Re: [Qemu-devel] [PATCH 17/30] memory: add address_space_translate

[Jan Kiszka]

On 2013-05-21 12:57, Paolo Bonzini wrote:
> Using phys_page_find to translate an AddressSpace to a MemoryRegionSection
> is unwieldy.  It requires to pass the page index rather than the address,
> and later memory_region_section_addr has to be called.  Replace
> memory_region_section_addr with a function that does all of it: call
> phys_page_find, compute the offset within the region, and check how
> big the current mapping is.  This way, a large flat region can be written
> with a single lookup rather than a page at a time.
> 
> address_space_translate will also provide a single point where IOMMU
> forwarding is implemented.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  cputlb.c  |  20 ++---
>  exec.c| 201 
> +++---
>  include/exec/cputlb.h |  12 ++-
>  include/exec/memory.h |  31 
>  translate-all.c   |   6 +-
>  5 files changed, 143 insertions(+), 127 deletions(-)
> 
> diff --git a/cputlb.c b/cputlb.c
> index aba7e44..1f85da0 100644
> --- a/cputlb.c
> +++ b/cputlb.c
> @@ -248,13 +248,18 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
>  target_ulong code_address;
>  uintptr_t addend;
>  CPUTLBEntry *te;
> -hwaddr iotlb;
> +hwaddr iotlb, xlat, sz;
>  
>  assert(size >= TARGET_PAGE_SIZE);
>  if (size != TARGET_PAGE_SIZE) {
>  tlb_add_large_page(env, vaddr, size);
>  }
> -section = phys_page_find(address_space_memory.dispatch, paddr >> 
> TARGET_PAGE_BITS);
> +
> +sz = size;
> +section = address_space_translate(&address_space_memory, paddr, &xlat, 
> &sz,
> +  false);
> +assert(sz >= TARGET_PAGE_SIZE);
> +
>  #if defined(DEBUG_TLB)
>  printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
> " prot=%x idx=%d pd=0x%08lx\n",
> @@ -269,15 +274,14 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
>  }
>  if (memory_region_is_ram(section->mr) ||
>  memory_region_is_romd(section->mr)) {
> -addend = (uintptr_t)memory_region_get_ram_ptr(section->mr)
> -+ memory_region_section_addr(section, paddr);
> +addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat;
>  } else {
>  addend = 0;
>  }
>  
>  code_address = address;
> -iotlb = memory_region_section_get_iotlb(env, section, vaddr, paddr, prot,
> -&address);
> +iotlb = memory_region_section_get_iotlb(env, section, vaddr, paddr, xlat,
> +prot, &address);
>  
>  index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
>  env->iotlb[mmu_idx][index] = iotlb - vaddr;
> @@ -300,9 +304,7 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
>  /* Write access calls the I/O callback.  */
>  te->addr_write = address | TLB_MMIO;
>  } else if (memory_region_is_ram(section->mr)
> -   && !cpu_physical_memory_is_dirty(
> -   section->mr->ram_addr
> -   + memory_region_section_addr(section, paddr))) {
> +   && !cpu_physical_memory_is_dirty(section->mr->ram_addr + 
> xlat)) {
>  te->addr_write = address | TLB_NOTDIRTY;
>  } else {
>  te->addr_write = address;
> diff --git a/exec.c b/exec.c
> index 82da067..e5ee8ff 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -182,7 +182,7 @@ static void phys_page_set(AddressSpaceDispatch *d,
>  phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
>  }
>  
> -MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
> +static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr 
> index)
>  {
>  PhysPageEntry lp = d->phys_map;
>  PhysPageEntry *p;
> @@ -198,6 +198,22 @@ MemoryRegionSection *phys_page_find(AddressSpaceDispatch 
> *d, hwaddr index)
>  return &phys_sections[lp.ptr];
>  }
>  
> +MemoryRegionSection *address_space_translate(AddressSpace *as, hwaddr addr,
> + hwaddr *xlat, hwaddr *plen,
> + bool is_write)
> +{
> +MemoryRegionSection *section;
> +
> +section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
> +/* Compute offset within MemoryRegionSection */
> +addr -= section->offset_within_address_space;
> +*plen = MIN(section->size - addr, *plen);

This limitation causes problems. Consider two overlapping memory regions
A and B. A handles 4-byte accesses and is at least 4 bytes long, B only
deals with a single byte. They overlap like this:

B (prio 1):   X
A (prio 0): ...
^access here with 4 bytes length

Now if an access happens at the marked position, it is split into one
2-byte access to A, followed by a one-byte access to B and another
one-byte access to A. But the right access emulation would be 4-b

Re: [Qemu-devel] Win32 QEMU binaries built from MinGW fail (access violation)

[Stefan Weil]

Am 25.05.2013 03:56, schrieb Dan:
> I've been trying to build QEMU source directly with MinGW.  The
> compile/link works but there are tons of warnings (mostly Wformat).
> Once I try to run the binaries in Windows though, I quickly hit access
> violations once the HD image is mounted.  I've tested on the
> linux-0.2.img.bz2 so that I can be consistent with others.  The
> violations bounce around based on the image and emulation.  I've tried
> with -nographic to try to rule out SDL.dll.  I'm at a loss, and
> beginning to wonder if 100's of Wformat errors need to be patched one
> by one to have a run-able windows binary.
>
> What I'm confused by is that both qemu.org (ref1) and wikibooks.org
> (ref2) seem to imply that there are no special MinGW patches.  I've
> also found many sites hosting valid QEMU win32 binaries like
> omledom.com (ref3).  I've even ensured that my ./configure settings
> match theirs (omledom), but of course I have no way to know if they
> are compiliing FROM windows FOR windows, or FROM linux FOR windows.
>
> Here's is an abridged list of my process.
>
> install cygwin to for wget and unzip, though nothing is in the PATH varable.
> wget mingw-get-inst-20120426.exe
> wget python-2.6.6.msi
> wget gtk+-bundle_2.24.10-20120208_win32.zip
> wget SDL-devel-1.2.15-mingw32.tar.gz
> wget qemu-1.4.1.tar.bz2
> wget linux-0.2.img.bz2
>
> install mingw-get-inst-20120426.exe
> install python-2.6.6.msi
> unzip gtk+-bundle_2.24.10-20120208_win32.zip to c:\MinGW
> unzip SDL-devel-1.2.15-mingw32.tar.gz to c:\MinGW\msys\1.0\src
> unzip qemu-1.4.1.tar.bz2 to c:\MinGW\msys\1.0\src
> decompress linux-0.2.img.bz2 to c:\MinGW\msys\1.0\bld
>
> launch msys prompt && cd /usr/src/SDL && make native
> launch msys prompt && cd /usr/src/qemu
> ./configure --python=c:/Python26/python.exe --prefix=/usr/bld
> make && make install && cd /usr/bld
> ./qemu-system-i386.exe linux-0.2.img
>
> Observe an access violation in qemu-system-i386.exe within 5 seconds.
>
> Am I the only one compiling qemu FROM windows FOR windows?
>
> Also, just for grins, I replace my copy of qemu-system-i386.exe with
> the one from omledom and things work without any issues.  I've also
> tried the qemu 1.5 repositories and this weeks .git snapshot.  All
> fail with similar errors.
>
> I've also done this on two machines, an x86 Windows Vista system and
> an x64 Windows 8 system.  Same results on both.
>
> ref1: http://wiki.qemu.org/Hosts/W32
> ref2: http://en.wikibooks.org/wiki/QEMU/MinGW
> ref3: http://www.omledom.com/
>
> Long explanation at:
> http://screamingmonkeys.blogspot.com/2013/05/return-to-linux-compiling-qemu-with.html
>
> -Dan

Hi Dan,

native builds for Windows should work and result in working executables.
Can you run qemu-system-i386 with gdb and provide a stack trace of the
crash?

The Wformat warnings are "normal" with unpatched versions of MinGW32
because MinGW32 does not correctly set the ANSI format macros
(PRIu32, ...).

I recommend using MinGW-w64. It is installed on top of MinGW and includes
newer and better system include files as well as compilers for 32 and 64 bit
executables, so you can compile for w32 and for w64.

Cheers
Stefan


qemu-system-i386

Re: [Qemu-devel] [PATCH] target-i386: Disable CPUID_EXT_MONITOR when KVM is enabled

[Paolo Bonzini]

Il 25/05/2013 03:21, Bandan Das ha scritto:
> There is one user-visible effect: "-cpu ...,enforce" will stop failing
> because of missing KVM support for CPUID_EXT_MONITOR. But that's exactly
> the point: there's no point in having CPU model definitions that would
> never work as-is with neither TCG or KVM. This patch is changing the
> meaning of (e.g.) "-machine ...,accel=kvm -cpu Opteron_G3" to match what
> was already happening in practice.

But then -cpu Opteron_G3 does not match a "real" Opteron G3.  Is it
worth it?

Paolo

[Qemu-devel] Potential to accelerate QEMU for specific architectures

[Lior Vernia]

Hello,

I am running x86 applications on an ARM device using QEMU, and found
it too slow for my needs. This is to be expected, of course, this is
not a complaint. However, I was wondering whether this could be helped
by "overriding" the generic binary translation mechanism and focusing
on lower level binary translation just from x86 to ARM.

It's clear to me that this isn't a small project, but it might be
important enough for me to invest myself in. However, before I jump
into it, I wanted to inquire whether this would be worthwhile at all.
Does anyone have any estimate as to how big of a gain that could
achieve? Or whether a more significant improvement could be achieved
by further tweaking that didn't occur to me?

Proper disclosure: I'm fairly new to this whole cross-architecture deal.

Yours, Lior.

[Qemu-devel] Win32 QEMU binaries built from MinGW fail (access violation)

[Dan]

I've been trying to build QEMU source directly with MinGW.  The
compile/link works but there are tons of warnings (mostly Wformat).
Once I try to run the binaries in Windows though, I quickly hit access
violations once the HD image is mounted.  I've tested on the
linux-0.2.img.bz2 so that I can be consistent with others.  The
violations bounce around based on the image and emulation.  I've tried
with -nographic to try to rule out SDL.dll.  I'm at a loss, and
beginning to wonder if 100's of Wformat errors need to be patched one
by one to have a run-able windows binary.

What I'm confused by is that both qemu.org (ref1) and wikibooks.org
(ref2) seem to imply that there are no special MinGW patches.  I've
also found many sites hosting valid QEMU win32 binaries like
omledom.com (ref3).  I've even ensured that my ./configure settings
match theirs (omledom), but of course I have no way to know if they
are compiliing FROM windows FOR windows, or FROM linux FOR windows.

Here's is an abridged list of my process.

install cygwin to for wget and unzip, though nothing is in the PATH varable.
wget mingw-get-inst-20120426.exe
wget python-2.6.6.msi
wget gtk+-bundle_2.24.10-20120208_win32.zip
wget SDL-devel-1.2.15-mingw32.tar.gz
wget qemu-1.4.1.tar.bz2
wget linux-0.2.img.bz2

install mingw-get-inst-20120426.exe
install python-2.6.6.msi
unzip gtk+-bundle_2.24.10-20120208_win32.zip to c:\MinGW
unzip SDL-devel-1.2.15-mingw32.tar.gz to c:\MinGW\msys\1.0\src
unzip qemu-1.4.1.tar.bz2 to c:\MinGW\msys\1.0\src
decompress linux-0.2.img.bz2 to c:\MinGW\msys\1.0\bld

launch msys prompt && cd /usr/src/SDL && make native
launch msys prompt && cd /usr/src/qemu
./configure --python=c:/Python26/python.exe --prefix=/usr/bld
make && make install && cd /usr/bld
./qemu-system-i386.exe linux-0.2.img

Observe an access violation in qemu-system-i386.exe within 5 seconds.

Am I the only one compiling qemu FROM windows FOR windows?

Also, just for grins, I replace my copy of qemu-system-i386.exe with
the one from omledom and things work without any issues.  I've also
tried the qemu 1.5 repositories and this weeks .git snapshot.  All
fail with similar errors.

I've also done this on two machines, an x86 Windows Vista system and
an x64 Windows 8 system.  Same results on both.

ref1: http://wiki.qemu.org/Hosts/W32
ref2: http://en.wikibooks.org/wiki/QEMU/MinGW
ref3: http://www.omledom.com/

Long explanation at:
http://screamingmonkeys.blogspot.com/2013/05/return-to-linux-compiling-qemu-with.html

-Dan

Re: [Qemu-devel] [PATCH] Remove unnecessary break statements

[Stefan Weil]

Am 24.05.2013 14:33, schrieb Richard W.M. Jones:
> On Fri, May 24, 2013 at 12:19:25PM +0200, Stefan Weil wrote:
>> Fix these warnings from cppcheck:
>>
>> hw/display/cirrus_vga.c:2603:
>> hw/sd/sd.c:348:
>> hw/timer/exynos4210_mct.c:1033:
>> target-arm/translate.c:9886:
>> target-s390x/mem_helper.c:518:
>> target-unicore32/translate.c:1936:
>>  style: Consecutive return, break, continue, goto or throw statements are 
>> unnecessary.
> I'm not sure what cppcheck does, but I spotted an unnecessary break
> statement in the watchdog code a few days ago:
>
> http://git.qemu.org/?p=qemu.git;a=blob;f=hw/watchdog/watchdog.c;h=cb4e1f9e479f934532fcd4d07528feccba812b79;hb=HEAD#l131
> (line 131)
>
> So it's obviously not finding them all :-(
>
> Rich.

Yes, cppcheck knows functions with attribute noreturn, but does not
check for statements after such functions. That's a missing feature
(or a bug).

Stefan

[Qemu-devel] [PATCH V13 5/6] hmp: show ImageInfo in 'info block'

[Wenchao Xia]

Now human monitor can show image details, include internal
snapshot and backing chain info for every block device.

Signed-off-by: Wenchao Xia 
---
 hmp.c |   14 ++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/hmp.c b/hmp.c
index 4fb76ec..2aa832c 100644
--- a/hmp.c
+++ b/hmp.c
@@ -22,6 +22,7 @@
 #include "qemu/sockets.h"
 #include "monitor/monitor.h"
 #include "ui/console.h"
+#include "block/qapi.h"
 
 static void hmp_handle_error(Monitor *mon, Error **errp)
 {
@@ -277,6 +278,7 @@ void hmp_info_cpus(Monitor *mon, const QDict *qdict)
 void hmp_info_block(Monitor *mon, const QDict *qdict)
 {
 BlockInfoList *block_list, *info;
+ImageInfo *image_info;
 
 block_list = qmp_query_block(NULL);
 
@@ -318,6 +320,18 @@ void hmp_info_block(Monitor *mon, const QDict *qdict)
 info->value->inserted->iops,
 info->value->inserted->iops_rd,
 info->value->inserted->iops_wr);
+
+monitor_printf(mon, " images:\n");
+image_info = info->value->inserted->image;
+while (1) {
+bdrv_image_info_dump((fprintf_function)monitor_printf, mon,
+ image_info);
+if (image_info->has_backing_image) {
+image_info = image_info->backing_image;
+} else {
+break;
+}
+}
 } else {
 monitor_printf(mon, " [not inserted]");
 }
-- 
1.7.1

[Qemu-devel] [PATCH V13 3/6] qmp: add recursive member in ImageInfo

[Wenchao Xia]

New member *backing-image is added to reflect the backing chain
status.

Signed-off-by: Wenchao Xia 
---
 block/qapi.c |   16 +++-
 qapi-schema.json |5 -
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index 680ec23..cbef584 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -88,7 +88,21 @@ int bdrv_query_snapshot_info_list(BlockDriverState *bs,
 return 0;
 }
 
-/* @p_info will be set only on success. */
+/**
+ * bdrv_query_image_info:
+ * @bs: block device to examine
+ * @p_info: location to store image information
+ * @errp: location to store error information
+ *
+ * Store "flat" image inforation in @p_info.
+ *
+ * "Flat" means it does *not* query backing image information,
+ * i.e. (*pinfo)->has_backing_image will be set to false and
+ * (*pinfo)->backing_image to NULL even when the image does in fact have
+ * a backing image.
+ *
+ * @p_info will be set only on success. On error, store error in @errp.
+ */
 void bdrv_query_image_info(BlockDriverState *bs,
ImageInfo **p_info,
Error **errp)
diff --git a/qapi-schema.json b/qapi-schema.json
index ef1f657..a02999d 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -236,6 +236,8 @@
 #
 # @snapshots: #optional list of VM snapshots
 #
+# @backing-image: #optional info of the backing image (since 1.6)
+#
 # Since: 1.3
 #
 ##
@@ -245,7 +247,8 @@
'*actual-size': 'int', 'virtual-size': 'int',
'*cluster-size': 'int', '*encrypted': 'bool',
'*backing-filename': 'str', '*full-backing-filename': 'str',
-   '*backing-filename-format': 'str', '*snapshots': ['SnapshotInfo'] } 
}
+   '*backing-filename-format': 'str', '*snapshots': ['SnapshotInfo'],
+   '*backing-image': 'ImageInfo' } }
 
 ##
 # @ImageCheck:
-- 
1.7.1

[Qemu-devel] [PATCH V13 4/6] qmp: add ImageInfo in BlockDeviceInfo used by query-block

[Wenchao Xia]

Now image info will be retrieved as an embbed json object inside
BlockDeviceInfo, backing chain info and all related internal snapshot
info can be got in the enhanced recursive structure of ImageInfo.

Signed-off-by: Wenchao Xia 
---
 block/qapi.c |   43 +--
 include/block/qapi.h |4 ++-
 qapi-schema.json |5 +++-
 qmp-commands.hx  |   69 -
 4 files changed, 114 insertions(+), 7 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index cbef584..b62365a 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -174,9 +174,15 @@ void bdrv_query_image_info(BlockDriverState *bs,
 *p_info = info;
 }
 
-BlockInfo *bdrv_query_info(BlockDriverState *bs)
+/* @p_info will be set only on success. */
+void bdrv_query_info(BlockDriverState *bs,
+ BlockInfo **p_info,
+ Error **errp)
 {
 BlockInfo *info = g_malloc0(sizeof(*info));
+BlockDriverState *bs0;
+ImageInfo **p_image_info;
+Error *local_err = NULL;
 info->device = g_strdup(bs->device_name);
 info->type = g_strdup("unknown");
 info->locked = bdrv_dev_is_medium_locked(bs);
@@ -230,8 +236,30 @@ BlockInfo *bdrv_query_info(BlockDriverState *bs)
 info->inserted->iops_wr =
bs->io_limits.iops[BLOCK_IO_LIMIT_WRITE];
 }
+
+bs0 = bs;
+p_image_info = &info->inserted->image;
+while (1) {
+bdrv_query_image_info(bs0, p_image_info, &local_err);
+if (error_is_set(&local_err)) {
+error_propagate(errp, local_err);
+goto err;
+}
+if (bs0->drv && bs0->backing_hd) {
+bs0 = bs0->backing_hd;
+(*p_image_info)->has_backing_image = true;
+p_image_info = &((*p_image_info)->backing_image);
+} else {
+break;
+}
+}
 }
-return info;
+
+*p_info = info;
+return;
+
+ err:
+qapi_free_BlockInfo(info);
 }
 
 BlockStats *bdrv_query_stats(const BlockDriverState *bs)
@@ -268,16 +296,25 @@ BlockInfoList *qmp_query_block(Error **errp)
 {
 BlockInfoList *head = NULL, **p_next = &head;
 BlockDriverState *bs = NULL;
+Error *local_err = NULL;
 
  while ((bs = bdrv_next(bs))) {
 BlockInfoList *info = g_malloc0(sizeof(*info));
-info->value = bdrv_query_info(bs);
+bdrv_query_info(bs, &info->value, &local_err);
+if (error_is_set(&local_err)) {
+error_propagate(errp, local_err);
+goto err;
+}
 
 *p_next = info;
 p_next = &info->next;
 }
 
 return head;
+
+ err:
+qapi_free_BlockInfoList(head);
+return NULL;
 }
 
 BlockStatsList *qmp_query_blockstats(Error **errp)
diff --git a/include/block/qapi.h b/include/block/qapi.h
index ab1f48f..0496cc9 100644
--- a/include/block/qapi.h
+++ b/include/block/qapi.h
@@ -35,7 +35,9 @@ int bdrv_query_snapshot_info_list(BlockDriverState *bs,
 void bdrv_query_image_info(BlockDriverState *bs,
ImageInfo **p_info,
Error **errp);
-BlockInfo *bdrv_query_info(BlockDriverState *s);
+void bdrv_query_info(BlockDriverState *bs,
+ BlockInfo **p_info,
+ Error **errp);
 BlockStats *bdrv_query_stats(const BlockDriverState *bs);
 
 void bdrv_snapshot_dump(fprintf_function func_fprintf, void *f,
diff --git a/qapi-schema.json b/qapi-schema.json
index a02999d..5ad6894 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -759,6 +759,8 @@
 #
 # @iops_wr: write I/O operations per second is specified
 #
+# @image: the info of image used (since: 1.6)
+#
 # Since: 0.14.0
 #
 # Notes: This interface is only found in @BlockInfo.
@@ -768,7 +770,8 @@
 '*backing_file': 'str', 'backing_file_depth': 'int',
 'encrypted': 'bool', 'encryption_key_missing': 'bool',
 'bps': 'int', 'bps_rd': 'int', 'bps_wr': 'int',
-'iops': 'int', 'iops_rd': 'int', 'iops_wr': 'int'} }
+'iops': 'int', 'iops_rd': 'int', 'iops_wr': 'int',
+'image': 'ImageInfo' } }
 
 ##
 # @BlockDeviceIoStatus:
diff --git a/qmp-commands.hx b/qmp-commands.hx
index ffd130e..8cea5e5 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -1704,6 +1704,47 @@ Each json-object contain the following:
  - "iops": limit total I/O operations per second (json-int)
  - "iops_rd": limit read operations per second (json-int)
  - "iops_wr": limit write operations per second (json-int)
+ - "image": the detail of the image, it is a json-object containing
+the following:
+ - "filename": image file name (json-string)
+ - "format": image format (json-string)
+ - "virtual-size": image capacity in bytes (json-int)
+ - "dirty-flag": true if image is not cleanly closed, not present
+

[Qemu-devel] [PATCH V13 2/6] block: add image info query function bdrv_query_image_info()

[Wenchao Xia]

This patch adds function bdrv_query_image_info(), which will
retrieve image info in qmp object format. The implementation is
based on the code moved from qemu-img.c, but uses block layer
function to get snapshot info.

Signed-off-by: Wenchao Xia 
---
 block/qapi.c |   36 ++--
 include/block/qapi.h |6 +++---
 qemu-img.c   |   11 ++-
 3 files changed, 39 insertions(+), 14 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index 1ed56da..680ec23 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -88,18 +88,22 @@ int bdrv_query_snapshot_info_list(BlockDriverState *bs,
 return 0;
 }
 
-void bdrv_collect_image_info(BlockDriverState *bs,
- ImageInfo *info,
- const char *filename)
+/* @p_info will be set only on success. */
+void bdrv_query_image_info(BlockDriverState *bs,
+   ImageInfo **p_info,
+   Error **errp)
 {
 uint64_t total_sectors;
-char backing_filename[1024];
+const char *backing_filename;
 char backing_filename2[1024];
 BlockDriverInfo bdi;
+int ret;
+Error *err = NULL;
+ImageInfo *info = g_new0(ImageInfo, 1);
 
 bdrv_get_geometry(bs, &total_sectors);
 
-info->filename= g_strdup(filename);
+info->filename= g_strdup(bs->filename);
 info->format  = g_strdup(bdrv_get_format_name(bs));
 info->virtual_size= total_sectors * 512;
 info->actual_size = bdrv_get_allocated_file_size(bs);
@@ -116,7 +120,7 @@ void bdrv_collect_image_info(BlockDriverState *bs,
 info->dirty_flag = bdi.is_dirty;
 info->has_dirty_flag = true;
 }
-bdrv_get_backing_filename(bs, backing_filename, sizeof(backing_filename));
+backing_filename = bs->backing_file;
 if (backing_filename[0] != '\0') {
 info->backing_filename = g_strdup(backing_filename);
 info->has_backing_filename = true;
@@ -134,6 +138,26 @@ void bdrv_collect_image_info(BlockDriverState *bs,
 info->has_backing_filename_format = true;
 }
 }
+
+ret = bdrv_query_snapshot_info_list(bs, &info->snapshots, &err);
+switch (ret) {
+case 0:
+if (info->snapshots) {
+info->has_snapshots = true;
+}
+break;
+/* recoverable error */
+case -ENOMEDIUM:
+case -ENOTSUP:
+error_free(err);
+break;
+default:
+error_propagate(errp, err);
+qapi_free_ImageInfo(info);
+return;
+}
+
+*p_info = info;
 }
 
 BlockInfo *bdrv_query_info(BlockDriverState *bs)
diff --git a/include/block/qapi.h b/include/block/qapi.h
index 4f223d1..ab1f48f 100644
--- a/include/block/qapi.h
+++ b/include/block/qapi.h
@@ -32,9 +32,9 @@
 int bdrv_query_snapshot_info_list(BlockDriverState *bs,
   SnapshotInfoList **p_list,
   Error **errp);
-void bdrv_collect_image_info(BlockDriverState *bs,
- ImageInfo *info,
- const char *filename);
+void bdrv_query_image_info(BlockDriverState *bs,
+   ImageInfo **p_info,
+   Error **errp);
 BlockInfo *bdrv_query_info(BlockDriverState *s);
 BlockStats *bdrv_query_stats(const BlockDriverState *bs);
 
diff --git a/qemu-img.c b/qemu-img.c
index 29929c5..04a3f7c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1642,6 +1642,7 @@ static ImageInfoList *collect_image_info_list(const char 
*filename,
 ImageInfoList *head = NULL;
 ImageInfoList **last = &head;
 GHashTable *filenames;
+Error *err = NULL;
 
 filenames = g_hash_table_new_full(g_str_hash, str_equal_func, NULL, NULL);
 
@@ -1663,11 +1664,11 @@ static ImageInfoList *collect_image_info_list(const 
char *filename,
 goto err;
 }
 
-info = g_new0(ImageInfo, 1);
-bdrv_collect_image_info(bs, info, filename);
-bdrv_query_snapshot_info_list(bs, &info->snapshots, NULL);
-if (info->snapshots) {
-info->has_snapshots = true;
+bdrv_query_image_info(bs, &info, &err);
+if (error_is_set(&err)) {
+error_report("%s", error_get_pretty(err));
+error_free(err);
+goto err;
 }
 
 elem = g_new0(ImageInfoList, 1);
-- 
1.7.1

[Qemu-devel] [PATCH V13 6/6] hmp: add parameters device and -v for info block

[Wenchao Xia]

With these parameters, user can choose the information to be showed,
to avoid message flood in the monitor.

Signed-off-by: Wenchao Xia 
Reviewed-by: Kevin Wolf 
---
 hmp.c |   25 -
 monitor.c |7 ---
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/hmp.c b/hmp.c
index 2aa832c..a590ace 100644
--- a/hmp.c
+++ b/hmp.c
@@ -279,10 +279,15 @@ void hmp_info_block(Monitor *mon, const QDict *qdict)
 {
 BlockInfoList *block_list, *info;
 ImageInfo *image_info;
+const char *device = qdict_get_try_str(qdict, "device");
+int verbose = qdict_get_try_bool(qdict, "verbose", 0);
 
 block_list = qmp_query_block(NULL);
 
 for (info = block_list; info; info = info->next) {
+if (device && strcmp(device, info->value->device)) {
+continue;
+}
 monitor_printf(mon, "%s: removable=%d",
info->value->device, info->value->removable);
 
@@ -321,15 +326,17 @@ void hmp_info_block(Monitor *mon, const QDict *qdict)
 info->value->inserted->iops_rd,
 info->value->inserted->iops_wr);
 
-monitor_printf(mon, " images:\n");
-image_info = info->value->inserted->image;
-while (1) {
-bdrv_image_info_dump((fprintf_function)monitor_printf, mon,
- image_info);
-if (image_info->has_backing_image) {
-image_info = image_info->backing_image;
-} else {
-break;
+if (verbose) {
+monitor_printf(mon, " images:\n");
+image_info = info->value->inserted->image;
+while (1) {
+bdrv_image_info_dump((fprintf_function)monitor_printf,
+ mon, image_info);
+if (image_info->has_backing_image) {
+image_info = image_info->backing_image;
+} else {
+break;
+}
 }
 }
 } else {
diff --git a/monitor.c b/monitor.c
index 6ce2a4e..243f5ae 100644
--- a/monitor.c
+++ b/monitor.c
@@ -2472,9 +2472,10 @@ static mon_cmd_t info_cmds[] = {
 },
 {
 .name   = "block",
-.args_type  = "",
-.params = "",
-.help   = "show the block devices",
+.args_type  = "verbose:-v,device:B?",
+.params = "[-v] [device]",
+.help   = "show info of one block device or all block devices "
+  "(and details of images with -v option)",
 .mhandler.cmd = hmp_info_block,
 },
 {
-- 
1.7.1

[Qemu-devel] [PATCH V13 1/6] block: add snapshot info query function bdrv_query_snapshot_info_list()

[Wenchao Xia]

This patch adds function bdrv_query_snapshot_info_list(), which will
retrieve snapshot info of an image in qmp object format. The implementation
is based on the code moved from qemu-img.c with modification to fit more
for qmp based block layer API.

