Re: [PATCH v2 3/3] target/mips: implement Octeon-specific arithmetic instructions

[Pavel Dovgalyuk]

On 09.06.2022 18:53, Richard Henderson wrote:

On 6/9/22 01:23, Pavel Dovgalyuk wrote:

+static bool trans_BADDU(DisasContext *ctx, arg_BADDU *a)
+{
+    TCGv t0, t1;
+
+    if (a->rt == 0) {
+    /* nop */
+    return true;
+    }


I believe that we're standardizing on using gen_store_gpr, and not 
checking for r0 everywhere.


I didn't remove this condition for making translation a bit faster.
Now there are no jumps or helpers, and I believe that optimizer
can remove everything in case of r0.
But if you insist, I'll remove this check.





+static bool trans_EXTS(DisasContext *ctx, arg_EXTS *a)
+{
+    TCGv t0;
+
+    if (a->rt == 0) {
+    /* nop */
+    return true;
+    }
+
+    t0 = tcg_temp_new();
+    gen_load_gpr(t0, a->rs);
+    tcg_gen_sextract_tl(t0, t0, a->p, a->lenm1);


a->lenm1 + 1.


+    tcg_gen_deposit_z_tl(t0, t0, a->p, a->lenm1);


Likewise.


r~

Re: [PATCH] qemu-iotests: Discard stderr when probing devices

[Thomas Huth]

On 05/06/2022 16.57, Cole Robinson wrote:

./configure --enable-modules --enable-smartcard \
 --target-list=x86_64-softmmu,s390x-softmmu
make
cd build
QEMU_PROG=`pwd`/s390x-softmmu/qemu-system-s390x \
 ../tests/check-block.sh qcow2
...
--- /home/crobinso/src/qemu/tests/qemu-iotests/127.out
+++ /home/crobinso/src/qemu/build/tests/qemu-iotests/scratch/127.out.bad
@@ -1,4 +1,18 @@
  QA output created by 127
+Failed to open module: /home/crobinso/src/qemu/build/hw-usb-smartcard.so: 
undefined symbol: ccid_card_ccid_attach
...
--- /home/crobinso/src/qemu/tests/qemu-iotests/267.out
+++ /home/crobinso/src/qemu/build/tests/qemu-iotests/scratch/267.out.bad
@@ -1,4 +1,11 @@
  QA output created by 267
+Failed to open module: /home/crobinso/src/qemu/build/hw-usb-smartcard.so: 
undefined symbol: ccid_card_ccid_attach

The stderr spew is its own known issue, but seems like iotests should
be discarding stderr in this case.

Signed-off-by: Cole Robinson 
---
  tests/qemu-iotests/common.rc | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
index 165b54a61e..db757025cb 100644
--- a/tests/qemu-iotests/common.rc
+++ b/tests/qemu-iotests/common.rc
@@ -982,7 +982,7 @@ _require_large_file()
  #
  _require_devices()
  {
-available=$($QEMU -M none -device help | \
+available=$($QEMU -M none -device help 2> /dev/null | \
  grep ^name | sed -e 's/^name "//' -e 's/".*$//')
  for device
  do
@@ -994,7 +994,7 @@ _require_devices()
  
  _require_one_device_of()

  {
-available=$($QEMU -M none -device help | \
+available=$($QEMU -M none -device help 2> /dev/null | \
  grep ^name | sed -e 's/^name "//' -e 's/".*$//')
  for device
  do


Reviewed-by: Thomas Huth 

Re: [PATCH v2 1/2] hw: m25p80: add WP# pin and SRWD bit for write protection

[Dan Zhang]

Just find out how to use mutt to reply all in the thread.
repeat the previous comments. Add STATE_HIZ to handle decode_new_command
aborting gracefully. 

On Thu, Jun 09, 2022 at 08:06:00PM +, Peter Delevoryas wrote:
> 
> 
> > On Jun 9, 2022, at 12:22 PM, Francisco Iglesias  
> > wrote:
> > 
> > Hi Iris,
> > 
> > Looks good some, a couple of comments below.
> > 
> > On [2022 Jun 08] Wed 20:13:19, Iris Chen wrote:
> >> From: Iris Chen 
> >> 
> >> Signed-off-by: Iris Chen 
> >> ---
> >> Addressed all comments from V1. The biggest change: removed 
> >> object_class_property_add.
> >> 
> >> hw/block/m25p80.c | 37 +++
> >> tests/qtest/aspeed_smc-test.c |  2 ++
> >> 2 files changed, 39 insertions(+)
> >> 
> >> diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
> >> index 81ba3da4df..1a20bd55d4 100644
> >> --- a/hw/block/m25p80.c
> >> +++ b/hw/block/m25p80.c
> >> @@ -27,12 +27,14 @@
> >> #include "hw/qdev-properties.h"
> >> #include "hw/qdev-properties-system.h"
> >> #include "hw/ssi/ssi.h"
> >> +#include "hw/irq.h"
> >> #include "migration/vmstate.h"
> >> #include "qemu/bitops.h"
> >> #include "qemu/log.h"
> >> #include "qemu/module.h"
> >> #include "qemu/error-report.h"
> >> #include "qapi/error.h"
> >> +#include "qapi/visitor.h"
> >> #include "trace.h"
> >> #include "qom/object.h"
> >> 
> >> @@ -472,11 +474,13 @@ struct Flash {
> >> uint8_t spansion_cr2v;
> >> uint8_t spansion_cr3v;
> >> uint8_t spansion_cr4v;
> >> +bool wp_level;
> >> bool write_enable;
> >> bool four_bytes_address_mode;
> >> bool reset_enable;
> >> bool quad_enable;
> >> bool aai_enable;
> >> +bool status_register_write_disabled;
> >> uint8_t ear;
> >> 
> >> int64_t dirty_page;
> >> @@ -723,6 +727,21 @@ static void complete_collecting_data(Flash *s)
> >> flash_erase(s, s->cur_addr, s->cmd_in_progress);
> >> break;
> >> case WRSR:
> >> +/*
> >> + * If WP# is low and status_register_write_disabled is high,
> >> + * status register writes are disabled.
> >> + * This is also called "hardware protected mode" (HPM). All other
> >> + * combinations of the two states are called "software protected 
> >> mode"
> >> + * (SPM), and status register writes are permitted.
> >> + */
> >> +if ((s->wp_level == 0 && s->status_register_write_disabled)
> >> +|| !s->write_enable) {
> > 
> > 'write_enable' needs to be true in 'decode_new_cmd' when issueing the WRSR
> > command, otherwise the state machinery will not advance to this function
> > (meaning that above check for !s->write_enable will never hit as far as I 
> > can
> > tell). A suggestion is to move the check for wp_level and
> > status_reg_wr_disabled into 'decode_new_cmd' to for keeping it consistent.
> 
> Oh good catch! Yes actually, in our fork, we also removed the write_enable
> guard in decode_new_cmd. We either need both checks in decode_new_cmd,
> or both checks in complete_collecting_data.
> 
> I think we had some difficulty deciding whether to block command decoding,
> or to decode and ignore the command if restrictions are enabled.
> 
> The reason being that, in the qtest, the WRSR command code gets ignored, and
> then the subsequent write data gets interpreted as some random command code.
> We had elected to decode and ignore the command, but I think the
> datasheet actually describes that the command won’t be decoded successfully,
> so you’re probably right, we should put this logic in decode_new_cmd.
> 
> Most likely, the qtest will also need to be modified to reset the transfer
> state machine after a blocked write command. I can’t remember if
> exiting and re-entering user mode is sufficient for that, but something
> like that is probably possible.
> 
> Thanks for catching this!
> Peter
> 

I am proposing add a CMDState: STATE_HIZ to handle command decode fail
situation. When decode_new_command need abort the decoding and ignore
following
on input bytes of this transaction, set the state to STATE_HIZ.
And m25p80_transfer8() will ignore all the following on byte when in
this state.

This is to simulating the real device operation behavior
i.e. Macronix MX66L1G45G data sheet section 8 DEVICE OPERATION described
```
2. When an incorrect command is written to this device, it enters
standby mode and stays in standby mode until the next CS# falling edge.
In standby mode, This device's SO pin should be High-Z.
``` 
BRs
Dan Zhang
> > 
> >> +qemu_log_mask(LOG_GUEST_ERROR,
> >> +  "M25P80: Status register write is disabled!\n");
> >> +break;
> >> +}
> >> +s->status_register_write_disabled = extract32(s->data[0], 7, 1);
> >> +
> >> switch (get_man(s)) {
> >> case MAN_SPANSION:
> >> s->quad_enable = !!(s->data[1] & 0x02);
> >> @@ -1195,6 +1214,8 @@ static void decode_new_cmd(Flash *s, uint32_t value)
> >> 
> >> case 

Re: Re: [PULL 00/18] Block layer patches

[Yongji Xie]

On Tue, Jun 14, 2022 at 1:04 AM Kevin Wolf  wrote:
>
> Am 09.06.2022 um 22:18 hat Richard Henderson geschrieben:
> > On 6/9/22 10:21, Kevin Wolf wrote:
> > > The following changes since commit 
> > > 028f2361d0c2d28d6f918fe618f389228ac22b60:
> > >
> > >Merge tag 'pull-target-arm-20220609' of 
> > > https://git.linaro.org/people/pmaydell/qemu-arm into staging (2022-06-09 
> > > 06:47:03 -0700)
> > >
> > > are available in the Git repository at:
> > >
> > >git://repo.or.cz/qemu/kevin.git tags/for-upstream
> > >
> > > for you to fetch changes up to 7f9a8b3342ff00d3398fdc08264948762d748edb:
> > >
> > >nbd: Drop dead code spotted by Coverity (2022-06-09 18:07:17 +0200)
> > >
> > > 
> > > Block layer patches
> > >
> > > - Add vduse-blk export
> > > - Dirty bitmaps: Fix and improve bitmap merge
> > > - gluster: correctly set max_pdiscard
> > > - rbd: report a better error when namespace does not exist
> > > - aio_wait_kick: add missing memory barrier
> > > - Code cleanups
> >
> > Several sets of compile failures:
>
> Hi Yongji,
>
> the vduse-blk code fails to compile with clang as shown below. As you
> already sent another series to fix up other bugs introduced in the
> series, maybe it would be better if you can send a new version with all
> of the necessary fixes squashed in instead of me trying to make minimal
> fixes to get it to compile with clang.
>

OK, I have sent a new version including the fix.

Thanks.
Yongji

[PATCH v3 2/2] QIOChannelSocket: Fix zero-copy send so socket flush works

[Leonardo Bras]

Somewhere between v6 and v7 the of the zero-copy-send patchset a crucial
part of the flushing mechanism got missing: incrementing zero_copy_queued.

Without that, the flushing interface becomes a no-op, and there is no
guarantee the buffer is really sent.

This can go as bad as causing a corruption in RAM during migration.

Fixes: 2bc58ffc2926 ("QIOChannelSocket: Implement io_writev zero copy flag & 
io_flush for CONFIG_LINUX")
Reported-by: 徐闯 
Signed-off-by: Leonardo Bras 
---
 io/channel-socket.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/io/channel-socket.c b/io/channel-socket.c
index cdce7b0b45..f31dd189a5 100644
--- a/io/channel-socket.c
+++ b/io/channel-socket.c
@@ -607,6 +607,11 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
  "Unable to write to socket");
 return -1;
 }
+
+if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
+sioc->zero_copy_queued++;
+}
+
 return ret;
 }
 #else /* WIN32 */
-- 
2.36.1

Re: [PATCH v2 1/2] hw: m25p80: add WP# pin and SRWD bit for write protection

[Dan Zhang]

On Thu, Jun 09, 2022 at 08:06:00PM +, Peter Delevoryas wrote:
>
>
> > On Jun 9, 2022, at 12:22 PM, Francisco Iglesias  
> > wrote:
> >
> > Hi Iris,
> >
> > Looks good some, a couple of comments below.
> >
> > On [2022 Jun 08] Wed 20:13:19, Iris Chen wrote:
> >> From: Iris Chen 
> >>
> >> Signed-off-by: Iris Chen 
> >> ---
> >> Addressed all comments from V1. The biggest change: removed 
> >> object_class_property_add.
> >>
> >> hw/block/m25p80.c | 37 +++
> >> tests/qtest/aspeed_smc-test.c |  2 ++
> >> 2 files changed, 39 insertions(+)
> >>
> >> diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
> >> index 81ba3da4df..1a20bd55d4 100644
> >> --- a/hw/block/m25p80.c
> >> +++ b/hw/block/m25p80.c
> >> @@ -27,12 +27,14 @@
> >> #include "hw/qdev-properties.h"
> >> #include "hw/qdev-properties-system.h"
> >> #include "hw/ssi/ssi.h"
> >> +#include "hw/irq.h"
> >> #include "migration/vmstate.h"
> >> #include "qemu/bitops.h"
> >> #include "qemu/log.h"
> >> #include "qemu/module.h"
> >> #include "qemu/error-report.h"
> >> #include "qapi/error.h"
> >> +#include "qapi/visitor.h"
> >> #include "trace.h"
> >> #include "qom/object.h"
> >>
> >> @@ -472,11 +474,13 @@ struct Flash {
> >> uint8_t spansion_cr2v;
> >> uint8_t spansion_cr3v;
> >> uint8_t spansion_cr4v;
> >> +bool wp_level;
> >> bool write_enable;
> >> bool four_bytes_address_mode;
> >> bool reset_enable;
> >> bool quad_enable;
> >> bool aai_enable;
> >> +bool status_register_write_disabled;
> >> uint8_t ear;
> >>
> >> int64_t dirty_page;
> >> @@ -723,6 +727,21 @@ static void complete_collecting_data(Flash *s)
> >> flash_erase(s, s->cur_addr, s->cmd_in_progress);
> >> break;
> >> case WRSR:
> >> +/*
> >> + * If WP# is low and status_register_write_disabled is high,
> >> + * status register writes are disabled.
> >> + * This is also called "hardware protected mode" (HPM). All other
> >> + * combinations of the two states are called "software protected 
> >> mode"
> >> + * (SPM), and status register writes are permitted.
> >> + */
> >> +if ((s->wp_level == 0 && s->status_register_write_disabled)
> >> +|| !s->write_enable) {
> >
> > 'write_enable' needs to be true in 'decode_new_cmd' when issueing the WRSR
> > command, otherwise the state machinery will not advance to this function
> > (meaning that above check for !s->write_enable will never hit as far as I 
> > can
> > tell). A suggestion is to move the check for wp_level and
> > status_reg_wr_disabled into 'decode_new_cmd' to for keeping it consistent.
>
> Oh good catch! Yes actually, in our fork, we also removed the write_enable
> guard in decode_new_cmd. We either need both checks in decode_new_cmd,
> or both checks in complete_collecting_data.
>
> I think we had some difficulty deciding whether to block command decoding,
> or to decode and ignore the command if restrictions are enabled.
>
> The reason being that, in the qtest, the WRSR command code gets ignored, and
> then the subsequent write data gets interpreted as some random command code.
> We had elected to decode and ignore the command, but I think the
> datasheet actually describes that the command won’t be decoded successfully,
> so you’re probably right, we should put this logic in decode_new_cmd.
>
> Most likely, the qtest will also need to be modified to reset the transfer
> state machine after a blocked write command. I can’t remember if
> exiting and re-entering user mode is sufficient for that, but something
> like that is probably possible.
>
> Thanks for catching this!
> Peter
>
I am proposing add a CMDState: STATE_HIZ to handle command decode fail
situation. When decode_new_command need abort the decoding and ignore following
on input bytes of this transaction, set the state to STATE_HIZ.
And m25p80_transfer8() will ignore all the following on byte when in this state.

This is to simulating the real device operation behavior
i.e. Macronix MX66L1G45G data sheet section 8 DEVICE OPERATION described
`
2. When an incorrect command is written to this device, it enters
standby mode and stays in standby mode until the next CS# falling edge.
In standby mode, This device's SO pin should be High-Z.
`
> >
> >> +qemu_log_mask(LOG_GUEST_ERROR,
> >> +  "M25P80: Status register write is disabled!\n");
> >> +break;
> >> +}
> >> +s->status_register_write_disabled = extract32(s->data[0], 7, 1);
> >> +
> >> switch (get_man(s)) {
> >> case MAN_SPANSION:
> >> s->quad_enable = !!(s->data[1] & 0x02);
> >> @@ -1195,6 +1214,8 @@ static void decode_new_cmd(Flash *s, uint32_t value)
> >>
> >> case RDSR:
> >> s->data[0] = (!!s->write_enable) << 1;
> >> +s->data[0] |= (!!s->status_register_write_disabled) << 7;
> >> +
> >> if (get_man(s) == MAN_MACRONIX || 

[PATCH v3 1/2] QIOChannelSocket: Introduce assert and reduce ifdefs to improve readability

[Leonardo Bras]

During implementation of MSG_ZEROCOPY feature, a lot of #ifdefs were
introduced, particularly at qio_channel_socket_writev().

Rewrite some of those changes so it's easier to read.

Also, introduce an assert to help detect incorrect zero-copy usage is when
it's disabled on build.

Signed-off-by: Leonardo Bras 
---
 io/channel-socket.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/io/channel-socket.c b/io/channel-socket.c
index dc9c165de1..cdce7b0b45 100644
--- a/io/channel-socket.c
+++ b/io/channel-socket.c
@@ -578,11 +578,13 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
 memcpy(CMSG_DATA(cmsg), fds, fdsize);
 }
 
-#ifdef QEMU_MSG_ZEROCOPY
 if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
+#ifdef QEMU_MSG_ZEROCOPY
 sflags = MSG_ZEROCOPY;
-}
+#else
+g_assert_unreachable();
 #endif
+}
 
  retry:
 ret = sendmsg(sioc->fd, , sflags);
@@ -592,15 +594,13 @@ static ssize_t qio_channel_socket_writev(QIOChannel *ioc,
 return QIO_CHANNEL_ERR_BLOCK;
 case EINTR:
 goto retry;
-#ifdef QEMU_MSG_ZEROCOPY
 case ENOBUFS:
-if (sflags & MSG_ZEROCOPY) {
+if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
 error_setg_errno(errp, errno,
  "Process can't lock enough memory for using 
MSG_ZEROCOPY");
 return -1;
 }
 break;
-#endif
 }
 
 error_setg_errno(errp, errno,
-- 
2.36.1

[PATCH v2 6/6] vduse-blk: Add name option

[Xie Yongji]

Currently we use 'id' option as the name of VDUSE device.
It's a bit confusing since we use one value for two different
purposes: the ID to identfy the export within QEMU (must be
distinct from any other exports in the same QEMU process, but
can overlap with names used by other processes), and the VDUSE
name to uniquely identify it on the host (must be distinct from
other VDUSE devices on the same host, but can overlap with other
export types like NBD in the same process). To make it clear,
this patch adds a separate 'name' option to specify the VDUSE
name for the vduse-blk export instead.

Signed-off-by: Xie Yongji 
---
 block/export/vduse-blk.c | 4 ++--
 docs/tools/qemu-storage-daemon.rst   | 5 +++--
 qapi/block-export.json   | 7 ---
 storage-daemon/qemu-storage-daemon.c | 8 
 4 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/block/export/vduse-blk.c b/block/export/vduse-blk.c
index 066e088b00..f101c24c3f 100644
--- a/block/export/vduse-blk.c
+++ b/block/export/vduse-blk.c
@@ -300,7 +300,7 @@ static int vduse_blk_exp_create(BlockExport *exp, 
BlockExportOptions *opts,
 features |= 1ULL << VIRTIO_BLK_F_RO;
 }
 
-vblk_exp->dev = vduse_dev_create(exp->id, VIRTIO_ID_BLOCK, 0,
+vblk_exp->dev = vduse_dev_create(vblk_opts->name, VIRTIO_ID_BLOCK, 0,
  features, num_queues,
  sizeof(struct virtio_blk_config),
  (char *), _blk_ops,
@@ -312,7 +312,7 @@ static int vduse_blk_exp_create(BlockExport *exp, 
BlockExportOptions *opts,
 }
 
 vblk_exp->recon_file = g_strdup_printf("%s/vduse-blk-%s",
-   g_get_tmp_dir(), exp->id);
+   g_get_tmp_dir(), vblk_opts->name);
 if (vduse_set_reconnect_log_file(vblk_exp->dev, vblk_exp->recon_file)) {
 error_setg(errp, "failed to set reconnect log file");
 ret = -EINVAL;
diff --git a/docs/tools/qemu-storage-daemon.rst 
b/docs/tools/qemu-storage-daemon.rst
index 034f2809a6..ea00149a63 100644
--- a/docs/tools/qemu-storage-daemon.rst
+++ b/docs/tools/qemu-storage-daemon.rst
@@ -77,7 +77,7 @@ Standard options:
   --export 
[type=]vhost-user-blk,id=,node-name=,addr.type=unix,addr.path=[,writable=on|off][,logical-block-size=][,num-queues=]
   --export 
[type=]vhost-user-blk,id=,node-name=,addr.type=fd,addr.str=[,writable=on|off][,logical-block-size=][,num-queues=]
   --export 
[type=]fuse,id=,node-name=,mountpoint=[,growable=on|off][,writable=on|off][,allow-other=on|off|auto]
-  --export 
[type=]vduse-blk,id=,node-name=[,writable=on|off][,num-queues=][,queue-size=][,logical-block-size=][,serial=]
+  --export 
[type=]vduse-blk,id=,node-name=,name=[,writable=on|off][,num-queues=][,queue-size=][,logical-block-size=][,serial=]
 
   is a block export definition. ``node-name`` is the block node that should be
   exported. ``writable`` determines whether or not the export allows write
@@ -111,7 +111,8 @@ Standard options:
   ``allow-other`` to auto (the default) will try enabling this option, and on
   error fall back to disabling it.
 
-  The ``vduse-blk`` export type uses the ``id`` as the VDUSE device name.
+  The ``vduse-blk`` export type takes a ``name`` (must be unique across the 
host)
+  to create the VDUSE device.
   ``num-queues`` sets the number of virtqueues (the default is 1).
   ``queue-size`` sets the virtqueue descriptor table size (the default is 256).
 
diff --git a/qapi/block-export.json b/qapi/block-export.json
index d7aeb1fbf7..81ef1e3dcd 100644
--- a/qapi/block-export.json
+++ b/qapi/block-export.json
@@ -182,6 +182,7 @@
 #
 # A vduse-blk block export.
 #
+# @name: the name of VDUSE device (must be unique across the host).
 # @num-queues: the number of virtqueues. Defaults to 1.
 # @queue-size: the size of virtqueue. Defaults to 256.
 # @logical-block-size: Logical block size in bytes. Range [512, PAGE_SIZE]
@@ -191,7 +192,8 @@
 # Since: 7.1
 ##
 { 'struct': 'BlockExportOptionsVduseBlk',
-  'data': { '*num-queues': 'uint16',
+  'data': { 'name': 'str',
+'*num-queues': 'uint16',
 '*queue-size': 'uint16',
 '*logical-block-size': 'size',
 '*serial': 'str' } }
@@ -316,8 +318,7 @@
 # Describes a block export, i.e. how single node should be exported on an
 # external interface.
 #
-# @id: A unique identifier for the block export (across the host for vduse-blk
-#  export type or across all export types for other types)
+# @id: A unique identifier for the block export (across all export types)
 #
 # @node-name: The node name of the block node to be exported (since: 5.2)
 #
diff --git a/storage-daemon/qemu-storage-daemon.c 
b/storage-daemon/qemu-storage-daemon.c
index 4e18d3fc85..b8e910f220 100644
--- a/storage-daemon/qemu-storage-daemon.c
+++ b/storage-daemon/qemu-storage-daemon.c
@@ -123,12 +123,12 @@ static void help(void)
 #endif /* 

[PATCH v2 1/6] libvduse: Fix some compile errors with clang

[Xie Yongji]

This fixes some compile errors with clang:

../subprojects/libvduse/libvduse.c:578:20: error: unused function
'vring_used_flags_set_bit' [-Werror,-Wunused-function]
static inline void vring_used_flags_set_bit(VduseVirtq *vq, int mask)
   ^
../subprojects/libvduse/libvduse.c:587:20: error: unused function
'vring_used_flags_unset_bit' [-Werror,-Wunused-function]
static inline void vring_used_flags_unset_bit(VduseVirtq *vq, int mask)

../subprojects/libvduse/libvduse.c:325:20: error: cast to pointer from
integer of different size [-Werror=int-to-pointer-cast]
   325 | munmap((void *)dev->regions[i].mmap_addr,
   |^
../subprojects/libvduse/libvduse.c: In function 'vduse_dev_create':
../subprojects/libvduse/libvduse.c:1318:54: error: format '%lu' expects
argument of type 'long unsigned int', but argument 3 has type 'uint64_t'
{aka 'long long unsigned int'} [-Werror=format=]
 1318 | fprintf(stderr, "Failed to set api version %lu: %s\n",
  |~~^
  |  |
  |  long unsigned int
  |%llu
 1319 | version, strerror(errno));
  | ~~~
  | |
  | uint64_t {aka long long unsigned int}

Signed-off-by: Xie Yongji 
---
 subprojects/libvduse/libvduse.c | 23 +++
 1 file changed, 3 insertions(+), 20 deletions(-)

diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
index 78bb777402..dd1faffe66 100644
--- a/subprojects/libvduse/libvduse.c
+++ b/subprojects/libvduse/libvduse.c
@@ -27,6 +27,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -322,7 +323,7 @@ static void vduse_iova_remove_region(VduseDev *dev, 
uint64_t start,
 
 if (start <= dev->regions[i].iova &&
 last >= (dev->regions[i].iova + dev->regions[i].size - 1)) {
-munmap((void *)dev->regions[i].mmap_addr,
+munmap((void *)(uintptr_t)dev->regions[i].mmap_addr,
dev->regions[i].mmap_offset + dev->regions[i].size);
 dev->regions[i].mmap_addr = 0;
 dev->num_regions--;
@@ -575,24 +576,6 @@ void vduse_queue_notify(VduseVirtq *vq)
 }
 }
 
-static inline void vring_used_flags_set_bit(VduseVirtq *vq, int mask)
-{
-uint16_t *flags;
-
-flags = (uint16_t *)((char*)vq->vring.used +
- offsetof(struct vring_used, flags));
-*flags = htole16(le16toh(*flags) | mask);
-}
-
-static inline void vring_used_flags_unset_bit(VduseVirtq *vq, int mask)
-{
-uint16_t *flags;
-
-flags = (uint16_t *)((char*)vq->vring.used +
- offsetof(struct vring_used, flags));
-*flags = htole16(le16toh(*flags) & ~mask);
-}
-
 static inline void vring_set_avail_event(VduseVirtq *vq, uint16_t val)
 {
 *((uint16_t *)>vring.used->ring[vq->vring.num]) = htole16(val);
@@ -1315,7 +1298,7 @@ VduseDev *vduse_dev_create(const char *name, uint32_t 
device_id,
 
 version = VDUSE_API_VERSION;
 if (ioctl(ctrl_fd, VDUSE_SET_API_VERSION, )) {
-fprintf(stderr, "Failed to set api version %lu: %s\n",
+fprintf(stderr, "Failed to set api version %" PRIu64 ": %s\n",
 version, strerror(errno));
 goto err_dev;
 }
-- 
2.20.1

[PATCH v2 4/6] vduse-blk: Don't delete the export until all inflight I/Os completed

[Xie Yongji]

Don't delete the export until all inflight I/Os completed.
Otherwise, it might lead to a use-after-free.

