>  
>  #define VSX_STORE_SCALAR(name, operation) \

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 0/3] block: Fix libbz2 library dependency regresssion

[Fam Zheng]

On Wed, 09/14 16:48, Max Reitz wrote:
> On 2016-09-14 at 16:35, Stefan Hajnoczi wrote:
> > On Mon, Sep 05, 2016 at 10:50:42AM +0800, Fam Zheng wrote:
> > > v4: Remove unused variable in patch 1 and unwanted warning in patch 2. 
> > > [Max]
> > > 
> > > v3: Fix typo in copyright header. [Max]
> > > Fix pre-existing type casting. [Max]
> > > 
> > > v2: Rebase on top of Max's block-next tree, which has Colin's patches to
> > > dynamically load block modules.
> > > Two more tweaks to the module system is added.
> > > 
> > > v1 was submitted as a single patch:
> > > 
> > > https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg00508.html
> > > 
> > > Fam Zheng (3):
> > >   scripts: Allow block module to not define BlockDriver
> > >   module: Don't load the same module if requested multiple times
> > >   dmg: Move libbz2 code to dmg-bz2.so
> > > 
> > >  block/Makefile.objs |  3 +-
> > >  block/dmg-bz2.c | 62 
> > >  block/dmg.c | 69 
> > > ++---
> > >  block/dmg.h | 59 +++
> > >  scripts/modules/module_block.py |  7 -
> > >  util/module.c   | 18 +--
> > >  6 files changed, 156 insertions(+), 62 deletions(-)
> > >  create mode 100644 block/dmg-bz2.c
> > >  create mode 100644 block/dmg.h
> > 
> > Max was the last one to comment on this series.  I'll wait for him to
> > review this before applying it.
> 
> Looks good to me, but I'm afraid this series might depend on my block-next
> (now block) branch which has not been merged to master yet, actually. So
> maybe I should apply it instead? ;-)

Yes, please!

Fam

Re: [Qemu-devel] [PATCH v4 3/3] target-ppc: tlbie/tlbivax should have global effect

[Benjamin Herrenschmidt]

On Thu, 2016-09-15 at 10:25 +1000, David Gibson wrote:
> >  void helper_booke206_tlbivax(CPUPPCState *env, target_ulong
> address)
> >  {
> > -    PowerPCCPU *cpu = ppc_env_get_cpu(env);
> > +    CPUState *cs;
> >  
> >  if (address & 0x4) {
> >  /* flush all entries */
> > @@ -2774,11 +2774,15 @@ void helper_booke206_tlbivax(CPUPPCState
> *env, target_ulong address)
> >  if (address & 0x8) {
> >  /* flush TLB1 entries */
> >  booke206_invalidate_ea_tlb(env, 1, address);
> > -    tlb_flush(CPU(cpu), 1);
> > +    CPU_FOREACH(cs) {
> > +    tlb_flush(cs, 1);
> > +    }
> >  } else {
> >  /* flush TLB0 entries */
> >  booke206_invalidate_ea_tlb(env, 0, address);
> > -    tlb_flush_page(CPU(cpu), address & MAS2_EPN_MASK);
> > +    CPU_FOREACH(cs) {
> > +    tlb_flush_page(cs, address & MAS2_EPN_MASK);
> > +    }
> 
> Why are these explicit CPU_FOREACH()s instead of using the flags
> you've just bui

Because we haven't converted BookE to lazy TLB flushing yet...

Cheers,
Ben.


signature.asc
Description: This is a digitally signed message part

Re: [Qemu-devel] [PATCH v2 2/2] xen_platform: SUSE xenlinux unplug for emulated PCI

[Stefano Stabellini]

On Fri, 2 Sep 2016, Olaf Hering wrote:
> Implement SUSE specific unplug protocol for emulated PCI devices
> in PVonHVM guests. Its a simple 'outl(1, (ioaddr + 4));'.
> This protocol was implemented and used since Xen 3.0.4.
> It is used in all SUSE/SLES/openSUSE releases up to SLES11SP3 and
> openSUSE 12.3.
> 
> Signed-off-by: Olaf Hering 
> ---
>  hw/i386/xen/xen_platform.c | 31 ++-
>  1 file changed, 30 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/i386/xen/xen_platform.c b/hw/i386/xen/xen_platform.c
> index 53be3c7..6faee4c 100644
> --- a/hw/i386/xen/xen_platform.c
> +++ b/hw/i386/xen/xen_platform.c
> @@ -313,13 +313,42 @@ static void xen_platform_ioport_writeb(void *opaque, 
> hwaddr addr,
> uint64_t val, unsigned int size)
>  {
>  PCIXenPlatformState *s = opaque;
> +PCIDevice *pci_dev = PCI_DEVICE(s);
>  
>  switch (addr) {
>  case 0: /* Platform flags */
>  platform_fixed_ioport_writeb(opaque, 0, (uint32_t)val);
>  break;
> +case 4:
> +if (val == 1) {
> +/*
> + * SUSE unplug for Xenlinux
> + * xen-kmp used this since xen-3.0.4, instead the official 
> protocol
> + * from xen-3.3+ It did an unconditional "outl(1, (ioaddr + 4));"
> + * Pre VMDP 1.7 used 4 and 8 depending on how VMDP was 
> configured.
> + * If VMDP was to control both disk and LAN it would use 4.
> + * If it controlled just disk or just LAN, it would use 8 below.
> + */
> +blk_drain_all();
> +blk_flush_all();
> +pci_unplug_disks(pci_dev->bus);
> +pci_unplug_nics(pci_dev->bus);
> +}
> +break;
>  case 8:
> -log_writeb(s, (uint32_t)val);
> +switch (val) {
> +case 1:
> +blk_drain_all();
> +blk_flush_all();
> +pci_unplug_disks(pci_dev->bus);
> +break;
> +case 2:
> +pci_unplug_nics(pci_dev->bus);
> +break;
> +default:
> +log_writeb(s, (uint32_t)val);
> +break;

The doc says:

"If VMDP was configured to control just NIC devices it would write the
value 0x1 to offset 0x8. If VMDP was configured to control just storage
devices it would write the value 0x2 to offset 0x8."

So 0x1 to 0x8 to unplug NICs, otherwise 0x2 to 0x8 to unplug storage.
The switch above does the opposite. What am I missing? Am I misreading
the document?

Re: [Qemu-devel] [PATCH v3 25/34] tests: add atomic_add-bench

[Emilio G. Cota]

On Wed, Sep 14, 2016 at 14:53:14 +0100, Alex Bennée wrote:
> Richard Henderson  writes:
> > From: "Emilio G. Cota" 
> >  QEMU_CFLAGS += -I$(SRC_PATH)/tests
> > @@ -465,6 +466,7 @@ tests/test-qdist$(EXESUF): tests/test-qdist.o 
> > $(test-util-obj-y)
> >  tests/test-qht$(EXESUF): tests/test-qht.o $(test-util-obj-y)
> >  tests/test-qht-par$(EXESUF): tests/test-qht-par.o tests/qht-bench$(EXESUF) 
> > $(test-util-obj-y)
> >  tests/qht-bench$(EXESUF): tests/qht-bench.o $(test-util-obj-y)
> > +tests/atomic_add-bench$(EXESUF): tests/atomic_add-bench.o
> >  $(test-util-obj-y)
> 
> This probably more properly lives in tests/tcg/generic or some such but
> that needs the tcg/tests being rehabilitated into the build system so at
> least here it gets built.

I didn't know where to put it; tests/ was easy enough :-)

> >  tests/test-qdev-global-props$(EXESUF): tests/test-qdev-global-props.o \
> > hw/core/qdev.o hw/core/qdev-properties.o hw/core/hotplug.o\
> > diff --git a/tests/atomic_add-bench.c b/tests/atomic_add-bench.c
> > new file mode 100644
> > index 000..5bbecf6
> > --- /dev/null
> > +++ b/tests/atomic_add-bench.c
> 
> I wonder if this would be worth making atomic-bench and adding the other
> atomic operations into the benchmark? I know given the current helper
> overhead its unlikely to show much difference between the ops but if we
> move to backend support for the tcg atomics it would be a useful tool to
> have.

I'd rather add more ops later if necessary, but if you insist I can do it.

(snip)
> > +static void create_threads(void)
> > +{
> > +unsigned int i;
> > +
> > +threads = g_new(QemuThread, n_threads);
> > +th_info = g_new(struct thread_info, n_threads);
> > +counts = qemu_memalign(64, sizeof(*counts) * range);
> 
> This fails on my setup as AFAICT qemu_memalign doesn't give you zeroed
> memory. I added a memset after to zero it out.

Yes I fixed this more than a month ago, among other things in this program,
e.g., running for -d seconds instead of -n operations (much easier way to
fairly measure throughput).

Obviously forgot to tell anyone about it :/ sorry for making you waste time.

I'm appending the appropriate delta -- just checked it applies cleanly over
rth's atomic-3 branch on github.

Thanks,

Emilio

>From f4a1a6fe2ffcf9572353f0b85a21ed27cd1765e1 Mon Sep 17 00:00:00 2001
From: "Emilio G. Cota" 
Date: Tue, 9 Aug 2016 23:14:13 -0400
Subject: [PATCH] tests: fix atomic_add_bench

Signed-off-by: Emilio G. Cota 
---
 tests/atomic_add-bench.c | 51 
 1 file changed, 17 insertions(+), 34 deletions(-)

diff --git a/tests/atomic_add-bench.c b/tests/atomic_add-bench.c
index 06300ba..dc97441 100644
--- a/tests/atomic_add-bench.c
+++ b/tests/atomic_add-bench.c
@@ -17,14 +17,14 @@ static struct thread_info *th_info;
 static unsigned int n_threads = 1;
 static unsigned int n_ready_threads;
 static struct count *counts;
-static unsigned long n_ops = 1;
-static double duration;
-static unsigned int range = 1;
+static unsigned int duration = 1;
+static unsigned int range = 1024;
 static bool test_start;
+static bool test_stop;
 
 static const char commands_string[] =
 " -n = number of threads\n"
-" -o = number of ops per thread\n"
+" -d = duration in seconds\n"
 " -r = range (will be rounded up to pow2)";
 
 static void usage_complete(char *argv[])
@@ -49,14 +49,13 @@ static uint64_t xorshift64star(uint64_t x)
 static void *thread_func(void *arg)
 {
 struct thread_info *info = arg;
-unsigned long i;
 
 atomic_inc(_ready_threads);
 while (!atomic_mb_read(_start)) {
 cpu_relax();
 }
 
-for (i = 0; i < n_ops; i++) {
+while (!atomic_read(_stop)) {
 unsigned int index;
 
 info->r = xorshift64star(info->r);
@@ -66,32 +65,23 @@ static void *thread_func(void *arg)
 return NULL;
 }
 
-static inline
-uint64_t ts_subtract(const struct timespec *a, const struct timespec *b)
-{
-uint64_t ns;
-
-ns = (b->tv_sec - a->tv_sec) * 10ULL;
-ns += (b->tv_nsec - a->tv_nsec);
-return ns;
-}
-
 static void run_test(void)
 {
+unsigned int remaining;
 unsigned int i;
-struct timespec ts_start, ts_end;
 
 while (atomic_read(_ready_threads) != n_threads) {
 cpu_relax();
 }
 atomic_mb_set(_start, true);
+do {
+remaining = sleep(duration);
+} while (remaining);
+atomic_mb_set(_stop, true);
 
-clock_gettime(CLOCK_MONOTONIC, _start);
 for (i = 0; i < n_threads; i++) {
 qemu_thread_join([i]);
 }
-clock_gettime(CLOCK_MONOTONIC, _end);
-duration = ts_subtract(_start, _end) / 1e9;
 }
 
 static void create_threads(void)
@@ -101,6 +91,7 @@ static void create_threads(void)
 threads = g_new(QemuThread, n_threads);
 th_info = g_new(struct thread_info, n_threads);
 counts = qemu_memalign(64, sizeof(*counts) * 

Re: [Qemu-devel] [PATCH RESEND v2 00/17] POWER9 TCG enablements - part4

[David Gibson]

On Thu, Sep 15, 2016 at 10:56:56AM +1000, David Gibson wrote:
> On Mon, Sep 12, 2016 at 12:11:29PM +0530, Nikunj A Dadhania wrote:
> > 1) Consolidate Load/Store operations using tcg_gen_qemu_ld/st functions
> > 2) This series contains 10 new instructions for POWER9 ISA3.0
> >Use newer qemu load/store tcg helpers and optimize stxvw4x and lxvw4x.
> > 
> > Patches:
> >  01-09:  Cleanup load/store operations in ppc translator
> 
> I've applied 1-9 to ppc-for-2.8.  Still need to review the remainder
> of the series.

I've also applied 10, 12 and 13.  The remainder I still have things
I'd like addressed.

> 
> > 10:  xxspltib: VSX Vector Splat Immediate Byte
> > 11:  darn: Deliver a random number
> > 12:  lxsibzx - Load VSX Scalar as Integer Byte & Zero Indexed
> >  lxsihzx - Load VSX Scalar as Integer Halfword & Zero Indexed
> > 13:  stxsibx - Store VSX Scalar as Integer Byte Indexed
> >  stxsihx - Store VSX Scalar as Integer Halfword Indexed
> > 14:  lxvw4x - improve implementation
> > 15:  lxvb16x: Load VSX Vector Byte*16
> >  lxvh8x:  Load VSX Vector Halfword*8
> > 16:  stxv4x - improve implementation
> > 17:  stxvb16x: Store VSX Vector Byte*16
> >  stxvh8x:  Store VSX Vector Halfword*8
> > 
> > Series also available here: https://github.com/nikunjad/qemu/tree/p9-tcg
> > 
> > Changelog:
> > v1: 
> > * More load/store cleanups in byte reverse routines
> > * ld64/st64 converted to newer macro and updated call sites
> > * Cleanup load with reservation and store conditional
> > * Return invalid random for darn instruction
> > 
> > v0:
> > * darn - read /dev/random to get the random number
> > * xxspltib - make is PPC64 only
> > * Consolidate load/store operations and use macros to generate qemu_st/ld
> > * Simplify load/store vsx endian manipulation
> > 
> > Nikunj A Dadhania (16):
> >   target-ppc: consolidate load operations
> >   target-ppc: convert ld64 to use new macro
> >   target-ppc: convert ld[16,32,64]ur to use new macro
> >   target-ppc: consolidate store operations
> >   target-ppc: convert st64 to use new macro
> >   target-ppc: convert st[16,32,64]r to use new macro
> >   target-ppc: consolidate load with reservation
> >   target-ppc: move out stqcx impementation
> >   target-ppc: consolidate store conditional
> >   target-ppc: add xxspltib instruction
> >   target-ppc: add lxsi[bw]zx instruction
> >   target-ppc: add stxsi[bh]x instruction
> >   target-ppc: improve lxvw4x implementation
> >   target-ppc: add lxvb16x and lxvh8x
> >   target-ppc: improve stxvw4x implementation
> >   target-ppc: add stxvb16x and stxvh8x
> > 
> > Ravi Bangoria (1):
> >   target-ppc: implement darn instruction
> > 
> >  target-ppc/helper.h |   4 +
> >  target-ppc/int_helper.c |  16 ++
> >  target-ppc/mem_helper.c |  11 ++
> >  target-ppc/translate.c  | 379 
> > +---
> >  target-ppc/translate/fp-impl.inc.c  |  84 
> >  target-ppc/translate/fp-ops.inc.c   |   2 +-
> >  target-ppc/translate/spe-impl.inc.c |   4 +-
> >  target-ppc/translate/vmx-impl.inc.c |  24 +--
> >  target-ppc/translate/vsx-impl.inc.c | 208 
> >  target-ppc/translate/vsx-ops.inc.c  |  13 ++
> >  10 files changed, 460 insertions(+), 285 deletions(-)
> > 
> 



-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 1/2] xen_platform: unplug also SCSI disks

[Stefano Stabellini]

On Fri, 2 Sep 2016, Olaf Hering wrote:
> Using 'vdev=sd[a-o]' will create an emulated LSI controller, which can
> be used by the emulated BIOS to boot from disk. If the HVM domU has also
> PV driver the disk may appear twice in the guest. To avoid this an
> unplug of the emulated hardware is needed, similar to what is done for
> IDE and NIC drivers already.
> 
> Since the SCSI controller provides only disks the entire controller can
> be unplugged at once.
> 
> Impact of the change for classic and pvops based guest kernels:
> 
>  vdev=sda:disk0
> before: pvops:   disk0=pv xvda + emulated sda
> classic: disk0=pv sda  + emulated sdq
> after:  pvops:   disk0=pv xvda
> classic: disk0=pv sda
> 
>  vdev=hda:disk0, vdev=sda:disk1
> before: pvops:   disk0=pv xvda
>  disk1=emulated sda
> classic: disk0=pv hda
>  disk1=pv sda  + emulated sdq
> after:  pvops:   disk0=pv xvda
>  disk1=not accessible by blkfront, index hda==index sda
> classic: disk0=pv hda
>  disk1=pv sda
> 
>  vdev=hda:disk0, vdev=sda:disk1, vdev=sdb:disk2
> before: pvops:   disk0=pv xvda
>  disk1=emulated sda
>  disk2=pv xvdb + emulated sdb
> classic: disk0=pv hda
>  disk1=pv sda  + emulated sdq
>  disk2=pv sdb  + emulated sdr
> after:  pvops:   disk0=pv xvda
>  disk1=not accessible by blkfront, index hda==index sda
>  disk2=pv xvdb
> classic: disk0=pv hda
>  disk1=pv sda
>  disk2=pv sda
> 
> Signed-off-by: Olaf Hering 
> ---
>  hw/i386/xen/xen_platform.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/hw/i386/xen/xen_platform.c b/hw/i386/xen/xen_platform.c
> index aa78393..53be3c7 100644
> --- a/hw/i386/xen/xen_platform.c
> +++ b/hw/i386/xen/xen_platform.c
> @@ -114,6 +114,10 @@ static void unplug_disks(PCIBus *b, PCIDevice *d, void 
> *o)
>  PCI_CLASS_STORAGE_IDE
>  && strcmp(d->name, "xen-pci-passthrough") != 0) {
>  pci_piix3_xen_ide_unplug(DEVICE(d));
> +} else if (pci_get_word(d->config + PCI_CLASS_DEVICE) ==
> +PCI_CLASS_STORAGE_SCSI
> +&& strcmp(d->name, "xen-pci-passthrough") != 0) {
> +object_unparent(OBJECT(d));
>  }
>  }

Written like this, the code will unplug any Xen SCSI disks together with
Xen IDE disks when the guest writes "1" to ioport `0x10`. I am sorry to
be pedantic, but the recent changes introduced to
docs/misc/hvm-emulated-unplug.markdown do not cover any changes in
behavior to the existing ioport address (I am looking specifically at
point 6).  Sorry to only notice this now.

Re: [Qemu-devel] [PATCH v4 3/3] target-ppc: tlbie/tlbivax should have global effect

[David Gibson]

On Thu, Sep 15, 2016 at 11:41:01AM +1000, Benjamin Herrenschmidt wrote:
> On Thu, 2016-09-15 at 10:25 +1000, David Gibson wrote:
> > >  void helper_booke206_tlbivax(CPUPPCState *env, target_ulong
> > address)
> > >  {
> > > -    PowerPCCPU *cpu = ppc_env_get_cpu(env);
> > > +    CPUState *cs;
> > >  
> > >  if (address & 0x4) {
> > >  /* flush all entries */
> > > @@ -2774,11 +2774,15 @@ void helper_booke206_tlbivax(CPUPPCState
> > *env, target_ulong address)
> > >  if (address & 0x8) {
> > >  /* flush TLB1 entries */
> > >  booke206_invalidate_ea_tlb(env, 1, address);
> > > -    tlb_flush(CPU(cpu), 1);
> > > +    CPU_FOREACH(cs) {
> > > +    tlb_flush(cs, 1);
> > > +    }
> > >  } else {
> > >  /* flush TLB0 entries */
> > >  booke206_invalidate_ea_tlb(env, 0, address);
> > > -    tlb_flush_page(CPU(cpu), address & MAS2_EPN_MASK);
> > > +    CPU_FOREACH(cs) {
> > > +    tlb_flush_page(cs, address & MAS2_EPN_MASK);
> > > +    }
> > 
> > Why are these explicit CPU_FOREACH()s instead of using the flags
> > you've just bui
> 
> Because we haven't converted BookE to lazy TLB flushing yet...

Ah, right.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH RESEND v2 06/17] target-ppc: convert st[16, 32, 64]r to use new macro

[David Gibson]

On Mon, Sep 12, 2016 at 12:11:35PM +0530, Nikunj A Dadhania wrote:
> Make byte-swap routines use the common GEN_QEMU_LOAD macro

s/GEN_QEMU_LOAD/GEN_QEMU_STORE/

> Signed-off-by: Nikunj A Dadhania 
> ---
>  target-ppc/translate.c | 32 ++--
>  1 file changed, 10 insertions(+), 22 deletions(-)
> 
> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> index 254ad40..60668c2 100644
> --- a/target-ppc/translate.c
> +++ b/target-ppc/translate.c
> @@ -2510,6 +2510,9 @@ GEN_QEMU_STORE_TL(st8,  DEF_MEMOP(MO_UB))
>  GEN_QEMU_STORE_TL(st16, DEF_MEMOP(MO_UW))
>  GEN_QEMU_STORE_TL(st32, DEF_MEMOP(MO_UL))
>  
> +GEN_QEMU_STORE_TL(st16r, BSWAP_MEMOP(MO_UW))
> +GEN_QEMU_STORE_TL(st32r, BSWAP_MEMOP(MO_UL))
> +
>  #define GEN_QEMU_STORE_64(stop, op)   \
>  static void glue(gen_qemu_, glue(stop, _i64))(DisasContext *ctx,  \
>TCGv_i64 val,   \
> @@ -2521,6 +2524,10 @@ static void glue(gen_qemu_, glue(stop, 
> _i64))(DisasContext *ctx,  \
>  GEN_QEMU_STORE_64(st32, DEF_MEMOP(MO_UL))
>  GEN_QEMU_STORE_64(st64, DEF_MEMOP(MO_Q))
>  
> +#if defined(TARGET_PPC64)
> +GEN_QEMU_STORE_64(st64r, BSWAP_MEMOP(MO_Q))
> +#endif
> +
>  #define GEN_LD(name, ldop, opc, type)
>  \
>  static void glue(gen_, name)(DisasContext *ctx)  
>  \
>  {
>  \
> @@ -2844,34 +2851,15 @@ GEN_LDX(lwbr, ld32ur, 0x16, 0x10, PPC_INTEGER);
>  #if defined(TARGET_PPC64)
>  /* ldbrx */
>  GEN_LDX_E(ldbr, ld64ur_i64, 0x14, 0x10, PPC_NONE, PPC2_DBRX, CHK_NONE);
> +/* stdbrx */
> +GEN_STX_E(stdbr, st64r_i64, 0x14, 0x14, PPC_NONE, PPC2_DBRX, CHK_NONE);
>  #endif  /* TARGET_PPC64 */
>  
>  /* sthbrx */
> -static inline void gen_qemu_st16r(DisasContext *ctx, TCGv arg1, TCGv arg2)
> -{
> -TCGMemOp op = MO_UW | (ctx->default_tcg_memop_mask ^ MO_BSWAP);
> -tcg_gen_qemu_st_tl(arg1, arg2, ctx->mem_idx, op);
> -}
>  GEN_STX(sthbr, st16r, 0x16, 0x1C, PPC_INTEGER);
> -
>  /* stwbrx */
> -static inline void gen_qemu_st32r(DisasContext *ctx, TCGv arg1, TCGv arg2)
> -{
> -TCGMemOp op = MO_UL | (ctx->default_tcg_memop_mask ^ MO_BSWAP);
> -tcg_gen_qemu_st_tl(arg1, arg2, ctx->mem_idx, op);
> -}
>  GEN_STX(stwbr, st32r, 0x16, 0x14, PPC_INTEGER);
>  
> -#if defined(TARGET_PPC64)
> -/* stdbrx */
> -static inline void gen_qemu_st64r(DisasContext *ctx, TCGv arg1, TCGv arg2)
> -{
> -TCGMemOp op = MO_Q | (ctx->default_tcg_memop_mask ^ MO_BSWAP);
> -tcg_gen_qemu_st_i64(arg1, arg2, ctx->mem_idx, op);
> -}
> -GEN_STX_E(stdbr, st64r, 0x14, 0x14, PPC_NONE, PPC2_DBRX, CHK_NONE);
> -#endif  /* TARGET_PPC64 */
> -
>  /***Integer load and store multiple
> ***/
>  
>  /* lmw */
> @@ -6619,7 +6607,7 @@ GEN_STS(stw, st32, 0x04, PPC_INTEGER)
>  #if defined(TARGET_PPC64)
>  GEN_STUX(std, st64_i64, 0x15, 0x05, PPC_64B)
>  GEN_STX(std, st64_i64, 0x15, 0x04, PPC_64B)
> -GEN_STX_E(stdbr, st64r, 0x14, 0x14, PPC_NONE, PPC2_DBRX, CHK_NONE)
> +GEN_STX_E(stdbr, st64r_i64, 0x14, 0x14, PPC_NONE, PPC2_DBRX, CHK_NONE)
>  GEN_STX_HVRM(stdcix, st64_i64, 0x15, 0x1f, PPC_CILDST)
>  GEN_STX_HVRM(stwcix, st32, 0x15, 0x1c, PPC_CILDST)
>  GEN_STX_HVRM(sthcix, st16, 0x15, 0x1d, PPC_CILDST)

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH RESEND v2 00/17] POWER9 TCG enablements - part4

[David Gibson]

On Mon, Sep 12, 2016 at 12:11:29PM +0530, Nikunj A Dadhania wrote:
> 1) Consolidate Load/Store operations using tcg_gen_qemu_ld/st functions
> 2) This series contains 10 new instructions for POWER9 ISA3.0
>Use newer qemu load/store tcg helpers and optimize stxvw4x and lxvw4x.
> 
> Patches:
>  01-09:  Cleanup load/store operations in ppc translator

I've applied 1-9 to ppc-for-2.8.  Still need to review the remainder
of the series.

> 10:  xxspltib: VSX Vector Splat Immediate Byte
> 11:  darn: Deliver a random number
> 12:  lxsibzx - Load VSX Scalar as Integer Byte & Zero Indexed
>  lxsihzx - Load VSX Scalar as Integer Halfword & Zero Indexed
> 13:  stxsibx - Store VSX Scalar as Integer Byte Indexed
>  stxsihx - Store VSX Scalar as Integer Halfword Indexed
> 14:  lxvw4x - improve implementation
> 15:  lxvb16x: Load VSX Vector Byte*16
>  lxvh8x:  Load VSX Vector Halfword*8
> 16:  stxv4x - improve implementation
> 17:  stxvb16x: Store VSX Vector Byte*16
>  stxvh8x:  Store VSX Vector Halfword*8
> 
> Series also available here: https://github.com/nikunjad/qemu/tree/p9-tcg
> 
> Changelog:
> v1: 
> * More load/store cleanups in byte reverse routines
> * ld64/st64 converted to newer macro and updated call sites
> * Cleanup load with reservation and store conditional
> * Return invalid random for darn instruction
> 
> v0:
> * darn - read /dev/random to get the random number
> * xxspltib - make is PPC64 only
> * Consolidate load/store operations and use macros to generate qemu_st/ld
> * Simplify load/store vsx endian manipulation
> 
> Nikunj A Dadhania (16):
>   target-ppc: consolidate load operations
>   target-ppc: convert ld64 to use new macro
>   target-ppc: convert ld[16,32,64]ur to use new macro
>   target-ppc: consolidate store operations
>   target-ppc: convert st64 to use new macro
>   target-ppc: convert st[16,32,64]r to use new macro
>   target-ppc: consolidate load with reservation
>   target-ppc: move out stqcx impementation
>   target-ppc: consolidate store conditional
>   target-ppc: add xxspltib instruction
>   target-ppc: add lxsi[bw]zx instruction
>   target-ppc: add stxsi[bh]x instruction
>   target-ppc: improve lxvw4x implementation
>   target-ppc: add lxvb16x and lxvh8x
>   target-ppc: improve stxvw4x implementation
>   target-ppc: add stxvb16x and stxvh8x
> 
> Ravi Bangoria (1):
>   target-ppc: implement darn instruction
> 
>  target-ppc/helper.h |   4 +
>  target-ppc/int_helper.c |  16 ++
>  target-ppc/mem_helper.c |  11 ++
>  target-ppc/translate.c  | 379 
> +---
>  target-ppc/translate/fp-impl.inc.c  |  84 
>  target-ppc/translate/fp-ops.inc.c   |   2 +-
>  target-ppc/translate/spe-impl.inc.c |   4 +-
>  target-ppc/translate/vmx-impl.inc.c |  24 +--
>  target-ppc/translate/vsx-impl.inc.c | 208 
>  target-ppc/translate/vsx-ops.inc.c  |  13 ++
>  10 files changed, 460 insertions(+), 285 deletions(-)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH RESEND v2 01/17] target-ppc: consolidate load operations

[David Gibson]

On Mon, Sep 12, 2016 at 12:11:30PM +0530, Nikunj A Dadhania wrote:
> Implement macro to consolidate store operations using newer
> tcg_gen_qemu_ld functions.

s/store/load/, but I can fix that as I apply if I don't find anything
else in the series which requires a respin.

