Re: [Qemu-devel] [PATCH v7 09/38] libqos: Track QTestState with QVirtioBus

2017-09-12 Thread Thomas Huth 
On 11.09.2017 19:19, Eric Blake wrote:
> When initializing a QVirtioDevice (which always has an associated
> QVirtioBus), we want to track which QTestState to use for all
> I/O processed through that bus and device.  Copy the paradigm
> used for QPCIBus, and track the test state at the bus level; this
> in turn requires a separate bus object per device (and associated
> cleanup) rather than just sharing a const version of the dispatch
> table.
I fail to see why we need a separate bus object here for each device.
The bus is only available one time, not multiple times, isn't it? So
there should also only be one bus object floating around, not multiple
ones... or do I miss something?

 Thomas

Re: [Qemu-devel] [PATCH v4 0/8] More warning reporting fixed

2017-09-12 Thread Paolo Bonzini 
On 11/09/2017 21:52, Alistair Francis wrote:
> This series expands on my previous series by converting more existing
> prints to use warn_report() instead of error_report() or fprintf().
> 
> As discussed with Paolo and Markus this series combines libqemustub.a into
> libqemuutil.a to avoid circular dependencies.
> 
> V4:
>  - Improve some extra MIPs messages
>  - Fix build issues
>  - Fix i386 print message
> V3:
>  - Small corrections as reported by Markus
>  - Rename patch 3 and 5 so they don't have the same name
>  - Combine libqemustub.a into libqemuutil.a
>  - Add an extra patch with general cleanups
> 
> V2:
>  - Fixup auto CC logic so everyone is CCed
> 
> 
> 
> Alistair Francis (8):
>   hw/i386: Improve some of the warning messages
>   Convert remaining error_report() to warn_report()
>   Convert single line fprintf(.../n) to warn_report()
>   Convert multi-line fprintf() to warn_report()
>   General warn report fixups
>   target/mips: Convert VM clock update prints to warn_report
>   Makefile: Remove libqemustub.a
>   Convert remaining single line fprintf() to warn_report()
> 
>  Makefile|  7 +++
>  Makefile.target |  2 +-
>  accel/kvm/kvm-all.c |  7 +++
>  block/qcow2.c   |  9 +
>  block/vvfat.c   |  7 ---
>  docs/devel/build-system.txt | 16 +++-
>  hw/acpi/core.c  | 10 +-
>  hw/arm/vexpress.c   |  4 ++--
>  hw/i386/acpi-build.c| 15 ++-
>  hw/i386/pc.c|  9 -
>  hw/i386/pc_q35.c|  8 +---
>  hw/i386/xen/xen-mapcache.c  |  5 +++--
>  hw/mips/mips_malta.c|  4 ++--
>  hw/mips/mips_r4k.c  |  5 ++---
>  hw/misc/applesmc.c  |  2 +-
>  hw/s390x/s390-virtio.c  | 18 ++
>  hw/usb/hcd-ehci.c   |  5 +++--
>  hw/virtio/virtio-balloon.c  |  3 ++-
>  net/hub.c   | 10 --
>  net/net.c   | 15 ---
>  qga/vss-win32.c |  2 +-
>  target/i386/cpu.c   | 12 ++--
>  target/i386/hax-mem.c   |  6 +++---
>  target/mips/kvm.c   | 10 +-
>  target/ppc/translate_init.c | 17 -
>  target/s390x/kvm.c  |  4 ++--
>  tests/Makefile.include  |  8 
>  trace/control.c |  4 ++--
>  trace/simple.c  |  3 ++-
>  ui/keymaps.c| 10 +-
>  ui/spice-display.c  |  2 +-
>  util/cutils.c   |  3 ++-
>  util/main-loop.c|  6 +++---
>  33 files changed, 128 insertions(+), 120 deletions(-)
> 

Queued, thanks.

Paolo

Re: [Qemu-devel] [PATCH v2 2/3] hmp: fix "dump-quest-memory" segfault (arm)

2017-09-12 Thread Laurent Vivier 
On 11/09/2017 18:40, Peter Maydell wrote:
> On 11 September 2017 at 15:45, Thomas Huth  wrote:
>> On 11.09.2017 16:39, Peter Maydell wrote:
>>> On 11 September 2017 at 15:20, Laurent Vivier  wrote:
 Commit fd5d23babf (hmp: fix "dump-quest-memory" segfault)
 fixes the problem for i386, do the same for arm.

 Running QEMU with
 qemu-system-aarch64 -M none -nographic -m 256
 and executing
 dump-guest-memory /dev/null 0 8192
 results in segfault

 Fix by checking if we have CPU.

 Signed-off-by: Laurent Vivier 
>>>
>>> It seems a little arbitrary to assume that if there's no
>>> CPU what you wanted was a 32-bit little-endian dump.
>>>
>>> Why do we have a machine without a CPU anyway ?
>>
>> The "none" machine is always started without a default CPU.
> 
> If it has no CPU then how can we create a core dump for it?
> We don't (in theory) even know whether it's x86 or ARM.
> (One day we may support multiple CPU architectures in
> one QEMU binary...)
> 
> If the theory is hotplug-later then we're a bit stuck
> because we need to know information now that we can't
> know until the CPU is actually hotplugged.

As we have memory we should be able to dump memory, even without CPU.

But I can also do as proposed by Thomas and return -1 to cancel the dump
if there is no CPU.

Thanks,
Laurent

[Qemu-devel] [PATCH v7 RESEND] qga: Add support network interface statistics in guest-network-get-interfaces command

2017-09-12 Thread ZhiPeng Lu 
we can get the network interface statistics inside a virtual machine by
guest-network-get-interfaces command. it is very useful for us to monitor
and analyze network traffic.

Signed-off-by: ZhiPeng Lu 

---
v1->v2:
 - correct some spelling mistake and add the stats data to the
   guest-network-get-interfaces command instead of adding a new command.
v2-v3:
 - optimize function implementation
v3->v4:
 - modify compile error
v4->v5:
 - rename some temporary variables and add str_trim_off function for
   calculating the space num in front of the string in guest_get_network_stats
v5->v6:
 - use g_strchug instead of str_trim_off implemented by myself
v6->v7:
 - add implementation for windows
---
 qga/commands-posix.c | 72 +++-
 qga/commands-win32.c | 48 +++
 qga/qapi-schema.json | 38 ++-
 3 files changed, 156 insertions(+), 2 deletions(-)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index ab0c63d..da5dba0 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -1643,6 +1643,65 @@ guest_find_interface(GuestNetworkInterfaceList *head,
 return head;
 }
 
+static int guest_get_network_stats(const char *name,
+   GuestNetworkInterfaceStat *stats)
+{
+int name_len;
+char const *devinfo = "/proc/net/dev";
+FILE *fp;
+char *line = NULL, *colon;
+size_t n;
+fp = fopen(devinfo, "r");
+if (!fp) {
+return -1;
+}
+name_len = strlen(name);
+while (getline(, , fp) != -1) {
+long long dummy;
+long long rx_bytes;
+long long rx_packets;
+long long rx_errs;
+long long rx_dropped;
+long long tx_bytes;
+long long tx_packets;
+long long tx_errs;
+long long tx_dropped;
+char *trim_line;
+trim_line = g_strchug(line);
+if (trim_line[0] == '\0') {
+continue;
+}
+colon = strchr(trim_line, ':');
+if (!colon) {
+continue;
+}
+if (colon - name_len  == trim_line &&
+   strncmp(trim_line, name, name_len) == 0) {
+if (sscanf(colon + 1,
+"%lld %lld %lld %lld %lld %lld %lld %lld %lld %lld %lld %lld 
%lld %lld %lld %lld",
+  _bytes, _packets, _errs, _dropped,
+  , , , ,
+  _bytes, _packets, _errs, _dropped,
+  , , , ) != 16) {
+continue;
+}
+stats->rx_bytes = rx_bytes;
+stats->rx_packets = rx_packets;
+stats->rx_errs = rx_errs;
+stats->rx_dropped = rx_dropped;
+stats->tx_bytes = tx_bytes;
+stats->tx_packets = tx_packets;
+stats->tx_errs = tx_errs;
+stats->tx_dropped = tx_dropped;
+fclose(fp);
+return 0;
+}
+}
+fclose(fp);
+g_debug("/proc/net/dev: Interface not found");
+return -1;
+}
+
 /*
  * Build information about guest interfaces
  */
@@ -1659,6 +1718,7 @@ GuestNetworkInterfaceList 
*qmp_guest_network_get_interfaces(Error **errp)
 for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
 GuestNetworkInterfaceList *info;
 GuestIpAddressList **address_list = NULL, *address_item = NULL;
+GuestNetworkInterfaceStat  *interface_stat = NULL;
 char addr4[INET_ADDRSTRLEN];
 char addr6[INET6_ADDRSTRLEN];
 int sock;
@@ -1778,7 +1838,17 @@ GuestNetworkInterfaceList 
*qmp_guest_network_get_interfaces(Error **errp)
 
 info->value->has_ip_addresses = true;
 
-
+if (!info->value->has_statistics) {
+interface_stat = g_malloc0(sizeof(*interface_stat));
+if (guest_get_network_stats(info->value->name,
+interface_stat) == -1) {
+info->value->has_statistics = false;
+g_free(interface_stat);
+} else {
+info->value->statistics = interface_stat;
+info->value->has_statistics = true;
+}
+}
 }
 
 freeifaddrs(ifap);
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 619dbd2..e891253 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -1152,6 +1152,42 @@ out:
 }
 #endif
 
+static DWORD get_interface_index(const char *guid)
+{
+ULONG index;
+DWORD status;
+wchar_t wbuf[512];
+snwprintf(wbuf, sizeof(wbuf), L"\\device\\tcpip_%s", guid);
+wbuf[sizeof(wbuf) - 1] = 0;
+status = GetAdapterIndex (wbuf, );
+if (status != NO_ERROR) {
+return (DWORD)~0;
+} else {
+return index;
+}
+}
+static int guest_get_network_stats(const char *name,
+   GuestNetworkInterfaceStat *stats)
+{
+DWORD IfIndex = 0;
+MIB_IFROW aMib_ifrow;
+memset(_ifrow, 0, sizeof(aMib_ifrow));
+IfIndex = get_interface_index(name);
+aMib_ifrow.dwIndex = IfIndex;
+

Re: [Qemu-devel] [PATCH v7 13/38] libqos: Use explicit QTestState for fw_cfg operations

2017-09-12 Thread Thomas Huth 
On 11.09.2017 19:19, Eric Blake wrote:
> Drop one more client of global_qtest by teaching all fw_cfg test
> functionality (invoked through alloc-pc) to pass in an explicit
> QTestState, adjusting all callers.  In particular, fw_cfg-test
> had to reorder things to create the test state prior to creating
> the fw_cfg (and drop a pointless strdup in the meantime), but that
> test now no longer depends on global_qtest.
> 
> Signed-off-by: Eric Blake 

Reviewed-by: Thomas Huth

Re: [Qemu-devel] [PATCH v7 15/38] libqos: Use explicit QTestState for i2c operations

2017-09-12 Thread Thomas Huth 
On 11.09.2017 19:19, Eric Blake wrote:
> Drop one more client of global_qtest by teaching all i2c test
> functionality to pass in an explicit QTestState, adjusting all
> callers.
> 
> Signed-off-by: Eric Blake 
> ---
>  tests/libqos/i2c.h  |  7 --
>  tests/ds1338-test.c |  6 ++---
>  tests/libqos/i2c-imx.c  | 67 
> +
>  tests/libqos/i2c-omap.c | 45 +
>  tests/tmp105-test.c |  6 ++---
>  5 files changed, 66 insertions(+), 65 deletions(-)

Reviewed-by: Thomas Huth

Re: [Qemu-devel] qdev_get_machine() can return something non-NULL but not TYPE_MACHINE

2017-09-12 Thread Peter Maydell 
On 12 September 2017 at 08:40, Igor Mammedov  wrote:
> On Mon, 11 Sep 2017 14:33:03 +0100
> Peter Maydell  wrote:
>> It's not possible in all cases to set a CPU property from the
>> top level board code. In quite a lot of cases the CPU
>> object is created by an SoC object which is in turn
>> created by the board code, and there is no plumbing
>> there to pass arbitrary properties through to the CPU
>> object...
> there is a cleaner way without cpu accessing machine,
> make it property of cpu and use compat machinery that
> was invented for fixing up stuff of this kind.
>
> SET_MACHINE_COMPAT(MachineClass,
>{ .driver = "arm-cpu",
>  .property = "foo",
>  .value= "off",
>}
>   )

It looks like we only use that machine-compat stuff on
our versioned boards, which is pretty much the only place
where we don't need to set this particular flag...

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 0/3] QEMU Backup Tool

2017-09-12 Thread Stefan Hajnoczi 
On Fri, Sep 08, 2017 at 10:11:42PM +0530, Ishani Chugh wrote:
> This patch series is intended to introduce QEMU Backup tool.
> qemu-backup will be a command-line tool for performing full and
> incremental disk backups on running VMs. It is intended as a
> reference implementation for management stack and backup developers
> to see QEMU's backup features in action.
> This patch series contains three patches,
>1) QEMU Backup command line tool.
>2) Test for full backup.
>3) Manpage for the tool.
> v4:
> * Reorganize patch structure.
> * Modify commit message for backup tool commit.
> * Organize examples by subcommands.
> * Add checks for required arguments.
> * Adds required arguments group to mandatory arguments.
> * Add checks for validating socket path.
> 
> Ishani Chugh (3):
>   Add manpage for QEMU Backup Tool
>   backup: Adds Backup Tool
>   Test for full Backup
> 
>  Makefile|  14 +-
>  contrib/backup/qemu-backup.py   | 373 
> 
>  contrib/backup/qemu-backup.texi | 142 +++
>  tests/qemu-iotests/191  |  86 +
>  tests/qemu-iotests/191.out  |  35 
>  tests/qemu-iotests/group|   1 +
>  6 files changed, 647 insertions(+), 4 deletions(-)
>  create mode 100755 contrib/backup/qemu-backup.py
>  create mode 100644 contrib/backup/qemu-backup.texi
>  create mode 100755 tests/qemu-iotests/191
>  create mode 100644 tests/qemu-iotests/191.out
> 
> --
> 2.7.4

Aside from Fam's comment:

Reviewed-by: Stefan Hajnoczi

Re: [Qemu-devel] [PATCH v7 07/38] libqtest: Inline qtest_query_target_endianness()

2017-09-12 Thread Thomas Huth 
On 11.09.2017 19:19, Eric Blake wrote:
> There was only one caller; it's easier to inline things.  (It
> trades one forward declaration for two others, but it's not
> worth the additional churn of topological sorting, even though
> that would be possible.)
> 
> Signed-off-by: Eric Blake 
> 
> ---
> v7: Drop the topological sorting
> ---
>  tests/libqtest.c | 26 +-
>  1 file changed, 9 insertions(+), 17 deletions(-)
> 
> diff --git a/tests/libqtest.c b/tests/libqtest.c
> index 95d4159b38..1710d63276 100644
> --- a/tests/libqtest.c
> +++ b/tests/libqtest.c
> @@ -49,7 +49,9 @@ static struct sigaction sigact_old;
>  g_assert_cmpint(ret, !=, -1); \
>  } while (0)
> 
> -static int qtest_query_target_endianness(QTestState *s);
> +static void qtest_sendf(QTestState *s, const char *fmt, ...)
> +GCC_FMT_ATTR(2, 3);
> +static gchar **qtest_rsp(QTestState *s, int expected_args);
> 
>  static int init_socket(const char *socket_path)
>  {
> @@ -158,6 +160,7 @@ QTestState *qtest_init_without_qmp_handshake(const char 
> *extra_args)
>  gchar *qmp_socket_path;
>  gchar *command;
>  const char *qemu_binary;
> +gchar **args;
> 
>  qemu_binary = getenv("QTEST_QEMU_BINARY");
>  if (!qemu_binary) {
> @@ -221,8 +224,11 @@ QTestState *qtest_init_without_qmp_handshake(const char 
> *extra_args)
>  }
> 
>  /* ask endianness of the target */
> -
> -s->big_endian = qtest_query_target_endianness(s);
> +qtest_sendf(s, "endianness\n");
> +args = qtest_rsp(s, 1);
> +g_assert(strcmp(args[1], "big") == 0 || strcmp(args[1], "little") == 0);
> +s->big_endian = strcmp(args[1], "big") == 0;
> +g_strfreev(args);
> 
>  return s;
>  }
> @@ -367,20 +373,6 @@ redo:
>  return words;
>  }
> 
> -static int qtest_query_target_endianness(QTestState *s)
> -{
> -gchar **args;
> -int big_endian;
> -
> -qtest_sendf(s, "endianness\n");
> -args = qtest_rsp(s, 1);
> -g_assert(strcmp(args[1], "big") == 0 || strcmp(args[1], "little") == 0);
> -big_endian = strcmp(args[1], "big") == 0;
> -g_strfreev(args);
> -
> -return big_endian;
> -}
> -
>  typedef struct {
>  JSONMessageParser parser;
>  QDict *response;

Looking at this patch again, I'm not sure anymore whether this is really
worth the effort. Keeping code that belongs together in a separate
function also makes sense ... Not sure, but I'd maybe rather drop this
patch. But in case you want to keep it:

Reviewed-by: Thomas Huth

Re: [Qemu-devel] [RFC PATCH qemu 3/4] memory: Share flat views and dispatch trees between address spaces

2017-09-12 Thread Paolo Bonzini 
On 12/09/2017 07:55, Alexey Kardashevskiy wrote:
> On 12/09/17 01:30, Paolo Bonzini wrote:
>> On 11/09/2017 14:08, Alexey Kardashevskiy wrote:
 Ok, this makes sense.  Maybe it should be a flatview rather than an
 AddressSpaceDispatch (a FlatView is essentially a list of
 MemoryRegionSections; attaching the ASD to the FlatView is more or less
 an implementation detail).
>>> The helpers I converted from AddressSpace to AddressSpaceDispatch do use
>>> dispatch structure only and do not use FlatView so it seemed logical.
>>
>> Understood, but from a design POV FlatView makes more sense.
>>
>>> btw this address_space in MemoryRegionSection - it does not seem to make
>>> much sense in the PhysPageMap::sections array, it only makes sense when
>>> MemoryRegionSection uses as a temporary object when calling listeners. Will
>>> it make sense if we enforce MemoryRegionSection::address_space to be NULL
>>> in the array and not NULL when used temporary?
>>
>> memory_region_section_get_iotlb needs to access the AddressSpaceDispatch
>> for sections stored in the PhysPageMap array, because
>> memory_region_section_get_iotlb uses the ASD to compute the section index.
> 
> Ohhh, not extremely trivial, out of curiosity - is that iotlb encoding
> described anywhere?

No, I don't think so.

> Anyway, this can be simplified (or rather made more straightforward?) -
> tlb_set_page_with_attrs() can calculate the section index and pass it to
> memory_region_section_get_iotlb(). Still does not make much sense? It just
> looks quite useless to keep that address_space pointer alive just for one
> case which can easily avoid using this pointer.

Hmm I suppose address_space_translate_for_iotlb knows the ASD and could
also return the index, basically combining it and
memory_region_section_get_iotlb() into one function.

Paolo

Re: [Qemu-devel] [PATCH v1 0/6] QEMU: kvm: cleanup kvm_slot handling

2017-09-12 Thread Paolo Bonzini 
On 11/09/2017 19:49, David Hildenbrand wrote:
> We can heavily simplify the kvm_slot code. Flatview will make sure that we
> don't have to deal with overlapping slots. E.g. when a memory section is
> resized, we are first notified about the removal and then about the new
> memory section.
> 
> So basically, we can directly always map one memory section to one
> kvm slot (if the fixed up size is > 0).
> 
> 
> RFC -> v1:
> - minor changes to avoid changing indentation, therefore making it easier
>   to review

Queued, thanks!

Paolo

> 
> David Hildenbrand (6):
>   kvm: require JOIN_MEMORY_REGIONS_WORKS
>   kvm: factor out alignment of memory section
>   kvm: use start + size for memory ranges
>   kvm: we never have overlapping slots in kvm_set_phys_mem()
>   kvm: kvm_log_start/stop are only called with known sections
>   kvm: kvm_log_sync() is only called with known memory sections
> 
>  accel/kvm/kvm-all.c | 235 
> +++-
>  1 file changed, 68 insertions(+), 167 deletions(-)
>

Re: [Qemu-devel] qdev_get_machine() can return something non-NULL but not TYPE_MACHINE

2017-09-12 Thread Igor Mammedov 
On Mon, 11 Sep 2017 14:33:03 +0100
Peter Maydell  wrote:

> On 11 September 2017 at 13:10, Igor Mammedov  wrote:
> > On Tue, 5 Sep 2017 10:08:01 +0100
> > Peter Maydell  wrote:
> >  
> >> On 4 September 2017 at 20:38, Igor Mammedov  wrote:  
> >> > On Mon, 4 Sep 2017 17:36:59 +0100
> >> > Peter Maydell  wrote:
> >> >  
> >> >> I just got bitten by qdev_get_machine()'s behaviour on the user-only
> >> >> emulators, where it can return something that isn't NULL and isn't
> >> >> an instance of TYPE_MACHINE either.  
> >> > user-only shouldn't get to qdev_get_machine() at all,
> >> > issue probably in container_get().  
> >>
> >> I need it in cpu_common_realizefn(), for
> >> http://patchwork.ozlabs.org/patch/797940/  
> > Link might be broken (unable to connect to server)  
> 
> Works for me, but it is in master now anyway, commit
> ed860129acd3fcd0b1.
> 
> > Anyways I'd avoid using machine from cpu_*_realizefn(),
> > instead of I'd add property to CPU that has needed data
> > and set it from board code. Should work fine for *-user targets
> > and maintain clear separation of device impl. and board details.  
> 
> It's not possible in all cases to set a CPU property from the
> top level board code. In quite a lot of cases the CPU
> object is created by an SoC object which is in turn
> created by the board code, and there is no plumbing
> there to pass arbitrary properties through to the CPU
> object...
there is a cleaner way without cpu accessing machine,
make it property of cpu and use compat machinery that
was invented for fixing up stuff of this kind.

SET_MACHINE_COMPAT(MachineClass,
   { .driver = "arm-cpu",
 .property = "foo",
 .value= "off",
   }
  )

> 
> thanks
> -- PMM

Re: [Qemu-devel] [PATCH] MAINTAINERS: Update git URLs for my trees

2017-09-12 Thread Paolo Bonzini 
On 01/09/2017 17:47, Eduardo Habkost wrote:
> On Fri, Sep 01, 2017 at 12:39:28PM -0300, Eduardo Habkost wrote:
>> List the branches where I queue patches for Machine Core, NUMA,
>> Memory Backends, and X86.  Update the NUMA section to list the
>> "numa-next" branch instead of "numa".
>>
>> Signed-off-by: Eduardo Habkost 
>> ---
>>  MAINTAINERS | 5 -
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index ccee28b12d..d72d8183bf 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -250,6 +250,7 @@ S: Maintained
>>  F: target/i386/
>>  F: hw/i386/
>>  F: disas/i386.c
>> +T: git git://github.com/ehabkost/qemu.git x86-next
> 
> Note: in the case of X86, Paolo and Richard have their own trees
> too.  We probably should list them to avoid misleading people to
> think mine is the only one.
> 
> Paolo, Richard: any git URLs you would like to list here?

I don't have a public branch.  Because I generally collect random
patches and send them out when I have time to test, the public branch
might not even compile at times. :)

Paolo

Re: [Qemu-devel] Questions regarding emulated UART in VersatilePB board

2017-09-12 Thread Peter Maydell 
On 12 September 2017 at 08:49, Ramy Sameh  wrote:
> Hello Peter,
>
> Any suggestions regarding this topic ?

No, I think at this point you're into the stuff that
you need to think about yourself, ie what exactly
you want fault injection to do.

PS: your emails would be easier to read if you followed
the usual convention of putting replies at the bottom
of or interspersed with the quoted text rather than the top.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v7 24/38] tests/acpi-utils: Drop dependence on global_qtest

2017-09-12 Thread Thomas Huth 
On 11.09.2017 19:20, Eric Blake wrote:
> As a general rule, we prefer avoiding implicit global state
> because it makes code harder to safely copy and paste without
> thinking about the global state.  Adjust the helper code to
> use explicit state instead, and update all callers.
> 
> bios-tables-test no longer depends on global_qtest, now that it
> passes explicit state through the testsuite data; an assert
> proves this fact (although we will get rid of it later, once
> global_qtest is gone).
> 
> Signed-off-by: Eric Blake 
[...]
> diff --git a/tests/vmgenid-test.c b/tests/vmgenid-test.c
> index 0ea98b86d7..970c6274fd 100644
> --- a/tests/vmgenid-test.c
> +++ b/tests/vmgenid-test.c
> @@ -50,15 +50,15 @@ static uint32_t acpi_find_vgia(void)
>  boot_sector_test(global_qtest);
> 
>  /* Tables should be initialized now. */
> -rsdp_offset = acpi_find_rsdp_address();
> +rsdp_offset = acpi_find_rsdp_address(global_qtest);
> 
>  g_assert_cmphex(rsdp_offset, <, RSDP_ADDR_INVALID);
> 
> -acpi_parse_rsdp_table(rsdp_offset, _table);
> +acpi_parse_rsdp_table(global_qtest, rsdp_offset, _table);
> 
>  rsdt = rsdp_table.rsdt_physical_address;
>  /* read the header */
> -ACPI_READ_TABLE_HEADER(_table, rsdt);
> +ACPI_READ_TABLE_HEADER(global_qtest, _table, rsdt);
>  ACPI_ASSERT_CMP(rsdt_table.signature, "RSDT");
> 
>  /* compute the table entries in rsdt */
> @@ -68,21 +68,21 @@ static uint32_t acpi_find_vgia(void)
> 
>  /* get the addresses of the tables pointed by rsdt */
>  tables = g_new0(uint32_t, tables_nr);
> -ACPI_READ_ARRAY_PTR(tables, tables_nr, rsdt);
> +ACPI_READ_ARRAY_PTR(global_qtest, tables, tables_nr, rsdt);
> 
>  for (i = 0; i < tables_nr; i++) {
> -ACPI_READ_TABLE_HEADER(_table, tables[i]);
> +ACPI_READ_TABLE_HEADER(global_qtest, _table, tables[i]);
>  if (!strncmp((char *)ssdt_table.oem_table_id, "VMGENID", 7)) {
>  /* the first entry in the table should be VGIA
>   * That's all we need
>   */
> -ACPI_READ_FIELD(vgid_table.name_op, tables[i]);
> +ACPI_READ_FIELD(global_qtest, vgid_table.name_op, tables[i]);
>  g_assert(vgid_table.name_op == 0x08);  /* name */
> -ACPI_READ_ARRAY(vgid_table.vgia, tables[i]);
> +ACPI_READ_ARRAY(global_qtest, vgid_table.vgia, tables[i]);
>  g_assert(memcmp(vgid_table.vgia, "VGIA", 4) == 0);
> -ACPI_READ_FIELD(vgid_table.val_op, tables[i]);
> +ACPI_READ_FIELD(global_qtest, vgid_table.val_op, tables[i]);
>  g_assert(vgid_table.val_op == 0x0C);  /* dword */
> -ACPI_READ_FIELD(vgid_table.vgia_val, tables[i]);
> +ACPI_READ_FIELD(global_qtest, vgid_table.vgia_val, tables[i]);
>  /* The GUID is written at a fixed offset into the fw_cfg file
>   * in order to implement the "OVMF SDT Header probe suppressor"
>   * see docs/specs/vmgenid.txt for more details
> 

I'd maybe use a local "QTestState *qts = global_qtest;" at the beginning
of this function instead, and then use "qts" instead of "global_qtest in
this function ... then we have to only touch one line later instead of
changing all lines with "global_qtest" again.

Any way:
Reviewed-by: Thomas Huth

Re: [Qemu-devel] Questions regarding emulated UART in VersatilePB board

2017-09-12 Thread Ramy Sameh 
Hello Peter,

Any suggestions regarding this topic ?

On Sun, Sep 10, 2017 at 8:33 PM, Ramy Sameh  wrote:

> Thanks Peter.
>
> I have made a program to read a string from the UART, then write it again
> to the UART.
> I made a function to manipulate values in the pl011 registers (bit
> flipping the flags inside the registers).
> The target is to simulate hardware fault injection.
>
> For each run of the program, I made a bit-flip in *only one flag* in *one
> register*, and I observed the output of the program.
>
> *My question is*: where to invoke the call of this fault injection
> function to cause *the maximum effect* on the program's output?
>
> *p.s.* I invoked it once inside pl011_read function, and the program gave
> a certain output, and I invoked it again in pl011_update, and it gave
> another output.
> When I invoked the function in pl011_write, the faults injected had no
> effect on the output of the program!
>
> Do you have an explanation for this behaviour?
>
> Thanks in advance.
>
>
> On Wed, Sep 6, 2017 at 2:18 PM, Peter Maydell 
> wrote:
>
>> On 6 September 2017 at 13:12, Ramy Sameh  wrote:
>> > Do the emulated baud rate registers have any effect? (I think they would
>> > have no effect, because there is no real clock that can be used to
>> produce
>> > the baud rate).
>>
>> No, they don't have any effect. (In this UART model we don't implement
>> the feature that you can connect a guest serial port to a host serial
>> port and have the guest baud rate etc settings propagate through.
>> We do that in other UART models and maybe one day we'll add it here,
>> but for now, baud rate settings are ignored.)
>>
>> thanks
>> -- PMM
>>
>
>
>
> --
> Best Regards,
> Ramy Sameh
> Embedded Software Engineer
> +2-010-172-777-14
>



-- 
Best Regards,
Ramy Sameh
Embedded Software Engineer
+2-010-172-777-14

Re: [Qemu-devel] [PATCH] i386/cpu/hyperv: support over 64 vcpus for windows guests

2017-09-12 Thread Paolo Bonzini 
On 12/09/2017 03:41, Gonglei (Arei) wrote:
> 
>> -Original Message-
>> From: Eduardo Habkost [mailto:ehabk...@redhat.com]
>> Sent: Tuesday, September 12, 2017 2:38 AM
>> To: Gonglei (Arei)
>> Cc: qemu-devel@nongnu.org; m...@redhat.com; pbonz...@redhat.com;
>> r...@twiddle.net; mtosa...@redhat.com; vroze...@redhat.com;
>> Huangweidong (C)
>> Subject: Re: [PATCH] i386/cpu/hyperv: support over 64 vcpus for windows
>> guests
>>
>> On Mon, Sep 11, 2017 at 11:20:27PM +0800, Gonglei wrote:
>>> Starting with Windows Server 2012 and Windows 8, if
>>> CPUID.4005.EAX contains a value of -1, Windows assumes specific
>>> limit to the number of VPs. In this case, Windows Server 2012
>>> guest VMs may use more than 64 VPs, up to the maximum supported
>>> number of processors applicable to the specific Windows
>>> version being used.
>>>
>>>
>> https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/referenc
>> e/tlfs
>>>
>>> For compatibility, Let's introduce a new property for X86CPU,
>>> named "x-hv-max-vps" as Eduardo's suggestion, and set it
>>> to 0x40 before machine 2.10.
>>>
>>> (The "x-" prefix indicates that the property is not supposed to
>>> be a stable user interface.)
>>>
>>> Signed-off-by: Gonglei 
>>> ---
>>>  include/hw/i386/pc.h |  5 +
>>>  target/i386/cpu.c|  1 +
>>>  target/i386/cpu.h|  2 ++
>>>  target/i386/kvm.c| 15 ++-
>>>  4 files changed, 22 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
>>> index 8226904..087d184 100644
>>> --- a/include/hw/i386/pc.h
>>> +++ b/include/hw/i386/pc.h
>>> @@ -371,6 +371,11 @@ bool e820_get_entry(int, uint32_t, uint64_t *,
>> uint64_t *);
>>>
>>>  #define PC_COMPAT_2_10 \
>>>  HW_COMPAT_2_10 \
>>> +{\
>>> +.driver   = TYPE_X86_CPU,\
>>> +.property = "x-hv-max-vps",\
>>> +.value= "0x40",\
>>> +},
>>>
>>>  #define PC_COMPAT_2_9 \
>>>  HW_COMPAT_2_9 \
>>> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
>>> index 69676e1..2702485 100644
>>> --- a/target/i386/cpu.c
>>> +++ b/target/i386/cpu.c
>>> @@ -4145,6 +4145,7 @@ static Property x86_cpu_properties[] = {
>>>   false),
>>>  DEFINE_PROP_BOOL("vmware-cpuid-freq", X86CPU,
>> vmware_cpuid_freq, true),
>>>  DEFINE_PROP_BOOL("tcg-cpuid", X86CPU, expose_tcg, true),
>>> +DEFINE_PROP_INT32("x-hv-max-vps", X86CPU, hv_max_vps, -1),
>>>  DEFINE_PROP_END_OF_LIST()
>>>  };
>>>
>>> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
>>> index 525d35d..5c726f3 100644
>>> --- a/target/i386/cpu.h
>>> +++ b/target/i386/cpu.h
>>> @@ -1282,6 +1282,8 @@ struct X86CPU {
>>>  int32_t socket_id;
>>>  int32_t core_id;
>>>  int32_t thread_id;
>>> +
>>> +int32_t hv_max_vps;
>>>  };
>>>
>>>  static inline X86CPU *x86_env_get_cpu(CPUX86State *env)
>>> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
>>> index 6db7783..a898bef 100644
>>> --- a/target/i386/kvm.c
>>> +++ b/target/i386/kvm.c
>>> @@ -751,7 +751,20 @@ int kvm_arch_init_vcpu(CPUState *cs)
>>>
>>>  c = _data.entries[cpuid_i++];
>>>  c->function = HYPERV_CPUID_IMPLEMENT_LIMITS;
>>> -c->eax = 0x40;
>>> +
>>> +/*
>>> + * From "Requirements for Implementing the Microsoft
>>> + * Hypervisor Interface":
>>> + *
>> https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/referenc
>> e/tlfs
>>> + *
>>> + * "Starting with Windows Server 2012 and Windows 8, if
>>> + * CPUID.4005.EAX contains a value of -1, Windows assumes
>>> + * specific limit to the number of VPs. In this case, Windows
>>> + * Server 2012 guest VMs may use more than 64 VPs, up to the
>>> + * maximum supported number of processors applicable to the
>>> + * specific Windows version being used."
>>> + */
>>
>> I would place this comment above the DEFINE_PROP_INT32
>> declaration, as its purpose is to explain the -1 default.
>>
> Fine, do I need to send v2? Or you adjust it directly?

Done, also changing the sentence to "Windows assumes that the hypervisor
imposes no specific limit to the number of VPs" as in the Microsoft
document.

Paolo

> 
> Thanks,
> -Gonglei
>>
>>> +c->eax = cpu->hv_max_vps;
>>>  c->ebx = 0x40;
>>>
>>>  kvm_base = KVM_CPUID_SIGNATURE_NEXT;
>>> --
>>> 1.8.3.1
>>>
>>>
>>
>> --
>> Eduardo

Re: [Qemu-devel] [PATCH 0/2] hyperv: own protocol header instead of kernel's

2017-09-12 Thread Paolo Bonzini 
On 31/08/2017 18:37, Roman Kagan wrote:
> On Thu, Jul 13, 2017 at 11:15:20PM +0300, Roman Kagan wrote:
>> Supersede kernel's header for Hyper-V protocol definitions with our own.
>> The reason is that, since this is a third-party protocol and not a
>> kernel API, the kernel folks are not happy exposing it in the kernel
>> uapi.
>>
>> The patchset is done to allow gradual transition from the kernel's
>> hyperv.h to the new one: the first patch introduces the new header that
>> doesn't conflict with the old one, and the second makes sure the old one
>> isn't imported from the kernel any longer, so that the maintainers can
>> do the next round of kernel header import at their leisure and things
>> will keep working.
>>
>> Once (if) this lands in QEMU I'll post patches to KVM to move its
>> hyperv.h out of uapi.
>>
>> This is the first part split out of my former biggish "hyperv fixes and
>> enhancements" series.  The only change is the underscore replaced with a
>> dash in the header file name.