Signed-off-by: Wenchao Xia 
Reviewed-by: Eric Blake 
---
 block/qapi.c |   55 ++---
 include/block/qapi.h |4 ++-
 qemu-img.c   |5 +++-
 3 files changed, 49 insertions(+), 15 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index 794dbf8..1ed56da 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -26,29 +26,56 @@
 #include "block/block_int.h"
 #include "qmp-commands.h"
 
-void bdrv_collect_snapshots(BlockDriverState *bs , ImageInfo *info)
+/*
+ * Returns 0 on success, with *p_list either set to describe snapshot
+ * information, or NULL because there are no snapshots.  Returns -errno on
+ * error, with *p_list untouched.
+ */
+int bdrv_query_snapshot_info_list(BlockDriverState *bs,
+  SnapshotInfoList **p_list,
+  Error **errp)
 {
 int i, sn_count;
 QEMUSnapshotInfo *sn_tab = NULL;
-SnapshotInfoList *info_list, *cur_item = NULL;
+SnapshotInfoList *info_list, *cur_item = NULL, *head = NULL;
+SnapshotInfo *info;
+
 sn_count = bdrv_snapshot_list(bs, &sn_tab);
+if (sn_count < 0) {
+const char *dev = bdrv_get_device_name(bs);
+switch (sn_count) {
+case -ENOMEDIUM:
+error_setg(errp, "Device '%s' is not inserted", dev);
+break;
+case -ENOTSUP:
+error_setg(errp,
+   "Device '%s' does not support internal snapshots",
+   dev);
+break;
+default:
+error_setg_errno(errp, -sn_count,
+ "Can't list snapshots of device '%s'", dev);
+break;
+}
+return sn_count;
+}
 
 for (i = 0; i < sn_count; i++) {
-info->has_snapshots = true;
-info_list = g_new0(SnapshotInfoList, 1);
+info = g_new0(SnapshotInfo, 1);
+info->id= g_strdup(sn_tab[i].id_str);
+info->name  = g_strdup(sn_tab[i].name);
+info->vm_state_size = sn_tab[i].vm_state_size;
+info->date_sec  = sn_tab[i].date_sec;
+info->date_nsec = sn_tab[i].date_nsec;
+info->vm_clock_sec  = sn_tab[i].vm_clock_nsec / 10;
+info->vm_clock_nsec = sn_tab[i].vm_clock_nsec % 10;
 
-info_list->value= g_new0(SnapshotInfo, 1);
-info_list->value->id= g_strdup(sn_tab[i].id_str);
-info_list->value->name  = g_strdup(sn_tab[i].name);
-info_list->value->vm_state_size = sn_tab[i].vm_state_size;
-info_list->value->date_sec  = sn_tab[i].date_sec;
-info_list->value->date_nsec = sn_tab[i].date_nsec;
-info_list->value->vm_clock_sec  = sn_tab[i].vm_clock_nsec / 10;
-info_list->value->vm_clock_nsec = sn_tab[i].vm_clock_nsec % 10;
+info_list = g_new0(SnapshotInfoList, 1);
+info_list->value = info;
 
 /* XXX: waiting for the qapi to support qemu-queue.h types */
 if (!cur_item) {
-info->snapshots = cur_item = info_list;
+head = cur_item = info_list;
 } else {
 cur_item->next = info_list;
 cur_item = info_list;
@@ -57,6 +84,8 @@ void bdrv_collect_snapshots(BlockDriverState *bs , ImageInfo 
*info)
 }
 
 g_free(sn_tab);
+*p_list = head;
+return 0;
 }
 
 void bdrv_collect_image_info(BlockDriverState *bs,
diff --git a/include/block/qapi.h b/include/block/qapi.h
index e6e568d..4f223d1 100644
--- a/include/block/qapi.h
+++ b/include/block/qapi.h
@@ -29,7 +29,9 @@
 #include "block/block.h"
 #include "block/snapshot.h"
 
-void bdrv_collect_snapshots(BlockDriverState *bs , ImageInfo *info);
+int bdrv_query_snapshot_info_list(BlockDriverState *bs,
+  SnapshotInfoList **p_list,
+  Error **errp);
 void bdrv_collect_image_info(BlockDriverState *bs,
  ImageInfo *info,
  const char *filename);
diff --git a/qemu-img.c b/qemu-img.c
index 82c7977..29929c5 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1665,7 +1665,10 @@ static ImageInfoList *collect_image_info_list(const char 
*filename,
 
 info = g_new0(ImageInfo, 1);
 bdrv_collect_image_info(bs, info, filename);
-bdrv_collect_snapshots(bs, info);
+bdrv_query_snapshot_info_list(bs, &info->snapshots, NULL);
+if (info->snapshots) {
+info->has_snapshots = true;
+}
 
 elem = g_new0(ImageInfoList, 1);
 elem->value = info;
-- 
1.7.1

[Qemu-devel] [PATCH V13 0/6] enhancement for qmp/hmp interfaces of block info

[Wenchao Xia]

  This serial let qmp interface show delaied info, including internal snapshot
/backing chain on all block device at runtime, which helps management stack and
human user, by retrieving exactly the same info of what qemu saws.

Example:
-> { "execute": "query-block" }
<- {
  "return":[
 {
"io-status": "ok",
"device":"ide0-hd0",
"locked":false,
"removable":false,
"inserted":{
   "ro":false,
   "drv":"qcow2",
   "encrypted":false,
   "file":"disks/test.qcow2",
   "backing_file_depth":1,
   "bps":100,
   "bps_rd":0,
   "bps_wr":0,
   "iops":100,
   "iops_rd":0,
   "iops_wr":0,
   "image":{
  "filename":"disks/test.qcow2",
  "format":"qcow2",
  "virtual-size":2048000,
  "backing_file":"base.qcow2",
  "full-backing-filename":"disks/base.qcow2",
  "backing-filename-format:"qcow2",
  "snapshots":[
 {
"id": "1",
"name": "snapshot1",
"vm-state-size": 0,
"date-sec": 1200,
"date-nsec": 12,
"vm-clock-sec": 206,
"vm-clock-nsec": 30
 }
  ],
  "backing-image":{
  "filename":"disks/base.qcow2",
  "format":"qcow2",
  "virtual-size":2048000
  }
   }
},
"type":"unknown"
 },
 {
"io-status": "ok",
"device":"ide1-cd0",
"locked":false,
"removable":true,
"type":"unknown"
 },
 {
"device":"floppy0",
"locked":false,
"removable":true,
"type":"unknown"
 },
 {
"device":"sd0",
"locked":false,
"removable":true,
"type":"unknown"
 }
  ]
   }

  These patches follows the rule that use qmp to retieve information,
hmp layer just does a translation from qmp object it got. To make code
graceful, snapshot and image info retrieving code in qemu and qemu-img are
merged into block layer, and some function name was adjusted to make it tips
better. For the part touch by the serial, it works as:

   qemu  qemu-img

dump_monitordump_stdout
 |--| 
|
   block/qapi.c

  Special thanks for Markus, Stefan, Kevin, Eric reviewing many times.

v13:
  Renamed the serial as "enhancement for qmp/hmp interfaces of block info".
  Seperated the common part of code moving and hmp printf as a standalone
serial, which can be used by both mine and Pavel's work. This serial depend
on it: "[PATCH V3 0/4] qapi and snapshot code clean up in block layer",
https://lists.gnu.org/archive/html/qemu-devel/2013-05/msg03539.html
  Removed the VM snapshot info part, since it relate to VM snapshot creating
logic, which should be changed together with Pavel's serial.
  Address Eric's comments:
  2/6: bdrv_query_image_info() returns void now, only use *errp to tip error.

Wenchao Xia (6):
  1 block: add snapshot info query function bdrv_query_snapshot_info_list()
  2 block: add image info query function bdrv_query_image_info()
  3 qmp: add recursive member in ImageInfo
  4 qmp: add ImageInfo in BlockDeviceInfo used by query-block
  5 hmp: show ImageInfo in 'info block'
  6 hmp: add parameters device and -v for info block

 block/qapi.c |  148 ++
 hmp.c|   21 +++
 include/block/qapi.h |   14 +++--
 monitor.c|7 ++-
 qapi-schema.json |   10 +++-
 qemu-img.c   |   10 +++-
 qmp-commands.hx  |   69 +++-
 7 files changed, 242 insertions(+), 37 deletions(-)

Re: [Qemu-devel] [Qemu-trivial] [PATCH] configure: try pkg-config ncurses first

[Michael Tokarev]

25.05.2013 00:07, Ed Maste wrote:
> When probing for ncurses, try pkg-config first rather than after
> explicit -lncurses and -lcurses.  This fixes static linking in the case
> that ncurses has additional dependencies, such as -ltinfo (as on FreeBSD).

This is not a FreeBSD-specific thing, this is the way how current
ncurses works -- they separated a bunch of functions into a new
library, libtinfo.

But this is interesting.

I'm not sure I agree with this approach.  When we're building using
shared library, libncurses.so already links with libtinfo.so, so we
don't need to link executable itself with libtinfo.so, since executable
itself uses none of its functions.

On the other hand, the current logic appears to be fine, -- we first
link with just -lncurses, and if that fails, we also try pkg-config --libs --
because, maybe, we're linking statically and in that case, additional
libs from pkg-config may help.

>From yet another point of view, we may use --as-needed linker flag
and just ignore all the above.

Here, it is interesting to note that pkg-config does not actually do
the right thing in this case.  Because practically, it should have
one extra flag, something like --static-libs (or --libs --static),
and it should actually be different from plain --libs.

Anyway, I don't see a reason to apply this as it is.

Thanks,

/mjt

> 
> Signed-off-by: Ed Maste 
> ---
>  configure | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/configure b/configure
> index cfdb564..7c99ef9 100755
> --- a/configure
> +++ b/configure
> @@ -2157,7 +2157,7 @@ fi
>  if test "$mingw32" = "yes" ; then
>  curses_list="-lpdcurses"
>  else
> -curses_list="-lncurses:-lcurses:$($pkg_config --libs ncurses 
> 2>/dev/null)"
> +curses_list="$($pkg_config --libs ncurses 
> 2>/dev/null):-lncurses:-lcurses"
>  fi
>  
>  if test "$curses" != "no" ; then
> 

Re: [Qemu-devel] [PATCH 15/30] memory: add address_space_valid

[David Gibson]

On Fri, May 24, 2013 at 11:52:17AM +0100, Peter Maydell wrote:
> On 24 May 2013 09:02, Paolo Bonzini  wrote:
> > Il 23/05/2013 20:04, Peter Maydell ha scritto:
> >> Shouldn't we be calling the MemoryRegionOps
> >> accepts() callback here? What about access alignment constraints
> >> and access size restrictions?
> >
> > Yes, we should.
> >
> >> What if the validity of the range
> >> changes between the time you asked and when you actually do the
> >> access?
> >
> > If that's a concern, you shouldn't use this API, you should just do the
> > access and rely on the return value of address_space_rw & friends.
> 
> So when *is* it a good idea to use this API? In real
> hardware you don't usually get a "tell me whether this
> access would succeed if I did it" bus operation -- you
> just do the operation and the memory transaction either
> succeeds or it doesn't. Are we modelling something that
> really exists in hardware on spapr here?

So, as a general rule, you should just attempt the access and handle
failures - this is a bad interface.  The reason I added it, however,
is that the PAPR specification mandates that the virtual LAN pre-check
various buffers when they're registered, and return specific errors if
they're not mapped to valid memory.  Since we have nothing to read or
write at that point, adding this interface was the only way I could
see to implement that requirement.

Or... a bit more charitably: You should always handle failures at the
point of read or write, but using this interface can give you an
earlier, and therefore potentially easier to analyze, error in the
more common failure cases, even if there are more complex cases where
the pre-check succeeds but the read/write still fails later.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: Digital signature

[Qemu-devel] [PATCH V3 4/4] block: dump snapshot and image info to specified output

[Wenchao Xia]

bdrv_snapshot_dump() and bdrv_image_info_dump() do not dump to a buffer now,
some internal buffers are still used for format control, which have no
chance to be truncated. As a result, these two functions have no more issue
of truncation, and they can be used by both qemu and qemu-img with correct
parameter specified.

Signed-off-by: Wenchao Xia 
---
 block/qapi.c |   66 +++--
 include/block/qapi.h |6 +++-
 qemu-img.c   |9 ---
 savevm.c |7 +++--
 4 files changed, 49 insertions(+), 39 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index 155e77e..794dbf8 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -259,7 +259,8 @@ static char *get_human_readable_size(char *buf, int 
buf_size, int64_t size)
 return buf;
 }
 
-char *bdrv_snapshot_dump(char *buf, int buf_size, QEMUSnapshotInfo *sn)
+void bdrv_snapshot_dump(fprintf_function func_fprintf, void *f,
+QEMUSnapshotInfo *sn)
 {
 char buf1[128], date_buf[128], clock_buf[128];
 struct tm tm;
@@ -267,9 +268,9 @@ char *bdrv_snapshot_dump(char *buf, int buf_size, 
QEMUSnapshotInfo *sn)
 int64_t secs;
 
 if (!sn) {
-snprintf(buf, buf_size,
- "%-10s%-20s%7s%20s%15s",
- "ID", "TAG", "VM SIZE", "DATE", "VM CLOCK");
+func_fprintf(f,
+ "%-10s%-20s%7s%20s%15s",
+ "ID", "TAG", "VM SIZE", "DATE", "VM CLOCK");
 } else {
 ti = sn->date_sec;
 localtime_r(&ti, &tm);
@@ -282,17 +283,18 @@ char *bdrv_snapshot_dump(char *buf, int buf_size, 
QEMUSnapshotInfo *sn)
  (int)((secs / 60) % 60),
  (int)(secs % 60),
  (int)((sn->vm_clock_nsec / 100) % 1000));
-snprintf(buf, buf_size,
- "%-10s%-20s%7s%20s%15s",
- sn->id_str, sn->name,
- get_human_readable_size(buf1, sizeof(buf1), 
sn->vm_state_size),
- date_buf,
- clock_buf);
+func_fprintf(f,
+ "%-10s%-20s%7s%20s%15s",
+ sn->id_str, sn->name,
+ get_human_readable_size(buf1, sizeof(buf1),
+ sn->vm_state_size),
+ date_buf,
+ clock_buf);
 }
-return buf;
 }
 
-void bdrv_image_info_dump(ImageInfo *info)
+void bdrv_image_info_dump(fprintf_function func_fprintf, void *f,
+  ImageInfo *info)
 {
 char size_buf[128], dsize_buf[128];
 if (!info->has_actual_size) {
@@ -302,43 +304,46 @@ void bdrv_image_info_dump(ImageInfo *info)
 info->actual_size);
 }
 get_human_readable_size(size_buf, sizeof(size_buf), info->virtual_size);
-printf("image: %s\n"
-   "file format: %s\n"
-   "virtual size: %s (%" PRId64 " bytes)\n"
-   "disk size: %s\n",
-   info->filename, info->format, size_buf,
-   info->virtual_size,
-   dsize_buf);
+func_fprintf(f,
+ "image: %s\n"
+ "file format: %s\n"
+ "virtual size: %s (%" PRId64 " bytes)\n"
+ "disk size: %s\n",
+ info->filename, info->format, size_buf,
+ info->virtual_size,
+ dsize_buf);
 
 if (info->has_encrypted && info->encrypted) {
-printf("encrypted: yes\n");
+func_fprintf(f, "encrypted: yes\n");
 }
 
 if (info->has_cluster_size) {
-printf("cluster_size: %" PRId64 "\n", info->cluster_size);
+func_fprintf(f, "cluster_size: %" PRId64 "\n",
+   info->cluster_size);
 }
 
 if (info->has_dirty_flag && info->dirty_flag) {
-printf("cleanly shut down: no\n");
+func_fprintf(f, "cleanly shut down: no\n");
 }
 
 if (info->has_backing_filename) {
-printf("backing file: %s", info->backing_filename);
+func_fprintf(f, "backing file: %s", info->backing_filename);
 if (info->has_full_backing_filename) {
-printf(" (actual path: %s)", info->full_backing_filename);
+func_fprintf(f, " (actual path: %s)", info->full_backing_filename);
 }
-putchar('\n');
+func_fprintf(f, "\n");
 if (info->has_backing_filename_format) {
-printf("backing file format: %s\n", info->backing_filename_format);
+func_fprintf(f, "backing file format: %s\n",
+ info->backing_filename_format);
 }
 }
 
 if (info->has_snapshots) {
 SnapshotInfoList *elem;
-char buf[256];
 
-printf("Snapshot list:\n");
-printf("%s\n", bdrv_snapshot_dump(buf, sizeof(buf), NULL));
+func_fprintf(f, "Snapshot list:\n");
+bdrv_snapshot_dump(func_fprintf, f, NULL);
+func_fprintf(f, "\n");
 
 /* Ideally bdrv_snapshot_dump() would ope

[Qemu-devel] [PATCH V3 2/4] block: move snapshot code in block.c to block/snapshot.c

[Wenchao Xia]

All snapshot related code, except bdrv_snapshot_dump() and
bdrv_is_snapshot(), is moved to block/snapshot.c. bdrv_snapshot_dump()
will be moved to another file later. bdrv_is_snapshot() is not related
with internal snapshot. It also fixes small code style errors reported
by check script.

Signed-off-by: Wenchao Xia 
---
 block.c  |  100 -
 block/Makefile.objs  |1 +
 block/snapshot.c |  157 ++
 include/block/block.h|   26 ++--
 include/block/snapshot.h |   53 
 savevm.c |   23 +---
 6 files changed, 217 insertions(+), 143 deletions(-)
 create mode 100644 block/snapshot.c
 create mode 100644 include/block/snapshot.h

diff --git a/block.c b/block.c
index 478a3b2..67cafb7 100644
--- a/block.c
+++ b/block.c
@@ -3346,111 +3346,11 @@ bool bdrv_debug_is_suspended(BlockDriverState *bs, 
const char *tag)
 return false;
 }
 
-/**/
-/* handling of snapshots */
-
-int bdrv_can_snapshot(BlockDriverState *bs)
-{
-BlockDriver *drv = bs->drv;
-if (!drv || !bdrv_is_inserted(bs) || bdrv_is_read_only(bs)) {
-return 0;
-}
-
-if (!drv->bdrv_snapshot_create) {
-if (bs->file != NULL) {
-return bdrv_can_snapshot(bs->file);
-}
-return 0;
-}
-
-return 1;
-}
-
 int bdrv_is_snapshot(BlockDriverState *bs)
 {
 return !!(bs->open_flags & BDRV_O_SNAPSHOT);
 }
 
-int bdrv_snapshot_create(BlockDriverState *bs,
- QEMUSnapshotInfo *sn_info)
-{
-BlockDriver *drv = bs->drv;
-if (!drv)
-return -ENOMEDIUM;
-if (drv->bdrv_snapshot_create)
-return drv->bdrv_snapshot_create(bs, sn_info);
-if (bs->file)
-return bdrv_snapshot_create(bs->file, sn_info);
-return -ENOTSUP;
-}
-
-int bdrv_snapshot_goto(BlockDriverState *bs,
-   const char *snapshot_id)
-{
-BlockDriver *drv = bs->drv;
-int ret, open_ret;
-
-if (!drv)
-return -ENOMEDIUM;
-if (drv->bdrv_snapshot_goto)
-return drv->bdrv_snapshot_goto(bs, snapshot_id);
-
-if (bs->file) {
-drv->bdrv_close(bs);
-ret = bdrv_snapshot_goto(bs->file, snapshot_id);
-open_ret = drv->bdrv_open(bs, NULL, bs->open_flags);
-if (open_ret < 0) {
-bdrv_delete(bs->file);
-bs->drv = NULL;
-return open_ret;
-}
-return ret;
-}
-
-return -ENOTSUP;
-}
-
-int bdrv_snapshot_delete(BlockDriverState *bs, const char *snapshot_id)
-{
-BlockDriver *drv = bs->drv;
-if (!drv)
-return -ENOMEDIUM;
-if (drv->bdrv_snapshot_delete)
-return drv->bdrv_snapshot_delete(bs, snapshot_id);
-if (bs->file)
-return bdrv_snapshot_delete(bs->file, snapshot_id);
-return -ENOTSUP;
-}
-
-int bdrv_snapshot_list(BlockDriverState *bs,
-   QEMUSnapshotInfo **psn_info)
-{
-BlockDriver *drv = bs->drv;
-if (!drv)
-return -ENOMEDIUM;
-if (drv->bdrv_snapshot_list)
-return drv->bdrv_snapshot_list(bs, psn_info);
-if (bs->file)
-return bdrv_snapshot_list(bs->file, psn_info);
-return -ENOTSUP;
-}
-
-int bdrv_snapshot_load_tmp(BlockDriverState *bs,
-const char *snapshot_name)
-{
-BlockDriver *drv = bs->drv;
-if (!drv) {
-return -ENOMEDIUM;
-}
-if (!bs->read_only) {
-return -EINVAL;
-}
-if (drv->bdrv_snapshot_load_tmp) {
-return drv->bdrv_snapshot_load_tmp(bs, snapshot_name);
-}
-return -ENOTSUP;
-}
-
 /* backing_file can either be relative, or absolute, or a protocol.  If it is
  * relative, it must be relative to the chain.  So, passing in bs->filename
  * from a BDS as backing_file should not be done, as that may be relative to
diff --git a/block/Makefile.objs b/block/Makefile.objs
index 5f0358a..8670999 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -4,6 +4,7 @@ block-obj-y += qed.o qed-gencb.o qed-l2-cache.o qed-table.o 
qed-cluster.o
 block-obj-y += qed-check.o
 block-obj-y += vhdx.o
 block-obj-y += parallels.o blkdebug.o blkverify.o
+block-obj-y += snapshot.o
 block-obj-$(CONFIG_WIN32) += raw-win32.o win32-aio.o
 block-obj-$(CONFIG_POSIX) += raw-posix.o
 block-obj-$(CONFIG_LINUX_AIO) += linux-aio.o
diff --git a/block/snapshot.c b/block/snapshot.c
new file mode 100644
index 000..6c6d9de
--- /dev/null
+++ b/block/snapshot.c
@@ -0,0 +1,157 @@
+/*
+ * Block layer snapshot related functions
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to p

[Qemu-devel] [PATCH V3 3/4] block: move qmp and info dump related code to block/qapi.c

[Wenchao Xia]

This patch is a pure code move patch, except following modification:
1 get_human_readable_size() is changed to static function.
2 dump_human_image_info() is renamed to bdrv_image_info_dump().
3 in qmp_query_block() and qmp_query_blockstats, use bdrv_next(bs)
instead of direct traverse of global array 'bdrv_states'.
4 collect_snapshots() and collect_image_info() are renamed, unused parameter
*fmt in collect_image_info() is removed.
5 code style fix.

To avoid conflict and tip better, macro in header file is BLOCK_QAPI_H
instead of QAPI_H. Now block.h and snapshot.h are at the same level in
include path, block_int.h and qapi.h will both include them.

Signed-off-by: Wenchao Xia 
Reviewed-by: Eric Blake 
---
 block.c   |  185 ---
 block/Makefile.objs   |2 +-
 block/qapi.c  |  360 +
 include/block/block.h |9 -
 include/block/block_int.h |1 +
 include/block/qapi.h  |   41 +
 qemu-img.c|  156 +---
 savevm.c  |1 +
 8 files changed, 408 insertions(+), 347 deletions(-)
 create mode 100644 block/qapi.c
 create mode 100644 include/block/qapi.h

diff --git a/block.c b/block.c
index 67cafb7..1fd2944 100644
--- a/block.c
+++ b/block.c
@@ -3089,128 +3089,6 @@ int bdrv_is_allocated_above(BlockDriverState *top, 
BlockDriverState *base,
 return data.ret;
 }
 
-BlockInfo *bdrv_query_info(BlockDriverState *bs)
-{
-BlockInfo *info = g_malloc0(sizeof(*info));
-info->device = g_strdup(bs->device_name);
-info->type = g_strdup("unknown");
-info->locked = bdrv_dev_is_medium_locked(bs);
-info->removable = bdrv_dev_has_removable_media(bs);
-
-if (bdrv_dev_has_removable_media(bs)) {
-info->has_tray_open = true;
-info->tray_open = bdrv_dev_is_tray_open(bs);
-}
-
-if (bdrv_iostatus_is_enabled(bs)) {
-info->has_io_status = true;
-info->io_status = bs->iostatus;
-}
-
-if (bs->dirty_bitmap) {
-info->has_dirty = true;
-info->dirty = g_malloc0(sizeof(*info->dirty));
-info->dirty->count = bdrv_get_dirty_count(bs) * BDRV_SECTOR_SIZE;
-info->dirty->granularity =
-((int64_t) BDRV_SECTOR_SIZE << 
hbitmap_granularity(bs->dirty_bitmap));
-}
-
-if (bs->drv) {
-info->has_inserted = true;
-info->inserted = g_malloc0(sizeof(*info->inserted));
-info->inserted->file = g_strdup(bs->filename);
-info->inserted->ro = bs->read_only;
-info->inserted->drv = g_strdup(bs->drv->format_name);
-info->inserted->encrypted = bs->encrypted;
-info->inserted->encryption_key_missing = bdrv_key_required(bs);
-
-if (bs->backing_file[0]) {
-info->inserted->has_backing_file = true;
-info->inserted->backing_file = g_strdup(bs->backing_file);
-}
-
-info->inserted->backing_file_depth = bdrv_get_backing_file_depth(bs);
-
-if (bs->io_limits_enabled) {
-info->inserted->bps =
-   bs->io_limits.bps[BLOCK_IO_LIMIT_TOTAL];
-info->inserted->bps_rd =
-   bs->io_limits.bps[BLOCK_IO_LIMIT_READ];
-info->inserted->bps_wr =
-   bs->io_limits.bps[BLOCK_IO_LIMIT_WRITE];
-info->inserted->iops =
-   bs->io_limits.iops[BLOCK_IO_LIMIT_TOTAL];
-info->inserted->iops_rd =
-   bs->io_limits.iops[BLOCK_IO_LIMIT_READ];
-info->inserted->iops_wr =
-   bs->io_limits.iops[BLOCK_IO_LIMIT_WRITE];
-}
-}
-return info;
-}
-
-BlockInfoList *qmp_query_block(Error **errp)
-{
-BlockInfoList *head = NULL, **p_next = &head;
-BlockDriverState *bs;
-
-QTAILQ_FOREACH(bs, &bdrv_states, list) {
-BlockInfoList *info = g_malloc0(sizeof(*info));
-info->value = bdrv_query_info(bs);
-
-*p_next = info;
-p_next = &info->next;
-}
-
-return head;
-}
-
-BlockStats *bdrv_query_stats(const BlockDriverState *bs)
-{
-BlockStats *s;
-
-s = g_malloc0(sizeof(*s));
-
-if (bs->device_name[0]) {
-s->has_device = true;
-s->device = g_strdup(bs->device_name);
-}
-
-s->stats = g_malloc0(sizeof(*s->stats));
-s->stats->rd_bytes = bs->nr_bytes[BDRV_ACCT_READ];
-s->stats->wr_bytes = bs->nr_bytes[BDRV_ACCT_WRITE];
-s->stats->rd_operations = bs->nr_ops[BDRV_ACCT_READ];
-s->stats->wr_operations = bs->nr_ops[BDRV_ACCT_WRITE];
-s->stats->wr_highest_offset = bs->wr_highest_sector * BDRV_SECTOR_SIZE;
-s->stats->flush_operations = bs->nr_ops[BDRV_ACCT_FLUSH];
-s->stats->wr_total_time_ns = bs->total_time_ns[BDRV_ACCT_WRITE];
-s->stats->rd_total_time_ns = bs->total_time_ns[BDRV_ACCT_READ];
-s->stats->flush_total_time_ns = bs->total_time_ns[BDRV_ACCT_FLUSH];
-
-if (bs->file) {
-s->has_parent = tru

[Qemu-devel] [PATCH V3 1/4] block: drop bs_snapshots global variable

[Wenchao Xia]

From: Stefan Hajnoczi 

The bs_snapshots global variable points to the BlockDriverState which
will be used to save vmstate.  This is really a savevm.c concept but was
moved into block.c:bdrv_snapshots() when it became clear that hotplug
could result in a dangling pointer.

While auditing the block layer's global state I came upon bs_snapshots
and realized that a variable is not necessary here.  Simply find the
first BlockDriverState capable of internal snapshots each time this is
needed.

The behavior of bdrv_snapshots() is preserved across hotplug because new
drives are always appended to the bdrv_states list.  This means that
calling the new find_vmstate_bs() function is idempotent - it returns
the same BlockDriverState unless it was hot-unplugged.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Eric Blake 
Reviewed-by: Wenchao Xia 
Signed-off-by: Wenchao Xia 
---
 block.c   |   28 
 include/block/block.h |1 -
 savevm.c  |   19 +++
 3 files changed, 15 insertions(+), 33 deletions(-)

diff --git a/block.c b/block.c
index 3f87489..478a3b2 100644
--- a/block.c
+++ b/block.c
@@ -99,9 +99,6 @@ static QTAILQ_HEAD(, BlockDriverState) bdrv_states =
 static QLIST_HEAD(, BlockDriver) bdrv_drivers =
 QLIST_HEAD_INITIALIZER(bdrv_drivers);
 
-/* The device to use for VM snapshots */
-static BlockDriverState *bs_snapshots;
-
 /* If non-zero, use only whitelisted block drivers */
 static int use_bdrv_whitelist;
 
@@ -1357,9 +1354,6 @@ void bdrv_close(BlockDriverState *bs)
 notifier_list_notify(&bs->close_notifiers, bs);
 
 if (bs->drv) {
-if (bs == bs_snapshots) {
-bs_snapshots = NULL;
-}
 if (bs->backing_hd) {
 bdrv_delete(bs->backing_hd);
 bs->backing_hd = NULL;
@@ -1591,7 +1585,6 @@ void bdrv_delete(BlockDriverState *bs)
 
 bdrv_close(bs);
 
-assert(bs != bs_snapshots);
 g_free(bs);
 }
 
@@ -1635,9 +1628,6 @@ void bdrv_set_dev_ops(BlockDriverState *bs, const 
BlockDevOps *ops,
 {
 bs->dev_ops = ops;
 bs->dev_opaque = opaque;
-if (bdrv_dev_has_removable_media(bs) && bs == bs_snapshots) {
-bs_snapshots = NULL;
-}
 }
 
 void bdrv_emit_qmp_error_event(const BlockDriverState *bdrv,
@@ -3381,24 +3371,6 @@ int bdrv_is_snapshot(BlockDriverState *bs)
 return !!(bs->open_flags & BDRV_O_SNAPSHOT);
 }
 
-BlockDriverState *bdrv_snapshots(void)
-{
-BlockDriverState *bs;
-
-if (bs_snapshots) {
-return bs_snapshots;
-}
-
-bs = NULL;
-while ((bs = bdrv_next(bs))) {
-if (bdrv_can_snapshot(bs)) {
-bs_snapshots = bs;
-return bs;
-}
-}
-return NULL;
-}
-
 int bdrv_snapshot_create(BlockDriverState *bs,
  QEMUSnapshotInfo *sn_info)
 {
diff --git a/include/block/block.h b/include/block/block.h
index 1251c5c..38263b9 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -332,7 +332,6 @@ BlockInfo *bdrv_query_info(BlockDriverState *s);
 BlockStats *bdrv_query_stats(const BlockDriverState *bs);
 int bdrv_can_snapshot(BlockDriverState *bs);
 int bdrv_is_snapshot(BlockDriverState *bs);
-BlockDriverState *bdrv_snapshots(void);
 int bdrv_snapshot_create(BlockDriverState *bs,
  QEMUSnapshotInfo *sn_info);
 int bdrv_snapshot_goto(BlockDriverState *bs,
diff --git a/savevm.c b/savevm.c
index 31dcce9..baa1a09 100644
--- a/savevm.c
+++ b/savevm.c
@@ -2262,6 +2262,17 @@ out:
 return ret;
 }
 
+static BlockDriverState *find_vmstate_bs(void)
+{
+BlockDriverState *bs = NULL;
+while ((bs = bdrv_next(bs))) {
+if (bdrv_can_snapshot(bs)) {
+return bs;
+}
+}
+return NULL;
+}
+
 static int bdrv_snapshot_find(BlockDriverState *bs, QEMUSnapshotInfo *sn_info,
   const char *name)
 {
@@ -2338,7 +2349,7 @@ void do_savevm(Monitor *mon, const QDict *qdict)
 }
 }
 
-bs = bdrv_snapshots();
+bs = find_vmstate_bs();
 if (!bs) {
 monitor_printf(mon, "No block device can accept snapshots\n");
 return;
@@ -2440,7 +2451,7 @@ int load_vmstate(const char *name)
 QEMUFile *f;
 int ret;
 
-bs_vm_state = bdrv_snapshots();
+bs_vm_state = find_vmstate_bs();
 if (!bs_vm_state) {
 error_report("No block device supports snapshots");
 return -ENOTSUP;
@@ -2519,7 +2530,7 @@ void do_delvm(Monitor *mon, const QDict *qdict)
 int ret;
 const char *name = qdict_get_str(qdict, "name");
 
-bs = bdrv_snapshots();
+bs = find_vmstate_bs();
 if (!bs) {
 monitor_printf(mon, "No block device supports snapshots\n");
 return;
@@ -2551,7 +2562,7 @@ void do_info_snapshots(Monitor *mon, const QDict *qdict)
 int *available_snapshots;
 char buf[256];
 
-bs = bdrv_snapshots();
+bs = find_vmstate_bs();
 if (!bs) {
 monitor_printf(mon, "No available block device supports snapshots\n");
 

[Qemu-devel] [PATCH V3 0/4] qapi and snapshot code clean up in block layer

[Wenchao Xia]

These patches are the common part of my hmp/qmp block query series and Pavel's
qmp snapshot command converion series. It mainly does following things:
1 move snapshot related code to block/snapshot.c, qmp and info dumping code to
block/qapi.c.
2 better info dumping function to get rid of buffer, avoid string truncation.

v2:
  Squash code moving patches since they are reviewed in v1.
  Drop bdrv_snapshot_find() function change patch, since it related to snapshot
logic which should be changed together with Pavel's serial.
  Use a parameter in message_printf() to tell where to print, instead of use
global variable "cur_mon" inside.

v3:
  Address Stefan's comments:
  2/4: do not move bdrv_is_snapshot().
  4/4: reuse fprintf_function function pointer instead of a new function.

