date:20171019

[Qemu-devel] [Bug 1719196] Re: [arm64 ocata] newly created instances are unable to raise network interfaces

2017-10-19 Thread ChristianEhrhardt

** Description changed:

+ [Impact]
+ 
+  * A change in qemu 2.8 (83d768b virtio: set ISR on dataplane 
+notifications) broke virtio handling on platforms without a 
+controller. Those encounter flaky networking due to missed IRQs
+ 
+  * Fix is a backport of the upstream fix b4b9862b: virtio: Fix no 
+interrupt when not creating msi controller
+ 
+ [Test Case]
+ 
+  * On Arm with Zesty (or Ocata) run a guest without PCI based devices
+ 
+  * Example in e.g. c#23
+ 
+  * Without the fix the networking does not work reliably (as it losses 
+IRQs), with the fix it works fine.
+ 
+ [Regression Potential]
+ 
+  * Changing the IRQ handling of virtio could affect virtio in general.
+But when reviwing the patch you'll see that it is small and actually 
+only changes to enable IRQ on one more place. That could cause more 
+IRQs than needed in the worst case, but those are usually not 
+breaking but only slowing things down. Also this fix is upstream 
+quite a while, increasing confidence.
+ 
+ [Other Info]
+  
+  * There is currently 1720397 in flight in the SRU queue, so acceptance 
+of this upload has to wait until that completes.
+ 
+ ---
+ 
  arm64 Ocata ,
  
  I'm testing to see I can get Ocata running on arm64 and using the
  openstack-base bundle to deploy it.  I have added the bundle to the log
  file attached to this bug.
  
  When I create a new instance via nova, the VM comes up and runs, however
  fails to raise its eth0 interface. This occurs on both internal and
  external networks.
  
  ubuntu@openstackaw:~$ nova list
  
+--+-+++-++
  | ID   | Name| Status | Task State | 
Power State | Networks   |
  
+--+-+++-++
  | dcaf6d51-f81e-4cbd-ac77-0c5d21bde57c | sfeole1 | ACTIVE | -  | 
Running | internal=10.5.5.3  |
  | aa0b8aee-5650-41f4-8fa0-aeccdc763425 | sfeole2 | ACTIVE | -  | 
Running | internal=10.5.5.13 |
  
+--+-+++-++
  ubuntu@openstackaw:~$ nova show aa0b8aee-5650-41f4-8fa0-aeccdc763425
  
+--+--+
  | Property | Value
|
  
+--+--+
  | OS-DCF:diskConfig| MANUAL   
|
  | OS-EXT-AZ:availability_zone  | nova 
|
  | OS-EXT-SRV-ATTR:host | awrep3   
|
  | OS-EXT-SRV-ATTR:hypervisor_hostname  | awrep3.maas  
|
  | OS-EXT-SRV-ATTR:instance_name| instance-0003
|
  | OS-EXT-STS:power_state   | 1
|
  | OS-EXT-STS:task_state| -
|
  | OS-EXT-STS:vm_state  | active   
|
  | OS-SRV-USG:launched_at   | 2017-09-24T14:23:08.00   
|
  | OS-SRV-USG:terminated_at | -
|
  | accessIPv4   |  
|
  | accessIPv6   |  
|
  | config_drive |  
|
  | created  | 2017-09-24T14:22:41Z 
|
  | flavor   | m1.small 
(717660ae-0440-4b19-a762-ffeb32a0575c)  |
  | hostId   | 
5612a00671c47255d2ebd6737a64ec9bd3a5866d1233ecf3e988b025 |
  | id   | aa0b8aee-5650-41f4-8fa0-aeccdc763425 
|
  | image| zestynosplash 
(e88fd1bd-f040-44d8-9e7c-c462ccf4b945) |
  | internal network | 10.5.5.13
|
  | key_name | mykey
|
  | metadata | {}   
|
  | name | sfeole2  
|
  | os-extended-volumes:volumes_attached | []

[Qemu-devel] [Bug 1719196] Re: [arm64 ocata] newly created instances are unable to raise network interfaces

2017-10-19 Thread ChristianEhrhardt

Ok, driving that into an SRU then - thanks for verifying.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1719196

Title:
  [arm64 ocata] newly created instances are unable to raise network
  interfaces

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Triaged
Status in libvirt:
  New
Status in QEMU:
  Fix Released
Status in libvirt package in Ubuntu:
  Invalid
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Zesty:
  Incomplete

Bug description:
  arm64 Ocata ,

  I'm testing to see I can get Ocata running on arm64 and using the
  openstack-base bundle to deploy it.  I have added the bundle to the
  log file attached to this bug.

  When I create a new instance via nova, the VM comes up and runs,
  however fails to raise its eth0 interface. This occurs on both
  internal and external networks.

  ubuntu@openstackaw:~$ nova list
  
+--+-+++-++
  | ID   | Name| Status | Task State | 
Power State | Networks   |
  
+--+-+++-++
  | dcaf6d51-f81e-4cbd-ac77-0c5d21bde57c | sfeole1 | ACTIVE | -  | 
Running | internal=10.5.5.3  |
  | aa0b8aee-5650-41f4-8fa0-aeccdc763425 | sfeole2 | ACTIVE | -  | 
Running | internal=10.5.5.13 |
  
+--+-+++-++
  ubuntu@openstackaw:~$ nova show aa0b8aee-5650-41f4-8fa0-aeccdc763425
  
+--+--+
  | Property | Value
|
  
+--+--+
  | OS-DCF:diskConfig| MANUAL   
|
  | OS-EXT-AZ:availability_zone  | nova 
|
  | OS-EXT-SRV-ATTR:host | awrep3   
|
  | OS-EXT-SRV-ATTR:hypervisor_hostname  | awrep3.maas  
|
  | OS-EXT-SRV-ATTR:instance_name| instance-0003
|
  | OS-EXT-STS:power_state   | 1
|
  | OS-EXT-STS:task_state| -
|
  | OS-EXT-STS:vm_state  | active   
|
  | OS-SRV-USG:launched_at   | 2017-09-24T14:23:08.00   
|
  | OS-SRV-USG:terminated_at | -
|
  | accessIPv4   |  
|
  | accessIPv6   |  
|
  | config_drive |  
|
  | created  | 2017-09-24T14:22:41Z 
|
  | flavor   | m1.small 
(717660ae-0440-4b19-a762-ffeb32a0575c)  |
  | hostId   | 
5612a00671c47255d2ebd6737a64ec9bd3a5866d1233ecf3e988b025 |
  | id   | aa0b8aee-5650-41f4-8fa0-aeccdc763425 
|
  | image| zestynosplash 
(e88fd1bd-f040-44d8-9e7c-c462ccf4b945) |
  | internal network | 10.5.5.13
|
  | key_name | mykey
|
  | metadata | {}   
|
  | name | sfeole2  
|
  | os-extended-volumes:volumes_attached | []   
|
  | progress | 0
|
  | security_groups  | default  
|
  | status   | ACTIVE   
|
  | tenant_id| 9f7a21c1ad264fec81abc09f3960ad1d 
|
  | updated  | 2017-09-24T14:23:09Z 
|
  | user_id  |

Re: [Qemu-devel] [RFC v2 15/22] monitor: send event when request queue full

2017-10-19 Thread Peter Xu

On Thu, Oct 19, 2017 at 03:11:50PM +0200, Stefan Hajnoczi wrote:
> On Thu, Oct 19, 2017 at 03:16:11PM +0800, Peter Xu wrote:
> > On Wed, Oct 18, 2017 at 05:28:04PM +0200, Stefan Hajnoczi wrote:
> > > On Mon, Oct 16, 2017 at 04:11:58PM +0800, Peter Xu wrote:
> > > > On Thu, Oct 12, 2017 at 01:56:20PM +0100, Stefan Hajnoczi wrote:
> > > > > On Fri, Sep 29, 2017 at 11:38:37AM +0800, Peter Xu wrote:
> > > > > > Set maximum QMP request queue length to 8.  If queue full, instead 
> > > > > > of
> > > > > > queue the command, we directly return a "request-dropped" event, 
> > > > > > telling
> > > > > > client that specific command is dropped.
> > > > > > 
> > > > > > Signed-off-by: Peter Xu 
> > > > > > ---
> > > > > >  monitor.c | 15 +++
> > > > > >  1 file changed, 15 insertions(+)
> > > > > > 
> > > > > > diff --git a/monitor.c b/monitor.c
> > > > > > index 1e9a6cb6a5..d9bed31248 100644
> > > > > > --- a/monitor.c
> > > > > > +++ b/monitor.c
> > > > > > @@ -3971,6 +3971,8 @@ static void monitor_qmp_bh_dispatcher(void 
> > > > > > *data)
> > > > > >  }
> > > > > >  }
> > > > > >  
> > > > > > +#define  QMP_ASYNC_QUEUE_LEN_MAX  (8)
> > > > > 
> > > > > Why 8?
> > > > 
> > > > I proposed this in previous discussion and no one objected, so I just
> > > > used it. It's here:
> > > > 
> > > >   https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg03989.html
> > > >   (please don't go over the thread; I'll copy the related paragraphs)
> > > > 
> > > > """
> > > >   ...
> > > >   Regarding to queue size: I am afraid max_size=1 may not suffice?
> > > >   Otherwise a simple batch of:
> > > > 
> > > >   {"execute": "query-status"} {"execute": "query-status"}
> > > > 
> > > >   Will trigger the failure.  But I definitely agree it should not be
> > > >   something very large.  The total memory will be this:
> > > > 
> > > > json limit * queue length limit * monitor count limit
> > > > (X)(Y)(Z)
> > > > 
> > > >   Now we have (X) already (in form of a few tunables for JSON token
> > > >   counts, etc.), we don't have (Z), and we definitely need (Y).
> > > > 
> > > >   How about we add limits on Y=16 and Z=8?
> > > > 
> > > >   We can do some math if we want some more exact number though.
> > > >   ...
> > > > """
> > > > 
> > > > Oops, I proposed "16", but I used "8"; I hope 8 is good enough, but I
> > > > am definitely not sure whether "1" is good.
> > > 
> > > I understand the concern about breaking existing clients but choosing an
> > > arbitrary magic number isn't a correct solution to that problem because
> > > existing clients may exceed the magic number!
> > 
> > I agree.
> > 
> > > 
> > > Instead I think QMP should only look ahead if the out-of-band feature
> > > has been negotatiated.  This way existing clients continue to work.  New
> > > clients will have to avoid sending a batch of requests or they must
> > > handle the queue size limit error.
> > 
> > Hmm yes I just noticed that although I broadcasted the "OOB"
> > capability but actually I skipped the negociation phase (so OOB is
> > always enabled). I think I should have that for sure.
> > 
> > IIUC below new handle_qmp_command() should be always compatible with
> > old clients then:
> > 
> > handle_qmp_command ()
> > {
> >   ...
> >   if (oob_enabled) {
> > if (cmd_is_oob (req)) {
> >   // execute command
> >   qmp_dispatch (req);
> >   return;
> > }
> > if (queue_full (mon)) {
> >   // drop req
> >   send_full_event (mon);
> >   return;
> > }
> >   }
> > 
> >   queue (req);
> >   kick (task);
> > 
> >   if (!oob_enabled) {
> > // if oob not enabled, we don't process next request before previous
> > // one finishes, and queue length will always be either 0 or 1.
> > // Note: this means the parsing thread can block now.
> > wait_until_req_handled (req);
> >   }
> > }
> > 
> > This will be somehow more complicated than before though, since if
> > with this, we need to make sure all the QMP clients have enabled OOB
> > feature to make sure OOB command can work. Otherwise even if only one
> > QMP client didn't enable OOB, then it may block at waiting for the
> > request to finish, and it will block the whole monitor IOThread as
> > well (which is currently shared by OOB and non-OOB monitors).
> > 
> > Or, maybe, I should just create one IOThread for each QMP monitor.
> 
> Or temporarily stop monitoring a client's chardev while the request is
> being processed if OOB isn't negotiated.  That way a single IOThread can
> still service multiple QMP monitors with differing OOB settings.

I suppose you mean monitor_suspend().

Yes, good suggestion.  Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 2/2] target/arm: Don't set INSN_ARM_BE32 for CONFIG_USER_ONLY

2017-10-19 Thread Philippe Mathieu-Daudé

On 10/19/2017 06:21 PM, Richard Henderson wrote:
> This matches translator behaviour in arm_lduw_code.
> 
> Fixes: https://bugs.launchpad.net/qemu/+bug/1724485
> Signed-off-by: Richard Henderson 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  target/arm/cpu.c | 9 +++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index bc9d70df04..a0ed11c9a5 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -478,6 +478,7 @@ static void arm_disas_set_info(CPUState *cpu, 
> disassemble_info *info)
>  {
>  ARMCPU *ac = ARM_CPU(cpu);
>  CPUARMState *env = >env;
> +bool sctlr_b;
>  
>  if (is_a64(env)) {
>  /* We might not be compiled with the A64 disassembler
> @@ -506,7 +507,9 @@ static void arm_disas_set_info(CPUState *cpu, 
> disassemble_info *info)
>  info->cap_arch = CS_ARCH_ARM;
>  info->cap_mode = cap_mode;
>  }
> -if (bswap_code(arm_sctlr_b(env))) {
> +
> +sctlr_b = arm_sctlr_b(env);
> +if (bswap_code(sctlr_b)) {
>  #ifdef TARGET_WORDS_BIGENDIAN
>  info->endian = BFD_ENDIAN_LITTLE;
>  #else
> @@ -514,9 +517,11 @@ static void arm_disas_set_info(CPUState *cpu, 
> disassemble_info *info)
>  #endif
>  }
>  info->flags &= ~INSN_ARM_BE32;
> -if (arm_sctlr_b(env)) {
> +#ifndef CONFIG_USER_ONLY
> +if (sctlr_b) {
>  info->flags |= INSN_ARM_BE32;
>  }
> +#endif
>  }
>  
>  uint64_t arm_cpu_mp_affinity(int idx, uint8_t clustersz)
>

Re: [Qemu-devel] [PATCH v3 08/46] hw/char: Replace fprintf(stderr, "*\n" with error_report()

2017-10-19 Thread Philippe Mathieu-Daudé

On 10/19/2017 01:16 PM, Alistair Francis wrote:
> Replace a large number of the fprintf(stderr, "*\n" calls with
> error_report(). The functions were renamed with these commands and then
> compiler issues where manually fixed.
[...]
> ---
> V2:
>  - Split hw patch into individual directories
> 
>  hw/char/mcf_uart.c  | 5 +++--
>  hw/char/sh_serial.c | 9 +
>  2 files changed, 8 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/char/mcf_uart.c b/hw/char/mcf_uart.c
> index 56fa402b58..14cb051be9 100644
> --- a/hw/char/mcf_uart.c
> +++ b/hw/char/mcf_uart.c
> @@ -6,6 +6,7 @@
>   * This code is licensed under the GPL
>   */
>  #include "qemu/osdep.h"
> +#include "qemu/error-report.h"
>  #include "hw/hw.h"
>  #include "hw/sysbus.h"
>  #include "hw/m68k/mcf.h"
> @@ -174,7 +175,7 @@ static void mcf_do_command(mcf_uart_state *s, uint8_t cmd)
>  mcf_uart_do_tx(s);
>  break;
>  case 3: /* Reserved.  */
> -fprintf(stderr, "mcf_uart: Bad TX command\n");
> +error_report("mcf_uart: Bad TX command");

I'd rather use qemu_log_mask(LOG_GUEST_ERROR,...) here.

>  break;
>  }
>  
> @@ -189,7 +190,7 @@ static void mcf_do_command(mcf_uart_state *s, uint8_t cmd)
>  s->rx_enabled = 0;
>  break;
>  case 3: /* Reserved.  */
> -fprintf(stderr, "mcf_uart: Bad RX command\n");
> +error_report("mcf_uart: Bad RX command");

ditto

>  break;
>  }
>  }
> diff --git a/hw/char/sh_serial.c b/hw/char/sh_serial.c
> index 835b5378a0..7bb3f3c70b 100644
> --- a/hw/char/sh_serial.c
> +++ b/hw/char/sh_serial.c
> @@ -25,6 +25,7 @@
>   * THE SOFTWARE.
>   */
>  #include "qemu/osdep.h"
> +#include "qemu/error-report.h"
>  #include "hw/hw.h"
>  #include "hw/sh4/sh.h"
>  #include "chardev/char-fe.h"
> @@ -190,8 +191,8 @@ static void sh_serial_write(void *opaque, hwaddr offs,
>  }
>  }
>  
> -fprintf(stderr, "sh_serial: unsupported write to 0x%02"
> -HWADDR_PRIx "\n", offs);
> +error_report("sh_serial: unsupported write to 0x%02"
> + HWADDR_PRIx "", offs);

and qemu_log_mask(LOG_UNIMP, ...) here

>  abort();
>  }
>  
> @@ -290,8 +291,8 @@ static uint64_t sh_serial_read(void *opaque, hwaddr offs,
>  #endif
>  
>  if (ret & ~((1 << 16) - 1)) {
> -fprintf(stderr, "sh_serial: unsupported read from 0x%02"
> -HWADDR_PRIx "\n", offs);
> +error_report("sh_serial: unsupported read from 0x%02"
> + HWADDR_PRIx "", offs);

ditto

>  abort();
>  }
>  
>

Re: [Qemu-devel] [PATCH v3 46/46] target: Replace fprintf(stderr, "*\n" with error_report()

2017-10-19 Thread Philippe Mathieu-Daudé

On 10/19/2017 01:18 PM, Alistair Francis wrote:
> Replace a large number of the fprintf(stderr, "*\n" calls with
> error_report(). The functions were renamed with these commands and then
> compiler issues where manually fixed.
[...]
> Signed-off-by: Alistair Francis 
> Cc: "Edgar E. Iglesias" 
> Cc: Paolo Bonzini 
> Cc: Richard Henderson 
> Cc: Eduardo Habkost 
> Cc: Marcelo Tosatti 
> Cc: Michael Walle 
> Cc: Aurelien Jarno 
> Cc: Yongbok Kim 
> Cc: Christian Borntraeger 
> Cc: Cornelia Huck 
> Cc: Guan Xuetao 
> Cc: qemu-...@nongnu.org
> Cc: qemu-...@nongnu.org
> Acked-by: Cornelia Huck  (s390x part)

I was not sure commenting after the mail would break scripts, but it
doesn't appear to, good to know!

http://patchwork.ozlabs.org/patch/828257/  <- parsed correctly

Re: [Qemu-devel] [PATCH v3 10/46] hw/cris: Replace fprintf(stderr, "*\n" with error_report()

2017-10-19 Thread Philippe Mathieu-Daudé

On 10/19/2017 01:16 PM, Alistair Francis wrote:
> Replace a large number of the fprintf(stderr, "*\n" calls with
> error_report(). The functions were renamed with these commands and then
> compiler issues where manually fixed.
> 
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N;N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N; {s|fprintf(stderr, "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' 
> \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N; {s|fprintf(stderr, "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N; {s|fprintf(stderr, "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> 
> Some lines where then manually tweaked to pass checkpatch.
> 
> Signed-off-by: Alistair Francis 
> "Edgar E. Iglesias" 

Is this a Reviewed-by tag?

Anyway:
Reviewed-by: Philippe Mathieu-Daudé 

> ---
> V2:
>  - Split hw patch into individual directories
> 
>  hw/cris/axis_dev88.c | 3 ++-
>  hw/cris/boot.c   | 6 +++---
>  2 files changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/cris/axis_dev88.c b/hw/cris/axis_dev88.c
> index 5eb552bce2..d121836b69 100644
> --- a/hw/cris/axis_dev88.c
> +++ b/hw/cris/axis_dev88.c
> @@ -23,6 +23,7 @@
>   */
>  
>  #include "qemu/osdep.h"
> +#include "qemu/error-report.h"
>  #include "qapi/error.h"
>  #include "qemu-common.h"
>  #include "cpu.h"
> @@ -349,7 +350,7 @@ void axisdev88_init(MachineState *machine)
>  li.cmdline = kernel_cmdline;
>  cris_load_image(cpu, );
>  } else if (!qtest_enabled()) {
> -fprintf(stderr, "Kernel image must be specified\n");
> +error_report("Kernel image must be specified");
>  exit(1);
>  }
>  }
> diff --git a/hw/cris/boot.c b/hw/cris/boot.c
> index f896ed7f86..fda0a039b8 100644
> --- a/hw/cris/boot.c
> +++ b/hw/cris/boot.c
> @@ -23,6 +23,7 @@
>   */
>  
>  #include "qemu/osdep.h"
> +#include "qemu/error-report.h"
>  #include "qemu-common.h"
>  #include "cpu.h"
>  #include "hw/hw.h"
> @@ -86,14 +87,13 @@ void cris_load_image(CRISCPU *cpu, struct cris_load_info 
> *li)
>  }
>  
>  if (image_size < 0) {
> -fprintf(stderr, "qemu: could not load kernel '%s'\n",
> -li->image_filename);
> +error_report("could not load kernel '%s'", li->image_filename);
>  exit(1);
>  }
>  
>  if (li->cmdline && (kcmdline_len = strlen(li->cmdline))) {
>  if (kcmdline_len > 256) {
> -fprintf(stderr, "Too long CRIS kernel cmdline (max 256)\n");
> +error_report("Too long CRIS kernel cmdline (max 256)");
>  exit(1);
>  }
>  pstrcpy_targphys("cmdline", 0x4000, 256, li->cmdline);
>

Re: [Qemu-devel] [PATCH] net: add print link status of nics in print_net_client function

2017-10-19 Thread Philippe Mathieu-Daudé

On 10/19/2017 11:58 PM, ZhiPeng Lu wrote:
> We can directly know the information of vm by executing "info network" 
> command,
>  including the link state of nics, without excuting other commands again.

"executing"

> 
> Signed-off-by: ZhiPeng Lu 
> Reviewed-by: Jiyun Fan 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  net/net.c | 6 +-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/net/net.c b/net/net.c
> index 39ef546..9e349cb 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -1298,10 +1298,14 @@ void print_net_client(Monitor *mon, NetClientState 
> *nc)
>  {
>  NetFilterState *nf;
>  
> -monitor_printf(mon, "%s: index=%d,type=%s,%s\n", nc->name,
> +monitor_printf(mon, "%s: index=%d,type=%s,%s", nc->name,
> nc->queue_index,
> NetClientDriver_str(nc->info->type),
> nc->info_str);
> +if (nc->info->type == NET_CLIENT_DRIVER_NIC) {
> +monitor_printf(mon, ",link status:%s", nc->link_down ? "down" : 
> "up");
> +}
> +monitor_printf(mon, "\n");
>  if (!QTAILQ_EMPTY(>filters)) {
>  monitor_printf(mon, "filters:\n");
>  }
>

Re: [Qemu-devel] [PATCH v5 1/8] aspeed: use a ROM memory region to catch invalid writes

2017-10-19 Thread Philippe Mathieu-Daudé

On 10/19/2017 12:44 PM, Peter Maydell wrote:
> On 19 October 2017 at 16:12, Cédric Le Goater  wrote:
>> Some legacy firmwares access unimplemented addresses on the Aspeed SoC
>> (old U-Boot code using variables in the bss when it shouldn't do).
>> Let's use a ROM memory region to catch the invalid writes and support
>> new boards without using the 'ignore_memory_transaction_failures'
>> flag.
>>
>> Signed-off-by: Cédric Le Goater 
>> ---
>>
>>  Changes since v4 :
>>
>>  - use a ROM memory region
> 
> Probably worth mentioning in the commit message that this
> is a migration compatibility break for these boards.

What about the eeprom_buf from patch 6 "Add EEPROM I2C devices"?

My understanding is a migrated board would resume with a zeroized
eeprom, is this the expected behaviour?

Regards,

Phil.

Re: [Qemu-devel] [PATCH v6 8/8] aspeed: add the pc9552 chips to the witherspoon machine

2017-10-19 Thread Philippe Mathieu-Daudé

On 10/19/2017 01:35 PM, Cédric Le Goater wrote:
> The pca9552 LED blinkers on the Witherspoon machine are used for leds
> but also as GPIOs to control fans and GPUs.
> 
> Signed-off-by: Cédric Le Goater 
> Reviewed-by: Andrew Jeffery 
> ---
>  hw/arm/aspeed.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
> index df7f266800ba..0e2a4fa62c26 100644
> --- a/hw/arm/aspeed.c
> +++ b/hw/arm/aspeed.c
> @@ -397,6 +397,8 @@ static void witherspoon_bmc_i2c_init(AspeedBoardState 
> *bmc)
>  AspeedSoCState *soc = >soc;
>  uint8_t *eeprom_buf = g_malloc0(8 * 1024);
>  
> +i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 3), "pca9552", 
> 0x60);

TYPE_PCA9552 ?

> +
>  i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 4), "tmp423", 
> 0x4c);
>  i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 5), "tmp423", 
> 0x4c);
>  
> @@ -409,6 +411,8 @@ static void witherspoon_bmc_i2c_init(AspeedBoardState 
> *bmc)
>  
>  smbus_eeprom_init_one(aspeed_i2c_get_bus(DEVICE(>i2c), 11), 0x51,
>eeprom_buf);
> +i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 11), "pca9552",

ditto

> + 0x60);
>  }
>  
>  static void witherspoon_bmc_init(MachineState *machine)
> 

Reviewed-by: Philippe Mathieu-Daudé

[Qemu-devel] [PATCH] net: add print link status of nics in print_net_client function

2017-10-19 Thread ZhiPeng Lu

We can directly know the information of vm by executing "info network" command,
 including the link state of nics, without excuting other commands again.

Signed-off-by: ZhiPeng Lu 
Reviewed-by: Jiyun Fan 
---
 net/net.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/net.c b/net/net.c
index 39ef546..9e349cb 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1298,10 +1298,14 @@ void print_net_client(Monitor *mon, NetClientState *nc)
 {
 NetFilterState *nf;
 
-monitor_printf(mon, "%s: index=%d,type=%s,%s\n", nc->name,
+monitor_printf(mon, "%s: index=%d,type=%s,%s", nc->name,
nc->queue_index,
NetClientDriver_str(nc->info->type),
nc->info_str);
+if (nc->info->type == NET_CLIENT_DRIVER_NIC) {
+monitor_printf(mon, ",link status:%s", nc->link_down ? "down" : "up");
+}
+monitor_printf(mon, "\n");
 if (!QTAILQ_EMPTY(>filters)) {
 monitor_printf(mon, "filters:\n");
 }
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v6 7/8] misc: add pca9552 LED blinker model

2017-10-19 Thread Philippe Mathieu-Daudé

Hi Cédric,

On 10/19/2017 01:35 PM, Cédric Le Goater wrote:
> Specs are available here :
> 
> https://www.nxp.com/docs/en/application-note/AN264.pdf
> 
> This is a simple model supporting the basic registers for led and GPIO
> mode. The device also supports two blinking rates but not the model
> yet.
> 
> Signed-off-by: Cédric Le Goater 
> Reviewed-by: Peter Maydell 
> ---
> 
>  Changes since v3:
> 
>  - introduced auto-increment support
>  - removed the buffer collecting bytes on the bus
>  - improved reset
>  - used extract32
>  - added a unit test
> 
>  Changes since v2:
> 
>  - removed comments on the I2C buffer size, but kept the array. I did
>not want to rewrite the buffer handling
> 
>  default-configs/arm-softmmu.mak |   1 +
>  hw/misc/Makefile.objs   |   1 +
>  hw/misc/pca9552.c   | 259 
> 
>  include/hw/misc/pca9552.h   |  33 +

If you mind using scripts/git.orderfile the review'd get easier :)

>  tests/Makefile.include  |   2 +
>  tests/pca9552-test.c| 131 
>  6 files changed, 427 insertions(+)
>  create mode 100644 hw/misc/pca9552.c
>  create mode 100644 include/hw/misc/pca9552.h
>  create mode 100644 tests/pca9552-test.c
> 
> diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
> index 5059d134c816..d868d1095a6c 100644
> --- a/default-configs/arm-softmmu.mak
> +++ b/default-configs/arm-softmmu.mak
> @@ -16,6 +16,7 @@ CONFIG_TSC2005=y
>  CONFIG_LM832X=y
>  CONFIG_TMP105=y
>  CONFIG_TMP421=y
> +CONFIG_PCA9552=y
>  CONFIG_STELLARIS=y
>  CONFIG_STELLARIS_INPUT=y
>  CONFIG_STELLARIS_ENET=y
> diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
> index e8f0a02f35af..e4e22880dbbc 100644
> --- a/hw/misc/Makefile.objs
> +++ b/hw/misc/Makefile.objs
> @@ -7,6 +7,7 @@ common-obj-$(CONFIG_SGA) += sga.o
>  common-obj-$(CONFIG_ISA_TESTDEV) += pc-testdev.o
>  common-obj-$(CONFIG_PCI_TESTDEV) += pci-testdev.o
>  common-obj-$(CONFIG_EDU) += edu.o
> +common-obj-$(CONFIG_PCA9552) += pca9552.o
>  
>  common-obj-y += unimp.o
>  
> diff --git a/hw/misc/pca9552.c b/hw/misc/pca9552.c
> new file mode 100644
> index ..70ce6f038da2
> --- /dev/null
> +++ b/hw/misc/pca9552.c
> @@ -0,0 +1,259 @@
> +/*
> + * PCA9552 I2C LED blinker
> + *
> + * https://www.nxp.com/docs/en/application-note/AN264.pdf
> + *
> + * Copyright (c) 2017, IBM Corporation.
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> + * later. See the COPYING file in the top-level directory.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qemu/log.h"
> +#include "hw/hw.h"
> +#include "hw/misc/pca9552.h"
> +
> +/*
> + * Bits [0:3] are used to address a specific register.
> + */
> +#define PCA9552_INPUT0   0 /* read only input register 0 */
> +#define PCA9552_INPUT1   1 /* read only input register 1  */
> +#define PCA9552_PSC0 2 /* read/write frequency prescaler 0 */
> +#define PCA9552_PWM0 3 /* read/write PWM register 0 */
> +#define PCA9552_PSC1 4 /* read/write frequency prescaler 1 */
> +#define PCA9552_PWM1 5 /* read/write PWM register 1 */
> +#define PCA9552_LS0  6 /* read/write LED0 to LED3 selector */
> +#define PCA9552_LS1  7 /* read/write LED4 to LED7 selector */
> +#define PCA9552_LS2  8 /* read/write LED8 to LED11 selector */
> +#define PCA9552_LS3  9 /* read/write LED12 to LED15 selector */

Since you use those in your test, can you move them to "hw/misc/pca9552.h"?

> +
> +/*
> + * Bit [4] is used to activate the Auto-Increment option of the
> + * register address
> + */
> +#define PCA9552_AUTOINC  (1 << 4)

ditto

> +
> +#define PCA9552_LED_ON   0x0
> +#define PCA9552_LED_OFF  0x1
> +#define PCA9552_LED_PWM0 0x2
> +#define PCA9552_LED_PWM1 0x3
> +
> +static uint8_t pca9552_pin_get_config(PCA9552State *s, int pin)
> +{
> +uint8_t reg   = PCA9552_LS0 + (pin / 4);
> +uint8_t shift = (pin % 4) << 1;
> +
> +return extract32(s->regs[reg], shift, 2);
> +}
> +
> +static void pca9552_update_pin_input(PCA9552State *s)
> +{
> +int i;
> +
> +for (i = 0; i < s->nr_leds; i++) {
> +uint8_t input_reg = PCA9552_INPUT0 + (i / 8);
> +uint8_t input_shift = (i % 8);
> +uint8_t config = pca9552_pin_get_config(s, i);
> +
> +switch (config) {
> +case PCA9552_LED_ON:
> +s->regs[input_reg] |= 1 << input_shift;
> +break;
> +case PCA9552_LED_OFF:
> +s->regs[input_reg] &= ~(1 << input_shift);
> +break;
> +case PCA9552_LED_PWM0:
> +case PCA9552_LED_PWM1:
> +/* TODO */
> +default:
> +break;
> +}
> +}
> +}
> +
> +static uint8_t pca9552_read(PCA9552State *s, uint8_t reg)
> +{
> +switch (reg) {
> +case PCA9552_INPUT0:
> +case PCA9552_INPUT1:
> +case PCA9552_PSC0:
> +case PCA9552_PWM0:
> +case PCA9552_PSC1:
> +case

Re: [Qemu-devel] [PATCH v3 0/7] migration: pause-before-switchover

2017-10-19 Thread Peter Xu

On Thu, Oct 19, 2017 at 12:21:23PM +0100, Dr. David Alan Gilbert wrote:
> * Peter Xu (pet...@redhat.com) wrote:
> > On Wed, Oct 18, 2017 at 06:40:06PM +0100, Dr. David Alan Gilbert (git) 
> > wrote:
> > 
> > [...]
> > 
> > > The precopy flow is:
> > > active->pre-switchover->device->completed
> > > 
> > > The postcopy flow is:
> > > active->pre-switchover->postcopy-active->completed
> > 
> > The naming is still slightly confusing to me:
> > 
> > (1) we have a capability called "pause-before-switchover", so it feels
> > like there is something called "switchover" and if we enable this
> > we'll pause before that point;
> > 
> > (2) we have a new status "pre-switchover", it feels like that's the
> > point before we are in "switchover" state;
> > 
> > (3) we don't really have a "switchover" state, but instead it's called
> > "device" which is exactly the "switchover" action.
> > 
> > Considering (1) and (2), I would prefer "device" state to be just
> > "switchover"...
> 
> Yes I stuck to pause-before-device and device originally; but
> what we're doing during the 'device' stage is mostly saving device
> state; the actual switchover occurs at the end.  So hmm.

That's fine to me.

> 
> > Further, not sure we can unify the state transition as well (say, we
> > add this switchover state even without cap "pause-before-switchover"
> > set, although it does not make much sense itself). Then, we can also
> > unify the precopy/postcopy state machine into one:
> > 
> > active->
> >   [pre-switchover->]  (optional, decided by "pause-before-switchover")
> > switchover->
> >   [postcopy-active->] (optional, decided by "postcopy-arm")
> > completed
> 
> I didn't want to change the state transition behaviour without the
> capability set, since that could upset an existing libvirt that would
> get confused by the new state.

Indeed.  However this (and also Juan's xbzrle cache size series) lets
me think about whether we should loosen the "compatibility" sometimes.

For most of the times, we are paying the compatibility bill by
complicating the code logic.  For this one, we satisfy live block
migration logic to introduce two new state transition paths (for
precopy and postcopy). I am just afraid we need to pay a larger bill
some day.

But I'd say it's only my worry; maybe it's just too superfluous.

