date:20210520

Besides some internal changes, new features, and bug fixes, on the QEMU side,
this version fixes the following message seen when running the acceptance
tests: "Error running method "pre_tests" of plugin "fetchasset": 'bytes'
object has no attribute 'encode'".

The release notes are available at
https://avocado-framework.readthedocs.io/en/latest/releases/88_0.html.

Signed-off-by: Willian Rampazzo 
---
 tests/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/requirements.txt b/tests/requirements.txt
index 91f3a343b9..a21b59b443 100644
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@@ -1,5 +1,5 @@
 # Add Python module requirements, one per line, to be installed
 # in the tests/venv Python virtual environment. For more info,
 # refer to: https://pip.pypa.io/en/stable/user_guide/#id1
-avocado-framework==85.0
+avocado-framework==88.1
 pycdlib==1.11.0
-- 
2.31.1

[PATCH 0/1] acceptance tests: bump Avocado version to 88.1

CI pipeline: https://gitlab.com/willianrampazzo/qemu/-/pipelines/306904401

Besides some internal changes, new features, and bug fixes, on the QEMU side,
this version fixes the following message seen when running the acceptance
tests: "Error running method "pre_tests" of plugin "fetchasset": 'bytes'
object has no attribute 'encode'".

The release notes are available at
https://avocado-framework.readthedocs.io/en/latest/releases/88_0.html.

Signed-off-by: Willian Rampazzo 

Willian Rampazzo (1):
  acceptance tests: bump Avocado version to 88.1

 tests/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.31.1

[PATCH v2 6/6] qapi/parser: enable pylint checks

Signed-off-by: John Snow 

---

This can be merged with the previous commit, if desired.

Signed-off-by: John Snow 
---
 scripts/qapi/pylintrc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/scripts/qapi/pylintrc b/scripts/qapi/pylintrc
index c5275d5f59b..1a633b2b88e 100644
--- a/scripts/qapi/pylintrc
+++ b/scripts/qapi/pylintrc
@@ -2,8 +2,7 @@
 
 # Add files or directories matching the regex patterns to the ignore list.
 # The regex matches against base names, not paths.
-ignore-patterns=parser.py,
-schema.py,
+ignore-patterns=schema.py,
 
 
 [MESSAGES CONTROL]
-- 
2.30.2

[PATCH v2 5/6] qapi/parser: Silence too-few-public-methods warning

Eh. Two properties, a bool method and a public method are non-trivial
enough for me. (Especially in typed python!)

Signed-off-by: John Snow 
---
 scripts/qapi/parser.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/qapi/parser.py b/scripts/qapi/parser.py
index b1e2fa5c577..618e6e5b0dd 100644
--- a/scripts/qapi/parser.py
+++ b/scripts/qapi/parser.py
@@ -459,6 +459,8 @@ class QAPIDoc:
 class Section:
 def __init__(self, parser: QAPISchemaParser,
  name: Optional[str] = None, indent: int = 0):
+# pylint: disable=too-few-public-methods
+
 # parser, for error messages about indentation
 self._parser = parser
 # optional section name (argument/member or section name)
-- 
2.30.2

[PATCH v2 2/6] qapi/parser: Allow empty QAPIDoc Sections

It simplifies the typing to say that _section is always a
QAPIDoc.Section().

To accommodate this change, we must allow for this object to evaluate to
False for functions like _end_section which behave differently based on
whether or not a Section has been started.

Signed-off-by: John Snow 

---

Probably a better fix is to restructure the code to prevent empty
sections from being "ended", but that seems like a bigger whale than
what I'm after at the immediate moment.

Signed-off-by: John Snow 
---
 scripts/qapi/parser.py | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/qapi/parser.py b/scripts/qapi/parser.py
index b6a5e661215..3ddde318376 100644
--- a/scripts/qapi/parser.py
+++ b/scripts/qapi/parser.py
@@ -456,6 +456,9 @@ def __init__(self, parser, name=None, indent=0):
 # the expected indent level of the text of this section
 self._indent = indent
 
+def __bool__(self) -> bool:
+return bool(self.name or self.text)
+
 def append(self, line):
 # Strip leading spaces corresponding to the expected indent level
 # Blank lines are always OK.
@@ -722,7 +725,7 @@ def _end_section(self):
 raise QAPIParseError(
 self._parser,
 "empty doc section '%s'" % self._section.name)
-self._section = None
+self._section = QAPIDoc.Section(self._parser)
 
 def _append_freeform(self, line):
 match = re.match(r'(@\S+:)', line)
-- 
2.30.2

[PATCH v2 4/6] qapi/parser: enable mypy checks

Signed-off-by: John Snow 

---

As always, this can be merged with the previous commit.

Signed-off-by: John Snow 
---
 scripts/qapi/mypy.ini | 5 -
 1 file changed, 5 deletions(-)

diff --git a/scripts/qapi/mypy.ini b/scripts/qapi/mypy.ini
index 54ca4483d6d..66253564297 100644
--- a/scripts/qapi/mypy.ini
+++ b/scripts/qapi/mypy.ini
@@ -3,11 +3,6 @@ strict = True
 disallow_untyped_calls = False
 python_version = 3.6
 
-[mypy-qapi.parser]
-disallow_untyped_defs = False
-disallow_incomplete_defs = False
-check_untyped_defs = False
-
 [mypy-qapi.schema]
 disallow_untyped_defs = False
 disallow_incomplete_defs = False
-- 
2.30.2

[PATCH v2 0/6] qapi: static typing conversion, pt5b

This is part five (b), and focuses on QAPIDoc in parser.py.

gitlab: https://gitlab.com/jsnow/qemu/-/commits/python-qapi-cleanup-pt5b

Requirements:
- Python 3.6+
- mypy >= 0.770
- pylint >= 2.6.0 (2.7.0+ when using Python 3.9+)

Every commit should pass with:
 - `isort -c qapi/`
 - `flake8 qapi/`
 - `pylint --rcfile=qapi/pylintrc qapi/`
 - `mypy --config-file=qapi/mypy.ini qapi/`

V2:
 - Changed patch 01 to fix error message.
 - Add a TODO for fixing the cycle in patch 03.
 - Changed some commit messages, patch names

John Snow (6):
  qapi/parser: fix unused check_args_section arguments
  qapi/parser: Allow empty QAPIDoc Sections
  qapi/parser: add type hint annotations (QAPIDoc)
  qapi/parser: enable mypy checks
  qapi/parser: Silence too-few-public-methods warning
  qapi/parser: enable pylint checks

 scripts/qapi/mypy.ini |  5 --
 scripts/qapi/parser.py| 98 +--
 scripts/qapi/pylintrc |  3 +-
 tests/qapi-schema/doc-bad-feature.err |  2 +-
 4 files changed, 64 insertions(+), 44 deletions(-)

-- 
2.30.2

[PATCH v2 3/6] qapi/parser: add type hint annotations (QAPIDoc)

Annotations do not change runtime behavior.

This commit adds mostly annotations, but uses a TYPE_CHECKING runtime
check to conditionally import dependencies, which only triggers during
runs of mypy.

Signed-off-by: John Snow 

---

TopLevelExpr, an idea from previous drafts, makes a return here in order
to give a semantic meaning to check_expr(). The type is intended to be
used more in forthcoming commits (pt5c), but I opted to include it now
instead of creating yet-another Dict[str, object] type hint that I would
forget to change later.

Signed-off-by: John Snow 
---
 scripts/qapi/parser.py | 77 ++
 1 file changed, 48 insertions(+), 29 deletions(-)

diff --git a/scripts/qapi/parser.py b/scripts/qapi/parser.py
index 3ddde318376..b1e2fa5c577 100644
--- a/scripts/qapi/parser.py
+++ b/scripts/qapi/parser.py
@@ -18,6 +18,7 @@
 import os
 import re
 from typing import (
+TYPE_CHECKING,
 Dict,
 List,
 Optional,
@@ -30,6 +31,15 @@
 from .source import QAPISourceInfo
 
 
+if TYPE_CHECKING:
+# pylint: disable=cyclic-import
+# TODO: Remove cycle. [schema -> expr -> parser -> schema]
+from .schema import QAPISchemaFeature, QAPISchemaMember
+
+
+#: Represents a single Top Level QAPI schema expression.
+TopLevelExpr = Dict[str, object]
+
 # Return value alias for get_expr().
 _ExprValue = Union[List[object], Dict[str, object], str, bool]
 
@@ -447,7 +457,8 @@ class QAPIDoc:
 """
 
 class Section:
-def __init__(self, parser, name=None, indent=0):
+def __init__(self, parser: QAPISchemaParser,
+ name: Optional[str] = None, indent: int = 0):
 # parser, for error messages about indentation
 self._parser = parser
 # optional section name (argument/member or section name)
@@ -459,7 +470,7 @@ def __init__(self, parser, name=None, indent=0):
 def __bool__(self) -> bool:
 return bool(self.name or self.text)
 
-def append(self, line):
+def append(self, line: str) -> None:
 # Strip leading spaces corresponding to the expected indent level
 # Blank lines are always OK.
 if line:
@@ -474,39 +485,40 @@ def append(self, line):
 self.text += line.rstrip() + '\n'
 
 class ArgSection(Section):
-def __init__(self, parser, name, indent=0):
+def __init__(self, parser: QAPISchemaParser,
+ name: Optional[str] = None, indent: int = 0):
 super().__init__(parser, name, indent)
-self.member = None
+self.member: Optional['QAPISchemaMember'] = None
 
-def connect(self, member):
+def connect(self, member: 'QAPISchemaMember') -> None:
 self.member = member
 
-def __init__(self, parser, info):
+def __init__(self, parser: QAPISchemaParser, info: QAPISourceInfo):
 # self._parser is used to report errors with QAPIParseError.  The
 # resulting error position depends on the state of the parser.
 # It happens to be the beginning of the comment.  More or less
 # servicable, but action at a distance.
 self._parser = parser
 self.info = info
-self.symbol = None
+self.symbol: Optional[str] = None
 self.body = QAPIDoc.Section(parser)
 # dict mapping parameter name to ArgSection
-self.args = OrderedDict()
-self.features = OrderedDict()
+self.args: Dict[str, QAPIDoc.ArgSection] = OrderedDict()
+self.features: Dict[str, QAPIDoc.ArgSection] = OrderedDict()
 # a list of Section
-self.sections = []
+self.sections: List[QAPIDoc.Section] = []
 # the current section
 self._section = self.body
 self._append_line = self._append_body_line
 
-def has_section(self, name):
+def has_section(self, name: str) -> bool:
 """Return True if we have a section with this name."""
 for i in self.sections:
 if i.name == name:
 return True
 return False
 
-def append(self, line):
+def append(self, line: str) -> None:
 """
 Parse a comment line and add it to the documentation.
 
@@ -527,18 +539,18 @@ def append(self, line):
 line = line[1:]
 self._append_line(line)
 
-def end_comment(self):
+def end_comment(self) -> None:
 self._end_section()
 
 @staticmethod
-def _is_section_tag(name):
+def _is_section_tag(name: str) -> bool:
 return name in ('Returns:', 'Since:',
 # those are often singular or plural
 'Note:', 'Notes:',
 'Example:', 'Examples:',
 'TODO:')
 
-def _append_body_line(self, line):
+def _append_body_line(self, line: str) -> None:
 """
 Process a line of documentation text in the body section.
 
@@ -578,7 +590,7 @@ def

Re: [PATCH qemu v20] spapr: Implement Open Firmware client interface

2021-05-20 Thread Alexey Kardashevskiy





On 21/05/2021 07:59, BALATON Zoltan wrote:

On Thu, 20 May 2021, Alexey Kardashevskiy wrote:

The PAPR platform describes an OS environment that's presented by
a combination of a hypervisor and firmware. The features it specifies
require collaboration between the firmware and the hypervisor.

Since the beginning, the runtime component of the firmware (RTAS) has
been implemented as a 20 byte shim which simply forwards it to
a hypercall implemented in qemu. The boot time firmware component is
SLOF - but a build that's specific to qemu, and has always needed to be
updated in sync with it. Even though we've managed to limit the amount
of runtime communication we need between qemu and SLOF, there's some,
and it has become increasingly awkward to handle as we've implemented
new features.

This implements a boot time OF client interface (CI) which is
enabled by a new "x-vof" pseries machine option (stands for "Virtual Open
Firmware). When enabled, QEMU implements the custom H_OF_CLIENT hcall
which implements Open Firmware Client Interface (OF CI). This allows
using a smaller stateless firmware which does not have to manage
the device tree.

The new "vof.bin" firmware image is included with source code under
pc-bios/. It also includes RTAS blob.

This implements a handful of CI methods just to get -kernel/-initrd
working. In particular, this implements the device tree fetching and
simple memory allocator - "claim" (an OF CI memory allocator) and updates
"/memory@0/available" to report the client about available memory.

This implements changing some device tree properties which we know how
to deal with, the rest is ignored. To allow changes, this skips
fdt_pack() when x-vof=on as not packing the blob leaves some room for
appending.

In absence of SLOF, this assigns phandles to device tree nodes to make
device tree traversing work.

When x-vof=on, this adds "/chosen" every time QEMU (re)builds a tree.

This adds basic instances support which are managed by a hash map
ihandle -> [phandle].

Before the guest started, the used memory is:
0..e60 - the initial firmware
8000..1 - stack
40.. - kernel
3ea.. - initramdisk

This OF CI does not implement "interpret".

Unlike SLOF, this does not format uninitialized nvram. Instead, this
includes a disk image with pre-formatted nvram.

With this basic support, this can only boot into kernel directly.
However this is just enough for the petitboot kernel and initradmdisk to
boot from any possible source. Note this requires reasonably recent guest
kernel with:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df5be5be8735 



The immediate benefit is much faster booting time which especially
crucial with fully emulated early CPU bring up environments. Also this
may come handy when/if GRUB-in-the-userspace sees light of the day.

This separates VOF and sPAPR in a hope that VOF bits may be reused by
other POWERPC boards which do not support pSeries.

This is coded in assumption that later on we might be adding support for
booting from QEMU backends (blockdev is the first candidate) without
devices/drivers in between as OF1275 does not require that and
it is quite easy to so.

Signed-off-by: Alexey Kardashevskiy 
---

The example command line is:

/home/aik/pbuild/qemu-killslof-localhost-ppc64/qemu-system-ppc64 \
-nodefaults \
-chardev stdio,id=STDIO0,signal=off,mux=on \
-device spapr-vty,id=svty0,reg=0x71000110,chardev=STDIO0 \
-mon id=MON0,chardev=STDIO0,mode=readline \
-nographic \
-vga none \
-enable-kvm \
-m 8G \
-machine 
pseries,x-vof=on,cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,cap-ccf-assist=off 
\

-kernel pbuild/kernel-le-guest/vmlinux \
-initrd pb/rootfs.cpio.xz \
-drive 
id=DRIVE0,if=none,file=./p/qemu-killslof/pc-bios/vof-nvram.bin,format=raw 
\

-global spapr-nvram.drive=DRIVE0 \
-snapshot \
-smp 8,threads=8 \
-L /home/aik/t/qemu-ppc64-bios/ \
-trace events=qemu_trace_events \
-d guest_errors \
-chardev socket,id=SOCKET0,server,nowait,path=qemu.mon.tmux26 \
-mon chardev=SOCKET0,mode=control

---
Changes:
v20:
* compile vof.bin with -mcpu=power4 for better compatibility
* s/std/stw/ in entry.S to make it work on ppc32
* fixed dt_available property to support both 32 and 64bit
* shuffled prom_args handling code
* do not enforce 32bit in MSR (again, to support 32bit platforms)



[...]

diff --git a/default-configs/devices/ppc64-softmmu.mak 
b/default-configs/devices/ppc64-softmmu.mak

index ae0841fa3a18..9fb201dfacfa 100644
--- a/default-configs/devices/ppc64-softmmu.mak
+++ b/default-configs/devices/ppc64-softmmu.mak
@@ -9,3 +9,4 @@ CONFIG_POWERNV=y
 # For pSeries
 CONFIG_PSERIES=y
 CONFIG_NVDIMM=y
+CONFIG_VOF=y
diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index e51e0e5e5ac6..964510dfc73d 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -143,3 +143,6 @@ config FW_CFG_PPC

 config FDT_PPC
 bool
+
+config VOF
+    bool


I think you should just add "select VOF" to config PSERIES section in 
Kconfig instead of adding

[PATCH 2/2] tests/tcg/s390x: Test SIGILL handling

2021-05-20 Thread Ilya Leoshkevich

Verify that s390x-specific uc_mcontext.psw.addr is reported correctly.

Signed-off-by: Ilya Leoshkevich 
---
 tests/tcg/s390x/Makefile.target |  1 +
 tests/tcg/s390x/sigill.c| 41 +
 2 files changed, 42 insertions(+)
 create mode 100644 tests/tcg/s390x/sigill.c

diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
index 241ef28f61..8699d829a5 100644
--- a/tests/tcg/s390x/Makefile.target
+++ b/tests/tcg/s390x/Makefile.target
@@ -8,3 +8,4 @@ TESTS+=exrl-trtr
 TESTS+=pack
 TESTS+=mvo
 TESTS+=mvc
+TESTS+=sigill
diff --git a/tests/tcg/s390x/sigill.c b/tests/tcg/s390x/sigill.c
new file mode 100644
index 00..f8021dc6af
--- /dev/null
+++ b/tests/tcg/s390x/sigill.c
@@ -0,0 +1,41 @@
+#include 
+#include 
+#include 
+#include 
+#include 
+
+extern char expected_si_addr[];
+extern char expected_psw_addr[];
+
+static void handle_signal(int sig, siginfo_t *info, void *ucontext)
+{
+if (sig != SIGILL) {
+_exit(1);
+}
+
+if (info->si_addr != expected_si_addr) {
+_exit(2);
+}
+
+if (((ucontext_t *)ucontext)->uc_mcontext.psw.addr !=
+(unsigned long)expected_psw_addr) {
+_exit(3);
+}
+}
+
+int main(void)
+{
+struct sigaction act;
+
+memset(, 0, sizeof(act));
+act.sa_sigaction = handle_signal;
+act.sa_flags = SA_SIGINFO;
+
+int ret = sigaction(SIGILL, , NULL);
+assert(ret == 0);
+
+asm volatile("expected_si_addr:\t.byte\t0x00,0x00\n"
+ "expected_psw_addr:");
+
+return 0;
+}
-- 
2.31.1

Re: [PULL 02/19] sev: update sev-inject-launch-secret to make gpa optional

2021-05-20 Thread James Bottomley

On Thu, 2021-05-20 at 23:36 +0200, Philippe Mathieu-Daudé wrote:
> On 2/15/21 2:16 PM, Paolo Bonzini wrote:
> > From: James Bottomley 
> > 
> > If the gpa isn't specified, it's value is extracted from the OVMF
> > properties table located below the reset vector (and if this
> > doesn't
> > exist, an error is returned).  OVMF has defined the GUID for the
> > SEV
> > secret area as 4c2eb361-7d9b-4cc3-8081-127c90d3d294 and the format
> > of
> > the  is: | where both are uint32_t.  We extract
> >  and use it as the gpa for the injection.
> > 
> > Note: it is expected that the injected secret will also be GUID
> > described but since qemu can't interpret it, the format is left
> > undefined here.
> > 
> > Signed-off-by: James Bottomley 
> > 
> > Reviewed-by: Dr. David Alan Gilbert 
> > Message-Id: <20210204193939.16617-3-j...@linux.ibm.com>
> > Signed-off-by: Paolo Bonzini 
> > ---
> >  qapi/misc-target.json |  2 +-
> >  target/i386/monitor.c | 23 ++-
> >  2 files changed, 23 insertions(+), 2 deletions(-)
> > 
> > diff --git a/qapi/misc-target.json b/qapi/misc-target.json
> > index 06ef8757f0..0c7491cd82 100644
> > --- a/qapi/misc-target.json
> > +++ b/qapi/misc-target.json
> > @@ -216,7 +216,7 @@
> >  #
> >  ##
> >  { 'command': 'sev-inject-launch-secret',
> > -  'data': { 'packet-header': 'str', 'secret': 'str', 'gpa':
> > 'uint64' },
> > +  'data': { 'packet-header': 'str', 'secret': 'str', '*gpa':
> > 'uint64' },
> >'if': 'defined(TARGET_I386)' }
> >  
> >  ##
> > diff --git a/target/i386/monitor.c b/target/i386/monitor.c
> > index 1bc91442b1..5994408bee 100644
> > --- a/target/i386/monitor.c
> > +++ b/target/i386/monitor.c
> > @@ -34,6 +34,7 @@
> >  #include "sev_i386.h"
> >  #include "qapi/qapi-commands-misc-target.h"
> >  #include "qapi/qapi-commands-misc.h"
> > +#include "hw/i386/pc.h"
> >  
> >  /* Perform linear address sign extension */
> >  static hwaddr addr_canonical(CPUArchState *env, hwaddr addr)
> > @@ -730,9 +731,29 @@ SevCapability
> > *qmp_query_sev_capabilities(Error **errp)
> >  return sev_get_capabilities(errp);
> >  }
> >  
> > +#define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294"
> > +struct sev_secret_area {
> > +uint32_t base;
> > +uint32_t size;
> > +};
> > +
> >  void qmp_sev_inject_launch_secret(const char *packet_hdr,
> > -  const char *secret, uint64_t
> > gpa,
> > +  const char *secret,
> > +  bool has_gpa, uint64_t gpa,
> >Error **errp)
> >  {
> > +if (!has_gpa) {
> > +uint8_t *data;
> > +struct sev_secret_area *area;
> > +
> > +if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, ,
> > NULL)) {
> 
> FYI trying to build MicroVM standalone (--without-default-devices):
> 
> /usr/bin/ld: libqemu-i386-softmmu.fa.p/target_i386_monitor.c.o: in
> function `qmp_sev_inject_launch_secret':
> target/i386/monitor.c:749: undefined reference to
> `pc_system_ovmf_table_find'
> 
> I'm adding this to my TODO list.

I'm pretty clueless with the new meson build system but I think this is
something to do with CONFIG_PC not being defined ... can you verify? in
which case it could be fixed with a pc_sysfw-stub.c that builds it as a
function returning false.

James

Re: [PULL v3 24/42] target/riscv: Implementation of enhanced PMP (ePMP)

On Thu, May 20, 2021 at 11:51 PM Peter Maydell  wrote:
>
> On Tue, 11 May 2021 at 11:21, Alistair Francis  
> wrote:
> >
> > From: Hou Weiying 
> >
> > This commit adds support for ePMP v0.9.1.
> >
> > The ePMP spec can be found in:
> > https://docs.google.com/document/d/1Mh_aiHYxemL0umN3GTTw8vsbmzHZ_nxZXgjgOUzbvc8
> >
> > Signed-off-by: Hongzheng-Li 
> > Signed-off-by: Hou Weiying 
> > Signed-off-by: Myriad-Dreamin 
> > Signed-off-by: Alistair Francis 
> > Reviewed-by: Bin Meng 
> > Message-id: 
> > fef23b885f9649a4d54e7c98b168bdec5d297bb1.1618812899.git.alistair.fran...@wdc.com
> > [ Changes by AF:
> >  - Rebase on master
> >  - Update to latest spec
> >  - Use a switch case to handle ePMP MML permissions
> >  - Fix a few bugs
> > ]
> > Signed-off-by: Alistair Francis 
>
> Hi; this code confuses Coverity into thinking that the pmp_hart_has_privs()
> function might read the value pointed to by 'allowed_privs' when
> it is uninitialized (CID 1453108):
>
>
> > @@ -294,13 +351,94 @@ bool pmp_hart_has_privs(CPURISCVState *env, 
> > target_ulong addr,
> >  pmp_get_a_field(env->pmp_state.pmp[i].cfg_reg);
> >
> >  /*
> > - * If the PMP entry is not off and the address is in range, do the 
> > priv
> > - * check
> > + * Convert the PMP permissions to match the truth table in the
> > + * ePMP spec.
> >   */
> > +const uint8_t epmp_operation =
> > +((env->pmp_state.pmp[i].cfg_reg & PMP_LOCK) >> 4) |
> > +((env->pmp_state.pmp[i].cfg_reg & PMP_READ) << 2) |
> > +(env->pmp_state.pmp[i].cfg_reg & PMP_WRITE) |
> > +((env->pmp_state.pmp[i].cfg_reg & PMP_EXEC) >> 2);
>
> Here we construct a value which can only be in the range [0,15],
> but we do it in a way that Coverity isn't clever enough to figure out...
>
> > +
> >  if (((s + e) == 2) && (PMP_AMATCH_OFF != a_field)) {
> > -*allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
> > -if ((mode != PRV_M) || pmp_is_locked(env, i)) {
> > -*allowed_privs &= env->pmp_state.pmp[i].cfg_reg;
> > +/*
> > + * If the PMP entry is not off and the address is in range,
> > + * do the priv check
> > + */
> > +if (!MSECCFG_MML_ISSET(env)) {
> > +/*
> > + * If mseccfg.MML Bit is not set, do pmp priv check
> > + * This will always apply to regular PMP.
> > + */
> > +*allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
> > +if ((mode != PRV_M) || pmp_is_locked(env, i)) {
> > +*allowed_privs &= env->pmp_state.pmp[i].cfg_reg;
> > +}
> > +} else {
> > +/*
> > + * If mseccfg.MML Bit set, do the enhanced pmp priv check
> > + */
> > +if (mode == PRV_M) {
> > +switch (epmp_operation) {
> > +case 0:
> > +case 1:
> > +case 4:
> > +case 5:
> > +case 6:
> > +case 7:
> > +case 8:
> > +*allowed_privs = 0;
> > +break;
> > +case 2:
> > +case 3:
> > +case 14:
> > +*allowed_privs = PMP_READ | PMP_WRITE;
> > +break;
> > +case 9:
> > +case 10:
> > +*allowed_privs = PMP_EXEC;
> > +break;
> > +case 11:
> > +case 13:
> > +*allowed_privs = PMP_READ | PMP_EXEC;
> > +break;
> > +case 12:
> > +case 15:
> > +*allowed_privs = PMP_READ;
> > +break;
>
> ...so coverity thinks that "via the 'default' case" is a valid flow
> of control in these switch() statements...
>
> > +}
> > +} else {
> > +switch (epmp_operation) {
> > +case 0:
> > +case 8:
> > +case 9:
> > +case 12:
> > +case 13:
> > +case 14:
> > +*allowed_privs = 0;
> > +break;
> > +case 1:
> > +case 10:
> > +case 11:
> > +*allowed_privs = PMP_EXEC;
> > +break;
> > +case 2:
> > +case 4:
> > +case 15:
> > +*allowed_privs = PMP_READ;
> > +break;
> > +case 3:
> > +case 6:
> > +

[PATCH v2 1/6] qapi/parser: fix unused check_args_section arguments

Pylint informs us we're not using these arguments. Oops, it's
right. Correct the error message and remove the remaining unused
parameter.

Fix test output now that the error message is improved.

Fixes: e151941d1b
Signed-off-by: John Snow 
---
 scripts/qapi/parser.py| 16 +---
 tests/qapi-schema/doc-bad-feature.err |  2 +-
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/scripts/qapi/parser.py b/scripts/qapi/parser.py
index 06167ed3e0a..b6a5e661215 100644
--- a/scripts/qapi/parser.py
+++ b/scripts/qapi/parser.py
@@ -753,16 +753,18 @@ def check_expr(self, expr):
 
 def check(self):
 
-def check_args_section(args, info, what):
+def check_args_section(args, what):
 bogus = [name for name, section in args.items()
  if not section.member]
 if bogus:
 raise QAPISemError(
 self.info,
-"documented member%s '%s' %s not exist"
-% ("s" if len(bogus) > 1 else "",
-   "', '".join(bogus),
-   "do" if len(bogus) > 1 else "does"))
+"documented %s%s '%s' %s not exist" % (
+what,
+"s" if len(bogus) > 1 else "",
+"', '".join(bogus),
+"do" if len(bogus) > 1 else "does"
+))
 
-check_args_section(self.args, self.info, 'members')
-check_args_section(self.features, self.info, 'features')
+check_args_section(self.args, 'member')
+check_args_section(self.features, 'feature')
diff --git a/tests/qapi-schema/doc-bad-feature.err 
b/tests/qapi-schema/doc-bad-feature.err
index e4c62adfa3e..49d1746c3d1 100644
--- a/tests/qapi-schema/doc-bad-feature.err
+++ b/tests/qapi-schema/doc-bad-feature.err
@@ -1 +1 @@
-doc-bad-feature.json:3: documented member 'a' does not exist
+doc-bad-feature.json:3: documented feature 'a' does not exist
-- 
2.30.2

Re: [PATCH v1 1/1] target/riscv/pmp: Add assert for ePMP operations

2021-05-20 Thread Bin Meng

On Fri, May 21, 2021 at 6:56 AM Alistair Francis
 wrote:
>
> Although we construct epmp_operation in such a way that it can only be
> between 0 and 15 Coverity complains that we don't handle the other
> possible cases. To fix Coverity and make it easier for humans to read
> add a default case to the switch statement that calls
> g_assert_not_reached().
>
> Fixes: CID 1453108
> Signed-off-by: Alistair Francis 
> ---
>  target/riscv/pmp.c | 4 
>  1 file changed, 4 insertions(+)
>

Reviewed-by: Bin Meng

[PATCH 1/2] hw/usb: hcd-xhci-pci: Raise MSI/MSI-X interrupts only when told to

2021-05-20 Thread Bin Meng

From: Ruimei Yan 

At present MSI / MSI-X interrupts are triggered regardless of the
irq level. We should have checked the level to determine whether
the interrupt needs to be delivered.

