Re: [Qemu-devel] [PULL 0/5] s390x: Fixes and features

[Christian Borntraeger]

Am 07.10.2015 um 22:55 schrieb Peter Maydell:
> On 6 October 2015 at 11:41, Christian Borntraeger
>  wrote:
>> Peter,
>>
>> here are some fixes (and a small feature) for s390x.
>>
>> The following changes since commit b2312c680084ea18cd55fa7093397cad2224ec14:
>>
>>   Merge remote-tracking branch 'remotes/amit-migration/tags/for-juan-201509' 
>> into staging (2015-09-29 12:41:19 +0100)
>>
>> are available in the git repository at:
>>
>>   git://github.com/borntraeger/qemu.git tags/s390x-20151006
>>
>> for you to fetch changes up to d9f090ec7794d433b8f222ae8c8f95601369a4a5:
>>
>>   s390x: rename io_subsystem_reset -> subsystem_reset (2015-10-02 13:31:52 
>> +0200)
>>
>> 
>> s390: fixes
>>
>> Some fixes all over the place:
>> - ccw bios and gcc 5.1 (avoid floating point ops)
>> - properly print vector registers
>> - sclp and sclp-event-facility no longer hang on object_unref(object_new(T))
>> - better name for io_subsystem_reset
>>
>> One feature
>> - the gdb server now exposes several virtualization specific register
>>
>> 
>> Christian Borntraeger (2):
>>   pc-bios/s390-ccw: avoid floating point operations
>>   s390x/info registers: print vector registers properly
>>
>> David Hildenbrand (3):
>>   s390x/gdb: expose virtualization specific registers
>>   s390x: set missing parent for hotplug and quiesce events
>>   s390x: rename io_subsystem_reset -> subsystem_reset
>>
>>  configure  |  2 +-
>>  gdb-xml/s390-virt.xml  | 18 ++
>>  hw/s390x/event-facility.c  | 20 +--
>>  hw/s390x/s390-virtio-ccw.c |  2 +-
>>  pc-bios/s390-ccw/Makefile  |  3 +-
>>  target-s390x/cpu.h |  2 +-
>>  target-s390x/gdbstub.c | 82 
>> ++
>>  target-s390x/misc_helper.c |  4 +--
>>  target-s390x/translate.c   |  2 +-
>>  9 files changed, 118 insertions(+), 17 deletions(-)
>>  create mode 100644 gdb-xml/s390-virt.xml
> 
> Just to check before I apply this -- given the change to
> pc-bios/s390-ccw/Makefile, is there a missing update to the
> compiled s390-ccw.img itself?

No, the current compiled s390-ccw.img is fine. The patch is just to avoid
"miscompiles" with gcc 5.1 which tends to do a lot of spilling/filling into/from
floating point registers.

Christian

Re: [Qemu-devel] [PATCH v3 6/6] tcg/mips: Support r6 SEL{NE, EQ}Z instead of MOVN/MOVZ

[Richard Henderson]

On 10/07/2015 09:34 PM, James Hogan wrote:

  { INDEX_op_brcond_i32, { "rZ", "rZ" } },
+#if !use_mips32r6_instructions
  { INDEX_op_movcond_i32, { "r", "rZ", "rZ", "rZ", "0" } },
+#else
+{ INDEX_op_movcond_i32, { "r", "rZ", "rZ", "rZ", "rZ" } },
+#endif



The only thing I'd change is preferring positive tests to negative ones.  So
swap the order of these lines, and the sense of the #if.


No problem. Shall I do a full resend for that, or can it be fixed up by
whoever applies?


No resend needed.  I'll fix it when applying to my tcg queue.


r~

[Qemu-devel] [PATCH v2 0/5] Connect the SPI devices to ZynqMP

[Alistair Francis]

Connect the SPI devices to Xilinx's ZynqMP.

I also need to make some changes to the actual SPI device to
imporove the fuctionality, but for the time being this works.

V2:
 - Connect the SPI flash in the board code
 - Update git patches to properly indicate rename
 - Add sst25wf080 as a SPI flash


Alistair Francis (5):
  m25p80.c: Add sst25wf080 SPI flash device
  ssi: Move ssi.h into a separate directory
  xilinx_spips: Seperate the state struct into a header
  xlnx-zynqmp: Connect the SPI devices
  xlnx-ep108: Connect the SPI Flash

 hw/arm/pxa2xx.c |  2 +-
 hw/arm/spitz.c  |  2 +-
 hw/arm/stellaris.c  |  2 +-
 hw/arm/strongarm.c  |  2 +-
 hw/arm/tosa.c   |  2 +-
 hw/arm/xilinx_zynq.c|  2 +-
 hw/arm/xlnx-ep108.c | 20 ++
 hw/arm/xlnx-zynqmp.c| 28 ++
 hw/arm/z2.c |  2 +-
 hw/block/m25p80.c   |  3 +-
 hw/display/ads7846.c|  2 +-
 hw/display/ssd0323.c|  2 +-
 hw/microblaze/petalogix_ml605_mmu.c |  2 +-
 hw/misc/max111x.c   |  2 +-
 hw/sd/ssi-sd.c  |  2 +-
 hw/ssi/pl022.c  |  2 +-
 hw/ssi/ssi.c|  2 +-
 hw/ssi/xilinx_spi.c |  2 +-
 hw/ssi/xilinx_spips.c   | 56 
 include/hw/arm/xlnx-zynqmp.h|  4 ++
 include/hw/{ => ssi}/ssi.h  | 10 +++--
 include/hw/ssi/xilinx_spips.h   | 74 +
 22 files changed, 157 insertions(+), 68 deletions(-)
 rename include/hw/{ => ssi}/ssi.h (96%)
 create mode 100644 include/hw/ssi/xilinx_spips.h

-- 
2.1.4

[Qemu-devel] [PATCH v2 5/5] xlnx-ep108: Connect the SPI Flash

[Alistair Francis]

Connect the sst25wf080 SPI flash to the EP108 board.

Signed-off-by: Alistair Francis 
---
V2:
 - Use sst25wf080 instead of m25p80

 hw/arm/xlnx-ep108.c | 20 
 1 file changed, 20 insertions(+)

diff --git a/hw/arm/xlnx-ep108.c b/hw/arm/xlnx-ep108.c
index 2899698..9755c30 100644
--- a/hw/arm/xlnx-ep108.c
+++ b/hw/arm/xlnx-ep108.c
@@ -33,6 +33,7 @@ static struct arm_boot_info xlnx_ep108_binfo;
 static void xlnx_ep108_init(MachineState *machine)
 {
 XlnxEP108 *s = g_new0(XlnxEP108, 1);
+int i, j;
 Error *err = NULL;
 
 object_initialize(>soc, sizeof(s->soc), TYPE_XLNX_ZYNQMP);
@@ -60,6 +61,25 @@ static void xlnx_ep108_init(MachineState *machine)
  machine->ram_size);
 memory_region_add_subregion(get_system_memory(), 0, >ddr_ram);
 
+for (i = 0; i < XLNX_ZYNQMP_NUM_SPIS; i++) {
+SSIBus *spi_bus;
+char bus_name[6];
+
+snprintf(bus_name, 6, "spi%d", i);
+spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(>soc.spi[i]),
+   bus_name);
+
+for (j = 0; j < XLNX_ZYNQMP_NUM_SPI_FLASHES; ++j) {
+DeviceState *flash_dev = ssi_create_slave(spi_bus, "sst25wf080");
+qemu_irq cs_line = qdev_get_gpio_in_named(flash_dev,
+  SSI_GPIO_CS, 0);
+
+sysbus_connect_irq(SYS_BUS_DEVICE(>soc.spi[i]),
+   i * XLNX_ZYNQMP_NUM_SPI_FLASHES + j,
+   cs_line);
+}
+}
+
 xlnx_ep108_binfo.ram_size = machine->ram_size;
 xlnx_ep108_binfo.kernel_filename = machine->kernel_filename;
 xlnx_ep108_binfo.kernel_cmdline = machine->kernel_cmdline;
-- 
2.1.4

Re: [Qemu-devel] [PATCH v3 3/9] target-arm: Add support for S2 page-table protection bits

[Peter Maydell]

On 7 October 2015 at 17:19, Alex Bennée  wrote:
>
> Edgar E. Iglesias  writes:
>
>> From: "Edgar E. Iglesias" 
>>
>> Signed-off-by: Edgar E. Iglesias 
>> ---
>>  target-arm/helper.c | 41 +
>>  1 file changed, 37 insertions(+), 4 deletions(-)
>>
>> diff --git a/target-arm/helper.c b/target-arm/helper.c
>> index 507324f..610f1b5 100644
>> --- a/target-arm/helper.c
>> +++ b/target-arm/helper.c
>> @@ -6015,6 +6015,28 @@ simple_ap_to_rw_prot(CPUARMState *env, ARMMMUIdx 
>> mmu_idx, int ap)
>>  return simple_ap_to_rw_prot_is_user(ap, regime_is_user(env, mmu_idx));
>>  }
>>
>> +/* Translate S2 section/page access permissions to protection flags
>> + *
>> + * @env: CPUARMState
>> + * @s2ap:The 2-bit stage2 access permissions (S2AP)
>> + * @xn:  XN (execute-never) bit
>> + */
>> +static int get_S2prot(CPUARMState *env, int s2ap, int xn)
>> +{
>> +int prot = 0;
>> +
>> +if (s2ap & 1) {
>> +prot |= PAGE_READ;
>> +}
>> +if (s2ap & 2) {
>> +prot |= PAGE_WRITE;
>> +}
>> +if (!xn) {
>> +prot |= PAGE_EXEC;
>> +}
>> +return prot;
>> +}
>> +
>>  /* Translate section/page access permissions to protection flags
>>   *
>>   * @env: CPUARMState
>> @@ -6628,9 +6650,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
>> target_ulong address,
>>   */
>>  page_size = (1ULL << ((granule_sz * (4 - level)) + 3));
>>  descaddr |= (address & (page_size - 1));
>> -/* Extract attributes from the descriptor and merge with table 
>> attrs */
>> +/* Extract attributes from the descriptor */
>>  attrs = extract64(descriptor, 2, 10)
>>  | (extract64(descriptor, 52, 12) << 10);
>> +
>> +if (mmu_idx == ARMMMUIdx_S2NS) {
>> +/* Stage 2 table descriptors do not include any attribute 
>> fields */
>> +break;
>> +}
>> +/* Merge in attributes from table descriptors */
>>  attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
>>  attrs |= extract32(tableattrs, 3, 1) << 5; /* APTable[1] => AP[2] */
>>  /* The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
>> @@ -6652,11 +6680,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
>> target_ulong address,
>>  }
>>
>>  ap = extract32(attrs, 4, 2);
>> -ns = extract32(attrs, 3, 1);
>>  xn = extract32(attrs, 12, 1);
>> -pxn = extract32(attrs, 11, 1);
>
> OK I've gotten lost in the ARM ARM. Is there an architecture defined
> format the final attrs we construct from the page tables is meant to
> conform to? Or is the choice of the final structure arbitrary?

The bit of the ARM ARM you want is D4.3.3 in rev A.g of the v8 ARM ARM,
which describes all the attribute fields in the various descriptors.

At this point 'attrs' is in the format of the attribute bits from
a stage 1 Block/Page descriptor, all shifted down to the bottom of
a word (ie attrs[21:0] is descriptor bits [63:52] + [11:2]). You can
see us shifting [63:52] and [11:2] into place in the line just below
the "Extract attributes from the descriptor" line. tableattrs[4:0] is
bits [63:59] of the stage 1 Table descriptor format.

For stage 2 translations (which is what the code Edgar's adding
is handling) the "stage 2 block and page descriptors" format is
a bit different (mostly it's missing bits that don't have any
meaning for stage 2), and stage 2 table descriptors have no
attribute bits at all.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v8] hw/arm/virt: Add high MMIO PCI region, 512G in size

[Peter Maydell]

On 7 October 2015 at 11:50, Pavel Fedin  wrote:
>  Hello!
>
>> Nudge -- have you reported this as a kernel bug against the
>> PCI generic driver yet?
>
>  Sorry, stopped tracking this topic after option upstreaming. Just
> sent out patches, cc'ed to you.

Yes, just saw those, thanks. (I'm slightly surprised that
for_each_of_pci_range doesn't return OF_BAD_ADDR for
the out-of-range addresses, but I'll let the kernel
folk do the review, since I'm mostly just guessing about
good vs bad kernel code :-))

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2] Remove macros IO_READ_PROTO and IO_WRITE_PROTO

[Peter Maydell]

On 7 October 2015 at 17:32, Nutan Shinde  wrote:
> Signed-off-by: Nutan Shinde 
> ---
>  hw/audio/adlib.c  |  9 ++---
>  hw/audio/es1370.c | 17 ++---
>  hw/audio/gus.c|  9 ++---
>  hw/audio/sb16.c   | 15 +--
>  4 files changed, 15 insertions(+), 35 deletions(-)
>

Thanks! This version looks good to me.

Reviewed-by: Peter Maydell 

Hopefully Gerd will include it via the audio tree.

-- PMM

Re: [Qemu-devel] [PATCH v1 3/3] xlnx-zynqmp: Connect the SPI devices

[Alistair Francis]

On Wed, Sep 30, 2015 at 2:15 PM, Peter Crosthwaite
 wrote:
> On Tue, Sep 29, 2015 at 4:03 PM, Alistair Francis
>  wrote:
>> Connect the Xilinx SPI device to the ZynqMP model.
>>
>> Signed-off-by: Alistair Francis 
>> ---
>>
>>  hw/arm/xlnx-zynqmp.c | 46 
>> +++-
>>  include/hw/arm/xlnx-zynqmp.h |  4 
>>  2 files changed, 49 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
>> index a9097f9..4b8d095 100644
>> --- a/hw/arm/xlnx-zynqmp.c
>> +++ b/hw/arm/xlnx-zynqmp.c
>> @@ -48,6 +48,14 @@ static const int uart_intr[XLNX_ZYNQMP_NUM_UARTS] = {
>>  21, 22,
>>  };
>>
>> +static const uint64_t spi_addr[XLNX_ZYNQMP_NUM_SPIS] = {
>> +0xFF04, 0xFF05,
>> +};
>> +
>> +static const int spi_intr[XLNX_ZYNQMP_NUM_SPIS] = {
>> +19, 20,
>> +};
>> +
>>  typedef struct XlnxZynqMPGICRegion {
>>  int region_index;
>>  uint32_t address;
>> @@ -97,13 +105,19 @@ static void xlnx_zynqmp_init(Object *obj)
>>
>>  object_initialize(>sata, sizeof(s->sata), TYPE_SYSBUS_AHCI);
>>  qdev_set_parent_bus(DEVICE(>sata), sysbus_get_default());
>> +
>> +for (i = 0; i < XLNX_ZYNQMP_NUM_SPIS; i++) {
>> +object_initialize(>spi[i], sizeof(s->spi[i]),
>> +  TYPE_XILINX_SPIPS);
>> +qdev_set_parent_bus(DEVICE(>spi[i]), sysbus_get_default());
>> +}
>>  }
>>
>>  static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
>>  {
>>  XlnxZynqMPState *s = XLNX_ZYNQMP(dev);
>>  MemoryRegion *system_memory = get_system_memory();
>> -uint8_t i;
>> +uint8_t i, j;
>>  const char *boot_cpu = s->boot_cpu ? s->boot_cpu : "apu-cpu[0]";
>>  qemu_irq gic_spi[GIC_NUM_SPI_INTR];
>>  Error *err = NULL;
>> @@ -258,6 +272,36 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
>> **errp)
>>
>>  sysbus_mmio_map(SYS_BUS_DEVICE(>sata), 0, SATA_ADDR);
>>  sysbus_connect_irq(SYS_BUS_DEVICE(>sata), 0, gic_spi[SATA_INTR]);
>> +
>> +for (i = 0; i < XLNX_ZYNQMP_NUM_SPIS; i++) {
>> +SSIBus *spi_bus;
>> +char bus_name[6];
>> +
>> +object_property_set_int(OBJECT(>spi[i]), XLNX_ZYNQMP_NUM_SPIS,
>> +"num-busses", _abort);
>> +object_property_set_bool(OBJECT(>spi[i]), true, "realized", 
>> );
>> +if (err) {
>> +error_propagate(errp, err);
>> +return;
>> +}
>> +
>> +sysbus_mmio_map(SYS_BUS_DEVICE(>spi[i]), 0, spi_addr[i]);
>> +sysbus_connect_irq(SYS_BUS_DEVICE(>spi[i]), 0,
>> +   gic_spi[spi_intr[i]]);
>> +
>> +snprintf(bus_name, 6, "spi%d", i);
>> +spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(>spi[i]), 
>> bus_name);
>> +
>> +for (j = 0; j < XLNX_ZYNQMP_NUM_SPI_FLASHES; ++j) {
>> +DeviceState *flash_dev = ssi_create_slave(spi_bus, "m25p80");
>
> Are they actual m25p80's or are you trying to be generic? "M25P80' is
> overloaded, often used to mean the greater family of SPI flashes while
> also being a specific part. In this usage, it means the specific part.
> M25P80 is a very old part.

Good point, I'll update it with the actual part.

>
> This should however be on the machine level. The bus needs to be
> connected to the SoC object as a child bus, and the board level
> creates the flashes (ep108).

Ok, fixed in v2.

Thanks,

Alistair

>
> Regards,
> Peter
>
>> +qemu_irq cs_line = qdev_get_gpio_in_named(flash_dev,
>> +  SSI_GPIO_CS, 0);
>> +
>> +sysbus_connect_irq(SYS_BUS_DEVICE(>spi[i]),
>> +   i * XLNX_ZYNQMP_NUM_SPI_FLASHES + j,
>> +   cs_line);
>> +}
>> +}
>>  }
>>
>>  static Property xlnx_zynqmp_props[] = {
>> diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
>> index 4005a99..6d1d2a9 100644
>> --- a/include/hw/arm/xlnx-zynqmp.h
>> +++ b/include/hw/arm/xlnx-zynqmp.h
>> @@ -24,6 +24,7 @@
>>  #include "hw/char/cadence_uart.h"
>>  #include "hw/ide/pci.h"
>>  #include "hw/ide/ahci.h"
>> +#include "hw/ssi/xilinx_spips.h"
>>
>>  #define TYPE_XLNX_ZYNQMP "xlnx,zynqmp"
>>  #define XLNX_ZYNQMP(obj) OBJECT_CHECK(XlnxZynqMPState, (obj), \
>> @@ -33,6 +34,8 @@
>>  #define XLNX_ZYNQMP_NUM_RPU_CPUS 2
>>  #define XLNX_ZYNQMP_NUM_GEMS 4
>>  #define XLNX_ZYNQMP_NUM_UARTS 2
>> +#define XLNX_ZYNQMP_NUM_SPIS 2
>> +#define XLNX_ZYNQMP_NUM_SPI_FLASHES 4
>>
>>  #define XLNX_ZYNQMP_NUM_OCM_BANKS 4
>>  #define XLNX_ZYNQMP_OCM_RAM_0_ADDRESS 0xFFFC
>> @@ -63,6 +66,7 @@ typedef struct XlnxZynqMPState {
>>  CadenceGEMState gem[XLNX_ZYNQMP_NUM_GEMS];
>>  CadenceUARTState uart[XLNX_ZYNQMP_NUM_UARTS];
>>  SysbusAHCIState sata;
>> +XilinxSPIPS spi[XLNX_ZYNQMP_NUM_SPIS];
>>
>>  char *boot_cpu;
>>  ARMCPU *boot_cpu_ptr;
>> --
>> 1.9.1
>>
>

Re: [Qemu-devel] [PULL 00/48] ivshmem series

[Peter Maydell]

On 7 October 2015 at 14:05, Andreas Färber  wrote:
> my "make test" patch (which Peter keeps refusing to apply for two
> releases now)

For what it's worth, I am not currently aware of a patch from
you that I am refusing to apply. There's a lot of traffic on
the list, and it's very easy for things to get lost in the flood,
or for me to forget about something we discussed in the past.
If there's something you'd like me to reconsider, please point me
at it. (I do sometimes make bad review decisions, too.)

(This next part is aimed at everybody in this discussion thread;
I'm just putting it here since I happened to be replying to
your email above.)

Due credit for work is an emotive issue, and it can be highly
frustrating when hard work you've put in fails to get through
our sometimes badly dysfunctional review process, or when
you did something you thought was reasonable and somebody
else objected. However could we please try to assume good
faith in this discussion? I don't believe anybody is setting
out to deliberately bully another contributor here, or to
deliberately plagiarise work, or anything like that.
People make mistakes, or forget, or don't know about our
(sometimes unwritten) conventions and process, because we're
all human.

thanks
-- PMM

Re: [Qemu-devel] [PULL 00/48] ivshmem series

[Paolo Bonzini]

On 07/10/2015 14:31, Andreas Färber wrote:
> It is non-technical and called plagiarism.

I don't think the text

   g_strdup_printf("-device ivshmem,shm=%s,size=1M",

(yes, even the final argument differs between your version and
Marc-André) counts as plagiarism.

> The common denominator is that
> every time this happens to me it's *@redhat.com.

Correlation does not imply causation.  There is obvious overlap between
what Red Hat and SuSE care about.  I have forgotten the specific episode
though.  I remember I was CCed on a patch but had not replied to it, or
something like that.

Paolo

Re: [Qemu-devel] [PULL 0/5] s390x: Fixes and features

[Peter Maydell]

On 6 October 2015 at 11:41, Christian Borntraeger
 wrote:
> Peter,
>
> here are some fixes (and a small feature) for s390x.
>
> The following changes since commit b2312c680084ea18cd55fa7093397cad2224ec14:
>
>   Merge remote-tracking branch 'remotes/amit-migration/tags/for-juan-201509' 
> into staging (2015-09-29 12:41:19 +0100)
>
> are available in the git repository at:
>
>   git://github.com/borntraeger/qemu.git tags/s390x-20151006
>
> for you to fetch changes up to d9f090ec7794d433b8f222ae8c8f95601369a4a5:
>
>   s390x: rename io_subsystem_reset -> subsystem_reset (2015-10-02 13:31:52 
> +0200)
>
> 
> s390: fixes
>
> Some fixes all over the place:
> - ccw bios and gcc 5.1 (avoid floating point ops)
> - properly print vector registers
> - sclp and sclp-event-facility no longer hang on object_unref(object_new(T))
> - better name for io_subsystem_reset
>
> One feature
> - the gdb server now exposes several virtualization specific register
>
> 
> Christian Borntraeger (2):
>   pc-bios/s390-ccw: avoid floating point operations
>   s390x/info registers: print vector registers properly
>
> David Hildenbrand (3):
>   s390x/gdb: expose virtualization specific registers
>   s390x: set missing parent for hotplug and quiesce events
>   s390x: rename io_subsystem_reset -> subsystem_reset
>
>  configure  |  2 +-
>  gdb-xml/s390-virt.xml  | 18 ++
>  hw/s390x/event-facility.c  | 20 +--
>  hw/s390x/s390-virtio-ccw.c |  2 +-
>  pc-bios/s390-ccw/Makefile  |  3 +-
>  target-s390x/cpu.h |  2 +-
>  target-s390x/gdbstub.c | 82 
> ++
>  target-s390x/misc_helper.c |  4 +--
>  target-s390x/translate.c   |  2 +-
>  9 files changed, 118 insertions(+), 17 deletions(-)
>  create mode 100644 gdb-xml/s390-virt.xml

Just to check before I apply this -- given the change to
pc-bios/s390-ccw/Makefile, is there a missing update to the
compiled s390-ccw.img itself?

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 3/3] exec.c: Collect AddressSpace related fields into a CPUAddressSpace struct

[Peter Maydell]

On 7 October 2015 at 10:57, Richard Henderson  wrote:
> On 10/02/2015 12:29 AM, Peter Maydell wrote:
>>
>> +cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
>> +cpu->cpu_ases[0].cpu = cpu;
>> +cpu->cpu_ases[0].as = as;
>> +cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
>> +memory_listener_register(>cpu_ases[0].tcg_as_listener, as);
>>   }
>
>
> What's the plan when it's more than one?

We g_realloc() the array to make it larger if the target-specific
code calls us again to add another AS.

> Just thinking about why separate allocation vs embedding an array.  Though
> possibly with the CPUState member being a pointer to an array within the
> TargetCPUClass, or CPUTargetState.  Dunno.

An embedded array runs you into the problem that cpu.h doesn't
have access to a definition of the MemoryListener struct (at
least I think it's that one), so it doesn't know how much space
to allocate in the structure. Plus MemoryListener doesn't
exist in non-softmmu configs, and allowing the CPUState struct
to be different sizes for softmmu vs not doesn't work because
the header can be used from compiled-once-only .c files.
This awkwardness is why we ended up with CPUState having a
pointer to a MemoryListener and thus the loop in tcg_commit
in the first place.

thanks
-- PMM

[Qemu-devel] [PATCH v2 2/5] ssi: Move ssi.h into a separate directory

[Alistair Francis]

Move the ssi.h include file into the ssi directory.

Signed-off-by: Alistair Francis 
---
V2:
 - Change git patch to indicate rename

 hw/arm/pxa2xx.c |  2 +-
 hw/arm/spitz.c  |  2 +-
 hw/arm/stellaris.c  |  2 +-
 hw/arm/strongarm.c  |  2 +-
 hw/arm/tosa.c   |  2 +-
 hw/arm/xilinx_zynq.c|  2 +-
 hw/arm/z2.c |  2 +-
 hw/block/m25p80.c   |  2 +-
 hw/display/ads7846.c|  2 +-
 hw/display/ssd0323.c|  2 +-
 hw/microblaze/petalogix_ml605_mmu.c |  2 +-
 hw/misc/max111x.c   |  2 +-
 hw/sd/ssi-sd.c  |  2 +-
 hw/ssi/pl022.c  |  2 +-
 hw/ssi/ssi.c|  2 +-
 hw/ssi/xilinx_spi.c |  2 +-
 hw/ssi/xilinx_spips.c   |  2 +-
 include/hw/{ => ssi}/ssi.h  | 10 ++
 18 files changed, 23 insertions(+), 21 deletions(-)
 rename include/hw/{ => ssi}/ssi.h (96%)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 164260a..534c06f 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -12,7 +12,7 @@
 #include "sysemu/sysemu.h"
 #include "hw/char/serial.h"
 #include "hw/i2c/i2c.h"
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 #include "sysemu/char.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/blockdev.h"
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
index 2af03be..c9405af 100644
--- a/hw/arm/spitz.c
+++ b/hw/arm/spitz.c
@@ -16,7 +16,7 @@
 #include "sysemu/sysemu.h"
 #include "hw/pcmcia.h"
 #include "hw/i2c/i2c.h"
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 #include "hw/block/flash.h"
 #include "qemu/timer.h"
 #include "hw/devices.h"
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index 3d6486f..c785e90 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -8,7 +8,7 @@
  */
 
 #include "hw/sysbus.h"
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 #include "hw/arm/arm.h"
 #include "hw/devices.h"
 #include "qemu/timer.h"
diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index 9624ecb..4d2ba02 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -34,7 +34,7 @@
 #include "hw/arm/arm.h"
 #include "sysemu/char.h"
 #include "sysemu/sysemu.h"
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 
 //#define DEBUG
 
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
index 51d0b89..6b210a6 100644
--- a/hw/arm/tosa.c
+++ b/hw/arm/tosa.c
@@ -19,7 +19,7 @@
 #include "hw/pcmcia.h"
 #include "hw/boards.h"
 #include "hw/i2c/i2c.h"
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 #include "sysemu/block-backend.h"
 #include "hw/sysbus.h"
 #include "exec/address-spaces.h"
diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index 9f89483..9db9602 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -24,7 +24,7 @@
 #include "hw/block/flash.h"
 #include "sysemu/block-backend.h"
 #include "hw/loader.h"
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 #include "qemu/error-report.h"
 
 #define NUM_SPI_FLASHES 4
diff --git a/hw/arm/z2.c b/hw/arm/z2.c
index b44eb76..c82fe2c 100644
--- a/hw/arm/z2.c
+++ b/hw/arm/z2.c
@@ -16,7 +16,7 @@
 #include "hw/arm/arm.h"
 #include "hw/devices.h"
 #include "hw/i2c/i2c.h"
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 #include "hw/boards.h"
 #include "sysemu/sysemu.h"
 #include "hw/block/flash.h"
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index 7b9f97c..addd907 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -24,7 +24,7 @@
 #include "hw/hw.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/blockdev.h"
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 
 #ifndef M25P80_ERR_DEBUG
 #define M25P80_ERR_DEBUG 0
diff --git a/hw/display/ads7846.c b/hw/display/ads7846.c
index 3f35369..cb82317 100644
--- a/hw/display/ads7846.c
+++ b/hw/display/ads7846.c
@@ -10,7 +10,7 @@
  * GNU GPL, version 2 or (at your option) any later version.
  */
 
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 #include "ui/console.h"
 
 typedef struct {
diff --git a/hw/display/ssd0323.c b/hw/display/ssd0323.c
index 9727007..7545da8 100644
--- a/hw/display/ssd0323.c
+++ b/hw/display/ssd0323.c
@@ -10,7 +10,7 @@
 /* The controller can support a variety of different displays, but we only
implement one.  Most of the commends relating to brightness and geometry
setup are ignored. */
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 #include "ui/console.h"
 
 //#define DEBUG_SSD0323 1
diff --git a/hw/microblaze/petalogix_ml605_mmu.c 
b/hw/microblaze/petalogix_ml605_mmu.c
index 462060f..5366cec 100644
--- a/hw/microblaze/petalogix_ml605_mmu.c
+++ b/hw/microblaze/petalogix_ml605_mmu.c
@@ -35,7 +35,7 @@
 #include "sysemu/block-backend.h"
 #include "hw/char/serial.h"
 #include "exec/address-spaces.h"
-#include "hw/ssi.h"
+#include "hw/ssi/ssi.h"
 
 #include "boot.h"
 
diff --git a/hw/misc/max111x.c b/hw/misc/max111x.c
index bef3651..d619d61 100644
--- a/hw/misc/max111x.c
+++ b/hw/misc/max111x.c

[Qemu-devel] [PATCH v2 1/5] m25p80.c: Add sst25wf080 SPI flash device

[Alistair Francis]

Add the sst25wf080 SPI flash device.

Signed-off-by: Alistair Francis 
---

 hw/block/m25p80.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index efc43dd..7b9f97c 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -163,6 +163,7 @@ static const FlashPartInfo known_devices[] = {
 { INFO("sst25wf010",  0xbf2502,  0,  64 << 10,   2, ER_4K) },
 { INFO("sst25wf020",  0xbf2503,  0,  64 << 10,   4, ER_4K) },
 { INFO("sst25wf040",  0xbf2504,  0,  64 << 10,   8, ER_4K) },
+{ INFO("sst25wf080",  0xbf2505,  0,  64 << 10,  16, ER_4K) },
 
 /* ST Microelectronics -- newer production may have feature updates */
 { INFO("m25p05",  0x202010,  0,  32 << 10,   2, 0) },
-- 
2.1.4

Re: [Qemu-devel] [PATCH v3 1/9] target-arm: Add HPFAR_EL2

[Peter Maydell]

On 7 October 2015 at 12:51, Alex Bennée  wrote:
>
> Edgar E. Iglesias  writes:
>
>> From: "Edgar E. Iglesias" 
>>
>> Signed-off-by: Edgar E. Iglesias 
>> ---
>>  target-arm/cpu.h|  1 +
>>  target-arm/helper.c | 12 
>>  2 files changed, 13 insertions(+)
>>
>> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
>> index cc1578c..895f2c2 100644
>> --- a/target-arm/cpu.h
>> +++ b/target-arm/cpu.h
>> @@ -278,6 +278,7 @@ typedef struct CPUARMState {
>>  };
>>  uint64_t far_el[4];
>>  };
>> +uint64_t hpfar_el2;
>>  union { /* Translation result. */
>>  struct {
>>  uint64_t _unused_par_0;
>> diff --git a/target-arm/helper.c b/target-arm/helper.c
>> index 8367997..5a5e5f0 100644
>> --- a/target-arm/helper.c
>> +++ b/target-arm/helper.c
>> @@ -3223,6 +3223,10 @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
>>  { .name = "CNTHP_CTL_EL2", .state = ARM_CP_STATE_BOTH,
>>.opc0 = 3, .opc1 = 4, .crn = 14, .crm = 2, .opc2 = 1,
>>.access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
>> +{ .name = "HPFAR_EL2", .state = ARM_CP_STATE_BOTH,
>> +  .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 4,
>> +  .access = PL2_RW, .accessfn = access_el3_aa32ns_aa64any,
>> +  .type = ARM_CP_CONST, .resetvalue = 0 },
>
> So what happens if access_el3_aa32ns_aa64any thinks it is OK to access
> the register from EL3 when there is no EL2? What ensures we get RES0?

...the fact we've defined it as an RW CONST register with a resetvalue
of zero? Or am I misunderstanding your question?

thanks
-- PMM

[Qemu-devel] [PATCH v2 3/5] xilinx_spips: Seperate the state struct into a header

[Alistair Francis]

Seperate out the XilinxSPIPS struct into a seperate header
file.

Signed-off-by: Alistair Francis 
---
V2:
 - Only split out required #defines
 - Prefix XLNX_SPIPS_

 hw/ssi/xilinx_spips.c | 54 ---
 include/hw/ssi/xilinx_spips.h | 74 +++
 2 files changed, 81 insertions(+), 47 deletions(-)
 create mode 100644 include/hw/ssi/xilinx_spips.h

diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index e9471ff..1b7b3fb 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -29,6 +29,7 @@
 #include "qemu/fifo8.h"
 #include "hw/ssi/ssi.h"
 #include "qemu/bitops.h"
+#include "hw/ssi/xilinx_spips.h"
 
 #ifndef XILINX_SPIPS_ERR_DEBUG
 #define XILINX_SPIPS_ERR_DEBUG 0
@@ -101,10 +102,6 @@
 #define R_LQSPI_STS (0xA4 / 4)
 #define LQSPI_STS_WR_RECVD  (1 << 1)
 
-#define R_MOD_ID(0xFC / 4)
-
-#define R_MAX (R_MOD_ID+1)
-
 /* size of TXRX FIFOs */
 #define RXFF_A  32
 #define TXFF_A  32
@@ -135,30 +132,6 @@ typedef enum {
 } FlashCMD;
 
 typedef struct {
-SysBusDevice parent_obj;
-
-MemoryRegion iomem;
-MemoryRegion mmlqspi;
-
-qemu_irq irq;
-int irqline;
-
-uint8_t num_cs;
-uint8_t num_busses;
-
-uint8_t snoop_state;
-qemu_irq *cs_lines;
-SSIBus **spi;
-
-Fifo8 rx_fifo;
-Fifo8 tx_fifo;
-
-uint8_t num_txrx_bytes;
-
-uint32_t regs[R_MAX];
-} XilinxSPIPS;
-
-typedef struct {
 XilinxSPIPS parent_obj;
 
 uint8_t lqspi_buf[LQSPI_CACHE_SIZE];
@@ -174,19 +147,6 @@ typedef struct XilinxSPIPSClass {
 uint32_t tx_fifo_size;
 } XilinxSPIPSClass;
 
-#define TYPE_XILINX_SPIPS "xlnx.ps7-spi"
-#define TYPE_XILINX_QSPIPS "xlnx.ps7-qspi"
-
-#define XILINX_SPIPS(obj) \
- OBJECT_CHECK(XilinxSPIPS, (obj), TYPE_XILINX_SPIPS)
-#define XILINX_SPIPS_CLASS(klass) \
- OBJECT_CLASS_CHECK(XilinxSPIPSClass, (klass), TYPE_XILINX_SPIPS)
-#define XILINX_SPIPS_GET_CLASS(obj) \
- OBJECT_GET_CLASS(XilinxSPIPSClass, (obj), TYPE_XILINX_SPIPS)
-
-#define XILINX_QSPIPS(obj) \
- OBJECT_CHECK(XilinxQSPIPS, (obj), TYPE_XILINX_QSPIPS)
-
 static inline int num_effective_busses(XilinxSPIPS *s)
 {
 return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
@@ -257,7 +217,7 @@ static void xilinx_spips_reset(DeviceState *d)
 XilinxSPIPS *s = XILINX_SPIPS(d);
 
 int i;
-for (i = 0; i < R_MAX; i++) {
+for (i = 0; i < XLNX_SPIPS_R_MAX; i++) {
 s->regs[i] = 0;
 }
 
@@ -269,7 +229,7 @@ static void xilinx_spips_reset(DeviceState *d)
 s->regs[R_TX_THRES] = 1;
 s->regs[R_RX_THRES] = 1;
 /* FIXME: move magic number definition somewhere sensible */
-s->regs[R_MOD_ID] = 0x01090106;
+s->regs[XLNX_SPIPS_R_MOD_ID] = 0x01090106;
 s->regs[R_LQSPI_CFG] = R_LQSPI_CFG_RESET;
 s->snoop_state = SNOOP_CHECKING;
 xilinx_spips_update_ixr(s);
@@ -427,7 +387,7 @@ static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
 case R_SLAVE_IDLE_COUNT:
 mask = 0xFF;
 break;
-case R_MOD_ID:
+case XLNX_SPIPS_R_MOD_ID:
 mask = 0x01FF;
 break;
 case R_INTR_EN:
@@ -500,7 +460,7 @@ static void xilinx_spips_write(void *opaque, hwaddr addr,
 break;
 case R_RX_DATA:
 case R_INTR_MASK:
-case R_MOD_ID:
+case XLNX_SPIPS_R_MOD_ID:
 mask = 0;
 break;
 case R_TX_DATA:
@@ -664,7 +624,7 @@ static void xilinx_spips_realize(DeviceState *dev, Error 
**errp)
 }
 
 memory_region_init_io(>iomem, OBJECT(s), xsc->reg_ops, s,
-  "spi", R_MAX*4);
+  "spi", XLNX_SPIPS_R_MAX*4);
 sysbus_init_mmio(sbd, >iomem);
 
 s->irqline = -1;
@@ -708,7 +668,7 @@ static const VMStateDescription vmstate_xilinx_spips = {
 .fields = (VMStateField[]) {
 VMSTATE_FIFO8(tx_fifo, XilinxSPIPS),
 VMSTATE_FIFO8(rx_fifo, XilinxSPIPS),
-VMSTATE_UINT32_ARRAY(regs, XilinxSPIPS, R_MAX),
+VMSTATE_UINT32_ARRAY(regs, XilinxSPIPS, XLNX_SPIPS_R_MAX),
 VMSTATE_UINT8(snoop_state, XilinxSPIPS),
 VMSTATE_END_OF_LIST()
 }
diff --git a/include/hw/ssi/xilinx_spips.h b/include/hw/ssi/xilinx_spips.h
new file mode 100644
index 000..f01d276
--- /dev/null
+++ b/include/hw/ssi/xilinx_spips.h
@@ -0,0 +1,74 @@
+/*
+ * Header file for the Xilinx Zynq SPI controller
+ *
+ * Copyright (C) 2015 Xilinx Inc
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or 

[Qemu-devel] [PATCH 7/8] migration: new migration test mode

[Denis V. Lunev]

From: Igor Redko 

In this patch the ability to start a migration with test-only
capability was added. It allows to gather the guest VM’s memory
usage statistics avoiding time and memory overheads and real
data transmission.  New MIGRATION_STATUS_TEST_COMPLETED was
added to distinguish between test migration and true migration
success states.

