Re: [PATCH] memory: Make 'info mtree' not display disabled regions by default

[Peter Xu]

On Fri, May 29, 2020 at 02:53:25PM +0200, Philippe Mathieu-Daudé wrote:
> @@ -2920,35 +2916,46 @@ static void mtree_print_mr(const MemoryRegion *mr, 
> unsigned int level,
>  ml->mr = mr->alias;
>  QTAILQ_INSERT_TAIL(alias_print_queue, ml, mrqueue);
>  }
> -qemu_printf(TARGET_FMT_plx "-" TARGET_FMT_plx
> -" (prio %d, %s%s): alias %s @%s " TARGET_FMT_plx
> -"-" TARGET_FMT_plx "%s",
> -cur_start, cur_end,
> -mr->priority,
> -mr->nonvolatile ? "nv-" : "",
> -memory_region_type((MemoryRegion *)mr),
> -memory_region_name(mr),
> -memory_region_name(mr->alias),
> -mr->alias_offset,
> -mr->alias_offset + MR_SIZE(mr->size),
> -mr->enabled ? "" : " [disabled]");
> -if (owner) {
> -mtree_print_mr_owner(mr);
> +if (mr->enabled || display_disabled) {
> +for (i = 0; i < level; i++) {
> +qemu_printf(MTREE_INDENT);
> +}
> +qemu_printf(TARGET_FMT_plx "-" TARGET_FMT_plx
> +" (prio %d, %s%s): alias %s @%s " TARGET_FMT_plx
> +"-" TARGET_FMT_plx "%s",
> +cur_start, cur_end,
> +mr->priority,
> +mr->nonvolatile ? "nv-" : "",
> +memory_region_type((MemoryRegion *)mr),
> +memory_region_name(mr),
> +memory_region_name(mr->alias),
> +mr->alias_offset,
> +mr->alias_offset + MR_SIZE(mr->size),
> +mr->enabled ? "" : " [disabled]");
> +if (owner) {
> +mtree_print_mr_owner(mr);
> +}

It'll not only change the default output for "info mtree", but also "-o" too
because disabled regions won't be dumped any more.  Not sure whether it's
expected - just raise this question up, because I mostly only use "-f"..

Thanks,

-- 
Peter Xu

Re: [PATCH] memory: Make 'info mtree' not display disabled regions by default

[Paolo Bonzini]

On 29/05/20 16:34, Peter Xu wrote:
> On Fri, May 29, 2020 at 02:53:25PM +0200, Philippe Mathieu-Daudé wrote:
>> @@ -2920,35 +2916,46 @@ static void mtree_print_mr(const MemoryRegion *mr, 
>> unsigned int level,
>>  ml->mr = mr->alias;
>>  QTAILQ_INSERT_TAIL(alias_print_queue, ml, mrqueue);
>>  }
>> -qemu_printf(TARGET_FMT_plx "-" TARGET_FMT_plx
>> -" (prio %d, %s%s): alias %s @%s " TARGET_FMT_plx
>> -"-" TARGET_FMT_plx "%s",
>> -cur_start, cur_end,
>> -mr->priority,
>> -mr->nonvolatile ? "nv-" : "",
>> -memory_region_type((MemoryRegion *)mr),
>> -memory_region_name(mr),
>> -memory_region_name(mr->alias),
>> -mr->alias_offset,
>> -mr->alias_offset + MR_SIZE(mr->size),
>> -mr->enabled ? "" : " [disabled]");
>> -if (owner) {
>> -mtree_print_mr_owner(mr);
>> +if (mr->enabled || display_disabled) {
>> +for (i = 0; i < level; i++) {
>> +qemu_printf(MTREE_INDENT);
>> +}
>> +qemu_printf(TARGET_FMT_plx "-" TARGET_FMT_plx
>> +" (prio %d, %s%s): alias %s @%s " TARGET_FMT_plx
>> +"-" TARGET_FMT_plx "%s",
>> +cur_start, cur_end,
>> +mr->priority,
>> +mr->nonvolatile ? "nv-" : "",
>> +memory_region_type((MemoryRegion *)mr),
>> +memory_region_name(mr),
>> +memory_region_name(mr->alias),
>> +mr->alias_offset,
>> +mr->alias_offset + MR_SIZE(mr->size),
>> +mr->enabled ? "" : " [disabled]");
>> +if (owner) {
>> +mtree_print_mr_owner(mr);
>> +}
> 
> It'll not only change the default output for "info mtree", but also "-o" too
> because disabled regions won't be dumped any more.  Not sure whether it's
> expected - just raise this question up, because I mostly only use "-f"..

I think it's the right behavior.  Queued, thanks.

Paolo

Re: [PATCH v7 32/32] iotests: Add tests for qcow2 images with extended L2 entries

[Alberto Garcia]

On Wed 27 May 2020 08:30:06 PM CEST, Eric Blake wrote:
>> +offset=$(($offset + 8))
>> +bitmap=`peek_file_be "$TEST_IMG" $offset 8`
>> +
>> +expected_bitmap=0
>> +for bit in $expected_alloc; do
>> +expected_bitmap=$(($expected_bitmap | (1 << $bit)))
>> +done
>> +for bit in $expected_zero; do
>> +expected_bitmap=$(($expected_bitmap | (1 << (32 + $bit
>> +done
>> +expected_bitmap=`printf "%llu" $expected_bitmap`
>
> Dead statement - expected_bitmap is already a 64-bit decimal number
> without reprinting it to itself.

Not quite... it seems that simply expanding the variable treats the
value as signed so echo $((1 << 63)) returns INT64_MIN. The printf call
makes it unsigned, but even though I tried that in a 32-bit system and
it works now I'm actually wondering about the portability of the whole
thing.

Looking at the source it seems that bash uses intmax_t:

   https://git.savannah.gnu.org/cgit/bash.git/tree/variables.h?h=bash-5.0#n68

But if this is a problem then peek_file_* would also be affected, it
also uses printf %llu and a few iotests are already reading 64bit values
(grep 'peek_file_.* 8').

Berto

Re: [PATCH] virtio-pci: fix queue_enable write

[Stefan Hajnoczi]

On Fri, May 29, 2020 at 11:07:28AM +0800, Jason Wang wrote:
> Spec said: The driver uses this to selectively prevent the device from
> executing requests from this virtqueue. 1 - enabled; 0 - disabled.
> 
> Though write 0 to queue_enable is forbidden by the sepc, we should not
> assume that the value is 1.
> 
> Fix this by ignoring the write value other than 1.
> 
> Cc: Michael S. Tsirkin 
> Cc: Stefan Hajnoczi 
> Signed-off-by: Jason Wang 
> ---
>  hw/virtio/virtio-pci.c | 10 ++
>  1 file changed, 6 insertions(+), 4 deletions(-)

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

[PATCH 3/3] numa: Initialize node initiator with respect to .has_cpu

[Michal Privoznik]

The initiator attribute of a NUMA node is documented as the 'NUMA
node that has best performance to given NUMA node'. If a NUMA
node has at least one CPU there can hardly be a different node
with better performace and thus all NUMA nodes which have a CPU
are initiators to themselves. Reflect this fact when initializing
the attribute.

Signed-off-by: Michal Privoznik 
---
 hw/core/numa.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/core/numa.c b/hw/core/numa.c
index 338453461c..1c9bc761cc 100644
--- a/hw/core/numa.c
+++ b/hw/core/numa.c
@@ -136,11 +136,15 @@ static void parse_numa_node(MachineState *ms, 
NumaNodeOptions *node,
 numa_info[nodenr].node_memdev = MEMORY_BACKEND(o);
 }
 
-/*
- * If not set the initiator, set it to MAX_NODES. And if
- * HMAT is enabled and this node has no cpus, QEMU will raise error.
- */
-numa_info[nodenr].initiator = MAX_NODES;
+/* Initialize initiator to either the current NUMA node (if
+ * it has at least one CPU), or to MAX_NODES. If HMAT is
+ * enabled an error will be raised later in
+ * numa_validate_initiator(). */
+if (numa_info[nodenr].has_cpu)
+numa_info[nodenr].initiator = nodenr;
+else
+numa_info[nodenr].initiator = MAX_NODES;
+
 if (node->has_initiator) {
 if (!ms->numa_state->hmat_enabled) {
 error_setg(errp, "ACPI Heterogeneous Memory Attribute Table "
-- 
2.26.2

[PATCH 0/3] Couple of HMAT fixes

[Michal Privoznik]

I've started working on libvirt side of this feature. WIP patches can be
found here:

https://github.com/zippy2/libvirt/commits/hmat

I've gotten to a point where libvirt generates cmd line but QEMU refuses
it. Problem is that I was looking into qemu-options.hx instead of
qapi/machine.json and thus found some irregularities between these two.

I'm not necessarily stating that all these patches are correct (I have
some doubts about 3/3 because nearly identical code can be found in
machine_set_cpu_numa_node(), but I have no idea if it's a coincidence).

Michal Privoznik (3):
  qapi: Make @associativity, @policy and @line of NumaHmatCacheOptions
optional
  numa: Allow HMAT cache to be defined before HMAT latency/bandwidth
  numa: Initialize node initiator with respect to .has_cpu

 hw/core/numa.c| 22 +-
 qapi/machine.json |  6 +++---
 2 files changed, 12 insertions(+), 16 deletions(-)

-- 
2.26.2

[PATCH 2/3] numa: Allow HMAT cache to be defined before HMAT latency/bandwidth

[Michal Privoznik]

Currently, when defining a HMAT cache for a NUMA node (in
parse_numa_hmat_cache()) there is this check that forces users to
define HMAT latency/bandwidth first. There is no real need for
this, because nothing in the parse function relies on that and
the HMAT table is constructed way later - when ACPI table is
constructed.

Signed-off-by: Michal Privoznik 
---
 hw/core/numa.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/hw/core/numa.c b/hw/core/numa.c
index 316bc50d75..338453461c 100644
--- a/hw/core/numa.c
+++ b/hw/core/numa.c
@@ -384,7 +384,6 @@ void parse_numa_hmat_cache(MachineState *ms, 
NumaHmatCacheOptions *node,
Error **errp)
 {
 int nb_numa_nodes = ms->numa_state->num_nodes;
-NodeInfo *numa_info = ms->numa_state->nodes;
 NumaHmatCacheOptions *hmat_cache = NULL;
 
 if (node->node_id >= nb_numa_nodes) {
@@ -393,13 +392,6 @@ void parse_numa_hmat_cache(MachineState *ms, 
NumaHmatCacheOptions *node,
 return;
 }
 
-if (numa_info[node->node_id].lb_info_provided != (BIT(0) | BIT(1))) {
-error_setg(errp, "The latency and bandwidth information of "
-   "node-id=%" PRIu32 " should be provided before memory side "
-   "cache attributes", node->node_id);
-return;
-}
-
 if (node->level < 1 || node->level >= HMAT_LB_LEVELS) {
 error_setg(errp, "Invalid level=%" PRIu8 ", it should be larger than 0 
"
"and less than or equal to %d", node->level,
-- 
2.26.2

[PATCH v2 19/58] isa: Convert uses of isa_create() with Coccinelle

[Markus Armbruster]

Replace

dev = isa_create(bus, type_name);
...
qdev_init_nofail(dev);

by

dev = isa_new(type_name);
...
isa_realize_and_unref(dev, bus, _fatal);

Recent commit "qdev: New qdev_new(), qdev_realize(), etc." explains
why.

Coccinelle script:

@@
expression dev, bus, expr;
expression list args;
expression d;
@@
-dev = isa_create(bus, args);
+dev = isa_new(args);
(
 d = >qdev;
|
 d = DEVICE(dev);
)
 ... when != dev = expr
-qdev_init_nofail(d);
+isa_realize_and_unref(dev, bus, _fatal);

@@
expression dev, bus, expr;
expression list args;
@@
-dev = isa_create(bus, args);
+dev = isa_new(args);
 ... when != dev = expr
-qdev_init_nofail(DEVICE(dev));
+isa_realize_and_unref(dev, bus, _fatal);

@@
expression dev, bus, expr;
expression list args;
@@
-dev = DEVICE(isa_create(bus, args));
+ISADevice *isa_dev; // TODO move
+isa_dev = isa_new(args);
+dev = DEVICE(isa_dev);
 ... when != dev = expr
-qdev_init_nofail(dev);
+isa_realize_and_unref(isa_dev, bus, _fatal);

Missing #include "qapi/error.h" added manually, whitespace changes
minimized manually.

Signed-off-by: Markus Armbruster 
---
 include/hw/audio/pcspk.h |  5 +++--
 include/hw/timer/i8254.h |  9 +
 hw/char/parallel-isa.c   |  5 +++--
 hw/char/serial-isa.c |  4 ++--
 hw/dma/i8257.c   |  9 +
 hw/ide/isa.c |  5 +++--
 hw/intc/i8259_common.c   |  5 +++--
 hw/isa/isa-bus.c |  4 ++--
 hw/isa/isa-superio.c | 20 ++--
 hw/ppc/prep.c| 26 --
 hw/rtc/m48t59-isa.c  |  7 +--
 hw/rtc/mc146818rtc.c |  4 ++--
 hw/sparc64/sun4u.c   |  6 --
 13 files changed, 63 insertions(+), 46 deletions(-)

diff --git a/include/hw/audio/pcspk.h b/include/hw/audio/pcspk.h
index 632cce9f68..7e7f5f49dc 100644
--- a/include/hw/audio/pcspk.h
+++ b/include/hw/audio/pcspk.h
@@ -27,6 +27,7 @@
 
 #include "hw/isa/isa.h"
 #include "hw/qdev-properties.h"
+#include "qapi/error.h"
 
 #define TYPE_PC_SPEAKER "isa-pcspk"
 
@@ -35,11 +36,11 @@ static inline ISADevice *pcspk_init(ISABus *bus, ISADevice 
*pit)
 DeviceState *dev;
 ISADevice *isadev;
 
-isadev = isa_create(bus, TYPE_PC_SPEAKER);
+isadev = isa_new(TYPE_PC_SPEAKER);
 dev = DEVICE(isadev);
 qdev_prop_set_uint32(dev, "iobase", 0x61);
 object_property_set_link(OBJECT(dev), OBJECT(pit), "pit", NULL);
-qdev_init_nofail(dev);
+isa_realize_and_unref(isadev, bus, _fatal);
 
 return isadev;
 }
diff --git a/include/hw/timer/i8254.h b/include/hw/timer/i8254.h
index 45cb42571f..e75b4a5a08 100644
--- a/include/hw/timer/i8254.h
+++ b/include/hw/timer/i8254.h
@@ -27,6 +27,7 @@
 
 #include "hw/qdev-properties.h"
 #include "hw/isa/isa.h"
+#include "qapi/error.h"
 
 #define PIT_FREQ 1193182
 
@@ -54,10 +55,10 @@ static inline ISADevice *i8254_pit_init(ISABus *bus, int 
base, int isa_irq,
 DeviceState *dev;
 ISADevice *d;
 
-d = isa_create(bus, TYPE_I8254);
+d = isa_new(TYPE_I8254);
 dev = DEVICE(d);
 qdev_prop_set_uint32(dev, "iobase", base);
-qdev_init_nofail(dev);
+isa_realize_and_unref(d, bus, _fatal);
 qdev_connect_gpio_out(dev, 0,
   isa_irq >= 0 ? isa_get_irq(d, isa_irq) : alt_irq);
 
@@ -69,10 +70,10 @@ static inline ISADevice *kvm_pit_init(ISABus *bus, int base)
 DeviceState *dev;
 ISADevice *d;
 
-d = isa_create(bus, TYPE_KVM_I8254);
+d = isa_new(TYPE_KVM_I8254);
 dev = DEVICE(d);
 qdev_prop_set_uint32(dev, "iobase", base);
-qdev_init_nofail(dev);
+isa_realize_and_unref(d, bus, _fatal);
 
 return d;
 }
diff --git a/hw/char/parallel-isa.c b/hw/char/parallel-isa.c
index bcc577f61c..1ccbb96e70 100644
--- a/hw/char/parallel-isa.c
+++ b/hw/char/parallel-isa.c
@@ -14,17 +14,18 @@
 #include "hw/isa/isa.h"
 #include "hw/qdev-properties.h"
 #include "hw/char/parallel.h"
+#include "qapi/error.h"
 
 static void parallel_init(ISABus *bus, int index, Chardev *chr)
 {
 DeviceState *dev;
 ISADevice *isadev;
 
-isadev = isa_create(bus, "isa-parallel");
+isadev = isa_new("isa-parallel");
 dev = DEVICE(isadev);
 qdev_prop_set_uint32(dev, "index", index);
 qdev_prop_set_chr(dev, "chardev", chr);
-qdev_init_nofail(dev);
+isa_realize_and_unref(isadev, bus, _fatal);
 }
 
 void parallel_hds_isa_init(ISABus *bus, int n)
diff --git a/hw/char/serial-isa.c b/hw/char/serial-isa.c
index f9b6eed783..f13dd98c60 100644
--- a/hw/char/serial-isa.c
+++ b/hw/char/serial-isa.c
@@ -138,11 +138,11 @@ static void serial_isa_init(ISABus *bus, int index, 
Chardev *chr)
 DeviceState *dev;
 ISADevice *isadev;
 
-isadev = isa_create(bus, TYPE_ISA_SERIAL);
+isadev = isa_new(TYPE_ISA_SERIAL);
 dev = DEVICE(isadev);
 qdev_prop_set_uint32(dev, "index", 

[PATCH v2 25/58] ssi: ssi_create_slave_no_init() is now unused, drop

[Markus Armbruster]

Cc: Alistair Francis 
Signed-off-by: Markus Armbruster 
Reviewed-by: Alistair Francis 
---
 include/hw/ssi/ssi.h | 1 -
 hw/ssi/ssi.c | 5 -
 2 files changed, 6 deletions(-)

diff --git a/include/hw/ssi/ssi.h b/include/hw/ssi/ssi.h
index 1725b13c32..93f2b8b0be 100644
--- a/include/hw/ssi/ssi.h
+++ b/include/hw/ssi/ssi.h
@@ -79,7 +79,6 @@ extern const VMStateDescription vmstate_ssi_slave;
 }
 
 DeviceState *ssi_create_slave(SSIBus *bus, const char *name);
-DeviceState *ssi_create_slave_no_init(SSIBus *bus, const char *name);
 
 /* Master interface.  */
 SSIBus *ssi_create_bus(DeviceState *parent, const char *name);
diff --git a/hw/ssi/ssi.c b/hw/ssi/ssi.c
index 58e7d904db..67b48c31cd 100644
--- a/hw/ssi/ssi.c
+++ b/hw/ssi/ssi.c
@@ -90,11 +90,6 @@ static const TypeInfo ssi_slave_info = {
 .abstract = true,
 };
 
-DeviceState *ssi_create_slave_no_init(SSIBus *bus, const char *name)
-{
-return qdev_create(BUS(bus), name);
-}
-
 DeviceState *ssi_create_slave(SSIBus *bus, const char *name)
 {
 DeviceState *dev = qdev_new(name);
-- 
2.21.3

[PATCH v2 39/58] sysbus: Drop useless OBJECT() in sysbus_init_child_obj() calls

[Markus Armbruster]

OBJECT(child) expands to ((Object *)(child)).  sysbus_init_child_obj()
parameter @child is void *.  Pass child instead of OBJECT(child).

Signed-off-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/arm/allwinner-a10.c  |  4 ++--
 hw/arm/aspeed_ast2600.c | 40 +---
 hw/arm/aspeed_soc.c | 35 +++
 hw/arm/nrf51_soc.c  |  2 +-
 hw/mips/boston.c|  4 ++--
 hw/mips/malta.c |  2 +-
 6 files changed, 38 insertions(+), 49 deletions(-)

diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
index 49c51463e1..64449416de 100644
--- a/hw/arm/allwinner-a10.c
+++ b/hw/arm/allwinner-a10.c
@@ -59,9 +59,9 @@ static void aw_a10_init(Object *obj)
 int i;
 
 for (i = 0; i < AW_A10_NUM_USB; i++) {
-sysbus_init_child_obj(obj, "ehci[*]", OBJECT(>ehci[i]),
+sysbus_init_child_obj(obj, "ehci[*]", >ehci[i],
   sizeof(s->ehci[i]), TYPE_PLATFORM_EHCI);
-sysbus_init_child_obj(obj, "ohci[*]", OBJECT(>ohci[i]),
+sysbus_init_child_obj(obj, "ohci[*]", >ohci[i],
   sizeof(s->ohci[i]), TYPE_SYSBUS_OHCI);
 }
 }
diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index beb688fd8f..b7fd20 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -131,8 +131,7 @@ static void aspeed_soc_ast2600_init(Object *obj)
 }
 
 snprintf(typename, sizeof(typename), "aspeed.scu-%s", socname);
-sysbus_init_child_obj(obj, "scu", OBJECT(>scu), sizeof(s->scu),
-  typename);
+sysbus_init_child_obj(obj, "scu", >scu, sizeof(s->scu), typename);
 qdev_prop_set_uint32(DEVICE(>scu), "silicon-rev",
  sc->silicon_rev);
 object_property_add_alias(obj, "hw-strap1", OBJECT(>scu),
@@ -145,36 +144,33 @@ static void aspeed_soc_ast2600_init(Object *obj)
 sysbus_init_child_obj(obj, "a7mpcore", >a7mpcore,
   sizeof(s->a7mpcore), TYPE_A15MPCORE_PRIV);
 
-sysbus_init_child_obj(obj, "rtc", OBJECT(>rtc), sizeof(s->rtc),
+sysbus_init_child_obj(obj, "rtc", >rtc, sizeof(s->rtc),
   TYPE_ASPEED_RTC);
 
 snprintf(typename, sizeof(typename), "aspeed.timer-%s", socname);
-sysbus_init_child_obj(obj, "timerctrl", OBJECT(>timerctrl),
+sysbus_init_child_obj(obj, "timerctrl", >timerctrl,
   sizeof(s->timerctrl), typename);
 
 snprintf(typename, sizeof(typename), "aspeed.i2c-%s", socname);
-sysbus_init_child_obj(obj, "i2c", OBJECT(>i2c), sizeof(s->i2c),
-  typename);
+sysbus_init_child_obj(obj, "i2c", >i2c, sizeof(s->i2c), typename);
 
 snprintf(typename, sizeof(typename), "aspeed.fmc-%s", socname);
-sysbus_init_child_obj(obj, "fmc", OBJECT(>fmc), sizeof(s->fmc),
-  typename);
+sysbus_init_child_obj(obj, "fmc", >fmc, sizeof(s->fmc), typename);
 object_property_add_alias(obj, "num-cs", OBJECT(>fmc), "num-cs");
 
 for (i = 0; i < sc->spis_num; i++) {
 snprintf(typename, sizeof(typename), "aspeed.spi%d-%s", i + 1, 
socname);
-sysbus_init_child_obj(obj, "spi[*]", OBJECT(>spi[i]),
+sysbus_init_child_obj(obj, "spi[*]", >spi[i],
   sizeof(s->spi[i]), typename);
 }
 
 for (i = 0; i < sc->ehcis_num; i++) {
-sysbus_init_child_obj(obj, "ehci[*]", OBJECT(>ehci[i]),
+sysbus_init_child_obj(obj, "ehci[*]", >ehci[i],
   sizeof(s->ehci[i]), TYPE_PLATFORM_EHCI);
 }
 
 snprintf(typename, sizeof(typename), "aspeed.sdmc-%s", socname);
-sysbus_init_child_obj(obj, "sdmc", OBJECT(>sdmc), sizeof(s->sdmc),
-  typename);
+sysbus_init_child_obj(obj, "sdmc", >sdmc, sizeof(s->sdmc), typename);
 object_property_add_alias(obj, "ram-size", OBJECT(>sdmc),
   "ram-size");
 object_property_add_alias(obj, "max-ram-size", OBJECT(>sdmc),
@@ -182,30 +178,29 @@ static void aspeed_soc_ast2600_init(Object *obj)
 
 for (i = 0; i < sc->wdts_num; i++) {
 snprintf(typename, sizeof(typename), "aspeed.wdt-%s", socname);
-sysbus_init_child_obj(obj, "wdt[*]", OBJECT(>wdt[i]),
+sysbus_init_child_obj(obj, "wdt[*]", >wdt[i],
   sizeof(s->wdt[i]), typename);
 }
 
 for (i = 0; i < sc->macs_num; i++) {
-sysbus_init_child_obj(obj, "ftgmac100[*]", OBJECT(>ftgmac100[i]),
+sysbus_init_child_obj(obj, "ftgmac100[*]", >ftgmac100[i],
   sizeof(s->ftgmac100[i]), TYPE_FTGMAC100);
 
 sysbus_init_child_obj(obj, "mii[*]", >mii[i], sizeof(s->mii[i]),
   TYPE_ASPEED_MII);
 }
 
-sysbus_init_child_obj(obj, "xdma", OBJECT(>xdma), sizeof(s->xdma),
+sysbus_init_child_obj(obj, "xdma", >xdma, sizeof(s->xdma),
 

[PATCH v2 22/58] ssi: ssi_auto_connect_slaves() never does anything, drop

[Markus Armbruster]

ssi_auto_connect_slaves(parent, cs_line, bus) iterates over @parent's
QOM children @dev of type TYPE_SSI_SLAVE.  It puts these on @bus, and
sets cs_line[] to qdev_get_gpio_in_named(dev, SSI_GPIO_CS, 0).

Suspicious: there is no protection against overrunning cs_line[].

Turns out it's safe because ssi_auto_connect_slaves() never finds any
such children.  Its called by realize methods of some (but not all)
devices providing an SSI bus, and gets passed the device.

SSI slave devices are always created with ssi_create_slave_no_init(),
optionally via ssi_create_slave().  This adds them to their SSI bus.
It doesn't set their QOM parent.

ssi_create_slave_no_init() is always immediately followed by
qdev_init_nofail(), with no QOM parent assigned, so
device_set_realized() puts the device into the /machine/unattached/
orphanage.  None become QOM children of a device providing an SSI bus.

ssi_auto_connect_slaves() was added in commit b4ae3cfa57 "ssi: Add
slave autoconnect helper".  I can't see which slaves it was supposed
to connect back then.

Cc: Alistair Francis 
Signed-off-by: Markus Armbruster 
Acked-by: Alistair Francis 
---
 include/hw/ssi/ssi.h  |  4 
 hw/ssi/aspeed_smc.c   |  1 -
 hw/ssi/imx_spi.c  |  2 --
 hw/ssi/mss-spi.c  |  1 -
 hw/ssi/ssi.c  | 33 -
 hw/ssi/xilinx_spi.c   |  1 -
 hw/ssi/xilinx_spips.c |  4 
 7 files changed, 46 deletions(-)

diff --git a/include/hw/ssi/ssi.h b/include/hw/ssi/ssi.h
index 1107cb89ee..1725b13c32 100644
--- a/include/hw/ssi/ssi.h
+++ b/include/hw/ssi/ssi.h
@@ -86,10 +86,6 @@ SSIBus *ssi_create_bus(DeviceState *parent, const char 
*name);
 
 uint32_t ssi_transfer(SSIBus *bus, uint32_t val);
 
-/* Automatically connect all children nodes a spi controller as slaves */
-void ssi_auto_connect_slaves(DeviceState *parent, qemu_irq *cs_lines,
- SSIBus *bus);
-
 /* max111x.c */
 void max111x_set_input(DeviceState *dev, int line, uint8_t value);
 
diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index 2edccef2d5..4fab1f5f85 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -1356,7 +1356,6 @@ static void aspeed_smc_realize(DeviceState *dev, Error 
**errp)
 
 /* Setup cs_lines for slaves */
 s->cs_lines = g_new0(qemu_irq, s->num_cs);
-ssi_auto_connect_slaves(dev, s->cs_lines, s->spi);
 
 for (i = 0; i < s->num_cs; ++i) {
 sysbus_init_irq(sbd, >cs_lines[i]);
diff --git a/hw/ssi/imx_spi.c b/hw/ssi/imx_spi.c
index 2dd9a631e1..2f09f15892 100644
--- a/hw/ssi/imx_spi.c
+++ b/hw/ssi/imx_spi.c
@@ -424,8 +424,6 @@ static void imx_spi_realize(DeviceState *dev, Error **errp)
 sysbus_init_mmio(SYS_BUS_DEVICE(dev), >iomem);
 sysbus_init_irq(SYS_BUS_DEVICE(dev), >irq);
 
-ssi_auto_connect_slaves(dev, s->cs_lines, s->bus);
-
 for (i = 0; i < 4; ++i) {
 sysbus_init_irq(SYS_BUS_DEVICE(dev), >cs_lines[i]);
 }
diff --git a/hw/ssi/mss-spi.c b/hw/ssi/mss-spi.c
index 3050fabb69..b2432c5a13 100644
--- a/hw/ssi/mss-spi.c
+++ b/hw/ssi/mss-spi.c
@@ -376,7 +376,6 @@ static void mss_spi_realize(DeviceState *dev, Error **errp)
 s->spi = ssi_create_bus(dev, "spi");
 
 sysbus_init_irq(sbd, >irq);
-ssi_auto_connect_slaves(dev, >cs_line, s->spi);
 sysbus_init_irq(sbd, >cs_line);
 
 memory_region_init_io(>mmio, OBJECT(s), _ops, s,
diff --git a/hw/ssi/ssi.c b/hw/ssi/ssi.c
index c6415eb6e3..54106f5ef8 100644
--- a/hw/ssi/ssi.c
+++ b/hw/ssi/ssi.c
@@ -142,36 +142,3 @@ static void ssi_slave_register_types(void)
 }
 
 type_init(ssi_slave_register_types)
-
-typedef struct SSIAutoConnectArg {
-qemu_irq **cs_linep;
-SSIBus *bus;
-} SSIAutoConnectArg;
-
-static int ssi_auto_connect_slave(Object *child, void *opaque)
-{
-SSIAutoConnectArg *arg = opaque;
-SSISlave *dev = (SSISlave *)object_dynamic_cast(child, TYPE_SSI_SLAVE);
-qemu_irq cs_line;
-
-if (!dev) {
-return 0;
-}
-
-cs_line = qdev_get_gpio_in_named(DEVICE(dev), SSI_GPIO_CS, 0);
-qdev_set_parent_bus(DEVICE(dev), BUS(arg->bus));
-**arg->cs_linep = cs_line;
-(*arg->cs_linep)++;
-return 0;
-}
-
-void ssi_auto_connect_slaves(DeviceState *parent, qemu_irq *cs_line,
- SSIBus *bus)
-{
-SSIAutoConnectArg arg = {
-.cs_linep = _line,
-.bus = bus
-};
-
-object_child_foreach(OBJECT(parent), ssi_auto_connect_slave, );
-}
diff --git a/hw/ssi/xilinx_spi.c b/hw/ssi/xilinx_spi.c
index eba7ccd46a..80d1488dc7 100644
--- a/hw/ssi/xilinx_spi.c
+++ b/hw/ssi/xilinx_spi.c
@@ -334,7 +334,6 @@ static void xilinx_spi_realize(DeviceState *dev, Error 
**errp)
 
 sysbus_init_irq(sbd, >irq);
 s->cs_lines = g_new0(qemu_irq, s->num_cs);
-ssi_auto_connect_slaves(dev, s->cs_lines, s->spi);
 for (i = 0; i < s->num_cs; ++i) {
 sysbus_init_irq(sbd, >cs_lines[i]);
 }
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index e76cf290c8..b9371dbf8d 100644
--- a/hw/ssi/xilinx_spips.c
+++ 

[PATCH v2 12/58] qdev: Convert uses of qdev_set_parent_bus() manually

[Markus Armbruster]

Same transformation as in the previous commit.  Manual, because
convincing Coccinelle to transform these cases is somewhere between
not worthwhile and infeasible (at least for me).

Signed-off-by: Markus Armbruster 
---
 hw/pci-host/prep.c |  3 +--
 hw/ppc/pnv.c   |  6 ++
 hw/s390x/sclp.c| 10 --
 3 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/hw/pci-host/prep.c b/hw/pci-host/prep.c
index c821ef889d..42c7e63a60 100644
--- a/hw/pci-host/prep.c
+++ b/hw/pci-host/prep.c
@@ -268,7 +268,7 @@ static void raven_pcihost_realizefn(DeviceState *d, Error 
**errp)
 memory_region_add_subregion(address_space_mem, 0xbff0, >pci_intack);
 
 /* TODO Remove once realize propagates to child devices. */
-object_property_set_bool(OBJECT(>pci_dev), true, "realized", errp);
+qdev_realize(DEVICE(>pci_dev), BUS(>pci_bus), errp);
 }
 
 static void raven_pcihost_initfn(Object *obj)
@@ -308,7 +308,6 @@ static void raven_pcihost_initfn(Object *obj)
 
 object_initialize(>pci_dev, sizeof(s->pci_dev), TYPE_RAVEN_PCI_DEVICE);
 pci_dev = DEVICE(>pci_dev);
-qdev_set_parent_bus(pci_dev, BUS(>pci_bus));
 object_property_set_int(OBJECT(>pci_dev), PCI_DEVFN(0, 0), "addr",
 NULL);
 qdev_prop_set_bit(pci_dev, "multifunction", false);
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 8562af3fe0..e0588285a2 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -1212,12 +1212,11 @@ static void pnv_chip_power8_realize(DeviceState *dev, 
Error **errp)
 object_property_set_int(OBJECT(phb), i, "index", _fatal);
 object_property_set_int(OBJECT(phb), chip->chip_id, "chip-id",
 _fatal);
-object_property_set_bool(OBJECT(phb), true, "realized", _err);
+qdev_realize(DEVICE(phb), NULL, _err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
 }
-qdev_set_parent_bus(DEVICE(phb), sysbus_get_default());
 
 /* Populate the XSCOM address space. */
 pnv_xscom_add_subregion(chip,
@@ -1422,12 +1421,11 @@ static void pnv_chip_power9_phb_realize(PnvChip *chip, 
Error **errp)
 object_property_set_int(obj, PNV_PHB4_DEVICE_ID, "device-id",
 _fatal);
 object_property_set_link(obj, OBJECT(stack), "stack", 
_abort);
-object_property_set_bool(obj, true, "realized", _err);
+qdev_realize(DEVICE(obj), NULL, _err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
 }
-qdev_set_parent_bus(DEVICE(obj), sysbus_get_default());
 
 /* Populate the XSCOM address space. */
 pnv_xscom_add_subregion(chip,
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 20aca30ac4..40e27a8cb4 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -333,17 +333,15 @@ static void sclp_realize(DeviceState *dev, Error **errp)
 uint64_t hw_limit;
 int ret;
 
-object_property_set_bool(OBJECT(sclp->event_facility), true, "realized",
- );
-if (err) {
-goto out;
-}
 /*
  * qdev_device_add searches the sysbus for TYPE_SCLP_EVENTS_BUS. As long
  * as we can't find a fitting bus via the qom tree, we have to add the
  * event facility to the sysbus, so e.g. a sclp console can be created.
  */
-qdev_set_parent_bus(DEVICE(sclp->event_facility), sysbus_get_default());
+qdev_realize(DEVICE(sclp->event_facility), NULL, );
+if (err) {
+goto out;
+}
 
 ret = s390_set_memory_limit(machine->maxram_size, _limit);
 if (ret == -E2BIG) {
-- 
2.21.3

[PATCH v2 38/58] macio: Eliminate macio_init_child_obj()

[Markus Armbruster]

macio_init_child_obj() has become a trivial wrapper around
object_initialize_child_with_props().  Eliminate it, since the general
convenience wrapper object_initialize_child() is just as convenient
already.