Fixes: cc241b5505b2 ("vduse-blk: Implement vduse-blk export")
Signed-off-by: Xie Yongji 
---
 block/export/vduse-blk.c | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/block/export/vduse-blk.c b/block/export/vduse-blk.c
index c3a89894ae..251d73c841 100644
--- a/block/export/vduse-blk.c
+++ b/block/export/vduse-blk.c
@@ -31,6 +31,7 @@ typedef struct VduseBlkExport {
 VduseDev *dev;
 uint16_t num_queues;
 char *recon_file;
+unsigned int inflight;
 } VduseBlkExport;
 
 typedef struct VduseBlkReq {
@@ -38,6 +39,18 @@ typedef struct VduseBlkReq {
 VduseVirtq *vq;
 } VduseBlkReq;
 
+static void vduse_blk_inflight_inc(VduseBlkExport *vblk_exp)
+{
+vblk_exp->inflight++;
+}
+
+static void vduse_blk_inflight_dec(VduseBlkExport *vblk_exp)
+{
+if (--vblk_exp->inflight == 0) {
+aio_wait_kick();
+}
+}
+
 static void vduse_blk_req_complete(VduseBlkReq *req, size_t in_len)
 {
 vduse_queue_push(req->vq, >elem, in_len);
@@ -68,10 +81,13 @@ static void coroutine_fn vduse_blk_virtio_process_req(void 
*opaque)
 }
 
 vduse_blk_req_complete(req, in_len);
+vduse_blk_inflight_dec(vblk_exp);
 }
 
 static void vduse_blk_vq_handler(VduseDev *dev, VduseVirtq *vq)
 {
+VduseBlkExport *vblk_exp = vduse_dev_get_priv(dev);
+
 while (1) {
 VduseBlkReq *req;
 
@@ -83,6 +99,8 @@ static void vduse_blk_vq_handler(VduseDev *dev, VduseVirtq 
*vq)
 
 Coroutine *co =
 qemu_coroutine_create(vduse_blk_virtio_process_req, req);
+
+vduse_blk_inflight_inc(vblk_exp);
 qemu_coroutine_enter(co);
 }
 }
@@ -168,6 +186,8 @@ static void vduse_blk_detach_ctx(VduseBlkExport *vblk_exp)
 }
 aio_set_fd_handler(vblk_exp->export.ctx, vduse_dev_get_fd(vblk_exp->dev),
true, NULL, NULL, NULL, NULL, NULL);
+
+AIO_WAIT_WHILE(vblk_exp->export.ctx, vblk_exp->inflight > 0);
 }
 
 
@@ -332,7 +352,9 @@ static void vduse_blk_exp_request_shutdown(BlockExport *exp)
 {
 VduseBlkExport *vblk_exp = container_of(exp, VduseBlkExport, export);
 
+aio_context_acquire(vblk_exp->export.ctx);
 vduse_blk_detach_ctx(vblk_exp);
+aio_context_acquire(vblk_exp->export.ctx);
 }
 
 const BlockExportDriver blk_exp_vduse_blk = {
-- 
2.20.1

[PATCH v2 5/6] vduse-blk: Add serial option

[Xie Yongji]

Add a 'serial' option to allow user to specify this value
explicitly. And the default value is changed to an empty
string as what we did in "hw/block/virtio-blk.c".

Signed-off-by: Xie Yongji 
---
 block/export/vduse-blk.c | 20 ++--
 block/export/vhost-user-blk-server.c |  4 +++-
 block/export/virtio-blk-handler.h|  2 +-
 docs/tools/qemu-storage-daemon.rst   |  2 +-
 qapi/block-export.json   |  4 +++-
 storage-daemon/qemu-storage-daemon.c |  1 +
 6 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/block/export/vduse-blk.c b/block/export/vduse-blk.c
index 251d73c841..066e088b00 100644
--- a/block/export/vduse-blk.c
+++ b/block/export/vduse-blk.c
@@ -235,7 +235,7 @@ static int vduse_blk_exp_create(BlockExport *exp, 
BlockExportOptions *opts,
 Error *local_err = NULL;
 struct virtio_blk_config config = { 0 };
 uint64_t features;
-int i;
+int i, ret;
 
 if (vblk_opts->has_num_queues) {
 num_queues = vblk_opts->num_queues;
@@ -265,7 +265,8 @@ static int vduse_blk_exp_create(BlockExport *exp, 
BlockExportOptions *opts,
 }
 vblk_exp->num_queues = num_queues;
 vblk_exp->handler.blk = exp->blk;
-vblk_exp->handler.serial = exp->id;
+vblk_exp->handler.serial = g_strdup(vblk_opts->has_serial ?
+vblk_opts->serial : "");
 vblk_exp->handler.logical_block_size = logical_block_size;
 vblk_exp->handler.writable = opts->writable;
 
@@ -306,16 +307,16 @@ static int vduse_blk_exp_create(BlockExport *exp, 
BlockExportOptions *opts,
  vblk_exp);
 if (!vblk_exp->dev) {
 error_setg(errp, "failed to create vduse device");
-return -ENOMEM;
+ret = -ENOMEM;
+goto err_dev;
 }
 
 vblk_exp->recon_file = g_strdup_printf("%s/vduse-blk-%s",
g_get_tmp_dir(), exp->id);
 if (vduse_set_reconnect_log_file(vblk_exp->dev, vblk_exp->recon_file)) {
 error_setg(errp, "failed to set reconnect log file");
-vduse_dev_destroy(vblk_exp->dev);
-g_free(vblk_exp->recon_file);
-return -EINVAL;
+ret = -EINVAL;
+goto err;
 }
 
 for (i = 0; i < num_queues; i++) {
@@ -331,6 +332,12 @@ static int vduse_blk_exp_create(BlockExport *exp, 
BlockExportOptions *opts,
 blk_set_dev_ops(exp->blk, _block_ops, exp);
 
 return 0;
+err:
+vduse_dev_destroy(vblk_exp->dev);
+g_free(vblk_exp->recon_file);
+err_dev:
+g_free(vblk_exp->handler.serial);
+return ret;
 }
 
 static void vduse_blk_exp_delete(BlockExport *exp)
@@ -346,6 +353,7 @@ static void vduse_blk_exp_delete(BlockExport *exp)
 unlink(vblk_exp->recon_file);
 }
 g_free(vblk_exp->recon_file);
+g_free(vblk_exp->handler.serial);
 }
 
 static void vduse_blk_exp_request_shutdown(BlockExport *exp)
diff --git a/block/export/vhost-user-blk-server.c 
b/block/export/vhost-user-blk-server.c
index c9c290cc4c..3409d9e02e 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -282,7 +282,7 @@ static int vu_blk_exp_create(BlockExport *exp, 
BlockExportOptions *opts,
 return -EINVAL;
 }
 vexp->handler.blk = exp->blk;
-vexp->handler.serial = "vhost_user_blk";
+vexp->handler.serial = g_strdup("vhost_user_blk");
 vexp->handler.logical_block_size = logical_block_size;
 vexp->handler.writable = opts->writable;
 
@@ -296,6 +296,7 @@ static int vu_blk_exp_create(BlockExport *exp, 
BlockExportOptions *opts,
  num_queues, _blk_iface, errp)) {
 blk_remove_aio_context_notifier(exp->blk, blk_aio_attached,
 blk_aio_detach, vexp);
+g_free(vexp->handler.serial);
 return -EADDRNOTAVAIL;
 }
 
@@ -308,6 +309,7 @@ static void vu_blk_exp_delete(BlockExport *exp)
 
 blk_remove_aio_context_notifier(exp->blk, blk_aio_attached, blk_aio_detach,
 vexp);
+g_free(vexp->handler.serial);
 }
 
 const BlockExportDriver blk_exp_vhost_user_blk = {
diff --git a/block/export/virtio-blk-handler.h 
b/block/export/virtio-blk-handler.h
index 1c7a5e32ad..150d44cff2 100644
--- a/block/export/virtio-blk-handler.h
+++ b/block/export/virtio-blk-handler.h
@@ -23,7 +23,7 @@
 
 typedef struct {
 BlockBackend *blk;
-const char *serial;
+char *serial;
 uint32_t logical_block_size;
 bool writable;
 } VirtioBlkHandler;
diff --git a/docs/tools/qemu-storage-daemon.rst 
b/docs/tools/qemu-storage-daemon.rst
index fbeaf76954..034f2809a6 100644
--- a/docs/tools/qemu-storage-daemon.rst
+++ b/docs/tools/qemu-storage-daemon.rst
@@ -77,7 +77,7 @@ Standard options:
   --export 
[type=]vhost-user-blk,id=,node-name=,addr.type=unix,addr.path=[,writable=on|off][,logical-block-size=][,num-queues=]
   --export 

[PATCH v2 0/6] Some fixes and improvements for vduse-blk

[Xie Yongji]

This series includes few fixes and improvements for the
vduse-blk export.

Patch 1 fixes some compile errors with clang in 32-bit machine.

Patch 2 fixes resources leak when vduse fd is zero.

Patch 3, 4 fixes two bugs which could be triggered
by force deleting a vduse-blk export with high I/O loads.

Patch 5, 6 adds two new options for vduse-blk export.

V1 to V2:
- Add a patch to fix some compile errors with clang

Xie Yongji (6):
  libvduse: Fix some compile errors with clang
  libvduse: Fix resources leak in vduse_dev_destroy()
  vduse-blk: Don't unlink the reconnect file if device exists
  vduse-blk: Don't delete the export until all inflight I/Os completed
  vduse-blk: Add serial option
  vduse-blk: Add name option

 block/export/vduse-blk.c | 53 ++--
 block/export/vhost-user-blk-server.c |  4 ++-
 block/export/virtio-blk-handler.h|  2 +-
 docs/tools/qemu-storage-daemon.rst   |  5 +--
 qapi/block-export.json   | 11 +++---
 storage-daemon/qemu-storage-daemon.c |  9 ++---
 subprojects/libvduse/libvduse.c  | 27 +++---
 7 files changed, 67 insertions(+), 44 deletions(-)

-- 
2.20.1

[PATCH v2 3/6] vduse-blk: Don't unlink the reconnect file if device exists

[Xie Yongji]

We should not unlink the reconnect file if vduse_dev_destroy()
fails with -EBUSY which means the VDUSE device has not been
removed from the vDPA bus. Otherwise, we might fail on
the reconnection later.

Fixes: 730abef0e873 ("libvduse: Add support for reconnecting")
Signed-off-by: Xie Yongji 
---
 block/export/vduse-blk.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/block/export/vduse-blk.c b/block/export/vduse-blk.c
index 3b10349173..c3a89894ae 100644
--- a/block/export/vduse-blk.c
+++ b/block/export/vduse-blk.c
@@ -316,12 +316,15 @@ static int vduse_blk_exp_create(BlockExport *exp, 
BlockExportOptions *opts,
 static void vduse_blk_exp_delete(BlockExport *exp)
 {
 VduseBlkExport *vblk_exp = container_of(exp, VduseBlkExport, export);
+int ret;
 
 blk_remove_aio_context_notifier(exp->blk, blk_aio_attached, blk_aio_detach,
 vblk_exp);
 blk_set_dev_ops(exp->blk, NULL, NULL);
-vduse_dev_destroy(vblk_exp->dev);
-unlink(vblk_exp->recon_file);
+ret = vduse_dev_destroy(vblk_exp->dev);
+if (ret != -EBUSY) {
+unlink(vblk_exp->recon_file);
+}
 g_free(vblk_exp->recon_file);
 }
 
-- 
2.20.1

[PATCH v2 2/6] libvduse: Fix resources leak in vduse_dev_destroy()

[Xie Yongji]

This fixes resource leak when the fd is zero in
vduse_dev_destroy().

Fixes: 8dbd281c1675 ("libvduse: Add VDUSE (vDPA Device in Userspace) library")
Signed-off-by: Xie Yongji 
---
 subprojects/libvduse/libvduse.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/subprojects/libvduse/libvduse.c b/subprojects/libvduse/libvduse.c
index dd1faffe66..9a2bcec282 100644
--- a/subprojects/libvduse/libvduse.c
+++ b/subprojects/libvduse/libvduse.c
@@ -1357,11 +1357,11 @@ int vduse_dev_destroy(VduseDev *dev)
 free(dev->vqs[i].resubmit_list);
 }
 free(dev->vqs);
-if (dev->fd > 0) {
+if (dev->fd >= 0) {
 close(dev->fd);
 dev->fd = -1;
 }
-if (dev->ctrl_fd > 0) {
+if (dev->ctrl_fd >= 0) {
 if (ioctl(dev->ctrl_fd, VDUSE_DESTROY_DEV, dev->name)) {
 ret = -errno;
 }
-- 
2.20.1

Re: [PATCH v2 08/11] bsd-user: Implement rmdir and undocumented __getcwd

[Richard Henderson]

On 6/13/22 21:20, Warner Losh wrote:

Implemenet rmdir and __getcwd. __getcwd is the undocumented
back end to getcwd(3).

Signed-off-by: Stacey Son 
Signed-off-by: Jung-uk Kim 
Signed-off-by: Warner Losh 


Reviewed-by: Richard Henderson 


r~

Re: [PATCH 2/5] tests/qemu-iotests: skip 108 when FUSE is not loaded

[Thomas Huth]

On 14/06/2022 03.50, John Snow wrote:

In certain container environments we may not have FUSE at all, so skip
the test in this circumstance too.

Signed-off-by: John Snow 
---
  tests/qemu-iotests/108 | 6 ++
  1 file changed, 6 insertions(+)

diff --git a/tests/qemu-iotests/108 b/tests/qemu-iotests/108
index 9e923d6a59f..e401c5e9933 100755
--- a/tests/qemu-iotests/108
+++ b/tests/qemu-iotests/108
@@ -60,6 +60,12 @@ if sudo -n losetup &>/dev/null; then
  else
  loopdev=false
  
+# Check for fuse support in the host environment:

+lsmod | grep fuse &>/dev/null;


That doesn't work if fuse has been linked statically into the kernel. Would 
it make sense to test for /sys/fs/fuse instead?


(OTOH, we likely hardly won't run this on statically linked kernels anyway, 
so it might not matter too much)



+if [[ $? -ne 0 ]]; then


I'd prefer single "[" instead of "[[" ... but since we're requiring bash 
anyway, it likely doesn't matter.



+_notrun 'No Passwordless sudo nor FUSE kernel module'
+fi
+
  # QSD --export fuse will either yield "Parameter 'id' is missing"
  # or "Invalid parameter 'fuse'", depending on whether there is
  # FUSE support or not.


 Thomas

Re: [PATCH 4/5] tests/vm: switch CentOS 8 to CentOS 8 Stream

[Thomas Huth]

On 14/06/2022 03.50, John Snow wrote:

The old CentOS image didn't work anymore because it was already EOL at
the beginning of 2022.

Signed-off-by: John Snow 
---
  tests/vm/centos | 8 
  1 file changed, 4 insertions(+), 4 deletions(-)


Reviewed-by: Thomas Huth 

Re: [PATCH v4 2/2] target/xtensa: Use semihosting/syscalls.h

[Richard Henderson]

On 6/13/22 18:06, Max Filippov wrote:

+++ b/hw/xtensa/sim.c
@@ -87,9 +87,6 @@ XtensaCPU *xtensa_sim_common_init(MachineState *machine)
  xtensa_create_memory_regions(, "xtensa.sysram",
   get_system_memory());
  }
-if (serial_hd(0)) {
-xtensa_sim_open_console(serial_hd(0));
-}


Do I understand correctly that the sim machine will no longer
support the -serial option with this change?


No, -serial is still fine.  However, -serial is no longer the semihosting "console" -- 
that will get its own output stream.



+#include "semihosting/syscalls.h"


This does not build on top of the current master, is there a branch where
it's buildable?


Yes, see the cover letter and the Based-on tag, or
https://patchew.org/QEMU/20220608053650.811947-1-richard.hender...@linaro.org/

and the git fetch link there.


git fetch https://github.com/patchew-project/qemu 
tags/patchew/20220608053650.811947-1-richard.hender...@linaro.org



-#ifdef ENOTBLK
-case ENOTBLK:   return TARGET_ENOTBLK;
-#endif


AFAIR there were reports that qemu doesn't build on some
systems because they were missing ENOTBLK and other
error codes that were made conditional here.


Ok, I'll have a dig back.


+E(LOOP);


I'm not sure mangling error code names is a good idea.


Mangling?


r~

Re: [PATCH 3/5] tests/vm: use 'cp' instead of 'ln' for temporary vm images

[Thomas Huth]

On 14/06/2022 03.50, John Snow wrote:

If the initial setup fails, you've permanently altered the state of the
downloaded image in an unknowable way. Use 'cp' like our other test
setup scripts do.

Signed-off-by: John Snow 
---
  tests/vm/centos | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/vm/centos b/tests/vm/centos
index 5c7bc1c1a9a..be4f6ff2f14 100755
--- a/tests/vm/centos
+++ b/tests/vm/centos
@@ -34,7 +34,7 @@ class CentosVM(basevm.BaseVM):
  def build_image(self, img):
  cimg = 
self._download_with_cache("https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-GenericCloud-8.3.2011-20201204.2.x86_64.qcow2;)
  img_tmp = img + ".tmp"
-subprocess.check_call(["ln", "-f", cimg, img_tmp])
+subprocess.check_call(['cp', '-f', cimg, img_tmp])


I wonder whether it would make sense to use "qemu-img create -b" instead to 
save some disk space?


Anyway, your patch is certainly already an improvement, so:

Reviewed-by: Thomas Huth 

Re: [PATCH v1 3/7] gitlab-ci: Fix the build-cfi-aarch64 and build-cfi-ppc64-s390x jobs

[Thomas Huth]

On 13/06/2022 23.46, Richard Henderson wrote:

On 6/13/22 10:12, Alex Bennée wrote:

From: Thomas Huth 

The job definitions recently got a second "variables:" section by
accident and thus are failing now if one tries to run them. Merge
the two sections into one again to fix the issue.

And while we're at it, bump the timeout here (70 minutes are currently
not enough for the aarch64 job). The jobs are marked as manual anyway,
so if the user starts them, they want to see their result for sure and
then it's annoying if the job timeouts too early.

Fixes: e312d1fdbb ("gitlab: convert build/container jobs to 
.base_job_template")

Signed-off-by: Thomas Huth 
Acked-by: Richard Henderson 
Message-Id: <20220603124809.70794-1-th...@redhat.com>
Signed-off-by: Alex Bennée 
---
  .gitlab-ci.d/buildtest.yml | 22 ++
  1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index 544385f5be..cb7cad44b5 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -357,16 +357,15 @@ build-cfi-aarch64:
    --enable-safe-stack --enable-slirp=git
  TARGETS: aarch64-softmmu
  MAKE_CHECK_ARGS: check-build
-  timeout: 70m
-  artifacts:
-    expire_in: 2 days
-    paths:
-  - build
-  variables:
  # FIXME: This job is often failing, likely due to out-of-memory 
problems in
  # the constrained containers of the shared runners. Thus this is 
marked as

  # skipped until the situation has been solved.
  QEMU_JOB_SKIPPED: 1
+  timeout: 90m
+  artifacts:
+    expire_in: 2 days
+    paths:
+  - build


FWIW, 90 minutes was close, but insufficient:

https://gitlab.com/qemu-project/qemu/-/jobs/2584472225


Hmm, it was working at least once for me while I was working on the patch. 
But as I already wrote here:


 https://lists.gnu.org/archive/html/qemu-devel/2022-06/msg00463.html

I think nobody really used this build-cfi-aarch64 in month ... so we should 
maybe have a try with the 90 min timeout first (maybe the CI servers were 
just a little bit overloaded when you tried), but if the test continues to 
hit the 90 minutes timeout, I'd say we rather delete it instead of bumping 
the timeout even further. 90 minutes are really very close to the pain level 
already - at least for me.



But certainly, let us fix the job definition:
Reviewed-by: Richard Henderson 


Thanks!

 Thomas

[PATCH v2 09/11] bsd-user: Implement dup and dup2

[Warner Losh]

Signed-off-by: Stacey Son 
Signed-off-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-file.h   | 12 
 bsd-user/freebsd/os-syscall.c |  8 
 2 files changed, 20 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index 8ec53145894..021541ad2e0 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -485,4 +485,16 @@ static abi_long do_bsd___getcwd(abi_long arg1, abi_long 
arg2)
 return get_errno(ret);
 }
 
+/* dup(2) */
+static abi_long do_bsd_dup(abi_long arg1)
+{
+return get_errno(dup(arg1));
+}
+
+/* dup2(2) */
+static abi_long do_bsd_dup2(abi_long arg1, abi_long arg2)
+{
+return get_errno(dup2(arg1, arg2));
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index e28a566d6c3..d9ebb9d50d6 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -349,6 +349,14 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd___getcwd(arg1, arg2);
 break;
 
+case TARGET_FREEBSD_NR_dup: /* dup(2) */
+ret = do_bsd_dup(arg1);
+break;
+
+case TARGET_FREEBSD_NR_dup2: /* dup2(2) */
+ret = do_bsd_dup2(arg1, arg2);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
-- 
2.33.1

[PATCH v2 11/11] bsd-user: Implement acct and sync

[Warner Losh]

Signed-off-by: Stacey Son 
Signed-off-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-file.h   | 23 +++
 bsd-user/freebsd/os-syscall.c |  8 
 2 files changed, 31 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index fda36894605..b2dca586129 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -526,4 +526,27 @@ static abi_long do_bsd_ftruncate(void *cpu_env, abi_long 
arg1,
 return get_errno(ftruncate(arg1, target_arg64(arg2, arg3)));
 }
 
+/* acct(2) */
+static abi_long do_bsd_acct(abi_long arg1)
+{
+abi_long ret;
+void *p;
+
+if (arg1 == 0) {
+ret = get_errno(acct(NULL));
+} else {
+LOCK_PATH(p, arg1);
+ret = get_errno(acct(path(p)));
+UNLOCK_PATH(p, arg1);
+}
+return ret;
+}
+
+/* sync(2) */
+static abi_long do_bsd_sync(void)
+{
+sync();
+return 0;
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 3c8f6cad0e8..2623caf8007 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -365,6 +365,14 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_ftruncate(cpu_env, arg1, arg2, arg3, arg4);
 break;
 
+case TARGET_FREEBSD_NR_acct: /* acct(2) */
+ret = do_bsd_acct(arg1);
+break;
+
+case TARGET_FREEBSD_NR_sync: /* sync(2) */
+ret = do_bsd_sync();
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
-- 
2.33.1

[PATCH v2 06/11] bsd-user: Implement link, linkat, unlink and unlinkat

[Warner Losh]

Signed-off-by: Stacey Son 
Signed-off-by: Jung-uk Kim 
Signed-off-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-file.h   | 54 +++
 bsd-user/freebsd/os-syscall.c | 16 +++
 2 files changed, 70 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index fd8aba96180..93e142d46e7 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -375,4 +375,58 @@ static abi_long do_bsd_renameat(abi_long arg1, abi_long 
arg2,
 return ret;
 }
 
+/* link(2) */
+static abi_long do_bsd_link(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p1, *p2;
+
+LOCK_PATH2(p1, arg1, p2, arg2);
+ret = get_errno(link(p1, p2)); /* XXX path(p1), path(p2) */
+UNLOCK_PATH2(p1, arg1, p2, arg2);
+
+return ret;
+}
+
+/* linkat(2) */
+static abi_long do_bsd_linkat(abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+abi_long ret;
+void *p1, *p2;
+
+LOCK_PATH2(p1, arg2, p2, arg4);
+ret = get_errno(linkat(arg1, p1, arg3, p2, arg5));
+UNLOCK_PATH2(p1, arg2, p2, arg4);
+
+return ret;
+}
+
+/* unlink(2) */
+static abi_long do_bsd_unlink(abi_long arg1)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(unlink(p)); /* XXX path(p) */
+UNLOCK_PATH(p, arg1);
+
+return ret;
+}
+
+/* unlinkat(2) */
+static abi_long do_bsd_unlinkat(abi_long arg1, abi_long arg2,
+abi_long arg3)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg2);
+ret = get_errno(unlinkat(arg1, p, arg3)); /* XXX path(p) */
+UNLOCK_PATH(p, arg2);
+
+return ret;
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 2d62a546328..c847e4d20c6 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -317,6 +317,22 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_renameat(arg1, arg2, arg3, arg4);
 break;
 
+case TARGET_FREEBSD_NR_link: /* link(2) */
+ret = do_bsd_link(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_linkat: /* linkat(2) */
+ret = do_bsd_linkat(arg1, arg2, arg3, arg4, arg5);
+break;
+
+case TARGET_FREEBSD_NR_unlink: /* unlink(2) */
+ret = do_bsd_unlink(arg1);
+break;
+
+case TARGET_FREEBSD_NR_unlinkat: /* unlinkat(2) */
+ret = do_bsd_unlinkat(arg1, arg2, arg3);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
-- 
2.33.1

[PATCH v2 07/11] bsd-user: Implement mkdir and mkdirat

[Warner Losh]

Signed-off-by: Stacey Son 
Signed-off-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-file.h   | 27 +++
 bsd-user/freebsd/os-syscall.c |  8 
 2 files changed, 35 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index 93e142d46e7..a4c6dd52a20 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -429,4 +429,31 @@ static abi_long do_bsd_unlinkat(abi_long arg1, abi_long 
arg2,
 return ret;
 }
 
+/* mkdir(2) */
+static abi_long do_bsd_mkdir(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(mkdir(p, arg2)); /* XXX path(p) */
+UNLOCK_PATH(p, arg1);
+
+return ret;
+}
+
+/* mkdirat(2) */
+static abi_long do_bsd_mkdirat(abi_long arg1, abi_long arg2,
+abi_long arg3)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg2);
+ret = get_errno(mkdirat(arg1, p, arg3));
+UNLOCK_PATH(p, arg2);
+
+return ret;
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index c847e4d20c6..9381ddb5be1 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -333,6 +333,14 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_unlinkat(arg1, arg2, arg3);
 break;
 
+case TARGET_FREEBSD_NR_mkdir: /* mkdir(2) */
+ret = do_bsd_mkdir(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_mkdirat: /* mkdirat(2) */
+ret = do_bsd_mkdirat(arg1, arg2, arg3);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
-- 
2.33.1

[PATCH v2 10/11] bsd-user: Implement trunctate and ftruncate

[Warner Losh]

Signed-off-by: Stacey Son 
Signed-off-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-file.h   | 29 +
 bsd-user/freebsd/os-syscall.c |  8 
 2 files changed, 37 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index 021541ad2e0..fda36894605 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -497,4 +497,33 @@ static abi_long do_bsd_dup2(abi_long arg1, abi_long arg2)
 return get_errno(dup2(arg1, arg2));
 }
 
+/* truncate(2) */
+static abi_long do_bsd_truncate(void *cpu_env, abi_long arg1,
+abi_long arg2, abi_long arg3, abi_long arg4)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg1);
+if (regpairs_aligned(cpu_env) != 0) {
+arg2 = arg3;
+arg3 = arg4;
+}
+ret = get_errno(truncate(p, target_arg64(arg2, arg3)));
+UNLOCK_PATH(p, arg1);
+
+return ret;
+}
+
+/* ftruncate(2) */
+static abi_long do_bsd_ftruncate(void *cpu_env, abi_long arg1,
+abi_long arg2, abi_long arg3, abi_long arg4)
+{
+if (regpairs_aligned(cpu_env) != 0) {
+arg2 = arg3;
+arg3 = arg4;
+}
+return get_errno(ftruncate(arg1, target_arg64(arg2, arg3)));
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index d9ebb9d50d6..3c8f6cad0e8 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -357,6 +357,14 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_dup2(arg1, arg2);
 break;
 
+case TARGET_FREEBSD_NR_truncate: /* truncate(2) */
+ret = do_bsd_truncate(cpu_env, arg1, arg2, arg3, arg4);
+break;
+
+case TARGET_FREEBSD_NR_ftruncate: /* ftruncate(2) */
+ret = do_bsd_ftruncate(cpu_env, arg1, arg2, arg3, arg4);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
-- 
2.33.1

[PATCH v2 05/11] bsd-user: Implement rename and renameat

[Warner Losh]

Plus the helper LOCK_PATH2 and UNLOCK_PATH2 macros.

Signed-off-by: Stacey Son 
Signed-off-by: Jung-uk Kim 
Signed-off-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-file.h   | 45 +++
 bsd-user/freebsd/os-syscall.c |  8 +++
 2 files changed, 53 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index bc0a0c08d55..fd8aba96180 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -32,6 +32,24 @@ do {\
 
 #define UNLOCK_PATH(p, arg) unlock_user(p, arg, 0)
 
+#define LOCK_PATH2(p1, arg1, p2, arg2)  \
+do {\
+(p1) = lock_user_string(arg1);  \
+if ((p1) == NULL) { \
+return -TARGET_EFAULT;  \
+}   \
+(p2) = lock_user_string(arg2);  \
+if ((p2) == NULL) { \
+unlock_user(p1, arg1, 0);   \
+return -TARGET_EFAULT;  \
+}   \
+} while (0)
+
+#define UNLOCK_PATH2(p1, arg1, p2, arg2)\
+do {\
+unlock_user(p2, arg2, 0);   \
+unlock_user(p1, arg1, 0);   \
+} while (0)
 
 extern struct iovec *lock_iovec(int type, abi_ulong target_addr, int count,
 int copy);
@@ -330,4 +348,31 @@ static abi_long do_bsd_fchdir(abi_long arg1)
 return get_errno(fchdir(arg1));
 }
 
+/* rename(2) */
+static abi_long do_bsd_rename(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p1, *p2;
+
+LOCK_PATH2(p1, arg1, p2, arg2);
+ret = get_errno(rename(p1, p2)); /* XXX path(p1), path(p2) */
+UNLOCK_PATH2(p1, arg1, p2, arg2);
+
+return ret;
+}
+
+/* renameat(2) */
+static abi_long do_bsd_renameat(abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4)
+{
+abi_long ret;
+void *p1, *p2;
+
+LOCK_PATH2(p1, arg2, p2, arg4);
+ret = get_errno(renameat(arg1, p1, arg3, p2));
+UNLOCK_PATH2(p1, arg2, p2, arg4);
+
+return ret;
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 8698db358c1..2d62a546328 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -309,6 +309,14 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_fchdir(arg1);
 break;
 
+case TARGET_FREEBSD_NR_rename: /* rename(2) */
+ret = do_bsd_rename(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_renameat: /* renameat(2) */
+ret = do_bsd_renameat(arg1, arg2, arg3, arg4);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
-- 
2.33.1

[PATCH v2 00/11] bsd-user: Next round of syscalls

[Warner Losh]

Implement the next round of system calls. These are open, openat, close,
fdatasync, fsync, close_from, revoke, access, eacccess, facccessat, chdir,
fchdir, rename, renameat, mkdir, mkdirat, rmdir, _getcwd, dup, dup2, truncate,
ftruncate, acct and sync. In addition, the helper functions needed for these to
work are included. With the helper functions, all of these system calls are the
'obvious' wrapper...

