[Qemu-devel] [PATCH v2 3/4] linux-user: fix clone() strace

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 linux-user/strace.c | 42 --
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 5a9df46..e032a3a 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -958,33 +958,31 @@ print_chmod(const struct syscallname *name,
 #endif
 
 #ifdef TARGET_NR_clone
+static void do_print_clone(unsigned int flags, abi_ulong newsp,
+   abi_ulong parent_tidptr, target_ulong newtls,
+   abi_ulong child_tidptr)
+{
+print_flags(clone_flags, flags, 0);
+print_raw_param("child_stack=0x" TARGET_ABI_FMT_lx, newsp, 0);
+print_raw_param("parent_tidptr=0x" TARGET_ABI_FMT_lx, parent_tidptr, 0);
+print_raw_param("tls=0x" TARGET_ABI_FMT_lx, newtls, 0);
+print_raw_param("child_tidptr=0x" TARGET_ABI_FMT_lx, child_tidptr, 1);
+}
+
 static void
 print_clone(const struct syscallname *name,
-abi_long arg0, abi_long arg1, abi_long arg2,
-abi_long arg3, abi_long arg4, abi_long arg5)
+abi_long arg1, abi_long arg2, abi_long arg3,
+abi_long arg4, abi_long arg5, abi_long arg6)
 {
 print_syscall_prologue(name);
-#if defined(TARGET_M68K)
-print_flags(clone_flags, arg0, 0);
-print_raw_param("newsp=0x" TARGET_ABI_FMT_lx, arg1, 1);
-#elif defined(TARGET_SH4) || defined(TARGET_ALPHA)
-print_flags(clone_flags, arg0, 0);
-print_raw_param("child_stack=0x" TARGET_ABI_FMT_lx, arg1, 0);
-print_raw_param("parent_tidptr=0x" TARGET_ABI_FMT_lx, arg2, 0);
-print_raw_param("child_tidptr=0x" TARGET_ABI_FMT_lx, arg3, 0);
-print_raw_param("tls=0x" TARGET_ABI_FMT_lx, arg4, 1);
-#elif defined(TARGET_CRIS)
-print_raw_param("child_stack=0x" TARGET_ABI_FMT_lx, arg0, 0);
-print_flags(clone_flags, arg1, 0);
-print_raw_param("parent_tidptr=0x" TARGET_ABI_FMT_lx, arg2, 0);
-print_raw_param("tls=0x" TARGET_ABI_FMT_lx, arg3, 0);
-print_raw_param("child_tidptr=0x" TARGET_ABI_FMT_lx, arg4, 1);
+#if defined(TARGET_MICROBLAZE)
+do_print_clone(arg1, arg2, arg4, arg6, arg5);
+#elif defined(TARGET_CLONE_BACKWARDS)
+do_print_clone(arg1, arg2, arg3, arg4, arg5);
+#elif defined(TARGET_CLONE_BACKWARDS2)
+do_print_clone(arg2, arg1, arg3, arg5, arg4);
 #else
-print_flags(clone_flags, arg0, 0);
-print_raw_param("child_stack=0x" TARGET_ABI_FMT_lx, arg1, 0);
-print_raw_param("parent_tidptr=0x" TARGET_ABI_FMT_lx, arg2, 0);
-print_raw_param("tls=0x" TARGET_ABI_FMT_lx, arg3, 0);
-print_raw_param("child_tidptr=0x" TARGET_ABI_FMT_lx, arg4, 1);
+do_print_clone(arg1, arg2, arg3, arg5, arg4);
 #endif
 print_syscall_epilogue(name);
 }
-- 
2.5.5

[Qemu-devel] [PATCH v2 2/4] linux-user: add socket() strace

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 linux-user/strace.c| 23 +++
 linux-user/strace.list |  2 +-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 46391c8..5a9df46 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -1221,6 +1221,29 @@ print__llseek(const struct syscallname *name,
 }
 #endif
 
+#if defined(TARGET_NR_socket)
+static void
+print_socket(const struct syscallname *name,
+ abi_long arg0, abi_long arg1, abi_long arg2,
+ abi_long arg3, abi_long arg4, abi_long arg5)
+{
+abi_ulong domain = arg0, type = arg1, protocol = arg2;
+
+print_syscall_prologue(name);
+print_socket_domain(domain);
+gemu_log(",");
+print_socket_type(type);
+gemu_log(",");
+if (domain == AF_PACKET ||
+(domain == AF_INET && type == TARGET_SOCK_PACKET)) {
+protocol = tswap16(protocol);
+}
+print_socket_protocol(domain, type, protocol);
+print_syscall_epilogue(name);
+}
+
+#endif
+
 #if defined(TARGET_NR_socketcall)
 
 #define get_user_ualx(x, gaddr, idx) \
diff --git a/linux-user/strace.list b/linux-user/strace.list
index b379497..7c54dc6 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -1291,7 +1291,7 @@
 { TARGET_NR_sigsuspend, "sigsuspend" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_socket
-{ TARGET_NR_socket, "socket" , NULL, NULL, NULL },
+{ TARGET_NR_socket, "socket" , NULL, print_socket, NULL },
 #endif
 #ifdef TARGET_NR_socketcall
 { TARGET_NR_socketcall, "socketcall" , NULL, print_socketcall, NULL },
-- 
2.5.5

[Qemu-devel] [PATCH v2 0/4] linux-user: some strace improvements

[Laurent Vivier]

These patches for linux-user strace are living for years in my tree.

v2:

- remove abi_nothl, use tswap16() instead,
- check TARGET_SOCK_PACKET only with domain AF_INET (like in syscall.c)
- use an array in print_socketcall() to display the information
  according to SOCKOP number,
- Merge PATCH 2/5 into PATCH v2 1/4
- use TARGET_ABI_FMT_lx in set_thread_area/get_thread_area
- add a do_print_clone() to follow do_fork() order.

Laurent Vivier (4):
  linux-user: add socketcall() strace
  linux-user: add socket() strace
  linux-user: fix clone() strace
  linux-user: update get_thread_area/set_thread_area strace

 linux-user/strace.c   | 614 --
 linux-user/strace.list|  10 +-
 linux-user/syscall_defs.h |  22 +-
 3 files changed, 616 insertions(+), 30 deletions(-)

-- 
2.5.5

[Qemu-devel] [PATCH v2 1/4] linux-user: add socketcall() strace

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
---
 linux-user/strace.c   | 549 ++
 linux-user/strace.list|   2 +-
 linux-user/syscall_defs.h |  22 +-
 3 files changed, 568 insertions(+), 5 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index c5980a1..46391c8 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -6,6 +6,9 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
 #include 
 #include "qemu.h"
 
@@ -58,10 +61,15 @@ UNUSED static void print_open_flags(abi_long, int);
 UNUSED static void print_syscall_prologue(const struct syscallname *);
 UNUSED static void print_syscall_epilogue(const struct syscallname *);
 UNUSED static void print_string(abi_long, int);
+UNUSED static void print_buf(abi_long addr, abi_long len, int last);
 UNUSED static void print_raw_param(const char *, abi_long, int);
 UNUSED static void print_timeval(abi_ulong, int);
 UNUSED static void print_number(abi_long, int);
 UNUSED static void print_signal(abi_ulong, int);
+UNUSED static void print_sockaddr(abi_ulong addr, abi_long addrlen);
+UNUSED static void print_socket_domain(int domain);
+UNUSED static void print_socket_type(int type);
+UNUSED static void print_socket_protocol(int domain, int type, int protocol);
 
 /*
  * Utility functions
@@ -147,6 +155,165 @@ print_signal(abi_ulong arg, int last)
 gemu_log("%s%s", signal_name, get_comma(last));
 }
 
+static void
+print_sockaddr(abi_ulong addr, abi_long addrlen)
+{
+struct target_sockaddr *sa;
+int i;
+int sa_family;
+
+sa = lock_user(VERIFY_READ, addr, addrlen, 1);
+if (sa) {
+sa_family = tswap16(sa->sa_family);
+switch (sa_family) {
+case AF_UNIX: {
+struct target_sockaddr_un *un = (struct target_sockaddr_un *)sa;
+int i;
+gemu_log("{sun_family=AF_UNIX,sun_path=\"");
+for (i = 0; i < addrlen -
+offsetof(struct target_sockaddr_un, sun_path) &&
+ un->sun_path[i]; i++) {
+gemu_log("%c", un->sun_path[i]);
+}
+gemu_log("\"}");
+break;
+}
+case AF_INET: {
+struct target_sockaddr_in *in = (struct target_sockaddr_in *)sa;
+uint8_t *c = (uint8_t *)>sin_addr.s_addr;
+gemu_log("{sin_family=AF_INET,sin_port=htons(%d),",
+ ntohs(in->sin_port));
+gemu_log("sin_addr=inet_addr(\"%d.%d.%d.%d\")",
+ c[0], c[1], c[2], c[3]);
+gemu_log("}");
+break;
+}
+case AF_PACKET: {
+struct target_sockaddr_ll *ll = (struct target_sockaddr_ll *)sa;
+uint8_t *c = (uint8_t *)>sll_addr;
+gemu_log("{sll_family=AF_PACKET,"
+ "sll_protocol=htons(0x%04x),if%d,pkttype=",
+ ntohs(ll->sll_protocol), ll->sll_ifindex);
+switch (ll->sll_pkttype) {
+case PACKET_HOST:
+gemu_log("PACKET_HOST");
+break;
+case PACKET_BROADCAST:
+gemu_log("PACKET_BROADCAST");
+break;
+case PACKET_MULTICAST:
+gemu_log("PACKET_MULTICAST");
+break;
+case PACKET_OTHERHOST:
+gemu_log("PACKET_OTHERHOST");
+break;
+case PACKET_OUTGOING:
+gemu_log("PACKET_OUTGOING");
+break;
+default:
+gemu_log("%d", ll->sll_pkttype);
+break;
+}
+gemu_log(",sll_addr=%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x",
+ c[0], c[1], c[2], c[3], c[4], c[5], c[6], c[7]);
+gemu_log("}");
+break;
+}
+default:
+gemu_log("{sa_family=%d, sa_data={", sa->sa_family);
+for (i = 0; i < 13; i++) {
+gemu_log("%02x, ", sa->sa_data[i]);
+}
+gemu_log("%02x}", sa->sa_data[i]);
+gemu_log("}");
+break;
+}
+unlock_user(sa, addr, 0);
+} else {
+print_raw_param("0x"TARGET_ABI_FMT_lx, addr, 0);
+}
+gemu_log(", "TARGET_ABI_FMT_ld, addrlen);
+}
+
+static void
+print_socket_domain(int domain)
+{
+switch (domain) {
+case PF_UNIX:
+gemu_log("PF_UNIX");
+break;
+case PF_INET:
+gemu_log("PF_INET");
+break;
+case PF_PACKET:
+gemu_log("PF_PACKET");
+break;
+default:
+gemu_log("%d", domain);
+break;
+}
+}
+
+static void
+print_socket_type(int type)
+{
+switch (type) {
+case TARGET_SOCK_DGRAM:
+gemu_log("SOCK_DGRAM");
+break;
+case TARGET_SOCK_STREAM:
+gemu_log("SOCK_STREAM");
+break;
+case TARGET_SOCK_RAW:
+gemu_log("SOCK_RAW");
+break;
+case TARGET_SOCK_RDM:
+

[Qemu-devel] [PATCH v2 4/4] linux-user: update get_thread_area/set_thread_area strace

[Laurent Vivier]

   int get_thread_area(struct user_desc *u_info);
   int set_thread_area(struct user_desc *u_info);

Signed-off-by: Laurent Vivier 
---
 linux-user/strace.list | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/linux-user/strace.list b/linux-user/strace.list
index 7c54dc6..aa967a2 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -337,7 +337,8 @@
 { TARGET_NR_getsockopt, "getsockopt" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_get_thread_area
-{ TARGET_NR_get_thread_area, "get_thread_area" , NULL, NULL, NULL },
+{ TARGET_NR_get_thread_area, "get_thread_area", "%s(0x"TARGET_ABI_FMT_lx")",
+  NULL, NULL },
 #endif
 #ifdef TARGET_NR_gettid
 { TARGET_NR_gettid, "gettid" , NULL, NULL, NULL },
@@ -1234,7 +1235,8 @@
 { TARGET_NR_setsockopt, "setsockopt" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_set_thread_area
-{ TARGET_NR_set_thread_area, "set_thread_area" , NULL, NULL, NULL },
+{ TARGET_NR_set_thread_area, "set_thread_area", "%s(0x"TARGET_ABI_FMT_lx")",
+  NULL, NULL },
 #endif
 #ifdef TARGET_NR_set_tid_address
 { TARGET_NR_set_tid_address, "set_tid_address" , NULL, NULL, NULL },
-- 
2.5.5

Re: [Qemu-devel] [PATCH] block-backend: allow flush on devices with open tray

[Eric Blake]

On 06/10/2016 03:59 PM, John Snow wrote:
> If a device still has an attached BDS because the medium has not yet
> been removed, we will be unable to migrate to a new host because
> blk_flush will return an error for that backend.
> 
> Replace the call to blk_is_available to blk_is_inserted to weaken
> the check and allow flushes from the backend to work, while still
> disallowing flushes from the frontend/device model to work.
> 
> This fixes a regression present in 2.6.0 caused by the following commit:
> fe1a9cbc339bb54d20f1ca4c1e8788d16944d5cf
> block: Move some bdrv_*_all() functions to BB
> 
> Signed-off-by: John Snow 
> ---
>  block/block-backend.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Worth testsuite coverage to prevent future regressions?

At any rate,
Reviewed-by: Eric Blake 

> 
> diff --git a/block/block-backend.c b/block/block-backend.c
> index 34500e6..d1e875e 100644
> --- a/block/block-backend.c
> +++ b/block/block-backend.c
> @@ -1122,7 +1122,7 @@ int blk_co_flush(BlockBackend *blk)
>  
>  int blk_flush(BlockBackend *blk)
>  {
> -if (!blk_is_available(blk)) {
> +if (!blk_is_inserted(blk)) {
>  return -ENOMEDIUM;
>  }
>  
> 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 6/6] block: Remove bs->zero_beyond_eof

[Eric Blake]

On 06/10/2016 10:05 AM, Kevin Wolf wrote:
> It is always true for open images now.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block.c   |  2 --
>  block/io.c| 51 
> +--
>  include/block/block_int.h |  3 ---
>  3 files changed, 23 insertions(+), 33 deletions(-)
> 

> +++ b/block/io.c
> @@ -1000,40 +1000,35 @@ static int coroutine_fn 
> bdrv_aligned_preadv(BlockDriverState *bs,
>  }
>  
>  /* Forward the request to the BlockDriver */
> -if (!bs->zero_beyond_eof) {
> -ret = bdrv_driver_preadv(bs, offset, bytes, qiov, 0);
> -} else {
> -/* Read zeros after EOF */
> -int64_t total_bytes, max_bytes;
> +int64_t total_bytes, max_bytes;

This declaration is now in the middle of the function.  Shouldn't you
hoist it to the beginning?

That's minor enough to fix on pull request, so:
Reviewed-by: Eric Blake 

I'll rebase my pending byte-based BlockLimits series on top of this.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 2/3] error: Remove unnecessary local_err variables

[Eduardo Habkost]

On Fri, Jun 10, 2016 at 02:59:55PM -0600, Eric Blake wrote:
> On 06/10/2016 02:12 PM, Eduardo Habkost wrote:
> > This patch simplifies code that uses a local_err variable just to
> > immediately use it for an error_propagate() call.
> > 
> > Coccinelle patch used to perform the changes added to
> > scripts/coccinelle/remove_local_err.cocci.
> > 
> > Signed-off-by: Eduardo Habkost 
> > ---
> >  block.c   |  8 ++--
> >  block/raw-posix.c |  8 ++--
> >  block/raw_bsd.c   |  4 +---
> >  blockdev.c| 16 +---
> >  hw/s390x/s390-virtio-ccw.c|  5 +
> >  hw/s390x/virtio-ccw.c | 28 +++-
> >  scripts/coccinelle/remove_local_err.cocci | 27 +++
> >  target-i386/cpu.c |  4 +---
> >  8 files changed, 46 insertions(+), 54 deletions(-)
> >  create mode 100644 scripts/coccinelle/remove_local_err.cocci
> > 
> 
> > +++ b/block.c
> > @@ -294,14 +294,12 @@ typedef struct CreateCo {
> >  
> >  static void coroutine_fn bdrv_create_co_entry(void *opaque)
> >  {
> > -Error *local_err = NULL;
> >  int ret;
> >  
> >  CreateCo *cco = opaque;
> >  assert(cco->drv);
> >  
> > -ret = cco->drv->bdrv_create(cco->filename, cco->opts, _err);
> > -error_propagate(>err, local_err);
> > +ret = cco->drv->bdrv_create(cco->filename, cco->opts, >err);
> >  cco->ret = ret;
> 
> This hunk doesn't get simplified by 3/3; you may want to consider a
> manual followup to drop 'int ret' and just assign
> cco->drv->bdrv_create() directly to cco->ret.  But doesn't change this
> patch.

This could become yet another Coccinelle script, but we need to
be careful about type conversions, and tell it to do it only if
the types of 'ret', 'cc->drv->bdrv_create()' and 'cco->ret' are
the same.

-- 
Eduardo

Re: [Qemu-devel] [PATCH 5/6] qcow2: Let vmstate call qcow2_co_preadv/pwrite directly

[Eric Blake]

On 06/10/2016 10:05 AM, Kevin Wolf wrote:
> We don't really want to go through the block layer in order to read from
> or write to the vmstate in a qcow2 image. Doing so required a few ugly
> hacks like saving and restoring the old image size (because writing to
> vmstate offsets would increase the image size) or disabling the "reads
> after EOF = zeroes" logic. When calling the right functions directly,
> these hacks aren't necessary any more.
> 
> Note that .bdrv_vmstate_load/save() return 0 instead of the number of
> bytes in case of success now.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/qcow2.c | 24 
>  1 file changed, 4 insertions(+), 20 deletions(-)
> 

> +++ b/block/qcow2.c
> @@ -2903,36 +2903,20 @@ static int qcow2_save_vmstate(BlockDriverState *bs, 
> QEMUIOVector *qiov,
>int64_t pos)
>  {
>  BDRVQcow2State *s = bs->opaque;
> -int64_t total_sectors = bs->total_sectors;
> -bool zero_beyond_eof = bs->zero_beyond_eof;
> -int ret;
>  
>  BLKDBG_EVENT(bs->file, BLKDBG_VMSTATE_SAVE);
> -bs->zero_beyond_eof = false;
> -ret = bdrv_pwritev(bs, qcow2_vm_state_offset(s) + pos, qiov);
> -bs->zero_beyond_eof = zero_beyond_eof;
> -
> -/* bdrv_co_do_writev will have increased the total_sectors value to 
> include
> - * the VM state - the VM state is however not an actual part of the block
> - * device, therefore, we need to restore the old value. */
> -bs->total_sectors = total_sectors;
> -
> -return ret;
> +return bs->drv->bdrv_co_pwritev(bs, qcow2_vm_state_offset(s) + pos,
> +qiov->size, qiov, 0);
>  }

bs->drv->bdrv_co_pwritev() is an optional interface; not all the drivers
have it yet.  Should you be asserting that it exists, and/or returning
an error if it does not?

>  
>  static int qcow2_load_vmstate(BlockDriverState *bs, QEMUIOVector *qiov,
>int64_t pos)
>  {
>  BDRVQcow2State *s = bs->opaque;
> -bool zero_beyond_eof = bs->zero_beyond_eof;
> -int ret;
>  
>  BLKDBG_EVENT(bs->file, BLKDBG_VMSTATE_LOAD);
> -bs->zero_beyond_eof = false;
> -ret = bdrv_preadv(bs, qcow2_vm_state_offset(s) + pos, qiov);
> -bs->zero_beyond_eof = zero_beyond_eof;
> -
> -return ret;
> +return bs->drv->bdrv_co_preadv(bs, qcow2_vm_state_offset(s) + pos,
> +   qiov->size, qiov, 0);

Ditto.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 4/6] block: Make bdrv_load/save_vmstate coroutine_fns

[Eric Blake]

On 06/10/2016 10:05 AM, Kevin Wolf wrote:
> This allows drivers to share code between normal I/O and vmstate
> accesses.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/io.c| 80 
> ++-
>  include/block/block_int.h | 10 +++---
>  2 files changed, 64 insertions(+), 26 deletions(-)
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] block-backend: allow flush on devices with open tray

[John Snow]

If a device still has an attached BDS because the medium has not yet
been removed, we will be unable to migrate to a new host because
blk_flush will return an error for that backend.

Replace the call to blk_is_available to blk_is_inserted to weaken
the check and allow flushes from the backend to work, while still
disallowing flushes from the frontend/device model to work.

This fixes a regression present in 2.6.0 caused by the following commit:
fe1a9cbc339bb54d20f1ca4c1e8788d16944d5cf
block: Move some bdrv_*_all() functions to BB

Signed-off-by: John Snow 
---
 block/block-backend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index 34500e6..d1e875e 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -1122,7 +1122,7 @@ int blk_co_flush(BlockBackend *blk)
 
 int blk_flush(BlockBackend *blk)
 {
-if (!blk_is_available(blk)) {
+if (!blk_is_inserted(blk)) {
 return -ENOMEDIUM;
 }
 
-- 
2.4.11

Re: [Qemu-devel] [PULL 01/31] Add optionrom compatible with fw_cfg DMA version

[Richard W.M. Jones]

On Fri, May 27, 2016 at 04:09:32PM +0200, Paolo Bonzini wrote:
> From: Marc Marí 
> 
> This optionrom is based on linuxboot.S.
> 
> Signed-off-by: Marc Marí 
> Signed-off-by: Richard W.M. Jones 
> Message-Id: <1464027093-24073-2-git-send-email-rjo...@redhat.com>
> [Add -fno-toplevel-reorder and fix Win32 compilation. - Paolo]
> Signed-off-by: Paolo Bonzini 
[...]

Hi Paolo,

Did this patch get dropped again?  It hasn't appeared upstream.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top

Re: [Qemu-devel] [PATCH 3/6] block: Allow .bdrv_load/save_vmstate() to return 0/-errno

[Eric Blake]

On 06/10/2016 10:05 AM, Kevin Wolf wrote:
> The return value of .bdrv_load/save_vmstate() can be any non-negative
> number in case of success now. It used to be bytes/-errno.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/io.c | 16 ++--
>  1 file changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/block/io.c b/block/io.c
> index 602c7d3..bca244c 100644
> --- a/block/io.c
> +++ b/block/io.c
> @@ -1839,9 +1839,16 @@ int bdrv_save_vmstate(BlockDriverState *bs, const 
> uint8_t *buf,
>  .iov_base   = (void *) buf,
>  .iov_len= size,
>  };
> +int ret;
>  
>  qemu_iovec_init_external(, , 1);
> -return bdrv_writev_vmstate(bs, , pos);
> +
> +ret = bdrv_writev_vmstate(bs, , pos);
> +if (ret < 0) {
> +return ret;
> +}
> +
> +return size;
>  }
>  
>  int bdrv_writev_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t 
> pos)
> @@ -1870,7 +1877,12 @@ int bdrv_load_vmstate(BlockDriverState *bs, uint8_t 
> *buf,
>  int ret;

Aha, my complaint in v2 about it being dead means you need to reinstate
it here.

>  
>  qemu_iovec_init_external(, , 1);
> -return bdrv_readv_vmstate(bs, , pos);
> +ret = bdrv_readv_vmstate(bs, , pos);
> +if (ret < 0) {
> +return ret;
> +}
> +
> +return size;
>  }
>  
>  int bdrv_readv_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos)
> 

Matches the semantics we have elsewhere (I'm not sure if 'size' is the
best choice if we ever need to support short read/write, but doesn't
seem to hurt).

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2/6] block: Make .bdrv_load_vmstate() vectored

[Eric Blake]

On 06/10/2016 10:05 AM, Kevin Wolf wrote:
> This brings it in line with .bdrv_save_vmstate().
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/io.c| 26 +-
>  block/qcow2.c |  6 +++---
>  block/sheepdog.c  | 13 ++---
>  include/block/block.h |  1 +
>  include/block/block_int.h |  4 ++--
>  5 files changed, 37 insertions(+), 13 deletions(-)
> 
> diff --git a/block/io.c b/block/io.c
> index 11510cf..602c7d3 100644
> --- a/block/io.c
> +++ b/block/io.c
> @@ -1862,13 +1862,29 @@ int bdrv_writev_vmstate(BlockDriverState *bs, 
> QEMUIOVector *qiov, int64_t pos)
>  int bdrv_load_vmstate(BlockDriverState *bs, uint8_t *buf,
>int64_t pos, int size)
>  {
> +QEMUIOVector qiov;
> +struct iovec iov = {
> +.iov_base   = buf,
> +.iov_len= size,
> +};
> +int ret;

Dead variable.

> +
> +qemu_iovec_init_external(, , 1);
> +return bdrv_readv_vmstate(bs, , pos);
> +}
> +
> +int bdrv_readv_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos)
> +{
>  BlockDriver *drv = bs->drv;
> -if (!drv)
> +
> +if (!drv) {
>  return -ENOMEDIUM;
> -if (drv->bdrv_load_vmstate)
> -return drv->bdrv_load_vmstate(bs, buf, pos, size);
> -if (bs->file)
> -return bdrv_load_vmstate(bs->file->bs, buf, pos, size);
> +} else if (drv->bdrv_load_vmstate) {
> +return drv->bdrv_load_vmstate(bs, qiov, pos);
> +} else if (bs->file) {
> +return bdrv_readv_vmstate(bs->file->bs, qiov, pos);
> +}

Don't know that I would have used 'else if' after a return, but it's not
wrong, so no need to change.

With the dead 'ret' gone,
Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC v2 3/3] Remove unnecessary variables for function return value

[Eric Blake]

On 06/10/2016 02:12 PM, Eduardo Habkost wrote:
> Use Coccinelle script to replace 'ret = E; return ret' with
> 'return E'. The script will do the substitution only when the
> function return type and variable type are the same.
> 
> Sending as RFC because the patch looks more intrusive than the
> others. Probably better to split it per subsystem and let each
> maintainer review and apply it?