(I provided all r-bs, so the series looks good to me after all)

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v4 1/4] vhost-user: add new vhost user messages to support virtio config space

2017-10-19 Thread Liu, Changpeng



> -Original Message-
> From: Michael S. Tsirkin [mailto:m...@redhat.com]
> Sent: Friday, October 20, 2017 10:12 AM
> To: Liu, Changpeng 
> Cc: Paolo Bonzini ; qemu-devel@nongnu.org;
> stefa...@gmail.com; marcandre.lur...@redhat.com; fel...@nutanix.com; Harris,
> James R 
> Subject: Re: [PATCH v4 1/4] vhost-user: add new vhost user messages to support
> virtio config space
> 
> On Fri, Oct 20, 2017 at 01:55:20AM +, Liu, Changpeng wrote:
> >
> >
> > > -Original Message-
> > > From: Michael S. Tsirkin [mailto:m...@redhat.com]
> > > Sent: Friday, October 20, 2017 8:28 AM
> > > To: Paolo Bonzini 
> > > Cc: Liu, Changpeng ; qemu-devel@nongnu.org;
> > > stefa...@gmail.com; marcandre.lur...@redhat.com; fel...@nutanix.com;
> Harris,
> > > James R 
> > > Subject: Re: [PATCH v4 1/4] vhost-user: add new vhost user messages to 
> > > support
> > > virtio config space
> > >
> > > On Thu, Oct 19, 2017 at 11:04:48PM +0200, Paolo Bonzini wrote:
> > > > On 19/10/2017 19:43, Michael S. Tsirkin wrote:
> > > > > On Thu, Oct 19, 2017 at 05:43:18PM +0200, Paolo Bonzini wrote:
> > > > >> On 19/10/2017 17:39, Michael S. Tsirkin wrote:
> > > >  Add VHOST_USER_GET_CONFIG/VHOST_USER_SET_CONFIG messages
> > > which can be
> > > >  used for live migration of vhost user devices, also vhost user 
> > > >  devices
> > > >  can benefit from the messages to get/set virtio config space 
> > > >  from/to the
> > > >  I/O target. For the purpose to support virtio config space change,
> > > >  VHOST_USER_SET_CONFIG_FD message is added as the event notifier
> > > >  in case virtio config space change in the I/O target.
> > > > 
> > > >  Signed-off-by: Changpeng Liu 
> > > > >>> I don't much like it that config is getting passed through.
> > > > >>>
> > > > >>> IMO this makes managing things harder not easier.
> > > > >>>
> > > > >>> How about specific messages about specific parts of
> > > > >>> config space that you want to get from the backend?
> > > > >>
> > > > >> In the case of virtio-blk that would be all of it.  Do you have a 
> > > > >> case
> > > > >> in mind where some part of the configuration space is owned by QEMU?
> > > > >>
> > > > >> Paolo
> > > > >
> > > > > Yes. seg_max
> > > >
> > > > The seg_max limit is established by whoever reads buffers from the vring
> > > > and passes them down to the lower layer.  For vhost-blk that's the
> > > > device server, not QEMU.
> > > >
> > > > Paolo
> > >
> > > Good point. How about num_queues though?
> > num_queues  is part of virtio_blk config, vhost-user slave can set it,
> > and Qemu driver can rewrite it if user want less IO queues.
> 
> Fundamentally QEMU needs to support this # of queues for this
> device.
> 
> So whenever QEMU doesn't always expose config space as-is,
> need to document the exact semantics.
Agreed, Qemu vhost block driver should always has a default value, so I also 
added the
value as one of the parameters for vhost block driver.
> 
> Also, does backend need to know?
vhost-user slave does know how many queues are used, because vhost-user messages
such as SET_VRING_CALL/KICK are related with queues. Here the idea is 
vhost-user slave
provides the maximum io queues supported, and Qemu users can specify lower io 
queues.
> 
> 
> > >
> > > Also why is there SET_CONFIG? Does not look like blk uses it.
> > Only one possible usage when disable write cache to vhost-user slave device.
> 
> Again need to add documentation what can be written.
Agreed.
> 
> 
> > >
> > > And I wonder how do we do it for other devices.
> > >
> > > E.g. for net there's a bit in the middle of the
> > > config field that deals with migration.
> > Well, I'm okay to make those messages only valid for virtio block device, 
> > because
> it's enough
> > for virtio block to be started with vhost-user slave target.
> 
> OK but I'd rather make them at least somewhat generic so we can reuse
> them down the road.  It looks like adding offset/size pair would solve
> most of the issues. Thoughts?
Do you mean SET_CONFIG message followed with offset/size to let vhost-user slave
Know which field the master want to change?  Yes, sounds good to me.
> 
> > >
> > >
> > > --
> > > MST

Re: [Qemu-devel] [PATCH v6 38/50] translate-all: use a binary search tree to track TBs in TBContext

2017-10-19 Thread Richard Henderson

On 10/18/2017 11:19 AM, Emilio G. Cota wrote:
> On Wed, Oct 18, 2017 at 09:41:43 +0200, Paolo Bonzini wrote:
>> On 16/10/2017 19:25, Richard Henderson wrote:
>>>   * Translation Cache-related fields of a TB.
>>> + * This struct exists just for convenience; we keep track of TB's in a 
>>> binary
>>> + * search tree, and the only fields needed to compare TB's in the tree are
>>> + * @ptr and @size. @search is brought here for consistency, since it is 
>>> also
>>> + * a TC-related field.
>>>   */
>>>  struct tb_tc {
>>>  void *ptr;/* pointer to the translated code */
>>>  uint8_t *search;  /* pointer to search data */
>>> +size_t size;
>>>  };
>>
>> Isn't search equal to ptr + size, or something like that?
> 
> It is indeed! Fixup below.
> 
> The change shrinks TranslationBlock, but it leaves performance unchanged
> (recall that we add padding after TranslationBlock to avoid cache line
> overlap between the struct and translated code).
> 
> Thanks,
> 
>   Emilio
> 
> -- >8 --
> Subject: [PATCH] fixup

Merged, thanks.


r~

Re: [Qemu-devel] [PATCH v6 25/50] tcg: Include CF_COUNT_MASK in CF_HASH_MASK

2017-10-19 Thread Richard Henderson

On 10/17/2017 09:31 PM, Emilio G. Cota wrote:
> On Mon, Oct 16, 2017 at 10:25:44 -0700, Richard Henderson wrote:
>> Signed-off-by: Richard Henderson 
> 
> Does this patch work with icount for you? On my end, aarch64
> stops booting with -icount 1.

Found it -- cpu_io_recompile needs the same sort of fix as in patch 24.  I'll
post a v7 shortly.


r~

Re: [Qemu-devel] [PATCH] translate-all: exit from tb_phys_invalidate if qht_remove fails

2017-10-19 Thread Richard Henderson

On 10/19/2017 01:31 PM, Emilio G. Cota wrote:
> Two or more threads might race while invalidating the same TB. We currently
> do not check for this at all despite taking tb_lock, which means we would
> wrongly invalidate the same TB more than once. This bug has actually been
> hit by users: I recently saw a report on IRC, although I have yet to see
> the corresponding test case.
> 
> Fix this by using qht_remove as the synchronization point; if it fails,
> that means the TB has already been invalidated, and therefore there
> is nothing left to do in tb_phys_invalidate.
> 
> Note that this solution works now that we still have tb_lock, and will
> continue working once we remove tb_lock.
> 
> Signed-off-by: Emilio G. Cota 
> 
> ---
> This patch applies on top of the "[PATCH v6 00/50] tcg tb_lock removal" 
> series:
> https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg03612.html
> ---
>  accel/tcg/translate-all.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

Applied, thanks.


r~

Re: [Qemu-devel] [PATCH v4 1/4] vhost-user: add new vhost user messages to support virtio config space

2017-10-19 Thread Michael S. Tsirkin

On Fri, Oct 20, 2017 at 01:55:20AM +, Liu, Changpeng wrote:
> 
> 
> > -Original Message-
> > From: Michael S. Tsirkin [mailto:m...@redhat.com]
> > Sent: Friday, October 20, 2017 8:28 AM
> > To: Paolo Bonzini 
> > Cc: Liu, Changpeng ; qemu-devel@nongnu.org;
> > stefa...@gmail.com; marcandre.lur...@redhat.com; fel...@nutanix.com; Harris,
> > James R 
> > Subject: Re: [PATCH v4 1/4] vhost-user: add new vhost user messages to 
> > support
> > virtio config space
> > 
> > On Thu, Oct 19, 2017 at 11:04:48PM +0200, Paolo Bonzini wrote:
> > > On 19/10/2017 19:43, Michael S. Tsirkin wrote:
> > > > On Thu, Oct 19, 2017 at 05:43:18PM +0200, Paolo Bonzini wrote:
> > > >> On 19/10/2017 17:39, Michael S. Tsirkin wrote:
> > >  Add VHOST_USER_GET_CONFIG/VHOST_USER_SET_CONFIG messages
> > which can be
> > >  used for live migration of vhost user devices, also vhost user 
> > >  devices
> > >  can benefit from the messages to get/set virtio config space from/to 
> > >  the
> > >  I/O target. For the purpose to support virtio config space change,
> > >  VHOST_USER_SET_CONFIG_FD message is added as the event notifier
> > >  in case virtio config space change in the I/O target.
> > > 
> > >  Signed-off-by: Changpeng Liu 
> > > >>> I don't much like it that config is getting passed through.
> > > >>>
> > > >>> IMO this makes managing things harder not easier.
> > > >>>
> > > >>> How about specific messages about specific parts of
> > > >>> config space that you want to get from the backend?
> > > >>
> > > >> In the case of virtio-blk that would be all of it.  Do you have a case
> > > >> in mind where some part of the configuration space is owned by QEMU?
> > > >>
> > > >> Paolo
> > > >
> > > > Yes. seg_max
> > >
> > > The seg_max limit is established by whoever reads buffers from the vring
> > > and passes them down to the lower layer.  For vhost-blk that's the
> > > device server, not QEMU.
> > >
> > > Paolo
> > 
> > Good point. How about num_queues though?
> num_queues  is part of virtio_blk config, vhost-user slave can set it, 
> and Qemu driver can rewrite it if user want less IO queues.

Fundamentally QEMU needs to support this # of queues for this
device.

So whenever QEMU doesn't always expose config space as-is,
need to document the exact semantics.

Also, does backend need to know?


> > 
> > Also why is there SET_CONFIG? Does not look like blk uses it.
> Only one possible usage when disable write cache to vhost-user slave device.

Again need to add documentation what can be written.


> > 
> > And I wonder how do we do it for other devices.
> > 
> > E.g. for net there's a bit in the middle of the
> > config field that deals with migration.
> Well, I'm okay to make those messages only valid for virtio block device, 
> because it's enough
> for virtio block to be started with vhost-user slave target.

OK but I'd rather make them at least somewhat generic so we can reuse
them down the road.  It looks like adding offset/size pair would solve
most of the issues. Thoughts?

> > 
> > 
> > --
> > MST

Re: [Qemu-devel] [PATCH v4 1/4] vhost-user: add new vhost user messages to support virtio config space

2017-10-19 Thread Liu, Changpeng



> -Original Message-
> From: Michael S. Tsirkin [mailto:m...@redhat.com]
> Sent: Friday, October 20, 2017 8:28 AM
> To: Paolo Bonzini 
> Cc: Liu, Changpeng ; qemu-devel@nongnu.org;
> stefa...@gmail.com; marcandre.lur...@redhat.com; fel...@nutanix.com; Harris,
> James R 
> Subject: Re: [PATCH v4 1/4] vhost-user: add new vhost user messages to support
> virtio config space
> 
> On Thu, Oct 19, 2017 at 11:04:48PM +0200, Paolo Bonzini wrote:
> > On 19/10/2017 19:43, Michael S. Tsirkin wrote:
> > > On Thu, Oct 19, 2017 at 05:43:18PM +0200, Paolo Bonzini wrote:
> > >> On 19/10/2017 17:39, Michael S. Tsirkin wrote:
> >  Add VHOST_USER_GET_CONFIG/VHOST_USER_SET_CONFIG messages
> which can be
> >  used for live migration of vhost user devices, also vhost user devices
> >  can benefit from the messages to get/set virtio config space from/to 
> >  the
> >  I/O target. For the purpose to support virtio config space change,
> >  VHOST_USER_SET_CONFIG_FD message is added as the event notifier
> >  in case virtio config space change in the I/O target.
> > 
> >  Signed-off-by: Changpeng Liu 
> > >>> I don't much like it that config is getting passed through.
> > >>>
> > >>> IMO this makes managing things harder not easier.
> > >>>
> > >>> How about specific messages about specific parts of
> > >>> config space that you want to get from the backend?
> > >>
> > >> In the case of virtio-blk that would be all of it.  Do you have a case
> > >> in mind where some part of the configuration space is owned by QEMU?
> > >>
> > >> Paolo
> > >
> > > Yes. seg_max
> >
> > The seg_max limit is established by whoever reads buffers from the vring
> > and passes them down to the lower layer.  For vhost-blk that's the
> > device server, not QEMU.
> >
> > Paolo
> 
> Good point. How about num_queues though?
num_queues  is part of virtio_blk config, vhost-user slave can set it, 
and Qemu driver can rewrite it if user want less IO queues.
> 
> Also why is there SET_CONFIG? Does not look like blk uses it.
Only one possible usage when disable write cache to vhost-user slave device.
> 
> And I wonder how do we do it for other devices.
> 
> E.g. for net there's a bit in the middle of the
> config field that deals with migration.
Well, I'm okay to make those messages only valid for virtio block device, 
because it's enough
for virtio block to be started with vhost-user slave target.
> 
> 
> --
> MST

Re: [Qemu-devel] [Block-io] qemu virtual machine get stuck during startup

2017-10-19 Thread Wahaha Huang

Sorry for the late reply.
Unfortunately, when it gets stuck(block at the windows welcome screen),
there are no any error messages print out, with cpu usage 9%.
I'm not quite sure whether the QEMU monitor is still work

Here is some more infomation:

1. QEMU command-line:
qemu-system-x86_64 -enable-kvm -full-screen -soundhw hda -soundhw ac97 -m
2816 -smp 2,sockets=1,cores=2,threads=1 -vga qxl -localtime -rtc
clock=vm,base=localtime -net
nic,addr=0x03,model=virtio,macaddr=C0:B1:A2:83:84:18 -net tap,ifname=b908v
-device nec-usb-xhci,id=ehci -device nec-usb-xhci,id=ehci2 -boot d -smbios
type=1,manufacturer=microcloud,product=cloudbox,version=2015,serial=microcloud,uuid=1f8e6f8e-5b74-4780-89c1-464dc1e7f319
-usbdevice tablet -display gtk -cpu host -drive
file=/pcvdata/vmtogo/user_images/9cc7-9ebee790f514a6dab92.img,cache=writeback,serial=9cc7-9ebee790f514a6dab92
-drive
file=/pcvdata/vmtogo/pri_desk/updbcc7-9ebee790f514a6dab92.img,cache=writeback,snapshot=off,serial=pridisk
-device virtio-serial,id=ser0 -chardev
socket,path=/tmp/virtio10280,server,nowait,id=virtio10280 -device
virtserialport,bus=ser0.0,chardev=virtio10280,name=com.microcloud.0 -device
virtio-serial,id=ser1 -chardev spicevmc,id=vdagent,name=vdagent -device
virtserialport,bus=ser1.0,chardev=vdagent,name=com.redhat.spice.0 -chardev
socket,path=/tmp/monitor10280,server,nowait,id=monitor10280 -mon
chardev=monitor10280,mode=readline -serial /dev/ttyS0

2. GDB info:
The 3rd thread missing as mentioned earlier
(gdb) info threads
  Id   Target Id Frame
* 1LWP 21315 "qemu-system-x86" 0x7f9a24739c8b in ppoll () from
/lib/libc.so.6
  2LWP 21316 "qemu-system-x86" 0x7f9a2473fee9 in syscall () from
/lib/libc.so.6
  3LWP 21369 "qemu-system-x86" 0x7f9a2473b697 in ioctl () from
/lib/libc.so.6
  4LWP 21370 "qemu-system-x86" 0x7f9a2473b697 in ioctl () from
/lib/libc.so.6
  5LWP 21371 "qemu-system-x86" 0x7f9a24739b9d in poll () from
/lib/libc.so.6
  6LWP 21373 "threaded-ml" 0x7f9a24739b9d in poll () from
/lib/libc.so.6
  7LWP 21374 "qemu-system-x86" 0x7f9a24a11e1d in pthread_cond_wait
() from /lib/libpthread.so.0
  8LWP 21375 "qemu-system-x86" 0x7f9a24a11e1d in pthread_cond_wait
() from /lib/libpthread.so.0


2017-10-19 21:29 GMT+08:00 Stefan Hajnoczi :

> On Thu, Oct 19, 2017 at 05:32:10PM +0800, Wahaha Huang wrote:
> > Hi there,
> > I'm a newbie of qemu(2.10.0), when i start a vm from qemu, it sometimes
> get
> > stuck,
>
> Please post your QEMU command-line and describe the behavior when it
> gets stuck.
>
> Are there any error messages?  Does the QEMU monitor still work?  Is the
> QEMU process running at 100% CPU?  etc
>
> > through gdb debugging, i found aio_worker thread(list below) missing when
> > vm get stuck,
> > but i don't know why, does anybody has further idea about this?
>
> Worker threads are temporary threads.  If there is no work to do then
> they terminate.  New worker threads are started as needed.  Therefore
> you can't assume that a specific number of worker threads exists.
>
> > (gdb) info threads
> > >
> > >   Id   Target Id Frame
> > >
> > >   1LWP 25451 "qemu-system-x86" 0x7fc62081dc8b in ppoll () from
> > >> /lib/libc.so.6
> > >
> > >   2LWP 25452 "qemu-system-x86" 0x7fc620823ee9 in syscall ()
> from
> > >> /lib/libc.so.6
> > >
> > > * 3LWP 25495 "qemu-system-x86" 0x7fc620af8e80 in ?? () from
> > >> /lib/libpthread.so.0
> > >
> > >   4LWP 25496 "qemu-system-x86" 0x7fc62081f697 in ioctl () from
> > >> /lib/libc.so.6
> > >
> > >   5LWP 25497 "qemu-system-x86" 0x7fc62081f697 in ioctl () from
> > >> /lib/libc.so.6
> > >
> > >   6LWP 25498 "qemu-system-x86" 0x7fc62081db9d in poll () from
> > >> /lib/libc.so.6
> > >
> > >   7LWP 25500 "threaded-ml" 0x7fc62081db9d in poll () from
> > >> /lib/libc.so.6
>
> This looks like PulseAudio.  I suggest disabling audio and checking if
> the hang still occurs.
>
> > >
> > >   8LWP 25501 "qemu-system-x86" 0x7fc620af5e1d in
> pthread_cond_wait
> > >> () from /lib/libpthread.so.0
> > >
> > >   9LWP 25502 "qemu-system-x86" 0x7fc620af5e1d in
> pthread_cond_wait
> > >> () from /lib/libpthread.so.0
> > >
> > > (gdb) bt
> > >
> > > #0  0x7fc620af8e80 in  () at /lib/libpthread.so.0
> > >
> > > #1  0x7fc620af8f5f in  () at /lib/libpthread.so.0
> > >
> > > #2  0x7fc620af906f in sem_timedwait () at /lib/libpthread.so.0
> > >
> > > #3  0x55b66332e585 in qemu_sem_timedwait (sem=0x55b664e6c868,
> > >> ms=1) at util/qemu-thread-posix.c:289
> > >
> > > #4  0x55b6633279b6 in worker_thread (opaque=0x55b664e6c7f0) at
> > >> util/thread-pool.c:102
> > >
> > > #5  0x7fc620aef767 in  () at /lib/libpthread.so.0
> > >
> > > #6  0x7fc62082985f in clone () at /lib/libc.so.6
>
> This is a worker thread waiting for more work to do.  It's normal.
>

[Qemu-devel] [PATCH] implement strnlen for systems that need it

2017-10-19 Thread John Arbuckle

Signed-off-by: John Arbuckle 
---
 Makefile.dtc   |  3 ++-
 libfdt/Makefile.libfdt |  2 +-
 libfdt/libfdt_env.h| 12 
 libfdt/strnlen.h   | 14 ++
 strnlen.c  | 25 +
 5 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 libfdt/strnlen.h
 create mode 100644 strnlen.c

diff --git a/Makefile.dtc b/Makefile.dtc
index bece49b..14eaa4e 100644
--- a/Makefile.dtc
+++ b/Makefile.dtc
@@ -12,7 +12,8 @@ DTC_SRCS = \
livetree.c \
srcpos.c \
treesource.c \
-   util.c
+   util.c \
+strnlen.c
 
 DTC_GEN_SRCS = dtc-lexer.lex.c dtc-parser.tab.c
 DTC_OBJS = $(DTC_SRCS:%.c=%.o) $(DTC_GEN_SRCS:%.c=%.o)
diff --git a/libfdt/Makefile.libfdt b/libfdt/Makefile.libfdt
index 098b3f3..b20a85b 100644
--- a/libfdt/Makefile.libfdt
+++ b/libfdt/Makefile.libfdt
@@ -7,5 +7,5 @@ LIBFDT_soname = libfdt.$(SHAREDLIB_EXT).1
 LIBFDT_INCLUDES = fdt.h libfdt.h libfdt_env.h
 LIBFDT_VERSION = version.lds
 LIBFDT_SRCS = fdt.c fdt_ro.c fdt_wip.c fdt_sw.c fdt_rw.c fdt_strerror.c 
fdt_empty_tree.c \
-   fdt_addresses.c fdt_overlay.c
+   fdt_addresses.c fdt_overlay.c strnlen.c
 LIBFDT_OBJS = $(LIBFDT_SRCS:%.c=%.o)
diff --git a/libfdt/libfdt_env.h b/libfdt/libfdt_env.h
index 952056c..a25a615 100644
--- a/libfdt/libfdt_env.h
+++ b/libfdt/libfdt_env.h
@@ -109,4 +109,16 @@ static inline fdt64_t cpu_to_fdt64(uint64_t x)
 #undef CPU_TO_FDT16
 #undef EXTRACT_BYTE
 
+#ifdef __APPLE__
+#include 
+
+#define MAC_OS_X_VERSION_10_7 1070
+
+/* strnlen() is not available on Mac OS < 10.7 */
+# if (MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_7)
+#include "strnlen.h"
+#endif /* (MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_7) */
+
+#endif /* __APPLE__ */
+
 #endif /* _LIBFDT_ENV_H */
diff --git a/libfdt/strnlen.h b/libfdt/strnlen.h
new file mode 100644
index 000..62a45c0
--- /dev/null
+++ b/libfdt/strnlen.h
@@ -0,0 +1,14 @@
+/*
+ * File: strnlen.h
+ * Date: 10-19-2017
+ * Description: Implements functions that may be missing on the host system
+ */
+
+#ifndef STRNLEN
+#define STRNLEN
+
+#include 
+
+size_t strnlen(const char *string, size_t max_count);
+
+#endif /* STRNLEN */
diff --git a/strnlen.c b/strnlen.c
new file mode 100644
index 000..3559c6f
--- /dev/null
+++ b/strnlen.c
@@ -0,0 +1,25 @@
+/*
+ * File: strnlen.c
+ * Date: 10-19-2017
+ * Description: Implement the strnlen() function for platforms that need it
+ */
+
+#include 
+#include "strnlen.h"
+
+/* 
+ * strnlen: returns the length of a string or max_count - which ever is 
smallest
+ * Input 1 string: the string whose size is to be determined
+ * Input 2 max_count: the maximum value returned by this function
+ * Output: length of the string or max_count (the smallest of the two)
+ */
+size_t strnlen(const char *string, size_t max_count)
+{
+int count;
+for(count = 0; count < max_count; count++) {
+if (string[count] == '\0') {
+break;
+}
+}
+return count;
+}
-- 
2.10.2

Re: [Qemu-devel] [PATCH v4 2/4] vhost-user-blk: introduce a new vhost-user-blk host device

2017-10-19 Thread Liu, Changpeng



> -Original Message-
> From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
> Sent: Thursday, October 19, 2017 11:18 PM
> To: Liu, Changpeng 
> Cc: qemu-devel@nongnu.org; pbonz...@redhat.com; m...@redhat.com;
> marcandre.lur...@redhat.com; fel...@nutanix.com; Harris, James R
> 
> Subject: Re: [PATCH v4 2/4] vhost-user-blk: introduce a new vhost-user-blk 
> host
> device
> 
> On Thu, Oct 19, 2017 at 01:24:08PM +0800, Changpeng Liu wrote:
> > This commit introduces a new vhost-user device for block, it uses a
> > chardev to connect with the backend, same with Qemu virito-blk device,
> > Guest OS still uses the virtio-blk frontend driver.
> >
> > To use it, start Qemu with command line like this:
> >
> > qemu-system-x86_64 \
> > -chardev socket,id=char0,path=/path/vhost.socket \
> > -device vhost-user-blk-pci,chardev=char0,num_queues=1, \
> > bootindex=2... \
> >
> > Users can use different parameters for `num_queues` and `bootindex`.
> >
> > Different with exist Qemu virtio-blk host device, it makes more easy
> > for users to implement their own I/O processing logic, such as all
> > user space I/O stack against hardware block device. It uses the new
> > vhost messages(VHOST_USER_GET_CONFIG) to get block virtio config
> > information from backend process.
> >
> > Signed-off-by: Changpeng Liu 
> > ---
> >  configure  |  11 ++
> >  hw/block/Makefile.objs |   3 +
> >  hw/block/vhost-user-blk.c  | 360
> +
> >  hw/virtio/virtio-pci.c |  55 ++
> >  hw/virtio/virtio-pci.h |  18 ++
> >  include/hw/virtio/vhost-user-blk.h |  40 +
> >  6 files changed, 487 insertions(+)
> >  create mode 100644 hw/block/vhost-user-blk.c
> >  create mode 100644 include/hw/virtio/vhost-user-blk.h
> >
> > diff --git a/configure b/configure
> > index 663e908..f2b348f 100755
> > --- a/configure
> > +++ b/configure
> > @@ -318,6 +318,7 @@ tcg="yes"
> >
> >  vhost_net="no"
> >  vhost_scsi="no"
> > +vhost_user_blk="no"
> >  vhost_vsock="no"
> >  vhost_user=""
> >  kvm="no"
> > @@ -782,6 +783,7 @@ Linux)
> >kvm="yes"
> >vhost_net="yes"
> >vhost_scsi="yes"
> > +  vhost_user_blk="yes"
> >vhost_vsock="yes"
> >QEMU_INCLUDES="-I\$(SRC_PATH)/linux-headers -I$(pwd)/linux-headers
> $QEMU_INCLUDES"
> >supported_os="yes"
> > @@ -1139,6 +1141,10 @@ for opt do
> >;;
> >--enable-vhost-scsi) vhost_scsi="yes"
> >;;
> > +  --disable-vhost-user-blk) vhost_user_blk="no"
> > +  ;;
> > +  --enable-vhost-user-blk) vhost_user_blk="yes"
> > +  ;;
> >--disable-vhost-vsock) vhost_vsock="no"
> >;;
> >--enable-vhost-vsock) vhost_vsock="yes"
> > @@ -1511,6 +1517,7 @@ disabled with --disable-FEATURE, default is enabled if
> available:
> >cap-ng  libcap-ng support
> >attrattr and xattr support
> >vhost-net   vhost-net acceleration support
> > +  vhost-user-blk  VM virtio-blk acceleration in user space
> >spice   spice
> >rbd rados block device (rbd)
> >libiscsiiscsi support
> > @@ -5417,6 +5424,7 @@ echo "posix_madvise $posix_madvise"
> >  echo "libcap-ng support $cap_ng"
> >  echo "vhost-net support $vhost_net"
> >  echo "vhost-scsi support $vhost_scsi"
> > +echo "vhost-user-blk support $vhost_user_blk"
> >  echo "vhost-vsock support $vhost_vsock"
> >  echo "vhost-user support $vhost_user"
> >  echo "Trace backends$trace_backends"
> > @@ -5845,6 +5853,9 @@ fi
> >  if test "$vhost_scsi" = "yes" ; then
> >echo "CONFIG_VHOST_SCSI=y" >> $config_host_mak
> >  fi
> > +if test "$vhost_user_blk" = "yes" -a "$vhost_user" = "yes"; then
> > +  echo "CONFIG_VHOST_USER_BLK=y" >> $config_host_mak
> > +fi
> >  if test "$vhost_net" = "yes" -a "$vhost_user" = "yes"; then
> >echo "CONFIG_VHOST_NET_USED=y" >> $config_host_mak
> >  fi
> > diff --git a/hw/block/Makefile.objs b/hw/block/Makefile.objs
> > index e0ed980..4c19a58 100644
> > --- a/hw/block/Makefile.objs
> > +++ b/hw/block/Makefile.objs
> > @@ -13,3 +13,6 @@ obj-$(CONFIG_SH4) += tc58128.o
> >
> >  obj-$(CONFIG_VIRTIO) += virtio-blk.o
> >  obj-$(CONFIG_VIRTIO) += dataplane/
> > +ifeq ($(CONFIG_VIRTIO),y)
> > +obj-$(CONFIG_VHOST_USER_BLK) += vhost-user-blk.o
> > +endif
> > diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
> > new file mode 100644
> > index 000..8aa9fa9
> > --- /dev/null
> > +++ b/hw/block/vhost-user-blk.c
> > @@ -0,0 +1,360 @@
> > +/*
> > + * vhost-user-blk host device
> > + *
> > + * Copyright IBM, Corp. 2011
> > + * Copyright(C) 2017 Intel Corporation.
> > + *
> > + * Authors:
> > + *  Stefan Hajnoczi 
> > + *  Changpeng Liu 
> 
> This gives the impression that IBM originally authored this code but
> little copied code is actually in this file.  Feel free to put your own
> copyright and

Re: [Qemu-devel] [PATCH v4 4/4] contrib/vhost-user-blk: introduce a vhost-user-blk sample application

2017-10-19 Thread Liu, Changpeng



> -Original Message-
> From: Paolo Bonzini [mailto:pbonz...@redhat.com]
> Sent: Thursday, October 19, 2017 7:44 PM
> To: Liu, Changpeng ; qemu-devel@nongnu.org
> Cc: stefa...@gmail.com; m...@redhat.com; marcandre.lur...@redhat.com;
> fel...@nutanix.com; Harris, James R 
> Subject: Re: [PATCH v4 4/4] contrib/vhost-user-blk: introduce a vhost-user-blk
> sample application
> 
> On 19/10/2017 07:24, Changpeng Liu wrote:
> >
> > +}
> > +
> > +static void
> > +vub_flush(VubReq *req)
> > +{
> > +VubDev *vdev_blk = req->vdev_blk;
> > +
> > +if (vdev_blk->blk_fd) {
> > +fsync(vdev_blk->blk_fd);
> > +}
> > +}
> > +
> 
> No need to check the file descriptor---vub_readv and vub_writev aren't
> checking it either.  Also please use fdatasync instead of fsync.
Ok.
> 
> > +static uint64_t
> > +vub_get_features(VuDev *dev)
> > +{
> > +return 1ull << VIRTIO_BLK_F_SIZE_MAX |
> > +   1ull << VIRTIO_BLK_F_SEG_MAX |
> > +   1ull << VIRTIO_BLK_F_TOPOLOGY |
> > +   1ull << VIRTIO_BLK_F_BLK_SIZE |
> > +   1ull << VIRTIO_F_VERSION_1 |
> > +   1ull << VHOST_USER_F_PROTOCOL_FEATURES;
> > +}
> 
> VIRTIO_BLK_F_FLUSH is missing.
Yes, will add.
> 
> Thanks,
> 
> Paolo

Re: [Qemu-devel] [PATCH v4 2/4] vhost-user-blk: introduce a new vhost-user-blk host device

2017-10-19 Thread Liu, Changpeng



> -Original Message-
> From: Paolo Bonzini [mailto:pbonz...@redhat.com]
> Sent: Thursday, October 19, 2017 7:33 PM
> To: Liu, Changpeng ; qemu-devel@nongnu.org
> Cc: stefa...@gmail.com; m...@redhat.com; marcandre.lur...@redhat.com;
> fel...@nutanix.com; Harris, James R 
> Subject: Re: [PATCH v4 2/4] vhost-user-blk: introduce a new vhost-user-blk 
> host
> device
> 
> On 19/10/2017 07:24, Changpeng Liu wrote:
> >;;
> >--enable-vhost-scsi) vhost_scsi="yes"
> >;;
> > +  --disable-vhost-user-blk) vhost_user_blk="no"
> > +  ;;
> > +  --enable-vhost-user-blk) vhost_user_blk="yes"
> > +  ;;
> >--disable-vhost-vsock) vhost_vsock="no"
> >;;
> >--enable-vhost-vsock) vhost_vsock="yes"
> > @@ -1511,6 +1517,7 @@ disabled with --disable-FEATURE, default is enabled if
> available:
> >cap-ng  libcap-ng support
> >attrattr and xattr support
> >vhost-net   vhost-net acceleration support
> > +  vhost-user-blk  VM virtio-blk acceleration in user space
> 
> Please use default-configs instead of a new configure switch.  See how
> CONFIG_VHOST_USER_SCSI is used in default-configs/pci.mak and
> default-configs/s390x-softmmu.mak.
Ok, thanks.
> 
> >
> > +static const int user_feature_bits[] = {
> > +VIRTIO_BLK_F_SIZE_MAX,
> > +VIRTIO_BLK_F_SEG_MAX,
> > +VIRTIO_BLK_F_GEOMETRY,
> > +VIRTIO_BLK_F_BLK_SIZE,
> > +VIRTIO_BLK_F_TOPOLOGY,
> > +VIRTIO_BLK_F_SCSI,
> 
> Please omit VIRTIO_BLK_F_SCSI, it's a legacy option that is not anymore
> part of virtio 1.0.
ok
> 
> > +VIRTIO_BLK_F_MQ,
> > +VIRTIO_BLK_F_RO,
> > +VIRTIO_BLK_F_FLUSH,
> > +VIRTIO_BLK_F_BARRIER,
> 
> Same for VIRTIO_BLK_F_BARRIER.
> 
> > +VIRTIO_BLK_F_WCE,
> 
> And VIRTIO_BLK_F_WCE is the same as VIRTIO_BLK_F_FLUSH, so it can be
> removed too.  Please include VIRTIO_BLK_F_CONFIG_WCE instead, since you
> are supporting it in vhost_user_blk_set_config.
Ok.
> 
> > +VIRTIO_F_VERSION_1,
> > +VIRTIO_RING_F_INDIRECT_DESC,
> > +VIRTIO_RING_F_EVENT_IDX,
> > +VIRTIO_F_NOTIFY_ON_EMPTY,
> > +VHOST_INVALID_FEATURE_BIT
> > +};
> 
> >
> > +static const TypeInfo vhost_user_blk_info = {
> > +.name = TYPE_VHOST_USER_BLK,
> > +.parent = TYPE_VIRTIO_DEVICE,
> > +.instance_size = sizeof(VHostUserBlk),
> > +.instance_init = vhost_user_blk_instance_init,
> > +.class_init = vhost_user_blk_class_init,
> > +};
> > +
> 
> There is some code duplication, so maybe it's worth introducing a common
> superclass like TYPE_VIRTIO_SCSI_COMMON.  I'll let others comment on
> whether this is a requirement.
> 
> Paolo

Re: [Qemu-devel] [RFC 0/6] enable numa configuration before machine_init() from HMP/QMP

2017-10-19 Thread David Gibson

On Thu, Oct 19, 2017 at 02:23:04PM +0200, Paolo Bonzini wrote:
> On 19/10/2017 13:49, David Gibson wrote:
> > Note that describing socket/core/thread tuples as arch independent (or
> > even machine independent) is.. debatable.  I mean it's flexible enough
> > that most platforms can be fit to that scheme without too much
> > straining.  But, there's no arch independent way of defining what each
> > level means in terms of its properties.
> > 
> > So, for example, on spapr - being paravirt - there's no real
> > distinction between cores and sockets, how you divide them up is
> > completely arbitrary.
> 
> Same on x86, actually.
> 
> It's _common_ that cores on the same socket share L3 cache and that a
> socket spans an integer number of NUMA nodes, but it doesn't have to be
> that way.
> 
> QEMU currently enforces the former (if it tells the guest at all that
> there is an L3 cache), but not the latter.

