Re: [Qemu-devel] [FIX PATCH v1] spapr: Allow configure-connector to be called multiple times

[David Gibson]

On Thu, Aug 17, 2017 at 10:46:42AM +0530, Bharata B Rao wrote:
> In case of in-kernel memory hot unplug, when the guest is not able
> to remove all the LMBs that are requested for removal, it will add back
> any LMBs that have been successfully removed. The DR Connectors of
> these LMBs wouldn't have been unconfigured and hence the addition of
> these LMBs will result in configure-connector call being issued on
> LMB DR connectors that are already in configured state. Such
> configure-connector calls will fail resulting in a DIMM which is
> partially unplugged.
> 
> This however worked till recently before we overhauled the DRC
> implementation in QEMU. Commit 9d4c0f4f0a71e: "spapr: Consolidate
> DRC state variables" is the first commit where this problem shows up
> as per git bisect.
> 
> Ideally guest shouldn't be issuing configure-connector call on an
> already configured DR connector. However for now, work around this in
> QEMU by allowing configure-connector to be called multiple times for
> all types of DR connectors.
> 
> Signed-off-by: Bharata B Rao 
> ---
> v0: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg02942.html
> Changes in v1:
>  - Allow configure-connector to be called multiple times for all types
>of DR connectors and not just LMB DRCs. (David Gibson)
>  - Explicitly allow configure-connector to proceed only if the DRC is
>either in unisolated or in configured state. (David Gibson)
> 
>  hw/ppc/spapr_drc.c | 27 +--
>  1 file changed, 21 insertions(+), 6 deletions(-)

I've applied with a small correction:

> 
> diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
> index 5260b5d..40d1e99 100644
> --- a/hw/ppc/spapr_drc.c
> +++ b/hw/ppc/spapr_drc.c
> @@ -446,8 +446,12 @@ void spapr_drc_reset(sPAPRDRConnector *drc)
>  drc->state = drck->empty_state;
>  }
>  
> -drc->ccs_offset = -1;
> -drc->ccs_depth = -1;
> +/*
> + * Ensure that we are able to send the FDT fragment again
> + * via configure-connector call if the guest requests.
> + */
> +drc->ccs_offset = drc->fdt_start_offset;
> +drc->ccs_depth = 0;

This isn't quite right - we should only set these values ready when we
go into ready state (==CONFIGURED == device present) rather than empty
state (==UNALLOCATED == no device present).

>  }
>  
>  static void drc_reset(void *opaque)
> @@ -1071,8 +1075,14 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  }
>  
>  if ((drc->state != SPAPR_DRC_STATE_LOGICAL_UNISOLATE)
> -&& (drc->state != SPAPR_DRC_STATE_PHYSICAL_UNISOLATE)) {
> -/* Need to unisolate the device before configuring */
> +&& (drc->state != SPAPR_DRC_STATE_PHYSICAL_UNISOLATE)
> +&& (drc->state != SPAPR_DRC_STATE_LOGICAL_CONFIGURED)
> +&& (drc->state != SPAPR_DRC_STATE_PHYSICAL_CONFIGURED)) {
> +/*
> + * Need to unisolate the device before configuring
> + * or it should already be in configured state to
> + * allow configure-connector be called repeatedly.
> + */
>  rc = SPAPR_DR_CC_RESPONSE_NOT_CONFIGURABLE;
>  goto out;
>  }
> @@ -1108,8 +1118,13 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  /* done sending the device tree, move to configured state */
>  trace_spapr_drc_set_configured(drc_index);
>  drc->state = drck->ready_state;
> -drc->ccs_offset = -1;
> -drc->ccs_depth = -1;
> +/*
> + * Ensure that we are able to send the FDT fragment
> + * again via configure-connector call if the guest requests.
> + */
> +drc->ccs_offset = drc->fdt_start_offset;
> +drc->ccs_depth = 0;
> +fdt_offset_next = drc->fdt_start_offset;
>  resp = SPAPR_DR_CC_RESPONSE_SUCCESS;
>  } else {
>  resp = SPAPR_DR_CC_RESPONSE_PREV_PARENT;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] hw/ppc/spapr_rtc: Mark the RTC device with user_creatable = false

[David Gibson]

On Thu, Aug 17, 2017 at 07:15:10AM +0200, Thomas Huth wrote:
> QEMU currently aborts unexpectedly when a user tries to do something
> like this:
> 
> $ qemu-system-ppc64 -nographic -S -nodefaults -monitor stdio
> QEMU 2.9.92 monitor - type 'help' for more information
> (qemu) device_add spapr-rtc,id=spapr-rtc
> (qemu) device_del spapr-rtc
> **
> ERROR:qemu/qdev-monitor.c:872:qdev_unplug: assertion failed: (hotplug_ctrl)
> Aborted (core dumped)
> 
> The RTC device is not meant to be hot-pluggable - it's an internal
> device only and it even should not be possible to create it a
> second time with the "-device" parameter, so let's mark this
> with "user_creatable = false".
> 
> Signed-off-by: Thomas Huth 

Applied to ppc-for-2.10, thanks.

> ---
>  hw/ppc/spapr_rtc.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/hw/ppc/spapr_rtc.c b/hw/ppc/spapr_rtc.c
> index 00a4e4c..9ec3078 100644
> --- a/hw/ppc/spapr_rtc.c
> +++ b/hw/ppc/spapr_rtc.c
> @@ -164,6 +164,8 @@ static void spapr_rtc_class_init(ObjectClass *oc, void 
> *data)
>  
>  dc->realize = spapr_rtc_realize;
>  dc->vmsd = &vmstate_spapr_rtc;
> +/* Reason: This is an internal device only for handling the hypercalls */
> +dc->user_creatable = false;
>  
>  spapr_rtas_register(RTAS_GET_TIME_OF_DAY, "get-time-of-day",
>  rtas_get_time_of_day);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] Guest init virtio-serial port failed randomly， qemu-kvm report error about guest failure in adding device virtio-serial0.0

[皮智]

Hi，I meet a problem with vm(windows10), my environment is qemu-kvm-2.3,
virtio-win-0.1.126, host(centos7.2), guest(windows10).
I add four virtio-serial port to vm, if I hard reboot the vm(windows10), it
may happen as follows randomly:

2017-08-14T07:51:18.401008Z qemu-kvm: virtio-serial-bus: Unexpected port id
1122983520 for device virtio-serial0.0
2017-08-14T07:51:18.956482Z qemu-kvm: virtio-serial-bus: Guest failure in
adding device virtio-serial0.0
2017-08-14T07:51:29.176795Z qemu-kvm: virtio-serial-bus: Guest failure in
adding device virtio-serial0.0
2017-08-14T07:51:34.454819Z qemu-kvm: virtio-serial-bus: Unexpected port id
2042451128 for device virtio-serial0.0
2017-08-14T07:51:44.655068Z qemu-kvm: virtio-serial-bus: Guest failure in
adding device virtio-serial0.0
2017-08-14T07:51:49.764201Z qemu-kvm: virtio-serial-bus: Unexpected port id
1122983520 for device virtio-serial0.0
2017-08-14T07:51:59.969836Z qemu-kvm: virtio-serial-bus: Guest failure in
adding device virtio-serial0.0
2017-08-14T07:52:21.564461Z qemu-kvm: virtio-serial-bus: Unexpected port id
1122983520 for device virtio-serial0.0
2017-08-14T07:52:47.059452Z qemu-kvm: virtio-serial-bus: Guest failure in
adding device virtio-serial0.0
2017-08-14T07:53:22.710677Z qemu-kvm: virtio-serial-bus: Unexpected port id
1122983520 for device virtio-serial0.0
2017-08-14T07:53:32.781204Z qemu-kvm: virtio-serial-bus: Guest failure in
adding device virtio-serial0.0
2017-08-14T07:53:48.040513Z qemu-kvm: virtio-serial-bus: Unexpected port id
3179968584 for device virtio-serial0.0
2017-08-14T07:54:23.547393Z qemu-kvm: virtio-serial-bus: Unexpected port id
1122983520 for device virtio-serial0.0
2017-08-14T07:55:54.350754Z qemu-kvm: virtio-serial-bus: Unexpected port id
1122983520 for device virtio-serial0.0
2017-08-14T07:56:09.393056Z qemu-kvm: virtio-serial-bus: Unexpected port id
1122983520 for device virtio-serial0.0
2017-08-14T07:57:39.670850Z qemu-kvm: virtio-serial-bus: Unexpected port id
1122983520 for device virtio-serial0.0
2017-08-14T07:58:09.867650Z qemu-kvm: virtio-serial-bus: Unexpected port id
1185792 for device virtio-serial0.0
2017-08-14T07:59:10.053208Z qemu-kvm: virtio-serial-bus: Unexpected port id
1122983520 for device virtio-serial0.0
2017-08-14T08:00:20.235162Z qemu-kvm: virtio-serial-bus: Guest failure in
adding device virtio-serial0.0
2017-08-14T08:01:20.394196Z qemu-kvm: virtio-serial-bus: Guest failure in
adding device virtio-serial0.0

If qemu-kvm report upper error, it will cause guest failed to init
virtio-serial port.
Thanks.

Looking forward to your reply.

Re: [Qemu-devel] [PATCH 16/26] qapi: add conditions to VNC type/commands/events on the schema

[Markus Armbruster]

"Dr. David Alan Gilbert"  writes:

> * Marc-André Lureau (marcandre.lur...@redhat.com) wrote:
>> Add #if defined(CONFIG_VNC) in generated code, and adjust the
>> qmp/hmp code accordingly.
>> 
>> Signed-off-by: Marc-André Lureau 
>
>> diff --git a/hmp.c b/hmp.c
>> index fd80dce758..9454c634bd 100644
>> --- a/hmp.c
>> +++ b/hmp.c
>> @@ -605,6 +605,7 @@ void hmp_info_blockstats(Monitor *mon, const QDict 
>> *qdict)
>>  qapi_free_BlockStatsList(stats_list);
>>  }
>>  
>> +#ifdef CONFIG_VNC
>>  /* Helper for hmp_info_vnc_clients, _servers */
>>  static void hmp_info_VncBasicInfo(Monitor *mon, VncBasicInfo *info,
>>const char *name)
>> @@ -692,6 +693,12 @@ void hmp_info_vnc(Monitor *mon, const QDict *qdict)
>>  qapi_free_VncInfo2List(info2l);
>>  
>>  }
>> +#else
>> +void hmp_info_vnc(Monitor *mon, const QDict *qdict)
>> +{
>> +warn_report("VNC support is disabled");

error_report(), please (see below).

>> +}
>> +#endif
>
> I'm OK with this, so
>
> Acked-by: Dr. David Alan Gilbert 
>
> although you might just be able to add a #ifdef in hmp-commands-info.hx
> and avoid the is disabled function, or you might find that with the QMP
> returning an error the HMP just passes that error on.

Let's compare failures when !CONFIG_VNC:

(a) Marc-André's patch as is:

(qemu) info vnc
warning: VNC support is disabled

Drop the "warning: " (because it ain't; the command failed), and this
is fine.

(b) Compiling them out completely (#ifdef in hmp-commands*.hx):

unknown command: 'vnc'

HMP bug; should be something like

Unknown command: 'info vnc'

but that's not this series' problem.

Good enough for me.

(c) Forwarding the QMP error verbatim

The command query-vnc has not been found

No good.

(d) Handling CommandNotFound

More work than (a) for the same result.

As far as I'm concerned, feel free to do (a) or (b).

[...]

[Qemu-devel] [PATCH 4/6] tests: Introduce generic device hot-plug/hot-unplug functions

[Thomas Huth]

A lot of tests provide code for adding and removing a device via the
device_add and device_del QMP commands. Maintaining this code in so
many places is cumbersome and error-prone (some of the code parts
check the responses in an incorrect way, for example), so let's
provide some proper generic qtest functions for adding and removing a
device instead.

Signed-off-by: Thomas Huth 
---
 tests/libqos/pci.c | 19 ++-
 tests/libqos/usb.c | 30 +--
 tests/libqtest.c   | 60 ++
 tests/libqtest.h   | 19 +++
 tests/usb-hcd-uhci-test.c  | 26 ++--
 tests/usb-hcd-xhci-test.c  | 51 ---
 tests/virtio-scsi-test.c   | 24 ++-
 tests/virtio-serial-test.c | 25 +++
 8 files changed, 98 insertions(+), 156 deletions(-)

diff --git a/tests/libqos/pci.c b/tests/libqos/pci.c
index 2dcdead..aada753 100644
--- a/tests/libqos/pci.c
+++ b/tests/libqos/pci.c
@@ -394,21 +394,6 @@ QPCIBar qpci_legacy_iomap(QPCIDevice *dev, uint16_t addr)
 void qpci_plug_device_test(const char *driver, const char *id,
uint8_t slot, const char *opts)
 {
-QDict *response;
-char *cmd;
-
-cmd = g_strdup_printf("{'execute': 'device_add',"
-  " 'arguments': {"
-  "   'driver': '%s',"
-  "   'addr': '%d',"
-  "   %s%s"
-  "   'id': '%s'"
-  "}}", driver, slot,
-  opts ? opts : "", opts ? "," : "",
-  id);
-response = qmp(cmd);
-g_free(cmd);
-g_assert(response);
-g_assert(!qdict_haskey(response, "error"));
-QDECREF(response);
+qtest_hot_plug_device(driver, id, "'addr': '%d'%s%s", slot,
+  opts ? ", " : "", opts ? opts : "");
 }
diff --git a/tests/libqos/usb.c b/tests/libqos/usb.c
index 0cdfaec..f8d0190 100644
--- a/tests/libqos/usb.c
+++ b/tests/libqos/usb.c
@@ -40,34 +40,16 @@ void uhci_port_test(struct qhc *hc, int port, uint16_t 
expect)
 void usb_test_hotplug(const char *hcd_id, const int port,
   void (*port_check)(void))
 {
-QDict *response;
-char  *cmd;
+char  *id = g_strdup_printf("usbdev%d", port);
 
-cmd = g_strdup_printf("{'execute': 'device_add',"
-  " 'arguments': {"
-  "   'driver': 'usb-tablet',"
-  "   'port': '%d',"
-  "   'bus': '%s.0',"
-  "   'id': 'usbdev%d'"
-  "}}", port, hcd_id, port);
-response = qmp(cmd);
-g_free(cmd);
-g_assert(response);
-g_assert(!qdict_haskey(response, "error"));
-QDECREF(response);
+qtest_hot_plug_device("usb-tablet", id, "'port': '%d', 'bus': '%s.0'",
+  port, hcd_id);
 
 if (port_check) {
 port_check();
 }
 
-cmd = g_strdup_printf("{'execute': 'device_del',"
-   " 'arguments': {"
-   "   'id': 'usbdev%d'"
-   "}}", port);
-response = qmp(cmd);
-g_free(cmd);
-g_assert(response);
-g_assert(qdict_haskey(response, "event"));
-g_assert(!strcmp(qdict_get_str(response, "event"), "DEVICE_DELETED"));
-QDECREF(response);
+qtest_hot_unplug_device(id);
+
+g_free(id);
 }
diff --git a/tests/libqtest.c b/tests/libqtest.c
index b9a1f18..4339d97 100644
--- a/tests/libqtest.c
+++ b/tests/libqtest.c
@@ -987,3 +987,63 @@ void qtest_cb_for_every_machine(void (*cb)(const char 
*machine))
 qtest_end();
 QDECREF(response);
 }
+
+/**
+ * Generic hot-plugging test via the device_add QMP command
+ */
+void qtest_hot_plug_device(const char *driver, const char *id,
+   const char *fmt, ...)
+{
+QDict *response;
+char *cmd, *opts = NULL;
+va_list va;
+
+if (fmt) {
+va_start(va, fmt);
+opts = g_strdup_vprintf(fmt, va);
+va_end(va);
+}
+
+cmd = g_strdup_printf("{'execute': 'device_add',"
+  " 'arguments': { 'driver': '%s', 'id': '%s'%s%s }}",
+  driver, id, opts ? ", " : "", opts ? opts : "");
+g_free(opts);
+
+response = qmp(cmd);
+g_free(cmd);
+g_assert(response);
+while (qdict_haskey(response, "event")) {
+/* We can get DEVICE_DELETED events in case something went wrong */
+g_assert_cmpstr(qdict_get_str(response, "event"), !=, 
"DEVICE_DELETED");
+QDECREF(response);
+response = qmp("");
+g_assert(response);
+}
+g_assert(!qdict_haskey(response, "error"));
+QDECREF(response);
+}
+
+/**
+ * Generic hot-unplugging test via the device_del QMP command
+ */
+void qtest_hot_unplug_device(const char *id)
+{
+QDict *response;
+char 

[Qemu-devel] [PATCH 3/6] tests: Enable the drive_del test also on s390x

[Thomas Huth]

By using the "virtio-xxx" device name aliases instead of the
"virtio-xxx-pci" names, we can use this test on s390x, too,
to check that adding and deleting also works fine with the
virtio-ccw bus.

Signed-off-by: Thomas Huth 
---
 tests/Makefile.include |  1 +
 tests/drive_del-test.c | 13 +++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 0bb18b3..ff2a551 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -363,6 +363,7 @@ check-qtest-s390x-y = tests/boot-serial-test$(EXESUF)
 check-qtest-s390x-$(CONFIG_SLIRP) += tests/test-netfilter$(EXESUF)
 check-qtest-s390x-$(CONFIG_POSIX) += tests/test-filter-mirror$(EXESUF)
 check-qtest-s390x-$(CONFIG_POSIX) += tests/test-filter-redirector$(EXESUF)
+check-qtest-s390x-y += tests/drive_del-test$(EXESUF)
 
 check-qtest-generic-y += tests/qom-test$(EXESUF)
 check-qtest-generic-y += tests/test-hmp$(EXESUF)
diff --git a/tests/drive_del-test.c b/tests/drive_del-test.c
index 2175139..efceb31 100644
--- a/tests/drive_del-test.c
+++ b/tests/drive_del-test.c
@@ -65,12 +65,12 @@ static void test_after_failed_device_add(void)
 
 qtest_start("-drive if=none,id=drive0");
 
-/* Make device_add fail.  If this leaks the virtio-blk-pci device then a
+/* Make device_add fail.  If this leaks the virtio-blk device then a
  * reference to drive0 will also be held (via qdev properties).
  */
 response = qmp("{'execute': 'device_add',"
" 'arguments': {"
-   "   'driver': 'virtio-blk-pci',"
+   "   'driver': 'virtio-blk',"
"   'drive': 'drive0'"
"}}");
 g_assert(response);
@@ -82,7 +82,7 @@ static void test_after_failed_device_add(void)
 drive_del();
 
 /* Try to re-add the drive.  This fails with duplicate IDs if a leaked
- * virtio-blk-pci exists that holds a reference to the old drive0.
+ * virtio-blk exists that holds a reference to the old drive0.
  */
 drive_add();
 
@@ -93,7 +93,7 @@ static void test_drive_del_device_del(void)
 {
 /* Start with a drive used by a device that unplugs instantaneously */
 qtest_start("-drive if=none,id=drive0,file=null-co://,format=raw"
-" -device virtio-scsi-pci"
+" -device virtio-scsi"
 " -device scsi-hd,drive=drive0,id=dev0");
 
 /*
@@ -114,9 +114,10 @@ int main(int argc, char **argv)
 
 qtest_add_func("/drive_del/without-dev", test_drive_without_dev);
 
-/* TODO I guess any arch with PCI would do */
+/* TODO I guess any arch with a hot-pluggable virtio bus would do */
 if (!strcmp(arch, "i386") || !strcmp(arch, "x86_64") ||
-!strcmp(arch, "ppc") || !strcmp(arch, "ppc64")) {
+!strcmp(arch, "ppc") || !strcmp(arch, "ppc64") ||
+!strcmp(arch, "s390x")) {
 qtest_add_func("/drive_del/after_failed_device_add",
test_after_failed_device_add);
 qtest_add_func("/blockdev/drive_del_device_del",
-- 
1.8.3.1

[Qemu-devel] [PATCH 2/6] tests: Add network filter tests to the check-qtest-s390x list

[Thomas Huth]

With some small modifications, we can also use the the netfilter,
the fiter-mirror and the filter-redirector tests on s390x.

Signed-off-by: Thomas Huth 
---
 tests/Makefile.include |  3 +++
 tests/test-filter-mirror.c |  9 +++--
 tests/test-filter-redirector.c | 22 --
 tests/test-netfilter.c | 11 ++-
 4 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 8d5991d..0bb18b3 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -360,6 +360,9 @@ check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
 check-qtest-xtensaeb-y = $(check-qtest-xtensa-y)
 
 check-qtest-s390x-y = tests/boot-serial-test$(EXESUF)
+check-qtest-s390x-$(CONFIG_SLIRP) += tests/test-netfilter$(EXESUF)
+check-qtest-s390x-$(CONFIG_POSIX) += tests/test-filter-mirror$(EXESUF)
+check-qtest-s390x-$(CONFIG_POSIX) += tests/test-filter-redirector$(EXESUF)
 
 check-qtest-generic-y += tests/qom-test$(EXESUF)
 check-qtest-generic-y += tests/test-hmp$(EXESUF)
diff --git a/tests/test-filter-mirror.c b/tests/test-filter-mirror.c
index a1d5865..d569d27 100644
--- a/tests/test-filter-mirror.c
+++ b/tests/test-filter-mirror.c
@@ -25,6 +25,11 @@ static void test_mirror(void)
 char *recv_buf;
 uint32_t size = sizeof(send_buf);
 size = htonl(size);
+const char *devstr = "e1000";
+
+if (g_str_equal(qtest_get_arch(), "s390x")) {
+devstr = "virtio-net-ccw";
+}
 
 ret = socketpair(PF_UNIX, SOCK_STREAM, 0, send_sock);
 g_assert_cmpint(ret, !=, -1);
@@ -33,10 +38,10 @@ static void test_mirror(void)
 g_assert_cmpint(ret, !=, -1);
 
 cmdline = g_strdup_printf("-netdev socket,id=qtest-bn0,fd=%d "
- "-device e1000,netdev=qtest-bn0,id=qtest-e0 "
+ "-device %s,netdev=qtest-bn0,id=qtest-e0 "
  "-chardev socket,id=mirror0,path=%s,server,nowait "
  "-object 
filter-mirror,id=qtest-f0,netdev=qtest-bn0,queue=tx,outdev=mirror0 "
- , send_sock[1], sock_path);
+ , send_sock[1], devstr, sock_path);
 qtest_start(cmdline);
 g_free(cmdline);
 
diff --git a/tests/test-filter-redirector.c b/tests/test-filter-redirector.c
index 69c663b..3afd411 100644
--- a/tests/test-filter-redirector.c
+++ b/tests/test-filter-redirector.c
@@ -57,6 +57,16 @@
 #include "qemu/error-report.h"
 #include "qemu/main-loop.h"
 
+static const char *get_devstr(void)
+{
+if (g_str_equal(qtest_get_arch(), "s390x")) {
+return "virtio-net-ccw";
+}
+
+return "rtl8139";
+}
+
+
 static void test_redirector_tx(void)
 {
 int backend_sock[2], recv_sock;
@@ -78,7 +88,7 @@ static void test_redirector_tx(void)
 g_assert_cmpint(ret, !=, -1);
 
 cmdline = g_strdup_printf("-netdev socket,id=qtest-bn0,fd=%d "
-"-device rtl8139,netdev=qtest-bn0,id=qtest-e0 "
+"-device %s,netdev=qtest-bn0,id=qtest-e0 "
 "-chardev socket,id=redirector0,path=%s,server,nowait "
 "-chardev socket,id=redirector1,path=%s,server,nowait "
 "-chardev socket,id=redirector2,path=%s,nowait "
@@ -87,8 +97,8 @@ static void test_redirector_tx(void)
 "-object filter-redirector,id=qtest-f1,netdev=qtest-bn0,"
 "queue=tx,indev=redirector2 "
 "-object filter-redirector,id=qtest-f2,netdev=qtest-bn0,"
-"queue=tx,outdev=redirector1 "
-, backend_sock[1], sock_path0, sock_path1, sock_path0);
+"queue=tx,outdev=redirector1 ", backend_sock[1], get_devstr(),
+sock_path0, sock_path1, sock_path0);
 qtest_start(cmdline);
 g_free(cmdline);
 
@@ -149,7 +159,7 @@ static void test_redirector_rx(void)
 g_assert_cmpint(ret, !=, -1);
 
 cmdline = g_strdup_printf("-netdev socket,id=qtest-bn0,fd=%d "
-"-device rtl8139,netdev=qtest-bn0,id=qtest-e0 "
+"-device %s,netdev=qtest-bn0,id=qtest-e0 "
 "-chardev socket,id=redirector0,path=%s,server,nowait "
 "-chardev socket,id=redirector1,path=%s,server,nowait "
 "-chardev socket,id=redirector2,path=%s,nowait "
@@ -158,8 +168,8 @@ static void test_redirector_rx(void)
 "-object filter-redirector,id=qtest-f1,netdev=qtest-bn0,"
 "queue=rx,outdev=redirector2 "
 "-object filter-redirector,id=qtest-f2,netdev=qtest-bn0,"
-"queue=rx,indev=redirector1 "
-, backend_sock[1], sock_path0, sock_path1, sock_path0);
+"queue=rx,indev=redirector1 ", backend_sock[1], get_devstr(),
+sock_path0, sock_path1, sock_path0);
 qtest_start(cmdline);
 g_free(cmdline);
 
diff --git a/tests/test-netfilter.c b/tests/test-netfilter.c
index 8b5a9b2..2506473 100644
--- a/tests/test-netfilter.c
+++ b/tests/test-netfilter.c
@@ -182,6 +182,12 @@ static void remove_netdev_wit

[Qemu-devel] [PATCH 1/6] tests: Run filter-redirector and -mirror test only on POSIX systems

[Thomas Huth]

This way we can get rid of the ugly #ifdefs in the code which makes
it easier to extend later.

Signed-off-by: Thomas Huth 
---
 tests/Makefile.include |  8 
 tests/test-filter-mirror.c |  5 -
 tests/test-filter-redirector.c | 10 --
 3 files changed, 4 insertions(+), 19 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 37c1bed..8d5991d 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -283,8 +283,8 @@ ifeq ($(CONFIG_VHOST_USER_NET_TEST_i386),)
 check-qtest-x86_64-$(CONFIG_VHOST_USER_NET_TEST_x86_64) += 
tests/vhost-user-test$(EXESUF)
 endif
 check-qtest-i386-$(CONFIG_SLIRP) += tests/test-netfilter$(EXESUF)
-check-qtest-i386-y += tests/test-filter-mirror$(EXESUF)
-check-qtest-i386-y += tests/test-filter-redirector$(EXESUF)
+check-qtest-i386-$(CONFIG_POSIX) += tests/test-filter-mirror$(EXESUF)
+check-qtest-i386-$(CONFIG_POSIX) += tests/test-filter-redirector$(EXESUF)
 check-qtest-i386-y += tests/postcopy-test$(EXESUF)
 check-qtest-i386-y += tests/test-x86-cpuid-compat$(EXESUF)
 check-qtest-i386-y += tests/numa-test$(EXESUF)
@@ -325,8 +325,8 @@ check-qtest-ppc64-y += tests/usb-hcd-xhci-test$(EXESUF)
 gcov-files-ppc64-y += hw/usb/hcd-xhci.c
 check-qtest-ppc64-y += $(check-qtest-virtio-y)
 check-qtest-ppc64-$(CONFIG_SLIRP) += tests/test-netfilter$(EXESUF)
-check-qtest-ppc64-y += tests/test-filter-mirror$(EXESUF)
-check-qtest-ppc64-y += tests/test-filter-redirector$(EXESUF)
+check-qtest-ppc64-$(CONFIG_POSIX) += tests/test-filter-mirror$(EXESUF)
+check-qtest-ppc64-$(CONFIG_POSIX) += tests/test-filter-redirector$(EXESUF)
 check-qtest-ppc64-y += tests/display-vga-test$(EXESUF)
 check-qtest-ppc64-y += tests/numa-test$(EXESUF)
 check-qtest-ppc64-$(CONFIG_IVSHMEM) += tests/ivshmem-test$(EXESUF)
diff --git a/tests/test-filter-mirror.c b/tests/test-filter-mirror.c
index 9f84402..a1d5865 100644
--- a/tests/test-filter-mirror.c
+++ b/tests/test-filter-mirror.c
@@ -17,9 +17,6 @@
 
 static void test_mirror(void)
 {
-#ifndef _WIN32
-/* socketpair(PF_UNIX) which does not exist on windows */
-
 int send_sock[2], recv_sock;
 char *cmdline;
 uint32_t ret = 0, len = 0;
@@ -74,8 +71,6 @@ static void test_mirror(void)
 g_free(recv_buf);
 close(recv_sock);
 unlink(sock_path);
-
-#endif
 }
 
 int main(int argc, char **argv)
diff --git a/tests/test-filter-redirector.c b/tests/test-filter-redirector.c
index 0c4b8d5..69c663b 100644
--- a/tests/test-filter-redirector.c
+++ b/tests/test-filter-redirector.c
@@ -59,9 +59,6 @@
 
 static void test_redirector_tx(void)
 {
-#ifndef _WIN32
-/* socketpair(PF_UNIX) which does not exist on windows */
-
 int backend_sock[2], recv_sock;
 char *cmdline;
 uint32_t ret = 0, len = 0;
@@ -129,15 +126,10 @@ static void test_redirector_tx(void)
 unlink(sock_path0);
 unlink(sock_path1);
 qtest_end();
-
-#endif
 }
 
 static void test_redirector_rx(void)
 {
-#ifndef _WIN32
-/* socketpair(PF_UNIX) which does not exist on windows */
-
 int backend_sock[2], send_sock;
 char *cmdline;
 uint32_t ret = 0, len = 0;
@@ -203,8 +195,6 @@ static void test_redirector_rx(void)
 unlink(sock_path0);
 unlink(sock_path1);
 qtest_end();
-
-#endif
 }
 
 int main(int argc, char **argv)
-- 
1.8.3.1

[Qemu-devel] [PATCH 6/6] tests: Enable the simple virtio tests on s390x, too

[Thomas Huth]

Most of the simple virtio test can be used on virtio-ccw on
s390x, too, by simply using the bus-independent alias names
of the devices instead of the device names ending in "-pci".
Hot-plugging can also be tested here - we just have to use
the generic hot plug function instead of the PCI hot plug
function in the qvirtio_plug_device_test() function.

Signed-off-by: Thomas Huth 
---
 tests/Makefile.include  |  4 
 tests/libqos/virtio.c   |  4 +++-
 tests/virtio-balloon-test.c |  6 +++---
 tests/virtio-console-test.c | 12 ++--
 tests/virtio-rng-test.c | 10 +-
 tests/virtio-serial-test.c  |  8 
 6 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index e3acdff..ac24aa6 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -364,6 +364,10 @@ check-qtest-s390x-$(CONFIG_SLIRP) += 
tests/test-netfilter$(EXESUF)
 check-qtest-s390x-$(CONFIG_POSIX) += tests/test-filter-mirror$(EXESUF)
 check-qtest-s390x-$(CONFIG_POSIX) += tests/test-filter-redirector$(EXESUF)
 check-qtest-s390x-y += tests/drive_del-test$(EXESUF)
+check-qtest-s390x-y += tests/virtio-balloon-test$(EXESUF)
+check-qtest-s390x-y += tests/virtio-console-test$(EXESUF)
+check-qtest-s390x-y += tests/virtio-rng-test$(EXESUF)
+check-qtest-s390x-y += tests/virtio-serial-test$(EXESUF)
 
 check-qtest-generic-y += tests/qom-test$(EXESUF)
 check-qtest-generic-y += tests/test-hmp$(EXESUF)
diff --git a/tests/libqos/virtio.c b/tests/libqos/virtio.c
index 87d2e65..5ff9ad6 100644
--- a/tests/libqos/virtio.c
+++ b/tests/libqos/virtio.c
@@ -349,6 +349,8 @@ void qvirtio_plug_device_test(const char *driver, const 
char *id,
 if (g_str_equal(arch, "i386") || g_str_equal(arch, "x86_64") ||
 g_str_equal(arch, "ppc64")) {
 qpci_plug_device_test(driver, id, addr, opts);
+} else if (g_str_equal(arch, "s390x")) {
+qtest_hot_plug_device(driver, id, opts ? "%s" : NULL,  opts);
 } else {
 g_assert_not_reached();
 }
@@ -360,7 +362,7 @@ void qvirtio_unplug_device_test(const char *id, uint8_t 
addr)
 
 if (g_str_equal(arch, "i386") || g_str_equal(arch, "x86_64")) {
 qpci_unplug_acpi_device_test(id, addr);
-} else if (g_str_equal(arch, "ppc64")) {
+} else if (g_str_equal(arch, "ppc64") || g_str_equal(arch, "s390x")) {
 qtest_hot_unplug_device(id);
 } else {
 g_assert_not_reached();
diff --git a/tests/virtio-balloon-test.c b/tests/virtio-balloon-test.c
index 0d0046b..45c95dd 100644
--- a/tests/virtio-balloon-test.c
+++ b/tests/virtio-balloon-test.c
@@ -11,7 +11,7 @@
 #include "libqtest.h"
 
 /* Tests only initialization so far. TODO: Replace with functional tests */
-static void pci_nop(void)
+static void balloon_nop(void)
 {
 }
 
@@ -20,9 +20,9 @@ int main(int argc, char **argv)
 int ret;
 
 g_test_init(&argc, &argv, NULL);
-qtest_add_func("/virtio/balloon/pci/nop", pci_nop);
+qtest_add_func("/virtio/balloon/nop", balloon_nop);
 
-qtest_start("-device virtio-balloon-pci");
+qtest_start("-device virtio-balloon");
 ret = g_test_run();
 
 qtest_end();
diff --git a/tests/virtio-console-test.c b/tests/virtio-console-test.c
index 1c3de07..d15e182 100644
--- a/tests/virtio-console-test.c
+++ b/tests/virtio-console-test.c
@@ -11,16 +11,16 @@
 #include "libqtest.h"
 
 /* Tests only initialization so far. TODO: Replace with functional tests */
-static void console_pci_nop(void)
+static void console_nop(void)
 {
-qtest_start("-device virtio-serial-pci,id=vser0 "
+qtest_start("-device virtio-serial,id=vser0 "
 "-device virtconsole,bus=vser0.0");
 qtest_end();
 }
 
-static void serialport_pci_nop(void)
+static void serialport_nop(void)
 {
-qtest_start("-device virtio-serial-pci,id=vser0 "
+qtest_start("-device virtio-serial,id=vser0 "
 "-device virtserialport,bus=vser0.0");
 qtest_end();
 }
@@ -28,8 +28,8 @@ static void serialport_pci_nop(void)
 int main(int argc, char **argv)
 {
 g_test_init(&argc, &argv, NULL);
-qtest_add_func("/virtio/console/pci/nop", console_pci_nop);
-qtest_add_func("/virtio/serialport/pci/nop", serialport_pci_nop);
+qtest_add_func("/virtio/console/nop", console_nop);
+qtest_add_func("/virtio/serialport/nop", serialport_nop);
 
 return g_test_run();
 }
diff --git a/tests/virtio-rng-test.c b/tests/virtio-rng-test.c
index 04c4279..b58352e 100644
--- a/tests/virtio-rng-test.c
+++ b/tests/virtio-rng-test.c
@@ -15,13 +15,13 @@
 #define PCI_SLOT_HP 0x06
 
 /* Tests only initialization so far. TODO: Replace with functional tests */
-static void pci_nop(void)
+static void rng_nop(void)
 {
 }
 
 static void hotplug(void)
 {
-qvirtio_plug_device_test("virtio-rng-pci", "rng1", PCI_SLOT_HP, NULL);
+qvirtio_plug_device_test("virtio-rng", "rng1", PCI_SLOT_HP, NULL);
 
 qvirtio_unplug_device_test("rng1", PCI_SLOT_HP);
 }
@@ -31,10 +31,10 @@ int main(int argc, ch

[Qemu-devel] [PATCH 5/6] tests: Add qvirtio_(un)plug_device_test wrapper functions

[Thomas Huth]

To support hot-plugging tests with virtio-ccw later, the current
tests should become independent from PCI specific functions. Thus
let's add some proper wrapper function for virtio device hot-plugging
and -unplugging first.
It also seems like device unplugging works fine on ppc64 when using
the generic qtest_hot_unplug_device() function, so hot-unplugging
is now tested on ppc64, too.