Borderline on size, so yeah, splitting it across several subsystems may
ease review (although then the patch will be committed in piecemeal
fashion, and you'd have to ensure the script/coccinelle/ patch goes in
first...)

At any rate, it's fairly mechanical, so I'll review it as is:

> 
> Signed-off-by: Eduardo Habkost 
> ---

>  47 files changed, 90 insertions(+), 254 deletions(-)
>  create mode 100644 scripts/coccinelle/return_directly.cocci

Nice diffstat.

> +++ b/block/qcow2-cluster.c
> @@ -154,11 +154,8 @@ static int l2_load(BlockDriverState *bs, uint64_t 
> l2_offset,
>  uint64_t **l2_table)
>  {
>  BDRVQcow2State *s = bs->opaque;
> -int ret;
> -
> -ret = qcow2_cache_get(bs, s->l2_table_cache, l2_offset, (void**) 
> l2_table);
> -
> -return ret;
> +return qcow2_cache_get(bs, s->l2_table_cache, l2_offset,
> +   (void **)l2_table);

Coccinelle changed spacing of the cast. I don't care strongly enough to
require a touchup if this is the only thing, but may be worth fixing if
you have to respin (for example to split up by submaintainers).

> +++ b/block/raw_bsd.c
> @@ -190,10 +190,7 @@ static int raw_has_zero_init(BlockDriverState *bs)
>  
>  static int raw_create(const char *filename, QemuOpts *opts, Error **errp)
>  {
> -int ret;
> -
> -ret = bdrv_create_file(filename, opts, errp);
> -return ret;
> +return bdrv_create_file(filename, opts, errp);
>  }

Potential followup patch: delete raw_create(), and:
- .bdrv_create = _create,
+ .bdrv_create = bdrv_create_file,

but doesn't affect this patch.

> +++ b/block/rbd.c
> @@ -875,10 +875,7 @@ static int qemu_rbd_snap_rollback(BlockDriverState *bs,
>const char *snapshot_name)
>  {
>  BDRVRBDState *s = bs->opaque;
> -int r;
> -
> -r = rbd_snap_rollback(s->image, snapshot_name);
> -return r;
> +return rbd_snap_rollback(s->image, snapshot_name);

Coccinelle lost the blank line between declarations and statements;
might be nice to manually touch that up and add it back in.

> +++ b/hw/ppc/spapr_vio.c
> @@ -57,12 +57,7 @@ static char *spapr_vio_get_dev_name(DeviceState *qdev)
>  {
>  VIOsPAPRDevice *dev = VIO_SPAPR_DEVICE(qdev);
>  VIOsPAPRDeviceClass *pc = VIO_SPAPR_DEVICE_GET_CLASS(dev);
> -char *name;
> -
> -/* Device tree style name device@reg */
> -name = g_strdup_printf("%s@%x", pc->dt_name, dev->reg);
> -
> -return name;
> +return g_strdup_printf("%s@%x", pc->dt_name, dev->reg);

Coccinelle lost the comment; might be worth keeping it.

> +++ b/hw/scsi/megasas.c
> @@ -410,17 +410,9 @@ static void megasas_encode_lba(uint8_t *cdb, uint64_t 
> lba,
>  static uint64_t megasas_fw_time(void)
>  {
>  struct tm curtime;
> -uint64_t bcd_time;
>  
>  qemu_get_timedate(, 0);
> -bcd_time = ((uint64_t)curtime.tm_sec & 0xff) << 48 |
> -((uint64_t)curtime.tm_min & 0xff)  << 40 |
> -((uint64_t)curtime.tm_hour & 0xff) << 32 |
> -((uint64_t)curtime.tm_mday & 0xff) << 24 |
> -((uint64_t)curtime.tm_mon & 0xff)  << 16 |
> -((uint64_t)(curtime.tm_year + 1900) & 0x);
> -
> -return bcd_time;
> +return ((uint64_t)curtime.tm_sec & 0xff) << 48 | 
> ((uint64_t)curtime.tm_min & 0xff) << 40 | ((uint64_t)curtime.tm_hour & 0xff) 
> << 32 | ((uint64_t)curtime.tm_mday & 0xff) << 24 | ((uint64_t)curtime.tm_mon 
> & 0xff) << 16 | ((uint64_t)(curtime.tm_year + 1900) & 0x);

Eww. Coccinelle botched that formatting.  You'll need to manually fix
this one.

> +++ b/hw/timer/mc146818rtc.c
> @@ -105,12 +105,9 @@ static inline bool rtc_running(RTCState *s)
>  
>  static uint64_t get_guest_rtc_ns(RTCState *s)
>  {
> -uint64_t guest_rtc;
>  uint64_t guest_clock = qemu_clock_get_ns(rtc_clock);
>  
> -guest_rtc = s->base_rtc * NANOSECONDS_PER_SECOND +
> -guest_clock - s->last_update + s->offset;
> -return guest_rtc;
> +return s->base_rtc * NANOSECONDS_PER_SECOND + guest_clock - 
> s->last_update + s->offset;
>  }

Worth wrapping that line again (not as bad as the megasas one, though).

> +++ b/qga/commands-win32.c
> @@ -1150,7 +1150,6 @@ out:
>  int64_t qmp_guest_get_time(Error **errp)
>  {
>  SYSTEMTIME ts = {0};
> -int64_t time_ns;
>  FILETIME tf;
>  
>  GetSystemTime();
> @@ -1164,10 +1163,7 @@ int64_t qmp_guest_get_time(Error **errp)
>  return -1;
>  }
>  
> -time_ns = int64_t)tf.dwHighDateTime << 32) | tf.dwLowDateTime)
> -- W32_FT_OFFSET) * 100;
> -
> -return time_ns;
> +return 

Re: [Qemu-devel] [PATCH v2 2/3] error: Remove unnecessary local_err variables

[Eric Blake]

On 06/10/2016 02:12 PM, Eduardo Habkost wrote:
> This patch simplifies code that uses a local_err variable just to
> immediately use it for an error_propagate() call.
> 
> Coccinelle patch used to perform the changes added to
> scripts/coccinelle/remove_local_err.cocci.
> 
> Signed-off-by: Eduardo Habkost 
> ---
>  block.c   |  8 ++--
>  block/raw-posix.c |  8 ++--
>  block/raw_bsd.c   |  4 +---
>  blockdev.c| 16 +---
>  hw/s390x/s390-virtio-ccw.c|  5 +
>  hw/s390x/virtio-ccw.c | 28 +++-
>  scripts/coccinelle/remove_local_err.cocci | 27 +++
>  target-i386/cpu.c |  4 +---
>  8 files changed, 46 insertions(+), 54 deletions(-)
>  create mode 100644 scripts/coccinelle/remove_local_err.cocci
> 

> +++ b/block.c
> @@ -294,14 +294,12 @@ typedef struct CreateCo {
>  
>  static void coroutine_fn bdrv_create_co_entry(void *opaque)
>  {
> -Error *local_err = NULL;
>  int ret;
>  
>  CreateCo *cco = opaque;
>  assert(cco->drv);
>  
> -ret = cco->drv->bdrv_create(cco->filename, cco->opts, _err);
> -error_propagate(>err, local_err);
> +ret = cco->drv->bdrv_create(cco->filename, cco->opts, >err);
>  cco->ret = ret;

This hunk doesn't get simplified by 3/3; you may want to consider a
manual followup to drop 'int ret' and just assign
cco->drv->bdrv_create() directly to cco->ret.  But doesn't change this
patch.


> +++ b/blockdev.c
> @@ -3654,7 +3654,6 @@ void qmp_blockdev_mirror(const char *device, const char 
> *target,
>  BlockBackend *blk;
>  BlockDriverState *target_bs;
>  AioContext *aio_context;
> -Error *local_err = NULL;
>  
>  blk = blk_by_name(device);
>  if (!blk) {
> @@ -3678,16 +3677,11 @@ void qmp_blockdev_mirror(const char *device, const 
> char *target,
>  
>  bdrv_set_aio_context(target_bs, aio_context);
>  
> -blockdev_mirror_common(bs, target_bs,
> -   has_replaces, replaces, sync,
> -   has_speed, speed,
> -   has_granularity, granularity,
> -   has_buf_size, buf_size,
> -   has_on_source_error, on_source_error,
> -   has_on_target_error, on_target_error,
> -   true, true,
> -   _err);
> -error_propagate(errp, local_err);
> +blockdev_mirror_common(bs, target_bs, has_replaces, replaces, sync,
> +   has_speed, speed, has_granularity, granularity,
> +   has_buf_size, buf_size, has_on_source_error,
> +   on_source_error, has_on_target_error,
> +   on_target_error, true, true, errp);

Coccinelle messes a bit with the formatting (the old way explicitly
tried to pair related has_foo with foo). But I'm going to mess with it
again with my qapi patches for passing a boxed parameter rather than
lots of arguments, so don't worry about it.

> +++ b/scripts/coccinelle/remove_local_err.cocci
> @@ -0,0 +1,27 @@
> +// Replace unnecessary usage of local_err variable with
> +// direct usage of errp argument
> +
> +@@
> +expression list ARGS;
> +expression F2;
> +identifier LOCAL_ERR;
> +expression ERRP;
> +idexpression V;
> +typedef Error;
> +expression I;
> +@@
> + {
> + ...
> +-Error *LOCAL_ERR;
> + ... when != LOCAL_ERR
> +(
> +-F2(ARGS, _ERR);
> +-error_propagate(ERRP, LOCAL_ERR);
> ++F2(ARGS, ERRP);
> +|
> +-V = F2(ARGS, _ERR);
> +-error_propagate(ERRP, LOCAL_ERR);
> ++V = F2(ARGS, ERRP);
> +)
> + ... when != LOCAL_ERR
> + }

Looks good.
Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 1/3] error: Remove NULL checks on error_propagate() calls

[Eric Blake]

On 06/10/2016 02:12 PM, Eduardo Habkost wrote:
> error_propagate() already ignores local_err==NULL, so there's no
> need to check it before calling.
> 
> Coccinelle patch used to perform the changes added to
> scripts/coccinelle/error_propagate_null.cocci.
> 
> Signed-off-by: Eduardo Habkost 
> ---
>  block.c   | 20 +--
>  block/qcow2.c |  4 +---
>  block/quorum.c|  4 +---
>  block/raw-posix.c | 16 ---
>  block/raw_bsd.c   |  4 +---
>  block/snapshot.c  |  4 +---
>  blockdev.c| 12 +++-
>  bootdevice.c  |  4 +---
>  dump.c|  4 +---
>  hw/ide/qdev.c |  4 +---
>  hw/net/ne2000-isa.c   |  4 +---
>  hw/s390x/virtio-ccw.c | 28 
> +++
>  hw/usb/dev-storage.c  |  4 +---
>  qga/commands-win32.c  |  8 ++--
>  qom/object.c  |  4 +---
>  scripts/coccinelle/error_propagate_null.cocci | 10 ++
>  16 files changed, 41 insertions(+), 93 deletions(-)
>  create mode 100644 scripts/coccinelle/error_propagate_null.cocci

You can do:
git config diff.orderFile /path/to/file

and then set up a list of globs in /path/to/file in order to influence
your diffs; in my case, I stuck 'scripts/coccinelle/*' near the top of
my order file, as I find that to be a more useful part of the patch than
the churn from running it.  But it doesn't affect patch correctness,
just ease of review.

Reviewed-by: Eric Blake 

> +++ b/scripts/coccinelle/error_propagate_null.cocci
> @@ -0,0 +1,10 @@
> +// error_propagate() already ignores local_err==NULL, so there's
> +// no need to check it before calling.
> +
> +@@
> +identifier L;
> +expression E;
> +@@
> +-if (L) {
> + error_propagate(E, L);
> +-}
> 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 1/6] block: Introduce bdrv_preadv()

[Eric Blake]

On 06/10/2016 10:05 AM, Kevin Wolf wrote:
> We already have a byte-based bdrv_pwritev(), but the read counterpart
> was still missing. This commit adds it.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/io.c| 20 +---
>  include/block/block.h |  1 +
>  2 files changed, 14 insertions(+), 7 deletions(-)
> 

Worth adding a flags argument while at it? But bdrv_pwritev() lacks one,
so for symmetry reasons, I'm okay if you don't bother.

> +int bdrv_preadv(BlockDriverState *bs, int64_t offset, QEMUIOVector *qiov)
> +{
> +int ret;
> +
> +ret = bdrv_prwv_co(bs, offset, qiov, false, 0);
> +if (ret < 0) {
> +return ret;
> +}
> +
> +return qiov->size;

This implies we never have a short read, it's an all-or-none error or
success.  Matches what we've done elsewhere, so I guess it's right.

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH v2 2/3] error: Remove unnecessary local_err variables

[Eduardo Habkost]

This patch simplifies code that uses a local_err variable just to
immediately use it for an error_propagate() call.

Coccinelle patch used to perform the changes added to
scripts/coccinelle/remove_local_err.cocci.

Signed-off-by: Eduardo Habkost 
---
 block.c   |  8 ++--
 block/raw-posix.c |  8 ++--
 block/raw_bsd.c   |  4 +---
 blockdev.c| 16 +---
 hw/s390x/s390-virtio-ccw.c|  5 +
 hw/s390x/virtio-ccw.c | 28 +++-
 scripts/coccinelle/remove_local_err.cocci | 27 +++
 target-i386/cpu.c |  4 +---
 8 files changed, 46 insertions(+), 54 deletions(-)
 create mode 100644 scripts/coccinelle/remove_local_err.cocci

diff --git a/block.c b/block.c
index ecca55a..d516ab6 100644
--- a/block.c
+++ b/block.c
@@ -294,14 +294,12 @@ typedef struct CreateCo {
 
 static void coroutine_fn bdrv_create_co_entry(void *opaque)
 {
-Error *local_err = NULL;
 int ret;
 
 CreateCo *cco = opaque;
 assert(cco->drv);
 
-ret = cco->drv->bdrv_create(cco->filename, cco->opts, _err);
-error_propagate(>err, local_err);
+ret = cco->drv->bdrv_create(cco->filename, cco->opts, >err);
 cco->ret = ret;
 }
 
@@ -353,7 +351,6 @@ out:
 int bdrv_create_file(const char *filename, QemuOpts *opts, Error **errp)
 {
 BlockDriver *drv;
-Error *local_err = NULL;
 int ret;
 
 drv = bdrv_find_protocol(filename, true, errp);
@@ -361,8 +358,7 @@ int bdrv_create_file(const char *filename, QemuOpts *opts, 
Error **errp)
 return -ENOENT;
 }
 
-ret = bdrv_create(drv, filename, opts, _err);
-error_propagate(errp, local_err);
+ret = bdrv_create(drv, filename, opts, errp);
 return ret;
 }
 
diff --git a/block/raw-posix.c b/block/raw-posix.c
index cb663d8..d7397bf 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -582,12 +582,10 @@ static int raw_open(BlockDriverState *bs, QDict *options, 
int flags,
 Error **errp)
 {
 BDRVRawState *s = bs->opaque;
-Error *local_err = NULL;
 int ret;
 
 s->type = FTYPE_FILE;
-ret = raw_open_common(bs, options, flags, 0, _err);
-error_propagate(errp, local_err);
+ret = raw_open_common(bs, options, flags, 0, errp);
 return ret;
 }
 
@@ -2442,14 +2440,12 @@ static int cdrom_open(BlockDriverState *bs, QDict 
*options, int flags,
   Error **errp)
 {
 BDRVRawState *s = bs->opaque;
-Error *local_err = NULL;
 int ret;
 
 s->type = FTYPE_CD;
 
 /* open will not fail even if no CD is inserted, so add O_NONBLOCK */
-ret = raw_open_common(bs, options, flags, O_NONBLOCK, _err);
-error_propagate(errp, local_err);
+ret = raw_open_common(bs, options, flags, O_NONBLOCK, errp);
 return ret;
 }
 
diff --git a/block/raw_bsd.c b/block/raw_bsd.c
index 5af11b6..b51ac98 100644
--- a/block/raw_bsd.c
+++ b/block/raw_bsd.c
@@ -190,11 +190,9 @@ static int raw_has_zero_init(BlockDriverState *bs)
 
 static int raw_create(const char *filename, QemuOpts *opts, Error **errp)
 {
-Error *local_err = NULL;
 int ret;
 
-ret = bdrv_create_file(filename, opts, _err);
-error_propagate(errp, local_err);
+ret = bdrv_create_file(filename, opts, errp);
 return ret;
 }
 
diff --git a/blockdev.c b/blockdev.c
index 028dba3..3b6d242 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3654,7 +3654,6 @@ void qmp_blockdev_mirror(const char *device, const char 
*target,
 BlockBackend *blk;
 BlockDriverState *target_bs;
 AioContext *aio_context;
-Error *local_err = NULL;
 
 blk = blk_by_name(device);
 if (!blk) {
@@ -3678,16 +3677,11 @@ void qmp_blockdev_mirror(const char *device, const char 
*target,
 
 bdrv_set_aio_context(target_bs, aio_context);
 
-blockdev_mirror_common(bs, target_bs,
-   has_replaces, replaces, sync,
-   has_speed, speed,
-   has_granularity, granularity,
-   has_buf_size, buf_size,
-   has_on_source_error, on_source_error,
-   has_on_target_error, on_target_error,
-   true, true,
-   _err);
-error_propagate(errp, local_err);
+blockdev_mirror_common(bs, target_bs, has_replaces, replaces, sync,
+   has_speed, speed, has_granularity, granularity,
+   has_buf_size, buf_size, has_on_source_error,
+   on_source_error, has_on_target_error,
+   on_target_error, true, true, errp);
 
 aio_context_release(aio_context);
 }
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 95ff5e3..b7112d0 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c

[Qemu-devel] [RFC v2 3/3] Remove unnecessary variables for function return value

[Eduardo Habkost]

Use Coccinelle script to replace 'ret = E; return ret' with
'return E'. The script will do the substitution only when the
function return type and variable type are the same.

Sending as RFC because the patch looks more intrusive than the
others. Probably better to split it per subsystem and let each
maintainer review and apply it?

Signed-off-by: Eduardo Habkost 
---
 audio/audio.c| 10 ++
 block.c  |  4 +---
 block/archipelago.c  |  4 +---
 block/qcow2-cluster.c|  7 ++-
 block/qcow2-refcount.c   |  7 ++-
 block/raw-posix.c|  8 ++--
 block/raw_bsd.c  |  5 +
 block/rbd.c  |  5 +
 block/vmdk.c |  6 ++
 block/vvfat.c|  5 +
 hw/acpi/aml-build.c  | 13 +++--
 hw/audio/intel-hda.c |  5 +
 hw/display/vga.c |  4 +---
 hw/intc/s390_flic_kvm.c  |  5 ++---
 hw/pci-host/uninorth.c   |  5 +
 hw/ppc/spapr_vio.c   |  7 +--
 hw/scsi/megasas.c| 10 +-
 hw/scsi/scsi-generic.c   |  5 +
 hw/timer/mc146818rtc.c   |  5 +
 hw/virtio/virtio-pci.c   |  4 +---
 linux-user/signal.c  | 15 ---
 page_cache.c |  5 +
 qga/commands-posix.c |  4 +---
 qga/commands-win32.c |  6 +-
 qobject/qlist.c  |  5 +
 scripts/coccinelle/return_directly.cocci | 19 +++
 target-i386/fpu_helper.c | 10 ++
 target-i386/kvm.c|  5 ++---
 target-mips/dsp_helper.c | 15 +++
 target-mips/op_helper.c  |  4 +---
 target-s390x/helper.c|  6 +-
 target-sparc/cc_helper.c | 25 +
 target-tricore/op_helper.c   | 13 -
 tests/display-vga-test.c |  6 +-
 tests/endianness-test.c  |  5 +
 tests/i440fx-test.c  |  4 +---
 tests/intel-hda-test.c   |  6 +-
 tests/test-filter-redirector.c   |  6 +-
 tests/virtio-blk-test.c  |  5 +
 tests/virtio-console-test.c  |  6 +-
 tests/virtio-net-test.c  |  6 +-
 tests/virtio-scsi-test.c |  6 +-
 tests/wdt_ib700-test.c   |  6 +-
 ui/cursor.c  | 10 ++
 ui/qemu-pixman.c | 11 +++
 util/module.c|  6 +-
 vl.c |  5 +
 47 files changed, 90 insertions(+), 254 deletions(-)
 create mode 100644 scripts/coccinelle/return_directly.cocci

diff --git a/audio/audio.c b/audio/audio.c
index e60c124..9d4dcc7 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -1131,8 +1131,6 @@ static void audio_timer (void *opaque)
  */
 int AUD_write (SWVoiceOut *sw, void *buf, int size)
 {
-int bytes;
-
 if (!sw) {
 /* XXX: Consider options */
 return size;
@@ -1143,14 +1141,11 @@ int AUD_write (SWVoiceOut *sw, void *buf, int size)
 return 0;
 }
 
-bytes = sw->hw->pcm_ops->write (sw, buf, size);
-return bytes;
+return sw->hw->pcm_ops->write(sw, buf, size);
 }
 
 int AUD_read (SWVoiceIn *sw, void *buf, int size)
 {
-int bytes;
-
 if (!sw) {
 /* XXX: Consider options */
 return size;
@@ -1161,8 +1156,7 @@ int AUD_read (SWVoiceIn *sw, void *buf, int size)
 return 0;
 }
 
-bytes = sw->hw->pcm_ops->read (sw, buf, size);
-return bytes;
+return sw->hw->pcm_ops->read(sw, buf, size);
 }
 
 int AUD_get_buffer_size_out (SWVoiceOut *sw)
diff --git a/block.c b/block.c
index d516ab6..c537307 100644
--- a/block.c
+++ b/block.c
@@ -351,15 +351,13 @@ out:
 int bdrv_create_file(const char *filename, QemuOpts *opts, Error **errp)
 {
 BlockDriver *drv;
-int ret;
 
 drv = bdrv_find_protocol(filename, true, errp);
 if (drv == NULL) {
 return -ENOENT;
 }
 
-ret = bdrv_create(drv, filename, opts, errp);
-return ret;
+return bdrv_create(drv, filename, opts, errp);
 }
 
 /**
diff --git a/block/archipelago.c b/block/archipelago.c
index b9f5e69..37b8aca 100644
--- a/block/archipelago.c
+++ b/block/archipelago.c
@@ -974,11 +974,9 @@ err_exit2:
 
 static int64_t qemu_archipelago_getlength(BlockDriverState *bs)
 {
-int64_t ret;
 BDRVArchipelagoState *s = bs->opaque;
 
-ret = archipelago_volume_info(s);
-return ret;
+return archipelago_volume_info(s);
 }
 
 static int 

Re: [Qemu-devel] [PATCH v6 8/9] target-mips: Add nan2008 flavor of <CEIL|CVT|FLOOR|ROUND|TRUNC>.<L|W>.<S|D>

[Maciej W. Rozycki]

On Fri, 10 Jun 2016, Aleksandar Markovic wrote:

> The changes that make QEMU behavior the same as hardware behavior (in 
> relation to CEIL, CVT, FLOOR, ROUND, TRUNC Mips instructions) are 
> already contained in this patch.

 Good, however that means that you've really combined two logically 
separate changes into a single patch:

1. A bug fix for SoftFloat legacy-NaN (original) MIPS support, which has 
   been there probably since forever (i.e. since the MIPS target was added 
   to QEMU).

2. A new feature for 2008-NaN MIPS support.

To me it really looks like the two need to be separate patches, with the 
bug fix applied first (or among any other bug fixes at the beginning) in 
the patch set, or even as a separate change marked as a prerequisite for 
the rest of the changes.

 The bug fix will then be self-contained and more prominently exposed, 
rather than being buried among feature additions.  It can then be 
independently reviewed and likely more easily accepted as long as it is 
technically correct.  It can also be cherry-picked and backported easily 
if necessary, perhaps outside the upstream tree.

 Review of the new feature set can then follow, once the bug(s) have been 
fixed.

> I just mentioned Mips-A / Mips-B / SoftFloat differences as an 
> explanation/observation related to the change in this patch.

 Maybe it's just myself, but from your description I got the impression 
that your change preserves the status quo and the explanation merely 
serves the purpose of documenting it.  Please consider rewriting it such 
that it is unambiguous that the SoftFloat bug is being fixed with your 
change.

 Obviously once you've made the bug fix a separate change, it'll become 
unambiguous naturally, as then you won't have the 2008-NaN feature along 
it obfuscating the picture.

  Maciej

[Qemu-devel] [PATCH v2 1/3] error: Remove NULL checks on error_propagate() calls

[Eduardo Habkost]

error_propagate() already ignores local_err==NULL, so there's no
need to check it before calling.

Coccinelle patch used to perform the changes added to
scripts/coccinelle/error_propagate_null.cocci.