Cc: Mark Cave-Ayland 
Cc: David Gibson 
Signed-off-by: Markus Armbruster 
---
 hw/misc/macio/macio.c | 30 +-
 1 file changed, 9 insertions(+), 21 deletions(-)

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 1a07ca2ca5..8ba7af073c 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -94,14 +94,6 @@ static void macio_bar_setup(MacIOState *s)
 macio_escc_legacy_setup(s);
 }
 
-static void macio_init_child_obj(MacIOState *s, const char *childname,
- void *child, size_t childsize,
- const char *childtype)
-{
-object_initialize_child_with_props(OBJECT(s), childname, child, childsize,
-   childtype, _abort, NULL);
-}
-
 static void macio_common_realize(PCIDevice *d, Error **errp)
 {
 MacIOState *s = MACIO(d);
@@ -218,13 +210,12 @@ static void macio_oldworld_realize(PCIDevice *d, Error 
**errp)
 }
 }
 
-static void macio_init_ide(MacIOState *s, MACIOIDEState *ide, size_t ide_size,
-   int index)
+static void macio_init_ide(MacIOState *s, MACIOIDEState *ide, int index)
 {
 gchar *name = g_strdup_printf("ide[%i]", index);
 uint32_t addr = 0x1f000 + ((index + 1) * 0x1000);
 
-macio_init_child_obj(s, name, ide, ide_size, TYPE_MACIO_IDE);
+object_initialize_child(OBJECT(s), name, ide, TYPE_MACIO_IDE);
 qdev_prop_set_uint32(DEVICE(ide), "addr", addr);
 memory_region_add_subregion(>bar, addr, >mem);
 g_free(name);
@@ -242,16 +233,15 @@ static void macio_oldworld_init(Object *obj)
  qdev_prop_allow_set_link_before_realize,
  0);
 
-macio_init_child_obj(s, "cuda", >cuda, sizeof(s->cuda), TYPE_CUDA);
+object_initialize_child(OBJECT(s), "cuda", >cuda, TYPE_CUDA);
 
-macio_init_child_obj(s, "nvram", >nvram, sizeof(os->nvram),
- TYPE_MACIO_NVRAM);
+object_initialize_child(OBJECT(s), "nvram", >nvram, TYPE_MACIO_NVRAM);
 dev = DEVICE(>nvram);
 qdev_prop_set_uint32(dev, "size", 0x2000);
 qdev_prop_set_uint32(dev, "it_shift", 4);
 
 for (i = 0; i < 2; i++) {
-macio_init_ide(s, >ide[i], sizeof(os->ide[i]), i);
+macio_init_ide(s, >ide[i], i);
 }
 }
 
@@ -396,11 +386,10 @@ static void macio_newworld_init(Object *obj)
  qdev_prop_allow_set_link_before_realize,
  0);
 
-macio_init_child_obj(s, "gpio", >gpio, sizeof(ns->gpio),
- TYPE_MACIO_GPIO);
+object_initialize_child(OBJECT(s), "gpio", >gpio, TYPE_MACIO_GPIO);
 
 for (i = 0; i < 2; i++) {
-macio_init_ide(s, >ide[i], sizeof(ns->ide[i]), i);
+macio_init_ide(s, >ide[i], i);
 }
 }
 
@@ -413,10 +402,9 @@ static void macio_instance_init(Object *obj)
 qbus_create_inplace(>macio_bus, sizeof(s->macio_bus), TYPE_MACIO_BUS,
 DEVICE(obj), "macio.0");
 
-macio_init_child_obj(s, "dbdma", >dbdma, sizeof(s->dbdma),
- TYPE_MAC_DBDMA);
+object_initialize_child(OBJECT(s), "dbdma", >dbdma, TYPE_MAC_DBDMA);
 
-macio_init_child_obj(s, "escc", >escc, sizeof(s->escc), TYPE_ESCC);
+object_initialize_child(OBJECT(s), "escc", >escc, TYPE_ESCC);
 }
 
 static const VMStateDescription vmstate_macio_oldworld = {
-- 
2.21.3

[PATCH v2 37/58] macio: Convert use of qdev_set_parent_bus()

[Markus Armbruster]

Convert qdev_set_parent_bus()/realize to qdev_realize(); recent commit
"qdev: New qdev_new(), qdev_realize(), etc." explains why.

Cc: Mark Cave-Ayland 
Cc: David Gibson 
Signed-off-by: Markus Armbruster 
---
 hw/misc/macio/macio.c | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index a2698e4a20..1a07ca2ca5 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -100,7 +100,6 @@ static void macio_init_child_obj(MacIOState *s, const char 
*childname,
 {
 object_initialize_child_with_props(OBJECT(s), childname, child, childsize,
childtype, _abort, NULL);
-qdev_set_parent_bus(DEVICE(child), BUS(>macio_bus));
 }
 
 static void macio_common_realize(PCIDevice *d, Error **errp)
@@ -109,7 +108,7 @@ static void macio_common_realize(PCIDevice *d, Error **errp)
 SysBusDevice *sysbus_dev;
 Error *err = NULL;
 
-object_property_set_bool(OBJECT(>dbdma), true, "realized", );
+qdev_realize(DEVICE(>dbdma), BUS(>macio_bus), );
 if (err) {
 error_propagate(errp, err);
 return;
@@ -125,7 +124,7 @@ static void macio_common_realize(PCIDevice *d, Error **errp)
 qdev_prop_set_chr(DEVICE(>escc), "chrB", serial_hd(1));
 qdev_prop_set_uint32(DEVICE(>escc), "chnBtype", escc_serial);
 qdev_prop_set_uint32(DEVICE(>escc), "chnAtype", escc_serial);
-object_property_set_bool(OBJECT(>escc), true, "realized", );
+qdev_realize(DEVICE(>escc), BUS(>macio_bus), );
 if (err) {
 error_propagate(errp, err);
 return;
@@ -148,7 +147,7 @@ static void macio_realize_ide(MacIOState *s, MACIOIDEState 
*ide,
 object_property_set_link(OBJECT(ide), OBJECT(>dbdma), "dbdma", errp);
 macio_ide_register_dma(ide);
 
-object_property_set_bool(OBJECT(ide), true, "realized", errp);
+qdev_realize(DEVICE(ide), BUS(>macio_bus), errp);
 }
 
 static void macio_oldworld_realize(PCIDevice *d, Error **errp)
@@ -167,7 +166,7 @@ static void macio_oldworld_realize(PCIDevice *d, Error 
**errp)
 
 qdev_prop_set_uint64(DEVICE(>cuda), "timebase-frequency",
  s->frequency);
-object_property_set_bool(OBJECT(>cuda), true, "realized", );
+qdev_realize(DEVICE(>cuda), BUS(>macio_bus), );
 if (err) {
 error_propagate(errp, err);
 return;
@@ -184,7 +183,7 @@ static void macio_oldworld_realize(PCIDevice *d, Error 
**errp)
 sysbus_connect_irq(sysbus_dev, 1, qdev_get_gpio_in(pic_dev,
OLDWORLD_ESCCA_IRQ));
 
-object_property_set_bool(OBJECT(>nvram), true, "realized", );
+qdev_realize(DEVICE(>nvram), BUS(>macio_bus), );
 if (err) {
 error_propagate(errp, err);
 return;
@@ -348,7 +347,7 @@ static void macio_newworld_realize(PCIDevice *d, Error 
**errp)
  _abort);
 memory_region_add_subregion(>bar, 0x50,
 sysbus_mmio_get_region(sysbus_dev, 0));
-object_property_set_bool(OBJECT(>gpio), true, "realized", );
+qdev_realize(DEVICE(>gpio), BUS(>macio_bus), );
 
 /* PMU */
 object_initialize_child(OBJECT(s), "pmu", >pmu, TYPE_VIA_PMU);
-- 
2.21.3

[PATCH v2 23/58] ssi: Convert uses of ssi_create_slave_no_init() with Coccinelle

[Markus Armbruster]

Replace

dev = ssi_create_slave_no_init(bus, type_name);
...
qdev_init_nofail(dev);

by

dev = qdev_new(type_name);
...
qdev_realize_and_unref(dev, bus, _fatal);

Recent commit "qdev: New qdev_new(), qdev_realize(), etc." explains
why.

@@
type SSIBus;
identifier bus;
expression dev, qbus, expr;
expression list args;
@@
-bus = (SSIBus *)qbus;
+bus = qbus; // TODO fix up decl
 ...
-dev = ssi_create_slave_no_init(bus, args);
+dev = qdev_new(args);
 ... when != dev = expr
-qdev_init_nofail(dev);
+qdev_realize_and_unref(dev, bus, _fatal);

@@
expression dev, bus, expr;
expression list args;
@@
-dev = ssi_create_slave_no_init(bus, args);
+dev = qdev_new(args);
 ... when != dev = expr
-qdev_init_nofail(dev);
+qdev_realize_and_unref(dev, BUS(bus), _fatal);

Bus declarations fixed up manually.

Cc: Alistair Francis 
Signed-off-by: Markus Armbruster 
Reviewed-by: Alistair Francis 
---
 hw/arm/aspeed.c |  4 ++--
 hw/arm/msf2-som.c   |  8 
 hw/arm/sabrelite.c  |  4 ++--
 hw/arm/xilinx_zynq.c|  4 ++--
 hw/arm/xlnx-zcu102.c| 16 
 hw/microblaze/petalogix_ml605_mmu.c |  4 ++--
 6 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 63a7105e8b..9c25d5da96 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -225,12 +225,12 @@ static void aspeed_board_init_flashes(AspeedSMCState *s, 
const char *flashtype,
 DriveInfo *dinfo = drive_get_next(IF_MTD);
 qemu_irq cs_line;
 
-fl->flash = ssi_create_slave_no_init(s->spi, flashtype);
+fl->flash = qdev_new(flashtype);
 if (dinfo) {
 qdev_prop_set_drive(fl->flash, "drive", blk_by_legacy_dinfo(dinfo),
 errp);
 }
-qdev_init_nofail(fl->flash);
+qdev_realize_and_unref(fl->flash, BUS(s->spi), _fatal);
 
 cs_line = qdev_get_gpio_in_named(fl->flash, SSI_GPIO_CS, 0);
 sysbus_connect_irq(SYS_BUS_DEVICE(s), i + 1, cs_line);
diff --git a/hw/arm/msf2-som.c b/hw/arm/msf2-som.c
index e398703742..ca9cbe1acb 100644
--- a/hw/arm/msf2-som.c
+++ b/hw/arm/msf2-som.c
@@ -47,7 +47,7 @@ static void emcraft_sf2_s2s010_init(MachineState *machine)
 MachineClass *mc = MACHINE_GET_CLASS(machine);
 DriveInfo *dinfo = drive_get_next(IF_MTD);
 qemu_irq cs_line;
-SSIBus *spi_bus;
+BusState *spi_bus;
 MemoryRegion *sysmem = get_system_memory();
 MemoryRegion *ddr = g_new(MemoryRegion, 1);
 
@@ -82,14 +82,14 @@ static void emcraft_sf2_s2s010_init(MachineState *machine)
 soc = MSF2_SOC(dev);
 
 /* Attach SPI flash to SPI0 controller */
-spi_bus = (SSIBus *)qdev_get_child_bus(dev, "spi0");
-spi_flash = ssi_create_slave_no_init(spi_bus, "s25sl12801");
+spi_bus = qdev_get_child_bus(dev, "spi0");
+spi_flash = qdev_new("s25sl12801");
 qdev_prop_set_uint8(spi_flash, "spansion-cr2nv", 1);
 if (dinfo) {
 qdev_prop_set_drive(spi_flash, "drive", blk_by_legacy_dinfo(dinfo),
 _fatal);
 }
-qdev_init_nofail(spi_flash);
+qdev_realize_and_unref(spi_flash, spi_bus, _fatal);
 cs_line = qdev_get_gpio_in_named(spi_flash, SSI_GPIO_CS, 0);
 sysbus_connect_irq(SYS_BUS_DEVICE(>spi[0]), 1, cs_line);
 
diff --git a/hw/arm/sabrelite.c b/hw/arm/sabrelite.c
index 96cb30aa3c..33d731549d 100644
--- a/hw/arm/sabrelite.c
+++ b/hw/arm/sabrelite.c
@@ -75,13 +75,13 @@ static void sabrelite_init(MachineState *machine)
 qemu_irq cs_line;
 DriveInfo *dinfo = drive_get_next(IF_MTD);
 
-flash_dev = ssi_create_slave_no_init(spi_bus, "sst25vf016b");
+flash_dev = qdev_new("sst25vf016b");
 if (dinfo) {
 qdev_prop_set_drive(flash_dev, "drive",
 blk_by_legacy_dinfo(dinfo),
 _fatal);
 }
-qdev_init_nofail(flash_dev);
+qdev_realize_and_unref(flash_dev, BUS(spi_bus), _fatal);
 
 cs_line = qdev_get_gpio_in_named(flash_dev, SSI_GPIO_CS, 0);
 sysbus_connect_irq(SYS_BUS_DEVICE(spi_dev), 1, cs_line);
diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index 5fbd2b2e31..0e0f0976c4 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -157,12 +157,12 @@ static inline void zynq_init_spi_flashes(uint32_t 
base_addr, qemu_irq irq,
 
 for (j = 0; j < num_ss; ++j) {
 DriveInfo *dinfo = drive_get_next(IF_MTD);
-flash_dev = ssi_create_slave_no_init(spi, "n25q128");
+flash_dev = qdev_new("n25q128");
 if (dinfo) {
 qdev_prop_set_drive(flash_dev, "drive",
   

[PATCH v2 50/58] sysbus: Convert qdev_set_parent_bus() use with Coccinelle, part 4

[Markus Armbruster]

This is still the same transformation as in the previous commits, but
here the sysbus_init_child_obj() and its matching realize in are in
separate files.  Fortunately, there's just one realize left to
convert.

Signed-off-by: Markus Armbruster 
---
 hw/arm/aspeed_ast2600.c | 9 -
 hw/arm/aspeed_soc.c | 4 ++--
 hw/sd/aspeed_sdhci.c| 2 +-
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index 482fe826c9..d465743247 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -200,9 +200,8 @@ static void aspeed_soc_ast2600_init(Object *obj)
 
 /* Init sd card slot class here so that they're under the correct parent */
 for (i = 0; i < ASPEED_SDHCI_NUM_SLOTS; ++i) {
-sysbus_init_child_obj(obj, "sd-controller.sdhci[*]",
-  >sdhci.slots[i],
-  sizeof(s->sdhci.slots[i]), TYPE_SYSBUS_SDHCI);
+object_initialize_child(obj, "sd-controller.sdhci[*]",
+>sdhci.slots[i], TYPE_SYSBUS_SDHCI);
 }
 
 object_initialize_child(obj, "emmc-controller", >emmc,
@@ -210,8 +209,8 @@ static void aspeed_soc_ast2600_init(Object *obj)
 
 object_property_set_int(OBJECT(>emmc), 1, "num-slots", _abort);
 
-sysbus_init_child_obj(obj, "emmc-controller.sdhci",
-  >emmc.slots[0], sizeof(s->emmc.slots[0]), 
TYPE_SYSBUS_SDHCI);
+object_initialize_child(obj, "emmc-controller.sdhci", >emmc.slots[0],
+TYPE_SYSBUS_SDHCI);
 }
 
 /*
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index c40839c1fb..d1e48b7a5d 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -208,8 +208,8 @@ static void aspeed_soc_init(Object *obj)
 
 /* Init sd card slot class here so that they're under the correct parent */
 for (i = 0; i < ASPEED_SDHCI_NUM_SLOTS; ++i) {
-sysbus_init_child_obj(obj, "sdhci[*]", >sdhci.slots[i],
-  sizeof(s->sdhci.slots[i]), TYPE_SYSBUS_SDHCI);
+object_initialize_child(obj, "sdhci[*]", >sdhci.slots[i],
+TYPE_SYSBUS_SDHCI);
 }
 }
 
diff --git a/hw/sd/aspeed_sdhci.c b/hw/sd/aspeed_sdhci.c
index 6a039a1d2f..538d3bad3d 100644
--- a/hw/sd/aspeed_sdhci.c
+++ b/hw/sd/aspeed_sdhci.c
@@ -145,7 +145,7 @@ static void aspeed_sdhci_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
-object_property_set_bool(sdhci_slot, true, "realized", );
+sysbus_realize(sbd_slot, );
 if (err) {
 error_propagate(errp, err);
 return;
-- 
2.21.3

[PATCH v2 56/58] qdev: Convert bus-less devices to qdev_realize() with Coccinelle

[Markus Armbruster]

All remaining conversions to qdev_realize() are for bus-less devices.
Coccinelle script:

// only correct for bus-less @dev!

@@
expression errp;
expression dev;
@@
-qdev_init_nofail(dev);
+qdev_realize(dev, NULL, _fatal);

@ depends on !(file in "hw/core/qdev.c") && !(file in "hw/core/bus.c")@
expression errp;
expression dev;
symbol true;
@@
-object_property_set_bool(OBJECT(dev), true, "realized", errp);
+qdev_realize(DEVICE(dev), NULL, errp);

@ depends on !(file in "hw/core/qdev.c") && !(file in "hw/core/bus.c")@
expression errp;
expression dev;
symbol true;
@@
-object_property_set_bool(dev, true, "realized", errp);
+qdev_realize(DEVICE(dev), NULL, errp);

Note that Coccinelle chokes on ARMSSE typedef vs. macro in
hw/arm/armsse.c.  Worked around by temporarily renaming the macro for
the spatch run.

Signed-off-by: Markus Armbruster 
Acked-by: Alistair Francis 
---
 hw/arm/allwinner-a10.c   |  2 +-
 hw/arm/allwinner-h3.c|  2 +-
 hw/arm/armsse.c  | 20 ++-
 hw/arm/armv7m.c  |  2 +-
 hw/arm/aspeed.c  |  3 +--
 hw/arm/aspeed_ast2600.c  |  2 +-
 hw/arm/aspeed_soc.c  |  2 +-
 hw/arm/bcm2836.c |  3 +--
 hw/arm/cubieboard.c  |  2 +-
 hw/arm/digic.c   |  2 +-
 hw/arm/digic_boards.c|  2 +-
 hw/arm/exynos4210.c  |  4 +--
 hw/arm/fsl-imx25.c   |  2 +-
 hw/arm/fsl-imx31.c   |  2 +-
 hw/arm/fsl-imx6.c|  2 +-
 hw/arm/fsl-imx6ul.c  |  3 +--
 hw/arm/fsl-imx7.c|  2 +-
 hw/arm/highbank.c|  2 +-
 hw/arm/imx25_pdk.c   |  2 +-
 hw/arm/integratorcp.c|  2 +-
 hw/arm/kzm.c |  2 +-
 hw/arm/mcimx6ul-evk.c|  2 +-
 hw/arm/mcimx7d-sabre.c   |  2 +-
 hw/arm/mps2-tz.c |  9 +++
 hw/arm/mps2.c|  7 +++---
 hw/arm/musca.c   |  6 ++---
 hw/arm/orangepi.c|  2 +-
 hw/arm/raspi.c   |  2 +-
 hw/arm/realview.c|  2 +-
 hw/arm/sabrelite.c   |  2 +-
 hw/arm/sbsa-ref.c|  2 +-
 hw/arm/stm32f205_soc.c   |  2 +-
 hw/arm/stm32f405_soc.c   |  2 +-
 hw/arm/versatilepb.c |  2 +-
 hw/arm/vexpress.c|  2 +-
 hw/arm/virt.c|  2 +-
 hw/arm/xilinx_zynq.c |  2 +-
 hw/arm/xlnx-versal.c |  2 +-
 hw/arm/xlnx-zcu102.c |  2 +-
 hw/arm/xlnx-zynqmp.c | 10 +++-
 hw/block/nand.c  |  2 +-
 hw/char/serial-isa.c |  2 +-
 hw/char/serial-pci-multi.c   |  2 +-
 hw/char/serial-pci.c |  2 +-
 hw/char/serial.c |  4 +--
 hw/core/cpu.c|  2 +-
 hw/hyperv/hyperv.c   |  2 +-
 hw/i386/x86.c|  2 +-
 hw/ide/microdrive.c  |  3 ++-
 hw/intc/pnv_xive.c   |  4 +--
 hw/intc/spapr_xive.c |  4 +--
 hw/intc/xics.c   |  2 +-
 hw/intc/xive.c   |  2 +-
 hw/microblaze/petalogix_ml605_mmu.c  |  2 +-
 hw/microblaze/petalogix_s3adsp1800_mmu.c |  2 +-
 hw/microblaze/xlnx-zynqmp-pmu.c  |  4 +--
 hw/pci-host/pnv_phb3.c   |  6 ++---
 hw/pci-host/pnv_phb4.c   |  2 +-
 hw/pci-host/pnv_phb4_pec.c   |  2 +-
 hw/pci-host/prep.c   |  3 +--
 hw/ppc/pnv.c | 32 ++--
 hw/ppc/pnv_bmc.c |  2 +-
 hw/ppc/pnv_core.c|  2 +-
 hw/ppc/pnv_psi.c |  4 +--
 hw/ppc/spapr.c   |  5 ++--
 hw/ppc/spapr_cpu_core.c  |  2 +-
 hw/ppc/spapr_drc.c   |  2 +-
 hw/ppc/spapr_iommu.c |  2 +-
 hw/ppc/spapr_irq.c   |  2 +-
 hw/riscv/riscv_hart.c|  3 +--
 hw/riscv/sifive_e.c  |  3 +--
 hw/riscv/sifive_u.c  |  9 +++
 hw/s390x/s390-skeys.c|  2 +-
 hw/s390x/s390-stattrib.c |  2 +-
 hw/s390x/s390-virtio-ccw.c   |  4 +--
 hw/s390x/sclp.c  |  2 +-
 hw/s390x/tod.c   |  2 +-
 target/i386/cpu.c|  3 +--
 tests/test-qdev-global-props.c  

Re: [PATCH v2 00/58] qdev: Rework how we plug into the parent bus

[Markus Armbruster]

Markus Armbruster  writes:

> Paolo recently suggested "to move the bus argument (and thus
> qdev_set_parent_bus) to qdev_init"[1], and that it "would be quite
> large but hopefully scriptable"[2].  Nerd sniped!
>
> The series is big, but at least the bigger patches are all mechanical.
>
> It is based on my "[PATCH 00/24] Fixes around device realization".

On "[PATCH v2 00/24] Fixes around device realization", of course.

Based-on: <20200528110444.20456-1-arm...@redhat.com>

[...]

[PATCH v2 58/58] MAINTAINERS: Make section QOM cover hw/core/*bus.c as well

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 MAINTAINERS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index bb9861f33b..e6957dac1a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2279,6 +2279,8 @@ R: Eduardo Habkost 
 S: Supported
 F: docs/qdev-device-use.txt
 F: hw/core/qdev*
+F: hw/core/bus.c
+F: hw/core/sysbus.c
 F: include/hw/qdev*
 F: include/monitor/qdev.h
 F: include/qom/
-- 
2.21.3

Re: [Libguestfs] Provide NBD via Browser over Websockets

[Eric Blake]

On 5/29/20 8:50 AM, Daniel P. Berrangé wrote:


(2) You need to persuade qemu's NBD client to read from a WebSocket.
I didn't really know anything about WebSockets until today but it
seems as if they are a full-duplex protocol layered on top of HTTP [a].
Is there a WebSocket proxy that turns WS into plain TCP (a bit like
stunnel)?  Google suggests [b].

[a] https://en.wikipedia.org/wiki/WebSocket#Protocol_handshake
[b] https://github.com/novnc/websockify


qemu already knows how to connect as a client to websockets; Dan Berrange
knows more about that setup.  I suspect it would not be too difficult to
teach the qemu NBD client code to use a WebSocket instead of a Unix or TCP
socket as its data source.


Actually the inverse. The QIOChannelWebsocket impl is only the server
side of the problem, as used by QEMU's VNC server. We've never implemented
the client side. There is nothing especially stopping us doing that - just
needs someone motivated with time to work on it.


In the meantime, you may still be able to set up something like:

local machine:
iso -> NBD server -> Unix socket -> websockify -> WebSocket

remote machine:
WebSocket -> websockify -> Unix socket -> qemu NBD client

Adding websocket client support into qemu would reduce the length of the 
chain slightly (for less data copying) by getting rid of a websockify 
proxy middleman, but would not necessarily improve performance (it's 
hard to say where the latency bottlenecks will be in the chain).


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

[RFC v3 2/8] vhost_net: use the function qemu_get_peer

[Cindy Lu]

user the qemu_get_peer to replace the old process

Signed-off-by: Cindy Lu 
---
 hw/net/vhost_net.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 6b82803fa7..d1d421e3d9 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -306,7 +306,9 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
 BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev)));
 VirtioBusState *vbus = VIRTIO_BUS(qbus);
 VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus);
+struct vhost_net *net;
 int r, e, i;
+NetClientState *peer;
 
 if (!k->set_guest_notifiers) {
 error_report("binding does not support guest notifiers");
@@ -314,9 +316,9 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
 }
 
 for (i = 0; i < total_queues; i++) {
-struct vhost_net *net;
 
-net = get_vhost_net(ncs[i].peer);
+peer = qemu_get_peer(ncs, i);
+net = get_vhost_net(peer);
 vhost_net_set_vq_index(net, i * 2);
 
 /* Suppress the masking guest notifiers on vhost user
@@ -335,7 +337,8 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
 }
 
 for (i = 0; i < total_queues; i++) {
-r = vhost_net_start_one(get_vhost_net(ncs[i].peer), dev);
+peer = qemu_get_peer(ncs, i);
+r = vhost_net_start_one(get_vhost_net(peer), dev);
 
 if (r < 0) {
 goto err_start;
@@ -343,7 +346,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
 
 if (ncs[i].peer->vring_enable) {
 /* restore vring enable state */
-r = vhost_set_vring_enable(ncs[i].peer, ncs[i].peer->vring_enable);
+r = vhost_set_vring_enable(peer, peer->vring_enable);
 
 if (r < 0) {
 goto err_start;
@@ -355,7 +358,8 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
 
 err_start:
 while (--i >= 0) {
-vhost_net_stop_one(get_vhost_net(ncs[i].peer), dev);
+peer = qemu_get_peer(ncs , i);
+vhost_net_stop_one(get_vhost_net(peer), dev);
 }
 e = k->set_guest_notifiers(qbus->parent, total_queues * 2, false);
 if (e < 0) {
-- 
2.21.1

[RFC v3 5/8] vhost: introduce vhost_set_vring_ready method

[Cindy Lu]

From: Jason Wang 

Vhost-vdpa introduces VHOST_VDPA_SET_VRING_ENABLE which complies the
semantic of queue_enable defined in virtio spec. This method can be
used for preventing device from executing request for a specific
virtqueue. This patch introduces the vhost_ops for this.

Note that, we've already had vhost_set_vring_enable which has different
semantic which allows to enable or disable a specific virtqueue for
some kinds of vhost backends. E.g vhost-user use this to changes the
number of active queue pairs.

Signed-off-by: Jason Wang 
---
 hw/net/vhost_net-stub.c |  4 
 hw/net/vhost_net.c  | 11 ++-
 include/net/vhost_net.h |  1 +
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/hw/net/vhost_net-stub.c b/hw/net/vhost_net-stub.c
index aac0e98228..43e93e1a9a 100644
--- a/hw/net/vhost_net-stub.c
+++ b/hw/net/vhost_net-stub.c
@@ -86,6 +86,10 @@ int vhost_set_vring_enable(NetClientState *nc, int enable)
 return 0;
 }
 
+int vhost_set_vring_ready(NetClientState *nc)
+{
+return 0;
+}
 int vhost_net_set_mtu(struct vhost_net *net, uint16_t mtu)
 {
 return 0;
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index d1d421e3d9..e2bc7de2eb 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -344,7 +344,7 @@ int vhost_net_start(VirtIODevice *dev, NetClientState *ncs,
 goto err_start;
 }
 
-if (ncs[i].peer->vring_enable) {
+if (peer->vring_enable) {
 /* restore vring enable state */
 r = vhost_set_vring_enable(peer, peer->vring_enable);
 
@@ -455,6 +455,15 @@ int vhost_set_vring_enable(NetClientState *nc, int enable)
 return 0;
 }
 
+int vhost_set_vring_ready(NetClientState *nc)
+{
+VHostNetState *net = get_vhost_net(nc);
+const VhostOps *vhost_ops = net->dev.vhost_ops;
+if (vhost_ops && vhost_ops->vhost_set_vring_ready) {
+return vhost_ops->vhost_set_vring_ready(>dev);
+}
+return 0;
+}
 int vhost_net_set_mtu(struct vhost_net *net, uint16_t mtu)
 {
 const VhostOps *vhost_ops = net->dev.vhost_ops;
diff --git a/include/net/vhost_net.h b/include/net/vhost_net.h
index 77e47398c4..8a6f208189 100644
--- a/include/net/vhost_net.h
+++ b/include/net/vhost_net.h
@@ -35,6 +35,7 @@ int vhost_net_notify_migration_done(VHostNetState *net, char* 
mac_addr);
 VHostNetState *get_vhost_net(NetClientState *nc);
 
 int vhost_set_vring_enable(NetClientState * nc, int enable);
+int vhost_set_vring_ready(NetClientState *nc);
 
 uint64_t vhost_net_get_acked_features(VHostNetState *net);
 
-- 
2.21.1

[RFC v3 4/8] virtio-pci: implement queue_enabled method

[Cindy Lu]

From: Jason Wang 

With version 1, we can detect whether a queue is enabled via
queue_enabled.

Signed-off-by: Jason Wang 
---
 hw/virtio/virtio-pci.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 4cb784389c..2c82ed5246 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1107,6 +1107,18 @@ static AddressSpace *virtio_pci_get_dma_as(DeviceState 
*d)
 return pci_get_address_space(dev);
 }
 
+static bool virtio_pci_queue_enabled(DeviceState *d, int n)
+{
+VirtIOPCIProxy *proxy = VIRTIO_PCI(d);
+VirtIODevice *vdev = virtio_bus_get_device(>bus);
+
+if (virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1)) {
+return proxy->vqs[vdev->queue_sel].enabled;
+}
+
+return virtio_queue_get_desc_addr(vdev, n) != 0;
+}
+
 static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy,
struct virtio_pci_cap *cap)
 {
@@ -2059,6 +2071,7 @@ static void virtio_pci_bus_class_init(ObjectClass *klass, 
void *data)
 k->ioeventfd_enabled = virtio_pci_ioeventfd_enabled;
 k->ioeventfd_assign = virtio_pci_ioeventfd_assign;
 k->get_dma_as = virtio_pci_get_dma_as;
+k->queue_enabled = virtio_pci_queue_enabled;
 }
 
 static const TypeInfo virtio_pci_bus_info = {
-- 
2.21.1

Re: [PATCH v7 32/32] iotests: Add tests for qcow2 images with extended L2 entries

[Eric Blake]

On 5/29/20 10:07 AM, Alberto Garcia wrote:

On Wed 27 May 2020 08:30:06 PM CEST, Eric Blake wrote:

+offset=$(($offset + 8))
+bitmap=`peek_file_be "$TEST_IMG" $offset 8`
+
+expected_bitmap=0
+for bit in $expected_alloc; do
+expected_bitmap=$(($expected_bitmap | (1 << $bit)))
+done
+for bit in $expected_zero; do
+expected_bitmap=$(($expected_bitmap | (1 << (32 + $bit
+done
+expected_bitmap=`printf "%llu" $expected_bitmap`


Dead statement - expected_bitmap is already a 64-bit decimal number
without reprinting it to itself.


Not quite... it seems that simply expanding the variable treats the
value as signed so echo $((1 << 63)) returns INT64_MIN. The printf call
makes it unsigned,


Ah, yes, then that makes sense.  Still, you could shave a fork or 
comment the action by doing:


printf -v expected_bitmap %llu $expected_bitmap # convert to unsigned


but even though I tried that in a 32-bit system and
it works now I'm actually wondering about the portability of the whole
thing.


Bash supports 64-bit numbers even on 32-bit platforms, and has done for 
years.  Since we are running the test only under bash, that's all the 
more we have to worry about.




Looking at the source it seems that bash uses intmax_t:

https://git.savannah.gnu.org/cgit/bash.git/tree/variables.h?h=bash-5.0#n68

But if this is a problem then peek_file_* would also be affected, it
also uses printf %llu and a few iotests are already reading 64bit values
(grep 'peek_file_.* 8').


In cases where a negative number is read but the 64-bit pattern is the 
same, it doesn't matter; but here, you are using it for output, and so 
you do want the unsigned representation instead of bash's default signed 
representation.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Re: [PATCH 3/3] numa: Initialize node initiator with respect to .has_cpu

[Michal Privoznik]

On 5/29/20 5:09 PM, Igor Mammedov wrote:

On Fri, 29 May 2020 15:33:48 +0200
Michal Privoznik  wrote:


The initiator attribute of a NUMA node is documented as the 'NUMA
node that has best performance to given NUMA node'. If a NUMA
node has at least one CPU there can hardly be a different node
with better performace and thus all NUMA nodes which have a CPU
are initiators to themselves. Reflect this fact when initializing
the attribute.


It is not true in case of the node is memory-less


Ah, so the node has CPUs only then? Okay, right now my libvirt patches 
don't allow that, but formatting initator for all NUMA nodes should be 
trivial.


Michal

Re: [PATCH 5/5] virtio: enable VIRTIO_F_RING_PACKED for all devices

[Stefan Hajnoczi]

On Fri, May 29, 2020 at 03:15:59PM +0800, Jason Wang wrote:
> 
> On 2020/5/23 上午1:17, Stefan Hajnoczi wrote:
> > The packed virtqueue layout was introduced in VIRTIO 1.1. It is a single
> > ring instead of a split avail/used ring design. There are CPU cache
> > advantages to this layout and it is also suited better to hardware
> > implementation.
> > 
> > The vhost-net backend has already supported packed virtqueues for some
> > time. Performance benchmarks show that virtio-blk performance on NVMe
> > drives is also improved.
> > 
> > Go ahead and enable this feature for all VIRTIO devices. Keep it
> > disabled for QEMU 5.0 and earlier machine types.
> > 
> > Signed-off-by: Stefan Hajnoczi 
> > ---
> >   include/hw/virtio/virtio.h |  2 +-
> >   hw/core/machine.c  | 18 +-
> >   2 files changed, 18 insertions(+), 2 deletions(-)
> > 
> > diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
> > index b69d517496..fd5b4a2044 100644
> > --- a/include/hw/virtio/virtio.h
> > +++ b/include/hw/virtio/virtio.h
> > @@ -292,7 +292,7 @@ typedef struct VirtIORNGConf VirtIORNGConf;
> >   DEFINE_PROP_BIT64("iommu_platform", _state, _field, \
> > VIRTIO_F_IOMMU_PLATFORM, false), \
> >   DEFINE_PROP_BIT64("packed", _state, _field, \
> > -  VIRTIO_F_RING_PACKED, false)
> > +  VIRTIO_F_RING_PACKED, true)
> >   hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n);
> >   bool virtio_queue_enabled(VirtIODevice *vdev, int n);
> > diff --git a/hw/core/machine.c b/hw/core/machine.c
> > index bb3a7b18b1..3598c3c825 100644
> > --- a/hw/core/machine.c
> > +++ b/hw/core/machine.c
> > @@ -28,7 +28,23 @@
> >   #include "hw/mem/nvdimm.h"
> >   #include "migration/vmstate.h"
> > -GlobalProperty hw_compat_5_0[] = {};
> > +GlobalProperty hw_compat_5_0[] = {
> > +{ "vhost-user-blk", "packed", "off" },
> > +{ "vhost-user-fs-device", "packed", "off" },
> > +{ "vhost-vsock-device", "packed", "off" },
> > +{ "virtio-9p-device", "packed", "off" },
> > +{ "virtio-balloon-device", "packed", "off" },
> > +{ "virtio-blk-device", "packed", "off" },
> > +{ "virtio-crypto-device", "packed", "off" },
> > +{ "virtio-gpu-device", "packed", "off" },
> > +{ "virtio-input-device", "packed", "off" },
> > +{ "virtio-iommu-device", "packed", "off" },
> > +{ "virtio-net-device", "packed", "off" },
> > +{ "virtio-pmem", "packed", "off" },
> > +{ "virtio-rng-device", "packed", "off" },
> > +{ "virtio-scsi-common", "packed", "off" },
> > +{ "virtio-serial-device", "packed", "off" },
> 
> 
> Missing "vhost-user-gpu" here?

Thanks, you're right.

I'll see if virtio-gpu-base works. If not it will be necessary to add
all the derived classes. The same is true for virtio-scsi-common, I'd
better check it works correctly!

Stefan


signature.asc
Description: PGP signature

RE: [Bug 1881231] Re: colo: Can not recover colo after svm failover twice

[Zhang, Chen]

Hi Ye,

Thank you for your test and report, I will try to fix this issue.