Queued, thanks.

Paolo

>> Roman Kagan (2):
>>   hyperv: add header with protocol definitions
>>   update-linux-headers: prepare for hyperv.h removal
>>
>>  target/i386/cpu.h   |  10 +-
>>  target/i386/hyperv-proto.h  | 257 
>> 
>>  target/i386/cpu.c   |   4 +-
>>  target/i386/hyperv.c|   6 +-
>>  target/i386/kvm.c   |  57 +
>>  target/i386/machine.c   |  15 +--
>>  scripts/update-linux-headers.sh |   4 +-
>>  7 files changed, 304 insertions(+), 49 deletions(-)
>>  create mode 100644 target/i386/hyperv-proto.h
>>
>> -- 
>> 2.13.0
>>
>>
> 
> Ping?
> 
> Roman.
>

[Qemu-devel] Suggested Wiki Update

2017-09-12 Thread Viktor Mihajlovski 
Hi,

the content of https://wiki.qemu.org/index.php/Features/S390xNetworkBoot
is slightly outdated since proper DHCP based netboot support for s390x
has been implemented by the series ending with commit 29d1221.

As it is still desirable to provide some instructions on building
network bootable images for the s390x architecture, I'd like to suggest
that the text is replaced (see proposal below). Conny, could I once more
request your help in that matter?

== Building a s390 network bootable binary ==

Since 2.10 QEMU offers network boot support which allows to load a
binary from a TFTP server and boot it. As s390 network bootable images
are not very common, this document gives a brief overview on how to
build one.

A s390 network bootable image can be built by bundling some shell
scripts, busybox and the kexec binary bundled into an initial ramdisk
and append that to a kernel image. An existing s390 system can be used
as source.

One way to do that is to take a kernel and an installer initial ramdisk
from a distribution's DVD/ISO and concatenate them. Some fixups are
necessary int the new binary, which can be done by using the script in
[https://github.com/ibm-s390-tools/s390-tools/blob/master/netboot/mk-s390image].
Booting this image would then start the installation process as if
booted from the DVD.

Another possible way is to build a binary that behaves similar to the
PXELINUX boot loader. In this case an initial ramdisk with an init
process triggering the PXELINUX-like processing has to be built as
described in
[https://github.com/ibm-s390-tools/s390-tools/tree/master/netboot]. The
site also contains a script assisting in the creation of such an initial
ramdisk.

-- 

Mit freundlichen Grüßen/Kind Regards
   Viktor Mihajlovski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Köderitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294

Re: [Qemu-devel] [PATCH v2 6/6] io: Reply to ping frames

2017-09-12 Thread Daniel P. Berrange 
On Mon, Sep 11, 2017 at 12:04:15PM -0700, Brandon Carpenter wrote:
> On Mon, Sep 11, 2017 at 10:10 AM, Daniel P. Berrange 
> wrote:
> > It feels like this is still dangerous - the client simply has to
> > interleave each "ping" with a 1 byte binary frame to get around this
> > limit. We need to make sure we have an absolute cap on the output buffer
> > size.
> 
> Okay. I see that now that I look at it more closely. This breed of
> asynchronous I/O is tricky because the conditions for reading/writing are
> all over the place. There's a lot of context to keep in your head.
> 
> I have a fix. And I realized that I was missing a patch in the series for
> RFC-compliant closing of websocket connections, which I must have lost
> during a rebase. Should I submit v3 of the patch series or just add those
> patches to this thread?

It is generally preferred practice to submit new top level threads, rather
than sending more patches to a previous thread.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[Qemu-devel] [PATCH v7 RESEND] qga: Add support network interface statistics in guest-network-get-interfaces command

2017-09-12 Thread ZhiPeng Lu 
we can get the network interface statistics inside a virtual machine by
guest-network-get-interfaces command. it is very useful for us to monitor
and analyze network traffic.

Signed-off-by: ZhiPeng Lu 

v1->v2:
 - correct some spelling mistake and add the stats data to the
   guest-network-get-interfaces command instead of adding a new command.
v2-v3:
 - optimize function implementation
v3->v4:
 - modify compile error
v4->v5:
 - rename some temporary variables and add str_trim_off function for
   calculating the space num in front of the string in guest_get_network_stats
v5->v6:
 - use g_strchug instead of str_trim_off implemented by myself
v6->v7:
 - add implementation for windows
---
 qga/commands-posix.c | 72 +++-
 qga/commands-win32.c | 47 ++
 qga/qapi-schema.json | 38 ++-
 3 files changed, 155 insertions(+), 2 deletions(-)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index d8e4122..b65dd8e 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -1639,6 +1639,65 @@ guest_find_interface(GuestNetworkInterfaceList *head,
 return head;
 }
 
+static int guest_get_network_stats(const char *name,
+   GuestNetworkInterfaceStat *stats)
+{
+int name_len;
+char const *devinfo = "/proc/net/dev";
+FILE *fp;
+char *line = NULL, *colon;
+size_t n;
+fp = fopen(devinfo, "r");
+if (!fp) {
+return -1;
+}
+name_len = strlen(name);
+while (getline(, , fp) != -1) {
+long long dummy;
+long long rx_bytes;
+long long rx_packets;
+long long rx_errs;
+long long rx_dropped;
+long long tx_bytes;
+long long tx_packets;
+long long tx_errs;
+long long tx_dropped;
+char *trim_line;
+trim_line = g_strchug(line);
+if (trim_line[0] == '\0') {
+continue;
+}
+colon = strchr(trim_line, ':');
+if (!colon) {
+continue;
+}
+if (colon - name_len  == trim_line &&
+   strncmp(trim_line, name, name_len) == 0) {
+if (sscanf(colon + 1,
+"%lld %lld %lld %lld %lld %lld %lld %lld %lld %lld %lld %lld 
%lld %lld %lld %lld",
+  _bytes, _packets, _errs, _dropped,
+  , , , ,
+  _bytes, _packets, _errs, _dropped,
+  , , , ) != 16) {
+continue;
+}
+stats->rx_bytes = rx_bytes;
+stats->rx_packets = rx_packets;
+stats->rx_errs = rx_errs;
+stats->rx_dropped = rx_dropped;
+stats->tx_bytes = tx_bytes;
+stats->tx_packets = tx_packets;
+stats->tx_errs = tx_errs;
+stats->tx_dropped = tx_dropped;
+fclose(fp);
+return 0;
+}
+}
+fclose(fp);
+g_debug("/proc/net/dev: Interface not found");
+return -1;
+}
+
 /*
  * Build information about guest interfaces
  */
@@ -1655,6 +1714,7 @@ GuestNetworkInterfaceList 
*qmp_guest_network_get_interfaces(Error **errp)
 for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
 GuestNetworkInterfaceList *info;
 GuestIpAddressList **address_list = NULL, *address_item = NULL;
+GuestNetworkInterfaceStat  *interface_stat = NULL;
 char addr4[INET_ADDRSTRLEN];
 char addr6[INET6_ADDRSTRLEN];
 int sock;
@@ -1774,7 +1834,17 @@ GuestNetworkInterfaceList 
*qmp_guest_network_get_interfaces(Error **errp)
 
 info->value->has_ip_addresses = true;
 
-
+if (!info->value->has_statistics) {
+interface_stat = g_malloc0(sizeof(*interface_stat));
+if (guest_get_network_stats(info->value->name,
+interface_stat) == -1) {
+info->value->has_statistics = false;
+g_free(interface_stat);
+} else {
+info->value->statistics = interface_stat;
+info->value->has_statistics = true;
+}
+}
 }
 
 freeifaddrs(ifap);
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 6f16457..433453d 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -1152,6 +1152,42 @@ out:
 }
 #endif
 
+static DWORD get_interface_index(const char *guid)
+{
+ULONG index;
+DWORD status;
+wchar_t wbuf[512];
+snwprintf(wbuf, sizeof(wbuf), L"\\device\\tcpip_%s", guid);
+wbuf[sizeof(wbuf) - 1] = 0;
+status = GetAdapterIndex (wbuf, );
+if (status != NO_ERROR) {
+return (DWORD)~0;
+} else {
+return index;
+}
+}
+static int guest_get_network_stats(const char *name,
+   GuestNetworkInterfaceStat *stats)
+{
+DWORD IfIndex = 0;
+MIB_IFROW aMib_ifrow;
+memset(_ifrow, 0, sizeof(aMib_ifrow));
+IfIndex = get_interface_index(name);
+aMib_ifrow.dwIndex = IfIndex;
+if

Re: [Qemu-devel] [PATCH v7 08/38] libqos: Track QTestState with QPCIBus

2017-09-12 Thread Thomas Huth 
On 11.09.2017 19:19, Eric Blake wrote:
> When initializing a QPCIBus, track which QTestState the bus is
> associated with (so that a later patch can then explicitly use
> that test state for all communication on the bus, rather than
> blindly relying on global_qtest).  Update the initialization
> functions to take another parameter, and update all callers to
> pass in state (for now, most callers get away with passing the
> current global_qtest as the current state, although this required
> fixing the order of initialization to ensure qtest_start() is
> called before qpci_init*() in rtl8139-test, and provided an
> opportunity to pass in the allocator in e1000e-test).
> 
> Touch up some allocations to use g_new0() rather than g_malloc()
> while in the area, and simplify some code (all implementations
> of QOSOps provide a .init_allocator() that never fails).
> 
> Signed-off-by: Eric Blake 

Reviewed-by: Thomas Huth

Re: [Qemu-devel] [PATCH v7 12/38] libqos: Use explicit QTestState for virtio operations

2017-09-12 Thread Thomas Huth 
On 11.09.2017 19:19, Eric Blake wrote:
> Now that QVirtioDevice and QVirtQueue point back to QVirtioBus,
> we can reuse the explicit QTestState stored there rather than
> relying on implicit global_qtest.  We also have to pass QTestState
> through a few functions that can't trace back through
> QVirtioDevice, and update those callers.
> 
> Drop some useless casts while touching things.
> 
> Signed-off-by: Eric Blake 
> ---
>  tests/libqos/virtio.h  |  6 ++--
>  tests/libqos/virtio-mmio.c | 57 ++-
>  tests/libqos/virtio-pci.c  |  8 ++---
>  tests/libqos/virtio.c  | 84 
> ++
>  tests/virtio-blk-test.c| 11 +++---
>  5 files changed, 94 insertions(+), 72 deletions(-)

Reviewed-by: Thomas Huth

Re: [Qemu-devel] [PATCH v7 16/38] libqos: Use explicit QTestState for ahci operations

2017-09-12 Thread Thomas Huth 
On 11.09.2017 19:20, Eric Blake wrote:
> Drop one more client of global_qtest by teaching all ahci test
> functionality to pass in an explicit QTestState.  The state was
> already available, so no callers had to be adjusted.
> 
> Signed-off-by: Eric Blake 

Reviewed-by: Thomas Huth

Re: [Qemu-devel] [PATCH v7 26/38] libqtest: Merge qtest_end() into qtest_quit()

2017-09-12 Thread Thomas Huth 
On 11.09.2017 19:20, Eric Blake wrote:
> Rather than have two similar shutdown functions, where one requires
> the use of global_qtest in the header, it is better to have a single
> shutdown function that still takes care of cleaning up global_qtest
> if it is set.  All callers are updated.
> 
> Signed-off-by: Eric Blake 

Reviewed-by: Thomas Huth

Re: [Qemu-devel] [Qemu-arm] [PATCH v7 00/20] ARM SMMUv3 Emulation Support

2017-09-12 Thread Linu Cherian 
Hi Eric,

On Fri Sep 01, 2017 at 07:21:03PM +0200, Eric Auger wrote:
> This series implements the emulation code for ARM SMMUv3.
> 
> Changes since v6:
> - DPDK testpmd now running on guest with 2 assigned VFs
> - Changed the instantiation method: add the following option to
>   the QEMU command line
>   -device smmuv3 # for virtio/vhost use cases
>   -device smmuv3,caching-mode # for vfio use cases (based on [1])
> - splitted the series into smaller patches to allow the review
> - the VFIO integration based on "tlbi-on-map" smmuv3 driver
>   is isolated from the rest: last 2 patches, not for upstream.
>   This is shipped for testing/bench until a better solution is found.
> - Reworked permission flag checks and event generation
> 
> testing:
> - in dt and ACPI modes
> - virtio-net-pci and vhost-net devices using dma ops with various
>   guest page sizes [2]
> - assigned VFs using dma ops [3]:
>   - AMD Overdrive and igbvf passthrough (using gsi direct mapping)
>   - Cavium ThunderX and ixgbevf passthrough (using KVM MSI routing)
> - DPDK testpmd on guest running with VFIO user space drivers (2 igbvf) [3]
>   with guest and host page size equal (4kB)
> 
> Known limitations:
> - no VMSAv8-32 suport
> - no nested stage support (S1 + S2)
> - no support for HYP mappings
> - register fine emulation, commands, interrupts and errors were
>   not accurately tested. Handling is sufficient to run use cases
>   described above though.
> - interrupts and event generation not observed yet.
> 

By design, shouldnt this work on hardware with smmuv2 implementations as well. 
ie. Guest with smmuv3 emulation + Host with smmuv2 hardware.

Or Is there any known limitations for this ?

> Best Regards
> 
> Eric
> 
> This series can be found at:
> v7: https://github.com/eauger/qemu/tree/v2.10.0-SMMU-v7
> Previous version at:
> v6: https://github.com/eauger/qemu/tree/v2.10.0-rc2-SMMU-v6
> 
> References:
> [1] [RFC v2 0/4] arm-smmu-v3 tlbi-on-map option
> https://lkml.org/lkml/2017/8/11/426
> 
> [2] qemu cmd line excerpt:
> -device smmuv3 \
> -netdev tap,id=tap0,script=no,downscript=no,ifname=tap0,vhost=off \
> -device 
> virtio-net-pci,netdev=tap0,mac=6a:f5:10:b1:3d:d2,iommu_platform,disable-modern=off,disable-legacy=on
>  \
> [3] use -device smmuv3,caching-mode
> 
> 
> History:
> v6 -> v7:
> - see above
> 
> v5 -> v6:
> - Rebase on 2.10 and IOMMUMemoryRegion
> - add ACPI TLBI_ON_MAP support (VFIO integration also works in
>   ACPI mode)
> - fix block replay
> - handle implementation defined SMMU_CMD_TLBI_NH_VA_AM cmd
>   (goes along with TLBI_ON_MAP FW quirk)
> - replay systematically unmap the whole range first
> - smmuv3_map_hook does not unmap anymore and the unmap is done
>   before the replay
> - add and use smmuv3_context_device_invalidate instead of
>   blindly replaying everything
> 
> v4 -> v5:
> - initial_level now part of SMMUTransCfg
> - smmu_page_walk_64 takes into account the max input size
> - implement sys->iommu_ops.replay and sys->iommu_ops.notify_flag_changed
> - smmuv3_translate: bug fix: don't walk on bypass
> - smmu_update_qreg: fix PROD index update
> - I did not yet address Peter's comments as the code is not mature enough
>   to be split into sub patches.
> 
> v3 -> v4 [Eric]:
> - page table walk rewritten to allow scan of the page table within a
>   range of IOVA. This prepares for VFIO integration and replay.
> - configuration parsing partially reworked.
> - do not advertise unsupported/untested features: S2, S1 + S2, HYP,
>   PRI, ATS, ..
> - added ACPI table generation
> - migrated to dynamic traces
> - mingw compilation fix
> 
> v2 -> v3 [Eric]:
> - rebased on 2.9
> - mostly code and patch reorganization to ease the review process
> - optional patches removed. They may be handled separately. I am currently
>   working on ACPI enablement.
> - optional instantiation of the smmu in mach-virt
> - removed [2/9] (fdt functions) since not mandated
> - start splitting main patch into base and derived object
> - no new function feature added
> 
> v1 -> v2 [Prem]:
> - Adopted review comments from Eric Auger
> - Make SMMU_DPRINTF to internally call qemu_log
> (since translation requests are too many, we need control
>  on the type of log we want)
> - SMMUTransCfg modified to suite simplicity
> - Change RegInfo to uint64 register array
> - Code cleanup
> - Test cleanups
> - Reshuffled patches
> 
> v0 -> v1 [Prem]:
> - As per SMMUv3 spec 16.0 (only is_ste_consistant() is noticeable)
> - Reworked register access/update logic
> - Factored out translation code for
> - single point bug fix
> - sharing/removal in future
> - (optional) Unit tests added, with PCI test device
> - S1 with 4k/64k, S1+S2 with 4k/64k
> - (S1 or S2) only can be verified by Linux 4.7 driver
> - (optional) Priliminary ACPI support
> 
> v0 [Prem]:
> - Implements SMMUv3 spec 11.0
> - Supported for PCIe devices,
> - Command Queue and Event

Re: [Qemu-devel] [PATCH v2 6/6] io: Reply to ping frames

2017-09-12 Thread Daniel P. Berrange 
On Mon, Sep 11, 2017 at 10:43:21AM -0700, Brandon Carpenter wrote:
> On Mon, Sep 11, 2017 at 10:37 AM, Daniel P. Berrange 
> wrote:
> > At the time qio_channel_websock_decode_header is run, 'encinput' is only
> > guaranteed to contain enough data to decode the header.
> 
> Because the PING opcode is a control frame, this bit of code earlier in the
> function will ensure the entire frame has been read before the PING
> processing occurs:
> 
> >   if (ioc->encinput.offset < ioc->payload_remain) {
> > /* Wait for the entire payload before processing control
> > frames
> >  * because the payload will most likely be echoed back. */
> > if (ioc->opcode & QIO_CHANNEL_WEBSOCK_CONTROL_OPCODE_MASK) {
> > return QIO_CHANNEL_ERR_BLOCK;
> > }
> > payload_len = ioc->encinput.offset - (ioc->encinput.offset %
> > 4);

The problem is in the qio_channel_websock_read_wire method we refuse
to read more than 4k into encinput. So if the ping payload is greater
than 4k this will just loop forever.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH] tcg/ppc: disable atomic write check on ppc32

2017-09-12 Thread Peter Maydell 
On 12 September 2017 at 05:23, Richard Henderson  wrote:
> On 09/11/2017 02:37 PM, Peter Maydell wrote:
>> On 11 September 2017 at 21:49, Philippe Mathieu-Daudé  
>> wrote:
>>> this fixes building for ppc64 on ppc32 (changed in 5964fca8a12c):
>>>
>>>   qemu/tcg/ppc/tcg-target.inc.c: In function 'tb_target_set_jmp_target':
>>>   qemu/include/qemu/compiler.h:86:30: error: static assertion failed: "not 
>>> expecting: sizeof(*(uint64_t *)jmp_addr) > ATOMIC_REG_SIZE"
>>>QEMU_BUILD_BUG_ON(sizeof(*ptr) > ATOMIC_REG_SIZE); \
>>>^
>>>   qemu/tcg/ppc/tcg-target.inc.c:1377:9: note: in expansion of macro 
>>> 'atomic_set'
>>>atomic_set((uint64_t *)jmp_addr, pair);
>>>^
>>>
>>> Suggested-by: Richard Henderson 
>>> Signed-off-by: Philippe Mathieu-Daudé 
>>> ---
>>> This fixes Shippable builds, see:
>>> https://app.shippable.com/github/qemu/qemu/runs/434/10/console
>>>
>>>  tcg/ppc/tcg-target.inc.c | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
>>> index 21d764c102..0417901289 100644
>>> --- a/tcg/ppc/tcg-target.inc.c
>>> +++ b/tcg/ppc/tcg-target.inc.c
>>> @@ -1374,7 +1374,7 @@ void tb_target_set_jmp_target(uintptr_t tc_ptr, 
>>> uintptr_t jmp_addr,
>>>  pair = (uint64_t)i2 << 32 | i1;
>>>  #endif
>>>
>>> -atomic_set((uint64_t *)jmp_addr, pair);
>>> +atomic_set__nocheck((uint64_t *)jmp_addr, pair);
>>>  flush_icache_range(jmp_addr, jmp_addr + 8);
>>>  } else {
>>>  intptr_t diff = addr - jmp_addr;
>>
>> Can you explain why this is the right thing? On the
>> face of it it looks correct to insist that we don't
>> try to do an atomic set of something that's bigger
>> than the host can actually handle...
>
> It is the correct thing because ppc32 is handled earlier in the function; only
> ppc64 can reach here, therefore a 64-bit atomic_set is always available.
>
> However, I wrote the function intending to minimize the ifdefs so that we can
> be sure that it all compiles -- especially the ppc32 bits which I cannot test
> on gcc cfarm machines.  I didn't think about the fact that ppc32 could not
> compile the _Static_assert within the 64-bit atomic_set here in the ppc64 
> section.

Ah, I see. Can we have a comment about why the __nocheck is ok here,
then, please?

thanks
-- PMM

Re: [Qemu-devel] [Qemu-arm] [PATCH v7 00/20] ARM SMMUv3 Emulation Support

2017-09-12 Thread Auger Eric 
Hi Linu,

On 12/09/2017 08:18, Linu Cherian wrote:
> Hi Eric,
> 
> On Fri Sep 01, 2017 at 07:21:03PM +0200, Eric Auger wrote:
>> This series implements the emulation code for ARM SMMUv3.
>>
>> Changes since v6:
>> - DPDK testpmd now running on guest with 2 assigned VFs
>> - Changed the instantiation method: add the following option to
>>   the QEMU command line
>>   -device smmuv3 # for virtio/vhost use cases
>>   -device smmuv3,caching-mode # for vfio use cases (based on [1])
>> - splitted the series into smaller patches to allow the review
>> - the VFIO integration based on "tlbi-on-map" smmuv3 driver
>>   is isolated from the rest: last 2 patches, not for upstream.
>>   This is shipped for testing/bench until a better solution is found.
>> - Reworked permission flag checks and event generation
>>
>> testing:
>> - in dt and ACPI modes
>> - virtio-net-pci and vhost-net devices using dma ops with various
>>   guest page sizes [2]
>> - assigned VFs using dma ops [3]:
>>   - AMD Overdrive and igbvf passthrough (using gsi direct mapping)
>>   - Cavium ThunderX and ixgbevf passthrough (using KVM MSI routing)
>> - DPDK testpmd on guest running with VFIO user space drivers (2 igbvf) [3]
>>   with guest and host page size equal (4kB)
>>
>> Known limitations:
>> - no VMSAv8-32 suport
>> - no nested stage support (S1 + S2)
>> - no support for HYP mappings
>> - register fine emulation, commands, interrupts and errors were
>>   not accurately tested. Handling is sufficient to run use cases
>>   described above though.
>> - interrupts and event generation not observed yet.
>>
> 
> By design, shouldnt this work on hardware with smmuv2 implementations as 
> well. 
> ie. Guest with smmuv3 emulation + Host with smmuv2 hardware.

Yes indeed. I am mostly testing with a host featuring smmuv2 at the moment.

Thanks

Eric
> 
> Or Is there any known limitations for this ?
> 
>> Best Regards
>>
>> Eric
>>
>> This series can be found at:
>> v7: https://github.com/eauger/qemu/tree/v2.10.0-SMMU-v7
>> Previous version at:
>> v6: https://github.com/eauger/qemu/tree/v2.10.0-rc2-SMMU-v6
>>
>> References:
>> [1] [RFC v2 0/4] arm-smmu-v3 tlbi-on-map option
>> https://lkml.org/lkml/2017/8/11/426
>>
>> [2] qemu cmd line excerpt:
>> -device smmuv3 \
>> -netdev tap,id=tap0,script=no,downscript=no,ifname=tap0,vhost=off \
>> -device 
>> virtio-net-pci,netdev=tap0,mac=6a:f5:10:b1:3d:d2,iommu_platform,disable-modern=off,disable-legacy=on
>>  \
>> [3] use -device smmuv3,caching-mode
>>
>>
>> History:
>> v6 -> v7:
>> - see above
>>
>> v5 -> v6:
>> - Rebase on 2.10 and IOMMUMemoryRegion
>> - add ACPI TLBI_ON_MAP support (VFIO integration also works in
>>   ACPI mode)
>> - fix block replay
>> - handle implementation defined SMMU_CMD_TLBI_NH_VA_AM cmd
>>   (goes along with TLBI_ON_MAP FW quirk)
>> - replay systematically unmap the whole range first
>> - smmuv3_map_hook does not unmap anymore and the unmap is done
>>   before the replay
>> - add and use smmuv3_context_device_invalidate instead of
>>   blindly replaying everything
>>
>> v4 -> v5:
>> - initial_level now part of SMMUTransCfg
>> - smmu_page_walk_64 takes into account the max input size
>> - implement sys->iommu_ops.replay and sys->iommu_ops.notify_flag_changed
>> - smmuv3_translate: bug fix: don't walk on bypass
>> - smmu_update_qreg: fix PROD index update
>> - I did not yet address Peter's comments as the code is not mature enough
>>   to be split into sub patches.
>>
>> v3 -> v4 [Eric]:
>> - page table walk rewritten to allow scan of the page table within a
>>   range of IOVA. This prepares for VFIO integration and replay.
>> - configuration parsing partially reworked.
>> - do not advertise unsupported/untested features: S2, S1 + S2, HYP,
>>   PRI, ATS, ..
>> - added ACPI table generation
>> - migrated to dynamic traces
>> - mingw compilation fix
>>
>> v2 -> v3 [Eric]:
>> - rebased on 2.9
>> - mostly code and patch reorganization to ease the review process
>> - optional patches removed. They may be handled separately. I am currently
>>   working on ACPI enablement.
>> - optional instantiation of the smmu in mach-virt
>> - removed [2/9] (fdt functions) since not mandated
>> - start splitting main patch into base and derived object
>> - no new function feature added
>>
>> v1 -> v2 [Prem]:
>> - Adopted review comments from Eric Auger
>> - Make SMMU_DPRINTF to internally call qemu_log
>> (since translation requests are too many, we need control
>>  on the type of log we want)
>> - SMMUTransCfg modified to suite simplicity
>> - Change RegInfo to uint64 register array
>> - Code cleanup
>> - Test cleanups
>> - Reshuffled patches
>>
>> v0 -> v1 [Prem]:
>> - As per SMMUv3 spec 16.0 (only is_ste_consistant() is noticeable)
>> - Reworked register access/update logic
>> - Factored out translation code for
>> - single point bug fix
>> - sharing/removal in future
>> - (optional) Unit tests added, with PCI test device

[Qemu-devel] [PATCH v3] spapr_cpu_core: cleaning up qdev_get_machine() calls

2017-09-12 Thread Greg Kurz 
This patch removes the qdev_get_machine() calls that are made
in spapr_cpu_core.c in situations where we can get an existing
pointer for the MachineState by either passing it as an argument
to the function or by using other already available pointers.

Credits to Daniel Henrique Barboza for the idea and the changelog
text.

Signed-off-by: Greg Kurz 
---
v3: - dropped spapr_cpu_reset() hunk
---
 hw/ppc/spapr_cpu_core.c |6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index dc9df0d393d1..dea298a796c4 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -162,10 +162,10 @@ static void spapr_cpu_core_unrealizefn(DeviceState *dev, 
Error **errp)
 g_free(sc->threads);
 }
 
-static void spapr_cpu_core_realize_child(Object *child, Error **errp)
+static void spapr_cpu_core_realize_child(Object *child,
+ sPAPRMachineState *spapr, Error 
**errp)
 {
 Error *local_err = NULL;
-sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 CPUState *cs = CPU(child);
 PowerPCCPU *cpu = POWERPC_CPU(cs);
 Object *obj;
@@ -254,7 +254,7 @@ static void spapr_cpu_core_realize(DeviceState *dev, Error 
**errp)
 for (j = 0; j < cc->nr_threads; j++) {
 obj = sc->threads + j * size;
 
-spapr_cpu_core_realize_child(obj, _err);
+spapr_cpu_core_realize_child(obj, spapr, _err);
 if (local_err) {
 goto err;
 }

Re: [Qemu-devel] [PATCH] tcg/tci: do not use ldst label (never implemented)

2017-09-12 Thread Stefan Weil 
Am 12.09.2017 um 10:52 schrieb Stefan Weil:
> Am 11.09.2017 um 20:24 schrieb Peter Maydell:
>> I've also turned on a tci compile check on my pre-merge tests.
>> (It doesn't pass "make check" for me, though...) thanks -- PMM
> 
> "make check-qtest-ppc64" fails for me, too.
> 
> Thomas, this seems to be again the well known timing problem
> in tests/prom-env-test.c. The time for the test had been
> changedfrom 30 s to 10 s to 120 s in the past.

... changed from 10 s to 30 s to 120 s ...

> For TCI, even that latest value is not sufficient when
> testing with pseries. Of course that also depends on other
> parameters (speed of test machine, compiler flags).
> 
> In my test pseries took nearly 5 minutes, so the test passes
> when the loop upper limit is increased to 3.

Timing data for prom-env-test with TCI on another test machine:

mac99:   78 s
g3beige: 74 s
pseries: 477 s

> 
> Is there a better way to handle this test? Why does pseries
> still need much more time than the other machines
> (not only with TCI)?
> 
> Regards,
> Stefan

[Qemu-devel] [PATCH v2] trace: Immediately apply per-vCPU state changes if a vCPU is being created

2017-09-12 Thread Lluís Vilanova 
Right now, function trace_event_set_vcpu_state_dynamic() asynchronously enables
events in the case a vCPU is executing TCG code. If the vCPU is being created
this makes some events like "guest_cpu_enter" to not be traced.

Signed-off-by: Lluís Vilanova 
Reviewed-by: Emilio G. Cota 
---

Changes in v2
=

* Use RUN_ON_CPU_NULL [Emilio G. Cota].
* Rebase on fcea73709b.
---
 trace/control-target.c |   18 +++---
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/trace/control-target.c b/trace/control-target.c
index 4e36101997..706b2cee9d 100644
--- a/trace/control-target.c
+++ b/trace/control-target.c
@@ -88,13 +88,17 @@ void trace_event_set_vcpu_state_dynamic(CPUState *vcpu,
 clear_bit(vcpu_id, vcpu->trace_dstate_delayed);
 (*ev->dstate)--;
 }
-/*
- * Delay changes until next TB; we want all TBs to be built from a
- * single set of dstate values to ensure consistency of generated
- * tracing code.
- */
-async_run_on_cpu(vcpu, trace_event_synchronize_vcpu_state_dynamic,
- RUN_ON_CPU_NULL);
+if (vcpu->created) {
+/*
+ * Delay changes until next TB; we want all TBs to be built from a
+ * single set of dstate values to ensure consistency of generated
+ * tracing code.
+ */
+async_run_on_cpu(vcpu, trace_event_synchronize_vcpu_state_dynamic,
+ RUN_ON_CPU_NULL);
+} else {
+trace_event_synchronize_vcpu_state_dynamic(vcpu, RUN_ON_CPU_NULL);
+}
 }
 }

Re: [Qemu-devel] [Qemu devel v8 PATCH 3/5] msf2: Add Smartfusion2 SPI controller

2017-09-12 Thread sundeep subbaraya 
Hi Alistair,

On Wed, Sep 13, 2017 at 5:20 AM, Alistair Francis 
wrote:

> On Thu, Sep 7, 2017 at 12:24 PM, Subbaraya Sundeep
>  wrote:
> > Modelled Microsemi's Smartfusion2 SPI controller.
> >
> > Signed-off-by: Subbaraya Sundeep 
>
> Reviewed-by: Alistair Francis 
>
> Thank you,
Sundeep


> Thanks,
> Alistair
>
> > ---
> >  hw/ssi/Makefile.objs |   1 +
> >  hw/ssi/mss-spi.c | 404 ++
> +
> >  include/hw/ssi/mss-spi.h |  58 +++
> >  3 files changed, 463 insertions(+)
> >  create mode 100644 hw/ssi/mss-spi.c
> >  create mode 100644 include/hw/ssi/mss-spi.h
> >
> > diff --git a/hw/ssi/Makefile.objs b/hw/ssi/Makefile.objs
> > index 487add2..f5bcc65 100644
> > --- a/hw/ssi/Makefile.objs
> > +++ b/hw/ssi/Makefile.objs
> > @@ -4,6 +4,7 @@ common-obj-$(CONFIG_XILINX_SPI) += xilinx_spi.o
> >  common-obj-$(CONFIG_XILINX_SPIPS) += xilinx_spips.o
> >  common-obj-$(CONFIG_ASPEED_SOC) += aspeed_smc.o
> >  common-obj-$(CONFIG_STM32F2XX_SPI) += stm32f2xx_spi.o
> > +common-obj-$(CONFIG_MSF2) += mss-spi.o
> >
> >  obj-$(CONFIG_OMAP) += omap_spi.o
> >  obj-$(CONFIG_IMX) += imx_spi.o
> > diff --git a/hw/ssi/mss-spi.c b/hw/ssi/mss-spi.c
> > new file mode 100644
> > index 000..5a8e308
> > --- /dev/null
> > +++ b/hw/ssi/mss-spi.c
> > @@ -0,0 +1,404 @@
> > +/*
> > + * Block model of SPI controller present in
> > + * Microsemi's SmartFusion2 and SmartFusion SoCs.
> > + *
> > + * Copyright (C) 2017 Subbaraya Sundeep 
> > + *
> > + * Permission is hereby granted, free of charge, to any person
> obtaining a copy
> > + * of this software and associated documentation files (the
> "Software"), to deal
> > + * in the Software without restriction, including without limitation
> the rights
> > + * to use, copy, modify, merge, publish, distribute, sublicense, and/or
> sell
> > + * copies of the Software, and to permit persons to whom the Software is
> > + * furnished to do so, subject to the following conditions:
> > + *
> > + * The above copyright notice and this permission notice shall be
> included in
> > + * all copies or substantial portions of the Software.
> > + *
> > + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> EXPRESS OR
> > + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
> MERCHANTABILITY,
> > + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
> SHALL
> > + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
> OTHER
> > + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
> ARISING FROM,
> > + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
> DEALINGS IN
> > + * THE SOFTWARE.
> > + */
> > +
> > +#include "qemu/osdep.h"
> > +#include "hw/ssi/mss-spi.h"
> > +#include "qemu/log.h"
> > +
> > +#ifndef MSS_SPI_ERR_DEBUG
> > +#define MSS_SPI_ERR_DEBUG   0
> > +#endif
> > +
> > +#define DB_PRINT_L(lvl, fmt, args...) do { \
> > +if (MSS_SPI_ERR_DEBUG >= lvl) { \
> > +qemu_log("%s: " fmt "\n", __func__, ## args); \
> > +} \
> > +} while (0);
> > +
> > +#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
> > +
> > +#define FIFO_CAPACITY 32
> > +
> > +#define R_SPI_CONTROL 0
> > +#define R_SPI_DFSIZE  1
> > +#define R_SPI_STATUS  2
> > +#define R_SPI_INTCLR  3
> > +#define R_SPI_RX  4
> > +#define R_SPI_TX  5
> > +#define R_SPI_CLKGEN  6
> > +#define R_SPI_SS  7
> > +#define R_SPI_MIS 8
> > +#define R_SPI_RIS 9
> > +
> > +#define S_TXDONE (1 << 0)
> > +#define S_RXRDY  (1 << 1)
> > +#define S_RXCHOVRF   (1 << 2)
> > +#define S_RXFIFOFUL  (1 << 4)
> > +#define S_RXFIFOFULNXT   (1 << 5)
> > +#define S_RXFIFOEMP  (1 << 6)
> > +#define S_RXFIFOEMPNXT   (1 << 7)
> > +#define S_TXFIFOFUL  (1 << 8)
> > +#define S_TXFIFOFULNXT   (1 << 9)
> > +#define S_TXFIFOEMP  (1 << 10)
> > +#define S_TXFIFOEMPNXT   (1 << 11)
> > +#define S_FRAMESTART (1 << 12)
> > +#define S_SSEL   (1 << 13)
> > +#define S_ACTIVE (1 << 14)
> > +
> > +#define C_ENABLE (1 << 0)
> > +#define C_MODE   (1 << 1)
> > +#define C_INTRXDATA  (1 << 4)
> > +#define C_INTTXDATA  (1 << 5)
> > +#define C_INTRXOVRFLO(1 << 6)
> > +#define C_SPS(1 << 26)
> > +#define C_BIGFIFO(1 << 29)
> > +#define C_RESET  (1 << 31)
> > +
> > +#define FRAMESZ_MASK 0x1F
> > +#define FMCOUNT_MASK 0x0000
> > +#define FMCOUNT_SHIFT8
> > +
> > +static void txfifo_reset(MSSSpiState *s)
> > +{
> > +fifo32_reset(>tx_fifo);
> > +
> > +s->regs[R_SPI_STATUS] &= ~S_TXFIFOFUL;
> > +s->regs[R_SPI_STATUS] |= S_TXFIFOEMP;
> > +}
> > +
> > +static void rxfifo_reset(MSSSpiState