V2: Delete extra blank lines
Use safe_syscall(SYS___getcwd,...) instead of __getcwd.

Only part 8 (bsd-user: Implement rmdir and undocumented __getcwd) needs to be
reviewed.

Warner Losh (11):
  bsd-user: Implement open, openat and close
  bsd-user: Implement fdatasync, fsync and close_from
  bsd-user: Implement revoke, access, eaccess and faccessat
  bsd-user: Implement chdir and fchdir
  bsd-user: Implement rename and renameat
  bsd-user: Implement link, linkat, unlink and unlinkat
  bsd-user: Implement mkdir and mkdirat
  bsd-user: Implement rmdir and undocumented __getcwd
  bsd-user: Implement dup and dup2
  bsd-user: Implement trunctate and ftruncate
  bsd-user: Implement acct and sync

 bsd-user/bsd-file.h   | 359 ++
 bsd-user/freebsd/os-syscall.c | 116 +++
 bsd-user/syscall_defs.h   |   4 +
 3 files changed, 479 insertions(+)

-- 
2.33.1

[PATCH v2 08/11] bsd-user: Implement rmdir and undocumented __getcwd

[Warner Losh]

Implemenet rmdir and __getcwd. __getcwd is the undocumented
back end to getcwd(3).

Signed-off-by: Stacey Son 
Signed-off-by: Jung-uk Kim 
Signed-off-by: Warner Losh 
---
 bsd-user/bsd-file.h   | 29 +
 bsd-user/freebsd/os-syscall.c |  8 
 2 files changed, 37 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index a4c6dd52a20..8ec53145894 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -456,4 +456,33 @@ static abi_long do_bsd_mkdirat(abi_long arg1, abi_long 
arg2,
 return ret;
 }
 
+/* rmdir(2) */
+static abi_long do_bsd_rmdir(abi_long arg1)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(rmdir(p)); /* XXX path(p)? */
+UNLOCK_PATH(p, arg1);
+
+return ret;
+}
+
+/* undocumented __getcwd(char *buf, size_t len)  system call */
+static abi_long do_bsd___getcwd(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+
+p = lock_user(VERIFY_WRITE, arg1, arg2, 0);
+if (p == NULL) {
+return -TARGET_EFAULT;
+}
+ret = safe_syscall(SYS___getcwd, p, arg2);
+unlock_user(p, arg1, ret == 0 ? strlen(p) + 1 : 0);
+
+return get_errno(ret);
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 9381ddb5be1..e28a566d6c3 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -341,6 +341,14 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_mkdirat(arg1, arg2, arg3);
 break;
 
+case TARGET_FREEBSD_NR_rmdir: /* rmdir(2) (XXX no rmdirat()?) */
+ret = do_bsd_rmdir(arg1);
+break;
+
+case TARGET_FREEBSD_NR___getcwd: /* undocumented __getcwd() */
+ret = do_bsd___getcwd(arg1, arg2);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
-- 
2.33.1

[PATCH v2 04/11] bsd-user: Implement chdir and fchdir

[Warner Losh]

Signed-off-by: Stacey Son 
Signed-off-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-file.h   | 19 +++
 bsd-user/freebsd/os-syscall.c |  8 
 2 files changed, 27 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index 6ff2be24e30..bc0a0c08d55 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -311,4 +311,23 @@ static abi_long do_bsd_faccessat(abi_long arg1, abi_long 
arg2,
 return ret;
 }
 
+/* chdir(2) */
+static abi_long do_bsd_chdir(abi_long arg1)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(chdir(p)); /* XXX  path(p)? */
+UNLOCK_PATH(p, arg1);
+
+return ret;
+}
+
+/* fchdir(2) */
+static abi_long do_bsd_fchdir(abi_long arg1)
+{
+return get_errno(fchdir(arg1));
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 7b7af914e49..8698db358c1 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -301,6 +301,14 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_faccessat(arg1, arg2, arg3, arg4);
 break;
 
+case TARGET_FREEBSD_NR_chdir: /* chdir(2) */
+ret = do_bsd_chdir(arg1);
+break;
+
+case TARGET_FREEBSD_NR_fchdir: /* fchdir(2) */
+ret = do_bsd_fchdir(arg1);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
-- 
2.33.1

[PATCH v2 01/11] bsd-user: Implement open, openat and close

[Warner Losh]

Add the open, openat and close system calls. We need to lock paths, so
implmenent that as well.

Signed-off-by: Stacey Son 
Signed-off-by: Jung-uk Kim 
Signed-off-by: Kyle Evans 
Signed-off-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-file.h   | 49 +++
 bsd-user/freebsd/os-syscall.c | 16 
 bsd-user/syscall_defs.h   |  4 +++
 3 files changed, 69 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index e9e2c85eb67..2bd312f8e18 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -22,11 +22,25 @@
 
 #include "qemu/path.h"
 
+#define LOCK_PATH(p, arg)   \
+do {\
+(p) = lock_user_string(arg);\
+if ((p) == NULL) {  \
+return -TARGET_EFAULT;  \
+}   \
+} while (0)
+
+#define UNLOCK_PATH(p, arg) unlock_user(p, arg, 0)
+
+
 extern struct iovec *lock_iovec(int type, abi_ulong target_addr, int count,
 int copy);
 extern void unlock_iovec(struct iovec *vec, abi_ulong target_addr, int count,
 int copy);
 
+int safe_open(const char *path, int flags, mode_t mode);
+int safe_openat(int fd, const char *path, int flags, mode_t mode);
+
 ssize_t safe_read(int fd, void *buf, size_t nbytes);
 ssize_t safe_pread(int fd, void *buf, size_t nbytes, off_t offset);
 ssize_t safe_readv(int fd, const struct iovec *iov, int iovcnt);
@@ -190,4 +204,39 @@ static abi_long do_bsd_pwritev(void *cpu_env, abi_long 
arg1,
 return ret;
 }
 
+/* open(2) */
+static abi_long do_bsd_open(abi_long arg1, abi_long arg2, abi_long arg3)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(safe_open(path(p), target_to_host_bitmask(arg2,
+fcntl_flags_tbl), arg3));
+UNLOCK_PATH(p, arg1);
+
+return ret;
+}
+
+/* openat(2) */
+static abi_long do_bsd_openat(abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg2);
+ret = get_errno(safe_openat(arg1, path(p),
+target_to_host_bitmask(arg3, fcntl_flags_tbl), arg4));
+UNLOCK_PATH(p, arg2);
+
+return ret;
+}
+
+/* close(2) */
+static inline abi_long do_bsd_close(abi_long arg1)
+{
+return get_errno(close(arg1));
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 71aa0d38e03..a824785fee8 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -44,6 +44,10 @@
 #include "bsd-proc.h"
 
 /* I/O */
+safe_syscall3(int, open, const char *, path, int, flags, mode_t, mode);
+safe_syscall4(int, openat, int, fd, const char *, path, int, flags, mode_t,
+mode);
+
 safe_syscall3(ssize_t, read, int, fd, void *, buf, size_t, nbytes);
 safe_syscall4(ssize_t, pread, int, fd, void *, buf, size_t, nbytes, off_t,
 offset);
@@ -257,6 +261,18 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_pwritev(cpu_env, arg1, arg2, arg3, arg4, arg5, arg6);
 break;
 
+case TARGET_FREEBSD_NR_open: /* open(2) */
+ret = do_bsd_open(arg1, arg2, arg3);
+break;
+
+case TARGET_FREEBSD_NR_openat: /* openat(2) */
+ret = do_bsd_openat(arg1, arg2, arg3, arg4);
+break;
+
+case TARGET_FREEBSD_NR_close: /* close(2) */
+ret = do_bsd_close(arg1);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index f5797b28e39..b6d113d24a7 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -226,4 +226,8 @@ type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 
arg4, \
 return safe_syscall(SYS_##name, arg1, arg2, arg3, arg4, arg5, arg6); \
 }
 
+/* So far all target and host bitmasks are the same */
+#define target_to_host_bitmask(x, tbl) (x)
+#define host_to_target_bitmask(x, tbl) (x)
+
 #endif /* SYSCALL_DEFS_H */
-- 
2.33.1

[PATCH v2 02/11] bsd-user: Implement fdatasync, fsync and close_from

[Warner Losh]

Implement fdatasync(2), fsync(2) and close_from(2).

Signed-off-by: Stacey Son 
Signed-off-by: Jung-uk Kim 
Signed-off-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-file.h   | 19 +++
 bsd-user/freebsd/os-syscall.c | 12 
 2 files changed, 31 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index 2bd312f8e18..94eb03df62e 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -239,4 +239,23 @@ static inline abi_long do_bsd_close(abi_long arg1)
 return get_errno(close(arg1));
 }
 
+/* fdatasync(2) */
+static abi_long do_bsd_fdatasync(abi_long arg1)
+{
+return get_errno(fdatasync(arg1));
+}
+
+/* fsync(2) */
+static abi_long do_bsd_fsync(abi_long arg1)
+{
+return get_errno(fsync(arg1));
+}
+
+/* closefrom(2) */
+static abi_long do_bsd_closefrom(abi_long arg1)
+{
+closefrom(arg1);  /* returns void */
+return get_errno(0);
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index a824785fee8..f7d09909925 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -273,6 +273,18 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_close(arg1);
 break;
 
+case TARGET_FREEBSD_NR_fdatasync: /* fdatasync(2) */
+ret = do_bsd_fdatasync(arg1);
+break;
+
+case TARGET_FREEBSD_NR_fsync: /* fsync(2) */
+ret = do_bsd_fsync(arg1);
+break;
+
+case TARGET_FREEBSD_NR_freebsd12_closefrom: /* closefrom(2) */
+ret = do_bsd_closefrom(arg1);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
-- 
2.33.1

[PATCH v2 03/11] bsd-user: Implement revoke, access, eaccess and faccessat

[Warner Losh]

Signed-off-by: Stacey Son 
Signed-off-by: Warner Losh 
Reviewed-by: Richard Henderson 
---
 bsd-user/bsd-file.h   | 53 +++
 bsd-user/freebsd/os-syscall.c | 16 +++
 2 files changed, 69 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index 94eb03df62e..6ff2be24e30 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -258,4 +258,57 @@ static abi_long do_bsd_closefrom(abi_long arg1)
 return get_errno(0);
 }
 
+/* revoke(2) */
+static abi_long do_bsd_revoke(abi_long arg1)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(revoke(p)); /* XXX path(p)? */
+UNLOCK_PATH(p, arg1);
+
+return ret;
+}
+
+/* access(2) */
+static abi_long do_bsd_access(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(access(path(p), arg2));
+UNLOCK_PATH(p, arg1);
+
+return ret;
+}
+
+/* eaccess(2) */
+static abi_long do_bsd_eaccess(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(eaccess(path(p), arg2));
+UNLOCK_PATH(p, arg1);
+
+return ret;
+}
+
+/* faccessat(2) */
+static abi_long do_bsd_faccessat(abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg2);
+ret = get_errno(faccessat(arg1, p, arg3, arg4)); /* XXX path(p)? */
+UNLOCK_PATH(p, arg2);
+
+return ret;
+}
+
 #endif /* BSD_FILE_H */
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index f7d09909925..7b7af914e49 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -285,6 +285,22 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_closefrom(arg1);
 break;
 
+case TARGET_FREEBSD_NR_revoke: /* revoke(2) */
+ret = do_bsd_revoke(arg1);
+break;
+
+case TARGET_FREEBSD_NR_access: /* access(2) */
+ret = do_bsd_access(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_eaccess: /* eaccess(2) */
+ret = do_bsd_eaccess(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_faccessat: /* faccessat(2) */
+ret = do_bsd_faccessat(arg1, arg2, arg3, arg4);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
 ret = -TARGET_ENOSYS;
-- 
2.33.1

Re: [External] [PATCH v13 3/8] QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX

[Leonardo Bras Soares Passos]

On Mon, Jun 13, 2022 at 7:53 PM Peter Xu  wrote:
>
> On Mon, Jun 13, 2022 at 05:58:44PM -0300, Leonardo Bras Soares Passos wrote:
> > Hello Peter,
> >
> > On Wed, Jun 8, 2022 at 5:23 PM Peter Xu  wrote:
> > [...]
> > > > In a previous iteration of the patchset, it was made clear that it's
> > > > desirable to detect when the kernel falls back to copying mechanism,
> > > > so the user of 'QIOChannelSocket' can switch to copying and avoid the
> > > > overhead. This was done by the return value of flush(), which is 1 if
> > > > that occurs.
> > >
> > > Two questions..
> > >
> > >   1) When that happens, will MSG_ERRQUEUE keeps working just like zerocopy
> > >  is functional?
> >
> > I am not sure about what exactly you meant by 'like zerocopy is
> > funcional', but the
> > idea is that reading from MSG_ERRQUEUE should return a msg for each sendmsg
> > syscall with MSG_ZEROCOPY that previously happened. This does not depend on
> > the outcome (like falling back to the copying mechanism).
> > btw, most of those messages may be batched to reduce overhead.
> >
> > At some point, zero-copy may fail, and fall back to copying, so in
> > those messages
> > an error code SO_EE_CODE_ZEROCOPY_COPIED can be seen. Having only
> > those messages in a flush will trigger the returning of 1 from the
> > flush function.
>
> Ah I think I missed the "reset ret==0 when !SO_EE_CODE_ZEROCOPY_COPIED"
> path..  Sorry.
>
> >
> > >
> > >  If the answer is yes, I don't see how ret=1 will ever be
> > >  returned.. because we'll also go into the same loop in
> > >  qio_channel_socket_flush() anyway.
> >
> >
> > We set ret to 1 at function entry and then for each message in the 
> > MSG_ERRQUEUE,
> > we test if it has error code different than SO_EE_CODE_ZEROCOPY_COPIED.
> > If it ever have a different error code, we set ret=0.
> >
> > So, in our previous example, if we have a net device not supporting
> > the 'Scatter-Gather'
> > feature (NETIF_F_SG), every error message will be
> > SO_EE_CODE_ZEROCOPY_COPIED, and it will return 1.
> >
> >
> > >
> > >  If the answer is no, then since we'll have non-zero zero_copy_queued,
> > >  will the loop in qio_channel_socket_flush() go into a dead one?  How
> > >  could it return?
> >
> > No, because it will go through all packets sent with MSG_ZEROCOPY, 
> > including the
> > ones that fell back to copying, so the counter should be fine. If any
> > code disables
> > zero-copy, it will both stop sending stuff wil MSG_ZEROCOPY and flushing, 
> > so it
> > should be fine.
> >
> > >
> > >   2) Even if we have the correct ret=1 returned when that happens, which
> > >  caller is detecting that ret==1 and warn the admin?
> > >
> >
> > No caller is using that right now.
> > It's supposed to be a QIOChannel interface feature, and any 
> > user/implementation
> > could use that information to warn if zero-copy is not being used, fall 
> > back to
> > copying directly (to avoid overhead of testing zero-copy) or even use
> > it to cancel the
> > sending if wanted.
> >
> > It was a suggestion of Daniel on top of [PATCH v5 1/6] IIRC.
>
> OK the detection makes sense, thanks for the details.
>
> Then now I'm wondering whether we should have warned the admin already if
> zero-copy send is not fully enabled in live migration.  Should we add a
> error_report_once() somewhere for the ret==1 already?  After all the user
> specify zero_copy_send=true explicitly.  Did I miss something again?
>

You are correct, I think warning the user is the valid thing to have here.
At the end of the first iteration, where the first flush happens,  I
think it's too late to
fail the migration, since a huge lot of the data has already been sent.

Best regards,
Leo

Re: [Bug] Take more 150s to boot qemu on ARM64

[chenxiang (M)]

在 2022/6/13 21:22, Paul E. McKenney 写道:

On Mon, Jun 13, 2022 at 08:26:34PM +0800, chenxiang (M) wrote:

Hi all,

I encounter a issue with kernel 5.19-rc1 on a ARM64 board:  it takes about
150s between beginning to run qemu command and beginng to boot Linux kernel
("EFI stub: Booting Linux Kernel...").

But in kernel 5.18-rc4, it only takes about 5s. I git bisect the kernel code
and it finds c2445d387850 ("srcu: Add contention check to call_srcu()
srcu_data ->lock acquisition").

The qemu (qemu version is 6.2.92) command i run is :

./qemu-system-aarch64 -m 4G,slots=4,maxmem=8g \
--trace "kvm*" \
-cpu host \
-machine virt,accel=kvm,gic-version=3  \
-machine smp.cpus=2,smp.sockets=2 \
-no-reboot \
-nographic \
-monitor unix:/home/cx/qmp-test,server,nowait \
-bios /home/cx/boot/QEMU_EFI.fd \
-kernel /home/cx/boot/Image  \
-device 
pcie-root-port,port=0x8,chassis=1,id=net1,bus=pcie.0,multifunction=on,addr=0x1
\
-device vfio-pci,host=7d:01.3,id=net0 \
-device virtio-blk-pci,drive=drive0,id=virtblk0,num-queues=4  \
-drive file=/home/cx/boot/boot_ubuntu.img,if=none,id=drive0 \
-append "rdinit=init console=ttyAMA0 root=/dev/vda rootfstype=ext4 rw " \
-net none \
-D /home/cx/qemu_log.txt

I am not familiar with rcu code, and don't know how it causes the issue. Do
you have any idea about this issue?

Please see the discussion here:

https://lore.kernel.org/all/20615615-0013-5adc-584f-2b1d5c03e...@linaro.org/

Though that report requires ACPI to be forced on to get the
delay, which results in more than 9,000 back-to-back calls to
synchronize_srcu_expedited().  I cannot reproduce this on my setup, even
with an artificial tight loop invoking synchronize_srcu_expedited(),
but then again I don't have ARM hardware.

My current guess is that the following patch, but with larger values for
SRCU_MAX_NODELAY_PHASE.  Here "larger" might well be up in the hundreds,
or perhaps even larger.

If you get a chance to experiment with this, could you please reply
to the discussion at the above URL?  (Or let me know, and I can CC
you on the next message in that thread.)


Ok, thanks, i will reply it on above URL.




Thanx, Paul



diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c
index 50ba70f019dea..0db7873f4e95b 100644
--- a/kernel/rcu/srcutree.c
+++ b/kernel/rcu/srcutree.c
@@ -513,7 +513,7 @@ static bool srcu_readers_active(struct srcu_struct *ssp)
  
  #define SRCU_INTERVAL		1	// Base delay if no expedited GPs pending.

  #define SRCU_MAX_INTERVAL 10  // Maximum incremental delay from slow 
readers.
-#define SRCU_MAX_NODELAY_PHASE 1   // Maximum per-GP-phase consecutive 
no-delay instances.
+#define SRCU_MAX_NODELAY_PHASE 3   // Maximum per-GP-phase consecutive 
no-delay instances.
  #define SRCU_MAX_NODELAY  100 // Maximum consecutive no-delay 
instances.
  
  /*

@@ -522,16 +522,22 @@ static bool srcu_readers_active(struct srcu_struct *ssp)
   */
  static unsigned long srcu_get_delay(struct srcu_struct *ssp)
  {
+   unsigned long gpstart;
+   unsigned long j;
unsigned long jbase = SRCU_INTERVAL;
  
  	if (ULONG_CMP_LT(READ_ONCE(ssp->srcu_gp_seq), READ_ONCE(ssp->srcu_gp_seq_needed_exp)))

jbase = 0;
-   if (rcu_seq_state(READ_ONCE(ssp->srcu_gp_seq)))
-   jbase += jiffies - READ_ONCE(ssp->srcu_gp_start);
-   if (!jbase) {
-   WRITE_ONCE(ssp->srcu_n_exp_nodelay, 
READ_ONCE(ssp->srcu_n_exp_nodelay) + 1);
-   if (READ_ONCE(ssp->srcu_n_exp_nodelay) > SRCU_MAX_NODELAY_PHASE)
-   jbase = 1;
+   if (rcu_seq_state(READ_ONCE(ssp->srcu_gp_seq))) {
+   j = jiffies - 1;
+   gpstart = READ_ONCE(ssp->srcu_gp_start);
+   if (time_after(j, gpstart))
+   jbase += j - gpstart;
+   if (!jbase) {
+   WRITE_ONCE(ssp->srcu_n_exp_nodelay, 
READ_ONCE(ssp->srcu_n_exp_nodelay) + 1);
+   if (READ_ONCE(ssp->srcu_n_exp_nodelay) > 
SRCU_MAX_NODELAY_PHASE)
+   jbase = 1;
+   }
}
return jbase > SRCU_MAX_INTERVAL ? SRCU_MAX_INTERVAL : jbase;
  }
.

[PATCH 4/5] tests/vm: switch CentOS 8 to CentOS 8 Stream

[John Snow]

The old CentOS image didn't work anymore because it was already EOL at
the beginning of 2022.

Signed-off-by: John Snow 
---
 tests/vm/centos | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/vm/centos b/tests/vm/centos
index be4f6ff2f14..f5bbdecf62d 100755
--- a/tests/vm/centos
+++ b/tests/vm/centos
@@ -1,8 +1,8 @@
 #!/usr/bin/env python3
 #
-# CentOS image
+# CentOS 8 Stream image
 #
-# Copyright 2018 Red Hat Inc.
+# Copyright 2018, 2022 Red Hat Inc.
 #
 # Authors:
 #  Fam Zheng 
@@ -18,7 +18,7 @@ import basevm
 import time
 
 class CentosVM(basevm.BaseVM):
-name = "centos"
+name = "centos8s"
 arch = "x86_64"
 BUILD_SCRIPT = """
 set -e;
@@ -32,7 +32,7 @@ class CentosVM(basevm.BaseVM):
 """
 
 def build_image(self, img):
-cimg = 
self._download_with_cache("https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-GenericCloud-8.3.2011-20201204.2.x86_64.qcow2;)
+cimg = 
self._download_with_cache("https://cloud.centos.org/centos/8-stream/x86_64/images/CentOS-Stream-GenericCloud-8-20220125.1.x86_64.qcow2;)
 img_tmp = img + ".tmp"
 subprocess.check_call(['cp', '-f', cimg, img_tmp])
 self.exec_qemu_img("resize", img_tmp, "50G")
-- 
2.34.3

[PATCH 3/5] tests/vm: use 'cp' instead of 'ln' for temporary vm images

[John Snow]

If the initial setup fails, you've permanently altered the state of the
downloaded image in an unknowable way. Use 'cp' like our other test
setup scripts do.

Signed-off-by: John Snow 
---
 tests/vm/centos | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/vm/centos b/tests/vm/centos
index 5c7bc1c1a9a..be4f6ff2f14 100755
--- a/tests/vm/centos
+++ b/tests/vm/centos
@@ -34,7 +34,7 @@ class CentosVM(basevm.BaseVM):
 def build_image(self, img):
 cimg = 
self._download_with_cache("https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-GenericCloud-8.3.2011-20201204.2.x86_64.qcow2;)
 img_tmp = img + ".tmp"
-subprocess.check_call(["ln", "-f", cimg, img_tmp])
+subprocess.check_call(['cp', '-f', cimg, img_tmp])
 self.exec_qemu_img("resize", img_tmp, "50G")
 self.boot(img_tmp, extra_args = ["-cdrom", self.gen_cloud_init_iso()])
 self.wait_ssh()
-- 
2.34.3

[PATCH 0/5] Update CentOS VM tests

[John Snow]

This patch series attempts to revive the CentOS VM test targets, because
both appear to be presently non-functional.

I didn't quite get it working 100%, but I'm sending anyway to ask for
help in solving straggler problems.

My experience testing these is that CentOS 8 (x86_64) fails on test-qga:

― ✀  ―
stderr: ** ERROR:../src/tests/unit/test-qga.c:321:test_qga_get_fsinfo:
assertion failed ret: GenericError realpath(\ "/sys/dev/block/252:1"):
No such file or directory

(test program exited with status code -6)
――

... I'm assuming this is something to do with the docker environment in
which the test is being run, but I don't know exactly what right now.

See the tail of this cover letter for more failures found when running
the docker tests manually, outside of the VM.

Meanwhile, the aarch64 VM appears to fail on a few different cases:

  3/586 qemu:qtest+qtest-arm / qtest-arm/qom-test
  ERROR  1022.98s   killed by signal 6 SIGABRT

  1/586 qemu:qtest+qtest-aarch64 / qtest-aarch64/qom-test
  ERROR  1023.86s   killed by signal 6 SIGABRT

 39/586 qemu:qtest+qtest-aarch64 / qtest-aarch64/test-hmp
 ERROR  184.02s   killed by signal 6 SIGABRT

 41/586 qemu:qtest+qtest-arm / qtest-arm/test-hmp
 ERROR  178.55s   killed by signal 6 SIGABRT

... Unfortunately, I wasn't able to rescue the log for this one in time,
so I don't have record of the failure. I guess I'll run again overnight
and see if I can capture it this time.

Following up from the CentOS8 VM failure up top; running "make
docker-test-block@centos8" on my development machine (not in any VM)
*also* seems to fail, but in a manner differently than the same test
step appears to from within the CentOS 8 Stream VM:

Failures: 086 150 221 253
Failed 4 of 61 iotests
Test failed: iotests raw

--- /tmp/qemu-test/src/tests/qemu-iotests/086.out
+++ /tmp/qemu-test/086.out.bad
@@ -9,9 +9,69 @@
 wrote 1048576/1048576 bytes at offset 33554432
 1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 (0.00/100%)
+(1.56/100%)

(And so on. This looks like a race.)

--- /tmp/qemu-test/src/tests/qemu-iotests/150.out.raw
+++ /tmp/qemu-test/150.out.bad
@@ -3,7 +3,7 @@
 === Mapping sparse conversion ===

 Offset  Length  File
-0   0x1000  TEST_DIR/t.IMGFMT
+0   0x10TEST_DIR/t.IMGFMT

 === Mapping non-sparse conversion ===

--- /tmp/qemu-test/src/tests/qemu-iotests/221.out
+++ /tmp/qemu-test/221.out.bad
@@ -5,14 +5,13 @@
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=65537
 discard 65537/65537 bytes at offset 0
 64.001 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-[{ "start": 0, "length": 66048, "depth": 0, "present": true, "zero": true, 
"data": false, "offset": OFFSET}]
-[{ "start": 0, "length": 66048, "depth": 0, "present": true, "zero": true, 
"data": false, "offset": OFFSET}]
+[{ "start": 0, "length": 66048, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET}]
+[{ "start": 0, "length": 65537, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
+{ "start": 65537, "length": 511, "depth": 0, "present": true, "zero": true, 
"data": false, "offset": OFFSET}]
 wrote 1/1 bytes at offset 65536
 1 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-[{ "start": 0, "length": 65536, "depth": 0, "present": true, "zero": true, 
"data": false, "offset": OFFSET},
-{ "start": 65536, "length": 1, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
+[{ "start": 0, "length": 65537, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
 { "start": 65537, "length": 511, "depth": 0, "present": true, "zero": true, 
"data": false, "offset": OFFSET}]
-[{ "start": 0, "length": 65536, "depth": 0, "present": true, "zero": true, 
"data": false, "offset": OFFSET},
-{ "start": 65536, "length": 1, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
+[{ "start": 0, "length": 65537, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
 { "start": 65537, "length": 511, "depth": 0, "present": true, "zero": true, 
"data": false, "offset": OFFSET}]
 *** done

--- /tmp/qemu-test/src/tests/qemu-iotests/253.out
+++ /tmp/qemu-test/253.out.bad
@@ -3,16 +3,10 @@
 === Check mapping of unaligned raw image ===

 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048575
-[{ "start": 0, "length": 4096, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
-{ "start": 4096, "length": 1044480, "depth": 0, "present": true, "zero": true, 
"data": false, "offset": OFFSET}]
-[{ "start": 0, "length": 4096, "depth": 0, "present": true, "zero": false, 
"data": true, "offset": OFFSET},
-{ "start": 4096, "length": 1044480, "depth": 0, "present": true, "zero": true, 
"data": false, "offset": OFFSET}]
+[{ 

[PATCH 1/5] tests/qemu-iotests: hotfix for 307, 223 output

[John Snow]

Fixes: 58a6fdcc
Signed-off-by: John Snow 
---
 tests/qemu-iotests/223.out | 4 ++--
 tests/qemu-iotests/307.out | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/qemu-iotests/223.out b/tests/qemu-iotests/223.out
index 06479415312..26fb347c5da 100644
--- a/tests/qemu-iotests/223.out
+++ b/tests/qemu-iotests/223.out
@@ -93,7 +93,7 @@ exports available: 3
  export: 'n2'
   description: some text
   size:  4194304
-  flags: 0xced ( flush fua trim zeroes df cache fast-zero )
+  flags: 0xded ( flush fua trim zeroes df multi cache fast-zero )
   min block: 1
   opt block: 4096
   max block: 33554432
@@ -212,7 +212,7 @@ exports available: 3
  export: 'n2'
   description: some text
   size:  4194304
-  flags: 0xced ( flush fua trim zeroes df cache fast-zero )
+  flags: 0xded ( flush fua trim zeroes df multi cache fast-zero )
   min block: 1
   opt block: 4096
   max block: 33554432
diff --git a/tests/qemu-iotests/307.out b/tests/qemu-iotests/307.out
index ec8d2be0e0a..390f05d1b78 100644
--- a/tests/qemu-iotests/307.out
+++ b/tests/qemu-iotests/307.out
@@ -83,7 +83,7 @@ exports available: 2
  export: 'export1'
   description: This is the writable second export
   size:  67108864
-  flags: 0xced ( flush fua trim zeroes df cache fast-zero )
+  flags: 0xded ( flush fua trim zeroes df multi cache fast-zero )
   min block: XXX
   opt block: XXX
   max block: XXX
@@ -109,7 +109,7 @@ exports available: 1
  export: 'export1'
   description: This is the writable second export
   size:  67108864
-  flags: 0xced ( flush fua trim zeroes df cache fast-zero )
+  flags: 0xded ( flush fua trim zeroes df multi cache fast-zero )
   min block: XXX
   opt block: XXX
   max block: XXX
-- 
2.34.3

[PATCH 2/5] tests/qemu-iotests: skip 108 when FUSE is not loaded

[John Snow]

In certain container environments we may not have FUSE at all, so skip
the test in this circumstance too.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/108 | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/tests/qemu-iotests/108 b/tests/qemu-iotests/108
index 9e923d6a59f..e401c5e9933 100755
--- a/tests/qemu-iotests/108
+++ b/tests/qemu-iotests/108
@@ -60,6 +60,12 @@ if sudo -n losetup &>/dev/null; then
 else
 loopdev=false
 
+# Check for fuse support in the host environment:
+lsmod | grep fuse &>/dev/null;
+if [[ $? -ne 0 ]]; then
+_notrun 'No Passwordless sudo nor FUSE kernel module'
+fi
+
 # QSD --export fuse will either yield "Parameter 'id' is missing"
 # or "Invalid parameter 'fuse'", depending on whether there is
 # FUSE support or not.
-- 
2.34.3

Re: [Phishing Risk] [External] Re: [PATCH 4/7] crypto: Add ECDSA key parser

[何磊]

Hi Philippe, lots of thanks for your review!