Stefan Hajnoczi (1):
  1 block: drop bs_snapshots global variable

Wenchao Xia (3):
  2 block: move snapshot code in block.c to block/snapshot.c
  3 block: move qmp and info dump related code to block/qapi.c
  4 block: dump snapshot and image info to specified output

 block.c   |  313 --
 block/Makefile.objs   |1 +
 block/qapi.c  |  366 +
 block/snapshot.c  |  157 +++
 include/block/block.h |   28 +
 include/block/block_int.h |1 +
 include/block/qapi.h  |   43 ++
 include/block/snapshot.h  |   53 +++
 qemu-img.c|  163 +---
 savevm.c  |   40 ++---
 10 files changed, 646 insertions(+), 519 deletions(-)
 create mode 100644 block/qapi.c
 create mode 100644 block/snapshot.c
 create mode 100644 include/block/qapi.h
 create mode 100644 include/block/snapshot.h

Re: [Qemu-devel] [PATCH] target-i386: Disable CPUID_EXT_MONITOR when KVM is enabled

[Bandan Das]

Forwarding message by Eduardo. I had misspelled nongnu.org in my first attempt!
The spaces/tab comment by Eduardo has been fixed. 

Eduardo Habkost  writes:
> 
> By default, CPUID_EXT_MONITOR is enabled for some cpu models 
> such as Opteron_G3. Disable it if kvm_enabled() is true since 
> monitor/mwait aren't supported by KVM yet. 
> 
> Signed-off-by: Bandan Das 

Interesting, I haven't noticed that TCG supports CPUID_EXT_MONITOR.

I believe that's yet another reason to make the KVM CPU models separate
classes from the TCG CPU models: because
"-machine ...,accel=kvm -cpu Foo" and "-machine ...,accel=tcg -cpu Foo"
_already_ have different meanings today and result in different CPUs.
Making them classes would just make the fact that they _are_ different
CPU models explicit.


> ---
> There is no user visible side-effect to this behavior, the aim 
> is to clean up the default flags that are not supported (yet).

There is one user-visible effect: "-cpu ...,enforce" will stop failing
because of missing KVM support for CPUID_EXT_MONITOR. But that's exactly
the point: there's no point in having CPU model definitions that would
never work as-is with neither TCG or KVM. This patch is changing the
meaning of (e.g.) "-machine ...,accel=kvm -cpu Opteron_G3" to match what
was already happening in practice.

> 
>  target-i386/cpu.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 1a501d9..c83ba1c 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -1749,6 +1749,7 @@ static void cpu_x86_register(X86CPU *cpu, const char 
> *name, Error **errp)
>  
>  if (kvm_enabled()) {
>  def->features[FEAT_KVM] |= kvm_default_features;
> + def->features[FEAT_1_ECX] &= ~CPUID_EXT_MONITOR;

You are mixing spaces and tabs, here.

>  }
>  def->features[FEAT_1_ECX] |= CPUID_EXT_HYPERVISOR;
>  
> -- 
> 1.8.1.4
> 

-- 
Eduardo

> By default, CPUID_EXT_MONITOR is enabled for some cpu models 
> such as Opteron_G3. Disable it if kvm_enabled() is true since 
> monitor/mwait aren't supported by KVM yet. 
>
> Signed-off-by: Bandan Das 
> ---
> There is no user visible side-effect to this behavior, the aim 
> is to clean up the default flags that are not supported (yet).
>
>  target-i386/cpu.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 1a501d9..c83ba1c 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -1749,6 +1749,7 @@ static void cpu_x86_register(X86CPU *cpu, const char 
> *name, Error **errp)
>  
>  if (kvm_enabled()) {
>  def->features[FEAT_KVM] |= kvm_default_features;
> +def->features[FEAT_1_ECX] &= ~CPUID_EXT_MONITOR;
>  }
>  def->features[FEAT_1_ECX] |= CPUID_EXT_HYPERVISOR;

[Qemu-devel] [PATCH] target-i386: Disable CPUID_EXT_MONITOR when KVM is enabled

[Bandan Das]

By default, CPUID_EXT_MONITOR is enabled for some cpu models 
such as Opteron_G3. Disable it if kvm_enabled() is true since 
monitor/mwait aren't supported by KVM yet. 

Signed-off-by: Bandan Das 
---
There is no user visible side-effect to this behavior, the aim 
is to clean up the default flags that are not supported (yet).

 target-i386/cpu.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 1a501d9..c83ba1c 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1749,6 +1749,7 @@ static void cpu_x86_register(X86CPU *cpu, const char 
*name, Error **errp)
 
 if (kvm_enabled()) {
 def->features[FEAT_KVM] |= kvm_default_features;
+def->features[FEAT_1_ECX] &= ~CPUID_EXT_MONITOR;
 }
 def->features[FEAT_1_ECX] |= CPUID_EXT_HYPERVISOR;
 
-- 
1.8.1.4

Re: [Qemu-devel] [PATCH] Remove OSS support for OpenBSD

[Laszlo Ersek]

On 05/25/13 01:01, Brad Smith wrote:
> Remove the OSS support for OpenBSD. The OSS API has not been usable
> for quite some time.
> 
> Signed-off-by: Brad Smith 
> 
> 
> diff --git a/audio/ossaudio.c b/audio/ossaudio.c
> index 00be9c9..007c641 100644
> --- a/audio/ossaudio.c
> +++ b/audio/ossaudio.c
> @@ -25,11 +25,7 @@
>  #include 
>  #include 
>  #include 
> -#ifdef __OpenBSD__
> -#include 
> -#else
>  #include 
> -#endif
>  #include "qemu-common.h"
>  #include "qemu/main-loop.h"
>  #include "qemu/host-utils.h"
> diff --git a/configure b/configure
> index 5ae7e4a..eb74510 100755
> --- a/configure
> +++ b/configure
> @@ -468,9 +468,8 @@ NetBSD)
>  OpenBSD)
>bsd="yes"
>make="${MAKE-gmake}"
> -  audio_drv_list="oss"
> -  audio_possible_drivers="oss sdl esd"
> -  oss_lib="-lossaudio"
> +  audio_drv_list="sdl"
> +  audio_possible_drivers="sdl esd"
>  ;;
>  Darwin)
>bsd="yes"
> 

Reviewed-by: Laszlo Ersek 

Re: [Qemu-devel] [PATCH] Remove OSS support for OpenBSD

[Brad Smith]

On Sat, May 25, 2013 at 12:51:23AM +0200, Laszlo Ersek wrote:
> On 05/08/13 13:39, Brad Smith wrote:
> > Remove the OSS support for OpenBSD. The OSS API has not been usable
> > for quite some time.
> > 
> > Signed-off-by: Brad Smith 
> > 
> > diff --git a/audio/ossaudio.c b/audio/ossaudio.c
> > index 00be9c9..007c641 100644
> > --- a/audio/ossaudio.c
> > +++ b/audio/ossaudio.c
> > @@ -25,11 +25,7 @@
> >  #include 
> >  #include 
> >  #include 
> > -#ifdef __OpenBSD__
> > -#include 
> > -#else
> >  #include 
> > -#endif
> >  #include "qemu-common.h"
> >  #include "qemu/main-loop.h"
> >  #include "qemu/host-utils.h"
> > diff --git a/configure b/configure
> > index 9439f1c..89dda5b 100755
> > --- a/configure
> > +++ b/configure
> > @@ -468,8 +468,7 @@ OpenBSD)
> >bsd="yes"
> >make="${MAKE-gmake}"
> >audio_drv_list="oss"
> > -  audio_possible_drivers="oss sdl esd"
> > -  oss_lib="-lossaudio"
> > +  audio_possible_drivers="sdl esd"
> >  ;;
> >  Darwin)
> >bsd="yes"
> > 
> 
> Shouldn't the default audio driver list ($audio_drv_list) be a subset of
> the possible driver list?

My mistake. A new patch sent.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

[Qemu-devel] [PATCH] Remove OSS support for OpenBSD

[Brad Smith]

Remove the OSS support for OpenBSD. The OSS API has not been usable
for quite some time.

Signed-off-by: Brad Smith 


diff --git a/audio/ossaudio.c b/audio/ossaudio.c
index 00be9c9..007c641 100644
--- a/audio/ossaudio.c
+++ b/audio/ossaudio.c
@@ -25,11 +25,7 @@
 #include 
 #include 
 #include 
-#ifdef __OpenBSD__
-#include 
-#else
 #include 
-#endif
 #include "qemu-common.h"
 #include "qemu/main-loop.h"
 #include "qemu/host-utils.h"
diff --git a/configure b/configure
index 5ae7e4a..eb74510 100755
--- a/configure
+++ b/configure
@@ -468,9 +468,8 @@ NetBSD)
 OpenBSD)
   bsd="yes"
   make="${MAKE-gmake}"
-  audio_drv_list="oss"
-  audio_possible_drivers="oss sdl esd"
-  oss_lib="-lossaudio"
+  audio_drv_list="sdl"
+  audio_possible_drivers="sdl esd"
 ;;
 Darwin)
   bsd="yes"

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: [Qemu-devel] [PATCH] Remove OSS support for OpenBSD

[Laszlo Ersek]

On 05/08/13 13:39, Brad Smith wrote:
> Remove the OSS support for OpenBSD. The OSS API has not been usable
> for quite some time.
> 
> Signed-off-by: Brad Smith 
> 
> diff --git a/audio/ossaudio.c b/audio/ossaudio.c
> index 00be9c9..007c641 100644
> --- a/audio/ossaudio.c
> +++ b/audio/ossaudio.c
> @@ -25,11 +25,7 @@
>  #include 
>  #include 
>  #include 
> -#ifdef __OpenBSD__
> -#include 
> -#else
>  #include 
> -#endif
>  #include "qemu-common.h"
>  #include "qemu/main-loop.h"
>  #include "qemu/host-utils.h"
> diff --git a/configure b/configure
> index 9439f1c..89dda5b 100755
> --- a/configure
> +++ b/configure
> @@ -468,8 +468,7 @@ OpenBSD)
>bsd="yes"
>make="${MAKE-gmake}"
>audio_drv_list="oss"
> -  audio_possible_drivers="oss sdl esd"
> -  oss_lib="-lossaudio"
> +  audio_possible_drivers="sdl esd"
>  ;;
>  Darwin)
>bsd="yes"
> 

Shouldn't the default audio driver list ($audio_drv_list) be a subset of
the possible driver list?

Thanks,
Laszlo

[Qemu-devel] [PATCH] kvm: exclude ioeventfd from counting kvm_io_range limit

[Amos Kong]

We can easily reach the 1000 limit by start VM with a couple
hundred I/O devices (multifunction=on). The hardcode limit
already been adjusted 3 times (6 ~ 200 ~ 300 ~ 1000).

In userspace, we already have maximum file descriptor to
limit ioeventfd count. But kvm_io_bus devices also are used
for pit, pic, ioapic, coalesced_mmio. They couldn't be limited
by maximum file descriptor.

Currently only ioeventfds take too much kvm_io_bus devices,
so just exclude it from counting kvm_io_range limit.

Also fixed one indent issue in kvm_host.h

Signed-off-by: Amos Kong 
---
 include/linux/kvm_host.h | 3 ++-
 virt/kvm/eventfd.c   | 2 ++
 virt/kvm/kvm_main.c  | 3 ++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index f0eea07..ef261ab 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -144,7 +144,8 @@ struct kvm_io_range {
 #define NR_IOBUS_DEVS 1000
 
 struct kvm_io_bus {
-   int   dev_count;
+   int dev_count;
+   int ioeventfd_count;
struct kvm_io_range range[];
 };
 
diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
index 64ee720..1550637 100644
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -753,6 +753,7 @@ kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd 
*args)
if (ret < 0)
goto unlock_fail;
 
+   kvm->buses[bus_idx]->ioeventfd_count++;
list_add_tail(&p->list, &kvm->ioeventfds);
 
mutex_unlock(&kvm->slots_lock);
@@ -798,6 +799,7 @@ kvm_deassign_ioeventfd(struct kvm *kvm, struct 
kvm_ioeventfd *args)
continue;
 
kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev);
+   kvm->buses[bus_idx]->ioeventfd_count--;
ioeventfd_release(p);
ret = 0;
break;
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 302681c..c6d9baf 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2926,7 +2926,8 @@ int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus 
bus_idx, gpa_t addr,
struct kvm_io_bus *new_bus, *bus;
 
bus = kvm->buses[bus_idx];
-   if (bus->dev_count > NR_IOBUS_DEVS - 1)
+   /* exclude ioeventfd which is limited by maximum fd */
+   if (bus->dev_count - bus->ioeventfd_count > NR_IOBUS_DEVS - 1)
return -ENOSPC;
 
new_bus = kzalloc(sizeof(*bus) + ((bus->dev_count + 1) *
-- 
1.8.1.4

Re: [Qemu-devel] [Qemu-stable] qmp commands get rejected

[mdroth]

On Sat, May 25, 2013 at 12:12:22AM +0200, Stefan Priebe wrote:
> Am 25.05.2013 00:09, schrieb mdroth:
> >I would try to create a small example script.
> 
> I use qmp-shell and other little scripts very often.
> 
> >Am this be due to the fact that I don't wait for the welcome banner
> >right now?
> 
> If you're not reading from the socket, then you'll get the banner back
> when
> you read your first response. But qom-set shouldn't fail because of that.
> >>
> >>I can workaround it by adding this patch:
> >>diff --git a/monitor.c b/monitor.c
> >>index 62aaebe..9997520 100644
> >>--- a/monitor.c
> >>+++ b/monitor.c
> >>@@ -4239,7 +4239,8 @@ static int monitor_can_read(void *opaque)
> >>  static int invalid_qmp_mode(const Monitor *mon, const char *cmd_name)
> >>  {
> >>  int is_cap = compare_cmd(cmd_name, "qmp_capabilities");
> >>-return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
> >>+//return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
> >>+return ((is_cap > 0) ? 0 : (qmp_cmd_mode(mon) ? is_cap : !is_cap));
> >>  }
> >
> >I think this is unrelated to your original issue. If you issue
> >'qmp_capabilities' command more than once you will get CommandNotFound,
> >and that behavior seems to be present even with v1.3.0. This patch seems
> >to be masking the problem you're having (which seems to be state from
> >previous monitor sessions/connections leaking into subsequent ones).
> 
> That sounds reasonable. I'm using proxmox / PVE which does a lot of
> qmp queries in the background. So i might see situations where X
> connections in parallel do qmp queries.
> 
> >It's possible the GSource-based mechanism for handling I/O for chardev
> >backends is causing a difference in behavior. Still not sure exactly
> >what's going on though.
> Can i revert some patches to test?

I think somewhere prior to this one should be enough to test:

2ea5a7af7bfa576a5936400ccca4144caca9640b

> 
> Stefan
> 

Re: [Qemu-devel] [PATCH] Remove OSS support for OpenBSD

[Brad Smith]

On Wed, May 08, 2013 at 07:39:25AM -0400, Brad Smith wrote:
> Remove the OSS support for OpenBSD. The OSS API has not been usable
> for quite some time.
> 
> Signed-off-by: Brad Smith 

ping.

> diff --git a/audio/ossaudio.c b/audio/ossaudio.c
> index 00be9c9..007c641 100644
> --- a/audio/ossaudio.c
> +++ b/audio/ossaudio.c
> @@ -25,11 +25,7 @@
>  #include 
>  #include 
>  #include 
> -#ifdef __OpenBSD__
> -#include 
> -#else
>  #include 
> -#endif
>  #include "qemu-common.h"
>  #include "qemu/main-loop.h"
>  #include "qemu/host-utils.h"
> diff --git a/configure b/configure
> index 9439f1c..89dda5b 100755
> --- a/configure
> +++ b/configure
> @@ -468,8 +468,7 @@ OpenBSD)
>bsd="yes"
>make="${MAKE-gmake}"
>audio_drv_list="oss"
> -  audio_possible_drivers="oss sdl esd"
> -  oss_lib="-lossaudio"
> +  audio_possible_drivers="sdl esd"
>  ;;
>  Darwin)
>bsd="yes"

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: [Qemu-devel] [Qemu-stable] qmp commands get rejected

[Stefan Priebe]

Am 25.05.2013 00:09, schrieb mdroth:

I would try to create a small example script.


I use qmp-shell and other little scripts very often.


Am this be due to the fact that I don't wait for the welcome banner
right now?


If you're not reading from the socket, then you'll get the banner back
when
you read your first response. But qom-set shouldn't fail because of that.


I can workaround it by adding this patch:
diff --git a/monitor.c b/monitor.c
index 62aaebe..9997520 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4239,7 +4239,8 @@ static int monitor_can_read(void *opaque)
  static int invalid_qmp_mode(const Monitor *mon, const char *cmd_name)
  {
  int is_cap = compare_cmd(cmd_name, "qmp_capabilities");
-return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
+//return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
+return ((is_cap > 0) ? 0 : (qmp_cmd_mode(mon) ? is_cap : !is_cap));
  }


I think this is unrelated to your original issue. If you issue
'qmp_capabilities' command more than once you will get CommandNotFound,
and that behavior seems to be present even with v1.3.0. This patch seems
to be masking the problem you're having (which seems to be state from
previous monitor sessions/connections leaking into subsequent ones).


That sounds reasonable. I'm using proxmox / PVE which does a lot of qmp 
queries in the background. So i might see situations where X connections 
in parallel do qmp queries.



It's possible the GSource-based mechanism for handling I/O for chardev
backends is causing a difference in behavior. Still not sure exactly
what's going on though.

Can i revert some patches to test?

Stefan

Re: [Qemu-devel] [Qemu-stable] qmp commands get rejected

[mdroth]

On Fri, May 24, 2013 at 11:37:46PM +0200, Stefan Priebe wrote:
> >Am 24.05.2013 17:21, schrieb Luiz Capitulino:
> >>On Fri, 24 May 2013 16:36:26 +0200
> >>Stefan Priebe - Profihost AG  wrote:
> >>
> >>>Am 24.05.2013 um 16:02 schrieb Luiz Capitulino :
> >>>
> On Fri, 24 May 2013 15:57:59 +0200
> Stefan Priebe - Profihost AG  wrote:
> 
> >Am 24.05.2013 um 15:23 schrieb Luiz Capitulino
> >:
> >
> >>On Fri, 24 May 2013 07:50:33 +0200
> >>Stefan Priebe  wrote:
> >>
> >>>Hello list,
> >>>
> >>>since upgrading from qemu 1.4.1 to 1.5.0 i've problems with qmp
> >>>commands.
> >>>
> >>>With Qemu 1.5 i've the following socket communication:
> >>>
> >>>'{"execute":"qmp_capabilities","id":"12125:1","arguments":{}}'
> >>>
> >>>'{"return": {}, "id": "12125:1"}'
> >>>
> >>>'{"execute":"qom-set","id":"12125:2","arguments":{"value":2,"path":"machine/peripheral/balloon0","property":"guest-stats-polling-interval"}}'
> >>>
> >>>
> >>>'{"QMP": {"version": {"qemu": {"micro": 0, "minor": 5, "major": 1},
> >>>"package": ""}, "capabilities": []}}'
> >>>
> >>>'{"id": "12125:2", "error": {"class": "CommandNotFound", "desc":
> >>>"The
> >>>command qom-set has not been found"}}'
> >>>
> >>>
> >>>It seems that the command mode (qmp_capabilities) gets resets by the
> >>>welcome banner?
> >>
> >>It looks like you got disconnected before qom-set was issued.
> >
> >No its the same socket connection. No disconnect had happened.
> >
> >>
> >>Can you share more details on how those commands are being issued?
> >
> >They're send through socket with a perl script. What do you need?
> 
> That perl script maybe? I can't reproduce the problem.
> >>>
> >>>I would try to create a small example script.
> >>
> >>I use qmp-shell and other little scripts very often.
> >>
> >>>Am this be due to the fact that I don't wait for the welcome banner
> >>>right now?
> >>
> >>If you're not reading from the socket, then you'll get the banner back
> >>when
> >>you read your first response. But qom-set shouldn't fail because of that.
> 
> I can workaround it by adding this patch:
> diff --git a/monitor.c b/monitor.c
> index 62aaebe..9997520 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -4239,7 +4239,8 @@ static int monitor_can_read(void *opaque)
>  static int invalid_qmp_mode(const Monitor *mon, const char *cmd_name)
>  {
>  int is_cap = compare_cmd(cmd_name, "qmp_capabilities");
> -return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
> +//return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
> +return ((is_cap > 0) ? 0 : (qmp_cmd_mode(mon) ? is_cap : !is_cap));
>  }

I think this is unrelated to your original issue. If you issue
'qmp_capabilities' command more than once you will get CommandNotFound,
and that behavior seems to be present even with v1.3.0. This patch seems
to be masking the problem you're having (which seems to be state from
previous monitor sessions/connections leaking into subsequent ones).

It's possible the GSource-based mechanism for handling I/O for chardev
backends is causing a difference in behavior. Still not sure exactly
what's going on though.

> 
>  /*
> 
> Stefan
> 

Re: [Qemu-devel] [PATCH 00/22] Memory/IOMMU patches, part 2: unassigned access detection

[Richard Henderson]

On 2013-05-24 10:05, Paolo Bonzini wrote:

Paolo Bonzini (22):
   exec: eliminate io_mem_ram
   exec: drop useless #if
   cputlb: simplify tlb_set_page
   exec: make io_mem_unassigned private
   exec: do not use error_mem_read
   memory: dispatch unassigned accesses based on .valid.accepts
   memory: add address_space_translate
   memory: move unassigned_mem_ops to memory.c
   memory: assign MemoryRegionOps to all regions
   exec: expect mr->ops to be initialized for ROM
   exec: introduce memory_access_is_direct
   exec: introduce memory_access_size
   memory: export memory_region_access_valid to exec.c
   exec: implement .valid.accepts for subpages
   memory: add address_space_access_valid
   memory: accept mismatching sizes in memory_region_access_valid
   memory: add big endian support to access_with_adjusted_size
   memory: split accesses even when the old MMIO callbacks are used
   memory: correctly handle endian-swapped 64-bit accesses
   exec: just use io_mem_read/io_mem_write for 8-byte I/O accesses
   memory: propagate errors on I/O dispatch
   memory: add return value to address_space_rw/read/write


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] qmp commands get rejected

[Stefan Priebe]

Am 24.05.2013 23:37, schrieb Stefan Priebe:

Am 24.05.2013 17:21, schrieb Luiz Capitulino:

On Fri, 24 May 2013 16:36:26 +0200
Stefan Priebe - Profihost AG  wrote:


Am 24.05.2013 um 16:02 schrieb Luiz Capitulino
:


On Fri, 24 May 2013 15:57:59 +0200
Stefan Priebe - Profihost AG  wrote:


Am 24.05.2013 um 15:23 schrieb Luiz Capitulino
:


On Fri, 24 May 2013 07:50:33 +0200
Stefan Priebe  wrote:


Hello list,

since upgrading from qemu 1.4.1 to 1.5.0 i've problems with qmp
commands.

With Qemu 1.5 i've the following socket communication:

'{"execute":"qmp_capabilities","id":"12125:1","arguments":{}}'

'{"return": {}, "id": "12125:1"}'

'{"execute":"qom-set","id":"12125:2","arguments":{"value":2,"path":"machine/peripheral/balloon0","property":"guest-stats-polling-interval"}}'



'{"QMP": {"version": {"qemu": {"micro": 0, "minor": 5, "major": 1},
"package": ""}, "capabilities": []}}'

'{"id": "12125:2", "error": {"class": "CommandNotFound", "desc":
"The
command qom-set has not been found"}}'


It seems that the command mode (qmp_capabilities) gets resets by
the
welcome banner?


It looks like you got disconnected before qom-set was issued.


No its the same socket connection. No disconnect had happened.



Can you share more details on how those commands are being issued?


They're send through socket with a perl script. What do you need?


That perl script maybe? I can't reproduce the problem.


I would try to create a small example script.


I use qmp-shell and other little scripts very often.


Am this be due to the fact that I don't wait for the welcome banner
right now?


If you're not reading from the socket, then you'll get the banner back
when
you read your first response. But qom-set shouldn't fail because of
that.


I can workaround it by adding this patch:
diff --git a/monitor.c b/monitor.c
index 62aaebe..9997520 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4239,7 +4239,8 @@ static int monitor_can_read(void *opaque)
  static int invalid_qmp_mode(const Monitor *mon, const char *cmd_name)
  {
  int is_cap = compare_cmd(cmd_name, "qmp_capabilities");
-return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
+//return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
+return ((is_cap > 0) ? 0 : (qmp_cmd_mode(mon) ? is_cap : !is_cap));
  }

  /*


It fixes it for the moment... but not in general. Still seeing failing 
commands...


Stefan

Re: [Qemu-devel] qmp commands get rejected

[Stefan Priebe]

Mit freundlichen Grüßen
  Stefan Priebe
Bachelor of Science in Computer Science (BSCS)
Vorstand (CTO)

---
Profihost AG
Am Mittelfelde 29
30519 Hannover
Deutschland

Tel.: +49 (511) 5151 8181 | Fax.: +49 (511) 5151 8282
URL: http://www.profihost.com | E-Mail: i...@profihost.com

Sitz der Gesellschaft: Hannover, USt-IdNr. DE813460827
Registergericht: Amtsgericht Hannover, Register-Nr.: HRB 202350
Vorstand: Cristoph Bluhm, Sebastian Bluhm, Stefan Priebe
Aufsichtsrat: Prof. Dr. iur. Winfried Huck (Vorsitzender)

Am 24.05.2013 23:37, schrieb Stefan Priebe:

Am 24.05.2013 17:21, schrieb Luiz Capitulino:

On Fri, 24 May 2013 16:36:26 +0200
Stefan Priebe - Profihost AG  wrote:


Am 24.05.2013 um 16:02 schrieb Luiz Capitulino
:


On Fri, 24 May 2013 15:57:59 +0200
Stefan Priebe - Profihost AG  wrote:


Am 24.05.2013 um 15:23 schrieb Luiz Capitulino
:


On Fri, 24 May 2013 07:50:33 +0200
Stefan Priebe  wrote:


Hello list,

since upgrading from qemu 1.4.1 to 1.5.0 i've problems with qmp
commands.

With Qemu 1.5 i've the following socket communication:

'{"execute":"qmp_capabilities","id":"12125:1","arguments":{}}'

'{"return": {}, "id": "12125:1"}'

'{"execute":"qom-set","id":"12125:2","arguments":{"value":2,"path":"machine/peripheral/balloon0","property":"guest-stats-polling-interval"}}'



'{"QMP": {"version": {"qemu": {"micro": 0, "minor": 5, "major": 1},
"package": ""}, "capabilities": []}}'

'{"id": "12125:2", "error": {"class": "CommandNotFound", "desc":
"The
command qom-set has not been found"}}'


It seems that the command mode (qmp_capabilities) gets resets by
the
welcome banner?


It looks like you got disconnected before qom-set was issued.


No its the same socket connection. No disconnect had happened.



Can you share more details on how those commands are being issued?


They're send through socket with a perl script. What do you need?


That perl script maybe? I can't reproduce the problem.


I would try to create a small example script.


I use qmp-shell and other little scripts very often.


Am this be due to the fact that I don't wait for the welcome banner
right now?


If you're not reading from the socket, then you'll get the banner back
when
you read your first response. But qom-set shouldn't fail because of
that.


I can workaround it by adding this patch:
diff --git a/monitor.c b/monitor.c
index 62aaebe..9997520 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4239,7 +4239,8 @@ static int monitor_can_read(void *opaque)
  static int invalid_qmp_mode(const Monitor *mon, const char *cmd_name)
  {
  int is_cap = compare_cmd(cmd_name, "qmp_capabilities");
-return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
+//return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
+return ((is_cap > 0) ? 0 : (qmp_cmd_mode(mon) ? is_cap : !is_cap));
  }

  /*


It fixes it for the moment... but not in general. Still seeing failing 
commands...