The level check logic was present in early versions of the xhci
model, but got dropped later by a rework of interrupt handling
under commit 4c4abe7cc903 ("xhci: rework interrupt handling").

Fixes: 4c4abe7cc903 ("xhci: rework interrupt handling")
Signed-off-by: Ruimei Yan 
Signed-off-by: Bin Meng 
---

 hw/usb/hcd-xhci-pci.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/usb/hcd-xhci-pci.c b/hw/usb/hcd-xhci-pci.c
index 9421734d0f..b6acd1790c 100644
--- a/hw/usb/hcd-xhci-pci.c
+++ b/hw/usb/hcd-xhci-pci.c
@@ -67,12 +67,13 @@ static void xhci_pci_intr_raise(XHCIState *xhci, int n, 
bool level)
  msi_enabled(pci_dev))) {
 pci_set_irq(pci_dev, level);
 }
-if (msix_enabled(pci_dev)) {
+
+if (msix_enabled(pci_dev) && level) {
 msix_notify(pci_dev, n);
 return;
 }
 
-if (msi_enabled(pci_dev)) {
+if (msi_enabled(pci_dev) && level) {
 msi_notify(pci_dev, n);
 return;
 }
-- 
2.25.1

Re: [PATCH] linux-user: Handle EXCP10_COPR properly for i386

2021-05-20 Thread 邹旭

ping

邹旭  于2021年5月14日周五 下午5:23写道：

> From e805b793f7d4b3e8c37d540b7d6cc0c6ac682311 Mon Sep 17 00:00:00 2001
> From: Xu Zou 
> Date: Fri, 14 May 2021 15:55:07 +0800
> Subject: [PATCH] linux-user: Handle EXCP10_COPR properly for i386
>
> Handle EXCP10_COPR properly for i386 in cpu loop.
>
> NE flag is set to select native mode for handling floating-point
> exceptions. FWAIT instruction can raise EXCP10_COPR exception by using
> fpu_raise_exception() function.
>
> The code is based on kernel's function fpu__exception_code() in
> arch/x86/kernel/fpu/core.c.
>
> Signed-off-by: Xu Zou 
> ---
>  linux-user/i386/cpu_loop.c | 26 +-
>  1 file changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/linux-user/i386/cpu_loop.c b/linux-user/i386/cpu_loop.c
> index f813e87294..e1f2911554 100644
> --- a/linux-user/i386/cpu_loop.c
> +++ b/linux-user/i386/cpu_loop.c
> @@ -199,6 +199,8 @@ void cpu_loop(CPUX86State *env)
>  {
>  CPUState *cs = env_cpu(env);
>  int trapnr;
> +int si_code;
> +uint8_t status;
>  abi_ulong pc;
>  abi_ulong ret;
>
> @@ -315,6 +317,28 @@ void cpu_loop(CPUX86State *env)
>  case EXCP_ATOMIC:
>  cpu_exec_step_atomic(cs);
>  break;
> +case EXCP10_COPR:
> +si_code = 0;
> +status = env->fp_status.float_exception_flags;
> +if (status & float_flag_invalid) {
> +si_code = TARGET_FPE_FLTINV;
> +}
> +if (status & float_flag_divbyzero) {
> +si_code = TARGET_FPE_FLTDIV;
> +}
> +if (status & float_flag_overflow) {
> +si_code = TARGET_FPE_FLTOVF;
> +}
> +if ((status & float_flag_underflow) ||
> +(status & float_flag_input_denormal) ||
> +(status & float_flag_output_denormal)) {
> +si_code = TARGET_FPE_FLTUND;
> +}
> +if (status & float_flag_inexact) {
> +si_code = TARGET_FPE_FLTRES;
> +}
> +gen_signal(env, TARGET_SIGFPE, si_code, env->eip);
> +break;
>  default:
>  pc = env->segs[R_CS].base + env->eip;
>  EXCP_DUMP(env, "qemu: 0x%08lx: unhandled CPU exception 0x%x -
> aborting\n",
> @@ -327,7 +351,7 @@ void cpu_loop(CPUX86State *env)
>
>  void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
>  {
> -env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK;
> +env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK | CR0_NE_MASK;
>  env->hflags |= HF_PE_MASK | HF_CPL_MASK;
>  if (env->features[FEAT_1_EDX] & CPUID_SSE) {
>  env->cr[4] |= CR4_OSFXSR_MASK;
> --
> 2.25.1
>
>

Re: [PATCH 3/6] qapi/parser.py: add type hint annotations (QAPIDoc)


On 5/20/21 11:05 AM, Markus Armbruster wrote:

John Snow  writes:


Annotations do not change runtime behavior.

This commit adds mostly annotations, but uses a TYPE_CHECKING runtime
check to conditionally import dependencies, which only triggers during
runs of mypy.

Signed-off-by: John Snow 

---

TopLevelExpr, an idea from previous drafts, makes a return here in order
to give a semantic meaning to check_expr(). The type is intended to be
used more in forthcoming commits (pt5c), but I opted to include it now
instead of creating yet-another Dict[str, object] type hint that I would
forget to change later.


There's just one use.  Since you assure me it'll make sense later...



Check for yourself in pt5c, patch #2.


Signed-off-by: John Snow 
---
  scripts/qapi/parser.py | 74 +-
  1 file changed, 45 insertions(+), 29 deletions(-)

diff --git a/scripts/qapi/parser.py b/scripts/qapi/parser.py
index 71e982bff57..fefe4c37f44 100644
--- a/scripts/qapi/parser.py
+++ b/scripts/qapi/parser.py
@@ -18,6 +18,7 @@
  import os
  import re
  from typing import (
+TYPE_CHECKING,
  Dict,
  List,
  Optional,
@@ -30,6 +31,14 @@
  from .source import QAPISourceInfo
  
  
+if TYPE_CHECKING:

+# pylint: disable=cyclic-import
+from .schema import QAPISchemaFeature, QAPISchemaMember


Oh boy :)

Any ideas on how to clean this up later?



U .

It turns out you don't need the pylint pragma for pylint >= 2.8.x 
anymore. (But, I will leave this alone for now to try and offer some 
compatibility to older pylint versions, at least for a little while.)


Oddly enough I can't seme to get pylint to warn about the cycle at all 
right now, but it will still indeed crash at runtime without these 
shenanigans:


Traceback (most recent call last):
  File "/home/jsnow/src/qemu/scripts/qapi-gen.py", line 16, in 
from qapi import main
  File "/home/jsnow/src/qemu/scripts/qapi/main.py", line 14, in 
from .commands import gen_commands
  File "/home/jsnow/src/qemu/scripts/qapi/commands.py", line 25, in 


from .gen import (
  File "/home/jsnow/src/qemu/scripts/qapi/gen.py", line 34, in 
from .schema import (
  File "/home/jsnow/src/qemu/scripts/qapi/schema.py", line 24, in 
from .expr import check_exprs
  File "/home/jsnow/src/qemu/scripts/qapi/expr.py", line 47, in 
from .parser import QAPIDoc
  File "/home/jsnow/src/qemu/scripts/qapi/parser.py", line 30, in 
from .schema import QAPISchemaFeature, QAPISchemaMember


schema -> expr -> parser -> schema is the cycle.

schema needs check_exprs and QAPISchemaParser both.
parser needs types from schema.

Maybe QAPISchema could be handed already-validated expressions instead, 
relying on common definition types in common.py instead to remove its 
dependency on the other modules.


It makes the constructor for QAPISchema a little less convenient, but it 
emphasizes that each module "does one thing, and does it well."


main.py or similar would need to compensate by breaking out more of the 
component steps into its generate() function.



+
+
+#: Represents a single Top Level QAPI schema expression.
+TopLevelExpr = Dict[str, object]
+
  # Return value alias for get_expr().
  _ExprValue = Union[List[object], Dict[str, object], str, bool]
  
@@ -447,7 +456,8 @@ class QAPIDoc:

  """
  
  class Section:

-def __init__(self, parser, name=None, indent=0):
+def __init__(self, parser: QAPISchemaParser,
+ name: Optional[str] = None, indent: int = 0):
  # parser, for error messages about indentation
  self._parser = parser
  # optional section name (argument/member or section name)
@@ -459,7 +469,7 @@ def __init__(self, parser, name=None, indent=0):
  def __bool__(self) -> bool:
  return bool(self.name or self.text)
  
-def append(self, line):

+def append(self, line: str) -> None:
  # Strip leading spaces corresponding to the expected indent level
  # Blank lines are always OK.
  if line:
@@ -474,39 +484,40 @@ def append(self, line):
  self.text += line.rstrip() + '\n'
  
  class ArgSection(Section):

-def __init__(self, parser, name, indent=0):
+def __init__(self, parser: QAPISchemaParser,
+ name: Optional[str] = None, indent: int = 0):
  super().__init__(parser, name, indent)
-self.member = None
+self.member: Optional['QAPISchemaMember'] = None
  
-def connect(self, member):

+def connect(self, member: 'QAPISchemaMember') -> None:
  self.member = member
  
-def __init__(self, parser, info):

+def __init__(self, parser: QAPISchemaParser, info: QAPISourceInfo):
  # self._parser is used to report errors with QAPIParseError.  The
  # resulting error position depends on the state of the parser.
  # It happens to be

[PATCH 2/2] hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X

2021-05-20 Thread Bin Meng

From: Ruimei Yan 

Per xHCI spec v1.2 chapter 4.17.5 page 296:

  If MSI or MSI-X interrupts are enabled, Interrupt Pending (IP)
  shall be cleared automatically when the PCI dword write generated
  by the interrupt assertion is complete.

Currently QEMU does not clear the IP flag in the MSI / MSI-X mode.
This causes subsequent spurious interrupt to be delivered to guests.
To solve this, we change the xhci intr_raise() hook routine to have
a bool return value that is passed to its caller (the xhci core),
with true indicating that IP should be self-cleared.

Fixes: 62c6ae04cf43 ("xhci: Initial xHCI implementation")
Fixes: 4c47f800631a ("xhci: add msix support")
Signed-off-by: Ruimei Yan 
[bmeng: move IP clear codes from xhci pci to xhci core]
Signed-off-by: Bin Meng 
---

 hw/usb/hcd-xhci.h| 2 +-
 hw/usb/hcd-xhci-pci.c| 8 +---
 hw/usb/hcd-xhci-sysbus.c | 4 +++-
 hw/usb/hcd-xhci.c| 8 ++--
 4 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/hw/usb/hcd-xhci.h b/hw/usb/hcd-xhci.h
index 7bba361f3b..98f598382a 100644
--- a/hw/usb/hcd-xhci.h
+++ b/hw/usb/hcd-xhci.h
@@ -194,7 +194,7 @@ typedef struct XHCIState {
 uint32_t flags;
 uint32_t max_pstreams_mask;
 void (*intr_update)(XHCIState *s, int n, bool enable);
-void (*intr_raise)(XHCIState *s, int n, bool level);
+bool (*intr_raise)(XHCIState *s, int n, bool level);
 DeviceState *hostOpaque;
 
 /* Operational Registers */
diff --git a/hw/usb/hcd-xhci-pci.c b/hw/usb/hcd-xhci-pci.c
index b6acd1790c..e934b1a5b1 100644
--- a/hw/usb/hcd-xhci-pci.c
+++ b/hw/usb/hcd-xhci-pci.c
@@ -57,7 +57,7 @@ static void xhci_pci_intr_update(XHCIState *xhci, int n, bool 
enable)
 }
 }
 
-static void xhci_pci_intr_raise(XHCIState *xhci, int n, bool level)
+static bool xhci_pci_intr_raise(XHCIState *xhci, int n, bool level)
 {
 XHCIPciState *s = container_of(xhci, XHCIPciState, xhci);
 PCIDevice *pci_dev = PCI_DEVICE(s);
@@ -70,13 +70,15 @@ static void xhci_pci_intr_raise(XHCIState *xhci, int n, 
bool level)
 
 if (msix_enabled(pci_dev) && level) {
 msix_notify(pci_dev, n);
-return;
+return true;
 }
 
 if (msi_enabled(pci_dev) && level) {
 msi_notify(pci_dev, n);
-return;
+return true;
 }
+
+return false;
 }
 
 static void xhci_pci_reset(DeviceState *dev)
diff --git a/hw/usb/hcd-xhci-sysbus.c b/hw/usb/hcd-xhci-sysbus.c
index 42e2574c82..a14e438196 100644
--- a/hw/usb/hcd-xhci-sysbus.c
+++ b/hw/usb/hcd-xhci-sysbus.c
@@ -16,11 +16,13 @@
 #include "hw/acpi/aml-build.h"
 #include "hw/irq.h"
 
-static void xhci_sysbus_intr_raise(XHCIState *xhci, int n, bool level)
+static bool xhci_sysbus_intr_raise(XHCIState *xhci, int n, bool level)
 {
 XHCISysbusState *s = container_of(xhci, XHCISysbusState, xhci);
 
 qemu_set_irq(s->irq[n], level);
+
+return false;
 }
 
 void xhci_sysbus_reset(DeviceState *dev)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 46212b1e69..e01700039b 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -551,7 +551,9 @@ static void xhci_intr_update(XHCIState *xhci, int v)
 level = 1;
 }
 if (xhci->intr_raise) {
-xhci->intr_raise(xhci, 0, level);
+if (xhci->intr_raise(xhci, 0, level)) {
+xhci->intr[0].iman &= ~IMAN_IP;
+}
 }
 }
 if (xhci->intr_update) {
@@ -579,7 +581,9 @@ static void xhci_intr_raise(XHCIState *xhci, int v)
 return;
 }
 if (xhci->intr_raise) {
-xhci->intr_raise(xhci, v, true);
+if (xhci->intr_raise(xhci, v, true)) {
+xhci->intr[v].iman &= ~IMAN_IP;
+}
 }
 }
 
-- 
2.25.1

Re: [PULL v3 36/42] target/riscv: Remove the hardcoded MSTATUS_SD macro

2021-05-20 Thread LIU Zhiwei




On 5/21/21 6:55 AM, Alistair Francis wrote:

On Thu, May 20, 2021 at 11:55 PM Peter Maydell  wrote:

On Tue, 11 May 2021 at 11:22, Alistair Francis  wrote:

Signed-off-by: Alistair Francis 
Reviewed-by: Richard Henderson 
Message-id: 
fcc125d96da941b56c817c9dd6068dc36478fc53.1619234854.git.alistair.fran...@wdc.com
---
  target/riscv/cpu_bits.h  | 10 --
  target/riscv/csr.c   | 12 ++--
  target/riscv/translate.c | 19 +--
  3 files changed, 27 insertions(+), 14 deletions(-)
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 26eccc5eb1..a596f80f20 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -78,6 +78,17 @@ static inline bool has_ext(DisasContext *ctx, uint32_t ext)
  return ctx->misa & ext;
  }

+#ifdef TARGET_RISCV32
+# define is_32bit(ctx)  true
+#elif defined(CONFIG_USER_ONLY)
+# define is_32bit(ctx)  false
+#else
+static inline bool is_32bit(DisasContext *ctx)
+{
+return (ctx->misa & RV32) == RV32;
+}
+#endif

Hi; Coverity points out (CID 1453107) that this is_32bit() function
can never return true for at least some build configs, because RV32
is defined as ((target_ulong)1 << (TARGET_LONG_BITS - 2))
but ctx->misa is a uint32_t field, which (if TARGET_LONG_BITS is
64) is not big enough for the RV32 bit.

This seems like a false positive as RV32 is defined as:

((target_ulong)1 << (TARGET_LONG_BITS - 2))

while ctx->misa is a target_ulong.


Although the misa in RISCVCPUState is target_ulong, the misa in 
DisasContext is uint32_t.


I think we should  fix up the misa in DisasContext.

Zhiwei



So it should always be able to return true.

Alistair


Bug, or false positive ?

thanks
-- PMM

[PATCH 0/2] Fix SIGILL psw.addr reporting

2021-05-20 Thread Ilya Leoshkevich

qemu-s390x puts a wrong value into SIGILL's siginfo_t's psw.addr: it
should be a pointer to the instruction following the illegal
instruction, but at the moment it is a pointer to the illegal
instruction itself. This breaks OpenJDK, which relies on this value.

Patch 1 fixes the issue, patch 2 adds a test.

Ilya Leoshkevich (2):
  target/s390x: Fix SIGILL psw.addr reporting
  tests/tcg/s390x: Test SIGILL handling

 linux-user/s390x/cpu_loop.c |  6 ++-
 target/s390x/excp_helper.c  | 69 ++---
 target/s390x/internal.h |  1 +
 tests/tcg/s390x/Makefile.target |  1 +
 tests/tcg/s390x/sigill.c| 41 
 5 files changed, 85 insertions(+), 33 deletions(-)
 create mode 100644 tests/tcg/s390x/sigill.c

-- 
2.31.1

Re: [RFC 0/1] acceptance tests: bump Avocado version to 88.1

It was not supposed to be an RFC, resending as PATCH.

On Thu, May 20, 2021 at 5:51 PM Willian Rampazzo  wrote:
>
> CI pipeline: https://gitlab.com/willianrampazzo/qemu/-/pipelines/306904401
>
> Besides some internal changes, new features, and bug fixes, on the QEMU side,
> this version fixes the following message seen when running the acceptance
> tests: "Error running method "pre_tests" of plugin "fetchasset": 'bytes'
> object has no attribute 'encode'".
>
> The release notes are available at
> https://avocado-framework.readthedocs.io/en/latest/releases/88_0.html.
>
> Signed-off-by: Willian Rampazzo 
>
> Willian Rampazzo (1):
>   acceptance tests: bump Avocado version to 88.1
>
>  tests/requirements.txt | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> --
> 2.31.1
>
>
>

Re: [PATCH v6 09/19] i386: split hyperv_handle_properties() into hyperv_expand_features()/hyperv_fill_cpuids()

2021-05-20 Thread Eduardo Habkost

On Thu, Apr 22, 2021 at 06:11:20PM +0200, Vitaly Kuznetsov wrote:
> The intention is to call hyperv_expand_features() early, before vCPUs
> are created and use the acquired data later when we set guest visible
> CPUID data.
> 
> Signed-off-by: Vitaly Kuznetsov 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

Re: [PULL 02/19] sev: update sev-inject-launch-secret to make gpa optional

2021-05-20 Thread Philippe Mathieu-Daudé

On 2/15/21 2:16 PM, Paolo Bonzini wrote:
> From: James Bottomley 
> 
> If the gpa isn't specified, it's value is extracted from the OVMF
> properties table located below the reset vector (and if this doesn't
> exist, an error is returned).  OVMF has defined the GUID for the SEV
> secret area as 4c2eb361-7d9b-4cc3-8081-127c90d3d294 and the format of
> the  is: | where both are uint32_t.  We extract
>  and use it as the gpa for the injection.
> 
> Note: it is expected that the injected secret will also be GUID
> described but since qemu can't interpret it, the format is left
> undefined here.
> 
> Signed-off-by: James Bottomley 
> 
> Reviewed-by: Dr. David Alan Gilbert 
> Message-Id: <20210204193939.16617-3-j...@linux.ibm.com>
> Signed-off-by: Paolo Bonzini 
> ---
>  qapi/misc-target.json |  2 +-
>  target/i386/monitor.c | 23 ++-
>  2 files changed, 23 insertions(+), 2 deletions(-)
> 
> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
> index 06ef8757f0..0c7491cd82 100644
> --- a/qapi/misc-target.json
> +++ b/qapi/misc-target.json
> @@ -216,7 +216,7 @@
>  #
>  ##
>  { 'command': 'sev-inject-launch-secret',
> -  'data': { 'packet-header': 'str', 'secret': 'str', 'gpa': 'uint64' },
> +  'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
>'if': 'defined(TARGET_I386)' }
>  
>  ##
> diff --git a/target/i386/monitor.c b/target/i386/monitor.c
> index 1bc91442b1..5994408bee 100644
> --- a/target/i386/monitor.c
> +++ b/target/i386/monitor.c
> @@ -34,6 +34,7 @@
>  #include "sev_i386.h"
>  #include "qapi/qapi-commands-misc-target.h"
>  #include "qapi/qapi-commands-misc.h"
> +#include "hw/i386/pc.h"
>  
>  /* Perform linear address sign extension */
>  static hwaddr addr_canonical(CPUArchState *env, hwaddr addr)
> @@ -730,9 +731,29 @@ SevCapability *qmp_query_sev_capabilities(Error **errp)
>  return sev_get_capabilities(errp);
>  }
>  
> +#define SEV_SECRET_GUID "4c2eb361-7d9b-4cc3-8081-127c90d3d294"
> +struct sev_secret_area {
> +uint32_t base;
> +uint32_t size;
> +};
> +
>  void qmp_sev_inject_launch_secret(const char *packet_hdr,
> -  const char *secret, uint64_t gpa,
> +  const char *secret,
> +  bool has_gpa, uint64_t gpa,
>Error **errp)
>  {
> +if (!has_gpa) {
> +uint8_t *data;
> +struct sev_secret_area *area;
> +
> +if (!pc_system_ovmf_table_find(SEV_SECRET_GUID, , NULL)) {

FYI trying to build MicroVM standalone (--without-default-devices):

/usr/bin/ld: libqemu-i386-softmmu.fa.p/target_i386_monitor.c.o: in
function `qmp_sev_inject_launch_secret':
target/i386/monitor.c:749: undefined reference to
`pc_system_ovmf_table_find'

I'm adding this to my TODO list.

Re: [PATCH v1 1/1] target/riscv/pmp: Add assert for ePMP operations

2021-05-20 Thread LIU Zhiwei


Reviewed-by: LIU Zhiwei 

On 5/21/21 6:55 AM, Alistair Francis wrote:

Although we construct epmp_operation in such a way that it can only be
between 0 and 15 Coverity complains that we don't handle the other
possible cases. To fix Coverity and make it easier for humans to read
add a default case to the switch statement that calls
g_assert_not_reached().

Fixes: CID 1453108
Signed-off-by: Alistair Francis 
---
  target/riscv/pmp.c | 4 
  1 file changed, 4 insertions(+)

diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 78203291de..82ed020b10 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -402,6 +402,8 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong 
addr,
  case 15:
  *allowed_privs = PMP_READ;
  break;
+default:
+g_assert_not_reached();
  }
  } else {
  switch (epmp_operation) {
@@ -433,6 +435,8 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong 
addr,
  case 7:
  *allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
  break;
+default:
+g_assert_not_reached();
  }
  }
  }

[PATCH 1/2] target/s390x: Fix SIGILL psw.addr reporting

2021-05-20 Thread Ilya Leoshkevich

When a s390x CPU attempts to execute an illegal instruction, an
operation exception is recognized. This is a suppressing exception,
which means that the PSW is advanced by the length of the illegal
instruction.

On the real hardware or in qemu-system-s390x the kernel then raises
SIGILL with si_addr pointing to the suppressed instruction and
psw.addr containing the updated PSW.

Unfortunately qemu-s390x sets both to the address of the suppressed
instruction at the moment. Fix by sharing the PSW advancement logic
with qemu-system-s390x and setting si_addr to the address of the
instruction that raised the exception.

Buglink: https://bugs.launchpad.net/qemu/+bug/1920913
Signed-off-by: Ilya Leoshkevich 
---
 linux-user/s390x/cpu_loop.c |  6 +++-
 target/s390x/excp_helper.c  | 69 -
 target/s390x/internal.h |  1 +
 3 files changed, 43 insertions(+), 33 deletions(-)

diff --git a/linux-user/s390x/cpu_loop.c b/linux-user/s390x/cpu_loop.c
index f2d1215fb1..6f5462d4f8 100644
--- a/linux-user/s390x/cpu_loop.c
+++ b/linux-user/s390x/cpu_loop.c
@@ -21,6 +21,7 @@
 #include "qemu-common.h"
 #include "qemu.h"
 #include "cpu_loop-common.h"
+#include "internal.h"
 
 /* s390x masks the fault address it reports in si_addr for SIGSEGV and SIGBUS 
*/
 #define S390X_FAIL_ADDR_MASK -4096LL
@@ -29,6 +30,7 @@ void cpu_loop(CPUS390XState *env)
 {
 CPUState *cs = env_cpu(env);
 int trapnr, n, sig;
+target_ulong excp_psw_addr;
 target_siginfo_t info;
 target_ulong addr;
 abi_long ret;
@@ -38,6 +40,7 @@ void cpu_loop(CPUS390XState *env)
 trapnr = cpu_exec(cs);
 cpu_exec_end(cs);
 process_queued_cpu_work(cs);
+excp_psw_addr = env->psw.addr;
 
 switch (trapnr) {
 case EXCP_INTERRUPT:
@@ -66,6 +69,7 @@ void cpu_loop(CPUS390XState *env)
 n = TARGET_TRAP_BRKPT;
 goto do_signal_pc;
 case EXCP_PGM:
+s390_cpu_program_interrupt_advance_psw(env);
 n = env->int_pgm_code;
 switch (n) {
 case PGM_OPERATION:
@@ -131,7 +135,7 @@ void cpu_loop(CPUS390XState *env)
 break;
 
 do_signal_pc:
-addr = env->psw.addr;
+addr = excp_psw_addr;
 do_signal:
 info.si_signo = sig;
 info.si_errno = 0;
diff --git a/target/s390x/excp_helper.c b/target/s390x/excp_helper.c
index 20625c2c8f..0a323967ae 100644
--- a/target/s390x/excp_helper.c
+++ b/target/s390x/excp_helper.c
@@ -82,6 +82,42 @@ void HELPER(data_exception)(CPUS390XState *env, uint32_t dxc)
 tcg_s390_data_exception(env, dxc, GETPC());
 }
 
+void s390_cpu_program_interrupt_advance_psw(CPUS390XState *env)
+{
+switch (env->int_pgm_code) {
+case PGM_PER:
+if (env->per_perc_atmid & PER_CODE_EVENT_NULLIFICATION) {
+break;
+}
+/* FALL THROUGH */
+case PGM_OPERATION:
+case PGM_PRIVILEGED:
+case PGM_EXECUTE:
+case PGM_PROTECTION:
+case PGM_ADDRESSING:
+case PGM_SPECIFICATION:
+case PGM_DATA:
+case PGM_FIXPT_OVERFLOW:
+case PGM_FIXPT_DIVIDE:
+case PGM_DEC_OVERFLOW:
+case PGM_DEC_DIVIDE:
+case PGM_HFP_EXP_OVERFLOW:
+case PGM_HFP_EXP_UNDERFLOW:
+case PGM_HFP_SIGNIFICANCE:
+case PGM_HFP_DIVIDE:
+case PGM_TRANS_SPEC:
+case PGM_SPECIAL_OP:
+case PGM_OPERAND:
+case PGM_HFP_SQRT:
+case PGM_PC_TRANS_SPEC:
+case PGM_ALET_SPEC:
+case PGM_MONITOR:
+/* advance the PSW if our exception is not nullifying */
+env->psw.addr += env->int_pgm_ilen;
+break;
+}
+}
+
 #if defined(CONFIG_USER_ONLY)
 
 void s390_cpu_do_interrupt(CPUState *cs)
@@ -202,38 +238,7 @@ static void do_program_interrupt(CPUS390XState *env)
 
 assert(ilen == 2 || ilen == 4 || ilen == 6);
 
-switch (env->int_pgm_code) {
-case PGM_PER:
-if (env->per_perc_atmid & PER_CODE_EVENT_NULLIFICATION) {
-break;
-}
-/* FALL THROUGH */
-case PGM_OPERATION:
-case PGM_PRIVILEGED:
-case PGM_EXECUTE:
-case PGM_PROTECTION:
-case PGM_ADDRESSING:
-case PGM_SPECIFICATION:
-case PGM_DATA:
-case PGM_FIXPT_OVERFLOW:
-case PGM_FIXPT_DIVIDE:
-case PGM_DEC_OVERFLOW:
-case PGM_DEC_DIVIDE:
-case PGM_HFP_EXP_OVERFLOW:
-case PGM_HFP_EXP_UNDERFLOW:
-case PGM_HFP_SIGNIFICANCE:
-case PGM_HFP_DIVIDE:
-case PGM_TRANS_SPEC:
-case PGM_SPECIAL_OP:
-case PGM_OPERAND:
-case PGM_HFP_SQRT:
-case PGM_PC_TRANS_SPEC:
-case PGM_ALET_SPEC:
-case PGM_MONITOR:
-/* advance the PSW if our exception is not nullifying */
-env->psw.addr += ilen;
-break;
-}
+s390_cpu_program_interrupt_advance_psw(env);
 
 qemu_log_mask(CPU_LOG_INT,
   "%s: code=0x%x ilen=%d psw: %" PRIx64 " %" PRIx64 "\n",
diff --git a/target/s390x/internal.h b/target/s390x/internal.h
index 11515bb617..9f1665ccbf 100644
---

[RFC 0/1] acceptance tests: bump Avocado version to 88.1

CI pipeline: https://gitlab.com/willianrampazzo/qemu/-/pipelines/306904401

Besides some internal changes, new features, and bug fixes, on the QEMU side,
this version fixes the following message seen when running the acceptance
tests: "Error running method "pre_tests" of plugin "fetchasset": 'bytes'
object has no attribute 'encode'".

The release notes are available at
https://avocado-framework.readthedocs.io/en/latest/releases/88_0.html.

Signed-off-by: Willian Rampazzo 

Willian Rampazzo (1):
  acceptance tests: bump Avocado version to 88.1

 tests/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.31.1

[RFC 1/1] acceptance tests: bump Avocado version to 88.1

Besides some internal changes, new features, and bug fixes, on the QEMU side,
this version fixes the following message seen when running the acceptance
tests: "Error running method "pre_tests" of plugin "fetchasset": 'bytes'
object has no attribute 'encode'".