> On Jun 13, 2022, at 10:19 PM, Philippe Mathieu-Daudé  wrote:
> 
> On 13/6/22 10:45, Lei He wrote:
>> Add ECDSA key parser and ECDSA signautre parser.
>> Signed-off-by: lei he 
>> ---
>>  crypto/ecdsakey-builtin.c.inc | 248 
>> ++
>>  crypto/ecdsakey.c | 118 
>>  crypto/ecdsakey.h |  66 +++
>>  crypto/meson.build|   1 +
>>  4 files changed, 433 insertions(+)
>>  create mode 100644 crypto/ecdsakey-builtin.c.inc
>>  create mode 100644 crypto/ecdsakey.c
>>  create mode 100644 crypto/ecdsakey.h
>> diff --git a/crypto/ecdsakey-builtin.c.inc b/crypto/ecdsakey-builtin.c.inc
>> new file mode 100644
>> index 00..5da317ec44
>> --- /dev/null
>> +++ b/crypto/ecdsakey-builtin.c.inc
>> @@ -0,0 +1,248 @@
>> +/*
>> + * QEMU Crypto akcipher algorithms
>> + *
>> + * Copyright (c) 2022 Bytedance
>> + * Author: lei he 
>> + *
>> + * This library is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU Lesser General Public
>> + * License as published by the Free Software Foundation; either
>> + * version 2.1 of the License, or (at your option) any later version.
>> + *
>> + * This library is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>> + * Lesser General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU Lesser General Public
>> + * License along with this library; if not, see 
>> .
>> + *
>> + */
>> +
>> +#include "der.h"
>> +#include "ecdsakey.h"
>> +
>> +#define QCRYPTO_ECDSA_PUBKEY_FMT_UNCOMPRESSED 0x04
>> +
>> +static int extract_mpi(void *ctx, const uint8_t *value,
>> +   size_t vlen, Error **errp)
>> +{
>> +QCryptoAkCipherMPI *mpi = (QCryptoAkCipherMPI *)ctx;
>> +if (vlen == 0) {
>> +error_setg(errp, "Empty mpi field");
>> +return -1;
> 
> Functions taking Error* param usually return a boolean.

It's a good idea to make such functions that only return 0 or -1 return bool 
directly, but this change 
will require modification of rsakey related code. If you strongly request it, I 
will modify it in another patch.

> 
>> +}
>> +mpi->data = g_memdup2(value, vlen);
>> +mpi->len = vlen;
>> +return 0;
>> +}
>> +
>> +static int extract_version(void *ctx, const uint8_t *value,
>> +   size_t vlen, Error **errp)
>> +{
>> +uint8_t *version = (uint8_t *)ctx;
>> +if (vlen != 1 || *value > 1) {
>> +error_setg(errp, "Invalid rsakey version");
>> +return -1;
>> +}
>> +*version = *value;
>> +return 0;
>> +}
>> +
>> +static int extract_cons_content(void *ctx, const uint8_t *value,
>> +size_t vlen, Error **errp)
>> +{
>> +const uint8_t **content = (const uint8_t **)ctx;
>> +if (vlen == 0) {
>> +error_setg(errp, "Empty sequence");
>> +return -1;
>> +}
>> +*content = value;
> 
> You need to check (vlen >= sizeof(uint8_t *)) to avoid overrun.

The decoder will parse the meta data of ASN1 types and pass the real data part 
to the callback function. 
The above statement only saves the starting address of the ‘data part' and does 
not actually access the 
data, so there is no need to check the size of vlen. 

> 
>> +return 0;
>> +}
>> +
>> +static int __qcrypto_akcipher_builtin_ecdsa_pubkey_parse(
>> +QCryptoAkCipherECDSAKey *ecdsa,
>> +const uint8_t *key, size_t keylen, Error **errp);
> 
> Why use the reserved __prefix?

I will fix it later.

RE: [PATCH] virtio/vhost-user: Fix wrong vhost notifier GPtrArray size

[Yajun Wu]

Hi Michael,

User space vhost clients are broken for few weeks now without this fix.
With Alex's review, can you please merge it if there are no further comments?

Thanks.

-Original Message-
From: Alex Bennée  
Sent: Thursday, May 26, 2022 3:09 PM
To: Yajun Wu 
Cc: qemu-devel@nongnu.org; m...@redhat.com; Parav Pandit 
Subject: Re: [PATCH] virtio/vhost-user: Fix wrong vhost notifier GPtrArray size

External email: Use caution opening links or attachments


Yajun Wu  writes:

> In fetch_or_create_notifier, idx begins with 0. So the GPtrArray size 
> should be idx + 1 and g_ptr_array_set_size should be called with idx + 1.
>
> This wrong GPtrArray size causes fetch_or_create_notifier return an 
> invalid address. Passing this invalid pointer to 
> vhost_user_host_notifier_remove causes assert fail:
>
> qemu/include/qemu/int128.h:27: int128_get64: Assertion `r == a' failed.
>   shutting down, reason=crashed
>
> Backends like dpdk-vdpa which sends out vhost notifier requests almost 
> always hit qemu crash.

My bad. I was looking for ways to exercise this code but the internal tests 
didn't do it. I guess I should look at getting a test setup for dpdk. Anyway:

Reviewed-by: Alex Bennée 


>
> Fixes: 503e355465 ("virtio/vhost-user: dynamically assign 
> VhostUserHostNotifiers")
> Signed-off-by: Yajun Wu 
> Acked-by: Parav Pandit 
> Change-Id: I87e0f7591ca9a59d210879b260704a2d9e9d6bcd
> ---
>  hw/virtio/vhost-user.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 
> b040c1ad2b..dbc690d16c 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -1525,7 +1525,7 @@ static VhostUserHostNotifier 
> *fetch_or_create_notifier(VhostUserState *u,  {
>  VhostUserHostNotifier *n = NULL;
>  if (idx >= u->notifiers->len) {
> -g_ptr_array_set_size(u->notifiers, idx);
> +g_ptr_array_set_size(u->notifiers, idx + 1);
>  }
>
>  n = g_ptr_array_index(u->notifiers, idx);


--
Alex Bennée

Re: [PATCH v4 2/2] target/xtensa: Use semihosting/syscalls.h

[Max Filippov]

On Tue, Jun 7, 2022 at 10:36 PM Richard Henderson
 wrote:
>
> This separates guest file descriptors from host file descriptors,
> and utilizes shared infrastructure for integration with gdbstub.
> Remove the xtensa custom console handing and rely on the
> generic -semihosting-config handling of chardevs.
>
> Signed-off-by: Richard Henderson 
> ---
>  target/xtensa/cpu.h |   1 -
>  hw/xtensa/sim.c |   3 -
>  target/xtensa/xtensa-semi.c | 323 +++-
>  3 files changed, 97 insertions(+), 230 deletions(-)
>
> diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
> index ea66895e7f..99ac3efd71 100644
> --- a/target/xtensa/cpu.h
> +++ b/target/xtensa/cpu.h
> @@ -612,7 +612,6 @@ void xtensa_translate_init(void);
>  void **xtensa_get_regfile_by_name(const char *name, int entries, int bits);
>  void xtensa_breakpoint_handler(CPUState *cs);
>  void xtensa_register_core(XtensaConfigList *node);
> -void xtensa_sim_open_console(Chardev *chr);
>  void check_interrupts(CPUXtensaState *s);
>  void xtensa_irq_init(CPUXtensaState *env);
>  qemu_irq *xtensa_get_extints(CPUXtensaState *env);
> diff --git a/hw/xtensa/sim.c b/hw/xtensa/sim.c
> index 946c71cb5b..5cca6a170e 100644
> --- a/hw/xtensa/sim.c
> +++ b/hw/xtensa/sim.c
> @@ -87,9 +87,6 @@ XtensaCPU *xtensa_sim_common_init(MachineState *machine)
>  xtensa_create_memory_regions(, "xtensa.sysram",
>   get_system_memory());
>  }
> -if (serial_hd(0)) {
> -xtensa_sim_open_console(serial_hd(0));
> -}

Do I understand correctly that the sim machine will no longer
support the -serial option with this change?

>  return cpu;
>  }
>
> diff --git a/target/xtensa/xtensa-semi.c b/target/xtensa/xtensa-semi.c
> index 5375f106fc..7ef4be353e 100644
> --- a/target/xtensa/xtensa-semi.c
> +++ b/target/xtensa/xtensa-semi.c
> @@ -27,8 +27,10 @@
>
>  #include "qemu/osdep.h"
>  #include "cpu.h"
> -#include "chardev/char-fe.h"
> +#include "exec/gdbstub.h"
>  #include "semihosting/semihost.h"
> +#include "semihosting/syscalls.h"

This does not build on top of the current master, is there a branch where
it's buildable?

...

> -switch (host_errno) {
> -case 0: return 0;
> -case EPERM: return TARGET_EPERM;
> -case ENOENT:return TARGET_ENOENT;
> -case ESRCH: return TARGET_ESRCH;
> -case EINTR: return TARGET_EINTR;
> -case EIO:   return TARGET_EIO;
> -case ENXIO: return TARGET_ENXIO;
> -case E2BIG: return TARGET_E2BIG;
> -case ENOEXEC:   return TARGET_ENOEXEC;
> -case EBADF: return TARGET_EBADF;
> -case ECHILD:return TARGET_ECHILD;
> -case EAGAIN:return TARGET_EAGAIN;
> -case ENOMEM:return TARGET_ENOMEM;
> -case EACCES:return TARGET_EACCES;
> -case EFAULT:return TARGET_EFAULT;
> -#ifdef ENOTBLK
> -case ENOTBLK:   return TARGET_ENOTBLK;
> -#endif

AFAIR there were reports that qemu doesn't build on some
systems because they were missing ENOTBLK and other
error codes that were made conditional here.

...

> +#define E(N) case E##N: err = TARGET_E##N; break
...
> +E(PERM);
> +E(NOENT);
> +E(SRCH);
> +E(INTR);
> +E(IO);
> +E(NXIO);
> +E(2BIG);
> +E(NOEXEC);
> +E(BADF);
> +E(CHILD);
> +E(AGAIN);
> +E(NOMEM);
> +E(ACCES);
> +E(FAULT);
> +E(NOTBLK);
> +E(BUSY);
> +E(EXIST);
> +E(XDEV);
> +E(NODEV);
> +E(NOTDIR);
> +E(ISDIR);
> +E(INVAL);
> +E(NFILE);
> +E(MFILE);
> +E(NOTTY);
> +E(TXTBSY);
> +E(FBIG);
> +E(NOSPC);
> +E(SPIPE);
> +E(ROFS);
> +E(MLINK);
> +E(PIPE);
> +E(DOM);
> +E(RANGE);
> +E(NOSYS);
> +E(LOOP);

I'm not sure mangling error code names is a good idea.

-- 
Thanks.
-- Max

[PULL 7/7] .gitlab: use less aggressive nproc on our aarch64/32 runners

[Alex Bennée]

Running on all 80 cores of our aarch64 runner does occasionally
trigger a race condition which fails the build. However the CI system
is not the time and place to play with much heisenbugs so turn down
the nproc to "only" use 40 cores in the build.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Tested-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20220613171258.1905715-8-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml 
b/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml
index 47856ac53c..1998460d06 100644
--- a/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml
@@ -19,5 +19,5 @@ ubuntu-20.04-aarch32-all:
  - mkdir build
  - cd build
  - ../configure --cross-prefix=arm-linux-gnueabihf-
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
diff --git a/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch64.yml 
b/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch64.yml
index 951e490db1..65718a188a 100644
--- a/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch64.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch64.yml
@@ -17,9 +17,9 @@ ubuntu-20.04-aarch64-all-linux-static:
  - mkdir build
  - cd build
  - ../configure --enable-debug --static --disable-system --disable-glusterfs 
--disable-libssh
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
- - make --output-sync -j`nproc` check-tcg V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
+ - make --output-sync -j`nproc --ignore=40` check-tcg V=1
 
 ubuntu-20.04-aarch64-all:
  needs: []
@@ -38,8 +38,8 @@ ubuntu-20.04-aarch64-all:
  - mkdir build
  - cd build
  - ../configure --disable-libssh
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
 
 ubuntu-20.04-aarch64-alldbg:
  needs: []
@@ -55,8 +55,8 @@ ubuntu-20.04-aarch64-alldbg:
  - cd build
  - ../configure --enable-debug --disable-libssh
  - make clean
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
 
 ubuntu-20.04-aarch64-clang:
  needs: []
@@ -75,8 +75,8 @@ ubuntu-20.04-aarch64-clang:
  - mkdir build
  - cd build
  - ../configure --disable-libssh --cc=clang-10 --cxx=clang++-10 
--enable-sanitizers
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
 
 ubuntu-20.04-aarch64-tci:
  needs: []
@@ -95,7 +95,7 @@ ubuntu-20.04-aarch64-tci:
  - mkdir build
  - cd build
  - ../configure --disable-libssh --enable-tcg-interpreter
- - make --output-sync -j`nproc`
+ - make --output-sync -j`nproc --ignore=40`
 
 ubuntu-20.04-aarch64-notcg:
  needs: []
@@ -114,5 +114,5 @@ ubuntu-20.04-aarch64-notcg:
  - mkdir build
  - cd build
  - ../configure --disable-libssh --disable-tcg
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
-- 
2.30.2

[PULL 5/7] tests/tcg: disable xtensa-linux-user again

[Alex Bennée]

From: Paolo Bonzini 

The move from tests/tcg/configure.sh started enabling the container image
for xtensa-linux-user, which fails because the compiler does not have
the full set of headers.  The cause is the "xtensa*-softmmu)" case
in tests/tcg/configure.sh which became just "xtensa*)" in the new
probe_target_compiler shell function.  Look out for xtensa*-linux-user
and do not configure it.

Reported-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220608135727.1341946-1-pbonz...@redhat.com>
Fixes: cd362defbb ("tests/tcg: merge configure.sh back into main configure 
script")
Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20220613171258.1905715-6-alex.ben...@linaro.org>

diff --git a/configure b/configure
index e69537c756..4b12a8094c 100755
--- a/configure
+++ b/configure
@@ -2024,7 +2024,6 @@ probe_target_compiler() {
 container_cross_prefix=x86_64-linux-gnu-
 ;;
   xtensa*)
-# FIXME: xtensa-linux-user?
 container_hosts=x86_64
 container_image=debian-xtensa-cross
 
@@ -2481,6 +2480,10 @@ for target in $target_list; do
   echo "# Automatically generated by configure - do not modify" > 
$config_target_mak
   echo "TARGET_NAME=$arch" >> $config_target_mak
   case $target in
+xtensa*-linux-user)
+  # the toolchain is not complete with headers, only build softmmu tests
+  continue
+  ;;
 *-softmmu)
   test -f $source_path/tests/tcg/$arch/Makefile.softmmu-target || continue
   qemu="qemu-system-$arch"
-- 
2.30.2

[PULL 1/7] test/tcg/arm: Use -mfloat-abi=soft for test-armv6m-undef

[Alex Bennée]

From: Richard Henderson 

GCC11 from crossbuild-essential-armhf from ubuntu 22.04 errors:
cc1: error: ‘-mfloat-abi=hard’: selected architecture lacks an FPU

Signed-off-by: Richard Henderson 
Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20220604032713.174976-1-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
Message-Id: <20220613171258.1905715-2-alex.ben...@linaro.org>

diff --git a/tests/tcg/arm/Makefile.softmmu-target 
b/tests/tcg/arm/Makefile.softmmu-target
index 3fe237ba39..7df88ddea8 100644
--- a/tests/tcg/arm/Makefile.softmmu-target
+++ b/tests/tcg/arm/Makefile.softmmu-target
@@ -20,7 +20,7 @@ LDFLAGS+=-nostdlib -N -static
 
 # Specific Test Rules
 
-test-armv6m-undef: EXTRA_CFLAGS+=-mcpu=cortex-m0
+test-armv6m-undef: EXTRA_CFLAGS+=-mcpu=cortex-m0 -mfloat-abi=soft
 
 run-test-armv6m-undef: QEMU_OPTS+=-semihosting -M microbit -kernel
 run-plugin-test-armv6m-undef-%: QEMU_OPTS+=-semihosting -M microbit -kernel
-- 
2.30.2

[PULL 3/7] gitlab-ci: Fix the build-cfi-aarch64 and build-cfi-ppc64-s390x jobs

[Alex Bennée]

From: Thomas Huth 

The job definitions recently got a second "variables:" section by
accident and thus are failing now if one tries to run them. Merge
the two sections into one again to fix the issue.

And while we're at it, bump the timeout here (70 minutes are currently
not enough for the aarch64 job). The jobs are marked as manual anyway,
so if the user starts them, they want to see their result for sure and
then it's annoying if the job timeouts too early.

Fixes: e312d1fdbb ("gitlab: convert build/container jobs to .base_job_template")
Signed-off-by: Thomas Huth 
Acked-by: Richard Henderson 
Message-Id: <20220603124809.70794-1-th...@redhat.com>
Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Message-Id: <20220613171258.1905715-4-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index 544385f5be..cb7cad44b5 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -357,16 +357,15 @@ build-cfi-aarch64:
   --enable-safe-stack --enable-slirp=git
 TARGETS: aarch64-softmmu
 MAKE_CHECK_ARGS: check-build
-  timeout: 70m
-  artifacts:
-expire_in: 2 days
-paths:
-  - build
-  variables:
 # FIXME: This job is often failing, likely due to out-of-memory problems in
 # the constrained containers of the shared runners. Thus this is marked as
 # skipped until the situation has been solved.
 QEMU_JOB_SKIPPED: 1
+  timeout: 90m
+  artifacts:
+expire_in: 2 days
+paths:
+  - build
 
 check-cfi-aarch64:
   extends: .native_test_job_template
@@ -398,16 +397,15 @@ build-cfi-ppc64-s390x:
   --enable-safe-stack --enable-slirp=git
 TARGETS: ppc64-softmmu s390x-softmmu
 MAKE_CHECK_ARGS: check-build
-  timeout: 70m
-  artifacts:
-expire_in: 2 days
-paths:
-  - build
-  variables:
 # FIXME: This job is often failing, likely due to out-of-memory problems in
 # the constrained containers of the shared runners. Thus this is marked as
 # skipped until the situation has been solved.
 QEMU_JOB_SKIPPED: 1
+  timeout: 80m
+  artifacts:
+expire_in: 2 days
+paths:
+  - build
 
 check-cfi-ppc64-s390x:
   extends: .native_test_job_template
-- 
2.30.2

[PULL 6/7] gitlab: compare CIRRUS_nn vars against 'null' not ""

[Alex Bennée]

From: Daniel P. Berrangé 

The GitLab variable comparisons don't have shell like semantics where
an unset variable compares equal to empty string. We need to explicitly
test against 'null' to detect an unset variable.

Signed-off-by: Daniel P. Berrangé 
Tested-by: Richard Henderson 
Reviewed-by: Richard Henderson 
Reviewed-by: Thomas Huth 
Message-Id: <20220608160651.248781-1-berra...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220613171258.1905715-7-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/base.yml b/.gitlab-ci.d/base.yml
index f334f3ded7..69b36c148a 100644
--- a/.gitlab-ci.d/base.yml
+++ b/.gitlab-ci.d/base.yml
@@ -13,7 +13,7 @@
 #
 
 # Cirrus jobs can't run unless the creds / target repo are set
-- if: '$QEMU_JOB_CIRRUS && ($CIRRUS_GITHUB_REPO == "" || $CIRRUS_API_TOKEN 
== "")'
+- if: '$QEMU_JOB_CIRRUS && ($CIRRUS_GITHUB_REPO == null || 
$CIRRUS_API_TOKEN == null)'
   when: never
 
 # Publishing jobs should only run on the default branch in upstream
-- 
2.30.2

[PULL 4/7] tests/docker: fix the IMAGE for build invocation

[Alex Bennée]

We inadvertently broke the ability to run local builds when the code
was re-factored. The result was the run stanza failing to find the
docker image with it's qemu/ prefix.

Signed-off-by: Alex Bennée 
Fixes: d39eaa2266 ("tests/docker: simplify docker-TEST@IMAGE targets")
Reviewed-by: Richard Henderson 
Message-Id: <20220613171258.1905715-5-alex.ben...@linaro.org>

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index e68f91b853..ef4518d9eb 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -171,7 +171,7 @@ DOCKER_TESTS := $(if $(TESTS), $(filter $(TESTS), 
$(__TESTS)), $(__TESTS))
 $(foreach i,$(filter-out $(DOCKER_PARTIAL_IMAGES),$(DOCKER_IMAGES)), \
$(foreach t,$(DOCKER_TESTS), \
$(eval .PHONY: docker-$t@$i) \
-   $(eval docker-$t@$i: docker-image-$i; @$(MAKE) docker-run 
TEST=$t IMAGE=$i) \
+   $(eval docker-$t@$i: docker-image-$i; @$(MAKE) docker-run 
TEST=$t IMAGE=qemu/$i) \
) \
$(foreach t,$(DOCKER_TESTS), \
$(eval docker-all-tests: docker-$t@$i) \
-- 
2.30.2

[PULL 2/7] tests/tcg/i386: Use explicit suffix on fist insns

[Alex Bennée]

From: Richard Henderson 

Fixes a number of assembler warnings of the form:

test-i386.c: Assembler messages:
test-i386.c:869: Warning: no instruction mnemonic suffix given
  and no register operands; using default for `fist'

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20220527171143.168276-1-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
Message-Id: <20220613171258.1905715-3-alex.ben...@linaro.org>

diff --git a/tests/tcg/i386/test-i386-fp-exceptions.c 
b/tests/tcg/i386/test-i386-fp-exceptions.c
index dfb7117c17..d445f13c33 100644
--- a/tests/tcg/i386/test-i386-fp-exceptions.c
+++ b/tests/tcg/i386/test-i386-fp-exceptions.c
@@ -423,35 +423,35 @@ int main(void)
 }
 
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fistp %0" : "=m" (res_16) : "t" (1.5L) : "st");
+__asm__ volatile ("fistps %0" : "=m" (res_16) : "t" (1.5L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != PE) {
 printf("FAIL: fistp inexact\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fistp %0" : "=m" (res_16) : "t" (32767.5L) : "st");
+__asm__ volatile ("fistps %0" : "=m" (res_16) : "t" (32767.5L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fistp 32767.5\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fistp %0" : "=m" (res_16) : "t" (-32768.51L) : "st");
+__asm__ volatile ("fistps %0" : "=m" (res_16) : "t" (-32768.51L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fistp -32768.51\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fistp %0" : "=m" (res_16) : "t" (ld_nan) : "st");
+__asm__ volatile ("fistps %0" : "=m" (res_16) : "t" (ld_nan) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fistp nan\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fistp %0" : "=m" (res_16) : "t" (ld_invalid_1.ld) :
+__asm__ volatile ("fistps %0" : "=m" (res_16) : "t" (ld_invalid_1.ld) :
   "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
@@ -538,49 +538,49 @@ int main(void)
 }
 
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (1.5L) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (1.5L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != PE) {
 printf("FAIL: fisttp inexact\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (32768.0L) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (32768.0L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fisttp 32768\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (32768.5L) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (32768.5L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fisttp 32768.5\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (-32769.0L) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (-32769.0L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fisttp -32769\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (-32769.5L) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (-32769.5L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fisttp -32769.5\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (ld_nan) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (ld_nan) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fisttp nan\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (ld_invalid_1.ld) :
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (ld_invalid_1.ld) :
   "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
diff --git a/tests/tcg/i386/test-i386.c b/tests/tcg/i386/test-i386.c
index 18d5609665..ac8d5a3c1f 100644
--- a/tests/tcg/i386/test-i386.c
+++ b/tests/tcg/i386/test-i386.c
@@ -866,7 +866,7 @@ void test_fcvt(double a)
 uint16_t val16;
 val16 = (fpuc & ~0x0c00) | (i << 10);
 asm volatile ("fldcw %0" : : "m" (val16));
-asm 

[PULL 0/7] testing/next (docker, gitlab,tcg)

[Alex Bennée]

The following changes since commit dcb40541ebca7ec98a14d461593b3cd7282b4fac:

  Merge tag 'mips-20220611' of https://github.com/philmd/qemu into staging 
(2022-06-11 21:13:27 -0700)

are available in the Git repository at:

  https://github.com/stsquad/qemu.git tags/pull-testing-next-140622-1

for you to fetch changes up to b56d1ee9514be227854a589b4e11551bed4448a0:

  .gitlab: use less aggressive nproc on our aarch64/32 runners (2022-06-14 
00:15:06 +0100)


Various testing fixes:

  - fix compiler abi for test-armv6m-undef
  - fix isns suffixes for i386 tcg tests
  - fix gitlab cfi jobs
  - fix makefile docker invocation
  - don't enable xtensa-linux-user builds with system compiler
  - fix CIRRUS_nn var checking
  - don't spam the aarch64/32 runners with too many jobs at once


Alex Bennée (2):
  tests/docker: fix the IMAGE for build invocation
  .gitlab: use less aggressive nproc on our aarch64/32 runners

Daniel P. Berrangé (1):
  gitlab: compare CIRRUS_nn vars against 'null' not ""

Paolo Bonzini (1):
  tests/tcg: disable xtensa-linux-user again

Richard Henderson (2):
  test/tcg/arm: Use -mfloat-abi=soft for test-armv6m-undef
  tests/tcg/i386: Use explicit suffix on fist insns

Thomas Huth (1):
  gitlab-ci: Fix the build-cfi-aarch64 and build-cfi-ppc64-s390x jobs

 configure  |  5 -
 tests/tcg/i386/test-i386-fp-exceptions.c   | 24 +++---
 tests/tcg/i386/test-i386.c |  2 +-
 .gitlab-ci.d/base.yml  |  2 +-
 .gitlab-ci.d/buildtest.yml | 22 +---
 .../custom-runners/ubuntu-20.04-aarch32.yml|  4 ++--
 .../custom-runners/ubuntu-20.04-aarch64.yml| 24 +++---
 tests/docker/Makefile.include  |  2 +-
 tests/tcg/arm/Makefile.softmmu-target  |  2 +-
 9 files changed, 44 insertions(+), 43 deletions(-)

-- 
2.30.2

Re: [PATCH 08/11] bsd-user: Implement rmdir and undocumented -_getcwd

[Warner Losh]

On Mon, Jun 13, 2022 at 1:52 PM Richard Henderson <
richard.hender...@linaro.org> wrote:

> On 6/12/22 13:48, Warner Losh wrote:
> > Implemenet rmdir and __getcwd. Declare __getcwd as extern because
> > there's no installed FreeBSD header that has it. It's used internally by
> > libc, which doesn't provide an external declaration, but does export the
> > symbol.
>
> Typo in subject: s/-/_/.
>

Indeed.