Signed-off-by: Igor Redko 
Reviewed-by: Anna Melekhova 
Signed-off-by: Denis V. Lunev 
---
 migration/migration.c | 12 ++--
 qapi-schema.json  |  4 +++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index 3182e15..3470d39 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -790,7 +790,9 @@ void qmp_migrate(const char *uri, bool has_blk, bool blk,
 
 s = migrate_init();
 
-if (strstart(uri, "tcp:", )) {
+if (migrate_is_test()) {
+test_start_migration(s, p, _err);
+} else if (strstart(uri, "tcp:", )) {
 tcp_start_outgoing_migration(s, p, _err);
 #ifdef CONFIG_RDMA
 } else if (strstart(uri, "rdma:", )) {
@@ -1054,8 +1056,14 @@ static void *migration_thread(void *opaque)
 }
 
 if (qemu_file_get_error(s->file)) {
-migrate_set_state(s, MIGRATION_STATUS_ACTIVE,
+/*FIXME replace magic number with smth legit*/
+if (migrate_is_test() && qemu_file_get_error(s->file) == -42) {
+migrate_set_state(s, MIGRATION_STATUS_ACTIVE,
+  MIGRATION_STATUS_TEST_COMPLETED);
+} else {
+migrate_set_state(s, MIGRATION_STATUS_ACTIVE,
   MIGRATION_STATUS_FAILED);
+}
 break;
 }
 
diff --git a/qapi-schema.json b/qapi-schema.json
index 38bf199..e022f9c 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -432,6 +432,8 @@
 #
 # @completed: migration is finished.
 #
+# @test-completed: migration time estimation finished.
+#
 # @failed: some error occurred during migration process.
 #
 # Since: 2.3
@@ -439,7 +441,7 @@
 ##
 { 'enum': 'MigrationStatus',
   'data': [ 'none', 'setup', 'cancelling', 'cancelled',
-'active', 'completed', 'failed' ] }
+'active', 'completed', 'test-completed', 'failed' ] }
 
 ##
 # @MigrationInfo
-- 
2.1.4

[Qemu-devel] [PATCH 8/8] migration: add output of gathered statistics

[Denis V. Lunev]

From: Igor Redko 

In this patch the output of the test results was added.
If the test was successfully completed, it would be displayed
in info migrate.

Signed-off-by: Igor Redko 
Reviewed-by: Anna Melekhova 
Signed-off-by: Denis V. Lunev 
---
 migration/migration.c | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/migration/migration.c b/migration/migration.c
index 3470d39..b1c5162 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -454,6 +454,24 @@ MigrationInfo *qmp_query_migrate(Error **errp)
 
 get_xbzrle_cache_stats(info);
 break;
+case MIGRATION_STATUS_TEST_COMPLETED:
+info->has_status = true;
+
+info->has_ram = true;
+info->ram = g_malloc0(sizeof(*info->ram));
+info->ram->total = ram_bytes_total();
+info->ram->dirty_pages_rate = s->dirty_bytes_rate;
+info->ram->mbps = s->mbps;
+info->ram->dirty_sync_count = s->dirty_sync_count;
+
+if (blk_mig_active()) {
+info->has_disk = true;
+info->disk = g_malloc0(sizeof(*info->disk));
+info->disk->transferred = blk_mig_bytes_transferred();
+info->disk->remaining = blk_mig_bytes_remaining();
+info->disk->total = blk_mig_bytes_total();
+}
+break;
 case MIGRATION_STATUS_COMPLETED:
 get_xbzrle_cache_stats(info);
 
-- 
2.1.4

Re: [Qemu-devel] How to build the latest Qemu on Mac OS X 10.11 (El Capitan ) ?

[Peter Maydell]

On 7 October 2015 at 05:23, Aaron Elkins  wrote:
> Hi all,
>
> I am currently working on Mac OS X 10.11 (El Capitan), and
> I want to know if I can build Qemu on it? and how?

Haven't tested 10.11, but it should work (10.10 definitely
does). Check the 'how to build' documentation:
http://qemu.weilnetz.de/qemu-doc.html#Mac-OS-X

thanks
-- PMM

Re: [Qemu-devel] [PATCH 4/4] events doubts

[Pavel Dovgaluk]

> From: Paolo Bonzini [mailto:paolo.bonz...@gmail.com] On Behalf Of Paolo 
> Bonzini
> 
> It is not clear what separates REPLAY_ASYNC_EVENT_BH from other async
> events.  It seems to be an ordering issue, but then why do input events
> not have to be looked up in the queue?  It would be much simpler if they
> are all handled the same way.

There are two kinds of events:
- read from the log and injected immediately (user input, network input)
- read from the log and wait for corresponding event in the queue (BH)

We cannot inject BH event immediately because we do not have any information
about callback and to preserve consistency - BH cannot be processed before
it is scheduled by qemu core.

Pavel Dovgalyuk

> ---
>  replay/replay-events.c | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/replay/replay-events.c b/replay/replay-events.c
> index 402f644..d6c61f6 100644
> --- a/replay/replay-events.c
> +++ b/replay/replay-events.c
> @@ -203,13 +203,15 @@ static Event *replay_read_event(int checkpoint)
>  return NULL;
>  }
> 
> -/* Events that has not to be in the queue */
> +/* Read event-specific data */
>  switch (read_event_kind) {
>  case REPLAY_ASYNC_EVENT_BH:
>  if (read_id == -1) {
>  read_id = replay_get_qword();
>  }
>  break;
> +
> +/* Events that do not have to be in the queue - ### WHY? */
>  case REPLAY_ASYNC_EVENT_INPUT:
>  event = g_malloc0(sizeof(Event));
>  event->event_kind = read_event_kind;
> @@ -220,6 +222,7 @@ static Event *replay_read_event(int checkpoint)
>  event->event_kind = read_event_kind;
>  event->opaque = 0;
>  return event;
> +
>  default:
>  error_report("Unknown ID %d of replay event", read_event_kind);
>  exit(1);
> @@ -239,8 +242,6 @@ static Event *replay_read_event(int checkpoint)
>  return NULL;
>  }
> 
> -/* Read event-specific data */
> -
>  return event;
>  }
> 
> --
> 2.5.0

Re: [Qemu-devel] [PATCH v2] Remove macros IO_READ_PROTO and IO_WRITE_PROTO

[Stefan Hajnoczi]

On Tue, Oct 6, 2015 at 6:42 PM, Nutan Shinde  wrote:
> Signed-off-by: Nutan Shinde 
> ---
>  hw/audio/adlib.c  | 28 +++
>  hw/audio/es1370.c | 60 +-
>  hw/audio/gus.c| 26 +++---
>  hw/audio/sb16.c   | 66 
> +++
>  4 files changed, 90 insertions(+), 90 deletions(-)

This patch appears to contain only formatting changes.  From
http://qemu-project.org/Contribute/SubmitAPatch:

"Don't include irrelevant changes. In particular, don't include
formatting, coding style or whitespace changes to bits of code that
would otherwise not be touched by the patch. (It's OK to fix coding
style issues in the immediate area (few lines) of the lines you're
changing.) If you think a section of code really does need a reindent
or other large-scale style fix, submit this as a separate patch which
makes no semantic changes; don't put it in the same patch as your bug
fix."

Patches that update coding style (e.g. whitespace) are usually not
desirable because it introduces churn.  For example, backporting
important fixes becomes harder because the code has changed.

Updating coding style on lines touched in a normal patch is good.
Updating entire files just to update coding style is usually not done
in QEMU.

Stefan

Re: [Qemu-devel] [PATCH] watchdog: add support to emulate winbond w83627thf

[Paolo Bonzini]

On 07/10/2015 10:49, Daniel Fahlgren wrote:
> Hi,
> 
> On Mon, 2015-09-14 at 22:07 +0200, Daniel Fahlgren wrote:
>> This patch adds support to emulate the watchdog functionality on the
>> Winbond w83627thf chip. The other features of the chip are not emulated.
>> It has been tested with Ubuntu 6.06, 14.04 and 15.04 as guests using the
>> w83627hf_wdt module.
> 
> Ping, who should I poke about this? The maintainers file does not
> mention the watchdog system.

Hi,

sorry for missing this patch.

I have a couple of questions.  First, where can I find a spec for this
chip in order to review the code, and what are the other features?
Second, what are the advantages over the existing watchdog devices?

Paolo

>> Signed-off-by: Daniel Fahlgren 
>> ---
>>  default-configs/i386-softmmu.mak   |   1 +
>>  default-configs/x86_64-softmmu.mak |   1 +
>>  hw/watchdog/Makefile.objs  |   1 +
>>  hw/watchdog/wdt_w83627thf.c| 255 
>> +
>>  4 files changed, 258 insertions(+)
>>  create mode 100644 hw/watchdog/wdt_w83627thf.c
>>
>> diff --git a/default-configs/i386-softmmu.mak 
>> b/default-configs/i386-softmmu.mak
>> index 9393cf0..30abc6f 100644
>> --- a/default-configs/i386-softmmu.mak
>> +++ b/default-configs/i386-softmmu.mak
>> @@ -35,6 +35,7 @@ CONFIG_MC146818RTC=y
>>  CONFIG_PAM=y
>>  CONFIG_PCI_PIIX=y
>>  CONFIG_WDT_IB700=y
>> +CONFIG_WDT_W83627THF=y
>>  CONFIG_XEN_I386=$(CONFIG_XEN)
>>  CONFIG_ISA_DEBUG=y
>>  CONFIG_ISA_TESTDEV=y
>> diff --git a/default-configs/x86_64-softmmu.mak 
>> b/default-configs/x86_64-softmmu.mak
>> index 28e2099..906d14b 100644
>> --- a/default-configs/x86_64-softmmu.mak
>> +++ b/default-configs/x86_64-softmmu.mak
>> @@ -35,6 +35,7 @@ CONFIG_MC146818RTC=y
>>  CONFIG_PAM=y
>>  CONFIG_PCI_PIIX=y
>>  CONFIG_WDT_IB700=y
>> +CONFIG_WDT_W83627THF=y
>>  CONFIG_XEN_I386=$(CONFIG_XEN)
>>  CONFIG_ISA_DEBUG=y
>>  CONFIG_ISA_TESTDEV=y
>> diff --git a/hw/watchdog/Makefile.objs b/hw/watchdog/Makefile.objs
>> index 72e3ffd..e021b24 100644
>> --- a/hw/watchdog/Makefile.objs
>> +++ b/hw/watchdog/Makefile.objs
>> @@ -2,3 +2,4 @@ common-obj-y += watchdog.o
>>  common-obj-$(CONFIG_WDT_IB6300ESB) += wdt_i6300esb.o
>>  common-obj-$(CONFIG_WDT_IB700) += wdt_ib700.o
>>  common-obj-$(CONFIG_WDT_DIAG288) += wdt_diag288.o
>> +common-obj-$(CONFIG_WDT_W83627THF) += wdt_w83627thf.o
>> diff --git a/hw/watchdog/wdt_w83627thf.c b/hw/watchdog/wdt_w83627thf.c
>> new file mode 100644
>> index 000..143bb8f
>> --- /dev/null
>> +++ b/hw/watchdog/wdt_w83627thf.c
>> @@ -0,0 +1,255 @@
>> +/*
>> + * Virtual hardware watchdog.
>> + *
>> + * This program is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU General Public License
>> + * as published by the Free Software Foundation; either version 2
>> + * of the License, or (at your option) any later version.
>> + *
>> + * This program is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> + * GNU General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU General Public License
>> + * along with this program; if not, see .
>> + *
>> + * By Daniel Fahlgren (dan...@fahlgren.se)
>> + */
>> +
>> +#include 
>> +
>> +#include "qemu-common.h"
>> +#include "qemu/timer.h"
>> +#include "sysemu/watchdog.h"
>> +#include "hw/isa/isa.h"
>> +
>> +/* #define W83627THF_DEBUG 1 */
>> +
>> +#ifdef W83627THF_DEBUG
>> +#define w83627thf_debug(fs, ...) \
>> +fprintf(stderr, "w83627thf: %s: "fs, __func__, ##__VA_ARGS__)
>> +#else
>> +#define w83627thf_debug(fs, ...)
>> +#endif
>> +
>> +#define WATCHDOG_W83627THF_DEVICE(obj) \
>> +OBJECT_CHECK(W83627THFState, (obj), "w83627thf")
>> +
>> +#define CHIP_VERSION   0x82
>> +
>> +#define CHIP_VERSION_REGISTER  0x20
>> +#define PLED_MODE_REGISTER 0xF5
>> +#define TIMEOUT_REGISTER   0xF6
>> +#define TIMER_REGISTER 0xF7
>> +
>> +#define PLED_MINUTE_MODE   0x08
>> +
>> +#define WDT_W83627THF_EFER 0x2E
>> +#define WDT_W83627THF_EFDR 0x2F
>> +
>> +enum {
>> +normal_mode = 0,
>> +extended_mode1 = 1,
>> +extended_mode2 = 2
>> +};
>> +
>> +/* Device state. */
>> +typedef struct W83627THFState {
>> +ISADevice parent_obj;
>> +
>> +QEMUTimer *timer;
>> +
>> +PortioList port_list;
>> +
>> +uint8_t running_mode;
>> +
>> +uint8_t selected_register;
>> +
>> +uint8_t pled_mode_register;
>> +uint8_t timeout_register;
>> +uint8_t timer_register;
>> +
>> +} W83627THFState;
>> +
>> +static WatchdogTimerModel model = {
>> +.wdt_name = "w83627thf",
>> +.wdt_description = "Winbond w83627thf",
>> +};
>> +
>> +static const VMStateDescription vmstate_w83627thf = {
>> +.name = "vmstate_w83627thf",
>> +.version_id = 0,
>> +.minimum_version_id = 0,
>> +.fields = 

Re: [Qemu-devel] [PATCH v5 1/1] block/gluster: add support for multiple gluster backup volfile servers

[Peter Krempa]

On Mon, Sep 28, 2015 at 18:06:12 +0530, Prasanna Kumar Kalever wrote:
> This patch adds a way to specify multiple volfile servers to the gluster
> block backend of QEMU with tcp|rdma transport types and their port numbers.
> 
> Problem:
> 
> Currenly VM Image on gluster volume is specified like this:
> 
> file=gluster[+tcp]://server1[:port]/testvol/a.img
> 
> Assuming we have have three servers in trustred pool with replica 3 volume
> in action and unfortunately server1 (mentioned in the command above) went down
> for some reason, since the volume is replica 3 we now have other 2 servers
> active from which we can boot the VM.
> 
> But currently there is no mechanism to pass the other 2 gluster server
> addresses to qemu.
> 
> Solution:
> 
> New way of specifying VM Image on gluster volume with volfile servers:
> (We still support old syntax to maintain backward compatibility)
> 
> Basic command line syntax looks like:
> 
> Pattern I:
>  -drive driver=gluster,
> volname=testvol,image-path=/path/a.raw,
> volfile-servers.0.server=1.2.3.4,

I still think 'volfile-servers' should be just 'server'. I don't
understand why it needs to contain anything else. See below for
suggestions ...

>[volfile-servers.0.port=24007,]
>[volfile-servers.0.transport=tcp,]
> volfile-servers.1.server=5.6.7.8,
>[volfile-servers.1.port=24008,]
>[volfile-servers.1.transport=rdma,] ...
> 
> Pattern II:
>  'json:{"driver":"qcow2","file":{"driver":"gluster",
>"volname":"testvol","image-path":"/path/a.qcow2",
>"volfile-servers":[{tuple0},{tuple1}, ...{tupleN}]}}'
> 
>driver   => 'gluster' (protocol name)
>volname  => name of gluster volume where our VM image resides
>image-path   => is the absolute path of image in gluster volume
> 
>   {tuple}   => {"server":"1.2.3.4"[,"port":"24007","transport":"tcp"]}
> 
>server   => server address (hostname/ipv4/ipv6 addresses)
>port => port number on which glusterd is listening. (default 24007)
>tranport => transport type used to connect to gluster management 
> daemon,
> it can be tcp|rdma (default 'tcp')
> 
> Examples:
> 1.
>  -drive driver=qcow2,file.driver=gluster,
> file.volname=testvol,file.image-path=/path/a.qcow2,
> file.volfile-servers.0.server=1.2.3.4,
> file.volfile-servers.0.port=24007,
> file.volfile-servers.0.transport=tcp,
> file.volfile-servers.1.server=5.6.7.8,
> file.volfile-servers.1.port=24008,
> file.volfile-servers.1.transport=rdma
> 2.
>  'json:{"driver":"qcow2","file":{"driver":"gluster","volname":"testvol",
>  "image-path":"/path/a.qcow2","volfile-servers":
>  [{"server":"1.2.3.4","port":"24007","transport":"tcp"},
>   {"server":"4.5.6.7","port":"24008","transport":"rdma"}] } }'

  -drive driver=qcow2,file.driver=gluster,
 file.volume=testvol,
 file.path=/path/a.qcow2,
 file.server.0.host=1.2.3.4,
 file.server.0.port=24007,
 file.server.0.transport=tcp,
 file.server.1.host=5.6.7.8,
 file.server.1.port=24008,
 file.server.1.transport=rdma

I'm suggesting the above naming scheme.
So:
'path' instead of 'image-path'
'volume' instead of 'volname'
'server' instead of 'volfile-servers'
'host' instead of 'server'

 2.
  'json:{"driver":"qcow2","file":{"driver":"gluster","volume":"testvol",
  "path":"/path/a.qcow2","server":
  [{"host":"1.2.3.4","port":"24007","transport":"tcp"},
   {"host":"4.5.6.7","port":"24008","transport":"rdma"}] } }'

> 
> This patch gives a mechanism to provide all the server addresses which are in
> replica set, so in case server1 is down VM can still boot from any of the
> active servers.
> 
> This is equivalent to the volfile-servers option supported by
> mount.glusterfs (FUSE way of mounting gluster volume)

I don't think qemu needs to follow mount.glusterfs in naming.

> 
> This patch depends on a recent fix in libgfapi raised as part of this work:
> http://review.gluster.org/#/c/12114/
> 
> Credits: Sincere thanks to Kevin Wolf  and
> "Deepak C Shetty"  for inputs and all their support
> 
> Signed-off-by: Prasanna Kumar Kalever 
> ---

[snip]

> diff --git a/block/gluster.c b/block/gluster.c
> index 1eb3a8c..63c3dcb 100644
> --- a/block/gluster.c
> +++ b/block/gluster.c
> @@ -11,6 +11,15 @@
>  #include "block/block_int.h"
>  #include "qemu/uri.h"
>  
> +#define GLUSTER_OPT_FILENAME  "filename"
> +#define GLUSTER_OPT_VOLNAME   "volname"
> +#define GLUSTER_OPT_IMAGE_PATH"image-path"
> +#define GLUSTER_OPT_SERVER"server"
> +#define GLUSTER_OPT_PORT  "port"
> +#define GLUSTER_OPT_TRANSPORT "transport"
> +#define GLUSTER_OPT_READ_PATTERN  "volfile-servers."
> +
> +
>  typedef struct GlusterAIOCB {
>  int64_t size;
>  int ret;
> @@ -43,6 +52,60 @@ 

Re: [Qemu-devel] [PATCH 1/5] ide/atapi: make PIO read requests async

[Kevin Wolf]

Am 06.10.2015 um 17:54 hat John Snow geschrieben:
> 
> 
> On 10/06/2015 04:57 AM, Kevin Wolf wrote:
> > Am 05.10.2015 um 23:15 hat John Snow geschrieben:
> >>
> >>
> >> On 09/21/2015 08:25 AM, Peter Lieven wrote:
> >>> PIO read requests on the ATAPI interface used to be sync blk requests.
> >>> This has to siginificant drawbacks. First the main loop hangs util an
> >>> I/O request is completed and secondly if the I/O request does not
> >>> complete (e.g. due to an unresponsive storage) Qemu hangs completely.
> >>>
> >>> Signed-off-by: Peter Lieven 
> >>> ---
> >>>  hw/ide/atapi.c | 69 
> >>> --
> >>>  1 file changed, 43 insertions(+), 26 deletions(-)
> >>>
> >>> diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
> >>> index 747f466..9257e1c 100644
> >>> --- a/hw/ide/atapi.c
> >>> +++ b/hw/ide/atapi.c
> >>> @@ -105,31 +105,51 @@ static void cd_data_to_raw(uint8_t *buf, int lba)
> >>>  memset(buf, 0, 288);
> >>>  }
> >>>  
> >>> -static int cd_read_sector(IDEState *s, int lba, uint8_t *buf, int 
> >>> sector_size)
> >>> +static void cd_read_sector_cb(void *opaque, int ret)
> >>>  {
> >>> -int ret;
> >>> +IDEState *s = opaque;
> >>>  
> >>> -switch(sector_size) {
> >>> -case 2048:
> >>> -block_acct_start(blk_get_stats(s->blk), >acct,
> >>> - 4 * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
> >>> -ret = blk_read(s->blk, (int64_t)lba << 2, buf, 4);
> >>> -block_acct_done(blk_get_stats(s->blk), >acct);
> >>> -break;
> >>> -case 2352:
> >>> -block_acct_start(blk_get_stats(s->blk), >acct,
> >>> - 4 * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
> >>> -ret = blk_read(s->blk, (int64_t)lba << 2, buf + 16, 4);
> >>> -block_acct_done(blk_get_stats(s->blk), >acct);
> >>> -if (ret < 0)
> >>> -return ret;
> >>> -cd_data_to_raw(buf, lba);
> >>> -break;
> >>> -default:
> >>> -ret = -EIO;
> >>> -break;
> >>> +block_acct_done(blk_get_stats(s->blk), >acct);
> >>> +
> >>> +if (ret < 0) {
> >>> +ide_atapi_io_error(s, ret);
> >>> +return;
> >>> +}
> >>> +
> >>> +if (s->cd_sector_size == 2352) {
> >>> +cd_data_to_raw(s->io_buffer, s->lba);
> >>>  }
> >>> -return ret;
> >>> +
> >>> +s->lba++;
> >>> +s->io_buffer_index = 0;
> >>> +s->status &= ~BUSY_STAT;
> >>> +
> >>> +ide_atapi_cmd_reply_end(s);
> >>> +}
> >>> +
> >>> +static int cd_read_sector(IDEState *s, int lba, void *buf, int 
> >>> sector_size)
> >>> +{
> >>> +if (sector_size != 2048 && sector_size != 2352) {
> >>> +return -EINVAL;
> >>> +}
> >>> +
> >>> +s->iov.iov_base = buf;
> >>> +if (sector_size == 2352) {
> >>> +buf += 4;
> >>> +}
> > 
> > This doesn't look quite right, buf is never read after this.
> > 
> > Also, why +=4 when it was originally buf + 16?
> > 
> >>> +
> >>> +s->iov.iov_len = 4 * BDRV_SECTOR_SIZE;
> >>> +qemu_iovec_init_external(>qiov, >iov, 1);
> >>> +
> >>> +if (blk_aio_readv(s->blk, (int64_t)lba << 2, >qiov, 4,
> >>> +  cd_read_sector_cb, s) == NULL) {
> >>> +return -EIO;
> >>> +}
> >>> +
> >>> +block_acct_start(blk_get_stats(s->blk), >acct,
> >>> + 4 * BDRV_SECTOR_SIZE, BLOCK_ACCT_READ);
> >>> +s->status |= BUSY_STAT;
> >>> +return 0;
> >>>  }
> >>>  
> >>
> >> We discussed this off-list a bit, but for upstream synchronization:
> >>
> >> Unfortunately, I believe making cd_read_sector here non-blocking makes
> >> ide_atapi_cmd_reply_end non-blocking, and as a result makes calls to
> >> s->end_transfer_func() nonblocking, which functions like ide_data_readw
> >> are not prepared to cope with.
> > 
> > I don't think that's a problem as long as BSY is set while the
> > asynchronous command is running and DRQ is cleared. The latter will
> > protect ide_data_readw(). ide_sector_read() does essentially the same
> > thing.
> > 
> > Or maybe I'm just missing what you're trying to say.
> > 
> 
> It will be correct from a code standpoint, but I don't think the guest
> *expects* DRQ to become re-set before byte_count_limit is exhausted.

Oh, I misunderstood what you're after. Yes, I think you're right. The
guest most probably uses string I/O instructions like 'rep insw' in
order to transfer the whole block, i.e. it doesn't even check the status
register in between and will simply transfer invalid data (zeros) while
DRQ isn't set.

> In the synchronous version of the code, DRQ flickers while we rebuffer
> s->io_buffer, but since it's synchronous, the guest *never sees this*.

Thanks, that the current code would be wrong if it weren't synchronous
is the part I missed.

> The guest does not necessarily have any reason or motivation to check if
> DRQ is still set after 2048 bytes -- is that recommended in the spec?
> 
> ("Warning! The drive may decide to rebuffer 

Re: [Qemu-devel] PING: [RFC PATCH 0/4] GICv3 live migration support

[Christoffer Dall]

On Wed, Oct 07, 2015 at 09:02:47AM +0100, Peter Maydell wrote:
> On 7 October 2015 at 08:57, Pavel Fedin  wrote:
> >  Knock-knock!
> >
> >  PM: I remember we had a talk that we should settle down on migration data 
> > format. Isn't it right
> > time?
> 
> I think Christoffer has a patchset which specifies the
> userspace API for KVM for this, which is probably the
> right place to start. Christoffer, did you manage to send
> that out yet?
> 
Very soon now.

-Christoffer

Re: [Qemu-devel] [PATCH 2/3] virtio-9p: add unrealize handler

[Aneesh Kumar K.V]

Stefan Hajnoczi  writes:

> On Mon, Oct 05, 2015 at 11:07:23AM +0200, Greg Kurz wrote:
>> If the user tries to hot unplug a virtio-9p device, it seems to succeed but
>> in fact:
>> - virtio-9p coroutines thread pool and async queue are leaked
>> - QEMU crashes in virtio_vmstate_change() if the user tries to live migrate
>> 
>> This patch brings hot unplug support to virtio-9p-device. It fixes both
>> above issues.
>> 
>> Signed-off-by: Greg Kurz 
>> ---
>>  hw/9pfs/virtio-9p-device.c |   12 
>>  1 file changed, 12 insertions(+)
>
> What happens to in-flight I/O requests?  We cannot assume that the guest
> driver quiesces the device.

We enable migration blocker when we have an active mount. So if we get
here, that should indicate no active 9p mounts.

-aneesh

[Qemu-devel] [PATCH 4/8] migration: add function for reseting migration bitmap

[Denis V. Lunev]

From: Igor Redko 

Adds function ram_migration_bitmap_reset(), which resets
migration_bitmap and sends a number of dirtied bytes since the
last call.

During estimation of dirty bytes rate and migration downtime
we must avoid any copying and transferring data, but we also need
to get the number of dirtied bytes and pass it to an estimator.
And even more importantly - we MUST NOT stop the virtual machine
during test. So we only do “begin”, “pending” and “iterate” stages
of migration.

>if ((pending_size && pending_size >= max_size)
> || (migrate_is_test())) {
>qemu_savevm_state_iterate(s->file);
>} else {

If we didn't explicitly check the migration for being testing one,
 we would have to make expression
"(pending_size && pending_size >= max_size)" always evaluate as true
during test. For example we could set max_downtime to 0, so that
max_size would be 0. But the check for pending_size remains.
This check was added with commit
https://github.com/qemu/qemu/commit/b22ff1fbed9d7f1f677804cbaa9ee03ca17d0013
If we removed this check, migration might hang at “iterate” stage
in ram_find_and_save_block() (that happens under rare circumstances)
If we left this check as is, VM would stop during test (that would happen
also under rare condition: no pages have been dirtied during test).

Signed-off-by: Igor Redko 
Reviewed-by: Anna Melekhova 
Signed-off-by: Denis V. Lunev 
---
 migration/migration.c |  3 ++-
 migration/ram.c   | 26 +-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index e0cad54..d6cb3e2 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1043,7 +1043,8 @@ static void *migration_thread(void *opaque)
 if (!qemu_file_rate_limit(s->file)) {
 pending_size = qemu_savevm_state_pending(s->file, max_size);
 trace_migrate_pending(pending_size, max_size);
-if (pending_size && pending_size >= max_size) {
+if ((pending_size && pending_size >= max_size)
+|| (migrate_is_test())) {
 qemu_savevm_state_iterate(s->file);
 } else {
 trace_migration_thread_low_pending(pending_size);
diff --git a/migration/ram.c b/migration/ram.c
index 2d1d0b9..fbf0b7a 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -1120,6 +1120,25 @@ static void ram_migration_cancel(void *opaque)
 migration_end();
 }
 
+static uint64_t ram_migration_bitmap_reset(void)
+{
+uint64_t dirty_pages_remaining;
+int64_t ram_bitmap_pages; /* Size of bitmap in pages, including gaps */
+/* TODO think about more locks?
+ * For now only using for prediction so the only another writer
+ * is migration_bitmap_sync_range()
+ */
+qemu_mutex_lock(_bitmap_mutex);
+rcu_read_lock();
+ram_bitmap_pages = last_ram_offset() >> TARGET_PAGE_BITS;
+dirty_pages_remaining = migration_dirty_pages;
+bitmap_zero(migration_bitmap, ram_bitmap_pages);
+migration_dirty_pages = 0;
+rcu_read_unlock();
+qemu_mutex_unlock(_bitmap_mutex);
+return dirty_pages_remaining;
+}
+
 static void reset_ram_globals(void)
 {
 last_seen_block = NULL;
@@ -1249,6 +1268,10 @@ static int ram_save_iterate(QEMUFile *f, void *opaque)
 int64_t t0;
 int pages_sent = 0;
 
+if (migrate_is_test()) {
+return ram_migration_bitmap_reset();
+}
+
 rcu_read_lock();
 if (ram_list.version != last_version) {
 reset_ram_globals();
@@ -1346,13 +1369,14 @@ static uint64_t ram_save_pending(QEMUFile *f, void 
*opaque, uint64_t max_size)
 
 remaining_size = ram_save_remaining() * TARGET_PAGE_SIZE;
 
-if (remaining_size < max_size) {
+if ((remaining_size < max_size) || (migrate_is_test())) {
 qemu_mutex_lock_iothread();
 rcu_read_lock();
 migration_bitmap_sync();
 rcu_read_unlock();
 qemu_mutex_unlock_iothread();
 remaining_size = ram_save_remaining() * TARGET_PAGE_SIZE;
+ram_control_sync_hook(f, RAM_CONTROL_HOOK, _size);
 }
 return remaining_size;
 }
-- 
2.1.4

[Qemu-devel] [PATCH 3/8] migration: add new capability test-only

[Denis V. Lunev]

From: Igor Redko 

This patch declares a new migration capability that allows
to distinguish between true migration and the test.

An alternative is using a custom URI but in this case the
following problems should be solved:
1/ QEMUFile abstraction hides the real transport type
2/ We must be ensured that VM will not be stopped due to
“successful migration”

Possible solutions:
1/ Using global variable analogous to
s->enabled_capabilities[MIGRATION_CAPABILITY_TEST_ONLY] that
will be initialized according to the migration type at the
beginning of the migration process
2/ Additional hook, presence of implementation of which allows
to decide whether the migration is true

Signed-off-by: Igor Redko 
Reviewed-by: Anna Melekhova 
Signed-off-by: Denis V. Lunev 
---
 include/migration/migration.h | 2 ++
 migration/migration.c | 9 +
 qapi-schema.json  | 5 -
 qmp-commands.hx   | 1 +
 4 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index deb0d21..8611750 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -179,6 +179,8 @@ int migrate_compress_threads(void);
 int migrate_decompress_threads(void);
 bool migrate_use_events(void);
 
+bool migrate_is_test(void);
+
 void ram_control_before_iterate(QEMUFile *f, uint64_t flags);
 void ram_control_after_iterate(QEMUFile *f, uint64_t flags);
 void ram_control_load_hook(QEMUFile *f, uint64_t flags, void *data);
diff --git a/migration/migration.c b/migration/migration.c
index b710a2d..e0cad54 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -954,6 +954,15 @@ int migrate_use_xbzrle(void)
 return s->enabled_capabilities[MIGRATION_CAPABILITY_XBZRLE];
 }
 
+bool migrate_is_test(void)
+{
+MigrationState *s;
+
+s = migrate_get_current();
+
+return s->enabled_capabilities[MIGRATION_CAPABILITY_TEST_ONLY];
+}
+
 int64_t migrate_xbzrle_cache_size(void)
 {
 MigrationState *s;
diff --git a/qapi-schema.json b/qapi-schema.json
index 8b0520c..38bf199 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -540,11 +540,14 @@
 # @auto-converge: If enabled, QEMU will automatically throttle down the guest
 #  to speed up convergence of RAM migration. (since 1.6)
 #
+# @test-only: If enabled, QEMU instead of migrating will estimate migration
+#  time basing on given downtime and current dirty page rate
+#
 # Since: 1.2
 ##
 { 'enum': 'MigrationCapability',
   'data': ['xbzrle', 'rdma-pin-all', 'auto-converge', 'zero-blocks',
-   'compress', 'events'] }
+   'compress', 'events', 'test-only'] }
 
 ##
 # @MigrationCapabilityStatus
diff --git a/qmp-commands.hx b/qmp-commands.hx
index d2ba800..741d088 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -3456,6 +3456,7 @@ Enable/Disable migration capabilities
 - "auto-converge": throttle down guest to help convergence of migration
 - "zero-blocks": compress zero blocks during block migration
 - "events": generate events for each migration state change
+- "test-only": don't send any data, instead estimate dirty page rate
 
 Arguments:
 
-- 
2.1.4

[Qemu-devel] [PATCH 5/8] migration: add draft of new transport

[Denis V. Lunev]

From: Igor Redko 

In this patch transport test is added. It can be used to estimate
the possibility of live migration given downtime and bandwidth.
In this patch basic functionality is implemented to meet the
QEMUFile interface requirements.

This transport is write-only. Moreover, it saves only the size of
the transferred data and drops the data itself.

Also, the Makefile modification to link this file included.

Signed-off-by: Igor Redko 
Reviewed-by: Anna Melekhova 
Signed-off-by: Denis V. Lunev 
---
 include/migration/migration.h |  2 ++
 migration/Makefile.objs   |  2 +-
 migration/test.c  | 66 +++
 3 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100644 migration/test.c

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 8611750..555267b 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -108,6 +108,8 @@ void rdma_start_outgoing_migration(void *opaque, const char 
*host_port, Error **
 
 void rdma_start_incoming_migration(const char *host_port, Error **errp);
 
+void test_start_migration(void *opaque, const char *host_port, Error **errp);
+
 void migrate_fd_error(MigrationState *s);
 
 void migrate_fd_connect(MigrationState *s);
diff --git a/migration/Makefile.objs b/migration/Makefile.objs
index d929e96..2da590b 100644
--- a/migration/Makefile.objs
+++ b/migration/Makefile.objs
@@ -1,4 +1,4 @@
-common-obj-y += migration.o tcp.o
+common-obj-y += migration.o tcp.o test.o
 common-obj-y += vmstate.o
 common-obj-y += qemu-file.o qemu-file-buf.o qemu-file-unix.o qemu-file-stdio.o
 common-obj-y += xbzrle.o
diff --git a/migration/test.c b/migration/test.c
new file mode 100644
index 000..8d06988
--- /dev/null
+++ b/migration/test.c
@@ -0,0 +1,66 @@
+#include "qemu-common.h"
+#include "migration/migration.h"
+#include "migration/qemu-file.h"
+#include "exec/cpu-common.h"
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "qemu/sockets.h"
+#include "qemu/bitmap.h"
+#include 
+#include 
+#include "qmp-commands.h"
+
+typedef struct QEMUFileTest {
+MigrationState *s;
+size_t len;
+QEMUFile *file;
+} QEMUFileTest;
+
+static uint64_t transfered_bytes;
+static uint64_t initial_bytes;
+
+static ssize_t qemu_test_put_buffer(void *opaque, const uint8_t *buf,
+int64_t pos, size_t size)
+{
+transfered_bytes += size;
+return size;
+}
+
+static int qemu_test_close(void *opaque)
+{
+return 0;
+}
+
+static const QEMUFileOps test_write_ops = {
+.put_buffer = qemu_test_put_buffer,
+.close  = qemu_test_close,
+};
+
+static void *qemu_fopen_test(MigrationState *s, const char *mode)
+{
+QEMUFileTest *t;
+transfered_bytes = 0;
+initial_bytes = 0;
+if (qemu_file_mode_is_not_valid(mode)) {
+return NULL;
+}
+
+t = g_malloc0(sizeof(QEMUFileTest));
+t->s = s;
+
+if (mode[0] == 'w') {
+t->file = qemu_fopen_ops(s, _write_ops);
+} else {
+return NULL;
+}
+qemu_file_set_rate_limit(t->file, -1);
+return t->file;
+}
+
+void test_start_migration(void *opaque, const char *host_port, Error **errp)
+{
+MigrationState *s = opaque;
+s->file = qemu_fopen_test(s, "wb");
+migrate_fd_connect(s);
+return;
+}
-- 
2.1.4

Re: [Qemu-devel] [PATCH v6 3/4] block: add a 'blockdev-snapshot' QMP command

[Kevin Wolf]

Am 06.10.2015 um 17:49 hat Alberto Garcia geschrieben:
> On Tue 06 Oct 2015 05:30:07 PM CEST, Kevin Wolf wrote:
> >> -options = qdict_new();
> >> -if (has_snapshot_node_name) {
> >> -qdict_put(options, "node-name",
> >> -  qstring_from_str(snapshot_node_name));
> >> +if (snapshot_node_name && bdrv_find_node(snapshot_node_name)) {
> >> +error_setg(errp, "New snapshot node name already exists");
> >> +return;
> >> +}
> >
> > Preexisting, but shouldn't we use bdrv_lookup_bs() here (because devices
> > and node names share a namespace)?
> 
> I think you're right, good catch!
> 
> >> +if (state->new_bs->blk != NULL) {
> >> +error_setg(errp, "The snapshot is already in use by %s",
> >> +   blk_name(state->new_bs->blk));
> >> +return;
> >> +}
> >
> > Is it even possible yet to create a root BDS without a BB?
> 
> It is possible with Max's series, on which mine depends.
> 
>http://patchwork.ozlabs.org/patch/519375/

Okay. I missed this dependency, it doesn't seem to be very explicit in
the cover letter.

> >> +if (bdrv_op_is_blocked(state->new_bs, BLOCK_OP_TYPE_EXTERNAL_SNAPSHOT,
> >> +   errp)) {
> >> +return;
> >> +}
> >> +
> >> +if (state->new_bs->backing_hd != NULL) {
> >> +error_setg(errp, "The snapshot already has a backing image");
> >>  }
> >
> > The error cases after bdrv_open() should probably bdrv_unref() the
> > node.
> 
> I don't think it's necessary, external_snapshot_abort() already takes
> care of that.