The release notes are available at
https://avocado-framework.readthedocs.io/en/latest/releases/88_0.html.

Signed-off-by: Willian Rampazzo 
---
 tests/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/requirements.txt b/tests/requirements.txt
index 91f3a343b9..a21b59b443 100644
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@@ -1,5 +1,5 @@
 # Add Python module requirements, one per line, to be installed
 # in the tests/venv Python virtual environment. For more info,
 # refer to: https://pip.pypa.io/en/stable/user_guide/#id1
-avocado-framework==85.0
+avocado-framework==88.1
 pycdlib==1.11.0
-- 
2.31.1

Re: [PATCH qemu v20] spapr: Implement Open Firmware client interface

2021-05-20 Thread BALATON Zoltan


On Thu, 20 May 2021, Alexey Kardashevskiy wrote:

The PAPR platform describes an OS environment that's presented by
a combination of a hypervisor and firmware. The features it specifies
require collaboration between the firmware and the hypervisor.

Since the beginning, the runtime component of the firmware (RTAS) has
been implemented as a 20 byte shim which simply forwards it to
a hypercall implemented in qemu. The boot time firmware component is
SLOF - but a build that's specific to qemu, and has always needed to be
updated in sync with it. Even though we've managed to limit the amount
of runtime communication we need between qemu and SLOF, there's some,
and it has become increasingly awkward to handle as we've implemented
new features.

This implements a boot time OF client interface (CI) which is
enabled by a new "x-vof" pseries machine option (stands for "Virtual Open
Firmware). When enabled, QEMU implements the custom H_OF_CLIENT hcall
which implements Open Firmware Client Interface (OF CI). This allows
using a smaller stateless firmware which does not have to manage
the device tree.

The new "vof.bin" firmware image is included with source code under
pc-bios/. It also includes RTAS blob.

This implements a handful of CI methods just to get -kernel/-initrd
working. In particular, this implements the device tree fetching and
simple memory allocator - "claim" (an OF CI memory allocator) and updates
"/memory@0/available" to report the client about available memory.

This implements changing some device tree properties which we know how
to deal with, the rest is ignored. To allow changes, this skips
fdt_pack() when x-vof=on as not packing the blob leaves some room for
appending.

In absence of SLOF, this assigns phandles to device tree nodes to make
device tree traversing work.

When x-vof=on, this adds "/chosen" every time QEMU (re)builds a tree.

This adds basic instances support which are managed by a hash map
ihandle -> [phandle].

Before the guest started, the used memory is:
0..e60 - the initial firmware
8000..1 - stack
40.. - kernel
3ea.. - initramdisk

This OF CI does not implement "interpret".

Unlike SLOF, this does not format uninitialized nvram. Instead, this
includes a disk image with pre-formatted nvram.

With this basic support, this can only boot into kernel directly.
However this is just enough for the petitboot kernel and initradmdisk to
boot from any possible source. Note this requires reasonably recent guest
kernel with:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df5be5be8735

The immediate benefit is much faster booting time which especially
crucial with fully emulated early CPU bring up environments. Also this
may come handy when/if GRUB-in-the-userspace sees light of the day.

This separates VOF and sPAPR in a hope that VOF bits may be reused by
other POWERPC boards which do not support pSeries.

This is coded in assumption that later on we might be adding support for
booting from QEMU backends (blockdev is the first candidate) without
devices/drivers in between as OF1275 does not require that and
it is quite easy to so.

Signed-off-by: Alexey Kardashevskiy 
---

The example command line is:

/home/aik/pbuild/qemu-killslof-localhost-ppc64/qemu-system-ppc64 \
-nodefaults \
-chardev stdio,id=STDIO0,signal=off,mux=on \
-device spapr-vty,id=svty0,reg=0x71000110,chardev=STDIO0 \
-mon id=MON0,chardev=STDIO0,mode=readline \
-nographic \
-vga none \
-enable-kvm \
-m 8G \
-machine 
pseries,x-vof=on,cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,cap-ccf-assist=off
 \
-kernel pbuild/kernel-le-guest/vmlinux \
-initrd pb/rootfs.cpio.xz \
-drive 
id=DRIVE0,if=none,file=./p/qemu-killslof/pc-bios/vof-nvram.bin,format=raw \
-global spapr-nvram.drive=DRIVE0 \
-snapshot \
-smp 8,threads=8 \
-L /home/aik/t/qemu-ppc64-bios/ \
-trace events=qemu_trace_events \
-d guest_errors \
-chardev socket,id=SOCKET0,server,nowait,path=qemu.mon.tmux26 \
-mon chardev=SOCKET0,mode=control

---
Changes:
v20:
* compile vof.bin with -mcpu=power4 for better compatibility
* s/std/stw/ in entry.S to make it work on ppc32
* fixed dt_available property to support both 32 and 64bit
* shuffled prom_args handling code
* do not enforce 32bit in MSR (again, to support 32bit platforms)



[...]


diff --git a/default-configs/devices/ppc64-softmmu.mak 
b/default-configs/devices/ppc64-softmmu.mak
index ae0841fa3a18..9fb201dfacfa 100644
--- a/default-configs/devices/ppc64-softmmu.mak
+++ b/default-configs/devices/ppc64-softmmu.mak
@@ -9,3 +9,4 @@ CONFIG_POWERNV=y
 # For pSeries
 CONFIG_PSERIES=y
 CONFIG_NVDIMM=y
+CONFIG_VOF=y
diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index e51e0e5e5ac6..964510dfc73d 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -143,3 +143,6 @@ config FW_CFG_PPC

 config FDT_PPC
 bool
+
+config VOF
+bool


I think you should just add "select VOF" to config PSERIES section in 
Kconfig instead of adding it to default-configs/devices/ppc64-softmmu.mak.

Re: [PATCH 2/6] qapi/parser: Allow empty QAPIDoc Sections


On 5/20/21 10:42 AM, Markus Armbruster wrote:

First step is to find out how _end_section() can be called twice in a
row.  It isn't in all of "make check".  Hmm.


Ah, maybe not twice in a *row*. It does seem to be called when we have 
an "empty section" sometimes, which arises from stuff like this:


Extension error:
/home/jsnow/src/qemu/docs/../qga/qapi-schema.json:1143:1: ending a 
totally empty section


## 

# @GuestExec: 

# @pid: pid of child process in guest OS 

# 

# Since: 2.5 

## 


{ 'struct': 'GuestExec',
  'data': { 'pid': 'int'} }

Without the newline there, it seems to get confused. There's a few like 
this that could be fixed, but then some of the test cases break too.


No appetite for barking up this tree right now.

Can I fix the commit message and leave the patch in place? Maybe with a 
#FIXME comment nearby?


--js

Re: [PULL v3 36/42] target/riscv: Remove the hardcoded MSTATUS_SD macro

On Thu, May 20, 2021 at 11:55 PM Peter Maydell  wrote:
>
> On Tue, 11 May 2021 at 11:22, Alistair Francis  
> wrote:
> >
> > Signed-off-by: Alistair Francis 
> > Reviewed-by: Richard Henderson 
> > Message-id: 
> > fcc125d96da941b56c817c9dd6068dc36478fc53.1619234854.git.alistair.fran...@wdc.com
> > ---
> >  target/riscv/cpu_bits.h  | 10 --
> >  target/riscv/csr.c   | 12 ++--
> >  target/riscv/translate.c | 19 +--
> >  3 files changed, 27 insertions(+), 14 deletions(-)
>
> > diff --git a/target/riscv/translate.c b/target/riscv/translate.c
> > index 26eccc5eb1..a596f80f20 100644
> > --- a/target/riscv/translate.c
> > +++ b/target/riscv/translate.c
> > @@ -78,6 +78,17 @@ static inline bool has_ext(DisasContext *ctx, uint32_t 
> > ext)
> >  return ctx->misa & ext;
> >  }
> >
> > +#ifdef TARGET_RISCV32
> > +# define is_32bit(ctx)  true
> > +#elif defined(CONFIG_USER_ONLY)
> > +# define is_32bit(ctx)  false
> > +#else
> > +static inline bool is_32bit(DisasContext *ctx)
> > +{
> > +return (ctx->misa & RV32) == RV32;
> > +}
> > +#endif
>
> Hi; Coverity points out (CID 1453107) that this is_32bit() function
> can never return true for at least some build configs, because RV32
> is defined as ((target_ulong)1 << (TARGET_LONG_BITS - 2))
> but ctx->misa is a uint32_t field, which (if TARGET_LONG_BITS is
> 64) is not big enough for the RV32 bit.

This seems like a false positive as RV32 is defined as:

((target_ulong)1 << (TARGET_LONG_BITS - 2))

while ctx->misa is a target_ulong.

So it should always be able to return true.

Alistair

>
> Bug, or false positive ?
>
> thanks
> -- PMM

[PATCH v1 1/1] target/riscv/pmp: Add assert for ePMP operations

Although we construct epmp_operation in such a way that it can only be
between 0 and 15 Coverity complains that we don't handle the other
possible cases. To fix Coverity and make it easier for humans to read
add a default case to the switch statement that calls
g_assert_not_reached().

Fixes: CID 1453108
Signed-off-by: Alistair Francis 
---
 target/riscv/pmp.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 78203291de..82ed020b10 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -402,6 +402,8 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong 
addr,
 case 15:
 *allowed_privs = PMP_READ;
 break;
+default:
+g_assert_not_reached();
 }
 } else {
 switch (epmp_operation) {
@@ -433,6 +435,8 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong 
addr,
 case 7:
 *allowed_privs = PMP_READ | PMP_WRITE | PMP_EXEC;
 break;
+default:
+g_assert_not_reached();
 }
 }
 }
-- 
2.31.1

Re: [PATCH v3 3/6] gitlab-ci: Run GNU make via the $MAKE variable


On 19/05/2021 20.45, Philippe Mathieu-Daudé wrote:

Add the $MAKE variable to call GNU make, and set it to 'gmake'
on FreeBSD to avoid:

   $ make -j"$JOBS"
   make: Unknown modifier ','
   make: "/builds/dTyar424/0/qemu/build/Makefile" line 3: Need an operator
   make: "/builds/dTyar424/0/qemu/build/Makefile" line 4: Missing dependency 
operator

Signed-off-by: Philippe Mathieu-Daudé 
---
  .gitlab-ci.d/buildtest-template.yml | 9 ++---
  1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.d/buildtest-template.yml 
b/.gitlab-ci.d/buildtest-template.yml
index fe4f18595ac..f284d7a0eec 100644
--- a/.gitlab-ci.d/buildtest-template.yml
+++ b/.gitlab-ci.d/buildtest-template.yml
@@ -5,9 +5,11 @@
  ;
then
  JOBS=$(sysctl -n hw.ncpu)
+MAKE=gmake
  ;
else
  JOBS=$(expr $(nproc) + 1)
+MAKE=make


Maybe we could use "gmake" on Linux, too, so we do not have to use the 
indirection with a variable here? Or are there Linux distros where the 
"gmake" link is not available?


 Thomas

[PATCH RESEND 2/4] migration/rdma: Fix rdma_addrinfo res leaks

rdma_freeaddrinfo() is the reverse operation of rdma_getaddrinfo()

Signed-off-by: Li Zhijian 
---
 migration/rdma.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/migration/rdma.c b/migration/rdma.c
index 7e7595faab..651534e825 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -987,10 +987,12 @@ static int qemu_rdma_resolve_host(RDMAContext *rdma, 
Error **errp)
 }
 }
 
+rdma_freeaddrinfo(res);
 ERROR(errp, "could not resolve address %s", rdma->host);
 goto err_resolve_get_addr;
 
 route:
+rdma_freeaddrinfo(res);
 qemu_rdma_dump_gid("source_resolve_addr", rdma->cm_id);
 
 ret = rdma_get_cm_event(rdma->channel, _event);
@@ -2593,6 +2595,7 @@ static int qemu_rdma_dest_init(RDMAContext *rdma, Error 
**errp)
 break;
 }
 
+rdma_freeaddrinfo(res);
 if (!e) {
 ERROR(errp, "Error: could not rdma_bind_addr!");
 goto err_dest_init_bind_addr;
-- 
2.30.2

Re: [PATCH v3 4/6] gitlab-ci: Add ccache in $PATH and display statistics


On 19/05/2021 20.45, Philippe Mathieu-Daudé wrote:

If a runner has ccache installed, use it and display statistics
at the end of the build.

Signed-off-by: Philippe Mathieu-Daudé 
---
  .gitlab-ci.d/buildtest-template.yml | 5 +
  1 file changed, 5 insertions(+)

diff --git a/.gitlab-ci.d/buildtest-template.yml 
b/.gitlab-ci.d/buildtest-template.yml
index f284d7a0eec..a625c697d3b 100644
--- a/.gitlab-ci.d/buildtest-template.yml
+++ b/.gitlab-ci.d/buildtest-template.yml
@@ -6,13 +6,18 @@
then
  JOBS=$(sysctl -n hw.ncpu)
  MAKE=gmake
+PATH=/usr/local/libexec/ccache:$PATH
  ;
else
  JOBS=$(expr $(nproc) + 1)
  MAKE=make
+PATH=/usr/lib/ccache:/usr/lib64/ccache:$PATH


That does not make sense for the shared runners yet. We first need something 
to enable the caching there - see my series "Use ccache in the gitlab-CI" 
from April (which is currently stalled unfortunately).


 Thomas

[PATCH RESEND 3/4] migration/rdma: destination: create the return patch after the first accept

destination side:
$ build/qemu-system-x86_64 -enable-kvm -netdev 
tap,id=hn0,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown -device 
e1000,netdev=hn0,mac=50:52:54:00:11:22 -boot c -drive 
if=none,file=./Fedora-rdma-server-migration.qcow2,id=drive-virtio-disk0 -device 
virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0 -m 
2048 -smp 2 -device piix3-usb-uhci -device usb-tablet -monitor stdio -vga qxl 
-spice streaming-video=filter,port=5902,disable-ticketing -incoming 
rdma:192.168.1.10:
(qemu) migrate_set_capability postcopy-ram on
(qemu)
dest_init RDMA Device opened: kernel name rocep1s0f0 uverbs device name 
uverbs0, infiniband_verbs class device path 
/sys/class/infiniband_verbs/uverbs0, infiniband class device path 
/sys/class/infiniband/rocep1s0f0, transport: (2) Ethernet
Segmentation fault (core dumped)

 (gdb) bt
 #0  qemu_rdma_accept (rdma=0x0) at ../migration/rdma.c:3272
 #1  rdma_accept_incoming_migration (opaque=0x0) at ../migration/rdma.c:3986
 #2  0x563c9e51f02a in aio_dispatch_handler
 (ctx=ctx@entry=0x563ca0606010, node=0x563ca12b2150) at 
../util/aio-posix.c:329
 #3  0x563c9e51f752 in aio_dispatch_handlers (ctx=0x563ca0606010) at  
../util/aio-posix.c:372
 #4  aio_dispatch (ctx=0x563ca0606010) at ../util/aio-posix.c:382
 #5  0x563c9e4f4d9e in aio_ctx_dispatch (source=,  
callback=, user_data=)at ../util/async.c:306
 #6  0x7fe96ef3fa9f in g_main_context_dispatch () at  
/lib64/libglib-2.0.so.0
 #7  0x563c9e4ffeb8 in glib_pollfds_poll () at ../util/main-loop.c:231
 #8  os_host_main_loop_wait (timeout=12188789) at ../util/main-loop.c:254
 #9  main_loop_wait (nonblocking=nonblocking@entry=0) at 
../util/main-loop.c:530
 #10 0x563c9e3c7211 in qemu_main_loop () at ../softmmu/runstate.c:725
 #11 0x563c9dfd46fe in main (argc=, argv=, envp=) at ../softmmu/main.c:50

The rdma return path will not be created when qemu incoming is starting
since migrate_copy() is false at that moment, then a  NULL return path
rdma was referenced if the user enabled postcopy later.

Signed-off-by: Li Zhijian 
---
 migration/rdma.c | 29 ++---
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/migration/rdma.c b/migration/rdma.c
index 651534e825..3b228c46eb 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -316,6 +316,7 @@ typedef struct RDMALocalBlocks {
 typedef struct RDMAContext {
 char *host;
 int port;
+const char *host_port;
 
 RDMAWorkRequestData wr_data[RDMA_WRID_MAX];
 
@@ -2648,6 +2649,7 @@ static void *qemu_rdma_data_init(const char *host_port, 
Error **errp)
 if (!inet_parse(addr, host_port, NULL)) {
 rdma->port = atoi(addr->port);
 rdma->host = g_strdup(addr->host);
+rdma->host_port = host_port;
 } else {
 ERROR(errp, "bad RDMA migration address '%s'", host_port);
 g_free(rdma);
@@ -3276,6 +3278,7 @@ static int qemu_rdma_accept(RDMAContext *rdma)
 .private_data = ,
 .private_data_len = sizeof(cap),
  };
+RDMAContext *rdma_return_path = NULL;
 struct rdma_cm_event *cm_event;
 struct ibv_context *verbs;
 int ret = -EINVAL;
@@ -3291,6 +3294,20 @@ static int qemu_rdma_accept(RDMAContext *rdma)
 goto err_rdma_dest_wait;
 }
 
+/*
+ * initialize the RDMAContext for return path for postcopy after first
+ * connection is accepted.
+ */
+if (migrate_postcopy() && !rdma->is_return_path) {
+rdma_return_path = qemu_rdma_data_init(rdma->host_port, NULL);
+if (rdma_return_path == NULL) {
+rdma_ack_cm_event(cm_event);
+goto err_rdma_dest_wait;
+}
+
+qemu_rdma_return_path_dest_init(rdma_return_path, rdma);
+}
+
 memcpy(, cm_event->param.conn.private_data, sizeof(cap));
 
 network_to_caps();
@@ -3406,6 +3423,7 @@ static int qemu_rdma_accept(RDMAContext *rdma)
 err_rdma_dest_wait:
 rdma->error_state = ret;
 qemu_rdma_cleanup(rdma);
+g_free(rdma_return_path);
 return ret;
 }
 
@@ -4048,17 +4066,6 @@ void rdma_start_incoming_migration(const char 
*host_port, Error **errp)
 
 trace_rdma_start_incoming_migration_after_rdma_listen();
 
-/* initialize the RDMAContext for return path */
-if (migrate_postcopy()) {
-rdma_return_path = qemu_rdma_data_init(host_port, _err);
-
-if (rdma_return_path == NULL) {
-goto cleanup_rdma;
-}
-
-qemu_rdma_return_path_dest_init(rdma_return_path, rdma);
-}
-
 qemu_set_fd_handler(rdma->channel->fd, rdma_accept_incoming_migration,
 NULL, (void *)(intptr_t)rdma);
 return;
-- 
2.30.2

[PATCH RESEND 4/4] migration/rdma: source: get accept cm_event from return path in non-block mode

source side always blocks if postcopy is only enabled at source side.
users are not able to cancel this migration in this case.

Here we try to get the cm_event every 100ms tile timeout.

Signed-off-by: Li Zhijian 
---
 migration/rdma.c | 59 
 1 file changed, 55 insertions(+), 4 deletions(-)

diff --git a/migration/rdma.c b/migration/rdma.c
index 3b228c46eb..181ad03849 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -2458,7 +2458,54 @@ err_rdma_source_init:
 return -1;
 }
 
-static int qemu_rdma_connect(RDMAContext *rdma, Error **errp)
+#define RDMA_GET_EVENT_INTERVAL 10 /* 100ms */
+static int qemu_get_cm_event_timeout(RDMAContext *rdma,
+ struct rdma_cm_event **cm_event,
+ long sec, Error **errp)
+{
+long wait_ns = 0;
+int ret;
+int flags = fcntl(rdma->channel->fd, F_GETFL), save_flags;
+
+if (flags == -1) {
+perror("failed to get file flags");
+return flags;
+}
+save_flags = flags;
+flags |= O_NONBLOCK;
+ret = fcntl(rdma->channel->fd, F_SETFL, flags);
+if (ret) {
+perror("failed to set file flags nonblocking");
+return ret;
+}
+
+retry:
+ret = rdma_get_cm_event(rdma->channel, cm_event);
+if (ret && errno == EAGAIN) {
+if (wait_ns < sec * 100) {
+perror("rdma_get_cm_event after rdma_connect");
+wait_ns += RDMA_GET_EVENT_INTERVAL;
+usleep(RDMA_GET_EVENT_INTERVAL);
+goto retry;
+}
+}
+if (ret) {
+perror("rdma_get_cm_event after rdma_connect");
+ERROR(errp, "connecting to destination!");
+return ret;
+}
+
+/* restore flags */
+ret = fcntl(rdma->channel->fd, F_SETFL, save_flags);
+if (ret) {
+rdma_ack_cm_event(*cm_event);
+perror("failed to restore file flags");
+}
+
+return ret;
+}
+
+static int qemu_rdma_connect(RDMAContext *rdma, Error **errp, bool return_path)
 {
 RDMACapabilities cap = {
 .version = RDMA_CONTROL_VERSION_CURRENT,
@@ -2496,7 +2543,11 @@ static int qemu_rdma_connect(RDMAContext *rdma, Error 
**errp)
 goto err_rdma_source_connect;
 }
 
-ret = rdma_get_cm_event(rdma->channel, _event);
+if (return_path) {
+ret = qemu_get_cm_event_timeout(rdma, _event, 2, errp);
+} else {
+ret = rdma_get_cm_event(rdma->channel, _event);
+}
 if (ret) {
 perror("rdma_get_cm_event after rdma_connect");
 ERROR(errp, "connecting to destination!");
@@ -4108,7 +4159,7 @@ void rdma_start_outgoing_migration(void *opaque,
 }
 
 trace_rdma_start_outgoing_migration_after_rdma_source_init();
-ret = qemu_rdma_connect(rdma, errp);
+ret = qemu_rdma_connect(rdma, errp, false);
 
 if (ret) {
 goto err;
@@ -4129,7 +4180,7 @@ void rdma_start_outgoing_migration(void *opaque,
 goto return_path_err;
 }
 
-ret = qemu_rdma_connect(rdma_return_path, errp);
+ret = qemu_rdma_connect(rdma_return_path, errp, true);
 
 if (ret) {
 goto return_path_err;
-- 
2.30.2

The latest Qemu release can't bootup VM with latest guest kernel.

2021-05-20 Thread Yang Zhong

Hello all,

I found the latest Qemu release can't bootup the VM with latest guest 
kernel(>5.13).

The normal v6.0.0 release is good to bootup the latest guest kernel.

There are two issues were found
1. Guest kernel panic.
2. kvm disabled by bios

The panic log as below:
[2.250024] BUG: unable to handle page fault for address: ac06c55f
[2.252226] #PF: supervisor write access in kernel mode
[2.253892] #PF: error_code(0x0003) - permissions violation
[2.255671] PGD 5940e067 P4D 5940f067 PUD 59410063 PMD 580001e1
[2.257567] Oops: 0003 [#1] SMP NOPTI
[2.258738] CPU: 2 PID: 313 Comm: systemd-udevd Not tainted 5.13.0-rc1+ #1
[2.260899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 
02/06/2015
[2.263375] RIP: 0010:__send_ipi_mask+0x1bf/0x240
[2.264855] Code: c0 48 c7 44 24 18 00 00 00 00 e9 48 ff ff ff 48 89 d0 4c 
09 c8 74 1b 49 63 d7 48 63 74 24 0c b8 0a 00 00 00 4c 89 cb 4c 89 d1 <0f> 01 d9 
48 85 c0 78 4a 48 f7 04 24 00 02 00 00 0f 84 80 fe ff ff
[2.270643] RSP: 0018:ff591a62c0193ab0 EFLAGS: 00010006
[2.272277] RAX: 000a RBX: 0009 RCX: 
[2.274482] RDX:  RSI: 00fc RDI: ff13a83dc003c830
[2.276663] RBP: ff591a62c0193b08 R08: 0004 R09: 0009
[2.278866] R10:  R11:  R12: 
[2.281065] R13: ff13a83dc003c830 R14: 00011580 R15: 
[2.283272] FS:  7f23ebd07940() GS:ff13a83e3bd0() 
knlGS:
[2.285794] CS:  0010 DS:  ES:  CR0: 80050033
[2.287574] CR2: ac06c55f CR3: 000106ce2003 CR4: 00771ee0
[2.289757] DR0:  DR1:  DR2: 
[2.291972] DR3:  DR6: fffe0ff0 DR7: 0400
[2.294177] PKRU: 5554
[2.295043] Call Trace:
[2.295820]  kvm_smp_send_call_func_ipi+0xe/0x60
[2.297220]  smp_call_function_many_cond+0x25d/0x2a0
[2.298772]  ? flush_tlb_one_kernel+0x20/0x20
[2.300145]  on_each_cpu_cond_mask+0x1e/0x20
[2.301514]  flush_tlb_kernel_range+0x8d/0x90
[2.302799]  __purge_vmap_area_lazy+0xc1/0x6a0
[2.304097]  ? cpumask_next+0x1f/0x20
[2.305160]  ? purge_fragmented_blocks_allcpus+0x3d/0x210
[2.306686]  _vm_unmap_aliases+0xf1/0x120
[2.307861]  change_page_attr_set_clr+0x95/0x280
[2.309203]  set_memory_ro+0x26/0x30
[2.310259]  ? 0xc00f7000
[2.311214]  module_enable_ro.part.58+0x62/0xc0
[2.312417]  do_init_module+0x17a/0x230
[2.313460]  load_module+0x1a30/0x1b00
[2.314463]  ? __do_sys_finit_module+0xad/0x110
[2.315702]  __do_sys_finit_module+0xad/0x110
[2.316890]  do_syscall_64+0x39/0x80
[2.317868]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[2.319226] RIP: 0033:0x7f23ea8f32bd


I also used the bisect to get the bad commit id: 
f5cc5a5c168674f84bf061cdb307c2d25fba5448

This issue is known issue? or some fixs are ready to fix those issues? thanks!

Regards,

Yang

[PULL 14/26] KVM: Provide helper to sync dirty bitmap from slot to ramblock

From: Peter Xu 

kvm_physical_sync_dirty_bitmap() calculates the ramblock offset in an
awkward way from the MemoryRegionSection that passed in from the
caller.  The truth is for each KVMSlot the ramblock offset never
change for the lifecycle.  Cache the ramblock offset for each KVMSlot
into the structure when the KVMSlot is created.

With that, we can further simplify kvm_physical_sync_dirty_bitmap()
with a helper to sync KVMSlot dirty bitmap to the ramblock dirty
bitmap of a specific KVMSlot.

Reviewed-by: Dr. David Alan Gilbert 
Signed-off-by: Peter Xu 
Message-Id: <20210506160549.130416-6-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c  | 37 +
 include/sysemu/kvm_int.h |  2 ++
 2 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index caaa2a5c98..7031dd4250 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -573,15 +573,12 @@ static void kvm_log_stop(MemoryListener *listener,
 }
 
 /* get kvm's dirty pages bitmap and update qemu's */
-static int kvm_get_dirty_pages_log_range(MemoryRegionSection *section,
- unsigned long *bitmap)
+static void kvm_slot_sync_dirty_pages(KVMSlot *slot)
 {
-ram_addr_t start = section->offset_within_region +
-   memory_region_get_ram_addr(section->mr);
-ram_addr_t pages = int128_get64(section->size) / qemu_real_host_page_size;
+ram_addr_t start = slot->ram_start_offset;
+ram_addr_t pages = slot->memory_size / qemu_real_host_page_size;
 
-cpu_physical_memory_set_dirty_lebitmap(bitmap, start, pages);
-return 0;
+cpu_physical_memory_set_dirty_lebitmap(slot->dirty_bmap, start, pages);
 }
 
 #define ALIGN(x, y)  (((x)+(y)-1) & ~((y)-1))
@@ -656,26 +653,19 @@ static void 
kvm_physical_sync_dirty_bitmap(KVMMemoryListener *kml,
 KVMState *s = kvm_state;
 KVMSlot *mem;
 hwaddr start_addr, size;
-hwaddr slot_size, slot_offset = 0;
+hwaddr slot_size;
 
 size = kvm_align_section(section, _addr);
 while (size) {
-MemoryRegionSection subsection = *section;
-
 slot_size = MIN(kvm_max_slot_size, size);
 mem = kvm_lookup_matching_slot(kml, start_addr, slot_size);
 if (!mem) {
 /* We don't have a slot if we want to trap every access. */
 return;
 }
-
 if (kvm_slot_get_dirty_log(s, mem)) {
-subsection.offset_within_region += slot_offset;
-subsection.size = int128_make64(slot_size);
-kvm_get_dirty_pages_log_range(, d.dirty_bitmap);
+kvm_slot_sync_dirty_pages(mem);
 }
-
-slot_offset += slot_size;
 start_addr += slot_size;
 size -= slot_size;
 }
@@ -1134,7 +1124,8 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
 int err;
 MemoryRegion *mr = section->mr;
 bool writeable = !mr->readonly && !mr->rom_device;
-hwaddr start_addr, size, slot_size;
+hwaddr start_addr, size, slot_size, mr_offset;
+ram_addr_t ram_start_offset;
 void *ram;
 
 if (!memory_region_is_ram(mr)) {
@@ -1152,9 +1143,13 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
 return;
 }
 
-/* use aligned delta to align the ram address */
-ram = memory_region_get_ram_ptr(mr) + section->offset_within_region +
-  (start_addr - section->offset_within_address_space);
+/* The offset of the kvmslot within the memory region */
+mr_offset = section->offset_within_region + start_addr -
+section->offset_within_address_space;
+
+/* use aligned delta to align the ram address and offset */
+ram = memory_region_get_ram_ptr(mr) + mr_offset;
+ram_start_offset = memory_region_get_ram_addr(mr) + mr_offset;
 
 kvm_slots_lock();
 
@@ -1193,6 +1188,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
 mem->as_id = kml->as_id;
 mem->memory_size = slot_size;
 mem->start_addr = start_addr;
+mem->ram_start_offset = ram_start_offset;
 mem->ram = ram;
 mem->flags = kvm_mem_flags(mr);
 kvm_slot_init_dirty_bitmap(mem);
@@ -1203,6 +1199,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
 abort();
 }
 start_addr += slot_size;
+ram_start_offset += slot_size;
 ram += slot_size;
 size -= slot_size;
 } while (size);
diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h
index e13075f738..ab09a150e1 100644
--- a/include/sysemu/kvm_int.h
+++ b/include/sysemu/kvm_int.h
@@ -25,6 +25,8 @@ typedef struct KVMSlot
 unsigned long *dirty_bmap;
 /* Cache of the address space ID */
 int as_id;
+/* Cache of the offset in ram address space */
+ram_addr_t ram_start_offset;
 } KVMSlot;
 
 typedef struct KVMMemoryListener {
-- 
2.31.1

[PULL 02/26] configure: check for submodules if --with-git-submodules=ignore

Right now --with-git-submodules=ignore has a subtle difference from
just running without a .git directory, in that it does not check
that submodule sources actually exist.  Move the check for
ui/keycodemapdb/README so that it happens even if the user
specified --with-git-submodules=ignore, with a customized
error message that is more suitable for this situation.

