Re: [Qemu-devel] [PATCH] s390x/pci: forbid multifunction pci device

[Yi Min Zhao]

在 2018/3/14 下午1:35, Thomas Huth 写道:

On 14.03.2018 06:14, Yi Min Zhao wrote:

Currently we don't support pci multifunction. If a pci with
multifucntion is plugged, the guest will spin forever. This patch fixes
this.

Signed-off-by: Yi Min Zhao 
Reviewed-by: Pierre Morel 
---
  hw/s390x/s390-pci-bus.c | 10 ++
  1 file changed, 10 insertions(+)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index 77a50cab36..10da87458e 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -816,6 +816,11 @@ static void s390_pcihost_hot_plug(HotplugHandler 
*hotplug_dev,
  PCIBridge *pb = PCI_BRIDGE(dev);
  PCIDevice *pdev = PCI_DEVICE(dev);

Off-topic: That "PCIDevice *pdev" shadows the pdev variable that is
declared at the beginning of this function. So I think we should rather
change the above line into "pdev = PCI_DEVICE(dev)" instead, without
re-declaring a variable here. (i.e. we should do this in a separate
patch later...).
Thanks for your reminder. Actually I have noticed this. But I thought 
this is not very urgent.

I will do this later.



+if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
+error_setg(errp, "multifunction not supported in s390");
+return;
+}
+
  pci_bridge_map_irq(pb, dev->id, s390_pci_map_irq);
  pci_setup_iommu(>sec_bus, s390_pci_dma_iommu, s);
  
@@ -835,6 +840,11 @@ static void s390_pcihost_hot_plug(HotplugHandler *hotplug_dev,

  } else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
  pdev = PCI_DEVICE(dev);
  
+if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {

+error_setg(errp, "multifunction not supported in s390");
+return;
+}
+
  if (!dev->id) {
  /* In the case the PCI device does not define an id */
  /* we generate one based on the PCI address */


Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH] s390x/pci: forbid multifunction pci device

[Thomas Huth]

On 14.03.2018 06:14, Yi Min Zhao wrote:
> Currently we don't support pci multifunction. If a pci with
> multifucntion is plugged, the guest will spin forever. This patch fixes
> this.
> 
> Signed-off-by: Yi Min Zhao 
> Reviewed-by: Pierre Morel 
> ---
>  hw/s390x/s390-pci-bus.c | 10 ++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
> index 77a50cab36..10da87458e 100644
> --- a/hw/s390x/s390-pci-bus.c
> +++ b/hw/s390x/s390-pci-bus.c
> @@ -816,6 +816,11 @@ static void s390_pcihost_hot_plug(HotplugHandler 
> *hotplug_dev,
>  PCIBridge *pb = PCI_BRIDGE(dev);
>  PCIDevice *pdev = PCI_DEVICE(dev);

Off-topic: That "PCIDevice *pdev" shadows the pdev variable that is
declared at the beginning of this function. So I think we should rather
change the above line into "pdev = PCI_DEVICE(dev)" instead, without
re-declaring a variable here. (i.e. we should do this in a separate
patch later...).

> +if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
> +error_setg(errp, "multifunction not supported in s390");
> +return;
> +}
> +
>  pci_bridge_map_irq(pb, dev->id, s390_pci_map_irq);
>  pci_setup_iommu(>sec_bus, s390_pci_dma_iommu, s);
>  
> @@ -835,6 +840,11 @@ static void s390_pcihost_hot_plug(HotplugHandler 
> *hotplug_dev,
>  } else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
>  pdev = PCI_DEVICE(dev);
>  
> +if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
> +error_setg(errp, "multifunction not supported in s390");
> +return;
> +}
> +
>  if (!dev->id) {
>  /* In the case the PCI device does not define an id */
>  /* we generate one based on the PCI address */
> 

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 00/10] RFC: Optimize nvdimm kind memory for snapshot.

[no-reply]

Hi,

This series failed docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 1520990418-28258-1-git-send-email-junyan...@hotmail.com
Subject: [Qemu-devel] [PATCH 00/10] RFC: Optimize nvdimm kind memory for 
snapshot.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
cf8b49f484 RFC: Enable nvdimm snapshot functions.
839b0dc7fc RFC: Add nvdimm snapshot saving to migration.
edf96a743e RFC: Add a section_id parameter to save_live_iterate call.
eaaf08deb8 RFC: Add get_current_snapshot_info to get the snapshot state.
ac55e78d2c RFC: Add save dependency functions to qemu_file
99deb40575 RFC: Add memory region snapshot bitmap get function.
eb7ccdaf28 RFC: Set memory_region_set_log available for more client.
9ee8792a3b RFC: Implement save and support snapshot dependency in block driver 
layer.
ebadb43e47 RFC: Implement qcow2's snapshot dependent saving function.
1a29421543 RFC: Add save and support snapshot dependency function to block 
driver.

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-fe8degv8/src/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
  BUILD   fedora
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-fe8degv8/src'
  GEN 
/var/tmp/patchew-tester-tmp-fe8degv8/src/docker-src.2018-03-13-21.32.09.16131/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-fe8degv8/src/docker-src.2018-03-13-21.32.09.16131/qemu.tar.vroot'...
done.
Checking out files:  47% (2826/6005)   
Checking out files:  48% (2883/6005)   
Checking out files:  49% (2943/6005)   
Checking out files:  50% (3003/6005)   
Checking out files:  51% (3063/6005)   
Checking out files:  52% (3123/6005)   
Checking out files:  53% (3183/6005)   
Checking out files:  54% (3243/6005)   
Checking out files:  55% (3303/6005)   
Checking out files:  56% (3363/6005)   
Checking out files:  57% (3423/6005)   
Checking out files:  58% (3483/6005)   
Checking out files:  59% (3543/6005)   
Checking out files:  60% (3603/6005)   
Checking out files:  61% (3664/6005)   
Checking out files:  62% (3724/6005)   
Checking out files:  63% (3784/6005)   
Checking out files:  64% (3844/6005)   
Checking out files:  65% (3904/6005)   
Checking out files:  66% (3964/6005)   
Checking out files:  67% (4024/6005)   
Checking out files:  68% (4084/6005)   
Checking out files:  69% (4144/6005)   
Checking out files:  70% (4204/6005)   
Checking out files:  71% (4264/6005)   
Checking out files:  72% (4324/6005)   
Checking out files:  73% (4384/6005)   
Checking out files:  74% (/6005)   
Checking out files:  75% (4504/6005)   
Checking out files:  76% (4564/6005)   
Checking out files:  77% (4624/6005)   
Checking out files:  78% (4684/6005)   
Checking out files:  79% (4744/6005)   
Checking out files:  80% (4804/6005)   
Checking out files:  81% (4865/6005)   
Checking out files:  82% (4925/6005)   
Checking out files:  83% (4985/6005)   
Checking out files:  84% (5045/6005)   
Checking out files:  85% (5105/6005)   
Checking out files:  86% (5165/6005)   
Checking out files:  87% (5225/6005)   
Checking out files:  88% (5285/6005)   
Checking out files:  89% (5345/6005)   
Checking out files:  90% (5405/6005)   
Checking out files:  91% (5465/6005)   
Checking out files:  92% (5525/6005)   
Checking out files:  93% (5585/6005)   
Checking out files:  94% (5645/6005)   
Checking out files:  95% (5705/6005)   
Checking out files:  96% (5765/6005)   
Checking out files:  97% (5825/6005)   
Checking out files:  98% (5885/6005)   
Checking out files:  99% (5945/6005)   
Checking out files: 100% (6005/6005)   
Checking out files: 100% (6005/6005), done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-fe8degv8/src/docker-src.2018-03-13-21.32.09.16131/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-fe8degv8/src/docker-src.2018-03-13-21.32.09.16131/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-mingw in qemu:fedora 
Packages installed:
PyYAML-3.12-5.fc27.x86_64
SDL-devel-1.2.15-29.fc27.x86_64
bc-1.07.1-3.fc27.x86_64
bison-3.0.4-8.fc27.x86_64
bzip2-1.0.6-24.fc27.x86_64
ccache-3.3.6-1.fc27.x86_64
clang-5.0.1-3.fc27.x86_64

Re: [Qemu-devel] [PATCH v11 00/13] Dirty bitmaps postcopy migration

[Su Hang]

Sincerely sorry for my negligence to cause this bug!
I will fix it as quick as I can!

Sorry again, I'm really ashamed about the mistake I have made.
Su Hang

> -Original Messages-
> From: "Dr. David Alan Gilbert" 
> Sent Time: 2018-03-14 04:10:24 (Wednesday)
> To: "Vladimir Sementsov-Ogievskiy" , 
> suhan...@mails.ucas.ac.cn, ebl...@redhat.com
> Cc: "peter.mayd...@linaro.org" , "Denis Lunev" 
> , "qemu-bl...@nongnu.org" , 
> "qemu-devel@nongnu.org" , "arm...@redhat.com" 
> , "pbonz...@redhat.com" , 
> "js...@redhat.com" 
> Subject: Re: [Qemu-devel] [PATCH v11 00/13] Dirty bitmaps postcopy migration
> 
> * Vladimir Sementsov-Ogievskiy (vsement...@virtuozzo.com) wrote:
> > It looks like a bug in a recent commit to checkpatch. It don't support do { 
> > } while
> 
> Yes, adding Su Hang and Eric in and trimming some others out.
> So yes, ignore this patchew failure for this case, but we need to fix
> that separately.
> 
> Dave
> 
> > 
> > Best regards,
> > 
> > Vladimir.
> > 
> > 
> > От: no-re...@patchew.org 
> > Отправлено: 13 марта 2018 г. 22:03:29
> > Кому: Vladimir Sementsov-Ogievskiy
> > Копия: f...@redhat.com; qemu-bl...@nongnu.org; qemu-devel@nongnu.org; 
> > kw...@redhat.com; peter.mayd...@linaro.org; Vladimir Sementsov-Ogievskiy; 
> > f...@redhat.com; lir...@il.ibm.com; quint...@redhat.com; js...@redhat.com; 
> > arm...@redhat.com; mre...@redhat.com; stefa...@redhat.com; Denis Lunev; 
> > amit.s...@redhat.com; pbonz...@redhat.com; dgilb...@redhat.com
> > Тема: Re: [Qemu-devel] [PATCH v11 00/13] Dirty bitmaps postcopy migration
> > 
> > Hi,
> > 
> > This series seems to have some coding style problems. See output below for
> > more information:
> > 
> > Type: series
> > Message-id: 20180313180320.339796-1-vsement...@virtuozzo.com
> > Subject: [Qemu-devel] [PATCH v11 00/13] Dirty bitmaps postcopy migration
> > 
> > === TEST SCRIPT BEGIN ===
> > #!/bin/bash
> > 
> > BASE=base
> > n=1
> > total=$(git log --oneline $BASE.. | wc -l)
> > failed=0
> > 
> > git config --local diff.renamelimit 0
> > git config --local diff.renames True
> > git config --local diff.algorithm histogram
> > 
> > commits="$(git log --format=%H --reverse $BASE..)"
> > for c in $commits; do
> > echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
> > if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; 
> > then
> > failed=1
> > echo
> > fi
> > n=$((n+1))
> > done
> > 
> > exit $failed
> > === TEST SCRIPT END ===
> > 
> > Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> > From https://github.com/patchew-project/qemu
> >  * [new tag]   
> > patchew/20180313180320.339796-1-vsement...@virtuozzo.com -> 
> > patchew/20180313180320.339796-1-vsement...@virtuozzo.com
> > Auto packing the repository in background for optimum performance.
> > See "git help gc" for manual housekeeping.
> > Switched to a new branch 'test'
> > 71e03c4ecc iotests: add dirty bitmap postcopy test
> > daa548f79f iotests: add dirty bitmap migration test
> > 353c5fdae1 migration: add postcopy migration of dirty bitmaps
> > 1da07d4ba2 migration: allow qmp command migrate-start-postcopy for any 
> > postcopy
> > b789a2887e migration: add is_active_iterate handler
> > 48eb14f856 migration/qemu-file: add qemu_put_counted_string()
> > 1d6549dae1 migration: include migrate_dirty_bitmaps in migrate_postcopy
> > e9e40af39a qapi: add dirty-bitmaps migration capability
> > c575185038 migration: introduce postcopy-only pending
> > 7cae35cd7c dirty-bitmap: add locked state
> > 47bbd2a70c block/dirty-bitmap: add _locked version of 
> > bdrv_reclaim_dirty_bitmap
> > 870ff1d916 block/dirty-bitmap: fix locking in bdrv_reclaim_dirty_bitmap
> > 5dca3ae226 block/dirty-bitmap: add bdrv_dirty_bitmap_enable_successor()
> > 
> > === OUTPUT BEGIN ===
> > Checking PATCH 1/13: block/dirty-bitmap: add 
> > bdrv_dirty_bitmap_enable_successor()...
> > Checking PATCH 2/13: block/dirty-bitmap: fix locking in 
> > bdrv_reclaim_dirty_bitmap...
> > Checking PATCH 3/13: block/dirty-bitmap: add _locked version of 
> > bdrv_reclaim_dirty_bitmap...
> > Checking PATCH 4/13: dirty-bitmap: add locked state...
> > Checking PATCH 5/13: migration: introduce postcopy-only pending...
> > Checking PATCH 6/13: qapi: add dirty-bitmaps migration capability...
> > Checking PATCH 7/13: migration: include migrate_dirty_bitmaps in 
> > migrate_postcopy...
> > Checking PATCH 8/13: migration/qemu-file: add qemu_put_counted_string()...
> > Checking PATCH 9/13: migration: add is_active_iterate handler...
> > Checking PATCH 10/13: migration: allow qmp command migrate-start-postcopy 
> > for any postcopy...
> > Checking PATCH 11/13: migration: add postcopy migration of dirty bitmaps...
> > 

[Qemu-devel] [PATCH] s390x/pci: forbid multifunction pci device

[Yi Min Zhao]

Currently we don't support pci multifunction. If a pci with
multifucntion is plugged, the guest will spin forever. This patch fixes
this.

Signed-off-by: Yi Min Zhao 
Reviewed-by: Pierre Morel 
---
 hw/s390x/s390-pci-bus.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index 77a50cab36..10da87458e 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -816,6 +816,11 @@ static void s390_pcihost_hot_plug(HotplugHandler 
*hotplug_dev,
 PCIBridge *pb = PCI_BRIDGE(dev);
 PCIDevice *pdev = PCI_DEVICE(dev);
 
+if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
+error_setg(errp, "multifunction not supported in s390");
+return;
+}
+
 pci_bridge_map_irq(pb, dev->id, s390_pci_map_irq);
 pci_setup_iommu(>sec_bus, s390_pci_dma_iommu, s);
 
@@ -835,6 +840,11 @@ static void s390_pcihost_hot_plug(HotplugHandler 
*hotplug_dev,
 } else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
 pdev = PCI_DEVICE(dev);
 
+if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
+error_setg(errp, "multifunction not supported in s390");
+return;
+}
+
 if (!dev->id) {
 /* In the case the PCI device does not define an id */
 /* we generate one based on the PCI address */
-- 
2.14.3 (Apple Git-98)

[Qemu-devel] GTK warnings on console when closing window

[Mark Cave-Ayland]

Rebasing a couple of my development branches onto master this morning, 
I'm noticing some GTK warnings when I close the QEMU GTK window directly 
rather than using the "Quit" menu option:


$ ./qemu-system-ppc
(qemu-system-ppc:19782): GLib-GObject-WARNING **: invalid unclassed 
pointer in cast to 'GtkCheckMenuItem'


(qemu-system-ppc:19782): Gtk-CRITICAL **: 
gtk_check_menu_item_set_active: assertion 'GTK_IS_CHECK_MENU_ITEM 
(check_menu_item)' failed


(qemu-system-ppc:19782): GLib-GObject-WARNING **: invalid unclassed 
pointer in cast to 'GtkWindow'


(qemu-system-ppc:19782): Gtk-CRITICAL **: gtk_window_set_title: 
assertion 'GTK_IS_WINDOW (window)' failed



ATB,

Mark.

Re: [Qemu-devel] [PATCH v2 3/3] target/ppc: generalize check on radix when in HV mode

[David Gibson]

On Mon, Mar 12, 2018 at 07:36:05PM +0100, Cédric Le Goater wrote:
> On 02/19/2018 04:29 AM, David Gibson wrote:
> > On Fri, Feb 16, 2018 at 09:45:04AM +0100, Cédric Le Goater wrote:
> >> On a POWER9 processor, the first doubleword of the partition table
> >> entry (as pointed to by the PTCR) indicates whether the host uses HPT
> >> or Radix Tree translation for that partition. Use that bit to check
> >> for radix mode on pseries and powernv QEMU machines.
> >>
> >> Signed-off-by: Cédric Le Goater 
> >> ---
> >>  Changes since v1:
> >>
> >>  - fixed commit log
> >>  - introduced ppc64_v3_get_patbe0()
> >>  - renamed ppc64_radix() in ppc64_v3_radix()
> >>  
> >>  target/ppc/mmu-book3s-v3.c  | 16 +++-
> >>  target/ppc/mmu-book3s-v3.h  | 11 +++
> >>  target/ppc/mmu_helper.c |  4 ++--
> >>  target/ppc/translate_init.c |  2 +-
> >>  4 files changed, 21 insertions(+), 12 deletions(-)
> >>
> >> diff --git a/target/ppc/mmu-book3s-v3.c b/target/ppc/mmu-book3s-v3.c
> >> index b60df4408f3b..9d05e07ef6bd 100644
> >> --- a/target/ppc/mmu-book3s-v3.c
> >> +++ b/target/ppc/mmu-book3s-v3.c
> >> @@ -23,10 +23,24 @@
> >>  #include "mmu-book3s-v3.h"
> >>  #include "mmu-radix64.h"
> >>  
> >> +bool ppc64_v3_radix(PowerPCCPU *cpu)
> >> +{
> >> +CPUPPCState *env = >env;
> >> +
> >> +if (msr_hv) {
> >> +return ppc64_v3_get_patbe0(cpu) & PATBE0_HR;
> >> +} else  {
> >> +PPCVirtualHypervisorClass *vhc =
> >> +PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
> >> +
> >> +return !!(vhc->get_patbe(cpu->vhyp) & PATBE1_GR);
> >> +}
> > 
> > I think this is backwards.  If cpu->vhyp is set, you should always the
> > get_patbe() hook, before you go looking at anything else.
> 
> OK. So, we should probably change the ppc64_radix_guest() name to 
> reflect its relation to spapr. How about ppc64_v3_radix_spapr() ?

Um.. why?  The existing name is accurate AFAICT.  It already says
"guest", and even in the unlikely event of a non PAPR guest, the
vhyp->get_patbe method can abstract that correctly.

> > This is also wrong if you have a powernv platform but msr_hv is not
> > set - which is what you'll have once you get to the point of trying to
> > run guests within an emulated powernv machine.
> 
> That is a good goal to reach ! I will add an error for the !msr_hv
> case.
> 
> Thanks,
> 
> C.
> 
> 
> >> +}
> >> +
> >>  int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
> >>int mmu_idx)
> >>  {
> >> -if (ppc64_radix_guest(cpu)) { /* Guest uses radix */
> >> +if (ppc64_v3_radix(cpu)) { /* radix mode */
> >>  return ppc_radix64_handle_mmu_fault(cpu, eaddr, rwx, mmu_idx);
> >>  } else { /* Guest uses hash */
> >>  return ppc_hash64_handle_mmu_fault(cpu, eaddr, rwx, mmu_idx);
> >> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> >> index a7ab580c3140..a12bb1e28b45 100644
> >> --- a/target/ppc/mmu-book3s-v3.h
> >> +++ b/target/ppc/mmu-book3s-v3.h
> >> @@ -29,7 +29,8 @@
> >>  #define PTCR_PATS   0x001FULL /* Partition Table 
> >> Size */
> >>  
> >>  /* Partition Table Entry Fields */
> >> -#define PATBE1_GR 0x8000
> >> +#define PATBE0_HR   PPC_BIT(0)/* 1:Host Radix 
> >> 0:HPT   */
> >> +#define PATBE1_GR   PPC_BIT(0)/* 1:Guest Radix 
> >> 0:HPT  */
> >>  
> >>  /* Process Table Entry */
> >>  struct prtb_entry {
> >> @@ -43,13 +44,7 @@ static inline bool ppc64_use_proc_tbl(PowerPCCPU *cpu)
> >>  return !!(cpu->env.spr[SPR_LPCR] & LPCR_UPRT);
> >>  }
> >>  
> >> -static inline bool ppc64_radix_guest(PowerPCCPU *cpu)
> >> -{
> >> -PPCVirtualHypervisorClass *vhc =
> >> -PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
> >> -
> >> -return !!(vhc->get_patbe(cpu->vhyp) & PATBE1_GR);
> >> -}
> >> +bool ppc64_v3_radix(PowerPCCPU *cpu);
> >>  
> >>  int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
> >>int mmu_idx);
> >> diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
> >> index 82e63552f617..81a43982e421 100644
> >> --- a/target/ppc/mmu_helper.c
> >> +++ b/target/ppc/mmu_helper.c
> >> @@ -1285,7 +1285,7 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, 
> >> CPUPPCState *env)
> >>  dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
> >>  break;
> >>  case POWERPC_MMU_VER_3_00:
> >> -if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
> >> +if (ppc64_v3_radix(ppc_env_get_cpu(env))) {
> >>  /* TODO - Unsupported */
> >>  } else {
> >>  dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
> >> @@ -1431,7 +1431,7 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, 
> >> vaddr addr)
> >>  case POWERPC_MMU_VER_2_07:
> >>  return ppc_hash64_get_phys_page_debug(cpu, addr);
> >>  case POWERPC_MMU_VER_3_00:
> >> -if 

[Qemu-devel] Suggestion on 'virtio-pmem' implementation

[Pankaj Gupta]

Hi,


I am implementing 'virtio-pmem' as a mechanism to
flush guest writes with 'fake DAX' flushing interface.

Below is the high level details of components:

1] 'virtio-pmem' device expose guest physical address
  details(start, len).   

2] 'virtio-pmem' driver in guest discovers this 
information and configures 'libnvdimm'. Guest 'pmem' 
driver works on this memory range.

3] Guest 'pmem' driver uses 'virtio-pmem' PV driver to 
   send flush commands.


I need suggestion implementing part 1]

* When tried with 'hotplug_memory.base' address as guest physical 
  address, I am facing 'EPT_MISCONFIG' errors when pmem does mkfs. 
  After digging more it looks like address range I am using as guest
  physical address is either already mapped as MMIO or reserved. 
  Though Guest hot-plugs this physical address into its virtual 
  memory range when guest tries to read/write the memory KVM cannot 
  translate the address and throw 'EPT_MISCONFIG' error.

* While I am trying to get the appropriate guest physical address
  which is free, I could see memory 'pc_dimm_memory_plug' code 
  has a function 'pc_dimm_get_free_addr' which works with 'PC DIMM'
  class. As I am using 'VIRTIO', there is no way AFAIK this function 
  can be used by VIRTIO or my PV device code.


I need ideas to get the free guest physical address from my PV 
device code so that we can use this range in guest address space.

Find below pointer to previous discussion:

https://marc.info/?l=kvm=151629709903946=2

Thanks,
Pankaj  
  

[Qemu-devel] [PATCH] tests/boot-serial: Test the sam460ex board

[Thomas Huth]

We've got a U-Boot firmware for this board in our repository, and
the firmware prints some output to the serial console, so we can
check this board in the boot-serial tester, too.

Signed-off-by: Thomas Huth 
---
 Note: Patch has to be applied on top of the ppc-for-2.12 branch

 tests/boot-serial-test.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index 5b24cd2..011525d 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -79,12 +79,14 @@ static testdef_t tests[] = {
 { "ppc", "40p", "-boot d", "Booting from device d" },
 { "ppc", "g3beige", "", "PowerPC,750" },
 { "ppc", "mac99", "", "PowerPC,G4" },
+{ "ppc", "sam460ex", "-m 256", "DRAM:  256 MiB" },
 { "ppc64", "ppce500", "", "U-Boot" },
 { "ppc64", "prep", "-boot e", "Booting from device e" },
 { "ppc64", "40p", "-m 192", "Memory size: 192 MB" },
 { "ppc64", "mac99", "", "PowerPC,970FX" },
 { "ppc64", "pseries", "", "Open Firmware" },
 { "ppc64", "powernv", "-cpu POWER8", "OPAL" },
+{ "ppc64", "sam460ex", "-device e1000", "8086  100e" },
 { "i386", "isapc", "-cpu qemu32 -device sga", "SGABIOS" },
 { "i386", "pc", "-device sga", "SGABIOS" },
 { "i386", "q35", "-device sga", "SGABIOS" },
-- 
1.8.3.1

Re: [Qemu-devel] [PULL 00/69] Misc patches for QEMU soft freeze

[Peter Xu]

On Tue, Mar 13, 2018 at 05:15:41PM -0700, no-re...@patchew.org wrote:

[...]

> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> Checking PATCH 2/69: net: allow using any PCI NICs in -net or -nic...
> Checking PATCH 3/69: q35: change default NIC to e1000e...
> Checking PATCH 4/69: scsi-disk.c: consider bl->max_transfer in INQUIRY 
> emulation...
> Checking PATCH 5/69: qemu-doc: update deprecation section to use -nic and 
> -netdev hubport...
> Checking PATCH 6/69: qemu-doc: Add the paragraph about the -no-frame 
> deprecation again...
> Checking PATCH 7/69: build-sys: make help could have 'modules' target...
> Checking PATCH 8/69: hw: Do not include "sysemu/block-backend.h" if it is not 
> necessary...
> Checking PATCH 9/69: checkpatch: Exempt long URLs...
> Checking PATCH 10/69: vl: export machine_init_done...
> Checking PATCH 11/69: chardev: fix handling of EAGAIN for TCP chardev...
> Checking PATCH 12/69: chardev: update net listener gcontext...
> Checking PATCH 13/69: chardev: allow telnet gsource to switch gcontext...
> Checking PATCH 14/69: chardev: introduce chr_machine_done hook...
> Checking PATCH 15/69: chardev: use chardev's gcontext for async connect...
> Checking PATCH 16/69: chardev: tcp: postpone async connection setup...
> Checking PATCH 17/69: chardev: tcp: let TLS run on chardev context...

It seems that Dan's last patch is still missing in the pull
request:

http://patchwork.ozlabs.org/patch/883155/

I hope the monitor-oob series can survive the qtests even without that
single patch...

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [virtio-dev] Re: [PATCH v4 3/4] virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT

[Michael S. Tsirkin]

On Wed, Mar 14, 2018 at 10:43:01AM +0800, Wei Wang wrote:
> On 03/14/2018 12:49 AM, Michael S. Tsirkin wrote:
> > On Wed, Mar 07, 2018 at 08:34:24PM +0800, Wei Wang wrote:
> > 
> > > Signed-off-by: Wei Wang 
> > > Signed-off-by: Liang Li 
> > > CC: Michael S. Tsirkin 
> > > CC: Dr. David Alan Gilbert 
> > > CC: Juan Quintela 
> > I find it suspicious that neither unrealize nor reset
> > functions have been touched at all.
> > Are you sure you have thought through scenarious like
> > hot-unplug or disabling the device by guest?
> 
> OK. I think we can call balloon_free_page_stop in unrealize and reset.
> 
> 
> > +static void *virtio_balloon_poll_free_page_hints(void *opaque)
> > +{
> > +VirtQueueElement *elem;
> > +VirtIOBalloon *dev = opaque;
> > +VirtQueue *vq = dev->free_page_vq;
> > +uint32_t id;
> > +size_t size;
> > What makes it safe to poke at this device from multiple threads?
> > I think that it would be safer to do it from e.g. BH.
> > 
> 
> Actually the free_page_optimization thread is the only user of free_page_vq,
> and there is only one optimization thread each time. Would this be safe
> enough?
> 
> Best,
> Wei

Aren't there other fields there? Also things like reset affect all VQs.

-- 
MST

Re: [Qemu-devel] [PATCH v4 4/4] migration: use the free page hint feature from balloon

[Michael S. Tsirkin]

On Wed, Mar 14, 2018 at 10:41:36AM +0800, Wei Wang wrote:
> On 03/14/2018 12:35 AM, Michael S. Tsirkin wrote:
> > On Wed, Mar 07, 2018 at 08:34:25PM +0800, Wei Wang wrote:
> > > Start the free page optimization after the migration bitmap is
> > > synchronized. This can't be used in the stop phase since the guest
> > > is paused. Make sure the guest reporting has stopped before
> > > synchronizing the migration dirty bitmap. Currently, the optimization is
> > > added to precopy only.
> > > 
> > > Signed-off-by: Wei Wang 
> > > CC: Dr. David Alan Gilbert 
> > > CC: Juan Quintela 
> > > CC: Michael S. Tsirkin 
> > > ---
> > >   migration/ram.c | 19 ++-
> > >   1 file changed, 18 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/migration/ram.c b/migration/ram.c
> > > index e172798..7b4c9b1 100644
> > > --- a/migration/ram.c
> > > +++ b/migration/ram.c
> > > @@ -51,6 +51,8 @@
> > >   #include "qemu/rcu_queue.h"
> > >   #include "migration/colo.h"
> > >   #include "migration/block.h"
> > > +#include "sysemu/balloon.h"
> > > +#include "sysemu/sysemu.h"
> > >   /***/
> > >   /* ram save/restore */
> > > @@ -208,6 +210,8 @@ struct RAMState {
> > >   uint32_t last_version;
> > >   /* We are in the first round */
> > >   bool ram_bulk_stage;
> > > +/* The free pages optimization feature is supported */
> > > +bool free_page_support;
> > >   /* How many times we have dirty too many pages */
> > >   int dirty_rate_high_cnt;
> > >   /* these variables are used for bitmap sync */
> > > @@ -775,7 +779,7 @@ unsigned long migration_bitmap_find_dirty(RAMState 
> > > *rs, RAMBlock *rb,
> > >   unsigned long *bitmap = rb->bmap;
> > >   unsigned long next;
> > > -if (rs->ram_bulk_stage && start > 0) {
> > > +if (rs->ram_bulk_stage && start > 0 && !rs->free_page_support) {
> > >   next = start + 1;
> > >   } else {
> > >   next = find_next_bit(bitmap, size, start);
> > > @@ -833,6 +837,10 @@ static void migration_bitmap_sync(RAMState *rs)
> > >   int64_t end_time;
> > >   uint64_t bytes_xfer_now;
> > > +if (rs->free_page_support) {
> > > +balloon_free_page_stop();
> > > +}
> > > +
> > >   ram_counters.dirty_sync_count++;
> > >   if (!rs->time_last_bitmap_sync) {
> > > @@ -899,6 +907,10 @@ static void migration_bitmap_sync(RAMState *rs)
> > >   if (migrate_use_events()) {
> > >   qapi_event_send_migration_pass(ram_counters.dirty_sync_count, 
> > > NULL);
> > >   }
> > > +
> > > +if (rs->free_page_support && runstate_is_running()) {
> > > +balloon_free_page_start();
> > > +}
> > >   }
> > I think some of these conditions should go into
> > balloon_free_page_start/stop.
> > 
> > Checking runstate is generally problematic unless you
> > also handle run state change notifiers as it can
> > be manipulated from QMP.
> 
> How about moving the check of runstate to
> virtio_balloon_poll_free_page_hints:
> 
> while (dev->free_page_report_status < FREE_PAGE_REPORT_S_STOP &&
> runstate_is_running()) {
> ...
> }

Hard to tell on the outset. E.g. why is just stop affected?  Pls add
comments explaining what happens if VM is not running when start or stop
is called.


> In this case, I think we won't need a notifier - if the run state is changed
> by qmp, the optimization thread will just exist.

But you need to wake it up and notify the guest presumably?

> 
> > >   /**
> > > @@ -1656,6 +1668,8 @@ static void ram_state_reset(RAMState *rs)
> > >   rs->last_page = 0;
> > >   rs->last_version = ram_list.version;
> > >   rs->ram_bulk_stage = true;
> > > +rs->free_page_support = balloon_free_page_support() &
> > > +!migration_in_postcopy();
> > Probably &&?
> > 
> 
> OK, will use &&. (Both work well here actually, since all of the values here
> are boolean)
> 
> 
> Best,
> Wei

Re: [Qemu-devel] [PATCH qemu v7 2/4] vfio/pci: Relax DMA map errors for MMIO regions

[Alexey Kardashevskiy]

On 14/3/18 3:56 am, Alex Williamson wrote:
> [Cc +Eric]
> 
> On Tue, 13 Mar 2018 15:53:19 +1100
> Alexey Kardashevskiy  wrote:
> 
>> On 7/3/18 1:17 pm, Alexey Kardashevskiy wrote:
>>> On 26/02/18 19:36, Alexey Kardashevskiy wrote:  
 On 19/02/18 13:46, Alexey Kardashevskiy wrote:  
> On 16/02/18 16:28, David Gibson wrote:  
>> On Wed, Feb 14, 2018 at 08:55:41AM -0700, Alex Williamson wrote:  
>>> On Wed, 14 Feb 2018 19:09:16 +1100
>>> Alexey Kardashevskiy  wrote:
>>>  
 On 14/02/18 12:33, David Gibson wrote:  
> On Tue, Feb 13, 2018 at 07:20:56PM +1100, Alexey Kardashevskiy wrote: 
>
>> On 13/02/18 16:41, David Gibson wrote:
>>> On Tue, Feb 13, 2018 at 04:36:30PM +1100, David Gibson wrote:
 On Tue, Feb 13, 2018 at 12:15:52PM +1100, Alexey Kardashevskiy 
 wrote:
> On 13/02/18 03:06, Alex Williamson wrote:
>> On Mon, 12 Feb 2018 18:05:54 +1100
>> Alexey Kardashevskiy  wrote:
>>
>>> On 12/02/18 16:19, David Gibson wrote:
 On Fri, Feb 09, 2018 at 06:55:01PM +1100, Alexey Kardashevskiy 
 wrote:  
> At the moment if vfio_memory_listener is registered in the 
> system memory
> address space, it maps/unmaps every RAM memory region for DMA.
> It expects system page size aligned memory sections so 
> vfio_dma_map
> would not fail and so far this has been the case. A mapping 
> failure
> would be fatal. A side effect of such behavior is that some 
> MMIO pages
> would not be mapped silently.
>
> However we are going to change MSIX BAR handling so we will 
> end having
> non-aligned sections in vfio_memory_listener (more details is 
> in
> the next patch) and vfio_dma_map will exit QEMU.
>
> In order to avoid fatal failures on what previously was not a 
> failure and
> was just silently ignored, this checks the section alignment 
> to
> the smallest supported IOMMU page size and prints an error if 
> not aligned;
> it also prints an error if vfio_dma_map failed despite the 
> page size check.
> Both errors are not fatal; only MMIO RAM regions are checked
> (aka "RAM device" regions).
>
> If the amount of errors printed is overwhelming, the MSIX 
> relocation
> could be used to avoid excessive error output.
>
> This is unlikely to cause any behavioral change.
>
> Signed-off-by: Alexey Kardashevskiy   

 There are some relatively superficial problems noted below.

 But more fundamentally, this feels like it's extending an 
 existing
 hack past the point of usefulness.

 The explicit check for is_ram_device() here has always 
 bothered me -
 it's not like a real bus bridge magically knows whether a 
 target
 address maps to RAM or not.

 What I think is really going on is that even for systems 
 without an
 IOMMU, it's not really true to say that the PCI address space 
 maps
 directly onto address_space_memory.  Instead, there's a large, 
 but
 much less than 2^64 sized, "upstream window" at address 0 on 
 the PCI
 bus, which is identity mapped to the system bus.  Details will 
 vary
 with the system, but in practice we expect nothing but RAM to 
 be in
 that window.  Addresses not within that window won't be mapped 
 to the
 system bus but will just be broadcast on the PCI bus and might 
 be
 picked up as a p2p transaction.  
>>>
>>> Currently this p2p works only via the IOMMU, direct p2p is not 
>>> possible as
>>> the guest needs to know physical MMIO addresses to make p2p 
>>> work and it
>>> does not.
>>
>> /me points to the Direct Translated P2P section of the ACS spec, 
>> though
>> it's as prone to spoofing by the device as ATS.  In any case, p2p
>> reflected from the IOMMU is 

Re: [Qemu-devel] [virtio-dev] Re: [PATCH v4 3/4] virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT

[Wei Wang]

On 03/14/2018 12:49 AM, Michael S. Tsirkin wrote:

On Wed, Mar 07, 2018 at 08:34:24PM +0800, Wei Wang wrote:


Signed-off-by: Wei Wang 
Signed-off-by: Liang Li 
CC: Michael S. Tsirkin 
CC: Dr. David Alan Gilbert 
CC: Juan Quintela 

I find it suspicious that neither unrealize nor reset
functions have been touched at all.
Are you sure you have thought through scenarious like
hot-unplug or disabling the device by guest?
   


OK. I think we can call balloon_free_page_stop in unrealize and reset.


  
+static void *virtio_balloon_poll_free_page_hints(void *opaque)

+{
+VirtQueueElement *elem;
+VirtIOBalloon *dev = opaque;
+VirtQueue *vq = dev->free_page_vq;
+uint32_t id;
+size_t size;
What makes it safe to poke at this device from multiple threads?
I think that it would be safer to do it from e.g. BH.



Actually the free_page_optimization thread is the only user of 
free_page_vq, and there is only one optimization thread each time. Would 
this be safe enough?


Best,
Wei

Re: [Qemu-devel] [PATCH v4 4/4] migration: use the free page hint feature from balloon

[Wei Wang]

On 03/14/2018 12:35 AM, Michael S. Tsirkin wrote:

On Wed, Mar 07, 2018 at 08:34:25PM +0800, Wei Wang wrote:

Start the free page optimization after the migration bitmap is
synchronized. This can't be used in the stop phase since the guest
is paused. Make sure the guest reporting has stopped before
synchronizing the migration dirty bitmap. Currently, the optimization is
added to precopy only.

Signed-off-by: Wei Wang 
CC: Dr. David Alan Gilbert 
CC: Juan Quintela 
CC: Michael S. Tsirkin 
---
  migration/ram.c | 19 ++-
  1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/migration/ram.c b/migration/ram.c
index e172798..7b4c9b1 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -51,6 +51,8 @@
  #include "qemu/rcu_queue.h"
  #include "migration/colo.h"
  #include "migration/block.h"
+#include "sysemu/balloon.h"
+#include "sysemu/sysemu.h"
  
  /***/

  /* ram save/restore */
@@ -208,6 +210,8 @@ struct RAMState {
  uint32_t last_version;
  /* We are in the first round */
  bool ram_bulk_stage;
+/* The free pages optimization feature is supported */
+bool free_page_support;
  /* How many times we have dirty too many pages */
  int dirty_rate_high_cnt;
  /* these variables are used for bitmap sync */
@@ -775,7 +779,7 @@ unsigned long migration_bitmap_find_dirty(RAMState *rs, 
RAMBlock *rb,
  unsigned long *bitmap = rb->bmap;
  unsigned long next;
  
-if (rs->ram_bulk_stage && start > 0) {

+if (rs->ram_bulk_stage && start > 0 && !rs->free_page_support) {
  next = start + 1;
  } else {
  next = find_next_bit(bitmap, size, start);
@@ -833,6 +837,10 @@ static void migration_bitmap_sync(RAMState *rs)
  int64_t end_time;
  uint64_t bytes_xfer_now;
  
+if (rs->free_page_support) {

+balloon_free_page_stop();
+}
+
  ram_counters.dirty_sync_count++;
  
  if (!rs->time_last_bitmap_sync) {

@@ -899,6 +907,10 @@ static void migration_bitmap_sync(RAMState *rs)
  if (migrate_use_events()) {
  qapi_event_send_migration_pass(ram_counters.dirty_sync_count, NULL);
  }
+
+if (rs->free_page_support && runstate_is_running()) {
+balloon_free_page_start();
+}
  }

I think some of these conditions should go into
balloon_free_page_start/stop.