[Qemu-devel] [PATCH v7 02/13] qemu.py: Add "wait()" method

2017-09-12 Thread Fam Zheng 
Signed-off-by: Fam Zheng 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Alex Bennée 
---
 scripts/qemu.py | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/scripts/qemu.py b/scripts/qemu.py
index 4d8ee10943..99963053a5 100644
--- a/scripts/qemu.py
+++ b/scripts/qemu.py
@@ -157,6 +157,13 @@ class QEMUMachine(object):
 self._post_shutdown()
 raise
 
+def wait(self):
+'''Wait for the VM to power off'''
+self._popen.wait()
+self._qmp.close()
+self._load_io_log()
+self._post_shutdown()
+
 def shutdown(self):
 '''Terminate the VM and clean up'''
 if self.is_running():
-- 
2.13.5

[Qemu-devel] [PATCH v7 03/13] scripts: Add archive-source.sh

2017-09-12 Thread Fam Zheng 
Signed-off-by: Fam Zheng 
---
 scripts/archive-source.sh | 33 +
 1 file changed, 33 insertions(+)
 create mode 100755 scripts/archive-source.sh

diff --git a/scripts/archive-source.sh b/scripts/archive-source.sh
new file mode 100755
index 00..8b373e3090
--- /dev/null
+++ b/scripts/archive-source.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# Author: Fam Zheng 
+#
+# Archive source tree, including submodules. This is created for test code to
+# export the source files, in order to be built in a different enviornment,
+# such as in a docker instance or VM.
+#
+# This code is licensed under the GPL version 2 or later.  See
+# the COPYING file in the top-level directory.
+
+set -e
+
+if test $# -lt 1; then
+echo "Usage: $0 "
+exit 1
+fi
+
+submodules=$(git submodule foreach --recursive --quiet 'echo $name')
+
+if test -n "$submodules"; then
+{
+git ls-files
+for sm in $submodules; do
+(cd $sm; git ls-files) | sed "s:^:$sm/:"
+done
+} | grep -x -v $(for sm in $submodules; do echo "-e $sm"; done) > "$1".list
+else
+git ls-files > "$1".list
+fi
+
+tar -cf "$1" -T "$1".list
+rm "$1".list
-- 
2.13.5

[Qemu-devel] [PATCH v7 07/13] tests: Add FreeBSD image

2017-09-12 Thread Fam Zheng 
The image is prepared following instructions as in:

https://wiki.qemu.org/Hosts/BSD

Signed-off-by: Fam Zheng 
---
 tests/vm/freebsd | 42 ++
 1 file changed, 42 insertions(+)
 create mode 100755 tests/vm/freebsd

diff --git a/tests/vm/freebsd b/tests/vm/freebsd
new file mode 100755
index 00..039dad8f69
--- /dev/null
+++ b/tests/vm/freebsd
@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+#
+# FreeBSD VM image
+#
+# Copyright 2017 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#
+# This code is licensed under the GPL version 2 or later.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import subprocess
+import basevm
+
+class FreeBSDVM(basevm.BaseVM):
+name = "freebsd"
+BUILD_SCRIPT = """
+set -e;
+cd $(mktemp -d /var/tmp/qemu-test.XX);
+tar -xf /dev/vtbd1;
+./configure {configure_opts};
+gmake -j{jobs};
+gmake check;
+"""
+
+def build_image(self, img):
+cimg = 
self._download_with_cache("http://download.patchew.org/freebsd-11.1-amd64.img.xz;,
+
sha256sum='adcb771549b37bc63826c501f05121a206ed3d9f55f49145908f7e1432d65891')
+img_tmp_xz = img + ".tmp.xz"
+img_tmp = img + ".tmp"
+subprocess.check_call(["cp", "-f", cimg, img_tmp_xz])
+subprocess.check_call(["xz", "-df", img_tmp_xz])
+if os.path.exists(img):
+os.remove(img)
+os.rename(img_tmp, img)
+
+if __name__ == "__main__":
+sys.exit(basevm.main(FreeBSDVM))
-- 
2.13.5

Re: [Qemu-devel] [PATCH v7 00/13] tests: Add VM based build tests (for non-x86_64 and/or non-Linux)

2017-09-12 Thread no-reply 
Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v7 00/13] tests: Add VM based build tests (for 
non-x86_64 and/or non-Linux)
Message-id: 20170913030119.3957-1-f...@redhat.com
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]
patchew/1504812251-23438-1-git-send-email-sundeep.l...@gmail.com -> 
patchew/1504812251-23438-1-git-send-email-sundeep.l...@gmail.com
 t [tag update]
patchew/1505232834-20890-1-git-send-email-peter.mayd...@linaro.org -> 
patchew/1505232834-20890-1-git-send-email-peter.mayd...@linaro.org
 * [new tag]   patchew/20170913030119.3957-1-f...@redhat.com -> 
patchew/20170913030119.3957-1-f...@redhat.com
Switched to a new branch 'test'
2a093b5b91 docker: Use archive-source.py
d2593fa09c tests: Add README for vm tests
fb3acd78df MAINTAINERS: Add tests/vm entry
90ed120035 Makefile: Add rules to run vm tests
0ce88831a3 tests: Add OpenBSD image
d5f133ecf2 tests: Add NetBSD image
da78075e20 tests: Add FreeBSD image
d1f4a3a768 tests: Add ubuntu.i386 image
ecb8ea14ca tests: Add vm test lib
fb1ed69ecc tests: Add a test key pair
ab63dd9b38 scripts: Add archive-source.sh
1c4bcf6389 qemu.py: Add "wait()" method
6376f7d0bb gitignore: Ignore vm test images

=== OUTPUT BEGIN ===
Checking PATCH 1/13: gitignore: Ignore vm test images...
Checking PATCH 2/13: qemu.py: Add "wait()" method...
Checking PATCH 3/13: scripts: Add archive-source.sh...
Checking PATCH 4/13: tests: Add a test key pair...
Checking PATCH 5/13: tests: Add vm test lib...
WARNING: line over 80 characters
#71: FILE: tests/vm/basevm.py:46:
+self._tmpdir = tempfile.mkdtemp(prefix="vm-test-", suffix=".tmp", 
dir=".")

WARNING: line over 80 characters
#162: FILE: tests/vm/basevm.py:137:
+logging.debug("Creating archive %s for src_dir dir: %s", tarfile, 
src_dir)

WARNING: line over 80 characters
#167: FILE: tests/vm/basevm.py:142:
+"file=%s,if=none,id=%s,cache=writeback,format=raw" 
% \

WARNING: line over 80 characters
#170: FILE: tests/vm/basevm.py:145:
+"virtio-blk,drive=%s,serial=%s,bootindex=1" % 
(name, name)]

ERROR: line over 90 characters
#225: FILE: tests/vm/basevm.py:200:
+VM test utility.  Exit codes: 0 = success, 1 = command line error, 2 = 
environment initialization failed, 3 = test command failed""")

WARNING: line over 80 characters
#232: FILE: tests/vm/basevm.py:207:
+parser.add_option("--jobs", type=int, default=multiprocessing.cpu_count() 
/ 2,

total: 1 errors, 5 warnings, 256 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 6/13: tests: Add ubuntu.i386 image...
Checking PATCH 7/13: tests: Add FreeBSD image...
Checking PATCH 8/13: tests: Add NetBSD image...
Checking PATCH 9/13: tests: Add OpenBSD image...
Checking PATCH 10/13: Makefile: Add rules to run vm tests...
Checking PATCH 11/13: MAINTAINERS: Add tests/vm entry...
Checking PATCH 12/13: tests: Add README for vm tests...
Checking PATCH 13/13: docker: Use archive-source.py...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PATCH v5 20/22] instrument: Add event 'guest_user_syscall'

2017-09-12 Thread Lluís Vilanova 
Signed-off-by: Lluís Vilanova 
---
 bsd-user/syscall.c  |6 ++
 instrument/control.c|   18 ++
 instrument/events.h |7 +++
 instrument/events.inc.h |   16 
 instrument/load.c   |1 +
 instrument/qemu-instr/control.h |   15 +++
 linux-user/syscall.c|2 ++
 stubs/instrument.c  |3 +++
 8 files changed, 68 insertions(+)

diff --git a/bsd-user/syscall.c b/bsd-user/syscall.c
index 3230f722f3..0d92eaf8c4 100644
--- a/bsd-user/syscall.c
+++ b/bsd-user/syscall.c
@@ -324,6 +324,8 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 #ifdef DEBUG
 gemu_log("freebsd syscall %d\n", num);
 #endif
+instr_guest_user_syscall(cpu, num,
+ arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8);
 trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
arg7, arg8);
 if(do_strace)
 print_freebsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
@@ -423,6 +425,8 @@ abi_long do_netbsd_syscall(void *cpu_env, int num, abi_long 
arg1,
 #ifdef DEBUG
 gemu_log("netbsd syscall %d\n", num);
 #endif
+instr_guest_user_syscall(cpu, num,
+ arg1, arg2, arg3, arg4, arg5, arg6, 0, 0);
 trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 0, 
0);
 if(do_strace)
 print_netbsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
@@ -499,6 +503,8 @@ abi_long do_openbsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 #ifdef DEBUG
 gemu_log("openbsd syscall %d\n", num);
 #endif
+instr_guest_user_syscall(cpu, num,
+ arg1, arg2, arg3, arg4, arg5, arg6, 0, 0);
 trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 0, 
0);
 if(do_strace)
 print_openbsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
diff --git a/instrument/control.c b/instrument/control.c
index 4181e030f6..b3ef03798e 100644
--- a/instrument/control.c
+++ b/instrument/control.c
@@ -192,3 +192,21 @@ SYM_PUBLIC void qi_event_set_guest_mem_before_exec(
 ERROR_IF(!tcg_enabled(), "called without TCG");
 instr_set_event(guest_mem_before_exec, fn);
 }
+
+
+void (*instr_event__guest_user_syscall)(
+QICPU vcpu, uint64_t num, uint64_t arg1, uint64_t arg2, uint64_t arg3,
+uint64_t arg4, uint64_t arg5, uint64_t arg6, uint64_t arg7, uint64_t arg8);
+
+SYM_PUBLIC void qi_event_set_guest_user_syscall(
+void (*fn)(QICPU vcpu, uint64_t num, uint64_t arg1, uint64_t arg2,
+   uint64_t arg3, uint64_t arg4, uint64_t arg5, uint64_t arg6,
+   uint64_t arg7, uint64_t arg8))
+{
+ERROR_IF(!instr_get_state(), "called outside instrumentation");
+ERROR_IF(!tcg_enabled(), "called without TCG");
+#if !defined(CONFIG_USER_ONLY)
+ERROR_IF(true, "called in full-system mode");
+#endif
+instr_set_event(guest_user_syscall, fn);
+}
diff --git a/instrument/events.h b/instrument/events.h
index 6507b26867..8c944e1f91 100644
--- a/instrument/events.h
+++ b/instrument/events.h
@@ -68,6 +68,13 @@ extern void (*instr_event__guest_mem_before_exec)(
 static inline void instr_guest_mem_before_exec(
 CPUState *vcpu, uint64_t vaddr, TraceMemInfo info);
 
+extern void (*instr_event__guest_user_syscall)(
+QICPU vcpu, uint64_t num, uint64_t arg1, uint64_t arg2, uint64_t arg3,
+uint64_t arg4, uint64_t arg5, uint64_t arg6, uint64_t arg7, uint64_t arg8);
+static inline void instr_guest_user_syscall(
+CPUState *vcpu, uint64_t num, uint64_t arg1, uint64_t arg2, uint64_t arg3,
+uint64_t arg4, uint64_t arg5, uint64_t arg6, uint64_t arg7, uint64_t arg8);
+
 
 #include "instrument/events.inc.h"
 
diff --git a/instrument/events.inc.h b/instrument/events.inc.h
index ebc8020715..e2f4315fb0 100644
--- a/instrument/events.inc.h
+++ b/instrument/events.inc.h
@@ -78,3 +78,19 @@ static inline void instr_guest_mem_before_exec(
 instr_set_state(INSTR_STATE_DISABLE);
 }
 }
+
+static inline void instr_guest_user_syscall(
+CPUState *vcpu, uint64_t num, uint64_t arg1, uint64_t arg2, uint64_t arg3,
+uint64_t arg4, uint64_t arg5, uint64_t arg6, uint64_t arg7, uint64_t arg8)
+{
+void (*cb)(QICPU vcpu, uint64_t num, uint64_t arg1, uint64_t arg2,
+   uint64_t arg3, uint64_t arg4, uint64_t arg5, uint64_t arg6,
+   uint64_t arg7, uint64_t arg8)
+= instr_get_event(guest_user_syscall);
+if (cb) {
+instr_set_state(INSTR_STATE_ENABLE);
+QICPU vcpu_ = instr_cpu_to_qicpu(vcpu);
+(*cb)(vcpu_, num, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8);
+instr_set_state(INSTR_STATE_DISABLE);
+}
+}
diff --git a/instrument/load.c b/instrument/load.c
index f1d769b92d..a76f76e1d1 100644
--- a/instrument/load.c
+++ b/instrument/load.c
@@ -164,6 +164,7 @@ InstrUnloadError instr_unload(const char *id)
 instr_set_event(guest_cpu_reset,

[Qemu-devel] [Bug 1716767] Re: file(1) fails with "Invalid argument" on qemu-sh4-user

2017-09-12 Thread James Clarke 
Ok, I was wrong, there's a whole load of code being included inside the
function from a header. The issue seems to be the pread:

20771@1505254578.94:guest_user_syscall cpu=0x62850620 
num=0x00b4 arg1=0x0003 arg2=0xf6fe6798 
arg3=0x0020 arg4=0x arg5=0x0034 
arg6=0x arg7=0x arg8=0x
20771@1505254578.940005:guest_user_syscall_ret cpu=0x62850620 
num=0x00b4 ret=0x

0xb4 (180) is pread(64) on SH, which goes via a special wrapper[0] with
a dummy argument that gets stripped. This dummy argument ensures that
the 64-bit offset is aligned. However, linux-user doesn't know about
this, and so takes (arg4, arg5) as the 64-bit value, rather than (arg5,
arg6), leading to the host kernel trying to read 0x34
bytes (and rightly returning 0 for EOF).

[0]
https://github.com/torvalds/linux/blob/e0d072250a54669dce876d8ade70e417356aae74/arch/sh/kernel/sys_sh32.c#L38

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716767

Title:
  file(1) fails with "Invalid argument" on qemu-sh4-user

Status in QEMU:
  New

Bug description:
  We recently discovered that file(1) fails on qemu-sh4-user when
  running on an ELF file:

  (sid_sh4)root@vs94:/# file /bin/bash
  /bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) 
error reading (Invalid argument)
  (sid_sh4)root@vs94:/#

  Running with "-d" yields more output:

  (sid_sh4)root@vs94:/# file -d /bin/bash 2>&1 | tail
  322: >> 7 byte&,=97,"(ARM)"]
  0 == 97 = 0
  mget(type=1, flag=0, offset=7, o=0, nbytes=863324, il=0, nc=1)
  mget/96 @7: 
\000\000\000\000\000\000\000\000\000\002\000*\000\001\000\000\000\250\317A\0004\000\000\000L(\r\000\027\000\000\0004\000
 
\000\n\000(\000\032\000\031\000\006\000\000\0004\000\000\0004\000@\0004\000@\000@\001\000\000@\001\000\000\005\000\000\000\004\000\000\000\003\000\000\000t\001\000\000t\001@\000t\001@\000\023\000\000

  323: >> 7 byte&,=-1,"(embedded)"]
  0 == 18446744073709551615 = 0
  [try softmagic 1]
  [try elf -1]
  /bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) 
error reading (Invalid argument)
  (sid_sh4)root@vs94:/#

  It seems that the comparison above has a bogus (overflown?) value.

  On actual hardware, it works:

  root@tirpitz:~> file /bin/bash
  /bin/bash: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), 
dynamically linked, interpreter /lib/ld-linux.so.2, 
BuildID[sha1]=4dd0e4281755827d8bb6686fd481f8c80ea73e9a, for GNU/Linux 3.2.0, 
stripped
  root@tirpitz:~>

  I have uploaded a chroot with Debian unstable which allows to
  reproduce the issue:

  > https://people.debian.org/~glaubitz/sid-sh4-sbuild.tar.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716767/+subscriptions

Re: [Qemu-devel] [PATCH] mps2-an511: Fix wiring of UART overflow interrupt lines

2017-09-12 Thread Alistair Francis 
On Tue, Sep 12, 2017 at 9:13 AM, Peter Maydell  wrote:
> Fix an error that meant we were wiring every UART's overflow
> interrupts into the same inputs 0 and 1 of the OR gate,
> rather than giving each its own input.
>
> Cc: qemu-sta...@nongnu.org
> Signed-off-by: Peter Maydell 

Reviewed-by: Alistair Francis 

Thanks,
Alistair

> ---
>  hw/arm/mps2.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c
> index abb0ab6..769cff8 100644
> --- a/hw/arm/mps2.c
> +++ b/hw/arm/mps2.c
> @@ -287,8 +287,8 @@ static void mps2_common_init(MachineState *machine)
>  cmsdk_apb_uart_create(uartbase[i],
>qdev_get_gpio_in(txrx_orgate_dev, 0),
>qdev_get_gpio_in(txrx_orgate_dev, 1),
> -  qdev_get_gpio_in(orgate_dev, 0),
> -  qdev_get_gpio_in(orgate_dev, 1),
> +  qdev_get_gpio_in(orgate_dev, i * 2),
> +  qdev_get_gpio_in(orgate_dev, i * 2 + 1),
>NULL,
>uartchr, SYSCLK_FRQ);
>  }
> --
> 2.7.4
>
>

Re: [Qemu-devel] [PATCH] spapr_events: use QTAILQ_FOREACH_SAFE() in spapr_clear_pending_events()

2017-09-12 Thread David Gibson 
On Tue, Sep 12, 2017 at 08:48:05PM +0200, Greg Kurz wrote:
> QTAILQ_FOREACH_SAFE() must be used when removing the current element
> inside the loop block.
> 
> This fixes a user-after-free error introduced by commit 56258174238eb
> and reported by Coverity (CID 1381017).
> 
> Signed-off-by: Greg Kurz 

Applied to ppc-for-2.11.

> ---
>  hw/ppc/spapr_events.c |4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
> index 66b8164f30be..e377fc7ddea2 100644
> --- a/hw/ppc/spapr_events.c
> +++ b/hw/ppc/spapr_events.c
> @@ -702,9 +702,9 @@ static void event_scan(PowerPCCPU *cpu, sPAPRMachineState 
> *spapr,
>  
>  void spapr_clear_pending_events(sPAPRMachineState *spapr)
>  {
> -sPAPREventLogEntry *entry = NULL;
> +sPAPREventLogEntry *entry = NULL, *next_entry;
>  
> -QTAILQ_FOREACH(entry, >pending_events, next) {
> +QTAILQ_FOREACH_SAFE(entry, >pending_events, next, next_entry) {
>  QTAILQ_REMOVE(>pending_events, entry, next);
>  g_free(entry->extended_log);
>  g_free(entry);
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v7 12/13] tests: Add README for vm tests

2017-09-12 Thread Fam Zheng 
Signed-off-by: Fam Zheng 
---
 tests/vm/README | 63 +
 1 file changed, 63 insertions(+)
 create mode 100644 tests/vm/README

diff --git a/tests/vm/README b/tests/vm/README
new file mode 100644
index 00..7d2fe4ac8d
--- /dev/null
+++ b/tests/vm/README
@@ -0,0 +1,63 @@
+=== VM test suite to run build in guests ===
+
+== Intro ==
+
+This test suite contains scripts that bootstrap various guest images that have
+necessary packages to build QEMU. The basic usage is documented in Makefile
+help which is displayed with "make vm-test".
+
+== Quick start ==
+
+Run "make vm-test" to list available make targets.
+
+== Manual invocation ==
+
+Each guest script is an executable script with the same command line options.
+For example to work with the netbsd guest, use $QEMU_SRC/tests/vm/netbsd:
+
+$ cd $QEMU_SRC/tests/vm
+
+# To bootstrap the image
+$ ./netbsd --build-image --image /var/tmp/netbsd.img
+<...>
+
+# To run an arbitrary command in guest (the output will not be echoed 
unless
+# --debug is added)
+$ ./netbsd --debug --image /var/tmp/netbsd.img uname -a
+
+# To build QEMU in guest
+$ ./netbsd --debug --image /var/tmp/netbsd.img --build-qemu $QEMU_SRC
+
+# To get to an interactive shell
+$ ./netbsd --interactive --image /var/tmp/netbsd.img sh
+
+== Adding new guests ==
+
+Please look at existing guest scripts for how to add new guests.
+
+Most importantly, create a subclass of BaseVM and implement build_image()
+method and define BUILD_SCRIPT, then finally call basevm.main() from the
+script's main().
+
+  - Usually in build_image(), a template image is downloaded from a predefined
+URL. BaseVM._download_with_cache() takes care of the cache and the
+checksum, so consider using it.
+
+  - Once the image is downloaded, users, SSH server and QEMU build deps should
+be set up:
+
+* Root password set to BaseVM.ROOT_PASS
+* User BaseVM.GUEST_USER is created, and password set to BaseVM.GUEST_PASS
+* SSH service is enabled and started on boot, BaseVM.SSH_PUB_KEY is added
+  to authorized_keys of both root and the normal user
+* DHCP client service is enabled and started on boot, so that it can
+  automatically configure the virtio-net-pci NIC and communicate with QEMU
+  user net (10.0.2.2)
+* Necessary packages are installed to untar the source tarball and build
+  QEMU
+
+  - Write a proper BUILD_SCRIPT template, which should be a shell script that
+untars a raw virtio-blk block device, which is the tarball data blob of the
+QEMU source tree, then configure/build it. Running "make check" is also
+recommended.
+
-- 
2.13.5

[Qemu-devel] [PATCH v7 04/13] tests: Add a test key pair

2017-09-12 Thread Fam Zheng 
This will be used by setup test user ssh.

Signed-off-by: Fam Zheng 
---
 tests/keys/id_rsa | 27 +++
 tests/keys/id_rsa.pub |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 tests/keys/id_rsa
 create mode 100644 tests/keys/id_rsa.pub

diff --git a/tests/keys/id_rsa b/tests/keys/id_rsa
new file mode 100644
index 00..3a3787154b
--- /dev/null
+++ b/tests/keys/id_rsa
@@ -0,0 +1,27 @@
+BEGIN RSA PRIVATE KEY-
+MIIEowIBAAKCAQEAopAuOlmLV6LVHdFBj8/eeOwI9CqguIJPp7eAQSZvOiB4Ag/R
+coEhl/RBbrV5Yc/SmSD4PTpJO/iM10RwliNjDb4a3I8q3sykRJu9c9PI/YsH8WN9
++NH2NjKPtJIcKTu287IM5JYxyB6nDoOzILbTyJ1TDR/xH6qYEfBAyiblggdjcvhA
+RTf93QIn39F/xLypXvT1K2O9BJEsnJ8lEUvB2UXhKo/JTfSeZF8wPBeowaP9EONk
+7b+nuJOWHGg68Ji6wVi62tjwl2Szch6lxIhZBpnV7QNRKMfYHP6eIyF4pusazzZq
+Telsq6xI2ghecWLzb/MF5A+rklsGx2FNuJSAJwIDAQABAoIBAHHi4o/8VZNivz0x
+cWXn8erzKV6tUoWQvW85Lj/2RiwJvSlsnYZDkx5af1CpEE2HA/pFT8PNRqsd+MWC
+7AEy710cVsM4BYerBFYQaYxwzblaoojo88LSjVPw3h5Z0iLM8+IMVd36nwuc9dpE
+R8TecMZ1+U4Tl6BgqkK+9xToZRdPKdjS8L5MoFhGN+xY0vRbbJbGaV9Q0IHxLBkB
+rEBV7T1mUynneCHRUQlJQEwJmKpT8MH3IjsUXlG5YvnuuvcQJSNTaW2iDLxuOKp8
+cxW8+qL88zpb1D5dppoIu6rlrugN0azSq70ruFJQPc/A8GQrDKoGgRQiagxNY3u+
+vHZzXlECgYEA0dKO3gfkSxsDBb94sQwskMScqLhcKhztEa8kPxTx6Yqh+x8/scx3
+XhJyOt669P8U1v8a/2Al+s81oZzzfQSzO1Q7gEwSrgBcRMSIoRBUw9uYcy02ngb/
+j/ng3DGivfJztjjiSJwb46FHkJ2JR8mF2UisC6UMXk3NgFY/3vWQx78CgYEAxlcG
+T3hfSWSmTgKRczMJuHQOX9ULfTBIqwP5VqkkkiavzigGRirzb5lgnmuTSPTpF0LB
+XVPjR2M4q+7gzP0Dca3pocrvLEoxjwIKnCbYKnyyvnUoE9qHv4Kr+vDbgWpa2LXG
+JbLmE7tgTCIp20jOPPT4xuDvlbzQZBJ5qCQSoZkCgYEAgrotSSihlCnAOFSTXbu4
+CHp3IKe8xIBBNENq0eK61kcJpOxTQvOha3sSsJsU4JAM6+cFaxb8kseHIqonCj1j
+bhOM/uJmwQJ4el/4wGDsbxriYOBKpyq1D38gGhDS1IW6kk3erl6VAb36WJ/OaGum
+eTpN9vNeQWM4Jj2WjdNx4QECgYAwTdd6mU1TmZCrJRL5ZG+0nYc2rbMrnQvFoqUi
+BvWiJovggHzur90zy73tNzPaq9Ls2FQxf5G1vCN8NCRJqEEjeYCR59OSDMu/EXc2
+CnvQ9SevHOdS1oEDEjcCWZCMFzPi3XpRih1gptzQDe31uuiHjf3cqcGPzTlPdfRt
+D8P92QKBgC4UaBvIRwREVJsdZzpIzm224Bpe8LOmA7DeTnjlT0b3lkGiBJ36/Q0p
+VhYh/6cjX4/iuIs7gJbGon7B+YPB8scmOi3fj0+nkJAONue1mMfBNkba6qQTc6Y2
+5mEKw2/O7/JpND7ucU3OK9plcw/qnrWDgHxl0Iz95+OzUIIagxne
+-END RSA PRIVATE KEY-
diff --git a/tests/keys/id_rsa.pub b/tests/keys/id_rsa.pub
new file mode 100644
index 00..d9888e312f
--- /dev/null
+++ b/tests/keys/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa 
B3NzaC1yc2EDAQABAAABAQCikC46WYtXotUd0UGPz9547Aj0KqC4gk+nt4BBJm86IHgCD9FygSGX9EFutXlhz9KZIPg9Okk7+IzXRHCWI2MNvhrcjyrezKREm71z08j9iwfxY3340fY2Mo+0khwpO7bzsgzkljHIHqcOg7MgttPInVMNH/EfqpgR8EDKJuWCB2Ny+EBFN/3dAiff0X/EvKle9PUrY70EkSycnyURS8HZReEqj8lN9J5kXzA8F6jBo/0Q42Ttv6e4k5YcaDrwmLrBWLra2PCXZLNyHqXEiFkGmdXtA1Eox9gc/p4jIXim6xrPNmpN6WyrrEjaCF5xYvNv8wXkD6uSWwbHYU24lIAn
 qemu-test
-- 
2.13.5

[Qemu-devel] [PATCH v7 08/13] tests: Add NetBSD image

2017-09-12 Thread Fam Zheng 
The image is prepared following instructions as in:

https://wiki.qemu.org/Hosts/BSD

Signed-off-by: Fam Zheng 
Reviewed-by: Kamil Rytarowski 
---
 tests/vm/netbsd | 42 ++
 1 file changed, 42 insertions(+)
 create mode 100755 tests/vm/netbsd

diff --git a/tests/vm/netbsd b/tests/vm/netbsd
new file mode 100755
index 00..3972d8b45c
--- /dev/null
+++ b/tests/vm/netbsd
@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+#
+# NetBSD VM image
+#
+# Copyright 2017 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#
+# This code is licensed under the GPL version 2 or later.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import subprocess
+import basevm
+
+class NetBSDVM(basevm.BaseVM):
+name = "netbsd"
+BUILD_SCRIPT = """
+set -e;
+cd $(mktemp -d /var/tmp/qemu-test.XX);
+tar -xf /dev/rld1a;
+./configure --python=python2.7 {configure_opts};
+gmake -j{jobs};
+gmake check;
+"""
+
+def build_image(self, img):
+cimg = 
self._download_with_cache("http://download.patchew.org/netbsd-7.1-amd64.img.xz;,
+ 
sha256sum='b633d565b0eac3d02015cd0c81440bd8a7a8df8512615ac1ee05d318be015732')
+img_tmp_xz = img + ".tmp.xz"
+img_tmp = img + ".tmp"
+subprocess.check_call(["cp", "-f", cimg, img_tmp_xz])
+subprocess.check_call(["xz", "-df", img_tmp_xz])
+if os.path.exists(img):
+os.remove(img)
+os.rename(img_tmp, img)
+
+if __name__ == "__main__":
+sys.exit(basevm.main(NetBSDVM))
-- 
2.13.5

[Qemu-devel] [Bug 1716767] Re: file(1) fails with "Invalid argument" on qemu-sh4-user

2017-09-12 Thread James Clarke 
(Currently regpairs_aligned gets checked, but this, rightly, returns
false for SH; alignment is not a requirement of the SH ABI, but
p{read,write}64 are an exception for it.)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716767

Title:
  file(1) fails with "Invalid argument" on qemu-sh4-user

Status in QEMU:
  New

Bug description:
  We recently discovered that file(1) fails on qemu-sh4-user when
  running on an ELF file:

  (sid_sh4)root@vs94:/# file /bin/bash
  /bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) 
error reading (Invalid argument)
  (sid_sh4)root@vs94:/#

  Running with "-d" yields more output:

  (sid_sh4)root@vs94:/# file -d /bin/bash 2>&1 | tail
  322: >> 7 byte&,=97,"(ARM)"]
  0 == 97 = 0
  mget(type=1, flag=0, offset=7, o=0, nbytes=863324, il=0, nc=1)
  mget/96 @7: 
\000\000\000\000\000\000\000\000\000\002\000*\000\001\000\000\000\250\317A\0004\000\000\000L(\r\000\027\000\000\0004\000
 
\000\n\000(\000\032\000\031\000\006\000\000\0004\000\000\0004\000@\0004\000@\000@\001\000\000@\001\000\000\005\000\000\000\004\000\000\000\003\000\000\000t\001\000\000t\001@\000t\001@\000\023\000\000

  323: >> 7 byte&,=-1,"(embedded)"]
  0 == 18446744073709551615 = 0
  [try softmagic 1]
  [try elf -1]
  /bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) 
error reading (Invalid argument)
  (sid_sh4)root@vs94:/#

  It seems that the comparison above has a bogus (overflown?) value.

  On actual hardware, it works:

  root@tirpitz:~> file /bin/bash
  /bin/bash: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), 
dynamically linked, interpreter /lib/ld-linux.so.2, 
BuildID[sha1]=4dd0e4281755827d8bb6686fd481f8c80ea73e9a, for GNU/Linux 3.2.0, 
stripped
  root@tirpitz:~>

  I have uploaded a chroot with Debian unstable which allows to
  reproduce the issue:

  > https://people.debian.org/~glaubitz/sid-sh4-sbuild.tar.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716767/+subscriptions

[Qemu-devel] [Bug 1716767] Re: file(1) fails with "Invalid argument" on qemu-sh4-user

2017-09-12 Thread James Clarke 
Bah, and that's "read *from an offset of* 0x34 bytes"; I
got confused between count and pos midway through that paragraph.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716767

Title:
  file(1) fails with "Invalid argument" on qemu-sh4-user

Status in QEMU:
  New

Bug description:
  We recently discovered that file(1) fails on qemu-sh4-user when
  running on an ELF file:

  (sid_sh4)root@vs94:/# file /bin/bash
  /bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) 
error reading (Invalid argument)
  (sid_sh4)root@vs94:/#

  Running with "-d" yields more output:

  (sid_sh4)root@vs94:/# file -d /bin/bash 2>&1 | tail
  322: >> 7 byte&,=97,"(ARM)"]
  0 == 97 = 0
  mget(type=1, flag=0, offset=7, o=0, nbytes=863324, il=0, nc=1)
  mget/96 @7: 
\000\000\000\000\000\000\000\000\000\002\000*\000\001\000\000\000\250\317A\0004\000\000\000L(\r\000\027\000\000\0004\000
 
\000\n\000(\000\032\000\031\000\006\000\000\0004\000\000\0004\000@\0004\000@\000@\001\000\000@\001\000\000\005\000\000\000\004\000\000\000\003\000\000\000t\001\000\000t\001@\000t\001@\000\023\000\000

  323: >> 7 byte&,=-1,"(embedded)"]
  0 == 18446744073709551615 = 0
  [try softmagic 1]
  [try elf -1]
  /bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) 
error reading (Invalid argument)
  (sid_sh4)root@vs94:/#

  It seems that the comparison above has a bogus (overflown?) value.