Signed-off-by: Paolo Bonzini 
---
 configure | 40 ++--
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/configure b/configure
index 1bb29fcda1..4681cbe2d7 100755
--- a/configure
+++ b/configure
@@ -260,24 +260,6 @@ then
 else
 git_submodules_action="ignore"
 git_submodules=""
-
-if ! test -f "$source_path/ui/keycodemapdb/README"
-then
-echo
-echo "ERROR: missing file $source_path/ui/keycodemapdb/README"
-echo
-echo "This is not a GIT checkout but module content appears to"
-echo "be missing. Do not use 'git archive' or GitHub download links"
-echo "to acquire QEMU source archives. Non-GIT builds are only"
-echo "supported with source archives linked from:"
-echo
-echo "  https://www.qemu.org/download/#source;
-echo
-echo "Developers working with GIT can use scripts/archive-source.sh"
-echo "if they need to create valid source archives."
-echo
-exit 1
-fi
 fi
 git="git"
 
@@ -1582,6 +1564,28 @@ case $git_submodules_action in
 fi
 ;;
 ignore)
+if ! test -f "$source_path/ui/keycodemapdb/README"
+then
+echo
+echo "ERROR: missing GIT submodules"
+echo
+if test -e "$source_path/.git"; then
+echo "--with-git-submodules=ignore specified but submodules 
were not"
+echo "checked out.  Please initialize and update submodules."
+else
+echo "This is not a GIT checkout but module content appears to"
+echo "be missing. Do not use 'git archive' or GitHub download 
links"
+echo "to acquire QEMU source archives. Non-GIT builds are only"
+echo "supported with source archives linked from:"
+echo
+echo "  https://www.qemu.org/download/#source;
+echo
+echo "Developers working with GIT can use 
scripts/archive-source.sh"
+echo "if they need to create valid source archives."
+fi
+echo
+exit 1
+fi
 ;;
 *)
 echo "ERROR: invalid --with-git-submodules= value 
'$git_submodules_action'"
-- 
2.31.1

[PULL 05/26] i386/cpu: Expose AVX_VNNI instruction to guest

From: Yang Zhong 

Expose AVX (VEX-encoded) versions of the Vector Neural Network
Instructions to guest.

The bit definition:
CPUID.(EAX=7,ECX=1):EAX[bit 4] AVX_VNNI

The following instructions are available when this feature is
present in the guest.
  1. VPDPBUS: Multiply and Add Unsigned and Signed Bytes
  2. VPDPBUSDS: Multiply and Add Unsigned and Signed Bytes with Saturation
  3. VPDPWSSD: Multiply and Add Signed Word Integers
  4. VPDPWSSDS: Multiply and Add Signed Integers with Saturation

As for the kvm related code, please reference Linux commit id 1085a6b585d7.

The release document ref below link:
https://software.intel.com/content/www/us/en/develop/download/\
intel-architecture-instruction-set-extensions-programming-reference.html

Signed-off-by: Yang Zhong 
Message-Id: <20210407015609.22936-1-yang.zh...@intel.com>
Signed-off-by: Paolo Bonzini 
---
 target/i386/cpu.c | 4 ++--
 target/i386/cpu.h | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index c496bfa1c2..9e211ac2ce 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -940,7 +940,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
 .type = CPUID_FEATURE_WORD,
 .feat_names = {
 NULL, NULL, NULL, NULL,
-NULL, "avx512-bf16", NULL, NULL,
+"avx-vnni", "avx512-bf16", NULL, NULL,
 NULL, NULL, NULL, NULL,
 NULL, NULL, NULL, NULL,
 NULL, NULL, NULL, NULL,
@@ -3194,7 +3194,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
 MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO |
 MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO,
 .features[FEAT_7_1_EAX] =
-CPUID_7_1_EAX_AVX512_BF16,
+CPUID_7_1_EAX_AVX_VNNI | CPUID_7_1_EAX_AVX512_BF16,
 /*
  * Missing: XSAVES (not supported by some Linux versions,
  * including v4.1 to v4.12).
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 324ef92beb..d4e80e1344 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -817,6 +817,8 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
 /* Speculative Store Bypass Disable */
 #define CPUID_7_0_EDX_SPEC_CTRL_SSBD(1U << 31)
 
+/* AVX VNNI Instruction */
+#define CPUID_7_1_EAX_AVX_VNNI  (1U << 4)
 /* AVX512 BFloat16 Instruction */
 #define CPUID_7_1_EAX_AVX512_BF16   (1U << 5)
 
-- 
2.31.1

[PULL 12/26] KVM: Create the KVMSlot dirty bitmap on flag changes

From: Peter Xu 

Previously we have two places that will create the per KVMSlot dirty
bitmap:

  1. When a newly created KVMSlot has dirty logging enabled,
  2. When the first log_sync() happens for a memory slot.

The 2nd case is lazy-init, while the 1st case is not (which is a fix
of what the 2nd case missed).

To do explicit initialization of dirty bitmaps, what we're missing is
to create the dirty bitmap when the slot changed from not-dirty-track
to dirty-track.  Do that in kvm_slot_update_flags().

With that, we can safely remove the 2nd lazy-init.

This change will be needed for kvm dirty ring because kvm dirty ring
does not use the log_sync() interface at all.

Also move all the pre-checks into kvm_slot_init_dirty_bitmap().

Reviewed-by: Dr. David Alan Gilbert 
Signed-off-by: Peter Xu 
Message-Id: <20210506160549.130416-4-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c | 23 +--
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index f8980e155b..5bc40fd71b 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -177,6 +177,8 @@ static QemuMutex kml_slots_lock;
 #define kvm_slots_lock()qemu_mutex_lock(_slots_lock)
 #define kvm_slots_unlock()  qemu_mutex_unlock(_slots_lock)
 
+static void kvm_slot_init_dirty_bitmap(KVMSlot *mem);
+
 static inline void kvm_resample_fd_remove(int gsi)
 {
 KVMResampleFd *rfd;
@@ -500,6 +502,7 @@ static int kvm_slot_update_flags(KVMMemoryListener *kml, 
KVMSlot *mem,
 return 0;
 }
 
+kvm_slot_init_dirty_bitmap(mem);
 return kvm_set_user_memory_region(kml, mem, false);
 }
 
@@ -584,8 +587,12 @@ static int 
kvm_get_dirty_pages_log_range(MemoryRegionSection *section,
 #define ALIGN(x, y)  (((x)+(y)-1) & ~((y)-1))
 
 /* Allocate the dirty bitmap for a slot  */
-static void kvm_memslot_init_dirty_bitmap(KVMSlot *mem)
+static void kvm_slot_init_dirty_bitmap(KVMSlot *mem)
 {
+if (!(mem->flags & KVM_MEM_LOG_DIRTY_PAGES) || mem->dirty_bmap) {
+return;
+}
+
 /*
  * XXX bad kernel interface alert
  * For dirty bitmap, kernel allocates array of size aligned to
@@ -640,11 +647,6 @@ static int 
kvm_physical_sync_dirty_bitmap(KVMMemoryListener *kml,
 goto out;
 }
 
-if (!mem->dirty_bmap) {
-/* Allocate on the first log_sync, once and for all */
-kvm_memslot_init_dirty_bitmap(mem);
-}
-
 d.dirty_bitmap = mem->dirty_bmap;
 d.slot = mem->slot | (kml->as_id << 16);
 ret = kvm_vm_ioctl(s, KVM_GET_DIRTY_LOG, );
@@ -1181,14 +1183,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
 mem->start_addr = start_addr;
 mem->ram = ram;
 mem->flags = kvm_mem_flags(mr);
-
-if (mem->flags & KVM_MEM_LOG_DIRTY_PAGES) {
-/*
- * Reallocate the bmap; it means it doesn't disappear in
- * middle of a migrate.
- */
-kvm_memslot_init_dirty_bitmap(mem);
-}
+kvm_slot_init_dirty_bitmap(mem);
 err = kvm_set_user_memory_region(kml, mem, true);
 if (err) {
 fprintf(stderr, "%s: error registering slot: %s\n", __func__,
-- 
2.31.1

[PULL 18/26] KVM: Disable manual dirty log when dirty ring enabled

From: Peter Xu 

KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2 is for KVM_CLEAR_DIRTY_LOG, which is only
useful for KVM_GET_DIRTY_LOG.  Skip enabling it for kvm dirty ring.

More importantly, KVM_DIRTY_LOG_INITIALLY_SET will not wr-protect all the pages
initially, which is against how kvm dirty ring is used - there's no way for kvm
dirty ring to re-protect a page before it's notified as being written first
with a GFN entry in the ring!  So when KVM_DIRTY_LOG_INITIALLY_SET is enabled
with dirty ring, we'll see silent data loss after migration.

Signed-off-by: Peter Xu 
Message-Id: <20210506160549.130416-10-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c | 37 +++--
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 5afe15ae66..e1a6c7c89b 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2131,20 +2131,29 @@ static int kvm_init(MachineState *ms)
 s->coalesced_pio = s->coalesced_mmio &&
kvm_check_extension(s, KVM_CAP_COALESCED_PIO);
 
-dirty_log_manual_caps =
-kvm_check_extension(s, KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2);
-dirty_log_manual_caps &= (KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE |
-  KVM_DIRTY_LOG_INITIALLY_SET);
-s->manual_dirty_log_protect = dirty_log_manual_caps;
-if (dirty_log_manual_caps) {
-ret = kvm_vm_enable_cap(s, KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2, 0,
-   dirty_log_manual_caps);
-if (ret) {
-warn_report("Trying to enable capability %"PRIu64" of "
-"KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2 but failed. "
-"Falling back to the legacy mode. ",
-dirty_log_manual_caps);
-s->manual_dirty_log_protect = 0;
+/*
+ * KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2 is not needed when dirty ring is
+ * enabled.  More importantly, KVM_DIRTY_LOG_INITIALLY_SET will assume no
+ * page is wr-protected initially, which is against how kvm dirty ring is
+ * usage - kvm dirty ring requires all pages are wr-protected at the very
+ * beginning.  Enabling this feature for dirty ring causes data corruption.
+ */
+if (!s->kvm_dirty_ring_size) {
+dirty_log_manual_caps =
+kvm_check_extension(s, KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2);
+dirty_log_manual_caps &= (KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE |
+  KVM_DIRTY_LOG_INITIALLY_SET);
+s->manual_dirty_log_protect = dirty_log_manual_caps;
+if (dirty_log_manual_caps) {
+ret = kvm_vm_enable_cap(s, KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2, 0,
+dirty_log_manual_caps);
+if (ret) {
+warn_report("Trying to enable capability %"PRIu64" of "
+"KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2 but failed. "
+"Falling back to the legacy mode. ",
+dirty_log_manual_caps);
+s->manual_dirty_log_protect = 0;
+}
 }
 }
 
-- 
2.31.1

[PULL 03/26] configure: simplify assignment to GIT_SUBMODULES

Do not guard each assignment with a check for --with-git-submodules=ignore.
To avoid a confusing "GIT" line from the Makefile, guard the 
git-submodule-update
recipe so that it is empty when --with-git-submodules=ignore.

Signed-off-by: Paolo Bonzini 
---
 Makefile  |  2 ++
 configure | 20 ++--
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/Makefile b/Makefile
index 4cab10a2a4..30f19d33bb 100644
--- a/Makefile
+++ b/Makefile
@@ -48,9 +48,11 @@ Makefile: .git-submodule-status
 
 .PHONY: git-submodule-update
 git-submodule-update:
+ifneq ($(GIT_SUBMODULES_ACTION),ignore)
$(call quiet-command, \
(GIT="$(GIT)" "$(SRC_PATH)/scripts/git-submodule.sh" 
$(GIT_SUBMODULES_ACTION) $(GIT_SUBMODULES)), \
"GIT","$(GIT_SUBMODULES)")
+endif
 
 # 0. ensure the build tree is okay
 
diff --git a/configure b/configure
index 4681cbe2d7..55049fe930 100755
--- a/configure
+++ b/configure
@@ -256,11 +256,11 @@ gdb_bin=$(command -v "gdb-multiarch" || command -v "gdb")
 if test -e "$source_path/.git"
 then
 git_submodules_action="update"
-git_submodules="ui/keycodemapdb"
 else
 git_submodules_action="ignore"
-git_submodules=""
 fi
+
+git_submodules="ui/keycodemapdb"
 git="git"
 
 # Don't accept a target_list environment variable.
@@ -3617,9 +3617,7 @@ fi
 case "$fdt" in
   auto | enabled | internal)
 # Simpler to always update submodule, even if not needed.
-if test "$git_submodules_action" != "ignore"; then
-  git_submodules="${git_submodules} dtc"
-fi
+git_submodules="${git_submodules} dtc"
 ;;
 esac
 
@@ -4328,9 +4326,7 @@ fi
 case "$capstone" in
   auto | enabled | internal)
 # Simpler to always update submodule, even if not needed.
-if test "$git_submodules_action" != "ignore"; then
-  git_submodules="${git_submodules} capstone"
-fi
+git_submodules="${git_submodules} capstone"
 ;;
 esac
 
@@ -5260,9 +5256,7 @@ fi
 case "$slirp" in
   auto | enabled | internal)
 # Simpler to always update submodule, even if not needed.
-if test "$git_submodules_action" != "ignore"; then
-  git_submodules="${git_submodules} slirp"
-fi
+git_submodules="${git_submodules} slirp"
 ;;
 esac
 
@@ -5454,9 +5448,7 @@ if test "$cpu" = "s390x" ; then
 roms="$roms s390-ccw"
 # SLOF is required for building the s390-ccw firmware on s390x,
 # since it is using the libnet code from SLOF for network booting.
-if test "$git_submodules_action" != "ignore"; then
-  git_submodules="${git_submodules} roms/SLOF"
-fi
+git_submodules="${git_submodules} roms/SLOF"
   fi
 fi
 
-- 
2.31.1

[PULL 21/26] meson: Set implicit_include_directories to false

From: Katsuhiro Ueno 

Without this, libvixl cannot be compiled with macOS 11.3 SDK due to
include file name conflict (usr/include/c++/v1/version conflicts with
VERSION).

Signed-off-by: Katsuhiro Ueno 
Message-Id: 
Tested-by: Alexander Graf 
Signed-off-by: Paolo Bonzini 
---
 meson.build | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meson.build b/meson.build
index 1559e8d873..82977bf11f 100644
--- a/meson.build
+++ b/meson.build
@@ -2141,6 +2141,7 @@ common_all = common_ss.apply(config_all, strict: false)
 common_all = static_library('common',
 build_by_default: false,
 sources: common_all.sources() + genh,
+implicit_include_directories: false,
 dependencies: common_all.dependencies(),
 name_suffix: 'fa')
 
-- 
2.31.1

[PULL 19/26] KVM: Dirty ring support

From: Peter Xu 

KVM dirty ring is a new interface to pass over dirty bits from kernel to the
userspace.  Instead of using a bitmap for each memory region, the dirty ring
contains an array of dirtied GPAs to fetch (in the form of offset in slots).
For each vcpu there will be one dirty ring that binds to it.

kvm_dirty_ring_reap() is the major function to collect dirty rings.  It can be
called either by a standalone reaper thread that runs in the background,
collecting dirty pages for the whole VM.  It can also be called directly by any
thread that has BQL taken.

Signed-off-by: Peter Xu 
Message-Id: <20210506160549.130416-11-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c| 374 -
 accel/kvm/trace-events |   7 +
 include/hw/core/cpu.h  |   7 +
 3 files changed, 385 insertions(+), 3 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index e1a6c7c89b..c7ec538850 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -15,6 +15,7 @@
 
 #include "qemu/osdep.h"
 #include 
+#include 
 
 #include 
 
@@ -78,6 +79,25 @@ struct KVMParkedVcpu {
 QLIST_ENTRY(KVMParkedVcpu) node;
 };
 
+enum KVMDirtyRingReaperState {
+KVM_DIRTY_RING_REAPER_NONE = 0,
+/* The reaper is sleeping */
+KVM_DIRTY_RING_REAPER_WAIT,
+/* The reaper is reaping for dirty pages */
+KVM_DIRTY_RING_REAPER_REAPING,
+};
+
+/*
+ * KVM reaper instance, responsible for collecting the KVM dirty bits
+ * via the dirty ring.
+ */
+struct KVMDirtyRingReaper {
+/* The reaper thread */
+QemuThread reaper_thr;
+volatile uint64_t reaper_iteration; /* iteration number of reaper thr */
+volatile enum KVMDirtyRingReaperState reaper_state; /* reap thr state */
+};
+
 struct KVMState
 {
 AccelState parent_obj;
@@ -128,6 +148,7 @@ struct KVMState
 } *as;
 uint64_t kvm_dirty_ring_bytes;  /* Size of the per-vcpu dirty ring */
 uint32_t kvm_dirty_ring_size;   /* Number of dirty GFNs per ring */
+struct KVMDirtyRingReaper reaper;
 };
 
 KVMState *kvm_state;
@@ -389,6 +410,13 @@ static int do_kvm_destroy_vcpu(CPUState *cpu)
 goto err;
 }
 
+if (cpu->kvm_dirty_gfns) {
+ret = munmap(cpu->kvm_dirty_gfns, s->kvm_dirty_ring_size);
+if (ret < 0) {
+goto err;
+}
+}
+
 vcpu = g_malloc0(sizeof(*vcpu));
 vcpu->vcpu_id = kvm_arch_vcpu_id(cpu);
 vcpu->kvm_fd = cpu->kvm_fd;
@@ -465,6 +493,19 @@ int kvm_init_vcpu(CPUState *cpu, Error **errp)
 (void *)cpu->kvm_run + s->coalesced_mmio * PAGE_SIZE;
 }
 
+if (s->kvm_dirty_ring_size) {
+/* Use MAP_SHARED to share pages with the kernel */
+cpu->kvm_dirty_gfns = mmap(NULL, s->kvm_dirty_ring_size,
+   PROT_READ | PROT_WRITE, MAP_SHARED,
+   cpu->kvm_fd,
+   PAGE_SIZE * KVM_DIRTY_LOG_PAGE_OFFSET);
+if (cpu->kvm_dirty_gfns == MAP_FAILED) {
+ret = -errno;
+DPRINTF("mmap'ing vcpu dirty gfns failed: %d\n", ret);
+goto err;
+}
+}
+
 ret = kvm_arch_init_vcpu(cpu);
 if (ret < 0) {
 error_setg_errno(errp, -ret,
@@ -583,6 +624,11 @@ static void kvm_slot_sync_dirty_pages(KVMSlot *slot)
 cpu_physical_memory_set_dirty_lebitmap(slot->dirty_bmap, start, pages);
 }
 
+static void kvm_slot_reset_dirty_pages(KVMSlot *slot)
+{
+memset(slot->dirty_bmap, 0, slot->dirty_bmap_size);
+}
+
 #define ALIGN(x, y)  (((x)+(y)-1) & ~((y)-1))
 
 /* Allocate the dirty bitmap for a slot  */
@@ -639,6 +685,171 @@ static bool kvm_slot_get_dirty_log(KVMState *s, KVMSlot 
*slot)
 return ret == 0;
 }
 
+/* Should be with all slots_lock held for the address spaces. */
+static void kvm_dirty_ring_mark_page(KVMState *s, uint32_t as_id,
+ uint32_t slot_id, uint64_t offset)
+{
+KVMMemoryListener *kml;
+KVMSlot *mem;
+
+if (as_id >= s->nr_as) {
+return;
+}
+
+kml = s->as[as_id].ml;
+mem = >slots[slot_id];
+
+if (!mem->memory_size || offset >=
+(mem->memory_size / qemu_real_host_page_size)) {
+return;
+}
+
+set_bit(offset, mem->dirty_bmap);
+}
+
+static bool dirty_gfn_is_dirtied(struct kvm_dirty_gfn *gfn)
+{
+return gfn->flags == KVM_DIRTY_GFN_F_DIRTY;
+}
+
+static void dirty_gfn_set_collected(struct kvm_dirty_gfn *gfn)
+{
+gfn->flags = KVM_DIRTY_GFN_F_RESET;
+}
+
+/*
+ * Should be with all slots_lock held for the address spaces.  It returns the
+ * dirty page we've collected on this dirty ring.
+ */
+static uint32_t kvm_dirty_ring_reap_one(KVMState *s, CPUState *cpu)
+{
+struct kvm_dirty_gfn *dirty_gfns = cpu->kvm_dirty_gfns, *cur;
+uint32_t ring_size = s->kvm_dirty_ring_size;
+uint32_t count = 0, fetch = cpu->kvm_fetch_index;
+
+assert(dirty_gfns && ring_size);
+trace_kvm_dirty_ring_reap_vcpu(cpu->cpu_index);
+
+while (true) {
+

[PULL 08/26] qtest: add a QOM object for qtest

The qtest server right now can only be created using the -qtest
and -qtest-log options.  Allow an alternative way to create it
using "-object qtest,chardev=...,log=...".

This is part of the long term plan to make more (or all) of
QEMU configurable through QMP and preconfig mode.

Signed-off-by: Paolo Bonzini 
---
 qapi/qom.json   |  17 +
 softmmu/qtest.c | 185 +---
 softmmu/vl.c|   5 +-
 3 files changed, 196 insertions(+), 11 deletions(-)

diff --git a/qapi/qom.json b/qapi/qom.json
index 4f48035831..f7ef30f940 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -644,6 +644,21 @@
 { 'struct': 'PrManagerHelperProperties',
   'data': { 'path': 'str' } }
 
+##
+# @QtestProperties:
+#
+# Properties for qtest objects.
+#
+# @chardev: the chardev to be used to receive qtest commands on.
+#
+# @log: the path to a log file
+#
+# Since: 6.0
+##
+{ 'struct': 'QtestProperties',
+'data': { 'chardev': 'str',
+  '*log': 'str' } }
+
 ##
 # @RemoteObjectProperties:
 #
@@ -769,6 +784,7 @@
 'memory-backend-ram',
 'pef-guest',
 'pr-manager-helper',
+'qtest',
 'rng-builtin',
 'rng-egd',
 'rng-random',
@@ -825,6 +841,7 @@
   'if': 'defined(CONFIG_LINUX)' },
   'memory-backend-ram': 'MemoryBackendProperties',
   'pr-manager-helper':  'PrManagerHelperProperties',
+  'qtest':  'QtestProperties',
   'rng-builtin':'RngProperties',
   'rng-egd':'RngEgdProperties',
   'rng-random': 'RngRandomProperties',
diff --git a/softmmu/qtest.c b/softmmu/qtest.c
index 130c366615..72751e1fd8 100644
--- a/softmmu/qtest.c
+++ b/softmmu/qtest.c
@@ -27,6 +27,8 @@
 #include "qemu/error-report.h"
 #include "qemu/module.h"
 #include "qemu/cutils.h"
+#include "qapi/qmp/qerror.h"
+#include "qom/object_interfaces.h"
 #include CONFIG_DEVICES
 #ifdef CONFIG_PSERIES
 #include "hw/ppc/spapr_rtas.h"
@@ -34,11 +36,25 @@
 
 #define MAX_IRQ 256
 
+#define TYPE_QTEST "qtest"
+
+OBJECT_DECLARE_SIMPLE_TYPE(QTest, QTEST)
+
+struct QTest {
+Object parent;
+
+bool has_machine_link;
+char *chr_name;
+Chardev *chr;
+CharBackend qtest_chr;
+char *log;
+};
+
 bool qtest_allowed;
 
 static DeviceState *irq_intercept_dev;
 static FILE *qtest_log_fp;
-static CharBackend qtest_chr;
+static QTest *qtest;
 static GString *inbuf;
 static int irq_levels[MAX_IRQ];
 static qemu_timeval start_time;
@@ -320,7 +336,7 @@ static void qtest_irq_handler(void *opaque, int n, int 
level)
 qemu_set_irq(old_irq, level);
 
 if (irq_levels[n] != level) {
-CharBackend *chr = _chr;
+CharBackend *chr = >qtest_chr;
 irq_levels[n] = level;
 qtest_send_prefix(chr);
 qtest_sendf(chr, "IRQ %s %d\n",
@@ -849,18 +865,39 @@ static void qtest_event(void *opaque, QEMUChrEvent event)
 break;
 }
 }
+
 void qtest_server_init(const char *qtest_chrdev, const char *qtest_log, Error 
**errp)
 {
+ERRP_GUARD();
 Chardev *chr;
+Object *qtest;
 
 chr = qemu_chr_new("qtest", qtest_chrdev, NULL);
-
 if (chr == NULL) {
 error_setg(errp, "Failed to initialize device for qtest: \"%s\"",
qtest_chrdev);
 return;
 }
 
+qtest = object_new(TYPE_QTEST);
+object_property_set_str(qtest, "chardev", "qtest", _abort);
+if (qtest_log) {
+object_property_set_str(qtest, "log", qtest_log, _abort);
+}
+object_property_add_child(qdev_get_machine(), "qtest", qtest);
+user_creatable_complete(USER_CREATABLE(qtest), errp);
+if (*errp) {
+object_unparent(qtest);
+}
+object_unref(OBJECT(chr));
+object_unref(qtest);
+}
+
+static bool qtest_server_start(QTest *q, Error **errp)
+{
+Chardev *chr = q->chr;
+const char *qtest_log = q->log;
+
 if (qtest_log) {
 if (strcmp(qtest_log, "none") != 0) {
 qtest_log_fp = fopen(qtest_log, "w+");
@@ -869,16 +906,20 @@ void qtest_server_init(const char *qtest_chrdev, const 
char *qtest_log, Error **
 qtest_log_fp = stderr;
 }
 
-qemu_chr_fe_init(_chr, chr, errp);
-qemu_chr_fe_set_handlers(_chr, qtest_can_read, qtest_read,
- qtest_event, NULL, _chr, NULL, true);
-qemu_chr_fe_set_echo(_chr, true);
+if (!qemu_chr_fe_init(>qtest_chr, chr, errp)) {
+return false;
+}
+qemu_chr_fe_set_handlers(>qtest_chr, qtest_can_read, qtest_read,
+ qtest_event, NULL, >qtest_chr, NULL, true);
+qemu_chr_fe_set_echo(>qtest_chr, true);
 
 inbuf = g_string_new("");
 
 if (!qtest_server_send) {
-qtest_server_set_send_handler(qtest_server_char_be_send, _chr);
+qtest_server_set_send_handler(qtest_server_char_be_send, 
>qtest_chr);
 }
+qtest = q;
+return true;
 }
 
 void qtest_server_set_send_handler(void (*send)(void*, const

[PULL 06/26] meson: bump submodule to 0.57.2

The main advantage of 0.57 is that it fixes
https://github.com/mesonbuild/meson/pull/7900, thus avoiding unnecessary
rebuilds after running meson.

Signed-off-by: Paolo Bonzini 
---
 meson | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meson b/meson
index 776acd2a80..6f745e980b 16
--- a/meson
+++ b/meson
@@ -1 +1 @@
-Subproject commit 776acd2a805c9b42b4f0375150977df42130317f
+Subproject commit 6f745e980bcab036104c6b7f9064191e489012b9
-- 
2.31.1

[PULL 15/26] KVM: Simplify dirty log sync in kvm_set_phys_mem

From: Peter Xu 

kvm_physical_sync_dirty_bitmap() on the whole section is inaccurate, because
the section can be a superset of the memslot that we're working on.  The result
is that if the section covers multiple kvm memslots, we could be doing the
synchronization for multiple times for each kvmslot in the section.

With the two helpers that we just introduced, it's very easy to do it right now
by calling the helpers.

Signed-off-by: Peter Xu 
Message-Id: <20210506160549.130416-7-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 7031dd4250..0ba6d48120 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -1161,7 +1161,8 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
 goto out;
 }
 if (mem->flags & KVM_MEM_LOG_DIRTY_PAGES) {
-kvm_physical_sync_dirty_bitmap(kml, section);
+kvm_slot_get_dirty_log(kvm_state, mem);
+kvm_slot_sync_dirty_pages(mem);
 }
 
 /* unregister the slot */
-- 
2.31.1

[PULL 17/26] KVM: Add dirty-ring-size property

From: Peter Xu 

Add a parameter for dirty gfn count for dirty rings.  If zero, dirty ring is
disabled.  Otherwise dirty ring will be enabled with the per-vcpu gfn count as
specified.  If dirty ring cannot be enabled due to unsupported kernel or
illegal parameter, it'll fallback to dirty logging.