Checking runstate is generally problematic unless you
also handle run state change notifiers as it can
be manipulated from QMP.


How about moving the check of runstate to 
virtio_balloon_poll_free_page_hints:


while (dev->free_page_report_status < FREE_PAGE_REPORT_S_STOP && 
runstate_is_running()) {

...
}

In this case, I think we won't need a notifier - if the run state is 
changed by qmp, the optimization thread will just exist.



  
  /**

@@ -1656,6 +1668,8 @@ static void ram_state_reset(RAMState *rs)
  rs->last_page = 0;
  rs->last_version = ram_list.version;
  rs->ram_bulk_stage = true;
+rs->free_page_support = balloon_free_page_support() &
+!migration_in_postcopy();

Probably &&?



OK, will use &&. (Both work well here actually, since all of the values 
here are boolean)



Best,
Wei

Re: [Qemu-devel] [PULL 00/17] NBD patches for 2018-03-13 (2.12 softfreeze)

[no-reply]

Hi,

This series failed build test on s390x host. Please find the details below.

Type: series
Message-id: 20180313171345.659672-1-ebl...@redhat.com
Subject: [Qemu-devel] [PULL 00/17] NBD patches for 2018-03-13 (2.12 softfreeze)

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
CC=$HOME/bin/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL
make -j4
# XXX: we need reliable clean up
# make check -j4 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   59667bb167..026aaf47c0  master -> master
 t [tag update]patchew/20180312201305.16972-1-berra...@redhat.com 
-> patchew/20180312201305.16972-1-berra...@redhat.com
 t [tag update]
patchew/20180313153458.26822-1-peter.mayd...@linaro.org -> 
patchew/20180313153458.26822-1-peter.mayd...@linaro.org
 * [new tag]   patchew/20180313171345.659672-1-ebl...@redhat.com -> 
patchew/20180313171345.659672-1-ebl...@redhat.com
Switched to a new branch 'test'
5dba5fd02d iotests: new test 209 for NBD BLOCK_STATUS
3b1836fe3d iotests: add file_path helper
5d2ebcf61f iotests.py: tiny refactor: move system imports up
201a7063f7 nbd: BLOCK_STATUS for standard get_block_status function: client part
62516f9bfd block/nbd-client: save first fatal error in nbd_iter_error
95edeec158 nbd: BLOCK_STATUS for standard get_block_status function: server part
02143f192b nbd/server: add nbd_read_opt_name helper
8d39e4c49e nbd/server: add nbd_opt_invalid helper
f0ffcdd3a6 iotests: add 208 nbd-server + blockdev-snapshot-sync test case
d27ca9af3c block: let blk_add/remove_aio_context_notifier() tolerate BDS changes
7f1c9a2cfe nbd/server: Honor FUA request on NBD_CMD_TRIM
8b1b102567 nbd/server: refactor nbd_trip: split out nbd_handle_request
726fad6b27 nbd/server: refactor nbd_trip: cmd_read and generic reply
f4373d134e nbd/server: fix: check client->closing before sending reply
9eb9985366 nbd/server: fix sparse read
c7d2fa0e0c nbd/server: move nbd_co_send_structured_error up
bc64df6c97 iotests: Fix stuck NBD process on 33

=== OUTPUT BEGIN ===
=== ENV ===
LANG=en_US.UTF-8
XDG_SESSION_ID=91010
USER=fam
PWD=/var/tmp/patchew-tester-tmp-9ge_0fk5/src
HOME=/home/fam
SHELL=/bin/sh
SHLVL=2
PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug
LOGNAME=fam
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus
XDG_RUNTIME_DIR=/run/user/1012
PATH=/usr/bin:/bin
_=/usr/bin/env
=== PACKAGES ===
gpg-pubkey-873529b8-54e386ff
glibc-debuginfo-common-2.24-10.fc25.s390x
fedora-release-26-1.noarch
dejavu-sans-mono-fonts-2.35-4.fc26.noarch
xemacs-filesystem-21.5.34-22.20170124hgf412e9f093d4.fc26.noarch
bash-4.4.12-7.fc26.s390x
freetype-2.7.1-9.fc26.s390x
libSM-1.2.2-5.fc26.s390x
libmpc-1.0.2-6.fc26.s390x
libaio-0.3.110-7.fc26.s390x
libverto-0.2.6-7.fc26.s390x
perl-Scalar-List-Utils-1.48-1.fc26.s390x
iptables-libs-1.6.1-2.fc26.s390x
p11-kit-trust-0.23.9-2.fc26.s390x
tcl-8.6.6-2.fc26.s390x
libxshmfence-1.2-4.fc26.s390x
expect-5.45-23.fc26.s390x
perl-Thread-Queue-3.12-1.fc26.noarch
perl-encoding-2.19-6.fc26.s390x
keyutils-1.5.10-1.fc26.s390x
gmp-devel-6.1.2-4.fc26.s390x
enchant-1.6.0-16.fc26.s390x
net-snmp-libs-5.7.3-17.fc26.s390x
python-gobject-base-3.24.1-1.fc26.s390x
python3-enchant-1.6.10-1.fc26.noarch
python-lockfile-0.11.0-6.fc26.noarch
python2-pyparsing-2.1.10-3.fc26.noarch
python2-lxml-4.1.1-1.fc26.s390x
librados2-10.2.7-2.fc26.s390x
trousers-lib-0.3.13-7.fc26.s390x
libpaper-1.1.24-14.fc26.s390x
libdatrie-0.2.9-4.fc26.s390x
libsoup-2.58.2-1.fc26.s390x
passwd-0.79-9.fc26.s390x
bind99-libs-9.9.10-3.P3.fc26.s390x
python3-rpm-4.13.0.2-1.fc26.s390x
systemd-233-7.fc26.s390x
virglrenderer-0.6.0-1.20170210git76b3da97b.fc26.s390x
s390utils-ziomon-1.36.1-3.fc26.s390x
s390utils-osasnmpd-1.36.1-3.fc26.s390x
libXrandr-1.5.1-2.fc26.s390x
libglvnd-glx-1.0.0-1.fc26.s390x
texlive-ifxetex-svn19685.0.5-33.fc26.2.noarch
texlive-psnfss-svn33946.9.2a-33.fc26.2.noarch
texlive-dvipdfmx-def-svn40328-33.fc26.2.noarch
texlive-natbib-svn20668.8.31b-33.fc26.2.noarch
texlive-xdvi-bin-svn40750-33.20160520.fc26.2.s390x
texlive-cm-svn32865.0-33.fc26.2.noarch
texlive-beton-svn15878.0-33.fc26.2.noarch
texlive-fpl-svn15878.1.002-33.fc26.2.noarch
texlive-mflogo-svn38628-33.fc26.2.noarch
texlive-texlive-docindex-svn41430-33.fc26.2.noarch
texlive-luaotfload-bin-svn34647.0-33.20160520.fc26.2.noarch
texlive-koma-script-svn41508-33.fc26.2.noarch
texlive-pst-tree-svn24142.1.12-33.fc26.2.noarch
texlive-breqn-svn38099.0.98d-33.fc26.2.noarch
texlive-xetex-svn41438-33.fc26.2.noarch
gstreamer1-plugins-bad-free-1.12.3-1.fc26.s390x
xorg-x11-font-utils-7.5-33.fc26.s390x

Re: [Qemu-devel] [PATCH 00/10] RFC: Optimize nvdimm kind memory for snapshot.

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1520990418-28258-1-git-send-email-junyan...@hotmail.com
Subject: [Qemu-devel] [PATCH 00/10] RFC: Optimize nvdimm kind memory for 
snapshot.

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/1520990418-28258-1-git-send-email-junyan...@hotmail.com -> 
patchew/1520990418-28258-1-git-send-email-junyan...@hotmail.com
Switched to a new branch 'test'
cf8b49f484 RFC: Enable nvdimm snapshot functions.
839b0dc7fc RFC: Add nvdimm snapshot saving to migration.
edf96a743e RFC: Add a section_id parameter to save_live_iterate call.
eaaf08deb8 RFC: Add get_current_snapshot_info to get the snapshot state.
ac55e78d2c RFC: Add save dependency functions to qemu_file
99deb40575 RFC: Add memory region snapshot bitmap get function.
eb7ccdaf28 RFC: Set memory_region_set_log available for more client.
9ee8792a3b RFC: Implement save and support snapshot dependency in block driver 
layer.
ebadb43e47 RFC: Implement qcow2's snapshot dependent saving function.
1a29421543 RFC: Add save and support snapshot dependency function to block 
driver.

=== OUTPUT BEGIN ===
Checking PATCH 1/10: RFC: Add save and support snapshot dependency function to 
block driver
Checking PATCH 2/10: RFC: Implement qcow2's snapshot dependent saving 
function
Checking PATCH 3/10: RFC: Implement save and support snapshot dependency in 
block driver layer
Checking PATCH 4/10: RFC: Set memory_region_set_log available for more 
client
Checking PATCH 5/10: RFC: Add memory region snapshot bitmap get function
Checking PATCH 6/10: RFC: Add save dependency functions to qemu_file...
Checking PATCH 7/10: RFC: Add get_current_snapshot_info to get the snapshot 
state
Checking PATCH 8/10: RFC: Add a section_id parameter to save_live_iterate 
call
Checking PATCH 9/10: RFC: Add nvdimm snapshot saving to migration
WARNING: line over 80 characters
#122: FILE: migration/nvdimm.c:70:
+

WARNING: line over 80 characters
#123: FILE: migration/nvdimm.c:71:
+| DIRTY_BITMAP_ID | total size | ram name size | ram name | ram size | bitmap 
size |

WARNING: line over 80 characters
#124: FILE: migration/nvdimm.c:72:
+

WARNING: line over 80 characters
#129: FILE: migration/nvdimm.c:77:
+---

WARNING: line over 80 characters
#130: FILE: migration/nvdimm.c:78:
+| DATA_ID | size | ram name size | ram name | ram size | data size | data... | 
END_ID |

WARNING: line over 80 characters
#131: FILE: migration/nvdimm.c:79:
+---

ERROR: do not use C99 // comments
#243: FILE: migration/nvdimm.c:191:
+padding_sz -= sizeof(int32_t); // NVDIMM_SECTION_PADDING_ID

ERROR: do not use C99 // comments
#244: FILE: migration/nvdimm.c:192:
+padding_sz -= sizeof(int32_t); // NVDIMM_PADDING_BYTE size

ERROR: do not use C99 // comments
#245: FILE: migration/nvdimm.c:193:
+padding_sz -= sizeof(int32_t); // NVDIMM_SECTION_END_ID

ERROR: do not use C99 // comments
#344: FILE: migration/nvdimm.c:292:
+data_sz += sizeof(int); // Zero page, just a ID

ERROR: do not use C99 // comments
#346: FILE: migration/nvdimm.c:294:
+data_sz += ((1 << TARGET_PAGE_BITS) + sizeof(int)); // ID + page

ERROR: do not use C99 // comments
#350: FILE: migration/nvdimm.c:298:
+total_sz = sizeof(unsigned int); // NVDIMM_SECTION_DIRTY_BITMAP_ID

ERROR: do not use C99 // comments
#351: FILE: migration/nvdimm.c:299:
+total_sz += sizeof(uint64_t);// the total size itself

ERROR: do not use C99 // comments
#352: FILE: migration/nvdimm.c:300:
+total_sz += sizeof(int); // ram name size

ERROR: do not use C99 // comments
#355: FILE: migration/nvdimm.c:303:
+total_sz += sizeof(uint64_t); // ram size

ERROR: do not use C99 // comments
#356: FILE: migration/nvdimm.c:304:
+total_sz += sizeof(uint64_t); // data size

ERROR: do not use C99 // comments
#358: FILE: migration/nvdimm.c:306:
+total_sz += sizeof(unsigned int); // NVDIMM_SECTION_END_ID

WARNING: line over 80 characters
#414: 

[Qemu-devel] [PATCH 07/10] RFC: Add get_current_snapshot_info to get the snapshot state.

[junyan . he]

From: Junyan He 

We need to know the snapshot saving information when we do dependent
snapshot saving, e.g the name of previous snapshot. Add this global
function to query the snapshot status is usable.

Signed-off-by: Junyan He 
---
 include/migration/snapshot.h |  3 +++
 migration/savevm.c   | 27 +++
 2 files changed, 30 insertions(+)

diff --git a/include/migration/snapshot.h b/include/migration/snapshot.h
index c85b6ec..0b950ce 100644
--- a/include/migration/snapshot.h
+++ b/include/migration/snapshot.h
@@ -15,7 +15,10 @@
 #ifndef QEMU_MIGRATION_SNAPSHOT_H
 #define QEMU_MIGRATION_SNAPSHOT_H
 
+#include "block/snapshot.h"
+
 int save_snapshot(const char *name, Error **errp);
 int load_snapshot(const char *name, Error **errp);
+int get_current_snapshot_info(QEMUSnapshotInfo *sn);
 
 #endif
diff --git a/migration/savevm.c b/migration/savevm.c
index 1bbd6aa..3a9b904 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -2212,6 +2212,29 @@ int qemu_loadvm_state(QEMUFile *f)
 return ret;
 }
 
+static int in_snap_saving;
+static QEMUSnapshotInfo in_snap_saving_sn;
+
+int get_current_snapshot_info(QEMUSnapshotInfo *sn)
+{
+if (in_snap_saving && sn) {
+memcpy(sn, _snap_saving_sn, sizeof(QEMUSnapshotInfo));
+}
+
+return in_snap_saving;
+}
+
+static void set_current_snapshot_info(QEMUSnapshotInfo *sn)
+{
+if (sn) {
+memcpy(_snap_saving_sn, sn, sizeof(QEMUSnapshotInfo));
+in_snap_saving = 1;
+} else {
+memset(_snap_saving_sn, 0, sizeof(QEMUSnapshotInfo));
+in_snap_saving = 0;
+}
+}
+
 int save_snapshot(const char *name, Error **errp)
 {
 BlockDriverState *bs, *bs1;
@@ -2282,6 +2305,8 @@ int save_snapshot(const char *name, Error **errp)
 strftime(sn->name, sizeof(sn->name), "vm-%Y%m%d%H%M%S", );
 }
 
+set_current_snapshot_info(sn);
+
 /* save the VM state */
 f = qemu_fopen_bdrv(bs, 1);
 if (!f) {
@@ -2313,6 +2338,8 @@ int save_snapshot(const char *name, Error **errp)
 ret = 0;
 
  the_end:
+set_current_snapshot_info(NULL);
+
 if (aio_context) {
 aio_context_release(aio_context);
 }
-- 
2.7.4

[Qemu-devel] [PATCH 09/10] RFC: Add nvdimm snapshot saving to migration.

[junyan . he]

From: Junyan He 

The nvdimm size is huge, sometimes is more than 256G or even more.
This is a huge burden for snapshot saving. One snapshot point with
nvdimm may occupy more than 50G disk space even with compression
enabled.
We need to introduce dependent snapshot manner to solve this problem.
The first snapshot point should always be saved completely, and enable
dirty log trace after saving for nvdimm memory region. The later snapshot
point should add the reference to previous snapshot's nvdimm data and
just saving dirty pages. This can save a lot of disk and time if the
snapshot operations are triggered frequently.

Signed-off-by: Junyan He 
---
 Makefile.target  |1 +
 include/migration/misc.h |4 +
 migration/nvdimm.c   | 1033 ++
 3 files changed, 1038 insertions(+)
 create mode 100644 migration/nvdimm.c

diff --git a/Makefile.target b/Makefile.target
index 6549481..0259e70 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -139,6 +139,7 @@ obj-y += memory.o
 obj-y += memory_mapping.o
 obj-y += dump.o
 obj-y += migration/ram.o
+obj-y += migration/nvdimm.o
 LIBS := $(libs_softmmu) $(LIBS)
 
 # Hardware support
diff --git a/include/migration/misc.h b/include/migration/misc.h
index 77fd4f5..0c23da8 100644
--- a/include/migration/misc.h
+++ b/include/migration/misc.h
@@ -20,6 +20,10 @@
 
 void ram_mig_init(void);
 
+/* migration/nvdimm.c */
+void nvdimm_snapshot_init(void);
+bool ram_block_is_nvdimm_active(RAMBlock *block);
+
 /* migration/block.c */
 
 #ifdef CONFIG_LIVE_BLOCK_MIGRATION
diff --git a/migration/nvdimm.c b/migration/nvdimm.c
new file mode 100644
index 000..8516bb0
--- /dev/null
+++ b/migration/nvdimm.c
@@ -0,0 +1,1033 @@
+/*
+ * QEMU System Emulator
+ *
+ * Authors:
+ *  He Junyan
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/mem/nvdimm.h"
+#include "cpu.h"
+#include "qemu/cutils.h"
+#include "exec/ram_addr.h"
+#include "exec/target_page.h"
+#include "qemu/rcu_queue.h"
+#include "qemu/error-report.h"
+#include "migration.h"
+#include "qapi/error.h"
+#include "migration/register.h"
+#include "migration/ram.h"
+#include "migration/qemu-file.h"
+#include "migration.h"
+#include "migration/misc.h"
+#include "migration/savevm.h"
+#include "block/snapshot.h"
+#include "migration/snapshot.h"
+
+#define NVDIMM_MIG_VERSION 0x01
+
+/* PADDING data, useless */
+#define NVDIMM_PADDING_BYTE 0xce
+/* PAGE id, is all zero */
+#define NVDIMM_ZERO_PAGE_ID 0xaabc250f
+#define NVDIMM_NONZERO_PAGE_ID 0xacbc250e
+/* No usage date, for alignment only */
+#define NVDIMM_SECTION_PADDING_ID 0xaaceccea
+/* Section for dirty log kind */
+#define NVDIMM_SECTION_DIRTY_LOG_ID 0xbbcd0c1e
+/* Section for raw data, no bitmap, dump the whole mem */
+#define NVDIMM_SECTION_DATA_ID 0x76bbcae3
+/* Section for setup */
+#define NVDIMM_SECTION_SETUP 0x7ace0cfa
+/* Section for setup */
+#define NVDIMM_SECTION_COMPLETE 0x8ace0cfa
+/* Section end symbol */
+#define NVDIMM_SECTION_END_ID 0xccbe8752
+/  Sections** ***
+Padding section
+
+| PADDING_ID | size | PADDING_BYTE .. | END_ID |
+
+Dirty log section
+
+| DIRTY_BITMAP_ID | total size | ram name size | ram name | ram size | bitmap 
size |
+
+-
+ bitmap data... | dirty page size | dirty page data... | END_ID |
+-
+Raw data section
+---
+| 

[Qemu-devel] [PATCH 05/10] RFC: Add memory region snapshot bitmap get function.

[junyan . he]

From: Junyan He 

We need to get the bitmap content of the snapshot when enable dirty
log trace for nvdimm.

Signed-off-by: Junyan He 
---
 exec.c  | 7 +++
 include/exec/memory.h   | 9 +
 include/exec/ram_addr.h | 2 ++
 memory.c| 7 +++
 4 files changed, 25 insertions(+)

diff --git a/exec.c b/exec.c
index a9181e6..3d2bf0d 100644
--- a/exec.c
+++ b/exec.c
@@ -1235,6 +1235,13 @@ bool 
cpu_physical_memory_snapshot_get_dirty(DirtyBitmapSnapshot *snap,
 return false;
 }
 
+unsigned long *cpu_physical_memory_snapshot_get_dirty_bitmap
+ (DirtyBitmapSnapshot *snap)
+{
+assert(snap);
+return snap->dirty;
+}
+
 /* Called from RCU critical section */
 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
MemoryRegionSection *section,
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 31eae0a..f742995 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1179,6 +1179,15 @@ bool memory_region_snapshot_get_dirty(MemoryRegion *mr,
   hwaddr addr, hwaddr size);
 
 /**
+ * memory_region_snapshot_get_dirty_bitmap: Get the dirty bitmap data of
+ * snapshot.
+ *
+ * @snap: the dirty bitmap snapshot
+ */
+unsigned long *memory_region_snapshot_get_dirty_bitmap
+ (DirtyBitmapSnapshot *snap);
+
+/**
  * memory_region_reset_dirty: Mark a range of pages as clean, for a specified
  *client.
  *
diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
index cf2446a..ce366c1 100644
--- a/include/exec/ram_addr.h
+++ b/include/exec/ram_addr.h
@@ -371,6 +371,8 @@ DirtyBitmapSnapshot 
*cpu_physical_memory_snapshot_and_clear_dirty
 bool cpu_physical_memory_snapshot_get_dirty(DirtyBitmapSnapshot *snap,
 ram_addr_t start,
 ram_addr_t length);
+unsigned long *cpu_physical_memory_snapshot_get_dirty_bitmap
+(DirtyBitmapSnapshot *snap);
 
 static inline void cpu_physical_memory_clear_dirty_range(ram_addr_t start,
  ram_addr_t length)
diff --git a/memory.c b/memory.c
index 4a8a2fe..68f17f0 100644
--- a/memory.c
+++ b/memory.c
@@ -1991,6 +1991,13 @@ DirtyBitmapSnapshot 
*memory_region_snapshot_and_clear_dirty(MemoryRegion *mr,
 memory_region_get_ram_addr(mr) + addr, size, client);
 }
 
+unsigned long *memory_region_snapshot_get_dirty_bitmap
+ (DirtyBitmapSnapshot *snap)
+{
+assert(snap);
+return cpu_physical_memory_snapshot_get_dirty_bitmap(snap);
+}
+
 bool memory_region_snapshot_get_dirty(MemoryRegion *mr, DirtyBitmapSnapshot 
*snap,
   hwaddr addr, hwaddr size)
 {
-- 
2.7.4

[Qemu-devel] [PATCH 08/10] RFC: Add a section_id parameter to save_live_iterate call.

[junyan . he]

From: Junyan He 

We need to know the section_id when we do snapshot saving.
Add a parameter to save_live_iterate function call.

Signed-off-by: Junyan He 
---
 hw/ppc/spapr.c   | 2 +-
 hw/s390x/s390-stattrib.c | 2 +-
 include/migration/register.h | 2 +-
 migration/block.c| 2 +-
 migration/ram.c  | 2 +-
 migration/savevm.c   | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 7e1c858..4cde4f4 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1974,7 +1974,7 @@ static int htab_save_later_pass(QEMUFile *f, 
sPAPRMachineState *spapr,
 #define MAX_ITERATION_NS500 /* 5 ms */
 #define MAX_KVM_BUF_SIZE2048
 
-static int htab_save_iterate(QEMUFile *f, void *opaque)
+static int htab_save_iterate(QEMUFile *f, void *opaque, int section_id)
 {
 sPAPRMachineState *spapr = opaque;
 int fd;
diff --git a/hw/s390x/s390-stattrib.c b/hw/s390x/s390-stattrib.c
index adf07ef..18ece84 100644
--- a/hw/s390x/s390-stattrib.c
+++ b/hw/s390x/s390-stattrib.c
@@ -246,7 +246,7 @@ static int cmma_save(QEMUFile *f, void *opaque, int final)
 return ret;
 }
 
-static int cmma_save_iterate(QEMUFile *f, void *opaque)
+static int cmma_save_iterate(QEMUFile *f, void *opaque, int section_id)
 {
 return cmma_save(f, opaque, 0);
 }
diff --git a/include/migration/register.h b/include/migration/register.h
index f4f7bdc..7f7df2c 100644
--- a/include/migration/register.h
+++ b/include/migration/register.h
@@ -31,7 +31,7 @@ typedef struct SaveVMHandlers {
  * use data that is local to the migration thread or protected
  * by other locks.
  */
-int (*save_live_iterate)(QEMUFile *f, void *opaque);
+int (*save_live_iterate)(QEMUFile *f, void *opaque, int section_id);
 
 /* This runs outside the iothread lock!  */
 int (*save_setup)(QEMUFile *f, void *opaque);
diff --git a/migration/block.c b/migration/block.c
index 1f03946..6d4c8a3 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -755,7 +755,7 @@ static int block_save_setup(QEMUFile *f, void *opaque)
 return ret;
 }
 
-static int block_save_iterate(QEMUFile *f, void *opaque)
+static int block_save_iterate(QEMUFile *f, void *opaque, int section_id)
 {
 int ret;
 int64_t last_ftell = qemu_ftell(f);
diff --git a/migration/ram.c b/migration/ram.c
index 3b6c077..d1db422 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -2249,7 +2249,7 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
  * @f: QEMUFile where to send the data
  * @opaque: RAMState pointer
  */
-static int ram_save_iterate(QEMUFile *f, void *opaque)
+static int ram_save_iterate(QEMUFile *f, void *opaque, int section_id)
 {
 RAMState **temp = opaque;
 RAMState *rs = *temp;
diff --git a/migration/savevm.c b/migration/savevm.c
index 3a9b904..ce4133a 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1072,7 +1072,7 @@ int qemu_savevm_state_iterate(QEMUFile *f, bool postcopy)
 
 save_section_header(f, se, QEMU_VM_SECTION_PART);
 
-ret = se->ops->save_live_iterate(f, se->opaque);
+ret = se->ops->save_live_iterate(f, se->opaque, se->section_id);
 trace_savevm_section_end(se->idstr, se->section_id, ret);
 save_section_footer(f, se);
 
-- 
2.7.4

[Qemu-devel] [PATCH 04/10] RFC: Set memory_region_set_log available for more client.

[junyan . he]

From: Junyan He 

We need to collect dirty log for nvdimm kind memory, need to enable
memory_region_set_log for more clients rather than just VGA.

Signed-off-by: Junyan He 
---
 memory.c | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/memory.c b/memory.c
index e70b64b..4a8a2fe 100644
--- a/memory.c
+++ b/memory.c
@@ -1921,11 +1921,12 @@ void memory_region_set_log(MemoryRegion *mr, bool log, 
unsigned client)
 uint8_t mask = 1 << client;
 uint8_t old_logging;
 
-assert(client == DIRTY_MEMORY_VGA);
-old_logging = mr->vga_logging_count;
-mr->vga_logging_count += log ? 1 : -1;
-if (!!old_logging == !!mr->vga_logging_count) {
-return;
+if (client == DIRTY_MEMORY_VGA) {
+old_logging = mr->vga_logging_count;
+mr->vga_logging_count += log ? 1 : -1;
+if (!!old_logging == !!mr->vga_logging_count) {
+return;
+}
 }
 
 memory_region_transaction_begin();
-- 
2.7.4

[Qemu-devel] [PATCH 03/10] RFC: Implement save and support snapshot dependency in block driver layer.

[junyan . he]

From: Junyan He 

Signed-off-by: Junyan He 
---
 block/snapshot.c | 45 +
 include/block/snapshot.h |  7 +++
 2 files changed, 52 insertions(+)

diff --git a/block/snapshot.c b/block/snapshot.c
index eacc1f1..8cc40ac 100644
--- a/block/snapshot.c
+++ b/block/snapshot.c
@@ -401,6 +401,51 @@ int bdrv_snapshot_load_tmp_by_id_or_name(BlockDriverState 
*bs,
 return ret;
 }
 
+int bdrv_snapshot_save_dependency(BlockDriverState *bs,
+  const char *depend_snapshot_id,
+  int64_t depend_offset,
+  int64_t depend_size,
+  int64_t offset,
+  Error **errp)
+{
+BlockDriver *drv = bs->drv;
+
+if (!drv) {
+return -ENOMEDIUM;
+}
+
+if (drv->bdrv_snapshot_save_dependency) {
+return drv->bdrv_snapshot_save_dependency(bs, depend_snapshot_id,
+  depend_offset, depend_size,
+  offset, errp);
+}
+
+if (bs->file) {
+return bdrv_snapshot_save_dependency(bs->file->bs, depend_snapshot_id,
+ depend_offset, depend_size,
+ offset, errp);
+}
+
+return -ENOTSUP;
+}
+
+int bdrv_snapshot_support_dependency(BlockDriverState *bs, int32_t *alignment)
+{
+BlockDriver *drv = bs->drv;
+if (!drv || !bdrv_is_inserted(bs) || bdrv_is_read_only(bs)) {
+return 0;
+}
+
+if (drv->bdrv_snapshot_support_dependency) {
+return drv->bdrv_snapshot_support_dependency(bs, alignment);
+}
+
+if (bs->file != NULL) {
+return bdrv_snapshot_support_dependency(bs->file->bs, alignment);
+}
+
+return -ENOTSUP;
+}
 
 /* Group operations. All block drivers are involved.
  * These functions will properly handle dataplane (take aio_context_acquire
diff --git a/include/block/snapshot.h b/include/block/snapshot.h
index f73d109..e5bf06f 100644
--- a/include/block/snapshot.h
+++ b/include/block/snapshot.h
@@ -73,6 +73,13 @@ int bdrv_snapshot_load_tmp(BlockDriverState *bs,
 int bdrv_snapshot_load_tmp_by_id_or_name(BlockDriverState *bs,
  const char *id_or_name,
  Error **errp);
+int bdrv_snapshot_save_dependency(BlockDriverState *bs,
+  const char *depend_snapshot_id,
+  int64_t depend_offset,
+  int64_t depend_size,
+  int64_t offset,
+  Error **errp);
+int bdrv_snapshot_support_dependency(BlockDriverState *bs, int32_t *alignment);
 
 
 /* Group operations. All block drivers are involved.
-- 
2.7.4

[Qemu-devel] [PATCH 10/10] RFC: Enable nvdimm snapshot functions.

[junyan . he]

From: Junyan He 

In snapshot saving, all nvdimm kind memory will be saved in different way
and we exclude all nvdimm kind memory region in ram.c

Signed-off-by: Junyan He 
---
 migration/ram.c | 17 +
 vl.c|  1 +
 2 files changed, 18 insertions(+)

diff --git a/migration/ram.c b/migration/ram.c
index d1db422..ad32469 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1219,9 +1219,15 @@ static bool find_dirty_block(RAMState *rs, 
PageSearchStatus *pss, bool *again)
 /* Didn't find anything in this RAM Block */
 pss->page = 0;
 pss->block = QLIST_NEXT_RCU(pss->block, next);
+while (ram_block_is_nvdimm_active(pss->block)) {
+pss->block = QLIST_NEXT_RCU(pss->block, next);
+}
 if (!pss->block) {
 /* Hit the end of the list */
 pss->block = QLIST_FIRST_RCU(_list.blocks);
+while (ram_block_is_nvdimm_active(pss->block)) {
+pss->block = QLIST_NEXT_RCU(pss->block, next);
+}
 /* Flag that we've looped */
 pss->complete_round = true;
 rs->ram_bulk_stage = false;
@@ -1541,6 +1547,9 @@ static int ram_find_and_save_block(RAMState *rs, bool 
last_stage)
 
 if (!pss.block) {
 pss.block = QLIST_FIRST_RCU(_list.blocks);
+while (ram_block_is_nvdimm_active(pss.block)) {
+pss.block = QLIST_NEXT_RCU(pss.block, next);
+}
 }
 
 do {
@@ -1583,6 +1592,10 @@ uint64_t ram_bytes_total(void)
 
 rcu_read_lock();
 RAMBLOCK_FOREACH(block) {
+if (ram_block_is_nvdimm_active(block)) {
+// If snapshot and the block is nvdimm, let nvdimm do the job
+continue;
+}
 total += block->used_length;
 }
 rcu_read_unlock();
@@ -,6 +2235,10 @@ static int ram_save_setup(QEMUFile *f, void *opaque)
 qemu_put_be64(f, ram_bytes_total() | RAM_SAVE_FLAG_MEM_SIZE);
 
 RAMBLOCK_FOREACH(block) {
+if (ram_block_is_nvdimm_active(block)) {
+// If snapshot and the block is nvdimm, let nvdimm do the job
+continue;
+}
 qemu_put_byte(f, strlen(block->idstr));
 qemu_put_buffer(f, (uint8_t *)block->idstr, strlen(block->idstr));
 qemu_put_be64(f, block->used_length);
diff --git a/vl.c b/vl.c
index 3ef04ce..1bd5711 100644
--- a/vl.c
+++ b/vl.c
@@ -4502,6 +4502,7 @@ int main(int argc, char **argv, char **envp)
 
 blk_mig_init();
 ram_mig_init();
+nvdimm_snapshot_init();
 
 /* If the currently selected machine wishes to override the units-per-bus
  * property of its default HBA interface type, do so now. */
-- 
2.7.4

[Qemu-devel] [PATCH 06/10] RFC: Add save dependency functions to qemu_file

[junyan . he]

From: Junyan He 

When we save snapshot, we need qemu_file to support save dependency
operations. It should call brv_driver's save dependency functions
to implement these operations.

Signed-off-by: Junyan He 
---
 migration/qemu-file.c | 61 +++
 migration/qemu-file.h | 14 
 migration/savevm.c| 33 +---
 3 files changed, 105 insertions(+), 3 deletions(-)

diff --git a/migration/qemu-file.c b/migration/qemu-file.c
index 2ab2bf3..9d2a39a 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
@@ -46,10 +46,13 @@ struct QEMUFile {
 int buf_index;
 int buf_size; /* 0 when writing */
 uint8_t buf[IO_BUF_SIZE];
+char ref_name_str[128]; /* maybe snapshot id */
 
 DECLARE_BITMAP(may_free, MAX_IOV_SIZE);
 struct iovec iov[MAX_IOV_SIZE];
 unsigned int iovcnt;
+bool support_dependency;
+int32_t dependency_aligment;
 
 int last_error;
 };
@@ -745,3 +748,61 @@ void qemu_file_set_blocking(QEMUFile *f, bool block)
 f->ops->set_blocking(f->opaque, block);
 }
 }
+
+void qemu_file_set_support_dependency(QEMUFile *f, int32_t alignment)
+{
+f->dependency_aligment = alignment;
+f->support_dependency = true;
+}
+
+bool qemu_file_is_support_dependency(QEMUFile *f, int32_t *alignment)
+{
+if (f->support_dependency && alignment) {
+*alignment = f->dependency_aligment;
+}
+
+return f->support_dependency;
+}
+
+/* This function set the reference name for snapshot usage. Sometimes it needs
+ * to depend on other snapshot's data to avoid redundance.
+ */
+bool qemu_file_set_ref_name(QEMUFile *f, const char *name)
+{
+if (strlen(name) + 1 > sizeof(f->ref_name_str)) {
+return false;
+}
+
+memcpy(f->ref_name_str, name, strlen(name) + 1);
+return true;
+}
+
+ssize_t qemu_file_save_dependency(QEMUFile *f, int64_t depend_offset,
+  int64_t size)
+{
+ssize_t ret;
+
+if (f->support_dependency == false) {
+return -1;
+}
+
+assert(f->ops->save_dependency);
+
+if (!QEMU_IS_ALIGNED(depend_offset, f->dependency_aligment)) {
+return -1;
+}
+
+qemu_fflush(f);
+
+if (!QEMU_IS_ALIGNED(f->pos, f->dependency_aligment)) {
+return -1;
+}
+
+ret = f->ops->save_dependency(f->opaque, f->ref_name_str,
+  depend_offset, size, f->pos);
+if (ret > 0) {
+f->pos += size;
+}
+
+return ret;
+}
diff --git a/migration/qemu-file.h b/migration/qemu-file.h
index aae4e5e..137b917 100644
--- a/migration/qemu-file.h
+++ b/migration/qemu-file.h
@@ -57,6 +57,14 @@ typedef ssize_t (QEMUFileWritevBufferFunc)(void *opaque, 
struct iovec *iov,
int iovcnt, int64_t pos);
 
 /*
+ * This function add reference to the dependency data in snapshot specified by
+ * ref_name_str to this file's offset
+ */
+typedef ssize_t (QEMUFileSaveDependencyFunc)(void *opaque, const char *name,
+ int64_t depend_offset,
+ int64_t offset, int64_t size);
+
+/*
  * This function provides hooks around different
  * stages of RAM migration.
  * 'opaque' is the backend specific data in QEMUFile
@@ -104,6 +112,7 @@ typedef struct QEMUFileOps {
 QEMUFileWritevBufferFunc *writev_buffer;
 QEMURetPathFunc *get_return_path;
 QEMUFileShutdownFunc *shut_down;
+QEMUFileSaveDependencyFunc *save_dependency;
 } QEMUFileOps;
 
 typedef struct QEMUFileHooks {
@@ -153,6 +162,11 @@ int qemu_file_shutdown(QEMUFile *f);
 QEMUFile *qemu_file_get_return_path(QEMUFile *f);
 void qemu_fflush(QEMUFile *f);
 void qemu_file_set_blocking(QEMUFile *f, bool block);
+bool qemu_file_set_ref_name(QEMUFile *f, const char *name);
+void qemu_file_set_support_dependency(QEMUFile *f, int32_t alignment);
+bool qemu_file_is_support_dependency(QEMUFile *f, int32_t *alignment);
+ssize_t qemu_file_save_dependency(QEMUFile *f, int64_t depend_offset,
+  int64_t size);
 
 size_t qemu_get_counted_string(QEMUFile *f, char buf[256]);
 
diff --git a/migration/savevm.c b/migration/savevm.c
index 358c5b5..1bbd6aa 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -196,6 +196,20 @@ static ssize_t block_writev_buffer(void *opaque, struct 
iovec *iov, int iovcnt,
 return qiov.size;
 }
 
+static ssize_t block_save_dependency(void *opaque, const char *id_name,
+ int64_t depend_offset,
+ int64_t offset, int64_t size)
+{
+int ret = bdrv_snapshot_save_dependency(opaque, id_name,
+depend_offset, offset,
+size, NULL);
+if (ret < 0) {
+return ret;
+}
+
+return size;
+}
+
 static ssize_t block_get_buffer(void *opaque, 

[Qemu-devel] [PATCH 00/10] RFC: Optimize nvdimm kind memory for snapshot.

[junyan . he]

From: Junyan He 

The nvdimm size is huge, sometimes it is more than 256G or even more.
This is a huge burden for snapshot saving. One snapshot point with
nvdimm may occupy more than 50G disk space even with compression
enabled.
We need to introduce dependent snapshot manner to solve this problem.
The first snapshot point should always be saved completely, and enable
dirty log trace after saving for nvdimm memory region. The later snapshot
point should add the reference to previous snapshot's nvdimm data and
just saving dirty pages. This can save a lot of disk and time if the
snapshot operations are triggered frequently.
We add save_snapshot_dependency functions to QCOW2 file system firstly, the
later snapshot will add reference to previous dependent snapshot's data
cluster. There is an alignment problem here, the dependent data should
always be cluster aligned. We need to add some padding data when saving
the snapshot to make it always cluster aligned.
The logic between nvdimm and ram for snapshot saving is a little confused
now, we need to exclude nvdimm kind memory region from ram list and the
dirty log tracing setting is also not very clear. Maybe we can separate the
snapshot saving from the migration logic later to make code clean.
In theory, this kind of manner can apply to any kind of memory. But because
it need to turn dirty log trace on, the performance may decline. So we just
enable it for nvdimm kind memory firstly.

Signed-off-by: Junyan He 
---
Makefile.target  |1 +
block/qcow2-snapshot.c   |  154 ++
block/qcow2.c|2 +
block/qcow2.h|7 +
block/snapshot.c |   45 +++
exec.c   |7 +
hw/ppc/spapr.c   |2 +-
hw/s390x/s390-stattrib.c |2 +-
include/block/block_int.h|9 ++
include/block/snapshot.h |7 +
include/exec/memory.h|9 ++
include/exec/ram_addr.h  |2 +
include/migration/misc.h |4 +
include/migration/register.h |2 +-
include/migration/snapshot.h |3 +
memory.c |   18 ++-
migration/block.c|2 +-
migration/nvdimm.c   | 1033 
+
migration/qemu-file.c|   61 +
migration/qemu-file.h|   14 ++
migration/ram.c  |   19 ++-
migration/savevm.c   |   62 -
vl.c |1 +
23 files changed, 1452 insertions(+), 14 deletions(-)

[Qemu-devel] [PATCH 01/10] RFC: Add save and support snapshot dependency function to block driver.

[junyan . he]

From: Junyan He 

We want to support incremental snapshot saving, this needs the file
system support dependency saving. Later snapshots may ref the dependent
snapshot's content, and most time should be cluster aligned.
Add a query function to check whether the file system support this, and
use the save_dependency function to do the real work.