Thanks
Zhang Chen

> -Original Message-
> From: Qemu-devel  bounces+chen.zhang=intel@nongnu.org> On Behalf Of ye.zou
> Sent: Friday, May 29, 2020 5:47 PM
> To: qemu-devel@nongnu.org
> Subject: [Bug 1881231] Re: colo: Can not recover colo after svm failover twice
> 
> In step 3 I used following commands:
> on primary vm console:
> {"execute": "drive-mirror", "arguments":{ "device": "colo-disk0", "job-id":
> "resync", "target": "nbd://169.254.66.10:/parent0", "mode":
> "existing","format":"raw","sync":"full"} }
> 
> // till the job ready
> { "execute": "query-block-jobs" }
> 
> {"execute": "stop"}
> {"execute": "block-job-cancel", "arguments":{ "device": "resync"} }
> 
> {'execute': 'human-monitor-command', 'arguments': {'command-line':
> 'drive_add -n buddy
> driver=replication,mode=primary,file.driver=nbd,file.host=169.254.66.10,file.
> port=,file.export=parent0,node-name=replication0'}}
> {'execute': 'x-blockdev-change', 'arguments':{'parent': 'colo-disk0', 'node':
> 'replication0' } }
> {'execute': 'migrate-set-capabilities', 'arguments': {'capabilities': [ 
> {'capability':
> 'x-colo', 'state': true } ] } }
> {'execute': 'migrate', 'arguments': {'uri': 'tcp:169.254.66.10:9998' } }
> { "execute": "migrate-set-parameters" , "arguments":{ "x-checkpoint-delay":
> 1 } }
> 
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1881231
> 
> Title:
>   colo: Can not  recover colo after svm failover twice
> 
> Status in QEMU:
>   New
> 
> Bug description:
>   Hi Expert,
>   x-blockdev-change met some error, during testing colo
> 
>   Host os:
>   CentOS Linux release 7.6.1810 (Core)
> 
>   Reproduce steps:
>   1. create colo vm following
> https://github.com/qemu/qemu/blob/master/docs/COLO-FT.txt
>   2. kill secondary vm and remove the nbd child from the quorum to wait for
> recover
> type those commands on primary vm console:
> { 'execute': 'x-blockdev-change', 'arguments': {'parent': 'colo-disk0', 
> 'child':
> 'children.1'}}
> { 'execute': 'human-monitor-command','arguments': {'command-line':
> 'drive_del replication0'}}
> { 'execute': 'x-colo-lost-heartbeat'}
>   3. recover colo
>   4. kill secondary vm again after recover colo and type same commands as
> step 2:
> { 'execute': 'x-blockdev-change', 'arguments': {'parent': 'colo-disk0', 
> 'child':
> 'children.1'}}
> { 'execute': 'human-monitor-command','arguments': {'command-line':
> 'drive_del replication0'}}
> { 'execute': 'x-colo-lost-heartbeat'}
> but the first command got error
> { 'execute': 'x-blockdev-change', 'arguments': {'parent': 'colo-disk0', 
> 'child':
> 'children.1'}}
>   {"error": {"class": "GenericError", "desc": "Node 'colo-disk0' does not have
> child 'children.1'"}}
> 
>   according to https://www.qemu.org/docs/master/qemu-qmp-ref.html
>   Command: x-blockdev-change
>   Dynamically reconfigure the block driver state graph. It can be used to add,
> remove, insert or replace a graph node. Currently only the Quorum driver
> implements this feature to add or remove its child. This is useful to fix a
> broken quorum child.
> 
>   It seems x-blockdev-change not worked as expected.
> 
>   Thanks.
> 
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1881231/+subscriptions

Re: [PATCH v7 28/32] qcow2: Add subcluster support to qcow2_co_pwrite_zeroes()

[Alberto Garcia]

On Thu 28 May 2020 09:11:07 PM CEST, Eric Blake wrote:
>> I think the problem also exists in the current code (without my
>> patches). If you zeroize 10 clusters and the last one is compressed
>> you have to repeat the request after having zeroized 9 clusters.
>
> Hmm. In the pre-patch code, qcow2_co_pwrite_zeroes() calls
> qcow2_cluster_zeroize() which can fail with -ENOTSUP up front, but not
> after the fact.  Once it starts the while loop over clusters, its use
> of zero_in_l2_slice() handles compressed clusters just fine;

You're right, complete compressed clusters can always be handled, the
problem is just when there's subclusters.

> But isn't this something we could solve recursively?  Instead of
> returning -ENOTSUP, we could have zero_in_l2_slice() call
> bdrv_pwrite_zeroes() on the (sub-)clusters associated with a
> compressed cluster.

I suppose we could, as long as BDRV_REQ_NO_FALLBACK is not used.

Berto

[PATCH] libvhost-user: advertise vring features

[Stefan Hajnoczi]

libvhost-user implements several vring features without advertising
them. There is no way for the vhost-user master to detect support for
these features.

Things more or less work today because QEMU assumes the vhost-user
backend always implements certain feature bits like
VIRTIO_RING_F_EVENT_IDX. This is not documented anywhere.

This patch explicitly advertises features implemented in libvhost-user
so that the vhost-user master does not need to make undocumented
assumptions.

Feature bits that libvhost-user now advertises can be removed from
vhost-user-blk.c. Devices should not be responsible for advertising
vring feature bits, that is libvhost-user's job.

Cc: Marc-André Lureau 
Cc: Jason Wang 
Cc: Michael S. Tsirkin 
Signed-off-by: Stefan Hajnoczi 
---
I have tested make check and virtiofsd.
---
 contrib/libvhost-user/libvhost-user.c   | 10 ++
 contrib/vhost-user-blk/vhost-user-blk.c |  4 +---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/contrib/libvhost-user/libvhost-user.c 
b/contrib/libvhost-user/libvhost-user.c
index 3bca996c62..b43874ba12 100644
--- a/contrib/libvhost-user/libvhost-user.c
+++ b/contrib/libvhost-user/libvhost-user.c
@@ -495,6 +495,16 @@ static bool
 vu_get_features_exec(VuDev *dev, VhostUserMsg *vmsg)
 {
 vmsg->payload.u64 =
+/*
+ * The following VIRTIO feature bits are supported by our virtqueue
+ * implementation:
+ */
+1ULL << VIRTIO_F_NOTIFY_ON_EMPTY |
+1ULL << VIRTIO_RING_F_INDIRECT_DESC |
+1ULL << VIRTIO_RING_F_EVENT_IDX |
+1ULL << VIRTIO_F_VERSION_1 |
+
+/* vhost-user feature bits */
 1ULL << VHOST_F_LOG_ALL |
 1ULL << VHOST_USER_F_PROTOCOL_FEATURES;
 
diff --git a/contrib/vhost-user-blk/vhost-user-blk.c 
b/contrib/vhost-user-blk/vhost-user-blk.c
index 6fd91c7e99..25eccd02b5 100644
--- a/contrib/vhost-user-blk/vhost-user-blk.c
+++ b/contrib/vhost-user-blk/vhost-user-blk.c
@@ -382,9 +382,7 @@ vub_get_features(VuDev *dev)
1ull << VIRTIO_BLK_F_DISCARD |
1ull << VIRTIO_BLK_F_WRITE_ZEROES |
#endif
-   1ull << VIRTIO_BLK_F_CONFIG_WCE |
-   1ull << VIRTIO_F_VERSION_1 |
-   1ull << VHOST_USER_F_PROTOCOL_FEATURES;
+   1ull << VIRTIO_BLK_F_CONFIG_WCE;
 
 if (vdev_blk->enable_ro) {
 features |= 1ull << VIRTIO_BLK_F_RO;
-- 
2.25.4

Re: [PATCH] or1k: Fix compilation hiccup

[Christophe de Dinechin]

On 2020-05-26 at 20:51 CEST, Eric Blake wrote...
> On my Fedora 32 machine, gcc 10.1.1 at -O2 (the default for a bare
> './configure') has a false-positive complaint:
>
>   CC  or1k-softmmu/hw/openrisc/openrisc_sim.o
> /home/eblake/qemu/hw/openrisc/openrisc_sim.c: In function ‘openrisc_sim_init’:
> /home/eblake/qemu/hw/openrisc/openrisc_sim.c:87:42: error: ‘cpu_irqs[0]’ may 
> be used uninitialized in this function [-Werror=maybe-uninitialized]
>87 | sysbus_connect_irq(s, i, cpu_irqs[i][irq_pin]);
>   |  ^~~
>
> Initializing both pointers of cpu_irqs[] to NULL is sufficient to shut
> up the compiler, even though they are definitely assigned in
> openrisc_sim_init() prior to the inlined call to
> openrisc_sim_ompic_init() containing the line in question.
>
> Signed-off-by: Eric Blake 
> ---
>  hw/openrisc/openrisc_sim.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
> index d08ce6181199..95011a8015b4 100644
> --- a/hw/openrisc/openrisc_sim.c
> +++ b/hw/openrisc/openrisc_sim.c
> @@ -129,7 +129,7 @@ static void openrisc_sim_init(MachineState *machine)
>  const char *kernel_filename = machine->kernel_filename;
>  OpenRISCCPU *cpu = NULL;
>  MemoryRegion *ram;
> -qemu_irq *cpu_irqs[2];
> +qemu_irq *cpu_irqs[2] = {};

Why is the value [2] correct here? The loop that initializes loops over
machine->smp.cpus. Is it always less than 2 on this machine?


>  qemu_irq serial_irq;
>  int n;
>  unsigned int smp_cpus = machine->smp.cpus;


--
Cheers,
Christophe de Dinechin (IRC c3d)

Re: [PULL 00/21] Vga 20200528 patches

[Peter Maydell]

On Fri, 29 May 2020 at 17:15, Philippe Mathieu-Daudé  wrote:
> On 5/29/20 12:29 PM, Peter Maydell wrote:
> > Could somebody send a followup patch to fix the indentation
> > error checkpatch notices, please?
>
> If this is part of your scripts, this is a nice feature :)

No, I just noticed the patchew email.

> >
> > 5/21 Checking commit 97f369f2479d (hw/display/cirrus_vga: Use
> > qemu_log_mask(ERROR) instead of debug printf)
> > ERROR: suspect code indent for conditional statements (16, 12)
> > #34: FILE: hw/display/cirrus_vga.c:1038:
> > if (s->cirrus_blt_pixelwidth > 2) {
> > +qemu_log_mask(LOG_GUEST_ERROR,
>
> I explained on the patches:
>
>   False positive.

The code is
if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
if (s->cirrus_blt_pixelwidth > 2) {
qemu_log_mask(LOG_GUEST_ERROR,
  "cirrus: src transparent without colorexpand "
  "must be 8bpp or 16bpp\n");
goto bitblt_ignore;
}

checkpatch seems correct; the qemu_log_mask line is misindented,
and looking at the commit this is a misindent introduced in
commit 2b55f4d3504a9f34 "hw/display/cirrus_vga: Use
qemu_log_mask(ERROR) instead of debug printf". The old
fprintf() line was using indent of tab+tab+4 spaces, but
the new qemu_log_mask line is indented by 12 spaces, not 20.
(Tabs are always 8 spaces equivalent.)

Some days I wonder whether we should just do a bulk detabify
of the QEMU sources.

thanks
-- PMM

Re: [PATCH 2/3] numa: Allow HMAT cache to be defined before HMAT latency/bandwidth

[Michal Privoznik]

On 5/29/20 4:59 PM, Igor Mammedov wrote:

On Fri, 29 May 2020 15:33:47 +0200
Michal Privoznik  wrote:


Currently, when defining a HMAT cache for a NUMA node (in
parse_numa_hmat_cache()) there is this check that forces users to
define HMAT latency/bandwidth first. There is no real need for
this, because nothing in the parse function relies on that and
the HMAT table is constructed way later - when ACPI table is
constructed.


see comment in
   https://lists.gnu.org/archive/html/qemu-devel/2019-11/msg01206.html

in short doing check at this time allow us not to have more complex
check later on.

perhaps it needs a comment so that later it won't be dropped by accident


Fair enough. Discard this one then and I will post a patch that document 
this.


Michal

Re: [PATCH v3 1/2] PCI: vmd: Filter resource type bits from shadow register

[Derrick, Jonathan]

On Fri, 2020-05-29 at 11:33 +0100, Lorenzo Pieralisi wrote:
> On Wed, May 27, 2020 at 11:02:39PM -0400, Jon Derrick wrote:
> > Versions of VMD with the Host Physical Address shadow register use this
> > register to calculate the bus address offset needed to do guest
> > passthrough of the domain. This register shadows the Host Physical
> > Address registers including the resource type bits. After calculating
> > the offset, the extra resource type bits lead to the VMD resources being
> > over-provisioned at the front and under-provisioned at the back.
> > 
> > Example:
> > pci 1:80:02.0: reg 0x10: [mem 0xf801fffc-0xf803fffb 64bit]
> > 
> > Expected:
> > pci 1:80:02.0: reg 0x10: [mem 0xf802-0xf803 64bit]
> > 
> > If other devices are mapped in the over-provisioned front, it could lead
> > to resource conflict issues with VMD or those devices.
> > 
> > Fixes: a1a30170138c9 ("PCI: vmd: Fix shadow offsets to reflect spec 
> > changes")
> > Signed-off-by: Jon Derrick 
> > ---
> >  drivers/pci/controller/vmd.c | 6 --
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> Hi Jon,
> 
> it looks like I can take this patch for v5.8 whereas patch 2 depends
> on the QEMU changes acceptance and should probably wait.
> 
> Please let me know your thoughts asap and I will try to at least
> squeeze this patch in.
> 
> Lorenzo

Hi Lorenzo,

This is fine. Please take Patch 1.
Patch 2 is harmless without the QEMU changes, but may always need a
different approach.

Best,
jon


> 
> > diff --git a/drivers/pci/controller/vmd.c b/drivers/pci/controller/vmd.c
> > index dac91d6..e386d4e 100644
> > --- a/drivers/pci/controller/vmd.c
> > +++ b/drivers/pci/controller/vmd.c
> > @@ -445,9 +445,11 @@ static int vmd_enable_domain(struct vmd_dev *vmd, 
> > unsigned long features)
> > if (!membar2)
> > return -ENOMEM;
> > offset[0] = vmd->dev->resource[VMD_MEMBAR1].start -
> > -   readq(membar2 + MB2_SHADOW_OFFSET);
> > +   (readq(membar2 + MB2_SHADOW_OFFSET) &
> > +PCI_BASE_ADDRESS_MEM_MASK);
> > offset[1] = vmd->dev->resource[VMD_MEMBAR2].start -
> > -   readq(membar2 + MB2_SHADOW_OFFSET + 8);
> > +   (readq(membar2 + MB2_SHADOW_OFFSET + 8) 
> > &
> > +PCI_BASE_ADDRESS_MEM_MASK);
> > pci_iounmap(vmd->dev, membar2);
> > }
> > }
> > -- 
> > 1.8.3.1
> > 

Re: [PULL 00/21] Vga 20200528 patches

[Philippe Mathieu-Daudé]

Hi Peter,

On 5/29/20 12:29 PM, Peter Maydell wrote:
> On Thu, 28 May 2020 at 13:36, Gerd Hoffmann  wrote:
>>
>> The following changes since commit 06539ebc76b8625587aa78d646a9d8d5fddf84f3:
>>
>>   Merge remote-tracking branch 
>> 'remotes/philmd-gitlab/tags/mips-hw-next-20200526' into staging (2020-05-26 
>> 20:25:06 +0100)
>>
>> are available in the Git repository at:
>>
>>   git://git.kraxel.org/qemu tags/vga-20200528-pull-request
>>
>> for you to fetch changes up to fa0013a1bc5f6011a1017e0e655740403ed9:
>>
>>   sm501: Remove obsolete changelog and todo comment (2020-05-28 11:38:57 
>> +0200)
>>
>> 
>> hw/dispaly/sm501: bugfixes, add sanity checks.
>> hw/display: use tracepoints, misc cleanups.
>>
> 
> 
> Applied, thanks.
> 
> Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
> for any user-visible changes.
> 
> Could somebody send a followup patch to fix the indentation
> error checkpatch notices, please?

If this is part of your scripts, this is a nice feature :)

> 
> 5/21 Checking commit 97f369f2479d (hw/display/cirrus_vga: Use
> qemu_log_mask(ERROR) instead of debug printf)
> ERROR: suspect code indent for conditional statements (16, 12)
> #34: FILE: hw/display/cirrus_vga.c:1038:
> if (s->cirrus_blt_pixelwidth > 2) {
> +qemu_log_mask(LOG_GUEST_ERROR,

I explained on the patches:

  False positive.
  Checkpatch is confused by the mis-indented code
  previous to this line.

https://www.mail-archive.com/qemu-devel@nongnu.org/msg706364.html

> 
> -- PMM
> 

Re: [PULL 00/21] Vga 20200528 patches

[Philippe Mathieu-Daudé]

On 5/29/20 6:36 PM, Peter Maydell wrote:
> On Fri, 29 May 2020 at 17:15, Philippe Mathieu-Daudé  wrote:
>> On 5/29/20 12:29 PM, Peter Maydell wrote:
>>> Could somebody send a followup patch to fix the indentation
>>> error checkpatch notices, please?
>>
>> If this is part of your scripts, this is a nice feature :)
> 
> No, I just noticed the patchew email.
> 
>>>
>>> 5/21 Checking commit 97f369f2479d (hw/display/cirrus_vga: Use
>>> qemu_log_mask(ERROR) instead of debug printf)
>>> ERROR: suspect code indent for conditional statements (16, 12)
>>> #34: FILE: hw/display/cirrus_vga.c:1038:
>>> if (s->cirrus_blt_pixelwidth > 2) {
>>> +qemu_log_mask(LOG_GUEST_ERROR,
>>
>> I explained on the patches:
>>
>>   False positive.
> 
> The code is
> if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
> if (s->cirrus_blt_pixelwidth > 2) {
> qemu_log_mask(LOG_GUEST_ERROR,
>   "cirrus: src transparent without colorexpand "
>   "must be 8bpp or 16bpp\n");
> goto bitblt_ignore;
> }
> 
> checkpatch seems correct; the qemu_log_mask line is misindented,
> and looking at the commit this is a misindent introduced in
> commit 2b55f4d3504a9f34 "hw/display/cirrus_vga: Use
> qemu_log_mask(ERROR) instead of debug printf". The old
> fprintf() line was using indent of tab+tab+4 spaces, but
> the new qemu_log_mask line is indented by 12 spaces, not 20.
> (Tabs are always 8 spaces equivalent.)

OK now I understand, I use "set ts=4 sw=4" in my .vimrc and see this
file completely un-indented (and the qemu_log_mask call well placed).

I'll send a cleanup patch. Sorry and thanks for noticing this.

> 
> Some days I wonder whether we should just do a bulk detabify
> of the QEMU sources.
> 
> thanks
> -- PMM
> 

Re: [PATCH 3/3] numa: Initialize node initiator with respect to .has_cpu

[Igor Mammedov]

On Fri, 29 May 2020 15:33:48 +0200
Michal Privoznik  wrote:

> The initiator attribute of a NUMA node is documented as the 'NUMA
> node that has best performance to given NUMA node'. If a NUMA
> node has at least one CPU there can hardly be a different node
> with better performace and thus all NUMA nodes which have a CPU
> are initiators to themselves. Reflect this fact when initializing
> the attribute.

It is not true in case of the node is memory-less

> Signed-off-by: Michal Privoznik 
> ---
>  hw/core/numa.c | 14 +-
>  1 file changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/core/numa.c b/hw/core/numa.c
> index 338453461c..1c9bc761cc 100644
> --- a/hw/core/numa.c
> +++ b/hw/core/numa.c
> @@ -136,11 +136,15 @@ static void parse_numa_node(MachineState *ms, 
> NumaNodeOptions *node,
>  numa_info[nodenr].node_memdev = MEMORY_BACKEND(o);
>  }
>  
> -/*
> - * If not set the initiator, set it to MAX_NODES. And if
> - * HMAT is enabled and this node has no cpus, QEMU will raise error.
> - */
> -numa_info[nodenr].initiator = MAX_NODES;
> +/* Initialize initiator to either the current NUMA node (if
> + * it has at least one CPU), or to MAX_NODES. If HMAT is
> + * enabled an error will be raised later in
> + * numa_validate_initiator(). */
> +if (numa_info[nodenr].has_cpu)
> +numa_info[nodenr].initiator = nodenr;
> +else
> +numa_info[nodenr].initiator = MAX_NODES;
> +
>  if (node->has_initiator) {
>  if (!ms->numa_state->hmat_enabled) {
>  error_setg(errp, "ACPI Heterogeneous Memory Attribute Table "

Re: [PATCH 2/5] vhost: involve device backends in feature negotiation

[Stefan Hajnoczi]

On Wed, May 27, 2020 at 04:28:41PM +0200, Marc-André Lureau wrote:
> Hi Stefan
> 
> On Fri, May 22, 2020 at 7:18 PM Stefan Hajnoczi  wrote:
> >
> > Many vhost devices in QEMU currently do not involve the device backend
> > in feature negotiation. This seems fine at first glance for device types
> > without their own feature bits (virtio-net has many but other device
> > types have none).
> >
> > This overlooks the fact that QEMU's virtqueue implementation and the
> > device backend's implementation may support different features.  QEMU
> > must not report features to the guest that the the device backend
> > doesn't support.
> >
> > For example, QEMU supports VIRTIO 1.1 packed virtqueues while many
> > existing vhost device backends do not. When the user sets packed=on the
> > device backend breaks. This should have been handled gracefully by
> > feature negotiation instead.
> >
> > Introduce vhost_get_default_features() and update all vhost devices in
> > QEMU to involve the device backend in feature negotiation.
> >
> > This patch fixes the following error:
> >
> >   $ x86_64-softmmu/qemu-system-x86_64 \
> >   -drive if=virtio,file=test.img,format=raw \
> >   -chardev socket,path=/tmp/vhost-user-blk.sock,id=char0 \
> >   -device vhost-user-blk-pci,chardev=char0,packed=on \
> >   -object memory-backend-memfd,size=1G,share=on,id=ram0 \
> >   -M accel=kvm,memory-backend=ram0
> >   qemu-system-x86_64: Failed to set msg fds.
> >   qemu-system-x86_64: vhost VQ 0 ring restore failed: -1: Success (0)
> >
> > The vhost-user-blk backend failed as follows:
> >
> >   $ ./vhost-user-blk --socket-path=/tmp/vhost-user-blk.sock -b test2.img
> >   vu_panic: virtio: zero sized buffers are not allowed
> >   virtio-blk request missing headers
> >
> > Signed-off-by: Stefan Hajnoczi 
> > ---
> >  include/hw/virtio/vhost.h|  1 +
> >  include/hw/virtio/virtio-gpu.h   |  2 ++
> >  include/sysemu/cryptodev-vhost.h | 11 +++
> >  backends/cryptodev-vhost.c   | 19 +++
> >  hw/display/vhost-user-gpu.c  | 17 +
> >  hw/display/virtio-gpu-base.c |  2 +-
> >  hw/input/vhost-user-input.c  |  9 +
> >  hw/virtio/vhost-user-fs.c|  5 +++--
> >  hw/virtio/vhost-vsock.c  |  5 +++--
> >  hw/virtio/vhost.c| 22 ++
> >  hw/virtio/virtio-crypto.c|  3 ++-
> >  11 files changed, 90 insertions(+), 6 deletions(-)
> >
> > diff --git a/include/hw/virtio/vhost.h b/include/hw/virtio/vhost.h
> > index 085450c6f8..d2e54dd4a8 100644
> > --- a/include/hw/virtio/vhost.h
> > +++ b/include/hw/virtio/vhost.h
> > @@ -112,6 +112,7 @@ void vhost_virtqueue_mask(struct vhost_dev *hdev, 
> > VirtIODevice *vdev, int n,
> >bool mask);
> >  uint64_t vhost_get_features(struct vhost_dev *hdev, const int 
> > *feature_bits,
> >  uint64_t features);
> > +uint64_t vhost_get_default_features(struct vhost_dev *hdev, uint64_t 
> > features);
> >  void vhost_ack_features(struct vhost_dev *hdev, const int *feature_bits,
> >  uint64_t features);
> >  bool vhost_has_free_slot(void);
> > diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
> > index 6dd57f2025..41d270d80e 100644
> > --- a/include/hw/virtio/virtio-gpu.h
> > +++ b/include/hw/virtio/virtio-gpu.h
> > @@ -192,6 +192,8 @@ bool virtio_gpu_base_device_realize(DeviceState *qdev,
> >  void virtio_gpu_base_reset(VirtIOGPUBase *g);
> >  void virtio_gpu_base_fill_display_info(VirtIOGPUBase *g,
> >  struct virtio_gpu_resp_display_info *dpy_info);
> > +uint64_t virtio_gpu_base_get_features(VirtIODevice *vdev, uint64_t 
> > features,
> > +  Error **errp);
> >
> >  /* virtio-gpu.c */
> >  void virtio_gpu_ctrl_response(VirtIOGPU *g,
> > diff --git a/include/sysemu/cryptodev-vhost.h 
> > b/include/sysemu/cryptodev-vhost.h
> > index f42824fbde..e629446bfb 100644
> > --- a/include/sysemu/cryptodev-vhost.h
> > +++ b/include/sysemu/cryptodev-vhost.h
> > @@ -122,6 +122,17 @@ int cryptodev_vhost_start(VirtIODevice *dev, int 
> > total_queues);
> >   */
> >  void cryptodev_vhost_stop(VirtIODevice *dev, int total_queues);
> >
> > +/**
> > + * cryptodev_vhost_get_features:
> > + * @dev: the virtio crypto object
> > + * @requested_features: the features being offered
> > + *
> > + * Returns: the requested features bits that are supported by the vhost 
> > device,
> > + * or the original request feature bits if vhost is disabled
> > + *
> > + */
> > +uint64_t cryptodev_vhost_get_features(VirtIODevice *dev, uint64_t 
> > features);
> > +
> >  /**
> >   * cryptodev_vhost_virtqueue_mask:
> >   * @dev: the virtio crypto object
> > diff --git a/backends/cryptodev-vhost.c b/backends/cryptodev-vhost.c
> > index 8337c9a495..5f5a4fda7b 100644
> > --- a/backends/cryptodev-vhost.c
> > +++ b/backends/cryptodev-vhost.c
> > @@ -266,6 +266,20 @@ void 

RE: Re:RE: GDB get wrong debug infos on TI DSP architecture extension

[Taylor Simpson]

To figure out which register gdb is complaining about, you could step through 
the code in gdb or selectively remove parts of the xml file until the error 
goes away.

The unaligned start address sounds like a problem with the executable you are 
trying to debug, not qemu or gdb.

Taylor



From: casmac <1482995...@qq.com>
Sent: Friday, May 29, 2020 2:28 AM
To: Taylor Simpson ; qemu-devel 
Subject: Re:RE: GDB get wrong debug infos on TI DSP architecture extension

Hi,
   Thanks for the hints!! I put "-d 
trace:gdbstub_io_command,trace:gdbstub_io_reply" to command line, get the 
following from QEMU at the beginning when gdb starts, is there anything went 
wrong?

6792@1590734139.390330:gdbstub_io_command
 Received: qSupported:xmlRegisters=tivc33;QNonStop;qRelocInsn+
6792@1590734139.391330:gdbstub_io_reply
 Sent: PacketSize=1000;qXfer:features:read+;multiprocess+
6792@1590734139.391330:gdbstub_io_command
 Received: Hg0
6792@1590734139.392331:gdbstub_io_reply
 Sent: OK
6792@1590734139.392331:gdbstub_io_command
 Received: qXfer:features:read:target.xml:0,ffb
6792@1590734139.393331:gdbstub_io_command
 Received: qXfer:features:read:dsp-vc33-core.xml:0,ffb
6792@1590734139.399331:gdbstub_io_command
 Received: ?
6792@1590734139.399331:gdbstub_io_reply
 Sent: T05thread:01;
6792@1590734139.401331:gdbstub_io_command
 Received: Hc-1
 
6792@1590734139.402331:gdbstub_io_command
 Received: qC
6792@1590734139.402331:gdbstub_io_reply
 Sent: QC01
6792@1590734139.402331:gdbstub_io_command
 Received: qAttached
6792@1590734139.403331:gdbstub_io_reply
 Sent: 1
6792@1590734139.403331:gdbstub_io_command
 Received: qOffsets


 It looks like the .xml file is working , the "info reg" command returns the 
registers defined for TI DSP processor:
(szdb) info reg
r0 0xc0 -274877906944
r1 0x0  0
r2 0x22 14602064
r3 0x0  0
r4 0x0  0
r5 0x41 279172874240
r6 0x0  0
r7 0x68 446676598784
ar00x0  0
ar10x0  0
ar20x0  0
ar30x0  0
ar40x0  0
ar50x0  0
ar60x0  0
ar70x0  0
dp 0x0  0
ir00x0  0
ir10x0  0
bk 0x0  0
sp 0x0  0
st 0x54 84
ie 0x0  0
if 0x0  0
iof0x0  0
rs 0x0  0
re 0x0  0
rc 0x0  0
pc 0xf  15
clk0x0  0

But GDB still complains  "warning: Target-supplied registers are not 
supported by the current architecture" and an unkown symbol:
atexit (
fun=)
at exit.c:44
44  exit.c: No such file or directory.
 Another problem is that DSP processor addresses memory by word(4 bytes), 
the starting entry address from the executable is 0xF, which will fail the 
4-byte alignment assertion, so the instruction retrieved does not look right. 
We are going to fix it.
   thanks .
xiaolei
-- Origina,l --
From: "Taylor Simpson"mailto:tsimp...@quicinc.com>>;
Date: Thu, May 28, 2020 05:41 AM
To: "Philippe Mathieu-Daud 
"mailto:f4...@amsat.org>>;"casmac"<1482995...@qq.com>;"qemu-devel"mailto:qemu-devel@nongnu.org>>;
Cc: "Alex Benn e"mailto:alex.ben...@linaro.org>>;"Luc 
Michel"mailto:luc.mic...@greensocs.com>>;
Subject: RE: GDB get wrong debug infos on TI DSP architecture extension

For Hexagon, we have LLDB, not GDB.  I tinkered with getting LLDB to talk to 
qemu but never got if fully functional.  I'm planning to get back to it at some 
point.

With that caveat, I'll try to answer Xiaolei's questions
- The xml file is returned from qemu to gdb in response to the 
Xfer:features:read command.  Providing it should be optional unless your 
debugger requires the target to support that command.  If the target doesn't 
support this command, the debugger will generally use the qRegisterInfo command.
- I don't think get_phys_page_debug is used for gdb debugging.  Which mode are 
you implementing?  In linux-user mode, it's not needed.  In softmmu mode, it is 
used when you use "-d in_asm" to find the memory to 

Re: [PATCH 1/3] qapi: Make @associativity, @policy and @line of NumaHmatCacheOptions optional

[Igor Mammedov]

On Fri, 29 May 2020 15:33:46 +0200
Michal Privoznik  wrote:

> The documentation to `-numa hmat-cache` says that @node-id, @size
> and @level are the only required attributes. The rest
> (@associativity, @policy and @line) is optional. Well, not quite
> - if I try to start QEMU with only the three required attributes
> defined the QAPI code is complaining about associativity missing.

indeed, they are marked as optional CLI arguments but we don't have
a code that would make them as optional. And I'd prefer docs fixed
instead of introducing default values handling here.


> Signed-off-by: Michal Privoznik 
> ---
>  qapi/machine.json | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/qapi/machine.json b/qapi/machine.json
> index ff7b5032e3..952784f8ba 100644
> --- a/qapi/machine.json
> +++ b/qapi/machine.json
> @@ -723,9 +723,9 @@
> 'node-id': 'uint32',
> 'size': 'size',
> 'level': 'uint8',
> -   'associativity': 'HmatCacheAssociativity',
> -   'policy': 'HmatCacheWritePolicy',
> -   'line': 'uint16' }}
> +   '*associativity': 'HmatCacheAssociativity',
> +   '*policy': 'HmatCacheWritePolicy',
> +   '*line': 'uint16' }}
>  
>  ##
>  # @HostMemPolicy:

Re: [PATCH v3 1/2] PCI: vmd: Filter resource type bits from shadow register

[Lorenzo Pieralisi]

On Fri, May 29, 2020 at 03:53:37PM +, Derrick, Jonathan wrote:
> On Fri, 2020-05-29 at 11:33 +0100, Lorenzo Pieralisi wrote:
> > On Wed, May 27, 2020 at 11:02:39PM -0400, Jon Derrick wrote:
> > > Versions of VMD with the Host Physical Address shadow register use this
> > > register to calculate the bus address offset needed to do guest
> > > passthrough of the domain. This register shadows the Host Physical
> > > Address registers including the resource type bits. After calculating
> > > the offset, the extra resource type bits lead to the VMD resources being
> > > over-provisioned at the front and under-provisioned at the back.
> > > 
> > > Example:
> > > pci 1:80:02.0: reg 0x10: [mem 0xf801fffc-0xf803fffb 64bit]
> > > 
> > > Expected:
> > > pci 1:80:02.0: reg 0x10: [mem 0xf802-0xf803 64bit]
> > > 
> > > If other devices are mapped in the over-provisioned front, it could lead
> > > to resource conflict issues with VMD or those devices.
> > > 
> > > Fixes: a1a30170138c9 ("PCI: vmd: Fix shadow offsets to reflect spec 
> > > changes")
> > > Signed-off-by: Jon Derrick 
> > > ---
> > >  drivers/pci/controller/vmd.c | 6 --
> > >  1 file changed, 4 insertions(+), 2 deletions(-)
> > 
> > Hi Jon,
> > 
> > it looks like I can take this patch for v5.8 whereas patch 2 depends
> > on the QEMU changes acceptance and should probably wait.
> > 
> > Please let me know your thoughts asap and I will try to at least
> > squeeze this patch in.
> > 
> > Lorenzo
> 
> Hi Lorenzo,
> 
> This is fine. Please take Patch 1.
> Patch 2 is harmless without the QEMU changes, but may always need a
> different approach.

Pulled patch 1 into pci/vmd, thanks.

Lorenzo

Re: [PATCH] or1k: Fix compilation hiccup

[Peter Maydell]

On Fri, 29 May 2020 at 17:23, Christophe de Dinechin
 wrote:
> On 2020-05-26 at 20:51 CEST, Eric Blake wrote...
> > diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
> > index d08ce6181199..95011a8015b4 100644
> > --- a/hw/openrisc/openrisc_sim.c
> > +++ b/hw/openrisc/openrisc_sim.c
> > @@ -129,7 +129,7 @@ static void openrisc_sim_init(MachineState *machine)
> >  const char *kernel_filename = machine->kernel_filename;
> >  OpenRISCCPU *cpu = NULL;
> >  MemoryRegion *ram;
> > -qemu_irq *cpu_irqs[2];
> > +qemu_irq *cpu_irqs[2] = {};
>
> Why is the value [2] correct here? The loop that initializes loops over
> machine->smp.cpus. Is it always less than 2 on this machine?

Yes: openrisc_sim_machine_init() sets mc->max_cpus = 2.
My suggestion of adding an assert() is essentially telling the
compiler that indeed smp_cpus must always be in the range [1,2],
which we can tell but it can't.

thanks
-- PMM

Re: [PATCH 1/2] sev: add sev-inject-launch-secret

[tobin]

On 2020-05-28 17:00, James Bottomley wrote:

On Thu, 2020-05-28 at 16:51 -0400, Tobin Feldman-Fitzthum wrote:

--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -200,6 +200,26 @@
 { 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
   'if': 'defined(TARGET_I386)' }

+##
+# @sev-inject-launch-secret:
+#
+# This command injects a secret blob into memory of SEV guest.
+#
+# @packet-header: the launch secret packet header encoded in base64
+#
+# @secret: the launch secret data to be injected encoded in base64
+#
+# @gpa: the guest physical address where secret will be injected.
+GPA provided here will be ignored if guest ROM specifies
+the a launch secret GPA.


Shouldn't we eliminate the gpa argument to this now the gpa is
extracted from OVMF?  You add it here but don't take it out in the next
patch.


I think having GPA as an optional argument might make the most sense.
Users may or may not know how to use the argument, but it is probably
a good idea to give another option besides sticking the GPA into the 
ROM.



+# Since: 5.0.0
+#
+##
+{ 'command': 'sev-inject-launch-secret',
+  'data': { 'packet_hdr': 'str', 'secret': 'str', 'gpa': 'uint64' },


Java (i.e. Json) people hate underscores and abbreviations.  I bet
they'll want this to be 'packet-header'


Happy to change this.