> > @@ -55,6 +55,7 @@ extern struct iovec *lock_iovec(int type, abi_ulong
> target_addr, int count,
> >   int copy);
> >   extern void unlock_iovec(struct iovec *vec, abi_ulong target_addr, int
> count,
> >   int copy);
> > +extern int __getcwd(char *path, size_t len);
>
> Do you really want to rely on this export?
> Unless it does something special, I'd just declare a local version of the
> syscall as you
> do with safe_*.
>

Indeed not. I was just copying what we've been running, but I see now that
was unwise.
I'll do a safe_syscall directly here since we don't need to call it
anywhere else. I'll do a
sanity check on our upstream and make sure I can still run my favorite
shells, which
I believe use this call.


> > +/* undocumented __getcwd(char *buf, size_t len)  system call */
>
> Surely the syscall itself is documented?
>

One would think it was documented, but there's no man page for it and the
getcwd()
call has some extensions that it implements, plus there's some weird
special cases
that __getcwd() can sometimes return that getcwd() knows how to unwind (the
oddest being that sometimes paths are returned backwards). All these quirks
are not,
alas, documented in any place except the code. Hence the characterization
that this
is undocumented :)... I was rather surprised by this when I went looking.

Warner

Re: [PATCH 03/11] bsd-user: Implement revoke, access, eaccess and faccessat

[Philippe Mathieu-Daudé via]

On 12/6/22 22:48, Warner Losh wrote:

Signed-off-by: Stacey Son 
Signed-off-by: Warner Losh 
---
  bsd-user/bsd-file.h   | 53 +++
  bsd-user/freebsd/os-syscall.c | 16 +++
  2 files changed, 69 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index 3e0f160e312..37b3efccd2c 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -262,4 +262,57 @@ static abi_long do_bsd_closefrom(abi_long arg1)
  return get_errno(0);
  }
  
+/* revoke(2) */

+static abi_long do_bsd_revoke(abi_long arg1)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(revoke(p)); /* XXX path(p)? */
+UNLOCK_PATH(p, arg1);
+
+return ret;
+}


Out of curiosity, what is the problem with path(p) here?


+/* faccessat(2) */
+static abi_long do_bsd_faccessat(abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4)
+{
+abi_long ret;
+void *p;
+
+LOCK_PATH(p, arg2);
+ret = get_errno(faccessat(arg1, p, arg3, arg4)); /* XXX path(p)? */
+UNLOCK_PATH(p, arg2);
+
+return ret;
+}

Re: [PATCH v1 7/7] .gitlab: use less aggressive nproc on our aarch64/32 runners

[Philippe Mathieu-Daudé via]

On 13/6/22 19:12, Alex Bennée wrote:

Running on all 80 cores of our aarch64 runner does occasionally
trigger a race condition which fails the build. However the CI system
is not the time and place to play with much heisenbugs so turn down
the nproc to "only" use 40 cores in the build.

Signed-off-by: Alex Bennée 
---
  .../custom-runners/ubuntu-20.04-aarch32.yml   |  4 ++--
  .../custom-runners/ubuntu-20.04-aarch64.yml   | 24 +--
  2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml 
b/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml
index 47856ac53c..1998460d06 100644
--- a/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml
@@ -19,5 +19,5 @@ ubuntu-20.04-aarch32-all:
   - mkdir build
   - cd build
   - ../configure --cross-prefix=arm-linux-gnueabihf-
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1


Alternatively:

-j$(expr $(nproc) / 2)

So we don't have to update the configs if the runner gets its hardware 
updated.


Reviewed-by: Philippe Mathieu-Daudé 

Re: [External] [PATCH v13 3/8] QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX

[Peter Xu]

On Mon, Jun 13, 2022 at 05:58:44PM -0300, Leonardo Bras Soares Passos wrote:
> Hello Peter,
> 
> On Wed, Jun 8, 2022 at 5:23 PM Peter Xu  wrote:
> [...]
> > > In a previous iteration of the patchset, it was made clear that it's
> > > desirable to detect when the kernel falls back to copying mechanism,
> > > so the user of 'QIOChannelSocket' can switch to copying and avoid the
> > > overhead. This was done by the return value of flush(), which is 1 if
> > > that occurs.
> >
> > Two questions..
> >
> >   1) When that happens, will MSG_ERRQUEUE keeps working just like zerocopy
> >  is functional?
> 
> I am not sure about what exactly you meant by 'like zerocopy is
> funcional', but the
> idea is that reading from MSG_ERRQUEUE should return a msg for each sendmsg
> syscall with MSG_ZEROCOPY that previously happened. This does not depend on
> the outcome (like falling back to the copying mechanism).
> btw, most of those messages may be batched to reduce overhead.
> 
> At some point, zero-copy may fail, and fall back to copying, so in
> those messages
> an error code SO_EE_CODE_ZEROCOPY_COPIED can be seen. Having only
> those messages in a flush will trigger the returning of 1 from the
> flush function.

Ah I think I missed the "reset ret==0 when !SO_EE_CODE_ZEROCOPY_COPIED"
path..  Sorry.

> 
> >
> >  If the answer is yes, I don't see how ret=1 will ever be
> >  returned.. because we'll also go into the same loop in
> >  qio_channel_socket_flush() anyway.
> 
> 
> We set ret to 1 at function entry and then for each message in the 
> MSG_ERRQUEUE,
> we test if it has error code different than SO_EE_CODE_ZEROCOPY_COPIED.
> If it ever have a different error code, we set ret=0.
> 
> So, in our previous example, if we have a net device not supporting
> the 'Scatter-Gather'
> feature (NETIF_F_SG), every error message will be
> SO_EE_CODE_ZEROCOPY_COPIED, and it will return 1.
> 
> 
> >
> >  If the answer is no, then since we'll have non-zero zero_copy_queued,
> >  will the loop in qio_channel_socket_flush() go into a dead one?  How
> >  could it return?
> 
> No, because it will go through all packets sent with MSG_ZEROCOPY, including 
> the
> ones that fell back to copying, so the counter should be fine. If any
> code disables
> zero-copy, it will both stop sending stuff wil MSG_ZEROCOPY and flushing, so 
> it
> should be fine.
> 
> >
> >   2) Even if we have the correct ret=1 returned when that happens, which
> >  caller is detecting that ret==1 and warn the admin?
> >
> 
> No caller is using that right now.
> It's supposed to be a QIOChannel interface feature, and any 
> user/implementation
> could use that information to warn if zero-copy is not being used, fall back 
> to
> copying directly (to avoid overhead of testing zero-copy) or even use
> it to cancel the
> sending if wanted.
> 
> It was a suggestion of Daniel on top of [PATCH v5 1/6] IIRC.

OK the detection makes sense, thanks for the details.

Then now I'm wondering whether we should have warned the admin already if
zero-copy send is not fully enabled in live migration.  Should we add a
error_report_once() somewhere for the ret==1 already?  After all the user
specify zero_copy_send=true explicitly.  Did I miss something again?

Thanks,

-- 
Peter Xu

Re: [PATCH v1 5/7] tests/tcg: disable xtensa-linux-user again

[Philippe Mathieu-Daudé via]

On 13/6/22 19:12, Alex Bennée wrote:

From: Paolo Bonzini 

The move from tests/tcg/configure.sh started enabling the container image
for xtensa-linux-user, which fails because the compiler does not have
the full set of headers.  The cause is the "xtensa*-softmmu)" case
in tests/tcg/configure.sh which became just "xtensa*)" in the new
probe_target_compiler shell function.  Look out for xtensa*-linux-user
and do not configure it.

Reported-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220608135727.1341946-1-pbonz...@redhat.com>
Fixes: cd362defbb ("tests/tcg: merge configure.sh back into main configure 
script")
Signed-off-by: Alex Bennée 
---
  configure | 5 -
  1 file changed, 4 insertions(+), 1 deletion(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH 09/11] bsd-user: Implement dup and dup2

[Warner Losh]

On Mon, Jun 13, 2022 at 1:53 PM Richard Henderson <
richard.hender...@linaro.org> wrote:

> On 6/12/22 13:48, Warner Losh wrote:
> > Signed-off-by: Stacey Son 
> > Signed-off-by: Warner Losh 
> > ---
> >   bsd-user/bsd-file.h   | 14 ++
> >   bsd-user/freebsd/os-syscall.c |  8 
> >   2 files changed, 22 insertions(+)
> >
> > diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
> > index 500d6ba78b9..73263ba482f 100644
> > --- a/bsd-user/bsd-file.h
> > +++ b/bsd-user/bsd-file.h
> > @@ -491,4 +491,18 @@ static abi_long do_bsd___getcwd(abi_long arg1,
> abi_long arg2)
> >   return get_errno(ret);
> >   }
> >
> > +/* dup(2) */
> > +static abi_long do_bsd_dup(abi_long arg1)
> > +{
> > +
> > +return get_errno(dup(arg1));
> > +}
> > +
> > +/* dup2(2) */
> > +static abi_long do_bsd_dup2(abi_long arg1, abi_long arg2)
> > +{
> > +
> > +return get_errno(dup2(arg1, arg2));
> > +}
>
> Extra lines.  Is this some setting in your editor?  Otherwise,
>

It's an odd quirk of FreeBSD's style from the 90s until 2020... I'm totally
blind to
it most of the time...


> Reviewed-by: Richard Henderson 
>

Thanks for this, and all the other reviews.

Warner

Re: [PATCH v1 7/7] .gitlab: use less aggressive nproc on our aarch64/32 runners

[Richard Henderson]

On 6/13/22 10:12, Alex Bennée wrote:

Running on all 80 cores of our aarch64 runner does occasionally
trigger a race condition which fails the build. However the CI system
is not the time and place to play with much heisenbugs so turn down
the nproc to "only" use 40 cores in the build.

Signed-off-by: Alex Bennée 
---
  .../custom-runners/ubuntu-20.04-aarch32.yml   |  4 ++--
  .../custom-runners/ubuntu-20.04-aarch64.yml   | 24 +--
  2 files changed, 14 insertions(+), 14 deletions(-)


Reviewed-by: Richard Henderson 
Tested-by: Richard Henderson 


r~

Re: [PATCH v1 5/7] tests/tcg: disable xtensa-linux-user again

[Richard Henderson]

On 6/13/22 10:12, Alex Bennée wrote:

From: Paolo Bonzini 

The move from tests/tcg/configure.sh started enabling the container image
for xtensa-linux-user, which fails because the compiler does not have
the full set of headers.  The cause is the "xtensa*-softmmu)" case
in tests/tcg/configure.sh which became just "xtensa*)" in the new
probe_target_compiler shell function.  Look out for xtensa*-linux-user
and do not configure it.

Reported-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220608135727.1341946-1-pbonz...@redhat.com>
Fixes: cd362defbb ("tests/tcg: merge configure.sh back into main configure 
script")
Signed-off-by: Alex Bennée 


Reviewed-by: Richard Henderson 


r~

Re: [PATCH v1 4/7] tests/docker: fix the IMAGE for build invocation

[Richard Henderson]

On 6/13/22 10:12, Alex Bennée wrote:

We inadvertently broke the ability to run local builds when the code
was re-factored. The result was the run stanza failing to find the
docker image with it's qemu/ prefix.

Signed-off-by: Alex Bennée 
Fixes: d39eaa2266 ("tests/docker: simplify docker-TEST@IMAGE targets")
---
  tests/docker/Makefile.include | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index e68f91b853..ef4518d9eb 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -171,7 +171,7 @@ DOCKER_TESTS := $(if $(TESTS), $(filter $(TESTS), 
$(__TESTS)), $(__TESTS))
  $(foreach i,$(filter-out $(DOCKER_PARTIAL_IMAGES),$(DOCKER_IMAGES)), \
$(foreach t,$(DOCKER_TESTS), \
$(eval .PHONY: docker-$t@$i) \
-   $(eval docker-$t@$i: docker-image-$i; @$(MAKE) docker-run 
TEST=$t IMAGE=$i) \
+   $(eval docker-$t@$i: docker-image-$i; @$(MAKE) docker-run 
TEST=$t IMAGE=qemu/$i) \
) \
$(foreach t,$(DOCKER_TESTS), \
$(eval docker-all-tests: docker-$t@$i) \


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v1 3/7] gitlab-ci: Fix the build-cfi-aarch64 and build-cfi-ppc64-s390x jobs

[Richard Henderson]

On 6/13/22 10:12, Alex Bennée wrote:

From: Thomas Huth 

The job definitions recently got a second "variables:" section by
accident and thus are failing now if one tries to run them. Merge
the two sections into one again to fix the issue.

And while we're at it, bump the timeout here (70 minutes are currently
not enough for the aarch64 job). The jobs are marked as manual anyway,
so if the user starts them, they want to see their result for sure and
then it's annoying if the job timeouts too early.

Fixes: e312d1fdbb ("gitlab: convert build/container jobs to .base_job_template")
Signed-off-by: Thomas Huth 
Acked-by: Richard Henderson 
Message-Id: <20220603124809.70794-1-th...@redhat.com>
Signed-off-by: Alex Bennée 
---
  .gitlab-ci.d/buildtest.yml | 22 ++
  1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index 544385f5be..cb7cad44b5 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -357,16 +357,15 @@ build-cfi-aarch64:
--enable-safe-stack --enable-slirp=git
  TARGETS: aarch64-softmmu
  MAKE_CHECK_ARGS: check-build
-  timeout: 70m
-  artifacts:
-expire_in: 2 days
-paths:
-  - build
-  variables:
  # FIXME: This job is often failing, likely due to out-of-memory problems 
in
  # the constrained containers of the shared runners. Thus this is marked as
  # skipped until the situation has been solved.
  QEMU_JOB_SKIPPED: 1
+  timeout: 90m
+  artifacts:
+expire_in: 2 days
+paths:
+  - build


FWIW, 90 minutes was close, but insufficient:

https://gitlab.com/qemu-project/qemu/-/jobs/2584472225

But certainly, let us fix the job definition:
Reviewed-by: Richard Henderson 


r~

Re: [PATCH v2 1/2] QIOChannelSocket: Reduce ifdefs to improve readability

[Leonardo Bras Soares Passos]

On Fri, Jun 10, 2022 at 5:25 AM Daniel P. Berrangé  wrote:
>

[...]

> Ok, so if it is checked earlier then we merely need an assert.
>
>  if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY) {
>  #ifdef QEMU_MSG_ZEROCOPY
>  sflags = MSG_ZEROCOPY;
>  zero_copy_enabled = true;
>  #else
>  g_assert_unreachable();
>  #endif
> > }

Ok, I will add that in the next version.

>
>
>
> > > > @@ -592,15 +594,13 @@ static ssize_t 
> > > > qio_channel_socket_writev(QIOChannel *ioc,
> > > >  return QIO_CHANNEL_ERR_BLOCK;
> > > >  case EINTR:
> > > >  goto retry;
> > > > -#ifdef QEMU_MSG_ZEROCOPY
> > > >  case ENOBUFS:
> > > > -if (sflags & MSG_ZEROCOPY) {
> > > > +if (zero_copy_enabled) {
> > >
> > > if (flags & QIO_CHANNEL_WRITE_FLAG_ZERO_COPY)
> > >
> > > avoids the #ifdef without needing to add yet another
> > > variable expressing what's already expressed in both
> > > 'flags' and 'sflags'.
> >
> > Yes, it does, but at the cost of not compiling-out the zero-copy part
> > when it's not supported,
> > since the QIO_CHANNEL_WRITE_FLAG_ZERO_COPY comes as a parameter. This ends 
> > up
> > meaning there will be at least one extra test for every time this
> > function is called (the one in the next patch).
>
> The cost of a simple bit test is between negligible-and-non-existant
> with branch prediction. I doubt it would be possible to even measure
> it.

Yeah, you are probably right on that.
So the main learning point here is that it's not worth creating a new
boolean for compiling-out
code that should not impact performance ?
I mean, if performance-wise they should be the same, then a new
variable would be just a
bother for the programmer.

Best regards,
Leo






>
> With regards,
> Daniel
> --
> |: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org -o-https://fstop138.berrange.com :|
> |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
>

Re: [PATCH 1/2] hw/nvme: Implement shadow doorbell buffer support

[Keith Busch]

On Sun, Jun 12, 2022 at 07:40:55PM +0800, Jinhao Fan wrote:
> 
> > On Jun 10, 2022, at 1:27 AM, Klaus Jensen  wrote:
> > 
> > I'm ok with following the concensus here, but we all agree that this is
> > a blatant spec violation that ended up manifesting itself down the
> > stack, right?
> > 
> > So... if QEMU wants to be compliant here, I guess we could ask the
> > kernel to introduce a quirk for *compliant* controllers. Now, THAT would
> > be a first! Not sure if I am being serious or not here ;)
> 
> Hi all,
> 
> Is this our final decision?

What a mess...

The spec should have gone into more details on initializing the shadow and
event buffers if they really intended it to be run on a live queue.

Anyway, the following hack on top of your patch should allow the host to use
admin shadow queues, and also remain backward compatible for the "broken"
hosts, like Linux and SPDK.

---
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
index a0a9208c0f..03d84feecf 100644
--- a/hw/nvme/ctrl.c
+++ b/hw/nvme/ctrl.c
@@ -4267,7 +4267,7 @@ static void nvme_init_sq(NvmeSQueue *sq, NvmeCtrl *n, 
uint64_t dma_addr,
 }
 sq->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, nvme_process_sq, sq);
 
-if (sqid && n->dbbuf_dbs && n->dbbuf_eis) {
+if (n->dbbuf_dbs && n->dbbuf_eis) {
 sq->db_addr = n->dbbuf_dbs + 2 * sqid * stride;
 sq->ei_addr = n->dbbuf_eis + 2 * sqid * stride;
 }
@@ -4632,7 +4632,7 @@ static void nvme_init_cq(NvmeCQueue *cq, NvmeCtrl *n, 
uint64_t dma_addr,
 cq->head = cq->tail = 0;
 QTAILQ_INIT(>req_list);
 QTAILQ_INIT(>sq_list);
-if (cqid && n->dbbuf_dbs && n->dbbuf_eis) {
+if (n->dbbuf_dbs && n->dbbuf_eis) {
 cq->db_addr = n->dbbuf_dbs + (2 * cqid + 1) * stride;
 cq->ei_addr = n->dbbuf_eis + (2 * cqid + 1) * stride;
 }
@@ -5805,7 +5805,7 @@ static uint16_t nvme_dbbuf_config(NvmeCtrl *n, const 
NvmeRequest *req)
 n->dbbuf_dbs = dbs_addr;
 n->dbbuf_eis = eis_addr;
 
-for (i = 1; i < n->params.max_ioqpairs + 1; i++) {
+for (i = 0; i < n->params.max_ioqpairs + 1; i++) {
 NvmeSQueue *sq = n->sq[i];
 NvmeCQueue *cq = n->cq[i];
 
@@ -5813,12 +5813,16 @@ static uint16_t nvme_dbbuf_config(NvmeCtrl *n, const 
NvmeRequest *req)
 /* Submission queue tail pointer location, 2 * QID * stride */
 sq->db_addr = dbs_addr + 2 * i * stride;
 sq->ei_addr = eis_addr + 2 * i * stride;
+pci_dma_write(>parent_obj, sq->db_addr, >tail,
+sizeof(sq->tail));
 }
 
 if (cq) {
 /* Completion queue head pointer location, (2 * QID + 1) * stride 
*/
 cq->db_addr = dbs_addr + (2 * i + 1) * stride;
 cq->ei_addr = eis_addr + (2 * i + 1) * stride;
+pci_dma_write(>parent_obj, cq->db_addr, >head,
+sizeof(cq->head));
 }
 }
 
@@ -6479,8 +6483,10 @@ static void nvme_process_db(NvmeCtrl *n, hwaddr addr, 
int val)
 trace_pci_nvme_mmio_doorbell_cq(cq->cqid, new_head);
 
 start_sqs = nvme_cq_full(cq) ? 1 : 0;
-if (!cq->db_addr) {
 cq->head = new_head;
+if (cq->db_addr) {
+pci_dma_write(>parent_obj, cq->db_addr, >head,
+sizeof(cq->head));
 }
 if (start_sqs) {
 NvmeSQueue *sq;
@@ -6538,9 +6544,25 @@ static void nvme_process_db(NvmeCtrl *n, hwaddr addr, 
int val)
 
 trace_pci_nvme_mmio_doorbell_sq(sq->sqid, new_tail);
 
-if (!sq->db_addr) {
 sq->tail = new_tail;
+if (sq->db_addr) {
+/*
+ * The spec states "the host shall also update the controller's
+ * corresponding doorbell property to match the value of that entry
+ * in the Shadow Doorbell buffer."
+ *
+ * Since this context is currently a VM trap, we can safely enforce
+ * the requirement from the device side in case the host is
+ * misbehaving.
+ *
+ * Note, we shouldn't have to do this, but various drivers
+ * including ones that run on Linux, are not updating Admin Queues,
+ * so we can't trust reading it for an appropriate sq tail.
+ */
+pci_dma_write(>parent_obj, sq->db_addr, >tail,
+sizeof(sq->tail));
 }
+
 timer_mod(sq->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 500);
 }
 }
--

Re: [External] [PATCH v13 3/8] QIOChannelSocket: Implement io_writev zero copy flag & io_flush for CONFIG_LINUX

[Leonardo Bras Soares Passos]

Hello Peter,

On Wed, Jun 8, 2022 at 5:23 PM Peter Xu  wrote:
[...]
> > In a previous iteration of the patchset, it was made clear that it's
> > desirable to detect when the kernel falls back to copying mechanism,
> > so the user of 'QIOChannelSocket' can switch to copying and avoid the
> > overhead. This was done by the return value of flush(), which is 1 if
> > that occurs.
>
> Two questions..
>
>   1) When that happens, will MSG_ERRQUEUE keeps working just like zerocopy
>  is functional?

I am not sure about what exactly you meant by 'like zerocopy is
funcional', but the
idea is that reading from MSG_ERRQUEUE should return a msg for each sendmsg
syscall with MSG_ZEROCOPY that previously happened. This does not depend on
the outcome (like falling back to the copying mechanism).
btw, most of those messages may be batched to reduce overhead.

At some point, zero-copy may fail, and fall back to copying, so in
those messages
an error code SO_EE_CODE_ZEROCOPY_COPIED can be seen. Having only
those messages in a flush will trigger the returning of 1 from the
flush function.

>
>  If the answer is yes, I don't see how ret=1 will ever be
>  returned.. because we'll also go into the same loop in
>  qio_channel_socket_flush() anyway.


We set ret to 1 at function entry and then for each message in the MSG_ERRQUEUE,
we test if it has error code different than SO_EE_CODE_ZEROCOPY_COPIED.
If it ever have a different error code, we set ret=0.

So, in our previous example, if we have a net device not supporting
the 'Scatter-Gather'
feature (NETIF_F_SG), every error message will be
SO_EE_CODE_ZEROCOPY_COPIED, and it will return 1.


>
>  If the answer is no, then since we'll have non-zero zero_copy_queued,
>  will the loop in qio_channel_socket_flush() go into a dead one?  How
>  could it return?

No, because it will go through all packets sent with MSG_ZEROCOPY, including the
ones that fell back to copying, so the counter should be fine. If any
code disables
zero-copy, it will both stop sending stuff wil MSG_ZEROCOPY and flushing, so it
should be fine.

>
>   2) Even if we have the correct ret=1 returned when that happens, which
>  caller is detecting that ret==1 and warn the admin?
>

No caller is using that right now.
It's supposed to be a QIOChannel interface feature, and any user/implementation
could use that information to warn if zero-copy is not being used, fall back to
copying directly (to avoid overhead of testing zero-copy) or even use
it to cancel the
sending if wanted.

It was a suggestion of Daniel on top of [PATCH v5 1/6] IIRC.

Best regards,
Leo

[PATCH v12 05/14] vfio-user: define vfio-user-server object

[Jagannathan Raman]

Define vfio-user object which is remote process server for QEMU. Setup
object initialization functions and properties necessary to instantiate
the object

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 qapi/qom.json   |  20 +++-
 include/hw/remote/machine.h |   2 +
 hw/remote/machine.c |  27 +
 hw/remote/vfio-user-obj.c   | 210 
 MAINTAINERS |   1 +
 hw/remote/meson.build   |   1 +
 hw/remote/trace-events  |   3 +
 7 files changed, 262 insertions(+), 2 deletions(-)
 create mode 100644 hw/remote/vfio-user-obj.c

diff --git a/qapi/qom.json b/qapi/qom.json
index 6a653c6636..80dd419b39 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -734,6 +734,20 @@
 { 'struct': 'RemoteObjectProperties',
   'data': { 'fd': 'str', 'devid': 'str' } }
 
+##
+# @VfioUserServerProperties:
+#
+# Properties for x-vfio-user-server objects.
+#
+# @socket: socket to be used by the libvfio-user library
+#
+# @device: the ID of the device to be emulated at the server
+#
+# Since: 7.1
+##
+{ 'struct': 'VfioUserServerProperties',
+  'data': { 'socket': 'SocketAddress', 'device': 'str' } }
+
 ##
 # @RngProperties:
 #
@@ -874,7 +888,8 @@
 'tls-creds-psk',
 'tls-creds-x509',
 'tls-cipher-suites',
-{ 'name': 'x-remote-object', 'features': [ 'unstable' ] }
+{ 'name': 'x-remote-object', 'features': [ 'unstable' ] },
+{ 'name': 'x-vfio-user-server', 'features': [ 'unstable' ] }
   ] }
 
 ##
@@ -938,7 +953,8 @@
   'tls-creds-psk':  'TlsCredsPskProperties',
   'tls-creds-x509': 'TlsCredsX509Properties',
   'tls-cipher-suites':  'TlsCredsProperties',
-  'x-remote-object':'RemoteObjectProperties'
+  'x-remote-object':'RemoteObjectProperties',
+  'x-vfio-user-server': 'VfioUserServerProperties'
   } }
 
 ##
diff --git a/include/hw/remote/machine.h b/include/hw/remote/machine.h
index 8d0fa98d33..ac32fda387 100644
--- a/include/hw/remote/machine.h
+++ b/include/hw/remote/machine.h
@@ -24,6 +24,8 @@ struct RemoteMachineState {
 RemoteIOHubState iohub;
 
 bool vfio_user;
+
+bool auto_shutdown;
 };
 
 /* Used to pass to co-routine device and ioc. */
diff --git a/hw/remote/machine.c b/hw/remote/machine.c
index 9f3cdc55c3..4d008ed721 100644
--- a/hw/remote/machine.c
+++ b/hw/remote/machine.c
@@ -77,6 +77,28 @@ static void remote_machine_set_vfio_user(Object *obj, bool 
value, Error **errp)
 s->vfio_user = value;
 }
 
+static bool remote_machine_get_auto_shutdown(Object *obj, Error **errp)
+{
+RemoteMachineState *s = REMOTE_MACHINE(obj);
+
+return s->auto_shutdown;
+}
+
+static void remote_machine_set_auto_shutdown(Object *obj, bool value,
+ Error **errp)
+{
+RemoteMachineState *s = REMOTE_MACHINE(obj);
+
+s->auto_shutdown = value;
+}
+
+static void remote_machine_instance_init(Object *obj)
+{
+RemoteMachineState *s = REMOTE_MACHINE(obj);
+
+s->auto_shutdown = true;
+}
+
 static void remote_machine_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
@@ -90,12 +112,17 @@ static void remote_machine_class_init(ObjectClass *oc, 
void *data)
 object_class_property_add_bool(oc, "vfio-user",
remote_machine_get_vfio_user,
remote_machine_set_vfio_user);
+
+object_class_property_add_bool(oc, "auto-shutdown",
+   remote_machine_get_auto_shutdown,
+   remote_machine_set_auto_shutdown);
 }
 
 static const TypeInfo remote_machine = {
 .name = TYPE_REMOTE_MACHINE,
 .parent = TYPE_MACHINE,
 .instance_size = sizeof(RemoteMachineState),
+.instance_init = remote_machine_instance_init,
 .class_init = remote_machine_class_init,
 .interfaces = (InterfaceInfo[]) {
 { TYPE_HOTPLUG_HANDLER },
diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
new file mode 100644
index 00..bc49adcc27
--- /dev/null
+++ b/hw/remote/vfio-user-obj.c
@@ -0,0 +1,210 @@
+/**
+ * QEMU vfio-user-server server object
+ *
+ * Copyright © 2022 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL-v2, version 2 or later.
+ *
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+/**
+ * Usage: add options:
+ * -machine x-remote,vfio-user=on,auto-shutdown=on
+ * -device ,id=
+ * -object x-vfio-user-server,id=,type=unix,path=,
+ * device=
+ *
+ * Note that x-vfio-user-server object must be used with x-remote machine only.
+ * This server could only support PCI devices for now.
+ *
+ * type - SocketAddress type - presently "unix" alone is supported. Required
+ *option
+ *
+ * path - named unix socket, it will be created by the server. It is
+ * 