Signed-off-by: Junyan He 
---
 include/block/block_int.h | 9 +
 1 file changed, 9 insertions(+)

diff --git a/include/block/block_int.h b/include/block/block_int.h
index 64a5700..be1eca3 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -274,6 +274,15 @@ struct BlockDriver {
   const char *snapshot_id,
   const char *name,
   Error **errp);
+int (*bdrv_snapshot_save_dependency)(BlockDriverState *bs,
+ const char *depend_snapshot_id,
+ int64_t depend_offset,
+ int64_t depend_size,
+ int64_t offset,
+ Error **errp);
+int (*bdrv_snapshot_support_dependency)(BlockDriverState *bs,
+int32_t *alignment);
+
 int (*bdrv_get_info)(BlockDriverState *bs, BlockDriverInfo *bdi);
 ImageInfoSpecific *(*bdrv_get_specific_info)(BlockDriverState *bs);
 
-- 
2.7.4

[Qemu-devel] [PATCH 02/10] RFC: Implement qcow2's snapshot dependent saving function.

[junyan . he]

From: Junyan He 

For qcow2 format, we can increase the cluster's reference count of
dependent snapshot content and link the offset to the L2 table of
the new snapshot point. This way can avoid obvious snapshot's dependent
relationship, so when we delete some snapshot point, just decrease the
cluster count and no need to check further.

Signed-off-by: Junyan He 
---
 block/qcow2-snapshot.c | 154 +
 block/qcow2.c  |   2 +
 block/qcow2.h  |   7 +++
 3 files changed, 163 insertions(+)

diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index cee25f5..8e83084 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -736,3 +736,157 @@ int qcow2_snapshot_load_tmp(BlockDriverState *bs,
 
 return 0;
 }
+
+int qcow2_snapshot_save_dependency(BlockDriverState *bs,
+   const char *depend_snapshot_id,
+   int64_t depend_offset,
+   int64_t depend_size,
+   int64_t offset,
+   Error **errp)
+{
+int snapshot_index;
+BDRVQcow2State *s = bs->opaque;
+QCowSnapshot *sn;
+int ret;
+int64_t i;
+int64_t total_bytes = depend_size;
+int64_t depend_offset1, offset1;
+uint64_t *depend_l1_table = NULL;
+uint64_t depend_l1_bytes;
+uint64_t *depend_l2_table = NULL;
+uint64_t depend_l2_offset;
+uint64_t depend_entry;
+QCowL2Meta l2meta;
+
+assert(bs->read_only == false);
+
+if (depend_snapshot_id == NULL) {
+return 0;
+}
+
+if (!QEMU_IS_ALIGNED(depend_offset,  s->cluster_size)) {
+error_setg(errp, "Specified snapshot offset is not multiple of %u",
+s->cluster_size);
+return -EINVAL;
+}
+
+if (!QEMU_IS_ALIGNED(offset,  s->cluster_size)) {
+error_setg(errp, "Offset is not multiple of %u", s->cluster_size);
+return -EINVAL;
+}
+
+if (!QEMU_IS_ALIGNED(depend_size,  s->cluster_size)) {
+error_setg(errp, "depend_size is not multiple of %u", s->cluster_size);
+return -EINVAL;
+}
+
+snapshot_index = find_snapshot_by_id_and_name(bs, NULL, 
depend_snapshot_id);
+/* Search the snapshot */
+if (snapshot_index < 0) {
+error_setg(errp, "Can't find snapshot");
+return -ENOENT;
+}
+
+sn = >snapshots[snapshot_index];
+if (sn->disk_size != bs->total_sectors * BDRV_SECTOR_SIZE) {
+error_report("qcow2: depend on the snapshots with different disk "
+"size is not implemented");
+return -ENOTSUP;
+}
+
+/* Only can save dependency of snapshot's vmstate data */
+depend_offset1 = depend_offset + qcow2_vm_state_offset(s);
+offset1 = offset + qcow2_vm_state_offset(s);
+
+depend_l1_bytes = s->l1_size * sizeof(uint64_t);
+depend_l1_table = g_try_malloc0(depend_l1_bytes);
+if (depend_l1_table == NULL) {
+return -ENOMEM;
+}
+
+ret = bdrv_pread(bs->file, sn->l1_table_offset, depend_l1_table,
+ depend_l1_bytes);
+if (ret < 0) {
+g_free(depend_l1_table);
+goto out;
+}
+for (i = 0; i < depend_l1_bytes / sizeof(uint64_t); i++) {
+be64_to_cpus(_l1_table[i]);
+}
+
+while (total_bytes) {
+assert(total_bytes > 0);
+/* Find the cluster of depend */
+depend_l2_offset =
+depend_l1_table[depend_offset1 >> (s->l2_bits + s->cluster_bits)];
+depend_l2_offset &= L1E_OFFSET_MASK;
+if (depend_l2_offset == 0) {
+ret = -EINVAL;
+goto out;
+}
+
+if (offset_into_cluster(s, depend_l2_offset)) {
+qcow2_signal_corruption(bs, true, -1, -1, "L2 table offset %#"
+PRIx64 " unaligned (L1 index: %#"
+PRIx64 ")",
+depend_l2_offset,
+depend_offset1 >>
+(s->l2_bits + s->cluster_bits));
+return -EIO;
+}
+
+ret = qcow2_cache_get(bs, s->l2_table_cache, depend_l2_offset,
+  (void **)(_l2_table));
+if (ret < 0) {
+goto out;
+}
+
+depend_entry =
+be64_to_cpu(
+depend_l2_table[offset_to_l2_index(s, depend_offset1)]);
+if (depend_entry == 0) {
+ret = -EINVAL;
+qcow2_cache_put(s->l2_table_cache, (void **)(_l2_table));
+goto out;
+}
+
+memset(, 0, sizeof(l2meta));
+l2meta.offset = offset1;
+l2meta.alloc_offset = (depend_entry & L2E_OFFSET_MASK);
+l2meta.nb_clusters = 1;
+/* Add a ref to this cluster */
+ret = qcow2_update_cluster_refcount(
+  bs, l2meta.alloc_offset >> 

Re: [Qemu-devel] [PATCH v3] ppc440_pcix: Change some error_report to qemu_log_mask(LOG_UNIMP, ...)

[David Gibson]

On Tue, Mar 13, 2018 at 12:26:56PM +0100, BALATON Zoltan wrote:
1;5002;0c> Using log unimp is more appropriate for these messages and this also
> silences them by default so they won't clobber make check output when
> tests are added for this board.
> 
> Signed-off-by: BALATON Zoltan 
> Reviewed-by: Thomas Huth 

Applied, thanks.

> ---
> v3: Include qemu/log.h to avoid undeclared function warning
> v2: Use defined format string for printing hwaddr instead of casting.
> I guess this does not invalidate the R-b tag of v1 so I've added that too.
> 
>  hw/ppc/ppc440_pcix.c | 11 +++
>  1 file changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/ppc/ppc440_pcix.c b/hw/ppc/ppc440_pcix.c
> index ab2626a..b1307e6 100644
> --- a/hw/ppc/ppc440_pcix.c
> +++ b/hw/ppc/ppc440_pcix.c
> @@ -21,6 +21,7 @@
>  
>  #include "qemu/osdep.h"
>  #include "qemu/error-report.h"
> +#include "qemu/log.h"
>  #include "hw/hw.h"
>  #include "hw/ppc/ppc.h"
>  #include "hw/ppc/ppc4xx.h"
> @@ -286,8 +287,9 @@ static void ppc440_pcix_reg_write4(void *opaque, hwaddr 
> addr,
>  break;
>  
>  default:
> -error_report("%s: unhandled PCI internal register 0x%lx", __func__,
> - (unsigned long)addr);
> +qemu_log_mask(LOG_UNIMP,
> +  "%s: unhandled PCI internal register 
> 0x%"HWADDR_PRIx"\n",
> +  __func__, addr);
>  break;
>  }
>  }
> @@ -377,8 +379,9 @@ static uint64_t ppc440_pcix_reg_read4(void *opaque, 
> hwaddr addr,
>  break;
>  
>  default:
> -error_report("%s: invalid PCI internal register 0x%lx", __func__,
> - (unsigned long)addr);
> +qemu_log_mask(LOG_UNIMP,
> +  "%s: invalid PCI internal register 0x%" HWADDR_PRIx 
> "\n",
> +  __func__, addr);
>  val = 0;
>  }
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PULL 00/69] Misc patches for QEMU soft freeze

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180313224719.4954-1-pbonz...@redhat.com
Subject: [Qemu-devel] [PULL 00/69] Misc patches for QEMU soft freeze

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   patchew/20180313224719.4954-1-pbonz...@redhat.com -> 
patchew/20180313224719.4954-1-pbonz...@redhat.com
Auto packing the repository in background for optimum performance.
See "git help gc" for manual housekeeping.
Switched to a new branch 'test'
20b2d41547 tcg: fix cpu_io_recompile
c46131d9ac replay: update documentation
ebbeee6c00 replay: save vmstate of the asynchronous events
6a1d180135 replay: don't process async events when warping the clock
d878031ce3 scripts/replay-dump.py: replay log dumper
fa49388d29 replay: avoid recursive call of checkpoints
8425f8a33b replay: check return values of fwrite
0c4cf018d7 replay: push replay_mutex_lock up the call tree
eedffef5df replay: don't destroy mutex at exit
a4649842a9 replay: make locking visible outside replay code
1570edbbd5 replay/replay-internal.c: track holding of replay_lock
e6d2f97e40 replay/replay.c: bump REPLAY_VERSION again
c0d71df05c replay: save prior value of the host clock
a7c57184b1 replay: added replay log format description
39eaf489fd replay: fix save/load vm for non-empty queue
980235a32e replay: fixed replay_enable_events
a846c03323 replay: fix processing async events
9f1d12928e cpu-exec: fix exception_index handling
1d6e886906 hw/i386/pc: Factor out the superio code
e24291717f hw/alpha/dp264: Use the TYPE_SMC37C669_SUPERIO
1c75546a89 hw/alpha/dp264: Add the ISA DMA controller
8ccab0e5cc hw/isa/superio: Add the SMC FDC37C669 Super I/O
0638def1b5 MAINTAINERS: Split the Alpha TCG/machine section
fc68e597c6 MAINTAINERS: Add entries for the VT82C686B Super I/O
354da50497 hw/isa/vt82c686: Add the TYPE_VT82C686B_SUPERIO
66ca3f335d hw/isa/vt82c686: Rename vt82c686b_init() -> vt82c686b_isa_init()
112b337ef0 hw/mips/mips_fulong2e: Factor out vt82c686b_southbridge_init()
547f28856f hw/isa/superio: Factor out the FDC37M817 Super I/O from mips_malta.c
048338438b hw/mips/malta: Code movement
898bc44d9f hw/isa/superio: Factor out the IDE code from pc87312.c
649c8ee02e hw/isa/superio: Add a keyboard/mouse controller (8042)
2f0ca2c71c hw/isa/superio: Factor out the floppy disc controller code from 
pc87312.c
84a2f1940f hw/isa/superio: Factor out the serial code from pc87312.c
744cf074a8 hw/isa/superio: Factor out the parallel code from pc87312.c
3ecb08902c hw/isa/pc87312: Inherit from the abstract TYPE_ISA_SUPERIO
3ad09fdf2c hw/isa/superio: Add a Super I/O template based on the PC87312 device
06a0adcfd8 hw/isa/pc87312: Use 'unsigned int' for the irq value
5479558c92 hw/isa/pc87312: Use uint16_t for the ISA I/O base address
1ca2ae2991 hw/isa/pc87312: Rename the device type as TYPE_PC87312_SUPERIO
25e755167f MAINTAINERS: Fix the PC87312 include path
f829b02d47 hw/input/i8042: Extract declarations from i386/pc.h into 
input/i8042.h
5e6c657232 hw/dma/i8257: Rename DMA_init() to i8257_dma_init()
922053d83d hw/isa: Move parallel_hds_isa_init() to hw/char/parallel-isa.c
18e14e69b7 membarrier: add --enable-membarrier
136b6f0343 membarrier: introduce qemu/sys_membarrier.h
7be9740f48 rcu: make memory barriers more explicit
9f4445960c docs: document atomic_load_acquire and atomic_store_release
f14149cb0a rcutorture: remove synchronize_rcu from readers
71d22958d8 hw/mips/jazz: Fix implicit creation of "-drive if=scsi" devices
5cd7037170 Polish the version strings containing the package version
0a13467c66 hw/i386: make IOMMUs configurable via default-configs/
4eec1790b5 scsi: support NDOB (no data-out buffer) for WRITE SAME commands
a5dd7aaf89 chardev: tcp: let TLS run on chardev context
0058402907 chardev: tcp: postpone async connection setup
189e98e5db chardev: use chardev's gcontext for async connect
6c6f38627f chardev: introduce chr_machine_done hook
498f244334 chardev: allow telnet gsource to switch gcontext
eee9ff412a chardev: update net listener gcontext
0fdbf8e1ce chardev: fix handling of EAGAIN for TCP chardev
a7967d2420 vl: export machine_init_done
1d2d7c57f1 checkpatch: Exempt long URLs
835403d319 hw: Do not include "sysemu/block-backend.h" if it is not necessary
b1502c478e build-sys: make help could have 'modules' target
b3b603a323 qemu-doc: Add the paragraph about the 

[Qemu-devel] [PULL 52/69] cpu-exec: fix exception_index handling

[Paolo Bonzini]

From: Pavel Dovgalyuk 

Function cpu_handle_interrupt calls cc->cpu_exec_interrupt to process
pending hardware interrupts. Under the hood cpu_exec_interrupt uses
cpu->exception_index to pass information to the internal function which
is usually common for exception and interrupt processing.
But this value is not reset after return and may be processed again
by cpu_handle_exception. This does not happen due to overwriting
the exception_index at the end of cpu_handle_interrupt.
But this branch may also overwrite the valid exception_index in some cases.
Therefore this patch:
 1. resets exception_index just after the call to cpu_exec_interrupt
 2. prevents overwriting the meaningful value of exception_index

Signed-off-by: Pavel Dovgalyuk 
Signed-off-by: Paolo Bonzini 
Message-Id: <20180227095140.1060.61357.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 accel/tcg/cpu-exec.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 280200f737..9cc697205c 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -585,6 +585,7 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
 else {
 if (cc->cpu_exec_interrupt(cpu, interrupt_request)) {
 replay_interrupt();
+cpu->exception_index = -1;
 *last_tb = NULL;
 }
 /* The target hook may have updated the 'cpu->interrupt_request';
@@ -606,7 +607,9 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
 if (unlikely(atomic_read(>exit_request)
 || (use_icount && cpu->icount_decr.u16.low + cpu->icount_extra == 0))) 
{
 atomic_set(>exit_request, 0);
-cpu->exception_index = EXCP_INTERRUPT;
+if (cpu->exception_index == -1) {
+cpu->exception_index = EXCP_INTERRUPT;
+}
 return true;
 }
 
-- 
2.14.3

Re: [Qemu-devel] [RFC PATCH 16/30] q35/xen: Add Xen platform device support for Q35

[Alexey G]

On Mon, 12 Mar 2018 18:44:02 -0300
Eduardo Habkost  wrote:

>On Tue, Mar 13, 2018 at 06:56:37AM +1000, Alexey G wrote:
>> On Mon, 12 Mar 2018 16:44:06 -0300
>> Eduardo Habkost  wrote:
>>   
>> >On Tue, Mar 13, 2018 at 04:34:01AM +1000, Alexey Gerasimenko
>> >wrote:  
>> >> Current Xen/QEMU method to control Xen Platform device on i440 is
>> >> a bit odd -- enabling/disabling Xen platform device actually
>> >> modifies the QEMU emulated machine type, namely xenfv <--> pc.
>> >> 
>> >> In order to avoid multiplying machine types, use a new way to
>> >> control Xen Platform device for QEMU -- "xen-platform-dev" machine
>> >> property (bool). To maintain backward compatibility with existing
>> >> Xen/QEMU setups, this is only applicable to q35 machine currently.
>> >> i440 emulation still uses the old method (i.e. xenfv/pc machine
>> >> selection) to control Xen Platform device, this may be changed
>> >> later to xen-platform-dev property as well.
>> >> 
>> >> This way we can use a single machine type (q35) and change just
>> >> xen-platform-dev value to on/off to control Xen platform device.
>> >> 
>> >> Signed-off-by: Alexey Gerasimenko 
>> >> ---
>> >[...]  
>> >> diff --git a/qemu-options.hx b/qemu-options.hx
>> >> index 6585058c6c..cee0b92028 100644
>> >> --- a/qemu-options.hx
>> >> +++ b/qemu-options.hx
>> >> @@ -38,6 +38,7 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
>> >>  "dump-guest-core=on|off include guest memory
>> >> in a core dump (default=on)\n" "mem-merge=on|off
>> >> controls memory merge support (default: on)\n" "
>> >> igd-passthru=on|off controls IGD GFX passthrough support
>> >> (default=off)\n"
>> >> +"xen-platform-dev=on|off controls Xen
>> >> Platform device (default=off)\n" "
>> >> aes-key-wrap=on|off controls support for AES key wrapping
>> >> (default=on)\n" "dea-key-wrap=on|off controls
>> >> support for DEA key wrapping (default=on)\n" "
>> >> suppress-vmdesc=on|off disables self-describing migration
>> >> (default=off)\n"
>> >
>> >What are the obstacles preventing "-device xen-platform" from
>> >working?  It would be better than adding a new boolean option to
>> >-machine.  
>> 
>> I guess the initial assumption was that changing the
>> xen_platform_device value in Xen's options may cause some additional
>> changes in platform configuration besides adding (or not) the Xen
>> Platform device, hence a completely different machine type was chosen
>> (xenfv).
>> 
>> At the moment pc,accel=xen/xenfv selection mostly governs
>> only the Xen Platform device presence. Also setting max_cpus to
>> HVM_MAX_VCPUS depends on it, but this doesn't applicable to a
>> 'pc,accel=xen' machine for some reason.
>> 
>> If applying HVM_MAX_VCPUS to max_cpus is really necessary I think
>> it's better to set it unconditionally for all 'accel=xen' HVM machine
>> types inside xen_enabled() block. Right now it's missing for
>> pc,accel=xen and q35,accel=xen.  
>
>If you are talking about MachineClass::max_cpus, note that it is
>returned by query-machines, so it's supposed to be a static
>value.  Changing it a runtime would mean the query-machines value
>is incorrect.
>
>Is HVM_MAX_CPUS higher or lower than 255?  If it's higher, does
>it mean the current value on pc and q35 isn't accurate?

HVM_MAX_VCPUS is 128 currently, but there is an ongoing work from Intel
to support more vcpus and >8bit APIC IDs, so this number will likely
change soon.

According to the code, using HVM_MAX_VCPUS in QEMU is a bit excessive as
the maximum number of vcpus is controlled on Xen side anyway. Currently
HVM_MAX_VCPUS is used in a one-time check for the maxcpus value (which
itself comes from libxl).
I think for future compatibility it's better to set mc->max_cpus to
HVM_MAX_VCPUS for all accel=xen HVM-supported machine types, not just
xenfv.

The '-device' approach you suggested seems more preferable than a
machine bool property, I'll try switching to it.

>Is HVM_MAX_CPUS something that needs to be enabled because of
>accel=xen or because or the xen-platform device?
>
>If it's just because of accel=xen, we could introduce a
>AccelClass::max_cpus() method (we also have KVM-imposed CPU count
>limits, currently implemented inside kvm_init()).

Re: [Qemu-devel] [PATCH 2/9] hw/arm/boot: assert that secure_boot and secure_board_setup are false for AArch64

[Philippe Mathieu-Daudé]

On 03/13/2018 04:34 PM, Peter Maydell wrote:
> Add some assertions that if we're about to boot an AArch64 kernel,
> the board code has not mistakenly set either secure_boot or
> secure_board_setup. It doesn't make sense to set secure_boot,
> because all AArch64 kernels must be booted in non-secure mode.
> 
> It might in theory make sense to set secure_board_setup, but
> we don't currently support that, because only the AArch32
> bootloader[] code calls this hook; bootloader_aarch64[] does not.
> Since we don't have a current need for this functionality, just
> assert that we don't try to use it. If it's needed we'll add
> it later.
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/arm/boot.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/hw/arm/boot.c b/hw/arm/boot.c
> index 196c7fb242..e21a92f972 100644
> --- a/hw/arm/boot.c
> +++ b/hw/arm/boot.c
> @@ -720,6 +720,13 @@ static void do_cpu_reset(void *opaque)
>  } else {
>  env->pstate = PSTATE_MODE_EL1h;
>  }
> +/* AArch64 kernels never boot in secure mode */
> +assert(!info->secure_boot);
> +/* This hook is only supported for AArch32 currently:
> + * bootloader_aarch64[] will not call the hook, and
> + * the code above has already dropped us into EL2 or EL1.
> + */
> +assert(!info->secure_board_setup);
>  }
>  
>  /* Set to non-secure if not a secure boot */
> 

Re: [Qemu-devel] [Qemu-arm] [PATCH 1/9] hw/arm/raspi: Don't do board-setup or secure-boot for raspi3

[Philippe Mathieu-Daudé]

On 03/13/2018 04:34 PM, Peter Maydell wrote:
> For the rpi1 and 2 we want to boot the Linux kernel via some
> custom setup code that makes sure that the SMC instruction
> acts as a no-op, because it's used for cache maintenance.
> The rpi3 boots AArch64 kernels, which don't need SMC for
> cache maintenance and always expect to be booted non-secure.
> Don't fill in the aarch32-specific parts of the binfo struct.
> 
> Signed-off-by: Peter Maydell 
> ---
>  hw/arm/raspi.c | 17 +
>  1 file changed, 13 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
> index a37881433c..1ac0737149 100644
> --- a/hw/arm/raspi.c
> +++ b/hw/arm/raspi.c
> @@ -82,10 +82,19 @@ static void setup_boot(MachineState *machine, int 
> version, size_t ram_size)
>  binfo.board_id = raspi_boardid[version];
>  binfo.ram_size = ram_size;
>  binfo.nb_cpus = smp_cpus;
> -binfo.board_setup_addr = BOARDSETUP_ADDR;
> -binfo.write_board_setup = write_board_setup;
> -binfo.secure_board_setup = true;
> -binfo.secure_boot = true;
> +
> +if (version <= 2) {
> +/* The rpi1 and 2 require some custom setup code to run in Secure
> + * mode before booting a kernel (to set up the SMC vectors so
> + * that we get a no-op SMC; this is used by Linux to call the
> + * firmware for some cache maintenance operations.
> + * The rpi3 doesn't need this.
> + */

I was expecting a much complicated fix... neat.

Reviewed-by: Philippe Mathieu-Daudé 

> +binfo.board_setup_addr = BOARDSETUP_ADDR;
> +binfo.write_board_setup = write_board_setup;
> +binfo.secure_board_setup = true;
> +binfo.secure_boot = true;
> +}
>  
>  /* Pi2 and Pi3 requires SMP setup */
>  if (version >= 2) {
> 

Re: [Qemu-devel] [PATCH 8/9] hw/arm/bcm2836: Hardcode correct CPU type

[Philippe Mathieu-Daudé]

On 03/13/2018 06:09 PM, Peter Maydell wrote:
> On 13 March 2018 at 16:55, Andrew Baumann  
> wrote:
>>> From: Qemu-devel >> bounces+andrew.baumann=microsoft@nongnu.org> On Behalf Of Peter
>>> Maydell
>>> Sent: Tuesday, 13 March 2018 08:35
>>>
>>> Now we have separate types for BCM2386 and BCM2387, we might as well
>>> just hard-code the CPU type they use rather than having it passed
>>> through as an object property. This then lets us put the initialization
>>> of the CPU object in init rather than realize.
>>>
>>> Signed-off-by: Peter Maydell 
> 
>>>  static const BCM283XInfo bcm283x_socs[] = {
>>>  {
>>>  .name = TYPE_BCM2836,
>>> +.cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"),
>>
>> At some point I remember seeing a patch to change this to cortex-a7. Is 
>> there a reason we didn't make that change?
>>
>> (Background: the real Pi2 has an A7. When I first implemented the machine 
>> model there was no A7 emulation in QEMU, so I used the A15 which was the 
>> closest equivalent.)
> 
> Yeah, we should do that. I'd forgotten about that, I think
> things just got lost in the shuffle of having several
> patchsets that tried to change the same things at once.
> 
> I guess the simplest thing is to add a patch at the end of
> the series that fixes the cpu type for bcm2836.

Peter, here is the patch Andrew remembered (maybe can be applied at the
end):
http://lists.nongnu.org/archive/html/qemu-devel/2018-02/msg04286.html

> 
> 
>>> --- a/hw/arm/raspi.c
>>> +++ b/hw/arm/raspi.c
>>> @@ -150,8 +150,6 @@ static void raspi_init(MachineState *machine, int
>>> version)
>>>  /* Setup the SOC */
>>>  object_property_add_const_link(OBJECT(>soc), "ram", OBJECT(>ram),
>>> _abort);
>>> -object_property_set_str(OBJECT(>soc), machine->cpu_type, "cpu-type",
>>> -_abort);
>>>  object_property_set_int(OBJECT(>soc), smp_cpus, "enabled-cpus",
>>>  _abort);
>>>  int board_rev = version == 3 ? 0xa02082 : 0xa21041;
>>
>> What about the default_cpu_type field of MachineClass set in
>> raspi[23]_machine_init? That seems irrelevant now...
> 
> Mmm. It doesn't hurt anything, though.
> 
>> Also, if anyone cares (I don't), we also just lost the ability
>> to override the CPU type of a raspi model.
> 
> Yeah, that's deliberate -- I think that letting the user randomly
> plug nonexistent combinations together just confuses people when
> they don't work. I guess I should call it out in the commit message
> though.
> 
> thanks
> -- PMM
> 

Re: [Qemu-devel] [PATCH v5 0/6] Add a valid_cpu_types property

[Philippe Mathieu-Daudé]

On 02/02/2018 01:42 AM, Alistair Francis wrote:
> 
> There are numorous QEMU machines that only have a single or a handful of
> valid CPU options. To simplyfy the management of specificying which CPU
> is/isn't valid let's create a property that can be set in the machine
> init. We can then check to see if the user supplied CPU is in that list
> or not.

Sadly this series missed the 2.12 train.

> 
> I have added the valid_cpu_types for some ARM machines only at the
> moment.
> 
> Here is what specifying the CPUs looks like now:
> 
> $ aarch64-softmmu/qemu-system-aarch64 -M netduino2 -kernel ./u-boot.elf 
> -nographic -cpu "cortex-m3" -S
> QEMU 2.10.50 monitor - type 'help' for more information
> (qemu) info cpus
> * CPU #0: thread_id=24175
> (qemu) q
> 
> $ aarch64-softmmu/qemu-system-aarch64 -M netduino2 -kernel ./u-boot.elf 
> -nographic -cpu "cortex-m4" -S
> QEMU 2.10.50 monitor - type 'help' for more information
> (qemu) q
> 
> $ aarch64-softmmu/qemu-system-aarch64 -M netduino2 -kernel ./u-boot.elf 
> -nographic -cpu "cortex-m5" -S
> qemu-system-aarch64: unable to find CPU model 'cortex-m5'
> 
> $ aarch64-softmmu/qemu-system-aarch64 -M netduino2 -kernel ./u-boot.elf 
> -nographic -cpu "cortex-a9" -S
> qemu-system-aarch64: Invalid CPU type: cortex-a9-arm-cpu
> The valid models are: cortex-m3, cortex-m4
> 
> V5:
>  - Use cpu_model instead of cpu_type
> V4:
>  - Rebase
>  - Remove spaces
> V3:
>  - Make the varialbes static
> V2:
>  - Rebase
>  - Reorder patches
>  - Add a Raspberry Pi 2 CPU fix
> V1:
>  - Small fixes to prepare a series instead of RFC
>  - Add commit messages for the commits
>  - Expand the machine support to ARM machines
> RFC v2:
>  - Rebase on Igor's work
>  - Use more QEMUisms inside the code
>  - List the supported machines in a NULL terminated array
> 
> 
> 
> Alistair Francis (6):
>   machine: Convert the valid cpu types to use cpu_model
>   netduino2: Specify the valid CPUs
>   bcm2836: Use the Cortex-A7 instead of Cortex-A15
>   raspi: Specify the valid CPUs
>   xlnx-zcu102: Specify the valid CPUs
>   xilinx_zynq: Specify the valid CPUs
> 
>  hw/arm/bcm2836.c |  2 +-
>  hw/arm/netduino2.c   | 10 +-
>  hw/arm/raspi.c   |  7 +++
>  hw/arm/xilinx_zynq.c |  6 ++
>  hw/arm/xlnx-zcu102.c | 17 +
>  hw/core/machine.c| 11 +--
>  6 files changed, 45 insertions(+), 8 deletions(-)
> 

[Qemu-devel] [PULL 47/69] MAINTAINERS: Split the Alpha TCG/machine section

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-22-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 07684a1f2d..b17324107f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -127,7 +127,6 @@ Alpha
 M: Richard Henderson 
 S: Maintained
 F: target/alpha/
-F: hw/alpha/
 F: tests/tcg/alpha/
 F: disas/alpha.c
 
@@ -413,6 +412,11 @@ F: include/*/*win32*
 X: qga/*win32*
 F: qemu.nsi
 
+Alpha Machines
+M: Richard Henderson 
+S: Maintained
+F: hw/alpha/
+
 ARM Machines
 
 Allwinner-a10
-- 
2.14.3

[Qemu-devel] [PULL 69/69] tcg: fix cpu_io_recompile

[Paolo Bonzini]

From: Pavel Dovgalyuk 

cpu_io_recompile() function was broken by
the commit 9b990ee5a3cc6aa38f81266fb0c6ef37a36c45b9. Instead of regenerating
the block starting from PC of the original block, it just set the instruction
counter for TCG. In most cases this was unnoticed, but in icount mode
there was an exception for incorrect usage of CF_LAST_IO flag.
This patch recovers recompilation of the original block and also
configures translation for executing single IO instruction which
caused a recompilation.

Signed-off-by: Pavel Dovgalyuk 
Message-Id: <20180227095338.1060.27385.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 accel/tcg/translate-all.c | 18 +++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 67795cd78c..5ad1b919bc 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1728,7 +1728,8 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
 CPUArchState *env = cpu->env_ptr;
 #endif
 TranslationBlock *tb;
-uint32_t n;
+uint32_t n, flags;
+target_ulong pc, cs_base;
 
 tb_lock();
 tb = tb_find_pc(retaddr);
@@ -1766,8 +1767,14 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
 cpu_abort(cpu, "TB too big during recompile");
 }
 
-/* Adjust the execution state of the next TB.  */
-cpu->cflags_next_tb = curr_cflags() | CF_LAST_IO | n;
+pc = tb->pc;
+cs_base = tb->cs_base;
+flags = tb->flags;
+tb_phys_invalidate(tb, -1);
+
+/* Execute one IO instruction without caching
+   instead of creating large TB. */
+cpu->cflags_next_tb = curr_cflags() | CF_LAST_IO | CF_NOCACHE | 1;
 
 if (tb->cflags & CF_NOCACHE) {
 if (tb->orig_tb) {
@@ -1778,6 +1785,11 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
 tb_remove(tb);
 }
 
+/* Generate new TB instead of the current one. */
+/* FIXME: In theory this could raise an exception.  In practice
+   we have already translated the block once so it's probably ok.  */
+tb_gen_code(cpu, pc, cs_base, flags, curr_cflags() | CF_LAST_IO | n);
+
 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
  * the first in the TB) then we end up generating a whole new TB and
  *  repeating the fault, which is horribly inefficient.
-- 
2.14.3

[Qemu-devel] [PATCH v2] xen-pvdevice: Introduce a simplistic xen-pvdevice save state

[Igor Druzhinin]

This should help to avoid problems with accessing the device after
migration/resume without PV drivers by migrating its PCI configuration
space state. Without an explicitly defined state record it resets
every time a VM migrates which confuses the OS and makes every
access to xen-pvdevice MMIO region to fail. PV tools enable some
logic to save and restore PCI configuration state from within the VM
every time it migrates which basically hides the issue.

Older systems will acquire the new record when migrated which should
not change their state for worse.

Signed-off-by: Igor Druzhinin 
Reviewed-by: Paul Durrant 
---
v2: add more concrete info
---
 hw/i386/xen/xen_pvdevice.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/hw/i386/xen/xen_pvdevice.c b/hw/i386/xen/xen_pvdevice.c
index f748823..a146f18 100644
--- a/hw/i386/xen/xen_pvdevice.c
+++ b/hw/i386/xen/xen_pvdevice.c
@@ -71,6 +71,16 @@ static const MemoryRegionOps xen_pv_mmio_ops = {
 .endianness = DEVICE_LITTLE_ENDIAN,
 };
 
+static const VMStateDescription vmstate_xen_pvdevice = {
+.name = "xen-pvdevice",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_PCI_DEVICE(parent_obj, XenPVDevice),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static void xen_pv_realize(PCIDevice *pci_dev, Error **errp)
 {
 XenPVDevice *d = XEN_PV_DEVICE(pci_dev);
@@ -120,6 +130,7 @@ static void xen_pv_class_init(ObjectClass *klass, void 
*data)
 k->class_id = PCI_CLASS_SYSTEM_OTHER;
 dc->desc = "Xen PV Device";
 dc->props = xen_pv_props;
+dc->vmsd = _xen_pvdevice;
 }
 
 static const TypeInfo xen_pv_type_info = {
-- 
2.7.4

Re: [Qemu-devel] [PATCH 8/9] hw/arm/bcm2836: Hardcode correct CPU type

[Philippe Mathieu-Daudé]

On 03/13/2018 06:09 PM, Peter Maydell wrote:
> On 13 March 2018 at 16:55, Andrew Baumann  
> wrote:
>>> From: Qemu-devel >> bounces+andrew.baumann=microsoft@nongnu.org> On Behalf Of Peter
>>> Maydell
>>> Sent: Tuesday, 13 March 2018 08:35
>>>
>>> Now we have separate types for BCM2386 and BCM2387, we might as well
>>> just hard-code the CPU type they use rather than having it passed
>>> through as an object property. This then lets us put the initialization
>>> of the CPU object in init rather than realize.
>>>
>>> Signed-off-by: Peter Maydell 
> 
>>>  static const BCM283XInfo bcm283x_socs[] = {
>>>  {
>>>  .name = TYPE_BCM2836,
>>> +.cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"),
>>
>> At some point I remember seeing a patch to change this to cortex-a7. Is 
>> there a reason we didn't make that change?
>>
>> (Background: the real Pi2 has an A7. When I first implemented the machine 
>> model there was no A7 emulation in QEMU, so I used the A15 which was the 
>> closest equivalent.)
> 
> Yeah, we should do that. I'd forgotten about that, I think
> things just got lost in the shuffle of having several
> patchsets that tried to change the same things at once.
> 
> I guess the simplest thing is to add a patch at the end of
> the series that fixes the cpu type for bcm2836.

Peter, here is the patch Andrew remembered (maybe can be applied at the
end):
http://lists.nongnu.org/archive/html/qemu-devel/2018-02/msg04286.html

> 
> 
>>> --- a/hw/arm/raspi.c
>>> +++ b/hw/arm/raspi.c
>>> @@ -150,8 +150,6 @@ static void raspi_init(MachineState *machine, int
>>> version)
>>>  /* Setup the SOC */
>>>  object_property_add_const_link(OBJECT(>soc), "ram", OBJECT(>ram),
>>> _abort);
>>> -object_property_set_str(OBJECT(>soc), machine->cpu_type, "cpu-type",
>>> -_abort);
>>>  object_property_set_int(OBJECT(>soc), smp_cpus, "enabled-cpus",
>>>  _abort);
>>>  int board_rev = version == 3 ? 0xa02082 : 0xa21041;
>>
>> What about the default_cpu_type field of MachineClass set in
>> raspi[23]_machine_init? That seems irrelevant now...
> 
> Mmm. It doesn't hurt anything, though.
> 
>> Also, if anyone cares (I don't), we also just lost the ability
>> to override the CPU type of a raspi model.
> 
> Yeah, that's deliberate -- I think that letting the user randomly
> plug nonexistent combinations together just confuses people when
> they don't work. I guess I should call it out in the commit message
> though.
> 
> thanks
> -- PMM
> 

Re: [Qemu-devel] [PATCH 8/9] hw/arm/bcm2836: Hardcode correct CPU type

[Philippe Mathieu-Daudé]

On 03/13/2018 04:34 PM, Peter Maydell wrote:
> Now we have separate types for BCM2386 and BCM2387, we might as well
> just hard-code the CPU type they use rather than having it passed
> through as an object property. This then lets us put the initialization
> of the CPU object in init rather than realize.
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  hw/arm/bcm2836.c | 22 +-
>  hw/arm/raspi.c   |  2 --
>  2 files changed, 13 insertions(+), 11 deletions(-)
> 
> diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
> index 7140257c98..12f75b55a7 100644
> --- a/hw/arm/bcm2836.c
> +++ b/hw/arm/bcm2836.c
> @@ -25,16 +25,19 @@
>  
>  struct BCM283XInfo {
>  const char *name;
> +const char *cpu_type;
>  int clusterid;
>  };
>  
>  static const BCM283XInfo bcm283x_socs[] = {
>  {
>  .name = TYPE_BCM2836,
> +.cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"),
>  .clusterid = 0xf,
>  },
>  {
>  .name = TYPE_BCM2837,
> +.cpu_type = ARM_CPU_TYPE_NAME("cortex-a53"),
>  .clusterid = 0x0,
>  },
>  };
> @@ -42,6 +45,16 @@ static const BCM283XInfo bcm283x_socs[] = {
>  static void bcm2836_init(Object *obj)
>  {
>  BCM283XState *s = BCM283X(obj);
> +BCM283XClass *bc = BCM283X_GET_CLASS(obj);
> +const BCM283XInfo *info = bc->info;
> +int n;
> +
> +for (n = 0; n < BCM283X_NCPUS; n++) {
> +object_initialize(>cpus[n], sizeof(s->cpus[n]),
> +  info->cpu_type);
> +object_property_add_child(obj, "cpu[*]", OBJECT(>cpus[n]),
> +  _abort);
> +}
>  
>  object_initialize(>control, sizeof(s->control), TYPE_BCM2836_CONTROL);
>  object_property_add_child(obj, "control", OBJECT(>control), NULL);
> @@ -69,14 +82,6 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
>  
>  /* common peripherals from bcm2835 */
>  
> -obj = OBJECT(dev);
> -for (n = 0; n < BCM283X_NCPUS; n++) {
> -object_initialize(>cpus[n], sizeof(s->cpus[n]),
> -  s->cpu_type);
> -object_property_add_child(obj, "cpu[*]", OBJECT(>cpus[n]),
> -  _abort);
> -}
> -
>  obj = object_property_get_link(OBJECT(dev), "ram", );
>  if (obj == NULL) {
>  error_setg(errp, "%s: required ram link not found: %s",
> @@ -168,7 +173,6 @@ static void bcm2836_realize(DeviceState *dev, Error 
> **errp)
>  }
>  
>  static Property bcm2836_props[] = {
> -DEFINE_PROP_STRING("cpu-type", BCM283XState, cpu_type),
>  DEFINE_PROP_UINT32("enabled-cpus", BCM283XState, enabled_cpus,
> BCM283X_NCPUS),
>  DEFINE_PROP_END_OF_LIST()
> diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
> index f588720138..ae15997669 100644
> --- a/hw/arm/raspi.c
> +++ b/hw/arm/raspi.c
> @@ -150,8 +150,6 @@ static void raspi_init(MachineState *machine, int version)
>  /* Setup the SOC */
>  object_property_add_const_link(OBJECT(>soc), "ram", OBJECT(>ram),
> _abort);
> -object_property_set_str(OBJECT(>soc), machine->cpu_type, "cpu-type",
> -_abort);
>  object_property_set_int(OBJECT(>soc), smp_cpus, "enabled-cpus",
>  _abort);
>  int board_rev = version == 3 ? 0xa02082 : 0xa21041;
> 

[Qemu-devel] [PULL 63/69] replay: check return values of fwrite

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch adds error reporting when fwrite cannot completely
save the buffer to the file.