By default, dirty ring is not enabled (dirty-gfn-count default to 0).

Signed-off-by: Peter Xu 
Message-Id: <20210506160549.130416-9-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c | 46 +
 qemu-options.hx | 12 
 2 files changed, 58 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index df9fbf59a6..5afe15ae66 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -126,6 +126,8 @@ struct KVMState
 KVMMemoryListener *ml;
 AddressSpace *as;
 } *as;
+uint64_t kvm_dirty_ring_bytes;  /* Size of the per-vcpu dirty ring */
+uint32_t kvm_dirty_ring_size;   /* Number of dirty GFNs per ring */
 };
 
 KVMState *kvm_state;
@@ -3182,6 +3184,42 @@ bool kvm_kernel_irqchip_split(void)
 return kvm_state->kernel_irqchip_split == ON_OFF_AUTO_ON;
 }
 
+static void kvm_get_dirty_ring_size(Object *obj, Visitor *v,
+const char *name, void *opaque,
+Error **errp)
+{
+KVMState *s = KVM_STATE(obj);
+uint32_t value = s->kvm_dirty_ring_size;
+
+visit_type_uint32(v, name, , errp);
+}
+
+static void kvm_set_dirty_ring_size(Object *obj, Visitor *v,
+const char *name, void *opaque,
+Error **errp)
+{
+KVMState *s = KVM_STATE(obj);
+Error *error = NULL;
+uint32_t value;
+
+if (s->fd != -1) {
+error_setg(errp, "Cannot set properties after the accelerator has been 
initialized");
+return;
+}
+
+visit_type_uint32(v, name, , );
+if (error) {
+error_propagate(errp, error);
+return;
+}
+if (value & (value - 1)) {
+error_setg(errp, "dirty-ring-size must be a power of two.");
+return;
+}
+
+s->kvm_dirty_ring_size = value;
+}
+
 static void kvm_accel_instance_init(Object *obj)
 {
 KVMState *s = KVM_STATE(obj);
@@ -3191,6 +3229,8 @@ static void kvm_accel_instance_init(Object *obj)
 s->kvm_shadow_mem = -1;
 s->kernel_irqchip_allowed = true;
 s->kernel_irqchip_split = ON_OFF_AUTO_AUTO;
+/* KVM dirty ring is by default off */
+s->kvm_dirty_ring_size = 0;
 }
 
 static void kvm_accel_class_init(ObjectClass *oc, void *data)
@@ -3212,6 +3252,12 @@ static void kvm_accel_class_init(ObjectClass *oc, void 
*data)
 NULL, NULL);
 object_class_property_set_description(oc, "kvm-shadow-mem",
 "KVM shadow MMU size");
+
+object_class_property_add(oc, "dirty-ring-size", "uint32",
+kvm_get_dirty_ring_size, kvm_set_dirty_ring_size,
+NULL, NULL);
+object_class_property_set_description(oc, "dirty-ring-size",
+"Size of KVM dirty page ring buffer (default: 0, i.e. use bitmap)");
 }
 
 static const TypeInfo kvm_accel_type = {
diff --git a/qemu-options.hx b/qemu-options.hx
index e22fb94d99..ecdb064409 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -141,6 +141,7 @@ DEF("accel", HAS_ARG, QEMU_OPTION_accel,
 "kvm-shadow-mem=size of KVM shadow MMU in bytes\n"
 "split-wx=on|off (enable TCG split w^x mapping)\n"
 "tb-size=n (TCG translation block cache size)\n"
+"dirty-ring-size=n (KVM dirty ring GFN count, default 0)\n"
 "thread=single|multi (enable multi-threaded TCG)\n", 
QEMU_ARCH_ALL)
 SRST
 ``-accel name[,prop=value[,...]]``
@@ -181,6 +182,17 @@ SRST
 where both the back-end and front-ends support it and no
 incompatible TCG features have been enabled (e.g.
 icount/replay).
+
+``dirty-ring-size=n``
+When the KVM accelerator is used, it controls the size of the per-vCPU
+dirty page ring buffer (number of entries for each vCPU). It should
+be a value that is power of two, and it should be 1024 or bigger (but
+still less than the maximum value that the kernel supports).  4096
+could be a good initial value if you have no idea which is the best.
+Set this value to 0 to disable the feature.  By default, this feature
+is disabled (dirty-ring-size=0).  When enabled, KVM will instead
+record dirty pages in a bitmap.
+
 ERST
 
 DEF("smp", HAS_ARG, QEMU_OPTION_smp,
-- 
2.31.1

[PULL 25/26] qemu-config: load modules when instantiating option groups

Right now the SPICE module is special cased to be loaded when processing
of the -spice command line option.  However, the spice option group
can also be brought in via -readconfig, in which case the module is
not loaded.

Add a generic hook to load modules that provide a QemuOpts group,
and use it for the "spice" and "iscsi" groups.

Fixes: #194
Fixes: https://bugs.launchpad.net/qemu/+bug/1910696
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini 
---
 include/qemu/config-file.h |  2 +-
 softmmu/vl.c   | 21 +
 stubs/meson.build  |  1 +
 stubs/module-opts.c|  6 ++
 util/qemu-config.c |  1 +
 5 files changed, 26 insertions(+), 5 deletions(-)
 create mode 100644 stubs/module-opts.c

diff --git a/include/qemu/config-file.h b/include/qemu/config-file.h
index 8d3e53ae4d..0500b3668d 100644
--- a/include/qemu/config-file.h
+++ b/include/qemu/config-file.h
@@ -1,7 +1,7 @@
 #ifndef QEMU_CONFIG_FILE_H
 #define QEMU_CONFIG_FILE_H
 
-
+void qemu_load_module_for_opts(const char *group);
 QemuOptsList *qemu_find_opts(const char *group);
 QemuOptsList *qemu_find_opts_err(const char *group, Error **errp);
 QemuOpts *qemu_find_opts_singleton(const char *group);
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 21e55718a6..6054f6f0b9 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -2627,6 +2627,23 @@ void qmp_x_exit_preconfig(Error **errp)
 }
 }
 
+#ifdef CONFIG_MODULES
+void qemu_load_module_for_opts(const char *group)
+{
+static bool spice_tried;
+if (g_str_equal(group, "spice") && !spice_tried) {
+ui_module_load_one("spice-core");
+spice_tried = true;
+}
+
+static bool iscsi_tried;
+if (g_str_equal(group, "iscsi") && !iscsi_tried) {
+block_module_load_one("iscsi");
+iscsi_tried = true;
+}
+}
+#endif
+
 void qemu_init(int argc, char **argv, char **envp)
 {
 QemuOpts *opts;
@@ -3386,10 +3403,6 @@ void qemu_init(int argc, char **argv, char **envp)
 break;
 case QEMU_OPTION_spice:
 olist = qemu_find_opts_err("spice", NULL);
-if (!olist) {
-ui_module_load_one("spice-core");
-olist = qemu_find_opts("spice");
-}
 if (!olist) {
 error_report("spice support is disabled");
 exit(1);
diff --git a/stubs/meson.build b/stubs/meson.build
index 3faef16892..f3f979c3fe 100644
--- a/stubs/meson.build
+++ b/stubs/meson.build
@@ -22,6 +22,7 @@ stub_ss.add(files('isa-bus.c'))
 stub_ss.add(files('is-daemonized.c'))
 stub_ss.add(when: 'CONFIG_LINUX_AIO', if_true: files('linux-aio.c'))
 stub_ss.add(files('migr-blocker.c'))
+stub_ss.add(files('module-opts.c'))
 stub_ss.add(files('monitor.c'))
 stub_ss.add(files('monitor-core.c'))
 stub_ss.add(files('pci-bus.c'))
diff --git a/stubs/module-opts.c b/stubs/module-opts.c
new file mode 100644
index 00..a7d0e4ad6e
--- /dev/null
+++ b/stubs/module-opts.c
@@ -0,0 +1,6 @@
+#include "qemu/osdep.h"
+#include "qemu/config-file.h"
+
+void qemu_load_module_for_opts(const char *group)
+{
+}
diff --git a/util/qemu-config.c b/util/qemu-config.c
index 670bd6ebca..34974c4b47 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -16,6 +16,7 @@ static QemuOptsList *find_list(QemuOptsList **lists, const 
char *group,
 {
 int i;
 
+qemu_load_module_for_opts(group);
 for (i = 0; lists[i] != NULL; i++) {
 if (strcmp(lists[i]->name, group) == 0)
 break;
-- 
2.31.1

[PULL 09/26] KVM: do not allow setting properties at runtime

Only allow accelerator properties to be set when the
accelerator is being created.

Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 4e0168e88b..54c0860979 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2017,7 +2017,6 @@ static int kvm_init(MachineState *ms)
 QTAILQ_INIT(>kvm_sw_breakpoints);
 #endif
 QLIST_INIT(>kvm_parked_vcpus);
-s->vmfd = -1;
 s->fd = qemu_open_old("/dev/kvm", O_RDWR);
 if (s->fd == -1) {
 fprintf(stderr, "Could not access KVM kernel module: %m\n");
@@ -3112,6 +3111,11 @@ static void kvm_set_kvm_shadow_mem(Object *obj, Visitor 
*v,
 KVMState *s = KVM_STATE(obj);
 int64_t value;
 
+if (s->fd != -1) {
+error_setg(errp, "Cannot set properties after the accelerator has been 
initialized");
+return;
+}
+
 if (!visit_type_int(v, name, , errp)) {
 return;
 }
@@ -3126,6 +3130,11 @@ static void kvm_set_kernel_irqchip(Object *obj, Visitor 
*v,
 KVMState *s = KVM_STATE(obj);
 OnOffSplit mode;
 
+if (s->fd != -1) {
+error_setg(errp, "Cannot set properties after the accelerator has been 
initialized");
+return;
+}
+
 if (!visit_type_OnOffSplit(v, name, , errp)) {
 return;
 }
@@ -3172,6 +3181,8 @@ static void kvm_accel_instance_init(Object *obj)
 {
 KVMState *s = KVM_STATE(obj);
 
+s->fd = -1;
+s->vmfd = -1;
 s->kvm_shadow_mem = -1;
 s->kernel_irqchip_allowed = true;
 s->kernel_irqchip_split = ON_OFF_AUTO_AUTO;
-- 
2.31.1

Re: [PATCH RESEND 3/4] migration/rdma: destination: create the return patch after the first accept

2021-05-20 Thread lizhij...@fujitsu.com

should make some changes for this patch like below:

# git diff
diff --git a/migration/rdma.c b/migration/rdma.c
index 3b228c46ebf..067ea272276 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -316,7 +316,7 @@ typedef struct RDMALocalBlocks {
  typedef struct RDMAContext {
  char *host;
  int port;
-    const char *host_port;
+    char *host_port;

  RDMAWorkRequestData wr_data[RDMA_WRID_MAX];

@@ -2393,7 +2393,9 @@ static void qemu_rdma_cleanup(RDMAContext *rdma)
  rdma->channel = NULL;
  }
  g_free(rdma->host);
+    g_free(rdma->host_port);
  rdma->host = NULL;
+    rdma->host_port = NULL;
  }


@@ -2649,7 +2651,7 @@ static void *qemu_rdma_data_init(const char *host_port, 
Error **errp)
  if (!inet_parse(addr, host_port, NULL)) {
  rdma->port = atoi(addr->port);
  rdma->host = g_strdup(addr->host);
-    rdma->host_port = host_port;
+    rdma->host_port = g_strdup(host_port);
  } else {
  ERROR(errp, "bad RDMA migration address '%s'", host_port);
  g_free(rdma);
@@ -4076,6 +4078,7 @@ err:
  error_propagate(errp, local_err);
  if (rdma) {
  g_free(rdma->host);
+    g_free(rdma->host_port);
  }
  g_free(rdma);
  g_free(rdma_return_path);


On 20/05/2021 16.11, Li Zhijian wrote:
> destination side:
> $ build/qemu-system-x86_64 -enable-kvm -netdev 
> tap,id=hn0,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown -device 
> e1000,netdev=hn0,mac=50:52:54:00:11:22 -boot c -drive 
> if=none,file=./Fedora-rdma-server-migration.qcow2,id=drive-virtio-disk0 
> -device 
> virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0 -m 
> 2048 -smp 2 -device piix3-usb-uhci -device usb-tablet -monitor stdio -vga qxl 
> -spice streaming-video=filter,port=5902,disable-ticketing -incoming 
> rdma:192.168.1.10:
> (qemu) migrate_set_capability postcopy-ram on
> (qemu)
> dest_init RDMA Device opened: kernel name rocep1s0f0 uverbs device name 
> uverbs0, infiniband_verbs class device path 
> /sys/class/infiniband_verbs/uverbs0, infiniband class device path 
> /sys/class/infiniband/rocep1s0f0, transport: (2) Ethernet
> Segmentation fault (core dumped)
>
>   (gdb) bt
>   #0  qemu_rdma_accept (rdma=0x0) at ../migration/rdma.c:3272
>   #1  rdma_accept_incoming_migration (opaque=0x0) at 
> ../migration/rdma.c:3986
>   #2  0x563c9e51f02a in aio_dispatch_handler
>   (ctx=ctx@entry=0x563ca0606010, node=0x563ca12b2150) at 
> ../util/aio-posix.c:329
>   #3  0x563c9e51f752 in aio_dispatch_handlers (ctx=0x563ca0606010) at 
>  ../util/aio-posix.c:372
>   #4  aio_dispatch (ctx=0x563ca0606010) at ../util/aio-posix.c:382
>   #5  0x563c9e4f4d9e in aio_ctx_dispatch (source=,  
> callback=, user_data=)at ../util/async.c:306
>   #6  0x7fe96ef3fa9f in g_main_context_dispatch () at  
> /lib64/libglib-2.0.so.0
>   #7  0x563c9e4ffeb8 in glib_pollfds_poll () at 
> ../util/main-loop.c:231
>   #8  os_host_main_loop_wait (timeout=12188789) at ../util/main-loop.c:254
>   #9  main_loop_wait (nonblocking=nonblocking@entry=0) at 
> ../util/main-loop.c:530
>   #10 0x563c9e3c7211 in qemu_main_loop () at ../softmmu/runstate.c:725
>   #11 0x563c9dfd46fe in main (argc=, argv= out>, envp=) at ../softmmu/main.c:50
>
> The rdma return path will not be created when qemu incoming is starting
> since migrate_copy() is false at that moment, then a  NULL return path
> rdma was referenced if the user enabled postcopy later.
>
> Signed-off-by: Li Zhijian 
> ---
>   migration/rdma.c | 29 ++---
>   1 file changed, 18 insertions(+), 11 deletions(-)
>
> diff --git a/migration/rdma.c b/migration/rdma.c
> index 651534e825..3b228c46eb 100644
> --- a/migration/rdma.c
> +++ b/migration/rdma.c
> @@ -316,6 +316,7 @@ typedef struct RDMALocalBlocks {
>   typedef struct RDMAContext {
>   char *host;
>   int port;
> +const char *host_port;
>   
>   RDMAWorkRequestData wr_data[RDMA_WRID_MAX];
>   
> @@ -2648,6 +2649,7 @@ static void *qemu_rdma_data_init(const char *host_port, 
> Error **errp)
>   if (!inet_parse(addr, host_port, NULL)) {
>   rdma->port = atoi(addr->port);
>   rdma->host = g_strdup(addr->host);
> +rdma->host_port = host_port;
>   } else {
>   ERROR(errp, "bad RDMA migration address '%s'", host_port);
>   g_free(rdma);
> @@ -3276,6 +3278,7 @@ static int qemu_rdma_accept(RDMAContext *rdma)
>   .private_data = ,
>   .private_data_len = sizeof(cap),
>};
> +RDMAContext *rdma_return_path = NULL;
>   struct rdma_cm_event *cm_event;
>   struct ibv_context *verbs;
>   int ret = -EINVAL;
> @@ -3291,6 +3294,20 @@ static int qemu_rdma_accept(RDMAContext *rdma)
>   goto

[PULL 23/26] replication: move include out of root directory

The replication.h file is included from migration/colo.c and 
tests/unit/test-replication.c,
so it should be in include/.

Signed-off-by: Paolo Bonzini 
---
 block/replication.c  | 2 +-
 replication.h => include/block/replication.h | 4 ++--
 migration/colo.c | 2 +-
 replication.c| 2 +-
 tests/unit/test-replication.c| 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)
 rename replication.h => include/block/replication.h (98%)

diff --git a/block/replication.c b/block/replication.c
index 97be7ef4de..52163f2d1f 100644
--- a/block/replication.c
+++ b/block/replication.c
@@ -22,7 +22,7 @@
 #include "sysemu/block-backend.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qdict.h"
-#include "replication.h"
+#include "block/replication.h"
 
 typedef enum {
 BLOCK_REPLICATION_NONE, /* block replication is not started */
diff --git a/replication.h b/include/block/replication.h
similarity index 98%
rename from replication.h
rename to include/block/replication.h
index d49fc22cb9..21931b4f0c 100644
--- a/replication.h
+++ b/include/block/replication.h
@@ -23,7 +23,7 @@ typedef struct ReplicationOps ReplicationOps;
 typedef struct ReplicationState ReplicationState;
 
 /**
- * SECTION:replication.h
+ * SECTION:block/replication.h
  * @title:Base Replication System
  * @short_description: interfaces for handling replication
  *
@@ -32,7 +32,7 @@ typedef struct ReplicationState ReplicationState;
  * 
  *   How to use replication interfaces
  *   
- * #include "replication.h"
+ * #include "block/replication.h"
  *
  * typedef struct BDRVReplicationState {
  * ReplicationState *rs;
diff --git a/migration/colo.c b/migration/colo.c
index de27662cab..e498fdb125 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -28,7 +28,7 @@
 #include "migration/failover.h"
 #include "migration/ram.h"
 #ifdef CONFIG_REPLICATION
-#include "replication.h"
+#include "block/replication.h"
 #endif
 #include "net/colo-compare.h"
 #include "net/colo.h"
diff --git a/replication.c b/replication.c
index be3a42f9c9..4acd3f8004 100644
--- a/replication.c
+++ b/replication.c
@@ -14,7 +14,7 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
-#include "replication.h"
+#include "block/replication.h"
 
 static QLIST_HEAD(, ReplicationState) replication_states;
 
diff --git a/tests/unit/test-replication.c b/tests/unit/test-replication.c
index b067240add..afff908d77 100644
--- a/tests/unit/test-replication.c
+++ b/tests/unit/test-replication.c
@@ -14,7 +14,7 @@
 #include "qapi/qmp/qdict.h"
 #include "qemu/option.h"
 #include "qemu/main-loop.h"
-#include "replication.h"
+#include "block/replication.h"
 #include "block/block_int.h"
 #include "block/qdict.h"
 #include "sysemu/block-backend.h"
-- 
2.31.1

[PULL 22/26] remove qemu-options* from root directory

These headers are also included from softmmu/vl.c, so they should be
in include/.  Remove qemu-options-wrapper.h, since elsewhere
we include "template" headers directly and #define the parameters in
the including file; move qemu-options.h to include/.

Reviewed-by: Markus Armbruster 
Signed-off-by: Paolo Bonzini 
---
 qemu-options.h => include/qemu/qemu-options.h |  9 -
 os-posix.c|  2 +-
 os-win32.c|  1 -
 qemu-options-wrapper.h| 40 ---
 qemu-options.hx   |  4 ++
 softmmu/vl.c  | 24 ---
 6 files changed, 31 insertions(+), 49 deletions(-)
 rename qemu-options.h => include/qemu/qemu-options.h (88%)
 delete mode 100644 qemu-options-wrapper.h

diff --git a/qemu-options.h b/include/qemu/qemu-options.h
similarity index 88%
rename from qemu-options.h
rename to include/qemu/qemu-options.h
index b4ee63cd60..4a62c83c45 100644
--- a/qemu-options.h
+++ b/include/qemu/qemu-options.h
@@ -29,8 +29,13 @@
 #define QEMU_OPTIONS_H
 
 enum {
-#define QEMU_OPTIONS_GENERATE_ENUM
-#include "qemu-options-wrapper.h"
+
+#define DEF(option, opt_arg, opt_enum, opt_help, arch_mask) \
+opt_enum,
+#define DEFHEADING(text)
+#define ARCHHEADING(text, arch_mask)
+
+#include "qemu-options.def"
 };
 
 #endif
diff --git a/os-posix.c b/os-posix.c
index a6846f51c1..ae6c9f2a5e 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -32,7 +32,7 @@
 #include "qemu-common.h"
 /* Needed early for CONFIG_BSD etc. */
 #include "net/slirp.h"
-#include "qemu-options.h"
+#include "qemu/qemu-options.h"
 #include "qemu/error-report.h"
 #include "qemu/log.h"
 #include "sysemu/runstate.h"
diff --git a/os-win32.c b/os-win32.c
index fd1137bab1..e31c921983 100644
--- a/os-win32.c
+++ b/os-win32.c
@@ -27,7 +27,6 @@
 #include 
 #include 
 #include "qemu-common.h"
-#include "qemu-options.h"
 #include "sysemu/runstate.h"
 
 static BOOL WINAPI qemu_ctrl_handler(DWORD type)
diff --git a/qemu-options-wrapper.h b/qemu-options-wrapper.h
deleted file mode 100644
index 6f548e3922..00
--- a/qemu-options-wrapper.h
+++ /dev/null
@@ -1,40 +0,0 @@
-
-#if defined(QEMU_OPTIONS_GENERATE_ENUM)
-
-#define DEF(option, opt_arg, opt_enum, opt_help, arch_mask) \
-opt_enum,
-#define DEFHEADING(text)
-#define ARCHHEADING(text, arch_mask)
-
-#elif defined(QEMU_OPTIONS_GENERATE_HELP)
-
-#define DEF(option, opt_arg, opt_enum, opt_help, arch_mask)\
-if ((arch_mask) & arch_type)   \
-fputs(opt_help, stdout);
-
-#define ARCHHEADING(text, arch_mask) \
-if ((arch_mask) & arch_type)\
-puts(stringify(text));
-
-#define DEFHEADING(text) ARCHHEADING(text, QEMU_ARCH_ALL)
-
-#elif defined(QEMU_OPTIONS_GENERATE_OPTIONS)
-
-#define DEF(option, opt_arg, opt_enum, opt_help, arch_mask) \
-{ option, opt_arg, opt_enum, arch_mask },
-#define DEFHEADING(text)
-#define ARCHHEADING(text, arch_mask)
-
-#else
-#error "qemu-options-wrapper.h included with no option defined"
-#endif
-
-#include "qemu-options.def"
-
-#undef DEF
-#undef DEFHEADING
-#undef ARCHHEADING
-
-#undef QEMU_OPTIONS_GENERATE_ENUM
-#undef QEMU_OPTIONS_GENERATE_HELP
-#undef QEMU_OPTIONS_GENERATE_OPTIONS
diff --git a/qemu-options.hx b/qemu-options.hx
index ecdb064409..8116f79818 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5276,3 +5276,7 @@ ERST
 
 
 HXCOMM This is the last statement. Insert new options before this line!
+
+#undef DEF
+#undef DEFHEADING
+#undef ARCHHEADING
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 11ac3750d8..ac0ff6e160 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -88,7 +88,7 @@
 #include "qapi/qobject-input-visitor.h"
 #include "qemu/option.h"
 #include "qemu/config-file.h"
-#include "qemu-options.h"
+#include "qemu/qemu-options.h"
 #include "qemu/main-loop.h"
 #ifdef CONFIG_VIRTFS
 #include "fsdev/qemu-fsdev.h"
@@ -854,8 +854,17 @@ static void help(int exitcode)
"'disk_image' is a raw hard disk image for IDE hard disk 0\n\n",
 error_get_progname());
 
-#define QEMU_OPTIONS_GENERATE_HELP
-#include "qemu-options-wrapper.h"
+#define DEF(option, opt_arg, opt_enum, opt_help, arch_mask)\
+if ((arch_mask) & arch_type)   \
+fputs(opt_help, stdout);
+
+#define ARCHHEADING(text, arch_mask) \
+if ((arch_mask) & arch_type)\
+puts(stringify(text));
+
+#define DEFHEADING(text) ARCHHEADING(text, QEMU_ARCH_ALL)
+
+#include "qemu-options.def"
 
 printf("\nDuring emulation, the following keys are useful:\n"
"ctrl-alt-f  toggle full screen\n"
@@ -880,8 +889,13 @@ typedef struct QEMUOption {
 
 static const QEMUOption qemu_options[] = {
 { "h", 0, QEMU_OPTION_h, QEMU_ARCH_ALL },
-#define QEMU_OPTIONS_GENERATE_OPTIONS
-#include "qemu-options-wrapper.h"
+
+#define DEF(option, opt_arg, opt_enum, opt_help, arch_mask) \
+{ option, opt_arg, opt_enum, arch_mask

[PULL 16/26] KVM: Cache kvm slot dirty bitmap size

From: Peter Xu 

Cache it too because we'll reference it more frequently in the future.

Reviewed-by: Dr. David Alan Gilbert 
Signed-off-by: Peter Xu 
Message-Id: <20210506160549.130416-8-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c  | 1 +
 include/sysemu/kvm_int.h | 1 +
 2 files changed, 2 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 0ba6d48120..df9fbf59a6 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -610,6 +610,7 @@ static void kvm_slot_init_dirty_bitmap(KVMSlot *mem)
 hwaddr bitmap_size = ALIGN(mem->memory_size / qemu_real_host_page_size,
 /*HOST_LONG_BITS*/ 64) / 8;
 mem->dirty_bmap = g_malloc0(bitmap_size);
+mem->dirty_bmap_size = bitmap_size;
 }
 
 /*
diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h
index ab09a150e1..c788452cd9 100644
--- a/include/sysemu/kvm_int.h
+++ b/include/sysemu/kvm_int.h
@@ -23,6 +23,7 @@ typedef struct KVMSlot
 int old_flags;
 /* Dirty bitmap cache for the slot */
 unsigned long *dirty_bmap;
+unsigned long dirty_bmap_size;
 /* Cache of the address space ID */
 int as_id;
 /* Cache of the offset in ram address space */
-- 
2.31.1

[PULL 24/26] vl: allow not specifying size in -m when using -M memory-backend

Starting in QEMU 6.0's commit f5c9fcb82d ("vl: separate
qemu_create_machine", 2020-12-10), a function have_custom_ram_size()
replaced the return value of set_memory_options().

The purpose of the return value was to record the presence of
"-m size", and if it was not there, change the default RAM
size to the size of the memory backend passed with "-M
memory-backend".

With that commit, however, have_custom_ram_size() is now queried only
after set_memory_options has stored the fixed-up RAM size in QemuOpts for
"future use".  This was actually the only future use of the fixed-up RAM
size, so remove that code and fix the bug.

Cc: qemu-sta...@nongnu.org
Fixes: f5c9fcb82d ("vl: separate qemu_create_machine", 2020-12-10)
Signed-off-by: Paolo Bonzini 
---
 softmmu/vl.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/softmmu/vl.c b/softmmu/vl.c
index ac0ff6e160..21e55718a6 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -2039,8 +2039,6 @@ static void set_memory_options(MachineClass *mc)
 exit(EXIT_FAILURE);
 }
 
-/* store value for the future use */
-qemu_opt_set_number(opts, "size", ram_size, _abort);
 maxram_size = ram_size;
 
 if (qemu_opt_get(opts, "maxmem")) {
-- 
2.31.1

Re: [RFC PATCH 02/11] hw/ide: Add PCIIDEState::isa_bus link

2021-05-20 Thread Mark Cave-Ayland


On 20/05/2021 08:41, Mark Cave-Ayland wrote:

3) Add a new pci_isa_bridge_get_isabus(PCIDevice *d) function that the devices such 
as via-ide can use to obtain a reference to the ISABus from their own PCIDevice. It 
should hopefully be quite simple like this:


ISABus *pci_isa_bridge_get_isabus(PCIDevice *d)
{
    PCIISABridge *s = PCI_ISA_BRIDGE(d);

    return s->isa_bus;
}


Oops - have just realised that PCIDevice in this case is the PCI/ISA device and not 
the bridge itself. This means there is a bit more work to do, perhaps something like:


   ISABus *pci_device_get_isabus(PCIDevice *d)
   {
PCIBus *bus = pci_get_bus(d);
PCIDeviceClass *k;
int devfn;

for (devfn = 0; devfn < ARRAY_SIZE(bus->devices); devfn++) {
PCIDevice *pd = bus->devices[devfn];
PCIDeviceClass *k = PCI_DEVICE_GET_CLASS(d);
PCIISABridge *s;
if (object_dynamic_cast(OBJECT(pd), TYPE_PCI_ISA_BRIDGE)) {
s = PCI_ISA_BRIDGE(pd);
return s->isa_bus;
}
}

return NULL;
   }

Given that a PCI-ISA bridge effectively manages the bottom part of the single IO 
address space then I believe there can only be one PCI-ISA bridge per PCI host 
bridge, and therefore bus.



ATB,

Mark.