Sorry for the noise, you're right. I was confused by bdrv_reopen()
transactions working differently: There, abort isn't called for the
queue entry that has failed prepare, but here it is.

Kevin

[Qemu-devel] PING: [RFC PATCH 0/4] GICv3 live migration support

[Pavel Fedin]

 Knock-knock!

 PM: I remember we had a talk that we should settle down on migration data 
format. Isn't it right
time?

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia


> -Original Message-
> From: qemu-devel-bounces+p.fedin=samsung@nongnu.org [mailto:qemu-devel-
> bounces+p.fedin=samsung@nongnu.org] On Behalf Of Pavel Fedin
> Sent: Wednesday, September 30, 2015 5:00 PM
> To: qemu-devel@nongnu.org
> Cc: Peter Maydell; Juan Quintela; Shlomo Pongratz; Shlomo Pongratz; Amit 
> Shah; Diana Craciun
> Subject: [Qemu-devel] [RFC PATCH 0/4] GICv3 live migration support
> 
> This series introduces support for GICv3 live migration. It is based on
> kernel API which is not released yet, therefore i post it as an RFC.
> 
> Kernel patches which implement this functionality are:
> - [PATCH v4 0/7] KVM: arm64: Implement API for vGICv3 live migration
>   http://www.spinics.net/lists/kvm/msg121588.html
> 
> The main purpose of this RFC is to agree on GICv3 state data format,
> because software implementation of GICv3 is also going to use it. In order
> to simplify GICv3 software emulation development, part 1 of this patchset
> can be accepted right now, without waiting for the kernel part.
> 
> The second question which should be addressed is how to correctly describe
> bitfields in vmstate. Bitfields are used by this code in order to reflect
> per-CPU interrupt status. qemu defines bitfields as arrays of 'long',
> therefore element length can be different on different systems. Our vmstate
> macros support only types with fixed size, like UINT64 and UINT32. In order
> to work around this problem, i relied on __SIZEOF_LONG__ definition.
> However, i suppose, it is gcc-specific and this approach is wrong for
> mainstream, therefore i'd like to discuss how this could be done better.
> Since 'long' maps to something, i think that adding a specific code for it
> would be too much anyway. May be add configure test for sizeof(long) ?
> 
> Pavel Fedin (4):
>   hw/intc/arm_gicv3_common: Add state information
>   kernel: Add definitions for GICv3 attributes
>   hw/intc/arm_gicv3_kvm: Implement get/put functions
>   hw/intc/arm_gicv3_common: Add vmstate descriptors
> 
>  hw/intc/arm_gicv3_common.c | 199 ++-
>  hw/intc/arm_gicv3_kvm.c| 391 
> -
>  hw/intc/gicv3_internal.h   | 152 ++
>  include/hw/intc/arm_gicv3_common.h |  76 +++
>  linux-headers/asm-arm64/kvm.h  |  10 +-
>  5 files changed, 821 insertions(+), 7 deletions(-)
>  create mode 100644 hw/intc/gicv3_internal.h
> 
> --
> 2.4.4

Re: [Qemu-devel] [PATCH 3/4] why is runstate_is_running needed?

[Pavel Dovgaluk]

> From: Paolo Bonzini [mailto:paolo.bonz...@gmail.com] On Behalf Of Paolo 
> Bonzini
> Sent: Tuesday, October 06, 2015 11:01 PM
> To: qemu-devel@nongnu.org
> Cc: pavel.dovga...@ispras.ru
> Subject: [PATCH 3/4] why is runstate_is_running needed?
> 
> It doesn't seem correct to call it for all checkpoints, but why
> is it right for timerlist_run_timers?

Because replaying shouldn't proceed when machine is stopped.
These checks could be also useful for creating snapshots in record mode,
but I don't remember exact reasons of adding them. I'll check your changes 
for the current version.

> ---
>  qemu-timer.c   | 9 +++--
>  stubs/replay.c | 5 -
>  2 files changed, 3 insertions(+), 11 deletions(-)
> 
> diff --git a/qemu-timer.c b/qemu-timer.c
> index 3c6e4c3..f16e422 100644
> --- a/qemu-timer.c
> +++ b/qemu-timer.c
> @@ -488,20 +488,17 @@ bool timerlist_run_timers(QEMUTimerList *timer_list)
>  break;
>  default:
>  case QEMU_CLOCK_VIRTUAL:
> -if ((replay_mode != REPLAY_MODE_NONE && !runstate_is_running())
> -|| !replay_checkpoint(CHECKPOINT_CLOCK_VIRTUAL)) {
> +if (!replay_checkpoint(CHECKPOINT_CLOCK_VIRTUAL)) {
>  goto out;
>  }
>  break;
>  case QEMU_CLOCK_HOST:
> -if ((replay_mode != REPLAY_MODE_NONE && !runstate_is_running())
> -|| !replay_checkpoint(CHECKPOINT_CLOCK_HOST)) {
> +if (!replay_checkpoint(CHECKPOINT_CLOCK_HOST)) {
>  goto out;
>  }
>  break;
>  case QEMU_CLOCK_VIRTUAL_RT:
> -if ((replay_mode != REPLAY_MODE_NONE && !runstate_is_running())
> -|| !replay_checkpoint(CHECKPOINT_CLOCK_VIRTUAL_RT)) {
> +if (!replay_checkpoint(CHECKPOINT_CLOCK_VIRTUAL_RT)) {
>  goto out;
>  }
>  break;
> diff --git a/stubs/replay.c b/stubs/replay.c
> index 71fa7d5..42d01b5 100755
> --- a/stubs/replay.c
> +++ b/stubs/replay.c
> @@ -22,11 +22,6 @@ bool replay_checkpoint(ReplayCheckpoint checkpoint)
>  return true;
>  }
> 
> -int runstate_is_running(void)
> -{
> -abort();
> -}
> -
>  bool replay_events_enabled(void)
>  {
>  return false;
> --
> 2.5.0
> 


Pavel Dovgalyuk

Re: [Qemu-devel] [PATCH] watchdog: add support to emulate winbond w83627thf

[Daniel Fahlgren]

Hi,

On Mon, 2015-09-14 at 22:07 +0200, Daniel Fahlgren wrote:
> This patch adds support to emulate the watchdog functionality on the
> Winbond w83627thf chip. The other features of the chip are not emulated.
> It has been tested with Ubuntu 6.06, 14.04 and 15.04 as guests using the
> w83627hf_wdt module.

Ping, who should I poke about this? The maintainers file does not
mention the watchdog system.

> Signed-off-by: Daniel Fahlgren 
> ---
>  default-configs/i386-softmmu.mak   |   1 +
>  default-configs/x86_64-softmmu.mak |   1 +
>  hw/watchdog/Makefile.objs  |   1 +
>  hw/watchdog/wdt_w83627thf.c| 255 
> +
>  4 files changed, 258 insertions(+)
>  create mode 100644 hw/watchdog/wdt_w83627thf.c
> 
> diff --git a/default-configs/i386-softmmu.mak 
> b/default-configs/i386-softmmu.mak
> index 9393cf0..30abc6f 100644
> --- a/default-configs/i386-softmmu.mak
> +++ b/default-configs/i386-softmmu.mak
> @@ -35,6 +35,7 @@ CONFIG_MC146818RTC=y
>  CONFIG_PAM=y
>  CONFIG_PCI_PIIX=y
>  CONFIG_WDT_IB700=y
> +CONFIG_WDT_W83627THF=y
>  CONFIG_XEN_I386=$(CONFIG_XEN)
>  CONFIG_ISA_DEBUG=y
>  CONFIG_ISA_TESTDEV=y
> diff --git a/default-configs/x86_64-softmmu.mak 
> b/default-configs/x86_64-softmmu.mak
> index 28e2099..906d14b 100644
> --- a/default-configs/x86_64-softmmu.mak
> +++ b/default-configs/x86_64-softmmu.mak
> @@ -35,6 +35,7 @@ CONFIG_MC146818RTC=y
>  CONFIG_PAM=y
>  CONFIG_PCI_PIIX=y
>  CONFIG_WDT_IB700=y
> +CONFIG_WDT_W83627THF=y
>  CONFIG_XEN_I386=$(CONFIG_XEN)
>  CONFIG_ISA_DEBUG=y
>  CONFIG_ISA_TESTDEV=y
> diff --git a/hw/watchdog/Makefile.objs b/hw/watchdog/Makefile.objs
> index 72e3ffd..e021b24 100644
> --- a/hw/watchdog/Makefile.objs
> +++ b/hw/watchdog/Makefile.objs
> @@ -2,3 +2,4 @@ common-obj-y += watchdog.o
>  common-obj-$(CONFIG_WDT_IB6300ESB) += wdt_i6300esb.o
>  common-obj-$(CONFIG_WDT_IB700) += wdt_ib700.o
>  common-obj-$(CONFIG_WDT_DIAG288) += wdt_diag288.o
> +common-obj-$(CONFIG_WDT_W83627THF) += wdt_w83627thf.o
> diff --git a/hw/watchdog/wdt_w83627thf.c b/hw/watchdog/wdt_w83627thf.c
> new file mode 100644
> index 000..143bb8f
> --- /dev/null
> +++ b/hw/watchdog/wdt_w83627thf.c
> @@ -0,0 +1,255 @@
> +/*
> + * Virtual hardware watchdog.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License
> + * as published by the Free Software Foundation; either version 2
> + * of the License, or (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, see .
> + *
> + * By Daniel Fahlgren (dan...@fahlgren.se)
> + */
> +
> +#include 
> +
> +#include "qemu-common.h"
> +#include "qemu/timer.h"
> +#include "sysemu/watchdog.h"
> +#include "hw/isa/isa.h"
> +
> +/* #define W83627THF_DEBUG 1 */
> +
> +#ifdef W83627THF_DEBUG
> +#define w83627thf_debug(fs, ...) \
> +fprintf(stderr, "w83627thf: %s: "fs, __func__, ##__VA_ARGS__)
> +#else
> +#define w83627thf_debug(fs, ...)
> +#endif
> +
> +#define WATCHDOG_W83627THF_DEVICE(obj) \
> +OBJECT_CHECK(W83627THFState, (obj), "w83627thf")
> +
> +#define CHIP_VERSION   0x82
> +
> +#define CHIP_VERSION_REGISTER  0x20
> +#define PLED_MODE_REGISTER 0xF5
> +#define TIMEOUT_REGISTER   0xF6
> +#define TIMER_REGISTER 0xF7
> +
> +#define PLED_MINUTE_MODE   0x08
> +
> +#define WDT_W83627THF_EFER 0x2E
> +#define WDT_W83627THF_EFDR 0x2F
> +
> +enum {
> +normal_mode = 0,
> +extended_mode1 = 1,
> +extended_mode2 = 2
> +};
> +
> +/* Device state. */
> +typedef struct W83627THFState {
> +ISADevice parent_obj;
> +
> +QEMUTimer *timer;
> +
> +PortioList port_list;
> +
> +uint8_t running_mode;
> +
> +uint8_t selected_register;
> +
> +uint8_t pled_mode_register;
> +uint8_t timeout_register;
> +uint8_t timer_register;
> +
> +} W83627THFState;
> +
> +static WatchdogTimerModel model = {
> +.wdt_name = "w83627thf",
> +.wdt_description = "Winbond w83627thf",
> +};
> +
> +static const VMStateDescription vmstate_w83627thf = {
> +.name = "vmstate_w83627thf",
> +.version_id = 0,
> +.minimum_version_id = 0,
> +.fields = (VMStateField[]) {
> +VMSTATE_TIMER_PTR(timer, W83627THFState),
> +VMSTATE_UINT8(running_mode, W83627THFState),
> +VMSTATE_UINT8(selected_register, W83627THFState),
> +VMSTATE_UINT8(pled_mode_register, W83627THFState),
> +VMSTATE_UINT8(timeout_register, W83627THFState),
> +VMSTATE_UINT8(timer_register, W83627THFState),
> +VMSTATE_END_OF_LIST()
> +}
> +};
> +
> +/* This function is called 

Re: [Qemu-devel] Debugging Migration

[Denis V. Lunev]

On 10/07/2015 02:02 AM, John Snow wrote:


On 10/06/2015 06:40 PM, Denis V. Lunev wrote:

On 10/06/2015 09:46 PM, John Snow wrote:

Is there a convenient way of "pausing" or stalling a live migration to
allow methodical testing of race conditions?

I'd like to instrument something along the lines of:

(1) Live migration begins.
(2) migration is artificially halted or paused, but QEMU is allowed to
run.
(3) Some additional qtest/QMP commands are received and processed.
(4) migration is allowed to resume.

Does anyone have perhaps even test patches to instrument this sort of
thing, or is it up to detective john to add it if he wants it?

Thanks,
--js


we have performed some experiments with migration "test mode".
The idea was to estimate the time to migrate and estimate
expected downtime for distributed resource management.
In this mode the migration was not performed but all stuff around
like dirty bitmap was touched.

There are several patches for this in my queue but they are very
hackish.

Will it help you?

Den

It certainly won't hurt me to look at them if you'll share :)

--js


sent as
[RFC 0/8]  QEMUFile-way to gather VM's memory statistics

Sorry, I have lost threading accidentally.

Once again, that code is dirty and IMHO does not meet QEMU coding
standards at the moment.

Den

Re: [Qemu-devel] [PATCH v2] Remove macros IO_READ_PROTO and IO_WRITE_PROTO

[Nutan Shinde]

>
> Hi,


> The change was to remove macros defined as IT_WRITE_PROTO and
> IT_READ_PROTO. These macros were used for function definitions. So, I have
> replaced these macros with actual function definitions.
>

[Qemu-devel] [RFC 0/8] QEMUFile-way to gather VM's memory statistics

[Denis V. Lunev]

This code is not ready to be merged. It is sent in the hope that it could
be useful and we could invent better architectural approach for the
feature if possible.

+tch set summary:
- we added a feature that allows to gather VM's memory usage statistics
  with minimum interference with VM’s work (no transferring data thru
  network, probing time ~ downtime, etc.)
- this feature is implemented as a new capability for the migrate command.
  Migration started with this capability turned on will only gather dirty
  memory statistics regardless of given URI.

More details on measurement procedure:
To gather statistics, mechanisms created for live migration and snapshots
are used. This is the easiest approach for getting dirty bitmap of memory
pages.

Main points:
1. A function for bitmap resetting was added. During migration the process
   is bit-wise and so very time-consuming. What is more, it involves memory
   pages copying to the buffer.
2. A new hook hook_ram_sync() for QEMUFile was added. According to the
   previous point, we should pass the number of dirty pages before the
   resetting. As a result of passing control using hook_ram_sync() we can
   add a delay and let the VM to 'dirty' memory
3. New transport was created (QEMUFile implementation). As we want to use
   migration_thread() function, all logic that processes and outputs the
   gathered information should be hidden here.

Algorithm for dirty rate estimation:
1. Start memory logging (ram_save_setup())
2. The first reset of dirty bitmap, pass size of VM memory
3. Sleep на время равное downtime'у
4. Synchronization of bitmap
5. The second reset of dirty bitmap, pass size of dirty VM memory.
6. Compute dirty byte rate, assuming that time between two synchronization
   equals downtime.
7. Fill corresponding fields in MigrationState.
8. After finishing of hook_ram_sync return error code "-42"
9. In migration_thread() error code "-42" is interpreted as successful
   completion and MigrationStatus is changed

Signed-off-by: Denis V. Lunev 
Signed-off-by: Igor Redko 
Reviewed-by: Anna Melekhova 

Igor Redko (7):
  qemu-file: new hook in qemu-file
  migration: add new capability test-only
  migration: add function for reseting migration bitmap
  migration: add draft of new transport
  migration: implementation of hook_ram_sync
  migration: new migration test mode
  migration: add output of gathered statistics

 include/migration/migration.h |  5 +++
 include/migration/qemu-file.h |  1 +
 migration/Makefile.objs   |  2 +-
 migration/migration.c | 53 +--
 migration/qemu-file.c | 12 ++
 migration/ram.c   | 30 -
 migration/test.c  | 99 +++
 qapi-schema.json  |  9 +++-
 qmp-commands.hx   |  1 +
 9 files changed, 204 insertions(+), 8 deletions(-)
 create mode 100644 migration/test.c

[Qemu-devel] [PATCH 2/8] qemu-file: new hook in qemu-file

[Denis V. Lunev]

From: Igor Redko 

This patch adds hook_ram_sync() to QEMUFile abstraction. This hook
can be used for passing information about dirty memory.
An alternative is using existing hook_ram_load(). But this hook is
designed for incoming VM migration, so using it for outcoming VM
migration may complicate understanding of the code. On the other
hand, using existing code decreases volume of the patchset and its
impact.

Signed-off-by: Igor Redko 
Reviewed-by: Anna Melekhova 
Signed-off-by: Denis V. Lunev 
---
 include/migration/migration.h |  1 +
 include/migration/qemu-file.h |  1 +
 migration/qemu-file.c | 12 
 3 files changed, 14 insertions(+)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 8334621..deb0d21 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -182,6 +182,7 @@ bool migrate_use_events(void);
 void ram_control_before_iterate(QEMUFile *f, uint64_t flags);
 void ram_control_after_iterate(QEMUFile *f, uint64_t flags);
 void ram_control_load_hook(QEMUFile *f, uint64_t flags, void *data);
+void ram_control_sync_hook(QEMUFile *f, uint64_t flags, void *data);
 
 /* Whenever this is found in the data stream, the flags
  * will be passed to ram_control_load_hook in the incoming-migration
diff --git a/include/migration/qemu-file.h b/include/migration/qemu-file.h
index 29a338d..770dd98 100644
--- a/include/migration/qemu-file.h
+++ b/include/migration/qemu-file.h
@@ -105,6 +105,7 @@ typedef struct QEMUFileOps {
 QEMURamHookFunc *before_ram_iterate;
 QEMURamHookFunc *after_ram_iterate;
 QEMURamHookFunc *hook_ram_load;
+QEMURamHookFunc *hook_ram_sync;
 QEMURamSaveFunc *save_page;
 QEMUFileShutdownFunc *shut_down;
 } QEMUFileOps;
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
index 49addf6..a05d672 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
@@ -168,6 +168,18 @@ void ram_control_load_hook(QEMUFile *f, uint64_t flags, 
void *data)
 }
 }
 
+void ram_control_sync_hook(QEMUFile *f, uint64_t flags, void *data)
+{
+int ret = 0;
+
+if (f->ops->hook_ram_sync) {
+ret = f->ops->hook_ram_sync(f, f->opaque, flags, data);
+if (ret < 0) {
+qemu_file_set_error(f, ret);
+}
+}
+}
+
 size_t ram_control_save_page(QEMUFile *f, ram_addr_t block_offset,
  ram_addr_t offset, size_t size,
  uint64_t *bytes_sent)
-- 
2.1.4

[Qemu-devel] [PATCH 1/8] migration: fix expected_downtime

[Denis V. Lunev]

From: Igor Redko 

To get this estimation we must divide pending_size by bandwidth
according to description of expected-downtime ("qmp-commands.hx:3246"):
  "expected-downtime": only present while migration is active
  total amount in ms for downtime that was calculated on
  the last bitmap round (json-int)

Previous version was just wrong because dirty_bytes_rate and bandwidth
are measured in Bytes/ms, so dividing first by second we get some
dimensionless quantity.
As it said in description above this value is showed during active
migration phase and recalculated only after transferring all memory
and if this process took more than 1 sec. So maybe just nobody noticed
that bug.

Signed-off-by: Igor Redko 
Reviewed-by: Anna Melekhova 
Signed-off-by: Denis V. Lunev 
---
 migration/migration.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration/migration.c b/migration/migration.c
index b7de9b7..b710a2d 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1063,7 +1063,7 @@ static void *migration_thread(void *opaque)
 /* if we haven't sent anything, we don't want to recalculate
1 is a small enough number for our purposes */
 if (s->dirty_bytes_rate && transferred_bytes > 1) {
-s->expected_downtime = s->dirty_bytes_rate / bandwidth;
+s->expected_downtime = pending_size / bandwidth;
 }
 
 qemu_file_reset_rate_limit(s->file);
-- 
2.1.4

[Qemu-devel] [PATCH 6/8] migration: implementation of hook_ram_sync

[Denis V. Lunev]

From: Igor Redko 

The key feature of the test transport is receiving information
about dirty memory. The qemu_test_sync_hook() allows to use
the migration infrastructure(code) for this purpose.

All calls of this hook will be from ram_save_pending().

At the first call of this hook we need to save the initial
size of VM memory and put the migration thread to sleep for
decent period (downtime for example). During this period
guest would dirty memory.

The second and the last call.
We make our estimation of dirty bytes rate assuming that time
between two synchronizations of dirty bitmap differs from downtime
negligibly.

An alternative to this approach is receiving information about
size of data “transmitted” through the transport. However, this
way creates large time and memory overheads:
1/Transmitted guest’s memory pages are copied to QEMUFile’s buffer
  (~8 sec per 4GB VM)
2/Dirty memory pages are processed one by one (~60msec per 4GB VM)

Signed-off-by: Igor Redko 
Reviewed-by: Anna Melekhova 
Signed-off-by: Denis V. Lunev 
---
 migration/migration.c |  8 
 migration/test.c  | 36 
 2 files changed, 44 insertions(+)

diff --git a/migration/migration.c b/migration/migration.c
index d6cb3e2..3182e15 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1058,6 +1058,14 @@ static void *migration_thread(void *opaque)
   MIGRATION_STATUS_FAILED);
 break;
 }
+
+if (migrate_is_test()) {
+/* since no data is transfered during estimation all
+   all measurements below will be incorrect.
+   as well no need for delays. */
+continue;
+}
+
 current_time = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
 if (current_time >= initial_time + BUFFER_DELAY) {
 uint64_t transferred_bytes = qemu_ftell(s->file) - initial_bytes;
diff --git a/migration/test.c b/migration/test.c
index 8d06988..b4d0761 100644
--- a/migration/test.c
+++ b/migration/test.c
@@ -18,6 +18,7 @@ typedef struct QEMUFileTest {
 
 static uint64_t transfered_bytes;
 static uint64_t initial_bytes;
+static int sync_cnt;
 
 static ssize_t qemu_test_put_buffer(void *opaque, const uint8_t *buf,
 int64_t pos, size_t size)
@@ -31,7 +32,41 @@ static int qemu_test_close(void *opaque)
 return 0;
 }
 
+static int qemu_test_sync_hook(QEMUFile *f, void *opaque,
+uint64_t flags, void *data)
+{
+static uint64_t dirtied_bytes;
+static uint64_t sleeptime_mcs;
+int64_t time_delta;
+uint64_t remaining_bytes = *((uint64_t *) data);
+MigrationState *s = (MigrationState *) opaque;
+switch (sync_cnt++) {
+case 0:
+/* First call will be from ram_save_begin
+ * so we need to save initial size of VM memory
+ * and sleep for decent period (downtime for example). */
+sleeptime_mcs = migrate_max_downtime()/1000;
+initial_bytes = remaining_bytes;
+usleep(sleeptime_mcs);
+break;
+case 1:
+/* Second and last call.
+ * We assume that time between two synchronizations of
+ * dirty bitmap differs from downtime negligibly and
+ * make our estimation of dirty bytes rate. */
+dirtied_bytes = remaining_bytes;
+time_delta = sleeptime_mcs / 1000;
+s->dirty_bytes_rate = dirtied_bytes * 1000 / time_delta;
+return -42;
+default:
+/* All calls after second are errors */
+return -1;
+}
+return 0;
+}
+
 static const QEMUFileOps test_write_ops = {
+.hook_ram_sync  = qemu_test_sync_hook,
 .put_buffer = qemu_test_put_buffer,
 .close  = qemu_test_close,
 };
@@ -41,6 +76,7 @@ static void *qemu_fopen_test(MigrationState *s, const char 
*mode)
 QEMUFileTest *t;
 transfered_bytes = 0;
 initial_bytes = 0;
+sync_cnt = 0;
 if (qemu_file_mode_is_not_valid(mode)) {
 return NULL;
 }
-- 
2.1.4

Re: [Qemu-devel] [PATCH v10 00/10] Block replication for continuous checkpoints

[Wen Congyang]

Ping...

On 09/25/2015 02:17 PM, Wen Congyang wrote:
> Block replication is a very important feature which is used for
> continuous checkpoints(for example: COLO).
> 
> You can the detailed information about block replication from here:
> http://wiki.qemu.org/Features/BlockReplication
> 
> Usage:
> Please refer to docs/block-replication.txt
> 
> This patch series is based on the following patch series:
> 1. http://lists.nongnu.org/archive/html/qemu-devel/2015-09/msg05514.html
> 2. http://lists.nongnu.org/archive/html/qemu-devel/2015-09/msg04900.html
> 
> You can get the patch here:
> https://github.com/coloft/qemu/tree/wency/block-replication-v10
> 
> You can get the patch with framework here:
> https://github.com/coloft/qemu/tree/wency/colo_framework_v9.5
> 
> TODO:
> 1. Continuous block replication. It will be started after basic functions
>are accepted.
> 
> Changs Log:
> V10:
> 1. Use blockdev-remove-medium and blockdev-insert-medium to replace backing
>reference.
> 2. Address the comments from Eric Blake
> V9:
> 1. Update the error messages
> 2. Rebase to the newest qemu
> 3. Split child add/delete support. These patches are sent in another patchset.
> V8:
> 1. Address Alberto Garcia's comments
> V7:
> 1. Implement adding/removing quorum child. Remove the option non-connect.
> 2. Simplify the backing refrence option according to Stefan Hajnoczi's 
> suggestion
> V6:
> 1. Rebase to the newest qemu.
> V5:
> 1. Address the comments from Gong Lei
> 2. Speed the failover up. The secondary vm can take over very quickly even
>if there are too many I/O requests.
> V4:
> 1. Introduce a new driver replication to avoid touch nbd and qcow2.
> V3:
> 1: use error_setg() instead of error_set()
> 2. Add a new block job API
> 3. Active disk, hidden disk and nbd target uses the same AioContext
> 4. Add a testcase to test new hbitmap API
> V2:
> 1. Redesign the secondary qemu(use image-fleecing)
> 2. Use Error objects to return error message
> 3. Address the comments from Max Reitz and Eric Blake
> 
> Wen Congyang (10):
>   allow writing to the backing file
>   Backup: clear all bitmap when doing block checkpoint
>   Allow creating backup jobs when opening BDS
>   block: make bdrv_put_ref_bh_schedule() as a public API
>   docs: block replication's description
>   Add new block driver interfaces to control block replication
>   quorum: implement block driver interfaces for block replication
>   Implement new driver for block replication
>   support replication driver in blockdev-add
>   Add a new API to start/stop replication, do checkpoint to all BDSes
> 
>  block.c| 192 +-
>  block/Makefile.objs|   3 +-
>  block/backup.c |  14 ++
>  block/quorum.c |  77 
>  block/replication.c| 471 
> +
>  blockdev.c |  37 +---
>  blockjob.c |  11 ++
>  docs/block-replication.txt | 259 +
>  include/block/block.h  |  10 +
>  include/block/block_int.h  |  14 ++
>  include/block/blockjob.h   |  12 ++
>  qapi/block-core.json   |  34 +++-
>  12 files changed, 1098 insertions(+), 36 deletions(-)
>  create mode 100644 block/replication.c
>  create mode 100644 docs/block-replication.txt
> 

Re: [Qemu-devel] [PATCH v5 0/4] qapi: child add/delete support

[Wen Congyang]

Ping...

On 09/22/2015 03:44 PM, Wen Congyang wrote:
> If quorum's child is broken, we can use mirror job to replace it.
> But sometimes, the user only need to remove the broken child, and
> add it later when the problem is fixed.
> 
> It is based on the following patch:
> http://lists.nongnu.org/archive/html/qemu-devel/2015-09/msg04579.html
> 
> ChangLog:
> v5:
> 1. Address Eric Blake's comments
> v4:
> 1. drop nbd driver's implementation. We can use human-monitor-command
>to do it.
> 2. Rename the command name.
> v3:
> 1. Don't open BDS in bdrv_add_child(). Use the existing BDS which is
>created by the QMP command blockdev-add.
> 2. The driver NBD can support filename, path, host:port now.
> v2:
> 1. Use bdrv_get_device_or_node_name() instead of new function
>bdrv_get_id_or_node_name()
> 2. Update the error message
> 3. Update the documents in block-core.json
> 
> Wen Congyang (4):
>   Add new block driver interface to add/delete a BDS's child
>   quorum: implement bdrv_add_child() and bdrv_del_child()
>   qmp: add monitor command to add/remove a child
>   hmp: add monitor command to add/remove a child
> 
>  block.c   | 56 ++--
>  block/quorum.c| 72 
> +--
>  blockdev.c| 48 +++
>  hmp-commands.hx   | 28 ++
>  hmp.c | 20 +
>  hmp.h |  2 ++
>  include/block/block.h |  8 ++
>  include/block/block_int.h |  5 
>  qapi/block-core.json  | 34 ++
>  qmp-commands.hx   | 61 +++
>  10 files changed, 329 insertions(+), 5 deletions(-)
> 

Re: [Qemu-devel] [PATCH 1/4] replay: generalize ptimer event to bottom halves

[Pavel Dovgaluk]

This one is ok.

Pavel Dovgalyuk

> -Original Message-
> From: Paolo Bonzini [mailto:paolo.bonz...@gmail.com] On Behalf Of Paolo 
> Bonzini
> Sent: Tuesday, October 06, 2015 11:01 PM
> To: qemu-devel@nongnu.org
> Cc: pavel.dovga...@ispras.ru
> Subject: [PATCH 1/4] replay: generalize ptimer event to bottom halves
> 
> Make the code a bit more type safe and follow the same scheme as
> replay_input_event and replay_input_sync_event.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  hw/core/ptimer.c |  6 +-
>  replay/replay-events.c   | 15 ++-
>  replay/replay-internal.h |  2 +-
>  replay/replay.h  |  4 ++--
>  4 files changed, 14 insertions(+), 13 deletions(-)
> 
> diff --git a/hw/core/ptimer.c b/hw/core/ptimer.c
> index c56078d..86d544f 100644
> --- a/hw/core/ptimer.c
> +++ b/hw/core/ptimer.c
> @@ -28,11 +28,7 @@ struct ptimer_state
>  static void ptimer_trigger(ptimer_state *s)
>  {
>  if (s->bh) {
> -if (replay_mode != REPLAY_MODE_NONE) {
> -replay_add_ptimer_event(s->bh, replay_get_current_step());
> -} else {
> -qemu_bh_schedule(s->bh);
> -}
> +replay_bh_schedule_event(s->bh);
>  }
>  }
> 
> diff --git a/replay/replay-events.c b/replay/replay-events.c
> index 23f3b12..06dd4ca 100755
> --- a/replay/replay-events.c
> +++ b/replay/replay-events.c
> @@ -37,7 +37,7 @@ static bool events_enabled;
>  static void replay_run_event(Event *event)
>  {
>  switch (event->event_kind) {
> -case REPLAY_ASYNC_EVENT_PTIMER:
> +case REPLAY_ASYNC_EVENT_BH:
>  aio_bh_call(event->opaque);
>  break;
>  case REPLAY_ASYNC_EVENT_INPUT:
> @@ -129,9 +129,14 @@ static void replay_add_event(ReplayAsyncEventKind 
> event_kind,
>  replay_mutex_unlock();
>  }
> 
> -void replay_add_ptimer_event(void *bh, uint64_t id)
> +void replay_bh_schedule_event(QEMUBH *bh)
>  {
> -replay_add_event(REPLAY_ASYNC_EVENT_PTIMER, bh, NULL, id);
> +if (replay_mode != REPLAY_MODE_NONE) {
> +uint64_t id = replay_get_current_step();
> +replay_add_event(REPLAY_ASYNC_EVENT_BH, bh, NULL, id);
> +} else {
> +qemu_bh_schedule(bh);
> +}
>  }
> 
>  void replay_add_input_event(struct InputEvent *event)
> @@ -154,7 +159,7 @@ static void replay_save_event(Event *event, int 
> checkpoint)
> 
>  /* save event-specific data */
>  switch (event->event_kind) {
> -case REPLAY_ASYNC_EVENT_PTIMER:
> +case REPLAY_ASYNC_EVENT_BH:
>  replay_put_qword(event->id);
>  break;
>  case REPLAY_ASYNC_EVENT_INPUT:
> @@ -200,7 +205,7 @@ static Event *replay_read_event(int checkpoint)
> 
>  /* Events that has not to be in the queue */
>  switch (read_event_kind) {
> -case REPLAY_ASYNC_EVENT_PTIMER:
> +case REPLAY_ASYNC_EVENT_BH:
>  if (read_id == -1) {
>  read_id = replay_get_qword();
>  }
> diff --git a/replay/replay-internal.h b/replay/replay-internal.h
> index 04d2e1b..77e0d29 100755
> --- a/replay/replay-internal.h
> +++ b/replay/replay-internal.h
> @@ -41,7 +41,7 @@ enum ReplayEvents {
>  /* Asynchronous events IDs */
> 
>  enum ReplayAsyncEventKind {
> -REPLAY_ASYNC_EVENT_PTIMER,
> +REPLAY_ASYNC_EVENT_BH,
>  REPLAY_ASYNC_EVENT_INPUT,
>  REPLAY_ASYNC_EVENT_INPUT_SYNC,
>  REPLAY_ASYNC_COUNT
> diff --git a/replay/replay.h b/replay/replay.h
> index cbb4e11..abb4688 100755
> --- a/replay/replay.h
> +++ b/replay/replay.h
> @@ -110,8 +110,8 @@ bool replay_checkpoint(ReplayCheckpoint checkpoint);
>  void replay_disable_events(void);
>  /*! Returns true when saving events is enabled */
>  bool replay_events_enabled(void);
> -/*! Adds ptimer event to the queue */
> -void replay_add_ptimer_event(void *bh, uint64_t id);
> +/*! Adds bottom half event to the queue */
> +void replay_bh_schedule_event(QEMUBH *bh);
>  /*! Adds input event to the queue */
>  void replay_input_event(QemuConsole *src, InputEvent *evt);
>  /*! Adds input sync event to the queue */
> --
> 2.5.0
> 

Re: [Qemu-devel] [PATCH] qobject: Replace property list with GHashTable

[Pavel Fedin]

 Hello!

> Hmm.. modifying a child object internally should be fine, shouldn't
> it?  IIUC only trying to remove it, change the key or the pointer to
> the value should be problematic.

 The glib documentation says that "Modifying the hash table after calling this 
function invalidates
the returned iterator". glib even includes an optional checks for this (under 
#ifndef
G_DISABLE_ASSERT): https://github.com/GNOME/glib/blob/master/glib/ghash.c#L782
 But, if you look, for example, inside  g_hash_table_iter_remove(), you'll see 
that they do exactly
the same (just remove the element), and then work around own check by 
incrementing both versions.

> How much extra memory does each Object take with no (or few) properties by
> using a hash table rather than a simple list here?

 I believe not a lot. GHashTable consists of 7 interers + 7 pointers:
https://github.com/GNOME/glib/blob/master/glib/ghash.c#L212

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia

Re: [Qemu-devel] PING: [RFC PATCH 0/4] GICv3 live migration support

[Peter Maydell]

On 7 October 2015 at 08:57, Pavel Fedin  wrote:
>  Knock-knock!
>
>  PM: I remember we had a talk that we should settle down on migration data 
> format. Isn't it right
> time?

I think Christoffer has a patchset which specifies the
userspace API for KVM for this, which is probably the
right place to start. Christoffer, did you manage to send
that out yet?

-- PMM

Re: [Qemu-devel] PING: [RFC PATCH 0/4] GICv3 live migration support

[Pavel Fedin]

> I think Christoffer has a patchset which specifies the
> userspace API for KVM for this, which is probably the
> right place to start.

 Christoffer? I haven't seen anything from him, BTW, i also posted already 4 
versions of this...
http://www.spinics.net/lists/kvm-arm/msg16219.html
http://www.spinics.net/lists/kvm/msg120483.html
http://www.spinics.net/lists/kvm-arm/msg16351.html
http://www.spinics.net/lists/kvm/msg121588.html

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia

Re: [Qemu-devel] [PATCH 2/4] more replay fixes

[Pavel Dovgaluk]

This one is ok too.