Signed-off-by: Thomas Huth 
---
 tests/Makefile.include  |  4 ++--
 tests/libqos/virtio.c   | 27 +++
 tests/libqos/virtio.h   |  5 +
 tests/virtio-net-test.c |  8 ++--
 tests/virtio-rng-test.c |  9 +++--
 5 files changed, 39 insertions(+), 14 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index ff2a551..e3acdff 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -751,8 +751,8 @@ tests/wdt_ib700-test$(EXESUF): tests/wdt_ib700-test.o
 tests/tco-test$(EXESUF): tests/tco-test.o $(libqos-pc-obj-y)
 tests/virtio-balloon-test$(EXESUF): tests/virtio-balloon-test.o
 tests/virtio-blk-test$(EXESUF): tests/virtio-blk-test.o $(libqos-virtio-obj-y)
-tests/virtio-net-test$(EXESUF): tests/virtio-net-test.o $(libqos-pc-obj-y) 
$(libqos-virtio-obj-y)
-tests/virtio-rng-test$(EXESUF): tests/virtio-rng-test.o $(libqos-pc-obj-y)
+tests/virtio-net-test$(EXESUF): tests/virtio-net-test.o $(libqos-virtio-obj-y)
+tests/virtio-rng-test$(EXESUF): tests/virtio-rng-test.o $(libqos-virtio-obj-y)
 tests/virtio-scsi-test$(EXESUF): tests/virtio-scsi-test.o 
$(libqos-virtio-obj-y)
 tests/virtio-9p-test$(EXESUF): tests/virtio-9p-test.o $(libqos-virtio-obj-y)
 tests/virtio-serial-test$(EXESUF): tests/virtio-serial-test.o
diff --git a/tests/libqos/virtio.c b/tests/libqos/virtio.c
index 9880a69..87d2e65 100644
--- a/tests/libqos/virtio.c
+++ b/tests/libqos/virtio.c
@@ -10,6 +10,7 @@
 #include "qemu/osdep.h"
 #include "libqtest.h"
 #include "libqos/virtio.h"
+#include "libqos/pci.h"
 #include "standard-headers/linux/virtio_config.h"
 #include "standard-headers/linux/virtio_ring.h"
 
@@ -339,3 +340,29 @@ void qvirtqueue_set_used_event(QVirtQueue *vq, uint16_t 
idx)
 /* vq->avail->used_event */
 writew(vq->avail + 4 + (2 * vq->size), idx);
 }
+
+void qvirtio_plug_device_test(const char *driver, const char *id,
+  uint8_t addr, const char *opts)
+{
+const char *arch = qtest_get_arch();
+
+if (g_str_equal(arch, "i386") || g_str_equal(arch, "x86_64") ||
+g_str_equal(arch, "ppc64")) {
+qpci_plug_device_test(driver, id, addr, opts);
+} else {
+g_assert_not_reached();
+}
+}
+
+void qvirtio_unplug_device_test(const char *id, uint8_t addr)
+{
+const char *arch = qtest_get_arch();
+
+if (g_str_equal(arch, "i386") || g_str_equal(arch, "x86_64")) {
+qpci_unplug_acpi_device_test(id, addr);
+} else if (g_str_equal(arch, "ppc64")) {
+qtest_hot_unplug_device(id);
+} else {
+g_assert_not_reached();
+}
+}
diff --git a/tests/libqos/virtio.h b/tests/libqos/virtio.h
index 8fbcd18..03e33d6 100644
--- a/tests/libqos/virtio.h
+++ b/tests/libqos/virtio.h
@@ -143,4 +143,9 @@ void qvirtqueue_kick(QVirtioDevice *d, QVirtQueue *vq, 
uint32_t free_head);
 bool qvirtqueue_get_buf(QVirtQueue *vq, uint32_t *desc_idx);
 
 void qvirtqueue_set_used_event(QVirtQueue *vq, uint16_t idx);
+
+void qvirtio_plug_device_test(const char *driver, const char *id,
+  uint8_t addr, const char *opts);
+void qvirtio_unplug_device_test(const char *id, uint8_t addr);
+
 #endif
diff --git a/tests/virtio-net-test.c b/tests/virtio-net-test.c
index 635b942..49e733d 100644
--- a/tests/virtio-net-test.c
+++ b/tests/virtio-net-test.c
@@ -241,15 +241,11 @@ static void pci_basic(gconstpointer data)
 
 static void hotplug(void)
 {
-const char *arch = qtest_get_arch();
-
 qtest_start("-device virtio-net-pci");
 
-qpci_plug_device_test("virtio-net-pci", "net1", PCI_SLOT_HP, NULL);
+qvirtio_plug_device_test("virtio-net", "net1", PCI_SLOT_HP, NULL);
 
-if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
-qpci_unplug_acpi_device_test("net1", PCI_SLOT_HP);
-}
+qvirtio_unplug_device_test("net1", PCI_SLOT_HP);
 
 test_end();
 }
diff --git a/tests/virtio-rng-test.c b/tests/virtio-rng-test.c
index dcecf77..04c4279 100644
--- a/tests/virtio-rng-test.c
+++ b/tests/virtio-rng-test.c
@@ -10,6 +10,7 @@
 #include "qemu/osdep.h"
 #include "libqtest.h"
 #include "libqos/pci.h"
+#include "libqos/virtio.h"
 
 #define PCI_SLOT_HP 0x06
 
@@ -20,13 +21,9 @@ static void pci_nop(void)
 
 static void hotplug(void)
 {
-const char *arch = qtest_get_arch();
+qvirtio_plug_device_test("virtio-rng-pci", "rng1", PCI_SLOT_HP, NULL);
 
-qpci_plug_device_test("virtio-rng-pci", "rng1", PCI_SLOT_HP, NULL);
-
-if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
-qpci_unplug_acpi_device_test("rng1", PCI_SLOT_HP);
-}
+qvirtio_unplug_device

[Qemu-devel] [PATCH for-2.11 0/6] Enable more qtests for s390x

[Thomas Huth]

We currently do not have many tests enabled for QEMU on s390x yet,
so this series reworks some of the tests to be also usable on s390x
to get some extended test coverage there.

Along the way, this also cleans up some of the generic test code,
e.g. by introducing generic functions to do hot-plugging with
the device_add QMP command.

Please review!

 Thanks,
  Thomas


Thomas Huth (6):
  tests: Run filter-redirector and -mirror test only on POSIX systems
  tests: Add network filter tests to the check-qtest-s390x list
  tests: Enable the drive_del test also on s390x
  tests: Introduce generic device hot-plug/hot-unplug functions
  tests: Add qvirtio_(un)plug_device_test wrapper functions
  tests: Enable the simple virtio tests on s390x, too

 tests/Makefile.include | 20 +-
 tests/drive_del-test.c | 13 -
 tests/libqos/pci.c | 19 ++---
 tests/libqos/usb.c | 30 +
 tests/libqos/virtio.c  | 29 
 tests/libqos/virtio.h  |  5 
 tests/libqtest.c   | 60 ++
 tests/libqtest.h   | 19 +
 tests/test-filter-mirror.c | 14 +-
 tests/test-filter-redirector.c | 32 +++---
 tests/test-netfilter.c | 11 +++-
 tests/usb-hcd-uhci-test.c  | 26 ++
 tests/usb-hcd-xhci-test.c  | 51 +++
 tests/virtio-balloon-test.c|  6 ++---
 tests/virtio-console-test.c| 12 -
 tests/virtio-net-test.c|  8 ++
 tests/virtio-rng-test.c| 17 +---
 tests/virtio-scsi-test.c   | 24 ++---
 tests/virtio-serial-test.c | 33 +--
 19 files changed, 208 insertions(+), 221 deletions(-)

-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v3] hw/acpi-build: Fix SRAT memory building when there is no memory in node0

[Dou Liyang]

Hi Igor,

I tested this patch with following guests:

1. RHEL 6.5 with Linux 2.6.32
2. RHEL 7.0 with Linux 3.10.0
3. Fedora 23 with Linux 4.13.0-rc5
4. window 2003 service
5. window 7
6. window 10

Thanks,
dou.

At 08/16/2017 09:45 AM, Dou Liyang wrote:

Currently, Using the fisrt node without memory on the machine makes
QEMU unhappy. With this example command line:
  ... \
  -m 1024M,slots=4,maxmem=32G \
  -numa node,nodeid=0 \
  -numa node,mem=1024M,nodeid=1 \
  -numa node,nodeid=2 \
  -numa node,nodeid=3 \
Guest reports "No NUMA configuration found" and the NUMA topology is
wrong.

This is because when QEMU builds ACPI SRAT, it regards node0 as the
default node to deal with the memory hole(640K-1M). this means the
node0 must have some memory(>1M), but, actually it can have no
memory.

Fix this problem by replace the node0 with the first node which has
memory on it. Add a new function for each node. Also do some cleanup.

Signed-off-by: Dou Liyang 
---
V3 --> V2
  -Modify the title
V2 --> V1:
  -Fix a coding style problem
Replace
for (node = 0;
node < pcms->numa_nodes && pcms->node_mem[node] == 0;
node++);

with
for (node = 0; node < pcms->numa_nodes; node++) {
   if (pcms->node_mem[node] != 0) {
break;
 }

 hw/i386/acpi-build.c | 78 +---
 1 file changed, 50 insertions(+), 28 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 98dd424..f93d712 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2318,15 +2318,43 @@ build_tpm2(GArray *table_data, BIOSLinker *linker)
  (void *)tpm2_ptr, "TPM2", sizeof(*tpm2_ptr), 4, NULL, NULL);
 }

+static uint64_t
+build_srat_node_entry(GArray *table_data, PCMachineState *pcms,
+int i, uint64_t mem_base, uint64_t mem_len)
+{
+AcpiSratMemoryAffinity *numamem;
+uint64_t next_base;
+
+next_base = mem_base + mem_len;
+
+/* Cut out the ACPI_PCI hole */
+if (mem_base <= pcms->below_4g_mem_size &&
+next_base > pcms->below_4g_mem_size) {
+mem_len -= next_base - pcms->below_4g_mem_size;
+if (mem_len > 0) {
+numamem = acpi_data_push(table_data, sizeof *numamem);
+build_srat_memory(numamem, mem_base, mem_len, i,
+  MEM_AFFINITY_ENABLED);
+}
+mem_base = 1ULL << 32;
+mem_len = next_base - pcms->below_4g_mem_size;
+next_base += (1ULL << 32) - pcms->below_4g_mem_size;
+}
+numamem = acpi_data_push(table_data, sizeof *numamem);
+build_srat_memory(numamem, mem_base, mem_len, i,
+  MEM_AFFINITY_ENABLED);
+return next_base;
+}
+
 static void
 build_srat(GArray *table_data, BIOSLinker *linker, MachineState *machine)
 {
 AcpiSystemResourceAffinityTable *srat;
 AcpiSratMemoryAffinity *numamem;

-int i;
+int i, node;
 int srat_start, numa_start, slots;
-uint64_t mem_len, mem_base, next_base;
+uint64_t mem_len, mem_base;
 MachineClass *mc = MACHINE_GET_CLASS(machine);
 const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(machine);
 PCMachineState *pcms = PC_MACHINE(machine);
@@ -2370,36 +2398,30 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
MachineState *machine)
 /* the memory map is a bit tricky, it contains at least one hole
  * from 640k-1M and possibly another one from 3.5G-4G.
  */
-next_base = 0;
+
 numa_start = table_data->len;

-numamem = acpi_data_push(table_data, sizeof *numamem);
-build_srat_memory(numamem, 0, 640 * 1024, 0, MEM_AFFINITY_ENABLED);
-next_base = 1024 * 1024;
-for (i = 1; i < pcms->numa_nodes + 1; ++i) {
-mem_base = next_base;
-mem_len = pcms->node_mem[i - 1];
-if (i == 1) {
-mem_len -= 1024 * 1024;
+/* get the first node which has memory and map the hole from 640K-1M */
+for (node = 0; node < pcms->numa_nodes; node++) {
+if (pcms->node_mem[node] != 0) {
+break;
 }
-next_base = mem_base + mem_len;
-
-/* Cut out the ACPI_PCI hole */
-if (mem_base <= pcms->below_4g_mem_size &&
-next_base > pcms->below_4g_mem_size) {
-mem_len -= next_base - pcms->below_4g_mem_size;
-if (mem_len > 0) {
-numamem = acpi_data_push(table_data, sizeof *numamem);
-build_srat_memory(numamem, mem_base, mem_len, i - 1,
-  MEM_AFFINITY_ENABLED);
-}
-mem_base = 1ULL << 32;
-mem_len = next_base - pcms->below_4g_mem_size;
-next_base += (1ULL << 32) - pcms->below_4g_mem_size;
+}
+numamem = acpi_data_push(table_data, sizeof *numamem);
+build_srat_memory(numamem, 0, 640 * 1024, node, MEM_AFFINITY_ENABLED);
+
+/* map the rest of memory from 1M */
+mem_base = 1024 * 1024;
+mem_len = pcms->node_mem[node

[Qemu-devel] [PATCH for-2.11] intel_iommu: fix missing BQL in pt fast path

[Peter Xu]

In vtd_switch_address_space() we did the memory region switch, however
it's possible that the caller of it has not taken the BQL at all. Make
sure we have it.

CC: Paolo Bonzini 
CC: Jason Wang 
CC: Michael S. Tsirkin 
Signed-off-by: Peter Xu 
---

Paolo: I noticed this qemu_mutex_iothread_locked() function, which might
simplify the fix, so I decided to use it. Using bottom half should be ok
as well, but after a second thought it can be complicated: consider the
case when guest firstly triggered the pt fast path then quickly
re-enables the IOMMU region before the bottom half being executed. Then
looks like we need special care on the sync of bottom half task as well.
That's over-complicated I guess (if with that, I'd prefer to remove the
pt fast path since it's even not really the default path when pt is
used...). Please let me know if you don't think so.
---
 hw/i386/intel_iommu.c | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index a7bf87a..3a5bb0b 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -957,6 +957,8 @@ static bool vtd_dev_pt_enabled(VTDAddressSpace *as)
 static bool vtd_switch_address_space(VTDAddressSpace *as)
 {
 bool use_iommu;
+/* Whether we need to take the BQL on our own */
+bool take_bql = !qemu_mutex_iothread_locked();
 
 assert(as);
 
@@ -967,6 +969,15 @@ static bool vtd_switch_address_space(VTDAddressSpace *as)
VTD_PCI_FUNC(as->devfn),
use_iommu);
 
+/*
+ * It's possible that we reach here without BQL, e.g., when called
+ * from vtd_pt_enable_fast_path(). However the memory APIs need
+ * it. We'd better make sure we have had it already, or, take it.
+ */
+if (take_bql) {
+qemu_mutex_lock_iothread();
+}
+
 /* Turn off first then on the other */
 if (use_iommu) {
 memory_region_set_enabled(&as->sys_alias, false);
@@ -976,6 +987,10 @@ static bool vtd_switch_address_space(VTDAddressSpace *as)
 memory_region_set_enabled(&as->sys_alias, true);
 }
 
+if (take_bql) {
+qemu_mutex_unlock_iothread();
+}
+
 return use_iommu;
 }
 
-- 
2.7.4

Re: [Qemu-devel] [PATCH 07/26] qapi: add 'if' condition on top-level schema elements

[Markus Armbruster]

Markus Armbruster  writes:

[...]
> Out of review brainpower for today.  Hope to resume tomorrow.
>
> [...]

Nope, I'm giving up on this one.  Please split it for reviewability.
Suggested split:

1. Preparatory refactoring for step 2, step by step

2. Frontend part: accept and check 'if', step by step

   The accepted conditions should be visible in
   tests/qapi-schema/qapi-schema-test.out.

3. Preparatory refactoring for step 4, step by step

4. Backend part: generate the ifdeffery, step by step

   You already split off qapi2texi steps [PATCH 12-15].  Good.  Perhaps
   that's all that can be split off, perhaps not.

PATCH 08-11 may well profit from the same treatment.

Moving on to PATCH 16.

Re: [Qemu-devel] [PATCH v5 01/10] qemu.py: Pylint/style fixes

[Markus Armbruster]

Lukáš Doktor  writes:

> Dne 16.8.2017 v 18:58 Markus Armbruster napsal(a):
>> Lukáš Doktor  writes:
>> 
>>> Dne 15.8.2017 v 14:31 Markus Armbruster napsal(a):
 Lukáš Doktor  writes:

> No actual code changes, just several pylint/style fixes and docstring
> clarifications.
>
> Signed-off-by: Lukáš Doktor 
> ---
>  scripts/qemu.py | 76 
> -
>  1 file changed, 53 insertions(+), 23 deletions(-)
>
> diff --git a/scripts/qemu.py b/scripts/qemu.py
> index 880e3e8..466aaab 100644
> --- a/scripts/qemu.py
> +++ b/scripts/qemu.py
> @@ -23,8 +23,22 @@ import qmp.qmp
>  class QEMUMachine(object):
>  '''A QEMU VM'''
>  
> -def __init__(self, binary, args=[], wrapper=[], name=None, 
> test_dir="/var/tmp",
> - monitor_address=None, socket_scm_helper=None, 
> debug=False):
> +def __init__(self, binary, args=[], wrapper=[], name=None,
> + test_dir="/var/tmp", monitor_address=None,
> + socket_scm_helper=None, debug=False):
> +'''
> +Create a QEMUMachine object

 Initialize a QEMUMachine

 Rationale: it's __init__, not __create__, and "object" is redundant.

>>>
>>> sure
>>>
> +
> +@param binary: path to the qemu binary (str)

 Drop (str), because what else could it be?
>>>
>>> it could be shlex.split of arguments to be passed to process. Anyway no 
>>> strong opinion here so I dropping it...
>>>

> +@param args: initial list of extra arguments

 If this is the initial list, then what's the final list?

>>>
>>> It's the basic set of arguments which can be modified before the execution. 
>>> Do you think it requires additional explanation, or would you like to 
>>> improve it somehow?
>> 
>> Can this list of extra arguments really be *modified*?  Adding more
>> arguments doesn't count for me --- I'd consider them added to the
>> "non-extra" arguments.
>> 
>
> Yes, one can remove, shuffle or modify it.

Bizarre :)

Who's "one"?

>> Drop "initial"?
>
> I can do that but it can give false impression that the args will be present. 
> Anyway it's probably just a corner case so I'll drop it.

If it's intended to be modified, then keeping "initial" might be best.
Your choice.

>> 
> +@param wrapper: list of arguments used as prefix to qemu binary
> +@param name: name of this object (used for log/monitor/... file 
> names)
 prefix for socket and log file names (default: qemu-PID)

>>>
>>> Sure, both make sense to me.
>>>
> +@param test_dir: base location to put log/monitor/... files in

 where to create socket and log file

 Aside: test_dir is a lousy name.
>>>
>>> Agree but changing names is tricky as people might be using kwargs to set 
>>> it. Anyway using your description here, keeping the possible rename for a 
>>> separate patchset (if needed).
>> 
>> I'm merely observing the lousiness of this name.  I'm not asking you to
>> do anything about it :)
>> 
> +@param monitor_address: custom address for QMP monitor

 Yes, but what *is* a custom address?  Its user _base_args() appears to
 expect either a pair of strings (host, port) or a string filename.

>>>
>>> If you insist I can add something like "a tuple(host, port) or string to 
>>> specify path", but I find it unnecessary detailed...
>> 
>> I'm not the maintainer, I'm definitely not insisting on anything.
>> 
>> If you're aiming for brevity, then drop "custom".
>> 
>
> OK, removing in v6
>
> +@param socket_scm_helper: path to scm_helper binary (to forward 
> fds)

 What is an scm_helper, and why would I want to use it?

>>>
>>> To forward a file descriptor. It's for example used in 
>>> tests/qemu-iotests/045 or tests/qemu-iotests/147
>> 
>> What about "socket_scm_helper: helper program, required for send_fd_scm()"?
>> 
> +@param debug: enable debug mode (forwarded to QMP helper and 
> such)

 What is a QMP helper?  To what else is debug forwarded?

>>>
>>> Debug is set in `self._debug` and can be consumed by anyone who has access 
>>> to this variable. Currently that is the QMP, but people can inherit and use 
>>> that variable to adjust their behavior.
>> 
>> Drop the parenthesis?
>> 
>
> OK
>
> +@note: Qemu process is not started until launch() is used.

 until launch().

>>>
>>> OK
>> 
>> One more thing: what the use of "@param"?
>> 
>
> The API documentation can be autogenerated by doxygen, it uses those keywords 
> to make it easier to read (and to create links, warnings, ...)

"Can" or "could"?  As far as I can tell, we aren't actually using
doxygen for anything, are we?  Just like we aren't actually using
GTK-Doc.  Yet its comment rash^H^H^H^Hannotations can be found here and
there, commonl

[Qemu-devel] [FIX PATCH v1] spapr: Allow configure-connector to be called multiple times

[Bharata B Rao]

In case of in-kernel memory hot unplug, when the guest is not able
to remove all the LMBs that are requested for removal, it will add back
any LMBs that have been successfully removed. The DR Connectors of
these LMBs wouldn't have been unconfigured and hence the addition of
these LMBs will result in configure-connector call being issued on
LMB DR connectors that are already in configured state. Such
configure-connector calls will fail resulting in a DIMM which is
partially unplugged.

This however worked till recently before we overhauled the DRC
implementation in QEMU. Commit 9d4c0f4f0a71e: "spapr: Consolidate
DRC state variables" is the first commit where this problem shows up
as per git bisect.

Ideally guest shouldn't be issuing configure-connector call on an
already configured DR connector. However for now, work around this in
QEMU by allowing configure-connector to be called multiple times for
all types of DR connectors.

Signed-off-by: Bharata B Rao 
---
v0: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg02942.html
Changes in v1:
 - Allow configure-connector to be called multiple times for all types
   of DR connectors and not just LMB DRCs. (David Gibson)
 - Explicitly allow configure-connector to proceed only if the DRC is
   either in unisolated or in configured state. (David Gibson)

 hw/ppc/spapr_drc.c | 27 +--
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index 5260b5d..40d1e99 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -446,8 +446,12 @@ void spapr_drc_reset(sPAPRDRConnector *drc)
 drc->state = drck->empty_state;
 }
 
-drc->ccs_offset = -1;
-drc->ccs_depth = -1;
+/*
+ * Ensure that we are able to send the FDT fragment again
+ * via configure-connector call if the guest requests.
+ */
+drc->ccs_offset = drc->fdt_start_offset;
+drc->ccs_depth = 0;
 }
 
 static void drc_reset(void *opaque)
@@ -1071,8 +1075,14 @@ static void rtas_ibm_configure_connector(PowerPCCPU *cpu,
 }
 
 if ((drc->state != SPAPR_DRC_STATE_LOGICAL_UNISOLATE)
-&& (drc->state != SPAPR_DRC_STATE_PHYSICAL_UNISOLATE)) {
-/* Need to unisolate the device before configuring */
+&& (drc->state != SPAPR_DRC_STATE_PHYSICAL_UNISOLATE)
+&& (drc->state != SPAPR_DRC_STATE_LOGICAL_CONFIGURED)
+&& (drc->state != SPAPR_DRC_STATE_PHYSICAL_CONFIGURED)) {
+/*
+ * Need to unisolate the device before configuring
+ * or it should already be in configured state to
+ * allow configure-connector be called repeatedly.
+ */
 rc = SPAPR_DR_CC_RESPONSE_NOT_CONFIGURABLE;
 goto out;
 }
@@ -1108,8 +1118,13 @@ static void rtas_ibm_configure_connector(PowerPCCPU *cpu,
 /* done sending the device tree, move to configured state */
 trace_spapr_drc_set_configured(drc_index);
 drc->state = drck->ready_state;
-drc->ccs_offset = -1;
-drc->ccs_depth = -1;
+/*
+ * Ensure that we are able to send the FDT fragment
+ * again via configure-connector call if the guest requests.
+ */
+drc->ccs_offset = drc->fdt_start_offset;
+drc->ccs_depth = 0;
+fdt_offset_next = drc->fdt_start_offset;
 resp = SPAPR_DR_CC_RESPONSE_SUCCESS;
 } else {
 resp = SPAPR_DR_CC_RESPONSE_PREV_PARENT;
-- 
2.7.4

[Qemu-devel] [PATCH] hw/ppc/spapr_rtc: Mark the RTC device with user_creatable = false

[Thomas Huth]

QEMU currently aborts unexpectedly when a user tries to do something
like this:

$ qemu-system-ppc64 -nographic -S -nodefaults -monitor stdio
QEMU 2.9.92 monitor - type 'help' for more information
(qemu) device_add spapr-rtc,id=spapr-rtc
(qemu) device_del spapr-rtc
**
ERROR:qemu/qdev-monitor.c:872:qdev_unplug: assertion failed: (hotplug_ctrl)
Aborted (core dumped)

The RTC device is not meant to be hot-pluggable - it's an internal
device only and it even should not be possible to create it a
second time with the "-device" parameter, so let's mark this
with "user_creatable = false".

Signed-off-by: Thomas Huth 
---
 hw/ppc/spapr_rtc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/ppc/spapr_rtc.c b/hw/ppc/spapr_rtc.c
index 00a4e4c..9ec3078 100644
--- a/hw/ppc/spapr_rtc.c
+++ b/hw/ppc/spapr_rtc.c
@@ -164,6 +164,8 @@ static void spapr_rtc_class_init(ObjectClass *oc, void 
*data)
 
 dc->realize = spapr_rtc_realize;
 dc->vmsd = &vmstate_spapr_rtc;
+/* Reason: This is an internal device only for handling the hypercalls */
+dc->user_creatable = false;
 
 spapr_rtas_register(RTAS_GET_TIME_OF_DAY, "get-time-of-day",
 rtas_get_time_of_day);
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH 0/8] QOMify MIPS cpu

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20170817043102.6322-1-f4...@amsat.org
Subject: [Qemu-devel] [PATCH 0/8] QOMify MIPS cpu

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
1557a1941b mips: update mips_cpu_list() to use object_class_get_list()
fff05e4786 mips: replace cpu_mips_init() with cpu_generic_init()
78afa559f4 !fixup mips: now than MIPSCPU is QOMified, mark it abstract
ff2926570c mips: MIPSCPU model subclasses
36f62a8a0b mips: call cpu_mips_realize_env() from mips_cpu_realizefn()
825094780c mips: split cpu_mips_realize_env() out of cpu_mips_init()
7339de695e mips: introduce internal.h and cleanup cpu.h
011150634e mips: move hw/mips/cputimer.c to target/mips/

=== OUTPUT BEGIN ===
Checking PATCH 1/8: mips: move hw/mips/cputimer.c to target/mips/...
Checking PATCH 2/8: mips: introduce internal.h and cleanup cpu.h...
ERROR: space prohibited after that '&' (ctx:WxW)
#725: FILE: target/mips/internal.h:230:
+if ((env->CP0_VPControl >> CP0VPCtl_DIS) & 1) {
  ^

ERROR: space prohibited after that '&' (ctx:WxW)
#733: FILE: target/mips/internal.h:238:
+((other_cpu->env.CP0_VPControl >> CP0VPCtl_DIS) & 1)) {
 ^

ERROR: space prohibited after that '&' (ctx:WxW)
#753: FILE: target/mips/internal.h:258:
+env->hflags |= (env->CP0_Status >> CP0St_KSU) & MIPS_HFLAG_KSU;
   ^

total: 3 errors, 0 warnings, 842 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 3/8: mips: split cpu_mips_realize_env() out of cpu_mips_init()...
Checking PATCH 4/8: mips: call cpu_mips_realize_env() from 
mips_cpu_realizefn()...
Checking PATCH 5/8: mips: MIPSCPU model subclasses...
Checking PATCH 6/8: !fixup mips: now than MIPSCPU is QOMified, mark it 
abstract...
Checking PATCH 7/8: mips: replace cpu_mips_init() with cpu_generic_init()...
Checking PATCH 8/8: mips: update mips_cpu_list() to use 
object_class_get_list()...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [RFC v4 08/13] ide: enumerate_slots implementation

[Markus Armbruster]

John Snow  writes:

> On 08/14/2017 05:57 PM, Eduardo Habkost wrote:
>> Example output when using "-machine q35":
>> 
>>   {
>> "available": true,
>> "count": 1,
>> "device-types": [
>>   "ide-device"
>> ],
>> "hotpluggable": false,
>> "opts": [
>>   { "option": "unit", "values": 0 },
>>   { "option": "bus", "values": "ide.2" }
>> ],
>> "opts-complete": true
>>   }
>>   {
>> "available": false,
>> "count": 1,
>> "device": "/machine/unattached/device[19]",
>> "device-types": [
>>   "ide-device"
>> ],
>> "hotpluggable": false,
>> "opts": [
>>   { "option": "unit", "values": 1 },
>>   { "option": "bus", "values": "ide.2" } ],
>> "opts-complete": true
>>   }
>>   {
>> "available": true,
>> "count": 10,
>> "device-types": [
>>   "ide-device"
>> ],
>> "hotpluggable": false,
>> "opts": [
>>   { "option": "unit", "values": [ [ 0, 1 ] ] },
>
> Hm, these unit values aren't really correct -- we do not support
> primary/secondary semantics for IDE buses on the AHCI device. I guess
> they technically exist, but you cannot use them for anything.
>
> Should I do something to "disable" or otherwise hide the unusable
> secondary unit slots for AHCI devices?

I think that would make this introspection more useful.

Re: [Qemu-devel] [Qemu-block] [PATCH v2 00/10] Correct two minor QMP interface design flaws

[Markus Armbruster]

John Snow  writes:

[...]
> On 07/20/2017 03:53 AM, Markus Armbruster wrote:
>> blockdev-add and migrate-set-parameters overload empty strings to mean
>> something entirely different.  See my memo "qapi: Stop abusing
>> "special" values for something entirely different" for details.
>> 
>> Message-ID: <87379zhrhn@dusky.pond.sub.org>
>> https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg04526.html
>> 
>> This series deprecates these usages of "" in favour of JSON null.
>> Because we're so close to the 2.10 freeze, the implementation is
>> intentionally stupid: rewrite null to "" at first opportunity.  The
>> proper way to do it would be rewriting "" to null, but that requires
>> fixing up code to work with null.  There are TODO comments for that.
>> I'm willing to take care of them in the next development cycle.
>> 
>
> Did this get dropped in favor of a more comprehensive 2.11 fix?

This is the stupid solution for 2.10.  TODO comments in PATCH 05+08-10
mark the spots that could use cleanup.  I hope to get to them in 2.11.

[...]

[Qemu-devel] [PATCH 7/8] mips: replace cpu_mips_init() with cpu_generic_init()

[Philippe Mathieu-Daudé]

From: Igor Mammedov 

now cpu_mips_init() reimplements subset of cpu_generic_init()
tasks, so just drop it and use cpu_generic_init() directly.

Signed-off-by: Igor Mammedov 
Reviewed-by: Hervé Poussineau 
Signed-off-by: Philippe Mathieu-Daudé 
[PMD: use internal.h instead of cpu.h]
---
 target/mips/cpu.h   |  3 +--
 hw/mips/cps.c   |  2 +-
 hw/mips/mips_fulong2e.c |  2 +-
 hw/mips/mips_jazz.c |  2 +-
 hw/mips/mips_malta.c|  2 +-
 hw/mips/mips_mipssim.c  |  2 +-
 hw/mips/mips_r4k.c  |  2 +-
 target/mips/translate.c | 17 -
 8 files changed, 7 insertions(+), 25 deletions(-)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 2f81e0f950..66265e4eb6 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -737,10 +737,9 @@ enum {
  */
 #define CPU_INTERRUPT_WAKE CPU_INTERRUPT_TGT_INT_0
 
-MIPSCPU *cpu_mips_init(const char *cpu_model);
 int cpu_mips_signal_handler(int host_signum, void *pinfo, void *puc);
 
-#define cpu_init(cpu_model) CPU(cpu_mips_init(cpu_model))
+#define cpu_init(cpu_model) cpu_generic_init(TYPE_MIPS_CPU, cpu_model)
 bool cpu_supports_cps_smp(const char *cpu_model);
 bool cpu_supports_isa(const char *cpu_model, unsigned int isa);
 void cpu_set_exception_base(int vp_index, target_ulong address);
diff --git a/hw/mips/cps.c b/hw/mips/cps.c
index 4ef337d5c4..708899cf92 100644
--- a/hw/mips/cps.c
+++ b/hw/mips/cps.c
@@ -71,7 +71,7 @@ static void mips_cps_realize(DeviceState *dev, Error **errp)
 bool itu_present = false;
 
 for (i = 0; i < s->num_vp; i++) {
-cpu = cpu_mips_init(s->cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, s->cpu_model));
 if (cpu == NULL) {
 error_setg(errp, "%s: CPU initialization failed",  __func__);
 return;
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 3532399a13..5d9462ec35 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -280,7 +280,7 @@ static void mips_fulong2e_init(MachineState *machine)
 if (cpu_model == NULL) {
 cpu_model = "Loongson-2E";
 }
-cpu = cpu_mips_init(cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index df2262a2a8..c1402de1ce 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -151,7 +151,7 @@ static void mips_jazz_init(MachineState *machine,
 if (cpu_model == NULL) {
 cpu_model = "R4000";
 }
-cpu = cpu_mips_init(cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index af678f5784..9ecdc818b1 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -931,7 +931,7 @@ static void create_cpu_without_cps(const char *cpu_model,
 int i;
 
 for (i = 0; i < smp_cpus; i++) {
-cpu = cpu_mips_init(cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/hw/mips/mips_mipssim.c b/hw/mips/mips_mipssim.c
index 07fc4c2300..1166834f54 100644
--- a/hw/mips/mips_mipssim.c
+++ b/hw/mips/mips_mipssim.c
@@ -163,7 +163,7 @@ mips_mipssim_init(MachineState *machine)
 cpu_model = "24Kf";
 #endif
 }
-cpu = cpu_mips_init(cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/hw/mips/mips_r4k.c b/hw/mips/mips_r4k.c
index 2f5ced7409..de212f5c13 100644
--- a/hw/mips/mips_r4k.c
+++ b/hw/mips/mips_r4k.c
@@ -193,7 +193,7 @@ void mips_r4k_init(MachineState *machine)
 cpu_model = "24Kf";
 #endif
 }
-cpu = cpu_mips_init(cpu_model);
+cpu = MIPS_CPU(cpu_generic_init(TYPE_MIPS_CPU, cpu_model));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition\n");
 exit(1);
diff --git a/target/mips/translate.c b/target/mips/translate.c
index f7128bc91d..d16d879df7 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -20523,23 +20523,6 @@ void cpu_mips_realize_env(CPUMIPSState *env)
 mvp_init(env, env->cpu_model);
 }
 
-MIPSCPU *cpu_mips_init(const char *cpu_model)
-{
-ObjectClass *oc;
-MIPSCPU *cpu;
-
-oc = cpu_class_by_name(TYPE_MIPS_CPU, cpu_model);
-if (oc == NULL) {
-return NULL;
-}
-
-cpu = MIPS_CPU(object_new(object_class_get_name(oc)));
-
-object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
-
-return cpu;
-}
-
 bool cpu_supports_cps_smp(const char *cpu_model)
 {
 const mips_def_t *def = cpu_mips_find_by_name(cpu_model);
-- 
2.14.1

[Qemu-devel] [PATCH 8/8] mips: update mips_cpu_list() to use object_class_get_list()

[Philippe Mathieu-Daudé]

while here, move it from translate_init.c to helper.c

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/helper.c | 46 
 target/mips/translate_init.c | 10 --
 2 files changed, 46 insertions(+), 10 deletions(-)

diff --git a/target/mips/helper.c b/target/mips/helper.c
index ea076261af..8d12b0088a 100644
--- a/target/mips/helper.c
+++ b/target/mips/helper.c
@@ -1093,3 +1093,49 @@ void QEMU_NORETURN do_raise_exception_err(CPUMIPSState 
*env,
 
 cpu_loop_exit_restore(cs, pc);
 }
+
+/* Sort alphabetically by type name, except for "any". */
+static gint mips_cpu_list_compare(gconstpointer a, gconstpointer b)
+{
+ObjectClass *class_a = (ObjectClass *)a;
+ObjectClass *class_b = (ObjectClass *)b;
+const char *name_a, *name_b;
+
+name_a = object_class_get_name(class_a);
+name_b = object_class_get_name(class_b);
+if (strcmp(name_a, "any-" TYPE_MIPS_CPU) == 0) {
+return 1;
+} else if (strcmp(name_b, "any-" TYPE_MIPS_CPU) == 0) {
+return -1;
+} else {
+return strcmp(name_a, name_b);
+}
+}
+
+static void mips_cpu_list_entry(gpointer data, gpointer user_data)
+{
+ObjectClass *oc = data;
+CPUListState *s = user_data;
+const char *typename;
+char *name;
+
+typename = object_class_get_name(oc);
+name = g_strndup(typename, strlen(typename) - strlen("-" TYPE_MIPS_CPU));
+(*s->cpu_fprintf)(s->file, "  %s\n", name);
+g_free(name);
+}
+
+void mips_cpu_list(FILE *f, fprintf_function cpu_fprintf)
+{
+CPUListState s = {
+.file = f,
+.cpu_fprintf = cpu_fprintf,
+};
+GSList *list;
+
+list = object_class_get_list(TYPE_MIPS_CPU, false);
+list = g_slist_sort(list, mips_cpu_list_compare);
+(*cpu_fprintf)(f, "Available CPUs:\n");
+g_slist_foreach(list, mips_cpu_list_entry, &s);
+g_slist_free(list);
+}
diff --git a/target/mips/translate_init.c b/target/mips/translate_init.c
index 8bbded46c4..b75f4c9065 100644
--- a/target/mips/translate_init.c
+++ b/target/mips/translate_init.c
@@ -767,16 +767,6 @@ static const mips_def_t *cpu_mips_find_by_name (const char 
*name)
 return NULL;
 }
 
-void mips_cpu_list (FILE *f, fprintf_function cpu_fprintf)
-{
-int i;
-
-for (i = 0; i < ARRAY_SIZE(mips_defs); i++) {
-(*cpu_fprintf)(f, "MIPS '%s'\n",
-   mips_defs[i].name);
-}
-}
-
 #ifndef CONFIG_USER_ONLY
 static void no_mmu_init (CPUMIPSState *env, const mips_def_t *def)
 {
-- 
2.14.1

[Qemu-devel] [PATCH 4/8] mips: call cpu_mips_realize_env() from mips_cpu_realizefn()

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/cpu.c   | 3 +++
 target/mips/translate.c | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 68bf423e9d..e3ef835599 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -123,6 +123,7 @@ static void mips_cpu_disas_set_info(CPUState *s, 
disassemble_info *info) {
 static void mips_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
+MIPSCPU *cpu = MIPS_CPU(dev);
 MIPSCPUClass *mcc = MIPS_CPU_GET_CLASS(dev);
 Error *local_err = NULL;
 
@@ -132,6 +133,8 @@ static void mips_cpu_realizefn(DeviceState *dev, Error 
**errp)
 return;
 }
 
+cpu_mips_realize_env(&cpu->env);
+
 cpu_reset(cs);
 qemu_init_vcpu(cs);
 
diff --git a/target/mips/translate.c b/target/mips/translate.c
index 5fc7979ac5..94c38e8755 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -20535,7 +20535,6 @@ MIPSCPU *cpu_mips_init(const char *cpu_model)
 cpu = MIPS_CPU(object_new(TYPE_MIPS_CPU));
 env = &cpu->env;
 env->cpu_model = def;
-cpu_mips_realize_env(env);
 
 object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
 
-- 
2.14.1

[Qemu-devel] [PATCH 5/8] mips: MIPSCPU model subclasses

[Philippe Mathieu-Daudé]

From: Igor Mammedov 

Register separate QOM types for each mips cpu model,
so it would be possible to reuse generic CPU creation
routines.