+  'if': 'defined(TARGET_I386)' }
+
 ##
 # @dump-skeys:
 #
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 27ebfa3ad2..5c2b7d2c17 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -736,3 +736,11 @@ SevCapability *qmp_query_sev_capabilities(Error
**errp)

 return data;
 }
+
+void qmp_sev_inject_launch_secret(const char *packet_hdr,
+  const char *secret, uint64_t gpa,
+  Error **errp)
+{
+if (sev_inject_launch_secret(packet_hdr,secret,gpa) != 0)
+  error_setg(errp, "SEV inject secret failed");
+}
diff --git a/target/i386/sev-stub.c b/target/i386/sev-stub.c
index e5ee13309c..2b8c5f1f53 100644
--- a/target/i386/sev-stub.c
+++ b/target/i386/sev-stub.c
@@ -48,3 +48,8 @@ SevCapability *sev_get_capabilities(void)
 {
 return NULL;
 }
+int sev_inject_launch_secret(const char *hdr, const char *secret,
+uint64_t gpa)
+{
+   return 1;
+}
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 846018a12d..774e47d9d1 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -28,6 +28,7 @@
 #include "sysemu/runstate.h"
 #include "trace.h"
 #include "migration/blocker.h"
+#include "exec/address-spaces.h"

 #define DEFAULT_GUEST_POLICY0x1 /* disable debug */
 #define DEFAULT_SEV_DEVICE  "/dev/sev"
@@ -743,6 +744,88 @@ sev_encrypt_data(void *handle, uint8_t *ptr,
uint64_t len)
 return 0;
 }

+
+static void *
+gpa2hva(hwaddr addr, uint64_t size)
+{
+MemoryRegionSection mrs =
memory_region_find(get_system_memory(),
+ addr, size);
+
+if (!mrs.mr) {
+error_report("No memory is mapped at address 0x%"
HWADDR_PRIx, addr);
+return NULL;
+}
+
+if (!memory_region_is_ram(mrs.mr) &&
!memory_region_is_romd(mrs.mr)) {
+error_report("Memory at address 0x%" HWADDR_PRIx "is not
RAM", addr);
+memory_region_unref(mrs.mr);
+return NULL;
+}


We can still check this, but it should be like an assertion failure.
Since the GPA is selected by the OVMF build there should be no way it
can't be mapped into the host.

[...]

--- a/tests/qtest/qmp-cmd-test.c
+++ b/tests/qtest/qmp-cmd-test.c
@@ -93,10 +93,10 @@ static bool query_is_blacklisted(const char *cmd)
 /* Success depends on target-specific build configuration:
*/
 "query-pci",  /* CONFIG_PCI */
 /* Success depends on launching SEV guest */
-"query-sev-launch-measure",
+// "query-sev-launch-measure",
 /* Success depends on Host or Hypervisor SEV support */
-"query-sev",
-"query-sev-capabilities",
+// "query-sev",
+// "query-sev-capabilities",


We're eliminating existing tests ... is that just a stray hunk that you
forgot to remove?


Yes.

James

Re: [PULL 00/12] testing and plugin fixes

[Peter Maydell]

On Wed, 27 May 2020 at 15:54, Alex Bennée  wrote:
>
> The following changes since commit ddc760832fa8cf5e93b9d9e6e854a5114ac63510:
>
>   Merge remote-tracking branch 'remotes/gkurz/tags/9p-next-2020-05-26' into 
> staging (2020-05-26 14:05:53 +0100)
>
> are available in the Git repository at:
>
>   https://github.com/stsquad/qemu.git tags/pull-testing-tcg-plugins-270520-1
>
> for you to fetch changes up to 919bfbf5d6569b63a374332292cf3d2355a6d6c3:
>
>   tests/tcg: add new threadcount test (2020-05-27 14:26:49 +0100)
>
> 
> Testing and one plugin fix:
>
>   - support alternates for genisoimage to test/vm
>   - add clang++ to clang tests
>   - fix record/replay smoke test
>   - enable more softfloat tests
>   - better detection of hung gdb
>   - upgrade aarch64 tcg test x-compile to gcc-10
>   - fix plugin cpu_index clash vs threads


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
for any user-visible changes.

-- PMM

Re: [PATCH 0/2] HMP: qom-get and set

[Dr. David Alan Gilbert]

* Dr. David Alan Gilbert (git) (dgilb...@redhat.com) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> HMP has had a qom-set for a long time, but not a matching qom-get;
> various attempts have been made to add one over the last 5 years.
> Here's another go.
> 
> It's got simpler due to a suggestion by Markus to take the output
> from qmp's qom-get.  While we're here, rework hmp's qom-set to be
> a wrapper around the qmp equivalent, which simplifies it a bit.
> 
> In one post people didn't particularly like the use of JSON,
> but in the intervening 4 years no one has implemented anything to
> avoid it, and the output is trivially readable for non-structures
> and still pretty readable for (the very rare) structures.
> 
> Dave

Queued

> 
> Dr. David Alan Gilbert (2):
>   hmp: Implement qom-get HMP command
>   hmp: Simplify qom_set
> 
>  hmp-commands.hx| 14 ++
>  include/monitor/hmp.h  |  1 +
>  qom/qom-hmp-cmds.c | 34 +++---
>  tests/qtest/test-hmp.c |  1 +
>  4 files changed, 39 insertions(+), 11 deletions(-)
> 
> -- 
> 2.26.2
> 
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[PATCH] hw/display/cirrus_vga: Fix code mis-indentation

[Philippe Mathieu-Daudé]

While replacing fprintf() by qemu_log_mask() in commit
2b55f4d3504, we incorrectly used a 'tab = 4 spaces'
alignment, leading to misindented new code. Fix now.

Reported-by: Peter Maydell 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/display/cirrus_vga.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 92c197cdde..212d6f5e61 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -1032,9 +1032,9 @@ static void cirrus_bitblt_start(CirrusVGAState * s)
 } else {
if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
if (s->cirrus_blt_pixelwidth > 2) {
-qemu_log_mask(LOG_GUEST_ERROR,
-  "cirrus: src transparent without colorexpand "
-  "must be 8bpp or 16bpp\n");
+qemu_log_mask(LOG_GUEST_ERROR,
+  "cirrus: src transparent without colorexpand 
"
+  "must be 8bpp or 16bpp\n");
goto bitblt_ignore;
}
if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) {
-- 
2.21.3

[PATCH v2 2/2] fuzz: Add support for logging QTest commands

[Alexander Bulekov]

Signed-off-by: Alexander Bulekov 
---
 tests/qtest/fuzz/fuzz.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index cf76a6636f..4842fbe7c7 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -95,6 +95,9 @@ static void usage(char *path)
"Set the environment variable FUZZ_SERIALIZE_QTEST=1 to serialize\n"
"QTest commands into an ASCII protocol. Useful for building crash\n"
"reproducers, but slows down execution.\n");
+   "reproducers, but slows down execution.\n\n"
+   "Set the environment variable QTEST_LOG=1 to log all qtest commands"
+   "\n");
 exit(0);
 }
 
@@ -183,6 +186,11 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
***envp)
 
 /* Run QEMU's softmmu main with the fuzz-target dependent arguments */
 const char *init_cmdline = fuzz_target->get_init_cmdline(fuzz_target);
+init_cmdline = g_strdup_printf("%s -qtest /dev/null -qtest-log %s",
+   init_cmdline,
+   getenv("QTEST_LOG") ? "/dev/fd/2"
+   : "/dev/null");
+
 
 /* Split the runcmd into an argv and argc */
 wordexp_t result;
-- 
2.26.2

Re: [PATCH 1/2] sev: add sev-inject-launch-secret

[tobin]

On 2020-05-28 17:42, Eric Blake wrote:

On 5/28/20 3:51 PM, Tobin Feldman-Fitzthum wrote:

From: Tobin Feldman-Fitzthum 

AMD SEV allows a guest owner to inject a secret blob
into the memory of a virtual machine. The secret is
encrypted with the SEV Transport Encryption Key and
integrity is guaranteed with the Transport Integrity
Key. Although QEMU faciliates the injection of the
launch secret, it cannot access the secret.

Signed-off-by: Tobin Feldman-Fitzthum 
---



+++ b/qapi/misc-target.json
@@ -200,6 +200,26 @@
  { 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
'if': 'defined(TARGET_I386)' }
  +##
+# @sev-inject-launch-secret:
+#
+# This command injects a secret blob into memory of SEV guest.
+#
+# @packet-header: the launch secret packet header encoded in base64
+#
+# @secret: the launch secret data to be injected encoded in base64
+#
+# @gpa: the guest physical address where secret will be injected.
+GPA provided here will be ignored if guest ROM specifies
+the a launch secret GPA.


Missing # on the wrapped lines.


+#
+# Since: 5.0.0


You've missed 5.0, and more sites tend to use x.y instead of x.y.z
(although we aren't consistent); this should be 'Since: 5.1'


+#
+##
+{ 'command': 'sev-inject-launch-secret',
+  'data': { 'packet_hdr': 'str', 'secret': 'str', 'gpa': 'uint64' },


This does not match your documentation above, which named it
'packet-header'.  Should 'gpa' be optional, to account for the case
where ROM specifies it?


My bad on the syntax issues. I think making GPA optional makes sense.
In the first patch we can have it be required and in the second
we add the option to scan the ROM.

[PATCH 1/2] fuzz: skip QTest serialization

[Alexander Bulekov]

The QTest server usually parses ASCII commands from clients. Since we
fuzz within the QEMU process, skip the QTest serialization and server
for most QTest commands. Leave the option to use the ASCII protocol, to
generate readable traces for crash reproducers.

Inspired-by: Philippe Mathieu-Daudé 
Signed-off-by: Alexander Bulekov 
---
 tests/qtest/fuzz/Makefile.include |  21 +++
 tests/qtest/fuzz/fuzz.c   |  13 +-
 tests/qtest/fuzz/fuzz.h   |   3 +
 tests/qtest/fuzz/qtest_wrappers.c | 252 ++
 4 files changed, 288 insertions(+), 1 deletion(-)
 create mode 100644 tests/qtest/fuzz/qtest_wrappers.c

diff --git a/tests/qtest/fuzz/Makefile.include 
b/tests/qtest/fuzz/Makefile.include
index e455bebc9d..0184f59406 100644
--- a/tests/qtest/fuzz/Makefile.include
+++ b/tests/qtest/fuzz/Makefile.include
@@ -5,6 +5,7 @@ fuzz-obj-y += $(libqos-obj-y)
 fuzz-obj-y += tests/qtest/fuzz/fuzz.o # Fuzzer skeleton
 fuzz-obj-y += tests/qtest/fuzz/fork_fuzz.o
 fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o
+fuzz-obj-y += tests/qtest/fuzz/qtest_wrappers.o
 
 # Targets
 fuzz-obj-y += tests/qtest/fuzz/i440fx_fuzz.o
@@ -17,3 +18,23 @@ FUZZ_CFLAGS += -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest
 # Linker Script to force coverage-counters into known regions which we can mark
 # shared
 FUZZ_LDFLAGS += -Xlinker -T$(SRC_PATH)/tests/qtest/fuzz/fork_fuzz.ld
+
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_inb
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_inw
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_inl
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_outb
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_outw
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_outl
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_readb
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_readw
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_readl
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_readq
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_writeb
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_writew
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_writel
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_writeq
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_memread
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_bufread
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_memwrite
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_bufwrite
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_memset
diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index 33365c3782..ea630ddb9b 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -91,7 +91,10 @@ static void usage(char *path)
 printf(" * %s  : %s\n", tmp->target->name,
 tmp->target->description);
 }
-printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n");
+printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n\n"
+   "Set the environment variable FUZZ_SERIALIZE_QTEST=1 to serialize\n"
+   "QTest commands into an ASCII protocol. Useful for building crash\n"
+   "reproducers, but slows down execution.\n");
 exit(0);
 }
 
@@ -138,6 +141,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
***envp)
 
 char *target_name;
 char *dir;
+bool serialize = false;
 
 /* Initialize qgraph and modules */
 qos_graph_init();
@@ -172,6 +176,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
***envp)
 usage(**argv);
 }
 
+/* Should we always serialize qtest commands? */
+if (getenv("FUZZ_SERIALIZE_QTEST")) {
+serialize = true;
+}
+
+fuzz_qtest_set_serialize(serialize);
+
 /* Identify the fuzz target */
 fuzz_target = fuzz_get_target(target_name);
 if (!fuzz_target) {
diff --git a/tests/qtest/fuzz/fuzz.h b/tests/qtest/fuzz/fuzz.h
index 03901d414e..72d5710f6c 100644
--- a/tests/qtest/fuzz/fuzz.h
+++ b/tests/qtest/fuzz/fuzz.h
@@ -82,6 +82,9 @@ typedef struct FuzzTarget {
 void flush_events(QTestState *);
 void reboot(QTestState *);
 
+/* Use the QTest ASCII protocol or call address_space API directly?*/
+void fuzz_qtest_set_serialize(bool option);
+
 /*
  * makes a copy of *target and adds it to the target-list.
  * i.e. fine to set up target on the caller's stack
diff --git a/tests/qtest/fuzz/qtest_wrappers.c 
b/tests/qtest/fuzz/qtest_wrappers.c
new file mode 100644
index 00..713c830cdb
--- /dev/null
+++ b/tests/qtest/fuzz/qtest_wrappers.c
@@ -0,0 +1,252 @@
+/*
+ * qtest function wrappers
+ *
+ * Copyright Red Hat Inc., 2019
+ *
+ * Authors:
+ *  Alexander Bulekov   
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "exec/ioport.h"
+
+#include "fuzz.h"
+
+static bool serialize = true;
+
+#define WRAP(RET_TYPE, NAME_AND_ARGS)\
+RET_TYPE __wrap_##NAME_AND_ARGS;\
+RET_TYPE __real_##NAME_AND_ARGS;
+
+WRAP(uint8_t  , qtest_inb(QTestState *s, uint16_t addr))
+WRAP(uint16_t , qtest_inw(QTestState *s, uint16_t addr))
+WRAP(uint32_t , qtest_inl(QTestState *s, uint16_t addr))
+WRAP(void , qtest_outb(QTestState *s, uint16_t addr, uint8_t value))
+WRAP(void , qtest_outw(QTestState *s, uint16_t addr, uint16_t 

[PATCH 2/2] fuzz: Add support for logging QTest commands

[Alexander Bulekov]

Signed-off-by: Alexander Bulekov 
---
 tests/qtest/fuzz/fuzz.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index ea630ddb9b..2c9e2ee7b7 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -94,7 +94,9 @@ static void usage(char *path)
 printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n\n"
"Set the environment variable FUZZ_SERIALIZE_QTEST=1 to serialize\n"
"QTest commands into an ASCII protocol. Useful for building crash\n"
-   "reproducers, but slows down execution.\n");
+   "reproducers, but slows down execution.\n\n"
+   "Set the environment variable QTEST_LOG=1 to log all qtest commands"
+   "\n");
 exit(0);
 }
 
@@ -198,6 +200,11 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
***envp)
 /* Run QEMU's softmmu main with the fuzz-target dependent arguments */
 const char *init_cmdline = fuzz_target->get_init_cmdline(fuzz_target);
 
+init_cmdline = g_strdup_printf("%s -qtest /dev/null -qtest-log %s",
+   init_cmdline,
+   getenv("QTEST_LOG") ? "/dev/fd/2"
+   : "/dev/null");
+
 /* Split the runcmd into an argv and argc */
 wordexp_t result;
 wordexp(init_cmdline, , 0);
-- 
2.26.2

Re: [PULL 0/5] Qcrypto next patches

[Daniel P . Berrangé]

On Fri, May 29, 2020 at 11:35:50AM +0100, Daniel P. Berrangé wrote:
> The following changes since commit b8bee16e94df0fcd03bdad9969c30894418b0e6e:
> 
>   Merge remote-tracking branch 'remotes/kraxel/tags/vga-20200528-pull-request=
> ' into staging (2020-05-28 18:13:20 +0100)
> 
> are available in the Git repository at:
> 
>   https://github.com/berrange/qemu tags/qcrypto-next-pull-request
> 
> for you to fetch changes up to efd6cd2328064b569a7a92ad4aea1dc985d98601:
> 
>   crypto: Remove use of GCRYPT_VERSION macro. (2020-05-29 11:33:19 +0100)
> 
> 
> Misc crypto subsystem fixes
> 
> * Add support for fetching secret from Linux keyring
> * Remove redundant version check in gcrypt initialization
> * Allow for RNG provider to be disabled at build time
> 
> 
> 
> Alexey Krasikov (3):
>   crypto/secret: move main logic from 'secret' to 'secret_common'.
>   crypto/linux_keyring: add 'secret_keyring' secret object.
>   test-crypto-secret: add 'secret_keyring' object tests.
> 
> Marek Marczykowski-G=C3=B3recki (1):
>   crypto: add "none" random provider
> 
> Richard W.M. Jones (1):
>   crypto: Remove use of GCRYPT_VERSION macro.
> 
>  configure   |  73 ++
>  crypto/Makefile.objs|   5 +-
>  crypto/init.c   |   2 +-
>  crypto/random-none.c|  38 +++
>  crypto/secret.c | 347 +--
>  crypto/secret_common.c  | 403 
>  crypto/secret_keyring.c | 148 
>  include/crypto/secret.h |  20 +-
>  include/crypto/secret_common.h  |  68 ++
>  include/crypto/secret_keyring.h |  52 +
>  tests/Makefile.include  |   4 +
>  tests/test-crypto-secret.c  | 158 +
>  12 files changed, 959 insertions(+), 359 deletions(-)
>  create mode 100644 crypto/random-none.c
>  create mode 100644 crypto/secret_common.c
>  create mode 100644 crypto/secret_keyring.c
>  create mode 100644 include/crypto/secret_common.h
>  create mode 100644 include/crypto/secret_keyring.h

Seems the mingw build is broken due to mistakes in configure, so
i'll respin this.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

[PATCH 0/2] fuzz: Skip QTest serialization

[Alexander Bulekov]

In the same vein as Philippe's patch:

https://patchew.org/QEMU/20200528165303.1877-1-f4...@amsat.org/

This uses linker trickery to wrap calls to libqtest functions and
directly call the corresponding read/write functions, rather than
relying on the ASCII-serialized QTest protocol.


Alexander Bulekov (2):
  fuzz: skip QTest serialization
  fuzz: Add support for logging QTest commands

 tests/qtest/fuzz/Makefile.include |  21 +++
 tests/qtest/fuzz/fuzz.c   |  20 ++-
 tests/qtest/fuzz/fuzz.h   |   3 +
 tests/qtest/fuzz/qtest_wrappers.c | 252 ++
 4 files changed, 295 insertions(+), 1 deletion(-)
 create mode 100644 tests/qtest/fuzz/qtest_wrappers.c

-- 
2.26.2

Re: [PATCH 1/2] migration/rdma: fix potential nullptr access in rdma_start_incoming_migration

[Dr. David Alan Gilbert]

* Juan Quintela (quint...@redhat.com) wrote:
> Pan Nengyuan  wrote:
> > 'rdma' is NULL when taking the first error branch in 
> > rdma_start_incoming_migration.
> > And it will cause a null pointer access in label 'err'. Fix that.
> >
> > Fixes: 59c59c67ee6b0327ae932deb303caa47919aeb1e
> > Signed-off-by: Pan Nengyuan 
> 
> Reviewed-by: Juan Quintela 
> 
> good catch.

Thanks, Queued

> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [PATCH 2/2] migration/rdma: cleanup rdma context before g_free to avoid memleaks

[Dr. David Alan Gilbert]

* Pan Nengyuan (pannengy...@huawei.com) wrote:
> When error happen in initializing 'rdma_return_path', we should cleanup rdma 
> context
> before g_free(rdma) to avoid some memleaks. This patch fix that.
> 
> Reported-by: Euler Robot 
> Signed-off-by: Pan Nengyuan 

Queued.

> ---
>  migration/rdma.c | 8 +---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/migration/rdma.c b/migration/rdma.c
> index 72e8b1c95b..ec45d33ba3 100644
> --- a/migration/rdma.c
> +++ b/migration/rdma.c
> @@ -4094,20 +4094,20 @@ void rdma_start_outgoing_migration(void *opaque,
>  rdma_return_path = qemu_rdma_data_init(host_port, errp);
>  
>  if (rdma_return_path == NULL) {
> -goto err;
> +goto return_path_err;
>  }
>  
>  ret = qemu_rdma_source_init(rdma_return_path,
>  s->enabled_capabilities[MIGRATION_CAPABILITY_RDMA_PIN_ALL], 
> errp);
>  
>  if (ret) {
> -goto err;
> +goto return_path_err;
>  }
>  
>  ret = qemu_rdma_connect(rdma_return_path, errp);
>  
>  if (ret) {
> -goto err;
> +goto return_path_err;
>  }
>  
>  rdma->return_path = rdma_return_path;
> @@ -4120,6 +4120,8 @@ void rdma_start_outgoing_migration(void *opaque,
>  s->to_dst_file = qemu_fopen_rdma(rdma, "wb");
>  migrate_fd_connect(s, NULL);
>  return;
> +return_path_err:
> +qemu_rdma_cleanup(rdma);
>  err:
>  g_free(rdma);
>  g_free(rdma_return_path);
> -- 
> 2.18.2
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

ia-32/ia-64 fxsave64 instruction behavior when saving mmx

[Robert Henry]

Background: The ia-32/ia-64 fxsave64 instruction saves fp80 or legacy SSE mmx 
registers. The mmx registers are saved as if they were fp80 values. The lower 
64 bits of the constructed fp80 value is the mmx register.  The upper 16 bits 
of the constructed fp80 value are reserved; see the last row of table 3-44 of 
https://www.felixcloutier.com/x86/fxsave#tbl-3-44

The Intel core i9-9980XE Skylake metal I have puts 0x into these reserved 
16 bits when saving MMX.

QEMU appears to put 0's there.

Does anybody have insight as to what "reserved" really means, or must be, in 
this case?  I take the verb "reserved" to mean something other than "undefined".

I came across this issue when running the remill instruction test engine.  See 
my issue https://github.com/lifting-bits/remill/issues/423 For better or worse, 
remill assumes that those bits are 0x, not 0x

Re: [PATCH Kernel v22 0/8] Add UAPIs to support migration for VFIO devices

[Kirti Wankhede]

On 5/29/2020 4:29 AM, Alex Williamson wrote:

On Wed, 27 May 2020 09:48:22 +0100
"Dr. David Alan Gilbert"  wrote:

* Yan Zhao (yan.y.z...@intel.com) wrote:

BTW, for viommu, the downtime data is as below. under the same network
condition and guest memory size, and no running dirty data/memory produced
by device.
(1) viommu off
single-round dirty query: downtime ~100ms


Fine.


(2) viommu on
single-round dirty query: downtime 58s


Youch.


Double Youch!  But we believe this is because we're getting the dirty
bitmap one IOMMU leaf page at a time, right?  We've enable the kernel
to get a dirty bitmap across multiple mappings, but QEMU isn't yet
taking advantage of it.  Do I have this correct?  Thanks,



That's correct.

Thanks,
Kirti

[PATCH] hw/net/imx_fec.c: Convert debug fprintf() to trace event

[Jean-Christophe Dubois]

Signed-off-by: Jean-Christophe Dubois 
---
 hw/net/imx_fec.c| 101 ++--
 hw/net/trace-events |  18 
 2 files changed, 58 insertions(+), 61 deletions(-)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 7adcc9df654..823dac0603b 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -31,34 +31,11 @@
 #include "qemu/module.h"
 #include "net/checksum.h"
 #include "net/eth.h"
+#include "trace.h"
 
 /* For crc32 */
 #include 
 
-#ifndef DEBUG_IMX_FEC
-#define DEBUG_IMX_FEC 0
-#endif
-
-#define FEC_PRINTF(fmt, args...) \
-do { \
-if (DEBUG_IMX_FEC) { \
-fprintf(stderr, "[%s]%s: " fmt , TYPE_IMX_FEC, \
- __func__, ##args); \
-} \
-} while (0)
-
-#ifndef DEBUG_IMX_PHY
-#define DEBUG_IMX_PHY 0
-#endif
-
-#define PHY_PRINTF(fmt, args...) \
-do { \
-if (DEBUG_IMX_PHY) { \
-fprintf(stderr, "[%s.phy]%s: " fmt , TYPE_IMX_FEC, \
- __func__, ##args); \
-} \
-} while (0)
-
 #define IMX_MAX_DESC1024
 
 static const char *imx_default_reg_name(IMXFECState *s, uint32_t index)
@@ -262,43 +239,45 @@ static void imx_eth_update(IMXFECState *s);
  * For now we don't handle any GPIO/interrupt line, so the OS will
  * have to poll for the PHY status.
  */
-static void phy_update_irq(IMXFECState *s)
+static void imx_phy_update_irq(IMXFECState *s)
 {
 imx_eth_update(s);
 }
 
-static void phy_update_link(IMXFECState *s)
+static void imx_phy_update_link(IMXFECState *s)
 {
 /* Autonegotiation status mirrors link status.  */
 if (qemu_get_queue(s->nic)->link_down) {
-PHY_PRINTF("link is down\n");
+trace_imx_phy_update_link("down");
 s->phy_status &= ~0x0024;
 s->phy_int |= PHY_INT_DOWN;
 } else {
-PHY_PRINTF("link is up\n");
+trace_imx_phy_update_link("up");
 s->phy_status |= 0x0024;
 s->phy_int |= PHY_INT_ENERGYON;
 s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
 }
-phy_update_irq(s);
+imx_phy_update_irq(s);
 }
 
 static void imx_eth_set_link(NetClientState *nc)
 {
-phy_update_link(IMX_FEC(qemu_get_nic_opaque(nc)));
+imx_phy_update_link(IMX_FEC(qemu_get_nic_opaque(nc)));
 }
 
-static void phy_reset(IMXFECState *s)
+static void imx_phy_reset(IMXFECState *s)
 {
+trace_imx_phy_reset();
+
 s->phy_status = 0x7809;
 s->phy_control = 0x3000;
 s->phy_advertise = 0x01e1;
 s->phy_int_mask = 0;
 s->phy_int = 0;
-phy_update_link(s);
+imx_phy_update_link(s);
 }
 
-static uint32_t do_phy_read(IMXFECState *s, int reg)
+static uint32_t imx_phy_read(IMXFECState *s, int reg)
 {
 uint32_t val;
 
@@ -332,7 +311,7 @@ static uint32_t do_phy_read(IMXFECState *s, int reg)
 case 29:/* Interrupt source.  */
 val = s->phy_int;
 s->phy_int = 0;
-phy_update_irq(s);
+imx_phy_update_irq(s);
 break;
 case 30:/* Interrupt mask */
 val = s->phy_int_mask;
@@ -352,14 +331,14 @@ static uint32_t do_phy_read(IMXFECState *s, int reg)
 break;
 }
 
-PHY_PRINTF("read 0x%04x @ %d\n", val, reg);
+trace_imx_phy_read(val, reg);
 
 return val;
 }
 
-static void do_phy_write(IMXFECState *s, int reg, uint32_t val)
+static void imx_phy_write(IMXFECState *s, int reg, uint32_t val)
 {
-PHY_PRINTF("write 0x%04x @ %d\n", val, reg);
+trace_imx_phy_write(val, reg);
 
 if (reg > 31) {
 /* we only advertise one phy */
@@ -369,7 +348,7 @@ static void do_phy_write(IMXFECState *s, int reg, uint32_t 
val)
 switch (reg) {
 case 0: /* Basic Control */
 if (val & 0x8000) {
-phy_reset(s);
+imx_phy_reset(s);
 } else {
 s->phy_control = val & 0x7980;
 /* Complete autonegotiation immediately.  */
@@ -383,7 +362,7 @@ static void do_phy_write(IMXFECState *s, int reg, uint32_t 
val)
 break;
 case 30:/* Interrupt mask */
 s->phy_int_mask = val & 0xff;
-phy_update_irq(s);
+imx_phy_update_irq(s);
 break;
 case 17:
 case 18:
@@ -402,6 +381,8 @@ static void do_phy_write(IMXFECState *s, int reg, uint32_t 
val)
 static void imx_fec_read_bd(IMXFECBufDesc *bd, dma_addr_t addr)
 {
 dma_memory_read(_space_memory, addr, bd, sizeof(*bd));
+
+trace_imx_fec_read_bd(addr, bd->flags, bd->length, bd->data);
 }
 
 static void imx_fec_write_bd(IMXFECBufDesc *bd, dma_addr_t addr)
@@ -412,6 +393,9 @@ static void imx_fec_write_bd(IMXFECBufDesc *bd, dma_addr_t 
addr)
 static void imx_enet_read_bd(IMXENETBufDesc *bd, dma_addr_t addr)
 {
 dma_memory_read(_space_memory, addr, bd, sizeof(*bd));
+
+trace_imx_enet_read_bd(addr, bd->flags, bd->length, bd->data,
+   bd->option, bd->status);
 }
 
 static void imx_enet_write_bd(IMXENETBufDesc *bd, dma_addr_t addr)
@@ -471,11 +455,9 @@ static void 

[PATCH] hw/misc/imx6ul_ccm.c: Implement non writable bits in CCM registers

[Jean-Christophe Dubois]

Some bits of the CCM registers are non writable.

This was left undone in the initial commit (all bits of registers were
writable).

This patch add the required code to protect non writable bits.

Signed-off-by: Jean-Christophe Dubois 
---
 hw/misc/imx6ul_ccm.c | 81 +---
 1 file changed, 68 insertions(+), 13 deletions(-)

diff --git a/hw/misc/imx6ul_ccm.c b/hw/misc/imx6ul_ccm.c
index a2fc1d0364a..ede845fde8e 100644
--- a/hw/misc/imx6ul_ccm.c
+++ b/hw/misc/imx6ul_ccm.c
@@ -19,6 +19,62 @@
 
 #include "trace.h"
 
+static const uint32_t ccm_mask[CCM_MAX] = {
+[CCM_CCR] = 0xf01fef80,
+[CCM_CCDR] = 0xfffe,
+[CCM_CSR] = 0x,
+[CCM_CCSR] = 0xfef2,
+[CCM_CACRR] = 0xfff8,
+[CCM_CBCDR] = 0xc1f8e000,
+[CCM_CBCMR] = 0xfc03cfff,
+[CCM_CSCMR1] = 0x8070,
+[CCM_CSCMR2] = 0xe01ff003,
+[CCM_CSCDR1] = 0xfe00c780,
+[CCM_CS1CDR] = 0xfe00fe00,
+[CCM_CS2CDR] = 0xf8007000,
+[CCM_CDCDR] = 0xf00f,
+[CCM_CHSCCDR] = 0xfffc01ff,
+[CCM_CSCDR2] = 0xfe0001ff,
+[CCM_CSCDR3] = 0xc1ff,
+[CCM_CDHIPR] = 0x,
+[CCM_CTOR] = 0x,
+[CCM_CLPCR] = 0xf39ff01c,
+[CCM_CISR] = 0xfb85ffbe,
+[CCM_CIMR] = 0xfb85ffbf,
+[CCM_CCOSR] = 0xfe00fe00,
+[CCM_CGPR] = 0xfffc3fea,
+[CCM_CCGR0] = 0x,
+[CCM_CCGR1] = 0x,
+[CCM_CCGR2] = 0x,
+[CCM_CCGR3] = 0x,
+[CCM_CCGR4] = 0x,
+[CCM_CCGR5] = 0x,
+[CCM_CCGR6] = 0x,
+[CCM_CMEOR] = 0xaf1f,
+};
+
+static const uint32_t analog_mask[CCM_ANALOG_MAX] = {
+[CCM_ANALOG_PLL_ARM] = 0xfff60f80,
+[CCM_ANALOG_PLL_USB1] = 0xfffe0fbc,
+[CCM_ANALOG_PLL_USB2] = 0xfffe0fbc,
+[CCM_ANALOG_PLL_SYS] = 0xfffa0ffe,
+[CCM_ANALOG_PLL_SYS_SS] = 0x,
+[CCM_ANALOG_PLL_SYS_NUM] = 0xc000,
+[CCM_ANALOG_PLL_SYS_DENOM] = 0xc000,
+[CCM_ANALOG_PLL_AUDIO] = 0xffe20f80,
+[CCM_ANALOG_PLL_AUDIO_NUM] = 0xc000,
+[CCM_ANALOG_PLL_AUDIO_DENOM] = 0xc000,
+[CCM_ANALOG_PLL_VIDEO] = 0xffe20f80,
+[CCM_ANALOG_PLL_VIDEO_NUM] = 0xc000,
+[CCM_ANALOG_PLL_VIDEO_DENOM] = 0xc000,
+[CCM_ANALOG_PLL_ENET] = 0xffc20ff0,
+[CCM_ANALOG_PFD_480] = 0x40404040,
+[CCM_ANALOG_PFD_528] = 0x40404040,
+[PMU_MISC0] = 0x01fe8306,
+[PMU_MISC1] = 0x07fcede0,
+[PMU_MISC2] = 0x005f5f5f,
+};
+
 static const char *imx6ul_ccm_reg_name(uint32_t reg)
 {
 static char unknown[20];
@@ -596,11 +652,8 @@ static void imx6ul_ccm_write(void *opaque, hwaddr offset, 
uint64_t value,
 
 trace_ccm_write_reg(imx6ul_ccm_reg_name(index), (uint32_t)value);
 
-/*
- * We will do a better implementation later. In particular some bits
- * cannot be written to.
- */
-s->ccm[index] = (uint32_t)value;
+s->ccm[index] = (s->ccm[index] & ccm_mask[index]) |
+   ((uint32_t)value & ~ccm_mask[index]);
 }
 
 static uint64_t imx6ul_analog_read(void *opaque, hwaddr offset, unsigned size)
@@ -737,7 +790,8 @@ static void imx6ul_analog_write(void *opaque, hwaddr 
offset, uint64_t value,
  * the REG_NAME register. So we change the value of the
  * REG_NAME register, setting bits passed in the value.
  */
-s->analog[index - 1] |= value;
+s->analog[index - 1] = s->analog[index - 1] |
+   (value & ~analog_mask[index - 1]);
 break;
 case CCM_ANALOG_PLL_ARM_CLR:
 case CCM_ANALOG_PLL_USB1_CLR:
@@ -762,7 +816,8 @@ static void imx6ul_analog_write(void *opaque, hwaddr 
offset, uint64_t value,
  * the REG_NAME register. So we change the value of the
  * REG_NAME register, unsetting bits passed in the value.
  */
-s->analog[index - 2] &= ~value;
+s->analog[index - 2] = s->analog[index - 2] &
+   ~(value & ~analog_mask[index - 2]);
 break;
 case CCM_ANALOG_PLL_ARM_TOG:
 case CCM_ANALOG_PLL_USB1_TOG:
@@ -787,14 +842,14 @@ static void imx6ul_analog_write(void *opaque, hwaddr 
offset, uint64_t value,
  * the REG_NAME register. So we change the value of the
  * REG_NAME register, toggling bits passed in the value.
  */
-s->analog[index - 3] ^= value;
+s->analog[index - 3] = (s->analog[index - 3] &
+analog_mask[index - 3]) |
+   ((value ^ s->analog[index - 3]) &
+~analog_mask[index - 3]);
 break;
 default:
-/*
- * We will do a better implementation later. In particular some bits
- * cannot be written to.
- */
-s->analog[index] = value;
+s->analog[index] = (s->analog[index] & analog_mask[index]) |
+   (value & ~analog_mask[index]);
 break;
 }
 }
-- 
2.25.1

[PATCH v2 0/2] fuzz: Skip QTest serialization

[Alexander Bulekov]

In the same vein as Philippe's patch:

https://patchew.org/QEMU/20200528165303.1877-1-f4...@amsat.org/

This uses linker trickery to wrap calls to libqtest functions and
directly call the corresponding read/write functions, rather than
relying on the ASCII-serialized QTest protocol.

v2: applies properly

Alexander Bulekov (2):
  fuzz: skip QTest serialization
  fuzz: Add support for logging QTest commands

 tests/qtest/fuzz/Makefile.include | 21 +
 tests/qtest/fuzz/fuzz.c   | 22 +-
 tests/qtest/fuzz/fuzz.h   |  3 +++
 3 files changed, 45 insertions(+), 1 deletion(-)

-- 
2.26.2

[PATCH v2 1/2] fuzz: skip QTest serialization

[Alexander Bulekov]

The QTest server usually parses ASCII commands from clients. Since we
fuzz within the QEMU process, skip the QTest serialization and server
for most QTest commands. Leave the option to use the ASCII protocol, to
generate readable traces for crash reproducers.