Signed-off-by: Eduardo Habkost 
---
 block.c   | 20 +--
 block/qcow2.c |  4 +---
 block/quorum.c|  4 +---
 block/raw-posix.c | 16 ---
 block/raw_bsd.c   |  4 +---
 block/snapshot.c  |  4 +---
 blockdev.c| 12 +++-
 bootdevice.c  |  4 +---
 dump.c|  4 +---
 hw/ide/qdev.c |  4 +---
 hw/net/ne2000-isa.c   |  4 +---
 hw/s390x/virtio-ccw.c | 28 +++
 hw/usb/dev-storage.c  |  4 +---
 qga/commands-win32.c  |  8 ++--
 qom/object.c  |  4 +---
 scripts/coccinelle/error_propagate_null.cocci | 10 ++
 16 files changed, 41 insertions(+), 93 deletions(-)
 create mode 100644 scripts/coccinelle/error_propagate_null.cocci

diff --git a/block.c b/block.c
index f54bc25..ecca55a 100644
--- a/block.c
+++ b/block.c
@@ -301,9 +301,7 @@ static void coroutine_fn bdrv_create_co_entry(void *opaque)
 assert(cco->drv);
 
 ret = cco->drv->bdrv_create(cco->filename, cco->opts, _err);
-if (local_err) {
-error_propagate(>err, local_err);
-}
+error_propagate(>err, local_err);
 cco->ret = ret;
 }
 
@@ -364,9 +362,7 @@ int bdrv_create_file(const char *filename, QemuOpts *opts, 
Error **errp)
 }
 
 ret = bdrv_create(drv, filename, opts, _err);
-if (local_err) {
-error_propagate(errp, local_err);
-}
+error_propagate(errp, local_err);
 return ret;
 }
 
@@ -1760,18 +1756,14 @@ fail:
 QDECREF(options);
 bs->options = NULL;
 bdrv_unref(bs);
-if (local_err) {
-error_propagate(errp, local_err);
-}
+error_propagate(errp, local_err);
 return NULL;
 
 close_and_fail:
 bdrv_unref(bs);
 QDECREF(snapshot_options);
 QDECREF(options);
-if (local_err) {
-error_propagate(errp, local_err);
-}
+error_propagate(errp, local_err);
 return NULL;
 }
 
@@ -3591,9 +3583,7 @@ void bdrv_img_create(const char *filename, const char 
*fmt,
 out:
 qemu_opts_del(opts);
 qemu_opts_free(create_opts);
-if (local_err) {
-error_propagate(errp, local_err);
-}
+error_propagate(errp, local_err);
 }
 
 AioContext *bdrv_get_aio_context(BlockDriverState *bs)
diff --git a/block/qcow2.c b/block/qcow2.c
index 6f5fb81..4504846 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -2394,9 +2394,7 @@ static int qcow2_create(const char *filename, QemuOpts 
*opts, Error **errp)
 ret = qcow2_create2(filename, size, backing_file, backing_fmt, flags,
 cluster_size, prealloc, opts, version, refcount_order,
 _err);
-if (local_err) {
-error_propagate(errp, local_err);
-}
+error_propagate(errp, local_err);
 
 finish:
 g_free(backing_file);
diff --git a/block/quorum.c b/block/quorum.c
index ec6f3b9..331b726 100644
--- a/block/quorum.c
+++ b/block/quorum.c
@@ -971,9 +971,7 @@ close_exit:
 exit:
 qemu_opts_del(opts);
 /* propagate error */
-if (local_err) {
-error_propagate(errp, local_err);
-}
+error_propagate(errp, local_err);
 return ret;
 }
 
diff --git a/block/raw-posix.c b/block/raw-posix.c
index ce2e20f..cb663d8 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -587,9 +587,7 @@ static int raw_open(BlockDriverState *bs, QDict *options, 
int flags,
 
 s->type = FTYPE_FILE;
 ret = raw_open_common(bs, options, flags, 0, _err);
-if (local_err) {
-error_propagate(errp, local_err);
-}
+error_propagate(errp, local_err);
 return ret;
 }
 
@@ -2239,9 +2237,7 @@ hdev_open_Mac_error:
 
 ret = raw_open_common(bs, options, flags, 0, _err);
 if (ret < 0) {
-if (local_err) {
-error_propagate(errp, local_err);
-}
+error_propagate(errp, local_err);
 #if defined(__APPLE__) && defined(__MACH__)
 if (*bsd_path) {
 filename = bsd_path;
@@ -2453,9 +2449,7 @@ static int cdrom_open(BlockDriverState *bs, QDict 
*options, int flags,
 
 /* open will not fail even if no CD is inserted, so add O_NONBLOCK */
 ret = raw_open_common(bs, options, flags, O_NONBLOCK, _err);
-if (local_err) {
-error_propagate(errp, local_err);
-}
+error_propagate(errp, local_err);
 return ret;
 }
 
@@ -2573,9 +2567,7 @@ static int cdrom_open(BlockDriverState *bs, QDict 
*options, int flags,
 
 ret = raw_open_common(bs, 

[Qemu-devel] [PATCH v2 0/3] coccinelle: Clean up error checks and return value variables

[Eduardo Habkost]

v2 of the previous "error: Remove NULL checks on
error_propagate() calls" patch, now it became a series.

Changes v1 -> v2:
* The Coccinelle scripts were simplified by using "when"
  constraints to detect when a variable is not used elsewhere
  inside the function.
* Added script to remove unnecessary variables for function
  return value.
* Coccinelle scripts added to scripts/coccinelle.

Eduardo Habkost (3):
  error: Remove NULL checks on error_propagate() calls
  error: Remove unnecessary local_err variables
  [RFC] Remove unnecessary variables for function return value

 audio/audio.c | 10 ++-
 block.c   | 26 -
 block/archipelago.c   |  4 +--
 block/qcow2-cluster.c |  7 ++---
 block/qcow2-refcount.c|  7 ++---
 block/qcow2.c |  4 +--
 block/quorum.c|  4 +--
 block/raw-posix.c | 24 +++
 block/raw_bsd.c   |  9 +-
 block/rbd.c   |  5 +---
 block/snapshot.c  |  4 +--
 block/vmdk.c  |  6 ++--
 block/vvfat.c |  5 +---
 blockdev.c| 26 +
 bootdevice.c  |  4 +--
 dump.c|  4 +--
 hw/acpi/aml-build.c   | 13 ++---
 hw/audio/intel-hda.c  |  5 +---
 hw/display/vga.c  |  4 +--
 hw/ide/qdev.c |  4 +--
 hw/intc/s390_flic_kvm.c   |  5 ++--
 hw/net/ne2000-isa.c   |  4 +--
 hw/pci-host/uninorth.c|  5 +---
 hw/ppc/spapr_vio.c|  7 +
 hw/s390x/s390-virtio-ccw.c|  5 +---
 hw/s390x/virtio-ccw.c | 42 +--
 hw/scsi/megasas.c | 10 +--
 hw/scsi/scsi-generic.c|  5 +---
 hw/timer/mc146818rtc.c|  5 +---
 hw/usb/dev-storage.c  |  4 +--
 hw/virtio/virtio-pci.c|  4 +--
 linux-user/signal.c   | 15 +++---
 page_cache.c  |  5 +---
 qga/commands-posix.c  |  4 +--
 qga/commands-win32.c  | 14 ++---
 qobject/qlist.c   |  5 +---
 qom/object.c  |  4 +--
 scripts/coccinelle/error_propagate_null.cocci | 10 +++
 scripts/coccinelle/remove_local_err.cocci | 27 +
 scripts/coccinelle/return_directly.cocci  | 19 
 target-i386/cpu.c |  4 +--
 target-i386/fpu_helper.c  | 10 ++-
 target-i386/kvm.c |  5 ++--
 target-mips/dsp_helper.c  | 15 ++
 target-mips/op_helper.c   |  4 +--
 target-s390x/helper.c |  6 +---
 target-sparc/cc_helper.c  | 25 
 target-tricore/op_helper.c| 13 +++--
 tests/display-vga-test.c  |  6 +---
 tests/endianness-test.c   |  5 +---
 tests/i440fx-test.c   |  4 +--
 tests/intel-hda-test.c|  6 +---
 tests/test-filter-redirector.c|  6 +---
 tests/virtio-blk-test.c   |  5 +---
 tests/virtio-console-test.c   |  6 +---
 tests/virtio-net-test.c   |  6 +---
 tests/virtio-scsi-test.c  |  6 +---
 tests/wdt_ib700-test.c|  6 +---
 ui/cursor.c   | 10 ++-
 ui/qemu-pixman.c  | 11 ++-
 util/module.c |  6 +---
 vl.c  |  5 +---
 62 files changed, 160 insertions(+), 384 deletions(-)
 create mode 100644 scripts/coccinelle/error_propagate_null.cocci
 create mode 100644 scripts/coccinelle/remove_local_err.cocci
 create mode 100644 scripts/coccinelle/return_directly.cocci

-- 
2.5.5

Re: [Qemu-devel] [PATCH v4] spapr: Ensure all LMBs are represented in ibm, dynamic-memory

[Michael Roth]

Quoting Bharata B Rao (2016-06-10 00:14:48)
> Memory hotplug can fail for some combinations of RAM and maxmem when
> DDW is enabled in the presence of devices like nec-usb-xhci. DDW depends
> on maximum addressable memory returned by guest and this value is currently
> being calculated wrongly by the guest kernel routine memory_hotplug_max().
> While there is an attempt to fix the guest kernel, this patch works
> around the problem within QEMU itself.
> 
> memory_hotplug_max() routine in the guest kernel arrives at max
> addressable memory by multiplying lmb-size with the lmb-count obtained
> from ibm,dynamic-memory property. There are two assumptions here:
> 
> - All LMBs are part of ibm,dynamic memory: This is not true for PowerKVM
>   where only hot-pluggable LMBs are present in this property.
> - The memory area comprising of RAM and hotplug region is contiguous: This
>   needn't be true always for PowerKVM as there can be gap between
>   boot time RAM and hotplug region.
> 
> To work around this guest kernel bug, ensure that ibm,dynamic-memory
> has information about all the LMBs (RMA, boot-time LMBs, future
> hotpluggable LMBs, and dummy LMBs to cover the gap between RAM and
> hotpluggable region).
> 
> RMA is represented separately by memory@0 node. Hence mark RMA LMBs
> and also the LMBs for the gap b/n RAM and hotpluggable region as
> reserved and as having no valid DRC so that these LMBs are not considered
> by the guest.
> 
> Signed-off-by: Bharata B Rao 

Reviewed-by: Michael Roth 

> ---
> Changes in v4:
> 
> - Included address information for all LMBs in ibm,dynamic-memory.
> - Use both RESERVED and DRC_INVALID flag bits for non-hotpluggable LMBs.
> 
> v3: https://lists.gnu.org/archive/html/qemu-ppc/2016-06/msg00187.html
> 
>  hw/ppc/spapr.c | 57 
> --
>  include/hw/ppc/spapr.h |  6 --
>  2 files changed, 41 insertions(+), 22 deletions(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0636642..9a4a803 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -762,14 +762,17 @@ static int 
> spapr_populate_drconf_memory(sPAPRMachineState *spapr, void *fdt)
>  int ret, i, offset;
>  uint64_t lmb_size = SPAPR_MEMORY_BLOCK_SIZE;
>  uint32_t prop_lmb_size[] = {0, cpu_to_be32(lmb_size)};
> -uint32_t nr_lmbs = (machine->maxram_size - machine->ram_size)/lmb_size;
> +uint32_t hotplug_lmb_start = spapr->hotplug_memory.base / lmb_size;
> +uint32_t nr_lmbs = (spapr->hotplug_memory.base +
> +   memory_region_size(>hotplug_memory.mr)) /
> +   lmb_size;
>  uint32_t *int_buf, *cur_index, buf_len;
>  int nr_nodes = nb_numa_nodes ? nb_numa_nodes : 1;
> 
>  /*
> - * Don't create the node if there are no DR LMBs.
> + * Don't create the node if there is no hotpluggable memory
>   */
> -if (!nr_lmbs) {
> +if (machine->ram_size == machine->maxram_size) {
>  return 0;
>  }
> 
> @@ -803,26 +806,40 @@ static int 
> spapr_populate_drconf_memory(sPAPRMachineState *spapr, void *fdt)
>  int_buf[0] = cpu_to_be32(nr_lmbs);
>  cur_index++;
>  for (i = 0; i < nr_lmbs; i++) {
> -sPAPRDRConnector *drc;
> -sPAPRDRConnectorClass *drck;
> -uint64_t addr = i * lmb_size + spapr->hotplug_memory.base;;
> +uint64_t addr = i * lmb_size;
>  uint32_t *dynamic_memory = cur_index;
> 
> -drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
> -   addr/lmb_size);
> -g_assert(drc);
> -drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
> -
> -dynamic_memory[0] = cpu_to_be32(addr >> 32);
> -dynamic_memory[1] = cpu_to_be32(addr & 0x);
> -dynamic_memory[2] = cpu_to_be32(drck->get_index(drc));
> -dynamic_memory[3] = cpu_to_be32(0); /* reserved */
> -dynamic_memory[4] = cpu_to_be32(numa_get_node(addr, NULL));
> -if (addr < machine->ram_size ||
> -memory_region_present(get_system_memory(), addr)) {
> -dynamic_memory[5] = cpu_to_be32(SPAPR_LMB_FLAGS_ASSIGNED);
> +if (i >= hotplug_lmb_start) {
> +sPAPRDRConnector *drc;
> +sPAPRDRConnectorClass *drck;
> +
> +drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB, i);
> +g_assert(drc);
> +drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
> +
> +dynamic_memory[0] = cpu_to_be32(addr >> 32);
> +dynamic_memory[1] = cpu_to_be32(addr & 0x);
> +dynamic_memory[2] = cpu_to_be32(drck->get_index(drc));
> +dynamic_memory[3] = cpu_to_be32(0); /* reserved */
> +dynamic_memory[4] = cpu_to_be32(numa_get_node(addr, NULL));
> +if (memory_region_present(get_system_memory(), addr)) {
> +dynamic_memory[5] = 

Re: [Qemu-devel] [PULL 00/15] tb hash improvements

[Emilio G. Cota]

On Fri, Jun 10, 2016 at 17:41:26 +0100, Peter Maydell wrote:
> On 10 June 2016 at 17:34, Emilio G. Cota  wrote:
> > On Fri, Jun 10, 2016 at 16:33:10 +0100, Peter Maydell wrote:
> >> Fails to build on ppc64be :-(
> >>
> >> In file included from /home/pm215/qemu/include/qemu/thread.h:4:0,
> >>  from /home/pm215/qemu/include/block/aio.h:20,
> >>  from /home/pm215/qemu/include/block/block.h:4,
> >>  from /home/pm215/qemu/include/monitor/monitor.h:6,
> >>  from /home/pm215/qemu/trace/control.c:23:
> >> /home/pm215/qemu/include/qemu/processor.h:24:35: error: expected
> >> identifier or ‘(’ before string constant
> >>"or 2, 2, 2;" ::: "memory")
> >
> > On Fri, Jun 10, 2016 at 16:57:19 +0100, Peter Maydell wrote:
> >> Also fails trying to build a test on 32-bit:
> >>
> >> /home/petmay01/qemu/tests/qht-bench.c: In function 'pr_params':
> >> /home/petmay01/qemu/tests/qht-bench.c:270:5: error: format '%zu'
> >> expects argument of type 'size_t', but argument 2 has type 'long
> >> unsigned int' [-Werror=format=]
> >>  printf(" lookup range:  %zu\n", lookup_range);
> >
> > Can you please test again after applying the appended delta?
> 
> I will test.
> 
> For the PPC asm, is it not just wanting the "\n" between instructions?
> Shouldn't be necessary to use two separate asm() lines...

I can't test on ppc so I was just being paranoid to avoid
wasting your time :-)

E.

Re: [Qemu-devel] [Bug 1589153] Re: qemu-system-x86_64 version 2.5.0 freezes during windows 7 installation in lubuntu 16.04

[Phil Troy]

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1589153

Title:
  qemu-system-x86_64 version 2.5.0 freezes during windows 7 installation
  in lubuntu 16.04

Status in QEMU:
  New

Bug description:
  Hi!

  I have been using qemu - kvm for several years in different versions
  of ubuntu (lubuntu). I am trying to migrate from 15.04 to 16.04 and am
  having a problem. In particular, on my machine (a samsung series 9
  with dual core i7 processor and 8gb ram) the following commands worked
  in 15.04 but do not work in 15.10 and 16.04. FYI, I tested them on a
  clean machine, where I have created a 60GB image file in its own
  partition.. In particular, I am using the command to start installing
  windows 7 and it works in a clean install of 15.04 (yesterday) but not
  in 15.10 (yesterday) or 16.04 (the day before). I do not get any error
  messages in my xterminal when running this and do not know how to
  check for windows error messages. By not working I mean that after
  loading files it gets to a windows screen and then stays there
  forever.

  The command lines used to invoke qemu is:
  echo "*** Installing windows 7 virtual machine - Step 2"

  
  echo "*** Try command for slow mouse"
  export SDL_VIDEO_X11_DGAMOUSE=0

  sudo qemu-system-x86_64 \
-enable-kvm \
-machine pc,accel=kvm \
-cdrom  
/home/Archives/Software/OperatingSystems.Windows7HP.64/Windows7HP64_Install.iso 
\
-boot d \
-net nic,macaddr=56:44:45:30:31:34 \
-net user \
-cpu host \
-vga qxl \
-spice port=5900,disable-ticketing \
-uuid 8373c3d6-1e6c-f022-38e2-b94e6e14e170 \
-smp cpus=2,maxcpus=3 \
-m 6144 \
-name DrPhilSS9AWin7VM \
-hda /mnt/Windows7Image/Windows7Guest.img \
-localtime \
-k en-us \
-usb \
-usbdevice tablet&
  sleep 10
  spicy --host 127.0.0.1 --port 5900

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1589153/+subscriptions

[Qemu-devel] [Bug 1589153] Re: qemu-system-x86_64 version 2.5.0 freezes during windows 7 installation in lubuntu 16.04

[Phil Troy]

Please see
http://ubuntuforums.org/showthread.php?t=2325843=13499322#post13499322
for a similar discussion and for a workaround.  But please note that to
the best I can tell it is still a bug.

Phil

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1589153

Title:
  qemu-system-x86_64 version 2.5.0 freezes during windows 7 installation
  in lubuntu 16.04

Status in QEMU:
  New

Bug description:
  Hi!

  I have been using qemu - kvm for several years in different versions
  of ubuntu (lubuntu). I am trying to migrate from 15.04 to 16.04 and am
  having a problem. In particular, on my machine (a samsung series 9
  with dual core i7 processor and 8gb ram) the following commands worked
  in 15.04 but do not work in 15.10 and 16.04. FYI, I tested them on a
  clean machine, where I have created a 60GB image file in its own
  partition.. In particular, I am using the command to start installing
  windows 7 and it works in a clean install of 15.04 (yesterday) but not
  in 15.10 (yesterday) or 16.04 (the day before). I do not get any error
  messages in my xterminal when running this and do not know how to
  check for windows error messages. By not working I mean that after
  loading files it gets to a windows screen and then stays there
  forever.

  The command lines used to invoke qemu is:
  echo "*** Installing windows 7 virtual machine - Step 2"

  
  echo "*** Try command for slow mouse"
  export SDL_VIDEO_X11_DGAMOUSE=0

  sudo qemu-system-x86_64 \
-enable-kvm \
-machine pc,accel=kvm \
-cdrom  
/home/Archives/Software/OperatingSystems.Windows7HP.64/Windows7HP64_Install.iso 
\
-boot d \
-net nic,macaddr=56:44:45:30:31:34 \
-net user \
-cpu host \
-vga qxl \
-spice port=5900,disable-ticketing \
-uuid 8373c3d6-1e6c-f022-38e2-b94e6e14e170 \
-smp cpus=2,maxcpus=3 \
-m 6144 \
-name DrPhilSS9AWin7VM \
-hda /mnt/Windows7Image/Windows7Guest.img \
-localtime \
-k en-us \
-usb \
-usbdevice tablet&
  sleep 10
  spicy --host 127.0.0.1 --port 5900

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1589153/+subscriptions

Re: [Qemu-devel] [PATCH v2] migration: Don't use *_to_cpup() and cpu_to_*w()

[Eric Blake]

On 06/10/2016 10:09 AM, Peter Maydell wrote:
> The *_to_cpup() and cpu_to_*w() functions just compose a pointer
> dereference with a byteswap. Instead use ld*_p() and st*_p(),
> which handle potential pointer misalignment and avoid the need
> to cast the pointer.
> 
> Signed-off-by: Peter Maydell 
> ---
> Changes v1->v2: fix cpu_to_*w() uses too.
> 
> The motivation here is that I'd like to get rid of _to_cpup()
> and cpu_to_*w() entirely: we don't have many places that use them.
> ---
>  migration/migration.c | 12 ++--
>  migration/savevm.c|  4 ++--
>  2 files changed, 8 insertions(+), 8 deletions(-)
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] nbd: Don't use cpu_to_*w() functions

[Eric Blake]

On 06/10/2016 10:15 AM, Peter Maydell wrote:
> The cpu_to_*w() functions just compose a pointer dereference
> with a byteswap. Instead use st*_p(), which handles potential
> pointer misalignment and avoids the need to cast the pointer.
> 
> Signed-off-by: Peter Maydell 
> ---
>  nbd/client.c | 10 +-
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL 0/8] migration: fixes

[Dr. David Alan Gilbert]

* Peter Maydell (peter.mayd...@linaro.org) wrote:
> On 10 June 2016 at 14:25, Peter Maydell  wrote:
> > On 10 June 2016 at 12:48, Amit Shah  wrote:
> >>
> >> The following changes since commit 
> >> 0c33682d5f29b0a4ae53bdec4c8e52e4fae37b34:
> >>
> >>   target-i386: Move user-mode exception actions out of user-exec.c 
> >> (2016-06-09 15:55:02 +0100)
> >>
> >> are available in the git repository at:
> >>
> >>   https://git.kernel.org/pub/scm/virt/qemu/amit/migration.git 
> >> tags/migration-for-2.7-3
> >>
> >> for you to fetch changes up to cfac638acf903f7618b285dc3f36de348554c8ad:
> >>
> >>   Postcopy: Check for support when setting the capability (2016-06-10 
> >> 17:13:32 +0530)
> >>
> >> 
> >> Migration:
> >>
> >> - Fixes for TLS series
> >> - Postcopy: Add stats, fix, test case
> >>
> >> 
> >
> > Fails to build on OSX
> 
> Also fails to build on AArch64 Linux:

OK, I see why I missed this.
My two weirder build cases I checked with previously were building on RHEL6 
(that's
too old for userfault) and an ARM box.  However, the tests include the headers 
from
qemu's linux-header/ subdirectory and that includes __NR_userfault for
both x86 and 32bit ARM, so I wasn't hitting the other side of the ifdef
in my testing.

Dave

> 
> /home/petmay01/qemu/tests/postcopy-test.c: In function 'return_or_event':
> /home/petmay01/qemu/tests/postcopy-test.c:177:9: error: 'got_stop'
> undeclared (first use in this function)
>  got_stop = true;
>  ^
> /home/petmay01/qemu/tests/postcopy-test.c:177:9: note: each undeclared
> identifier is reported only once for each function it appears in
> /home/petmay01/qemu/tests/postcopy-test.c: In function
> 'wait_for_migration_pass':
> /home/petmay01/qemu/tests/postcopy-test.c:235:13: error: 'got_stop'
> undeclared (first use in this function)
>  if (got_stop || initial_pass) {
>  ^
> /home/petmay01/qemu/tests/postcopy-test.c: In function 'check_guests_ram':
> /home/petmay01/qemu/tests/postcopy-test.c:262:33: error:
> 'start_address' undeclared (first use in this function)
>  qtest_memread(global_qtest, start_address, _byte, 1);
>  ^
> /home/petmay01/qemu/tests/postcopy-test.c:265:52: error: 'end_address'
> undeclared (first use in this function)
>  for (address = start_address + 4096; address < end_address;
> address += 4096)
> ^
> /home/petmay01/qemu/tests/postcopy-test.c: In function 'test_migrate':
> /home/petmay01/qemu/tests/postcopy-test.c:307:5: error: 'got_stop'
> undeclared (first use in this function)
>  got_stop = false;
>  ^
> /home/petmay01/qemu/tests/postcopy-test.c:395:23: error:
> 'start_address' undeclared (first use in this function)
>  qtest_memread(to, start_address, _byte_a, 1);
>^
> 
> thanks
> -- PMM
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PATCH v3 2/5] block/mirror: Fix target backing BDS

[Max Reitz]

Currently, we are trying to move the backing BDS from the source to the
target in bdrv_replace_in_backing_chain() which is called from
mirror_exit(). However, mirror_complete() already tries to open the
target's backing chain with a call to bdrv_open_backing_file().

First, we should only set the target's backing BDS once. Second, the
mirroring block job has a better idea of what to set it to than the
generic code in bdrv_replace_in_backing_chain() (in fact, the latter's
conditions on when to move the backing BDS from source to target are not
really correct).

Therefore, remove that code from bdrv_replace_in_backing_chain() and
leave it to mirror_complete().

Depending on what kind of mirroring is performed, we furthermore want to
use different strategies to open the target's backing chain:

- If blockdev-mirror is used, we can assume the user made sure that the
  target already has the correct backing chain. In particular, we should
  not try to open a backing file if the target does not have any yet.

- If drive-mirror with mode=absolute-paths is used, we can and should
  reuse the already existing chain of nodes that the source BDS is in.
  In case of sync=full, no backing BDS is required; with sync=top, we
  just link the source's backing BDS to the target, and with sync=none,
  we use the source BDS as the target's backing BDS.
  We should not try to open these backing files anew because this would
  lead to two BDSs existing per physical file in the backing chain, and
  we would like to avoid such concurrent access.

- If drive-mirror with mode=existing is used, we have to use the
  information provided in the physical image file which means opening
  the target's backing chain completely anew, just as it has been done
  already.
  If the target's backing chain shares images with the source, this may
  lead to multiple BDSs per physical image file. But since we cannot
  reliably ascertain this case, there is nothing we can do about it.