Re: [RFC PATCH 02/11] hw/ide: Add PCIIDEState::isa_bus link

2021-05-20 Thread Stefan Hajnoczi

On Thu, May 20, 2021 at 02:46:47AM +0200, BALATON Zoltan wrote:
> On Wed, 19 May 2021, John Snow wrote:
> > On 5/18/21 7:05 PM, BALATON Zoltan wrote:
> > > On Tue, 18 May 2021, Philippe Mathieu-Daudé wrote:
> > > > IDE bus depends on ISA bus for IRQ/DMA.
> > > > 
> > > > Add an ISABus reference in PCIIDEState, and add link properties
> > > > to it in the PIIX and VIA objects (which inherit PCI_IDE).
> > > > 
> > > > Signed-off-by: Philippe Mathieu-Daudé 
> > > > ---
> > > > include/hw/ide/pci.h |  1 +
> > > > hw/ide/piix.c    | 11 ++-
> > > > hw/ide/via.c | 10 +-
> > > > 3 files changed, 20 insertions(+), 2 deletions(-)
> > > > 
> > > > diff --git a/include/hw/ide/pci.h b/include/hw/ide/pci.h
> > > > index d8384e1c422..e790722ed14 100644
> > > > --- a/include/hw/ide/pci.h
> > > > +++ b/include/hw/ide/pci.h
> > > > @@ -47,6 +47,7 @@ struct PCIIDEState {
> > > >     PCIDevice parent_obj;
> > > >     /*< public >*/
> > > > 
> > > > +    ISABus *isa_bus;
> > > 
> > > I'm not sure that this belongs here. Previously we managed to remove
> > > device specific fields from this structure so it's now really just
> > > holds stuff related to PCI IDE (except the remaining "secondary"
> > > field specific to CMD646). PCI IDE normaly has nothing to do with
> > > ISA except for those south bridges that have IDE with legacy mode.
> > > So this ISABus reference should be in those south bridges instead.
> > > But that may need a
> > 
> > by "those south bridges" I assume you are referring to the integrated
> > PIIX and VIA controller implementations.
> 
> Yes, those are that also have an ISA bridge so the IDE in those can use
> either ISA or PCI IRQs but we probably only emulate one mode. At least
> that's the case for via-ide which we have gone into great detail before and
> concluded we can't cleanly switch between legacy ISA or PCI mode and the
> pegasos2 needs hard coded ISA interrupts even when in PCI mode so we only
> emulate that.
> 
> Apart from that this PCI IDE is also used by CMD646 and sii3112 that are
> pure PCI IDE devices without any ISA dependency so that's why I think we
> should not need this ISABus here to keep this implementing PCI IDE and only
> keep ISA in the south bridge models.
> 
> > > new subclass just for this so putting it here is just avoiding
> > > boilerplate of declaring new subclasses in piix and via-ide. I can
> > > sympathise with that but I'd still prefer to keep it off here but I
> > > wonder if there's a way to do that without subclassing and storing
> > > an ISABus ref? If I understand correctly this ISABus ref is just
> > > needed to get appropriate ISA irqs. But could we just store a ref to
> > > those irqs
> > 
> > It looks like it's just the IRQs, yeah.
> > 
> > > directly so we don't need to keep the ref to the ISA bus? There's
> > 
> > I think the idea actually is to formalize the dependency of these models
> > on the ISA bus instead of hacking / faking one. I think we DO want the
> > dependency.
> 
> Right, but only piix and via depend on ISA so the dependency should be in
> those not in PCI IDE in my opinion. But I don't mind too much so if it would
> be too difficult to put it elsewhere I don't mind introducing this ISABus
> field but we should at least look if it could be avoided first.
> 
> > > already a qemu_irq in BMDMAState but I'm not sure how those are set
> > > and if you could store an isa irq there to simplify this. I don't
> > > know the details and could not detangle it by a brief look so not
> > > sure it can be done but conceptually it feels better to keep PCI IDE
> > > separate from ISA and let it raise either PCI irq or ISA irq as
> > > needed. For that a ref to the irq should be enough and that can
> > > either come from a PCI bus (which is normaly expected for PCI IDE)
> > > or an ISA bridge for legacy modes. Hope it makes sense and you get
> > > what I'm trying to say. (Longer term we may want to make it
> > > changeable also after the device is created to allow switching
> > > between legacy and PCI mode but so far we could get away without
> > > emulating that so it's not a requirement just something to consider
> > > when you're changing this. The real problem that prevents switching
> > > modes is not irq I think but ioports and that ISA devices are not
> > > configurable after creating them but that would need QOM'ifying ISA
> > > emulation which probably does not worth the effort unless we come
> > > across some guest that needs this.)
> > > 
> > > Regards,
> > > BALATON Zoltan
> > > 
> > 
> > I assume the idea here is that PCIIDE does not technically need "ISA" to
> > provide ioport access to the ATA drives, so taxonomically it's odd for
> > the generic/abstract PCIIDE device to require an ISA bus.
> > 
> > Am I understanding correctly?
> 
> I'm not sure I understand all of the IDE emulation but in my view PCI IDE
> should be independent of ISA so instead of adding a reference to an ISA bus
> to PCIIDEState maybe it's

[PATCH RESEND 1/4] migration/rdma: cleanup rmda in rdma_start_incoming_migration error path

the error path after calling qemu_rdma_dest_init() should do rdma cleanup

Signed-off-by: Li Zhijian 
---
 migration/rdma.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/migration/rdma.c b/migration/rdma.c
index 41726cc74a..7e7595faab 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -4040,7 +4040,7 @@ void rdma_start_incoming_migration(const char *host_port, 
Error **errp)
 
 if (ret) {
 ERROR(errp, "listening on socket!");
-goto err;
+goto cleanup_rdma;
 }
 
 trace_rdma_start_incoming_migration_after_rdma_listen();
@@ -4050,7 +4050,7 @@ void rdma_start_incoming_migration(const char *host_port, 
Error **errp)
 rdma_return_path = qemu_rdma_data_init(host_port, _err);
 
 if (rdma_return_path == NULL) {
-goto err;
+goto cleanup_rdma;
 }
 
 qemu_rdma_return_path_dest_init(rdma_return_path, rdma);
@@ -4059,6 +4059,9 @@ void rdma_start_incoming_migration(const char *host_port, 
Error **errp)
 qemu_set_fd_handler(rdma->channel->fd, rdma_accept_incoming_migration,
 NULL, (void *)(intptr_t)rdma);
 return;
+
+cleanup_rdma:
+qemu_rdma_cleanup(rdma);
 err:
 error_propagate(errp, local_err);
 if (rdma) {
-- 
2.30.2

[PULL 01/26] configure: Only clone softfloat-3 repositories if TCG is enabled

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20210512045821.3257963-1-phi...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 configure | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 0e4233fd8a..1bb29fcda1 100755
--- a/configure
+++ b/configure
@@ -257,8 +257,6 @@ if test -e "$source_path/.git"
 then
 git_submodules_action="update"
 git_submodules="ui/keycodemapdb"
-git_submodules="$git_submodules tests/fp/berkeley-testfloat-3"
-git_submodules="$git_submodules tests/fp/berkeley-softfloat-3"
 else
 git_submodules_action="ignore"
 git_submodules=""
@@ -2271,6 +2269,11 @@ if test "$solaris" = "yes" ; then
   fi
 fi
 
+if test "$tcg" = "enabled"; then
+git_submodules="$git_submodules tests/fp/berkeley-testfloat-3"
+git_submodules="$git_submodules tests/fp/berkeley-softfloat-3"
+fi
+
 if test -z "${target_list+xxx}" ; then
 default_targets=yes
 for target in $default_target_list; do
-- 
2.31.1

[PULL 07/26] object: add more commands to preconfig mode

Creating and destroying QOM objects does not require a fully constructed
machine.  Allow running object-add and object-del before machine
initialization has concluded.

Signed-off-by: Paolo Bonzini 
---
 hmp-commands.hx | 2 ++
 qapi/qom.json   | 6 --
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/hmp-commands.hx b/hmp-commands.hx
index 435c591a1c..146a13c896 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1297,6 +1297,7 @@ ERST
 .help   = "create QOM object",
 .cmd= hmp_object_add,
 .command_completion = object_add_completion,
+.flags  = "p",
 },
 
 SRST
@@ -1311,6 +1312,7 @@ ERST
 .help   = "destroy QOM object",
 .cmd= hmp_object_del,
 .command_completion = object_del_completion,
+.flags  = "p",
 },
 
 SRST
diff --git a/qapi/qom.json b/qapi/qom.json
index 40d70c434a..4f48035831 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -857,7 +857,8 @@
 # <- { "return": {} }
 #
 ##
-{ 'command': 'object-add', 'data': 'ObjectOptions', 'boxed': true }
+{ 'command': 'object-add', 'data': 'ObjectOptions', 'boxed': true,
+  'allow-preconfig': true }
 
 ##
 # @object-del:
@@ -877,4 +878,5 @@
 # <- { "return": {} }
 #
 ##
-{ 'command': 'object-del', 'data': {'id': 'str'} }
+{ 'command': 'object-del', 'data': {'id': 'str'},
+  'allow-preconfig': true }
-- 
2.31.1

[PULL 11/26] KVM: Use a big lock to replace per-kml slots_lock

From: Peter Xu 

Per-kml slots_lock will bring some trouble if we want to take all slots_lock of
all the KMLs, especially when we're in a context that we could have taken some
of the KML slots_lock, then we even need to figure out what we've taken and
what we need to take.

Make this simple by merging all KML slots_lock into a single slots lock.

Per-kml slots_lock isn't anything that helpful anyway - so far only x86 has two
address spaces (so, two slots_locks).  All the rest archs will be having one
address space always, which means there's actually one slots_lock so it will be
the same as before.

Signed-off-by: Peter Xu 
Message-Id: <20210506160549.130416-3-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c  | 33 ++---
 include/sysemu/kvm_int.h |  2 --
 2 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 54c0860979..f8980e155b 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -172,8 +172,10 @@ typedef struct KVMResampleFd KVMResampleFd;
 static QLIST_HEAD(, KVMResampleFd) kvm_resample_fd_list =
 QLIST_HEAD_INITIALIZER(kvm_resample_fd_list);
 
-#define kvm_slots_lock(kml)  qemu_mutex_lock(&(kml)->slots_lock)
-#define kvm_slots_unlock(kml)qemu_mutex_unlock(&(kml)->slots_lock)
+static QemuMutex kml_slots_lock;
+
+#define kvm_slots_lock()qemu_mutex_lock(_slots_lock)
+#define kvm_slots_unlock()  qemu_mutex_unlock(_slots_lock)
 
 static inline void kvm_resample_fd_remove(int gsi)
 {
@@ -239,9 +241,9 @@ bool kvm_has_free_slot(MachineState *ms)
 bool result;
 KVMMemoryListener *kml = >memory_listener;
 
-kvm_slots_lock(kml);
+kvm_slots_lock();
 result = !!kvm_get_free_slot(kml);
-kvm_slots_unlock(kml);
+kvm_slots_unlock();
 
 return result;
 }
@@ -307,7 +309,7 @@ int kvm_physical_memory_addr_from_host(KVMState *s, void 
*ram,
 KVMMemoryListener *kml = >memory_listener;
 int i, ret = 0;
 
-kvm_slots_lock(kml);
+kvm_slots_lock();
 for (i = 0; i < s->nr_slots; i++) {
 KVMSlot *mem = >slots[i];
 
@@ -317,7 +319,7 @@ int kvm_physical_memory_addr_from_host(KVMState *s, void 
*ram,
 break;
 }
 }
-kvm_slots_unlock(kml);
+kvm_slots_unlock();
 
 return ret;
 }
@@ -513,7 +515,7 @@ static int kvm_section_update_flags(KVMMemoryListener *kml,
 return 0;
 }
 
-kvm_slots_lock(kml);
+kvm_slots_lock();
 
 while (size && !ret) {
 slot_size = MIN(kvm_max_slot_size, size);
@@ -529,7 +531,7 @@ static int kvm_section_update_flags(KVMMemoryListener *kml,
 }
 
 out:
-kvm_slots_unlock(kml);
+kvm_slots_unlock();
 return ret;
 }
 
@@ -810,7 +812,7 @@ static int kvm_physical_log_clear(KVMMemoryListener *kml,
 return ret;
 }
 
-kvm_slots_lock(kml);
+kvm_slots_lock();
 
 for (i = 0; i < s->nr_slots; i++) {
 mem = >slots[i];
@@ -836,7 +838,7 @@ static int kvm_physical_log_clear(KVMMemoryListener *kml,
 }
 }
 
-kvm_slots_unlock(kml);
+kvm_slots_unlock();
 
 return ret;
 }
@@ -1141,7 +1143,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
 ram = memory_region_get_ram_ptr(mr) + section->offset_within_region +
   (start_addr - section->offset_within_address_space);
 
-kvm_slots_lock(kml);
+kvm_slots_lock();
 
 if (!add) {
 do {
@@ -1199,7 +1201,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
 } while (size);
 
 out:
-kvm_slots_unlock(kml);
+kvm_slots_unlock();
 }
 
 static void kvm_region_add(MemoryListener *listener,
@@ -1226,9 +1228,9 @@ static void kvm_log_sync(MemoryListener *listener,
 KVMMemoryListener *kml = container_of(listener, KVMMemoryListener, 
listener);
 int r;
 
-kvm_slots_lock(kml);
+kvm_slots_lock();
 r = kvm_physical_sync_dirty_bitmap(kml, section);
-kvm_slots_unlock(kml);
+kvm_slots_unlock();
 if (r < 0) {
 abort();
 }
@@ -1328,7 +1330,6 @@ void kvm_memory_listener_register(KVMState *s, 
KVMMemoryListener *kml,
 {
 int i;
 
-qemu_mutex_init(>slots_lock);
 kml->slots = g_malloc0(s->nr_slots * sizeof(KVMSlot));
 kml->as_id = as_id;
 
@@ -2001,6 +2002,8 @@ static int kvm_init(MachineState *ms)
 int type = 0;
 uint64_t dirty_log_manual_caps;
 
+qemu_mutex_init(_slots_lock);
+
 s = KVM_STATE(ms->accelerator);
 
 /*
diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h
index ccb8869f01..1da30e1884 100644
--- a/include/sysemu/kvm_int.h
+++ b/include/sysemu/kvm_int.h
@@ -27,8 +27,6 @@ typedef struct KVMSlot
 
 typedef struct KVMMemoryListener {
 MemoryListener listener;
-/* Protects the slots and all inside them */
-QemuMutex slots_lock;
 KVMSlot *slots;
 int as_id;
 } KVMMemoryListener;
-- 
2.31.1

[PULL 10/26] memory: Introduce log_sync_global() to memory listener

From: Peter Xu 

Some of the memory listener may want to do log synchronization without
being able to specify a range of memory to sync but always globally.
Such a memory listener should provide this new method instead of the
log_sync() method.

Obviously we can also achieve similar thing when we put the global
sync logic into a log_sync() handler. However that's not efficient
enough because otherwise memory_global_dirty_log_sync() may do the
global sync N times, where N is the number of flat ranges in the
address space.

Make this new method be exclusive to log_sync().

Reviewed-by: Dr. David Alan Gilbert 
Signed-off-by: Peter Xu 
Message-Id: <20210506160549.130416-2-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 include/exec/memory.h | 12 
 softmmu/memory.c  | 33 +++--
 2 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index c8b9088924..e38b7e3dce 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -616,6 +616,18 @@ struct MemoryListener {
  */
 void (*log_sync)(MemoryListener *listener, MemoryRegionSection *section);
 
+/**
+ * @log_sync_global:
+ *
+ * This is the global version of @log_sync when the listener does
+ * not have a way to synchronize the log with finer granularity.
+ * When the listener registers with @log_sync_global defined, then
+ * its @log_sync must be NULL.  Vice versa.
+ *
+ * @listener: The #MemoryListener.
+ */
+void (*log_sync_global)(MemoryListener *listener);
+
 /**
  * @log_clear:
  *
diff --git a/softmmu/memory.c b/softmmu/memory.c
index 3bb533c0bc..c19b0be6b1 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -2055,6 +2055,10 @@ void memory_region_set_dirty(MemoryRegion *mr, hwaddr 
addr,
 memory_region_get_dirty_log_mask(mr));
 }
 
+/*
+ * If memory region `mr' is NULL, do global sync.  Otherwise, sync
+ * dirty bitmap for the specified memory region.
+ */
 static void memory_region_sync_dirty_bitmap(MemoryRegion *mr)
 {
 MemoryListener *listener;
@@ -2068,18 +2072,24 @@ static void 
memory_region_sync_dirty_bitmap(MemoryRegion *mr)
  * address space once.
  */
 QTAILQ_FOREACH(listener, _listeners, link) {
-if (!listener->log_sync) {
-continue;
-}
-as = listener->address_space;
-view = address_space_get_flatview(as);
-FOR_EACH_FLAT_RANGE(fr, view) {
-if (fr->dirty_log_mask && (!mr || fr->mr == mr)) {
-MemoryRegionSection mrs = section_from_flat_range(fr, view);
-listener->log_sync(listener, );
+if (listener->log_sync) {
+as = listener->address_space;
+view = address_space_get_flatview(as);
+FOR_EACH_FLAT_RANGE(fr, view) {
+if (fr->dirty_log_mask && (!mr || fr->mr == mr)) {
+MemoryRegionSection mrs = section_from_flat_range(fr, 
view);
+listener->log_sync(listener, );
+}
 }
+flatview_unref(view);
+} else if (listener->log_sync_global) {
+/*
+ * No matter whether MR is specified, what we can do here
+ * is to do a global sync, because we are not capable to
+ * sync in a finer granularity.
+ */
+listener->log_sync_global(listener);
 }
-flatview_unref(view);
 }
 }
 
@@ -2767,6 +2777,9 @@ void memory_listener_register(MemoryListener *listener, 
AddressSpace *as)
 {
 MemoryListener *other = NULL;
 
+/* Only one of them can be defined for a listener */
+assert(!(listener->log_sync && listener->log_sync_global));
+
 listener->address_space = as;
 if (QTAILQ_EMPTY(_listeners)
 || listener->priority >= QTAILQ_LAST(_listeners)->priority) {
-- 
2.31.1

[PULL 00/26] Misc patches for 2021-05-20

The following changes since commit 15e147b3c778f9f4c08c79b99747b848b6e2117b:

  Merge remote-tracking branch 'remotes/nvme/tags/nvme-next-pull-request' into 
staging (2021-05-18 12:22:16 +0100)

are available in the Git repository at:

  https://gitlab.com/bonzini/qemu.git tags/tags/for-upstream-v2

for you to fetch changes up to 976551ba504a3284f9ab9862d9434b422c6841a1:

  scsi-generic: pass max_segments via max_iov field in BlockLimits (2021-05-18 
17:51:15 +0200)


* submodule cleanups (Philippe, myself)
* tiny step towards a usable preconfig mode (myself)
* bump Meson submodule (myself)
* Kconfig and LOCK_GUARD cleanups (philippe)
* new x86 CPUID feature (Yang Zhong)
* "-object qtest" support (myself)
* Dirty ring support for KVM (Peter)
* Fixes for 6.0 command line parsing breakage (myself)
* Fix for macOS 11.3 SDK (Katsuhiro)
* Fix for scsi-generic handling (myself)


Katsuhiro Ueno (1):
  meson: Set implicit_include_directories to false

Paolo Bonzini (11):
  configure: check for submodules if --with-git-submodules=ignore
  configure: simplify assignment to GIT_SUBMODULES
  meson: bump submodule to 0.57.2
  object: add more commands to preconfig mode
  qtest: add a QOM object for qtest
  KVM: do not allow setting properties at runtime
  remove qemu-options* from root directory
  replication: move include out of root directory
  vl: allow not specifying size in -m when using -M memory-backend
  qemu-config: load modules when instantiating option groups
  scsi-generic: pass max_segments via max_iov field in BlockLimits

Peter Xu (10):
  memory: Introduce log_sync_global() to memory listener
  KVM: Use a big lock to replace per-kml slots_lock
  KVM: Create the KVMSlot dirty bitmap on flag changes
  KVM: Provide helper to get kvm dirty log
  KVM: Provide helper to sync dirty bitmap from slot to ramblock
  KVM: Simplify dirty log sync in kvm_set_phys_mem
  KVM: Cache kvm slot dirty bitmap size
  KVM: Add dirty-ring-size property
  KVM: Disable manual dirty log when dirty ring enabled
  KVM: Dirty ring support

Philippe Mathieu-Daudé (3):
  configure: Only clone softfloat-3 repositories if TCG is enabled
  hw/mem/nvdimm: Use Kconfig 'imply' instead of 'depends on'
  tests/qtest/fuzz: Fix build failure

Yang Zhong (1):
  i386/cpu: Expose AVX_VNNI instruction to guest

 Makefile  |   2 +
 accel/kvm/kvm-all.c   | 615 ++
 accel/kvm/trace-events|   7 +
 block/file-posix.c|   3 +-
 block/replication.c   |   2 +-
 configure |  67 ++-
 default-configs/devices/ppc64-softmmu.mak |   1 -
 hmp-commands.hx   |   2 +
 hw/arm/Kconfig|   1 +
 hw/i386/Kconfig   |   1 +
 hw/mem/Kconfig|   2 -
 hw/ppc/Kconfig|   1 +
 hw/scsi/scsi-generic.c|   6 +-
 replication.h => include/block/replication.h  |   4 +-
 include/exec/memory.h |  12 +
 include/hw/core/cpu.h |   7 +
 include/qemu/config-file.h|   2 +-
 qemu-options.h => include/qemu/qemu-options.h |   9 +-
 include/sysemu/kvm_int.h  |   7 +-
 meson |   2 +-
 meson.build   |   1 +
 migration/colo.c  |   2 +-
 os-posix.c|   2 +-
 os-win32.c|   1 -
 qapi/qom.json |  23 +-
 qemu-options-wrapper.h|  40 --
 qemu-options.hx   |  16 +
 replication.c |   2 +-
 softmmu/memory.c  |  33 +-
 softmmu/qtest.c   | 185 +++-
 softmmu/vl.c  |  52 ++-
 stubs/meson.build |   1 +
 stubs/module-opts.c   |   6 +
 target/i386/cpu.c |   4 +-
 target/i386/cpu.h |   2 +
 tests/qtest/fuzz/fuzz.c   |   1 +
 tests/unit/test-replication.c |   2 +-
 util/qemu-config.c|   1 +
 38 files changed, 908 insertions(+), 219 deletions(-)
 rename replication.h => include/block/replication.h (98%)
 rename qemu-options.h => include/qemu/qemu-options.h (88%)
 delete mode 100644 qemu-options-wrapper.h
 create mode 100644 stubs/module-opts.c
-- 
2.31.1

[PULL 04/26] hw/mem/nvdimm: Use Kconfig 'imply' instead of 'depends on'

From: Philippe Mathieu-Daudé 

Per the kconfig.rst:

  A device should be listed [...] ``imply`` if (depending on
  the QEMU command line) the board may or  may not be started
  without it.

This is the case with the NVDIMM device, so use the 'imply'
weak reverse dependency to select the symbol.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20210511155354.3069141-2-phi...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 default-configs/devices/ppc64-softmmu.mak | 1 -
 hw/arm/Kconfig| 1 +
 hw/i386/Kconfig   | 1 +
 hw/mem/Kconfig| 2 --
 hw/ppc/Kconfig| 1 +
 5 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/default-configs/devices/ppc64-softmmu.mak 
b/default-configs/devices/ppc64-softmmu.mak
index ae0841fa3a..cca52665d9 100644
--- a/default-configs/devices/ppc64-softmmu.mak
+++ b/default-configs/devices/ppc64-softmmu.mak
@@ -8,4 +8,3 @@ CONFIG_POWERNV=y
 
 # For pSeries
 CONFIG_PSERIES=y
-CONFIG_NVDIMM=y
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index b887f6a5b1..67723d9ea6 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -6,6 +6,7 @@ config ARM_VIRT
 imply VFIO_PLATFORM
 imply VFIO_XGMAC
 imply TPM_TIS_SYSBUS
+imply NVDIMM
 select ARM_GIC
 select ACPI
 select ARM_SMMUV3
diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
index 7f91f30877..66838fa397 100644
--- a/hw/i386/Kconfig
+++ b/hw/i386/Kconfig
@@ -23,6 +23,7 @@ config PC
 imply TPM_TIS_ISA
 imply VGA_PCI
 imply VIRTIO_VGA
+imply NVDIMM
 select FDC
 select I8259
 select I8254
diff --git a/hw/mem/Kconfig b/hw/mem/Kconfig
index a0ef2cf648..8b19fdc49f 100644
--- a/hw/mem/Kconfig
+++ b/hw/mem/Kconfig
@@ -7,6 +7,4 @@ config MEM_DEVICE
 
 config NVDIMM
 bool
-default y
-depends on (PC || PSERIES || ARM_VIRT)
 select MEM_DEVICE
diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index e51e0e5e5a..66e0b15d9e 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -3,6 +3,7 @@ config PSERIES
 imply PCI_DEVICES
 imply TEST_DEVICES
 imply VIRTIO_VGA
+imply NVDIMM
 select DIMM
 select PCI
 select SPAPR_VSCSI
-- 
2.31.1

[PULL 26/26] scsi-generic: pass max_segments via max_iov field in BlockLimits

I/O to a disk via read/write is not limited by the number of segments allowed
by the host adapter; the kernel can split requests if needed, and the limit
imposed by the host adapter can be very low (256k or so) to avoid that SG_IO
returns EINVAL if memory is heavily fragmented.

Since this value is only interesting for SG_IO-based I/O, do not include
it in the max_transfer and only take it into account when patching the
block limits VPD page in the scsi-generic device.

Signed-off-by: Paolo Bonzini 
---
 block/file-posix.c | 3 +--
 hw/scsi/scsi-generic.c | 6 --
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/block/file-posix.c b/block/file-posix.c
index 10b71d9a13..59c889d5a7 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -1228,8 +1228,7 @@ static void raw_refresh_limits(BlockDriverState *bs, 
Error **errp)
 
 ret = sg_get_max_segments(s->fd);
 if (ret > 0) {
-bs->bl.max_transfer = MIN(bs->bl.max_transfer,
-  ret * qemu_real_host_page_size);
+bs->bl.max_iov = ret;
 }
 }
 
diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
index 98c30c5d5c..82e1e2ee79 100644
--- a/hw/scsi/scsi-generic.c
+++ b/hw/scsi/scsi-generic.c
@@ -179,10 +179,12 @@ static void scsi_handle_inquiry_reply(SCSIGenericReq *r, 
SCSIDevice *s)
 (r->req.cmd.buf[1] & 0x01)) {
 page = r->req.cmd.buf[2];
 if (page == 0xb0) {
-uint32_t max_transfer =
-blk_get_max_transfer(s->conf.blk) / s->blocksize;
+uint32_t max_transfer = blk_get_max_transfer(s->conf.blk);
+uint32_t max_iov = blk_get_max_iov(s->conf.blk);
 
 assert(max_transfer);
+max_transfer = MIN_NON_ZERO(max_transfer, max_iov * 
qemu_real_host_page_size)
+/ s->blocksize;
 stl_be_p(>buf[8], max_transfer);
 /* Also take care of the opt xfer len. */
 stl_be_p(>buf[12],
-- 
2.31.1

[PULL 13/26] KVM: Provide helper to get kvm dirty log

From: Peter Xu 

Provide a helper kvm_slot_get_dirty_log() to make the function
kvm_physical_sync_dirty_bitmap() clearer.  We can even cache the as_id
into KVMSlot when it is created, so that we don't even need to pass it
down every time.

Since at it, remove return value of kvm_physical_sync_dirty_bitmap()
because it should never fail.