Pavel Dovgalyuk


> -Original Message-
> From: Paolo Bonzini [mailto:paolo.bonz...@gmail.com] On Behalf Of Paolo 
> Bonzini
> Sent: Tuesday, October 06, 2015 11:01 PM
> To: qemu-devel@nongnu.org
> Cc: pavel.dovga...@ispras.ru
> Subject: [PATCH 2/4] more replay fixes
> 
> 1) Compile files once
> 
> 2) Move include file from replay/replay.h to include/sysemu/replay.h.
> 
> 3) Fix Error usage
> 
> 4) cleanup timerlistgroup_deadline_ns a bit and allow clock jump
> notifiers to run
> 
> 5) move replay-user.c to stubs/
> ---
>  Makefile.objs   |  2 ++
>  Makefile.target |  1 -
>  cpu-exec.c  |  2 +-
>  cpus.c  |  2 +-
>  exec.c  |  2 +-
>  hw/bt/hci.c |  4 ++--
>  hw/core/ptimer.c|  2 +-
>  include/qapi/qmp/qerror.h   |  2 +-
>  {replay => include/sysemu}/replay.h |  0
>  qapi/common.json|  6 +-
>  qemu-timer.c| 14 ++
>  replay/Makefile.objs| 11 +--
>  replay/replay-events.c  |  2 +-
>  replay/replay-input.c   |  2 +-
>  replay/replay-internal.c|  4 ++--
>  replay/replay-internal.h|  0
>  replay/replay-time.c|  2 +-
>  replay/replay.c |  2 +-
>  stubs/Makefile.objs |  1 +
>  {replay => stubs}/replay-user.c |  6 +-
>  stubs/replay.c  |  9 +++--
>  ui/input.c  |  2 +-
>  vl.c|  6 +++---
>  23 files changed, 40 insertions(+), 44 deletions(-)
>  rename {replay => include/sysemu}/replay.h (100%)
>  mode change 100755 => 100644 replay/Makefile.objs
>  mode change 100755 => 100644 replay/replay-events.c
>  mode change 100755 => 100644 replay/replay-input.c
>  mode change 100755 => 100644 replay/replay-internal.c
>  mode change 100755 => 100644 replay/replay-internal.h
>  mode change 100755 => 100644 replay/replay-time.c
>  mode change 100755 => 100644 replay/replay.c
>  rename {replay => stubs}/replay-user.c (90%)
> 
> diff --git a/Makefile.objs b/Makefile.objs
> index bc43e5c..ba4b45e 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -58,6 +58,8 @@ common-obj-y += audio/
>  common-obj-y += hw/
>  common-obj-y += accel.o
> 
> +common-obj-y += replay/
> +
>  common-obj-y += ui/
>  common-obj-y += bt-host.o bt-vhci.o
>  bt-host.o-cflags := $(BLUEZ_CFLAGS)
> diff --git a/Makefile.target b/Makefile.target
> index ca8f351..962d004 100644
> --- a/Makefile.target
> +++ b/Makefile.target
> @@ -88,7 +88,6 @@ obj-y = exec.o translate-all.o cpu-exec.o
>  obj-y += translate-common.o
>  obj-y += cpu-exec-common.o
>  obj-y += tcg/tcg.o tcg/tcg-op.o tcg/optimize.o
> -obj-y += replay/
>  obj-$(CONFIG_TCG_INTERPRETER) += tci.o
>  obj-y += tcg/tcg-common.o
>  obj-$(CONFIG_TCG_INTERPRETER) += disas/tci.o
> diff --git a/cpu-exec.c b/cpu-exec.c
> index 2b83e18..0850f8c 100644
> --- a/cpu-exec.c
> +++ b/cpu-exec.c
> @@ -30,7 +30,7 @@
>  #if defined(TARGET_I386) && !defined(CONFIG_USER_ONLY)
>  #include "hw/i386/apic.h"
>  #endif
> -#include "replay/replay.h"
> +#include "sysemu/replay.h"
> 
>  /* -icount align implementation. */
> 
> diff --git a/cpus.c b/cpus.c
> index 5130806..7e846e3 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -42,7 +42,7 @@
>  #include "qemu/seqlock.h"
>  #include "qapi-event.h"
>  #include "hw/nmi.h"
> -#include "replay/replay.h"
> +#include "sysemu/replay.h"
> 
>  #ifndef _WIN32
>  #include "qemu/compatfd.h"
> diff --git a/exec.c b/exec.c
> index dba9258..38f968a 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -50,7 +50,7 @@
>  #include "qemu/rcu_queue.h"
>  #include "qemu/main-loop.h"
>  #include "translate-all.h"
> -#include "replay/replay.h"
> +#include "sysemu/replay.h"
> 
>  #include "exec/memory-internal.h"
>  #include "exec/ram_addr.h"
> diff --git a/hw/bt/hci.c b/hw/bt/hci.c
> index 93dd1dc..2151d01 100644
> --- a/hw/bt/hci.c
> +++ b/hw/bt/hci.c
> @@ -24,7 +24,7 @@
>  #include "sysemu/bt.h"
>  #include "hw/bt.h"
>  #include "qapi/qmp/qerror.h"
> -#include "replay/replay.h"
> +#include "sysemu/replay.h"
> 
>  struct bt_hci_s {
>  uint8_t *(*evt_packet)(void *opaque);
> @@ -2193,7 +2193,7 @@ struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net)
> 
>  s->device.handle_destroy = bt_hci_destroy;
> 
> -error_set(>replay_blocker, ERROR_CLASS_REPLAY_NOT_SUPPORTED, "bt 
> hci");
> +error_setg(>replay_blocker, QERR_REPLAY_NOT_SUPPORTED, "-bt hci");
>  replay_add_blocker(s->replay_blocker);
> 
>  return >info;
> diff --git a/hw/core/ptimer.c b/hw/core/ptimer.c
> index 86d544f..edf077c 100644
> --- a/hw/core/ptimer.c
> +++ b/hw/core/ptimer.c
> @@ -9,7 +9,7 @@
>  #include "qemu/timer.h"
>  #include "hw/ptimer.h"
>  #include "qemu/host-utils.h"
> -#include "replay/replay.h"
> +#include "sysemu/replay.h"
> 
>  struct ptimer_state
>  {
> 

Re: [Qemu-devel] [PATCH 4/4] events doubts

[Paolo Bonzini]

On 07/10/2015 10:21, Pavel Dovgaluk wrote:
> There are two kinds of events:
> - read from the log and injected immediately (user input, network input)
> - read from the log and wait for corresponding event in the queue (BH)
> 
> We cannot inject BH event immediately because we do not have any information
> about callback

Actually we do (indirectly, through aio_bh_call).  But that may not be
the central issue, because...

> and to preserve consistency - BH cannot be processed before
> it is scheduled by qemu core.

... you are processing them differently anyway between record mode
(where the BH is scheduled by the core) and replay (where the BH is
called directly).

In fact, I don't understand what introduces the difference between
record and replay that requires special handling of ptimers' bottom
halves.  In both cases, the ptimer triggers at the desired time (based
on checkpoints) and then the bottom half is called as soon as possible.
 Why is a separate async event necessary?

Because we only care about bottom halves from ptimers, their order
should be the same for both record and replay.

If bottom halves async events could be removed, that would simplify a
lot the code, and it would make it a lot easier to understand for me.

Paolo

Re: [Qemu-devel] [PATCH v2] Remove macros IO_READ_PROTO and IO_WRITE_PROTO

[Markus Armbruster]

No trace of IO_READ_PROTO and IO_WRITE_PROTO in the patch.  Did you mean
to send this patch with this subject?

Nutan Shinde  writes:

> Signed-off-by: Nutan Shinde 
> ---
>  hw/audio/adlib.c  | 28 +++
>  hw/audio/es1370.c | 60 +-
>  hw/audio/gus.c| 26 +++---
>  hw/audio/sb16.c   | 66 
> +++
>  4 files changed, 90 insertions(+), 90 deletions(-)
>
> diff --git a/hw/audio/adlib.c b/hw/audio/adlib.c
> index af39920..966c590 100644
> --- a/hw/audio/adlib.c
> +++ b/hw/audio/adlib.c
> @@ -50,7 +50,7 @@
>  
>  #ifdef HAS_YMF262
>  #include "ymf262.h"
> -void YMF262UpdateOneQEMU (int which, INT16 *dst, int length);
> +void YMF262UpdateOneQEMU(int which, INT16 *dst, int length);
>  #define SHIFT 2
>  #else
>  #include "fmopl.h"
> @@ -86,7 +86,7 @@ typedef struct {
>  
>  static AdlibState *glob_adlib;
>  
> -static void adlib_stop_opl_timer (AdlibState *s, size_t n)
> +static void adlib_stop_opl_timer(AdlibState *s, size_t n)
>  {
>  #ifdef HAS_YMF262
>  YMF262TimerOver (0, n);
> @@ -96,7 +96,7 @@ static void adlib_stop_opl_timer (AdlibState *s, size_t n)
>  s->ticking[n] = 0;
>  }
>  
> -static void adlib_kill_timers (AdlibState *s)
> +static void adlib_kill_timers(AdlibState *s)
>  {
>  size_t i;
>  
> @@ -119,7 +119,7 @@ static void adlib_kill_timers (AdlibState *s)
>  }
>  }
>  
> -static void adlib_write (void *opaque, uint32_t nport, uint32_t val)
> +static void adlib_write(void *opaque, uint32_t nport, uint32_t val)
>  {
>  AdlibState *s = opaque;
>  int a = nport & 3;
> @@ -136,7 +136,7 @@ static void adlib_write (void *opaque, uint32_t nport, 
> uint32_t val)
>  #endif
>  }
>  
> -static uint32_t adlib_read (void *opaque, uint32_t nport)
> +static uint32_t adlib_read(void *opaque, uint32_t nport)
>  {
>  AdlibState *s = opaque;
>  uint8_t data;
> @@ -152,7 +152,7 @@ static uint32_t adlib_read (void *opaque, uint32_t nport)
>  return data;
>  }
>  
> -static void timer_handler (int c, double interval_Sec)
> +static void timer_handler(int c, double interval_Sec)
>  {
>  AdlibState *s = glob_adlib;
>  unsigned n = c & 1;
> @@ -177,7 +177,7 @@ static void timer_handler (int c, double interval_Sec)
>  AUD_init_time_stamp_out (s->voice, >ats);
>  }
>  
> -static int write_audio (AdlibState *s, int samples)
> +static int write_audio(AdlibState *s, int samples)
>  {
>  int net = 0;
>  int pos = s->pos;
> @@ -208,7 +208,7 @@ static int write_audio (AdlibState *s, int samples)
>  return net;
>  }
>  
> -static void adlib_callback (void *opaque, int free)
> +static void adlib_callback(void *opaque, int free)
>  {
>  AdlibState *s = opaque;
>  int samples, net = 0, to_play, written;
> @@ -259,7 +259,7 @@ static void adlib_callback (void *opaque, int free)
>  }
>  }
>  
> -static void Adlib_fini (AdlibState *s)
> +static void Adlib_fini(AdlibState *s)
>  {
>  #ifdef HAS_YMF262
>  YMF262Shutdown ();
> @@ -284,7 +284,7 @@ static MemoryRegionPortio adlib_portio_list[] = {
>  PORTIO_END_OF_LIST(),
>  };
>  
> -static void adlib_realizefn (DeviceState *dev, Error **errp)
> +static void adlib_realizefn(DeviceState *dev, Error **errp)
>  {
>  AdlibState *s = ADLIB(dev);
>  struct audsettings as;
> @@ -337,7 +337,7 @@ static void adlib_realizefn (DeviceState *dev, Error 
> **errp)
>  return;
>  }
>  
> -s->samples = AUD_get_buffer_size_out (s->voice) >> SHIFT;
> +s->samples = AUD_get_buffer_size_out(s->voice) >> SHIFT;
>  s->mixbuf = g_malloc0 (s->samples << SHIFT);
>  
>  adlib_portio_list[0].offset = s->port;
> @@ -352,7 +352,7 @@ static Property adlib_properties[] = {
>  DEFINE_PROP_END_OF_LIST (),
>  };
>  
> -static void adlib_class_initfn (ObjectClass *klass, void *data)
> +static void adlib_class_initfn(ObjectClass *klass, void *data)
>  {
>  DeviceClass *dc = DEVICE_CLASS (klass);
>  
> @@ -369,13 +369,13 @@ static const TypeInfo adlib_info = {
>  .class_init= adlib_class_initfn,
>  };
>  
> -static int Adlib_init (ISABus *bus)
> +static int Adlib_init(ISABus *bus)
>  {
>  isa_create_simple (bus, TYPE_ADLIB);
>  return 0;
>  }
>  
> -static void adlib_register_types (void)
> +static void adlib_register_types(void)
>  {
>  type_register_static (_info);
>  isa_register_soundhw("adlib", ADLIB_DESC, Adlib_init);
> diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
> index dfb7c79..edb4864 100644
> --- a/hw/audio/es1370.c
> +++ b/hw/audio/es1370.c
> @@ -157,15 +157,15 @@ static const unsigned dac1_samplerate[] = { 5512, 
> 11025, 22050, 44100 };
>  #define DAC2_CHANNEL 1
>  #define ADC_CHANNEL 2
>  
> -static void es1370_dac1_callback (void *opaque, int free);
> -static void es1370_dac2_callback (void *opaque, int free);
> -static void es1370_adc_callback (void *opaque, int avail);
> 

Re: [Qemu-devel] How to get started with the source code of Qemu?

[Thomas Huth]

On 06/10/15 16:17, Aaron Elkins wrote:
> Hi all,
> 
> I am new to Qemu, and I’m extremely interested in understanding how the 
> source code of Qemu work. But after
> I downloaded the whole project, I just lost in it, the project is too large 
> for me to get started.

A very rough survey:

- The main() function is in "vl.c"

- The target CPU emulation code is in the "target-xxx" directories

- The host backends for the CPU emulation is in the "tcg" directory
  (TCG means Tiny Code Generator)

- Other hardware emulation can be found in the "hw" directory

- Host networking code is in the "net" folder

- Guest firmware (BIOS) code can be found in the "pc-bios" folder

That's at least the folders I have been in touch with since I started
working on QEMU. I hope that helps at least a little bit.

 Thomas

Re: [Qemu-devel] [PATCH 3/4] why is runstate_is_running needed?

[Paolo Bonzini]

On 07/10/2015 10:14, Pavel Dovgaluk wrote:
> > It doesn't seem correct to call it for all checkpoints, but why
> > is it right for timerlist_run_timers?
> 
> Because replaying shouldn't proceed when machine is stopped.

Right, but VIRTUAL and VIRTUAL_RT do not proceed when the machine is
stopped.  For HOST it makes sense, but then the same should happen
independent of the replay mode (using qemu_clock_enable).

Otherwise, if a checkpoint for the wrong clock sneaks in at the wrong
point while the VM is running, I wonder if replay could grind to a halt.

Paolo

> These checks could be also useful for creating snapshots in record mode,
> but I don't remember exact reasons of adding them. I'll check your changes 
> for the current version.

[Qemu-devel] [PATCH v6 00/15] post-introspection cleanups, subset C

[Eric Blake]

Pending prerequisite: Markus' qapi-next branch (which has my
subset A patches):
git://repo.or.cz/qemu/armbru.git qapi-next
http://thread.gmane.org/gmane.comp.emulators.qemu/365827/focus=366351
as well as my subset B patches (currently at v7):
http://article.gmane.org/gmane.comp.emulators.qemu/366810
http://repo.or.cz/qemu/ericb.git/shortlog/refs/tags/qapi-cleanupv7b

Also available as a tag at this location:
git fetch git://repo.or.cz/qemu/ericb.git qapi-cleanupv6c

and I plan to eventually forcefully update my branch with the rest
of the v5 series, at:
http://repo.or.cz/qemu/ericb.git/shortlog/refs/heads/qapi

v6 notes:
Add some patches and rebase onto work on subset B. Rearrange some
patches from v5 (this set includes 17-20, 23, 25-27). Backport diff
gets a bit confused by one patch title changing.

001/15:[down] 'qapi: Move empty-enum to compile-time test'
002/15:[down] 'qapi: Drop redundant returns-int test'
003/15:[down] 'qapi: Drop redundant flat-union-reverse-define test'
004/15:[down] 'qapi: Use generated TestStruct machinery in tests'
005/15:[] [--] 'qapi: Provide nicer array names in introspection'
006/15:[] [--] 'qapi-introspect: Guarantee particular sorting'
007/15:[down] 'qapi: Change alternate layout to use 'type''
008/15:[0141] [FC] 'qapi: Simplify visiting of alternate types'
009/15:[0023] [FC] 'qapi: Fix alternates that accept 'number' but not 'int''
010/15:[] [--] 'qapi: Remove dead visitor code'
011/15:[down] 'qapi: Plug leaks in test-qmp-*'
012/15:[down] 'qapi: Simplify error testing in test-qmp-*'
013/15:[0007] [FC] 'qapi: Test failure in middle of array parse'
014/15:[down] 'qapi: More tests of input arrays'
015/15:[0021] [FC] 'qapi: Simplify visits of optional fields'

Not much direct review comments, although some of the changes here
are updated based on comments made on other patches in the v5 series.

Subset D (and more?) will come later.

In v5:
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05410.html
I _did_ rearrange patches to try and group related features:

1-2: Groundwork cleanups
3-5: Add more test cases
6-16: Front-end cleanups
17-18: Introspection output cleanups
19-20: 'alternate' type cleanups
21-29: qapi visitor cleanups
30-45: qapi-ify netdev_add
46: add qapi shorthand for flat unions

Lots of fixes based on additional testing, and rebased to
track other changes that happened in the meantime.  The series
is huge; I can split off smaller portions as requested.

In v4:
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02580.html
add some more clean up patches
rebase to Markus' recent work
pull in part of Zoltán's work to make netdev_add a flat union,
further enhancing it to be introspectible

I might be able to rearrange some of these patches, or separate
it into smaller independent series, if requested; but I'm
posting now to get review started.

In v3:
https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02059.html
redo cleanup of dealloc of partial struct
add patches to make all visit_type_*() avoid leaks on failure
add patches to allow boxed command arguments and events

In v2:
https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg00900.html
rebase to Markus' v3 series
rework how comments are emitted for fields inherited from base
additional patches added for deleting colliding 'void *data'
documentation updates to match code changes

v1 was here:
https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05266.html
https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05325.html

Eric Blake (15):
  qapi: Move empty-enum to compile-time test
  qapi: Drop redundant returns-int test
  qapi: Drop redundant flat-union-reverse-define test
  qapi: Use generated TestStruct machinery in tests
  qapi: Provide nicer array names in introspection
  qapi-introspect: Guarantee particular sorting
  qapi: Change alternate layout to use 'type'
  qapi: Simplify visiting of alternate types
  qapi: Fix alternates that accept 'number' but not 'int'
  qapi: Remove dead visitor code
  qapi: Plug leaks in test-qmp-*
  qapi: Simplify error testing in test-qmp-*
  qapi: Test failure in middle of array parse
  qapi: More tests of input arrays
  qapi: Simplify visits of optional fields

 docs/qapi-code-gen.txt   |  31 ++-
 include/qapi/visitor-impl.h  |  27 +--
 include/qapi/visitor.h   |  22 +-
 qapi/introspect.json |  22 +-
 qapi/opts-visitor.c  |   2 +-
 qapi/qapi-visit-core.c   | 141 +---
 qapi/qmp-input-visitor.c |  11 +-
 qapi/string-input-visitor.c  |   3 +-
 scripts/qapi-introspect.py   |  17 +-
 scripts/qapi-types.py|  36 +--
 scripts/qapi-visit.py|  25 ++-
 scripts/qapi.py  |  60 +++--
 tests/Makefile   |   3 -

[Qemu-devel] [PATCH v6 12/15] qapi: Simplify error testing in test-qmp-*

[Eric Blake]

By using _abort, we can avoid a local err variable in
situations where we expect success.

By moving err into data, we can let test teardown take care
of cleaning up any collected error (and allowing for fewer
lines of code between repeated tests where init runs teardown
on our behalf).

Signed-off-by: Eric Blake 

---
v6: new patch
---
 tests/test-qmp-input-strict.c  |  77 +---
 tests/test-qmp-input-visitor.c | 101 -
 tests/test-qmp-output-visitor.c|  52 +--
 tests/test-visitor-serialization.c |  42 +++
 4 files changed, 86 insertions(+), 186 deletions(-)

diff --git a/tests/test-qmp-input-strict.c b/tests/test-qmp-input-strict.c
index 910e2f9..f8da75c 100644
--- a/tests/test-qmp-input-strict.c
+++ b/tests/test-qmp-input-strict.c
@@ -26,6 +26,7 @@
 typedef struct TestInputVisitorData {
 QObject *obj;
 QmpInputVisitor *qiv;
+Error *err;
 } TestInputVisitorData;

 static void validate_teardown(TestInputVisitorData *data,
@@ -34,6 +35,9 @@ static void validate_teardown(TestInputVisitorData *data,
 qobject_decref(data->obj);
 data->obj = NULL;

+error_free(data->err);
+data->err = NULL;
+
 if (data->qiv) {
 qmp_input_visitor_cleanup(data->qiv);
 data->qiv = NULL;
@@ -96,13 +100,11 @@ static void test_validate_struct(TestInputVisitorData 
*data,
   const void *unused)
 {
 TestStruct *p = NULL;
-Error *err = NULL;
 Visitor *v;

 v = validate_test_init(data, "{ 'integer': -42, 'boolean': true, 'string': 
'foo' }");

-visit_type_TestStruct(v, , NULL, );
-g_assert(!err);
+visit_type_TestStruct(v, , NULL, _abort);
 g_free(p->string);
 g_free(p);
 }
@@ -111,7 +113,6 @@ static void 
test_validate_struct_nested(TestInputVisitorData *data,
  const void *unused)
 {
 UserDefTwo *udp = NULL;
-Error *err = NULL;
 Visitor *v;

 v = validate_test_init(data, "{ 'string0': 'string0', "
@@ -119,8 +120,7 @@ static void 
test_validate_struct_nested(TestInputVisitorData *data,
"'dict2': { 'userdef': { 'integer': 42, "
"'string': 'string' }, 'string': 'string2'}}}");

-visit_type_UserDefTwo(v, , NULL, );
-g_assert(!err);
+visit_type_UserDefTwo(v, , NULL, _abort);
 qapi_free_UserDefTwo(udp);
 }

@@ -128,13 +128,11 @@ static void test_validate_list(TestInputVisitorData *data,
 const void *unused)
 {
 UserDefOneList *head = NULL;
-Error *err = NULL;
 Visitor *v;

 v = validate_test_init(data, "[ { 'string': 'string0', 'integer': 42 }, { 
'string': 'string1', 'integer': 43 }, { 'string': 'string2', 'integer': 44 } 
]");

-visit_type_UserDefOneList(v, , NULL, );
-g_assert(!err);
+visit_type_UserDefOneList(v, , NULL, _abort);
 qapi_free_UserDefOneList(head);
 }

@@ -143,12 +141,10 @@ static void 
test_validate_union_native_list(TestInputVisitorData *data,
 {
 UserDefNativeListUnion *tmp = NULL;
 Visitor *v;
-Error *err = NULL;

 v = validate_test_init(data, "{ 'type': 'integer', 'data' : [ 1, 2 ] }");

-visit_type_UserDefNativeListUnion(v, , NULL, );
-g_assert(!err);
+visit_type_UserDefNativeListUnion(v, , NULL, _abort);
 qapi_free_UserDefNativeListUnion(tmp);
 }

@@ -157,7 +153,6 @@ static void test_validate_union_flat(TestInputVisitorData 
*data,
 {
 UserDefFlatUnion *tmp = NULL;
 Visitor *v;
-Error *err = NULL;

 v = validate_test_init(data,
"{ 'enum1': 'value1', "
@@ -165,8 +160,7 @@ static void test_validate_union_flat(TestInputVisitorData 
*data,
"'string': 'str', "
"'boolean': true }");

-visit_type_UserDefFlatUnion(v, , NULL, );
-g_assert(!err);
+visit_type_UserDefFlatUnion(v, , NULL, _abort);
 qapi_free_UserDefFlatUnion(tmp);
 }

@@ -175,12 +169,10 @@ static void test_validate_alternate(TestInputVisitorData 
*data,
 {
 UserDefAlternate *tmp = NULL;
 Visitor *v;
-Error *err = NULL;

 v = validate_test_init(data, "42");

-visit_type_UserDefAlternate(v, , NULL, );
-g_assert(!err);
+visit_type_UserDefAlternate(v, , NULL, _abort);
 qapi_free_UserDefAlternate(tmp);
 }

@@ -188,14 +180,12 @@ static void 
test_validate_fail_struct(TestInputVisitorData *data,
const void *unused)
 {
 TestStruct *p = NULL;
-Error *err = NULL;
 Visitor *v;

 v = validate_test_init(data, "{ 'integer': -42, 'boolean': true, 'string': 
'foo', 'extra': 42 }");

-visit_type_TestStruct(v, , NULL, );
-g_assert(err);
-error_free(err);
+visit_type_TestStruct(v, , NULL, >err);
+g_assert(data->err);
 /* FIXME: visitor should not allocate p when returning error */
 if (p) {
 

Re: [Qemu-devel] [PATCH v5 2/4] quorum: implement bdrv_add_child() and bdrv_del_child()

[Wen Congyang]

On 10/07/2015 10:12 PM, Alberto Garcia wrote:
> On Tue 22 Sep 2015 09:44:20 AM CEST, Wen Congyang wrote:
> 
>> +++ b/block/quorum.c
>> @@ -66,6 +66,9 @@ typedef struct QuorumVotes {
>>  typedef struct BDRVQuorumState {
>>  BlockDriverState **bs; /* children BlockDriverStates */
>>  int num_children;  /* children count */
>> +int max_children;  /* The maximum children count, we need to 
>> reallocate
>> +* bs if num_children grows larger than maximum.
>> +*/
>>  int threshold; /* if less than threshold children reads gave the
>>  * same result a quorum error occurs.
>>  */
> 
> As you announce in the cover letter of this series, your code depends on
> the parents list patch written by Kevin here:
> 
> http://lists.nongnu.org/archive/html/qemu-devel/2015-09/msg04579.html
> 
> As you might be aware, and as part of the same series by Kevin,
> BDRVQuorumState will no longer hold a list of BlockDriverState but a
> list of BdrvChild instead:
> 
> https://lists.nongnu.org/archive/html/qemu-devel/2015-09/msg04571.html

I notice that, and I only one patch from Kevin now. I will fix it in the
next version.

> 
>> +static void quorum_add_child(BlockDriverState *bs, BlockDriverState 
>> *child_bs,
>> + Error **errp)
>> +{
>> +BDRVQuorumState *s = bs->opaque;
>> +
>> +bdrv_drain(bs);
>> +
>> +if (s->num_children == s->max_children) {
>> +if (s->max_children >= INT_MAX) {
>> +error_setg(errp, "Too many children");
>> +return;
>> +}
> 
> max_children can never be greater than INT_MAX. Use == instead.
> 
>> +s->bs = g_renew(BlockDriverState *, s->bs, s->max_children + 1);
>> +s->bs[s->num_children] = NULL;
> 
> No need to set the pointer to NULL here, and you are anyway setting the
> pointer to the new child a few lines afterwards.

Yes, I will remove it in the next version.

> 
>> +s->max_children++;
>> +}
>> +
>> +bdrv_ref(child_bs);
>> +bdrv_attach_child(bs, child_bs, _format);
>> +s->bs[s->num_children++] = child_bs;
>> +}
>> +
>> +static void quorum_del_child(BlockDriverState *bs, BlockDriverState 
>> *child_bs,
>> + Error **errp)
>> +{
>> +BDRVQuorumState *s = bs->opaque;
>> +BdrvChild *child;
>> +int i;
>> +
>> +for (i = 0; i < s->num_children; i++) {
>> +if (s->bs[i] == child_bs) {
>> +break;
>> +}
>> +}
>> +
>> +QLIST_FOREACH(child, >children, next) {
>> +if (child->bs == child_bs) {
>> +break;
>> +}
>> +}
>> +
>> +/* we have checked it in bdrv_del_child() */
>> +assert(i < s->num_children && child);
>> +
>> +if (s->num_children <= s->threshold) {
>> +error_setg(errp,
>> +"The number of children cannot be lower than the vote threshold 
>> %d",
>> +s->threshold);
>> +return;
>> +}
>> +
>> +bdrv_drain(bs);
>> +/* We can safely remove this child now */
>> +memmove(>bs[i], >bs[i + 1],
>> +(s->num_children - i - 1) * sizeof(void *));
>> +s->num_children--;
>> +s->bs[s->num_children] = NULL;
> 
> Same here, no one will check or use s->bs[s->num_children] so there's no
> need to make it NULL.
> 
> Apart from the issue of using only part of Kevin's series, the rest are
> minor things.

I will fix it in the next version.

> 
> Thanks and sorry for the late review!

Thanks for your review

Wen Congyang

> 
> Berto
> .
> 

[Qemu-devel] [PATCH v6 14/15] qapi: More tests of input arrays

[Eric Blake]

Our testsuite had no coverage of empty arrays, nor of what
happens when the input does not match the expected type.
Useful to have, especially if we start changing the visitor
contracts.

Signed-off-by: Eric Blake 

---
v6: new patch
---
 tests/test-qmp-input-visitor.c | 51 ++
 1 file changed, 51 insertions(+)

diff --git a/tests/test-qmp-input-visitor.c b/tests/test-qmp-input-visitor.c
index 8dbc3bf..6972ee8 100644
--- a/tests/test-qmp-input-visitor.c
+++ b/tests/test-qmp-input-visitor.c
@@ -236,6 +236,12 @@ static void test_visitor_in_list(TestInputVisitorData 
*data,
 }

 qapi_free_UserDefOneList(head);
+head = NULL;
+
+/* An empty list is valid */
+v = visitor_input_test_init(data, "[]");
+visit_type_UserDefOneList(v, , NULL, _abort);
+g_assert(!head);
 }

 static void test_visitor_in_any(TestInputVisitorData *data,
@@ -716,6 +722,49 @@ static void test_visitor_in_errors(TestInputVisitorData 
*data,
 qapi_free_strList(q);
 }

+static void test_visitor_in_wrong_type(TestInputVisitorData *data,
+   const void *unused)
+{
+TestStruct *p = NULL;
+Visitor *v;
+strList *q = NULL;
+int64_t i;
+
+/* Make sure arrays and structs cannot be confused */
+
+v = visitor_input_test_init(data, "[]");
+visit_type_TestStruct(v, , NULL, >err);
+g_assert(data->err);
+g_assert(!p);
+
+v = visitor_input_test_init(data, "{}");
+visit_type_strList(v, , NULL, >err);
+assert(data->err);
+assert(!q);
+
+/* Make sure primitives and struct cannot be confused */
+
+v = visitor_input_test_init(data, "1");
+visit_type_TestStruct(v, , NULL, >err);
+g_assert(data->err);
+g_assert(!p);
+
+v = visitor_input_test_init(data, "{}");
+visit_type_int(v, , NULL, >err);
+assert(data->err);
+
+/* Make sure primitives and arrays cannot be confused */
+
+v = visitor_input_test_init(data, "1");
+visit_type_strList(v, , NULL, >err);
+assert(data->err);
+assert(!q);
+
+v = visitor_input_test_init(data, "[]");
+visit_type_int(v, , NULL, >err);
+assert(data->err);
+}
+
 int main(int argc, char **argv)
 {
 TestInputVisitorData in_visitor_data;
@@ -748,6 +797,8 @@ int main(int argc, char **argv)
_visitor_data, test_visitor_in_alternate);
 input_visitor_test_add("/visitor/input/errors",
_visitor_data, test_visitor_in_errors);
+input_visitor_test_add("/visitor/input/wrong-type",
+   _visitor_data, test_visitor_in_wrong_type);
 input_visitor_test_add("/visitor/input/alternate-number",
_visitor_data, test_visitor_in_alternate_number);
 input_visitor_test_add("/visitor/input/native_list/int",
-- 
2.4.3

Re: [Qemu-devel] [PATCH v5 1/4] Add new block driver interface to add/delete a BDS's child

[Wen Congyang]

On 10/07/2015 09:35 PM, Alberto Garcia wrote:
> On Tue 22 Sep 2015 09:44:19 AM CEST, Wen Congyang  
> wrote:
>> In some cases, we want to take a quorum child offline, and take
>> another child online.
>>
>> Signed-off-by: Wen Congyang 
>> Signed-off-by: zhanghailiang 
>> Signed-off-by: Gonglei 
>> Reviewed-by: Eric Blake 
> 
>> +void bdrv_add_child(BlockDriverState *parent_bs, BlockDriverState *child_bs,
>> +Error **errp)
>> +{
>> +
>> +if (!parent_bs->drv || !parent_bs->drv->bdrv_add_child) {
>> +error_setg(errp, "The BDS %s doesn't support adding a child",
>> +   bdrv_get_device_or_node_name(parent_bs));
>> +return;
>> +}
>> +
>> +if (!QLIST_EMPTY(_bs->parents)) {
>> +error_setg(errp, "The BDS %s already has parent",
>> +   child_bs->node_name);
> 
> I think there's one 'a' missing:
> 
>   "The BDS %s already has a parent".
> 
> I also don't think we should use "BDS" in error messages, that's an
> acronym for the name of a C data type, not something that the user is
> supposed to know about.
> 
> I suggest using 'Node' instead.
> 
> Otherwise the patch looks good to me, thanks!

OK, I will fix it in the next version

Thanks
Wen Congyang

> 
> Berto
> .
> 

[Qemu-devel] [PATCH v6 10/15] qapi: Remove dead visitor code

[Eric Blake]

Commit cbc95538 removed unused start_handle() and end_handle(),
but forgot got remove their declarations.

Commit 4e27e819 introduced optional visitor callbacks for all
sorts of int types, but except for type_uint64 and type_size,
none of them have ever been supplied (the generic implementation
based on using type_int then bounds-checking works just fine).
In the interest of simplicity, it's easier to make the visitor
callback interface not have to worry about the other sizes.

Signed-off-by: Eric Blake 

---
v6: no change
---
 include/qapi/visitor-impl.h |  19 +++
 include/qapi/visitor.h  |   3 -
 qapi/qapi-visit-core.c  | 131 +---
 3 files changed, 58 insertions(+), 95 deletions(-)

diff --git a/include/qapi/visitor-impl.h b/include/qapi/visitor-impl.h
index 1d09b7b..370935a 100644
--- a/include/qapi/visitor-impl.h
+++ b/include/qapi/visitor-impl.h
@@ -1,7 +1,7 @@
 /*
  * Core Definitions for QAPI Visitor implementations
  *
- * Copyright (C) 2012 Red Hat, Inc.
+ * Copyright (C) 2012, 2015 Red Hat, Inc.
  *
  * Author: Paolo Bonizni 
  *
@@ -48,18 +48,15 @@ struct Visitor
 void (*optional)(Visitor *v, bool *present, const char *name,
  Error **errp);

-void (*type_uint8)(Visitor *v, uint8_t *obj, const char *name, Error 
**errp);
-void (*type_uint16)(Visitor *v, uint16_t *obj, const char *name, Error 
**errp);
-void (*type_uint32)(Visitor *v, uint32_t *obj, const char *name, Error 
**errp);
-void (*type_uint64)(Visitor *v, uint64_t *obj, const char *name, Error 
**errp);
-void (*type_int8)(Visitor *v, int8_t *obj, const char *name, Error **errp);
-void (*type_int16)(Visitor *v, int16_t *obj, const char *name, Error 
**errp);
-void (*type_int32)(Visitor *v, int32_t *obj, const char *name, Error 
**errp);
-void (*type_int64)(Visitor *v, int64_t *obj, const char *name, Error 
**errp);
-/* visit_type_size() falls back to (*type_uint64)() if type_size is unset 
*/
-void (*type_size)(Visitor *v, uint64_t *obj, const char *name, Error 
**errp);
 bool (*start_union)(Visitor *v, bool data_present, Error **errp);
 void (*end_union)(Visitor *v, bool data_present, Error **errp);
+
+/* Only required to visit uint64 differently than (*type_int)().  */
+void (*type_uint64)(Visitor *v, uint64_t *obj, const char *name,
+Error **errp);
+/* Only required to visit sizes differently than (*type_uint64)().  */
+void (*type_size)(Visitor *v, uint64_t *obj, const char *name,
+  Error **errp);
 };

 void input_type_enum(Visitor *v, int *obj, const char * const strings[],
diff --git a/include/qapi/visitor.h b/include/qapi/visitor.h
index baea594..67ddd83 100644
--- a/include/qapi/visitor.h
+++ b/include/qapi/visitor.h
@@ -27,9 +27,6 @@ typedef struct GenericList
 struct GenericList *next;
 } GenericList;

-void visit_start_handle(Visitor *v, void **obj, const char *kind,
-const char *name, Error **errp);
-void visit_end_handle(Visitor *v, Error **errp);
 void visit_start_struct(Visitor *v, void **obj, const char *kind,
 const char *name, size_t size, Error **errp);
 void visit_end_struct(Visitor *v, Error **errp);
diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
index 884fe94..cbf7780 100644
--- a/qapi/qapi-visit-core.c
+++ b/qapi/qapi-visit-core.c
@@ -104,57 +104,48 @@ void visit_type_uint8(Visitor *v, uint8_t *obj, const 
char *name, Error **errp)
 {
 int64_t value;

-if (v->type_uint8) {
-v->type_uint8(v, obj, name, errp);
-} else {
-value = *obj;
-v->type_int(v, , name, errp);
-if (value < 0 || value > UINT8_MAX) {
-error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
-   name ? name : "null", "uint8_t");
-return;
-}
-*obj = value;
+value = *obj;
+v->type_int(v, , name, errp);
+if (value < 0 || value > UINT8_MAX) {
+error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
+   name ? name : "null", "uint8_t");
+return;
 }
+*obj = value;
 }

-void visit_type_uint16(Visitor *v, uint16_t *obj, const char *name, Error 
**errp)
+void visit_type_uint16(Visitor *v, uint16_t *obj, const char *name,
+   Error **errp)
 {
 int64_t value;

-if (v->type_uint16) {
-v->type_uint16(v, obj, name, errp);
-} else {
-value = *obj;
-v->type_int(v, , name, errp);
-if (value < 0 || value > UINT16_MAX) {
-error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
-   name ? name : "null", "uint16_t");
-return;
-}
-*obj = value;
+value = *obj;
+v->type_int(v, , name, errp);
+if (value < 0 || value > UINT16_MAX) {
+error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
+   name ? name : "null", 

[Qemu-devel] [PATCH v6 04/15] qapi: Use generated TestStruct machinery in tests

[Eric Blake]

Commit d88f5fd and friends first introduced the various test-qmp-*
tests in 2011, with duplicated hand-rolled TestStruct machinery,
to make sure the qapi visitor interface was tested.  Later, commit
4f193e3 in 2013 added a .json file for further testing use by the
files, but without consolidating any of the existing hand-rolled
visitors.  And with four copies, subtle differences have crept in.

Of course, just because the visitor interface is tested does not
mean it is a sane interface; and future patches will be changing
some of the visitor contracts.  Rather than having to duplicate
the cleanup work in each copy of the TestStruct visitor, and keep
each hand-rolled copy in sync with what the generator supplies, we
might as well just test what the generator should give us in the
first place.

Signed-off-by: Eric Blake 

---
v6: new patch
---
 tests/qapi-schema/qapi-schema-test.json |  6 +++-
 tests/qapi-schema/qapi-schema-test.out  |  5 +++
 tests/test-qmp-input-strict.c   | 35 
 tests/test-qmp-input-visitor.c  | 34 ---
 tests/test-qmp-output-visitor.c | 58 -
 tests/test-visitor-serialization.c  | 38 ++---
 6 files changed, 12 insertions(+), 164 deletions(-)

diff --git a/tests/qapi-schema/qapi-schema-test.json 
b/tests/qapi-schema/qapi-schema-test.json
index 4e2d7c2..f9500b3 100644
--- a/tests/qapi-schema/qapi-schema-test.json
+++ b/tests/qapi-schema/qapi-schema-test.json
@@ -3,6 +3,9 @@
 # This file is a stress test of supported qapi constructs that must
 # parse and compile correctly.