[PATCH v12 07/14] vfio-user: find and init PCI device

[Jagannathan Raman]

Find the PCI device with specified id. Initialize the device context
with the QEMU PCI device

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 hw/remote/vfio-user-obj.c | 67 +++
 1 file changed, 67 insertions(+)

diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index 68f8a9dfa9..3ca6aa2b45 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -43,6 +43,8 @@
 #include "qemu/notify.h"
 #include "sysemu/sysemu.h"
 #include "libvfio-user.h"
+#include "hw/qdev-core.h"
+#include "hw/pci/pci.h"
 
 #define TYPE_VFU_OBJECT "x-vfio-user-server"
 OBJECT_DECLARE_TYPE(VfuObject, VfuObjectClass, VFU_OBJECT)
@@ -80,6 +82,10 @@ struct VfuObject {
 Notifier machine_done;
 
 vfu_ctx_t *vfu_ctx;
+
+PCIDevice *pci_dev;
+
+Error *unplug_blocker;
 };
 
 static void vfu_object_init_ctx(VfuObject *o, Error **errp);
@@ -181,6 +187,9 @@ static void vfu_object_machine_done(Notifier *notifier, 
void *data)
 static void vfu_object_init_ctx(VfuObject *o, Error **errp)
 {
 ERRP_GUARD();
+DeviceState *dev = NULL;
+vfu_pci_type_t pci_type = VFU_PCI_TYPE_CONVENTIONAL;
+int ret;
 
 if (o->vfu_ctx || !o->socket || !o->device ||
 !phase_check(PHASE_MACHINE_READY)) {
@@ -199,6 +208,53 @@ static void vfu_object_init_ctx(VfuObject *o, Error **errp)
 error_setg(errp, "vfu: Failed to create context - %s", 
strerror(errno));
 return;
 }
+
+dev = qdev_find_recursive(sysbus_get_default(), o->device);
+if (dev == NULL) {
+error_setg(errp, "vfu: Device %s not found", o->device);
+goto fail;
+}
+
+if (!object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
+error_setg(errp, "vfu: %s not a PCI device", o->device);
+goto fail;
+}
+
+o->pci_dev = PCI_DEVICE(dev);
+
+object_ref(OBJECT(o->pci_dev));
+
+if (pci_is_express(o->pci_dev)) {
+pci_type = VFU_PCI_TYPE_EXPRESS;
+}
+
+ret = vfu_pci_init(o->vfu_ctx, pci_type, PCI_HEADER_TYPE_NORMAL, 0);
+if (ret < 0) {
+error_setg(errp,
+   "vfu: Failed to attach PCI device %s to context - %s",
+   o->device, strerror(errno));
+goto fail;
+}
+
+error_setg(>unplug_blocker,
+   "vfu: %s for %s must be deleted before unplugging",
+   TYPE_VFU_OBJECT, o->device);
+qdev_add_unplug_blocker(DEVICE(o->pci_dev), o->unplug_blocker);
+
+return;
+
+fail:
+vfu_destroy_ctx(o->vfu_ctx);
+if (o->unplug_blocker && o->pci_dev) {
+qdev_del_unplug_blocker(DEVICE(o->pci_dev), o->unplug_blocker);
+error_free(o->unplug_blocker);
+o->unplug_blocker = NULL;
+}
+if (o->pci_dev) {
+object_unref(OBJECT(o->pci_dev));
+o->pci_dev = NULL;
+}
+o->vfu_ctx = NULL;
 }
 
 static void vfu_object_init(Object *obj)
@@ -241,6 +297,17 @@ static void vfu_object_finalize(Object *obj)
 
 o->device = NULL;
 
+if (o->unplug_blocker && o->pci_dev) {
+qdev_del_unplug_blocker(DEVICE(o->pci_dev), o->unplug_blocker);
+error_free(o->unplug_blocker);
+o->unplug_blocker = NULL;
+}
+
+if (o->pci_dev) {
+object_unref(OBJECT(o->pci_dev));
+o->pci_dev = NULL;
+}
+
 if (!k->nr_devs && vfu_object_auto_shutdown()) {
 qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
 }
-- 
2.20.1

[PATCH v12 14/14] vfio-user: handle reset of remote device

[Jagannathan Raman]

Adds handler to reset a remote device

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 hw/remote/vfio-user-obj.c | 20 
 1 file changed, 20 insertions(+)

diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index 5ecdec06f6..c6cc53acf2 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -676,6 +676,20 @@ void vfu_object_set_bus_irq(PCIBus *pci_bus)
  max_bdf);
 }
 
+static int vfu_object_device_reset(vfu_ctx_t *vfu_ctx, vfu_reset_type_t type)
+{
+VfuObject *o = vfu_get_private(vfu_ctx);
+
+/* vfu_object_ctx_run() handles lost connection */
+if (type == VFU_RESET_LOST_CONN) {
+return 0;
+}
+
+qdev_reset_all(DEVICE(o->pci_dev));
+
+return 0;
+}
+
 /*
  * TYPE_VFU_OBJECT depends on the availability of the 'socket' and 'device'
  * properties. It also depends on devices instantiated in QEMU. These
@@ -795,6 +809,12 @@ static void vfu_object_init_ctx(VfuObject *o, Error **errp)
 goto fail;
 }
 
+ret = vfu_setup_device_reset_cb(o->vfu_ctx, _object_device_reset);
+if (ret < 0) {
+error_setg(errp, "vfu: Failed to setup reset callback");
+goto fail;
+}
+
 ret = vfu_realize_ctx(o->vfu_ctx);
 if (ret < 0) {
 error_setg(errp, "vfu: Failed to realize device %s- %s",
-- 
2.20.1

[PATCH v12 09/14] vfio-user: handle PCI config space accesses

[Jagannathan Raman]

Define and register handlers for PCI config space accesses

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 hw/remote/vfio-user-obj.c | 51 +++
 hw/remote/trace-events|  2 ++
 2 files changed, 53 insertions(+)

diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index 178bd6f8ed..cef473cb98 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -46,6 +46,7 @@
 #include "qapi/qapi-events-misc.h"
 #include "qemu/notify.h"
 #include "qemu/thread.h"
+#include "qemu/main-loop.h"
 #include "sysemu/sysemu.h"
 #include "libvfio-user.h"
 #include "hw/qdev-core.h"
@@ -244,6 +245,45 @@ retry_attach:
 qemu_set_fd_handler(o->vfu_poll_fd, vfu_object_ctx_run, NULL, o);
 }
 
+static ssize_t vfu_object_cfg_access(vfu_ctx_t *vfu_ctx, char * const buf,
+ size_t count, loff_t offset,
+ const bool is_write)
+{
+VfuObject *o = vfu_get_private(vfu_ctx);
+uint32_t pci_access_width = sizeof(uint32_t);
+size_t bytes = count;
+uint32_t val = 0;
+char *ptr = buf;
+int len;
+
+/*
+ * Writes to the BAR registers would trigger an update to the
+ * global Memory and IO AddressSpaces. But the remote device
+ * never uses the global AddressSpaces, therefore overlapping
+ * memory regions are not a problem
+ */
+while (bytes > 0) {
+len = (bytes > pci_access_width) ? pci_access_width : bytes;
+if (is_write) {
+memcpy(, ptr, len);
+pci_host_config_write_common(o->pci_dev, offset,
+ pci_config_size(o->pci_dev),
+ val, len);
+trace_vfu_cfg_write(offset, val);
+} else {
+val = pci_host_config_read_common(o->pci_dev, offset,
+  pci_config_size(o->pci_dev), 
len);
+memcpy(ptr, , len);
+trace_vfu_cfg_read(offset, val);
+}
+offset += len;
+ptr += len;
+bytes -= len;
+}
+
+return count;
+}
+
 /*
  * TYPE_VFU_OBJECT depends on the availability of the 'socket' and 'device'
  * properties. It also depends on devices instantiated in QEMU. These
@@ -336,6 +376,17 @@ static void vfu_object_init_ctx(VfuObject *o, Error **errp)
TYPE_VFU_OBJECT, o->device);
 qdev_add_unplug_blocker(DEVICE(o->pci_dev), o->unplug_blocker);
 
+ret = vfu_setup_region(o->vfu_ctx, VFU_PCI_DEV_CFG_REGION_IDX,
+   pci_config_size(o->pci_dev), _object_cfg_access,
+   VFU_REGION_FLAG_RW | VFU_REGION_FLAG_ALWAYS_CB,
+   NULL, 0, -1, 0);
+if (ret < 0) {
+error_setg(errp,
+   "vfu: Failed to setup config space handlers for %s- %s",
+   o->device, strerror(errno));
+goto fail;
+}
+
 ret = vfu_realize_ctx(o->vfu_ctx);
 if (ret < 0) {
 error_setg(errp, "vfu: Failed to realize device %s- %s",
diff --git a/hw/remote/trace-events b/hw/remote/trace-events
index 7da12f0d96..2ef7884346 100644
--- a/hw/remote/trace-events
+++ b/hw/remote/trace-events
@@ -5,3 +5,5 @@ mpqemu_recv_io_error(int cmd, int size, int nfds) "failed to 
receive %d size %d,
 
 # vfio-user-obj.c
 vfu_prop(const char *prop, const char *val) "vfu: setting %s as %s"
+vfu_cfg_read(uint32_t offset, uint32_t val) "vfu: cfg: 0x%u -> 0x%x"
+vfu_cfg_write(uint32_t offset, uint32_t val) "vfu: cfg: 0x%u <- 0x%x"
-- 
2.20.1

[PATCH v12 12/14] vfio-user: handle PCI BAR accesses

[Jagannathan Raman]

Determine the BARs used by the PCI device and register handlers to
manage the access to the same.

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 include/exec/memory.h   |   3 +
 hw/remote/vfio-user-obj.c   | 190 
 softmmu/physmem.c   |   4 +-
 tests/qtest/fuzz/generic_fuzz.c |   9 +-
 hw/remote/trace-events  |   3 +
 5 files changed, 203 insertions(+), 6 deletions(-)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index f1c19451bc..a6a0f4d8ad 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -2810,6 +2810,9 @@ MemTxResult 
address_space_write_cached_slow(MemoryRegionCache *cache,
 hwaddr addr, const void *buf,
 hwaddr len);
 
+int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr);
+bool prepare_mmio_access(MemoryRegion *mr);
+
 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
 {
 if (is_write) {
diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index 7b21f77052..dd760a99e2 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -52,6 +52,7 @@
 #include "hw/qdev-core.h"
 #include "hw/pci/pci.h"
 #include "qemu/timer.h"
+#include "exec/memory.h"
 
 #define TYPE_VFU_OBJECT "x-vfio-user-server"
 OBJECT_DECLARE_TYPE(VfuObject, VfuObjectClass, VFU_OBJECT)
@@ -332,6 +333,193 @@ static void dma_unregister(vfu_ctx_t *vfu_ctx, 
vfu_dma_info_t *info)
 trace_vfu_dma_unregister((uint64_t)info->iova.iov_base);
 }
 
+static int vfu_object_mr_rw(MemoryRegion *mr, uint8_t *buf, hwaddr offset,
+hwaddr size, const bool is_write)
+{
+uint8_t *ptr = buf;
+bool release_lock = false;
+uint8_t *ram_ptr = NULL;
+MemTxResult result;
+int access_size;
+uint64_t val;
+
+if (memory_access_is_direct(mr, is_write)) {
+/**
+ * Some devices expose a PCI expansion ROM, which could be buffer
+ * based as compared to other regions which are primarily based on
+ * MemoryRegionOps. memory_region_find() would already check
+ * for buffer overflow, we don't need to repeat it here.
+ */
+ram_ptr = memory_region_get_ram_ptr(mr);
+
+if (is_write) {
+memcpy((ram_ptr + offset), buf, size);
+} else {
+memcpy(buf, (ram_ptr + offset), size);
+}
+
+return 0;
+}
+
+while (size) {
+/**
+ * The read/write logic used below is similar to the ones in
+ * flatview_read/write_continue()
+ */
+release_lock = prepare_mmio_access(mr);
+
+access_size = memory_access_size(mr, size, offset);
+
+if (is_write) {
+val = ldn_he_p(ptr, access_size);
+
+result = memory_region_dispatch_write(mr, offset, val,
+  size_memop(access_size),
+  MEMTXATTRS_UNSPECIFIED);
+} else {
+result = memory_region_dispatch_read(mr, offset, ,
+ size_memop(access_size),
+ MEMTXATTRS_UNSPECIFIED);
+
+stn_he_p(ptr, access_size, val);
+}
+
+if (release_lock) {
+qemu_mutex_unlock_iothread();
+release_lock = false;
+}
+
+if (result != MEMTX_OK) {
+return -1;
+}
+
+size -= access_size;
+ptr += access_size;
+offset += access_size;
+}
+
+return 0;
+}
+
+static size_t vfu_object_bar_rw(PCIDevice *pci_dev, int pci_bar,
+hwaddr bar_offset, char * const buf,
+hwaddr len, const bool is_write)
+{
+MemoryRegionSection section = { 0 };
+uint8_t *ptr = (uint8_t *)buf;
+MemoryRegion *section_mr = NULL;
+uint64_t section_size;
+hwaddr section_offset;
+hwaddr size = 0;
+
+while (len) {
+section = memory_region_find(pci_dev->io_regions[pci_bar].memory,
+ bar_offset, len);
+
+if (!section.mr) {
+warn_report("vfu: invalid address 0x%"PRIx64"", bar_offset);
+return size;
+}
+
+section_mr = section.mr;
+section_offset = section.offset_within_region;
+section_size = int128_get64(section.size);
+
+if (is_write && section_mr->readonly) {
+warn_report("vfu: attempting to write to readonly region in "
+"bar %d - [0x%"PRIx64" - 0x%"PRIx64"]",
+pci_bar, bar_offset,
+(bar_offset + section_size));
+memory_region_unref(section_mr);
+return size;
+}
+
+if (vfu_object_mr_rw(section_mr, 

[PATCH v12 11/14] vfio-user: handle DMA mappings

[Jagannathan Raman]

Define and register callbacks to manage the RAM regions used for
device DMA

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 hw/remote/machine.c   |  5 
 hw/remote/vfio-user-obj.c | 55 +++
 hw/remote/trace-events|  2 ++
 3 files changed, 62 insertions(+)

diff --git a/hw/remote/machine.c b/hw/remote/machine.c
index cbb2add291..645b54343d 100644
--- a/hw/remote/machine.c
+++ b/hw/remote/machine.c
@@ -22,6 +22,7 @@
 #include "hw/remote/iohub.h"
 #include "hw/remote/iommu.h"
 #include "hw/qdev-core.h"
+#include "hw/remote/iommu.h"
 
 static void remote_machine_init(MachineState *machine)
 {
@@ -51,6 +52,10 @@ static void remote_machine_init(MachineState *machine)
 
 pci_host = PCI_HOST_BRIDGE(rem_host);
 
+if (s->vfio_user) {
+remote_iommu_setup(pci_host->bus);
+}
+
 remote_iohub_init(>iohub);
 
 pci_bus_irqs(pci_host->bus, remote_iohub_set_irq, remote_iohub_map_irq,
diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index cef473cb98..7b21f77052 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -284,6 +284,54 @@ static ssize_t vfu_object_cfg_access(vfu_ctx_t *vfu_ctx, 
char * const buf,
 return count;
 }
 
+static void dma_register(vfu_ctx_t *vfu_ctx, vfu_dma_info_t *info)
+{
+VfuObject *o = vfu_get_private(vfu_ctx);
+AddressSpace *dma_as = NULL;
+MemoryRegion *subregion = NULL;
+g_autofree char *name = NULL;
+struct iovec *iov = >iova;
+
+if (!info->vaddr) {
+return;
+}
+
+name = g_strdup_printf("mem-%s-%"PRIx64"", o->device,
+   (uint64_t)info->vaddr);
+
+subregion = g_new0(MemoryRegion, 1);
+
+memory_region_init_ram_ptr(subregion, NULL, name,
+   iov->iov_len, info->vaddr);
+
+dma_as = pci_device_iommu_address_space(o->pci_dev);
+
+memory_region_add_subregion(dma_as->root, (hwaddr)iov->iov_base, 
subregion);
+
+trace_vfu_dma_register((uint64_t)iov->iov_base, iov->iov_len);
+}
+
+static void dma_unregister(vfu_ctx_t *vfu_ctx, vfu_dma_info_t *info)
+{
+VfuObject *o = vfu_get_private(vfu_ctx);
+AddressSpace *dma_as = NULL;
+MemoryRegion *mr = NULL;
+ram_addr_t offset;
+
+mr = memory_region_from_host(info->vaddr, );
+if (!mr) {
+return;
+}
+
+dma_as = pci_device_iommu_address_space(o->pci_dev);
+
+memory_region_del_subregion(dma_as->root, mr);
+
+object_unparent((OBJECT(mr)));
+
+trace_vfu_dma_unregister((uint64_t)info->iova.iov_base);
+}
+
 /*
  * TYPE_VFU_OBJECT depends on the availability of the 'socket' and 'device'
  * properties. It also depends on devices instantiated in QEMU. These
@@ -387,6 +435,13 @@ static void vfu_object_init_ctx(VfuObject *o, Error **errp)
 goto fail;
 }
 
+ret = vfu_setup_device_dma(o->vfu_ctx, _register, _unregister);
+if (ret < 0) {
+error_setg(errp, "vfu: Failed to setup DMA handlers for %s",
+   o->device);
+goto fail;
+}
+
 ret = vfu_realize_ctx(o->vfu_ctx);
 if (ret < 0) {
 error_setg(errp, "vfu: Failed to realize device %s- %s",
diff --git a/hw/remote/trace-events b/hw/remote/trace-events
index 2ef7884346..f945c7e33b 100644
--- a/hw/remote/trace-events
+++ b/hw/remote/trace-events
@@ -7,3 +7,5 @@ mpqemu_recv_io_error(int cmd, int size, int nfds) "failed to 
receive %d size %d,
 vfu_prop(const char *prop, const char *val) "vfu: setting %s as %s"
 vfu_cfg_read(uint32_t offset, uint32_t val) "vfu: cfg: 0x%u -> 0x%x"
 vfu_cfg_write(uint32_t offset, uint32_t val) "vfu: cfg: 0x%u <- 0x%x"
+vfu_dma_register(uint64_t gpa, size_t len) "vfu: registering GPA 0x%"PRIx64", 
%zu bytes"
+vfu_dma_unregister(uint64_t gpa) "vfu: unregistering GPA 0x%"PRIx64""
-- 
2.20.1

[PATCH v12 10/14] vfio-user: IOMMU support for remote device

[Jagannathan Raman]

Assign separate address space for each device in the remote processes.

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 include/hw/remote/iommu.h |  40 
 hw/remote/iommu.c | 131 ++
 hw/remote/machine.c   |  13 +++-
 MAINTAINERS   |   2 +
 hw/remote/meson.build |   1 +
 5 files changed, 186 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/remote/iommu.h
 create mode 100644 hw/remote/iommu.c

diff --git a/include/hw/remote/iommu.h b/include/hw/remote/iommu.h
new file mode 100644
index 00..33b68a8f4b
--- /dev/null
+++ b/include/hw/remote/iommu.h
@@ -0,0 +1,40 @@
+/**
+ * Copyright © 2022 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef REMOTE_IOMMU_H
+#define REMOTE_IOMMU_H
+
+#include "hw/pci/pci_bus.h"
+#include "hw/pci/pci.h"
+
+#ifndef INT2VOIDP
+#define INT2VOIDP(i) (void *)(uintptr_t)(i)
+#endif
+
+typedef struct RemoteIommuElem {
+MemoryRegion *mr;
+
+AddressSpace as;
+} RemoteIommuElem;
+
+#define TYPE_REMOTE_IOMMU "x-remote-iommu"
+OBJECT_DECLARE_SIMPLE_TYPE(RemoteIommu, REMOTE_IOMMU)
+
+struct RemoteIommu {
+Object parent;
+
+GHashTable *elem_by_devfn;
+
+QemuMutex lock;
+};
+
+void remote_iommu_setup(PCIBus *pci_bus);
+
+void remote_iommu_unplug_dev(PCIDevice *pci_dev);
+
+#endif
diff --git a/hw/remote/iommu.c b/hw/remote/iommu.c
new file mode 100644
index 00..fd723d91f3
--- /dev/null
+++ b/hw/remote/iommu.c
@@ -0,0 +1,131 @@
+/**
+ * IOMMU for remote device
+ *
+ * Copyright © 2022 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+
+#include "hw/remote/iommu.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/pci/pci.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "trace.h"
+
+/**
+ * IOMMU for TYPE_REMOTE_MACHINE - manages DMA address space isolation
+ * for remote machine. It is used by TYPE_VFIO_USER_SERVER.
+ *
+ * - Each TYPE_VFIO_USER_SERVER instance handles one PCIDevice on a PCIBus.
+ *   There is one RemoteIommu per PCIBus, so the RemoteIommu tracks multiple
+ *   PCIDevices by maintaining a ->elem_by_devfn mapping.
+ *
+ * - memory_region_init_iommu() is not used because vfio-user MemoryRegions
+ *   will be added to the elem->mr container instead. This is more natural
+ *   than implementing the IOMMUMemoryRegionClass APIs since vfio-user
+ *   provides something that is close to a full-fledged MemoryRegion and
+ *   not like an IOMMU mapping.
+ *
+ * - When a device is hot unplugged, the elem->mr reference is dropped so
+ *   all vfio-user MemoryRegions associated with this vfio-user server are
+ *   destroyed.
+ */
+
+static AddressSpace *remote_iommu_find_add_as(PCIBus *pci_bus,
+  void *opaque, int devfn)
+{
+RemoteIommu *iommu = opaque;
+RemoteIommuElem *elem = NULL;
+
+qemu_mutex_lock(>lock);
+
+elem = g_hash_table_lookup(iommu->elem_by_devfn, INT2VOIDP(devfn));
+
+if (!elem) {
+elem = g_malloc0(sizeof(RemoteIommuElem));
+g_hash_table_insert(iommu->elem_by_devfn, INT2VOIDP(devfn), elem);
+}
+
+if (!elem->mr) {
+elem->mr = MEMORY_REGION(object_new(TYPE_MEMORY_REGION));
+memory_region_set_size(elem->mr, UINT64_MAX);
+address_space_init(>as, elem->mr, NULL);
+}
+
+qemu_mutex_unlock(>lock);
+
+return >as;
+}
+
+void remote_iommu_unplug_dev(PCIDevice *pci_dev)
+{
+AddressSpace *as = pci_device_iommu_address_space(pci_dev);
+RemoteIommuElem *elem = NULL;
+
+if (as == _space_memory) {
+return;
+}
+
+elem = container_of(as, RemoteIommuElem, as);
+
+address_space_destroy(>as);
+
+object_unref(elem->mr);
+
+elem->mr = NULL;
+}
+
+static void remote_iommu_init(Object *obj)
+{
+RemoteIommu *iommu = REMOTE_IOMMU(obj);
+
+iommu->elem_by_devfn = g_hash_table_new_full(NULL, NULL, NULL, g_free);
+
+qemu_mutex_init(>lock);
+}
+
+static void remote_iommu_finalize(Object *obj)
+{
+RemoteIommu *iommu = REMOTE_IOMMU(obj);
+
+qemu_mutex_destroy(>lock);
+
+g_hash_table_destroy(iommu->elem_by_devfn);
+
+iommu->elem_by_devfn = NULL;
+}
+
+void remote_iommu_setup(PCIBus *pci_bus)
+{
+RemoteIommu *iommu = NULL;
+
+g_assert(pci_bus);
+
+iommu = REMOTE_IOMMU(object_new(TYPE_REMOTE_IOMMU));
+
+pci_setup_iommu(pci_bus, remote_iommu_find_add_as, iommu);
+
+object_property_add_child(OBJECT(pci_bus), "remote-iommu", OBJECT(iommu));
+
+object_unref(OBJECT(iommu));
+}
+
+static const TypeInfo remote_iommu_info = {
+.name = TYPE_REMOTE_IOMMU,
+.parent = TYPE_OBJECT,
+.instance_size = 

[PATCH v12 13/14] vfio-user: handle device interrupts

[Jagannathan Raman]

Forward remote device's interrupts to the guest

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
---
 include/hw/pci/msi.h  |   1 +
 include/hw/pci/msix.h |   1 +
 include/hw/pci/pci.h  |  13 +++
 include/hw/remote/vfio-user-obj.h |   6 ++
 hw/pci/msi.c  |  49 +++--
 hw/pci/msix.c |  35 ++-
 hw/pci/pci.c  |  13 +++
 hw/remote/machine.c   |  14 ++-
 hw/remote/vfio-user-obj.c | 167 ++
 stubs/vfio-user-obj.c |   6 ++
 MAINTAINERS   |   1 +
 hw/remote/trace-events|   1 +
 stubs/meson.build |   1 +
 13 files changed, 297 insertions(+), 11 deletions(-)
 create mode 100644 include/hw/remote/vfio-user-obj.h
 create mode 100644 stubs/vfio-user-obj.c

diff --git a/include/hw/pci/msi.h b/include/hw/pci/msi.h
index 4087688486..58aa576215 100644
--- a/include/hw/pci/msi.h
+++ b/include/hw/pci/msi.h
@@ -43,6 +43,7 @@ void msi_notify(PCIDevice *dev, unsigned int vector);
 void msi_send_message(PCIDevice *dev, MSIMessage msg);
 void msi_write_config(PCIDevice *dev, uint32_t addr, uint32_t val, int len);
 unsigned int msi_nr_vectors_allocated(const PCIDevice *dev);
+void msi_set_mask(PCIDevice *dev, int vector, bool mask, Error **errp);
 
 static inline bool msi_present(const PCIDevice *dev)
 {
diff --git a/include/hw/pci/msix.h b/include/hw/pci/msix.h
index 4c4a60c739..4f1cda0ebe 100644
--- a/include/hw/pci/msix.h
+++ b/include/hw/pci/msix.h
@@ -36,6 +36,7 @@ void msix_clr_pending(PCIDevice *dev, int vector);
 int msix_vector_use(PCIDevice *dev, unsigned vector);
 void msix_vector_unuse(PCIDevice *dev, unsigned vector);
 void msix_unuse_all_vectors(PCIDevice *dev);
+void msix_set_mask(PCIDevice *dev, int vector, bool mask, Error **errp);
 
 void msix_notify(PCIDevice *dev, unsigned vector);
 
diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index 44dacfa224..b54b6ef88f 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -16,6 +16,7 @@ extern bool pci_available;
 #define PCI_SLOT(devfn) (((devfn) >> 3) & 0x1f)
 #define PCI_FUNC(devfn) ((devfn) & 0x07)
 #define PCI_BUILD_BDF(bus, devfn) ((bus << 8) | (devfn))
+#define PCI_BDF_TO_DEVFN(x) ((x) & 0xff)
 #define PCI_BUS_MAX 256
 #define PCI_DEVFN_MAX   256
 #define PCI_SLOT_MAX32
@@ -127,6 +128,10 @@ typedef void PCIMapIORegionFunc(PCIDevice *pci_dev, int 
region_num,
 pcibus_t addr, pcibus_t size, int type);
 typedef void PCIUnregisterFunc(PCIDevice *pci_dev);
 
+typedef void MSITriggerFunc(PCIDevice *dev, MSIMessage msg);
+typedef MSIMessage MSIPrepareMessageFunc(PCIDevice *dev, unsigned vector);
+typedef MSIMessage MSIxPrepareMessageFunc(PCIDevice *dev, unsigned vector);
+
 typedef struct PCIIORegion {
 pcibus_t addr; /* current PCI mapping address. -1 means not mapped */
 #define PCI_BAR_UNMAPPED (~(pcibus_t)0)
@@ -329,6 +334,14 @@ struct PCIDevice {
 /* Space to store MSIX table & pending bit array */
 uint8_t *msix_table;
 uint8_t *msix_pba;
+
+/* May be used by INTx or MSI during interrupt notification */
+void *irq_opaque;
+
+MSITriggerFunc *msi_trigger;
+MSIPrepareMessageFunc *msi_prepare_message;
+MSIxPrepareMessageFunc *msix_prepare_message;
+
 /* MemoryRegion container for msix exclusive BAR setup */
 MemoryRegion msix_exclusive_bar;
 /* Memory Regions for MSIX table and pending bit entries. */
diff --git a/include/hw/remote/vfio-user-obj.h 
b/include/hw/remote/vfio-user-obj.h
new file mode 100644
index 00..87ab78b875
--- /dev/null
+++ b/include/hw/remote/vfio-user-obj.h
@@ -0,0 +1,6 @@
+#ifndef VFIO_USER_OBJ_H
+#define VFIO_USER_OBJ_H
+
+void vfu_object_set_bus_irq(PCIBus *pci_bus);
+
+#endif
diff --git a/hw/pci/msi.c b/hw/pci/msi.c
index 47d2b0f33c..5c471b9616 100644
--- a/hw/pci/msi.c
+++ b/hw/pci/msi.c
@@ -134,7 +134,7 @@ void msi_set_message(PCIDevice *dev, MSIMessage msg)
 pci_set_word(dev->config + msi_data_off(dev, msi64bit), msg.data);
 }
 