Inspired-by: Philippe Mathieu-Daudé 
Signed-off-by: Alexander Bulekov 
---
 tests/qtest/fuzz/Makefile.include | 21 +
 tests/qtest/fuzz/fuzz.c   | 14 +-
 tests/qtest/fuzz/fuzz.h   |  3 +++
 3 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/tests/qtest/fuzz/Makefile.include 
b/tests/qtest/fuzz/Makefile.include
index f259d866c9..5bde793bf2 100644
--- a/tests/qtest/fuzz/Makefile.include
+++ b/tests/qtest/fuzz/Makefile.include
@@ -5,6 +5,7 @@ fuzz-obj-y += $(libqos-obj-y)
 fuzz-obj-y += tests/qtest/fuzz/fuzz.o # Fuzzer skeleton
 fuzz-obj-y += tests/qtest/fuzz/fork_fuzz.o
 fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o
+fuzz-obj-y += tests/qtest/fuzz/qtest_wrappers.o
 
 # Targets
 fuzz-obj-$(CONFIG_PCI_I440FX) += tests/qtest/fuzz/i440fx_fuzz.o
@@ -16,3 +17,23 @@ FUZZ_CFLAGS += -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest
 # Linker Script to force coverage-counters into known regions which we can mark
 # shared
 FUZZ_LDFLAGS += -Xlinker -T$(SRC_PATH)/tests/qtest/fuzz/fork_fuzz.ld
+
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_inb
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_inw
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_inl
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_outb
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_outw
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_outl
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_readb
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_readw
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_readl
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_readq
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_writeb
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_writew
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_writel
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_writeq
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_memread
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_bufread
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_memwrite
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_bufwrite
+FUZZ_LDFLAGS += -Wl,-wrap,qtest_memset
diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index f5c923852e..cf76a6636f 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -91,7 +91,10 @@ static void usage(char *path)
 printf(" * %s  : %s\n", tmp->target->name,
 tmp->target->description);
 }
-printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n");
+printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n\n"
+   "Set the environment variable FUZZ_SERIALIZE_QTEST=1 to serialize\n"
+   "QTest commands into an ASCII protocol. Useful for building crash\n"
+   "reproducers, but slows down execution.\n");
 exit(0);
 }
 
@@ -137,6 +140,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
***envp)
 {
 
 char *target_name;
+char *dir;
+bool serialize = false;
 
 /* Initialize qgraph and modules */
 qos_graph_init();
@@ -157,6 +162,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
***envp)
 usage(**argv);
 }
 
+/* Should we always serialize qtest commands? */
+if (getenv("FUZZ_SERIALIZE_QTEST")) {
+serialize = true;
+}
+
+fuzz_qtest_set_serialize(serialize);
+
 /* Identify the fuzz target */
 fuzz_target = fuzz_get_target(target_name);
 if (!fuzz_target) {
diff --git a/tests/qtest/fuzz/fuzz.h b/tests/qtest/fuzz/fuzz.h
index 03901d414e..72d5710f6c 100644
--- a/tests/qtest/fuzz/fuzz.h
+++ b/tests/qtest/fuzz/fuzz.h
@@ -82,6 +82,9 @@ typedef struct FuzzTarget {
 void flush_events(QTestState *);
 void reboot(QTestState *);
 
+/* Use the QTest ASCII protocol or call address_space API directly?*/
+void fuzz_qtest_set_serialize(bool option);
+
 /*
  * makes a copy of *target and adds it to the target-list.
  * i.e. fine to set up target on the caller's stack
-- 
2.26.2

[Bug 1877418] Re: qemu-nbd freezes access to VDI file

[John Snow]

I agree, the program doesn't stop you from doing such things. It should
work without error, but it might be slow. Just offering some advice you
may not want to use it like this.

Try to reproduce with qcow2 and qemu-nbd to see if the problem is with
our support of the disk image format or if it's a problem with e.g. the
access patterns and qemu-nbd itself, for instance.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1877418

Title:
  qemu-nbd freezes access to VDI file

Status in QEMU:
  New
Status in btrfs-progs package in Ubuntu:
  New

Bug description:
  Mounted Oracle Virtualbox .vdi drive (dynamically allocated), which has 
GTP+BTRFS:
  sudo modprobe nbd max_part=16
  sudo qemu-nbd -c /dev/nbd0 /storage/btrfs.vdi
  mount /dev/nbd0p1 /mydata/

  Then I am operating on the btrfs filesystem and suddenly it freezes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1877418/+subscriptions

Re: [PATCH v1 2/2] Sample mtty: Add migration capability to mtty module

[Alex Williamson]

On Mon, 4 May 2020 23:24:20 +0530
Kirti Wankhede  wrote:

> This patch makes mtty device migration capable. Purpose od this code is
> to test migration interface. Only stop-and-copy phase is implemented.
> Postcopy migration is not supported.
> 
> Actual data for mtty device migration is very less. Appended dummy data to
> migration data stream, default 100 Mbytes. Added sysfs file
> 'dummy_data_size_MB' to get dummy data size from user which can be used
> to check performance of based of data size. During resuming dummy data is
> read and discarded.
> 
> Signed-off-by: Kirti Wankhede 
> ---
>  samples/vfio-mdev/mtty.c | 602 
> ---
>  1 file changed, 574 insertions(+), 28 deletions(-)
> 
> diff --git a/samples/vfio-mdev/mtty.c b/samples/vfio-mdev/mtty.c
> index bf666cce5bb7..f9194234fc6a 100644
> --- a/samples/vfio-mdev/mtty.c
> +++ b/samples/vfio-mdev/mtty.c
> @@ -44,9 +44,23 @@
>  
>  #define MTTY_STRING_LEN  16
>  
> -#define MTTY_CONFIG_SPACE_SIZE  0xff
> -#define MTTY_IO_BAR_SIZE0x8
> -#define MTTY_MMIO_BAR_SIZE  0x10
> +#define MTTY_CONFIG_SPACE_SIZE   0xff
> +#define MTTY_IO_BAR_SIZE 0x8
> +#define MTTY_MMIO_BAR_SIZE   0x10
> +#define MTTY_MIGRATION_REGION_SIZE   0x100   // 16M
> +
> +#define MTTY_MIGRATION_REGION_INDEX  VFIO_PCI_NUM_REGIONS
> +#define MTTY_REGIONS_MAX (MTTY_MIGRATION_REGION_INDEX + 1)
> +
> +/* Data section start from page aligned offset */
> +#define MTTY_MIGRATION_REGION_DATA_OFFSET(0x1000)

Probably want to work in terms of PAGE_SIZE.

> +
> +/* First page is used for struct vfio_device_migration_info */
> +#define MTTY_MIGRATION_REGION_SIZE_MMAP \
> + (MTTY_MIGRATION_REGION_SIZE - MTTY_MIGRATION_REGION_DATA_OFFSET)
> +
> +#define MIGRATION_INFO_OFFSET(MEMBER)\
> + offsetof(struct vfio_device_migration_info, MEMBER)
>  
>  #define STORE_LE16(addr, val)   (*(u16 *)addr = val)
>  #define STORE_LE32(addr, val)   (*(u32 *)addr = val)
> @@ -129,6 +143,28 @@ struct serial_port {
>   u8 intr_trigger_level;  /* interrupt trigger level */
>  };
>  
> +/* Migration packet */
> +#define PACKET_ID(u16)(0xfeedbaba)
> +
> +#define PACKET_FLAGS_ACTUAL_DATA (1 << 0)
> +#define PACKET_FLAGS_DUMMY_DATA  (1 << 1)
> +
> +#define PACKET_DATA_SIZE_MAX (8 * 1024 * 1024)
> +
> +struct packet {
> + u16 id;
> + u16 flags;
> + u32 data_size;
> + u8 data[];
> +};
> +
> +enum {
> + PACKET_STATE_NONE = 0,
> + PACKET_STATE_PREPARED,
> + PACKET_STATE_COPIED,
> + PACKET_STATE_LAST,
> +};
> +
>  /* State of each mdev device */
>  struct mdev_state {
>   int irq_fd;
> @@ -138,22 +174,37 @@ struct mdev_state {
>   u8 *vconfig;
>   struct mutex ops_lock;
>   struct mdev_device *mdev;
> - struct mdev_region_info region_info[VFIO_PCI_NUM_REGIONS];
> - u32 bar_mask[VFIO_PCI_NUM_REGIONS];
> + struct mdev_region_info region_info[MTTY_REGIONS_MAX];
> + u32 bar_mask[MTTY_REGIONS_MAX];

A new region doesn't imply a new BAR, this should have been simply
bar_mask[2] from the start since this device implements 2 bars.

>   struct list_head next;
>   struct serial_port s[2];
>   struct mutex rxtx_lock;
>   struct vfio_device_info dev_info;
> - int nr_ports;
> + u32 nr_ports;
>  
>   /* List of pinned gpfns, gpfn as index and content is translated hpfn */
>   unsigned long *gpfn_to_hpfn;
>   struct notifier_block nb;
> +
> + u32 device_state;
> + u64 saved_size;
> + void *mig_region_base;
> + bool is_actual_data_sent;
> + struct packet *pkt;
> + u32 packet_state;
> + u64 dummy_data_size;

Please consider alignment and holes even for a sample driver.

>  };
>  
>  static struct mutex mdev_list_lock;
>  static struct list_head mdev_devices_list;
>  
> +/*
> + * Default dummy data size set to 100 MB. To change value of dummy data size 
> at
> + * runtime but before migration write size in MB to sysfs file
> + * dummy_data_size_MB
> + */
> +static unsigned long user_dummy_data_size = (100 * 1024 * 1024);
> +
>  static const struct file_operations vd_fops = {
>   .owner  = THIS_MODULE,
>  };
> @@ -639,6 +690,288 @@ static void mdev_read_base(struct mdev_state 
> *mdev_state)
>   }
>  }
>  
> +static int save_setup(struct mdev_state *mdev_state)
> +{
> + mdev_state->is_actual_data_sent = false;
> +
> + memset(mdev_state->pkt, 0, sizeof(struct packet) +
> +PACKET_DATA_SIZE_MAX);

I would have expected pkt to be allocated here as well, it looks like
there's an expectation that the user will have mmap'd the migration
region prior to this, but there's no obligation on the part of the user
to make use of the mmap at all.

> +
> + return 0;
> +}
> +
> +static int set_device_state(struct mdev_state *mdev_state, u32 device_state)
> +{
> + int ret = 0;
> +

Re: [PATCH v2 04/58] qdev: New qdev_new(), qdev_realize(), etc.

[Alistair Francis]

On Fri, May 29, 2020 at 7:03 AM Markus Armbruster  wrote:
>
> We commonly plug devices into their bus right when we create them,
> like this:
>
> dev = qdev_create(bus, type_name);
>
> Note that @dev is a weak reference.  The reference from @bus to @dev
> is the only strong one.
>
> We realize at some later time, either with
>
> object_property_set_bool(OBJECT(dev), true, "realized", errp);
>
> or its convenience wrapper
>
> qdev_init_nofail(dev);
>
> If @dev still has no QOM parent then, realizing makes the
> /machine/unattached/ orphanage its QOM parent.
>
> Note that the device returned by qdev_create() is plugged into a bus,
> but doesn't have a QOM parent, yet.  Until it acquires one,
> unrealizing the bus will hang in bus_unparent():
>
> while ((kid = QTAILQ_FIRST(>children)) != NULL) {
> DeviceState *dev = kid->child;
> object_unparent(OBJECT(dev));
> }
>
> object_unparent() does nothing when its argument has no QOM parent,
> and the loop spins forever.
>
> Device state "no QOM parent, but plugged into bus" is dangerous.
>
> Paolo suggested to delay plugging into the bus until realize.  We need
> to plug into the parent bus before we call the device's realize
> method, in case it uses the parent bus.  So the dangerous state still
> exists, but only within realization, where we can manage it safely.
>
> This commit creates infrastructure to do this:
>
> dev = qdev_new(type_name);
> ...
> qdev_realize_and_unref(dev, bus, errp)
>
> Note that @dev becomes a strong reference here.
> qdev_realize_and_unref() drops it.  There is also plain
> qdev_realize(), which doesn't drop it.
>
> The remainder of this series will convert all users to this new
> interface.
>
> Cc: Michael S. Tsirkin 
> Cc: Marcel Apfelbaum 
> Cc: Alistair Francis 
> Cc: Gerd Hoffmann 
> Cc: Mark Cave-Ayland 
> Cc: David Gibson 
> Signed-off-by: Markus Armbruster 
> Acked-by: Gerd Hoffmann 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  include/hw/qdev-core.h | 11 +-
>  hw/core/bus.c  | 14 +++
>  hw/core/qdev.c | 90 ++
>  3 files changed, 114 insertions(+), 1 deletion(-)
>
> diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
> index b870b27966..fba29308f7 100644
> --- a/include/hw/qdev-core.h
> +++ b/include/hw/qdev-core.h
> @@ -57,7 +57,7 @@ typedef void (*BusUnrealize)(BusState *bus);
>   * After successful realization, setting static properties will fail.
>   *
>   * As an interim step, the #DeviceState:realized property can also be
> - * set with qdev_init_nofail().
> + * set with qdev_realize() or qdev_init_nofail().
>   * In the future, devices will propagate this state change to their children
>   * and along busses they expose.
>   * The point in time will be deferred to machine creation, so that values
> @@ -322,7 +322,13 @@ compat_props_add(GPtrArray *arr,
>
>  DeviceState *qdev_create(BusState *bus, const char *name);
>  DeviceState *qdev_try_create(BusState *bus, const char *name);
> +DeviceState *qdev_new(const char *name);
> +DeviceState *qdev_try_new(const char *name);
>  void qdev_init_nofail(DeviceState *dev);
> +bool qdev_realize(DeviceState *dev, BusState *bus, Error **errp);
> +bool qdev_realize_and_unref(DeviceState *dev, BusState *bus, Error **errp);
> +void qdev_unrealize(DeviceState *dev);
> +
>  void qdev_set_legacy_instance_id(DeviceState *dev, int alias_id,
>   int required_for_version);
>  HotplugHandler *qdev_get_bus_hotplug_handler(DeviceState *dev);
> @@ -411,6 +417,9 @@ typedef int (qdev_walkerfn)(DeviceState *dev, void 
> *opaque);
>  void qbus_create_inplace(void *bus, size_t size, const char *typename,
>   DeviceState *parent, const char *name);
>  BusState *qbus_create(const char *typename, DeviceState *parent, const char 
> *name);
> +bool qbus_realize(BusState *bus, Error **errp);
> +void qbus_unrealize(BusState *bus);
> +
>  /* Returns > 0 if either devfn or busfn skip walk somewhere in cursion,
>   * < 0 if either devfn or busfn terminate walk somewhere in cursion,
>   *   0 otherwise. */
> diff --git a/hw/core/bus.c b/hw/core/bus.c
> index 33a4443217..6f6071f5fa 100644
> --- a/hw/core/bus.c
> +++ b/hw/core/bus.c
> @@ -164,6 +164,20 @@ BusState *qbus_create(const char *typename, DeviceState 
> *parent, const char *nam
>  return bus;
>  }
>
> +bool qbus_realize(BusState *bus, Error **errp)
> +{
> +Error *err = NULL;
> +
> +object_property_set_bool(OBJECT(bus), true, "realized", );
> +error_propagate(errp, err);
> +return !err;
> +}
> +
> +void qbus_unrealize(BusState *bus)
> +{
> +object_property_set_bool(OBJECT(bus), false, "realized", _abort);
> +}
> +
>  static bool bus_get_realized(Object *obj, Error **errp)
>  {
>  BusState *bus = BUS(obj);
> diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> index a68ba674db..f2c5cee278 100644
> --- a/hw/core/qdev.c
> +++ b/hw/core/qdev.c
> 

Re: [Virtio-fs] [PATCH] virtiofsd: remove symlink fallbacks

[Dr. David Alan Gilbert]

* Vivek Goyal (vgo...@redhat.com) wrote:
> On Thu, May 14, 2020 at 04:07:36PM +0200, Miklos Szeredi wrote:
> > Path lookup in the kernel has special rules for looking up magic symlinks
> > under /proc.  If a filesystem operation is instructed to follow symlinks
> > (e.g. via AT_SYMLINK_FOLLOW or lack of AT_SYMLINK_NOFOLLOW), and the final
> > component is such a proc symlink, then the target of the magic symlink is
> > used for the operation, even if the target itself is a symlink.  I.e. path
> > lookup is always terminated after following a final magic symlink.
> > 
> > I was erronously assuming that in the above case the target symlink would
> > also be followed, and so workarounds were added for a couple of operations
> > to handle the symlink case.  Since the symlink can be handled simply by
> > following the proc symlink, these workardouds are not needed.
> > 
> > Also remove the "norace" option, which disabled the workarounds.
> > 
> > Commit bdfd66788349 ("virtiofsd: Fix xattr operations") already dealt with
> > the same issue for xattr operations.
> > 
> > Signed-off-by: Miklos Szeredi 
> 
> Good to have this cleanup.
> 
> Acked-by: Vivek Goyal 

Queued.

> Vivek
> 
> > ---
> >  tools/virtiofsd/passthrough_ll.c | 175 ++-
> >  1 file changed, 6 insertions(+), 169 deletions(-)
> > 
> > diff --git a/tools/virtiofsd/passthrough_ll.c 
> > b/tools/virtiofsd/passthrough_ll.c
> > index 3ba1d9098460..2ce7c96085bf 100644
> > --- a/tools/virtiofsd/passthrough_ll.c
> > +++ b/tools/virtiofsd/passthrough_ll.c
> > @@ -140,7 +140,6 @@ enum {
> >  struct lo_data {
> >  pthread_mutex_t mutex;
> >  int debug;
> > -int norace;
> >  int writeback;
> >  int flock;
> >  int posix_lock;
> > @@ -176,7 +175,6 @@ static const struct fuse_opt lo_opts[] = {
> >  { "cache=none", offsetof(struct lo_data, cache), CACHE_NONE },
> >  { "cache=auto", offsetof(struct lo_data, cache), CACHE_AUTO },
> >  { "cache=always", offsetof(struct lo_data, cache), CACHE_ALWAYS },
> > -{ "norace", offsetof(struct lo_data, norace), 1 },
> >  { "readdirplus", offsetof(struct lo_data, readdirplus_set), 1 },
> >  { "no_readdirplus", offsetof(struct lo_data, readdirplus_clear), 1 },
> >  FUSE_OPT_END
> > @@ -592,136 +590,6 @@ static void lo_getattr(fuse_req_t req, fuse_ino_t ino,
> >  fuse_reply_attr(req, , lo->timeout);
> >  }
> >  
> > -/*
> > - * Increments parent->nlookup and caller must release refcount using
> > - * lo_inode_put().
> > - */
> > -static int lo_parent_and_name(struct lo_data *lo, struct lo_inode *inode,
> > -  char path[PATH_MAX], struct lo_inode 
> > **parent)
> > -{
> > -char procname[64];
> > -char *last;
> > -struct stat stat;
> > -struct lo_inode *p;
> > -int retries = 2;
> > -int res;
> > -
> > -retry:
> > -sprintf(procname, "%i", inode->fd);
> > -
> > -res = readlinkat(lo->proc_self_fd, procname, path, PATH_MAX);
> > -if (res < 0) {
> > -fuse_log(FUSE_LOG_WARNING, "%s: readlink failed: %m\n", __func__);
> > -goto fail_noretry;
> > -}
> > -
> > -if (res >= PATH_MAX) {
> > -fuse_log(FUSE_LOG_WARNING, "%s: readlink overflowed\n", __func__);
> > -goto fail_noretry;
> > -}
> > -path[res] = '\0';
> > -
> > -last = strrchr(path, '/');
> > -if (last == NULL) {
> > -/* Shouldn't happen */
> > -fuse_log(
> > -FUSE_LOG_WARNING,
> > -"%s: INTERNAL ERROR: bad path read from proc\n", __func__);
> > -goto fail_noretry;
> > -}
> > -if (last == path) {
> > -p = >root;
> > -pthread_mutex_lock(>mutex);
> > -p->nlookup++;
> > -g_atomic_int_inc(>refcount);
> > -pthread_mutex_unlock(>mutex);
> > -} else {
> > -*last = '\0';
> > -res = fstatat(AT_FDCWD, last == path ? "/" : path, , 0);
> > -if (res == -1) {
> > -if (!retries) {
> > -fuse_log(FUSE_LOG_WARNING,
> > - "%s: failed to stat parent: %m\n", __func__);
> > -}
> > -goto fail;
> > -}
> > -p = lo_find(lo, );
> > -if (p == NULL) {
> > -if (!retries) {
> > -fuse_log(FUSE_LOG_WARNING,
> > - "%s: failed to find parent\n", __func__);
> > -}
> > -goto fail;
> > -}
> > -}
> > -last++;
> > -res = fstatat(p->fd, last, , AT_SYMLINK_NOFOLLOW);
> > -if (res == -1) {
> > -if (!retries) {
> > -fuse_log(FUSE_LOG_WARNING,
> > - "%s: failed to stat last\n", __func__);
> > -}
> > -goto fail_unref;
> > -}
> > -if (stat.st_dev != inode->key.dev || stat.st_ino != inode->key.ino) {
> > -if (!retries) {
> > -fuse_log(FUSE_LOG_WARNING,
> > - "%s: failed to match last\n", __func__);
> > -

Re: [PATCH 2/2] sev: scan guest ROM for launch secret address

[Tom Lendacky]

On 5/28/20 3:51 PM, Tobin Feldman-Fitzthum wrote:

From: Tobin Feldman-Fitzthum 

In addition to using QMP to provide the guest memory address
that the launch secret blob will be injected into, the
secret address can also be specified in the guest ROM. This
patch adds sev_find_secret_gpa, which scans the ROM page by
page to find a launch secret table identified by a GUID. If
the table is found, the address it contains will be used
in place of any address specified via QMP.


I'm working on something similar for SEV-ES support in OVMF (see 
https://www.mail-archive.com/devel@edk2.groups.io/msg20716.html). The GUID 
is placed at a fixed location from the end of the ROM. One of the OVMF 
maintainers recommended the approach and I think we should work to support 
the guest LAUNCH SECRET GPA using the same GUID. This particular patch 
should be delayed until an OVMF method is accepted, so that it doesn't 
have to be reworked.


Thanks,
Tom



Signed-off-by: Tobin Feldman-Fitzthum 
---
  target/i386/sev.c  | 34 --
  target/i386/sev_i386.h | 16 
  2 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 774e47d9d1..4adc56d7e3 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -706,6 +706,8 @@ sev_guest_init(const char *id)
  s->api_major = status.api_major;
  s->api_minor = status.api_minor;
  
+s->secret_gpa = 0;

+
  trace_kvm_sev_init();
  ret = sev_ioctl(s->sev_fd, KVM_SEV_INIT, NULL, _error);
  if (ret) {
@@ -731,6 +733,28 @@ err:
  return NULL;
  }
  
+static void

+sev_find_secret_gpa(uint8_t *ptr, uint64_t len)
+{
+uint64_t offset;
+
+SevROMSecretTable *secret_table;
+QemuUUID secret_table_guid;
+
+qemu_uuid_parse(SEV_ROM_SECRET_GUID,_table_guid);
+secret_table_guid = qemu_uuid_bswap(secret_table_guid);
+
+offset = len - 0x1000;
+while(offset > 0) {
+secret_table = (SevROMSecretTable *)(ptr + offset);
+if(qemu_uuid_is_equal(_table_guid, (QemuUUID *) secret_table)){
+sev_state->secret_gpa = (long unsigned int) secret_table->base;
+break;
+}
+offset -= 0x1000;
+}
+}
+
  int
  sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len)
  {
@@ -738,6 +762,9 @@ sev_encrypt_data(void *handle, uint8_t *ptr, uint64_t len)
  
  /* if SEV is in update state then encrypt the data else do nothing */

  if (sev_check_state(SEV_STATE_LAUNCH_UPDATE)) {
+if(!sev_state->secret_gpa) {
+sev_find_secret_gpa(ptr, len);
+   }
  return sev_launch_update_data(ptr, len);
  }
  
@@ -776,8 +803,8 @@ int sev_inject_launch_secret(const char *packet_hdr,
  
  /* secret can be inject only in this state */

  if (!sev_check_state(SEV_STATE_LAUNCH_SECRET)) {
-   error_report("Not in correct state. %x",sev_state->state);
-   return 1;
+error_report("Not in correct state. %x",sev_state->state);
+return 1;
  }
  
  hdr = g_base64_decode(packet_hdr, _sz);

@@ -792,6 +819,9 @@ int sev_inject_launch_secret(const char *packet_hdr,
  goto err;
  }
  
+if(sev_state->secret_gpa)

+gpa = sev_state->secret_gpa;
+
  hva = gpa2hva(gpa, data_sz);
  if (!hva) {
  goto err;
diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h
index 8ada9d385d..b1f9ab93bb 100644
--- a/target/i386/sev_i386.h
+++ b/target/i386/sev_i386.h
@@ -19,6 +19,7 @@
  #include "sysemu/kvm.h"
  #include "sysemu/sev.h"
  #include "qemu/error-report.h"
+#include "qemu/uuid.h"
  #include "qapi/qapi-types-misc-target.h"
  
  #define SEV_POLICY_NODBG0x1

@@ -28,6 +29,8 @@
  #define SEV_POLICY_DOMAIN   0x10
  #define SEV_POLICY_SEV  0x20
  
+#define SEV_ROM_SECRET_GUID "adf956ad-e98c-484c-ae11-b51c7d336447"

+
  #define TYPE_QSEV_GUEST_INFO "sev-guest"
  #define QSEV_GUEST_INFO(obj)  \
  OBJECT_CHECK(QSevGuestInfo, (obj), TYPE_QSEV_GUEST_INFO)
@@ -42,6 +45,18 @@ extern SevCapability *sev_get_capabilities(void);
  
  typedef struct QSevGuestInfo QSevGuestInfo;

  typedef struct QSevGuestInfoClass QSevGuestInfoClass;
+typedef struct SevROMSecretTable SevROMSecretTable;
+
+/**
+ * If guest physical address for the launch secret is
+ * provided in the ROM, it should be in the following
+ * page-aligned structure.
+ */
+struct SevROMSecretTable {
+QemuUUID guid;
+unsigned int base;
+unsigned int size;
+};
  
  /**

   * QSevGuestInfo:
@@ -78,6 +93,7 @@ struct SEVState {
  uint32_t cbitpos;
  uint32_t reduced_phys_bits;
  uint32_t handle;
+uint64_t secret_gpa;
  int sev_fd;
  SevState state;
  gchar *measurement;

[PATCH] acpi: tpm: Do not build TCPA table for TPM 2

[Stefan Berger]

From: Stefan Berger 

Do not build a TCPA table for TPM 2 anymore but create the log area when
building the TPM2 table. The TCPA table is only needed for TPM 1.2.

Signed-off-by: Stefan Berger 
---
 hw/i386/acpi-build.c | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 2e15f6848e..b5669d6c65 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2317,6 +2317,10 @@ build_tpm2(GArray *table_data, BIOSLinker *linker, 
GArray *tcpalog)
 tpm2_ptr->log_area_minimum_length =
 cpu_to_le32(TPM_LOG_AREA_MINIMUM_SIZE);
 
+acpi_data_push(tcpalog, le32_to_cpu(tpm2_ptr->log_area_minimum_length));
+bios_linker_loader_alloc(linker, ACPI_BUILD_TPMLOG_FILE, tcpalog, 1,
+ false);
+
 /* log area start address to be filled by Guest linker */
 bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
log_addr_offset, log_addr_size,
@@ -2848,10 +2852,10 @@ void acpi_build(AcpiBuildTables *tables, MachineState 
*machine)
 build_hpet(tables_blob, tables->linker);
 }
 if (misc.tpm_version != TPM_VERSION_UNSPEC) {
-acpi_add_table(table_offsets, tables_blob);
-build_tpm_tcpa(tables_blob, tables->linker, tables->tcpalog);
-
-if (misc.tpm_version == TPM_VERSION_2_0) {
+if (misc.tpm_version == TPM_VERSION_1_2) {
+acpi_add_table(table_offsets, tables_blob);
+build_tpm_tcpa(tables_blob, tables->linker, tables->tcpalog);
+} else { /* TPM_VERSION_2_0 */
 acpi_add_table(table_offsets, tables_blob);
 build_tpm2(tables_blob, tables->linker, tables->tcpalog);
 }
-- 
2.24.1

Re: [PATCH v4 9/9] iotests: rename and move 169 and 199 tests

[John Snow]

On 5/27/20 2:50 PM, Vladimir Sementsov-Ogievskiy wrote:
> 
> Hmm. Actually, I think, it's not a problem to continue support ranges of
> tests for number test names, if you need it.
> 
> Note a new paramter --start-from, which is here to re-run failed 
> ./check run from the middle of the process, is it your use-case or not?

Yeah, that'll solve that for me! I pretty much care only about excluding
tests sometimes, and running ranges was just a way to do that.

Re: [PATCH] acpi: tpm: Do not build TCPA table for TPM 2

[Marc-André Lureau]

On Fri, May 29, 2020 at 9:28 PM Stefan Berger 
wrote:

> From: Stefan Berger 
>
> Do not build a TCPA table for TPM 2 anymore but create the log area when
> building the TPM2 table. The TCPA table is only needed for TPM 1.2.
>
> Signed-off-by: Stefan Berger 
>

Reviewed-by: Marc-André Lureau 

---
>  hw/i386/acpi-build.c | 12 
>  1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index 2e15f6848e..b5669d6c65 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -2317,6 +2317,10 @@ build_tpm2(GArray *table_data, BIOSLinker *linker,
> GArray *tcpalog)
>  tpm2_ptr->log_area_minimum_length =
>  cpu_to_le32(TPM_LOG_AREA_MINIMUM_SIZE);
>
> +acpi_data_push(tcpalog,
> le32_to_cpu(tpm2_ptr->log_area_minimum_length));
> +bios_linker_loader_alloc(linker, ACPI_BUILD_TPMLOG_FILE, tcpalog, 1,
> + false);
> +
>  /* log area start address to be filled by Guest linker */
>  bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
> log_addr_offset, log_addr_size,
> @@ -2848,10 +2852,10 @@ void acpi_build(AcpiBuildTables *tables,
> MachineState *machine)
>  build_hpet(tables_blob, tables->linker);
>  }
>  if (misc.tpm_version != TPM_VERSION_UNSPEC) {
> -acpi_add_table(table_offsets, tables_blob);
> -build_tpm_tcpa(tables_blob, tables->linker, tables->tcpalog);
> -
> -if (misc.tpm_version == TPM_VERSION_2_0) {
> +if (misc.tpm_version == TPM_VERSION_1_2) {
> +acpi_add_table(table_offsets, tables_blob);
> +build_tpm_tcpa(tables_blob, tables->linker, tables->tcpalog);
> +} else { /* TPM_VERSION_2_0 */
>  acpi_add_table(table_offsets, tables_blob);
>  build_tpm2(tables_blob, tables->linker, tables->tcpalog);
>  }
> --
> 2.24.1
>
>

-- 
Marc-André Lureau

Re: [PATCH v8 30/62] target/riscv: Update fp_status when float rounding mode changes

[Alistair Francis]

On Thu, May 21, 2020 at 3:45 AM LIU Zhiwei  wrote:
>
> For scalar float instruction, round mode is encoded in instruction,
> so fp_status is updating dynamiclly.
>
> For vector float instruction, round mode is always frm, so
> update fp_status when frm changes is enough.
>
> Signed-off-by: LIU Zhiwei 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/csr.c|  7 +++
>  target/riscv/fpu_helper.c | 19 ++-
>  target/riscv/internals.h  |  3 +++
>  3 files changed, 24 insertions(+), 5 deletions(-)
>
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index d71c49dfff..438093152b 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -22,6 +22,7 @@
>  #include "cpu.h"
>  #include "qemu/main-loop.h"
>  #include "exec/exec-all.h"
> +#include "internals.h"
>
>  /* CSR function table */
>  static riscv_csr_operations csr_ops[];
> @@ -174,6 +175,9 @@ static int write_frm(CPURISCVState *env, int csrno, 
> target_ulong val)
>  env->mstatus |= MSTATUS_FS;
>  #endif
>  env->frm = val & (FSR_RD >> FSR_RD_SHIFT);
> +if (!riscv_cpu_set_rounding_mode(env, env->frm)) {
> +return -1;
> +}
>  return 0;
>  }
>
> @@ -207,6 +211,9 @@ static int write_fcsr(CPURISCVState *env, int csrno, 
> target_ulong val)
>  env->vxsat = (val & FSR_VXSAT) >> FSR_VXSAT_SHIFT;
>  }
>  riscv_cpu_set_fflags(env, (val & FSR_AEXC) >> FSR_AEXC_SHIFT);
> +if (!riscv_cpu_set_rounding_mode(env, env->frm)) {
> +return -1;
> +}
>  return 0;
>  }
>
> diff --git a/target/riscv/fpu_helper.c b/target/riscv/fpu_helper.c
> index 0b79562a69..262610e837 100644
> --- a/target/riscv/fpu_helper.c
> +++ b/target/riscv/fpu_helper.c
> @@ -50,13 +50,10 @@ void riscv_cpu_set_fflags(CPURISCVState *env, 
> target_ulong hard)
>  set_float_exception_flags(soft, >fp_status);
>  }
>
> -void helper_set_rounding_mode(CPURISCVState *env, uint32_t rm)
> +bool riscv_cpu_set_rounding_mode(CPURISCVState *env, uint32_t rm)
>  {
>  int softrm;
>
> -if (rm == 7) {
> -rm = env->frm;
> -}
>  switch (rm) {
>  case 0:
>  softrm = float_round_nearest_even;
> @@ -74,10 +71,22 @@ void helper_set_rounding_mode(CPURISCVState *env, 
> uint32_t rm)
>  softrm = float_round_ties_away;
>  break;
>  default:
> -riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC());
> +return false;
>  }
>
>  set_float_rounding_mode(softrm, >fp_status);
> +return true;
> +}
> +
> +void helper_set_rounding_mode(CPURISCVState *env, uint32_t rm)
> +{
> +if (rm == 7) {
> +rm = env->frm;
> +}
> +
> +if (!riscv_cpu_set_rounding_mode(env, rm)) {
> +riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC());
> +}
>  }
>
>  uint64_t helper_fmadd_s(CPURISCVState *env, uint64_t frs1, uint64_t frs2,
> diff --git a/target/riscv/internals.h b/target/riscv/internals.h
> index f699d80c41..52f6af2513 100644
> --- a/target/riscv/internals.h
> +++ b/target/riscv/internals.h
> @@ -27,4 +27,7 @@ FIELD(VDATA, VM, 8, 1)
>  FIELD(VDATA, LMUL, 9, 2)
>  FIELD(VDATA, NF, 11, 4)
>  FIELD(VDATA, WD, 11, 1)
> +
> +/* set float rounding mode */
> +bool riscv_cpu_set_rounding_mode(CPURISCVState *env, uint32_t rm);
>  #endif
> --
> 2.23.0
>
>

[PATCH v2 4/4] check-block: enable iotests with SafeStack

[Daniele Buono]

SafeStack is a stack protection technique implemented in llvm. It is
enabled with a -fsanitize flag.
iotests are currently disabled when any -fsanitize option is used,
because such options tend to produce additional warnings and false
positives.

While common -fsanitize options are used to verify the code and not
added in production, SafeStack's main use is in production environments
to protect against stack smashing.

Since SafeStack does not print any warning or false positive, enable
iotests when SafeStack is the only -fsanitize option used.
This is likely going to be a production binary and we want to make sure
it works correctly.

Signed-off-by: Daniele Buono 
---
 tests/check-block.sh | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/tests/check-block.sh b/tests/check-block.sh
index ad320c21ba..8e29c868e5 100755
--- a/tests/check-block.sh
+++ b/tests/check-block.sh
@@ -21,7 +21,17 @@ if grep -q "CONFIG_GPROF=y" config-host.mak 2>/dev/null ; 
then
 exit 0
 fi
 
-if grep -q "CFLAGS.*-fsanitize" config-host.mak 2>/dev/null ; then
+# Disable tests with any sanitizer except for SafeStack
+CFLAGS=$( grep "CFLAGS.*-fsanitize" config-host.mak 2>/dev/null )
+SANITIZE_FLAGS=""
+#Remove all occurrencies of -fsanitize=safe-stack
+for i in ${CFLAGS}; do
+if [ "${i}" != "-fsanitize=safe-stack" ]; then
+SANITIZE_FLAGS="${SANITIZE_FLAGS} ${i}"
+fi
+done
+if echo ${SANITIZE_FLAGS} | grep -q "\-fsanitize" 2>/dev/null; then
+# Have a sanitize flag that is not allowed, stop
 echo "Sanitizers are enabled ==> Not running the qemu-iotests."
 exit 0
 fi
-- 
2.26.2

Re: [PATCH Kernel v24 0/8] Add UAPIs to support migration for VFIO devices

[Alex Williamson]

On Fri, 29 May 2020 02:00:46 +0530
Kirti Wankhede  wrote:

> Hi,
> 
> This patch set adds:
> * IOCTL VFIO_IOMMU_DIRTY_PAGES to get dirty pages bitmap with
>   respect to IOMMU container rather than per device. All pages pinned by
>   vendor driver through vfio_pin_pages external API has to be marked as
>   dirty during  migration. When IOMMU capable device is present in the
>   container and all pages are pinned and mapped, then all pages are marked
>   dirty.
>   When there are CPU writes, CPU dirty page tracking can identify dirtied
>   pages, but any page pinned by vendor driver can also be written by
>   device. As of now there is no device which has hardware support for
>   dirty page tracking. So all pages which are pinned should be considered
>   as dirty.
>   This ioctl is also used to start/stop dirty pages tracking for pinned and
>   unpinned pages while migration is active.
> 
> * Updated IOCTL VFIO_IOMMU_UNMAP_DMA to get dirty pages bitmap before
>   unmapping IO virtual address range.
>   With vIOMMU, during pre-copy phase of migration, while CPUs are still
>   running, IO virtual address unmap can happen while device still keeping
>   reference of guest pfns. Those pages should be reported as dirty before
>   unmap, so that VFIO user space application can copy content of those
>   pages from source to destination.
> 
> * Patch 8 detect if IOMMU capable device driver is smart to report pages
>   to be marked dirty by pinning pages using vfio_pin_pages() API.
> 
> 
> Yet TODO:
> Since there is no device which has hardware support for system memmory
> dirty bitmap tracking, right now there is no other API from vendor driver
> to VFIO IOMMU module to report dirty pages. In future, when such hardware
> support will be implemented, an API will be required such that vendor
> driver could report dirty pages to VFIO module during migration phases.
> 
> v23 -> v24
> - Fixed nit picks by Cornelia
> - Fixed warning reported by test robot.