Signed-off-by: Max Reitz 
---
 block.c   |  8 
 block/mirror.c| 39 ---
 blockdev.c| 15 ---
 include/block/block_int.h | 18 +-
 4 files changed, 57 insertions(+), 23 deletions(-)

diff --git a/block.c b/block.c
index dc76c159..2691c2f 100644
--- a/block.c
+++ b/block.c
@@ -2289,14 +2289,6 @@ void bdrv_replace_in_backing_chain(BlockDriverState 
*old, BlockDriverState *new)
 
 change_parent_backing_link(old, new);
 
-/* Change backing files if a previously independent node is added to the
- * chain. For active commit, we replace top by its own (indirect) backing
- * file and don't do anything here so we don't build a loop. */
-if (new->backing == NULL && !bdrv_chain_contains(backing_bs(old), new)) {
-bdrv_set_backing_hd(new, backing_bs(old));
-bdrv_set_backing_hd(old, NULL);
-}
-
 bdrv_unref(old);
 }
 
diff --git a/block/mirror.c b/block/mirror.c
index 80fd3c7..13abe8c 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -44,6 +44,7 @@ typedef struct MirrorBlockJob {
 /* Used to block operations on the drive-mirror-replace target */
 Error *replace_blocker;
 bool is_none_mode;
+BlockMirrorBackingMode backing_mode;
 BlockdevOnError on_source_error, on_target_error;
 bool synced;
 bool should_complete;
@@ -742,20 +743,26 @@ static void mirror_set_speed(BlockJob *job, int64_t 
speed, Error **errp)
 static void mirror_complete(BlockJob *job, Error **errp)
 {
 MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
-Error *local_err = NULL;
-int ret;
+BlockDriverState *src, *target;
+
+src = blk_bs(job->blk);
+target = blk_bs(s->target);
 
-ret = bdrv_open_backing_file(blk_bs(s->target), NULL, "backing",
- _err);
-if (ret < 0) {
-error_propagate(errp, local_err);
-return;
-}
 if (!s->synced) {
 error_setg(errp, QERR_BLOCK_JOB_NOT_READY, job->id);
 return;
 }
 
+if (s->backing_mode == MIRROR_OPEN_BACKING_CHAIN) {
+int ret;
+
+assert(!target->backing);
+ret = bdrv_open_backing_file(target, NULL, "backing", errp);
+if (ret < 0) {
+return;
+}
+}
+
 /* check the target bs is not blocked and block all operations on it */
 if (s->replaces) {
 AioContext *replace_aio_context;
@@ -777,6 +784,13 @@ static void mirror_complete(BlockJob *job, Error **errp)
 aio_context_release(replace_aio_context);
 }
 
+if (s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
+BlockDriverState *backing = s->is_none_mode ? src : s->base;
+if (backing_bs(target) != backing) {
+bdrv_set_backing_hd(target, backing);
+}
+}
+
 s->should_complete = true;
 block_job_enter(>common);
 }
@@ -799,6 +813,7 @@ static void mirror_start_job(BlockDriverState *bs, 

[Qemu-devel] [PATCH v3 3/5] block/null: Implement bdrv_refresh_filename()

[Max Reitz]

Signed-off-by: Max Reitz 
---
 block/null.c | 20 
 1 file changed, 20 insertions(+)

diff --git a/block/null.c b/block/null.c
index 396500b..b511010 100644
--- a/block/null.c
+++ b/block/null.c
@@ -12,6 +12,8 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qstring.h"
 #include "block/block_int.h"
 
 #define NULL_OPT_LATENCY "latency-ns"
@@ -223,6 +225,20 @@ static int64_t coroutine_fn 
null_co_get_block_status(BlockDriverState *bs,
 }
 }
 
+static void null_refresh_filename(BlockDriverState *bs, QDict *opts)
+{
+QINCREF(opts);
+qdict_del(opts, "filename");
+
+if (!qdict_size(opts)) {
+snprintf(bs->exact_filename, sizeof(bs->exact_filename), "%s://",
+ bs->drv->format_name);
+}
+
+qdict_put(opts, "driver", qstring_from_str(bs->drv->format_name));
+bs->full_open_options = opts;
+}
+
 static BlockDriver bdrv_null_co = {
 .format_name= "null-co",
 .protocol_name  = "null-co",
@@ -238,6 +254,8 @@ static BlockDriver bdrv_null_co = {
 .bdrv_reopen_prepare= null_reopen_prepare,
 
 .bdrv_co_get_block_status   = null_co_get_block_status,
+
+.bdrv_refresh_filename  = null_refresh_filename,
 };
 
 static BlockDriver bdrv_null_aio = {
@@ -255,6 +273,8 @@ static BlockDriver bdrv_null_aio = {
 .bdrv_reopen_prepare= null_reopen_prepare,
 
 .bdrv_co_get_block_status   = null_co_get_block_status,
+
+.bdrv_refresh_filename  = null_refresh_filename,
 };
 
 static void bdrv_null_init(void)
-- 
2.8.3

[Qemu-devel] [PATCH v3 4/5] iotests: Add test for post-mirror backing chains

[Max Reitz]

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/155 | 263 +
 tests/qemu-iotests/155.out |   5 +
 tests/qemu-iotests/group   |   1 +
 3 files changed, 269 insertions(+)
 create mode 100755 tests/qemu-iotests/155
 create mode 100644 tests/qemu-iotests/155.out

diff --git a/tests/qemu-iotests/155 b/tests/qemu-iotests/155
new file mode 100755
index 000..06ddc5f
--- /dev/null
+++ b/tests/qemu-iotests/155
@@ -0,0 +1,263 @@
+#!/usr/bin/env python
+#
+# Test whether the backing BDSs are correct after completion of a
+# mirror block job; in "existing" modes (drive-mirror with
+# mode=existing and blockdev-mirror) the backing chain should not be
+# overridden.
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import os
+import stat
+import time
+import iotests
+from iotests import qemu_img
+
+back0_img = os.path.join(iotests.test_dir, 'back0.' + iotests.imgfmt)
+back1_img = os.path.join(iotests.test_dir, 'back1.' + iotests.imgfmt)
+back2_img = os.path.join(iotests.test_dir, 'back2.' + iotests.imgfmt)
+source_img = os.path.join(iotests.test_dir, 'source.' + iotests.imgfmt)
+target_img = os.path.join(iotests.test_dir, 'target.' + iotests.imgfmt)
+
+
+# Class variables for controlling its behavior:
+#
+# existing: If True, explicitly create the target image and blockdev-add it
+# target_backing: If existing is True: Use this filename as the backing file
+# of the target image
+# (None: no backing file)
+# target_blockdev_backing: If existing is True: Pass this dict as "backing"
+#  for the blockdev-add command
+#  (None: do not pass "backing")
+# target_real_backing: If existing is True: The real filename of the backing
+#  image during runtime, only makes sense if
+#  target_blockdev_backing is not None
+#  (None: same as target_backing)
+
+class BaseClass(iotests.QMPTestCase):
+target_blockdev_backing = None
+target_real_backing = None
+
+def setUp(self):
+qemu_img('create', '-f', iotests.imgfmt, back0_img, '1M')
+qemu_img('create', '-f', iotests.imgfmt, '-b', back0_img, back1_img)
+qemu_img('create', '-f', iotests.imgfmt, '-b', back1_img, back2_img)
+qemu_img('create', '-f', iotests.imgfmt, '-b', back2_img, source_img)
+
+self.vm = iotests.VM()
+self.vm.add_drive(None, '', 'none')
+self.vm.launch()
+
+# Add the BDS via blockdev-add so it stays around after the mirror 
block
+# job has been completed
+result = self.vm.qmp('blockdev-add',
+ options={'node-name': 'source',
+  'driver': iotests.imgfmt,
+  'file': {'driver': 'file',
+   'filename': source_img}})
+self.assert_qmp(result, 'return', {})
+
+result = self.vm.qmp('x-blockdev-insert-medium',
+ device='drive0', node_name='source')
+self.assert_qmp(result, 'return', {})
+
+self.assertIntactSourceBackingChain()
+
+if self.existing:
+if self.target_backing:
+qemu_img('create', '-f', iotests.imgfmt,
+ '-b', self.target_backing, target_img, '1M')
+else:
+qemu_img('create', '-f', iotests.imgfmt, target_img, '1M')
+
+if self.cmd == 'blockdev-mirror':
+options = { 'node-name': 'target',
+'driver': iotests.imgfmt,
+'file': { 'driver': 'file',
+  'filename': target_img } }
+if self.target_blockdev_backing:
+options['backing'] = self.target_blockdev_backing
+
+result = self.vm.qmp('blockdev-add', options=options)
+self.assert_qmp(result, 'return', {})
+
+def tearDown(self):
+self.vm.shutdown()
+os.remove(source_img)
+os.remove(back2_img)
+os.remove(back1_img)
+os.remove(back0_img)
+try:
+os.remove(target_img)
+except OSError:
+pass
+
+def findBlockNode(self, node_name, id=None):
+ 

[Qemu-devel] [PATCH v3 5/5] iotests: Add test for oVirt-like storage migration

[Max Reitz]

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/156 | 174 +
 tests/qemu-iotests/156.out |  48 +
 tests/qemu-iotests/group   |   1 +
 3 files changed, 223 insertions(+)
 create mode 100755 tests/qemu-iotests/156
 create mode 100644 tests/qemu-iotests/156.out

diff --git a/tests/qemu-iotests/156 b/tests/qemu-iotests/156
new file mode 100755
index 000..cc95ff1
--- /dev/null
+++ b/tests/qemu-iotests/156
@@ -0,0 +1,174 @@
+#!/bin/bash
+#
+# Tests oVirt-like storage migration:
+#  - Create snapshot
+#  - Create target image with (not yet existing) target backing chain
+#(i.e. just write the name of a soon-to-be-copied-over backing file into 
it)
+#  - drive-mirror the snapshot to the target with mode=existing and sync=top
+#  - In the meantime, copy the original source files to the destination via
+#conventional means (i.e. outside of qemu)
+#  - Complete the drive-mirror job
+#  - Delete all source images
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mre...@redhat.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+status=1   # failure is the default!
+
+_cleanup()
+{
+rm -f "$TEST_IMG{,.target}{,.backing,.overlay}"
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.qemu
+
+_supported_fmt qcow2 qed
+_supported_proto generic
+_supported_os Linux
+
+# Create source disk
+TEST_IMG="$TEST_IMG.backing" _make_test_img 1M
+_make_test_img -b "$TEST_IMG.backing" 1M
+
+$QEMU_IO -c 'write -P 1 0 256k' "$TEST_IMG.backing" | _filter_qemu_io
+$QEMU_IO -c 'write -P 2 64k 192k' "$TEST_IMG" | _filter_qemu_io
+
+_launch_qemu -drive if=none,id=source,file="$TEST_IMG"
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'qmp_capabilities' }" \
+'return'
+
+# Create snapshot
+TEST_IMG="$TEST_IMG.overlay" _make_test_img -b "$TEST_IMG" 1M
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'blockdev-snapshot-sync',
+   'arguments': { 'device': 'source',
+  'snapshot-file': '$TEST_IMG.overlay',
+  'format': '$IMGFMT',
+  'mode': 'existing' } }" \
+'return'
+
+# Write something to the snapshot
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'human-monitor-command',
+   'arguments': { 'command-line':
+  'qemu-io source \"write -P 3 128k 128k\"' } }" \
+'return'
+
+# Create target image
+TEST_IMG="$TEST_IMG.target.overlay" _make_test_img -b "$TEST_IMG.target" 1M
+
+# Mirror snapshot
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'drive-mirror',
+   'arguments': { 'device': 'source',
+  'target': '$TEST_IMG.target.overlay',
+  'mode': 'existing',
+  'sync': 'top' } }" \
+'return'
+
+# Wait for convergence
+_send_qemu_cmd $QEMU_HANDLE \
+'' \
+'BLOCK_JOB_READY'
+
+# Write some more
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'human-monitor-command',
+   'arguments': { 'command-line':
+  'qemu-io source \"write -P 4 192k 64k\"' } }" \
+'return'
+
+# Copy source backing chain to the target before completing the job
+cp "$TEST_IMG.backing" "$TEST_IMG.target.backing"
+cp "$TEST_IMG" "$TEST_IMG.target"
+$QEMU_IMG rebase -u -b "$TEST_IMG.target.backing" "$TEST_IMG.target"
+
+# Complete block job
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'block-job-complete',
+   'arguments': { 'device': 'source' } }" \
+''
+
+_send_qemu_cmd $QEMU_HANDLE \
+'' \
+'BLOCK_JOB_COMPLETED'
+
+# Remove the source images
+rm -f "$TEST_IMG{,.backing,.overlay}"
+
+echo
+
+# Check online disk contents
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'human-monitor-command',
+   'arguments': { 'command-line':
+  'qemu-io source \"read -P 1 0k 64k\"' } }" \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'human-monitor-command',
+   'arguments': { 'command-line':
+  'qemu-io source \"read -P 2 64k 64k\"' } }" \
+'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+"{ 'execute': 'human-monitor-command',
+   'arguments': { 'command-line':
+  'qemu-io source \"read -P 3 128k 64k\"' } }" \
+   

[Qemu-devel] [PATCH v3 1/5] block: Allow replacement of a BDS by its overlay

[Max Reitz]

change_parent_backing_link() asserts that the BDS to be replaced is not
used as a backing file. However, we may want to replace a BDS by its
overlay in which case that very link should not be redirected.

For instance, when doing a sync=none drive-mirror operation, we may have
the following BDS/BB forest before block job completion:

  target

  base <- source <- BlockBackend

During job completion, we want to establish the source BDS as the
target's backing node:

  target
|
v
  base <- source <- BlockBackend

This makes the target a valid replacement for the source:

  target <- BlockBackend
|
v
  base <- source

Without this modification to change_parent_backing_link() we have to
inject the target into the graph before the source is its backing node,
thus temporarily creating a wrong graph:

  target <- BlockBackend

  base <- source

Signed-off-by: Max Reitz 
---
 block.c | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/block.c b/block.c
index f54bc25..dc76c159 100644
--- a/block.c
+++ b/block.c
@@ -2224,9 +2224,23 @@ void bdrv_close_all(void)
 static void change_parent_backing_link(BlockDriverState *from,
BlockDriverState *to)
 {
-BdrvChild *c, *next;
+BdrvChild *c, *next, *to_c;
 
 QLIST_FOREACH_SAFE(c, >parents, next_parent, next) {
+if (c->role == _backing) {
+/* @from is generally not allowed to be a backing file, except for
+ * when @to is the overlay. In that case, @from may not be replaced
+ * by @to as @to's backing node. */
+QLIST_FOREACH(to_c, >children, next) {
+if (to_c == c) {
+break;
+}
+}
+if (to_c) {
+continue;
+}
+}
+
 assert(c->role != _backing);
 bdrv_ref(to);
 bdrv_replace_child(c, to);
-- 
2.8.3

[Qemu-devel] [PATCH v3 0/5] block/mirror: Fix (?) target backing BDS

[Max Reitz]

Issue #1: If the target image does not have a backing BDS before mirror
completion, qemu tries really hard to give it a backing BDS. If the
source has a backing BDS, it will actually always "succeed".
In some cases, the target is not supposed to have a backing BDS, though
(absolute-paths: because of sync=full; existing: because the target
image does not have a backing file; blockdev-mirror: because of an
explicit "backing": ""). Then, this is pretty bad behavior.

This should generally not change the target's visible data, but it still
is ugly.

Issue #2: Currently the backing chain of the target is basically opened
using bdrv_open_backing_file() (except for sometimes™). This results in
multiple BDSs for a single physical file, which is bad. In most use
cases, this is only temporary, but it still is bad.

If we can reuse the existing backing chain of the source (which is with
drive-mirror in "absolute-paths" mode), we should just do so.


v3:
- Patch 1:
  - More verbose commit message [Kevin]
  - Changed comment to match code [Kevin]
- Patch 2:
  - Do not force use of the source backing chain for the target in
"existing" mode or with blockdev-mirror [Kevin]
- Instead keep doing what we've been doing for
  drive-mirror/existing, only that we should still drop the
  bdrv_set_backing_hd() in bdrv_replace_in_backing_chain()
- And for blockdev-mirror, just do not change the current backing
  chain at all; this is what we've been doing until now, unless the
  target BDS did not have a backing BDS yet
- Patch 3: Added, because it makes the next test a bit nicer
- Patch 4: Adjusted to v3 behavior, and added a new test for
  blockdev-mirror with a target whose backing file has been overridden
  using the "backing" option
- Patch 5: Added [Kevin]


git-backport-diff against v2:

Key:
[] : patches are identical
[] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/5:[0005] [FC] 'block: Allow replacement of a BDS by its overlay'
002/5:[0057] [FC] 'block/mirror: Fix target backing BDS'
003/5:[down] 'block/null: Implement bdrv_refresh_filename()'
004/5:[0073] [FC] 'iotests: Add test for post-mirror backing chains'
005/5:[down] 'iotests: Add test for oVirt-like storage migration'


Max Reitz (5):
  block: Allow replacement of a BDS by its overlay
  block/mirror: Fix target backing BDS
  block/null: Implement bdrv_refresh_filename()
  iotests: Add test for post-mirror backing chains
  iotests: Add test for oVirt-like storage migration

 block.c|  24 +++--
 block/mirror.c |  39 +--
 block/null.c   |  20 
 blockdev.c |  15 ++-
 include/block/block_int.h  |  18 +++-
 tests/qemu-iotests/155 | 263 +
 tests/qemu-iotests/155.out |   5 +
 tests/qemu-iotests/156 | 174 ++
 tests/qemu-iotests/156.out |  48 +
 tests/qemu-iotests/group   |   2 +
 10 files changed, 584 insertions(+), 24 deletions(-)
 create mode 100755 tests/qemu-iotests/155
 create mode 100644 tests/qemu-iotests/155.out
 create mode 100755 tests/qemu-iotests/156
 create mode 100644 tests/qemu-iotests/156.out

-- 
2.8.3

Re: [Qemu-devel] [PATCH 07/10] target-sparc: cpu: use sparc_cpu_parse_features() directly

[Mark Cave-Ayland]

On 10/06/16 12:51, Eduardo Habkost wrote:

> On Wed, Jun 08, 2016 at 01:30:11PM -0300, Eduardo Habkost wrote:
>> On Mon, Jun 06, 2016 at 05:16:49PM +0200, Igor Mammedov wrote:
>>> make SPARC target use sparc_cpu_parse_features() directly
>>> so it won't get in the way of switching other propertified
>>> targets to handling features as global properties.
>>>
>>> Signed-off-by: Igor Mammedov 
>>
>> I would like to apply this to the x86 tree, to allow the
>> remaining patches to be applied. May I get an Acked-by from the
>> SPARC maintainers?
> 
> I hear no objections, I will queue it on x86-next.

Given that I've never used CPU options for SPARC, this is probably okay
as long the standard sun4m/sun4u guests fire up with the same command lines.

Apologies for the delay on reviewing, my QEMU development is relegated
to time outside of work and the recent breakage on PPC/SPARC has eaten
huge amounts of my available time over the past week :/


ATB,

Mark.

[Qemu-devel] [PATCH] macio: call dma_memory_unmap() at the end of each DMA transfer

[Mark Cave-Ayland]

This ensures that the underlying memory is marked dirty once the transfer
is complete and resolves cache coherency problems under MacOS 9.

Signed-off-by: Mark Cave-Ayland 
---
 hw/ide/macio.c |   46 +---
 include/hw/ppc/mac_dbdma.h |5 +
 2 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index 78c10a0..fa57352 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -66,8 +66,7 @@ static void pmac_dma_read(BlockBackend *blk,
 DBDMA_io *io = opaque;
 MACIOIDEState *m = io->opaque;
 IDEState *s = idebus_active_if(>bus);
-dma_addr_t dma_addr, dma_len;
-void *mem;
+dma_addr_t dma_addr;
 int64_t sector_num;
 int nsector;
 uint64_t align = BDRV_SECTOR_SIZE;
@@ -84,9 +83,10 @@ static void pmac_dma_read(BlockBackend *blk,
   sector_num, nsector);
 
 dma_addr = io->addr;
-dma_len = io->len;
-mem = dma_memory_map(_space_memory, dma_addr, _len,
- DMA_DIRECTION_FROM_DEVICE);
+io->dir = DMA_DIRECTION_FROM_DEVICE;
+io->dma_len = io->len;
+io->dma_mem = dma_memory_map(_space_memory, dma_addr, >dma_len,
+ io->dir);
 
 if (offset & (align - 1)) {
 head_bytes = offset & (align - 1);
@@ -100,7 +100,7 @@ static void pmac_dma_read(BlockBackend *blk,
 offset = offset & ~(align - 1);
 }
 
-qemu_iovec_add(>iov, mem, io->len);
+qemu_iovec_add(>iov, io->dma_mem, io->len);
 
 if ((offset + bytes) & (align - 1)) {
 tail_bytes = (offset + bytes) & (align - 1);
@@ -130,8 +130,7 @@ static void pmac_dma_write(BlockBackend *blk,
 DBDMA_io *io = opaque;
 MACIOIDEState *m = io->opaque;
 IDEState *s = idebus_active_if(>bus);
-dma_addr_t dma_addr, dma_len;
-void *mem;
+dma_addr_t dma_addr;
 int64_t sector_num;
 int nsector;
 uint64_t align = BDRV_SECTOR_SIZE;
@@ -149,9 +148,10 @@ static void pmac_dma_write(BlockBackend *blk,
   sector_num, nsector);
 
 dma_addr = io->addr;
-dma_len = io->len;
-mem = dma_memory_map(_space_memory, dma_addr, _len,
- DMA_DIRECTION_TO_DEVICE);
+io->dir = DMA_DIRECTION_TO_DEVICE;
+io->dma_len = io->len;
+io->dma_mem = dma_memory_map(_space_memory, dma_addr, >dma_len,
+ io->dir);
 
 if (offset & (align - 1)) {
 head_bytes = offset & (align - 1);
@@ -163,7 +163,7 @@ static void pmac_dma_write(BlockBackend *blk,
 blk_pread(s->blk, (sector_num << 9), >head_remainder, align);
 
 qemu_iovec_add(>iov, >head_remainder, head_bytes);
-qemu_iovec_add(>iov, mem, io->len);
+qemu_iovec_add(>iov, io->dma_mem, io->len);
 
 bytes += offset & (align - 1);
 offset = offset & ~(align - 1);
@@ -181,7 +181,7 @@ static void pmac_dma_write(BlockBackend *blk,
 blk_pread(s->blk, (sector_num << 9), >tail_remainder, align);
 
 if (!unaligned_head) {
-qemu_iovec_add(>iov, mem, io->len);
+qemu_iovec_add(>iov, io->dma_mem, io->len);
 }
 
 qemu_iovec_add(>iov, >tail_remainder + tail_bytes,
@@ -193,7 +193,7 @@ static void pmac_dma_write(BlockBackend *blk,
 }
 
 if (!unaligned_head && !unaligned_tail) {
-qemu_iovec_add(>iov, mem, io->len);
+qemu_iovec_add(>iov, io->dma_mem, io->len);
 }
 
 s->io_buffer_size -= io->len;
@@ -214,18 +214,18 @@ static void pmac_dma_trim(BlockBackend *blk,
 DBDMA_io *io = opaque;
 MACIOIDEState *m = io->opaque;
 IDEState *s = idebus_active_if(>bus);
-dma_addr_t dma_addr, dma_len;
-void *mem;
+dma_addr_t dma_addr;
 
 qemu_iovec_destroy(>iov);
 qemu_iovec_init(>iov, io->len / MACIO_PAGE_SIZE + 1);
 
 dma_addr = io->addr;
-dma_len = io->len;
-mem = dma_memory_map(_space_memory, dma_addr, _len,
- DMA_DIRECTION_TO_DEVICE);
+io->dir = DMA_DIRECTION_TO_DEVICE;
+io->dma_len = io->len;
+io->dma_mem = dma_memory_map(_space_memory, dma_addr, >dma_len,
+ io->dir);
 
-qemu_iovec_add(>iov, mem, io->len);
+qemu_iovec_add(>iov, io->dma_mem, io->len);
 s->io_buffer_size -= io->len;
 s->io_buffer_index += io->len;
 io->len = 0;
@@ -285,6 +285,9 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int 
ret)
 return;
 
 done:
+dma_memory_unmap(_space_memory, io->dma_mem, io->dma_len,
+ io->dir, io->dma_len);
+
 if (ret < 0) {
 block_acct_failed(blk_get_stats(s->blk), >acct);
 } else {
@@ -351,6 +354,9 @@ static void pmac_ide_transfer_cb(void *opaque, int ret)
 return;
 
 done:
+dma_memory_unmap(_space_memory, io->dma_mem, io->dma_len,
+ io->dir, io->dma_len);
+
 if (s->dma_cmd == IDE_DMA_READ || s->dma_cmd == IDE_DMA_WRITE) {
 if (ret < 0) {
 

[Qemu-devel] [PATCH RFC 16/16] sysemu/cpus: bye, bye smp_cores, smp_threads

[Andrew Jones]

The smp_cores and smp_threads globals are no longer used.
Vanish them.

Signed-off-by: Andrew Jones 
---
 hw/core/machine.c |  2 --
 include/sysemu/cpus.h | 10 --
 vl.c  |  2 --
 3 files changed, 14 deletions(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index 5427924d4c911..fdd28e5786685 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -529,8 +529,6 @@ static void machine_pre_init(MachineState *ms)
 };
 
 machine_set_smp_parameters(ms);
-smp_cores   = ms->cores;
-smp_threads = ms->threads;
 max_cpus= ms->maxcpus;
 smp_cpus= ms->cpus;
 
diff --git a/include/sysemu/cpus.h b/include/sysemu/cpus.h
index fe992a8946ed5..d3e19ca214564 100644
--- a/include/sysemu/cpus.h
+++ b/include/sysemu/cpus.h
@@ -27,16 +27,6 @@ void cpu_synchronize_all_post_init(void);
 
 void qtest_clock_warp(int64_t dest);
 
-#ifndef CONFIG_USER_ONLY
-/* vl.c */
-extern int smp_cores;
-extern int smp_threads;
-#else
-/* *-user doesn't have configurable SMP topology */
-#define smp_cores   1
-#define smp_threads 1
-#endif
-
 void list_cpus(FILE *f, fprintf_function cpu_fprintf, const char *optarg);
 
 #endif
diff --git a/vl.c b/vl.c
index 843b7a9dff753..e73c66364932c 100644
--- a/vl.c
+++ b/vl.c
@@ -155,8 +155,6 @@ int win2k_install_hack = 0;
 int singlestep = 0;
 int smp_cpus = 1;
 int max_cpus = 1;
-int smp_cores = 1;
-int smp_threads = 1;
 int acpi_enabled = 1;
 int no_hpet = 0;
 int fd_bootchk = 1;
-- 
2.4.11

[Qemu-devel] [PATCH RFC 10/16] hw/ppc/spapr: don't use smp_cores, smp_threads

[Andrew Jones]

Use CPUState nr_cores,nr_threads and MachineState
cores,threads instead.

