Re: [Qemu-devel] [RFC v2 3/8] char-io: fix possible risk on IOWatchPoll

[Peter Xu]

On Sat, Aug 26, 2017 at 03:19:39PM +0800, Fam Zheng wrote:
> s/risk/race/ for $subject and the whole patch?

I think... Yes. :-)  Thanks.

-- 
Peter Xu

Re: [Qemu-devel] [RFC v2 2/8] monitor: allow monitor to create thread to poll

[Peter Xu]

On Fri, Aug 25, 2017 at 10:30:42AM +0100, Dr. David Alan Gilbert wrote:

[...]

> > >   c) As mentioned on irc there's fun to be had with cur_mon and error
> > >  handling - in my local world I have cur_mon declared as __thread
> > >  but never got around to thinking aobut what should set it up.
> > >  There's also 'wavcapture: Convert to error_report' that I posted
> > >  in March that got rid of some uses of cur_mon in wavcapture.c
> > >  for error_report.
> > 
> > Yeh.  I at least also see a positive ACK from Markus in the other
> > thread for per-thread cur_mon, sounds like this is the right way to
> > go.
> > 
> > To setup cur_mon, what I can think of is create wrapper for
> > pthread_create() in qemu_thread_create().  I see that we have done
> > similar thing in util/qemu-thread-win32.c for Windows.  With that we
> > can setup the cur_mon before going into real thread function but in
> > the right context, though we may need one more parameter for current
> > qemu_thread_create():
> > 
> > void qemu_thread_create(QemuThread *thread, const char *name,
> >void *(*start_routine)(void*),
> >void *arg, int mode, Monitor *mon);
> > 
> > Then we can specify monitor for any new thread (default to cur_mon).
> > For per-monitor threads, I think we need to pass in that specific mon.
> > 
> > Is this doable?
> 
> That would mean changing all the qemu_thread_create calls, but yes
> I guess is doable.  I'd thought the other way, perhaps you inherit
> Monitor except in the case of when the monitor creates threads.

Do you mean setup cur_mon in monitor threads?

I'm afraid that may not be enough, since after we mark cur_mon as
__thread variable, it should be NULL for each newly created threads,
then we need to init them for every thread.  Or anything I missed?

[...]

> > > 
> > >   d) I wonder if it's better to have thread as a flag, so that you have
> > >  to explicitly ask for a monitor to have it's own thread.
> > 
> > This should be doable.  Would a new parameter for "-qmp" and "-hmp"
> > suffice?
> 
> Yes.

(I meant "-monitor" when saying "-hmp")

Hmm, it seems not easy to simply add a new parameter for it, since we
used "," already to parse the chardev params in monitor codes, like
the usage of:

  -qmp telnet::,server,nowait

So I cannot simply do:

  -qmp telnet::,server,nowait,threaded=on

Or it will be treated for a parameter for chardev type "telnet".

I can at least add something similar to QEMU_OPTION_qmp_pretty, like:
QEMU_OPTION_qmp_threaded, and maybe I also need
QEMU_OPTION_monitor_pretty.  But I am thinking whether there can be
anything better.  Any suggestion from anyone?

-- 
Peter Xu

Re: [Qemu-devel] [PATCH qemu v4 2/3] vfio/spapr: Add a notifier for PPC64 HV/PR KVM about new group attached to LIOBN

[Alexey Kardashevskiy]

On 25/08/17 16:21, David Gibson wrote:
> On Thu, Jul 20, 2017 at 05:22:30PM +1000, Alexey Kardashevskiy wrote:
>> This implements a notification for a new IOMMU group attached to
>> sPAPR's logical IO bus (LIOBN) to enable in-kernel TCE acceleration.
>>
>> This extends the TYPE_SPAPR_IOMMU_MEMORY_REGION class with a get_fd()
>> callback which returns KVM fd associated with LIOBN, the notifier uses it
>> to establish link between LIOBN and IOMMU group in the KVM.
>>
>> Signed-off-by: Alexey Kardashevskiy 
>> ---
>>
>> The practical reason for adding get_fd() as a callback is avoiding static
>> linking to spapt_tce_get_fd(): hw/vfio/spapr.c compiles when
>> CONFIG_SOFTMMU=y to avoid multiple "ifdef PSERIES"'s in the rest
>> of VFIO code but hw/ppc/spapr_iommu.c (where spapt_tce_get_fd() besides)
>> compiles only when CONFIG_PSERIES=y.
> 
> Ok.  Nonetheless I don't think the get_fd() method is a good idea.
> First, it's basically an abstraction violation, exposing the region's
> internal fd.  Second, it's a method which only plausibly has one
> implementation which is rarely sensible.
> 
> What this comes down to is that the guest IOMMU mechanism needs
> information about host vfio groups mapped - for an optimization in
> this case.
> 
> So what would make sense to me is to put an "add_vfio_group" method
> into IOMMUMemoryRegionClass (or even MemoryRegionClass).  In most
> cases that will be NULL (== no-op).  For the spapr IOMMU region, it
> will (attempt to) connect the host group to the guest liobn.


Like this?

IOMMUMemoryRegionClass::add_vfio_group_kvm(int kvm_device_fd, int groupfd);

It is just cleaner to keep kvm_device_fd and its ioclts() in the same place
but ok.


> 
>> ---
>>  include/hw/ppc/spapr.h| 15 +++
>>  include/hw/vfio/vfio-common.h |  2 ++
>>  hw/ppc/spapr_iommu.c  | 10 ++
>>  hw/vfio/common.c  | 10 ++
>>  hw/vfio/spapr.c   | 39 +++
>>  hw/vfio/trace-events  |  1 +
>>  6 files changed, 77 insertions(+)
>>
>> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
>> index 2a303a705c..c1d37e6356 100644
>> --- a/include/hw/ppc/spapr.h
>> +++ b/include/hw/ppc/spapr.h
>> @@ -591,6 +591,7 @@ void spapr_load_rtas(sPAPRMachineState *spapr, void 
>> *fdt, hwaddr addr);
>>  #define RTAS_EVENT_SCAN_RATE1
>>  
>>  typedef struct sPAPRTCETable sPAPRTCETable;
>> +typedef struct sPAPRIOMMUMemoryRegionClass sPAPRIOMMUMemoryRegionClass;
>>  
>>  #define TYPE_SPAPR_TCE_TABLE "spapr-tce-table"
>>  #define SPAPR_TCE_TABLE(obj) \
>> @@ -599,6 +600,12 @@ typedef struct sPAPRTCETable sPAPRTCETable;
>>  #define TYPE_SPAPR_IOMMU_MEMORY_REGION "spapr-iommu-memory-region"
>>  #define SPAPR_IOMMU_MEMORY_REGION(obj) \
>>  OBJECT_CHECK(IOMMUMemoryRegion, (obj), 
>> TYPE_SPAPR_IOMMU_MEMORY_REGION)
>> +#define SPAPR_IOMMU_MEMORY_REGION_GET_CLASS(obj) \
>> +OBJECT_GET_CLASS(sPAPRIOMMUMemoryRegionClass, obj, \
>> + TYPE_SPAPR_IOMMU_MEMORY_REGION)
>> +#define SPAPR_IOMMU_MEMORY_REGION_CLASS(klass) \
>> +OBJECT_CLASS_CHECK(sPAPRIOMMUMemoryRegionClass, klass, \
>> +   TYPE_SPAPR_IOMMU_MEMORY_REGION)
>>  
>>  struct sPAPRTCETable {
>>  DeviceState parent;
>> @@ -618,6 +625,14 @@ struct sPAPRTCETable {
>>  QLIST_ENTRY(sPAPRTCETable) list;
>>  };
>>  
>> +struct sPAPRIOMMUMemoryRegionClass {
>> +/* private */
>> +IOMMUMemoryRegionClass parent_class;
>> +
>> +/* public */
>> +int (*get_fd)(IOMMUMemoryRegion *iommu_mr);
>> +};
>> +
>>  sPAPRTCETable *spapr_tce_find_by_liobn(target_ulong liobn);
> 
> To make sure I'm understanding correctly: the MR subclass here is
> representing a guest-side property, yes?  It means that on the guest
> side the IOMMU mappings are managed by the PAPR {GET,PUT}_TCE
> interface.

I do not understand the question, sorry. MR is a QEMU thing, only QEMU
devices use these MRs as MRs.


>>  struct sPAPREventLogEntry {
>> diff --git a/include/hw/vfio/vfio-common.h b/include/hw/vfio/vfio-common.h
>> index f3a2ac9fee..d245d3cecc 100644
>> --- a/include/hw/vfio/vfio-common.h
>> +++ b/include/hw/vfio/vfio-common.h
>> @@ -177,6 +177,8 @@ extern const MemoryListener vfio_prereg_listener;
>>  int vfio_spapr_create_window(VFIOContainer *container,
>>   MemoryRegionSection *section,
>>   hwaddr *pgsize);
>> +int vfio_spapr_notify_kvm(int vfio_kvm_device_fd, int groupfd,
>> +  IOMMUMemoryRegion *iommumr);
>>  int vfio_spapr_remove_window(VFIOContainer *container,
>>   hwaddr offset_within_address_space);
>>  
>> diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
>> index 307dc3021e..82fca61a75 100644
>> --- a/hw/ppc/spapr_iommu.c
>> +++ b/hw/ppc/spapr_iommu.c
>> @@ -171,6 +171,13 @@ static void 
>> spapr_tce_notify_flag_changed(IOMMUMemoryRegion *iommu,
>>  }
>>  }
>>  

[Qemu-devel] [PATCH 1/3] target/arm: Remove stale comment

[Pranith Kumar]

Update the comment which is not true since MTTCG.

Signed-off-by: Pranith Kumar 
---
 target/arm/translate-a64.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 2200e25be0..f42b155d7d 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -2012,10 +2012,6 @@ static void disas_ldst_excl(DisasContext *s, uint32_t 
insn)
 }
 tcg_addr = read_cpu_reg_sp(s, rn, 1);
 
-/* Note that since TCG is single threaded load-acquire/store-release
- * semantics require no extra if (is_lasr) { ... } handling.
- */
-
 if (is_excl) {
 if (!is_store) {
 s->is_ldex = true;
-- 
2.13.0

[Qemu-devel] [RFC PATCH 2/3] cpus-common: Cache allocated work items

[Pranith Kumar]

Using heaptrack, I found that quite a few of our temporary allocations
are coming from allocating work items. Instead of doing this
continously, we can cache the allocated items and reuse them instead
of freeing them.

This reduces the number of allocations by 25% (20 -> 15 for
ARM64 boot+shutdown test).

Signed-off-by: Pranith Kumar 
---
 cpus-common.c | 85 ---
 1 file changed, 70 insertions(+), 15 deletions(-)

diff --git a/cpus-common.c b/cpus-common.c
index 59f751ecf9..a1c4c7d1a3 100644
--- a/cpus-common.c
+++ b/cpus-common.c
@@ -24,6 +24,7 @@
 #include "sysemu/cpus.h"
 
 static QemuMutex qemu_cpu_list_lock;
+static QemuMutex qemu_wi_pool_lock;
 static QemuCond exclusive_cond;
 static QemuCond exclusive_resume;
 static QemuCond qemu_work_cond;
@@ -33,6 +34,58 @@ static QemuCond qemu_work_cond;
  */
 static int pending_cpus;
 
+typedef struct qemu_work_item {
+struct qemu_work_item *next;
+run_on_cpu_func func;
+run_on_cpu_data data;
+bool free, exclusive, done;
+} qemu_work_item;
+
+typedef struct qemu_wi_pool {
+qemu_work_item *first, *last;
+} qemu_wi_pool;
+
+qemu_wi_pool *wi_free_pool;
+
+static void qemu_init_workitem_pool(void)
+{
+wi_free_pool = g_malloc0(sizeof(qemu_wi_pool));
+wi_free_pool->first = NULL;
+wi_free_pool->last  = NULL;
+}
+
+static void qemu_wi_pool_insert(qemu_work_item *item)
+{
+qemu_mutex_lock(_wi_pool_lock);
+if (wi_free_pool->last == NULL) {
+wi_free_pool->first = item;
+wi_free_pool->last = item;
+} else {
+wi_free_pool->last->next = item;
+wi_free_pool->last = item;
+}
+qemu_mutex_unlock(_wi_pool_lock);
+}
+
+static qemu_work_item* qemu_wi_pool_remove(void)
+{
+qemu_mutex_lock(_wi_pool_lock);
+qemu_work_item *ret = wi_free_pool->first;
+
+if (ret == NULL)
+goto out;
+
+wi_free_pool->first = ret->next;
+if (wi_free_pool->last == ret) {
+wi_free_pool->last = NULL;
+}
+ret->next = NULL;
+
+ out:
+qemu_mutex_unlock(_wi_pool_lock);
+return ret;
+}
+
 void qemu_init_cpu_list(void)
 {
 /* This is needed because qemu_init_cpu_list is also called by the
@@ -43,6 +96,9 @@ void qemu_init_cpu_list(void)
 qemu_cond_init(_cond);
 qemu_cond_init(_resume);
 qemu_cond_init(_work_cond);
+
+qemu_init_workitem_pool();
+qemu_mutex_init(_wi_pool_lock);
 }
 
 void cpu_list_lock(void)
@@ -106,14 +162,7 @@ void cpu_list_remove(CPUState *cpu)
 qemu_mutex_unlock(_cpu_list_lock);
 }
 
-struct qemu_work_item {
-struct qemu_work_item *next;
-run_on_cpu_func func;
-run_on_cpu_data data;
-bool free, exclusive, done;
-};
-
-static void queue_work_on_cpu(CPUState *cpu, struct qemu_work_item *wi)
+static void queue_work_on_cpu(CPUState *cpu, qemu_work_item *wi)
 {
 qemu_mutex_lock(>work_mutex);
 if (cpu->queued_work_first == NULL) {
@@ -132,7 +181,7 @@ static void queue_work_on_cpu(CPUState *cpu, struct 
qemu_work_item *wi)
 void do_run_on_cpu(CPUState *cpu, run_on_cpu_func func, run_on_cpu_data data,
QemuMutex *mutex)
 {
-struct qemu_work_item wi;
+qemu_work_item wi;
 
 if (qemu_cpu_is_self(cpu)) {
 func(cpu, data);
@@ -145,6 +194,7 @@ void do_run_on_cpu(CPUState *cpu, run_on_cpu_func func, 
run_on_cpu_data data,
 wi.free = false;
 wi.exclusive = false;
 
+
 queue_work_on_cpu(cpu, );
 while (!atomic_mb_read()) {
 CPUState *self_cpu = current_cpu;
@@ -156,9 +206,11 @@ void do_run_on_cpu(CPUState *cpu, run_on_cpu_func func, 
run_on_cpu_data data,
 
 void async_run_on_cpu(CPUState *cpu, run_on_cpu_func func, run_on_cpu_data 
data)
 {
-struct qemu_work_item *wi;
+qemu_work_item *wi = qemu_wi_pool_remove();
 
-wi = g_malloc0(sizeof(struct qemu_work_item));
+if (!wi) {
+wi = g_malloc0(sizeof(qemu_work_item));
+}
 wi->func = func;
 wi->data = data;
 wi->free = true;
@@ -299,9 +351,11 @@ void cpu_exec_end(CPUState *cpu)
 void async_safe_run_on_cpu(CPUState *cpu, run_on_cpu_func func,
run_on_cpu_data data)
 {
-struct qemu_work_item *wi;
+qemu_work_item *wi = qemu_wi_pool_remove();
 
-wi = g_malloc0(sizeof(struct qemu_work_item));
+if (!wi) {
+wi = g_malloc0(sizeof(qemu_work_item));
+}
 wi->func = func;
 wi->data = data;
 wi->free = true;
@@ -312,7 +366,7 @@ void async_safe_run_on_cpu(CPUState *cpu, run_on_cpu_func 
func,
 
 void process_queued_cpu_work(CPUState *cpu)
 {
-struct qemu_work_item *wi;
+qemu_work_item *wi;
 
 if (cpu->queued_work_first == NULL) {
 return;
@@ -343,7 +397,8 @@ void process_queued_cpu_work(CPUState *cpu)
 }
 qemu_mutex_lock(>work_mutex);
 if (wi->free) {
-g_free(wi);
+memset(wi, 0, sizeof(qemu_work_item));
+qemu_wi_pool_insert(wi);
 } else {
 

[Qemu-devel] [RFC PATCH 3/3] mttcg: Implement implicit ordering semantics

[Pranith Kumar]

Currently, we cannot use mttcg for running strong memory model guests
on weak memory model hosts due to missing ordering semantics.

We implicitly generate fence instructions for stronger guests if an
ordering mismatch is detected. We generate fences only for the orders
for which fence instructions are necessary, for example a fence is not
necessary between a store and a subsequent load on x86 since its
absence in the guest binary tells that ordering need not be
ensured. Also note that if we find multiple subsequent fence
instructions in the generated IR, we combine them in the TCG
optimization pass.

This patch allows us to boot an x86 guest on ARM64 hosts using mttcg.