+{ 'struct': 'TestStruct',
+  'data': { 'integer': 'int', 'boolean': 'bool', 'string': 'str' } }
+
 # for testing enums
 { 'struct': 'NestedEnumsOne',
   'data': { 'enum1': 'EnumOne',   # Intentional forward reference
@@ -42,7 +45,8 @@

 # dummy struct to force generation of array types not otherwise mentioned
 { 'struct': 'ForceArrays',
-  'data': { 'unused1':['UserDefOne'], 'unused2':['UserDefTwo'] } }
+  'data': { 'unused1':['UserDefOne'], 'unused2':['UserDefTwo'],
+'unused3':['TestStruct'] } }

 # for testing unions
 # Among other things, test that a name collision between branches does
diff --git a/tests/qapi-schema/qapi-schema-test.out 
b/tests/qapi-schema/qapi-schema-test.out
index 06d0551..d452c5b 100644
--- a/tests/qapi-schema/qapi-schema-test.out
+++ b/tests/qapi-schema/qapi-schema-test.out
@@ -89,6 +89,7 @@ object EventStructOne
 object ForceArrays
 member unused1: UserDefOneList optional=False
 member unused2: UserDefTwoList optional=False
+member unused3: TestStructList optional=False
 enum MyEnum []
 object NestedEnumsOne
 member enum1: EnumOne optional=False
@@ -97,6 +98,10 @@ object NestedEnumsOne
 member enum4: EnumOne optional=True
 enum QEnumTwo ['value1', 'value2']
 prefix QENUM_TWO
+object TestStruct
+member integer: int optional=False
+member boolean: bool optional=False
+member string: str optional=False
 object UserDefA
 member boolean: bool optional=False
 member a_b: int optional=True
diff --git a/tests/test-qmp-input-strict.c b/tests/test-qmp-input-strict.c
index 53a7693..b44184f 100644
--- a/tests/test-qmp-input-strict.c
+++ b/tests/test-qmp-input-strict.c
@@ -89,41 +89,6 @@ static Visitor *validate_test_init_raw(TestInputVisitorData 
*data,
 return v;
 }

-typedef struct TestStruct
-{
-int64_t integer;
-bool boolean;
-char *string;
-} TestStruct;
-
-static void visit_type_TestStruct(Visitor *v, TestStruct **obj,
-  const char *name, Error **errp)
-{
-Error *err = NULL;
-
-visit_start_struct(v, (void **)obj, "TestStruct", name, sizeof(TestStruct),
-   );
-if (err) {
-goto out;
-}
-
-visit_type_int(v, &(*obj)->integer, "integer", );
-if (err) {
-goto out_end;
-}
-visit_type_bool(v, &(*obj)->boolean, "boolean", );
-if (err) {
-goto out_end;
-}
-visit_type_str(v, &(*obj)->string, "string", );
-
-out_end:
-error_propagate(errp, err);
-err = NULL;
-visit_end_struct(v, );
-out:
-error_propagate(errp, err);
-}

 static void test_validate_struct(TestInputVisitorData *data,
   const void *unused)
diff --git a/tests/test-qmp-input-visitor.c b/tests/test-qmp-input-visitor.c
index 183a9ec..532a31a 100644
--- a/tests/test-qmp-input-visitor.c
+++ b/tests/test-qmp-input-visitor.c
@@ -185,40 +185,6 @@ static void test_visitor_in_enum(TestInputVisitorData 
*data,
 data->qiv = NULL;
 }

-typedef struct TestStruct
-{
-int64_t integer;
-bool boolean;
-char *string;
-} TestStruct;
-
-static void visit_type_TestStruct(Visitor *v, TestStruct **obj,
-  const char *name, Error **errp)
-{
-Error *err = NULL;
-
-visit_start_struct(v, (void **)obj, "TestStruct", name, sizeof(TestStruct),
-  

[Qemu-devel] [PATCH v6 05/15] qapi: Provide nicer array names in introspection

[Eric Blake]

For the sake of humans reading introspection output, it is nice
to have the name of implicit array types be recognizable as
arrays of the underlying type.  However, while this patch allows
humans to skip from a command with return type "[123]" straight
to the definition of type "123" without having to first inspect
type "[123]", document that this shortcut should not be taken by
client apps.

This makes the resulting introspection string slightly larger by
default, but slightly smaller when -u is in use (as '[FOO]' is
nicer than 'FOOList' for expressing 'array of FOO').

Signed-off-by: Eric Blake 

---
v6: no change
---
 docs/qapi-code-gen.txt | 7 +--
 scripts/qapi-introspect.py | 8 +---
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/docs/qapi-code-gen.txt b/docs/qapi-code-gen.txt
index 2afab20..6cfc3be 100644
--- a/docs/qapi-code-gen.txt
+++ b/docs/qapi-code-gen.txt
@@ -658,11 +658,14 @@ Example: the SchemaInfo for BlockRef from section 
Alternate types

 The SchemaInfo for an array type has meta-type "array", and variant
 member "element-type", which names the array's element type.  Array
-types are implicitly defined.
+types are implicitly defined.  For convenience, the array's name may
+resemble the element type; however, clients should examine member
+"element-type" instead of making assumptions based on parsing member
+"name".

 Example: the SchemaInfo for ['str']

-{ "name": "strList", "meta-type": "array",
+{ "name": "[str]", "meta-type": "array",
   "element-type": "str" }

 The SchemaInfo for an enumeration type has meta-type "enum" and
diff --git a/scripts/qapi-introspect.py b/scripts/qapi-introspect.py
index c0dad66..64f2cd0 100644
--- a/scripts/qapi-introspect.py
+++ b/scripts/qapi-introspect.py
@@ -107,10 +107,12 @@ const char %(c_name)s[] = %(c_string)s;
 # characters.
 if isinstance(typ, QAPISchemaBuiltinType):
 return typ.name
+if isinstance(typ, QAPISchemaArrayType):
+return '[' + self._use_type(typ.element_type) + ']'
 return self._name(typ.name)

 def _gen_json(self, name, mtype, obj):
-if mtype != 'command' and mtype != 'event' and mtype != 'builtin':
+if mtype not in ('command', 'event', 'builtin', 'array'):
 name = self._name(name)
 obj['name'] = name
 obj['meta-type'] = mtype
@@ -136,8 +138,8 @@ const char %(c_name)s[] = %(c_string)s;
 self._gen_json(name, 'enum', {'values': values})

 def visit_array_type(self, name, info, element_type):
-self._gen_json(name, 'array',
-   {'element-type': self._use_type(element_type)})
+element = self._use_type(element_type)
+self._gen_json('[' + element + ']', 'array', {'element-type': element})

 def visit_object_type_flat(self, name, info, members, variants):
 obj = {'members': [self._gen_member(m) for m in members]}
-- 
2.4.3

[Qemu-devel] [PATCH v6 01/15] qapi: Move empty-enum to compile-time test

[Eric Blake]

Rather than just asserting that we can parse an empty enum,
let's also make sure we can compile it, by including it in
qapi-schema-test.

Signed-off-by: Eric Blake 

---
v6: new patch; could be hoisted earlier alongside subset B v7 3/14
---
 tests/Makefile  | 1 -
 tests/qapi-schema/enum-empty.err| 0
 tests/qapi-schema/enum-empty.exit   | 1 -
 tests/qapi-schema/enum-empty.json   | 2 --
 tests/qapi-schema/enum-empty.out| 2 --
 tests/qapi-schema/qapi-schema-test.json | 6 ++
 tests/qapi-schema/qapi-schema-test.out  | 1 +
 7 files changed, 7 insertions(+), 6 deletions(-)
 delete mode 100644 tests/qapi-schema/enum-empty.err
 delete mode 100644 tests/qapi-schema/enum-empty.exit
 delete mode 100644 tests/qapi-schema/enum-empty.json
 delete mode 100644 tests/qapi-schema/enum-empty.out

diff --git a/tests/Makefile b/tests/Makefile
index 63542c4..f3626bd 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -261,7 +261,6 @@ qapi-schema += enum-bad-name.json
 qapi-schema += enum-bad-prefix.json
 qapi-schema += enum-clash-member.json
 qapi-schema += enum-dict-member.json
-qapi-schema += enum-empty.json
 qapi-schema += enum-int-member.json
 qapi-schema += enum-max-member.json
 qapi-schema += enum-missing-data.json
diff --git a/tests/qapi-schema/enum-empty.err b/tests/qapi-schema/enum-empty.err
deleted file mode 100644
index e69de29..000
diff --git a/tests/qapi-schema/enum-empty.exit 
b/tests/qapi-schema/enum-empty.exit
deleted file mode 100644
index 573541a..000
--- a/tests/qapi-schema/enum-empty.exit
+++ /dev/null
@@ -1 +0,0 @@
-0
diff --git a/tests/qapi-schema/enum-empty.json 
b/tests/qapi-schema/enum-empty.json
deleted file mode 100644
index 40d4e85..000
--- a/tests/qapi-schema/enum-empty.json
+++ /dev/null
@@ -1,2 +0,0 @@
-# An empty enum, although unusual, is currently acceptable
-{ 'enum': 'MyEnum', 'data': [ ] }
diff --git a/tests/qapi-schema/enum-empty.out b/tests/qapi-schema/enum-empty.out
deleted file mode 100644
index a449d45..000
--- a/tests/qapi-schema/enum-empty.out
+++ /dev/null
@@ -1,2 +0,0 @@
-object :empty
-enum MyEnum []
diff --git a/tests/qapi-schema/qapi-schema-test.json 
b/tests/qapi-schema/qapi-schema-test.json
index 020ff2e..758bfc8 100644
--- a/tests/qapi-schema/qapi-schema-test.json
+++ b/tests/qapi-schema/qapi-schema-test.json
@@ -1,11 +1,17 @@
 # *-*- Mode: Python -*-*

+# This file is a stress test of supported qapi constructs that must
+# parse and compile correctly.
+
 # for testing enums
 { 'enum': 'EnumOne',
   'data': [ 'value1', 'value2', 'value3' ] }
 { 'struct': 'NestedEnumsOne',
   'data': { 'enum1': 'EnumOne', '*enum2': 'EnumOne', 'enum3': 'EnumOne', 
'*enum4': 'EnumOne' } }

+# An empty enum, although unusual, is currently acceptable
+{ 'enum': 'MyEnum', 'data': [ ] }
+
 # for testing override of default naming heuristic
 { 'enum': 'QEnumTwo',
   'prefix': 'QENUM_TWO',
diff --git a/tests/qapi-schema/qapi-schema-test.out 
b/tests/qapi-schema/qapi-schema-test.out
index c666481..6b5a048 100644
--- a/tests/qapi-schema/qapi-schema-test.out
+++ b/tests/qapi-schema/qapi-schema-test.out
@@ -89,6 +89,7 @@ object EventStructOne
 object ForceArrays
 member unused1: UserDefOneList optional=False
 member unused2: UserDefTwoList optional=False
+enum MyEnum []
 object NestedEnumsOne
 member enum1: EnumOne optional=False
 member enum2: EnumOne optional=True
-- 
2.4.3

Re: [Qemu-devel] [Qemu-block] [PATCH v5 1/4] Add new block driver interface to add/delete a BDS's child

[Wen Congyang]

On 10/08/2015 02:33 AM, Max Reitz wrote:
> On 22.09.2015 09:44, Wen Congyang wrote:
>> In some cases, we want to take a quorum child offline, and take
>> another child online.
>>
>> Signed-off-by: Wen Congyang 
>> Signed-off-by: zhanghailiang 
>> Signed-off-by: Gonglei 
>> Reviewed-by: Eric Blake 
>> ---
>>  block.c   | 50 
>> +++
>>  include/block/block.h |  5 +
>>  include/block/block_int.h |  5 +
>>  3 files changed, 60 insertions(+)
>>
>> diff --git a/block.c b/block.c
>> index e815d73..1b25e43 100644
>> --- a/block.c
>> +++ b/block.c
>> @@ -4265,3 +4265,53 @@ BlockAcctStats *bdrv_get_stats(BlockDriverState *bs)
>>  {
>>  return >stats;
>>  }
>> +
>> +/*
>> + * Hot add/remove a BDS's child. So the user can take a child offline when
>> + * it is broken and take a new child online
>> + */
>> +void bdrv_add_child(BlockDriverState *parent_bs, BlockDriverState *child_bs,
>> +Error **errp)
>> +{
>> +
>> +if (!parent_bs->drv || !parent_bs->drv->bdrv_add_child) {
>> +error_setg(errp, "The BDS %s doesn't support adding a child",
>> +   bdrv_get_device_or_node_name(parent_bs));
>> +return;
>> +}
>> +
>> +if (!QLIST_EMPTY(_bs->parents)) {
>> +error_setg(errp, "The BDS %s already has parent",
>> +   child_bs->node_name);
>> +return;
>> +}
>> +
>> +parent_bs->drv->bdrv_add_child(parent_bs, child_bs, errp);
>> +}
>> +
>> +void bdrv_del_child(BlockDriverState *parent_bs, BlockDriverState *child_bs,
>> +Error **errp)
>> +{
>> +BdrvChild *child;
>> +
>> +if (!parent_bs->drv || !parent_bs->drv->bdrv_del_child) {
>> +error_setg(errp, "The BDS %s doesn't support removing a child",
>> +   bdrv_get_device_or_node_name(parent_bs));
>> +return;
>> +}
>> +
>> +QLIST_FOREACH(child, _bs->children, next) {
>> +if (child->bs == child_bs) {
>> +break;
>> +}
>> +}
>> +
>> +if (!child) {
>> +error_setg(errp, "BDS %s is not a child of %s",
>> +   bdrv_get_device_or_node_name(child_bs),
>> +   bdrv_get_device_or_node_name(parent_bs));
>> +return;
>> +}
>> +
>> +parent_bs->drv->bdrv_del_child(parent_bs, child_bs, errp);
> 
> How about we make this (BlockDriver.bdrv_del_child()) take a BdrvChild
> instead of a BDS? We could even make bdrv_del_child() as a whole take a
> BdrvChild parameter, but I don't suppose that would help much.

bdrv_add_child() takes a BDS, so I use BDS here.

Thanks
Wen Congyang

> 
> Max
> 
>> +}
>> diff --git a/include/block/block.h b/include/block/block.h
>> index ef67353..665c56f 100644
>> --- a/include/block/block.h
>> +++ b/include/block/block.h
>> @@ -616,4 +616,9 @@ void bdrv_flush_io_queue(BlockDriverState *bs);
>>  
>>  BlockAcctStats *bdrv_get_stats(BlockDriverState *bs);
>>  
>> +void bdrv_add_child(BlockDriverState *parent, BlockDriverState *child,
>> +Error **errp);
>> +void bdrv_del_child(BlockDriverState *parent, BlockDriverState *child,
>> +Error **errp);
>> +
>>  #endif
>> diff --git a/include/block/block_int.h b/include/block/block_int.h
>> index 2f2c47b..64cbc55 100644
>> --- a/include/block/block_int.h
>> +++ b/include/block/block_int.h
>> @@ -288,6 +288,11 @@ struct BlockDriver {
>>   */
>>  int (*bdrv_probe_geometry)(BlockDriverState *bs, HDGeometry *geo);
>>  
>> +void (*bdrv_add_child)(BlockDriverState *parent, BlockDriverState 
>> *child,
>> +   Error **errp);
>> +void (*bdrv_del_child)(BlockDriverState *parent, BlockDriverState 
>> *child,
>> +   Error **errp);
>> +
>>  QLIST_ENTRY(BlockDriver) list;
>>  };
>>  
>>
> 
> 

[Qemu-devel] [PATCH v6 02/15] qapi: Drop redundant returns-int test

[Eric Blake]

qapi-schema-test was already testing that we could have a
command returning int, but burned a command name in the whitelist.
Merge the redundant positive test returns-int, and pick a name
that reduces the whitelist size.

Signed-off-by: Eric Blake 

---
v6: new patch; could be hoisted earlier alongside subset B v7 3/17
---
 scripts/qapi.py |  3 ---
 tests/Makefile  |  1 -
 tests/qapi-schema/qapi-schema-test.json |  5 +++--
 tests/qapi-schema/qapi-schema-test.out  | 10 +-
 tests/qapi-schema/returns-int.err   |  0
 tests/qapi-schema/returns-int.exit  |  1 -
 tests/qapi-schema/returns-int.json  |  3 ---
 tests/qapi-schema/returns-int.out   |  3 ---
 tests/test-qmp-commands.c   |  4 ++--
 9 files changed, 10 insertions(+), 20 deletions(-)
 delete mode 100644 tests/qapi-schema/returns-int.err
 delete mode 100644 tests/qapi-schema/returns-int.exit
 delete mode 100644 tests/qapi-schema/returns-int.json
 delete mode 100644 tests/qapi-schema/returns-int.out

diff --git a/scripts/qapi.py b/scripts/qapi.py
index ae1f935..7cf1db0 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -56,9 +56,6 @@ returns_whitelist = [
 'guest-set-vcpus',
 'guest-sync',
 'guest-sync-delimited',
-
-# From qapi-schema-test:
-'user_def_cmd3',
 ]

 enum_types = []
diff --git a/tests/Makefile b/tests/Makefile
index f3626bd..e3eb547 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -319,7 +319,6 @@ qapi-schema += redefined-type.json
 qapi-schema += returns-alternate.json
 qapi-schema += returns-array-bad.json
 qapi-schema += returns-dict.json
-qapi-schema += returns-int.json
 qapi-schema += returns-unknown.json
 qapi-schema += returns-whitelist.json
 qapi-schema += struct-base-clash-base.json
diff --git a/tests/qapi-schema/qapi-schema-test.json 
b/tests/qapi-schema/qapi-schema-test.json
index 758bfc8..27ad961 100644
--- a/tests/qapi-schema/qapi-schema-test.json
+++ b/tests/qapi-schema/qapi-schema-test.json
@@ -108,9 +108,10 @@
 { 'command': 'user_def_cmd2',
   'data': {'ud1a': 'UserDefOne', '*ud1b': 'UserDefOne'},
   'returns': 'UserDefTwo' }
-{ 'command': 'user_def_cmd3', 'data': {'a': 'int', '*b': 'int' },
+
+# Returning a non-dictionary requires a name from the whitelist
+{ 'command': 'guest-get-time', 'data': {'a': 'int', '*b': 'int' },
   'returns': 'int' }
-# note: command name 'guest-sync' chosen to avoid "cannot use built-in" error
 { 'command': 'guest-sync', 'data': { 'arg': 'any' }, 'returns': 'any' }

 # For testing integer range flattening in opts-visitor. The following schema
diff --git a/tests/qapi-schema/qapi-schema-test.out 
b/tests/qapi-schema/qapi-schema-test.out
index 6b5a048..06d0551 100644
--- a/tests/qapi-schema/qapi-schema-test.out
+++ b/tests/qapi-schema/qapi-schema-test.out
@@ -17,6 +17,9 @@ object :obj-anyList wrapper
 member data: anyList optional=False
 object :obj-boolList wrapper
 member data: boolList optional=False
+object :obj-guest-get-time arguments
+member a: int optional=False
+member b: int optional=True
 object :obj-guest-sync arguments
 member arg: any optional=False
 object :obj-int16List wrapper
@@ -50,9 +53,6 @@ object :obj-user_def_cmd1 arguments
 object :obj-user_def_cmd2 arguments
 member ud1a: UserDefOne optional=False
 member ud1b: UserDefOne optional=True
-object :obj-user_def_cmd3 arguments
-member a: int optional=False
-member b: int optional=True
 alternate AltIntNum
 case i: int
 case n: number
@@ -187,6 +187,8 @@ object __org.qemu_x-Union2
 case __org.qemu_x-value: __org.qemu_x-Struct2
 command __org.qemu_x-command :obj-__org.qemu_x-command arguments -> 
__org.qemu_x-Union1
gen=True success_response=True
+command guest-get-time :obj-guest-get-time arguments -> int
+   gen=True success_response=True
 command guest-sync :obj-guest-sync arguments -> any
gen=True success_response=True
 command user_def_cmd None -> None
@@ -195,5 +197,3 @@ command user_def_cmd1 :obj-user_def_cmd1 arguments -> None
gen=True success_response=True
 command user_def_cmd2 :obj-user_def_cmd2 arguments -> UserDefTwo
gen=True success_response=True
-command user_def_cmd3 :obj-user_def_cmd3 arguments -> int
-   gen=True success_response=True
diff --git a/tests/qapi-schema/returns-int.err 
b/tests/qapi-schema/returns-int.err
deleted file mode 100644
index e69de29..000
diff --git a/tests/qapi-schema/returns-int.exit 
b/tests/qapi-schema/returns-int.exit
deleted file mode 100644
index 573541a..000
--- a/tests/qapi-schema/returns-int.exit
+++ /dev/null
@@ -1 +0,0 @@
-0
diff --git a/tests/qapi-schema/returns-int.json 
b/tests/qapi-schema/returns-int.json
deleted file mode 100644
index 870ec63..000
--- a/tests/qapi-schema/returns-int.json
+++ /dev/null
@@ -1,3 +0,0 @@
-# It is okay (although not extensible) to return a non-dictionary
-# But to make it work, the name must be in a whitelist
-{ 'command': 'guest-get-time', 

[Qemu-devel] [PATCH v6 07/15] qapi: Change alternate layout to use 'type'

[Eric Blake]

Prepare to simplify alternate layout by creating a dedicated
subclass for the generated tag type.  QMP does not transmit
the tag name, so we can name it whatever we want in C.  But
since the tag is closely tied to a qtype_code, this commit
renames the tag from 'kind' to 'type', so the next commit can
then further modify things to use a simpler 'qtype_code type;'
for the tag.  As part of this, a new member.c_type() method
will make it possible to express the tag type even if there
is no qapi entity type associated with the tag.

Signed-off-by: Eric Blake 

---
v6: new patch
---
 scripts/qapi-types.py   |  2 +-
 scripts/qapi-visit.py   |  4 ++--
 scripts/qapi.py | 20 +---
 tests/qapi-schema/alternate-clash-type.err  |  2 +-
 tests/qapi-schema/alternate-clash-type.json |  2 +-
 tests/test-qmp-input-visitor.c  | 22 +++---
 tests/test-qmp-output-visitor.c |  2 +-
 7 files changed, 34 insertions(+), 20 deletions(-)

diff --git a/scripts/qapi-types.py b/scripts/qapi-types.py
index 34ea318..138920c 100644
--- a/scripts/qapi-types.py
+++ b/scripts/qapi-types.py
@@ -138,7 +138,7 @@ struct %(c_name)s {
 ret += mcgen('''
 %(c_type)s %(c_name)s;
 ''',
- c_type=variants.tag_member.type.c_name(),
+ c_type=variants.tag_member.c_type(),
  c_name=variants.tag_member.c_name())

 # FIXME: What purpose does data serve, besides preventing a union that
diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
index 3f74302..d82e2a3 100644
--- a/scripts/qapi-visit.py
+++ b/scripts/qapi-visit.py
@@ -179,11 +179,11 @@ void visit_type_%(c_name)s(Visitor *v, %(c_name)s **obj, 
const char *name, Error
 if (err) {
 goto out;
 }
-visit_get_next_type(v, (int*) &(*obj)->kind, %(c_name)s_qtypes, name, 
);
+visit_get_next_type(v, (int*) &(*obj)->type, %(c_name)s_qtypes, name, 
);
 if (err) {
 goto out_obj;
 }
-switch ((*obj)->kind) {
+switch ((*obj)->type) {
 ''',
 c_name=c_name(name))

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 7cf1db0..9a734a8 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -1015,6 +1015,9 @@ class QAPISchemaObjectTypeMember(object):
 def c_name(self):
 return c_name(self.name)

+def c_type(self):
+return self.type.c_name()
+
 def describe(self):
 source = self.owner
 if source.startswith(':obj-'):
@@ -1119,6 +1122,14 @@ class QAPISchemaAlternateType(QAPISchemaType):
 visitor.visit_alternate_type(self.name, self.info, self.variants)


+class QAPISchemaAlternateTypeTag(QAPISchemaObjectTypeMember):
+def __init__(self, enum_type):
+QAPISchemaObjectTypeMember.__init__(self, 'type', enum_type, False)
+
+def _describe(self):
+return 'implicit tag'
+
+
 class QAPISchemaCommand(QAPISchemaEntity):
 def __init__(self, name, info, arg_type, ret_type, gen, success_response):
 QAPISchemaEntity.__init__(self, name, info)
@@ -1312,11 +1323,14 @@ class QAPISchema(object):
 data = expr['data']
 variants = [self._make_variant(key, value)
 for (key, value) in data.iteritems()]
-tag_enum = self._make_implicit_tag(name, info, variants)
+# TODO simplify this to avoid the need for an implicit enum
+tag_member = QAPISchemaAlternateTypeTag(
+self._make_implicit_enum_type(name, info,
+  [v.name for v in variants]))
 self._def_entity(
 QAPISchemaAlternateType(name, info,
 QAPISchemaObjectTypeVariants(None,
- tag_enum,
+ tag_member,
  variants)))

 def _def_command(self, expr, info):
@@ -1640,7 +1654,7 @@ def gen_visit_fields(members, prefix='', need_cast=False, 
skiperr=False):
 ret += mcgen('''
 visit_type_%(c_type)s(v, %(cast)s&%(prefix)s%(c_name)s, "%(name)s", 
%(errp)s);
 ''',
- c_type=memb.type.c_name(), prefix=prefix, cast=cast,
+ c_type=memb.c_type(), prefix=prefix, cast=cast,
  c_name=memb.c_name(), name=memb.name,
  errp=errparg)
 ret += gen_err_check(skiperr=skiperr)
diff --git a/tests/qapi-schema/alternate-clash-type.err 
b/tests/qapi-schema/alternate-clash-type.err
index cdd2090..9d922fb 100644
--- a/tests/qapi-schema/alternate-clash-type.err
+++ b/tests/qapi-schema/alternate-clash-type.err
@@ -1 +1 @@
-tests/qapi-schema/alternate-clash-type.json:9: 'kind' (branch of Alt1) 
collides with 'kind' (implicit tag of Alt1)
+tests/qapi-schema/alternate-clash-type.json:9: 'type' (branch of Alt1) 
collides 

[Qemu-devel] [PATCH v6 13/15] qapi: Test failure in middle of array parse

[Eric Blake]

Our generated list visitors have the same problem as has been
mentioned elsewhere (see commit 2f52e20): they allocate data
even on failure. An upcoming patch will correct things to
provide saner guarantees, but first we need to expose the
behavior in the testsuite to ensure we aren't introducing any
memory usage bugs.

Signed-off-by: Eric Blake 

---
v6: rebase onto earlier gen_err_check() and testsuite improvements
---
 scripts/qapi-visit.py  |  4 
 tests/test-qmp-input-visitor.c | 10 ++
 2 files changed, 14 insertions(+)

diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
index 1ac5350..d7f7f8b 100644
--- a/scripts/qapi-visit.py
+++ b/scripts/qapi-visit.py
@@ -128,6 +128,10 @@ void visit_type_%(c_name)s(Visitor *v, %(c_name)s **obj, 
const char *name, Error


 def gen_visit_list(name, element_type):
+# FIXME: if *obj is NULL on entry, and the first visit_next_list()
+# assigns to *obj, while a later one fails, we should clean up *obj
+# rather than leaving it non-NULL. As currently written, the caller must
+# call qapi_free_FOOList() to avoid a memory leak of the partial FOOList.
 return mcgen('''

 void visit_type_%(c_name)s(Visitor *v, %(c_name)s **obj, const char *name, 
Error **errp)
diff --git a/tests/test-qmp-input-visitor.c b/tests/test-qmp-input-visitor.c
index 6b1728c..8dbc3bf 100644
--- a/tests/test-qmp-input-visitor.c
+++ b/tests/test-qmp-input-visitor.c
@@ -693,6 +693,7 @@ static void test_visitor_in_errors(TestInputVisitorData 
*data,
 {
 TestStruct *p = NULL;
 Visitor *v;
+strList *q = NULL;

 v = visitor_input_test_init(data, "{ 'integer': false, 'boolean': 'foo', 
'string': -42 }");

@@ -704,6 +705,15 @@ static void test_visitor_in_errors(TestInputVisitorData 
*data,

 g_free(p->string);
 g_free(p);
+
+v = visitor_input_test_init(data, "[ '1', '2', false, '3' ]");
+/* FIXME - a failed parse should not leave a partially-allocated
+ * array for us to clean up; this could cause callers to leak
+ * memory. */
+visit_type_strList(v, , NULL, >err);
+assert(q);
+assert(data->err);
+qapi_free_strList(q);
 }

 int main(int argc, char **argv)
-- 
2.4.3

[Qemu-devel] [PATCH v6 11/15] qapi: Plug leaks in test-qmp-*

[Eric Blake]

Make valgrind happy with the current state of the tests, so that
it is easier to see if future patches introduce new memory problems
without being drowned in noise.  Many of the leaks were due to
calling a second init without tearing down the data from an earlier
visit.  But since teardown is already idempotent, and we already
register teardown as part of input_visitor_test_add(), it is nicer
to just make init() safe to call multiple times than it is to have
to make all tests call teardown.

Another common leak was forgetting to clean up an error object,
after testing that an error was raised.

Another leak was in test_visitor_in_struct_nested(), failing to
clean the base member of UserDefTwo.  Cleaning that up left
check_and_free_str() as dead code (since using the qapi_free_*
takes care of recursion, and we don't want double frees).

Signed-off-by: Eric Blake 

---
v6: make init repeatable rather than adding teardown everywhere,
fix additional leak with UserDefTwo base, plug additional files
---
 tests/test-qmp-input-strict.c   | 10 ++
 tests/test-qmp-input-visitor.c  | 41 +++--
 tests/test-qmp-output-visitor.c |  4 +++-
 3 files changed, 20 insertions(+), 35 deletions(-)

diff --git a/tests/test-qmp-input-strict.c b/tests/test-qmp-input-strict.c
index b44184f..910e2f9 100644
--- a/tests/test-qmp-input-strict.c
+++ b/tests/test-qmp-input-strict.c
@@ -77,6 +77,8 @@ static Visitor *validate_test_init_raw(TestInputVisitorData 
*data,
 {
 Visitor *v;

+validate_teardown(data, NULL);
+
 data->obj = qobject_from_json(json_string);
 g_assert(data->obj != NULL);

@@ -193,6 +195,8 @@ static void test_validate_fail_struct(TestInputVisitorData 
*data,

 visit_type_TestStruct(v, , NULL, );
 g_assert(err);
+error_free(err);
+/* FIXME: visitor should not allocate p when returning error */
 if (p) {
 g_free(p->string);
 }
@@ -210,6 +214,7 @@ static void 
test_validate_fail_struct_nested(TestInputVisitorData *data,

 visit_type_UserDefTwo(v, , NULL, );
 g_assert(err);
+error_free(err);
 qapi_free_UserDefTwo(udp);
 }

@@ -224,6 +229,7 @@ static void test_validate_fail_list(TestInputVisitorData 
*data,

 visit_type_UserDefOneList(v, , NULL, );
 g_assert(err);
+error_free(err);
 qapi_free_UserDefOneList(head);
 }

@@ -239,6 +245,7 @@ static void 
test_validate_fail_union_native_list(TestInputVisitorData *data,

 visit_type_UserDefNativeListUnion(v, , NULL, );
 g_assert(err);
+error_free(err);
 qapi_free_UserDefNativeListUnion(tmp);
 }

@@ -253,6 +260,7 @@ static void 
test_validate_fail_union_flat(TestInputVisitorData *data,

 visit_type_UserDefFlatUnion(v, , NULL, );
 g_assert(err);
+error_free(err);
 qapi_free_UserDefFlatUnion(tmp);
 }

@@ -268,6 +276,7 @@ static void 
test_validate_fail_union_flat_no_discrim(TestInputVisitorData *data,

 visit_type_UserDefFlatUnion2(v, , NULL, );
 g_assert(err);
+error_free(err);
 qapi_free_UserDefFlatUnion2(tmp);
 }

@@ -282,6 +291,7 @@ static void 
test_validate_fail_alternate(TestInputVisitorData *data,

 visit_type_UserDefAlternate(v, , NULL, );
 g_assert(err);
+error_free(err);
 qapi_free_UserDefAlternate(tmp);
 }

diff --git a/tests/test-qmp-input-visitor.c b/tests/test-qmp-input-visitor.c
index 51f1fb7..70e2766 100644
--- a/tests/test-qmp-input-visitor.c
+++ b/tests/test-qmp-input-visitor.c
@@ -46,6 +46,8 @@ Visitor *visitor_input_test_init(TestInputVisitorData *data,
 Visitor *v;
 va_list ap;

+visitor_input_teardown(data, NULL);
+
 va_start(ap, json_string);
 data->obj = qobject_from_jsonv(json_string, );
 va_end(ap);
@@ -177,12 +179,7 @@ static void test_visitor_in_enum(TestInputVisitorData 
*data,
 visit_type_EnumOne(v, , NULL, );
 g_assert(!err);
 g_assert_cmpint(i, ==, res);
-
-visitor_input_teardown(data, NULL);
 }
-
-data->obj = NULL;
-data->qiv = NULL;
 }


@@ -205,12 +202,6 @@ static void test_visitor_in_struct(TestInputVisitorData 
*data,
 g_free(p);
 }

-static void check_and_free_str(char *str, const char *cmp)
-{
-g_assert_cmpstr(str, ==, cmp);
-g_free(str);
-}
-
 static void test_visitor_in_struct_nested(TestInputVisitorData *data,
   const void *unused)
 {
@@ -226,17 +217,14 @@ static void 
test_visitor_in_struct_nested(TestInputVisitorData *data,
 visit_type_UserDefTwo(v, , NULL, );
 g_assert(!err);

-check_and_free_str(udp->string0, "string0");
-check_and_free_str(udp->dict1->string1, "string1");
+g_assert_cmpstr(udp->string0, ==, "string0");
+g_assert_cmpstr(udp->dict1->string1, ==, "string1");
 g_assert_cmpint(udp->dict1->dict2->userdef->base->integer, ==, 42);
-check_and_free_str(udp->dict1->dict2->userdef->string, "string");
-check_and_free_str(udp->dict1->dict2->string, "string2");
+

[Qemu-devel] [PATCH v6 08/15] qapi: Simplify visiting of alternate types

[Eric Blake]

Previously, working with alternates required two enums, and
some indirection: for type Foo, we created Foo_qtypes[] which
maps each qtype to a member of FooKind_lookup[], then use
FooKind_lookup[] like we do for other union types.

This has a subtle bug: since the values of FooKind_lookup
start at zero, all entries of Foo_qtypes that were not
explicitly initialized map to the same branch of the union as
the first member of the alternate, rather than triggering a
failure in visit_get_next_type().  Fortunately, the bug
seldom bites; the very next thing the input visitor does is
try to parse the incoming JSON with the wrong parser, which
fails; the output visitor is not used with a C struct in that
state, and the dealloc visitor has nothing to clean up (so
there is no leak).

However, it IS observable in one case: the behavior of an
alternate that contains a 'number' member but no 'int' member
differs according to whether the 'number' was first in the
qapi definition, and when the input being parsed is an integer;
this is because the 'number' parser accepts QTYPE_QINT in
addition to the expected QTYPE_QFLOAT.  A later patch will worry
about fixing alternates to parse all inputs that a non-alternate
'number' would accept, for now it is still marked FIXME.

This patch fixes the validation bug by deleting the indirection,
and modifying get_next_type() to directly return a qtype code.
There is no longer a need to generate an implicit FooKind array
associated with the alternate type (since the QMP wire format
never uses the stringized counterparts of the C union member
names).  Next, the generated visitor is fixed to properly detect
unexpected qtypes in the switch statement.  With a bit of work
to the previously-added QAPISchemaAlternateTypeTag, we can wrap
the layout change so that spots in qapi-types that are shared
with other unions still work.

Callers now have to know the QTYPE_* mapping when looking at the
discriminator; but so far, only the testsuite was even using the
C struct of an alternate types.  If that gets too confusing, we
could reintroduce FooKind, but initialize it differently than
most generated arrays, as in:
  typedef enum FooKind {
  FOO_KIND_A = QTYPE_QDICT,
  FOO_KIND_B = QTYPE_QINT,
  } FooKind;
to create nicer aliases for knowing when to use foo->a or foo->b
when inspecting foo->type.  But without a current client, I
didn't see the point of doing it now.

There is a user-visible side effect to this change, but I
consider it to be an improvement. Previously,
the invalid QMP command:
  {"execute":"blockdev-add", "arguments":{"options":
{"driver":"raw", "id":"a", "file":true}}}
failed with:
  {"error": {"class": "GenericError",
"desc": "Invalid parameter type for 'file', expected: QDict"}}
Now it fails with:
  {"error": {"class": "GenericError",
"desc": "Invalid parameter type for 'file', expected: BlockdevRef"}}

Signed-off-by: Eric Blake 

---
v6: rebase onto tag_member subclass, testsuite, gen_err_check(),
and info improvements
---
 docs/qapi-code-gen.txt|  3 --
 include/qapi/visitor-impl.h   |  3 +-
 include/qapi/visitor.h|  8 +-
 qapi/qapi-visit-core.c|  4 +--
 qapi/qmp-input-visitor.c  |  4 +--
 scripts/qapi-types.py | 34 ---
 scripts/qapi-visit.py | 12 
 scripts/qapi.py   | 40 ++-
 tests/qapi-schema/alternate-clash-members.err |  2 +-
 tests/qapi-schema/alternate-empty.out |  1 -
 tests/qapi-schema/qapi-schema-test.out|  8 --
 tests/test-qmp-input-visitor.c| 33 --
 tests/test-qmp-output-visitor.c   | 21 ++
 13 files changed, 82 insertions(+), 91 deletions(-)

diff --git a/docs/qapi-code-gen.txt b/docs/qapi-code-gen.txt
index a2feb8c..0cc432b 100644
--- a/docs/qapi-code-gen.txt
+++ b/docs/qapi-code-gen.txt
@@ -379,9 +379,6 @@ where each branch of the union names a QAPI type.  For 
example:
'data': { 'definition': 'BlockdevOptions',
  'reference': 'str' } }

-Just like for a simple union, an implicit C enum 'NameKind' is created
-to enumerate the branches for the alternate 'Name'.
-
 Unlike a union, the discriminator string is never passed on the wire
 for the Client JSON Protocol.  Instead, the value's JSON type serves
 as an implicit discriminator, which in turn means that an alternate
diff --git a/include/qapi/visitor-impl.h b/include/qapi/visitor-impl.h
index 8c0ba57..6d95b36 100644
--- a/include/qapi/visitor-impl.h
+++ b/include/qapi/visitor-impl.h
@@ -32,7 +32,8 @@ struct Visitor

 void (*type_enum)(Visitor *v, int *obj, const char * const strings[],
   const char *kind, const char *name, Error **errp);
-void (*get_next_type)(Visitor *v, int *kind, const int *qobjects,
+/* May be 

[Qemu-devel] [PATCH v6 06/15] qapi-introspect: Guarantee particular sorting

[Eric Blake]

Sorting the values of an enum makes it easier to look up whether
a particular value is present by binary rather than linear search
(probably most visible with QKeyCode, which has grown over
several releases).  Additionally, QMP clients need not know which
C value is associated with an enum name, so sorting is an
effective way to hide that non-ABI aspect of qapi.

While we are at it, it is also easy to sort the members and
variants of objects, to allow for a similar binary search, and
equally valid since JSON objects have no specific order in which
keys must appear.  There is no trivial or obvious way to sort
the types of an alternate, so that is left unchanged.

However, the overall SchemaInfo array remains unsorted.  It might
make sense to sort with 'meta-type' as a primary key and 'name'
as a secondary key, but it is not obvious that this will provide
benefits to end-user clients (we allow mutually recursive types,
so there is no posible topological sorting where a single pass
over the array could resolve all types, and while binary searches
could be made possible by sorting, it would be even more efficient
for clients to read the array into a hashtable for O(1) rather
than O(log n) random-access lookups, at which point pre-sorting is
wasted effort).

Document these conventions, so that clients will know what can
and cannot be relied on.

Signed-off-by: Eric Blake 

---
TODO: should the documentation mention that the sorting is done
in the C locale? Is there anything required to ensure that python
sorts sanely (ie. that the choice of locale while building
doesn't cause inadvertent sorting differences such as turning on
case-insensitivity)?

v6: no change from v5
---
 docs/qapi-code-gen.txt | 21 +
 qapi/introspect.json   | 22 +-
 scripts/qapi-introspect.py |  9 ++---
 3 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/docs/qapi-code-gen.txt b/docs/qapi-code-gen.txt
index 6cfc3be..a2feb8c 100644
--- a/docs/qapi-code-gen.txt
+++ b/docs/qapi-code-gen.txt
@@ -512,6 +512,13 @@ query-qmp-schema.  QGA currently doesn't support 
introspection.

 query-qmp-schema returns a JSON array of SchemaInfo objects.  These
 objects together describe the wire ABI, as defined in the QAPI schema.
+There is no specified order to the SchemaInfo objects returned; a
+client must search for a particular name and meta-type throughout the
+entire array to learn more about that name.  For now, the name for
+each SchemaInfo is unique thanks to qapi naming conventions; however
+this may be changed in the future (such as allowing a command and an
+event with the same name), so it is important that the client check
+for the desired meta-type.