Ok.  Correct me if I'm wrong, but doesn't ACPI describe the NUMA
architecture in terms of this thread/core/socket heirarchy?  That's
not true for PAPR, where the NUMA topology is described in an
independent set of (potentially arbitrarily nested) nodes.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [RFC 4/6] CLI: add -paused option

2017-10-19 Thread David Gibson

On Thu, Oct 19, 2017 at 10:15:48PM -0200, Eduardo Habkost wrote:
> On Thu, Oct 19, 2017 at 09:42:18PM +1100, David Gibson wrote:
> > On Mon, Oct 16, 2017 at 02:59:16PM -0200, Eduardo Habkost wrote:
> > > On Mon, Oct 16, 2017 at 06:22:54PM +0200, Igor Mammedov wrote:
> > > > Signed-off-by: Igor Mammedov 
> > > > ---
> > > >  include/sysemu/sysemu.h |  1 +
> > > >  qemu-options.hx | 15 ++
> > > >  qmp.c   |  5 +
> > > >  vl.c| 54 
> > > > -
> > > >  4 files changed, 74 insertions(+), 1 deletion(-)
> > > > 
> > > > diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
> > > > index b213696..3feb94f 100644
> > > > --- a/include/sysemu/sysemu.h
> > > > +++ b/include/sysemu/sysemu.h
> > > > @@ -66,6 +66,7 @@ typedef enum WakeupReason {
> > > >  QEMU_WAKEUP_REASON_OTHER,
> > > >  } WakeupReason;
> > > >  
> > > > +void qemu_exit_preconfig_request(void);
> > > >  void qemu_system_reset_request(ShutdownCause reason);
> > > >  void qemu_system_suspend_request(void);
> > > >  void qemu_register_suspend_notifier(Notifier *notifier);
> > > > diff --git a/qemu-options.hx b/qemu-options.hx
> > > > index 39225ae..bd44db8 100644
> > > > --- a/qemu-options.hx
> > > > +++ b/qemu-options.hx
> > > > @@ -3498,6 +3498,21 @@ STEXI
> > > >  Run the emulation in single step mode.
> > > >  ETEXI
> > > >  
> > > > +DEF("paused", HAS_ARG, QEMU_OPTION_paused, \
> > > > +"-paused [state=]postconf|preconf\n"
> > > > +"postconf: pause QEMU after machine is 
> > > > initialized\n"
> > > > +"preconf: pause QEMU before machine is 
> > > > initialized\n",
> > > > +QEMU_ARCH_ALL)
> > > 
> > > I would like to allow pausing before machine-type is selected, so
> > > management could run query-machines before choosing a
> > > machine-type.  Would that need a third "-pause" mode, or will we
> > > be able to change "preconf" to pause before select_machine() is
> > > called?
> > > 
> > > The same probably applies to other things initialized before
> > > machine_run_board_init() that could be configurable using QMP,
> > > including but not limited to:
> > > * Accelerator configuration
> > > * Registering global properties
> > > * RAM size
> > > * SMP/CPU configuration
> > 
> > Yeah.. having a bunch of different possible pause stages to select
> > doesn't sound great.
> 
> I agree.  The number of externally visible pause states should be
> as small as possible.
> 
> 
> >   Could we avoid this by instead changing -S to
> > pause at the earliest possible spot, but having any monitor commands
> > that require a later stage automatically "fast forwarding" to the
> > right phase?
> 
> That would hide the internal details from the outside.  Sounds
> nice, but adding new machine/device configuration QMP commands
> while hiding the QEMU state from the outside sounds impossible.
> 
> For example, if we use -S today, this works:
> 
>   $ qemu-system-x86_64 -S -qmp stdio
>   <- {"QMP": {"version": {"qemu": {"micro": 0, "minor": 10, "major": 2}, 
> "package": " (v2.10.0-83-g9375da7831)"}, "capabilities": []}}
>   -> {"execute":"qmp_capabilities"}
>   <- {"return": {}}
>   -> {"execute":"query-cpus"}
>   <- {"return": [{"arch": "x86", "current": true, "props": {"core-id": 0, 
> "thread-id": 0, "socket-id": 0}, "CPU": 0, "qom_path": 
> "/machine/unattached/device[0]", "pc": 4294967280, "halted": false, 
> "thread_id": 4038}]}
> 
> This means "query-cpus" needs to fast-forward to the CPU creation
> stage if we want to keep compatibility.
> 
> Now, assume we add a set-numa-node command like the one in this
> series.  e.g.:
> 
>   $ qemu-system-x86_64 -S -qmp stdio
>   <- {"QMP": {"version": {"qemu": {"micro": 0, "minor": 10, "major": 2}, 
> "package": " (v2.10.0-83-g9375da7831)"}, "capabilities": []}}
>   -> {"execute":"qmp_capabilities"}
>   <- {"return": {}}
>   -> {"execute":"set-numa-node" ... }
>   <- {"return": ...}
> 
> The command will work only if machine initialization didn't run
> yet.
> 
> But now an innocent-looking query command would change QEMU state
> in an unexpected way:
> 
>   $ qemu-system-x86_64 -S -qmp stdio
>   <- {"QMP": {"version": {"qemu": {"micro": 0, "minor": 10, "major": 2}, 
> "package": " (v2.10.0-83-g9375da7831)"}, "capabilities": []}}
>   -> {"execute":"qmp_capabilities"}
>   <- {"return": {}}
>   -> {"execute":"query-cpus"}  [will silently fast-forward QEMU state]
>   <- {"return": [{"arch": "x86", "current": true, "props": {"core-id": 0, 
> "thread-id": 0, "socket-id": 0}, "CPU": 0, "qom_path": 
> "/machine/unattached/device[0]", "pc": 4294967280, "halted": false, 
> "thread_id": 4038}]}
>   -> {"execute":"set-numa-node" ... }
>   <- {"error": ...}  [the command will fail because the machine was already 
> created]
> 
> This means we do have a externally visible "too late to use
> set-numa-node" QEMU state, and query-cpus

Re: [Qemu-devel] [PATCH] docker: Fix PATH for ccache

2017-10-19 Thread Fam Zheng

On Wed, 10/18 15:38, Fam Zheng wrote:
> Before bcd7f06f57fb6f780a3e2f7a46c22b6f6c8238aa we source /etc/profile
> so the PATH included the right paths to ccache binaries. Now we need to
> update $PATH explicitly from run script.
> 
> Keep the old /usr/lib around just so that in the future, ccache from 32
> bit images will just work.
> 
> Signed-off-by: Fam Zheng 
> ---
>  tests/docker/run | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tests/docker/run b/tests/docker/run
> index 642084bcb8..9dd362bb98 100755
> --- a/tests/docker/run
> +++ b/tests/docker/run
> @@ -18,7 +18,7 @@ fi
>  BASE="$(dirname $(readlink -e $0))"
>  
>  # Prepare the environment
> -export PATH=/usr/lib/ccache:$PATH
> +export PATH=/usr/lib/ccache:/usr/lib64/ccache:$PATH
>  
>  if test -n "$J"; then
>  export MAKEFLAGS="$MAKEFLAGS -j$J"
> -- 
> 2.13.5
> 

Queued, thanks!

Fam

Re: [Qemu-devel] [PATCH v3 33/46] hw/scsi: Replace fprintf(stderr, "*\n" with error_report()

2017-10-19 Thread David Gibson

On Thu, Oct 19, 2017 at 09:17:40AM -0700, Alistair Francis wrote:
> Replace a large number of the fprintf(stderr, "*\n" calls with
> error_report(). The functions were renamed with these commands and then
> compiler issues where manually fixed.
> 
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N;N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N;N; {s|fprintf(stderr, 
> "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N;N; {s|fprintf(stderr, "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' 
> \
> {} +
> find ./* -type f -exec sed -i \
> 'N;N; {s|fprintf(stderr, "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> find ./* -type f -exec sed -i \
> 'N; {s|fprintf(stderr, "\(.*\)\\n"\(.*\));|error_report("\1"\2);|Ig}' \
> {} +
> 
> Some lines where then manually tweaked to pass checkpatch.
> 
> Signed-off-by: Alistair Francis 
> Cc: Paolo Bonzini 
> Cc: David Gibson 
> Cc: Alexander Graf 
> ---
> V2:
>  - Split hw patch into individual directories
> 
>  hw/scsi/lsi53c895a.c|  4 ++--
>  hw/scsi/spapr_vscsi.c   | 49 
> +
>  hw/scsi/virtio-scsi-dataplane.c |  6 ++---
>  3 files changed, 30 insertions(+), 29 deletions(-)

virtio_scsi part

Acked-by: David Gibson 

> 
> diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
> index 191505df5b..7c9a930e2f 100644
> --- a/hw/scsi/lsi53c895a.c
> +++ b/hw/scsi/lsi53c895a.c
> @@ -14,7 +14,7 @@
>   */
>  
>  #include "qemu/osdep.h"
> -
> +#include "qemu/error-report.h"
>  #include "hw/hw.h"
>  #include "hw/pci/pci.h"
>  #include "hw/scsi/scsi.h"
> @@ -1501,7 +1501,7 @@ again:
> This is apparently sufficient to beat the drivers into submission.
>   */
>  if (!(s->sien0 & LSI_SIST0_UDC))
> -fprintf(stderr, "inf. loop with UDC masked\n");
> +error_report("inf. loop with UDC masked");
>  lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
>  lsi_disconnect(s);
>  } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
> diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c
> index 360db53ac8..8c4eabcf3d 100644
> --- a/hw/scsi/spapr_vscsi.c
> +++ b/hw/scsi/spapr_vscsi.c
> @@ -32,6 +32,7 @@
>   *  - Maybe do autosense (PAPR seems to mandate it, linux doesn't care)
>   */
>  #include "qemu/osdep.h"
> +#include "qemu/error-report.h"
>  #include "qemu-common.h"
>  #include "cpu.h"
>  #include "hw/hw.h"
> @@ -179,7 +180,7 @@ static int vscsi_send_iu(VSCSIState *s, vscsi_req *req,
>  rc = spapr_vio_dma_write(>vdev, req->crq.s.IU_data_ptr,
>   >iu, length);
>  if (rc) {
> -fprintf(stderr, "vscsi_send_iu: DMA write failure !\n");
> +error_report("vscsi_send_iu: DMA write failure !");
>  }
>  
>  req->crq.s.valid = 0x80;
> @@ -197,7 +198,7 @@ static int vscsi_send_iu(VSCSIState *s, vscsi_req *req,
>  
>  rc1 = spapr_vio_send_crq(>vdev, req->crq.raw);
>  if (rc1) {
> -fprintf(stderr, "vscsi_send_iu: Error sending response\n");
> +error_report("vscsi_send_iu: Error sending response");
>  return rc1;
>  }
>  
> @@ -330,7 +331,7 @@ static int vscsi_fetch_desc(VSCSIState *s, struct 
> vscsi_req *req,
>  break;
>  }
>  default:
> -fprintf(stderr, "VSCSI:   Unknown format %x\n", req->dma_fmt);
> +error_report("VSCSI:   Unknown format %x", req->dma_fmt);
>  return -1;
>  }
>  
> @@ -518,7 +519,7 @@ static void vscsi_transfer_data(SCSIRequest *sreq, 
> uint32_t len)
>  
>  trace_spapr_vscsi_transfer_data(sreq->tag, len, req);
>  if (req == NULL) {
> -fprintf(stderr, "VSCSI: Can't find request for tag 0x%x\n", 
> sreq->tag);
> +error_report("VSCSI: Can't find request for tag 0x%x", sreq->tag);
>  return;
>  }
>  
> @@ -527,7 +528,7 @@ static void vscsi_transfer_data(SCSIRequest

Re: [Qemu-devel] [PATCH qemu v3] RFC: ppc/spapr: Receive and store device tree blob from SLOF

2017-10-19 Thread Alexey Kardashevskiy

On 19/10/17 17:24, David Gibson wrote:
> On Tue, Oct 17, 2017 at 04:55:03PM +1100, Alexey Kardashevskiy wrote:
>> On 16/10/17 20:36, David Gibson wrote:
>>> On Mon, Oct 16, 2017 at 04:20:04PM +1100, Alexey Kardashevskiy
>> wrote:
> [snip]
>>> ||
>>>
>>> Yeah.. this is all a bit complicated, I'm really thinking about a
>>> fdt_fsck() function for libfdt.
>>
>>
>> Oh. So what now? Do as below or wait for libdtc update?
> 
> So I started hacking on this.  It's a bit fiddlier to get right than I
> anticipated.  How about you make a placeholder function to "test" the
> tree for now, with a comment that it will be updated once the libfdt
> extensions are there.

What would the placeholder do? Nothing or my proposed "FDT_CHK" thingy?

Are we in a hurry with this one at all, or I can wait till libfdt gets this
fsck()?


-- 
Alexey



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v4 1/4] vhost-user: add new vhost user messages to support virtio config space

2017-10-19 Thread Michael S. Tsirkin

On Thu, Oct 19, 2017 at 11:04:48PM +0200, Paolo Bonzini wrote:
> On 19/10/2017 19:43, Michael S. Tsirkin wrote:
> > On Thu, Oct 19, 2017 at 05:43:18PM +0200, Paolo Bonzini wrote:
> >> On 19/10/2017 17:39, Michael S. Tsirkin wrote:
>  Add VHOST_USER_GET_CONFIG/VHOST_USER_SET_CONFIG messages which can be
>  used for live migration of vhost user devices, also vhost user devices
>  can benefit from the messages to get/set virtio config space from/to the
>  I/O target. For the purpose to support virtio config space change,
>  VHOST_USER_SET_CONFIG_FD message is added as the event notifier
>  in case virtio config space change in the I/O target.
> 
>  Signed-off-by: Changpeng Liu 
> >>> I don't much like it that config is getting passed through.
> >>>
> >>> IMO this makes managing things harder not easier.
> >>>
> >>> How about specific messages about specific parts of
> >>> config space that you want to get from the backend?
> >>
> >> In the case of virtio-blk that would be all of it.  Do you have a case
> >> in mind where some part of the configuration space is owned by QEMU?
> >>
> >> Paolo
> > 
> > Yes. seg_max
> 
> The seg_max limit is established by whoever reads buffers from the vring
> and passes them down to the lower layer.  For vhost-blk that's the
> device server, not QEMU.
> 
> Paolo

Good point. How about num_queues though?

Also why is there SET_CONFIG? Does not look like blk uses it.

And I wonder how do we do it for other devices.

E.g. for net there's a bit in the middle of the
config field that deals with migration.


-- 
MST

Re: [Qemu-devel] [RFC 4/6] CLI: add -paused option

2017-10-19 Thread Eduardo Habkost

On Thu, Oct 19, 2017 at 09:42:18PM +1100, David Gibson wrote:
> On Mon, Oct 16, 2017 at 02:59:16PM -0200, Eduardo Habkost wrote:
> > On Mon, Oct 16, 2017 at 06:22:54PM +0200, Igor Mammedov wrote:
> > > Signed-off-by: Igor Mammedov 
> > > ---
> > >  include/sysemu/sysemu.h |  1 +
> > >  qemu-options.hx | 15 ++
> > >  qmp.c   |  5 +
> > >  vl.c| 54 
> > > -
> > >  4 files changed, 74 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
> > > index b213696..3feb94f 100644
> > > --- a/include/sysemu/sysemu.h
> > > +++ b/include/sysemu/sysemu.h
> > > @@ -66,6 +66,7 @@ typedef enum WakeupReason {
> > >  QEMU_WAKEUP_REASON_OTHER,
> > >  } WakeupReason;
> > >  
> > > +void qemu_exit_preconfig_request(void);
> > >  void qemu_system_reset_request(ShutdownCause reason);
> > >  void qemu_system_suspend_request(void);
> > >  void qemu_register_suspend_notifier(Notifier *notifier);
> > > diff --git a/qemu-options.hx b/qemu-options.hx
> > > index 39225ae..bd44db8 100644
> > > --- a/qemu-options.hx
> > > +++ b/qemu-options.hx
> > > @@ -3498,6 +3498,21 @@ STEXI
> > >  Run the emulation in single step mode.
> > >  ETEXI
> > >  
> > > +DEF("paused", HAS_ARG, QEMU_OPTION_paused, \
> > > +"-paused [state=]postconf|preconf\n"
> > > +"postconf: pause QEMU after machine is initialized\n"
> > > +"preconf: pause QEMU before machine is 
> > > initialized\n",
> > > +QEMU_ARCH_ALL)
> > 
> > I would like to allow pausing before machine-type is selected, so
> > management could run query-machines before choosing a
> > machine-type.  Would that need a third "-pause" mode, or will we
> > be able to change "preconf" to pause before select_machine() is
> > called?
> > 
> > The same probably applies to other things initialized before
> > machine_run_board_init() that could be configurable using QMP,
> > including but not limited to:
> > * Accelerator configuration
> > * Registering global properties
> > * RAM size
> > * SMP/CPU configuration
> 
> Yeah.. having a bunch of different possible pause stages to select
> doesn't sound great.

I agree.  The number of externally visible pause states should be
as small as possible.


>   Could we avoid this by instead changing -S to
> pause at the earliest possible spot, but having any monitor commands
> that require a later stage automatically "fast forwarding" to the
> right phase?

That would hide the internal details from the outside.  Sounds
nice, but adding new machine/device configuration QMP commands
while hiding the QEMU state from the outside sounds impossible.

For example, if we use -S today, this works:

  $ qemu-system-x86_64 -S -qmp stdio
  <- {"QMP": {"version": {"qemu": {"micro": 0, "minor": 10, "major": 2}, 
"package": " (v2.10.0-83-g9375da7831)"}, "capabilities": []}}
  -> {"execute":"qmp_capabilities"}
  <- {"return": {}}
  -> {"execute":"query-cpus"}
  <- {"return": [{"arch": "x86", "current": true, "props": {"core-id": 0, 
"thread-id": 0, "socket-id": 0}, "CPU": 0, "qom_path": 
"/machine/unattached/device[0]", "pc": 4294967280, "halted": false, 
"thread_id": 4038}]}

This means "query-cpus" needs to fast-forward to the CPU creation
stage if we want to keep compatibility.

Now, assume we add a set-numa-node command like the one in this
series.  e.g.:

  $ qemu-system-x86_64 -S -qmp stdio
  <- {"QMP": {"version": {"qemu": {"micro": 0, "minor": 10, "major": 2}, 
"package": " (v2.10.0-83-g9375da7831)"}, "capabilities": []}}
  -> {"execute":"qmp_capabilities"}
  <- {"return": {}}
  -> {"execute":"set-numa-node" ... }
  <- {"return": ...}

The command will work only if machine initialization didn't run
yet.

But now an innocent-looking query command would change QEMU state
in an unexpected way:

  $ qemu-system-x86_64 -S -qmp stdio
  <- {"QMP": {"version": {"qemu": {"micro": 0, "minor": 10, "major": 2}, 
"package": " (v2.10.0-83-g9375da7831)"}, "capabilities": []}}
  -> {"execute":"qmp_capabilities"}
  <- {"return": {}}
  -> {"execute":"query-cpus"}  [will silently fast-forward QEMU state]
  <- {"return": [{"arch": "x86", "current": true, "props": {"core-id": 0, 
"thread-id": 0, "socket-id": 0}, "CPU": 0, "qom_path": 
"/machine/unattached/device[0]", "pc": 4294967280, "halted": false, 
"thread_id": 4038}]}
  -> {"execute":"set-numa-node" ... }
  <- {"error": ...}  [the command will fail because the machine was already 
created]

This means we do have a externally visible "too late to use
set-numa-node" QEMU state, and query-cpus will have a externally
visible side effect.  Every QMP command would need to document
how it affects QEMU state in a externally visible way.

If QEMU pause state is still going to be externally visible this
way, I would prefer to let the client to explicitly tell what's
the state they want QEMU to be, instead of

[Qemu-devel] [Bug 1719196] Re: [arm64 ocata] newly created instances are unable to raise network interfaces

2017-10-19 Thread Sean Feole

I've testing with the same packages listed in comment #28,  Confirmed
that this now works..

See attached log

** Attachment added: "novaout.txt"
   
https://bugs.launchpad.net/libvirt/+bug/1719196/+attachment/4977254/+files/novaout.txt

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1719196

Title:
  [arm64 ocata] newly created instances are unable to raise network
  interfaces

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Triaged
Status in libvirt:
  New
Status in QEMU:
  Fix Released
Status in libvirt package in Ubuntu:
  Invalid
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Zesty:
  Incomplete

Bug description:
  arm64 Ocata ,

  I'm testing to see I can get Ocata running on arm64 and using the
  openstack-base bundle to deploy it.  I have added the bundle to the
  log file attached to this bug.

  When I create a new instance via nova, the VM comes up and runs,
  however fails to raise its eth0 interface. This occurs on both
  internal and external networks.

  ubuntu@openstackaw:~$ nova list
  
+--+-+++-++
  | ID   | Name| Status | Task State | 
Power State | Networks   |
  
+--+-+++-++
  | dcaf6d51-f81e-4cbd-ac77-0c5d21bde57c | sfeole1 | ACTIVE | -  | 
Running | internal=10.5.5.3  |
  | aa0b8aee-5650-41f4-8fa0-aeccdc763425 | sfeole2 | ACTIVE | -  | 
Running | internal=10.5.5.13 |
  
+--+-+++-++
  ubuntu@openstackaw:~$ nova show aa0b8aee-5650-41f4-8fa0-aeccdc763425
  
+--+--+
  | Property | Value
|
  
+--+--+
  | OS-DCF:diskConfig| MANUAL   
|
  | OS-EXT-AZ:availability_zone  | nova 
|
  | OS-EXT-SRV-ATTR:host | awrep3   
|
  | OS-EXT-SRV-ATTR:hypervisor_hostname  | awrep3.maas  
|
  | OS-EXT-SRV-ATTR:instance_name| instance-0003
|
  | OS-EXT-STS:power_state   | 1
|
  | OS-EXT-STS:task_state| -
|
  | OS-EXT-STS:vm_state  | active   
|
  | OS-SRV-USG:launched_at   | 2017-09-24T14:23:08.00   
|
  | OS-SRV-USG:terminated_at | -
|
  | accessIPv4   |  
|
  | accessIPv6   |  
|
  | config_drive |  
|
  | created  | 2017-09-24T14:22:41Z 
|
  | flavor   | m1.small 
(717660ae-0440-4b19-a762-ffeb32a0575c)  |
  | hostId   | 
5612a00671c47255d2ebd6737a64ec9bd3a5866d1233ecf3e988b025 |
  | id   | aa0b8aee-5650-41f4-8fa0-aeccdc763425 
|
  | image| zestynosplash 
(e88fd1bd-f040-44d8-9e7c-c462ccf4b945) |
  | internal network | 10.5.5.13
|
  | key_name | mykey
|
  | metadata | {}   
|
  | name | sfeole2  
|
  | os-extended-volumes:volumes_attached | []   
|
  | progress | 0
|
  | security_groups  | default  
|
  | status   | ACTIVE   
|
  | tenant_id| 9f7a21c1ad264fec81abc09f3960ad1d

Re: [Qemu-devel] [PATCH 00/42] TPM: code cleanup & CRB device

2017-10-19 Thread Stefan Berger


On 10/19/2017 01:00 PM, Marc-André Lureau wrote:

Hi

- Original Message -

On 10/19/2017 10:44 AM, Stefan Berger wrote:

On 10/19/2017 10:33 AM, Marc-André Lureau wrote:

Hi Stefan

- Original Message -

On 10/09/2017 06:55 PM, Marc-André Lureau wrote:

Hi,

I accumulated a series of patch doing some TPM code cleanup while
doing review. I removed some dead code, simplified other parts, and
tried to isolate implementation of the backend and frontend by using a
new TPMIf interface. I solved a few issues, and added some FIXME for
what should be tackled.  Finally, I implemented a simple CRB device
(tpm 2.0) that is work in progress for now - it works fine with
passthrough, but swtpm/libtpms with win10 has some issues that need
more investigations.

seabios CRB support is required for TPM 2.0 & emulation
(https://mail.coreboot.org/pipermail/seabios/2017-October/011839.html)

Comments/review welcome!

Are you going to post a v2 soon?

I was wondering if you would take the patches that you already
reviewed for the next pull request. That way v2 would be smaller.

I'll take them up to 21/42.

Tested them and it seems to work fine. I'll post later today.

Did you have any more luck with win10 and tpm2 ?

I haven't had time so far to investigate further.

The summary was that Windows refuses to talk with a TPM2/TIS device (it doesn't 
even shows up in device list), while TPM2/CRB is being recognized and 
communicated with. However, there are some failure with swtpm/libtpms that are 
unclear, and will require more verbosity in libtpms. I plan to resume this 
effort in a few weeks.


TPM1.2 + TIS seems good.
TPM 2 + CRB seems to have a problem with a key handle 0x81 00 00 01.

   Stefan

Thanks

Re: [Qemu-devel] [PATCH 24/42] tpm-be: call request_completed() out of thread

2017-10-19 Thread Stefan Berger


On 10/19/2017 06:02 PM, Stefan Berger wrote:

On 10/09/2017 06:56 PM, Marc-André Lureau wrote:

Lift from the backend implementation the responsability to call the
request_completed() callback outside of thread context. This also


I don't think this is what you are doing here. It's still in thread 
context.


Something is breaking the TIS interface in this patch. The symptom is 
that SeaBIOS doesn't show its menu anymore.


I have to withdraw my Reviewed-by from this one. It looked 
sufficiently harmless but it's not.


Stefan


This here fixes the problem for TIS:

diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 355427a..cd29925 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -416,7 +416,7 @@ static void tpm_tis_prep_abort(TPMState *s, uint8_t 
locty, uint8_t newlocty)

 static void tpm_tis_request_completed(TPMIf *ti)
 {
 TPMState *s = TPM(ti);
-uint8_t locty = s->locty_number;
+uint8_t locty = s->cmd.locty;
 uint8_t l;

 if (s->cmd.selftest_done) {









simplify frontend/interface work, as they no longer need to care
whether the callback is called from a different thread.

Signed-off-by: Marc-André Lureau 
---
  hw/tpm/tpm_int.h |  1 -
  include/sysemu/tpm_backend.h |  1 +
  backends/tpm.c   | 15 ++-
  hw/tpm/tpm_emulator.c|  2 --
  hw/tpm/tpm_passthrough.c |  3 ---
  hw/tpm/tpm_tis.c | 36 +---
  6 files changed, 28 insertions(+), 30 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index 9c045b6691..9c49325f03 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -30,7 +30,6 @@ typedef struct TPMIf {
  typedef struct TPMIfClass {
  InterfaceClass parent_class;

-/* run in thread pool by backend */
  void (*request_completed)(TPMIf *obj);
  } TPMIfClass;

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 8d08765b3c..dd4fb288ea 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -48,6 +48,7 @@ struct TPMBackend {
  bool opened;
  GThreadPool *thread_pool;
  bool had_startup_error;
+QEMUBH *bh;

  /*  */
  char *id;
diff --git a/backends/tpm.c b/backends/tpm.c
index 86f0e7e915..58f823d54c 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -18,14 +18,25 @@
  #include "qapi/qmp/qerror.h"
  #include "sysemu/tpm.h"
  #include "qemu/thread.h"
+#include "qemu/main-loop.h"
+
+static void tpm_backend_request_completed_bh(void *opaque)
+{
+TPMBackend *s = TPM_BACKEND(opaque);
+TPMIfClass *tic = TPM_IF_GET_CLASS(s->tpmif);
+
+tic->request_completed(s->tpmif);
+}

  static void tpm_backend_worker_thread(gpointer data, gpointer 
user_data)

  {
  TPMBackend *s = TPM_BACKEND(user_data);
-TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
+TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);

  assert(k->handle_request != NULL);
  k->handle_request(s, (TPMBackendCmd *)data);
+
+qemu_bh_schedule(s->bh);
  }

  static void tpm_backend_thread_end(TPMBackend *s)
@@ -193,6 +204,7 @@ static void tpm_backend_instance_init(Object *obj)
   tpm_backend_prop_set_opened,
   NULL);
  s->fe_model = -1;
+s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
  }

  static void tpm_backend_instance_finalize(Object *obj)
@@ -202,6 +214,7 @@ static void tpm_backend_instance_finalize(Object 
*obj)

  object_unref(OBJECT(s->tpmif));
  g_free(s->id);
  tpm_backend_thread_end(s);
+qemu_bh_delete(s->bh);
  }

  static const TypeInfo tpm_backend_info = {
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 07e7aa4abc..36454837b3 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -176,7 +176,6 @@ static int tpm_emulator_set_locality(TPMEmulator 
*tpm_emu, uint8_t locty_number,
  static void tpm_emulator_handle_request(TPMBackend *tb, 
TPMBackendCmd *cmd)

  {
  TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
  Error *err = NULL;

  DPRINTF("processing TPM command");
@@ -191,7 +190,6 @@ static void 
tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)

  goto error;
  }

-tic->request_completed(tb->tpmif);
  return;

  error:
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 2ad74badca..8c002e4da6 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -139,14 +139,11 @@ err_exit:
  static void tpm_passthrough_handle_request(TPMBackend *tb, 
TPMBackendCmd *cmd)

  {
  TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
-TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);

  DPRINTF("tpm_passthrough: processing command %p\n", cmd);

  tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
   cmd->out, cmd->out_len, 
>selftest_done);

-
-tic->request_completed(tb->tpmif);

Re: [Qemu-devel] [PATCH] hw/alpha/typhoon: simplify using the "unimplemented" sysbus device

2017-10-19 Thread Richard Henderson

On 10/17/2017 03:50 PM, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/alpha/alpha_sys.h |  1 -
>  hw/alpha/pci.c   | 26 --
>  hw/alpha/typhoon.c   |  6 ++
>  3 files changed, 2 insertions(+), 31 deletions(-)

Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PATCH v5 06/11] nbd: Minimal structured read for server

2017-10-19 Thread Eric Blake

From: Vladimir Sementsov-Ogievskiy 

Minimal implementation of structured read: one structured reply chunk,
no segmentation.
Minimal structured error implementation: no text message.
Support DF flag, but just ignore it, as there is no segmentation any
way.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Eric Blake 

---
v5: correct DF flag spelling, include errname in trace, handle any bogus
payload from option
v4: better _DF flag handling, convert errno to wire format, add
comments and tracing, rework structured error for less churn when adding
text message later, don't kill connection on redundant client option
---
 nbd/server.c | 106 +--
 nbd/trace-events |   2 ++
 2 files changed, 98 insertions(+), 10 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index b3f7e0b18e..9be93c4a52 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -100,6 +100,8 @@ struct NBDClient {
 QTAILQ_ENTRY(NBDClient) next;
 int nb_requests;
 bool closing;
+
+bool structured_reply;
 };

 /* That's all folks */
@@ -754,6 +756,22 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
  "TLS not configured");
 }
 break;
+
+case NBD_OPT_STRUCTURED_REPLY:
+if (length) {
+ret = nbd_check_zero_length(client, length, option, errp);
+} else if (client->structured_reply) {
+ret = nbd_negotiate_send_rep_err(
+client->ioc, NBD_REP_ERR_INVALID, option, errp,
+"structured reply already negotiated");
+} else {
+ret = nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK,
+ option, errp);
+}
+client->structured_reply = true;
+myflags |= NBD_FLAG_SEND_DF;
+break;
+
 default:
 if (nbd_drop(client->ioc, length, errp) < 0) {
 return -EIO;
@@ -1228,6 +1246,60 @@ static int nbd_co_send_simple_reply(NBDClient *client,
 return nbd_co_send_iov(client, iov, len ? 2 : 1, errp);
 }

+static inline void set_be_chunk(NBDStructuredReplyChunk *chunk, uint16_t flags,
+uint16_t type, uint64_t handle, uint32_t 
length)
+{
+stl_be_p(>magic, NBD_STRUCTURED_REPLY_MAGIC);
+stw_be_p(>flags, flags);
+stw_be_p(>type, type);
+stq_be_p(>handle, handle);
+stl_be_p(>length, length);
+}
+
+static int coroutine_fn nbd_co_send_structured_read(NBDClient *client,
+uint64_t handle,
+uint64_t offset,
+void *data,
+size_t size,
+Error **errp)
+{
+NBDStructuredRead chunk;
+struct iovec iov[] = {
+{.iov_base = , .iov_len = sizeof(chunk)},
+{.iov_base = data, .iov_len = size}
+};
+
+trace_nbd_co_send_structured_read(handle, offset, data, size);
+set_be_chunk(, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_OFFSET_DATA,
+ handle, sizeof(chunk) - sizeof(chunk.h) + size);
+stq_be_p(, offset);
+
+return nbd_co_send_iov(client, iov, 2, errp);
+}
+
+static int coroutine_fn nbd_co_send_structured_error(NBDClient *client,
+ uint64_t handle,
+ uint32_t error,
+ Error **errp)
+{
+NBDStructuredError chunk;
+int nbd_err = system_errno_to_nbd_errno(error);
+struct iovec iov[] = {
+{.iov_base = , .iov_len = sizeof(chunk)},
+/* FIXME: Support human-readable error message */
+};
+
+assert(nbd_err);
+trace_nbd_co_send_structured_error(handle, nbd_err,
+   nbd_err_lookup(nbd_err));
+set_be_chunk(, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_ERROR, handle,
+ sizeof(chunk) - sizeof(chunk.h));
+stl_be_p(, nbd_err);
+stw_be_p(_length, 0);
+
+return nbd_co_send_iov(client, iov, 1, errp);
+}
+
 /* nbd_co_receive_request
  * Collect a client request. Return 0 if request looks valid, -EIO to drop
  * connection right away, and any other negative value to report an error to
@@ -1238,6 +1310,7 @@ static int nbd_co_receive_request(NBDRequestData *req, 
NBDRequest *request,
   Error **errp)
 {
 NBDClient *client = req->client;
+int valid_flags;

 g_assert(qemu_in_coroutine());
 assert(client->recv_coroutine == qemu_coroutine_self());
@@ -1299,13 +1372,15 @@ static int

[Qemu-devel] [PATCH v5 11/11] nbd: Minimal structured read for client

2017-10-19 Thread Eric Blake

From: Vladimir Sementsov-Ogievskiy 

Minimal implementation: for structured error only error_report error
message.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Eric Blake 

---
v5: fix payload_advance[32,64], return correct negative error on
structured error, rearrange size checks to not be vulnerable to
overflow, simplify payload to use g_new instead of qemu_memalign,
don't set errp when returning 0, validate that error message
length is sane
---
 include/block/nbd.h |  12 ++
 nbd/nbd-internal.h  |   1 -
 block/nbd-client.c  | 489 
 nbd/client.c|  10 ++
 4 files changed, 479 insertions(+), 33 deletions(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index da6e305dd5..92d1723d7c 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -197,6 +197,11 @@ enum {
 #define NBD_REPLY_TYPE_ERROR NBD_REPLY_ERR(1)
 #define NBD_REPLY_TYPE_ERROR_OFFSET  NBD_REPLY_ERR(2)

+static inline bool nbd_reply_type_is_error(int type)
+{
+return type & (1 << 15);
+}
+
 /* NBD errors are based on errno numbers, so there is a 1:1 mapping,
  * but only a limited set of errno values is specified in the protocol.
  * Everything else is squashed to EINVAL.
@@ -214,6 +219,11 @@ enum {
 struct NBDExportInfo {
 /* Set by client before nbd_receive_negotiate() */
 bool request_sizes;
+
+/* In-out fields, set by client before nbd_receive_negotiate() and
+ * updated by server results during nbd_receive_negotiate() */
+bool structured_reply;
+
 /* Set by server results during nbd_receive_negotiate() */
 uint64_t size;
 uint16_t flags;
@@ -284,4 +294,6 @@ static inline bool nbd_reply_is_structured(NBDReply *reply)
 return reply->magic == NBD_STRUCTURED_REPLY_MAGIC;
 }

+const char *nbd_reply_type_lookup(uint16_t type);
+
 #endif
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index b64eb1cc9b..eeff78d3c9 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -104,7 +104,6 @@ const char *nbd_opt_lookup(uint32_t opt);
 const char *nbd_rep_lookup(uint32_t rep);
 const char *nbd_info_lookup(uint16_t info);
 const char *nbd_cmd_lookup(uint16_t info);
-const char *nbd_reply_type_lookup(uint16_t type);
 const char *nbd_err_lookup(int err);

 int nbd_drop(QIOChannel *ioc, size_t size, Error **errp);
diff --git a/block/nbd-client.c b/block/nbd-client.c
index 58493b7ac4..9f82e23096 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -93,7 +93,7 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
 if (i >= MAX_NBD_REQUESTS ||
 !s->requests[i].coroutine ||
 !s->requests[i].receiving ||
-nbd_reply_is_structured(>reply))
+(nbd_reply_is_structured(>reply) && !s->info.structured_reply))
 {
 break;
 }
@@ -181,75 +181,490 @@ err:
 return rc;
 }

-static int nbd_co_receive_reply(NBDClientSession *s,
-uint64_t handle,
-QEMUIOVector *qiov)
+static inline uint16_t payload_advance16(uint8_t **payload)
+{
+*payload += 2;
+return lduw_be_p(*payload - 2);
+}
+
+static inline uint32_t payload_advance32(uint8_t **payload)
+{
+*payload += 4;
+return ldl_be_p(*payload - 4);
+}
+
+static inline uint64_t payload_advance64(uint8_t **payload)
+{
+*payload += 8;
+return ldq_be_p(*payload - 8);
+}
+
+static int nbd_parse_offset_hole_payload(NBDStructuredReplyChunk *chunk,
+ uint8_t *payload, QEMUIOVector *qiov,
+ Error **errp)
+{
+uint64_t offset;
+uint32_t hole_size;
+
+if (chunk->length != sizeof(offset) + sizeof(hole_size)) {
+error_setg(errp, "Protocol error: invalid payload for "
+ "NBD_REPLY_TYPE_OFFSET_HOLE");
+return -EINVAL;
+}
+
+offset = payload_advance64();
+hole_size = payload_advance32();
+
+if (offset > qiov->size - hole_size) {
+error_setg(errp, "Protocol error: server sent chunk exceeding 
requested"
+ " region");
+return -EINVAL;
+}
+
+qemu_iovec_memset(qiov, offset, 0, hole_size);
+
+return 0;
+}
+
+/* nbd_parse_error_payload
+ * on success @errp contains message describing nbd error reply
+ */
+static int nbd_parse_error_payload(NBDStructuredReplyChunk *chunk,
+   uint8_t *payload, int *request_ret,
+   Error **errp)
+{
+uint32_t error;
+uint16_t message_size;
+
+assert(chunk->type & (1 << 15));
+
+if (chunk->length < sizeof(error) + sizeof(message_size)) {
+error_setg(errp,
+   "Protocol error: invalid payload for structured error");
+return -EINVAL;
+}
+
+error = nbd_errno_to_system_errno(payload_advance32());
+if (error == 0) {

[Qemu-devel] [PATCH v5 09/11] nbd/client: prepare nbd_receive_reply for structured reply

2017-10-19 Thread Eric Blake

From: Vladimir Sementsov-Ogievskiy 

In following patch nbd_receive_reply will be used both for simple
and structured reply header receiving.
NBDReply is altered into union of simple reply header and structured
reply chunk header, simple error translation moved to block/nbd-client
to be consistent with further structured reply error translation.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Eric Blake 

---
v5: minor whitespace tweak
---
 include/block/nbd.h |  30 ---
 block/nbd-client.c  |   8 ++--
 nbd/client.c| 104 +---
 nbd/trace-events|   3 +-
 4 files changed, 113 insertions(+), 32 deletions(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index 225e9575e4..2ee1578420 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -57,12 +57,6 @@ struct NBDRequest {
 };
 typedef struct NBDRequest NBDRequest;