Signed-off-by: Igor Mammedov 
Signed-off-by: Philippe Mathieu-Daudé 
[PMD: use internal.h, use void* to hold cpu_def in MIPSCPUClass]
---
 target/mips/cpu-qom.h|  1 +
 target/mips/internal.h   | 59 
 target/mips/cpu.c| 51 ++
 target/mips/translate.c  | 13 +-
 target/mips/translate_init.c | 58 ++-
 5 files changed, 119 insertions(+), 63 deletions(-)

diff --git a/target/mips/cpu-qom.h b/target/mips/cpu-qom.h
index 3f5bf23823..085711d8f9 100644
--- a/target/mips/cpu-qom.h
+++ b/target/mips/cpu-qom.h
@@ -49,6 +49,7 @@ typedef struct MIPSCPUClass {
 
 DeviceRealize parent_realize;
 void (*parent_reset)(CPUState *cpu);
+const void *cpu_def;
 } MIPSCPUClass;
 
 typedef struct MIPSCPU MIPSCPU;
diff --git a/target/mips/internal.h b/target/mips/internal.h
index cf4c9db427..45ded3484c 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -7,6 +7,65 @@
 #ifndef MIPS_INTERNAL_H
 #define MIPS_INTERNAL_H
 
+
+/* MMU types, the first four entries have the same layout as the
+   CP0C0_MT field.  */
+enum mips_mmu_types {
+MMU_TYPE_NONE,
+MMU_TYPE_R4000,
+MMU_TYPE_RESERVED,
+MMU_TYPE_FMT,
+MMU_TYPE_R3000,
+MMU_TYPE_R6000,
+MMU_TYPE_R8000
+};
+
+struct mips_def_t {
+const char *name;
+int32_t CP0_PRid;
+int32_t CP0_Config0;
+int32_t CP0_Config1;
+int32_t CP0_Config2;
+int32_t CP0_Config3;
+int32_t CP0_Config4;
+int32_t CP0_Config4_rw_bitmask;
+int32_t CP0_Config5;
+int32_t CP0_Config5_rw_bitmask;
+int32_t CP0_Config6;
+int32_t CP0_Config7;
+target_ulong CP0_LLAddr_rw_bitmask;
+int CP0_LLAddr_shift;
+int32_t SYNCI_Step;
+int32_t CCRes;
+int32_t CP0_Status_rw_bitmask;
+int32_t CP0_TCStatus_rw_bitmask;
+int32_t CP0_SRSCtl;
+int32_t CP1_fcr0;
+int32_t CP1_fcr31_rw_bitmask;
+int32_t CP1_fcr31;
+int32_t MSAIR;
+int32_t SEGBITS;
+int32_t PABITS;
+int32_t CP0_SRSConf0_rw_bitmask;
+int32_t CP0_SRSConf0;
+int32_t CP0_SRSConf1_rw_bitmask;
+int32_t CP0_SRSConf1;
+int32_t CP0_SRSConf2_rw_bitmask;
+int32_t CP0_SRSConf2;
+int32_t CP0_SRSConf3_rw_bitmask;
+int32_t CP0_SRSConf3;
+int32_t CP0_SRSConf4_rw_bitmask;
+int32_t CP0_SRSConf4;
+int32_t CP0_PageGrain_rw_bitmask;
+int32_t CP0_PageGrain;
+target_ulong CP0_EBaseWG_rw_bitmask;
+int insn_flags;
+enum mips_mmu_types mmu_type;
+};
+
+extern const struct mips_def_t mips_defs[];
+extern const int mips_defs_number;
+
 enum CPUMIPSMSADataFormat {
 DF_BYTE = 0,
 DF_HALF,
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index e3ef835599..f99cfbde7e 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -146,12 +146,37 @@ static void mips_cpu_initfn(Object *obj)
 CPUState *cs = CPU(obj);
 MIPSCPU *cpu = MIPS_CPU(obj);
 CPUMIPSState *env = &cpu->env;
+MIPSCPUClass *mcc = MIPS_CPU_GET_CLASS(obj);
 
 cs->env_ptr = env;
 
 if (tcg_enabled()) {
 mips_tcg_init();
 }
+
+if (mcc->cpu_def) {
+env->cpu_model = mcc->cpu_def;
+}
+}
+
+static char *mips_cpu_type_name(const char *cpu_model)
+{
+return g_strdup_printf("%s-" TYPE_MIPS_CPU, cpu_model);
+}
+
+static ObjectClass *mips_cpu_class_by_name(const char *cpu_model)
+{
+ObjectClass *oc;
+char *typename;
+
+if (cpu_model == NULL) {
+return NULL;
+}
+
+typename = mips_cpu_type_name(cpu_model);
+oc = object_class_by_name(typename);
+g_free(typename);
+return oc;
 }
 
 static void mips_cpu_class_init(ObjectClass *c, void *data)
@@ -166,6 +191,7 @@ static void mips_cpu_class_init(ObjectClass *c, void *data)
 mcc->parent_reset = cc->reset;
 cc->reset = mips_cpu_reset;
 
+cc->class_by_name = mips_cpu_class_by_name;
 cc->has_work = mips_cpu_has_work;
 cc->do_interrupt = mips_cpu_do_interrupt;
 cc->cpu_exec_interrupt = mips_cpu_exec_interrupt;
@@ -198,9 +224,34 @@ static const TypeInfo mips_cpu_type_info = {
 .class_init = mips_cpu_class_init,
 };
 
+static void mips_cpu_cpudef_class_init(ObjectClass *oc, void *data)
+{
+MIPSCPUClass *mcc = MIPS_CPU_CLASS(oc);
+mcc->cpu_def = data;
+}
+
+static void mips_register_cpudef_type(const struct mips_def_t *def)
+{
+char *typename = mips_cpu_type_name(def->name);
+TypeInfo ti = {
+.name = typename,
+.parent = TYPE_MIPS_CPU,
+.class_init = mips_cpu_cpudef_class_init,
+.class_data = (void *)def,
+};
+
+type_register(&ti);
+g_free(typename);
+}
+
 static void mips_cpu_register_types(void)
 {
+int i;
+
 type_register_static(&mips_cpu_type_info);
+for (i = 0; i < mips_defs_number; i++) {
+mips_register_cpudef_type(&

[Qemu-devel] [RFC PATCH 6/8] !fixup mips: now than MIPSCPU is QOMified, mark it abstract

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index f99cfbde7e..84b6f8bf68 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -219,7 +219,7 @@ static const TypeInfo mips_cpu_type_info = {
 .parent = TYPE_CPU,
 .instance_size = sizeof(MIPSCPU),
 .instance_init = mips_cpu_initfn,
-.abstract = false,
+.abstract = true,
 .class_size = sizeof(MIPSCPUClass),
 .class_init = mips_cpu_class_init,
 };
-- 
2.14.1

[Qemu-devel] [PATCH 3/8] mips: split cpu_mips_realize_env() out of cpu_mips_init()

[Philippe Mathieu-Daudé]

so it can be used in mips_cpu_realizefn() in the next commit

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/internal.h  |  1 +
 target/mips/translate.c | 19 ---
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/target/mips/internal.h b/target/mips/internal.h
index 91c2df4537..cf4c9db427 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -132,6 +132,7 @@ void mips_tcg_init(void);
 
 /* TODO QOM'ify CPU reset and remove */
 void cpu_state_reset(CPUMIPSState *s);
+void cpu_mips_realize_env(CPUMIPSState *env);
 
 /* cp0_timer.c */
 uint32_t cpu_mips_get_random(CPUMIPSState *env);
diff --git a/target/mips/translate.c b/target/mips/translate.c
index f0febaf1b2..5fc7979ac5 100644
--- a/target/mips/translate.c
+++ b/target/mips/translate.c
@@ -20512,6 +20512,17 @@ void mips_tcg_init(void)
 
 #include "translate_init.c"
 
+void cpu_mips_realize_env(CPUMIPSState *env)
+{
+env->exception_base = (int32_t)0xBFC0;
+
+#ifndef CONFIG_USER_ONLY
+mmu_init(env, env->cpu_model);
+#endif
+fpu_init(env, env->cpu_model);
+mvp_init(env, env->cpu_model);
+}
+
 MIPSCPU *cpu_mips_init(const char *cpu_model)
 {
 MIPSCPU *cpu;
@@ -20524,13 +20535,7 @@ MIPSCPU *cpu_mips_init(const char *cpu_model)
 cpu = MIPS_CPU(object_new(TYPE_MIPS_CPU));
 env = &cpu->env;
 env->cpu_model = def;
-env->exception_base = (int32_t)0xBFC0;
-
-#ifndef CONFIG_USER_ONLY
-mmu_init(env, def);
-#endif
-fpu_init(env, def);
-mvp_init(env, def);
+cpu_mips_realize_env(env);
 
 object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
 
-- 
2.14.1

[Qemu-devel] [PATCH 2/8] mips: introduce internal.h and cleanup cpu.h

[Philippe Mathieu-Daudé]

no logical change, only code movement (and fix a comment typo).

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/cpu.h| 354 +
 target/mips/internal.h   | 362 +++
 target/mips/cp0_timer.c  |   1 +
 target/mips/cpu.c|   1 +
 target/mips/gdbstub.c|   1 +
 target/mips/helper.c |   1 +
 target/mips/kvm.c|   1 +
 target/mips/machine.c|   1 +
 target/mips/msa_helper.c |   1 +
 target/mips/op_helper.c  |   1 +
 target/mips/translate.c  |   1 +
 11 files changed, 372 insertions(+), 353 deletions(-)
 create mode 100644 target/mips/internal.h

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 74f6a5b098..2f81e0f950 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1,8 +1,6 @@
 #ifndef MIPS_CPU_H
 #define MIPS_CPU_H
 
-//#define DEBUG_OP
-
 #define ALIGNED_ONLY
 
 #define CPUArchState struct CPUMIPSState
@@ -15,56 +13,11 @@
 
 struct CPUMIPSState;
 
-typedef struct r4k_tlb_t r4k_tlb_t;
-struct r4k_tlb_t {
-target_ulong VPN;
-uint32_t PageMask;
-uint16_t ASID;
-unsigned int G:1;
-unsigned int C0:3;
-unsigned int C1:3;
-unsigned int V0:1;
-unsigned int V1:1;
-unsigned int D0:1;
-unsigned int D1:1;
-unsigned int XI0:1;
-unsigned int XI1:1;
-unsigned int RI0:1;
-unsigned int RI1:1;
-unsigned int EHINV:1;
-uint64_t PFN[2];
-};
-
-#if !defined(CONFIG_USER_ONLY)
 typedef struct CPUMIPSTLBContext CPUMIPSTLBContext;
-struct CPUMIPSTLBContext {
-uint32_t nb_tlb;
-uint32_t tlb_in_use;
-int (*map_address) (struct CPUMIPSState *env, hwaddr *physical, int *prot, 
target_ulong address, int rw, int access_type);
-void (*helper_tlbwi)(struct CPUMIPSState *env);
-void (*helper_tlbwr)(struct CPUMIPSState *env);
-void (*helper_tlbp)(struct CPUMIPSState *env);
-void (*helper_tlbr)(struct CPUMIPSState *env);
-void (*helper_tlbinv)(struct CPUMIPSState *env);
-void (*helper_tlbinvf)(struct CPUMIPSState *env);
-union {
-struct {
-r4k_tlb_t tlb[MIPS_TLB_MAX];
-} r4k;
-} mmu;
-};
-#endif
 
 /* MSA Context */
 #define MSA_WRLEN (128)
 
-enum CPUMIPSMSADataFormat {
-DF_BYTE = 0,
-DF_HALF,
-DF_WORD,
-DF_DOUBLE
-};
-
 typedef union wr_t wr_t;
 union wr_t {
 int8_t  b[MSA_WRLEN/8];
@@ -682,40 +635,6 @@ static inline MIPSCPU *mips_env_get_cpu(CPUMIPSState *env)
 
 #define ENV_OFFSET offsetof(MIPSCPU, env)
 
-#ifndef CONFIG_USER_ONLY
-extern const struct VMStateDescription vmstate_mips_cpu;
-#endif
-
-void mips_cpu_do_interrupt(CPUState *cpu);
-bool mips_cpu_exec_interrupt(CPUState *cpu, int int_req);
-void mips_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
- int flags);
-hwaddr mips_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-int mips_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int mips_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-void mips_cpu_do_unaligned_access(CPUState *cpu, vaddr addr,
-  MMUAccessType access_type,
-  int mmu_idx, uintptr_t retaddr);
-
-#if !defined(CONFIG_USER_ONLY)
-int no_mmu_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
-target_ulong address, int rw, int access_type);
-int fixed_mmu_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
-   target_ulong address, int rw, int access_type);
-int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
- target_ulong address, int rw, int access_type);
-void r4k_helper_tlbwi(CPUMIPSState *env);
-void r4k_helper_tlbwr(CPUMIPSState *env);
-void r4k_helper_tlbp(CPUMIPSState *env);
-void r4k_helper_tlbr(CPUMIPSState *env);
-void r4k_helper_tlbinv(CPUMIPSState *env);
-void r4k_helper_tlbinvf(CPUMIPSState *env);
-
-void mips_cpu_unassigned_access(CPUState *cpu, hwaddr addr,
-bool is_write, bool is_exec, int unused,
-unsigned size);
-#endif
-
 void mips_cpu_list (FILE *f, fprintf_function cpu_fprintf);
 
 #define cpu_signal_handler cpu_mips_signal_handler
@@ -746,42 +665,6 @@ static inline int cpu_mmu_index (CPUMIPSState *env, bool 
ifetch)
 return hflags_mmu_index(env->hflags);
 }
 
-static inline bool cpu_mips_hw_interrupts_enabled(CPUMIPSState *env)
-{
-return (env->CP0_Status & (1 << CP0St_IE)) &&
-!(env->CP0_Status & (1 << CP0St_EXL)) &&
-!(env->CP0_Status & (1 << CP0St_ERL)) &&
-!(env->hflags & MIPS_HFLAG_DM) &&
-/* Note that the TCStatus IXMT field is initialized to zero,
-   and only MT capable cores can set it to one. So we don't
-   need to check for MT capabilities here.  */
-!(env->active_tc.CP0_TCStatus & (1 << CP0TCSt_IXMT));
-}
-
-/* Check if there is pending and not masked out interrupt */
-static i

[Qemu-devel] [PATCH 1/8] mips: move hw/mips/cputimer.c to target/mips/

[Philippe Mathieu-Daudé]

This timer is a required part of the MIPS32/MIPS64 System Control coprocessor
(CP0). Moving it with the other architecture related files will allow an opaque
use of CPUMIPSState* in the next commit (introduce "internal.h").

also remove it from 'user' targets, remove an unnecessary include.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/mips/cputimer.c => target/mips/cp0_timer.c | 1 -
 hw/mips/Makefile.objs | 2 +-
 target/mips/Makefile.objs | 2 +-
 3 files changed, 2 insertions(+), 3 deletions(-)
 rename hw/mips/cputimer.c => target/mips/cp0_timer.c (99%)

diff --git a/hw/mips/cputimer.c b/target/mips/cp0_timer.c
similarity index 99%
rename from hw/mips/cputimer.c
rename to target/mips/cp0_timer.c
index 8a166b3ea7..a9a58c5604 100644
--- a/hw/mips/cputimer.c
+++ b/target/mips/cp0_timer.c
@@ -21,7 +21,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "hw/hw.h"
 #include "hw/mips/cpudevs.h"
 #include "qemu/timer.h"
 #include "sysemu/kvm.h"
diff --git a/hw/mips/Makefile.objs b/hw/mips/Makefile.objs
index 48cd2ef50e..17a311aaba 100644
--- a/hw/mips/Makefile.objs
+++ b/hw/mips/Makefile.objs
@@ -1,5 +1,5 @@
 obj-y += mips_r4k.o mips_malta.o mips_mipssim.o
-obj-y += addr.o cputimer.o mips_int.o
+obj-y += addr.o mips_int.o
 obj-$(CONFIG_JAZZ) += mips_jazz.o
 obj-$(CONFIG_FULONG) += mips_fulong2e.o
 obj-y += gt64xxx_pci.o
diff --git a/target/mips/Makefile.objs b/target/mips/Makefile.objs
index bc5ed8511f..651f36f517 100644
--- a/target/mips/Makefile.objs
+++ b/target/mips/Makefile.objs
@@ -1,4 +1,4 @@
 obj-y += translate.o dsp_helper.o op_helper.o lmi_helper.o helper.o cpu.o
 obj-y += gdbstub.o msa_helper.o mips-semi.o
-obj-$(CONFIG_SOFTMMU) += machine.o
+obj-$(CONFIG_SOFTMMU) += machine.o cp0_timer.o
 obj-$(CONFIG_KVM) += kvm.o
-- 
2.14.1

[Qemu-devel] [PATCH 0/8] QOMify MIPS cpu

[Philippe Mathieu-Daudé]

Hi,

While working with the mips codebase I had to QOMify it.

I then read Igor's series "complete cpu QOMification" [1] and after some IRC
chat I suggested Igor to rebase his series on mine to avoid code moving
forward then back.

Since most of Igor's series is reviewed I'm posting this a week before 2.11.

I'm not sure about the TypeInfo.abstract change so it is RFC.

Also I couldn't test it with KVM.

Regards,

Phil.

[1]: http://lists.nongnu.org/archive/html/qemu-devel/2017-07/msg04414.html

Igor Mammedov (2):
  mips: MIPSCPU model subclasses
  mips: replace cpu_mips_init() with cpu_generic_init()

Philippe Mathieu-Daudé (6):
  mips: move hw/mips/cputimer.c to target/mips/
  mips: introduce internal.h and cleanup cpu.h
  mips: split cpu_mips_realize_env() out of cpu_mips_init()
  mips: call cpu_mips_realize_env() from mips_cpu_realizefn()
  mips: now than MIPSCPU is QOMified, mark it abstract
  mips: update mips_cpu_list() to use object_class_get_list()

 target/mips/cpu-qom.h |   1 +
 target/mips/cpu.h | 357 +-
 target/mips/internal.h| 422 ++
 hw/mips/cps.c |   2 +-
 hw/mips/mips_fulong2e.c   |   2 +-
 hw/mips/mips_jazz.c   |   2 +-
 hw/mips/mips_malta.c  |   2 +-
 hw/mips/mips_mipssim.c|   2 +-
 hw/mips/mips_r4k.c|   2 +-
 hw/mips/cputimer.c => target/mips/cp0_timer.c |   2 +-
 target/mips/cpu.c |  57 +++-
 target/mips/gdbstub.c |   1 +
 target/mips/helper.c  |  47 +++
 target/mips/kvm.c |   1 +
 target/mips/machine.c |   1 +
 target/mips/msa_helper.c  |   1 +
 target/mips/op_helper.c   |   1 +
 target/mips/translate.c   |  23 +-
 target/mips/translate_init.c  |  68 +
 hw/mips/Makefile.objs |   2 +-
 target/mips/Makefile.objs |   2 +-
 21 files changed, 549 insertions(+), 449 deletions(-)
 create mode 100644 target/mips/internal.h
 rename hw/mips/cputimer.c => target/mips/cp0_timer.c (99%)

-- 
2.14.1

[Qemu-devel] [PATCH] tests/docker: Clean up paths

[Fam Zheng]

The 'run' script already creats src, build and install directories under
$TEST_DIR, use it in common.rc.

Also the tests always run from $QEMU_SRC/tests/docker, so use a relative
$CMD string.

Signed-off-by: Fam Zheng 
---
 tests/docker/common.rc | 5 +
 tests/docker/run   | 4 +++-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/tests/docker/common.rc b/tests/docker/common.rc
index 6865689bb5..64b36ba2d0 100755
--- a/tests/docker/common.rc
+++ b/tests/docker/common.rc
@@ -11,9 +11,6 @@
 # or (at your option) any later version. See the COPYING file in
 # the top-level directory.
 
-BUILD_DIR=/var/tmp/qemu-build
-mkdir $BUILD_DIR
-
 requires()
 {
 for c in $@; do
@@ -28,7 +25,7 @@ build_qemu()
 {
 config_opts="--enable-werror \
  ${TARGET_LIST:+--target-list=${TARGET_LIST}} \
- --prefix=$PWD/install \
+ --prefix=$INSTALL_DIR \
  $QEMU_CONFIGURE_OPTS $EXTRA_CONFIGURE_OPTS \
  $@"
 echo "Configure options:"
diff --git a/tests/docker/run b/tests/docker/run
index c1e4513bce..ec2541cbd9 100755
--- a/tests/docker/run
+++ b/tests/docker/run
@@ -52,10 +52,12 @@ if test -n "$SHOW_ENV"; then
 fi
 
 export QEMU_SRC="$TEST_DIR/src"
+export BUILD_DIR="$TEST_DIR/build"
+export INSTALL_DIR="$TEST_DIR/install"
 
 cd "$QEMU_SRC/tests/docker"
 
-CMD="$QEMU_SRC/tests/docker/$@"
+CMD="./$@"
 
 if test -z "$DEBUG"; then
 exec $CMD
-- 
2.13.4

Re: [Qemu-devel] [PATCH v3] target-i386/cpu: Add new EPYC CPU model

[Wanpeng Li]

Cc Chandu,

On 8/16/17 1:00 AM, Brijesh Singh wrote:
> Add a new base CPU model called 'EPYC' to model processors from AMD EPYC
> family (which includes EPYC 76xx,75xx,74xx, 73xx and 72xx).
>
> The following features bits have been added/removed compare to Opteron_G5
>
> Added: monitor, movbe, rdrand, mmxext, ffxsr, rdtscp, cr8legacy, osvw,
> fsgsbase, bmi1, avx2, smep, bmi2, rdseed, adx, smap, clfshopt, sha
> xsaveopt, xsavec, xgetbv1, arat

Hi Brijesh,

Actually I wonder whether or not the support for these new instructions 
have already been merged in kvm/qemu?

Regards,
Wanpeng Li

>
> Removed: xop, fma4, tbm
>
> Cc: Paolo Bonzini 
> Cc: Richard Henderson 
> Cc: Eduardo Habkost 
> Cc: Tom Lendacky 
> Signed-off-by: Brijesh Singh 
> ---
>
> Changes since v2:
>   * limit the xlevel to 0x800a
>
> Changes since v1:
>   * fix typo EYPC -> EPYC to reflect the correct branding name
>
>   target/i386/cpu.c | 44 
>   1 file changed, 44 insertions(+)
>
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index ddc45ab..6617e01 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -1522,6 +1522,50 @@ static X86CPUDefinition builtin_x86_defs[] = {
>   .xlevel = 0x801A,
>   .model_id = "AMD Opteron 63xx class CPU",
>   },
> +{
> +.name = "EPYC",
> +.level = 0xd,
> +.vendor = CPUID_VENDOR_AMD,
> +.family = 23,
> +.model = 1,
> +.stepping = 2,
> +.features[FEAT_1_EDX] =
> +CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH |
> +CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE |
> +CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE |
> +CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE |
> +CPUID_VME | CPUID_FP87,
> +.features[FEAT_1_ECX] =
> +CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX |
> +CPUID_EXT_XSAVE | CPUID_EXT_AES |  CPUID_EXT_POPCNT |
> +CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
> +CPUID_EXT_CX16 | CPUID_EXT_FMA | CPUID_EXT_SSSE3 |
> +CPUID_EXT_MONITOR | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
> +.features[FEAT_8000_0001_EDX] =
> +CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB |
> +CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX |
> +CPUID_EXT2_SYSCALL,
> +.features[FEAT_8000_0001_ECX] =
> +CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH |
> +CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
> +CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM,
> +.features[FEAT_7_0_EBX] =
> +CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 
> |
> +CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
> +CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | 
> CPUID_7_0_EBX_CLFLUSHOPT |
> +CPUID_7_0_EBX_SHA_NI,
> +/* Missing: XSAVES (not supported by some Linux versions,
> + * including v4.1 to v4.12).
> + * KVM doesn't yet expose any XSAVES state save component.
> + */
> +.features[FEAT_XSAVE] =
> +CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
> +CPUID_XSAVE_XGETBV1,
> +.features[FEAT_6_EAX] =
> +CPUID_6_EAX_ARAT,
> +.xlevel = 0x800A,
> +.model_id = "AMD EPYC Processor",
> +},
>   };
>   
>   typedef struct PropValue {

Re: [Qemu-devel] [PATCH 04/28] sparc: convert cpu models to SPARC cpu subclasses

[Philippe Mathieu-Daudé]

On 07/14/2017 10:51 AM, Igor Mammedov wrote:

QOMfy cpu models handling introducing propper cpu types
for each cpu model.

Signed-off-by: Igor Mammedov 
---
with this and conversion of features to properties,
it would be possible to replace cpu_sparc_init() with
cpu_generic_init() and reuse common -cpu handling
infrastructure.

CC: Mark Cave-Ayland 
CC: Artyom Tarasenko 
---
  target/sparc/cpu-qom.h |   2 +
  target/sparc/cpu.c | 119 +
  2 files changed, 83 insertions(+), 38 deletions(-)

diff --git a/target/sparc/cpu-qom.h b/target/sparc/cpu-qom.h
index f63af72..af6d57a 100644
--- a/target/sparc/cpu-qom.h
+++ b/target/sparc/cpu-qom.h
@@ -35,6 +35,7 @@
  #define SPARC_CPU_GET_CLASS(obj) \
  OBJECT_GET_CLASS(SPARCCPUClass, (obj), TYPE_SPARC_CPU)
  
+typedef struct sparc_def_t sparc_def_t;

  /**
   * SPARCCPUClass:
   * @parent_realize: The parent class' realize handler.
@@ -49,6 +50,7 @@ typedef struct SPARCCPUClass {
  
  DeviceRealize parent_realize;

  void (*parent_reset)(CPUState *cpu);
+sparc_def_t *cpu_def;
  } SPARCCPUClass;
  
  typedef struct SPARCCPU SPARCCPU;

diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index d606eb5..f8cf751 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -25,8 +25,6 @@
  
  //#define DEBUG_FEATURES
  
-static int cpu_sparc_find_by_name(sparc_def_t *cpu_def, const char *cpu_model);

-
  /* CPUClass::reset() */
  static void sparc_cpu_reset(CPUState *s)
  {
@@ -111,17 +109,9 @@ static int cpu_sparc_register(SPARCCPU *cpu, const char 
*cpu_model)
  {
  CPUSPARCState *env = &cpu->env;
  char *s = g_strdup(cpu_model);
-char *featurestr, *name = strtok(s, ",");
-sparc_def_t def1, *def = &def1;
+char *featurestr = strtok(s, ",");
  Error *err = NULL;
  
-if (cpu_sparc_find_by_name(def, name) < 0) {

-g_free(s);
-return -1;
-}
-
-env->def = g_memdup(def, sizeof(*def));
-
  featurestr = strtok(NULL, ",");
  sparc_cpu_parse_features(CPU(cpu), featurestr, &err);
  g_free(s);
@@ -130,18 +120,18 @@ static int cpu_sparc_register(SPARCCPU *cpu, const char 
*cpu_model)
  return -1;
  }
  
-env->version = def->iu_version;

-env->fsr = def->fpu_version;
-env->nwindows = def->nwindows;
+env->version = env->def->iu_version;
+env->fsr = env->def->fpu_version;
+env->nwindows = env->def->nwindows;
  #if !defined(TARGET_SPARC64)
-env->mmuregs[0] |= def->mmu_version;
+env->mmuregs[0] |= env->def->mmu_version;
  cpu_sparc_set_id(env, 0);
-env->mxccregs[7] |= def->mxcc_version;
+env->mxccregs[7] |= env->def->mxcc_version;
  #else
-env->mmu_version = def->mmu_version;
-env->maxtl = def->maxtl;
-env->version |= def->maxtl << 8;
-env->version |= def->nwindows - 1;
+env->mmu_version = env->def->mmu_version;
+env->maxtl = env->def->maxtl;
+env->version |= env->def->maxtl << 8;
+env->version |= env->def->nwindows - 1;
  #endif
  return 0;
  }
@@ -149,8 +139,19 @@ static int cpu_sparc_register(SPARCCPU *cpu, const char 
*cpu_model)
  SPARCCPU *cpu_sparc_init(const char *cpu_model)
  {
  SPARCCPU *cpu;
+ObjectClass *oc;
+char *str, *name;
+
+str = g_strdup(cpu_model);
+name = strtok(str, ",");
+oc = cpu_class_by_name(TYPE_SPARC_CPU, name);
+if (oc == NULL) {
+g_free(str);
+return NULL;
+}
+g_free(str);
  
-cpu = SPARC_CPU(object_new(TYPE_SPARC_CPU));

+cpu = SPARC_CPU(object_new(object_class_get_name(oc)));
  
  if (cpu_sparc_register(cpu, cpu_model) < 0) {

  object_unref(OBJECT(cpu));
@@ -553,23 +554,6 @@ static void add_flagname_to_bitmaps(const char *flagname, 
uint32_t *features)
  error_report("CPU feature %s not found", flagname);
  }
  
-static int cpu_sparc_find_by_name(sparc_def_t *cpu_def, const char *name)

-{
-unsigned int i;
-const sparc_def_t *def = NULL;
-
-for (i = 0; i < ARRAY_SIZE(sparc_defs); i++) {
-if (strcasecmp(name, sparc_defs[i].name) == 0) {
-def = &sparc_defs[i];
-}
-}
-if (!def) {
-return -1;
-}
-memcpy(cpu_def, def, sizeof(*def));
-return 0;
-}
-
  static void sparc_cpu_parse_features(CPUState *cs, char *features,
   Error **errp)
  {
@@ -796,6 +780,36 @@ static bool sparc_cpu_has_work(CPUState *cs)
 cpu_interrupts_enabled(env);
  }
  
+static char *sparc_cpu_type_name(const char *cpu_model)

+{
+char *name = g_strdup_printf("%s-" TYPE_SPARC_CPU, cpu_model);
+char *s = name;
+
+/* SPARC cpu model names happen to have whitespaces,
+ * as type names shouldn't have spaces replace them with '-'
+ */
+while ((s = strchr(s, ' '))) {
+*s = '-';
+}
+
+return name;
+}
+
+static ObjectClass *sparc_cpu_class_by_name(const char *cpu_model)
+{
+ObjectClass *oc;
+char *typename;
+
+if (cpu_model == NULL) {
+  

Re: [Qemu-devel] [PATCH 02/28] mips: MIPSCPU model subclasses

[Philippe Mathieu-Daudé]

Hi Igor,

On 07/15/2017 06:48 PM, Philippe Mathieu-Daudé wrote:

On 07/14/2017 10:51 AM, Igor Mammedov wrote:

Register separate QOM types for each mips cpu model,
so it would be possible to reuse generic CPU creation
routines.

Signed-off-by: Igor Mammedov 


Reviewed-by: Philippe Mathieu-Daudé 


---
CC: Aurelien Jarno 
CC: Yongbok Kim 
---
  target/mips/cpu-qom.h|  2 ++
  target/mips/cpu.h| 57 
+++-
  target/mips/cpu.c| 51 
+++

  target/mips/translate.c  | 13 +-
  target/mips/translate_init.c | 57 
++--

  5 files changed, 117 insertions(+), 63 deletions(-)

diff --git a/target/mips/cpu-qom.h b/target/mips/cpu-qom.h
index 3f5bf23..4b32401 100644
--- a/target/mips/cpu-qom.h
+++ b/target/mips/cpu-qom.h
@@ -35,6 +35,7 @@
  #define MIPS_CPU_GET_CLASS(obj) \
  OBJECT_GET_CLASS(MIPSCPUClass, (obj), TYPE_MIPS_CPU)
+typedef struct mips_def_t mips_def_t;
  /**
   * MIPSCPUClass:
   * @parent_realize: The parent class' realize handler.
@@ -49,6 +50,7 @@ typedef struct MIPSCPUClass {
  DeviceRealize parent_realize;
  void (*parent_reset)(CPUState *cpu);
+const mips_def_t *cpu_def;
  } MIPSCPUClass;
  typedef struct MIPSCPU MIPSCPU;
diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 9c32228..7c2e0bf 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -161,7 +161,62 @@ struct CPUMIPSMVPContext {
  #define CP0MVPC1_PCP10
  };
-typedef struct mips_def_t mips_def_t;
+/* MMU types, the first four entries have the same layout as the
+   CP0C0_MT field.  */
+enum mips_mmu_types {
+MMU_TYPE_NONE,
+MMU_TYPE_R4000,
+MMU_TYPE_RESERVED,
+MMU_TYPE_FMT,
+MMU_TYPE_R3000,
+MMU_TYPE_R6000,
+MMU_TYPE_R8000
+};
+
+struct mips_def_t {
+const char *name;
+int32_t CP0_PRid;
+int32_t CP0_Config0;
+int32_t CP0_Config1;
+int32_t CP0_Config2;
+int32_t CP0_Config3;
+int32_t CP0_Config4;
+int32_t CP0_Config4_rw_bitmask;
+int32_t CP0_Config5;
+int32_t CP0_Config5_rw_bitmask;
+int32_t CP0_Config6;
+int32_t CP0_Config7;
+target_ulong CP0_LLAddr_rw_bitmask;
+int CP0_LLAddr_shift;
+int32_t SYNCI_Step;
+int32_t CCRes;
+int32_t CP0_Status_rw_bitmask;
+int32_t CP0_TCStatus_rw_bitmask;
+int32_t CP0_SRSCtl;
+int32_t CP1_fcr0;
+int32_t CP1_fcr31_rw_bitmask;
+int32_t CP1_fcr31;
+int32_t MSAIR;
+int32_t SEGBITS;
+int32_t PABITS;
+int32_t CP0_SRSConf0_rw_bitmask;
+int32_t CP0_SRSConf0;
+int32_t CP0_SRSConf1_rw_bitmask;
+int32_t CP0_SRSConf1;
+int32_t CP0_SRSConf2_rw_bitmask;
+int32_t CP0_SRSConf2;
+int32_t CP0_SRSConf3_rw_bitmask;
+int32_t CP0_SRSConf3;
+int32_t CP0_SRSConf4_rw_bitmask;
+int32_t CP0_SRSConf4;
+int32_t CP0_PageGrain_rw_bitmask;
+int32_t CP0_PageGrain;
+int insn_flags;
+enum mips_mmu_types mmu_type;
+};
+
+extern const struct mips_def_t mips_defs[];
+extern const int mips_defs_number;
  #define MIPS_SHADOW_SET_MAX 16
  #define MIPS_TC_MAX 5
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 82afdaa..111b5ae 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -151,12 +151,37 @@ static void mips_cpu_initfn(Object *obj)
  CPUState *cs = CPU(obj);
  MIPSCPU *cpu = MIPS_CPU(obj);
  CPUMIPSState *env = &cpu->env;
+MIPSCPUClass *mcc = MIPS_CPU_GET_CLASS(obj);
  cs->env_ptr = env;
  if (tcg_enabled()) {
  mips_tcg_init();
  }
+
+if (mcc->cpu_def) {
+env->cpu_model = mcc->cpu_def;
+}
+}
+
+static char *mips_cpu_type_name(const char *cpu_model)
+{
+return g_strdup_printf("%s-" TYPE_MIPS_CPU, cpu_model);
+}
+
+static ObjectClass *mips_cpu_class_by_name(const char *cpu_model)
+{
+ObjectClass *oc;
+char *typename;
+
+if (cpu_model == NULL) {
+return NULL;
+}
+
+typename = mips_cpu_type_name(cpu_model);
+oc = object_class_by_name(typename);
+g_free(typename);
+return oc;
  }
  static void mips_cpu_class_init(ObjectClass *c, void *data)
@@ -171,6 +196,7 @@ static void mips_cpu_class_init(ObjectClass *c, 
void *data)

  mcc->parent_reset = cc->reset;
  cc->reset = mips_cpu_reset;
+cc->class_by_name = mips_cpu_class_by_name;


Now than I'm reading again...


  cc->has_work = mips_cpu_has_work;
  cc->do_interrupt = mips_cpu_do_interrupt;
  cc->cpu_exec_interrupt = mips_cpu_exec_interrupt;
@@ -203,9 +229,34 @@ static const TypeInfo mips_cpu_type_info = {


Shouldn't this class now be abstract?