Signed-off-by: Pavel Dovgalyuk 
Message-Id: <20180227095259.1060.86410.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 replay/replay-internal.c | 17 +++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/replay/replay-internal.c b/replay/replay-internal.c
index 8e7474f787..b077cb5fd5 100644
--- a/replay/replay-internal.c
+++ b/replay/replay-internal.c
@@ -24,12 +24,23 @@
 static QemuMutex lock;
 
 /* File for replay writing */
+static bool write_error;
 FILE *replay_file;
 
+static void replay_write_error(void)
+{
+if (!write_error) {
+error_report("replay write error");
+write_error = true;
+}
+}
+
 void replay_put_byte(uint8_t byte)
 {
 if (replay_file) {
-putc(byte, replay_file);
+if (putc(byte, replay_file) == EOF) {
+replay_write_error();
+}
 }
 }
 
@@ -62,7 +73,9 @@ void replay_put_array(const uint8_t *buf, size_t size)
 {
 if (replay_file) {
 replay_put_dword(size);
-fwrite(buf, 1, size, replay_file);
+if (fwrite(buf, 1, size, replay_file) != size) {
+replay_write_error();
+}
 }
 }
 
-- 
2.14.3

Re: [Qemu-devel] [PATCH 4/9] hw/arm/bcm2386: Fix parent type of bcm2386

[Philippe Mathieu-Daudé]

On 03/13/2018 04:34 PM, Peter Maydell wrote:
> The TypeInfo and state struct for bcm2386 disagree about what the
> parent class is -- the TypeInfo says it's TYPE_SYS_BUS_DEVICE,
> but the BCM2386State struct only defines the parent_obj field
> as DeviceState. This would have caused problems if anything
> actually tried to treat the object as a TYPE_SYS_BUS_DEVICE.
> Fix the TypeInfo to use TYPE_DEVICE as the parent, since we don't
> need any of the additional functionality TYPE_SYS_BUS_DEVICE
> provides.

I once wondered if we can dump the whole devices hierarchy (xml format)
and check consistency, or generate hyperlink doc and graph for the wiki...

> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
> I noticed this when I tried to make the type into one which
> has its own class struct, because we hit the assert that the
> child's class struct had better be bigger than the parent's.

Yeah once you understand this obscure assert(), it is VERY useful.

> ---
>  hw/arm/bcm2836.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
> index 40e8b25a46..9266f27c14 100644
> --- a/hw/arm/bcm2836.c
> +++ b/hw/arm/bcm2836.c
> @@ -165,7 +165,7 @@ static void bcm2836_class_init(ObjectClass *oc, void 
> *data)
>  
>  static const TypeInfo bcm2836_type_info = {
>  .name = TYPE_BCM2836,
> -.parent = TYPE_SYS_BUS_DEVICE,
> +.parent = TYPE_DEVICE,
>  .instance_size = sizeof(BCM2836State),
>  .instance_init = bcm2836_init,
>  .class_init = bcm2836_class_init,
> 

[Qemu-devel] [PULL 68/69] replay: update documentation

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch clarifies the description of the record/replay feature
in docs/replay.txt

Signed-off-by: Pavel Dovgalyuk 
Message-Id: <20180227095333.1060.1331.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 docs/replay.txt | 72 +
 1 file changed, 52 insertions(+), 20 deletions(-)

diff --git a/docs/replay.txt b/docs/replay.txt
index 959633e7ea..2e21e9ccb0 100644
--- a/docs/replay.txt
+++ b/docs/replay.txt
@@ -7,14 +7,10 @@ See the COPYING file in the top-level directory.
 Record/replay
 -
 
-Record/replay functions are used for the reverse execution and deterministic
-replay of qemu execution. This implementation of deterministic replay can
-be used for deterministic debugging of guest code through a gdb remote
-interface.
-
+Record/replay functions are used for the deterministic replay of qemu 
execution.
 Execution recording writes a non-deterministic events log, which can be later
 used for replaying the execution anywhere and for unlimited number of times.
-It also supports checkpointing for faster rewinding during reverse debugging.
+It also supports checkpointing for faster rewind to the specific replay moment.
 Execution replaying reads the log and replays all non-deterministic events
 including external input, hardware clocks, and interrupts.
 
@@ -28,16 +24,36 @@ Deterministic replay has the following features:
input devices.
 
 Usage of the record/replay:
- * First, record the execution, by adding the following arguments to the 
command line:
-   '-icount shift=7,rr=record,rrfile=replay.bin -net none'.
-   Block devices' images are not actually changed in the recording mode,
+ * First, record the execution with the following command line:
+qemu-system-i386 \
+ -icount shift=7,rr=record,rrfile=replay.bin \
+ -drive file=disk.qcow2,if=none,id=img-direct \
+ -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay \
+ -device ide-hd,drive=img-blkreplay \
+ -netdev user,id=net1 -device rtl8139,netdev=net1 \
+ -object filter-replay,id=replay,netdev=net1
+ * After recording, you can replay it by using another command line:
+qemu-system-i386 \
+ -icount shift=7,rr=replay,rrfile=replay.bin \
+ -drive file=disk.qcow2,if=none,id=img-direct \
+ -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay \
+ -device ide-hd,drive=img-blkreplay \
+ -netdev user,id=net1 -device rtl8139,netdev=net1 \
+ -object filter-replay,id=replay,netdev=net1
+   The only difference with recording is changing the rr option
+   from record to replay.
+ * Block device images are not actually changed in the recording mode,
because all of the changes are written to the temporary overlay file.
- * Then you can replay it by using another command
-   line option: '-icount shift=7,rr=replay,rrfile=replay.bin -net none'
- * '-net none' option should also be specified if network replay patches
-   are not applied.
-
-Papers with description of deterministic replay implementation:
+   This behavior is enabled by using blkreplay driver. It should be used
+   for every enabled block device, as described in 'Block devices' section.
+ * '-net none' option should be specified when network is not used,
+   because QEMU adds network card by default. When network is needed,
+   it should be configured explicitly with replay filter, as described
+   in 'Network devices' section.
+ * Interaction with audio devices and serial ports are recorded and replayed
+   automatically when such devices are enabled.
+
+Academic papers with description of deterministic replay implementation:
 http://www.computer.org/csdl/proceedings/csmr/2012/4666/00/4666a553-abs.html
 http://dl.acm.org/citation.cfm?id=2786805.2803179
 
@@ -46,8 +62,11 @@ Modifications of qemu include:
  * saving different asynchronous events (e.g. system shutdown) into the log
  * synchronization of the bottom halves execution
  * synchronization of the threads from thread pool
- * recording/replaying user input (mouse and keyboard)
+ * recording/replaying user input (mouse, keyboard, and microphone)
  * adding internal checkpoints for cpu and io synchronization
+ * network filter for recording and replaying the packets
+ * block driver for making block layer deterministic
+ * serial port input record and replay
 
 Locking and thread synchronisation
 --
@@ -77,12 +96,11 @@ Non-deterministic events
 Our record/replay system is based on saving and replaying non-deterministic
 events (e.g. keyboard input) and simulating deterministic ones (e.g. reading
 from HDD or memory of the VM). Saving only non-deterministic events makes
-log file smaller, simulation faster, and allows using reverse debugging even
-for realtime applications.
+log file smaller and 

[Qemu-devel] [PULL 60/69] replay: make locking visible outside replay code

[Paolo Bonzini]

From: Alex Bennée 

The replay_mutex_lock/unlock/locked functions are now going to be used
for ensuring lock-step behaviour between the two threads. Make them
public API functions and also provide stubs for non-QEMU builds on
common paths.

Signed-off-by: Alex Bennée 
Signed-off-by: Pavel Dovgalyuk 
Message-Id: <20180227095242.1060.16601.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
---
 include/sysemu/replay.h  | 13 +
 replay/replay-internal.c |  2 +-
 replay/replay-internal.h |  6 +++---
 stubs/replay.c   |  8 
 4 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index 401de12130..3ced6bc231 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -48,6 +48,19 @@ extern ReplayMode replay_mode;
 /* Name of the initial VM snapshot */
 extern char *replay_snapshot;
 
+/* Replay locking
+ *
+ * The locks are needed to protect the shared structures and log file
+ * when doing record/replay. They also are the main sync-point between
+ * the main-loop thread and the vCPU thread. This was a role
+ * previously filled by the BQL which has been busy trying to reduce
+ * its impact across the code. This ensures blocks of events stay
+ * sequential and reproducible.
+ */
+
+void replay_mutex_lock(void);
+void replay_mutex_unlock(void);
+
 /* Replay process control functions */
 
 /*! Enables recording or saving event log with specified parameters */
diff --git a/replay/replay-internal.c b/replay/replay-internal.c
index 0d7e1d6bc4..7cdefeaa04 100644
--- a/replay/replay-internal.c
+++ b/replay/replay-internal.c
@@ -181,7 +181,7 @@ void replay_mutex_destroy(void)
 qemu_mutex_destroy();
 }
 
-static bool replay_mutex_locked(void)
+bool replay_mutex_locked(void)
 {
 return replay_locked;
 }
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index 8e4c701751..41eee66e9b 100644
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -100,12 +100,12 @@ int64_t replay_get_qword(void);
 void replay_get_array(uint8_t *buf, size_t *size);
 void replay_get_array_alloc(uint8_t **buf, size_t *size);
 
-/* Mutex functions for protecting replay log file */
+/* Mutex functions for protecting replay log file and ensuring
+ * synchronisation between vCPU and main-loop threads. */
 
 void replay_mutex_init(void);
 void replay_mutex_destroy(void);
-void replay_mutex_lock(void);
-void replay_mutex_unlock(void);
+bool replay_mutex_locked(void);
 
 /*! Checks error status of the file. */
 void replay_check_error(void);
diff --git a/stubs/replay.c b/stubs/replay.c
index 9c8aa48c9c..04279abb2c 100644
--- a/stubs/replay.c
+++ b/stubs/replay.c
@@ -72,3 +72,11 @@ uint64_t blkreplay_next_id(void)
 {
 return 0;
 }
+
+void replay_mutex_lock(void)
+{
+}
+
+void replay_mutex_unlock(void)
+{
+}
-- 
2.14.3

Re: [Qemu-devel] [PATCH 6/9] hw/arm/bcm2836: Create proper bcm2837 device

[Philippe Mathieu-Daudé]

On 03/13/2018 04:34 PM, Peter Maydell wrote:
> The bcm2837 is pretty similar to the bcm2836, but it does have
> some differences. Notably, the MPIDR affinity aff1 values it
> sets for the CPUs are 0x0, rather than the 0xf that the bcm2836
> uses, and if this is wrong Linux will not boot.
> 
> Rather than trying to have one device with properties that
> configure it differently for the two cases, create two
> separate QOM devices for the two SoCs. We use the same approach
> as hw/arm/aspeed_soc.c and share code and have a data table
> that might differ per-SoC. For the moment the two types don't
> actually have different behaviour.

:)

> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  include/hw/arm/bcm2836.h | 19 +++
>  hw/arm/bcm2836.c | 37 -
>  hw/arm/raspi.c   |  3 ++-
>  3 files changed, 53 insertions(+), 6 deletions(-)
> 
> diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
> index 9a10a76631..93248399ba 100644
> --- a/include/hw/arm/bcm2836.h
> +++ b/include/hw/arm/bcm2836.h
> @@ -20,6 +20,13 @@
>  
>  #define BCM283X_NCPUS 4
>  
> +/* These type names are for specific SoCs; other than instantiating
> + * them, code using these devices should always handle them via the
> + * BCM283x base class, so they have no BCM2836(obj) etc macros.
> + */
> +#define TYPE_BCM2836 "bcm2836"
> +#define TYPE_BCM2837 "bcm2837"
> +
>  typedef struct BCM283XState {
>  /*< private >*/
>  DeviceState parent_obj;
> @@ -33,4 +40,16 @@ typedef struct BCM283XState {
>  BCM2835PeripheralState peripherals;
>  } BCM283XState;
>  
> +typedef struct BCM283XInfo BCM283XInfo;
> +
> +typedef struct BCM283XClass {
> +DeviceClass parent_class;
> +const BCM283XInfo *info;
> +} BCM283XClass;
> +
> +#define BCM283X_CLASS(klass) \
> +OBJECT_CLASS_CHECK(BCM283XClass, (klass), TYPE_BCM283X)
> +#define BCM283X_GET_CLASS(obj) \
> +OBJECT_GET_CLASS(BCM283XClass, (obj), TYPE_BCM283X)
> +
>  #endif /* BCM2836_H */
> diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
> index 1d1908654b..07d2705f96 100644
> --- a/hw/arm/bcm2836.c
> +++ b/hw/arm/bcm2836.c
> @@ -23,6 +23,19 @@
>  /* "QA7" (Pi2) interrupt controller and mailboxes etc. */
>  #define BCM2836_CONTROL_BASE0x4000
>  
> +struct BCM283XInfo {
> +const char *name;
> +};
> +
> +static const BCM283XInfo bcm283x_socs[] = {
> +{
> +.name = TYPE_BCM2836,
> +},
> +{
> +.name = TYPE_BCM2837,
> +},
> +};
> +
>  static void bcm2836_init(Object *obj)
>  {
>  BCM283XState *s = BCM283X(obj);
> @@ -156,25 +169,39 @@ static Property bcm2836_props[] = {
>  DEFINE_PROP_END_OF_LIST()
>  };
>  
> -static void bcm2836_class_init(ObjectClass *oc, void *data)
> +static void bcm283x_class_init(ObjectClass *oc, void *data)
>  {
>  DeviceClass *dc = DEVICE_CLASS(oc);
> +BCM283XClass *bc = BCM283X_CLASS(oc);
>  
> -dc->props = bcm2836_props;
> +bc->info = data;
>  dc->realize = bcm2836_realize;
> +dc->props = bcm2836_props;
>  }
>  
> -static const TypeInfo bcm2836_type_info = {
> +static const TypeInfo bcm283x_type_info = {
>  .name = TYPE_BCM283X,
>  .parent = TYPE_DEVICE,
>  .instance_size = sizeof(BCM283XState),
>  .instance_init = bcm2836_init,
> -.class_init = bcm2836_class_init,
> +.class_size = sizeof(BCM283XClass),
> +.abstract = true,
>  };
>  
>  static void bcm2836_register_types(void)
>  {
> -type_register_static(_type_info);
> +int i;
> +
> +type_register_static(_type_info);
> +for (i = 0; i < ARRAY_SIZE(bcm283x_socs); i++) {
> +TypeInfo ti = {
> +.name = bcm283x_socs[i].name,
> +.parent = TYPE_BCM283X,
> +.class_init = bcm283x_class_init,
> +.class_data = (void *) _socs[i],
> +};
> +type_register();
> +}
>  }
>  
>  type_init(bcm2836_register_types)
> diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
> index 58c6e80a17..f588720138 100644
> --- a/hw/arm/raspi.c
> +++ b/hw/arm/raspi.c
> @@ -136,7 +136,8 @@ static void raspi_init(MachineState *machine, int version)
>  BusState *bus;
>  DeviceState *carddev;
>  
> -object_initialize(>soc, sizeof(s->soc), TYPE_BCM283X);
> +object_initialize(>soc, sizeof(s->soc),
> +  version == 3 ? TYPE_BCM2837 : TYPE_BCM2836);
>  object_property_add_child(OBJECT(machine), "soc", OBJECT(>soc),
>_abort);
>  
> 

[Qemu-devel] [PULL 65/69] scripts/replay-dump.py: replay log dumper

[Paolo Bonzini]

From: Alex Bennée 

This script is a debugging tool for looking through the contents of a
replay log file. It is incomplete but should fail gracefully at events
it doesn't understand.

It currently understands two different log formats as the audio
record/replay support was merged during since MTTCG. It was written to
help debug what has caused the BQL changes to break replay support.

Signed-off-by: Alex Bennée 
Message-Id: <20180227095310.1060.14500.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
---
 scripts/replay-dump.py | 308 +
 1 file changed, 308 insertions(+)
 create mode 100755 scripts/replay-dump.py

diff --git a/scripts/replay-dump.py b/scripts/replay-dump.py
new file mode 100755
index 00..e274086277
--- /dev/null
+++ b/scripts/replay-dump.py
@@ -0,0 +1,308 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+# Dump the contents of a recorded execution stream
+#
+#  Copyright (c) 2017 Alex Bennée 
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, see .
+
+import argparse
+import struct
+from collections import namedtuple
+
+# This mirrors some of the global replay state which some of the
+# stream loading refers to. Some decoders may read the next event so
+# we need handle that case. Calling reuse_event will ensure the next
+# event is read from the cache rather than advancing the file.
+
+class ReplayState(object):
+def __init__(self):
+self.event = -1
+self.event_count = 0
+self.already_read = False
+self.current_checkpoint = 0
+self.checkpoint = 0
+
+def set_event(self, ev):
+self.event = ev
+self.event_count += 1
+
+def get_event(self):
+self.already_read = False
+return self.event
+
+def reuse_event(self, ev):
+self.event = ev
+self.already_read = True
+
+def set_checkpoint(self):
+self.checkpoint = self.event - self.checkpoint_start
+
+def get_checkpoint(self):
+return self.checkpoint
+
+replay_state = ReplayState()
+
+# Simple read functions that mirror replay-internal.c
+# The file-stream is big-endian and manually written out a byte at a time.
+
+def read_byte(fin):
+"Read a single byte"
+return struct.unpack('>B', fin.read(1))[0]
+
+def read_event(fin):
+"Read a single byte event, but save some state"
+if replay_state.already_read:
+return replay_state.get_event()
+else:
+replay_state.set_event(read_byte(fin))
+return replay_state.event
+
+def read_word(fin):
+"Read a 16 bit word"
+return struct.unpack('>H', fin.read(2))[0]
+
+def read_dword(fin):
+"Read a 32 bit word"
+return struct.unpack('>I', fin.read(4))[0]
+
+def read_qword(fin):
+"Read a 64 bit word"
+return struct.unpack('>Q', fin.read(8))[0]
+
+# Generic decoder structure
+Decoder = namedtuple("Decoder", "eid name fn")
+
+def call_decode(table, index, dumpfile):
+"Search decode table for next step"
+decoder = next((d for d in table if d.eid == index), None)
+if not decoder:
+print "Could not decode index: %d" % (index)
+print "Entry is: %s" % (decoder)
+print "Decode Table is:\n%s" % (table)
+return False
+else:
+return decoder.fn(decoder.eid, decoder.name, dumpfile)
+
+# Print event
+def print_event(eid, name, string=None, event_count=None):
+"Print event with count"
+if not event_count:
+event_count = replay_state.event_count
+
+if string:
+print "%d:%s(%d) %s" % (event_count, name, eid, string)
+else:
+print "%d:%s(%d)" % (event_count, name, eid)
+
+
+# Decoders for each event type
+
+def decode_unimp(eid, name, _unused_dumpfile):
+"Unimplimented decoder, will trigger exit"
+print "%s not handled - will now stop" % (name)
+return False
+
+# Checkpoint decoder
+def swallow_async_qword(eid, name, dumpfile):
+"Swallow a qword of data without looking at it"
+step_id = read_qword(dumpfile)
+print "  %s(%d) @ %d" % (name, eid, step_id)
+return True
+
+async_decode_table = [ Decoder(0, "REPLAY_ASYNC_EVENT_BH", 
swallow_async_qword),
+   Decoder(1, "REPLAY_ASYNC_INPUT", decode_unimp),
+   Decoder(2, 

Re: [Qemu-devel] [PATCH 5/9] hw/arm/bcm2836: Rename bcm2836 type/struct to bcm283x

[Philippe Mathieu-Daudé]

On 03/13/2018 04:34 PM, Peter Maydell wrote:
> Our BCM2836 type is really a generic one that can be any of
> the bcm283x family. Rename it accordingly. We change only
> the names which are visible via the header file to the
> rest of the QEMU code, leaving private function names
> in bcm2836.c as they are.
> 
> This is a preliminary to making bcm283x be an abstract
> parent class to specific types for the bcm2836 and bcm2837.
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  include/hw/arm/bcm2836.h | 12 ++--
>  hw/arm/bcm2836.c | 17 +
>  hw/arm/raspi.c   | 16 
>  3 files changed, 23 insertions(+), 22 deletions(-)
> 
> diff --git a/include/hw/arm/bcm2836.h b/include/hw/arm/bcm2836.h
> index 4758b4ae54..9a10a76631 100644
> --- a/include/hw/arm/bcm2836.h
> +++ b/include/hw/arm/bcm2836.h
> @@ -15,12 +15,12 @@
>  #include "hw/arm/bcm2835_peripherals.h"
>  #include "hw/intc/bcm2836_control.h"
>  
> -#define TYPE_BCM2836 "bcm2836"
> -#define BCM2836(obj) OBJECT_CHECK(BCM2836State, (obj), TYPE_BCM2836)
> +#define TYPE_BCM283X "bcm283x"
> +#define BCM283X(obj) OBJECT_CHECK(BCM283XState, (obj), TYPE_BCM283X)
>  
> -#define BCM2836_NCPUS 4
> +#define BCM283X_NCPUS 4
>  
> -typedef struct BCM2836State {
> +typedef struct BCM283XState {
>  /*< private >*/
>  DeviceState parent_obj;
>  /*< public >*/
> @@ -28,9 +28,9 @@ typedef struct BCM2836State {
>  char *cpu_type;
>  uint32_t enabled_cpus;
>  
> -ARMCPU cpus[BCM2836_NCPUS];
> +ARMCPU cpus[BCM283X_NCPUS];
>  BCM2836ControlState control;
>  BCM2835PeripheralState peripherals;
> -} BCM2836State;
> +} BCM283XState;
>  
>  #endif /* BCM2836_H */
> diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
> index 9266f27c14..1d1908654b 100644
> --- a/hw/arm/bcm2836.c
> +++ b/hw/arm/bcm2836.c
> @@ -25,7 +25,7 @@
>  
>  static void bcm2836_init(Object *obj)
>  {
> -BCM2836State *s = BCM2836(obj);
> +BCM283XState *s = BCM283X(obj);
>  
>  object_initialize(>control, sizeof(s->control), TYPE_BCM2836_CONTROL);
>  object_property_add_child(obj, "control", OBJECT(>control), NULL);
> @@ -44,7 +44,7 @@ static void bcm2836_init(Object *obj)
>  
>  static void bcm2836_realize(DeviceState *dev, Error **errp)
>  {
> -BCM2836State *s = BCM2836(dev);
> +BCM283XState *s = BCM283X(dev);
>  Object *obj;
>  Error *err = NULL;
>  int n;
> @@ -52,7 +52,7 @@ static void bcm2836_realize(DeviceState *dev, Error **errp)
>  /* common peripherals from bcm2835 */
>  
>  obj = OBJECT(dev);
> -for (n = 0; n < BCM2836_NCPUS; n++) {
> +for (n = 0; n < BCM283X_NCPUS; n++) {
>  object_initialize(>cpus[n], sizeof(s->cpus[n]),
>s->cpu_type);
>  object_property_add_child(obj, "cpu[*]", OBJECT(>cpus[n]),
> @@ -102,7 +102,7 @@ static void bcm2836_realize(DeviceState *dev, Error 
> **errp)
>  sysbus_connect_irq(SYS_BUS_DEVICE(>peripherals), 1,
>  qdev_get_gpio_in_named(DEVICE(>control), "gpu-fiq", 0));
>  
> -for (n = 0; n < BCM2836_NCPUS; n++) {
> +for (n = 0; n < BCM283X_NCPUS; n++) {
>  /* Mirror bcm2836, which has clusterid set to 0xf
>   * TODO: this should be converted to a property of ARM_CPU
>   */
> @@ -150,8 +150,9 @@ static void bcm2836_realize(DeviceState *dev, Error 
> **errp)
>  }
>  
>  static Property bcm2836_props[] = {
> -DEFINE_PROP_STRING("cpu-type", BCM2836State, cpu_type),
> -DEFINE_PROP_UINT32("enabled-cpus", BCM2836State, enabled_cpus, 
> BCM2836_NCPUS),
> +DEFINE_PROP_STRING("cpu-type", BCM283XState, cpu_type),
> +DEFINE_PROP_UINT32("enabled-cpus", BCM283XState, enabled_cpus,
> +   BCM283X_NCPUS),
>  DEFINE_PROP_END_OF_LIST()
>  };
>  
> @@ -164,9 +165,9 @@ static void bcm2836_class_init(ObjectClass *oc, void 
> *data)
>  }
>  
>  static const TypeInfo bcm2836_type_info = {
> -.name = TYPE_BCM2836,
> +.name = TYPE_BCM283X,
>  .parent = TYPE_DEVICE,
> -.instance_size = sizeof(BCM2836State),
> +.instance_size = sizeof(BCM283XState),
>  .instance_init = bcm2836_init,
>  .class_init = bcm2836_class_init,
>  };
> diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
> index 1ac0737149..58c6e80a17 100644
> --- a/hw/arm/raspi.c
> +++ b/hw/arm/raspi.c
> @@ -32,7 +32,7 @@
>  static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43, [3] = 0xc44};
>  
>  typedef struct RasPiState {
> -BCM2836State soc;
> +BCM283XState soc;
>  MemoryRegion ram;
>  } RasPiState;
>  
> @@ -136,7 +136,7 @@ static void raspi_init(MachineState *machine, int version)
>  BusState *bus;
>  DeviceState *carddev;
>  
> -object_initialize(>soc, sizeof(s->soc), TYPE_BCM2836);
> +object_initialize(>soc, sizeof(s->soc), TYPE_BCM283X);
>  object_property_add_child(OBJECT(machine), "soc", OBJECT(>soc),
>

[Qemu-devel] [PULL 56/69] replay: added replay log format description

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch adds description of the replay log file format
into the docs/replay.txt.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Paolo Bonzini 
Message-Id: <20180227095220.1060.58759.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
---
 docs/replay.txt | 69 +
 1 file changed, 69 insertions(+)

diff --git a/docs/replay.txt b/docs/replay.txt
index 486c1e0e9d..c52407fe23 100644
--- a/docs/replay.txt
+++ b/docs/replay.txt
@@ -232,3 +232,72 @@ Audio devices
 Audio data is recorded and replay automatically. The command line for recording
 and replaying must contain identical specifications of audio hardware, e.g.:
  -soundhw ac97
+
+Replay log format
+-
+
+Record/replay log consits of the header and the sequence of execution
+events. The header includes 4-byte replay version id and 8-byte reserved
+field. Version is updated every time replay log format changes to prevent
+using replay log created by another build of qemu.
+
+The sequence of the events describes virtual machine state changes.
+It includes all non-deterministic inputs of VM, synchronization marks and
+instruction counts used to correctly inject inputs at replay.
+
+Synchronization marks (checkpoints) are used for synchronizing qemu threads
+that perform operations with virtual hardware. These operations may change
+system's state (e.g., change some register or generate interrupt) and
+therefore should execute synchronously with CPU thread.
+
+Every event in the log includes 1-byte event id and optional arguments.
+When argument is an array, it is stored as 4-byte array length
+and corresponding number of bytes with data.
+Here is the list of events that are written into the log:
+
+ - EVENT_INSTRUCTION. Instructions executed since last event.
+   Argument: 4-byte number of executed instructions.
+ - EVENT_INTERRUPT. Used to synchronize interrupt processing.
+ - EVENT_EXCEPTION. Used to synchronize exception handling.
+ - EVENT_ASYNC. This is a group of events. They are always processed
+   together with checkpoints. When such an event is generated, it is
+   stored in the queue and processed only when checkpoint occurs.
+   Every such event is followed by 1-byte checkpoint id and 1-byte
+   async event id from the following list:
+ - REPLAY_ASYNC_EVENT_BH. Bottom-half callback. This event synchronizes
+   callbacks that affect virtual machine state, but normally called
+   asyncronously.
+   Argument: 8-byte operation id.
+ - REPLAY_ASYNC_EVENT_INPUT. Input device event. Contains
+   parameters of keyboard and mouse input operations
+   (key press/release, mouse pointer movement).
+   Arguments: 9-16 bytes depending of input event.
+ - REPLAY_ASYNC_EVENT_INPUT_SYNC. Internal input synchronization event.
+ - REPLAY_ASYNC_EVENT_CHAR_READ. Character (e.g., serial port) device input
+   initiated by the sender.
+   Arguments: 1-byte character device id.
+  Array with bytes were read.
+ - REPLAY_ASYNC_EVENT_BLOCK. Block device operation. Used to synchronize
+   operations with disk and flash drives with CPU.
+   Argument: 8-byte operation id.
+ - REPLAY_ASYNC_EVENT_NET. Incoming network packet.
+   Arguments: 1-byte network adapter id.
+  4-byte packet flags.
+  Array with packet bytes.
+ - EVENT_SHUTDOWN. Occurs when user sends shutdown event to qemu,
+   e.g., by closing the window.
+ - EVENT_CHAR_WRITE. Used to synchronize character output operations.
+   Arguments: 4-byte output function return value.
+  4-byte offset in the output array.
+ - EVENT_CHAR_READ_ALL. Used to synchronize character input operations,
+   initiated by qemu.
+   Argument: Array with bytes that were read.
+ - EVENT_CHAR_READ_ALL_ERROR. Unsuccessful character input operation,
+   initiated by qemu.
+   Argument: 4-byte error code.
+ - EVENT_CLOCK + clock_id. Group of events for host clock read operations.
+   Argument: 8-byte clock value.
+ - EVENT_CHECKPOINT + checkpoint_id. Checkpoint for synchronization of
+   CPU, internal threads, and asynchronous input events. May be followed
+   by one or more EVENT_ASYNC events.
+ - EVENT_END. Last event in the log.
-- 
2.14.3

[Qemu-devel] [PULL 62/69] replay: push replay_mutex_lock up the call tree

[Paolo Bonzini]

From: Alex Bennée 

Now instead of using the replay_lock to guard the output of the log we
now use it to protect the whole execution section. This replaces what
the BQL used to do when it was held during TCG execution.

We also introduce some rules for locking order - mainly that you
cannot take the replay_mutex while holding the BQL. This leads to some
slight sophistry during start-up and extending the
replay_mutex_destroy function to unlock the mutex without checking
for the BQL condition so it can be cleanly dropped in the non-replay
case.

Signed-off-by: Alex Bennée 
Signed-off-by: Pavel Dovgalyuk 
Tested-by: Pavel Dovgalyuk 
Message-Id: <20180227095248.1060.40374.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Alex Bennée 
---
 cpus.c   | 24 ++--
 docs/replay.txt  | 22 ++
 replay/replay-audio.c| 14 --
 replay/replay-char.c | 21 -
 replay/replay-events.c   | 20 +++-
 replay/replay-internal.c | 24 
 replay/replay-time.c | 10 +-
 replay/replay.c  | 34 +-
 util/main-loop.c | 15 +++
 vl.c |  1 +
 10 files changed, 109 insertions(+), 76 deletions(-)

diff --git a/cpus.c b/cpus.c
index c652da84cf..2e6701795b 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1317,6 +1317,8 @@ static void prepare_icount_for_run(CPUState *cpu)
 insns_left = MIN(0x, cpu->icount_budget);
 cpu->icount_decr.u16.low = insns_left;
 cpu->icount_extra = cpu->icount_budget - insns_left;
+
+replay_mutex_lock();
 }
 }
 
@@ -1332,6 +1334,8 @@ static void process_icount_data(CPUState *cpu)
 cpu->icount_budget = 0;
 
 replay_account_executed_instructions();
+
+replay_mutex_unlock();
 }
 }
 
@@ -1346,11 +1350,9 @@ static int tcg_cpu_exec(CPUState *cpu)
 #ifdef CONFIG_PROFILER
 ti = profile_getclock();
 #endif
-qemu_mutex_unlock_iothread();
 cpu_exec_start(cpu);
 ret = cpu_exec(cpu);
 cpu_exec_end(cpu);
-qemu_mutex_lock_iothread();
 #ifdef CONFIG_PROFILER
 tcg_time += profile_getclock() - ti;
 #endif
@@ -1417,6 +1419,9 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
 cpu->exit_request = 1;
 
 while (1) {
+qemu_mutex_unlock_iothread();
+replay_mutex_lock();
+qemu_mutex_lock_iothread();
 /* Account partial waits to QEMU_CLOCK_VIRTUAL.  */
 qemu_account_warp_timer();
 
@@ -1425,6 +1430,8 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
  */
 handle_icount_deadline();
 
+replay_mutex_unlock();
+
 if (!cpu) {
 cpu = first_cpu;
 }
@@ -1440,11 +1447,13 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
 if (cpu_can_run(cpu)) {
 int r;
 
+qemu_mutex_unlock_iothread();
 prepare_icount_for_run(cpu);
 
 r = tcg_cpu_exec(cpu);
 
 process_icount_data(cpu);
+qemu_mutex_lock_iothread();
 
 if (r == EXCP_DEBUG) {
 cpu_handle_guest_debug(cpu);
@@ -1634,7 +1643,9 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 while (1) {
 if (cpu_can_run(cpu)) {
 int r;
+qemu_mutex_unlock_iothread();
 r = tcg_cpu_exec(cpu);
+qemu_mutex_lock_iothread();
 switch (r) {
 case EXCP_DEBUG:
 cpu_handle_guest_debug(cpu);
@@ -1781,12 +1792,21 @@ void pause_all_vcpus(void)
 }
 }
 
+/* We need to drop the replay_lock so any vCPU threads woken up
+ * can finish their replay tasks
+ */
+replay_mutex_unlock();
+
 while (!all_vcpus_paused()) {
 qemu_cond_wait(_pause_cond, _global_mutex);
 CPU_FOREACH(cpu) {
 qemu_cpu_kick(cpu);
 }
 }
+
+qemu_mutex_unlock_iothread();
+replay_mutex_lock();
+qemu_mutex_lock_iothread();
 }
 
 void cpu_resume(CPUState *cpu)
diff --git a/docs/replay.txt b/docs/replay.txt
index c52407fe23..959633e7ea 100644
--- a/docs/replay.txt
+++ b/docs/replay.txt
@@ -49,6 +49,28 @@ Modifications of qemu include:
  * recording/replaying user input (mouse and keyboard)
  * adding internal checkpoints for cpu and io synchronization
 
+Locking and thread synchronisation
+--
+
+Previously the synchronisation of the main thread and the vCPU thread
+was ensured by the holding of the BQL. However the trend has been to
+reduce the time the BQL was held across the system including under TCG
+system emulation. As it is important that batches of events are kept
+in sequence (e.g. expiring timers and checkpoints in the main thread
+while 

[Qemu-devel] [PULL 64/69] replay: avoid recursive call of checkpoints

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch adds a flag which denies recursive call of replay_checkpoint
function. Checkpoints may be accompanied by the hardware events. When event
is processed, virtual device may invoke timer modification functions that
also invoke the checkpoint function. This leads to infinite loop.

Signed-off-by: Pavel Dovgalyuk 
Message-Id: <20180227095305.1060.56463.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 replay/replay.c | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/replay/replay.c b/replay/replay.c
index 90f98b7490..eae8daf18a 100644
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -176,13 +176,24 @@ void replay_shutdown_request(ShutdownCause cause)
 bool replay_checkpoint(ReplayCheckpoint checkpoint)
 {
 bool res = false;
+static bool in_checkpoint;
 assert(EVENT_CHECKPOINT + checkpoint <= EVENT_CHECKPOINT_LAST);
-replay_save_instructions();
 
 if (!replay_file) {
 return true;
 }
 
+if (in_checkpoint) {
+/* If we are already in checkpoint, then there is no need
+   for additional synchronization.
+   Recursion occurs when HW event modifies timers.
+   Timer modification may invoke the checkpoint and
+   proceed to recursion. */
+return true;
+}
+in_checkpoint = true;
+
+replay_save_instructions();
 
 if (replay_mode == REPLAY_MODE_PLAY) {
 g_assert(replay_mutex_locked());
@@ -204,6 +215,7 @@ bool replay_checkpoint(ReplayCheckpoint checkpoint)
 res = true;
 }
 out:
+in_checkpoint = false;
 return res;
 }
 
-- 
2.14.3

[Qemu-devel] [PULL 50/69] hw/alpha/dp264: Use the TYPE_SMC37C669_SUPERIO

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-25-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 default-configs/alpha-softmmu.mak |  3 +++
 hw/alpha/dp264.c  | 10 --
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/default-configs/alpha-softmmu.mak 
b/default-configs/alpha-softmmu.mak
index 3740adc5e9..bbe361f01a 100644
--- a/default-configs/alpha-softmmu.mak
+++ b/default-configs/alpha-softmmu.mak
@@ -7,6 +7,9 @@ CONFIG_SERIAL_ISA=y
 CONFIG_I82374=y
 CONFIG_I8254=y
 CONFIG_I8257=y
+CONFIG_PARALLEL=y
+CONFIG_PARALLEL_ISA=y
+CONFIG_FDC=y
 CONFIG_PCKBD=y
 CONFIG_VGA_CIRRUS=y
 CONFIG_IDE_CORE=y
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index ffad678ea7..80b987f7fb 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -19,8 +19,7 @@
 #include "hw/timer/mc146818rtc.h"
 #include "hw/ide.h"
 #include "hw/timer/i8254.h"
-#include "hw/input/i8042.h"
-#include "hw/char/serial.h"
+#include "hw/isa/superio.h"
 #include "hw/dma/i8257.h"
 #include "qemu/cutils.h"
 
@@ -83,14 +82,10 @@ static void clipper_init(MachineState *machine)
 mc146818_rtc_init(isa_bus, 1900, rtc_irq);
 
 i8254_pit_init(isa_bus, 0x40, 0, NULL);
-isa_create_simple(isa_bus, TYPE_I8042);
 
 /* VGA setup.  Don't bother loading the bios.  */
 pci_vga_init(pci_bus);
 
-/* Serial code setup.  */
-serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
-
 /* Network setup.  e1000 is good enough, failing Tulip support.  */
 for (i = 0; i < nb_nics; i++) {
 pci_nic_init_nofail(_table[i], pci_bus, "e1000", NULL);
@@ -99,6 +94,9 @@ static void clipper_init(MachineState *machine)
 /* 2 82C37 (dma) */
 isa_create_simple(isa_bus, "i82374");
 
+/* Super I/O */
+isa_create_simple(isa_bus, TYPE_SMC37C669_SUPERIO);
+
 /* IDE disk setup.  */
 {
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
-- 
2.14.3

[Qemu-devel] [PULL 57/69] replay: save prior value of the host clock

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch adds saving/restoring of the host clock field 'last'.
It is used in host clock calculation and therefore clock may
become incorrect when using restored vmstate.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Paolo Bonzini 
Message-Id: <20180227095226.1060.50975.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 include/qemu/timer.h | 14 ++
 replay/replay-internal.h |  2 ++
 replay/replay-snapshot.c |  3 +++
 util/qemu-timer.c| 12 
 4 files changed, 31 insertions(+)

diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index 3b5a54b014..39ea907e65 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -251,6 +251,20 @@ bool qemu_clock_run_timers(QEMUClockType type);
  */
 bool qemu_clock_run_all_timers(void);
 
+/**
+ * qemu_clock_get_last:
+ *
+ * Returns last clock query time.
+ */
+uint64_t qemu_clock_get_last(QEMUClockType type);
+/**
+ * qemu_clock_set_last:
+ *
+ * Sets last clock query time.
+ */
+void qemu_clock_set_last(QEMUClockType type, uint64_t last);
+
+
 /*
  * QEMUTimerList
  */
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index 3ebb19912a..be96d7e879 100644
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -78,6 +78,8 @@ typedef struct ReplayState {
 This counter is global, because requests from different
 block devices should not get overlapping ids. */
 uint64_t block_request_id;
+/*! Prior value of the host clock */
+uint64_t host_clock_last;
 } ReplayState;
 extern ReplayState replay_state;
 
diff --git a/replay/replay-snapshot.c b/replay/replay-snapshot.c
index 7075986ab5..e0b2204765 100644
--- a/replay/replay-snapshot.c
+++ b/replay/replay-snapshot.c
@@ -25,6 +25,7 @@ static int replay_pre_save(void *opaque)
 {
 ReplayState *state = opaque;
 state->file_offset = ftell(replay_file);
+state->host_clock_last = qemu_clock_get_last(QEMU_CLOCK_HOST);
 
 return 0;
 }
@@ -33,6 +34,7 @@ static int replay_post_load(void *opaque, int version_id)
 {
 ReplayState *state = opaque;
 fseek(replay_file, state->file_offset, SEEK_SET);
+qemu_clock_set_last(QEMU_CLOCK_HOST, state->host_clock_last);
 /* If this was a vmstate, saved in recording mode,
we need to initialize replay data fields. */
 replay_fetch_data_kind();
@@ -54,6 +56,7 @@ static const VMStateDescription vmstate_replay = {
 VMSTATE_UINT32(has_unread_data, ReplayState),
 VMSTATE_UINT64(file_offset, ReplayState),
 VMSTATE_UINT64(block_request_id, ReplayState),
+VMSTATE_UINT64(host_clock_last, ReplayState),
 VMSTATE_END_OF_LIST()
 },
 };
diff --git a/util/qemu-timer.c b/util/qemu-timer.c
index 82d56507a2..2ed1bf2778 100644
--- a/util/qemu-timer.c
+++ b/util/qemu-timer.c
@@ -622,6 +622,18 @@ int64_t qemu_clock_get_ns(QEMUClockType type)
 }
 }
 
+uint64_t qemu_clock_get_last(QEMUClockType type)
+{
+QEMUClock *clock = qemu_clock_ptr(type);
+return clock->last;
+}
+
+void qemu_clock_set_last(QEMUClockType type, uint64_t last)
+{
+QEMUClock *clock = qemu_clock_ptr(type);
+clock->last = last;
+}
+
 void qemu_clock_register_reset_notifier(QEMUClockType type,
 Notifier *notifier)
 {
-- 
2.14.3

[Qemu-devel] [PULL 67/69] replay: save vmstate of the asynchronous events

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch fixes saving and loading the snapshots in the replay mode.
It is required for the snapshots created in the moment when the header
of the asynchronous event is read. This information was not saved in
the snapshot. After loading the vmstate replay continued with the file offset
passed the event header. The event header is lost in this case and replay
hangs.