 However, the SchemaInfo can't reflect all the rules and restrictions
 that apply to QMP.  It's interface introspection (figuring out what's
@@ -592,7 +599,8 @@ any.  Each element is a JSON object with members "name" 
(the member's
 name), "type" (the name of its type), and optionally "default".  The
 member is optional if "default" is present.  Currently, "default" can
 only have value null.  Other values are reserved for future
-extensions.
+extensions.  The "members" array is sorted by "name", so that clients
+can use a binary search to see if a particular member is supported.

 Example: the SchemaInfo for MyType from section Struct types

@@ -606,7 +614,9 @@ Example: the SchemaInfo for MyType from section Struct types
 "variants" is a JSON array describing the object's variant members.
 Each element is a JSON object with members "case" (the value of type
 tag this element applies to) and "type" (the name of an object type
-that provides the variant members for this type tag value).
+that provides the variant members for this type tag value).  The
+"variants" array is sorted by "case", so it appears in the same
+order as the enum type matching "tag".

 Example: the SchemaInfo for flat union BlockdevOptions from section
 Union types
@@ -647,7 +657,8 @@ Union types
 The SchemaInfo for an alternate type has meta-type "alternate", and
 variant member "members".  "members" is a JSON array.  Each element is
 a JSON object with member "type", which names a type.  Values of the
-alternate type conform to exactly one of its member types.
+alternate type conform to exactly one of its member types.  There is
+no guarantee on the order in which "members" will be listed.

 Example: the SchemaInfo for BlockRef from section Alternate types

@@ -669,7 +680,9 @@ Example: the SchemaInfo for ['str']
   "element-type": "str" }

 The SchemaInfo for an enumeration type has meta-type "enum" and
-variant member "values".
+variant member "values".  The values are listed in sorted order,
+so clients can use a binary search to see if a particular value
+is present.

 Example: the SchemaInfo for MyEnum from section Enumeration types

diff --git a/qapi/introspect.json b/qapi/introspect.json
index cc50dc6..71632af 100644
--- 

Re: [Qemu-devel] [PULL 12/22] vhost: rename VHOST_RESET_OWNER to VHOST_RESET_DEVICE

[Yuanhan Liu]

On Sat, Oct 03, 2015 at 07:33:16PM +0300, Michael S. Tsirkin wrote:
> On Fri, Oct 02, 2015 at 06:18:51PM +0200, Paolo Bonzini wrote:
> > 
> > 
> > On 24/09/2015 15:20, Michael S. Tsirkin wrote:
> > > From: Yuanhan Liu 
> > > 
> > > Quote from Michael:
> > > 
> > > We really should rename VHOST_RESET_OWNER to VHOST_RESET_DEVICE.
> > 
> > Where is the corresponding Linux patch for this?
> > 
> > I would like to fetch the updated headers for KVM, and this is breaking
> > it.  In fact, a patch that just renames the #define (without providing
> > the old name for backwards compatibility) would be NACKed in upstream Linux.
> > 
> > Paolo
> 
> Right. And it turns out this whole approach is wrong.  I intend to
> revert this patch,

I was considering to put this patch as the last one in this set, so that
we could drop (or revert) it if it's turned out to be wrong (I had vague
feeling that it was wrong).

Luckily, this patch could be reverted successfully (I firstly thought
there might be conflicts). Besides that, we need one extra manual fix:

[yliu@yliu-dev ~/qemu]$ gg 'VHOST.*RESET_DEVICE'
hw/virtio/vhost-user.c:195:case VHOST_USER_RESET_DEVICE:

Michael, shall I send the revert request, or you will do that?

> and also drop the patch sending VHOST_RESET_OWNER on
> device stop.

Something wrong there?

--yliu

> 
> > > Suggested-by: Michael S. Tsirkin 
> > > Signed-off-by: Yuanhan Liu 
> > > Reviewed-by: Michael S. Tsirkin 
> > > Signed-off-by: Michael S. Tsirkin 
> > > Signed-off-by: Yuanhan Liu 
> > > Reviewed-by: Marcel Apfelbaum 
> > > ---
> > >  linux-headers/linux/vhost.h | 2 +-
> > >  hw/net/vhost_net.c  | 2 +-
> > >  hw/virtio/vhost-user.c  | 6 +++---
> > >  tests/vhost-user-test.c | 2 +-
> > >  docs/specs/vhost-user.txt   | 4 ++--
> > >  5 files changed, 8 insertions(+), 8 deletions(-)
> > > 
> > > diff --git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h
> > > index ead86db..14a0160 100644
> > > --- a/linux-headers/linux/vhost.h
> > > +++ b/linux-headers/linux/vhost.h
> > > @@ -78,7 +78,7 @@ struct vhost_memory {
> > >  #define VHOST_SET_OWNER _IO(VHOST_VIRTIO, 0x01)
> > >  /* Give up ownership, and reset the device to default values.
> > >   * Allows subsequent call to VHOST_OWNER_SET to succeed. */
> > > -#define VHOST_RESET_OWNER _IO(VHOST_VIRTIO, 0x02)
> > > +#define VHOST_RESET_DEVICE _IO(VHOST_VIRTIO, 0x02)
> > >  
> > >  /* Set up/modify memory layout */
> > >  #define VHOST_SET_MEM_TABLE  _IOW(VHOST_VIRTIO, 0x03, struct 
> > > vhost_memory)
> > > diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
> > > index 9d32d76..b7d29b7 100644
> > > --- a/hw/net/vhost_net.c
> > > +++ b/hw/net/vhost_net.c
> > > @@ -287,7 +287,7 @@ static void vhost_net_stop_one(struct vhost_net *net,
> > >  } else if (net->nc->info->type == 
> > > NET_CLIENT_OPTIONS_KIND_VHOST_USER) {
> > >  for (file.index = 0; file.index < net->dev.nvqs; ++file.index) {
> > >  const VhostOps *vhost_ops = net->dev.vhost_ops;
> > > -int r = vhost_ops->vhost_call(>dev, VHOST_RESET_OWNER,
> > > +int r = vhost_ops->vhost_call(>dev, VHOST_RESET_DEVICE,
> > >NULL);
> > >  assert(r >= 0);
> > >  }
> > > diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> > > index 7fe35c6..9cb2f52 100644
> > > --- a/hw/virtio/vhost-user.c
> > > +++ b/hw/virtio/vhost-user.c
> > > @@ -32,7 +32,7 @@ typedef enum VhostUserRequest {
> > >  VHOST_USER_GET_FEATURES = 1,
> > >  VHOST_USER_SET_FEATURES = 2,
> > >  VHOST_USER_SET_OWNER = 3,
> > > -VHOST_USER_RESET_OWNER = 4,
> > > +VHOST_USER_RESET_DEVICE = 4,
> > >  VHOST_USER_SET_MEM_TABLE = 5,
> > >  VHOST_USER_SET_LOG_BASE = 6,
> > >  VHOST_USER_SET_LOG_FD = 7,
> > > @@ -98,7 +98,7 @@ static unsigned long int 
> > > ioctl_to_vhost_user_request[VHOST_USER_MAX] = {
> > >  VHOST_GET_FEATURES, /* VHOST_USER_GET_FEATURES */
> > >  VHOST_SET_FEATURES, /* VHOST_USER_SET_FEATURES */
> > >  VHOST_SET_OWNER,/* VHOST_USER_SET_OWNER */
> > > -VHOST_RESET_OWNER,  /* VHOST_USER_RESET_OWNER */
> > > +VHOST_RESET_DEVICE,  /* VHOST_USER_RESET_DEVICE */
> > >  VHOST_SET_MEM_TABLE,/* VHOST_USER_SET_MEM_TABLE */
> > >  VHOST_SET_LOG_BASE, /* VHOST_USER_SET_LOG_BASE */
> > >  VHOST_SET_LOG_FD,   /* VHOST_USER_SET_LOG_FD */
> > > @@ -222,7 +222,7 @@ static int vhost_user_call(struct vhost_dev *dev, 
> > > unsigned long int request,
> > >  break;
> > >  
> > >  case VHOST_USER_SET_OWNER:
> > > -case VHOST_USER_RESET_OWNER:
> > > +case VHOST_USER_RESET_DEVICE:
> > >  break;
> > >  
> > >  case VHOST_USER_SET_MEM_TABLE:
> > > diff --git a/tests/vhost-user-test.c 

[Qemu-devel] [PATCH v6 03/15] qapi: Drop redundant flat-union-reverse-define test

[Eric Blake]

As of commit 8c3f8e77, we test compilation of forward references
for a struct base type (UserDefOne), flat union base type
(UserDefUnionBase), and flat union branch type
(UserDefFlatUnion2). The only remaining forward reference being
tested for parsing in flat-union-reverse-define was a forward
enum declaration.  Once we make sure that always compiles,
the smaller parse-only test is redundant and can be deleted.

Signed-off-by: Eric Blake 

---
v6: new patch; could be hoisted earlier alongside subset B v7 3/14
---
 tests/Makefile   |  1 -
 tests/qapi-schema/flat-union-reverse-define.err  |  0
 tests/qapi-schema/flat-union-reverse-define.exit |  1 -
 tests/qapi-schema/flat-union-reverse-define.json | 17 -
 tests/qapi-schema/flat-union-reverse-define.out  | 13 -
 tests/qapi-schema/qapi-schema-test.json  | 11 +++
 6 files changed, 7 insertions(+), 36 deletions(-)
 delete mode 100644 tests/qapi-schema/flat-union-reverse-define.err
 delete mode 100644 tests/qapi-schema/flat-union-reverse-define.exit
 delete mode 100644 tests/qapi-schema/flat-union-reverse-define.json
 delete mode 100644 tests/qapi-schema/flat-union-reverse-define.out

diff --git a/tests/Makefile b/tests/Makefile
index e3eb547..791e510 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -287,7 +287,6 @@ qapi-schema += flat-union-invalid-branch-key.json
 qapi-schema += flat-union-invalid-discriminator.json
 qapi-schema += flat-union-no-base.json
 qapi-schema += flat-union-optional-discriminator.json
-qapi-schema += flat-union-reverse-define.json
 qapi-schema += flat-union-string-discriminator.json
 qapi-schema += funny-char.json
 qapi-schema += ident-with-escape.json
diff --git a/tests/qapi-schema/flat-union-reverse-define.err 
b/tests/qapi-schema/flat-union-reverse-define.err
deleted file mode 100644
index e69de29..000
diff --git a/tests/qapi-schema/flat-union-reverse-define.exit 
b/tests/qapi-schema/flat-union-reverse-define.exit
deleted file mode 100644
index 573541a..000
--- a/tests/qapi-schema/flat-union-reverse-define.exit
+++ /dev/null
@@ -1 +0,0 @@
-0
diff --git a/tests/qapi-schema/flat-union-reverse-define.json 
b/tests/qapi-schema/flat-union-reverse-define.json
deleted file mode 100644
index 648bbfe..000
--- a/tests/qapi-schema/flat-union-reverse-define.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{ 'union': 'TestUnion',
-  'base': 'TestBase',
-  'discriminator': 'enum1',
-  'data': { 'value1': 'TestTypeA',
-'value2': 'TestTypeB' } }
-
-{ 'struct': 'TestBase',
-  'data': { 'enum1': 'TestEnum' } }
-
-{ 'enum': 'TestEnum',
-  'data': [ 'value1', 'value2' ] }
-
-{ 'struct': 'TestTypeA',
-  'data': { 'string': 'str' } }
-
-{ 'struct': 'TestTypeB',
-  'data': { 'integer': 'int' } }
diff --git a/tests/qapi-schema/flat-union-reverse-define.out 
b/tests/qapi-schema/flat-union-reverse-define.out
deleted file mode 100644
index a5a9134..000
--- a/tests/qapi-schema/flat-union-reverse-define.out
+++ /dev/null
@@ -1,13 +0,0 @@
-object :empty
-object TestBase
-member enum1: TestEnum optional=False
-enum TestEnum ['value1', 'value2']
-object TestTypeA
-member string: str optional=False
-object TestTypeB
-member integer: int optional=False
-object TestUnion
-base TestBase
-tag enum1
-case value1: TestTypeA
-case value2: TestTypeB
diff --git a/tests/qapi-schema/qapi-schema-test.json 
b/tests/qapi-schema/qapi-schema-test.json
index 27ad961..4e2d7c2 100644
--- a/tests/qapi-schema/qapi-schema-test.json
+++ b/tests/qapi-schema/qapi-schema-test.json
@@ -4,10 +4,9 @@
 # parse and compile correctly.

 # for testing enums
-{ 'enum': 'EnumOne',
-  'data': [ 'value1', 'value2', 'value3' ] }
 { 'struct': 'NestedEnumsOne',
-  'data': { 'enum1': 'EnumOne', '*enum2': 'EnumOne', 'enum3': 'EnumOne', 
'*enum4': 'EnumOne' } }
+  'data': { 'enum1': 'EnumOne',   # Intentional forward reference
+'*enum2': 'EnumOne', 'enum3': 'EnumOne', '*enum4': 'EnumOne' } }

 # An empty enum, although unusual, is currently acceptable
 { 'enum': 'MyEnum', 'data': [ ] }
@@ -20,7 +19,11 @@
 # for testing nested structs
 { 'struct': 'UserDefOne',
   'base': 'UserDefZero',# intentional forward reference
-  'data': { 'string': 'str', '*enum1': 'EnumOne' } }
+  'data': { 'string': 'str',
+'*enum1': 'EnumOne' } }   # intentional forward reference
+
+{ 'enum': 'EnumOne',
+  'data': [ 'value1', 'value2', 'value3' ] }

 { 'struct': 'UserDefZero',
   'data': { 'integer': 'int' } }
-- 
2.4.3

Re: [Qemu-devel] [PATCH v3 1/9] target-arm: Add HPFAR_EL2

[Laurent Desnogues]

Hello,

On Sun, Oct 4, 2015 at 12:38 AM, Edgar E. Iglesias
 wrote:
> From: "Edgar E. Iglesias" 
>
> Signed-off-by: Edgar E. Iglesias 
> ---
>  target-arm/cpu.h|  1 +
>  target-arm/helper.c | 12 
>  2 files changed, 13 insertions(+)
>
> diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> index cc1578c..895f2c2 100644
> --- a/target-arm/cpu.h
> +++ b/target-arm/cpu.h
> @@ -278,6 +278,7 @@ typedef struct CPUARMState {
>  };
>  uint64_t far_el[4];
>  };
> +uint64_t hpfar_el2;
>  union { /* Translation result. */
>  struct {
>  uint64_t _unused_par_0;
> diff --git a/target-arm/helper.c b/target-arm/helper.c
> index 8367997..5a5e5f0 100644
> --- a/target-arm/helper.c
> +++ b/target-arm/helper.c
> @@ -3223,6 +3223,10 @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
>  { .name = "CNTHP_CTL_EL2", .state = ARM_CP_STATE_BOTH,
>.opc0 = 3, .opc1 = 4, .crn = 14, .crm = 2, .opc2 = 1,
>.access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
> +{ .name = "HPFAR_EL2", .state = ARM_CP_STATE_BOTH,
> +  .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 4,
> +  .access = PL2_RW, .accessfn = access_el3_aa32ns_aa64any,
> +  .type = ARM_CP_CONST, .resetvalue = 0 },
>  REGINFO_SENTINEL
>  };
>
> @@ -3444,6 +3448,14 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
>.resetvalue = 0,
>.writefn = gt_hyp_ctl_write, .raw_writefn = raw_write },
>  #endif
> +{ .name = "HPFAR", .state = ARM_CP_STATE_AA32,
> +  .cp = 15, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 4,
> +  .access = PL2_RW, .accessfn = access_el3_aa32ns,
> +  .fieldoffset = offsetof(CPUARMState, cp15.hpfar_el2) },
> +{ .name = "HPFAR_EL2", .state = ARM_CP_STATE_AA64,
> +  .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 4,
> +  .access = PL2_RW,
> +  .fieldoffset = offsetof(CPUARMState, cp15.hpfar_el2) },
>  REGINFO_SENTINEL
>  };

Shouldn't these last two registers be placed before the "#endif" which
closes an "#ifndef CONFIG_USER_ONLY"?

Thanks,

Laurent

Re: [Qemu-devel] [PATCH v2 5/5] xlnx-ep108: Connect the SPI Flash

[Peter Crosthwaite]

On Wed, Oct 7, 2015 at 2:34 PM, Alistair Francis
 wrote:
> Connect the sst25wf080 SPI flash to the EP108 board.
>
> Signed-off-by: Alistair Francis 
> ---
> V2:
>  - Use sst25wf080 instead of m25p80
>
>  hw/arm/xlnx-ep108.c | 20 
>  1 file changed, 20 insertions(+)
>
> diff --git a/hw/arm/xlnx-ep108.c b/hw/arm/xlnx-ep108.c
> index 2899698..9755c30 100644
> --- a/hw/arm/xlnx-ep108.c
> +++ b/hw/arm/xlnx-ep108.c
> @@ -33,6 +33,7 @@ static struct arm_boot_info xlnx_ep108_binfo;
>  static void xlnx_ep108_init(MachineState *machine)
>  {
>  XlnxEP108 *s = g_new0(XlnxEP108, 1);
> +int i, j;
>  Error *err = NULL;
>
>  object_initialize(>soc, sizeof(s->soc), TYPE_XLNX_ZYNQMP);
> @@ -60,6 +61,25 @@ static void xlnx_ep108_init(MachineState *machine)
>   machine->ram_size);
>  memory_region_add_subregion(get_system_memory(), 0, >ddr_ram);
>
> +for (i = 0; i < XLNX_ZYNQMP_NUM_SPIS; i++) {
> +SSIBus *spi_bus;
> +char bus_name[6];
> +
> +snprintf(bus_name, 6, "spi%d", i);
> +spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(>soc.spi[i]),
> +   bus_name);

So machine level code shouldn't reach into the SoC like this. Instead
the bus should be passed from the SPI controller to SoC itself, then
use qdev_get_child_bus on the SoC itself.

Regards,
Peter

> +
> +for (j = 0; j < XLNX_ZYNQMP_NUM_SPI_FLASHES; ++j) {
> +DeviceState *flash_dev = ssi_create_slave(spi_bus, "sst25wf080");
> +qemu_irq cs_line = qdev_get_gpio_in_named(flash_dev,
> +  SSI_GPIO_CS, 0);
> +
> +sysbus_connect_irq(SYS_BUS_DEVICE(>soc.spi[i]),
> +   i * XLNX_ZYNQMP_NUM_SPI_FLASHES + j,
> +   cs_line);
> +}
> +}
> +
>  xlnx_ep108_binfo.ram_size = machine->ram_size;
>  xlnx_ep108_binfo.kernel_filename = machine->kernel_filename;
>  xlnx_ep108_binfo.kernel_cmdline = machine->kernel_cmdline;
> --
> 2.1.4
>

Re: [Qemu-devel] [PATCH v2 3/3] exec.c: Collect AddressSpace related fields into a CPUAddressSpace struct

[Richard Henderson]

On 10/08/2015 08:13 AM, Peter Maydell wrote:

On 7 October 2015 at 10:57, Richard Henderson  wrote:

On 10/02/2015 12:29 AM, Peter Maydell wrote:


+cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
+cpu->cpu_ases[0].cpu = cpu;
+cpu->cpu_ases[0].as = as;
+cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
+memory_listener_register(>cpu_ases[0].tcg_as_listener, as);
   }



What's the plan when it's more than one?


We g_realloc() the array to make it larger if the target-specific
code calls us again to add another AS.


Just thinking about why separate allocation vs embedding an array.  Though
possibly with the CPUState member being a pointer to an array within the
TargetCPUClass, or CPUTargetState.  Dunno.


An embedded array runs you into the problem that cpu.h doesn't
have access to a definition of the MemoryListener struct (at
least I think it's that one), so it doesn't know how much space
to allocate in the structure. Plus MemoryListener doesn't
exist in non-softmmu configs, and allowing the CPUState struct
to be different sizes for softmmu vs not doesn't work because
the header can be used from compiled-once-only .c files.
This awkwardness is why we ended up with CPUState having a
pointer to a MemoryListener and thus the loop in tcg_commit
in the first place.


Ah, right.  Thanks.  Whole series

Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PATCH v6 09/15] qapi: Fix alternates that accept 'number' but not 'int'

[Eric Blake]

The QMP input visitor allows integral values to be assigned by
promotion to a QTYPE_QFLOAT.  However, when parsing an alternate,
we did not take this into account, such that an alternate that
accepts 'number' but not 'int' would reject integral values.

With this patch, we now have the following desirable table:

alternate has  case selected for
'int'  'number'QTYPE_QINT  QTYPE_QFLOAT
  nono error   error
  no   yes 'number''number'
 yesno 'int'   error
 yes   yes 'int'   'number'

While it is unlikely that we will ever use 'number' in an
alternate other than in the testsuite, it never hurts to be
more precise in what we allow.

Signed-off-by: Eric Blake 

---
v6: rebase onto earlier testsuite and gen_err_check() improvements
---
 include/qapi/visitor-impl.h|  2 +-
 include/qapi/visitor.h |  3 ++-
 qapi/qapi-visit-core.c |  4 ++--
 qapi/qmp-input-visitor.c   |  4 
 scripts/qapi-visit.py  |  9 +++--
 tests/test-qmp-input-visitor.c | 20 ++--
 6 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/include/qapi/visitor-impl.h b/include/qapi/visitor-impl.h
index 6d95b36..1d09b7b 100644
--- a/include/qapi/visitor-impl.h
+++ b/include/qapi/visitor-impl.h
@@ -33,7 +33,7 @@ struct Visitor
 void (*type_enum)(Visitor *v, int *obj, const char * const strings[],
   const char *kind, const char *name, Error **errp);
 /* May be NULL; most useful for input visitors. */
-void (*get_next_type)(Visitor *v, qtype_code *type,
+void (*get_next_type)(Visitor *v, qtype_code *type, bool promote_int,
   const char *name, Error **errp);

 void (*type_int)(Visitor *v, int64_t *obj, const char *name, Error **errp);
diff --git a/include/qapi/visitor.h b/include/qapi/visitor.h
index b765993..baea594 100644
--- a/include/qapi/visitor.h
+++ b/include/qapi/visitor.h
@@ -46,8 +46,9 @@ void visit_optional(Visitor *v, bool *present, const char 
*name,
  * Determine the qtype of the item @name in the current object visit.
  * For input visitors, set *@type to the correct qtype of a qapi
  * alternate type; for other visitors, leave *@type unchanged.
+ * If @promote_int, treat integers as QTYPE_FLOAT.
  */
-void visit_get_next_type(Visitor *v, qtype_code *type,
+void visit_get_next_type(Visitor *v, qtype_code *type, bool promote_int,
  const char *name, Error **errp);
 void visit_type_enum(Visitor *v, int *obj, const char * const strings[],
  const char *kind, const char *name, Error **errp);
diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
index 3f24daa..884fe94 100644
--- a/qapi/qapi-visit-core.c
+++ b/qapi/qapi-visit-core.c
@@ -81,11 +81,11 @@ void visit_optional(Visitor *v, bool *present, const char 
*name,
 }
 }

-void visit_get_next_type(Visitor *v, qtype_code *type,
+void visit_get_next_type(Visitor *v, qtype_code *type, bool promote_int,
  const char *name, Error **errp)
 {
 if (v->get_next_type) {
-v->get_next_type(v, type, name, errp);
+v->get_next_type(v, type, promote_int, name, errp);
 }
 }

diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c
index 803ffad..5310db5 100644
--- a/qapi/qmp-input-visitor.c
+++ b/qapi/qmp-input-visitor.c
@@ -209,6 +209,7 @@ static void qmp_input_end_list(Visitor *v, Error **errp)
 }

 static void qmp_input_get_next_type(Visitor *v, qtype_code *type,
+bool promote_int,
 const char *name, Error **errp)
 {
 QmpInputVisitor *qiv = to_qiv(v);
@@ -219,6 +220,9 @@ static void qmp_input_get_next_type(Visitor *v, qtype_code 
*type,
 return;
 }
 *type = qobject_type(qobj);
+if (promote_int && *type == QTYPE_QINT) {
+*type = QTYPE_QFLOAT;
+}
 }

 static void qmp_input_type_int(Visitor *v, int64_t *obj, const char *name,
diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
index 571bfa3..1ac5350 100644
--- a/scripts/qapi-visit.py
+++ b/scripts/qapi-visit.py
@@ -169,6 +169,11 @@ void visit_type_%(c_name)s(Visitor *v, %(c_name)s *obj, 
const char *name, Error


 def gen_visit_alternate(name, variants):
+promote_int = 'true'
+for var in variants.variants:
+if var.type.alternate_qtype() == 'QTYPE_QINT':
+promote_int = 'false'
+
 ret = mcgen('''

 void visit_type_%(c_name)s(Visitor *v, %(c_name)s **obj, const char *name, 
Error **errp)
@@ -179,13 +184,13 @@ void visit_type_%(c_name)s(Visitor *v, %(c_name)s **obj, 
const char *name, Error
 if (err) {
 goto out;
 }
-visit_get_next_type(v, &(*obj)->type, name, );
+visit_get_next_type(v, &(*obj)->type, %(promote_int)s, name, );
 if (err) {
 goto out_obj;
 }
 switch ((*obj)->type) {
 ''',
-c_name=c_name(name))
+  

[Qemu-devel] [PATCH v6 15/15] qapi: Simplify visits of optional fields

[Eric Blake]

None of the visitor callbacks would set an error when testing
if an optional field was present; make this part of the interface
contract by eliminating the errp argument.  Then, for less code,
reflect the determined boolean value back to the caller instead
of making the caller read the boolean after the fact.

The resulting generated code has a nice diff:

|-visit_optional(v, _fdset_id, "fdset-id", );
|-if (err) {
|-goto out;
|-}
|-if (has_fdset_id) {
|+if (visit_optional(v, _fdset_id, "fdset-id")) {
| visit_type_int(v, _id, "fdset-id", );
| if (err) {
| goto out;
| }
| }

Signed-off-by: Eric Blake 

---
v6: rebase onto earlier testsuite and gen_err_check() improvements
---
 include/qapi/visitor-impl.h |  5 ++---
 include/qapi/visitor.h  | 10 --
 qapi/opts-visitor.c |  2 +-
 qapi/qapi-visit-core.c  |  6 +++---
 qapi/qmp-input-visitor.c|  3 +--
 qapi/string-input-visitor.c |  3 +--
 scripts/qapi.py |  9 ++---
 7 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/include/qapi/visitor-impl.h b/include/qapi/visitor-impl.h
index 370935a..fd2e905 100644
--- a/include/qapi/visitor-impl.h
+++ b/include/qapi/visitor-impl.h
@@ -44,9 +44,8 @@ struct Visitor
 void (*type_any)(Visitor *v, QObject **obj, const char *name,
  Error **errp);

-/* May be NULL */
-void (*optional)(Visitor *v, bool *present, const char *name,
- Error **errp);
+/* May be NULL; most useful for input visitors. */
+void (*optional)(Visitor *v, bool *present, const char *name);

 bool (*start_union)(Visitor *v, bool data_present, Error **errp);
 void (*end_union)(Visitor *v, bool data_present, Error **errp);
diff --git a/include/qapi/visitor.h b/include/qapi/visitor.h
index 67ddd83..e52ad39 100644
--- a/include/qapi/visitor.h
+++ b/include/qapi/visitor.h
@@ -36,8 +36,14 @@ void visit_end_implicit_struct(Visitor *v, Error **errp);
 void visit_start_list(Visitor *v, const char *name, Error **errp);
 GenericList *visit_next_list(Visitor *v, GenericList **list, Error **errp);
 void visit_end_list(Visitor *v, Error **errp);
-void visit_optional(Visitor *v, bool *present, const char *name,
-Error **errp);
+
+/**
+ * Check if an optional member @name of an object needs visiting.
+ * For input visitors, set *@present according to whether the
+ * corresponding visit_type_*() needs calling; for other visitors,
+ * leave *@present unchanged.  Return *@present for convenience.
+ */
+bool visit_optional(Visitor *v, bool *present, const char *name);

 /**
  * Determine the qtype of the item @name in the current object visit.
diff --git a/qapi/opts-visitor.c b/qapi/opts-visitor.c
index cd10392..ef5fb8b 100644
--- a/qapi/opts-visitor.c
+++ b/qapi/opts-visitor.c
@@ -488,7 +488,7 @@ opts_type_size(Visitor *v, uint64_t *obj, const char *name, 
Error **errp)


 static void
-opts_optional(Visitor *v, bool *present, const char *name, Error **errp)
+opts_optional(Visitor *v, bool *present, const char *name)
 {
 OptsVisitor *ov = DO_UPCAST(OptsVisitor, visitor, v);

diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
index cbf7780..2594147 100644
--- a/qapi/qapi-visit-core.c
+++ b/qapi/qapi-visit-core.c
@@ -73,12 +73,12 @@ void visit_end_union(Visitor *v, bool data_present, Error 
**errp)
 }
 }

-void visit_optional(Visitor *v, bool *present, const char *name,
-Error **errp)
+bool visit_optional(Visitor *v, bool *present, const char *name)
 {
 if (v->optional) {
-v->optional(v, present, name, errp);
+v->optional(v, present, name);
 }
+return *present;
 }

 void visit_get_next_type(Visitor *v, qtype_code *type, bool promote_int,
diff --git a/qapi/qmp-input-visitor.c b/qapi/qmp-input-visitor.c
index 5310db5..f714dfc 100644
--- a/qapi/qmp-input-visitor.c
+++ b/qapi/qmp-input-visitor.c
@@ -300,8 +300,7 @@ static void qmp_input_type_any(Visitor *v, QObject **obj, 
const char *name,
 *obj = qobj;
 }

-static void qmp_input_optional(Visitor *v, bool *present, const char *name,
-   Error **errp)
+static void qmp_input_optional(Visitor *v, bool *present, const char *name)
 {
 QmpInputVisitor *qiv = to_qiv(v);
 QObject *qobj = qmp_input_get_object(qiv, name, true);
diff --git a/qapi/string-input-visitor.c b/qapi/string-input-visitor.c
index bbd6a54..dee780a 100644
--- a/qapi/string-input-visitor.c
+++ b/qapi/string-input-visitor.c
@@ -299,8 +299,7 @@ static void parse_type_number(Visitor *v, double *obj, 
const char *name,
 *obj = val;
 }

-static void parse_optional(Visitor *v, bool *present, const char *name,
-   Error **errp)
+static void parse_optional(Visitor *v, bool *present, const char *name)
 {
 StringInputVisitor *siv = DO_UPCAST(StringInputVisitor, visitor, v);

diff --git a/scripts/qapi.py b/scripts/qapi.py

Re: [Qemu-devel] [PATCH v5 1/4] Add new block driver interface to add/delete a BDS's child

[Wen Congyang]

On 10/08/2015 03:00 AM, Dr. David Alan Gilbert wrote:
> * Wen Congyang (we...@cn.fujitsu.com) wrote:
>> In some cases, we want to take a quorum child offline, and take
>> another child online.
> 
> Hi,
>   Have you checked the output of 'info block' after adding/deleting a child?
> I'm using one of your older worlds (from a few months ago) and I found I had
> to add a 
> 
> bdrv_refresh_filename(bs);
> 
> to get the output of 'info block' to show the new child.
> I don't see it in this version.

Max sent a patch series to drop BDS.filename, so I don't call 
bdrv_refresh_filename()
here. If the BDS is not the top BDS, 'info block' still shows the wrong child.

Thanks
Wen Congyang

> 
> Dave
> 
> 
>>
>> Signed-off-by: Wen Congyang 
>> Signed-off-by: zhanghailiang 
>> Signed-off-by: Gonglei 
>> Reviewed-by: Eric Blake 
>> ---
>>  block.c   | 50 
>> +++
>>  include/block/block.h |  5 +
>>  include/block/block_int.h |  5 +
>>  3 files changed, 60 insertions(+)
>>
>> diff --git a/block.c b/block.c
>> index e815d73..1b25e43 100644
>> --- a/block.c
>> +++ b/block.c
>> @@ -4265,3 +4265,53 @@ BlockAcctStats *bdrv_get_stats(BlockDriverState *bs)
>>  {
>>  return >stats;
>>  }
>> +
>> +/*
>> + * Hot add/remove a BDS's child. So the user can take a child offline when
>> + * it is broken and take a new child online
>> + */
>> +void bdrv_add_child(BlockDriverState *parent_bs, BlockDriverState *child_bs,
>> +Error **errp)
>> +{
>> +
>> +if (!parent_bs->drv || !parent_bs->drv->bdrv_add_child) {
>> +error_setg(errp, "The BDS %s doesn't support adding a child",
>> +   bdrv_get_device_or_node_name(parent_bs));
>> +return;
>> +}
>> +
>> +if (!QLIST_EMPTY(_bs->parents)) {
>> +error_setg(errp, "The BDS %s already has parent",
>> +   child_bs->node_name);
>> +return;
>> +}
>> +
>> +parent_bs->drv->bdrv_add_child(parent_bs, child_bs, errp);
>> +}
>> +
>> +void bdrv_del_child(BlockDriverState *parent_bs, BlockDriverState *child_bs,
>> +Error **errp)
>> +{
>> +BdrvChild *child;
>> +
>> +if (!parent_bs->drv || !parent_bs->drv->bdrv_del_child) {
>> +error_setg(errp, "The BDS %s doesn't support removing a child",
>> +   bdrv_get_device_or_node_name(parent_bs));
>> +return;
>> +}
>> +
>> +QLIST_FOREACH(child, _bs->children, next) {
>> +if (child->bs == child_bs) {
>> +break;
>> +}
>> +}
>> +
>> +if (!child) {
>> +error_setg(errp, "BDS %s is not a child of %s",
>> +   bdrv_get_device_or_node_name(child_bs),
>> +   bdrv_get_device_or_node_name(parent_bs));
>> +return;
>> +}
>> +
>> +parent_bs->drv->bdrv_del_child(parent_bs, child_bs, errp);
>> +}
>> diff --git a/include/block/block.h b/include/block/block.h
>> index ef67353..665c56f 100644
>> --- a/include/block/block.h
>> +++ b/include/block/block.h
>> @@ -616,4 +616,9 @@ void bdrv_flush_io_queue(BlockDriverState *bs);
>>  
>>  BlockAcctStats *bdrv_get_stats(BlockDriverState *bs);
>>  
>> +void bdrv_add_child(BlockDriverState *parent, BlockDriverState *child,
>> +Error **errp);
>> +void bdrv_del_child(BlockDriverState *parent, BlockDriverState *child,
>> +Error **errp);
>> +
>>  #endif
>> diff --git a/include/block/block_int.h b/include/block/block_int.h
>> index 2f2c47b..64cbc55 100644
>> --- a/include/block/block_int.h
>> +++ b/include/block/block_int.h
>> @@ -288,6 +288,11 @@ struct BlockDriver {
>>   */
>>  int (*bdrv_probe_geometry)(BlockDriverState *bs, HDGeometry *geo);
>>  
>> +void (*bdrv_add_child)(BlockDriverState *parent, BlockDriverState 
>> *child,
>> +   Error **errp);
>> +void (*bdrv_del_child)(BlockDriverState *parent, BlockDriverState 
>> *child,
>> +   Error **errp);
>> +
>>  QLIST_ENTRY(BlockDriver) list;
>>  };
>>  
>> -- 
>> 2.4.3
>>
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
> .
> 

Re: [Qemu-devel] [PATCH v2] Remove macros IO_READ_PROTO and IO_WRITE_PROTO

[Markus Armbruster]

Copying maintainer.  Please use scripts/get_maintainer.pl to find them
yourself.