  .class_init = mips_cpu_class_init,
  };
+static void mips_cpu_cpudef_class_init(ObjectClass *oc, void *data)
+{
+MIPSCPUClass *mcc = MIPS_CPU_CLASS(oc);
+mcc->cpu_def = data;
+}
+
+static void mips_register_cpudef_type(const struct mips_def_t *def)
+{
+char *typename = mips_cpu_type_name(def->name);
+TypeInfo ti = {
+.name = typename,
+   

[Qemu-devel] [PATCH v14 5/5] virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_VQ

[Wei Wang]

Add a new vq to report hints of guest free pages to the host.

Signed-off-by: Wei Wang 
Signed-off-by: Liang Li 
---
 drivers/virtio/virtio_balloon.c | 167 +++-
 include/uapi/linux/virtio_balloon.h |   1 +
 2 files changed, 147 insertions(+), 21 deletions(-)

diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
index 72041b4..e6755bc 100644
--- a/drivers/virtio/virtio_balloon.c
+++ b/drivers/virtio/virtio_balloon.c
@@ -54,11 +54,12 @@ static struct vfsmount *balloon_mnt;
 
 struct virtio_balloon {
struct virtio_device *vdev;
-   struct virtqueue *inflate_vq, *deflate_vq, *stats_vq;
+   struct virtqueue *inflate_vq, *deflate_vq, *stats_vq, *free_page_vq;
 
/* The balloon servicing is delegated to a freezable workqueue. */
struct work_struct update_balloon_stats_work;
struct work_struct update_balloon_size_work;
+   struct work_struct report_free_page_work;
 
/* Prevent updating balloon when it is being canceled. */
spinlock_t stop_update_lock;
@@ -90,6 +91,13 @@ struct virtio_balloon {
/* Memory statistics */
struct virtio_balloon_stat stats[VIRTIO_BALLOON_S_NR];
 
+   /*
+* Used by the device and driver to signal each other.
+* device->driver: start the free page report.
+* driver->device: end the free page report.
+*/
+   __virtio32 report_free_page_signal;
+
/* To register callback in oom notifier call chain */
struct notifier_block nb;
 };
@@ -174,6 +182,17 @@ static void send_balloon_page_sg(struct virtio_balloon *vb,
} while (unlikely(ret == -ENOSPC));
 }
 
+static void send_free_page_sg(struct virtqueue *vq, void *addr, uint32_t size)
+{
+   unsigned int len;
+
+   add_one_sg(vq, addr, size);
+   virtqueue_kick(vq);
+   /* Release entries if there are */
+   while (virtqueue_get_buf(vq, &len))
+   ;
+}
+
 /*
  * Send balloon pages in sgs to host. The balloon pages are recorded in the
  * page xbitmap. Each bit in the bitmap corresponds to a page of PAGE_SIZE.
@@ -511,42 +530,143 @@ static void update_balloon_size_func(struct work_struct 
*work)
queue_work(system_freezable_wq, work);
 }
 
+static void virtio_balloon_send_free_pages(void *opaque, unsigned long pfn,
+  unsigned long nr_pages)
+{
+   struct virtio_balloon *vb = (struct virtio_balloon *)opaque;
+   void *addr = (void *)pfn_to_kaddr(pfn);
+   uint32_t len = nr_pages << PAGE_SHIFT;
+
+   send_free_page_sg(vb->free_page_vq, addr, len);
+}
+
+static void report_free_page_completion(struct virtio_balloon *vb)
+{
+   struct virtqueue *vq = vb->free_page_vq;
+   struct scatterlist sg;
+   unsigned int len;
+   int ret;
+
+   sg_init_one(&sg, &vb->report_free_page_signal, sizeof(__virtio32));
+retry:
+   ret = virtqueue_add_outbuf(vq, &sg, 1, vb, GFP_KERNEL);
+   virtqueue_kick(vq);
+   if (unlikely(ret == -ENOSPC)) {
+   wait_event(vb->acked, virtqueue_get_buf(vq, &len));
+   goto retry;
+   }
+}
+
+static void report_free_page(struct work_struct *work)
+{
+   struct virtio_balloon *vb;
+
+   vb = container_of(work, struct virtio_balloon, report_free_page_work);
+   walk_free_mem_block(vb, 0, &virtio_balloon_send_free_pages);
+   report_free_page_completion(vb);
+}
+
+static void free_page_request(struct virtqueue *vq)
+{
+   struct virtio_balloon *vb = vq->vdev->priv;
+
+   queue_work(system_freezable_wq, &vb->report_free_page_work);
+}
+
 static int init_vqs(struct virtio_balloon *vb)
 {
-   struct virtqueue *vqs[3];
-   vq_callback_t *callbacks[] = { balloon_ack, balloon_ack, stats_request 
};
-   static const char * const names[] = { "inflate", "deflate", "stats" };
-   int err, nvqs;
+   struct virtqueue **vqs;
+   vq_callback_t **callbacks;
+   const char **names;
+   struct scatterlist sg;
+   int i, nvqs, err = -ENOMEM;
+
+   /* Inflateq and deflateq are used unconditionally */
+   nvqs = 2;
+   if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ))
+   nvqs++;
+   if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_FREE_PAGE_VQ))
+   nvqs++;
+
+   /* Allocate space for find_vqs parameters */
+   vqs = kcalloc(nvqs, sizeof(*vqs), GFP_KERNEL);
+   if (!vqs)
+   goto err_vq;
+   callbacks = kmalloc_array(nvqs, sizeof(*callbacks), GFP_KERNEL);
+   if (!callbacks)
+   goto err_callback;
+   names = kmalloc_array(nvqs, sizeof(*names), GFP_KERNEL);
+   if (!names)
+   goto err_names;
+
+   callbacks[0] = balloon_ack;
+   names[0] = "inflate";
+   callbacks[1] = balloon_ack;
+   names[1] = "deflate";
+
+   i = 2;
+   if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ)) {
+   ca

[Qemu-devel] [PATCH v14 4/5] mm: support reporting free page blocks

[Wei Wang]

This patch adds support to walk through the free page blocks in the
system and report them via a callback function. Some page blocks may
leave the free list after zone->lock is released, so it is the caller's
responsibility to either detect or prevent the use of such pages.

Signed-off-by: Wei Wang 
Signed-off-by: Liang Li 
Cc: Michal Hocko 
Cc: Michael S. Tsirkin 
---
 include/linux/mm.h |  6 ++
 mm/page_alloc.c| 44 
 2 files changed, 50 insertions(+)

diff --git a/include/linux/mm.h b/include/linux/mm.h
index 46b9ac5..cd29b9f 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1835,6 +1835,12 @@ extern void free_area_init_node(int nid, unsigned long * 
zones_size,
unsigned long zone_start_pfn, unsigned long *zholes_size);
 extern void free_initmem(void);
 
+extern void walk_free_mem_block(void *opaque1,
+   unsigned int min_order,
+   void (*visit)(void *opaque2,
+ unsigned long pfn,
+ unsigned long nr_pages));
+
 /*
  * Free reserved pages within range [PAGE_ALIGN(start), end & PAGE_MASK)
  * into the buddy system. The freed pages will be poisoned with pattern
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 6d00f74..a721a35 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -4762,6 +4762,50 @@ void show_free_areas(unsigned int filter, nodemask_t 
*nodemask)
show_swap_cache_info();
 }
 
+/**
+ * walk_free_mem_block - Walk through the free page blocks in the system
+ * @opaque1: the context passed from the caller
+ * @min_order: the minimum order of free lists to check
+ * @visit: the callback function given by the caller
+ *
+ * The function is used to walk through the free page blocks in the system,
+ * and each free page block is reported to the caller via the @visit callback.
+ * Please note:
+ * 1) The function is used to report hints of free pages, so the caller should
+ * not use those reported pages after the callback returns.
+ * 2) The callback is invoked with the zone->lock being held, so it should not
+ * block and should finish as soon as possible.
+ */
+void walk_free_mem_block(void *opaque1,
+unsigned int min_order,
+void (*visit)(void *opaque2,
+  unsigned long pfn,
+  unsigned long nr_pages))
+{
+   struct zone *zone;
+   struct page *page;
+   struct list_head *list;
+   unsigned int order;
+   enum migratetype mt;
+   unsigned long pfn, flags;
+
+   for_each_populated_zone(zone) {
+   for (order = MAX_ORDER - 1;
+order < MAX_ORDER && order >= min_order; order--) {
+   for (mt = 0; mt < MIGRATE_TYPES; mt++) {
+   spin_lock_irqsave(&zone->lock, flags);
+   list = &zone->free_area[order].free_list[mt];
+   list_for_each_entry(page, list, lru) {
+   pfn = page_to_pfn(page);
+   visit(opaque1, pfn, 1 << order);
+   }
+   spin_unlock_irqrestore(&zone->lock, flags);
+   }
+   }
+   }
+}
+EXPORT_SYMBOL_GPL(walk_free_mem_block);
+
 static void zoneref_set_zone(struct zone *zone, struct zoneref *zoneref)
 {
zoneref->zone = zone;
-- 
2.7.4

[Qemu-devel] [PATCH v14 3/5] virtio-balloon: VIRTIO_BALLOON_F_SG

[Wei Wang]

Add a new feature, VIRTIO_BALLOON_F_SG, which enables the transfer
of balloon (i.e. inflated/deflated) pages using scatter-gather lists
to the host.

The implementation of the previous virtio-balloon is not very
efficient, because the balloon pages are transferred to the
host one by one. Here is the breakdown of the time in percentage
spent on each step of the balloon inflating process (inflating
7GB of an 8GB idle guest).

1) allocating pages (6.5%)
2) sending PFNs to host (68.3%)
3) address translation (6.1%)
4) madvise (19%)

It takes about 4126ms for the inflating process to complete.
The above profiling shows that the bottlenecks are stage 2)
and stage 4).

This patch optimizes step 2) by transferring pages to the host in
sgs. An sg describes a chunk of guest physically continuous pages.
With this mechanism, step 4) can also be optimized by doing address
translation and madvise() in chunks rather than page by page.

With this new feature, the above ballooning process takes ~541ms
resulting in an improvement of ~87%.

TODO: optimize stage 1) by allocating/freeing a chunk of pages
instead of a single page each time.

Signed-off-by: Wei Wang 
Signed-off-by: Liang Li 
Suggested-by: Michael S. Tsirkin 
---
 drivers/virtio/virtio_balloon.c | 157 
 include/uapi/linux/virtio_balloon.h |   1 +
 2 files changed, 141 insertions(+), 17 deletions(-)

diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
index f0b3a0b..72041b4 100644
--- a/drivers/virtio/virtio_balloon.c
+++ b/drivers/virtio/virtio_balloon.c
@@ -32,6 +32,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /*
  * Balloon device works in 4K page units.  So each page is pointed to by
@@ -79,6 +80,9 @@ struct virtio_balloon {
/* Synchronize access/update to this struct virtio_balloon elements */
struct mutex balloon_lock;
 
+   /* The xbitmap used to record ballooned pages */
+   struct xb page_xb;
+
/* The array of pfns we tell the Host about. */
unsigned int num_pfns;
__virtio32 pfns[VIRTIO_BALLOON_ARRAY_PFNS_MAX];
@@ -141,13 +145,98 @@ static void set_page_pfns(struct virtio_balloon *vb,
  page_to_balloon_pfn(page) + i);
 }
 
+static int add_one_sg(struct virtqueue *vq, void *addr, uint32_t size)
+{
+   struct scatterlist sg;
+
+   sg_init_one(&sg, addr, size);
+   return virtqueue_add_inbuf(vq, &sg, 1, vq, GFP_KERNEL);
+}
+
+static void send_balloon_page_sg(struct virtio_balloon *vb,
+struct virtqueue *vq,
+void *addr,
+uint32_t size)
+{
+   unsigned int len;
+   int ret;
+
+   do {
+   ret = add_one_sg(vq, addr, size);
+   virtqueue_kick(vq);
+   wait_event(vb->acked, virtqueue_get_buf(vq, &len));
+   /*
+* It is uncommon to see the vq is full, because the sg is sent
+* one by one and the device is able to handle it in time. But
+* if that happens, we go back to retry after an entry gets
+* released.
+*/
+   } while (unlikely(ret == -ENOSPC));
+}
+
+/*
+ * Send balloon pages in sgs to host. The balloon pages are recorded in the
+ * page xbitmap. Each bit in the bitmap corresponds to a page of PAGE_SIZE.
+ * The page xbitmap is searched for continuous "1" bits, which correspond
+ * to continuous pages, to chunk into sgs.
+ *
+ * @page_xb_start and @page_xb_end form the range of bits in the xbitmap that
+ * need to be searched.
+ */
+static void tell_host_sgs(struct virtio_balloon *vb,
+ struct virtqueue *vq,
+ unsigned long page_xb_start,
+ unsigned long page_xb_end)
+{
+   unsigned long sg_pfn_start, sg_pfn_end;
+   void *sg_addr;
+   uint32_t sg_len, sg_max_len = round_down(UINT_MAX, PAGE_SIZE);
+
+   sg_pfn_start = page_xb_start;
+   while (sg_pfn_start < page_xb_end) {
+   sg_pfn_start = xb_find_next_bit(&vb->page_xb, sg_pfn_start,
+   page_xb_end, 1);
+   if (sg_pfn_start == page_xb_end + 1)
+   break;
+   sg_pfn_end = xb_find_next_bit(&vb->page_xb, sg_pfn_start + 1,
+ page_xb_end, 0);
+   sg_addr = (void *)pfn_to_kaddr(sg_pfn_start);
+   sg_len = (sg_pfn_end - sg_pfn_start) << PAGE_SHIFT;
+   while (sg_len > sg_max_len) {
+   send_balloon_page_sg(vb, vq, sg_addr, sg_max_len);
+   sg_addr += sg_max_len;
+   sg_len -= sg_max_len;
+   }
+   send_balloon_page_sg(vb, vq, sg_addr, sg_len);
+   xb_zero(&vb->page_xb, sg_pfn_start, sg_pfn_end);
+   sg_pfn_start = sg_pfn_end + 1;
+ 

[Qemu-devel] [PATCH v14 2/5] lib/xbitmap: add xb_find_next_bit() and xb_zero()

[Wei Wang]

xb_find_next_bit() is used to find the next "1" or "0" bit in the
given range. xb_zero() is used to zero the given range of bits.

Signed-off-by: Wei Wang 
Cc: Andrew Morton 
Cc: Matthew Wilcox 
Cc: Michal Hocko 
Cc: Michael S. Tsirkin 
---
 include/linux/xbitmap.h |  3 +++
 lib/xbitmap.c   | 39 +++
 2 files changed, 42 insertions(+)

diff --git a/include/linux/xbitmap.h b/include/linux/xbitmap.h
index 5edbf84..739d08c 100644
--- a/include/linux/xbitmap.h
+++ b/include/linux/xbitmap.h
@@ -38,6 +38,9 @@ static inline void xb_init(struct xb *xb)
 int xb_set_bit(struct xb *xb, unsigned long bit);
 bool xb_test_bit(const struct xb *xb, unsigned long bit);
 void xb_clear_bit(struct xb *xb, unsigned long bit);
+void xb_zero(struct xb *xb, unsigned long start, unsigned long end);
+unsigned long xb_find_next_bit(struct xb *xb, unsigned long start,
+  unsigned long end, bool set);
 
 /* Check if the xb tree is empty */
 static inline bool xb_is_empty(const struct xb *xb)
diff --git a/lib/xbitmap.c b/lib/xbitmap.c
index cc766d9..2267ac2 100644
--- a/lib/xbitmap.c
+++ b/lib/xbitmap.c
@@ -174,3 +174,42 @@ void xb_preload(gfp_t gfp)
}
 }
 EXPORT_SYMBOL(xb_preload);
+
+/**
+ *  xb_zero - zero a range of bits in the xbitmap
+ *  @xb: the xbitmap that the bits reside in
+ *  @start: the start of the range, inclusive
+ *  @end: the end of the range, inclusive
+ */
+void xb_zero(struct xb *xb, unsigned long start, unsigned long end)
+{
+   unsigned long i;
+
+   for (i = start; i <= end; i++)
+   xb_clear_bit(xb, i);
+}
+EXPORT_SYMBOL(xb_zero);
+
+/**
+ * xb_find_next_bit - find next 1 or 0 in the give range of bits
+ * @xb: the xbitmap that the bits reside in
+ * @start: the start of the range, inclusive
+ * @end: the end of the range, inclusive
+ * @set: the polarity (1 or 0) of the next bit to find
+ *
+ * Return the index of the found bit in the xbitmap. If the returned index
+ * exceeds @end, it indicates that no such bit is found in the given range.
+ */
+unsigned long xb_find_next_bit(struct xb *xb, unsigned long start,
+  unsigned long end, bool set)
+{
+   unsigned long i;
+
+   for (i = start; i <= end; i++) {
+   if (xb_test_bit(xb, i) == set)
+   break;
+   }
+
+   return i;
+}
+EXPORT_SYMBOL(xb_find_next_bit);
-- 
2.7.4

[Qemu-devel] [PATCH v14 0/5] Virtio-balloon Enhancement

[Wei Wang]

This patch series enhances the existing virtio-balloon with the following
new features:
1) fast ballooning: transfer ballooned pages between the guest and host in
chunks using sgs, instead of one by one; and
2) free_page_vq: a new virtqueue to report guest free pages to the host.

The second feature can be used to accelerate live migration of VMs. Here
are some details:

Live migration needs to transfer the VM's memory from the source machine
to the destination round by round. For the 1st round, all the VM's memory
is transferred. From the 2nd round, only the pieces of memory that were
written by the guest (after the 1st round) are transferred. One method
that is popularly used by the hypervisor to track which part of memory is
written is to write-protect all the guest memory.

The second feature  enables the optimization of the 1st round memory
transfer - the hypervisor can skip the transfer of guest free pages in the
1st round. It is not concerned that the memory pages are used after they
are given to the hypervisor as a hint of the free pages, because they will
be tracked by the hypervisor and transferred in the next round if they are
used and written.

Change Log:
v13->v14:
1) xbitmap: move the code from lib/radix-tree.c to lib/xbitmap.c.
2) xbitmap: consolidate the implementation of xb_bit_set/clear/test into
one xb_bit_ops.
3) xbitmap: add documents for the exported APIs.
4) mm: rewrite the function to walk through free page blocks.
5) virtio-balloon: when reporting a free page blcok to the device, if the
vq is full (less likey to happen in practice), just skip reporting this
block, instead of busywaiting till an entry gets released.
6) virtio-balloon: fail the probe function if adding the signal buf in
init_vqs fails.

v12->v13:
1) mm: use a callback function to handle the the free page blocks from the
report function. This avoids exposing the zone internal to a kernel module.
2) virtio-balloon: send balloon pages or a free page block using a single sg
each time. This has the benefits of simpler implementation with no new APIs.
3) virtio-balloon: the free_page_vq is used to report free pages only (no
multiple usages interleaving)
4) virtio-balloon: Balloon pages and free page blocks are sent via input sgs,
and the completion signal to the host is sent via an output sg.

v11->v12:
1) xbitmap: use the xbitmap from Matthew Wilcox to record ballooned pages.
2) virtio-ring: enable the driver to build up a desc chain using vring desc.
3) virtio-ring: Add locking to the existing START_USE() and END_USE() macro
to lock/unlock the vq when a vq operation starts/ends.
4) virtio-ring: add virtqueue_kick_sync() and virtqueue_kick_async()
5) virtio-balloon: describe chunks of ballooned pages and free pages blocks
directly using one or more chains of desc from the vq.

v10->v11:
1) virtio_balloon: use vring_desc to describe a chunk;
2) virtio_ring: support to add an indirect desc table to virtqueue;
3)  virtio_balloon: use cmdq to report guest memory statistics.

v9->v10:
1) mm: put report_unused_page_block() under CONFIG_VIRTIO_BALLOON;
2) virtio-balloon: add virtballoon_validate();
3) virtio-balloon: msg format change;
4) virtio-balloon: move miscq handling to a task on system_freezable_wq;
5) virtio-balloon: code cleanup.

v8->v9:
1) Split the two new features, VIRTIO_BALLOON_F_BALLOON_CHUNKS and
VIRTIO_BALLOON_F_MISC_VQ, which were mixed together in the previous
implementation;
2) Simpler function to get the free page block.

v7->v8:
1) Use only one chunk format, instead of two.
2) re-write the virtio-balloon implementation patch.
3) commit changes
4) patch re-org

Matthew Wilcox (1):
  lib/xbitmap: Introduce xbitmap

Wei Wang (4):
  lib/xbitmap: add xb_find_next_bit() and xb_zero()
  virtio-balloon: VIRTIO_BALLOON_F_SG
  mm: support reporting free page blocks
  virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_VQ

 drivers/virtio/virtio_balloon.c | 324 +++-
 include/linux/mm.h  |   6 +
 include/linux/radix-tree.h  |   3 +
 include/linux/xbitmap.h |  64 +++
 include/uapi/linux/virtio_balloon.h |   2 +
 lib/Makefile|   2 +-
 lib/radix-tree.c|  22 ++-
 lib/xbitmap.c   | 215 
 mm/page_alloc.c |  44 +
 9 files changed, 640 insertions(+), 42 deletions(-)
 create mode 100644 include/linux/xbitmap.h
 create mode 100644 lib/xbitmap.c

-- 
2.7.4

[Qemu-devel] [PATCH v14 1/5] lib/xbitmap: Introduce xbitmap

[Wei Wang]

From: Matthew Wilcox 

The eXtensible Bitmap is a sparse bitmap representation which is
efficient for set bits which tend to cluster.  It supports up to
'unsigned long' worth of bits, and this commit adds the bare bones --
xb_set_bit(), xb_clear_bit() and xb_test_bit().

Signed-off-by: Matthew Wilcox 
Signed-off-by: Wei Wang 
Cc: Andrew Morton 
Cc: Michal Hocko 
Cc: Michael S. Tsirkin 
---
 include/linux/radix-tree.h |   3 +
 include/linux/xbitmap.h|  61 
 lib/Makefile   |   2 +-
 lib/radix-tree.c   |  22 +-
 lib/xbitmap.c  | 176 +
 5 files changed, 260 insertions(+), 4 deletions(-)
 create mode 100644 include/linux/xbitmap.h
 create mode 100644 lib/xbitmap.c

diff --git a/include/linux/radix-tree.h b/include/linux/radix-tree.h
index 3e57350..e1203b1 100644
--- a/include/linux/radix-tree.h
+++ b/include/linux/radix-tree.h
@@ -309,6 +309,8 @@ void radix_tree_iter_replace(struct radix_tree_root *,
const struct radix_tree_iter *, void __rcu **slot, void *entry);
 void radix_tree_replace_slot(struct radix_tree_root *,
 void __rcu **slot, void *entry);
+bool __radix_tree_delete(struct radix_tree_root *root,
+struct radix_tree_node *node, void __rcu **slot);
 void __radix_tree_delete_node(struct radix_tree_root *,
  struct radix_tree_node *,
  radix_tree_update_node_t update_node,
@@ -325,6 +327,7 @@ unsigned int radix_tree_gang_lookup(const struct 
radix_tree_root *,
 unsigned int radix_tree_gang_lookup_slot(const struct radix_tree_root *,
void __rcu ***results, unsigned long *indices,
unsigned long first_index, unsigned int max_items);
+int __radix_tree_preload(gfp_t gfp_mask, unsigned int nr);
 int radix_tree_preload(gfp_t gfp_mask);
 int radix_tree_maybe_preload(gfp_t gfp_mask);
 int radix_tree_maybe_preload_order(gfp_t gfp_mask, int order);
diff --git a/include/linux/xbitmap.h b/include/linux/xbitmap.h
new file mode 100644
index 000..5edbf84
--- /dev/null
+++ b/include/linux/xbitmap.h
@@ -0,0 +1,61 @@
+/*
+ * eXtensible Bitmaps
+ * Copyright (c) 2017 Microsoft Corporation 
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * eXtensible Bitmaps provide an unlimited-size sparse bitmap facility.
+ * All bits are initially zero.
+ */
+
+#ifndef __XBITMAP_H__
+#define __XBITMAP_H__
+
+#include 
+
+struct xb {
+   struct radix_tree_root xbrt;
+};
+
+#define XB_INIT {  \
+   .xbrt = RADIX_TREE_INIT(IDR_RT_MARKER | GFP_NOWAIT),\
+}
+#define DEFINE_XB(name)struct xb name = XB_INIT
+
+static inline void xb_init(struct xb *xb)
+{
+   INIT_RADIX_TREE(&xb->xbrt, IDR_RT_MARKER | GFP_NOWAIT);
+}
+
+int xb_set_bit(struct xb *xb, unsigned long bit);
+bool xb_test_bit(const struct xb *xb, unsigned long bit);
+void xb_clear_bit(struct xb *xb, unsigned long bit);
+
+/* Check if the xb tree is empty */
+static inline bool xb_is_empty(const struct xb *xb)
+{
+   return radix_tree_empty(&xb->xbrt);
+}
+
+void xb_preload(gfp_t gfp);
+
+/**
+ * xb_preload_end - end preload section started with xb_preload()
+ *
+ * Each xb_preload() should be matched with an invocation of this
+ * function. See xb_preload() for details.
+ */
+static inline void xb_preload_end(void)
+{
+   preempt_enable();
+}
+
+#endif
diff --git a/lib/Makefile b/lib/Makefile
index 40c1837..ea50496 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -18,7 +18,7 @@ KCOV_INSTRUMENT_dynamic_debug.o := n
 
 lib-y := ctype.o string.o vsprintf.o cmdline.o \
 rbtree.o radix-tree.o dump_stack.o timerqueue.o\
-idr.o int_sqrt.o extable.o \
+idr.o xbitmap.o int_sqrt.o extable.o \
 sha1.o chacha20.o irq_regs.o argv_split.o \
 flex_proportions.o ratelimit.o show_mem.o \
 is_single_threaded.o plist.o decompress.o kobject_uevent.o \
diff --git a/lib/radix-tree.c b/lib/radix-tree.c
index 898e879..ee72e2c 100644
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
@@ -463,7 +463,7 @@ radix_tree_node_free(struct radix_tree_node *node)
  * To make use of this facility, the radix tree must be initialised without
  * __GFP_DIRECT_RECLAIM being passed to INIT_RADIX_TREE().
  */
-static int __radix_tree_preload(gfp_t gfp_mask, unsigned nr)
+int __radix_tree_preload(gfp_t gfp_mask, unsigned int nr)
 {
struct radix_tr

Re: [Qemu-devel] [PATCH v3 0/5] target-ppc/spapr: Add FWNMI support in QEMU for PowerKVM guests

[Sam Bobroff]

On Wed, Aug 16, 2017 at 02:41:59PM +0530, Aravinda Prasad wrote:
> This series of patches adds support for FWNMI in PowerKVM guests.
> 
> Memory error such as bit flips that cannot be corrected
> by hardware is passed on to the kernel for handling
> by raising machine check exception (an NMI). Upon such
> machine check exception, if the address in error belongs
> to guest then KVM causes a guest exit with KVM_EXIT_NMI
> exit reason.
> 
> This patch series adds functionality to pass on such
> machine check exception to the guest kernel by suitably
> handling KVM_EXIT_NMI exit and building the error log.
> 
> The KVM changes are now part of the upstream kernel
> (commit e20bbd3d). This series contain QEMU changes.

[snip]

Hi,

I'm concerned that this implementation may introduce a problem with
kexec. If a VM registers an NMI handler, then kexecs to a new kernel
and an NMI is received before the new kernel has registered it's
handler, won't QEMU cause the guest to jump to the old, now invalid,
handler address? Is this worth worrying about?

Cheers,
Sam.

Re: [Qemu-devel] [PATCH RFC v2 00/10] tests: Add VM based build tests (for non-x86_64 and/or non-Linux)

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20170817024746.5961-1-f...@redhat.com
Subject: [Qemu-devel] [PATCH RFC v2 00/10] tests: Add VM based build tests (for 
non-x86_64 and/or non-Linux)

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
105f5eda56 MAINTAINERS: Add tests/vm entry
012331cdc4 Makefile: Add rules to run vm tests
6117b3b586 tests: Add OpenBSD image
5988e28153 tests: Add NetBSD image
a1ce1a5157 tests: Add FreeBSD image
d72a9004c5 tests: Add ubuntu.i386 image
aa3230dfba tests: Add vm test lib
a7f1560440 qemu.py: Add "wait()" method
173f01167a qemu.py: Add variable vga type
f2a17024c1 gitignore: Ignore vm test images

=== OUTPUT BEGIN ===
Checking PATCH 1/10: gitignore: Ignore vm test images...
Checking PATCH 2/10: qemu.py: Add variable vga type...
Checking PATCH 3/10: qemu.py: Add "wait()" method...
Checking PATCH 4/10: tests: Add vm test lib...
ERROR: line over 90 characters
#83: FILE: tests/vm/basevm.py:58:
+ssh-rsa 
B3NzaC1yc2EDAQABAAABAQCikC46WYtXotUd0UGPz9547Aj0KqC4gk+nt4BBJm86IHgCD9FygSGX9EFutXlhz9KZIPg9Okk7+IzXRHCWI2MNvhrcjyrezKREm71z08j9iwfxY3340fY2Mo+0khwpO7bzsgzkljHIHqcOg7MgttPInVMNH/EfqpgR8EDKJuWCB2Ny+EBFN/3dAiff0X/EvKle9PUrY70EkSycnyURS8HZReEqj8lN9J5kXzA8F6jBo/0Q42Ttv6e4k5YcaDrwmLrBWLra2PCXZLNyHqXEiFkGmdXtA1Eox9gc/p4jIXim6xrPNmpN6WyrrEjaCF5xYvNv8wXkD6uSWwbHYU24lIAn
 qemu-vm-key

WARNING: line over 80 characters
#193: FILE: tests/vm/basevm.py:168:
+"file=%s,if=none,id=%s,cache=writeback,format=raw" 
% \

WARNING: line over 80 characters
#196: FILE: tests/vm/basevm.py:171:
+"virtio-blk,drive=%s,serial=%s,bootindex=1" % 
(name, name)]

total: 1 errors, 2 warnings, 262 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 5/10: tests: Add ubuntu.i386 image...
Checking PATCH 6/10: tests: Add FreeBSD image...
Checking PATCH 7/10: tests: Add NetBSD image...
Checking PATCH 8/10: tests: Add OpenBSD image...
Checking PATCH 9/10: Makefile: Add rules to run vm tests...
Checking PATCH 10/10: MAINTAINERS: Add tests/vm entry...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PATCH RFC v2 09/10] Makefile: Add rules to run vm tests

[Fam Zheng]

Signed-off-by: Fam Zheng 
---
 Makefile  |  2 ++
 configure |  2 +-
 tests/vm/Makefile.include | 41 +
 3 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 tests/vm/Makefile.include

diff --git a/Makefile b/Makefile
index 81447b1f08..2798a5ca69 100644
--- a/Makefile
+++ b/Makefile
@@ -813,6 +813,7 @@ endif
 -include $(wildcard *.d tests/*.d)
 
 include $(SRC_PATH)/tests/docker/Makefile.include
+include $(SRC_PATH)/tests/vm/Makefile.include
 
 .PHONY: help
 help:
@@ -836,6 +837,7 @@ help:
@echo  'Test targets:'
@echo  '  check   - Run all tests (check-help for details)'
@echo  '  docker  - Help about targets running tests inside 
Docker containers'
+   @echo  '  vm-test - Help about targets running tests inside VM'
@echo  ''
@echo  'Documentation targets:'
@echo  '  html info pdf txt'
diff --git a/configure b/configure
index dd73cce62f..9a3052e9ad 100755
--- a/configure
+++ b/configure
@@ -6544,7 +6544,7 @@ if test "$ccache_cpp2" = "yes"; then
 fi
 
 # build tree in object directory in case the source is not in the current 
directory
-DIRS="tests tests/tcg tests/tcg/cris tests/tcg/lm32 tests/libqos 
tests/qapi-schema tests/tcg/xtensa tests/qemu-iotests"
+DIRS="tests tests/tcg tests/tcg/cris tests/tcg/lm32 tests/libqos 
tests/qapi-schema tests/tcg/xtensa tests/qemu-iotests tests/vm"
 DIRS="$DIRS docs docs/interop fsdev"
 DIRS="$DIRS pc-bios/optionrom pc-bios/spapr-rtas pc-bios/s390-ccw"
 DIRS="$DIRS roms/seabios roms/vgabios"
diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
new file mode 100644
index 00..8bcde3a8f8
--- /dev/null
+++ b/tests/vm/Makefile.include
@@ -0,0 +1,41 @@
+# Makefile for VM tests
+
+.PHONY: vm-build-all
+
+IMAGES := ubuntu.i386 freebsd netbsd openbsd
+IMAGE_FILES := $(patsubst %, tests/vm/%.img, $(IMAGES))
+
+.PRECIOUS: $(IMAGE_FILES)
+
+vm-test:
+   @echo "vm-test: Test QEMU in preconfigured virtual machines"
+   @echo
+   @echo "  vm-build-ubuntu.i386- Build QEMU in ubuntu i386 VM"
+   @echo "  vm-build-freebsd- Build QEMU in FreeBSD VM"
+   @echo "  vm-build-netbsd - Build QEMU in NetBSD VM"
+   @echo "  vm-build-freebsd- Build QEMU in OpenBSD VM"
+
+vm-build-all: $(addprefix vm-build-, $(IMAGES))
+
+tests/vm/%.img: $(SRC_PATH)/tests/vm/%
+   $(call quiet-command, \
+   $(SRC_PATH)/tests/vm/$* \
+   $(if $(V)$(DEBUG), --debug) \
+   --image "$@" \
+   --force \
+   --build-image $@, \
+   "  VM-IMAGE $*")
+
+
+# Build in VM $(IMAGE)
+vm-build-%: tests/vm/%.img
+   $(call quiet-command, \
+   $(SRC_PATH)/tests/vm/$* \
+   $(if $(V)$(DEBUG), --debug) \
+   $(if $(DEBUG), --interactive) \
+   --image "$<" \
+   --build-qemu $(SRC_PATH) \
+   $(if $(TARGET_DIRS), --target-list=$(TARGET_DIRS), \
+   $(if $(TARGET_LIST), --target-list=$(TARGET_LIST))), \
+   "  VM-BUILD $*")
+
-- 
2.13.4

[Qemu-devel] [PATCH RFC v2 06/10] tests: Add FreeBSD image

[Fam Zheng]

The image is prepared following instructions as in:

https://wiki.qemu.org/Hosts/BSD

Signed-off-by: Fam Zheng 
---
 tests/vm/freebsd | 45 +
 1 file changed, 45 insertions(+)
 create mode 100755 tests/vm/freebsd

diff --git a/tests/vm/freebsd b/tests/vm/freebsd
new file mode 100755
index 00..0e4eb037d7
--- /dev/null
+++ b/tests/vm/freebsd
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+#
+# FreeBSD VM image
+#
+# Copyright (C) 2017 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#
+# This work is licensed under the terms of the GNU GPL, version 2.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import logging
+import subprocess
+import tempfile
+import time
+import basevm
+
+class FreeBSDVM(basevm.BaseVM):
+name = "freebsd"
+BUILD_SCRIPT = """
+set -e;
+cd $(mktemp -d /var/tmp/qemu-test.XX);
+tar -xf /dev/vtbd1;
+./configure {configure_opts};
+gmake -j{jobs};
+gmake check;
+"""
+
+def build_image(self, img, rebuild=False):
+if os.path.exists(img) and not rebuild:
+return
+cimg = 
self._download_with_cache("http://download.patchew.org/freebsd.img.xz";,
+
sha256sum='adcb771549b37bc63826c501f05121a206ed3d9f55f49145908f7e1432d65891')
+img_tmp_xz = img + ".tmp.xz"
+img_tmp = img + ".tmp"
+subprocess.check_call(["cp", "-f", cimg, img_tmp_xz])
+subprocess.check_call(["xz", "-df", img_tmp_xz])
+os.rename(img_tmp, img)
+
+if __name__ == "__main__":
+sys.exit(basevm.main(FreeBSDVM))
-- 
2.13.4

[Qemu-devel] [PATCH RFC v2 05/10] tests: Add ubuntu.i386 image

[Fam Zheng]

This adds a 32bit guest.