-MSIMessage msi_get_message(PCIDevice *dev, unsigned int vector)
+static MSIMessage msi_prepare_message(PCIDevice *dev, unsigned int vector)
 {
 uint16_t flags = pci_get_word(dev->config + msi_flags_off(dev));
 bool msi64bit = flags & PCI_MSI_FLAGS_64BIT;
@@ -159,6 +159,11 @@ MSIMessage msi_get_message(PCIDevice *dev, unsigned int 
vector)
 return msg;
 }
 
+MSIMessage msi_get_message(PCIDevice *dev, unsigned int vector)
+{
+return dev->msi_prepare_message(dev, vector);
+}
+
 bool msi_enabled(const PCIDevice *dev)
 {
 return msi_present(dev) &&
@@ -241,6 +246,8 @@ int msi_init(struct PCIDevice *dev, uint8_t offset,
  0x >> (PCI_MSI_VECTORS_MAX - nr_vectors));
 }
 
+dev->msi_prepare_message = msi_prepare_message;
+
 return 0;
 }
 
@@ -256,6 

[PATCH v12 08/14] vfio-user: run vfio-user context

[Jagannathan Raman]

Setup a handler to run vfio-user context. The context is driven by
messages to the file descriptor associated with it - get the fd for
the context and hook up the handler with it

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 qapi/misc.json|  31 ++
 hw/remote/vfio-user-obj.c | 118 +-
 2 files changed, 148 insertions(+), 1 deletion(-)

diff --git a/qapi/misc.json b/qapi/misc.json
index 45344483cd..27ef5a2b20 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -553,3 +553,34 @@
 ##
 { 'event': 'RTC_CHANGE',
   'data': { 'offset': 'int', 'qom-path': 'str' } }
+
+##
+# @VFU_CLIENT_HANGUP:
+#
+# Emitted when the client of a TYPE_VFIO_USER_SERVER closes the
+# communication channel
+#
+# @vfu-id: ID of the TYPE_VFIO_USER_SERVER object. It is the last component
+#  of @vfu-qom-path referenced below
+#
+# @vfu-qom-path: path to the TYPE_VFIO_USER_SERVER object in the QOM tree
+#
+# @dev-id: ID of attached PCI device
+#
+# @dev-qom-path: path to attached PCI device in the QOM tree
+#
+# Since: 7.1
+#
+# Example:
+#
+# <- { "event": "VFU_CLIENT_HANGUP",
+#  "data": { "vfu-id": "vfu1",
+#"vfu-qom-path": "/objects/vfu1",
+#"dev-id": "sas1",
+#"dev-qom-path": "/machine/peripheral/sas1" },
+#  "timestamp": { "seconds": 1265044230, "microseconds": 450486 } }
+#
+##
+{ 'event': 'VFU_CLIENT_HANGUP',
+  'data': { 'vfu-id': 'str', 'vfu-qom-path': 'str',
+'dev-id': 'str', 'dev-qom-path': 'str' } }
diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index 3ca6aa2b45..178bd6f8ed 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -27,6 +27,9 @@
  *
  * device - id of a device on the server, a required option. PCI devices
  *  alone are supported presently.
+ *
+ * notes - x-vfio-user-server could block IO and monitor during the
+ * initialization phase.
  */
 
 #include "qemu/osdep.h"
@@ -40,11 +43,14 @@
 #include "hw/remote/machine.h"
 #include "qapi/error.h"
 #include "qapi/qapi-visit-sockets.h"
+#include "qapi/qapi-events-misc.h"
 #include "qemu/notify.h"
+#include "qemu/thread.h"
 #include "sysemu/sysemu.h"
 #include "libvfio-user.h"
 #include "hw/qdev-core.h"
 #include "hw/pci/pci.h"
+#include "qemu/timer.h"
 
 #define TYPE_VFU_OBJECT "x-vfio-user-server"
 OBJECT_DECLARE_TYPE(VfuObject, VfuObjectClass, VFU_OBJECT)
@@ -86,6 +92,8 @@ struct VfuObject {
 PCIDevice *pci_dev;
 
 Error *unplug_blocker;
+
+int vfu_poll_fd;
 };
 
 static void vfu_object_init_ctx(VfuObject *o, Error **errp);
@@ -164,6 +172,78 @@ static void vfu_object_set_device(Object *obj, const char 
*str, Error **errp)
 vfu_object_init_ctx(o, errp);
 }
 
+static void vfu_object_ctx_run(void *opaque)
+{
+VfuObject *o = opaque;
+const char *vfu_id;
+char *vfu_path, *pci_dev_path;
+int ret = -1;
+
+while (ret != 0) {
+ret = vfu_run_ctx(o->vfu_ctx);
+if (ret < 0) {
+if (errno == EINTR) {
+continue;
+} else if (errno == ENOTCONN) {
+vfu_id = object_get_canonical_path_component(OBJECT(o));
+vfu_path = object_get_canonical_path(OBJECT(o));
+g_assert(o->pci_dev);
+pci_dev_path = object_get_canonical_path(OBJECT(o->pci_dev));
+ /* o->device is a required property and is non-NULL here */
+g_assert(o->device);
+qapi_event_send_vfu_client_hangup(vfu_id, vfu_path,
+  o->device, pci_dev_path);
+qemu_set_fd_handler(o->vfu_poll_fd, NULL, NULL, NULL);
+o->vfu_poll_fd = -1;
+object_unparent(OBJECT(o));
+g_free(vfu_path);
+g_free(pci_dev_path);
+break;
+} else {
+VFU_OBJECT_ERROR(o, "vfu: Failed to run device %s - %s",
+ o->device, strerror(errno));
+break;
+}
+}
+}
+}
+
+static void vfu_object_attach_ctx(void *opaque)
+{
+VfuObject *o = opaque;
+GPollFD pfds[1];
+int ret;
+
+qemu_set_fd_handler(o->vfu_poll_fd, NULL, NULL, NULL);
+
+pfds[0].fd = o->vfu_poll_fd;
+pfds[0].events = G_IO_IN | G_IO_HUP | G_IO_ERR;
+
+retry_attach:
+ret = vfu_attach_ctx(o->vfu_ctx);
+if (ret < 0 && (errno == EAGAIN || errno == EWOULDBLOCK)) {
+/**
+ * vfu_object_attach_ctx can block QEMU's main loop
+ * during attach - the monitor and other IO
+ * could be unresponsive during this time.
+ */
+(void)qemu_poll_ns(pfds, 1, 500 * (int64_t)SCALE_MS);
+goto retry_attach;
+} else if (ret < 0) {
+VFU_OBJECT_ERROR(o, "vfu: Failed to attach device %s to context - %s",
+ o->device, 

[PATCH v12 04/14] vfio-user: build library

[Jagannathan Raman]

add the libvfio-user library as a submodule. build it as a meson
subproject.

libvfio-user is distributed with BSD 3-Clause license and
json-c with MIT (Expat) license

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 configure   | 17 +
 meson.build | 23 ++-
 .gitlab-ci.d/buildtest.yml  |  1 +
 .gitmodules |  3 +++
 Kconfig.host|  4 
 MAINTAINERS |  1 +
 hw/remote/Kconfig   |  4 
 hw/remote/meson.build   |  2 ++
 meson_options.txt   |  2 ++
 subprojects/libvfio-user|  1 +
 tests/docker/dockerfiles/centos8.docker |  2 ++
 11 files changed, 59 insertions(+), 1 deletion(-)
 create mode 16 subprojects/libvfio-user

diff --git a/configure b/configure
index e69537c756..39f30c0283 100755
--- a/configure
+++ b/configure
@@ -315,6 +315,7 @@ meson_args=""
 ninja=""
 bindir="bin"
 skip_meson=no
+vfio_user_server="disabled"
 
 # The following Meson options are handled manually (still they
 # are included in the automatically generated help message)
@@ -909,6 +910,10 @@ for opt do
   ;;
   --disable-blobs) meson_option_parse --disable-install-blobs ""
   ;;
+  --enable-vfio-user-server) vfio_user_server="enabled"
+  ;;
+  --disable-vfio-user-server) vfio_user_server="disabled"
+  ;;
   --enable-tcmalloc) meson_option_parse --enable-malloc=tcmalloc tcmalloc
   ;;
   --enable-jemalloc) meson_option_parse --enable-malloc=jemalloc jemalloc
@@ -2133,6 +2138,17 @@ write_container_target_makefile() {
 
 
 
+##
+# check for vfio_user_server
+
+case "$vfio_user_server" in
+  enabled )
+if test "$git_submodules_action" != "ignore"; then
+  git_submodules="${git_submodules} subprojects/libvfio-user"
+fi
+;;
+esac
+
 ##
 # End of CC checks
 # After here, no more $cc or $ld runs
@@ -2669,6 +2685,7 @@ if test "$skip_meson" = no; then
   test "$slirp" != auto && meson_option_add "-Dslirp=$slirp"
   test "$smbd" != '' && meson_option_add "-Dsmbd=$smbd"
   test "$tcg" != enabled && meson_option_add "-Dtcg=$tcg"
+  test "$vfio_user_server" != auto && meson_option_add 
"-Dvfio_user_server=$vfio_user_server"
   run_meson() {
 NINJA=$ninja $meson setup --prefix "$prefix" "$@" $cross_arg "$PWD" 
"$source_path"
   }
diff --git a/meson.build b/meson.build
index 21cd949082..fac9853254 100644
--- a/meson.build
+++ b/meson.build
@@ -308,6 +308,10 @@ multiprocess_allowed = get_option('multiprocess') \
   .require(targetos == 'linux', error_message: 'Multiprocess QEMU is supported 
only on Linux') \
   .allowed()
 
+vfio_user_server_allowed = get_option('vfio_user_server') \
+  .require(targetos == 'linux', error_message: 'vfio-user server is supported 
only on Linux') \
+  .allowed()
+
 have_tpm = get_option('tpm') \
   .require(targetos != 'windows', error_message: 'TPM emulation only available 
on POSIX systems') \
   .allowed()
@@ -2373,7 +2377,8 @@ host_kconfig = \
   (have_virtfs ? ['CONFIG_VIRTFS=y'] : []) + \
   ('CONFIG_LINUX' in config_host ? ['CONFIG_LINUX=y'] : []) + \
   (have_pvrdma ? ['CONFIG_PVRDMA=y'] : []) + \
-  (multiprocess_allowed ? ['CONFIG_MULTIPROCESS_ALLOWED=y'] : [])
+  (multiprocess_allowed ? ['CONFIG_MULTIPROCESS_ALLOWED=y'] : []) + \
+  (vfio_user_server_allowed ? ['CONFIG_VFIO_USER_SERVER_ALLOWED=y'] : [])
 
 ignored = [ 'TARGET_XML_FILES', 'TARGET_ABI_DIR', 'TARGET_ARCH' ]
 
@@ -2665,6 +2670,21 @@ if have_system
   endif
 endif
 
+libvfio_user_dep = not_found
+if have_system and vfio_user_server_allowed
+  have_internal = fs.exists(meson.current_source_dir() / 
'subprojects/libvfio-user/meson.build')
+
+  if not have_internal
+error('libvfio-user source not found - please pull git submodule')
+  endif
+
+  libvfio_user_proj = subproject('libvfio-user')
+
+  libvfio_user_lib = libvfio_user_proj.get_variable('libvfio_user_dep')
+
+  libvfio_user_dep = declare_dependency(dependencies: [libvfio_user_lib])
+endif
+
 fdt = not_found
 if have_system
   fdt_opt = get_option('fdt')
@@ -3783,6 +3803,7 @@ summary_info += {'target list':   ' 
'.join(target_dirs)}
 if have_system
   summary_info += {'default devices':   get_option('default_devices')}
   summary_info += {'out of process emulation': multiprocess_allowed}
+  summary_info += {'vfio-user server': vfio_user_server_allowed}
 endif
 summary(summary_info, bool_yn: true, section: 'Targets and accelerators')
 
diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index 544385f5be..fe8d34b022 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -168,6 +168,7 @@ build-system-centos:
 IMAGE: centos8
 CONFIGURE_ARGS: --disable-nettle --enable-gcrypt --enable-fdt=system
   

[PATCH v12 06/14] vfio-user: instantiate vfio-user context

[Jagannathan Raman]

create a context with the vfio-user library to run a PCI device

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 hw/remote/vfio-user-obj.c | 82 +++
 1 file changed, 82 insertions(+)

diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index bc49adcc27..68f8a9dfa9 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -40,6 +40,9 @@
 #include "hw/remote/machine.h"
 #include "qapi/error.h"
 #include "qapi/qapi-visit-sockets.h"
+#include "qemu/notify.h"
+#include "sysemu/sysemu.h"
+#include "libvfio-user.h"
 
 #define TYPE_VFU_OBJECT "x-vfio-user-server"
 OBJECT_DECLARE_TYPE(VfuObject, VfuObjectClass, VFU_OBJECT)
@@ -73,8 +76,14 @@ struct VfuObject {
 char *device;
 
 Error *err;
+
+Notifier machine_done;
+
+vfu_ctx_t *vfu_ctx;
 };
 
+static void vfu_object_init_ctx(VfuObject *o, Error **errp);
+
 static bool vfu_object_auto_shutdown(void)
 {
 bool auto_shutdown = true;
@@ -107,6 +116,11 @@ static void vfu_object_set_socket(Object *obj, Visitor *v, 
const char *name,
 {
 VfuObject *o = VFU_OBJECT(obj);
 
+if (o->vfu_ctx) {
+error_setg(errp, "vfu: Unable to set socket property - server busy");
+return;
+}
+
 qapi_free_SocketAddress(o->socket);
 
 o->socket = NULL;
@@ -122,17 +136,69 @@ static void vfu_object_set_socket(Object *obj, Visitor 
*v, const char *name,
 }
 
 trace_vfu_prop("socket", o->socket->u.q_unix.path);
+
+vfu_object_init_ctx(o, errp);
 }
 
 static void vfu_object_set_device(Object *obj, const char *str, Error **errp)
 {
 VfuObject *o = VFU_OBJECT(obj);
 
+if (o->vfu_ctx) {
+error_setg(errp, "vfu: Unable to set device property - server busy");
+return;
+}
+
 g_free(o->device);
 
 o->device = g_strdup(str);
 
 trace_vfu_prop("device", str);
+
+vfu_object_init_ctx(o, errp);
+}
+
+/*
+ * TYPE_VFU_OBJECT depends on the availability of the 'socket' and 'device'
+ * properties. It also depends on devices instantiated in QEMU. These
+ * dependencies are not available during the instance_init phase of this
+ * object's life-cycle. As such, the server is initialized after the
+ * machine is setup. machine_init_done_notifier notifies TYPE_VFU_OBJECT
+ * when the machine is setup, and the dependencies are available.
+ */
+static void vfu_object_machine_done(Notifier *notifier, void *data)
+{
+VfuObject *o = container_of(notifier, VfuObject, machine_done);
+Error *err = NULL;
+
+vfu_object_init_ctx(o, );
+
+if (err) {
+error_propagate(_abort, err);
+}
+}
+
+static void vfu_object_init_ctx(VfuObject *o, Error **errp)
+{
+ERRP_GUARD();
+
+if (o->vfu_ctx || !o->socket || !o->device ||
+!phase_check(PHASE_MACHINE_READY)) {
+return;
+}
+
+if (o->err) {
+error_propagate(errp, o->err);
+o->err = NULL;
+return;
+}
+
+o->vfu_ctx = vfu_create_ctx(VFU_TRANS_SOCK, o->socket->u.q_unix.path, 0,
+o, VFU_DEV_TYPE_PCI);
+if (o->vfu_ctx == NULL) {
+error_setg(errp, "vfu: Failed to create context - %s", 
strerror(errno));
+return;
+}
 }
 
 static void vfu_object_init(Object *obj)
@@ -147,6 +213,12 @@ static void vfu_object_init(Object *obj)
TYPE_VFU_OBJECT, TYPE_REMOTE_MACHINE);
 return;
 }
+
+if (!phase_check(PHASE_MACHINE_READY)) {
+o->machine_done.notify = vfu_object_machine_done;
+qemu_add_machine_init_done_notifier(>machine_done);
+}
+
 }
 
 static void vfu_object_finalize(Object *obj)
@@ -160,6 +232,11 @@ static void vfu_object_finalize(Object *obj)
 
 o->socket = NULL;
 
+if (o->vfu_ctx) {
+vfu_destroy_ctx(o->vfu_ctx);
+o->vfu_ctx = NULL;
+}
+
 g_free(o->device);
 
 o->device = NULL;
@@ -167,6 +244,11 @@ static void vfu_object_finalize(Object *obj)
 if (!k->nr_devs && vfu_object_auto_shutdown()) {
 qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
 }
+
+if (o->machine_done.notify) {
+qemu_remove_machine_init_done_notifier(>machine_done);
+o->machine_done.notify = NULL;
+}
 }
 
 static void vfu_object_class_init(ObjectClass *klass, void *data)
-- 
2.20.1

[PATCH v12 03/14] remote/machine: add vfio-user property

[Jagannathan Raman]

Add vfio-user to x-remote machine. It is a boolean, which indicates if
the machine supports vfio-user protocol. The machine configures the bus
differently vfio-user and multiprocess protocols, so this property
informs it on how to configure the bus.

This property should be short lived. Once vfio-user fully replaces
multiprocess, this property could be removed.

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 include/hw/remote/machine.h |  2 ++
 hw/remote/machine.c | 23 +++
 2 files changed, 25 insertions(+)

diff --git a/include/hw/remote/machine.h b/include/hw/remote/machine.h
index 2a2a33c4b2..8d0fa98d33 100644
--- a/include/hw/remote/machine.h
+++ b/include/hw/remote/machine.h
@@ -22,6 +22,8 @@ struct RemoteMachineState {
 
 RemotePCIHost *host;
 RemoteIOHubState iohub;
+
+bool vfio_user;
 };
 
 /* Used to pass to co-routine device and ioc. */
diff --git a/hw/remote/machine.c b/hw/remote/machine.c
index a97e53e250..9f3cdc55c3 100644
--- a/hw/remote/machine.c
+++ b/hw/remote/machine.c
@@ -58,6 +58,25 @@ static void remote_machine_init(MachineState *machine)
 qbus_set_hotplug_handler(BUS(pci_host->bus), OBJECT(s));
 }
 
+static bool remote_machine_get_vfio_user(Object *obj, Error **errp)
+{
+RemoteMachineState *s = REMOTE_MACHINE(obj);
+
+return s->vfio_user;
+}
+
+static void remote_machine_set_vfio_user(Object *obj, bool value, Error **errp)
+{
+RemoteMachineState *s = REMOTE_MACHINE(obj);
+
+if (phase_check(PHASE_MACHINE_CREATED)) {
+error_setg(errp, "Error enabling vfio-user - machine already created");
+return;
+}
+
+s->vfio_user = value;
+}
+
 static void remote_machine_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
@@ -67,6 +86,10 @@ static void remote_machine_class_init(ObjectClass *oc, void 
*data)
 mc->desc = "Experimental remote machine";
 
 hc->unplug = qdev_simple_device_unplug_cb;
+
+object_class_property_add_bool(oc, "vfio-user",
+   remote_machine_get_vfio_user,
+   remote_machine_set_vfio_user);
 }
 
 static const TypeInfo remote_machine = {
-- 
2.20.1

[PATCH v12 02/14] remote/machine: add HotplugHandler for remote machine

[Jagannathan Raman]

Allow hotplugging of PCI(e) devices to remote machine

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 hw/remote/machine.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/hw/remote/machine.c b/hw/remote/machine.c
index 92d71d47bb..a97e53e250 100644
--- a/hw/remote/machine.c
+++ b/hw/remote/machine.c
@@ -20,6 +20,7 @@
 #include "qapi/error.h"
 #include "hw/pci/pci_host.h"
 #include "hw/remote/iohub.h"
+#include "hw/qdev-core.h"
 
 static void remote_machine_init(MachineState *machine)
 {
@@ -53,14 +54,19 @@ static void remote_machine_init(MachineState *machine)
 
 pci_bus_irqs(pci_host->bus, remote_iohub_set_irq, remote_iohub_map_irq,
  >iohub, REMOTE_IOHUB_NB_PIRQS);
+
+qbus_set_hotplug_handler(BUS(pci_host->bus), OBJECT(s));
 }
 
 static void remote_machine_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
+HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
 
 mc->init = remote_machine_init;
 mc->desc = "Experimental remote machine";
+
+hc->unplug = qdev_simple_device_unplug_cb;
 }
 
 static const TypeInfo remote_machine = {
@@ -68,6 +74,10 @@ static const TypeInfo remote_machine = {
 .parent = TYPE_MACHINE,
 .instance_size = sizeof(RemoteMachineState),
 .class_init = remote_machine_class_init,
+.interfaces = (InterfaceInfo[]) {
+{ TYPE_HOTPLUG_HANDLER },
+{ }
+}
 };
 
 static void remote_machine_register_types(void)
-- 
2.20.1

[PATCH v12 01/14] qdev: unplug blocker for devices

[Jagannathan Raman]

Add blocker to prevent hot-unplug of devices

TYPE_VFIO_USER_SERVER, which is introduced shortly, attaches itself to a
PCIDevice on which it depends. If the attached PCIDevice gets removed
while the server in use, it could cause it crash. To prevent this,
TYPE_VFIO_USER_SERVER adds an unplug blocker for the PCIDevice.

Signed-off-by: Elena Ufimtseva 
Signed-off-by: John G Johnson 
Signed-off-by: Jagannathan Raman 
Reviewed-by: Stefan Hajnoczi 
---
 include/hw/qdev-core.h | 29 +
 hw/core/qdev.c | 24 
 softmmu/qdev-monitor.c |  4 
 3 files changed, 57 insertions(+)

diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index 92c3d65208..98774e2835 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -193,6 +193,7 @@ struct DeviceState {
 int instance_id_alias;
 int alias_required_for_version;
 ResettableState reset;
+GSList *unplug_blockers;
 };
 
 struct DeviceListener {
@@ -419,6 +420,34 @@ void qdev_simple_device_unplug_cb(HotplugHandler 
*hotplug_dev,
 void qdev_machine_creation_done(void);
 bool qdev_machine_modified(void);
 
+/**
+ * qdev_add_unplug_blocker: Add an unplug blocker to a device
+ *
+ * @dev: Device to be blocked from unplug
+ * @reason: Reason for blocking
+ */
+void qdev_add_unplug_blocker(DeviceState *dev, Error *reason);
+
+/**
+ * qdev_del_unplug_blocker: Remove an unplug blocker from a device
+ *
+ * @dev: Device to be unblocked
+ * @reason: Pointer to the Error used with qdev_add_unplug_blocker.
+ *  Used as a handle to lookup the blocker for deletion.
+ */
+void qdev_del_unplug_blocker(DeviceState *dev, Error *reason);
+
+/**
+ * qdev_unplug_blocked: Confirm if a device is blocked from unplug
+ *
+ * @dev: Device to be tested
+ * @reason: Returns one of the reasons why the device is blocked,
+ *  if any
+ *
+ * Returns: true if device is blocked from unplug, false otherwise
+ */
+bool qdev_unplug_blocked(DeviceState *dev, Error **errp);
+
 /**
  * GpioPolarity: Polarity of a GPIO line
  *
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 84f3019440..0806d8fcaa 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -468,6 +468,28 @@ char *qdev_get_dev_path(DeviceState *dev)
 return NULL;
 }
 
+void qdev_add_unplug_blocker(DeviceState *dev, Error *reason)
+{
+dev->unplug_blockers = g_slist_prepend(dev->unplug_blockers, reason);
+}
+
+void qdev_del_unplug_blocker(DeviceState *dev, Error *reason)
+{
+dev->unplug_blockers = g_slist_remove(dev->unplug_blockers, reason);
+}
+
+bool qdev_unplug_blocked(DeviceState *dev, Error **errp)
+{
+ERRP_GUARD();
+
+if (dev->unplug_blockers) {
+error_propagate(errp, error_copy(dev->unplug_blockers->data));
+return true;
+}
+
+return false;
+}
+
 static bool device_get_realized(Object *obj, Error **errp)
 {
 DeviceState *dev = DEVICE(obj);
@@ -704,6 +726,8 @@ static void device_finalize(Object *obj)
 
 DeviceState *dev = DEVICE(obj);
 
+g_assert(!dev->unplug_blockers);
+
 QLIST_FOREACH_SAFE(ngl, >gpios, node, next) {
 QLIST_REMOVE(ngl, node);
 qemu_free_irqs(ngl->in, ngl->num_in);
diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
index bb5897fc76..4b0ef65780 100644
--- a/softmmu/qdev-monitor.c
+++ b/softmmu/qdev-monitor.c
@@ -899,6 +899,10 @@ void qdev_unplug(DeviceState *dev, Error **errp)
 HotplugHandlerClass *hdc;
 Error *local_err = NULL;
 
+if (qdev_unplug_blocked(dev, errp)) {
+return;
+}
+
 if (dev->parent_bus && !qbus_is_hotpluggable(dev->parent_bus)) {
 error_setg(errp, QERR_BUS_NO_HOTPLUG, dev->parent_bus->name);
 return;
-- 
2.20.1

[PATCH v12 00/14] vfio-user server in QEMU

[Jagannathan Raman]

This is v12 of the server side changes to enable vfio-user in QEMU.

Thanks so much for reviewing this series and sharing your feedback.

We made the following changes in this series:
[PATCH v12 13/14] vfio-user: handle device interrupts
 - Renamed msi_set_irq_state() and msix_set_irq_state() as
   msi_set_mask() and msix_set_mask() respectively
 - Added missing return statement for error case in msi_set_mask()

Thank you very much!

Jagannathan Raman (14):
  qdev: unplug blocker for devices
  remote/machine: add HotplugHandler for remote machine
  remote/machine: add vfio-user property
  vfio-user: build library
  vfio-user: define vfio-user-server object
  vfio-user: instantiate vfio-user context
  vfio-user: find and init PCI device
  vfio-user: run vfio-user context
  vfio-user: handle PCI config space accesses
  vfio-user: IOMMU support for remote device
  vfio-user: handle DMA mappings
  vfio-user: handle PCI BAR accesses
  vfio-user: handle device interrupts
  vfio-user: handle reset of remote device

 configure   |  17 +
 meson.build |  23 +-
 qapi/misc.json  |  31 +
 qapi/qom.json   |  20 +-
 include/exec/memory.h   |   3 +
 include/hw/pci/msi.h|   1 +
 include/hw/pci/msix.h   |   1 +
 include/hw/pci/pci.h|  13 +
 include/hw/qdev-core.h  |  29 +
 include/hw/remote/iommu.h   |  40 +
 include/hw/remote/machine.h |   4 +
 include/hw/remote/vfio-user-obj.h   |   6 +
 hw/core/qdev.c  |  24 +
 hw/pci/msi.c|  49 +-
 hw/pci/msix.c   |  35 +-
 hw/pci/pci.c|  13 +
 hw/remote/iommu.c   | 131 
 hw/remote/machine.c |  88 ++-
 hw/remote/vfio-user-obj.c   | 958 
 softmmu/physmem.c   |   4 +-
 softmmu/qdev-monitor.c  |   4 +
 stubs/vfio-user-obj.c   |   6 +
 tests/qtest/fuzz/generic_fuzz.c |   9 +-
 .gitlab-ci.d/buildtest.yml  |   1 +
 .gitmodules |   3 +
 Kconfig.host|   4 +
 MAINTAINERS |   5 +
 hw/remote/Kconfig   |   4 +
 hw/remote/meson.build   |   4 +
 hw/remote/trace-events  |  11 +
 meson_options.txt   |   2 +
 stubs/meson.build   |   1 +
 subprojects/libvfio-user|   1 +
 tests/docker/dockerfiles/centos8.docker |   2 +
 34 files changed, 1528 insertions(+), 19 deletions(-)
 create mode 100644 include/hw/remote/iommu.h
 create mode 100644 include/hw/remote/vfio-user-obj.h
 create mode 100644 hw/remote/iommu.c
 create mode 100644 hw/remote/vfio-user-obj.c
 create mode 100644 stubs/vfio-user-obj.c
 create mode 16 subprojects/libvfio-user

-- 
2.20.1

Re: [PATCH 09/11] bsd-user: Implement dup and dup2

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

Signed-off-by: Stacey Son 
Signed-off-by: Warner Losh 
---
  bsd-user/bsd-file.h   | 14 ++
  bsd-user/freebsd/os-syscall.c |  8 
  2 files changed, 22 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index 500d6ba78b9..73263ba482f 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -491,4 +491,18 @@ static abi_long do_bsd___getcwd(abi_long arg1, abi_long 
arg2)
  return get_errno(ret);
  }
  
+/* dup(2) */

+static abi_long do_bsd_dup(abi_long arg1)
+{
+
+return get_errno(dup(arg1));
+}
+
+/* dup2(2) */
+static abi_long do_bsd_dup2(abi_long arg1, abi_long arg2)
+{
+
+return get_errno(dup2(arg1, arg2));
+}


Extra lines.  Is this some setting in your editor?  Otherwise,

Reviewed-by: Richard Henderson 

Re: [PATCH 06/11] bsd-user: Implement link, linkat, unlink and unlinkat

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

Signed-off-by: Stacey Son
Signed-off-by: Jung-uk Kim
Signed-off-by: Warner Losh
---
  bsd-user/bsd-file.h   | 54 +++
  bsd-user/freebsd/os-syscall.c | 16 +++
  2 files changed, 70 insertions(+)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 11/11] bsd-user: Implement acct and sync

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

+static abi_long do_bsd_sync(void)
+{
+


Extra line, otherwise,
Reviewed-by: Richard Henderson 

r~

Re: [PATCH 05/11] bsd-user: Implement rename and renameat

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

Plus the helper LOCK_PATH2 and UNLOCK_PATH2 macros.