Nutan Shinde  writes:

> Signed-off-by: Nutan Shinde 
> ---
>  hw/audio/adlib.c  |  9 ++---
>  hw/audio/es1370.c | 17 ++---
>  hw/audio/gus.c|  9 ++---
>  hw/audio/sb16.c   | 15 +--
>  4 files changed, 15 insertions(+), 35 deletions(-)
>
> diff --git a/hw/audio/adlib.c b/hw/audio/adlib.c
> index 656eb37..334935f 100644
> --- a/hw/audio/adlib.c
> +++ b/hw/audio/adlib.c
> @@ -57,11 +57,6 @@ void YMF262UpdateOneQEMU (int which, INT16 *dst, int 
> length);
>  #define SHIFT 1
>  #endif
>  
> -#define IO_READ_PROTO(name) \
> -uint32_t name (void *opaque, uint32_t nport)
> -#define IO_WRITE_PROTO(name) \
> -void name (void *opaque, uint32_t nport, uint32_t val)
> -
>  #define TYPE_ADLIB "adlib"
>  #define ADLIB(obj) OBJECT_CHECK(AdlibState, (obj), TYPE_ADLIB)
>  
> @@ -124,7 +119,7 @@ static void adlib_kill_timers (AdlibState *s)
>  }
>  }
>  
> -static IO_WRITE_PROTO (adlib_write)
> +static void adlib_write(void *opaque, uint32_t nport, uint32_t val)
>  {
>  AdlibState *s = opaque;
>  int a = nport & 3;
> @@ -141,7 +136,7 @@ static IO_WRITE_PROTO (adlib_write)
>  #endif
>  }
>  
> -static IO_READ_PROTO (adlib_read)
> +static uint32_t adlib_read(void *opaque, uint32_t nport)
>  {
>  AdlibState *s = opaque;
>  uint8_t data;
> diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
> index 8e7bcf5..592578b 100644
> --- a/hw/audio/es1370.c
> +++ b/hw/audio/es1370.c
> @@ -157,11 +157,6 @@ static const unsigned dac1_samplerate[] = { 5512, 11025, 
> 22050, 44100 };
>  #define DAC2_CHANNEL 1
>  #define ADC_CHANNEL 2
>  
> -#define IO_READ_PROTO(n) \
> -static uint32_t n (void *opaque, uint32_t addr)
> -#define IO_WRITE_PROTO(n) \
> -static void n (void *opaque, uint32_t addr, uint32_t val)
> -
>  static void es1370_dac1_callback (void *opaque, int free);
>  static void es1370_dac2_callback (void *opaque, int free);
>  static void es1370_adc_callback (void *opaque, int avail);
> @@ -474,7 +469,7 @@ static inline uint32_t es1370_fixup (ES1370State *s, 
> uint32_t addr)
>  return addr;
>  }
>  
> -IO_WRITE_PROTO (es1370_writeb)
> +static void es1370_writeb(void *opaque, uint32_t addr, uint32_t val)
>  {
>  ES1370State *s = opaque;
>  uint32_t shift, mask;
> @@ -512,7 +507,7 @@ IO_WRITE_PROTO (es1370_writeb)
>  }
>  }
>  
> -IO_WRITE_PROTO (es1370_writew)
> +static void es1370_writew(void *opaque, uint32_t addr, uint32_t val)
>  {
>  ES1370State *s = opaque;
>  addr = es1370_fixup (s, addr);
> @@ -549,7 +544,7 @@ IO_WRITE_PROTO (es1370_writew)
>  }
>  }
>  
> -IO_WRITE_PROTO (es1370_writel)
> +static void es1370_writel(void *opaque, uint32_t addr, uint32_t val)
>  {
>  ES1370State *s = opaque;
>  struct chan *d = >chan[0];
> @@ -615,7 +610,7 @@ IO_WRITE_PROTO (es1370_writel)
>  }
>  }
>  
> -IO_READ_PROTO (es1370_readb)
> +static uint32_t es1370_readb(void *opaque, uint32_t addr)
>  {
>  ES1370State *s = opaque;
>  uint32_t val;
> @@ -650,7 +645,7 @@ IO_READ_PROTO (es1370_readb)
>  return val;
>  }
>  
> -IO_READ_PROTO (es1370_readw)
> +static uint32_t es1370_readw(void *opaque, uint32_t addr)
>  {
>  ES1370State *s = opaque;
>  struct chan *d = >chan[0];
> @@ -692,7 +687,7 @@ IO_READ_PROTO (es1370_readw)
>  return val;
>  }
>  
> -IO_READ_PROTO (es1370_readl)
> +static uint32_t es1370_readl(void *opaque, uint32_t addr)
>  {
>  ES1370State *s = opaque;
>  uint32_t val;
> diff --git a/hw/audio/gus.c b/hw/audio/gus.c
> index 86223a9..e0c8a4e 100644
> --- a/hw/audio/gus.c
> +++ b/hw/audio/gus.c
> @@ -41,11 +41,6 @@
>  #define GUS_ENDIANNESS 0
>  #endif
>  
> -#define IO_READ_PROTO(name) \
> -static uint32_t name (void *opaque, uint32_t nport)
> -#define IO_WRITE_PROTO(name) \
> -static void name (void *opaque, uint32_t nport, uint32_t val)
> -
>  #define TYPE_GUS "gus"
>  #define GUS(obj) OBJECT_CHECK (GUSState, (obj), TYPE_GUS)
>  
> @@ -64,14 +59,14 @@ typedef struct GUSState {
>  qemu_irq pic;
>  } GUSState;
>  
> -IO_READ_PROTO (gus_readb)
> +static uint32_t gus_readb(void *opaque, uint32_t nport)
>  {
>  GUSState *s = opaque;
>  
>  return gus_read (>emu, nport, 1);
>  }
>  
> -IO_WRITE_PROTO (gus_writeb)
> +static void gus_writeb(void *opaque, uint32_t nport, uint32_t val)
>  {
>  GUSState *s = opaque;
>  
> diff --git a/hw/audio/sb16.c b/hw/audio/sb16.c
> index b052de5..995435f 100644
> --- a/hw/audio/sb16.c
> +++ b/hw/audio/sb16.c
> @@ -40,11 +40,6 @@
>  #define ldebug(...)
>  #endif
>  
> -#define IO_READ_PROTO(name) \
> -uint32_t name (void *opaque, uint32_t nport)
> -#define IO_WRITE_PROTO(name)\
> -void name (void *opaque, uint32_t nport, uint32_t val)
> -
>  static const char e3[] = "COPYRIGHT (C) CREATIVE TECHNOLOGY LTD, 1992.";
>  
>  #define TYPE_SB16 

Re: [Qemu-devel] [Qemu-block] [PATCH v5 3/4] qmp: add monitor command to add/remove a child

[Max Reitz]

On 22.09.2015 09:44, Wen Congyang wrote:
> The new QMP command name is x-blockdev-child-add, and x-blockdev-child-del.
> It justs for adding/removing quorum's child now, and don't support all
> kinds of children,

It does support all kinds of children for quorum, doesn't it?

>nor all block drivers. So it is experimental now.

Well, that is not really a reason why we would have to make it
experimental. For instance, blockdev-add (although some might argue it
actually is experimental...) doesn't support all block drivers either.

The reason I am hesitant of adding an experimental QMP interface that is
actually visible to the user (compare x-image in blkverify and blkdebug,
which are not documented and not to be used by the user) is twofold:

(1) At some point we have to say "OK, this is good enough now" and make
it stable. What would that point be? Who can guarantee that we
wouldn't want to make any interface changes after that point? Would
we actually remember to revisit this function once in a while and
consider making it stable?

(2) While marking things experimental *should* keep people from using it
in their tools, nobody can guarantee that it *does* keep them from
doing so. So we may find ourselves in the situation of having to
keep a compatibility interface for an experimental feature...

For the second point, you should also consider how useful this feature
is to management tools. Just being able to remove and attach children
from a quorum node seems very useful on its own. I don't see why we
should wait for having support for other block drivers; also, for most
block drivers there is no meaningful way of adding or removing children
as nicely as that is possible for quorum.

E.g. you may have a block filter in the future where you want to
exchange its child BDS. This exchange should be an atomic operation, so
we cannot use this interface there anyway. For quorum, such an exchange
does not need to be atomic, since you can just add the new child first
and remove the old one afterwards.

So maybe in the future we get some block driver other than quorum for
which adding and removing children (as opposed to atomically exchanging
them) makes sense, but for now I can only see quorum. Therefore, that
this works for quorum only is in my opinion not a reason to make it
experimental. I think we actually want to keep it that way.

So the question would then be: What ways can you imagine to change this
interface, which would necessitate an incompatible change, therefore
calling for an experimental interface?

(My point is that with such an experimental interface, management tools
cannot use it, even though it'd be a very nice functionality to have)

> 
> Signed-off-by: Wen Congyang 
> Signed-off-by: zhanghailiang 
> Signed-off-by: Gonglei 
> ---
>  blockdev.c   | 48 +
>  qapi/block-core.json | 34 +
>  qmp-commands.hx  | 61 
> 
>  3 files changed, 143 insertions(+)
> 
> diff --git a/blockdev.c b/blockdev.c
> index 32b04b4..8da0ffb 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -3086,6 +3086,54 @@ fail:
>  qmp_output_visitor_cleanup(ov);
>  }
>  
> +void qmp_x_blockdev_child_add(const char *parent, const char *child,
> +  Error **errp)
> +{
> +BlockDriverState *parent_bs, *child_bs;
> +Error *local_err = NULL;
> +
> +parent_bs = bdrv_lookup_bs(parent, parent, _err);
> +if (!parent_bs) {
> +error_propagate(errp, local_err);
> +return;
> +}
> +
> +child_bs = bdrv_find_node(child);
> +if (!child_bs) {
> +error_setg(errp, "Node '%s' not found", child);
> +return;
> +}
> +
> +bdrv_add_child(parent_bs, child_bs, _err);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +}

You can just pass errp to bdrv_add_child().

> +}
> +
> +void qmp_x_blockdev_child_del(const char *parent, const char *child,
> +  Error **errp)
> +{
> +BlockDriverState *parent_bs, *child_bs;
> +Error *local_err = NULL;
> +
> +parent_bs = bdrv_lookup_bs(parent, parent, _err);
> +if (!parent_bs) {
> +error_propagate(errp, local_err);
> +return;
> +}
> +
> +child_bs = bdrv_find_node(child);
> +if (!child_bs) {
> +error_setg(errp, "Node '%s' not found", child);
> +return;
> +}
> +
> +bdrv_del_child(parent_bs, child_bs, _err);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +}

Same here.

Max

> +}
> +
>  BlockJobInfoList *qmp_query_block_jobs(Error **errp)
>  {
>  BlockJobInfoList *head = NULL, **p_next = 
> diff --git a/qapi/block-core.json b/qapi/block-core.json
> index bb2189e..9418f05 100644
> --- a/qapi/block-core.json
> +++ 

Re: [Qemu-devel] [PATCH v6] target-tilegx: Support iret instruction and related special registers

[Richard Henderson]

On 10/07/2015 10:21 AM, Chen Gang wrote:

From fa0950e403bbb98989117f632215ae0e698457d7 Mon Sep 17 00:00:00 2001

From: Chen Gang
Date: Sun, 4 Oct 2015 17:41:14 +0800
Subject: [PATCH v6] target-tilegx: Support iret instruction and related special 
registers

EX_CONTEXT_0_0 is used for jumping address, and EX_CONTEXT_0_1 is for
INTERRUPT_CRITICAL_SECTION, which should only be 0 or 1 in user mode, or
it will cause target SIGILL (and the patch doesn't support system mode).

Signed-off-by: Chen Gang
---
  target-tilegx/cpu.h   |  2 ++
  target-tilegx/helper.c| 22 ++
  target-tilegx/helper.h|  1 +
  target-tilegx/translate.c | 14 +-
  4 files changed, 38 insertions(+), 1 deletion(-)


Applied.


r~

[Qemu-devel] [PULL 00/19] Collected tilegx patches

[Richard Henderson]

I've taken the liberty of modifying some of the patches that Chen Gang
has posted.  Some of these are new cleanups that I saw along the way.
A few are filling out the final user-level non-fp, non-vector insns.


r~


The following changes since commit 5fdb4671b08e0d1631447e81348b2b50a6b85bf7:

  Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into 
staging (2015-10-06 13:42:33 +0100)

are available in the git repository at:

  git://github.com/rth7680/qemu.git tags/pull-tile-20151007

for you to fetch changes up to fec7daab3d63b7b2ca61581fffc40142b22b2bd5:

  target-tilegx: Support iret instruction and related special registers 
(2015-10-07 20:24:04 +1100)


Collected patches


Chen Gang (13):
  target-tilegx: Implement v*shl, v*shru, and v*shrs instructions
  target-tilegx: Implement v*add and v*sub instructions
  target-tilegx: Implement v1multu instruction
  target-tilegx: Let x1 pipe process bpt instruction only
  linux-user/syscall_defs.h: Sync the latest si_code from Linux kernel
  linux-user/tilegx: Implement tilegx signal features
  target-tilegx: Decode ill pseudo-instructions
  target-tilegx: Fix a typo for mnemonic about "ld_add"
  target-tilegx: Implement v2sh* instructions
  target-tilegx: Implement v?int_* instructions.
  target-tilegx: Implement v2mults instruction
  target-tilegx: Use TILEGX_EXCP_OPCODE_UNKNOWN and 
TILEGX_EXCP_OPCODE_UNIMPLEMENTED correctly
  target-tilegx: Support iret instruction and related special registers

Richard Henderson (6):
  target-tilegx: Tidy simd_helper.c
  target-tilegx: Implement crc instructions
  target-tilegx: Implement table index instructions
  target-tilegx: Implement complex multiply instructions
  target-tilegx: Use TILEGX_EXCP_SIGNAL instead of TILEGX_EXCP_SEGV
  target-tilegx: Handle nofault prefetch instructions

 linux-user/main.c   |  39 +++-
 linux-user/signal.c | 159 +++-
 linux-user/syscall_defs.h   |  11 ++
 linux-user/tilegx/syscall.h |   3 +
 target-tilegx/cpu.c |   7 +-
 target-tilegx/cpu.h |   8 +-
 target-tilegx/helper.c  |  81 
 target-tilegx/helper.h  |  16 ++
 target-tilegx/simd_helper.c | 118 +++-
 target-tilegx/translate.c   | 438 +---
 10 files changed, 799 insertions(+), 81 deletions(-)

[Qemu-devel] [PULL 03/19] target-tilegx: Implement v*add and v*sub instructions

[Richard Henderson]

From: Chen Gang 

[rth: Implement everything inline; handle v1addi and v2addi as well.]

Signed-off-by: Chen Gang 
Message-Id: <1442873918-3394-1-git-send-email-gang.chen.5...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target-tilegx/translate.c | 137 +++---
 1 file changed, 116 insertions(+), 21 deletions(-)

diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
index 9228751..14ebd07 100644
--- a/target-tilegx/translate.c
+++ b/target-tilegx/translate.c
@@ -96,6 +96,7 @@ typedef struct {
 #define OE_SH(E,XY)OE(SHIFT_OPCODE_##XY, E##_SHIFT_OPCODE_##XY, XY)
 
 #define V1_IMM(X)  (((X) & 0xff) * 0x0101010101010101ull)
+#define V2_IMM(X)  (((X) & 0x) * 0x0001000100010001ull)
 
 
 static void gen_exception(DisasContext *dc, TileExcp num)
@@ -275,6 +276,35 @@ static void gen_mul_half(TCGv tdest, TCGv tsrca, TCGv 
tsrcb,
 tcg_temp_free(t);
 }
 
+static TileExcp gen_st_opcode(DisasContext *dc, unsigned dest, unsigned srca,
+  unsigned srcb, TCGMemOp memop, const char *name)
+{
+if (dest) {
+return TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
+}
+
+tcg_gen_qemu_st_tl(load_gr(dc, srcb), load_gr(dc, srca),
+  dc->mmuidx, memop);
+
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "%s %s, %s", name,
+  reg_names[srca], reg_names[srcb]);
+return TILEGX_EXCP_NONE;
+}
+
+static TileExcp gen_st_add_opcode(DisasContext *dc, unsigned srca, unsigned 
srcb,
+  int imm, TCGMemOp memop, const char *name)
+{
+TCGv tsrca = load_gr(dc, srca);
+TCGv tsrcb = load_gr(dc, srcb);
+
+tcg_gen_qemu_st_tl(tsrcb, tsrca, dc->mmuidx, memop);
+tcg_gen_addi_tl(dest_gr(dc, srca), tsrca, imm);
+
+qemu_log_mask(CPU_LOG_TB_IN_ASM, "%s %s, %s, %d", name,
+  reg_names[srca], reg_names[srcb], imm);
+return TILEGX_EXCP_NONE;
+}
+
 /* Equality comparison with zero can be done quickly and efficiently.  */
 static void gen_v1cmpeq0(TCGv v)
 {
@@ -310,33 +340,45 @@ static void gen_v1cmpne0(TCGv v)
 tcg_temp_free(c);
 }
 
-static TileExcp gen_st_opcode(DisasContext *dc, unsigned dest, unsigned srca,
-  unsigned srcb, TCGMemOp memop, const char *name)
+/* Vector addition can be performed via arithmetic plus masking.  It is
+   efficient this way only for 4 or more elements.  */
+static void gen_v12add(TCGv tdest, TCGv tsrca, TCGv tsrcb, uint64_t sign)
 {
-if (dest) {
-return TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
-}
+TCGv tmask = tcg_const_tl(~sign);
+TCGv t0 = tcg_temp_new();
+TCGv t1 = tcg_temp_new();
 
-tcg_gen_qemu_st_tl(load_gr(dc, srcb), load_gr(dc, srca),
-  dc->mmuidx, memop);
+/* ((a & ~sign) + (b & ~sign)) ^ ((a ^ b) & sign).  */
+tcg_gen_and_tl(t0, tsrca, tmask);
+tcg_gen_and_tl(t1, tsrcb, tmask);
+tcg_gen_add_tl(tdest, t0, t1);
+tcg_gen_xor_tl(t0, tsrca, tsrcb);
+tcg_gen_andc_tl(t0, t0, tmask);
+tcg_gen_xor_tl(tdest, tdest, t0);
 
-qemu_log_mask(CPU_LOG_TB_IN_ASM, "%s %s, %s", name,
-  reg_names[srca], reg_names[srcb]);
-return TILEGX_EXCP_NONE;
+tcg_temp_free(t1);
+tcg_temp_free(t0);
+tcg_temp_free(tmask);
 }
 
-static TileExcp gen_st_add_opcode(DisasContext *dc, unsigned srca, unsigned 
srcb,
-  int imm, TCGMemOp memop, const char *name)
+/* Similarly for vector subtraction.  */
+static void gen_v12sub(TCGv tdest, TCGv tsrca, TCGv tsrcb, uint64_t sign)
 {
-TCGv tsrca = load_gr(dc, srca);
-TCGv tsrcb = load_gr(dc, srcb);
+TCGv tsign = tcg_const_tl(sign);
+TCGv t0 = tcg_temp_new();
+TCGv t1 = tcg_temp_new();
 
-tcg_gen_qemu_st_tl(tsrcb, tsrca, dc->mmuidx, memop);
-tcg_gen_addi_tl(dest_gr(dc, srca), tsrca, imm);
+/* ((a | sign) - (b & ~sign)) ^ ((a ^ ~b) & sign).  */
+tcg_gen_or_tl(t0, tsrca, tsign);
+tcg_gen_andc_tl(t1, tsrcb, tsign);
+tcg_gen_sub_tl(tdest, t0, t1);
+tcg_gen_eqv_tl(t0, tsrca, tsrcb);
+tcg_gen_and_tl(t0, t0, tsign);
+tcg_gen_xor_tl(tdest, tdest, t0);
 
-qemu_log_mask(CPU_LOG_TB_IN_ASM, "%s %s, %s, %d", name,
-  reg_names[srca], reg_names[srcb], imm);
-return TILEGX_EXCP_NONE;
+tcg_temp_free(t1);
+tcg_temp_free(t0);
+tcg_temp_free(tsign);
 }
 
 static void gen_v4sh(TCGv d64, TCGv a64, TCGv b64,
@@ -358,6 +400,26 @@ static void gen_v4sh(TCGv d64, TCGv a64, TCGv b64,
 tcg_temp_free_i32(bl);
 }
 
+static void gen_v4op(TCGv d64, TCGv a64, TCGv b64,
+ void (*generate)(TCGv_i32, TCGv_i32, TCGv_i32))
+{
+TCGv_i32 al = tcg_temp_new_i32();
+TCGv_i32 ah = tcg_temp_new_i32();
+TCGv_i32 bl = tcg_temp_new_i32();
+TCGv_i32 bh = tcg_temp_new_i32();
+
+tcg_gen_extr_i64_i32(al, ah, a64);
+tcg_gen_extr_i64_i32(bl, bh, b64);
+generate(al, al, bl);
+

[Qemu-devel] [PULL 14/19] target-tilegx: Handle nofault prefetch instructions

[Richard Henderson]

These are mapped onto some of the normal load instructions, when the
destination is the zero register.  Other load insns do fault even
when targeting the zero register.

Signed-off-by: Richard Henderson 
---
 target-tilegx/translate.c | 40 ++--
 1 file changed, 26 insertions(+), 14 deletions(-)

diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
index 8fee60c..6ab66f9 100644
--- a/target-tilegx/translate.c
+++ b/target-tilegx/translate.c
@@ -496,6 +496,7 @@ static TileExcp gen_rr_opcode(DisasContext *dc, unsigned 
opext,
 const char *mnemonic;
 TCGMemOp memop;
 TileExcp ret = TILEGX_EXCP_NONE;
+bool prefetch_nofault = false;
 
 /* Eliminate instructions with no output before doing anything else.  */
 switch (opext) {
@@ -609,27 +610,30 @@ static TileExcp gen_rr_opcode(DisasContext *dc, unsigned 
opext,
 return TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
 case OE_RR_X1(LD1S):
 memop = MO_SB;
-mnemonic = "ld1s";
+mnemonic = "ld1s"; /* prefetch_l1_fault */
 goto do_load;
 case OE_RR_X1(LD1U):
 memop = MO_UB;
-mnemonic = "ld1u";
+mnemonic = "ld1u"; /* prefetch, prefetch_l1 */
+prefetch_nofault = (dest == TILEGX_R_ZERO);
 goto do_load;
 case OE_RR_X1(LD2S):
 memop = MO_TESW;
-mnemonic = "ld2s";
+mnemonic = "ld2s"; /* prefetch_l2_fault */
 goto do_load;
 case OE_RR_X1(LD2U):
 memop = MO_TEUW;
-mnemonic = "ld2u";
+mnemonic = "ld2u"; /* prefetch_l2 */
+prefetch_nofault = (dest == TILEGX_R_ZERO);
 goto do_load;
 case OE_RR_X1(LD4S):
 memop = MO_TESL;
-mnemonic = "ld4s";
+mnemonic = "ld4s"; /* prefetch_l3_fault */
 goto do_load;
 case OE_RR_X1(LD4U):
 memop = MO_TEUL;
-mnemonic = "ld4u";
+mnemonic = "ld4u"; /* prefetch_l3 */
+prefetch_nofault = (dest == TILEGX_R_ZERO);
 goto do_load;
 case OE_RR_X1(LDNT1S):
 memop = MO_SB;
@@ -663,7 +667,9 @@ static TileExcp gen_rr_opcode(DisasContext *dc, unsigned 
opext,
 memop = MO_TEQ;
 mnemonic = "ld";
 do_load:
-tcg_gen_qemu_ld_tl(tdest, tsrca, dc->mmuidx, memop);
+if (!prefetch_nofault) {
+tcg_gen_qemu_ld_tl(tdest, tsrca, dc->mmuidx, memop);
+}
 break;
 case OE_RR_X1(LDNA):
 tcg_gen_andi_tl(tdest, tsrca, ~7);
@@ -1442,6 +1448,7 @@ static TileExcp gen_rri_opcode(DisasContext *dc, unsigned 
opext,
 {
 TCGv tdest = dest_gr(dc, dest);
 TCGv tsrca = load_gr(dc, srca);
+bool prefetch_nofault = false;
 const char *mnemonic;
 TCGMemOp memop;
 int i2, i3;
@@ -1491,27 +1498,30 @@ static TileExcp gen_rri_opcode(DisasContext *dc, 
unsigned opext,
 break;
 case OE_IM(LD1S_ADD, X1):
 memop = MO_SB;
-mnemonic = "ld1s_add";
+mnemonic = "ld1s_add"; /* prefetch_add_l1_fault */
 goto do_load_add;
 case OE_IM(LD1U_ADD, X1):
 memop = MO_UB;
-mnemonic = "ld1u_add";
+mnemonic = "ld1u_add"; /* prefetch_add_l1 */
+prefetch_nofault = (dest == TILEGX_R_ZERO);
 goto do_load_add;
 case OE_IM(LD2S_ADD, X1):
 memop = MO_TESW;
-mnemonic = "ld2s_add";
+mnemonic = "ld2s_add"; /* prefetch_add_l2_fault */
 goto do_load_add;
 case OE_IM(LD2U_ADD, X1):
 memop = MO_TEUW;
-mnemonic = "ld2u_add";
+mnemonic = "ld2u_add"; /* prefetch_add_l2 */
+prefetch_nofault = (dest == TILEGX_R_ZERO);
 goto do_load_add;
 case OE_IM(LD4S_ADD, X1):
 memop = MO_TESL;
-mnemonic = "ld4s_add";
+mnemonic = "ld4s_add"; /* prefetch_add_l3_fault */
 goto do_load_add;
 case OE_IM(LD4U_ADD, X1):
 memop = MO_TEUL;
-mnemonic = "ld4u_add";
+mnemonic = "ld4u_add"; /* prefetch_add_l3 */
+prefetch_nofault = (dest == TILEGX_R_ZERO);
 goto do_load_add;
 case OE_IM(LDNT1S_ADD, X1):
 memop = MO_SB;
@@ -1545,7 +1555,9 @@ static TileExcp gen_rri_opcode(DisasContext *dc, unsigned 
opext,
 memop = MO_TEQ;
 mnemonic = "ld_add";
 do_load_add:
-tcg_gen_qemu_ld_tl(tdest, tsrca, dc->mmuidx, memop);
+if (!prefetch_nofault) {
+tcg_gen_qemu_ld_tl(tdest, tsrca, dc->mmuidx, memop);
+}
 tcg_gen_addi_tl(dest_gr(dc, srca), tsrca, imm);
 break;
 case OE_IM(LDNA_ADD, X1):
-- 
2.4.3

[Qemu-devel] [PULL 00/26] Do away with TB retranslation

[Richard Henderson]

All patches now reviewed.  I believe further cleanups can be
handled with subsequent patches.


r~


The following changes since commit 5fdb4671b08e0d1631447e81348b2b50a6b85bf7:

  Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into 
staging (2015-10-06 13:42:33 +0100)

are available in the git repository at:

  git://github.com/rth7680/qemu.git tags/pull-tcg-20151007

for you to fetch changes up to 126d89e8cdfa3be15d51f76906eaccbcd0023f98:

  tcg: Adjust CODE_GEN_AVG_BLOCK_SIZE (2015-10-07 20:40:00 +1100)


Do away with TB retranslation


Richard Henderson (26):
  tcg: Rename debug_insn_start to insn_start
  target-*: Unconditionally emit tcg_gen_insn_start
  target-*: Increment num_insns immediately after tcg_gen_insn_start
  target-*: Introduce and use cpu_breakpoint_test
  tcg: Allow extra data to be attached to insn_start
  target-arm: Add condexec state to insn_start
  target-i386: Add cc_op state to insn_start
  target-mips: Add delayed branch state to insn_start
  target-s390x: Add cc_op state to insn_start
  target-sh4: Add flags state to insn_start
  target-cris: Mirror gen_opc_pc into insn_start
  target-sparc: Tidy gen_branch_a interface
  target-sparc: Split out gen_branch_n
  target-sparc: Remove gen_opc_jump_pc
  target-sparc: Add npc state to insn_start
  tcg: Merge cpu_gen_code into tb_gen_code
  target-*: Drop cpu_gen_code define
  tcg: Add TCG_MAX_INSNS
  tcg: Pass data argument to restore_state_to_opc
  tcg: Save insn data and use it in cpu_restore_state_from_tb
  tcg: Remove gen_intermediate_code_pc
  tcg: Remove tcg_gen_code_search_pc
  tcg: Emit prologue to the beginning of code_gen_buffer
  tcg: Allocate a guard page after code_gen_buffer
  tcg: Check for overflow via highwater mark
  tcg: Adjust CODE_GEN_AVG_BLOCK_SIZE

 include/exec/exec-all.h   |  23 +-
 include/qom/cpu.h |  16 ++
 target-alpha/cpu.h|   1 -
 target-alpha/translate.c  |  70 ++
 target-arm/cpu.h  |   2 +-
 target-arm/translate-a64.c|  48 +---
 target-arm/translate.c|  83 +++
 target-arm/translate.h|   8 +-
 target-cris/cpu.h |   1 -
 target-cris/translate.c   |  93 ++--
 target-cris/translate_v10.c   |   3 -
 target-i386/cpu.h |   2 +-
 target-i386/translate.c   | 106 +++--
 target-lm32/cpu.h |   1 -
 target-lm32/translate.c   |  83 ++-
 target-m68k/cpu.h |   1 -
 target-m68k/translate.c   |  82 ++-
 target-microblaze/cpu.h   |   1 -
 target-microblaze/translate.c |  83 ++-
 target-mips/cpu.h |   2 +-
 target-mips/translate.c   |  98 +++-
 target-moxie/cpu.h|   1 -
 target-moxie/translate.c  |  82 +++
 target-openrisc/cpu.h |   1 -
 target-openrisc/translate.c   |  78 ++-
 target-ppc/cpu.h  |   1 -
 target-ppc/translate.c|  72 ++
 target-s390x/cpu.h|   2 +-
 target-s390x/translate.c  |  78 ++-
 target-sh4/cpu.h  |   2 +-
 target-sh4/translate.c|  91 +++-
 target-sparc/cpu.h|   2 +-
 target-sparc/translate.c  | 185 +++
 target-tilegx/cpu.h   |   1 -
 target-tilegx/translate.c |  58 ++---
 target-tricore/translate.c|  59 ++---
 target-unicore32/translate.c  |  83 ++-
 target-xtensa/cpu.h   |   1 -
 target-xtensa/translate.c |  79 ++-
 tcg/tcg-op.h  |  52 -
 tcg/tcg-opc.h |   4 +-
 tcg/tcg.c | 168 --
 tcg/tcg.h |  20 +-
 tci.c |   9 -
 translate-all.c   | 520 +-
 45 files changed, 964 insertions(+), 1492 deletions(-)

[Qemu-devel] [PULL 14/26] target-sparc: Remove gen_opc_jump_pc

[Richard Henderson]

Since jump_pc[1] is always npc + 4, we can infer after incrementing
that jump_pc[1] == pc + 4.  Because of that, we can encode the branch
destination into a single word, and store that in npc.

Reviewed-by: Aurelien Jarno 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target-sparc/translate.c | 19 ++-
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/target-sparc/translate.c b/target-sparc/translate.c
index c6a8d86..25b5bc0 100644
--- a/target-sparc/translate.c
+++ b/target-sparc/translate.c
@@ -65,7 +65,6 @@ static TCGv cpu_wim;
 static TCGv_i64 cpu_fpr[TARGET_DPREGS];
 
 static target_ulong gen_opc_npc[OPC_BUF_SIZE];
-static target_ulong gen_opc_jump_pc[2];
 
 #include "exec/gen-icount.h"
 
@@ -5250,6 +5249,10 @@ static inline void 
gen_intermediate_code_internal(SPARCCPU *cpu,
 tcg_ctx.gen_opc_instr_start[lj++] = 0;
 tcg_ctx.gen_opc_pc[lj] = dc->pc;
 gen_opc_npc[lj] = dc->npc;
+if (dc->npc & JUMP_PC) {
+assert(dc->jump_pc[1] == dc->pc + 4);
+gen_opc_npc[lj] = dc->jump_pc[0] | JUMP_PC;
+}
 tcg_ctx.gen_opc_instr_start[lj] = 1;
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
@@ -5321,8 +5324,6 @@ static inline void 
gen_intermediate_code_internal(SPARCCPU *cpu,
 #if 0
 log_page_dump();
 #endif
-gen_opc_jump_pc[0] = dc->jump_pc[0];
-gen_opc_jump_pc[1] = dc->jump_pc[1];
 } else {
 tb->size = last_pc + 4 - pc_start;
 tb->icount = num_insns;
@@ -5450,17 +5451,17 @@ void gen_intermediate_code_init(CPUSPARCState *env)
 
 void restore_state_to_opc(CPUSPARCState *env, TranslationBlock *tb, int pc_pos)
 {
-target_ulong npc;
-env->pc = tcg_ctx.gen_opc_pc[pc_pos];
+target_ulong pc, npc;
+env->pc = pc = tcg_ctx.gen_opc_pc[pc_pos];
 npc = gen_opc_npc[pc_pos];
-if (npc == 1) {
+if (npc == DYNAMIC_PC) {
 /* dynamic NPC: already stored */
-} else if (npc == 2) {
+} else if (npc & JUMP_PC) {
 /* jump PC: use 'cond' and the jump targets of the translation */
 if (env->cond) {
-env->npc = gen_opc_jump_pc[0];
+env->npc = npc & ~3;
 } else {
-env->npc = gen_opc_jump_pc[1];
+env->npc = pc + 4;
 }
 } else {
 env->npc = npc;
-- 
2.4.3

[Qemu-devel] [PULL 02/26] target-*: Unconditionally emit tcg_gen_insn_start

[Richard Henderson]

While we're at it, emit the opcode adjacent to where we currently
record data for search_pc.  This puts gen_io_start et al on the
"correct" side of the marker.

Reviewed-by: Aurelien Jarno 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c  |  6 ++
 target-arm/translate-a64.c|  5 +
 target-arm/translate.c|  5 +
 target-cris/translate.c   |  5 +
 target-cris/translate_v10.c   |  3 ---
 target-i386/translate.c   |  5 ++---
 target-lm32/translate.c   |  5 +
 target-m68k/translate.c   | 10 +-
 target-microblaze/translate.c |  5 +
 target-mips/translate.c   |  9 -
 target-moxie/translate.c  |  6 ++
 target-openrisc/translate.c   |  5 +
 target-ppc/translate.c|  5 ++---
 target-s390x/translate.c  |  6 ++
 target-sh4/translate.c| 14 +-
 target-sparc/translate.c  | 10 +-
 target-tilegx/translate.c |  6 ++
 target-tricore/translate.c|  2 ++
 target-unicore32/translate.c  |  5 +
 target-xtensa/translate.c |  5 +
 20 files changed, 41 insertions(+), 81 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 76916f4..60370d6 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2933,16 +2933,14 @@ static inline void 
gen_intermediate_code_internal(AlphaCPU *cpu,
 tcg_ctx.gen_opc_instr_start[lj] = 1;
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
+tcg_gen_insn_start(ctx.pc);
+
 if (num_insns + 1 == max_insns && (tb->cflags & CF_LAST_IO)) {
 gen_io_start();
 }
 insn = cpu_ldl_code(env, ctx.pc);
 num_insns++;
 
-   if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP | CPU_LOG_TB_OP_OPT))) {
-tcg_gen_insn_start(ctx.pc);
-}
-
 TCGV_UNUSED_I64(ctx.zero);
 TCGV_UNUSED_I64(ctx.sink);
 TCGV_UNUSED_I64(ctx.lit);
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index a618711..6a66ac0 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -11103,15 +11103,12 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
 tcg_ctx.gen_opc_instr_start[lj] = 1;
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
+tcg_gen_insn_start(dc->pc);
 
 if (num_insns + 1 == max_insns && (tb->cflags & CF_LAST_IO)) {
 gen_io_start();
 }
 
-if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP | CPU_LOG_TB_OP_OPT))) {
-tcg_gen_insn_start(dc->pc);
-}
-
 if (dc->ss_active && !dc->pstate_ss) {
 /* Singlestep state is Active-pending.
  * If we're in this state at the start of a TB then either
diff --git a/target-arm/translate.c b/target-arm/translate.c
index b521fc8..8348848 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11348,14 +11348,11 @@ static inline void 
gen_intermediate_code_internal(ARMCPU *cpu,
 tcg_ctx.gen_opc_instr_start[lj] = 1;
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
+tcg_gen_insn_start(dc->pc);
 
 if (num_insns + 1 == max_insns && (tb->cflags & CF_LAST_IO))
 gen_io_start();
 
-if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP | CPU_LOG_TB_OP_OPT))) {
-tcg_gen_insn_start(dc->pc);
-}
-
 if (dc->ss_active && !dc->pstate_ss) {
 /* Singlestep state is Active-pending.
  * If we're in this state at the start of a TB then either
diff --git a/target-cris/translate.c b/target-cris/translate.c
index c5a22af..0a4b363 100644
--- a/target-cris/translate.c
+++ b/target-cris/translate.c
@@ -2994,10 +2994,6 @@ static unsigned int crisv32_decoder(CPUCRISState *env, 
DisasContext *dc)
 int insn_len = 2;
 int i;
 
-if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP | CPU_LOG_TB_OP_OPT))) {
-tcg_gen_insn_start(dc->pc);
-}
-
 /* Load a halfword onto the instruction register.  */
 dc->ir = cris_fetch(env, dc, dc->pc, 2, 0);
 
@@ -3197,6 +3193,7 @@ gen_intermediate_code_internal(CRISCPU *cpu, 
TranslationBlock *tb,
 tcg_ctx.gen_opc_instr_start[lj] = 1;
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
+tcg_gen_insn_start(dc->pc);
 
 /* Pretty disas.  */
 LOG_DIS("%8.8x:\t", dc->pc);
diff --git a/target-cris/translate_v10.c b/target-cris/translate_v10.c
index 12d7dfc..3ab1c39 100644
--- a/target-cris/translate_v10.c
+++ b/target-cris/translate_v10.c
@@ -1199,9 +1199,6 @@ static unsigned int crisv10_decoder(CPUCRISState *env, 
DisasContext *dc)
 {
 unsigned int insn_len = 2;
 
-if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP)))
-tcg_gen_insn_start(dc->pc);
-
 /* Load a halfword onto the instruction register.  */
 dc->ir = cpu_lduw_code(env, 

[Qemu-devel] [PULL 11/26] target-cris: Mirror gen_opc_pc into insn_start

[Richard Henderson]

This perhaps isn't ideal in terms of (ab)using the "pc" field
to encode both pc and ppc + delay branch state, as one has to
be aware of this when examining opcode dumps.

But it preserves existing logic, which will be good for bisection,
and it certainly does save storage space.

Reviewed-by: Aurelien Jarno 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target-cris/translate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target-cris/translate.c b/target-cris/translate.c
index 477bddc..3d55a6a 100644
--- a/target-cris/translate.c
+++ b/target-cris/translate.c
@@ -3174,7 +3174,8 @@ gen_intermediate_code_internal(CRISCPU *cpu, 
TranslationBlock *tb,
 tcg_ctx.gen_opc_instr_start[lj] = 1;
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
-tcg_gen_insn_start(dc->pc);
+tcg_gen_insn_start(dc->delayed_branch == 1
+   ? dc->ppc | 1 : dc->pc);
 num_insns++;
 
 if (unlikely(cpu_breakpoint_test(cs, dc->pc, BP_ANY))) {
-- 
2.4.3

[Qemu-devel] [PULL 10/26] target-sh4: Add flags state to insn_start

[Richard Henderson]

Reviewed-by: Aurelien Jarno 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target-sh4/cpu.h   | 1 +
 target-sh4/translate.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/target-sh4/cpu.h b/target-sh4/cpu.h
index 6fb6321..145e5df 100644
--- a/target-sh4/cpu.h
+++ b/target-sh4/cpu.h
@@ -120,6 +120,7 @@ typedef struct tlb_t {
 #define ITLB_SIZE 4
 
 #define NB_MMU_MODES 2
+#define TARGET_INSN_START_EXTRA_WORDS 1
 
 enum sh_features {
 SH_FEATURE_SH4A = 1,
diff --git a/target-sh4/translate.c b/target-sh4/translate.c
index 53bf9e8..efaa6f6 100644
--- a/target-sh4/translate.c
+++ b/target-sh4/translate.c
@@ -1860,7 +1860,7 @@ gen_intermediate_code_internal(SuperHCPU *cpu, 
TranslationBlock *tb,
 tcg_ctx.gen_opc_instr_start[ii] = 1;
 tcg_ctx.gen_opc_icount[ii] = num_insns;
 }
-tcg_gen_insn_start(ctx.pc);
+tcg_gen_insn_start(ctx.pc, ctx.flags);
 num_insns++;
 
 if (unlikely(cpu_breakpoint_test(cs, ctx.pc, BP_ANY))) {
-- 
2.4.3

[Qemu-devel] [PULL 07/26] target-i386: Add cc_op state to insn_start

[Richard Henderson]

Reviewed-by: Aurelien Jarno 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target-i386/cpu.h   | 1 +
 target-i386/translate.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 8926780..2b2a29d 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -794,6 +794,7 @@ typedef struct {
 #define MAX_GP_COUNTERS(MSR_IA32_PERF_STATUS - MSR_P6_EVNTSEL0)
 
 #define NB_MMU_MODES 3
+#define TARGET_INSN_START_EXTRA_WORDS 1
 
 #define NB_OPMASK_REGS 8
 
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 9ec9c4c..7501b91 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -7949,7 +7949,7 @@ static inline void gen_intermediate_code_internal(X86CPU 
*cpu,
 tcg_ctx.gen_opc_instr_start[lj] = 1;
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
-tcg_gen_insn_start(pc_ptr);
+tcg_gen_insn_start(pc_ptr, dc->cc_op);
 num_insns++;
 
 /* If RF is set, suppress an internally generated breakpoint.  */
-- 
2.4.3

Re: [Qemu-devel] [PATCH 6/8] migration: implementation of hook_ram_sync

[Paolo Bonzini]

On 07/10/2015 08:20, Denis V. Lunev wrote:
> +if (migrate_is_test()) {
> +/* since no data is transfered during estimation all
> +   all measurements below will be incorrect.
> +   as well no need for delays. */
> +continue;
> +}

By applying delays, you can also test migration using bandwidth
limitations and try to estimate whether it will converge or not.
Perhaps if you use writev_buffer to implement the test QEMUFile you do
not need this anymore.