Signed-off-by: Pranith Kumar 
---
 tcg/aarch64/tcg-target.h |  2 ++
 tcg/arm/tcg-target.h |  2 ++
 tcg/mips/tcg-target.h|  2 ++
 tcg/ppc/tcg-target.h |  2 ++
 tcg/tcg-op.c | 17 +
 tcg/tcg-op.h |  1 +
 6 files changed, 26 insertions(+)

diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
index 55a46ac825..b41a248bee 100644
--- a/tcg/aarch64/tcg-target.h
+++ b/tcg/aarch64/tcg-target.h
@@ -117,4 +117,6 @@ static inline void flush_icache_range(uintptr_t start, 
uintptr_t stop)
 __builtin___clear_cache((char *)start, (char *)stop);
 }
 
+#define TCG_TARGET_DEFAULT_MO (0)
+
 #endif /* AARCH64_TCG_TARGET_H */
diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index 5ef1086710..a38be15a39 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -134,4 +134,6 @@ static inline void flush_icache_range(uintptr_t start, 
uintptr_t stop)
 __builtin___clear_cache((char *) start, (char *) stop);
 }
 
+#define TCG_TARGET_DEFAULT_MO (0)
+
 #endif
diff --git a/tcg/mips/tcg-target.h b/tcg/mips/tcg-target.h
index d75cb63ed3..e9558d15bc 100644
--- a/tcg/mips/tcg-target.h
+++ b/tcg/mips/tcg-target.h
@@ -206,4 +206,6 @@ static inline void flush_icache_range(uintptr_t start, 
uintptr_t stop)
 cacheflush ((void *)start, stop-start, ICACHE);
 }
 
+#define TCG_TARGET_DEFAULT_MO (0)
+
 #endif
diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index 5f4a40a5b4..5a092b038a 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -125,4 +125,6 @@ extern bool have_isa_3_00;
 
 void flush_icache_range(uintptr_t start, uintptr_t stop);
 
+#define TCG_TARGET_DEFAULT_MO (0)
+
 #endif
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index 87f673ef49..085fe66fb2 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -28,6 +28,7 @@
 #include "exec/exec-all.h"
 #include "tcg.h"
 #include "tcg-op.h"
+#include "tcg-mo.h"
 #include "trace-tcg.h"
 #include "trace/mem.h"
 
@@ -2662,8 +2663,21 @@ static void gen_ldst_i64(TCGOpcode opc, TCGv_i64 val, 
TCGv addr,
 #endif
 }
 
+void tcg_gen_req_mo(TCGBar type)
+{
+#if defined(TCG_GUEST_DEFAULT_MO) && defined(TCG_TARGET_DEFAULT_MO)
+TCGBar order_mismatch = type & (TCG_GUEST_DEFAULT_MO & 
~TCG_TARGET_DEFAULT_MO);
+if (order_mismatch) {
+tcg_gen_mb(order_mismatch | TCG_BAR_SC);
+}
+#else
+tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
+#endif
+}
+
 void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, TCGMemOp memop)
 {
+tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_LD_ST);
 memop = tcg_canonicalize_memop(memop, 0, 0);
 trace_guest_mem_before_tcg(tcg_ctx.cpu, tcg_ctx.tcg_env,
addr, trace_mem_get_info(memop, 0));
@@ -2672,6 +2686,7 @@ void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg 
idx, TCGMemOp memop)
 
 void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg idx, TCGMemOp memop)
 {
+tcg_gen_req_mo(TCG_MO_ST_LD | TCG_MO_ST_ST);
 memop = tcg_canonicalize_memop(memop, 0, 1);
 trace_guest_mem_before_tcg(tcg_ctx.cpu, tcg_ctx.tcg_env,
addr, trace_mem_get_info(memop, 1));
@@ -2680,6 +2695,7 @@ void tcg_gen_qemu_st_i32(TCGv_i32 val, TCGv addr, TCGArg 
idx, TCGMemOp memop)
 
 void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg idx, TCGMemOp memop)
 {
+tcg_gen_req_mo(TCG_MO_LD_LD | TCG_MO_LD_ST);
 if (TCG_TARGET_REG_BITS == 32 && (memop & MO_SIZE) < MO_64) {
 tcg_gen_qemu_ld_i32(TCGV_LOW(val), addr, idx, memop);
 if (memop & MO_SIGN) {
@@ -2698,6 +2714,7 @@ void tcg_gen_qemu_ld_i64(TCGv_i64 val, TCGv addr, TCGArg 
idx, TCGMemOp memop)
 
 void tcg_gen_qemu_st_i64(TCGv_i64 val, TCGv addr, TCGArg idx, TCGMemOp memop)
 {
+tcg_gen_req_mo(TCG_MO_ST_LD | TCG_MO_ST_ST);
 if (TCG_TARGET_REG_BITS == 32 && (memop & MO_SIZE) < MO_64) {
 tcg_gen_qemu_st_i32(TCGV_LOW(val), addr, idx, memop);
 return;
diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 5d3278f243..6ad2c6d60e 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -262,6 +262,7 @@ static inline void tcg_gen_br(TCGLabel *l)
 }
 
 void tcg_gen_mb(TCGBar);
+void tcg_gen_req_mo(TCGBar type);
 
 /* Helper calls. */
 
-- 
2.13.0

Re: [Qemu-devel] [PATCH 0/4] four zpci patches

[Yi Min Zhao]

在 2017/8/25 上午12:27, Eric Blake 写道:

On 08/24/2017 03:48 AM, Yi Min Zhao wrote:


在 2017/8/24 下午3:13, Cornelia Huck 写道:

On Thu, 24 Aug 2017 13:20:12 +0800
Yi Min Zhao  wrote:


Why can't I receive [Qemu-devel] prefixed patches?

I sent patches to qemu-devel@nongnu.org and cc you also myself.
But what I received looks like CC ones, no [Qemu-devel] prefix.

You can tell mailman whether you want to receive copies of mails through
the list even when you are listed in cc (defaults to on, but some people
like myself set it off to reduce mail); if you switch that option in
your subscription settings, then you will not see the [Qemu-devel]
prefix on any mail where you were cc'd.  [side note: turning off copies
of mail where you are cc'd triggers what I consider to be a mailman bug:
it actively rewrites the to/cc of the email to omit your address in the
copy it sends to the list, which means people who follow up to the list
no longer cc you, and do not know that you were cc'd in the first place]
I didn't tell mailman anything. So I think the receiving copies setting 
is turned on.
What I can receive is only from cc. But as what Conny said, it seems 
that other external reviewers

in cc list didn't receive any mail unless I replied a mail.

Furthermore, there may be other places along the way that do data
de-duplication.  For example, anyone subscribing via a gmail.com address
gets at most one copy of a message based on the message-id; if they are
subscribed to the mailing list and also get a cc of a given message,
only one of those copies will show up (because google suppressed the
second copy with the same message-id, even though the subject lines are
different); the one copy is often (but not always) the one without the
[Qemu-devel] prefix because cc'd mail goes through less processing and
thus tends to arrive sooner than the copy sent through mailman.  [side
note: google calls de-duplication a feature, but you can't turn it off,
and it's one of the reasons that I don't use google for my personal email]

Re: [Qemu-devel] [RFC v2 2/8] monitor: allow monitor to create thread to poll

[Peter Xu]

On Fri, Aug 25, 2017 at 04:07:34PM +, Marc-André Lureau wrote:
> On Fri, Aug 25, 2017 at 5:33 PM Dr. David Alan Gilbert 
> wrote:
> 
> > * Marc-André Lureau (marcandre.lur...@gmail.com) wrote:
> > > Hi
> > >
> > > On Wed, Aug 23, 2017 at 8:52 AM Peter Xu  wrote:
> > >
> > > > Firstly, introduce Monitor.use_thread, and set it for monitors that are
> > > > using non-mux typed backend chardev.  We only do this for monitors, so
> > > > mux-typed chardevs are not suitable (when it connects to, e.g., serials
> > > > and the monitor together).
> > > >
> > > > When use_thread is set, we create standalone thread to poll the monitor
> > > > events, isolated from the main loop thread.  Here we still need to take
> > > > the BQL before dispatching the tasks since some of the monitor commands
> > > > are not allowed to execute without the protection of BQL.  Then this
> > > > gives us the chance to avoid taking the BQL for some monitor commands
> > in
> > > > the future.
> > > >
> > > > * Why this change?
> > > >
> > > > We need these per-monitor threads to make sure we can have at least one
> > > > monitor that will never stuck (that can receive further monitor
> > > > commands).
> > > >
> > > > * So when will monitors stuck?  And, how do they stuck?
> > > >
> > > > After we have postcopy and remote page faults, it's simple to achieve a
> > > > stuck in the monitor (which is also a stuck in main loop thread):
> > > >
> > > > (1) Monitor deadlock on BQL
> > > >
> > > > As we may know, when postcopy is running on destination VM, the vcpu
> > > > threads can stuck merely any time as long as it tries to access an
> > > > uncopied guest page.  Meanwhile, when the stuck happens, it is possible
> > > > that the vcpu thread is holding the BQL.  If the page fault is not
> > > > handled quickly, you'll find that monitors stop working, which is
> > trying
> > > > to take the BQL.
> > > >
> > > > If the page fault cannot be handled correctly (one case is a paused
> > > > postcopy, when network is temporarily down), monitors will hang
> > > > forever.  Without current patch, that means the main loop hanged.
> > We'll
> > > > never find a way to talk to VM again.
> > > >
> > >
> > > Could the BQL be pushed down to the monitor commands level instead? That
> > > way we wouldn't need a seperate thread to solve the hang on commands that
> > > do not need BQL.
> >
> > If the main thread is stuck though I don't see how that helps you; you
> > have to be able to run these commands on another thread.
> >
> 
> Why would the main thread be stuck? In (1) If the vcpu thread takes the BQL
> and the command doesn't need it, it would work.  In (2),  info cpus
> shouldn't keep the BQL (my qapi-async series would probably help here)

(Thanks for joining the discussion)

AFAIK the main thread can be stuck for many reasons.  I have seen one
stack when the VGA code (IIUC) was trying to writting to guest graphic
memory in main loop thread but luckily that guest page is still not
copied yet from source.  As long as the main thread is stuck for any
reason, no chance for monitor commands, even if the commands support
async operations.

So IMHO the only solution is doing these things in separate threads,
rather than all in a single one.

-- 
Peter Xu

Re: [Qemu-devel] Persistent bitmaps for non-qcow2 formats

[Fam Zheng]

On Fri, 08/25 15:44, Max Reitz wrote:
> Well, OK.  The main argument against supporting anything but qcow2 is
> "if you want features, use qcow2; and we are working on making qcow2 as
> fast as possible."  I think that's a very good argument still.  At some
> point I (and probably others, too) had the idea of making qcow2 files in
> raw layout: 


Yes! I think this idea makes a whole lot of sense, too. Metadata tables can be
generated so old implementation can still use it.

Fam

> Have the data as a blob, just like a raw file, padded by
> metadata around it.  An autoclear flag would specify that the qcow2 file
> is in this format, and if so, you could simply access it like a raw file
> and should have exactly the same speed as a raw file.  Maybe that would
> solve this whole issue, too?

[Qemu-devel] 答复: Re: [PATCHv4 02/03] colo-compare: Use IOThread to Check old packetregularly and Process pactkets of the primary

[wang.yong155]

>>   static char *compare_get_pri_indev(Object *obj, Error **errp)>> @@ -759,12 
>> +764,10 @@ static void colo_compare_complete(UserCreatable *uc, Error 
>> **errp)>>   {>>   CompareState *s = COLO_COMPARE(uc)>>   Chardev 
>> *chr>> -char thread_name[64]>> -static int compare_id>>   >> -if 
>> (!s->pri_indev || !s->sec_indev || !s->outdev) {>> +if (!s->pri_indev || 
>> !s->sec_indev || !s->outdev || !s->iothread) {>>   error_setg(errp, 
>> "colo compare needs 'primary_in' ,">> -   
>> "'secondary_in','outdev' property set")>> +   
>> "'secondary_in','outdev','iothread' property set")>>If user forgot input the 
>> iothread field, they will get the segmentation >fault.>Please fix this bug.>

>Program received signal SIGSEGV, Segmentation fault.>0x5594c319 in 
>iothread_get_aio_context (iothread=0x0) at >iothread.c:271>271return 
>iothread->ctx

Thakns, I will fix it.




WangYong



原始邮件



发件人： 
收件人：王勇10170530    
 
抄送人： 王广10165992  
 
日 期 ：2017年08月24日 16:08
主 题 ：Re: [PATCHv4 02/03] colo-compare: Use IOThread to Check old 
packetregularly and Process pactkets of the primary







On 08/22/2017 04:46 PM, Wang yong wrote:
> From: Wang Yong 
>
> Remove the task which check old packet in the comparing thread,
> then use IOthread context timer to handle it.
>
> Process pactkets in the IOThread which arrived over the socket.
> we use iothread_get_g_main_context to create a new g_main_loop in
> the IOThread.then the packets from the primary and the secondary
> are processed in the IOThread.
>
> Finally remove the colo-compare thread using the IOThread instead.
>
> Signed-off-by: Wang Yong 
> Signed-off-by: Wang Guang 
> ---
>   net/colo-compare.c | 75 
> --
>   1 file changed, 39 insertions(+), 36 deletions(-)
>
> diff --git a/net/colo-compare.c b/net/colo-compare.c
> index 5fe8e3f..69cb16e 100644
> --- a/net/colo-compare.c
> +++ b/net/colo-compare.c
> @@ -29,6 +29,7 @@
>   #include "qemu/sockets.h"
>   #include "qapi-visit.h"
>   #include "net/colo.h"
> +#include "sysemu/iothread.h"
>   
>   #define TYPE_COLO_COMPARE "colo-compare"
>   #define COLO_COMPARE(obj) \
> @@ -82,11 +83,10 @@ typedef struct CompareState {
>   GQueue conn_list
>   /* hashtable to save connection */
>   GHashTable *connection_track_table
> -/* compare thread, a thread for each NIC */
> -QemuThread thread
>   
> +IOThread *iothread
>   GMainContext *worker_context
> -GMainLoop *compare_loop
> +QEMUTimer *packet_check_timer
>   } CompareState
>   
>   typedef struct CompareClass {
> @@ -597,22 +597,40 @@ static void compare_sec_chr_in(void *opaque, const 
> uint8_t *buf, int size)
>* Check old packet regularly so it can watch for any packets
>* that the secondary hasn't produced equivalents of.
>*/
> -static gboolean check_old_packet_regular(void *opaque)
> +static void check_old_packet_regular(void *opaque)
>   {
>   CompareState *s = opaque
>   
>   /* if have old packet we will notify checkpoint */
>   colo_old_packet_check(s)
> +timer_mod(s->packet_check_timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
> +REGULAR_PACKET_CHECK_MS)
> +}
> +
> +static void colo_compare_timer_init(CompareState *s)
> +{
> +AioContext *ctx = iothread_get_aio_context(s->iothread)
>   
> -return TRUE
> +s->packet_check_timer = aio_timer_new(ctx, QEMU_CLOCK_VIRTUAL,
> +SCALE_MS, check_old_packet_regular,
> +s)
> +timer_mod(s->packet_check_timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
> +REGULAR_PACKET_CHECK_MS)
>   }
>   
> -static void *colo_compare_thread(void *opaque)
> +static void colo_compare_timer_del(CompareState *s)
>   {
> -CompareState *s = opaque
> -GSource *timeout_source
> +if (s->packet_check_timer) {
> +timer_del(s->packet_check_timer)
> +timer_free(s->packet_check_timer)
> +s->packet_check_timer = NULL
> +}
> + }
>   
> -s->worker_context = g_main_context_new()
> +static void colo_compare_iothread(CompareState *s)
> +{
> +object_ref(OBJECT(s->iothread))
> +s->worker_context = iothread_get_g_main_context(s->iothread)
>   
>   qemu_chr_fe_set_handlers(>chr_pri_in, compare_chr_can_read,
>compare_pri_chr_in, NULL, NULL,
> @@ -621,20 +639,7 @@ static void *colo_compare_thread(void *opaque)
>compare_sec_chr_in, NULL, NULL,
>s, s->worker_context, true)
>   
> -s->compare_loop = 

[Qemu-devel] [PATCH 12/14] hvf: move fields from CPUState to CPUX86State

[Sergio Andres Gomez Del Real]

This commit is a small refactoring of hvf's emulation code: it moves the
HVFX86EmulatorState field to CPUX86State, and in general changes, for
the emulation functions, the parameter with signature 'CPUState *' for
'CPUX86State *' so we don't have to get the 'env' (which is what we
really need) through the 'cpu' everytime.

Signed-off-by: Sergio Andres Gomez Del Real 
---
 include/qom/cpu.h  |   2 -
 target/i386/cpu.h  |   7 +
 target/i386/hvf-all.c  | 125 +++
 target/i386/hvf-utils/x86.c|   4 +-
 target/i386/hvf-utils/x86.h|  34 +-
 target/i386/hvf-utils/x86_decode.c | 357 ++--
 target/i386/hvf-utils/x86_decode.h |  23 +-
 target/i386/hvf-utils/x86_emu.c| 673 +++--
 target/i386/hvf-utils/x86_emu.h|  29 +-
 target/i386/hvf-utils/x86_flags.c  | 194 +--
 target/i386/hvf-utils/x86_flags.h  | 106 +++---
 target/i386/hvf-utils/x86hvf.c |  14 +-
 12 files changed, 794 insertions(+), 774 deletions(-)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index ef74c2ce3c..abe82a5b7c 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -408,9 +408,7 @@ struct CPUState {
  */
 uint16_t pending_tlb_flush;
 
-bool hvf_vcpu_dirty;
 uint64_t hvf_fd; // fd of vcpu created by HVF
-struct hvf_x86_state *hvf_x86;
 };
 
 QTAILQ_HEAD(CPUTailQ, CPUState);
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 7d90f08b98..1d056ee343 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -23,6 +23,9 @@
 #include "qemu-common.h"
 #include "cpu-qom.h"
 #include "standard-headers/asm-x86/hyperv.h"
+#if defined(CONFIG_HVF)
+#include "target/i386/hvf-utils/x86.h"
+#endif
 
 #ifdef TARGET_X86_64
 #define TARGET_LONG_BITS 64
@@ -1187,11 +1190,15 @@ typedef struct CPUX86State {
 int32_t interrupt_injected;
 uint8_t soft_interrupt;
 uint8_t has_error_code;
+uint32_t ins_len;
 uint32_t sipi_vector;
 bool tsc_valid;
 int64_t tsc_khz;
 int64_t user_tsc_khz; /* for sanity check only */
 void *kvm_xsave_buf;
+#if defined(CONFIG_HVF)
+HVFX86EmulatorState *hvf_emul;
+#endif
 
 uint64_t mcg_cap;
 uint64_t mcg_ctl;
diff --git a/target/i386/hvf-all.c b/target/i386/hvf-all.c
index 20c796089d..8a75723dcf 100644
--- a/target/i386/hvf-all.c
+++ b/target/i386/hvf-all.c
@@ -208,17 +208,20 @@ void update_apic_tpr(CPUState *cpu)
 /* TODO: taskswitch handling */
 static void save_state_to_tss32(CPUState *cpu, struct x86_tss_segment32 *tss)
 {
+X86CPU *x86_cpu = X86_CPU(cpu);
+CPUX86State *env = _cpu->env;
+
 /* CR3 and ldt selector are not saved intentionally */
-tss->eip = EIP(cpu);
-tss->eflags = EFLAGS(cpu);
-tss->eax = EAX(cpu);
-tss->ecx = ECX(cpu);
-tss->edx = EDX(cpu);
-tss->ebx = EBX(cpu);
-tss->esp = ESP(cpu);
-tss->ebp = EBP(cpu);
-tss->esi = ESI(cpu);
-tss->edi = EDI(cpu);
+tss->eip = EIP(env);
+tss->eflags = EFLAGS(env);
+tss->eax = EAX(env);
+tss->ecx = ECX(env);
+tss->edx = EDX(env);
+tss->ebx = EBX(env);
+tss->esp = ESP(env);
+tss->ebp = EBP(env);
+tss->esi = ESI(env);
+tss->edi = EDI(env);
 
 tss->es = vmx_read_segment_selector(cpu, REG_SEG_ES).sel;
 tss->cs = vmx_read_segment_selector(cpu, REG_SEG_CS).sel;
@@ -230,20 +233,23 @@ static void save_state_to_tss32(CPUState *cpu, struct 
x86_tss_segment32 *tss)
 
 static void load_state_from_tss32(CPUState *cpu, struct x86_tss_segment32 *tss)
 {
+X86CPU *x86_cpu = X86_CPU(cpu);
+CPUX86State *env = _cpu->env;
+
 wvmcs(cpu->hvf_fd, VMCS_GUEST_CR3, tss->cr3);
 
-RIP(cpu) = tss->eip;
-EFLAGS(cpu) = tss->eflags | 2;
+RIP(env) = tss->eip;
+EFLAGS(env) = tss->eflags | 2;
 
 /* General purpose registers */
-RAX(cpu) = tss->eax;
-RCX(cpu) = tss->ecx;
-RDX(cpu) = tss->edx;
-RBX(cpu) = tss->ebx;
-RSP(cpu) = tss->esp;
-RBP(cpu) = tss->ebp;
-RSI(cpu) = tss->esi;
-RDI(cpu) = tss->edi;
+RAX(env) = tss->eax;
+RCX(env) = tss->ecx;
+RDX(env) = tss->edx;
+RBX(env) = tss->ebx;
+RSP(env) = tss->esp;
+RBP(env) = tss->ebp;
+RSI(env) = tss->esi;
+RDI(env) = tss->edi;
 
 vmx_write_segment_selector(cpu, (x68_segment_selector){{tss->ldt}},
REG_SEG_LDTR);
@@ -319,6 +325,8 @@ static void vmx_handle_task_switch(CPUState *cpu, 
x68_segment_selector tss_sel,
 uint32_t desc_limit;
 struct x86_call_gate task_gate_desc;
 struct vmx_segment vmx_seg;
+X86CPU *x86_cpu = X86_CPU(cpu);
+CPUX86State *env = _cpu->env;
 
 x86_read_segment_descriptor(cpu, _tss_desc, tss_sel);
 x86_read_segment_descriptor(cpu, _tss_desc, old_tss_sel);
@@ -347,7 +355,7 @@ static void vmx_handle_task_switch(CPUState *cpu, 
x68_segment_selector tss_sel,
 }
 
 if (reason == TSR_IRET) {
-EFLAGS(cpu) &= ~RFLAGS_NT;
+EFLAGS(env) &= ~RFLAGS_NT;
 }
 
 

[Qemu-devel] [PATCH 13/14] hvf: refactor event injection code for hvf

[Sergio Andres Gomez Del Real]

This commit refactors the event-injection code for hvf through using the
appropriate fields already provided by CPUX86State. At vmexit, it fills
these fields so that hvf_inject_interrupts can just retrieve them without
calling into hvf.