-struct NBDReply {
-uint64_t handle;
-uint32_t error;
-};
-typedef struct NBDReply NBDReply;
-
 typedef struct NBDSimpleReply {
 uint32_t magic;  /* NBD_SIMPLE_REPLY_MAGIC */
 uint32_t error;
@@ -78,6 +72,20 @@ typedef struct NBDStructuredReplyChunk {
 uint32_t length; /* length of payload */
 } QEMU_PACKED NBDStructuredReplyChunk;

+typedef union NBDReply {
+NBDSimpleReply simple;
+NBDStructuredReplyChunk structured;
+struct {
+/* @magic and @handle fields have the same offset and size both in
+ * simple reply and structured reply chunk, so let them be accessible
+ * without ".simple." or ".structured." specification
+ */
+uint32_t magic;
+uint32_t _skip;
+uint64_t handle;
+} QEMU_PACKED;
+} NBDReply;
+
 /* Header of NBD_REPLY_TYPE_OFFSET_DATA, complete NBD_REPLY_TYPE_OFFSET_HOLE */
 typedef struct NBDStructuredRead {
 NBDStructuredReplyChunk h;
@@ -256,4 +264,14 @@ void nbd_client_put(NBDClient *client);
 void nbd_server_start(SocketAddress *addr, const char *tls_creds,
   Error **errp);

+static inline bool nbd_reply_is_simple(NBDReply *reply)
+{
+return reply->magic == NBD_SIMPLE_REPLY_MAGIC;
+}
+
+static inline bool nbd_reply_is_structured(NBDReply *reply)
+{
+return reply->magic == NBD_STRUCTURED_REPLY_MAGIC;
+}
+
 #endif
diff --git a/block/nbd-client.c b/block/nbd-client.c
index c0683c3c83..58493b7ac4 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -92,7 +92,9 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
 i = HANDLE_TO_INDEX(s, s->reply.handle);
 if (i >= MAX_NBD_REQUESTS ||
 !s->requests[i].coroutine ||
-!s->requests[i].receiving) {
+!s->requests[i].receiving ||
+nbd_reply_is_structured(>reply))
+{
 break;
 }

@@ -194,8 +196,8 @@ static int nbd_co_receive_reply(NBDClientSession *s,
 ret = -EIO;
 } else {
 assert(s->reply.handle == handle);
-ret = -s->reply.error;
-if (qiov && s->reply.error == 0) {
+ret = -nbd_errno_to_system_errno(s->reply.simple.error);
+if (qiov && ret == 0) {
 if (qio_channel_readv_all(s->ioc, qiov->iov, qiov->niov,
   NULL) < 0) {
 ret = -EIO;
diff --git a/nbd/client.c b/nbd/client.c
index 78a0e9cdc3..1c9e7bfc48 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -908,6 +908,57 @@ int nbd_send_request(QIOChannel *ioc, NBDRequest *request)
 return nbd_write(ioc, buf, sizeof(buf), NULL);
 }

+/* nbd_receive_simple_reply
+ * Read simple reply except magic field (which should be already read).
+ * Payload is not read (payload is possible for CMD_READ, but here we even
+ * don't know whether it take place or not).
+ */
+static int nbd_receive_simple_reply(QIOChannel *ioc, NBDSimpleReply *reply,
+Error **errp)
+{
+int ret;
+
+assert(reply->magic == NBD_SIMPLE_REPLY_MAGIC);
+
+ret = nbd_read(ioc, (uint8_t *)reply + sizeof(reply->magic),
+   sizeof(*reply) - sizeof(reply->magic), errp);
+if (ret < 0) {
+return ret;
+}
+
+be32_to_cpus(>error);
+be64_to_cpus(>handle);
+
+return 0;
+}
+
+/* nbd_receive_structured_reply_chunk
+ * Read structured reply chunk except magic field (which should be already
+ * read).
+ * Payload is not read.
+ */
+static int nbd_receive_structured_reply_chunk(QIOChannel *ioc,
+  NBDStructuredReplyChunk *chunk,
+  Error **errp)
+{
+int ret;
+
+assert(chunk->magic == NBD_STRUCTURED_REPLY_MAGIC);
+
+ret = nbd_read(ioc, (uint8_t *)chunk + sizeof(chunk->magic),
+   sizeof(*chunk) - sizeof(chunk->magic), errp);
+if (ret < 0) {
+return ret;
+}
+
+be16_to_cpus(>flags);
+be16_to_cpus(>type);
+

[Qemu-devel] [PATCH v5 08/11] nbd/client: refactor nbd_receive_starttls

2017-10-19 Thread Eric Blake

From: Vladimir Sementsov-Ogievskiy 

Split out nbd_request_simple_option to be reused for structured reply
option.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Eric Blake 

---
v5: only check length for ACK responses
v4: reduce redundant traces, typo fix in commit message
---
 nbd/client.c | 70 ++--
 nbd/trace-events |  4 +---
 2 files changed, 49 insertions(+), 25 deletions(-)

diff --git a/nbd/client.c b/nbd/client.c
index 50f36b511e..78a0e9cdc3 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -508,35 +508,61 @@ static int nbd_receive_query_exports(QIOChannel *ioc,
 }
 }

+/* nbd_request_simple_option: Send an option request, and parse the reply
+ * return 1 for successful negotiation,
+ *0 if operation is unsupported,
+ *-1 with errp set for any other error
+ */
+static int nbd_request_simple_option(QIOChannel *ioc, int opt, Error **errp)
+{
+nbd_opt_reply reply;
+int error;
+
+if (nbd_send_option_request(ioc, opt, 0, NULL, errp) < 0) {
+return -1;
+}
+
+if (nbd_receive_option_reply(ioc, opt, , errp) < 0) {
+return -1;
+}
+error = nbd_handle_reply_err(ioc, , errp);
+if (error <= 0) {
+return error;
+}
+
+if (reply.type != NBD_REP_ACK) {
+error_setg(errp, "Server rejected request for option %d (%s) "
+   "with reply %" PRIx32 " (%s)", opt, nbd_opt_lookup(opt),
+   reply.type, nbd_rep_lookup(reply.type));
+nbd_send_opt_abort(ioc);
+return -1;
+}
+
+if (reply.length != 0) {
+error_setg(errp, "Option %d ('%s') response length is %" PRIu32
+   " (it should be zero)", opt, nbd_opt_lookup(opt),
+   reply.length);
+nbd_send_opt_abort(ioc);
+return -1;
+}
+
+return 1;
+}
+
 static QIOChannel *nbd_receive_starttls(QIOChannel *ioc,
 QCryptoTLSCreds *tlscreds,
 const char *hostname, Error **errp)
 {
-nbd_opt_reply reply;
+int ret;
 QIOChannelTLS *tioc;
 struct NBDTLSHandshakeData data = { 0 };

-trace_nbd_receive_starttls_request();
-if (nbd_send_option_request(ioc, NBD_OPT_STARTTLS, 0, NULL, errp) < 0) {
-return NULL;
-}
-
-trace_nbd_receive_starttls_reply();
-if (nbd_receive_option_reply(ioc, NBD_OPT_STARTTLS, , errp) < 0) {
-return NULL;
-}
-
-if (reply.type != NBD_REP_ACK) {
-error_setg(errp, "Server rejected request to start TLS %" PRIx32,
-   reply.type);
-nbd_send_opt_abort(ioc);
-return NULL;
-}
-
-if (reply.length != 0) {
-error_setg(errp, "Start TLS response was not zero %" PRIu32,
-   reply.length);
-nbd_send_opt_abort(ioc);
+ret = nbd_request_simple_option(ioc, NBD_OPT_STARTTLS, errp);
+if (ret <= 0) {
+if (ret == 0) {
+error_setg(errp, "Server don't support STARTTLS option");
+nbd_send_opt_abort(ioc);
+}
 return NULL;
 }

diff --git a/nbd/trace-events b/nbd/trace-events
index 52150bd738..596df96575 100644
--- a/nbd/trace-events
+++ b/nbd/trace-events
@@ -8,9 +8,7 @@ nbd_opt_go_info_unknown(int info, const char *name) "Ignoring 
unknown info %d (%
 nbd_opt_go_info_block_size(uint32_t minimum, uint32_t preferred, uint32_t 
maximum) "Block sizes are 0x%" PRIx32 ", 0x%" PRIx32 ", 0x%" PRIx32
 nbd_receive_query_exports_start(const char *wantname) "Querying export list 
for '%s'"
 nbd_receive_query_exports_success(const char *wantname) "Found desired export 
name '%s'"
-nbd_receive_starttls_request(void) "Requesting TLS from server"
-nbd_receive_starttls_reply(void) "Getting TLS reply from server"
-nbd_receive_starttls_new_client(void) "TLS request approved, setting up TLS"
+nbd_receive_starttls_new_client(void) "Setting up TLS"
 nbd_receive_starttls_tls_handshake(void) "Starting TLS handshake"
 nbd_receive_negotiate(void *tlscreds, const char *hostname) "Receiving 
negotiation tlscreds=%p hostname=%s"
 nbd_receive_negotiate_magic(uint64_t magic) "Magic is 0x%" PRIx64
-- 
2.13.6

[Qemu-devel] [PATCH v5 05/11] nbd/server: Refactor zero-length option check

2017-10-19 Thread Eric Blake

Consolidate the check for a zero-length payload to an option
into a new function, nbd_check_zero_length(); this check will
also be used when introducing support for structured replies.

By sticking a catch-all check at the end of the loop for
processing options, we can simplify several of the intermediate
cases.

Signed-off-by: Eric Blake 
---
 nbd/server.c | 76 +++-
 1 file changed, 34 insertions(+), 42 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index 05ff7470d5..b3f7e0b18e 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -253,21 +253,10 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, 
NBDExport *exp,

 /* Process the NBD_OPT_LIST command, with a potential series of replies.
  * Return -errno on error, 0 on success. */
-static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length,
- Error **errp)
+static int nbd_negotiate_handle_list(NBDClient *client, Error **errp)
 {
 NBDExport *exp;

-if (length) {
-if (nbd_drop(client->ioc, length, errp) < 0) {
-return -EIO;
-}
-return nbd_negotiate_send_rep_err(client->ioc,
-  NBD_REP_ERR_INVALID, NBD_OPT_LIST,
-  errp,
-  "OPT_LIST should not have length");
-}
-
 /* For each export, send a NBD_REP_SERVER reply. */
 QTAILQ_FOREACH(exp, , next) {
 if (nbd_negotiate_send_rep_list(client->ioc, exp, errp)) {
@@ -531,7 +520,6 @@ static int nbd_negotiate_handle_info(NBDClient *client, 
uint32_t length,
 /* Handle NBD_OPT_STARTTLS. Return NULL to drop connection, or else the
  * new channel for all further (now-encrypted) communication. */
 static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
- uint32_t length,
  Error **errp)
 {
 QIOChannel *ioc;
@@ -540,15 +528,6 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient 
*client,

 trace_nbd_negotiate_handle_starttls();
 ioc = client->ioc;
-if (length) {
-if (nbd_drop(ioc, length, errp) < 0) {
-return NULL;
-}
-nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,
-   errp,
-   "OPT_STARTTLS should not have length");
-return NULL;
-}

 if (nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK,
NBD_OPT_STARTTLS, errp) < 0) {
@@ -584,6 +563,25 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient 
*client,
 return QIO_CHANNEL(tioc);
 }

+/* nbd_check_zero_length: Handle any unexpected payload.
+ * Return:
+ * -errno  on error, errp is set
+ * 0   on successful negotiation, errp is not set
+ */
+static int nbd_check_zero_length(NBDClient *client, uint32_t length,
+ uint32_t option, Error **errp)
+{
+if (!length) {
+return 0;
+}
+if (nbd_drop(client->ioc, length, errp) < 0) {
+return -EIO;
+}
+return nbd_negotiate_send_rep_err(client->ioc, NBD_REP_ERR_INVALID, option,
+  errp, "option %s should have zero 
length",
+  nbd_opt_lookup(option));
+}
+
 /* nbd_negotiate_options
  * Process all NBD_OPT_* client option commands, during fixed newstyle
  * negotiation.
@@ -674,7 +672,11 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
 }
 switch (option) {
 case NBD_OPT_STARTTLS:
-tioc = nbd_negotiate_handle_starttls(client, length, errp);
+ret = nbd_check_zero_length(client, length, option, errp);
+if (ret < 0) {
+return ret;
+}
+tioc = nbd_negotiate_handle_starttls(client, errp);
 if (!tioc) {
 return -EIO;
 }
@@ -698,9 +700,6 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
  "Option 0x%" PRIx32
  "not permitted before TLS",
  option);
-if (ret < 0) {
-return ret;
-}
 /* Let the client keep trying, unless they asked to
  * quit. In this mode, we've already sent an error, so
  * we can't ack the abort.  */
@@ -712,9 +711,9 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
 } else if (fixedNewstyle) {
 switch (option) {
 case NBD_OPT_LIST:
-ret = nbd_negotiate_handle_list(client, length, errp);
-if (ret < 0) {
-

[Qemu-devel] [PATCH v5 01/11] nbd: Include error names in trace messages

2017-10-19 Thread Eric Blake

NBD errors were originally sent over the wire based on Linux errno
values; but not all the world is Linux, and not all platforms share
the same values.  Since a number isn't very easy to decipher on all
platforms, update the trace messages to include the name of NBD
errors being sent/received over the wire.  Tweak the trace messages
to be at the point where we are using the NBD error, not the
translation to the host errno values.

Signed-off-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 

---
v5: trivial whitespace tweak
---
 nbd/nbd-internal.h |  1 +
 nbd/client.c   |  3 ++-
 nbd/common.c   | 23 +++
 nbd/server.c   |  3 ++-
 nbd/trace-events   |  4 ++--
 5 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index 11a130d050..4bfe5be884 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -126,6 +126,7 @@ const char *nbd_opt_lookup(uint32_t opt);
 const char *nbd_rep_lookup(uint32_t rep);
 const char *nbd_info_lookup(uint16_t info);
 const char *nbd_cmd_lookup(uint16_t info);
+const char *nbd_err_lookup(int err);

 int nbd_drop(QIOChannel *ioc, size_t size, Error **errp);

diff --git a/nbd/client.c b/nbd/client.c
index cd5a2c80ac..59d7c9d49f 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -940,6 +940,8 @@ int nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, 
Error **errp)
 reply->error  = ldl_be_p(buf + 4);
 reply->handle = ldq_be_p(buf + 8);

+trace_nbd_receive_reply(magic, reply->error, nbd_err_lookup(reply->error),
+reply->handle);
 reply->error = nbd_errno_to_system_errno(reply->error);

 if (reply->error == ESHUTDOWN) {
@@ -947,7 +949,6 @@ int nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, 
Error **errp)
 error_setg(errp, "server shutting down");
 return -EINVAL;
 }
-trace_nbd_receive_reply(magic, reply->error, reply->handle);

 if (magic != NBD_SIMPLE_REPLY_MAGIC) {
 error_setg(errp, "invalid magic (got 0x%" PRIx32 ")", magic);
diff --git a/nbd/common.c b/nbd/common.c
index 59a5316be9..7456021f7e 100644
--- a/nbd/common.c
+++ b/nbd/common.c
@@ -148,3 +148,26 @@ const char *nbd_cmd_lookup(uint16_t cmd)
 return "";
 }
 }
+
+
+const char *nbd_err_lookup(int err)
+{
+switch (err) {
+case NBD_SUCCESS:
+return "success";
+case NBD_EPERM:
+return "EPERM";
+case NBD_EIO:
+return "EIO";
+case NBD_ENOMEM:
+return "ENOMEM";
+case NBD_EINVAL:
+return "EINVAL";
+case NBD_ENOSPC:
+return "ENOSPC";
+case NBD_ESHUTDOWN:
+return "ESHUTDOWN";
+default:
+return "";
+}
+}
diff --git a/nbd/server.c b/nbd/server.c
index 3df3548d6d..459e00c553 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1227,7 +1227,8 @@ static int nbd_co_send_simple_reply(NBDClient *client,
 {.iov_base = data, .iov_len = len}
 };

-trace_nbd_co_send_simple_reply(handle, nbd_err, len);
+trace_nbd_co_send_simple_reply(handle, nbd_err, nbd_err_lookup(nbd_err),
+   len);
 set_be_simple_reply(, nbd_err, handle);

 return nbd_co_send_iov(client, iov, len ? 2 : 1, errp);
diff --git a/nbd/trace-events b/nbd/trace-events
index e27614f050..920c8a0e5e 100644
--- a/nbd/trace-events
+++ b/nbd/trace-events
@@ -29,7 +29,7 @@ nbd_client_loop_ret(int ret, const char *error) "NBD loop 
returned %d: %s"
 nbd_client_clear_queue(void) "Clearing NBD queue"
 nbd_client_clear_socket(void) "Clearing NBD socket"
 nbd_send_request(uint64_t from, uint32_t len, uint64_t handle, uint16_t flags, 
uint16_t type, const char *name) "Sending request to server: { .from = %" 
PRIu64", .len = %" PRIu32 ", .handle = %" PRIu64 ", .flags = 0x%" PRIx16 ", 
.type = %" PRIu16 " (%s) }"
-nbd_receive_reply(uint32_t magic, int32_t error, uint64_t handle) "Got reply: 
{ magic = 0x%" PRIx32 ", .error = % " PRId32 ", handle = %" PRIu64" }"
+nbd_receive_reply(uint32_t magic, int32_t error, const char *errname, uint64_t 
handle) "Got reply: { magic = 0x%" PRIx32 ", .error = %" PRId32 " (%s), handle 
= %" PRIu64" }"

 # nbd/server.c
 nbd_negotiate_send_rep_len(uint32_t opt, const char *optname, uint32_t type, 
const char *typename, uint32_t len) "Reply opt=0x%" PRIx32 " (%s), type=0x%" 
PRIx32 " (%s), len=%" PRIu32
@@ -53,7 +53,7 @@ nbd_negotiate_success(void) "Negotiation succeeded"
 nbd_receive_request(uint32_t magic, uint16_t flags, uint16_t type, uint64_t 
from, uint32_t len) "Got request: { magic = 0x%" PRIx32 ", .flags = 0x%" PRIx16 
", .type = 0x%" PRIx16 ", from = %" PRIu64 ", len = %" PRIu32 " }"
 nbd_blk_aio_attached(const char *name, void *ctx) "Export %s: Attaching 
clients to AIO context %p\n"
 nbd_blk_aio_detach(const char *name, void *ctx) "Export %s: Detaching clients 
from AIO context %p\n"
-nbd_co_send_simple_reply(uint64_t handle, uint32_t error, int len) "Send 
simple reply:

[Qemu-devel] [PATCH v5 07/11] nbd/server: Include human-readable message in structured errors

2017-10-19 Thread Eric Blake

The NBD spec permits including a human-readable error string if
structured replies are in force, so we might as well send the
client the message that we logged on any error.

Signed-off-by: Eric Blake 

---
v5: allow NULL msg, cast away const for ease of use [Vladimir]; send
correct length over the wire
---
 nbd/server.c | 20 +---
 nbd/trace-events |  2 +-
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index 9be93c4a52..e39d83fb69 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1280,24 +1280,25 @@ static int coroutine_fn 
nbd_co_send_structured_read(NBDClient *client,
 static int coroutine_fn nbd_co_send_structured_error(NBDClient *client,
  uint64_t handle,
  uint32_t error,
+ const char *msg,
  Error **errp)
 {
 NBDStructuredError chunk;
 int nbd_err = system_errno_to_nbd_errno(error);
 struct iovec iov[] = {
 {.iov_base = , .iov_len = sizeof(chunk)},
-/* FIXME: Support human-readable error message */
+{.iov_base = (char *)msg, .iov_len = msg ? strlen(msg) : 0},
 };

 assert(nbd_err);
 trace_nbd_co_send_structured_error(handle, nbd_err,
-   nbd_err_lookup(nbd_err));
+   nbd_err_lookup(nbd_err), msg ? msg : 
"");
 set_be_chunk(, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_ERROR, handle,
- sizeof(chunk) - sizeof(chunk.h));
+ sizeof(chunk) - sizeof(chunk.h) + iov[1].iov_len);
 stl_be_p(, nbd_err);
-stw_be_p(_length, 0);
+stw_be_p(_length, iov[1].iov_len);

-return nbd_co_send_iov(client, iov, 1, errp);
+return nbd_co_send_iov(client, iov, 1 + !!iov[1].iov_len, errp);
 }

 /* nbd_co_receive_request
@@ -1398,6 +1399,7 @@ static coroutine_fn void nbd_trip(void *opaque)
 int flags;
 int reply_data_len = 0;
 Error *local_err = NULL;
+char *msg = NULL;

 trace_nbd_trip();
 if (client->closing) {
@@ -1514,14 +1516,17 @@ reply:
 if (local_err) {
 /* If we get here, local_err was not a fatal error, and should be sent
  * to the client. */
+assert(ret < 0);
+msg = g_strdup(error_get_pretty(local_err));
 error_report_err(local_err);
 local_err = NULL;
 }

-if (client->structured_reply && request.type == NBD_CMD_READ) {
+if (client->structured_reply &&
+(ret < 0 || request.type == NBD_CMD_READ)) {
 if (ret < 0) {
 ret = nbd_co_send_structured_error(req->client, request.handle,
-   -ret, _err);
+   -ret, msg, _err);
 } else {
 ret = nbd_co_send_structured_read(req->client, request.handle,
   request.from, req->data,
@@ -1532,6 +1537,7 @@ reply:
ret < 0 ? -ret : 0,
req->data, reply_data_len, _err);
 }
+g_free(msg);
 if (ret < 0) {
 error_prepend(_err, "Failed to send reply: ");
 goto disconnect;
diff --git a/nbd/trace-events b/nbd/trace-events
index 6894f8bbb4..52150bd738 100644
--- a/nbd/trace-events
+++ b/nbd/trace-events
@@ -57,7 +57,7 @@ nbd_blk_aio_attached(const char *name, void *ctx) "Export %s: 
Attaching clients
 nbd_blk_aio_detach(const char *name, void *ctx) "Export %s: Detaching clients 
from AIO context %p\n"
 nbd_co_send_simple_reply(uint64_t handle, uint32_t error, const char *errname, 
int len) "Send simple reply: handle = %" PRIu64 ", error = %" PRIu32 " (%s), 
len = %d"
 nbd_co_send_structured_read(uint64_t handle, uint64_t offset, void *data, 
size_t size) "Send structured read data reply: handle = %" PRIu64 ", offset = 
%" PRIu64 ", data = %p, len = %zu"
-nbd_co_send_structured_error(uint64_t handle, int err, const char *errname) 
"Send structured error reply: handle = %" PRIu64 ", error = %d (%s)"
+nbd_co_send_structured_error(uint64_t handle, int err, const char *errname, 
const char *msg) "Send structured error reply: handle = %" PRIu64 ", error = %d 
(%s), msg = '%s'"
 nbd_co_receive_request_decode_type(uint64_t handle, uint16_t type, const char 
*name) "Decoding type: handle = %" PRIu64 ", type = %" PRIu16 " (%s)"
 nbd_co_receive_request_payload_received(uint64_t handle, uint32_t len) 
"Payload received: handle = %" PRIu64 ", len = %" PRIu32
 nbd_co_receive_request_cmd_write(uint32_t len) "Reading %" PRIu32 " byte(s)"
-- 
2.13.6

[Qemu-devel] [PATCH v5 10/11] nbd: Move nbd_read() to common header

2017-10-19 Thread Eric Blake

An upcoming change to block/nbd-client.c will want to read the
tail of a structured reply chunk directly from the wire.  Move
this function to make it easier.

Based on a patch from Vladimir Sementsov-Ogievskiy.

Signed-off-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/nbd.h | 10 ++
 nbd/nbd-internal.h  |  9 -
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index 2ee1578420..da6e305dd5 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -264,6 +264,16 @@ void nbd_client_put(NBDClient *client);
 void nbd_server_start(SocketAddress *addr, const char *tls_creds,
   Error **errp);

+
+/* nbd_read
+ * Reads @size bytes from @ioc. Returns 0 on success.
+ */
+static inline int nbd_read(QIOChannel *ioc, void *buffer, size_t size,
+   Error **errp)
+{
+return qio_channel_read_all(ioc, buffer, size, errp) < 0 ? -EIO : 0;
+}
+
 static inline bool nbd_reply_is_simple(NBDReply *reply)
 {
 return reply->magic == NBD_SIMPLE_REPLY_MAGIC;
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index 4f24d6e57d..b64eb1cc9b 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -82,15 +82,6 @@ static inline int nbd_read_eof(QIOChannel *ioc, void 
*buffer, size_t size,
 return ret;
 }

-/* nbd_read
- * Reads @size bytes from @ioc. Returns 0 on success.
- */
-static inline int nbd_read(QIOChannel *ioc, void *buffer, size_t size,
-   Error **errp)
-{
-return qio_channel_read_all(ioc, buffer, size, errp) < 0 ? -EIO : 0;
-}
-
 /* nbd_write
  * Writes @size bytes to @ioc. Returns 0 on success.
  */
-- 
2.13.6

[Qemu-devel] [PATCH v5 04/11] nbd/server: Report error for write to read-only export

2017-10-19 Thread Eric Blake

When the server is read-only, we were already reporting an error
message for NBD_CMD_WRITE_ZEROES, but failed to set errp for a
similar NBD_CMD_WRITE.  This will matter more once structured
replies allow the server to propagate the errp information back
to the client.  While at it, use an error message that makes a
bit more sense if viewed on the client side.

Note that when using qemu-io to test qemu-nbd behavior, it is
rather difficult to convince qemu-io to send protocol violations
(such as a read beyond bounds), because we have a lot of active
checking on the client side that a qemu-io request makes sense
before it ever goes over the wire to the server.  The case of a
client attempting a write when the server is started as
'qemu-nbd -r' is one of the few places where we can easily test
error path handling, without having to resort to hacking in known
temporary bugs to either the server or client.  [Maybe we want a
future patch to the client to do up-front checking on writes to a
read-only export, the way it does up-front bounds checking; but I
don't see anything in the NBD spec that points to a protocol
violation in our current behavior.]

Signed-off-by: Eric Blake 

---
v5: new patch
---
 nbd/server.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nbd/server.c b/nbd/server.c
index efb6003364..05ff7470d5 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1381,6 +1381,7 @@ static coroutine_fn void nbd_trip(void *opaque)
 break;
 case NBD_CMD_WRITE:
 if (exp->nbdflags & NBD_FLAG_READ_ONLY) {
+error_setg(_err, "Export is read-only");
 ret = -EROFS;
 break;
 }
@@ -1398,7 +1399,7 @@ static coroutine_fn void nbd_trip(void *opaque)
 break;
 case NBD_CMD_WRITE_ZEROES:
 if (exp->nbdflags & NBD_FLAG_READ_ONLY) {
-error_setg(_err, "Server is read-only, return error");
+error_setg(_err, "Export is read-only");
 ret = -EROFS;
 break;
 }
-- 
2.13.6

[Qemu-devel] [PATCH v5 03/11] nbd: Expose constants and structs for structured read

2017-10-19 Thread Eric Blake

Upcoming patches will implement the NBD structured reply
extension [1] for both client and server roles.  Declare the
constants, structs, and lookup routines that will be valuable
whether the server or client code is backported in isolation.

This includes moving one constant from an internal header to
the public header, as part of the structured read processing
will be done in block/nbd-client.c rather than nbd/client.c.

[1]https://github.com/NetworkBlockDevice/nbd/blob/extension-structured-reply/doc/proto.md

Based on patches from Vladimir Sementsov-Ogievskiy.

Signed-off-by: Eric Blake 
---
 include/block/nbd.h | 41 +
 nbd/nbd-internal.h  |  2 +-
 nbd/common.c| 27 +++
 nbd/server.c|  2 ++
 4 files changed, 71 insertions(+), 1 deletion(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index dc62b5cd19..225e9575e4 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -69,6 +69,28 @@ typedef struct NBDSimpleReply {
 uint64_t handle;
 } QEMU_PACKED NBDSimpleReply;

+/* Header of all structured replies */
+typedef struct NBDStructuredReplyChunk {
+uint32_t magic;  /* NBD_STRUCTURED_REPLY_MAGIC */
+uint16_t flags;  /* combination of NBD_REPLY_FLAG_* */
+uint16_t type;   /* NBD_REPLY_TYPE_* */
+uint64_t handle; /* request handle */
+uint32_t length; /* length of payload */
+} QEMU_PACKED NBDStructuredReplyChunk;
+
+/* Header of NBD_REPLY_TYPE_OFFSET_DATA, complete NBD_REPLY_TYPE_OFFSET_HOLE */
+typedef struct NBDStructuredRead {
+NBDStructuredReplyChunk h;
+uint64_t offset;
+} QEMU_PACKED NBDStructuredRead;
+
+/* Header of all NBD_REPLY_TYPE_ERROR* errors */
+typedef struct NBDStructuredError {
+NBDStructuredReplyChunk h;
+uint32_t error;
+uint16_t message_length;
+} QEMU_PACKED NBDStructuredError;
+
 /* Transmission (export) flags: sent from server to client during handshake,
but describe what will happen during transmission */
 #define NBD_FLAG_HAS_FLAGS (1 << 0) /* Flags are there */
@@ -79,6 +101,7 @@ typedef struct NBDSimpleReply {
rotational media */
 #define NBD_FLAG_SEND_TRIM (1 << 5) /* Send TRIM (discard) */
 #define NBD_FLAG_SEND_WRITE_ZEROES (1 << 6) /* Send WRITE_ZEROES */
+#define NBD_FLAG_SEND_DF   (1 << 7) /* Send DF (Do not Fragment) */

 /* New-style handshake (global) flags, sent from server to client, and
control what will happen during handshake phase. */
@@ -125,6 +148,7 @@ typedef struct NBDSimpleReply {
 /* Request flags, sent from client to server during transmission phase */
 #define NBD_CMD_FLAG_FUA(1 << 0) /* 'force unit access' during write */
 #define NBD_CMD_FLAG_NO_HOLE(1 << 1) /* don't punch hole on zero run */
+#define NBD_CMD_FLAG_DF (1 << 2) /* don't fragment structured read */

 /* Supported request types */
 enum {
@@ -149,6 +173,22 @@ enum {
  * aren't overflowing some other buffer. */
 #define NBD_MAX_NAME_SIZE 256

+/* Two types of reply structures */
+#define NBD_SIMPLE_REPLY_MAGIC  0x67446698
+#define NBD_STRUCTURED_REPLY_MAGIC  0x668e33ef
+
+/* Structured reply flags */
+#define NBD_REPLY_FLAG_DONE  (1 << 0) /* This reply-chunk is last */
+
+/* Structured reply types */
+#define NBD_REPLY_ERR(value) ((1 << 15) | (value))
+
+#define NBD_REPLY_TYPE_NONE  0
+#define NBD_REPLY_TYPE_OFFSET_DATA   1
+#define NBD_REPLY_TYPE_OFFSET_HOLE   2
+#define NBD_REPLY_TYPE_ERROR NBD_REPLY_ERR(1)
+#define NBD_REPLY_TYPE_ERROR_OFFSET  NBD_REPLY_ERR(2)
+
 /* NBD errors are based on errno numbers, so there is a 1:1 mapping,
  * but only a limited set of errno values is specified in the protocol.
  * Everything else is squashed to EINVAL.
@@ -159,6 +199,7 @@ enum {
 #define NBD_ENOMEM 12
 #define NBD_EINVAL 22
 #define NBD_ENOSPC 28
+#define NBD_EOVERFLOW  75
 #define NBD_ESHUTDOWN  108

 /* Details collected by NBD_OPT_EXPORT_NAME and NBD_OPT_GO */
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index df6c8b2f24..4f24d6e57d 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -47,7 +47,6 @@
 #define NBD_OLDSTYLE_NEGOTIATE_SIZE (8 + 8 + 8 + 4 + 124)

 #define NBD_REQUEST_MAGIC   0x25609513
-#define NBD_SIMPLE_REPLY_MAGIC  0x67446698
 #define NBD_OPTS_MAGIC  0x49484156454F5054LL
 #define NBD_CLIENT_MAGIC0x420281861253LL
 #define NBD_REP_MAGIC   0x0003e889045565a9LL
@@ -114,6 +113,7 @@ const char *nbd_opt_lookup(uint32_t opt);
 const char *nbd_rep_lookup(uint32_t rep);
 const char *nbd_info_lookup(uint16_t info);
 const char *nbd_cmd_lookup(uint16_t info);
+const char *nbd_reply_type_lookup(uint16_t type);
 const char *nbd_err_lookup(int err);

 int nbd_drop(QIOChannel *ioc, size_t size, Error **errp);
diff --git a/nbd/common.c b/nbd/common.c
index 593904f148..6047d71748 100644
--- a/nbd/common.c
+++ b/nbd/common.c
@@

[Qemu-devel] [PATCH v5 00/11] nbd minimal structured read

2017-10-19 Thread Eric Blake

I've incorporated a few more tweaks since v4:
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg03305.html

I tried to call out the biggest changes in the various commits, but
it includes bug fixes from my testing, and fixing places spotted
by Vladimir.  I still haven't validated the behavior of the client
against a server that sends more than one chunk per reply, but this
is looking closer to a pull request, hopefully in time for soft freeze.

001/11:[0002] [FC] 'nbd: Include error names in trace messages'
002/11:[] [-C] 'nbd: Move nbd_errno_to_system_errno() to public header'
003/11:[] [--] 'nbd: Expose constants and structs for structured read'
004/11:[down] 'nbd/server: Report error for write to read-only export'
005/11:[down] 'nbd/server: Refactor zero-length option check'
006/11:[0014] [FC] 'nbd: Minimal structured read for server'
007/11:[0016] [FC] 'nbd/server: Include human-readable message in structured 
errors'
008/11:[0023] [FC] 'nbd/client: refactor nbd_receive_starttls'
009/11:[0004] [FC] 'nbd/client: prepare nbd_receive_reply for structured reply'
010/11:[] [--] 'nbd: Move nbd_read() to common header'
011/11:[0282] [FC] 'nbd: Minimal structured read for client'

Eric Blake (7):
  nbd: Include error names in trace messages
  nbd: Move nbd_errno_to_system_errno() to public header
  nbd: Expose constants and structs for structured read
  nbd/server: Report error for write to read-only export
  nbd/server: Refactor zero-length option check
  nbd/server: Include human-readable message in structured errors
  nbd: Move nbd_read() to common header

Vladimir Sementsov-Ogievskiy (4):
  nbd: Minimal structured read for server
  nbd/client: refactor nbd_receive_starttls
  nbd/client: prepare nbd_receive_reply for structured reply
  nbd: Minimal structured read for client

 include/block/nbd.h | 106 +++-
 nbd/nbd-internal.h  |  23 +--
 block/nbd-client.c  | 491 
 nbd/client.c| 215 +++
 nbd/common.c|  84 +
 nbd/server.c| 194 +++--
 nbd/trace-events|  15 +-
 7 files changed, 934 insertions(+), 194 deletions(-)

-- 
2.13.6

[Qemu-devel] [PATCH v5 02/11] nbd: Move nbd_errno_to_system_errno() to public header

2017-10-19 Thread Eric Blake

This is needed in preparation for structured reply handling,
as we will be performing the translation from NBD error to
system errno value higher in the stack at block/nbd-client.c.