Signed-off-by: Peter Xu 
Message-Id: <20210506160549.130416-5-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c  | 52 +++-
 include/sysemu/kvm_int.h |  2 ++
 2 files changed, 32 insertions(+), 22 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 5bc40fd71b..caaa2a5c98 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -615,6 +615,30 @@ static void kvm_slot_init_dirty_bitmap(KVMSlot *mem)
 mem->dirty_bmap = g_malloc0(bitmap_size);
 }
 
+/*
+ * Sync dirty bitmap from kernel to KVMSlot.dirty_bmap, return true if
+ * succeeded, false otherwise
+ */
+static bool kvm_slot_get_dirty_log(KVMState *s, KVMSlot *slot)
+{
+struct kvm_dirty_log d = {};
+int ret;
+
+d.dirty_bitmap = slot->dirty_bmap;
+d.slot = slot->slot | (slot->as_id << 16);
+ret = kvm_vm_ioctl(s, KVM_GET_DIRTY_LOG, );
+
+if (ret == -ENOENT) {
+/* kernel does not have dirty bitmap in this slot */
+ret = 0;
+}
+if (ret) {
+error_report_once("%s: KVM_GET_DIRTY_LOG failed with %d",
+  __func__, ret);
+}
+return ret == 0;
+}
+
 /**
  * kvm_physical_sync_dirty_bitmap - Sync dirty bitmap from kernel space
  *
@@ -626,15 +650,13 @@ static void kvm_slot_init_dirty_bitmap(KVMSlot *mem)
  * @kml: the KVM memory listener object
  * @section: the memory section to sync the dirty bitmap with
  */
-static int kvm_physical_sync_dirty_bitmap(KVMMemoryListener *kml,
-  MemoryRegionSection *section)
+static void kvm_physical_sync_dirty_bitmap(KVMMemoryListener *kml,
+   MemoryRegionSection *section)
 {
 KVMState *s = kvm_state;
-struct kvm_dirty_log d = {};
 KVMSlot *mem;
 hwaddr start_addr, size;
 hwaddr slot_size, slot_offset = 0;
-int ret = 0;
 
 size = kvm_align_section(section, _addr);
 while (size) {
@@ -644,19 +666,10 @@ static int 
kvm_physical_sync_dirty_bitmap(KVMMemoryListener *kml,
 mem = kvm_lookup_matching_slot(kml, start_addr, slot_size);
 if (!mem) {
 /* We don't have a slot if we want to trap every access. */
-goto out;
+return;
 }
 
-d.dirty_bitmap = mem->dirty_bmap;
-d.slot = mem->slot | (kml->as_id << 16);
-ret = kvm_vm_ioctl(s, KVM_GET_DIRTY_LOG, );
-if (ret == -ENOENT) {
-/* kernel does not have dirty bitmap in this slot */
-ret = 0;
-} else if (ret < 0) {
-error_report("ioctl KVM_GET_DIRTY_LOG failed: %d", errno);
-goto out;
-} else {
+if (kvm_slot_get_dirty_log(s, mem)) {
 subsection.offset_within_region += slot_offset;
 subsection.size = int128_make64(slot_size);
 kvm_get_dirty_pages_log_range(, d.dirty_bitmap);
@@ -666,8 +679,6 @@ static int kvm_physical_sync_dirty_bitmap(KVMMemoryListener 
*kml,
 start_addr += slot_size;
 size -= slot_size;
 }
-out:
-return ret;
 }
 
 /* Alignment requirement for KVM_CLEAR_DIRTY_LOG - 64 pages */
@@ -1179,6 +1190,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
 do {
 slot_size = MIN(kvm_max_slot_size, size);
 mem = kvm_alloc_slot(kml);
+mem->as_id = kml->as_id;
 mem->memory_size = slot_size;
 mem->start_addr = start_addr;
 mem->ram = ram;
@@ -1221,14 +1233,10 @@ static void kvm_log_sync(MemoryListener *listener,
  MemoryRegionSection *section)
 {
 KVMMemoryListener *kml = container_of(listener, KVMMemoryListener, 
listener);
-int r;
 
 kvm_slots_lock();
-r = kvm_physical_sync_dirty_bitmap(kml, section);
+kvm_physical_sync_dirty_bitmap(kml, section);
 kvm_slots_unlock();
-if (r < 0) {
-abort();
-}
 }
 
 static void kvm_log_clear(MemoryListener *listener,
diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h
index 1da30e1884..e13075f738 100644
--- a/include/sysemu/kvm_int.h
+++ b/include/sysemu/kvm_int.h
@@ -23,6 +23,8 @@ typedef struct KVMSlot
 int old_flags;
 /* Dirty bitmap cache for the slot */
 unsigned long *dirty_bmap;
+/* Cache of the address space ID */
+int as_id;
 } KVMSlot;
 
 typedef struct KVMMemoryListener {
-- 
2.31.1

[PULL 20/26] tests/qtest/fuzz: Fix build failure

From: Philippe Mathieu-Daudé 

On Fedora 32, using clang (version 10.0.1-3.fc32) we get:

  tests/qtest/fuzz/fuzz.c:237:5: error: implicit declaration of function 
'qemu_init' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
  qemu_init(result.we_wordc, result.we_wordv, NULL);
  ^

qemu_init() is declared in "sysemu/sysemu.h", include this
header to fix.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20210513162008.393-1-phi...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 tests/qtest/fuzz/fuzz.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index 04b70e114b..5f77c84983 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -16,6 +16,7 @@
 #include 
 
 #include "qemu/datadir.h"
+#include "sysemu/sysemu.h"
 #include "sysemu/qtest.h"
 #include "sysemu/runstate.h"
 #include "qemu/main-loop.h"
-- 
2.31.1

Re: [PULL 00/26] Misc patches for 2021-05-20

2021-05-20 Thread no-reply

Patchew URL: 
https://patchew.org/QEMU/20210520082257.187061-1-pbonz...@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20210520082257.187061-1-pbonz...@redhat.com
Subject: [PULL 00/26] Misc patches for 2021-05-20

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]  patchew/20210519163448.2154339-1-phi...@redhat.com -> 
patchew/20210519163448.2154339-1-phi...@redhat.com
 * [new tag] patchew/20210520082257.187061-1-pbonz...@redhat.com -> 
patchew/20210520082257.187061-1-pbonz...@redhat.com
Switched to a new branch 'test'
fd40ea5 scsi-generic: pass max_segments via max_iov field in BlockLimits
37a6979 qemu-config: load modules when instantiating option groups
32b94da vl: allow not specifying size in -m when using -M memory-backend
675997a replication: move include out of root directory
2e3973b remove qemu-options* from root directory
5d724e9 meson: Set implicit_include_directories to false
ecc742f tests/qtest/fuzz: Fix build failure
3e04412 KVM: Dirty ring support
a954451 KVM: Disable manual dirty log when dirty ring enabled
24a98e2 KVM: Add dirty-ring-size property
589af7b KVM: Cache kvm slot dirty bitmap size
73442ac KVM: Simplify dirty log sync in kvm_set_phys_mem
53278ea KVM: Provide helper to sync dirty bitmap from slot to ramblock
ea3b6f9 KVM: Provide helper to get kvm dirty log
51d5550 KVM: Create the KVMSlot dirty bitmap on flag changes
c834893 KVM: Use a big lock to replace per-kml slots_lock
1f2cf76 memory: Introduce log_sync_global() to memory listener
d92fe4b KVM: do not allow setting properties at runtime
75d0f51 qtest: add a QOM object for qtest
50a63a3 object: add more commands to preconfig mode
5681fd8 meson: bump submodule to 0.57.2
3838574 i386/cpu: Expose AVX_VNNI instruction to guest
a531870 hw/mem/nvdimm: Use Kconfig 'imply' instead of 'depends on'
8431b7a configure: simplify assignment to GIT_SUBMODULES
f35bc5c configure: check for submodules if --with-git-submodules=ignore
dad7063 configure: Only clone softfloat-3 repositories if TCG is enabled

=== OUTPUT BEGIN ===
1/26 Checking commit dad70637e0bc (configure: Only clone softfloat-3 
repositories if TCG is enabled)
2/26 Checking commit f35bc5c7fde4 (configure: check for submodules if 
--with-git-submodules=ignore)
3/26 Checking commit 8431b7a87054 (configure: simplify assignment to 
GIT_SUBMODULES)
4/26 Checking commit a531870aa3c8 (hw/mem/nvdimm: Use Kconfig 'imply' instead 
of 'depends on')
5/26 Checking commit 3838574cd38d (i386/cpu: Expose AVX_VNNI instruction to 
guest)
6/26 Checking commit 5681fd804f8f (meson: bump submodule to 0.57.2)
7/26 Checking commit 50a63a3492af (object: add more commands to preconfig mode)
8/26 Checking commit 75d0f5167f5b (qtest: add a QOM object for qtest)
9/26 Checking commit d92fe4b72972 (KVM: do not allow setting properties at 
runtime)
ERROR: line over 90 characters
#33: FILE: accel/kvm/kvm-all.c:3115:
+error_setg(errp, "Cannot set properties after the accelerator has been 
initialized");

ERROR: line over 90 characters
#45: FILE: accel/kvm/kvm-all.c:3134:
+error_setg(errp, "Cannot set properties after the accelerator has been 
initialized");

total: 2 errors, 0 warnings, 37 lines checked

Patch 9/26 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

10/26 Checking commit 1f2cf76b0ea0 (memory: Introduce log_sync_global() to 
memory listener)
11/26 Checking commit c8348939ca12 (KVM: Use a big lock to replace per-kml 
slots_lock)
12/26 Checking commit 51d55505d416 (KVM: Create the KVMSlot dirty bitmap on 
flag changes)
13/26 Checking commit ea3b6f9db553 (KVM: Provide helper to get kvm dirty log)
14/26 Checking commit 53278ea4368f (KVM: Provide helper to sync dirty bitmap 
from slot to ramblock)
15/26 Checking commit 73442acd2e96 (KVM: Simplify dirty log sync in 
kvm_set_phys_mem)
16/26 Checking commit 589af7b254d2 (KVM: Cache kvm slot dirty bitmap size)
17/26 Checking commit 24a98e28b284 (KVM: Add dirty-ring-size property)
ERROR: line over 90 characters
#59: FILE: accel/kvm/kvm-all.c:3206:
+error_setg(errp, "Cannot set properties after the accelerator has been 
initialized");

total: 1 errors, 0 warnings, 94 lines checked

Patch 17/26 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

18/26 Checking commit a954451955ef (KVM: Disable manual dirty log when dirty 
ring enabled)
19/26 Checking commit 3e04412f7670 (KVM: Dirty ring support)
WARNING: line over 80 characters
#451:

Re: [PATCH v12 4/8] arm64: kvm: Introduce MTE VM feature

2021-05-20 Thread Marc Zyngier

On Wed, 19 May 2021 11:48:21 +0100,
Steven Price  wrote:
> 
> On 17/05/2021 17:45, Marc Zyngier wrote:
> > On Mon, 17 May 2021 13:32:35 +0100,
> > Steven Price  wrote:
> >>
> >> Add a new VM feature 'KVM_ARM_CAP_MTE' which enables memory tagging
> >> for a VM. This will expose the feature to the guest and automatically
> >> tag memory pages touched by the VM as PG_mte_tagged (and clear the tag
> >> storage) to ensure that the guest cannot see stale tags, and so that
> >> the tags are correctly saved/restored across swap.
> >>
> >> Actually exposing the new capability to user space happens in a later
> >> patch.
> > 
> > uber nit in $SUBJECT: "KVM: arm64:" is the preferred prefix (just like
> > patches 7 and 8).
> 
> Good spot - I obviously got carried away with the "arm64:" prefix ;)
> 
> >>
> >> Signed-off-by: Steven Price 
> >> ---
> >>  arch/arm64/include/asm/kvm_emulate.h |  3 +++
> >>  arch/arm64/include/asm/kvm_host.h|  3 +++
> >>  arch/arm64/kvm/hyp/exception.c   |  3 ++-
> >>  arch/arm64/kvm/mmu.c | 37 +++-
> >>  arch/arm64/kvm/sys_regs.c|  3 +++
> >>  include/uapi/linux/kvm.h |  1 +
> >>  6 files changed, 48 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/arch/arm64/include/asm/kvm_emulate.h 
> >> b/arch/arm64/include/asm/kvm_emulate.h
> >> index f612c090f2e4..6bf776c2399c 100644
> >> --- a/arch/arm64/include/asm/kvm_emulate.h
> >> +++ b/arch/arm64/include/asm/kvm_emulate.h
> >> @@ -84,6 +84,9 @@ static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu)
> >>if (cpus_have_const_cap(ARM64_MISMATCHED_CACHE_TYPE) ||
> >>vcpu_el1_is_32bit(vcpu))
> >>vcpu->arch.hcr_el2 |= HCR_TID2;
> >> +
> >> +  if (kvm_has_mte(vcpu->kvm))
> >> +  vcpu->arch.hcr_el2 |= HCR_ATA;
> >>  }
> >>  
> >>  static inline unsigned long *vcpu_hcr(struct kvm_vcpu *vcpu)
> >> diff --git a/arch/arm64/include/asm/kvm_host.h 
> >> b/arch/arm64/include/asm/kvm_host.h
> >> index 7cd7d5c8c4bc..afaa5333f0e4 100644
> >> --- a/arch/arm64/include/asm/kvm_host.h
> >> +++ b/arch/arm64/include/asm/kvm_host.h
> >> @@ -132,6 +132,8 @@ struct kvm_arch {
> >>  
> >>u8 pfr0_csv2;
> >>u8 pfr0_csv3;
> >> +  /* Memory Tagging Extension enabled for the guest */
> >> +  bool mte_enabled;
> >>  };
> >>  
> >>  struct kvm_vcpu_fault_info {
> >> @@ -769,6 +771,7 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu);
> >>  #define kvm_arm_vcpu_sve_finalized(vcpu) \
> >>((vcpu)->arch.flags & KVM_ARM64_VCPU_SVE_FINALIZED)
> >>  
> >> +#define kvm_has_mte(kvm) (system_supports_mte() && 
> >> (kvm)->arch.mte_enabled)
> >>  #define kvm_vcpu_has_pmu(vcpu)\
> >>(test_bit(KVM_ARM_VCPU_PMU_V3, (vcpu)->arch.features))
> >>  
> >> diff --git a/arch/arm64/kvm/hyp/exception.c 
> >> b/arch/arm64/kvm/hyp/exception.c
> >> index 73629094f903..56426565600c 100644
> >> --- a/arch/arm64/kvm/hyp/exception.c
> >> +++ b/arch/arm64/kvm/hyp/exception.c
> >> @@ -112,7 +112,8 @@ static void enter_exception64(struct kvm_vcpu *vcpu, 
> >> unsigned long target_mode,
> >>new |= (old & PSR_C_BIT);
> >>new |= (old & PSR_V_BIT);
> >>  
> >> -  // TODO: TCO (if/when ARMv8.5-MemTag is exposed to guests)
> >> +  if (kvm_has_mte(vcpu->kvm))
> >> +  new |= PSR_TCO_BIT;
> >>  
> >>new |= (old & PSR_DIT_BIT);
> >>  
> >> diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
> >> index c5d1f3c87dbd..8660f6a03f51 100644
> >> --- a/arch/arm64/kvm/mmu.c
> >> +++ b/arch/arm64/kvm/mmu.c
> >> @@ -822,6 +822,31 @@ transparent_hugepage_adjust(struct kvm_memory_slot 
> >> *memslot,
> >>return PAGE_SIZE;
> >>  }
> >>  
> >> +static int sanitise_mte_tags(struct kvm *kvm, unsigned long size,
> >> +   kvm_pfn_t pfn)
> > 
> > Nit: please order the parameters as address, then size.
> 
> Sure
> 
> >> +{
> >> +  if (kvm_has_mte(kvm)) {
> >> +  /*
> >> +   * The page will be mapped in stage 2 as Normal Cacheable, so
> >> +   * the VM will be able to see the page's tags and therefore
> >> +   * they must be initialised first. If PG_mte_tagged is set,
> >> +   * tags have already been initialised.
> >> +   */
> >> +  unsigned long i, nr_pages = size >> PAGE_SHIFT;
> >> +  struct page *page = pfn_to_online_page(pfn);
> >> +
> >> +  if (!page)
> >> +  return -EFAULT;
> > 
> > Under which circumstances can this happen? We already have done a GUP
> > on the page, so I really can't see how the page can vanish from under
> > our feet.
> 
> It's less about the page vanishing and more that pfn_to_online_page()
> will reject some pages. Specifically in this case we want to reject any
> sort of device memory (e.g. graphics card memory or other memory on the
> end of a bus like PCIe) as it is unlikely to support MTE.

OK. We really never should see this error as we check for device
mappings right before calling this, but I guess it

Re: [RFC PATCH 02/11] hw/ide: Add PCIIDEState::isa_bus link

2021-05-20 Thread Mark Cave-Ayland


On 20/05/2021 09:35, Stefan Hajnoczi wrote:


I realized I don't really understand how ISA IDE and PCI IDE interact in
PIIX3:

- ISA IDE has well-known PIO registers that are always present?

- PCI IDE has the same registers, but the BAR must be mapped and PCI IO
   space access must be enabled?

- ISA IDE has a hardcoded ISA irq number?

- PCI IDE has a normal PCI irq that is routed like any legacy PCI INTx
   irq?

- What combinations of ISA enabled/disabled and PCI enabled/disabled
   need to be supported?


Yeah a lot of this discussion happened several months back in the Pegasos threads, 
but here is my understanding:


- Older legacy PCI devices such as IDE controllers connected via a host containing a 
PCI-ISA bridge can be switched by the guest OS into PCI legacy (also known as 
compatibility mode) via a PCI config space register so that IO space accesses, IRQs 
(and possible DMA?) are done via the ISA bus


- QEMU handles the IO memory accesses fine, since in these cases isa_bus_new() is 
given the IO space by pci_address_space_io(dev) so IO space access generally "just works"


- Currently it is the responsibility of these older PCI devices to determine how they 
have been configured and either use e.g. pci_set_irq() or qemu_raise_irq() on the ISA 
IRQ for interrupts


- Generally ISA IRQs are fixed as per the old AT-style PCs so IDE would be 14/15

My thoughts above were about how to allow a PCIDevice to locate its ISABus if it is 
connected to a bus with a PCI-ISA bridge to potentially allow access to ISA IRQs and 
DMA if configured in PCI legacy mode.



ATB,

Mark.

Re: [PULL 00/48] ppc-for-6.1 queue 20210519

2021-05-20 Thread Peter Maydell

On Wed, 19 May 2021 at 13:52, David Gibson  wrote:
>
> The following changes since commit c313e52e6459de2e9064767083a0c949c476e32b:
>
>   Merge remote-tracking branch 
> 'remotes/vivier2/tags/linux-user-for-6.1-pull-request' into staging 
> (2021-05-18 16:17:22 +0100)
>
> are available in the Git repository at:
>
>   https://gitlab.com/dgibson/qemu.git tags/ppc-for-6.1-20210519
>
> for you to fetch changes up to e543f946856da31c3a7a45ba193f106e042ad907:
>
>   target/ppc: Remove type argument for mmubooke206_get_physical_address 
> (2021-05-19 12:52:07 +1000)
>
> 
> ppc patch queue 2021-05-19
>
> Next set of ppc related patches for qemu-6.1.  Highlights are:
>  * Start of a significant softmmu cleanup from Richard Henderson
>  * Further work towards allowing builds without CONFIG_TCG
>


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/6.1
for any user-visible changes.

-- PMM

[PATCH qemu v20] spapr: Implement Open Firmware client interface

2021-05-20 Thread Alexey Kardashevskiy

The PAPR platform describes an OS environment that's presented by
a combination of a hypervisor and firmware. The features it specifies
require collaboration between the firmware and the hypervisor.

Since the beginning, the runtime component of the firmware (RTAS) has
been implemented as a 20 byte shim which simply forwards it to
a hypercall implemented in qemu. The boot time firmware component is
SLOF - but a build that's specific to qemu, and has always needed to be
updated in sync with it. Even though we've managed to limit the amount
of runtime communication we need between qemu and SLOF, there's some,
and it has become increasingly awkward to handle as we've implemented
new features.

This implements a boot time OF client interface (CI) which is
enabled by a new "x-vof" pseries machine option (stands for "Virtual Open
Firmware). When enabled, QEMU implements the custom H_OF_CLIENT hcall
which implements Open Firmware Client Interface (OF CI). This allows
using a smaller stateless firmware which does not have to manage
the device tree.

The new "vof.bin" firmware image is included with source code under
pc-bios/. It also includes RTAS blob.

This implements a handful of CI methods just to get -kernel/-initrd
working. In particular, this implements the device tree fetching and
simple memory allocator - "claim" (an OF CI memory allocator) and updates
"/memory@0/available" to report the client about available memory.

This implements changing some device tree properties which we know how
to deal with, the rest is ignored. To allow changes, this skips
fdt_pack() when x-vof=on as not packing the blob leaves some room for
appending.

In absence of SLOF, this assigns phandles to device tree nodes to make
device tree traversing work.

When x-vof=on, this adds "/chosen" every time QEMU (re)builds a tree.

This adds basic instances support which are managed by a hash map
ihandle -> [phandle].

Before the guest started, the used memory is:
0..e60 - the initial firmware
8000..1 - stack
40.. - kernel
3ea.. - initramdisk

This OF CI does not implement "interpret".

Unlike SLOF, this does not format uninitialized nvram. Instead, this
includes a disk image with pre-formatted nvram.

With this basic support, this can only boot into kernel directly.
However this is just enough for the petitboot kernel and initradmdisk to
boot from any possible source. Note this requires reasonably recent guest
kernel with:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df5be5be8735

The immediate benefit is much faster booting time which especially
crucial with fully emulated early CPU bring up environments. Also this
may come handy when/if GRUB-in-the-userspace sees light of the day.

This separates VOF and sPAPR in a hope that VOF bits may be reused by
other POWERPC boards which do not support pSeries.

This is coded in assumption that later on we might be adding support for
booting from QEMU backends (blockdev is the first candidate) without
devices/drivers in between as OF1275 does not require that and
it is quite easy to so.

Signed-off-by: Alexey Kardashevskiy
---

The example command line is:

/home/aik/pbuild/qemu-killslof-localhost-ppc64/qemu-system-ppc64 \
-nodefaults \
-chardev stdio,id=STDIO0,signal=off,mux=on \
-device spapr-vty,id=svty0,reg=0x71000110,chardev=STDIO0 \
-mon id=MON0,chardev=STDIO0,mode=readline \
-nographic \
-vga none \
-enable-kvm \
-m 8G \
-machine
pseries,x-vof=on,cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken,cap-ccf-assist=off
\
-kernel pbuild/kernel-le-guest/vmlinux \
-initrd pb/rootfs.cpio.xz \
-drive
id=DRIVE0,if=none,file=./p/qemu-killslof/pc-bios/vof-nvram.bin,format=raw \
-global spapr-nvram.drive=DRIVE0 \
-snapshot \
-smp 8,threads=8 \
-L /home/aik/t/qemu-ppc64-bios/ \
-trace events=qemu_trace_events \
-d guest_errors \
-chardev socket,id=SOCKET0,server,nowait,path=qemu.mon.tmux26 \
-mon chardev=SOCKET0,mode=control

---
Changes:
v20:
* compile vof.bin with -mcpu=power4 for better compatibility
* s/std/stw/ in entry.S to make it work on ppc32
* fixed dt_available property to support both 32 and 64bit
* shuffled prom_args handling code
* do not enforce 32bit in MSR (again, to support 32bit platforms)

v19:
* put bootargs in the FDT
* moved setting properties to a VOF machine hook
* moved fw_size and claim for it to vof_init()
* added CROSS to the VOF's makefile
* simplified phandles assigning
* pass MachineState to all machine hooks instead of calling
qdev_get_machine (following QOM)
* bunch of smaller changes and added comments
* added simple test to attempt to start with x-vof=on

v18:
* fixed top addr (max address for "claim") on radix - it equals to ram_size
and vof->top_addr was uint32_t
* fixed "available" property which got broken in v14 but it is only visible
to clients which care (== grub)
* reshuffled vof_dt_memory_available() calls, added vof_init() to allow
vof_claim() before rendering the FDT

v17:
* mv hw/ppc/vof.h

RE: [PATCH v5 03/13] virtio-gpu: Add udmabuf helpers

2021-05-20 Thread Kasireddy, Vivek

Hi Gerd,
 
> > +#ifdef CONFIG_LINUX
> 
> > +void virtio_gpu_init_udmabuf(struct virtio_gpu_simple_resource *res)
> 
> > +#else
> 
> > +void *virtio_gpu_init_udmabuf(struct virtio_gpu_simple_resource *res)
> > +{
> > +/* nothing (stub) */
> > +return NULL
> > +}
> 
> Fails to build for !linux ...
> 
> You can place the stubs in a file in the stubs/ directory instead.
> They'll be used via weak symbol references instead of #ifdefs then.
[Kasireddy, Vivek] Will do; should I send the whole series (v6) again with this 
and the
other error in patch #10 fixed or just the fixed versions of these specific 
patches?

Sorry for the tangential discussion...
On a completely different topic, I wanted to ask a question on behalf of a 
colleague who
is trying to enable passthrough with virtio-gpu but for a Windows guest. It 
appears the
guest boots only if we specify the option -vga virtio (not sure what happens 
with virtio=std)
as Windows launches a "Microsoft Basic Display Adapter" driver for this VGA 
device 
and Qemu displays the Desktop for this device (via the calls in virtio-vga.c). 
However,
since we only care about virtio-gpu-pci device for which we created a guest 
driver, we 
want to have Qemu display the content/fb from virtio-gpu instead of the vga 
device. 
I see that in set_scanout:

g->parent_obj.enable = 1;
and, then this in virtio-vga.c:

static void virtio_vga_base_update_display(void *opaque)

  VirtIOVGABase *vvga = opaque; 


 VirtIOGPUBase *g = vvga->vgpu; 




   if (g->enable) {
g->hw_ops->gfx_update(g);
} else {
vvga->vga.hw_ops->gfx_update(>vga);
}

Since the parent_obj is different the above code is always going into the else 
part. 
Is the goal here to show the content from virtio-gpu if there is a set_scanout?

The only way we are able to get everything to work as expected is to enable our 
virtio-gpu
guest driver for the VGA device instead of the virtio-gpu PCI device. But we 
are not sure
if this would be OK or not. We don't run into these issues for Linux guests as 
we only 
enable virtio-gpu-pci as we have -vga none. We'd like to the do the same for 
Windows
guests but it looks like it needs the VGA device to be available to boot. So, 
our other
option (as we cannot disable the vga device) is to have Qemu accept content 
only from 
virtio-gpu-pci instead of virtio-vga. Would it make sense to do this? Do you 
think there
is a better way to do what we are trying to do?

Thanks,
Vivek

Re: [PATCH 2/2] Gitlab: Add "Feature Request" issue template.


On 19/05/2021 23.32, John Snow wrote:

Copied from Peter Krempa's libvirt template, feature.md.

CC: Peter Krempa 
Signed-off-by: John Snow 
---
  .gitlab/issue_templates/feature_request.md | 13 +
  1 file changed, 13 insertions(+)
  create mode 100644 .gitlab/issue_templates/feature_request.md

diff --git a/.gitlab/issue_templates/feature_request.md 
b/.gitlab/issue_templates/feature_request.md
new file mode 100644
index 000..26901ff00c4
--- /dev/null
+++ b/.gitlab/issue_templates/feature_request.md
@@ -0,0 +1,13 @@
+## Goal
+


Since some people apparently had wrong expectations when filing a feature 
request in the past, it might be good to add some words about what to 
expect. Maybe something like this (re-using some wording that Daniel already 
added to some tickets in the past IIRC):


 Please note that the QEMU, like most open source projects, relies on 
contributors who have motivation, skills and available time to work on 
implementing particular features. Contributors naturally tend to focus on 
features that result in the greatest benefit to their own use cases. Thus 
the QEMU project doesn't implement new big features (like target 
architectures or board models) on demand based on feature requests here; 
they're a lot of work to do. Instead we simply code-review and incorporate 
new big features as and when people decide to write them and submit the 
patches. So please only submit small requests here. Thanks!


?

 Thomas

Re: [PATCH 1/2] Gitlab: Add "Bug" issue reporting template

2021-05-20 Thread Peter Krempa

On Wed, May 19, 2021 at 17:32:01 -0400, John Snow wrote:
> Based loosely on libvirt's template, written by Peter Krempa.
> 
> CC: Peter Krempa 
> Signed-off-by: John Snow 
> ---
>  .gitlab/issue_templates/bug.md | 52 ++
>  1 file changed, 52 insertions(+)
>  create mode 100644 .gitlab/issue_templates/bug.md
> 
> diff --git a/.gitlab/issue_templates/bug.md b/.gitlab/issue_templates/bug.md
> new file mode 100644
> index 000..3f31b5e4a09
> --- /dev/null
> +++ b/.gitlab/issue_templates/bug.md
> @@ -0,0 +1,52 @@
> +
> +
> +## Host environment
> + - Operating system: 
> + - OS/kernel version: 
> + - Architecture: 
> + - QEMU flavor: 
> + - QEMU version: 

In the libvirt templates we've refrained from mixing lines to be filled
by users and comments. The users might fill in the required data into
the comment and thus it would not show up in the default view.

> + - QEMU command line:
> +   

Same here, if the commandline is put into this example section it will
not be visible unless editing the issue. I'd suggest a single-line
comment including the comment tags ...

> +   ```
> +   Insert command line here.

... and put the example here to make the user edit it.

> +   ```
> +
> +## Emulated/Virtualized environment
> + - Operating system: 
> + - OS/kernel version: 
> + - Architecture: 
> +
> +
> +## Description of problem
> +
> +
> +## Steps to reproduce
> +1.
> +2.
> +3.
> +
> +
> +## Additional information
> +
> +
> +
> +
> +/label ~"kind::Bug"

Unfortunately this doesn't seem to work if the user doesn't have
permission to tag issues, which is the default. I'm considering removing
these in libvirt.

In addition, after committing these you should consider copying this
template into the default issue template, which is set via the
repository settings (it needs to be copied and pasted into a textarea in
the web) as gitlab doesn't have a possibility to pick one of the
templates as a default.

Re: [PULL 00/48] ppc-for-6.1 queue 20210519

2021-05-20 Thread David Gibson

On Wed, May 19, 2021 at 06:46:01AM -0700, no-re...@patchew.org wrote:
> Patchew URL:
> https://patchew.org/QEMU/20210519125148.27720-1-da...@gibson.dropbear.id.au/

So, these style warnings are actually existing style problems just
being triggered in checkpatch by code motion.  Yes we'd like to clean
those up at some point, but holding off this re-org for that is not
worth it.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson

signature.asc
Description: PGP signature

[PATCH] hw/virtio: Document *_should_notify() are called within rcu_read_lock()

2021-05-20 Thread Philippe Mathieu-Daudé

Such comments make reviewing this file somehow easier.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/virtio/virtio.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index e02544b2df7..2b4c6c4b875 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -2449,6 +2449,7 @@ static void virtio_set_isr(VirtIODevice *vdev, int value)
 }
 }
 
+/* Called within rcu_read_lock().  */
 static bool virtio_split_should_notify(VirtIODevice *vdev, VirtQueue *vq)
 {
 uint16_t old, new;
@@ -2485,6 +2486,7 @@ static bool vring_packed_need_event(VirtQueue *vq, bool 
wrap,
 return vring_need_event(off, new, old);
 }
 
+/* Called within rcu_read_lock().  */
 static bool virtio_packed_should_notify(VirtIODevice *vdev, VirtQueue *vq)
 {
 VRingPackedDescEvent e;
-- 
2.26.3

[PATCH v4 02/15] python: qemu: pass the wrapper field from QEMUQtestmachine to QEMUMachine

Reviewed-by: John Snow 
Reviewed-by: Max Reitz 
Signed-off-by: Emanuele Giuseppe Esposito 
---
 python/qemu/qtest.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/python/qemu/qtest.py b/python/qemu/qtest.py
index afea210d9d..e6a8fb5984 100644
--- a/python/qemu/qtest.py
+++ b/python/qemu/qtest.py
@@ -111,6 +111,7 @@ class QEMUQtestMachine(QEMUMachine):
 def __init__(self,
  binary: str,
  args: Sequence[str] = (),
+ wrapper: Sequence[str] = (),
  name: Optional[str] = None,
  test_dir: str = "/var/tmp",
  socket_scm_helper: Optional[str] = None,
@@ -120,7 +121,8 @@ def __init__(self,
 name = "qemu-%d" % os.getpid()
 if sock_dir is None:
 sock_dir = test_dir
-super().__init__(binary, args, name=name, test_dir=test_dir,
+super().__init__(binary, args, wrapper=wrapper, name=name,
+ test_dir=test_dir,
  socket_scm_helper=socket_scm_helper,
  sock_dir=sock_dir, qmp_timer=qmp_timer)
 self._qtest: Optional[QEMUQtestProtocol] = None
-- 
2.30.2

[PATCH v4 04/15] qemu-iotests: add option to attach gdbserver

Define -gdb flag and GDB_OPTIONS environment variable
to python tests to attach a gdbserver to each qemu instance.
This patch only adds and parses this flag, it does not yet add
the implementation for it.

if -gdb is not provided but $GDB_OPTIONS is set, ignore the
environment variable.