Signed-off-by: Sergio Andres Gomez Del Real 
---
 target/i386/cpu.c  |  3 ++
 target/i386/hvf-all.c  | 57 ++
 target/i386/hvf-utils/vmcs.h   |  3 ++
 target/i386/hvf-utils/vmx.h|  8 ++
 target/i386/hvf-utils/x86hvf.c | 63 --
 target/i386/kvm.c  |  2 --
 6 files changed, 96 insertions(+), 40 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 8c531a0ffa..7d2080d023 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3275,6 +3275,9 @@ static void x86_cpu_reset(CPUState *s)
 memset(env->mtrr_var, 0, sizeof(env->mtrr_var));
 memset(env->mtrr_fixed, 0, sizeof(env->mtrr_fixed));
 
+env->interrupt_injected = -1;
+env->exception_injected = -1;
+env->nmi_injected = false;
 #if !defined(CONFIG_USER_ONLY)
 /* We hard-wire the BSP to the first CPU. */
 apic_designate_bsp(cpu->apic_state, s->cpu_index == 0);
diff --git a/target/i386/hvf-all.c b/target/i386/hvf-all.c
index 8a75723dcf..25e4fd4eb2 100644
--- a/target/i386/hvf-all.c
+++ b/target/i386/hvf-all.c
@@ -750,6 +750,55 @@ void hvf_disable(int shouldDisable)
 hvf_disabled = shouldDisable;
 }
 
+static void hvf_store_events(CPUState *cpu, uint32_t ins_len, uint64_t 
idtvec_info)
+{
+X86CPU *x86_cpu = X86_CPU(cpu);
+CPUX86State *env = _cpu->env;
+
+env->exception_injected = -1;
+env->interrupt_injected = -1;
+env->nmi_injected = false;
+if (idtvec_info & VMCS_IDT_VEC_VALID) {
+switch (idtvec_info & VMCS_IDT_VEC_TYPE) {
+case VMCS_IDT_VEC_HWINTR:
+case VMCS_IDT_VEC_SWINTR:
+env->interrupt_injected = idtvec_info & VMCS_IDT_VEC_VECNUM;
+break;
+case VMCS_IDT_VEC_NMI:
+env->nmi_injected = true;
+break;
+case VMCS_IDT_VEC_HWEXCEPTION:
+case VMCS_IDT_VEC_SWEXCEPTION:
+env->exception_injected = idtvec_info & VMCS_IDT_VEC_VECNUM;
+break;
+case VMCS_IDT_VEC_PRIV_SWEXCEPTION:
+default:
+abort();
+}
+if ((idtvec_info & VMCS_IDT_VEC_TYPE) == VMCS_IDT_VEC_SWEXCEPTION ||
+(idtvec_info & VMCS_IDT_VEC_TYPE) == VMCS_IDT_VEC_SWINTR) {
+env->ins_len = ins_len;
+}
+if (idtvec_info & VMCS_INTR_DEL_ERRCODE) {
+env->has_error_code = true;
+env->error_code = rvmcs(cpu->hvf_fd, VMCS_IDT_VECTORING_ERROR);
+}
+}
+if ((rvmcs(cpu->hvf_fd, VMCS_GUEST_INTERRUPTIBILITY) &
+VMCS_INTERRUPTIBILITY_NMI_BLOCKING)) {
+env->hflags2 |= HF2_NMI_MASK;
+} else {
+env->hflags2 &= ~HF2_NMI_MASK;
+}
+if (rvmcs(cpu->hvf_fd, VMCS_GUEST_INTERRUPTIBILITY) &
+ (VMCS_INTERRUPTIBILITY_STI_BLOCKING |
+ VMCS_INTERRUPTIBILITY_MOVSS_BLOCKING)) {
+env->hflags |= HF_INHIBIT_IRQ_MASK;
+} else {
+env->hflags &= ~HF_INHIBIT_IRQ_MASK;
+}
+}
+
 int hvf_vcpu_exec(CPUState *cpu)
 {
 X86CPU *x86_cpu = X86_CPU(cpu);
@@ -769,11 +818,6 @@ int hvf_vcpu_exec(CPUState *cpu)
 cpu->vcpu_dirty = false;
 }
 
-env->hvf_emul->interruptable =
-!(rvmcs(cpu->hvf_fd, VMCS_GUEST_INTERRUPTIBILITY) &
- (VMCS_INTERRUPTIBILITY_STI_BLOCKING |
- VMCS_INTERRUPTIBILITY_MOVSS_BLOCKING));
-
 hvf_inject_interrupts(cpu);
 vmx_update_tpr(cpu);
 
@@ -792,7 +836,10 @@ int hvf_vcpu_exec(CPUState *cpu)
 uint64_t exit_qual = rvmcs(cpu->hvf_fd, VMCS_EXIT_QUALIFICATION);
 uint32_t ins_len = (uint32_t)rvmcs(cpu->hvf_fd,
VMCS_EXIT_INSTRUCTION_LENGTH);
+
 uint64_t idtvec_info = rvmcs(cpu->hvf_fd, VMCS_IDT_VECTORING_INFO);
+
+hvf_store_events(cpu, ins_len, idtvec_info);
 rip = rreg(cpu->hvf_fd, HV_X86_RIP);
 RFLAGS(env) = rreg(cpu->hvf_fd, HV_X86_RFLAGS);
 env->eflags = RFLAGS(env);
diff --git a/target/i386/hvf-utils/vmcs.h b/target/i386/hvf-utils/vmcs.h
index c410dcfaaa..0fae73dce5 100644
--- a/target/i386/hvf-utils/vmcs.h
+++ b/target/i386/hvf-utils/vmcs.h
@@ -299,6 +299,7 @@
 /*
  * VMCS IDT-Vectoring information fields
  */
+#define VMCS_IDT_VEC_VECNUM 0xFF
 #define VMCS_IDT_VEC_VALID (1U << 31)
 #define VMCS_IDT_VEC_TYPE 0x700
 #define VMCS_IDT_VEC_ERRCODE_VALID (1U << 11)
@@ -306,6 +307,8 @@
 #define VMCS_IDT_VEC_NMI (2 << 8)
 #define VMCS_IDT_VEC_HWEXCEPTION (3 << 8)
 #define VMCS_IDT_VEC_SWINTR (4 << 8)
+#define VMCS_IDT_VEC_PRIV_SWEXCEPTION (5 << 8)
+#define VMCS_IDT_VEC_SWEXCEPTION (6 << 8)
 
 /*
  * VMCS Guest interruptibility field
diff --git a/target/i386/hvf-utils/vmx.h b/target/i386/hvf-utils/vmx.h
index 

[Qemu-devel] [PATCH 08/14] apic: add function to apic that will be used by hvf

[Sergio Andres Gomez Del Real]

This commit moves (hides) the function apic_get_highest_priority_irr to
apic.c and exports it through the interface in apic.h for use by hvf.

Signed-off-by: Sergio Andres Gomez Del Real 
---
 hw/intc/apic.c | 11 +++
 include/hw/i386/apic.h |  1 +
 2 files changed, 12 insertions(+)

diff --git a/hw/intc/apic.c b/hw/intc/apic.c
index fe15fb6024..3de59d07fd 100644
--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
@@ -305,6 +305,17 @@ static void apic_set_tpr(APICCommonState *s, uint8_t val)
 }
 }
 
+int apic_get_highest_priority_irr(DeviceState *dev)
+{
+APICCommonState *s;
+
+if (!dev) {
+return -1;
+}
+s = APIC_COMMON(dev);
+return get_highest_priority_int(s->irr);
+}
+
 static uint8_t apic_get_tpr(APICCommonState *s)
 {
 apic_sync_vapic(s, SYNC_FROM_VAPIC);
diff --git a/include/hw/i386/apic.h b/include/hw/i386/apic.h
index ea48ea9389..a9f6c0aa33 100644
--- a/include/hw/i386/apic.h
+++ b/include/hw/i386/apic.h
@@ -20,6 +20,7 @@ void apic_init_reset(DeviceState *s);
 void apic_sipi(DeviceState *s);
 void apic_poll_irq(DeviceState *d);
 void apic_designate_bsp(DeviceState *d, bool bsp);
+int apic_get_highest_priority_irr(DeviceState *dev);
 
 /* pc.c */
 DeviceState *cpu_get_current_apic(void);
-- 
2.14.1

[Qemu-devel] [PATCH 14/14] hvf: inject General Protection Fault when vmexit through vmcall

[Sergio Andres Gomez Del Real]

This commit injects a GP fault when the guest vmexit's by executing a
vmcall instruction.

Signed-off-by: Sergio Andres Gomez Del Real 
---
 target/i386/hvf-all.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/i386/hvf-all.c b/target/i386/hvf-all.c
index 25e4fd4eb2..fdb2b12c8a 100644
--- a/target/i386/hvf-all.c
+++ b/target/i386/hvf-all.c
@@ -1064,7 +1064,9 @@ int hvf_vcpu_exec(CPUState *cpu)
 macvm_set_rip(cpu, rip + ins_len);
 break;
 case VMX_REASON_VMCALL:
-/* TODO: inject #GP fault */
+env->exception_injected = EXCP0D_GPF;
+env->has_error_code = true;
+env->error_code = 0;
 break;
 default:
 fprintf(stderr, "%llx: unhandled exit %llx\n", rip, exit_reason);
-- 
2.14.1

[Qemu-devel] [PATCH 03/14] hvf: add conditional macros around hvf code in cpus.c

[Sergio Andres Gomez Del Real]

This commit surrounds the hvf parts of cpus.c with conditional macros so
that they are rightly ignored on other platforms.

Signed-off-by: Sergio Andres Gomez Del Real 
---
 cpus.c   | 147 +++
 include/sysemu/hvf.h |   5 +-
 2 files changed, 105 insertions(+), 47 deletions(-)

diff --git a/cpus.c b/cpus.c
index a2cd9dfa5d..6754ce17cc 100644
--- a/cpus.c
+++ b/cpus.c
@@ -37,6 +37,7 @@
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "sysemu/hax.h"
+#include "sysemu/hvf.h"
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
 
@@ -81,6 +82,9 @@ static unsigned int throttle_percentage;
 #define CPU_THROTTLE_PCT_MAX 99
 #define CPU_THROTTLE_TIMESLICE_NS 1000
 
+/* For temporary buffers for forming a name */
+#define VCPU_THREAD_NAME_SIZE 16
+
 bool cpu_is_stopped(CPUState *cpu)
 {
 return cpu->stopped || !runstate_is_running();
@@ -900,6 +904,11 @@ void cpu_synchronize_all_states(void)
 
 CPU_FOREACH(cpu) {
 cpu_synchronize_state(cpu);
+#ifdef CONFIG_HVF
+if (hvf_enabled()) {
+hvf_cpu_synchronize_state(cpu);
+}
+#endif
 }
 }
 
@@ -909,6 +918,11 @@ void cpu_synchronize_all_post_reset(void)
 
 CPU_FOREACH(cpu) {
 cpu_synchronize_post_reset(cpu);
+#ifdef CONFIG_HVF
+if (hvf_enabled()) {
+hvf_cpu_synchronize_post_reset(cpu);
+}
+#endif
 }
 }
 
@@ -918,6 +932,11 @@ void cpu_synchronize_all_post_init(void)
 
 CPU_FOREACH(cpu) {
 cpu_synchronize_post_init(cpu);
+#ifdef CONFIG_HVF
+if (hvf_enabled()) {
+hvf_cpu_synchronize_post_init(cpu);
+}
+#endif
 }
 }
 
@@ -1098,6 +1117,80 @@ static void qemu_kvm_wait_io_event(CPUState *cpu)
 qemu_wait_io_event_common(cpu);
 }
 
+#ifdef CONFIG_HVF
+static void qemu_hvf_wait_io_event(CPUState *cpu)
+{
+while (cpu_thread_is_idle(cpu)) {
+qemu_cond_wait(cpu->halt_cond, _global_mutex);
+}
+qemu_wait_io_event_common(cpu);
+}
+
+/* The HVF-specific vCPU thread function. This one should only run when the 
host
+ * CPU supports the VMX "unrestricted guest" feature. */
+static void *qemu_hvf_cpu_thread_fn(void *arg)
+{
+CPUState *cpu = arg;
+
+int r;
+
+assert(hvf_enabled());
+
+rcu_register_thread();
+
+qemu_mutex_lock_iothread();
+qemu_thread_get_self(cpu->thread);
+
+cpu->thread_id = qemu_get_thread_id();
+cpu->can_do_io = 1;
+current_cpu = cpu;
+
+hvf_init_vcpu(cpu);
+
+/* signal CPU creation */
+cpu->created = true;
+qemu_cond_signal(_cpu_cond);
+
+do {
+if (cpu_can_run(cpu)) {
+r = hvf_vcpu_exec(cpu);
+if (r == EXCP_DEBUG) {
+cpu_handle_guest_debug(cpu);
+}
+}
+qemu_hvf_wait_io_event(cpu);
+} while (!cpu->unplug || cpu_can_run(cpu));
+
+hvf_vcpu_destroy(cpu);
+cpu->created = false;
+qemu_cond_signal(_cpu_cond);
+qemu_mutex_unlock_iothread();
+return NULL;
+}
+
+static void qemu_hvf_start_vcpu(CPUState *cpu)
+{
+char thread_name[VCPU_THREAD_NAME_SIZE];
+
+/* HVF currently does not support TCG, and only runs in
+ * unrestricted-guest mode. */
+assert(hvf_enabled());
+
+cpu->thread = g_malloc0(sizeof(QemuThread));
+cpu->halt_cond = g_malloc0(sizeof(QemuCond));
+qemu_cond_init(cpu->halt_cond);
+
+snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/HVF",
+ cpu->cpu_index);
+qemu_thread_create(cpu->thread, thread_name, qemu_hvf_cpu_thread_fn,
+   cpu, QEMU_THREAD_JOINABLE);
+while (!cpu->created) {
+qemu_cond_wait(_cpu_cond, _global_mutex);
+}
+}
+
+#endif
+
 static void *qemu_kvm_cpu_thread_fn(void *arg)
 {
 CPUState *cpu = arg;
@@ -1434,48 +1527,6 @@ static void *qemu_hax_cpu_thread_fn(void *arg)
 return NULL;
 }
 
-/* The HVF-specific vCPU thread function. This one should only run when the 
host
- * CPU supports the VMX "unrestricted guest" feature. */
-static void *qemu_hvf_cpu_thread_fn(void *arg)
-{
-CPUState *cpu = arg;
-
-int r;
-
-assert(hvf_enabled());
-
-rcu_register_thread();
-
-qemu_mutex_lock_iothread();
-qemu_thread_get_self(cpu->thread);
-
-cpu->thread_id = qemu_get_thread_id();
-cpu->can_do_io = 1;
-current_cpu = cpu;
-
-hvf_init_vcpu(cpu);
-
-/* signal CPU creation */
-cpu->created = true;
-qemu_cond_signal(_cpu_cond);
-
-do {
-if (cpu_can_run(cpu)) {
-r = hvf_vcpu_exec(cpu);
-if (r == EXCP_DEBUG) {
-cpu_handle_guest_debug(cpu);
-}
-}
-qemu_hvf_wait_io_event(cpu);
-} while (!cpu->unplug || cpu_can_run(cpu));
-
-hvf_vcpu_destroy(cpu);
-cpu->created = false;
-qemu_cond_signal(_cpu_cond);
-qemu_mutex_unlock_iothread();
-return NULL;
-}
-
 #ifdef _WIN32
 static void CALLBACK dummy_apc_func(ULONG_PTR unused)
 {
@@ 

[Qemu-devel] [PATCH 10/14] hvf: refactor cpuid code

[Sergio Andres Gomez Del Real]

This commit adds code to request the cpuid features supported by the
host and hvf; it calls hvf_get_supported_cpuid if hvf is compiled with
QEMU and enabled.