Signed-off-by: Andrew Jones 
---
 hw/ppc/spapr.c  | 9 +
 hw/ppc/spapr_rtas.c | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 063664234106e..f78276bb4b164 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -35,7 +35,6 @@
 #include "net/net.h"
 #include "sysemu/device_tree.h"
 #include "sysemu/block-backend.h"
-#include "sysemu/cpus.h"
 #include "sysemu/kvm.h"
 #include "sysemu/device_tree.h"
 #include "kvm_ppc.h"
@@ -603,7 +602,7 @@ static void spapr_populate_cpu_dt(CPUState *cs, void *fdt, 
int offset,
 uint32_t cpufreq = kvm_enabled() ? kvmppc_get_clockfreq() : 10;
 uint32_t page_sizes_prop[64];
 size_t page_sizes_prop_size;
-uint32_t vcpus_per_socket = smp_threads * smp_cores;
+uint32_t vcpus_per_socket = cs->nr_cores * cs->nr_threads;
 uint32_t pft_size_prop[] = {0, cpu_to_be32(spapr->htab_shift)};
 
 /* Note: we keep CI large pages off for now because a 64K capable guest
@@ -1774,7 +1773,7 @@ static void ppc_spapr_init(MachineState *machine)
 /* Set up Interrupt Controller before we create the VCPUs */
 spapr->icp = xics_system_init(machine,
   DIV_ROUND_UP(max_cpus * kvmppc_smt_threads(),
-   smp_threads),
+   machine->threads),
   XICS_IRQS, _fatal);
 
 if (smc->dr_lmb_enabled) {
@@ -2268,9 +2267,11 @@ static HotplugHandler 
*spapr_get_hotpug_handler(MachineState *machine,
 
 static unsigned spapr_cpu_index_to_socket_id(unsigned cpu_index)
 {
+CPUState *cs = first_cpu;
+
 /* Allocate to NUMA nodes on a "socket" basis (not that concept of
  * socket means much for the paravirtualized PAPR platform) */
-return cpu_index / smp_threads / smp_cores;
+return cpu_index / cs->nr_cores / cs->nr_threads;
 }
 
 static void spapr_machine_class_init(ObjectClass *oc, void *data)
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 43e2c684fda8d..3fdfbb01a20dd 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -742,7 +742,7 @@ int spapr_rtas_device_tree_setup(void *fdt, hwaddr 
rtas_addr,
 lrdr_capacity[1] = cpu_to_be32(max_hotplug_addr & 0x);
 lrdr_capacity[2] = 0;
 lrdr_capacity[3] = cpu_to_be32(SPAPR_MEMORY_BLOCK_SIZE);
-lrdr_capacity[4] = cpu_to_be32(max_cpus/smp_threads);
+lrdr_capacity[4] = cpu_to_be32(max_cpus / machine->threads);
 ret = qemu_fdt_setprop(fdt, "/rtas", "ibm,lrdr-capacity", lrdr_capacity,
  sizeof(lrdr_capacity));
 if (ret < 0) {
-- 
2.4.11

[Qemu-devel] [PATCH RFC 14/16] hw/arm/virt: stash cpu topo info in VirtGuestInfo

[Andrew Jones]

This is a first step to preparing mach-virt for configurable
cpu topology, and is necessary now to prepare to move smbios
code away from using cpu topology globals smp_cores,smp_threads.

Signed-off-by: Andrew Jones 
---
 hw/arm/virt.c| 6 +-
 include/hw/arm/virt-acpi-build.h | 4 
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 134b6e36623ba..769a49aa5be77 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1281,7 +1281,11 @@ static void machvirt_init(MachineState *machine)
 create_fw_cfg(vbi, _space_memory);
 rom_set_fw(fw_cfg_find());
 
-guest_info->cpus = vbi->cpus;
+guest_info->sockets = machine->sockets;
+guest_info->cores   = machine->cores;
+guest_info->threads = machine->threads;
+guest_info->maxcpus = machine->maxcpus;
+guest_info->cpus= machine->cpus;
 guest_info->fw_cfg = fw_cfg_find();
 guest_info->memmap = vbi->memmap;
 guest_info->irqmap = vbi->irqmap;
diff --git a/include/hw/arm/virt-acpi-build.h b/include/hw/arm/virt-acpi-build.h
index d6c5982960403..a34fb04230e66 100644
--- a/include/hw/arm/virt-acpi-build.h
+++ b/include/hw/arm/virt-acpi-build.h
@@ -27,6 +27,10 @@
 #define ACPI_GICC_ENABLED 1
 
 typedef struct VirtGuestInfo {
+int sockets;
+int cores;
+int threads;
+int maxcpus;
 int cpus;
 FWCfgState *fw_cfg;
 const MemMapEntry *memmap;
-- 
2.4.11

[Qemu-devel] [PATCH RFC 11/16] target-ppc: don't use smp_threads

[Andrew Jones]

Use CPUState nr_threads instead.

Signed-off-by: Andrew Jones 
---
 target-ppc/translate_init.c | 15 +++
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index a1db5009c4a83..f442b2fc934d1 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -24,7 +24,6 @@
 #include 
 #include "kvm_ppc.h"
 #include "sysemu/arch_init.h"
-#include "sysemu/cpus.h"
 #include "cpu-models.h"
 #include "mmu-hash32.h"
 #include "mmu-hash64.h"
@@ -9228,15 +9227,15 @@ static void ppc_cpu_realizefn(DeviceState *dev, Error 
**errp)
 #endif
 
 #if !defined(CONFIG_USER_ONLY)
-if (smp_threads > max_smt) {
+if (cs->nr_threads > max_smt) {
 error_setg(errp, "Cannot support more than %d threads on PPC with %s",
max_smt, kvm_enabled() ? "KVM" : "TCG");
 return;
 }
-if (!is_power_of_2(smp_threads)) {
+if (!is_power_of_2(cs->nr_threads)) {
 error_setg(errp, "Cannot support %d threads on PPC with %s, "
"threads count must be a power of 2.",
-   smp_threads, kvm_enabled() ? "KVM" : "TCG");
+   cs->nr_threads, kvm_enabled() ? "KVM" : "TCG");
 return;
 }
 #endif
@@ -9248,14 +9247,14 @@ static void ppc_cpu_realizefn(DeviceState *dev, Error 
**errp)
 }
 
 #if !defined(CONFIG_USER_ONLY)
-cpu->cpu_dt_id = (cs->cpu_index / smp_threads) * max_smt
-+ (cs->cpu_index % smp_threads);
+cpu->cpu_dt_id = (cs->cpu_index / cs->nr_threads) * max_smt
++ (cs->cpu_index % cs->nr_threads);
 
 if (kvm_enabled() && !kvm_vcpu_id_is_valid(cpu->cpu_dt_id)) {
 error_setg(errp, "Can't create CPU with id %d in KVM", cpu->cpu_dt_id);
 error_append_hint(errp, "Adjust the number of cpus to %d "
   "or try to raise the number of threads per core\n",
-  cpu->cpu_dt_id * smp_threads / max_smt);
+  cpu->cpu_dt_id * cs->nr_threads / max_smt);
 return;
 }
 #endif
@@ -9496,7 +9495,7 @@ static void ppc_cpu_unrealizefn(DeviceState *dev, Error 
**errp)
 
 int ppc_get_compat_smt_threads(PowerPCCPU *cpu)
 {
-int ret = MIN(smp_threads, kvmppc_smt_threads());
+int ret = MIN(CPU(cpu)->nr_threads, kvmppc_smt_threads());
 
 switch (cpu->cpu_version) {
 case CPU_POWERPC_LOGICAL_2_05:
-- 
2.4.11

[Qemu-devel] [PATCH RFC 05/16] hw/core/machine: add smp properites

[Andrew Jones]

Signed-off-by: Andrew Jones 
---
 hw/core/machine.c   | 81 +
 include/hw/boards.h |  6 
 2 files changed, 87 insertions(+)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index 3dce9020e510a..2625044002e57 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -172,6 +172,53 @@ static void machine_set_dumpdtb(Object *obj, const char 
*value, Error **errp)
 ms->dumpdtb = g_strdup(value);
 }
 
+static void machine_get_smp(Object *obj, Visitor *v, const char *name,
+void *opaque, Error **errp)
+{
+MachineState *ms = MACHINE(obj);
+int64_t value;
+
+if (strncmp(name, "sockets", 7) == 0) {
+value = ms->sockets;
+} else if (strncmp(name, "cores", 5) == 0) {
+value = ms->cores;
+} else if (strncmp(name, "threads", 7) == 0) {
+value = ms->threads;
+} else if (strncmp(name, "maxcpus", 7) == 0) {
+value = ms->maxcpus;
+} else if (strncmp(name, "cpus", 4) == 0) {
+value = ms->cpus;
+}
+
+visit_type_int(v, name, , errp);
+}
+
+static void machine_set_smp(Object *obj, Visitor *v, const char *name,
+void *opaque, Error **errp)
+{
+MachineState *ms = MACHINE(obj);
+Error *error = NULL;
+int64_t value;
+
+visit_type_int(v, name, , );
+if (error) {
+error_propagate(errp, error);
+return;
+}
+
+if (strncmp(name, "sockets", 7) == 0) {
+ms->sockets = value;
+} else if (strncmp(name, "cores", 5) == 0) {
+ms->cores = value;;
+} else if (strncmp(name, "threads", 7) == 0) {
+ms->threads = value;
+} else if (strncmp(name, "maxcpus", 7) == 0) {
+ms->maxcpus = value;
+} else if (strncmp(name, "cpus", 4) == 0) {
+ms->cpus = value;
+}
+}
+
 static void machine_get_phandle_start(Object *obj, Visitor *v,
   const char *name, void *opaque,
   Error **errp)
@@ -368,8 +415,18 @@ static void machine_init_notify(Notifier *notifier, void 
*data)
 foreach_dynamic_sysbus_device(error_on_sysbus_device, NULL);
 }
 
+static void machine_set_smp_parameters(MachineState *ms)
+{
+if (ms->sockets != -1 || ms->cores != -1 || ms->threads != -1 ||
+ms->maxcpus != -1 || ms->cpus != -1) {
+error_report("warning: cpu topology: "
+ "machine properties currently ignored");
+}
+}
+
 static void machine_pre_init(MachineState *ms)
 {
+machine_set_smp_parameters(ms);
 }
 
 static void machine_class_init(ObjectClass *oc, void *data)
@@ -403,6 +460,11 @@ static void machine_initfn(Object *obj)
 ms->dump_guest_core = true;
 ms->mem_merge = true;
 ms->enable_graphics = true;
+ms->sockets = -1;
+ms->cores = -1;
+ms->threads = -1;
+ms->maxcpus = -1;
+ms->cpus = -1;
 
 object_property_add_str(obj, "accel",
 machine_get_accel, machine_set_accel, NULL);
@@ -462,6 +524,25 @@ static void machine_initfn(Object *obj)
 object_property_set_description(obj, "dt-compatible",
 "Overrides the \"compatible\" property of 
the dt root node",
 NULL);
+object_property_add(obj, "sockets", "int", machine_get_smp,
+machine_set_smp, NULL, NULL, NULL);
+object_property_set_description(obj, "sockets", "Number of sockets", NULL);
+object_property_add(obj, "cores", "int", machine_get_smp,
+machine_set_smp, NULL, NULL, NULL);
+object_property_set_description(obj, "cores",
+"Number of cores per socket", NULL);
+object_property_add(obj, "threads", "int", machine_get_smp,
+machine_set_smp, NULL, NULL, NULL);
+object_property_set_description(obj, "threads",
+"Number of threads per core", NULL);
+object_property_add(obj, "maxcpus", "int", machine_get_smp,
+machine_set_smp, NULL, NULL, NULL);
+object_property_set_description(obj, "maxcpus", "Maximum number of cpus",
+NULL);
+object_property_add(obj, "cpus", "int", machine_get_smp,
+machine_set_smp, NULL, NULL, NULL);
+object_property_set_description(obj, "cpus", "Number of online cpus",
+NULL);
 object_property_add_bool(obj, "dump-guest-core",
  machine_get_dump_guest_core,
  machine_set_dump_guest_core,
diff --git a/include/hw/boards.h b/include/hw/boards.h
index 4e8dc68b07a24..53adbfe2a3099 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -166,6 +166,12 @@ struct MachineState {
 char *initrd_filename;
 const char *cpu_model;
 AccelState *accelerator;
+
+int sockets;
+int cores;
+

[Qemu-devel] [PATCH RFC 09/16] hw/i386/pc: don't use smp_cores, smp_threads

[Andrew Jones]

Use CPUState nr_cores,nr_threads and MachineState
cores,threads instead.

Signed-off-by: Andrew Jones 
---
 hw/i386/pc.c | 26 +++---
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 7198ed533cc47..4fa86d6387ce9 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -27,7 +27,6 @@
 #include "hw/char/serial.h"
 #include "hw/i386/apic.h"
 #include "hw/i386/topology.h"
-#include "sysemu/cpus.h"
 #include "hw/block/fdc.h"
 #include "hw/ide.h"
 #include "hw/pci/pci.h"
@@ -682,12 +681,14 @@ void enable_compat_apic_id_mode(void)
  * no concept of "CPU index", and the NUMA tables on fw_cfg need the APIC ID of
  * all CPUs up to max_cpus.
  */
-static uint32_t x86_cpu_apic_id_from_index(unsigned int cpu_index)
+static uint32_t x86_cpu_apic_id_from_index(MachineState *ms,
+   unsigned int cpu_index)
 {
 uint32_t correct_id;
 static bool warned;
 
-correct_id = x86_apicid_from_cpu_idx(smp_cores, smp_threads, cpu_index);
+correct_id = x86_apicid_from_cpu_idx(ms->cores, ms->threads,
+ cpu_index);
 if (compat_apic_id_mode) {
 if (cpu_index != correct_id && !warned && !qtest_enabled()) {
 error_report("APIC IDs set in compatibility mode, "
@@ -778,7 +779,7 @@ static FWCfgState *bochs_bios_init(AddressSpace *as, 
PCMachineState *pcms)
 numa_fw_cfg = g_new0(uint64_t, 1 + pcms->apic_id_limit + nb_numa_nodes);
 numa_fw_cfg[0] = cpu_to_le64(nb_numa_nodes);
 for (i = 0; i < max_cpus; i++) {
-unsigned int apic_id = x86_cpu_apic_id_from_index(i);
+unsigned int apic_id = x86_cpu_apic_id_from_index(MACHINE(pcms), i);
 assert(apic_id < pcms->apic_id_limit);
 for (j = 0; j < nb_numa_nodes; j++) {
 if (test_bit(i, numa_info[j].node_cpu)) {
@@ -1066,7 +1067,7 @@ void pc_hot_add_cpu(const int64_t id, Error **errp)
 {
 X86CPU *cpu;
 MachineState *machine = MACHINE(qdev_get_machine());
-int64_t apic_id = x86_cpu_apic_id_from_index(id);
+int64_t apic_id = x86_cpu_apic_id_from_index(machine, id);
 Error *local_err = NULL;
 
 if (id < 0) {
@@ -1123,7 +1124,7 @@ void pc_cpus_init(PCMachineState *pcms)
  *
  * This is used for FW_CFG_MAX_CPUS. See comments on bochs_bios_init().
  */
-pcms->apic_id_limit = x86_cpu_apic_id_from_index(max_cpus - 1) + 1;
+pcms->apic_id_limit = x86_cpu_apic_id_from_index(machine, max_cpus - 1) + 
1;
 if (pcms->apic_id_limit > ACPI_CPU_HOTPLUG_ID_LIMIT) {
 error_report("max_cpus is too large. APIC ID of last CPU is %u",
  pcms->apic_id_limit - 1);
@@ -1133,10 +1134,12 @@ void pc_cpus_init(PCMachineState *pcms)
 pcms->possible_cpus = g_malloc0(sizeof(CPUArchIdList) +
 sizeof(CPUArchId) * max_cpus);
 for (i = 0; i < max_cpus; i++) {
-pcms->possible_cpus->cpus[i].arch_id = x86_cpu_apic_id_from_index(i);
+pcms->possible_cpus->cpus[i].arch_id =
+x86_cpu_apic_id_from_index(machine, i);
 pcms->possible_cpus->len++;
 if (i < smp_cpus) {
-cpu = pc_new_cpu(machine->cpu_model, x86_cpu_apic_id_from_index(i),
+cpu = pc_new_cpu(machine->cpu_model,
+ x86_cpu_apic_id_from_index(machine, i),
  _fatal);
 pcms->possible_cpus->cpus[i].cpu = CPU(cpu);
 object_unref(OBJECT(cpu));
@@ -1193,7 +1196,7 @@ void pc_guest_info_init(PCMachineState *pcms)
  sizeof *pcms->node_cpu);
 
 for (i = 0; i < max_cpus; i++) {
-unsigned int apic_id = x86_cpu_apic_id_from_index(i);
+unsigned int apic_id = x86_cpu_apic_id_from_index(MACHINE(pcms), i);
 assert(apic_id < pcms->apic_id_limit);
 for (j = 0; j < nb_numa_nodes; j++) {
 if (test_bit(i, numa_info[j].node_cpu)) {
@@ -1940,9 +1943,10 @@ static void pc_machine_reset(void)
 
 static unsigned pc_cpu_index_to_socket_id(unsigned cpu_index)
 {
+CPUState *cs = first_cpu;
 X86CPUTopoInfo topo;
-x86_topo_ids_from_idx(smp_cores, smp_threads, cpu_index,
-  );
+
+x86_topo_ids_from_idx(cs->nr_cores, cs->nr_threads, cpu_index, );
 return topo.pkg_id;
 }
 
-- 
2.4.11

Re: [Qemu-devel] [PATCH 4/6] trace: Add per-vCPU tracing states for events with the 'vcpu' property

[Lluís Vilanova]

Stefan Hajnoczi writes:

> On Thu, Jun 09, 2016 at 04:17:11PM +0200, Lluís Vilanova wrote:
>> >> @@ -61,7 +69,7 @@ static inline bool 
>> >> trace_event_get_state_static(TraceEvent *ev)
>> >> static inline bool trace_event_get_state_dynamic_by_id(TraceEventID id)
>> >> {
>> >> /* it's on fast path, avoid consistency checks (asserts) */
>> >> -return unlikely(trace_events_enabled_count) && 
>> >> trace_events_dstate[id];
>> >> +return unlikely(trace_events_enabled_count) && 
>> >> (trace_events_dstate[id] > 0);
>> 
>> > typeof(trace_events_dstate[0]) is size_t, so trace_events_dstate[id] > 0
>> > is equivalent to trace_events_dstate[id] (due to unsigned).  Why change
>> > this line?
>> 
>> Sorry, I have a tendency to make this type of checks explicit when the types 
>> are
>> not boolean (for a maybe-false sense of future-proofing). I can leave it as 
>> it
>> was if it bothers you.

> When reviewing patches I try to understand each change.  When I don't
> see a reason for a change I need to ask.

> In general it's easier to leave code as-is unless there is a need to
> change it.  But there are no hard rules :).

I'll refrain from pushing my manias into QEMU :)


[...]
>> > The number of cpus has type int (see CPUState *qemu_get_cpu(int index)).
>> 
>> > Why did you choose size_t?
>> 
>> It just sounds proper to me to use size_t, since the state can never be 
>> negative
>> (it's either interpreted as a boolean or as an unsigned counter, depending on
>> the "vcpu" property).

> If you feel strongly about it, feel free to keep it.  Alternative
> reasoning about the type:

> int is the CPU index type used in qemu_get_cpu().  It is guaranteed to
> be large enough for the vcpu count.  IMO there's no need to select a new
> type, but there's more...

> size_t is larger than necessary on 64-bit machines and has an impact on
> the CPU cache performance that Paolo's optimization takes advantage of
> (if you trigger adjacent trace event IDs they will probably already be
> in cache).

> size_t made me have to think hard when reading the "int += bool -
> size_t" statement for updating trace_events_enabled_count.

> If int is used then it's clear that int = (int)bool - int will be one of
> [-1, 0, +1].

> But with size_t you have to starting wondering whether the type coercion
> is portable and works as expected:

> int = (int)((size_t)bool - size_t);

> In "6.3.1.3 Signed and unsigned integers" the C99 standard says:

>   [If] the new type is signed and the value cannot be represented in
>   it; either the result is implementation-defined or an
>   implementation-defined signal is raised.

> The size_t -> int conversion is therefore implementation-defined.  This
> is not portable although QEMU probably does it in many places.

> So for these reasons, I think int is the natural choice.

Fair point. But now I feel tempted to change both trace_events_dstate and
trace_events_enabled_count into unsigned int... it burns me when I see signed
types used only on their positives by design.

But don't worry, I'll change trace_events_dstate into int :)


Thanks!
  Lluis

[Qemu-devel] [PATCH RFC 06/16] vl: move smp parsing to machine pre_init

[Andrew Jones]

Move the guts of smp_parse() into hw/core/machine.c to operate on
smp machine properties, and to eventually allow it to be overridden
by machines. We leave the smp_parse function behind to handle the
(now deprecated) -smp option, but now it only needs to set the
machine properties.

Signed-off-by: Andrew Jones 
---
 hw/core/machine.c | 113 --
 vl.c  | 111 -
 2 files changed, 142 insertions(+), 82 deletions(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index 2625044002e57..75c5a1fdd7de1 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -17,6 +17,7 @@
 #include "qapi/visitor.h"
 #include "hw/sysbus.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/replay.h"
 #include "qemu/error-report.h"
 #include "qemu/cutils.h"
 
@@ -417,16 +418,122 @@ static void machine_init_notify(Notifier *notifier, void 
*data)
 
 static void machine_set_smp_parameters(MachineState *ms)
 {
-if (ms->sockets != -1 || ms->cores != -1 || ms->threads != -1 ||
-ms->maxcpus != -1 || ms->cpus != -1) {
+int sockets = ms->sockets;
+int cores   = ms->cores;
+int threads = ms->threads;
+int maxcpus = ms->maxcpus;
+int cpus= ms->cpus;
+bool sockets_input = sockets > 0;
+
+if (sockets == -1 && cores == -1 && threads == -1 &&
+maxcpus == -1 && cpus == -1) {
+ms->sockets = 1;
+ms->cores   = 1;
+ms->threads = 1;
+ms->maxcpus = 1;
+ms->cpus= 1;
+return;
+}
+
+if (sockets == -1 || cores == -1 || threads == -1 ||
+maxcpus == -1 || cpus == -1) {
+error_report("cpu topology: "
+ "all machine properties must be specified");
+exit(1);
+}
+
+/* If the deprecated -smp option was used without complete input,
+ * or a user input zeros (why would they do that?), then we compute
+ * missing values, preferring sockets over cores over threads.
+ */
+if (cpus == 0 || sockets == 0) {
+sockets = sockets > 0 ? sockets : 1;
+cores = cores > 0 ? cores : 1;
+threads = threads > 0 ? threads : 1;
+if (cpus == 0) {
+cpus = cores * threads * sockets;
+}
+} else if (cores == 0) {
+threads = threads > 0 ? threads : 1;
+cores = cpus / (sockets * threads);
+} else if (threads == 0) {
+threads = cpus / (cores * sockets);
+} else if (sockets * cores * threads < cpus) {
+error_report("cpu topology: "
+ "sockets (%u) * cores (%u) * threads (%u) < "
+ "smp_cpus (%u)",
+ sockets, cores, threads, cpus);
+exit(1);
+}
+
+maxcpus = maxcpus > 0 ? maxcpus : cpus;
+
+if (maxcpus > MAX_CPUMASK_BITS) {
+error_report("unsupported number of maxcpus");
+exit(1);
+}
+
+if (maxcpus < cpus) {
+error_report("maxcpus must be equal to or greater than smp");
+exit(1);
+}
+
+if (sockets * cores * threads > maxcpus) {
+error_report("cpu topology: "
+ "sockets (%u) * cores (%u) * threads (%u) > "
+ "maxcpus (%u)",
+ sockets, cores, threads, maxcpus);
+exit(1);
+}
+
+if (sockets_input && sockets * cores * threads != maxcpus) {
+unsigned sockets_rounded = DIV_ROUND_UP(maxcpus, cores * threads);
+
 error_report("warning: cpu topology: "
- "machine properties currently ignored");
+ "sockets (%u) * cores (%u) * threads (%u) != "
+ "maxcpus (%u). Trying sockets=%u.",
+ sockets, cores, threads, maxcpus, sockets_rounded);
+sockets = sockets_rounded;
+
+if (sockets * cores * threads > maxcpus) {
+error_report("cpu topology: "
+ "sockets (%u) * cores (%u) * threads (%u) > "
+ "maxcpus (%u)",
+ sockets, cores, threads, maxcpus);
+exit(1);
+}
 }
+
+ms->sockets = sockets;
+ms->cores   = cores;
+ms->threads = threads;
+ms->maxcpus = maxcpus;
+ms->cpus= cpus;
 }
 
 static void machine_pre_init(MachineState *ms)
 {
+MachineClass *mc = MACHINE_CLASS(object_get_class(OBJECT(ms)));
+
 machine_set_smp_parameters(ms);
+smp_cores   = ms->cores;
+smp_threads = ms->threads;
+max_cpus= ms->maxcpus;
+smp_cpus= ms->cpus;
+
+mc->max_cpus = mc->max_cpus ?: 1; /* Default to UP */
+if (ms->maxcpus > mc->max_cpus) {
+error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
+ "supported by machine '%s' (%d)", ms->maxcpus, mc->name,
+ mc->max_cpus);
+exit(1);
+}
+
+if (ms->cpus > 1) {
+Error *blocker = NULL;
+error_setg(, 

Re: [Qemu-devel] [PATCH] configure: Rename CONFIG_QGA_NTDDDISK into CONFIG_QGA_NTDDSCSI

[Michael Roth]

Quoting Thomas Huth (2016-06-10 10:25:54)
> There is no CONFIG_QGA_NTDDDISK define used anywhere in the QEMU
> sources. Looking at the changelog and qga/commands-win32.c, it
> seems like this should be called CONFIG_QGA_NTDDSCSI instead.
> 
> Signed-off-by: Thomas Huth 

Yikes, this does appear to be the case. Need to recheck the original
functionality since apparently it's been disabled ever since I added
this patch to the original series, but can take this in through my
tree.