> 
> Signed-off-by: Nikunj A Dadhania 
> ---
>  target-ppc/translate.c | 58 
> +-
>  1 file changed, 20 insertions(+), 38 deletions(-)
> 
> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> index a27f455..6606969 100644
> --- a/target-ppc/translate.c
> +++ b/target-ppc/translate.c
> @@ -2462,50 +2462,32 @@ static inline void gen_align_no_le(DisasContext *ctx)
>  }
>  
>  /*** Integer load  
> ***/
> -static inline void gen_qemu_ld8u(DisasContext *ctx, TCGv arg1, TCGv arg2)
> -{
> -tcg_gen_qemu_ld8u(arg1, arg2, ctx->mem_idx);
> -}
> -
> -static inline void gen_qemu_ld16u(DisasContext *ctx, TCGv arg1, TCGv arg2)
> -{
> -TCGMemOp op = MO_UW | ctx->default_tcg_memop_mask;
> -tcg_gen_qemu_ld_tl(arg1, arg2, ctx->mem_idx, op);
> -}
> -
> -static inline void gen_qemu_ld16s(DisasContext *ctx, TCGv arg1, TCGv arg2)
> -{
> -TCGMemOp op = MO_SW | ctx->default_tcg_memop_mask;
> -tcg_gen_qemu_ld_tl(arg1, arg2, ctx->mem_idx, op);
> -}
> +#define DEF_MEMOP(op) ((op) | ctx->default_tcg_memop_mask)
>  
> -static inline void gen_qemu_ld32u(DisasContext *ctx, TCGv arg1, TCGv arg2)
> -{
> -TCGMemOp op = MO_UL | ctx->default_tcg_memop_mask;
> -tcg_gen_qemu_ld_tl(arg1, arg2, ctx->mem_idx, op);
> +#define GEN_QEMU_LOAD_TL(ldop, op)  \
> +static void glue(gen_qemu_, ldop)(DisasContext *ctx,\
> +  TCGv val, \
> +  TCGv addr)\
> +{   \
> +tcg_gen_qemu_ld_tl(val, addr, ctx->mem_idx, op);\
>  }
>  
> -static void gen_qemu_ld32u_i64(DisasContext *ctx, TCGv_i64 val, TCGv addr)
> -{
> -TCGv tmp = tcg_temp_new();
> -gen_qemu_ld32u(ctx, tmp, addr);
> -tcg_gen_extu_tl_i64(val, tmp);
> -tcg_temp_free(tmp);
> -}
> +GEN_QEMU_LOAD_TL(ld8u,  DEF_MEMOP(MO_UB))
> +GEN_QEMU_LOAD_TL(ld16u, DEF_MEMOP(MO_UW))
> +GEN_QEMU_LOAD_TL(ld16s, DEF_MEMOP(MO_SW))
> +GEN_QEMU_LOAD_TL(ld32u, DEF_MEMOP(MO_UL))
> +GEN_QEMU_LOAD_TL(ld32s, DEF_MEMOP(MO_SL))
>  
> -static inline void gen_qemu_ld32s(DisasContext *ctx, TCGv arg1, TCGv arg2)
> -{
> -TCGMemOp op = MO_SL | ctx->default_tcg_memop_mask;
> -tcg_gen_qemu_ld_tl(arg1, arg2, ctx->mem_idx, op);
> +#define GEN_QEMU_LOAD_64(ldop, op)  \
> +static void glue(gen_qemu_, glue(ldop, _i64))(DisasContext *ctx,\
> + TCGv_i64 val,  \
> + TCGv addr) \
> +{   \
> +tcg_gen_qemu_ld_i64(val, addr, ctx->mem_idx, op);   \
>  }
>  
> -static void gen_qemu_ld32s_i64(DisasContext *ctx, TCGv_i64 val, TCGv addr)
> -{
> -TCGv tmp = tcg_temp_new();
> -gen_qemu_ld32s(ctx, tmp, addr);
> -tcg_gen_ext_tl_i64(val, tmp);
> -tcg_temp_free(tmp);
> -}
> +GEN_QEMU_LOAD_64(ld32u, DEF_MEMOP(MO_UL))
> +GEN_QEMU_LOAD_64(ld32s, DEF_MEMOP(MO_SL))
>  
>  static inline void gen_qemu_ld64(DisasContext *ctx, TCGv_i64 arg1, TCGv arg2)
>  {

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 0/5] ps2: fix keyboard set 3 and misc improvements

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1473890265-3304-1-git-send-email-hpous...@reactos.org
Subject: [Qemu-devel] [PATCH 0/5] ps2: fix keyboard set 3 and misc improvements

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git show --no-patch --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
f897257 ps2: do not generate invalid key codes for unknown keys
8a471af ps2: use QEMU qcodes instead of scancodes
af3f9d4 ps2: allow keycode translation for all scancode sets
0efd0b0 ps2: correctly handle 'get/set scancode' command
dcc6e28 ps2: reject unknown commands, instead of blindly accepting them

=== OUTPUT BEGIN ===
Checking PATCH 1/5: ps2: reject unknown commands, instead of blindly accepting 
them...
Checking PATCH 2/5: ps2: correctly handle 'get/set scancode' command...
Checking PATCH 3/5: ps2: allow keycode translation for all scancode sets...
ERROR: line over 90 characters
#45: FILE: hw/input/ps2.c:140:
+0xff, 0x43, 0x41, 0x3f, 0x3d, 0x3b, 0x3c, 0x58, 0x64, 0x44, 0x42, 0x40, 
0x3e, 0x0f, 0x29, 0x59,

ERROR: line over 90 characters
#46: FILE: hw/input/ps2.c:141:
+0x65, 0x38, 0x2a, 0x70, 0x1d, 0x10, 0x02, 0x5a, 0x66, 0x71, 0x2c, 0x1f, 
0x1e, 0x11, 0x03, 0x5b,

ERROR: line over 90 characters
#47: FILE: hw/input/ps2.c:142:
+0x67, 0x2e, 0x2d, 0x20, 0x12, 0x05, 0x04, 0x5c, 0x68, 0x39, 0x2f, 0x21, 
0x14, 0x13, 0x06, 0x5d,

ERROR: line over 90 characters
#48: FILE: hw/input/ps2.c:143:
+0x69, 0x31, 0x30, 0x23, 0x22, 0x15, 0x07, 0x5e, 0x6a, 0x72, 0x32, 0x24, 
0x16, 0x08, 0x09, 0x5f,

ERROR: line over 90 characters
#49: FILE: hw/input/ps2.c:144:
+0x6b, 0x33, 0x25, 0x17, 0x18, 0x0b, 0x0a, 0x60, 0x6c, 0x34, 0x35, 0x26, 
0x27, 0x19, 0x0c, 0x61,

ERROR: line over 90 characters
#50: FILE: hw/input/ps2.c:145:
+0x6d, 0x73, 0x28, 0x74, 0x1a, 0x0d, 0x62, 0x6e, 0x3a, 0x36, 0x1c, 0x1b, 
0x75, 0x2b, 0x63, 0x76,

ERROR: line over 90 characters
#51: FILE: hw/input/ps2.c:146:
+0x55, 0x56, 0x77, 0x78, 0x79, 0x7a, 0x0e, 0x7b, 0x7c, 0x4f, 0x7d, 0x4b, 
0x47, 0x7e, 0x7f, 0x6f,

ERROR: line over 90 characters
#52: FILE: hw/input/ps2.c:147:
+0x52, 0x53, 0x50, 0x4c, 0x4d, 0x48, 0x01, 0x45, 0x57, 0x4e, 0x51, 0x4a, 
0x37, 0x49, 0x46, 0x54,

ERROR: line over 90 characters
#53: FILE: hw/input/ps2.c:148:
+0x80, 0x81, 0x82, 0x41, 0x54, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 
0x8c, 0x8d, 0x8e, 0x8f,

ERROR: line over 90 characters
#54: FILE: hw/input/ps2.c:149:
+0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 
0x9c, 0x9d, 0x9e, 0x9f,

ERROR: line over 90 characters
#55: FILE: hw/input/ps2.c:150:
+0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 
0xac, 0xad, 0xae, 0xaf,

ERROR: line over 90 characters
#56: FILE: hw/input/ps2.c:151:
+0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 
0xbc, 0xbd, 0xbe, 0xbf,

ERROR: line over 90 characters
#57: FILE: hw/input/ps2.c:152:
+0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 
0xcc, 0xcd, 0xce, 0xcf,

ERROR: line over 90 characters
#58: FILE: hw/input/ps2.c:153:
+0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 
0xdc, 0xdd, 0xde, 0xdf,

ERROR: line over 90 characters
#59: FILE: hw/input/ps2.c:154:
+0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 
0xec, 0xed, 0xee, 0xef,

ERROR: line over 90 characters
#60: FILE: hw/input/ps2.c:155:
+0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 
0xfc, 0xfd, 0xfe, 0xff,

total: 16 errors, 0 warnings, 165 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 4/5: ps2: use QEMU qcodes instead of scancodes...
ERROR: if this code is redundant consider removing it
#163: FILE: hw/input/ps2.c:226:
+#if 0

ERROR: if this code is redundant consider removing it
#311: FILE: hw/input/ps2.c:365:
+#if 0

total: 2 errors, 0 warnings, 554 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 5/5: ps2: do not generate invalid key codes for unknown keys...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PATCH] pc: apic: introduce APIC macro

[Wanpeng Li]

From: Wanpeng Li 

Introduce a new APIC macro to replace APIC_COMMON macro in 
hw/intc/apic.c in order to capture access LAPIC in qemu 
even if LAPIC is emulated in kvm.

Suggested-by: Paolo Bonzini 
Cc: Paolo Bonzini 
Cc: Radim Krčmář 
Cc: Michael S. Tsirkin 
Cc: Eduardo Habkost 
Signed-off-by: Wanpeng Li 
---
 hw/intc/apic.c  | 20 ++--
 include/hw/i386/apic_internal.h |  4 
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/hw/intc/apic.c b/hw/intc/apic.c
index 45887d9..577f095 100644
--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
@@ -163,7 +163,7 @@ static void apic_local_deliver(APICCommonState *s, int 
vector)
 
 void apic_deliver_pic_intr(DeviceState *dev, int level)
 {
-APICCommonState *s = APIC_COMMON(dev);
+APICCommonState *s = APIC(dev);
 
 if (level) {
 apic_local_deliver(s, APIC_LVT_LINT0);
@@ -373,7 +373,7 @@ static void apic_update_irq(APICCommonState *s)
 
 void apic_poll_irq(DeviceState *dev)
 {
-APICCommonState *s = APIC_COMMON(dev);
+APICCommonState *s = APIC(dev);
 
 apic_sync_vapic(s, SYNC_FROM_VAPIC);
 apic_update_irq(s);
@@ -479,7 +479,7 @@ static void apic_startup(APICCommonState *s, int vector_num)
 
 void apic_sipi(DeviceState *dev)
 {
-APICCommonState *s = APIC_COMMON(dev);
+APICCommonState *s = APIC(dev);
 
 cpu_reset_interrupt(CPU(s->cpu), CPU_INTERRUPT_SIPI);
 
@@ -493,7 +493,7 @@ static void apic_deliver(DeviceState *dev, uint8_t dest, 
uint8_t dest_mode,
  uint8_t delivery_mode, uint8_t vector_num,
  uint8_t trigger_mode)
 {
-APICCommonState *s = APIC_COMMON(dev);
+APICCommonState *s = APIC(dev);
 uint32_t deliver_bitmask[MAX_APIC_WORDS];
 int dest_shorthand = (s->icr[0] >> 18) & 3;
 APICCommonState *apic_iter;
@@ -550,7 +550,7 @@ static bool apic_check_pic(APICCommonState *s)
 
 int apic_get_interrupt(DeviceState *dev)
 {
-APICCommonState *s = APIC_COMMON(dev);
+APICCommonState *s = APIC(dev);
 int intno;
 
 /* if the APIC is installed or enabled, we let the 8259 handle the
@@ -584,7 +584,7 @@ int apic_get_interrupt(DeviceState *dev)
 
 int apic_accept_pic_intr(DeviceState *dev)
 {
-APICCommonState *s = APIC_COMMON(dev);
+APICCommonState *s = APIC(dev);
 uint32_t lvt0;
 
 if (!s)
@@ -663,7 +663,7 @@ static uint32_t apic_mem_readl(void *opaque, hwaddr addr)
 if (!dev) {
 return 0;
 }
-s = APIC_COMMON(dev);
+s = APIC(dev);
 
 index = (addr >> 4) & 0xff;
 switch(index) {
@@ -766,7 +766,7 @@ static void apic_mem_writel(void *opaque, hwaddr addr, 
uint32_t val)
 if (!dev) {
 return;
 }
-s = APIC_COMMON(dev);
+s = APIC(dev);
 
 trace_apic_mem_writel(addr, val);
 
@@ -870,7 +870,7 @@ static const MemoryRegionOps apic_io_ops = {
 
 static void apic_realize(DeviceState *dev, Error **errp)
 {
-APICCommonState *s = APIC_COMMON(dev);
+APICCommonState *s = APIC(dev);
 
 if (s->id >= MAX_APICS) {
 error_setg(errp, "%s initialization failed. APIC ID %d is invalid",
@@ -889,7 +889,7 @@ static void apic_realize(DeviceState *dev, Error **errp)
 
 static void apic_unrealize(DeviceState *dev, Error **errp)
 {
-APICCommonState *s = APIC_COMMON(dev);
+APICCommonState *s = APIC(dev);
 
 timer_del(s->timer);
 timer_free(s->timer);
diff --git a/include/hw/i386/apic_internal.h b/include/hw/i386/apic_internal.h
index 06c4e9f..5e36016 100644
--- a/include/hw/i386/apic_internal.h
+++ b/include/hw/i386/apic_internal.h
@@ -131,6 +131,10 @@ typedef struct APICCommonState APICCommonState;
 #define APIC_COMMON_GET_CLASS(obj) \
  OBJECT_GET_CLASS(APICCommonClass, (obj), TYPE_APIC_COMMON)
 
+#define TYPE_APIC "apic"
+#define APIC(obj) \
+OBJECT_CHECK(APICCommonState, (obj), TYPE_APIC)
+
 typedef struct APICCommonClass
 {
 DeviceClass parent_class;
-- 
1.9.1

Re: [Qemu-devel] [PATCH v5 2/4] adb.c: add support for QKeyCode

[David Gibson]

On Wed, Aug 17, 2016 at 10:27:48PM -0400, John Arbuckle wrote:
> The old pc scancode translation is replaced with QEMU's QKeyCode. This is just
> a mechanical substitution, which a number of broken mappings left in.
> 
> Signed-off-by: John Arbuckle 
> ---
> *v5 changes
> Merged Power key patch with patch 2/4.
> Moved qemu_input_handler_register() function call to adb_kbd_realizefn()
> function.
> 
> *v4 changes
> Replaced ADB_KEY_LEFT_COMMAND with ADB_KEY_COMMAND.
> Removed ADB_KEY_RIGHT_COMMAND comment.
> 
> *v3 changes
> Kept original pc_to_adb_keycode mapping.
> 
> *v2 changes
> Changed order of this patch.
> 
>  hw/input/adb.c | 234 
> ++---
>  1 file changed, 189 insertions(+), 45 deletions(-)
> 
> diff --git a/hw/input/adb.c b/hw/input/adb.c
> index f0ad0d4..18c220b 100644
> --- a/hw/input/adb.c
> +++ b/hw/input/adb.c
> @@ -25,6 +25,9 @@
>  #include "hw/hw.h"
>  #include "hw/input/adb.h"
>  #include "ui/console.h"
> +#include "include/hw/input/adb-keys.h"
> +#include "ui/input.h"
> +#include "sysemu/sysemu.h"
>  
>  /* debug ADB */
>  //#define DEBUG_ADB
> @@ -187,23 +190,136 @@ typedef struct ADBKeyboardClass {
>  DeviceRealize parent_realize;
>  } ADBKeyboardClass;
>  
> -static const uint8_t pc_to_adb_keycode[256] = {
> -  0, 53, 18, 19, 20, 21, 23, 22, 26, 28, 25, 29, 27, 24, 51, 48,
> - 12, 13, 14, 15, 17, 16, 32, 34, 31, 35, 33, 30, 36, 54,  0,  1,
> -  2,  3,  5,  4, 38, 40, 37, 41, 39, 50, 56, 42,  6,  7,  8,  9,
> - 11, 45, 46, 43, 47, 44,123, 67, 58, 49, 57,122,120, 99,118, 96,
> - 97, 98,100,101,109, 71,107, 89, 91, 92, 78, 86, 87, 88, 69, 83,
> - 84, 85, 82, 65,  0,  0, 10,103,111,  0,  0,110, 81,  0,  0,  0,
> -  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
> -  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
> -  0,  0,  0, 94,  0, 93,  0,  0,  0,  0,  0,  0,104,102,  0,  0,
> -  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0, 76,125,  0,  0,
> -  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,105,  0,  0,  0,  0,  0,
> -  0,  0,  0,  0,  0, 75,  0,  0,124,  0,  0,  0,  0,  0,  0,  0,
> -  0,  0,  0,  0,  0,  0,  0,115, 62,116,  0, 59,  0, 60,  0,119,
> - 61,121,114,117,  0,  0,  0,  0,  0,  0,  0, 55,126,  0,127,  0,
> -  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
> -  0,  0,  0,  0,  0, 95,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
> +int qcode_to_adb_keycode[] = {
> +
> +[Q_KEY_CODE_SHIFT] = ADB_KEY_LEFT_SHIFT,
> +[Q_KEY_CODE_SHIFT_R]   = ADB_KEY_RIGHT_SHIFT,
> +[Q_KEY_CODE_ALT]   = ADB_KEY_LEFT_OPTION,
> +[Q_KEY_CODE_ALT_R] = ADB_KEY_RIGHT_OPTION,
> +[Q_KEY_CODE_ALTGR] = 0,
> +[Q_KEY_CODE_CTRL]  = ADB_KEY_LEFT_CONTROL,
> +[Q_KEY_CODE_CTRL_R]= ADB_KEY_RIGHT_CONTROL,
> +[Q_KEY_CODE_META_L]= ADB_KEY_COMMAND,
> +[Q_KEY_CODE_META_R]= ADB_KEY_COMMAND,
> +[Q_KEY_CODE_SPC]   = ADB_KEY_SPACEBAR,
> +
> +[Q_KEY_CODE_ESC]   = ADB_KEY_ESC,
> +[Q_KEY_CODE_1] = ADB_KEY_1,
> +[Q_KEY_CODE_2] = ADB_KEY_2,
> +[Q_KEY_CODE_3] = ADB_KEY_3,
> +[Q_KEY_CODE_4] = ADB_KEY_4,
> +[Q_KEY_CODE_5] = ADB_KEY_5,
> +[Q_KEY_CODE_6] = ADB_KEY_6,
> +[Q_KEY_CODE_7] = ADB_KEY_7,
> +[Q_KEY_CODE_8] = ADB_KEY_8,
> +[Q_KEY_CODE_9] = ADB_KEY_9,
> +[Q_KEY_CODE_0] = ADB_KEY_0,
> +[Q_KEY_CODE_MINUS] = ADB_KEY_MINUS,
> +[Q_KEY_CODE_EQUAL] = ADB_KEY_EQUAL,
> +[Q_KEY_CODE_BACKSPACE] = ADB_KEY_DELETE,
> +[Q_KEY_CODE_TAB]   = ADB_KEY_TAB,
> +[Q_KEY_CODE_Q] = ADB_KEY_Q,
> +[Q_KEY_CODE_W] = ADB_KEY_W,
> +[Q_KEY_CODE_E] = ADB_KEY_E,
> +[Q_KEY_CODE_R] = ADB_KEY_R,
> +[Q_KEY_CODE_T] = ADB_KEY_T,
> +[Q_KEY_CODE_Y] = ADB_KEY_Y,
> +[Q_KEY_CODE_U] = ADB_KEY_U,
> +[Q_KEY_CODE_I] = ADB_KEY_I,
> +[Q_KEY_CODE_O] = ADB_KEY_O,
> +[Q_KEY_CODE_P] = ADB_KEY_P,
> +[Q_KEY_CODE_BRACKET_LEFT]  = ADB_KEY_LEFT_BRACKET,
> +[Q_KEY_CODE_BRACKET_RIGHT] = ADB_KEY_RIGHT_BRACKET,
> +[Q_KEY_CODE_RET]   = ADB_KEY_RETURN,
> +[Q_KEY_CODE_A] = ADB_KEY_A,
> +[Q_KEY_CODE_S] = ADB_KEY_S,
> +[Q_KEY_CODE_D] = ADB_KEY_D,
> +[Q_KEY_CODE_F] = ADB_KEY_F,
> +[Q_KEY_CODE_G] = ADB_KEY_G,
> +[Q_KEY_CODE_H] = ADB_KEY_H,
> +[Q_KEY_CODE_J] = ADB_KEY_J,
> +[Q_KEY_CODE_K] = ADB_KEY_K,
> +[Q_KEY_CODE_L] = ADB_KEY_L,
> +[Q_KEY_CODE_SEMICOLON] = ADB_KEY_SEMICOLON,
> +[Q_KEY_CODE_APOSTROPHE]= ADB_KEY_APOSTROPHE,
> +[Q_KEY_CODE_GRAVE_ACCENT]  = ADB_KEY_GRAVE_ACCENT,
> +[Q_KEY_CODE_BACKSLASH] = 

Re: [Qemu-devel] [PATCH 0/5] spapr: convert SPAPR devices to trace framework

[David Gibson]

On Wed, Sep 14, 2016 at 08:48:22PM +0200, Laurent Vivier wrote:
> Define and use trace_spapr_XXX functions instead of
> DPRINTF to trace some SPAPR devices: spapr_vio, spapr_drc, spapr_rtas,
> spapr_llan, spapr_vscsi.
> 
> This allows to enable dynamically (instead of recompiling the source)
> the traces for these devices. Messages are close as possible as
> messages used by DPRINTF. Sometime, I've removed some text to
> avoid redundancy between information given by the tracing function name
> and the text displayed. I've also updated print format to use
> the good conversion specifier ('u' instead of 'd' when the type is unsigned,
> PRIx32 instead of 'x' when the type is uint32_t or int32_t, ...)

I've removed the blank likes that Eric Blake mentioned, and applied to
ppc-for-2.8.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 1/3] target-ppc: add TLB_NEED_LOCAL_FLUSH flag

[David Gibson]

On Wed, Sep 14, 2016 at 11:24:00AM +0530, Nikunj A Dadhania wrote:

You need some sort of commit message here.

I'd ignore and apply anyway, except that there are some other things
in later patches that will need a respin.

> Signed-off-by: Nikunj A Dadhania 
> ---
>  target-ppc/cpu.h | 1 +
>  target-ppc/helper_regs.h | 4 ++--
>  target-ppc/mmu-hash64.c  | 4 ++--
>  target-ppc/mmu_helper.c  | 6 +++---
>  4 files changed, 8 insertions(+), 7 deletions(-)
> 
> diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
> index 1e808c8..7dc 100644
> --- a/target-ppc/cpu.h
> +++ b/target-ppc/cpu.h
> @@ -1009,6 +1009,7 @@ struct CPUPPCState {
>  bool tlb_dirty;   /* Set to non-zero when modifying TLB  
> */
>  bool kvm_sw_tlb;  /* non-zero if KVM SW TLB API is active
> */
>  uint32_t tlb_need_flush; /* Delayed flush needed */
> +#define TLB_NEED_LOCAL_FLUSH   0x1
>  #endif
>  
>  /* Other registers */
> diff --git a/target-ppc/helper_regs.h b/target-ppc/helper_regs.h
> index 3d279f1..69204a5 100644
> --- a/target-ppc/helper_regs.h
> +++ b/target-ppc/helper_regs.h
> @@ -157,9 +157,9 @@ static inline int hreg_store_msr(CPUPPCState *env, 
> target_ulong value,
>  static inline void check_tlb_flush(CPUPPCState *env)
>  {
>  CPUState *cs = CPU(ppc_env_get_cpu(env));
> -if (env->tlb_need_flush) {
> -env->tlb_need_flush = 0;
> +if (env->tlb_need_flush & TLB_NEED_LOCAL_FLUSH) {
>  tlb_flush(cs, 1);
> +env->tlb_need_flush &= ~TLB_NEED_LOCAL_FLUSH;
>  }
>  }
>  #else
> diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c
> index 8118143..1f52b64 100644
> --- a/target-ppc/mmu-hash64.c
> +++ b/target-ppc/mmu-hash64.c
> @@ -110,7 +110,7 @@ void helper_slbia(CPUPPCState *env)
>   *  and we still don't have a tlb_flush_mask(env, n, mask)
>   *  in QEMU, we just invalidate all TLBs
>   */
> -env->tlb_need_flush = 1;
> +env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
>  }
>  }
>  }
> @@ -132,7 +132,7 @@ void helper_slbie(CPUPPCState *env, target_ulong addr)
>   *  and we still don't have a tlb_flush_mask(env, n, mask)
>   *  in QEMU, we just invalidate all TLBs
>   */
> -env->tlb_need_flush = 1;
> +env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
>  }
>  }
>  
> diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
> index 696bb03..d59d2f8 100644
> --- a/target-ppc/mmu_helper.c
> +++ b/target-ppc/mmu_helper.c
> @@ -1965,7 +1965,7 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, 
> target_ulong addr)
>   * we just mark the TLB to be flushed later (context synchronizing
>   * event or sync instruction on 32-bit).
>   */
> -env->tlb_need_flush = 1;
> +env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
>  break;
>  #if defined(TARGET_PPC64)
>  case POWERPC_MMU_64B:
> @@ -1979,7 +1979,7 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, 
> target_ulong addr)
>   *  and we still don't have a tlb_flush_mask(env, n, mask) in 
> QEMU,
>   *  we just invalidate all TLBs
>   */
> -env->tlb_need_flush = 1;
> +env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
>  break;
>  #endif /* defined(TARGET_PPC64) */
>  default:
> @@ -2065,7 +2065,7 @@ void helper_store_sr(CPUPPCState *env, target_ulong 
> srnum, target_ulong value)
>  }
>  }
>  #else
> -env->tlb_need_flush = 1;
> +env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
>  #endif
>  }
>  }

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 3/3] target-ppc: tlbie/tlbivax should have global effect

[David Gibson]

On Wed, Sep 14, 2016 at 11:24:02AM +0530, Nikunj A Dadhania wrote:
> tlbie (BookS) and tlbivax (BookE) plus the H_CALLs(pseries) should have
> a global effect.
> 
> Introduces TLB_NEED_GLOBAL_FLUSH flag. During lazy tlb flush, after
> taking care of pending local flushes, check broadcast flush(at context
> synchronizing event ptesync/tlbsync, etc) is needed. Depending on the
> bitmask state of the tlb_need_flush, tlb is flushed from other cpus if
> needed and the flags are cleared.
> 
> Suggested-by: Benjamin Herrenschmidt 
> Signed-off-by: Nikunj A Dadhania 
> ---
>  hw/ppc/spapr_hcall.c |  2 ++
>  target-ppc/cpu.h |  1 +
>  target-ppc/helper_regs.h | 17 +
>  target-ppc/mmu-hash64.c  |  2 +-
>  target-ppc/mmu_helper.c  | 10 +++---
>  target-ppc/translate.c   |  6 ++
>  6 files changed, 34 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index ef12ea0..6144e17 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -319,6 +319,8 @@ static target_ulong h_protect(PowerPCCPU *cpu, 
> sPAPRMachineState *spapr,
>  ppc_hash64_store_hpte(cpu, pte_index,
>(v & ~HPTE64_V_VALID) | HPTE64_V_HPTE_DIRTY, 0);
>  ppc_hash64_tlb_flush_hpte(cpu, pte_index, v, r);
> +/* Flush the tlb */
> +check_tlb_flush(env, 1);
>  /* Don't need a memory barrier, due to qemu's global lock */
>  ppc_hash64_store_hpte(cpu, pte_index, v | HPTE64_V_HPTE_DIRTY, r);
>  return H_SUCCESS;
> diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
> index 7dc..50fe0f5 100644
> --- a/target-ppc/cpu.h
> +++ b/target-ppc/cpu.h
> @@ -1010,6 +1010,7 @@ struct CPUPPCState {
>  bool kvm_sw_tlb;  /* non-zero if KVM SW TLB API is active
> */
>  uint32_t tlb_need_flush; /* Delayed flush needed */
>  #define TLB_NEED_LOCAL_FLUSH   0x1
> +#define TLB_NEED_GLOBAL_FLUSH  0x2
>  #endif
>  
>  /* Other registers */
> diff --git a/target-ppc/helper_regs.h b/target-ppc/helper_regs.h
> index bcf65ce..fd2c961 100644
> --- a/target-ppc/helper_regs.h
> +++ b/target-ppc/helper_regs.h
> @@ -161,6 +161,23 @@ static inline void check_tlb_flush(CPUPPCState *env, 
> uint32_t global)
>  tlb_flush(cs, 1);
>  env->tlb_need_flush &= ~TLB_NEED_LOCAL_FLUSH;
>  }
> +
> +/* Propagate TLB invalidations to other CPUs when the guest uses 
> broadcast
> + * TLB invalidation instructions.
> + */
> +if (global && (env->tlb_need_flush & TLB_NEED_GLOBAL_FLUSH)) {
> +CPUState *other_cs;
> +CPU_FOREACH(other_cs) {
> +if (other_cs != cs) {
> +PowerPCCPU *cpu = POWERPC_CPU(other_cs);
> +CPUPPCState *other_env = >env;
> +
> +other_env->tlb_need_flush &= ~TLB_NEED_LOCAL_FLUSH;
> +tlb_flush(other_cs, 1);
> +}
> +}
> +env->tlb_need_flush &= ~TLB_NEED_GLOBAL_FLUSH;
> +}
>  }
>  #else
>  static inline void check_tlb_flush(CPUPPCState *env, uint32_t global) { }
> diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c
> index 1f52b64..fdb7a78 100644
> --- a/target-ppc/mmu-hash64.c
> +++ b/target-ppc/mmu-hash64.c
> @@ -912,7 +912,7 @@ void ppc_hash64_tlb_flush_hpte(PowerPCCPU *cpu,
>   * invalidate, and we still don't have a tlb_flush_mask(env, n,
>   * mask) in QEMU, we just invalidate all TLBs
>   */
> -tlb_flush(CPU(cpu), 1);
> +cpu->env.tlb_need_flush = TLB_NEED_GLOBAL_FLUSH | TLB_NEED_LOCAL_FLUSH;
>  }
>  
>  void ppc_hash64_update_rmls(CPUPPCState *env)
> diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
> index bf9f329..1dd057a 100644
> --- a/target-ppc/mmu_helper.c
> +++ b/target-ppc/mmu_helper.c
> @@ -2757,7 +2757,7 @@ static inline void 
> booke206_invalidate_ea_tlb(CPUPPCState *env, int tlbn,
>  
>  void helper_booke206_tlbivax(CPUPPCState *env, target_ulong address)
>  {
> -PowerPCCPU *cpu = ppc_env_get_cpu(env);
> +CPUState *cs;
>  
>  if (address & 0x4) {
>  /* flush all entries */
> @@ -2774,11 +2774,15 @@ void helper_booke206_tlbivax(CPUPPCState *env, 
> target_ulong address)
>  if (address & 0x8) {
>  /* flush TLB1 entries */
>  booke206_invalidate_ea_tlb(env, 1, address);
> -tlb_flush(CPU(cpu), 1);
> +CPU_FOREACH(cs) {
> +tlb_flush(cs, 1);
> +}
>  } else {
>  /* flush TLB0 entries */
>  booke206_invalidate_ea_tlb(env, 0, address);
> -tlb_flush_page(CPU(cpu), address & MAS2_EPN_MASK);
> +CPU_FOREACH(cs) {
> +tlb_flush_page(cs, address & MAS2_EPN_MASK);
> +}

Why are these explicit CPU_FOREACH()s instead of using the flags
you've just built?