Stefan

[Qemu-devel] [Bug 1180970] Re: qemu: fatal: Trying to execute code outside RAM or ROM; worked in 1.4.0, fails in 1.4.92

[Laszlo Ersek]

Proposed patch: http://thread.gmane.org/gmane.comp.emulators.qemu/213023

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1180970

Title:
  qemu: fatal: Trying to execute code outside RAM or ROM; worked in
  1.4.0, fails in 1.4.92

Status in QEMU:
  In Progress

Bug description:
  I'm using qemu to run and debug the EDK2 uEFI environment. OVMF is
  being built out of the EDK2 tree I've checked out (r14367).
  (Reproducing all this could be tedious so I am available for
  debugging/testing.)

  qemu 1.4.0 was able to execute this guest environment with no trouble,
  qemu 1.4.92 however issues an error message and aborts.  The command
  line I use to start qemu is:

  $ /usr/local/bin/qemu-system-x86_64 -m 1024 -bios OVMF.fd -monitor
  stdio

  1.4.92 gives the following register dump:

  QEMU 1.4.92 monitor - type 'help' for more information
  (qemu) qemu: fatal: Trying to execute code outside RAM or ROM at 
0x0001

  RAX=3e084da8 RBX=3e084868 RCX= 
RDX=3e084f00
  RSI=0001 RDI=3e085000 RBP=3e084708 
RSP=3fac8510
  R8 = R9 =3e14c3e3 R10=0033 
R11=00d3
  R12=3e0848a0 R13= R14= 
R15=
  RIP=ffe4 RFL=0046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
  ES =0008   00cf9300 DPL=0 DS   [-WA]
  CS =0028   00af9b00 DPL=0 CS64 [-RA]
  SS =0008   00cf9300 DPL=0 DS   [-WA]
  DS =0008   00cf9300 DPL=0 DS   [-WA]
  FS =0008   00cf9300 DPL=0 DS   [-WA]
  GS =0008   00cf9300 DPL=0 DS   [-WA]
  LDT=   8200 DPL=0 LDT
  TR =   8b00 DPL=0 TSS64-busy
  GDT= 3fa50e98 003f
  IDT= 3f9d6e20 0fff
  CR0=8033 CR2= CR3=3fa67000 CR4=0668
  ...

  
  Questions:
  1) Is this problem relevant?  (is full backward compatability to be 
supported?)
  2) Are there new guest execution controls in 1.4.9x that might cause this?
  3) If #2, can they be disabled by a qemu command line switch?
  4) If not #2, in what qemu source file specifically can I find the logic 
causing the abort? (help me help you :)
  5) If guest memory is corrupted or improperly mapped, how can I keep qemu 
alive to examime/dump guest memory?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1180970/+subscriptions

[Qemu-devel] [Bug 1180970] Re: qemu: fatal: Trying to execute code outside RAM or ROM; worked in 1.4.0, fails in 1.4.92

[Laszlo Ersek]

** Changed in: qemu
   Status: New => In Progress

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1180970

Title:
  qemu: fatal: Trying to execute code outside RAM or ROM; worked in
  1.4.0, fails in 1.4.92

Status in QEMU:
  In Progress

Bug description:
  I'm using qemu to run and debug the EDK2 uEFI environment. OVMF is
  being built out of the EDK2 tree I've checked out (r14367).
  (Reproducing all this could be tedious so I am available for
  debugging/testing.)

  qemu 1.4.0 was able to execute this guest environment with no trouble,
  qemu 1.4.92 however issues an error message and aborts.  The command
  line I use to start qemu is:

  $ /usr/local/bin/qemu-system-x86_64 -m 1024 -bios OVMF.fd -monitor
  stdio

  1.4.92 gives the following register dump:

  QEMU 1.4.92 monitor - type 'help' for more information
  (qemu) qemu: fatal: Trying to execute code outside RAM or ROM at 
0x0001

  RAX=3e084da8 RBX=3e084868 RCX= 
RDX=3e084f00
  RSI=0001 RDI=3e085000 RBP=3e084708 
RSP=3fac8510
  R8 = R9 =3e14c3e3 R10=0033 
R11=00d3
  R12=3e0848a0 R13= R14= 
R15=
  RIP=ffe4 RFL=0046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
  ES =0008   00cf9300 DPL=0 DS   [-WA]
  CS =0028   00af9b00 DPL=0 CS64 [-RA]
  SS =0008   00cf9300 DPL=0 DS   [-WA]
  DS =0008   00cf9300 DPL=0 DS   [-WA]
  FS =0008   00cf9300 DPL=0 DS   [-WA]
  GS =0008   00cf9300 DPL=0 DS   [-WA]
  LDT=   8200 DPL=0 LDT
  TR =   8b00 DPL=0 TSS64-busy
  GDT= 3fa50e98 003f
  IDT= 3f9d6e20 0fff
  CR0=8033 CR2= CR3=3fa67000 CR4=0668
  ...

  
  Questions:
  1) Is this problem relevant?  (is full backward compatability to be 
supported?)
  2) Are there new guest execution controls in 1.4.9x that might cause this?
  3) If #2, can they be disabled by a qemu command line switch?
  4) If not #2, in what qemu source file specifically can I find the logic 
causing the abort? (help me help you :)
  5) If guest memory is corrupted or improperly mapped, how can I keep qemu 
alive to examime/dump guest memory?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1180970/+subscriptions

Re: [Qemu-devel] FPU x86 instructions error

[Paolo Bonzini]

Il 24/05/2013 23:39, Clemens Kolbitsch ha scritto:
> Hi guys,
> 
> we recently had an issue with running a program using FPU instructions
> to obtain the current EIP (basically a weird way of "call 0; pop eax")
> that was not working on QEMU (with TCG).
> 
> Looking at the problem, we found this patch to be useful/fixing the issue:
> 
> https://launchpadlibrarian.net/140457932/patch-qemu-1.5.0-fpip.diff
> 
> Looking through the DEVEL archives, I found this patch
> 
> http://lists.nongnu.org/archive/html/qemu-devel/2011-06/msg01206.html
> 
> that adds the FPU flags to the environment, but is only using them for KVM.
> 
> I was wondering - since the above patch is rather old, you have
> probably come across it before - if there was a reason for not
> including it in QEMU (I checked in git:master and it's not applied).
> If there isn't, maybe it'd be worth re-considering :)

For the TCG patch, there is no Signed-off-by and using a helper is not
necessary.

For the KVM patch, it simply fell through the cracks, I believe.

Paolo

[Qemu-devel] FPU x86 instructions error

[Clemens Kolbitsch]

Hi guys,

we recently had an issue with running a program using FPU instructions
to obtain the current EIP (basically a weird way of "call 0; pop eax")
that was not working on QEMU (with TCG).

Looking at the problem, we found this patch to be useful/fixing the issue:

https://launchpadlibrarian.net/140457932/patch-qemu-1.5.0-fpip.diff

Looking through the DEVEL archives, I found this patch

http://lists.nongnu.org/archive/html/qemu-devel/2011-06/msg01206.html

that adds the FPU flags to the environment, but is only using them for KVM.

I was wondering - since the above patch is rather old, you have
probably come across it before - if there was a reason for not
including it in QEMU (I checked in git:master and it's not applied).
If there isn't, maybe it'd be worth re-considering :)

thanks!
-Clemens


--
Clemens Kolbitsch
Security Researcher
kolbit...@lastline.com

Lastline, Inc.
6950 Hollister Avenue, Suite 101
Goleta, CA 93117

www.lastline.com

Re: [Qemu-devel] [libvirt] [PATCH] qapi-schema.json: Reformat TargetType enum to one-per-line

[Eric Blake]

On 05/22/2013 08:29 AM, Anthony Liguori wrote:
> Peter Maydell  writes:
> 
>> On 22 May 2013 14:15, Anthony Liguori  wrote:
>>> Paolo Bonzini  writes:
 You
 don't need to know what targets were supported in the version that you
 compiled from.  Only one target is supported in this executable
 anyway.
>>>
>>> It seems useful to me.  One day we may support multiple targets per
>>> executable.
>>
>> Why would you care about which architectures the executable supports?
>> What you actually want to know is which machine models are supported;
>> whether board foo happens to be ARM or PPC isn't really very interesting
>> IMHO.
> 
> That's a very good point.  It was the libvirt folks that requested
> this.  Perhaps they can shed some light on the logic?

I think knowing the architecture (such as x86 vs. pseries ppc) is used
by libvirt to know what default devices the board supports (for example,
whether usb is present by default).  There's probably still room for
improvement for communication between libvirt and qemu on what exactly
is being supported, and knowing an architecture type may be too broad of
a knob compared to what is really wanted, except that I don't have a
good handle on what is really wanted.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] qmp commands get rejected

[Stefan Priebe]

Am 24.05.2013 17:21, schrieb Luiz Capitulino:

On Fri, 24 May 2013 16:36:26 +0200
Stefan Priebe - Profihost AG  wrote:


Am 24.05.2013 um 16:02 schrieb Luiz Capitulino :


On Fri, 24 May 2013 15:57:59 +0200
Stefan Priebe - Profihost AG  wrote:


Am 24.05.2013 um 15:23 schrieb Luiz Capitulino
:


On Fri, 24 May 2013 07:50:33 +0200
Stefan Priebe  wrote:


Hello list,

since upgrading from qemu 1.4.1 to 1.5.0 i've problems with qmp
commands.

With Qemu 1.5 i've the following socket communication:

'{"execute":"qmp_capabilities","id":"12125:1","arguments":{}}'

'{"return": {}, "id": "12125:1"}'

'{"execute":"qom-set","id":"12125:2","arguments":{"value":2,"path":"machine/peripheral/balloon0","property":"guest-stats-polling-interval"}}'


'{"QMP": {"version": {"qemu": {"micro": 0, "minor": 5, "major": 1},
"package": ""}, "capabilities": []}}'

'{"id": "12125:2", "error": {"class": "CommandNotFound", "desc":
"The
command qom-set has not been found"}}'


It seems that the command mode (qmp_capabilities) gets resets by the
welcome banner?


It looks like you got disconnected before qom-set was issued.


No its the same socket connection. No disconnect had happened.



Can you share more details on how those commands are being issued?


They're send through socket with a perl script. What do you need?


That perl script maybe? I can't reproduce the problem.


I would try to create a small example script.


I use qmp-shell and other little scripts very often.


Am this be due to the fact that I don't wait for the welcome banner
right now?


If you're not reading from the socket, then you'll get the banner back
when
you read your first response. But qom-set shouldn't fail because of that.


I can workaround it by adding this patch:
diff --git a/monitor.c b/monitor.c
index 62aaebe..9997520 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4239,7 +4239,8 @@ static int monitor_can_read(void *opaque)
 static int invalid_qmp_mode(const Monitor *mon, const char *cmd_name)
 {
 int is_cap = compare_cmd(cmd_name, "qmp_capabilities");
-return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
+//return (qmp_cmd_mode(mon) ? is_cap : !is_cap);
+return ((is_cap > 0) ? 0 : (qmp_cmd_mode(mon) ? is_cap : !is_cap));
 }

 /*

Stefan

[Qemu-devel] [PATCH] i386/translate: ignore 0x67 (PREFIX_ADR) on TARGET_X86_64 && CODE64()

[Laszlo Ersek]

The code reorganization in commit 4a6fd938 broke handling of PREFIX_ADR.
Restore the previous behavior:

If TARGET_X86_64 *and* CODE64():
  (a) PREFIX_ADR set: no effect, "aflag" should stay at the original
  "s->code32" value,
  (b) PREFIX_ADR clear: "aflag" should be set to constant 2.

Otherwise:
  (c) PREFIX_ADR set: the least significant bit in "aflag" (originally
  initialized form "s->code32") should be negated,
  (d) PREFIX_ADR clear: no effect, "aflag" should stay at the original
  "s->code32" value.

Currently branch (a) is mishandled as branch (c).

Please-review: Richard Henderson 
Signed-off-by: Laszlo Ersek 
---
 target-i386/translate.c |6 +-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 0aeccdb..86f2678 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -4813,7 +4813,11 @@ static target_ulong disas_insn(CPUX86State *env, 
DisasContext *s,
 /* 0x66 is ignored if rex.w is set */
 dflag = 2;
 }
-if (!(prefixes & PREFIX_ADR)) {
+if (prefixes & PREFIX_ADR) {
+/* flip it back, 0x67 should have no effect */
+aflag ^= 1;
+}
+else {
 aflag = 2;
 }
 }
-- 
1.7.1

[Qemu-devel] [PATCH 1/2] tcg-arm: Implement tcg_register_jit

[Richard Henderson]

Allows unwinding past the code_gen_buffer.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.c | 91 ++--
 1 file changed, 82 insertions(+), 9 deletions(-)

diff --git a/tcg/arm/tcg-target.c b/tcg/arm/tcg-target.c
index 3d43412..4a691b1 100644
--- a/tcg/arm/tcg-target.c
+++ b/tcg/arm/tcg-target.c
@@ -2100,23 +2100,31 @@ static inline void tcg_out_movi(TCGContext *s, TCGType 
type,
 tcg_out_movi32(s, COND_AL, ret, arg);
 }
 
+/* Compute frame size via macros, to share between tcg_target_qemu_prologue
+   and tcg_register_jit.  */
+
+#define PUSH_SIZE  ((11 - 4 + 1 + 1) * sizeof(tcg_target_long))
+
+#define FRAME_SIZE \
+((PUSH_SIZE \
+  + TCG_STATIC_CALL_ARGS_SIZE \
+  + CPU_TEMP_BUF_NLONGS * sizeof(long) \
+  + TCG_TARGET_STACK_ALIGN - 1) \
+ & -TCG_TARGET_STACK_ALIGN)
+
 static void tcg_target_qemu_prologue(TCGContext *s)
 {
-int frame_size;
+int stack_addend;
 
 /* Calling convention requires us to save r4-r11 and lr.  */
 /* stmdb sp!, { r4 - r11, lr } */
 tcg_out32(s, (COND_AL << 28) | 0x092d4ff0);
 
-/* Allocate the local stack frame.  */
-frame_size = TCG_STATIC_CALL_ARGS_SIZE;
-frame_size += CPU_TEMP_BUF_NLONGS * sizeof(long);
-/* We saved an odd number of registers above; keep an 8 aligned stack.  */
-frame_size = ((frame_size + TCG_TARGET_STACK_ALIGN - 1)
-  & -TCG_TARGET_STACK_ALIGN) + 4;
+/* Reserve callee argument and tcg temp space.  */
+stack_addend = FRAME_SIZE - PUSH_SIZE;
 
 tcg_out_dat_rI(s, COND_AL, ARITH_SUB, TCG_REG_CALL_STACK,
-   TCG_REG_CALL_STACK, frame_size, 1);
+   TCG_REG_CALL_STACK, stack_addend, 1);
 tcg_set_frame(s, TCG_REG_CALL_STACK, TCG_STATIC_CALL_ARGS_SIZE,
   CPU_TEMP_BUF_NLONGS * sizeof(long));
 
@@ -2127,8 +2135,73 @@ static void tcg_target_qemu_prologue(TCGContext *s)
 
 /* Epilogue.  We branch here via tb_ret_addr.  */
 tcg_out_dat_rI(s, COND_AL, ARITH_ADD, TCG_REG_CALL_STACK,
-   TCG_REG_CALL_STACK, frame_size, 1);
+   TCG_REG_CALL_STACK, stack_addend, 1);
 
 /* ldmia sp!, { r4 - r11, pc } */
 tcg_out32(s, (COND_AL << 28) | 0x08bd8ff0);
 }
+
+typedef struct {
+uint32_t len __attribute__((aligned((sizeof(void *);
+uint32_t id;
+uint8_t version;
+char augmentation[1];
+uint8_t code_align;
+uint8_t data_align;
+uint8_t return_column;
+} DebugFrameCIE;
+
+typedef struct {
+uint32_t len __attribute__((aligned((sizeof(void *);
+uint32_t cie_offset;
+tcg_target_long func_start __attribute__((packed));
+tcg_target_long func_len __attribute__((packed));
+uint8_t def_cfa[4];
+uint8_t reg_ofs[18];
+} DebugFrameFDE;
+
+typedef struct {
+DebugFrameCIE cie;
+DebugFrameFDE fde;
+} DebugFrame;
+
+#define ELF_HOST_MACHINE EM_ARM
+
+static DebugFrame debug_frame = {
+.cie.len = sizeof(DebugFrameCIE)-4, /* length after .len member */
+.cie.id = -1,
+.cie.version = 1,
+.cie.code_align = 1,
+.cie.data_align = 0x7c, /* sleb128 -4 */
+.cie.return_column = 14,
+
+.fde.len = sizeof(DebugFrameFDE)-4, /* length after .len member */
+.fde.def_cfa = {
+12, 13, /* DW_CFA_def_cfa sp, ... */
+(FRAME_SIZE & 0x7f) | 0x80, /* ... uleb128 FRAME_SIZE */
+(FRAME_SIZE >> 7)
+},
+.fde.reg_ofs = {
+/* The following must match the stmdb in the prologue.  */
+0x8e, 1,/* DW_CFA_offset, lr, -4 */
+0x8b, 2,/* DW_CFA_offset, r11, -8 */
+0x8a, 3,/* DW_CFA_offset, r10, -12 */
+0x89, 4,/* DW_CFA_offset, r9, -16 */
+0x88, 5,/* DW_CFA_offset, r8, -20 */
+0x87, 6,/* DW_CFA_offset, r7, -24 */
+0x86, 7,/* DW_CFA_offset, r6, -28 */
+0x85, 8,/* DW_CFA_offset, r5, -32 */
+0x84, 9,/* DW_CFA_offset, r4, -36 */
+}
+};
+
+void tcg_register_jit(void *buf, size_t buf_size)
+{
+/* We're expecting a 2 byte uleb128 encoded value.  */
+assert(FRAME_SIZE >> 14 == 0);
+
+debug_frame.fde.func_start = (tcg_target_long) buf;
+debug_frame.fde.func_len = buf_size;
+
+tcg_register_jit_int(buf, buf_size, &debug_frame, sizeof(debug_frame));
+}
-- 
1.8.1.4

[Qemu-devel] [PATCH 2/2] tcg: Fix high_pc fields in .debug_info

[Richard Henderson]

I don't think the debugger actually looks at this for anything,
using the correct .debug_frame contents, but might as well get
it all correct.

Signed-off-by: Richard Henderson 
---
 tcg/tcg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index 1d8099c..8ea43b3 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -2659,9 +2659,9 @@ static void tcg_register_jit_int(void *buf_ptr, size_t 
buf_size,
 img->sym[1].st_size = buf_size;
 
 img->di.cu_low_pc = buf;
-img->di.cu_high_pc = buf_size;
+img->di.cu_high_pc = buf + buf_size;
 img->di.fn_low_pc = buf;
-img->di.fn_high_pc = buf_size;
+img->di.fn_high_pc = buf + buf_size;
 
 #ifdef DEBUG_JIT
 /* Enable this block to be able to debug the ELF image file creation.
-- 
1.8.1.4

Re: [Qemu-devel] [Bug 1180970] *** affects all x86_64 soft emulation

[Laszlo Ersek]

On 05/24/13 19:25, Duane Voth wrote:
> qemu: fatal: Trying to execute code outside RAM or ROM; worked in
> 1.4.0, fails in 1.4.92
>
> Want to bring a little attention to this bug - the break is in
> target-i386/translate.c which affects all x86_64 soft emulation in a
> fairly subtle way (ie. users will report a wide variety of problems
> none of which seem to be related).  I can't find a way to elevate bug
> importance in launchpad.
>
> 4a6fd938f5457ee161d2acbd9364608a2a68b7a1 is the offending commit.
> There have been numerous changes after this commit over top of the
> change that broke emulation, so backing out this commit is not
> trivial.
>
> I can reproduce the problem that is the subject of bug 1180970 for
> testing easily.

I can also reproduce this bug with my OVMF build, when KVM is disabled
(current master).

x86_64-softmmu/qemu-system-x86_64 -S -monitor stdio -m 1024 \
-vga cirrus -debugcon file:debug.log \
-global isa-debugcon.iobase=0x402 \
-bios /home/lacos/src/upstream/edk2-git-svn/out/OVMF.fd

Again, this is how qemu aborts:

> (qemu) qemu: fatal: Trying to execute code outside RAM or ROM at
> 0x0001
>
> RAX=3e084da8 RBX=3e084868 RCX= 
> RDX=3e084f00
> RSI=0001 RDI=3e085000 RBP=3e084708 
> RSP=3fac8510
> R8 = R9 =3e14c3e3 R10=0033 
> R11=00d3
> R12=3e0848a0 R13= R14= 
> R15=
> RIP=ffe4 RFL=0046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0008   00cf9300 DPL=0 DS   [-WA]
> CS =0028   00af9b00 DPL=0 CS64 [-RA]
> SS =0008   00cf9300 DPL=0 DS   [-WA]
> DS =0008   00cf9300 DPL=0 DS   [-WA]
> FS =0008   00cf9300 DPL=0 DS   [-WA]
> GS =0008   00cf9300 DPL=0 DS   [-WA]
> LDT=   8200 DPL=0 LDT
> TR =   8b00 DPL=0 TSS64-busy
> GDT= 3fa50e98 003f
> IDT= 3f9d6e20 0fff
> CR0=8033 CR2= CR3=3fa67000 CR4=0668
> [...]

Repeating from last time, we found it interesting that
RIP=ffe4 but the problem address is 0x0001.

I made some lame attempts to find out what code is running there, and --
since I've read the term "nop slide" recently --, I'll call it just that:

---[ debug patch]---
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 0aeccdb..0e0356f 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -7197,6 +7197,7 @@ static target_ulong disas_insn(CPUX86State *env, 
DisasContext *s,
 /* misc */
 case 0x90: /* nop */
 /* XXX: correct lock test for all insn */
+fprintf(stderr, "nop @ %016lx\n", pc_start);
 if (prefixes & PREFIX_LOCK) {
 goto illegal_op;
 }
---[ debug patch]---

The output it produces leading up to the abort quoted above is:

  nop @ ffe4
  nop @ ffe5
  nop @ ffe6
  nop @ ffe7
  nop @ fff5
  nop @ fff6
  nop @ fff7
  nop @ fff8
  nop @ fff9
  nop @ fffa
  nop @ fffb
  nop @ fffc
  nop @ fffd
  nop @ fffe
  nop @ 
  qemu: fatal: Trying to execute code outside RAM or ROM at 0x0001

Hence "nop slide".

Peeking into the coredump triggered by abort(), the backtrace is as follows:

  #0  0x7fd53c02b8a5 in raise (sig=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
  #1  0x7fd53c02d085 in abort () at abort.c:92
  #2  0x7fd5428d0333 in cpu_abort (env=0x7fd544b89c10, fmt=
  0x7fd542a47440 "Trying to execute code outside RAM or ROM at 0x%016lx\n")
  at /home/lacos/src/upstream/qemu/exec.c:542
  #3  0x7fd5428c9aa4 in get_page_addr_code (env1=0x7fd544b89c10, 
addr=4294967296)
  at /home/lacos/src/upstream/qemu/cputlb.c:338
  #4  0x7fd5429de266 in tb_gen_code (env=0x7fd544b89c10, pc=4294967268, 
cs_base=0, flags=4244148, cflags=0)
  at /home/lacos/src/upstream/qemu/translate-all.c:966
  #5  0x7fd5428c431b in tb_find_slow (env=0x7fd544b89c10, pc=4294967268, 
cs_base=0, flags=4244148)
  at /home/lacos/src/upstream/qemu/cpu-exec.c:139
  #6  0x7fd5428c44c4 in tb_find_fast (env=0x7fd544b89c10) at 
/home/lacos/src/upstream/qemu/cpu-exec.c:166
  #7  0x7fd5428c4c78 in cpu_x86_exec (env=0x7fd544b89c10) at 
/home/lacos/src/upstream/qemu/cpu-exec.c:593
  #8  0x7fd5428c8058 in tcg_cpu_exec (env=0x7fd544b89c10) at 
/home/lacos/src/upstream/qemu/cpus.c:1144
  #9  0x7fd5428c81a3 in tcg_exec_all () at 
/home/lacos/src/upstream/qemu/cpus.c:1177
  #10 0x7fd5428c7321

[Qemu-devel] [Bug 1094786] Re: static build with curses fails if requires -ltinfo

[Ed Maste]

I ran into the same issue on FreeBSD, and just posted my patch to the
qemu-devel list.  It's the same solution stefanha describes above.

(On FreeBSD we have an additional issue; we don't ship the .pc file with
the ncurses port right now.  I just hacked one together to include
-ltinfo in Libs.private.)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1094786

Title:
  static build with curses fails if requires -ltinfo

Status in QEMU:
  New

Bug description:
  On my system (amd64 Debian wheezy/sid) static ncurses build requires -ltinfo:
  $ pkg-config --libs --static ncurses
  -lncurses -ltinfo

  $ ../../configure --enable-curses --static
  # Actually this fails on line
  if compile_prog "" "$curses_lib" ; then
  # with
  ERROR
  ERROR: User requested feature curses
  ERROR: configure was not able to find it
  ERROR
  # but if we add -ltinfo to this line check succeds
  ...
  static build  yes
  ...

  $ make
  ...
  ...
CCi386-softmmu/hw/i386/../kvm/pci-assign.o
LINK  i386-softmmu/qemu-system-i386
  ../os-posix.o: In function `change_process_uid':
  /home/vadim/soft/qemu/os-posix.c:205: warning: Using 'initgroups' in 
statically linked applications requires at runtime the shared libraries from 
the glibc version used for linking # and many alike warnings
  ...
  ../ui/curses.o: In function `curses_cursor_position':
  /home/vadim/soft/qemu/ui/curses.c:137: undefined reference to `COLS'
  /home/vadim/soft/qemu/ui/curses.c:137: undefined reference to `LINES'
  /home/vadim/soft/qemu/ui/curses.c:138: undefined reference to `stdscr'
  /home/vadim/soft/qemu/ui/curses.c:139: undefined reference to `curs_set'
  ../ui/curses.o: In function `curses_calc_pad':
  /home/vadim/soft/qemu/ui/curses.c:68: undefined reference to `stdscr'
  /home/vadim/soft/qemu/ui/curses.c:69: undefined reference to `stdscr'
  ... and so on

  I tried to build the very minimal static qemu executable. Actual configure 
line I tried first was 
  ../../configure --target-list=i386-softmmu --disable-sdl --disable-virtfs 
--disable-vnc --disable-xen --disable-brlapi --disable-bluez --disable-slirp 
--disable-kvm --disable-user --disable-vde --disable-vhost-net --disable-spice 
--disable-libiscsi --disable-smartcard --disable-usb-redir 
--disable-guest-agent  --audio-drv-list=  --audio-card-list= --enable-curses 
--static

  and the errors was the same.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1094786/+subscriptions

[Qemu-devel] [Bug 1094786] Re: static build with curses fails if requires -ltinfo

[Ed Maste]

** Also affects: freebsd-ports-mirror
   Importance: Undecided
   Status: New

** No longer affects: freebsd-ports-mirror

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1094786

Title:
  static build with curses fails if requires -ltinfo

Status in QEMU:
  New

Bug description:
  On my system (amd64 Debian wheezy/sid) static ncurses build requires -ltinfo:
  $ pkg-config --libs --static ncurses
  -lncurses -ltinfo

  $ ../../configure --enable-curses --static
  # Actually this fails on line
  if compile_prog "" "$curses_lib" ; then
  # with
  ERROR
  ERROR: User requested feature curses
  ERROR: configure was not able to find it
  ERROR
  # but if we add -ltinfo to this line check succeds
  ...
  static build  yes
  ...

  $ make
  ...
  ...
CCi386-softmmu/hw/i386/../kvm/pci-assign.o
LINK  i386-softmmu/qemu-system-i386
  ../os-posix.o: In function `change_process_uid':
  /home/vadim/soft/qemu/os-posix.c:205: warning: Using 'initgroups' in 
statically linked applications requires at runtime the shared libraries from 
the glibc version used for linking # and many alike warnings
  ...
  ../ui/curses.o: In function `curses_cursor_position':
  /home/vadim/soft/qemu/ui/curses.c:137: undefined reference to `COLS'
  /home/vadim/soft/qemu/ui/curses.c:137: undefined reference to `LINES'
  /home/vadim/soft/qemu/ui/curses.c:138: undefined reference to `stdscr'
  /home/vadim/soft/qemu/ui/curses.c:139: undefined reference to `curs_set'
  ../ui/curses.o: In function `curses_calc_pad':
  /home/vadim/soft/qemu/ui/curses.c:68: undefined reference to `stdscr'
  /home/vadim/soft/qemu/ui/curses.c:69: undefined reference to `stdscr'
  ... and so on

  I tried to build the very minimal static qemu executable. Actual configure 
line I tried first was 
  ../../configure --target-list=i386-softmmu --disable-sdl --disable-virtfs 
--disable-vnc --disable-xen --disable-brlapi --disable-bluez --disable-slirp 
--disable-kvm --disable-user --disable-vde --disable-vhost-net --disable-spice 
--disable-libiscsi --disable-smartcard --disable-usb-redir 
--disable-guest-agent  --audio-drv-list=  --audio-card-list= --enable-curses 
--static

  and the errors was the same.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1094786/+subscriptions

Re: [Qemu-devel] qmp commands get rejected

[Stefan Priebe]

Hi,

i can easily reproduce this with the following script:
http://pastebin.com/raw.php?i=JYZyJ8Hn

Example output (sometimes it fails for qmp_capabilities and sometimes 
for qom-set):

[cloud1-1202: ~]# perl sock.pl
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}

[cloud1-1202: ~]# perl sock.pl
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}
{"id": "12125:1", "error": {"class": "CommandNotFound", "desc": "The 
command qmp_capabilities has not been found"}}


Stefan

Am 24.05.2013 17:21, schrieb Luiz Capitulino:

On Fri, 24 May 2013 16:36:26 +0200
Stefan Priebe - Profihost AG  wrote:


Am 24.05.2013 um 16:02 schrieb Luiz Capitulino :


On Fri, 24 May 2013 15:57:59 +0200
Stefan Priebe - Profihost AG  wrote:


Am 24.05.2013 um 15:23 schrieb Luiz Capitulino :


On Fri, 24 May 2013 07:50:33 +0200
Stefan Priebe  wrote:


Hello list,

since upgrading from qemu 1.4.1 to 1.5.0 i've problems with qmp commands.