Signed-off-by: Pavel Dovgalyuk 
Message-Id: <20180227095322.1060.53929.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
---
 replay/replay-events.c   | 44 +---
 replay/replay-internal.h |  6 ++
 replay/replay-snapshot.c |  3 +++
 3 files changed, 30 insertions(+), 23 deletions(-)

diff --git a/replay/replay-events.c b/replay/replay-events.c
index 3d5fc8a479..707de3867b 100644
--- a/replay/replay-events.c
+++ b/replay/replay-events.c
@@ -27,10 +27,6 @@ typedef struct Event {
 } Event;
 
 static QTAILQ_HEAD(, Event) events_list = QTAILQ_HEAD_INITIALIZER(events_list);
-static unsigned int read_event_kind = -1;
-static uint64_t read_id = -1;
-static int read_checkpoint = -1;
-
 static bool events_enabled;
 
 /* Functions */
@@ -218,58 +214,60 @@ void replay_save_events(int checkpoint)
 static Event *replay_read_event(int checkpoint)
 {
 Event *event;
-if (read_event_kind == -1) {
-read_checkpoint = replay_get_byte();
-read_event_kind = replay_get_byte();
-read_id = -1;
+if (replay_state.read_event_kind == -1) {
+replay_state.read_event_checkpoint = replay_get_byte();
+replay_state.read_event_kind = replay_get_byte();
+replay_state.read_event_id = -1;
 replay_check_error();
 }
 
-if (checkpoint != read_checkpoint) {
+if (checkpoint != replay_state.read_event_checkpoint) {
 return NULL;
 }
 
 /* Events that has not to be in the queue */
-switch (read_event_kind) {
+switch (replay_state.read_event_kind) {
 case REPLAY_ASYNC_EVENT_BH:
-if (read_id == -1) {
-read_id = replay_get_qword();
+if (replay_state.read_event_id == -1) {
+replay_state.read_event_id = replay_get_qword();
 }
 break;
 case REPLAY_ASYNC_EVENT_INPUT:
 event = g_malloc0(sizeof(Event));
-event->event_kind = read_event_kind;
+event->event_kind = replay_state.read_event_kind;
 event->opaque = replay_read_input_event();
 return event;
 case REPLAY_ASYNC_EVENT_INPUT_SYNC:
 event = g_malloc0(sizeof(Event));
-event->event_kind = read_event_kind;
+event->event_kind = replay_state.read_event_kind;
 event->opaque = 0;
 return event;
 case REPLAY_ASYNC_EVENT_CHAR_READ:
 event = g_malloc0(sizeof(Event));
-event->event_kind = read_event_kind;
+event->event_kind = replay_state.read_event_kind;
 event->opaque = replay_event_char_read_load();
 return event;
 case REPLAY_ASYNC_EVENT_BLOCK:
-if (read_id == -1) {
-read_id = replay_get_qword();
+if (replay_state.read_event_id == -1) {
+replay_state.read_event_id = replay_get_qword();
 }
 break;
 case REPLAY_ASYNC_EVENT_NET:
 event = g_malloc0(sizeof(Event));
-event->event_kind = read_event_kind;
+event->event_kind = replay_state.read_event_kind;
 event->opaque = replay_event_net_load();
 return event;
 default:
-error_report("Unknown ID %d of replay event", read_event_kind);
+error_report("Unknown ID %d of replay event",
+replay_state.read_event_kind);
 exit(1);
 break;
 }
 
 QTAILQ_FOREACH(event, _list, events) {
-if (event->event_kind == read_event_kind
-&& (read_id == -1 || read_id == event->id)) {
+if (event->event_kind == replay_state.read_event_kind
+&& (replay_state.read_event_id == -1
+|| replay_state.read_event_id == event->id)) {
 break;
 }
 }
@@ -295,7 +293,7 @@ void replay_read_events(int checkpoint)
 break;
 }
 replay_finish_event();
-read_event_kind = -1;
+replay_state.read_event_kind = -1;
 replay_run_event(event);
 
 g_free(event);
@@ -304,7 +302,7 @@ void replay_read_events(int checkpoint)
 
 void replay_init_events(void)
 {
-read_event_kind = -1;
+replay_state.read_event_kind = -1;
 }
 
 void replay_finish_events(void)
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index d4037058e4..ac4b27b674 100644
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -80,6 +80,12 @@ typedef struct ReplayState {
 uint64_t block_request_id;
 /*! Prior value of the host clock */
 uint64_t host_clock_last;
+/*! Asynchronous event type read from the log */
+int32_t 

[Qemu-devel] [PULL 61/69] replay: don't destroy mutex at exit

[Paolo Bonzini]

From: Pavel Dovgalyuk 

Replay mutex is held by vCPU thread and destroy function is called
from atexit of the main thread. Therefore we cannot destroy it safely.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Paolo Bonzini 
Message-Id: <20180227095254.1060.96971.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 replay/replay-internal.c | 5 -
 replay/replay-internal.h | 1 -
 replay/replay.c  | 1 -
 3 files changed, 7 deletions(-)

diff --git a/replay/replay-internal.c b/replay/replay-internal.c
index 7cdefeaa04..fa7bba6dfd 100644
--- a/replay/replay-internal.c
+++ b/replay/replay-internal.c
@@ -176,11 +176,6 @@ void replay_mutex_init(void)
 qemu_mutex_init();
 }
 
-void replay_mutex_destroy(void)
-{
-qemu_mutex_destroy();
-}
-
 bool replay_mutex_locked(void)
 {
 return replay_locked;
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index 41eee66e9b..d4037058e4 100644
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -104,7 +104,6 @@ void replay_get_array_alloc(uint8_t **buf, size_t *size);
  * synchronisation between vCPU and main-loop threads. */
 
 void replay_mutex_init(void);
-void replay_mutex_destroy(void);
 bool replay_mutex_locked(void);
 
 /*! Checks error status of the file. */
diff --git a/replay/replay.c b/replay/replay.c
index 9cddb6bfc9..5d05ee0460 100644
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -358,7 +358,6 @@ void replay_finish(void)
 replay_snapshot = NULL;
 
 replay_finish_events();
-replay_mutex_destroy();
 }
 
 void replay_add_blocker(Error *reason)
-- 
2.14.3

[Qemu-devel] [PULL 59/69] replay/replay-internal.c: track holding of replay_lock

[Paolo Bonzini]

From: Alex Bennée 

This is modelled after the iothread mutex lock. We keep a TLS flag to
indicate when that thread has acquired the lock and assert we don't
double-lock or release when we shouldn't have.

Signed-off-by: Alex Bennée 
Tested-by: Pavel Dovgalyuk 
Message-Id: <20180227095237.1060.44661.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
---
 replay/replay-internal.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/replay/replay-internal.c b/replay/replay-internal.c
index fca8514012..0d7e1d6bc4 100644
--- a/replay/replay-internal.c
+++ b/replay/replay-internal.c
@@ -169,6 +169,8 @@ void replay_finish_event(void)
 replay_fetch_data_kind();
 }
 
+static __thread bool replay_locked;
+
 void replay_mutex_init(void)
 {
 qemu_mutex_init();
@@ -179,13 +181,22 @@ void replay_mutex_destroy(void)
 qemu_mutex_destroy();
 }
 
+static bool replay_mutex_locked(void)
+{
+return replay_locked;
+}
+
 void replay_mutex_lock(void)
 {
+g_assert(!replay_mutex_locked());
 qemu_mutex_lock();
+replay_locked = true;
 }
 
 void replay_mutex_unlock(void)
 {
+g_assert(replay_mutex_locked());
+replay_locked = false;
 qemu_mutex_unlock();
 }
 
-- 
2.14.3

[Qemu-devel] [PULL 66/69] replay: don't process async events when warping the clock

[Paolo Bonzini]

From: Pavel Dovgalyuk 

Virtual clock is warped from iothread and vcpu thread. When the hardware
events associated with warp checkpoint, then interrupt delivering may be
non-deterministic if checkpoint is processed in different threads in record
and replay.
This patch disables event processing for clock warp checkpoint and leaves
all hardware events to other checkpoints (e.g., virtual clock).

Signed-off-by: Pavel Dovgalyuk 
Message-Id: <20180227095316.1060.4134.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 replay/replay-events.c | 1 +
 replay/replay.c| 7 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/replay/replay-events.c b/replay/replay-events.c
index 54dd9d2606..3d5fc8a479 100644
--- a/replay/replay-events.c
+++ b/replay/replay-events.c
@@ -205,6 +205,7 @@ static void replay_save_event(Event *event, int checkpoint)
 void replay_save_events(int checkpoint)
 {
 g_assert(replay_mutex_locked());
+g_assert(checkpoint != CHECKPOINT_CLOCK_WARP_START);
 while (!QTAILQ_EMPTY(_list)) {
 Event *event = QTAILQ_FIRST(_list);
 replay_save_event(event, checkpoint);
diff --git a/replay/replay.c b/replay/replay.c
index eae8daf18a..8228261401 100644
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -211,7 +211,12 @@ bool replay_checkpoint(ReplayCheckpoint checkpoint)
 } else if (replay_mode == REPLAY_MODE_RECORD) {
 g_assert(replay_mutex_locked());
 replay_put_event(EVENT_CHECKPOINT + checkpoint);
-replay_save_events(checkpoint);
+/* This checkpoint belongs to several threads.
+   Processing events from different threads is
+   non-deterministic */
+if (checkpoint != CHECKPOINT_CLOCK_WARP_START) {
+replay_save_events(checkpoint);
+}
 res = true;
 }
 out:
-- 
2.14.3

[Qemu-devel] [PULL 46/69] MAINTAINERS: Add entries for the VT82C686B Super I/O

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

So far, it is only used by the MIPS Fulong 2E mini PC.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-21-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 9f7b8e79c4..07684a1f2d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -700,6 +700,8 @@ Fulong 2E
 M: Yongbok Kim 
 S: Odd Fixes
 F: hw/mips/mips_fulong2e.c
+F: hw/isa/vt82c686.c
+F: include/hw/isa/vt82c686.h
 
 Boston
 M: Paul Burton 
-- 
2.14.3

[Qemu-devel] [PULL 48/69] hw/isa/superio: Add the SMC FDC37C669 Super I/O

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-23-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS|   1 +
 hw/isa/Makefile.objs   |   2 +-
 hw/isa/smc37c669-superio.c | 115 +
 include/hw/isa/superio.h   |   1 +
 4 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 hw/isa/smc37c669-superio.c

diff --git a/MAINTAINERS b/MAINTAINERS
index b17324107f..216d01efd6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -416,6 +416,7 @@ Alpha Machines
 M: Richard Henderson 
 S: Maintained
 F: hw/alpha/
+F: hw/isa/smc37c669-superio.c
 
 ARM Machines
 
diff --git a/hw/isa/Makefile.objs b/hw/isa/Makefile.objs
index cac655ba58..83e06f6c04 100644
--- a/hw/isa/Makefile.objs
+++ b/hw/isa/Makefile.objs
@@ -1,5 +1,5 @@
 common-obj-$(CONFIG_ISA_BUS) += isa-bus.o
-common-obj-$(CONFIG_ISA_BUS) += isa-superio.o
+common-obj-$(CONFIG_ISA_BUS) += isa-superio.o smc37c669-superio.o
 common-obj-$(CONFIG_APM) += apm.o
 common-obj-$(CONFIG_I82378) += i82378.o
 common-obj-$(CONFIG_PC87312) += pc87312.o
diff --git a/hw/isa/smc37c669-superio.c b/hw/isa/smc37c669-superio.c
new file mode 100644
index 00..aa233c6967
--- /dev/null
+++ b/hw/isa/smc37c669-superio.c
@@ -0,0 +1,115 @@
+/*
+ * SMC FDC37C669 Super I/O controller
+ *
+ * Copyright (c) 2018 Philippe Mathieu-Daudé
+ *
+ * This code is licensed under the GNU GPLv2 and later.
+ * See the COPYING file in the top-level directory.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "hw/isa/superio.h"
+
+/* UARTs (compatible with NS16450 or PC16550) */
+
+static bool is_serial_enabled(ISASuperIODevice *sio, uint8_t index)
+{
+return index < 2;
+}
+
+static uint16_t get_serial_iobase(ISASuperIODevice *sio, uint8_t index)
+{
+return index ? 0x2f8 : 0x3f8;
+}
+
+static unsigned int get_serial_irq(ISASuperIODevice *sio, uint8_t index)
+{
+return index ? 3 : 4;
+}
+
+/* Parallel port */
+
+static bool is_parallel_enabled(ISASuperIODevice *sio, uint8_t index)
+{
+return index < 1;
+}
+
+static uint16_t get_parallel_iobase(ISASuperIODevice *sio, uint8_t index)
+{
+return 0x3bc;
+}
+
+static unsigned int get_parallel_irq(ISASuperIODevice *sio, uint8_t index)
+{
+return 7;
+}
+
+static unsigned int get_parallel_dma(ISASuperIODevice *sio, uint8_t index)
+{
+return 3;
+}
+
+/* Diskette controller (Software compatible with the Intel PC8477) */
+
+static bool is_fdc_enabled(ISASuperIODevice *sio, uint8_t index)
+{
+return index < 1;
+}
+
+static uint16_t get_fdc_iobase(ISASuperIODevice *sio, uint8_t index)
+{
+return 0x3f0;
+}
+
+static unsigned int get_fdc_irq(ISASuperIODevice *sio, uint8_t index)
+{
+return 6;
+}
+
+static unsigned int get_fdc_dma(ISASuperIODevice *sio, uint8_t index)
+{
+return 2;
+}
+
+static void smc37c669_class_init(ObjectClass *klass, void *data)
+{
+ISASuperIOClass *sc = ISA_SUPERIO_CLASS(klass);
+
+sc->parallel = (ISASuperIOFuncs){
+.count = 1,
+.is_enabled = is_parallel_enabled,
+.get_iobase = get_parallel_iobase,
+.get_irq= get_parallel_irq,
+.get_dma= get_parallel_dma,
+};
+sc->serial = (ISASuperIOFuncs){
+.count = 2,
+.is_enabled = is_serial_enabled,
+.get_iobase = get_serial_iobase,
+.get_irq= get_serial_irq,
+};
+sc->floppy = (ISASuperIOFuncs){
+.count = 1,
+.is_enabled = is_fdc_enabled,
+.get_iobase = get_fdc_iobase,
+.get_irq= get_fdc_irq,
+.get_dma= get_fdc_dma,
+};
+sc->ide.count = 0;
+}
+
+static const TypeInfo smc37c669_type_info = {
+.name  = TYPE_SMC37C669_SUPERIO,
+.parent= TYPE_ISA_SUPERIO,
+.instance_size = sizeof(ISASuperIODevice),
+.class_size= sizeof(ISASuperIOClass),
+.class_init= smc37c669_class_init,
+};
+
+static void smc37c669_register_types(void)
+{
+type_register_static(_type_info);
+}
+
+type_init(smc37c669_register_types)
diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index b47aac3cf8..f9ba29aa30 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -55,5 +55,6 @@ typedef struct ISASuperIOClass {
 } ISASuperIOClass;
 
 #define TYPE_FDC37M81X_SUPERIO  "fdc37m81x-superio"
+#define TYPE_SMC37C669_SUPERIO  "smc37c669-superio"
 
 #endif /* HW_ISA_SUPERIO_H */
-- 
2.14.3

[Qemu-devel] [PULL 55/69] replay: fix save/load vm for non-empty queue

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch does not allows saving/loading vmstate when
replay events queue is not empty. There is no reliable
way to save events queue, because it describes internal
coroutine state. Therefore saving and loading operations
should be deferred to another record/replay step.

Signed-off-by: Pavel Dovgalyuk 
Message-Id: <20180227095214.1060.32939.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 include/sysemu/replay.h  |  3 +++
 migration/savevm.c   | 13 +
 replay/replay-snapshot.c |  6 ++
 3 files changed, 22 insertions(+)

diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index c0204e641c..401de12130 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -166,5 +166,8 @@ void replay_audio_in(int *recorded, void *samples, int 
*wpos, int size);
 /*! Called at the start of execution.
 Loads or saves initial vmstate depending on execution mode. */
 void replay_vmstate_init(void);
+/*! Called to ensure that replay state is consistent and VM snapshot
+can be created */
+bool replay_can_snapshot(void);
 
 #endif
diff --git a/migration/savevm.c b/migration/savevm.c
index 358c5b51e2..fbeac658c1 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -54,6 +54,7 @@
 #include "qemu/cutils.h"
 #include "io/channel-buffer.h"
 #include "io/channel-file.h"
+#include "sysemu/replay.h"
 
 #ifndef ETH_P_RARP
 #define ETH_P_RARP 0x8035
@@ -2197,6 +2198,12 @@ int save_snapshot(const char *name, Error **errp)
 struct tm tm;
 AioContext *aio_context;
 
+if (!replay_can_snapshot()) {
+error_report("Record/replay does not allow making snapshot "
+ "right now. Try once more later.");
+return ret;
+}
+
 if (!bdrv_all_can_snapshot()) {
 error_setg(errp, "Device '%s' is writable but does not support "
"snapshots", bdrv_get_device_name(bs));
@@ -2388,6 +2395,12 @@ int load_snapshot(const char *name, Error **errp)
 AioContext *aio_context;
 MigrationIncomingState *mis = migration_incoming_get_current();
 
+if (!replay_can_snapshot()) {
+error_report("Record/replay does not allow loading snapshot "
+ "right now. Try once more later.");
+return -EINVAL;
+}
+
 if (!bdrv_all_can_snapshot()) {
 error_setg(errp,
"Device '%s' is writable but does not support snapshots",
diff --git a/replay/replay-snapshot.c b/replay/replay-snapshot.c
index b2e10769a6..7075986ab5 100644
--- a/replay/replay-snapshot.c
+++ b/replay/replay-snapshot.c
@@ -83,3 +83,9 @@ void replay_vmstate_init(void)
 }
 }
 }
+
+bool replay_can_snapshot(void)
+{
+return replay_mode == REPLAY_MODE_NONE
+|| !replay_has_events();
+}
-- 
2.14.3

[Qemu-devel] [PULL 37/69] hw/isa/superio: Factor out the serial code from pc87312.c

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-12-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/isa/isa-superio.c | 41 +
 hw/isa/pc87312.c | 43 ---
 hw/isa/trace-events  |  2 +-
 include/hw/isa/pc87312.h |  4 
 include/hw/isa/superio.h |  2 ++
 5 files changed, 56 insertions(+), 36 deletions(-)

diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index eb263fcc3a..6962421aad 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -14,6 +14,7 @@
 #include "sysemu/sysemu.h"
 #include "chardev/char.h"
 #include "hw/isa/superio.h"
+#include "hw/char/serial.h"
 #include "trace.h"
 
 static void isa_superio_realize(DeviceState *dev, Error **errp)
@@ -66,6 +67,46 @@ static void isa_superio_realize(DeviceState *dev, Error 
**errp)
 g_free(name);
 }
 }
+
+/* Serial */
+for (i = 0; i < k->serial.count; i++) {
+if (i >= ARRAY_SIZE(sio->serial)) {
+warn_report("superio: ignoring %td serial controllers",
+k->serial.count - ARRAY_SIZE(sio->serial));
+break;
+}
+if (!k->serial.is_enabled || k->serial.is_enabled(sio, i)) {
+/* FIXME use a qdev chardev prop instead of serial_hds[] */
+chr = serial_hds[i];
+if (chr == NULL || chr->be) {
+name = g_strdup_printf("discarding-serial%d", i);
+chr = qemu_chr_new(name, "null");
+} else {
+name = g_strdup_printf("serial%d", i);
+}
+isa = isa_create(bus, TYPE_ISA_SERIAL);
+d = DEVICE(isa);
+qdev_prop_set_uint32(d, "index", i);
+if (k->serial.get_iobase) {
+qdev_prop_set_uint32(d, "iobase",
+ k->serial.get_iobase(sio, i));
+}
+if (k->serial.get_irq) {
+qdev_prop_set_uint32(d, "irq", k->serial.get_irq(sio, i));
+}
+qdev_prop_set_chr(d, "chardev", chr);
+qdev_init_nofail(d);
+sio->serial[i] = isa;
+trace_superio_create_serial(i,
+k->serial.get_iobase ?
+k->serial.get_iobase(sio, i) : -1,
+k->serial.get_irq ?
+k->serial.get_irq(sio, i) : -1);
+object_property_add_child(OBJECT(dev), name,
+  OBJECT(sio->serial[0]), NULL);
+g_free(name);
+}
+}
 }
 
 static void isa_superio_class_init(ObjectClass *oc, void *data)
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index 1c15715c69..c2837bca43 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -29,8 +29,6 @@
 #include "qemu/error-report.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/blockdev.h"
-#include "sysemu/sysemu.h"
-#include "chardev/char.h"
 #include "trace.h"
 
 
@@ -100,8 +98,9 @@ static const uint16_t uart_base[2][4] = {
 { 0x2e8, 0x238, 0x2e0, 0x228 }
 };
 
-static inline uint16_t get_uart_iobase(PC87312State *s, int i)
+static uint16_t get_uart_iobase(ISASuperIODevice *sio, uint8_t i)
 {
+PC87312State *s = PC87312(sio);
 int idx;
 idx = (s->regs[REG_FAR] >> (2 * i + 2)) & 0x3;
 if (idx == 0) {
@@ -113,15 +112,17 @@ static inline uint16_t get_uart_iobase(PC87312State *s, 
int i)
 }
 }
 
-static inline unsigned int get_uart_irq(PC87312State *s, int i)
+static unsigned int get_uart_irq(ISASuperIODevice *sio, uint8_t i)
 {
+PC87312State *s = PC87312(sio);
 int idx;
 idx = (s->regs[REG_FAR] >> (2 * i + 2)) & 0x3;
 return (idx & 1) ? 3 : 4;
 }
 
-static inline bool is_uart_enabled(PC87312State *s, int i)
+static bool is_uart_enabled(ISASuperIODevice *sio, uint8_t i)
 {
+PC87312State *s = PC87312(sio);
 return s->regs[REG_FER] & (FER_UART1_EN << i);
 }
 
@@ -271,11 +272,8 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 DeviceState *d;
 ISADevice *isa;
 ISABus *bus;
-Chardev *chr;
 DriveInfo *drive;
 Error *local_err = NULL;
-char name[5];
-int i;
 
 s = PC87312(dev);
 isa = ISA_DEVICE(dev);
@@ -289,27 +287,6 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 return;
 }
 
-for (i = 0; i < 2; i++) {
-if (is_uart_enabled(s, i)) {
-/* FIXME use a qdev chardev prop instead of serial_hds[] */
-chr = serial_hds[i];
-if (chr == NULL) {
-snprintf(name, sizeof(name), "ser%d", i);
-chr = qemu_chr_new(name, "null");
-}
-isa = isa_create(bus, "isa-serial");
-d = DEVICE(isa);
-qdev_prop_set_uint32(d, "index", i);
-  

[Qemu-devel] [PULL 58/69] replay/replay.c: bump REPLAY_VERSION again

[Paolo Bonzini]

From: Alex Bennée 

This time commit 802f045a5f61b781df55e4492d896b4d20503ba7 broke the
replay file format. Also add a comment about this to
replay-internal.h.

Signed-off-by: Alex Bennée 
Reviewed-off-by: Pavel Dovgalyuk 
Acked-by: Paolo Bonzini 
Message-Id: <20180227095231.1060.91180.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
---
 replay/replay-internal.h | 2 +-
 replay/replay.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index be96d7e879..8e4c701751 100644
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -12,7 +12,7 @@
  *
  */
 
-
+/* Any changes to order/number of events will need to bump REPLAY_VERSION */
 enum ReplayEvents {
 /* for instruction event */
 EVENT_INSTRUCTION,
diff --git a/replay/replay.c b/replay/replay.c
index 7a23c62d61..9cddb6bfc9 100644
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -22,7 +22,7 @@
 
 /* Current version of the replay mechanism.
Increase it when file format changes. */
-#define REPLAY_VERSION  0xe02006
+#define REPLAY_VERSION  0xe02007
 /* Size of replay log header */
 #define HEADER_SIZE (sizeof(uint32_t) + sizeof(uint64_t))
 
-- 
2.14.3

[Qemu-devel] [PULL 44/69] hw/isa/vt82c686: Rename vt82c686b_init() -> vt82c686b_isa_init()

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

This function only initialize the ISA bus.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-19-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/isa/vt82c686.c | 2 +-
 hw/mips/mips_fulong2e.c   | 2 +-
 include/hw/isa/vt82c686.h | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
index 070cc1889f..7eaf3c7e8f 100644
--- a/hw/isa/vt82c686.c
+++ b/hw/isa/vt82c686.c
@@ -478,7 +478,7 @@ static void vt82c686b_realize(PCIDevice *d, Error **errp)
 qemu_register_reset(vt82c686b_reset, d);
 }
 
-ISABus *vt82c686b_init(PCIBus *bus, int devfn)
+ISABus *vt82c686b_isa_init(PCIBus *bus, int devfn)
 {
 PCIDevice *d;
 
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 2697d772eb..b14dab8781 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -236,7 +236,7 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, int 
slot, qemu_irq intc,
 ISABus *isa_bus;
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 
-isa_bus = vt82c686b_init(pci_bus, PCI_DEVFN(slot, 0));
+isa_bus = vt82c686b_isa_init(pci_bus, PCI_DEVFN(slot, 0));
 if (!isa_bus) {
 fprintf(stderr, "vt82c686b_init error\n");
 exit(1);
diff --git a/include/hw/isa/vt82c686.h b/include/hw/isa/vt82c686.h
index 471b5e9e53..db97c8ed7a 100644
--- a/include/hw/isa/vt82c686.h
+++ b/include/hw/isa/vt82c686.h
@@ -2,7 +2,7 @@
 #define HW_VT82C686_H
 
 /* vt82c686.c */
-ISABus *vt82c686b_init(PCIBus * bus, int devfn);
+ISABus *vt82c686b_isa_init(PCIBus * bus, int devfn);
 void vt82c686b_ac97_init(PCIBus *bus, int devfn);
 void vt82c686b_mc97_init(PCIBus *bus, int devfn);
 I2CBus *vt82c686b_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
-- 
2.14.3

[Qemu-devel] [PULL 49/69] hw/alpha/dp264: Add the ISA DMA controller

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-24-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 default-configs/alpha-softmmu.mak | 2 ++
 hw/alpha/dp264.c  | 4 
 2 files changed, 6 insertions(+)

diff --git a/default-configs/alpha-softmmu.mak 
b/default-configs/alpha-softmmu.mak
index e0d75e3058..3740adc5e9 100644
--- a/default-configs/alpha-softmmu.mak
+++ b/default-configs/alpha-softmmu.mak
@@ -4,7 +4,9 @@ include pci.mak
 include usb.mak
 CONFIG_SERIAL=y
 CONFIG_SERIAL_ISA=y
+CONFIG_I82374=y
 CONFIG_I8254=y
+CONFIG_I8257=y
 CONFIG_PCKBD=y
 CONFIG_VGA_CIRRUS=y
 CONFIG_IDE_CORE=y
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index e13cb576fd..ffad678ea7 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -21,6 +21,7 @@
 #include "hw/timer/i8254.h"
 #include "hw/input/i8042.h"
 #include "hw/char/serial.h"
+#include "hw/dma/i8257.h"
 #include "qemu/cutils.h"
 
 #define MAX_IDE_BUS 2
@@ -95,6 +96,9 @@ static void clipper_init(MachineState *machine)
 pci_nic_init_nofail(_table[i], pci_bus, "e1000", NULL);
 }
 
+/* 2 82C37 (dma) */
+isa_create_simple(isa_bus, "i82374");
+
 /* IDE disk setup.  */
 {
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
-- 
2.14.3

[Qemu-devel] [PULL 54/69] replay: fixed replay_enable_events

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch fixes assignment to internal events_enabled variable.
Now it is set only in record/replay mode. This affects the behavior
of the external functions that check this flag.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Paolo Bonzini 
Message-Id: <20180227095209.1060.45884.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 replay/replay-events.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/replay/replay-events.c b/replay/replay-events.c
index 768b505f3d..e858254074 100644
--- a/replay/replay-events.c
+++ b/replay/replay-events.c
@@ -67,7 +67,9 @@ static void replay_run_event(Event *event)
 
 void replay_enable_events(void)
 {
-events_enabled = true;
+if (replay_mode != REPLAY_MODE_NONE) {
+events_enabled = true;
+}
 }
 
 bool replay_has_events(void)
@@ -141,7 +143,7 @@ void replay_add_event(ReplayAsyncEventKind event_kind,
 
 void replay_bh_schedule_event(QEMUBH *bh)
 {
-if (replay_mode != REPLAY_MODE_NONE && events_enabled) {
+if (events_enabled) {
 uint64_t id = replay_get_current_step();
 replay_add_event(REPLAY_ASYNC_EVENT_BH, bh, NULL, id);
 } else {
@@ -161,7 +163,7 @@ void replay_add_input_sync_event(void)
 
 void replay_block_event(QEMUBH *bh, uint64_t id)
 {
-if (replay_mode != REPLAY_MODE_NONE && events_enabled) {
+if (events_enabled) {
 replay_add_event(REPLAY_ASYNC_EVENT_BLOCK, bh, NULL, id);
 } else {
 qemu_bh_schedule(bh);
-- 
2.14.3

[Qemu-devel] [PULL 40/69] hw/isa/superio: Factor out the IDE code from pc87312.c

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-15-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/isa/isa-superio.c | 22 ++
 hw/isa/pc87312.c | 36 
 hw/isa/trace-events  |  2 +-
 include/hw/isa/superio.h |  2 ++
 4 files changed, 45 insertions(+), 17 deletions(-)

diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index 041b47bdbf..f98711beff 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -146,6 +146,28 @@ static void isa_superio_realize(DeviceState *dev, Error 
**errp)
 
 /* Keyboard, mouse */
 sio->kbc = isa_create_simple(bus, TYPE_I8042);
+
+/* IDE */
+if (k->ide.count && (!k->ide.is_enabled || k->ide.is_enabled(sio, 0))) {
+isa = isa_create(bus, "isa-ide");
+d = DEVICE(isa);
+if (k->ide.get_iobase) {
+qdev_prop_set_uint32(d, "iobase", k->ide.get_iobase(sio, 0));
+}
+if (k->ide.get_iobase) {
+qdev_prop_set_uint32(d, "iobase2", k->ide.get_iobase(sio, 1));
+}
+if (k->ide.get_irq) {
+qdev_prop_set_uint32(d, "irq", k->ide.get_irq(sio, 0));
+}
+qdev_init_nofail(d);
+sio->ide = isa;
+trace_superio_create_ide(0,
+ k->ide.get_iobase ?
+ k->ide.get_iobase(sio, 0) : -1,
+ k->ide.get_irq ?
+ k->ide.get_irq(sio, 0) : -1);
+}
 }
 
 static void isa_superio_class_init(ObjectClass *oc, void *data)
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index a1845a91c3..5cf64505fe 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -150,16 +150,28 @@ static unsigned int get_fdc_irq(ISASuperIODevice *sio, 
uint8_t index)
 
 /* IDE controller */
 
-static inline bool is_ide_enabled(PC87312State *s)
+static bool is_ide_enabled(ISASuperIODevice *sio, uint8_t index)
 {
+PC87312State *s = PC87312(sio);
+
 return s->regs[REG_FER] & FER_IDE_EN;
 }
 
-static inline uint16_t get_ide_iobase(PC87312State *s)
+static uint16_t get_ide_iobase(ISASuperIODevice *sio, uint8_t index)
 {
+PC87312State *s = PC87312(sio);
+
+if (index == 1) {
+return get_ide_iobase(sio, 0) + 0x206;
+}
 return (s->regs[REG_FER] & FER_IDE_ADDR) ? 0x170 : 0x1f0;
 }
 
+static unsigned int get_ide_irq(ISASuperIODevice *sio, uint8_t index)
+{
+assert(index == 0);
+return 14;
+}
 
 static void reconfigure_devices(PC87312State *s)
 {
@@ -277,14 +289,11 @@ static void pc87312_reset(DeviceState *d)
 static void pc87312_realize(DeviceState *dev, Error **errp)
 {
 PC87312State *s;
-DeviceState *d;
 ISADevice *isa;
-ISABus *bus;
 Error *local_err = NULL;
 
 s = PC87312(dev);
 isa = ISA_DEVICE(dev);
-bus = isa_bus_from_device(isa);
 isa_register_ioport(isa, >io, s->iobase);
 pc87312_hard_reset(s);
 
@@ -293,17 +302,6 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 error_propagate(errp, local_err);
 return;
 }
-
-if (is_ide_enabled(s)) {
-isa = isa_create(bus, "isa-ide");
-d = DEVICE(isa);
-qdev_prop_set_uint32(d, "iobase", get_ide_iobase(s));
-qdev_prop_set_uint32(d, "iobase2", get_ide_iobase(s) + 0x206);
-qdev_prop_set_uint32(d, "irq", 14);
-qdev_init_nofail(d);
-s->ide.dev = isa;
-trace_pc87312_info_ide(get_ide_iobase(s));
-}
 }
 
 static void pc87312_initfn(Object *obj)
@@ -361,6 +359,12 @@ static void pc87312_class_init(ObjectClass *klass, void 
*data)
 .get_iobase = get_fdc_iobase,
 .get_irq= get_fdc_irq,
 };
+sc->ide = (ISASuperIOFuncs){
+.count = 1,
+.is_enabled = is_ide_enabled,
+.get_iobase = get_ide_iobase,
+.get_irq= get_ide_irq,
+};
 }
 
 static const TypeInfo pc87312_type_info = {
diff --git a/hw/isa/trace-events b/hw/isa/trace-events
index 8d9900882f..80ac6175d6 100644
--- a/hw/isa/trace-events
+++ b/hw/isa/trace-events
@@ -4,8 +4,8 @@
 superio_create_parallel(int id, uint16_t base, unsigned int irq) "id=%d, base 
0x%03x, irq %u"
 superio_create_serial(int id, uint16_t base, unsigned int irq) "id=%d, base 
0x%03x, irq %u"
 superio_create_floppy(int id, uint16_t base, unsigned int irq) "id=%d, base 
0x%03x, irq %u"
+superio_create_ide(int id, uint16_t base, unsigned int irq) "id=%d, base 
0x%03x, irq %u"
 
 # hw/isa/pc87312.c
 pc87312_io_read(uint32_t addr, uint32_t val) "read addr=0x%x val=0x%x"
 pc87312_io_write(uint32_t addr, uint32_t val) "write addr=0x%x val=0x%x"
-pc87312_info_ide(uint32_t base) "base 0x%x"
diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index 2fc33bf3d3..3dd5448f8c 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -31,6 +31,7 @@ typedef struct ISASuperIODevice {
 

[Qemu-devel] [PULL 45/69] hw/isa/vt82c686: Add the TYPE_VT82C686B_SUPERIO

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-20-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/isa/vt82c686.c | 20 
 hw/mips/mips_fulong2e.c   | 15 +++
 include/hw/isa/vt82c686.h |  2 ++
 3 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
index 7eaf3c7e8f..cff1946232 100644
--- a/hw/isa/vt82c686.c
+++ b/hw/isa/vt82c686.c
@@ -17,6 +17,7 @@
 #include "hw/i2c/smbus.h"
 #include "hw/pci/pci.h"
 #include "hw/isa/isa.h"
+#include "hw/isa/superio.h"
 #include "hw/sysbus.h"
 #include "hw/mips/mips.h"
 #include "hw/isa/apm.h"
@@ -519,11 +520,30 @@ static const TypeInfo via_info = {
 },
 };
 
+static void vt82c686b_superio_class_init(ObjectClass *klass, void *data)
+{
+ISASuperIOClass *sc = ISA_SUPERIO_CLASS(klass);
+
+sc->serial.count = 2;
+sc->parallel.count = 1;
+sc->ide.count = 0;
+sc->floppy.count = 1;
+}
+
+static const TypeInfo via_superio_info = {
+.name  = TYPE_VT82C686B_SUPERIO,
+.parent= TYPE_ISA_SUPERIO,
+.instance_size = sizeof(ISASuperIODevice),
+.class_size= sizeof(ISASuperIOClass),
+.class_init= vt82c686b_superio_class_init,
+};
+
 static void vt82c686b_register_types(void)
 {
 type_register_static(_ac97_info);
 type_register_static(_mc97_info);
 type_register_static(_pm_info);
+type_register_static(_superio_info);
 type_register_static(_info);
 }
 
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index b14dab8781..02fb2fdcc4 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -23,9 +23,7 @@
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
 #include "hw/dma/i8257.h"
-#include "hw/char/serial.h"
-#include "hw/char/parallel.h"
-#include "hw/block/fdc.h"
+#include "hw/isa/superio.h"
 #include "net/net.h"
 #include "hw/boards.h"
 #include "hw/i2c/smbus.h"
@@ -33,7 +31,6 @@
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
 #include "hw/pci/pci.h"
-#include "sysemu/sysemu.h"
 #include "audio/audio.h"
 #include "qemu/log.h"
 #include "hw/loader.h"
@@ -43,8 +40,6 @@
 #include "hw/isa/vt82c686.h"
 #include "hw/timer/mc146818rtc.h"
 #include "hw/timer/i8254.h"
-#include "hw/input/i8042.h"
-#include "sysemu/blockdev.h"
 #include "exec/address-spaces.h"
 #include "sysemu/qtest.h"
 #include "qemu/error-report.h"
@@ -249,6 +244,8 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, int 
slot, qemu_irq intc,
 /* init other devices */
 i8254_pit_init(isa_bus, 0x40, 0, NULL);
 i8257_dma_init(isa_bus, 0);
+/* Super I/O */
+isa_create_simple(isa_bus, TYPE_VT82C686B_SUPERIO);
 
 ide_drive_get(hd, ARRAY_SIZE(hd));
 vt82c686b_ide_init(pci_bus, hd, PCI_DEVFN(slot, 1));
@@ -261,12 +258,6 @@ static void vt82c686b_southbridge_init(PCIBus *pci_bus, 
int slot, qemu_irq intc,
 /* Audio support */
 vt82c686b_ac97_init(pci_bus, PCI_DEVFN(slot, 5));
 vt82c686b_mc97_init(pci_bus, PCI_DEVFN(slot, 6));
-
-/* Super I/O */
-isa_create_simple(isa_bus, TYPE_I8042);
-
-serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
-parallel_hds_isa_init(isa_bus, 1);
 }
 