>  }
>  }
>  
> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> index 5026804..d96ff66 100644
> --- a/target-ppc/translate.c
> +++ b/target-ppc/translate.c
> @@ -4448,6 +4448,7 

Re: [Qemu-devel] [PATCH] MAINTAINERS: add sPAPR tests

[David Gibson]

On Wed, Sep 14, 2016 at 01:23:57PM +0200, Greg Kurz wrote:
> Signed-off-by: Greg Kurz 

Applied to ppc-for-2.8, thanks.

> ---
>  MAINTAINERS |4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 13b882ba01ce..6552ccde3ee1 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -625,6 +625,10 @@ F: pc-bios/spapr-rtas.bin
>  F: pc-bios/slof.bin
>  F: docs/specs/ppc-spapr-hcalls.txt
>  F: docs/specs/ppc-spapr-hotplug.txt
> +F: tests/spapr*
> +F: tests/libqos/*spapr*
> +F: tests/rtas*
> +F: tests/libqos/rtas*
>  
>  virtex_ml507
>  M: Edgar E. Iglesias 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 5/5] spapr_vscsi: convert to trace framework instead of DPRINTF

[David Gibson]

On Wed, Sep 14, 2016 at 09:56:47PM +0200, Thomas Huth wrote:
> On 14.09.2016 20:48, Laurent Vivier wrote:
> > Signed-off-by: Laurent Vivier 
> > ---
> >  hw/scsi/spapr_vscsi.c | 89 
> > +--
> >  hw/scsi/trace-events  | 27 
> >  2 files changed, 63 insertions(+), 53 deletions(-)
> > 
> > diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c
> > index 8fbd50f..29fef90 100644
> > --- a/hw/scsi/spapr_vscsi.c
> > +++ b/hw/scsi/spapr_vscsi.c
> 
> While you're at it: There is a stray fprintf statement at the beginning
> of vscsi_process_tsk_mgmt() which is rather a debug statement than
> really something that should be printed always ... could you please turn
> that into a trace event, too?

That would be a good idea, but I'd prefer to see it as a follow up patch.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 2/3] target-ppc: add flag in chech_tlb_flush()

[David Gibson]

On Wed, Sep 14, 2016 at 11:24:01AM +0530, Nikunj A Dadhania wrote:
> We flush the qemu TLB lazily. check_tlb_flush is called whenever we hit
> a context synchronizing event or instruction that requires a pending
> flush to be performed.
> 
> However, we fail to handle broadcast TLB flush operations. In order to
> fix that efficiently, we want to differenciate whether check_tlb_flush()
> needs to only apply pending local flushes (isync instructions,
> interrupts, ...) or also global pending flush operations. The latter is
> only needed when executing instructions that are defined architecturally
> as synchronizing global TLB flush operations. This in our case is
> ptesync on BookS and tlbsync on BookE along with the paravirtualized
> hypervisor calls.

Much better description, thank you.

> 
> Signed-off-by: Nikunj A Dadhania 
> ---
>  hw/ppc/spapr_hcall.c |  4 ++--
>  target-ppc/excp_helper.c |  4 ++--
>  target-ppc/helper.h  |  2 +-
>  target-ppc/helper_regs.h |  4 ++--
>  target-ppc/mmu_helper.c  |  4 ++--
>  target-ppc/translate.c   | 20 ++--
>  6 files changed, 19 insertions(+), 19 deletions(-)
> 
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index 73af112..ef12ea0 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -201,7 +201,7 @@ static target_ulong h_remove(PowerPCCPU *cpu, 
> sPAPRMachineState *spapr,
>  
>  switch (ret) {
>  case REMOVE_SUCCESS:
> -check_tlb_flush(env);
> +check_tlb_flush(env, 1);
>  return H_SUCCESS;
>  
>  case REMOVE_NOT_FOUND:
> @@ -282,7 +282,7 @@ static target_ulong h_bulk_remove(PowerPCCPU *cpu, 
> sPAPRMachineState *spapr,
>  }
>  }
>   exit:
> -check_tlb_flush(env);
> +check_tlb_flush(env, 1);
>  
>  return rc;
>  }
> diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
> index 04ed4da..3b78126 100644
> --- a/target-ppc/excp_helper.c
> +++ b/target-ppc/excp_helper.c
> @@ -711,7 +711,7 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
> excp_model, int excp)
>  /* Any interrupt is context synchronizing, check if TCG TLB
>   * needs a delayed flush on ppc64
>   */
> -check_tlb_flush(env);
> +check_tlb_flush(env, 0);
>  }
>  
>  void ppc_cpu_do_interrupt(CPUState *cs)
> @@ -973,7 +973,7 @@ static inline void do_rfi(CPUPPCState *env, target_ulong 
> nip, target_ulong msr)
>  cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
>  
>  /* Context synchronizing: check if TCG TLB needs flush */
> -check_tlb_flush(env);
> +check_tlb_flush(env, 0);
>  }
>  
>  void helper_rfi(CPUPPCState *env)
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index e75d070..5ececf1 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -18,7 +18,7 @@ DEF_HELPER_1(rfid, void, env)
>  DEF_HELPER_1(hrfid, void, env)
>  DEF_HELPER_2(store_lpcr, void, env, tl)
>  #endif
> -DEF_HELPER_1(check_tlb_flush, void, env)
> +DEF_HELPER_2(check_tlb_flush, void, env, i32)
>  #endif
>  
>  DEF_HELPER_3(lmw, void, env, tl, i32)
> diff --git a/target-ppc/helper_regs.h b/target-ppc/helper_regs.h
> index 69204a5..bcf65ce 100644
> --- a/target-ppc/helper_regs.h
> +++ b/target-ppc/helper_regs.h
> @@ -154,7 +154,7 @@ static inline int hreg_store_msr(CPUPPCState *env, 
> target_ulong value,
>  }
>  
>  #if !defined(CONFIG_USER_ONLY)
> -static inline void check_tlb_flush(CPUPPCState *env)
> +static inline void check_tlb_flush(CPUPPCState *env, uint32_t global)
>  {
>  CPUState *cs = CPU(ppc_env_get_cpu(env));
>  if (env->tlb_need_flush & TLB_NEED_LOCAL_FLUSH) {
> @@ -163,7 +163,7 @@ static inline void check_tlb_flush(CPUPPCState *env)
>  }
>  }
>  #else
> -static inline void check_tlb_flush(CPUPPCState *env) { }
> +static inline void check_tlb_flush(CPUPPCState *env, uint32_t global) { }
>  #endif
>  
>  #endif /* HELPER_REGS_H */
> diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
> index d59d2f8..bf9f329 100644
> --- a/target-ppc/mmu_helper.c
> +++ b/target-ppc/mmu_helper.c
> @@ -2867,9 +2867,9 @@ void helper_booke206_tlbflush(CPUPPCState *env, 
> target_ulong type)
>  }
>  
>  
> -void helper_check_tlb_flush(CPUPPCState *env)
> +void helper_check_tlb_flush(CPUPPCState *env, unsigned int global)

You're using an unsigned int for the flag here, but uint32_t for
check_tlb_flush(), which is a needless inconsistency.

You might as well make them both bools, since that's how it's actually
being used.  As a general rule don't use fixed width types unless you
actually *need* the fixed width - the type choices are part of the
interface documentation and using a fixed width type when you don't
need it sends a misleading message.

>  {
> -check_tlb_flush(env);
> +check_tlb_flush(env, global);
>  }
>  
>  
> /*/
> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> index a27f455..5026804 100644
> --- 

Re: [Qemu-devel] [PATCH 5/5] spapr_vscsi: convert to trace framework instead of DPRINTF

[David Gibson]

On Wed, Sep 14, 2016 at 03:09:31PM -0500, Eric Blake wrote:
> On 09/14/2016 01:48 PM, Laurent Vivier wrote:
> > Signed-off-by: Laurent Vivier 
> > ---
> >  hw/scsi/spapr_vscsi.c | 89 
> > +--
> >  hw/scsi/trace-events  | 27 
> >  2 files changed, 63 insertions(+), 53 deletions(-)
> > 
> 
> > +++ b/hw/scsi/trace-events
> > @@ -202,3 +202,30 @@ esp_pci_dma_abort(uint32_t val) "ABORT (%.8x)"
> >  esp_pci_dma_start(uint32_t val) "START (%.8x)"
> >  esp_pci_sbac_read(uint32_t reg) "sbac: 0x%8.8x"
> >  esp_pci_sbac_write(uint32_t reg, uint32_t val) "sbac: 0x%8.8x -> 0x%8.8x"
> > +
> > +# hw/scsi/spapr_vscsi.c
> > +
> > +spapr_vscsi_send_rsp(uint8_t status, int32_t res_in, int32_t res_out) 
> > "status: 0x%x, res_in: %"PRId32", res_out: %"PRId32
> 
> Same as before.

I've removed these blank lines as I merged.

> > +spapr_vscsi_fetch_desc_no_data(void) "no data descriptor"
> > +spapr_vscsi_fetch_desc_direct(void) "direct segment"
> > +spapr_vscsi_fetch_desc_indirect(uint32_t qtag, unsigned desc, unsigned 
> > local_desc) "indirect segment local tag=0x%"PRIx32" desc#%u/%u"
> > +spapr_vscsi_fetch_desc_out_of_range(unsigned desc, unsigned desc_offset) 
> > "#%u is ouf of range (%u bytes)"
> > +spapr_vscsi_fetch_desc_dma_read_error(int rc) "spapr_vio_dma_read -> %d 
> > reading ext_desc"
> > +spapr_vscsi_fetch_desc_indirect_seg_ext(uint32_t qtag, unsigned n, 
> > unsigned desc, uint64_t va, uint32_t len) "indirect segment ext. 
> > tag=0x%"PRIx32" desc#%u/%u { va=0x%"PRIx64" len=0x%"PRIx32" }"
> > +spapr_vscsi_fetch_desc_out_of_desc(void) "Out of descriptors !"
> 
> Probably worth dropping the ' !' while touching this (first, English
> doesn't want space before !; second, ! usually means you are shouting at
> the user, and doesn't appear in many other traces as a result).

That's a good change, but I'd prefer to see it as a follow up patch.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 4/6] trace: remove global 'uint16 dstate[]' array

[Lluís Vilanova]

Daniel P Berrange writes:

> Instead of having a global dstate array, declare a single
> 'uint16 TRACE_${EVENT_NAME}_DSTATE' variable for each
> trace event. Record a pointer to this variable in the
> TraceEvent struct too.

> By turning trace_event_get_state_dynamic_by_id into a
> macro, this still hits the fast path, and cache affinity
> is ensured by declaring all the uint16 vars adjacent to
> each other.

> Signed-off-by: Daniel P. Berrange 
> ---
>  scripts/tracetool/format/events_c.py |  6 +-
>  scripts/tracetool/format/events_h.py |  3 +++
>  stubs/trace-control.c|  9 -
>  trace/control-internal.h | 14 --
>  trace/control-target.c   | 20 
>  trace/control.c  | 11 ++-
>  trace/event-internal.h   |  6 ++
>  7 files changed, 32 insertions(+), 37 deletions(-)

> diff --git a/scripts/tracetool/format/events_c.py 
> b/scripts/tracetool/format/events_c.py
> index 4012063..a2f457f 100644
> --- a/scripts/tracetool/format/events_c.py
> +++ b/scripts/tracetool/format/events_c.py
> @@ -25,6 +25,9 @@ def generate(events, backend):
>  '#include "trace/control.h"',
>  '')
 
> +for e in events:
> +out('uint16_t TRACE_%s_DSTATE;' % e.name.upper())
> +
>  out('TraceEvent trace_events[TRACE_EVENT_COUNT] = {')
 
>  for e in events:

I would emit an "obviously non-public" variable name, like
___TRACE_%s_dstate. The "TRACE_%s" is only necesary for consistency with the
"public name" and macro trickery on the fast path.

To make naming consistency easier to track, you can use Event.api(), which needs
only a small extension ("scripts/tracetool/__init__.py"):

QEMU_TRACE   = "trace_%(name)s"
QEMU_TRACE_TCG   = QEMU_TRACE + "_tcg"

QEMU_DSTATE  = "___TRACE_%(NAME)s_dstate"

def api(self, fmt=None):
if fmt is None:
fmt = Event.QEMU_TRACE
return fmt % {"name": self.name, "NAME": self.name.upper()}

Then change all the places where you generate the dstate symbol name to
something like:

out('uint16_t ' + e.api(e.QEMU_DSTATE)) + ';')


> @@ -34,7 +37,8 @@ def generate(events, backend):
>  vcpu_id = "TRACE_VCPU_EVENT_COUNT"
>  out('{ .id = %(id)s, .vcpu_id = %(vcpu_id)s,'
>  ' .name = \"%(name)s\",'
> -' .sstate = %(sstate)s },',
> +' .sstate = %(sstate)s,',
> +' .dstate = &%(id)s_DSTATE, }, ',
>  id = "TRACE_" + e.name.upper(),
>  vcpu_id = vcpu_id,
>  name = e.name,
> diff --git a/scripts/tracetool/format/events_h.py 
> b/scripts/tracetool/format/events_h.py
> index a9da60b..193b02c 100644
> --- a/scripts/tracetool/format/events_h.py
> +++ b/scripts/tracetool/format/events_h.py
> @@ -32,6 +32,9 @@ def generate(events, backend):
>  out('TRACE_EVENT_COUNT',
>  '} TraceEventID;')
 
> +for e in events:
> +out('extern uint16_t TRACE_%s_DSTATE;' % e.name.upper())
> +
>  # per-vCPU event identifiers
>  out('typedef enum {')
 
Idem on the two above.


[...]
> diff --git a/trace/control-internal.h b/trace/control-internal.h
> index 7f31e39..1446498 100644
> --- a/trace/control-internal.h
> +++ b/trace/control-internal.h
> @@ -16,7 +16,6 @@
 
 
>  extern TraceEvent trace_events[];
> -extern uint16_t trace_events_dstate[];
>  extern int trace_events_enabled_count;
 
 
> @@ -54,18 +53,13 @@ static inline bool 
> trace_event_get_state_static(TraceEvent *ev)
>  return ev->sstate;
>  }
 
> -static inline bool trace_event_get_state_dynamic_by_id(TraceEventID id)
> -{
> -/* it's on fast path, avoid consistency checks (asserts) */
> -return unlikely(trace_events_enabled_count) && trace_events_dstate[id];
> -}
> +/* it's on fast path, avoid consistency checks (asserts) */
> +#define trace_event_get_state_dynamic_by_id(id) \
> +(unlikely(trace_events_enabled_count) && id ## _DSTATE)
 
>  static inline bool trace_event_get_state_dynamic(TraceEvent *ev)
>  {
> -TraceEventID id;
> -assert(trace_event_get_state_static(ev));
> -id = trace_event_get_id(ev);
> -return trace_event_get_state_dynamic_by_id(id);
> +return unlikely(trace_events_enabled_count) && *ev->dstate;

This one is not on the fast path, so there's no need for the first part of the
AND (shouldn't hurt performance to keep it either).


>  }
 
>  static inline bool trace_event_get_vcpu_state_dynamic_by_vcpu_id(CPUState 
> *vcpu,
[...]

All the rest (snipped from this mail) looks good.

Cheers,
  Lluis

Re: [Qemu-devel] [PATCH v2 6/6] trace: use -1 instead of TRACE_VCPU_EVENT_COUNT as magic value

[Lluís Vilanova]

Daniel P Berrange writes:

> The TraceEvent struct vcpu_id field uses the constant
> TRACE_VCPU_EVENT_COUNT as a magic value to indicate this
> is not a per-VCPU event. The max count value will be
> different for each event group though, so this is no
> longer suitable. Instead use the value (size_t)-1 which
> is guaranteed to be available across all event groups.

The tracetool script should assert used vcpu IDs never reach ~0. Also, this
patch is better sent with your actual event group patches (see comments on patch
5).

Cheers,
  Lluis

Re: [Qemu-devel] [PATCH v2 5/6] trace: remove use of event ID enums from APIs

[Lluís Vilanova]

Daniel P Berrange writes:

> Since there will shortly be multiple event groups allowed,
> we can no longer use the TraceEventID and TraceEventVCPUID
> enums in the trace control APIs. There will in fact be
> multiple distinct enums, and the enum values will only be
> required to be unique per group.

This patch serves no purpose without the event group patches.

Also, AFAIR TraceEventVCPUID still needs to be a flat space (they're all used as
bitmask indexes), so keeping the enum won't lose any re-compilation benefit.

And without wanting to sound like a broken record, you can make the
"TRACE_${EVENTNAME}" IDs be global Event* variables (statically initialized in
"trace/generated-events.c"). That still allows using their names in the macros,
avoids having a (two-level) tree of events, and eliminates the need for the
Event::id member (and the trace_event_get_id() function).


Cheers,
  Lluis


[...]
> diff --git a/trace/simple.c b/trace/simple.c
> index 2f09daf..6e8013c 100644
> --- a/trace/simple.c
> +++ b/trace/simple.c
> @@ -18,7 +18,7 @@
>  #include "trace/simple.h"
 
>  /** Trace file header event ID */
> -#define HEADER_EVENT_ID (~(uint64_t)0) /* avoids conflicting with 
> TraceEventIDs */
> +#define HEADER_EVENT_ID (~(uint64_t)0) /* avoids conflicting with event IDs 
> */
 
>  /** Trace file magic number */
>  #define HEADER_MAGIC 0xf2b177cb0aa429b4ULL
> @@ -58,7 +58,7 @@ static char *trace_file_name;
 
>  /* * Trace buffer entry */
>  typedef struct {
> -uint64_t event; /*   TraceEventID */
> +uint64_t event; /*  event ID */
>  uint64_t timestamp_ns;
>  uint32_t length;   /*in bytes */
>  uint32_t pid;
> @@ -202,7 +202,7 @@ void trace_record_write_str(TraceBufferRecord *rec, const 
> char *s, uint32_t slen
rec-> rec_off = write_to_buffer(rec->rec_off, (void*)s, slen);
>  }
 
> -int trace_record_start(TraceBufferRecord *rec, TraceEventID event, size_t 
> datasize)
> +int trace_record_start(TraceBufferRecord *rec, uint32_t event, size_t 
> datasize)
>  {
>  unsigned int idx, rec_off, old_idx, new_idx;
>  uint32_t rec_len = sizeof(TraceRecord) + datasize;
> diff --git a/trace/simple.h b/trace/simple.h
> index 1e7de45..17ce472 100644
> --- a/trace/simple.h
> +++ b/trace/simple.h
> @@ -33,7 +33,7 @@ typedef struct {
>   *
>   * @arglen  number of bytes required for arguments
>   */
> -int trace_record_start(TraceBufferRecord *rec, TraceEventID id, size_t 
> arglen);
> +int trace_record_start(TraceBufferRecord *rec, uint32_t id, size_t arglen);
 
>  /**
>   * Append a 64-bit argument to a trace record

Not incorrect, but it's weird that the simple backend emits 64-bit identifiers
while QEMU uses 32-bit ones.


Cheers,
  Lluis

Re: [Qemu-devel] [PATCH 0/5] ps2: fix keyboard set 3 and misc improvements

[no-reply]

Hi,

Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 1473890265-3304-1-git-send-email-hpous...@reactos.org
Subject: [Qemu-devel] [PATCH 0/5] ps2: fix keyboard set 3 and misc improvements

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
make J=8 docker-test-quick@centos6
make J=8 docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
f897257 ps2: do not generate invalid key codes for unknown keys
8a471af ps2: use QEMU qcodes instead of scancodes
af3f9d4 ps2: allow keycode translation for all scancode sets
0efd0b0 ps2: correctly handle 'get/set scancode' command
dcc6e28 ps2: reject unknown commands, instead of blindly accepting them

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
  BUILD centos6
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPY RUNNER
  RUN test-quick in centos6
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/src/tests/docker/install
BIOS directory/tmp/qemu-test/src/tests/docker/install/share/qemu
binary directory  /tmp/qemu-test/src/tests/docker/install/bin
library directory /tmp/qemu-test/src/tests/docker/install/lib
module directory  /tmp/qemu-test/src/tests/docker/install/lib/qemu
libexec directory /tmp/qemu-test/src/tests/docker/install/libexec
include directory /tmp/qemu-test/src/tests/docker/install/include
config directory  /tmp/qemu-test/src/tests/docker/install/etc
local state directory   /tmp/qemu-test/src/tests/docker/install/var
Manual directory  /tmp/qemu-test/src/tests/docker/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-fPIE -DPIE -m64 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels -Wmissing-include-dirs 
-Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition 
-Wtype-limits -fstack-protector-all
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi supportno
bluez  supportno
Documentation no
PIE   yes
vde support   no
netmap supportno
Linux AIO support no
ATTR/XATTR support yes
Install blobs yes
KVM support   yes
RDMA support  no
TCG interpreter   no
fdt support   yes
preadv supportyes
fdatasync yes
madvise   yes
posix_madvise yes
uuid support  no
libcap-ng support no
vhost-net support yes
vhost-scsi support yes
vhost-vsock support yes
Trace backendslog
spice support no 
rbd support   no
xfsctl supportno
smartcard support no
libusbno
usb net redir no
OpenGL supportno
OpenGL dmabufsno
libiscsi support  no
libnfs supportno
build guest agent yes
QGA VSS support   no
QGA w32 disk info no
QGA MSI support   no
seccomp support   no
coroutine backend ucontext
coroutine poolyes
GlusterFS support no
Archipelago support no
gcov  gcov
gcov enabled  no
TPM support   yes
libssh2 support   no
TPM passthrough   yes
QOM debugging yes
vhdx  no
lzo support   no
snappy supportno
bzip2 support no
NUMA host support no
tcmalloc support  no
jemalloc support  no
avx2 optimization no
replication support yes
  GEN   x86_64-softmmu/config-devices.mak.tmp
  GEN   

Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region

[Brijesh Singh]

So looking at code, i have impression that write will go through the
cpu_physical_memory_write_rom but the read will still go through
address_space_rw which will eventually invoke address_space_read.


Yes, you'd have to modify it a bit.  Something like



Sure this will works, thanks for the snippet.


diff --git a/exec.c b/exec.c
index c8389f9..9fc9cef 100644
--- a/exec.c
+++ b/exec.c
@@ -2689,7 +2689,7 @@ enum write_rom_type {
 FLUSH_CACHE,
 };

-static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
+static inline void cpu_physical_memory_rw_debug_internal(AddressSpace *as,
 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
 {
 hwaddr l;
@@ -2705,12 +2705,24 @@ static inline void 
cpu_physical_memory_write_rom_internal(AddressSpace *as,
 if (!(memory_region_is_ram(mr) ||
   memory_region_is_romd(mr))) {
 l = memory_access_size(mr, l, addr1);
+/* Pass MMIO down to address_space_rw.  */
+switch (type) {
+case READ_DATA:
+case WRITE_DATA:
+/* ... set debug in attrs (not necessary anymore perhaps?) */
+address_space_rw(as, addr, attrs, buf, l, type == WRITE_DATA);
+break;
+case FLUSH_CACHE:
+break;
+}
 } else {
 /* ROM/RAM case */
 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
 switch (type) {
+case READ_DATA:
+/* ... call hook ... */
 case WRITE_DATA:
-memcpy(ptr, buf, l);
+/* ... call hook ... */
 invalidate_and_set_dirty(mr, addr1, l);
 break;
 case FLUSH_CACHE:
@@ -2729,7 +2739,7 @@ static inline void 
cpu_physical_memory_write_rom_internal(AddressSpace *as,
 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
const uint8_t *buf, int len)
 {
-cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
+cpu_physical_memory_rw_debug_internal(as, addr, buf, len, WRITE_DATA);
 }

 void cpu_flush_icache_range(hwaddr start, int len)
@@ -2744,8 +2754,8 @@ void cpu_flush_icache_range(hwaddr start, int len)
 return;
 }

-cpu_physical_memory_write_rom_internal(_space_memory,
-   start, NULL, len, FLUSH_CACHE);
+cpu_physical_memory_rw_debug_internal(_space_memory,
+  start, NULL, len, FLUSH_CACHE);
 }

 typedef struct {
@@ -3568,6 +3578,7 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
 int l;
 hwaddr phys_addr;
 target_ulong page;
+int mode = is_write ? WRITE_DATA : READ_DATA;

 while (len > 0) {
 int asidx;
@@ -3583,14 +3594,9 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
 if (l > len)
 l = len;
 phys_addr += (addr & ~TARGET_PAGE_MASK);
-if (is_write) {
-cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
-  phys_addr, buf, l);
-} else {
-address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
- MEMTXATTRS_UNSPECIFIED,
- buf, l, 0);
-}
+cpu_physical_memory_rw_debug_internal(cpu->cpu_ases[asidx].as,
+  phys_addr, buf, l,
+  mode);
 len -= l;
 buf += l;
 addr += l;

Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region

[Paolo Bonzini]

On 15/09/2016 00:06, Brijesh Singh wrote:
> 
> here is what I see:
> 
> int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
> uint8_t *buf, int len, int is_write)
> {
>   
> 
>if (is_write)
>cpu_physical_memory_write_rom_internal()
> else
>address_space_rw()
> 
>.
> 
> }
> 
> So looking at code, i have impression that write will go through the
> cpu_physical_memory_write_rom but the read will still go through
> address_space_rw which will eventually invoke address_space_read.