With Qemu 1.5 i've the following socket communication:

'{"execute":"qmp_capabilities","id":"12125:1","arguments":{}}'

'{"return": {}, "id": "12125:1"}'

'{"execute":"qom-set","id":"12125:2","arguments":{"value":2,"path":"machine/peripheral/balloon0","property":"guest-stats-polling-interval"}}'

'{"QMP": {"version": {"qemu": {"micro": 0, "minor": 5, "major": 1},
"package": ""}, "capabilities": []}}'

'{"id": "12125:2", "error": {"class": "CommandNotFound", "desc": "The
command qom-set has not been found"}}'


It seems that the command mode (qmp_capabilities) gets resets by the
welcome banner?


It looks like you got disconnected before qom-set was issued.


No its the same socket connection. No disconnect had happened.



Can you share more details on how those commands are being issued?


They're send through socket with a perl script. What do you need?


That perl script maybe? I can't reproduce the problem.


I would try to create a small example script.


I use qmp-shell and other little scripts very often.


Am this be due to the fact that I don't wait for the welcome banner right now?


If you're not reading from the socket, then you'll get the banner back when
you read your first response. But qom-set shouldn't fail because of that.

[Qemu-devel] [PATCH] configure: try pkg-config ncurses first

[Ed Maste]

When probing for ncurses, try pkg-config first rather than after
explicit -lncurses and -lcurses.  This fixes static linking in the case
that ncurses has additional dependencies, such as -ltinfo (as on FreeBSD).

Signed-off-by: Ed Maste 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index cfdb564..7c99ef9 100755
--- a/configure
+++ b/configure
@@ -2157,7 +2157,7 @@ fi
 if test "$mingw32" = "yes" ; then
 curses_list="-lpdcurses"
 else
-curses_list="-lncurses:-lcurses:$($pkg_config --libs ncurses 2>/dev/null)"
+curses_list="$($pkg_config --libs ncurses 2>/dev/null):-lncurses:-lcurses"
 fi
 
 if test "$curses" != "no" ; then
-- 
1.7.11.5

Re: [Qemu-devel] [PATCH v3 2/2] net: introduce command to query rx-filter information

[Luiz Capitulino]

On Fri, 24 May 2013 12:05:12 -0600
Eric Blake  wrote:

> On 05/24/2013 10:12 AM, Michael S. Tsirkin wrote:
> >
> > Event message contains the net client name, management might only want
> > to query the single net client.
> 
>  The client can do the filtering itself.
> >>>
> 
> >> I'm not sure I buy the responsiveness argument.  Sure, the fastest I/O
> >> is no I/O, but whether you read and parse 100 bytes or 1000 from a Unix
> >> domain socket once in a great while shouldn't make a difference.
> 
> And the time spent malloc'ing the larger message to send from qemu, as
> well as the time spent malloc'ing the libvirt side that parses the qemu
> string into C code for use, and the time spent strcmp'ing every entry to
> find the right one...
> 
> It really IS more efficient to filter as low down in the stack as
> possible, once it is determined that filtering is desirable.
> 
> Whether filtering makes a difference in performance is a different
> question - you may be right that always returning the entire list and
> making libvirt do its own filtering will still not add any more
> noticeable delay compared to libvirt doing a filtered query, if the
> bottleneck lies elsewhere (such as libvirt telling macvtap its new
> configration).
> 
> >>
> >> My main concern is to keep the external interface simple.  I'm rather
> >> reluctant to have query commands grow options.
> >>
> >> In a case where we need the "give me everything" query anyway, the "give
> >> me this particular part" option is additional complexity.  Needs
> >> justification, say arguments involving throughput, latency or client
> >> complexity.
> >>
> >> Perhaps cases exist where we never want to ask for everything.  Then the
> >> "give me everything" query is useless, and the option should be
> >> mandatory.
> 
> For this _particular_ interface, I'm not sure whether libvirt will ever
> use an unfiltered query -

If having the argument is useful for libvirt, then it's fine to have it.

But I'd be very reluctant to buy any performance argument w/o real
numbers to back them up.

Re: [Qemu-devel] tcg: Windows guests don't boot

[Laszlo Ersek]

On 05/24/13 21:05, Luiz Capitulino wrote:
> Hi,
> 
> Today I accidentally started qemu w/o -enable-kvm to run a Windows guest and
> noticed it didn't boot: sometimes it hangs on a blue screen and sometimes it
> keeps rebooting in a loop.
> 
> I tried with Windows 2008 and Windows 8, and went back to qemu v1.2.0 to see
> if it's a bisectable regression, but no luck.
> 
> I'm reporting case someone is interested in debugging this.

Yes. I think  is related.

See also these threads:

[Qemu-devel] [Bug 1180970] [NEW] qemu: fatal: Trying to execute code
outside RAM or ROM; worked in 1.4.0, fails in 1.4.92

[Qemu-devel]  [Bug 1180970] *** affects all x86_64 soft emulation

I'm going to respond with my initial "analysys" (lol) in the latter.

Thanks,
Laszlo

[Qemu-devel] tcg: Windows guests don't boot

[Luiz Capitulino]

Hi,

Today I accidentally started qemu w/o -enable-kvm to run a Windows guest and
noticed it didn't boot: sometimes it hangs on a blue screen and sometimes it
keeps rebooting in a loop.

I tried with Windows 2008 and Windows 8, and went back to qemu v1.2.0 to see
if it's a bisectable regression, but no luck.

I'm reporting case someone is interested in debugging this.

Re: [Qemu-devel] [RFC PATCH v3 11/11] QMP/qmp.py: set locale for exceptions to display non-ascii messages correctly

[Tomoki Sekiyama]

On 5/23/13 8:30 , "Stefan Hajnoczi"  wrote:

>On Tue, May 21, 2013 at 11:34:16AM -0400, Tomoki Sekiyama wrote:
>> qemu-ga in Windows may return error message with multibyte characters
>> when the guest OS language is set to other than English. To display such
>> messages correctly, this encodes the message based on the locale
>>settings.
>> 
>> Signed-off-by: Tomoki Sekiyama 
>> ---
>>  QMP/qmp.py |4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>> 
>> diff --git a/QMP/qmp.py b/QMP/qmp.py
>> index c551df1..ee21819 100644
>> --- a/QMP/qmp.py
>> +++ b/QMP/qmp.py
>> @@ -11,6 +11,7 @@
>>  import json
>>  import errno
>>  import socket
>> +import locale
>>  
>>  class QMPError(Exception):
>>  pass
>> @@ -133,7 +134,8 @@ class QEMUMonitorProtocol:
>>  def command(self, cmd, **kwds):
>>  ret = self.cmd(cmd, kwds)
>>  if ret.has_key('error'):
>> -raise Exception(ret['error']['desc'])
>> +enc = locale.getpreferredencoding()
>> +raise Exception(ret['error']['desc'].encode(enc))
>
>You should not need to explicitly encode the error descriptor.  The
>error description should be UTF-8 on the wire and a Unicode Python
>string in this script.
>
>I think the real problem is:
>
>1. Guest qga is writing strings in local encoding onto the wire.

The error description Guest qga writes is encoded like:

  {"error": {"class": "GenericError", "desc": "\u64CD\u4F5C\u306F..."}}

I feel this is correct (\u64CD is a correct representation of single
character in Unicode).


>or
>
>2. qmp.py isn't UTF-8-decoding strings received over the wire.

And qmp.py can decode this correctly, and ret['error']['desc'] is
Unicode Python string.

The problem looks like in python Exception, that cannot print out
the message at all if it contains non-ascii Unicode string:

% python

>>> raise Exception(u"abc")
Traceback (most recent call last):
  File "", line 1, in 
Exception: abc

>>> raise Exception(u"abcü")
Traceback (most recent call last):
  File "", line 1, in 
Exception

while the "print" doesn't have this issue:

>>> print(u"abcü")
abcü



>Either or both bugs could be present.  Once they are fixed you shouldn't
>see encoding problems.
>
>Stefan

Anyway, as I understood this patch for qmp.py is not correct way to fix
this issue, I'm going to drop it from the series.

Thanks,

Tomoki Sekiyama

Re: [Qemu-devel] [RFC PATCH v3 03/11] Add a script to extract VSS SDK headers on POSIX system

[Laszlo Ersek]

On 05/24/13 17:59, Eric Blake wrote:
> On 05/24/2013 07:38 AM, Laszlo Ersek wrote:
> 
>>> +++ b/scripts/extract-vsssdk-headers
>>> @@ -0,0 +1,25 @@
>>> +#! /bin/bash
>>> +
> 
>>> +MAGIC=$'\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1'
>>
>> Can't help mentioning the following portable (alas, octal) equivalent :)
>>
>> MAGIC=$(printf '%b' '\0320\0317\0021\0340\0241\0261\0032\0341')
> 
> Yeah, but as long as the she-bang is (correctly) requiring bash,

Yes, that's why I edited my original "please consider using" to "can't
help mentioning" :) I recalled that you had mentioned dash in one of
your reviews (*), I checked your reply to this v3 03/11 and saw that it
wasn't it -- here you'd written "Since you are using bash" so I edited
the above paragraph. Clearly insufficiently :)

(*) ... Apparently you mentioned dash in a MALLOC_PERTURB_ thread.

L.

[Qemu-devel] [PATCH 08/15] memory: Rename readable flag to romd_mode

[Paolo Bonzini]

From: Jan Kiszka 

"Readable" is a very unfortunate name for this flag because even a
rom_device region will always be readable from the guest POV. What
differs is the mapping, just like the comments had to explain already.
Also, readable could currently be understood as being a generic region
flag, but it only applies to rom_device regions.

So rename the flag and the function to modify it after the original term
"ROMD" which could also be interpreted as "ROM direct", i.e. ROM mode
with direct access. In any case, the scope of the flag is clearer now.

Signed-off-by: Jan Kiszka 
Reviewed-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 hw/block/pflash_cfi01.c |  6 +++---
 hw/block/pflash_cfi02.c |  2 +-
 include/exec/memory.h   | 22 +++---
 memory.c| 30 +++---
 4 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 3ff20e0..63d7c99 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -105,7 +105,7 @@ static void pflash_timer (void *opaque)
 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
 /* Reset flash */
 pfl->status ^= 0x80;
-memory_region_rom_device_set_readable(&pfl->mem, true);
+memory_region_rom_device_set_romd(&pfl->mem, true);
 pfl->wcycle = 0;
 pfl->cmd = 0;
 }
@@ -281,7 +281,7 @@ static void pflash_write(pflash_t *pfl, hwaddr offset,
 
 if (!pfl->wcycle) {
 /* Set the device in I/O access mode */
-memory_region_rom_device_set_readable(&pfl->mem, false);
+memory_region_rom_device_set_romd(&pfl->mem, false);
 }
 
 switch (pfl->wcycle) {
@@ -458,7 +458,7 @@ static void pflash_write(pflash_t *pfl, hwaddr offset,
   "\n", __func__, offset, pfl->wcycle, pfl->cmd, value);
 
  reset_flash:
-memory_region_rom_device_set_readable(&pfl->mem, true);
+memory_region_rom_device_set_romd(&pfl->mem, true);
 
 pfl->wcycle = 0;
 pfl->cmd = 0;
diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
index 9a7fa70..5f25246 100644
--- a/hw/block/pflash_cfi02.c
+++ b/hw/block/pflash_cfi02.c
@@ -111,7 +111,7 @@ static void pflash_setup_mappings(pflash_t *pfl)
 
 static void pflash_register_memory(pflash_t *pfl, int rom_mode)
 {
-memory_region_rom_device_set_readable(&pfl->orig_mem, rom_mode);
+memory_region_rom_device_set_romd(&pfl->orig_mem, rom_mode);
 pfl->rom_mode = rom_mode;
 }
 
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 329ffb1..e1208e4 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -126,7 +126,7 @@ struct MemoryRegion {
 ram_addr_t ram_addr;
 bool subpage;
 bool terminates;
-bool readable;
+bool romd_mode;
 bool ram;
 bool readonly; /* For RAM regions */
 bool enabled;
@@ -355,16 +355,16 @@ uint64_t memory_region_size(MemoryRegion *mr);
 bool memory_region_is_ram(MemoryRegion *mr);
 
 /**
- * memory_region_is_romd: check whether a memory region is ROMD
+ * memory_region_is_romd: check whether a memory region is in ROMD mode
  *
- * Returns %true is a memory region is ROMD and currently set to allow
+ * Returns %true if a memory region is a ROM device and currently set to allow
  * direct reads.
  *
  * @mr: the memory region being queried
  */
 static inline bool memory_region_is_romd(MemoryRegion *mr)
 {
-return mr->rom_device && mr->readable;
+return mr->rom_device && mr->romd_mode;
 }
 
 /**
@@ -502,18 +502,18 @@ void memory_region_reset_dirty(MemoryRegion *mr, hwaddr 
addr,
 void memory_region_set_readonly(MemoryRegion *mr, bool readonly);
 
 /**
- * memory_region_rom_device_set_readable: enable/disable ROM readability
+ * memory_region_rom_device_set_romd: enable/disable ROMD mode
  *
  * Allows a ROM device (initialized with memory_region_init_rom_device() to
- * to be marked as readable (default) or not readable.  When it is readable,
- * the device is mapped to guest memory.  When not readable, reads are
- * forwarded to the #MemoryRegion.read function.
+ * set to ROMD mode (default) or MMIO mode.  When it is in ROMD mode, the
+ * device is mapped to guest memory and satisfies read access directly.
+ * When in MMIO mode, reads are forwarded to the #MemoryRegion.read function.
+ * Writes are always handled by the #MemoryRegion.write function.
  *
  * @mr: the memory region to be updated
- * @readable: whether reads are satisified directly (%true) or via callbacks
- *(%false)
+ * @romd_mode: %true to put the region into ROMD mode
  */
-void memory_region_rom_device_set_readable(MemoryRegion *mr, bool readable);
+void memory_region_rom_device_set_romd(MemoryRegion *mr, bool romd_mode);
 
 /**
  * memory_region_set_coalescing: Enable memory coalescing for the region.
diff --git a/memory.c b/memory.c
index 34bfb13..013464b 100644
--- a/memory.c
+++ b/memory.c
@@ -213,7 +213,7 @@ struct FlatRange {
 hwaddr offset_in_region;
 AddrRange addr;
 ui

[Qemu-devel] [PATCH 12/15] s390x: reduce TARGET_PHYS_ADDR_SPACE_BITS to 62

[Paolo Bonzini]

With the next patch, the memory API will complain if the
TARGET_PHYS_ADDR_SPACE_BITS gets dangerously close to an
overflow.  s390x can handle up to 64 bit of physical address
space from its page tables, but we never use that much.  Just
decrease the value.

Cc: Alexander Graf 
Signed-off-by: Paolo Bonzini 
---
 target-s390x/cpu.h | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 0ce82cf..6304c4d 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -34,7 +34,10 @@
 #include "exec/cpu-defs.h"
 #define TARGET_PAGE_BITS 12
 
-#define TARGET_PHYS_ADDR_SPACE_BITS 64
+/* Actually 64-bits, limited by the memory API to 62 bits.  We
+ * never use that much.
+ */
+#define TARGET_PHYS_ADDR_SPACE_BITS 62
 #define TARGET_VIRT_ADDR_SPACE_BITS 64
 
 #include "exec/cpu-all.h"
-- 
1.8.1.4

Re: [Qemu-devel] [PATCH v3 2/2] net: introduce command to query rx-filter information

[Eric Blake]

On 05/24/2013 10:12 AM, Michael S. Tsirkin wrote:
>
> Event message contains the net client name, management might only want
> to query the single net client.

 The client can do the filtering itself.
>>>

>> I'm not sure I buy the responsiveness argument.  Sure, the fastest I/O
>> is no I/O, but whether you read and parse 100 bytes or 1000 from a Unix
>> domain socket once in a great while shouldn't make a difference.

And the time spent malloc'ing the larger message to send from qemu, as
well as the time spent malloc'ing the libvirt side that parses the qemu
string into C code for use, and the time spent strcmp'ing every entry to
find the right one...

It really IS more efficient to filter as low down in the stack as
possible, once it is determined that filtering is desirable.

Whether filtering makes a difference in performance is a different
question - you may be right that always returning the entire list and
making libvirt do its own filtering will still not add any more
noticeable delay compared to libvirt doing a filtered query, if the
bottleneck lies elsewhere (such as libvirt telling macvtap its new
configration).

>>
>> My main concern is to keep the external interface simple.  I'm rather
>> reluctant to have query commands grow options.
>>
>> In a case where we need the "give me everything" query anyway, the "give
>> me this particular part" option is additional complexity.  Needs
>> justification, say arguments involving throughput, latency or client
>> complexity.
>>
>> Perhaps cases exist where we never want to ask for everything.  Then the
>> "give me everything" query is useless, and the option should be
>> mandatory.

For this _particular_ interface, I'm not sure whether libvirt will ever
use an unfiltered query - that is, the rx-filter query will probably
always be invoked in response to an event, at which point libvirt only
cares about the filter status of the nic named in the event.  And
ultimately libvirt knows what nics it passed to the guest, so even if
there isn't a global query and I guessed wrong about libvirt never
wanting all state at once, it would still be possible for libvirt to
iterate over one query per nic.  On the other hand, consistency with
other query-* QMP commands says that most of them return as much
information as possible all the time, and generally libvirt likes this -
even the newly-added query-command-line-options has a filtering option,
but current libvirt.git only uses it once in global mode rather than
once-per-option in filtered mode.

> 
> We need the query for macvtap devices.  We don't need it
> for tap devices. In that case you don't want tap device info.
> 
> Maybe some libvirt guys can tell us whether they prefer
> a per device query or a global one with info for all NICs?

Libvirt can cope either way.  I personally like the idea of allowing
both global and filtered queries, without second-guessing what
management apps will prefer to use, and don't think filtering adds that
much complexity.  But if you want to insist on avoiding filtering, I'd
rather have a global query than a mandatory name argument, for
consistency with other query-* commands, even if libvirt then ends up
doing its own filtering.

If we get introspection into qemu 1.6 at the same time as the new query
for rx-filters, it really won't matter whether you start with
global-only or mandatory name-only; either way, if we change our mind
and add the other mode in qemu 1.7, libvirt will still be able to use
introspection to determine whether the argument is present in one
direction (going from global-only to optional filtering), or whether the
argument has been made optionl in the other direction (going from
mandatory name to optional global).

> I think for HMP it's best to have nic optional.

This is true, no matter what we decide for QMP.

> Is it a good idea to make QMP match HMP closely?

QMP has to provide enough information for HMP to do its job.  How will
HMP do global listing if QMP doesn't provide a way to get all the
devices at once?  Remember, libvirt knows what devices it told qemu to
create, but I don't know that HMP has the same visibility into the list
of possible devices that can be queried.  So you may need a global mode
to begin with.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2/4] tcg/aarch64: implement new TCG target for aarch64

[Richard Henderson]

On 05/24/2013 10:28 AM, Peter Maydell wrote:
> It does what a frame pointer usually does, ie permits the debugger
> (and other tools) to unwind the stack.
> 

And is there perchance a reason we've been dropping the frame pointer from new
abis, like x86_64?  On the side unwind information does the job as well.

Which reminds me, I've been meaning to add the jit unwind info to the arm tcg
port at some point...


r~

[Qemu-devel] [PATCH 16/22] memory: accept mismatching sizes in memory_region_access_valid

[Paolo Bonzini]

The memory API is able to use smaller/wider accesses than requested,
match that in memory_region_access_valid.  Of course, the accepts
callback is still free to reject those accesses.

Signed-off-by: Paolo Bonzini 
---
 memory.c | 29 -
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/memory.c b/memory.c
index 9e1c1a3..c72f56d 100644
--- a/memory.c
+++ b/memory.c
@@ -856,24 +856,35 @@ bool memory_region_access_valid(MemoryRegion *mr,
 unsigned size,
 bool is_write)
 {
-if (mr->ops->valid.accepts
-&& !mr->ops->valid.accepts(mr->opaque, addr, size, is_write)) {
-return false;
-}
+int access_size_min, access_size_max;
+int access_size, i;
 
 if (!mr->ops->valid.unaligned && (addr & (size - 1))) {
 return false;
 }
 
-/* Treat zero as compatibility all valid */
-if (!mr->ops->valid.max_access_size) {
+if (!mr->ops->valid.accepts) {
 return true;
 }
 
-if (size > mr->ops->valid.max_access_size
-|| size < mr->ops->valid.min_access_size) {
-return false;
+access_size_min = mr->ops->valid.min_access_size;
+if (!mr->ops->valid.min_access_size) {
+access_size_min = 1;
+}
+
+access_size_max = mr->ops->valid.max_access_size;
+if (!mr->ops->valid.max_access_size) {
+access_size_max = 4;
+}
+
+access_size = MAX(MIN(size, access_size_max), access_size_min);
+for (i = 0; i < size; i += access_size) {
+if (!mr->ops->valid.accepts(mr->opaque, addr + i, access_size,
+is_write)) {
+return false;
+}
 }
+
 return true;
 }
 
-- 
1.8.1.4

[Qemu-devel] [Bug 1100843] Re: Live Migration Causes Performance Issues

[C Cormier]

@Paolo  yes, when i was doing that testing i was able to consistently
reproduce those results in #23, but it was a red herring, as of now i
cannot reproduce the results in #23 consistently (i suspect it may have
had something to do with the order i was executing tests but didn’t
chase it any further).

Yes, EPT enabled, I submitted that kernel bug in #30.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1100843

Title:
  Live Migration Causes Performance Issues

Status in QEMU:
  New
Status in “linux” package in Ubuntu:
  Confirmed
Status in “qemu-kvm” package in Ubuntu:
  Triaged

Bug description:
  I have 2 physical hosts running Ubuntu Precise.  With 1.0+noroms-
  0ubuntu14.7 and qemu-kvm 1.2.0+noroms-0ubuntu7 (source from quantal,
  built for Precise with pbuilder.) I attempted to build qemu-1.3.0 debs
  from source to test, but libvirt seems to have an issue with it that I
  haven't been able to track down yet.

   I'm seeing a performance degradation after live migration on Precise,
  but not Lucid.  These hosts are managed by libvirt (tested both
  0.9.8-2ubuntu17 and 1.0.0-0ubuntu4) in conjunction with OpenNebula.  I
  don't seem to have this problem with lucid guests (running a number of
  standard kernels, 3.2.5 mainline and backported linux-
  image-3.2.0-35-generic as well.)

  I first noticed this problem with phoronix doing compilation tests,
  and then tried lmbench where even simple calls experience performance
  degradation.

  I've attempted to post to the kvm mailing list, but so far the only
  suggestion was it may be related to transparent hugepages not being
  used after migration, but this didn't pan out.  Someone else has a
  similar problem here -
  http://thread.gmane.org/gmane.comp.emulators.kvm.devel/100592

  qemu command line example: /usr/bin/kvm -name one-2 -S -M pc-1.2 -cpu
  Westmere -enable-kvm -m 73728 -smp 16,sockets=2,cores=8,threads=1
  -uuid f89e31a4-4945-c12c-6544-149ba0746c2f -no-user-config -nodefaults
  -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/one-2.monitor,server,nowait
  -mon chardev=charmonitor,id=monitor,mode=control -rtc
  base=utc,driftfix=slew -no-kvm-pit-reinjection -no-shutdown -device
  piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
  file=/var/lib/one//datastores/0/2/disk.0,if=none,id=drive-virtio-
  disk0,format=raw,cache=none -device virtio-blk-
  pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-
  disk0,bootindex=1 -drive
  file=/var/lib/one//datastores/0/2/disk.1,if=none,id=drive-
  ide0-0-0,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=0,drive
  =drive-ide0-0-0,id=ide0-0-0 -netdev
  tap,fd=23,id=hostnet0,vhost=on,vhostfd=25 -device virtio-net-
  pci,netdev=hostnet0,id=net0,mac=02:00:0a:64:02:fe,bus=pci.0,addr=0x3
  -vnc 0.0.0.0:2,password -vga cirrus -incoming tcp:0.0.0.0:49155
  -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5

  Disk backend is LVM running on SAN via FC connection (using symlink
  from /var/lib/one/datastores/0/2/disk.0 above)

  
  ubuntu-12.04 - first boot
  ==
  Simple syscall: 0.0527 microseconds
  Simple read: 0.1143 microseconds
  Simple write: 0.0953 microseconds
  Simple open/close: 1.0432 microseconds

  Using phoronix pts/compuational
  ImageMagick - 31.54s
  Linux Kernel 3.1 - 43.91s
  Mplayer - 30.49s
  PHP - 22.25s

  
  ubuntu-12.04 - post live migration
  ==
  Simple syscall: 0.0621 microseconds
  Simple read: 0.2485 microseconds
  Simple write: 0.2252 microseconds
  Simple open/close: 1.4626 microseconds

  Using phoronix pts/compilation
  ImageMagick - 43.29s
  Linux Kernel 3.1 - 76.67s
  Mplayer - 45.41s
  PHP - 29.1s

  
  I don't have phoronix results for 10.04 handy, but they were within 1% of 
each other...

  ubuntu-10.04 - first boot
  ==
  Simple syscall: 0.0524 microseconds
  Simple read: 0.1135 microseconds
  Simple write: 0.0972 microseconds
  Simple open/close: 1.1261 microseconds

  
  ubuntu-10.04 - post live migration
  ==
  Simple syscall: 0.0526 microseconds
  Simple read: 0.1075 microseconds
  Simple write: 0.0951 microseconds
  Simple open/close: 1.0413 microseconds

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1100843/+subscriptions

[Qemu-devel] [PATCH 03/15] exec: make qemu_get_ram_ptr private

[Paolo Bonzini]

It is a private interface between exec.c and memory.c.

Reviewed-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 include/exec/cpu-common.h  | 2 --
 include/exec/memory-internal.h | 1 +
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index cafc3c2..af851aa 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -49,8 +49,6 @@ typedef void CPUWriteMemoryFunc(void *opaque, hwaddr addr, 
uint32_t value);
 typedef uint32_t CPUReadMemoryFunc(void *opaque, hwaddr addr);
 
 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length);
-/* This should only be used for ram local to a device.  */
-void *qemu_get_ram_ptr(ram_addr_t addr);
 /* This should not be used by devices.  */
 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr);
 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr);
diff --git a/include/exec/memory-internal.h b/include/exec/memory-internal.h
index 1b156fd..8d15f90 100644
--- a/include/exec/memory-internal.h
+++ b/include/exec/memory-internal.h
@@ -46,6 +46,7 @@ void address_space_destroy_dispatch(AddressSpace *as);
 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
MemoryRegion *mr);
 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr);
+void *qemu_get_ram_ptr(ram_addr_t addr);
 void qemu_ram_free(ram_addr_t addr);
 void qemu_ram_free_from_ptr(ram_addr_t addr);
 
-- 
1.8.1.4

[Qemu-devel] [PATCH 17/22] memory: add big endian support to access_with_adjusted_size

[Paolo Bonzini]

This will be used to split 8-byte access down to two four-byte accesses.

Signed-off-by: Paolo Bonzini 
---
 memory.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/memory.c b/memory.c
index c72f56d..9085969 100644
--- a/memory.c
+++ b/memory.c
@@ -362,8 +362,12 @@ static void access_with_adjusted_size(hwaddr addr,
 access_size = MAX(MIN(size, access_size_max), access_size_min);
 access_mask = -1ULL >> (64 - access_size * 8);
 for (i = 0; i < size; i += access_size) {
-/* FIXME: big-endian support */
+#if TARGET_WORDS_BIGENDIAN
+access(opaque, addr + i, value, access_size,
+   (size - access_size - i) * 8, access_mask);
+#else
 access(opaque, addr + i, value, access_size, i * 8, access_mask);
+#endif
 }
 }
 
-- 
1.8.1.4

[Qemu-devel] [PATCH 01/22] exec: eliminate io_mem_ram

[Paolo Bonzini]

It is never used, the IOTLB always goes through io_mem_notdirty.

In fact in softmmu_template.h, if it were, QEMU would crash just
below the tests, as soon as io_mem_read/write dispatches to
error_mem_read/write.

Signed-off-by: Paolo Bonzini 
---
 exec.c  | 18 ++
 include/exec/cpu-common.h   |  1 -
 include/exec/softmmu_template.h |  4 ++--
 3 files changed, 4 insertions(+), 19 deletions(-)

diff --git a/exec.c b/exec.c
index 3a9ddcb..b720be5 100644
--- a/exec.c
+++ b/exec.c
@@ -66,7 +66,7 @@ AddressSpace address_space_io;
 AddressSpace address_space_memory;
 DMAContext dma_context_memory;
 
-MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
+MemoryRegion io_mem_rom, io_mem_unassigned, io_mem_notdirty;
 static MemoryRegion io_mem_subpage_ram;
 
 #endif
@@ -200,8 +200,7 @@ MemoryRegionSection *phys_page_find(AddressSpaceDispatch 
*d, hwaddr index)
 
 bool memory_region_is_unassigned(MemoryRegion *mr)
 {
-return mr != &io_mem_ram && mr != &io_mem_rom
-&& mr != &io_mem_notdirty && !mr->rom_device
+return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
 && mr != &io_mem_watch;
 }
 #endif
@@ -1419,18 +1418,6 @@ static uint64_t error_mem_read(void *opaque, hwaddr addr,
 abort();
 }
 
-static void error_mem_write(void *opaque, hwaddr addr,
-uint64_t value, unsigned size)
-{
-abort();
-}
-
-static const MemoryRegionOps error_mem_ops = {
-.read = error_mem_read,
-.write = error_mem_write,
-.endianness = DEVICE_NATIVE_ENDIAN,
-};
-
 static const MemoryRegionOps rom_mem_ops = {
 .read = error_mem_read,
 .write = unassigned_mem_write,
@@ -1691,7 +1678,6 @@ MemoryRegion *iotlb_to_region(hwaddr index)
 
 static void io_mem_init(void)
 {
-memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", 
UINT64_MAX);
 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
   "unassigned", UINT64_MAX);
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index af5258d..1686b8f 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -110,7 +110,6 @@ void stq_phys(hwaddr addr, uint64_t val);
 void cpu_physical_memory_write_rom(hwaddr addr,
const uint8_t *buf, int len);
 
-extern struct MemoryRegion io_mem_ram;
 extern struct MemoryRegion io_mem_rom;
 extern struct MemoryRegion io_mem_unassigned;
 extern struct MemoryRegion io_mem_notdirty;
diff --git a/include/exec/softmmu_template.h b/include/exec/softmmu_template.h
index b219191..4501dac 100644
--- a/include/exec/softmmu_template.h
+++ b/include/exec/softmmu_template.h
@@ -68,7 +68,7 @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState 
*env,
 
 physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
 env->mem_io_pc = retaddr;
-if (mr != &io_mem_ram && mr != &io_mem_rom
+if (mr != &io_mem_rom
 && mr != &io_mem_unassigned
 && mr != &io_mem_notdirty
 && !can_do_io(env)) {
@@ -218,7 +218,7 @@ static inline void glue(io_write, SUFFIX)(CPUArchState *env,
 MemoryRegion *mr = iotlb_to_region(physaddr);
 
 physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
-if (mr != &io_mem_ram && mr != &io_mem_rom
+if (mr != &io_mem_rom
 && mr != &io_mem_unassigned
 && mr != &io_mem_notdirty
 && !can_do_io(env)) {
-- 
1.8.1.4

[Qemu-devel] [PATCH 20/22] exec: just use io_mem_read/io_mem_write for 8-byte I/O accesses

[Paolo Bonzini]

The memory API is able to split it in two 4-byte accesses.