Signed-off-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/nbd.h | 13 +
 nbd/nbd-internal.h  | 12 
 nbd/client.c| 32 
 nbd/common.c| 34 ++
 nbd/trace-events|  4 +++-
 5 files changed, 50 insertions(+), 45 deletions(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index a6df5ce8b5..dc62b5cd19 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -149,6 +149,18 @@ enum {
  * aren't overflowing some other buffer. */
 #define NBD_MAX_NAME_SIZE 256

+/* NBD errors are based on errno numbers, so there is a 1:1 mapping,
+ * but only a limited set of errno values is specified in the protocol.
+ * Everything else is squashed to EINVAL.
+ */
+#define NBD_SUCCESS0
+#define NBD_EPERM  1
+#define NBD_EIO5
+#define NBD_ENOMEM 12
+#define NBD_EINVAL 22
+#define NBD_ENOSPC 28
+#define NBD_ESHUTDOWN  108
+
 /* Details collected by NBD_OPT_EXPORT_NAME and NBD_OPT_GO */
 struct NBDExportInfo {
 /* Set by client before nbd_receive_negotiate() */
@@ -172,6 +184,7 @@ int nbd_send_request(QIOChannel *ioc, NBDRequest *request);
 int nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, Error **errp);
 int nbd_client(int fd);
 int nbd_disconnect(int fd);
+int nbd_errno_to_system_errno(int err);

 typedef struct NBDExport NBDExport;
 typedef struct NBDClient NBDClient;
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index 4bfe5be884..df6c8b2f24 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -64,18 +64,6 @@
 #define NBD_SET_TIMEOUT _IO(0xab, 9)
 #define NBD_SET_FLAGS   _IO(0xab, 10)

-/* NBD errors are based on errno numbers, so there is a 1:1 mapping,
- * but only a limited set of errno values is specified in the protocol.
- * Everything else is squashed to EINVAL.
- */
-#define NBD_SUCCESS0
-#define NBD_EPERM  1
-#define NBD_EIO5
-#define NBD_ENOMEM 12
-#define NBD_EINVAL 22
-#define NBD_ENOSPC 28
-#define NBD_ESHUTDOWN  108
-
 /* nbd_read_eof
  * Tries to read @size bytes from @ioc.
  * Returns 1 on success
diff --git a/nbd/client.c b/nbd/client.c
index 59d7c9d49f..50f36b511e 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -22,38 +22,6 @@
 #include "trace.h"
 #include "nbd-internal.h"

-static int nbd_errno_to_system_errno(int err)
-{
-int ret;
-switch (err) {
-case NBD_SUCCESS:
-ret = 0;
-break;
-case NBD_EPERM:
-ret = EPERM;
-break;
-case NBD_EIO:
-ret = EIO;
-break;
-case NBD_ENOMEM:
-ret = ENOMEM;
-break;
-case NBD_ENOSPC:
-ret = ENOSPC;
-break;
-case NBD_ESHUTDOWN:
-ret = ESHUTDOWN;
-break;
-default:
-trace_nbd_unknown_error(err);
-/* fallthrough */
-case NBD_EINVAL:
-ret = EINVAL;
-break;
-}
-return ret;
-}
-
 /* Definitions for opaque data types */

 static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
diff --git a/nbd/common.c b/nbd/common.c
index 7456021f7e..593904f148 100644
--- a/nbd/common.c
+++ b/nbd/common.c
@@ -18,6 +18,7 @@

 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "trace.h"
 #include "nbd-internal.h"

 /* Discard length bytes from channel.  Return -errno on failure and 0 on
@@ -171,3 +172,36 @@ const char *nbd_err_lookup(int err)
 return "";
 }
 }
+
+
+int nbd_errno_to_system_errno(int err)
+{
+int ret;
+switch (err) {
+case NBD_SUCCESS:
+ret = 0;
+break;
+case NBD_EPERM:
+ret = EPERM;
+break;
+case NBD_EIO:
+ret = EIO;
+break;
+case NBD_ENOMEM:
+ret = ENOMEM;
+break;
+case NBD_ENOSPC:
+ret = ENOSPC;
+break;
+case NBD_ESHUTDOWN:
+ret = ESHUTDOWN;
+break;
+default:
+trace_nbd_unknown_error(err);
+/* fallthrough */
+case NBD_EINVAL:
+ret = EINVAL;
+break;
+}
+return ret;
+}
diff --git a/nbd/trace-events b/nbd/trace-events
index 920c8a0e5e..ab3d7dad4f 100644
--- a/nbd/trace-events
+++ b/nbd/trace-events
@@ -1,5 +1,4 @@
 # nbd/client.c
-nbd_unknown_error(int err) "Squashing unexpected error %d to EINVAL"
 nbd_send_option_request(uint32_t opt, const char *name, uint32_t len) "Sending 
option request %" PRIu32" (%s), len %" PRIu32
 nbd_receive_option_reply(uint32_t option, const char *optname, uint32_t type, 
const char *typename, uint32_t length) "Received option reply 0x%" PRIx32" 
(%s), type 0x%" PRIx32" (%s), len %" PRIu32
 nbd_reply_err_unsup(uint32_t option, const char *name) "server doesn't 
understand request 0x%" PRIx32 " (%s),

Re: [Qemu-devel] [PULL 07/11] tools: add qemu-keymap

2017-10-19 Thread Eric Blake

On 10/19/2017 05:09 PM, Eric Blake wrote:
> On 10/16/2017 08:16 AM, Gerd Hoffmann wrote:
>> qemu-keymap generates qemu reverse keymaps from xkb keymaps,
>> which can be used with the qemu "-k" command line switch.
>>
>> Signed-off-by: Gerd Hoffmann 
>> Message-id: 20171005153330.19210-2-kra...@redhat.com
>> ---
>>  configure |  23 ++
>>  Makefile  |   5 ++
>>  qemu-keymap.c | 258 
>> ++
>>  3 files changed, 286 insertions(+)
>>  create mode 100644 qemu-keymap.c
> 
> For in-tree builds, this forgot to update .gitignore so that
> 'qemu-keymap' isn't accidentally checked in via 'git add -a'.

And on a related note, commit 2e1d70b pollutes the tree with a new
ui/shader/texture-blit-flip-vert.h, that should also be mentioned in
.gitignore.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL 07/11] tools: add qemu-keymap

2017-10-19 Thread Eric Blake

On 10/16/2017 08:16 AM, Gerd Hoffmann wrote:
> qemu-keymap generates qemu reverse keymaps from xkb keymaps,
> which can be used with the qemu "-k" command line switch.
> 
> Signed-off-by: Gerd Hoffmann 
> Message-id: 20171005153330.19210-2-kra...@redhat.com
> ---
>  configure |  23 ++
>  Makefile  |   5 ++
>  qemu-keymap.c | 258 
> ++
>  3 files changed, 286 insertions(+)
>  create mode 100644 qemu-keymap.c

For in-tree builds, this forgot to update .gitignore so that
'qemu-keymap' isn't accidentally checked in via 'git add -a'.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 24/42] tpm-be: call request_completed() out of thread

2017-10-19 Thread Stefan Berger


On 10/09/2017 06:56 PM, Marc-André Lureau wrote:

Lift from the backend implementation the responsability to call the
request_completed() callback outside of thread context. This also


I don't think this is what you are doing here. It's still in thread context.

Something is breaking the TIS interface in this patch. The symptom is 
that SeaBIOS doesn't show its menu anymore.


I have to withdraw my Reviewed-by from this one. It looked sufficiently 
harmless but it's not.


Stefan


simplify frontend/interface work, as they no longer need to care
whether the callback is called from a different thread.

Signed-off-by: Marc-André Lureau 
---
  hw/tpm/tpm_int.h |  1 -
  include/sysemu/tpm_backend.h |  1 +
  backends/tpm.c   | 15 ++-
  hw/tpm/tpm_emulator.c|  2 --
  hw/tpm/tpm_passthrough.c |  3 ---
  hw/tpm/tpm_tis.c | 36 +---
  6 files changed, 28 insertions(+), 30 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index 9c045b6691..9c49325f03 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -30,7 +30,6 @@ typedef struct TPMIf {
  typedef struct TPMIfClass {
  InterfaceClass parent_class;

-/* run in thread pool by backend */
  void (*request_completed)(TPMIf *obj);
  } TPMIfClass;

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 8d08765b3c..dd4fb288ea 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -48,6 +48,7 @@ struct TPMBackend {
  bool opened;
  GThreadPool *thread_pool;
  bool had_startup_error;
+QEMUBH *bh;

  /*  */
  char *id;
diff --git a/backends/tpm.c b/backends/tpm.c
index 86f0e7e915..58f823d54c 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -18,14 +18,25 @@
  #include "qapi/qmp/qerror.h"
  #include "sysemu/tpm.h"
  #include "qemu/thread.h"
+#include "qemu/main-loop.h"
+
+static void tpm_backend_request_completed_bh(void *opaque)
+{
+TPMBackend *s = TPM_BACKEND(opaque);
+TPMIfClass *tic = TPM_IF_GET_CLASS(s->tpmif);
+
+tic->request_completed(s->tpmif);
+}

  static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
  {
  TPMBackend *s = TPM_BACKEND(user_data);
-TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
+TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);

  assert(k->handle_request != NULL);
  k->handle_request(s, (TPMBackendCmd *)data);
+
+qemu_bh_schedule(s->bh);
  }

  static void tpm_backend_thread_end(TPMBackend *s)
@@ -193,6 +204,7 @@ static void tpm_backend_instance_init(Object *obj)
   tpm_backend_prop_set_opened,
   NULL);
  s->fe_model = -1;
+s->bh = qemu_bh_new(tpm_backend_request_completed_bh, s);
  }

  static void tpm_backend_instance_finalize(Object *obj)
@@ -202,6 +214,7 @@ static void tpm_backend_instance_finalize(Object *obj)
  object_unref(OBJECT(s->tpmif));
  g_free(s->id);
  tpm_backend_thread_end(s);
+qemu_bh_delete(s->bh);
  }

  static const TypeInfo tpm_backend_info = {
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 07e7aa4abc..36454837b3 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -176,7 +176,6 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, 
uint8_t locty_number,
  static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
  {
  TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);
  Error *err = NULL;

  DPRINTF("processing TPM command");
@@ -191,7 +190,6 @@ static void tpm_emulator_handle_request(TPMBackend *tb, 
TPMBackendCmd *cmd)
  goto error;
  }

-tic->request_completed(tb->tpmif);
  return;

  error:
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 2ad74badca..8c002e4da6 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -139,14 +139,11 @@ err_exit:
  static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
  {
  TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
-TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpmif);

  DPRINTF("tpm_passthrough: processing command %p\n", cmd);

  tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
   cmd->out, cmd->out_len, >selftest_done);
-
-tic->request_completed(tb->tpmif);
  }

  static void tpm_passthrough_reset(TPMBackend *tb)
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index b3757bfbda..355427ab29 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -76,7 +76,6 @@ typedef struct TPMState {
  ISADevice busdev;
  MemoryRegion mmio;

-QEMUBH *bh;
  uint32_t offset;
  uint8_t buf[TPM_TIS_BUFFER_MAX];

@@ -411,10 +410,20 @@ static void tpm_tis_prep_abort(TPMState *s, uint8_t 
locty, uint8_t newlocty)
  tpm_tis_abort(s, locty);
  }

-static void tpm_tis_receive_bh(void

Re: [Qemu-devel] [PATCH v4 5/8] nbd/server: Include human-readable message in structured errors

2017-10-19 Thread Eric Blake

On 10/14/2017 08:01 PM, Eric Blake wrote:
> The NBD spec permits including a human-readable error string if
> structured replies are in force, so we might as well send the
> client the message that we logged on any error.
> 
> Signed-off-by: Eric Blake 
> ---
>  nbd/server.c | 22 --
>  nbd/trace-events |  2 +-
>  2 files changed, 17 insertions(+), 7 deletions(-)
> 

>  assert(nbd_err);
> -trace_nbd_co_send_structured_error(handle, nbd_err);
> +trace_nbd_co_send_structured_error(handle, nbd_err,
> +   nbd_err_lookup(nbd_err), msg);
>  set_be_chunk(, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_ERROR, handle,
>   sizeof(chunk) - sizeof(chunk.h));

Bug - it's a bad idea to not include the message length in the overall
length, because the client then gets out of sync with the server (it
reads only 6 bytes instead of 6+strlen(msg) bytes, and expects the
message to start with the magic number for the next reply).

>  stl_be_p(, nbd_err);
> -stw_be_p(_length, 0);
> +stw_be_p(_length, iov[1].iov_len);

But this also highlights a bug in 9/8, where we have:

> +static int nbd_parse_error_payload(NBDStructuredReplyChunk *chunk,
> +   uint8_t *payload, int *request_ret,
> +   Error **errp)
> +{
> +uint32_t error;
> +uint16_t message_size;
> +
> +assert(chunk->type & (1 << 15));
> +
> +if (chunk->length < sizeof(error) + sizeof(message_size)) {
> +error_setg(errp,
> +   "Protocol error: invalid payload for structured error");
> +return -EINVAL;
> +}
> +
> +error = nbd_errno_to_system_errno(payload_advance32());
> +if (error == 0) {
> +error_setg(errp, "Protocol error: server sent structured error chunk"
> + "with error = 0");
> +return -EINVAL;
> +}
> +
> +*request_ret = error;
> +message_size = payload_advance16();
> +error_setg_errno(errp, error, "%.*s", message_size, payload);

Whoops - no sanity check that message_size fits within chunk->length.
So when we read message_length 33 (when the server sends a message 33
bytes long), we are then dereferencing up to 33 bytes of garbage beyond
the end of payload.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 1/2] target/arm: Move BE32 disassembler fixup

2017-10-19 Thread Richard Henderson

The Capstone disassembler has its own big-endian fixup.
Doing this twice does not work, of course.  Move our current
fixup from target/arm/cpu.c to disas/arm.c.

This makes read_memory_inner_func unused and can be removed.

Signed-off-by: Richard Henderson 
---
 include/disas/bfd.h |  7 ---
 disas/arm.c | 21 -
 target/arm/cpu.c| 19 ---
 3 files changed, 16 insertions(+), 31 deletions(-)

diff --git a/include/disas/bfd.h b/include/disas/bfd.h
index 9b0657cfa9..1f88c9e9d5 100644
--- a/include/disas/bfd.h
+++ b/include/disas/bfd.h
@@ -307,12 +307,6 @@ typedef struct disassemble_info {
 (bfd_vma memaddr, bfd_byte *myaddr, int length,
 struct disassemble_info *info);
 
-  /* A place to stash the real read_memory_func if read_memory_func wants to
- do some funky address arithmetic or similar (e.g. for ARM BE32 mode).  */
-  int (*read_memory_inner_func)
-(bfd_vma memaddr, bfd_byte *myaddr, int length,
- struct disassemble_info *info);
-
   /* Function which should be called if we get an error that we can't
  recover from.  STATUS is the errno value from read_memory_func and
  MEMADDR is the address that we were trying to read.  INFO is a
@@ -483,7 +477,6 @@ int generic_symbol_at_address(bfd_vma, struct 
disassemble_info *);
   (INFO).buffer_vma = 0, \
   (INFO).buffer_length = 0, \
   (INFO).read_memory_func = buffer_read_memory, \
-  (INFO).read_memory_inner_func = NULL, \
   (INFO).memory_error_func = perror_memory, \
   (INFO).print_address_func = generic_print_address, \
   (INFO).print_insn = NULL, \
diff --git a/disas/arm.c b/disas/arm.c
index 27396dd3e1..9967c45990 100644
--- a/disas/arm.c
+++ b/disas/arm.c
@@ -70,6 +70,17 @@ static void floatformat_to_double (unsigned char *data, 
double *dest)
 *dest = u.f;
 }
 
+static int arm_read_memory(bfd_vma memaddr, bfd_byte *b, int length,
+   struct disassemble_info *info)
+{
+assert((info->flags & INSN_ARM_BE32) == 0 || length == 2 || length == 4);
+
+if ((info->flags & INSN_ARM_BE32) != 0 && length == 2) {
+memaddr ^= 2;
+}
+return info->read_memory_func(memaddr, b, length, info);
+}
+
 /* End of qemu specific additions.  */
 
 struct opcode32
@@ -3810,7 +3821,7 @@ find_ifthen_state (bfd_vma pc, struct disassemble_info 
*info,
  return;
}
   addr -= 2;
-  status = info->read_memory_func (addr, (bfd_byte *)b, 2, info);
+  status = arm_read_memory (addr, (bfd_byte *)b, 2, info);
   if (status)
return;
 
@@ -3882,7 +3893,7 @@ print_insn_arm (bfd_vma pc, struct disassemble_info *info)
   info->bytes_per_chunk = size;
   printer = print_insn_data;
 
-  status = info->read_memory_func (pc, (bfd_byte *)b, size, info);
+  status = arm_read_memory (pc, (bfd_byte *)b, size, info);
   given = 0;
   if (little)
for (i = size - 1; i >= 0; i--)
@@ -3899,7 +3910,7 @@ print_insn_arm (bfd_vma pc, struct disassemble_info *info)
   info->bytes_per_chunk = 4;
   size = 4;
 
-  status = info->read_memory_func (pc, (bfd_byte *)b, 4, info);
+  status = arm_read_memory (pc, (bfd_byte *)b, 4, info);
   if (little)
given = (b[0]) | (b[1] << 8) | (b[2] << 16) | ((unsigned)b[3] << 24);
   else
@@ -3915,7 +3926,7 @@ print_insn_arm (bfd_vma pc, struct disassemble_info *info)
   info->bytes_per_chunk = 2;
   size = 2;
 
-  status = info->read_memory_func (pc, (bfd_byte *)b, 2, info);
+  status = arm_read_memory (pc, (bfd_byte *)b, 2, info);
   if (little)
given = (b[0]) | (b[1] << 8);
   else
@@ -3929,7 +3940,7 @@ print_insn_arm (bfd_vma pc, struct disassemble_info *info)
  || (given & 0xF800) == 0xF000
  || (given & 0xF800) == 0xE800)
{
- status = info->read_memory_func (pc + 2, (bfd_byte *)b, 2, info);
+ status = arm_read_memory (pc + 2, (bfd_byte *)b, 2, info);
  if (little)
given = (b[0]) | (b[1] << 8) | (given << 16);
  else
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 1576a6d372..bc9d70df04 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -474,21 +474,6 @@ print_insn_thumb1(bfd_vma pc, disassemble_info *info)
   return print_insn_arm(pc | 1, info);
 }
 
-static int arm_read_memory_func(bfd_vma memaddr, bfd_byte *b,
-int length, struct disassemble_info *info)
-{
-assert(info->read_memory_inner_func);
-assert((info->flags & INSN_ARM_BE32) == 0 || length == 2 || length == 4);
-
-if ((info->flags & INSN_ARM_BE32) != 0 && length == 2) {
-assert(info->endian == BFD_ENDIAN_LITTLE);
-return info->read_memory_inner_func(memaddr ^ 2, (bfd_byte *)b, 2,
-info);
-} else {
-return info->read_memory_inner_func(memaddr, b, length, info);
-}
-}
-
 static void

[Qemu-devel] [PATCH 0/2] Fix armeb-linux-user disassembly

2017-10-19 Thread Richard Henderson

Reported in 
  https://bugs.launchpad.net/qemu/+bug/1724485

There's one existing bug here, wrt setting INSN_ARM_BE32, and
another when it comes to the capstone disassembler patch set.


r~


Richard Henderson (2):
  target/arm: Move BE32 disassembler fixup
  target/arm: Don't set INSN_ARM_BE32 for CONFIG_USER_ONLY

 include/disas/bfd.h |  7 ---
 disas/arm.c | 21 -
 target/arm/cpu.c| 28 +++-
 3 files changed, 23 insertions(+), 33 deletions(-)

-- 
2.13.6

[Qemu-devel] [PATCH 2/2] target/arm: Don't set INSN_ARM_BE32 for CONFIG_USER_ONLY

2017-10-19 Thread Richard Henderson

This matches translator behaviour in arm_lduw_code.

Fixes: https://bugs.launchpad.net/qemu/+bug/1724485
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index bc9d70df04..a0ed11c9a5 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -478,6 +478,7 @@ static void arm_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 {
 ARMCPU *ac = ARM_CPU(cpu);
 CPUARMState *env = >env;
+bool sctlr_b;
 
 if (is_a64(env)) {
 /* We might not be compiled with the A64 disassembler
@@ -506,7 +507,9 @@ static void arm_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 info->cap_arch = CS_ARCH_ARM;
 info->cap_mode = cap_mode;
 }
-if (bswap_code(arm_sctlr_b(env))) {
+
+sctlr_b = arm_sctlr_b(env);
+if (bswap_code(sctlr_b)) {
 #ifdef TARGET_WORDS_BIGENDIAN
 info->endian = BFD_ENDIAN_LITTLE;
 #else
@@ -514,9 +517,11 @@ static void arm_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 #endif
 }
 info->flags &= ~INSN_ARM_BE32;
-if (arm_sctlr_b(env)) {
+#ifndef CONFIG_USER_ONLY
+if (sctlr_b) {
 info->flags |= INSN_ARM_BE32;
 }
+#endif
 }
 
 uint64_t arm_cpu_mp_affinity(int idx, uint8_t clustersz)
-- 
2.13.6

Re: [Qemu-devel] [PATCH] don't hardcode EL1 in extended_addresses_enabled

2017-10-19 Thread Stefano Stabellini

On Thu, 19 Oct 2017, Peter Maydell wrote:
> On 18 October 2017 at 23:41, Stefano Stabellini  
> wrote:
> > extended_addresses_enabled calls arm_el_is_aa64, hardcoding exception
> > level 1. Instead, retrieve the current el calling arm_current_el.
> >
> > Signed-off-by: Stefano Stabellini 
> >
> > diff --git a/target/arm/internals.h b/target/arm/internals.h
> > index 1f6efef..63507d9 100644
> > --- a/target/arm/internals.h
> > +++ b/target/arm/internals.h
> > @@ -187,7 +187,7 @@ static inline unsigned int arm_pamax(ARMCPU *cpu)
> >  static inline bool extended_addresses_enabled(CPUARMState *env)
> >  {
> >  TCR *tcr = >cp15.tcr_el[arm_is_secure(env) ? 3 : 1];
> > -return arm_el_is_aa64(env, 1) ||
> > +return arm_el_is_aa64(env, arm_current_el(env)) ||
> > (arm_feature(env, ARM_FEATURE_LPAE) && (tcr->raw_tcr & 
> > TTBCR_EAE));
> >  }
> 
> Hmm. The current code was definitely written under a "aarch64
> only supports EL0 and EL1" assumption, but I'm not sure
> this change is entirely correct.
> 
> We use this function in 3 places:
> 
>  * identifying whether to flush TLBs on CONTEXTIDR writes
> -- using current EL seems like the right thing (but I'm not
>sure -- perhaps we should pass in the S/NS from which
>version of the 32-bit banked register is being updated
>rather than using arm_is_secure(env) ???)
>  * choosing a PAR format for ATS operations
> -- using the current EL is closer to correct that what we
>have now. There are cases for a 32-bit CPU in Hyp mode that
>this code mishandles, but we don't support that yet.
>  * choosing an FSR value when taking a breakpoint or watchpoint trap
> -- here what we want the function to mean is "what is the
>FSR format for the EL we're about to take this debug
>exception to", which isn't necessarily the answer for the
>current EL (consider 32 bit EL0 under a 64-bit EL1)
> 
> So this change will fix the PAR format for ATS operations
> made at AArch64 EL2 when EL1 is AArch32, but it will break
> the FSR format for breakpoints/watchpoints hit at AArch32 EL0
> and taken to AArch64 EL1, I think.
> 
> We probably need to separate out these uses to not all try
> to use the same function, and clarify what they're checking.


What if we do use a single extended_addresses_enabled function, but we
pass the EL to check? I think it makes sense, but please check the
changes below, especially the ones to arm_debug_excp_handler.
What do you think?


diff --git a/target/arm/helper.c b/target/arm/helper.c
index 96113fe..2298428 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -500,7 +500,7 @@ static void contextidr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 ARMCPU *cpu = arm_env_get_cpu(env);
 
 if (raw_read(env, ri) != value && !arm_feature(env, ARM_FEATURE_PMSA)
-&& !extended_addresses_enabled(env)) {
+&& !extended_addresses_enabled(env, arm_current_el(env))) {
 /* For VMSA (when not using the LPAE long descriptor page table
  * format) this register includes the ASID, so do a TLB flush.
  * For PMSA it is purely a process ID and no action is needed.
@@ -2162,7 +2162,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t 
value,
 
 ret = get_phys_addr(env, value, access_type, mmu_idx,
 _addr, , , _size, , );
-if (extended_addresses_enabled(env)) {
+if (extended_addresses_enabled(env, arm_current_el(env))) {
 /* fsr is a DFSR/IFSR value for the long descriptor
  * translation table format, but with WnR always clear.
  * Convert it to a 64-bit PAR.
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 43106a2..6792df2 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -217,10 +217,10 @@ static inline unsigned int arm_pamax(ARMCPU *cpu)
  * This is always the case if our translation regime is 64 bit,
  * but depends on TTBCR.EAE for 32 bit.
  */
-static inline bool extended_addresses_enabled(CPUARMState *env)
+static inline bool extended_addresses_enabled(CPUARMState *env, unsigned int 
el)
 {
-TCR *tcr = >cp15.tcr_el[arm_is_secure(env) ? 3 : 1];
-return arm_el_is_aa64(env, 1) ||
+TCR *tcr = >cp15.tcr_el[el];
+return arm_el_is_aa64(env, el) ||
(arm_feature(env, ARM_FEATURE_LPAE) && (tcr->raw_tcr & TTBCR_EAE));
 }
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 3914145..4f46eb8 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -1378,7 +1378,7 @@ void arm_debug_excp_handler(CPUState *cs)
 
 cs->watchpoint_hit = NULL;
 
-if (extended_addresses_enabled(env)) {
+if (extended_addresses_enabled(env, arm_debug_target_el(env))) {
 env->exception.fsr = (1 << 9) | 0x22;
 } else {
 env->exception.fsr = 0x2;
@@ -1402,7 +1402,7 @@ void

Re: [Qemu-devel] [PATCH v4 1/4] vhost-user: add new vhost user messages to support virtio config space

2017-10-19 Thread Paolo Bonzini

On 19/10/2017 19:43, Michael S. Tsirkin wrote:
> On Thu, Oct 19, 2017 at 05:43:18PM +0200, Paolo Bonzini wrote:
>> On 19/10/2017 17:39, Michael S. Tsirkin wrote:
 Add VHOST_USER_GET_CONFIG/VHOST_USER_SET_CONFIG messages which can be
 used for live migration of vhost user devices, also vhost user devices
 can benefit from the messages to get/set virtio config space from/to the
 I/O target. For the purpose to support virtio config space change,
 VHOST_USER_SET_CONFIG_FD message is added as the event notifier
 in case virtio config space change in the I/O target.

 Signed-off-by: Changpeng Liu 
>>> I don't much like it that config is getting passed through.
>>>
>>> IMO this makes managing things harder not easier.
>>>
>>> How about specific messages about specific parts of
>>> config space that you want to get from the backend?
>>
>> In the case of virtio-blk that would be all of it.  Do you have a case
>> in mind where some part of the configuration space is owned by QEMU?
>>
>> Paolo
> 
> Yes. seg_max

The seg_max limit is established by whoever reads buffers from the vring
and passes them down to the lower layer.  For vhost-blk that's the
device server, not QEMU.

Paolo

Re: [Qemu-devel] [PATCH v5 03/10] qemu-iotests: automatically clean up bash protocol servers

2017-10-19 Thread Paolo Bonzini

On 19/10/2017 16:52, Jeff Cody wrote:
> On Thu, Oct 19, 2017 at 12:23:39PM +0200, Paolo Bonzini wrote:
>> On 18/10/2017 19:27, Jeff Cody wrote:
>>> On final exit, yes, a test needs not remember to remove all of its mouse
>>> droppings.  But as far as not needing to remove images in intermediate
>>> stages of a given test, I think that assumes too much. For instance,
>>> qemu-img _should_ be able to rebuild a format on top of the same image.  But
>>> maybe a test wants to see if that specific functionality actually works as
>>> intended, and compares removing and creating an image to rebuilding on top
>>> of an image, etc.
>>
>> Right, but let's draw a line, does such a test need to support multiple
>> protocols?  For example:
>>
> This is a good question.  But, I'm not sure that this is a question this
> series is trying to answer; one goal of this series is to keep the existing
> APIs currently in use by tests unchanged.

Right, but in order to do so it's also making the line between test and
harness unclear, which is something I'd like to avoid (when I looked at
it a couple months ago, the line was surprisingly clear apart from some
confusion around searching for programs, and separating check vs.
common.rc turned out to be very easy).

>> [snip] So, this is why I was wondering whether patches 3/4 kinda paint
>> ourselves in the corner.
> 
> I think this conflates a bit how we'd like to restructure tests in a future
> harness rewrite, and what this series does.

This is true.  But this sure is not exactly keeping the test APIs
intact.  The APIs are intact, but the usage isn't---for example, for
patch 9 to work you need to _not_ use _cleanup_test_img in the tests.

> If we look at what patches 3 & 4 do:
> 
> Patch 3:
> 
> - Code movement within common.rc, but doesn't change the API.  Tests
>   still just call _cleanup_test_img() as needed.
> 
> - It does break apart _cleanup_test_img(), thereby technically creating
>   some new APIs available to future tests:
>  * _cleanup_nbd()
>  * _cleanup_vxhs()
>  * _cleanup_rbd()
>  * _cleanup_sheepdog()
>  * _cleanup_protocols()
> 
>   Maybe these new APIs are a sticking point?  If so, perhaps we can mark
>   them (via comments) as internal-only?
> 
> - ./check does an extra protocol cleanup check after a test is run, via
>   the new _cleanup_protocols().
> 
> As far as existing tests go, no changes yet.

Here I'd like to remove _cleanup_test_img as a test API even.  Most
invocations out of the "trap" are unnecessary.  Some (for VMDK) can be
changed to _rm_test_img or changed to create a file with a new name (to
make patch 9 more effective).

With that change, we can apply patch 4 with no issue.

> Patch 4:
> 
> - Removes test exit cleanup from tests
> 
> Now this does change test behavior, as it relies on the harness for file
> and protocol cleanup at test exit.
> 
> This will indeed paint us in a corner if we want a new check.py to not
> perform the test exit cleanup, and leave test cleanup (either partially
> or fully) as the responsibility for the tests. [1]

I think patch 9 is enough proof that check should perform the test exit
cleanup.

But again, the thing I'm worried about is mixing code between check and
tests.

>> So, looking at the patches:
>>
>> - 1, 2, 7, 8, 9 are definitely good ideas, and should be done _before_
>> an eventual/hypothetical Python rewrite of "check".
> 
> Alas, 9 requires 4 (which in turn requires 3).  Without 4, there is nothing
> to keep, as the tests try to remove it all.
> 
>> - for 5, 6 I think we should be using shell job control instead in
>> "check" ('set -m')
>>
>>   #! /bin/sh
>>   set -m
>>   # Start a job which leaves two processes behind.  By starting it
>>   # in the background, we can get the leader process's pid in $!
>>   # That pid is also the process group id of the whole job.
>>   sh -c 'echo subshell pid is $$; sleep 10 | sleep 15 &' &
>>   pgrp=$!
>>   wait
>>   echo '$! is '$pgrp', killing all processes in that group:'
>>   pgrep -g $pgrp -a
>>   kill -TERM -$pgrp
>>   sleep 1
>>   echo Leftover processes have been killed:
>>   ps axo pid,ppid,pgrp,stat,tty,comm|grep sleep
>>
> 
> Existing tests right now use _cleanup_qemu in their tests (outside of final
> cleanup): 095 109 117 130, etc.  So we can do process control differently,
> but _cleanup_qemu still needs to exist and also clean up other files (such
> as fifos, close fds, etc..), and provide the same functionality (optional
> wait-for-completion, etc.), if we are keeping the usage by tests the same.

Yes, _cleanup_qemu can stay in the tests.

> [1] So on that point: do you think individual tests should be responsible
> for cleaning up files and processes at test exit?  If that answer is a 'yes'
> to either files or processes, then 3, 4, 6 (and maybe 9) are incompatible
> with a future redesign with that assumption.  FWIW, my thought is that the
> answer

[Qemu-devel] unknown keycodes `(unnamed)'

2017-10-19 Thread Spaceboy Ross


unknown keycodes `(unnamed)', please report to qemu-devel@nongnu.org

uname -a returns:

Linux spaceboyross-Latitude-D630 4.13.0-16-generic #19-Ubuntu SMP Wed 
Oct 11 18:35:14 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Re: [Qemu-devel] [PATCH] fix WFI/WFE length in syndrome register

2017-10-19 Thread Stefano Stabellini

On Thu, 19 Oct 2017, Peter Maydell wrote:
> On 18 October 2017 at 23:03, Stefano Stabellini  
> wrote:
> > WFI/E are 4 bytes long: set ARM_EL_IL_SHIFT in the syndrome.
> >
> > Signed-off-by: Stefano Stabellini 
> >
> > diff --git a/target/arm/internals.h b/target/arm/internals.h
> > index 1f6efef..cf8c966 100644
> > --- a/target/arm/internals.h
> > +++ b/target/arm/internals.h
> > @@ -398,6 +398,7 @@ static inline uint32_t syn_breakpoint(int same_el)
> >  static inline uint32_t syn_wfx(int cv, int cond, int ti)
> >  {
> >  return (EC_WFX_TRAP << ARM_EL_EC_SHIFT) |
> > +   (1 << ARM_EL_IL_SHIFT) |
> > (cv << 24) | (cond << 20) | ti;
> >  }
> 
> Hmm. What we do now is definitely wrong, but WFI and WFE can be 2 bytes:
> there is a T1 Thumb encoding that is 2 bytes.
> 
> HELPER(wfi) doesn't get that right, though:
> if (target_el) {
> env->pc -= 4;
> raise_exception(env, EXCP_UDEF, syn_wfx(1, 0xe, 0), target_el);
> }
> 
> So I think that HELPER(wfi) needs to be passed an extra
> parameter is_16bit, which it can then use both in its adjustment
> of env->pc and to pass as an extra parameter to syn_wfx(),
> which is then syn_wfx(int cv, int cond, int ti, bool is_16bit).
> 
> (In theory HELPER(wfe) should also be passed is_16bit, but
> since it doesn't currently ever raise an exception it
> doesn't matter.)

Wouldn't it be better to just check on env->thumb like
HELPER(cpsr_write_eret) for example?

diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 670c07a..a451763 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 43106a2..55c70b4 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -428,9 +428,10 @@ static inline uint32_t syn_breakpoint(int same_el)
 | ARM_EL_IL | 0x22;
 }
 
-static inline uint32_t syn_wfx(int cv, int cond, int ti)
+static inline uint32_t syn_wfx(int cv, int cond, int ti, bool is_16bit)
 {
 return (EC_WFX_TRAP << ARM_EL_EC_SHIFT) |
+   (is_16bit ? 0 : (1 << ARM_EL_IL_SHIFT)) |
(cv << 24) | (cond << 20) | ti;
 }
 
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 3914145..ea16c9a 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -476,8 +476,8 @@ void HELPER(wfi)(CPUARMState *env)
 }
 
 if (target_el) {
-env->pc -= 4;
-raise_exception(env, EXCP_UDEF, syn_wfx(1, 0xe, 0), target_el);
+env->pc -= env->thumb ? 2 : 4;
+raise_exception(env, EXCP_UDEF, syn_wfx(1, 0xe, 0, env->thumb), 
target_el);
 }
 
 cs->exception_index = EXCP_HLT;

Re: [Qemu-devel] Running Qemu in discrete time/step by step

2017-10-19 Thread Emilio G. Cota

On Thu, Oct 19, 2017 at 14:14:12 +0900, Matt wrote:
(snip)
> - VMSimint does nearly that, it runs Qemu in discrete time but
> interface it with a JAVA simulator
> http://www.ikr.uni-stuttgart.de/Content/Publications/Archive/We_SIMUTools_2014_40209.pdf
> (with the code http://www.ikr.uni-stuttgart.de/Content/IKRSimLib/Download/)
> - http://web.ornl.gov/~nutarojj/adevs/ does sthg similar too

Nutaro's work to interface with QEMU has been posted on the list:
  https://patchwork.kernel.org/patch/9572497/
I'm Cc'ing him in case he's not subscribed to the list.

> My questions would be:
> 1/ do you know of any other related work ?

Is QEMU's record/replay mode of any use to you? Note that as is the
case with Nutaro's patch, you'll need icount mode (i.e. single-core)
enabled.

> 2/ I believe there is interest from the research side but would it be
> possible to merge either approach or a similar one (adevs patch
> doesn't seem too big ~500 lines), would that be of interest for the
> Qemu comminity too ?
> 3/ if yes to 2. How to proceed, which one would be favorite ? if no,
> what should be improved ? or would that be a definitive no ?

I think the adevs approach is reasonable. The patch hasn't gotten much
attention I guess because not many people care about this feature.
But if you could review the patch and certify that it works for you
(i.e. it works with simulators other than adevs), that could only help
the patch getting in.

That said, I make no merging decisions so take this as just my opinion.

Cheers,

Emilio

Re: [Qemu-devel] [PATCH v4 RFC 9/8] nbd: Minimal structured read for client

2017-10-19 Thread Eric Blake

On 10/17/2017 04:17 PM, Eric Blake wrote:
> On 10/17/2017 07:57 AM, Vladimir Sementsov-Ogievskiy wrote:
>> Minimal implementation: for structured error only error_report error
>> message.
>>
>> Signed-off-by: Vladimir Sementsov-Ogievskiy 
>> ---

> But in the client, I then perform 'w 0 0' (a zero-byte write, which
> should fail because the server is read-only).  I see:
> 
> C: 19481@1508268433.381446:nbd_send_request Sending request to server: {
> .from = 0, .len = 0, .handle = 93997172956880, .flags = 0x1, .type = 1
> (write) }
> S: 19479@1508268433.381516:nbd_receive_request Got request: { magic =
> 0x25609513, .flags = 0x1, .type = 0x1, from = 0, len = 0 }
> S: 19479@1508268433.381527:nbd_co_receive_request_decode_type Decoding
> type: handle = 93997172956880, type = 1 (write)
> S: 19479@1508268433.381540:nbd_co_receive_request_payload_received
> Payload received: handle = 93997172956880, len = 0
> S: 19479@1508268433.381564:nbd_co_send_structured_error Send structured
> error reply: handle = 93997172956880, error = 1 (EPERM), msg = ''
> C: 19481@1508268433.381622:nbd_receive_structured_reply_chunk Got
> structured reply chunk: { flags = 0x1, type = 32769, handle =
> 93997172956880, length = 6 }
> C: wrote 0/0 bytes at offset 0
> C: 0 bytes, 1 ops; 0.0002 sec (0 bytes/sec and 4291.8455 ops/sec)
> 
> Oops - the client claimed success, even though the server replied with
> EPERM.  And the server didn't do a good job of including details on the
> error message.  So there's still some tweaks needed.