Signed-off-by: Sergio Andres Gomez Del Real 
---
 cpus.c|   2 +
 include/qom/cpu.h |   6 +--
 include/sysemu/hvf.h  |  18 ++---
 target/i386/cpu-qom.h |   4 +-
 target/i386/cpu.c | 108 --
 target/i386/hvf-all.c |  20 +-
 6 files changed, 113 insertions(+), 45 deletions(-)

diff --git a/cpus.c b/cpus.c
index 6754ce17cc..2411dfcd3f 100644
--- a/cpus.c
+++ b/cpus.c
@@ -37,7 +37,9 @@
 #include "sysemu/hw_accel.h"
 #include "sysemu/kvm.h"
 #include "sysemu/hax.h"
+#ifdef CONFIG_HVF
 #include "sysemu/hvf.h"
+#endif
 #include "qmp-commands.h"
 #include "exec/exec-all.h"
 
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index c46eb61240..ef74c2ce3c 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -408,13 +408,9 @@ struct CPUState {
  */
 uint16_t pending_tlb_flush;
 
-// HVF
 bool hvf_vcpu_dirty;
 uint64_t hvf_fd; // fd of vcpu created by HVF
-// Supporting data structures for VMCS capabilities
-// and x86 emulation state
-struct hvf_vcpu_caps* hvf_caps;
-struct hvf_x86_state* hvf_x86;
+struct hvf_x86_state *hvf_x86;
 };
 
 QTAILQ_HEAD(CPUTailQ, CPUState);
diff --git a/include/sysemu/hvf.h b/include/sysemu/hvf.h
index f9a5a9c5d3..5b92769b16 100644
--- a/include/sysemu/hvf.h
+++ b/include/sysemu/hvf.h
@@ -34,12 +34,6 @@ typedef struct hvf_slot {
 int slot_id;
 } hvf_slot;
 
-typedef struct HVFState {
-AccelState parent;
-hvf_slot slots[32];
-int num_slots;
-} HVFState;
-
 struct hvf_vcpu_caps {
 uint64_t vmx_cap_pinbased;
 uint64_t vmx_cap_procbased;
@@ -49,6 +43,15 @@ struct hvf_vcpu_caps {
 uint64_t vmx_cap_preemption_timer;
 };
 
+typedef struct HVFState {
+AccelState parent;
+hvf_slot slots[32];
+int num_slots;
+
+struct hvf_vcpu_caps *hvf_caps;
+} HVFState;
+extern HVFState *hvf_state;
+
 void hvf_set_phys_mem(MemoryRegionSection *, bool);
 void hvf_handle_io(CPUArchState *, uint16_t, void *,
   int, int, int);
@@ -87,6 +90,9 @@ void update_apic_tpr(CPUState *);
 int hvf_put_registers(CPUState *);
 void vmx_clear_int_window_exiting(CPUState *cpu);
 
+uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,
+ int reg);
+
 #define TYPE_HVF_ACCEL ACCEL_CLASS_NAME("hvf")
 
 #define HVF_STATE(obj) \
diff --git a/target/i386/cpu-qom.h b/target/i386/cpu-qom.h
index c2205e6077..22f95eb3a4 100644
--- a/target/i386/cpu-qom.h
+++ b/target/i386/cpu-qom.h
@@ -47,7 +47,7 @@ typedef struct X86CPUDefinition X86CPUDefinition;
 /**
  * X86CPUClass:
  * @cpu_def: CPU model definition
- * @kvm_required: Whether CPU model requires KVM to be enabled.
+ * @host_cpuid_required: Whether CPU model requires cpuid from host.
  * @ordering: Ordering on the "-cpu help" CPU model list.
  * @migration_safe: See CpuDefinitionInfo::migration_safe
  * @static_model: See CpuDefinitionInfo::static
@@ -66,7 +66,7 @@ typedef struct X86CPUClass {
  */
 X86CPUDefinition *cpu_def;
 
-bool kvm_required;
+bool host_cpuid_required;
 int ordering;
 bool migration_safe;
 bool static_model;
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ddc45abd70..8c531a0ffa 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -22,6 +22,9 @@
 #include "cpu.h"
 #include "exec/exec-all.h"
 #include "sysemu/kvm.h"
+#ifdef CONFIG_HVF
+#include "sysemu/hvf.h"
+#endif
 #include "sysemu/cpus.h"
 #include "kvm_i386.h"
 
@@ -613,6 +616,23 @@ static uint32_t xsave_area_size(uint64_t mask)
 return ret;
 }
 
+static inline bool accel_uses_host_cpuid(void)
+{
+bool enabled;
+#if defined(CONFIG_KVM)
+enabled = kvm_enabled();
+#elif defined(CONFIG_HVF)
+enabled = hvf_enabled();
+#else
+enabled = 0;
+#endif
+if (enabled) {
+return true;
+} else {
+return false;
+}
+}
+
 static inline uint64_t x86_cpu_xsave_components(X86CPU *cpu)
 {
 return ((uint64_t)cpu->env.features[FEAT_XSAVE_COMP_HI]) << 32 |
@@ -1643,10 +1663,15 @@ static void max_x86_cpu_initfn(Object *obj)
  */
 cpu->max_features = true;
 
-if (kvm_enabled()) {
+if (accel_uses_host_cpuid()) {
 char vendor[CPUID_VENDOR_SZ + 1] = { 0 };
 char model_id[CPUID_MODEL_ID_SZ + 1] = { 0 };
 int family, model, stepping;
+X86CPUDefinition host_cpudef = { };
+uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0;
+
+host_cpuid(0x0, 0, , , , );
+x86_cpu_vendor_words2str(host_cpudef.vendor, ebx, edx, ecx);
 
 host_vendor_fms(vendor, , , );
 
@@ -1660,12 +1685,23 @@ static void max_x86_cpu_initfn(Object *obj)
 object_property_set_str(OBJECT(cpu), model_id, "model-id",
 _abort);
 
-env->cpuid_min_level =
-

[Qemu-devel] [PATCH 11/14] hvf: implement vga dirty page tracking

[Sergio Andres Gomez Del Real]

This commit implements setting the tracking of dirty pages, using hvf's
interface to protect guest memory. It uses the MemoryListener callback
mechanism through .log_start/stop/sync

Signed-off-by: Sergio Andres Gomez Del Real 
---
 include/sysemu/hvf.h  |  5 
 target/i386/hvf-all.c | 72 ++-
 2 files changed, 70 insertions(+), 7 deletions(-)

diff --git a/include/sysemu/hvf.h b/include/sysemu/hvf.h
index 5b92769b16..90e9ec174e 100644
--- a/include/sysemu/hvf.h
+++ b/include/sysemu/hvf.h
@@ -27,11 +27,16 @@
 #include 
 #endif
 
+/* hvf_slot flags */
+#define HVF_SLOT_LOG (1 << 0)
+
 typedef struct hvf_slot {
 uint64_t start;
 uint64_t size;
 uint8_t *mem;
 int slot_id;
+uint32_t flags;
+MemoryRegion *region;
 } hvf_slot;
 
 struct hvf_vcpu_caps {
diff --git a/target/i386/hvf-all.c b/target/i386/hvf-all.c
index 11d20671f7..20c796089d 100644
--- a/target/i386/hvf-all.c
+++ b/target/i386/hvf-all.c
@@ -172,6 +172,7 @@ void hvf_set_phys_mem(MemoryRegionSection *section, bool 
add)
 mem->size = int128_get64(section->size);
 mem->mem = memory_region_get_ram_ptr(area) + section->offset_within_region;
 mem->start = section->offset_within_address_space;
+mem->region = area;
 
 if (do_hvf_set_memory(mem)) {
 fprintf(stderr, "Error registering new memory slot\n");
@@ -441,8 +442,7 @@ void hvf_cpu_synchronize_post_init(CPUState *cpu_state)
 run_on_cpu(cpu_state, _hvf_cpu_synchronize_post_init, RUN_ON_CPU_NULL);
 }
 
-/* TODO: ept fault handlig */
-static bool ept_emulation_fault(uint64_t ept_qual)
+static bool ept_emulation_fault(hvf_slot *slot, addr_t gpa, uint64_t ept_qual)
 {
 int read, write;
 
@@ -458,6 +458,14 @@ static bool ept_emulation_fault(uint64_t ept_qual)
 return false;
 }
 
+if (write && slot) {
+if (slot->flags & HVF_SLOT_LOG) {
+memory_region_set_dirty(slot->region, gpa - slot->start, 1);
+hv_vm_protect((hv_gpaddr_t)slot->start, (size_t)slot->size,
+  HV_MEMORY_READ | HV_MEMORY_WRITE);
+}
+}
+
 /*
  * The EPT violation must have been caused by accessing a
  * guest-physical address that is a translation of a guest-linear
@@ -468,7 +476,57 @@ static bool ept_emulation_fault(uint64_t ept_qual)
 return false;
 }
 
-return true;
+return !slot;
+}
+
+static void hvf_set_dirty_tracking(MemoryRegionSection *section, bool on)
+{
+struct mac_slot *macslot;
+hvf_slot *slot;
+
+slot = hvf_find_overlap_slot(
+section->offset_within_address_space,
+section->offset_within_address_space + 
int128_get64(section->size));
+
+/* protect region against writes; begin tracking it */
+if (on) {
+slot->flags |= HVF_SLOT_LOG;
+hv_vm_protect((hv_gpaddr_t)slot->start, (size_t)slot->size,
+  HV_MEMORY_READ);
+/* stop tracking region*/
+} else {
+slot->flags &= ~HVF_SLOT_LOG;
+hv_vm_protect((hv_gpaddr_t)slot->start, (size_t)slot->size,
+  HV_MEMORY_READ | HV_MEMORY_WRITE);
+}
+}
+
+static void hvf_log_start(MemoryListener *listener,
+  MemoryRegionSection *section, int old, int new)
+{
+if (old != 0)
+return;
+
+hvf_set_dirty_tracking(section, 1);
+}
+
+static void hvf_log_stop(MemoryListener *listener,
+ MemoryRegionSection *section, int old, int new)
+{
+if (new != 0)
+return;
+
+hvf_set_dirty_tracking(section, 0);
+}
+
+static void hvf_log_sync(MemoryListener *listener,
+ MemoryRegionSection *section)
+{
+/*
+ * sync of dirty pages is handled elsewhere; just make sure we keep
+ * tracking the region.
+ */
+hvf_set_dirty_tracking(section, 1);
 }
 
 static void hvf_region_add(MemoryListener *listener,
@@ -487,6 +545,9 @@ static MemoryListener hvf_memory_listener = {
 .priority = 10,
 .region_add = hvf_region_add,
 .region_del = hvf_region_del,
+.log_start = hvf_log_start,
+.log_stop = hvf_log_stop,
+.log_sync = hvf_log_sync,
 };
 
 void vmx_reset_vcpu(CPUState *cpu) {
@@ -763,7 +824,7 @@ int hvf_vcpu_exec(CPUState *cpu)
 
 slot = hvf_find_overlap_slot(gpa, gpa);
 /* mmio */
-if (ept_emulation_fault(exit_qual) && !slot) {
+if (ept_emulation_fault(slot, gpa, exit_qual)) {
 struct x86_decode decode;
 
 load_regs(cpu);
@@ -774,9 +835,6 @@ int hvf_vcpu_exec(CPUState *cpu)
 store_regs(cpu);
 break;
 }
-#ifdef DIRTY_VGA_TRACKING
-/* TODO: handle dirty page tracking */
-#endif
 break;
 }
 case EXIT_REASON_INOUT:
-- 
2.14.1

[Qemu-devel] [PATCH 04/14] hvf: add fields to CPUState and CPUX86State; add definitions

[Sergio Andres Gomez Del Real]

This commit adds some fields specific to hvf in CPUState and
CPUX86State. It also adds some handy #defines.

Signed-off-by: Sergio Andres Gomez Del Real 
---
 include/qom/cpu.h |  8 
 target/i386/cpu.h | 23 +++
 2 files changed, 31 insertions(+)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 25eefea7ab..c46eb61240 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -407,6 +407,14 @@ struct CPUState {
  * unnecessary flushes.
  */
 uint16_t pending_tlb_flush;
+
+// HVF
+bool hvf_vcpu_dirty;
+uint64_t hvf_fd; // fd of vcpu created by HVF
+// Supporting data structures for VMCS capabilities
+// and x86 emulation state
+struct hvf_vcpu_caps* hvf_caps;
+struct hvf_x86_state* hvf_x86;
 };
 
 QTAILQ_HEAD(CPUTailQ, CPUState);
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 051867399b..7d90f08b98 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -82,15 +82,19 @@
 #define R_GS 5
 
 /* segment descriptor fields */
+#define DESC_G_SHIFT23
 #define DESC_G_MASK (1 << 23)
 #define DESC_B_SHIFT22
 #define DESC_B_MASK (1 << DESC_B_SHIFT)
 #define DESC_L_SHIFT21 /* x86_64 only : 64 bit code segment */
 #define DESC_L_MASK (1 << DESC_L_SHIFT)
+#define DESC_AVL_SHIFT  20
 #define DESC_AVL_MASK   (1 << 20)
+#define DESC_P_SHIFT15
 #define DESC_P_MASK (1 << 15)
 #define DESC_DPL_SHIFT  13
 #define DESC_DPL_MASK   (3 << DESC_DPL_SHIFT)
+#define DESC_S_SHIFT12
 #define DESC_S_MASK (1 << 12)
 #define DESC_TYPE_SHIFT 8
 #define DESC_TYPE_MASK  (15 << DESC_TYPE_SHIFT)
@@ -631,6 +635,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
 #define CPUID_7_0_EBX_AVX512BW (1U << 30) /* AVX-512 Byte and Word 
Instructions */
 #define CPUID_7_0_EBX_AVX512VL (1U << 31) /* AVX-512 Vector Length Extensions 
*/
 
+#define CPUID_7_0_ECX_AVX512BMI (1U << 1)
 #define CPUID_7_0_ECX_VBMI (1U << 1)  /* AVX-512 Vector Byte Manipulation 
Instrs */
 #define CPUID_7_0_ECX_UMIP (1U << 2)
 #define CPUID_7_0_ECX_PKU  (1U << 3)
@@ -806,6 +811,20 @@ typedef struct SegmentCache {
 float64  _d_##n[(bits)/64]; \
 }
 
+typedef union {
+uint8_t _b[16];
+uint16_t _w[8];
+uint32_t _l[4];
+uint64_t _q[2];
+} XMMReg;
+
+typedef union {
+uint8_t _b[32];
+uint16_t _w[16];
+uint32_t _l[8];
+uint64_t _q[4];
+} YMMReg;
+
 typedef MMREG_UNION(ZMMReg, 512) ZMMReg;
 typedef MMREG_UNION(MMXReg, 64)  MMXReg;
 
@@ -1041,7 +1060,11 @@ typedef struct CPUX86State {
 ZMMReg xmm_t0;
 MMXReg mmx_t0;
 
+XMMReg ymmh_regs[CPU_NB_REGS];
+
 uint64_t opmask_regs[NB_OPMASK_REGS];
+YMMReg zmmh_regs[CPU_NB_REGS];
+ZMMReg hi16_zmm_regs[CPU_NB_REGS];
 
 /* sysenter registers */
 uint32_t sysenter_cs;
-- 
2.14.1

[Qemu-devel] [PATCH 09/14] hvf: implement hvf_get_supported_cpuid

[Sergio Andres Gomez Del Real]

This commit implements hvf_get_supported_cpuid, which returns the set of
features supported by both the host processor and the hypervisor.

Signed-off-by: Sergio Andres Gomez Del Real 
---
 target/i386/hvf-utils/x86_cpuid.c | 138 ++
 1 file changed, 138 insertions(+)

diff --git a/target/i386/hvf-utils/x86_cpuid.c 
b/target/i386/hvf-utils/x86_cpuid.c
index 5d63bca8fd..6d405cd9dd 100644
--- a/target/i386/hvf-utils/x86_cpuid.c
+++ b/target/i386/hvf-utils/x86_cpuid.c
@@ -24,6 +24,7 @@
 #include "x86_cpuid.h"
 #include "x86.h"
 #include "vmx.h"
+#include "sysemu/hvf.h"
 
 #define PPRO_FEATURES (CPUID_FP87 | CPUID_DE | CPUID_PSE | CPUID_TSC | \
 CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_PGE | CPUID_CMOV | \
@@ -94,6 +95,27 @@ struct x86_cpuid builtin_cpus[] = {
 
 static struct x86_cpuid *_cpuid;
 
+static uint64_t xgetbv(uint32_t xcr)
+{
+uint32_t eax, edx;
+
+__asm__ volatile ("xgetbv"
+  : "=a" (eax), "=d" (edx)
+  : "c" (xcr));
+
+return (((uint64_t)edx) << 32) | eax;
+}
+
+static bool vmx_mpx_supported()
+{
+uint64_t cap_exit, cap_entry;
+
+hv_vmx_read_capability(HV_VMX_CAP_ENTRY, _entry);
+hv_vmx_read_capability(HV_VMX_CAP_EXIT, _exit);
+
+return ((cap_exit & (1 << 23)) && (cap_entry & (1 << 16)));
+}
+
 void init_cpuid(struct CPUState *cpu)
 {
 _cpuid = _cpus[2]; /* core2duo */
@@ -277,3 +299,119 @@ void get_cpuid_func(struct CPUState *cpu, int func, int 
cnt, uint32_t *eax,
 break;
 }
 }
+
+uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,
+ int reg)
+{
+uint64_t cap;
+uint32_t eax, ebx, ecx, edx;
+
+host_cpuid(func, idx, , , , );
+
+switch (func) {
+case 0:
+eax = eax < (uint32_t)0xd ? eax : (uint32_t)0xd;
+break;
+case 1:
+edx &= CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE | CPUID_TSC |
+ CPUID_MSR | CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC |
+ CPUID_SEP | CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV |
+ CPUID_PAT | CPUID_PSE36 | CPUID_CLFLUSH | CPUID_MMX |
+ CPUID_FXSR | CPUID_SSE | CPUID_SSE2 | CPUID_SS;
+ecx &= CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSSE3 |
+ CPUID_EXT_FMA | CPUID_EXT_CX16 | CPUID_EXT_PCID |
+ CPUID_EXT_SSE41 | CPUID_EXT_SSE42 | CPUID_EXT_MOVBE |
+ CPUID_EXT_POPCNT | CPUID_EXT_AES | CPUID_EXT_XSAVE |
+ CPUID_EXT_AVX | CPUID_EXT_F16C | CPUID_EXT_RDRAND;
+break;
+case 6:
+eax = 4;
+ebx = 0;
+ecx = 0;
+edx = 0;
+break;
+case 7:
+if (idx == 0) {
+ebx &= CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
+CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 |
+CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 |
+CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_RTM |
+CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
+CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_AVX512IFMA |
+CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512PF |
+CPUID_7_0_EBX_AVX512ER | CPUID_7_0_EBX_AVX512CD |
+CPUID_7_0_EBX_CLFLUSHOPT | CPUID_7_0_EBX_CLWB |
+CPUID_7_0_EBX_AVX512DQ | CPUID_7_0_EBX_SHA_NI |
+CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512VL |
+CPUID_7_0_EBX_INVPCID | CPUID_7_0_EBX_MPX;
+
+if (!vmx_mpx_supported()) {
+ebx &= ~CPUID_7_0_EBX_MPX;
+}
+hv_vmx_read_capability(HV_VMX_CAP_PROCBASED2, );
+if (!(cap & CPU_BASED2_INVPCID)) {
+ebx &= ~CPUID_7_0_EBX_INVPCID;
+}
+
+ecx &= CPUID_7_0_ECX_AVX512BMI | CPUID_7_0_ECX_AVX512_VPOPCNTDQ;
+edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS;
+} else {
+ebx = 0;
+ecx = 0;
+edx = 0;
+}
+eax = 0;
+break;
+case 0xD:
+if (idx == 0) {
+uint64_t host_xcr0 = xgetbv(0);
+uint64_t supp_xcr0 = host_xcr0 & (XSTATE_FP_MASK | XSTATE_SSE_MASK 
|
+  XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK |
+  XSTATE_BNDCSR_MASK | XSTATE_OPMASK_MASK |
+  XSTATE_ZMM_Hi256_MASK | 
XSTATE_Hi16_ZMM_MASK);
+eax &= supp_xcr0;
+if (!vmx_mpx_supported()) {
+eax &= ~(XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK);
+}
+} else if (idx == 1) {
+hv_vmx_read_capability(HV_VMX_CAP_PROCBASED2, );
+eax &= CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XGETBV1;
+if (!(cap & CPU_BASED2_XSAVES_XRSTORS)) {
+eax &= ~CPUID_XSAVE_XSAVES;
+}
+}
+break;
+case 0x8001:
+/* LM 

[Qemu-devel] [PATCH 00/14] add support for Hypervisor.framework in QEMU

[Sergio Andres Gomez Del Real]

The following patchset adds to QEMU the supporting for macOS's native
hypervisor, Hypervisor.framework (hvf). The code base is taken from
Google's Android emulator at
https://android.googlesource.com/platform/external/qemu/+/emu-master-dev.