Applied to my next branch for v5.8.  Thanks for your persistence and
for everyone's participation!  Thanks,

Alex

> v22 -> v23
> - Fixed issue reported by Yan
> https://lore.kernel.org/kvm/97977ede-3c5b-c5a5-7858-7eecd7dd5...@nvidia.com/
> - Fixed nit picks suggested by Cornelia
> 
> v21 -> v22
> - Fixed issue raised by Alex :
> https://lore.kernel.org/kvm/20200515163307.72951...@w520.home/
> 
> v20 -> v21
> - Added checkin for GET_BITMAP ioctl for vfio_dma boundaries.
> - Updated unmap ioctl function - as suggested by Alex.
> - Updated comments in DIRTY_TRACKING ioctl definition - as suggested by
>   Cornelia.
> 
> v19 -> v20
> - Fixed ioctl to get dirty bitmap to get bitmap of multiple vfio_dmas
> - Fixed unmap ioctl to get dirty bitmap of multiple vfio_dmas.
> - Removed flag definition from migration capability.
> 
> v18 -> v19
> - Updated migration capability with supported page sizes bitmap for dirty
>   page tracking and  maximum bitmap size supported by kernel module.
> - Added patch to calculate and cache pgsize_bitmap when iommu->domain_list
>   is updated.
> - Removed extra buffers added in previous version for bitmap manipulation
>   and optimised the code.
> 
> v17 -> v18
> - Add migration capability to the capability chain for VFIO_IOMMU_GET_INFO
>   ioctl
> - Updated UMAP_DMA ioctl to return bitmap of multiple vfio_dma
> 
> v16 -> v17
> - Fixed errors reported by kbuild test robot  on i386
> 
> v15 -> v16
> - Minor edits and nit picks (Auger Eric)
> - On copying bitmap to user, re-populated bitmap only for pinned pages,
>   excluding unmapped pages and CPU dirtied pages.
> - Patches are on tag: next-20200318 and 1-3 patches from Yan's series
>   https://lkml.org/lkml/2020/3/12/1255
> 
> v14 -> v15
> - Minor edits and nit picks.
> - In the verification of user allocated bitmap memory, added check of
>maximum size.
> - Patches are on tag: next-20200318 and 1-3 patches from Yan's series
>   https://lkml.org/lkml/2020/3/12/1255
> 
> v13 -> v14
> - Added struct vfio_bitmap to kabi. updated structure
>   vfio_iommu_type1_dirty_bitmap_get and vfio_iommu_type1_dma_unmap.
> - All small changes suggested by Alex.
> - Patches are on tag: next-20200318 and 1-3 patches from Yan's series
>   https://lkml.org/lkml/2020/3/12/1255
> 
> v12 -> v13
> - Changed bitmap allocation in vfio_iommu_type1 to per vfio_dma
> - Changed VFIO_IOMMU_DIRTY_PAGES ioctl behaviour to be per vfio_dma range.
> - Changed vfio_iommu_type1_dirty_bitmap structure to have separate data
>   field.
> 
> v11 -> v12
> - Changed bitmap allocation in vfio_iommu_type1.
> - Remove atomicity of ref_count.
> - Updated comments for migration device state structure about error
>   reporting.
> - Nit picks from v11 reviews
> 
> v10 -> v11
> - Fix pin pages API to free vpfn if it is marked as unpinned tracking page.
> - Added proposal to detect if IOMMU capable device calls external pin pages
>   API to mark pages dirty.
> - Nit picks from v10 reviews
> 
> v9 -> v10:
> - Updated existing 

Re: [PATCH 0/3] Couple of HMAT fixes

[no-reply]

Patchew URL: https://patchew.org/QEMU/cover.1590753455.git.mpriv...@redhat.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

  TESTcheck-qtest-x86_64: tests/qtest/test-x86-cpuid-compat
  TESTcheck-qtest-x86_64: tests/qtest/numa-test
**
ERROR:/tmp/qemu-test/src/tests/qtest/numa-test.c:524:pc_hmat_erange_cfg: 
'qmp_rsp_is_err(qtest_qmp(qs, "{ 'execute': 'set-numa-node'," " 'arguments': { 
'type': 'hmat-cache', 'node-id': 0, 'size': 10240," " 'level': 1, 
'associativity': \"direct\", 'policy': \"write-back\"," " 'line': 8 } }"))' 
should be TRUE
ERROR - Bail out! 
ERROR:/tmp/qemu-test/src/tests/qtest/numa-test.c:524:pc_hmat_erange_cfg: 
'qmp_rsp_is_err(qtest_qmp(qs, "{ 'execute': 'set-numa-node'," " 'arguments': { 
'type': 'hmat-cache', 'node-id': 0, 'size': 10240," " 'level': 1, 
'associativity': \"direct\", 'policy': \"write-back\"," " 'line': 8 } }"))' 
should be TRUE
/tmp/qemu-test/src/tests/qtest/libqtest.c:175: kill_qemu() detected QEMU death 
from signal 15 (Terminated)
make: *** [check-qtest-x86_64] Error 1
make: *** Waiting for unfinished jobs
  TESTiotest-qcow2: 176
  TESTiotest-qcow2: 177
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=2b956b136ef4469f9b237fa0b3cad819', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-voh1aoeh/src/docker-src.2020-05-29-15.56.38.16826:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=2b956b136ef4469f9b237fa0b3cad819
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-voh1aoeh/src'
make: *** [docker-run-test-quick@centos7] Error 2

real14m39.846s
user0m8.869s


The full log is available at
http://patchew.org/logs/cover.1590753455.git.mpriv...@redhat.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PATCH v8 04/12] tests/vm: Pass --debug through for vm-boot-ssh.

[Robert Foley]

This helps debug issues that occur during the boot sequence.

Signed-off-by: Robert Foley 
Reviewed-by: Peter Puhov 
Reviewed-by: Alex Bennée 
---
 tests/vm/Makefile.include | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index d9b34eae63..e22c391a2a 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -97,6 +97,7 @@ vm-boot-ssh-%: $(IMAGES_DIR)/%.img
$(call quiet-command, \
$(PYTHON) $(SRC_PATH)/tests/vm/$* \
$(if $(J),--jobs $(J)) \
+   $(if $(V)$(DEBUG), --debug) \
--image "$<" \
--interactive \
false, \
-- 
2.17.1

[PATCH v8 05/12] tests/vm: Add ability to select QEMU from current build.

[Robert Foley]

Added a new special variable QEMU_LOCAL=1, which
will indicate to take the QEMU binary from the current
build.

Signed-off-by: Robert Foley 
Reviewed-by: Peter Puhov 
Reviewed-by: Alex Bennée 
---
 tests/vm/Makefile.include |  4 
 tests/vm/basevm.py| 23 ---
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index e22c391a2a..f6c3892bb2 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -41,6 +41,7 @@ endif
@echo "J=[0..9]* - Override the -jN parameter 
for make commands"
@echo "DEBUG=1   - Enable verbose output on 
host and interactive debugging"
@echo "V=1   - Enable verbose ouput on host 
and guest commands"
+   @echo "QEMU_LOCAL=1 - Use QEMU binary local to this 
build."
@echo "QEMU=/path/to/qemu- Change path to QEMU binary"
@echo "QEMU_IMG=/path/to/qemu-img- Change path to qemu-img tool"
 ifeq ($(PYTHON_YAML),yes)
@@ -63,6 +64,7 @@ $(IMAGES_DIR)/%.img:  $(SRC_PATH)/tests/vm/% \
$(PYTHON) $< \
$(if $(V)$(DEBUG), --debug) \
$(if $(GENISOIMAGE),--genisoimage $(GENISOIMAGE)) \
+   $(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
--image "$@" \
--force \
--build-image $@, \
@@ -77,6 +79,7 @@ vm-build-%: $(IMAGES_DIR)/%.img
$(if $(DEBUG), --interactive) \
$(if $(J),--jobs $(J)) \
$(if $(V),--verbose) \
+   $(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
--image "$<" \
$(if $(BUILD_TARGET),--build-target $(BUILD_TARGET)) \
--snapshot \
@@ -98,6 +101,7 @@ vm-boot-ssh-%: $(IMAGES_DIR)/%.img
$(PYTHON) $(SRC_PATH)/tests/vm/$* \
$(if $(J),--jobs $(J)) \
$(if $(V)$(DEBUG), --debug) \
+   $(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
--image "$<" \
--interactive \
false, \
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 7d23ae279b..75a7ac2bd3 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -91,6 +91,7 @@ class BaseVM(object):
 def __init__(self, args, config=None):
 self._guest = None
 self._genisoimage = args.genisoimage
+self._build_path = args.build_path
 # Allow input config to override defaults.
 self._config = DEFAULT_CONFIG.copy()
 if config != None:
@@ -275,15 +276,15 @@ class BaseVM(object):
 args = self._args + boot_params.split(' ')
 args += self._data_args + extra_args + self._config['extra_args']
 logging.debug("QEMU args: %s", " ".join(args))
-qemu_bin = os.environ.get("QEMU", "qemu-system-" + self.arch)
-guest = QEMUMachine(binary=qemu_bin, args=args)
+qemu_path = get_qemu_path(self.arch, self._build_path)
+guest = QEMUMachine(binary=qemu_path, args=args)
 guest.set_machine(self._config['machine'])
 guest.set_console()
 try:
 guest.launch()
 except:
 logging.error("Failed to launch QEMU, command line:")
-logging.error(" ".join([qemu_bin] + args))
+logging.error(" ".join([qemu_path] + args))
 logging.error("Log:")
 logging.error(guest.get_log())
 logging.error("QEMU version >= 2.10 is required")
@@ -482,6 +483,19 @@ class BaseVM(object):
   stderr=self._stdout)
 return os.path.join(cidir, "cloud-init.iso")
 
+def get_qemu_path(arch, build_path=None):
+"""Fetch the path to the qemu binary."""
+# If QEMU environment variable set, it takes precedence
+if "QEMU" in os.environ:
+qemu_path = os.environ["QEMU"]
+elif build_path:
+qemu_path = os.path.join(build_path, arch + "-softmmu")
+qemu_path = os.path.join(qemu_path, "qemu-system-" + arch)
+else:
+# Default is to use system path for qemu.
+qemu_path = "qemu-system-" + arch
+return qemu_path
+
 def parse_config(config, args):
 """ Parse yaml config and populate our config structure.
 The yaml config allows the user to override the
@@ -556,6 +570,9 @@ def parse_args(vmcls):
 parser.add_option("--config", "-c", default=None,
   help="Provide config yaml for configuration. "\
"See config_example.yaml for example.")
+parser.add_option("--build-path", default=None,
+  help="Path of build directory, "\
+   "for using build tree QEMU binary. ")
 parser.disable_interspersed_args()
 return parser.parse_args()
 
-- 
2.17.1

Re: [PATCH v8 42/62] target/riscv: vector floating-point merge instructions

[Alistair Francis]

On Thu, May 21, 2020 at 4:09 AM LIU Zhiwei  wrote:
>
> Signed-off-by: LIU Zhiwei 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/helper.h   |  4 +++
>  target/riscv/insn32.decode  |  2 ++
>  target/riscv/insn_trans/trans_rvv.inc.c | 38 +
>  target/riscv/vector_helper.c| 24 
>  4 files changed, 68 insertions(+)
>
> diff --git a/target/riscv/helper.h b/target/riscv/helper.h
> index 23b268df90..21054cc957 100644
> --- a/target/riscv/helper.h
> +++ b/target/riscv/helper.h
> @@ -994,3 +994,7 @@ DEF_HELPER_6(vmford_vf_d, void, ptr, ptr, i64, ptr, env, 
> i32)
>  DEF_HELPER_5(vfclass_v_h, void, ptr, ptr, ptr, env, i32)
>  DEF_HELPER_5(vfclass_v_w, void, ptr, ptr, ptr, env, i32)
>  DEF_HELPER_5(vfclass_v_d, void, ptr, ptr, ptr, env, i32)
> +
> +DEF_HELPER_6(vfmerge_vfm_h, void, ptr, ptr, i64, ptr, env, i32)
> +DEF_HELPER_6(vfmerge_vfm_w, void, ptr, ptr, i64, ptr, env, i32)
> +DEF_HELPER_6(vfmerge_vfm_d, void, ptr, ptr, i64, ptr, env, i32)
> diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> index 23e80fe954..14cb4e2e66 100644
> --- a/target/riscv/insn32.decode
> +++ b/target/riscv/insn32.decode
> @@ -513,6 +513,8 @@ vmfge_vf01 . . . 101 . 1010111 
> @r_vm
>  vmford_vv   011010 . . . 001 . 1010111 @r_vm
>  vmford_vf   011010 . . . 101 . 1010111 @r_vm
>  vfclass_v   100011 . . 1 001 . 1010111 @r2_vm
> +vfmerge_vfm 010111 0 . . 101 . 1010111 @r_vm_0
> +vfmv_v_f010111 1 0 . 101 . 1010111 @r2
>
>  vsetvli 0 ... . 111 . 1010111  @r2_zimm
>  vsetvl  100 . . 111 . 1010111  @r
> diff --git a/target/riscv/insn_trans/trans_rvv.inc.c 
> b/target/riscv/insn_trans/trans_rvv.inc.c
> index 621220e5ff..dfa2177331 100644
> --- a/target/riscv/insn_trans/trans_rvv.inc.c
> +++ b/target/riscv/insn_trans/trans_rvv.inc.c
> @@ -2177,3 +2177,41 @@ GEN_OPFVF_TRANS(vmford_vf, opfvf_cmp_check)
>
>  /* Vector Floating-Point Classify Instruction */
>  GEN_OPFV_TRANS(vfclass_v, opfv_check)
> +
> +/* Vector Floating-Point Merge Instruction */
> +GEN_OPFVF_TRANS(vfmerge_vfm,  opfvf_check)
> +
> +static bool trans_vfmv_v_f(DisasContext *s, arg_vfmv_v_f *a)
> +{
> +if (vext_check_isa_ill(s) &&
> +vext_check_reg(s, a->rd, false) &&
> +(s->sew != 0)) {
> +
> +if (s->vl_eq_vlmax) {
> +tcg_gen_gvec_dup_i64(s->sew, vreg_ofs(s, a->rd),
> + MAXSZ(s), MAXSZ(s), cpu_fpr[a->rs1]);
> +} else {
> +TCGv_ptr dest;
> +TCGv_i32 desc;
> +uint32_t data = FIELD_DP32(0, VDATA, LMUL, s->lmul);
> +static gen_helper_vmv_vx * const fns[3] = {
> +gen_helper_vmv_v_x_h,
> +gen_helper_vmv_v_x_w,
> +gen_helper_vmv_v_x_d,
> +};
> +TCGLabel *over = gen_new_label();
> +tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_vl, 0, over);
> +
> +dest = tcg_temp_new_ptr();
> +desc = tcg_const_i32(simd_desc(0, s->vlen / 8, data));
> +tcg_gen_addi_ptr(dest, cpu_env, vreg_ofs(s, a->rd));
> +fns[s->sew - 1](dest, cpu_fpr[a->rs1], cpu_env, desc);
> +
> +tcg_temp_free_ptr(dest);
> +tcg_temp_free_i32(desc);
> +gen_set_label(over);
> +}
> +return true;
> +}
> +return false;
> +}
> diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
> index 63d8873c0a..018293570d 100644
> --- a/target/riscv/vector_helper.c
> +++ b/target/riscv/vector_helper.c
> @@ -4193,3 +4193,27 @@ RVVCALL(OPIVV1, vfclass_v_d, OP_UU_D, H8, H8, fclass_d)
>  GEN_VEXT_V(vfclass_v_h, 2, 2, clearh)
>  GEN_VEXT_V(vfclass_v_w, 4, 4, clearl)
>  GEN_VEXT_V(vfclass_v_d, 8, 8, clearq)
> +
> +/* Vector Floating-Point Merge Instruction */
> +#define GEN_VFMERGE_VF(NAME, ETYPE, H, CLEAR_FN)  \
> +void HELPER(NAME)(void *vd, void *v0, uint64_t s1, void *vs2, \
> +  CPURISCVState *env, uint32_t desc)  \
> +{ \
> +uint32_t mlen = vext_mlen(desc);  \
> +uint32_t vm = vext_vm(desc);  \
> +uint32_t vl = env->vl;\
> +uint32_t esz = sizeof(ETYPE); \
> +uint32_t vlmax = vext_maxsz(desc) / esz;  \
> +uint32_t i;   \
> +  \
> +for (i = 0; i < vl; i++) {\
> +ETYPE s2 = *((ETYPE *)vs2 + H(i));\
> +*((ETYPE *)vd + H(i)) \
> +  = (!vm && !vext_elem_mask(v0, mlen, i) ? s2 : s1);  \
> +}

Re: [PATCH v2 1/2] fuzz: skip QTest serialization

[Alexander Bulekov]

This is missing the actual wrapper functions... Sending v3

On 200529 1402, Alexander Bulekov wrote:
> The QTest server usually parses ASCII commands from clients. Since we
> fuzz within the QEMU process, skip the QTest serialization and server
> for most QTest commands. Leave the option to use the ASCII protocol, to
> generate readable traces for crash reproducers.
> 
> Inspired-by: Philippe Mathieu-Daudé 
> Signed-off-by: Alexander Bulekov 
> ---
>  tests/qtest/fuzz/Makefile.include | 21 +
>  tests/qtest/fuzz/fuzz.c   | 14 +-
>  tests/qtest/fuzz/fuzz.h   |  3 +++
>  3 files changed, 37 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/qtest/fuzz/Makefile.include 
> b/tests/qtest/fuzz/Makefile.include
> index f259d866c9..5bde793bf2 100644
> --- a/tests/qtest/fuzz/Makefile.include
> +++ b/tests/qtest/fuzz/Makefile.include
> @@ -5,6 +5,7 @@ fuzz-obj-y += $(libqos-obj-y)
>  fuzz-obj-y += tests/qtest/fuzz/fuzz.o # Fuzzer skeleton
>  fuzz-obj-y += tests/qtest/fuzz/fork_fuzz.o
>  fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o
> +fuzz-obj-y += tests/qtest/fuzz/qtest_wrappers.o
>  
>  # Targets
>  fuzz-obj-$(CONFIG_PCI_I440FX) += tests/qtest/fuzz/i440fx_fuzz.o
> @@ -16,3 +17,23 @@ FUZZ_CFLAGS += -I$(SRC_PATH)/tests 
> -I$(SRC_PATH)/tests/qtest
>  # Linker Script to force coverage-counters into known regions which we can 
> mark
>  # shared
>  FUZZ_LDFLAGS += -Xlinker -T$(SRC_PATH)/tests/qtest/fuzz/fork_fuzz.ld
> +
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_inb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_inw
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_inl
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_outb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_outw
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_outl
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readw
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readl
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_readq
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writeb
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writew
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writel
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_writeq
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_memread
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_bufread
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_memwrite
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_bufwrite
> +FUZZ_LDFLAGS += -Wl,-wrap,qtest_memset
> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> index f5c923852e..cf76a6636f 100644
> --- a/tests/qtest/fuzz/fuzz.c
> +++ b/tests/qtest/fuzz/fuzz.c
> @@ -91,7 +91,10 @@ static void usage(char *path)
>  printf(" * %s  : %s\n", tmp->target->name,
>  tmp->target->description);
>  }
> -printf("Alternatively, add -target-FUZZ_TARGET to the executable 
> name\n");
> +printf("Alternatively, add -target-FUZZ_TARGET to the executable 
> name\n\n"
> +   "Set the environment variable FUZZ_SERIALIZE_QTEST=1 to 
> serialize\n"
> +   "QTest commands into an ASCII protocol. Useful for building 
> crash\n"
> +   "reproducers, but slows down execution.\n");
>  exit(0);
>  }
>  
> @@ -137,6 +140,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
> ***envp)
>  {
>  
>  char *target_name;
> +char *dir;
> +bool serialize = false;
>  
>  /* Initialize qgraph and modules */
>  qos_graph_init();
> @@ -157,6 +162,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
> ***envp)
>  usage(**argv);
>  }
>  
> +/* Should we always serialize qtest commands? */
> +if (getenv("FUZZ_SERIALIZE_QTEST")) {
> +serialize = true;
> +}
> +
> +fuzz_qtest_set_serialize(serialize);
> +
>  /* Identify the fuzz target */
>  fuzz_target = fuzz_get_target(target_name);
>  if (!fuzz_target) {
> diff --git a/tests/qtest/fuzz/fuzz.h b/tests/qtest/fuzz/fuzz.h
> index 03901d414e..72d5710f6c 100644
> --- a/tests/qtest/fuzz/fuzz.h
> +++ b/tests/qtest/fuzz/fuzz.h
> @@ -82,6 +82,9 @@ typedef struct FuzzTarget {
>  void flush_events(QTestState *);
>  void reboot(QTestState *);
>  
> +/* Use the QTest ASCII protocol or call address_space API directly?*/
> +void fuzz_qtest_set_serialize(bool option);
> +
>  /*
>   * makes a copy of *target and adds it to the target-list.
>   * i.e. fine to set up target on the caller's stack
> -- 
> 2.26.2
> 

Re: [PATCH] acpi: tpm: Do not build TCPA table for TPM 2

[Stefan Berger]

On 5/29/20 3:28 PM, Stefan Berger wrote:

From: Stefan Berger 

Do not build a TCPA table for TPM 2 anymore but create the log area when
building the TPM2 table. The TCPA table is only needed for TPM 1.2.


Specs are here: 
https://trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification_v1.20_r8.pdf


TCPA is a TPM 1.2 table and TPM2 tables is sufficient for TPM 2.0.

Re: [RFC v3 0/8] vDPA support in qemu

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200529140620.28759-1-l...@redhat.com/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  io/channel-websock.o
  CC  io/channel-util.o

Warning, treated as error:
/tmp/qemu-test/src/docs/../qemu-options.hx:2920:Inline literal start-string 
without end-string.
  CC  io/dns-resolver.o
  CC  io/net-listener.o
---
  CC  qom/container.o
  CC  qom/qom-qobject.o

Warning, treated as error:
/tmp/qemu-test/src/docs/../qemu-options.hx:2920:Inline literal start-string 
without end-string.
  CC  qom/object_interfaces.o
  CC  qemu-io.o
---
  CC  iothread.o
  CC  job-qmp.o
  CC  os-win32.o
make: *** [Makefile:1103: docs/system/index.html] Error 2
make: *** Waiting for unfinished jobs
make: *** [Makefile:1114: 
.docs_system_qemu.1_docs_system_qemu-block-drivers.7_docs_system_qemu-cpu-models.7.sentinel.]
 Error 2
make: *** Deleting file 
'.docs_system_qemu.1_docs_system_qemu-block-drivers.7_docs_system_qemu-cpu-models.7.sentinel.'
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 664, in 
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=1b05e0f6710048c78da28e8db7addc87', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-9mffj7y4/src/docker-src.2020-05-29-16.35.13.7869:/var/tmp/qemu:z,ro',
 'qemu:fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=1b05e0f6710048c78da28e8db7addc87
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-9mffj7y4/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real1m50.552s
user0m8.680s


The full log is available at
http://patchew.org/logs/20200529140620.28759-1-l...@redhat.com/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PATCH v8 06/12] tests/vm: allow wait_ssh() to specify command

[Robert Foley]

This allows for waiting for completion of arbitrary commands.

Signed-off-by: Robert Foley 
Reviewed-by: Peter Puhov 
Reviewed-by: Alex Bennée 
---
 tests/vm/basevm.py | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 75a7ac2bd3..1aab9e3a24 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -411,24 +411,24 @@ class BaseVM(object):
 def print_step(self, text):
 sys.stderr.write("### %s ...\n" % text)
 
-def wait_ssh(self, wait_root=False, seconds=300):
+def wait_ssh(self, wait_root=False, seconds=300, cmd="exit 0"):
 # Allow more time for VM to boot under TCG.
 if not kvm_available(self.arch):
 seconds *= self.tcg_ssh_timeout_multiplier
 starttime = datetime.datetime.now()
 endtime = starttime + datetime.timedelta(seconds=seconds)
-guest_up = False
+cmd_success = False
 while datetime.datetime.now() < endtime:
-if wait_root and self.ssh_root("exit 0") == 0:
-guest_up = True
+if wait_root and self.ssh_root(cmd) == 0:
+cmd_success = True
 break
-elif self.ssh("exit 0") == 0:
-guest_up = True
+elif self.ssh(cmd) == 0:
+cmd_success = True
 break
 seconds = (endtime - datetime.datetime.now()).total_seconds()
 logging.debug("%ds before timeout", seconds)
 time.sleep(1)
-if not guest_up:
+if not cmd_success:
 raise Exception("Timeout while waiting for guest ssh")
 
 def shutdown(self):
-- 
2.17.1

[PATCH v8 09/12] tests/vm: Added a new script for centos.aarch64.

[Robert Foley]

centos.aarch64 creates a CentOS 8 image.
Also added a new kickstart script used to build the centos.aarch64 image.

Signed-off-by: Robert Foley 
Reviewed-by: Peter Puhov 
Reviewed-by: Alex Bennée 
---
 tests/vm/Makefile.include|   3 +-
 tests/vm/centos-8-aarch64.ks |  51 
 tests/vm/centos.aarch64  | 227 +++
 3 files changed, 280 insertions(+), 1 deletion(-)
 create mode 100644 tests/vm/centos-8-aarch64.ks
 create mode 100755 tests/vm/centos.aarch64

diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index cc71e6ed0a..8cccfaf95d 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -6,7 +6,7 @@ IMAGES := freebsd netbsd openbsd centos fedora
 ifneq ($(GENISOIMAGE),)
 IMAGES += ubuntu.i386 centos
 ifneq ($(EFI_AARCH64),)
-IMAGES += ubuntu.aarch64
+IMAGES += ubuntu.aarch64 centos.aarch64
 endif
 endif
 
@@ -28,6 +28,7 @@ ifneq ($(GENISOIMAGE),)
@echo "  vm-build-ubuntu.i386- Build QEMU in ubuntu i386 VM"
 ifneq ($(EFI_AARCH64),)
@echo "  vm-build-ubuntu.aarch64 - Build QEMU in ubuntu aarch64 
VM"
+   @echo "  vm-build-centos.aarch64 - Build QEMU in CentOS aarch64 
VM"
 else
@echo "  (install qemu-efi-aarch64 to build centos/ubuntu aarch64 
images.)"
 endif
diff --git a/tests/vm/centos-8-aarch64.ks b/tests/vm/centos-8-aarch64.ks
new file mode 100644
index 00..fd6ebe4d49
--- /dev/null
+++ b/tests/vm/centos-8-aarch64.ks
@@ -0,0 +1,51 @@
+# CentOS aarch64 image kickstart file.
+# This file is used by the CentOS installer to
+# script the generation of the image.
+#
+# Copyright 2020 Linaro
+#
+ignoredisk --only-use=vda
+# System bootloader configuration
+bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=vda
+autopart --type=plain
+# Partition clearing information
+clearpart --linux --initlabel --drives=vda
+# Use text mode install
+text
+repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream
+# Use CDROM installation media
+cdrom
+# Keyboard layouts
+keyboard --vckeymap=us --xlayouts=''
+# System language
+lang en_US.UTF-8
+
+# Network information
+network  --bootproto=dhcp --device=enp0s1 --onboot=off --ipv6=auto 
--no-activate
+network  --hostname=localhost.localdomain
+# Run the Setup Agent on first boot
+firstboot --enable
+# Do not configure the X Window System
+skipx
+# System services
+services --enabled="chronyd"
+# System timezone
+timezone America/New_York --isUtc
+
+# Shutdown after installation is complete.
+shutdown
+
+%packages
+@^server-product-environment
+kexec-tools
+
+%end
+
+%addon com_redhat_kdump --enable --reserve-mb='auto'
+
+%end
+%anaconda
+pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
+pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
+pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
+%end
diff --git a/tests/vm/centos.aarch64 b/tests/vm/centos.aarch64
new file mode 100755
index 00..d5232ecdb8
--- /dev/null
+++ b/tests/vm/centos.aarch64
@@ -0,0 +1,227 @@
+#!/usr/bin/env python3
+#
+# Centos aarch64 image
+#
+# Copyright 2020 Linaro
+#
+# Authors:
+#  Robert Foley 
+#  Originally based on ubuntu.aarch64
+#
+# This code is licensed under the GPL version 2 or later.  See
+# the COPYING file in the top-level directory.
+#
+
+import os
+import sys
+import subprocess
+import basevm
+import time
+import traceback
+import aarch64vm
+
+DEFAULT_CONFIG = {
+'cpu'  : "max",
+'machine'  : "virt,gic-version=max",
+'install_cmds' : "yum install -y make git python3 gcc gcc-c++ flex bison, 
"\
+"yum install -y glib2-devel pixman-devel zlib-devel, "\
+"yum install -y perl-Test-Harness, "\
+"alternatives --set python /usr/bin/python3, "\
+"sudo dnf config-manager "\
+"--add-repo=https://download.docker.com/linux/centos/docker-ce.repo,"\
+"sudo dnf install --nobest -y docker-ce.aarch64,"\
+"systemctl enable docker",
+# We increase beyond the default time since during boot
+# it can take some time (many seconds) to log into the VM.
+'ssh_timeout'  : 60,
+}
+
+class CentosAarch64VM(basevm.BaseVM):
+name = "centos.aarch64"
+arch = "aarch64"
+login_prompt = "localhost login:"
+prompt = '[root@localhost ~]#'
+image_name = "CentOS-8-aarch64-1905-dvd1.iso"
+image_link = 
"http://mirrors.usc.edu/pub/linux/distributions/centos/8.0.1905/isos/aarch64/;
+image_link += image_name
+BUILD_SCRIPT = """
+set -e;
+cd $(mktemp -d);
+sudo chmod a+r /dev/vdb;
+tar --checkpoint=.10 -xf /dev/vdb;
+./configure {configure_opts};
+make --output-sync {target} -j{jobs} {verbose};
+"""
+def set_key_perm(self):
+"""Set permissions properly on certain files to allow
+   ssh access."""
+self.console_wait_send(self.prompt,
+   "/usr/sbin/restorecon 

Re: [PATCH v8 43/62] target/riscv: vector floating-point/integer type-convert instructions

[Alistair Francis]

On Thu, May 21, 2020 at 4:11 AM LIU Zhiwei  wrote:
>
> Signed-off-by: LIU Zhiwei 
> Reviewed-by: Richard Henderson 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/helper.h   | 13 ++
>  target/riscv/insn32.decode  |  4 +++
>  target/riscv/insn_trans/trans_rvv.inc.c |  6 +
>  target/riscv/vector_helper.c| 33 +
>  4 files changed, 56 insertions(+)
>
> diff --git a/target/riscv/helper.h b/target/riscv/helper.h
> index 21054cc957..05f8fb5ffc 100644
> --- a/target/riscv/helper.h
> +++ b/target/riscv/helper.h
> @@ -998,3 +998,16 @@ DEF_HELPER_5(vfclass_v_d, void, ptr, ptr, ptr, env, i32)
>  DEF_HELPER_6(vfmerge_vfm_h, void, ptr, ptr, i64, ptr, env, i32)
>  DEF_HELPER_6(vfmerge_vfm_w, void, ptr, ptr, i64, ptr, env, i32)
>  DEF_HELPER_6(vfmerge_vfm_d, void, ptr, ptr, i64, ptr, env, i32)
> +
> +DEF_HELPER_5(vfcvt_xu_f_v_h, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_xu_f_v_w, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_xu_f_v_d, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_x_f_v_h, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_x_f_v_w, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_x_f_v_d, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_f_xu_v_h, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_f_xu_v_w, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_f_xu_v_d, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_f_x_v_h, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_f_x_v_w, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfcvt_f_x_v_d, void, ptr, ptr, ptr, env, i32)
> diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> index 14cb4e2e66..53562c6663 100644
> --- a/target/riscv/insn32.decode
> +++ b/target/riscv/insn32.decode
> @@ -515,6 +515,10 @@ vmford_vf   011010 . . . 101 . 1010111 
> @r_vm
>  vfclass_v   100011 . . 1 001 . 1010111 @r2_vm
>  vfmerge_vfm 010111 0 . . 101 . 1010111 @r_vm_0
>  vfmv_v_f010111 1 0 . 101 . 1010111 @r2
> +vfcvt_xu_f_v100010 . . 0 001 . 1010111 @r2_vm
> +vfcvt_x_f_v 100010 . . 1 001 . 1010111 @r2_vm
> +vfcvt_f_xu_v100010 . . 00010 001 . 1010111 @r2_vm
> +vfcvt_f_x_v 100010 . . 00011 001 . 1010111 @r2_vm
>
>  vsetvli 0 ... . 111 . 1010111  @r2_zimm
>  vsetvl  100 . . 111 . 1010111  @r
> diff --git a/target/riscv/insn_trans/trans_rvv.inc.c 
> b/target/riscv/insn_trans/trans_rvv.inc.c
> index dfa2177331..6db460177d 100644
> --- a/target/riscv/insn_trans/trans_rvv.inc.c
> +++ b/target/riscv/insn_trans/trans_rvv.inc.c
> @@ -2215,3 +2215,9 @@ static bool trans_vfmv_v_f(DisasContext *s, 
> arg_vfmv_v_f *a)
>  }
>  return false;
>  }
> +
> +/* Single-Width Floating-Point/Integer Type-Convert Instructions */
> +GEN_OPFV_TRANS(vfcvt_xu_f_v, opfv_check)
> +GEN_OPFV_TRANS(vfcvt_x_f_v, opfv_check)
> +GEN_OPFV_TRANS(vfcvt_f_xu_v, opfv_check)
> +GEN_OPFV_TRANS(vfcvt_f_x_v, opfv_check)
> diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
> index 018293570d..34b21c8deb 100644
> --- a/target/riscv/vector_helper.c
> +++ b/target/riscv/vector_helper.c
> @@ -4217,3 +4217,36 @@ void HELPER(NAME)(void *vd, void *v0, uint64_t s1, 
> void *vs2, \
>  GEN_VFMERGE_VF(vfmerge_vfm_h, int16_t, H2, clearh)
>  GEN_VFMERGE_VF(vfmerge_vfm_w, int32_t, H4, clearl)
>  GEN_VFMERGE_VF(vfmerge_vfm_d, int64_t, H8, clearq)
> +
> +/* Single-Width Floating-Point/Integer Type-Convert Instructions */
> +/* vfcvt.xu.f.v vd, vs2, vm # Convert float to unsigned integer. */
> +RVVCALL(OPFVV1, vfcvt_xu_f_v_h, OP_UU_H, H2, H2, float16_to_uint16)
> +RVVCALL(OPFVV1, vfcvt_xu_f_v_w, OP_UU_W, H4, H4, float32_to_uint32)
> +RVVCALL(OPFVV1, vfcvt_xu_f_v_d, OP_UU_D, H8, H8, float64_to_uint64)
> +GEN_VEXT_V_ENV(vfcvt_xu_f_v_h, 2, 2, clearh)
> +GEN_VEXT_V_ENV(vfcvt_xu_f_v_w, 4, 4, clearl)
> +GEN_VEXT_V_ENV(vfcvt_xu_f_v_d, 8, 8, clearq)
> +
> +/* vfcvt.x.f.v vd, vs2, vm # Convert float to signed integer. */
> +RVVCALL(OPFVV1, vfcvt_x_f_v_h, OP_UU_H, H2, H2, float16_to_int16)
> +RVVCALL(OPFVV1, vfcvt_x_f_v_w, OP_UU_W, H4, H4, float32_to_int32)
> +RVVCALL(OPFVV1, vfcvt_x_f_v_d, OP_UU_D, H8, H8, float64_to_int64)
> +GEN_VEXT_V_ENV(vfcvt_x_f_v_h, 2, 2, clearh)
> +GEN_VEXT_V_ENV(vfcvt_x_f_v_w, 4, 4, clearl)
> +GEN_VEXT_V_ENV(vfcvt_x_f_v_d, 8, 8, clearq)
> +
> +/* vfcvt.f.xu.v vd, vs2, vm # Convert unsigned integer to float. */
> +RVVCALL(OPFVV1, vfcvt_f_xu_v_h, OP_UU_H, H2, H2, uint16_to_float16)
> +RVVCALL(OPFVV1, vfcvt_f_xu_v_w, OP_UU_W, H4, H4, uint32_to_float32)
> +RVVCALL(OPFVV1, vfcvt_f_xu_v_d, OP_UU_D, H8, H8, uint64_to_float64)
> +GEN_VEXT_V_ENV(vfcvt_f_xu_v_h, 2, 2, clearh)
> +GEN_VEXT_V_ENV(vfcvt_f_xu_v_w, 4, 4, clearl)
> +GEN_VEXT_V_ENV(vfcvt_f_xu_v_d, 8, 8, clearq)
> +
> +/* vfcvt.f.x.v vd, vs2, vm # Convert integer to float. */
> +RVVCALL(OPFVV1, vfcvt_f_x_v_h, OP_UU_H, 