Paolo

Re: [Qemu-devel] [PATCH v2] virtio: add some migration doc

[Cornelia Huck]

On Thu, 17 Sep 2015 18:42:57 +0200
Cornelia Huck  wrote:

> Try to cover the basics of virtio migration.
> 
> Signed-off-by: Cornelia Huck 
> Reviewed-by: Greg Kurz 
> ---
> v1->v2: make copyright explicit
> ---
>  docs/virtio-migration.txt | 106 
> ++
>  1 file changed, 106 insertions(+)
>  create mode 100644 docs/virtio-migration.txt

Michael: Do you want to take this through your tree?

> 
> diff --git a/docs/virtio-migration.txt b/docs/virtio-migration.txt
> new file mode 100644
> index 000..cf66458
> --- /dev/null
> +++ b/docs/virtio-migration.txt
> @@ -0,0 +1,106 @@
> +Virtio devices and migration
> +
> +
> +Copyright 2015 IBM Corp.
> +
> +This work is licensed under the terms of the GNU GPL, version 2 or later.  
> See
> +the COPYING file in the top-level directory.
> +
> +Saving and restoring the state of virtio devices is a bit of a twisty maze,
> +for several reasons:
> +- state is distributed between several parts:
> +  - virtio core, for common fields like features, number of queues, ...
> +  - virtio transport (pci, ccw, ...), for the different proxy devices and
> +transport specific state (msix vectors, indicators, ...)
> +  - virtio device (net, blk, ...), for the different device types and their
> +state (mac address, request queue, ...)
> +- most fields are saved via the stream interface; subsequently, subsections
> +  have been added to make cross-version migration possible
> +
> +This file attempts to document the current procedure and point out some
> +caveats.
> +
> +
> +Save state procedure
> +
> +
> +virtio core   virtio transport  virtio device
> +---     -
> +
> +save() function 
> registered
> +via register_savevm()
> +virtio_save()   <--
> + -->  save_config()
> +  - save proxy device
> +  - save transport-specific
> +device fields
> +- save common device
> +  fields
> +- save common virtqueue
> +  fields
> + -->  save_queue()
> +  - save transport-specific
> +virtqueue fields
> + -->   save_device()
> +   - save device-specific
> + fields
> +- save subsections
> +  - device endianness,
> +if changed from
> +default endianness
> +  - 64 bit features, if
> +any high feature bit
> +is set
> +  - virtio-1 virtqueue
> +fields, if VERSION_1
> +is set
> +
> +
> +Load state procedure
> +
> +
> +virtio core   virtio transport  virtio device
> +---     -
> +
> +load() function 
> registered
> +via register_savevm()
> +virtio_load()   <--
> + -->  load_config()
> +  - load proxy device
> +  - load transport-specific
> +device fields
> +- load common device
> +  fields
> +- load common virtqueue
> +  fields
> + -->  load_queue()
> +  - load transport-specific
> +virtqueue fields
> +- notify guest
> + -->   load_device()
> +   - load device-specific
> + fields
> +- load subsections
> +  - device endianness
> +  - 64 bit features
> +  - virtio-1 virtqueue
> +fields
> +- sanitize endianness
> +- sanitize features
> +- virtqueue index sanity
> +  check
> +   - feature-dependent setup
> +
> +
> +Implications of this setup
> +==
> +
> +Devices need to be careful in their state processing during load: The
> +load_device() procedure is invoked by the core before subsections have
> +been loaded. Any code that depends on information transmitted in subsections
> +therefore has to be invoked in the device's load() function _after_
> +virtio_load() returned (like e.g. code depending on features).
> +
> +Any extension of the state being migrated should be done in subsections
> +added to the core for compatibility reasons. If transport or device specific
> +state is added, core needs to invoke a callback from the new subsection.

[Qemu-devel] [PATCH 2/5] qga: guest exec functionality

[Denis V. Lunev]

From: Yuri Pudgorodskiy 

Guest-exec rewriten in platform-independant style with glib spawn.

Child process is spawn asynchroneously and exit status can later
be picked up by guest-exec-status command.

stdin/stdout/stderr of the child now is redirected to /dev/null
Later we will add ability to specify stdin in guest-exec command
and to get collected stdout/stderr with guest-exec-status.

Signed-off-by: Yuri Pudgorodskiy 
Signed-off-by: Denis V. Lunev 
CC: Michael Roth 
---
 qga/commands.c   | 188 +++
 qga/qapi-schema.json |  62 +
 2 files changed, 250 insertions(+)

diff --git a/qga/commands.c b/qga/commands.c
index 7834967..1673941 100644
--- a/qga/commands.c
+++ b/qga/commands.c
@@ -70,3 +70,191 @@ struct GuestAgentInfo *qmp_guest_info(Error **errp)
 qmp_for_each_command(qmp_command_info, info);
 return info;
 }
+
+struct GuestExecInfo {
+GPid pid;
+gint status;
+bool finished;
+QTAILQ_ENTRY(GuestExecInfo) next;
+};
+typedef struct GuestExecInfo GuestExecInfo;
+
+static struct {
+QTAILQ_HEAD(, GuestExecInfo) processes;
+} guest_exec_state = {
+.processes = QTAILQ_HEAD_INITIALIZER(guest_exec_state.processes),
+};
+
+static GuestExecInfo *guest_exec_info_add(GPid pid)
+{
+GuestExecInfo *gei;
+
+gei = g_new0(GuestExecInfo, 1);
+gei->pid = pid;
+QTAILQ_INSERT_TAIL(_exec_state.processes, gei, next);
+
+return gei;
+}
+
+static GuestExecInfo *guest_exec_info_find(GPid pid)
+{
+GuestExecInfo *gei;
+
+QTAILQ_FOREACH(gei, _exec_state.processes, next) {
+if (gei->pid == pid) {
+return gei;
+}
+}
+
+return NULL;
+}
+
+GuestExecStatus *qmp_guest_exec_status(int64_t pid, Error **err)
+{
+GuestExecInfo *gei;
+GuestExecStatus *ges;
+
+slog("guest-exec-status called, pid: %u", (uint32_t)pid);
+
+gei = guest_exec_info_find((GPid)pid);
+if (gei == NULL) {
+error_setg(err, QERR_INVALID_PARAMETER, "pid");
+return NULL;
+}
+
+ges = g_new0(GuestExecStatus, 1);
+ges->exited = gei->finished;
+
+if (gei->finished) {
+/* Glib has no portable way to parse exit status.
+ * On UNIX, we can get either exit code from normal termination
+ * or signal number.
+ * On Windows, it is either the same exit code or the exception
+ * value for an unhandled exception that caused the process
+ * to terminate.
+ * See MSDN for GetExitCodeProcess() and ntstatus.h for possible
+ * well-known codes, e.g. C005 ACCESS_DENIED - analog of SIGSEGV
+ * References:
+ *   
https://msdn.microsoft.com/en-us/library/windows/desktop/ms683189(v=vs.85).aspx
+ *   https://msdn.microsoft.com/en-us/library/aa260331(v=vs.60).aspx
+ */
+#ifdef G_OS_WIN32
+/* Additionally WIN32 does not provide any additional information
+ * on whetherthe child exited or terminated via signal.
+ * We use this simple range check to distingish application exit code
+ * (usually value less then 256) and unhandled exception code with
+ * ntstatus (always value greater then 0xC005). */
+if ((uint32_t)gei->status < 0xC000U) {
+ges->has_exitcode = true;
+ges->exitcode = gei->status;
+} else {
+ges->has_signal = true;
+ges->signal = gei->status;
+}
+#else
+if (WIFEXITED(gei->status)) {
+ges->has_exitcode = true;
+ges->exitcode = WEXITSTATUS(gei->status);
+} else if (WIFSIGNALED(gei->status)) {
+ges->has_signal = true;
+ges->signal = WTERMSIG(gei->status);
+}
+#endif
+QTAILQ_REMOVE(_exec_state.processes, gei, next);
+g_free(gei);
+}
+
+return ges;
+}
+
+/* Get environment variables or arguments array for execve(). */
+static char **guest_exec_get_args(const strList *entry, bool log)
+{
+const strList *it;
+int count = 1, i = 0;  /* reserve for NULL terminator */
+char **args;
+char *str; /* for logging array of arguments */
+size_t str_size = 1;
+
+for (it = entry; it != NULL; it = it->next) {
+count++;
+str_size += 1 + strlen(it->value);
+}
+
+str = g_malloc(str_size);
+*str = 0;
+args = g_malloc(count * sizeof(char *));
+for (it = entry; it != NULL; it = it->next) {
+args[i++] = it->value;
+pstrcat(str, str_size, it->value);
+if (it->next) {
+pstrcat(str, str_size, " ");
+}
+}
+args[i] = NULL;
+
+if (log) {
+slog("guest-exec called: \"%s\"", str);
+}
+g_free(str);
+
+return args;
+}
+
+static void guest_exec_child_watch(GPid pid, gint status, gpointer data)
+{
+GuestExecInfo *gei = (GuestExecInfo *)data;
+
+g_debug("guest_exec_child_watch 

Re: [Qemu-devel] [PATCH v5 1/1] block/gluster: add support for multiple gluster backup volfile servers

[Peter Krempa]

[ trimmed the CC list for this ]

On Wed, Oct 07, 2015 at 06:15:59 -0400, Prasanna Kalever wrote:
> Hi Peter & Kevin,
> 
> Thanks for your detailed review comments. I shall try to incorporate these 
> changes as a next patch-set.
> 
> - Prasanna Kumar Kalever
> 
>

Please don't top post on technical lists ... and ...

> 
> > On Mon, Sep 28, 2015 at 18:06:12 +0530, Prasanna Kumar Kalever wrote:
> > > This patch adds a way to specify multiple volfile servers to the gluster
> > > block backend of QEMU with tcp|rdma transport types and their port 
> > > numbers.
> > > 
> > > Problem:

... trim parts of messages that are no longer relevant.

http://www.idallen.com/topposting.html


signature.asc
Description: Digital signature

Re: [Qemu-devel] [PATCH v3 6/6] tcg/mips: Support r6 SEL{NE, EQ}Z instead of MOVN/MOVZ

[James Hogan]

On Wed, Oct 07, 2015 at 08:46:30PM +1100, Richard Henderson wrote:
> On 10/02/2015 10:24 PM, James Hogan wrote:
> > Extend MIPS movcond implementation to support the SELNEZ/SELEQZ
> > instructions introduced in MIPS r6 (where MOVN/MOVZ have been removed).
> >
> > Whereas the "MOVN/MOVZ rd, rs, rt" instructions have the following
> > semantics:
> >   rd = [!]rt ? rs : rd
> >
> > The "SELNEZ/SELEQZ rd, rs, rt" instructions are slightly different:
> >   rd = [!]rt ? rs : 0
> >
> > First we ensure that if one of the movcond input values is zero that it
> > comes last (we can swap the input arguments if we invert the condition).
> > This is so that it can exactly match one of the SELNEZ/SELEQZ
> > instructions and avoid the need to emit the other one.
> >
> > Otherwise we emit the opposite instruction first into a temporary
> > register, and OR that into the result:
> >   SELNEZ/SELEQZ  TMP1, v2, c1
> >   SELEQZ/SELNEZ  ret, v1, c1
> >   OR ret, ret, TMP1
> >
> > Which does the following:
> >   ret = cond ? v1 : v2
> >
> > Signed-off-by: James Hogan
> > Cc: Richard Henderson
> > Cc: Aurelien Jarno
> 
> Reviewed-by: Richard Henderson 

Thanks for the reviewing!

> 
> 
> >  { INDEX_op_brcond_i32, { "rZ", "rZ" } },
> > +#if !use_mips32r6_instructions
> >  { INDEX_op_movcond_i32, { "r", "rZ", "rZ", "rZ", "0" } },
> > +#else
> > +{ INDEX_op_movcond_i32, { "r", "rZ", "rZ", "rZ", "rZ" } },
> > +#endif
> 
> 
> The only thing I'd change is preferring positive tests to negative ones.  So 
> swap the order of these lines, and the sense of the #if.

No problem. Shall I do a full resend for that, or can it be fixed up by
whoever applies?

Cheers
James

> 
> Leon, do you want to take this as a mips maintainer, or shall I as tcg 
> maintainer?
> 
> 
> r~


signature.asc
Description: Digital signature

Re: [Qemu-devel] [PATCH 3/4] why is runstate_is_running needed?

[Pavel Dovgaluk]

I checked this patch.
Let's leave it without runstate_is_running() call.
If it will be needed later, we'll find it out.

Pavel Dovgalyuk


> -Original Message-
> From: Paolo Bonzini [mailto:paolo.bonz...@gmail.com] On Behalf Of Paolo 
> Bonzini
> Sent: Tuesday, October 06, 2015 11:01 PM
> To: qemu-devel@nongnu.org
> Cc: pavel.dovga...@ispras.ru
> Subject: [PATCH 3/4] why is runstate_is_running needed?
> 
> It doesn't seem correct to call it for all checkpoints, but why
> is it right for timerlist_run_timers?
> ---
>  qemu-timer.c   | 9 +++--
>  stubs/replay.c | 5 -
>  2 files changed, 3 insertions(+), 11 deletions(-)
> 
> diff --git a/qemu-timer.c b/qemu-timer.c
> index 3c6e4c3..f16e422 100644
> --- a/qemu-timer.c
> +++ b/qemu-timer.c
> @@ -488,20 +488,17 @@ bool timerlist_run_timers(QEMUTimerList *timer_list)
>  break;
>  default:
>  case QEMU_CLOCK_VIRTUAL:
> -if ((replay_mode != REPLAY_MODE_NONE && !runstate_is_running())
> -|| !replay_checkpoint(CHECKPOINT_CLOCK_VIRTUAL)) {
> +if (!replay_checkpoint(CHECKPOINT_CLOCK_VIRTUAL)) {
>  goto out;
>  }
>  break;
>  case QEMU_CLOCK_HOST:
> -if ((replay_mode != REPLAY_MODE_NONE && !runstate_is_running())
> -|| !replay_checkpoint(CHECKPOINT_CLOCK_HOST)) {
> +if (!replay_checkpoint(CHECKPOINT_CLOCK_HOST)) {
>  goto out;
>  }
>  break;
>  case QEMU_CLOCK_VIRTUAL_RT:
> -if ((replay_mode != REPLAY_MODE_NONE && !runstate_is_running())
> -|| !replay_checkpoint(CHECKPOINT_CLOCK_VIRTUAL_RT)) {
> +if (!replay_checkpoint(CHECKPOINT_CLOCK_VIRTUAL_RT)) {
>  goto out;
>  }
>  break;
> diff --git a/stubs/replay.c b/stubs/replay.c
> index 71fa7d5..42d01b5 100755
> --- a/stubs/replay.c
> +++ b/stubs/replay.c
> @@ -22,11 +22,6 @@ bool replay_checkpoint(ReplayCheckpoint checkpoint)
>  return true;
>  }
> 
> -int runstate_is_running(void)
> -{
> -abort();
> -}
> -
>  bool replay_events_enabled(void)
>  {
>  return false;
> --
> 2.5.0
> 

Re: [Qemu-devel] [PATCH v5 1/1] block/gluster: add support for multiple gluster backup volfile servers

[Kevin Wolf]

Am 07.10.2015 um 11:09 hat Peter Krempa geschrieben:
> On Mon, Sep 28, 2015 at 18:06:12 +0530, Prasanna Kumar Kalever wrote:
> >driver   => 'gluster' (protocol name)
> >volname  => name of gluster volume where our VM image resides
> >image-path   => is the absolute path of image in gluster volume
> > 
> >   {tuple}   => {"server":"1.2.3.4"[,"port":"24007","transport":"tcp"]}
> > 
> >server   => server address (hostname/ipv4/ipv6 addresses)
> >port => port number on which glusterd is listening. (default 
> > 24007)
> >tranport => transport type used to connect to gluster management 
> > daemon,
> > it can be tcp|rdma (default 'tcp')
> > 
> > Examples:
> > 1.
> >  -drive driver=qcow2,file.driver=gluster,
> > file.volname=testvol,file.image-path=/path/a.qcow2,
> > file.volfile-servers.0.server=1.2.3.4,
> > file.volfile-servers.0.port=24007,
> > file.volfile-servers.0.transport=tcp,
> > file.volfile-servers.1.server=5.6.7.8,
> > file.volfile-servers.1.port=24008,
> > file.volfile-servers.1.transport=rdma
> > 2.
> >  'json:{"driver":"qcow2","file":{"driver":"gluster","volname":"testvol",
> >  "image-path":"/path/a.qcow2","volfile-servers":
> >  [{"server":"1.2.3.4","port":"24007","transport":"tcp"},
> >   {"server":"4.5.6.7","port":"24008","transport":"rdma"}] } }'
> 
>   -drive driver=qcow2,file.driver=gluster,
>  file.volume=testvol,
>  file.path=/path/a.qcow2,
>  file.server.0.host=1.2.3.4,
>  file.server.0.port=24007,
>  file.server.0.transport=tcp,
>  file.server.1.host=5.6.7.8,
>  file.server.1.port=24008,
>  file.server.1.transport=rdma
> 
> I'm suggesting the above naming scheme.
> So:
> 'path' instead of 'image-path'
> 'volume' instead of 'volname'
> 'server' instead of 'volfile-servers'
> 'host' instead of 'server'

I agree, let's keep the names short so they are easy to read, type and
remember. I especially agree with changing 'server' into 'host' because
that makes it consistent with InetSocketAddress.

Kevin


pgpYSNldznaKd.pgp
Description: PGP signature

[Qemu-devel] [PULL 08/19] target-tilegx: Let x1 pipe process bpt instruction only

[Richard Henderson]

From: Chen Gang 

According to the related document, bpt can be only in x1 pipe.

Signed-off-by: Chen Gang 
Message-Id: <1443224574-2718-1-git-send-email-gang.chen.5...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target-tilegx/translate.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
index d7e4d52..3566b88 100644
--- a/target-tilegx/translate.c
+++ b/target-tilegx/translate.c
@@ -458,8 +458,14 @@ static TileExcp gen_rr_opcode(DisasContext *dc, unsigned 
opext,
 mnemonic = "flushwb";
 goto done0;
 case OE_RR_X1(ILL):
+if (dest == 0x1c && srca == 0x25) {
+mnemonic = "bpt";
+goto done2;
+}
+/* Fall through */
 case OE_RR_Y1(ILL):
-mnemonic = (dest == 0x1c && srca == 0x25 ? "bpt" : "ill");
+mnemonic = "ill";
+done2:
 qemu_log_mask(CPU_LOG_TB_IN_ASM, "%s", mnemonic);
 return TILEGX_EXCP_OPCODE_UNKNOWN;
 case OE_RR_X1(MF):
-- 
2.4.3

[Qemu-devel] [PULL 04/26] target-*: Introduce and use cpu_breakpoint_test

[Richard Henderson]

Reduce the boilerplate required for each target.  At the same time,
move the test for breakpoint after calling tcg_gen_insn_start.

Note that arm and aarch64 do not use cpu_breakpoint_test, but still
move the inline test down after tcg_gen_insn_start.

Reviewed-by: Aurelien Jarno 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 include/qom/cpu.h | 16 
 target-alpha/translate.c  | 13 -
 target-arm/translate-a64.c| 26 +-
 target-arm/translate.c| 31 ---
 target-cris/translate.c   | 27 ---
 target-i386/translate.c   | 17 +++--
 target-lm32/translate.c   | 25 +++--
 target-m68k/translate.c   | 18 ++
 target-microblaze/translate.c | 36 +---
 target-mips/translate.c   | 25 ++---
 target-moxie/translate.c  | 19 +++
 target-openrisc/translate.c   | 24 +++-
 target-ppc/translate.c| 14 +-
 target-s390x/translate.c  | 16 ++--
 target-sh4/translate.c| 20 
 target-sparc/translate.c  | 23 ++-
 target-unicore32/translate.c  | 24 ++--
 target-xtensa/translate.c | 25 +++--
 18 files changed, 160 insertions(+), 239 deletions(-)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 9405554..b613ff0 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -721,6 +721,7 @@ void cpu_single_step(CPUState *cpu, int enabled);
 /* 0x08 currently unused */
 #define BP_GDB0x10
 #define BP_CPU0x20
+#define BP_ANY(BP_GDB | BP_CPU)
 #define BP_WATCHPOINT_HIT_READ 0x40
 #define BP_WATCHPOINT_HIT_WRITE 0x80
 #define BP_WATCHPOINT_HIT (BP_WATCHPOINT_HIT_READ | BP_WATCHPOINT_HIT_WRITE)
@@ -731,6 +732,21 @@ int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int 
flags);
 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint);
 void cpu_breakpoint_remove_all(CPUState *cpu, int mask);
 
+/* Return true if PC matches an installed breakpoint.  */
+static inline bool cpu_breakpoint_test(CPUState *cpu, vaddr pc, int mask)
+{
+CPUBreakpoint *bp;
+
+if (unlikely(!QTAILQ_EMPTY(>breakpoints))) {
+QTAILQ_FOREACH(bp, >breakpoints, entry) {
+if (bp->pc == pc && (bp->flags & mask)) {
+return true;
+}
+}
+}
+return false;
+}
+
 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
   int flags, CPUWatchpoint **watchpoint);
 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr,
diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index fa0ac2d..c10193e 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2868,7 +2868,6 @@ static inline void 
gen_intermediate_code_internal(AlphaCPU *cpu,
 target_ulong pc_start;
 target_ulong pc_mask;
 uint32_t insn;
-CPUBreakpoint *bp;
 int j, lj = -1;
 ExitStatus ret;
 int num_insns;
@@ -2913,14 +2912,6 @@ static inline void 
gen_intermediate_code_internal(AlphaCPU *cpu,
 
 gen_tb_start(tb);
 do {
-if (unlikely(!QTAILQ_EMPTY(>breakpoints))) {
-QTAILQ_FOREACH(bp, >breakpoints, entry) {
-if (bp->pc == ctx.pc) {
-gen_excp(, EXCP_DEBUG, 0);
-break;
-}
-}
-}
 if (search_pc) {
 j = tcg_op_buf_count();
 if (lj < j) {
@@ -2936,6 +2927,10 @@ static inline void 
gen_intermediate_code_internal(AlphaCPU *cpu,
 tcg_gen_insn_start(ctx.pc);
 num_insns++;
 
+if (unlikely(cpu_breakpoint_test(cs, ctx.pc, BP_ANY))) {
+gen_excp(, EXCP_DEBUG, 0);
+break;
+}
 if (num_insns == max_insns && (tb->cflags & CF_LAST_IO)) {
 gen_io_start();
 }
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 4670941..bc2040e 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -11007,7 +11007,6 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
 CPUState *cs = CPU(cpu);
 CPUARMState *env = >env;
 DisasContext dc1, *dc = 
-CPUBreakpoint *bp;
 int j, lj;
 target_ulong pc_start;
 target_ulong next_page_start;
@@ -11079,18 +11078,6 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
 tcg_clear_temp_count();
 
 do {
-if (unlikely(!QTAILQ_EMPTY(>breakpoints))) {
-QTAILQ_FOREACH(bp, >breakpoints, entry) {
-if (bp->pc == dc->pc) {
-gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
-/* Advance PC so that clearing the breakpoint will
-   

[Qemu-devel] [PULL 03/26] target-*: Increment num_insns immediately after tcg_gen_insn_start

[Richard Henderson]

This does tidy the icount test common to all targets.

Reviewed-by: Aurelien Jarno 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target-alpha/translate.c  | 4 ++--
 target-arm/translate-a64.c| 6 +++---
 target-arm/translate.c| 7 ---
 target-cris/translate.c   | 4 ++--
 target-i386/translate.c   | 5 +++--
 target-lm32/translate.c   | 5 ++---
 target-m68k/translate.c   | 4 ++--
 target-microblaze/translate.c | 5 +++--
 target-mips/translate.c   | 5 ++---
 target-moxie/translate.c  | 2 +-
 target-openrisc/translate.c   | 4 ++--
 target-ppc/translate.c| 4 ++--
 target-s390x/translate.c  | 3 ++-
 target-sh4/translate.c| 4 ++--
 target-sparc/translate.c  | 4 ++--
 target-tilegx/translate.c | 3 ++-
 target-tricore/translate.c| 3 +--
 target-unicore32/translate.c  | 4 ++--
 target-xtensa/translate.c | 4 ++--
 19 files changed, 41 insertions(+), 39 deletions(-)

diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 60370d6..fa0ac2d 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2934,12 +2934,12 @@ static inline void 
gen_intermediate_code_internal(AlphaCPU *cpu,
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
 tcg_gen_insn_start(ctx.pc);
+num_insns++;
 
-if (num_insns + 1 == max_insns && (tb->cflags & CF_LAST_IO)) {
+if (num_insns == max_insns && (tb->cflags & CF_LAST_IO)) {
 gen_io_start();
 }
 insn = cpu_ldl_code(env, ctx.pc);
-num_insns++;
 
 TCGV_UNUSED_I64(ctx.zero);
 TCGV_UNUSED_I64(ctx.sink);
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 6a66ac0..4670941 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -11104,8 +11104,9 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
 tcg_gen_insn_start(dc->pc);
+num_insns++;
 
-if (num_insns + 1 == max_insns && (tb->cflags & CF_LAST_IO)) {
+if (num_insns == max_insns && (tb->cflags & CF_LAST_IO)) {
 gen_io_start();
 }
 
@@ -11120,7 +11121,7 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
  * "did not step an insn" case, and so the syndrome ISV and EX
  * bits should be zero.
  */
-assert(num_insns == 0);
+assert(num_insns == 1);
 gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
   default_exception_el(dc));
 dc->is_jmp = DISAS_EXC;
@@ -11139,7 +11140,6 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
  * Also stop translation when a page boundary is reached.  This
  * ensures prefetch aborts occur at the right place.
  */
-num_insns++;
 } while (!dc->is_jmp && !tcg_op_buf_full() &&
  !cs->singlestep_enabled &&
  !singlestep &&
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 8348848..cd88997 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11349,9 +11349,11 @@ static inline void 
gen_intermediate_code_internal(ARMCPU *cpu,
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
 tcg_gen_insn_start(dc->pc);
+num_insns++;
 
-if (num_insns + 1 == max_insns && (tb->cflags & CF_LAST_IO))
+if (num_insns == max_insns && (tb->cflags & CF_LAST_IO)) {
 gen_io_start();
+}
 
 if (dc->ss_active && !dc->pstate_ss) {
 /* Singlestep state is Active-pending.
@@ -11364,7 +11366,7 @@ static inline void 
gen_intermediate_code_internal(ARMCPU *cpu,
  * "did not step an insn" case, and so the syndrome ISV and EX
  * bits should be zero.
  */
-assert(num_insns == 0);
+assert(num_insns == 1);
 gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
   default_exception_el(dc));
 goto done_generating;
@@ -11400,7 +11402,6 @@ static inline void 
gen_intermediate_code_internal(ARMCPU *cpu,
  * Otherwise the subsequent code could get translated several times.
  * Also stop translation when a page boundary is reached.  This
  * ensures prefetch aborts occur at the right place.  */
-num_insns ++;
 } while (!dc->is_jmp && !tcg_op_buf_full() &&
  !cs->singlestep_enabled &&
  !singlestep &&
diff --git a/target-cris/translate.c b/target-cris/translate.c
index 0a4b363..bba7217 100644
--- a/target-cris/translate.c
+++ b/target-cris/translate.c
@@ -3194,11 +3194,12 @@ gen_intermediate_code_internal(CRISCPU *cpu, 
TranslationBlock *tb,
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
 tcg_gen_insn_start(dc->pc);
+num_insns++;

[Qemu-devel] [PULL 17/19] target-tilegx: Implement v2mults instruction

[Richard Henderson]

From: Chen Gang 

Signed-off-by: Chen Gang 
Message-Id: <1443956491-26850-3-git-send-email-gang.chen.5...@gmail.com>
Signed-off-by: Richard Henderson 
---
 target-tilegx/helper.h  |  1 +
 target-tilegx/simd_helper.c | 15 +++
 target-tilegx/translate.c   |  4 
 3 files changed, 20 insertions(+)

diff --git a/target-tilegx/helper.h b/target-tilegx/helper.h
index c58ee20..bbcc476 100644
--- a/target-tilegx/helper.h
+++ b/target-tilegx/helper.h
@@ -16,6 +16,7 @@ DEF_HELPER_FLAGS_2(v2int_h, TCG_CALL_NO_RWG_SE, i64, i64, i64)
 DEF_HELPER_FLAGS_2(v2int_l, TCG_CALL_NO_RWG_SE, i64, i64, i64)
 
 DEF_HELPER_FLAGS_2(v1multu, TCG_CALL_NO_RWG_SE, i64, i64, i64)
+DEF_HELPER_FLAGS_2(v2mults, TCG_CALL_NO_RWG_SE, i64, i64, i64)
 DEF_HELPER_FLAGS_2(v1shl, TCG_CALL_NO_RWG_SE, i64, i64, i64)
 DEF_HELPER_FLAGS_2(v1shru, TCG_CALL_NO_RWG_SE, i64, i64, i64)
 DEF_HELPER_FLAGS_2(v1shrs, TCG_CALL_NO_RWG_SE, i64, i64, i64)
diff --git a/target-tilegx/simd_helper.c b/target-tilegx/simd_helper.c
index d294671..6d7bb5c 100644
--- a/target-tilegx/simd_helper.c
+++ b/target-tilegx/simd_helper.c
@@ -41,6 +41,21 @@ uint64_t helper_v1multu(uint64_t a, uint64_t b)
 return r;
 }
 
+uint64_t helper_v2mults(uint64_t a, uint64_t b)
+{
+uint64_t r = 0;
+int i;
+
+/* While the instruction talks about signed inputs, with a
+   truncated result the sign of the inputs doesn't matter.  */
+for (i = 0; i < 64; i += 16) {
+unsigned ae = extract64(a, i, 16);
+unsigned be = extract64(b, i, 16);
+r = deposit64(r, i, 16, ae * be);
+}
+return r;
+}
+
 uint64_t helper_v1shl(uint64_t a, uint64_t b)
 {
 uint64_t m;
diff --git a/target-tilegx/translate.c b/target-tilegx/translate.c
index 034cbc2..eb2d0b1 100644
--- a/target-tilegx/translate.c
+++ b/target-tilegx/translate.c
@@ -1355,7 +1355,11 @@ static TileExcp gen_rrr_opcode(DisasContext *dc, 
unsigned opext,
 case OE_RRR(V2MNZ, 0, X1):
 case OE_RRR(V2MULFSC, 0, X0):
 case OE_RRR(V2MULS, 0, X0):
+return TILEGX_EXCP_OPCODE_UNIMPLEMENTED;
 case OE_RRR(V2MULTS, 0, X0):
+gen_helper_v2mults(tdest, tsrca, tsrcb);
+mnemonic = "v2mults";
+break;
 case OE_RRR(V2MZ, 0, X0):
 case OE_RRR(V2MZ, 0, X1):
 case OE_RRR(V2PACKH, 0, X0):
-- 
2.4.3

[Qemu-devel] [PULL 08/26] target-mips: Add delayed branch state to insn_start

[Richard Henderson]

Reviewed-by: Aurelien Jarno 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target-mips/cpu.h   | 1 +
 target-mips/translate.c | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/target-mips/cpu.h b/target-mips/cpu.h
index ec5f991..532b39e 100644
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@@ -130,6 +130,7 @@ struct CPUMIPSFPUContext {
 };
 
 #define NB_MMU_MODES 3
+#define TARGET_INSN_START_EXTRA_WORDS 2
 
 typedef struct CPUMIPSMVPContext CPUMIPSMVPContext;
 struct CPUMIPSMVPContext {
diff --git a/target-mips/translate.c b/target-mips/translate.c
index 57e826d..30d7d46 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -19562,6 +19562,7 @@ gen_intermediate_code_internal(MIPSCPU *cpu, 
TranslationBlock *tb,
 ctx.CP0_Config1 = env->CP0_Config1;
 ctx.tb = tb;
 ctx.bstate = BS_NONE;
+ctx.btarget = 0;
 ctx.kscrexist = (env->CP0_Config4 >> CP0C4_KScrExist) & 0xff;
 ctx.rxi = (env->CP0_Config3 >> CP0C3_RXI) & 1;
 ctx.ie = (env->CP0_Config4 >> CP0C4_IE) & 3;
@@ -19603,7 +19604,7 @@ gen_intermediate_code_internal(MIPSCPU *cpu, 
TranslationBlock *tb,
 tcg_ctx.gen_opc_instr_start[lj] = 1;
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
-tcg_gen_insn_start(ctx.pc);
+tcg_gen_insn_start(ctx.pc, ctx.hflags & MIPS_HFLAG_BMASK, ctx.btarget);
 num_insns++;
 
 if (unlikely(cpu_breakpoint_test(cs, ctx.pc, BP_ANY))) {
-- 
2.4.3

[Qemu-devel] [PULL 21/26] tcg: Remove gen_intermediate_code_pc

[Richard Henderson]

It is no longer used, so tidy up everything reached by it.
This includes the gen_opc_* arrays, the search_pc parameter
and the inline gen_intermediate_code_internal functions.

Reviewed-by: Aurelien Jarno 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 include/exec/exec-all.h   |  1 -
 target-alpha/translate.c  | 41 
 target-arm/translate-a64.c| 30 +++-
 target-arm/translate.c| 54 ---
 target-arm/translate.h|  8 ++-
 target-cris/translate.c   | 50 +--
 target-i386/translate.c   | 49 ---
 target-lm32/translate.c   | 42 -
 target-m68k/translate.c   | 43 --
 target-microblaze/translate.c | 40 
 target-mips/translate.c   | 48 --
 target-moxie/translate.c  | 41 
 target-openrisc/translate.c   | 42 -
 target-ppc/translate.c| 40 
 target-s390x/translate.c  | 44 ---
 target-sh4/translate.c| 43 --
 target-sparc/translate.c  | 51 
 target-tilegx/translate.c | 41 
 target-tricore/translate.c| 31 -
 target-unicore32/translate.c  | 44 ---
 target-xtensa/translate.c | 39 ---
 tcg/tcg.h |  4 
 22 files changed, 90 insertions(+), 736 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 402dd87..6871e78 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -73,7 +73,6 @@ typedef struct TranslationBlock TranslationBlock;
 #include "qemu/log.h"
 
 void gen_intermediate_code(CPUArchState *env, struct TranslationBlock *tb);
-void gen_intermediate_code_pc(CPUArchState *env, struct TranslationBlock *tb);
 void restore_state_to_opc(CPUArchState *env, struct TranslationBlock *tb,
   target_ulong *data);
 
diff --git a/target-alpha/translate.c b/target-alpha/translate.c
index 8395a30..f936d1b 100644
--- a/target-alpha/translate.c
+++ b/target-alpha/translate.c
@@ -2858,17 +2858,14 @@ static ExitStatus translate_one(DisasContext *ctx, 
uint32_t insn)
 return ret;
 }
 
-static inline void gen_intermediate_code_internal(AlphaCPU *cpu,
-  TranslationBlock *tb,
-  bool search_pc)
+void gen_intermediate_code(CPUAlphaState *env, struct TranslationBlock *tb)
 {
+AlphaCPU *cpu = alpha_env_get_cpu(env);
 CPUState *cs = CPU(cpu);
-CPUAlphaState *env = >env;
 DisasContext ctx, *ctxp = 
 target_ulong pc_start;
 target_ulong pc_mask;
 uint32_t insn;
-int j, lj = -1;
 ExitStatus ret;
 int num_insns;
 int max_insns;
@@ -2915,18 +2912,6 @@ static inline void 
gen_intermediate_code_internal(AlphaCPU *cpu,
 
 gen_tb_start(tb);
 do {
-if (search_pc) {
-j = tcg_op_buf_count();
-if (lj < j) {
-lj++;
-while (lj < j) {
-tcg_ctx.gen_opc_instr_start[lj++] = 0;
-}
-}
-tcg_ctx.gen_opc_pc[lj] = ctx.pc;
-tcg_ctx.gen_opc_instr_start[lj] = 1;
-tcg_ctx.gen_opc_icount[lj] = num_insns;
-}
 tcg_gen_insn_start(ctx.pc);
 num_insns++;
 
@@ -2993,16 +2978,8 @@ static inline void 
gen_intermediate_code_internal(AlphaCPU *cpu,
 
 gen_tb_end(tb, num_insns);
 
-if (search_pc) {
-j = tcg_op_buf_count();
-lj++;
-while (lj <= j) {
-tcg_ctx.gen_opc_instr_start[lj++] = 0;
-}
-} else {
-tb->size = ctx.pc - pc_start;
-tb->icount = num_insns;
-}
+tb->size = ctx.pc - pc_start;
+tb->icount = num_insns;
 
 #ifdef DEBUG_DISAS
 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)) {
@@ -3013,16 +2990,6 @@ static inline void 
gen_intermediate_code_internal(AlphaCPU *cpu,
 #endif
 }
 
-void gen_intermediate_code (CPUAlphaState *env, struct TranslationBlock *tb)
-{
-gen_intermediate_code_internal(alpha_env_get_cpu(env), tb, false);
-}
-
-void gen_intermediate_code_pc (CPUAlphaState *env, struct TranslationBlock *tb)
-{
-gen_intermediate_code_internal(alpha_env_get_cpu(env), tb, true);
-}
-
 void restore_state_to_opc(CPUAlphaState *env, TranslationBlock *tb,
   target_ulong *data)
 {
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 5022fc3..e65e309 100644
--- 

[Qemu-devel] [PULL 15/26] target-sparc: Add npc state to insn_start

[Richard Henderson]

Reviewed-by: Aurelien Jarno 
Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target-sparc/cpu.h   | 1 +
 target-sparc/translate.c | 7 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/target-sparc/cpu.h b/target-sparc/cpu.h
index 053edd5..c68e480 100644
--- a/target-sparc/cpu.h
+++ b/target-sparc/cpu.h
@@ -230,6 +230,7 @@ typedef struct trap_state {
 uint32_t tt;
 } trap_state;
 #endif
+#define TARGET_INSN_START_EXTRA_WORDS 1
 
 typedef struct sparc_def_t {
 const char *name;
diff --git a/target-sparc/translate.c b/target-sparc/translate.c
index 25b5bc0..6e5b82d 100644
--- a/target-sparc/translate.c
+++ b/target-sparc/translate.c
@@ -5257,7 +5257,12 @@ static inline void 
gen_intermediate_code_internal(SPARCCPU *cpu,
 tcg_ctx.gen_opc_icount[lj] = num_insns;
 }
 }
-tcg_gen_insn_start(dc->pc);
+if (dc->npc & JUMP_PC) {
+assert(dc->jump_pc[1] == dc->pc + 4);
+tcg_gen_insn_start(dc->pc, dc->jump_pc[0] | JUMP_PC);
+} else {
+tcg_gen_insn_start(dc->pc, dc->npc);
+}
 num_insns++;
 
 if (unlikely(cpu_breakpoint_test(cs, dc->pc, BP_ANY))) {
-- 
2.4.3