Apart from general code refactoring, some additional features were implemented:
retrieve the set of features supported by host cpu and hvf (cpuid);
dirty page tracking for VGA memory area; reimplementation of the event
injection mechanism to allow injection of exceptions during vmexits, which is
exemplified by the injection of a GP fault when the guest vmexits due to
execution of the vmcall instruction; changing the emulator's use of CPUState
structure in favor of CPUX86State, so as to in the future remove data structures
that are uselessly specific to hvf and unified some of the state between kvm/tcg
and hvf.
Some features initially planned to implement that didn't make it include:
page fault handling in the emulator and implementing the dummy_signal to handle
the SIG_IPI signal without race conditions. Hopefully these can be implemented
in the near future.

Sergio Andres Gomez Del Real (14):
  hvf: add support for Hypervisor.framework in the configure script
  hvf: add code base from Google's QEMU repository
  hvf: add conditional macros around hvf code in cpus.c
  hvf: add fields to CPUState and CPUX86State; add definitions
  hvf: use new helper functions for put/get xsave
  hvf: add compilation rules to Makefile.objs
  hvf: run hvf code through checkpatch.pl and fix style issues
  apic: add function to apic that will be used by hvf
  hvf: implement hvf_get_supported_cpuid
  hvf: refactor cpuid code
  hvf: implement vga dirty page tracking
  hvf: move fields from CPUState to CPUX86State
  hvf: refactor event injection code for hvf
  hvf: inject General Protection Fault when vmexit through vmcall

 configure   |   32 +
 cpus.c  |  107 +-
 hw/intc/apic.c  |   11 +
 include/hw/i386/apic.h  |1 +
 include/qom/cpu.h   |2 +
 include/sysemu/hvf.h|  106 ++
 qemu-options.hx |   20 +-
 target/i386/Makefile.objs   |1 +
 target/i386/cpu-qom.h   |4 +-
 target/i386/cpu.c   |  111 +-
 target/i386/cpu.h   |   30 +
 target/i386/hvf-all.c   | 1123 ++
 target/i386/hvf-i386.h  |   48 +
 target/i386/hvf-utils/Makefile.objs |1 +
 target/i386/hvf-utils/README.md |7 +
 target/i386/hvf-utils/vmcs.h|  371 ++
 target/i386/hvf-utils/vmx.h |  222 
 target/i386/hvf-utils/x86.c |  184 +++
 target/i386/hvf-utils/x86.h |  476 
 target/i386/hvf-utils/x86_cpuid.c   |  417 +++
 target/i386/hvf-utils/x86_cpuid.h   |   52 +
 target/i386/hvf-utils/x86_decode.c  | 2186 +++
 target/i386/hvf-utils/x86_decode.h  |  325 ++
 target/i386/hvf-utils/x86_descr.c   |  124 ++
 target/i386/hvf-utils/x86_descr.h   |   55 +
 target/i386/hvf-utils/x86_emu.c | 1536 
 target/i386/hvf-utils/x86_emu.h |   32 +
 target/i386/hvf-utils/x86_flags.c   |  333 ++
 target/i386/hvf-utils/x86_flags.h   |  243 
 target/i386/hvf-utils/x86_gen.h |   36 +
 target/i386/hvf-utils/x86_mmu.c |  273 +
 target/i386/hvf-utils/x86_mmu.h |   28 +
 target/i386/hvf-utils/x86hvf.c  |  463 
 target/i386/hvf-utils/x86hvf.h  |   22 +
 target/i386/kvm.c   |2 -
 vl.c|7 +
 36 files changed, 8957 insertions(+), 34 deletions(-)
 create mode 100644 include/sysemu/hvf.h
 create mode 100644 target/i386/hvf-all.c
 create mode 100644 target/i386/hvf-i386.h
 create mode 100644 target/i386/hvf-utils/Makefile.objs
 create mode 100644 target/i386/hvf-utils/README.md
 create mode 100644 target/i386/hvf-utils/vmcs.h
 create mode 100644 target/i386/hvf-utils/vmx.h
 create mode 100644 target/i386/hvf-utils/x86.c
 create mode 100644 target/i386/hvf-utils/x86.h
 create mode 100644 target/i386/hvf-utils/x86_cpuid.c
 create mode 100644 target/i386/hvf-utils/x86_cpuid.h
 create mode 100644 target/i386/hvf-utils/x86_decode.c
 create mode 100644 target/i386/hvf-utils/x86_decode.h
 create mode 100644 target/i386/hvf-utils/x86_descr.c
 create mode 100644 target/i386/hvf-utils/x86_descr.h
 create mode 100644 target/i386/hvf-utils/x86_emu.c
 create mode 100644 target/i386/hvf-utils/x86_emu.h
 create mode 100644 target/i386/hvf-utils/x86_flags.c
 create mode 100644 target/i386/hvf-utils/x86_flags.h
 create mode 100644 target/i386/hvf-utils/x86_gen.h
 create mode 100644 target/i386/hvf-utils/x86_mmu.c
 create mode 100644 target/i386/hvf-utils/x86_mmu.h
 create mode 100644 target/i386/hvf-utils/x86hvf.c
 create mode 100644 target/i386/hvf-utils/x86hvf.h

-- 
2.14.1

Subject: [PATCH 00/15] 

[Qemu-devel] [PATCH 01/14] hvf: add support for Hypervisor.framework in the configure script

[Sergio Andres Gomez Del Real]

This patch adds to the configure script the code to support the
--enable-hvf argument. If the OS is Darwin, it checks for presence of
HVF in the system. The patch also adds strings related to HVF in the
file qemu-options.hx

Signed-off-by: Sergio Andres Gomez Del Real 
---
 configure   | 32 
 qemu-options.hx | 20 +++-
 2 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/configure b/configure
index dd73cce62f..d9126462a1 100755
--- a/configure
+++ b/configure
@@ -309,6 +309,7 @@ vhost_vsock="no"
 vhost_user=""
 kvm="no"
 hax="no"
+hvf="no"
 rdma=""
 gprof="no"
 debug_tcg="no"
@@ -727,6 +728,7 @@ Darwin)
   bsd="yes"
   darwin="yes"
   hax="yes"
+  hvf="yes"
   LDFLAGS_SHARED="-bundle -undefined dynamic_lookup"
   if [ "$cpu" = "x86_64" ] ; then
 QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
@@ -1027,6 +1029,10 @@ for opt do
   ;;
   --enable-hax) hax="yes"
   ;;
+  --disable-hvf) hvf="no"
+  ;;
+  --enable-hvf) hvf="yes"
+  ;;
   --disable-tcg-interpreter) tcg_interpreter="no"
   ;;
   --enable-tcg-interpreter) tcg_interpreter="yes"
@@ -1499,6 +1505,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   bluez   bluez stack connectivity
   kvm KVM acceleration support
   hax HAX acceleration support
+  hvf Hypervisor.framework acceleration support
   rdmaRDMA-based migration support
   vde support for vde network
   netmap  support for netmap network
@@ -4900,6 +4907,21 @@ then
 fi
 
 
+#
+# Check to see if we have the Hypervisor framework
+if [ "$darwin" == "yes" ] ; then
+  cat > $TMPC << EOF
+#include 
+int main() { return 0;}
+EOF
+  if ! compile_object ""; then
+hvf='no'
+  else
+hvf='yes'
+LDFLAGS="-framework Hypervisor $LDFLAGS"
+  fi
+fi
+
 #
 # Sparc implicitly links with --relax, which is
 # incompatible with -r, so --no-relax should be
@@ -5356,6 +5378,7 @@ if test "$tcg" = "yes" ; then
 echo "TCG debug enabled $debug_tcg"
 echo "TCG interpreter   $tcg_interpreter"
 fi
+echo "HVF support   $hvf"
 echo "RDMA support  $rdma"
 echo "fdt support   $fdt"
 echo "preadv support$preadv"
@@ -6388,6 +6411,15 @@ fi
 if supported_hax_target $target; then
 echo "CONFIG_HAX=y" >> $config_target_mak
 fi
+if test "$hvf" = "yes" ; then
+  if test "$target_softmmu" = "yes" ; then
+case "$target_name" in
+i386|x86_64)
+  echo "CONFIG_HVF=y" >> $config_target_mak
+;;
+esac
+  fi
+fi
 if test "$target_bigendian" = "yes" ; then
   echo "TARGET_WORDS_BIGENDIAN=y" >> $config_target_mak
 fi
diff --git a/qemu-options.hx b/qemu-options.hx
index 9f6e2adfff..841d75cf6c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -31,7 +31,7 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
 "-machine [type=]name[,prop[=value][,...]]\n"
 "selects emulated machine ('-machine help' for list)\n"
 "property accel=accel1[:accel2[:...]] selects 
accelerator\n"
-"supported accelerators are kvm, xen, hax or tcg (default: 
tcg)\n"
+"supported accelerators are kvm, xen, hax, hvf or tcg 
(default: tcg)\n"
 "kernel_irqchip=on|off|split controls accelerated irqchip 
support (default=off)\n"
 "vmport=on|off|auto controls emulation of vmport (default: 
auto)\n"
 "kvm_shadow_mem=size of KVM shadow MMU in bytes\n"
@@ -66,7 +66,7 @@ Supported machine properties are:
 @table @option
 @item accel=@var{accels1}[:@var{accels2}[:...]]
 This is used to enable an accelerator. Depending on the target architecture,
-kvm, xen, hax or tcg can be available. By default, tcg is used. If there is
+kvm, xen, hax, hvf or tcg can be available. By default, tcg is used. If there 
is
 more than one accelerator specified, the next one is used if the previous one
 fails to initialize.
 @item kernel_irqchip=on|off
@@ -120,13 +120,13 @@ ETEXI
 
 DEF("accel", HAS_ARG, QEMU_OPTION_accel,
 "-accel [accel=]accelerator[,thread=single|multi]\n"
-"select accelerator (kvm, xen, hax or tcg; use 'help' for 
a list)\n"
-"thread=single|multi (enable multi-threaded TCG)\n", 
QEMU_ARCH_ALL)
+"select accelerator (kvm, xen, hax, hvf or tcg; use 'help' 
for a list)\n"
+"thread=single|multi (enable multi-threaded TCG)", 
QEMU_ARCH_ALL)
 STEXI
 @item -accel @var{name}[,prop=@var{value}[,...]]
 @findex -accel
 This is used to enable an accelerator. Depending on the target architecture,
-kvm, xen, hax or tcg can be available. By default, tcg is used. If there is
+kvm, xen, hax, hvf or tcg can be available. By default, tcg is used. If there 
is
 more than one accelerator specified, the next one is used if the previous one
 fails to 

[Qemu-devel] [PATCH 05/14] hvf: use new helper functions for put/get xsave

[Sergio Andres Gomez Del Real]

This commit makes use of the helper functions for handling xsave in
xsave_helper.c, which are shared with kvm.

Signed-off-by: Sergio Andres Gomez Del Real 
---
 target/i386/hvf-utils/x86hvf.c | 63 ++
 1 file changed, 8 insertions(+), 55 deletions(-)

diff --git a/target/i386/hvf-utils/x86hvf.c b/target/i386/hvf-utils/x86hvf.c
index d5668df37f..5c1d5ece36 100644
--- a/target/i386/hvf-utils/x86hvf.c
+++ b/target/i386/hvf-utils/x86hvf.c
@@ -76,36 +76,13 @@ void hvf_get_segment(SegmentCache *qseg, struct vmx_segment 
*vmx_seg)
 void hvf_put_xsave(CPUState *cpu_state)
 {
 
-int x;
 struct hvf_xsave_buf *xsave;
-
+
 xsave = X86_CPU(cpu_state)->env.kvm_xsave_buf;
-memset(xsave, 0, sizeof(*xsave)); 
-
-memcpy(>data[4], _CPU(cpu_state)->env.fpdp, 
sizeof(X86_CPU(cpu_state)->env.fpdp));
-memcpy(>data[2], _CPU(cpu_state)->env.fpip, 
sizeof(X86_CPU(cpu_state)->env.fpip));
-memcpy(>data[8], _CPU(cpu_state)->env.fpregs, 
sizeof(X86_CPU(cpu_state)->env.fpregs));
-memcpy(>data[144], _CPU(cpu_state)->env.ymmh_regs, 
sizeof(X86_CPU(cpu_state)->env.ymmh_regs));
-memcpy(>data[288], _CPU(cpu_state)->env.zmmh_regs, 
sizeof(X86_CPU(cpu_state)->env.zmmh_regs));
-memcpy(>data[272], _CPU(cpu_state)->env.opmask_regs, 
sizeof(X86_CPU(cpu_state)->env.opmask_regs));
-memcpy(>data[240], _CPU(cpu_state)->env.bnd_regs, 
sizeof(X86_CPU(cpu_state)->env.bnd_regs));
-memcpy(>data[256], _CPU(cpu_state)->env.bndcs_regs, 
sizeof(X86_CPU(cpu_state)->env.bndcs_regs));
-memcpy(>data[416], _CPU(cpu_state)->env.hi16_zmm_regs, 
sizeof(X86_CPU(cpu_state)->env.hi16_zmm_regs));
-
-xsave->data[0] = (uint16_t)X86_CPU(cpu_state)->env.fpuc;
-xsave->data[0] |= (X86_CPU(cpu_state)->env.fpus << 16);
-xsave->data[0] |= (X86_CPU(cpu_state)->env.fpstt & 7) << 11;
-
-for (x = 0; x < 8; ++x)
-xsave->data[1] |= ((!X86_CPU(cpu_state)->env.fptags[x]) << x);
-xsave->data[1] |= (uint32_t)(X86_CPU(cpu_state)->env.fpop << 16);
-
-memcpy(>data[40], _CPU(cpu_state)->env.xmm_regs, 
sizeof(X86_CPU(cpu_state)->env.xmm_regs));
-
-xsave->data[6] = X86_CPU(cpu_state)->env.mxcsr;
-*(uint64_t *)>data[128] = X86_CPU(cpu_state)->env.xstate_bv;
-
-if (hv_vcpu_write_fpstate(cpu_state->hvf_fd, xsave->data, 4096)){
+
+x86_cpu_xsave_all_areas(X86_CPU(cpu_state), xsave);
+
+if (hv_vcpu_write_fpstate(cpu_state->hvf_fd, xsave->data, 4096)) {
 abort();
 }
 }
@@ -185,39 +162,15 @@ void hvf_put_msrs(CPUState *cpu_state)
 
 void hvf_get_xsave(CPUState *cpu_state)
 {
-int x;
 struct hvf_xsave_buf *xsave;
-
+
 xsave = X86_CPU(cpu_state)->env.kvm_xsave_buf;
-
+
 if (hv_vcpu_read_fpstate(cpu_state->hvf_fd, xsave->data, 4096)) {
 abort();
 }
 
-memcpy(_CPU(cpu_state)->env.fpdp, >data[4], 
sizeof(X86_CPU(cpu_state)->env.fpdp));
-memcpy(_CPU(cpu_state)->env.fpip, >data[2], 
sizeof(X86_CPU(cpu_state)->env.fpip));
-memcpy(_CPU(cpu_state)->env.fpregs, >data[8], 
sizeof(X86_CPU(cpu_state)->env.fpregs));
-memcpy(_CPU(cpu_state)->env.ymmh_regs, >data[144], 
sizeof(X86_CPU(cpu_state)->env.ymmh_regs));
-memcpy(_CPU(cpu_state)->env.zmmh_regs, >data[288], 
sizeof(X86_CPU(cpu_state)->env.zmmh_regs));
-memcpy(_CPU(cpu_state)->env.opmask_regs, >data[272], 
sizeof(X86_CPU(cpu_state)->env.opmask_regs));
-memcpy(_CPU(cpu_state)->env.bnd_regs, >data[240], 
sizeof(X86_CPU(cpu_state)->env.bnd_regs));
-memcpy(_CPU(cpu_state)->env.bndcs_regs, >data[256], 
sizeof(X86_CPU(cpu_state)->env.bndcs_regs));
-memcpy(_CPU(cpu_state)->env.hi16_zmm_regs, >data[416], 
sizeof(X86_CPU(cpu_state)->env.hi16_zmm_regs));
-
-
-X86_CPU(cpu_state)->env.fpuc = (uint16_t)xsave->data[0];
-X86_CPU(cpu_state)->env.fpus = (uint16_t)(xsave->data[0] >> 16);
-X86_CPU(cpu_state)->env.fpstt = (X86_CPU(cpu_state)->env.fpus >> 11) & 7;
-X86_CPU(cpu_state)->env.fpop = (uint16_t)(xsave->data[1] >> 16);
-
-for (x = 0; x < 8; ++x)
-   X86_CPU(cpu_state)->env.fptags[x] =
-uint16_t)xsave->data[1] >> x) & 1) == 0);
-
-memcpy(_CPU(cpu_state)->env.xmm_regs, >data[40], 
sizeof(X86_CPU(cpu_state)->env.xmm_regs));
-
-X86_CPU(cpu_state)->env.mxcsr = xsave->data[6];
-X86_CPU(cpu_state)->env.xstate_bv = *(uint64_t *)>data[128];
+x86_cpu_xrstor_all_areas(X86_CPU(cpu_state), xsave);
 }
 
 void hvf_get_segments(CPUState *cpu_state)
-- 
2.14.1

[Qemu-devel] [PATCH 06/14] hvf: add compilation rules to Makefile.objs

[Sergio Andres Gomez Del Real]

This commit adds to target/i386/Makefile.objs the necessary rules so
that the new files for hvf are compiled by the build system.
It also adds handling of the -enable-hvf argument in the main function
in vl.c.