 /* Network support */
diff --git a/include/hw/isa/vt82c686.h b/include/hw/isa/vt82c686.h
index db97c8ed7a..c3c2b6e786 100644
--- a/include/hw/isa/vt82c686.h
+++ b/include/hw/isa/vt82c686.h
@@ -1,6 +1,8 @@
 #ifndef HW_VT82C686_H
 #define HW_VT82C686_H
 
+#define TYPE_VT82C686B_SUPERIO "vt82c686b-superio"
+
 /* vt82c686.c */
 ISABus *vt82c686b_isa_init(PCIBus * bus, int devfn);
 void vt82c686b_ac97_init(PCIBus *bus, int devfn);
-- 
2.14.3

[Qemu-devel] [PULL 38/69] hw/isa/superio: Factor out the floppy disc controller code from pc87312.c

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-13-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/isa/isa-superio.c | 36 
 hw/isa/pc87312.c | 46 +++---
 hw/isa/trace-events  |  2 +-
 include/hw/isa/pc87312.h |  4 
 include/hw/isa/superio.h |  2 ++
 5 files changed, 58 insertions(+), 32 deletions(-)

diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index 6962421aad..4b5e280b38 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -11,7 +11,10 @@
  */
 #include "qemu/osdep.h"
 #include "qemu/error-report.h"
+#include "qapi/error.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/block-backend.h"
+#include "sysemu/blockdev.h"
 #include "chardev/char.h"
 #include "hw/isa/superio.h"
 #include "hw/char/serial.h"
@@ -25,6 +28,7 @@ static void isa_superio_realize(DeviceState *dev, Error 
**errp)
 ISADevice *isa;
 DeviceState *d;
 Chardev *chr;
+DriveInfo *drive;
 char *name;
 int i;
 
@@ -107,6 +111,38 @@ static void isa_superio_realize(DeviceState *dev, Error 
**errp)
 g_free(name);
 }
 }
+
+/* Floppy disc */
+if (!k->floppy.is_enabled || k->floppy.is_enabled(sio, 0)) {
+isa = isa_create(bus, "isa-fdc");
+d = DEVICE(isa);
+if (k->floppy.get_iobase) {
+qdev_prop_set_uint32(d, "iobase", k->floppy.get_iobase(sio, 0));
+}
+if (k->floppy.get_irq) {
+qdev_prop_set_uint32(d, "irq", k->floppy.get_irq(sio, 0));
+}
+/* FIXME use a qdev drive property instead of drive_get() */
+drive = drive_get(IF_FLOPPY, 0, 0);
+if (drive != NULL) {
+qdev_prop_set_drive(d, "driveA", blk_by_legacy_dinfo(drive),
+_fatal);
+}
+/* FIXME use a qdev drive property instead of drive_get() */
+drive = drive_get(IF_FLOPPY, 0, 1);
+if (drive != NULL) {
+qdev_prop_set_drive(d, "driveB", blk_by_legacy_dinfo(drive),
+_fatal);
+}
+qdev_init_nofail(d);
+sio->floppy = isa;
+trace_superio_create_floppy(0,
+k->floppy.get_iobase ?
+k->floppy.get_iobase(sio, 0) : -1,
+k->floppy.get_irq ?
+k->floppy.get_irq(sio, 0) : -1);
+}
+
 }
 
 static void isa_superio_class_init(ObjectClass *oc, void *data)
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index c2837bca43..a1845a91c3 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -27,8 +27,6 @@
 #include "hw/isa/pc87312.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
-#include "sysemu/block-backend.h"
-#include "sysemu/blockdev.h"
 #include "trace.h"
 
 
@@ -129,16 +127,26 @@ static bool is_uart_enabled(ISASuperIODevice *sio, 
uint8_t i)
 
 /* Floppy controller */
 
-static inline bool is_fdc_enabled(PC87312State *s)
+static bool is_fdc_enabled(ISASuperIODevice *sio, uint8_t index)
 {
+PC87312State *s = PC87312(sio);
+assert(!index);
 return s->regs[REG_FER] & FER_FDC_EN;
 }
 
-static inline uint16_t get_fdc_iobase(PC87312State *s)
+static uint16_t get_fdc_iobase(ISASuperIODevice *sio, uint8_t index)
 {
+PC87312State *s = PC87312(sio);
+assert(!index);
 return (s->regs[REG_FER] & FER_FDC_ADDR) ? 0x370 : 0x3f0;
 }
 
+static unsigned int get_fdc_irq(ISASuperIODevice *sio, uint8_t index)
+{
+assert(!index);
+return 6;
+}
+
 
 /* IDE controller */
 
@@ -272,7 +280,6 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 DeviceState *d;
 ISADevice *isa;
 ISABus *bus;
-DriveInfo *drive;
 Error *local_err = NULL;
 
 s = PC87312(dev);
@@ -287,28 +294,6 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 return;
 }
 
-if (is_fdc_enabled(s)) {
-isa = isa_create(bus, "isa-fdc");
-d = DEVICE(isa);
-qdev_prop_set_uint32(d, "iobase", get_fdc_iobase(s));
-qdev_prop_set_uint32(d, "irq", 6);
-/* FIXME use a qdev drive property instead of drive_get() */
-drive = drive_get(IF_FLOPPY, 0, 0);
-if (drive != NULL) {
-qdev_prop_set_drive(d, "driveA", blk_by_legacy_dinfo(drive),
-_fatal);
-}
-/* FIXME use a qdev drive property instead of drive_get() */
-drive = drive_get(IF_FLOPPY, 0, 1);
-if (drive != NULL) {
-qdev_prop_set_drive(d, "driveB", blk_by_legacy_dinfo(drive),
-_fatal);
-}
-qdev_init_nofail(d);
-s->fdc.dev = isa;
-trace_pc87312_info_floppy(get_fdc_iobase(s));
-}
-
 if (is_ide_enabled(s)) {
 isa = isa_create(bus, "isa-ide");
 

[Qemu-devel] [PULL 53/69] replay: fix processing async events

[Paolo Bonzini]

From: Pavel Dovgalyuk 

Asynchronous events saved at checkpoints may invoke
callbacks when processed. These callbacks may also generate/read
new events (e.g. clock reads). Therefore event processing flag must be
reset before callback invocation.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Paolo Bonzini 
Message-Id: <20180227095203.1060.70831.stgit@pasha-VirtualBox>
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 replay/replay-events.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/replay/replay-events.c b/replay/replay-events.c
index 94a6dcccfc..768b505f3d 100644
--- a/replay/replay-events.c
+++ b/replay/replay-events.c
@@ -295,13 +295,13 @@ void replay_read_events(int checkpoint)
 if (!event) {
 break;
 }
+replay_finish_event();
+read_event_kind = -1;
 replay_mutex_unlock();
 replay_run_event(event);
 replay_mutex_lock();
 
 g_free(event);
-replay_finish_event();
-read_event_kind = -1;
 }
 }
 
-- 
2.14.3

[Qemu-devel] [PULL 41/69] hw/mips/malta: Code movement

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Move the SouthBridge peripherals first, and keep the Super I/O
peripherals last.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-16-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/mips/mips_malta.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index cd7bd0eef6..9e0724ca5a 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1062,10 +1062,6 @@ void mips_malta_init(MachineState *machine)
 memory_region_add_subregion(system_memory, 512 << 20, ram_low_postio);
 }
 
-/* generate SPD EEPROM data */
-generate_eeprom_spd(_eeprom_buf[0 * 256], ram_size);
-generate_eeprom_serial(_eeprom_buf[6 * 256]);
-
 #ifdef TARGET_WORDS_BIGENDIAN
 be = 1;
 #else
@@ -1208,15 +1204,19 @@ void mips_malta_init(MachineState *machine)
 pci_create_simple(pci_bus, piix4_devfn + 2, "piix4-usb-uhci");
 smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100,
   isa_get_irq(NULL, 9), NULL, 0, NULL);
-smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
-g_free(smbus_eeprom_buf);
 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
 i8257_dma_init(isa_bus, 0);
+mc146818_rtc_init(isa_bus, 2000, NULL);
+
+/* generate SPD EEPROM data */
+generate_eeprom_spd(_eeprom_buf[0 * 256], ram_size);
+generate_eeprom_serial(_eeprom_buf[6 * 256]);
+smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
+g_free(smbus_eeprom_buf);
 
 /* Super I/O */
 isa_create_simple(isa_bus, TYPE_I8042);
 
-mc146818_rtc_init(isa_bus, 2000, NULL);
 serial_hds_isa_init(isa_bus, 0, 2);
 parallel_hds_isa_init(isa_bus, 1);
 
-- 
2.14.3

[Qemu-devel] [PULL 35/69] hw/isa/pc87312: Inherit from the abstract TYPE_ISA_SUPERIO

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-10-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/isa/pc87312.c | 11 ++-
 include/hw/isa/pc87312.h |  6 --
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index fda91fed21..6b8100ff56 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -270,6 +270,7 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 ISABus *bus;
 Chardev *chr;
 DriveInfo *drive;
+Error *local_err = NULL;
 char name[5];
 int i;
 
@@ -279,6 +280,12 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 isa_register_ioport(isa, >io, s->iobase);
 pc87312_hard_reset(s);
 
+ISA_SUPERIO_GET_CLASS(dev)->parent_realize(dev, _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
 if (is_parallel_enabled(s)) {
 /* FIXME use a qdev chardev prop instead of parallel_hds[] */
 chr = parallel_hds[0];
@@ -381,7 +388,9 @@ static Property pc87312_properties[] = {
 static void pc87312_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
+ISASuperIOClass *sc = ISA_SUPERIO_CLASS(klass);
 
+sc->parent_realize = dc->realize;
 dc->realize = pc87312_realize;
 dc->reset = pc87312_reset;
 dc->vmsd = _pc87312;
@@ -392,7 +401,7 @@ static void pc87312_class_init(ObjectClass *klass, void 
*data)
 
 static const TypeInfo pc87312_type_info = {
 .name  = TYPE_PC87312_SUPERIO,
-.parent= TYPE_ISA_DEVICE,
+.parent= TYPE_ISA_SUPERIO,
 .instance_size = sizeof(PC87312State),
 .instance_init = pc87312_initfn,
 .class_init= pc87312_class_init,
diff --git a/include/hw/isa/pc87312.h b/include/hw/isa/pc87312.h
index b65b219a8a..f3761d6fe1 100644
--- a/include/hw/isa/pc87312.h
+++ b/include/hw/isa/pc87312.h
@@ -25,14 +25,16 @@
 #ifndef QEMU_PC87312_H
 #define QEMU_PC87312_H
 
-#include "hw/isa/isa.h"
+#include "hw/isa/superio.h"
 
 
 #define TYPE_PC87312_SUPERIO "pc87312"
 #define PC87312(obj) OBJECT_CHECK(PC87312State, (obj), TYPE_PC87312_SUPERIO)
 
 typedef struct PC87312State {
-ISADevice dev;
+/*< private >*/
+ISASuperIODevice parent_dev;
+/*< public >*/
 
 uint16_t iobase;
 uint8_t config; /* initial configuration */
-- 
2.14.3

[Qemu-devel] [PULL 39/69] hw/isa/superio: Add a keyboard/mouse controller (8042)

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Since the PC87312 inherits this abstract model, we remove the I8042
instance in the PREP machine.

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: David Gibson 
Message-Id: <20180308223946.26784-14-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/isa/isa-superio.c | 3 +++
 hw/ppc/prep.c| 1 -
 include/hw/isa/superio.h | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index 4b5e280b38..041b47bdbf 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -17,6 +17,7 @@
 #include "sysemu/blockdev.h"
 #include "chardev/char.h"
 #include "hw/isa/superio.h"
+#include "hw/input/i8042.h"
 #include "hw/char/serial.h"
 #include "trace.h"
 
@@ -143,6 +144,8 @@ static void isa_superio_realize(DeviceState *dev, Error 
**errp)
 k->floppy.get_irq(sio, 0) : -1);
 }
 
+/* Keyboard, mouse */
+sio->kbc = isa_create_simple(bus, TYPE_I8042);
 }
 
 static void isa_superio_class_init(ObjectClass *oc, void *data)
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index df774bd384..5c78503069 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -641,7 +641,6 @@ static void ppc_prep_init(MachineState *machine)
  hd[2 * i],
 hd[2 * i + 1]);
 }
-isa_create_simple(isa_bus, TYPE_I8042);
 
 cpu = POWERPC_CPU(first_cpu);
 sysctrl->reset_irq = cpu->env.irq_inputs[PPC6xx_INPUT_HRESET];
diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index e8007b9eee..2fc33bf3d3 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -30,6 +30,7 @@ typedef struct ISASuperIODevice {
 ISADevice *parallel[MAX_PARALLEL_PORTS];
 ISADevice *serial[MAX_SERIAL_PORTS];
 ISADevice *floppy;
+ISADevice *kbc;
 } ISASuperIODevice;
 
 typedef struct ISASuperIOFuncs {
-- 
2.14.3

[Qemu-devel] [PULL 51/69] hw/i386/pc: Factor out the superio code

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-26-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/i386/pc.c | 72 ++--
 1 file changed, 41 insertions(+), 31 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 853a01d791..d36bac8c89 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1517,6 +1517,44 @@ static const MemoryRegionOps ioportF0_io_ops = {
 },
 };
 
+static void pc_superio_init(ISABus *isa_bus, bool create_fdctrl, bool 
no_vmport)
+{
+int i;
+DriveInfo *fd[MAX_FD];
+qemu_irq *a20_line;
+ISADevice *i8042, *port92, *vmmouse;
+
+serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
+parallel_hds_isa_init(isa_bus, MAX_PARALLEL_PORTS);
+
+for (i = 0; i < MAX_FD; i++) {
+fd[i] = drive_get(IF_FLOPPY, 0, i);
+create_fdctrl |= !!fd[i];
+}
+if (create_fdctrl) {
+fdctrl_init_isa(isa_bus, fd);
+}
+
+i8042 = isa_create_simple(isa_bus, "i8042");
+if (!no_vmport) {
+vmport_init(isa_bus);
+vmmouse = isa_try_create(isa_bus, "vmmouse");
+} else {
+vmmouse = NULL;
+}
+if (vmmouse) {
+DeviceState *dev = DEVICE(vmmouse);
+qdev_prop_set_ptr(dev, "ps2_mouse", i8042);
+qdev_init_nofail(dev);
+}
+port92 = isa_create_simple(isa_bus, "port92");
+
+a20_line = qemu_allocate_irqs(handle_a20_line_change, first_cpu, 2);
+i8042_setup_a20_line(i8042, a20_line[0]);
+port92_init(port92, a20_line[1]);
+g_free(a20_line);
+}
+
 void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
   ISADevice **rtc_state,
   bool create_fdctrl,
@@ -1525,13 +1563,11 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq 
*gsi,
   uint32_t hpet_irqs)
 {
 int i;
-DriveInfo *fd[MAX_FD];
 DeviceState *hpet = NULL;
 int pit_isa_irq = 0;
 qemu_irq pit_alt_irq = NULL;
 qemu_irq rtc_irq = NULL;
-qemu_irq *a20_line;
-ISADevice *i8042, *port92, *vmmouse, *pit = NULL;
+ISADevice *pit = NULL;
 MemoryRegion *ioport80_io = g_new(MemoryRegion, 1);
 MemoryRegion *ioportF0_io = g_new(MemoryRegion, 1);
 
@@ -1588,36 +1624,10 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq 
*gsi,
 pcspk_init(isa_bus, pit);
 }
 
-serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
-parallel_hds_isa_init(isa_bus, MAX_PARALLEL_PORTS);
-
-a20_line = qemu_allocate_irqs(handle_a20_line_change, first_cpu, 2);
-i8042 = isa_create_simple(isa_bus, "i8042");
-i8042_setup_a20_line(i8042, a20_line[0]);
-if (!no_vmport) {
-vmport_init(isa_bus);
-vmmouse = isa_try_create(isa_bus, "vmmouse");
-} else {
-vmmouse = NULL;
-}
-if (vmmouse) {
-DeviceState *dev = DEVICE(vmmouse);
-qdev_prop_set_ptr(dev, "ps2_mouse", i8042);
-qdev_init_nofail(dev);
-}
-port92 = isa_create_simple(isa_bus, "port92");
-port92_init(port92, a20_line[1]);
-g_free(a20_line);
-
 i8257_dma_init(isa_bus, 0);
 
-for(i = 0; i < MAX_FD; i++) {
-fd[i] = drive_get(IF_FLOPPY, 0, i);
-create_fdctrl |= !!fd[i];
-}
-if (create_fdctrl) {
-fdctrl_init_isa(isa_bus, fd);
-}
+/* Super I/O */
+pc_superio_init(isa_bus, create_fdctrl, no_vmport);
 }
 
 void pc_nic_init(PCMachineClass *pcmc, ISABus *isa_bus, PCIBus *pci_bus)
-- 
2.14.3

[Qemu-devel] [PULL 32/69] hw/isa/pc87312: Use uint16_t for the ISA I/O base address

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

This matches the isa_register_ioport() prototype.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-7-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/isa/pc87312.c | 14 +++---
 include/hw/isa/pc87312.h |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index e9edbc6c50..105c23e680 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -69,9 +69,9 @@ static inline bool is_parallel_enabled(PC87312State *s)
 return s->regs[REG_FER] & FER_PARALLEL_EN;
 }
 
-static const uint32_t parallel_base[] = { 0x378, 0x3bc, 0x278, 0x00 };
+static const uint16_t parallel_base[] = { 0x378, 0x3bc, 0x278, 0x00 };
 
-static inline uint32_t get_parallel_iobase(PC87312State *s)
+static inline uint16_t get_parallel_iobase(PC87312State *s)
 {
 return parallel_base[s->regs[REG_FAR] & FAR_PARALLEL_ADDR];
 }
@@ -92,12 +92,12 @@ static inline uint32_t get_parallel_irq(PC87312State *s)
 
 /* UARTs */
 
-static const uint32_t uart_base[2][4] = {
+static const uint16_t uart_base[2][4] = {
 { 0x3e8, 0x338, 0x2e8, 0x220 },
 { 0x2e8, 0x238, 0x2e0, 0x228 }
 };
 
-static inline uint32_t get_uart_iobase(PC87312State *s, int i)
+static inline uint16_t get_uart_iobase(PC87312State *s, int i)
 {
 int idx;
 idx = (s->regs[REG_FAR] >> (2 * i + 2)) & 0x3;
@@ -130,7 +130,7 @@ static inline bool is_fdc_enabled(PC87312State *s)
 return s->regs[REG_FER] & FER_FDC_EN;
 }
 
-static inline uint32_t get_fdc_iobase(PC87312State *s)
+static inline uint16_t get_fdc_iobase(PC87312State *s)
 {
 return (s->regs[REG_FER] & FER_FDC_ADDR) ? 0x370 : 0x3f0;
 }
@@ -143,7 +143,7 @@ static inline bool is_ide_enabled(PC87312State *s)
 return s->regs[REG_FER] & FER_IDE_EN;
 }
 
-static inline uint32_t get_ide_iobase(PC87312State *s)
+static inline uint16_t get_ide_iobase(PC87312State *s)
 {
 return (s->regs[REG_FER] & FER_IDE_ADDR) ? 0x170 : 0x1f0;
 }
@@ -373,7 +373,7 @@ static const VMStateDescription vmstate_pc87312 = {
 };
 
 static Property pc87312_properties[] = {
-DEFINE_PROP_UINT32("iobase", PC87312State, iobase, 0x398),
+DEFINE_PROP_UINT16("iobase", PC87312State, iobase, 0x398),
 DEFINE_PROP_UINT8("config", PC87312State, config, 1),
 DEFINE_PROP_END_OF_LIST()
 };
diff --git a/include/hw/isa/pc87312.h b/include/hw/isa/pc87312.h
index 710eb1c807..b65b219a8a 100644
--- a/include/hw/isa/pc87312.h
+++ b/include/hw/isa/pc87312.h
@@ -34,7 +34,7 @@
 typedef struct PC87312State {
 ISADevice dev;
 
-uint32_t iobase;
+uint16_t iobase;
 uint8_t config; /* initial configuration */
 
 struct {
-- 
2.14.3

[Qemu-devel] [PULL 33/69] hw/isa/pc87312: Use 'unsigned int' for the irq value

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-8-f4...@amsat.org>
Reviewed-by: Mark Cave-Ayland 
Signed-off-by: Paolo Bonzini 
---
 hw/isa/pc87312.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index 105c23e680..fda91fed21 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -76,9 +76,9 @@ static inline uint16_t get_parallel_iobase(PC87312State *s)
 return parallel_base[s->regs[REG_FAR] & FAR_PARALLEL_ADDR];
 }
 
-static const uint32_t parallel_irq[] = { 5, 7, 5, 0 };
+static const unsigned int parallel_irq[] = { 5, 7, 5, 0 };
 
-static inline uint32_t get_parallel_irq(PC87312State *s)
+static inline unsigned int get_parallel_irq(PC87312State *s)
 {
 int idx;
 idx = (s->regs[REG_FAR] & FAR_PARALLEL_ADDR);
@@ -110,7 +110,7 @@ static inline uint16_t get_uart_iobase(PC87312State *s, int 
i)
 }
 }
 
-static inline uint32_t get_uart_irq(PC87312State *s, int i)
+static inline unsigned int get_uart_irq(PC87312State *s, int i)
 {
 int idx;
 idx = (s->regs[REG_FAR] >> (2 * i + 2)) & 0x3;
-- 
2.14.3

[Qemu-devel] [PULL 43/69] hw/mips/mips_fulong2e: Factor out vt82c686b_southbridge_init()

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-18-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/mips/mips_fulong2e.c | 83 -
 1 file changed, 41 insertions(+), 42 deletions(-)

diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index a15d3b60cc..2697d772eb 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -77,8 +77,6 @@
 #define FULONG2E_ATI_SLOT6
 #define FULONG2E_RTL8139_SLOT7
 
-static ISADevice *pit;
-
 static struct _loaderparams {
 int ram_size;
 const char *kernel_filename;
@@ -231,11 +229,44 @@ static const uint8_t eeprom_spd[0x80] = {
 0x20,0x30,0x20
 };
 
-/* Audio support */
-static void audio_init (PCIBus *pci_bus)
+static void vt82c686b_southbridge_init(PCIBus *pci_bus, int slot, qemu_irq 
intc,
+   I2CBus **i2c_bus, ISABus **p_isa_bus)
 {
-vt82c686b_ac97_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 5));
-vt82c686b_mc97_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 6));
+qemu_irq *i8259;
+ISABus *isa_bus;
+DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+
+isa_bus = vt82c686b_init(pci_bus, PCI_DEVFN(slot, 0));
+if (!isa_bus) {
+fprintf(stderr, "vt82c686b_init error\n");
+exit(1);
+}
+*p_isa_bus = isa_bus;
+/* Interrupt controller */
+/* The 8259 -> IP5  */
+i8259 = i8259_init(isa_bus, intc);
+isa_bus_irqs(isa_bus, i8259);
+/* init other devices */
+i8254_pit_init(isa_bus, 0x40, 0, NULL);
+i8257_dma_init(isa_bus, 0);
+
+ide_drive_get(hd, ARRAY_SIZE(hd));
+vt82c686b_ide_init(pci_bus, hd, PCI_DEVFN(slot, 1));
+
+pci_create_simple(pci_bus, PCI_DEVFN(slot, 2), "vt82c686b-usb-uhci");
+pci_create_simple(pci_bus, PCI_DEVFN(slot, 3), "vt82c686b-usb-uhci");
+
+*i2c_bus = vt82c686b_pm_init(pci_bus, PCI_DEVFN(slot, 4), 0xeee1, NULL);
+
+/* Audio support */
+vt82c686b_ac97_init(pci_bus, PCI_DEVFN(slot, 5));
+vt82c686b_mc97_init(pci_bus, PCI_DEVFN(slot, 6));
+
+/* Super I/O */
+isa_create_simple(isa_bus, TYPE_I8042);
+
+serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
+parallel_hds_isa_init(isa_bus, 1);
 }
 
 /* Network support */
@@ -268,11 +299,9 @@ static void mips_fulong2e_init(MachineState *machine)
 MemoryRegion *bios = g_new(MemoryRegion, 1);
 long bios_size;
 int64_t kernel_entry;
-qemu_irq *i8259;
 PCIBus *pci_bus;
 ISABus *isa_bus;
 I2CBus *smbus;
-DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
 MIPSCPU *cpu;
 CPUMIPSState *env;
 
@@ -334,46 +363,16 @@ static void mips_fulong2e_init(MachineState *machine)
 /* North bridge, Bonito --> IP2 */
 pci_bus = bonito_init((qemu_irq *)&(env->irq[2]));
 
-/* South bridge */
-ide_drive_get(hd, ARRAY_SIZE(hd));
-
-isa_bus = vt82c686b_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 0));
-if (!isa_bus) {
-error_report("vt82c686b_init error");
-exit(1);
-}
-
-/* Interrupt controller */
-/* The 8259 -> IP5  */
-i8259 = i8259_init(isa_bus, env->irq[5]);
-isa_bus_irqs(isa_bus, i8259);
-
-vt82c686b_ide_init(pci_bus, hd, PCI_DEVFN(FULONG2E_VIA_SLOT, 1));
-pci_create_simple(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 2),
-  "vt82c686b-usb-uhci");
-pci_create_simple(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 3),
-  "vt82c686b-usb-uhci");
+/* South bridge -> IP5 */
+vt82c686b_southbridge_init(pci_bus, FULONG2E_VIA_SLOT, env->irq[5],
+   , _bus);
 
-smbus = vt82c686b_pm_init(pci_bus, PCI_DEVFN(FULONG2E_VIA_SLOT, 4),
-  0xeee1, NULL);
 /* TODO: Populate SPD eeprom data.  */
 smbus_eeprom_init(smbus, 1, eeprom_spd, sizeof(eeprom_spd));
 
-/* init other devices */
-pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
-i8257_dma_init(isa_bus, 0);
-
-/* Super I/O */
-isa_create_simple(isa_bus, TYPE_I8042);
-
 mc146818_rtc_init(isa_bus, 2000, NULL);
 
-serial_hds_isa_init(isa_bus, 0, MAX_SERIAL_PORTS);
-parallel_hds_isa_init(isa_bus, 1);
-
-/* Sound card */
-audio_init(pci_bus);
-/* Network card */
+/* Network card: RTL8139D */
 network_init(pci_bus);
 }
 
-- 
2.14.3

[Qemu-devel] [PULL 25/69] membarrier: introduce qemu/sys_membarrier.h

[Paolo Bonzini]

This new header file provides heavy-weight "global" memory barriers that
enforce memory ordering on each running thread belonging to the current
process.  For now, use a dummy implementation that issues memory barriers
on both sides (matching what QEMU has been doing so far).

Signed-off-by: Paolo Bonzini 
---
 include/qemu/rcu.h|  7 ---
 include/qemu/sys_membarrier.h | 17 +
 util/rcu.c|  9 +
 3 files changed, 26 insertions(+), 7 deletions(-)
 create mode 100644 include/qemu/sys_membarrier.h

diff --git a/include/qemu/rcu.h b/include/qemu/rcu.h
index 625f09ac09..22876d1428 100644
--- a/include/qemu/rcu.h
+++ b/include/qemu/rcu.h
@@ -27,6 +27,7 @@
 #include "qemu/thread.h"
 #include "qemu/queue.h"
 #include "qemu/atomic.h"
+#include "qemu/sys_membarrier.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -82,7 +83,7 @@ static inline void rcu_read_lock(void)
 atomic_set(_rcu_reader->ctr, ctr);
 
 /* Write p_rcu_reader->ctr before reading RCU-protected pointers.  */
-smp_mb();
+smp_mb_placeholder();
 }
 
 static inline void rcu_read_unlock(void)
@@ -96,13 +97,13 @@ static inline void rcu_read_unlock(void)
 
 /* Ensure that the critical section is seen to precede the
  * store to p_rcu_reader->ctr.  Together with the following
- * smp_mb(), this ensures writes to p_rcu_reader->ctr
+ * smp_mb_placeholder(), this ensures writes to p_rcu_reader->ctr
  * are sequentially consistent.
  */
 atomic_store_release(_rcu_reader->ctr, 0);
 
 /* Write p_rcu_reader->ctr before reading p_rcu_reader->waiting.  */
-smp_mb();
+smp_mb_placeholder();
 if (unlikely(atomic_read(_rcu_reader->waiting))) {
 atomic_set(_rcu_reader->waiting, false);
 qemu_event_set(_gp_event);
diff --git a/include/qemu/sys_membarrier.h b/include/qemu/sys_membarrier.h
new file mode 100644
index 00..9ce7f5210b
--- /dev/null
+++ b/include/qemu/sys_membarrier.h
@@ -0,0 +1,17 @@
+/*
+ * Process-global memory barriers
+ *
+ * Copyright (c) 2018 Red Hat, Inc.
+ *
+ * Author: Paolo Bonzini 
+ */
+
+#ifndef QEMU_SYS_MEMBARRIER_H
+#define QEMU_SYS_MEMBARRIER_H 1
+
+/* Keep it simple, execute a real memory barrier on both sides.  */
+static inline void smp_mb_global_init(void) {}
+#define smp_mb_global()smp_mb()
+#define smp_mb_placeholder()   smp_mb()
+
+#endif
diff --git a/util/rcu.c b/util/rcu.c
index 7366dc50dd..5676c22bd1 100644
--- a/util/rcu.c
+++ b/util/rcu.c
@@ -93,10 +93,10 @@ static void wait_for_readers(void)
 }
 
 /* Here, order the stores to index->waiting before the loads of
- * index->ctr.  Pairs with smp_mb() in rcu_read_unlock(),
+ * index->ctr.  Pairs with smp_mb_placeholder() in rcu_read_unlock(),
  * ensuring that the loads of index->ctr are sequentially consistent.
  */
-smp_mb();
+smp_mb_global();
 
 QLIST_FOREACH_SAFE(index, , node, tmp) {
 if (!rcu_gp_ongoing(>ctr)) {
@@ -145,9 +145,9 @@ void synchronize_rcu(void)
 qemu_mutex_lock(_sync_lock);
 
 /* Write RCU-protected pointers before reading p_rcu_reader->ctr.
- * Pairs with smp_mb() in rcu_read_lock().
+ * Pairs with smp_mb_placeholder() in rcu_read_lock().
  */
-smp_mb();
+smp_mb_global();
 
 qemu_mutex_lock(_registry_lock);
 if (!QLIST_EMPTY()) {
@@ -376,6 +376,7 @@ static void rcu_init_child(void)
 
 static void __attribute__((__constructor__)) rcu_init(void)
 {
+smp_mb_global_init();
 #ifdef CONFIG_POSIX
 pthread_atfork(rcu_init_lock, rcu_init_unlock, rcu_init_child);
 #endif
-- 
2.14.3

[Qemu-devel] [PULL 30/69] MAINTAINERS: Fix the PC87312 include path

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Missed while moving it in 0d09e41a51aa.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-5-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 6703ac8c89..1ff22ce610 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -776,9 +776,10 @@ F: hw/ppc/prep_systemio.c
 F: hw/ppc/rs6000_mc.c
 F: hw/pci-host/prep.[hc]
 F: hw/isa/i82378.c
-F: hw/isa/pc87312.[hc]
+F: hw/isa/pc87312.c
 F: hw/dma/i82374.c
 F: hw/timer/m48t59-isa.c
+F: include/hw/isa/pc87312.h
 F: include/hw/timer/m48t59.h
 F: pc-bios/ppc_rom.bin
 
-- 
2.14.3

[Qemu-devel] [PULL 34/69] hw/isa/superio: Add a Super I/O template based on the PC87312 device

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-9-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS  |  2 ++
 hw/isa/Makefile.objs |  1 +
 hw/isa/isa-superio.c | 28 
 include/hw/isa/superio.h | 44 
 4 files changed, 75 insertions(+)
 create mode 100644 hw/isa/isa-superio.c
 create mode 100644 include/hw/isa/superio.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 1ff22ce610..9f7b8e79c4 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -933,6 +933,7 @@ F: hw/input/pckbd.c
 F: hw/intc/apic*
 F: hw/intc/ioapic*
 F: hw/intc/i8259*
+F: hw/isa/isa-superio.c
 F: hw/misc/debugexit.c
 F: hw/misc/pc-testdev.c
 F: hw/timer/hpet*
@@ -944,6 +945,7 @@ F: include/hw/char/parallel.h
 F: include/hw/dma/i8257.h
 F: include/hw/i2c/pm_smbus.h
 F: include/hw/input/i8042.h
+F: include/hw/isa/superio.h
 F: include/hw/timer/hpet.h
 F: include/hw/timer/i8254*
 F: include/hw/timer/mc146818rtc*
diff --git a/hw/isa/Makefile.objs b/hw/isa/Makefile.objs
index fb37c55cf2..cac655ba58 100644
--- a/hw/isa/Makefile.objs
+++ b/hw/isa/Makefile.objs
@@ -1,4 +1,5 @@
 common-obj-$(CONFIG_ISA_BUS) += isa-bus.o
+common-obj-$(CONFIG_ISA_BUS) += isa-superio.o
 common-obj-$(CONFIG_APM) += apm.o
 common-obj-$(CONFIG_I82378) += i82378.o
 common-obj-$(CONFIG_PC87312) += pc87312.o
diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
new file mode 100644
index 00..14ec16f831
--- /dev/null
+++ b/hw/isa/isa-superio.c
@@ -0,0 +1,28 @@
+/*
+ * Generic ISA Super I/O
+ *
+ * Copyright (c) 2010-2012 Herve Poussineau
+ * Copyright (c) 2011-2012 Andreas Färber
+ * Copyright (c) 2018 Philippe Mathieu-Daudé
+ *
+ * This code is licensed under the GNU GPLv2 and later.
+ * See the COPYING file in the top-level directory.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "qemu/osdep.h"
+#include "hw/isa/superio.h"
+#include "trace.h"
+
+static const TypeInfo isa_superio_type_info = {
+.name = TYPE_ISA_SUPERIO,
+.parent = TYPE_ISA_DEVICE,
+.abstract = true,
+.class_size = sizeof(ISASuperIOClass),
+};
+
+static void isa_superio_register_types(void)
+{
+type_register_static(_superio_type_info);
+}
+
+type_init(isa_superio_register_types)
diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
new file mode 100644
index 00..cff6ad6c08
--- /dev/null
+++ b/include/hw/isa/superio.h
@@ -0,0 +1,44 @@
+/*
+ * Generic ISA Super I/O
+ *
+ * Copyright (c) 2018 Philippe Mathieu-Daudé
+ *
+ * This code is licensed under the GNU GPLv2 and later.
+ * See the COPYING file in the top-level directory.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef HW_ISA_SUPERIO_H
+#define HW_ISA_SUPERIO_H
+
+#include "qemu-common.h"
+#include "sysemu/sysemu.h"
+#include "hw/isa/isa.h"
+
+#define TYPE_ISA_SUPERIO "isa-superio"
+#define ISA_SUPERIO(obj) \
+OBJECT_CHECK(ISASuperIODevice, (obj), TYPE_ISA_SUPERIO)
+#define ISA_SUPERIO_GET_CLASS(obj) \
+OBJECT_GET_CLASS(ISASuperIOClass, (obj), TYPE_ISA_SUPERIO)
+#define ISA_SUPERIO_CLASS(klass) \
+OBJECT_CLASS_CHECK(ISASuperIOClass, (klass), TYPE_ISA_SUPERIO)
+
+typedef struct ISASuperIODevice {
+ISADevice parent_obj;
+} ISASuperIODevice;
+
+typedef struct ISASuperIOFuncs {
+size_t count;
+bool (*is_enabled)(ISASuperIODevice *sio, uint8_t index);
+uint16_t (*get_iobase)(ISASuperIODevice *sio, uint8_t index);
+unsigned int (*get_irq)(ISASuperIODevice *sio, uint8_t index);
+unsigned int (*get_dma)(ISASuperIODevice *sio, uint8_t index);
+} ISASuperIOFuncs;
+
+typedef struct ISASuperIOClass {
+/*< private >*/
+ISADeviceClass parent_class;
+/*< public >*/
+DeviceRealize parent_realize;
+} ISASuperIOClass;
+
+#endif /* HW_ISA_SUPERIO_H */
-- 
2.14.3

[Qemu-devel] [PULL 42/69] hw/isa/superio: Factor out the FDC37M817 Super I/O from mips_malta.c

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-17-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/isa/isa-superio.c | 19 +++
 hw/mips/mips_malta.c | 35 ++-
 include/hw/isa/superio.h |  2 ++
 3 files changed, 31 insertions(+), 25 deletions(-)

diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index f98711beff..b95608a003 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -187,9 +187,28 @@ static const TypeInfo isa_superio_type_info = {
 .class_init = isa_superio_class_init,
 };
 
+/* SMS FDC37M817 Super I/O */
+static void fdc37m81x_class_init(ObjectClass *klass, void *data)
+{
+ISASuperIOClass *sc = ISA_SUPERIO_CLASS(klass);
+
+sc->serial.count = 2; /* NS16C550A */
+sc->parallel.count = 1;
+sc->floppy.count = 1; /* SMSC 82077AA Compatible */
+sc->ide.count = 0;
+}
+
+static const TypeInfo fdc37m81x_type_info = {
+.name  = TYPE_FDC37M81X_SUPERIO,
+.parent= TYPE_ISA_SUPERIO,
+.instance_size = sizeof(ISASuperIODevice),
+.class_init= fdc37m81x_class_init,
+};
+
 static void isa_superio_register_types(void)
 {
 type_register_static(_superio_type_info);
+type_register_static(_type_info);
 }
 
 type_init(isa_superio_register_types)
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 9e0724ca5a..f6513a4fd5 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -27,14 +27,12 @@
 #include "cpu.h"
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
+#include "hw/isa/superio.h"
 #include "hw/dma/i8257.h"
 #include "hw/char/serial.h"
-#include "hw/char/parallel.h"
-#include "hw/block/fdc.h"
 #include "net/net.h"
 #include "hw/boards.h"
 #include "hw/i2c/smbus.h"
-#include "sysemu/block-backend.h"
 #include "hw/block/flash.h"
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
@@ -47,7 +45,6 @@
 #include "hw/loader.h"
 #include "elf.h"
 #include "hw/timer/mc146818rtc.h"
-#include "hw/input/i8042.h"
 #include "hw/timer/i8254.h"
 #include "sysemu/blockdev.h"
 #include "exec/address-spaces.h"
@@ -1005,10 +1002,8 @@ void mips_malta_init(MachineState *machine)
 qemu_irq cbus_irq, i8259_irq;
 int piix4_devfn;
 I2CBus *smbus;
-int i;
 DriveInfo *dinfo;
 DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
-DriveInfo *fd[MAX_FD];
 int fl_idx = 0;
 int fl_sectors = bios_size >> 16;
 int be;
@@ -1023,15 +1018,6 @@ void mips_malta_init(MachineState *machine)
 
 qdev_init_nofail(dev);
 
-/* Make sure the first 3 serial ports are associated with a device. */
-for(i = 0; i < 3; i++) {
-if (!serial_hds[i]) {
-char label[32];
-snprintf(label, sizeof(label), "serial%d", i);
-serial_hds[i] = qemu_chr_new(label, "null");
-}
-}
-
 /* create CPU */
 mips_create_cpu(s, machine->cpu_type, _irq, _irq);
 
@@ -1067,7 +1053,14 @@ void mips_malta_init(MachineState *machine)
 #else
 be = 0;
 #endif
+
 /* FPGA */
+
+/* Make sure the second serial port is associated with a device. */
+if (!serial_hds[2]) {
+serial_hds[2] = qemu_chr_new("fpga-uart", "null");
+}
+
 /* The CBUS UART is attached to the MIPS CPU INT2 pin, ie interrupt 4 */
 malta_fpga_init(system_memory, FPGA_ADDRESS, cbus_irq, serial_hds[2]);
 
@@ -1214,16 +1207,8 @@ void mips_malta_init(MachineState *machine)
 smbus_eeprom_init(smbus, 8, smbus_eeprom_buf, smbus_eeprom_size);
 g_free(smbus_eeprom_buf);
 
-/* Super I/O */
-isa_create_simple(isa_bus, TYPE_I8042);
-
-serial_hds_isa_init(isa_bus, 0, 2);
-parallel_hds_isa_init(isa_bus, 1);
-
-for(i = 0; i < MAX_FD; i++) {
-fd[i] = drive_get(IF_FLOPPY, 0, i);
-}
-fdctrl_init_isa(isa_bus, fd);
+/* Super I/O: SMS FDC37M817 */
+isa_create_simple(isa_bus, TYPE_FDC37M81X_SUPERIO);
 
 /* Network card */
 network_init(pci_bus);
diff --git a/include/hw/isa/superio.h b/include/hw/isa/superio.h
index 3dd5448f8c..b47aac3cf8 100644
--- a/include/hw/isa/superio.h
+++ b/include/hw/isa/superio.h
@@ -54,4 +54,6 @@ typedef struct ISASuperIOClass {
 ISASuperIOFuncs ide;
 } ISASuperIOClass;
 
+#define TYPE_FDC37M81X_SUPERIO  "fdc37m81x-superio"
+
 #endif /* HW_ISA_SUPERIO_H */
-- 
2.14.3

[Qemu-devel] [PULL 21/69] hw/mips/jazz: Fix implicit creation of "-drive if=scsi" devices

[Paolo Bonzini]

From: Thomas Huth 

The global hack for creating SCSI devices has recently been removed,
but this apparently broke SCSI devices on some boards that were not
ready for this change yet. For the pica61 machine you now get:

$ mips64-softmmu/qemu-system-mips64 -M pica61 -cdrom x.iso
qemu-system-mips64: -cdrom x.iso: machine type does not support 
if=scsi,bus=0,unit=2

Fix it by calling scsi_bus_legacy_handle_cmdline() after creating the
corresponding SCSI controller.