The server not sending details is a separate pre-existing issue; in
server.c, we set errp for NBD_CMD_WRITE_ZEROES but not for
NBD_CMD_WRITE.  You can get the server to cough up a message by using 'w
-z 0 1' instead.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v6 0/9] Support the Capstone disassembler

2017-10-19 Thread no-reply

Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20171019155146.30434-1-richard.hender...@linaro.org
Subject: [Qemu-devel] [PATCH v6 0/9] Support the Capstone disassembler

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-build@min-glib
time make docker-test-mingw@fedora
time make docker-test-block@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
bc72e8be6e disas: Add capstone as submodule
5bae85f7b5 disas: Remove monitor_disas_is_physical
c89d4bb549 ppc: Support Capstone in disas_set_info
63c32ad6b9 arm: Support Capstone in disas_set_info
56dbc03c0c i386: Support Capstone in disas_set_info
8fb3c953ae disas: Support the Capstone disassembler library
2d3d41936e disas: Remove unused flags arguments
ef080998bf target/ppc: Convert to disas_set_info hook
aac02badce target/i386: Convert to disas_set_info hook

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-hn_1gmr_/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-hn_1gmr_/src'
  GEN docker-src.2017-10-19-12.56.19.5797/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-hn_1gmr_/src/docker-src.2017-10-19-12.56.19.5797/qemu.tar.vroot'...
done.
Checking out files:  43% (2460/5650)   
Checking out files:  44% (2486/5650)   
Checking out files:  45% (2543/5650)   
Checking out files:  46% (2599/5650)   
Checking out files:  47% (2656/5650)   
Checking out files:  48% (2712/5650)   
Checking out files:  49% (2769/5650)   
Checking out files:  50% (2825/5650)   
Checking out files:  51% (2882/5650)   
Checking out files:  52% (2938/5650)   
Checking out files:  53% (2995/5650)   
Checking out files:  54% (3051/5650)   
Checking out files:  55% (3108/5650)   
Checking out files:  56% (3164/5650)   
Checking out files:  57% (3221/5650)   
Checking out files:  58% (3277/5650)   
Checking out files:  59% (3334/5650)   
Checking out files:  60% (3390/5650)   
Checking out files:  61% (3447/5650)   
Checking out files:  62% (3503/5650)   
Checking out files:  63% (3560/5650)   
Checking out files:  64% (3616/5650)   
Checking out files:  65% (3673/5650)   
Checking out files:  66% (3729/5650)   
Checking out files:  67% (3786/5650)   
Checking out files:  68% (3842/5650)   
Checking out files:  69% (3899/5650)   
Checking out files:  70% (3955/5650)   
Checking out files:  71% (4012/5650)   
Checking out files:  72% (4068/5650)   
Checking out files:  73% (4125/5650)   
Checking out files:  74% (4181/5650)   
Checking out files:  75% (4238/5650)   
Checking out files:  76% (4294/5650)   
Checking out files:  77% (4351/5650)   
Checking out files:  78% (4407/5650)   
Checking out files:  79% (4464/5650)   
Checking out files:  80% (4520/5650)   
Checking out files:  81% (4577/5650)   
Checking out files:  82% (4633/5650)   
Checking out files:  83% (4690/5650)   
Checking out files:  84% (4746/5650)   
Checking out files:  85% (4803/5650)   
Checking out files:  86% (4859/5650)   
Checking out files:  87% (4916/5650)   
Checking out files:  88% (4972/5650)   
Checking out files:  89% (5029/5650)   
Checking out files:  90% (5085/5650)   
Checking out files:  91% (5142/5650)   
Checking out files:  92% (5198/5650)   
Checking out files:  93% (5255/5650)   
Checking out files:  94% (5311/5650)   
Checking out files:  95% (5368/5650)   
Checking out files:  96% (5424/5650)   
Checking out files:  97% (5481/5650)   
Checking out files:  98% (5537/5650)   
Checking out files:  99% (5594/5650)   
Checking out files: 100% (5650/5650)   
Checking out files: 100% (5650/5650), done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-hn_1gmr_/src/docker-src.2017-10-19-12.56.19.5797/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-hn_1gmr_/src/docker-src.2017-10-19-12.56.19.5797/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'56ce5650d2c6ea216b4580df44b9a6dd3bc92c3b'
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
bison-2.4.1-5.el6.x86_64
bzip2-devel-1.0.5-7.el6_0.x86_64
ccache-3.1.6-2.el6.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el6.x86_64
flex-2.5.35-9.el6.x86_64
gcc-4.4.7-18.el6.x86_64

[Qemu-devel] [PATCH] translate-all: exit from tb_phys_invalidate if qht_remove fails

2017-10-19 Thread Emilio G. Cota

Two or more threads might race while invalidating the same TB. We currently
do not check for this at all despite taking tb_lock, which means we would
wrongly invalidate the same TB more than once. This bug has actually been
hit by users: I recently saw a report on IRC, although I have yet to see
the corresponding test case.

Fix this by using qht_remove as the synchronization point; if it fails,
that means the TB has already been invalidated, and therefore there
is nothing left to do in tb_phys_invalidate.

Note that this solution works now that we still have tb_lock, and will
continue working once we remove tb_lock.

Signed-off-by: Emilio G. Cota 

---
This patch applies on top of the "[PATCH v6 00/50] tcg tb_lock removal" series:
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg03612.html
---
 accel/tcg/translate-all.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index ac8dfe6..2fe8b14 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1081,7 +1081,9 @@ void tb_phys_invalidate(TranslationBlock *tb, 
tb_page_addr_t page_addr)
 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
 h = tb_hash_func(phys_pc, tb->pc, tb->flags, tb->cflags & CF_HASH_MASK,
  tb->trace_vcpu_dstate);
-qht_remove(_ctx.htable, tb, h);
+if (!qht_remove(_ctx.htable, tb, h)) {
+return;
+}
 
 /* remove the TB from the page list */
 if (tb->page_addr[0] != page_addr) {
-- 
2.7.4

Re: [Qemu-devel] [PATCH v6 00/50] tcg tb_lock removal

2017-10-19 Thread Emilio G. Cota

On Thu, Oct 19, 2017 at 15:05:17 +0200, Paolo Bonzini wrote:
> On 19/10/2017 00:45, Emilio G. Cota wrote:
> > I have just pushed a branch on top of this series that includes
> > 10 patches that further pave the way for the removal of tb_lock:
> > 
> >   https://github.com/cota/qemu/tree/multi-tcg-v6-plus
> 
> I started reviewing those,

Nice, thanks!

> I have a few questions:
> 
> 1) why is tcg_region_tree separate from tcg_region_state?  Would it make
> sense to prepare a linked list of tcg_region_state structs, and reuse
> the region lock for the region tree?

I think the naming here might be confusing; "tcg_region_state" should be
understood as "tcg_region_global_state". IOW, there is no per-region struct.

That said, the array of per-region trees could be embedded in this global
struct. I was hesitant to do so because then one could think that
region_state.lock and rt.lock are somehow related; they are not.

> 2) in tb_for_each_tagged_safe, could the "prev" argument instead be
> "next", like
> 
> 
> +for (n = (head) & 1,\
> + tb = (TranslationBlock *)((head) & ~1);\
> + tb && ((next = (TranslationBlock *)tb->field[n]), 1);  \
> + n = (uintptr_t)next & 1,   \
> + tb = (TranslationBlock *)((uintptr_t)next & ~1))

Is this just to make them closer to the macros in queue.h?

In this case tracking *prev in the loop (rather than next) is
useful because it makes removing the "current" element very simple:

static inline void tb_page_remove(PageDesc *pd, TranslationBlock *tb)
{
TranslationBlock *tb1;
uintptr_t *prev;
unsigned int n1;

page_for_each_tb_safe(pd, tb1, n1, prev) {
if (tb1 == tb) {
*prev = tb1->page_next[n1];
return;
}
}
g_assert_not_reached();
}

If we wanted to use something similar to QSLIST_REMOVE_AFTER, we'd
have to track three pointers instead of two: prev (tracked by the caller),
current and next (these two as part of the for loop).

> (also please make the iterator macros UPPERCASE)

Will do.

> 3) "translate-all: exit from tb_phys_invalidate if qht_remove fails" may
> be worth posting now?

I'll post it to be included in the next iteration of this series.

Thanks,

Emilio

[Qemu-devel] [PATCH] build: Don't force preserving permissions on config-devices.mak.old

2017-10-19 Thread Aaron Lindsay

I get the following error when building on an NFSv3 filesystem:

% make -j8
  GEN aarch64-softmmu/config-devices.mak.tmp
  GEN config-host.h
[snip]
  GEN qmp-marshal.c
  GEN aarch64-softmmu/config-devices.mak
cp: preserving permissions for ‘aarch64-softmmu/config-devices.mak.old’: 
Operation not supported
make: *** Deleting file `aarch64-softmmu/config-devices.mak'
  GEN qapi-types.c
[snip]
  CC  scsi/qemu-pr-helper.o
make: *** No rule to make target `config-all-devices.mak', needed by 
`subdir-aarch64-softmmu'.  Stop.
make: *** Waiting for unfinished jobs

Ideally you would only build on a filesystem with proper support, but I haven't
been able to find a reason why preserving exact permissions is important in
this case.

Signed-off-by: Aaron Lindsay 
---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 9372742..952b6df 100644
--- a/Makefile
+++ b/Makefile
@@ -287,7 +287,7 @@ endif
$(call quiet-command, if test -f $@; then \
  if cmp -s $@.old $@; then \
mv $@.tmp $@; \
-   cp -p $@ $@.old; \
+   cp $@ $@.old; \
  else \
if test -f $@.old; then \
  echo "WARNING: $@ (user modified) out of date.";\
@@ -299,7 +299,7 @@ endif
  fi; \
 else \
  mv $@.tmp $@; \
- cp -p $@ $@.old; \
+ cp $@ $@.old; \
 fi,"GEN","$@");
 
 defconfig:
-- 
Qualcomm Datacenter Technologies as an affiliate of Qualcomm Technologies, Inc.
Qualcomm Technologies, Inc. is a member of the
Code Aurora Forum, a Linux Foundation Collaborative Project.

Re: [Qemu-devel] [RFC 0/6] enable numa configuration before machine_init() from HMP/QMP

2017-10-19 Thread Eduardo Habkost

On Thu, Oct 19, 2017 at 04:28:59PM +0100, Daniel P. Berrange wrote:
> On Thu, Oct 19, 2017 at 11:21:22AM -0400, Igor Mammedov wrote:
> > - Original Message -
> > > From: "Daniel P. Berrange" 
> > > To: "Igor Mammedov" 
> > > Cc: "peter maydell" , pkre...@redhat.com, 
> > > ehabk...@redhat.com, coh...@redhat.com,
> > > qemu-devel@nongnu.org, arm...@redhat.com, pbonz...@redhat.com, 
> > > da...@gibson.dropbear.id.au
> > > Sent: Wednesday, October 18, 2017 5:30:10 PM
> > > Subject: Re: [Qemu-devel] [RFC 0/6] enable numa configuration before 
> > > machine_init() from HMP/QMP
> > > 
> > > On Tue, Oct 17, 2017 at 06:06:35PM +0200, Igor Mammedov wrote:
> > > > On Tue, 17 Oct 2017 16:07:59 +0100
> > > > "Daniel P. Berrange"  wrote:
> > > > 
> > > > > On Tue, Oct 17, 2017 at 09:27:02AM +0200, Igor Mammedov wrote:
> > > > > > On Mon, 16 Oct 2017 17:36:36 +0100
> > > > > > "Daniel P. Berrange"  wrote:
> > > > > >   
> > > > > > > On Mon, Oct 16, 2017 at 06:22:50PM +0200, Igor Mammedov wrote:
> > > > > > > > Series allows to configure NUMA mapping at runtime using QMP/HMP
> > > > > > > > interface. For that to happen it introduces a new '-paused' CLI
> > > > > > > > option
> > > > > > > > which allows to pause QEMU before machine_init() is run and
> > > > > > > > adds new set-numa-node HMP/QMP commands which in conjuction with
> > > > > > > > info hotpluggable-cpus/query-hotpluggable-cpus allow to 
> > > > > > > > configure
> > > > > > > > NUMA mapping for cpus.
> > > > > > > 
> > > > > > > What's the problem we're seeking solve here compared to what we
> > > > > > > currently
> > > > > > > do for NUMA configuration ?
> > > > > > From RHBZ1382425
> > > > > > "
> > > > > > Current -numa CLI interface is quite limited in terms that allow map
> > > > > > CPUs to NUMA nodes as it requires to provide cpu_index values which
> > > > > > are non obvious and depend on machine/arch. As result libvirt has to
> > > > > > assume/re-implement cpu_index allocation logic to provide valid
> > > > > > values for -numa cpus=... QEMU CLI option.
> > > > > 
> > > > > In broad terms, this problem applies to every device / object libvirt
> > > > > asks QEMU to create. For everything else libvirt is able to assign a
> > > > > "id" string, which is can then use to identify the thing later. The
> > > > > CPU stuff is different because libvirt isn't able to provide 'id'
> > > > > strings for each CPU - QEMU generates a psuedo-id internally which
> > > > > libvirt has to infer. The latter is the same problem we had with
> > > > > devices before '-device' was introduced allowing 'id' naming.
> > > > > 
> > > > > IMHO we should take the same approach with CPUs and start modelling
> > > > > the individual CPUs as something we can explicitly create with -object
> > > > > or -device. That way libvirt can assign names and does not have to
> > > > > care about CPU index values, and it all works just the same way as
> > > > > any other devices / object we create
> > > > > 
> > > > > ie instead of:
> > > > > 
> > > > >   -smp 8,sockets=4,cores=2,threads=1
> > > > >   -numa node,nodeid=0,cpus=0-3
> > > > >   -numa node,nodeid=1,cpus=4-7
> > > > > 
> > > > > we could do:
> > > > > 
> > > > >   -object numa-node,id=numa0
> > > > >   -object numa-node,id=numa1
> > > > >   -object cpu,id=cpu0,node=numa0,socket=0,core=0,thread=0
> > > > >   -object cpu,id=cpu1,node=numa0,socket=0,core=1,thread=0
> > > > >   -object cpu,id=cpu2,node=numa0,socket=1,core=0,thread=0
> > > > >   -object cpu,id=cpu3,node=numa0,socket=1,core=1,thread=0
> > > > >   -object cpu,id=cpu4,node=numa1,socket=2,core=0,thread=0
> > > > >   -object cpu,id=cpu5,node=numa1,socket=2,core=1,thread=0
> > > > >   -object cpu,id=cpu6,node=numa1,socket=3,core=0,thread=0
> > > > >   -object cpu,id=cpu7,node=numa1,socket=3,core=1,thread=0
> > > > the follow up question would be where do "socket=3,core=1,thread=0"
> > > > come from, currently these options are the function of
> > > > (-M foo -smp ...) and can be queried vi query-hotpluggble-cpus at
> > > > runtime after qemu parses -M and -smp options.
> > > 
> > > NB, I realize my example was open to mis-interpretation. The values I'm
> > > illustrating here for socket=3,core=1,thread=0 and *not* ID values, they
> > > are a plain enumeration of values. ie this is saying the 4th socket, the
> > > 2nd core and the 1st thread.  Internally QEMU might have the 2nd core
> > > with a core-id of 8, or 7038 or whatever architecture specific numbering
> > > scheme makes sense, but that's not what the mgmt app gives at the CLI
> > > level
> > Even though fixed properties/values simplicity is tempting and it might even
> > work for what we have implemented in qemu currently (well, SPAPR will need
> > refactoring (if possible) to meet requirements + compat stuff for current
> > machines with sparse IDs).
> > But I have to disagree here and try to

Re: [Qemu-devel] [PATCH v4 RFC 9/8] nbd: Minimal structured read for client

2017-10-19 Thread Eric Blake

On 10/17/2017 07:57 AM, Vladimir Sementsov-Ogievskiy wrote:
> Minimal implementation: for structured error only error_report error
> message.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
> 

> +static int nbd_co_request(BlockDriverState *bs, NBDRequest *request,
> +  QEMUIOVector *write_qiov)
>  {

> -return nbd_co_receive_reply(client, request->handle,
> -request->type == NBD_CMD_READ ? qiov : NULL);
> +ret = nbd_co_receive_return_code(client, request->handle, _err);
> +if (ret < 0) {
> +error_report_err(local_err);
> +}

I think this new error_report_err() is a regression in behavior.
Running the old server:

$ qemu-nbd -x foo -f qcow2 --trace='nbd_*' file -r

and an old client:

$ qemu-io -f raw nbd://localhost:10809/foo
qemu-io> w 0 0
write failed: Operation not permitted
qemu-io> q

but with the new client (once I fix the bug about being able to ignore
the NBD_REP_ERR_UNSUP with non-zero length in the earlier patch):

$ ./qemu-io -f raw nbd://localhost:10809/foo
qemu-io> w 0 0
Request failed: Operation not permitted
write failed: Operation not permitted
qemu-io>

and worse, new server with new client:

$ ./qemu-io -f raw nbd://localhost:10809/foo
qemu-io> w 0 0
: Operation not permitted
write failed: Operation not permitted
qemu-io>

we don't even manage to post a sane message.

Reporting fatal errors where we lose connection with the server (or
forcefully give up on the server because it violated protocol) may be
okay, but reporting common errors where the server reported a problem
but we are still connected is too verbose.

I know I asked about errp plumbing on v3, but now I'm thinking that it
was a premature request; we either plumb in errp handling without any
new features, or we do the new features in isolation and only later see
if adding errp plumbing makes sense.  Yes, that means undoing some of
the changes you made between v3 and v4, so sorry for the churn it has
caused.

I hope to post a v5 soon with the tweaks I've made after playing with
this version.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3 42/46] util: Replace fprintf(stderr, "*\n" with error_report()

2017-10-19 Thread Stefan Weil

Am 19.10.2017 um 19:53 schrieb Thomas Huth:
> On 19.10.2017 18:18, Alistair Francis wrote:
>> Replace a large number of the fprintf(stderr, "*\n" calls with
>> error_report(). The functions were renamed with these commands and then
>> compiler issues where manually fixed.
> [...]
>> diff --git a/util/aio-posix.c b/util/aio-posix.c
>> index 5946ac09f0..29fff51fcf 100644
>> --- a/util/aio-posix.c
>> +++ b/util/aio-posix.c
>> @@ -15,6 +15,7 @@
>>  
>>  #include "qemu/osdep.h"
>>  #include "qemu-common.h"
>> +#include "qemu/error-report.h"
>>  #include "block/block.h"
>>  #include "qemu/rcu_queue.h"
>>  #include "qemu/sockets.h"
>> @@ -703,8 +704,8 @@ void aio_context_setup(AioContext *ctx)
>>  {
>>  /* TODO remove this in final patch submission */
>>  if (getenv("QEMU_AIO_POLL_MAX_NS")) {
>> -fprintf(stderr, "The QEMU_AIO_POLL_MAX_NS environment variable has "
>> -"been replaced with -object iothread,poll-max-ns=NUM\n");
>> +error_report("The QEMU_AIO_POLL_MAX_NS environment variable has "
>> +"been replaced with -object iothread,poll-max-ns=NUM");
>>  exit(1);
>>  }
> 
> The comment in front of this code block indicates that this should
> rather be removed completely. Stefan, do you agree?


I assume you asked the other Stefan, but I think he'll agree as I do,
because it is obvious that such random debug code does not belong
into the QEMU code base.

Stefan

Re: [Qemu-devel] [PATCH v2] arm: Adding makefile for Kinetis K64 MK64FN1M0

2017-10-19 Thread no-reply

Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 1508417485-31911-1-git-send-email-gabriel291...@gmail.com
Subject: [Qemu-devel] [PATCH v2] arm: Adding makefile for Kinetis K64 MK64FN1M0

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-build@min-glib
time make docker-test-mingw@fedora
time make docker-test-block@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/1508436175-1596-1-git-send-email-stef...@linux.vnet.ibm.com -> 
patchew/1508436175-1596-1-git-send-email-stef...@linux.vnet.ibm.com
Switched to a new branch 'test'
ed890a8734 arm: Adding makefile for Kinetis K64 MK64FN1M0

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-987caw26/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-987caw26/src'
  GEN docker-src.2017-10-19-14.52.32.23020/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-987caw26/src/docker-src.2017-10-19-14.52.32.23020/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-987caw26/src/docker-src.2017-10-19-14.52.32.23020/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-987caw26/src/docker-src.2017-10-19-14.52.32.23020/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'56ce5650d2c6ea216b4580df44b9a6dd3bc92c3b'
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
bison-2.4.1-5.el6.x86_64
bzip2-devel-1.0.5-7.el6_0.x86_64
ccache-3.1.6-2.el6.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el6.x86_64
flex-2.5.35-9.el6.x86_64
gcc-4.4.7-18.el6.x86_64
gettext-0.17-18.el6.x86_64
git-1.7.1-9.el6_9.x86_64
glib2-devel-2.28.8-9.el6.x86_64
libepoxy-devel-1.2-3.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
librdmacm-devel-1.0.21-0.el6.x86_64
lzo-devel-2.03-3.1.el6_5.1.x86_64
make-3.81-23.el6.x86_64
mesa-libEGL-devel-11.0.7-4.el6.x86_64
mesa-libgbm-devel-11.0.7-4.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
spice-glib-devel-0.26-8.el6.x86_64
spice-server-devel-0.12.4-16.el6.x86_64
tar-1.23-15.el6_8.x86_64
vte-devel-0.25.1-9.el6.x86_64
xen-devel-4.6.6-2.el6.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=bison bzip2-devel ccache csnappy-devel flex g++
 gcc gettext git glib2-devel libepoxy-devel libfdt-devel
 librdmacm-devel lzo-devel make mesa-libEGL-devel 
mesa-libgbm-devel pixman-devel SDL-devel spice-glib-devel 
spice-server-devel tar vte-devel xen-devel zlib-devel
HOSTNAME=a2f76a8a0b9a
TERM=xterm
MAKEFLAGS= -j8
J=8
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
PATH=/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
FEATURES= dtc
DEBUG=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/install
BIOS directory/tmp/qemu-test/install/share/qemu
firmware path /tmp/qemu-test/install/share/qemu-firmware
binary directory  /tmp/qemu-test/install/bin
library directory /tmp/qemu-test/install/lib
module directory  /tmp/qemu-test/install/lib/qemu
libexec directory /tmp/qemu-test/install/libexec
include directory /tmp/qemu-test/install/include
config directory  /tmp/qemu-test/install/etc
local state directory   /tmp/qemu-test/install/var
Manual directory  /tmp/qemu-test/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
GIT submodules
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g 
QEMU_CFLAGS   -I/usr/include/pixman-1   -I$(SRC_PATH)/dtc/libfdt -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -DNCURSES_WIDECHAR   
-fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 
-D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef 
-Wwrite-strings

Re: [Qemu-devel] [PATCH v4 6/8] nbd/client: refactor nbd_receive_starttls

2017-10-19 Thread Eric Blake

On 10/14/2017 08:01 PM, Eric Blake wrote:
> From: Vladimir Sementsov-Ogievskiy 
> 
> Split out nbd_request_simple_option to be reused for structured reply
> option.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> Signed-off-by: Eric Blake 
> 

> +static int nbd_request_simple_option(QIOChannel *ioc, int opt, Error **errp)
> +{
> +nbd_opt_reply reply;
> +
> +if (nbd_send_option_request(ioc, opt, 0, NULL, errp) < 0) {
> +return -1;
> +}
> +
> +if (nbd_receive_option_reply(ioc, opt, , errp) < 0) {
> +return -1;
> +}
> +
> +if (reply.length != 0) {
> +error_setg(errp, "Option %d ('%s') response length is %" PRIu32
> +   " (it should be zero)", opt, nbd_opt_lookup(opt),
> +   reply.length);
> +nbd_send_opt_abort(ioc);
> +return -1;
> +}
> +
> +if (reply.type == NBD_REP_ERR_UNSUP) {
> +return 0;
> +}

Oops, these two conditions are swapped.  A non-zero reply length is
perfectly acceptable if the server is sending NBD_REP_ERR_UNSUP with an
error message (as is the case with old qemu server, new qemu client).
We can only enforce non-zero length...

> +
> +if (reply.type != NBD_REP_ACK) {
> +error_setg(errp, "Server rejected request for option %d (%s) "
> +   "with reply %" PRIx32 " (%s)", opt, nbd_opt_lookup(opt),
> +   reply.type, nbd_rep_lookup(reply.type));
> +nbd_send_opt_abort(ioc);
> +return -1;
> +}
> +

...here, after we know we got an ACK.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2] arm: Adding makefile for Kinetis K64 MK64FN1M0

2017-10-19 Thread no-reply

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1508417485-31911-1-git-send-email-gabriel291...@gmail.com
Subject: [Qemu-devel] [PATCH v2] arm: Adding makefile for Kinetis K64 MK64FN1M0

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
ed890a8734 arm: Adding makefile for Kinetis K64 MK64FN1M0

=== OUTPUT BEGIN ===
Checking PATCH 1/1: arm: Adding makefile for Kinetis K64 MK64FN1M0...
ERROR: do not set execute permissions for source files
#25: FILE: hw/arm/Makefile.objs

ERROR: trailing whitespace
#36: FILE: hw/arm/Makefile.objs:26:
+^I$

total: 2 errors, 0 warnings, 7 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH v1] arm: Adding new arm machine, Kinetis K64 MK64FN1M0

2017-10-19 Thread no-reply

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1508417443-31849-1-git-send-email-gabriel291...@gmail.com
Subject: [Qemu-devel] [PATCH v1] arm: Adding new arm machine, Kinetis K64 
MK64FN1M0

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   patchew/20171019191606.14129-1-laur...@vivier.eu -> 
patchew/20171019191606.14129-1-laur...@vivier.eu
Switched to a new branch 'test'
3ac7610368 arm: Adding new arm machine, Kinetis K64 MK64FN1M0

=== OUTPUT BEGIN ===
Checking PATCH 1/1: arm: Adding new arm machine, Kinetis K64 MK64FN1M0...
ERROR: do not set execute permissions for source files
#24: FILE: hw/arm/kinetis/k64/mk64fn1m0.c

ERROR: spaces required around that '*' (ctx:VxV)
#62: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:34:
+#define FLASH_SIZE  1024*1024
 ^

ERROR: Macros with complex values should be enclosed in parenthesis
#62: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:34:
+#define FLASH_SIZE  1024*1024

ERROR: spaces required around that '*' (ctx:VxV)
#64: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:36:
+#define SRAM_SIZE   192*1024
^

ERROR: Macros with complex values should be enclosed in parenthesis
#64: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:36:
+#define SRAM_SIZE   192*1024

ERROR: trailing whitespace
#97: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:69:
+$

ERROR: trailing whitespace
#104: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:76:
+$

ERROR: trailing whitespace
#122: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:94:
+$

ERROR: do not use C99 // comments
#136: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:108:
+//sysbus_create_simple(TYPE_KINETIS_K64_UART, 0x4006A000,

ERROR: do not use C99 // comments
#137: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:109:
+//qdev_get_gpio_in(nvic, 31)); /*UART0*/

ERROR: trailing whitespace
#139: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:111:
+serial_hds[0]);$

ERROR: trailing whitespace
#158: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:130:
+   $

ERROR: adding a line without newline at end of file
#198: FILE: hw/arm/kinetis/k64/mk64fn1m0.c:170:
+type_init(mk64fn1m0_machine_init)

ERROR: do not set execute permissions for source files
#201: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c

ERROR: trailing whitespace
#216: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:11:
+ $

ERROR: trailing whitespace
#233: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:28:
+#include "hw/arm/kinetis/k64/peripheral/flextimer.h" $

ERROR: do not use C99 // comments
#242: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:37:
+//VMSTATE_UINT32(CONTROLS[0], kinetis_k64_flextimer_state),

ERROR: trailing whitespace
#270: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:65:
+$

ERROR: do not use C99 // comments
#277: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:72:
+//kinetis_k64_flextimer_state *s = (kinetis_k64_flextimer_state *)opaque;

ERROR: trailing whitespace
#278: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:73:
+^I$

ERROR: code indent should never use tabs
#278: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:73:
+^I$

ERROR: trailing whitespace
#282: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:77:
+$

ERROR: switch and case should be at the same indent
#283: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:78:
+switch (offset) {
+default:

ERROR: do not use C99 // comments
#294: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:89:
+//kinetis_k64_flextimer_state *s = (kinetis_k64_flextimer_state *)opaque;

ERROR: switch and case should be at the same indent
#296: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:91:
+switch (offset) {
+default:

ERROR: trailing whitespace
#315: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:110:
+$

ERROR: trailing whitespace
#328: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:123:
+dc->desc = "Kinetis K64 series FlexTimer";  $

ERROR: adding a line without newline at end of file
#344: FILE: hw/arm/kinetis/k64/peripheral/flextimer.c:139:
+type_init(kinetis_k64_flextimer_register_types)

ERROR: do not set execute permissions for source files
#347: FILE: hw/arm/kinetis/k64/peripheral/mcg.c

ERROR: trailing whitespace
#362: FILE: hw/arm/kinetis/k64/peripheral/mcg.c:11:
+ $

ERROR: trailing whitespace
#405: FILE:

[Qemu-devel] [PATCH] configure: disable qemu-keymap for linux-user qemu

2017-10-19 Thread Laurent Vivier

We don't need qemu-keymap when we build only linux-user qemu.

When we compile in static mode, the libxkbcommon is detected
by configure if the shared one is available, but cannot
be linked if the static version is not available.

As we don't need it for qemu-linux-user, and we generally need
a static link to use it in a chroot, disable qemu-keymap in
this case.

Signed-off-by: Laurent Vivier 
---
 configure | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 6f21aaf989..03547cea6a 100755
--- a/configure
+++ b/configure
@@ -5136,9 +5136,9 @@ if test "$softmmu" = yes ; then
 fi
 mpath=no
   fi
-fi
-if test "$xkbcommon" = "yes"; then
-  tools="qemu-keymap\$(EXESUF) $tools"
+  if test "$xkbcommon" = "yes"; then
+tools="qemu-keymap\$(EXESUF) $tools"
+  fi
 fi
 
 # Probe for guest agent support/options
-- 
2.13.6

[Qemu-devel] [Bug 1719196] Re: [arm64 ocata] newly created instances are unable to raise network interfaces

2017-10-19 Thread Andrew McLeod

I've tested with the packages from the ppa:

https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2995


qemu:
  Installed: 1:2.8+dfsg-3ubuntu2.7~ppa5cloud
qemu-system-arm:
  Installed: 1:2.8+dfsg-3ubuntu2.7~ppa5cloud
qemu-system-aarch64:
  Installed: 1:2.8+dfsg-3ubuntu2.7~ppa5cloud


Rebooted the instance and it aquired an IP address and booted. 


more info, virsh dumpxml excerpt:


  
  
  
  
  
  

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1719196

Title:
  [arm64 ocata] newly created instances are unable to raise network
  interfaces

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Triaged
Status in libvirt:
  New
Status in QEMU:
  Fix Released
Status in libvirt package in Ubuntu:
  Invalid
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Zesty:
  Incomplete

Bug description:
  arm64 Ocata ,

  I'm testing to see I can get Ocata running on arm64 and using the
  openstack-base bundle to deploy it.  I have added the bundle to the
  log file attached to this bug.

  When I create a new instance via nova, the VM comes up and runs,
  however fails to raise its eth0 interface. This occurs on both
  internal and external networks.

  ubuntu@openstackaw:~$ nova list
  
+--+-+++-++
  | ID   | Name| Status | Task State | 
Power State | Networks   |
  
+--+-+++-++
  | dcaf6d51-f81e-4cbd-ac77-0c5d21bde57c | sfeole1 | ACTIVE | -  | 
Running | internal=10.5.5.3  |
  | aa0b8aee-5650-41f4-8fa0-aeccdc763425 | sfeole2 | ACTIVE | -  | 
Running | internal=10.5.5.13 |
  
+--+-+++-++
  ubuntu@openstackaw:~$ nova show aa0b8aee-5650-41f4-8fa0-aeccdc763425
  
+--+--+
  | Property | Value
|
  
+--+--+
  | OS-DCF:diskConfig| MANUAL   
|
  | OS-EXT-AZ:availability_zone  | nova 
|
  | OS-EXT-SRV-ATTR:host | awrep3   
|
  | OS-EXT-SRV-ATTR:hypervisor_hostname  | awrep3.maas  
|
  | OS-EXT-SRV-ATTR:instance_name| instance-0003
|
  | OS-EXT-STS:power_state   | 1
|
  | OS-EXT-STS:task_state| -
|
  | OS-EXT-STS:vm_state  | active   
|
  | OS-SRV-USG:launched_at   | 2017-09-24T14:23:08.00   
|
  | OS-SRV-USG:terminated_at | -
|
  | accessIPv4   |  
|
  | accessIPv6   |  
|
  | config_drive |  
|
  | created  | 2017-09-24T14:22:41Z 
|
  | flavor   | m1.small 
(717660ae-0440-4b19-a762-ffeb32a0575c)  |
  | hostId   | 
5612a00671c47255d2ebd6737a64ec9bd3a5866d1233ecf3e988b025 |
  | id   | aa0b8aee-5650-41f4-8fa0-aeccdc763425 
|
  | image| zestynosplash 
(e88fd1bd-f040-44d8-9e7c-c462ccf4b945) |
  | internal network | 10.5.5.13
|
  | key_name | mykey
|
  | metadata | {}   
|
  | name | sfeole2  
|
  | os-extended-volumes:volumes_attached | []   
|
  | progress | 0
|
  | security_groups  | default

[Qemu-devel] [Bug 1719196] Re: [arm64 ocata] newly created instances are unable to raise network interfaces

2017-10-19 Thread Sean Feole

will test these and report back shortly.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1719196

Title:
  [arm64 ocata] newly created instances are unable to raise network
  interfaces

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Triaged
Status in libvirt:
  New
Status in QEMU:
  Fix Released
Status in libvirt package in Ubuntu:
  Invalid
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Zesty:
  Incomplete

Bug description:
  arm64 Ocata ,

  I'm testing to see I can get Ocata running on arm64 and using the
  openstack-base bundle to deploy it.  I have added the bundle to the
  log file attached to this bug.