Signed-off-by: Paolo Bonzini 
---
 exec.c  |  8 +---
 include/exec/softmmu_template.h | 24 +---
 2 files changed, 2 insertions(+), 30 deletions(-)

diff --git a/exec.c b/exec.c
index 42f7636..3068077 100644
--- a/exec.c
+++ b/exec.c
@@ -2260,13 +2260,7 @@ static inline uint64_t ldq_phys_internal(hwaddr addr,
   false);
 if (l < 8 || !memory_access_is_direct(section->mr, false)) {
 /* I/O case */
-#ifdef TARGET_WORDS_BIGENDIAN
-val = io_mem_read(section->mr, addr1, 4) << 32;
-val |= io_mem_read(section->mr, addr1 + 4, 4);
-#else
-val = io_mem_read(section->mr, addr1, 4);
-val |= io_mem_read(section->mr, addr1 + 4, 4) << 32;
-#endif
+val = io_mem_read(section->mr, addr1, 8);
 #if defined(TARGET_WORDS_BIGENDIAN)
 if (endian == DEVICE_LITTLE_ENDIAN) {
 val = bswap64(val);
diff --git a/include/exec/softmmu_template.h b/include/exec/softmmu_template.h
index ca91fd0..292ca02 100644
--- a/include/exec/softmmu_template.h
+++ b/include/exec/softmmu_template.h
@@ -63,7 +63,6 @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState 
*env,
   target_ulong addr,
   uintptr_t retaddr)
 {
-DATA_TYPE res;
 MemoryRegion *mr = iotlb_to_region(physaddr);
 
 physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
@@ -73,18 +72,7 @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState 
*env,
 }
 
 env->mem_io_vaddr = addr;
-#if SHIFT <= 2
-res = io_mem_read(mr, physaddr, 1 << SHIFT);
-#else
-#ifdef TARGET_WORDS_BIGENDIAN
-res = io_mem_read(mr, physaddr, 4) << 32;
-res |= io_mem_read(mr, physaddr + 4, 4);
-#else
-res = io_mem_read(mr, physaddr, 4);
-res |= io_mem_read(mr, physaddr + 4, 4) << 32;
-#endif
-#endif /* SHIFT > 2 */
-return res;
+return io_mem_read(mr, physaddr, 1 << SHIFT);
 }
 
 /* handle all cases except unaligned access which span two pages */
@@ -221,17 +209,7 @@ static inline void glue(io_write, SUFFIX)(CPUArchState 
*env,
 
 env->mem_io_vaddr = addr;
 env->mem_io_pc = retaddr;
-#if SHIFT <= 2
 io_mem_write(mr, physaddr, val, 1 << SHIFT);
-#else
-#ifdef TARGET_WORDS_BIGENDIAN
-io_mem_write(mr, physaddr, (val >> 32), 4);
-io_mem_write(mr, physaddr + 4, (uint32_t)val, 4);
-#else
-io_mem_write(mr, physaddr, (uint32_t)val, 4);
-io_mem_write(mr, physaddr + 4, val >> 32, 4);
-#endif
-#endif /* SHIFT > 2 */
 }
 
 void glue(glue(helper_st, SUFFIX), MMUSUFFIX)(CPUArchState *env,
-- 
1.8.1.4

[Qemu-devel] [PATCH 11/15] memory: fix address space initialization/destruction

[Paolo Bonzini]

From: Avi Kivity 

A couple of fields were left uninitialized.  This was not observed earlier
because all address spaces were statically allocated.  Also free allocation
for those fields.

Reviewed-by: Peter Maydell 
Signed-off-by: Avi Kivity 
Signed-off-by: Paolo Bonzini 
---
 memory.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/memory.c b/memory.c
index 11bbeb7..9478f98 100644
--- a/memory.c
+++ b/memory.c
@@ -1572,6 +1572,8 @@ void address_space_init(AddressSpace *as, MemoryRegion 
*root)
 as->root = root;
 as->current_map = g_new(FlatView, 1);
 flatview_init(as->current_map);
+as->ioeventfd_nb = 0;
+as->ioeventfds = NULL;
 QTAILQ_INSERT_TAIL(&address_spaces, as, address_spaces_link);
 as->name = NULL;
 memory_region_transaction_commit();
@@ -1588,6 +1590,7 @@ void address_space_destroy(AddressSpace *as)
 address_space_destroy_dispatch(as);
 flatview_destroy(as->current_map);
 g_free(as->current_map);
+g_free(as->ioeventfds);
 }
 
 uint64_t io_mem_read(MemoryRegion *mr, hwaddr addr, unsigned size)
-- 
1.8.1.4

Re: [Qemu-devel] [PATCH 2/4] tcg/aarch64: implement new TCG target for aarch64

[Peter Maydell]

On 24 May 2013 18:17, Richard Henderson  wrote:
> On 05/24/2013 10:08 AM, Peter Maydell wrote:
>> Where's the waste? The procedure calling standard mandates that we
>> set FP up, so it's not like we can use it as a general purpose
>> register anywhere.
>
> Well, the calling standard is another document that's not available
> yet

Nope, it's been available for ages, along with the ELF and DWARF
specs and the C++ ABI:
  
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ihi0055b/index.html

> so obviously I don't know the rationale for that decision.  But
> it does seem like a register performing no useful function...

It does what a frame pointer usually does, ie permits the debugger
(and other tools) to unwind the stack.

thanks
-- PMM

[Qemu-devel] [Bug 1180970] *** affects all x86_64 soft emulation

[Duane Voth]

qemu: fatal: Trying to execute code outside RAM or ROM; worked in 1.4.0,
fails in 1.4.92

Want to bring a little attention to this bug - the break is in
target-i386/translate.c which affects all x86_64 soft emulation in a fairly
subtle way (ie. users will report a wide variety of problems none of which
seem to be related).  I can't find a way to elevate bug importance in
launchpad.

4a6fd938f5457ee161d2acbd9364608a2a68b7a1 is the offending commit.  There
have been numerous changes after this commit over top of the change that
broke emulation, so backing out this commit is not trivial.

I can reproduce the problem that is the subject of bug 1180970 for testing
easily.

[Qemu-devel] [Bug 1100843] Re: Live Migration Causes Performance Issues

[Paolo Bonzini]

Oops, I missed Chris's comment #28. Thanks.

>From comment #23, the 1.4 machine type seems to be "fast", while 1.3 is
slow. This doesn't make much sense, given the differences between the
two machine types:

enable_compat_apic_id_mode();

.driver   = "usb-tablet",\
.property = "usb_version",\
.value= stringify(1),\

.driver   = "virtio-net-pci",\
.property = "ctrl_mac_addr",\
.value= "off",  \

.driver   = "virtio-net-pci", \
.property = "mq", \
.value= "off", \

.driver   = "e1000",\
.property = "autonegotiation",\
.value= "off",\

This is why I suspected the issue was not 100% reproducible.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1100843

Title:
  Live Migration Causes Performance Issues

Status in QEMU:
  New
Status in “linux” package in Ubuntu:
  Confirmed
Status in “qemu-kvm” package in Ubuntu:
  Triaged

Bug description:
  I have 2 physical hosts running Ubuntu Precise.  With 1.0+noroms-
  0ubuntu14.7 and qemu-kvm 1.2.0+noroms-0ubuntu7 (source from quantal,
  built for Precise with pbuilder.) I attempted to build qemu-1.3.0 debs
  from source to test, but libvirt seems to have an issue with it that I
  haven't been able to track down yet.

   I'm seeing a performance degradation after live migration on Precise,
  but not Lucid.  These hosts are managed by libvirt (tested both
  0.9.8-2ubuntu17 and 1.0.0-0ubuntu4) in conjunction with OpenNebula.  I
  don't seem to have this problem with lucid guests (running a number of
  standard kernels, 3.2.5 mainline and backported linux-
  image-3.2.0-35-generic as well.)

  I first noticed this problem with phoronix doing compilation tests,
  and then tried lmbench where even simple calls experience performance
  degradation.

  I've attempted to post to the kvm mailing list, but so far the only
  suggestion was it may be related to transparent hugepages not being
  used after migration, but this didn't pan out.  Someone else has a
  similar problem here -
  http://thread.gmane.org/gmane.comp.emulators.kvm.devel/100592

  qemu command line example: /usr/bin/kvm -name one-2 -S -M pc-1.2 -cpu
  Westmere -enable-kvm -m 73728 -smp 16,sockets=2,cores=8,threads=1
  -uuid f89e31a4-4945-c12c-6544-149ba0746c2f -no-user-config -nodefaults
  -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/one-2.monitor,server,nowait
  -mon chardev=charmonitor,id=monitor,mode=control -rtc
  base=utc,driftfix=slew -no-kvm-pit-reinjection -no-shutdown -device
  piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
  file=/var/lib/one//datastores/0/2/disk.0,if=none,id=drive-virtio-
  disk0,format=raw,cache=none -device virtio-blk-
  pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-
  disk0,bootindex=1 -drive
  file=/var/lib/one//datastores/0/2/disk.1,if=none,id=drive-
  ide0-0-0,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=0,drive
  =drive-ide0-0-0,id=ide0-0-0 -netdev
  tap,fd=23,id=hostnet0,vhost=on,vhostfd=25 -device virtio-net-
  pci,netdev=hostnet0,id=net0,mac=02:00:0a:64:02:fe,bus=pci.0,addr=0x3
  -vnc 0.0.0.0:2,password -vga cirrus -incoming tcp:0.0.0.0:49155
  -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5

  Disk backend is LVM running on SAN via FC connection (using symlink
  from /var/lib/one/datastores/0/2/disk.0 above)

  
  ubuntu-12.04 - first boot
  ==
  Simple syscall: 0.0527 microseconds
  Simple read: 0.1143 microseconds
  Simple write: 0.0953 microseconds
  Simple open/close: 1.0432 microseconds

  Using phoronix pts/compuational
  ImageMagick - 31.54s
  Linux Kernel 3.1 - 43.91s
  Mplayer - 30.49s
  PHP - 22.25s

  
  ubuntu-12.04 - post live migration
  ==
  Simple syscall: 0.0621 microseconds
  Simple read: 0.2485 microseconds
  Simple write: 0.2252 microseconds
  Simple open/close: 1.4626 microseconds

  Using phoronix pts/compilation
  ImageMagick - 43.29s
  Linux Kernel 3.1 - 76.67s
  Mplayer - 45.41s
  PHP - 29.1s

  
  I don't have phoronix results for 10.04 handy, but they were within 1% of 
each other...

  ubuntu-10.04 - first boot
  ==
  Simple syscall: 0.0524 microseconds
  Simple read: 0.1135 microseconds
  Simple write: 0.0972 microseconds
  Simple open/close: 1.1261 microseconds

  
  ubuntu-10.04 - post live migration
  ==
  Simple syscall: 0.0526 microseconds
  Simple read: 0.1075 microseconds
  Simple write: 0.0951 microseconds
  Simple open/close: 1.0413 microseconds

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1100843/+subscriptions

[Qemu-devel] [PATCH 1/2] vfio: Convert type1 iommu to use rbtree

[Alex Williamson]

We need to keep track of all the DMA mappings of an iommu container so
that it can be automatically unmapped when the user releases the file
descriptor.  We currently do this using a simple list, where we merge
entries with contiguous iovas and virtual addresses.  Using a tree for
this is a bit more efficient and allows us to use common code instead
of inventing our own.

Signed-off-by: Alex Williamson 
---
 drivers/vfio/vfio_iommu_type1.c |  190 ---
 1 file changed, 96 insertions(+), 94 deletions(-)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 6f3fbc4..0e863b3 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -31,6 +31,7 @@
 #include 
 #include 
 #include  /* pci_bus_type */
+#include 
 #include 
 #include 
 #include 
@@ -50,13 +51,13 @@ MODULE_PARM_DESC(allow_unsafe_interrupts,
 struct vfio_iommu {
struct iommu_domain *domain;
struct mutexlock;
-   struct list_headdma_list;
+   struct rb_root  dma_list;
struct list_headgroup_list;
boolcache;
 };
 
 struct vfio_dma {
-   struct list_headnext;
+   struct rb_node  node;
dma_addr_t  iova;   /* Device address */
unsigned long   vaddr;  /* Process virtual addr */
longnpage;  /* Number of pages */
@@ -75,6 +76,49 @@ struct vfio_group {
 
 #define NPAGE_TO_SIZE(npage)   ((size_t)(npage) << PAGE_SHIFT)
 
+static struct vfio_dma *vfio_find_dma(struct vfio_iommu *iommu,
+ dma_addr_t start, size_t size)
+{
+   struct rb_node *node = iommu->dma_list.rb_node;
+
+   while (node) {
+   struct vfio_dma *dma = rb_entry(node, struct vfio_dma, node);
+
+   if (start + size <= dma->iova)
+   node = node->rb_left;
+   else if (start >= dma->iova + NPAGE_TO_SIZE(dma->npage))
+   node = node->rb_right;
+   else
+   return dma;
+   }
+
+   return NULL;
+}
+
+static void vfio_insert_dma(struct vfio_iommu *iommu, struct vfio_dma *new)
+{
+   struct rb_node **link = &iommu->dma_list.rb_node, *parent = NULL;
+   struct vfio_dma *dma;
+
+   while (*link) {
+   parent = *link;
+   dma = rb_entry(parent, struct vfio_dma, node);
+
+   if (new->iova + NPAGE_TO_SIZE(new->npage) <= dma->iova)
+   link = &(*link)->rb_left;
+   else
+   link = &(*link)->rb_right;
+   }
+
+   rb_link_node(&new->node, parent, link);
+   rb_insert_color(&new->node, &iommu->dma_list);
+}
+
+static void vfio_remove_dma(struct vfio_iommu *iommu, struct vfio_dma *old)
+{
+   rb_erase(&old->node, &iommu->dma_list);
+}
+
 struct vwork {
struct mm_struct*mm;
longnpage;
@@ -289,31 +333,8 @@ static int __vfio_dma_map(struct vfio_iommu *iommu, 
dma_addr_t iova,
return 0;
 }
 
-static inline bool ranges_overlap(dma_addr_t start1, size_t size1,
- dma_addr_t start2, size_t size2)
-{
-   if (start1 < start2)
-   return (start2 - start1 < size1);
-   else if (start2 < start1)
-   return (start1 - start2 < size2);
-   return (size1 > 0 && size2 > 0);
-}
-
-static struct vfio_dma *vfio_find_dma(struct vfio_iommu *iommu,
-   dma_addr_t start, size_t size)
-{
-   struct vfio_dma *dma;
-
-   list_for_each_entry(dma, &iommu->dma_list, next) {
-   if (ranges_overlap(dma->iova, NPAGE_TO_SIZE(dma->npage),
-  start, size))
-   return dma;
-   }
-   return NULL;
-}
-
-static long vfio_remove_dma_overlap(struct vfio_iommu *iommu, dma_addr_t start,
-   size_t size, struct vfio_dma *dma)
+static int vfio_remove_dma_overlap(struct vfio_iommu *iommu, dma_addr_t start,
+  size_t size, struct vfio_dma *dma)
 {
struct vfio_dma *split;
long npage_lo, npage_hi;
@@ -322,10 +343,9 @@ static long vfio_remove_dma_overlap(struct vfio_iommu 
*iommu, dma_addr_t start,
if (start <= dma->iova &&
start + size >= dma->iova + NPAGE_TO_SIZE(dma->npage)) {
vfio_dma_unmap(iommu, dma->iova, dma->npage, dma->prot);
-   list_del(&dma->next);
-   npage_lo = dma->npage;
+   vfio_remove_dma(iommu, dma);
kfree(dma);
-   return npage_lo;
+   return 0;
}
 
/* Overlap low address of existing range */
@@ -339,7 +359,7 @@ static long vfio_remove_dma_overlap(struct vfio_iommu 
*iommu, dma_addr_t start,
dma->iova += ov

[Qemu-devel] [PATCH 2/2] vfio: hugepage support for vfio_iommu_type1

[Alex Williamson]

We currently send all mappings to the iommu in PAGE_SIZE chunks,
which prevents the iommu from enabling support for larger page sizes.
We still need to pin pages, which means we step through them in
PAGE_SIZE chunks, but we can batch up contiguous physical memory
chunks to allow the iommu the opportunity to use larger pages.  The
approach here is a bit different that the one currently used for
legacy KVM device assignment.  Rather than looking at the vma page
size and using that as the maximum size to pass to the iommu, we
instead simply look at whether the next page is physically
contiguous.  This means we might ask the iommu to map a 4MB region,
while legacy KVM might limit itself to a maximum of 2MB.

Splitting our mapping path also allows us to be smarter about locked
memory because we can more easily unwind if the user attempts to
exceed the limit.  Therefore, rather than assuming that a mapping
will result in locked memory, we test each page as it is pinned to
determine whether it locks RAM vs an mmap'd MMIO region.  This should
result in better locking granularity and less locked page fudge
factors in userspace.

The unmap path uses the same algorithm as legacy KVM.  We don't want
to track the pfn for each mapping ourselves, but we need the pfn in
order to unpin pages.  We therefore ask the iommu for the iova to
physical address translation, ask it to unpin a page, and see how many
pages were actually unpinned.  iommus supporting large pages will
often return something bigger than a page here, which we know will be
physically contiguous and we can unpin a batch of pfns.  iommus not
supporting large mappings won't see an improvement in batching here as
they only unmap a page at a time.

With this change, we also make a clarification to the API for mapping
and unmapping DMA.  We can only guarantee unmaps at the same
granularity as used for the original mapping.  In other words,
unmapping a subregion of a previous mapping is not guaranteed and may
result in a larger or smaller unmapping than requested.  The size
field in the unmapping structure is updated to reflect this.
Previously this was unmodified on mapping, always returning the the
requested unmap size.  This is now updated to return the actual unmap
size on success, allowing userspace to appropriately track mappings.

Signed-off-by: Alex Williamson 
---
 drivers/vfio/vfio_iommu_type1.c |  523 +--
 include/uapi/linux/vfio.h   |8 -
 2 files changed, 344 insertions(+), 187 deletions(-)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 0e863b3..6654a7e 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -60,7 +60,7 @@ struct vfio_dma {
struct rb_node  node;
dma_addr_t  iova;   /* Device address */
unsigned long   vaddr;  /* Process virtual addr */
-   longnpage;  /* Number of pages */
+   size_t  size;   /* Map size (bytes) */
int prot;   /* IOMMU_READ/WRITE */
 };
 
@@ -74,8 +74,6 @@ struct vfio_group {
  * into DMA'ble space using the IOMMU
  */
 
-#define NPAGE_TO_SIZE(npage)   ((size_t)(npage) << PAGE_SHIFT)
-
 static struct vfio_dma *vfio_find_dma(struct vfio_iommu *iommu,
  dma_addr_t start, size_t size)
 {
@@ -86,7 +84,7 @@ static struct vfio_dma *vfio_find_dma(struct vfio_iommu 
*iommu,
 
if (start + size <= dma->iova)
node = node->rb_left;
-   else if (start >= dma->iova + NPAGE_TO_SIZE(dma->npage))
+   else if (start >= dma->iova + dma->size)
node = node->rb_right;
else
return dma;
@@ -104,7 +102,7 @@ static void vfio_insert_dma(struct vfio_iommu *iommu, 
struct vfio_dma *new)
parent = *link;
dma = rb_entry(parent, struct vfio_dma, node);
 
-   if (new->iova + NPAGE_TO_SIZE(new->npage) <= dma->iova)
+   if (new->iova + new->size <= dma->iova)
link = &(*link)->rb_left;
else
link = &(*link)->rb_right;
@@ -144,8 +142,8 @@ static void vfio_lock_acct(long npage)
struct vwork *vwork;
struct mm_struct *mm;
 
-   if (!current->mm)
-   return; /* process exited */
+   if (!current->mm || !npage)
+   return; /* process exited or nothing to do */
 
if (down_write_trylock(¤t->mm->mmap_sem)) {
current->mm->locked_vm += npage;
@@ -217,33 +215,6 @@ static int put_pfn(unsigned long pfn, int prot)
return 0;
 }
 
-/* Unmap DMA region */
-static long __vfio_dma_do_unmap(struct vfio_iommu *iommu, dma_addr_t iova,
-long npage, int prot)
-{
-   long i, unlocked = 0;
-
-   for (i = 0; i < npage; 

[Qemu-devel] [PATCH 0/2] vfio: type1 iommu hugepage support

[Alex Williamson]

This series let's the vfio type1 iommu backend take advantage of iommu
large page support.  See patch 2/2 for the details.  This has been
tested on both amd_iommu and intel_iommu, but only my AMD system has
large page support.  I'd appreciate any testing and feedback on other
systems, particularly vt-d systems supporting large pages.  Mapping
efficiency should be improved a bit without iommu hugepages, but I
hope that it's much more noticeable with huge pages, especially for
very large QEMU guests.

This change includes a clarification to the mapping expectations for
users of the type1 iommu, but is compatible with known users and works
with existing QEMU userspace supporting vfio.  Thanks,

Alex

---

Alex Williamson (2):
  vfio: Convert type1 iommu to use rbtree
  vfio: hugepage support for vfio_iommu_type1


 drivers/vfio/vfio_iommu_type1.c |  607 ---
 include/uapi/linux/vfio.h   |8 -
 2 files changed, 387 insertions(+), 228 deletions(-)

[Qemu-devel] [PATCH 10/22] exec: expect mr->ops to be initialized for ROM

[Paolo Bonzini]

There is no need anymore to use the special phys_section_rom section.

Signed-off-by: Paolo Bonzini 
---
 exec.c | 9 -
 1 file changed, 9 deletions(-)

diff --git a/exec.c b/exec.c
index 613bbd7..411a224 100644
--- a/exec.c
+++ b/exec.c
@@ -2332,9 +2332,6 @@ void stl_phys_notdirty(hwaddr addr, uint32_t val)
 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
   true);
 if (l < 4 || !memory_region_is_ram(section->mr) || section->readonly) {
-if (memory_region_is_ram(section->mr)) {
-section = &phys_sections[phys_section_rom];
-}
 io_mem_write(section->mr, addr1, val, 4);
 } else {
 addr1 += memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK;
@@ -2365,9 +2362,6 @@ static inline void stl_phys_internal(hwaddr addr, 
uint32_t val,
 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
   true);
 if (l < 4 || !memory_region_is_ram(section->mr) || section->readonly) {
-if (memory_region_is_ram(section->mr)) {
-section = &phys_sections[phys_section_rom];
-}
 #if defined(TARGET_WORDS_BIGENDIAN)
 if (endian == DEVICE_LITTLE_ENDIAN) {
 val = bswap32(val);
@@ -2431,9 +2425,6 @@ static inline void stw_phys_internal(hwaddr addr, 
uint32_t val,
 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
   true);
 if (l < 2 || !memory_region_is_ram(section->mr) || section->readonly) {
-if (memory_region_is_ram(section->mr)) {
-section = &phys_sections[phys_section_rom];
-}
 #if defined(TARGET_WORDS_BIGENDIAN)
 if (endian == DEVICE_LITTLE_ENDIAN) {
 val = bswap16(val);
-- 
1.8.1.4

[Qemu-devel] [PATCH 15/22] memory: add address_space_access_valid

[Paolo Bonzini]

The old-style IOMMU lets you check whether an access is valid in a
given DMAContext.  There is no equivalent for AddressSpace in the
memory API, but we can implement it easily.

Signed-off-by: Paolo Bonzini 
---
 dma-helpers.c |  5 +
 exec.c| 21 +
 include/exec/memory.h | 15 +++
 include/sysemu/dma.h  |  3 ++-
 4 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/dma-helpers.c b/dma-helpers.c
index 272632f..2e298b6 100644
--- a/dma-helpers.c
+++ b/dma-helpers.c
@@ -298,6 +298,11 @@ bool iommu_dma_memory_valid(DMAContext *dma, dma_addr_t 
addr, dma_addr_t len,
 plen = len;
 }
 
+if (!address_space_access_valid(dma->as, paddr, len,
+dir == DMA_DIRECTION_FROM_DEVICE)) {
+return false;
+}
+
 len -= plen;
 addr += plen;
 }
diff --git a/exec.c b/exec.c
index 8107530..17a3292 100644
--- a/exec.c
+++ b/exec.c
@@ -2064,6 +2064,27 @@ static void cpu_notify_map_clients(void)
 }
 }
 
+bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool 
is_write)
+{
+MemoryRegionSection *section;
+hwaddr l, xlat;
+
+while (len > 0) {
+l = len;
+section = address_space_translate(as, addr, &xlat, &l, is_write);
+if (!memory_access_is_direct(section->mr, is_write)) {
+l = memory_access_size(l, addr);
+if (!memory_region_access_valid(section->mr, xlat, l, is_write)) {
+return false;
+}
+}
+
+len -= l;
+addr += l;
+}
+return true;
+}
+
 /* Map a physical memory region into a host virtual address.
  * May map a subset of the requested range, given by and returned in *plen.
  * May return NULL if resources needed to perform the mapping are exhausted.
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 688d3f0..81e0e41 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -866,6 +866,21 @@ MemoryRegionSection *address_space_translate(AddressSpace 
*as, hwaddr addr,
  hwaddr *xlat, hwaddr *len,
  bool is_write);
 
+/* address_space_access_valid: check for validity of accessing an address
+ * space range
+ *
+ * Check whether memory is assigned to the given address space range.
+ *
+ * For now, addr and len should be aligned to a page size.  This limitation
+ * will be lifted in the future.
+ *
+ * @as: #AddressSpace to be accessed
+ * @addr: address within that address space
+ * @len: length of the area to be checked
+ * @is_write: indicates the transfer direction
+ */
+bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool 
is_write);
+
 /* address_space_map: map a physical memory region into a host virtual address
  *
  * May map a subset of the requested range, given by and returned in @plen.
diff --git a/include/sysemu/dma.h b/include/sysemu/dma.h
index a52c93a..02e0dcd 100644
--- a/include/sysemu/dma.h
+++ b/include/sysemu/dma.h
@@ -113,7 +113,8 @@ static inline bool dma_memory_valid(DMAContext *dma,
 DMADirection dir)
 {
 if (!dma_has_iommu(dma)) {
-return true;
+return address_space_access_valid(dma->as, addr, len,
+  dir == DMA_DIRECTION_FROM_DEVICE);
 } else {
 return iommu_dma_memory_valid(dma, addr, len, dir);
 }
-- 
1.8.1.4

Re: [Qemu-devel] [PATCH 2/4] tcg/aarch64: implement new TCG target for aarch64

[Richard Henderson]

On 05/24/2013 10:08 AM, Peter Maydell wrote:
> Where's the waste? The procedure calling standard mandates that we
> set FP up, so it's not like we can use it as a general purpose
> register anywhere.

Well, the calling standard is another document that's not available yet, so
obviously I don't know the rationale for that decision.  But it does seem like
a register performing no useful function...


r~

[Qemu-devel] [Bug 1100843] Re: Live Migration Causes Performance Issues

[Paolo Bonzini]

Can you please check  if you have EPT enabled? This could be
https://bugzilla.kernel.org/show_bug.cgi?id=58771

** Bug watch added: Linux Kernel Bug Tracker #58771
   http://bugzilla.kernel.org/show_bug.cgi?id=58771

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1100843

Title:
  Live Migration Causes Performance Issues

Status in QEMU:
  New
Status in “linux” package in Ubuntu:
  Confirmed
Status in “qemu-kvm” package in Ubuntu:
  Triaged

Bug description:
  I have 2 physical hosts running Ubuntu Precise.  With 1.0+noroms-
  0ubuntu14.7 and qemu-kvm 1.2.0+noroms-0ubuntu7 (source from quantal,
  built for Precise with pbuilder.) I attempted to build qemu-1.3.0 debs
  from source to test, but libvirt seems to have an issue with it that I
  haven't been able to track down yet.

   I'm seeing a performance degradation after live migration on Precise,
  but not Lucid.  These hosts are managed by libvirt (tested both
  0.9.8-2ubuntu17 and 1.0.0-0ubuntu4) in conjunction with OpenNebula.  I
  don't seem to have this problem with lucid guests (running a number of
  standard kernels, 3.2.5 mainline and backported linux-
  image-3.2.0-35-generic as well.)

  I first noticed this problem with phoronix doing compilation tests,
  and then tried lmbench where even simple calls experience performance
  degradation.