Yes, you'd have to modify it a bit.  Something like

diff --git a/exec.c b/exec.c
index c8389f9..9fc9cef 100644
--- a/exec.c
+++ b/exec.c
@@ -2689,7 +2689,7 @@ enum write_rom_type {
 FLUSH_CACHE,
 };
 
-static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
+static inline void cpu_physical_memory_rw_debug_internal(AddressSpace *as,
 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
 {
 hwaddr l;
@@ -2705,12 +2705,24 @@ static inline void 
cpu_physical_memory_write_rom_internal(AddressSpace *as,
 if (!(memory_region_is_ram(mr) ||
   memory_region_is_romd(mr))) {
 l = memory_access_size(mr, l, addr1);
+/* Pass MMIO down to address_space_rw.  */
+switch (type) {
+case READ_DATA:
+case WRITE_DATA:
+/* ... set debug in attrs (not necessary anymore perhaps?) */
+address_space_rw(as, addr, attrs, buf, l, type == WRITE_DATA);
+break;
+case FLUSH_CACHE:
+break;
+}
 } else {
 /* ROM/RAM case */
 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
 switch (type) {
+case READ_DATA:
+/* ... call hook ... */
 case WRITE_DATA:
-memcpy(ptr, buf, l);
+/* ... call hook ... */
 invalidate_and_set_dirty(mr, addr1, l);
 break;
 case FLUSH_CACHE:
@@ -2729,7 +2739,7 @@ static inline void 
cpu_physical_memory_write_rom_internal(AddressSpace *as,
 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
const uint8_t *buf, int len)
 {
-cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
+cpu_physical_memory_rw_debug_internal(as, addr, buf, len, WRITE_DATA);
 }
 
 void cpu_flush_icache_range(hwaddr start, int len)
@@ -2744,8 +2754,8 @@ void cpu_flush_icache_range(hwaddr start, int len)
 return;
 }
 
-cpu_physical_memory_write_rom_internal(_space_memory,
-   start, NULL, len, FLUSH_CACHE);
+cpu_physical_memory_rw_debug_internal(_space_memory,
+  start, NULL, len, FLUSH_CACHE);
 }
 
 typedef struct {
@@ -3568,6 +3578,7 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
 int l;
 hwaddr phys_addr;
 target_ulong page;
+int mode = is_write ? WRITE_DATA : READ_DATA;
 
 while (len > 0) {
 int asidx;
@@ -3583,14 +3594,9 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
 if (l > len)
 l = len;
 phys_addr += (addr & ~TARGET_PAGE_MASK);
-if (is_write) {
-cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
-  phys_addr, buf, l);
-} else {
-address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
- MEMTXATTRS_UNSPECIFIED,
- buf, l, 0);
-}
+cpu_physical_memory_rw_debug_internal(cpu->cpu_ases[asidx].as,
+  phys_addr, buf, l,
+  mode);
 len -= l;
 buf += l;
 addr += l;

Re: [Qemu-devel] [PATCH v2 3/6] trace: remove some now unused functions

[Lluís Vilanova]

Daniel P Berrange writes:

> The trace_event_count, trace_event_id and
> trace_event_pattern methods are no longer required
> now that everything is using the iterator APIs

> The trace_event_set_state and trace_event_set_vcpu_state
> macros were also unused.

> Signed-off-by: Daniel P. Berrange 

Reviewed-by: Lluís Vilanova 


> ---
>  trace/control-internal.h | 11 -
>  trace/control.c  | 22 --
>  trace/control.h  | 59 
> 
>  3 files changed, 92 deletions(-)

> diff --git a/trace/control-internal.h b/trace/control-internal.h
> index a4e5f4a..7f31e39 100644
> --- a/trace/control-internal.h
> +++ b/trace/control-internal.h
> @@ -20,17 +20,6 @@ extern uint16_t trace_events_dstate[];
>  extern int trace_events_enabled_count;
 
 
> -static inline TraceEventID trace_event_count(void)
> -{
> -return TRACE_EVENT_COUNT;
> -}
> -
> -static inline TraceEvent *trace_event_id(TraceEventID id)
> -{
> -assert(id < trace_event_count());
> -return _events[id];
> -}
> -
>  static inline bool trace_event_is_pattern(const char *str)
>  {
>  assert(str != NULL);
> diff --git a/trace/control.c b/trace/control.c
> index 8fa7ed6..e9a64d0 100644
> --- a/trace/control.c
> +++ b/trace/control.c
> @@ -102,28 +102,6 @@ static bool pattern_glob(const char *pat, const char *ev)
>  }
>  }
 
> -TraceEvent *trace_event_pattern(const char *pat, TraceEvent *ev)
> -{
> -assert(pat != NULL);
> -
> -bool matched = ev ? false : true;
> -TraceEventIter iter;
> -TraceEvent *thisev;
> -trace_event_iter_init(, NULL);
> -while ((thisev = trace_event_iter_next()) != NULL) {
> -if (matched) {
> -if (pattern_glob(pat, trace_event_get_name(thisev))) {
> -return thisev;
> -}
> -} else {
> -if (ev == thisev) {
> -matched = true;
> -}
> -}
> -}
> -
> -return NULL;
> -}
 
>  void trace_event_iter_init(TraceEventIter *iter, const char *pattern)
>  {
> diff --git a/trace/control.h b/trace/control.h
> index c71b405..e80c220 100644
> --- a/trace/control.h
> +++ b/trace/control.h
> @@ -52,21 +52,6 @@ void trace_event_iter_init(TraceEventIter *iter, const 
> char *pattern);
>   */
>  TraceEvent *trace_event_iter_next(TraceEventIter *iter);
 
> -/**
> - * trace_event_id:
> - * @id: Event identifier.
> - *
> - * Get an event by its identifier.
> - *
> - * This routine has a constant cost, as opposed to trace_event_name and
> - * trace_event_pattern.
> - *
> - * Pre-conditions: The identifier is valid.
> - *
> - * Returns: pointer to #TraceEvent.
> - *
> - */
> -static TraceEvent *trace_event_id(TraceEventID id);
 
>  /**
>   * trace_event_name:
> @@ -79,31 +64,12 @@ static TraceEvent *trace_event_id(TraceEventID id);
>  TraceEvent *trace_event_name(const char *name);
 
>  /**
> - * trace_event_pattern:
> - * @pat: Event name pattern.
> - * @ev: Event to start searching from (not included).
> - *
> - * Get all events with a given name pattern.
> - *
> - * Returns: pointer to #TraceEvent or NULL if not found.
> - */
> -TraceEvent *trace_event_pattern(const char *pat, TraceEvent *ev);
> -
> -/**
>   * trace_event_is_pattern:
>   *
>   * Whether the given string is an event name pattern.
>   */
>  static bool trace_event_is_pattern(const char *str);
 
> -/**
> - * trace_event_count:
> - *
> - * Return the number of events.
> - */
> -static TraceEventID trace_event_count(void);
> -
> -
 
>  /**
>   * trace_event_get_id:
> @@ -194,31 +160,6 @@ static bool trace_event_get_state_dynamic(TraceEvent 
> *ev);
>   */
>  static bool trace_event_get_vcpu_state_dynamic(CPUState *vcpu, TraceEvent 
> *ev);
 
> -/**
> - * trace_event_set_state:
> - *
> - * Set the tracing state of an event (only if possible).
> - */
> -#define trace_event_set_state(id, state)\
> -do {\
> -if ((id ##_ENABLED)) {  \
> -TraceEvent *_e = trace_event_id(id);\
> -trace_event_set_state_dynamic(_e, state);   \
> -}   \
> -} while (0)
> -
> -/**
> - * trace_event_set_vcpu_state:
> - *
> - * Set the tracing state of an event for the given vCPU (only if not 
> disabled).
> - */
> -#define trace_event_set_vcpu_state(vcpu, id, state) \
> -do {\
> -if ((id ##_ENABLED)) {  \
> -TraceEvent *_e = trace_event_id(id);\
> -trace_event_set_vcpu_state_dynamic(vcpu, _e, state);\
> -}   \
> -} while (0)
 
>  /**
>   * trace_event_set_state_dynamic:
> -- 
> 2.7.4

Re: [Qemu-devel] [PATCH v2 2/6] trace: convert code to use event iterators

[Lluís Vilanova]

Daniel P Berrange writes:

> This converts the HMP/QMP monitor API implementations
> and some internal trace control methods to use the new
> trace event iterator APIs.

> Reviewed-by: Stefan Hajnoczi 
> Signed-off-by: Daniel P. Berrange 
> ---
>  monitor.c   | 16 ++
>  trace/control.c | 94 
> ++---
>  trace/qmp.c | 16 ++
>  3 files changed, 76 insertions(+), 50 deletions(-)

> diff --git a/monitor.c b/monitor.c
> index 5c00373..7b979a6 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -3335,9 +3335,11 @@ void info_trace_events_completion(ReadLineState *rs, 
> int nb_args, const char *st
>  len = strlen(str);
>  readline_set_completion_index(rs, len);
>  if (nb_args == 2) {
> -TraceEventID id;
> -for (id = 0; id < trace_event_count(); id++) {
> -const char *event_name = 
> trace_event_get_name(trace_event_id(id));
> +TraceEventIter iter;
> +TraceEvent *ev;
> +trace_event_iter_init(, NULL);
> +while ((ev = trace_event_iter_next()) != NULL) {
> +const char *event_name = trace_event_get_name(ev);
>  if (!strncmp(str, event_name, len)) {
>  readline_add_completion(rs, event_name);
>  }
> @@ -3352,9 +3354,11 @@ void trace_event_completion(ReadLineState *rs, int 
> nb_args, const char *str)
>  len = strlen(str);
>  readline_set_completion_index(rs, len);
>  if (nb_args == 2) {
> -TraceEventID id;
> -for (id = 0; id < trace_event_count(); id++) {
> -const char *event_name = 
> trace_event_get_name(trace_event_id(id));
> +TraceEventIter iter;
> +TraceEvent *ev;
> +trace_event_iter_init(, NULL);
> +while ((ev = trace_event_iter_next()) != NULL) {
> +const char *event_name = trace_event_get_name(ev);
>  if (!strncmp(str, event_name, len)) {
>  readline_add_completion(rs, event_name);
>  }
> diff --git a/trace/control.c b/trace/control.c
> index b871727..8fa7ed6 100644
> --- a/trace/control.c
> +++ b/trace/control.c
> @@ -60,9 +60,10 @@ TraceEvent *trace_event_name(const char *name)
>  {
>  assert(name != NULL);
 
> -TraceEventID i;
> -for (i = 0; i < trace_event_count(); i++) {
> -TraceEvent *ev = trace_event_id(i);
> +TraceEventIter iter;
> +TraceEvent *ev;
> +trace_event_iter_init(, NULL);
> +while ((ev = trace_event_iter_next()) != NULL) {
>  if (strcmp(trace_event_get_name(ev), name) == 0) {
>  return ev;
>  }

You could pass "name" in the pattern argument, and then remove the
strcmp(). It'll be simpler code, but pattern_glob() is less efficient than
strcmp().

To solve that, maybe you could subsume exact name matching (trace_event_name())
and pattern matching into the iterator interface (strcmp() / pattern_glob()) by
either checking trace_event_is_pattern() when initializing the iterator (pattern
auto-detection), or explicitly passing either a name or pattern argument (if you
want an extra-paranoid API; via two char* or a char*+bool).

I haven't checked if that would weird other code out when using iterators for a
simple exact match.


> @@ -105,21 +106,20 @@ TraceEvent *trace_event_pattern(const char *pat, 
> TraceEvent *ev)
>  {
>  assert(pat != NULL);
 
> -TraceEventID i;
> -
> -if (ev == NULL) {
> -i = -1;
> -} else {
> -i = trace_event_get_id(ev);
> -}
> -i++;
> -
> -while (i < trace_event_count()) {
> -TraceEvent *res = trace_event_id(i);
> -if (pattern_glob(pat, trace_event_get_name(res))) {
> -return res;
> +bool matched = ev ? false : true;
> +TraceEventIter iter;
> +TraceEvent *thisev;
> +trace_event_iter_init(, NULL);
> +while ((thisev = trace_event_iter_next()) != NULL) {
> +if (matched) {
> +if (pattern_glob(pat, trace_event_get_name(thisev))) {
> +return thisev;
> +}
> +} else {
> +if (ev == thisev) {
> +matched = true;
> +}
>  }
> -i++;
>  }
 
>  return NULL;

Shouldn't this pass "pat" to trace_event_iter_init() and then not use
pattern_glob()?

I just realized this is dropped on next patch, so ignore me.

Cheers,
  Lluis

Re: [Qemu-devel] [PATCH 10/10] qemu-iotests/118: Test media change with qdev name

[Eric Blake]

On 08/19/2016 11:50 AM, Kevin Wolf wrote:
> We just added the option to use qdev device names in all device related
> block QMP commands. This patch converts some of the test cases in 118 to
> use qdev device names instead of BlockBackend names to cover the new
> way. It converts cases for each of the media change commands, but only
> for CD-ROM and not everywhere, so that the old way is still tested, too.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  tests/qemu-iotests/118| 85 
> ++-
>  tests/qemu-iotests/iotests.py |  5 +++
>  2 files changed, 73 insertions(+), 17 deletions(-)
> 

> @@ -76,9 +79,15 @@ class GeneralChangeTestsBaseClass(ChangeBaseClass):
>  self.assert_qmp(result, 'return[0]/inserted/image/filename', new_img)
>  
>  def test_blockdev_change_medium(self):
> -result = self.vm.qmp('blockdev-change-medium', device='drive0',
> -   filename=new_img,
> -   format=iotests.imgfmt)
> +if self.device_name is not None:
> +result = self.vm.qmp('blockdev-change-medium',
> + id=self.device_name, filename=new_img,
> + format=iotests.imgfmt)
> +else:
> +result = self.vm.qmp('blockdev-change-medium',
> + device='drive0', filename=new_img,
> + format=iotests.imgfmt)

I'm not enough of a python guru to know if there is any way to compress
this to a shorter format (I do know, however, that the lack of an
obvious ?: operator in python can indeed result in verbose if/else
clauses compared to other languages).

At any rate, the ultimate test is whether the change still passes; and
looks like you have good coverage of using exactly one or the other
argument.  Do you also want to add tests (either here, or in 11/10) that
validate that providing neither 'device' nor 'id' gives a sane error,
likewise that providing both has sane behavior?  (For now, our behavior
is that we fail, although it could also be argued that sane behavior
would validate that 'id' happens to be currently in use by 'device' and
only fail if they are not pointing to the same backend).

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 09/10] block: Accept device model name for block_set_io_throttle

[Eric Blake]

On 08/19/2016 11:50 AM, Kevin Wolf wrote:
> In order to remove the necessity to use BlockBackend names in the
> external API, we want to allow qdev device names in all device related
> commands.
> 
> This converts block_set_io_throttle to accept a qdev device name.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  blockdev.c   | 12 +++-
>  qapi/block-core.json |  6 --
>  qmp-commands.hx  |  6 --
>  3 files changed, 15 insertions(+), 9 deletions(-)
> 

> +++ b/qapi/block-core.json
> @@ -1378,6 +1378,8 @@
>  #
>  # @device: The name of the device
>  #
> +# @id: the name or QOM path of the guest device (since: 2.8)
> +#

Missing #optional markers, and whether device is deprecated and/or
mutually-exclusive with id.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region

[Brijesh Singh]

On 09/14/2016 04:52 PM, Paolo Bonzini wrote:



On 14/09/2016 23:47, Brijesh Singh wrote:



On 09/14/2016 04:00 PM, Paolo Bonzini wrote:



On 14/09/2016 22:59, Brijesh Singh wrote:

I will look into hooking up the callback into ROM read/write ops. I was
thinking about adding a new argument in
cpu_physical_memory_write_rom_internal()

void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
   const uint8_t *buf, int len,
   WriteCB *cb)
{
   
   ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

   if (cb)
 cb(ptr, buf, len)
   else
 memcpy(ptr, buf, len)


}

In case of SEV, we pass a CB function pointer which calls SEV API's to
encrypt memory. Does this make sense?


I think a global as you have it in this series is just fine---just don't
hook it into address_space_read and address_space_write.



Actually in SEV RAM callback I check the Attrs, if attr.sev_debug flag
set then use SEV debug command otherwise default to memcpy so that DMA
and everything else works. I guest the main reason why i choose to hook
this up in address_space_read/write was that I found that
address_space_write and address_space_read is used in debug path. e.g

cpu_memory_rw_debug
  address_space_rw
address_space_write/read


Right, but if you change this to a ROM hook only, cpu_memory_rw_debug
will go through cpu_physical_memory_write_rom instead.  This will invoke
the hook properly, won't it?  It will break -kernel unless fw_cfg DMA is
disabled, of course.



maybe I am missing something.

here is what I see:

int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
uint8_t *buf, int len, int is_write)
{
  

   if (is_write)
   cpu_physical_memory_write_rom_internal()
else
   address_space_rw()

   .

}

So looking at code, i have impression that write will go through the 
cpu_physical_memory_write_rom but the read will still go through 
address_space_rw which will eventually invoke address_space_read.


Also when user tries to read or write to a physical address through qemu 
monitor then it will invoke cpu_physical_memory_rw which will eventually 
use address_space_write and address_space_read to read/write the guest 
memory.

Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command

[Michael S. Tsirkin]

On Wed, Sep 14, 2016 at 02:35:41PM -0300, Eduardo Habkost wrote:
> On Wed, Sep 14, 2016 at 06:46:20PM +0300, Michael S. Tsirkin wrote:
> > On Wed, Sep 14, 2016 at 04:06:33PM +0100, Daniel P. Berrange wrote:
> > > On Wed, Sep 14, 2016 at 05:48:17PM +0300, Michael S. Tsirkin wrote:
> > > > On Wed, Sep 14, 2016 at 03:15:07PM +0100, Daniel P. Berrange wrote:
> > > > > On Wed, Sep 14, 2016 at 04:50:51PM +0300, Michael S. Tsirkin wrote:
> > > > > > On Wed, Sep 14, 2016 at 02:37:49PM +0100, Daniel P. Berrange wrote:
> > > > > > > On Wed, Sep 14, 2016 at 04:32:44PM +0300, Michael S. Tsirkin 
> > > > > > > wrote:
> > > > > > > > On Wed, Sep 14, 2016 at 02:23:14PM +0100, Daniel P. Berrange 
> > > > > > > > wrote:
> > > > > > > > > On Wed, Sep 14, 2016 at 03:07:58PM +0200, Paolo Bonzini wrote:
> > > > > > > > > > 
> > > > > > > > > > 
> > > > > > > > > > On 14/09/2016 15:05, Michael S. Tsirkin wrote:
> > > > > > > > > > > I assumed that with debug on, memory is still encrypted 
> > > > > > > > > > > but the
> > > > > > > > > > > hypervisor can break encryption, and as the cover letter 
> > > > > > > > > > > states, the
> > > > > > > > > > > hypervisor is assumed benign. If true I don't see a need 
> > > > > > > > > > > to
> > > > > > > > > > > give users more rope.
> > > > > > > > > > 
> > > > > > > > > > The hypervisor is assumed benign but vulnerable.
> > > > > > > > > > 
> > > > > > > > > > So, if somebody breaks the hypervisor, you would like to 
> > > > > > > > > > make it as hard
> > > > > > > > > > as possible for the attacker to do evil stuff to the 
> > > > > > > > > > guests.  If the
> > > > > > > > > > attacker can just ask the secure processor "decrypt some 
> > > > > > > > > > memory for me",
> > > > > > > > > > then the encryption is effectively broken.
> > > > > > > > > 
> > > > > > > > > So there's going to be a tradeoff here between use of SEV and 
> > > > > > > > > use of
> > > > > > > > > certain other features. eg, it seems that if you're using 
> > > > > > > > > SEV, then
> > > > > > > > > any concept of creating & analysing guest core dumps from the 
> > > > > > > > > host
> > > > > > > > > is out.
> > > > > > > > 
> > > > > > > > I don't see why - as long as we don't trigger dumps, there's no 
> > > > > > > > leak :)
> > > > > > > 
> > > > > > > If the facility to trigger dumps is available, then the memory
> > > > > > > encryption feature of SEV is as useful as a chocolate teapot,
> > > > > > > as the would be attacker can simply trigger a dump
> > > > > > 
> > > > > > If attacker can trigger things, IOW execute code in hypervisor,
> > > > > > then encrypting memory is not useful anyway.
> > > > > 
> > > > > The presentation at KVM forum claimed it *would* protect against
> > > > > this, and that things like core dump of unencrypted memory would
> > > > > not be permitted, so there's a disconnect between that preso and
> > > > > what you're saying.
> > > > > 
> > > > > Regards,
> > > > > Daniel
> > > > 
> > > > You mean presentation claimed protection against leaks to a malicious
> > > > active attacker within a hypervisor?  I guess the presentation covers
> > > > more than this patchset does then.  And the disconnect would be with
> > > > what the patchset cover letter says, not just with what I say.  Clearly
> > > > encrypting memory is not enough to protect against a malicious
> > > > hypervisor. E.g. just running info cpus is enough to leak information
> > > > from guest.
> > > 
> > > It was explicit about the fact that the host admin would not have any
> > > way to get access to the full contents of guest memory, without the
> > > guest admin granting it. Only those non-encrypted pages used for I/O
> > > transfer between host & guest would be accessible.
> > > 
> > > Regards,
> > > Daniel
> > 
> > If you like, that's the vision. I'd rather discuss the patchset in
> > question though. It encrypts all memory but this does not protect against
> > all attackers, only passive ones. If you disable debugging,
> > it seems to additionally reduce the amount of information that can be
> > leaked to an active attacker in the hypervisor at one go.
> > 
> > Paolo seems to think it's useful, but it's a far cry from a deal
> > breaker, and your email just makes me worry that it has been oversold to
> > the point where everyone will start disabling debugging everywhere in
> > production and claim that otherwise it's a security problem.  IMO a much
> > better in-tree documentation is needed so people know what they are
> > getting in return.
> > 
> > Attestation seems mostly unrelated. The whitepaper says
> > With this attestation, a guest owner can ensure that the hypervisor did
> > not interfere with the initialization of SEV before transmitting
> > confidential information to the guest.
> > which seems to imply an active attacker that is able to interfere
> > with the hypervisor during guest initialization but not afterwards.
> 
> I believe this assumes a compromised hypervisor both before 

Re: [Qemu-devel] [PATCH 08/10] block: Accept device model name for blockdev-change-medium

[Eric Blake]

On 08/19/2016 11:50 AM, Kevin Wolf wrote:
> In order to remove the necessity to use BlockBackend names in the
> external API, we want to allow qdev device names in all device related
> commands.
> 
> This converts blockdev-change-medium to accept a qdev device name.
> 
> Signed-off-by: Kevin Wolf 
> ---

> @@ -2608,7 +2612,7 @@ void qmp_blockdev_change_medium(const char *device, 
> const char *filename,
>  error_free(err);
>  err = NULL;
>  
> -qmp_x_blockdev_remove_medium(true, device, false, NULL, errp);
> +qmp_x_blockdev_remove_medium(has_device, device, has_id, id, errp);

More possible churn based on the decisions on 5-6/10.

> +++ b/qapi/block-core.json
> @@ -2425,6 +2425,8 @@
>  #
>  # @device:  block device name
>  #
> +# @id:  the name or QOM path of the guest device (since: 2.8)
> +#

Missing #optional markers, and deprecation notice.

> +++ b/qmp.c
> @@ -446,8 +446,8 @@ void qmp_change(const char *device, const char *target,
>  if (strcmp(device, "vnc") == 0) {
>  qmp_change_vnc(target, has_arg, arg, errp);
>  } else {
> -qmp_blockdev_change_medium(device, target, has_arg, arg, false, 0,
> -   errp);
> +qmp_blockdev_change_medium(true, device, false, NULL, target,
> +   has_arg, arg, false, 0, errp);

Side note - it would be nice to get defaults into QAPI already, so we
can reduce the number of these has_FOO parameters.  But not your series'
problem.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 0/5] ps2: fix keyboard set 3 and misc improvements

[Hervé Poussineau]

Hi,

This patchset is a welcome cleanup of scancodes used in PS/2 keyboard emulation.

- Patches 1 and 2 are fixes to let Linux use set 3 if instructed so.
- Patch 3 makes scancodes untranslated by default and translates them if 
required,
  instead of receiving translated scancodes by default and untranslating them if
  required.
- Patch 4 switches to use qcodes instead of scancodes.
- Patch 5 is a small cleanup, to prevent sending invalid keycodes to the OS.

See each patch commit for details about what changed.

Missing part are handling of following commands in set 3:
- 0xf7: set all keys to typematic/autorepeat only
- 0xf8: set all keys to make/release
- 0xf9: set all keys to make only
- 0xfa: set all keys to typematic/autorepeat make/release
- 0xfb: set specific key to typematic/autorepeat only
- 0xfc: set specific key to make/release
- 0xfd: set specific key to make only

Translated set 2 and untranslated sets 2 and 3 have been tested with Linux,
using kernel parameters "i8042.direct=1" and "atkbd.set=3".
Set 1 has been tested with MIPS Magnum emulation.

Patch 3 doesn't pass checkpatch.pl, due to translation table using more than 80 
columns.
Patch 4 doesn't pass checkpatch.pl, due to some key mappings not implemented 
because of
missing an equivalent qcode.

Hervé

Hervé Poussineau (5):
  ps2: reject unknown commands, instead of blindly accepting them
  ps2: correctly handle 'get/set scancode' command
  ps2: allow keycode translation for all scancode sets
  ps2: use QEMU qcodes instead of scancodes
  ps2: do not generate invalid key codes for unknown keys

 hw/input/ps2.c | 595 +++--
 1 file changed, 541 insertions(+), 54 deletions(-)

-- 
2.1.4

[Qemu-devel] [PATCH 4/5] ps2: use QEMU qcodes instead of scancodes

[Hervé Poussineau]

This fixes problems with translated set 1, where most make code were wrong.
This fixes problems with set 3 for extended keys (like arrows) and lot of other 
keys.
Added a FIXME for set 3, where most keys must not (by default) deliver a break 
code.