  When I create a new instance via nova, the VM comes up and runs,
  however fails to raise its eth0 interface. This occurs on both
  internal and external networks.

  ubuntu@openstackaw:~$ nova list
  
+--+-+++-++
  | ID   | Name| Status | Task State | 
Power State | Networks   |
  
+--+-+++-++
  | dcaf6d51-f81e-4cbd-ac77-0c5d21bde57c | sfeole1 | ACTIVE | -  | 
Running | internal=10.5.5.3  |
  | aa0b8aee-5650-41f4-8fa0-aeccdc763425 | sfeole2 | ACTIVE | -  | 
Running | internal=10.5.5.13 |
  
+--+-+++-++
  ubuntu@openstackaw:~$ nova show aa0b8aee-5650-41f4-8fa0-aeccdc763425
  
+--+--+
  | Property | Value
|
  
+--+--+
  | OS-DCF:diskConfig| MANUAL   
|
  | OS-EXT-AZ:availability_zone  | nova 
|
  | OS-EXT-SRV-ATTR:host | awrep3   
|
  | OS-EXT-SRV-ATTR:hypervisor_hostname  | awrep3.maas  
|
  | OS-EXT-SRV-ATTR:instance_name| instance-0003
|
  | OS-EXT-STS:power_state   | 1
|
  | OS-EXT-STS:task_state| -
|
  | OS-EXT-STS:vm_state  | active   
|
  | OS-SRV-USG:launched_at   | 2017-09-24T14:23:08.00   
|
  | OS-SRV-USG:terminated_at | -
|
  | accessIPv4   |  
|
  | accessIPv6   |  
|
  | config_drive |  
|
  | created  | 2017-09-24T14:22:41Z 
|
  | flavor   | m1.small 
(717660ae-0440-4b19-a762-ffeb32a0575c)  |
  | hostId   | 
5612a00671c47255d2ebd6737a64ec9bd3a5866d1233ecf3e988b025 |
  | id   | aa0b8aee-5650-41f4-8fa0-aeccdc763425 
|
  | image| zestynosplash 
(e88fd1bd-f040-44d8-9e7c-c462ccf4b945) |
  | internal network | 10.5.5.13
|
  | key_name | mykey
|
  | metadata | {}   
|
  | name | sfeole2  
|
  | os-extended-volumes:volumes_attached | []   
|
  | progress | 0
|
  | security_groups  | default  
|
  | status   | ACTIVE   
|
  | tenant_id| 9f7a21c1ad264fec81abc09f3960ad1d 
|
  | updated  | 2017-09-24T14:23:09Z 
|
  | user_id  |

Re: [Qemu-devel] [PATCH v3 0/3] qdev/vfio: defer DEVICE_DEL to avoid races with libvirt

2017-10-19 Thread no-reply

Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20171016222315.407-1-mdr...@linux.vnet.ibm.com
Subject: [Qemu-devel] [PATCH v3 0/3] qdev/vfio: defer DEVICE_DEL to avoid races 
with libvirt

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-build@min-glib
time make docker-test-mingw@fedora
time make docker-test-block@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
3776b53c15 qdev: defer DEVICE_DEL event until instance_finalize()
ca46dc40b8 Revert "qdev: Free QemuOpts when the QOM path goes away"
237b4de321 qdev: store DeviceState's canonical path to use when unparenting

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-ggq74g9k/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-ggq74g9k/src'
  GEN docker-src.2017-10-16-19.15.38.26196/qemu.tar
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
bison-2.4.1-5.el6.x86_64
bzip2-devel-1.0.5-7.el6_0.x86_64
ccache-3.1.6-2.el6.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el6.x86_64
flex-2.5.35-9.el6.x86_64
gcc-4.4.7-18.el6.x86_64
gettext-0.17-18.el6.x86_64
git-1.7.1-9.el6_9.x86_64
glib2-devel-2.28.8-9.el6.x86_64
libepoxy-devel-1.2-3.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
librdmacm-devel-1.0.21-0.el6.x86_64
lzo-devel-2.03-3.1.el6_5.1.x86_64
make-3.81-23.el6.x86_64
mesa-libEGL-devel-11.0.7-4.el6.x86_64
mesa-libgbm-devel-11.0.7-4.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
spice-glib-devel-0.26-8.el6.x86_64
spice-server-devel-0.12.4-16.el6.x86_64
tar-1.23-15.el6_8.x86_64
vte-devel-0.25.1-9.el6.x86_64
xen-devel-4.6.6-2.el6.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=bison bzip2-devel ccache csnappy-devel flex g++
 gcc gettext git glib2-devel libepoxy-devel libfdt-devel
 librdmacm-devel lzo-devel make mesa-libEGL-devel 
mesa-libgbm-devel pixman-devel SDL-devel spice-glib-devel 
spice-server-devel tar vte-devel xen-devel zlib-devel
HOSTNAME=1b294ec98373
TERM=xterm
MAKEFLAGS= -j8
J=8
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
PATH=/usr/lib/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
FEATURES= dtc
DEBUG=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/install
BIOS directory/tmp/qemu-test/install/share/qemu
firmware path /tmp/qemu-test/install/share/qemu-firmware
binary directory  /tmp/qemu-test/install/bin
library directory /tmp/qemu-test/install/lib
module directory  /tmp/qemu-test/install/lib/qemu
libexec directory /tmp/qemu-test/install/libexec
include directory /tmp/qemu-test/install/include
config directory  /tmp/qemu-test/install/etc
local state directory   /tmp/qemu-test/install/var
Manual directory  /tmp/qemu-test/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g 
QEMU_CFLAGS   -I/usr/include/pixman-1   -I$(SRC_PATH)/dtc/libfdt -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -DNCURSES_WIDECHAR   
-fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 
-D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef 
-Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv  
-Wendif-labels -Wno-missing-include-dirs -Wempty-body -Wnested-externs 
-Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers 
-Wold-style-declaration -Wold-style-definition -Wtype-limits 
-fstack-protector-all  -I/usr/include/libpng12   -I/usr/include/libdrm 
-I/usr/include/spice-server -I/usr/include/cacard -I/usr/include/glib-2.0 
-I/usr/lib64/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/nss3 
-I/usr/include/nspr4 -I/usr/include/spice-1  
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
gprof

Re: [Qemu-devel] [PULL] Update OpenBIOS images

2017-10-19 Thread Mark Cave-Ayland

On 19/10/17 19:18, Peter Maydell wrote:

> On 19 October 2017 at 08:10, Mark Cave-Ayland
>  wrote:
>> Hi Peter,
>>
>> Here are the latest set of updates for OpenBIOS which should be pulled after 
>> the sun4u
>> patches have been applied due to breaking changes in the sun4u machine.
>>
>>
>> ATB,
>>
>> Mark.
>>
>>
>> The following changes since commit 861cd431c99e56ddb5953ca1da164a9c32b477ca:
>>
>>   Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171017' 
>> into staging (2017-10-17 15:26:51 +0100)
>>
>> are available in the git repository at:
>>
>>
>>   https://github.com/mcayland/qemu.git tags/qemu-openbios-signed
>>
>> for you to fetch changes up to 08e2c1854d8bc32b3b6fcefbead0ea808c44cbc8:
>>
>>   Update OpenBIOS images to 83818bd built from submodule. (2017-10-19 
>> 08:04:15 +0100)
>>
>> 
>> Update OpenBIOS images
>>
>> 
>> Mark Cave-Ayland (1):
>>   Update OpenBIOS images to 83818bd built from submodule.
>>
>>  pc-bios/openbios-ppc |  Bin 754936 -> 754936 bytes
>>  pc-bios/openbios-sparc32 |  Bin 382048 -> 382048 bytes
>>  pc-bios/openbios-sparc64 |  Bin 1593408 -> 1593408 bytes
>>  roms/openbios|2 +-
> 
> This fails to merge, because your other pullreq also
> updated pc-bios/openbios-sparc64 and git can't automatically
> resolve merge conflicts between binary files.
> 
> If you tell me which version of the binary to prefer I can
> fix it up by hand in the merge commit I guess.

Ah yes indeed, I didn't realise until I tried just now that it wouldn't
work.

I've gone for the assumption that the patches would be applied on a
first come, first served basis so the binaries for the OpenBIOS commit
should completely replace the openbios-sparc64 from the sun4u commit.

If you check the signed tag again, I've rebased the commit and re-pushed
to github again so you should now hopefully be able to apply without any
issues.


ATB,

Mark.

Re: [Qemu-devel] [PATCH v3 0/7] migration: pause-before-switchover

2017-10-19 Thread Dr. David Alan Gilbert

* Jiri Denemark (jdene...@redhat.com) wrote:
> The libvirt changes which will make use of this new migration capability
> can be found in migration-pause branch of my gitlab repository:
> 
> git fetch https://gitlab.com/jirkade/libvirt.git migration-pause
> 
> It's not properly split into patches, it has no commit message etc.,
> but the functionality should be complete.
> 
> Feel free to test it and report any issues.

Looks promising:

virsh migrate --live --copy-storage-all --verbose

2017-10-19 17:52:38.665+: 31999: debug : 
qemuMonitorSetMigrationCapability:3948 : capability=pause-before-switchover, 
state=1
2017-10-19 17:52:38.666+: 31999: debug : virJSONValueToString:1914 : 
result={"execute":"migrate-set-capabilities","arguments":{"capabilities":[{"capability":"pause-before-switchover","state":true}]},"id":"libvirt-1861"}
2017-10-19 17:52:38.693+: 31999: debug : qemuMonitorJSONCommandWithFd:298 : 
Send command 
'{"execute":"migrate","arguments":{"detach":true,"blk":false,"inc":false,"uri":"fd:migrate"},"id":"libvirt-1865"}'
 for write with FD -1
2017-10-19 17:52:38.695+: 31998: debug : qemuMonitorJSONIOProcessLine:193 : 
Line [{"timestamp": {"seconds": 1508435558, "microseconds": 695732}, "event": 
"MIGRATION", "data": {"status": "setup"}}]
2017-10-19 17:52:38.743+: 31998: debug : qemuMonitorJSONIOProcessLine:193 : 
Line [{"timestamp": {"seconds": 1508435558, "microseconds": 743564}, "event": 
"MIGRATION_PASS", "data": {"pass": 1}}]
2017-10-19 17:52:38.744+: 31998: debug : qemuMonitorJSONIOProcessLine:193 : 
Line [{"timestamp": {"seconds": 1508435558, "microseconds": 743724}, "event": 
"MIGRATION", "data": {"status": "active"}}]
2017-10-19 17:52:43.193+: 31998: debug : qemuMonitorJSONIOProcessLine:193 : 
Line [{"timestamp": {"seconds": 1508435563, "microseconds": 192728}, "event": 
"MIGRATION_PASS", "data": {"pass": 2}}]
2017-10-19 17:52:43.389+: 31998: debug : qemuMonitorJSONIOProcessLine:193 : 
Line [{"timestamp": {"seconds": 1508435563, "microseconds": 388947}, "event": 
"STOP"}]
2017-10-19 17:52:43.862+: 31998: debug : qemuMonitorJSONIOProcessLine:193 : 
Line [{"timestamp": {"seconds": 1508435563, "microseconds": 862428}, "event": 
"MIGRATION", "data": {"status": "pre-switchover"}}]
2017-10-19 17:52:43.863+: 31999: debug : qemuMigrationDriveMirrorReady:634 
: All disk mirrors are ready
2017-10-19 17:52:43.863+: 31999: debug : qemuMigrationCompleted:1534 : 
Migration paused before switchover
2017-10-19 17:52:43.865+: 31998: debug : qemuMonitorJSONIOProcessLine:193 : 
Line [{"return": {"expected-downtime": 300, "status": "pre-switchover", 
"setup-time": 47, "total-time": 5169, "ram": {"total": 4430053376, 
"postcopy-requests": 0, "dirty-sync-count": 2, "page-size": 4096, "remaining": 
7204864, "mbps": 941.43529, "transferred": 450864646, "duplicate": 973832, 
"dirty-pages-rate": 243277, "skipped": 0, "normal-bytes": 441237504, "normal": 
107724}}, "id": "libvirt-1876"}]
2017-10-19 17:52:43.866+: 31999: debug : qemuMigrationCancelDriveMirror:803 
: Cancelling drive mirrors for domain debianlocalqemu
2017-10-19 17:52:43.866+: 31999: debug : qemuMonitorJSONCommandWithFd:298 : 
Send command 
'{"execute":"block-job-cancel","arguments":{"device":"drive-virtio-disk0"},"id":"libvirt-1877"}'
 for write with FD -1
2017-10-19 17:52:43.868+: 31999: debug : 
qemuMigrationDriveMirrorCancelled:715 : Waiting for 1 disk mirrors to finish
2017-10-19 17:52:43.872+: 31998: info : qemuMonitorIOProcess:439 : 
QEMU_MONITOR_IO_PROCESS: mon=0x7f4544008840 buf={"timestamp": {"seconds": 
1508435563, "microseconds": 871816}, "event": "BLOCK_JOB_COMPLETED", "data": 
{"device": "drive-virtio-disk0", "len": 58430259200, "offset": 58430259200, 
"speed": 9223372036853727232, "type": "mirror"}}^M
2017-10-19 17:52:43.873+: 31998: debug : qemuProcessHandleBlockJob:1014 : 
Block job for device drive-virtio-disk0 (domain: 
0x7f45440254c0,debianlocalqemu) type 2 status 0
2017-10-19 17:52:43.873+: 31999: debug : qemuBlockJobEventProcess:106 : 
disk=vda, mirrorState=yes, type=2, status=0
2017-10-19 17:52:43.916+: 31999: debug : qemuMonitorJSONCommandWithFd:298 : 
Send command 
'{"execute":"migrate-continue","arguments":{"state":"pre-switchover"},"id":"libvirt-1880"}'
 for write with FD -1
2017-10-19 17:52:43.918+: 31998: debug : qemuMonitorJSONIOProcessLine:193 : 
Line [{"timestamp": {"seconds": 1508435563, "microseconds": 917872}, "event": 
"MIGRATION", "data": {"status": "device"}}]
2017-10-19 17:52:43.921+: 31998: debug : qemuMonitorJSONIOProcessLine:193 : 
Line [{"timestamp": {"seconds": 1508435563, "microseconds": 921194}, "event": 
"MIGRATION_PASS", "data": {"pass": 3}}]
2017-10-19 17:52:43.991+: 31998: info : qemuMonitorIOProcess:439 : 
QEMU_MONITOR_IO_PROCESS: mon=0x7f4544008840 buf={"timestamp": {"seconds": 
1508435563, "microseconds": 991528}, "event": "MIGRATION", "data": {"status": 
"completed"}}^M

So I think libvirt is doing the

Re: [Qemu-devel] [PATCH v4 RFC 9/8] nbd: Minimal structured read for client

2017-10-19 Thread Eric Blake

On 10/17/2017 07:57 AM, Vladimir Sementsov-Ogievskiy wrote:
> Minimal implementation: for structured error only error_report error
> message.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---

and I replied:
> 
> But in the client, I then perform 'w 0 0' (a zero-byte write, which
> should fail because the server is read-only).  I see:
> 
> C: 19481@1508268433.381446:nbd_send_request Sending request to server: {
> .from = 0, .len = 0, .handle = 93997172956880, .flags = 0x1, .type = 1
> (write) }
> S: 19479@1508268433.381516:nbd_receive_request Got request: { magic =
> 0x25609513, .flags = 0x1, .type = 0x1, from = 0, len = 0 }
> S: 19479@1508268433.381527:nbd_co_receive_request_decode_type Decoding
> type: handle = 93997172956880, type = 1 (write)
> S: 19479@1508268433.381540:nbd_co_receive_request_payload_received
> Payload received: handle = 93997172956880, len = 0
> S: 19479@1508268433.381564:nbd_co_send_structured_error Send structured
> error reply: handle = 93997172956880, error = 1 (EPERM), msg = ''
> C: 19481@1508268433.381622:nbd_receive_structured_reply_chunk Got
> structured reply chunk: { flags = 0x1, type = 32769, handle =
> 93997172956880, length = 6 }
> C: wrote 0/0 bytes at offset 0
> C: 0 bytes, 1 ops; 0.0002 sec (0 bytes/sec and 4291.8455 ops/sec)
> 
> Oops - the client claimed success, even though the server replied with
> EPERM.  And the server didn't do a good job of including details on the
> error message.  So there's still some tweaks needed.

Okay, I found that issue:

> +static int nbd_parse_error_payload(NBDStructuredReplyChunk *chunk,
> +   uint8_t *payload, int *request_ret,
> +   Error **errp)
> +{
> +uint32_t error;
> +uint16_t message_size;
> +
> +assert(chunk->type & (1 << 15));
> +
> +if (chunk->length < sizeof(error) + sizeof(message_size)) {
> +error_setg(errp,
> +   "Protocol error: invalid payload for structured error");
> +return -EINVAL;
> +}
> +
> +error = nbd_errno_to_system_errno(payload_advance32());
> +if (error == 0) {
> +error_setg(errp, "Protocol error: server sent structured error chunk"
> + "with error = 0");
> +return -EINVAL;
> +}
> +
> +*request_ret = error;

Here, you set *request_ret to a positive value when the server gives an
error,

> +static coroutine_fn int nbd_co_do_receive_one_chunk(
> +NBDClientSession *s, uint64_t handle, bool only_structured,
> +int *request_ret, QEMUIOVector *qiov, void **payload, Error **errp)
>  {

> -} else {
> -assert(s->reply.handle == handle);
> -ret = -nbd_errno_to_system_errno(s->reply.simple.error);
> -if (qiov && ret == 0) {
> -if (qio_channel_readv_all(s->ioc, qiov->iov, qiov->niov,
> -  NULL) < 0) {
> -ret = -EIO;
> -s->quit = true;
> +error_setg(errp, "Connection closed");
> +return -EIO;
> +}
> +
> +assert(s->reply.handle == handle);
> +
> +if (nbd_reply_is_simple(>reply)) {
> +if (only_structured) {
> +error_setg(errp, "Protocol error: simple reply when structured"
> + "reply chunk was expected");
> +return -EINVAL;
> +}
> +
> +*request_ret = -nbd_errno_to_system_errno(s->reply.simple.error);

But here, you set it to a negative value,

> +/* nbd_reply_chunk_iter_receive
> + * The pointer stored in @payload requires qemu_vfree() to free it.
> + */
> +static bool nbd_reply_chunk_iter_receive(NBDClientSession *s,
> + NBDReplyChunkIter *iter,
> + uint64_t handle,
> + QEMUIOVector *qiov, NBDReply *reply,
> + void **payload)
> +{
> +int ret;
> +NBDReply local_reply;
> +NBDStructuredReplyChunk *chunk;
> +Error *local_err = NULL;
> +if (s->quit) {
> +error_setg(_err, "Connection closed");
> +nbd_iter_error(iter, true, -EIO, _err);
> +goto break_loop;
> +}
> +
> +if (iter->done) {
> +/* Previous iteration was last. */
> +goto break_loop;
> +}
> +
> +if (reply == NULL) {
> +reply = _reply;
> +}
> +
> +ret = nbd_co_receive_one_chunk(s, handle, iter->only_structured,
> +   qiov, reply, payload, _err);
> +if (ret < 0) {
> +/* If it is a fatal error s->quit is set by nbd_co_receive_one_chunk 
> */
> +nbd_iter_error(iter, s->quit, ret, _err);
> +}

and you only ever set iter.ret to non-zero if the value was negative (so
you were missing all errors sent through a structured reply).

There was a lot of back-and-forth hunting through the code to see where
errors flow.  I wonder if our intermediate

Re: [Qemu-devel] [RFC 2/2] KVM: add virtio-pmem driver

2017-10-19 Thread Dan Williams

On Thu, Oct 19, 2017 at 1:01 AM, Christoph Hellwig  wrote:
> On Wed, Oct 18, 2017 at 08:51:37AM -0700, Dan Williams wrote:
>> This use case is not "Persistent Memory". Persistent Memory is
>> something you can map and make persistent with CPU instructions.
>> Anything that requires a driver call is device driver managed "Shared
>> Memory".
>
> How is this any different than the existing nvdimm_flush()? If you
> really care about the not driver thing it could easily be a write
> to a doorbell page or a hypercall, but in the end that's just semantics.

The difference is that nvdimm_flush() is not mandatory, and that the
platform will automatically perform the same flush at power-fail.
Applications should be able to assume that if they are using MAP_SYNC
that no other coordination with the kernel or the hypervisor is
necessary.

Advertising this as a generic Persistent Memory range to the guest
means that the guest could theoretically use it with device-dax where
there is no driver or filesystem sync interface. The hypervisor will
be waiting for flush notifications and the guest will just issue cache
flushes and sfence instructions. So, as far as I can see we need to
differentiate this virtio-model from standard "Persistent Memory" to
the guest and remove the possibility of guests/applications making the
wrong assumption.

Non-ODP RDMA in a guest comes to mind...

Re: [Qemu-devel] [PULL] qemu-sparc updates

2017-10-19 Thread Peter Maydell

On 19 October 2017 at 07:58, Mark Cave-Ayland
 wrote:
> Hi Peter,
>
> Here are my sun4u patches for 2.11. Note that because of the machine changes
> there is an openbios-sparc64 binary update included in the first patch to
> maintain bisectability. There will be a follow-up patch for OpenBIOS which 
> will
> update binaries for all architectures to the latest and update the submodule
> shortly.
>
>
> ATB,
>
> Mark.
>
>
> The following changes since commit 861cd431c99e56ddb5953ca1da164a9c32b477ca:
>
>   Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171017' 
> into staging (2017-10-17 15:26:51 +0100)
>
> are available in the git repository at:
>
>
>   https://github.com/mcayland/qemu.git tags/qemu-sparc-signed
>
> for you to fetch changes up to bcf9e2c2f2b7a610efaafc4bd6d0bee9181c2345:
>
>   sun4u: fix assert when adding NICs which aren't the in-built model 
> (2017-10-19 07:45:35 +0100)
>
> 
> qemu-sparc update
>
> 
> Mark Cave-Ayland (2):
>   sun4u: update PCI topology to include simba PCI bridges
>   sun4u: fix assert when adding NICs which aren't the in-built model

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL] Update OpenBIOS images

2017-10-19 Thread Peter Maydell

On 19 October 2017 at 08:10, Mark Cave-Ayland
 wrote:
> Hi Peter,
>
> Here are the latest set of updates for OpenBIOS which should be pulled after 
> the sun4u
> patches have been applied due to breaking changes in the sun4u machine.
>
>
> ATB,
>
> Mark.
>
>
> The following changes since commit 861cd431c99e56ddb5953ca1da164a9c32b477ca:
>
>   Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171017' 
> into staging (2017-10-17 15:26:51 +0100)
>
> are available in the git repository at:
>
>
>   https://github.com/mcayland/qemu.git tags/qemu-openbios-signed
>
> for you to fetch changes up to 08e2c1854d8bc32b3b6fcefbead0ea808c44cbc8:
>
>   Update OpenBIOS images to 83818bd built from submodule. (2017-10-19 
> 08:04:15 +0100)
>
> 
> Update OpenBIOS images
>
> 
> Mark Cave-Ayland (1):
>   Update OpenBIOS images to 83818bd built from submodule.
>
>  pc-bios/openbios-ppc |  Bin 754936 -> 754936 bytes
>  pc-bios/openbios-sparc32 |  Bin 382048 -> 382048 bytes
>  pc-bios/openbios-sparc64 |  Bin 1593408 -> 1593408 bytes
>  roms/openbios|2 +-

This fails to merge, because your other pullreq also
updated pc-bios/openbios-sparc64 and git can't automatically
resolve merge conflicts between binary files.

If you tell me which version of the binary to prefer I can
fix it up by hand in the merge commit I guess.

thanks
-- PMM

[Qemu-devel] [PULL v1 02/21] tpm-tis: remove RAISE_STS_IRQ

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

This look like temporary hacking code. It shouldn't be necessary in
release code, or there should be a runtime option for it.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 hw/tpm/tpm_tis.c | 24 +---
 1 file changed, 1 insertion(+), 23 deletions(-)

diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index a9e9cbd..c54dac3 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -43,9 +43,6 @@
 } \
 } while (0);
 
-/* whether the STS interrupt is supported */
-#define RAISE_STS_IRQ
-
 /* tis registers */
 #define TPM_TIS_REG_ACCESS0x00
 #define TPM_TIS_REG_INT_ENABLE0x08
@@ -98,21 +95,11 @@
 #define TPM_TIS_INT_POLARITY_MASK (3 << 3)
 #define TPM_TIS_INT_POLARITY_LOW_LEVEL(1 << 3)
 
-#ifndef RAISE_STS_IRQ
-
-#define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
-  TPM_TIS_INT_DATA_AVAILABLE   | \
-  TPM_TIS_INT_COMMAND_READY)
-
-#else
-
 #define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
   TPM_TIS_INT_DATA_AVAILABLE   | \
   TPM_TIS_INT_STS_VALID | \
   TPM_TIS_INT_COMMAND_READY)
 
-#endif
-
 #define TPM_TIS_CAP_INTERFACE_VERSION1_3 (2 << 28)
 #define TPM_TIS_CAP_INTERFACE_VERSION1_3_FOR_TPM2_0 (3 << 28)
 #define TPM_TIS_CAP_DATA_TRANSFER_64B(3 << 9)
@@ -377,12 +364,8 @@ static void tpm_tis_receive_bh(void *opaque)
 tpm_tis_abort(s, locty);
 }
 
-#ifndef RAISE_STS_IRQ
-tpm_tis_raise_irq(s, locty, TPM_TIS_INT_DATA_AVAILABLE);
-#else
 tpm_tis_raise_irq(s, locty,
   TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
-#endif
 }
 
 /*
@@ -421,9 +404,7 @@ static uint32_t tpm_tis_data_read(TPMState *s, uint8_t 
locty)
 if (tis->loc[locty].r_offset >= len) {
 /* got last byte */
 tpm_tis_sts_set(>loc[locty], TPM_TIS_STS_VALID);
-#ifdef RAISE_STS_IRQ
 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
-#endif
 }
 DPRINTF("tpm_tis: tpm_tis_data_read byte 0x%02x   [%d]\n",
 ret, tis->loc[locty].r_offset-1);
@@ -912,9 +893,8 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
 if (tis->loc[locty].w_offset > 5 &&
 (tis->loc[locty].sts & TPM_TIS_STS_EXPECT)) {
 /* we have a packet length - see if we have all of it */
-#ifdef RAISE_STS_IRQ
 bool need_irq = !(tis->loc[locty].sts & TPM_TIS_STS_VALID);
-#endif
+
 len = tpm_tis_get_size_from_buffer(>loc[locty].w_buffer);
 if (len > tis->loc[locty].w_offset) {
 tpm_tis_sts_set(>loc[locty],
@@ -923,11 +903,9 @@ static void tpm_tis_mmio_write(void *opaque, hwaddr addr,
 /* packet complete */
 tpm_tis_sts_set(>loc[locty], TPM_TIS_STS_VALID);
 }
-#ifdef RAISE_STS_IRQ
 if (need_irq) {
 tpm_tis_raise_irq(s, locty, TPM_TIS_INT_STS_VALID);
 }
-#endif
 }
 }
 break;
-- 
2.5.5

[Qemu-devel] [PULL v1 14/21] tpm: add TPMBackendCmd to hold the request state

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

This simplifies a bit locality handling, and argument passing, and
could pave the way to queuing requests (if that makes sense).

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 backends/tpm.c   |  6 +++---
 hw/tpm/tpm_emulator.c| 29 +++--
 hw/tpm/tpm_int.h |  1 +
 hw/tpm/tpm_passthrough.c | 24 +---
 hw/tpm/tpm_tis.c | 18 +-
 include/sysemu/tpm_backend.h | 16 +---
 6 files changed, 50 insertions(+), 44 deletions(-)

diff --git a/backends/tpm.c b/backends/tpm.c
index 34e8208..dc7c831 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -25,7 +25,7 @@ static void tpm_backend_worker_thread(gpointer data, gpointer 
user_data)
 TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
 
 assert(k->handle_request != NULL);
-k->handle_request(s);
+k->handle_request(s, (TPMBackendCmd *)data);
 }
 
 static void tpm_backend_thread_end(TPMBackend *s)
@@ -76,9 +76,9 @@ bool tpm_backend_had_startup_error(TPMBackend *s)
 return s->had_startup_error;
 }
 
-void tpm_backend_deliver_request(TPMBackend *s)
+void tpm_backend_deliver_request(TPMBackend *s, TPMBackendCmd *cmd)
 {
-g_thread_pool_push(s->thread_pool, NULL, NULL);
+g_thread_pool_push(s->thread_pool, cmd, NULL);
 }
 
 void tpm_backend_reset(TPMBackend *s)
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 8fbe9ad..0b1a99f 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -172,28 +172,29 @@ static int tpm_emulator_set_locality(TPMEmulator 
*tpm_emu, uint8_t locty_number)
 return 0;
 }
 
-static void tpm_emulator_handle_request(TPMBackend *tb)
+static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
 TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
-TPMLocality *locty = NULL;
-bool selftest_done = false;
 Error *err = NULL;
 
 DPRINTF("processing TPM command");
 
-locty = tb->tpm_state->locty_data;
-if (tpm_emulator_set_locality(tpm_emu,
-  tb->tpm_state->locty_number) < 0 ||
-tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
-  locty->w_offset, locty->r_buffer.buffer,
-  locty->r_buffer.size, _done,
-  ) < 0) {
-tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
-locty->r_buffer.size);
-error_report_err(err);
+if (tpm_emulator_set_locality(tpm_emu, tb->tpm_state->locty_number) < 0) {
+goto error;
+}
+
+if (tpm_emulator_unix_tx_bufs(tpm_emu, cmd->in, cmd->in_len,
+  cmd->out, cmd->out_len,
+  >selftest_done, ) < 0) {
+goto error;
 }
 
-tb->recv_data_callback(tb->tpm_state, selftest_done);
+tb->recv_data_callback(tb->tpm_state);
+return;
+
+error:
+tpm_util_write_fatal_error_response(cmd->out, cmd->out_len);
+error_report_err(err);
 }
 
 static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index f2f285b..6d7b3dc 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -26,6 +26,7 @@ struct TPMState {
 
 uint8_t locty_number;
 TPMLocality *locty_data;
+TPMBackendCmd cmd;
 
 char *backend;
 TPMBackend *be_driver;
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 0ae4596..93d72b8 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -137,30 +137,16 @@ err_exit:
 return ret;
 }
 
-static int tpm_passthrough_unix_transfer(TPMPassthruState *tpm_pt,
- const TPMLocality *locty_data,
- bool *selftest_done)
-{
-return tpm_passthrough_unix_tx_bufs(tpm_pt,
-locty_data->w_buffer.buffer,
-locty_data->w_offset,
-locty_data->r_buffer.buffer,
-locty_data->r_buffer.size,
-selftest_done);
-}
-
-static void tpm_passthrough_handle_request(TPMBackend *tb)
+static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
 TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
-bool selftest_done = false;
 
-DPRINTF("tpm_passthrough: processing command\n");
+DPRINTF("tpm_passthrough: processing command %p\n", cmd);
 
-tpm_passthrough_unix_transfer(tpm_pt,
-  tb->tpm_state->locty_data,
-  _done);
+tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
+

[Qemu-devel] [PULL v1 19/21] tpm-tis: fold TPMTISEmuState in TPMState

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 hw/tpm/tpm_tis.c | 336 ++-
 1 file changed, 157 insertions(+), 179 deletions(-)

diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index 73cda41..d84eec4 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -72,7 +72,10 @@ typedef struct TPMLocality {
 TPMSizedBuffer r_buffer;
 } TPMLocality;
 
-typedef struct TPMTISEmuState {
+struct TPMState {
+ISADevice busdev;
+MemoryRegion mmio;
+
 QEMUBH *bh;
 uint32_t offset;
 uint8_t buf[TPM_TIS_BUFFER_MAX];
@@ -85,15 +88,6 @@ typedef struct TPMTISEmuState {
 
 qemu_irq irq;
 uint32_t irq_num;
-} TPMTISEmuState;
-
-struct TPMState {
-ISADevice busdev;
-MemoryRegion mmio;
-
-union {
-TPMTISEmuState tis;
-} s;
 
 uint8_t locty_number;
 TPMBackendCmd cmd;
@@ -272,16 +266,15 @@ static void tpm_tis_sts_set(TPMLocality *l, uint32_t 
flags)
  */
 static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
 {
-TPMTISEmuState *tis = >s.tis;
-TPMLocality *locty_data = >loc[locty];
+TPMLocality *locty_data = >loc[locty];
 
-tpm_tis_show_buffer(>loc[locty].w_buffer, "tpm_tis: To TPM");
+tpm_tis_show_buffer(>loc[locty].w_buffer, "tpm_tis: To TPM");
 
 /*
  * w_offset serves as length indicator for length of data;
  * it's reset when the response comes back
  */
-tis->loc[locty].state = TPM_TIS_STATE_EXECUTION;
+s->loc[locty].state = TPM_TIS_STATE_EXECUTION;
 
 s->cmd = (TPMBackendCmd) {
 .locty = locty,
@@ -297,17 +290,15 @@ static void tpm_tis_tpm_send(TPMState *s, uint8_t locty)
 /* raise an interrupt if allowed */
 static void tpm_tis_raise_irq(TPMState *s, uint8_t locty, uint32_t irqmask)
 {
-TPMTISEmuState *tis = >s.tis;
-
 if (!TPM_TIS_IS_VALID_LOCTY(locty)) {
 return;
 }
 
-if ((tis->loc[locty].inte & TPM_TIS_INT_ENABLED) &&
-(tis->loc[locty].inte & irqmask)) {
+if ((s->loc[locty].inte & TPM_TIS_INT_ENABLED) &&
+(s->loc[locty].inte & irqmask)) {
 DPRINTF("tpm_tis: Raising IRQ for flag %08x\n", irqmask);
-qemu_irq_raise(s->s.tis.irq);
-tis->loc[locty].ints |= irqmask;
+qemu_irq_raise(s->irq);
+s->loc[locty].ints |= irqmask;
 }
 }
 
@@ -319,7 +310,7 @@ static uint32_t tpm_tis_check_request_use_except(TPMState 
*s, uint8_t locty)
 if (l == locty) {
 continue;
 }
-if ((s->s.tis.loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) {
+if ((s->loc[l].access & TPM_TIS_ACCESS_REQUEST_USE)) {
 return 1;
 }
 }
@@ -329,14 +320,13 @@ static uint32_t tpm_tis_check_request_use_except(TPMState 
*s, uint8_t locty)
 
 static void tpm_tis_new_active_locality(TPMState *s, uint8_t new_active_locty)
 {
-TPMTISEmuState *tis = >s.tis;
-bool change = (s->s.tis.active_locty != new_active_locty);
+bool change = (s->active_locty != new_active_locty);
 bool is_seize;
 uint8_t mask;
 
-if (change && TPM_TIS_IS_VALID_LOCTY(s->s.tis.active_locty)) {
+if (change && TPM_TIS_IS_VALID_LOCTY(s->active_locty)) {
 is_seize = TPM_TIS_IS_VALID_LOCTY(new_active_locty) &&
-   tis->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE;
+   s->loc[new_active_locty].access & TPM_TIS_ACCESS_SEIZE;
 
 if (is_seize) {
 mask = ~(TPM_TIS_ACCESS_ACTIVE_LOCALITY);
@@ -345,73 +335,70 @@ static void tpm_tis_new_active_locality(TPMState *s, 
uint8_t new_active_locty)
  TPM_TIS_ACCESS_REQUEST_USE);
 }
 /* reset flags on the old active locality */
-tis->loc[s->s.tis.active_locty].access &= mask;
+s->loc[s->active_locty].access &= mask;
 
 if (is_seize) {
-tis->loc[tis->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED;
+s->loc[s->active_locty].access |= TPM_TIS_ACCESS_BEEN_SEIZED;
 }
 }
 
-tis->active_locty = new_active_locty;
+s->active_locty = new_active_locty;
 
-DPRINTF("tpm_tis: Active locality is now %d\n", s->s.tis.active_locty);
+DPRINTF("tpm_tis: Active locality is now %d\n", s->active_locty);
 
 if (TPM_TIS_IS_VALID_LOCTY(new_active_locty)) {
 /* set flags on the new active locality */
-tis->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY;
-tis->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE |
+s->loc[new_active_locty].access |= TPM_TIS_ACCESS_ACTIVE_LOCALITY;
+s->loc[new_active_locty].access &= ~(TPM_TIS_ACCESS_REQUEST_USE |
TPM_TIS_ACCESS_SEIZE);
 }
 
 if (change) {
-tpm_tis_raise_irq(s, tis->active_locty, TPM_TIS_INT_LOCALITY_CHANGED);

[Qemu-devel] [PULL v1 12/21] tpm: remove needless cast

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 hw/tpm/tpm_passthrough.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 5cd988e..fed3d69 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -96,7 +96,7 @@ static int tpm_passthrough_unix_tx_bufs(TPMPassthruState 
*tpm_pt,
 
 is_selftest = tpm_util_is_selftest(in, in_len);
 
-ret = qemu_write_full(tpm_pt->tpm_fd, (const void *)in, (size_t)in_len);
+ret = qemu_write_full(tpm_pt->tpm_fd, in, in_len);
 if (ret != in_len) {
 if (!tpm_pt->tpm_op_canceled || errno != ECANCELED) {
 error_report("tpm_passthrough: error while transmitting data "
-- 
2.5.5

[Qemu-devel] [PULL v1 08/21] tpm: remove TPMDriverOps

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

Use TPMBackendClass to hold class methods/fields.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 backends/tpm.c   | 31 ---
 hw/tpm/tpm_emulator.c| 29 -
 hw/tpm/tpm_passthrough.c | 25 +++--
 include/sysemu/tpm_backend.h | 15 +--
 scripts/checkpatch.pl|  1 -
 tpm.c| 20 +---
 6 files changed, 53 insertions(+), 68 deletions(-)

diff --git a/backends/tpm.c b/backends/tpm.c
index 37c84b7..ca3a78e 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -41,7 +41,7 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
 {
 TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-return k->ops->type;
+return k->type;
 }
 
 int tpm_backend_init(TPMBackend *s, TPMState *state,
@@ -53,7 +53,7 @@ int tpm_backend_init(TPMBackend *s, TPMState *state,
 s->recv_data_callback = datacb;
 s->had_startup_error = false;
 
-return k->ops->init ? k->ops->init(s) : 0;
+return k->init ? k->init(s) : 0;
 }
 
 int tpm_backend_startup_tpm(TPMBackend *s)
@@ -68,7 +68,7 @@ int tpm_backend_startup_tpm(TPMBackend *s)
NULL);
 g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL);
 
-res = k->ops->startup_tpm ? k->ops->startup_tpm(s) : 0;
+res = k->startup_tpm ? k->startup_tpm(s) : 0;
 
 s->had_startup_error = (res != 0);
 