Re: [PATCH v8 46/62] target/riscv: vector single-width integer reduction instructions

[Alistair Francis]

On Thu, May 21, 2020 at 4:17 AM LIU Zhiwei  wrote:
>
> Signed-off-by: LIU Zhiwei 
> Reviewed-by: Richard Henderson 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/helper.h   | 33 +++
>  target/riscv/insn32.decode  |  8 +++
>  target/riscv/insn_trans/trans_rvv.inc.c | 18 ++
>  target/riscv/vector_helper.c| 74 +
>  4 files changed, 133 insertions(+)
>
> diff --git a/target/riscv/helper.h b/target/riscv/helper.h
> index 82c5d1129e..93a7a303ee 100644
> --- a/target/riscv/helper.h
> +++ b/target/riscv/helper.h
> @@ -1033,3 +1033,36 @@ DEF_HELPER_5(vfncvt_f_x_v_h, void, ptr, ptr, ptr, env, 
> i32)
>  DEF_HELPER_5(vfncvt_f_x_v_w, void, ptr, ptr, ptr, env, i32)
>  DEF_HELPER_5(vfncvt_f_f_v_h, void, ptr, ptr, ptr, env, i32)
>  DEF_HELPER_5(vfncvt_f_f_v_w, void, ptr, ptr, ptr, env, i32)
> +
> +DEF_HELPER_6(vredsum_vs_b, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredsum_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredsum_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredsum_vs_d, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmaxu_vs_b, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmaxu_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmaxu_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmaxu_vs_d, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmax_vs_b, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmax_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmax_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmax_vs_d, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredminu_vs_b, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredminu_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredminu_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredminu_vs_d, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmin_vs_b, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmin_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmin_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredmin_vs_d, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredand_vs_b, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredand_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredand_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredand_vs_d, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredor_vs_b, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredor_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredor_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredor_vs_d, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredxor_vs_b, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredxor_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredxor_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vredxor_vs_d, void, ptr, ptr, ptr, ptr, env, i32)
> diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> index 57ac4de1c2..773b32f0b4 100644
> --- a/target/riscv/insn32.decode
> +++ b/target/riscv/insn32.decode
> @@ -529,6 +529,14 @@ vfncvt_x_f_v100010 . . 10001 001 . 1010111 
> @r2_vm
>  vfncvt_f_xu_v   100010 . . 10010 001 . 1010111 @r2_vm
>  vfncvt_f_x_v100010 . . 10011 001 . 1010111 @r2_vm
>  vfncvt_f_f_v100010 . . 10100 001 . 1010111 @r2_vm
> +vredsum_vs  00 . . . 010 . 1010111 @r_vm
> +vredand_vs  01 . . . 010 . 1010111 @r_vm
> +vredor_vs   10 . . . 010 . 1010111 @r_vm
> +vredxor_vs  11 . . . 010 . 1010111 @r_vm
> +vredminu_vs 000100 . . . 010 . 1010111 @r_vm
> +vredmin_vs  000101 . . . 010 . 1010111 @r_vm
> +vredmaxu_vs 000110 . . . 010 . 1010111 @r_vm
> +vredmax_vs  000111 . . . 010 . 1010111 @r_vm
>
>  vsetvli 0 ... . 111 . 1010111  @r2_zimm
>  vsetvl  100 . . 111 . 1010111  @r
> diff --git a/target/riscv/insn_trans/trans_rvv.inc.c 
> b/target/riscv/insn_trans/trans_rvv.inc.c
> index e63b88a4cc..9dfb9358a2 100644
> --- a/target/riscv/insn_trans/trans_rvv.inc.c
> +++ b/target/riscv/insn_trans/trans_rvv.inc.c
> @@ -2315,3 +2315,21 @@ GEN_OPFV_NARROW_TRANS(vfncvt_x_f_v)
>  GEN_OPFV_NARROW_TRANS(vfncvt_f_xu_v)
>  GEN_OPFV_NARROW_TRANS(vfncvt_f_x_v)
>  GEN_OPFV_NARROW_TRANS(vfncvt_f_f_v)
> +
> +/*
> + *** Vector Reduction Operations
> + */
> +/* Vector Single-Width Integer Reduction Instructions */
> +static bool reduction_check(DisasContext *s, arg_rmrr *a)
> +{
> +return vext_check_isa_ill(s) && vext_check_reg(s, a->rs2, false);
> +}
> +
> +GEN_OPIVV_TRANS(vredsum_vs, reduction_check)
> +GEN_OPIVV_TRANS(vredmaxu_vs, reduction_check)
> +GEN_OPIVV_TRANS(vredmax_vs, reduction_check)
> +GEN_OPIVV_TRANS(vredminu_vs, reduction_check)
> 

Re: [PATCH] libvhost-user: advertise vring features

[Marc-André Lureau]

Hi

On Fri, May 29, 2020 at 6:13 PM Stefan Hajnoczi  wrote:
>
> libvhost-user implements several vring features without advertising
> them. There is no way for the vhost-user master to detect support for
> these features.
>
> Things more or less work today because QEMU assumes the vhost-user
> backend always implements certain feature bits like
> VIRTIO_RING_F_EVENT_IDX. This is not documented anywhere.
>
> This patch explicitly advertises features implemented in libvhost-user
> so that the vhost-user master does not need to make undocumented
> assumptions.
>
> Feature bits that libvhost-user now advertises can be removed from
> vhost-user-blk.c. Devices should not be responsible for advertising
> vring feature bits, that is libvhost-user's job.
>
> Cc: Marc-André Lureau 
> Cc: Jason Wang 
> Cc: Michael S. Tsirkin 
> Signed-off-by: Stefan Hajnoczi 

Reviewed-by: Marc-André Lureau 

> ---
> I have tested make check and virtiofsd.
> ---
>  contrib/libvhost-user/libvhost-user.c   | 10 ++
>  contrib/vhost-user-blk/vhost-user-blk.c |  4 +---
>  2 files changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/contrib/libvhost-user/libvhost-user.c 
> b/contrib/libvhost-user/libvhost-user.c
> index 3bca996c62..b43874ba12 100644
> --- a/contrib/libvhost-user/libvhost-user.c
> +++ b/contrib/libvhost-user/libvhost-user.c
> @@ -495,6 +495,16 @@ static bool
>  vu_get_features_exec(VuDev *dev, VhostUserMsg *vmsg)
>  {
>  vmsg->payload.u64 =
> +/*
> + * The following VIRTIO feature bits are supported by our virtqueue
> + * implementation:
> + */
> +1ULL << VIRTIO_F_NOTIFY_ON_EMPTY |
> +1ULL << VIRTIO_RING_F_INDIRECT_DESC |
> +1ULL << VIRTIO_RING_F_EVENT_IDX |
> +1ULL << VIRTIO_F_VERSION_1 |
> +
> +/* vhost-user feature bits */
>  1ULL << VHOST_F_LOG_ALL |
>  1ULL << VHOST_USER_F_PROTOCOL_FEATURES;
>
> diff --git a/contrib/vhost-user-blk/vhost-user-blk.c 
> b/contrib/vhost-user-blk/vhost-user-blk.c
> index 6fd91c7e99..25eccd02b5 100644
> --- a/contrib/vhost-user-blk/vhost-user-blk.c
> +++ b/contrib/vhost-user-blk/vhost-user-blk.c
> @@ -382,9 +382,7 @@ vub_get_features(VuDev *dev)
> 1ull << VIRTIO_BLK_F_DISCARD |
> 1ull << VIRTIO_BLK_F_WRITE_ZEROES |
> #endif
> -   1ull << VIRTIO_BLK_F_CONFIG_WCE |
> -   1ull << VIRTIO_F_VERSION_1 |
> -   1ull << VHOST_USER_F_PROTOCOL_FEATURES;
> +   1ull << VIRTIO_BLK_F_CONFIG_WCE;
>
>  if (vdev_blk->enable_ro) {
>  features |= 1ull << VIRTIO_BLK_F_RO;
> --
> 2.25.4
>

[PATCH v8 08/12] tests/vm: Added a new script for ubuntu.aarch64.

[Robert Foley]

ubuntu.aarch64 provides a script to create an Ubuntu 18.04 VM.
Another new file is also added aarch64vm.py, which is a module with
common methods used by aarch64 VMs, such as how to create the
flash images.

Signed-off-by: Robert Foley 
Reviewed-by: Peter Puhov 
---
 configure |  20 +++
 tests/vm/Makefile.include |  11 
 tests/vm/aarch64vm.py | 106 ++
 tests/vm/basevm.py|  12 +
 tests/vm/ubuntu.aarch64   |  68 
 5 files changed, 217 insertions(+)
 create mode 100644 tests/vm/aarch64vm.py
 create mode 100755 tests/vm/ubuntu.aarch64

diff --git a/configure b/configure
index d82de47fdd..8a286e75a5 100755
--- a/configure
+++ b/configure
@@ -411,6 +411,7 @@ prefix="/usr/local"
 mandir="\${prefix}/share/man"
 datadir="\${prefix}/share"
 firmwarepath="\${prefix}/share/qemu-firmware"
+efi_aarch64=""
 qemu_docdir="\${prefix}/share/doc/qemu"
 bindir="\${prefix}/bin"
 libdir="\${prefix}/lib"
@@ -1099,6 +1100,8 @@ for opt do
   ;;
   --firmwarepath=*) firmwarepath="$optarg"
   ;;
+  --efi-aarch64=*) efi_aarch64="$optarg"
+  ;;
   --host=*|--build=*|\
   --disable-dependency-tracking|\
   --sbindir=*|--sharedstatedir=*|\
@@ -1753,6 +1756,7 @@ Advanced options (experts only):
   --sysconfdir=PATHinstall config in PATH$confsuffix
   --localstatedir=PATH install local state in PATH (set at runtime on 
win32)
   --firmwarepath=PATH  search PATH for firmware files
+  --efi-aarch64=PATH   PATH of efi file to use for aarch64 VMs.
   --with-confsuffix=SUFFIX suffix for QEMU data inside 
datadir/libdir/sysconfdir [$confsuffix]
   --with-pkgversion=VERS   use specified string as sub-version of the package
   --enable-debug   enable common debug build options
@@ -3548,6 +3552,20 @@ EOF
   fi
 fi
 
+
+# efi-aarch64 probe
+# Check for efi files needed by aarch64 VMs.
+# By default we will use the efi included with QEMU.
+# Allow user to override the path for efi also.
+if ! test -f "$efi_aarch64"; then
+if test -f $source_path/pc-bios/edk2-aaarch64-code.fd.bz2; then
+# valid after build
+efi_aarch64=$PWD/pc-bios/edk2-aarch64-code.fd
+else
+efi_aarch64=""
+fi
+fi
+
 ##
 # libcap-ng library probe
 if test "$cap_ng" != "no" ; then
@@ -6604,6 +6622,7 @@ if test "$docs" != "no"; then
 echo "sphinx-build  $sphinx_build"
 fi
 echo "genisoimage   $genisoimage"
+echo "efi_aarch64   $efi_aarch64"
 echo "python_yaml   $python_yaml"
 echo "slirp support $slirp $(echo_version $slirp $slirp_version)"
 if test "$slirp" != "no" ; then
@@ -7667,6 +7686,7 @@ echo "PYTHON=$python" >> $config_host_mak
 echo "SPHINX_BUILD=$sphinx_build" >> $config_host_mak
 echo "SPHINX_WERROR=$sphinx_werror" >> $config_host_mak
 echo "GENISOIMAGE=$genisoimage" >> $config_host_mak
+echo "EFI_AARCH64=$efi_aarch64" >> $config_host_mak
 echo "PYTHON_YAML=$python_yaml" >> $config_host_mak
 echo "CC=$cc" >> $config_host_mak
 if $iasl -h > /dev/null 2>&1; then
diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index f6c3892bb2..cc71e6ed0a 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -5,6 +5,9 @@
 IMAGES := freebsd netbsd openbsd centos fedora
 ifneq ($(GENISOIMAGE),)
 IMAGES += ubuntu.i386 centos
+ifneq ($(EFI_AARCH64),)
+IMAGES += ubuntu.aarch64
+endif
 endif
 
 IMAGES_DIR := $(HOME)/.cache/qemu-vm/images
@@ -23,6 +26,11 @@ vm-help vm-test:
 ifneq ($(GENISOIMAGE),)
@echo "  vm-build-centos - Build QEMU in CentOS VM, 
with Docker"
@echo "  vm-build-ubuntu.i386- Build QEMU in ubuntu i386 VM"
+ifneq ($(EFI_AARCH64),)
+   @echo "  vm-build-ubuntu.aarch64 - Build QEMU in ubuntu aarch64 
VM"
+else
+   @echo "  (install qemu-efi-aarch64 to build centos/ubuntu aarch64 
images.)"
+endif
 else
@echo "  (install genisoimage to build centos/ubuntu images)"
 endif
@@ -65,6 +73,7 @@ $(IMAGES_DIR)/%.img:  $(SRC_PATH)/tests/vm/% \
$(if $(V)$(DEBUG), --debug) \
$(if $(GENISOIMAGE),--genisoimage $(GENISOIMAGE)) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
+   $(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
--image "$@" \
--force \
--build-image $@, \
@@ -80,6 +89,7 @@ vm-build-%: $(IMAGES_DIR)/%.img
$(if $(J),--jobs $(J)) \
$(if $(V),--verbose) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
+   $(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
--image "$<" \
$(if $(BUILD_TARGET),--build-target $(BUILD_TARGET)) \
--snapshot \
@@ -102,6 +112,7 @@ vm-boot-ssh-%: $(IMAGES_DIR)/%.img
$(if $(J),--jobs $(J)) \
$(if $(V)$(DEBUG), --debug) \
$(if 

[PATCH v8 10/12] tests/vm: change scripts to use self._config

[Robert Foley]

This change converts existing scripts to using for example self.ROOT_PASS,
to self._config['root_pass'].
We made similar changes for GUEST_USER, and GUEST_PASS.
This allows us also to remove the change in basevm.py,
which adds __getattr__ for backwards compatibility.

Signed-off-by: Robert Foley 
Reviewed-by: Peter Puhov 
---
 tests/vm/basevm.py | 11 ++-
 tests/vm/fedora| 17 +
 tests/vm/freebsd   | 16 
 tests/vm/netbsd| 19 ++-
 tests/vm/openbsd   | 17 +
 5 files changed, 38 insertions(+), 42 deletions(-)

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index f406a20466..b9d828423b 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -183,13 +183,6 @@ class BaseVM(object):
 self.console_init(timeout=timeout)
 self.console_wait(wait_string)
 
-def __getattr__(self, name):
-# Support direct access to config by key.
-# for example, access self._config['cpu'] by self.cpu
-if name.lower() in self._config.keys():
-return self._config[name.lower()]
-return object.__getattribute__(self, name)
-
 def _download_with_cache(self, url, sha256sum=None, sha512sum=None):
 def check_sha256sum(fname):
 if not sha256sum:
@@ -239,13 +232,13 @@ class BaseVM(object):
 return r
 
 def ssh(self, *cmd):
-return self._ssh_do(self.GUEST_USER, cmd, False)
+return self._ssh_do(self._config["guest_user"], cmd, False)
 
 def ssh_root(self, *cmd):
 return self._ssh_do("root", cmd, False)
 
 def ssh_check(self, *cmd):
-self._ssh_do(self.GUEST_USER, cmd, True)
+self._ssh_do(self._config["guest_user"], cmd, True)
 
 def ssh_root_check(self, *cmd):
 self._ssh_do("root", cmd, True)
diff --git a/tests/vm/fedora b/tests/vm/fedora
index bd9c6cf295..f536a92678 100755
--- a/tests/vm/fedora
+++ b/tests/vm/fedora
@@ -109,20 +109,20 @@ class FedoraVM(basevm.BaseVM):
 
 self.console_wait_send("7) [!] Root password", "7\n")
 self.console_wait("Password:")
-self.console_send("%s\n" % self.ROOT_PASS)
+self.console_send("%s\n" % self._config["root_pass"])
 self.console_wait("Password (confirm):")
-self.console_send("%s\n" % self.ROOT_PASS)
+self.console_send("%s\n" % self._config["root_pass"])
 
 self.console_wait_send("8) [ ] User creation", "8\n")
 self.console_wait_send("1) [ ] Create user",   "1\n")
 self.console_wait_send("3) User name", "3\n")
-self.console_wait_send("ENTER:", "%s\n" % self.GUEST_USER)
+self.console_wait_send("ENTER:", "%s\n" % self._config["guest_user"])
 self.console_wait_send("4) [ ] Use password",  "4\n")
 self.console_wait_send("5) Password",  "5\n")
 self.console_wait("Password:")
-self.console_send("%s\n" % self.GUEST_PASS)
+self.console_send("%s\n" % self._config["guest_pass"])
 self.console_wait("Password (confirm):")
-self.console_send("%s\n" % self.GUEST_PASS)
+self.console_send("%s\n" % self._config["guest_pass"])
 self.console_wait_send("7) Groups","c\n")
 
 while True:
@@ -140,7 +140,7 @@ class FedoraVM(basevm.BaseVM):
 if good:
 break
 time.sleep(10)
-self.console_send("r\n" % self.GUEST_PASS)
+self.console_send("r\n" % self._config["guest_pass"])
 
 self.console_wait_send("'b' to begin install", "b\n")
 
@@ -151,12 +151,13 @@ class FedoraVM(basevm.BaseVM):
 
 # setup qemu user
 prompt = " ~]$"
-self.console_ssh_init(prompt, self.GUEST_USER, self.GUEST_PASS)
+self.console_ssh_init(prompt, self._config["guest_user"],
+  self._config["guest_pass"])
 self.console_wait_send(prompt, "exit\n")
 
 # setup root user
 prompt = " ~]#"
-self.console_ssh_init(prompt, "root", self.ROOT_PASS)
+self.console_ssh_init(prompt, "root", self._config["root_pass"])
 self.console_sshd_config(prompt)
 
 # setup virtio-blk #1 (tarfile)
diff --git a/tests/vm/freebsd b/tests/vm/freebsd
index 298967fe9c..898393b58d 100755
--- a/tests/vm/freebsd
+++ b/tests/vm/freebsd
@@ -114,9 +114,9 @@ class FreeBSDVM(basevm.BaseVM):
 
 # post-install configuration
 self.console_wait("New Password:")
-self.console_send("%s\n" % self.ROOT_PASS)
+self.console_send("%s\n" % self._config["root_pass"])
 self.console_wait("Retype New Password:")
-self.console_send("%s\n" % self.ROOT_PASS)
+self.console_send("%s\n" % self._config["root_pass"])
 
 self.console_wait_send("Network Configuration", "\n")
 self.console_wait_send("IPv4",  "y")
@@ -135,9 +135,9 @@ class FreeBSDVM(basevm.BaseVM):
 # qemu user
   

Re: [RFC v2 00/18] Refactor configuration of guest memory protection

[Sean Christopherson]

On Thu, May 21, 2020 at 01:42:46PM +1000, David Gibson wrote:
> A number of hardware platforms are implementing mechanisms whereby the
> hypervisor does not have unfettered access to guest memory, in order
> to mitigate the security impact of a compromised hypervisor.
> 
> AMD's SEV implements this with in-cpu memory encryption, and Intel has
> its own memory encryption mechanism.  POWER has an upcoming mechanism
> to accomplish this in a different way, using a new memory protection
> level plus a small trusted ultravisor.  s390 also has a protected
> execution environment.
> 
> The current code (committed or draft) for these features has each
> platform's version configured entirely differently.  That doesn't seem
> ideal for users, or particularly for management layers.
> 
> AMD SEV introduces a notionally generic machine option
> "machine-encryption", but it doesn't actually cover any cases other
> than SEV.
> 
> This series is a proposal to at least partially unify configuration
> for these mechanisms, by renaming and generalizing AMD's
> "memory-encryption" property.  It is replaced by a
> "guest-memory-protection" property pointing to a platform specific
> object which configures and manages the specific details.
> 
> For now this series covers just AMD SEV and POWER PEF.  I'm hoping it
> can be extended to cover the Intel and s390 mechanisms as well,
> though.
> 
> Note: I'm using the term "guest memory protection" throughout to refer
> to mechanisms like this.  I don't particular like the term, it's both
> long and not really precise.  If someone can think of a succinct way
> of saying "a means of protecting guest memory from a possibly
> compromised hypervisor", I'd be grateful for the suggestion.

Many of the features are also going far beyond just protecting memory, so
even the "memory" part feels wrong.  Maybe something like protected-guest
or secure-guest?

A little imprecision isn't necessarily a bad thing, e.g. memory-encryption
is quite precise, but also wrong once it encompasses anything beyond plain
old encryption.

Re: [PATCH 0/3] Couple of HMAT fixes

[no-reply]

Patchew URL: https://patchew.org/QEMU/cover.1590753455.git.mpriv...@redhat.com/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

PASS 32 test-opts-visitor /visitor/opts/range/beyond
PASS 33 test-opts-visitor /visitor/opts/dict/unvisited
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-coroutine -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-coroutine" 
==6633==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-coroutine /basic/no-dangling-access
==6633==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 
0x7ffeabb13000; bottom 0x7f6617509000; size: 0x00989460a000 (655324389376)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 2 test-coroutine /basic/lifecycle
---
PASS 2 fdc-test /x86_64/fdc/no_media_on_start
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-visitor-serialization -m=quick -k --tap < /dev/null | 
./scripts/tap-driver.pl --test-name="test-visitor-serialization" 
PASS 3 fdc-test /x86_64/fdc/read_without_media
==6626==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 4 fdc-test /x86_64/fdc/media_change
PASS 5 fdc-test /x86_64/fdc/sense_interrupt
PASS 6 fdc-test /x86_64/fdc/relative_seek
---
PASS 12 test-aio /aio/event/flush
PASS 13 test-aio /aio/event/wait/no-flush-cb
PASS 14 test-aio /aio/timer/schedule
==6652==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 15 test-aio /aio/coroutine/queue-chaining
PASS 16 test-aio /aio-gsource/flush
PASS 17 test-aio /aio-gsource/bh/schedule
---
PASS 11 fdc-test /x86_64/fdc/read_no_dma_18
PASS 28 test-aio /aio-gsource/timer/schedule
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-aio-multithread -m=quick -k --tap < /dev/null | 
./scripts/tap-driver.pl --test-name="test-aio-multithread" 
==6657==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-aio-multithread /aio/multi/lifecycle
PASS 2 test-aio-multithread /aio/multi/schedule
PASS 3 test-aio-multithread /aio/multi/mutex/contended
---
PASS 13 fdc-test /x86_64/fdc/fuzz-registers
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img 
tests/qtest/ide-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="ide-test" 
PASS 4 test-aio-multithread /aio/multi/mutex/handoff
==6684==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 ide-test /x86_64/ide/identify
==6695==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 5 test-aio-multithread /aio/multi/mutex/mcs
PASS 2 ide-test /x86_64/ide/flush
==6706==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 6 test-aio-multithread /aio/multi/mutex/pthread
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-throttle -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-throttle" 
PASS 3 ide-test /x86_64/ide/bmdma/simple_rw
---
PASS 3 test-throttle /throttle/init
PASS 4 test-throttle /throttle/destroy
PASS 5 test-throttle /throttle/have_timer
==6713==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 6 test-throttle /throttle/detach_attach
PASS 7 test-throttle /throttle/config_functions
PASS 8 test-throttle /throttle/accounting
---
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-thread-pool -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-thread-pool" 
PASS 1 test-thread-pool /thread-pool/submit
PASS 2 test-thread-pool /thread-pool/submit-aio
==6719==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 3 test-thread-pool /thread-pool/submit-co
PASS 4 test-thread-pool /thread-pool/submit-many
==6715==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 4 ide-test /x86_64/ide/bmdma/trim
==6790==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 5 test-thread-pool 

[PATCH v8 00/12] tests/vm: Add support for aarch64 VMs

[Robert Foley]

This is version 8 of the patch series to
add support for aarch64 VMs in the vm-build infrastructure.
 - Ubuntu 18.04 aarch64 VM
 - CentOS 8 aarch64 VM

v7: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05286.html

Changes in v8:
- Added Ubuntu common module in tests/vm.
- Changed ubuntu.i386 and ubuntu.aarch64 to use new common module.
- Split out ConsoleSocket addition (python/qemu) to separate patch
  from changes to use it in tests/vm.
- Adjustments in configure when checking for aarch64 efi images.
- Remove use of QEMU_LOCAL in basevm.py.  We will use the
  presence of the --build-path argument instead.

Robert Foley (12):
  tests/vm: pass args through to BaseVM's __init__
  tests/vm: Add configuration to basevm.py
  tests/vm: Added configuration file support
  tests/vm: Pass --debug through for vm-boot-ssh.
  tests/vm: Add ability to select QEMU from current build.
  tests/vm: allow wait_ssh() to specify command
  tests/vm: Add common Ubuntu python module
  tests/vm: Added a new script for ubuntu.aarch64.
  tests/vm: Added a new script for centos.aarch64.
  tests/vm: change scripts to use self._config
  python/qemu: Add ConsoleSocket for optional use in QEMUMachine
  tests/vm: Add workaround to consume console

 configure |  29 +++
 python/qemu/console_socket.py | 118 +
 python/qemu/machine.py|  23 ++-
 tests/vm/Makefile.include |  27 +++
 tests/vm/aarch64vm.py | 106 +++
 tests/vm/basevm.py| 284 +++---
 tests/vm/centos-8-aarch64.ks  |  51 ++
 tests/vm/centos.aarch64   | 227 
 tests/vm/conf_example_aarch64.yml |  51 ++
 tests/vm/conf_example_x86.yml |  50 ++
 tests/vm/fedora   |  17 +-
 tests/vm/freebsd  |  16 +-
 tests/vm/netbsd   |  19 +-
 tests/vm/openbsd  |  17 +-
 tests/vm/ubuntu.aarch64   |  68 +++
 tests/vm/ubuntu.i386  |  46 ++---
 tests/vm/ubuntuvm.py  |  58 ++
 17 files changed, 1077 insertions(+), 130 deletions(-)
 create mode 100644 python/qemu/console_socket.py
 create mode 100644 tests/vm/aarch64vm.py
 create mode 100644 tests/vm/centos-8-aarch64.ks
 create mode 100755 tests/vm/centos.aarch64
 create mode 100644 tests/vm/conf_example_aarch64.yml
 create mode 100644 tests/vm/conf_example_x86.yml
 create mode 100755 tests/vm/ubuntu.aarch64
 create mode 100644 tests/vm/ubuntuvm.py

-- 
2.17.1

[PATCH v8 01/12] tests/vm: pass args through to BaseVM's __init__

[Robert Foley]

Adding the args parameter to BaseVM's __init__.
We will shortly need to pass more parameters to the class
so let's just pass args rather than growing the parameter list.

Signed-off-by: Robert Foley 
Reviewed-by: Alex Bennée 
---
 tests/vm/basevm.py | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index a2d4054d72..fbefda0595 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -61,9 +61,9 @@ class BaseVM(object):
 # 4 is arbitrary, but greater than 2,
 # since we found we need to wait more than twice as long.
 tcg_ssh_timeout_multiplier = 4
-def __init__(self, debug=False, vcpus=None, genisoimage=None):
+def __init__(self, args):
 self._guest = None
-self._genisoimage = genisoimage
+self._genisoimage = args.genisoimage
 self._tmpdir = os.path.realpath(tempfile.mkdtemp(prefix="vm-test-",
  suffix=".tmp",
  dir="."))
@@ -76,7 +76,7 @@ class BaseVM(object):
 self._ssh_pub_key_file = os.path.join(self._tmpdir, "id_rsa.pub")
 open(self._ssh_pub_key_file, "w").write(SSH_PUB_KEY)
 
-self.debug = debug
+self.debug = args.debug
 self._stderr = sys.stderr
 self._devnull = open(os.devnull, "w")
 if self.debug:
@@ -90,8 +90,8 @@ class BaseVM(object):
(",ipv6=no" if not self.ipv6 else ""),
 "-device", "virtio-net-pci,netdev=vnet",
 "-vnc", "127.0.0.1:0,to=20"]
-if vcpus and vcpus > 1:
-self._args += ["-smp", "%d" % vcpus]
+if args.jobs and args.jobs > 1:
+self._args += ["-smp", "%d" % args.jobs]
 if kvm_available(self.arch):
 self._args += ["-enable-kvm"]
 else:
@@ -438,8 +438,7 @@ def main(vmcls):
 return 1
 logging.basicConfig(level=(logging.DEBUG if args.debug
else logging.WARN))
-vm = vmcls(debug=args.debug, vcpus=args.jobs,
-   genisoimage=args.genisoimage)
+vm = vmcls(args)
 if args.build_image:
 if os.path.exists(args.image) and not args.force:
 sys.stderr.writelines(["Image file exists: %s\n" % args.image,
-- 
2.17.1

[PATCH v8 07/12] tests/vm: Add common Ubuntu python module

[Robert Foley]

Add a common Ubuntu python module and make use of
it with the ubuntu.i386 script.
This is preparation for adding an Ubuntu script
ubuntu.aarch64.  Splitting out the common
logic such as build_image() will reduce duplication.

Signed-off-by: Robert Foley 
---
 tests/vm/ubuntu.i386 | 46 +--
 tests/vm/ubuntuvm.py | 58 
 2 files changed, 70 insertions(+), 34 deletions(-)
 create mode 100644 tests/vm/ubuntuvm.py

diff --git a/tests/vm/ubuntu.i386 b/tests/vm/ubuntu.i386
index 1570775335..c699eaf8d7 100755
--- a/tests/vm/ubuntu.i386
+++ b/tests/vm/ubuntu.i386
@@ -11,15 +11,22 @@
 # the COPYING file in the top-level directory.
 #
 
-import os
 import sys
-import subprocess
 import basevm
-import time
+import ubuntuvm
 
-class UbuntuX86VM(basevm.BaseVM):
+DEFAULT_CONFIG = {
+'install_cmds' : "apt-get update,"\
+ "apt-get build-dep -y qemu,"\
+ "apt-get install -y libfdt-dev flex bison 
language-pack-en",
+}
+
+class UbuntuX86VM(ubuntuvm.UbuntuVM):
 name = "ubuntu.i386"
 arch = "i386"
+image_link="https://cloud-images.ubuntu.com/releases/bionic/"\
+   "release-20191114/ubuntu-18.04-server-cloudimg-i386.img"
+
image_sha256="28969840626d1ea80bb249c08eef1a4533e8904aa51a327b40f37ac4b4ff04ef"
 BUILD_SCRIPT = """
 set -e;
 cd $(mktemp -d);
@@ -29,34 +36,5 @@ class UbuntuX86VM(basevm.BaseVM):
 make --output-sync {target} -j{jobs} {verbose};
 """
 
-def build_image(self, img):
-cimg = self._download_with_cache(
-
"https://cloud-images.ubuntu.com/releases/bionic/release-20191114/ubuntu-18.04-server-cloudimg-i386.img;,
-
sha256sum="28969840626d1ea80bb249c08eef1a4533e8904aa51a327b40f37ac4b4ff04ef")
-img_tmp = img + ".tmp"
-subprocess.check_call(["cp", "-f", cimg, img_tmp])
-self.exec_qemu_img("resize", img_tmp, "50G")
-self.boot(img_tmp, extra_args = [
-"-device", "VGA",
-"-cdrom", self.gen_cloud_init_iso()
-])
-self.wait_ssh()
-self.ssh_root_check("touch /etc/cloud/cloud-init.disabled")
-self.ssh_root_check("apt-get update")
-self.ssh_root_check("apt-get install -y cloud-initramfs-growroot")
-# Don't check the status in case the guest hang up too quickly
-self.ssh_root("sync && reboot")
-time.sleep(5)
-self.wait_ssh()
-# The previous update sometimes doesn't survive a reboot, so do it 
again
-self.ssh_root_check("sed -ie s/^#\ deb-src/deb-src/g 
/etc/apt/sources.list")
-self.ssh_root_check("apt-get update")
-self.ssh_root_check("apt-get build-dep -y qemu")
-self.ssh_root_check("apt-get install -y libfdt-dev flex bison 
language-pack-en")
-self.ssh_root("poweroff")
-self.wait()
-os.rename(img_tmp, img)
-return 0
-
 if __name__ == "__main__":
-sys.exit(basevm.main(UbuntuX86VM))
+sys.exit(basevm.main(UbuntuX86VM, DEFAULT_CONFIG))
diff --git a/tests/vm/ubuntuvm.py b/tests/vm/ubuntuvm.py
new file mode 100644
index 00..96f29dcc15
--- /dev/null
+++ b/tests/vm/ubuntuvm.py
@@ -0,0 +1,58 @@
+#!/usr/bin/env python3
+#
+# Ubuntu VM testing library
+#
+# Copyright 2020 Linaro
+#
+# Authors:
+#  Robert Foley 
+#
+# This code is licensed under the GPL version 2 or later.  See
+# the COPYING file in the top-level directory.
+
+import os
+import subprocess
+import basevm
+
+class UbuntuVM(basevm.BaseVM):
+
+def __init__(self, args, config=None):
+self.login_prompt = "ubuntu-{}-guest login:".format(self.arch)
+basevm.BaseVM.__init__(self, args, config)
+
+def build_image(self, img):
+"""Build an Ubuntu VM image.  The child class will
+   define the install_cmds to init the VM."""
+os_img = self._download_with_cache(self.image_link,
+   sha256sum=self.image_sha256)
+img_tmp = img + ".tmp"
+subprocess.check_call(["cp", "-f", os_img, img_tmp])
+self.exec_qemu_img("resize", img_tmp, "+50G")
+ci_img = self.gen_cloud_init_iso()
+
+self.boot(img_tmp, extra_args = [ "-device", "VGA", "-cdrom", ci_img, 
])
+
+# First command we issue is fix for slow ssh login.
+self.wait_ssh(wait_root=True,
+  cmd="chmod -x /etc/update-motd.d/*")
+# Wait for cloud init to finish
+self.wait_ssh(wait_root=True,
+  cmd="ls /var/lib/cloud/instance/boot-finished")
+self.ssh_root("touch /etc/cloud/cloud-init.disabled")
+# Disable auto upgrades.
+# We want to keep the VM system state stable.
+self.ssh_root('sed -ie \'s/"1"/"0"/g\' '\
+  '/etc/apt/apt.conf.d/20auto-upgrades')
+self.ssh_root("sed -ie s/^#\ deb-src/deb-src/g /etc/apt/sources.list")
+
+# If the user chooses not to do the 

[PATCH v3 2/2] fuzz: Add support for logging QTest commands

[Alexander Bulekov]

Signed-off-by: Alexander Bulekov 
---
 tests/qtest/fuzz/fuzz.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index 88ac88bca9..21cdee53db 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -94,7 +94,9 @@ static void usage(char *path)
 printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n\n"
"Set the environment variable FUZZ_SERIALIZE_QTEST=1 to serialize\n"
"QTest commands into an ASCII protocol. Useful for building crash\n"
-   "reproducers, but slows down execution.\n");
+   "reproducers, but slows down execution.\n\n"
+   "Set the environment variable QTEST_LOG=1 to log all qtest commands"
+   "\n");
 exit(0);
 }
 
@@ -182,6 +184,11 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
***envp)
 
 /* Run QEMU's softmmu main with the fuzz-target dependent arguments */
 const char *init_cmdline = fuzz_target->get_init_cmdline(fuzz_target);
+init_cmdline = g_strdup_printf("%s -qtest /dev/null -qtest-log %s",
+   init_cmdline,
+   getenv("QTEST_LOG") ? "/dev/fd/2"
+   : "/dev/null");
+
 
 /* Split the runcmd into an argv and argc */
 wordexp_t result;
-- 
2.26.2

[PATCH v3 0/2] fuzz: Skip QTest serialization

[Alexander Bulekov]

In the same vein as Philippe's patch:

https://patchew.org/QEMU/20200528165303.1877-1-f4...@amsat.org/

This uses linker trickery to wrap calls to libqtest functions and
directly call the corresponding read/write functions, rather than
relying on the ASCII-serialized QTest protocol.

v2: applies properly

v3: add missing qtest_wrappers.c file and fix formatting in fuzz.c

Alexander Bulekov (2):
  fuzz: skip QTest serialization
  fuzz: Add support for logging QTest commands

 tests/qtest/fuzz/Makefile.include |  21 +++
 tests/qtest/fuzz/fuzz.c   |  20 ++-
 tests/qtest/fuzz/fuzz.h   |   3 +
 tests/qtest/fuzz/qtest_wrappers.c | 252 ++
 4 files changed, 295 insertions(+), 1 deletion(-)
 create mode 100644 tests/qtest/fuzz/qtest_wrappers.c

-- 
2.26.2

[Bug 1878255] Re: Assertion failure in bdrv_aio_cancel, through ide

[John Snow]

outl 0xcf8 0x8000fa24
outl 0xcfc 0xe106c000 (Writes e106c00 to BAR5 for 0:31:2)

outl 0xcf8 0x8000fa04
outw 0xcfc 0x7 (Enables BM, Memory IO and PIO for 0:31:2)

outl 0xcf8 0x8000fb20 (Enables 0:31:3, I guess? My PCI knowledge is
iffy. We set the enable bit and select BAR4, but then we don't actually
write to 0xcfc again to set anything.)


write 0x0 0x3 0x2780e7
- write these three bytes to addr 0 in memory.

write 0xe106c22c 0xd 0x1130c218021130c218021130c2
- ahci_port_write ahci(0x555c950f71a0)[2]: port write [reg:PxSCTL] @ 0x2c: 
0x18c23011
- ahci_port_write ahci(0x555c950f71a0)[2]: port write [reg:PxSERR] @ 0x30: 
0xc2301102
- ahci_port_write ahci(0x555c950f71a0)[2]: port write [reg:PxSACT] @ 0x34: 
0x30110218
- ahci_port_write ahci(0x555c950f71a0)[2]: port write [reg:PxCI] @ 0x38: 
0x00c2

write 0xe106c218 0x15 0x110010110010110010110010110010110010110010

- ahci_port_write ahci(0x555c950f71a0)[2]: port write [reg:PxCMD] @ 0x18: 
0x11100011
- ahci_port_write ahci(0x555c950f71a0)[2]: port write [reg:Reserved] @ 0x1c: 
0x00111000
- ahci_port_write ahci(0x555c950f71a0)[2]: port write [reg:PxTFD] @ 0x20: 
0x10001110
- ahci_port_write ahci(0x555c950f71a0)[2]: port write [reg:PxSIG] @ 0x24: 
0x11100011
- ahci_port_write ahci(0x555c950f71a0)[2]: port write [reg:PxSSTS] @ 0x28: 
0x00111000
- ahci_port_write ahci(0x555c950f71a0)[2]: port write [reg:PxSCTL] @ 0x2c: 
0x0010

Not all of those register writes are actually important for the bug, so
I simplified them to the fewest writes and fewest bits.

outl 0xcf8 0x8000fa24
outl 0xcfc 0xe106c000
outl 0xcf8 0x8000fa04
outw 0xcfc 0x7
outl 0xcf8 0x8000fb20
write 0x0 0x3 0x2780e7
write 0xe106c22c 0x4 0x0100
write 0xe106c238 0x2 0x02
write 0xe106c218 0x4 0x1100
write 0xe106c22c 0x1 0x00


1. PxSCTL write arms the DET bit. It isn't intended to be left on when PxCMD.ST 
(Start) is issued. It's not clear what should happen if this DOES occur. 
(Undefined behavior, at the very least.)
See AHCI 1.3 section 3.3.1.1 "Offset 2Ch: PxSCTL – Port x Serial ATA Control 
(SCR2: SControl)"

This bit is intended to send a reset signal to attached SATA drives.
QEMU just synchronously resets the drive because we can.