  I've attempted to post to the kvm mailing list, but so far the only
  suggestion was it may be related to transparent hugepages not being
  used after migration, but this didn't pan out.  Someone else has a
  similar problem here -
  http://thread.gmane.org/gmane.comp.emulators.kvm.devel/100592

  qemu command line example: /usr/bin/kvm -name one-2 -S -M pc-1.2 -cpu
  Westmere -enable-kvm -m 73728 -smp 16,sockets=2,cores=8,threads=1
  -uuid f89e31a4-4945-c12c-6544-149ba0746c2f -no-user-config -nodefaults
  -chardev
  socket,id=charmonitor,path=/var/lib/libvirt/qemu/one-2.monitor,server,nowait
  -mon chardev=charmonitor,id=monitor,mode=control -rtc
  base=utc,driftfix=slew -no-kvm-pit-reinjection -no-shutdown -device
  piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
  file=/var/lib/one//datastores/0/2/disk.0,if=none,id=drive-virtio-
  disk0,format=raw,cache=none -device virtio-blk-
  pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-
  disk0,bootindex=1 -drive
  file=/var/lib/one//datastores/0/2/disk.1,if=none,id=drive-
  ide0-0-0,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=0,drive
  =drive-ide0-0-0,id=ide0-0-0 -netdev
  tap,fd=23,id=hostnet0,vhost=on,vhostfd=25 -device virtio-net-
  pci,netdev=hostnet0,id=net0,mac=02:00:0a:64:02:fe,bus=pci.0,addr=0x3
  -vnc 0.0.0.0:2,password -vga cirrus -incoming tcp:0.0.0.0:49155
  -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5

  Disk backend is LVM running on SAN via FC connection (using symlink
  from /var/lib/one/datastores/0/2/disk.0 above)

  
  ubuntu-12.04 - first boot
  ==
  Simple syscall: 0.0527 microseconds
  Simple read: 0.1143 microseconds
  Simple write: 0.0953 microseconds
  Simple open/close: 1.0432 microseconds

  Using phoronix pts/compuational
  ImageMagick - 31.54s
  Linux Kernel 3.1 - 43.91s
  Mplayer - 30.49s
  PHP - 22.25s

  
  ubuntu-12.04 - post live migration
  ==
  Simple syscall: 0.0621 microseconds
  Simple read: 0.2485 microseconds
  Simple write: 0.2252 microseconds
  Simple open/close: 1.4626 microseconds

  Using phoronix pts/compilation
  ImageMagick - 43.29s
  Linux Kernel 3.1 - 76.67s
  Mplayer - 45.41s
  PHP - 29.1s

  
  I don't have phoronix results for 10.04 handy, but they were within 1% of 
each other...

  ubuntu-10.04 - first boot
  ==
  Simple syscall: 0.0524 microseconds
  Simple read: 0.1135 microseconds
  Simple write: 0.0972 microseconds
  Simple open/close: 1.1261 microseconds

  
  ubuntu-10.04 - post live migration
  ==
  Simple syscall: 0.0526 microseconds
  Simple read: 0.1075 microseconds
  Simple write: 0.0951 microseconds
  Simple open/close: 1.0413 microseconds

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1100843/+subscriptions

[Qemu-devel] [PATCH 22/22] memory: add return value to address_space_rw/read/write

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 exec.c| 34 +++---
 include/exec/memory.h | 12 +---
 2 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/exec.c b/exec.c
index 28dcee9..07bc4f9 100644
--- a/exec.c
+++ b/exec.c
@@ -1899,7 +1899,7 @@ static inline int memory_access_size(int l, hwaddr addr)
 return 1;
 }
 
-void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
+bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
   int len, bool is_write)
 {
 hwaddr l;
@@ -1907,6 +1907,7 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 uint64_t val;
 hwaddr addr1;
 MemoryRegionSection *section;
+bool error = false;
 
 while (len > 0) {
 l = len;
@@ -1920,15 +1921,15 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 if (l == 4) {
 /* 32 bit write access */
 val = ldl_p(buf);
-io_mem_write(section->mr, addr1, val, 4);
+error |= io_mem_write(section->mr, addr1, val, 4);
 } else if (l == 2) {
 /* 16 bit write access */
 val = lduw_p(buf);
-io_mem_write(section->mr, addr1, val, 2);
+error |= io_mem_write(section->mr, addr1, val, 2);
 } else {
 /* 8 bit write access */
 val = ldub_p(buf);
-io_mem_write(section->mr, addr1, val, 1);
+error |= io_mem_write(section->mr, addr1, val, 1);
 }
 } else {
 addr1 += memory_region_get_ram_addr(section->mr);
@@ -1943,15 +1944,15 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 l = memory_access_size(l, addr1);
 if (l == 4) {
 /* 32 bit read access */
-io_mem_read(section->mr, addr1, &val, 4);
+error |= io_mem_read(section->mr, addr1, &val, 4);
 stl_p(buf, val);
 } else if (l == 2) {
 /* 16 bit read access */
-io_mem_read(section->mr, addr1, &val, 2);
+error |= io_mem_read(section->mr, addr1, &val, 2);
 stw_p(buf, val);
 } else {
 /* 8 bit read access */
-io_mem_read(section->mr, addr1, &val, 1);
+error |= io_mem_read(section->mr, addr1, &val, 1);
 stb_p(buf, val);
 }
 } else {
@@ -1964,31 +1965,26 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 buf += l;
 addr += l;
 }
+
+return error;
 }
 
-void address_space_write(AddressSpace *as, hwaddr addr,
+bool address_space_write(AddressSpace *as, hwaddr addr,
  const uint8_t *buf, int len)
 {
-address_space_rw(as, addr, (uint8_t *)buf, len, true);
+return address_space_rw(as, addr, (uint8_t *)buf, len, true);
 }
 
-/**
- * address_space_read: read from an address space.
- *
- * @as: #AddressSpace to be accessed
- * @addr: address within that address space
- * @buf: buffer with the data transferred
- */
-void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
+bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
 {
-address_space_rw(as, addr, buf, len, false);
+return address_space_rw(as, addr, buf, len, false);
 }
 
 
 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
 int len, int is_write)
 {
-return address_space_rw(&address_space_memory, addr, buf, len, is_write);
+address_space_rw(&address_space_memory, addr, buf, len, is_write);
 }
 
 /* used for ROM loading : can write in RAM and ROM */
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 81e0e41..d53a6a1 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -825,32 +825,38 @@ void address_space_destroy(AddressSpace *as);
 /**
  * address_space_rw: read from or write to an address space.
  *
+ * Return true if the operation hit any unassigned memory.
+ *
  * @as: #AddressSpace to be accessed
  * @addr: address within that address space
  * @buf: buffer with the data transferred
  * @is_write: indicates the transfer direction
  */
-void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
+bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
   int len, bool is_write);
 
 /**
  * address_space_write: write to address space.
  *
+ * Return true if the operation hit any unassigned memory.
+ *
  * @as: #AddressSpace to be accessed
  * @addr: address within that address space
  * @buf: buffer with the data transferred
  */
-void address_space_write(AddressSpace *as, hwaddr addr,
+bool address_spac

[Qemu-devel] [PATCH 19/22] memory: correctly handle endian-swapped 64-bit accesses

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 exec.c   | 12 +---
 memory.c |  3 +++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/exec.c b/exec.c
index 17a3292..42f7636 100644
--- a/exec.c
+++ b/exec.c
@@ -2260,9 +2260,6 @@ static inline uint64_t ldq_phys_internal(hwaddr addr,
   false);
 if (l < 8 || !memory_access_is_direct(section->mr, false)) {
 /* I/O case */
-
-/* XXX This is broken when device endian != cpu endian.
-   Fix and add "endian" variable check */
 #ifdef TARGET_WORDS_BIGENDIAN
 val = io_mem_read(section->mr, addr1, 4) << 32;
 val |= io_mem_read(section->mr, addr1 + 4, 4);
@@ -2270,6 +2267,15 @@ static inline uint64_t ldq_phys_internal(hwaddr addr,
 val = io_mem_read(section->mr, addr1, 4);
 val |= io_mem_read(section->mr, addr1 + 4, 4) << 32;
 #endif
+#if defined(TARGET_WORDS_BIGENDIAN)
+if (endian == DEVICE_LITTLE_ENDIAN) {
+val = bswap64(val);
+}
+#else
+if (endian == DEVICE_BIG_ENDIAN) {
+val = bswap64(val);
+}
+#endif
 } else {
 /* RAM case */
 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
diff --git a/memory.c b/memory.c
index 728a6c5..c9833a3 100644
--- a/memory.c
+++ b/memory.c
@@ -957,6 +957,9 @@ static void adjust_endianness(MemoryRegion *mr, uint64_t 
*data, unsigned size)
 case 4:
 *data = bswap32(*data);
 break;
+case 8:
+*data = bswap64(*data);
+break;
 default:
 abort();
 }
-- 
1.8.1.4

[Qemu-devel] [PATCH 14/22] exec: implement .valid.accepts for subpages

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 exec.c | 20 
 1 file changed, 20 insertions(+)

diff --git a/exec.c b/exec.c
index 519a82d..8107530 100644
--- a/exec.c
+++ b/exec.c
@@ -1555,9 +1555,29 @@ static void subpage_write(void *opaque, hwaddr addr,
 io_mem_write(section->mr, addr, value, len);
 }
 
+static bool subpage_accepts(void *opaque, hwaddr addr,
+unsigned size, bool is_write)
+{
+subpage_t *mmio = opaque;
+unsigned int idx = SUBPAGE_IDX(addr);
+MemoryRegionSection *section;
+#if defined(DEBUG_SUBPAGE)
+printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx
+   " idx %d\n", __func__, mmio,
+   is_write ? 'w' : 'r', len, addr, idx);
+#endif
+
+section = &phys_sections[mmio->sub_section[idx]];
+addr += mmio->base;
+addr -= section->offset_within_address_space;
+addr += section->offset_within_region;
+return memory_region_access_valid(section->mr, addr, size, is_write);
+}
+
 static const MemoryRegionOps subpage_ops = {
 .read = subpage_read,
 .write = subpage_write,
+.valid.accepts = subpage_accepts,
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-- 
1.8.1.4

[Qemu-devel] [PATCH 09/22] memory: assign MemoryRegionOps to all regions

[Paolo Bonzini]

This allows to remove the checks on section->readonly.  Write
accesses to ROM will not be considered "direct" even in exec.c,
and will go through mr->ops just like TCG does.

Signed-off-by: Paolo Bonzini 
---
 memory.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/memory.c b/memory.c
index 2e4f547..f2135d1 100644
--- a/memory.c
+++ b/memory.c
@@ -788,7 +788,8 @@ void memory_region_init(MemoryRegion *mr,
 const char *name,
 uint64_t size)
 {
-mr->ops = NULL;
+mr->ops = &unassigned_mem_ops;
+mr->opaque = NULL;
 mr->parent = NULL;
 mr->size = int128_make64(size);
 if (size == UINT64_MAX) {
-- 
1.8.1.4

[Qemu-devel] [PATCH 12/22] exec: introduce memory_access_size

[Paolo Bonzini]

This will be used by address_space_access_valid too.

Signed-off-by: Paolo Bonzini 
---
 exec.c | 27 +--
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/exec.c b/exec.c
index 7f6b5dd..519a82d 100644
--- a/exec.c
+++ b/exec.c
@@ -1865,6 +1865,17 @@ static inline bool memory_access_is_direct(MemoryRegion 
*mr, bool is_write)
 return false;
 }
 
+static inline int memory_access_size(int l, hwaddr addr)
+{
+if (l >= 4 && ((addr & 3) == 0)) {
+return 4;
+}
+if (l >= 2 && ((addr & 1) == 0)) {
+return 2;
+}
+return 1;
+}
+
 void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
   int len, bool is_write)
 {
@@ -1880,23 +1891,21 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 
 if (is_write) {
 if (!memory_access_is_direct(section->mr, is_write)) {
+l = memory_access_size(l, addr1);
 /* XXX: could force cpu_single_env to NULL to avoid
potential bugs */
-if (l >= 4 && ((addr1 & 3) == 0)) {
+if (l == 4) {
 /* 32 bit write access */
 val = ldl_p(buf);
 io_mem_write(section->mr, addr1, val, 4);
-l = 4;
-} else if (l >= 2 && ((addr1 & 1) == 0)) {
+} else if (l == 2) {
 /* 16 bit write access */
 val = lduw_p(buf);
 io_mem_write(section->mr, addr1, val, 2);
-l = 2;
 } else {
 /* 8 bit write access */
 val = ldub_p(buf);
 io_mem_write(section->mr, addr1, val, 1);
-l = 1;
 }
 } else {
 addr1 += memory_region_get_ram_addr(section->mr);
@@ -1908,21 +1917,19 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 } else {
 if (!memory_access_is_direct(section->mr, is_write)) {
 /* I/O case */
-if (l >= 4 && ((addr1 & 3) == 0)) {
+l = memory_access_size(l, addr1);
+if (l == 4) {
 /* 32 bit read access */
 val = io_mem_read(section->mr, addr1, 4);
 stl_p(buf, val);
-l = 4;
-} else if (l >= 2 && ((addr1 & 1) == 0)) {
+} else if (l == 2) {
 /* 16 bit read access */
 val = io_mem_read(section->mr, addr1, 2);
 stw_p(buf, val);
-l = 2;
 } else {
 /* 8 bit read access */
 val = io_mem_read(section->mr, addr1, 1);
 stb_p(buf, val);
-l = 1;
 }
 } else {
 /* RAM case */
-- 
1.8.1.4

[Qemu-devel] [PATCH 06/22] memory: dispatch unassigned accesses based on .valid.accepts

[Paolo Bonzini]

This provides the basics for detecting accesses to unassigned memory
as soon as they happen, and also for a simple implementation of
address_space_access_valid.

Signed-off-by: Paolo Bonzini 
---
 exec.c   | 36 
 memory.c | 28 ++--
 2 files changed, 38 insertions(+), 26 deletions(-)

diff --git a/exec.c b/exec.c
index 785eeeb..c5100d6 100644
--- a/exec.c
+++ b/exec.c
@@ -50,7 +50,6 @@
 
 #include "exec/memory-internal.h"
 
-//#define DEBUG_UNASSIGNED
 //#define DEBUG_SUBPAGE
 
 #if !defined(CONFIG_USER_ONLY)
@@ -1383,32 +1383,14 @@ ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
 return ram_addr;
 }
 
-static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
-unsigned size)
+static bool unassigned_mem_accepts(void *opaque, hwaddr addr,
+   unsigned size, bool is_write)
 {
-#ifdef DEBUG_UNASSIGNED
-printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
-#endif
-#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || 
defined(TARGET_MICROBLAZE)
-cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
-#endif
-return 0;
-}
-
-static void unassigned_mem_write(void *opaque, hwaddr addr,
- uint64_t val, unsigned size)
-{
-#ifdef DEBUG_UNASSIGNED
-printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, 
val);
-#endif
-#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || 
defined(TARGET_MICROBLAZE)
-cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
-#endif
+return false;
 }
 
-static const MemoryRegionOps unassigned_mem_ops = {
-.read = unassigned_mem_read,
-.write = unassigned_mem_write,
+const MemoryRegionOps unassigned_mem_ops = {
+.valid.accepts = unassigned_mem_accepts,
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
@@ -1442,9 +1424,15 @@ static void notdirty_mem_write(void *opaque, hwaddr 
ram_addr,
 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
 }
 
+static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
+ unsigned size, bool is_write)
+{
+return is_write;
+}
+
 static const MemoryRegionOps notdirty_mem_ops = {
-.read = unassigned_mem_read,
 .write = notdirty_mem_write,
+.valid.accepts = notdirty_mem_accepts,
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
diff --git a/memory.c b/memory.c
index 99f046d..15da877 100644
--- a/memory.c
+++ b/memory.c
@@ -22,6 +22,8 @@
 
 #include "exec/memory-internal.h"
 
+//#define DEBUG_UNASSIGNED
+
 static unsigned memory_region_transaction_depth;
 static bool memory_region_update_pending;
 static bool global_dirty_log = false;
@@ -814,6 +814,29 @@ void memory_region_init(MemoryRegion *mr,
 mr->flush_coalesced_mmio = false;
 }
 
+static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
+unsigned size)
+{
+#ifdef DEBUG_UNASSIGNED
+printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
+#endif
+#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || 
defined(TARGET_MICROBLAZE)
+cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
+#endif
+return 0;
+}
+
+static void unassigned_mem_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+#ifdef DEBUG_UNASSIGNED
+printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, 
val);
+#endif
+#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || 
defined(TARGET_MICROBLAZE)
+cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
+#endif
+}
+
 static bool memory_region_access_valid(MemoryRegion *mr,
hwaddr addr,
unsigned size,
@@ -847,7 +870,7 @@ static uint64_t memory_region_dispatch_read1(MemoryRegion 
*mr,
 uint64_t data = 0;
 
 if (!memory_region_access_valid(mr, addr, size, false)) {
-return -1U; /* FIXME: better signalling */
+return unassigned_mem_read(mr, addr, size);
 }
 
 if (!mr->ops->read) {
@@ -898,7 +921,8 @@ static void memory_region_dispatch_write(MemoryRegion *mr,
  unsigned size)
 {
 if (!memory_region_access_valid(mr, addr, size, true)) {
-return; /* FIXME: better signalling */
+unassigned_mem_write(mr, addr, data, size);
+return;
 }
 
 adjust_endianness(mr, &data, size);
-- 
1.8.1.4

[Qemu-devel] [PATCH 18/22] memory: split accesses even when the old MMIO callbacks are used

[Paolo Bonzini]

This is useful for 64-bit memory accesses.

Signed-off-by: Paolo Bonzini 
---
 memory.c | 63 ++-
 1 file changed, 46 insertions(+), 17 deletions(-)

diff --git a/memory.c b/memory.c
index 9085969..728a6c5 100644
--- a/memory.c
+++ b/memory.c
@@ -302,6 +302,20 @@ static void flatview_simplify(FlatView *view)
 }
 }
 
+static void memory_region_oldmmio_read_accessor(void *opaque,
+hwaddr addr,
+uint64_t *value,
+unsigned size,
+unsigned shift,
+uint64_t mask)
+{
+MemoryRegion *mr = opaque;
+uint64_t tmp;
+
+tmp = mr->ops->old_mmio.read[ctz32(size)](mr->opaque, addr);
+*value |= (tmp & mask) << shift;
+}
+
 static void memory_region_read_accessor(void *opaque,
 hwaddr addr,
 uint64_t *value,
@@ -319,6 +333,20 @@ static void memory_region_read_accessor(void *opaque,
 *value |= (tmp & mask) << shift;
 }
 
+static void memory_region_oldmmio_write_accessor(void *opaque,
+ hwaddr addr,
+ uint64_t *value,
+ unsigned size,
+ unsigned shift,
+ uint64_t mask)
+{
+MemoryRegion *mr = opaque;
+uint64_t tmp;
+
+tmp = (*value >> shift) & mask;
+mr->ops->old_mmio.write[ctz32(size)](mr->opaque, addr, tmp);
+}
+
 static void memory_region_write_accessor(void *opaque,
  hwaddr addr,
  uint64_t *value,
@@ -359,6 +387,8 @@ static void access_with_adjusted_size(hwaddr addr,
 if (!access_size_max) {
 access_size_max = 4;
 }
+
+/* FIXME: support unaligned access? */
 access_size = MAX(MIN(size, access_size_max), access_size_min);
 access_mask = -1ULL >> (64 - access_size * 8);
 for (i = 0; i < size; i += access_size) {
@@ -902,16 +932,16 @@ static uint64_t memory_region_dispatch_read1(MemoryRegion 
*mr,
 return unassigned_mem_read(mr, addr, size);
 }
 
-if (!mr->ops->read) {
-return mr->ops->old_mmio.read[ctz32(size)](mr->opaque, addr);
+if (mr->ops->read) {
+access_with_adjusted_size(addr, &data, size,
+  mr->ops->impl.min_access_size,
+  mr->ops->impl.max_access_size,
+  memory_region_read_accessor, mr);
+} else {
+access_with_adjusted_size(addr, &data, size, 1, 4,
+  memory_region_oldmmio_read_accessor, mr);
 }
 
-/* FIXME: support unaligned access */
-access_with_adjusted_size(addr, &data, size,
-  mr->ops->impl.min_access_size,
-  mr->ops->impl.max_access_size,
-  memory_region_read_accessor, mr);
-
 return data;
 }
 
@@ -956,16 +986,15 @@ static void memory_region_dispatch_write(MemoryRegion *mr,
 
 adjust_endianness(mr, &data, size);
 
-if (!mr->ops->write) {
-mr->ops->old_mmio.write[ctz32(size)](mr->opaque, addr, data);
-return;
+if (mr->ops->write) {
+access_with_adjusted_size(addr, &data, size,
+  mr->ops->impl.min_access_size,
+  mr->ops->impl.max_access_size,
+  memory_region_write_accessor, mr);
+} else {
+access_with_adjusted_size(addr, &data, size, 1, 4,
+  memory_region_oldmmio_write_accessor, mr);
 }
-
-/* FIXME: support unaligned access */
-access_with_adjusted_size(addr, &data, size,
-  mr->ops->impl.min_access_size,
-  mr->ops->impl.max_access_size,
-  memory_region_write_accessor, mr);
 }
 
 void memory_region_init_io(MemoryRegion *mr,
-- 
1.8.1.4

[Qemu-devel] [PATCH 11/22] exec: introduce memory_access_is_direct

[Paolo Bonzini]

After the previous patches, this is a common test for all read/write
functions.

address_space_rw to ROMs is now treated as "unassigned" instead of being
ignored.  This matches what TCG-generated code does.

Signed-off-by: Paolo Bonzini 
---
 exec.c | 39 ++-
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/exec.c b/exec.c
index 411a224..7f6b5dd 100644
--- a/exec.c
+++ b/exec.c
@@ -1853,6 +1853,18 @@ static void invalidate_and_set_dirty(hwaddr addr,
 xen_modified_memory(addr, length);
 }
 
+static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
+{
+if (memory_region_is_ram(mr)) {
+return !(is_write && mr->readonly);
+}
+if (memory_region_is_romd(mr)) {
+return !is_write;
+}
+
+return false;
+}
+
 void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
   int len, bool is_write)
 {
@@ -1867,7 +1879,7 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 section = address_space_translate(as, addr, &addr1, &l, is_write);
 
 if (is_write) {
-if (!memory_region_is_ram(section->mr)) {
+if (!memory_access_is_direct(section->mr, is_write)) {
 /* XXX: could force cpu_single_env to NULL to avoid
potential bugs */
 if (l >= 4 && ((addr1 & 3) == 0)) {
@@ -1886,7 +1898,7 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 io_mem_write(section->mr, addr1, val, 1);
 l = 1;
 }
-} else if (!section->readonly) {
+} else {
 addr1 += memory_region_get_ram_addr(section->mr);
 /* RAM case */
 ptr = qemu_get_ram_ptr(addr1);
@@ -1894,8 +1906,7 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 invalidate_and_set_dirty(addr1, l);
 }
 } else {
-if (!(memory_region_is_ram(section->mr) ||
-  memory_region_is_romd(section->mr))) {
+if (!memory_access_is_direct(section->mr, is_write)) {
 /* I/O case */
 if (l >= 4 && ((addr1 & 3) == 0)) {
 /* 32 bit read access */
@@ -2050,7 +2061,7 @@ void *address_space_map(AddressSpace *as,
 l = len;
 section = address_space_translate(as, addr, &xlat, &l, is_write);
 
-if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
+if (!memory_access_is_direct(section->mr, is_write)) {
 if (todo || bounce.buffer) {
 break;
 }
@@ -2140,9 +2151,7 @@ static inline uint32_t ldl_phys_internal(hwaddr addr,
 
 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
   false);
-if (l < 4 ||
-!(memory_region_is_ram(section->mr) ||
-  memory_region_is_romd(section->mr))) {
+if (l < 4 || !memory_access_is_direct(section->mr, false)) {
 /* I/O case */
 val = io_mem_read(section->mr, addr1, 4);
 #if defined(TARGET_WORDS_BIGENDIAN)
@@ -2201,9 +2210,7 @@ static inline uint64_t ldq_phys_internal(hwaddr addr,
 
 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
   false);
-if (l < 8 ||
-!(memory_region_is_ram(section->mr) ||
-  memory_region_is_romd(section->mr))) {
+if (l < 8 || !memory_access_is_direct(section->mr, false)) {
 /* I/O case */
 
 /* XXX This is broken when device endian != cpu endian.
@@ -2270,9 +2277,7 @@ static inline uint32_t lduw_phys_internal(hwaddr addr,
 
 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
   false);
-if (l < 2 ||
-!(memory_region_is_ram(section->mr) ||
-  memory_region_is_romd(section->mr))) {
+if (l < 2 || !memory_access_is_direct(section->mr, false)) {
 /* I/O case */
 val = io_mem_read(section->mr, addr1, 2);
 #if defined(TARGET_WORDS_BIGENDIAN)
@@ -2331,7 +2336,7 @@ void stl_phys_notdirty(hwaddr addr, uint32_t val)
 
 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
   true);
-if (l < 4 || !memory_region_is_ram(section->mr) || section->readonly) {
+if (l < 4 || !memory_access_is_direct(section->mr, true)) {
 io_mem_write(section->mr, addr1, val, 4);
 } else {
 addr1 += memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK;
@@ -2361,7 +2366,7 @@ static inline void stl_phys_internal(hwaddr addr, 
uint32_t val,
 
 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
   true);
-if (l < 4 || !memory_region_is_ram(section->mr) || section->readonly) {
+if (l < 4 || !memory_access_is_direct(section-

[Qemu-devel] [PATCH 04/22] exec: make io_mem_unassigned private

[Paolo Bonzini]

There is no reason to avoid a recompile before accessing unassigned
memory.  In the end it will be treated as MMIO anyway.

Signed-off-by: Paolo Bonzini 
---
 exec.c  |  4 ++--
 include/exec/cpu-common.h   |  1 -
 include/exec/softmmu_template.h | 10 ++
 3 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/exec.c b/exec.c
index 7728ea3..7e22980 100644
--- a/exec.c
+++ b/exec.c
@@ -66,8 +66,8 @@ AddressSpace address_space_io;
 AddressSpace address_space_memory;
 DMAContext dma_context_memory;
 
-MemoryRegion io_mem_rom, io_mem_unassigned, io_mem_notdirty;
-static MemoryRegion io_mem_subpage_ram;
+MemoryRegion io_mem_rom, io_mem_notdirty;
+static MemoryRegion io_mem_unassigned, io_mem_subpage_ram;
 
 #endif
 
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index 1686b8f..e061e21 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -111,7 +111,6 @@ void cpu_physical_memory_write_rom(hwaddr addr,
const uint8_t *buf, int len);
 
 extern struct MemoryRegion io_mem_rom;
-extern struct MemoryRegion io_mem_unassigned;
 extern struct MemoryRegion io_mem_notdirty;
 
 #endif
diff --git a/include/exec/softmmu_template.h b/include/exec/softmmu_template.h
index 4501dac..ca91fd0 100644
--- a/include/exec/softmmu_template.h
+++ b/include/exec/softmmu_template.h
@@ -68,10 +68,7 @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState 
*env,
 
 physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
 env->mem_io_pc = retaddr;
-if (mr != &io_mem_rom
-&& mr != &io_mem_unassigned
-&& mr != &io_mem_notdirty
-&& !can_do_io(env)) {
+if (mr != &io_mem_rom && mr != &io_mem_notdirty && !can_do_io(env)) {
 cpu_io_recompile(env, retaddr);
 }
 
@@ -218,10 +215,7 @@ static inline void glue(io_write, SUFFIX)(CPUArchState 
*env,
 MemoryRegion *mr = iotlb_to_region(physaddr);
 
 physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
-if (mr != &io_mem_rom
-&& mr != &io_mem_unassigned
-&& mr != &io_mem_notdirty
-&& !can_do_io(env)) {
+if (mr != &io_mem_rom && mr != &io_mem_notdirty && !can_do_io(env)) {
 cpu_io_recompile(env, retaddr);
 }
 
-- 
1.8.1.4

Re: [Qemu-devel] [PATCH 2/4] tcg/aarch64: implement new TCG target for aarch64

[Peter Maydell]

On 24 May 2013 18:02, Richard Henderson  wrote:
> On 05/24/2013 01:53 AM, Claudio Fontana wrote:
>> We use FP to point to the callee_saved registers, and to move to/from them
>> in the tcg_out_store_pair and tcg_out_load_pair functions.
>
> I hadn't noticed you'd hard-coded FP into the load/store_pair functions.
> Let's *really* not do that.  Even if we decide to continue using it, let's
> pass it in explicitly.
>
> But I don't see that you're really gaining anything in the prologue from
> using FP instead of SP.  It seems like a waste of a register to me.

Where's the waste? The procedure calling standard mandates that we
set FP up, so it's not like we can use it as a general purpose
register anywhere. I agree that we shouldn't hardcode tcg_out_store_pair
to use FP as a base, but there's no particular reason not to use
it at this point in the prologue since it happens to be convenient.

thanks
-- PMM

[Qemu-devel] [PATCH 08/22] memory: move unassigned_mem_ops to memory.c

[Paolo Bonzini]

reservation_ops is already doing the same thing.