The official LTS cloud image is downloaded and initialized with
cloud-init.

Signed-off-by: Fam Zheng 
---
 tests/vm/ubuntu.i386 | 88 
 1 file changed, 88 insertions(+)
 create mode 100755 tests/vm/ubuntu.i386

diff --git a/tests/vm/ubuntu.i386 b/tests/vm/ubuntu.i386
new file mode 100755
index 00..b478a8a03f
--- /dev/null
+++ b/tests/vm/ubuntu.i386
@@ -0,0 +1,88 @@
+#!/usr/bin/env python
+#
+# Ubuntu i386 image
+#
+# Copyright (C) 2017 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#
+# This work is licensed under the terms of the GNU GPL, version 2.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import logging
+import subprocess
+import tempfile
+import time
+import basevm
+
+class UbuntuX86VM(basevm.BaseVM):
+name = "ubuntu.i386"
+BUILD_SCRIPT = """
+set -e;
+cd $(mktemp -d);
+sudo chmod a+r /dev/vdb;
+tar -xf /dev/vdb;
+./configure {configure_opts};
+make -j{jobs};
+make check;
+"""
+
+def _gen_cloud_init_iso(self):
+cidir = self._tmpdir
+mdata = open(os.path.join(cidir, "meta-data"), "w")
+mdata.writelines(["instance-id: ubuntu-vm-0\n",
+ "local-hostname: ubuntu-guest\n"])
+mdata.close()
+udata = open(os.path.join(cidir, "user-data"), "w")
+udata.writelines(["#cloud-config\n",
+  "chpasswd:\n",
+  "  list: |\n",
+  "root:%s\n" % self.ROOT_PASS,
+  "%s:%s\n" % (self.GUEST_USER, self.GUEST_PASS),
+  "  expire: False\n",
+  "users:\n",
+  "  - name: %s\n" % self.GUEST_USER,
+  "sudo: ALL=(ALL) NOPASSWD:ALL\n",
+  "ssh-authorized-keys:\n",
+  "- %s\n" % basevm.SSH_PUB_KEY,
+  "  - name: root\n",
+  "ssh-authorized-keys:\n",
+  "- %s\n" % basevm.SSH_PUB_KEY])
+udata.close()
+subprocess.check_call(["genisoimage", "-output", "cloud-init.iso",
+   "-volid", "cidata", "-joliet", "-rock",
+   "user-data", "meta-data"],
+   cwd=cidir,
+   stdin=self._devnull, stdout=self._stdout,
+   stderr=self._stdout)
+return os.path.join(cidir, "cloud-init.iso")
+
+def build_image(self, img):
+cimg = 
self._download_with_cache("https://cloud-images.ubuntu.com/releases/16.04/release/ubuntu-16.04-server-cloudimg-i386-disk1.img";)
+img_tmp = img + ".tmp"
+subprocess.check_call(["cp", "-f", cimg, img_tmp])
+subprocess.check_call(["qemu-img", "resize", img_tmp, "50G"])
+self.boot(img_tmp, extra_args = ["-cdrom", self._gen_cloud_init_iso()])
+self.wait_ssh()
+self.ssh_root_check("touch /etc/cloud/cloud-init.disabled")
+self.ssh_root_check("apt-get update")
+self.ssh_root_check("apt-get install -y cloud-initramfs-growroot")
+# Don't check the status in case the guest hang up too quickly
+self.ssh_root("sync && reboot")
+time.sleep(5)
+self.wait_ssh()
+# The previous update sometimes doesn't survive a reboot, so do it 
again
+self.ssh_root_check("apt-get update")
+self.ssh_root_check("apt-get build-dep -y qemu")
+self.ssh_root_check("apt-get install -y libfdt-dev")
+self.ssh_root("poweroff")
+self.wait()
+os.rename(img_tmp, img)
+return 0
+
+if __name__ == "__main__":
+sys.exit(basevm.main(UbuntuX86VM))
-- 
2.13.4

[Qemu-devel] [PATCH RFC v2 10/10] MAINTAINERS: Add tests/vm entry

[Fam Zheng]

Signed-off-by: Fam Zheng 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index ccee28b12d..0ed607d003 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1881,6 +1881,7 @@ S: Maintained
 F: .travis.yml
 F: .shippable.yml
 F: tests/docker/
+F: tests/vm/
 W: https://travis-ci.org/qemu/qemu
 W: https://app.shippable.com/github/qemu/qemu
 W: http://patchew.org/QEMU/
-- 
2.13.4

[Qemu-devel] [PATCH RFC v2 04/10] tests: Add vm test lib

[Fam Zheng]

This is the common code to implement a "VM test" to

  1) Download and initialize a pre-defined VM that has necessary
  dependencies to build QEMU and SSH access.

  2) Archive $SRC_PATH to a .tar file.

  3) Boot the VM, and pass the source tar file to the guest.

  4) SSH into the VM, untar the source tarball, build from the source.

Signed-off-by: Fam Zheng 
---
 tests/vm/basevm.py | 262 +
 1 file changed, 262 insertions(+)
 create mode 100755 tests/vm/basevm.py

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
new file mode 100755
index 00..ad5663fb8e
--- /dev/null
+++ b/tests/vm/basevm.py
@@ -0,0 +1,262 @@
+#!/usr/bin/env python
+#
+# VM testing base class
+#
+# Copyright (C) 2017 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#
+# This work is licensed under the terms of the GNU GPL, version 2.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import logging
+import time
+import datetime
+sys.path.append(os.path.join(os.path.dirname(__file__), "..", "..", "scripts"))
+from qemu import QEMUMachine
+import subprocess
+import hashlib
+import argparse
+import atexit
+import tempfile
+import shutil
+
+SSH_KEY = """\
+-BEGIN RSA PRIVATE KEY-
+MIIEowIBAAKCAQEAopAuOlmLV6LVHdFBj8/eeOwI9CqguIJPp7eAQSZvOiB4Ag/R
+coEhl/RBbrV5Yc/SmSD4PTpJO/iM10RwliNjDb4a3I8q3sykRJu9c9PI/YsH8WN9
++NH2NjKPtJIcKTu287IM5JYxyB6nDoOzILbTyJ1TDR/xH6qYEfBAyiblggdjcvhA
+RTf93QIn39F/xLypXvT1K2O9BJEsnJ8lEUvB2UXhKo/JTfSeZF8wPBeowaP9EONk
+7b+nuJOWHGg68Ji6wVi62tjwl2Szch6lxIhZBpnV7QNRKMfYHP6eIyF4pusazzZq
+Telsq6xI2ghecWLzb/MF5A+rklsGx2FNuJSAJwIDAQABAoIBAHHi4o/8VZNivz0x
+cWXn8erzKV6tUoWQvW85Lj/2RiwJvSlsnYZDkx5af1CpEE2HA/pFT8PNRqsd+MWC
+7AEy710cVsM4BYerBFYQaYxwzblaoojo88LSjVPw3h5Z0iLM8+IMVd36nwuc9dpE
+R8TecMZ1+U4Tl6BgqkK+9xToZRdPKdjS8L5MoFhGN+xY0vRbbJbGaV9Q0IHxLBkB
+rEBV7T1mUynneCHRUQlJQEwJmKpT8MH3IjsUXlG5YvnuuvcQJSNTaW2iDLxuOKp8
+cxW8+qL88zpb1D5dppoIu6rlrugN0azSq70ruFJQPc/A8GQrDKoGgRQiagxNY3u+
+vHZzXlECgYEA0dKO3gfkSxsDBb94sQwskMScqLhcKhztEa8kPxTx6Yqh+x8/scx3
+XhJyOt669P8U1v8a/2Al+s81oZzzfQSzO1Q7gEwSrgBcRMSIoRBUw9uYcy02ngb/
+j/ng3DGivfJztjjiSJwb46FHkJ2JR8mF2UisC6UMXk3NgFY/3vWQx78CgYEAxlcG
+T3hfSWSmTgKRczMJuHQOX9ULfTBIqwP5VqkkkiavzigGRirzb5lgnmuTSPTpF0LB
+XVPjR2M4q+7gzP0Dca3pocrvLEoxjwIKnCbYKnyyvnUoE9qHv4Kr+vDbgWpa2LXG
+JbLmE7tgTCIp20jOPPT4xuDvlbzQZBJ5qCQSoZkCgYEAgrotSSihlCnAOFSTXbu4
+CHp3IKe8xIBBNENq0eK61kcJpOxTQvOha3sSsJsU4JAM6+cFaxb8kseHIqonCj1j
+bhOM/uJmwQJ4el/4wGDsbxriYOBKpyq1D38gGhDS1IW6kk3erl6VAb36WJ/OaGum
+eTpN9vNeQWM4Jj2WjdNx4QECgYAwTdd6mU1TmZCrJRL5ZG+0nYc2rbMrnQvFoqUi
+BvWiJovggHzur90zy73tNzPaq9Ls2FQxf5G1vCN8NCRJqEEjeYCR59OSDMu/EXc2
+CnvQ9SevHOdS1oEDEjcCWZCMFzPi3XpRih1gptzQDe31uuiHjf3cqcGPzTlPdfRt
+D8P92QKBgC4UaBvIRwREVJsdZzpIzm224Bpe8LOmA7DeTnjlT0b3lkGiBJ36/Q0p
+VhYh/6cjX4/iuIs7gJbGon7B+YPB8scmOi3fj0+nkJAONue1mMfBNkba6qQTc6Y2
+5mEKw2/O7/JpND7ucU3OK9plcw/qnrWDgHxl0Iz95+OzUIIagxne
+-END RSA PRIVATE KEY-
+"""
+SSH_PUB_KEY = """\
+ssh-rsa 
B3NzaC1yc2EDAQABAAABAQCikC46WYtXotUd0UGPz9547Aj0KqC4gk+nt4BBJm86IHgCD9FygSGX9EFutXlhz9KZIPg9Okk7+IzXRHCWI2MNvhrcjyrezKREm71z08j9iwfxY3340fY2Mo+0khwpO7bzsgzkljHIHqcOg7MgttPInVMNH/EfqpgR8EDKJuWCB2Ny+EBFN/3dAiff0X/EvKle9PUrY70EkSycnyURS8HZReEqj8lN9J5kXzA8F6jBo/0Q42Ttv6e4k5YcaDrwmLrBWLra2PCXZLNyHqXEiFkGmdXtA1Eox9gc/p4jIXim6xrPNmpN6WyrrEjaCF5xYvNv8wXkD6uSWwbHYU24lIAn
 qemu-vm-key
+"""
+
+class BaseVM(object):
+GUEST_USER = "qemu"
+GUEST_PASS = "qemupass"
+ROOT_PASS = "qemupass"
+
+# The script to run in the guest that builds QEMU
+BUILD_SCRIPT = ""
+# The guest name, to be overridden by subclasses
+name = "#base"
+def __init__(self, debug=False):
+self._guest = None
+self._tmpdir = tempfile.mkdtemp(prefix="qemu-vm-")
+atexit.register(shutil.rmtree, self._tmpdir)
+
+self._ssh_key_file = os.path.join(self._tmpdir, "id_rsa")
+open(self._ssh_key_file, "w").write(SSH_KEY)
+subprocess.check_call(["chmod", "600", self._ssh_key_file])
+
+self._ssh_pub_key_file = os.path.join(self._tmpdir, "id_rsa.pub")
+open(self._ssh_pub_key_file, "w").write(SSH_PUB_KEY)
+
+self.debug = debug
+self._stderr = sys.stderr
+self._devnull = open("/dev/null", "w")
+if self.debug:
+self._stdout = sys.stdout
+else:
+self._stdout = self._devnull
+self._args = [ \
+"-nodefaults", "-enable-kvm", "-m", "2G",
+"-smp", os.environ.get("J", "4"), "-cpu", "host",
+"-netdev", "user,id=vnet,hostfwd=:0.0.0.0:0-:22",
+"-device", "virtio-net-pci,netdev=vnet",
+"-vnc", ":0,to=20",
+"-serial", "file:%s" % os.path.join(self._tmpdir, "serial.out")]
+
+self._data_args = []
+
+def _download_with_cache(self, url, sha256sum=None):
+def check_sha256sum(fname):
+if not sha256sum:
+return True
+checksum = subprocess.check_output(["sha256sum", fname]).split()

[Qemu-devel] [PATCH RFC v2 08/10] tests: Add OpenBSD image

[Fam Zheng]

The image is prepared following instructions as in:

https://wiki.qemu.org/Hosts/BSD

Signed-off-by: Fam Zheng 
---
 tests/vm/openbsd | 46 ++
 1 file changed, 46 insertions(+)
 create mode 100755 tests/vm/openbsd

diff --git a/tests/vm/openbsd b/tests/vm/openbsd
new file mode 100755
index 00..b308aa252b
--- /dev/null
+++ b/tests/vm/openbsd
@@ -0,0 +1,46 @@
+#!/usr/bin/env python
+#
+# OpenBSD VM image
+#
+# Copyright (C) 2017 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#
+# This work is licensed under the terms of the GNU GPL, version 2.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import logging
+import subprocess
+import tempfile
+import time
+import basevm
+
+class OpenBSDVM(basevm.BaseVM):
+name = "openbsd"
+BUILD_SCRIPT = """
+set -e;
+cd $(mktemp -d /var/tmp/qemu-test.XX);
+tar -xf /dev/rsd1c;
+./configure --cc=x86_64-unknown-openbsd6.1-gcc-4.9.4 
--python=python2.7 {configure_opts};
+gmake -j{jobs};
+# XXX: "gmake check" seems to always hang or fail
+#gmake check;
+"""
+
+def build_image(self, img, rebuild=False):
+if os.path.exists(img) and not rebuild:
+return
+cimg = 
self._download_with_cache("http://download.patchew.org/openbsd.img.xz";,
+
sha256sum='8c6cedc483e602cfee5e04f0406c64eb99138495e8ca580bc0293bcf0640c1bf')
+img_tmp_xz = img + ".tmp.xz"
+img_tmp = img + ".tmp"
+subprocess.check_call(["cp", "-f", cimg, img_tmp_xz])
+subprocess.check_call(["xz", "-df", img_tmp_xz])
+os.rename(img_tmp, img)
+
+if __name__ == "__main__":
+sys.exit(basevm.main(OpenBSDVM))
-- 
2.13.4

[Qemu-devel] [PATCH RFC v2 07/10] tests: Add NetBSD image

[Fam Zheng]

The image is prepared following instructions as in:

https://wiki.qemu.org/Hosts/BSD

Signed-off-by: Fam Zheng 
---
 tests/vm/netbsd | 45 +
 1 file changed, 45 insertions(+)
 create mode 100755 tests/vm/netbsd

diff --git a/tests/vm/netbsd b/tests/vm/netbsd
new file mode 100755
index 00..7d7dfe6586
--- /dev/null
+++ b/tests/vm/netbsd
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+#
+# NetBSD VM image
+#
+# Copyright (C) 2017 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#
+# This work is licensed under the terms of the GNU GPL, version 2.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import logging
+import subprocess
+import tempfile
+import time
+import basevm
+
+class NetBSDVM(basevm.BaseVM):
+name = "netbsd"
+BUILD_SCRIPT = """
+set -e;
+cd $(mktemp -d /var/tmp/qemu-test.XX);
+tar -xf /dev/ld1a;
+./configure --python=python2.7 {configure_opts};
+gmake -j{jobs};
+gmake check;
+"""
+
+def build_image(self, img, rebuild=False):
+if os.path.exists(img) and not rebuild:
+return
+cimg = 
self._download_with_cache("http://download.patchew.org/netbsd.img.xz";,
+ 
sha256sum='b633d565b0eac3d02015cd0c81440bd8a7a8df8512615ac1ee05d318be015732')
+img_tmp_xz = img + ".tmp.xz"
+img_tmp = img + ".tmp"
+subprocess.check_call(["cp", "-f", cimg, img_tmp_xz])
+subprocess.check_call(["xz", "-df", img_tmp_xz])
+os.rename(img_tmp, img)
+
+if __name__ == "__main__":
+sys.exit(basevm.main(NetBSDVM))
-- 
2.13.4

[Qemu-devel] [PATCH RFC v2 01/10] gitignore: Ignore vm test images

[Fam Zheng]

Signed-off-by: Fam Zheng 
---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index cf65316863..693e2f3009 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,6 +52,8 @@
 /vscclient
 /vhost-user-scsi
 /fsdev/virtfs-proxy-helper
+/tests/vm/*.img
+/tests/vm/*.tmp
 *.[1-9]
 *.a
 *.aux
-- 
2.13.4

[Qemu-devel] [PATCH RFC v2 03/10] qemu.py: Add "wait()" method

[Fam Zheng]

Signed-off-by: Fam Zheng 
---
 scripts/qemu.py | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/scripts/qemu.py b/scripts/qemu.py
index e5f314efdb..20c9cd6139 100644
--- a/scripts/qemu.py
+++ b/scripts/qemu.py
@@ -144,6 +144,13 @@ class QEMUMachine(object):
 self._post_shutdown()
 raise
 
+def wait(self):
+'''Wait for the VM to power off'''
+self._popen.wait()
+self._qmp.close()
+self._load_io_log()
+self._post_shutdown()
+
 def shutdown(self):
 '''Terminate the VM and clean up'''
 if self.is_running():
-- 
2.13.4

[Qemu-devel] [PATCH RFC v2 02/10] qemu.py: Add variable vga type

[Fam Zheng]

Some guests behave differently when no VGA is detected. Add a variable
to allow override the "none" default.

Signed-off-by: Fam Zheng 
---
 scripts/qemu.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/qemu.py b/scripts/qemu.py
index 880e3e8219..e5f314efdb 100644
--- a/scripts/qemu.py
+++ b/scripts/qemu.py
@@ -39,6 +39,7 @@ class QEMUMachine(object):
 self._iolog = None
 self._socket_scm_helper = socket_scm_helper
 self._debug = debug
+self._vga = "none"
 
 # This can be used to add an unused monitor instance.
 def add_monitor_telnet(self, ip, port):
@@ -111,7 +112,7 @@ class QEMUMachine(object):
 moncdev = 'socket,id=mon,path=%s' % self._monitor_address
 return ['-chardev', moncdev,
 '-mon', 'chardev=mon,mode=control',
-'-display', 'none', '-vga', 'none']
+'-display', 'none', '-vga', self._vga]
 
 def _pre_launch(self):
 self._qmp = qmp.qmp.QEMUMonitorProtocol(self._monitor_address, 
server=True,
-- 
2.13.4

[Qemu-devel] [PATCH RFC v2 00/10] tests: Add VM based build tests (for non-x86_64 and/or non-Linux)

[Fam Zheng]

v2: - Add docstring. [Stefan]
- Call self._load_io_lod. [Stefan]
- Use "info usernet" and dynamic ssh_port forwarding. [Stefan]
- Add image checksum.
- Use os.rename() and os.makedirs(). [Stefan]
- Fix NetBSD URL. [Kamil]

Build tests in one 32 bit Linux guest and three BSD images are defined in this
series. This is a more managable way than the manually maintained virtual
machines in patchew. Also, one big advantage of ephemeral VMs over long running
guests is the reduced RAM usage of host, which makes it possible to have one
host test all these BSD variants and probably more.

The BSD guest templates are manually prepared following

https://wiki.qemu.org/Hosts/BSD

as it is not easy to automate. (The ideal approach is like the ubuntu.i386
script, which configures the guest on top of an official released image, fully
automatically.)

Need for help: "gmake check" in the added OpenBSD image fails with -ENOMEM
errors, even if I change "-m 2G" to "-m 8G" when starting VM. Ideas? And there
is a warning from ./configure about OpenBSD going to be unsupported in coming
releases, is it still the case?

Fam

Fam Zheng (10):
  gitignore: Ignore vm test images
  qemu.py: Add variable vga type
  qemu.py: Add "wait()" method
  tests: Add vm test lib
  tests: Add ubuntu.i386 image
  tests: Add FreeBSD image
  tests: Add NetBSD image
  tests: Add OpenBSD image
  Makefile: Add rules to run vm tests
  MAINTAINERS: Add tests/vm entry

 .gitignore|   2 +
 MAINTAINERS   |   1 +
 Makefile  |   2 +
 configure |   2 +-
 scripts/qemu.py   |  10 +-
 tests/vm/Makefile.include |  41 
 tests/vm/basevm.py| 262 ++
 tests/vm/freebsd  |  45 
 tests/vm/netbsd   |  45 
 tests/vm/openbsd  |  46 
 tests/vm/ubuntu.i386  |  88 
 11 files changed, 542 insertions(+), 2 deletions(-)
 create mode 100644 tests/vm/Makefile.include
 create mode 100755 tests/vm/basevm.py
 create mode 100755 tests/vm/freebsd
 create mode 100755 tests/vm/netbsd
 create mode 100755 tests/vm/openbsd
 create mode 100755 tests/vm/ubuntu.i386

-- 
2.13.4

Re: [Qemu-devel] [PATCHv3 00/02] Replace the COLO comparing thread with IOThread

[Zhang Chen]

On 08/16/2017 05:14 PM, Wang yong wrote:

From: Wang Yong 

Note: This series is based on the patch of "qemu-iothread:
IOThread supports theGMainContext event loop".


You'd better put the patch on this patch set, make it easy to review.

Thanks
Zhang Chen



It's a good idea to use IOThread instead of COLO comparing thread.
comparing thread can be completely replaced by IOThread, so this idea came.

This series of updates mainly include the old packet regularly check and
primary/secondary network packets compare all into the IOThread processing.

Please review,thanks.

wangyong(2):
colo-compare: Use IOThread to Check old packet regularly and
  Process pactkets of the primary
colo-compare: Update the COLO document to add the IOThread
  configuration

  docs/colo-proxy.txt |   5 +-
  net/colo-compare.c | 75 --
  2 file changed, 39 insertions(+), 36 deletions(-)

--
1.8.3.1



.



--
Thanks
Zhang Chen

Re: [Qemu-devel] [PATCH v3 2/5] ppc: spapr: Handle "ibm, nmi-register" and "ibm, nmi-interlock" RTAS calls

[David Gibson]

What's with the extra spaces in the subject line?

On Wed, Aug 16, 2017 at 02:42:21PM +0530, Aravinda Prasad wrote:
> This patch adds support in QEMU to handle "ibm,nmi-register"
> and "ibm,nmi-interlock" RTAS calls.
> 
> The machine check notification address is saved when the
> OS issues "ibm,nmi-register" RTAS call.
> 
> This patch also handles the case when multiple processors
> experience machine check at or about the same time by
> handling "ibm,nmi-interlock" call. In such cases, as per
> PAPR, subsequent processors serialize waiting for the first
> processor to issue the "ibm,nmi-interlock" call. The second
> processor waits till the first processor, which also
> received a machine check error, is done reading the error
> log. The first processor issues "ibm,nmi-interlock" call
> when the error log is consumed. This patch implements the
> releasing part of the error-log while subsequent patch
> (which builds error log) handles the locking part.
> 
> Signed-off-by: Aravinda Prasad 
> ---
>  hw/ppc/spapr.c |8 
>  hw/ppc/spapr_rtas.c|   35 +++
>  include/hw/ppc/spapr.h |   10 +-
>  3 files changed, 52 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 2a3e53d..0bb2c4a 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1441,6 +1441,11 @@ static void ppc_spapr_reset(void)
>  first_ppc_cpu->env.nip = SPAPR_ENTRY_POINT;
>  
>  spapr->cas_reboot = false;
> +
> +spapr->mc_in_progress = false;
> +spapr->guest_machine_check_addr = 0;
> +qemu_cond_destroy(&spapr->mc_delivery_cond);
> +qemu_cond_init(&spapr->mc_delivery_cond);
>  }
>  
>  static void spapr_create_nvram(sPAPRMachineState *spapr)
> @@ -2491,6 +2496,9 @@ static void ppc_spapr_init(MachineState *machine)
>  
>  kvmppc_spapr_enable_inkernel_multitce();
>  }
> +
> +spapr->mc_in_progress = false;
> +qemu_cond_init(&spapr->mc_delivery_cond);
>  }
>  
>  static int spapr_kvm_type(const char *vm_type)
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index 94a2799..2f3c47b 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -348,6 +348,37 @@ static void rtas_get_power_level(PowerPCCPU *cpu, 
> sPAPRMachineState *spapr,
>  rtas_st(rets, 1, 100);
>  }
>  
> +static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
> +  sPAPRMachineState *spapr,
> +  uint32_t token, uint32_t nargs,
> +  target_ulong args,
> +  uint32_t nret, target_ulong rets)
> +{
> +spapr->guest_machine_check_addr = rtas_ld(args, 1);
> +rtas_st(rets, 0, RTAS_OUT_SUCCESS);
> +}
> +
> +static void rtas_ibm_nmi_interlock(PowerPCCPU *cpu,
> +   sPAPRMachineState *spapr,
> +   uint32_t token, uint32_t nargs,
> +   target_ulong args,
> +   uint32_t nret, target_ulong rets)
> +{
> +if (!spapr->guest_machine_check_addr) {
> +/* NMI register not called */
> +rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
> +} else {
> +/*
> + * VCPU issuing "ibm,nmi-interlock" is done with NMI handling,
> + * hence unset mc_in_progress.
> + */
> +spapr->mc_in_progress = false;
> +qemu_cond_signal(&spapr->mc_delivery_cond);
> +rtas_st(rets, 0, RTAS_OUT_SUCCESS);
> +}
> +}
> +
> +
>  static struct rtas_call {
>  const char *name;
>  spapr_rtas_fn fn;
> @@ -489,6 +520,10 @@ static void core_rtas_register_types(void)
>  rtas_set_power_level);
>  spapr_rtas_register(RTAS_GET_POWER_LEVEL, "get-power-level",
>  rtas_get_power_level);
> +spapr_rtas_register(RTAS_IBM_NMI_REGISTER, "ibm,nmi-register",
> +rtas_ibm_nmi_register);
> +spapr_rtas_register(RTAS_IBM_NMI_INTERLOCK, "ibm,nmi-interlock",
> +rtas_ibm_nmi_interlock);
>  }
>  
>  type_init(core_rtas_register_types)
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index 46012b3..eee8d33 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -123,6 +123,12 @@ struct sPAPRMachineState {
>   * occurs during the unplug process. */
>  QTAILQ_HEAD(, sPAPRDIMMState) pending_dimm_unplugs;
>  
> +/* State related to "ibm,nmi-register" and "ibm,nmi-interlock" calls */
> +target_ulong guest_machine_check_addr;
> +bool mc_in_progress;
> +int mc_cpu;

mc_cpu isn't actually used yet in this patch.  In any case it and
mc_in_progress could probably be folded together, no?

These values will also need to be migrated, AFAICT.

> +QemuCond mc_delivery_cond;
> +
>  /*< public >*/
>  char *kvm_type;
>  MemoryHotplugState hotplug_memory;
> @@ -519,8 +525,10 @@ target_ulong spapr_hypercall(PowerPCCPU

Re: [Qemu-devel] [PATCH v3 5/5] ppc: spapr: Enable FWNMI capability

[David Gibson]

On Wed, Aug 16, 2017 at 02:42:48PM +0530, Aravinda Prasad wrote:
> Enable the KVM capability KVM_CAP_PPC_FWNMI so that
> the KVM causes guest exit with NMI as exit reason
> when it encounters a machine check exception on the
> address belonging to a guest. Without this capability
> enabled, KVM redirects machine check exceptions to
> guest's 0x200 vector.
> 
> Signed-off-by: Aravinda Prasad 
> ---
>  hw/ppc/spapr_rtas.c |   17 +
>  target/ppc/kvm.c|2 ++
>  2 files changed, 19 insertions(+)
> 
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index 2f3c47b..c2a361a 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -47,6 +47,8 @@
>  #include "trace.h"
>  #include "hw/ppc/fdt.h"
>  
> +extern int cap_fwnmi;

Ew.  as the style checker will tell you, bare externs in .c files are
frowned upon.  And the cap_* variables xertainly shouldn't be exported
from kvm.c.

>  static void rtas_display_character(PowerPCCPU *cpu, sPAPRMachineState *spapr,
> uint32_t token, uint32_t nargs,
> target_ulong args,
> @@ -354,7 +356,22 @@ static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
>target_ulong args,
>uint32_t nret, target_ulong rets)
>  {
> +int ret;
> +CPUState *cs = CPU(cpu);
> +
> +if (!cap_fwnmi) {
> +rtas_st(rets, 0, RTAS_OUT_NOT_SUPPORTED);
> +return;
> +}
> +
>  spapr->guest_machine_check_addr = rtas_ld(args, 1);
> +
> +ret = kvm_vcpu_enable_cap(cs, KVM_CAP_PPC_FWNMI, 0);
> +if (ret < 0) {
> +rtas_st(rets, 0, RTAS_OUT_HW_ERROR);
> +return;
> +}
> +

Congratulations, you broke build on an x86 host.  Things that directly
call KVM need to go in kvm.c with suitable stubs for non-kvm builds.

>  rtas_st(rets, 0, RTAS_OUT_SUCCESS);
>  }
>  
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index 73f64ed..ca1ffa6 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -90,6 +90,7 @@ static int cap_htm; /* Hardware transactional 
> memory support */
>  static int cap_mmu_radix;
>  static int cap_mmu_hash_v3;
>  static int cap_resize_hpt;
> +int cap_fwnmi;
>  
>  static uint32_t debug_inst_opcode;
>  
> @@ -147,6 +148,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
>  cap_mmu_radix = kvm_vm_check_extension(s, KVM_CAP_PPC_MMU_RADIX);
>  cap_mmu_hash_v3 = kvm_vm_check_extension(s, KVM_CAP_PPC_MMU_HASH_V3);
>  cap_resize_hpt = kvm_vm_check_extension(s, KVM_CAP_SPAPR_RESIZE_HPT);
> +cap_fwnmi = kvm_check_extension(s, KVM_CAP_PPC_FWNMI);
>  
>  if (!cap_interrupt_level) {
>  fprintf(stderr, "KVM: Couldn't find level irq capability. Expect the 
> "
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v3 4/5] target/ppc: Handle NMI guest exit

[David Gibson]

On Wed, Aug 16, 2017 at 02:42:39PM +0530, Aravinda Prasad wrote:
> Memory error such as bit flips that cannot be corrected
> by hardware are passed on to the kernel for handling.
> If the memory address in error belongs to guest then
> guest kernel is responsible for taking suitable action.
> Patch [1] enhances KVM to exit guest with exit reason
> set to KVM_EXIT_NMI in such cases.
> 
> This patch handles KVM_EXIT_NMI exit. If the guest OS
> has registered the machine check handling routine by
> calling "ibm,nmi-register", then the handler builds
> the error log and invokes the registered handler else
> invokes the handler at 0x200.
> 
> [1] https://www.spinics.net/lists/kvm-ppc/msg12637.html
>   (e20bbd3d and related commits)
> 
> Signed-off-by: Aravinda Prasad 
> ---
>  hw/ppc/spapr.c   |4 ++
>  target/ppc/kvm.c |   86 
> ++
>  target/ppc/kvm_ppc.h |   81 +++
>  3 files changed, 171 insertions(+)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0bb2c4a..6cc3f69 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2346,6 +2346,10 @@ static void ppc_spapr_init(MachineState *machine)
>  error_report("Could not get size of LPAR rtas '%s'", filename);
>  exit(1);
>  }
> +
> +/* Resize blob to accommodate error log. */
> +spapr->rtas_size = RTAS_ERRLOG_OFFSET + sizeof(struct RtasMCELog);
> +
>  spapr->rtas_blob = g_malloc(spapr->rtas_size);
>  if (load_image_size(filename, spapr->rtas_blob, spapr->rtas_size) < 0) {
>  error_report("Could not load LPAR rtas '%s'", filename);
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index 8571379..73f64ed 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -1782,6 +1782,11 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run 
> *run)
>  ret = 0;
>  break;
>  
> +case KVM_EXIT_NMI:
> +DPRINTF("handle NMI exception\n");
> +ret = kvm_handle_nmi(cpu);
> +break;
> +
>  default:
>  fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason);
>  ret = -1;
> @@ -2704,6 +2709,87 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
>  return data & 0x;
>  }
>  
> +int kvm_handle_nmi(PowerPCCPU *cpu)

So you only handle NMIs with KVM.  Wouldn't it make sense to also
handle them for TCG (where they can be triggered with the "nmi"
command on the monitor).

> +{
> +struct RtasMCELog mc_log;
> +CPUPPCState *env = &cpu->env;
> +sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
> +PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
> +target_ulong msr = 0;
> +
> +cpu_synchronize_state(CPU(cpu));
> +
> +/*
> + * Properly set bits in MSR before we invoke the handler.
> + * SRR0/1, DAR and DSISR are properly set by KVM
> + */
> +if (!(*pcc->interrupts_big_endian)(cpu)) {
> +msr |= (1ULL << MSR_LE);
> +}
> +
> +if (env->msr && (1ULL << MSR_SF)) {
> +msr |= (1ULL << MSR_SF);
> +}
> +
> +msr |= (1ULL << MSR_ME);
> +env->msr = msr;
> +
> +if (!spapr->guest_machine_check_addr) {
> +/*
> + * If OS has not registered with "ibm,nmi-register"
> + * jump to 0x200
> + */
> +env->nip = 0x200;
> +return 0;
> +}
> +
> +while (spapr->mc_in_progress) {
> +/*
> + * Check whether the same CPU got machine check error
> + * while still handling the mc error (i.e., before
> + * that CPU called "ibm,nmi-interlock"
> + */
> +if (spapr->mc_cpu == cpu->cpu_dt_id) {
> +qemu_system_guest_panicked(NULL);
> +}
> +qemu_cond_wait_iothread(&spapr->mc_delivery_cond);
> +}
> +spapr->mc_in_progress = true;
> +spapr->mc_cpu = cpu->cpu_dt_id;

This will be merging against 2.11 and there are changes to the use of
cpu_dt_id in the ppc-for-2.11 tree which you'll need to rebase on top
of.