  On actual hardware, it works:

  root@tirpitz:~> file /bin/bash
  /bin/bash: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), 
dynamically linked, interpreter /lib/ld-linux.so.2, 
BuildID[sha1]=4dd0e4281755827d8bb6686fd481f8c80ea73e9a, for GNU/Linux 3.2.0, 
stripped
  root@tirpitz:~>

  I have uploaded a chroot with Debian unstable which allows to
  reproduce the issue:

  > https://people.debian.org/~glaubitz/sid-sh4-sbuild.tar.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716767/+subscriptions

[Qemu-devel] [PATCH v7 10/13] Makefile: Add rules to run vm tests

2017-09-12 Thread Fam Zheng 
Signed-off-by: Fam Zheng 
---
 Makefile  |  2 ++
 configure |  2 +-
 tests/vm/Makefile.include | 42 ++
 3 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 tests/vm/Makefile.include

diff --git a/Makefile b/Makefile
index 337a1f6f9b..946eb2ce35 100644
--- a/Makefile
+++ b/Makefile
@@ -822,6 +822,7 @@ endif
 -include $(wildcard *.d tests/*.d)
 
 include $(SRC_PATH)/tests/docker/Makefile.include
+include $(SRC_PATH)/tests/vm/Makefile.include
 
 .PHONY: help
 help:
@@ -845,6 +846,7 @@ help:
@echo  'Test targets:'
@echo  '  check   - Run all tests (check-help for details)'
@echo  '  docker  - Help about targets running tests inside 
Docker containers'
+   @echo  '  vm-test - Help about targets running tests inside VM'
@echo  ''
@echo  'Documentation targets:'
@echo  '  html info pdf txt'
diff --git a/configure b/configure
index fd7e3a5e81..3918c47cd8 100755
--- a/configure
+++ b/configure
@@ -6546,7 +6546,7 @@ if test "$ccache_cpp2" = "yes"; then
 fi
 
 # build tree in object directory in case the source is not in the current 
directory
-DIRS="tests tests/tcg tests/tcg/cris tests/tcg/lm32 tests/libqos 
tests/qapi-schema tests/tcg/xtensa tests/qemu-iotests"
+DIRS="tests tests/tcg tests/tcg/cris tests/tcg/lm32 tests/libqos 
tests/qapi-schema tests/tcg/xtensa tests/qemu-iotests tests/vm"
 DIRS="$DIRS docs docs/interop fsdev"
 DIRS="$DIRS pc-bios/optionrom pc-bios/spapr-rtas pc-bios/s390-ccw"
 DIRS="$DIRS roms/seabios roms/vgabios"
diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
new file mode 100644
index 00..5daa2a3b73
--- /dev/null
+++ b/tests/vm/Makefile.include
@@ -0,0 +1,42 @@
+# Makefile for VM tests
+
+.PHONY: vm-build-all
+
+IMAGES := ubuntu.i386 freebsd netbsd openbsd
+IMAGE_FILES := $(patsubst %, tests/vm/%.img, $(IMAGES))
+
+.PRECIOUS: $(IMAGE_FILES)
+
+vm-test:
+   @echo "vm-test: Test QEMU in preconfigured virtual machines"
+   @echo
+   @echo "  vm-build-ubuntu.i386- Build QEMU in ubuntu i386 VM"
+   @echo "  vm-build-freebsd- Build QEMU in FreeBSD VM"
+   @echo "  vm-build-netbsd - Build QEMU in NetBSD VM"
+   @echo "  vm-build-openbsd- Build QEMU in OpenBSD VM"
+
+vm-build-all: $(addprefix vm-build-, $(IMAGES))
+
+tests/vm/%.img: $(SRC_PATH)/tests/vm/% \
+   $(SRC_PATH)/tests/vm/basevm.py \
+   $(SRC_PATH)/tests/vm/Makefile.include
+   $(call quiet-command, \
+   $< \
+   $(if $(V)$(DEBUG), --debug) \
+   --image "$@" \
+   --force \
+   --build-image $@, \
+   "  VM-IMAGE $*")
+
+
+# Build in VM $(IMAGE)
+vm-build-%: tests/vm/%.img
+   $(call quiet-command, \
+   $(SRC_PATH)/tests/vm/$* \
+   $(if $(V)$(DEBUG), --debug) \
+   $(if $(DEBUG), --interactive) \
+   $(if $(J),--jobs $(J)) \
+   --image "$<" \
+   --build-qemu $(SRC_PATH), \
+   "  VM-BUILD $*")
+
-- 
2.13.5

[Qemu-devel] [PATCH v7 13/13] docker: Use archive-source.py

2017-09-12 Thread Fam Zheng 
Signed-off-by: Fam Zheng 
---
 tests/docker/Makefile.include | 15 ++-
 tests/docker/run  |  8 +---
 2 files changed, 3 insertions(+), 20 deletions(-)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index aaab1a4208..7a027d5bd6 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -17,24 +17,13 @@ DOCKER_TOOLS := travis
 TESTS ?= %
 IMAGES ?= %
 
-# Make archive from git repo $1 to tar.gz $2
-make-archive-maybe = $(if $(wildcard $1/*), \
-   $(call quiet-command, \
-   (cd $1; if git diff-index --quiet HEAD -- &>/dev/null; then \
-   git archive -1 HEAD --format=tar.gz; \
-   else \
-   git archive -1 $$(git stash create) --format=tar.gz; \
-   fi) > $2, \
-   "ARCHIVE","$(notdir $2)"))
-
 CUR_TIME := $(shell date +%Y-%m-%d-%H.%M.%S.)
 DOCKER_SRC_COPY := docker-src.$(CUR_TIME)
 
 $(DOCKER_SRC_COPY):
@mkdir $@
-   $(call make-archive-maybe, $(SRC_PATH), $@/qemu.tgz)
-   $(call make-archive-maybe, $(SRC_PATH)/dtc, $@/dtc.tgz)
-   $(call make-archive-maybe, $(SRC_PATH)/pixman, $@/pixman.tgz)
+   $(call quiet-command, $(SRC_PATH)/scripts/archive-source.sh 
$@/qemu.tar, \
+   "GEN", "$@/qemu.tar")
$(call quiet-command, cp $(SRC_PATH)/tests/docker/run $@/run, \
"COPY","RUNNER")
 
diff --git a/tests/docker/run b/tests/docker/run
index c1e4513bce..9eb9165f76 100755
--- a/tests/docker/run
+++ b/tests/docker/run
@@ -32,13 +32,7 @@ export TEST_DIR=/tmp/qemu-test
 mkdir -p $TEST_DIR/{src,build,install}
 
 # Extract the source tarballs
-tar -C $TEST_DIR/src -xzf $BASE/qemu.tgz
-for p in dtc pixman; do
-if test -f $BASE/$p.tgz; then
-tar -C $TEST_DIR/src/$p -xzf $BASE/$p.tgz
-export FEATURES="$FEATURES $p"
-fi
-done
+tar -C $TEST_DIR/src -xf $BASE/qemu.tar
 
 if test -n "$SHOW_ENV"; then
 if test -f /packages.txt; then
-- 
2.13.5

[Qemu-devel] [PATCH v2 0/2] spapr: fix migration with nested KVM PR

2017-09-12 Thread Greg Kurz 
A guest running with KVM PR ends up irresponsive after migration most of the
time. This happens because the HPT allocated by QEMU is likely to have a
different address on the destination than it had on the source, but we push
the source address to KVM.

This v2 is a total rewrite.

Cheers,

--
Greg

---

Greg Kurz (2):
  spapr: introduce common helper to write HPT address to KVM PR
  spapr: preserve SDR1 during migration


 hw/ppc/spapr.c  |   61 +++
 hw/ppc/spapr_cpu_core.c |   15 
 hw/ppc/spapr_hcall.c|   16 +---
 include/hw/ppc/spapr.h  |1 +
 target/ppc/cpu.h|5 
 target/ppc/machine.c|   18 ++
 6 files changed, 81 insertions(+), 35 deletions(-)

Re: [Qemu-devel] [Qemu devel v8 PATCH 3/5] msf2: Add Smartfusion2 SPI controller

2017-09-12 Thread Alistair Francis 
On Thu, Sep 7, 2017 at 12:24 PM, Subbaraya Sundeep
 wrote:
> Modelled Microsemi's Smartfusion2 SPI controller.
>
> Signed-off-by: Subbaraya Sundeep 

Reviewed-by: Alistair Francis 

Thanks,
Alistair

> ---
>  hw/ssi/Makefile.objs |   1 +
>  hw/ssi/mss-spi.c | 404 
> +++
>  include/hw/ssi/mss-spi.h |  58 +++
>  3 files changed, 463 insertions(+)
>  create mode 100644 hw/ssi/mss-spi.c
>  create mode 100644 include/hw/ssi/mss-spi.h
>
> diff --git a/hw/ssi/Makefile.objs b/hw/ssi/Makefile.objs
> index 487add2..f5bcc65 100644
> --- a/hw/ssi/Makefile.objs
> +++ b/hw/ssi/Makefile.objs
> @@ -4,6 +4,7 @@ common-obj-$(CONFIG_XILINX_SPI) += xilinx_spi.o
>  common-obj-$(CONFIG_XILINX_SPIPS) += xilinx_spips.o
>  common-obj-$(CONFIG_ASPEED_SOC) += aspeed_smc.o
>  common-obj-$(CONFIG_STM32F2XX_SPI) += stm32f2xx_spi.o
> +common-obj-$(CONFIG_MSF2) += mss-spi.o
>
>  obj-$(CONFIG_OMAP) += omap_spi.o
>  obj-$(CONFIG_IMX) += imx_spi.o
> diff --git a/hw/ssi/mss-spi.c b/hw/ssi/mss-spi.c
> new file mode 100644
> index 000..5a8e308
> --- /dev/null
> +++ b/hw/ssi/mss-spi.c
> @@ -0,0 +1,404 @@
> +/*
> + * Block model of SPI controller present in
> + * Microsemi's SmartFusion2 and SmartFusion SoCs.
> + *
> + * Copyright (C) 2017 Subbaraya Sundeep 
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a 
> copy
> + * of this software and associated documentation files (the "Software"), to 
> deal
> + * in the Software without restriction, including without limitation the 
> rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
> FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> + * THE SOFTWARE.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "hw/ssi/mss-spi.h"
> +#include "qemu/log.h"
> +
> +#ifndef MSS_SPI_ERR_DEBUG
> +#define MSS_SPI_ERR_DEBUG   0
> +#endif
> +
> +#define DB_PRINT_L(lvl, fmt, args...) do { \
> +if (MSS_SPI_ERR_DEBUG >= lvl) { \
> +qemu_log("%s: " fmt "\n", __func__, ## args); \
> +} \
> +} while (0);
> +
> +#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
> +
> +#define FIFO_CAPACITY 32
> +
> +#define R_SPI_CONTROL 0
> +#define R_SPI_DFSIZE  1
> +#define R_SPI_STATUS  2
> +#define R_SPI_INTCLR  3
> +#define R_SPI_RX  4
> +#define R_SPI_TX  5
> +#define R_SPI_CLKGEN  6
> +#define R_SPI_SS  7
> +#define R_SPI_MIS 8
> +#define R_SPI_RIS 9
> +
> +#define S_TXDONE (1 << 0)
> +#define S_RXRDY  (1 << 1)
> +#define S_RXCHOVRF   (1 << 2)
> +#define S_RXFIFOFUL  (1 << 4)
> +#define S_RXFIFOFULNXT   (1 << 5)
> +#define S_RXFIFOEMP  (1 << 6)
> +#define S_RXFIFOEMPNXT   (1 << 7)
> +#define S_TXFIFOFUL  (1 << 8)
> +#define S_TXFIFOFULNXT   (1 << 9)
> +#define S_TXFIFOEMP  (1 << 10)
> +#define S_TXFIFOEMPNXT   (1 << 11)
> +#define S_FRAMESTART (1 << 12)
> +#define S_SSEL   (1 << 13)
> +#define S_ACTIVE (1 << 14)
> +
> +#define C_ENABLE (1 << 0)
> +#define C_MODE   (1 << 1)
> +#define C_INTRXDATA  (1 << 4)
> +#define C_INTTXDATA  (1 << 5)
> +#define C_INTRXOVRFLO(1 << 6)
> +#define C_SPS(1 << 26)
> +#define C_BIGFIFO(1 << 29)
> +#define C_RESET  (1 << 31)
> +
> +#define FRAMESZ_MASK 0x1F
> +#define FMCOUNT_MASK 0x0000
> +#define FMCOUNT_SHIFT8
> +
> +static void txfifo_reset(MSSSpiState *s)
> +{
> +fifo32_reset(>tx_fifo);
> +
> +s->regs[R_SPI_STATUS] &= ~S_TXFIFOFUL;
> +s->regs[R_SPI_STATUS] |= S_TXFIFOEMP;
> +}
> +
> +static void rxfifo_reset(MSSSpiState *s)
> +{
> +fifo32_reset(>rx_fifo);
> +
> +s->regs[R_SPI_STATUS] &= ~S_RXFIFOFUL;
> +s->regs[R_SPI_STATUS] |= S_RXFIFOEMP;
> +}
> +
> +static void set_fifodepth(MSSSpiState *s)
> +{
> +unsigned int size = s->regs[R_SPI_DFSIZE] & FRAMESZ_MASK;
> +
> +if (size <= 8) {
> +s->fifo_depth = 32;
> +} else if (size <= 16) {
> +s->fifo_depth = 16;

[Qemu-devel] [PATCH v7 05/13] tests: Add vm test lib

2017-09-12 Thread Fam Zheng 
This is the common code to implement a "VM test" to

  1) Download and initialize a pre-defined VM that has necessary
  dependencies to build QEMU and SSH access.

  2) Archive $SRC_PATH to a .tar file.

  3) Boot the VM, and pass the source tar file to the guest.

  4) SSH into the VM, untar the source tarball, build from the source.

Signed-off-by: Fam Zheng 
---
 tests/vm/basevm.py | 256 +
 1 file changed, 256 insertions(+)
 create mode 100755 tests/vm/basevm.py

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
new file mode 100755
index 00..e4603f3fba
--- /dev/null
+++ b/tests/vm/basevm.py
@@ -0,0 +1,256 @@
+#!/usr/bin/env python
+#
+# VM testing base class
+#
+# Copyright 2017 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#
+# This code is licensed under the GPL version 2 or later.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import logging
+import time
+import datetime
+sys.path.append(os.path.join(os.path.dirname(__file__), "..", "..", "scripts"))
+from qemu import QEMUMachine
+import subprocess
+import hashlib
+import optparse
+import atexit
+import tempfile
+import shutil
+import multiprocessing
+import traceback
+
+SSH_KEY = open(os.path.join(od.path.dirname(__file__),
+   "..", "keys", "id_rsa")).read()
+SSH_PUB_KEY = open(os.path.join(od.path.dirname(__file__),
+   "..", "keys", "id_rsa.pub")).read()
+
+class BaseVM(object):
+GUEST_USER = "qemu"
+GUEST_PASS = "qemupass"
+ROOT_PASS = "qemupass"
+
+# The script to run in the guest that builds QEMU
+BUILD_SCRIPT = ""
+# The guest name, to be overridden by subclasses
+name = "#base"
+def __init__(self, debug=False, vcpus=None):
+self._guest = None
+self._tmpdir = tempfile.mkdtemp(prefix="vm-test-", suffix=".tmp", 
dir=".")
+atexit.register(shutil.rmtree, self._tmpdir)
+
+self._ssh_key_file = os.path.join(self._tmpdir, "id_rsa")
+open(self._ssh_key_file, "w").write(SSH_KEY)
+subprocess.check_call(["chmod", "600", self._ssh_key_file])
+
+self._ssh_pub_key_file = os.path.join(self._tmpdir, "id_rsa.pub")
+open(self._ssh_pub_key_file, "w").write(SSH_PUB_KEY)
+
+self.debug = debug
+self._stderr = sys.stderr
+self._devnull = open(os.devnull, "w")
+if self.debug:
+self._stdout = sys.stdout
+else:
+self._stdout = self._devnull
+self._args = [ \
+"-nodefaults", "-m", "2G",
+"-cpu", "host",
+"-netdev", "user,id=vnet,hostfwd=:0.0.0.0:0-:22",
+"-device", "virtio-net-pci,netdev=vnet",
+"-vnc", ":0,to=20",
+"-serial", "file:%s" % os.path.join(self._tmpdir, "serial.out")]
+if vcpus:
+self._args += ["-smp", str(vcpus)]
+if os.access("/dev/kvm", os.R_OK | os.W_OK):
+self._args += ["-enable-kvm"]
+else:
+logging.info("KVM not available, not using -enable-kvm")
+self._data_args = []
+
+def _download_with_cache(self, url, sha256sum=None):
+def check_sha256sum(fname):
+if not sha256sum:
+return True
+checksum = subprocess.check_output(["sha256sum", fname]).split()[0]
+return sha256sum == checksum
+
+cache_dir = os.path.expanduser("~/.cache/qemu-vm/download")
+if not os.path.exists(cache_dir):
+os.makedirs(cache_dir)
+fname = os.path.join(cache_dir, hashlib.sha1(url).hexdigest())
+if os.path.exists(fname) and check_sha256sum(fname):
+return fname
+logging.debug("Downloading %s to %s...", url, fname)
+subprocess.check_call(["wget", "-c", url, "-O", fname + ".download"],
+  stdout=self._stdout, stderr=self._stderr)
+os.rename(fname + ".download", fname)
+return fname
+
+def _ssh_do(self, user, cmd, check, interactive=False):
+ssh_cmd = ["ssh", "-q",
+   "-o", "StrictHostKeyChecking=no",
+   "-o", "UserKnownHostsFile=" + os.devnull,
+   "-o", "ConnectTimeout=1",
+   "-p", self.ssh_port, "-i", self._ssh_key_file]
+if interactive:
+ssh_cmd += ['-t']
+assert not isinstance(cmd, str)
+ssh_cmd += ["%s@127.0.0.1" % user] + list(cmd)
+logging.debug("ssh_cmd: %s", " ".join(ssh_cmd))
+r = subprocess.call(ssh_cmd,
+stdin=sys.stdin if interactive else self._devnull,
+stdout=sys.stdout if interactive else self._stdout,
+stderr=sys.stderr if interactive else self._stderr)
+if check and r != 0:
+raise Exception("SSH command failed: %s" % cmd)
+return r
+
+def ssh(self, *cmd):
+return

[Qemu-devel] [PATCH v7 11/13] MAINTAINERS: Add tests/vm entry

2017-09-12 Thread Fam Zheng 
Signed-off-by: Fam Zheng 
Reviewed-by: Stefan Hajnoczi 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 36eeb42d19..42f5454311 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1891,6 +1891,7 @@ S: Maintained
 F: .travis.yml
 F: .shippable.yml
 F: tests/docker/
+F: tests/vm/
 W: https://travis-ci.org/qemu/qemu
 W: https://app.shippable.com/github/qemu/qemu
 W: http://patchew.org/QEMU/
-- 
2.13.5

[Qemu-devel] [PATCH v7 09/13] tests: Add OpenBSD image

2017-09-12 Thread Fam Zheng 
The image is prepared following instructions as in:

https://wiki.qemu.org/Hosts/BSD

Signed-off-by: Fam Zheng 
---
 tests/vm/openbsd | 43 +++
 1 file changed, 43 insertions(+)
 create mode 100755 tests/vm/openbsd

diff --git a/tests/vm/openbsd b/tests/vm/openbsd
new file mode 100755
index 00..6ae16d97fd
--- /dev/null
+++ b/tests/vm/openbsd
@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+#
+# OpenBSD VM image
+#
+# Copyright 2017 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#
+# This code is licensed under the GPL version 2 or later.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import subprocess
+import basevm
+
+class OpenBSDVM(basevm.BaseVM):
+name = "openbsd"
+BUILD_SCRIPT = """
+set -e;
+cd $(mktemp -d /var/tmp/qemu-test.XX);
+tar -xf /dev/rsd1c;
+./configure --cc=x86_64-unknown-openbsd6.1-gcc-4.9.4 
--python=python2.7 {configure_opts};
+gmake -j{jobs};
+# XXX: "gmake check" seems to always hang or fail
+#gmake check;
+"""
+
+def build_image(self, img):
+cimg = 
self._download_with_cache("http://download.patchew.org/openbsd-6.1-amd64.img.xz;,
+
sha256sum='8c6cedc483e602cfee5e04f0406c64eb99138495e8ca580bc0293bcf0640c1bf')
+img_tmp_xz = img + ".tmp.xz"
+img_tmp = img + ".tmp"
+subprocess.check_call(["cp", "-f", cimg, img_tmp_xz])
+subprocess.check_call(["xz", "-df", img_tmp_xz])
+if os.path.exists(img):
+os.remove(img)
+os.rename(img_tmp, img)
+
+if __name__ == "__main__":
+sys.exit(basevm.main(OpenBSDVM))
-- 
2.13.5

Re: [Qemu-devel] [RFC v2 19/32] vhost+postcopy: Resolve client address

2017-09-12 Thread Peter Xu 
On Mon, Sep 11, 2017 at 12:58:15PM +0100, Dr. David Alan Gilbert wrote:
> * Peter Xu (pet...@redhat.com) wrote:
> > On Thu, Aug 24, 2017 at 08:27:17PM +0100, Dr. David Alan Gilbert (git) 
> > wrote:
> > > From: "Dr. David Alan Gilbert" 
> > > 
> > > Resolve fault addresses read off the clients UFD into RAMBlock
> > > and offset, and call back to the postcopy code to ask for the page.
> > > 
> > > Signed-off-by: Dr. David Alan Gilbert 
> > > ---
> > >  hw/virtio/trace-events |  3 +++
> > >  hw/virtio/vhost-user.c | 30 +-
> > >  2 files changed, 32 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
> > > index 5067dee19b..f7d4b831fe 100644
> > > --- a/hw/virtio/trace-events
> > > +++ b/hw/virtio/trace-events
> > > @@ -1,6 +1,9 @@
> > >  # See docs/devel/tracing.txt for syntax documentation.
> > >  
> > >  # hw/virtio/vhost-user.c
> > > +vhost_user_postcopy_fault_handler(const char *name, uint64_t 
> > > fault_address, int nregions) "%s: @0x%"PRIx64" nregions:%d"
> > > +vhost_user_postcopy_fault_handler_loop(int i, uint64_t client_base, 
> > > uint64_t size) "%d: client 0x%"PRIx64" +0x%"PRIx64
> > > +vhost_user_postcopy_fault_handler_found(int i, uint64_t region_offset, 
> > > uint64_t rb_offset) "%d: region_offset: 0x%"PRIx64" rb_offset:0x%"PRIx64
> > >  vhost_user_postcopy_listen(void) ""
> > >  vhost_user_set_mem_table_postcopy(uint64_t client_addr, uint64_t qhva, 
> > > int reply_i, int region_i) "client:0x%"PRIx64" for hva: 0x%"PRIx64" reply 
> > > %d region %d"
> > >  vhost_user_set_mem_table_withfd(int index, const char *name, uint64_t 
> > > memory_size, uint64_t guest_phys_addr, uint64_t userspace_addr, uint64_t 
> > > offset) "%d:%s: size:0x%"PRIx64" GPA:0x%"PRIx64" 
> > > QVA/userspace:0x%"PRIx64" RB offset:0x%"PRIx64
> > > diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> > > index fbe2743298..2897ff70b3 100644
> > > --- a/hw/virtio/vhost-user.c
> > > +++ b/hw/virtio/vhost-user.c
> > > @@ -816,7 +816,35 @@ out:
> > >  static int vhost_user_postcopy_fault_handler(struct PostCopyFD *pcfd,
> > >   void *ufd)
> > >  {
> > > -return 0;
> > > +struct vhost_dev *dev = pcfd->data;
> > > +struct vhost_user *u = dev->opaque;
> > > +struct uffd_msg *msg = ufd;
> > > +uint64_t faultaddr = msg->arg.pagefault.address;
> > > +RAMBlock *rb = NULL;
> > > +uint64_t rb_offset;
> > > +int i;
> > > +
> > > +trace_vhost_user_postcopy_fault_handler(pcfd->idstr, faultaddr,
> > > +dev->mem->nregions);
> > > +for (i = 0; i < MIN(dev->mem->nregions, u->region_rb_len); i++) {
> > 
> > Should dev->mem->nregions always the same as u->region_rb_len?
> 
> u->region_rb_len only gets updated when vhost_user_set_mem_table is
> called, so I think there are short periods of time when they don't
> quite match.
> (We do have to take some more care than we are at the moment during
> updates, because this address resolution happens off the postcopy
> thread)

I see, so memory layout can change along the way...

But I still doubt whether this single MIN() can work.

Say, we have these arrays already:

- array A: dev->mem->regions[]
- array B: u->region_rb[]
- array C: u->postcopy_client_bases[]

These arrays should always be aligned with each other (index "i" of
array "A/B/C" will always describe the same memory region).  But since
we can change the memory layout dynamically during postcopy, then
array A can grow/shrink/change in following path:

  vhost_region_{add|delete}
updates array A  (1)
  vhost_region_{add|delete}
updates array A  (2)
  vhost_region_{add|delete}
updates array A  (3)
  ...
  vhost_commit
vhost_set_mem_table
  align arrays B/C with A(4)

IMHO array A may not really match B/C during step (1)-(3), until step
(4) to re-align them?  And if they are not aligned with each other, I
guess a single MIN() won't help much? (Since the indexing below would
be problematic?)

(Hmm, can we just disallow memory change during postcopy for now?)

> 
> > > +trace_vhost_user_postcopy_fault_handler_loop(i,
> > > +u->postcopy_client_bases[i], 
> > > dev->mem->regions[i].memory_size);
> > > +if (faultaddr >= u->postcopy_client_bases[i]) {

Ah, wait...

postcopy_client_bases[] is now defined with static size
VHOST_MEMORY_MAX_NREGIONS.  Shouldn't it be dynamically allocated as
well with dev->mem->nregions, just like vhost_user.region_rb[]?

Maybe we want to leave the postcopy_client_bases[i] be zeros when
dev->mem->regions[i] it's not a vhost-user supported region (without
"fd")?

> > > +/* Ofset of the fault address in the vhost region */
> > > +uint64_t region_offset = faultaddr - 
> > > u->postcopy_client_bases[i];
> > > +if (region_offset <=

[Qemu-devel] [PATCH v5 21/22] instrument: Add event 'guest_user_syscall_ret'

2017-09-12 Thread Lluís Vilanova 
Signed-off-by: Lluís Vilanova 
---
 bsd-user/syscall.c  |3 +++
 instrument/control.c|   15 +++
 instrument/events.h |5 +
 instrument/events.inc.h |   13 +
 instrument/load.c   |1 +
 instrument/qemu-instr/control.h |   13 +
 linux-user/syscall.c|1 +
 stubs/instrument.c  |2 ++
 8 files changed, 53 insertions(+)

diff --git a/bsd-user/syscall.c b/bsd-user/syscall.c
index 0d92eaf8c4..fb468c0574 100644
--- a/bsd-user/syscall.c
+++ b/bsd-user/syscall.c
@@ -407,6 +407,7 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 #endif
 if (do_strace)
 print_freebsd_syscall_ret(num, ret);
+instr_guest_user_syscall_ret(cpu, num, ret);
 trace_guest_user_syscall_ret(cpu, num, ret);
 return ret;
  efault:
@@ -485,6 +486,7 @@ abi_long do_netbsd_syscall(void *cpu_env, int num, abi_long 
arg1,
 #endif
 if (do_strace)
 print_netbsd_syscall_ret(num, ret);
+instr_guest_user_syscall_ret(cpu, num, ret);
 trace_guest_user_syscall_ret(cpu, num, ret);
 return ret;
  efault:
@@ -563,6 +565,7 @@ abi_long do_openbsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 #endif
 if (do_strace)
 print_openbsd_syscall_ret(num, ret);
+instr_guest_user_syscall_ret(cpu, num, ret);
 trace_guest_user_syscall_ret(cpu, num, ret);
 return ret;
  efault:
diff --git a/instrument/control.c b/instrument/control.c
index b3ef03798e..b5b1e0503d 100644
--- a/instrument/control.c
+++ b/instrument/control.c
@@ -210,3 +210,18 @@ SYM_PUBLIC void qi_event_set_guest_user_syscall(
 #endif
 instr_set_event(guest_user_syscall, fn);
 }
+
+
+void (*instr_event__guest_user_syscall_ret)(
+QICPU vcpu, uint64_t num, uint64_t ret);
+
+SYM_PUBLIC void qi_event_set_guest_user_syscall_ret(
+void (*fn)(QICPU vcpu, uint64_t num, uint64_t ret))
+{
+ERROR_IF(!instr_get_state(), "called outside instrumentation");
+ERROR_IF(!tcg_enabled(), "called without TCG");
+#if !defined(CONFIG_USER_ONLY)
+ERROR_IF(true, "called in full-system mode");
+#endif
+instr_set_event(guest_user_syscall_ret, fn);
+}
diff --git a/instrument/events.h b/instrument/events.h
index 8c944e1f91..6197ece466 100644
--- a/instrument/events.h
+++ b/instrument/events.h
@@ -75,6 +75,11 @@ static inline void instr_guest_user_syscall(
 CPUState *vcpu, uint64_t num, uint64_t arg1, uint64_t arg2, uint64_t arg3,
 uint64_t arg4, uint64_t arg5, uint64_t arg6, uint64_t arg7, uint64_t arg8);
 
+extern void (*instr_event__guest_user_syscall_ret)(
+QICPU vcpu, uint64_t num, uint64_t ret);
+static inline void instr_guest_user_syscall_ret(
+CPUState *vcpu, uint64_t num, uint64_t ret);
+
 
 #include "instrument/events.inc.h"
 
diff --git a/instrument/events.inc.h b/instrument/events.inc.h
index e2f4315fb0..d31dec54b8 100644
--- a/instrument/events.inc.h
+++ b/instrument/events.inc.h
@@ -94,3 +94,16 @@ static inline void instr_guest_user_syscall(
 instr_set_state(INSTR_STATE_DISABLE);
 }
 }
+
+static inline void instr_guest_user_syscall_ret(
+CPUState *vcpu, uint64_t num, uint64_t ret)
+{
+void (*cb)(QICPU vcpu, uint64_t num, uint64_t ret)
+= instr_get_event(guest_user_syscall_ret);
+if (cb) {
+instr_set_state(INSTR_STATE_ENABLE);
+QICPU vcpu_ = instr_cpu_to_qicpu(vcpu);
+(*cb)(vcpu_, num, ret);
+instr_set_state(INSTR_STATE_DISABLE);
+}
+}
diff --git a/instrument/load.c b/instrument/load.c
index a76f76e1d1..be13a90286 100644
--- a/instrument/load.c
+++ b/instrument/load.c
@@ -165,6 +165,7 @@ InstrUnloadError instr_unload(const char *id)
 instr_set_event(guest_mem_before_trans, NULL);
 instr_set_event(guest_mem_before_exec, NULL);
 instr_set_event(guest_user_syscall, NULL);
+instr_set_event(guest_user_syscall_ret, NULL);
 
 instr_cpu_stop_all_end();
 cpu_list_unlock();
diff --git a/instrument/qemu-instr/control.h b/instrument/qemu-instr/control.h
index 136058af4f..bc4e49bef1 100644
--- a/instrument/qemu-instr/control.h
+++ b/instrument/qemu-instr/control.h
@@ -157,6 +157,19 @@ void qi_event_set_guest_user_syscall(
uint64_t arg3, uint64_t arg4, uint64_t arg5, uint64_t arg6,
uint64_t arg7, uint64_t arg8));
 
+/*
+ * Finish executing a guest system call in syscall emulation mode.
+ *
+ * @num: System call number.
+ * @ret: System call result value.
+ *
+ * Mode: user
+ * Targets: TCG(all)
+ * Time: exec
+ */
+void qi_event_set_guest_user_syscall_ret(
+void (*fn)(QICPU vcpu, uint64_t num, uint64_t ret));
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index c9f0b9fa56..44b91e3c52 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -12398,6 +12398,7 @@ fail:
 #endif
 if(do_strace)
 print_syscall_ret(num, ret);
+instr_guest_user_syscall_ret(cpu, num, ret);

[Qemu-devel] [PATCH v2 2/2] spapr: preserve SDR1 during migration

2017-09-12 Thread Greg Kurz 
When running with KVM PR, a pseries machine needs to allocate an HPT
in userspace and pass its address and size too KVM. This is done at
machine reset time by hijacking SDR1.

It is very likely that the destination QEMU will allocate the HPT at
a different address, ie, the SDR1 value we get from the migration
stream is wrong and the guest ends up badly broken.

Let's fix this by preserving the pre-load value of SDR1. Since this is
a spapr specific hack, this is achieved by extending the PPC virtual
hypervisor interface.

Signed-off-by: Greg Kurz 
---
 hw/ppc/spapr.c   |   30 ++
 target/ppc/cpu.h |5 +
 target/ppc/machine.c |   18 ++
 3 files changed, 53 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 97f8afdbd7fe..aa280c9d767f 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1200,6 +1200,34 @@ static uint64_t spapr_get_patbe(PPCVirtualHypervisor 
*vhyp)
 return spapr->patb_entry;
 }
 
+static void spapr_cpu_pre_load(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu)
+{
+sPAPRMachineState *spapr = SPAPR_MACHINE(vhyp);
+
+/* This is a hack for KVM PR: SDR1 contains the address and size of the HPT
+ * allocated by QEMU. We must preserve it.
+ */
+if (kvm_enabled() && spapr->htab) {
+CPUPPCState *env = >env;
+
+cpu->sdr1_kvm_pr = env->spr[SPR_SDR1];
+}
+}
+
+static void spapr_cpu_post_load(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu)
+{
+sPAPRMachineState *spapr = SPAPR_MACHINE(vhyp);
+
+/* This is a hack for KVM PR: SDR1 contains the address and size of the HPT
+ * allocated by QEMU. We must preserve it.
+ */
+if (kvm_enabled() && spapr->htab) {
+CPUPPCState *env = >env;
+
+env->spr[SPR_SDR1] = cpu->sdr1_kvm_pr;
+}
+}
+
 #define HPTE(_table, _i)   (void *)(((uint64_t *)(_table)) + ((_i) * 2))
 #define HPTE_VALID(_hpte)  (tswap64(*((uint64_t *)(_hpte))) & HPTE64_V_VALID)
 #define HPTE_DIRTY(_hpte)  (tswap64(*((uint64_t *)(_hpte))) & 
HPTE64_V_HPTE_DIRTY)
@@ -3624,6 +3652,8 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 vhc->unmap_hptes = spapr_unmap_hptes;
 vhc->store_hpte = spapr_store_hpte;
 vhc->get_patbe = spapr_get_patbe;
+vhc->cpu_pre_load = spapr_cpu_pre_load;
+vhc->cpu_post_load = spapr_cpu_post_load;
 xic->ics_get = spapr_ics_get;
 xic->ics_resend = spapr_ics_resend;
 xic->icp_get = spapr_icp_get;
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index c9d3ffa89bcb..22ea2538d923 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1212,6 +1212,9 @@ struct PowerPCCPU {
 uint64_t mig_insns_flags2;
 uint32_t mig_nb_BATs;
 bool pre_2_10_migration;
+
+/* KVM PR hack to preserve SDR1 (HPT) */
+target_ulong sdr1_kvm_pr;
 };
 
 static inline PowerPCCPU *ppc_env_get_cpu(CPUPPCState *env)
@@ -1243,6 +1246,8 @@ struct PPCVirtualHypervisorClass {
 void (*store_hpte)(PPCVirtualHypervisor *vhyp, hwaddr ptex,
uint64_t pte0, uint64_t pte1);
 uint64_t (*get_patbe)(PPCVirtualHypervisor *vhyp);
+void (*cpu_pre_load)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu);
+void (*cpu_post_load)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu);
 };
 
 #define TYPE_PPC_VIRTUAL_HYPERVISOR "ppc-virtual-hypervisor"
diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index e36b7100cb66..c4d32c886367 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -218,6 +218,19 @@ static bool pvr_match(PowerPCCPU *cpu, uint32_t pvr)
 return pcc->pvr_match(pcc, pvr);
 }
 
+static int cpu_pre_load(void *opaque)
+{
+PowerPCCPU *cpu = opaque;
+
+if (cpu->vhyp) {
+PPCVirtualHypervisorClass *vhc =
+PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
+vhc->cpu_pre_load(cpu->vhyp, cpu);
+}
+
+return 0;
+}
+
 static int cpu_post_load(void *opaque, int version_id)
 {
 PowerPCCPU *cpu = opaque;
@@ -294,6 +307,10 @@ static int cpu_post_load(void *opaque, int version_id)
 
 if (!cpu->vhyp) {
 ppc_store_sdr1(env, env->spr[SPR_SDR1]);
+} else {
+PPCVirtualHypervisorClass *vhc =
+PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
+vhc->cpu_post_load(cpu->vhyp, cpu);
 }
 
 /* Invalidate all msr bits except MSR_TGPR/MSR_HVB before restoring */
@@ -650,6 +667,7 @@ const VMStateDescription vmstate_ppc_cpu = {
 .minimum_version_id_old = 4,
 .load_state_old = cpu_load_old,
 .pre_save = cpu_pre_save,
+.pre_load = cpu_pre_load,
 .post_load = cpu_post_load,
 .fields = (VMStateField[]) {
 VMSTATE_UNUSED(sizeof(target_ulong)), /* was _EQUAL(env.spr[SPR_PVR]) 
*/

[Qemu-devel] [PATCH v7 00/13] tests: Add VM based build tests (for non-x86_64 and/or non-Linux)

2017-09-12 Thread Fam Zheng 
v7: Add Alex's rev-by to patch 2.
GPLv2 => GPLv2+ for all new files. [Peter]
Add more description in file header to archive-source.sh for the intended
usage.  [Peter]
"output tarball" in usage. [Alex]
Add quotes to "$1". [Peter]
Put generated keys in separate files. [Alex]
Use os.devnull. [Alex]
More error info when launching QEMU fails. [Alex]

v6: Add license to new file. [Philippe]
Change tests/.gitignore. [Philippe]

v5: Generate source tar file with a script.
Fix tmpdir, use pwd.
Reduce default -j to half cores.

v4: Drop unused imports and parameters. [Cleber]
Use --exclude-vcs (still no --exclude-vcs-ignores because it's too new). 
[Philippe]
Use gtar if available. [Philippe, Kamil]
/dev/ld1a -> /dev/rld1a for netbsd. [Kamil]
Only use '-enable-kvm' if /dev/kvm is there. [Kamil]
Grammar fixes of README. [Stefan]
Rename image on the server to include version and arch. [Kamil]
Just ignore *.tmp. [Philippe]

v3: Drop RFC.
Add Stefan's and Kamil's reviewed-bys.
Use optparse. [Stefan]
Drop the VGA patch. [Paolo, Stefan]
Improve exit/exit code/doc. [Stefan]
Drop unused line from basevm.py. [Stefan]
Drop "--target-list" form Makefile.
More intelligent '-j'.
Add README. [Stefan]

v2: - Add docstring. [Stefan]
- Call self._load_io_lod. [Stefan]
- Use "info usernet" and dynamic ssh_port forwarding. [Stefan]
- Add image checksum.
- Use os.rename() and os.makedirs(). [Stefan]
- Fix NetBSD URL. [Kamil]

Build tests in one 32 bit Linux guest and three BSD images are defined in this
series. This is a more managable way than the manually maintained virtual
machines in patchew. Also, one big advantage of ephemeral VMs over long running
guests is the reduced RAM usage of host, which makes it possible to have one
host test all these BSD variants and probably more.