Signed-off-by: Paolo Bonzini 
---
 exec.c | 12 
 include/exec/memory-internal.h |  2 ++
 memory.c   | 44 ++
 3 files changed, 16 insertions(+), 42 deletions(-)

diff --git a/exec.c b/exec.c
index 5111327..613bbd7 100644
--- a/exec.c
+++ b/exec.c
@@ -1399,17 +1398,6 @@ ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
 return ram_addr;
 }
 
-static bool unassigned_mem_accepts(void *opaque, hwaddr addr,
-   unsigned size, bool is_write)
-{
-return false;
-}
-
-const MemoryRegionOps unassigned_mem_ops = {
-.valid.accepts = unassigned_mem_accepts,
-.endianness = DEVICE_NATIVE_ENDIAN,
-};
-
 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
uint64_t val, unsigned size)
 {
diff --git a/include/exec/memory-internal.h b/include/exec/memory-internal.h
index 8d15f90..c18b36c 100644
--- a/include/exec/memory-internal.h
+++ b/include/exec/memory-internal.h
@@ -43,6 +43,8 @@ struct AddressSpaceDispatch {
 void address_space_init_dispatch(AddressSpace *as);
 void address_space_destroy_dispatch(AddressSpace *as);
 
+extern const MemoryRegionOps unassigned_mem_ops;
+
 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
MemoryRegion *mr);
 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr);
diff --git a/memory.c b/memory.c
index 15da877..2e4f547 100644
--- a/memory.c
+++ b/memory.c
@@ -837,6 +839,17 @@ static void unassigned_mem_write(void *opaque, hwaddr addr,
 #endif
 }
 
+static bool unassigned_mem_accepts(void *opaque, hwaddr addr,
+   unsigned size, bool is_write)
+{
+return false;
+}
+
+const MemoryRegionOps unassigned_mem_ops = {
+.valid.accepts = unassigned_mem_accepts,
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
 static bool memory_region_access_valid(MemoryRegion *mr,
hwaddr addr,
unsigned size,
@@ -1001,40 +1014,11 @@ void memory_region_init_rom_device(MemoryRegion *mr,
 mr->ram_addr = qemu_ram_alloc(size, mr);
 }
 
-static uint64_t invalid_read(void *opaque, hwaddr addr,
- unsigned size)
-{
-MemoryRegion *mr = opaque;
-
-if (!mr->warning_printed) {
-fprintf(stderr, "Invalid read from memory region %s\n", mr->name);
-mr->warning_printed = true;
-}
-return -1U;
-}
-
-static void invalid_write(void *opaque, hwaddr addr, uint64_t data,
-  unsigned size)
-{
-MemoryRegion *mr = opaque;
-
-if (!mr->warning_printed) {
-fprintf(stderr, "Invalid write to memory region %s\n", mr->name);
-mr->warning_printed = true;
-}
-}
-
-static const MemoryRegionOps reservation_ops = {
-.read = invalid_read,
-.write = invalid_write,
-.endianness = DEVICE_NATIVE_ENDIAN,
-};
-
 void memory_region_init_reservation(MemoryRegion *mr,
 const char *name,
 uint64_t size)
 {
-memory_region_init_io(mr, &reservation_ops, mr, name, size);
+memory_region_init_io(mr, &unassigned_mem_ops, mr, name, size);
 }
 
 void memory_region_destroy(MemoryRegion *mr)
-- 
1.8.1.4

[Qemu-devel] [PATCH 09/15] memory: do not duplicate memory_region_destructor_none

[Paolo Bonzini]

Reviewed-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 memory.c | 5 -
 1 file changed, 5 deletions(-)

diff --git a/memory.c b/memory.c
index 013464b..5431463 100644
--- a/memory.c
+++ b/memory.c
@@ -768,10 +768,6 @@ static void 
memory_region_destructor_ram_from_ptr(MemoryRegion *mr)
 qemu_ram_free_from_ptr(mr->ram_addr);
 }
 
-static void memory_region_destructor_iomem(MemoryRegion *mr)
-{
-}
-
 static void memory_region_destructor_rom_device(MemoryRegion *mr)
 {
 qemu_ram_free(mr->ram_addr & TARGET_PAGE_MASK);
@@ -929,7 +925,6 @@ void memory_region_init_io(MemoryRegion *mr,
 mr->ops = ops;
 mr->opaque = opaque;
 mr->terminates = true;
-mr->destructor = memory_region_destructor_iomem;
 mr->ram_addr = ~(ram_addr_t)0;
 }
 
-- 
1.8.1.4

[Qemu-devel] [PATCH 21/22] memory: propagate errors on I/O dispatch

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 exec.c  | 21 -
 include/exec/exec-all.h |  6 +++---
 include/exec/softmmu_template.h |  4 +++-
 memory.c| 35 ++-
 4 files changed, 36 insertions(+), 30 deletions(-)

diff --git a/exec.c b/exec.c
index 3068077..28dcee9 100644
--- a/exec.c
+++ b/exec.c
@@ -1523,6 +1523,8 @@ static uint64_t subpage_read(void *opaque, hwaddr addr,
 {
 subpage_t *mmio = opaque;
 unsigned int idx = SUBPAGE_IDX(addr);
+uint64_t val;
+
 MemoryRegionSection *section;
 #if defined(DEBUG_SUBPAGE)
 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
@@ -1533,7 +1535,8 @@ static uint64_t subpage_read(void *opaque, hwaddr addr,
 addr += mmio->base;
 addr -= section->offset_within_address_space;
 addr += section->offset_within_region;
-return io_mem_read(section->mr, addr, len);
+io_mem_read(section->mr, addr, &val, len);
+return val;
 }
 
 static void subpage_write(void *opaque, hwaddr addr,
@@ -1901,7 +1904,7 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 {
 hwaddr l;
 uint8_t *ptr;
-uint32_t val;
+uint64_t val;
 hwaddr addr1;
 MemoryRegionSection *section;
 
@@ -1940,15 +1943,15 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 l = memory_access_size(l, addr1);
 if (l == 4) {
 /* 32 bit read access */
-val = io_mem_read(section->mr, addr1, 4);
+io_mem_read(section->mr, addr1, &val, 4);
 stl_p(buf, val);
 } else if (l == 2) {
 /* 16 bit read access */
-val = io_mem_read(section->mr, addr1, 2);
+io_mem_read(section->mr, addr1, &val, 2);
 stw_p(buf, val);
 } else {
 /* 8 bit read access */
-val = io_mem_read(section->mr, addr1, 1);
+io_mem_read(section->mr, addr1, &val, 1);
 stb_p(buf, val);
 }
 } else {
@@ -2192,7 +2195,7 @@ static inline uint32_t ldl_phys_internal(hwaddr addr,
  enum device_endian endian)
 {
 uint8_t *ptr;
-uint32_t val;
+uint64_t val;
 MemoryRegionSection *section;
 hwaddr l = 4;
 hwaddr addr1;
@@ -2201,7 +2204,7 @@ static inline uint32_t ldl_phys_internal(hwaddr addr,
   false);
 if (l < 4 || !memory_access_is_direct(section->mr, false)) {
 /* I/O case */
-val = io_mem_read(section->mr, addr1, 4);
+io_mem_read(section->mr, addr1, &val, 4);
 #if defined(TARGET_WORDS_BIGENDIAN)
 if (endian == DEVICE_LITTLE_ENDIAN) {
 val = bswap32(val);
@@ -2260,7 +2263,7 @@ static inline uint64_t ldq_phys_internal(hwaddr addr,
   false);
 if (l < 8 || !memory_access_is_direct(section->mr, false)) {
 /* I/O case */
-val = io_mem_read(section->mr, addr1, 8);
+io_mem_read(section->mr, addr1, &val, 8);
 #if defined(TARGET_WORDS_BIGENDIAN)
 if (endian == DEVICE_LITTLE_ENDIAN) {
 val = bswap64(val);
@@ -2327,7 +2330,7 @@ static inline uint32_t lduw_phys_internal(hwaddr addr,
   false);
 if (l < 2 || !memory_access_is_direct(section->mr, false)) {
 /* I/O case */
-val = io_mem_read(section->mr, addr1, 2);
+io_mem_read(section->mr, addr1, &val, 2);
 #if defined(TARGET_WORDS_BIGENDIAN)
 if (endian == DEVICE_LITTLE_ENDIAN) {
 val = bswap16(val);
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 6362074..17fde25 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -367,9 +367,9 @@ bool is_tcg_gen_code(uintptr_t pc_ptr);
 #if !defined(CONFIG_USER_ONLY)
 
 struct MemoryRegion *iotlb_to_region(hwaddr index);
-uint64_t io_mem_read(struct MemoryRegion *mr, hwaddr addr,
- unsigned size);
-void io_mem_write(struct MemoryRegion *mr, hwaddr addr,
+bool io_mem_read(struct MemoryRegion *mr, hwaddr addr,
+ uint64_t *pvalue, unsigned size);
+bool io_mem_write(struct MemoryRegion *mr, hwaddr addr,
   uint64_t value, unsigned size);
 
 void tlb_fill(CPUArchState *env1, target_ulong addr, int is_write, int mmu_idx,
diff --git a/include/exec/softmmu_template.h b/include/exec/softmmu_template.h
index 292ca02..8584902 100644
--- a/include/exec/softmmu_template.h
+++ b/include/exec/softmmu_template.h
@@ -63,6 +63,7 @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState 
*env,
   target_ulong addr,
   uintptr_t retaddr)
 {
+uint64_t val;
 MemoryRegion *mr = iotlb_to_r

[Qemu-devel] [PATCH 05/22] exec: do not use error_mem_read

[Paolo Bonzini]

We will soon reach this case when doing (unaligned) accesses that
partly span past the end of memory.  We do not want to crash in
that case.

unassigned_mem_ops and rom_mem_ops are now the same.

Signed-off-by: Paolo Bonzini 
---
 exec.c | 16 ++--
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/exec.c b/exec.c
index 7e22980..785eeeb 100644
--- a/exec.c
+++ b/exec.c
@@ -1412,18 +1412,6 @@ static const MemoryRegionOps unassigned_mem_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static uint64_t error_mem_read(void *opaque, hwaddr addr,
-   unsigned size)
-{
-abort();
-}
-
-static const MemoryRegionOps rom_mem_ops = {
-.read = error_mem_read,
-.write = unassigned_mem_write,
-.endianness = DEVICE_NATIVE_ENDIAN,
-};
-
 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
uint64_t val, unsigned size)
 {
@@ -1455,7 +1443,7 @@ static void notdirty_mem_write(void *opaque, hwaddr 
ram_addr,
 }
 
 static const MemoryRegionOps notdirty_mem_ops = {
-.read = error_mem_read,
+.read = unassigned_mem_read,
 .write = notdirty_mem_write,
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
@@ -1676,7 +1664,7 @@ MemoryRegion *iotlb_to_region(hwaddr index)
 
 static void io_mem_init(void)
 {
-memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
+memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", 
UINT64_MAX);
 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
   "unassigned", UINT64_MAX);
 memory_region_init_io(&io_mem_notdirty, ¬dirty_mem_ops, NULL,
-- 
1.8.1.4

[Qemu-devel] [PATCH 10/15] memory: make memory_global_sync_dirty_bitmap take an AddressSpace

[Paolo Bonzini]

Since this is a MemoryListener operation, it only makes sense
on an AddressSpace granularity.

Suggested-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 arch_init.c   | 2 +-
 include/exec/memory.h | 7 +++
 memory.c  | 3 +--
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 49c5dc2..5d32ecf 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -386,7 +386,7 @@ static void migration_bitmap_sync(void)
 }
 
 trace_migration_bitmap_sync_start();
-memory_global_sync_dirty_bitmap(get_system_memory());
+address_space_sync_dirty_bitmap(&address_space_memory);
 
 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
 for (addr = 0; addr < block->length; addr += TARGET_PAGE_SIZE) {
diff --git a/include/exec/memory.h b/include/exec/memory.h
index e1208e4..91be2a3 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -766,13 +766,12 @@ memory_region_section_addr(MemoryRegionSection *section,
 }
 
 /**
- * memory_global_sync_dirty_bitmap: synchronize the dirty log for all memory
+ * address_space_sync_dirty_bitmap: synchronize the dirty log for all memory
  *
  * Synchronizes the dirty page log for an entire address space.
- * @address_space: a top-level (i.e. parentless) region that contains the
- *   memory being synchronized
+ * @as: the address space that contains the memory being synchronized
  */
-void memory_global_sync_dirty_bitmap(MemoryRegion *address_space);
+void address_space_sync_dirty_bitmap(AddressSpace *as);
 
 /**
  * memory_region_transaction_begin: Start a transaction.
diff --git a/memory.c b/memory.c
index 5431463..11bbeb7 100644
--- a/memory.c
+++ b/memory.c
@@ -1485,9 +1485,8 @@ MemoryRegionSection memory_region_find(MemoryRegion *mr,
 return ret;
 }
 
-void memory_global_sync_dirty_bitmap(MemoryRegion *address_space)
+void address_space_sync_dirty_bitmap(AddressSpace *as)
 {
-AddressSpace *as = memory_region_to_address_space(address_space);
 FlatRange *fr;
 
 FOR_EACH_FLAT_RANGE(fr, as->current_map) {
-- 
1.8.1.4

[Qemu-devel] [PATCH 03/22] cputlb: simplify tlb_set_page

[Paolo Bonzini]

The same "if" condition is repeated twice.

Signed-off-by: Paolo Bonzini 
---
 cputlb.c | 13 +
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index aba7e44..b56bc01 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -262,17 +262,14 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
 #endif
 
 address = vaddr;
-if (!(memory_region_is_ram(section->mr) ||
-  memory_region_is_romd(section->mr))) {
-/* IO memory case (romd handled later) */
+if (!memory_region_is_ram(section->mr) && 
!memory_region_is_romd(section->mr)) {
+/* IO memory case */
 address |= TLB_MMIO;
-}
-if (memory_region_is_ram(section->mr) ||
-memory_region_is_romd(section->mr)) {
+addend = 0;
+} else {
+/* TLB_MMIO for rom/romd handled below */
 addend = (uintptr_t)memory_region_get_ram_ptr(section->mr)
 + memory_region_section_addr(section, paddr);
-} else {
-addend = 0;
 }
 
 code_address = address;
-- 
1.8.1.4

[Qemu-devel] [PATCH 13/22] memory: export memory_region_access_valid to exec.c

[Paolo Bonzini]

We'll use it to implement address_space_access_valid.

Signed-off-by: Paolo Bonzini 
---
 include/exec/memory-internal.h | 3 +++
 memory.c   | 8 
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/include/exec/memory-internal.h b/include/exec/memory-internal.h
index c18b36c..799c02a 100644
--- a/include/exec/memory-internal.h
+++ b/include/exec/memory-internal.h
@@ -45,6 +45,9 @@ void address_space_destroy_dispatch(AddressSpace *as);
 
 extern const MemoryRegionOps unassigned_mem_ops;
 
+bool memory_region_access_valid(MemoryRegion *mr, hwaddr addr,
+unsigned size, bool is_write);
+
 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
MemoryRegion *mr);
 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr);
diff --git a/memory.c b/memory.c
index f2135d1..9e1c1a3 100644
--- a/memory.c
+++ b/memory.c
@@ -851,10 +851,10 @@ const MemoryRegionOps unassigned_mem_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static bool memory_region_access_valid(MemoryRegion *mr,
-   hwaddr addr,
-   unsigned size,
-   bool is_write)
+bool memory_region_access_valid(MemoryRegion *mr,
+hwaddr addr,
+unsigned size,
+bool is_write)
 {
 if (mr->ops->valid.accepts
 && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write)) {
-- 
1.8.1.4

[Qemu-devel] [PATCH 00/22] Memory/IOMMU patches, part 2: unassigned access detection

[Paolo Bonzini]

This is part 2 of the memory/IOMMU patches.  These reorganize the
handling of unassigned accesses so that they are propagated as
errors during I/O dispatch.  In the end, a return value is added to
address_space_rw/read/write.  This is particularly useful when an IOMMU
is available, because it lets devices detect faulting accesses.

Compared to v1, there is no special casing of the "unassigned" dummy
section and subpages are handled correctly.  Most of the patches are new.

The updated full series, including the IOMMU and ref/unref patches, is
available at refs/heads/iommu on my github repository.

Paolo

Paolo Bonzini (22):
  exec: eliminate io_mem_ram
  exec: drop useless #if
  cputlb: simplify tlb_set_page
  exec: make io_mem_unassigned private
  exec: do not use error_mem_read
  memory: dispatch unassigned accesses based on .valid.accepts
  memory: add address_space_translate
  memory: move unassigned_mem_ops to memory.c
  memory: assign MemoryRegionOps to all regions
  exec: expect mr->ops to be initialized for ROM
  exec: introduce memory_access_is_direct
  exec: introduce memory_access_size
  memory: export memory_region_access_valid to exec.c
  exec: implement .valid.accepts for subpages
  memory: add address_space_access_valid
  memory: accept mismatching sizes in memory_region_access_valid
  memory: add big endian support to access_with_adjusted_size
  memory: split accesses even when the old MMIO callbacks are used
  memory: correctly handle endian-swapped 64-bit accesses
  exec: just use io_mem_read/io_mem_write for 8-byte I/O accesses
  memory: propagate errors on I/O dispatch
  memory: add return value to address_space_rw/read/write

 cputlb.c|  31 ++-
 dma-helpers.c   |   5 +
 exec.c  | 412 
 include/exec/cpu-common.h   |   2 -
 include/exec/cputlb.h   |  12 +-
 include/exec/exec-all.h |   6 +-
 include/exec/memory-internal.h  |   5 +
 include/exec/memory.h   |  58 --
 include/exec/softmmu_template.h |  36 +---
 include/sysemu/dma.h|   3 +-
 memory.c| 215 +
 translate-all.c |   6 +-
 12 files changed, 419 insertions(+), 372 deletions(-)

-- 
1.8.1.4

[Qemu-devel] [PATCH 14/15] memory: populate FlatView for new address spaces

[Paolo Bonzini]

Even a new address space might have a non-empty FlatView.  In order
to initialize it properly, address_space_init should (a) call
memory_region_transaction_commit after the address space is inserted
into the list; (b) force memory_region_transaction_commit to do something.

This bug was latent so far because all address spaces started empty, including
the PCI address space where the bus master region is initially disabled.
However, the target address space of an IOMMU is usually rooted at
get_system_memory(), which might not be empty at the time the IOMMU is created.

Reviewed-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 memory.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/memory.c b/memory.c
index 9478f98..99f046d 100644
--- a/memory.c
+++ b/memory.c
@@ -1576,8 +1576,9 @@ void address_space_init(AddressSpace *as, MemoryRegion 
*root)
 as->ioeventfds = NULL;
 QTAILQ_INSERT_TAIL(&address_spaces, as, address_spaces_link);
 as->name = NULL;
-memory_region_transaction_commit();
 address_space_init_dispatch(as);
+memory_region_update_pending |= root->enabled;
+memory_region_transaction_commit();
 }
 
 void address_space_destroy(AddressSpace *as)
-- 
1.8.1.4

[Qemu-devel] [PATCH 07/22] memory: add address_space_translate

[Paolo Bonzini]

Using phys_page_find to translate an AddressSpace to a MemoryRegionSection
is unwieldy.  It requires to pass the page index rather than the address,
and later memory_region_section_addr has to be called.  Replace
memory_region_section_addr with a function that does all of it: call
phys_page_find, compute the offset within the region, and check how
big the current mapping is.  This way, a large flat region can be written
with a single lookup rather than a page at a time.

address_space_translate will also provide a single point where IOMMU
forwarding is implemented.

Reviewed-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 cputlb.c  |  20 +++---
 exec.c| 189 +-
 include/exec/cputlb.h |  12 ++--
 include/exec/memory.h |  31 -
 translate-all.c   |   6 +-
 5 files changed, 128 insertions(+), 130 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index b56bc01..8c8 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -248,13 +248,18 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
 target_ulong code_address;
 uintptr_t addend;
 CPUTLBEntry *te;
-hwaddr iotlb;
+hwaddr iotlb, xlat, sz;
 
 assert(size >= TARGET_PAGE_SIZE);
 if (size != TARGET_PAGE_SIZE) {
 tlb_add_large_page(env, vaddr, size);
 }
-section = phys_page_find(address_space_memory.dispatch, paddr >> 
TARGET_PAGE_BITS);
+
+sz = size;
+section = address_space_translate(&address_space_memory, paddr, &xlat, &sz,
+  false);
+assert(sz >= TARGET_PAGE_SIZE);
+
 #if defined(DEBUG_TLB)
 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
" prot=%x idx=%d pd=0x%08lx\n",
@@ -268,13 +273,12 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
 addend = 0;
 } else {
 /* TLB_MMIO for rom/romd handled below */
-addend = (uintptr_t)memory_region_get_ram_ptr(section->mr)
-+ memory_region_section_addr(section, paddr);
+addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat;
 }
 
 code_address = address;
-iotlb = memory_region_section_get_iotlb(env, section, vaddr, paddr, prot,
-&address);
+iotlb = memory_region_section_get_iotlb(env, section, vaddr, paddr, xlat,
+prot, &address);
 
 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
 env->iotlb[mmu_idx][index] = iotlb - vaddr;
@@ -297,9 +301,7 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
 /* Write access calls the I/O callback.  */
 te->addr_write = address | TLB_MMIO;
 } else if (memory_region_is_ram(section->mr)
-   && !cpu_physical_memory_is_dirty(
-   section->mr->ram_addr
-   + memory_region_section_addr(section, paddr))) {
+   && !cpu_physical_memory_is_dirty(section->mr->ram_addr + 
xlat)) {
 te->addr_write = address | TLB_NOTDIRTY;
 } else {
 te->addr_write = address;
diff --git a/exec.c b/exec.c
index c5100d6..5111327 100644
--- a/exec.c
+++ b/exec.c
@@ -182,7 +182,7 @@ static void phys_page_set(AddressSpaceDispatch *d,
 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
 }
 
-MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
+static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr 
index)
 {
 PhysPageEntry lp = d->phys_map;
 PhysPageEntry *p;
@@ -203,6 +203,22 @@ bool memory_region_is_unassigned(MemoryRegion *mr)
 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
 && mr != &io_mem_watch;
 }
+
+MemoryRegionSection *address_space_translate(AddressSpace *as, hwaddr addr,
+ hwaddr *xlat, hwaddr *plen,
+ bool is_write)
+{
+MemoryRegionSection *section;
+
+section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
+/* Compute offset within MemoryRegionSection */
+addr -= section->offset_within_address_space;
+*plen = MIN(section->size - addr, *plen);
+
+/* Compute offset within MemoryRegion */
+*xlat = addr + section->offset_within_region;
+return section;
+}
 #endif
 
 void cpu_exec_init_all(void)
@@ -615,11 +631,11 @@ static int cpu_physical_memory_set_dirty_tracking(int 
enable)
 }
 
 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
-   MemoryRegionSection 
*section,
-   target_ulong vaddr,
-   hwaddr paddr,
-   int prot,
-   target_ulong *address)
+   Me

[Qemu-devel] [PATCH 07/15] memory: Replace open-coded memory_region_is_romd

[Paolo Bonzini]

From: Jan Kiszka 

Improves readability.

Reviewed-by: Peter Maydell 
Signed-off-by: Jan Kiszka 
---
 translate-all.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/translate-all.c b/translate-all.c
index da93608..0d84b0d 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1359,7 +1359,7 @@ void tb_invalidate_phys_addr(hwaddr addr)
 section = phys_page_find(address_space_memory.dispatch,
  addr >> TARGET_PAGE_BITS);
 if (!(memory_region_is_ram(section->mr)
-  || (section->mr->rom_device && section->mr->readable))) {
+  || memory_region_is_romd(section->mr))) {
 return;
 }
 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
-- 
1.8.1.4

[Qemu-devel] [PATCH 02/22] exec: drop useless #if

[Paolo Bonzini]

This code is only compiled for softmmu targets.

Signed-off-by: Paolo Bonzini 
---
 exec.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/exec.c b/exec.c
index b720be5..7728ea3 100644
--- a/exec.c
+++ b/exec.c
@@ -1430,10 +1430,8 @@ static void notdirty_mem_write(void *opaque, hwaddr 
ram_addr,
 int dirty_flags;
 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
-#if !defined(CONFIG_USER_ONLY)
 tb_invalidate_phys_page_fast(ram_addr, size);
 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
-#endif
 }
 switch (size) {
 case 1:
-- 
1.8.1.4

[Qemu-devel] [PATCH 13/15] memory: limit sections in the radix tree to the actual address space size

[Paolo Bonzini]

From: Avi Kivity 

The radix tree is statically sized to fit TARGET_PHYS_ADDR_SPACE_BITS.
If a larger memory region is registered, it will overflow.

Fix by limiting any section in the radix tree to the supported size.

This problem was not observed earlier since artificial regions (containers
and aliases) are eliminated by the memory core, leaving only device regions
which have reasonable sizes.  An IOMMU however cannot be eliminated by the
memory core, and may have an artificial size.

Reviewed-by: Peter Maydell 
Signed-off-by: Avi Kivity 
[ Fail the build if TARGET_PHYS_ADDR_SPACE_BITS is too large - Paolo ]
Signed-off-by: Paolo Bonzini 
---
 exec.c| 13 -
 include/exec/memory.h |  3 +++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/exec.c b/exec.c
index 8562fca..3fdca46 100644
--- a/exec.c
+++ b/exec.c
@@ -775,10 +775,21 @@ static void register_multipage(AddressSpaceDispatch *d, 
MemoryRegionSection *sec
   section_index);
 }
 
+QEMU_BUILD_BUG_ON(TARGET_PHYS_ADDR_SPACE_BITS > MAX_PHYS_ADDR_SPACE_BITS)
+
+static MemoryRegionSection limit(MemoryRegionSection section)
+{
+section.size = MIN(section.offset_within_address_space + section.size,
+   MAX_PHYS_ADDR + 1)
+   - section.offset_within_address_space;
+
+return section;
+}
+
 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
 {
 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, 
listener);
-MemoryRegionSection now = *section, remain = *section;
+MemoryRegionSection now = limit(*section), remain = limit(*section);
 
 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
 || (now.size < TARGET_PAGE_SIZE)) {
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 91be2a3..fdf55fe 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -26,6 +26,9 @@
 #include "exec/ioport.h"
 #include "qemu/int128.h"
 
+#define MAX_PHYS_ADDR_SPACE_BITS 62
+#define MAX_PHYS_ADDR(((hwaddr)1 << MAX_PHYS_ADDR_SPACE_BITS) - 1)
+
 typedef struct MemoryRegionOps MemoryRegionOps;
 typedef struct MemoryRegionPortio MemoryRegionPortio;
 typedef struct MemoryRegionMmio MemoryRegionMmio;
-- 
1.8.1.4

[Qemu-devel] [PATCH 15/15] memory: clean up phys_page_find

[Paolo Bonzini]

Remove the goto.

Reviewed-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 exec.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/exec.c b/exec.c
index 3fdca46..3a9ddcb 100644
--- a/exec.c
+++ b/exec.c
@@ -187,19 +187,15 @@ MemoryRegionSection *phys_page_find(AddressSpaceDispatch 
*d, hwaddr index)
 PhysPageEntry lp = d->phys_map;
 PhysPageEntry *p;
 int i;
-uint16_t s_index = phys_section_unassigned;
 
 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
 if (lp.ptr == PHYS_MAP_NODE_NIL) {
-goto not_found;
+return &phys_sections[phys_section_unassigned];
 }
 p = phys_map_nodes[lp.ptr];
 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
 }
-
-s_index = lp.ptr;
-not_found:
-return &phys_sections[s_index];
+return &phys_sections[lp.ptr];
 }
 
 bool memory_region_is_unassigned(MemoryRegion *mr)
-- 
1.8.1.4

[Qemu-devel] [PATCH 05/15] memory: assert that PhysPageEntry's ptr does not overflow

[Paolo Bonzini]

While sized to 15 bits in PhysPageEntry, the ptr field is ORed into the
iotlb entries together with a page-aligned pointer.  The ptr field must
not overflow into this page-aligned value, assert that it is smaller than
the page size.

Reviewed-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 exec.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/exec.c b/exec.c
index 1355661..8562fca 100644
--- a/exec.c
+++ b/exec.c
@@ -713,6 +713,12 @@ static void destroy_all_mappings(AddressSpaceDispatch *d)
 
 static uint16_t phys_section_add(MemoryRegionSection *section)
 {
+/* The physical section number is ORed with a page-aligned
+ * pointer to produce the iotlb entries.  Thus it should
+ * never overflow into the page-aligned value.
+ */
+assert(phys_sections_nb < TARGET_PAGE_SIZE);
+
 if (phys_sections_nb == phys_sections_nb_alloc) {
 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
 phys_sections = g_renew(MemoryRegionSection, phys_sections,
-- 
1.8.1.4

[Qemu-devel] [PATCH 02/15] exec: eliminate qemu_put_ram_ptr

[Paolo Bonzini]

Reviewed-by: Peter Maydell 
Signed-off-by: Paolo Bonzini 
---
 exec.c| 8 
 hw/pci/pci.c  | 2 --
 hw/scsi/megasas.c | 1 -
 include/exec/cpu-common.h | 1 -
 trace-events  | 3 ---
 5 files changed, 15 deletions(-)

diff --git a/exec.c b/exec.c
index 197625c..fa5f9c3 100644
--- a/exec.c
+++ b/exec.c
@@ -1334,11 +1334,6 @@ static void *qemu_ram_ptr_length(ram_addr_t addr, 
ram_addr_t *size)
 }
 }
 
-void qemu_put_ram_ptr(void *addr)
-{
-trace_qemu_put_ram_ptr(addr);
-}
-
 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
 {
 RAMBlock *block;
@@ -1928,7 +1923,6 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
 ptr = qemu_get_ram_ptr(addr1);
 memcpy(ptr, buf, l);
 invalidate_and_set_dirty(addr1, l);
-qemu_put_ram_ptr(ptr);
 }
 } else {
 if (!(memory_region_is_ram(section->mr) ||
@@ -1958,7 +1952,6 @@ void address_space_rw(AddressSpace *as, hwaddr addr, 
uint8_t *buf,
+ memory_region_section_addr(section,
 addr));
 memcpy(buf, ptr, l);
-qemu_put_ram_ptr(ptr);
 }
 }
 len -= l;
@@ -2020,7 +2013,6 @@ void cpu_physical_memory_write_rom(hwaddr addr,
 ptr = qemu_get_ram_ptr(addr1);
 memcpy(ptr, buf, l);
 invalidate_and_set_dirty(addr1, l);
-qemu_put_ram_ptr(ptr);
 }
 len -= l;
 buf += l;
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index d5257ed..bb3879b 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -1959,8 +1959,6 @@ static int pci_add_option_rom(PCIDevice *pdev, bool 
is_default_rom)
 pci_patch_ids(pdev, ptr, size);
 }
 
-qemu_put_ram_ptr(ptr);
-
 pci_register_bar(pdev, PCI_ROM_SLOT, 0, &pdev->rom);
 
 return 0;
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 4934a81..fe6550c 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -711,7 +711,6 @@ static int megasas_ctrl_get_info(MegasasState *s, 
MegasasCmd *cmd)
 
 ptr = memory_region_get_ram_ptr(&s->dev.rom);
 memcpy(biosver, ptr + 0x41, 31);
-qemu_put_ram_ptr(ptr);
 memcpy(info.image_component[1].name, "BIOS", 4);
 memcpy(info.image_component[1].version, biosver,
strlen((const char *)biosver));
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index 2e5f11f..cafc3c2 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -51,7 +51,6 @@ typedef uint32_t CPUReadMemoryFunc(void *opaque, hwaddr addr);
 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length);
 /* This should only be used for ram local to a device.  */
 void *qemu_get_ram_ptr(ram_addr_t addr);
-void qemu_put_ram_ptr(void *addr);
 /* This should not be used by devices.  */
 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr);
 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr);
diff --git a/trace-events b/trace-events
index 9c73931..b123b0f 100644
--- a/trace-events
+++ b/trace-events
@@ -813,9 +813,6 @@ xen_map_cache_return(void* ptr) "%p"
 xen_map_block(uint64_t phys_addr, uint64_t size) "%#"PRIx64", size %#"PRIx64
 xen_unmap_block(void* addr, unsigned long size) "%p, size %#lx"
 
-# exec.c
-qemu_put_ram_ptr(void* addr) "%p"
-
 # hw/xen_platform.c
 xen_platform_log(char *s) "xen platform: %s"
 
-- 
1.8.1.4