Detailed list of changes on untranslated set 2:
- change of ALTGR break code from 0xe4 to 0xf0 0x08
- change of ALTGR_R break code from 0xe0 0xe4 to 0xe0 0xf0 0x08
- change of F7 make code from 0x02 to 0x83
- change of F7 break code from 0xf0 0x02 to 0xf0 0x83
- change of PRINT make code from 0xe0 0x7c to 0xe0 0x12 0xe0 0x7c
- change of PRINT break code from 0xe0 0xf0 0x7c to 0xe0 0xf0 0x7c 0xe0 0xf0 
0x12
- change of PAUSE key: new make code = old make code + old break code, no more 
break code
- change on RO break code from 0xf3 to 0xf0 0x51
- change on KP_COMMA break code from 0xfe to 0xf0 0x6d

Detailed list of changes on translated set 2 (the most commonly used):
- change of PRINT make code from 0xe0 0x37 to 0xe0 0x2a 0xe0 0x37
- change of PRINT break code from 0xe0 0xb7 to 0xe0 0xb7 0xe0 0xaa
- change of PAUSE key: new make code = old make code + old break code, no more 
break code

Reference:
http://www.computer-engineering.org/ps2keyboard/scancodes1.html
http://www.computer-engineering.org/ps2keyboard/scancodes2.html
http://www.computer-engineering.org/ps2keyboard/scancodes3.html
Signed-off-by: Hervé Poussineau 
---
 hw/input/ps2.c | 533 +++--
 1 file changed, 485 insertions(+), 48 deletions(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index c432fc5..3d7205d 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -114,26 +114,395 @@ typedef struct {
 uint8_t mouse_buttons;
 } PS2MouseState;
 
-/* Table to convert from PC scancodes to raw scancodes.  */
-static const unsigned char ps2_raw_keycode[128] = {
-  0, 118,  22,  30,  38,  37,  46,  54,  61,  62,  70,  69,  78,  85, 102,  13,
- 21,  29,  36,  45,  44,  53,  60,  67,  68,  77,  84,  91,  90,  20,  28,  27,
- 35,  43,  52,  51,  59,  66,  75,  76,  82,  14,  18,  93,  26,  34,  33,  42,
- 50,  49,  58,  65,  73,  74,  89, 124,  17,  41,  88,   5,   6,   4,  12,   3,
- 11,   2,  10,   1,   9, 119, 126, 108, 117, 125, 123, 107, 115, 116, 121, 105,
-114, 122, 112, 113, 127,  96,  97, 120,   7,  15,  23,  31,  39,  47,  55,  63,
- 71,  79,  86,  94,   8,  16,  24,  32,  40,  48,  56,  64,  72,  80,  87, 111,
- 19,  25,  57,  81,  83,  92,  95,  98,  99, 100, 101, 103, 104, 106, 109, 110
+/* Table to convert from QEMU codes to scancodes.  */
+static const uint16_t qcode_to_keycode_set1[Q_KEY_CODE__MAX] = {
+[0 ... Q_KEY_CODE__MAX - 1] = 0,
+
+[Q_KEY_CODE_A] = 0x1e,
+[Q_KEY_CODE_B] = 0x30,
+[Q_KEY_CODE_C] = 0x2e,
+[Q_KEY_CODE_D] = 0x20,
+[Q_KEY_CODE_E] = 0x12,
+[Q_KEY_CODE_F] = 0x21,
+[Q_KEY_CODE_G] = 0x22,
+[Q_KEY_CODE_H] = 0x23,
+[Q_KEY_CODE_I] = 0x17,
+[Q_KEY_CODE_J] = 0x24,
+[Q_KEY_CODE_K] = 0x25,
+[Q_KEY_CODE_L] = 0x26,
+[Q_KEY_CODE_M] = 0x32,
+[Q_KEY_CODE_N] = 0x31,
+[Q_KEY_CODE_O] = 0x18,
+[Q_KEY_CODE_P] = 0x19,
+[Q_KEY_CODE_Q] = 0x10,
+[Q_KEY_CODE_R] = 0x13,
+[Q_KEY_CODE_S] = 0x1f,
+[Q_KEY_CODE_T] = 0x14,
+[Q_KEY_CODE_U] = 0x16,
+[Q_KEY_CODE_V] = 0x2f,
+[Q_KEY_CODE_W] = 0x11,
+[Q_KEY_CODE_X] = 0x2d,
+[Q_KEY_CODE_Y] = 0x15,
+[Q_KEY_CODE_Z] = 0x2c,
+[Q_KEY_CODE_0] = 0x0b,
+[Q_KEY_CODE_1] = 0x02,
+[Q_KEY_CODE_2] = 0x03,
+[Q_KEY_CODE_3] = 0x04,
+[Q_KEY_CODE_4] = 0x05,
+[Q_KEY_CODE_5] = 0x06,
+[Q_KEY_CODE_6] = 0x07,
+[Q_KEY_CODE_7] = 0x08,
+[Q_KEY_CODE_8] = 0x09,
+[Q_KEY_CODE_9] = 0x0a,
+[Q_KEY_CODE_GRAVE_ACCENT] = 0x29,
+[Q_KEY_CODE_MINUS] = 0x0c,
+[Q_KEY_CODE_EQUAL] = 0x0d,
+[Q_KEY_CODE_BACKSLASH] = 0x2b,
+[Q_KEY_CODE_BACKSPACE] = 0x0e,
+[Q_KEY_CODE_SPC] = 0x39,
+[Q_KEY_CODE_TAB] = 0x0f,
+[Q_KEY_CODE_CAPS_LOCK] = 0x3a,
+[Q_KEY_CODE_SHIFT] = 0x2a,
+[Q_KEY_CODE_CTRL] = 0x1d,
+[Q_KEY_CODE_META_L] = 0xe05b,
+[Q_KEY_CODE_ALT] = 0x38,
+[Q_KEY_CODE_SHIFT_R] = 0x36,
+[Q_KEY_CODE_CTRL_R] = 0xe01d,
+[Q_KEY_CODE_META_R] = 0xe05c,
+[Q_KEY_CODE_ALT_R] = 0xe038,
+[Q_KEY_CODE_MENU] = 0xe05d,
+[Q_KEY_CODE_RET] = 0x1c,
+[Q_KEY_CODE_ESC] = 0x01,
+[Q_KEY_CODE_F1] = 0x3b,
+[Q_KEY_CODE_F2] = 0x3c,
+[Q_KEY_CODE_F3] = 0x3d,
+[Q_KEY_CODE_F4] = 0x3e,
+[Q_KEY_CODE_F5] = 0x3f,
+[Q_KEY_CODE_F6] = 0x40,
+[Q_KEY_CODE_F7] = 0x41,
+[Q_KEY_CODE_F8] = 0x42,
+[Q_KEY_CODE_F9] = 0x43,
+[Q_KEY_CODE_F10] = 0x44,
+[Q_KEY_CODE_F11] = 0x57,
+[Q_KEY_CODE_F12] = 0x58,
+/* special handling for Q_KEY_CODE_PRINT */
+[Q_KEY_CODE_SCROLL_LOCK] = 0x46,
+/* special handling for Q_KEY_CODE_PAUSE */
+[Q_KEY_CODE_BRACKET_LEFT] = 0x1a,
+[Q_KEY_CODE_INSERT] = 0xe052,
+[Q_KEY_CODE_HOME] = 0xe047,
+[Q_KEY_CODE_PGUP] = 0xe049,
+[Q_KEY_CODE_DELETE] = 0xe053,
+[Q_KEY_CODE_END] = 

[Qemu-devel] [PATCH 2/5] ps2: correctly handle 'get/set scancode' command

[Hervé Poussineau]

When getting scancode, current scancode must be preceded from reply ack.
When setting scancode, we must reject invalid scancodes.

Signed-off-by: Hervé Poussineau 
---
 hw/input/ps2.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 00a1792..2105e51 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -296,16 +296,18 @@ void ps2_write_keyboard(void *opaque, int val)
 break;
 case KBD_CMD_SCANCODE:
 if (val == 0) {
+ps2_queue(>common, KBD_REPLY_ACK);
 if (s->scancode_set == 1)
 ps2_put_keycode(s, 0x43);
 else if (s->scancode_set == 2)
 ps2_put_keycode(s, 0x41);
 else if (s->scancode_set == 3)
 ps2_put_keycode(s, 0x3f);
-} else {
-if (val >= 1 && val <= 3)
-s->scancode_set = val;
+} else if (val >= 1 && val <= 3) {
+s->scancode_set = val;
 ps2_queue(>common, KBD_REPLY_ACK);
+} else {
+ps2_queue(>common, KBD_REPLY_RESEND);
 }
 s->common.write_cmd = -1;
 break;
-- 
2.1.4

[Qemu-devel] [PATCH 5/5] ps2: do not generate invalid key codes for unknown keys

[Hervé Poussineau]

Instead, print a warning message.

Signed-off-by: Hervé Poussineau 
---
 hw/input/ps2.c | 19 ++-
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 3d7205d..5acd3ed 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -605,7 +605,8 @@ static void ps2_keyboard_event(DeviceState *dev, 
QemuConsole *src,
 }
 ps2_put_keycode(s, keycode & 0xff);
 } else {
-ps2_queue(>common, key->down ? 0x00 : 0x80);
+qemu_log_mask(LOG_UNIMP,
+  "ps2: ignoring key with qcode %d\n", qcode);
 }
 }
 } else if (s->scancode_set == 2) {
@@ -644,13 +645,9 @@ static void ps2_keyboard_event(DeviceState *dev, 
QemuConsole *src,
 ps2_put_keycode(s, 0xf0);
 }
 ps2_put_keycode(s, keycode & 0xff);
-} else if (key->down) {
-ps2_queue(>common, 0x00);
-} else if (s->translate) {
-ps2_queue(>common, 0x80);
 } else {
-ps2_queue(>common, 0xf0);
-ps2_queue(>common, 0x00);
+qemu_log_mask(LOG_UNIMP,
+  "ps2: ignoring key with qcode %d\n", qcode);
 }
 }
 } else if (s->scancode_set == 3) {
@@ -661,13 +658,9 @@ static void ps2_keyboard_event(DeviceState *dev, 
QemuConsole *src,
 ps2_put_keycode(s, 0xf0);
 }
 ps2_put_keycode(s, keycode);
-} else if (key->down) {
-ps2_queue(>common, 0x00);
-} else if (s->translate) {
-ps2_queue(>common, 0x80);
 } else {
-ps2_queue(>common, 0xf0);
-ps2_queue(>common, 0x00);
+qemu_log_mask(LOG_UNIMP,
+  "ps2: ignoring key with qcode %d\n", qcode);
 }
 }
 }
-- 
2.1.4

[Qemu-devel] [PATCH 3/5] ps2: allow keycode translation for all scancode sets

[Hervé Poussineau]

Change ps2_put_keycode to get an untranslated scancode, which is translated if 
needed.

As qemu_input_key_value_to_scancode() gives translated scancodes, untranslate 
them
in ps2_keyboard_event first before giving them to ps2_put_keycode.

Results are not changed, except for some keys in translated set 3.

Translation table is available at
https://www.win.tue.nl/~aeb/linux/kbd/scancodes-10.html

Signed-off-by: Hervé Poussineau 
---
 hw/input/ps2.c | 107 +++--
 1 file changed, 81 insertions(+), 26 deletions(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 2105e51..c432fc5 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -94,12 +94,10 @@ typedef struct {
 typedef struct {
 PS2State common;
 int scan_enabled;
-/* QEMU uses translated PC scancodes internally.  To avoid multiple
-   conversions we do the translation (if any) in the PS/2 emulation
-   not the keyboard controller.  */
 int translate;
 int scancode_set; /* 1=XT, 2=AT, 3=PS/2 */
 int ledstate;
+bool need_high_bit;
 } PS2KbdState;
 
 typedef struct {
@@ -138,6 +136,25 @@ static const unsigned char ps2_raw_keycode_set3[128] = {
  19,  25,  57,  81,  83,  92,  95,  98,  99, 100, 101, 103, 104, 106, 109, 110
 };
 
+static uint8_t translate_table[256] = {
+0xff, 0x43, 0x41, 0x3f, 0x3d, 0x3b, 0x3c, 0x58, 0x64, 0x44, 0x42, 0x40, 
0x3e, 0x0f, 0x29, 0x59,
+0x65, 0x38, 0x2a, 0x70, 0x1d, 0x10, 0x02, 0x5a, 0x66, 0x71, 0x2c, 0x1f, 
0x1e, 0x11, 0x03, 0x5b,
+0x67, 0x2e, 0x2d, 0x20, 0x12, 0x05, 0x04, 0x5c, 0x68, 0x39, 0x2f, 0x21, 
0x14, 0x13, 0x06, 0x5d,
+0x69, 0x31, 0x30, 0x23, 0x22, 0x15, 0x07, 0x5e, 0x6a, 0x72, 0x32, 0x24, 
0x16, 0x08, 0x09, 0x5f,
+0x6b, 0x33, 0x25, 0x17, 0x18, 0x0b, 0x0a, 0x60, 0x6c, 0x34, 0x35, 0x26, 
0x27, 0x19, 0x0c, 0x61,
+0x6d, 0x73, 0x28, 0x74, 0x1a, 0x0d, 0x62, 0x6e, 0x3a, 0x36, 0x1c, 0x1b, 
0x75, 0x2b, 0x63, 0x76,
+0x55, 0x56, 0x77, 0x78, 0x79, 0x7a, 0x0e, 0x7b, 0x7c, 0x4f, 0x7d, 0x4b, 
0x47, 0x7e, 0x7f, 0x6f,
+0x52, 0x53, 0x50, 0x4c, 0x4d, 0x48, 0x01, 0x45, 0x57, 0x4e, 0x51, 0x4a, 
0x37, 0x49, 0x46, 0x54,
+0x80, 0x81, 0x82, 0x41, 0x54, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 
0x8c, 0x8d, 0x8e, 0x8f,
+0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 
0x9c, 0x9d, 0x9e, 0x9f,
+0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 
0xac, 0xad, 0xae, 0xaf,
+0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 
0xbc, 0xbd, 0xbe, 0xbf,
+0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 
0xcc, 0xcd, 0xce, 0xcf,
+0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 
0xdc, 0xdd, 0xde, 0xdf,
+0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 
0xec, 0xed, 0xee, 0xef,
+0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 
0xfc, 0xfd, 0xfe, 0xff,
+};
+
 void ps2_queue(void *opaque, int b)
 {
 PS2State *s = (PS2State *)opaque;
@@ -152,29 +169,26 @@ void ps2_queue(void *opaque, int b)
 s->update_irq(s->update_arg, 1);
 }
 
-/*
-   keycode is expressed as follow:
-   bit 7- 0 key pressed, 1 = key released
-   bits 6-0 - translated scancode set 2
- */
+/* keycode is the untranslated scancode in the current scancode set. */
 static void ps2_put_keycode(void *opaque, int keycode)
 {
 PS2KbdState *s = opaque;
 
 trace_ps2_put_keycode(opaque, keycode);
 qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER);
-/* XXX: add support for scancode set 1 */
-if (!s->translate && keycode < 0xe0 && s->scancode_set > 1) {
-if (keycode & 0x80) {
-ps2_queue(>common, 0xf0);
-}
-if (s->scancode_set == 2) {
-keycode = ps2_raw_keycode[keycode & 0x7f];
-} else if (s->scancode_set == 3) {
-keycode = ps2_raw_keycode_set3[keycode & 0x7f];
+
+if (s->translate) {
+if (keycode == 0xf0) {
+s->need_high_bit = true;
+} else if (s->need_high_bit) {
+ps2_queue(>common, translate_table[keycode] | 0x80);
+s->need_high_bit = false;
+} else {
+ps2_queue(>common, translate_table[keycode]);
 }
-  }
-ps2_queue(>common, keycode);
+} else {
+ps2_queue(>common, keycode);
+}
 }
 
 static void ps2_keyboard_event(DeviceState *dev, QemuConsole *src,
@@ -183,13 +197,41 @@ static void ps2_keyboard_event(DeviceState *dev, 
QemuConsole *src,
 PS2KbdState *s = (PS2KbdState *)dev;
 int scancodes[3], i, count;
 InputKeyEvent *key = evt->u.key.data;
+int keycode;
 
 qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER);
 count = qemu_input_key_value_to_scancode(key->key,
  key->down,
  scancodes);
+
+/* handle invalid key */
+if (count == 1 && scancodes[0] == 

[Qemu-devel] [PATCH 1/5] ps2: reject unknown commands, instead of blindly accepting them

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/input/ps2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index a8aa36f..00a1792 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -290,7 +290,7 @@ void ps2_write_keyboard(void *opaque, int val)
 ps2_queue(>common, KBD_REPLY_POR);
 break;
 default:
-ps2_queue(>common, KBD_REPLY_ACK);
+ps2_queue(>common, KBD_REPLY_RESEND);
 break;
 }
 break;
-- 
2.1.4

Re: [Qemu-devel] [PATCH v2 1/6] trace: add trace event iterator APIs

[Lluís Vilanova]

Daniel P Berrange writes:

> Currently methods which want to iterate over trace events,
> do so using the trace_event_count() and trace_event_id()
> methods. This leaks the concept of a single ID enum to
> the callers. There is an alternative trace_event_pattern()
> method which can be used in an iteration context, but its
> design is stateless, so is not easy to expand it in the
> future.

> This defines a formal iterator API will provide an future
> proof way of iterating over events.

> The iterator is also able to apply a pattern match filter
> to events, further removing the need for the pattern

> Signed-off-by: Daniel P. Berrange 
> ---
>  trace/control.c | 20 
>  trace/control.h | 27 +++
>  2 files changed, 47 insertions(+)

> diff --git a/trace/control.c b/trace/control.c
> index 05d85ac..b871727 100644
> --- a/trace/control.c
> +++ b/trace/control.c
> @@ -125,6 +125,26 @@ TraceEvent *trace_event_pattern(const char *pat, 
> TraceEvent *ev)
>  return NULL;
>  }
 
> +void trace_event_iter_init(TraceEventIter *iter, const char *pattern)
> +{
> +iter->event = 0;
> +iter->pattern = pattern;
> +}
> +
> +TraceEvent *trace_event_iter_next(TraceEventIter *iter)
> +{
> +while (iter->event < TRACE_EVENT_COUNT) {
> +if (!iter->pattern ||
> +pattern_glob(iter->pattern,
> + 
> trace_event_get_name(&(trace_events[iter->event] {
> +return &(trace_events[iter->event]);

That's a picky one (feel free to ignore), but can you refactor
"&(trace_events[iter->event])" out into a variable? The long pattern_glob() call
is a bit hard to parse.


> +}
> +iter->event++;
> +}
> +
> +return NULL;
> +}
> +
>  void trace_list_events(void)
>  {
>  int i;
> diff --git a/trace/control.h b/trace/control.h
> index 27a16fc..c71b405 100644
> --- a/trace/control.h
> +++ b/trace/control.h
> @@ -13,6 +13,10 @@
>  #include "qemu-common.h"
>  #include "trace/generated-events.h"
 
> +typedef struct TraceEventIter {
> +size_t event;

Shouldn't this be TraceEventID for consistence with "trace/control.h"? But if
you're going to drop TraceEventID in a later series feel free to ignore me.

Other than those two, the rest looks good to me.


Cheers,
  Lluis

Re: [Qemu-devel] [Qemu-block] [PATCH 00/10] block: Accept qdev IDs in device level QMP commands

[John Snow]

On 09/14/2016 09:03 AM, Kevin Wolf wrote:

Am 05.09.2016 um 17:55 hat Kevin Wolf geschrieben:

Am 19.08.2016 um 18:50 hat Kevin Wolf geschrieben:

In order to remove the necessity to use BlockBackend names in the external API,
we already converted all block layer QMP commands on the node level to accept
node names instead of BlockBackend names. This series converts the second part,
device level commands, to allow qdev device names instead of BlockBackend
names.


ping?


ping v2

(Maybe I should just set a timeout and simply merge the patches if
nobody has commented by then?)



Give me about a week.

--js

Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region

[Paolo Bonzini]

On 14/09/2016 23:47, Brijesh Singh wrote:
> 
> 
> On 09/14/2016 04:00 PM, Paolo Bonzini wrote:
>>
>>
>> On 14/09/2016 22:59, Brijesh Singh wrote:
>>> I will look into hooking up the callback into ROM read/write ops. I was
>>> thinking about adding a new argument in
>>> cpu_physical_memory_write_rom_internal()
>>>
>>> void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
>>>const uint8_t *buf, int len,
>>>WriteCB *cb)
>>> {
>>>
>>>ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
>>>
>>>if (cb)
>>>  cb(ptr, buf, len)
>>>else
>>>  memcpy(ptr, buf, len)
>>> 
>>>
>>> }
>>>
>>> In case of SEV, we pass a CB function pointer which calls SEV API's to
>>> encrypt memory. Does this make sense?
>>
>> I think a global as you have it in this series is just fine---just don't
>> hook it into address_space_read and address_space_write.
>>
> 
> Actually in SEV RAM callback I check the Attrs, if attr.sev_debug flag
> set then use SEV debug command otherwise default to memcpy so that DMA
> and everything else works. I guest the main reason why i choose to hook
> this up in address_space_read/write was that I found that
> address_space_write and address_space_read is used in debug path. e.g
> 
> cpu_memory_rw_debug
>   address_space_rw
> address_space_write/read

Right, but if you change this to a ROM hook only, cpu_memory_rw_debug
will go through cpu_physical_memory_write_rom instead.  This will invoke
the hook properly, won't it?  It will break -kernel unless fw_cfg DMA is
disabled, of course.

Paolo

Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region

[Brijesh Singh]

On 09/14/2016 04:00 PM, Paolo Bonzini wrote:



On 14/09/2016 22:59, Brijesh Singh wrote:

I will look into hooking up the callback into ROM read/write ops. I was
thinking about adding a new argument in
cpu_physical_memory_write_rom_internal()

void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
   const uint8_t *buf, int len,
   WriteCB *cb)
{
   
   ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

   if (cb)
 cb(ptr, buf, len)
   else
 memcpy(ptr, buf, len)


}

In case of SEV, we pass a CB function pointer which calls SEV API's to
encrypt memory. Does this make sense?


I think a global as you have it in this series is just fine---just don't
hook it into address_space_read and address_space_write.



Actually in SEV RAM callback I check the Attrs, if attr.sev_debug flag 
set then use SEV debug command otherwise default to memcpy so that DMA 
and everything else works. I guest the main reason why i choose to hook 
this up in address_space_read/write was that I found that 
address_space_write and address_space_read is used in debug path. e.g


cpu_memory_rw_debug
  address_space_rw
address_space_write/read

cpu_physical_memory_rw
 address_space_rw
   address_space_write/read

How do you want me to handle these cases? Having SEV RAM callback taking 
care this internally was my simplest solution,  I am certainly open to 
new ideas.

Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command

[Michael S. Tsirkin]

On Wed, Sep 14, 2016 at 10:44:58PM +0200, Paolo Bonzini wrote:
> 
> 
> On 14/09/2016 22:36, Michael S. Tsirkin wrote:
> > Specifically with debug, if you have debug then clearly you
> > can dump guest memory. This is what this feature is about.
> > If we want a hypervisor that can not dump guest memory, let's
> > add a flag like that. Does everyone have to disable debugging
> > by default? I don't see why. Does everyone using encryption
> > have to do this? I don't see why either.
> 
> If you can explain what's the point in doing encryption that can be
> defeated with a single ioctl, perhaps I'll agree with you.

Discussed offline, I hope I clarified things.  Hypervisor (host kernel)
can decrypt but it is already possible for it to cause guest info leaks.
But no one else on the host can.

> It's okay
> that we leave out features.  But every feature left out is an
> anti-feature baked in.  Force-enable debug?  You've provided a loophole
> for everyone.

It's already baked in by default. Let's switch it to off by default for
everyone if we are worried about using monitor to leak guest secrets?
Btw with a TCP socket monitor, this seems like a legitimate worry.

We can do it when the new security policy object is created.

> Force-disable debug?  Well, of course you've blocked
> debug for everyone.
> 
> I agree that they are distinct features on the command line, but I think
> you're underestimating the importance of choosing a sane default, that's it.

We can safely leave that for management, but I won't object
to switching the default too, let's just do it for everyone,
consistently.

> >>  -object sev-policy-unencrypted,debug=false,id=mypolicy \
> >>  -machine ...,sev-policy=mypolicy
> > 
> > I wouldn't say sev on the command line. SEV seems to be
> > a group of AMD technologies implemening memory encryption,
> > measurement etc.
> > 
> > Let's have flags for individual components:
> > 
> > -machine ...,debug=false,memory-encryption=on,...
> 
> I think it makes sense to have a separate -object for the policy.  Let's
> just make it security-policy instead of sev-policy.  Brijesh, is that okay?
> 
> Paolo

OK. And some parts like blocking debug are easy enough to implement for 
everyone.

-- 
MST

Re: [Qemu-devel] [PATCH v2] scripts: Add a script to check for bug URLs in the git log

[Eric Blake]

On 09/14/2016 04:02 PM, Thomas Huth wrote:
> Well, /bin/bash is also not really portable ... I've seen systems in the
> past where bash was installed in another directory or not at all...

True, but we already liberally use /bin/bash scripts elsewhere in
qemu.git, so at least you wouldn't be the first, and if someone wants to
build qemu on a platform where /bin/bash doesn't exist, they'd do a
search-and-replace change to all affected scripts.

> 
> Anyway, FYI, I've found two more nice ways to check for POSIX compliance:
> 
> - There is a program called checkbashisms which reports bash related
>   style
> 
> - "posh" is a very minimalistic POSIX compliant shell which hardly
>   supports any of the bash extras

Yep, both of those are nice.

> 
> And indeed, both pointed me to another bashism in my script: The
> "function" keyword is not portable and should be avoided... oh well.

In fact, even bash users discourage the use of the 'function' keyword.
It exists because ksh has it, but ksh gives it different semantics than
bash (what's worse, 'local' variables in bash functions always have
dynamic scope; while in ksh, 'local' variables in POSIX-style functions
have static scope and the only way to get dynamic scope is to use the
'function' keyword, except that the ksh maintainer says that he hates
dynamic scope and wishes he hadn't done it).

> Not
> sure whether I really should do a v3 of my patch, convert it to python
> or just give up the idea of releasing such a script to the public...

I think keeping it as a shell script is probably okay (certainly easier
than trying to convert it to python, at this point in the review
process).  And it does seem like a useful script.

Sometimes, it's hard to see the forest (improving the ecosystem by
accepting useful scripts into the project, even if only a handful of
people ever run the script) for the trees (nitpicking on portability
details that won't impact anyone who never runs the script).

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 2/4] exec: [tcg] Use multiple physical TB caches

[Lluís Vilanova]

The physical TB cache is split into 2^E caches, where E is the number of
events with the "vcpu" and without the "disable" properties.

The virtual TB cache on each vCPU uses a (potentially) different
physical TB cache.

This is later exploited to support different tracing event states on a
per-vCPU basis.

Signed-off-by: Lluís Vilanova 
---
 cpu-exec.c|5 
 include/exec/exec-all.h   |6 +
 include/exec/tb-context.h |2 +-
 include/qom/cpu.h |4 +++-
 qom/cpu.c |1 +
 translate-all.c   |   51 +
 translate-all.h   |   17 +++
 translate-all.inc.h   |   13 +++
 8 files changed, 87 insertions(+), 12 deletions(-)
 create mode 100644 translate-all.inc.h

diff --git a/cpu-exec.c b/cpu-exec.c
index 5d9710a..7b2d8c6 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -33,6 +33,7 @@
 #include "hw/i386/apic.h"
 #endif
 #include "sysemu/replay.h"
+#include "translate-all.h"
 
 /* -icount align implementation. */
 
@@ -267,6 +268,7 @@ static TranslationBlock *tb_find_physical(CPUState *cpu,
 tb_page_addr_t phys_pc;
 struct tb_desc desc;
 uint32_t h;
+struct qht *qht;
 
 desc.env = (CPUArchState *)cpu->env_ptr;
 desc.cs_base = cs_base;
@@ -275,7 +277,8 @@ static TranslationBlock *tb_find_physical(CPUState *cpu,
 phys_pc = get_page_addr_code(desc.env, pc);
 desc.phys_page1 = phys_pc & TARGET_PAGE_MASK;
 h = tb_hash_func(phys_pc, pc, flags);
-return qht_lookup(_ctx.tb_ctx.htable, tb_cmp, , h);
+qht = tb_caches_get(_ctx.tb_ctx, cpu->tb_cache_idx);
+return qht_lookup(qht, tb_cmp, , h);
 }
 
 static TranslationBlock *tb_find_slow(CPUState *cpu,
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index e2124dc..4ae04f6 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -211,6 +211,10 @@ static inline void tlb_flush_by_mmuidx(CPUState *cpu, ...)
 #define USE_DIRECT_JUMP
 #endif
 
+/**
+ * TranslationBlock:
+ * @tb_cache_idx: Index of physical TB cache where this TB has been allocated.
+ */
 struct TranslationBlock {
 target_ulong pc;   /* simulated PC corresponding to this block (EIP + CS 
base) */
 target_ulong cs_base; /* CS base for this block */
@@ -262,6 +266,8 @@ struct TranslationBlock {
  */
 uintptr_t jmp_list_next[2];
 uintptr_t jmp_list_first;
+
+DECLARE_BITMAP(tb_cache_idx, TRACE_VCPU_EVENT_COUNT);
 };
 
 void tb_free(TranslationBlock *tb);
diff --git a/include/exec/tb-context.h b/include/exec/tb-context.h
index dce95d9..7728904 100644
--- a/include/exec/tb-context.h
+++ b/include/exec/tb-context.h
@@ -32,7 +32,7 @@ typedef struct TBContext TBContext;
 struct TBContext {
 
 TranslationBlock *tbs;
-struct qht htable;
+struct qht *htables;
 int nb_tbs;
 /* any access to the tbs or the page table must use this lock */
 QemuMutex tb_lock;
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index ce0c406..d870810 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -282,6 +282,7 @@ struct qemu_work_item {
  * @kvm_fd: vCPU file descriptor for KVM.
  * @work_mutex: Lock to prevent multiple access to queued_work_*.
  * @queued_work_first: First asynchronous work pending.
+ * @tb_cache_idx: Index of current TB cache.
  * @trace_dstate: Dynamic tracing state of events for this vCPU (bitmask).
  *
  * State of one CPU core or thread.
@@ -350,7 +351,8 @@ struct CPUState {
 struct KVMState *kvm_state;
 struct kvm_run *kvm_run;
 
-/* Used for events with 'vcpu' and *without* the 'disabled' properties */
+/* Used for events with 'vcpu' and *without* the 'disable' properties */
+DECLARE_BITMAP(tb_cache_idx, TRACE_VCPU_EVENT_COUNT);
 DECLARE_BITMAP(trace_dstate, TRACE_VCPU_EVENT_COUNT);
 
 /* TODO Move common fields from CPUArchState here. */
diff --git a/qom/cpu.c b/qom/cpu.c
index 2553247..2225103 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -345,6 +345,7 @@ static void cpu_common_initfn(Object *obj)
 qemu_mutex_init(>work_mutex);
 QTAILQ_INIT(>breakpoints);
 QTAILQ_INIT(>watchpoints);
+bitmap_zero(cpu->tb_cache_idx, TRACE_VCPU_EVENT_COUNT);
 bitmap_zero(cpu->trace_dstate, TRACE_VCPU_EVENT_COUNT);
 }
 
diff --git a/translate-all.c b/translate-all.c
index ebd9fa0..c864eee 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -733,11 +733,22 @@ static inline void code_gen_alloc(size_t tb_size)
 qemu_mutex_init(_ctx.tb_ctx.tb_lock);
 }
 
+/*
+ * Ensure bitmaps can be used as indexes.
+ */
+void *__error__too_many_vcpu_events[
+(TRACE_VCPU_EVENT_COUNT + 1) <= BITS_PER_LONG ? 0 : -1];
+
 static void tb_htable_init(void)
 {
+int cache;
 unsigned int mode = QHT_MODE_AUTO_RESIZE;
 
-qht_init(_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE, mode);
+tcg_ctx.tb_ctx.htables = g_malloc(
+sizeof(tcg_ctx.tb_ctx.htables[0]) * tb_caches_count());
+for (cache = 0; cache < 

[Qemu-devel] [PATCH 0/4] trace: [tcg] Optimize per-vCPU tracing states with separate TB caches

[Lluís Vilanova]

Avoids generating TCG code to call guest code tracing events in vCPUs that are
not dynamically tracing that event.