The BSD guest templates are manually prepared following

https://wiki.qemu.org/Hosts/BSD

as it is not easy to automate. (The ideal approach is like the ubuntu.i386
script, which configures the guest on top of an official released image, fully
automatically.)

Need for help: "gmake check" in the added OpenBSD image fails with -ENOMEM
errors, even if I change "-m 2G" to "-m 8G" when starting VM. Ideas? And there
is a warning from ./configure about OpenBSD going to be unsupported in coming
releases, is it still the case?

Fam

Fam Zheng (13):
  gitignore: Ignore vm test images
  qemu.py: Add "wait()" method
  scripts: Add archive-source.sh
  tests: Add a test key pair
  tests: Add vm test lib
  tests: Add ubuntu.i386 image
  tests: Add FreeBSD image
  tests: Add NetBSD image
  tests: Add OpenBSD image
  Makefile: Add rules to run vm tests
  MAINTAINERS: Add tests/vm entry
  tests: Add README for vm tests
  docker: Use archive-source.py

 .gitignore|   1 +
 MAINTAINERS   |   1 +
 Makefile  |   2 +
 configure |   2 +-
 scripts/archive-source.sh |  33 ++
 scripts/qemu.py   |   7 ++
 tests/.gitignore  |   1 +
 tests/docker/Makefile.include |  15 +--
 tests/docker/run  |   8 +-
 tests/keys/id_rsa |  27 +
 tests/keys/id_rsa.pub |   1 +
 tests/vm/Makefile.include |  42 +++
 tests/vm/README   |  63 +++
 tests/vm/basevm.py| 256 ++
 tests/vm/freebsd  |  42 +++
 tests/vm/netbsd   |  42 +++
 tests/vm/openbsd  |  43 +++
 tests/vm/ubuntu.i386  |  88 +++
 18 files changed, 653 insertions(+), 21 deletions(-)
 create mode 100755 scripts/archive-source.sh
 create mode 100644 tests/keys/id_rsa
 create mode 100644 tests/keys/id_rsa.pub
 create mode 100644 tests/vm/Makefile.include
 create mode 100644 tests/vm/README
 create mode 100755 tests/vm/basevm.py
 create mode 100755 tests/vm/freebsd
 create mode 100755 tests/vm/netbsd
 create mode 100755 tests/vm/openbsd
 create mode 100755 tests/vm/ubuntu.i386

-- 
2.13.5

[Qemu-devel] [PATCH v7 01/13] gitignore: Ignore vm test images

2017-09-12 Thread Fam Zheng 
Signed-off-by: Fam Zheng 
---
 .gitignore   | 1 +
 tests/.gitignore | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index cf65316863..40acfcb9e2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,6 +52,7 @@
 /vscclient
 /vhost-user-scsi
 /fsdev/virtfs-proxy-helper
+*.tmp
 *.[1-9]
 *.a
 *.aux
diff --git a/tests/.gitignore b/tests/.gitignore
index fed0189a5a..cf6d99c91e 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -95,3 +95,4 @@ test-filter-mirror
 test-filter-redirector
 *-test
 qapi-schema/*.test.*
+vm/*.img
-- 
2.13.5

Re: [Qemu-devel] [PATCH v2 1/2] spapr: introduce common helper to write HPT address to KVM PR

2017-09-12 Thread David Gibson 
On Wed, Sep 13, 2017 at 12:24:53AM +0200, Greg Kurz wrote:
> When running with KVM PR, if a new HPT is allocated we need to inform
> KVM about the HPT address and size. This is currently done with a hack
> which is open-coded in several places.
> 
> This patch consolidate the code in a dedicated helper that records
> the HPT address and size in the sPAPR context, and then does the
> magic for KVM PR.
> 
> Note that ppc_spapr_reset() now resets all devices and CPUs before
> allocating the HPT. This allows to drop the hack from spapr_cpu_reset().
> 
> Signed-off-by: Greg Kurz 

I like this more than the previous spin, but while discussing stuff
with SamB, I thought up a different approach, which I think will be
both cleaner and simpler.

It basically doesn't make sense to put the userspace HPT pointer into
env->spr[SDR1], we only do it to make kvmppc_put_books_sregs() do the
right thing.

Instead, we can have kvmppc_put_books_sregs() populate the "SDR1"
field in kvm_sregs from a vhyp hook.  We already have the reverse side
in that kvmppc_get_books_sregs() doesn't update the internal SDR1
value if vhyp is set.

In any case the spapr hook would compute the correct value direct from
spapr->htab.

After incoming migration I'm not sure we need to do anything - I think
we already do a pretty thorough register resync with KVM.

> ---
>  hw/ppc/spapr.c  |   31 ++-
>  hw/ppc/spapr_cpu_core.c |   15 ---
>  hw/ppc/spapr_hcall.c|   16 +---
>  include/hw/ppc/spapr.h  |1 +
>  4 files changed, 28 insertions(+), 35 deletions(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index f680f28a15ea..97f8afdbd7fe 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1309,6 +1309,25 @@ void spapr_free_hpt(sPAPRMachineState *spapr)
>  close_htab_fd(spapr);
>  }
>  
> +void spapr_install_hpt(sPAPRMachineState *spapr, void *htab, uint32_t shift)
> +{
> +assert(htab);
> +
> +spapr->htab = htab;
> +spapr->htab_shift = shift;
> +
> +/*
> + * This is a hack for the benefit of KVM PR - it abuses the SDR1
> + * slot in kvm_sregs to communicate the userspace address of the
> + * HPT
> + */
> +if (kvm_enabled()) {
> +target_ulong sdr1 = (target_ulong)(uintptr_t)spapr->htab
> +| (spapr->htab_shift - 18);
> +kvmppc_update_sdr1(sdr1);
> +}
> +}
> +
>  void spapr_reallocate_hpt(sPAPRMachineState *spapr, int shift,
>Error **errp)
>  {
> @@ -1339,16 +1358,17 @@ void spapr_reallocate_hpt(sPAPRMachineState *spapr, 
> int shift,
>  /* kernel-side HPT not needed, allocate in userspace instead */
>  size_t size = 1ULL << shift;
>  int i;
> +void *htab;
>  
> -spapr->htab = qemu_memalign(size, size);
> -if (!spapr->htab) {
> +htab = qemu_memalign(size, size);
> +if (!htab) {
>  error_setg_errno(errp, errno,
>   "Could not allocate HPT of order %d", shift);
>  return;
>  }
>  
> -memset(spapr->htab, 0, size);
> -spapr->htab_shift = shift;
> +memset(htab, 0, size);
> +spapr_install_hpt(spapr, htab, shift);
>  
>  for (i = 0; i < size / HASH_PTE_SIZE_64; i++) {
>  DIRTY_HPTE(HPTE(spapr->htab, i));
> @@ -1405,6 +1425,8 @@ static void ppc_spapr_reset(void)
>  /* Check for unknown sysbus devices */
>  foreach_dynamic_sysbus_device(find_unknown_sysbus_device, NULL);
>  
> +qemu_devices_reset();
> +
>  if (kvm_enabled() && kvmppc_has_cap_mmu_radix()) {
>  /* If using KVM with radix mode available, VCPUs can be started
>   * without a HPT because KVM will start them in radix mode.
> @@ -1414,7 +1436,6 @@ static void ppc_spapr_reset(void)
>  spapr_setup_hpt_and_vrma(spapr);
>  }
>  
> -qemu_devices_reset();
>  spapr_clear_pending_events(spapr);
>  
>  /*
> diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> index c08ee7571a50..c20b5c64b045 100644
> --- a/hw/ppc/spapr_cpu_core.c
> +++ b/hw/ppc/spapr_cpu_core.c
> @@ -73,7 +73,6 @@ void spapr_cpu_parse_features(sPAPRMachineState *spapr)
>  
>  static void spapr_cpu_reset(void *opaque)
>  {
> -sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
>  PowerPCCPU *cpu = opaque;
>  CPUState *cs = CPU(cpu);
>  CPUPPCState *env = >env;
> @@ -86,20 +85,6 @@ static void spapr_cpu_reset(void *opaque)
>  cs->halted = 1;
>  
>  env->spr[SPR_HIOR] = 0;
> -
> -/*
> - * This is a hack for the benefit of KVM PR - it abuses the SDR1
> - * slot in kvm_sregs to communicate the userspace address of the
> - * HPT
> - */
> -if (kvm_enabled()) {
> -env->spr[SPR_SDR1] = (target_ulong)(uintptr_t)spapr->htab
> -| (spapr->htab_shift - 18);
> -if (kvmppc_put_books_sregs(cpu) < 0) {
> -error_report("Unable to update

Re: [Qemu-devel] [PATCH v3 0/3] hmp: fix "dump-quest-memory" segfault

2017-09-12 Thread David Gibson 
On Tue, Sep 12, 2017 at 04:36:30PM +0100, Dr. David Alan Gilbert wrote:
> * Thomas Huth (th...@redhat.com) wrote:
> > On 12.09.2017 16:46, Greg Kurz wrote:
> > > On Tue, 12 Sep 2017 16:01:46 +0200
> > > Laurent Vivier  wrote:
> > > 
> > >> Fix aarch64 and ppc when dump-guest-memory is
> > >> used with none machine type and no CPU.
> > >>
> > >> The other machine types don't have the problem.
> > >>
> > >> Update test-hmp, to test none machine type
> > >> with (2 MB) and without memory, and add a test
> > >> to test dump-quest-memory without filter parameters
> > >> (it needs the fix from Cornelia Huck to work)
> > >>
> > >> v3:
> > >>   - remove blank line after a comment
> > >>   - forbid memory dump when there is no CPU
> > >>
> > > 
> > > So in the end, we would forbid dump on aarch64 and
> > > ppc, while it is allowed on i386... I don't really
> > > care about which behavior is more appropriate but
> > > I guess they should be consistent at least.
> > 
> > It's kind of consistent: Allow it on architectures with fixed endianess,
> > but disallow it on architectures without fixed endianess ;-)
> 
> Another way to put it is that you can dump unless you need
> information about the CPU.
> 
> It also makes me wonder what happens on those CPUs that can
> change their endianness dynamically.

We already have code for that on ppc, we actually look in on the CPU's
mode register at dump time to decide which.  Theoretically that could
still be tricked, but in the almost-always case of boot an OS which
sets the endianness then leaves it there, it should be fine.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v3 1/3] hmp: fix "dump-quest-memory" segfault (ppc)

2017-09-12 Thread David Gibson 
On Tue, Sep 12, 2017 at 04:01:47PM +0200, Laurent Vivier wrote:
> Running QEMU with
> qemu-system-ppc64 -M none -nographic -m 256
> and executing
> dump-guest-memory /dev/null 0 8192
> results in segfault
> 
> Fix by checking if we have CPU, and exit with
> error if there is no CPU:
> 
> (qemu) dump-guest-memory /dev/null
> this feature or command is not currently supported
> 
> Signed-off-by: Laurent Vivier 

Applied to ppc-for-2.11.  I'm not really sure what to do with the rest
of the series though.

> ---
>  target/ppc/arch_dump.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/target/ppc/arch_dump.c b/target/ppc/arch_dump.c
> index 8e9397aa58..95b9ab6f29 100644
> --- a/target/ppc/arch_dump.c
> +++ b/target/ppc/arch_dump.c
> @@ -224,8 +224,15 @@ typedef struct NoteFuncDescStruct NoteFuncDesc;
>  int cpu_get_dump_info(ArchDumpInfo *info,
>const struct GuestPhysBlockList *guest_phys_blocks)
>  {
> -PowerPCCPU *cpu = POWERPC_CPU(first_cpu);
> -PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
> +PowerPCCPU *cpu;
> +PowerPCCPUClass *pcc;
> +
> +if (first_cpu == NULL) {
> +return -1;
> +}
> +
> +cpu = POWERPC_CPU(first_cpu);
> +pcc = POWERPC_CPU_GET_CLASS(cpu);
>  
>  info->d_machine = PPC_ELF_MACHINE;
>  info->d_class = ELFCLASS;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [RFC v2 16/32] vhost+postcopy: Send address back to qemu

2017-09-12 Thread Peter Xu 
On Tue, Sep 12, 2017 at 06:15:13PM +0100, Dr. David Alan Gilbert wrote:
> * Peter Xu (pet...@redhat.com) wrote:
> > On Thu, Aug 24, 2017 at 08:27:14PM +0100, Dr. David Alan Gilbert (git) 
> > wrote:
> > > From: "Dr. David Alan Gilbert" 
> > > 
> > > We need a better way, but at the moment we need the address of the
> > > mappings sent back to qemu so it can interpret the messages on the
> > > userfaultfd it reads.
> > > 
> > > Note: We don't ask for the default 'ack' reply since we've got our own.
> > > 
> > > Signed-off-by: Dr. David Alan Gilbert 
> > > ---
> > >  contrib/libvhost-user/libvhost-user.c | 15 -
> > >  docs/interop/vhost-user.txt   |  6 
> > >  hw/virtio/trace-events|  1 +
> > >  hw/virtio/vhost-user.c| 57 
> > > ++-
> > >  4 files changed, 77 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/contrib/libvhost-user/libvhost-user.c 
> > > b/contrib/libvhost-user/libvhost-user.c
> > > index e6ab059a03..5ec54f7d60 100644
> > > --- a/contrib/libvhost-user/libvhost-user.c
> > > +++ b/contrib/libvhost-user/libvhost-user.c
> > > @@ -477,13 +477,26 @@ vu_set_mem_table_exec(VuDev *dev, VhostUserMsg 
> > > *vmsg)
> > >  DPRINT("%s: region %d: Registered userfault for %llx + 
> > > %llx\n",
> > >  __func__, i, reg_struct.range.start, 
> > > reg_struct.range.len);
> > >  /* TODO: Stash 'zero' support flags somewhere */
> > > -/* TODO: Get address back to QEMU */
> > >  
> > > +/* TODO: We need to find a way for the qemu not to see the 
> > > virtual
> > > + * addresses of the clients, so as to keep better separation.
> > > + */
> > > +/* Return the address to QEMU so that it can translate the 
> > > ufd
> > > + * fault addresses back.
> > > + */
> > > +msg_region->userspace_addr = (uintptr_t)(mmap_addr +
> > > + 
> > > dev_region->mmap_offset);
> > >  }
> > >  
> > >  close(vmsg->fds[i]);
> > >  }
> > >  
> > > +if (dev->postcopy_listening) {
> > > +/* Need to return the addresses - send the updated message back 
> > > */
> > > +vmsg->fd_num = 0;
> > > +return true;
> > > +}
> > > +
> > >  return false;
> > >  }
> > >  
> > > diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
> > > index 73c3dd74db..b2a548c94d 100644
> > > --- a/docs/interop/vhost-user.txt
> > > +++ b/docs/interop/vhost-user.txt
> > > @@ -413,12 +413,18 @@ Master message types
> > >Id: 5
> > >Equivalent ioctl: VHOST_SET_MEM_TABLE
> > >Master payload: memory regions description
> > > +  Slave payload: (postcopy only) memory regions description
> > >  
> > >Sets the memory map regions on the slave so it can translate the 
> > > vring
> > >addresses. In the ancillary data there is an array of file 
> > > descriptors
> > >for each memory mapped region. The size and ordering of the fds 
> > > matches
> > >the number and ordering of memory regions.
> > >  
> > > +  When postcopy-listening has been received, SET_MEM_TABLE replies 
> > > with
> > > +  the bases of the memory mapped regions to the master.  It must 
> > > have mmap'd
> > > +  the regions and enabled userfaultfd on them.  Note NEED_REPLY_MASK
> > > +  is not set in this case.
> > > +
> > >   * VHOST_USER_SET_LOG_BASE
> > >  
> > >Id: 6
> > > diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
> > > index f736c7c84f..63fd4a79cf 100644
> > > --- a/hw/virtio/trace-events
> > > +++ b/hw/virtio/trace-events
> > > @@ -2,6 +2,7 @@
> > >  
> > >  # hw/virtio/vhost-user.c
> > >  vhost_user_postcopy_listen(void) ""
> > > +vhost_user_set_mem_table_postcopy(uint64_t client_addr, uint64_t qhva, 
> > > int reply_i, int region_i) "client:0x%"PRIx64" for hva: 0x%"PRIx64" reply 
> > > %d region %d"
> > >  
> > >  # hw/virtio/virtio.c
> > >  virtqueue_alloc_element(void *elem, size_t sz, unsigned in_num, unsigned 
> > > out_num) "elem %p size %zd in_num %u out_num %u"
> > > diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> > > index 9178271ab2..2e4eb0864a 100644
> > > --- a/hw/virtio/vhost-user.c
> > > +++ b/hw/virtio/vhost-user.c
> > > @@ -19,6 +19,7 @@
> > >  #include "qemu/sockets.h"
> > >  #include "migration/migration.h"
> > >  #include "migration/postcopy-ram.h"
> > > +#include "trace.h"
> > >  
> > >  #include 
> > >  #include 
> > > @@ -133,6 +134,7 @@ struct vhost_user {
> > >  int slave_fd;
> > >  NotifierWithReturn postcopy_notifier;
> > >  struct PostCopyFD  postcopy_fd;
> > > +uint64_t   postcopy_client_bases[VHOST_MEMORY_MAX_NREGIONS];
> > >  };
> > >  
> > >  static bool ioeventfd_enabled(void)
> > > @@ -300,11 +302,13 @@ static int vhost_user_set_log_base(struct

Re: [Qemu-devel] [Qemu-ppc] [RFC PATCH] tests: Add a device_add/del HMP test

2017-09-12 Thread Thomas Huth 
On 12.09.2017 19:37, Eduardo Habkost wrote:
> On Mon, Sep 11, 2017 at 08:13:21AM +0200, Thomas Huth wrote:
>> On 09.09.2017 22:41, Eduardo Habkost wrote:
>>> On Wed, Sep 06, 2017 at 08:59:32AM +0200, Markus Armbruster wrote:
 Thomas Huth  writes:

> On 05.09.2017 18:48, Dr. David Alan Gilbert wrote:
>> * Markus Armbruster (arm...@redhat.com) wrote:
>>> Thomas Huth  writes:
>>>
 People tend to forget to mark internal devices with "user_creatable = 
 false
 or hotpluggable = false, and these devices can crash QEMU if added via 
 the
 HMP monitor. So let's add a test to run through all devices and that 
 tries
 to add them blindly (without arguments) to see whether this could 
 crash the
 QEMU instance.
>> [...]
>>> * The device supports only cold plug with -device, not hot plug with
>>>   device_add.
>
> We've got Eduardo's scripts/device-crash-test script for that already,
> so no need to cover that here.

 Point taken.  So this test is really about hot plug / unplug.  Suggest
 to clarify the commit message: s/add them blindly/hotplug and unplug
 them blindly/.
>>>
>>> We could extend device-crash-test to test device_add too, as it
>>> already has extra code to deal with known crashes and testing
>>> multiple machine-types.  Also, any additional code we write to
>>> ensure we add mandatory arguments or plug only to valid buses
>>> would apply to both -device and device_add.  I also think Python
>>> test code is easier to maintain and extend, but that's just my
>>> personal preference.
>>
>> Adding device_add/del support to device-crash-test is certainly an
>> option. The problem is that nobody runs it by default, so this won't
>> help to avoid that new problems are being committed to the repository.
>>
>> I think we really should have a test for "make check", too. So would my
>> test be acceptable if I'd rewrite it to use QMP instead (I don't think I
>> could do the full list that Markus mentioned, but at least a basic test
>> via QMP as a start)?
> 
> We can run device-crash-test on "make check", we just need to
> choose what's the subset of tests we want to run (because testing
> all machine+device+target combinations would take too long).

Maybe we should just run it one time for every machine - and try to add
all available devices at once?

 Thomas

[Qemu-devel] [PATCH v5 22/22] instrument: Add API to manipulate guest memory

2017-09-12 Thread Lluís Vilanova 
It includes access to the guest's memory and vCPU registers.

Signed-off-by: Lluís Vilanova 
---
 instrument/Makefile.objs  |1 
 instrument/qemu-instr/state.h |  104 +
 instrument/state.c|   73 +
 3 files changed, 178 insertions(+)
 create mode 100644 instrument/qemu-instr/state.h
 create mode 100644 instrument/state.c

diff --git a/instrument/Makefile.objs b/instrument/Makefile.objs
index d7e6c760c3..ee482bdb45 100644
--- a/instrument/Makefile.objs
+++ b/instrument/Makefile.objs
@@ -5,3 +5,4 @@ target-obj-$(CONFIG_INSTRUMENT) += load.o
 target-obj-$(CONFIG_INSTRUMENT) += qmp.o
 target-obj-$(CONFIG_INSTRUMENT) += control.o
 target-obj-$(CONFIG_INSTRUMENT) += trace.o
+target-obj-$(CONFIG_INSTRUMENT) += state.o
diff --git a/instrument/qemu-instr/state.h b/instrument/qemu-instr/state.h
new file mode 100644
index 00..0ae6255fe5
--- /dev/null
+++ b/instrument/qemu-instr/state.h
@@ -0,0 +1,104 @@
+/*
+ * Interface for accessing guest state.
+ *
+ * Copyright (C) 2012-2017 Lluís Vilanova 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef QI__STATE_H
+#define QI__STATE_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include 
+
+
+/**
+ * qi_mem_read_virt:
+ * @vcpu: CPU to use for address translation.
+ * @vaddr: Starting virtual address to read from.
+ * @size: Number of bytes to read.
+ * @buf: Buffer to write into.
+ *
+ * Read contents from virtual memory.
+ *
+ * Returns: Whether the range of virtual addresses to read could be translated.
+ *
+ * Warning: Even on error, some of the destination buffer might have been
+ *  modified.
+ *
+ * Precondition: The output buffer has at least "size" bytes.
+ */
+bool qi_mem_read_virt(QICPU vcpu, uint64_t vaddr, size_t size, void *buf);
+
+/**
+ * qi_mem_write_virt:
+ * @vcpu: CPU to use for address translation.
+ * @vaddr: Starting virtual address to write into.
+ * @size: Number of bytes to write.
+ * @buf: Buffer with the contents to write from.
+ *
+ * Write contents into virtual memory.
+ *
+ * Returns: Whether the range of virtual addresses to write could be 
translated.
+ *
+ * Warning: Even on error, some of the destination memory might have been
+ *  modified.
+ * Precondition: The input buffer has at least "size" bytes.
+ */
+bool qi_mem_write_virt(QICPU vcpu, uint64_t vaddr, size_t size, void *buf);
+
+/**
+ * qi_mem_virt_to_phys:
+ * @vcpu: CPU to use for address translation.
+ * @vaddr: Virtual address to translate.
+ * @paddr: Pointer to output physical address.
+ *
+ * Translate a virtual address into a physical address.
+ *
+ * Returns: Whether the address could be translated.
+ */
+bool qi_mem_virt_to_phys(QICPU vcpu, uint64_t vaddr, uint64_t *paddr);
+
+/**
+ * qi_mem_read_phys:
+ * @paddr: Starting physical address to read from.
+ * @size: Number of bytes to read.
+ * @buf: Buffer to write into.
+ *
+ * Read contents from physical memory.
+ *
+ * Returns: Whether the range of physical addresses is valid.
+ *
+ * Warning: Even on error, some of the destination buffer might have been
+ *  modified.
+ * Precondition: The output buffer has at least "size" bytes.
+ */
+bool qi_mem_read_phys(uint64_t paddr, size_t size, void *buf);
+
+/**
+ * qi_mem_write_phys:
+ * @paddr: Starting physical address to write into.
+ * @size: Number of bytes to write.
+ * @buf: Buffer with the contents to write from.
+ *
+ * Write contents into virtual memory.
+ *
+ * Returns: Whether the range of physical addresses is valid.
+ *
+ * Warning: Even on error, some of the destination memory might have been
+ *  modified.
+ *
+ * Precondition: The input buffer has at least "size" bytes.
+ */
+bool qi_mem_write_phys(uint64_t paddr, size_t size, void *buf);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  /* QI__STATE_H */
diff --git a/instrument/state.c b/instrument/state.c
new file mode 100644
index 00..e76fd5fbcd
--- /dev/null
+++ b/instrument/state.c
@@ -0,0 +1,73 @@
+/*
+ * Interface for accessing guest state.
+ *
+ * Copyright (C) 2012-2017 Lluís Vilanova 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "qemu/compiler.h"
+#include "cpu.h"
+#include "exec/cpu-all.h"
+#include "instrument/control.h"
+#include "instrument/error.h"
+#include "instrument/qemu-instr/state.h"
+
+
+SYM_PUBLIC bool qi_mem_read_virt(QICPU vcpu, uint64_t vaddr,
+ size_t size, void *buf)
+{
+CPUState *vcpu_ = instr_cpu_from_qicpu(vcpu);
+ERROR_IF_RET(!instr_get_state(), false, "called outside instrumentation");
+ERROR_IF_RET(!vcpu_, false, "invalid QICPU");
+return cpu_memory_rw_debug(vcpu_, vaddr, buf, size, 0) == 0;
+}
+
+SYM_PUBLIC

Re: [Qemu-devel] [Qemu-ppc] [PATCH 2/4] ppc: add CPU IRQ state to PPC VMStateDescription

2017-09-12 Thread Alexey Kardashevskiy 
On 13/09/17 02:46, Mark Cave-Ayland wrote:
> On 12/09/17 17:41, Mark Cave-Ayland wrote:
> 
>> The commit message mentions that prior to the conversion some CPU state
>> was missing but it doesn't mention anything about dropping existing
>> fields as part of the conversion process so I suspect that this was an
>> accidental side-effect.
> 
> Actually I've clicked send a little too early here since re-reading the
> last paragraph of a90db15 I can see the inference here: "Exactly what
> needs to be saved in what configurations has been more carefully
> examined, too".
> 
> Alexey - do you recall from your analysis why these fields were no
> longer deemed necessary, and how your TCG tests were configured?

I most certainly did not do analysis (my bad. sorry) - I took the patch
from David as he left the team, fixed to compile and pushed away. I am also
very suspicions we did not try migrating TCG or anything but pseries. My
guest that things did not break (if they did not which I am not sure about,
for the TCG case) because the interrupt controller (XICS) or the
pseries-guest took care of resending an interrupt which does not seem to be
the case for mac99.


-- 
Alexey

[Qemu-devel] [PATCH v7 06/13] tests: Add ubuntu.i386 image

2017-09-12 Thread Fam Zheng 
This adds a 32bit guest.

The official LTS cloud image is downloaded and initialized with
cloud-init.

Signed-off-by: Fam Zheng 
---
 tests/vm/ubuntu.i386 | 88 
 1 file changed, 88 insertions(+)
 create mode 100755 tests/vm/ubuntu.i386

diff --git a/tests/vm/ubuntu.i386 b/tests/vm/ubuntu.i386
new file mode 100755
index 00..e70dcb89ce
--- /dev/null
+++ b/tests/vm/ubuntu.i386
@@ -0,0 +1,88 @@
+#!/usr/bin/env python
+#
+# Ubuntu i386 image
+#
+# Copyright 2017 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#
+# This code is licensed under the GPL version 2 or later.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import subprocess
+import basevm
+import time
+
+class UbuntuX86VM(basevm.BaseVM):
+name = "ubuntu.i386"
+BUILD_SCRIPT = """
+set -e;
+cd $(mktemp -d);
+sudo chmod a+r /dev/vdb;
+tar -xf /dev/vdb;
+./configure {configure_opts};
+make -j{jobs};
+make check;
+"""
+
+def _gen_cloud_init_iso(self):
+cidir = self._tmpdir
+mdata = open(os.path.join(cidir, "meta-data"), "w")
+mdata.writelines(["instance-id: ubuntu-vm-0\n",
+ "local-hostname: ubuntu-guest\n"])
+mdata.close()
+udata = open(os.path.join(cidir, "user-data"), "w")
+udata.writelines(["#cloud-config\n",
+  "chpasswd:\n",
+  "  list: |\n",
+  "root:%s\n" % self.ROOT_PASS,
+  "%s:%s\n" % (self.GUEST_USER, self.GUEST_PASS),
+  "  expire: False\n",
+  "users:\n",
+  "  - name: %s\n" % self.GUEST_USER,
+  "sudo: ALL=(ALL) NOPASSWD:ALL\n",
+  "ssh-authorized-keys:\n",
+  "- %s\n" % basevm.SSH_PUB_KEY,
+  "  - name: root\n",
+  "ssh-authorized-keys:\n",
+  "- %s\n" % basevm.SSH_PUB_KEY])
+udata.close()
+subprocess.check_call(["genisoimage", "-output", "cloud-init.iso",
+   "-volid", "cidata", "-joliet", "-rock",
+   "user-data", "meta-data"],
+   cwd=cidir,
+   stdin=self._devnull, stdout=self._stdout,
+   stderr=self._stdout)
+return os.path.join(cidir, "cloud-init.iso")
+
+def build_image(self, img):
+cimg = 
self._download_with_cache("https://cloud-images.ubuntu.com/releases/16.04/release/ubuntu-16.04-server-cloudimg-i386-disk1.img;)
+img_tmp = img + ".tmp"
+subprocess.check_call(["cp", "-f", cimg, img_tmp])
+subprocess.check_call(["qemu-img", "resize", img_tmp, "50G"])
+self.boot(img_tmp, extra_args = ["-cdrom", self._gen_cloud_init_iso()])
+self.wait_ssh()
+self.ssh_root_check("touch /etc/cloud/cloud-init.disabled")
+self.ssh_root_check("apt-get update")
+self.ssh_root_check("apt-get install -y cloud-initramfs-growroot")
+# Don't check the status in case the guest hang up too quickly
+self.ssh_root("sync && reboot")
+time.sleep(5)
+self.wait_ssh()
+# The previous update sometimes doesn't survive a reboot, so do it 
again
+self.ssh_root_check("apt-get update")
+self.ssh_root_check("apt-get build-dep -y qemu")
+self.ssh_root_check("apt-get install -y libfdt-dev")
+self.ssh_root("poweroff")
+self.wait()
+if os.path.exists(img):
+os.remove(img)
+os.rename(img_tmp, img)
+return 0
+
+if __name__ == "__main__":
+sys.exit(basevm.main(UbuntuX86VM))
-- 
2.13.5

[Qemu-devel] [PATCH v2 1/2] spapr: introduce common helper to write HPT address to KVM PR

2017-09-12 Thread Greg Kurz 
When running with KVM PR, if a new HPT is allocated we need to inform
KVM about the HPT address and size. This is currently done with a hack
which is open-coded in several places.

This patch consolidate the code in a dedicated helper that records
the HPT address and size in the sPAPR context, and then does the
magic for KVM PR.

Note that ppc_spapr_reset() now resets all devices and CPUs before
allocating the HPT. This allows to drop the hack from spapr_cpu_reset().