> +/* Set error log fields */
> +mc_log.r3 = env->gpr[3];
> +mc_log.err_log.byte0 = 0;
> +mc_log.err_log.byte1 =
> +(RTAS_SEVERITY_ERROR_SYNC << RTAS_ELOG_SEVERITY_SHIFT);
> +mc_log.err_log.byte1 |=
> +(RTAS_DISP_NOT_RECOVERED << RTAS_ELOG_DISPOSITION_SHIFT);
> +mc_log.err_log.byte2 =
> +(RTAS_INITIATOR_MEMORY << RTAS_ELOG_INITIATOR_SHIFT);
> +mc_log.err_log.byte2 |= RTAS_TARGET_MEMORY;
> +
> +if (env->spr[SPR_DSISR] & P7_DSISR_MC_UE) {
> +mc_log.err_log.byte3 = RTAS_TYPE_ECC_UNCORR;
> +} else {
> +mc_log.err_log.byte3 = 0;
> +}
> +
> +/* Handle all Host/Guest LE/BE combinations */
> +if (env->msr & (1ULL << MSR_LE)) {
> +mc_log.r3 = cpu_to_le64(mc_log.r3);
> +} else {
> +mc_log.r3 = cpu_to_be64(mc_log.r3);
> +}

So, the r3 field is guest order, but the rest is fixed BE order, is
that right?


> +cpu_physical_memory_write(spapr->rtas_addr + RTA

[Qemu-devel] 答复: Re: [PATCHv3 00/02] Replace the COLO comparing thread with IOThread

[wang.yong155]

>> From: Wang Yong >> >> Note: This series is based on 
>> the patch of "qemu-iothread: >> IOThread supports theGMainContext event 
>> loop".>The syntax for patchew to pick up the dependency automatically:

>Based-on: 1502782095-3912-1-git-send-email-wang.yong...@zte.com.cn

Thanks ,I will submit all the patches together again.




WangYong



原始邮件



发件人： 
收件人：王勇10170530
抄送人：   
  王广10165992 
 
日 期 ：2017年08月16日 18:14
主 题 ：Re: [PATCHv3 00/02] Replace the COLO comparing thread with IOThread





On Wed, 08/16 17:14, Wang yong wrote:
> From: Wang Yong 
> 
> Note: This series is based on the patch of "qemu-iothread: 
> IOThread supports theGMainContext event loop".

The syntax for patchew to pick up the dependency automatically:

Based-on: 1502782095-3912-1-git-send-email-wang.yong...@zte.com.cn

Fam

Re: [Qemu-devel] [PATCH] x86: Skip check apic_id_limit for Xen

[Lan Tianyu]

On 2017年08月16日 19:21, Paolo Bonzini wrote:
> On 16/08/2017 02:22, Lan Tianyu wrote:
>> Xen vIOMMU device model will be in Xen hypervisor. Skip vIOMMU
>> check for Xen here when vcpu number is more than 255.
> 
> I think you still need to do a check for vIOMMU being enabled.

Yes, this will be done in the Xen tool stack and Qemu doesn't have such
knowledge. Operations of create, destroy Xen vIOMMU will be done in the
Xen tool stack.

> 
> Paolo
> 
>> Signed-off-by: Lan Tianyu 
>> ---
>>  hw/i386/pc.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
>> index 5943539..fc17885 100644
>> --- a/hw/i386/pc.c
>> +++ b/hw/i386/pc.c
>> @@ -1260,7 +1260,7 @@ void pc_machine_done(Notifier *notifier, void *data)
>>  fw_cfg_modify_i16(pcms->fw_cfg, FW_CFG_NB_CPUS, pcms->boot_cpus);
>>  }
>>  
>> -if (pcms->apic_id_limit > 255) {
>> +if (pcms->apic_id_limit > 255 && !xen_enabled()) {
>>  IntelIOMMUState *iommu = 
>> INTEL_IOMMU_DEVICE(x86_iommu_get_default());
>>  
>>  if (!iommu || !iommu->x86_iommu.intr_supported ||
>>
> 

Re: [Qemu-devel] [PATCH v3 1/5] ppc: spapr: Register and handle HCALL to receive updated RTAS region

[David Gibson]

On Wed, Aug 16, 2017 at 02:42:13PM +0530, Aravinda Prasad wrote:
> Receive updates from SLOF about the updated rtas-base.
> A separate patch for SLOF [1] adds functionality to invoke
> a private HCALL whenever OS issues instantiate-rtas with
> a new rtas-base.
> 
> This is required as QEMU needs to know the updated rtas-base
> as it allocates error reporting structure in RTAS space upon
> a machine check exception.
> 
> [1] https://lists.ozlabs.org/pipermail/linuxppc-dev/2014-August/120386.html
> 
> Signed-off-by: Aravinda Prasad 
> Reviewed-by: David Gibson 

Actually, I take back this R-b, see below.

In any case I'm not willing to apply the patches which depend on this
until the corresponding SLOF update is merged as well.

> ---
>  hw/ppc/spapr_hcall.c   |8 
>  include/hw/ppc/spapr.h |4 +++-
>  2 files changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index 72ea5a8..e66c72e 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -1062,6 +1062,13 @@ static target_ulong h_rtas(PowerPCCPU *cpu, 
> sPAPRMachineState *spapr,
> nret, rtas_r3 + 12 + 4*nargs);
>  }
>  
> +static target_ulong h_rtas_update(PowerPCCPU *cpu, sPAPRMachineState *spapr,
> +  target_ulong opcode, target_ulong *args)
> +{
> +spapr->rtas_addr = args[0];
> +return 0;
> +}
> +
>  static target_ulong h_logical_load(PowerPCCPU *cpu, sPAPRMachineState *spapr,
> target_ulong opcode, target_ulong *args)
>  {
> @@ -1717,6 +1724,7 @@ static void hypercall_register_types(void)
>  
>  /* qemu/KVM-PPC specific hcalls */
>  spapr_register_hypercall(KVMPPC_H_RTAS, h_rtas);
> +spapr_register_hypercall(KVMPPC_H_RTAS_UPDATE, h_rtas_update);
>  
>  /* ibm,client-architecture-support support */
>  spapr_register_hypercall(KVMPPC_H_CAS, h_client_architecture_support);
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index 2a303a7..46012b3 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -90,6 +90,7 @@ struct sPAPRMachineState {
>  
>  hwaddr rma_size;
>  int vrma_adjust;
> +hwaddr rtas_addr;

This can now change at runtime, which means it needs to be migrated -
that's not happening in your patches yet.

>  ssize_t rtas_size;
>  void *rtas_blob;
>  long kernel_size;
> @@ -399,7 +400,8 @@ struct sPAPRMachineState {
>  #define KVMPPC_H_LOGICAL_MEMOP  (KVMPPC_HCALL_BASE + 0x1)
>  /* Client Architecture support */
>  #define KVMPPC_H_CAS(KVMPPC_HCALL_BASE + 0x2)
> -#define KVMPPC_HCALL_MAXKVMPPC_H_CAS
> +#define KVMPPC_H_RTAS_UPDATE(KVMPPC_HCALL_BASE + 0x3)
> +#define KVMPPC_HCALL_MAXKVMPPC_H_RTAS_UPDATE
>  
>  typedef struct sPAPRDeviceTreeUpdateHeader {
>  uint32_t version_id;
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [FIX PATCH v0] spapr: Allow configure-connector to be called multiple times for LMBs

[David Gibson]

On Wed, Aug 16, 2017 at 05:05:36PM +0530, Bharata B Rao wrote:
> In case of in-kernel memory hot unplug, when the guest is not able
> to remove all the LMBs that are requested for removal, it will add back
> any LMBs that have been successfully removed. The DR Connectors of
> these LMBs wouldn't have been unconfigured and hence the addition of
> these LMBs will result in configure-connector call being issued on
> LMB DR connectors that are already in configured state. Such
> configure-connector calls will fail resulting in a DIMM which is
> partially unplugged.
> 
> This however worked till recently before we overhauled the DRC
> implementation in QEMU. Commit 9d4c0f4f0a71e: "spapr: Consolidate
> DRC state variables" is the first commit where this problem shows up
> as per git bisect.
> 
> Ideally guest shouldn't be issuing configure-connector call on an
> already configured DR connector. However for now, work around this in
> QEMU by allowing configure-connector to be called multiple times for
> LMBs.
> 
> Signed-off-by: Bharata B Rao 
> ---
>  hw/ppc/spapr_drc.c | 37 +++--
>  1 file changed, 31 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
> index 5260b5d..2dd9635 100644
> --- a/hw/ppc/spapr_drc.c
> +++ b/hw/ppc/spapr_drc.c
> @@ -446,8 +446,17 @@ void spapr_drc_reset(sPAPRDRConnector *drc)
>  drc->state = drck->empty_state;
>  }
>  
> -drc->ccs_offset = -1;
> -drc->ccs_depth = -1;
> +if (spapr_drc_type(drc) == SPAPR_DR_CONNECTOR_TYPE_LMB) {

We shouldn't have a type dependency here.  If we want the configure
connector process to be repeatable, it should be repeatable for
everything, even if we only actually need it for LMBs.

> +/*
> + * Ensure that we are able to send the FDT fragment of the
> + * LMB again via configure-connector call if guest requests.
> + */
> +drc->ccs_offset = drc->fdt_start_offset;
> +drc->ccs_depth = 0;
> +} else {
> +drc->ccs_offset = -1;
> +drc->ccs_depth = -1;
> +}
>  }
>  
>  static void drc_reset(void *opaque)
> @@ -1071,8 +1080,14 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  }
>  
>  if ((drc->state != SPAPR_DRC_STATE_LOGICAL_UNISOLATE)
> -&& (drc->state != SPAPR_DRC_STATE_PHYSICAL_UNISOLATE)) {
> -/* Need to unisolate the device before configuring */
> +&& (drc->state != SPAPR_DRC_STATE_PHYSICAL_UNISOLATE) &&
> +(spapr_drc_type(drc) != SPAPR_DR_CONNECTOR_TYPE_LMB)) {
> +/*
> + * Need to unisolate the device before configuring, however
> + * LMB DRCs are exempted from this check as guest can issue
> + * configure-connector calls for an already configured
> + * LMB DRC.
> + */

Same here - but we do need to explicitly check that the state is
either UNISOLATE *or* CONFIGURED, and not allow it from some other
random state.

>  rc = SPAPR_DR_CC_RESPONSE_NOT_CONFIGURABLE;
>  goto out;
>  }
> @@ -1108,8 +1123,18 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  /* done sending the device tree, move to configured state */
>  trace_spapr_drc_set_configured(drc_index);
>  drc->state = drck->ready_state;
> -drc->ccs_offset = -1;
> -drc->ccs_depth = -1;
> +if (spapr_drc_type(drc) == SPAPR_DR_CONNECTOR_TYPE_LMB) {

And again.

> +/*
> + * Ensure that we are able to send the FDT fragment of 
> the
> + * LMB again via configure-connector call if guest 
> requests.
> + */
> +drc->ccs_offset = drc->fdt_start_offset;
> +drc->ccs_depth = 0;
> +fdt_offset_next = drc->fdt_start_offset;
> +} else {
> +drc->ccs_offset = -1;
> +drc->ccs_depth = -1;
> +}
>  resp = SPAPR_DR_CC_RESPONSE_SUCCESS;
>  } else {
>  resp = SPAPR_DR_CC_RESPONSE_PREV_PARENT;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [Bug 1701798] Re: dynamically linked binaries crash for big-endian targets

[George Kraft]

I think I hit this problem trying to use qemu-s390x-static in the
s390x/ubuntu:16.04 docker image. Running qemu-s390x-static 2.9.0 on
binaries in that image (e.g. /bin/echo) results in a hang.

I've noticed that doing the same in a s390x/debian:jessie image does NOT
have the same problem. No hang. Looks like the binaries are built for
different kernel versions, could that be why?

$ file ubuntu16.04/bin/echo
ubuntu16.04/bin/echo: ELF 64-bit MSB shared object, IBM S/390, version 1 
(SYSV), dynamically linked, interpreter /lib/ld64.so.1, for GNU/Linux 3.2.0, 
BuildID[sha1]=4befa0df07957e117e8cc44d0dd14a3df6d44619, stripped

$ file debian/bin/echo
debian/bin/echo: ELF 64-bit MSB executable, IBM S/390, version 1 (SYSV), 
dynamically linked, interpreter /lib/ld64.so.1, for GNU/Linux 2.6.32, 
BuildID[sha1]=4bd45eb0ae5287ba9271a9daa9809166dd2eeab5, stripped

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1701798

Title:
  dynamically linked binaries crash for big-endian targets

Status in QEMU:
  New

Bug description:
  On the targets
hppa
m68k
mips
mips64
powerpc
powerpc64
s390x
sparc64
  dynamically linked binaries crash, but statically linked binaries work.
  On the targets
aarch64
alpha
armhf
powerpc64le
sh4
  both dynamically linked and statically linked binaries work.

  How to reproduce:

  1) On Ubuntu 16.04, install the packages
  g++-5-aarch64-linux-gnu
  g++-5-alpha-linux-gnu
  g++-5-arm-linux-gnueabihf
  g++-5-hppa-linux-gnu
  g++-5-m68k-linux-gnu
  g++-5-mips-linux-gnu
  g++-5-mips64-linux-gnuabi64
  g++-5-powerpc-linux-gnu
  g++-5-powerpc64-linux-gnu
  g++-5-powerpc64le-linux-gnu
  g++-5-s390x-linux-gnu
  g++-5-sh4-linux-gnu
  g++-5-sparc64-linux-gnu

  2) Install qemu 2.9.0 from source (for m68k, use the 2.7.0-m68k
  code from https://github.com/vivier/qemu-m68k.git):
  $ ../configure --prefix=/home/bruno/inst-qemu/2.9.0 
--target-list=aarch64-softmmu,alpha-softmmu,arm-softmmu,i386-softmmu,m68k-softmmu,mips-softmmu,mipsel-softmmu,mips64-softmmu,mips64el-softmmu,ppc-softmmu,ppc64-softmmu,s390x-softmmu,sh4-softmmu,sparc-softmmu,sparc64-softmmu,x86_64-softmmu,aarch64-linux-user,alpha-linux-user,arm-linux-user,hppa-linux-user,m68k-linux-user,mips-linux-user,mipsel-linux-user,mips64-linux-user,mips64el-linux-user,ppc-linux-user,ppc64-linux-user,ppc64le-linux-user,s390x-linux-user,sh4-linux-user,sparc-linux-user,sparc64-linux-user
 --disable-strip --disable-werror --enable-gtk --enable-vnc
  $ make
  $ make install

  3) Cross-compile the programs:

  $ aarch64-linux-gnu-gcc-5 -O hello.c -o hello.aarch64
  $ alpha-linux-gnu-gcc-5 -O hello.c -o hello.alpha
  $ arm-linux-gnueabihf-gcc-5 -O hello.c -o hello.armhf
  $ hppa-linux-gnu-gcc-5 -O hello.c -o hello.hppa
  $ m68k-linux-gnu-gcc-5 -O hello.c -o hello.m68k
  $ mips-linux-gnu-gcc-5 -O hello.c -o hello.mips
  $ mips64-linux-gnuabi64-gcc-5 -O hello.c -o hello.mips64
  $ powerpc-linux-gnu-gcc-5 -O hello.c -o hello.powerpc
  $ powerpc64-linux-gnu-gcc-5 -O hello.c -o hello.powerpc64
  $ powerpc64le-linux-gnu-gcc-5 -O hello.c -o hello.powerpc64le
  $ s390x-linux-gnu-gcc-5 -O hello.c -o hello.s390x
  $ sh4-linux-gnu-gcc-5 -O hello.c -o hello.sh4
  $ sparc64-linux-gnu-gcc-5 -O hello.c -o hello.sparc64

  4) Run the programs:

  * aarch64 works:
  $ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-aarch64 
hello.aarch64
  Hello world

  * alpha works:
  $ QEMU_LD_PREFIX=/usr/alpha-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-alpha 
hello.alpha 
  Hello world

  * armhf works:
  $ QEMU_LD_PREFIX=/usr/arm-linux-gnueabihf ~/inst-qemu/2.9.0/bin/qemu-arm 
hello.armhf
  Hello world

  * powerpc64le works:
  $ QEMU_LD_PREFIX=/usr/powerpc64le-linux-gnu 
~/inst-qemu/2.9.0/bin/qemu-ppc64le hello.powerpc64le
  Hello world

  * sh4 works:
  $ QEMU_LD_PREFIX=/usr/sh4-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-sh4 hello.sh4
  Hello world

  * = sparc64 does not work:
  $ QEMU_LD_PREFIX=/usr/sparc64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-sparc64 
hello.sparc64
  Segmentation fault (core dumped)

  When I copy the file to a machine with `uname -srm` = "Linux 4.5.0-2-sparc64 
sparc64",
  it works:
  $ ./hello.sparc64
  Hello world

  When I copy the file and its execution environment /usr/sparc64-linux-gnu to 
the
  same machine and run the binary in a chroot environment:
  # /bin/hello.sparc64 
  Hello world

  * = mips does not work:
  $ QEMU_LD_PREFIX=/usr/mips-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-mips 
hello.mips
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped

  When I copy the file to a machine with `uname -srm` = "Linux 
3.16.0-4-4kc-malta mips",
  it works:
  $ ./hello.mips
  Hello world

  When I copy the file and its execution environment /usr/mips-linux-gnu to the
  same machine and run the binary in a chroot environment:
  # /bin/hello.mips 
  Hello world

  * = mips64 does not work:
  $ 

Re: [Qemu-devel] Help with Windows NT 4.0

[G 3]

On Aug 15, 2017, at 6:27 PM, Paolo Bonzini wrote:


On 15/08/2017 20:46, Programmingkid wrote:


On Aug 14, 2017, at 2:51 AM, Paolo Bonzini   
wrote:


On 13/08/2017 21:13, Programmingkid wrote:

Lately I found out that Windows NT 4.0 seems to work well with the
486 and pentium processors. Using "-cpu 486" made installing it
actually work. Now I am seeing another issue. When I boot  
Windows NT

4.0 I see this error message:

*** STOP: 0x007B (0x807A8610,0x,0x,0x)
INACESSIBLE_BOOT_DEVICE

Would anyone know a way to solve this issue?


Hervé is probably the best person to answer this question.  Maybe  
try

installing it with SCSI disks ("-drive if=scsi,id=hd,file=... -drive
if=scsi,id=cd,file=... -device lsi -device scsi-hd,drive=hd -device
scsi-cd,drive=cd").

Thanks,

Paolo


Thanks for the help. Unfortunately trying to boot from the install  
CD leads to the INACCESSIBLE_BOOT_DEVICE error when using SCSI.


Try with 0.12.


After doing a lot of bisecting I found a patch that did break Windows  
NT 4.0 compatibility long ago. Not sure if it is the problem we face  
today. This is it:


commit 2bec46dc97571a3c34b18fe4ca198e7bfbdca41f
Author: aliguori 
Date:   Mon Nov 24 20:21:41 2008 +

vga optimization (Glauber Costa)

Hypervisors like KVM perform badly while doing mmio on
a loop, because it'll generate an exit on each access.
This is the case with VGA, which results in very bad
performance.

In this patch, we map the linear frame buffer as RAM,
make sure it has dirty region tracking enabled, and then
just let the region to be written.

Re: [Qemu-devel] [RFC v4 08/13] ide: enumerate_slots implementation

[John Snow]

On 08/14/2017 05:57 PM, Eduardo Habkost wrote:
> Example output when using "-machine q35":
> 
>   {
> "available": true,
> "count": 1,
> "device-types": [
>   "ide-device"
> ],
> "hotpluggable": false,
> "opts": [
>   { "option": "unit", "values": 0 },
>   { "option": "bus", "values": "ide.2" }
> ],
> "opts-complete": true
>   }
>   {
> "available": false,
> "count": 1,
> "device": "/machine/unattached/device[19]",
> "device-types": [
>   "ide-device"
> ],
> "hotpluggable": false,
> "opts": [
>   { "option": "unit", "values": 1 },
>   { "option": "bus", "values": "ide.2" } ],
> "opts-complete": true
>   }
>   {
> "available": true,
> "count": 10,
> "device-types": [
>   "ide-device"
> ],
> "hotpluggable": false,
> "opts": [
>   { "option": "unit", "values": [ [ 0, 1 ] ] },

Hm, these unit values aren't really correct -- we do not support
primary/secondary semantics for IDE buses on the AHCI device. I guess
they technically exist, but you cannot use them for anything.

Should I do something to "disable" or otherwise hide the unusable
secondary unit slots for AHCI devices?

--js

>   { "option": "bus", "values": [ "ide.4", "ide.3", "ide.5", "ide.0", 
> "ide.1" ] }
> ],
> "opts-complete": true
>   }
> 
> Cc: John Snow 
> Cc: qemu-bl...@nongnu.org
> Signed-off-by: Eduardo Habkost 
> ---
>  hw/ide/qdev.c | 26 ++
>  1 file changed, 26 insertions(+)
> 
> diff --git a/hw/ide/qdev.c b/hw/ide/qdev.c
> index f17da1f..cc96f6f 100644
> --- a/hw/ide/qdev.c
> +++ b/hw/ide/qdev.c
> @@ -25,6 +25,7 @@
>  #include "sysemu/block-backend.h"
>  #include "sysemu/blockdev.h"
>  #include "hw/block/block.h"
> +#include "hw/qdev-slotinfo.h"
>  #include "sysemu/sysemu.h"
>  #include "qapi/visitor.h"
>  
> @@ -38,6 +39,30 @@ static Property ide_props[] = {
>  DEFINE_PROP_END_OF_LIST(),
>  };
>  
> +static DeviceSlotInfoList *ide_bus_enumerate_slots(BusState *bus)
> +{
> +int unit;
> +DeviceSlotInfoList *r = NULL;
> +IDEBus *ib = IDE_BUS(bus);
> +
> +for (unit = 0; unit < 2; unit++) {
> +DeviceSlotInfo *s = make_slot(bus);
> +IDEDevice *dev = (unit ? ib->master : ib->slave);
> +slot_add_opt_int(s, "unit", unit);
> +s->opts_complete = true;
> +s->has_count = true;
> +s->count = 1;
> +if (dev) {
> +s->available = false;
> +s->has_device = true;
> +s->device = object_get_canonical_path(OBJECT(dev));
> +}
> +slot_list_add_slot(&r, s);
> +}
> +
> +return r;
> +}
> +
>  static void ide_bus_class_init(ObjectClass *klass, void *data)
>  {
>  BusClass *k = BUS_CLASS(klass);
> @@ -45,6 +70,7 @@ static void ide_bus_class_init(ObjectClass *klass, void 
> *data)
>  k->get_fw_dev_path = idebus_get_fw_dev_path;
>  k->unrealize = idebus_unrealize;
>  k->device_type = TYPE_IDE_DEVICE;
> +k->enumerate_slots = ide_bus_enumerate_slots;
>  }
>  
>  static void idebus_unrealize(BusState *bus, Error **errp)
> 

Re: [Qemu-devel] [Qemu-block] [PATCH v2 00/10] Correct two minor QMP interface design flaws

[John Snow]

On 08/16/2017 05:41 PM, Eric Blake wrote:
> On 08/16/2017 04:34 PM, John Snow wrote:
>> Looks like this series got no replies (maybe a failure of my mail
>> filtering?) but it has since been merged, so purely for my own selfish
>> purposes;
> 
> No replies to v2 due to the fact that the differences from v1 were
> trivial enough to keep R-b from that spin (it was mostly conflict
> resolution that required the respin).
> 

That's fine; just very visibly marking it as "done" for the purposes of
the list, archives, tooling, etc.

--js

Re: [Qemu-devel] [Qemu-block] [PATCH v2 00/10] Correct two minor QMP interface design flaws

[Eric Blake]

On 08/16/2017 04:34 PM, John Snow wrote:
> Looks like this series got no replies (maybe a failure of my mail
> filtering?) but it has since been merged, so purely for my own selfish
> purposes;

No replies to v2 due to the fact that the differences from v1 were
trivial enough to keep R-b from that spin (it was mostly conflict
resolution that required the respin).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [Qemu-block] [PATCH for-2.10] tests/multiboot: Fix whitespace failure

[John Snow]

No replies that I can see, but merged as:

01a02ec4f6b6a12df7acfb6ad820b384b48cbf70 tests/multiboot: Fix whitespace
failure

Thanks

On 08/08/2017 10:34 AM, Eric Blake wrote:
> Commit b43671f8 accidentally broke run_test.sh within tests/multiboot;
> due to a subtle change in whitespace.
> 
> These two commands produce theh same output (at least, for sane $IFS
> of space-tab-newline):
> 
> echo -e "...$@..."
> echo -e "...$*..."
> 
> But that's only because echo inserts spaces between multiple arguments
> (the $@ case), while the $* form gives a single argument to echo with
> the spaces already present.
> 
> But when converting to printf %b, there are no automatic spaces between
> multiple arguments, so we HAVE to use $*.
> 
> It doesn't help that run_test.sh isn't part of 'make check'.
> 
> Signed-off-by: Eric Blake 
> ---
>  tests/multiboot/run_test.sh | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/multiboot/run_test.sh b/tests/multiboot/run_test.sh
> index c8f3da8f37..0278148b43 100755
> --- a/tests/multiboot/run_test.sh
> +++ b/tests/multiboot/run_test.sh
> @@ -26,7 +26,7 @@ run_qemu() {
>  local kernel=$1
>  shift
> 
> -printf %b "\n\n=== Running test case: $kernel $@ ===\n\n" >> test.log
> +printf %b "\n\n=== Running test case: $kernel $* ===\n\n" >> test.log
> 
>  $QEMU \
>  -kernel $kernel \
> 

[Qemu-devel] [Bug 1576347] Re: Only one NVMe device is usable in Windows (10) guest

[Sergey Blagodurov]

Trying it on Windows 10 guest and QEMU 2.8.0 has the same issue. However, I 
noticed that:
  Supplying 1 NVMe drive -> Win10 sees it.
  Supplying 2 NVMe drives -> Win10 sees only one of them.
  Supplying 3 NVMe drives -> Win10 sees only two of them.
So I still have been able to create a ReFS mirrored storage space with two NVMe 
disks under QEMU, I just had to pass three drives instead of two:

qemu-system-x86_64 -enable-kvm <...> -drive
file=/media/ssd/NVMe_drvA.qcow2,id=diskNVMeA,format=qcow2,if=none -drive
file=/media/ssd/NVMe_drvB.qcow2,id=diskNVMeB,format=qcow2,if=none -drive
file=/media/ssd/NVMe_drvC.qcow2,id=diskNVMeC,format=qcow2,if=none
-device nvme,drive=diskNVMeA,serial=foo -device
nvme,drive=diskNVMeB,serial=foo -device nvme,drive=diskNVMeC,serial=foo

Hope this helps,
--Sergey

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1576347

Title:
  Only one NVMe device is usable in Windows (10) guest

Status in QEMU:
  New

Bug description:
  Full command: qemu-system-x86_64 -enable-kvm -cpu host -smp cores=4 -m
  4G -net bridge -net nic -full-screen -drive
  file=ovmf_x64.bin,format=raw,if=pflash -drive
  file=disks/win16_ide.img,format=raw,cache=none,aio=native -drive
  file=disks/one.img,if=none,format=qcow2,id=one -drive
  file=disks/two.img,if=none,format=qcow2,id=two -device
  nvme,drive=one,serial=E86C3CFC43518D6F -device
  nvme,drive=two,serial=2BDAC262CF831698

  QEMU version: 2.5.0

  Kernel: 4.5.1 (Arch Linux)

  When there are two NVMe devices specified, only the second one will be
  usable in Windows. The following error is shown under "Device status"
  of the failed NVMe controller in Device Manager:

  "This device cannot start. (Code 10)

  The I/O device is configured incorrectly or the configuration
  parameters to the driver are incorrect."

  The only thing seems suspicious to me is that the nvme emulation in
  qemu does not have WWN/EUI-64 set for the devices, though I have no
  idea at all whether that is mandatory:

  "C:\Windows\system32>sg_vpd -i PD1
  Device Identification VPD page:
Addressed logical unit:
  designator type: SCSI name string,  code set: UTF-8
SCSI name string:
8086QEMU NVMe Ctrl  00012BDAC262CF831698

  C:\Windows\system32>sg_vpd -p sn PD1
  Unit serial number VPD page:
Unit serial number: ___."

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1576347/+subscriptions

Re: [Qemu-devel] [Qemu-block] [PATCH v2 00/10] Correct two minor QMP interface design flaws

[John Snow]

Looks like this series got no replies (maybe a failure of my mail
filtering?) but it has since been merged, so purely for my own selfish
purposes;

Merged upstream as:

01fa55982692fb51a16049b63b571651a1053989 migration: Use JSON null
instead of "" to reset parameter to default
1bda8b3c6950f74482ba19e8529db72b511ba977 migration: Unshare
MigrationParameters struct for now
e87fae4c488ff8a10b921311a63f16b94031c611 migration: Add TODO comments on
duplication of QAPI_CLONE()
8cc99dcdc264bc896926e43e7576c7b7ab633d70 migration: Clean up around
tls_creds, tls_hostname
7e91e82044f8d23acfb9949a2cdd667a6b239acd hmp: Clean up and simplify
hmp_migrate_set_parameter()
c42e8742f527476839bcc5f91c3d2ea456ca6a45 block: Use JSON null instead of
"" to disable backing file
06f80154b2ada1d58ac504e98ff6e943b069b96c
tests/test-qobject-input-visitor: Drop redundant test
4d2d5c41a9e8ee201cda8be8701f7f9fc92e71aa qapi: Introduce a first class
'null' type
d2f95f4d482374485234790a6fc3cca29ebb7355 qapi: Use QNull for a more
regular visit_type_null()
006ca09f3027d86346fce707e9295975c6558f42 qapi: Separate type QNull from
QObject

--js

On 07/20/2017 03:53 AM, Markus Armbruster wrote:
> blockdev-add and migrate-set-parameters overload empty strings to mean
> something entirely different.  See my memo "qapi: Stop abusing
> "special" values for something entirely different" for details.
> 
> Message-ID: <87379zhrhn@dusky.pond.sub.org>
> https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg04526.html
> 
> This series deprecates these usages of "" in favour of JSON null.
> Because we're so close to the 2.10 freeze, the implementation is
> intentionally stupid: rewrite null to "" at first opportunity.  The
> proper way to do it would be rewriting "" to null, but that requires
> fixing up code to work with null.  There are TODO comments for that.
> I'm willing to take care of them in the next development cycle.
> 

Did this get dropped in favor of a more comprehensive 2.11 fix?

> v2, because my pull request clashed with Juan's:
> * Rebased, non-trivial conflicts in migration/migration.c
> * PATCH 02: Commit message typo [Eric]
>   Fix ppc [patchew]
> * PATCH 03: qapi-code-gen.txt update [Eric]
> * PATCH 09: Conflict resolution, somewhat ugly
> * PATCH 10: Doc improvement [Eric]
>   Conflict resolution
> 
> Markus Armbruster (10):
>   qapi: Separate type QNull from QObject
>   qapi: Use QNull for a more regular visit_type_null()
>   qapi: Introduce a first class 'null' type
>   tests/test-qobject-input-visitor: Drop redundant test
>   block: Use JSON null instead of "" to disable backing file
>   hmp: Clean up and simplify hmp_migrate_set_parameter()
>   migration: Clean up around tls_creds, tls_hostname
>   migration: Add TODO comments on duplication of QAPI_CLONE()
>   migration: Unshare MigrationParameters struct for now
>   migration: Use JSON null instead of "" to reset parameter to default
> 
>  blockdev.c  |  14 +
>  docs/devel/qapi-code-gen.txt|  10 +--
>  hmp.c   |  88 --
>  hw/ppc/spapr_drc.c  |   4 +-
>  include/qapi/qmp/qobject.h  |  10 ++-
>  include/qapi/visitor-impl.h |   3 +-
>  include/qapi/visitor.h  |   8 +--
>  include/qemu/typedefs.h |   1 +
>  migration/migration.c   |  96 +---
>  qapi-schema.json| 108 
> 
>  qapi/block-core.json|  29 ++---
>  qapi/qapi-clone-visitor.c   |   5 +-
>  qapi/qapi-dealloc-visitor.c |   6 +-
>  qapi/qapi-visit-core.c  |   7 ++-
>  qapi/qobject-input-visitor.c|   6 +-
>  qapi/qobject-output-visitor.c   |   5 +-
>  qapi/string-input-visitor.c |   8 ++-
>  qapi/string-output-visitor.c|   3 +-
>  qapi/trace-events   |   2 +-
>  qobject/json-parser.c   |   2 +-
>  qobject/qnull.c |   8 ++-
>  scripts/qapi.py |   5 +-
>  target/i386/cpu.c   |   4 +-
>  target/ppc/translate_init.c |   5 +-
>  tests/check-qjson.c |   6 +-
>  tests/check-qnull.c |  27 
>  tests/qapi-schema/qapi-schema-test.json |   3 +-
>  tests/qapi-schema/qapi-schema-test.out  |   1 +
>  tests/qemu-iotests/085  |   2 +-
>  tests/qemu-iotests/139  |   2 +-
>  tests/test-qobject-input-visitor.c  |  24 ---
>  tests/test-qobject-output-visitor.c |  13 +++-
>  32 files changed, 378 insertions(+), 137 deletions(-)
> 

Re: [Qemu-devel] [PATCH 26/28] openrisc: replace cpu_openrisc_init() with cpu_generic_init()

[Stafford Horne]

On Fri, Jul 14, 2017 at 03:52:17PM +0200, Igor Mammedov wrote:
> it's just a wrapper, drop it and use cpu_generic_init() directly
> 
> Signed-off-by: Igor Mammedov 
> ---
> CC: Jia Liu 
> CC: Stafford Horne 
> ---
>  target/openrisc/cpu.h  | 4 +---
>  hw/openrisc/openrisc_sim.c | 2 +-
>  target/openrisc/cpu.c  | 5 -
>  3 files changed, 2 insertions(+), 9 deletions(-)

Sorry, I thought I had acked this earlier.

Acked-by: Stafford Horne 

Re: [Qemu-devel] [PATCH 00/17] nbd client refactoring and fixing

[Eric Blake]

On 08/04/2017 10:14 AM, Vladimir Sementsov-Ogievskiy wrote:
> A bit more refactoring and fixing before BLOCK_STATUS series.
> I've tried to make individual patches simple enough, so there are
> a lot of them.

Is your BLOCK_STATUS series something that is in good enough shape to
post a preliminary version of it (the version you posted back in
February is now horribly out-of-date, with all the good cleanups you
have been doing in the meantime).  I want to get a running start at
reviewing what I can to make sure we get improved NBD functionality into
2.11.

Also, please feel free to offer your Reviewed-by on other patches
(whether NBD-related or not).  Speaking as the NBD maintainer, I welcome
any help I can get.  And from personal experience, reviews tend to be
one of the largest bottlenecks in open source software - if you are
writing patches but not offering reviews, then you are adding to the
bottleneck so reviewers tend to set your patches aside for when they
have more time; while if you are actively offering reviews, then it is
obvious that you care about the project and your patch contributions
tend to have an easier time getting in.  My personal rule of thumb is to
try and review at least 2 other patches for every one that I send,
although that is a rather ambitious goal and there's nothing wrong if
you can't commit to theh same level of effort.

> 
> Vladimir Sementsov-Ogievskiy (17):
>   nbd/client: fix nbd_opt_go
>   nbd/client: refactor nbd_read_eof
>   nbd/client: refactor nbd_receive_reply
>   nbd/client: fix nbd_send_request to return int
>   block/nbd-client: get rid of ssize_t
>   block/nbd-client: fix nbd_read_reply_entry
>   block/nbd-client: refactor request send/receive
>   block/nbd-client: rename nbd_recv_coroutines_enter_all
>   block/nbd-client: move nbd_co_receive_reply content into
> nbd_co_request
>   block/nbd-client: move nbd_coroutine_end content into nbd_co_request
>   block/nbd-client: fix nbd_co_request: set s->reply.handle to 0 on
> error
>   block/nbd-client: refactor nbd_co_request
>   block/nbd-client: refactor NBDClientSession.recv_coroutine
>   block/nbd-client: exit reply-reading coroutine on incorrect handle
>   block/nbd-client: refactor reading reply
>   block/nbd-client: drop reply field from NBDClientSession
>   block/nbd-client: always return EIO on and after the first io channel
> error

Of course, parts of this will need rebasing based on what finally landed
in 2.10, but I can start reviewing what I can for this round.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [Qemu-block] [PATCH v6 0/4] Add shrink image for qcow2

[John Snow]

Over a month with no replies and we're nearing the next QEMU release. If
this patchset is still applicable, can you rebase and resend for 2.11?