Currently, events with the 'tcg' property always generate TCG code to trace that
event at guest code execution time, when their dynamic tracing state is checked.

This series adds a performance optimization where TCG code for events with the
'tcg' and 'vcpu' properties is not generated if the event is dynamically
disabled. This optimization raises two issues:

* An event can be dynamically disabled/enabled after the corresponding TCG code
  has been generated (i.e., a new TB with the corresponding code should be
  used).

* Each vCPU can have a different dynamic state for the same event (i.e., tracing
  the memory accesses of only one process pinned to a vCPU).

To handle both issues, this series replicates the shared physical TB cache,
creating a separate physical TB cache for every combination of event states
(those with the 'vcpu' and 'tcg' properties). Then, all vCPUs tracing the same
events will use the same physical TB cache.

Sharing physical TBs makes this very space efficient (only the physical TB
caches, simple arrays of pointers, are replicated), sharing physical TB caches
maximizes TB reuse across vCPUs whenever possible, and makes dynamic event state
changes more efficient (simply use a different TB array).

The physical TB cache array is indexed with the vCPU's trace event state
bitmask. This is simpler and more efficient than emitting TCG code to check if
an event needs tracing; then we should still move the tracing call code to
either a cold path (making tracing performance worse), or leave it inlined
(making non-tracing performance worse).

It is also more efficient than eliding TCG code only when *zero* vCPUs are
tracing an event, since enabling it on a single vCPU will impact the performance
of all other vCPUs that are not tracing that event.

Signed-off-by: Lluís Vilanova 
---

Lluís Vilanova (4):
  exec: [tcg] Refactor flush of per-CPU virtual TB cache
  exec: [tcg] Use multiple physical TB caches
  exec: [tcg] Switch physical TB cache based on vCPU tracing state
  trace: [tcg] Do not generate TCG code to trace dinamically-disabled events


 cpu-exec.c   |   11 
 cputlb.c |2 -
 include/exec/exec-all.h  |   12 
 include/exec/tb-context.h|2 -
 include/qom/cpu.h|4 +
 qom/cpu.c|1 
 scripts/tracetool/backend/dtrace.py  |2 -
 scripts/tracetool/backend/ftrace.py  |   20 ---
 scripts/tracetool/backend/log.py |   16 +++---
 scripts/tracetool/backend/simple.py  |2 -
 scripts/tracetool/backend/syslog.py  |6 +-
 scripts/tracetool/backend/ust.py |2 -
 scripts/tracetool/format/h.py|   23 ++--
 scripts/tracetool/format/tcg_h.py|   20 ++-
 scripts/tracetool/format/tcg_helper_c.py |3 +
 trace/control-target.c   |2 +
 trace/control.h  |3 +
 translate-all.c  |   83 ++
 translate-all.h  |   43 
 translate-all.inc.h  |   13 +
 20 files changed, 221 insertions(+), 49 deletions(-)
 create mode 100644 translate-all.inc.h


To: qemu-devel@nongnu.org
Cc: Stefan Hajnoczi 
Cc: Eduardo Habkost 
Cc: Eric Blake 

[Qemu-devel] [PATCH 1/4] exec: [tcg] Refactor flush of per-CPU virtual TB cache

[Lluís Vilanova]

The function is reused in later patches.

Signed-off-by: Lluís Vilanova 
---
 cputlb.c|2 +-
 include/exec/exec-all.h |6 ++
 translate-all.c |9 +++--
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index d068ee5..686a09c 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -81,7 +81,7 @@ void tlb_flush(CPUState *cpu, int flush_global)
 
 memset(env->tlb_table, -1, sizeof(env->tlb_table));
 memset(env->tlb_v_table, -1, sizeof(env->tlb_v_table));
-memset(cpu->tb_jmp_cache, 0, sizeof(cpu->tb_jmp_cache));
+tb_flush_jmp_cache_all(cpu);
 
 env->vtlb_index = 0;
 env->tlb_flush_addr = -1;
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index d008296..e2124dc 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -265,6 +265,12 @@ struct TranslationBlock {
 };
 
 void tb_free(TranslationBlock *tb);
+/**
+ * tb_flush_jmp_cache_all:
+ *
+ * Flush the virtual translation block cache.
+ */
+void tb_flush_jmp_cache_all(CPUState *env);
 void tb_flush(CPUState *cpu);
 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr);
 
diff --git a/translate-all.c b/translate-all.c
index 0dd6466..ebd9fa0 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -851,8 +851,7 @@ void tb_flush(CPUState *cpu)
 tcg_ctx.tb_ctx.nb_tbs = 0;
 
 CPU_FOREACH(cpu) {
-memset(cpu->tb_jmp_cache, 0, sizeof(cpu->tb_jmp_cache));
-cpu->tb_flushed = true;
+tb_flush_jmp_cache_all(cpu);
 }
 
 qht_reset_size(_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE);
@@ -1579,6 +1578,12 @@ void tb_check_watchpoint(CPUState *cpu)
 }
 }
 
+void tb_flush_jmp_cache_all(CPUState *cpu)
+{
+memset(cpu->tb_jmp_cache, 0, sizeof(cpu->tb_jmp_cache));
+cpu->tb_flushed = true;
+}
+
 #ifndef CONFIG_USER_ONLY
 /* in deterministic execution mode, instructions doing device I/Os
must be at the end of the TB */

Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command

[Brijesh Singh]

On 09/14/2016 03:44 PM, Paolo Bonzini wrote:



On 14/09/2016 22:36, Michael S. Tsirkin wrote:

Specifically with debug, if you have debug then clearly you
can dump guest memory. This is what this feature is about.
If we want a hypervisor that can not dump guest memory, let's
add a flag like that. Does everyone have to disable debugging
by default? I don't see why. Does everyone using encryption
have to do this? I don't see why either.


If you can explain what's the point in doing encryption that can be
defeated with a single ioctl, perhaps I'll agree with you.  It's okay
that we leave out features.  But every feature left out is an
anti-feature baked in.  Force-enable debug?  You've provided a loophole
for everyone.  Force-disable debug?  Well, of course you've blocked
debug for everyone.

I agree that they are distinct features on the command line, but I think
you're underestimating the importance of choosing a sane default, that's it.


 -object sev-policy-unencrypted,debug=false,id=mypolicy \
 -machine ...,sev-policy=mypolicy


I wouldn't say sev on the command line. SEV seems to be
a group of AMD technologies implemening memory encryption,
measurement etc.

Let's have flags for individual components:

-machine ...,debug=false,memory-encryption=on,...


I think it makes sense to have a separate -object for the policy.  Let's
just make it security-policy instead of sev-policy.  Brijesh, is that okay?



Yes, fine with me.

-Brijesh

[Qemu-devel] [PATCH 4/4] trace: [tcg] Do not generate TCG code to trace dinamically-disabled events

[Lluís Vilanova]

If an event is dynamically disabled, the TCG code that calls the
execution-time tracer is not generated.

Removes the overheads of execution-time tracers for dynamically disabled
events. As a bonus, also avoids checking the event state when the
execution-time tracer is called from TCG-generated code (since otherwise
TCG would simply not call it).

Signed-off-by: Lluís Vilanova 
---
 scripts/tracetool/backend/dtrace.py  |2 +-
 scripts/tracetool/backend/ftrace.py  |   20 ++--
 scripts/tracetool/backend/log.py |   16 
 scripts/tracetool/backend/simple.py  |2 +-
 scripts/tracetool/backend/syslog.py  |6 +++---
 scripts/tracetool/backend/ust.py |2 +-
 scripts/tracetool/format/h.py|   23 +--
 scripts/tracetool/format/tcg_h.py|   20 +---
 scripts/tracetool/format/tcg_helper_c.py |3 ++-
 9 files changed, 60 insertions(+), 34 deletions(-)

diff --git a/scripts/tracetool/backend/dtrace.py 
b/scripts/tracetool/backend/dtrace.py
index ab9ecfa..20242f2 100644
--- a/scripts/tracetool/backend/dtrace.py
+++ b/scripts/tracetool/backend/dtrace.py
@@ -41,6 +41,6 @@ def generate_h_begin(events):
 
 
 def generate_h(event):
-out('QEMU_%(uppername)s(%(argnames)s);',
+out('QEMU_%(uppername)s(%(argnames)s);',
 uppername=event.name.upper(),
 argnames=", ".join(event.args.names()))
diff --git a/scripts/tracetool/backend/ftrace.py 
b/scripts/tracetool/backend/ftrace.py
index 80dcf30..d798c71 100644
--- a/scripts/tracetool/backend/ftrace.py
+++ b/scripts/tracetool/backend/ftrace.py
@@ -30,17 +30,17 @@ def generate_h(event):
 if len(event.args) > 0:
 argnames = ", " + argnames
 
-out('{',
-'char ftrace_buf[MAX_TRACE_STRLEN];',
-'int unused __attribute__ ((unused));',
-'int trlen;',
-'if (trace_event_get_state(%(event_id)s)) {',
-'trlen = snprintf(ftrace_buf, MAX_TRACE_STRLEN,',
-' "%(name)s " %(fmt)s "\\n" 
%(argnames)s);',
-'trlen = MIN(trlen, MAX_TRACE_STRLEN - 1);',
-'unused = write(trace_marker_fd, ftrace_buf, trlen);',
-'}',
+out('{',
+'char ftrace_buf[MAX_TRACE_STRLEN];',
+'int unused __attribute__ ((unused));',
+'int trlen;',
+'if (trace_event_get_state(%(event_id)s)) {',
+'trlen = snprintf(ftrace_buf, MAX_TRACE_STRLEN,',
+' "%(name)s " %(fmt)s "\\n" 
%(argnames)s);',
+'trlen = MIN(trlen, MAX_TRACE_STRLEN - 1);',
+'unused = write(trace_marker_fd, ftrace_buf, trlen);',
 '}',
+'}',
 name=event.name,
 args=event.args,
 event_id="TRACE_" + event.name.upper(),
diff --git a/scripts/tracetool/backend/log.py b/scripts/tracetool/backend/log.py
index b3ff064..6818147 100644
--- a/scripts/tracetool/backend/log.py
+++ b/scripts/tracetool/backend/log.py
@@ -36,14 +36,14 @@ def generate_h(event):
 else:
 cond = "trace_event_get_state(%s)" % ("TRACE_" + event.name.upper())
 
-out('if (%(cond)s) {',
-'struct timeval _now;',
-'gettimeofday(&_now, NULL);',
-'qemu_log_mask(LOG_TRACE, "%%d@%%zd.%%06zd:%(name)s " 
%(fmt)s "\\n",',
-'  getpid(),',
-'  (size_t)_now.tv_sec, (size_t)_now.tv_usec',
-'  %(argnames)s);',
-'}',
+out('if (%(cond)s) {',
+'struct timeval _now;',
+'gettimeofday(&_now, NULL);',
+'qemu_log_mask(LOG_TRACE, "%%d@%%zd.%%06zd:%(name)s " %(fmt)s 
"\\n",',
+'  getpid(),',
+'  (size_t)_now.tv_sec, (size_t)_now.tv_usec',
+'  %(argnames)s);',
+'}',
 cond=cond,
 name=event.name,
 fmt=event.fmt.rstrip("\n"),
diff --git a/scripts/tracetool/backend/simple.py 
b/scripts/tracetool/backend/simple.py
index 1bccada..4acf23f 100644
--- a/scripts/tracetool/backend/simple.py
+++ b/scripts/tracetool/backend/simple.py
@@ -36,7 +36,7 @@ def generate_h_begin(events):
 
 
 def generate_h(event):
-out('_simple_%(api)s(%(args)s);',
+out('_simple_%(api)s(%(args)s);',
 api=event.api(),
 args=", ".join(event.args.names()))
 
diff --git a/scripts/tracetool/backend/syslog.py 
b/scripts/tracetool/backend/syslog.py
index 89019bc..b355121 100644
--- a/scripts/tracetool/backend/syslog.py
+++ b/scripts/tracetool/backend/syslog.py
@@ -36,9 +36,9 @@ def generate_h(event):
 else:
 cond = "trace_event_get_state(%s)" % 

Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest

[Brijesh Singh]

On 09/14/2016 03:38 PM, Paolo Bonzini wrote:



On 14/09/2016 22:29, Brijesh Singh wrote:

Does the guest have to check the measured data (e.g. with a hash) too,
to check that it hasn't been tampered with outside the secure
processor's control?  Of course this would result in garbage written to
the modified page, but that might be a valid attack vector.


Guest does not need to check the measurement.


Can you explain why not?

Paolo, this is good question, I will check this internally and come back 
to you.



Paolo

[Qemu-devel] [PATCH 3/4] exec: [tcg] Switch physical TB cache based on vCPU tracing state

[Lluís Vilanova]

Uses the per-vCPU event state in CPUState->trace_dstate (a bitmap) as an
index to a physical TB cache that will contain code specific to the set
of dynamically enabled events.

Two vCPUs tracing different events will execute code from different
physical TB caches. Two vCPUs tracing the same events will execute code
from the same physical TB cache.

This is used on the next patch to optimize TCG code related to event
tracing.

Signed-off-by: Lluís Vilanova 
---
 cpu-exec.c |6 ++
 trace/control-target.c |2 ++
 trace/control.h|3 +++
 translate-all.c|   23 +++
 translate-all.h|   26 ++
 5 files changed, 60 insertions(+)

diff --git a/cpu-exec.c b/cpu-exec.c
index 7b2d8c6..14fc44c 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -29,6 +29,7 @@
 #include "qemu/rcu.h"
 #include "exec/tb-hash.h"
 #include "exec/log.h"
+#include "translate-all.h"
 #if defined(TARGET_I386) && !defined(CONFIG_USER_ONLY)
 #include "hw/i386/apic.h"
 #endif
@@ -512,6 +513,11 @@ static inline void cpu_handle_interrupt(CPUState *cpu,
 *last_tb = NULL;
 }
 }
+if (unlikely(cpu_tb_cache_set_requested(cpu))) {
+cpu_tb_cache_set_apply(cpu);
+/* avoid chaning TBs across physical TB caches */
+*last_tb = NULL;
+}
 if (unlikely(cpu->exit_request || replay_has_interrupt())) {
 cpu->exit_request = 0;
 cpu->exception_index = EXCP_INTERRUPT;
diff --git a/trace/control-target.c b/trace/control-target.c
index 72081e2..2d854a7 100644
--- a/trace/control-target.c
+++ b/trace/control-target.c
@@ -79,5 +79,7 @@ void trace_event_set_vcpu_state_dynamic(CPUState *vcpu,
 clear_bit(vcpu_id, vcpu->trace_dstate);
 trace_events_dstate[id]--;
 }
+/* TODO: do not wait until the current TB finishes */
+cpu_tb_cache_set_request(vcpu);
 }
 }
diff --git a/trace/control.h b/trace/control.h
index 27a16fc..ca88682 100644
--- a/trace/control.h
+++ b/trace/control.h
@@ -210,6 +210,9 @@ void trace_event_set_state_dynamic(TraceEvent *ev, bool 
state);
  * Set the dynamic tracing state of an event for the given vCPU.
  *
  * Pre-condition: trace_event_get_vcpu_state_static(ev) == true
+ *
+ * Note: Changes for execution-time events with the 'tcg' property will not be
+ *   propagated until the next TB is executed (iff executing in TCG mode).
  */
 void trace_event_set_vcpu_state_dynamic(CPUState *vcpu,
 TraceEvent *ev, bool state);
diff --git a/translate-all.c b/translate-all.c
index c864eee..c306cf4 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1166,6 +1166,29 @@ static void tb_link_page(TranslationBlock *tb, 
tb_page_addr_t phys_pc,
 #endif
 }
 
+void cpu_tb_cache_set_request(CPUState *cpu)
+{
+/*
+ * Request is taken from cpu->trace_dstate and lazily applied into
+ * cpu->tb_cache_idx at cpu_tb_cache_set_apply().
+ */
+/* NOTE: Checked by all TBs in gen_tb_start(). */
+cpu->tcg_exit_req = true;
+}
+
+bool cpu_tb_cache_set_requested(CPUState *cpu)
+{
+return !bitmap_equal(cpu->trace_dstate, cpu->tb_cache_idx,
+ TRACE_VCPU_EVENT_COUNT);
+}
+
+void cpu_tb_cache_set_apply(CPUState *cpu)
+{
+bitmap_copy(cpu->tb_cache_idx, cpu->tb_cache_idx,
+TRACE_VCPU_EVENT_COUNT);
+tb_flush_jmp_cache_all(cpu);
+}
+
 /* Called with mmap_lock held for user mode emulation.  */
 TranslationBlock *tb_gen_code(CPUState *cpu,
   target_ulong pc, target_ulong cs_base,
diff --git a/translate-all.h b/translate-all.h
index d39bf32..fcc7fb0 100644
--- a/translate-all.h
+++ b/translate-all.h
@@ -36,6 +36,32 @@ static size_t tb_caches_count(void);
  */
 static struct qht *tb_caches_get(TBContext *tb_ctx, unsigned long *bitmap);
 
+/**
+ * cpu_tb_cache_set_request:
+ *
+ * Request a physical TB cache switch on this @cpu.
+ */
+void cpu_tb_cache_set_request(CPUState *cpu);
+
+/**
+ * cpu_tb_cache_set_requested:
+ *
+ * Returns: %true if @cpu requested a physical TB cache switch, %false
+ *  otherwise.
+ */
+bool cpu_tb_cache_set_requested(CPUState *cpu);
+
+/**
+ * cput_tb_cache_set_apply:
+ *
+ * Apply a physical TB cache switch.
+ *
+ * Precondition: @cpu is not currently executing any TB.
+ *
+ * Note: Invalidates the jump cache of the given vCPU.
+ */
+void cpu_tb_cache_set_apply(CPUState *cpu);
+
 /* translate-all.c */
 void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len);
 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,

Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest

[Paolo Bonzini]

On 14/09/2016 23:09, Michael S. Tsirkin wrote:
> > > > Does the guest have to check the measured data (e.g. with a hash) too,
> > > > to check that it hasn't been tampered with outside the secure
> > > > processor's control?  Of course this would result in garbage written to
> > > > the modified page, but that might be a valid attack vector.
> > > 
> > > Guest does not need to check the measurement.
> > 
> > Can you explain why not?
> 
> For example, guest can boot in a secure environment and then be migrated
> to cloud. In fact that seems much easier to manage than all the hash
> based stuff.

This is not what I was asking.  My question was: assuming that the guest
is interested in checking the measurement, does it also have to
recompute it independently, and if not why?

Paolo

Re: [Qemu-devel] [PATCH 07/10] block: Accept device model name for eject

[Eric Blake]

On 08/19/2016 11:50 AM, Kevin Wolf wrote:
> In order to remove the necessity to use BlockBackend names in the
> external API, we want to allow qdev device names in all device related
> commands.
> 
> This converts eject to accept a qdev device name.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  blockdev.c  | 10 +++---
>  hmp.c   |  2 +-
>  qapi/block.json |  7 ++-
>  qmp-commands.hx |  8 +---
>  4 files changed, 19 insertions(+), 8 deletions(-)
> 

> +++ b/blockdev.c

> @@ -2272,14 +2274,16 @@ void qmp_eject(const char *device, bool has_force, 
> bool force, Error **errp)
>  force = false;
>  }
>  
> -rc = do_open_tray(device, NULL, force, _err);
> +rc = do_open_tray(has_device ? device : NULL,
> +  has_id ? id : NULL,
> +  force, _err);
>  if (rc && rc != -ENOSYS) {
>  error_propagate(errp, local_err);
>  return;
>  }
>  error_free(local_err);
>  
> -qmp_x_blockdev_remove_medium(true, device, false, NULL, errp);
> +qmp_x_blockdev_remove_medium(has_device, device, has_id, id, errp);

Hmm. We have to call into the underlying x- command, without breaking
'eject' which must indeed keep the deprecated 'device' parameter.  So
maybe that answers my question on 5 and 6.

Or can we teach qmp_eject() to do the lookup now, so that it can call
into qmp_x_blockdev_remove_medium() with just id, even if the user
called in with device?  Do we even have that information readily
accessible (given a device, resolve it to an id that would work as if we
were passing an id in the first place)?

> +++ b/qapi/block.json
> @@ -127,6 +127,8 @@
>  #
>  # @device:  The name of the device
>  #
> +# @id:  The name or QOM path of the guest device (since: 2.8)
> +#

Missing mention of '#optional' in both parameters, as well as the
deprecation warning you had in 4/10.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest

[Michael S. Tsirkin]

On Wed, Sep 14, 2016 at 10:38:58PM +0200, Paolo Bonzini wrote:
> 
> 
> On 14/09/2016 22:29, Brijesh Singh wrote:
> >> Does the guest have to check the measured data (e.g. with a hash) too,
> >> to check that it hasn't been tampered with outside the secure
> >> processor's control?  Of course this would result in garbage written to
> >> the modified page, but that might be a valid attack vector.
> > 
> > Guest does not need to check the measurement.
> 
> Can you explain why not?
> 
> Paolo

For example, guest can boot in a secure environment and then be migrated
to cloud. In fact that seems much easier to manage than all the hash
based stuff.

-- 
MST

Re: [Qemu-devel] [PATCH qemu v2] tap: Allow specifying a bridge

[Paolo Bonzini]

On 13/09/2016 09:11, Alexey Kardashevskiy wrote:
> The tap backend is already using qemu-bridge-helper to attach tap
> interface to a bridge but (unlike the bridge backend) it always uses
> the default bridge name - br0.
> 
> This adds a "br" property support to the tap backend.
> 
> Signed-off-by: Alexey Kardashevskiy 

Stupid question ahead: how does -netdev bridge compare to -netdev tap
after this patch?  Is there a case left where you must use -netdev bridge?

Or can we make -netdev bridge a synonym for "-netdev
tap,helper=/default/path/to/helper"?

Thanks,

Paolo

Re: [Qemu-devel] [PATCH 06/10] block: Accept device model name for x-blockdev-remove-medium

[Eric Blake]

On 08/19/2016 11:50 AM, Kevin Wolf wrote:
> In order to remove the necessity to use BlockBackend names in the
> external API, we want to allow qdev device names in all device related
> commands.
> 
> This converts x-blockdev-remove-medium to accept a qdev device name.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  blockdev.c   | 23 +--
>  qapi/block-core.json |  7 +--
>  qmp-commands.hx  |  6 --
>  3 files changed, 22 insertions(+), 14 deletions(-)

Same question as in 5/10.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2] scripts: Add a script to check for bug URLs in the git log

[Thomas Huth]

On 14.09.2016 16:44, Eric Blake wrote:
> On 09/14/2016 05:35 AM, Thomas Huth wrote:
>> Erik,
> 
> It's Eric, but don't sweat it (you're not the first, and probably not
> the last, to typo names)

Oops, big sorry! I must have been confused by the German spelling of
that name :-(

> +while [ $# -ge 1 ]; do
> +   case "$1" in
> +-s)  START="$2" ; shift ;;

 POSIX recommends that short options with arguments be parseable both as
 '-s foo' and '-sfoo'.  I don't care that you aren't POSIX compliant, but
 using getopt(1) or getopts(1) may make it easier to comply.
>>
>> OK. After googling a little bit, it sounds like getopts is the way to
>> go, e.g. http://mywiki.wooledge.org/BashFAQ/035#getopts says that getopt
>> should not be used.
> 
> getopts(1) is POSIX, but not universally present. I _think_ your script
> was portable to /bin/sh, but it may be easier to write by relying on
> bashisms and changing line one to /bin/bash, at which point we know
> getopts is present.

Well, /bin/bash is also not really portable ... I've seen systems in the
past where bash was installed in another directory or not at all...

Anyway, FYI, I've found two more nice ways to check for POSIX compliance:

- There is a program called checkbashisms which reports bash related
  style

- "posh" is a very minimalistic POSIX compliant shell which hardly
  supports any of the bash extras

And indeed, both pointed me to another bashism in my script: The
"function" keyword is not portable and should be avoided... oh well. Not
sure whether I really should do a v3 of my patch, convert it to python
or just give up the idea of releasing such a script to the public...

 Thomas




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region

[Paolo Bonzini]

On 14/09/2016 22:59, Brijesh Singh wrote:
> I will look into hooking up the callback into ROM read/write ops. I was
> thinking about adding a new argument in
> cpu_physical_memory_write_rom_internal()
> 
> void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
>const uint8_t *buf, int len,
>WriteCB *cb)
> {
>
>ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
> 
>if (cb)
>  cb(ptr, buf, len)
>else
>  memcpy(ptr, buf, len)
> 
> 
> }
> 
> In case of SEV, we pass a CB function pointer which calls SEV API's to
> encrypt memory. Does this make sense?

I think a global as you have it in this series is just fine---just don't
hook it into address_space_read and address_space_write.

Paolo

Re: [Qemu-devel] [RFC PATCH v1 15/22] i386: sev: register RAM read/write ops for BIOS and PC.RAM region

[Brijesh Singh]

Hi Paolo,

On 09/13/2016 06:05 PM, Paolo Bonzini wrote:



On 13/09/2016 16:49, Brijesh Singh wrote:


+/* Register SEV read/write ops for the guest RAM */
+if (kvm_sev_enabled())
+memory_region_set_ram_ops(ram, kvm_sev_get_ram_ops());


If you don't actually need this one except for -kernel it would be very
nice, because then the hooks could be limited to cpu_memory_rw_debug.



Yes so far i see that we needing this only for -kernel option.


address_space_write and address_space_read are the central entry point
for device DMA, and calling mr->ram_ops->write from there seems very
wrong.  I'd rather make those hooks *ROM* read/write ops rather than RAM
read/write ops.



I will look into hooking up the callback into ROM read/write ops. I was 
thinking about adding a new argument in 
cpu_physical_memory_write_rom_internal()


void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
   const uint8_t *buf, int len,
   WriteCB *cb)
{
   
   ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

   if (cb)
 cb(ptr, buf, len)
   else
 memcpy(ptr, buf, len)


}

In case of SEV, we pass a CB function pointer which calls SEV API's to 
encrypt memory. Does this make sense?


-Brijesh

Re: [Qemu-devel] [PATCH 05/10] block: Accept device model name for x-blockdev-insert-medium

[Eric Blake]

On 08/19/2016 11:50 AM, Kevin Wolf wrote:
> In order to remove the necessity to use BlockBackend names in the
> external API, we want to allow qdev device names in all device related
> commands.
> 
> This converts x-blockdev-insert-medium to accept a qdev device name.
> 

Since this command is experimental...

> Signed-off-by: Kevin Wolf 
> ---

> +++ b/qapi/block-core.json
> @@ -2380,14 +2380,17 @@
>  # This command is still a work in progress and is considered experimental.
>  # Stay away from it unless you want to help with its development.
>  #
> -# @device:block device name
> +# @device:block device name (deprecated, use @id instead)
> +#
> +# @id:the name or QOM path of the guest device (since: 2.8)

...why even bother to deprecate 'device'?  Can't we just do a whole-sale
switch to a required 'id' only?  Or should such a wholesale switch be
reserved for the day that we remove the x- prefix when promoting the
command to stable?

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 04/10] block: Accept device model name for blockdev-open/close-tray

[Eric Blake]

On 08/19/2016 11:50 AM, Kevin Wolf wrote:
> In order to remove the necessity to use BlockBackend names in the
> external API, we want to allow qdev device names in all device related
> commands.
> 
> This converts blockdev-open/close-tray to accept a qdev device name.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  blockdev.c   | 60 
> +++-
>  qapi/block-core.json | 14 
>  qmp-commands.hx  | 12 +++
>  3 files changed, 63 insertions(+), 23 deletions(-)
> 

> +++ b/qapi/block-core.json
> @@ -2316,7 +2316,9 @@
>  #   to it
>  # - if the guest device does not have an actual tray
>  #
> -# @device: block device name
> +# @device:  block device name (deprecated, use @id instead)
> +#
> +# @id:  the name or QOM path of the guest device (since: 2.8)

Wish there were an easier way to write mutually-exclusive pairs in JSON,
but without that, your approach is fine.