Signed-off-by: Sergio Andres Gomez Del Real 
---
 target/i386/Makefile.objs | 1 +
 vl.c  | 7 +++
 2 files changed, 8 insertions(+)

diff --git a/target/i386/Makefile.objs b/target/i386/Makefile.objs
index 6a26e9d9f0..0bef89c099 100644
--- a/target/i386/Makefile.objs
+++ b/target/i386/Makefile.objs
@@ -12,4 +12,5 @@ obj-$(CONFIG_HAX) += hax-all.o hax-mem.o hax-windows.o
 endif
 ifdef CONFIG_DARWIN
 obj-$(CONFIG_HAX) += hax-all.o hax-mem.o hax-darwin.o
+obj-$(CONFIG_HVF) += hvf-utils/ hvf-all.o
 endif
diff --git a/vl.c b/vl.c
index 8e247cc2a2..de7d2a3858 100644
--- a/vl.c
+++ b/vl.c
@@ -3751,6 +3751,13 @@ int main(int argc, char **argv, char **envp)
 olist = qemu_find_opts("machine");
 qemu_opts_parse_noisily(olist, "accel=hax", false);
 break;
+#if defined(__APPLE__)
+case QEMU_OPTION_enable_hvf:
+olist = qemu_find_opts("machine");
+qemu_opts_parse_noisily(olist, "accel=hvf", false);
+hvf_disable(0);
+break;
+#endif
 case QEMU_OPTION_M:
 case QEMU_OPTION_machine:
 olist = qemu_find_opts("machine");
-- 
2.14.1

[Qemu-devel] [PULL 0/1] slirp updates

[Samuel Thibault]

warning: redirection vers https://people.debian.org/~sthibault/qemu.git/
The following changes since commit 04d74e07b4542aad5aa4ad03951b38b767f5314a:

  slirp: fix clearing ifq_so from pending packets (2017-08-26 01:04:12 +0200)

are available in the git repository at:

  http://people.debian.org/~sthibault/qemu.git tags/samuel-thibault

for you to fetch changes up to 04d74e07b4542aad5aa4ad03951b38b767f5314a:

  slirp: fix clearing ifq_so from pending packets (2017-08-26 01:04:12 +0200)


slirp updates

[Qemu-devel] [PULL 1/1] slirp: fix clearing ifq_so from pending packets

[Samuel Thibault]

The if_fastq and if_batchq contain not only packets, but queues of packets
for the same socket. When sofree frees a socket, it thus has to clear ifq_so
from all the packets from the queues, not only the first.

Signed-off-by: Samuel Thibault 
Reviewed-by: Philippe Mathieu-Daudé 
---
 slirp/socket.c | 39 +++
 1 file changed, 23 insertions(+), 16 deletions(-)

diff --git a/slirp/socket.c b/slirp/socket.c
index ecec0295a9..cb7b5b608d 100644
--- a/slirp/socket.c
+++ b/slirp/socket.c
@@ -59,6 +59,27 @@ socreate(Slirp *slirp)
   return(so);
 }
 
+/*
+ * Remove references to so from the given message queue.
+ */
+static void
+soqfree(struct socket *so, struct quehead *qh)
+{
+struct mbuf *ifq;
+
+for (ifq = (struct mbuf *) qh->qh_link;
+ (struct quehead *) ifq != qh;
+ ifq = ifq->ifq_next) {
+if (ifq->ifq_so == so) {
+struct mbuf *ifm;
+ifq->ifq_so = NULL;
+for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
+ifm->ifq_so = NULL;
+}
+}
+}
+}
+
 /*
  * remque and free a socket, clobber cache
  */
@@ -66,23 +87,9 @@ void
 sofree(struct socket *so)
 {
   Slirp *slirp = so->slirp;
-  struct mbuf *ifm;
 
-  for (ifm = (struct mbuf *) slirp->if_fastq.qh_link;
-   (struct quehead *) ifm != >if_fastq;
-   ifm = ifm->ifq_next) {
-if (ifm->ifq_so == so) {
-  ifm->ifq_so = NULL;
-}
-  }
-
-  for (ifm = (struct mbuf *) slirp->if_batchq.qh_link;
-   (struct quehead *) ifm != >if_batchq;
-   ifm = ifm->ifq_next) {
-if (ifm->ifq_so == so) {
-  ifm->ifq_so = NULL;
-}
-  }
+  soqfree(so, >if_fastq);
+  soqfree(so, >if_batchq);
 
   if (so->so_emu==EMU_RSH && so->extra) {
sofree(so->extra);
-- 
2.14.1

Re: [Qemu-devel] Qemu 2.10 rc4 build issue on BE (luigi burdo)

[Programmingkid]

> Hi all,
> 
> the last rc4 from the qemu website fail in build in some parts on BE hardware.
> 
> attached on this email there is the configure and the build log hope it helps
> 
> 
> My machine is : PowerMac G5 Quad .
> 
> Distro is Ferdora 25 PPC64.
> 
> 
> 
> Thanks
> 
> Luigi

It would help if we knew which files caused the error. Sending attachments to 
these mailing lists does not work. Please send them in the email. 

My suggestion is try this command: yum install qemu

It is your distribution's way of installing QEMU.


Please fill this out:

Configuration (e.g. ./configure --target-list=i386-softmmu):

Error messages:


Thank you.

Re: [Qemu-devel] [PATCH v4 11/43] tcg: define CF_PARALLEL and use it for TB hashing along with CF_COUNT_MASK

[Pranith Kumar]

Hi Emilio,

On Fri, Jul 21, 2017 at 1:59 AM, Emilio G. Cota  wrote:
> This will enable us to decouple code translation from the value
> of parallel_cpus at any given time. It will also help us minimize
> TB flushes when generating code via EXCP_ATOMIC.
>
> Note that the declaration of parallel_cpus is brought to exec-all.h
> to be able to define there the "curr_cflags" inline.
>
> Signed-off-by: Emilio G. Cota 

I was testing a winxp image today and I bisected a infinite loop to
this commit. The loop happens both with and without mttcg, so I think
it has got to do with something else.

It seems to be executing this instruction:

Trace 0x7fffc1d036c0 [0: 000c9a6b]

IN:
0x000c9a6b:  rep movsb %cs:(%si),%es:(%di)

and never stops.

You can find an execution log here: http://pranith.org/files/log_n.txt.gz

Let me know if you need more information.

Thanks,

> ---
>  include/exec/exec-all.h   | 20 +++-
>  include/exec/tb-hash-xx.h |  9 ++---
>  include/exec/tb-hash.h|  4 ++--
>  include/exec/tb-lookup.h  |  6 +++---
>  tcg/tcg.h |  1 -
>  accel/tcg/cpu-exec.c  | 45 +++--
>  accel/tcg/translate-all.c | 13 +
>  exec.c|  2 +-
>  tcg/tcg-runtime.c |  2 +-
>  tests/qht-bench.c |  2 +-
>  10 files changed, 65 insertions(+), 39 deletions(-)
>
> diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
> index 8cbd90b..f6a928d 100644
> --- a/include/exec/exec-all.h
> +++ b/include/exec/exec-all.h
> @@ -353,6 +353,9 @@ struct TranslationBlock {
>  #define CF_USE_ICOUNT  0x2
>  #define CF_IGNORE_ICOUNT 0x4 /* Do not generate icount code */
>  #define CF_INVALID 0x8 /* TB is stale. Setters must acquire tb_lock 
> */
> +#define CF_PARALLEL0x10 /* Generate code for a parallel context */
> +/* cflags' mask for hashing/comparison */
> +#define CF_HASH_MASK (CF_COUNT_MASK | CF_PARALLEL)
>
>  /* Per-vCPU dynamic tracing state used to generate this TB */
>  uint32_t trace_vcpu_dstate;
> @@ -396,11 +399,26 @@ struct TranslationBlock {
>  uintptr_t jmp_list_first;
>  };
>
> +extern bool parallel_cpus;
> +
> +/* Hide the atomic_read to make code a little easier on the eyes */
> +static inline uint32_t tb_cflags(const TranslationBlock *tb)
> +{
> +return atomic_read(>cflags);
> +}
> +
> +/* current cflags for hashing/comparison */
> +static inline uint32_t curr_cflags(void)
> +{
> +return parallel_cpus ? CF_PARALLEL : 0;
> +}
> +
>  void tb_free(TranslationBlock *tb);
>  void tb_flush(CPUState *cpu);
>  void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr);
>  TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
> -   target_ulong cs_base, uint32_t flags);
> +   target_ulong cs_base, uint32_t flags,
> +   uint32_t cf_mask);
>
>  #if defined(USE_DIRECT_JUMP)
>
> diff --git a/include/exec/tb-hash-xx.h b/include/exec/tb-hash-xx.h
> index 6cd3022..747a9a6 100644
> --- a/include/exec/tb-hash-xx.h
> +++ b/include/exec/tb-hash-xx.h
> @@ -48,8 +48,8 @@
>   * xxhash32, customized for input variables that are not guaranteed to be
>   * contiguous in memory.
>   */
> -static inline
> -uint32_t tb_hash_func6(uint64_t a0, uint64_t b0, uint32_t e, uint32_t f)
> +static inline uint32_t
> +tb_hash_func7(uint64_t a0, uint64_t b0, uint32_t e, uint32_t f, uint32_t g)
>  {
>  uint32_t v1 = TB_HASH_XX_SEED + PRIME32_1 + PRIME32_2;
>  uint32_t v2 = TB_HASH_XX_SEED + PRIME32_2;
> @@ -78,7 +78,7 @@ uint32_t tb_hash_func6(uint64_t a0, uint64_t b0, uint32_t 
> e, uint32_t f)
>  v4 *= PRIME32_1;
>
>  h32 = rol32(v1, 1) + rol32(v2, 7) + rol32(v3, 12) + rol32(v4, 18);
> -h32 += 24;
> +h32 += 28;
>
>  h32 += e * PRIME32_3;
>  h32  = rol32(h32, 17) * PRIME32_4;
> @@ -86,6 +86,9 @@ uint32_t tb_hash_func6(uint64_t a0, uint64_t b0, uint32_t 
> e, uint32_t f)
>  h32 += f * PRIME32_3;
>  h32  = rol32(h32, 17) * PRIME32_4;
>
> +h32 += g * PRIME32_3;
> +h32  = rol32(h32, 17) * PRIME32_4;
> +
>  h32 ^= h32 >> 15;
>  h32 *= PRIME32_2;
>  h32 ^= h32 >> 13;
> diff --git a/include/exec/tb-hash.h b/include/exec/tb-hash.h
> index 17b5ee0..0526c4f 100644
> --- a/include/exec/tb-hash.h
> +++ b/include/exec/tb-hash.h
> @@ -59,9 +59,9 @@ static inline unsigned int 
> tb_jmp_cache_hash_func(target_ulong pc)
>
>  static inline
>  uint32_t tb_hash_func(tb_page_addr_t phys_pc, target_ulong pc, uint32_t 
> flags,
> -  uint32_t trace_vcpu_dstate)
> +  uint32_t cf_mask, uint32_t trace_vcpu_dstate)
>  {
> -return tb_hash_func6(phys_pc, pc, flags, trace_vcpu_dstate);
> +return tb_hash_func7(phys_pc, pc, flags, cf_mask, trace_vcpu_dstate);
>  }
>
>  #endif
> diff --git a/include/exec/tb-lookup.h 

[Qemu-devel] [RFC] Buffers/caches in VirtIO Balloon driver stats

[Tomáš Golembiovský]

Hi,

We'd like to include information about reclaimable memory into the
statistics in VirtiO Balloon driver. Namely, we'd like to include
counters for bufferes and caches of Linux kernel. The patch itself is
pretty trivial -- no problem there. But before we do that I'd like to
get some input from the QEMU community.

1) Is there any reason not to have the stats there?

2) Considering the balloon device is multiplatform (Linux, BSD,
Windows), is there a problem with including buffers/caches? These seem
to be specific to the Linux virtual memory subsystem. Of course, other
OSes could just report zeros. Are there some internal stats on those
OSes that could be filled in? I don't now if such or similar statistic
are available on BSD. On Windows only SystemCache stat looks like
something relevant. Anyone familiar with those OSes has any suggestions?

Tomas

-- 
Tomáš Golembiovský 

[Qemu-devel] [PATCH v3] audio: intel-hda: do not use old_mmio accesses

[Matt Parker]

intel-hda is currently using the old_mmio accessors for io.
This updates the device to use .read and .write accessors instead.

Signed-off-by: Matt Parker 
---
v3:
 * use MAKE_64BIT_MASK
---
 hw/audio/intel-hda.c | 58 ++--
 1 file changed, 11 insertions(+), 47 deletions(-)

diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
index 06acc98f7b..18a50a8f83 100644
--- a/hw/audio/intel-hda.c
+++ b/hw/audio/intel-hda.c
@@ -22,6 +22,7 @@
 #include "hw/pci/pci.h"
 #include "hw/pci/msi.h"
 #include "qemu/timer.h"
+#include "qemu/bitops.h"
 #include "hw/audio/soundhw.h"
 #include "intel-hda.h"
 #include "intel-hda-defs.h"
@@ -1043,66 +1044,29 @@ static void intel_hda_regs_reset(IntelHDAState *d)
 
 /* - */
 
-static void intel_hda_mmio_writeb(void *opaque, hwaddr addr, uint32_t val)
+static void intel_hda_mmio_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
 {
 IntelHDAState *d = opaque;
 const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
 
-intel_hda_reg_write(d, reg, val, 0xff);
+intel_hda_reg_write(d, reg, val, MAKE_64BIT_MASK(0, size * 8));
 }
 
-static void intel_hda_mmio_writew(void *opaque, hwaddr addr, uint32_t val)
+static uint64_t intel_hda_mmio_read(void *opaque, hwaddr addr, unsigned size)
 {
 IntelHDAState *d = opaque;
 const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
 
-intel_hda_reg_write(d, reg, val, 0x);
-}
-
-static void intel_hda_mmio_writel(void *opaque, hwaddr addr, uint32_t val)
-{
-IntelHDAState *d = opaque;
-const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
-
-intel_hda_reg_write(d, reg, val, 0x);
-}
-
-static uint32_t intel_hda_mmio_readb(void *opaque, hwaddr addr)
-{
-IntelHDAState *d = opaque;
-const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
-
-return intel_hda_reg_read(d, reg, 0xff);
-}
-
-static uint32_t intel_hda_mmio_readw(void *opaque, hwaddr addr)
-{
-IntelHDAState *d = opaque;
-const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
-
-return intel_hda_reg_read(d, reg, 0x);
-}
-
-static uint32_t intel_hda_mmio_readl(void *opaque, hwaddr addr)
-{
-IntelHDAState *d = opaque;
-const IntelHDAReg *reg = intel_hda_reg_find(d, addr);
-
-return intel_hda_reg_read(d, reg, 0x);
+return intel_hda_reg_read(d, reg, MAKE_64BIT_MASK(0, size * 8));
 }
 
 static const MemoryRegionOps intel_hda_mmio_ops = {
-.old_mmio = {
-.read = {
-intel_hda_mmio_readb,
-intel_hda_mmio_readw,
-intel_hda_mmio_readl,
-},
-.write = {
-intel_hda_mmio_writeb,
-intel_hda_mmio_writew,
-intel_hda_mmio_writel,
-},
+.read = intel_hda_mmio_read,
+.write = intel_hda_mmio_write,
+.impl = {
+.min_access_size = 1,
+.max_access_size = 4,
 },
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
-- 
2.13.2

Re: [Qemu-devel] kvm_intel fails to load on Conroe CPUs running Linux 4.12

[Paolo Bonzini]

Il 27 ago 2017 4:48 PM, "Gerhard Wiesinger"  ha
scritto:

On 27.08.2017 14:03, Paolo Bonzini wrote:

>
> We will revert the patch, but 4.13.0 will not have the fix. Expect it in
> later stable kernels (because vacations).
>
>
Thnx. Why will 4.13.0 NOT have the fix?


Because maintainers are on vacation! :-)

Paolo

[Qemu-devel] [PATCH] i386: fix 0x66 prefix in disassembler and translator

[Jürgen Buchmüller]

The opcodes 0xe8 (call) and 0xe9 (jump), when prefixed by 0x66, do not
use a 16 bit offset, but still 32 bits, just like conditional relative
jumps. To distinguish between conditional jumps and the unconditional
call/jump add a new call_jump_mode and a call_jump_flag. This
prerevents data size changes for both, call_jump_mode and
cond_jump_mode when using the Intel syntax.

In the translator respect data size changes only, if the CPU is not
and Intel type. Otherwise the size of the call/jmp is always 32 bits.

See https://github.com/xoreaxeaxeax/sandsifter/blob/master/references/d
omas_breaking_the_x86_isa_wp.pdf
for the details and reasoning.