Cc'ing qemu-stable

> ---
>  configure | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/configure b/configure
> index 8c2f90b..55019d6 100755
> --- a/configure
> +++ b/configure
> @@ -4965,7 +4965,7 @@ if test "$mingw32" = "yes" ; then
>  echo "WIN_SDK=\"$win_sdk\"" >> $config_host_mak
>fi
>if test "$guest_agent_ntddscsi" = "yes" ; then
> -echo "CONFIG_QGA_NTDDDISK=y" >> $config_host_mak
> +echo "CONFIG_QGA_NTDDSCSI=y" >> $config_host_mak
>fi
>if test "$guest_agent_msi" = "yes"; then
>  echo "QEMU_GA_MSI_ENABLED=yes" >> $config_host_mak  
> -- 
> 1.8.3.1
> 

[Qemu-devel] [PATCH RFC 03/16] hw/smbios/smbios: fix number of sockets calculation

[Andrew Jones]

The specification "sect. 7.5 Processor Information (Type 4)" says
 "NOTE One structure is provided for each processor instance in a
  system. For example, a system that supports up to two processors
  includes two Processor Information structures - even if only one
  processor is currently installed..."

We should use max_cpus in the calculation. The rounding is still
necessary, since smp_cores and smp_threads may have been calculated
based on smp_cpus, rather than max_cpus. The rounding is safe,
because smp_parse will fail when the result produces a topology
supporting more cpus than max_cpus.

Signed-off-by: Andrew Jones 
---
 hw/smbios/smbios.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index cb8a029cf..cf18ecfd8599c 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -881,7 +881,7 @@ void smbios_get_tables(const struct smbios_phys_mem_area 
*mem_array,
 smbios_build_type_2_table();
 smbios_build_type_3_table();
 
-smbios_smp_sockets = DIV_ROUND_UP(smp_cpus, smp_cores * smp_threads);
+smbios_smp_sockets = DIV_ROUND_UP(max_cpus, smp_cores * smp_threads);
 assert(smbios_smp_sockets >= 1);
 
 for (i = 0; i < smbios_smp_sockets; i++) {
-- 
2.4.11

[Qemu-devel] [PATCH RFC 04/16] hw/core/machine: Introduce pre_init

[Andrew Jones]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Signed-off-by: Andrew Jones 
---
 hw/core/machine.c   | 6 ++
 include/hw/boards.h | 1 +
 vl.c| 1 +
 3 files changed, 8 insertions(+)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index ccdd5fa3e7728..3dce9020e510a 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -368,10 +368,16 @@ static void machine_init_notify(Notifier *notifier, void 
*data)
 foreach_dynamic_sysbus_device(error_on_sysbus_device, NULL);
 }
 
+static void machine_pre_init(MachineState *ms)
+{
+}
+
 static void machine_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
 
+mc->pre_init = machine_pre_init;
+
 /* Default 128 MB as guest ram size */
 mc->default_ram_size = 128 * M_BYTE;
 mc->rom_file_has_mr = true;
diff --git a/include/hw/boards.h b/include/hw/boards.h
index d268bd00a9f7d..4e8dc68b07a24 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -92,6 +92,7 @@ struct MachineClass {
 const char *alias;
 const char *desc;
 
+void (*pre_init)(MachineState *state);
 void (*init)(MachineState *state);
 void (*reset)(void);
 void (*hot_add_cpu)(const int64_t id, Error **errp);
diff --git a/vl.c b/vl.c
index 8d482cb1bf020..4849dd465d667 100644
--- a/vl.c
+++ b/vl.c
@@ -4500,6 +4500,7 @@ int main(int argc, char **argv, char **envp)
 current_machine->boot_order = boot_order;
 current_machine->cpu_model = cpu_model;
 
+machine_class->pre_init(current_machine);
 machine_class->init(current_machine);
 
 realtime_init();
-- 
2.4.11

[Qemu-devel] [PATCH RFC 15/16] smbios: don't use smp_cores, smp_threads

[Andrew Jones]

SMBIOS needs cpu topology for Type4 tables, so we need to pass
it in. There are several parameters so we use a structure. There
are two callers (of non-legacy, which generates Type4 tables),
x86 and arm, so we also update both to pass the topology
parameters from their MachineState properties (directly in the
case of x86, indirectly through VirtGuestInfo in the case of arm).

Signed-off-by: Andrew Jones 
---
 hw/arm/virt.c  |  9 -
 hw/i386/pc.c   | 13 ++---
 hw/smbios/smbios.c | 20 +++-
 include/hw/smbios/smbios.h | 10 ++
 4 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 769a49aa5be77..4482fab91c139 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1067,6 +1067,13 @@ static void virt_build_smbios(VirtGuestInfo *guest_info)
 uint8_t *smbios_tables, *smbios_anchor;
 size_t smbios_tables_len, smbios_anchor_len;
 const char *product = "QEMU Virtual Machine";
+struct smbios_cpu_topology topo = {
+.sockets = guest_info->sockets,
+.cores   = guest_info->cores,
+.threads = guest_info->threads,
+.maxcpus = guest_info->maxcpus,
+.cpus= guest_info->cpus,
+};
 
 if (!fw_cfg) {
 return;
@@ -1079,7 +1086,7 @@ static void virt_build_smbios(VirtGuestInfo *guest_info)
 smbios_set_defaults("QEMU", product,
 "1.0", false, true, SMBIOS_ENTRY_POINT_30);
 
-smbios_get_tables(NULL, 0, _tables, _tables_len,
+smbios_get_tables(NULL, 0, , _tables, _tables_len,
   _anchor, _anchor_len);
 
 if (smbios_anchor) {
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 4fa86d6387ce9..afea1a535a653 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -701,12 +701,19 @@ static uint32_t x86_cpu_apic_id_from_index(MachineState 
*ms,
 }
 }
 
-static void pc_build_smbios(FWCfgState *fw_cfg)
+static void pc_build_smbios(MachineState *ms, FWCfgState *fw_cfg)
 {
 uint8_t *smbios_tables, *smbios_anchor;
 size_t smbios_tables_len, smbios_anchor_len;
 struct smbios_phys_mem_area *mem_array;
 unsigned i, array_count;
+struct smbios_cpu_topology topo = {
+.sockets = ms->sockets,
+.cores   = ms->cores,
+.threads = ms->threads,
+.maxcpus = ms->maxcpus,
+.cpus= ms->cpus,
+};
 
 smbios_tables = smbios_get_table_legacy(_tables_len);
 if (smbios_tables) {
@@ -725,7 +732,7 @@ static void pc_build_smbios(FWCfgState *fw_cfg)
 array_count++;
 }
 }
-smbios_get_tables(mem_array, array_count,
+smbios_get_tables(mem_array, array_count, ,
   _tables, _tables_len,
   _anchor, _anchor_len);
 g_free(mem_array);
@@ -1176,7 +1183,7 @@ void pc_machine_done(Notifier *notifier, void *data)
 
 acpi_setup();
 if (pcms->fw_cfg) {
-pc_build_smbios(pcms->fw_cfg);
+pc_build_smbios(MACHINE(pcms), pcms->fw_cfg);
 }
 }
 
diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index cf18ecfd8599c..99b5f984b945a 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -20,7 +20,6 @@
 #include "qemu/config-file.h"
 #include "qemu/error-report.h"
 #include "sysemu/sysemu.h"
-#include "sysemu/cpus.h"
 #include "hw/smbios/smbios.h"
 #include "hw/loader.h"
 #include "exec/cpu-common.h"
@@ -64,7 +63,9 @@ static SmbiosEntryPoint ep;
 static int smbios_type4_count = 0;
 static bool smbios_immutable;
 static bool smbios_have_defaults;
-static uint32_t smbios_cpuid_version, smbios_cpuid_features, 
smbios_smp_sockets;
+static uint32_t smbios_cpuid_version, smbios_cpuid_features;
+
+static struct smbios_cpu_topology smbios_cpu_topology;
 
 static DECLARE_BITMAP(have_binfile_bitmap, SMBIOS_MAX_TYPE+1);
 static DECLARE_BITMAP(have_fields_bitmap, SMBIOS_MAX_TYPE+1);
@@ -325,7 +326,8 @@ opts_init(smbios_register_config);
 
 static void smbios_validate_table(void)
 {
-uint32_t expect_t4_count = smbios_legacy ? smp_cpus : smbios_smp_sockets;
+uint32_t expect_t4_count = smbios_legacy ? smp_cpus
+ : smbios_cpu_topology.sockets;
 
 if (smbios_type4_count && smbios_type4_count != expect_t4_count) {
 error_report("Expected %d SMBIOS Type 4 tables, got %d instead",
@@ -637,8 +639,8 @@ static void smbios_build_type_4_table(unsigned instance)
 SMBIOS_TABLE_SET_STR(4, serial_number_str, type4.serial);
 SMBIOS_TABLE_SET_STR(4, asset_tag_number_str, type4.asset);
 SMBIOS_TABLE_SET_STR(4, part_number_str, type4.part);
-t->core_count = t->core_enabled = smp_cores;
-t->thread_count = smp_threads;
+t->core_count = t->core_enabled = smbios_cpu_topology.cores;
+t->thread_count = smbios_cpu_topology.threads;
 t->processor_characteristics = cpu_to_le16(0x02); /* Unknown */
 t->processor_family2 = cpu_to_le16(0x01); /* Other */
 
@@ -864,6 +866,7 @@ static void 

[Qemu-devel] [PATCH RFC 13/16] hw/arm/virt: don't use smp_cpus, max_cpus

[Andrew Jones]

Use MachineState.cpus or own copy from VirtBoardInfo.cpus instead.

(Congratulations mach-virt, you're the first machine type to be
 cpu topology globals free!)

Signed-off-by: Andrew Jones 
---
 hw/arm/virt.c | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 78d9aa996bafc..134b6e36623ba 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -467,7 +467,7 @@ static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic, 
int type, bool secure)
 
 gicdev = qdev_create(NULL, gictype);
 qdev_prop_set_uint32(gicdev, "revision", type);
-qdev_prop_set_uint32(gicdev, "num-cpu", smp_cpus);
+qdev_prop_set_uint32(gicdev, "num-cpu", vbi->cpus);
 /* Note that the num-irq property counts both internal and external
  * interrupts; there are always 32 of the former (mandated by GIC spec).
  */
@@ -488,7 +488,7 @@ static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic, 
int type, bool secure)
  * appropriate GIC PPI inputs, and the GIC's IRQ output to
  * the CPU's IRQ input.
  */
-for (i = 0; i < smp_cpus; i++) {
+for (i = 0; i < vbi->cpus; i++) {
 DeviceState *cpudev = DEVICE(qemu_get_cpu(i));
 int ppibase = NUM_IRQS + i * GIC_INTERNAL + GIC_NR_SGIS;
 int irq;
@@ -509,7 +509,7 @@ static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic, 
int type, bool secure)
 }
 
 sysbus_connect_irq(gicbusdev, i, qdev_get_gpio_in(cpudev, 
ARM_CPU_IRQ));
-sysbus_connect_irq(gicbusdev, i + smp_cpus,
+sysbus_connect_irq(gicbusdev, i + vbi->cpus,
qdev_get_gpio_in(cpudev, ARM_CPU_FIQ));
 }
 
@@ -1163,14 +1163,14 @@ static void machvirt_init(MachineState *machine)
 virt_max_cpus = GIC_NCPU;
 }
 
-if (max_cpus > virt_max_cpus) {
+if (machine->maxcpus > virt_max_cpus) {
 error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
  "supported by machine 'mach-virt' (%d)",
- max_cpus, virt_max_cpus);
+ machine->maxcpus, virt_max_cpus);
 exit(1);
 }
 
-vbi->cpus = smp_cpus;
+vbi->cpus = machine->cpus;
 
 if (machine->ram_size > vbi->memmap[VIRT_MEM].size) {
 error_report("mach-virt: cannot model more than %dGB RAM", 
RAMLIMIT_GB);
@@ -1196,7 +1196,7 @@ static void machvirt_init(MachineState *machine)
 
 create_fdt(vbi);
 
-for (n = 0; n < smp_cpus; n++) {
+for (n = 0; n < vbi->cpus; n++) {
 ObjectClass *oc = cpu_class_by_name(TYPE_ARM_CPU, cpustr[0]);
 CPUClass *cc = CPU_CLASS(oc);
 Object *cpuobj;
@@ -1281,7 +1281,7 @@ static void machvirt_init(MachineState *machine)
 create_fw_cfg(vbi, _space_memory);
 rom_set_fw(fw_cfg_find());
 
-guest_info->cpus = smp_cpus;
+guest_info->cpus = vbi->cpus;
 guest_info->fw_cfg = fw_cfg_find();
 guest_info->memmap = vbi->memmap;
 guest_info->irqmap = vbi->irqmap;
@@ -1294,7 +1294,7 @@ static void machvirt_init(MachineState *machine)
 vbi->bootinfo.kernel_filename = machine->kernel_filename;
 vbi->bootinfo.kernel_cmdline = machine->kernel_cmdline;
 vbi->bootinfo.initrd_filename = machine->initrd_filename;
-vbi->bootinfo.nb_cpus = smp_cpus;
+vbi->bootinfo.nb_cpus = vbi->cpus;
 vbi->bootinfo.board_id = -1;
 vbi->bootinfo.loader_start = vbi->memmap[VIRT_MEM].base;
 vbi->bootinfo.get_dtb = machvirt_dtb;
-- 
2.4.11

[Qemu-devel] [PATCH RFC 07/16] qom/cpu: make nr-cores, nr-threads real properties

[Andrew Jones]

Signed-off-by: Andrew Jones 
---
 qom/cpu.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/qom/cpu.c b/qom/cpu.c
index 751e992de8823..024cda3eb98c8 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -28,6 +28,7 @@
 #include "exec/log.h"
 #include "qemu/error-report.h"
 #include "sysemu/sysemu.h"
+#include "hw/qdev-properties.h"
 
 bool cpu_exists(int64_t id)
 {
@@ -342,6 +343,12 @@ static int64_t cpu_common_get_arch_id(CPUState *cpu)
 return cpu->cpu_index;
 }
 
+static Property cpu_common_properties[] = {
+DEFINE_PROP_INT32("nr-cores", CPUState, nr_cores, 1),
+DEFINE_PROP_INT32("nr-threads", CPUState, nr_threads, 1),
+DEFINE_PROP_END_OF_LIST()
+};
+
 static void cpu_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -367,6 +374,7 @@ static void cpu_class_init(ObjectClass *klass, void *data)
 k->cpu_exec_exit = cpu_common_noop;
 k->cpu_exec_interrupt = cpu_common_exec_interrupt;
 dc->realize = cpu_common_realizefn;
+dc->props = cpu_common_properties;
 /*
  * Reason: CPUs still need special care by board code: wiring up
  * IRQs, adding reset handlers, halting non-first CPUs, ...
-- 
2.4.11

[Qemu-devel] [PATCH RFC 02/16] vl: smp: add checks for maxcpus based topologies

[Andrew Jones]

smp_parse computes missing smp options. Unfortunately cores and
threads are computed by dividing smp_cpus, instead of max_cpus.
This is incorrect because the topology doesn't leave room for
hotplug. More unfortunately, we can't change it easily, as doing
so would impact existing command lines. This patch adds a warning
when the topology doesn't add up, and then checks that the topology
at least computes when sockets are recalculated. If not, then it
does fail.

Adding the new failure is justified by the fact that we don't
store the number of input sockets, and thus all consumers of
cpu topology information recalculate it. If they choose to
(correctly) calculate it based on maxcpus, then we need to
guard them against building topologies which provide more cpu
slots than are the maximum allowed cpus.

Signed-off-by: Andrew Jones 
---
 vl.c | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/vl.c b/vl.c
index 7b96e787922f9..8d482cb1bf020 100644
--- a/vl.c
+++ b/vl.c
@@ -1227,6 +1227,7 @@ static void smp_parse(QemuOpts *opts)
 unsigned sockets = qemu_opt_get_number(opts, "sockets", 0);
 unsigned cores   = qemu_opt_get_number(opts, "cores", 0);
 unsigned threads = qemu_opt_get_number(opts, "threads", 0);
+bool sockets_input = sockets > 0;
 
 /* compute missing values, prefer sockets over cores over threads */
 if (cpus == 0 || sockets == 0) {
@@ -1269,6 +1270,24 @@ static void smp_parse(QemuOpts *opts)
 exit(1);
 }
 
+if (sockets_input && sockets * cores * threads != max_cpus) {
+unsigned sockets_rounded = DIV_ROUND_UP(max_cpus, cores * threads);
+
+error_report("warning: cpu topology: "
+ "sockets (%u) * cores (%u) * threads (%u) != "
+ "maxcpus (%u). Trying sockets=%u.",
+ sockets, cores, threads, max_cpus, sockets_rounded);
+sockets = sockets_rounded;
+
+if (sockets * cores * threads > max_cpus) {
+error_report("cpu topology: "
+ "sockets (%u) * cores (%u) * threads (%u) > "
+ "maxcpus (%u)",
+ sockets, cores, threads, max_cpus);
+exit(1);
+}
+}
+
 smp_cpus = cpus;
 smp_cores = cores;
 smp_threads = threads;
-- 
2.4.11

[Qemu-devel] [PATCH RFC 12/16] hw/arm/virt: rename *.smp_cpus to *.cpus

[Andrew Jones]

Use the name 'cpus' instead of 'smp_cpus' to be consistent with
MachineState.cpus. This also makes grepping for the global
smp_cpus easier.

Signed-off-by: Andrew Jones 
---
 hw/arm/virt-acpi-build.c | 14 +++---
 hw/arm/virt.c| 14 +++---
 include/hw/arm/virt-acpi-build.h |  2 +-
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 735ab864a03dd..95dccb2e0c3fa 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -48,11 +48,11 @@
 #define ARM_SPI_BASE 32
 #define ACPI_POWER_BUTTON_DEVICE "PWRB"
 
-static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
+static void acpi_dsdt_add_cpus(Aml *scope, int nr_cpus)
 {
 uint16_t i;
 
-for (i = 0; i < smp_cpus; i++) {
+for (i = 0; i < nr_cpus; i++) {
 Aml *dev = aml_device("C%03x", i);
 aml_append(dev, aml_name_decl("_HID", aml_string("ACPI0007")));
 aml_append(dev, aml_name_decl("_UID", aml_int(i)));
@@ -423,9 +423,9 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
VirtGuestInfo *guest_info)
 AcpiSratMemoryAffinity *numamem;
 int i, j, srat_start;
 uint64_t mem_base;
-uint32_t *cpu_node = g_malloc0(guest_info->smp_cpus * sizeof(uint32_t));
+uint32_t *cpu_node = g_malloc0(guest_info->cpus * sizeof(uint32_t));
 
-for (i = 0; i < guest_info->smp_cpus; i++) {
+for (i = 0; i < guest_info->cpus; i++) {
 for (j = 0; j < nb_numa_nodes; j++) {
 if (test_bit(i, numa_info[j].node_cpu)) {
 cpu_node[i] = j;
@@ -438,7 +438,7 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
VirtGuestInfo *guest_info)
 srat = acpi_data_push(table_data, sizeof(*srat));
 srat->reserved1 = cpu_to_le32(1);
 
-for (i = 0; i < guest_info->smp_cpus; ++i) {
+for (i = 0; i < guest_info->cpus; ++i) {
 core = acpi_data_push(table_data, sizeof(*core));
 core->type = ACPI_SRAT_PROCESSOR_GICC;
 core->length = sizeof(*core);
@@ -524,7 +524,7 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
VirtGuestInfo *guest_info)
 gicd->length = sizeof(*gicd);
 gicd->base_address = memmap[VIRT_GIC_DIST].base;
 
-for (i = 0; i < guest_info->smp_cpus; i++) {
+for (i = 0; i < guest_info->cpus; i++) {
 AcpiMadtGenericInterrupt *gicc = acpi_data_push(table_data,
  sizeof *gicc);
 ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(i));
@@ -606,7 +606,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, 
VirtGuestInfo *guest_info)
  * the RTC ACPI device at all when using UEFI.
  */
 scope = aml_scope("\\_SB");
-acpi_dsdt_add_cpus(scope, guest_info->smp_cpus);
+acpi_dsdt_add_cpus(scope, guest_info->cpus);
 acpi_dsdt_add_uart(scope, [VIRT_UART],
(irqmap[VIRT_UART] + ARM_SPI_BASE));
 acpi_dsdt_add_flash(scope, [VIRT_FLASH]);
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 73113cfc4d9c9..78d9aa996bafc 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -69,7 +69,7 @@ typedef struct VirtBoardInfo {
 const char *cpu_model;
 const MemMapEntry *memmap;
 const int *irqmap;
-int smp_cpus;
+int cpus;
 void *fdt;
 int fdt_size;
 uint32_t clock_phandle;
@@ -304,7 +304,7 @@ static void fdt_add_timer_nodes(const VirtBoardInfo *vbi, 
int gictype)
 if (gictype == 2) {
 irqflags = deposit32(irqflags, GIC_FDT_IRQ_PPI_CPU_START,
  GIC_FDT_IRQ_PPI_CPU_WIDTH,
- (1 << vbi->smp_cpus) - 1);
+ (1 << vbi->cpus) - 1);
 }
 
 qemu_fdt_add_subnode(vbi->fdt, "/timer");
@@ -345,7 +345,7 @@ static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi)
  *  The simplest way to go is to examine affinity IDs of all our CPUs. If
  *  at least one of them has Aff3 populated, we set #address-cells to 2.
  */
-for (cpu = 0; cpu < vbi->smp_cpus; cpu++) {
+for (cpu = 0; cpu < vbi->cpus; cpu++) {
 ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));
 
 if (armcpu->mp_affinity & ARM_AFF3_MASK) {
@@ -358,7 +358,7 @@ static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi)
 qemu_fdt_setprop_cell(vbi->fdt, "/cpus", "#address-cells", addr_cells);
 qemu_fdt_setprop_cell(vbi->fdt, "/cpus", "#size-cells", 0x0);
 
-for (cpu = vbi->smp_cpus - 1; cpu >= 0; cpu--) {
+for (cpu = vbi->cpus - 1; cpu >= 0; cpu--) {
 char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
 ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));
 
@@ -367,7 +367,7 @@ static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi)
 qemu_fdt_setprop_string(vbi->fdt, nodename, "compatible",
 armcpu->dtb_compatible);
 
-if (vbi->using_psci && vbi->smp_cpus > 1) {
+if (vbi->using_psci && vbi->cpus > 1) {
 qemu_fdt_setprop_string(vbi->fdt, nodename,

[Qemu-devel] [PATCH RFC 08/16] hw/core/machine: set cpu global nr_cores, nr_threads in pre_init

[Andrew Jones]

CPUState nr_cores and nr_threads are properties so we can set
them using the GlobalProperty API. Doing this in machine pre_init
allows us to easily propagate the values from the machine properties
to all cpus. An excellent bonus of this is that we can now remove
the references to the cpu topology globals smp_cores,smp_threads
from cpus.c.

Signed-off-by: Andrew Jones 
---
 cpus.c|  2 --
 hw/core/machine.c | 18 ++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/cpus.c b/cpus.c
index 326742f445eef..36d8faa0091c8 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1427,8 +1427,6 @@ static void qemu_dummy_start_vcpu(CPUState *cpu)
 
 void qemu_init_vcpu(CPUState *cpu)
 {
-cpu->nr_cores = smp_cores;
-cpu->nr_threads = smp_threads;
 cpu->stopped = true;
 
 if (!cpu->as) {
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 75c5a1fdd7de1..5427924d4c911 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -511,9 +511,22 @@ static void machine_set_smp_parameters(MachineState *ms)
 ms->cpus= cpus;
 }
 
+#define NR_CPUS_STRLEN sizeof(stringify(MAX_CPUMASK_BITS))
+
 static void machine_pre_init(MachineState *ms)
 {
 MachineClass *mc = MACHINE_CLASS(object_get_class(OBJECT(ms)));
+static char nr_cores[NR_CPUS_STRLEN], nr_threads[NR_CPUS_STRLEN];
+static GlobalProperty cpu_nr_cores = {
+.driver   = "cpu",
+.property = "nr-cores",
+.value= nr_cores,
+};
+static GlobalProperty cpu_nr_threads = {
+.driver   = "cpu",
+.property = "nr-threads",
+.value= nr_threads,
+};
 
 machine_set_smp_parameters(ms);
 smp_cores   = ms->cores;
@@ -529,6 +542,11 @@ static void machine_pre_init(MachineState *ms)
 exit(1);
 }
 
+snprintf(nr_cores, NR_CPUS_STRLEN, "%d", ms->cores);
+snprintf(nr_threads, NR_CPUS_STRLEN, "%d", ms->threads);
+qdev_prop_register_global(_nr_cores);
+qdev_prop_register_global(_nr_threads);
+
 if (ms->cpus > 1) {
 Error *blocker = NULL;
 error_setg(, QERR_REPLAY_NOT_SUPPORTED, "smp");
-- 
2.4.11

[Qemu-devel] [PATCH RFC 01/16] vl: smp_parse: cleanups

[Andrew Jones]

No functional changes; only some code movement and removal of
dead code (impossible conditions). Also, max_cpus can be
initialized to 1, like smp_cpus, because it's either set by the
user or set to smp_cpus, when smp_cpus is set by the user, or
set to 1, when nothing is set.