> +++ b/qmp-commands.hx
> @@ -4277,7 +4277,7 @@ EQMP
>  
>  {
>  .name   = "blockdev-open-tray",
> -.args_type  = "device:s,force:b?",
> +.args_type  = "device:s?,id:s?,force:b?",
>  .mhandler.cmd_new = qmp_marshal_blockdev_open_tray,
>  },

Will conflict with Marc-Andre's work to remove qmp-commands.hx; but we
can figure it out based on what merges first.

>  
> @@ -4302,7 +4302,9 @@ which no such event will be generated, these include:
>  
>  Arguments:
>  
> -- "device": block device name (json-string)
> +- "device": block device name (deprecated, use @id instead)
> +(json-string, optional)
> +- "id": the name or QOM path of the guest device (json-string, optional)
>  - "force": if false (the default), an eject request will be sent to the 
> guest if
> it has locked the tray (and the tray will not be opened 
> immediately);
> if true, the tray will be opened regardless of whether it is 
> locked

Are there any example code snippets that should be updated alongside
this? If not, should we be thinking of adding an example?

But I can live with this patch as an incremental improvement, even if we
decide we want more as a followup based on my question above, so:

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command

[Paolo Bonzini]

On 14/09/2016 22:36, Michael S. Tsirkin wrote:
> Specifically with debug, if you have debug then clearly you
> can dump guest memory. This is what this feature is about.
> If we want a hypervisor that can not dump guest memory, let's
> add a flag like that. Does everyone have to disable debugging
> by default? I don't see why. Does everyone using encryption
> have to do this? I don't see why either.

If you can explain what's the point in doing encryption that can be
defeated with a single ioctl, perhaps I'll agree with you.  It's okay
that we leave out features.  But every feature left out is an
anti-feature baked in.  Force-enable debug?  You've provided a loophole
for everyone.  Force-disable debug?  Well, of course you've blocked
debug for everyone.

I agree that they are distinct features on the command line, but I think
you're underestimating the importance of choosing a sane default, that's it.

>>  -object sev-policy-unencrypted,debug=false,id=mypolicy \
>>  -machine ...,sev-policy=mypolicy
> 
> I wouldn't say sev on the command line. SEV seems to be
> a group of AMD technologies implemening memory encryption,
> measurement etc.
> 
> Let's have flags for individual components:
> 
> -machine ...,debug=false,memory-encryption=on,...

I think it makes sense to have a separate -object for the policy.  Let's
just make it security-policy instead of sev-policy.  Brijesh, is that okay?

Paolo

Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest

[Paolo Bonzini]

On 14/09/2016 22:29, Brijesh Singh wrote:
>> Does the guest have to check the measured data (e.g. with a hash) too,
>> to check that it hasn't been tampered with outside the secure
>> processor's control?  Of course this would result in garbage written to
>> the modified page, but that might be a valid attack vector.
> 
> Guest does not need to check the measurement.

Can you explain why not?

Paolo

[Qemu-devel] [Bug 1596009] Re: config/build problem due to libncursesw on Xenial

[T. Huth]

Closing according to comment #2.

** Changed in: qemu
   Status: New => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1596009

Title:
  config/build problem due to libncursesw on Xenial

Status in QEMU:
  Invalid

Bug description:
  it happened to me during a build of yocto/bitbake related cross tools.
  the auto-configuration part titled "SDL probe" for qemu-2.2.0 i found
  the configuration step failing for the compile_prog routine. actually
  those test compile went fine but only the test linking failed.

  this was due a reference of the sub-sub-...-included libcaca
  referenced an initially not installed (hint: check for and report such
  pre-requisites upfront - might be yocto related) and later on
  installed by me component of name libncursesw seemingly in its dev
  variant (i was installing
  libncursesw5-dev_6.0+20160213-1ubuntu1_amd64.deb). tests on the
  command line showed that adding the required paths and resources made
  the test application link nicely.

  a quick hack attempt for the config script resulted in those line:
sdl_libs="$sdl_libs -L/lib/x86_64-linux-gnu -lncursesw"
  this allowed me to pass the configuration check nicely.
  i am just seeing my full scale compile fail for the same reason multiple 
times for linking. that all should be fixable the same way.

  you might or might not have addressed this in newer versions of your
  package. but you probably know that setups for embedded targets will
  sometimes lack behind in their evolution until a sudden (well
  prepared) some big jump in versions does happen. so i leave the hint
  here for your reference - for the main reason of this very often
  spotted message - raised by several main reasons according to public
  web reports, but not this one until right here and now:

  | ERROR: User requested feature sdl
  |configure was not able to find it.
  |Install SDL devel

  By the way these lines already have to locations in the configure script
  where the first indicates that pkg/sdl/sdl2-config application is not there 
(=no SDL devel there)
  whilst the second indicates that *-config is there but the test compile 
failed (=devel is broken for some other reason).
  This could/should see some improvement as well as this is the first hint on 
what went wrong - and in the second case you definitely can give the user the 
quite valueable hint for the log file with the results of the test compile.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1596009/+subscriptions

Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command

[Michael S. Tsirkin]

On Wed, Sep 14, 2016 at 09:58:25PM +0200, Paolo Bonzini wrote:
> 
> 
> On 14/09/2016 21:24, Michael S. Tsirkin wrote:
> > Well limited protection is of a limited use :) Seriously, the point of
> > mitigation should be blocking classes of vulenrabilities not making
> > things more complex.
> 
> No, not at all.  The point of _mitigation_ is to _mitigate_ the danger
> from classes of vulnerabilities, i.e. make the attack harder though
> perhaps not ultimately impossible.

Right. And features generally reduce security. Does not mean we don't
need to add any features.  The tradeoffs need to be weighted and
documented, this is missing here.

Specifically with debug, if you have debug then clearly you
can dump guest memory. This is what this feature is about.
If we want a hypervisor that can not dump guest memory, let's
add a flag like that. Does everyone have to disable debugging
by default? I don't see why. Does everyone using encryption
have to do this? I don't see why either.

> >> If the adversary is passive and cannot ask anything is it even an
> >> adversary?  Why do you need encryption at all if you can't even ptrace 
> >> QEMU?
> > 
> > The cover letter mentioned a read everything adversary.
> > How do you read everything? Well, you probably don't but
> > there could be attacks that cause kernel to leak
> > contents of random memory to an attacker.
> 
> Ok, it doesn't seem too useful.
> 
> > On the software side, we should try to
> > push for enabling features independently, this way more
> > hardware can benefit.
> 
> We can have an "unencrypted" sev-policy that only has limited
> functionality such as disabling debug.  So you could disable debug with
> 
>  -object sev-policy-unencrypted,debug=false,id=mypolicy \
>  -machine ...,sev-policy=mypolicy
> 
> Paolo

I wouldn't say sev on the command line. SEV seems to be
a group of AMD technologies implemening memory encryption,
measurement etc.

Let's have flags for individual components:

-machine ...,debug=false,memory-encryption=on,...

E.g. I can imagine tcg implementing encrypted at rest memory.

If you are on AMD and memory=encrypted then you would enable
SEV. If debug=false then disable debug. As I mentioned,
if monitor is a socket this might be genuinely increasing
guest security.

I'm fine with e.g. memory-encryption=on being an AMD-only
feature for now.

-- 
MST

Re: [Qemu-devel] [RFC PATCH v1 04/22] memattrs: add SEV debug attrs

[Brijesh Singh]

  */
 #define MEMTXATTRS_UNSPECIFIED ((MemTxAttrs) { .unspecified = 1 })

+/* Access the guest memory for debug purposes */
+#define MEMTXATTRS_SEV_DEBUG ((MemTxAttrs) { .sev_debug = 1 })
 #endif


Just make it "debug" and MEMTXATTRS_DEBUG.



Thanks, will fix in v2.

[Qemu-devel] [PATCH v5 4/8] linux-user: Add support for ustat() syscall

[Aleksandar Markovic]

From: Aleksandar Markovic 

This patch implements Qemu user mode ustat() syscall support.

Syscall ustat() returns information about a mounted filesystem.

The implementation is similar to the implementations of statfs(),
fstatfs() and other related syscalls. It is based on invocation of
host's ustat(), and its key part is in the correspondent case segment
of the main switch statement of the function do_syscall(), in file
linux-user/syscalls.c. All necessary conversions of data structures
from target to host and from host to target are covered. Sufficient
support for "-strace" option for this syscall is already present,
and this patch does not change it.

This patch also fixes failures of LTP tests ustat01, and ustat02, if
executed on Qemu-emulated systems.

Signed-off-by: Aleksandar Markovic 
---
 linux-user/syscall.c | 25 -
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 3436ee6..7f8ae41 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -48,6 +48,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -8098,7 +8099,29 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 break;
 #ifdef TARGET_NR_ustat
 case TARGET_NR_ustat:
-goto unimplemented;
+{
+struct ustat ust;
+int cnt;
+ret = get_errno(ustat(arg1, ));
+
+if (!is_error(ret)) {
+struct ustat *target_ust;
+
+if (!lock_user_struct(VERIFY_WRITE, target_ust, arg2, 0)) {
+goto efault;
+}
+
+__put_user(ust.f_tfree, _ust->f_tfree);
+__put_user(ust.f_tinode, _ust->f_tinode);
+
+for (cnt = 0; cnt < 6; cnt++) {
+__put_user(ust.f_fname[cnt], _ust->f_fname[cnt]);
+__put_user(ust.f_fpack[cnt], _ust->f_fpack[cnt]);
+}
+unlock_user_struct(target_ust, arg2, 1);
+}
+break;
+  }
 #endif
 #ifdef TARGET_NR_dup2
 case TARGET_NR_dup2:
-- 
2.9.3

Re: [Qemu-devel] [RFC PATCH v1 06/22] sev: add initial SEV support

[Michael S. Tsirkin]

On Wed, Sep 14, 2016 at 01:46:09PM -0500, Brijesh Singh wrote:
> 7) Guest owner validates the measurement. If measurement matches then we are
> good to launch the guest. This should ensure that bootcode was not
> compromised by hypervisor.

As hypervisor can e.g. execute said code in any order (without touching
protected memory) this seems rather like adding asserts in code at
random points. Frankly if one is so worried about the boot sequence,
just send an already booted guest to the cloud provider.


But anyway, that's beside the point. My point is that all this
measurement dance is orthogonal to memory encryption.
It happens to be part of the same AMD CPU, but it
might not be on other CPUs, and I don't see why
should command line/QOM APIs tie us to what AMD did.

-- 
MST

Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest

[Brijesh Singh]

On 09/13/2016 05:59 PM, Paolo Bonzini wrote:



On 13/09/2016 16:50, Brijesh Singh wrote:

In SEV-enabled mode we need to reload the BIOS image on loader reset, this
will ensure that BIOS image gets encrypted and included as part of launch
meausrement on guest reset.


Just to check if I understand correctly, the secure processor cannot
split the encryption and measuring, which is why you need to redo the
copy on every reset.



That is right, after LAUNCH_FINISH is called the secure processor 
cleanup the LAUNCH_START context so that hypervisor can not call 
LAUNCH_UPDATE to inject a new data into guest memory. After 
LAUNCH_FINISH only thing we can call is SEV_DEBUG_* or SEV_RECEIVE_* 
commands.



Does the guest have to check the measured data (e.g. with a hash) too,
to check that it hasn't been tampered with outside the secure
processor's control?  Of course this would result in garbage written to
the modified page, but that might be a valid attack vector.



Guest does not need to check the measurement.

[Qemu-devel] [PATCH v5 7/8] linux-user: Fix syslog() syscall support

[Aleksandar Markovic]

From: Aleksandar Markovic 

There are currently several problems related to syslog() support.

For example, if the second argument "bufp" of target syslog() syscall
is NULL, the current implementation always returns error code EFAULT.
However, NULL is a perfectly valid value for the second argument for
many use cases of this syscall. This is, for example, visible from
this excerpt of man page for syslog(2):

> EINVAL Bad arguments (e.g., bad type; or for type 2, 3, or 4, buf is
>NULL, or len is less than zero; or for type 8, the level is
>outside the range 1 to 8).

Moreover, the argument "bufp" is ignored for all cases of values of the
first argument, except 2, 3 and 4. This means that for such cases
(the first argument is not 2, 3 or 4), there is no need to pass "buf"
between host and target, and it can be set to NULL while calling host's
syslog(), without loss of emulation accuracy.

Note also that if "bufp" is NULL and the first argument is 2, 3 or 4, the
correct returned error code is EINVAL, not EFAULT.

All these details are reflected in this patch.

"#ifdef TARGET_NR_syslog" is also proprerly inserted when needed.

Support for Qemu's "-strace" switch for syslog() syscall is included too.

LTP tests syslog11 and syslog12 pass with this patch (while fail without
it), on any platform.

Signed-off-by: Aleksandar Markovic 
---
 linux-user/strace.c   | 68 +++
 linux-user/strace.list|  2 +-
 linux-user/syscall.c  | 23 +++-
 linux-user/syscall_defs.h | 25 +
 4 files changed, 111 insertions(+), 7 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 61911e7..6177f2c 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -1709,6 +1709,74 @@ print_rt_sigprocmask(const struct syscallname *name,
 }
 #endif
 
+#ifdef TARGET_NR_syslog
+static void
+print_syslog_action(abi_ulong arg, int last)
+{
+switch (arg) {
+case TARGET_SYSLOG_ACTION_CLOSE: {
+gemu_log("%s%s", "SYSLOG_ACTION_CLOSE", get_comma(last));
+break;
+}
+case TARGET_SYSLOG_ACTION_OPEN: {
+gemu_log("%s%s", "SYSLOG_ACTION_OPEN", get_comma(last));
+break;
+}
+case TARGET_SYSLOG_ACTION_READ: {
+gemu_log("%s%s", "SYSLOG_ACTION_READ", get_comma(last));
+break;
+}
+case TARGET_SYSLOG_ACTION_READ_ALL: {
+gemu_log("%s%s", "SYSLOG_ACTION_READ_ALL", get_comma(last));
+break;
+}
+case TARGET_SYSLOG_ACTION_READ_CLEAR: {
+gemu_log("%s%s", "SYSLOG_ACTION_READ_CLEAR", get_comma(last));
+break;
+}
+case TARGET_SYSLOG_ACTION_CLEAR: {
+gemu_log("%s%s", "SYSLOG_ACTION_CLEAR", get_comma(last));
+break;
+}
+case TARGET_SYSLOG_ACTION_CONSOLE_OFF: {
+gemu_log("%s%s", "SYSLOG_ACTION_CONSOLE_OFF", get_comma(last));
+break;
+}
+case TARGET_SYSLOG_ACTION_CONSOLE_ON: {
+gemu_log("%s%s", "SYSLOG_ACTION_CONSOLE_ON", get_comma(last));
+break;
+}
+case TARGET_SYSLOG_ACTION_CONSOLE_LEVEL: {
+gemu_log("%s%s", "SYSLOG_ACTION_CONSOLE_LEVEL", get_comma(last));
+break;
+}
+case TARGET_SYSLOG_ACTION_SIZE_UNREAD: {
+gemu_log("%s%s", "SYSLOG_ACTION_SIZE_UNREAD", get_comma(last));
+break;
+}
+case TARGET_SYSLOG_ACTION_SIZE_BUFFER: {
+gemu_log("%s%s", "SYSLOG_ACTION_SIZE_BUFFER", get_comma(last));
+break;
+}
+default: {
+print_raw_param("%ld", arg, last);
+}
+}
+}
+
+static void
+print_syslog(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_syslog_action(arg0, 0);
+print_pointer(arg1, 0);
+print_raw_param("%d", arg2, 1);
+print_syscall_epilogue(name);
+}
+#endif
+
 #ifdef TARGET_NR_mknod
 static void
 print_mknod(const struct syscallname *name,
diff --git a/linux-user/strace.list b/linux-user/strace.list
index 0bf1bea..2f99ac2 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -1380,7 +1380,7 @@
 { TARGET_NR_sys_kexec_load, "sys_kexec_load" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_syslog
-{ TARGET_NR_syslog, "syslog" , NULL, NULL, NULL },
+{ TARGET_NR_syslog, "syslog" , NULL, print_syslog, NULL },
 #endif
 #ifdef TARGET_NR_sysmips
 { TARGET_NR_sysmips, "sysmips" , NULL, NULL, NULL },
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 4ffcce5..37ce908 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9219,14 +9219,25 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 ret = do_setsockopt(arg1, arg2, arg3, arg4, (socklen_t) 

[Qemu-devel] [PATCH v5 8/8] linux-user: Remove a duplicate item from strace.list

[Aleksandar Markovic]

From: Aleksandar Markovic 

There is a duplicate item in strace.list. It is benign, but it
shouldn't be there. It is the only duplicate in strace.list. This
patch removes it.

Signed-off-by: Aleksandar Markovic 
---
 linux-user/strace.list | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/linux-user/strace.list b/linux-user/strace.list
index 2f99ac2..f74545f 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -1532,9 +1532,6 @@
 #ifdef TARGET_NR_utimensat
 { TARGET_NR_utimensat, "utimensat", NULL, print_utimensat, NULL },
 #endif
-#ifdef TARGET_NR_sync_file_range
-{ TARGET_NR_sync_file_range, "sync_file_range", NULL, NULL, NULL },
-#endif
 #ifdef TARGET_NR_sync_file_range2
 { TARGET_NR_sync_file_range2, "sync_file_range2", NULL, NULL, NULL },
 #endif
-- 
2.9.3

[Qemu-devel] [PATCH v5 6/8] linux-user: Fix socketcall() syscall support

[Aleksandar Markovic]

From: Aleksandar Markovic 

do_socketcall() function in Qemu's syscalls.c is implemented to mirror
corespondant implementation of socketcall() in Linux kernel. (see kernel
source file net/socket.c, definition of socketcall).

However, error codes are wrong for the cases of invalid values of the first
argument. This patch in this sense brings do_socketcall() closer to its
kernel counterpart.

Also, this patch fixes failure of LTP test socketcall02, if executed on some
Qemu emulated sywstems (uer mode).

Signed-off-by: Aleksandar Markovic 
---
 linux-user/syscall.c | 21 -
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index bdc12ae..4ffcce5 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3845,15 +3845,18 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
 [SOCKOP_getsockopt] = 5,  /* sockfd, level, optname, optval, optlen */
 };
 abi_long a[6]; /* max 6 args */
+unsigned i;
 
-/* first, collect the arguments in a[] according to ac[] */
-if (num >= 0 && num < ARRAY_SIZE(ac)) {
-unsigned i;
-assert(ARRAY_SIZE(a) >= ac[num]); /* ensure we have space for args */
-for (i = 0; i < ac[num]; ++i) {
-if (get_user_ual(a[i], vptr + i * sizeof(abi_long)) != 0) {
-return -TARGET_EFAULT;
-}
+/* check the range of the first argument num */
+if (num < 0 || num > ARRAY_SIZE(ac)) {
+return -TARGET_EINVAL;
+}
+
+/* collect the arguments in a[] according to ac[] */
+assert(ARRAY_SIZE(a) >= ac[num]); /* ensure we have space for args */
+for (i = 0; i < ac[num]; ++i) {
+if (get_user_ual(a[i], vptr + i * sizeof(abi_long)) != 0) {
+return -TARGET_EFAULT;
 }
 }
 
@@ -3901,7 +3904,7 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
 return do_getsockopt(a[0], a[1], a[2], a[3], a[4]);
 default:
 gemu_log("Unsupported socketcall: %d\n", num);
-return -TARGET_ENOSYS;
+return -TARGET_EINVAL;
 }
 }
 #endif
-- 
2.9.3

[Qemu-devel] [PATCH v5 5/8] linux-user: Fix msgrcv() and msgsnd() syscalls support

[Aleksandar Markovic]

From: Aleksandar Markovic 

If syscalls msgrcv() and msgsnd() fail, they return E2BIG, EACCES,
EAGAIN, EFAULT, EIDRM, EINTR, EINVAL, ENOMEM, or ENOMSG.

By examining negative scenarios of these syscalls for Mips, it was
established that ENOMSG does not have the same value accross all
platforms, but it is nevertheless not included for conversion in
the correspondant conversion table defined in linux-user/syscall.c.
This is certainly a bug, since it leads to the incorrect emulation
of msgrcv() and msgsnd() for scenarios involving ENOMSG.

This patch fixes this by extending the conversion table to include
ENOMSG.

Also, LTP test msgrcv04 will be fixed for some platforms.

Signed-off-by: Aleksandar Markovic 
---
 linux-user/syscall.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7f8ae41..bdc12ae 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -750,6 +750,9 @@ static uint16_t 
host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
 #ifdef ENOTRECOVERABLE
 [ENOTRECOVERABLE]  = TARGET_ENOTRECOVERABLE,
 #endif
+#ifdef ENOMSG
+[ENOMSG]= TARGET_ENOMSG,
+#endif
 };
 
 static inline int host_to_target_errno(int err)
-- 
2.9.3

[Qemu-devel] [PATCH v5 3/8] linux-user: Add support for sysfs() syscall

[Aleksandar Markovic]

From: Aleksandar Markovic 

This patch implements Qemu user mode sysfs() syscall support.

Syscall sysfs() involves returning information about the filesystem types
currently present in the kernel, and can operate in three distinct flavors,
depending on its first argument.

The implementation is based on invocation of host's sysfs(), and
its key part is in the correspondent case segment of the main switch
statement of the function do_syscall(), in file linux-user/syscalls.c.
All necessary conversions of data structures from target to host and from
host to target are covered. Based on the value of the first argument, three
cases are distinguished, and such conversions are implemented separately
for each case. Relevant support for "-strace" option is included in files
linux-user/strace.c and linux-user/strace.list.

This patch also fixes failures of LTP tests sysfs01, sysfs02, sysfs03,
sysfs04, sysfs05, and sysfs06, if executed in Qemu user mode.

Signed-off-by: Aleksandar Markovic 
---
 linux-user/strace.c| 25 +
 linux-user/strace.list |  2 +-
 linux-user/syscall.c   | 42 +-
 3 files changed, 67 insertions(+), 2 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 4524c70..61911e7 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -2151,6 +2151,31 @@ print_kill(const struct syscallname *name,
 }
 #endif
 
+#if defined(TARGET_NR_sysfs)
+static void
+print_sysfs(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+switch (arg0) {
+case 1:
+print_raw_param("%d", arg0, 1);
+print_string(arg1, 1);
+break;
+case 2:
+print_raw_param("%d", arg0, 0);
+print_raw_param("%u", arg1, 0);
+print_pointer(arg2, 1);
+break;
+default:
+print_raw_param("%d", arg0, 1);
+break;
+}
+print_syscall_epilogue(name);
+}
+#endif
+
 /*
  * An array of all of the syscalls we know about
  */
diff --git a/linux-user/strace.list b/linux-user/strace.list
index 00b2e9b..0bf1bea 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -1371,7 +1371,7 @@
 { TARGET_NR_sys_epoll_wait, "sys_epoll_wait" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_sysfs
-{ TARGET_NR_sysfs, "sysfs" , NULL, NULL, NULL },
+{ TARGET_NR_sysfs, "sysfs" , NULL, print_sysfs, NULL },
 #endif
 #ifdef TARGET_NR_sysinfo
 { TARGET_NR_sysinfo, "sysinfo" , NULL, NULL, NULL },
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index eab9207..3436ee6 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9549,7 +9549,47 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 #endif
 #ifdef TARGET_NR_sysfs
 case TARGET_NR_sysfs:
-goto unimplemented;
+switch (arg1) {
+case 1:
+{
+if (arg2 != 0) {
+p = lock_user_string(arg2);
+if (!p) {
+goto efault;
+}
+ret = get_errno(syscall(__NR_sysfs, arg1, p));
+unlock_user(p, arg2, 0);
+} else {
+ret = get_errno(syscall(__NR_sysfs, arg1, NULL));
+}
+}
+break;
+case 2:
+{
+if (arg3 != 0) {
+char buf[PATH_MAX];
+int len;
+memset(buf, 0, PATH_MAX);
+ret = get_errno(syscall(__NR_sysfs, arg1, arg2, buf));
+len = PATH_MAX;
+if (len > strlen(buf)) {
+len = strlen(buf);
+}
+if (copy_to_user(arg3, buf, len) != 0) {
+goto efault;
+}
+} else {
+ret = get_errno(syscall(__NR_sysfs, arg1, arg2, NULL));
+}
+}
+break;
+case 3:
+ret = get_errno(syscall(__NR_sysfs, arg1));
+break;
+default:
+ret = -EINVAL;
+}
+break;
 #endif
 case TARGET_NR_personality:
 ret = get_errno(personality(arg1));
-- 
2.9.3

[Qemu-devel] [PATCH v5 2/8] linux-user: Add support for clock_adjtime() syscall

[Aleksandar Markovic]

From: Aleksandar Markovic 

This patch implements Qemu user mode clock_adjtime() syscall support.

The implementation is based on invocation of host's clock_adjtime(), and is
very similar to the implementation of adjtimex() syscall support. The main
difference is the presence of "clockid_t" argument in clock_adjtime().

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
---
 linux-user/strace.c| 13 +
 linux-user/strace.list |  3 +++
 linux-user/syscall.c   | 19 ++-
 3 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 7ddcaf8..4524c70 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -968,6 +968,19 @@ print_chmod(const struct syscallname *name,
 }
 #endif
 
+#ifdef TARGET_NR_clock_adjtime
+static void
+print_clock_adjtime(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_raw_param("%d", arg0, 0);
+print_pointer(arg1, 1);
+print_syscall_epilogue(name);
+}
+#endif
+
 #ifdef TARGET_NR_clone
 static void do_print_clone(unsigned int flags, abi_ulong newsp,
abi_ulong parent_tidptr, target_ulong newtls,
diff --git a/linux-user/strace.list b/linux-user/strace.list
index 9a665a8..00b2e9b 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -72,6 +72,9 @@
 #ifdef TARGET_NR_chroot
 { TARGET_NR_chroot, "chroot" , NULL, NULL, NULL },
 #endif
+#ifdef TARGET_NR_clock_adjtime
+{ TARGET_NR_clock_adjtime, "clock_adjtime" , NULL, print_clock_adjtime, NULL },
+#endif
 #ifdef TARGET_NR_clock_getres
 { TARGET_NR_clock_getres, "clock_getres" , NULL, NULL, NULL },
 #endif
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 5643840..eab9207 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6579,7 +6579,7 @@ static inline abi_long target_ftruncate64(void *cpu_env, 
abi_long arg1,
 }
 #endif
 
-#ifdef TARGET_NR_adjtimex
+#if defined(TARGET_NR_adjtimex) || defined(TARGET_NR_clock_adjtime)
 static inline abi_long target_to_host_timex(struct timex *host_buf,
 abi_long target_addr)
 {
@@ -9509,6 +9509,23 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 }
 break;
 #endif
+#ifdef TARGET_NR_clock_adjtime
+case TARGET_NR_clock_adjtime:
+{
+struct timex host_buf;
+
+if (target_to_host_timex(_buf, arg2) != 0) {
+goto efault;
+}
+ret = get_errno(clock_adjtime(arg1, _buf));
+if (!is_error(ret) && arg1) {
+if (host_to_target_timex(arg2, _buf) != 0) {
+goto efault;
+}
+}
+}
+break;
+#endif
 #ifdef TARGET_NR_create_module
 case TARGET_NR_create_module:
 #endif
-- 
2.9.3

[Qemu-devel] [PATCH v5 1/8] linux-user: Add support for adjtimex() syscall

[Aleksandar Markovic]

From: Aleksandar Markovic 

This patch implements Qemu user mode adjtimex() syscall support.

Syscall adjtimex() reads and optionally sets parameters for a clock
adjustment algorithm used in network synchonization or similar scenarios.

The implementation is based on invocation of host's adjtimex(), and
its key part is in the correspondent case segment of the main switch
statement of the function do_syscall(), in file linux-user/syscalls.c.
Also, support for related structure "timex" is added to the file
linux-user/syscall_defs.h, based on its definition in Linux kernel. All
necessary conversions of the data structures from target to host and from
host to target are covered. Two new functions, target_to_host_timex() and
host_to_target_timex(), are provided for the purpose of such conversions.
Moreover, the relevant support for "-strace" Qemu option is included in
files linux-user/strace.c and linux-user/strace.list.

This patch also fixes failures of LTP tests adjtimex01 and adjtimex02, if
executed in Qemu user mode.