Signed-off-by: Emanuele Giuseppe Esposito 
---
 tests/qemu-iotests/check  |  6 +-
 tests/qemu-iotests/iotests.py |  5 +
 tests/qemu-iotests/testenv.py | 19 ---
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
index d1c87ceaf1..b9820fdaaf 100755
--- a/tests/qemu-iotests/check
+++ b/tests/qemu-iotests/check
@@ -33,6 +33,9 @@ def make_argparser() -> argparse.ArgumentParser:
help='pretty print output for make check')
 
 p.add_argument('-d', dest='debug', action='store_true', help='debug')
+p.add_argument('-gdb', action='store_true',
+   help="start gdbserver with $GDB_OPTIONS options \
+('localhost:12345' if $GDB_OPTIONS is empty)")
 p.add_argument('-misalign', action='store_true',
help='misalign memory allocations')
 p.add_argument('--color', choices=['on', 'off', 'auto'],
@@ -112,7 +115,8 @@ if __name__ == '__main__':
 env = TestEnv(imgfmt=args.imgfmt, imgproto=args.imgproto,
   aiomode=args.aiomode, cachemode=args.cachemode,
   imgopts=args.imgopts, misalign=args.misalign,
-  debug=args.debug, valgrind=args.valgrind)
+  debug=args.debug, valgrind=args.valgrind,
+  gdb=args.gdb)
 
 testfinder = TestFinder(test_dir=env.source_iotests)
 
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 5d78de0f0b..d667fde6f8 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -75,6 +75,11 @@
 qemu_prog = os.environ.get('QEMU_PROG', 'qemu')
 qemu_opts = os.environ.get('QEMU_OPTIONS', '').strip().split(' ')
 
+gdb_qemu_env = os.environ.get('GDB_OPTIONS')
+qemu_gdb = []
+if gdb_qemu_env:
+qemu_gdb = ['gdbserver'] + gdb_qemu_env.strip().split(' ')
+
 imgfmt = os.environ.get('IMGFMT', 'raw')
 imgproto = os.environ.get('IMGPROTO', 'file')
 output_dir = os.environ.get('OUTPUT_DIR', '.')
diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py
index 6d27712617..49ddd586ef 100644
--- a/tests/qemu-iotests/testenv.py
+++ b/tests/qemu-iotests/testenv.py
@@ -27,6 +27,7 @@
 import glob
 from typing import Dict, Any, Optional, ContextManager
 
+DEF_GDB_OPTIONS = 'localhost:12345'
 
 def isxfile(path: str) -> bool:
 return os.path.isfile(path) and os.access(path, os.X_OK)
@@ -72,7 +73,8 @@ class TestEnv(ContextManager['TestEnv']):
  'QEMU_NBD_OPTIONS', 'IMGOPTS', 'IMGFMT', 'IMGPROTO',
  'AIOMODE', 'CACHEMODE', 'VALGRIND_QEMU',
  'CACHEMODE_IS_DEFAULT', 'IMGFMT_GENERIC', 'IMGOPTSSYNTAX',
- 'IMGKEYSECRET', 'QEMU_DEFAULT_MACHINE', 'MALLOC_PERTURB_']
+ 'IMGKEYSECRET', 'QEMU_DEFAULT_MACHINE', 'MALLOC_PERTURB_',
+ 'GDB_OPTIONS']
 
 def get_env(self) -> Dict[str, str]:
 env = {}
@@ -163,7 +165,8 @@ def __init__(self, imgfmt: str, imgproto: str, aiomode: str,
  imgopts: Optional[str] = None,
  misalign: bool = False,
  debug: bool = False,
- valgrind: bool = False) -> None:
+ valgrind: bool = False,
+ gdb: bool = False) -> None:
 self.imgfmt = imgfmt
 self.imgproto = imgproto
 self.aiomode = aiomode
@@ -171,6 +174,14 @@ def __init__(self, imgfmt: str, imgproto: str, aiomode: 
str,
 self.misalign = misalign
 self.debug = debug
 
+if gdb:
+self.gdb_options = os.environ.get('GDB_OPTIONS', DEF_GDB_OPTIONS)
+if not self.gdb_options:
+# cover the case 'export GDB_OPTIONS='
+self.gdb_options = DEF_GDB_OPTIONS
+elif 'GDB_OPTIONS' in os.environ:
+del os.environ['GDB_OPTIONS']
+
 if valgrind:
 self.valgrind_qemu = 'y'
 
@@ -269,7 +280,9 @@ def print_env(self) -> None:
 PLATFORM  -- {platform}
 TEST_DIR  -- {TEST_DIR}
 SOCK_DIR  -- {SOCK_DIR}
-SOCKET_SCM_HELPER -- {SOCKET_SCM_HELPER}"""
+SOCKET_SCM_HELPER -- {SOCKET_SCM_HELPER}
+GDB_OPTIONS   -- {GDB_OPTIONS}
+"""
 
 args = collections.defaultdict(str, self.get_env())
 
-- 
2.30.2

[PATCH v4 03/15] docs/devel/testing: add debug section to the QEMU iotests chapter

Introduce the "Debugging a test case" section, in preparation
to the additional flags that will be added in the next patches.

Signed-off-by: Emanuele Giuseppe Esposito 
---
 docs/devel/testing.rst | 8 
 1 file changed, 8 insertions(+)

diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index 1da4c4e4c4..8144e316a4 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -224,6 +224,14 @@ another application on the host may have locked the file, 
possibly leading to a
 test failure.  If using such devices are explicitly desired, consider adding
 ``locking=off`` option to disable image locking.
 
+Debugging a test case
+---
+The following options to the ``check`` script can be useful when debugging
+a failing test:
+
+* ``-d`` (debug) just increases the logging verbosity, showing
+  for example the QMP commands and answers.
+
 Test case groups
 
 
-- 
2.30.2

[PATCH 2/4] migration/rdma: Fix rdma_addrinfo res leaks

rdma_freeaddrinfo() is the reverse operation of rdma_getaddrinfo()

Signed-off-by: Li Zhijian 
---
 migration/rdma.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/migration/rdma.c b/migration/rdma.c
index 7e7595faab..651534e825 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -987,10 +987,12 @@ static int qemu_rdma_resolve_host(RDMAContext *rdma, 
Error **errp)
 }
 }
 
+rdma_freeaddrinfo(res);
 ERROR(errp, "could not resolve address %s", rdma->host);
 goto err_resolve_get_addr;
 
 route:
+rdma_freeaddrinfo(res);
 qemu_rdma_dump_gid("source_resolve_addr", rdma->cm_id);
 
 ret = rdma_get_cm_event(rdma->channel, _event);
@@ -2593,6 +2595,7 @@ static int qemu_rdma_dest_init(RDMAContext *rdma, Error 
**errp)
 break;
 }
 
+rdma_freeaddrinfo(res);
 if (!e) {
 ERROR(errp, "Error: could not rdma_bind_addr!");
 goto err_dest_init_bind_addr;
-- 
2.30.2

[PATCH v4 12/15] qemu-iotests: insert valgrind command line as wrapper for qemu binary

The priority will be given to gdb command line, meaning if the -gdb
parameter and -valgrind are given, gdb will be wrapped around
the qemu binary.

Signed-off-by: Emanuele Giuseppe Esposito 
---
 tests/qemu-iotests/iotests.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index a06284acad..75f1e1711c 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -590,7 +590,8 @@ class VM(qtest.QEMUQtestMachine):
 def __init__(self, path_suffix=''):
 name = "qemu%s-%d" % (path_suffix, os.getpid())
 timer = 15.0 if not (qemu_gdb or qemu_valgrind) else None
-super().__init__(qemu_prog, qemu_opts, wrapper=qemu_gdb,
+wrapper = qemu_gdb if qemu_gdb else qemu_valgrind
+super().__init__(qemu_prog, qemu_opts, wrapper=wrapper,
  name=name,
  test_dir=test_dir,
  socket_scm_helper=socket_scm_helper,
-- 
2.30.2

[PATCH v4 07/15] qemu-iotests: add gdbserver option to script tests too

The only limitation here is that running a script with gdbserver
will make the test output mismatch with the expected
results, making the test fail.

Signed-off-by: Emanuele Giuseppe Esposito 
---
 tests/qemu-iotests/common.rc | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
index 7f49c9716d..f1d5395ff2 100644
--- a/tests/qemu-iotests/common.rc
+++ b/tests/qemu-iotests/common.rc
@@ -166,8 +166,14 @@ _qemu_wrapper()
 if [ -n "${QEMU_NEED_PID}" ]; then
 echo $BASHPID > "${QEMU_TEST_DIR}/qemu-${_QEMU_HANDLE}.pid"
 fi
+
+GDB=""
+if [ ! -z ${GDB_OPTIONS} ]; then
+GDB="gdbserver ${GDB_OPTIONS}"
+fi
+
 VALGRIND_QEMU="${VALGRIND_QEMU_VM}" _qemu_proc_exec 
"${VALGRIND_LOGFILE}" \
-"$QEMU_PROG" $QEMU_OPTIONS "$@"
+$GDB "$QEMU_PROG" $QEMU_OPTIONS "$@"
 )
 RETVAL=$?
 _qemu_proc_valgrind_log "${VALGRIND_LOGFILE}" $RETVAL
-- 
2.30.2

Re: [PATCH v3 5/6] gitlab-ci: Simplify before/after script for Avocado based jobs




Missing patch description. Could you please elaborate why this change is ok?

 Thanks,
  Thomas


On 19/05/2021 20.45, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé 
---
  .gitlab-ci.d/buildtest-template.yml | 7 +--
  1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.d/buildtest-template.yml 
b/.gitlab-ci.d/buildtest-template.yml
index a625c697d3b..f968fa1ad99 100644
--- a/.gitlab-ci.d/buildtest-template.yml
+++ b/.gitlab-ci.d/buildtest-template.yml
@@ -74,7 +74,7 @@
- build/tests/results/latest/test-results
  reports:
junit: build/tests/results/latest/results.xml
-  before_script:
+  script:
  - mkdir -p ~/.config/avocado
  - echo "[datadir.paths]" > ~/.config/avocado/avocado.conf
  - echo "cache_dirs = ['${CI_PROJECT_DIR}/avocado-cache']"
@@ -85,6 +85,9 @@
  du -chs ${CI_PROJECT_DIR}/avocado-cache ;
fi
  - export AVOCADO_ALLOW_UNTRUSTED_CODE=1
-  after_script:
  - cd build
+- find . -type f -exec touch {} +
+# Avoid recompiling by hiding ninja with NINJA=":"
+- $MAKE NINJA=":" $MAKE_CHECK_ARGS
+  after_script:
  - du -chs ${CI_PROJECT_DIR}/avocado-cache

[PATCH v4 09/15] qemu-iotests: extend the check script to support valgrind for python tests

Currently, the check script only parses the option and sets the
VALGRIND_QEMU environmental variable to "y".
Add another local python variable that prepares the command line,
identical to the one provided in the test scripts.

Because the python script does not know in advance the valgring
PID to assign to the log file name, use the "%p" flag in valgrind
log file name that automatically puts the process PID at runtime.

Reviewed-by: Max Reitz 
Signed-off-by: Emanuele Giuseppe Esposito 
---
 tests/qemu-iotests/check  |  7 ---
 tests/qemu-iotests/iotests.py | 11 +++
 tests/qemu-iotests/testenv.py |  1 +
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
index b9820fdaaf..2101cedfe3 100755
--- a/tests/qemu-iotests/check
+++ b/tests/qemu-iotests/check
@@ -36,6 +36,10 @@ def make_argparser() -> argparse.ArgumentParser:
 p.add_argument('-gdb', action='store_true',
help="start gdbserver with $GDB_OPTIONS options \
 ('localhost:12345' if $GDB_OPTIONS is empty)")
+p.add_argument('-valgrind', action='store_true',
+help='use valgrind, sets VALGRIND_QEMU environment '
+'variable')
+
 p.add_argument('-misalign', action='store_true',
help='misalign memory allocations')
 p.add_argument('--color', choices=['on', 'off', 'auto'],
@@ -86,9 +90,6 @@ def make_argparser() -> argparse.ArgumentParser:
 g_bash.add_argument('-o', dest='imgopts',
 help='options to pass to qemu-img create/convert, '
 'sets IMGOPTS environment variable')
-g_bash.add_argument('-valgrind', action='store_true',
-help='use valgrind, sets VALGRIND_QEMU environment '
-'variable')
 
 g_sel = p.add_argument_group('test selecting options',
  'The following options specify test set '
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index c9628e6828..41462a80fc 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -97,6 +97,17 @@
 sys.stderr.write('Please run this test via the "check" script\n')
 sys.exit(os.EX_USAGE)
 
+qemu_valgrind = []
+if os.environ.get('VALGRIND_QEMU') == "y" and \
+os.environ.get('NO_VALGRIND') != "y":
+valgrind_logfile = "--log-file=" + test_dir.strip()
+# %p allows to put the valgrind process PID, since
+# we don't know it a priori (subprocess.Popen is
+# not yet invoked)
+valgrind_logfile += "/%p.valgrind"
+
+qemu_valgrind = ['valgrind', valgrind_logfile, '--error-exitcode=99']
+
 socket_scm_helper = os.environ.get('SOCKET_SCM_HELPER', 'socket_scm_helper')
 
 luks_default_secret_object = 'secret,id=keysec0,data=' + \
diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py
index 49ddd586ef..319d29cb0c 100644
--- a/tests/qemu-iotests/testenv.py
+++ b/tests/qemu-iotests/testenv.py
@@ -282,6 +282,7 @@ def print_env(self) -> None:
 SOCK_DIR  -- {SOCK_DIR}
 SOCKET_SCM_HELPER -- {SOCKET_SCM_HELPER}
 GDB_OPTIONS   -- {GDB_OPTIONS}
+VALGRIND_QEMU -- {VALGRIND_QEMU}
 """
 
 args = collections.defaultdict(str, self.get_env())
-- 
2.30.2

Re: [PATCH v6 11/17] target/riscv: rvb: rotate (left/right)

On Thu, May 6, 2021 at 2:17 AM  wrote:
>
> From: Kito Cheng 
>
> Signed-off-by: Kito Cheng 
> Signed-off-by: Frank Chang 
> Reviewed-by: Richard Henderson 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/insn32.decode  |  6 
>  target/riscv/insn_trans/trans_rvb.c.inc | 39 +
>  target/riscv/translate.c| 36 +++
>  3 files changed, 81 insertions(+)
>
> diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> index 6bc9bbae9e0..71a9a182c01 100644
> --- a/target/riscv/insn32.decode
> +++ b/target/riscv/insn32.decode
> @@ -682,6 +682,8 @@ binv   0110100 .. 001 . 0110011 @r
>  bext   0100100 .. 101 . 0110011 @r
>  slo001 .. 001 . 0110011 @r
>  sro001 .. 101 . 0110011 @r
> +ror011 .. 101 . 0110011 @r
> +rol011 .. 001 . 0110011 @r
>
>  bseti  00101. ... 001 . 0010011 @sh
>  bclri  01001. ... 001 . 0010011 @sh
> @@ -689,6 +691,7 @@ binvi  01101. ... 001 . 0010011 @sh
>  bexti  01001. ... 101 . 0010011 @sh
>  sloi   00100. ... 001 . 0010011 @sh
>  sroi   00100. ... 101 . 0010011 @sh
> +rori   01100. ... 101 . 0010011 @sh
>
>  # *** RV64B Standard Extension (in addition to RV32B) ***
>  clzw   011 0 . 001 . 0011011 @r2
> @@ -703,9 +706,12 @@ binvw  0110100 .. 001 . 0111011 @r
>  bextw  0100100 .. 101 . 0111011 @r
>  slow   001 .. 001 . 0111011 @r
>  srow   001 .. 101 . 0111011 @r
> +rorw   011 .. 101 . 0111011 @r
> +rolw   011 .. 001 . 0111011 @r
>
>  bsetiw 0010100 .. 001 . 0011011 @sh5
>  bclriw 0100100 .. 001 . 0011011 @sh5
>  binviw 0110100 .. 001 . 0011011 @sh5
>  sloiw  001 .. 001 . 0011011 @sh5
>  sroiw  001 .. 101 . 0011011 @sh5
> +roriw  011 .. 101 . 0011011 @sh5
> diff --git a/target/riscv/insn_trans/trans_rvb.c.inc 
> b/target/riscv/insn_trans/trans_rvb.c.inc
> index 28640322c43..429738db155 100644
> --- a/target/riscv/insn_trans/trans_rvb.c.inc
> +++ b/target/riscv/insn_trans/trans_rvb.c.inc
> @@ -179,6 +179,24 @@ static bool trans_sroi(DisasContext *ctx, arg_sroi *a)
>  return gen_shifti(ctx, a, gen_sro);
>  }
>
> +static bool trans_ror(DisasContext *ctx, arg_ror *a)
> +{
> +REQUIRE_EXT(ctx, RVB);
> +return gen_shift(ctx, a, tcg_gen_rotr_tl);
> +}
> +
> +static bool trans_rori(DisasContext *ctx, arg_rori *a)
> +{
> +REQUIRE_EXT(ctx, RVB);
> +return gen_shifti(ctx, a, tcg_gen_rotr_tl);
> +}
> +
> +static bool trans_rol(DisasContext *ctx, arg_rol *a)
> +{
> +REQUIRE_EXT(ctx, RVB);
> +return gen_shift(ctx, a, tcg_gen_rotl_tl);
> +}
> +
>  static bool trans_clzw(DisasContext *ctx, arg_clzw *a)
>  {
>  REQUIRE_64BIT(ctx);
> @@ -290,3 +308,24 @@ static bool trans_sroiw(DisasContext *ctx, arg_sroiw *a)
>  REQUIRE_EXT(ctx, RVB);
>  return gen_shiftiw(ctx, a, gen_sro);
>  }
> +
> +static bool trans_rorw(DisasContext *ctx, arg_rorw *a)
> +{
> +REQUIRE_64BIT(ctx);
> +REQUIRE_EXT(ctx, RVB);
> +return gen_shiftw(ctx, a, gen_rorw);
> +}
> +
> +static bool trans_roriw(DisasContext *ctx, arg_roriw *a)
> +{
> +REQUIRE_64BIT(ctx);
> +REQUIRE_EXT(ctx, RVB);
> +return gen_shiftiw(ctx, a, gen_rorw);
> +}
> +
> +static bool trans_rolw(DisasContext *ctx, arg_rolw *a)
> +{
> +REQUIRE_64BIT(ctx);
> +REQUIRE_EXT(ctx, RVB);
> +return gen_shiftw(ctx, a, gen_rolw);
> +}
> diff --git a/target/riscv/translate.c b/target/riscv/translate.c
> index 088cf9f7678..c09b93f1b8a 100644
> --- a/target/riscv/translate.c
> +++ b/target/riscv/translate.c
> @@ -663,6 +663,42 @@ static void gen_packuw(TCGv ret, TCGv arg1, TCGv arg2)
>  tcg_temp_free(t);
>  }
>
> +static void gen_rorw(TCGv ret, TCGv arg1, TCGv arg2)
> +{
> +TCGv_i32 t1 = tcg_temp_new_i32();
> +TCGv_i32 t2 = tcg_temp_new_i32();
> +
> +/* truncate to 32-bits */
> +tcg_gen_trunc_tl_i32(t1, arg1);
> +tcg_gen_trunc_tl_i32(t2, arg2);
> +
> +tcg_gen_rotr_i32(t1, t1, t2);
> +
> +/* sign-extend 64-bits */
> +tcg_gen_ext_i32_tl(ret, t1);
> +
> +tcg_temp_free_i32(t1);
> +tcg_temp_free_i32(t2);
> +}
> +
> +static void gen_rolw(TCGv ret, TCGv arg1, TCGv arg2)
> +{
> +TCGv_i32 t1 = tcg_temp_new_i32();
> +TCGv_i32 t2 = tcg_temp_new_i32();
> +
> +/* truncate to 32-bits */
> +tcg_gen_trunc_tl_i32(t1, arg1);
> +tcg_gen_trunc_tl_i32(t2, arg2);
> +
> +tcg_gen_rotl_i32(t1, t1, t2);
> +
> +/* sign-extend 64-bits */
> +tcg_gen_ext_i32_tl(ret, t1);
> +
> +tcg_temp_free_i32(t1);
> +tcg_temp_free_i32(t2);
> +}
> +
>  static bool gen_arith(DisasContext *ctx, arg_r *a,
>

Re: [PATCH] target/riscv: Remove unnecessary riscv_*_names[] declaration

On Fri, May 14, 2021 at 3:24 PM Bin Meng  wrote:
>
> riscv_excp_names[] and riscv_intr_names[] are only referenced by
> target/riscv/cpu.c locally.
>
> Signed-off-by: Bin Meng 

Thanks!

Applied to riscv-to-apply.next

Alistair

> ---
>
>  target/riscv/cpu.h | 2 --
>  target/riscv/cpu.c | 4 ++--
>  2 files changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index 7e879fb9ca..adba2ff533 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -318,8 +318,6 @@ static inline bool riscv_feature(CPURISCVState *env, int 
> feature)
>
>  extern const char * const riscv_int_regnames[];
>  extern const char * const riscv_fpr_regnames[];
> -extern const char * const riscv_excp_names[];
> -extern const char * const riscv_intr_names[];
>
>  const char *riscv_cpu_get_trap_name(target_ulong cause, bool async);
>  void riscv_cpu_do_interrupt(CPUState *cpu);
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index 3191fd0082..7ee31f97a3 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -51,7 +51,7 @@ const char * const riscv_fpr_regnames[] = {
>"f30/ft10", "f31/ft11"
>  };
>
> -const char * const riscv_excp_names[] = {
> +static const char * const riscv_excp_names[] = {
>  "misaligned_fetch",
>  "fault_fetch",
>  "illegal_instruction",
> @@ -78,7 +78,7 @@ const char * const riscv_excp_names[] = {
>  "guest_store_page_fault",
>  };
>
> -const char * const riscv_intr_names[] = {
> +static const char * const riscv_intr_names[] = {
>  "u_software",
>  "s_software",
>  "vs_software",
> --
> 2.25.1
>
>

Re: [PATCH v5 1/6] hw/isa/Kconfig: Fix missing dependency ISA_SUPERIO -> FDC


On 19/05/2021 13.05, Philippe Mathieu-Daudé wrote:

On 5/19/21 10:23 AM, Thomas Huth wrote:

On 18/05/2021 21.32, Philippe Mathieu-Daudé wrote:

isa_superio_realize() calls isa_fdc_init_drives(), which is defined
in hw/block/fdc.c, so ISA_SUPERIO needs to select the FDC symbol.


If I get that right, not all superio chipsets provide a floppy drive
(there's this "k->floppy.is_enabled" check in there) ... but for boards
that don't need the FDC, this would currently require a stub for that
function


Good point. I'll try to get it right.


As discussed in v6, all superio chips currently have a way to use an FDC, so 
this version of the patch is fine:


Reviewed-by: Thomas Huth

Re: [PATCH 1/3] qemu-config: parse configuration files to a QDict


On 19/05/21 16:40, Kevin Wolf wrote:

+qemu_opts_absorb_qdict(opts, qdict, errp);

Shouldn't we check that qdict is empty now and return an error if there
are any options that the QemuOptsList doesn't accept?


Indeed, my bad for not checking exactly the contract of 
qemu_opts_absorb_qdict.


Paolo

Re: [RFC PATCH 02/11] hw/ide: Add PCIIDEState::isa_bus link

2021-05-20 Thread Mark Cave-Ayland


On 19/05/2021 00:05, BALATON Zoltan wrote:


On Tue, 18 May 2021, Philippe Mathieu-Daudé wrote:

IDE bus depends on ISA bus for IRQ/DMA.

Add an ISABus reference in PCIIDEState, and add link properties
to it in the PIIX and VIA objects (which inherit PCI_IDE).

Signed-off-by: Philippe Mathieu-Daudé 
---
include/hw/ide/pci.h |  1 +
hw/ide/piix.c    | 11 ++-
hw/ide/via.c | 10 +-
3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/include/hw/ide/pci.h b/include/hw/ide/pci.h
index d8384e1c422..e790722ed14 100644
--- a/include/hw/ide/pci.h
+++ b/include/hw/ide/pci.h
@@ -47,6 +47,7 @@ struct PCIIDEState {
    PCIDevice parent_obj;
    /*< public >*/

+    ISABus *isa_bus;


I'm not sure that this belongs here. Previously we managed to remove device specific 
fields from this structure so it's now really just holds stuff related to PCI IDE 
(except the remaining "secondary" field specific to CMD646). PCI IDE normaly has 
nothing to do with ISA except for those south bridges that have IDE with legacy mode. 
So this ISABus reference should be in those south bridges instead. But that may need 
a new subclass just for this so putting it here is just avoiding boilerplate of 
declaring new subclasses in piix and via-ide. I can sympathise with that but I'd 
still prefer to keep it off here but I wonder if there's a way to do that without 
subclassing and storing an ISABus ref? If I understand correctly this ISABus ref is 
just needed to get appropriate ISA irqs. But could we just store a ref to those irqs 
directly so we don't need to keep the ref to the ISA bus? There's already a qemu_irq 
in BMDMAState but I'm not sure how those are set and if you could store an isa irq 
there to simplify this. I don't know the details and could not detangle it by a brief 
look so not sure it can be done but conceptually it feels better to keep PCI IDE 
separate from ISA and let it raise either PCI irq or ISA irq as needed. For that a 
ref to the irq should be enough and that can either come from a PCI bus (which is 
normaly expected for PCI IDE) or an ISA bridge for legacy modes. Hope it makes sense 
and you get what I'm trying to say. (Longer term we may want to make it changeable 
also after the device is created to allow switching between legacy and PCI mode but 
so far we could get away without emulating that so it's not a requirement just 
something to consider when you're changing this. The real problem that prevents 
switching modes is not irq I think but ioports and that ISA devices are not 
configurable after creating them but that would need QOM'ifying ISA emulation which 
probably does not worth the effort unless we come across some guest that needs this.)


Right. I've had a quick look over the patchset and the IRQ changes look good: the 
part I'm not keen on is adding the property links for the ISABus directly to these 
devices, since as Zoltan correctly points out this is handled by a PCI-ISA bridge in 
the PCI host bridge and not the PCI device itself.


One of the better diagrams to explain how this wires together is on the QEMU wiki at 
https://wiki.qemu.org/Features/Q35. Bear in mind that the PCI-ISA bridge is optional 
and not all PCI bridges have them.


I spent a bit of time trying to figure how we know which devices have a PCI-ISA 
bridge and then realised that it is those devices with a PCI class id of 
PCI_CLASS_BRIDGE_ISA. If you grep for this then it is possible to see that there are 
a couple of places that check for whether a PCI device is a PCI-ISA bridge by 
checking the PCI class id for PCI_CLASS_BRIDGE_ISA instead of using a QOM type.


This gives me the following idea:

1) Create an abstract TYPE_PCI_ISA_BRIDGE QOM type with parent PCI_DEVICE and change 
the existing devices with PCI_CLASS_BRIDGE_ISA so that they have TYPE_PCI_ISA_BRIDGE 
as a parent


2) In the PCI_ISA_BRIDGE realize function add the following common code to 
instantiate the ISABus and remove it from the individual PCI_CLASS_BRIDGE_ISA devices:


static void pci_isa_bridge_realize(DeviceState *dev)
{
PCIISABridge *s = PCI_ISA_BRIDGE(dev);

s->isa_bus = isa_bus_new(DEVICE(dev), pci_address_space(dev),
 pci_address_space_io(dev), errp);

/* FIXME: this should probably use errp */
if (!s->isa_bus) {
return;
}
}

You may also be able to do something similar with the 8259 IRQ initialisation 
although I haven't really looked at that.


3) Add a new pci_isa_bridge_get_isabus(PCIDevice *d) function that the devices such 
as via-ide can use to obtain a reference to the ISABus from their own PCIDevice. It 
should hopefully be quite simple like this:


ISABus *pci_isa_bridge_get_isabus(PCIDevice *d)
{
PCIISABridge *s = PCI_ISA_BRIDGE(d);

return s->isa_bus;
}


I think this is the best solution since it avoids either 1) having to embed ISABus 
unconditionally into PCIHostState and therefore bringing in all ISA devices for all 
PCI builds

[PATCH v4 00/15] qemu_iotests: improve debugging options