Signed-off-by: Greg Kurz 
---
 hw/ppc/spapr.c  |   31 ++-
 hw/ppc/spapr_cpu_core.c |   15 ---
 hw/ppc/spapr_hcall.c|   16 +---
 include/hw/ppc/spapr.h  |1 +
 4 files changed, 28 insertions(+), 35 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index f680f28a15ea..97f8afdbd7fe 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1309,6 +1309,25 @@ void spapr_free_hpt(sPAPRMachineState *spapr)
 close_htab_fd(spapr);
 }
 
+void spapr_install_hpt(sPAPRMachineState *spapr, void *htab, uint32_t shift)
+{
+assert(htab);
+
+spapr->htab = htab;
+spapr->htab_shift = shift;
+
+/*
+ * This is a hack for the benefit of KVM PR - it abuses the SDR1
+ * slot in kvm_sregs to communicate the userspace address of the
+ * HPT
+ */
+if (kvm_enabled()) {
+target_ulong sdr1 = (target_ulong)(uintptr_t)spapr->htab
+| (spapr->htab_shift - 18);
+kvmppc_update_sdr1(sdr1);
+}
+}
+
 void spapr_reallocate_hpt(sPAPRMachineState *spapr, int shift,
   Error **errp)
 {
@@ -1339,16 +1358,17 @@ void spapr_reallocate_hpt(sPAPRMachineState *spapr, int 
shift,
 /* kernel-side HPT not needed, allocate in userspace instead */
 size_t size = 1ULL << shift;
 int i;
+void *htab;
 
-spapr->htab = qemu_memalign(size, size);
-if (!spapr->htab) {
+htab = qemu_memalign(size, size);
+if (!htab) {
 error_setg_errno(errp, errno,
  "Could not allocate HPT of order %d", shift);
 return;
 }
 
-memset(spapr->htab, 0, size);
-spapr->htab_shift = shift;
+memset(htab, 0, size);
+spapr_install_hpt(spapr, htab, shift);
 
 for (i = 0; i < size / HASH_PTE_SIZE_64; i++) {
 DIRTY_HPTE(HPTE(spapr->htab, i));
@@ -1405,6 +1425,8 @@ static void ppc_spapr_reset(void)
 /* Check for unknown sysbus devices */
 foreach_dynamic_sysbus_device(find_unknown_sysbus_device, NULL);
 
+qemu_devices_reset();
+
 if (kvm_enabled() && kvmppc_has_cap_mmu_radix()) {
 /* If using KVM with radix mode available, VCPUs can be started
  * without a HPT because KVM will start them in radix mode.
@@ -1414,7 +1436,6 @@ static void ppc_spapr_reset(void)
 spapr_setup_hpt_and_vrma(spapr);
 }
 
-qemu_devices_reset();
 spapr_clear_pending_events(spapr);
 
 /*
diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index c08ee7571a50..c20b5c64b045 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -73,7 +73,6 @@ void spapr_cpu_parse_features(sPAPRMachineState *spapr)
 
 static void spapr_cpu_reset(void *opaque)
 {
-sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 PowerPCCPU *cpu = opaque;
 CPUState *cs = CPU(cpu);
 CPUPPCState *env = >env;
@@ -86,20 +85,6 @@ static void spapr_cpu_reset(void *opaque)
 cs->halted = 1;
 
 env->spr[SPR_HIOR] = 0;
-
-/*
- * This is a hack for the benefit of KVM PR - it abuses the SDR1
- * slot in kvm_sregs to communicate the userspace address of the
- * HPT
- */
-if (kvm_enabled()) {
-env->spr[SPR_SDR1] = (target_ulong)(uintptr_t)spapr->htab
-| (spapr->htab_shift - 18);
-if (kvmppc_put_books_sregs(cpu) < 0) {
-error_report("Unable to update SDR1 in KVM");
-exit(1);
-}
-}
 }
 
 static void spapr_cpu_destroy(PowerPCCPU *cpu)
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 57bb411394ed..7892cd3e7ffa 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -730,15 +730,7 @@ static target_ulong h_resize_hpt_commit(PowerPCCPU *cpu,
 pending->hpt, newsize);
 if (rc == H_SUCCESS) {
 qemu_vfree(spapr->htab);
-spapr->htab = pending->hpt;
-spapr->htab_shift = pending->shift;
-
-if (kvm_enabled()) {
-/* For KVM PR, update the HPT pointer */
-target_ulong sdr1 = (target_ulong)(uintptr_t)spapr->htab
-| (spapr->htab_shift - 18);
-kvmppc_update_sdr1(sdr1);
-}
+spapr_install_hpt(spapr, pending->hpt, pending->shift);
 
 pending->hpt = NULL; /* so it's not free()d */
 }
@@ -1564,12 +1556,6 @@ static target_ulong 
h_client_architecture_support(PowerPCCPU *cpu,
  * the point this is called, nothing

Re: [Qemu-devel] [PATCH v5 00/22] instrument: Add basic event instrumentation

2017-09-12 Thread no-reply 
Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Subject: [Qemu-devel] [PATCH v5 00/22] instrument: Add basic event 
instrumentation
Message-id: 150525010239.15988.8172586618197849619.st...@frigg.lan
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-build@min-glib
time make docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
1ab48ae9b7 instrument: Add API to manipulate guest memory
7e0bd2cad7 instrument: Add event 'guest_user_syscall_ret'
334caef899 instrument: Add event 'guest_user_syscall'
09a1773791 instrument: Add event 'guest_mem_before_exec'
2bd64563d3 instrument: Add event 'guest_mem_before_trans'
5b344ec1c3 trace: Introduce a proper structure to describe memory accesses
04e5b883b1 instrument: Add event 'guest_cpu_reset'
7971d0f2a4 instrument: Add event 'guest_cpu_exit'
53dbc9ad88 exec: Add function to synchronously flush TB on a stopped vCPU
d8b51515d2 instrument: Support synchronous modification of vCPU state
08d492e35f instrument: Add event 'guest_cpu_enter'
0be52b1bbd instrument: Track vCPUs
7ab01f20f5 instrument: Add support for tracing events
78676cff2d instrument: Add basic control interface
00172972ae instrument: [hmp] Add library loader
34ccf831e6 instrument: [qapi] Add library loader
d1ab648b00 instrument: [softmmu] Add command line library loader
150ad4a651 instrument: [bsd-user] Add command line library loader
a064b1621a instrument: [linux-user] Add command line library loader
aa78ee9f5a instrument: Add generic library loader
f10357e313 instrument: Add configure-time flag
4d324ad619 instrument: Add documentation

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-lf5qg9x6/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-lf5qg9x6/src'
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
bison-2.4.1-5.el6.x86_64
bzip2-devel-1.0.5-7.el6_0.x86_64
ccache-3.1.6-2.el6.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el6.x86_64
flex-2.5.35-9.el6.x86_64
gcc-4.4.7-18.el6.x86_64
git-1.7.1-8.el6.x86_64
glib2-devel-2.28.8-9.el6.x86_64
libepoxy-devel-1.2-3.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
librdmacm-devel-1.0.21-0.el6.x86_64
lzo-devel-2.03-3.1.el6_5.1.x86_64
make-3.81-23.el6.x86_64
mesa-libEGL-devel-11.0.7-4.el6.x86_64
mesa-libgbm-devel-11.0.7-4.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
spice-glib-devel-0.26-8.el6.x86_64
spice-server-devel-0.12.4-16.el6.x86_64
tar-1.23-15.el6_8.x86_64
vte-devel-0.25.1-9.el6.x86_64
xen-devel-4.6.3-15.el6.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=bison bzip2-devel ccache csnappy-devel flex g++
 gcc git glib2-devel libepoxy-devel libfdt-devel 
librdmacm-devel lzo-devel make mesa-libEGL-devel 
mesa-libgbm-devel pixman-devel SDL-devel spice-glib-devel 
spice-server-devel tar vte-devel xen-devel zlib-devel
HOSTNAME=fd698ce7a83b
TERM=xterm
MAKEFLAGS= -j8
HISTSIZE=1000
J=8
USER=root
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
MAIL=/var/spool/mail/root

Re: [Qemu-devel] [PATCH v5 00/22] instrument: Add basic event instrumentation

2017-09-12 Thread no-reply 
Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v5 00/22] instrument: Add basic event 
instrumentation
Message-id: 150525010239.15988.8172586618197849619.st...@frigg.lan
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/150525010239.15988.8172586618197849619.st...@frigg.lan -> 
patchew/150525010239.15988.8172586618197849619.st...@frigg.lan
 t [tag update]patchew/20170912144459.11359-1-pbonz...@redhat.com 
-> patchew/20170912144459.11359-1-pbonz...@redhat.com
Switched to a new branch 'test'
1ab48ae9b7 instrument: Add API to manipulate guest memory
7e0bd2cad7 instrument: Add event 'guest_user_syscall_ret'
334caef899 instrument: Add event 'guest_user_syscall'
09a1773791 instrument: Add event 'guest_mem_before_exec'
2bd64563d3 instrument: Add event 'guest_mem_before_trans'
5b344ec1c3 trace: Introduce a proper structure to describe memory accesses
04e5b883b1 instrument: Add event 'guest_cpu_reset'
7971d0f2a4 instrument: Add event 'guest_cpu_exit'
53dbc9ad88 exec: Add function to synchronously flush TB on a stopped vCPU
d8b51515d2 instrument: Support synchronous modification of vCPU state
08d492e35f instrument: Add event 'guest_cpu_enter'
0be52b1bbd instrument: Track vCPUs
7ab01f20f5 instrument: Add support for tracing events
78676cff2d instrument: Add basic control interface
00172972ae instrument: [hmp] Add library loader
34ccf831e6 instrument: [qapi] Add library loader
d1ab648b00 instrument: [softmmu] Add command line library loader
150ad4a651 instrument: [bsd-user] Add command line library loader
a064b1621a instrument: [linux-user] Add command line library loader
aa78ee9f5a instrument: Add generic library loader
f10357e313 instrument: Add configure-time flag
4d324ad619 instrument: Add documentation

=== OUTPUT BEGIN ===
Checking PATCH 1/22: instrument: Add documentation...
Checking PATCH 2/22: instrument: Add configure-time flag...
Checking PATCH 3/22: instrument: Add generic library loader...
Checking PATCH 4/22: instrument: [linux-user] Add command line library loader...
Checking PATCH 5/22: instrument: [bsd-user] Add command line library loader...
Checking PATCH 6/22: instrument: [softmmu] Add command line library loader...
Checking PATCH 7/22: instrument: [qapi] Add library loader...
ERROR: externs should be avoided in .c files
#254: FILE: stubs/instrument.c:40:
+void qmp_instr_unload(const char *id, Error **errp);

total: 1 errors, 0 warnings, 204 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 8/22: instrument: [hmp] Add library loader...
Checking PATCH 9/22: instrument: Add basic control interface...
WARNING: architecture specific defines should be avoided
#52: FILE: include/qemu/compiler.h:119:
+#if defined _WIN32 || defined __CYGWIN__

WARNING: architecture specific defines should be avoided
#53: FILE: include/qemu/compiler.h:120:
+  #ifdef __GNUC__

WARNING: architecture specific defines should be avoided
#59: FILE: include/qemu/compiler.h:126:
+  #if __GNUC__ >= 4

WARNING: architecture specific defines should be avoided
#343: FILE: instrument/qemu-instr/control.h:13:
+#ifdef __cplusplus

WARNING: architecture specific defines should be avoided
#372: FILE: instrument/qemu-instr/control.h:42:
+#ifdef __cplusplus

total: 0 errors, 5 warnings, 309 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 10/22: instrument: Add support for tracing events...
WARNING: architecture specific defines should be avoided
#77: FILE: instrument/qemu-instr/types.h:13:
+#ifdef __cplusplus

WARNING: architecture specific defines should be avoided
#111: FILE: instrument/qemu-instr/types.h:47:
+#ifdef __cplusplus

total: 0 errors, 2 warnings, 225 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 11/22: instrument: Track vCPUs...
Checking PATCH 12/22: instrument: Add event 'guest_cpu_enter'...
Checking PATCH 13/22: instrument: Support synchronous modification of vCPU 
state...
WARNING: line over 80 characters
#73: FILE: instrument/control.c:85:
+

Re: [Qemu-devel] [PATCH v4 19/21] s390x: get rid of cpu_s390x_create()

2017-09-12 Thread Igor Mammedov 
On Mon, 11 Sep 2017 17:21:48 +0200
David Hildenbrand  wrote:

> Now that there is only one user of cpu_s390x_create() left, make cpu
> creation look like on x86.
> - Perform the model/properties split and checks in s390_init_cpus()
> - Parse features only once without having to remember if already parsed
> - Pass only the typename to s390x_new_cpu()
> - Use the typename of an existing CPU for hotplug via cpu-add
> 
> Signed-off-by: David Hildenbrand 
Acked-by: Igor Mammedov 

> ---
>  hw/s390x/s390-virtio-ccw.c | 29 +++--
>  target/s390x/cpu.h |  2 +-
>  target/s390x/helper.c  | 45 ++---
>  target/s390x/internal.h|  1 -
>  4 files changed, 30 insertions(+), 47 deletions(-)
> 
> diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
> index 0e10a4c73a..10f6933fbd 100644
> --- a/hw/s390x/s390-virtio-ccw.c
> +++ b/hw/s390x/s390-virtio-ccw.c
> @@ -41,6 +41,10 @@
>  static void s390_init_cpus(MachineState *machine)
>  {
>  MachineClass *mc = MACHINE_GET_CLASS(machine);
> +const char *typename;
> +gchar **model_pieces;
> +ObjectClass *oc;
> +CPUClass *cc;
>  int i;
>  
>  if (machine->cpu_model == NULL) {
> @@ -57,8 +61,25 @@ static void s390_init_cpus(MachineState *machine)
>  /* initialize possible_cpus */
>  mc->possible_cpu_arch_ids(machine);
>  
> +model_pieces = g_strsplit(machine->cpu_model, ",", 2);
> +if (!model_pieces[0]) {
> +error_report("Invalid/empty CPU model name");
> +exit(1);
> +}
> +
> +oc = cpu_class_by_name(TYPE_S390_CPU, model_pieces[0]);
> +if (!oc) {
> +error_report("Unable to find CPU definition: %s", model_pieces[0]);
> +exit(1);
> +}
> +typename = object_class_get_name(oc);
> +cc = CPU_CLASS(oc);
> +/* after parsing, properties will be applied to all *typename* instances 
> */
> +cc->parse_features(typename, model_pieces[1], _fatal);
> +g_strfreev(model_pieces);
> +
>  for (i = 0; i < smp_cpus; i++) {
> -s390x_new_cpu(machine->cpu_model, i, _fatal);
> +s390x_new_cpu(typename, i, _fatal);
>  }
>  }
>  
> @@ -382,8 +403,12 @@ static HotplugHandler 
> *s390_get_hotplug_handler(MachineState *machine,
>  static void s390_hot_add_cpu(const int64_t id, Error **errp)
>  {
>  MachineState *machine = MACHINE(qdev_get_machine());
> +ObjectClass *oc;
> +
> +g_assert(machine->possible_cpus->cpus[0].cpu);
> +oc = OBJECT_CLASS(CPU_GET_CLASS(machine->possible_cpus->cpus[0].cpu));
>  
> -s390x_new_cpu(machine->cpu_model, id, errp);
> +s390x_new_cpu(object_class_get_name(oc), id, errp);
>  }
>  
>  static void s390_nmi(NMIState *n, int cpu_index, Error **errp)
> diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
> index 5810079f48..56eccb0104 100644
> --- a/target/s390x/cpu.h
> +++ b/target/s390x/cpu.h
> @@ -690,7 +690,7 @@ const char *s390_default_cpu_model_name(void);
>  
>  /* helper.c */
>  #define cpu_init(cpu_model) cpu_generic_init(TYPE_S390_CPU, cpu_model)
> -S390CPU *s390x_new_cpu(const char *cpu_model, uint32_t core_id, Error 
> **errp);
> +S390CPU *s390x_new_cpu(const char *typename, uint32_t core_id, Error **errp);
>  /* you can call this signal handler from your SIGBUS and SIGSEGV
> signal handlers to inform the virtual CPU of exceptions. non zero
> is returned if the signal was handled by the virtual CPU.  */
> diff --git a/target/s390x/helper.c b/target/s390x/helper.c
> index dfb24ef5b2..97adbcc86d 100644
> --- a/target/s390x/helper.c
> +++ b/target/s390x/helper.c
> @@ -68,52 +68,11 @@ void s390x_cpu_timer(void *opaque)
>  }
>  #endif
>  
> -S390CPU *cpu_s390x_create(const char *cpu_model, Error **errp)
> +S390CPU *s390x_new_cpu(const char *typename, uint32_t core_id, Error **errp)
>  {
> -static bool features_parsed;
> -char *name, *features;
> -const char *typename;
> -ObjectClass *oc;
> -CPUClass *cc;
> -
> -name = g_strdup(cpu_model);
> -features = strchr(name, ',');
> -if (features) {
> -features[0] = 0;
> -features++;
> -}
> -
> -oc = cpu_class_by_name(TYPE_S390_CPU, name);
> -if (!oc) {
> -error_setg(errp, "Unknown CPU definition \'%s\'", name);
> -g_free(name);
> -return NULL;
> -}
> -typename = object_class_get_name(oc);
> -
> -if (!features_parsed) {
> -features_parsed = true;
> -cc = CPU_CLASS(oc);
> -cc->parse_features(typename, features, errp);
> -}
> -g_free(name);
> -
> -if (*errp) {
> -return NULL;
> -}
> -return S390_CPU(CPU(object_new(typename)));
> -}
> -
> -S390CPU *s390x_new_cpu(const char *cpu_model, uint32_t core_id, Error **errp)
> -{
> -S390CPU *cpu;
> +S390CPU *cpu = S390_CPU(object_new(typename));
>  Error *err = NULL;
>  
> -cpu = cpu_s390x_create(cpu_model, );
> -if (err != NULL)

Re: [Qemu-devel] question: I found a bug which will lead to qemu crash

2017-09-12 Thread Eric Blake 
On 09/12/2017 06:37 AM, Kevin Wolf wrote:
> Am 12.09.2017 um 13:17 hat WangJie (Captain) geschrieben:
>> Hi, Kevin.
>>
>> I found a bug about qemu-kvm(version 2.7.0-rc0 adn 2.8.1). but qemu 2.6.0 
>> and current master is OK.
>> So I git-bisect the master branch,and I found the patch you commited (block: 
>> Decouple throttling from BlockDriverState) lead the bug into qemu.
>>
>> The patch which lead the bug into qemu: 
>> (https://github.com/qemu/qemu/commit/7ca7f0f6db1fedd28d490795d778cf23979a2aa7#diff-ea36ba0f79150cc299732696a069caba)
>>
>> Because the current master is OK. So I think you had fixed it , can you tell 
>> me which patch fixed the bug?Thank you :>
> 
> I can't tell offhand which fix this was, but you can use 'git bisect'
> not only to find which commit introduced the bug, but also to find the
> fix. You just bisect between a broken commit and master, and then use
> the reversed meaning of 'good' and 'bad' (i.e. 'good' means that the bug
> is still there, 'bad' means it is already fixed).

That can be mentally confusing; with new-enough git, you can also use:

git bisect start --term-old=buggy --term-new=fixed

at which point, you can then say 'git bisect buggy' or 'git bisect
fixed' according to whether the bug is still present on a given
compilation, without having to remember which direction good/bad means.
There's also 'git bisect terms' to remind you what you chose.


-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1716028] Re: qemu 2.10 locks images with no feature flag

2017-09-12 Thread Kevin Wolf 
The important difference between your -drive command line and my
-blockdev example is that I used the node-name to reference the image.
You can specify a node-name with -drive, too (having both id and node-
name is one of the main things that I meant what I said mixing both
styles can be confusing).

I also don't think that index=1 does anything useful when used with
if=none, so you can leave that out.

Putting everything together, we get this:

$ qemu-system-x86_64 \
  -drive node-name=d01,file=disk1.img,format=qcow2,if=none \
  -device virtio-blk,drive=d01,serial=s01,share-rw=on \
  -device virtio-blk,drive=d01,serial=s01,share-rw=on

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716028

Title:
  qemu 2.10 locks images with no feature flag

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  New

Bug description:
  1) % lsb_release -rd
  Description:  Ubuntu Artful Aardvark (development branch)
  Release:  17.10

  2) % apt-cache policy qemu-system-x86
  qemu-system-x86:
Installed: 1:2.10~rc3+dfsg-0ubuntu1
Candidate: 1:2.10+dfsg-0ubuntu1
Version table:
   1:2.10+dfsg-0ubuntu1 500
  500 http://archive.ubuntu.com//ubuntu devel/main amd64 Packages
   *** 1:2.10~rc3+dfsg-0ubuntu1 100
  100 /var/lib/dpkg/status

  3) qemu locks image files with no way to discover this feature nor how
  to disable it

  4) qemu provides a way to query if it supports image locking, and what
  the default value is, and how to disable the locking via cli

  qemu 2.10 now will lock image files and warn if an image is currently
  locked.  This prevent qemu from running (and possibly corrupting said
  image).

  However, qemu does not provide any way to determine if a qemu binary
  actually has this capability.  Normally behavior changing features are
  exposed via some change to the qemu help menu or QMP/QAPI output of
  capabilities.

  I believe this slipped through since libvirt already does image
  locking, but direct cli users will be caught by this change.

  In particular, we have a use-case where we simulate multipath disks by
  creating to disks which point to the same file which now breaks
  without adding the 'file.locking=off' to the -drive parameters;  which
  is also completely undocumented and unexposed.

  Some parts of the cli like -device allow querying of settable options
  (qemu-system-x86 -device scsi_hd,?)  but nothing equivalent exists for
  -drive parameters.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.10
  Package: qemu-system-x86 1:2.10~rc3+dfsg-0ubuntu1
  ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5
  Uname: Linux 4.12.0-11-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
  ApportVersion: 2.20.6-0ubuntu7
  Architecture: amd64
  Date: Fri Sep  8 12:56:53 2017
  JournalErrors:
   Hint: You are currently not seeing messages from other users and the system.
 Users in groups 'adm', 'systemd-journal' can see all messages.
 Pass -q to turn off this notice.
   -- Logs begin at Mon 2017-01-30 11:56:02 CST, end at Fri 2017-09-08 12:56:46 
CDT. --
   -- No entries --
  KvmCmdLine: COMMAND STAT  EUID  RUID   PID  PPID %CPU COMMAND
  MachineType: HP ProLiant DL360 Gen9
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.12.0-11-generic 
root=UUID=45354276-e0c0-4bf6-9083-f130b89411cc ro --- console=ttyS1,115200
  SourcePackage: qemu
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 03/05/2015
  dmi.bios.vendor: HP
  dmi.bios.version: P89
  dmi.chassis.type: 23
  dmi.chassis.vendor: HP
  dmi.modalias: 
dmi:bvnHP:bvrP89:bd03/05/2015:svnHP:pnProLiantDL360Gen9:pvr:cvnHP:ct23:cvr:
  dmi.product.family: ProLiant
  dmi.product.name: ProLiant DL360 Gen9
  dmi.sys.vendor: HP

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716028/+subscriptions

Re: [Qemu-devel] [PATCH v3 1/3] hmp: fix "dump-quest-memory" segfault (ppc)

2017-09-12 Thread Thomas Huth 
On 12.09.2017 16:01, Laurent Vivier wrote:
> Running QEMU with
> qemu-system-ppc64 -M none -nographic -m 256
> and executing
> dump-guest-memory /dev/null 0 8192
> results in segfault
> 
> Fix by checking if we have CPU, and exit with
> error if there is no CPU:
> 
> (qemu) dump-guest-memory /dev/null
> this feature or command is not currently supported
> 
> Signed-off-by: Laurent Vivier 
> ---
>  target/ppc/arch_dump.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/target/ppc/arch_dump.c b/target/ppc/arch_dump.c
> index 8e9397aa58..95b9ab6f29 100644
> --- a/target/ppc/arch_dump.c
> +++ b/target/ppc/arch_dump.c
> @@ -224,8 +224,15 @@ typedef struct NoteFuncDescStruct NoteFuncDesc;
>  int cpu_get_dump_info(ArchDumpInfo *info,
>const struct GuestPhysBlockList *guest_phys_blocks)
>  {
> -PowerPCCPU *cpu = POWERPC_CPU(first_cpu);
> -PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
> +PowerPCCPU *cpu;
> +PowerPCCPUClass *pcc;
> +
> +if (first_cpu == NULL) {
> +return -1;
> +}
> +
> +cpu = POWERPC_CPU(first_cpu);
> +pcc = POWERPC_CPU_GET_CLASS(cpu);
>  
>  info->d_machine = PPC_ELF_MACHINE;
>  info->d_class = ELFCLASS;
> 

Reviewed-by: Thomas Huth

Re: [Qemu-devel] [PATCH v3 2/3] hmp: fix "dump-quest-memory" segfault (arm)

2017-09-12 Thread Thomas Huth 
On 12.09.2017 16:01, Laurent Vivier wrote:
> Running QEMU with
> qemu-system-aarch64 -M none -nographic -m 256
> and executing
> dump-guest-memory /dev/null 0 8192
> results in segfault
> 
> Fix by checking if we have CPU, and exit with
> error if there is no CPU:
> 
> (qemu) dump-guest-memory /dev/null
> this feature or command is not currently supported
> 
> Signed-off-by: Laurent Vivier 
> ---
>  target/arm/arch_dump.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/target/arm/arch_dump.c b/target/arm/arch_dump.c
> index 1a9861f69b..9e5b2fb31c 100644
> --- a/target/arm/arch_dump.c
> +++ b/target/arm/arch_dump.c
> @@ -273,11 +273,18 @@ int arm_cpu_write_elf32_note(WriteCoreDumpFunction f, 
> CPUState *cs,
>  int cpu_get_dump_info(ArchDumpInfo *info,
>const GuestPhysBlockList *guest_phys_blocks)
>  {
> -ARMCPU *cpu = ARM_CPU(first_cpu);
> -CPUARMState *env = >env;
> +ARMCPU *cpu;
> +CPUARMState *env;
>  GuestPhysBlock *block;
>  hwaddr lowest_addr = ULLONG_MAX;
>  
> +if (first_cpu == NULL) {
> +return -1;
> +}
> +
> +cpu = ARM_CPU(first_cpu);
> +env = >env;
> +
>  /* Take a best guess at the phys_base. If we get it wrong then crash
>   * will need '--machdep phys_offset=' added to its command
>   * line, which isn't any worse than assuming we can use zero, but being
> 

Reviewed-by: Thomas Huth

Re: [Qemu-devel] [PATCH v3 3/3] tests/hmp: test "none" machine with memory

2017-09-12 Thread Thomas Huth 
On 12.09.2017 16:01, Laurent Vivier wrote:
> and add a test case of dump-guest-memory without
> "[begin length]" parameters.
> 
> Signed-off-by: Laurent Vivier 
> Reviewed-by: Thomas Huth 
> ---
>  tests/test-hmp.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tests/test-hmp.c b/tests/test-hmp.c
> index 729c0339f7..6b2dd5f8b8 100644
> --- a/tests/test-hmp.c
> +++ b/tests/test-hmp.c
> @@ -35,6 +35,7 @@ static const char *hmp_cmds[] = {
>  "mouse_button 0",
>  "device_del mouse1",
>  "dump-guest-memory /dev/null 0 4096",
> +"dump-guest-memory /dev/null",
>  "gdbserver",
>  "host_net_add user id=net0",
>  "hostfwd_add tcp::43210-:43210",
> @@ -159,5 +160,8 @@ int main(int argc, char **argv)
>  
>  qtest_cb_for_every_machine(add_machine_test_case);
>  
> +/* as none machine has no memory, add a test case with memory */
> +qtest_add_data_func("hmp/none+2MB", g_strdup("none -m 2"), test_machine);
> +
>  return g_test_run();
>  }
> 

Reviewed-by: Thomas Huth

Re: [Qemu-devel] [RFC] Buffers/caches in VirtIO Balloon driver stats

2017-09-12 Thread Tomáš Golembiovský 
On Tue, 29 Aug 2017 20:01:53 +0800
Wei Wang  wrote:

> On 08/29/2017 05:57 PM, Stefan Hajnoczi wrote:
> > On Sun, Aug 27, 2017 at 11:30:33PM +0200, Tomáš Golembiovský wrote:  
> >> Hi,  
> > I have CCed the relevant mailing lists and people most recently involved
> > in virtio-balloon discussions.  Hopefully this will help get the right
> > people to see your questions.
> >  
> >> We'd like to include information about reclaimable memory into the
> >> statistics in VirtiO Balloon driver. Namely, we'd like to include
> >> counters for bufferes and caches of Linux kernel. The patch itself is
> >> pretty trivial -- no problem there. But before we do that I'd like to
> >> get some input from the QEMU community.
> >>
> >> 1) Is there any reason not to have the stats there?  
> 
> Could you please share the usages of reclaimable memory via the stats?

I'll go ahead then and start sending patches. What would be the proper
course of action here? Send patch for the driver first, or send patch
for QEMU first or send both patches right away?


> >>
> >> 2) Considering the balloon device is multiplatform (Linux, BSD,
> >> Windows), is there a problem with including buffers/caches? These seem
> >> to be specific to the Linux virtual memory subsystem. Of course, other
> >> OSes could just report zeros. Are there some internal stats on those
> >> OSes that could be filled in? I don't now if such or similar statistic
> >> are available on BSD. On Windows only SystemCache stat looks like
> >> something relevant. Anyone familiar with those OSes has any suggestions?
> >>
> >>   
> 
> One of the solutions that I'm thinking about is to make virtio 
> platform-ware.

This is not necessary. IIUC the driver does not need to send all the
stats. We can simply treat those stats as specific to Linux driver and
other drivers will not send them. Then QEMU will treat them as if zero
was reported.

> 
> That is, the device by default supports
> VIRTIO_F_LINUX,
> VIRTIO_F_WINDOWS,
> VIRTIO_F_BSD.
> 
> For the Linux driver, only VIRTIO_F_LINUX is supported, then we can
> have Linux specific driver implementations under that feature.


Since there were no suggestions for similar stats on other OSes I'd say
we treat the stats for buffers and caches as Linux specific. If there is
any need to send similar stats for other OSes we will add new stat fields
(specific for that particular OS).


Thanks,

Tomas

-- 
Tomáš Golembiovský

Re: [Qemu-devel] [PATCH v5 00/12] Convert over to use keycodemapdb

2017-09-12 Thread Daniel P. Berrange 
On Tue, Sep 12, 2017 at 03:24:22PM +0100, Peter Maydell wrote:
> On 12 September 2017 at 15:19, Daniel P. Berrange  wrote:
> > My POV is that we should a) never check generated files into GIT, and
> > we should use the submodule in such a way that it is indistinguish
> > from the content of the submodule being part of the main GIT repo.
> 
> AFAICT this is impossible in that git submodules are broken
> (checking out a different commit in the top level repo doesn't
> check out the correct version of the submodule to go with it).
> We put up with it for our current uses of submodules because
> the submodule contents don't change very often...

Yep, you need to have something in your build system which does
a checkout of the git submodule at the "right" time.

In autoconf world you can set things up so that 'autoreconf'
gets retriggered when submodule hash changes, but that doesn't
apply to qemu.

I tried to put some magic in configure in v4 but that was
flawed because I didn't take acount of people building
from dist.

I think a better approach is to have something in rules.mak
that ensures the submodule is checked out correctly (only
when building from GIT, not dist), and then have the rules
which generate the keymap files depend on this.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH] tcg/tci: do not use ldst label (never implemented)

2017-09-12 Thread Thomas Huth 
On 12.09.2017 11:20, Stefan Weil wrote:
> Am 12.09.2017 um 10:52 schrieb Stefan Weil:
>> Am 11.09.2017 um 20:24 schrieb Peter Maydell:
>>> I've also turned on a tci compile check on my pre-merge tests.
>>> (It doesn't pass "make check" for me, though...) thanks -- PMM
>>
>> "make check-qtest-ppc64" fails for me, too.
>>
>> Thomas, this seems to be again the well known timing problem
>> in tests/prom-env-test.c. The time for the test had been
>> changedfrom 30 s to 10 s to 120 s in the past.
> 
> ... changed from 10 s to 30 s to 120 s ...
> 
>> For TCI, even that latest value is not sufficient when
>> testing with pseries. Of course that also depends on other
>> parameters (speed of test machine, compiler flags).
>>
>> In my test pseries took nearly 5 minutes, so the test passes
>> when the loop upper limit is increased to 3.
> 
> Timing data for prom-env-test with TCI on another test machine:
> 
> mac99:   78 s
> g3beige: 74 s
> pseries: 477 s

How fast is your host machine? For me the whole prom-env-test finishes
within 52 seconds (my host machine has 3.2 GHz) in TCI mode, and there
are no errors reported during "make check-qtest-ppc64".

Did you compile your QEMU with --enable-debug by accident? I think that
could explain the bad performance here - TCI with --enable-debug is not
just slow, but rather unusable slow already...

>> Is there a better way to handle this test? Why does pseries
>> still need much more time than the other machines
>> (not only with TCI)?

The problem is that the SLOF firmware just performs very badly with TCG
(it's fine on real hardware). It executes a lot of Forth code, and the
Forth interpreter uses things like computed gotos or other tricks that
basically prevent proper JIT operation here. I've done quite a bit of
optimizations in SLOF in the past already, but I've got hardly any ideas
left how to fix that further.

So I hope the problem is just the "--enable-debug" here and we could run
the test with TCI in normal builds? I'm also fine if we increase the
timeout to 5 minutes instead - it should not affect the normal users
(i.e. those who don't use TCI) and ease this situation with TCI a little
bit.

 Thomas

Re: [Qemu-devel] MIPS 'move' insn emulation

2017-09-12 Thread Peter Maydell 
On 12 September 2017 at 15:53, Sergey Smolov  wrote:
> Generally speaking, is it possible at "run time" to detect write accesses to
> MIPS GPR registers?
> If true, which parts of code should I look in?

We don't currently support tracing at that level, I'm afraid.
(There are some patches on list starting to explore providing
an API for doing this kind of instrumentation, but they're
still at the "working out a design" stage.)
You might want to look at the -d options, which can give
you register dumps before every executed instruction if
you pick the right set of options (-d exec,cpu,nochain
-singlestep is probably a start.)

thanks
-- PMM

Re: [Qemu-devel] [PATCH] tcg/tci: do not use ldst label (never implemented)

2017-09-12 Thread Paolo Bonzini 
On 12/09/2017 16:56, Thomas Huth wrote:
> The problem is that the SLOF firmware just performs very badly with TCG
> (it's fine on real hardware). It executes a lot of Forth code, and the
> Forth interpreter uses things like computed gotos or other tricks that
> basically prevent proper JIT operation here. I've done quite a bit of
> optimizations in SLOF in the past already, but I've got hardly any ideas
> left how to fix that further.

Two ideas for QEMU based on a quick "perf record" test:

- 25% of the time is spent in cpu_exec.  PPC doesn't use
tcg_gen_lookup_and_goto_ptr.  The main thing to be careful about is
that, whenever an interrupt is pending (e.g. after enabling them) you
need to force an exit to the loop.  See for example commits b29fd33db5
("target/arm: use DISAS_EXIT for eret handling", 2017-07-17) and
b74cddcbf6 ("target/mips: Use BS_EXCP where interrupts are expected",
2017-08-02).  On PPC this mostly means SPRs and env->msr writes.  Apart
from this, however, it shouldn't be hard to do.

- 8% of the time is spend in cpu_exec's call to
object_class_dynamic_cast_assert aka this line

CPUClass *cc = CPU_GET_CLASS(cpu);

This maybe could avoid the dynamic cast.  But it's also possible that
fixing the first gets rid of this one too.