2. PxCI is not intended to be written to when PxCMD.ST is unset. The spec 
suggests that when ST transitions from '1' to '0' that this field is cleared, 
but it does not suggest what happens when it transitions from '0' to '1'. QEMU 
will happily set the register.


3. PxCMD write: This sets PxCMD.ST and PxCMD.FRE, which engages the AHCI device 
in earnest.

At this point, AHCI sees outstanding commands and tries to process them.
The FIS receive address is never programmed, so it's at zero. We start
reading a FIS there:

15712@1590789960.784835:handle_cmd_fis_dump ahci(0x55b4c56621a0)[2]: FIS:
0x00: 27 80 e7 00 00 00 00 00 00 00 00 00 00 00 00 00 
0x10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0x20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0x30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0x40: 34 40 70 01 01 14 eb 20 00 00 00 00 01 00 00 00 
0x50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0x60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
0x70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 

This is translated as:
0x27 SATA_FIS_TYPE_REGISTER_H2D
0x80 SATA_FIS_REG_H2D_UPDATE_COMMAND_REGISTER
0xe7 command = FLUSH CACHE

This will engage ide_flush_cache() (core.c)


At this point I get a little confused. I wouldn't think we'd have a 
BlockBackend here for ide_flush to work on, but it seems to think we do and 
allows the flush command to proceed. We then immediately try to cancel this 
flush, but bdrv_aio_cancel can't tolerate an aiocb with a null BDS and panics.

...Hm, it should be the case that blk_do_flush detects this as
ENOMEDIUM, but are we maybe just canceling this request too fast? I
actually can't trigger this through the console, but I can trigger it by
redirecting input from a .txt file.

Yup, OK: if you look in blk_aio_prwv, we schedule a oneshot to invoke
the callback on a synchronous failure, but we are managing to inject the
reset command before the oneshot gets a chance to run.

I think either blk_aio_cancel or bdrv_aio_cancel needs to check that
there isn't a dangling BH callback -- it seems wrong to make it as far
as bdrv_aio_cancel when there's no BDS, but the IDE device no longer has
any idea why its callback hasn't returned yet, and blk_aio_cancel is the
only mechanism it has to kick the state machine forward.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1878255

Title:
  Assertion failure in bdrv_aio_cancel, through ide

Status in QEMU:
  New

Bug description:
  Hello,
  While fuzzing, I found an input that triggers an assertion failure in 
bdrv_aio_cancel, through ide:

  #1  0x7685755b in __GI_abort () at abort.c:79
  #2  0x56a8d396 in bdrv_aio_cancel (acb=0x60761290) at 

[PATCH] target/arm: Init GIC CPU IF regs for A15/A7

[Adam Lackorzynski]

Initialize the CPU interface registers also
for Cortex-A15 and Cortex-A7 CPU models, in
the same way as done for 64bit CPU models.
This fixes usage of GICv3 in virtualization
contexts in 32bit configurations.

Signed-off-by: Adam Lackorzynski 
---
 target/arm/cpu.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 32bec156f2..f525d45f6a 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1972,6 +1972,9 @@ static void cortex_a7_initfn(Object *obj)
 cpu->ccsidr[0] = 0x701fe00a; /* 32K L1 dcache */
 cpu->ccsidr[1] = 0x201fe00a; /* 32K L1 icache */
 cpu->ccsidr[2] = 0x711fe07a; /* 4096K L2 unified cache */
+cpu->gic_num_lrs = 4;
+cpu->gic_vpribits = 5;
+cpu->gic_vprebits = 5;
 define_arm_cp_regs(cpu, cortexa15_cp_reginfo); /* Same as A15 */
 }
 
@@ -2014,6 +2017,9 @@ static void cortex_a15_initfn(Object *obj)
 cpu->ccsidr[0] = 0x701fe00a; /* 32K L1 dcache */
 cpu->ccsidr[1] = 0x201fe00a; /* 32K L1 icache */
 cpu->ccsidr[2] = 0x711fe07a; /* 4096K L2 unified cache */
+cpu->gic_num_lrs = 4;
+cpu->gic_vpribits = 5;
+cpu->gic_vprebits = 5;
 define_arm_cp_regs(cpu, cortexa15_cp_reginfo);
 }
 
-- 
2.27.0.rc2

Re: [PATCH v3 0/2] fuzz: Skip QTest serialization

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200529221450.26673-1-alx...@bu.edu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20200529221450.26673-1-alx...@bu.edu
Subject: [PATCH v3 0/2] fuzz: Skip QTest serialization
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
690701b fuzz: Add support for logging QTest commands
c833a8a fuzz: skip QTest serialization

=== OUTPUT BEGIN ===
1/2 Checking commit c833a8a44c55 (fuzz: skip QTest serialization)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#105: 
new file mode 100644

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#131: FILE: tests/qtest/fuzz/qtest_wrappers.c:22:
+#define WRAP(RET_TYPE, NAME_AND_ARGS)\
+RET_TYPE __wrap_##NAME_AND_ARGS;\
+RET_TYPE __real_##NAME_AND_ARGS;

total: 1 errors, 1 warnings, 322 lines checked

Patch 1/2 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

2/2 Checking commit 690701bb2f91 (fuzz: Add support for logging QTest commands)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20200529221450.26673-1-alx...@bu.edu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH v8 41/62] target/riscv: vector floating-point classify instructions

[Alistair Francis]

On Thu, May 21, 2020 at 4:07 AM LIU Zhiwei  wrote:
>
> Signed-off-by: LIU Zhiwei 
> Reviewed-by: Richard Henderson 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/fpu_helper.c   | 33 +
>  target/riscv/helper.h   |  4 ++
>  target/riscv/insn32.decode  |  1 +
>  target/riscv/insn_trans/trans_rvv.inc.c |  3 +
>  target/riscv/internals.h|  5 ++
>  target/riscv/vector_helper.c| 91 +
>  6 files changed, 107 insertions(+), 30 deletions(-)
>
> diff --git a/target/riscv/fpu_helper.c b/target/riscv/fpu_helper.c
> index 262610e837..fdbdffaef2 100644
> --- a/target/riscv/fpu_helper.c
> +++ b/target/riscv/fpu_helper.c
> @@ -22,6 +22,7 @@
>  #include "exec/exec-all.h"
>  #include "exec/helper-proto.h"
>  #include "fpu/softfloat.h"
> +#include "internals.h"
>
>  target_ulong riscv_cpu_get_fflags(CPURISCVState *env)
>  {
> @@ -239,21 +240,7 @@ uint64_t helper_fcvt_s_lu(CPURISCVState *env, uint64_t 
> rs1)
>
>  target_ulong helper_fclass_s(uint64_t frs1)
>  {
> -float32 f = frs1;
> -bool sign = float32_is_neg(f);
> -
> -if (float32_is_infinity(f)) {
> -return sign ? 1 << 0 : 1 << 7;
> -} else if (float32_is_zero(f)) {
> -return sign ? 1 << 3 : 1 << 4;
> -} else if (float32_is_zero_or_denormal(f)) {
> -return sign ? 1 << 2 : 1 << 5;
> -} else if (float32_is_any_nan(f)) {
> -float_status s = { }; /* for snan_bit_is_one */
> -return float32_is_quiet_nan(f, ) ? 1 << 9 : 1 << 8;
> -} else {
> -return sign ? 1 << 1 : 1 << 6;
> -}
> +return fclass_s(frs1);
>  }
>
>  uint64_t helper_fadd_d(CPURISCVState *env, uint64_t frs1, uint64_t frs2)
> @@ -362,19 +349,5 @@ uint64_t helper_fcvt_d_lu(CPURISCVState *env, uint64_t 
> rs1)
>
>  target_ulong helper_fclass_d(uint64_t frs1)
>  {
> -float64 f = frs1;
> -bool sign = float64_is_neg(f);
> -
> -if (float64_is_infinity(f)) {
> -return sign ? 1 << 0 : 1 << 7;
> -} else if (float64_is_zero(f)) {
> -return sign ? 1 << 3 : 1 << 4;
> -} else if (float64_is_zero_or_denormal(f)) {
> -return sign ? 1 << 2 : 1 << 5;
> -} else if (float64_is_any_nan(f)) {
> -float_status s = { }; /* for snan_bit_is_one */
> -return float64_is_quiet_nan(f, ) ? 1 << 9 : 1 << 8;
> -} else {
> -return sign ? 1 << 1 : 1 << 6;
> -}
> +return fclass_d(frs1);
>  }
> diff --git a/target/riscv/helper.h b/target/riscv/helper.h
> index bedd4d0114..23b268df90 100644
> --- a/target/riscv/helper.h
> +++ b/target/riscv/helper.h
> @@ -990,3 +990,7 @@ DEF_HELPER_6(vmford_vv_d, void, ptr, ptr, ptr, ptr, env, 
> i32)
>  DEF_HELPER_6(vmford_vf_h, void, ptr, ptr, i64, ptr, env, i32)
>  DEF_HELPER_6(vmford_vf_w, void, ptr, ptr, i64, ptr, env, i32)
>  DEF_HELPER_6(vmford_vf_d, void, ptr, ptr, i64, ptr, env, i32)
> +
> +DEF_HELPER_5(vfclass_v_h, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfclass_v_w, void, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_5(vfclass_v_d, void, ptr, ptr, ptr, env, i32)
> diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> index b0f1c54d53..23e80fe954 100644
> --- a/target/riscv/insn32.decode
> +++ b/target/riscv/insn32.decode
> @@ -512,6 +512,7 @@ vmfgt_vf011101 . . . 101 . 1010111 
> @r_vm
>  vmfge_vf01 . . . 101 . 1010111 @r_vm
>  vmford_vv   011010 . . . 001 . 1010111 @r_vm
>  vmford_vf   011010 . . . 101 . 1010111 @r_vm
> +vfclass_v   100011 . . 1 001 . 1010111 @r2_vm
>
>  vsetvli 0 ... . 111 . 1010111  @r2_zimm
>  vsetvl  100 . . 111 . 1010111  @r
> diff --git a/target/riscv/insn_trans/trans_rvv.inc.c 
> b/target/riscv/insn_trans/trans_rvv.inc.c
> index 4a45c00ffb..621220e5ff 100644
> --- a/target/riscv/insn_trans/trans_rvv.inc.c
> +++ b/target/riscv/insn_trans/trans_rvv.inc.c
> @@ -2174,3 +2174,6 @@ GEN_OPFVF_TRANS(vmfle_vf, opfvf_cmp_check)
>  GEN_OPFVF_TRANS(vmfgt_vf, opfvf_cmp_check)
>  GEN_OPFVF_TRANS(vmfge_vf, opfvf_cmp_check)
>  GEN_OPFVF_TRANS(vmford_vf, opfvf_cmp_check)
> +
> +/* Vector Floating-Point Classify Instruction */
> +GEN_OPFV_TRANS(vfclass_v, opfv_check)
> diff --git a/target/riscv/internals.h b/target/riscv/internals.h
> index 52f6af2513..ed2ad7f0f1 100644
> --- a/target/riscv/internals.h
> +++ b/target/riscv/internals.h
> @@ -30,4 +30,9 @@ FIELD(VDATA, WD, 11, 1)
>
>  /* set float rounding mode */
>  bool riscv_cpu_set_rounding_mode(CPURISCVState *env, uint32_t rm);
> +
> +/* float point classify helpers */
> +target_ulong fclass_h(uint64_t frs1);
> +target_ulong fclass_s(uint64_t frs1);
> +target_ulong fclass_d(uint64_t frs1);
>  #endif
> diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
> index 92227228b7..63d8873c0a 100644
> --- a/target/riscv/vector_helper.c
> +++ b/target/riscv/vector_helper.c
> @@ -4102,3 +4102,94 @@ 

Re: [RFC v3 0/8] vDPA support in qemu

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200529140620.28759-1-l...@redhat.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  x86_64-softmmu/hw/virtio/vhost-user-fs-pci.o
  CC  x86_64-softmmu/hw/virtio/virtio-iommu.o
/tmp/qemu-test/src/hw/virtio/vhost-vdpa.c: In function 'vhost_vdpa_set_config':
/tmp/qemu-test/src/hw/virtio/vhost-vdpa.c:323:17: error: 
'VHOST_VDPA_MAX_CONFIG_SIZE' undeclared (first use in this function)
 if ((size > VHOST_VDPA_MAX_CONFIG_SIZE) || (data == NULL)) {
 ^
/tmp/qemu-test/src/hw/virtio/vhost-vdpa.c:323:17: note: each undeclared 
identifier is reported only once for each function it appears in
make[1]: *** [hw/virtio/vhost-vdpa.o] Error 1
make[1]: *** Waiting for unfinished jobs
  CC  aarch64-softmmu/hw/vfio/common.o
  CC  aarch64-softmmu/hw/vfio/spapr.o
---
  CC  aarch64-softmmu/hw/virtio/vhost-vsock.o
  CC  aarch64-softmmu/hw/virtio/vhost-vsock-pci.o
/tmp/qemu-test/src/hw/virtio/vhost-vdpa.c: In function 'vhost_vdpa_set_config':
/tmp/qemu-test/src/hw/virtio/vhost-vdpa.c:323:17: error: 
'VHOST_VDPA_MAX_CONFIG_SIZE' undeclared (first use in this function)
 if ((size > VHOST_VDPA_MAX_CONFIG_SIZE) || (data == NULL)) {
 ^
/tmp/qemu-test/src/hw/virtio/vhost-vdpa.c:323:17: note: each undeclared 
identifier is reported only once for each function it appears in
make[1]: *** [hw/virtio/vhost-vdpa.o] Error 1
make[1]: *** Waiting for unfinished jobs
make: *** [x86_64-softmmu/all] Error 2
make: *** Waiting for unfinished jobs
make: *** [aarch64-softmmu/all] Error 2
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 664, in 
sys.exit(main())
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=c4d0aff9719e4e6986252b1cdad2d78a', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-jxkhgbnq/src/docker-src.2020-05-29-16.25.59.22140:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=c4d0aff9719e4e6986252b1cdad2d78a
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-jxkhgbnq/src'
make: *** [docker-run-test-quick@centos7] Error 2

real3m7.072s
user0m9.059s


The full log is available at
http://patchew.org/logs/20200529140620.28759-1-l...@redhat.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PATCH v2 3/4] configure: add flags to support SafeStack

[Daniele Buono]

This patch adds a flag to enable/disable the SafeStack instrumentation
provided by LLVM.

On enable, make sure that the compiler supports the flags, and that we
are using the proper coroutine implementation (coroutine-ucontext).
On disable, explicitly disable the option if it was enabled by default.

While SafeStack is supported only on Linux, NetBSD, FreeBSD and macOS,
we are not checking for the O.S. since this is already done by LLVM.

Signed-off-by: Daniele Buono 
---
 configure | 73 +++
 1 file changed, 73 insertions(+)

diff --git a/configure b/configure
index b969dee675..260772b2d5 100755
--- a/configure
+++ b/configure
@@ -302,6 +302,7 @@ audio_win_int=""
 libs_qga=""
 debug_info="yes"
 stack_protector=""
+safe_stack=""
 use_containers="yes"
 gdb_bin=$(command -v "gdb-multiarch" || command -v "gdb")
 
@@ -1275,6 +1276,10 @@ for opt do
   ;;
   --disable-stack-protector) stack_protector="no"
   ;;
+  --enable-safe-stack) safe_stack="yes"
+  ;;
+  --disable-safe-stack) safe_stack="no"
+  ;;
   --disable-curses) curses="no"
   ;;
   --enable-curses) curses="yes"
@@ -1804,6 +1809,8 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   debug-tcg   TCG debugging (default is disabled)
   debug-info  debugging information
   sparse  sparse checker
+  safe-stack  SafeStack Stack Smash Protection. Depends on
+  clang/llvm >= 3.7 and requires coroutine backend ucontext.
 
   gnutls  GNUTLS cryptography support
   nettle  nettle cryptography support
@@ -5517,6 +5524,67 @@ if test "$debug_stack_usage" = "yes"; then
   fi
 fi
 
+##
+# SafeStack
+
+
+if test "$safe_stack" = "yes"; then
+cat > $TMPC << EOF
+int main(int argc, char *argv[])
+{
+#if ! __has_feature(safe_stack)
+#error SafeStack Disabled
+#endif
+return 0;
+}
+EOF
+  flag="-fsanitize=safe-stack"
+  # Check that safe-stack is supported and enabled.
+  if compile_prog "-Werror $flag" "$flag"; then
+# Flag needed both at compilation and at linking
+QEMU_CFLAGS="$QEMU_CFLAGS $flag"
+QEMU_LDFLAGS="$QEMU_LDFLAGS $flag"
+  else
+error_exit "SafeStack not supported by your compiler"
+  fi
+  if test "$coroutine" != "ucontext"; then
+error_exit "SafeStack is only supported by the coroutine backend ucontext"
+  fi
+else
+cat > $TMPC << EOF
+int main(int argc, char *argv[])
+{
+#if defined(__has_feature)
+#if __has_feature(safe_stack)
+#error SafeStack Enabled
+#endif
+#endif
+return 0;
+}
+EOF
+if test "$safe_stack" = "no"; then
+  # Make sure that safe-stack is disabled
+  if ! compile_prog "-Werror" ""; then
+# SafeStack was already enabled, try to explicitly remove the feature
+flag="-fno-sanitize=safe-stack"
+if ! compile_prog "-Werror $flag" "$flag"; then
+  error_exit "Configure cannot disable SafeStack"
+fi
+QEMU_CFLAGS="$QEMU_CFLAGS $flag"
+QEMU_LDFLAGS="$QEMU_LDFLAGS $flag"
+  fi
+else # "$safe_stack" = ""
+  # Set safe_stack to yes or no based on pre-existing flags
+  if compile_prog "-Werror" ""; then
+safe_stack="no"
+  else
+safe_stack="yes"
+if test "$coroutine" != "ucontext"; then
+  error_exit "SafeStack is only supported by the coroutine backend 
ucontext"
+fi
+  fi
+fi
+fi
 
 ##
 # check if we have open_by_handle_at
@@ -6611,6 +6679,7 @@ echo "sparse enabled$sparse"
 echo "strip binaries$strip_opt"
 echo "profiler  $profiler"
 echo "static build  $static"
+echo "safe stack$safe_stack"
 if test "$darwin" = "yes" ; then
 echo "Cocoa support $cocoa"
 fi
@@ -8195,6 +8264,10 @@ if test "$ccache_cpp2" = "yes"; then
   echo "export CCACHE_CPP2=y" >> $config_host_mak
 fi
 
+if test "$safe_stack" = "yes"; then
+  echo "CONFIG_SAFESTACK=y" >> $config_host_mak
+fi
+
 # If we're using a separate build tree, set it up now.
 # DIRS are directories which we simply mkdir in the build tree;
 # LINKS are things to symlink back into the source tree
-- 
2.26.2

[PATCH v2 1/4] coroutine: support SafeStack in ucontext backend

[Daniele Buono]

LLVM's SafeStack instrumentation does not yet support programs that make
use of the APIs in ucontext.h
With the current implementation of coroutine-ucontext, the resulting
binary is incorrect, with different coroutines sharing the same unsafe
stack and producing undefined behavior at runtime.
This fix allocates an additional unsafe stack area for each coroutine,
and sets the new unsafe stack pointer before calling swapcontext() in
qemu_coroutine_new.
This is the only place where the pointer needs to be manually updated,
since sigsetjmp/siglongjmp are already instrumented by LLVM to properly
support SafeStack.
The additional stack is then freed in qemu_coroutine_delete.

Signed-off-by: Daniele Buono 
---
 include/qemu/coroutine_int.h |  5 +
 util/coroutine-ucontext.c| 26 ++
 2 files changed, 31 insertions(+)

diff --git a/include/qemu/coroutine_int.h b/include/qemu/coroutine_int.h
index bd6b0468e1..1da148552f 100644
--- a/include/qemu/coroutine_int.h
+++ b/include/qemu/coroutine_int.h
@@ -28,6 +28,11 @@
 #include "qemu/queue.h"
 #include "qemu/coroutine.h"
 
+#ifdef CONFIG_SAFESTACK
+/* Pointer to the unsafe stack, defined by the compiler */
+extern __thread void *__safestack_unsafe_stack_ptr;
+#endif
+
 #define COROUTINE_STACK_SIZE (1 << 20)
 
 typedef enum {
diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
index bd593e61bc..9108eb1294 100644
--- a/util/coroutine-ucontext.c
+++ b/util/coroutine-ucontext.c
@@ -41,6 +41,11 @@ typedef struct {
 Coroutine base;
 void *stack;
 size_t stack_size;
+#ifdef CONFIG_SAFESTACK
+/* Need an unsafe stack for each coroutine */
+void *unsafe_stack;
+size_t unsafe_stack_size;
+#endif
 sigjmp_buf env;
 
 #ifdef CONFIG_VALGRIND_H
@@ -140,6 +145,10 @@ Coroutine *qemu_coroutine_new(void)
 co = g_malloc0(sizeof(*co));
 co->stack_size = COROUTINE_STACK_SIZE;
 co->stack = qemu_alloc_stack(>stack_size);
+#ifdef CONFIG_SAFESTACK
+co->unsafe_stack_size = COROUTINE_STACK_SIZE;
+co->unsafe_stack = qemu_alloc_stack(>unsafe_stack_size);
+#endif
 co->base.entry_arg = _env; /* stash away our jmp_buf */
 
 uc.uc_link = _uc;
@@ -160,6 +169,20 @@ Coroutine *qemu_coroutine_new(void)
 /* swapcontext() in, siglongjmp() back out */
 if (!sigsetjmp(old_env, 0)) {
 start_switch_fiber(_stack_save, co->stack, co->stack_size);
+#ifdef CONFIG_SAFESTACK
+/*
+ * Before we swap the context, set the new unsafe stack
+ * The unsafe stack grows just like the normal stack, so start from
+ * the last usable location of the memory area.
+ * NOTE: we don't have to re-set the usp afterwards because we are
+ * coming back to this context through a siglongjmp.
+ * The compiler already wrapped the corresponding sigsetjmp call with
+ * code that saves the usp on the (safe) stack before the call, and
+ * restores it right after (which is where we return with siglongjmp).
+ */
+void *usp = co->unsafe_stack + co->unsafe_stack_size;
+__safestack_unsafe_stack_ptr = usp;
+#endif
 swapcontext(_uc, );
 }
 
@@ -192,6 +215,9 @@ void qemu_coroutine_delete(Coroutine *co_)
 #endif
 
 qemu_free_stack(co->stack, co->stack_size);
+#ifdef CONFIG_SAFESTACK
+qemu_free_stack(co->unsafe_stack, co->unsafe_stack_size);
+#endif
 g_free(co);
 }
 
-- 
2.26.2

[PATCH v8 12/12] tests/vm: Add workaround to consume console

[Robert Foley]

This adds support to basevm.py so that we always
drain the console chars.  This makes use of
support added in an earlier commit that allows
QEMUMachine to use the ConsoleSocket.

This is a workaround we found was needed since
there is a known issue where QEMU will hang waiting
for console characters to be consumed.

We also added the option of logging the console to a file.
LOG_CONSOLE=1 will now log the output to a file.

Signed-off-by: Robert Foley 
Reviewed-by: Peter Puhov 
Acked-by: Alex Bennée 
---
 tests/vm/Makefile.include |  4 
 tests/vm/basevm.py| 17 +++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/tests/vm/Makefile.include b/tests/vm/Makefile.include
index 8cccfaf95d..ad35c6e7a1 100644
--- a/tests/vm/Makefile.include
+++ b/tests/vm/Makefile.include
@@ -49,6 +49,7 @@ endif
@echo 'EXTRA_CONFIGURE_OPTS="..."'
@echo "J=[0..9]* - Override the -jN parameter 
for make commands"
@echo "DEBUG=1   - Enable verbose output on 
host and interactive debugging"
+   @echo "LOG_CONSOLE=1 - Log console to file in: 
~/.cache/qemu-vm "
@echo "V=1   - Enable verbose ouput on host 
and guest commands"
@echo "QEMU_LOCAL=1 - Use QEMU binary local to this 
build."
@echo "QEMU=/path/to/qemu- Change path to QEMU binary"
@@ -75,6 +76,7 @@ $(IMAGES_DIR)/%.img:  $(SRC_PATH)/tests/vm/% \
$(if $(GENISOIMAGE),--genisoimage $(GENISOIMAGE)) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
$(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
+   $(if $(LOG_CONSOLE),--log-console) \
--image "$@" \
--force \
--build-image $@, \
@@ -91,6 +93,7 @@ vm-build-%: $(IMAGES_DIR)/%.img
$(if $(V),--verbose) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
$(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
+   $(if $(LOG_CONSOLE),--log-console) \
--image "$<" \
$(if $(BUILD_TARGET),--build-target $(BUILD_TARGET)) \
--snapshot \
@@ -114,6 +117,7 @@ vm-boot-ssh-%: $(IMAGES_DIR)/%.img
$(if $(V)$(DEBUG), --debug) \
$(if $(QEMU_LOCAL),--build-path $(BUILD_DIR)) \
$(if $(EFI_AARCH64),--efi-aarch64 $(EFI_AARCH64)) \
+   $(if $(LOG_CONSOLE),--log-console) \
--image "$<" \
--interactive \
false, \
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index b9d828423b..64dbe64326 100644
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -117,6 +117,11 @@ class BaseVM(object):
  "w").write(self._config['ssh_pub_key'])
 
 self.debug = args.debug
+self._console_log_path = None
+if args.log_console:
+self._console_log_path = \
+ os.path.join(os.path.expanduser("~/.cache/qemu-vm"),
+  "{}.install.log".format(self.name))
 self._stderr = sys.stderr
 self._devnull = open(os.devnull, "w")
 if self.debug:
@@ -271,7 +276,9 @@ class BaseVM(object):
 args += self._data_args + extra_args + self._config['extra_args']
 logging.debug("QEMU args: %s", " ".join(args))
 qemu_path = get_qemu_path(self.arch, self._build_path)
-guest = QEMUMachine(binary=qemu_path, args=args)
+guest = QEMUMachine(binary=qemu_path, args=args,
+console_log=self._console_log_path,
+drain_console=True)
 guest.set_machine(self._config['machine'])
 guest.set_console()
 try:
@@ -285,6 +292,8 @@ class BaseVM(object):
 raise
 atexit.register(self.shutdown)
 self._guest = guest
+# Init console so we can start consuming the chars.
+self.console_init()
 usernet_info = guest.qmp("human-monitor-command",
  command_line="info usernet")
 self.ssh_port = None
@@ -296,7 +305,9 @@ class BaseVM(object):
 raise Exception("Cannot find ssh port from 'info usernet':\n%s" % \
 usernet_info)
 
-def console_init(self, timeout = 120):
+def console_init(self, timeout = None):
+if timeout == None:
+timeout = self.socket_timeout
 vm = self._guest
 vm.console_socket.settimeout(timeout)
 self.console_raw_path = os.path.join(vm._temp_dir,
@@ -578,6 +589,8 @@ def parse_args(vmcls):
 parser.add_option("--efi-aarch64",
   default="/usr/share/qemu-efi-aarch64/QEMU_EFI.fd",
   help="Path to efi image for aarch64 VMs.")
+parser.add_option("--log-console", action="store_true",
+  

Re: [PATCH v8 47/62] target/riscv: vector wideing integer reduction instructions

[Alistair Francis]

On Thu, May 21, 2020 at 4:19 AM LIU Zhiwei  wrote:
>
> Signed-off-by: LIU Zhiwei 
> Reviewed-by: Richard Henderson 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/helper.h   |  7 +++
>  target/riscv/insn32.decode  |  2 ++
>  target/riscv/insn_trans/trans_rvv.inc.c |  4 
>  target/riscv/vector_helper.c| 11 +++
>  4 files changed, 24 insertions(+)
>
> diff --git a/target/riscv/helper.h b/target/riscv/helper.h
> index 93a7a303ee..ce31577ea9 100644
> --- a/target/riscv/helper.h
> +++ b/target/riscv/helper.h
> @@ -1066,3 +1066,10 @@ DEF_HELPER_6(vredxor_vs_b, void, ptr, ptr, ptr, ptr, 
> env, i32)
>  DEF_HELPER_6(vredxor_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
>  DEF_HELPER_6(vredxor_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
>  DEF_HELPER_6(vredxor_vs_d, void, ptr, ptr, ptr, ptr, env, i32)
> +
> +DEF_HELPER_6(vwredsumu_vs_b, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vwredsumu_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vwredsumu_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vwredsum_vs_b, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vwredsum_vs_h, void, ptr, ptr, ptr, ptr, env, i32)
> +DEF_HELPER_6(vwredsum_vs_w, void, ptr, ptr, ptr, ptr, env, i32)
> diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> index 773b32f0b4..b69d804fda 100644
> --- a/target/riscv/insn32.decode
> +++ b/target/riscv/insn32.decode
> @@ -537,6 +537,8 @@ vredminu_vs 000100 . . . 010 . 1010111 
> @r_vm
>  vredmin_vs  000101 . . . 010 . 1010111 @r_vm
>  vredmaxu_vs 000110 . . . 010 . 1010111 @r_vm
>  vredmax_vs  000111 . . . 010 . 1010111 @r_vm
> +vwredsumu_vs11 . . . 000 . 1010111 @r_vm
> +vwredsum_vs 110001 . . . 000 . 1010111 @r_vm
>
>  vsetvli 0 ... . 111 . 1010111  @r2_zimm
>  vsetvl  100 . . 111 . 1010111  @r
> diff --git a/target/riscv/insn_trans/trans_rvv.inc.c 
> b/target/riscv/insn_trans/trans_rvv.inc.c
> index 9dfb9358a2..8d75b3ca84 100644
> --- a/target/riscv/insn_trans/trans_rvv.inc.c
> +++ b/target/riscv/insn_trans/trans_rvv.inc.c
> @@ -2333,3 +2333,7 @@ GEN_OPIVV_TRANS(vredmin_vs, reduction_check)
>  GEN_OPIVV_TRANS(vredand_vs, reduction_check)
>  GEN_OPIVV_TRANS(vredor_vs, reduction_check)
>  GEN_OPIVV_TRANS(vredxor_vs, reduction_check)
> +
> +/* Vector Widening Integer Reduction Instructions */
> +GEN_OPIVV_WIDEN_TRANS(vwredsum_vs, reduction_check)
> +GEN_OPIVV_WIDEN_TRANS(vwredsumu_vs, reduction_check)
> diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
> index 00ed6a75a5..5035e0bb0e 100644
> --- a/target/riscv/vector_helper.c
> +++ b/target/riscv/vector_helper.c
> @@ -4405,3 +4405,14 @@ GEN_VEXT_RED(vredxor_vs_b, int8_t, int8_t, H1, H1, 
> DO_XOR, clearb)
>  GEN_VEXT_RED(vredxor_vs_h, int16_t, int16_t, H2, H2, DO_XOR, clearh)
>  GEN_VEXT_RED(vredxor_vs_w, int32_t, int32_t, H4, H4, DO_XOR, clearl)
>  GEN_VEXT_RED(vredxor_vs_d, int64_t, int64_t, H8, H8, DO_XOR, clearq)
> +
> +/* Vector Widening Integer Reduction Instructions */
> +/* signed sum reduction into double-width accumulator */
> +GEN_VEXT_RED(vwredsum_vs_b, int16_t, int8_t, H2, H1, DO_ADD, clearh)
> +GEN_VEXT_RED(vwredsum_vs_h, int32_t, int16_t, H4, H2, DO_ADD, clearl)
> +GEN_VEXT_RED(vwredsum_vs_w, int64_t, int32_t, H8, H4, DO_ADD, clearq)
> +
> +/* Unsigned sum reduction into double-width accumulator */
> +GEN_VEXT_RED(vwredsumu_vs_b, uint16_t, uint8_t, H2, H1, DO_ADD, clearh)
> +GEN_VEXT_RED(vwredsumu_vs_h, uint32_t, uint16_t, H4, H2, DO_ADD, clearl)
> +GEN_VEXT_RED(vwredsumu_vs_w, uint64_t, uint32_t, H8, H4, DO_ADD, clearq)
> --
> 2.23.0
>
>