Fixes: 1454509726719e0933c800fad00d6999752688ea
Signed-off-by: Thomas Huth 
Message-Id: <1520414644-11535-1-git-send-email-th...@redhat.com>
Reviewed-by: Hervé Poussineau 
Signed-off-by: Paolo Bonzini 
---
 hw/mips/mips_jazz.c   |  7 ---
 hw/scsi/esp.c | 12 +++-
 include/hw/scsi/esp.h | 10 +-
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index 08e6f620fc..e135385265 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -146,6 +146,7 @@ static void mips_jazz_init(MachineState *machine,
 MemoryRegion *ram = g_new(MemoryRegion, 1);
 MemoryRegion *bios = g_new(MemoryRegion, 1);
 MemoryRegion *bios2 = g_new(MemoryRegion, 1);
+ESPState *esp;
 
 /* init CPUs */
 cpu = MIPS_CPU(cpu_create(machine->cpu_type));
@@ -277,9 +278,9 @@ static void mips_jazz_init(MachineState *machine,
 }
 
 /* SCSI adapter */
-esp_init(0x80002000, 0,
- rc4030_dma_read, rc4030_dma_write, dmas[0],
- qdev_get_gpio_in(rc4030, 5), _reset, _enable);
+esp = esp_init(0x80002000, 0, rc4030_dma_read, rc4030_dma_write, dmas[0],
+   qdev_get_gpio_in(rc4030, 5), _reset, _enable);
+scsi_bus_legacy_handle_cmdline(>bus);
 
 /* Floppy */
 for (n = 0; n < MAX_FD; n++) {
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 45975c21e8..64ec285826 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -618,11 +618,11 @@ static const MemoryRegionOps sysbus_esp_mem_ops = {
 .valid.accepts = esp_mem_accepts,
 };
 
-void esp_init(hwaddr espaddr, int it_shift,
-  ESPDMAMemoryReadWriteFunc dma_memory_read,
-  ESPDMAMemoryReadWriteFunc dma_memory_write,
-  void *dma_opaque, qemu_irq irq, qemu_irq *reset,
-  qemu_irq *dma_enable)
+ESPState *esp_init(hwaddr espaddr, int it_shift,
+   ESPDMAMemoryReadWriteFunc dma_memory_read,
+   ESPDMAMemoryReadWriteFunc dma_memory_write,
+   void *dma_opaque, qemu_irq irq, qemu_irq *reset,
+   qemu_irq *dma_enable)
 {
 DeviceState *dev;
 SysBusDevice *s;
@@ -644,6 +644,8 @@ void esp_init(hwaddr espaddr, int it_shift,
 sysbus_mmio_map(s, 0, espaddr);
 *reset = qdev_get_gpio_in(dev, 0);
 *dma_enable = qdev_get_gpio_in(dev, 1);
+
+return esp;
 }
 
 static const struct SCSIBusInfo esp_scsi_info = {
diff --git a/include/hw/scsi/esp.h b/include/hw/scsi/esp.h
index 3b160f858c..93fdaced67 100644
--- a/include/hw/scsi/esp.h
+++ b/include/hw/scsi/esp.h
@@ -7,11 +7,6 @@
 /* esp.c */
 #define ESP_MAX_DEVS 7
 typedef void (*ESPDMAMemoryReadWriteFunc)(void *opaque, uint8_t *buf, int len);
-void esp_init(hwaddr espaddr, int it_shift,
-  ESPDMAMemoryReadWriteFunc dma_memory_read,
-  ESPDMAMemoryReadWriteFunc dma_memory_write,
-  void *dma_opaque, qemu_irq irq, qemu_irq *reset,
-  qemu_irq *dma_enable);
 
 #define ESP_REGS 16
 #define TI_BUFSZ 16
@@ -136,6 +131,11 @@ typedef struct {
 #define TCHI_FAS100A 0x4
 #define TCHI_AM53C974 0x12
 
+ESPState *esp_init(hwaddr espaddr, int it_shift,
+   ESPDMAMemoryReadWriteFunc dma_memory_read,
+   ESPDMAMemoryReadWriteFunc dma_memory_write,
+   void *dma_opaque, qemu_irq irq, qemu_irq *reset,
+   qemu_irq *dma_enable);
 void esp_dma_enable(ESPState *s, int irq, int level);
 void esp_request_cancelled(SCSIRequest *req);
 void esp_command_complete(SCSIRequest *req, uint32_t status, size_t resid);
-- 
2.14.3

[Qemu-devel] [PULL 28/69] hw/dma/i8257: Rename DMA_init() to i8257_dma_init()

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

- Move the header from hw/isa/ to hw/dma/
- Remove the old i386/pc dependency
- use a bool type for the high_page_enable argument

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-3-f4...@amsat.org>
Reviewed-by: Mark Cave-Ayland 
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS | 2 +-
 hw/dma/i82374.c | 3 ++-
 hw/dma/i8257.c  | 4 ++--
 hw/i386/pc.c| 3 ++-
 hw/mips/mips_fulong2e.c | 3 ++-
 hw/mips/mips_jazz.c | 3 ++-
 hw/mips/mips_malta.c| 3 ++-
 hw/sparc/sun4m.c| 4 
 hw/sparc64/sun4u.c  | 4 
 include/hw/{isa => dma}/i8257.h | 6 ++
 include/hw/isa/isa.h| 2 --
 11 files changed, 19 insertions(+), 18 deletions(-)
 rename include/hw/{isa => dma}/i8257.h (86%)

diff --git a/MAINTAINERS b/MAINTAINERS
index 02ac81432f..319ac9f929 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -940,8 +940,8 @@ F: hw/timer/mc146818rtc*
 F: hw/watchdog/wdt_ib700.c
 F: include/hw/display/vga.h
 F: include/hw/char/parallel.h
+F: include/hw/dma/i8257.h
 F: include/hw/i2c/pm_smbus.h
-F: include/hw/isa/i8257.h
 F: include/hw/timer/hpet.h
 F: include/hw/timer/i8254*
 F: include/hw/timer/mc146818rtc*
diff --git a/hw/dma/i82374.c b/hw/dma/i82374.c
index 6c0f975df0..83c87d92e0 100644
--- a/hw/dma/i82374.c
+++ b/hw/dma/i82374.c
@@ -24,6 +24,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/isa/isa.h"
+#include "hw/dma/i8257.h"
 
 #define TYPE_I82374 "i82374"
 #define I82374(obj) OBJECT_CHECK(I82374State, (obj), TYPE_I82374)
@@ -123,7 +124,7 @@ static void i82374_realize(DeviceState *dev, Error **errp)
 portio_list_add(>port_list, isa_address_space_io(>parent_obj),
 s->iobase);
 
-DMA_init(isa_bus_from_device(ISA_DEVICE(dev)), 1);
+i8257_dma_init(isa_bus_from_device(ISA_DEVICE(dev)), true);
 memset(s->commands, 0, sizeof(s->commands));
 }
 
diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index bd23e893bf..52675e97c9 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -24,7 +24,7 @@
 #include "qemu/osdep.h"
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
-#include "hw/isa/i8257.h"
+#include "hw/dma/i8257.h"
 #include "qemu/main-loop.h"
 #include "trace.h"
 
@@ -622,7 +622,7 @@ static void i8257_register_types(void)
 
 type_init(i8257_register_types)
 
-void DMA_init(ISABus *bus, int high_page_enable)
+void i8257_dma_init(ISABus *bus, bool high_page_enable)
 {
 ISADevice *isa1, *isa2;
 DeviceState *d;
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 8fa51d8eba..a6ceea9c64 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -41,6 +41,7 @@
 #include "elf.h"
 #include "multiboot.h"
 #include "hw/timer/mc146818rtc.h"
+#include "hw/dma/i8257.h"
 #include "hw/timer/i8254.h"
 #include "hw/audio/pcspk.h"
 #include "hw/pci/msi.h"
@@ -1607,7 +1608,7 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
 port92_init(port92, a20_line[1]);
 g_free(a20_line);
 
-DMA_init(isa_bus, 0);
+i8257_dma_init(isa_bus, 0);
 
 for(i = 0; i < MAX_FD; i++) {
 fd[i] = drive_get(IF_FLOPPY, 0, i);
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index a8e8c23733..1e43768589 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -22,6 +22,7 @@
 #include "qapi/error.h"
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
+#include "hw/dma/i8257.h"
 #include "hw/char/serial.h"
 #include "hw/char/parallel.h"
 #include "hw/block/fdc.h"
@@ -359,7 +360,7 @@ static void mips_fulong2e_init(MachineState *machine)
 
 /* init other devices */
 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
-DMA_init(isa_bus, 0);
+i8257_dma_init(isa_bus, 0);
 
 /* Super I/O */
 isa_create_simple(isa_bus, "i8042");
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index c87a122ddf..8b6f03a889 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -27,6 +27,7 @@
 #include "hw/mips/mips.h"
 #include "hw/mips/cpudevs.h"
 #include "hw/i386/pc.h"
+#include "hw/dma/i8257.h"
 #include "hw/char/serial.h"
 #include "hw/char/parallel.h"
 #include "hw/isa/isa.h"
@@ -220,7 +221,7 @@ static void mips_jazz_init(MachineState *machine,
 /* ISA devices */
 i8259 = i8259_init(isa_bus, env->irq[4]);
 isa_bus_irqs(isa_bus, i8259);
-DMA_init(isa_bus, 0);
+i8257_dma_init(isa_bus, 0);
 pit = i8254_pit_init(isa_bus, 0x40, 0, NULL);
 pcspk_init(isa_bus, pit);
 
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index c74882c7e9..9cb86c432e 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -27,6 +27,7 @@
 #include "cpu.h"
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
+#include "hw/dma/i8257.h"
 #include "hw/char/serial.h"
 #include "hw/char/parallel.h"
 #include "hw/block/fdc.h"
@@ -1209,7 +1210,7 @@ void mips_malta_init(MachineState *machine)
 smbus_eeprom_init(smbus, 8, 

[Qemu-devel] [PULL 36/69] hw/isa/superio: Factor out the parallel code from pc87312.c

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-11-f4...@amsat.org>
Signed-off-by: Paolo Bonzini 
---
 hw/isa/isa-superio.c | 65 
 hw/isa/pc87312.c | 38 +++-
 hw/isa/trace-events  |  4 ++-
 include/hw/isa/pc87312.h |  4 ---
 include/hw/isa/superio.h |  6 +
 5 files changed, 89 insertions(+), 28 deletions(-)

diff --git a/hw/isa/isa-superio.c b/hw/isa/isa-superio.c
index 14ec16f831..eb263fcc3a 100644
--- a/hw/isa/isa-superio.c
+++ b/hw/isa/isa-superio.c
@@ -10,14 +10,79 @@
  * SPDX-License-Identifier: GPL-2.0-or-later
  */
 #include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "sysemu/sysemu.h"
+#include "chardev/char.h"
 #include "hw/isa/superio.h"
 #include "trace.h"
 
+static void isa_superio_realize(DeviceState *dev, Error **errp)
+{
+ISASuperIODevice *sio = ISA_SUPERIO(dev);
+ISASuperIOClass *k = ISA_SUPERIO_GET_CLASS(sio);
+ISABus *bus = isa_bus_from_device(ISA_DEVICE(dev));
+ISADevice *isa;
+DeviceState *d;
+Chardev *chr;
+char *name;
+int i;
+
+/* Parallel port */
+for (i = 0; i < k->parallel.count; i++) {
+if (i >= ARRAY_SIZE(sio->parallel)) {
+warn_report("superio: ignoring %td parallel controllers",
+k->parallel.count - ARRAY_SIZE(sio->parallel));
+break;
+}
+if (!k->parallel.is_enabled || k->parallel.is_enabled(sio, i)) {
+/* FIXME use a qdev chardev prop instead of parallel_hds[] */
+chr = parallel_hds[i];
+if (chr == NULL || chr->be) {
+name = g_strdup_printf("discarding-parallel%d", i);
+chr = qemu_chr_new(name, "null");
+} else {
+name = g_strdup_printf("parallel%d", i);
+}
+isa = isa_create(bus, "isa-parallel");
+d = DEVICE(isa);
+qdev_prop_set_uint32(d, "index", i);
+if (k->parallel.get_iobase) {
+qdev_prop_set_uint32(d, "iobase",
+ k->parallel.get_iobase(sio, i));
+}
+if (k->parallel.get_irq) {
+qdev_prop_set_uint32(d, "irq", k->parallel.get_irq(sio, i));
+}
+qdev_prop_set_chr(d, "chardev", chr);
+qdev_init_nofail(d);
+sio->parallel[i] = isa;
+trace_superio_create_parallel(i,
+  k->parallel.get_iobase ?
+  k->parallel.get_iobase(sio, i) : -1,
+  k->parallel.get_irq ?
+  k->parallel.get_irq(sio, i) : -1);
+object_property_add_child(OBJECT(dev), name,
+  OBJECT(sio->parallel[i]), NULL);
+g_free(name);
+}
+}
+}
+
+static void isa_superio_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+
+dc->realize = isa_superio_realize;
+/* Reason: Uses parallel_hds[0] in realize(), so it can't be used twice */
+dc->user_creatable = false;
+}
+
 static const TypeInfo isa_superio_type_info = {
 .name = TYPE_ISA_SUPERIO,
 .parent = TYPE_ISA_DEVICE,
 .abstract = true,
 .class_size = sizeof(ISASuperIOClass),
+.class_init = isa_superio_class_init,
 };
 
 static void isa_superio_register_types(void)
diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index 6b8100ff56..1c15715c69 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -64,22 +64,25 @@
 
 /* Parallel port */
 
-static inline bool is_parallel_enabled(PC87312State *s)
+static bool is_parallel_enabled(ISASuperIODevice *sio, uint8_t index)
 {
-return s->regs[REG_FER] & FER_PARALLEL_EN;
+PC87312State *s = PC87312(sio);
+return index ? false : s->regs[REG_FER] & FER_PARALLEL_EN;
 }
 
 static const uint16_t parallel_base[] = { 0x378, 0x3bc, 0x278, 0x00 };
 
-static inline uint16_t get_parallel_iobase(PC87312State *s)
+static uint16_t get_parallel_iobase(ISASuperIODevice *sio, uint8_t index)
 {
+PC87312State *s = PC87312(sio);
 return parallel_base[s->regs[REG_FAR] & FAR_PARALLEL_ADDR];
 }
 
 static const unsigned int parallel_irq[] = { 5, 7, 5, 0 };
 
-static inline unsigned int get_parallel_irq(PC87312State *s)
+static unsigned int get_parallel_irq(ISASuperIODevice *sio, uint8_t index)
 {
+PC87312State *s = PC87312(sio);
 int idx;
 idx = (s->regs[REG_FAR] & FAR_PARALLEL_ADDR);
 if (idx == 0) {
@@ -286,24 +289,6 @@ static void pc87312_realize(DeviceState *dev, Error **errp)
 return;
 }
 
-if (is_parallel_enabled(s)) {
-/* FIXME use a qdev chardev prop instead of parallel_hds[] */
-chr = parallel_hds[0];
-if (chr == NULL) {
-chr = qemu_chr_new("par0", 

[Qemu-devel] [PULL 31/69] hw/isa/pc87312: Rename the device type as TYPE_PC87312_SUPERIO

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: David Gibson  (hw/ppc)
Message-Id: <20180308223946.26784-6-f4...@amsat.org>
Reviewed-by: Mark Cave-Ayland 
Signed-off-by: Paolo Bonzini 
---
 hw/isa/pc87312.c | 2 +-
 hw/ppc/prep.c| 2 +-
 include/hw/isa/pc87312.h | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index 48b29e3c3c..e9edbc6c50 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -391,7 +391,7 @@ static void pc87312_class_init(ObjectClass *klass, void 
*data)
 }
 
 static const TypeInfo pc87312_type_info = {
-.name  = TYPE_PC87312,
+.name  = TYPE_PC87312_SUPERIO,
 .parent= TYPE_ISA_DEVICE,
 .instance_size = sizeof(PC87312State),
 .instance_init = pc87312_initfn,
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 85b4fae3c7..df774bd384 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -612,7 +612,7 @@ static void ppc_prep_init(MachineState *machine)
 isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(pci), "isa.0"));
 
 /* Super I/O (parallel + serial ports) */
-isa = isa_create(isa_bus, TYPE_PC87312);
+isa = isa_create(isa_bus, TYPE_PC87312_SUPERIO);
 dev = DEVICE(isa);
 qdev_prop_set_uint8(dev, "config", 13); /* fdc, ser0, ser1, par0 */
 qdev_init_nofail(dev);
diff --git a/include/hw/isa/pc87312.h b/include/hw/isa/pc87312.h
index bf74470d40..710eb1c807 100644
--- a/include/hw/isa/pc87312.h
+++ b/include/hw/isa/pc87312.h
@@ -28,8 +28,8 @@
 #include "hw/isa/isa.h"
 
 
-#define TYPE_PC87312 "pc87312"
-#define PC87312(obj) OBJECT_CHECK(PC87312State, (obj), TYPE_PC87312)
+#define TYPE_PC87312_SUPERIO "pc87312"
+#define PC87312(obj) OBJECT_CHECK(PC87312State, (obj), TYPE_PC87312_SUPERIO)
 
 typedef struct PC87312State {
 ISADevice dev;
-- 
2.14.3

[Qemu-devel] [PULL 19/69] hw/i386: make IOMMUs configurable via default-configs/

[Paolo Bonzini]

Allow distributions to disable the Intel and/or AMD IOMMU devices.

Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Paolo Bonzini 
---
 default-configs/i386-softmmu.mak   | 2 ++
 default-configs/x86_64-softmmu.mak | 2 ++
 hw/i386/Makefile.objs  | 4 ++--
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index 3326e3e0bb..9e5a29fa4a 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -63,3 +63,5 @@ CONFIG_PXB=y
 CONFIG_ACPI_VMGENID=y
 CONFIG_FW_CFG_DMA=y
 CONFIG_I2C=y
+CONFIG_VTD=y
+CONFIG_AMD_IOMMU=y
diff --git a/default-configs/x86_64-softmmu.mak 
b/default-configs/x86_64-softmmu.mak
index 1c6cda1d9a..7baf91b921 100644
--- a/default-configs/x86_64-softmmu.mak
+++ b/default-configs/x86_64-softmmu.mak
@@ -63,3 +63,5 @@ CONFIG_PXB=y
 CONFIG_ACPI_VMGENID=y
 CONFIG_FW_CFG_DMA=y
 CONFIG_I2C=y
+CONFIG_VTD=y
+CONFIG_AMD_IOMMU=y
diff --git a/hw/i386/Makefile.objs b/hw/i386/Makefile.objs
index fd279e7584..fa87a14152 100644
--- a/hw/i386/Makefile.objs
+++ b/hw/i386/Makefile.objs
@@ -2,8 +2,8 @@ obj-$(CONFIG_KVM) += kvm/
 obj-y += multiboot.o
 obj-y += pc.o pc_piix.o pc_q35.o
 obj-y += pc_sysfw.o
-obj-y += x86-iommu.o intel_iommu.o
-obj-y += amd_iommu.o
+obj-$(CONFIG_VTD) += x86-iommu.o intel_iommu.o
+obj-$(CONFIG_AMD_IOMMU) += x86-iommu.o amd_iommu.o
 obj-$(CONFIG_XEN) += ../xenpv/ xen/
 obj-$(CONFIG_VMPORT) += vmport.o
 obj-$(CONFIG_VMMOUSE) += vmmouse.o
-- 
2.14.3

[Qemu-devel] [PULL 27/69] hw/isa: Move parallel_hds_isa_init() to hw/char/parallel-isa.c

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Again... (after 07dc788054d7 and 9157eee1b1c0).

We now extract the ISA bus specific helpers.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20180308223946.26784-2-f4...@amsat.org>
Reviewed-by: Mark Cave-Ayland 
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS|  3 ++-
 hw/char/Makefile.objs  |  1 +
 hw/char/parallel-isa.c | 36 
 hw/char/parallel.c |  2 +-
 hw/i386/pc.c   |  1 +
 hw/isa/isa-bus.c   | 26 --
 hw/mips/mips_fulong2e.c|  1 +
 hw/mips/mips_jazz.c|  1 +
 hw/mips/mips_malta.c   |  1 +
 hw/sparc64/sun4u.c |  1 +
 include/hw/char/parallel.h | 14 ++
 include/hw/i386/pc.h   |  8 
 12 files changed, 59 insertions(+), 36 deletions(-)
 create mode 100644 hw/char/parallel-isa.c
 create mode 100644 include/hw/char/parallel.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 354a18ce49..02ac81432f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -924,7 +924,7 @@ M: Michael S. Tsirkin 
 M: Paolo Bonzini 
 S: Supported
 F: hw/char/debugcon.c
-F: hw/char/parallel.c
+F: hw/char/parallel*
 F: hw/char/serial*
 F: hw/dma/i8257*
 F: hw/i2c/pm_smbus.c
@@ -939,6 +939,7 @@ F: hw/timer/i8254*
 F: hw/timer/mc146818rtc*
 F: hw/watchdog/wdt_ib700.c
 F: include/hw/display/vga.h
+F: include/hw/char/parallel.h
 F: include/hw/i2c/pm_smbus.h
 F: include/hw/isa/i8257.h
 F: include/hw/timer/hpet.h
diff --git a/hw/char/Makefile.objs b/hw/char/Makefile.objs
index 1bcd37e98d..1b979100b7 100644
--- a/hw/char/Makefile.objs
+++ b/hw/char/Makefile.objs
@@ -1,6 +1,7 @@
 common-obj-$(CONFIG_IPACK) += ipoctal232.o
 common-obj-$(CONFIG_ESCC) += escc.o
 common-obj-$(CONFIG_PARALLEL) += parallel.o
+common-obj-$(CONFIG_PARALLEL) += parallel-isa.o
 common-obj-$(CONFIG_PL011) += pl011.o
 common-obj-$(CONFIG_SERIAL) += serial.o
 common-obj-$(CONFIG_SERIAL_ISA) += serial-isa.o
diff --git a/hw/char/parallel-isa.c b/hw/char/parallel-isa.c
new file mode 100644
index 00..639e179585
--- /dev/null
+++ b/hw/char/parallel-isa.c
@@ -0,0 +1,36 @@
+/*
+ * QEMU Parallel PORT (ISA bus helpers)
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: MIT
+ */
+#include "qemu/osdep.h"
+#include "sysemu/sysemu.h"
+#include "hw/isa/isa.h"
+#include "hw/char/parallel.h"
+
+static void parallel_init(ISABus *bus, int index, Chardev *chr)
+{
+DeviceState *dev;
+ISADevice *isadev;
+
+isadev = isa_create(bus, "isa-parallel");
+dev = DEVICE(isadev);
+qdev_prop_set_uint32(dev, "index", index);
+qdev_prop_set_chr(dev, "chardev", chr);
+qdev_init_nofail(dev);
+}
+
+void parallel_hds_isa_init(ISABus *bus, int n)
+{
+int i;
+
+assert(n <= MAX_PARALLEL_PORTS);
+
+for (i = 0; i < n; i++) {
+if (parallel_hds[i]) {
+parallel_init(bus, i, parallel_hds[i]);
+}
+}
+}
diff --git a/hw/char/parallel.c b/hw/char/parallel.c
index f79dc76543..1542d62201 100644
--- a/hw/char/parallel.c
+++ b/hw/char/parallel.c
@@ -28,7 +28,7 @@
 #include "chardev/char-parallel.h"
 #include "chardev/char-fe.h"
 #include "hw/isa/isa.h"
-#include "hw/i386/pc.h"
+#include "hw/char/parallel.h"
 #include "sysemu/sysemu.h"
 
 //#define DEBUG_PARALLEL
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 0c140f4dc7..8fa51d8eba 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -26,6 +26,7 @@
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
 #include "hw/char/serial.h"
+#include "hw/char/parallel.h"
 #include "hw/i386/apic.h"
 #include "hw/i386/topology.h"
 #include "sysemu/cpus.h"
diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index 0f2e426d02..63fa77effc 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -24,7 +24,6 @@
 #include "hw/sysbus.h"
 #include "sysemu/sysemu.h"
 #include "hw/isa/isa.h"
-#include "hw/i386/pc.h"
 
 static ISABus *isabus;
 
@@ -288,28 +287,3 @@ MemoryRegion *isa_address_space_io(ISADevice *dev)
 }
 
 type_init(isabus_register_types)
-
-static void parallel_init(ISABus *bus, int index, Chardev *chr)
-{
-DeviceState *dev;
-ISADevice *isadev;
-
-isadev = isa_create(bus, "isa-parallel");
-dev = DEVICE(isadev);
-qdev_prop_set_uint32(dev, "index", index);
-qdev_prop_set_chr(dev, "chardev", chr);
-qdev_init_nofail(dev);
-}
-
-void parallel_hds_isa_init(ISABus *bus, int n)
-{
-int i;
-
-assert(n <= MAX_PARALLEL_PORTS);
-
-for (i = 0; i < n; i++) {
-if (parallel_hds[i]) {
-parallel_init(bus, i, parallel_hds[i]);
-}
-}
-}
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index be4f83973d..a8e8c23733 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -23,6 +23,7 @@
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
 #include "hw/char/serial.h"
+#include "hw/char/parallel.h"
 #include "hw/block/fdc.h"
 

[Qemu-devel] [PULL 23/69] docs: document atomic_load_acquire and atomic_store_release

[Paolo Bonzini]

We will use them in the next patch, document what they do.

Signed-off-by: Paolo Bonzini 
---
 docs/devel/atomics.txt | 57 ++
 1 file changed, 30 insertions(+), 27 deletions(-)

diff --git a/docs/devel/atomics.txt b/docs/devel/atomics.txt
index 10c5fa37e8..a4db3a4aaa 100644
--- a/docs/devel/atomics.txt
+++ b/docs/devel/atomics.txt
@@ -122,20 +122,30 @@ In general, if the algorithm you are writing includes 
both writes
 and reads on the same side, it is generally simpler to use sequentially
 consistent primitives.
 
-When using this model, variables are accessed with atomic_read() and
-atomic_set(), and restrictions to the ordering of accesses is enforced
+When using this model, variables are accessed with:
+
+- atomic_read() and atomic_set(); these prevent the compiler from
+  optimizing accesses out of existence and creating unsolicited
+  accesses, but do not otherwise impose any ordering on loads and
+  stores: both the compiler and the processor are free to reorder
+  them.
+
+- atomic_load_acquire(), which guarantees the LOAD to appear to
+  happen, with respect to the other components of the system,
+  before all the LOAD or STORE operations specified afterwards.
+  Operations coming before atomic_load_acquire() can still be
+  reordered after it.
+
+- atomic_store_release(), which guarantees the STORE to appear to
+  happen, with respect to the other components of the system,
+  after all the LOAD or STORE operations specified afterwards.
+  Operations coming after atomic_store_release() can still be
+  reordered after it.
+
+Restrictions to the ordering of accesses can also be specified
 using the memory barrier macros: smp_rmb(), smp_wmb(), smp_mb(),
 smp_mb_acquire(), smp_mb_release(), smp_read_barrier_depends().
 
-atomic_read() and atomic_set() prevents the compiler from using
-optimizations that might otherwise optimize accesses out of existence
-on the one hand, or that might create unsolicited accesses on the other.
-In general this should not have any effect, because the same compiler
-barriers are already implied by memory barriers.  However, it is useful
-to do so, because it tells readers which variables are shared with
-other threads, and which are local to the current thread or protected
-by other, more mundane means.
-
 Memory barriers control the order of references to shared memory.
 They come in six kinds:
 
@@ -232,7 +242,7 @@ make atomic_mb_set() the more expensive operation.
 
 There are two common cases in which atomic_mb_read and atomic_mb_set
 generate too many memory barriers, and thus it can be useful to manually
-place barriers instead:
+place barriers, or use atomic_load_acquire/atomic_store_release instead:
 
 - when a data structure has one thread that is always a writer
   and one thread that is always a reader, manual placement of
@@ -243,18 +253,15 @@ place barriers instead:
  thread 1thread 1
  -   
  (other writes)
- smp_mb_release()
- atomic_mb_set(, x)atomic_set(, x)
- smp_wmb()
- atomic_mb_set(, y)atomic_set(, y)
+ atomic_mb_set(, x)atomic_store_release(, x)
+ atomic_mb_set(, y)atomic_store_release(, y)
 
=>
  thread 2thread 2
  -   
- y = atomic_mb_read()  y = atomic_read()
- smp_rmb()
- x = atomic_mb_read()  x = atomic_read()
- smp_mb_acquire()
+ y = atomic_mb_read()  y = atomic_load_acquire()
+ x = atomic_mb_read()  x = atomic_load_acquire()
+ (other reads)
 
   Note that the barrier between the stores in thread 1, and between
   the loads in thread 2, has been optimized here to a write or a
@@ -276,7 +283,6 @@ place barriers instead:
  smp_mb_acquire();
 
   Similarly, atomic_mb_set() can be transformed as follows:
-  smp_mb():
 
  smp_mb_release();
  for (i = 0; i < 10; i++)  =>for (i = 0; i < 10; i++)
@@ -284,6 +290,8 @@ place barriers instead:
  smp_mb();
 
 
+  The other thread can still use atomic_mb_read()/atomic_mb_set().
+
 The two tricks can be combined.  In this case, splitting a loop in
 two lets you hoist the barriers out of the loops _and_ eliminate the
 expensive smp_mb():
@@ -296,8 +304,6 @@ expensive smp_mb():
atomic_set([i], false);
  smp_mb();
 
-  

[Qemu-devel] [PULL 29/69] hw/input/i8042: Extract declarations from i386/pc.h into input/i8042.h

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: David Gibson  (hw/ppc)
Message-Id: <20180308223946.26784-4-f4...@amsat.org>
Reviewed-by: Mark Cave-Ayland 
Signed-off-by: Paolo Bonzini 
---
 MAINTAINERS  |  1 +
 hw/alpha/dp264.c |  3 ++-
 hw/i386/pc.c |  1 +
 hw/i386/vmmouse.c|  1 +
 hw/i386/vmport.c |  1 +
 hw/input/pckbd.c |  2 +-
 hw/mips/mips_fulong2e.c  |  3 ++-
 hw/mips/mips_jazz.c  |  1 +
 hw/mips/mips_malta.c |  3 ++-
 hw/mips/mips_r4k.c   |  3 ++-
 hw/ppc/prep.c|  5 +++--
 hw/sparc64/sun4u.c   |  1 +
 hw/unicore32/puv3.c  |  1 +
 include/hw/i386/pc.h |  9 -
 include/hw/input/i8042.h | 24 
 15 files changed, 43 insertions(+), 16 deletions(-)
 create mode 100644 include/hw/input/i8042.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 319ac9f929..6703ac8c89 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -942,6 +942,7 @@ F: include/hw/display/vga.h
 F: include/hw/char/parallel.h
 F: include/hw/dma/i8257.h
 F: include/hw/i2c/pm_smbus.h
+F: include/hw/input/i8042.h
 F: include/hw/timer/hpet.h
 F: include/hw/timer/i8254*
 F: include/hw/timer/mc146818rtc*
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index 766373eec7..e13cb576fd 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -19,6 +19,7 @@
 #include "hw/timer/mc146818rtc.h"
 #include "hw/ide.h"
 #include "hw/timer/i8254.h"
+#include "hw/input/i8042.h"
 #include "hw/char/serial.h"
 #include "qemu/cutils.h"
 
@@ -81,7 +82,7 @@ static void clipper_init(MachineState *machine)
 mc146818_rtc_init(isa_bus, 1900, rtc_irq);
 
 i8254_pit_init(isa_bus, 0x40, 0, NULL);
-isa_create_simple(isa_bus, "i8042");
+isa_create_simple(isa_bus, TYPE_I8042);
 
 /* VGA setup.  Don't bother loading the bios.  */
 pci_vga_init(pci_bus);
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index a6ceea9c64..853a01d791 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -43,6 +43,7 @@
 #include "hw/timer/mc146818rtc.h"
 #include "hw/dma/i8257.h"
 #include "hw/timer/i8254.h"
+#include "hw/input/i8042.h"
 #include "hw/audio/pcspk.h"
 #include "hw/pci/msi.h"
 #include "hw/sysbus.h"
diff --git a/hw/i386/vmmouse.c b/hw/i386/vmmouse.c
index 65ef55329e..5d2d278be4 100644
--- a/hw/i386/vmmouse.c
+++ b/hw/i386/vmmouse.c
@@ -25,6 +25,7 @@
 #include "hw/hw.h"
 #include "ui/console.h"
 #include "hw/i386/pc.h"
+#include "hw/input/i8042.h"
 #include "hw/qdev.h"
 
 /* debug only vmmouse */
diff --git a/hw/i386/vmport.c b/hw/i386/vmport.c
index 116aa09819..3bf8cfe041 100644
--- a/hw/i386/vmport.c
+++ b/hw/i386/vmport.c
@@ -25,6 +25,7 @@
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
 #include "hw/i386/pc.h"
+#include "hw/input/i8042.h"
 #include "sysemu/hw_accel.h"
 #include "hw/qdev.h"
 #include "qemu/log.h"
diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index c479f827b6..f17f18e51b 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -26,6 +26,7 @@
 #include "hw/isa/isa.h"
 #include "hw/i386/pc.h"
 #include "hw/input/ps2.h"
+#include "hw/input/i8042.h"
 #include "sysemu/sysemu.h"
 
 /* debug PC keyboard */
@@ -480,7 +481,6 @@ void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
 qemu_register_reset(kbd_reset, s);
 }
 
-#define TYPE_I8042 "i8042"
 #define I8042(obj) OBJECT_CHECK(ISAKBDState, (obj), TYPE_I8042)
 
 typedef struct ISAKBDState {
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index 1e43768589..a15d3b60cc 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -43,6 +43,7 @@
 #include "hw/isa/vt82c686.h"
 #include "hw/timer/mc146818rtc.h"
 #include "hw/timer/i8254.h"
+#include "hw/input/i8042.h"
 #include "sysemu/blockdev.h"
 #include "exec/address-spaces.h"
 #include "sysemu/qtest.h"
@@ -363,7 +364,7 @@ static void mips_fulong2e_init(MachineState *machine)
 i8257_dma_init(isa_bus, 0);
 
 /* Super I/O */
-isa_create_simple(isa_bus, "i8042");
+isa_create_simple(isa_bus, TYPE_I8042);
 
 mc146818_rtc_init(isa_bus, 2000, NULL);
 
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index 8b6f03a889..7223085547 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -43,6 +43,7 @@
 #include "hw/timer/i8254.h"
 #include "hw/display/vga.h"
 #include "hw/audio/pcspk.h"
+#include "hw/input/i8042.h"
 #include "hw/sysbus.h"
 #include "exec/address-spaces.h"
 #include "sysemu/qtest.h"
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 9cb86c432e..cd7bd0eef6 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -47,6 +47,7 @@
 #include "hw/loader.h"
 #include "elf.h"
 #include "hw/timer/mc146818rtc.h"
+#include "hw/input/i8042.h"
 #include "hw/timer/i8254.h"
 #include "sysemu/blockdev.h"
 #include "exec/address-spaces.h"
@@ -1213,7 +1214,7 @@ void mips_malta_init(MachineState *machine)
 i8257_dma_init(isa_bus, 0);
 
 /* 

[Qemu-devel] [PULL 16/69] chardev: tcp: postpone async connection setup

[Paolo Bonzini]

From: Peter Xu 

This patch allows the socket chardev async connection be setup with
non-default gcontext.  We do it by postponing the setup to machine done,
since until then we can know which context we should run the async
operation on.

Reviewed-by: Paolo Bonzini 
Signed-off-by: Peter Xu 
Message-Id: <20180306053320.15401-8-pet...@redhat.com>
Acked-by: Stefan Hajnoczi 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Paolo Bonzini 
---
 chardev/char-socket.c | 17 ++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 09aa345869..f6ad6ee4d8 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -1005,9 +1005,8 @@ static void qmp_chardev_open_socket(Chardev *chr,
 s->reconnect_time = reconnect;
 }
 
-if (s->reconnect_time) {
-tcp_chr_connect_async(chr);
-} else {
+/* If reconnect_time is set, will do that in chr_machine_done. */
+if (!s->reconnect_time) {
 if (s->is_listen) {
 char *name;
 s->listener = qio_net_listener_new();
@@ -1139,6 +1138,17 @@ char_socket_get_connected(Object *obj, Error **errp)
 return s->connected;
 }
 
+static int tcp_chr_machine_done_hook(Chardev *chr)
+{
+SocketChardev *s = SOCKET_CHARDEV(chr);
+
+if (s->reconnect_time) {
+tcp_chr_connect_async(chr);
+}
+
+return 0;
+}
+
 static void char_socket_class_init(ObjectClass *oc, void *data)
 {
 ChardevClass *cc = CHARDEV_CLASS(oc);
@@ -1154,6 +1164,7 @@ static void char_socket_class_init(ObjectClass *oc, void 
*data)
 cc->chr_add_client = tcp_chr_add_client;
 cc->chr_add_watch = tcp_chr_add_watch;
 cc->chr_update_read_handler = tcp_chr_update_read_handler;
+cc->chr_machine_done = tcp_chr_machine_done_hook;
 
 object_class_property_add(oc, "addr", "SocketAddress",
   char_socket_get_addr, NULL,
-- 
2.14.3

[Qemu-devel] [PULL 17/69] chardev: tcp: let TLS run on chardev context

[Paolo Bonzini]

From: Peter Xu 

Now qio_channel_tls_handshake() is ready to receive the context.  Let
socket chardev use it, then the TLS handshake of chardev will always be
with the chardev's context.