Signed-off-by: Jürgen Buchmüller 
---
 disas/i386.c| 31 ++-
 target/i386/translate.c | 56 -

 2 files changed, 54 insertions(+), 33 deletions(-)

diff --git a/disas/i386.c b/disas/i386.c
index f1e376ca4a..2b18285fb8 100644
--- a/disas/i386.c
+++ b/disas/i386.c
@@ -464,6 +464,7 @@ fetch_data(struct disassemble_info *info, bfd_byte
*addr)
 #define ALr { REP_Fixup, al_reg }
 #define eAXr { REP_Fixup, eAX_reg }
 
+#define call_jump_flag { NULL, call_jump_mode }
 #define cond_jump_flag { NULL, cond_jump_mode }
 #define loop_jcxz_flag { NULL, loop_jcxz_mode }
 
@@ -480,17 +481,18 @@ fetch_data(struct disassemble_info *info,
bfd_byte *addr)
 #define t_mode 6  /* ten-byte operand */
 #define x_mode 7  /* 16-byte XMM operand */
 #define m_mode 8  /* d_mode in 32bit, q_mode in 64bit mode.  */
-#define cond_jump_mode 9
-#define loop_jcxz_mode 10
-#define dq_mode 11 /* operand size depends on REX prefixes.  */
-#define dqw_mode 12 /* registers like dq_mode, memory like w_mode.  */
-#define f_mode 13 /* 4- or 6-byte pointer operand */
-#define const_1_mode 14
-#define stack_v_mode 15 /* v_mode for stack-related opcodes.  */
-#define z_mode 16 /* non-quad operand size depends on prefixes */
-#define o_mode 17  /* 16-byte operand */
-#define dqb_mode 18 /* registers like dq_mode, memory like b_mode.  */
-#define dqd_mode 19 /* registers like dq_mode, memory like d_mode.  */
+#define call_jump_mode 9
+#define cond_jump_mode 10
+#define loop_jcxz_mode 11
+#define dq_mode 12 /* operand size depends on REX prefixes.  */
+#define dqw_mode 13 /* registers like dq_mode, memory like w_mode.  */
+#define f_mode 14 /* 4- or 6-byte pointer operand */
+#define const_1_mode 15
+#define stack_v_mode 16 /* v_mode for stack-related opcodes.  */
+#define z_mode 17 /* non-quad operand size depends on prefixes */
+#define o_mode 18  /* 16-byte operand */
+#define dqb_mode 19 /* registers like dq_mode, memory like b_mode.  */
+#define dqd_mode 20 /* registers like dq_mode, memory like d_mode.  */
 
 #define es_reg 100
 #define cs_reg 101
@@ -1007,8 +1009,8 @@ static const struct dis386 dis386[] = {
   { "outB",{ Ib, AL } },
   { "outG",{ Ib, zAX } },
   /* e8 */
-  { "callT",   { Jv } },
-  { "jmpT",{ Jv } },
+  { "callT",   { Jv, XX, call_jump_flag } },
+  { "jmpT",{ Jv, XX, call_jump_flag } },
   { "Jjmp{T|}",{ Ap } },
   { "jmp", { Jb } },
   { "inB", { AL, indirDX } },
@@ -3968,7 +3970,8 @@ print_insn (bfd_vma pc, disassemble_info *info)
   if (!uses_DATA_prefix && (prefixes & PREFIX_DATA))
 {
   sizeflag ^= DFLAG;
-  if (dp->op[2].bytemode == cond_jump_mode
+  if ((dp->op[2].bytemode == call_jump_mode
+   || dp->op[2].bytemode == cond_jump_mode)
  && dp->op[0].bytemode == v_mode
  && !intel_syntax)
{
diff --git a/target/i386/translate.c b/target/i386/translate.c
index 5fdadf98cf..a97cc9496f 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -6480,17 +6480,26 @@ static target_ulong disas_insn(CPUX86State
*env, DisasContext *s,
 break;
 case 0xe8: /* call im */
 {
-if (dflag != MO_16) {
-tval = (int32_t)insn_get(env, s, MO_32);
+if (env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1) {
+if (dflag != MO_16) {
+tval = (int32_t)insn_get(env, s, MO_32);
+} else {
+tval = (int16_t)insn_get(env, s, MO_16);
+}
+next_eip = s->pc - s->cs_base;
+tval += next_eip;
+if (dflag == MO_16) {
+tval &= 0x;
+} else if (!CODE64(s)) {
+tval &= 0x;
+}
 } else {
-tval = (int16_t)insn_get(env, s, MO_16);
-}
-next_eip = s->pc - s->cs_base;
-tval += next_eip;
-if (dflag == MO_16) {
-tval &= 0x;
-} else if (!CODE64(s)) {
-tval &= 0x;
+tval = (int32_t)insn_get(env, s, MO_32);
+next_eip = s->pc - s->cs_base;
+

[Qemu-devel] Qemu 2.10 rc4 build issue on BE

[luigi burdo]

Hi all,

the last rc4 from the qemu website fail in build in some parts on BE hardware.

attached on this email there is the configure and the build log hope it helps


My machine is : PowerMac G5 Quad .

Distro is Ferdora 25 PPC64.



Thanks

Luigi

 ./configure 
--target-list=ppc64-softmmu,ppc-softmmu,x86_64-softmmu,arm-softmmu,i386-softmmu 
--with-sdlabi=2.0 --with-gtkabi=3.0 --audio-drv-list=pa,sdl,alsa 
--disable-werror
Install prefix/usr/local
BIOS directory/usr/local/share/qemu
binary directory  /usr/local/bin
library directory /usr/local/lib
module directory  /usr/local/lib/qemu
libexec directory /usr/local/libexec
include directory /usr/local/include
config directory  /usr/local/etc
local state directory   /usr/local/var
Manual directory  /usr/local/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /home/amigaone/Downloads/qemu-2.10.0-rc4
C compilercc
Host C compiler   cc
C++ compiler  c++
Objective-C compiler clang
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g 
QEMU_CFLAGS   -I/usr/include/pixman-1  -pthread -I/usr/include/glib-2.0 
-I/usr/lib64/glib-2.0/include -DNCURSES_WIDECHAR -D_GNU_SOURCE -m64 
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels 
-Wno-shift-negative-value -Wno-missing-include-dirs -Wempty-body 
-Wnested-externs -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition 
-Wtype-limits -fstack-protector-strong -I/usr/include/p11-kit-1   
-I/usr/include/libpng16 -I/usr/include/libdrm  -I/usr/include/libusb-1.0
LDFLAGS   -Wl,--warn-common -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  ppc64
host big endian   yes
target list   ppc64-softmmu ppc-softmmu x86_64-softmmu arm-softmmu 
i386-softmmu
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (2.0.5)
GTK support   yes (3.22.17)
GTK GL supportyes
VTE support   no 
TLS priority  NORMAL
GNUTLS supportyes
GNUTLS rndyes
libgcrypt no
libgcrypt kdf no
nettleyes (3.3)
nettle kdfyes
libtasn1  yes
curses supportyes
virgl support yes
curl support  no
mingw32 support   no
Audio drivers pa sdl alsa
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportyes
VNC support   yes
VNC SASL support  no
VNC JPEG support  yes
VNC PNG support   yes
xen support   no
brlapi supportno
bluez  supportno
Documentation no
PIE   no
vde support   no
netmap supportno
Linux AIO support yes
ATTR/XATTR support yes
Install blobs yes
KVM support   yes
HAX support   no
TCG support   yes
TCG debug enabled no
TCG interpreter   no
RDMA support  no
fdt support   yes
preadv supportyes
fdatasync yes
madvise   yes
posix_madvise yes
libcap-ng support no
vhost-net support yes
vhost-scsi support yes
vhost-vsock support yes
vhost-user support yes
Trace backendslog
spice support no 
rbd support   no
xfsctl supportno
smartcard support no
libusbyes
usb net redir no
OpenGL supportyes
OpenGL dmabufsyes
libiscsi support  no
libnfs supportno
build guest agent yes
QGA VSS support   no
QGA w32 disk info no
QGA MSI support   no
seccomp support   no
coroutine backend ucontext
coroutine poolyes
debug stack usage no
crypto afalg  no
GlusterFS support no
gcov  gcov
gcov enabled  no
TPM support   yes
libssh2 support   no
TPM passthrough   no
QOM debugging yes
Live block migration yes
lzo support   no
snappy supportyes
bzip2 support yes
NUMA host support yes
tcmalloc support  no
jemalloc support  no
avx2 optimization no
replication support yes
VxHS block device no




[$ make -j4
  GEN ppc64-softmmu/config-devices.mak.tmp
  GEN ppc-softmmu/config-devices.mak.tmp
  GEN x86_64-softmmu/config-devices.mak.tmp
  GEN arm-softmmu/config-devices.mak.tmp
  GEN arm-softmmu/config-devices.mak
  GEN x86_64-softmmu/config-devices.mak
  GEN ppc-softmmu/config-devices.mak
  GEN ppc64-softmmu/config-devices.mak
  GEN i386-softmmu/config-devices.mak.tmp
  GEN config-host.h
  GEN qemu-options.def
  GEN qmp-commands.h
  GEN i386-softmmu/config-devices.mak
  GEN qapi-types.h
  GEN qapi-visit.h
  GEN qapi-event.h
  GEN qmp-marshal.c
  GEN qapi-types.c
  GEN qapi-visit.c
  GEN qapi-event.c
  GEN qmp-introspect.h
  GEN qmp-introspect.c
  GEN trace/generated-tcg-tracers.h
  GEN trace/generated-helpers-wrappers.h
  GEN trace/generated-helpers.h
  GEN 

Re: [Qemu-devel] kvm_intel fails to load on Conroe CPUs running Linux 4.12

[Gerhard Wiesinger]

On 27.08.2017 14:03, Paolo Bonzini wrote:

Il 27 ago 2017 9:49 AM, "Gerhard Wiesinger"  ha
scritto:

On 17.08.2017 23:14, Gerhard Wiesinger wrote:


On 17.08.2017 22:58, Gerhard Wiesinger wrote:

On 07.08.2017 19:50, Paolo Bonzini wrote:


Not much to say, unfortunately. It's pretty much the same capabilities
as a Prescott/Cedar Mill processor, except that it has MSR bitmaps. It
also lacks FlexPriority compared to the Conroe I had checked.

It's not great that even the revert patch doesn't apply cleanly---this
is *not* necessarily a boring area of the hypervisor...

Given the rarity of your machine I'm currently leaning towards _not_
reverting the change. I'll check another non-Xeon Core 2 tomorrow that
is from December 2008 (IIRC). If that one also lacks vNMI, or if I get
other reports, I suppose I will have to reconsider that.

Hello Paolo,

Can you please revert the patch.

CPU is a Core 2 Extreme QX6700: SL9UL (B3) running VERY stable with ECC
RAM for years now.
https://ark.intel.com/products/28028/Intel-Core2-Extreme-
Processor-QX6700-8M-Cache-2_66-GHz-1066-MHz-FSB?q=Core%
202%20Extreme%20QX6700
https://en.wikipedia.org/wiki/List_of_Intel_Core_2_microprocessors

CPU details below.

Thank you.

Ciao,
Gerhard


Hello Paolo,

Any update on this major issue?


We will revert the patch, but 4.13.0 will not have the fix. Expect it in
later stable kernels (because vacations).

Thnx. Why will 4.13.0 NOT have the fix?

Thnx.

Ciao,
Gerhard

Re: [Qemu-devel] kvm_intel fails to load on Conroe CPUs running Linux 4.12

[Gerhard Wiesinger]

On 27.08.2017 14:03, Paolo Bonzini wrote:
Il 27 ago 2017 9:49 AM, "Gerhard Wiesinger" > ha scritto:


On 17.08.2017 23:14, Gerhard Wiesinger wrote:

On 17.08.2017 22:58, Gerhard Wiesinger wrote:
>
> On 07.08.2017 19:50, Paolo Bonzini wrote:
>
> >Not much to say, unfortunately. It's pretty much the same
capabilities
> >as a Prescott/Cedar Mill processor, except that it has MSR
bitmaps. It
> >also lacks FlexPriority compared to the Conroe I had checked.
> >
> >It's not great that even the revert patch doesn't apply
cleanly---this
> >is *not* necessarily a boring area of the hypervisor...
> >
> >Given the rarity of your machine I'm currently leaning
towards _not_
> >reverting the change. I'll check another non-Xeon Core 2
tomorrow that
> >is from December 2008 (IIRC). If that one also lacks vNMI,
or if I get
> >other reports, I suppose I will have to reconsider that.

Hello Paolo,

Can you please revert the patch.

CPU is a Core 2 Extreme QX6700: SL9UL (B3) running VERY stable
with ECC RAM for years now.

https://ark.intel.com/products/28028/Intel-Core2-Extreme-Processor-QX6700-8M-Cache-2_66-GHz-1066-MHz-FSB?q=Core%202%20Extreme%20QX6700



https://en.wikipedia.org/wiki/List_of_Intel_Core_2_microprocessors


CPU details below.

Thank you.

Ciao,
Gerhard


Hello Paolo,

Any update on this major issue?


We will revert the patch, but 4.13.0 will not have the fix. Expect it 
in later stable kernels (because vacations).




Thnx. Why will 4.13.0 NOT have the fix?

Thnx.

Ciao,
Gerhard

[Qemu-devel] Using the latest git version of qemu and usb-tablet.

[Hongyi Zhao]

Hi all,

Currently, I use the latest git version of qemu, see following for detail:

$ qemu-system-x86_64 --version
QEMU emulator version 2.9.90 (v2.10.0-rc0-29-ga588c4985e-dirty)
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers
$

On my Debian Stretch host, I installed the macOS Sierra 10.12.6 as the
guest with qemu/kvm  based on the instructions here:

https://github.com/kholia/OSX-KVM

And I started the qemu with the following option:

  -device usb-tablet

With the above methods, I already can move the mouse through the host
and guest seamlessly.

Please note, I don't install the "Driver for Qemu's usb-tablet
absolute pointing device" in the guest OS.

As you can see from my above description, I don't install the
following driver on the guest:
http://philjordan.eu/osx-virt/binaries/QemuUSBTablet-1.2.pkg, but
still I can obtain the corresponding effect.

So, my issue is:  When using the latest git version of qemu, is it
still need to install this driver or not?

Regards
-- 
Hongsheng Zhao 
Institute of Semiconductors, Chinese Academy of Sciences
GnuPG DSA: 0xD108493

[Qemu-devel] [Bug 1713328] [NEW] Unable to C-a in -nographic if -serial telnet

[Dario Niedermann]

Public bug reported:

qemu-system-i386 (version 2.6.1, running on Linux/x86_64) started with:

qemu-system-i386 -m 64M -machine type=pc -rtc base=localtime,clock=host
-nographic -serial telnet:127.0.0.1:1234,server,nowait -net
nic,model=ne2k_pci -net user,hostfwd=tcp:127.0.0.1:2200-:22,tftp=/

does not accept the escape key (C-a) to perform functions such as
switching from monitor to console. Verified both in GNU screen and in
the Linux console.

If '-serial telnet:127.0.0.1:1234,server,nowait' is removed from the
command line, the escape key is accepted (and Qemu doesn't enter the
monitor immediately).

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1713328

Title:
  Unable to C-a in -nographic if -serial telnet

Status in QEMU:
  New

Bug description:
  qemu-system-i386 (version 2.6.1, running on Linux/x86_64) started
  with:

  qemu-system-i386 -m 64M -machine type=pc -rtc
  base=localtime,clock=host -nographic -serial
  telnet:127.0.0.1:1234,server,nowait -net nic,model=ne2k_pci -net
  user,hostfwd=tcp:127.0.0.1:2200-:22,tftp=/

  does not accept the escape key (C-a) to perform functions such as
  switching from monitor to console. Verified both in GNU screen and in
  the Linux console.

  If '-serial telnet:127.0.0.1:1234,server,nowait' is removed from the
  command line, the escape key is accepted (and Qemu doesn't enter the
  monitor immediately).

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1713328/+subscriptions

Re: [Qemu-devel] [Qemu-ppc] [PATCH 00/15] Sam460ex emulation

[BALATON Zoltan]

Hello,

Just to confirm where we are with this series, let me summarise what I got 
from the replies and what's my plan for this based on that. Here's the 
list of patches for reference:


[PATCH 01/15] ppc4xx: Move MAL from ppc405_uc to ppc4xx_devs
[PATCH 02/15] ppc4xx: Make MAL emulation more generic
[PATCH 03/15] ohci: Allow sysbus version to be used as a companion
[PATCH 04/15] ehci: Add ppc4xx-ehci for the USB 2.0 controller in embedded PPC 
SoCs
[PATCH 05/15] ppc4xx: Split off 4xx I2C emulation from ppc405_uc to its own file
[PATCH 06/15] ppc4xx_i2c: QOMify
[PATCH 07/15] ppc4xx_i2c: Move to hw/i2c
[PATCH 08/15] ppc4xx_i2c: Implement basic I2C functions
[PATCH 09/15] hw/ide: Emulate SiI3112 SATA controller
[PATCH 10/15] ppc440: Add emulation of plb-pcix controller found in some 440 
SoCs
[PATCH 11/15] ppc: Add 460EX embedded CPU
[PATCH 12/15] ppc4xx: Export ECB and PLB emulation
[PATCH 13/15] ppc4xx: Add more PLB registers
[PATCH 14/15] ppc4xx: Add device models found in PPC440 core SoCs
[PATCH 15/15] ppc: Add aCube Sam460ex board

- I think 1-7 is either already queued for 2.11 or could be applied as is 
having got reviews without need to change so I don't need to resend them. 
So are 11-13 if I got that right. That leaves 8-10 and 14-15 that I'll 
resend.


- I'm not sure if 8 was reviewed or do I need to make any modifications to 
it.


- I know I should change 9-10 and 14-15 based on review comments and 
resend.


Since I'll likely also need to change those patches to fix the bugs we 
know about currently, I thought I should probably resend after those bugs 
are fixed to avoid subsequent fixup patches. Since this will not be before 
next week (because I don't have time for it before that) I hope 
development should be open again and those patches that are already OK 
could be merged by then so I can rebase on that and only resend the 
missing ones as described above. Is that OK or did I miss something?


David, in case you want to stage all of this in your for-2.11 branch 
before all patches are ready and send them together, then where is this 
branch I should rebase to?


Regards,
BALATON Zoltan

Re: [Qemu-devel] kvm_intel fails to load on Conroe CPUs running Linux 4.12

[Paolo Bonzini]

Il 27 ago 2017 9:49 AM, "Gerhard Wiesinger"  ha
scritto:

On 17.08.2017 23:14, Gerhard Wiesinger wrote:

> On 17.08.2017 22:58, Gerhard Wiesinger wrote:
> >
> > On 07.08.2017 19:50, Paolo Bonzini wrote:
> >
> > >Not much to say, unfortunately. It's pretty much the same capabilities
> > >as a Prescott/Cedar Mill processor, except that it has MSR bitmaps. It
> > >also lacks FlexPriority compared to the Conroe I had checked.
> > >
> > >It's not great that even the revert patch doesn't apply cleanly---this
> > >is *not* necessarily a boring area of the hypervisor...
> > >
> > >Given the rarity of your machine I'm currently leaning towards _not_
> > >reverting the change. I'll check another non-Xeon Core 2 tomorrow that
> > >is from December 2008 (IIRC). If that one also lacks vNMI, or if I get
> > >other reports, I suppose I will have to reconsider that.
>
> Hello Paolo,
>
> Can you please revert the patch.
>
> CPU is a Core 2 Extreme QX6700: SL9UL (B3) running VERY stable with ECC
> RAM for years now.
> https://ark.intel.com/products/28028/Intel-Core2-Extreme-
> Processor-QX6700-8M-Cache-2_66-GHz-1066-MHz-FSB?q=Core%
> 202%20Extreme%20QX6700
> https://en.wikipedia.org/wiki/List_of_Intel_Core_2_microprocessors
>
> CPU details below.
>
> Thank you.
>
> Ciao,
> Gerhard
>

Hello Paolo,

Any update on this major issue?


We will revert the patch, but 4.13.0 will not have the fix. Expect it in
later stable kernels (because vacations).

Paolo

Thnx.

Ciao,
Gerhard

Re: [Qemu-devel] [PATCH 3/5] pci: Add INTERFACE_PCIE_DEVICE to all PCIe devices

[Marcel Apfelbaum]

Hi Eduardo,

On 24/08/2017 1:14, Eduardo Habkost wrote:

Change all devices that set is_express=1 to implement
INTERFACE_PCIE_DEVICE.