@@ -90,8 +90,8 @@ void tpm_backend_reset(TPMBackend *s)
 {
 TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-if (k->ops->reset) {
-k->ops->reset(s);
+if (k->reset) {
+k->reset(s);
 }
 
 tpm_backend_thread_end(s);
@@ -103,34 +103,34 @@ void tpm_backend_cancel_cmd(TPMBackend *s)
 {
 TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-assert(k->ops->cancel_cmd);
+assert(k->cancel_cmd);
 
-k->ops->cancel_cmd(s);
+k->cancel_cmd(s);
 }
 
 bool tpm_backend_get_tpm_established_flag(TPMBackend *s)
 {
 TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-return k->ops->get_tpm_established_flag ?
-   k->ops->get_tpm_established_flag(s) : false;
+return k->get_tpm_established_flag ?
+   k->get_tpm_established_flag(s) : false;
 }
 
 int tpm_backend_reset_tpm_established_flag(TPMBackend *s, uint8_t locty)
 {
 TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-return k->ops->reset_tpm_established_flag ?
-   k->ops->reset_tpm_established_flag(s, locty) : 0;
+return k->reset_tpm_established_flag ?
+   k->reset_tpm_established_flag(s, locty) : 0;
 }
 
 TPMVersion tpm_backend_get_tpm_version(TPMBackend *s)
 {
 TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s);
 
-assert(k->ops->get_tpm_version);
+assert(k->get_tpm_version);
 
-return k->ops->get_tpm_version(s);
+return k->get_tpm_version(s);
 }
 
 TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
@@ -140,8 +140,9 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s)
 
 info->id = g_strdup(s->id);
 info->model = s->fe_model;
-info->options = k->ops->get_tpm_options ?
-k->ops->get_tpm_options(s) : NULL;
+if (k->get_tpm_options) {
+info->options = k->get_tpm_options(s);
+}
 
 return info;
 }
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 187a69e..03ea584 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -60,8 +60,6 @@
 
 #define TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(S, cap) (((S)->caps & (cap)) == (cap))
 
-static const TPMDriverOps tpm_emulator_driver;
-
 /* data structures */
 typedef struct TPMEmulator {
 TPMBackend parent;
@@ -504,20 +502,6 @@ static const QemuOptDesc tpm_emulator_cmdline_opts[] = {
 { /* end of list */ },
 };
 
-static const TPMDriverOps tpm_emulator_driver = {
-.type = TPM_TYPE_EMULATOR,
-.opts = tpm_emulator_cmdline_opts,
-.desc = "TPM emulator backend driver",
-
-.create   = tpm_emulator_create,
-.startup_tpm  = tpm_emulator_startup_tpm,
-.cancel_cmd   = tpm_emulator_cancel_cmd,
-.get_tpm_established_flag = tpm_emulator_get_tpm_established_flag,
-.reset_tpm_established_flag = tpm_emulator_reset_tpm_established_flag,
-.get_tpm_version  = tpm_emulator_get_tpm_version,
-.get_tpm_options  = tpm_emulator_get_tpm_options,
-};
-
 static void tpm_emulator_inst_init(Object *obj)
 {
 TPMEmulator *tpm_emu = TPM_EMULATOR(obj);
@@ -565,7 +549,18 @@ static void tpm_emulator_inst_finalize(Object *obj)
 static void tpm_emulator_class_init(ObjectClass *klass, void *data)
 {
 TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass);
-tbc->ops = _emulator_driver;
+
+tbc->type =

[Qemu-devel] [PULL v1 06/21] tpm: remove tpm_register_driver()

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

No more users of be_drivers[], drop that too.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 hw/tpm/tpm_emulator.c| 1 -
 hw/tpm/tpm_passthrough.c | 1 -
 include/sysemu/tpm_backend.h | 1 -
 tpm.c| 8 
 4 files changed, 11 deletions(-)

diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 95e1e04..187a69e 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -581,7 +581,6 @@ static const TypeInfo tpm_emulator_info = {
 static void tpm_emulator_register(void)
 {
 type_register_static(_emulator_info);
-tpm_register_driver(_emulator_driver);
 }
 
 type_init(tpm_emulator_register)
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index e6ace28..f04eab3 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -418,7 +418,6 @@ static const TypeInfo tpm_passthrough_info = {
 static void tpm_passthrough_register(void)
 {
 type_register_static(_passthrough_info);
-tpm_register_driver(_passthrough_driver);
 }
 
 type_init(tpm_passthrough_register)
diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index c6e5637..adb6a68 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -216,6 +216,5 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s);
 TPMBackend *qemu_find_tpm(const char *id);
 
 void tpm_register_model(enum TpmModel model);
-void tpm_register_driver(const TPMDriverOps *tdo);
 
 #endif
diff --git a/tpm.c b/tpm.c
index ad2ed6a..75a589b 100644
--- a/tpm.c
+++ b/tpm.c
@@ -23,7 +23,6 @@
 static QLIST_HEAD(, TPMBackend) tpm_backends =
 QLIST_HEAD_INITIALIZER(tpm_backends);
 
-static TPMDriverOps const *be_drivers[TPM_TYPE__MAX];
 static bool tpm_models[TPM_MODEL__MAX];
 
 void tpm_register_model(enum TpmModel model)
@@ -33,13 +32,6 @@ void tpm_register_model(enum TpmModel model)
 
 #ifdef CONFIG_TPM
 
-void tpm_register_driver(const TPMDriverOps *tdo)
-{
-assert(!be_drivers[tdo->type]);
-
-be_drivers[tdo->type] = tdo;
-}
-
 static const TPMDriverOps *
 tpm_driver_find_by_type(enum TpmType type)
 {
-- 
2.5.5

[Qemu-devel] [PULL v1 18/21] tpm-tis: remove tpm_tis.h header

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

The definitions are now private to TIS implementation.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 hw/tpm/tpm_passthrough.c |  1 -
 hw/tpm/tpm_tis.c | 72 -
 hw/tpm/tpm_tis.h | 94 
 3 files changed, 71 insertions(+), 96 deletions(-)
 delete mode 100644 hw/tpm/tpm_tis.h

diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 93d72b8..4274164 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -31,7 +31,6 @@
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
 #include "qapi/clone-visitor.h"
-#include "tpm_tis.h"
 #include "tpm_util.h"
 
 #define DEBUG_TPM 0
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index ad28456..73cda41 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -23,6 +23,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "hw/isa/isa.h"
 #include "sysemu/tpm_backend.h"
 #include "tpm_int.h"
 #include "sysemu/block-backend.h"
@@ -30,10 +31,79 @@
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
 #include "hw/pci/pci_ids.h"
-#include "tpm_tis.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "qemu/main-loop.h"
+#include "hw/acpi/tpm.h"
+
+#define TPM_TIS_NUM_LOCALITIES  5 /* per spec */
+#define TPM_TIS_LOCALITY_SHIFT  12
+#define TPM_TIS_NO_LOCALITY 0xff
+
+#define TPM_TIS_IS_VALID_LOCTY(x)   ((x) < TPM_TIS_NUM_LOCALITIES)
+
+#define TPM_TIS_BUFFER_MAX  4096
+
+typedef enum {
+TPM_TIS_STATE_IDLE = 0,
+TPM_TIS_STATE_READY,
+TPM_TIS_STATE_COMPLETION,
+TPM_TIS_STATE_EXECUTION,
+TPM_TIS_STATE_RECEPTION,
+} TPMTISState;
+
+typedef struct TPMSizedBuffer {
+uint32_t size;
+uint8_t  *buffer;
+} TPMSizedBuffer;
+
+/* locality data  -- all fields are persisted */
+typedef struct TPMLocality {
+TPMTISState state;
+uint8_t access;
+uint32_t sts;
+uint32_t iface_id;
+uint32_t inte;
+uint32_t ints;
+
+uint16_t w_offset;
+uint16_t r_offset;
+TPMSizedBuffer w_buffer;
+TPMSizedBuffer r_buffer;
+} TPMLocality;
+
+typedef struct TPMTISEmuState {
+QEMUBH *bh;
+uint32_t offset;
+uint8_t buf[TPM_TIS_BUFFER_MAX];
+
+uint8_t active_locty;
+uint8_t aborting_locty;
+uint8_t next_locty;
+
+TPMLocality loc[TPM_TIS_NUM_LOCALITIES];
+
+qemu_irq irq;
+uint32_t irq_num;
+} TPMTISEmuState;
+
+struct TPMState {
+ISADevice busdev;
+MemoryRegion mmio;
+
+union {
+TPMTISEmuState tis;
+} s;
+
+uint8_t locty_number;
+TPMBackendCmd cmd;
+
+char *backend;
+TPMBackend *be_driver;
+TPMVersion be_tpm_version;
+};
+
+#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
 
 #define DEBUG_TIS 0
 
diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
deleted file mode 100644
index 30e35ee..000
--- a/hw/tpm/tpm_tis.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * tpm_tis.h - QEMU's TPM TIS interface emulator
- *
- * Copyright (C) 2006, 2010-2013 IBM Corporation
- *
- * Authors:
- *  Stefan Berger 
- *  David Safford 
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- * Implementation of the TIS interface according to specs found at
- * http://www.trustedcomputinggroup.org
- *
- */
-#ifndef TPM_TPM_TIS_H
-#define TPM_TPM_TIS_H
-
-#include "hw/isa/isa.h"
-#include "hw/acpi/tpm.h"
-#include "qemu-common.h"
-
-#define TPM_TIS_NUM_LOCALITIES  5 /* per spec */
-#define TPM_TIS_LOCALITY_SHIFT  12
-#define TPM_TIS_NO_LOCALITY 0xff
-
-#define TPM_TIS_IS_VALID_LOCTY(x)   ((x) < TPM_TIS_NUM_LOCALITIES)
-
-#define TPM_TIS_BUFFER_MAX  4096
-
-typedef enum {
-TPM_TIS_STATE_IDLE = 0,
-TPM_TIS_STATE_READY,
-TPM_TIS_STATE_COMPLETION,
-TPM_TIS_STATE_EXECUTION,
-TPM_TIS_STATE_RECEPTION,
-} TPMTISState;
-
-typedef struct TPMSizedBuffer {
-uint32_t size;
-uint8_t  *buffer;
-} TPMSizedBuffer;
-
-/* locality data  -- all fields are persisted */
-typedef struct TPMLocality {
-TPMTISState state;
-uint8_t access;
-uint32_t sts;
-uint32_t iface_id;
-uint32_t inte;
-uint32_t ints;
-
-uint16_t w_offset;
-uint16_t r_offset;
-TPMSizedBuffer w_buffer;
-TPMSizedBuffer r_buffer;
-} TPMLocality;
-
-typedef struct TPMTISEmuState {
-QEMUBH *bh;
-uint32_t offset;
-uint8_t buf[TPM_TIS_BUFFER_MAX];
-
-uint8_t active_locty;
-uint8_t aborting_locty;
-uint8_t next_locty;
-
-TPMLocality loc[TPM_TIS_NUM_LOCALITIES];
-
-qemu_irq irq;
-uint32_t irq_num;
-} TPMTISEmuState;
-
-/* overall state of the TPM interface */
-struct TPMState {
-ISADevice busdev;
-MemoryRegion mmio;
-
-union {
-TPMTISEmuState tis;
-

[Qemu-devel] [PULL v1 05/21] tpm: replace tpm_get_backend_driver() to drop be_drivers

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

Use tpm_driver_find_by_type() instead.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 tpm.c | 11 +++
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/tpm.c b/tpm.c
index 04de8da..ad2ed6a 100644
--- a/tpm.c
+++ b/tpm.c
@@ -31,13 +31,6 @@ void tpm_register_model(enum TpmModel model)
 tpm_models[model] = true;
 }
 
-static const TPMDriverOps *tpm_get_backend_driver(const char *type)
-{
-int i = qapi_enum_parse(_lookup, type, -1, NULL);
-
-return i >= 0 ? be_drivers[i] : NULL;
-}
-
 #ifdef CONFIG_TPM
 
 void tpm_register_driver(const TPMDriverOps *tdo)
@@ -110,6 +103,7 @@ static int configure_tpm(QemuOpts *opts)
 const TPMDriverOps *be;
 TPMBackend *drv;
 Error *local_err = NULL;
+int i;
 
 if (!QLIST_EMPTY(_backends)) {
 error_report("Only one TPM is allowed.");
@@ -129,7 +123,8 @@ static int configure_tpm(QemuOpts *opts)
 return 1;
 }
 
-be = tpm_get_backend_driver(value);
+i = qapi_enum_parse(_lookup, value, -1, NULL);
+be = i >= 0 ? tpm_driver_find_by_type(i) : NULL;
 if (be == NULL) {
 error_report(QERR_INVALID_PARAMETER_VALUE,
  "type", "a TPM backend type");
-- 
2.5.5

[Qemu-devel] [PULL v1 15/21] tpm-emulator: fix error handling

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

The previous patch cleaned up a bit error handling, and exposed an
existing bug: error_report_err() could be called with a NULL error.
Instead, make tpm_emulator_set_locality() set the error.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 hw/tpm/tpm_emulator.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 0b1a99f..a613cec 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -141,7 +141,8 @@ static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_emu,
 return 0;
 }
 
-static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t 
locty_number)
+static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t 
locty_number,
+ Error **errp)
 {
 ptm_loc loc;
 
@@ -155,15 +156,15 @@ static int tpm_emulator_set_locality(TPMEmulator 
*tpm_emu, uint8_t locty_number)
 loc.u.req.loc = locty_number;
 if (tpm_emulator_ctrlcmd(_emu->ctrl_chr, CMD_SET_LOCALITY, ,
  sizeof(loc), sizeof(loc)) < 0) {
-error_report("tpm-emulator: could not set locality : %s",
- strerror(errno));
+error_setg(errp, "tpm-emulator: could not set locality : %s",
+   strerror(errno));
 return -1;
 }
 
 loc.u.resp.tpm_result = be32_to_cpu(loc.u.resp.tpm_result);
 if (loc.u.resp.tpm_result != 0) {
-error_report("tpm-emulator: TPM result for set locality : 0x%x",
- loc.u.resp.tpm_result);
+error_setg(errp, "tpm-emulator: TPM result for set locality : 0x%x",
+   loc.u.resp.tpm_result);
 return -1;
 }
 
@@ -179,7 +180,8 @@ static void tpm_emulator_handle_request(TPMBackend *tb, 
TPMBackendCmd *cmd)
 
 DPRINTF("processing TPM command");
 
-if (tpm_emulator_set_locality(tpm_emu, tb->tpm_state->locty_number) < 0) {
+if (tpm_emulator_set_locality(tpm_emu,
+  tb->tpm_state->locty_number, ) < 0) {
 goto error;
 }
 
-- 
2.5.5

[Qemu-devel] [PULL v1 10/21] tpm: remove configure_tpm() hop

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 tpm.c | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/tpm.c b/tpm.c
index 4882501..45520f5 100644
--- a/tpm.c
+++ b/tpm.c
@@ -86,7 +86,7 @@ TPMBackend *qemu_find_tpm(const char *id)
 return NULL;
 }
 
-static int configure_tpm(QemuOpts *opts)
+static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
 {
 const char *value;
 const char *id;
@@ -145,11 +145,6 @@ static int configure_tpm(QemuOpts *opts)
 return 0;
 }
 
-static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
-{
-return configure_tpm(opts);
-}
-
 /*
  * Walk the list of TPM backend drivers that are in use and call their
  * destroy function to have them cleaned up.
-- 
2.5.5

[Qemu-devel] [PULL v1 03/21] tpm: make tpm_get_backend_driver() static

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

No need to export the function.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 include/sysemu/tpm_backend.h | 1 -
 tpm.c| 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 2c798a1..c6e5637 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -215,7 +215,6 @@ TPMInfo *tpm_backend_query_tpm(TPMBackend *s);
 
 TPMBackend *qemu_find_tpm(const char *id);
 
-const TPMDriverOps *tpm_get_backend_driver(const char *type);
 void tpm_register_model(enum TpmModel model);
 void tpm_register_driver(const TPMDriverOps *tdo);
 
diff --git a/tpm.c b/tpm.c
index 317..bc7d747 100644
--- a/tpm.c
+++ b/tpm.c
@@ -31,7 +31,7 @@ void tpm_register_model(enum TpmModel model)
 tpm_models[model] = true;
 }
 
-const TPMDriverOps *tpm_get_backend_driver(const char *type)
+static const TPMDriverOps *tpm_get_backend_driver(const char *type)
 {
 int i = qapi_enum_parse(_lookup, type, -1, NULL);
 
-- 
2.5.5

[Qemu-devel] [PULL v1 07/21] tpm: move TPMSizedBuffer to tpm_tis.h

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

Close to where it's being used.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 hw/tpm/tpm_tis.h | 5 +
 include/sysemu/tpm_backend.h | 5 -
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
index a1df41f..31e612a 100644
--- a/hw/tpm/tpm_tis.h
+++ b/hw/tpm/tpm_tis.h
@@ -37,6 +37,11 @@ typedef enum {
 TPM_TIS_STATE_RECEPTION,
 } TPMTISState;
 
+typedef struct TPMSizedBuffer {
+uint32_t size;
+uint8_t  *buffer;
+} TPMSizedBuffer;
+
 /* locality data  -- all fields are persisted */
 typedef struct TPMLocality {
 TPMTISState state;
diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index adb6a68..6309355 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -66,11 +66,6 @@ struct TPMBackendClass {
 void (*handle_request)(TPMBackend *s, TPMBackendCmd cmd);
 };
 
-typedef struct TPMSizedBuffer {
-uint32_t size;
-uint8_t  *buffer;
-} TPMSizedBuffer;
-
 struct TPMDriverOps {
 enum TpmType type;
 const QemuOptDesc *opts;
-- 
2.5.5

[Qemu-devel] [PULL v1 11/21] tpm: remove unused TPMBackendCmd

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

There is only handling of request so far in both backends.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 backends/tpm.c   |  7 ++-
 hw/tpm/tpm_emulator.c| 42 --
 hw/tpm/tpm_passthrough.c | 29 ++---
 include/sysemu/tpm_backend.h |  9 +
 4 files changed, 29 insertions(+), 58 deletions(-)

diff --git a/backends/tpm.c b/backends/tpm.c
index dc750d4..34e8208 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -25,13 +25,12 @@ static void tpm_backend_worker_thread(gpointer data, 
gpointer user_data)
 TPMBackendClass *k  = TPM_BACKEND_GET_CLASS(s);
 
 assert(k->handle_request != NULL);
-k->handle_request(s, (TPMBackendCmd)data);
+k->handle_request(s);
 }
 
 static void tpm_backend_thread_end(TPMBackend *s)
 {
 if (s->thread_pool) {
-g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_END, 
NULL);
 g_thread_pool_free(s->thread_pool, FALSE, TRUE);
 s->thread_pool = NULL;
 }
@@ -64,7 +63,6 @@ int tpm_backend_startup_tpm(TPMBackend *s)
 
 s->thread_pool = g_thread_pool_new(tpm_backend_worker_thread, s, 1, TRUE,
NULL);
-g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_INIT, NULL);
 
 res = k->startup_tpm ? k->startup_tpm(s) : 0;
 
@@ -80,8 +78,7 @@ bool tpm_backend_had_startup_error(TPMBackend *s)
 
 void tpm_backend_deliver_request(TPMBackend *s)
 {
-g_thread_pool_push(s->thread_pool, (gpointer)TPM_BACKEND_CMD_PROCESS_CMD,
-   NULL);
+g_thread_pool_push(s->thread_pool, NULL, NULL);
 }
 
 void tpm_backend_reset(TPMBackend *s)
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 03ea584..a6763e8 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -172,39 +172,29 @@ static int tpm_emulator_set_locality(TPMEmulator 
*tpm_emu, uint8_t locty_number)
 return 0;
 }
 
-static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd cmd)
+static void tpm_emulator_handle_request(TPMBackend *tb)
 {
 TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
 TPMLocality *locty = NULL;
 bool selftest_done = false;
 Error *err = NULL;
 
-DPRINTF("processing command type %d", cmd);
-
-switch (cmd) {
-case TPM_BACKEND_CMD_PROCESS_CMD:
-locty = tb->tpm_state->locty_data;
-if (tpm_emulator_set_locality(tpm_emu,
-  tb->tpm_state->locty_number) < 0 ||
-tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
-  locty->w_offset, locty->r_buffer.buffer,
-  locty->r_buffer.size, _done,
-  ) < 0) {
-tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
-locty->r_buffer.size);
-error_report_err(err);
-}
-
-tb->recv_data_callback(tb->tpm_state, tb->tpm_state->locty_number,
-   selftest_done);
-
-break;
-case TPM_BACKEND_CMD_INIT:
-case TPM_BACKEND_CMD_END:
-case TPM_BACKEND_CMD_TPM_RESET:
-/* nothing to do */
-break;
+DPRINTF("processing TPM command");
+
+locty = tb->tpm_state->locty_data;
+if (tpm_emulator_set_locality(tpm_emu,
+  tb->tpm_state->locty_number) < 0 ||
+tpm_emulator_unix_tx_bufs(tpm_emu, locty->w_buffer.buffer,
+  locty->w_offset, locty->r_buffer.buffer,
+  locty->r_buffer.size, _done,
+  ) < 0) {
+tpm_util_write_fatal_error_response(locty->r_buffer.buffer,
+locty->r_buffer.size);
+error_report_err(err);
 }
+
+tb->recv_data_callback(tb->tpm_state, tb->tpm_state->locty_number,
+   selftest_done);
 }
 
 static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index d9da99b..5cd988e 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -149,29 +149,20 @@ static int tpm_passthrough_unix_transfer(TPMPassthruState 
*tpm_pt,
 selftest_done);
 }
 
-static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd cmd)
+static void tpm_passthrough_handle_request(TPMBackend *tb)
 {
 TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
 bool selftest_done = false;
 
-DPRINTF("tpm_passthrough: processing command type %d\n", cmd);
-
-switch (cmd) {
-case TPM_BACKEND_CMD_PROCESS_CMD:
-tpm_passthrough_unix_transfer(tpm_pt,
-

[Qemu-devel] [PULL v1 13/21] tpm: remove locty argument from receive_cb

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

The tpm_state is passed as argument, the assert() is pointless since
we give it the value of tpm_state->locty_number already.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 hw/tpm/tpm_emulator.c| 3 +--
 hw/tpm/tpm_passthrough.c | 4 +---
 hw/tpm/tpm_tis.c | 5 ++---
 include/sysemu/tpm_backend.h | 2 +-
 4 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index a6763e8..8fbe9ad 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -193,8 +193,7 @@ static void tpm_emulator_handle_request(TPMBackend *tb)
 error_report_err(err);
 }
 
-tb->recv_data_callback(tb->tpm_state, tb->tpm_state->locty_number,
-   selftest_done);
+tb->recv_data_callback(tb->tpm_state, selftest_done);
 }
 
 static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index fed3d69..0ae4596 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -160,9 +160,7 @@ static void tpm_passthrough_handle_request(TPMBackend *tb)
   tb->tpm_state->locty_data,
   _done);
 
-tb->recv_data_callback(tb->tpm_state,
-   tb->tpm_state->locty_number,
-   selftest_done);
+tb->recv_data_callback(tb->tpm_state, selftest_done);
 }
 
 static void tpm_passthrough_reset(TPMBackend *tb)
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index c54dac3..345a4fb 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -371,14 +371,13 @@ static void tpm_tis_receive_bh(void *opaque)
 /*
  * Callback from the TPM to indicate that the response was received.
  */
-static void tpm_tis_receive_cb(TPMState *s, uint8_t locty,
+static void tpm_tis_receive_cb(TPMState *s,
bool is_selftest_done)
 {
 TPMTISEmuState *tis = >s.tis;
+uint8_t locty = s->locty_number;
 uint8_t l;
 
-assert(s->locty_number == locty);
-
 if (is_selftest_done) {
 for (l = 0; l < TPM_TIS_NUM_LOCALITIES; l++) {
 tis->loc[locty].sts |= TPM_TIS_STS_SELFTEST_DONE;
diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 7d7ebfc..9c83a51 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -30,7 +30,7 @@
 typedef struct TPMBackendClass TPMBackendClass;
 typedef struct TPMBackend TPMBackend;
 
-typedef void (TPMRecvDataCB)(TPMState *, uint8_t locty, bool selftest_done);
+typedef void (TPMRecvDataCB)(TPMState *, bool selftest_done);
 
 struct TPMBackend {
 Object parent;
-- 
2.5.5

[Qemu-devel] [PULL v1 20/21] tpm: add a QOM TPM interface

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

This will simplify backend / interface objects relationship, so the
frontend interface will simply have to implement the TPM QOM interface.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 backends/tpm.c   |  8 
 hw/tpm/tpm_int.h | 17 +
 hw/tpm/tpm_tis.c |  4 
 3 files changed, 29 insertions(+)

diff --git a/backends/tpm.c b/backends/tpm.c
index dc7c831..87c5c09 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -17,6 +17,7 @@
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
 #include "sysemu/tpm.h"
+#include "hw/tpm/tpm_int.h"
 #include "qemu/thread.h"
 
 static void tpm_backend_worker_thread(gpointer data, gpointer user_data)
@@ -209,9 +210,16 @@ static const TypeInfo tpm_backend_info = {
 .abstract = true,
 };
 
+static const TypeInfo tpm_if_info = {
+.name = TYPE_TPM_IF,
+.parent = TYPE_INTERFACE,
+.class_size = sizeof(TPMIfClass),
+};
+
 static void register_types(void)
 {
 type_register_static(_backend_info);
+type_register_static(_if_info);
 }
 
 type_init(register_types);
diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index e231d0e..eb02e77 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -13,6 +13,23 @@
 #define TPM_TPM_INT_H
 
 #include "qemu/osdep.h"
+#include "qom/object.h"
+
+#define TYPE_TPM_IF "tpm-if"
+#define TPM_IF_CLASS(klass) \
+OBJECT_CLASS_CHECK(TPMIfClass, (klass), TYPE_TPM_IF)
+#define TPM_IF_GET_CLASS(obj) \
+OBJECT_GET_CLASS(TPMIfClass, (obj), TYPE_TPM_IF)
+#define TPM_IF(obj) \
+INTERFACE_CHECK(TPMIf, (obj), TYPE_TPM_IF)
+
+typedef struct TPMIf {
+Object parent_obj;
+} TPMIf;
+
+typedef struct TPMIfClass {
+InterfaceClass parent_class;
+} TPMIfClass;
 
 #define TPM_STANDARD_CMDLINE_OPTS   \
 { \
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index d84eec4..dbb5004 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -1123,6 +1123,10 @@ static const TypeInfo tpm_tis_info = {
 .instance_size = sizeof(TPMState),
 .instance_init = tpm_tis_initfn,
 .class_init  = tpm_tis_class_init,
+.interfaces = (InterfaceInfo[]) {
+{ TYPE_TPM_IF },
+{ }
+}
 };
 
 static void tpm_tis_register(void)
-- 
2.5.5

[Qemu-devel] [PULL v1 17/21] tpm-tis: move TPMState to TIS header

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 hw/tpm/tpm_int.h  | 23 ++-
 hw/tpm/tpm_tis.h  | 19 +++
 hw/tpm/tpm_util.c |  1 +
 3 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index 252c408..e231d0e 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -12,28 +12,9 @@
 #ifndef TPM_TPM_INT_H
 #define TPM_TPM_INT_H
 
-#include "exec/memory.h"
-#include "tpm_tis.h"
+#include "qemu/osdep.h"
 
-/* overall state of the TPM interface */
-struct TPMState {
-ISADevice busdev;
-MemoryRegion mmio;
-
-union {
-TPMTISEmuState tis;
-} s;
-
-TPMBackendCmd cmd;
-
-char *backend;
-TPMBackend *be_driver;
-TPMVersion be_tpm_version;
-};
-
-#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
-
-#define TPM_STANDARD_CMDLINE_OPTS \
+#define TPM_STANDARD_CMDLINE_OPTS   \
 { \
 .name = "type", \
 .type = QEMU_OPT_STRING, \
diff --git a/hw/tpm/tpm_tis.h b/hw/tpm/tpm_tis.h
index 31e612a..30e35ee 100644
--- a/hw/tpm/tpm_tis.h
+++ b/hw/tpm/tpm_tis.h
@@ -72,4 +72,23 @@ typedef struct TPMTISEmuState {
 uint32_t irq_num;
 } TPMTISEmuState;
 
+/* overall state of the TPM interface */
+struct TPMState {
+ISADevice busdev;
+MemoryRegion mmio;
+
+union {
+TPMTISEmuState tis;
+} s;
+
+uint8_t locty_number;
+TPMBackendCmd cmd;
+
+char *backend;
+TPMBackend *be_driver;
+TPMVersion be_tpm_version;
+};
+
+#define TPM(obj) OBJECT_CHECK(TPMState, (obj), TYPE_TPM_TIS)
+
 #endif /* TPM_TPM_TIS_H */
diff --git a/hw/tpm/tpm_util.c b/hw/tpm/tpm_util.c
index 73d7796..daf1faa 100644
--- a/hw/tpm/tpm_util.c
+++ b/hw/tpm/tpm_util.c
@@ -22,6 +22,7 @@
 #include "qemu/osdep.h"
 #include "tpm_util.h"
 #include "tpm_int.h"
+#include "exec/memory.h"
 
 /*
  * Write an error message in the given output buffer.
-- 
2.5.5

[Qemu-devel] [PULL v1 21/21] tpm: move recv_data_callback to TPM interface

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

Simplify the TPM backend setup, move callback to TPM interface.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 backends/tpm.c   |  4 +---
 hw/tpm/tpm_emulator.c|  3 ++-
 hw/tpm/tpm_int.h |  3 +++
 hw/tpm/tpm_passthrough.c |  3 ++-
 hw/tpm/tpm_tis.c | 11 ++-
 include/sysemu/tpm_backend.h |  6 +-
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/backends/tpm.c b/backends/tpm.c
index 87c5c09..5763f6f 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -44,11 +44,9 @@ enum TpmType tpm_backend_get_type(TPMBackend *s)
 return k->type;
 }
 
-int tpm_backend_init(TPMBackend *s, TPMState *state,
- TPMRecvDataCB *datacb)
+int tpm_backend_init(TPMBackend *s, TPMState *state)
 {
 s->tpm_state = state;
-s->recv_data_callback = datacb;
 s->had_startup_error = false;
 
 return 0;
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 6500b86..9aaec8e 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -176,6 +176,7 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, 
uint8_t locty_number,
 static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
 TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
+TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpm_state);
 Error *err = NULL;
 
 DPRINTF("processing TPM command");
@@ -190,7 +191,7 @@ static void tpm_emulator_handle_request(TPMBackend *tb, 
TPMBackendCmd *cmd)
 goto error;
 }
 
-tb->recv_data_callback(tb->tpm_state);
+tic->request_completed(TPM_IF(tb->tpm_state));
 return;
 
 error:
diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index eb02e77..9c045b6 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -29,6 +29,9 @@ typedef struct TPMIf {
 
 typedef struct TPMIfClass {
 InterfaceClass parent_class;
+
+/* run in thread pool by backend */
+void (*request_completed)(TPMIf *obj);
 } TPMIfClass;
 
 #define TPM_STANDARD_CMDLINE_OPTS   \
diff --git a/hw/tpm/tpm_passthrough.c b/hw/tpm/tpm_passthrough.c
index 4274164..c440aff 100644
--- a/hw/tpm/tpm_passthrough.c
+++ b/hw/tpm/tpm_passthrough.c
@@ -139,13 +139,14 @@ err_exit:
 static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd)
 {
 TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
+TPMIfClass *tic = TPM_IF_GET_CLASS(tb->tpm_state);
 
 DPRINTF("tpm_passthrough: processing command %p\n", cmd);
 
 tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len,
  cmd->out, cmd->out_len, >selftest_done);
 
-tb->recv_data_callback(tb->tpm_state);
+tic->request_completed(TPM_IF(tb->tpm_state));
 }
 
 static void tpm_passthrough_reset(TPMBackend *tb)
diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
index dbb5004..8c5cac5 100644
--- a/hw/tpm/tpm_tis.c
+++ b/hw/tpm/tpm_tis.c
@@ -430,11 +430,10 @@ static void tpm_tis_receive_bh(void *opaque)
   TPM_TIS_INT_DATA_AVAILABLE | TPM_TIS_INT_STS_VALID);
 }
 
-/*
- * Callback from the TPM to indicate that the response was received.
- */
-static void tpm_tis_receive_cb(TPMState *s)
+static void tpm_tis_request_completed(TPMIf *ti)
 {
+TPMState *s = TPM(ti);
+
 bool is_selftest_done = s->cmd.selftest_done;
 uint8_t locty = s->cmd.locty;
 uint8_t l;
@@ -1078,7 +1077,7 @@ static void tpm_tis_realizefn(DeviceState *dev, Error 
**errp)
 
 s->be_driver->fe_model = TPM_MODEL_TPM_TIS;
 
-if (tpm_backend_init(s->be_driver, s, tpm_tis_receive_cb)) {
+if (tpm_backend_init(s->be_driver, s)) {
 error_setg(errp, "tpm_tis: backend driver with id %s could not be "
"initialized", s->backend);
 return;
@@ -1110,11 +1109,13 @@ static void tpm_tis_initfn(Object *obj)
 static void tpm_tis_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
+TPMIfClass *tc = TPM_IF_CLASS(klass);
 
 dc->realize = tpm_tis_realizefn;
 dc->props = tpm_tis_properties;
 dc->reset = tpm_tis_reset;
 dc->vmsd  = _tpm_tis;
+tc->request_completed = tpm_tis_request_completed;
 }
 
 static const TypeInfo tpm_tis_info = {
diff --git a/include/sysemu/tpm_backend.h b/include/sysemu/tpm_backend.h
index 3bb90be..03ea5a3 100644
--- a/include/sysemu/tpm_backend.h
+++ b/include/sysemu/tpm_backend.h
@@ -30,8 +30,6 @@
 typedef struct TPMBackendClass TPMBackendClass;
 typedef struct TPMBackend TPMBackend;
 
-typedef void (TPMRecvDataCB)(TPMState *);
-
 typedef struct TPMBackendCmd {
 uint8_t locty;
 const uint8_t *in;
@@ -48,7 +46,6 @@ struct TPMBackend {
 bool opened;
 TPMState *tpm_state;
 GThreadPool *thread_pool;
-TPMRecvDataCB *recv_data_callback;
 bool had_startup_error;
 
 /*  */
@@ -106,8 +103,7 @@

[Qemu-devel] [PULL v1 04/21] tpm: lookup tpm backend class in tpm_driver_find_by_type()

2017-10-19 Thread Stefan Berger

From: Marc-André Lureau 

One step towards removing TPMDriverOps and driver registration.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Berger 
Signed-off-by: Stefan Berger 
---
 tpm.c | 29 +
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/tpm.c b/tpm.c
index bc7d747..04de8da 100644
--- a/tpm.c
+++ b/tpm.c
@@ -47,6 +47,24 @@ void tpm_register_driver(const TPMDriverOps *tdo)
 be_drivers[tdo->type] = tdo;
 }
 
+static const TPMDriverOps *
+tpm_driver_find_by_type(enum TpmType type)
+{
+ObjectClass *oc;
+TPMBackendClass *bc;
+char *typename = g_strdup_printf("tpm-%s", TpmType_str(type));
+
+oc = object_class_by_name(typename);
+g_free(typename);
+
+if (!object_class_dynamic_cast(oc, TYPE_TPM_BACKEND)) {
+return NULL;
+}
+
+bc = TPM_BACKEND_CLASS(oc);
+return bc->ops;
+}
+
 /*
  * Walk the list of available TPM backend drivers and display them on the
  * screen.
@@ -58,11 +76,11 @@ static void tpm_display_backend_drivers(void)
 fprintf(stderr, "Supported TPM types (choose only one):\n");
 
 for (i = 0; i < TPM_TYPE__MAX; i++) {
-if (be_drivers[i] == NULL) {
+const TPMDriverOps *ops = tpm_driver_find_by_type(i);
+if (!ops) {
 continue;
 }
-fprintf(stderr, "%12s   %s\n",
-TpmType_str(i), be_drivers[i]->desc);
+fprintf(stderr, "%12s   %s\n", TpmType_str(i), ops->desc);
 }
 fprintf(stderr, "\n");
 }
@@ -196,11 +214,6 @@ int tpm_config_parse(QemuOptsList *opts_list, const char 
*optarg)
 
 #endif /* CONFIG_TPM */
 
-static const TPMDriverOps *tpm_driver_find_by_type(enum TpmType type)
-{
-return be_drivers[type];
-}
-
 /*
  * Walk the list of active TPM backends and collect information about them
  * following the schema description in qapi-schema.json.
-- 
2.5.5

1 2 3 4 >

1 - 100 of 355 matches

Mail list logo