Signed-off-by: Andrew Jones 
---
 vl.c | 34 +++---
 1 file changed, 15 insertions(+), 19 deletions(-)

diff --git a/vl.c b/vl.c
index b0bcc255ee9a5..7b96e787922f9 100644
--- a/vl.c
+++ b/vl.c
@@ -154,7 +154,7 @@ CharDriverState *sclp_hds[MAX_SCLP_CONSOLES];
 int win2k_install_hack = 0;
 int singlestep = 0;
 int smp_cpus = 1;
-int max_cpus = 0;
+int max_cpus = 1;
 int smp_cores = 1;
 int smp_threads = 1;
 int acpi_enabled = 1;
@@ -1223,7 +1223,6 @@ static QemuOptsList qemu_smp_opts = {
 static void smp_parse(QemuOpts *opts)
 {
 if (opts) {
-
 unsigned cpus= qemu_opt_get_number(opts, "cpus", 0);
 unsigned sockets = qemu_opt_get_number(opts, "sockets", 0);
 unsigned cores   = qemu_opt_get_number(opts, "cores", 0);
@@ -1251,6 +1250,17 @@ static void smp_parse(QemuOpts *opts)
 }
 
 max_cpus = qemu_opt_get_number(opts, "maxcpus", cpus);
+
+if (max_cpus > MAX_CPUMASK_BITS) {
+error_report("unsupported number of maxcpus");
+exit(1);
+}
+
+if (max_cpus < cpus) {
+error_report("maxcpus must be equal to or greater than smp");
+exit(1);
+}
+
 if (sockets * cores * threads > max_cpus) {
 error_report("cpu topology: "
  "sockets (%u) * cores (%u) * threads (%u) > "
@@ -1260,25 +1270,11 @@ static void smp_parse(QemuOpts *opts)
 }
 
 smp_cpus = cpus;
-smp_cores = cores > 0 ? cores : 1;
-smp_threads = threads > 0 ? threads : 1;
-
-}
-
-if (max_cpus == 0) {
-max_cpus = smp_cpus;
-}
-
-if (max_cpus > MAX_CPUMASK_BITS) {
-error_report("unsupported number of maxcpus");
-exit(1);
-}
-if (max_cpus < smp_cpus) {
-error_report("maxcpus must be equal to or greater than smp");
-exit(1);
+smp_cores = cores;
+smp_threads = threads;
 }
 
-if (smp_cpus > 1 || smp_cores > 1 || smp_threads > 1) {
+if (smp_cpus > 1) {
 Error *blocker = NULL;
 error_setg(, QERR_REPLAY_NOT_SUPPORTED, "smp");
 replay_add_blocker(blocker);
-- 
2.4.11

[Qemu-devel] [PATCH RFC 00/16] Rework SMP parameters

[Andrew Jones]

This series is a first step in eliminating smp_* global
variables (the last patch gets rid of two of them!) And, it's
a first step in deprecating '-smp' in favor of using machine
properties, e.g.
 qemu -machine pc,sockets=2,cores=2,threads=2,maxcpus=8,cpus=8 ...

It's also a first step in allowing machine types to override
the default parameter parsing, which makes assumptions that
not all machine types may agree with. (mach-virt is coming...)

So, three first steps, I guess that's 3 steps. And a forth
thing it does is some fixes for the smp parsing and also for
SMBIOS use of cpu topology.

Tested with kvm-unit-tests on all five arches supported
there, x86_64 both with KVM and TCG, and booting an x86_64
guest (KVM) to check SMBIOS before and after in order to make
sure it was the same. Also compile tested all targets.

Thanks,
drew


Andrew Jones (15):
  vl: smp_parse: cleanups
  vl: smp: add checks for maxcpus based topologies
  hw/smbios/smbios: fix number of sockets calculation
  hw/core/machine: add smp properites
  vl: move smp parsing to machine pre_init
  qom/cpu: make nr-cores,nr-threads real properties
  hw/core/machine: set cpu global nr_cores,nr_threads in pre_init
  hw/i386/pc: don't use smp_cores,smp_threads
  hw/ppc/spapr: don't use smp_cores,smp_threads
  target-ppc: don't use smp_threads
  hw/arm/virt: rename *.smp_cpus to *.cpus
  hw/arm/virt: don't use smp_cpus,max_cpus
  hw/arm/virt: stash cpu topo info in VirtGuestInfo
  smbios: don't use smp_cores,smp_threads
  sysemu/cpus: bye, bye smp_cores,smp_threads

Igor Mammedov (1):
  hw/core/machine: Introduce pre_init

 cpus.c   |   2 -
 hw/arm/virt-acpi-build.c |  14 +--
 hw/arm/virt.c|  41 +---
 hw/core/machine.c| 210 +++
 hw/i386/pc.c |  39 +---
 hw/ppc/spapr.c   |   9 +-
 hw/ppc/spapr_rtas.c  |   2 +-
 hw/smbios/smbios.c   |  20 ++--
 include/hw/arm/virt-acpi-build.h |   6 +-
 include/hw/boards.h  |   7 ++
 include/hw/smbios/smbios.h   |  10 ++
 include/sysemu/cpus.h|  10 --
 qom/cpu.c|   8 ++
 target-ppc/translate_init.c  |  15 ++-
 vl.c | 101 +++
 15 files changed, 356 insertions(+), 138 deletions(-)

-- 
2.4.11

Re: [Qemu-devel] [PATCH 1/2] Fix confusing argument names of do_unaligned_access() functions

[Sergey Sorokin]

cpu-common.h is not included in qom/cpu.h
what do you think? Should it be included? Or may be MMUAccessType should be 
just moved into another header. For example into exec/memattrs.h

10.06.2016, 19:44, "Peter Maydell" :
> On 10 June 2016 at 17:42, Sergey Sorokin  wrote:
>>  What if I combine both patches into single one?
>
> No particular objection.
>
> -- PMM

[Qemu-devel] [QEMU RFC PATCH v4 6/6] migration: spapr: migrate pending_events of spapr state

[Jianjun Duan]

In racing situations between hotplug events and migration operation,
a rtas hotplug event could have not yet be delivered to the source
guest when migration is started. In this case the pending_events of
spapr state need be transmitted to the target so that the hotplug
event can be finished on the target.

All the different fields of the events are encoded as defined by
PAPR. We can migrate them as uint8_t binary stream without any
concerns about data padding or endianess.

pending_events is put in a subsection in the spapr state VMSD to make
sure migration across different versions is not broken.

Signed-off-by: Jianjun Duan 
---
 hw/ppc/spapr.c | 33 +
 hw/ppc/spapr_events.c  | 22 +-
 include/hw/ppc/spapr.h |  3 ++-
 3 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 54a8af6..ecff138 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1266,12 +1266,32 @@ static bool version_before_3(void *opaque, int 
version_id)
 return version_id < 3;
 }
 
+static bool spapr_pending_events_needed(void *opaque)
+{
+sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
+return !QTAILQ_EMPTY(>pending_events);
+}
+
 static bool spapr_ccs_list_needed(void *opaque)
 {
 sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
 return !QTAILQ_EMPTY(>ccs_list);
 }
 
+static const VMStateDescription vmstate_spapr_event_entry = {
+.name = "spapreventlogentry",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_INT32(log_type, sPAPREventLogEntry),
+VMSTATE_BOOL(exception, sPAPREventLogEntry),
+VMSTATE_UINT32(data_size, sPAPREventLogEntry),
+VMSTATE_VARRAY_UINT32_ALLOC(data, sPAPREventLogEntry, data_size,
+0, vmstate_info_uint8, uint8_t),
+VMSTATE_END_OF_LIST()
+  },
+};
+
 static const VMStateDescription vmstate_spapr_ccs = {
 .name = "spaprconfigureconnectorstate",
 .version_id = 1,
@@ -1284,6 +1304,18 @@ static const VMStateDescription vmstate_spapr_ccs = {
 },
 };
 
+static const VMStateDescription vmstate_spapr_pending_events = {
+.name = "spaprpendingevents",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_pending_events_needed,
+.fields = (VMStateField[]) {
+VMSTATE_QTAILQ_V(pending_events, sPAPRMachineState, 1,
+ vmstate_spapr_event_entry, sPAPREventLogEntry, next),
+VMSTATE_END_OF_LIST()
+},
+};
+
 static const VMStateDescription vmstate_spapr_ccs_list = {
 .name = "spaprccslist",
 .version_id = 1,
@@ -1312,6 +1344,7 @@ static const VMStateDescription vmstate_spapr = {
 VMSTATE_END_OF_LIST()
 },
 .subsections = (const VMStateDescription*[]) {
+_spapr_pending_events,
 _spapr_ccs_list,
 NULL
 }
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 049fb1b..1680c08 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -239,7 +239,8 @@ void spapr_events_fdt_skel(void *fdt, uint32_t 
check_exception_irq)
 _FDT((fdt_end_node(fdt)));
 }
 
-static void rtas_event_log_queue(int log_type, void *data, bool exception)
+static void rtas_event_log_queue(int log_type, void *data, bool exception,
+int data_size)
 {
 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 sPAPREventLogEntry *entry = g_new(sPAPREventLogEntry, 1);
@@ -248,6 +249,7 @@ static void rtas_event_log_queue(int log_type, void *data, 
bool exception)
 entry->log_type = log_type;
 entry->exception = exception;
 entry->data = data;
+entry->data_size = data_size;
 QTAILQ_INSERT_TAIL(>pending_events, entry, next);
 }
 
@@ -350,6 +352,7 @@ static void spapr_powerdown_req(Notifier *n, void *opaque)
 struct rtas_event_log_v6_mainb *mainb;
 struct rtas_event_log_v6_epow *epow;
 struct epow_log_full *new_epow;
+uint32_t data_size;
 
 new_epow = g_malloc0(sizeof(*new_epow));
 hdr = _epow->hdr;
@@ -358,13 +361,13 @@ static void spapr_powerdown_req(Notifier *n, void *opaque)
 mainb = _epow->mainb;
 epow = _epow->epow;
 
+data_size = sizeof(*new_epow);
 hdr->summary = cpu_to_be32(RTAS_LOG_VERSION_6
| RTAS_LOG_SEVERITY_EVENT
| RTAS_LOG_DISPOSITION_NOT_RECOVERED
| RTAS_LOG_OPTIONAL_PART_PRESENT
| RTAS_LOG_TYPE_EPOW);
-hdr->extended_length = cpu_to_be32(sizeof(*new_epow)
-   - sizeof(new_epow->hdr));
+hdr->extended_length = cpu_to_be32(data_size - sizeof(new_epow->hdr));
 
 spapr_init_v6hdr(v6hdr);
 spapr_init_maina(maina, 3 /* Main-A, Main-B and EPOW */);
@@ -384,7 +387,7 @@ static void spapr_powerdown_req(Notifier *n, void *opaque)
 

Re: [Qemu-devel] [PATCH v6 8/9] target-mips: Add nan2008 flavor of <CEIL|CVT|FLOOR|ROUND|TRUNC>.<L|W>.<S|D>

[Aleksandar Markovic]

The changes that make QEMU behavior the same as hardware behavior (in relation 
to CEIL, CVT, FLOOR, ROUND, TRUNC Mips instructions) are already contained in 
this patch.

I just mentioned Mips-A / Mips-B / SoftFloat differences as an 
explanation/observation related to the change in this patch.

Aleksandar

From: Maciej Rozycki
Sent: Friday, June 10, 2016 3:35 AM
To: Aleksandar Markovic
Cc: Aleksandar Markovic; qemu-devel@nongnu.org; peter.mayd...@linaro.org; 
pro...@gmail.com; kbast...@mail.uni-paderborn.de; 
mark.cave-ayl...@ilande.co.uk; ag...@suse.de; blauwir...@gmail.com; 
jcmvb...@gmail.com; qemu-...@nongnu.org; qemu-...@nongnu.org; Petar Jovanovic; 
pbonz...@redhat.com; Miodrag Dinic; edgar.igles...@gmail.com; 
g...@mprc.pku.edu.cn; Leon Alrae; afaer...@suse.de; Aurelien Jarno; 
r...@twiddle.net
Subject: RE: [PATCH v6 8/9] target-mips: Add nan2008 flavor of 
..

On Fri, 10 Jun 2016, Aleksandar Markovic wrote:

> I referred to SoftFloat library in QEMU code, and the case "Operand is
> smaller than INT_MIN" is different between SoftFloat and Mips-B, while
> the case "Operand is a NaN" is different between SoftFloat and Mips-A.

 Ah, but then you just can and indeed need to fix it to match hardware.
I had it done properly with the original patches I believe.

  Maciej

Re: [Qemu-devel] [Qemu-block] [PATCH] mirror: add target-zeroed flag

[Stefan Hajnoczi]

On Tue, Jun 07, 2016 at 07:30:19PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> On 03.06.2016 18:45, Denis V. Lunev wrote:
> > On 06/03/2016 06:06 PM, Eric Blake wrote:
> > > On 06/03/2016 08:05 AM, Vladimir Sementsov-Ogievskiy wrote:
> > > > Add target-zeroed flag to allow user specify that target is already
> > > > zeroed. With this flag set zeroes which was in source before mirror
> > > > start will not be copyed.
> > > With this flag set, any runs of zeroes in the source before the mirror
> > > starts will not be copied.
> > > 
> > > > Without this libvirt migration of empty disk takes too long time.
> > > > 
> > > > Signed-off-by: Vladimir Sementsov-Ogievskiy 
> > > > ---
> > > > 
> > > > I've tested it with
> > > > time virsh migrate --live test qemu+ssh://other_node/system
> > > > --copy-storage-all
> > > Presumably with a libvirt patch to turn on the optional flag.
> > > 
> > > I'm not sure I like this patch.  Libvirt uses NBD to implement
> > > --copy-storage-all, I think we're better off improving NBD to
> > > automatically handle sparse writes, than we are to add a one-off hack
> > > that requires libvirt to change.  That is, once NBD is smarter, the copy
> > > will be faster without needing a tweak.  And we ARE working on making
> > > NBD smarter (one of my goals for the 2.7 release is to get all the
> > > sparse file additions to NBD implemented)
> > > 
> > > That said, I'll still review it.
> > this is not enough, definitely.
> > 
> > There is a problem that mirror_iteration code sleeps even for
> > not read zeroes (and this IS slow). Moreover, even sending sparcified
> > zeroes takes a lot of time for round trips.
> > 
> > We have started with that and spent a lot of time trying to improve
> > the situation.
> > 
> > Also, as a side note, the QCOW2 file on a source and a target will
> > be different without the flag - original image has empty blocks,
> > target image will have blocks explicitly marked with zeroes.
> > 
> > Though this is a matter of taste... For us this approach is the simplest.
> > 
> > Den
> 
> Hey, what do think about it? Don't we forget somebody to be cc'ed?

Jeff Cody  maintains block jobs.  This patch should go
through him.

Stefan


signature.asc
Description: PGP signature

[Qemu-devel] [QEMU RFC PATCH v4 4/6] migration: migrate QTAILQ

[Jianjun Duan]

Currently we cannot directly transfer a QTAILQ instance because of the
limitation in the migration code. Here we introduce an approach to
transfer such structures. In our approach such a structure is tagged
with VMS_LINKED. We then modified vmstate_save_state and vmstate_load_state
so that when VMS_LINKED is encountered, put and get from VMStateInfo are
called respectively. We created VMStateInfo vmstate_info_qtailq for QTAILQ.
Similar VMStateInfo can be created for other data structures such as list.
This approach will be used to transfer pending_events and ccs_list in spapr
state.

We also create some macros in qemu/queue.h to access a QTAILQ using pointer
arithmetic. This ensures that we do not depend on the implementation
details about QTAILQ in the migration code.

Signed-off-by: Jianjun Duan 
---
 include/migration/vmstate.h | 26 ++
 include/qemu/queue.h| 32 ++
 migration/vmstate.c | 66 +
 trace-events|  4 +++
 4 files changed, 128 insertions(+)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 56a4171..bce911f 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -185,6 +185,12 @@ enum VMStateFlags {
  * to determine the number of entries in the array. Only valid in
  * combination with one of VMS_VARRAY*. */
 VMS_MULTIPLY_ELEMENTS = 0x4000,
+/* For fields which need customized handling, such as QTAILQ in queue.h.
+ * When this flag is set in VMStateField, info->get/put will
+ * be used in vmstate_load/save_state instead of recursive call.
+ * User should implement set info to handle the concerned data structure.
+ */
+VMS_LINKED= 0x8000,
 };
 
 struct VMStateField {
@@ -245,6 +251,7 @@ extern const VMStateInfo vmstate_info_timer;
 extern const VMStateInfo vmstate_info_buffer;
 extern const VMStateInfo vmstate_info_unused_buffer;
 extern const VMStateInfo vmstate_info_bitmap;
+extern const VMStateInfo vmstate_info_qtailq;
 
 #define type_check_2darray(t1,t2,n,m) ((t1(*)[n][m])0 - (t2*)0)
 #define type_check_array(t1,t2,n) ((t1(*)[n])0 - (t2*)0)
@@ -656,6 +663,25 @@ extern const VMStateInfo vmstate_info_bitmap;
 .offset   = offsetof(_state, _field),\
 }
 
+/* For QTAILQ that need customized handling
+ * _type: type of QTAILQ element
+ * _next: name of QTAILQ entry field in QTAILQ element
+ * _vmsd: VMSD for QTAILQ element
+ * size: size of QTAILQ element
+ * start: offset of QTAILQ entry in QTAILQ element
+ */
+#define VMSTATE_QTAILQ_V(_field, _state, _version, _vmsd, _type, _next)  \
+{\
+.name = (stringify(_field)), \
+.version_id   = (_version),  \
+.vmsd = &(_vmsd),\
+.size = sizeof(_type),   \
+.info = _info_qtailq,\
+.flags= VMS_LINKED,  \
+.offset   = offsetof(_state, _field),\
+.start= offsetof(_type, _next),  \
+}
+
 /* _f : field name
_f_n : num of elements field_name
_n : num of elements
diff --git a/include/qemu/queue.h b/include/qemu/queue.h
index f781aa2..003e368 100644
--- a/include/qemu/queue.h
+++ b/include/qemu/queue.h
@@ -437,3 +437,35 @@ struct {   
 \
 (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
 
 #endif  /* !QEMU_SYS_QUEUE_H_ */
+
+/*
+ * Offsets of layout of a tail queue head.
+ */
+#define QTAILQ_FIRST_OFFSET 0
+#define QTAILQ_LAST_OFFSET (sizeof(void *))
+
+/*
+ * Offsets of layout of a tail queue element.
+ */
+#define QTAILQ_NEXT_OFFSET 0
+#define QTAILQ_PREV_OFFSET (sizeof(void *))
+
+/*
+ * Tail queue tranversal using pointer arithmetic.
+ */
+#define QTAILQ_RAW_FOREACH(elm, head, entry)   
\
+for ((elm) = *((void **) ((char *) (head) + QTAILQ_FIRST_OFFSET)); 
\
+ (elm);
\
+ (elm) =   
\
+ *((void **) ((char *) (elm) + (entry) + QTAILQ_NEXT_OFFSET)))
+/*
+ * Tail queue insertion using pointer arithmetic.
+ */
+#define QTAILQ_RAW_INSERT_TAIL(head, elm, entry) do {  
\
+*((void **) ((char *) (elm) + (entry) + QTAILQ_NEXT_OFFSET)) = NULL;   
\
+*((void **) ((char *) (elm) + (entry) + QTAILQ_PREV_OFFSET)) = 
\
+*((void **) ((char *) (head) +QTAILQ_LAST_OFFSET));
\
+**((void ***)((char *) (head) 

[Qemu-devel] [QEMU RFC PATCH v4 3/6] migration: extend VMStateInfo

[Jianjun Duan]

Current migration code cannot handle some data structures such as
QTAILQ in qemu/queue.h. Here we extend the signatures of put/get
in VMStateInfo so that customized handling is supported.

Signed-off-by: Jianjun Duan 
---
 hw/net/vmxnet3.c| 18 ++---
 hw/nvram/eeprom93xx.c   |  6 ++-
 hw/nvram/fw_cfg.c   |  6 ++-
 hw/pci/msix.c   |  6 ++-
 hw/pci/pci.c| 12 --
 hw/pci/shpc.c   |  5 ++-
 hw/scsi/scsi-bus.c  |  6 ++-
 hw/timer/twl92230.c |  6 ++-
 hw/usb/redirect.c   | 18 ++---
 hw/virtio/virtio-pci.c  |  6 ++-
 hw/virtio/virtio.c  |  6 ++-
 include/migration/vmstate.h | 10 +++--
 migration/savevm.c  |  5 ++-
 migration/vmstate.c | 95 -
 target-alpha/machine.c  |  5 ++-
 target-arm/machine.c| 12 --
 target-i386/machine.c   | 21 ++
 target-mips/machine.c   | 10 +++--
 target-ppc/machine.c| 10 +++--
 target-sparc/machine.c  |  5 ++-
 20 files changed, 171 insertions(+), 97 deletions(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 16645e6..7ddec0b 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -2445,7 +2445,8 @@ static void vmxnet3_put_tx_stats_to_file(QEMUFile *f,
 qemu_put_be64(f, tx_stat->pktsTxDiscard);
 }
 
-static int vmxnet3_get_txq_descr(QEMUFile *f, void *pv, size_t size)
+static int vmxnet3_get_txq_descr(QEMUFile *f, void *pv, size_t size,
+VMStateField *field)
 {
 Vmxnet3TxqDescr *r = pv;
 
@@ -2459,7 +2460,8 @@ static int vmxnet3_get_txq_descr(QEMUFile *f, void *pv, 
size_t size)
 return 0;
 }
 
-static void vmxnet3_put_txq_descr(QEMUFile *f, void *pv, size_t size)
+static void vmxnet3_put_txq_descr(QEMUFile *f, void *pv, size_t size,
+VMStateField *field, QJSON *vmdesc)
 {
 Vmxnet3TxqDescr *r = pv;
 
@@ -2506,7 +2508,8 @@ static void vmxnet3_put_rx_stats_to_file(QEMUFile *f,
 qemu_put_be64(f, rx_stat->pktsRxError);
 }
 
-static int vmxnet3_get_rxq_descr(QEMUFile *f, void *pv, size_t size)
+static int vmxnet3_get_rxq_descr(QEMUFile *f, void *pv, size_t size,
+VMStateField *field)
 {
 Vmxnet3RxqDescr *r = pv;
 int i;
@@ -2524,7 +2527,8 @@ static int vmxnet3_get_rxq_descr(QEMUFile *f, void *pv, 
size_t size)
 return 0;
 }
 
-static void vmxnet3_put_rxq_descr(QEMUFile *f, void *pv, size_t size)
+static void vmxnet3_put_rxq_descr(QEMUFile *f, void *pv, size_t size,
+VMStateField *field, QJSON *vmdesc)
 {
 Vmxnet3RxqDescr *r = pv;
 int i;
@@ -2569,7 +2573,8 @@ static const VMStateInfo rxq_descr_info = {
 .put = vmxnet3_put_rxq_descr
 };
 
-static int vmxnet3_get_int_state(QEMUFile *f, void *pv, size_t size)
+static int vmxnet3_get_int_state(QEMUFile *f, void *pv, size_t size,
+VMStateField *field)
 {
 Vmxnet3IntState *r = pv;
 
@@ -2580,7 +2585,8 @@ static int vmxnet3_get_int_state(QEMUFile *f, void *pv, 
size_t size)
 return 0;
 }
 
-static void vmxnet3_put_int_state(QEMUFile *f, void *pv, size_t size)
+static void vmxnet3_put_int_state(QEMUFile *f, void *pv, size_t size,
+VMStateField *field, QJSON *vmdesc)
 {
 Vmxnet3IntState *r = pv;
 
diff --git a/hw/nvram/eeprom93xx.c b/hw/nvram/eeprom93xx.c
index 2c16fc2..76d5f41 100644
--- a/hw/nvram/eeprom93xx.c
+++ b/hw/nvram/eeprom93xx.c
@@ -94,14 +94,16 @@ struct _eeprom_t {
This is a Big hack, but it is how the old state did it.
  */
 
-static int get_uint16_from_uint8(QEMUFile *f, void *pv, size_t size)
+static int get_uint16_from_uint8(QEMUFile *f, void *pv, size_t size,
+ VMStateField *field)
 {
 uint16_t *v = pv;
 *v = qemu_get_ubyte(f);
 return 0;
 }
 
-static void put_unused(QEMUFile *f, void *pv, size_t size)
+static void put_unused(QEMUFile *f, void *pv, size_t size, VMStateField *field,
+   QJSON *vmdesc)
 {
 fprintf(stderr, "uint16_from_uint8 is used only for backwards 
compatibility.\n");
 fprintf(stderr, "Never should be used to write a new state.\n");
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index cdbdfb5..c294f9a 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -524,14 +524,16 @@ static void fw_cfg_reset(DeviceState *d)
Or we broke compatibility in the state, or we can't use struct tm
  */
 
-static int get_uint32_as_uint16(QEMUFile *f, void *pv, size_t size)
+static int get_uint32_as_uint16(QEMUFile *f, void *pv, size_t size,
+VMStateField *field)
 {
 uint32_t *v = pv;
 *v = qemu_get_be16(f);
 return 0;
 }
 
-static void put_unused(QEMUFile *f, void *pv, size_t size)
+static void put_unused(QEMUFile *f, void *pv, size_t size, VMStateField *field,
+   QJSON *vmdesc)
 {
 fprintf(stderr, "uint32_as_uint16 is only used for backward 
compatibility.\n");
 fprintf(stderr, "This functions shouldn't be called.\n");
diff --git a/hw/pci/msix.c 

[Qemu-devel] [QEMU RFC PATCH v4 5/6] migration: spapr: migrate ccs_list in spapr state

[Jianjun Duan]

ccs_list in spapr state maintains the device tree related
information on the rtas side for hotplugged devices. In racing
situations between hotplug events and migration operation, a rtas
hotplug event could be migrated from the source guest to target
guest, or the source guest could have not yet finished fetching
the device tree when migration is started, the target will try
to finish fetching the device tree. By migrating ccs_list, the
target can fetch the device tree properly.

ccs_list is put in a subsection in the spapr state VMSD to make
sure migration across different versions is not broken.

Signed-off-by: Jianjun Duan 
---
 hw/ppc/spapr.c | 34 ++
 1 file changed, 34 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 0636642..54a8af6 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1266,6 +1266,36 @@ static bool version_before_3(void *opaque, int 
version_id)
 return version_id < 3;
 }
 
+static bool spapr_ccs_list_needed(void *opaque)
+{
+sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
+return !QTAILQ_EMPTY(>ccs_list);
+}
+
+static const VMStateDescription vmstate_spapr_ccs = {
+.name = "spaprconfigureconnectorstate",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(drc_index, sPAPRConfigureConnectorState),
+VMSTATE_INT32(fdt_offset, sPAPRConfigureConnectorState),
+VMSTATE_INT32(fdt_depth, sPAPRConfigureConnectorState),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static const VMStateDescription vmstate_spapr_ccs_list = {
+.name = "spaprccslist",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_ccs_list_needed,
+.fields = (VMStateField[]) {
+VMSTATE_QTAILQ_V(ccs_list, sPAPRMachineState, 1,
+ vmstate_spapr_ccs, sPAPRConfigureConnectorState, 
next),
+VMSTATE_END_OF_LIST()
+},
+};
+
 static const VMStateDescription vmstate_spapr = {
 .name = "spapr",
 .version_id = 3,
@@ -1281,6 +1311,10 @@ static const VMStateDescription vmstate_spapr = {
 VMSTATE_PPC_TIMEBASE_V(tb, sPAPRMachineState, 2),
 VMSTATE_END_OF_LIST()
 },
+.subsections = (const VMStateDescription*[]) {
+_spapr_ccs_list,
+NULL
+}
 };
 
 static int htab_save_setup(QEMUFile *f, void *opaque)
-- 
1.9.1

[Qemu-devel] [QEMU RFC PATCH v4 2/6] migration: spapr_drc: defined VMStateDescription struct

[Jianjun Duan]

To manage hotplug/unplug of dynamic resources such as PCI cards,
memory, and CPU on sPAPR guests, a firmware abstraction known as
a Dynamic Resource Connector (DRC) is used to assign a particular
dynamic resource to the guest, and provide an interface for the
guest to manage configuration/removal of the resource associated
with it.