Signed-off-by: Stacey Son
Signed-off-by: Jung-uk Kim
Signed-off-by: Warner Losh
---
  bsd-user/bsd-file.h   | 45 +++
  bsd-user/freebsd/os-syscall.c |  8 +++
  2 files changed, 53 insertions(+)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 10/11] bsd-user: Implement trunctate and ftruncate

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

+static abi_long do_bsd_ftruncate(void *cpu_env, abi_long arg1,
+abi_long arg2, abi_long arg3, abi_long arg4)
+{
+


Extra line.  Otherwise,
Reviewed-by: Richard Henderson 

r~

Re: [PATCH 08/11] bsd-user: Implement rmdir and undocumented -_getcwd

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

Implemenet rmdir and __getcwd. Declare __getcwd as extern because
there's no installed FreeBSD header that has it. It's used internally by
libc, which doesn't provide an external declaration, but does export the
symbol.


Typo in subject: s/-/_/.


@@ -55,6 +55,7 @@ extern struct iovec *lock_iovec(int type, abi_ulong 
target_addr, int count,
  int copy);
  extern void unlock_iovec(struct iovec *vec, abi_ulong target_addr, int count,
  int copy);
+extern int __getcwd(char *path, size_t len);


Do you really want to rely on this export?
Unless it does something special, I'd just declare a local version of the syscall as you 
do with safe_*.



+/* undocumented __getcwd(char *buf, size_t len)  system call */


Surely the syscall itself is documented?


r~

Re: [PATCH 03/11] bsd-user: Implement revoke, access, eaccess and faccessat

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

Signed-off-by: Stacey Son
Signed-off-by: Warner Losh
---
  bsd-user/bsd-file.h   | 53 +++
  bsd-user/freebsd/os-syscall.c | 16 +++
  2 files changed, 69 insertions(+)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 07/11] bsd-user: Implement mkdir and mkdirat

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

Signed-off-by: Stacey Son
Signed-off-by: Warner Losh
---
  bsd-user/bsd-file.h   | 27 +++
  bsd-user/freebsd/os-syscall.c |  8 
  2 files changed, 35 insertions(+)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 04/11] bsd-user: Implement chdir and fchdir

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

Signed-off-by: Stacey Son 
Signed-off-by: Warner Losh 
---
  bsd-user/bsd-file.h   | 20 
  bsd-user/freebsd/os-syscall.c |  8 
  2 files changed, 28 insertions(+)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 02/11] bsd-user: Implement fdatasync, fsync and close_from

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

Implement fdatasync(2), fsync(2) and close_from(2).

Signed-off-by: Stacey Son 
Signed-off-by: Jung-uk Kim 
Signed-off-by: Warner Losh 
---
  bsd-user/bsd-file.h   | 22 ++
  bsd-user/freebsd/os-syscall.c | 12 
  2 files changed, 34 insertions(+)

diff --git a/bsd-user/bsd-file.h b/bsd-user/bsd-file.h
index fb54905b46f..3e0f160e312 100644
--- a/bsd-user/bsd-file.h
+++ b/bsd-user/bsd-file.h
@@ -240,4 +240,26 @@ static inline abi_long do_bsd_close(abi_long arg1)
  return get_errno(close(arg1));
  }
  
+/* fdatasync(2) */

+static abi_long do_bsd_fdatasync(abi_long arg1)
+{
+
+return get_errno(fdatasync(arg1));
+}
+
+/* fsync(2) */
+static abi_long do_bsd_fsync(abi_long arg1)
+{
+
+return get_errno(fsync(arg1));
+}
+
+/* closefrom(2) */
+static abi_long do_bsd_closefrom(abi_long arg1)
+{
+
+closefrom(arg1);  /* returns void */
+return get_errno(0);
+}


All with extra linefeed.  Otherwise,
Reviewed-by: Richard Henderson 


r~

Re: [PATCH 01/11] bsd-user: Implement open, openat and close

[Richard Henderson]

On 6/12/22 13:48, Warner Losh wrote:

+static inline abi_long do_bsd_close(abi_long arg1)
+{
+


Watch the extra linefeed.  Otherwise,
Reviewed-by: Richard Henderson 


r~

Re: CentOS 8 cloud images not working under VM tests

[John Snow]

On Mon, Jun 13, 2022 at 12:36 PM John Snow  wrote:
>
> On Mon, Jun 13, 2022 at 2:05 AM Thomas Huth  wrote:
> >
> > On 11/06/2022 01.28, John Snow wrote:
> > > This test doesn't appear to work for me:
> > >
> > > def build_image(self, img):
> > >  cimg = 
> > > self._download_with_cache("https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-GenericCloud-8.3.2011-20201204.2.x86_64.qcow2;)
> > >  img_tmp = img + ".tmp"
> > >  subprocess.check_call(["ln", "-f", cimg, img_tmp])
> > >  self.exec_qemu_img("resize", img_tmp, "50G")
> > >  self.boot(img_tmp, extra_args = ["-cdrom", 
> > > self.gen_cloud_init_iso()])
> > >  self.wait_ssh()
> > >  ^^^
> > >
> > > It appears to be expecting to be able to use passwordless entry, but
> > > that doesn't appear to actually work in this case.
> > >
> > > It looks like the cloud iso generate step is supposed to handle
> > > setting up keys -- and everything appears as if it's working -- but I
> > > get SSH timeouts at this step.
> > >
> > >  From what I can see:
> > >
> > > DEBUG:root:ssh_cmd: ssh -t -o StrictHostKeyChecking=no -o
> > > UserKnownHostsFile=/dev/null -o ConnectTimeout=1 -p 41729 -i
> > > /home/jsnow/src/qemu/bin/git/vm-test-35u779h4.tmp/id_rsa -o
> > > SendEnv=https_proxy -o SendEnv=http_proxy -o SendEnv=ftp_proxy -o
> > > SendEnv=no_proxy qemu@127.0.0.1 exit 0
> > > Warning: Permanently added '[127.0.0.1]:41729' (ED25519) to the list
> > > of known hosts.
> > > qemu@127.0.0.1: Permission denied 
> > > (publickey,gssapi-keyex,gssapi-with-mic).
> > >
> > > ...and the /home/jsnow/src/qemu/bin/git/vm-test-35u779h4.tmp/id_rsa
> > > file looks identical to the qemu.git/tests/keys/id_rsa file, save for
> > > a missing trailing newline.
> > >
> > >  From a subsequent run, turning SSH debug on, I see this:
> > >
> > > debug1: Offering public key:
> > > /home/jsnow/src/qemu/bin/git/vm-test-o_x2vdwo.tmp/id_rsa RSA
> > > SHA256:6TUK9PSgWR+CbTEKA6E9IyizVjt2ZW5ble/Mg4wUiao explicit
> > > debug3: send packet: type 50
> > > debug2: we sent a publickey packet, wait for reply
> > > debug3: receive packet: type 51
> > >
> > > ... Which looks like the usual kind of bog-standard "Unrecognized key"
> > > kind of answer, IIUC.
> > >
> > > Is this working for anyone else, or can anyone offer some debugging
> > > tips on what's gone wrong here?
> > It seems to work for me - maybe it's some issue with a newer version of ssh
> > on your host? (I'm still using RHEL 8 here).
> >
> > Anyway, the VM dies shortly afterwards since it tries to install some
> > additional packages, and non-Stream CentOS 8 has been disabled at the end of
> > last year. So this test is certainly broken since half a year already and
> > nobody noticed until now. I think you can either remove it, or it should get
> > updated to CentosStream instead.
> >
> >   Thomas
> >
>
> Don't really have the interest to upgrade it myself, so if it's been
> broken for half a year, out it goes.
>

It turns out it's because the setup was failing, but we use "ln" to
make a temporary image instead of cp -- so if the setup screws up,
we've permanently damaged the cached image as well. You have to delete
the original downloaded image to restore original behavior. Then, as
you say, the old image doesn't work anymore anyway. Replacing it with
a new CentOS 8 stream image works fine, if we replace the LN with CP
like the fedora recipe does. However, some of the iotests fail due to
permissions issues with docker and FUSE.

Still trying to figure out the FUSE stuff.

I tried to update aarch64, but that test seems to need even more work.
I think I will probably just delete it, it doesn't seem like anyone is
running it or looking after it.

--js

[PATCH v1 5/7] tests/tcg: disable xtensa-linux-user again

[Alex Bennée]

From: Paolo Bonzini 

The move from tests/tcg/configure.sh started enabling the container image
for xtensa-linux-user, which fails because the compiler does not have
the full set of headers.  The cause is the "xtensa*-softmmu)" case
in tests/tcg/configure.sh which became just "xtensa*)" in the new
probe_target_compiler shell function.  Look out for xtensa*-linux-user
and do not configure it.

Reported-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220608135727.1341946-1-pbonz...@redhat.com>
Fixes: cd362defbb ("tests/tcg: merge configure.sh back into main configure 
script")
Signed-off-by: Alex Bennée 
---
 configure | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index e69537c756..4b12a8094c 100755
--- a/configure
+++ b/configure
@@ -2024,7 +2024,6 @@ probe_target_compiler() {
 container_cross_prefix=x86_64-linux-gnu-
 ;;
   xtensa*)
-# FIXME: xtensa-linux-user?
 container_hosts=x86_64
 container_image=debian-xtensa-cross
 
@@ -2481,6 +2480,10 @@ for target in $target_list; do
   echo "# Automatically generated by configure - do not modify" > 
$config_target_mak
   echo "TARGET_NAME=$arch" >> $config_target_mak
   case $target in
+xtensa*-linux-user)
+  # the toolchain is not complete with headers, only build softmmu tests
+  continue
+  ;;
 *-softmmu)
   test -f $source_path/tests/tcg/$arch/Makefile.softmmu-target || continue
   qemu="qemu-system-$arch"
-- 
2.30.2

[PATCH v1 7/7] .gitlab: use less aggressive nproc on our aarch64/32 runners

[Alex Bennée]

Running on all 80 cores of our aarch64 runner does occasionally
trigger a race condition which fails the build. However the CI system
is not the time and place to play with much heisenbugs so turn down
the nproc to "only" use 40 cores in the build.

Signed-off-by: Alex Bennée 
---
 .../custom-runners/ubuntu-20.04-aarch32.yml   |  4 ++--
 .../custom-runners/ubuntu-20.04-aarch64.yml   | 24 +--
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml 
b/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml
index 47856ac53c..1998460d06 100644
--- a/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch32.yml
@@ -19,5 +19,5 @@ ubuntu-20.04-aarch32-all:
  - mkdir build
  - cd build
  - ../configure --cross-prefix=arm-linux-gnueabihf-
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
diff --git a/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch64.yml 
b/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch64.yml
index 951e490db1..65718a188a 100644
--- a/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch64.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-20.04-aarch64.yml
@@ -17,9 +17,9 @@ ubuntu-20.04-aarch64-all-linux-static:
  - mkdir build
  - cd build
  - ../configure --enable-debug --static --disable-system --disable-glusterfs 
--disable-libssh
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
- - make --output-sync -j`nproc` check-tcg V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
+ - make --output-sync -j`nproc --ignore=40` check-tcg V=1
 
 ubuntu-20.04-aarch64-all:
  needs: []
@@ -38,8 +38,8 @@ ubuntu-20.04-aarch64-all:
  - mkdir build
  - cd build
  - ../configure --disable-libssh
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
 
 ubuntu-20.04-aarch64-alldbg:
  needs: []
@@ -55,8 +55,8 @@ ubuntu-20.04-aarch64-alldbg:
  - cd build
  - ../configure --enable-debug --disable-libssh
  - make clean
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
 
 ubuntu-20.04-aarch64-clang:
  needs: []
@@ -75,8 +75,8 @@ ubuntu-20.04-aarch64-clang:
  - mkdir build
  - cd build
  - ../configure --disable-libssh --cc=clang-10 --cxx=clang++-10 
--enable-sanitizers
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
 
 ubuntu-20.04-aarch64-tci:
  needs: []
@@ -95,7 +95,7 @@ ubuntu-20.04-aarch64-tci:
  - mkdir build
  - cd build
  - ../configure --disable-libssh --enable-tcg-interpreter
- - make --output-sync -j`nproc`
+ - make --output-sync -j`nproc --ignore=40`
 
 ubuntu-20.04-aarch64-notcg:
  needs: []
@@ -114,5 +114,5 @@ ubuntu-20.04-aarch64-notcg:
  - mkdir build
  - cd build
  - ../configure --disable-libssh --disable-tcg
- - make --output-sync -j`nproc`
- - make --output-sync -j`nproc` check V=1
+ - make --output-sync -j`nproc --ignore=40`
+ - make --output-sync -j`nproc --ignore=40` check V=1
-- 
2.30.2

[PATCH v1 6/7] gitlab: compare CIRRUS_nn vars against 'null' not ""

[Alex Bennée]

From: Daniel P. Berrangé 

The GitLab variable comparisons don't have shell like semantics where
an unset variable compares equal to empty string. We need to explicitly
test against 'null' to detect an unset variable.

Signed-off-by: Daniel P. Berrangé 
Tested-by: Richard Henderson 
Reviewed-by: Richard Henderson 
Reviewed-by: Thomas Huth 
Message-Id: <20220608160651.248781-1-berra...@redhat.com>
Signed-off-by: Alex Bennée 
---
 .gitlab-ci.d/base.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.d/base.yml b/.gitlab-ci.d/base.yml
index f334f3ded7..69b36c148a 100644
--- a/.gitlab-ci.d/base.yml
+++ b/.gitlab-ci.d/base.yml
@@ -13,7 +13,7 @@
 #
 
 # Cirrus jobs can't run unless the creds / target repo are set
-- if: '$QEMU_JOB_CIRRUS && ($CIRRUS_GITHUB_REPO == "" || $CIRRUS_API_TOKEN 
== "")'
+- if: '$QEMU_JOB_CIRRUS && ($CIRRUS_GITHUB_REPO == null || 
$CIRRUS_API_TOKEN == null)'
   when: never
 
 # Publishing jobs should only run on the default branch in upstream
-- 
2.30.2

[PATCH v1 4/7] tests/docker: fix the IMAGE for build invocation

[Alex Bennée]

We inadvertently broke the ability to run local builds when the code
was re-factored. The result was the run stanza failing to find the
docker image with it's qemu/ prefix.

Signed-off-by: Alex Bennée 
Fixes: d39eaa2266 ("tests/docker: simplify docker-TEST@IMAGE targets")
---
 tests/docker/Makefile.include | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index e68f91b853..ef4518d9eb 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -171,7 +171,7 @@ DOCKER_TESTS := $(if $(TESTS), $(filter $(TESTS), 
$(__TESTS)), $(__TESTS))
 $(foreach i,$(filter-out $(DOCKER_PARTIAL_IMAGES),$(DOCKER_IMAGES)), \
$(foreach t,$(DOCKER_TESTS), \
$(eval .PHONY: docker-$t@$i) \
-   $(eval docker-$t@$i: docker-image-$i; @$(MAKE) docker-run 
TEST=$t IMAGE=$i) \
+   $(eval docker-$t@$i: docker-image-$i; @$(MAKE) docker-run 
TEST=$t IMAGE=qemu/$i) \
) \
$(foreach t,$(DOCKER_TESTS), \
$(eval docker-all-tests: docker-$t@$i) \
-- 
2.30.2

[PATCH v1 3/7] gitlab-ci: Fix the build-cfi-aarch64 and build-cfi-ppc64-s390x jobs

[Alex Bennée]

From: Thomas Huth 

The job definitions recently got a second "variables:" section by
accident and thus are failing now if one tries to run them. Merge
the two sections into one again to fix the issue.

And while we're at it, bump the timeout here (70 minutes are currently
not enough for the aarch64 job). The jobs are marked as manual anyway,
so if the user starts them, they want to see their result for sure and
then it's annoying if the job timeouts too early.

Fixes: e312d1fdbb ("gitlab: convert build/container jobs to .base_job_template")
Signed-off-by: Thomas Huth 
Acked-by: Richard Henderson 
Message-Id: <20220603124809.70794-1-th...@redhat.com>
Signed-off-by: Alex Bennée 
---
 .gitlab-ci.d/buildtest.yml | 22 ++
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index 544385f5be..cb7cad44b5 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -357,16 +357,15 @@ build-cfi-aarch64:
   --enable-safe-stack --enable-slirp=git
 TARGETS: aarch64-softmmu
 MAKE_CHECK_ARGS: check-build
-  timeout: 70m
-  artifacts:
-expire_in: 2 days
-paths:
-  - build
-  variables:
 # FIXME: This job is often failing, likely due to out-of-memory problems in
 # the constrained containers of the shared runners. Thus this is marked as
 # skipped until the situation has been solved.
 QEMU_JOB_SKIPPED: 1
+  timeout: 90m
+  artifacts:
+expire_in: 2 days
+paths:
+  - build
 
 check-cfi-aarch64:
   extends: .native_test_job_template
@@ -398,16 +397,15 @@ build-cfi-ppc64-s390x:
   --enable-safe-stack --enable-slirp=git
 TARGETS: ppc64-softmmu s390x-softmmu
 MAKE_CHECK_ARGS: check-build
-  timeout: 70m
-  artifacts:
-expire_in: 2 days
-paths:
-  - build
-  variables:
 # FIXME: This job is often failing, likely due to out-of-memory problems in
 # the constrained containers of the shared runners. Thus this is marked as
 # skipped until the situation has been solved.
 QEMU_JOB_SKIPPED: 1
+  timeout: 80m
+  artifacts:
+expire_in: 2 days
+paths:
+  - build
 
 check-cfi-ppc64-s390x:
   extends: .native_test_job_template
-- 
2.30.2

[PATCH v1 0/7] testing/next pre-PR (docker, gitlab, tcg)

[Alex Bennée]

Hi,

Another day, another testing/next series. Mostly this contains a few
hot fixes for docker breakages and other stuff that I picked off the
list. There is a late breaking patch to try and make the aarch64 CI is
little less twitchy. We are still seeing hanging tests on the s390x
box but so far have been unable to track down why it's hanging and
more importantly why we are not seeing the runner kill errant tasks.

As there are hot fixes I'd like to turn around a PR from this soon so
any review of the following is welcome:

 - .gitlab: use less aggressive nproc on our aarch64/32 runners
 - tests/docker: fix the IMAGE for build invocation

Alex Bennée (2):
  tests/docker: fix the IMAGE for build invocation
  .gitlab: use less aggressive nproc on our aarch64/32 runners

Daniel P. Berrangé (1):
  gitlab: compare CIRRUS_nn vars against 'null' not ""

Paolo Bonzini (1):
  tests/tcg: disable xtensa-linux-user again

Richard Henderson (2):
  test/tcg/arm: Use -mfloat-abi=soft for test-armv6m-undef
  tests/tcg/i386: Use explicit suffix on fist insns

Thomas Huth (1):
  gitlab-ci: Fix the build-cfi-aarch64 and build-cfi-ppc64-s390x jobs

 configure |  5 +++-
 tests/tcg/i386/test-i386-fp-exceptions.c  | 24 +--
 tests/tcg/i386/test-i386.c|  2 +-
 .gitlab-ci.d/base.yml |  2 +-
 .gitlab-ci.d/buildtest.yml| 22 -
 .../custom-runners/ubuntu-20.04-aarch32.yml   |  4 ++--
 .../custom-runners/ubuntu-20.04-aarch64.yml   | 24 +--
 tests/docker/Makefile.include |  2 +-
 tests/tcg/arm/Makefile.softmmu-target |  2 +-
 9 files changed, 44 insertions(+), 43 deletions(-)

-- 
2.30.2

[PATCH v1 2/7] tests/tcg/i386: Use explicit suffix on fist insns

[Alex Bennée]

From: Richard Henderson 

Fixes a number of assembler warnings of the form:

test-i386.c: Assembler messages:
test-i386.c:869: Warning: no instruction mnemonic suffix given
  and no register operands; using default for `fist'

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20220527171143.168276-1-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
---
 tests/tcg/i386/test-i386-fp-exceptions.c | 24 
 tests/tcg/i386/test-i386.c   |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/tests/tcg/i386/test-i386-fp-exceptions.c 
b/tests/tcg/i386/test-i386-fp-exceptions.c
index dfb7117c17..d445f13c33 100644
--- a/tests/tcg/i386/test-i386-fp-exceptions.c
+++ b/tests/tcg/i386/test-i386-fp-exceptions.c
@@ -423,35 +423,35 @@ int main(void)
 }
 
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fistp %0" : "=m" (res_16) : "t" (1.5L) : "st");
+__asm__ volatile ("fistps %0" : "=m" (res_16) : "t" (1.5L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != PE) {
 printf("FAIL: fistp inexact\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fistp %0" : "=m" (res_16) : "t" (32767.5L) : "st");
+__asm__ volatile ("fistps %0" : "=m" (res_16) : "t" (32767.5L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fistp 32767.5\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fistp %0" : "=m" (res_16) : "t" (-32768.51L) : "st");
+__asm__ volatile ("fistps %0" : "=m" (res_16) : "t" (-32768.51L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fistp -32768.51\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fistp %0" : "=m" (res_16) : "t" (ld_nan) : "st");
+__asm__ volatile ("fistps %0" : "=m" (res_16) : "t" (ld_nan) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fistp nan\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fistp %0" : "=m" (res_16) : "t" (ld_invalid_1.ld) :
+__asm__ volatile ("fistps %0" : "=m" (res_16) : "t" (ld_invalid_1.ld) :
   "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
@@ -538,49 +538,49 @@ int main(void)
 }
 
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (1.5L) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (1.5L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != PE) {
 printf("FAIL: fisttp inexact\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (32768.0L) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (32768.0L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fisttp 32768\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (32768.5L) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (32768.5L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fisttp 32768.5\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (-32769.0L) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (-32769.0L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fisttp -32769\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (-32769.5L) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (-32769.5L) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fisttp -32769.5\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (ld_nan) : "st");
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (ld_nan) : "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
 printf("FAIL: fisttp nan\n");
 ret = 1;
 }
 __asm__ volatile ("fnclex");
-__asm__ volatile ("fisttp %0" : "=m" (res_16) : "t" (ld_invalid_1.ld) :
+__asm__ volatile ("fisttps %0" : "=m" (res_16) : "t" (ld_invalid_1.ld) :
   "st");
 __asm__ volatile ("fnstsw" : "=a" (sw));
 if ((sw & EXC) != IE) {
diff --git a/tests/tcg/i386/test-i386.c b/tests/tcg/i386/test-i386.c
index 18d5609665..ac8d5a3c1f 100644
--- a/tests/tcg/i386/test-i386.c
+++ b/tests/tcg/i386/test-i386.c
@@ -866,7 +866,7 @@ void test_fcvt(double a)
 uint16_t 

[PATCH v1 1/7] test/tcg/arm: Use -mfloat-abi=soft for test-armv6m-undef

[Alex Bennée]

From: Richard Henderson 

GCC11 from crossbuild-essential-armhf from ubuntu 22.04 errors:
cc1: error: ‘-mfloat-abi=hard’: selected architecture lacks an FPU

Signed-off-by: Richard Henderson 
Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20220604032713.174976-1-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
---
 tests/tcg/arm/Makefile.softmmu-target | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/tcg/arm/Makefile.softmmu-target 
b/tests/tcg/arm/Makefile.softmmu-target
index 3fe237ba39..7df88ddea8 100644
--- a/tests/tcg/arm/Makefile.softmmu-target
+++ b/tests/tcg/arm/Makefile.softmmu-target
@@ -20,7 +20,7 @@ LDFLAGS+=-nostdlib -N -static
 
 # Specific Test Rules
 
-test-armv6m-undef: EXTRA_CFLAGS+=-mcpu=cortex-m0
+test-armv6m-undef: EXTRA_CFLAGS+=-mcpu=cortex-m0 -mfloat-abi=soft
 
 run-test-armv6m-undef: QEMU_OPTS+=-semihosting -M microbit -kernel
 run-plugin-test-armv6m-undef-%: QEMU_OPTS+=-semihosting -M microbit -kernel
-- 
2.30.2

Re: [PULL 00/18] Block layer patches

[Kevin Wolf]

Am 09.06.2022 um 22:18 hat Richard Henderson geschrieben:
> On 6/9/22 10:21, Kevin Wolf wrote:
> > The following changes since commit 028f2361d0c2d28d6f918fe618f389228ac22b60:
> > 
> >Merge tag 'pull-target-arm-20220609' of 
> > https://git.linaro.org/people/pmaydell/qemu-arm into staging (2022-06-09 
> > 06:47:03 -0700)
> > 
> > are available in the Git repository at:
> > 
> >git://repo.or.cz/qemu/kevin.git tags/for-upstream
> > 
> > for you to fetch changes up to 7f9a8b3342ff00d3398fdc08264948762d748edb:
> > 
> >nbd: Drop dead code spotted by Coverity (2022-06-09 18:07:17 +0200)
> > 
> > 
> > Block layer patches
> > 
> > - Add vduse-blk export
> > - Dirty bitmaps: Fix and improve bitmap merge
> > - gluster: correctly set max_pdiscard
> > - rbd: report a better error when namespace does not exist
> > - aio_wait_kick: add missing memory barrier
> > - Code cleanups
> 
> Several sets of compile failures:

Hi Yongji,

the vduse-blk code fails to compile with clang as shown below. As you
already sent another series to fix up other bugs introduced in the
series, maybe it would be better if you can send a new version with all
of the necessary fixes squashed in instead of me trying to make minimal
fixes to get it to compile with clang.

Kevin

> https://gitlab.com/qemu-project/qemu/-/jobs/2571008901
> 
> ../subprojects/libvduse/libvduse.c:578:20: error: unused function
> 'vring_used_flags_set_bit' [-Werror,-Wunused-function]
> static inline void vring_used_flags_set_bit(VduseVirtq *vq, int mask)
>^
> ../subprojects/libvduse/libvduse.c:587:20: error: unused function
> 'vring_used_flags_unset_bit' [-Werror,-Wunused-function]
> static inline void vring_used_flags_unset_bit(VduseVirtq *vq, int mask)
>^
> 
> https://gitlab.com/qemu-project/qemu/-/jobs/2571008908
> 
> ../meson.build:1652:2: ERROR: Tried to use 'add_global_arguments' after a
> build target has been declared.
> 
> https://gitlab.com/qemu-project/qemu/-/jobs/2571008833
> 
> ../subprojects/libvduse/libvduse.c:325:20: error: cast to pointer from
> integer of different size [-Werror=int-to-pointer-cast]
>   325 | munmap((void *)dev->regions[i].mmap_addr,
>   |^
> ../subprojects/libvduse/libvduse.c: In function 'vduse_dev_create':
> ../subprojects/libvduse/libvduse.c:1318:54: error: format '%lu' expects
> argument of type 'long unsigned int', but argument 3 has type 'uint64_t'
> {aka 'long long unsigned int'} [-Werror=format=]
>  1318 | fprintf(stderr, "Failed to set api version %lu: %s\n",
>   |~~^
>   |  |
>   |  long unsigned int
>   |%llu
>  1319 | version, strerror(errno));
>   | ~~~
>   | |
>   | uint64_t {aka long long unsigned int}
> 
> 
> r~
> 

Re: [RFC PATCH] tcg/ppc: implement rem[u]_i{32,64} with mod[su][wd]

[Richard Henderson]

On 6/13/22 07:43, Matheus Kowalczuk Ferst wrote:

Power ISA v3.0 introduced mod[su][wd] insns that can be used to
implement rem[u]_i{32,64}.

Signed-off-by: Matheus Ferst 
---
  tcg/ppc/tcg-target.c.inc | 22 ++
  tcg/ppc/tcg-target.h |  4 ++--
  2 files changed, 24 insertions(+), 2 deletions(-)


Reviewed-by: Richard Henderson 

Queueing to tcg-next.


r~