Can this interface *replace* is_express field?

Thanks,
Marcel


Signed-off-by: Eduardo Habkost 
---
  hw/block/nvme.c| 4 
  hw/net/e1000e.c| 4 
  hw/pci-bridge/pcie_root_port.c | 4 
  hw/pci-bridge/xio3130_downstream.c | 4 
  hw/pci-bridge/xio3130_upstream.c   | 4 
  hw/pci-host/xilinx-pcie.c  | 4 
  hw/scsi/megasas.c  | 6 ++
  hw/usb/hcd-xhci.c  | 4 
  8 files changed, 34 insertions(+)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 6071dc1..26d58b6 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -1110,6 +1110,10 @@ static const TypeInfo nvme_info = {
  .instance_size = sizeof(NvmeCtrl),
  .class_init= nvme_class_init,
  .instance_init = nvme_instance_init,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ }
+},
  };
  
  static void nvme_register_types(void)

diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
index 6c42b44..81f7934 100644
--- a/hw/net/e1000e.c
+++ b/hw/net/e1000e.c
@@ -708,6 +708,10 @@ static const TypeInfo e1000e_info = {
  .instance_size = sizeof(E1000EState),
  .class_init = e1000e_class_init,
  .instance_init = e1000e_instance_init,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ }
+},
  };
  
  static void e1000e_register_types(void)

diff --git a/hw/pci-bridge/pcie_root_port.c b/hw/pci-bridge/pcie_root_port.c
index 4d588cb..9b6e4ce 100644
--- a/hw/pci-bridge/pcie_root_port.c
+++ b/hw/pci-bridge/pcie_root_port.c
@@ -161,6 +161,10 @@ static const TypeInfo rp_info = {
  .class_init= rp_class_init,
  .abstract  = true,
  .class_size = sizeof(PCIERootPortClass),
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ }
+},
  };
  
  static void rp_register_types(void)

diff --git a/hw/pci-bridge/xio3130_downstream.c 
b/hw/pci-bridge/xio3130_downstream.c
index e706f36..7d2f762 100644
--- a/hw/pci-bridge/xio3130_downstream.c
+++ b/hw/pci-bridge/xio3130_downstream.c
@@ -195,6 +195,10 @@ static const TypeInfo xio3130_downstream_info = {
  .name  = "xio3130-downstream",
  .parent= TYPE_PCIE_SLOT,
  .class_init= xio3130_downstream_class_init,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ }
+},
  };
  
  static void xio3130_downstream_register_types(void)

diff --git a/hw/pci-bridge/xio3130_upstream.c b/hw/pci-bridge/xio3130_upstream.c
index a052224..227997c 100644
--- a/hw/pci-bridge/xio3130_upstream.c
+++ b/hw/pci-bridge/xio3130_upstream.c
@@ -166,6 +166,10 @@ static const TypeInfo xio3130_upstream_info = {
  .name  = "x3130-upstream",
  .parent= TYPE_PCIE_PORT,
  .class_init= xio3130_upstream_class_init,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ }
+},
  };
  
  static void xio3130_upstream_register_types(void)

diff --git a/hw/pci-host/xilinx-pcie.c b/hw/pci-host/xilinx-pcie.c
index 4613dda..7659253 100644
--- a/hw/pci-host/xilinx-pcie.c
+++ b/hw/pci-host/xilinx-pcie.c
@@ -317,6 +317,10 @@ static const TypeInfo xilinx_pcie_root_info = {
  .parent = TYPE_PCI_BRIDGE,
  .instance_size = sizeof(XilinxPCIERoot),
  .class_init = xilinx_pcie_root_class_init,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ }
+},
  };
  
  static void xilinx_pcie_register(void)

diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 734fdae..3641c30 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -2451,6 +2451,7 @@ typedef struct MegasasInfo {
  int osts;
  const VMStateDescription *vmsd;
  Property *props;
+InterfaceInfo *interfaces;
  } MegasasInfo;
  
  static struct MegasasInfo megasas_devices[] = {

@@ -2480,6 +2481,10 @@ static struct MegasasInfo megasas_devices[] = {
  .is_express = true,
  .vmsd = _megasas_gen2,
  .props = megasas_properties_gen2,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ }
+},
  }
  };
  
@@ -2531,6 +2536,7 @@ static void megasas_register_types(void)

  type_info.parent = TYPE_MEGASAS_BASE;
  type_info.class_data = (void *)info;
  type_info.class_init = megasas_class_init;
+type_info.interfaces = info->interfaces;
  
  type_register(_info);

  }
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 204ea69..d95ed4f 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -3670,6 +3670,10 @@ static const TypeInfo xhci_info = {
  .instance_size = sizeof(XHCIState),
  .class_init= xhci_class_init,
  .abstract  = true,
+.interfaces = (InterfaceInfo[]) {
+  

Re: [Qemu-devel] [PATCH 2/5] pci: Add interface names to hybrid PCI devices

[Marcel Apfelbaum]

Hi Eduardo,

On 25/08/2017 22:18, Eduardo Habkost wrote:

On Wed, Aug 23, 2017 at 07:14:42PM -0300, Eduardo Habkost wrote:

The following devices support both PCIe and legacy PCI, by
including special code to handle the QEMU_PCI_CAP_EXPRESS flag:

* vfio-pci (is_express=1, but legacy PCI handled by
   vfio_populate_device())
* vmxnet3 (is_express=0, but PCIe handled by vmxnet3_realize())
* pvscsi (is_express=0, but PCIe handled by pvscsi_realize())
* virtio-pci (is_express=0, but PCIe handled by
   virtio_pci_dc_realize(), and additional legacy PCI code at
   virtio_pci_realize())


Oh, the rules are even messier than that: QEMU_PCI_CAP_EXPRESS
controls _some_ of the code that makes a device become a PCI
Express device, but not every case.

In addition to vmxnet3, pvscsi and virtio-pci, PCIe caps
initialization is conditional on hcd-xhci (see below).

This means xhci is also a hybrid device.  But it doesn't seem to
clear QEMU_PCI_CAP_EXPRESS.  Doesn't it mean pci_config_size() is
broken if xhci is plugged to a legacy PCI bus?  How does it
affect migration?



If this is the case we reserve more config space than needed.
Other than wasted space it should be OK, including migration.

Thanks,
Marcel


Full list of pci_endpoint_cap*_init() calls:

hw/usb/hcd-xhci.c-if (pci_bus_is_express(dev->bus) ||
hw/usb/hcd-xhci.c-xhci_get_flag(xhci, XHCI_FLAG_FORCE_PCIE_ENDCAP)) {
hw/usb/hcd-xhci.c:ret = pcie_endpoint_cap_init(dev, 0xa0);

hw/net/vmxnet3.c-if (pci_is_express(pci_dev)) {
hw/net/vmxnet3.c-if (pci_bus_is_express(pci_dev->bus)) {
hw/net/vmxnet3.c:pcie_endpoint_cap_init(pci_dev, 
VMXNET3_EXP_EP_OFFSET);
hw/net/vmxnet3.c-}

hw/scsi/megasas.c-if (pci_is_express(dev)) {
hw/scsi/megasas.c:pcie_endpoint_cap_init(dev, 0xa0);
hw/scsi/megasas.c-}

hw/scsi/vmw_pvscsi.c-if (pci_is_express(pci_dev) && 
pci_bus_is_express(pci_dev->bus)) {
hw/scsi/vmw_pvscsi.c:pcie_endpoint_cap_init(pci_dev, 
PVSCSI_EXP_EP_OFFSET);
hw/scsi/vmw_pvscsi.c-}

hw/virtio/virtio-pci.c-if (pcie_port && pci_is_express(pci_dev)) {
hw/virtio/virtio-pci.c-int pos;
hw/virtio/virtio-pci.c-
hw/virtio/virtio-pci.c:pos = pcie_endpoint_cap_init(pci_dev, 0);


Note: on megasas, pci_endpoitn_cap_init() is conditional on
pci_is_express(), but pci_is_express() will never be false on
megasas-gen2 (because QEMU_PCI_CAP_EXPRESS is always set).


Full list of unconditional pci_endpoint_cap*init() calls:

hw/block/nvme.c:pcie_endpoint_cap_init(>parent_obj, 0x80);

hw/net/e1000e.c:if (pcie_endpoint_cap_v1_init(pci_dev, e1000e_pcie_offset) 
< 0) {

hw/pci-bridge/pcie_root_port.c:rc = pcie_cap_init(d, rpc->exp_offset, 
PCI_EXP_TYPE_ROOT_PORT,
hw/pci-bridge/pcie_root_port.c-   p->port, errp);

hw/pci-bridge/xio3130_downstream.c:rc = pcie_cap_init(d, 
XIO3130_EXP_OFFSET, PCI_EXP_TYPE_DOWNSTREAM,
hw/pci-bridge/xio3130_downstream.c-   p->port, errp);

hw/pci-bridge/xio3130_upstream.c:rc = pcie_cap_init(d, XIO3130_EXP_OFFSET, 
PCI_EXP_TYPE_UPSTREAM,
hw/pci-bridge/xio3130_upstream.c-   p->port, errp);

hw/pci-host/xilinx-pcie.c:if (pcie_endpoint_cap_v1_init(dev, 0x80) < 0) {





Signed-off-by: Eduardo Habkost 
---
  hw/net/vmxnet3.c   | 5 +
  hw/scsi/vmw_pvscsi.c   | 2 ++
  hw/vfio/pci.c  | 5 +
  hw/virtio/virtio-pci.c | 5 +
  4 files changed, 17 insertions(+)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index a19a7a3..61feacf 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -2651,6 +2651,11 @@ static const TypeInfo vmxnet3_info = {
  .instance_size = sizeof(VMXNET3State),
  .class_init= vmxnet3_class_init,
  .instance_init = vmxnet3_instance_init,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
+{ }
+},
  };
  
  static void vmxnet3_register_types(void)

diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 77d8b6f..40dfffa 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -1300,6 +1300,8 @@ static const TypeInfo pvscsi_info = {
  .class_init= pvscsi_class_init,
  .interfaces = (InterfaceInfo[]) {
  { TYPE_HOTPLUG_HANDLER },
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
  { }
  }
  };
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 31e1edf..2b21391 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3023,6 +3023,11 @@ static const TypeInfo vfio_pci_dev_info = {
  .class_init = vfio_pci_dev_class_init,
  .instance_init = vfio_instance_init,
  .instance_finalize = vfio_instance_finalize,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
+{ }
+},
  };
  
  static void register_vfio_pci_dev_type(void)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c

Re: [Qemu-devel] [PATCH 2/5] pci: Add interface names to hybrid PCI devices

[Marcel Apfelbaum]

On 27/08/2017 10:48, Marcel Apfelbaum wrote:

On 24/08/2017 1:14, Eduardo Habkost wrote:

The following devices support both PCIe and legacy PCI, by
including special code to handle the QEMU_PCI_CAP_EXPRESS flag:

* vfio-pci (is_express=1, but legacy PCI handled by
   vfio_populate_device())
* vmxnet3 (is_express=0, but PCIe handled by vmxnet3_realize())
* pvscsi (is_express=0, but PCIe handled by pvscsi_realize())
* virtio-pci (is_express=0, but PCIe handled by
   virtio_pci_dc_realize(), and additional legacy PCI code at
   virtio_pci_realize())



Hi Eduardo,

We also have a "hybrid" USB controller (not sure which one :)).



Please disregard the comment, I saw you are taking it into account.

Thanks,
Marcel


Thanks,
Marcel


Signed-off-by: Eduardo Habkost 
---
  hw/net/vmxnet3.c   | 5 +
  hw/scsi/vmw_pvscsi.c   | 2 ++
  hw/vfio/pci.c  | 5 +
  hw/virtio/virtio-pci.c | 5 +
  4 files changed, 17 insertions(+)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index a19a7a3..61feacf 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -2651,6 +2651,11 @@ static const TypeInfo vmxnet3_info = {
  .instance_size = sizeof(VMXNET3State),
  .class_init= vmxnet3_class_init,
  .instance_init = vmxnet3_instance_init,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
+{ }
+},
  };
  static void vmxnet3_register_types(void)
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 77d8b6f..40dfffa 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -1300,6 +1300,8 @@ static const TypeInfo pvscsi_info = {
  .class_init= pvscsi_class_init,
  .interfaces = (InterfaceInfo[]) {
  { TYPE_HOTPLUG_HANDLER },
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
  { }
  }
  };
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 31e1edf..2b21391 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3023,6 +3023,11 @@ static const TypeInfo vfio_pci_dev_info = {
  .class_init = vfio_pci_dev_class_init,
  .instance_init = vfio_instance_init,
  .instance_finalize = vfio_instance_finalize,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
+{ }
+},
  };
  static void register_vfio_pci_dev_type(void)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 8b0d6b6..8c0b6bf 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1958,6 +1958,11 @@ static const TypeInfo virtio_pci_info = {
  .class_init= virtio_pci_class_init,
  .class_size= sizeof(VirtioPCIClass),
  .abstract  = true,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
+{ }
+},
  };
  /* virtio-blk-pci */

Re: [Qemu-devel] kvm_intel fails to load on Conroe CPUs running Linux 4.12

[Gerhard Wiesinger]

On 17.08.2017 23:14, Gerhard Wiesinger wrote:

On 17.08.2017 22:58, Gerhard Wiesinger wrote:
>
> On 07.08.2017 19:50, Paolo Bonzini wrote:
>
> >Not much to say, unfortunately. It's pretty much the same capabilities
> >as a Prescott/Cedar Mill processor, except that it has MSR bitmaps. It
> >also lacks FlexPriority compared to the Conroe I had checked.
> >
> >It's not great that even the revert patch doesn't apply cleanly---this
> >is *not* necessarily a boring area of the hypervisor...
> >
> >Given the rarity of your machine I'm currently leaning towards _not_
> >reverting the change. I'll check another non-Xeon Core 2 tomorrow that
> >is from December 2008 (IIRC). If that one also lacks vNMI, or if I get
> >other reports, I suppose I will have to reconsider that.

Hello Paolo,

Can you please revert the patch.

CPU is a Core 2 Extreme QX6700: SL9UL (B3) running VERY stable with 
ECC RAM for years now.
https://ark.intel.com/products/28028/Intel-Core2-Extreme-Processor-QX6700-8M-Cache-2_66-GHz-1066-MHz-FSB?q=Core%202%20Extreme%20QX6700 


https://en.wikipedia.org/wiki/List_of_Intel_Core_2_microprocessors

CPU details below.

Thank you.

Ciao,
Gerhard 


Hello Paolo,

Any update on this major issue?

Thnx.

Ciao,
Gerhard

Re: [Qemu-devel] [PATCH 2/5] pci: Add interface names to hybrid PCI devices

[Marcel Apfelbaum]

On 24/08/2017 1:14, Eduardo Habkost wrote:

The following devices support both PCIe and legacy PCI, by
including special code to handle the QEMU_PCI_CAP_EXPRESS flag:

* vfio-pci (is_express=1, but legacy PCI handled by
   vfio_populate_device())
* vmxnet3 (is_express=0, but PCIe handled by vmxnet3_realize())
* pvscsi (is_express=0, but PCIe handled by pvscsi_realize())
* virtio-pci (is_express=0, but PCIe handled by
   virtio_pci_dc_realize(), and additional legacy PCI code at
   virtio_pci_realize())



Hi Eduardo,

We also have a "hybrid" USB controller (not sure which one :)).

Thanks,
Marcel


Signed-off-by: Eduardo Habkost 
---
  hw/net/vmxnet3.c   | 5 +
  hw/scsi/vmw_pvscsi.c   | 2 ++
  hw/vfio/pci.c  | 5 +
  hw/virtio/virtio-pci.c | 5 +
  4 files changed, 17 insertions(+)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index a19a7a3..61feacf 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -2651,6 +2651,11 @@ static const TypeInfo vmxnet3_info = {
  .instance_size = sizeof(VMXNET3State),
  .class_init= vmxnet3_class_init,
  .instance_init = vmxnet3_instance_init,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
+{ }
+},
  };
  
  static void vmxnet3_register_types(void)

diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 77d8b6f..40dfffa 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -1300,6 +1300,8 @@ static const TypeInfo pvscsi_info = {
  .class_init= pvscsi_class_init,
  .interfaces = (InterfaceInfo[]) {
  { TYPE_HOTPLUG_HANDLER },
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
  { }
  }
  };
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 31e1edf..2b21391 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3023,6 +3023,11 @@ static const TypeInfo vfio_pci_dev_info = {
  .class_init = vfio_pci_dev_class_init,
  .instance_init = vfio_instance_init,
  .instance_finalize = vfio_instance_finalize,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
+{ }
+},
  };
  
  static void register_vfio_pci_dev_type(void)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 8b0d6b6..8c0b6bf 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1958,6 +1958,11 @@ static const TypeInfo virtio_pci_info = {
  .class_init= virtio_pci_class_init,
  .class_size= sizeof(VirtioPCIClass),
  .abstract  = true,
+.interfaces = (InterfaceInfo[]) {
+{ INTERFACE_PCIE_DEVICE },
+{ INTERFACE_LEGACY_PCI_DEVICE },
+{ }
+},
  };
  
  /* virtio-blk-pci */

Re: [Qemu-devel] [PATCH] xio3130_downstream: Report error if pcie_chassis_add_slot() failed

[Marcel Apfelbaum]

Hi Eduardo,

On 25/08/2017 22:54, Eduardo Habkost wrote:

On commit f8cd1b02 ("pci: Convert to realize"), no error_set*()
call was added for the pcie_chassis_add_slot() error case.
pcie_chassis_add_slot() errors get ignored, making QEMU crash
later.  e.g.:

   $ qemu-system-x86_64 -device ioh3420 -device xio3130-downstream
   qemu-system-x86_64: memory.c:2166: memory_region_del_subregion: Assertion 
`subregion->container == mr' failed.
   Aborted (core dumped)

Fix it by reporting the error using error_setg().

Fixes: f8cd1b0201c41d88bb97dcafb80348a0e88d8805
Signed-off-by: Eduardo Habkost 
---
  hw/pci-bridge/xio3130_downstream.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/hw/pci-bridge/xio3130_downstream.c 
b/hw/pci-bridge/xio3130_downstream.c
index e706f36..5a882b0 100644
--- a/hw/pci-bridge/xio3130_downstream.c
+++ b/hw/pci-bridge/xio3130_downstream.c
@@ -94,6 +94,7 @@ static void xio3130_downstream_realize(PCIDevice *d, Error 
**errp)
  pcie_chassis_create(s->chassis);
  rc = pcie_chassis_add_slot(s);
  if (rc < 0) {
+error_setg(errp, "Can't add chassis slot, error %d", rc);
  goto err_pcie_cap;
  }
  




Reviewed-by: Marcel Apfelbaum 

Thanks,
Marcel