Thanks,

Paolo

Re: [Qemu-devel] [PATCH] Add BSD systems to the download section

2017-09-12 Thread Kamil Rytarowski 
ping

On 30.08.2017 18:56, Kamil Rytarowski wrote:
> Add basic notes about FreeBSD, NetBSD and OpenBSD.
> 
> Add BSD link to source code subsection.
> 
> Signed-off-by: Kamil Rytarowski 
> ---
>  _download/bsd.md  | 19 +++
>  _download/source.html |  1 +
>  download.html |  8 
>  3 files changed, 28 insertions(+)
>  create mode 100644 _download/bsd.md
> 
> diff --git a/_download/bsd.md b/_download/bsd.md
> new file mode 100644
> index 000..bbbd8a0
> --- /dev/null
> +++ b/_download/bsd.md
> @@ -0,0 +1,19 @@
> +QEMU is packaged by modern BSD systems.
> +
> +Installation can be performed from prebuilt packages or from package build 
> system (aka ports).
> +
> +Prebuilt binary packages:
> +
> +* FreeBSD `pkg install qemu`
> +
> +* NetBSD `pkgin install qemu`
> +
> +* OpenBSD `pkg_add qemu`
> +
> +Package build system:
> +
> +* FreeBSD `cd /usr/ports/emulators/qemu && make install`
> +
> +* NetBSD `cd /usr/pkgsrc/emulators/qemu && make install`
> +
> +* OpenBSD `cd /usr/ports/emulators/qemu && make install`
> diff --git a/_download/source.html b/_download/source.html
> index d090a5e..6949daa 100644
> --- a/_download/source.html
> +++ b/_download/source.html
> @@ -2,6 +2,7 @@
>   Grab the source code for the latest releases and compile it yourself!
>   Detailed compilation instructions can be found in the wiki for
>   http://wiki.qemu-project.org/Hosts/Linux;>Linux,
> + http://wiki.qemu-project.org/Hosts/BSD;>BSD,
>   http://wiki.qemu-project.org/Hosts/Windows;>Win32 
> and
>   http://wiki.qemu-project.org/Hosts/Mac;>macOS.
>  
> diff --git a/download.html b/download.html
> index 5a1e4ea..2dd0044 100644
> --- a/download.html
> +++ b/download.html
> @@ -6,6 +6,7 @@ permalink: /download/
>  
>  
>  Linux
> +BSD
>  macOS
>  Windows
>  Source code
> @@ -18,6 +19,13 @@ permalink: /download/
>   {% markdown_relative _download/linux.md %}
>  
>  
> +
> + 
> + BSD
> + 
> + {% markdown_relative _download/bsd.md %}
> +
> +
>  
>   
>   macOS
> 




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 6/6] arm: drop intermadiate cpu_model -> cpu type parsing and use cpu type directly

2017-09-12 Thread Eduardo Habkost 
On Tue, Sep 12, 2017 at 01:02:35PM +0200, Igor Mammedov wrote:
> On Tue, 5 Sep 2017 14:47:52 -0700
> Alistair Francis  wrote:
> 
> > On Tue, Sep 5, 2017 at 2:31 PM, Eduardo Habkost  wrote:
> > > On Mon, Sep 04, 2017 at 04:01:02PM +0200, Igor Mammedov wrote:  
> > >> there are 2 use cases to deal with:
> > >>   1: fixed CPU models per board/soc
> > >>   2: boards with user configurable cpu_model and fallback to
> > >>  default cpu_model if user hasn't specified one explicitly
> > >>
> > >> For the 1st
> > >>   drop intermediate cpu_model parsing and use const cpu type
> > >>   directly, which replaces:
> > >>  typename = object_class_get_name(
> > >>cpu_class_by_name(TYPE_ARM_CPU, cpu_model))
> > >>  object_new(typename)
> > >>   with
> > >>  object_new(FOO_CPU_TYPE_NAME)
> > >>   or
> > >>  cpu_generic_init(BASE_CPU_TYPE, "my cpu model")
> > >>   with
> > >>  cpu_create(FOO_CPU_TYPE_NAME)
> > >>
> > >> as result 1st use case doesn't have to invoke not necessary
> > >> translation and not needed code is removed.
> > >>
> > >> For the 2nd
> > >>  1: set default cpu type with MachineClass::default_cpu_type and
> > >>  2: use generic cpu_model parsing that done before machine_init()
> > >> is run and:
> > >> 2.1: drop custom cpu_model parsing where pattern is:
> > >>typename = object_class_get_name(
> > >>cpu_class_by_name(TYPE_ARM_CPU, cpu_model))
> > >>[parse_features(typename, cpu_model, ) ]
> > >>
> > >> 2.2: or replace cpu_generic_init() which does what
> > >>  2.1 does + create_cpu(typename) with just
> > >>  create_cpu(machine->cpu_type)
> > >> as result cpu_name -> cpu_type translation is done using
> > >> generic machine code one including parsing optional features
> > >> if supported/present (removes a bunch of duplicated cpu_model
> > >> parsing code) and default cpu type is defined in an uniform way
> > >> within machine_class_init callbacks instead of adhoc places
> > >> in boadr's machine_init code.
> > >>
> > >> Signed-off-by: Igor Mammedov 
> > >> ---
> > >> CC: Peter Maydell 
> > >> CC: Igor Mitsyanko 
> > >> CC: Rob Herring 
> > >> CC: Andrzej Zaborowski 
> > >> CC: Jan Kiszka 
> > >> CC: Alistair Francis 
> > >> CC: "Edgar E. Iglesias" 
> > >> CC: qemu-...@nongnu.org
> > >> ---
> 
> [...]
> 
> > >>
> > >>  static const TypeInfo lm3s6965evb_type = {
> > >> diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
> > >> index f61e735..1cd6374 100644
> > >> --- a/hw/arm/stm32f205_soc.c
> > >> +++ b/hw/arm/stm32f205_soc.c
> > >> @@ -112,7 +112,7 @@ static void stm32f205_soc_realize(DeviceState 
> > >> *dev_soc, Error **errp)
> > >>
> > >>  armv7m = DEVICE(>armv7m);
> > >>  qdev_prop_set_uint32(armv7m, "num-irq", 96);
> > >> -qdev_prop_set_string(armv7m, "cpu-model", s->cpu_model);
> > >> +qdev_prop_set_string(armv7m, "cpu-type", s->cpu_type);
> > >>  object_property_set_link(OBJECT(>armv7m), 
> > >> OBJECT(get_system_memory()),
> > >>   "memory", _abort);
> > >>  object_property_set_bool(OBJECT(>armv7m), true, "realized", 
> > >> );
> > >> @@ -200,7 +200,7 @@ static void stm32f205_soc_realize(DeviceState 
> > >> *dev_soc, Error **errp)
> > >>  }
> > >>
> > >>  static Property stm32f205_soc_properties[] = {
> > >> -DEFINE_PROP_STRING("cpu-model", STM32F205State, cpu_model),
> > >> +DEFINE_PROP_STRING("cpu-type", STM32F205State, cpu_type),  
> > >
> > > Same as armv7m: are we 100% sure users are not setting this
> > > manually?  
> > 
> > In an embedded board like this it really doesn't make sense to let the
> > user overwrite the CPU. The SoC will take it as an option, but the
> > board (which creates the SoC) just blindly always uses the same CPU.
> > That feature is more for QOMificatoion then any real reason though.
> If SoC has fixed cpu type then I'd drop property.
> I'd leave it upto board maintainers to cleanup not really needed
> properties and make soc with fixed cpu type where it makes sense.
> 
> > In saying that I think a warning if the user tries to set the CPU
> > would make sense. I know that this issues comes up in other ARM boards
> > (Zynq-7000 has the same issue as well) so maybe a machine property
> > saying that the board doesn't accept custom CPUs would be a good idea.
> > 
> > Overall I think this patch is moving in the right direction though and
> > this CPU option being ignored existed before this series.
> right, this series just removes cpu_generic_init()/cpu_model in boards
> everything else should be done as separate series.

Agreed.  Except for actual bugs and opportunities to document
these cases in comments or commit messages, these things can be
done by other series.

-- 
Eduardo

Re: [Qemu-devel] [PATCH v3 5/7] block: convert crypto driver to bdrv_co_preadv|pwritev

2017-09-12 Thread Daniel P. Berrange 
On Tue, Sep 12, 2017 at 12:28:53PM +0100, Daniel P. Berrange wrote:
> Make the crypto driver implement the bdrv_co_preadv|pwritev
> callbacks, and also use bdrv_co_preadv|pwritev for I/O
> with the protocol driver beneath.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  block/crypto.c | 104 
> +++--
>  1 file changed, 56 insertions(+), 48 deletions(-)
> 
> diff --git a/block/crypto.c b/block/crypto.c
> index 49d6d4c058..d004e9cef4 100644
> --- a/block/crypto.c
> +++ b/block/crypto.c
> @@ -383,19 +383,23 @@ static void block_crypto_close(BlockDriverState *bs)
>  #define BLOCK_CRYPTO_MAX_SECTORS 2048
>  
>  static coroutine_fn int
> -block_crypto_co_readv(BlockDriverState *bs, int64_t sector_num,
> -  int remaining_sectors, QEMUIOVector *qiov)
> +block_crypto_co_preadv(BlockDriverState *bs, uint64_t offset, uint64_t bytes,
> +   QEMUIOVector *qiov, int flags)
>  {
>  BlockCrypto *crypto = bs->opaque;
> -int cur_nr_sectors; /* number of sectors in current iteration */
> +uint64_t cur_bytes; /* number of bytes in current iteration */
>  uint64_t bytes_done = 0;
>  uint8_t *cipher_data = NULL;
>  QEMUIOVector hd_qiov;
>  int ret = 0;
>  uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
> -uint64_t payload_offset =
> -qcrypto_block_get_payload_offset(crypto->block) / sector_size;
> -assert(payload_offset < (INT64_MAX / 512));
> +size_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);

Opps, rebase merge error - that should be uint64_t - this is what the
patchew failure complained about.

> +uint64_t sector_num = offset / sector_size;
> +
> +assert(!flags);
> +assert(payload_offset < INT64_MAX);
> +assert(QEMU_IS_ALIGNED(offset, sector_size));
> +assert(QEMU_IS_ALIGNED(bytes, sector_size));
>  
>  qemu_iovec_init(_qiov, qiov->niov);
>  
> @@ -410,37 +414,33 @@ block_crypto_co_readv(BlockDriverState *bs, int64_t 
> sector_num,
>  goto cleanup;
>  }
>  
> -while (remaining_sectors) {
> -cur_nr_sectors = remaining_sectors;
> +while (bytes) {
> +cur_bytes = bytes;
>  
> -if (cur_nr_sectors > BLOCK_CRYPTO_MAX_SECTORS) {
> -cur_nr_sectors = BLOCK_CRYPTO_MAX_SECTORS;
> +if (cur_bytes > (BLOCK_CRYPTO_MAX_SECTORS * sector_size)) {
> +cur_bytes = BLOCK_CRYPTO_MAX_SECTORS * sector_size;
>  }
>  
>  qemu_iovec_reset(_qiov);
> -qemu_iovec_add(_qiov, cipher_data, cur_nr_sectors * sector_size);
> +qemu_iovec_add(_qiov, cipher_data, cur_bytes);
>  
> -ret = bdrv_co_readv(bs->file,
> -payload_offset + sector_num,
> -cur_nr_sectors, _qiov);
> +ret = bdrv_co_preadv(bs->file, payload_offset + offset + bytes_done,
> + cur_bytes, _qiov, 0);
>  if (ret < 0) {
>  goto cleanup;
>  }
>  
> -if (qcrypto_block_decrypt(crypto->block,
> -  sector_num,
> -  cipher_data, cur_nr_sectors * sector_size,
> -  NULL) < 0) {
> +if (qcrypto_block_decrypt(crypto->block, sector_num, cipher_data,
> +  cur_bytes, NULL) < 0) {
>  ret = -EIO;
>  goto cleanup;
>  }
>  
> -qemu_iovec_from_buf(qiov, bytes_done,
> -cipher_data, cur_nr_sectors * sector_size);
> +qemu_iovec_from_buf(qiov, bytes_done, cipher_data, cur_bytes);
>  
> -remaining_sectors -= cur_nr_sectors;
> -sector_num += cur_nr_sectors;
> -bytes_done += cur_nr_sectors * sector_size;
> +sector_num += cur_bytes / sector_size;
> +bytes -= cur_bytes;
> +bytes_done += cur_bytes;
>  }
>  
>   cleanup:
> @@ -452,19 +452,23 @@ block_crypto_co_readv(BlockDriverState *bs, int64_t 
> sector_num,
>  
>  
>  static coroutine_fn int
> -block_crypto_co_writev(BlockDriverState *bs, int64_t sector_num,
> -   int remaining_sectors, QEMUIOVector *qiov)
> +block_crypto_co_pwritev(BlockDriverState *bs, uint64_t offset, uint64_t 
> bytes,
> +QEMUIOVector *qiov, int flags)
>  {
>  BlockCrypto *crypto = bs->opaque;
> -int cur_nr_sectors; /* number of sectors in current iteration */
> +uint64_t cur_bytes; /* number of bytes in current iteration */
>  uint64_t bytes_done = 0;
>  uint8_t *cipher_data = NULL;
>  QEMUIOVector hd_qiov;
>  int ret = 0;
>  uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
> -uint64_t payload_offset =
> -qcrypto_block_get_payload_offset(crypto->block) / sector_size;
> -assert(payload_offset < (INT64_MAX / 512));
> +uint64_t payload_offset = 
>

Re: [Qemu-devel] [PATCH for-2.10] qemu-options: Document the -drive locking parameter.

2017-09-12 Thread Kevin Wolf 
Am 12.09.2017 um 13:43 hat Richard W.M. Jones geschrieben:
> On Tue, Sep 12, 2017 at 01:32:05PM +0200, Kevin Wolf wrote:
> > Am 12.09.2017 um 11:45 hat Richard W.M. Jones geschrieben:
> > > On Wed, Sep 06, 2017 at 01:38:45PM +0200, Kevin Wolf wrote:
> > > > This command line fragment looks correct to me. For me, it seems to
> > > > work. I'm starting a first qemu in the background with default locking
> > > > options:
> > > > 
> > > > $ x86_64-softmmu/qemu-system-x86_64 -hda /tmp/test.qcow2
> > > > 
> > > > And then starting a second one with a command line resembling yours:
> > > > 
> > > > $ x86_64-softmmu/qemu-system-x86_64 -device virtio-scsi \
> > > >   -drive 
> > > > file=/tmp/test.qcow2,cache=unsafe,format=qcow2,file.locking=off,id=hd0,if=none
> > > >  \
> > > >   -device scsi-hd,drive=hd0
> > > 
> > > The problem is with overlays, where file.locking doesn't propagate to
> > > the backing file.  Thus:
> > > 
> > >   $ qemu-system-x86_64 -drive file=backing,format=raw
> > > 
> > > while in another terminal:
> > > 
> > >   $ qemu-img create -b backing -f qcow2 overlay
> > >   $ qemu-system-x86_64 -drive file=overlay,format=qcow2,file.locking=off
> > >   qemu-system-x86_64: Failed to get shared "write" lock
> > >   Is another process using the image?
> > 
> > locking=off isn't the right tool for the case. Try this:
> > 
> > $ qemu-system-x86_64 -drive file=overlay,if=none -device 
> > virtio-blk-pci,drive=none0,share-rw=on
> > 
> > Unless you're doing really evil things, just telling qemu that your
> > guest can cope with concurrent writers to the same image is enough. This
> > propagates through the whole chain as appropriate.
> 
> Our guest certainly *cannot* cope with multiple writers to the backing
> disk (file "raw" in my example).  In fact that would be a disaster.

Your guest (the libguestfs one with the overlay) can cope with multiple
writers to its disk. Or probably it can't, but you treat it as if it
could and insist that this is correct enough. Otherwise you wouldn't be
able to use a raw image that another VM writes to as its backing file.

> The overlay protects the backing disk from ever seeing any writes.

This is why the backing file is opened read-only and therefore
compatible with the initial qemu instance that requires exclusive write
access.

This is all correctly represented in the locking. You wouldn't be able
to directly use "raw" even with share-rw=on because the initial qemu
instance doesn't support shared write access. But it works for a backing
file.

> In our case because the initial qemu instance (which we don't control)
> opened the disk ("raw") with an exclusive lock, our only choice for
> monitoring that disk is to turn off locking.

No, you just need to make sure that the libguestfs instance doesn't
need write access to the image of an exclusive writer. Which you already
do.

The only locking problem that you need to solve is that your libguestfs
VM doesn't forbid other writers to its backing file. And this is exactly
what share-rw=on achieves.

Kevin

Re: [Qemu-devel] [PATCH 04/12] qemu-iotests: limit non-_PROG-suffixed variables to common.rc

2017-09-12 Thread Paolo Bonzini 
On 12/09/2017 12:31, Kevin Wolf wrote:
> Hm, does this mean that instead of ./check failing when a binary is
> missing, we try each test case now and each one fails with the same
> error message?
> 
> *tries it out*
> 
> Okay, it's already broken today because the strings are never empty but
> contain the name of the wrapper functions, but it's still bad behaviour.
> Instead of just telling me that the binary is missing like it used to
> work, I get tons of test case diffs.

So the patch is still dead code, isn't it?

Paolo

[Qemu-devel] [PATCH v5 07/12] input: convert the adb device to keycodemapdb

2017-09-12 Thread Daniel P. Berrange 
Replace the qcode_to_adb_keycode table with automatically
generated tables.

Missing entries in qcode_to_adb_keycode now fixed:

 - Q_KEY_CODE_KP_COMMA -> 0x47

Signed-off-by: Daniel P. Berrange 
---
 hw/input/adb.c | 124 +---
 include/hw/input/adb-keys.h| 141 -
 include/ui/input.h |   3 +
 ui/Makefile.objs   |   1 +
 ui/input-keymap-qcode-to-adb.c | 156 +
 ui/input-keymap.c  |   1 +
 6 files changed, 163 insertions(+), 263 deletions(-)
 delete mode 100644 include/hw/input/adb-keys.h
 create mode 100644 ui/input-keymap-qcode-to-adb.c

diff --git a/hw/input/adb.c b/hw/input/adb.c
index fcca3a8eb9..1fe5d298a3 100644
--- a/hw/input/adb.c
+++ b/hw/input/adb.c
@@ -25,7 +25,6 @@
 #include "hw/hw.h"
 #include "hw/input/adb.h"
 #include "ui/console.h"
-#include "include/hw/input/adb-keys.h"
 #include "ui/input.h"
 #include "sysemu/sysemu.h"
 
@@ -193,125 +192,6 @@ typedef struct ADBKeyboardClass {
 DeviceRealize parent_realize;
 } ADBKeyboardClass;
 
-int qcode_to_adb_keycode[] = {
- /* Make sure future additions are automatically set to NO_KEY */
-[0 ... 0xff]   = NO_KEY,
-
-[Q_KEY_CODE_SHIFT] = ADB_KEY_LEFT_SHIFT,
-[Q_KEY_CODE_SHIFT_R]   = ADB_KEY_RIGHT_SHIFT,
-[Q_KEY_CODE_ALT]   = ADB_KEY_LEFT_OPTION,
-[Q_KEY_CODE_ALT_R] = ADB_KEY_RIGHT_OPTION,
-[Q_KEY_CODE_CTRL]  = ADB_KEY_LEFT_CONTROL,
-[Q_KEY_CODE_CTRL_R]= ADB_KEY_RIGHT_CONTROL,
-[Q_KEY_CODE_META_L]= ADB_KEY_COMMAND,
-[Q_KEY_CODE_META_R]= ADB_KEY_COMMAND,
-[Q_KEY_CODE_SPC]   = ADB_KEY_SPACEBAR,
-
-[Q_KEY_CODE_ESC]   = ADB_KEY_ESC,
-[Q_KEY_CODE_1] = ADB_KEY_1,
-[Q_KEY_CODE_2] = ADB_KEY_2,
-[Q_KEY_CODE_3] = ADB_KEY_3,
-[Q_KEY_CODE_4] = ADB_KEY_4,
-[Q_KEY_CODE_5] = ADB_KEY_5,
-[Q_KEY_CODE_6] = ADB_KEY_6,
-[Q_KEY_CODE_7] = ADB_KEY_7,
-[Q_KEY_CODE_8] = ADB_KEY_8,
-[Q_KEY_CODE_9] = ADB_KEY_9,
-[Q_KEY_CODE_0] = ADB_KEY_0,
-[Q_KEY_CODE_MINUS] = ADB_KEY_MINUS,
-[Q_KEY_CODE_EQUAL] = ADB_KEY_EQUAL,
-[Q_KEY_CODE_BACKSPACE] = ADB_KEY_DELETE,
-[Q_KEY_CODE_TAB]   = ADB_KEY_TAB,
-[Q_KEY_CODE_Q] = ADB_KEY_Q,
-[Q_KEY_CODE_W] = ADB_KEY_W,
-[Q_KEY_CODE_E] = ADB_KEY_E,
-[Q_KEY_CODE_R] = ADB_KEY_R,
-[Q_KEY_CODE_T] = ADB_KEY_T,
-[Q_KEY_CODE_Y] = ADB_KEY_Y,
-[Q_KEY_CODE_U] = ADB_KEY_U,
-[Q_KEY_CODE_I] = ADB_KEY_I,
-[Q_KEY_CODE_O] = ADB_KEY_O,
-[Q_KEY_CODE_P] = ADB_KEY_P,
-[Q_KEY_CODE_BRACKET_LEFT]  = ADB_KEY_LEFT_BRACKET,
-[Q_KEY_CODE_BRACKET_RIGHT] = ADB_KEY_RIGHT_BRACKET,
-[Q_KEY_CODE_RET]   = ADB_KEY_RETURN,
-[Q_KEY_CODE_A] = ADB_KEY_A,
-[Q_KEY_CODE_S] = ADB_KEY_S,
-[Q_KEY_CODE_D] = ADB_KEY_D,
-[Q_KEY_CODE_F] = ADB_KEY_F,
-[Q_KEY_CODE_G] = ADB_KEY_G,
-[Q_KEY_CODE_H] = ADB_KEY_H,
-[Q_KEY_CODE_J] = ADB_KEY_J,
-[Q_KEY_CODE_K] = ADB_KEY_K,
-[Q_KEY_CODE_L] = ADB_KEY_L,
-[Q_KEY_CODE_SEMICOLON] = ADB_KEY_SEMICOLON,
-[Q_KEY_CODE_APOSTROPHE]= ADB_KEY_APOSTROPHE,
-[Q_KEY_CODE_GRAVE_ACCENT]  = ADB_KEY_GRAVE_ACCENT,
-[Q_KEY_CODE_BACKSLASH] = ADB_KEY_BACKSLASH,
-[Q_KEY_CODE_Z] = ADB_KEY_Z,
-[Q_KEY_CODE_X] = ADB_KEY_X,
-[Q_KEY_CODE_C] = ADB_KEY_C,
-[Q_KEY_CODE_V] = ADB_KEY_V,
-[Q_KEY_CODE_B] = ADB_KEY_B,
-[Q_KEY_CODE_N] = ADB_KEY_N,
-[Q_KEY_CODE_M] = ADB_KEY_M,
-[Q_KEY_CODE_COMMA] = ADB_KEY_COMMA,
-[Q_KEY_CODE_DOT]   = ADB_KEY_PERIOD,
-[Q_KEY_CODE_SLASH] = ADB_KEY_FORWARD_SLASH,
-[Q_KEY_CODE_ASTERISK]  = ADB_KEY_KP_MULTIPLY,
-[Q_KEY_CODE_CAPS_LOCK] = ADB_KEY_CAPS_LOCK,
-
-[Q_KEY_CODE_F1]= ADB_KEY_F1,
-[Q_KEY_CODE_F2]= ADB_KEY_F2,
-[Q_KEY_CODE_F3]= ADB_KEY_F3,
-[Q_KEY_CODE_F4]= ADB_KEY_F4,
-[Q_KEY_CODE_F5]= ADB_KEY_F5,
-[Q_KEY_CODE_F6]= ADB_KEY_F6,
-[Q_KEY_CODE_F7]= ADB_KEY_F7,
-[Q_KEY_CODE_F8]= ADB_KEY_F8,
-[Q_KEY_CODE_F9]= ADB_KEY_F9,
-[Q_KEY_CODE_F10]   = ADB_KEY_F10,
-[Q_KEY_CODE_F11]   = ADB_KEY_F11,
-[Q_KEY_CODE_F12]   = ADB_KEY_F12,
-[Q_KEY_CODE_PRINT] = ADB_KEY_F13,
-[Q_KEY_CODE_SYSRQ] = ADB_KEY_F13,
-[Q_KEY_CODE_SCROLL_LOCK]   = ADB_KEY_F14,
-

[Qemu-devel] [PATCH v5 08/12] char: convert the escc device to keycodemapdb

2017-09-12 Thread Daniel P. Berrange 
Replace the qcode_to_keycode table with automatically
generated tables.

Missing entries in qcode_to_keycode now fixed:

 - Q_KEY_CODE_KP_COMMA -> 0x2d

Signed-off-by: Daniel P. Berrange 
---
 hw/char/escc.c | 126 +++--
 include/ui/input.h |   3 ++
 ui/Makefile.objs   |   1 +
 ui/input-keymap.c  |   1 +
 4 files changed, 10 insertions(+), 121 deletions(-)

diff --git a/hw/char/escc.c b/hw/char/escc.c
index 3ab831a6a7..449bf2fc63 100644
--- a/hw/char/escc.c
+++ b/hw/char/escc.c
@@ -717,126 +717,6 @@ MemoryRegion *escc_init(hwaddr base, qemu_irq irqA, 
qemu_irq irqB,
 return >mmio;
 }
 
-static const uint8_t qcode_to_keycode[Q_KEY_CODE__MAX] = {
-[Q_KEY_CODE_SHIFT] = 99,
-[Q_KEY_CODE_SHIFT_R]   = 110,
-[Q_KEY_CODE_ALT]   = 19,
-[Q_KEY_CODE_ALT_R] = 13,
-[Q_KEY_CODE_CTRL]  = 76,
-[Q_KEY_CODE_CTRL_R]= 76,
-[Q_KEY_CODE_ESC]   = 29,
-[Q_KEY_CODE_1] = 30,
-[Q_KEY_CODE_2] = 31,
-[Q_KEY_CODE_3] = 32,
-[Q_KEY_CODE_4] = 33,
-[Q_KEY_CODE_5] = 34,
-[Q_KEY_CODE_6] = 35,
-[Q_KEY_CODE_7] = 36,
-[Q_KEY_CODE_8] = 37,
-[Q_KEY_CODE_9] = 38,
-[Q_KEY_CODE_0] = 39,
-[Q_KEY_CODE_MINUS] = 40,
-[Q_KEY_CODE_EQUAL] = 41,
-[Q_KEY_CODE_BACKSPACE] = 43,
-[Q_KEY_CODE_TAB]   = 53,
-[Q_KEY_CODE_Q] = 54,
-[Q_KEY_CODE_W] = 55,
-[Q_KEY_CODE_E] = 56,
-[Q_KEY_CODE_R] = 57,
-[Q_KEY_CODE_T] = 58,
-[Q_KEY_CODE_Y] = 59,
-[Q_KEY_CODE_U] = 60,
-[Q_KEY_CODE_I] = 61,
-[Q_KEY_CODE_O] = 62,
-[Q_KEY_CODE_P] = 63,
-[Q_KEY_CODE_BRACKET_LEFT]  = 64,
-[Q_KEY_CODE_BRACKET_RIGHT] = 65,
-[Q_KEY_CODE_RET]   = 89,
-[Q_KEY_CODE_A] = 77,
-[Q_KEY_CODE_S] = 78,
-[Q_KEY_CODE_D] = 79,
-[Q_KEY_CODE_F] = 80,
-[Q_KEY_CODE_G] = 81,
-[Q_KEY_CODE_H] = 82,
-[Q_KEY_CODE_J] = 83,
-[Q_KEY_CODE_K] = 84,
-[Q_KEY_CODE_L] = 85,
-[Q_KEY_CODE_SEMICOLON] = 86,
-[Q_KEY_CODE_APOSTROPHE]= 87,
-[Q_KEY_CODE_GRAVE_ACCENT]  = 42,
-[Q_KEY_CODE_BACKSLASH] = 88,
-[Q_KEY_CODE_Z] = 100,
-[Q_KEY_CODE_X] = 101,
-[Q_KEY_CODE_C] = 102,
-[Q_KEY_CODE_V] = 103,
-[Q_KEY_CODE_B] = 104,
-[Q_KEY_CODE_N] = 105,
-[Q_KEY_CODE_M] = 106,
-[Q_KEY_CODE_COMMA] = 107,
-[Q_KEY_CODE_DOT]   = 108,
-[Q_KEY_CODE_SLASH] = 109,
-[Q_KEY_CODE_ASTERISK]  = 47,
-[Q_KEY_CODE_SPC]   = 121,
-[Q_KEY_CODE_CAPS_LOCK] = 119,
-[Q_KEY_CODE_F1]= 5,
-[Q_KEY_CODE_F2]= 6,
-[Q_KEY_CODE_F3]= 8,
-[Q_KEY_CODE_F4]= 10,
-[Q_KEY_CODE_F5]= 12,
-[Q_KEY_CODE_F6]= 14,
-[Q_KEY_CODE_F7]= 16,
-[Q_KEY_CODE_F8]= 17,
-[Q_KEY_CODE_F9]= 18,
-[Q_KEY_CODE_F10]   = 7,
-[Q_KEY_CODE_NUM_LOCK]  = 98,
-[Q_KEY_CODE_SCROLL_LOCK]   = 23,
-[Q_KEY_CODE_KP_DIVIDE] = 46,
-[Q_KEY_CODE_KP_MULTIPLY]   = 47,
-[Q_KEY_CODE_KP_SUBTRACT]   = 71,
-[Q_KEY_CODE_KP_ADD]= 125,
-[Q_KEY_CODE_KP_ENTER]  = 90,
-[Q_KEY_CODE_KP_DECIMAL]= 50,
-[Q_KEY_CODE_KP_0]  = 94,
-[Q_KEY_CODE_KP_1]  = 112,
-[Q_KEY_CODE_KP_2]  = 113,
-[Q_KEY_CODE_KP_3]  = 114,
-[Q_KEY_CODE_KP_4]  = 91,
-[Q_KEY_CODE_KP_5]  = 92,
-[Q_KEY_CODE_KP_6]  = 93,
-[Q_KEY_CODE_KP_7]  = 68,
-[Q_KEY_CODE_KP_8]  = 69,
-[Q_KEY_CODE_KP_9]  = 70,
-[Q_KEY_CODE_LESS]  = 124,
-[Q_KEY_CODE_F11]   = 9,
-[Q_KEY_CODE_F12]   = 11,
-[Q_KEY_CODE_HOME]  = 52,
-[Q_KEY_CODE_PGUP]  = 96,
-[Q_KEY_CODE_PGDN]  = 123,
-[Q_KEY_CODE_END]   = 74,
-[Q_KEY_CODE_LEFT]  = 24,
-[Q_KEY_CODE_UP]= 20,
-[Q_KEY_CODE_DOWN]  = 27,
-[Q_KEY_CODE_RIGHT] = 28,
-[Q_KEY_CODE_INSERT]= 44,
-[Q_KEY_CODE_DELETE]= 66,
-[Q_KEY_CODE_STOP]  = 1,
-[Q_KEY_CODE_AGAIN] = 3,
-[Q_KEY_CODE_PROPS] = 25,
-[Q_KEY_CODE_UNDO]  = 26,
-[Q_KEY_CODE_FRONT] = 49,
-[Q_KEY_CODE_COPY]  = 51,
-[Q_KEY_CODE_OPEN]  = 72,
-[Q_KEY_CODE_PASTE] = 73,
-[Q_KEY_CODE_FIND]  = 95,
-[Q_KEY_CODE_CUT]   = 97,
-[Q_KEY_CODE_LF]= 111,

[Qemu-devel] [PATCH v5 05/12] input: convert virtio-input-hid device to keycodemapdb

2017-09-12 Thread Daniel P. Berrange 
Replace the keymap_qcode table with automatically generated
tables.

Missing entries in keymap_qcode now fixed:

  Q_KEY_CODE_ASTERISK -> KEY_KPASTERISK
  Q_KEY_CODE_KP_MULTIPLY -> KEY_KPASTERISK
  Q_KEY_CODE_STOP -> KEY_STOP
  Q_KEY_CODE_AGAIN -> KEY_AGAIN
  Q_KEY_CODE_PROPS -> KEY_PROPS
  Q_KEY_CODE_UNDO -> KEY_UNDO
  Q_KEY_CODE_FRONT -> KEY_FRONT
  Q_KEY_CODE_COPY -> KEY_COPY
  Q_KEY_CODE_OPEN -> KEY_OPEN
  Q_KEY_CODE_PASTE -> KEY_PASTE
  Q_KEY_CODE_FIND -> KEY_FIND
  Q_KEY_CODE_CUT -> KEY_CUT
  Q_KEY_CODE_LF -> KEY_LINEFEED
  Q_KEY_CODE_HELP -> KEY_HELP
  Q_KEY_CODE_COMPOSE -> KEY_COMPOSE
  Q_KEY_CODE_RO -> KEY_RO
  Q_KEY_CODE_HIRAGANA -> KEY_HIRAGANA
  Q_KEY_CODE_HENKAN -> KEY_HENKAN
  Q_KEY_CODE_YEN -> KEY_YEN
  Q_KEY_CODE_KP_COMMA -> KEY_KPCOMMA
  Q_KEY_CODE_KP_EQUALS -> KEY_KPEQUAL
  Q_KEY_CODE_POWER -> KEY_POWER
  Q_KEY_CODE_SLEEP -> KEY_SLEEP
  Q_KEY_CODE_WAKE -> KEY_WAKEUP
  Q_KEY_CODE_AUDIONEXT -> KEY_NEXTSONG
  Q_KEY_CODE_AUDIOPREV -> KEY_PREVIOUSSONG
  Q_KEY_CODE_AUDIOSTOP -> KEY_STOPCD
  Q_KEY_CODE_AUDIOPLAY -> KEY_PLAYPAUSE
  Q_KEY_CODE_AUDIOMUTE -> KEY_MUTE
  Q_KEY_CODE_VOLUMEUP -> KEY_VOLUMEUP
  Q_KEY_CODE_VOLUMEDOWN -> KEY_VOLUMEDOWN
  Q_KEY_CODE_MEDIASELECT -> KEY_MEDIA
  Q_KEY_CODE_MAIL -> KEY_MAIL
  Q_KEY_CODE_CALCULATOR -> KEY_CALC
  Q_KEY_CODE_COMPUTER -> KEY_COMPUTER
  Q_KEY_CODE_AC_HOME -> KEY_HOMEPAGE
  Q_KEY_CODE_AC_BACK -> KEY_BACK
  Q_KEY_CODE_AC_FORWARD -> KEY_FORWARD
  Q_KEY_CODE_AC_REFRESH -> KEY_REFRESH
  Q_KEY_CODE_AC_BOOKMARKS -> KEY_BOOKMARKS

Signed-off-by: Daniel P. Berrange 
---
 hw/input/virtio-input-hid.c  | 136 +++---
 include/ui/input.h   |   3 +
 ui/Makefile.objs |   1 +
 ui/input-keymap-qcode-to-linux.c | 156 +++
 ui/input-keymap.c|   1 +
 5 files changed, 170 insertions(+), 127 deletions(-)
 create mode 100644 ui/input-keymap-qcode-to-linux.c

diff --git a/hw/input/virtio-input-hid.c b/hw/input/virtio-input-hid.c
index 4d3afc1b14..bb1296bedf 100644
--- a/hw/input/virtio-input-hid.c
+++ b/hw/input/virtio-input-hid.c
@@ -22,126 +22,7 @@
 
 /* - */
 
-static const unsigned int keymap_qcode[Q_KEY_CODE__MAX] = {
-[Q_KEY_CODE_ESC] = KEY_ESC,
-[Q_KEY_CODE_1]   = KEY_1,
-[Q_KEY_CODE_2]   = KEY_2,
-[Q_KEY_CODE_3]   = KEY_3,
-[Q_KEY_CODE_4]   = KEY_4,
-[Q_KEY_CODE_5]   = KEY_5,
-[Q_KEY_CODE_6]   = KEY_6,
-[Q_KEY_CODE_7]   = KEY_7,
-[Q_KEY_CODE_8]   = KEY_8,
-[Q_KEY_CODE_9]   = KEY_9,
-[Q_KEY_CODE_0]   = KEY_0,
-[Q_KEY_CODE_MINUS]   = KEY_MINUS,
-[Q_KEY_CODE_EQUAL]   = KEY_EQUAL,
-[Q_KEY_CODE_BACKSPACE]   = KEY_BACKSPACE,
-
-[Q_KEY_CODE_TAB] = KEY_TAB,
-[Q_KEY_CODE_Q]   = KEY_Q,
-[Q_KEY_CODE_W]   = KEY_W,
-[Q_KEY_CODE_E]   = KEY_E,
-[Q_KEY_CODE_R]   = KEY_R,
-[Q_KEY_CODE_T]   = KEY_T,
-[Q_KEY_CODE_Y]   = KEY_Y,
-[Q_KEY_CODE_U]   = KEY_U,
-[Q_KEY_CODE_I]   = KEY_I,
-[Q_KEY_CODE_O]   = KEY_O,
-[Q_KEY_CODE_P]   = KEY_P,
-[Q_KEY_CODE_BRACKET_LEFT]= KEY_LEFTBRACE,
-[Q_KEY_CODE_BRACKET_RIGHT]   = KEY_RIGHTBRACE,
-[Q_KEY_CODE_RET] = KEY_ENTER,
-
-[Q_KEY_CODE_CTRL]= KEY_LEFTCTRL,
-[Q_KEY_CODE_A]   = KEY_A,
-[Q_KEY_CODE_S]   = KEY_S,
-[Q_KEY_CODE_D]   = KEY_D,
-[Q_KEY_CODE_F]   = KEY_F,
-[Q_KEY_CODE_G]   = KEY_G,
-[Q_KEY_CODE_H]   = KEY_H,
-[Q_KEY_CODE_J]   = KEY_J,
-[Q_KEY_CODE_K]   = KEY_K,
-[Q_KEY_CODE_L]   = KEY_L,
-[Q_KEY_CODE_SEMICOLON]   = KEY_SEMICOLON,
-[Q_KEY_CODE_APOSTROPHE]  = KEY_APOSTROPHE,
-[Q_KEY_CODE_GRAVE_ACCENT]= KEY_GRAVE,
-
-[Q_KEY_CODE_SHIFT]   = KEY_LEFTSHIFT,
-[Q_KEY_CODE_BACKSLASH]   = KEY_BACKSLASH,
-[Q_KEY_CODE_LESS]= KEY_102ND,
-[Q_KEY_CODE_Z]   = KEY_Z,
-[Q_KEY_CODE_X]   = KEY_X,
-[Q_KEY_CODE_C]   = KEY_C,
-[Q_KEY_CODE_V]   = KEY_V,
-[Q_KEY_CODE_B]   = KEY_B,
-[Q_KEY_CODE_N]   = KEY_N,
-[Q_KEY_CODE_M]   = KEY_M,
-[Q_KEY_CODE_COMMA]   = KEY_COMMA,
-[Q_KEY_CODE_DOT] = KEY_DOT,
-[Q_KEY_CODE_SLASH]   = KEY_SLASH,
-[Q_KEY_CODE_SHIFT_R] = KEY_RIGHTSHIFT,
-
-

[Qemu-devel] [PATCH v5 06/12] input: convert ps2 device to keycodemapdb

2017-09-12 Thread Daniel P. Berrange 
Replace the qcode_to_keycode_set1, qcode_to_keycode_set2,
and qcode_to_keycode_set3 tables with automatically
generated tables.