--js

On 07/14/2017 11:37 AM, Pavel Butsykin wrote:
> This patch add shrinking of the image file for qcow2. As a result, this allows
> us to reduce the virtual image size and free up space on the disk without
> copying the image. Image can be fragmented and shrink is done by punching 
> holes
> in the image file.
> 
> # ./qemu-img create -f qcow2 image.qcow2 4G
> Formatting 'image.qcow2', fmt=qcow2 size=4294967296 encryption=off 
> cluster_size=65536 lazy_refcounts=off refcount_bits=16
> 
> # ./qemu-io -c "write -P 0x22 0 1G" image.qcow2
> wrote 1073741824/1073741824 bytes at offset 0
> 1 GiB, 1 ops; 0:00:04.59 (222.886 MiB/sec and 0.2177 ops/sec)
> 
> # ./qemu-img resize image.qcow2 512M
> warning: qemu-img: Shrinking an image will delete all data beyond the 
> shrunken image's end. Before performing such an operation, make sure there is 
> no important data there.
> error: qemu-img: Use the --shrink option to perform a shrink operation.
> 
> # ./qemu-img resize --shrink image.qcow2 128M
> Image resized.
> 
> # ./qemu-img info image.qcow2
> image: image.qcow2
> file format: qcow2
> virtual size: 128M (134217728 bytes)
> disk size: 128M
> cluster_size: 65536
> Format specific information:
> compat: 1.1
> lazy refcounts: false
> refcount bits: 16
> corrupt: false
> 
> # du -h image.qcow2
> 129Mimage.qcow2
> 
> Changes from v1:
> - add --shrink flag for qemu-img resize
> - add qcow2_cache_discard
> - simplify qcow2_shrink_l1_table() to reduce the likelihood of image 
> corruption
> - add new qemu-iotests for shrinking images
> 
> Changes from v2:
> - replace qprintf() on error_report() (1)
> - rewrite warning messages (1)
> - enforce --shrink flag for all formats except raw (1)
> - split qcow2_cache_discard() (2)
> - minor fixes according to comments (3)
> - rewrite the last part of qcow2_shrink_reftable() to avoid
>   qcow2_free_clusters() calls inside (3)
> - improve test for shrinking image (4)
> 
> Changes from v3:
> - rebase on "Implement a warning_report function" Alistair's patch-set (1)
> - spelling fixes (1)
> - the man page fix according to the discussion (1)
> - add call qcow2_signal_corruption() in case of image corruption (3)
> 
> Changes from v4:
> - rebase on https://github.com/XanClic/qemu/commits/block Max's block branch
> 
> Changes from v5:
> - the condition refcount == 0 should be enough to evict the l2/refcount 
> cluster
>   from the cache (2)
> - overwrite the l1/refcount table in memory with zeros, even if overwriting 
> the
>   l1/refcount table on disk has failed (3)
> - replace g_try_malloc() on g_malloc() for allocation reftable_tmp (3)
> 
> Pavel Butsykin (4):
>   qemu-img: add --shrink flag for resize
>   qcow2: add qcow2_cache_discard
>   qcow2: add shrink image support
>   qemu-iotests: add shrinking image test
> 
>  block/qcow2-cache.c|  26 +++
>  block/qcow2-cluster.c  |  50 +
>  block/qcow2-refcount.c | 140 -
>  block/qcow2.c  |  43 +---
>  block/qcow2.h  |  17 +
>  qapi/block-core.json   |   3 +-
>  qemu-img-cmds.hx   |   4 +-
>  qemu-img.c |  23 ++
>  qemu-img.texi  |   6 +-
>  tests/qemu-iotests/102 |   4 +-
>  tests/qemu-iotests/163 | 170 
> +
>  tests/qemu-iotests/163.out |   5 ++
>  tests/qemu-iotests/group   |   1 +
>  13 files changed, 475 insertions(+), 17 deletions(-)
>  create mode 100644 tests/qemu-iotests/163
>  create mode 100644 tests/qemu-iotests/163.out
> 

Re: [Qemu-devel] [Qemu-block] [PATCH v5 00/25] block: Fix some filename generation issues

[John Snow]

Bump for 2.11; I assume this needs to be rebased and resent, yes?

On 06/21/2017 08:50 AM, Max Reitz wrote:
> [If you have read the cover letter in x \in [v2, v4], there is nothing
>  new here; feel free to skip to the bottom to read the changes from v4.]
> 
> There are some issues regarding filename generation right now:
> 
> - You always get a JSON filename if you set even a single qcow2-specific
>   runtime options (as long as it does not have a dot in it, which is a
>   bug, too, but here it is working in our favor...). That is not nice
>   and actually breaks the usage of backing files with relative
>   filenames with such qcow2 BDS.
> 
> - As hinted above, you cannot use relative backing filenames with BDS
>   that have a JSON filename only, even though qemu might be able to
>   obtain the directory name by walking through the BDS graph to the
>   protocol level.
> 
> - Overriding the backing file at runtime should invalidate the filename
>   because it actually changes the BDS's data.  Therefore, we need to
>   force a JSON filename in that case, containing the backing file
>   override.
> 
> - Much of our code assumes paths never to exceed PATH_MAX in length.
>   This is wrong, at least because of JSON filenames. This should be
>   fixed wherever the opportunity arises.
> 
> - If a driver decides to implement bdrv_refresh_filename(), that
>   implementation has to not only refresh the filename (as one would
>   think) but it must also refresh the runtime options
>   (bs->full_open_options). That is stupid. (I'm allowed to say that
>   because I'm to blame for it.)
> 
> This series is enclosed by four patches (two at the front, two at the
> back) that fix more or less general issues. They are included because:
> - Patch 1 is required so that in patch 3 it's obvious why we don't need
>   to set backing_overriden there or call bdrv_refresh_filename()
> - Patch 2 is already reviewed, so I might just as well keep it.
> - Patches 24 and 25 are basically general bug fixes. Their connection to
>   this series is obvious, however, I think, and they depend on the rest
>   of the series, so I decided to just put them in.
> 
> Patches 3 and 4 address the third issue above, and patch 23 adds
> something that's missing from patch 3. It cannot be squashed into patch
> 3, however, because it depends on functionality introduced by patches 18
> to 22.
> Consequently, patch 3 introduces a FIXME that is resolved by patch 23.
> 
> Patches 5 to 9 address the fourth issue above, and are also necessary
> preparation for the following patches.
> 
> Patches 10 to 16 address the second issue above, patch 17 adds a test
> case. They implement a bdrv_dirname() function that returns the base
> directory of a BDS by walking through the BDS graph to the protocol
> layer and then trying to obtain a path based on that BDS's
> exact_filename. This obviously fails if exact_filename on the protocol
> layer is not set.
> This behavior can be overriden either by any block driver along the way
> implementing bdrv_dirname() itself or by the user through the new
> 'base-directory' node option. This may allow us to resolve relative
> filenames even if the reference BDS only has a JSON filename.
> 
> Patches 18 to 22 address both the first and last issues above. They add
> a field called "sgfnt_runtime_opts" to the BlockDriver structure. Block
> drivers may point this to an array containing all of the runtime options
> they accept that may change their BDS's data (i.e. that are
> "significant"). bdrv_refresh_filename() will use this list to generate
> bs->full_open_options itself (with only a little help by the block
> driver, if necessary, through the .bdrv_gather_child_options()
> function). This not only simplifies the process significantly, but also
> results in the default implementation generating JSON filenames only
> when really necessary.
> 
> 
> v5: Rebased on my block branch and addressed Eric's comments on v4
> - Patch 1: Rebase conflict (bdrv_set_backing_hd() is now called in
>mirror_exit() instead of mirror_complete())
> - Patch 2: Drop bdrv_refresh_filename() calls in the commit and mirror
>block drivers' implementations of that very function
> - Patch 5: Rebase conflict due to 0d54a6fed3ebaf0e
> - Patch 7: Rebase conflict due to 418661e0324c1c41
> - Patch 10: Added comment on bdrv_dirname()'s interface [Eric]
> - Patch 13: Drop NBD bdrv_dirname() support [Eric]
> - Patch 16: More or less contextual rebase conflicts, bumped qemu's
> version number, removed the "#optional"
> - Patch 18: More block drivers to support
> - Patch 19:
>   - Added comment on bdrv_gather_child_options()'s interface
>   - Fixed implementation for VMDK: We should check that bs->backing is
> non-NULL before accessing it (and it may be NULL even if
> bs->backing_overridden is true)
> - Patch 21:
>   - Added comment on bdrv_refresh_filename()'s interface
>   - Rebase conflicts mostly because of the new qdict_put_

Re: [Qemu-devel] [PATCH RFC 4/9] tests: Add vm test lib

[Fam Zheng]

On Wed, 08/16 09:55, Stefan Hajnoczi wrote:
> On Wed, Aug 16, 2017 at 03:20:59PM +0800, Fam Zheng wrote:
> > +class BaseVM(object):
> > +GUEST_USER = "qemu"
> > +GUEST_PASS = "qemupass"
> > +ROOT_PASS = "qemupass"
> > +
> > +# The script to run in the guest that builds QEMU
> > +BUILD_SCRIPT = ""
> > +# The guest name, to be overridden by subclasses
> > +name = "#base"
> > +def __init__(self, debug=False):
> > +self._guest = None
> > +self.ssh_port = 20022
> 
> Only one instance of this test can be run per machine due to the
> hardcoded SSH port number on the host.
> 
> It is possible to use:
> 
>   -netdev user,id=vnet,hostfwd=:0.0.0.0:0-:22
> 
> and then query the port number:
> 
>   (qemu) info usernet
>   VLAN -1 (vnet):
>   Protocol[State]FD  Source Address  Port   Dest. Address  Port RecvQ 
> SendQ
>   TCP[HOST_FORWARD]  15   * 36089   10.0.2.1522 0 > 0
> 
> The host port is 36089 in this example.
> 
> I'm not aware of a QMP equivalent for "info usernet".  It may be
> necessary to implement a query-usernet command if you don't want to use
> HMP.

Sounds good. Will try. Using HMP is good enough to start with, we can add
query-usernet on top.

> 
> > +self._tmpdir = tempfile.mkdtemp(prefix="qemu-vm-")
> > +atexit.register(shutil.rmtree, self._tmpdir)
> > +
> > +self._ssh_key_file = os.path.join(self._tmpdir, "id_rsa")
> > +open(self._ssh_key_file, "w").write(SSH_KEY)
> > +subprocess.check_call(["chmod", "600", self._ssh_key_file])
> > +
> > +self._ssh_pub_key_file = os.path.join(self._tmpdir, "id_rsa.pub")
> > +open(self._ssh_pub_key_file, "w").write(SSH_PUB_KEY)
> > +
> > +self.debug = debug
> > +self._stderr = sys.stderr
> > +self._devnull = open("/dev/null", "w")
> > +if self.debug:
> > +self._stdout = sys.stdout
> > +else:
> > +self._stdout = self._devnull
> > +self._args = [ \
> > +"-nodefaults", "-enable-kvm", "-m", "2G",
> > +"-smp", os.environ.get("J", "4"), "-cpu", "host",
> 
> Can this be a command-line option in main() and a constructor argument
> instead of an environment variable?  That would be cleaner because the
> use of "J" might be surprising to someone who happens to have it set in
> their environment.

Yes, "J" should be handled in the Makefile.

> 
> > +"-netdev", "user,id=vnet,hostfwd=:0.0.0.0:%d-:22" % 
> > self.ssh_port,
> > +"-device", "virtio-net-pci,netdev=vnet",
> > +"-vnc", ":0,to=20",
> > +"-serial", "file:%s" % os.path.join(self._tmpdir, 
> > "serial.out")]
> > +
> > +self._data_args = []
> > +
> > +def _download_with_cache(self, url):
> > +cache_dir = os.path.expanduser("~/.cache/qemu-vm/download")
> > +subprocess.check_call(["mkdir", "-p", cache_dir])
> 
> os.makedirs()

OK.

> 
> > +fname = os.path.join(cache_dir, hashlib.sha1(url).hexdigest())
> > +if os.path.exists(fname):
> > +return fname
> > +logging.debug("Downloading %s to %s...", url, fname)
> > +subprocess.check_call(["wget", "-c", url, "-O", fname + 
> > ".download"],
> > +  stdout=self._stdout, stderr=self._stderr)
> 
> It might be important to support image file updates without manually
> deleting ~/.cache.  You can probably make wget send an HTTP
> If-Modified-Since header or something similar.  There are 3 cases:
> 
> 1. Existing file is up-to-date.  No download after HEAD request.
> 2. Existing file is outdated, download the newest version.
> 3. Failure or timeout, use the old version for now.

Since the URLs are not https, maybe add sha256sum of images in the subclasses so
it is MITM-safe? It is also much simpler code, I think.

> 
> > +subprocess.check_call(["mv", fname + ".download", fname],
> > +  stdout=self._stdout, stderr=self._stderr)
> 
> os.rename()

OK.

Fam

Re: [Qemu-devel] [PATCH RFC 3/9] qemu.py: Add "wait()" method

[Fam Zheng]

On Wed, 08/16 09:32, Stefan Hajnoczi wrote:
> On Wed, Aug 16, 2017 at 03:20:58PM +0800, Fam Zheng wrote:
> > Signed-off-by: Fam Zheng 
> > ---
> >  scripts/qemu.py | 5 +
> >  1 file changed, 5 insertions(+)
> > 
> > diff --git a/scripts/qemu.py b/scripts/qemu.py
> > index e5f314efdb..3e7eb44035 100644
> > --- a/scripts/qemu.py
> > +++ b/scripts/qemu.py
> > @@ -144,6 +144,11 @@ class QEMUMachine(object):
> >  self._post_shutdown()
> >  raise
> >  
> > +def wait(self):
> > +self._popen.wait()
> > +self._qmp.close()
> > +self._post_shutdown()
> > +
> 
> Please include docstrings for public methods.

OK.

> 
> Is this method for users who do not use shutdown() because the guest
> halts itself?

Yes, cooperative shutdown (e.g. "shutdown" command from guest or acpi signal) is
cleaner when we want to make sure changes are flushed to disk.

> 
> Why is self._load_io_log() not called?

Will add it.

Fam

Re: [Qemu-devel] [PATCH v5 0/8] KASLR kernel dump support

[Michael S. Tsirkin]

On Mon, Aug 07, 2017 at 08:16:10PM +0200, Marc-André Lureau wrote:
> Recent linux kernels enable KASLR to randomize phys/virt memory
> addresses. This series aims to provide enough information in qemu
> dumps so that crash utility can work with randomized kernel too (it
> hasn't been tested on other archs than x86 though, help welcome).
> 
> The previous design to provide qemu with debug details (using qemu-ga
> and a dedicated vmcoreinfo ACPI device) failed to satisfy the
> requirements during previous iterations.
> 
> In particular, the previous proposed vmcoreinfo ACPI device had the
> following issues:
> - hazardous memory handling with no explicit synchronization
> - occupy 2 fw-cfg entries (for memory and pointer)
> - occupy 4k of guest memory (this could have been tweaked)
> - did not provide ACPI methods (this could have been added)
> - may be difficult to maintain compatibility (according to Michael)
> 
> This is a new proposal, that leverage fw-cfg device instead of adding
> a new device. A "etc/vmcoreinfo" entry is added, where the guest,
> during boot or later, can write the addr/size location of an ELF note
> to be appended in the qemu dump.

Looks ok to me. Pls remember to ping after release.

> Note: only guest kernel is expected to write to a fw-cfg entry.  This
> method is not meant for general qemu/user-space communication. There
> are more appropriate devices for this purpose, and the guest kernel
> should not expose this facility.
> 
> This is quite easier to implement, and uses less of the limited fw-cfg
> slots, and guest memory. It also solves the synchronization issue, and
> may be easier to discover or to maintain compatibility.
> 
> The Linux ELF note is expected to be the VMCOREINFO note, which will
> have a special handling in qemu in this case helping kaslr-kernel
> debugging. But it could be any valid ELF note.
> 
> Crash 7.1.9 will parse the "phys_base" value from the VMCOREINFO note,
> and thus will work with KASLR-dump produced by this series.
> 
> The series implements the note addition in qemu ELF/kdump,
> as well as the python scripts/dump-guest-memory.py.
> 
> To test:
> 
> Using kernel from https://github.com/elmarco/linux fw-cfg branch,
> Compile and run guest kernel with CONFIG_RANDOMIZE_BASE=y & 
> CONFIG_FW_CFG_SYSFS=y.
> 
> Run qemu with -global fw_cfg.vmcoreinfo=on
> 
> Produce an ELF dump:
> { "execute": "dump-guest-memory", "arguments": { "protocol": "file:dump", 
> "paging": false } }
> 
> Produce a kdump:
> { "execute": "dump-guest-memory", "arguments": { "protocol": "file:dump", 
> "paging": false, "format": "kdump-zlib" } }
> 
> Or with (gdb) dump-guest-memory, with scripts/dump-guest-memory.py script.
> 
> Analyze with crash >= 7.1.9 (or the git version for 4.13 fixes..):
> 
> $ crash vmlinux dump
> 
> v5:
> - removed x-write-pointer-available patch from this series
> - drop vmcoreinfo device
> - add write callback to fw_cfg entries
> - add a writable fw_cfg "vmcoreinfo" entry
> - split phys_base update from VMCOREINFO note in a seperate patch
> - most patches had non-trivial changes, dropping reviewed-by tags
> 
> v4: from Laszlo review
> - switch to warn_report*()
> - update test to follow vmgenid and use boot-sector infrastructure
> - fix range checks in the python script
> - add vmcoreinfo_get() stub
> 
> v3: from Laszlo review
> - change vmcoreinfo offset to 36
> - reset err to null after report
> - use PRIu32
> - change name_size and desc_size against MAX_VMCOREINFO_SIZE
> - python code simplification
> - check boundaries of blocks in phys_memory_read()
> - fix some vmgi vs vmci names
> - add more comments in code
> - fix comment indentation
> - add r-b tags
> 
> v2: from Laszlo review
> - vmci: fix guest endianess handling
> - vmci: fix wrong sizeof()
> - vmci: add back reset logic from vmgenid
> - dump: have 1MB size limit for vmcoreinfo
> - dump: fix potential off-by-1 buffer manipulation
> - dump: use temporary variable for qemu_strtou64
> - dump: fixed VMCOREINFO duplication in kdump
> - update gdb script to not call into qemu process
> - update MAINTAINERS with some new files
> 
> Marc-André Lureau (8):
>   fw_cfg: rename read callback
>   fw_cfg: add write callback
>   fw_cfg: add vmcoreinfo file
>   dump: add guest ELF note
>   dump: update phys_base header field based on VMCOREINFO content
>   kdump: set vmcoreinfo location
>   scripts/dump-guest-memory.py: add vmcoreinfo
>   MAINTAINERS: add Dump maintainers
> 
>  scripts/dump-guest-memory.py |  51 
>  include/hw/compat.h  |   8 ++
>  include/hw/loader.h  |   2 +-
>  include/hw/nvram/fw_cfg.h|  18 -
>  include/sysemu/dump.h|   2 +
>  dump.c   | 179 
> +++
>  hw/acpi/vmgenid.c|   2 +-
>  hw/core/loader.c |   4 +-
>  hw/i386/acpi-build.c |   2 +-
>  hw/isa/lpc_ich9.c|   4 +-
>  hw/nvram/fw_cfg.c|  64 
>  MAINTAINERS

Re: [Qemu-devel] [Qemu-block] [PATCH v2 1/2] block: use internal filter node in backup

[Manos Pitsidianakis]

On Wed, Aug 16, 2017 at 02:25:44PM +0100, Stefan Hajnoczi wrote:

On Tue, Aug 15, 2017 at 11:18:53AM +0300, Manos Pitsidianakis wrote:

block/backup.c currently uses before write notifiers on the targeted
node. We can create a filter node instead to intercept write requests
for the backup job on the BDS level, instead of the BlockBackend level.

This is part of deprecating before write notifiers, which are hard coded
into the block layer. Block filter drivers are inserted into the graph
only when a feature is needed. This makes the block layer more modular
and reuses the block driver abstraction that is already present.

Signed-off-by: Manos Pitsidianakis 
---
 block.c|  89 +--
 block/backup.c | 207 -
 block/mirror.c |   7 +-
 blockdev.c |   2 +-
 include/block/block.h  |   8 +-
 tests/qemu-iotests/141.out |   2 +-
 6 files changed, 276 insertions(+), 39 deletions(-)

diff --git a/block.c b/block.c
index 2de1c29eb3..81bd51b670 100644
--- a/block.c
+++ b/block.c
@@ -2088,6 +2088,38 @@ static void bdrv_parent_cb_resize(BlockDriverState *bs)
 }

 /*
+ * Sets the file link of a BDS. A new reference is created; callers
+ * which don't need their own reference any more must call bdrv_unref().
+ */
+void bdrv_set_file(BlockDriverState *bs, BlockDriverState *file_bs,
+   Error **errp)
+{
+if (file_bs) {
+bdrv_ref(file_bs);
+}
+
+if (bs->file) {
+bdrv_unref_child(bs, bs->file);
+}
+
+if (!file_bs) {
+bs->file = NULL;
+goto out;
+}
+
+bs->file = bdrv_attach_child(bs, file_bs, "file", &child_file,
+ errp);
+if (!bs->file) {
+bdrv_unref(file_bs);
+}
+
+bdrv_refresh_filename(bs);
+
+out:
+bdrv_refresh_limits(bs, NULL);
+}
+
+/*
  * Sets the backing file link of a BDS. A new reference is created; callers
  * which don't need their own reference any more must call bdrv_unref().
  */
@@ -2355,12 +2387,12 @@ static BlockDriverState 
*bdrv_append_temp_snapshot(BlockDriverState *bs,
 goto out;
 }

-/* bdrv_append() consumes a strong reference to bs_snapshot
+/* bdrv_append_backing() consumes a strong reference to bs_snapshot
  * (i.e. it will call bdrv_unref() on it) even on error, so in
  * order to be able to return one, we have to increase
  * bs_snapshot's refcount here */
 bdrv_ref(bs_snapshot);
-bdrv_append(bs_snapshot, bs, &local_err);
+bdrv_append_backing(bs_snapshot, bs, &local_err);
 if (local_err) {
 error_propagate(errp, local_err);
 bs_snapshot = NULL;
@@ -3142,7 +3174,7 @@ static bool should_update_child(BdrvChild *c, 
BlockDriverState *to)
 return false;
 }

-if (c->role == &child_backing) {
+if (c->role == &child_backing || c->role == &child_file) {
 /* If @from is a backing file of @to, ignore the child to avoid
  * creating a loop. We only want to change the pointer of other
  * parents. */


This may have unwanted side-effects.  I think you're using is so that
bdrv_set_file() + bdrv_replace_node() does not create a loop in the
graph.  That is okay if there is only one parent with child_file.  If
there are multiple parents with that role then it's not clear to me that
they should all be skipped.


I am afraid I don't understand what you're saying. What is the 
difference with the child_backing scenario here?  In both cases we 
should update all from->parents children unless they also happen to be a 
child of `to`. If there are multiple parents with child_file, they are 
not skipped except for the ones where `to` is the parent.



@@ -3213,6 +3245,45 @@ out:
 }

 /*
+ * Add new bs node at the top of a BDS chain while the chain is
+ * live, while keeping required fields on the top layer.
+ *
+ * This will modify the BlockDriverState fields, and swap contents
+ * between bs_new and bs_top. Both bs_new and bs_top are modified.
+ *
+ * bs_new must not be attached to a BlockBackend.
+ *
+ * bdrv_append_file() takes ownership of a bs_new reference and unrefs it
+ * because that's what the callers commonly need. bs_new will be referenced by
+ * the old parents of bs_top after bdrv_append_file() returns. If the caller
+ * needs to keep a reference of its own, it must call bdrv_ref().
+ */
+void bdrv_append_file(BlockDriverState *bs_new, BlockDriverState *bs_top,
+  Error **errp)
+{
+Error *local_err = NULL;
+
+bdrv_ref(bs_top);
+bdrv_set_file(bs_new, bs_top, &local_err);


bdrv_set_file() takes its own reference so there's no need to call
bdrv_ref(bs_top).

But it would be more consistent with existing functions for
bdrv_set_file() *not* to take a new reference.  If you make that change
then this bdrv_ref() is correct.


+if (local_err) {
+error_propagate(errp, local_err);
+bdrv_set_file(bs_new, NULL, &erro

Re: [Qemu-devel] [PATCH 28/28] ppc: replace cpu_ppc_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:19PM +0200, Igor Mammedov wrote:
> it's just a wrapper, drop it and use cpu_generic_init() directly
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 24/28] lm32: replace cpu_lm32_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:15PM +0200, Igor Mammedov wrote:
> it's just a wrapper, drop it and use cpu_generic_init() directly
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 26/28] openrisc: replace cpu_openrisc_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:17PM +0200, Igor Mammedov wrote:
> it's just a wrapper, drop it and use cpu_generic_init() directly
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 27/28] unicore32: replace uc32_cpu_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:18PM +0200, Igor Mammedov wrote:
> it's just a wrapper, drop it and use cpu_generic_init() directly
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 25/28] moxie: replace cpu_moxie_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:16PM +0200, Igor Mammedov wrote:
> it's just a wrapper, drop it and use cpu_generic_init() directly
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 23/28] x86: replace cpu_x86_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:14PM +0200, Igor Mammedov wrote:
> it's just a wrapper, drop it and use cpu_generic_init() directly
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 20/28] sh4: replace cpu_sh4_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:11PM +0200, Igor Mammedov wrote:
> it's just a wrapper, drop it and use cpu_generic_init() directly
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 22/28] cris: replace cpu_cris_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:13PM +0200, Igor Mammedov wrote:
> it's just a wrapper, drop it and use cpu_generic_init() directly
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 19/28] tricore: replace cpu_tricore_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:10PM +0200, Igor Mammedov wrote:
> it's just a wrapper, drop it and use cpu_generic_init() directly
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 18/28] xtensa: replace cpu_xtensa_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:09PM +0200, Igor Mammedov wrote:
> call xtensa_irq_init() at realize time which makes
> cpu_xtensa_init() like generic cpu creation function.
> As result we can replace it with cpu_generic_init()
> which does the same job, reducing code duplication a bit.
> 
> Signed-off-by: Igor Mammedov 

Looks good to me.  Were you able to test it?

> ---
> CC: Max Filippov 
> ---
>  target/xtensa/cpu.h|  4 +---
>  hw/xtensa/sim.c|  2 +-
>  hw/xtensa/xtfpga.c |  2 +-
>  target/xtensa/cpu.c|  3 +++
>  target/xtensa/helper.c | 22 --
>  5 files changed, 6 insertions(+), 27 deletions(-)
> 
> diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
> index ee29fb1..4803331 100644
> --- a/target/xtensa/cpu.h
> +++ b/target/xtensa/cpu.h
> @@ -475,9 +475,7 @@ void xtensa_cpu_do_unaligned_access(CPUState *cpu, vaddr 
> addr,
>  #define XTENSA_DEFAULT_CPU_MODEL "dc232b"
>  #endif
>  
> -XtensaCPU *cpu_xtensa_init(const char *cpu_model);
> -
> -#define cpu_init(cpu_model) CPU(cpu_xtensa_init(cpu_model))
> +#define cpu_init(cpu_model) cpu_generic_init(TYPE_XTENSA_CPU, cpu_model)
>  
>  void xtensa_translate_init(void);
>  void xtensa_breakpoint_handler(CPUState *cs);
> diff --git a/hw/xtensa/sim.c b/hw/xtensa/sim.c
> index 5521e91..bf1f729 100644
> --- a/hw/xtensa/sim.c
> +++ b/hw/xtensa/sim.c
> @@ -86,7 +86,7 @@ static void xtensa_sim_init(MachineState *machine)
>  }
>  
>  for (n = 0; n < smp_cpus; n++) {
> -cpu = cpu_xtensa_init(cpu_model);
> +cpu = XTENSA_CPU(cpu_generic_init(TYPE_XTENSA_CPU, cpu_model));
>  if (cpu == NULL) {
>  error_report("unable to find CPU definition '%s'",
>   cpu_model);
> diff --git a/hw/xtensa/xtfpga.c b/hw/xtensa/xtfpga.c
> index d5ac080..b656660 100644
> --- a/hw/xtensa/xtfpga.c
> +++ b/hw/xtensa/xtfpga.c
> @@ -232,7 +232,7 @@ static void lx_init(const LxBoardDesc *board, 
> MachineState *machine)
>  }
>  
>  for (n = 0; n < smp_cpus; n++) {
> -cpu = cpu_xtensa_init(cpu_model);
> +cpu = XTENSA_CPU(cpu_generic_init(TYPE_XTENSA_CPU, cpu_model));
>  if (cpu == NULL) {
>  error_report("unable to find CPU definition '%s'",
>   cpu_model);
> diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c
> index cd7f958..85897df 100644
> --- a/target/xtensa/cpu.c
> +++ b/target/xtensa/cpu.c
> @@ -100,9 +100,12 @@ static ObjectClass *xtensa_cpu_class_by_name(const char 
> *cpu_model)
>  static void xtensa_cpu_realizefn(DeviceState *dev, Error **errp)
>  {
>  CPUState *cs = CPU(dev);
> +XtensaCPU *cpu = XTENSA_CPU(dev);
>  XtensaCPUClass *xcc = XTENSA_CPU_GET_CLASS(dev);
>  Error *local_err = NULL;
>  
> +xtensa_irq_init(&cpu->env);
> +
>  cpu_exec_realizefn(cs, &local_err);
>  if (local_err != NULL) {
>  error_propagate(errp, local_err);
> diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
> index bcd0b77..e8fba20 100644
> --- a/target/xtensa/helper.c
> +++ b/target/xtensa/helper.c
> @@ -113,28 +113,6 @@ void xtensa_breakpoint_handler(CPUState *cs)
>  }
>  }
>  
> -XtensaCPU *cpu_xtensa_init(const char *cpu_model)
> -{
> -ObjectClass *oc;
> -XtensaCPU *cpu;
> -CPUXtensaState *env;
> -
> -oc = cpu_class_by_name(TYPE_XTENSA_CPU, cpu_model);
> -if (oc == NULL) {
> -return NULL;
> -}
> -
> -cpu = XTENSA_CPU(object_new(object_class_get_name(oc)));
> -env = &cpu->env;
> -
> -xtensa_irq_init(env);
> -
> -object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
> -
> -return cpu;
> -}
> -
> -
>  void xtensa_cpu_list(FILE *f, fprintf_function cpu_fprintf)
>  {
>  XtensaConfigList *core = xtensa_cores;
> -- 
> 2.7.4
> 
> 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 17/28] tilegx: replace cpu_tilegx_init() with cpu_generic_init()

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:52:08PM +0200, Igor Mammedov wrote:
> cpu_tilegx_init() always falls back to TYPE_TILEGX_CPU object
> regardless of cpu_model. Put fallback logic into
> tilegx_cpu_class_by_name() which would translate any cpu_model
> into TYPE_TILEGX_CPU class and replace cpu_tilegx_init()
> with cpu_generic_init().
> 
> Signed-off-by: Igor Mammedov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 08/28] x86: extract legacy cpu features format parser

[Eduardo Habkost]

On Fri, Jul 14, 2017 at 03:51:59PM +0200, Igor Mammedov wrote:
> Move cpu_model +-feat parsing into a separate file so that it
> could be reused later for parsing similar format of sparc target
> 
> Signed-off-by: Igor Mammedov 
> ---
> CC: Riku Voipio 
> CC: Laurent Vivier 
> CC: Paolo Bonzini 
> CC: Richard Henderson 
> CC: Eduardo Habkost 
> ---
>  include/qom/cpu.h |   6 ++
>  default-configs/i386-bsd-user.mak |   1 +
>  default-configs/i386-linux-user.mak   |   1 +
>  default-configs/i386-softmmu.mak  |   1 +
>  default-configs/x86_64-bsd-user.mak   |   1 +
>  default-configs/x86_64-linux-user.mak |   1 +
>  default-configs/x86_64-softmmu.mak|   1 +
>  target/i386/cpu.c | 124 ++-
>  util/Makefile.objs|   1 +
>  util/legacy_cpu_features_parser.c | 153 
> ++
>  10 files changed, 172 insertions(+), 118 deletions(-)
>  create mode 100644 util/legacy_cpu_features_parser.c
> 
> diff --git a/include/qom/cpu.h b/include/qom/cpu.h
> index 7bfd50c..60aea03 100644
> --- a/include/qom/cpu.h
> +++ b/include/qom/cpu.h
> @@ -1039,4 +1039,10 @@ extern const struct VMStateDescription 
> vmstate_cpu_common;
>  
>  #define UNASSIGNED_CPU_INDEX -1
>  
> +int cpu_legacy_apply_features(Object *obj, GList *features, bool enable,
> +  Error **errp);
> +
> +void cpu_legacy_parse_featurestr(const char *typename, char *features,
> + GList **plus_features, GList 
> **minus_features,
> + Error **errp);

plus_features and minus_features only exist because of a (now
fixed) bug in the handling of cpu->max_features, and we don't
need them anymore, see the comment at x86_cpu_expand_features():

/*TODO: Now cpu->max_features doesn't overwrite features
 * set using QOM properties, and we can convert
 * plus_features & minus_features to global properties
 * inside x86_cpu_parse_featurestr() too.
 */

Let's remove them instead of exposing this unnecessary misfeature
on the generic API.

-- 
Eduardo

Re: [Qemu-devel] [PATCH v7 2/6] qmp: Create IOThrottle structure

[Markus Armbruster]

Eric Blake  writes:

> On 08/16/2017 11:13 AM, Markus Armbruster wrote:
>> Markus Armbruster  writes:
>> 
>
>>>
>>> Conclusion: no consensus, yet.
>> 
>> All right, let's start over and try to resolve the impasse and/or
>> misunderstanding.
>> 
>> Type BlockIOThrottle lives in qapi/block-core.json, and is used by QMP
>> command block_set_io_throttle.  Since 1.1.
>> 
>> Pradeep has a use case for throttling in fsdev.  Instead of duplicating
>> the relevant parts of BlockIOThrottle, qmp_block_set_io_throttle() and
>> hmp_block_set_io_throttle(), he factors them out smartly, into
>> 
>> * [PATCH 2] IOThrottle, base type of BlockIOThrottle
>> 
>> * [PATCH 3] throttle_set_io_limits(), called by
>>   qmp_block_set_io_throttle()
>> 
>> * [PATCH 4] hmp_initialize_io_throttle(), called by
>>   hmp_block_set_io_throttle()
>> 
>> throttle_set_io_limits() goes into existing util/throttle.c, and
>> hmp_initialize_io_throttle() goes into existing hmp.c.  The question is
>> where IOThrottle should go.
>
> Good summary.
>
>> 
>> Pradeep proposes to put it in new qapi/throttle.json.  Certainly
>> defensible, but I really don't like putting every little thing shared
>> across subsystem boundaries into its own schema file.
>
> I agree with the dislike of creating new files, if an existing file is
> adequate.
>
>> 
>> Let me step back and discuss why we split the QAPI schema into multiple
>> files in the first place.  For me, the one and only reason is
>> MAINTAINERS.
>
> Indeed, that's a good description of why splits would be appropriate.
> So the obvious next question is if this is a case that needs a new
> maintainer.
>
>> 
>> If the block folks should continue to maintain IOThrottle, then it
>> should stay put in block-core.json.
>
> I think Manos' work on making throttling a filter driver at the block
> layer is proof enough that it it is still fine to keep throttling
> maintained in block-core.json.
>
>> 
>> If somebody else should start maintaining it, it should move.  We'd need
>> a suitable entry in MAINTAINERS then.
>> 
>> I don't see why maintenance should change, and therefore believe it
>> should stay put.
>> 
>> Eric?
>
> I think we're in violent agreement: don't create a new file, and having
> the new factored type live in block-core.json is the best fit because we
> haven't come up with any reasons why it needs to be split.

Thanks, Eric.

Pradeep, please put IOThrottle right before BlocIOThrottle in
block-core.json.  Use it in fsdev.json without including
block-core.json.  Sorry for the delay.