Signed-off-by: Peter Xu 
Message-Id: <20180306053320.15401-9-pet...@redhat.com>
Acked-by: Stefan Hajnoczi 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Paolo Bonzini 
---
 chardev/char-socket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index f6ad6ee4d8..36a8fcc194 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -751,7 +751,7 @@ static void tcp_chr_tls_init(Chardev *chr)
   tcp_chr_tls_handshake,
   chr,
   NULL,
-  NULL);
+  chr->gcontext);
 }
 
 
-- 
2.14.3

[Qemu-devel] [PULL 26/69] membarrier: add --enable-membarrier

[Paolo Bonzini]

Actually enable the global memory barriers if supported by the OS.
Because only recent versions of Linux include the support, they
are disabled by default.  Note that it also has to be disabled
for QEMU to run under Wine.

Before this patch, rcutorture reports 85 ns/read for my machine,
after the patch it reports 12.5 ns/read.  On the other hand updates
go from 50 *micro*seconds to 20 *milli*seconds.

Signed-off-by: Paolo Bonzini 
---
 configure | 42 +++-
 include/qemu/sys_membarrier.h | 10 +
 util/Makefile.objs|  1 +
 util/sys_membarrier.c | 50 +++
 4 files changed, 102 insertions(+), 1 deletion(-)
 create mode 100644 util/sys_membarrier.c

diff --git a/configure b/configure
index 26d56eb5bb..db87fc4fed 100755
--- a/configure
+++ b/configure
@@ -342,7 +342,7 @@ attr=""
 libattr=""
 xfs=""
 tcg="yes"
-
+membarrier=""
 vhost_net="no"
 vhost_crypto="no"
 vhost_scsi="no"
@@ -1161,6 +1161,10 @@ for opt do
   ;;
   --enable-attr) attr="yes"
   ;;
+  --disable-membarrier) membarrier="no"
+  ;;
+  --enable-membarrier) membarrier="yes"
+  ;;
   --disable-blobs) blobs="no"
   ;;
   --with-pkgversion=*) pkgversion="$optarg"
@@ -1577,6 +1581,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   xen-pci-passthrough
   brlapi  BrlAPI (Braile)
   curlcurl connectivity
+  membarrier  membarrier system call (for Linux 4.14+ or Windows)
   fdt fdt device tree
   bluez   bluez stack connectivity
   kvm KVM acceleration support
@@ -5137,6 +5142,37 @@ if compile_prog "" "" ; then
 have_fsxattr=yes
 fi
 
+##
+# check for usable membarrier system call
+if test "$membarrier" = "yes"; then
+have_membarrier=no
+if test "$mingw32" = "yes" ; then
+have_membarrier=yes
+elif test "$linux" = "yes" ; then
+cat > $TMPC << EOF
+#include 
+#include 
+#include 
+#include 
+int main(void) {
+syscall(__NR_membarrier, MEMBARRIER_CMD_QUERY, 0);
+syscall(__NR_membarrier, MEMBARRIER_CMD_SHARED, 0);
+   exit(0);
+}
+EOF
+if compile_prog "" "" ; then
+have_membarrier=yes
+fi
+fi
+if test "$have_membarrier" = "no"; then
+  feature_not_found "membarrier" "membarrier system call not available"
+fi
+else
+# Do not enable it by default even for Mingw32, because it doesn't
+# work on Wine.
+membarrier=no
+fi
+
 ##
 # check if rtnetlink.h exists and is useful
 have_rtnetlink=no
@@ -5763,6 +5799,7 @@ fi
 echo "malloc trim support $malloc_trim"
 echo "RDMA support  $rdma"
 echo "fdt support   $fdt"
+echo "membarrier$membarrier"
 echo "preadv support$preadv"
 echo "fdatasync $fdatasync"
 echo "madvise   $madvise"
@@ -6245,6 +6282,9 @@ fi
 if test "$fdt" = "yes" ; then
   echo "CONFIG_FDT=y" >> $config_host_mak
 fi
+if test "$membarrier" = "yes" ; then
+  echo "CONFIG_MEMBARRIER=y" >> $config_host_mak
+fi
 if test "$signalfd" = "yes" ; then
   echo "CONFIG_SIGNALFD=y" >> $config_host_mak
 fi
diff --git a/include/qemu/sys_membarrier.h b/include/qemu/sys_membarrier.h
index 9ce7f5210b..316e3dc4a2 100644
--- a/include/qemu/sys_membarrier.h
+++ b/include/qemu/sys_membarrier.h
@@ -9,9 +9,19 @@
 #ifndef QEMU_SYS_MEMBARRIER_H
 #define QEMU_SYS_MEMBARRIER_H 1
 
+#ifdef CONFIG_MEMBARRIER
+/* Only block reordering at the compiler level in the performance-critical
+ * side.  The slow side forces processor-level ordering on all other cores
+ * through a system call.
+ */
+extern void smp_mb_global_init(void);
+extern void smp_mb_global(void);
+#define smp_mb_placeholder()   barrier()
+#else
 /* Keep it simple, execute a real memory barrier on both sides.  */
 static inline void smp_mb_global_init(void) {}
 #define smp_mb_global()smp_mb()
 #define smp_mb_placeholder()   smp_mb()
+#endif
 
 #endif
diff --git a/util/Makefile.objs b/util/Makefile.objs
index ae90b9963d..728c3541db 100644
--- a/util/Makefile.objs
+++ b/util/Makefile.objs
@@ -33,6 +33,7 @@ util-obj-y += throttle.o
 util-obj-y += getauxval.o
 util-obj-y += readline.o
 util-obj-y += rcu.o
+util-obj-$(CONFIG_MEMBARRIER) += sys_membarrier.o
 util-obj-y += qemu-coroutine.o qemu-coroutine-lock.o qemu-coroutine-io.o
 util-obj-y += qemu-coroutine-sleep.o
 util-obj-y += coroutine-$(CONFIG_COROUTINE_BACKEND).o
diff --git a/util/sys_membarrier.c b/util/sys_membarrier.c
new file mode 100644
index 00..8dcb53e63e
--- /dev/null
+++ b/util/sys_membarrier.c
@@ -0,0 +1,50 @@
+/*
+ * Process-global memory barriers
+ *
+ * Copyright (c) 2018 Red Hat, Inc.
+ *
+ * Author: Paolo Bonzini 
+ */
+
+#include 
+#include 
+#include 
+
+#ifdef CONFIG_LINUX
+#include 
+#include 
+
+static int
+membarrier(int cmd, int flags)
+{
+

[Qemu-devel] [PULL 20/69] Polish the version strings containing the package version

[Paolo Bonzini]

From: Thomas Huth 

Since commit 67a1de0d195a there is no space anymore between the
version number and the parentheses when running configure with
--with-pkgversion=foo :

 $ qemu-system-s390x --version
 QEMU emulator version 2.11.50(foo)

But the space is included when building without that option
when building from a git checkout:

 $ qemu-system-s390x --version
 QEMU emulator version 2.11.50 (v2.11.0-1494-gbec9c64-dirty)

The same confusion exists with the "query-version" QMP command.
Let's fix this by introducing a proper QEMU_FULL_VERSION definition
that includes the space and parentheses, while the QEMU_PKGVERSION
should just cleanly contain the package version string itself.
Note that this also changes the behavior of the "query-version" QMP
command (the space and parentheses are not included there anymore),
but that's supposed to be OK since the strings there are not meant
to be parsed by other tools.

Fixes: 67a1de0d195a6185c39b436159c9ffc7720bf979
Buglink: https://bugs.launchpad.net/qemu/+bug/1673373
Signed-off-by: Thomas Huth 
Message-Id: <1518692807-25859-1-git-send-email-th...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 Makefile  | 20 +++-
 bsd-user/main.c   |  2 +-
 configure |  2 +-
 linux-user/main.c |  2 +-
 qemu-img.c|  2 +-
 qemu-io.c |  2 +-
 qemu-nbd.c|  2 +-
 qga/main.c|  2 +-
 scsi/qemu-pr-helper.c |  2 +-
 ui/cocoa.m|  2 +-
 vl.c  |  2 +-
 11 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/Makefile b/Makefile
index 5d9ef3b8fd..416a81c7ca 100644
--- a/Makefile
+++ b/Makefile
@@ -434,21 +434,23 @@ all: $(DOCS) $(TOOLS) $(HELPERS-y) recurse-all modules
 qemu-version.h: FORCE
$(call quiet-command, \
(cd $(SRC_PATH); \
-   printf '#define QEMU_PKGVERSION '; \
if test -n "$(PKGVERSION)"; then \
-   printf '"$(PKGVERSION)"\n'; \
+   pkgvers="$(PKGVERSION)"; \
else \
if test -d .git; then \
-   printf '" ('; \
-   git describe --match 'v*' 2>/dev/null | tr -d 
'\n'; \
+   pkgvers=$$(git describe --match 'v*' 
2>/dev/null | tr -d '\n');\
if ! git diff-index --quiet HEAD &>/dev/null; 
then \
-   printf -- '-dirty'; \
+   pkgvers="$${pkgvers}-dirty"; \
fi; \
-   printf ')"\n'; \
-   else \
-   printf '""\n'; \
fi; \
-   fi) > $@.tmp)
+   fi; \
+   printf "#define QEMU_PKGVERSION \"$${pkgvers}\"\n"; \
+   if test -n "$${pkgvers}"; then \
+   printf '#define QEMU_FULL_VERSION QEMU_VERSION " (" 
QEMU_PKGVERSION ")"\n'; \
+   else \
+   printf '#define QEMU_FULL_VERSION QEMU_VERSION\n'; \
+   fi; \
+   ) > $@.tmp)
$(call quiet-command, if ! cmp -s $@ $@.tmp; then \
  mv $@.tmp $@; \
 else \
diff --git a/bsd-user/main.c b/bsd-user/main.c
index efef5ff8c5..05aa5594a9 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -649,7 +649,7 @@ void cpu_loop(CPUSPARCState *env)
 
 static void usage(void)
 {
-printf("qemu-" TARGET_NAME " version " QEMU_VERSION QEMU_PKGVERSION
+printf("qemu-" TARGET_NAME " version " QEMU_FULL_VERSION
"\n" QEMU_COPYRIGHT "\n"
"usage: qemu-" TARGET_NAME " [options] program [arguments...]\n"
"BSD CPU emulator (compiled for %s emulation)\n"
diff --git a/configure b/configure
index f74e1f3b7c..26d56eb5bb 100755
--- a/configure
+++ b/configure
@@ -1163,7 +1163,7 @@ for opt do
   ;;
   --disable-blobs) blobs="no"
   ;;
-  --with-pkgversion=*) pkgversion=" ($optarg)"
+  --with-pkgversion=*) pkgversion="$optarg"
   ;;
   --with-coroutine=*) coroutine="$optarg"
   ;;
diff --git a/linux-user/main.c b/linux-user/main.c
index 7bc9bc79b0..abbd14e208 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -4163,7 +4163,7 @@ static void handle_arg_strace(const char *arg)
 
 static void handle_arg_version(const char *arg)
 {
-printf("qemu-" TARGET_NAME " version " QEMU_VERSION QEMU_PKGVERSION
+printf("qemu-" TARGET_NAME " version " QEMU_FULL_VERSION
"\n" QEMU_COPYRIGHT "\n");
 exit(EXIT_SUCCESS);
 }
diff --git a/qemu-img.c b/qemu-img.c
index 088d89043e..855fa52514 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -46,7 +46,7 @@
 #include "crypto/init.h"
 #include "trace/control.h"
 
-#define QEMU_IMG_VERSION "qemu-img version " QEMU_VERSION QEMU_PKGVERSION \
+#define QEMU_IMG_VERSION "qemu-img version " QEMU_FULL_VERSION \
   

[Qemu-devel] [PULL 12/69] chardev: update net listener gcontext

[Paolo Bonzini]

From: Peter Xu 

TCP chardevs can be using QIO network listeners working in the
background when in listening mode.  However the network listeners are
always running in main context.  This can race with chardevs that are
running in non-main contexts.

To solve this, we need to re-setup the net listeners in
tcp_chr_update_read_handler() with the newly cached gcontext.

Reviewed-by: Marc-André Lureau 
Signed-off-by: Peter Xu 
Message-Id: <20180306053320.15401-4-pet...@redhat.com>
Acked-by: Stefan Hajnoczi 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Paolo Bonzini 
---
 chardev/char-socket.c | 26 --
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 541fcf487d..2475e1d52f 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -423,8 +423,8 @@ static void tcp_chr_disconnect(Chardev *chr)
 tcp_chr_free_connection(chr);
 
 if (s->listener) {
-qio_net_listener_set_client_func(s->listener, tcp_chr_accept,
- chr, NULL);
+qio_net_listener_set_client_func_full(s->listener, tcp_chr_accept,
+  chr, NULL, chr->gcontext);
 }
 update_disconnected_filename(s);
 if (emit_close) {
@@ -560,6 +560,16 @@ static void tcp_chr_update_read_handler(Chardev *chr)
 {
 SocketChardev *s = SOCKET_CHARDEV(chr);
 
+if (s->listener) {
+/*
+ * It's possible that chardev context is changed in
+ * qemu_chr_be_update_read_handlers().  Reset it for QIO net
+ * listener if there is.
+ */
+qio_net_listener_set_client_func_full(s->listener, tcp_chr_accept,
+  chr, NULL, chr->gcontext);
+}
+
 if (!s->connected) {
 return;
 }
@@ -744,7 +754,8 @@ static int tcp_chr_new_client(Chardev *chr, 
QIOChannelSocket *sioc)
 qio_channel_set_delay(s->ioc, false);
 }
 if (s->listener) {
-qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL);
+qio_net_listener_set_client_func_full(s->listener, NULL, NULL,
+  NULL, chr->gcontext);
 }
 
 if (s->tls_creds) {
@@ -825,7 +836,8 @@ static void char_socket_finalize(Object *obj)
 tcp_chr_reconn_timer_cancel(s);
 qapi_free_SocketAddress(s->addr);
 if (s->listener) {
-qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL);
+qio_net_listener_set_client_func_full(s->listener, NULL, NULL,
+  NULL, chr->gcontext);
 object_unref(OBJECT(s->listener));
 }
 if (s->tls_creds) {
@@ -981,8 +993,10 @@ static void qmp_chardev_open_socket(Chardev *chr,
 return;
 }
 if (!s->ioc) {
-qio_net_listener_set_client_func(s->listener, tcp_chr_accept,
- chr, NULL);
+qio_net_listener_set_client_func_full(s->listener,
+  tcp_chr_accept,
+  chr, NULL,
+  chr->gcontext);
 }
 } else if (qemu_chr_wait_connected(chr, errp) < 0) {
 goto error;
-- 
2.14.3

[Qemu-devel] [PULL 24/69] rcu: make memory barriers more explicit

[Paolo Bonzini]

Prepare for introducing smp_mb_placeholder() and smp_mb_global().
The new smp_mb() in synchronize_rcu() is not strictly necessary, since
the first atomic_mb_set for rcu_gp_ctr provides the required ordering.
However, synchronize_rcu is not performance critical, and it *will* be
necessary to introduce a smp_mb_global before calling wait_for_readers().

Signed-off-by: Paolo Bonzini 
---
 include/qemu/rcu.h | 15 +--
 util/rcu.c | 12 +---
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/include/qemu/rcu.h b/include/qemu/rcu.h
index f19413d649..625f09ac09 100644
--- a/include/qemu/rcu.h
+++ b/include/qemu/rcu.h
@@ -79,7 +79,10 @@ static inline void rcu_read_lock(void)
 }
 
 ctr = atomic_read(_gp_ctr);
-atomic_xchg(_rcu_reader->ctr, ctr);
+atomic_set(_rcu_reader->ctr, ctr);
+
+/* Write p_rcu_reader->ctr before reading RCU-protected pointers.  */
+smp_mb();
 }
 
 static inline void rcu_read_unlock(void)
@@ -91,7 +94,15 @@ static inline void rcu_read_unlock(void)
 return;
 }
 
-atomic_xchg(_rcu_reader->ctr, 0);
+/* Ensure that the critical section is seen to precede the
+ * store to p_rcu_reader->ctr.  Together with the following
+ * smp_mb(), this ensures writes to p_rcu_reader->ctr
+ * are sequentially consistent.
+ */
+atomic_store_release(_rcu_reader->ctr, 0);
+
+/* Write p_rcu_reader->ctr before reading p_rcu_reader->waiting.  */
+smp_mb();
 if (unlikely(atomic_read(_rcu_reader->waiting))) {
 atomic_set(_rcu_reader->waiting, false);
 qemu_event_set(_gp_event);
diff --git a/util/rcu.c b/util/rcu.c
index f4d09c8304..7366dc50dd 100644
--- a/util/rcu.c
+++ b/util/rcu.c
@@ -92,8 +92,9 @@ static void wait_for_readers(void)
 atomic_set(>waiting, true);
 }
 
-/* Here, order the stores to index->waiting before the
- * loads of index->ctr.
+/* Here, order the stores to index->waiting before the loads of
+ * index->ctr.  Pairs with smp_mb() in rcu_read_unlock(),
+ * ensuring that the loads of index->ctr are sequentially consistent.
  */
 smp_mb();
 
@@ -142,8 +143,13 @@ static void wait_for_readers(void)
 void synchronize_rcu(void)
 {
 qemu_mutex_lock(_sync_lock);
-qemu_mutex_lock(_registry_lock);
 
+/* Write RCU-protected pointers before reading p_rcu_reader->ctr.
+ * Pairs with smp_mb() in rcu_read_lock().
+ */
+smp_mb();
+
+qemu_mutex_lock(_registry_lock);
 if (!QLIST_EMPTY()) {
 /* In either case, the atomic_mb_set below blocks stores that free
  * old RCU-protected pointers.
-- 
2.14.3

[Qemu-devel] [PULL 13/69] chardev: allow telnet gsource to switch gcontext

[Paolo Bonzini]

From: Peter Xu 

It was originally created by qio_channel_add_watch() so it's always
assigning the task to main context.  Now we use the new API called
qio_channel_add_watch_source() so that we get the GSource handle rather
than the tag ID.

Meanwhile, caching the gsource and TCPChardevTelnetInit (which holds the
handshake data) in SocketChardev.telnet_source so that we can also do
dynamic context switch when update read handlers.

Signed-off-by: Peter Xu 
Message-Id: <20180306053320.15401-5-pet...@redhat.com>
Acked-by: Stefan Hajnoczi 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Paolo Bonzini 
---
 chardev/char-socket.c | 67 +++
 1 file changed, 51 insertions(+), 16 deletions(-)

diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 2475e1d52f..82c7d7a323 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -40,6 +40,11 @@
 
 #define TCP_MAX_FDS 16
 
+typedef struct {
+char buf[21];
+size_t buflen;
+} TCPChardevTelnetInit;
+
 typedef struct {
 Chardev parent;
 QIOChannel *ioc; /* Client I/O channel */
@@ -60,6 +65,8 @@ typedef struct {
 bool is_listen;
 bool is_telnet;
 bool is_tn3270;
+GSource *telnet_source;
+TCPChardevTelnetInit *telnet_init;
 
 GSource *reconnect_timer;
 int64_t reconnect_time;
@@ -70,6 +77,7 @@ typedef struct {
 OBJECT_CHECK(SocketChardev, (obj), TYPE_CHARDEV_SOCKET)
 
 static gboolean socket_reconnect_timeout(gpointer opaque);
+static void tcp_chr_telnet_init(Chardev *chr);
 
 static void tcp_chr_reconn_timer_cancel(SocketChardev *s)
 {
@@ -556,6 +564,15 @@ static void tcp_chr_connect(void *opaque)
 qemu_chr_be_event(chr, CHR_EVENT_OPENED);
 }
 
+static void tcp_chr_telnet_destroy(SocketChardev *s)
+{
+if (s->telnet_source) {
+g_source_destroy(s->telnet_source);
+g_source_unref(s->telnet_source);
+s->telnet_source = NULL;
+}
+}
+
 static void tcp_chr_update_read_handler(Chardev *chr)
 {
 SocketChardev *s = SOCKET_CHARDEV(chr);
@@ -570,6 +587,10 @@ static void tcp_chr_update_read_handler(Chardev *chr)
   chr, NULL, chr->gcontext);
 }
 
+if (s->telnet_source) {
+tcp_chr_telnet_init(CHARDEV(s));
+}
+
 if (!s->connected) {
 return;
 }
@@ -583,32 +604,30 @@ static void tcp_chr_update_read_handler(Chardev *chr)
 }
 }
 
-typedef struct {
-Chardev *chr;
-char buf[21];
-size_t buflen;
-} TCPChardevTelnetInit;
-
 static gboolean tcp_chr_telnet_init_io(QIOChannel *ioc,
GIOCondition cond G_GNUC_UNUSED,
gpointer user_data)
 {
-TCPChardevTelnetInit *init = user_data;
+SocketChardev *s = user_data;
+Chardev *chr = CHARDEV(s);
+TCPChardevTelnetInit *init = s->telnet_init;
 ssize_t ret;
 
+assert(init);
+
 ret = qio_channel_write(ioc, init->buf, init->buflen, NULL);
 if (ret < 0) {
 if (ret == QIO_CHANNEL_ERR_BLOCK) {
 ret = 0;
 } else {
-tcp_chr_disconnect(init->chr);
+tcp_chr_disconnect(chr);
 goto end;
 }
 }
 init->buflen -= ret;
 
 if (init->buflen == 0) {
-tcp_chr_connect(init->chr);
+tcp_chr_connect(chr);
 goto end;
 }
 
@@ -617,16 +636,30 @@ static gboolean tcp_chr_telnet_init_io(QIOChannel *ioc,
 return G_SOURCE_CONTINUE;
 
 end:
-g_free(init);
+g_free(s->telnet_init);
+s->telnet_init = NULL;
+g_source_unref(s->telnet_source);
+s->telnet_source = NULL;
 return G_SOURCE_REMOVE;
 }
 
 static void tcp_chr_telnet_init(Chardev *chr)
 {
 SocketChardev *s = SOCKET_CHARDEV(chr);
-TCPChardevTelnetInit *init = g_new0(TCPChardevTelnetInit, 1);
+TCPChardevTelnetInit *init;
 size_t n = 0;
 
+/* Destroy existing task */
+tcp_chr_telnet_destroy(s);
+
+if (s->telnet_init) {
+/* We are possibly during a handshake already */
+goto cont;
+}
+
+s->telnet_init = g_new0(TCPChardevTelnetInit, 1);
+init = s->telnet_init;
+
 #define IACSET(x, a, b, c)  \
 do {\
 x[n++] = a; \
@@ -634,7 +667,6 @@ static void tcp_chr_telnet_init(Chardev *chr)
 x[n++] = c; \
 } while (0)
 
-init->chr = chr;
 if (!s->is_tn3270) {
 init->buflen = 12;
 /* Prep the telnet negotion to put telnet in binary,
@@ -657,10 +689,11 @@ static void tcp_chr_telnet_init(Chardev *chr)
 
 #undef IACSET
 
-qio_channel_add_watch(
-s->ioc, G_IO_OUT,
-tcp_chr_telnet_init_io,
-init, NULL);
+cont:
+s->telnet_source = qio_channel_add_watch_source(s->ioc, G_IO_OUT,
+   

[Qemu-devel] [PULL 18/69] scsi: support NDOB (no data-out buffer) for WRITE SAME commands

[Paolo Bonzini]

A NDOB bit set to one specifies that the disk shall not transfer data
from the data-out buffer and shall process the command as if the data-out
buffer contained user data set to all zeroes.

Signed-off-by: Paolo Bonzini 
---
 hw/scsi/scsi-bus.c   | 2 +-
 hw/scsi/scsi-disk.c  | 2 +-
 tests/virtio-scsi-test.c | 6 ++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index 1eaeffc830..9646743a7d 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -944,7 +944,7 @@ static int scsi_req_xfer(SCSICommand *cmd, SCSIDevice *dev, 
uint8_t *buf)
 break;
 case WRITE_SAME_10:
 case WRITE_SAME_16:
-cmd->xfer = dev->blocksize;
+cmd->xfer = buf[1] & 1 ? 0 : dev->blocksize;
 break;
 case READ_CAPACITY_10:
 cmd->xfer = 8;
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index c65c1ce56d..5b7a48f5a5 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1807,7 +1807,7 @@ static void scsi_disk_emulate_write_same(SCSIDiskReq *r, 
uint8_t *inbuf)
 return;
 }
 
-if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
+if ((req->cmd.buf[1] & 0x1) || buffer_is_zero(inbuf, s->qdev.blocksize)) {
 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
 
 /* The request is used as the AIO opaque value, so add a ref.  */
diff --git a/tests/virtio-scsi-test.c b/tests/virtio-scsi-test.c
index 7393d69bb2..037872bb98 100644
--- a/tests/virtio-scsi-test.c
+++ b/tests/virtio-scsi-test.c
@@ -216,6 +216,9 @@ static void test_unaligned_write_same(void)
 const uint8_t write_same_cdb_2[VIRTIO_SCSI_CDB_SIZE] = {
 0x41, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x33, 0x00, 0x00
 };
+const uint8_t write_same_cdb_ndob[VIRTIO_SCSI_CDB_SIZE] = {
+0x41, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x33, 0x00, 0x00
+};
 
 vs = qvirtio_scsi_pci_init(PCI_SLOT);
 
@@ -225,6 +228,9 @@ static void test_unaligned_write_same(void)
 g_assert_cmphex(0, ==,
 virtio_scsi_do_command(vs, write_same_cdb_2, NULL, 0, buf2, 512, 
NULL));
 
+g_assert_cmphex(0, ==,
+virtio_scsi_do_command(vs, write_same_cdb_ndob, NULL, 0, NULL, 0, 
NULL));
+
 qvirtio_scsi_pci_free(vs);
 }
 
-- 
2.14.3

[Qemu-devel] [PULL 09/69] checkpatch: Exempt long URLs

[Paolo Bonzini]

From: Eric Blake 

Sometimes, we want to refer to really long URLs, but checkpatch
balks, and we have to manually bypass the check.  URL shorteners
may be nice at reducing long links, but it's hard to guarantee the
shortened link will live as long as the real target, and it is
also nice to see the original target without having to load the
shortened URL through a browser.  So exempt a line containing
only a URL from the long-line syntax check.

Reviewed-by: Stefan Hajnoczi 
Suggested-by: Peter Maydell 
Signed-off-by: Eric Blake 
Message-Id: <2018015838.18223-1-ebl...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 scripts/checkpatch.pl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index d1fe79bcc4..57daae05ea 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -1447,9 +1447,10 @@ sub process {
 # check we are in a valid source file if not then ignore this hunk
next if ($realfile !~ /$SrcFile/);
 
-#90 column limit
+#90 column limit; exempt URLs, if no other words on line
if ($line =~ /^\+/ &&
!($line =~ /^\+\s*"[^"]*"\s*(?:\s*|,|\)\s*;)\s*$/) &&
+   !($rawline =~ /^[^[:alnum:]]*https?:\S*$/) &&
$length > 80)
{
if ($length > 90) {
-- 
2.14.3

[Qemu-devel] [PULL 08/69] hw: Do not include "sysemu/block-backend.h" if it is not necessary

[Paolo Bonzini]

From: Thomas Huth 

After reviewing a patch from Philippe that removes block-backend.h
from hw/lm32/milkymist.c, I noticed that this header is included
unnecessarily in a lot of other files, too. Remove those unneeded
includes to speed up the compilation process a little bit.

Signed-off-by: Thomas Huth 
Message-Id: <1518684912-31637-1-git-send-email-th...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/arm/highbank.c  | 1 -
 hw/arm/msf2-soc.c  | 1 -
 hw/arm/realview.c  | 1 -
 hw/arm/tosa.c  | 1 -
 hw/i386/pc.c   | 2 --
 hw/i386/pc_piix.c  | 1 -
 hw/ide/ahci-allwinner.c| 1 -
 hw/ide/cmd646.c| 1 -
 hw/ide/ich.c   | 1 -
 hw/ide/isa.c   | 1 -
 hw/ide/microdrive.c| 1 -
 hw/ide/mmio.c  | 1 -
 hw/mips/mips_fulong2e.c| 1 -
 hw/mips/mips_jazz.c| 1 -
 hw/ppc/mac_newworld.c  | 1 -
 hw/ppc/mac_oldworld.c  | 1 -
 hw/ppc/prep.c  | 1 -
 hw/scsi/mptendian.c| 1 -
 hw/sd/core.c   | 1 -
 hw/sparc/sun4m.c   | 1 -
 hw/tricore/tricore_testboard.c | 2 --
 21 files changed, 23 deletions(-)

diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index 287392bbdc..1742cf6f6c 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -27,7 +27,6 @@
 #include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
 #include "hw/boards.h"
-#include "sysemu/block-backend.h"
 #include "exec/address-spaces.h"
 #include "qemu/error-report.h"
 #include "hw/char/pl011.h"
diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c
index a8ec2cdf36..f68df56b97 100644
--- a/hw/arm/msf2-soc.c
+++ b/hw/arm/msf2-soc.c
@@ -29,7 +29,6 @@
 #include "exec/address-spaces.h"
 #include "hw/char/serial.h"
 #include "hw/boards.h"
-#include "sysemu/block-backend.h"
 #include "qemu/cutils.h"
 #include "hw/arm/msf2-soc.h"
 #include "hw/misc/unimp.h"
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
index 87cd1e583c..2139a62e25 100644
--- a/hw/arm/realview.c
+++ b/hw/arm/realview.c
@@ -20,7 +20,6 @@
 #include "sysemu/sysemu.h"
 #include "hw/boards.h"
 #include "hw/i2c/i2c.h"
-#include "sysemu/block-backend.h"
 #include "exec/address-spaces.h"
 #include "qemu/error-report.h"
 #include "hw/char/pl011.h"
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
index a55b1a369c..7a925fa5e6 100644
--- a/hw/arm/tosa.c
+++ b/hw/arm/tosa.c
@@ -22,7 +22,6 @@
 #include "hw/boards.h"
 #include "hw/i2c/i2c.h"
 #include "hw/ssi/ssi.h"
-#include "sysemu/block-backend.h"
 #include "hw/sysbus.h"
 #include "exec/address-spaces.h"
 #include "sysemu/sysemu.h"
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index dc1f535697..0c140f4dc7 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -50,8 +50,6 @@
 #include "sysemu/qtest.h"
 #include "kvm_i386.h"
 #include "hw/xen/xen.h"
-#include "sysemu/block-backend.h"
-#include "hw/block/block.h"
 #include "ui/qemu-spice.h"
 #include "exec/memory.h"
 #include "exec/address-spaces.h"
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 0f1966d547..729a0508aa 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -40,7 +40,6 @@
 #include "sysemu/sysemu.h"
 #include "hw/sysbus.h"
 #include "sysemu/arch_init.h"
-#include "sysemu/block-backend.h"
 #include "hw/i2c/smbus.h"
 #include "hw/xen/xen.h"
 #include "exec/memory.h"
diff --git a/hw/ide/ahci-allwinner.c b/hw/ide/ahci-allwinner.c
index c3f1604936..5397483fd8 100644
--- a/hw/ide/ahci-allwinner.c
+++ b/hw/ide/ahci-allwinner.c
@@ -18,7 +18,6 @@
 #include "qemu/osdep.h"
 #include "hw/hw.h"
 #include "qemu/error-report.h"
-#include "sysemu/block-backend.h"
 #include "sysemu/dma.h"
 #include "hw/ide/internal.h"
 #include "hw/ide/ahci_internal.h"
diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index 65aff518ec..6bb92d717f 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -26,7 +26,6 @@
 #include "hw/hw.h"
 #include "hw/pci/pci.h"
 #include "hw/isa/isa.h"
-#include "sysemu/block-backend.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/dma.h"
 
diff --git a/hw/ide/ich.c b/hw/ide/ich.c
index c01b24ecbe..134478ebb2 100644
--- a/hw/ide/ich.c
+++ b/hw/ide/ich.c
@@ -65,7 +65,6 @@
 #include "hw/pci/msi.h"
 #include "hw/pci/pci.h"
 #include "hw/isa/isa.h"
-#include "sysemu/block-backend.h"
 #include "sysemu/dma.h"
 #include "hw/ide/pci.h"
 #include "hw/ide/ahci_internal.h"
diff --git a/hw/ide/isa.c b/hw/ide/isa.c
index 9fb24fc92b..028bd61774 100644
--- a/hw/ide/isa.c
+++ b/hw/ide/isa.c
@@ -25,7 +25,6 @@
 #include "qemu/osdep.h"
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
-#include "sysemu/block-backend.h"
 #include "sysemu/dma.h"
 
 #include "hw/ide/internal.h"
diff --git a/hw/ide/microdrive.c b/hw/ide/microdrive.c
index 58e4f52f7d..34bb98dce8 100644
--- a/hw/ide/microdrive.c
+++ b/hw/ide/microdrive.c
@@ -25,7 +25,6 @@
 #include "qemu/osdep.h"
 #include "hw/hw.h"
 #include "hw/pcmcia.h"
-#include "sysemu/block-backend.h"
 #include 

[Qemu-devel] [PULL 22/69] rcutorture: remove synchronize_rcu from readers

[Paolo Bonzini]

This gives much worse numbers for readers, especially if synchronize_rcu
is made more expensive as is the case with --enable-membarrier.  Before:

   $ tests/rcutorture 10 stress 10
   n_reads: 98304  n_updates: 529  n_mberror: 0
   rcu_stress_count: 98302 2 0 0 0 0 0 0 0 0 0

After:

   $ tests/rcutorture 10 stress 10
   n_reads: 165158482  n_updates: 429  n_mberror: 0
   rcu_stress_count: 165154364 4118 0 0 0 0 0 0 0 0 0

Signed-off-by: Paolo Bonzini 
---
 tests/rcutorture.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/tests/rcutorture.c b/tests/rcutorture.c
index 4002ecf123..49311c82ea 100644
--- a/tests/rcutorture.c
+++ b/tests/rcutorture.c
@@ -238,7 +238,6 @@ long long rcu_stress_count[RCU_STRESS_PIPE_LEN + 1];
 static void *rcu_read_stress_test(void *arg)
 {
 int i;
-int itercnt = 0;
 struct rcu_stress *p;
 int pc;
 long long n_reads_local = 0;
@@ -269,9 +268,6 @@ static void *rcu_read_stress_test(void *arg)
 }
 rcu_stress_local[pc]++;
 n_reads_local++;
-if ((++itercnt % 0x1000) == 0) {
-synchronize_rcu();
-}
 }
 qemu_mutex_lock(_mutex);
 n_reads += n_reads_local;
-- 
2.14.3

[Qemu-devel] [PULL 14/69] chardev: introduce chr_machine_done hook

[Paolo Bonzini]

From: Peter Xu 

Introduce ChardevClass.chr_machine_done() hook so that chardevs can run
customized procedures after machine init.

There was an existing mux user already that did similar thing but used a
raw machine done notifier.  Generalize it into a framework, and let the
mux chardevs provide such a class-specific hook to achieve the same
thing.  Then we can move the mux related code to the char-mux.c file.

Since at it, replace the mux_realized variable with the global
machine_init_done varible.

This notifier framework will be further leverged by other type of
chardevs soon.

Signed-off-by: Peter Xu 
Message-Id: <20180306053320.15401-6-pet...@redhat.com>
Acked-by: Stefan Hajnoczi 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Paolo Bonzini 
---
 chardev/char-mux.c | 33 +
 chardev/char.c | 43 +--
 include/chardev/char-mux.h |  2 --
 include/chardev/char.h |  2 ++
 tests/test-char.c  |  1 -
 5 files changed, 48 insertions(+), 33 deletions(-)

diff --git a/chardev/char-mux.c b/chardev/char-mux.c
index d48e78103a..1b925c8dec 100644
--- a/chardev/char-mux.c
+++ b/chardev/char-mux.c
@@ -27,6 +27,7 @@
 #include "qemu/option.h"
 #include "chardev/char.h"
 #include "sysemu/block-backend.h"
+#include "sysemu/sysemu.h"
 #include "chardev/char-mux.h"
 
 /* MUX driver for serial I/O splitting */
@@ -230,14 +231,12 @@ static void mux_chr_read(void *opaque, const uint8_t 
*buf, int size)
 }
 }
 
-bool muxes_realized;
-
 void mux_chr_send_all_event(Chardev *chr, int event)
 {
 MuxChardev *d = MUX_CHARDEV(chr);
 int i;
 
-if (!muxes_realized) {
+if (!machine_init_done) {
 return;
 }
 
@@ -327,7 +326,7 @@ static void qemu_chr_open_mux(Chardev *chr,
 /* only default to opened state if we've realized the initial
  * set of muxes
  */
-*be_opened = muxes_realized;
+*be_opened = machine_init_done;
 qemu_chr_fe_init(>chr, drv, errp);
 }
 
@@ -347,6 +346,31 @@ static void qemu_chr_parse_mux(QemuOpts *opts, 
ChardevBackend *backend,
 mux->chardev = g_strdup(chardev);
 }
 
+/**
+ * Called after processing of default and command-line-specified
+ * chardevs to deliver CHR_EVENT_OPENED events to any FEs attached
+ * to a mux chardev. This is done here to ensure that
+ * output/prompts/banners are only displayed for the FE that has
+ * focus when initial command-line processing/machine init is
+ * completed.
+ *
+ * After this point, any new FE attached to any new or existing
+ * mux will receive CHR_EVENT_OPENED notifications for the BE
+ * immediately.
+ */
+static int open_muxes(Chardev *chr)
+{
+/* send OPENED to all already-attached FEs */
+mux_chr_send_all_event(chr, CHR_EVENT_OPENED);
+/*
+ * mark mux as OPENED so any new FEs will immediately receive
+ * OPENED event
+ */
+qemu_chr_be_event(chr, CHR_EVENT_OPENED);
+
+return 0;
+}
+
 static void char_mux_class_init(ObjectClass *oc, void *data)
 {
 ChardevClass *cc = CHARDEV_CLASS(oc);
@@ -357,6 +381,7 @@ static void char_mux_class_init(ObjectClass *oc, void *data)
 cc->chr_accept_input = mux_chr_accept_input;
 cc->chr_add_watch = mux_chr_add_watch;
 cc->chr_be_event = mux_chr_be_event;
+cc->chr_machine_done = open_muxes;
 }
 
 static const TypeInfo char_mux_type_info = {
diff --git a/chardev/char.c b/chardev/char.c
index 5d7b079ef0..a6250cac80 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -281,40 +281,31 @@ static const TypeInfo char_type_info = {
 .class_init = char_class_init,
 };
 
-/**
- * Called after processing of default and command-line-specified
- * chardevs to deliver CHR_EVENT_OPENED events to any FEs attached
- * to a mux chardev. This is done here to ensure that
- * output/prompts/banners are only displayed for the FE that has
- * focus when initial command-line processing/machine init is
- * completed.
- *
- * After this point, any new FE attached to any new or existing
- * mux will receive CHR_EVENT_OPENED notifications for the BE
- * immediately.
- */
-static int open_muxes(Object *child, void *opaque)
+static int chardev_machine_done_notify_one(Object *child, void *opaque)
 {
-if (CHARDEV_IS_MUX(child)) {
-/* send OPENED to all already-attached FEs */
-mux_chr_send_all_event(CHARDEV(child), CHR_EVENT_OPENED);
-/* mark mux as OPENED so any new FEs will immediately receive
- * OPENED event
- */
-qemu_chr_be_event(CHARDEV(child), CHR_EVENT_OPENED);
+Chardev *chr = (Chardev *)child;
+ChardevClass *class = CHARDEV_GET_CLASS(chr);
+
+if (class->chr_machine_done) {
+return class->chr_machine_done(chr);
 }
 
 return 0;
 }
 
-static void muxes_realize_done(Notifier *notifier, void *unused)
+static void chardev_machine_done_hook(Notifier *notifier, void