Missing entries in qcode_to_keycode_set1 now fixed:

 - Q_KEY_CODE_SYSRQ -> 0x54
 - Q_KEY_CODE_PRINT -> 0x54 (NB ignored due to special case)
 - Q_KEY_CODE_AGAIN -> 0xe005
 - Q_KEY_CODE_PROPS -> 0xe006
 - Q_KEY_CODE_UNDO -> 0xe007
 - Q_KEY_CODE_FRONT -> 0xe00c
 - Q_KEY_CODE_COPY -> 0xe078
 - Q_KEY_CODE_OPEN -> 0x64
 - Q_KEY_CODE_PASTE -> 0x65
 - Q_KEY_CODE_CUT -> 0xe03c
 - Q_KEY_CODE_LF -> 0x5b
 - Q_KEY_CODE_HELP -> 0xe075
 - Q_KEY_CODE_COMPOSE -> 0xe05d
 - Q_KEY_CODE_PAUSE -> 0xe046
 - Q_KEY_CODE_KP_EQUALS -> 0x59

And some mistakes corrected:

 - Q_KEY_CODE_HIRAGANA was mapped to 0x70 (Katakanahiragana)
   instead of of 0x77 (Hirigana)
 - Q_KEY_CODE_MENU was incorrectly mapped to the compose
   scancode (0xe05d) and is now mapped to 0xe01e
 - Q_KEY_CODE_FIND was mapped to 0xe065 (Search) instead
   of to 0xe041 (Find)
 - Q_KEY_CODE_POWER, SLEEP & WAKE had 0x0e instead of 0xe0
   as the prefix

Missing entries in qcode_to_keycode_set2 now fixed:

 - Q_KEY_CODE_PRINT -> 0x7f (NB ignored due to special case)
 - Q_KEY_CODE_COMPOSE -> 0xe02f
 - Q_KEY_CODE_PAUSE -> 0xe077
 - Q_KEY_CODE_KP_EQUALS -> 0x0f

And some mistakes corrected:

 - Q_KEY_CODE_HIRAGANA was mapped to 0x13 (Katakanahiragana)
   instead of of 0x62 (Hirigana)
 - Q_KEY_CODE_MENU was incorrectly mapped to the compose
   scancode (0xe02f) and is now not mapped
 - Q_KEY_CODE_FIND was mapped to 0xe010 (Search) and is now
   not mapped.
 - Q_KEY_CODE_POWER, SLEEP & WAKE had 0x0e instead of 0xe0
   as the prefix

Missing entries in qcode_to_keycode_set3 now fixed:

 - Q_KEY_CODE_ASTERISK -> 0x7e
 - Q_KEY_CODE_SYSRQ -> 0x57
 - Q_KEY_CODE_LESS -> 0x13
 - Q_KEY_CODE_STOP -> 0x0a
 - Q_KEY_CODE_AGAIN -> 0x0b
 - Q_KEY_CODE_PROPS -> 0x0c
 - Q_KEY_CODE_UNDO -> 0x10
 - Q_KEY_CODE_COPY -> 0x18
 - Q_KEY_CODE_OPEN -> 0x20
 - Q_KEY_CODE_PASTE -> 0x28
 - Q_KEY_CODE_FIND -> 0x30
 - Q_KEY_CODE_CUT -> 0x38
 - Q_KEY_CODE_HELP -> 0x09
 - Q_KEY_CODE_COMPOSE -> 0x8d
 - Q_KEY_CODE_AUDIONEXT -> 0x93
 - Q_KEY_CODE_AUDIOPREV -> 0x94
 - Q_KEY_CODE_AUDIOSTOP -> 0x98
 - Q_KEY_CODE_AUDIOMUTE -> 0x9c
 - Q_KEY_CODE_VOLUMEUP -> 0x95
 - Q_KEY_CODE_VOLUMEDOWN -> 0x9d
 - Q_KEY_CODE_CALCULATOR -> 0xa3
 - Q_KEY_CODE_AC_HOME -> 0x97

And some mistakes corrected:

 - Q_KEY_CODE_MENU was incorrectly mapped to the compose
   scancode (0x8d) and is now 0x91

Signed-off-by: Daniel P. Berrange 
---
 hw/input/ps2.c| 406 +-
 include/ui/input.h|   9 +
 ui/Makefile.objs  |   3 +
 ui/input-keymap-qcode-to-atset1.c | 154 +++
 ui/input-keymap-qcode-to-atset2.c | 142 +
 ui/input-keymap-qcode-to-atset3.c | 138 +
 ui/input-keymap.c |   3 +
 7 files changed, 456 insertions(+), 399 deletions(-)
 create mode 100644 ui/input-keymap-qcode-to-atset1.c
 create mode 100644 ui/input-keymap-qcode-to-atset2.c
 create mode 100644 ui/input-keymap-qcode-to-atset3.c

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 77906d5f46..7eeadc144d 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -115,401 +115,6 @@ typedef struct {
 uint8_t mouse_buttons;
 } PS2MouseState;
 
-/* Table to convert from QEMU codes to scancodes.  */
-static const uint16_t qcode_to_keycode_set1[Q_KEY_CODE__MAX] = {
-[0 ... Q_KEY_CODE__MAX - 1] = 0,
-
-[Q_KEY_CODE_A] = 0x1e,
-[Q_KEY_CODE_B] = 0x30,
-[Q_KEY_CODE_C] = 0x2e,
-[Q_KEY_CODE_D] = 0x20,
-[Q_KEY_CODE_E] = 0x12,
-[Q_KEY_CODE_F] = 0x21,
-[Q_KEY_CODE_G] = 0x22,
-[Q_KEY_CODE_H] = 0x23,
-[Q_KEY_CODE_I] = 0x17,
-[Q_KEY_CODE_J] = 0x24,
-[Q_KEY_CODE_K] = 0x25,
-[Q_KEY_CODE_L] = 0x26,
-[Q_KEY_CODE_M] = 0x32,
-[Q_KEY_CODE_N] = 0x31,
-[Q_KEY_CODE_O] = 0x18,
-[Q_KEY_CODE_P] = 0x19,
-[Q_KEY_CODE_Q] = 0x10,
-[Q_KEY_CODE_R] = 0x13,
-[Q_KEY_CODE_S] = 0x1f,
-[Q_KEY_CODE_T] = 0x14,
-[Q_KEY_CODE_U] = 0x16,
-[Q_KEY_CODE_V] = 0x2f,
-[Q_KEY_CODE_W] = 0x11,
-[Q_KEY_CODE_X] = 0x2d,
-[Q_KEY_CODE_Y] = 0x15,
-[Q_KEY_CODE_Z] = 0x2c,
-[Q_KEY_CODE_0] = 0x0b,
-[Q_KEY_CODE_1] = 0x02,
-[Q_KEY_CODE_2] = 0x03,
-[Q_KEY_CODE_3] = 0x04,
-[Q_KEY_CODE_4] = 0x05,
-[Q_KEY_CODE_5] = 0x06,
-[Q_KEY_CODE_6] = 0x07,
-[Q_KEY_CODE_7] = 0x08,
-[Q_KEY_CODE_8] = 0x09,
-[Q_KEY_CODE_9] = 0x0a,
-[Q_KEY_CODE_GRAVE_ACCENT] = 0x29,
-[Q_KEY_CODE_MINUS] = 0x0c,
-[Q_KEY_CODE_EQUAL] = 0x0d,
-[Q_KEY_CODE_BACKSLASH] = 0x2b,
-[Q_KEY_CODE_BACKSPACE] = 0x0e,
-[Q_KEY_CODE_SPC] = 0x39,
-[Q_KEY_CODE_TAB] = 0x0f,
-[Q_KEY_CODE_CAPS_LOCK] = 0x3a,
-[Q_KEY_CODE_SHIFT] = 0x2a,
-[Q_KEY_CODE_CTRL] = 0x1d,
-[Q_KEY_CODE_META_L] = 0xe05b,
-[Q_KEY_CODE_ALT] = 0x38,
-[Q_KEY_CODE_SHIFT_R] = 0x36,
-[Q_KEY_CODE_CTRL_R] = 0xe01d,
-[Q_KEY_CODE_META_R] = 0xe05c,
-

Re: [Qemu-devel] [PATCH v4 12/21] target/s390x: set cpu->id for linux user when realizing

2017-09-12 Thread Igor Mammedov 
On Mon, 11 Sep 2017 17:21:41 +0200
David Hildenbrand  wrote:

> scc->next_cpu_id is updated when realizing. Setting it just before that
> point looks cleaner.
> 
> Reviewed-by: Matthew Rosato 
> Signed-off-by: David Hildenbrand 
Reviewed-by: Igor Mammedov 

> ---
>  target/s390x/cpu.c | 11 ---
>  1 file changed, 4 insertions(+), 7 deletions(-)
> 
> diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
> index 74b3e4fd0d..5f9315fb16 100644
> --- a/target/s390x/cpu.c
> +++ b/target/s390x/cpu.c
> @@ -194,7 +194,11 @@ static void s390_cpu_realizefn(DeviceState *dev, Error 
> **errp)
> ", max allowed: %d", cpu->id, max_cpus - 1);
>  goto out;
>  }
> +#else
> +/* implicitly set for linux-user only */
> +cpu->id = scc->next_cpu_id;
>  #endif
> +
>  if (cpu_exists(cpu->id)) {
>  error_setg(, "Unable to add CPU: %" PRIi64
> ", it already exists", cpu->id);
> @@ -306,13 +310,6 @@ static void s390_cpu_initfn(Object *obj)
>  inited = true;
>  s390x_translate_init();
>  }
> -
> -#if defined(CONFIG_USER_ONLY)
> -{
> -S390CPUClass *scc = S390_CPU_GET_CLASS(obj);
> -cpu->id = scc->next_cpu_id;
> -}
> -#endif
>  }
>  
>  static void s390_cpu_finalize(Object *obj)

Re: [Qemu-devel] [PATCH v5 1/3] qapi: Rename WatchdogExpirationAction enum

2017-09-12 Thread Daniel P. Berrange 
On Thu, Sep 07, 2017 at 10:05:24AM +0200, Michal Privoznik wrote:
> The new name is WatchdogAction which is shorter,
> 
> Signed-off-by: Michal Privoznik 
> ---
>  hw/watchdog/watchdog.c | 14 +++---
>  monitor.c  |  4 ++--
>  qapi/run-state.json|  6 +++---
>  3 files changed, 12 insertions(+), 12 deletions(-)

Reviewed-by: Daniel P. Berrange 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH 07/12] qemu-iotests: disintegrate more parts of common.config

2017-09-12 Thread Kevin Wolf 
Am 12.09.2017 um 14:31 hat Paolo Bonzini geschrieben:
> On 12/09/2017 12:40, Kevin Wolf wrote:
> > Am 09.08.2017 um 23:55 hat Paolo Bonzini geschrieben:
> >> Split "check" parts from tests part.
> >>
> >> For the directory setup, the actual computation of directories goes
> >> in "check", while the sanity checks go in the tests.
> >>
> >> Signed-off-by: Paolo Bonzini 
> > 
> > Same comment as for patch 1, we may want to keep this working.
> 
> Can you explain what is the use case?  For local symlinks I (sort of)
> understand it, but not here.  This as far as I understand is code that
> never runs.

Sorry, somehow I replied to the wrong patch...

This was meant as a comment for patch 9 ('do not search for binaries in
the current directory').

> My preferred alternatives would be one of these:
> 
> - add a patch 13 that restores the local symlink feature on top of the
> cleaned up code.
> 
> - later, rewrite "check" in Python now that it is clear what code is
> part of it and what code is part of the tests.

Do you really think that removing and the reintroducing the feature is
easier than just keeping it in the first place?

> or:
> 
> - leave local symlinks broken
> 
> - when "check" is rewritten in Python, add a configuration mechanism
> based on .ini file syntax that replaces the local symlinks.
> 
> What do you think?

I don't mind the solution as long as after the series, it is still
working. I think this means option 1.

Kevin

Re: [Qemu-devel] [PATCH v5 2/3] watchdog.h: Drop local redefinition of actions enum

2017-09-12 Thread Daniel P. Berrange 
On Thu, Sep 07, 2017 at 10:05:25AM +0200, Michal Privoznik wrote:
> We already have enum that enumerates all the actions that a
> watchdog can take when hitting its timeout: WatchdogAction.
> Use that instead of inventing our own.
> 
> Signed-off-by: Michal Privoznik 
> ---
>  hw/watchdog/watchdog.c| 45 -
>  hw/watchdog/wdt_diag288.c |  6 +++---
>  include/sysemu/watchdog.h | 12 ++--
>  3 files changed, 25 insertions(+), 38 deletions(-)

Reviewed-by: Daniel P. Berrange 


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v4 14/21] target/s390x: rename next_cpu_id to next_core_id

2017-09-12 Thread Igor Mammedov 
On Mon, 11 Sep 2017 17:21:43 +0200
David Hildenbrand  wrote:

> Adapt to the new term "core_id". While at it, fix the type and drop the
> initialization to 0 (which is superfluous).
> 
> Reviewed-by: Matthew Rosato 
> Signed-off-by: David Hildenbrand 
> ---
>  target/s390x/cpu-qom.h |  2 +-
>  target/s390x/cpu.c | 11 +--
>  2 files changed, 6 insertions(+), 7 deletions(-)
> 
> diff --git a/target/s390x/cpu-qom.h b/target/s390x/cpu-qom.h
> index 2435cd8390..2e446fab51 100644
> --- a/target/s390x/cpu-qom.h
> +++ b/target/s390x/cpu-qom.h
> @@ -54,7 +54,7 @@ typedef struct S390CPUClass {
>  bool is_migration_safe;
>  const char *desc;
>  
> -int64_t next_cpu_id;
> +uint32_t next_core_id;
is it possible to hotplug cpus in out of order in real hw?

>  
>  DeviceRealize parent_realize;
>  void (*parent_reset)(CPUState *cpu);
> diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
> index 87ebbe5b28..8c1c644057 100644
> --- a/target/s390x/cpu.c
> +++ b/target/s390x/cpu.c
> @@ -198,7 +198,7 @@ static void s390_cpu_realizefn(DeviceState *dev, Error 
> **errp)
>  }
>  #else
>  /* implicitly set for linux-user only */
> -cpu->env.core_id = scc->next_cpu_id;
> +cpu->env.core_id = scc->next_core_id;
>  #endif
>  
>  if (cpu_exists(cpu->env.core_id)) {
> @@ -206,10 +206,10 @@ static void s390_cpu_realizefn(DeviceState *dev, Error 
> **errp)
> ", it already exists", cpu->env.core_id);
>  goto out;
>  }
> -if (cpu->env.core_id != scc->next_cpu_id) {
> +if (cpu->env.core_id != scc->next_core_id) {
>  error_setg(, "Unable to add CPU with core-id: %" PRIu32
> -   ", the next available core-id is %" PRIi64, 
> cpu->env.core_id,
> -   scc->next_cpu_id);
> +   ", the next available core-id is %" PRIu32, 
> cpu->env.core_id,
> +   scc->next_core_id);
>  goto out;
>  }
>  
> @@ -219,7 +219,7 @@ static void s390_cpu_realizefn(DeviceState *dev, Error 
> **errp)
>  if (err != NULL) {
>  goto out;
>  }
> -scc->next_cpu_id++;
> +scc->next_core_id++;
>  
>  #if !defined(CONFIG_USER_ONLY)
>  qemu_register_reset(s390_cpu_machine_reset_cb, cpu);
> @@ -464,7 +464,6 @@ static void s390_cpu_class_init(ObjectClass *oc, void 
> *data)
>  CPUClass *cc = CPU_CLASS(scc);
>  DeviceClass *dc = DEVICE_CLASS(oc);
>  
> -scc->next_cpu_id = 0;
>  scc->parent_realize = dc->realize;
>  dc->realize = s390_cpu_realizefn;
>  dc->props = s390x_cpu_properties;

Re: [Qemu-devel] [PATCH v4 13/21] target/s390x: use "core-id" for cpu number/address/id handling

2017-09-12 Thread David Hildenbrand 
On 12.09.2017 15:07, Igor Mammedov wrote:
> On Mon, 11 Sep 2017 17:21:42 +0200
> David Hildenbrand  wrote:
> 
>> Some time ago we discussed that using "id" as property name is not the
>> right thing to do, as it is a reserved property for other devices and
>> will not work with device_add.
>>
>> Switch to the term "core-id" instead, and use it as an equivalent to
>> "CPU address" mentioned in the PoP. There is no such thing as cpu number,
>> so rename env.cpu_num to env.core_id. We use "core-id" as this is the
>> common term to use for device_add later on (x86 and ppc).
> is there possibility that later The core (something that contains threads)
> would appear/exist in real hw?
> (my concern here is that we would have to use some other name for it as
> renaming of already shipped public property name would be not an option)

There is the possibility (s390x has SMP support starting with z13), but
it is really, really unlikely for KVM. There would be the chance of
implementing this somewhen in the future for TCG (although I also doubt
this will happen in the near future).

If so, I think there will only be one solution: a new machine type.

Faking threads now would be just plain wrong. So I think this should
just be fine for now.

[...]
>> diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
>> index f3624d75eb..293fc8428a 100644
>> --- a/target/s390x/misc_helper.c
>> +++ b/target/s390x/misc_helper.c
>> @@ -232,7 +232,7 @@ uint32_t HELPER(stsi)(CPUS390XState *env, uint64_t a0,
>>  /* XXX make different for different CPUs? */
>>  ebcdic_put(sysib.sequence, "QEMUQEMUQEMUQEMU", 16);
>>  ebcdic_put(sysib.plant, "QEMU", 4);
>> -stw_p(_addr, env->cpu_num);
>> +stw_p(_addr, env->core_id);
>>  cpu_physical_memory_write(a0, , sizeof(sysib));
>>  } else if ((sel1 == 2) && (sel2 == 2)) {
>>  /* Basic Machine CPUs */
>> @@ -260,7 +260,7 @@ uint32_t HELPER(stsi)(CPUS390XState *env, uint64_t a0,
>>  /* XXX make different for different CPUs? */
>>  ebcdic_put(sysib.sequence, "QEMUQEMUQEMUQEMU", 16);
>>  ebcdic_put(sysib.plant, "QEMU", 4);
>> -stw_p(_addr, env->cpu_num);
>> +stw_p(_addr, env->core_id);
>>  stw_p(_id, 0);
>>  cpu_physical_memory_write(a0, , sizeof(sysib));
>>  } else if ((sel1 == 2) && (sel2 == 2)) {
>> diff --git a/target/s390x/translate.c b/target/s390x/translate.c
>> index 909b12818d..5abd34fb34 100644
>> --- a/target/s390x/translate.c
>> +++ b/target/s390x/translate.c
>> @@ -3823,10 +3823,7 @@ static ExitStatus op_ssm(DisasContext *s, DisasOps *o)
>>  static ExitStatus op_stap(DisasContext *s, DisasOps *o)
>>  {
>>  check_privileged(s);
>> -/* ??? Surely cpu address != cpu number.  In any case the previous
>> -   version of this stored more than the required half-word, so it
>> -   is unlikely this has ever been tested.  */
>> -tcg_gen_ld32u_i64(o->out, cpu_env, offsetof(CPUS390XState, cpu_num));
>> +tcg_gen_ld32u_i64(o->out, cpu_env, offsetof(CPUS390XState, core_id));
>>  return NO_EXIT;
>>  }
> I see core_id is used in several instructions,
> does it really have any influence on code executed by *-user target?
> 
Nope, these should all be privileged instructions and therefore not
relevant for -user targets.

-- 

Thanks,

David

[Qemu-devel] [Bug 1716028] Re: qemu 2.10 locks images with no feature flag

2017-09-12 Thread Scott Moser 
Your example does work (using -blockdev), but I can't get it to work with
-drive.

$ qemu-system-x86_64 \
   -drive id=d01,file=disk1.img,format=qcow2 \
   -device drive=d01,serial=s01,driver=virtio-blk,index=1,share-rw=on \
   -device drive=d01,serial=s01,driver=virtio-blk,index=2,share-rw=on
warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
qemu-system-x86_64: -device 
drive=d01,serial=s01,driver=virtio-blk,index=1,share-rw=on: Drive 'd01' is 
already in use because it has been automatically connected to another device 
(did you need 'if=none' in the drive options?)


## ok, fix that error, add 'if=none' to the -drive.

$ qemu-system-x86_64  \
  -drive id=d01,file=disk1.img,format=qcow2,if=none \
  -device virtio-blk,drive=d01,serial=s01,index=1,share-rw=on \
  -device virtio-blk,drive=d01,serial=s01,index=2,share-rw=on
qemu-system-x86_64: -device 
drive=d01,serial=s01,driver=virtio-blk,index=1,share-rw=on: Property '.index' 
not found

## ok, index belongs on the -drive (which I should have known from
## the past, but which seems not the right place).  Try that anyway.

$ qemu-system-x86_64  \
  -drive id=d01,file=disk1.img,format=qcow2,if=none,index=1  \
  -device virtio-blk,drive=d01,serial=s01,share-rw=on \
  -device virtio-blk,drive=d01,serial=s01,share-rw=on
qemu-system-x86_64: -device drive=d01,serial=s01,driver=virtio-blk,share-rw=on: 
Drive 'd01' is already in use by another device

## Huh?  Isn't that what I said to explicitly allow with share-rw=on?

Note that I've also tried with 'format=raw'.  Is there something I'm
missing to try to use -drive and -device ?

Lastly (if you're still reading), how do  you specify the format of
the file to -blockdev ?  adding 'format=qcow2' makes qemu complain that
"'format' is unexpected".

Thanks for your time.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716028

Title:
  qemu 2.10 locks images with no feature flag

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  New

Bug description:
  1) % lsb_release -rd
  Description:  Ubuntu Artful Aardvark (development branch)
  Release:  17.10

  2) % apt-cache policy qemu-system-x86
  qemu-system-x86:
Installed: 1:2.10~rc3+dfsg-0ubuntu1
Candidate: 1:2.10+dfsg-0ubuntu1
Version table:
   1:2.10+dfsg-0ubuntu1 500
  500 http://archive.ubuntu.com//ubuntu devel/main amd64 Packages
   *** 1:2.10~rc3+dfsg-0ubuntu1 100
  100 /var/lib/dpkg/status

  3) qemu locks image files with no way to discover this feature nor how
  to disable it

  4) qemu provides a way to query if it supports image locking, and what
  the default value is, and how to disable the locking via cli

  qemu 2.10 now will lock image files and warn if an image is currently
  locked.  This prevent qemu from running (and possibly corrupting said
  image).

  However, qemu does not provide any way to determine if a qemu binary
  actually has this capability.  Normally behavior changing features are
  exposed via some change to the qemu help menu or QMP/QAPI output of
  capabilities.

  I believe this slipped through since libvirt already does image
  locking, but direct cli users will be caught by this change.

  In particular, we have a use-case where we simulate multipath disks by
  creating to disks which point to the same file which now breaks
  without adding the 'file.locking=off' to the -drive parameters;  which
  is also completely undocumented and unexposed.

  Some parts of the cli like -device allow querying of settable options
  (qemu-system-x86 -device scsi_hd,?)  but nothing equivalent exists for
  -drive parameters.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.10
  Package: qemu-system-x86 1:2.10~rc3+dfsg-0ubuntu1
  ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5
  Uname: Linux 4.12.0-11-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
  ApportVersion: 2.20.6-0ubuntu7
  Architecture: amd64
  Date: Fri Sep  8 12:56:53 2017
  JournalErrors:
   Hint: You are currently not seeing messages from other users and the system.
 Users in groups 'adm', 'systemd-journal' can see all messages.
 Pass -q to turn off this notice.
   -- Logs begin at Mon 2017-01-30 11:56:02 CST, end at Fri 2017-09-08 12:56:46 
CDT. --
   -- No entries --
  KvmCmdLine: COMMAND STAT  EUID  RUID   PID  PPID %CPU COMMAND
  MachineType: HP ProLiant DL360 Gen9
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.12.0-11-generic 
root=UUID=45354276-e0c0-4bf6-9083-f130b89411cc ro --- console=ttyS1,115200
  SourcePackage: qemu
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 03/05/2015
  dmi.bios.vendor: HP
  dmi.bios.version: P89
  dmi.chassis.type: 23
  dmi.chassis.vendor: HP
  dmi.modalias:

[Qemu-devel] [PATCH v4 1/3] io: send proper HTTP response for websocket errors

2017-09-12 Thread Daniel P. Berrange 
When any error occurs while processing the websockets handshake,
QEMU just terminates the connection abruptly. This is in violation
of the HTTP specs and does not help the client understand what they
did wrong. This is particularly bad when the client gives the wrong
path, as a "404 Not Found" would be very helpful.

Refactor the handshake code so that it always sends a response to
the client unless there was an I/O error.

Fixes bug: #1715186

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrange 
---
 io/channel-websock.c | 185 ++-
 1 file changed, 139 insertions(+), 46 deletions(-)

diff --git a/io/channel-websock.c b/io/channel-websock.c
index 5a3badbec2..f5fac5b422 100644
--- a/io/channel-websock.c
+++ b/io/channel-websock.c
@@ -25,6 +25,8 @@
 #include "crypto/hash.h"
 #include "trace.h"
 
+#include 
+
 
 /* Max amount to allow in rawinput/rawoutput buffers */
 #define QIO_CHANNEL_WEBSOCK_MAX_BUFFER 8192
@@ -44,13 +46,40 @@
 #define QIO_CHANNEL_WEBSOCK_CONNECTION_UPGRADE "Upgrade"
 #define QIO_CHANNEL_WEBSOCK_UPGRADE_WEBSOCKET "websocket"
 
-#define QIO_CHANNEL_WEBSOCK_HANDSHAKE_RESPONSE  \
+#define QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_COMMON \
+"Server: QEMU VNC\r\n"   \
+"Date: %s\r\n"
+
+#define QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_OK\
 "HTTP/1.1 101 Switching Protocols\r\n"  \
+QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_COMMON\
 "Upgrade: websocket\r\n"\
 "Connection: Upgrade\r\n"   \
 "Sec-WebSocket-Accept: %s\r\n"  \
 "Sec-WebSocket-Protocol: binary\r\n"\
 "\r\n"
+#define QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_NOT_FOUND \
+"HTTP/1.1 404 Not Found\r\n"\
+QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_COMMON\
+"Connection: close\r\n" \
+"\r\n"
+#define QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_BAD_REQUEST \
+"HTTP/1.1 400 Bad Request\r\n"\
+QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_COMMON  \
+"Connection: close\r\n"   \
+"Sec-WebSocket-Version: " \
+QIO_CHANNEL_WEBSOCK_SUPPORTED_VERSION \
+"\r\n"
+#define QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_SERVER_ERR \
+"HTTP/1.1 500 Internal Server Error\r\n" \
+QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_COMMON \
+"Connection: close\r\n"  \
+"\r\n"
+#define QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_TOO_LARGE  \
+"HTTP/1.1 403 Request Entity Too Large\r\n"  \
+QIO_CHANNEL_WEBSOCK_HANDSHAKE_RES_COMMON \
+"Connection: close\r\n"  \
+"\r\n"
 #define QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM "\r\n"
 #define QIO_CHANNEL_WEBSOCK_HANDSHAKE_END "\r\n\r\n"
 #define QIO_CHANNEL_WEBSOCK_SUPPORTED_VERSION "13"
@@ -123,8 +152,46 @@ enum {
 QIO_CHANNEL_WEBSOCK_OPCODE_PONG = 0xA
 };
 
+static void qio_channel_websock_handshake_send_res(QIOChannelWebsock *ioc,
+   const char *resmsg,
+   ...)
+{
+va_list vargs;
+char *response;
+size_t responselen;
+
+va_start(vargs, resmsg);
+response = g_strdup_vprintf(resmsg, vargs);
+responselen = strlen(response);
+buffer_reserve(>encoutput, responselen);
+buffer_append(>encoutput, response, responselen);
+va_end(vargs);
+}
+
+static gchar *qio_channel_websock_date_str(void)
+{
+struct tm tm;
+time_t now = time(NULL);
+char datebuf[128];
+
+gmtime_r(, );
+
+strftime(datebuf, sizeof(datebuf), "%a, %d %b %Y %H:%M:%S GMT", );
+
+return g_strdup(datebuf);
+}
+
+static void qio_channel_websock_handshake_send_res_err(QIOChannelWebsock *ioc,
+   const char *resdata)
+{
+char *date = qio_channel_websock_date_str();
+qio_channel_websock_handshake_send_res(ioc, resdata, date);
+g_free(date);
+}
+
 static size_t
-qio_channel_websock_extract_headers(char *buffer,
+qio_channel_websock_extract_headers(QIOChannelWebsock *ioc,
+char *buffer,
 QIOChannelWebsockHTTPHeader *hdrs,
 size_t nhdrsalloc,
 Error **errp)
@@ -145,7 +212,7 @@ qio_channel_websock_extract_headers(char *buffer,
 nl = strstr(buffer, QIO_CHANNEL_WEBSOCK_HANDSHAKE_DELIM);
 if (!nl) {
 error_setg(errp, "Missing HTTP header delimiter");
-return 0;
+goto bad_request;
 }
 *nl = '\0';
 
@@ -158,18 +225,20 @@ qio_channel_websock_extract_headers(char *buffer,
 
 if (!g_str_equal(buffer, QIO_CHANNEL_WEBSOCK_HTTP_METHOD)) {
 error_setg(errp, "Unsupported HTTP method %s", buffer);
-return 0;
+goto bad_request;
 }
 
 buffer = tmp +

[Qemu-devel] [RFC] vfio/pci: don't reset bar address when pci device no_soft_reset bit is set to "1"

2017-09-12 Thread Lifei (Louis) 
Hi all

In commit a52a4c471703e995ceb06f6157d70747823e8a0d said:

The VFIO configuration space stays untouched, so the guest OS may choose
to skip restoring the BAR addresses as they would seem intact. The PCI
device may be left non-operational.

While the guest OS choose to restore the BAR addresses only when pci device 
no_soft_reset
is not set. So we may not reset the BAR address when no_soft_reset is set.

Thanks.
Louis



0001-vfio-pci-don-t-reset-bar-address-when-no_soft_rst-se.patch
Description: 0001-vfio-pci-don-t-reset-bar-address-when-no_soft_rst-se.patch

Re: [Qemu-devel] [PATCH v7 31/38] libqtest: Merge qtest_clock_*() with clock_*()

2017-09-12 Thread Eric Blake 
On 09/12/2017 05:45 AM, Thomas Huth wrote:
> On 11.09.2017 19:20, Eric Blake wrote:
>> Maintaining two layers of libqtest APIs, one that takes an explicit
>> QTestState object, and the other that uses the implicit global_qtest,
>> is annoying.  In the interest of getting rid of global implicit
>> state and having less code to maintain, merge:
>>  qtest_clock_set()
>>  qtest_clock_step()
>>  qtest_clock_step_next()
>> with their short counterparts.  All callers that previously
>> used the short form now make it explicit that they are relying on
>> global_qtest, and later patches can then clean things up to remove
>> the global variable.
>>

>> @@ -446,7 +446,7 @@ int64_t qtest_clock_step(QTestState *s, int64_t step);
>>   *
>>   * Returns: The current value of the QEMU_CLOCK_VIRTUAL in nanoseconds.
>>   */
>> -int64_t qtest_clock_set(QTestState *s, int64_t val);
>> +int64_t clock_set(QTestState *s, int64_t val);
>  Could we please keep the "qtest" prefix here and rather get rid of the
> other ones? Even if it's more to type, I prefer to have a proper prefix
> here so that it is clear at the first sight that the functions belong to
> the qtest framework.

I suppose we can, although it makes more lines that are likely to bump
up against 80 columns, and thus slightly more churn to reformat things
to keep checkpatch happy.  I like the shorter name, because less typing
is easier to remember.  I'd prefer a second opinion on naming before
doing anything about it though - Markus or Paolo, do you have any
preference?

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v7 27/38] libqtest: Swap order of qtest_init() and qtest_start()

2017-09-12 Thread Thomas Huth 
On 11.09.2017 19:20, Eric Blake wrote:
> We already have another qtest_init() in the tree (namely, as part
> of the device initialization of the qtest device at the top level
> qtest.c), with a different signature; having two different
> qtest_init() is confusing, so an upcoming patch will consolidate
> all testsuite callers onto a unified spelling.  But the
> consolidation is easier if qtest_start() is further down the call
> chain, rather than an intermediate wrapper, so swap the call chain
> around.  This includes renaming qtest_init_without_qmp_handshake()
> into qtest_start_without_qmp_handshake(), as it remains the lowest
> point in the call stack.
> 
> Note that qtest_init() now asserts that global_qtest was not set
> on entry, and clears it on exit, to preserve the behavior of
> existing tests that assert the same (and also proving that we
> fixed all tests that had parallel connections); but later patches
> will eventually simplify things by getting rid of qtest_init()
> and global_qtest altogether.
> 
> Signed-off-by: Eric Blake 

Reviewed-by: Thomas Huth

  1   2   3   4   >