Re: [Qemu-devel] [PATCH v6 3/3] hmp: introduce 'info memory_size_summary' command

[Dr. David Alan Gilbert]

* Vadim Galitsyn (vadim.galit...@profitbricks.com) wrote:
> This command is an equivalent of QMP command query-memory-size-summary.
> It provides the following memory information in bytes:
> 
>   * base-memory - size of "base" memory specified with command line option -m.
> 
>   * plugged-memory - amount of memory that was hot-plugged.
> If target does not have CONFIG_MEM_HOTPLUG enabled, no
> value is reported.
> 
> Signed-off-by: Vasilis Liaskovitis 
> Signed-off-by: Mohammed Gamal 
> Signed-off-by: Eduardo Otubo 
> Signed-off-by: Vadim Galitsyn 
> Reviewed-by: Eugene Crosser 
> Cc: Dr. David Alan Gilbert 
> Cc: Markus Armbruster 
> Cc: Igor Mammedov 
> Cc: Eric Blake 
> Cc: qemu-devel@nongnu.org
> ---
>  hmp-commands-info.hx | 16 
>  hmp.c| 16 
>  hmp.h|  1 +
>  3 files changed, 33 insertions(+)
> 
> diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
> index d9df238..04c9db8 100644
> --- a/hmp-commands-info.hx
> +++ b/hmp-commands-info.hx
> @@ -850,6 +850,22 @@ ETEXI
>  },
>  
>  STEXI
> +@item info memory_size_summary
> +@findex memory_size_summary
> +Display the amount of initially allocated and hot-plugged (if
> +enabled) memory in bytes.
> +ETEXI
> +
> +{
> +.name   = "memory_size_summary",
> +.args_type  = "",
> +.params = "",
> +.help   = "show the amount of initially allocated and "
> +  "hot-plugged (if enabled) memory in bytes.",
> +.cmd= hmp_info_memory_size_summary,
> +},
> +
> +STEXI
>  @end table
>  ETEXI
>  
> diff --git a/hmp.c b/hmp.c
> index fd80dce..3615e71 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -2868,3 +2868,19 @@ void hmp_info_vm_generation_id(Monitor *mon, const 
> QDict *qdict)
>  hmp_handle_error(mon, &err);
>  qapi_free_GuidInfo(info);
>  }
> +
> +void hmp_info_memory_size_summary(Monitor *mon, const QDict *qdict)
> +{
> +MemoryInfo *info = qmp_query_memory_size_summary(&error_abort);

That should use hmp_handle_error rather than error_abort;
see hmp_info_vm_generation_id as an example.

Other than that, I'm happy from the HMP side.

Dave


> +if (info) {
> +monitor_printf(mon, "base memory: %" PRIu64 "\n",
> +   info->base_memory);
> +
> +if (info->has_plugged_memory) {
> +monitor_printf(mon, "plugged memory: %" PRIu64 "\n",
> +   info->plugged_memory);
> +}
> +
> +qapi_free_MemoryInfo(info);
> +}
> +}
> diff --git a/hmp.h b/hmp.h
> index 1ff4552..3605003 100644
> --- a/hmp.h
> +++ b/hmp.h
> @@ -145,5 +145,6 @@ void hmp_info_dump(Monitor *mon, const QDict *qdict);
>  void hmp_info_ramblock(Monitor *mon, const QDict *qdict);
>  void hmp_hotpluggable_cpus(Monitor *mon, const QDict *qdict);
>  void hmp_info_vm_generation_id(Monitor *mon, const QDict *qdict);
> +void hmp_info_memory_size_summary(Monitor *mon, const QDict *qdict);
>  
>  #endif
> -- 
> 2.1.4
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v5 01/10] qemu.py: Pylint/style fixes

[Lukáš Doktor]

Dne 16.8.2017 v 18:58 Markus Armbruster napsal(a):
> Lukáš Doktor  writes:
> 
>> Dne 15.8.2017 v 14:31 Markus Armbruster napsal(a):
>>> Lukáš Doktor  writes:
>>>
 No actual code changes, just several pylint/style fixes and docstring
 clarifications.

 Signed-off-by: Lukáš Doktor 
 ---
  scripts/qemu.py | 76 
 -
  1 file changed, 53 insertions(+), 23 deletions(-)

 diff --git a/scripts/qemu.py b/scripts/qemu.py
 index 880e3e8..466aaab 100644
 --- a/scripts/qemu.py
 +++ b/scripts/qemu.py
 @@ -23,8 +23,22 @@ import qmp.qmp
  class QEMUMachine(object):
  '''A QEMU VM'''
  
 -def __init__(self, binary, args=[], wrapper=[], name=None, 
 test_dir="/var/tmp",
 - monitor_address=None, socket_scm_helper=None, 
 debug=False):
 +def __init__(self, binary, args=[], wrapper=[], name=None,
 + test_dir="/var/tmp", monitor_address=None,
 + socket_scm_helper=None, debug=False):
 +'''
 +Create a QEMUMachine object
>>>
>>> Initialize a QEMUMachine
>>>
>>> Rationale: it's __init__, not __create__, and "object" is redundant.
>>>
>>
>> sure
>>
 +
 +@param binary: path to the qemu binary (str)
>>>
>>> Drop (str), because what else could it be?
>>
>> it could be shlex.split of arguments to be passed to process. Anyway no 
>> strong opinion here so I dropping it...
>>
>>>
 +@param args: initial list of extra arguments
>>>
>>> If this is the initial list, then what's the final list?
>>>
>>
>> It's the basic set of arguments which can be modified before the execution. 
>> Do you think it requires additional explanation, or would you like to 
>> improve it somehow?
> 
> Can this list of extra arguments really be *modified*?  Adding more
> arguments doesn't count for me --- I'd consider them added to the
> "non-extra" arguments.
> 

Yes, one can remove, shuffle or modify it.

> Drop "initial"?

I can do that but it can give false impression that the args will be present. 
Anyway it's probably just a corner case so I'll drop it.

> 
 +@param wrapper: list of arguments used as prefix to qemu binary
 +@param name: name of this object (used for log/monitor/... file 
 names)
>>> prefix for socket and log file names (default: qemu-PID)
>>>
>>
>> Sure, both make sense to me.
>>
 +@param test_dir: base location to put log/monitor/... files in
>>>
>>> where to create socket and log file
>>>
>>> Aside: test_dir is a lousy name.
>>
>> Agree but changing names is tricky as people might be using kwargs to set 
>> it. Anyway using your description here, keeping the possible rename for a 
>> separate patchset (if needed).
> 
> I'm merely observing the lousiness of this name.  I'm not asking you to
> do anything about it :)
> 
 +@param monitor_address: custom address for QMP monitor
>>>
>>> Yes, but what *is* a custom address?  Its user _base_args() appears to
>>> expect either a pair of strings (host, port) or a string filename.
>>>
>>
>> If you insist I can add something like "a tuple(host, port) or string to 
>> specify path", but I find it unnecessary detailed...
> 
> I'm not the maintainer, I'm definitely not insisting on anything.
> 
> If you're aiming for brevity, then drop "custom".
> 

OK, removing in v6

 +@param socket_scm_helper: path to scm_helper binary (to forward 
 fds)
>>>
>>> What is an scm_helper, and why would I want to use it?
>>>
>>
>> To forward a file descriptor. It's for example used in 
>> tests/qemu-iotests/045 or tests/qemu-iotests/147
> 
> What about "socket_scm_helper: helper program, required for send_fd_scm()"?
> 
 +@param debug: enable debug mode (forwarded to QMP helper and such)
>>>
>>> What is a QMP helper?  To what else is debug forwarded?
>>>
>>
>> Debug is set in `self._debug` and can be consumed by anyone who has access 
>> to this variable. Currently that is the QMP, but people can inherit and use 
>> that variable to adjust their behavior.
> 
> Drop the parenthesis?
> 

OK

 +@note: Qemu process is not started until launch() is used.
>>>
>>> until launch().
>>>
>>
>> OK
> 
> One more thing: what the use of "@param"?
> 

The API documentation can be autogenerated by doxygen, it uses those keywords 
to make it easier to read (and to create links, warnings, ...)

 +'''
>>>
>>> It's an improvement.
>>>
  if name is None:
  name = "qemu-%d" % os.getpid()
  if monitor_address is None:
 @@ -33,12 +47,13 @@ class QEMUMachine(object):
  self._qemu_log_path = os.path.join(test_dir, name + ".log")
  self._popen = None
  self._binary = binary
 -self._args = list(args) # Force copy args in case we modify them
 +self._args = list(args) # Force copy args in 

Re: [Qemu-devel] [PATCH v7 2/6] qmp: Create IOThrottle structure

[Eric Blake]

On 08/16/2017 11:13 AM, Markus Armbruster wrote:
> Markus Armbruster  writes:
> 

>>
>> Conclusion: no consensus, yet.
> 
> All right, let's start over and try to resolve the impasse and/or
> misunderstanding.
> 
> Type BlockIOThrottle lives in qapi/block-core.json, and is used by QMP
> command block_set_io_throttle.  Since 1.1.
> 
> Pradeep has a use case for throttling in fsdev.  Instead of duplicating
> the relevant parts of BlockIOThrottle, qmp_block_set_io_throttle() and
> hmp_block_set_io_throttle(), he factors them out smartly, into
> 
> * [PATCH 2] IOThrottle, base type of BlockIOThrottle
> 
> * [PATCH 3] throttle_set_io_limits(), called by
>   qmp_block_set_io_throttle()
> 
> * [PATCH 4] hmp_initialize_io_throttle(), called by
>   hmp_block_set_io_throttle()
> 
> throttle_set_io_limits() goes into existing util/throttle.c, and
> hmp_initialize_io_throttle() goes into existing hmp.c.  The question is
> where IOThrottle should go.

Good summary.

> 
> Pradeep proposes to put it in new qapi/throttle.json.  Certainly
> defensible, but I really don't like putting every little thing shared
> across subsystem boundaries into its own schema file.

I agree with the dislike of creating new files, if an existing file is
adequate.

> 
> Let me step back and discuss why we split the QAPI schema into multiple
> files in the first place.  For me, the one and only reason is
> MAINTAINERS.

Indeed, that's a good description of why splits would be appropriate.
So the obvious next question is if this is a case that needs a new
maintainer.

> 
> If the block folks should continue to maintain IOThrottle, then it
> should stay put in block-core.json.

I think Manos' work on making throttling a filter driver at the block
layer is proof enough that it it is still fine to keep throttling
maintained in block-core.json.

> 
> If somebody else should start maintaining it, it should move.  We'd need
> a suitable entry in MAINTAINERS then.
> 
> I don't see why maintenance should change, and therefore believe it
> should stay put.
> 
> Eric?

I think we're in violent agreement: don't create a new file, and having
the new factored type live in block-core.json is the best fit because we
haven't come up with any reasons why it needs to be split.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v5 01/10] qemu.py: Pylint/style fixes

[Markus Armbruster]

Lukáš Doktor  writes:

> Dne 15.8.2017 v 14:31 Markus Armbruster napsal(a):
>> Lukáš Doktor  writes:
>> 
>>> No actual code changes, just several pylint/style fixes and docstring
>>> clarifications.
>>>
>>> Signed-off-by: Lukáš Doktor 
>>> ---
>>>  scripts/qemu.py | 76 
>>> -
>>>  1 file changed, 53 insertions(+), 23 deletions(-)
>>>
>>> diff --git a/scripts/qemu.py b/scripts/qemu.py
>>> index 880e3e8..466aaab 100644
>>> --- a/scripts/qemu.py
>>> +++ b/scripts/qemu.py
>>> @@ -23,8 +23,22 @@ import qmp.qmp
>>>  class QEMUMachine(object):
>>>  '''A QEMU VM'''
>>>  
>>> -def __init__(self, binary, args=[], wrapper=[], name=None, 
>>> test_dir="/var/tmp",
>>> - monitor_address=None, socket_scm_helper=None, 
>>> debug=False):
>>> +def __init__(self, binary, args=[], wrapper=[], name=None,
>>> + test_dir="/var/tmp", monitor_address=None,
>>> + socket_scm_helper=None, debug=False):
>>> +'''
>>> +Create a QEMUMachine object
>> 
>> Initialize a QEMUMachine
>> 
>> Rationale: it's __init__, not __create__, and "object" is redundant.
>> 
>
> sure
>
>>> +
>>> +@param binary: path to the qemu binary (str)
>> 
>> Drop (str), because what else could it be?
>
> it could be shlex.split of arguments to be passed to process. Anyway no 
> strong opinion here so I dropping it...
>
>> 
>>> +@param args: initial list of extra arguments
>> 
>> If this is the initial list, then what's the final list?
>> 
>
> It's the basic set of arguments which can be modified before the execution. 
> Do you think it requires additional explanation, or would you like to improve 
> it somehow?

Can this list of extra arguments really be *modified*?  Adding more
arguments doesn't count for me --- I'd consider them added to the
"non-extra" arguments.

Drop "initial"?

>>> +@param wrapper: list of arguments used as prefix to qemu binary
>>> +@param name: name of this object (used for log/monitor/... file 
>>> names)
>> prefix for socket and log file names (default: qemu-PID)
>> 
>
> Sure, both make sense to me.
>
>>> +@param test_dir: base location to put log/monitor/... files in
>> 
>> where to create socket and log file
>> 
>> Aside: test_dir is a lousy name.
>
> Agree but changing names is tricky as people might be using kwargs to set it. 
> Anyway using your description here, keeping the possible rename for a 
> separate patchset (if needed).

I'm merely observing the lousiness of this name.  I'm not asking you to
do anything about it :)

>>> +@param monitor_address: custom address for QMP monitor
>> 
>> Yes, but what *is* a custom address?  Its user _base_args() appears to
>> expect either a pair of strings (host, port) or a string filename.
>> 
>
> If you insist I can add something like "a tuple(host, port) or string to 
> specify path", but I find it unnecessary detailed...

I'm not the maintainer, I'm definitely not insisting on anything.

If you're aiming for brevity, then drop "custom".

>>> +@param socket_scm_helper: path to scm_helper binary (to forward 
>>> fds)
>> 
>> What is an scm_helper, and why would I want to use it?
>> 
>
> To forward a file descriptor. It's for example used in tests/qemu-iotests/045 
> or tests/qemu-iotests/147

What about "socket_scm_helper: helper program, required for send_fd_scm()"?

>>> +@param debug: enable debug mode (forwarded to QMP helper and such)
>> 
>> What is a QMP helper?  To what else is debug forwarded?
>> 
>
> Debug is set in `self._debug` and can be consumed by anyone who has access to 
> this variable. Currently that is the QMP, but people can inherit and use that 
> variable to adjust their behavior.

Drop the parenthesis?

>>> +@note: Qemu process is not started until launch() is used.
>> 
>> until launch().
>> 
>
> OK

One more thing: what the use of "@param"?

>>> +'''
>> 
>> It's an improvement.
>> 
>>>  if name is None:
>>>  name = "qemu-%d" % os.getpid()
>>>  if monitor_address is None:
>>> @@ -33,12 +47,13 @@ class QEMUMachine(object):
>>>  self._qemu_log_path = os.path.join(test_dir, name + ".log")
>>>  self._popen = None
>>>  self._binary = binary
>>> -self._args = list(args) # Force copy args in case we modify them
>>> +self._args = list(args) # Force copy args in case we modify 
>>> them
>>>  self._wrapper = wrapper
>>>  self._events = []
>>>  self._iolog = None
>>>  self._socket_scm_helper = socket_scm_helper
>>>  self._debug = debug
>>> +self._qmp = None
>>>  
>>>  # This can be used to add an unused monitor instance.
>>>  def add_monitor_telnet(self, ip, port):
>>> @@ -64,16 +79,16 @@ class QEMUMachine(object):
>>>  if self._socket_scm_helper is None:
>>>  print >>sys.stderr, "No path to socket_scm_helper set"
>>> 

Re: [Qemu-devel] [PATCH v6 18/19] migration: Transfer pages over new channels

[Dr. David Alan Gilbert]

* Juan Quintela (quint...@redhat.com) wrote:
> We switch for sending the page number to send real pages.
> 
> Signed-off-by: Juan Quintela 
> 
> --
> 
> Remove the HACK bit, now we have the function that calculates the size
> of a page exported.
> ---
>  migration/migration.c |  7 +-
>  migration/ram.c   | 59 
> +--
>  2 files changed, 25 insertions(+), 41 deletions(-)
> 
> diff --git a/migration/migration.c b/migration/migration.c
> index 974ff92..aac3cdc 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -2051,6 +2051,7 @@ static void *migration_thread(void *opaque)
>   */
>  int64_t threshold_size = 0;
>  int64_t qemu_file_bytes = 0;
> +int64_t multifd_pages = 0;
>  int64_t start_time = initial_time;
>  int64_t end_time;
>  bool old_vm_running = false;
> @@ -2139,8 +2140,11 @@ static void *migration_thread(void *opaque)
>  current_time = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
>  if (current_time >= initial_time + BUFFER_DELAY) {
>  uint64_t qemu_file_bytes_now = qemu_ftell(s->to_dst_file);
> +uint64_t multifd_pages_now = ram_counters.multifd;
>  uint64_t transferred_bytes =
> -qemu_file_bytes_now - qemu_file_bytes;
> +(qemu_file_bytes_now - qemu_file_bytes) +
> +(multifd_pages_now - multifd_pages) *
> +qemu_target_page_size();
>  uint64_t time_spent = current_time - initial_time;
>  double bandwidth = (double)transferred_bytes / time_spent;
>  threshold_size = bandwidth * s->parameters.downtime_limit;
> @@ -2160,6 +2164,7 @@ static void *migration_thread(void *opaque)
>  qemu_file_reset_rate_limit(s->to_dst_file);
>  initial_time = current_time;
>  qemu_file_bytes = qemu_file_bytes_now;
> +multifd_pages = multifd_pages_now;
>  }
>  if (qemu_file_rate_limit(s->to_dst_file)) {
>  /* usleep expects microseconds */
> diff --git a/migration/ram.c b/migration/ram.c
> index 42ad126..f337360 100644
> --- a/migration/ram.c
> +++ b/migration/ram.c
> @@ -479,25 +479,21 @@ static void *multifd_send_thread(void *opaque)
>  break;
>  }
>  if (p->pages.num) {
> -int i;
>  int num;
>  
>  num = p->pages.num;
>  p->pages.num = 0;
>  qemu_mutex_unlock(&p->mutex);
>  
> -for (i = 0; i < num; i++) {
> -if (qio_channel_write(p->c,
> -  (const char 
> *)&p->pages.iov[i].iov_base,
> -  sizeof(uint8_t *), &error_abort)
> -!= sizeof(uint8_t *)) {
> -MigrationState *s = migrate_get_current();
> +if (qio_channel_writev_all(p->c, p->pages.iov,
> +   num, &error_abort)

One way out of the problem of errors might be to add an
  Error *errp;

to MultiFD*Params, and make sure it's NULL initially;
then instead of &error_abort you can have &p->errp,
I think we're already guaranteed the lifetime of the
params is at least the length of the thread and then
you can check p->errp before you free the params.

You could also return this value as the return value of
the thread as an easy way to flag the thread failed when the
join happens.

Dave


> +!= num * TARGET_PAGE_SIZE) {
> +MigrationState *s = migrate_get_current();
>  
> -migrate_set_state(&s->state, MIGRATION_STATUS_ACTIVE,
> -  MIGRATION_STATUS_FAILED);
> -terminate_multifd_send_threads();
> -return NULL;
> -}
> +migrate_set_state(&s->state, MIGRATION_STATUS_ACTIVE,
> +  MIGRATION_STATUS_FAILED);
> +terminate_multifd_send_threads();
> +return NULL;
>  }
>  qemu_mutex_lock(&multifd_send_state->mutex);
>  p->done = true;
> @@ -658,7 +654,6 @@ void multifd_load_cleanup(void)
>  static void *multifd_recv_thread(void *opaque)
>  {
>  MultiFDRecvParams *p = opaque;
> -uint8_t *recv_address;
>  
>  qemu_sem_post(&p->ready);
>  while (true) {
> @@ -668,38 +663,21 @@ static void *multifd_recv_thread(void *opaque)
>  break;
>  }
>  if (p->pages.num) {
> -int i;
>  int num;
>  
>  num = p->pages.num;
>  p->pages.num = 0;
>  
> -for (i = 0; i < num; i++) {
> -if (qio_channel_read(p->c,
> - (char *)&recv_address,
> - sizeof(uint8_t *), &error_abort)
> -!= sizeof(uint8_t *)) {
> -MigrationState *s = migrate_get_curre

Re: [Qemu-devel] Help with Windows NT 4.0

[G 3]

On Aug 15, 2017, at 6:27 PM, Paolo Bonzini wrote:


On 15/08/2017 20:46, Programmingkid wrote:


On Aug 14, 2017, at 2:51 AM, Paolo Bonzini   
wrote:


On 13/08/2017 21:13, Programmingkid wrote:

Lately I found out that Windows NT 4.0 seems to work well with the
486 and pentium processors. Using "-cpu 486" made installing it
actually work. Now I am seeing another issue. When I boot  
Windows NT

4.0 I see this error message:

*** STOP: 0x007B (0x807A8610,0x,0x,0x)
INACESSIBLE_BOOT_DEVICE

Would anyone know a way to solve this issue?


Hervé is probably the best person to answer this question.  Maybe  
try

installing it with SCSI disks ("-drive if=scsi,id=hd,file=... -drive
if=scsi,id=cd,file=... -device lsi -device scsi-hd,drive=hd -device
scsi-cd,drive=cd").

Thanks,

Paolo


Thanks for the help. Unfortunately trying to boot from the install  
CD leads to the INACCESSIBLE_BOOT_DEVICE error when using SCSI.


Try with 0.12.

Paolo


Here is what I tried and the results:
QEMUWindows NT 4.0 Status
-   
0.9.1   Works
0.10.2  Freezes at the blue startup screen
0.13.0  Freezes at the blue startup screen
1.0.1   Freezes at the blue startup screen

I'm working to find if a single commit broke QEMU's Windows NT 4.0  
compatibility. I think its possible the BIOS might be the issue. 

Re: [Qemu-devel] [PATCH v7 2/6] qmp: Create IOThrottle structure

[Markus Armbruster]

Markus Armbruster  writes:

> Eric Blake  writes:
>
>> On 08/10/2017 09:06 AM, Pradeep Jagadeesh wrote:
>>
> It's not "moving it back", it's keeping it where it is. But I see no big
> problem with moving it to a common file either.

 I'd rather not put every struct shared across subsystem boundaries in
 its own file.

 We can keep it right where it is for now.  Bonus: more readable diff.
 If we start sharing more throttle-related material than just a struct,
 we can reconsider.

 We could also move it to the existing file for common stuff:
 qapi/common.json.  Not a great fit, though.
>>>
>>> So, the final conclusion is to move to common.json?
>>
>> No.
>>
>> If more than one .json file would benefit by including the definition,
>> then put it in a separate file that both .json include from.
>
> This is the case.
>
> Your opinion is incompatible with mine, stated above.
>
>> But if only one .json file would be including a new file, then just
>> inline the struct directly into that one original file (in this case,
>> block-core.json) instead of creating a separate file (so no to needing
>> iothrottle.json), or putting the code in yet a different file than the
>> one that is using the struct (so no to putting it in common.json).
>
> This is no longer the case.
>
> Conclusion: no consensus, yet.

All right, let's start over and try to resolve the impasse and/or
misunderstanding.

Type BlockIOThrottle lives in qapi/block-core.json, and is used by QMP
command block_set_io_throttle.  Since 1.1.

Pradeep has a use case for throttling in fsdev.  Instead of duplicating
the relevant parts of BlockIOThrottle, qmp_block_set_io_throttle() and
hmp_block_set_io_throttle(), he factors them out smartly, into

* [PATCH 2] IOThrottle, base type of BlockIOThrottle

* [PATCH 3] throttle_set_io_limits(), called by
  qmp_block_set_io_throttle()

* [PATCH 4] hmp_initialize_io_throttle(), called by
  hmp_block_set_io_throttle()

throttle_set_io_limits() goes into existing util/throttle.c, and
hmp_initialize_io_throttle() goes into existing hmp.c.  The question is
where IOThrottle should go.

Pradeep proposes to put it in new qapi/throttle.json.  Certainly
defensible, but I really don't like putting every little thing shared
across subsystem boundaries into its own schema file.

Let me step back and discuss why we split the QAPI schema into multiple
files in the first place.  For me, the one and only reason is
MAINTAINERS.

If the block folks should continue to maintain IOThrottle, then it
should stay put in block-core.json.

If somebody else should start maintaining it, it should move.  We'd need
a suitable entry in MAINTAINERS then.

I don't see why maintenance should change, and therefore believe it
should stay put.

Eric?

[Qemu-devel] [PATCH v2 3/3] Add new functions for whitelisting and their calls

[dverma]

The 'check_updated_properties' function keeps track of properties
that were added/removed from fields across qemu versions. The
'check_updated_sizes' function reduces false positives generated
especially while testing backward migration by keeping a list
of common size/version changes. The 'check_new_sections' function
is used to check for sections that got deprecated or were introduced
in different versions of qemu and will show as false positives while
testing forward migration. Improved the variable names and added
multiple blank newlines to keep Python PEP8 warning away.

Changes v1->v2:
1. Fix patchew warnings about exceeding 80 characters

Signed-off-by: Deepak Verma 
---
 scripts/vmstate-static-checker.py | 254 ++
 1 file changed, 200 insertions(+), 54 deletions(-)

diff --git a/scripts/vmstate-static-checker.py 
b/scripts/vmstate-static-checker.py
index ae41e44..ebcc133 100755
--- a/scripts/vmstate-static-checker.py
+++ b/scripts/vmstate-static-checker.py
@@ -40,6 +40,108 @@ def bump_taint():
 if taint < 255:
 taint = taint + 1
 
+# Sections gain/lose new fields with time.
+# These are not name changes thats handled by another list.
+# These will be 'missing' or 'not found' in different versions of qemu
+
+
+def check_updated_properties(src_desc, field):
+src_desc = str(src_desc)
+field = str(field)
+updated_property = {
+  'ICH9LPC': ['ICH9LPC/smi_feat'],
+  'ide_bus/error': ['retry_sector_num', 'retry_nsector', 'retry_unit'],
+  'e1000': ['e1000/full_mac_state'],
+  'ich9_pm': ['ich9_pm/tco', 'ich9_pm/cpuhp']
+}
+
+if src_desc in updated_property and field in updated_property[src_desc]:
+return True
+
+return False
+
+
+# A lot of errors are generated due to differences in sizes some of which are
+# false positives. This list is used to save those common changes
+def check_updated_sizes(field, old_size, new_size):
+new_sizes_list = {
+'tally_counters.TxOk': [8, 64],
+'intel-iommu': [0, 1],
+'iommu-intel': [0, 1]
+}
+
+if field not in new_sizes_list:
+return False
+
+if(old_size in new_sizes_list[field] and new_size in
+new_sizes_list[field]):
+return True
+
+return False
+
+
+# With time new sections/hardwares supported and old ones are depreciated on
+# chipsets.
+# There is no separate list for new or dead sections as it's relative to which
+# qemu version you compare too.
+# Update this list with such sections.
+# some items in this list might overlap with changed sections names.
+def check_new_sections(sec):
+new_sections_list = [
+'virtio-balloon-device',
+'virtio-rng-device',
+'virtio-scsi-device',
+'virtio-blk-device',
+'virtio-serial-device',
+'virtio-net-device',
+'vhost-vsock-device',
+'virtio-input-host-device',
+'virtio-input-hid-device',
+'virtio-mouse-device',
+'virtio-keyboard-device',
+'virtio-vga',
+'virtio-input-device',
+'virtio-gpu-device',
+'virtio-tablet-device',
+'isa-pcspk',
+'qemu-xhci',
+'base-xhci',
+'vmgenid',
+'intel-iommu',
+'i8257',
+'i82801b11-bridge',
+'ivshmem',
+'ivshmem-doorbell',
+'ivshmem-plain',
+'usb-storage-device',
+'usb-storage-dev',
+'pci-qxl',
+'pci-uhci-usb',
+'pci-piix3',
+'pci-vga',
+'pci-bridge-seat',
+'pcie-root-port',
+'fw_cfg_io',
+'fw_cfg_mem',
+'exynos4210-ehci-usb',
+'sysbus-ehci-usb',
+'tegra2-ehci-usb',
+'kvm-apic',
+'fusbh200-ehci-usb',
+'apic',
+'apic-common',
+'xlnx,ps7-usb',
+'e1000e',
+'e1000-82544gc',
+'e1000-82545em']
+
+if sec in new_sections_list:
+return True
+
+return False
+
+# Fields might change name with time across qemu versions.
+
 
 def check_fields_match(name, s_field, d_field):
 if s_field == d_field:
@@ -57,7 +159,7 @@ def check_fields_match(name, s_field, d_field):
 'ioh-3240-express-root-port': ['port.br.dev',
'parent_obj.parent_obj.parent_obj',
'port.br.dev.exp.aer_log',
-
'parent_obj.parent_obj.parent_obj.exp.aer_log'],
+'parent_obj.parent_obj.parent_obj.exp.aer_log'],
 'cirrus_vga': ['hw_cursor_x', 'vga.hw_cursor_x',
'hw_cursor_y', 'vga.hw_cursor_y'],
 'lsiscsi': ['dev', 'parent_obj'],
@@ -73,7 +175,8 @@ def check_fields_match(name, s_field, d_field):
  'tmr.ove

[Qemu-devel] [PATCH v2 2/3] Update the existing whitelist

[dverma]

Appended newer fields and introduced new names in the whitelist

Changes v1->v2:
1. Fix patchew warnings about exceeding 80 characters

Signed-off-by: Deepak Verma 
---
 scripts/vmstate-static-checker.py | 22 --
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/scripts/vmstate-static-checker.py 
b/scripts/vmstate-static-checker.py
index b416b66..ae41e44 100755
--- a/scripts/vmstate-static-checker.py
+++ b/scripts/vmstate-static-checker.py
@@ -49,7 +49,6 @@ def check_fields_match(name, s_field, d_field):
 # is used to whitelist such changes in each section / description.
 changed_names = {
 'apic': ['timer', 'timer_expiry'],
-'e1000': ['dev', 'parent_obj'],
 'ehci': ['dev', 'pcidev'],
 'I440FX': ['dev', 'parent_obj'],
 'ich9_ahci': ['card', 'parent_obj'],
@@ -73,7 +72,6 @@ def check_fields_match(name, s_field, d_field):
  'tmr.timer', 'ar.tmr.timer',
  'tmr.overflow_time', 'ar.tmr.overflow_time',
  'gpe', 'ar.gpe'],
-'rtl8139': ['dev', 'parent_obj'],
 'qxl': ['num_surfaces', 'ssd.num_surfaces'],
 'usb-ccid': ['abProtocolDataStructure', 
'abProtocolDataStructure.data'],
 'usb-host': ['dev', 'parent_obj'],
@@ -96,6 +94,26 @@ def check_fields_match(name, s_field, d_field):
   'mem_win_size', 'mig_mem_win_size',
   'io_win_addr', 'mig_io_win_addr',
   'io_win_size', 'mig_io_win_size'],
+'rtl8139': ['dev', 'parent_obj'],
+'e1000e': ['PCIDevice', 'PCIEDevice', 'intr_state', 
'redhat_7_3_intr_state'],
+'nec-usb-xhci': ['PCIDevice', 'PCIEDevice'],
+'xhci-intr': ['er_full_unused', 'er_full'],
+'e1000': ['dev', 'parent_obj',
+  'tx.ipcss', 'tx.props.ipcss',
+  'tx.ipcso', 'tx.props.ipcso',
+  'tx.ipcse', 'tx.props.ipcse',
+  'tx.tucss', 'tx.props.tucss',
+  'tx.tucso', 'tx.props.tucso',
+  'tx.tucse', 'tx.props.tucse',
+  'tx.paylen', 'tx.props.paylen',
+  'tx.hdr_len', 'tx.props.hdr_len',
+  'tx.mss', 'tx.props.mss',
+  'tx.sum_needed', 'tx.props.sum_needed',
+  'tx.ip', 'tx.props.ip',
+  'tx.tcp', 'tx.props.tcp',
+  'tx.ipcss', 'tx.props.ipcss',
+  'tx.ipcss', 'tx.props.ipcss',
+  ]
 }
 
 if name not in changed_names:
-- 
1.8.3.1

[Qemu-devel] [PATCH v2 1/3] Fix format and styles; make code more pythonic

[dverma]

- Format fixes, cleaned up the print statement
- Style fixes, e.g. changed "if not x in y" to "if x not in y"
- Improved variable names

Changes v1->v2:
1. Fix patchew warnings about exceeding 80 characters

Signed-off-by: Deepak Verma 
---
 scripts/vmstate-static-checker.py | 111 +-
 1 file changed, 62 insertions(+), 49 deletions(-)

diff --git a/scripts/vmstate-static-checker.py 
b/scripts/vmstate-static-checker.py
index bcef7ee..b416b66 100755
--- a/scripts/vmstate-static-checker.py
+++ b/scripts/vmstate-static-checker.py
@@ -19,6 +19,11 @@
 # You should have received a copy of the GNU General Public License along
 # with this program; if not, see .
 
+#
+# 2017 Deepak Verma 
+# Added few functions and fields for whitelisting
+#
+
 import argparse
 import json
 import sys
@@ -26,6 +31,7 @@ import sys
 # Count the number of errors found
 taint = 0
 
+
 def bump_taint():
 global taint
 
@@ -92,7 +98,7 @@ def check_fields_match(name, s_field, d_field):
   'io_win_size', 'mig_io_win_size'],
 }
 
-if not name in changed_names:
+if name not in changed_names:
 return False
 
 if s_field in changed_names[name] and d_field in changed_names[name]:
@@ -100,6 +106,7 @@ def check_fields_match(name, s_field, d_field):
 
 return False
 
+
 def get_changed_sec_name(sec):
 # Section names can change -- see commit 292b1634 for an example.
 changes = {
@@ -114,16 +121,17 @@ def get_changed_sec_name(sec):
 return item
 return ""
 
+
 def exists_in_substruct(fields, item):
 # Some QEMU versions moved a few fields inside a substruct.  This
 # kept the on-wire format the same.  This function checks if
 # something got shifted inside a substruct.  For example, the
 # change in commit 1f42d22233b4f3d1a2933ff30e8d6a6d9ee2d08f
 
-if not "Description" in fields:
+if "Description" not in fields:
 return False
 
-if not "Fields" in fields["Description"]:
+if "Fields" not in fields["Description"]:
 return False
 
 substruct_fields = fields["Description"]["Fields"]
@@ -176,10 +184,10 @@ def check_fields(src_fields, dest_fields, desc, sec):
 except StopIteration:
 if d_iter_list == []:
 # We were not in a substruct
-print "Section \"" + sec + "\",",
-print "Description " + "\"" + desc + "\":",
-print "expected field \"" + s_item["field"] + "\",",
-print "while dest has no further fields"
+print('Section "' + sec + '", '
+  'Description "' + desc + '": '
+  'expected field "' + s_item["field"] + '", '
+  'while dest has no further fields')
 bump_taint()
 break
 
@@ -191,30 +199,28 @@ def check_fields(src_fields, dest_fields, desc, sec):
 advance_dest = True
 
 if unused_count != 0:
-if advance_dest == False:
+if not advance_dest:
 unused_count = unused_count - s_item["size"]
 if unused_count == 0:
 advance_dest = True
 continue
 if unused_count < 0:
-print "Section \"" + sec + "\",",
-print "Description \"" + desc + "\":",
-print "unused size mismatch near \"",
-print s_item["field"] + "\""
+print('Section "' + sec + '", '
+  'Description "' + desc + '": '
+  'unused size mismatch near "' + s_item["field"] + 
'"')
 bump_taint()
 break
 continue
 
-if advance_src == False:
+if not advance_src:
 unused_count = unused_count - d_item["size"]
 if unused_count == 0:
 advance_src = True
 continue
 if unused_count < 0:
-print "Section \"" + sec + "\",",
-print "Description \"" + desc + "\":",
-print "unused size mismatch near \"",
-print d_item["field"] + "\""
+print('Section "' + sec + '", '
+  'Description "' + desc + '": '
+  'unused size mismatch near "' + d_item["field"] + 
'"')
 bump_taint()
 break
 continue
@@ -262,16 +268,16 @@ def check_fields(src_fields, dest_fields, desc, sec):
 unused_count = s_item["size"] - d_item["size"]
 continue
 
-print "Section \"" + sec + "\",",
-print "Description \"" + desc + "\":",
-print "expected field \"" + s_item["field"] + "\",",
-  

[Qemu-devel] [PATCH v2 0/3] Vmstate-static-checker.py fix upstream

[dverma]

This is an update to the script vmstate-static-checker.py. The whitelist has
been updated and newer functions have been added to reduce the false
positives generated by the script while testing migration. The code has been
cleaned and updated to follow PEP8 guidelines.

Changes v1->v2:
1. Fix patchew warnings about exceeding 80 characters

dverma (3):
  Fix format and styles; make code more pythonic
  Update the existing whitelist
  Add new functions for whitelisting and their calls

 scripts/vmstate-static-checker.py | 353 --
 1 file changed, 265 insertions(+), 88 deletions(-)

-- 
1.8.3.1