Signed-off-by: Aleksandar Rikalo 
Signed-off-by: Aleksandar Markovic 
---
 linux-user/strace.c   | 12 +++
 linux-user/strace.list|  2 +-
 linux-user/syscall.c  | 90 ++-
 linux-user/syscall_defs.h | 28 +++
 4 files changed, 130 insertions(+), 2 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index cc10dc4..7ddcaf8 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -919,6 +919,18 @@ print_access(const struct syscallname *name,
 }
 #endif
 
+#ifdef TARGET_NR_adjtimex
+static void
+print_adjtimex(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_pointer(arg0, 1);
+print_syscall_epilogue(name);
+}
+#endif
+
 #ifdef TARGET_NR_brk
 static void
 print_brk(const struct syscallname *name,
diff --git a/linux-user/strace.list b/linux-user/strace.list
index aa967a2..9a665a8 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -16,7 +16,7 @@
 { TARGET_NR_add_key, "add_key" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_adjtimex
-{ TARGET_NR_adjtimex, "adjtimex" , NULL, NULL, NULL },
+{ TARGET_NR_adjtimex, "adjtimex" , NULL, print_adjtimex, NULL },
 #endif
 #ifdef TARGET_NR_afs_syscall
 { TARGET_NR_afs_syscall, "afs_syscall" , NULL, NULL, NULL },
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ca06943..5643840 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -35,6 +35,7 @@
 #include 
 #include 
 #include 
+#include 
 #ifdef __ia64__
 int __clone2(int (*fn)(void *), void *child_stack_base,
  size_t stack_size, int flags, void *arg, ...);
@@ -6578,6 +6579,78 @@ static inline abi_long target_ftruncate64(void *cpu_env, 
abi_long arg1,
 }
 #endif
 
+#ifdef TARGET_NR_adjtimex
+static inline abi_long target_to_host_timex(struct timex *host_buf,
+abi_long target_addr)
+{
+struct target_timex *target_buf;
+
+if (!lock_user_struct(VERIFY_READ, target_buf, target_addr, 1)) {
+return -TARGET_EFAULT;
+}
+
+host_buf->modes = tswap32(target_buf->modes);
+host_buf->offset = tswapal(target_buf->offset);
+host_buf->freq = tswapal(target_buf->freq);
+host_buf->maxerror = tswapal(target_buf->maxerror);
+host_buf->esterror = tswapal(target_buf->esterror);
+host_buf->status = tswap32(target_buf->status);
+host_buf->constant = tswapal(target_buf->constant);
+host_buf->precision = tswapal(target_buf->precision);
+host_buf->tolerance = tswapal(target_buf->tolerance);
+host_buf->time.tv_sec = tswapal(target_buf->time.tv_sec);
+host_buf->time.tv_usec = tswapal(target_buf->time.tv_usec);
+host_buf->tick = tswapal(target_buf->tick);
+host_buf->ppsfreq = tswapal(target_buf->ppsfreq);
+host_buf->jitter = tswapal(target_buf->jitter);
+host_buf->shift = tswap32(target_buf->shift);
+host_buf->stabil = tswapal(target_buf->stabil);
+host_buf->jitcnt = tswapal(target_buf->jitcnt);
+host_buf->calcnt = tswapal(target_buf->calcnt);
+host_buf->errcnt = tswapal(target_buf->errcnt);
+host_buf->stbcnt = tswapal(target_buf->stbcnt);
+host_buf->tai = tswap32(target_buf->tai);
+
+unlock_user_struct(target_buf, target_addr, 0);
+return 0;
+}
+
+static inline abi_long host_to_target_timex(abi_long target_addr,
+struct timex *host_buf)
+{
+struct target_timex *target_buf;
+
+if (!lock_user_struct(VERIFY_WRITE, target_buf, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+
+target_buf->modes = tswap32(host_buf->modes);
+target_buf->offset = tswapal(host_buf->offset);
+target_buf->freq = tswapal(host_buf->freq);
+target_buf->maxerror = 

[Qemu-devel] [PATCH v5 0/8] linux user: Fix assorted Qemu user mode issues

[Aleksandar Markovic]

From: Aleksandar Markovic 

v4->v5:

- removed three cleanup patches

v3->v4:

- rebased to the latest code
- added patch on clock_adjtime() support
- minor commit messages improvements

v2->v3:

- rebased to the latest code
- merged patches on adjtimex(), sysfs(), and ustat() from another series
- added patch on socketcall() support
- cleanup patches reorganized

v1->v2:

- improved usage of "#ifdefs" in patch on syslog()
- removed EIDRM-related code from patch on msgrcv(), since this error
  code is already handled well
- added three cleanup patches

(also, v1 for some reason did not appear on qemu-devel, but mails are sent)

This series fixes certain Qemu user mode issues. The fixes mainly originate
from observation of LTP tests failures for execution in Qemu user mode on
various platforms. The series also contains a cleanup patch.

Aleksandar Markovic (8):
  linux-user: Add support for adjtimex() syscall
  linux-user: Add support for clock_adjtime() syscall
  linux-user: Add support for sysfs() syscall
  linux-user: Add support for ustat() syscall
  linux-user: Fix msgrcv() and msgsnd() syscalls support
  linux-user: Fix socketcall() syscall support
  linux-user: Fix syslog() syscall support
  linux-user: Remove a duplicate item from strace.list

 linux-user/strace.c   | 118 +
 linux-user/strace.list|  12 +--
 linux-user/syscall.c  | 221 ++
 linux-user/syscall_defs.h |  53 +++
 4 files changed, 380 insertions(+), 24 deletions(-)

-- 
2.9.3

Re: [Qemu-devel] [PATCH 5/5] spapr_vscsi: convert to trace framework instead of DPRINTF

[Eric Blake]

On 09/14/2016 01:48 PM, Laurent Vivier wrote:
> Signed-off-by: Laurent Vivier 
> ---
>  hw/scsi/spapr_vscsi.c | 89 
> +--
>  hw/scsi/trace-events  | 27 
>  2 files changed, 63 insertions(+), 53 deletions(-)
> 

> +++ b/hw/scsi/trace-events
> @@ -202,3 +202,30 @@ esp_pci_dma_abort(uint32_t val) "ABORT (%.8x)"
>  esp_pci_dma_start(uint32_t val) "START (%.8x)"
>  esp_pci_sbac_read(uint32_t reg) "sbac: 0x%8.8x"
>  esp_pci_sbac_write(uint32_t reg, uint32_t val) "sbac: 0x%8.8x -> 0x%8.8x"
> +
> +# hw/scsi/spapr_vscsi.c
> +
> +spapr_vscsi_send_rsp(uint8_t status, int32_t res_in, int32_t res_out) 
> "status: 0x%x, res_in: %"PRId32", res_out: %"PRId32

Same as before.

> +spapr_vscsi_fetch_desc_no_data(void) "no data descriptor"
> +spapr_vscsi_fetch_desc_direct(void) "direct segment"
> +spapr_vscsi_fetch_desc_indirect(uint32_t qtag, unsigned desc, unsigned 
> local_desc) "indirect segment local tag=0x%"PRIx32" desc#%u/%u"
> +spapr_vscsi_fetch_desc_out_of_range(unsigned desc, unsigned desc_offset) 
> "#%u is ouf of range (%u bytes)"
> +spapr_vscsi_fetch_desc_dma_read_error(int rc) "spapr_vio_dma_read -> %d 
> reading ext_desc"
> +spapr_vscsi_fetch_desc_indirect_seg_ext(uint32_t qtag, unsigned n, unsigned 
> desc, uint64_t va, uint32_t len) "indirect segment ext. tag=0x%"PRIx32" 
> desc#%u/%u { va=0x%"PRIx64" len=0x%"PRIx32" }"
> +spapr_vscsi_fetch_desc_out_of_desc(void) "Out of descriptors !"

Probably worth dropping the ' !' while touching this (first, English
doesn't want space before !; second, ! usually means you are shouting at
the user, and doesn't appear in many other traces as a result).

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 4/5] spapr_llan: convert to trace framework instead of DPRINTF

[Eric Blake]

On 09/14/2016 01:48 PM, Laurent Vivier wrote:
> Signed-off-by: Laurent Vivier 
> ---
>  hw/net/spapr_llan.c | 61 
> ++---
>  hw/net/trace-events | 17 +++
>  2 files changed, 42 insertions(+), 36 deletions(-)
> 

> +++ b/hw/net/trace-events
> @@ -270,3 +270,20 @@ e1000e_cfg_support_virtio(bool support) "Virtio header 
> supported: %d"
>  
>  e1000e_vm_state_running(void) "VM state is running"
>  e1000e_vm_state_stopped(void) "VM state is stopped"
> +
> +# hw/net/spapr_llan.c
> +
> +spapr_vlan_get_rx_bd_from_pool_found(int pool, int32_t count, uint32_t 
> rx_bufs) "pool=%d count=%"PRId32" rxbufs=%"PRIu32

Same as in 1/5.
Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] target-i386: Fixed syscall posssible segfault

[Paolo Bonzini]

On 13/09/2016 15:23, Stanislav Shmarov wrote:
> In user-mode emulation env->idt.base memory is
> allocated in linux-user/main.c with
> size 8*512 = 4096 (for 64-bit).
> When fake interrupt EXCP_SYSCALL is thrown
> do_interrupt_user checks destination privilege level
> for this fake exception, and tries to read 4 bytes
> at address base + (256 * 2^4)=4096, that causes
> segfault.
> 
> Privlege level was checked only for int's, so lets
> read dpl from memory only for this case.
> 
> Signed-off-by: Stanislav Shmarov 

Queued for 2.8, thanks.

Paolo

> ---
>  target-i386/seg_helper.c | 36 +++-
>  1 file changed, 19 insertions(+), 17 deletions(-)
> 
> diff --git a/target-i386/seg_helper.c b/target-i386/seg_helper.c
> index 6cbdf17..fb79f31 100644
> --- a/target-i386/seg_helper.c
> +++ b/target-i386/seg_helper.c
> @@ -1137,25 +1137,27 @@ static void do_interrupt_real(CPUX86State *env, int 
> intno, int is_int,
>  static void do_interrupt_user(CPUX86State *env, int intno, int is_int,
>int error_code, target_ulong next_eip)
>  {
> -SegmentCache *dt;
> -target_ulong ptr;
> -int dpl, cpl, shift;
> -uint32_t e2;
> +if (is_int) {
> +SegmentCache *dt;
> +target_ulong ptr;
> +int dpl, cpl, shift;
> +uint32_t e2;
>  
> -dt = >idt;
> -if (env->hflags & HF_LMA_MASK) {
> -shift = 4;
> -} else {
> -shift = 3;
> -}
> -ptr = dt->base + (intno << shift);
> -e2 = cpu_ldl_kernel(env, ptr + 4);
> +dt = >idt;
> +if (env->hflags & HF_LMA_MASK) {
> +shift = 4;
> +} else {
> +shift = 3;
> +}
> +ptr = dt->base + (intno << shift);
> +e2 = cpu_ldl_kernel(env, ptr + 4);
>  
> -dpl = (e2 >> DESC_DPL_SHIFT) & 3;
> -cpl = env->hflags & HF_CPL_MASK;
> -/* check privilege if software int */
> -if (is_int && dpl < cpl) {
> -raise_exception_err(env, EXCP0D_GPF, (intno << shift) + 2);
> +dpl = (e2 >> DESC_DPL_SHIFT) & 3;
> +cpl = env->hflags & HF_CPL_MASK;
> +/* check privilege if software int */
> +if (dpl < cpl) {
> +raise_exception_err(env, EXCP0D_GPF, (intno << shift) + 2);
> +}
>  }
>  
>  /* Since we emulate only user space, we cannot do more than
> 

Re: [Qemu-devel] [PATCH v4 00/11] linux user: Fix assorted Qemu user mode issues

[Aleksandar Markovic]

OK, these patches will be removed in v5, which is pending. Thanks.

Aleksandar


From: Peter Maydell [peter.mayd...@linaro.org]
Sent: Wednesday, September 14, 2016 12:15 PM
To: Aleksandar Markovic
Cc: QEMU Developers; Riku Voipio; Petar Jovanovic; Miodrag Dinic; Aleksandar 
Rikalo; Aleksandar Markovic
Subject: Re: [PATCH v4 00/11] linux user: Fix assorted Qemu user mode issues

On 14 September 2016 at 16:21, Aleksandar Markovic
 wrote:
> This series fix certain Qemu user mode issues. The fixes mainly originate
> from observation of LTP tests failures for execution in Qemu user mode
> on various platforms. The series also contains four cleanup patches.

>   linux-user: Remove tabs and trailing spaces from linux-user/main.c
>   linux-user: Improve braces-related formatting in linux-user/main.c
>   linux-user: Improve usage of spaces in linux-user/main.c

I'm pretty sure these are going to conflict with the various
other linux-user patches currently in-flight, so I'm not sure
they're a great idea right now. (In general awkward conflicts
with other stuff and loss of info from git blame is why we
don't often do whole-file coding style cleanups.)

thanks
-- PMM

Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command

[Paolo Bonzini]

On 14/09/2016 21:24, Michael S. Tsirkin wrote:
> Well limited protection is of a limited use :) Seriously, the point of
> mitigation should be blocking classes of vulenrabilities not making
> things more complex.

No, not at all.  The point of _mitigation_ is to _mitigate_ the danger
from classes of vulnerabilities, i.e. make the attack harder though
perhaps not ultimately impossible.

>> If the adversary is passive and cannot ask anything is it even an
>> adversary?  Why do you need encryption at all if you can't even ptrace QEMU?
> 
> The cover letter mentioned a read everything adversary.
> How do you read everything? Well, you probably don't but
> there could be attacks that cause kernel to leak
> contents of random memory to an attacker.

Ok, it doesn't seem too useful.

> On the software side, we should try to
> push for enabling features independently, this way more
> hardware can benefit.

We can have an "unencrypted" sev-policy that only has limited
functionality such as disabling debug.  So you could disable debug with

 -object sev-policy-unencrypted,debug=false,id=mypolicy \
 -machine ...,sev-policy=mypolicy

Paolo

Re: [Qemu-devel] [PATCH 5/5] spapr_vscsi: convert to trace framework instead of DPRINTF

[Thomas Huth]

On 14.09.2016 20:48, Laurent Vivier wrote:
> Signed-off-by: Laurent Vivier 
> ---
>  hw/scsi/spapr_vscsi.c | 89 
> +--
>  hw/scsi/trace-events  | 27 
>  2 files changed, 63 insertions(+), 53 deletions(-)
> 
> diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c
> index 8fbd50f..29fef90 100644
> --- a/hw/scsi/spapr_vscsi.c
> +++ b/hw/scsi/spapr_vscsi.c

While you're at it: There is a stray fprintf statement at the beginning
of vscsi_process_tsk_mgmt() which is rather a debug statement than
really something that should be printed always ... could you please turn
that into a trace event, too?

 Thanks,
  Thomas




signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1310324] Re: Commit 0f842f8a introduces regression when using tcg-interpreter

[T. Huth]

The fix mentioned in comment #4 has been included here:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=7e4e88656c1e6192e9e47
==> Setting status to "Fix released".

** Changed in: qemu
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1310324

Title:
  Commit 0f842f8a introduces regression when using tcg-interpreter

Status in QEMU:
  Fix Released

Bug description:
  Hi.

  Commit 0f842f8a246f2b5b51a11c13f933bf7a90ae8e96 apparently introduces
  a regression when using --enable-tcg-interpreter. The regression is
  manifested as follows:

   1. Checkout any qemu commit later or equal that the one said above. Beside 
that one, I tested v1.7.1, v2.0.0 and a few other commits suggested to my by 
git bisect.
   2. Possibly cherry-pick commit a32b12741bf45bf3f46bffe5a79cb2548a060cd8, 
which fixes a compilation bug with --enable-tcg-interpreter.
   3. Compile with: ./configure --target-list=i386-softmmu 
--enable-tcg-interpreter && make -j8
   4. Create an empty virtual disk and try to install Windows XP on it booting 
from Windows CD-ROM. After the loading program, the installer immediately 
crashes with blue screen (it should instead show the installation confirmation 
dialog and then the EULA acceptance dialog, if it worked correctly).

  I'm mentioning Windows XP because it is the problem I found. Probably
  other operating systems would fail as well. I can test others, if you
  think it would be helpful. I can also give you access to the very
  exact CD-ROM image I'm using.

  The exact command line I'm using is:
  build_location/i386-softmmu/qemu-system-i386 -m 512 -drive 
file=winxp_test.img -cdrom wipxp_cdrom.iso

  Attached is the blue screen that I see (unfortunately it is Italian,
  but that's a standard error message and I hope this is not a problem).

  I'm not able to understand the nature of the commit to identify what
  could be the problem. My nose tells me that it may be some stupid
  mistake, for example in some offset constant, that nobody ever saw
  because tcg-interpreter is not much used.

  Thanks, Giovanni.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1310324/+subscriptions

[Qemu-devel] [Bug 1589923] Re: https websockets not working in 2.5 or 2.6

[T. Huth]

** Changed in: qemu
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1589923

Title:
  https websockets not working in 2.5 or 2.6

Status in QEMU:
  Fix Released
Status in qemu package in Ubuntu:
  Triaged
Status in Arch Linux:
  New

Bug description:
  % gdb --args ./x86_64-softmmu/qemu-system-x86_64 -vnc 
0.0.0.0:1,tls,x509=/etc/pki/libvirt-le,websocket=5701 
  
  GNU gdb (GDB) 7.11
  Copyright (C) 2016 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later 
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
  and "show warranty" for details.
  This GDB was configured as "x86_64-pc-linux-gnu".
  Type "show configuration" for configuration details.
  For bug reporting instructions, please see:
  .
  Find the GDB manual and other documentation resources online at:
  .
  For help, type "help".
  Type "apropos word" to search for commands related to "word"...
  Reading symbols from ./x86_64-softmmu/qemu-system-x86_64...done.
  (gdb) run
  Starting program: /home/ben/qemu/qemu-2.6.0/x86_64-softmmu/qemu-system-x86_64 
-vnc 0.0.0.0:1,tls,x509=/etc/pki/libvirt-le,websocket=5701
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/usr/lib/libthread_db.so.1".
  [New Thread 0x7fffe16f6700 (LWP 12767)]
  [New Thread 0x7fffde2d4700 (LWP 12768)]
  [New Thread 0x7fffd3fff700 (LWP 12769)]
  Initializing VNC server with x509 no auth
  Client sioc=0x5874d6b0 ws=1 auth=1 subauth=0
  New client on socket 0x5874d6b0
  vnc_set_share_mode/0x5874d6b0: undefined -> connecting
  TLS Websocket connection required
  Start TLS WS handshake process
  Handshake failed TLS handshake failed: The TLS connection was non-properly 
terminated.
  Closing down client sock: protocol error
  vnc_set_share_mode/0x5779f510: connecting -> disconnected
  Client sioc=0x5873c6a0 ws=1 auth=1 subauth=0
  New client on socket 0x5873c6a0
  vnc_set_share_mode/0x5873c6a0: undefined -> connecting
  TLS Websocket connection required
  Start TLS WS handshake process
  TLS handshake complete, starting websocket handshake
  Websocket negotiate starting
  Websock handshake complete, starting VNC protocol
  Write Plain: Pending output 0x57b91c60 size 4096 offset 12. Wait SSF 0
  Wrote wire 0x57b91c60 12 -> 12

  Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
  0x0001 in ?? ()
  (gdb) thread apply all bt

  Thread 4 (Thread 0x7fffd3fff700 (LWP 12769)):
  #0  0x7fffef35a09f in pthread_cond_wait@@GLIBC_2.3.2 () from 
/usr/lib/libpthread.so.0
  #1  0x55a20bd9 in qemu_cond_wait (cond=cond@entry=0x587267e0, 
  mutex=mutex@entry=0x58726810) at util/qemu-thread-posix.c:123
  #2  0x559770ab in vnc_worker_thread_loop 
(queue=queue@entry=0x587267e0)
  at ui/vnc-jobs.c:228
  #3  0x559775e8 in vnc_worker_thread (arg=0x587267e0) at 
ui/vnc-jobs.c:335
  #4  0x7fffef354474 in start_thread () from /usr/lib/libpthread.so.0
  #5  0x7fffea43c69d in clone () from /usr/lib/libc.so.6

  Thread 3 (Thread 0x7fffde2d4700 (LWP 12768)):
  #0  0x7fffef35a09f in pthread_cond_wait@@GLIBC_2.3.2 () from 
/usr/lib/libpthread.so.0
  #1  0x55a20bd9 in qemu_cond_wait (cond=, 
  ---Type  to continue, or q  to quit---
  emu_global_mutex>) at util/qemu-thread-posix.c:123
  #2  0x55715edf in qemu_tcg_wait_io_event (cpu=0x564ee840) at 
/home/ben/qemu/qemu-2.6.0/cpus.c:1015
  #3  qemu_tcg_cpu_thread_fn (arg=) at 
/home/ben/qemu/qemu-2.6.0/cpus.c:1161
  #4  0x7fffef354474 in start_thread () from /usr/lib/libpthread.so.0
  #5  0x7fffea43c69d in clone () from /usr/lib/libc.so.6

  Thread 2 (Thread 0x7fffe16f6700 (LWP 12767)):
  #0  0x7fffea438229 in syscall () from /usr/lib/libc.so.6
  #1  0x55a20ee8 in futex_wait (val=, ev=) at util/qemu-thread-posix.c:292
  #2  qemu_event_wait (ev=ev@entry=0x5641ece4 ) at 
util/qemu-thread-posix.c:399
  #3  0x55a2f2ae in call_rcu_thread (opaque=) at 
util/rcu.c:250
  #4  0x7fffef354474 in start_thread () from /usr/lib/libpthread.so.0
  #5  0x7fffea43c69d in clone () from /usr/lib/libc.so.6

  Thread 1 (Thread 0x77f5bb00 (LWP 12763)):
  #0  0x0001 in ?? ()
  #1  0x559efb53 in qio_task_free (task=0x58212140) at io/task.c:58
  #2  0x559efd89 in qio_task_complete (task=task@entry=0x58212140) 
at io/task.c:145
  #3  0x559ef5aa in qio_channel_websock_handshake_send 
(ioc=0x5873c6a0, condition=, 
  user_data=0x58212140) at io/channel-websock.c:289
  #4  0x7fffecf59c8a in g_main_context_dispatch () 

Re: [Qemu-devel] [PATCH 3/5] spapr_vio: convert to trace framework instead of DPRINTF

[Eric Blake]

On 09/14/2016 01:48 PM, Laurent Vivier wrote:
> Signed-off-by: Laurent Vivier 
> ---
>  hw/ppc/spapr_vio.c  | 17 +++--
>  hw/ppc/trace-events |  5 +
>  2 files changed, 8 insertions(+), 14 deletions(-)
> 

> +++ b/hw/ppc/trace-events
> @@ -66,6 +66,11 @@ spapr_rtas_get_sensor_state_invalid(uint32_t index) 
> "sensor index: 0x%"PRIx32
>  spapr_rtas_ibm_configure_connector_invalid(uint32_t index) "DRC index: 
> 0x%"PRIx32
>  spapr_rtas_ibm_configure_connector_missing_fdt(uint32_t index) "DRC index: 
> 0x%"PRIx32
>  
> +# hw/ppc/spapr_vio.c
> +
> +spapr_vio_h_reg_crq(uint64_t reg, uint64_t queue_addr, uint64_t queue_len) 
> "CRQ for dev 0x%" PRIx64 " registered at 0x%" PRIx64 "/0x%" PRIx64

Same comment about blank line ase in 1/5.
Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 0/6] Prep changes for modular trace-events build

[no-reply]

Hi,

Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 1473872922-23449-1-git-send-email-berra...@redhat.com
Subject: [Qemu-devel] [PATCH v2 0/6] Prep changes for modular trace-events build

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
make J=8 docker-test-quick@centos6
make J=8 docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] 
patchew/1473872922-23449-1-git-send-email-berra...@redhat.com -> 
patchew/1473872922-23449-1-git-send-email-berra...@redhat.com
Switched to a new branch 'test'
de7a8cc trace: use -1 instead of TRACE_VCPU_EVENT_COUNT as magic value
f0ab0b0 trace: remove use of event ID enums from APIs
62abecb trace: remove global 'uint16 dstate[]' array
8c99acf trace: remove some now unused functions
8b7e24e trace: convert code to use event iterators
2cf2a6e trace: add trace event iterator APIs

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
  BUILD centos6
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPY RUNNER
  RUN test-quick in centos6
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/src/tests/docker/install
BIOS directory/tmp/qemu-test/src/tests/docker/install/share/qemu
binary directory  /tmp/qemu-test/src/tests/docker/install/bin
library directory /tmp/qemu-test/src/tests/docker/install/lib
module directory  /tmp/qemu-test/src/tests/docker/install/lib/qemu
libexec directory /tmp/qemu-test/src/tests/docker/install/libexec
include directory /tmp/qemu-test/src/tests/docker/install/include
config directory  /tmp/qemu-test/src/tests/docker/install/etc
local state directory   /tmp/qemu-test/src/tests/docker/install/var
Manual directory  /tmp/qemu-test/src/tests/docker/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-fPIE -DPIE -m64 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels -Wmissing-include-dirs 
-Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition 
-Wtype-limits -fstack-protector-all
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi supportno
bluez  supportno
Documentation no
PIE   yes
vde support   no
netmap supportno
Linux AIO support no
ATTR/XATTR support yes
Install blobs yes
KVM support   yes
RDMA support  no
TCG interpreter   no
fdt support   yes
preadv supportyes
fdatasync yes
madvise   yes
posix_madvise yes
uuid support  no
libcap-ng support no
vhost-net support yes
vhost-scsi support yes
vhost-vsock support yes
Trace backendslog
spice support no 
rbd support   no
xfsctl supportno
smartcard support no
libusbno
usb net redir no
OpenGL supportno
OpenGL dmabufsno
libiscsi support  no
libnfs supportno
build guest agent yes
QGA VSS support   no
QGA w32 disk info no
QGA MSI support   no
seccomp support   no
coroutine backend ucontext
coroutine poolyes
GlusterFS support no
Archipelago support no
gcov  gcov
gcov enabled  no
TPM support   yes
libssh2 support   no
TPM passthrough   yes
QOM debugging yes
vhdx  no
lzo support   no
snappy supportno

Re: [Qemu-devel] [RFC PATCH v1 10/22] sev: add SEV debug decrypt command

[Michael S. Tsirkin]

On Wed, Sep 14, 2016 at 08:45:25PM +0200, Paolo Bonzini wrote:
> 
> 
> On 14/09/2016 20:15, Michael S. Tsirkin wrote:
> > On Wed, Sep 14, 2016 at 06:53:22PM +0200, Paolo Bonzini wrote:
> >>
> >>
> >> On 14/09/2016 17:02, Michael S. Tsirkin wrote:
> >>> If you believe there are attackers that have access to the
> >>> monitor and nothing else, then a feature to disable debugging
> >>> is a generally useful one. But once we merge sev patchset then of course
> >>> sev people disappear and it will be up to others to make it
> >>> work on non-amd CPUs.
> >>>
> >>> Another is to help merge other parts faster.  E.g.  looking at what
> >>> Daniel writes, the feature might have been over-sold so people will
> >>> disable debugging thinking this will prevent all active attacks. Thus we
> >>> now need to add good documentation so people know what they can actually
> >>> expect to get from QEMU in return for disabling debugging. Why not merge
> >>> the simple "encrypt memory part" while this documentation work is going
> >>> on?
> >>
> >> Encrypting memory makes no sense if anyone can ask to decrypt it.
> > 
> > It's not useless since the attack model here is a passive adversary
> > that can not ask anything.
> 
> Does _that attack model_ make sense then?

It seems to make sense superficially.

> Also, I don't think this is
> the attack model; limited protection against a compromised hypervisor is
> included.

Well limited protection is of a limited use :) Seriously, the point of
mitigation should be blocking classes of vulenrabilities not making
things more complex.

> If the adversary is passive and cannot ask anything is it even an
> adversary?  Why do you need encryption at all if you can't even ptrace QEMU?

The cover letter mentioned a read everything adversary.
How do you read everything? Well, you probably don't but
there could be attacks that cause kernel to leak
contents of random memory to an attacker.


> >>  And
> >> I'm not even sure how force-enabling debug r/w, which is literally a
> >> single bit set in the feature register, would make the patchset simpler.
> > 
> > It will make the *interface* simpler.
> 
> If we made debug r/w force-disabled, the interface would be just as
> simple, and the outcome more secure and more sensible.

If you don't think debugging is useful (maybe it isn't) do it for
everyone then :)

> >> If anything, as I said already, it would make the patchset simpler to
> >> force-*disable* it, since you don't need to introduce debug hooks that
> >> go through the secure processor.
> > 
> > My suggestion is to add a processor independent hook that disables
> > debugging.  Arguably this improves security in case attacker only has
> > access to the monitor.
> 
> The default is the wrong direction though for encrypted guests...
> 
> Paolo

I think this is just tying unrelated features together. Hardware vendors
always do this - they want to sell their hardware that
solves all the problems. On the software side, we should try to
push for enabling features independently, this way more
hardware can benefit.

People that do not need debugging can disable it and maybe some exploit
will be prevented. Not at all different for encryption.

-- 
MST