To migrate the hotplugged resources in migration, the
associated DRC state need be migrated. To migrate the DRC state,
we defined the VMStateDescription struct for spapr_drc to enable
the transmission of spapr_drc state in migration.

Not all the elements in the DRC state are migrated. Only those
ones modifiable or needed by guest actions or device add/remove
operation are migrated. From the perspective of device
hotplugging, if we hotplug a device on the source, we need to
"coldplug" it on the target. The states across two hosts for the
same device are not the same. Ideally we want the states be same
after migration so that the device would function as hotplugged
on the target. For example we can unplug it. The minimum DRC
state we need to transfer should cover all the pieces changed by
hotplugging. Out of the elements of the DRC state, isolation_state,
allocation_sate, and configured are involved in the DR state
transition diagram from PAPR+ 2.7, 13.4. configured and signalled
are needed in attaching and detaching devices. indicator_state
provides users with hardware state information. These 6 elements
are migrated.

detach_cb in the DRC state is a function pointer that cannot be
migrated. We set it right after DRC state is migrated so that
a migrated hot-unplug event could finish its work.

The instance_id is used to identify objects in migration. We set
instance_id of DRC using the unique index so that it is the same
across migration.

Signed-off-by: Jianjun Duan 
---
 hw/ppc/spapr_drc.c | 69 ++
 hw/ppc/spapr_pci.c | 22 +++
 include/hw/ppc/spapr_drc.h |  9 ++
 3 files changed, 100 insertions(+)

diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index 94c875d..7e6161d 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -617,6 +617,71 @@ static void spapr_dr_connector_instance_init(Object *obj)
 NULL, NULL, NULL, NULL);
 }
 
+static bool spapr_drc_needed(void *opaque)
+{
+sPAPRDRConnector *drc = (sPAPRDRConnector *)opaque;
+sPAPRDRConnectorClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+bool rc = false;
+sPAPRDREntitySense value;
+
+drck->entity_sense(drc, );
+/* If no dev is plugged in there is no need to migrate the DRC state */
+if (value != SPAPR_DR_ENTITY_SENSE_PRESENT) {
+return false;
+}
+/*
+ * If there is dev plugged in, we need to migrate the DRC state when
+ * it is different from cold-plugged state
+ */
+switch(drc->type) {
+/* for PCI type */
+case SPAPR_DR_CONNECTOR_TYPE_PCI:
+rc = !((drc->isolation_state == SPAPR_DR_ISOLATION_STATE_UNISOLATED) &&
+   (drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_USABLE) &&
+   drc->configured && drc->signalled && !drc->awaiting_release);
+break;
+/* for LMB type */
+case SPAPR_DR_CONNECTOR_TYPE_LMB:
+rc = !((drc->isolation_state == SPAPR_DR_ISOLATION_STATE_ISOLATED) &&
+   (drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_UNUSABLE) &&
+   drc->configured && drc->signalled && !drc->awaiting_release);
+break;
+default:
+;
+}
+
+return rc;
+}
+
+/* detach_cb needs be set since it is not migrated */
+static void postmigrate_set_detach_cb(sPAPRDRConnector *drc,
+  spapr_drc_detach_cb *detach_cb)
+{
+drc->detach_cb = detach_cb;
+}
+
+/* return the unique drc index as instance_id for qom interfaces*/
+static int get_instance_id(DeviceState *dev)
+{
+return (int)get_index(SPAPR_DR_CONNECTOR(OBJECT(dev)));
+}
+
+static const VMStateDescription vmstate_spapr_drc = {
+.name = "spapr_drc",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_drc_needed,
+.fields  = (VMStateField []) {
+VMSTATE_UINT32(isolation_state, sPAPRDRConnector),
+VMSTATE_UINT32(allocation_state, sPAPRDRConnector),
+VMSTATE_UINT32(indicator_state, sPAPRDRConnector),
+VMSTATE_BOOL(configured, sPAPRDRConnector),
+VMSTATE_BOOL(awaiting_release, sPAPRDRConnector),
+VMSTATE_BOOL(signalled, sPAPRDRConnector),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static void spapr_dr_connector_class_init(ObjectClass *k, void *data)
 {
 DeviceClass *dk = DEVICE_CLASS(k);
@@ -625,6 +690,8 @@ static void spapr_dr_connector_class_init(ObjectClass *k, 
void *data)
 dk->reset = reset;
 dk->realize = realize;
 dk->unrealize = unrealize;
+dk->vmsd = _spapr_drc;
+dk->dev_get_instance_id = get_instance_id;
 

[Qemu-devel] [QEMU RFC PATCH v4 1/6] migration: alternative way to set instance_id in SaveStateEntry

[Jianjun Duan]

In QOM(QEMU Object Model) migrated objects are identified with instance_id
which is calculated automatically using their path in the QOM composition
tree. For some objects, this path could change from source to target in
migration. To migrate such objects, we need to make sure the instance_id does
not change from source to target. We add a hook in DeviceClass to do customized
instance_id calculation in such cases.

As a result, in these cases compat will not be set in the concerned
SaveStateEntry. This will prevent the inconsistent idstr to be sent over in
migration. We could have set alias_id in a similar way. But that will be
overloading the purpose of alias_id.

The first application will be setting instance_id for DRC using its unique
index. Doing this makes the instance_id of DRC to be consistent across migration
and supports flexible management of DRC objects in migration.

Signed-off-by: Jianjun Duan 
---
 include/hw/qdev-core.h |  6 ++
 migration/savevm.c | 20 ++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index 1ce02b2..28173a7 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -139,6 +139,12 @@ typedef struct DeviceClass {
 qdev_initfn init; /* TODO remove, once users are converted to realize */
 qdev_event exit; /* TODO remove, once users are converted to unrealize */
 const char *bus_type;
+
+/* When this field is set, qemu will use it to get an unique instance_id
+ * instead of calculating an auto idstr and instanc_id for the relevant
+ * SaveStateEntry
+ */
+int (*dev_get_instance_id)(DeviceState *dev);
 } DeviceClass;
 
 typedef struct NamedGPIOList NamedGPIOList;
diff --git a/migration/savevm.c b/migration/savevm.c
index 6c21231..f7e7c68 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -494,6 +494,11 @@ int register_savevm_live(DeviceState *dev,
  void *opaque)
 {
 SaveStateEntry *se;
+/* when it is a device and it provides a way to get instance_id,
+ * we will use it and skip setting idstr and compat.
+ */
+bool flag = (dev != NULL) &&
+(DEVICE_GET_CLASS(dev)->dev_get_instance_id != NULL);
 
 se = g_new0(SaveStateEntry, 1);
 se->version_id = version_id;
@@ -506,7 +511,7 @@ int register_savevm_live(DeviceState *dev,
 se->is_ram = 1;
 }
 
-if (dev) {
+if (dev && !flag) {
 char *id = qdev_get_dev_path(dev);
 if (id) {
 pstrcpy(se->idstr, sizeof(se->idstr), id);
@@ -522,6 +527,9 @@ int register_savevm_live(DeviceState *dev,
 }
 pstrcat(se->idstr, sizeof(se->idstr), idstr);
 
+if (flag) {
+instance_id = DEVICE_GET_CLASS(dev)->dev_get_instance_id(dev);
+}
 if (instance_id == -1) {
 se->instance_id = calculate_new_instance_id(se->idstr);
 } else {
@@ -579,6 +587,11 @@ int vmstate_register_with_alias_id(DeviceState *dev, int 
instance_id,
int required_for_version)
 {
 SaveStateEntry *se;
+/* when it is a device and it provides a way to get instance_id,
+ * we will use it and skip setting idstr and compat.
+ */
+bool flag = (dev != NULL) &&
+(DEVICE_GET_CLASS(dev)->dev_get_instance_id != NULL);
 
 /* If this triggers, alias support can be dropped for the vmsd. */
 assert(alias_id == -1 || required_for_version >= vmsd->minimum_version_id);
@@ -590,7 +603,7 @@ int vmstate_register_with_alias_id(DeviceState *dev, int 
instance_id,
 se->vmsd = vmsd;
 se->alias_id = alias_id;
 
-if (dev) {
+if (dev && !flag) {
 char *id = qdev_get_dev_path(dev);
 if (id) {
 pstrcpy(se->idstr, sizeof(se->idstr), id);
@@ -606,6 +619,9 @@ int vmstate_register_with_alias_id(DeviceState *dev, int 
instance_id,
 }
 pstrcat(se->idstr, sizeof(se->idstr), vmsd->name);
 
+if (flag) {
+instance_id = DEVICE_GET_CLASS(dev)->dev_get_instance_id(dev);
+}
 if (instance_id == -1) {
 se->instance_id = calculate_new_instance_id(se->idstr);
 } else {
-- 
1.9.1

[Qemu-devel] [QEMU RFC PATCH v4 0/6] migration: ensure hotplug and migration work together

[Jianjun Duan]

v4: - Introduce a way to set customized instance_id in SaveStateEntry. Use it
  to set instance_id for DRC using its unique index to address David 
  Gibson's concern.
- Rename VMS_CSTM to VMS_LINKED based on Paolo Bonzini's suggestions.
- Clean up qjson stuff in put_qtailq. 
- Add trace for put_qtailq and get_qtailq based on David Gilbert's 
  suggestion.

It is based on David's ppc-for-2.7. Comments are welcome. Previous versions are:

v3: - Simplify overall design followng discussion with Paolo. No longer need
  metadata to migrate QTAILQ.
- Extend VMStateInfo instead of adding similar fields to VMStateField.
- Clean up macros in qemu/queue.h.
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg05695.html)

v2: - Introduce a general approach to migrate QTAILQ in qemu/queue.h.
- Migrate signalled field in the DRC state.
- Put the newly added migrating fields in subsections so that backward 
  migration is not broken.  
- Set detach_cb field right after migration so that a migrated hot-unplug
  event could finish its course.
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg04188.html)

v1: - Inital version.
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-04/msg02601.html)

To make guest device (PCI, CPU and memory) hotplug work together 
with guest migration, spapr drc state needs be transmitted in
migration. This patch defines the VMStateDescription struct for
spapr drc state to enable it.

To fix the potential racing between hotplug events on guest and 
guest migration, ccs_list and pending_events of spapr state need be 
transmitted in migration. This patch also takes care of it.


Jianjun Duan (6):
  migration: alternative way to set instance_id in SaveStateEntry
  migration: spapr_drc: defined VMStateDescription struct
  migration: extend VMStateInfo
  migration: migrate QTAILQ
  migration: spapr: migrate ccs_list in spapr state
  migration: spapr: migrate pending_events of spapr state

 hw/net/vmxnet3.c|  18 +++--
 hw/nvram/eeprom93xx.c   |   6 +-
 hw/nvram/fw_cfg.c   |   6 +-
 hw/pci/msix.c   |   6 +-
 hw/pci/pci.c|  12 ++--
 hw/pci/shpc.c   |   5 +-
 hw/ppc/spapr.c  |  67 ++
 hw/ppc/spapr_drc.c  |  69 +++
 hw/ppc/spapr_events.c   |  22 +++---
 hw/ppc/spapr_pci.c  |  22 ++
 hw/scsi/scsi-bus.c  |   6 +-
 hw/timer/twl92230.c |   6 +-
 hw/usb/redirect.c   |  18 +++--
 hw/virtio/virtio-pci.c  |   6 +-
 hw/virtio/virtio.c  |   6 +-
 include/hw/ppc/spapr.h  |   3 +-
 include/hw/ppc/spapr_drc.h  |   9 +++
 include/hw/qdev-core.h  |   6 ++
 include/migration/vmstate.h |  36 --
 include/qemu/queue.h|  32 +
 migration/savevm.c  |  25 +--
 migration/vmstate.c | 161 ++--
 target-alpha/machine.c  |   5 +-
 target-arm/machine.c|  12 ++--
 target-i386/machine.c   |  21 --
 target-mips/machine.c   |  10 +--
 target-ppc/machine.c|  10 +--
 target-sparc/machine.c  |   5 +-
 trace-events|   4 ++
 29 files changed, 505 insertions(+), 109 deletions(-)

-- 
1.9.1

Re: [Qemu-devel] [PATCH 1/2] Fix confusing argument names of do_unaligned_access() functions

[Peter Maydell]

On 10 June 2016 at 17:42, Sergey Sorokin  wrote:
> What if I combine both patches into single one?

No particular objection.

-- PMM

Re: [Qemu-devel] [PATCH 1/2] Fix confusing argument names of do_unaligned_access() functions

[Sergey Sorokin]

What if I combine both patches into single one?

10.06.2016, 19:33, "Peter Maydell" :
> On 10 June 2016 at 17:26, Sergey Sorokin  wrote:
>>  There are functions cpu_unaligned_access() and do_unaligned_access() that
>>  are called with access type and mmu index arguments. But these arguments
>>  are named 'is_write' and 'is_user' in their declarations.
>>  The patch fixes the names to avoid a confusion.
>>
>>  Signed-off-by: Sergey Sorokin 
>
> If we're going to touch all of these then we have an enum type
> we should be using instead of just 'int' for the old
> is_write argument: MMUAccessType (defined in cpu-common.h).
>
> thanks
> -- PMM

Re: [Qemu-devel] [PULL 00/15] tb hash improvements

[Peter Maydell]

On 10 June 2016 at 17:34, Emilio G. Cota  wrote:
> On Fri, Jun 10, 2016 at 16:33:10 +0100, Peter Maydell wrote:
>> Fails to build on ppc64be :-(
>>
>> In file included from /home/pm215/qemu/include/qemu/thread.h:4:0,
>>  from /home/pm215/qemu/include/block/aio.h:20,
>>  from /home/pm215/qemu/include/block/block.h:4,
>>  from /home/pm215/qemu/include/monitor/monitor.h:6,
>>  from /home/pm215/qemu/trace/control.c:23:
>> /home/pm215/qemu/include/qemu/processor.h:24:35: error: expected
>> identifier or ‘(’ before string constant
>>"or 2, 2, 2;" ::: "memory")
>
> On Fri, Jun 10, 2016 at 16:57:19 +0100, Peter Maydell wrote:
>> Also fails trying to build a test on 32-bit:
>>
>> /home/petmay01/qemu/tests/qht-bench.c: In function 'pr_params':
>> /home/petmay01/qemu/tests/qht-bench.c:270:5: error: format '%zu'
>> expects argument of type 'size_t', but argument 2 has type 'long
>> unsigned int' [-Werror=format=]
>>  printf(" lookup range:  %zu\n", lookup_range);
>
> Can you please test again after applying the appended delta?

I will test.

For the PPC asm, is it not just wanting the "\n" between instructions?
Shouldn't be necessary to use two separate asm() lines...

thanks
-- PMM

Re: [Qemu-devel] [PATCH 1/2] Fix confusing argument names of do_unaligned_access() functions

[Sergey Sorokin]

I agree

10.06.2016, 19:33, "Peter Maydell" :
> On 10 June 2016 at 17:26, Sergey Sorokin  wrote:
>>  There are functions cpu_unaligned_access() and do_unaligned_access() that
>>  are called with access type and mmu index arguments. But these arguments
>>  are named 'is_write' and 'is_user' in their declarations.
>>  The patch fixes the names to avoid a confusion.
>>
>>  Signed-off-by: Sergey Sorokin 
>
> If we're going to touch all of these then we have an enum type
> we should be using instead of just 'int' for the old
> is_write argument: MMUAccessType (defined in cpu-common.h).
>
> thanks
> -- PMM

Re: [Qemu-devel] [PULL 00/15] tb hash improvements

[Emilio G. Cota]

On Fri, Jun 10, 2016 at 16:33:10 +0100, Peter Maydell wrote:
> Fails to build on ppc64be :-(
> 
> In file included from /home/pm215/qemu/include/qemu/thread.h:4:0,
>  from /home/pm215/qemu/include/block/aio.h:20,
>  from /home/pm215/qemu/include/block/block.h:4,
>  from /home/pm215/qemu/include/monitor/monitor.h:6,
>  from /home/pm215/qemu/trace/control.c:23:
> /home/pm215/qemu/include/qemu/processor.h:24:35: error: expected
> identifier or ‘(’ before string constant
>"or 2, 2, 2;" ::: "memory")

On Fri, Jun 10, 2016 at 16:57:19 +0100, Peter Maydell wrote:
> Also fails trying to build a test on 32-bit:
> 
> /home/petmay01/qemu/tests/qht-bench.c: In function 'pr_params':
> /home/petmay01/qemu/tests/qht-bench.c:270:5: error: format '%zu'
> expects argument of type 'size_t', but argument 2 has type 'long
> unsigned int' [-Werror=format=]
>  printf(" lookup range:  %zu\n", lookup_range);

Can you please test again after applying the appended delta?

Thanks,

Emilio

diff --git a/include/qemu/processor.h b/include/qemu/processor.h
index 42bcc99..c28d7e3 100644
--- a/include/qemu/processor.h
+++ b/include/qemu/processor.h
@@ -20,8 +20,12 @@
 
 #elif defined(__powerpc64__)
 /* set Hardware Multi-Threading (HMT) priority to low; then back to medium */
-# define cpu_relax() asm volatile("or 1, 1, 1;"
-  "or 2, 2, 2;" ::: "memory")
+# define cpu_relax()\
+do {\
+asm volatile("or 1,1,1");   \
+asm volatile("or 2,2,2");   \
+barrier();  \
+} while (0)
 
 #else
 # define cpu_relax() barrier()
diff --git a/tests/qht-bench.c b/tests/qht-bench.c
index c7f73b4..ad8efbc 100644
--- a/tests/qht-bench.c
+++ b/tests/qht-bench.c
@@ -267,8 +267,8 @@ static void pr_params(void)
 printf(" update rate:   %f%%\n", update_rate * 100.0);
 printf(" offset:%ld\n", populate_offset);
 printf(" initial key range: %zu\n", init_range);
-printf(" lookup range:  %zu\n", lookup_range);
-printf(" update range:  %zu\n", update_range);
+printf(" lookup range:  %lu\n", lookup_range);
+printf(" update range:  %lu\n", update_range);
 }
 
 static void do_threshold(double rate, uint64_t *threshold)

[Qemu-devel] [PATCH 2/2] Fix a confusing argument name in tlb_fill() function

[Sergey Sorokin]

The function tlb_fill() is called with access type argument which is named
'is_write' in its declaration. The patch fixes the argument name
to avoid a confusion.

Signed-off-by: Sergey Sorokin 
---
 include/exec/exec-all.h   |  2 +-
 target-alpha/mem_helper.c |  4 ++--
 target-arm/op_helper.c| 12 +++-
 target-cris/op_helper.c   |  4 ++--
 target-i386/mem_helper.c  |  4 ++--
 target-lm32/op_helper.c   |  4 ++--
 target-m68k/op_helper.c   |  4 ++--
 target-microblaze/op_helper.c |  4 ++--
 target-mips/op_helper.c   |  4 ++--
 target-moxie/helper.c |  4 ++--
 target-openrisc/mmu_helper.c  |  4 ++--
 target-ppc/mmu_helper.c   |  6 +++---
 target-s390x/mem_helper.c |  4 ++--
 target-sh4/op_helper.c|  4 ++--
 target-sparc/ldst_helper.c|  4 ++--
 target-tricore/op_helper.c|  4 ++--
 target-unicore32/op_helper.c  |  4 ++--
 target-xtensa/op_helper.c |  7 ---
 18 files changed, 43 insertions(+), 40 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index e076397..f425576 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -363,7 +363,7 @@ extern uintptr_t tci_tb_ptr;
 struct MemoryRegion *iotlb_to_region(CPUState *cpu,
  hwaddr index, MemTxAttrs attrs);
 
-void tlb_fill(CPUState *cpu, target_ulong addr, int is_write, int mmu_idx,
+void tlb_fill(CPUState *cpu, target_ulong addr, int access_type, int mmu_idx,
   uintptr_t retaddr);
 
 #endif
diff --git a/target-alpha/mem_helper.c b/target-alpha/mem_helper.c
index cfb4898..53fdae4 100644
--- a/target-alpha/mem_helper.c
+++ b/target-alpha/mem_helper.c
@@ -144,12 +144,12 @@ void alpha_cpu_unassigned_access(CPUState *cs, hwaddr 
addr,
NULL, it means that the function was called in C code (i.e. not
from generated code or from helper.c) */
 /* XXX: fix it to restore all registers */
-void tlb_fill(CPUState *cs, target_ulong addr, int is_write,
+void tlb_fill(CPUState *cs, target_ulong addr, int access_type,
   int mmu_idx, uintptr_t retaddr)
 {
 int ret;
 
-ret = alpha_cpu_handle_mmu_fault(cs, addr, is_write, mmu_idx);
+ret = alpha_cpu_handle_mmu_fault(cs, addr, access_type, mmu_idx);
 if (unlikely(ret != 0)) {
 if (retaddr) {
 cpu_restore_state(cs, retaddr);
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index 04316b5..dd97760 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -117,14 +117,14 @@ static inline uint32_t merge_syn_data_abort(uint32_t 
template_syn,
  * NULL, it means that the function was called in C code (i.e. not
  * from generated code or from helper.c)
  */
-void tlb_fill(CPUState *cs, target_ulong addr, int is_write, int mmu_idx,
+void tlb_fill(CPUState *cs, target_ulong addr, int access_type, int mmu_idx,
   uintptr_t retaddr)
 {
 bool ret;
 uint32_t fsr = 0;
 ARMMMUFaultInfo fi = {};
 
-ret = arm_tlb_fill(cs, addr, is_write, mmu_idx, , );
+ret = arm_tlb_fill(cs, addr, access_type, mmu_idx, , );
 if (unlikely(ret)) {
 ARMCPU *cpu = ARM_CPU(cs);
 CPUARMState *env = >env;
@@ -149,13 +149,15 @@ void tlb_fill(CPUState *cs, target_ulong addr, int 
is_write, int mmu_idx,
 /* For insn and data aborts we assume there is no instruction syndrome
  * information; this is always true for exceptions reported to EL1.
  */
-if (is_write == 2) {
+if (access_type == MMU_INST_FETCH) {
 syn = syn_insn_abort(same_el, 0, fi.s1ptw, syn);
 exc = EXCP_PREFETCH_ABORT;
 } else {
 syn = merge_syn_data_abort(env->exception.syndrome, target_el,
-   same_el, fi.s1ptw, is_write == 1, syn);
-if (is_write == 1 && arm_feature(env, ARM_FEATURE_V6)) {
+   same_el, fi.s1ptw,
+   access_type == MMU_DATA_STORE, syn);
+if (access_type == MMU_DATA_STORE
+&& arm_feature(env, ARM_FEATURE_V6)) {
 fsr |= (1 << 11);
 }
 exc = EXCP_DATA_ABORT;
diff --git a/target-cris/op_helper.c b/target-cris/op_helper.c
index 675ab86..fbb71bc 100644
--- a/target-cris/op_helper.c
+++ b/target-cris/op_helper.c
@@ -41,7 +41,7 @@
 /* Try to fill the TLB and return an exception if error. If retaddr is
NULL, it means that the function was called in C code (i.e. not
from generated code or from helper.c) */
-void tlb_fill(CPUState *cs, target_ulong addr, int is_write, int mmu_idx,
+void tlb_fill(CPUState *cs, target_ulong addr, int access_type, int mmu_idx,
   uintptr_t retaddr)
 {
 CRISCPU *cpu = CRIS_CPU(cs);
@@ -50,7 +50,7 @@ void tlb_fill(CPUState *cs, target_ulong addr, int is_write, 
int mmu_idx,
 
 D_LOG("%s pc=%x tpc=%x ra=%p\n", __func__,
   env->pc, env->pregs[PR_EDA], (void 

Re: [Qemu-devel] [PATCH 1/2] Fix confusing argument names of do_unaligned_access() functions

[Peter Maydell]

On 10 June 2016 at 17:26, Sergey Sorokin  wrote:
> There are functions cpu_unaligned_access() and do_unaligned_access() that
> are called with access type and mmu index arguments. But these arguments
> are named 'is_write' and 'is_user' in their declarations.
> The patch fixes the names to avoid a confusion.
>
> Signed-off-by: Sergey Sorokin 

If we're going to touch all of these then we have an enum type
we should be using instead of just 'int' for the old
is_write argument: MMUAccessType (defined in cpu-common.h).

thanks
-- PMM

[Qemu-devel] [PATCH 1/2] Fix confusing argument names of do_unaligned_access() functions

[Sergey Sorokin]

There are functions cpu_unaligned_access() and do_unaligned_access() that
are called with access type and mmu index arguments. But these arguments
are named 'is_write' and 'is_user' in their declarations.
The patch fixes the names to avoid a confusion.

Signed-off-by: Sergey Sorokin 
---
 include/qom/cpu.h  |  8 
 target-alpha/cpu.h |  4 ++--
 target-alpha/mem_helper.c  |  4 ++--
 target-arm/internals.h |  4 ++--
 target-arm/op_helper.c | 17 +
 target-mips/cpu.h  |  4 ++--
 target-mips/op_helper.c|  2 +-
 target-sparc/cpu.h |  5 +++--
 target-sparc/ldst_helper.c |  5 +++--
 target-xtensa/cpu.h|  4 ++--
 target-xtensa/op_helper.c  |  3 ++-
 11 files changed, 32 insertions(+), 28 deletions(-)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 32f3af3..60985c2 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -141,8 +141,8 @@ typedef struct CPUClass {
 bool (*has_work)(CPUState *cpu);
 void (*do_interrupt)(CPUState *cpu);
 CPUUnassignedAccess do_unassigned_access;
-void (*do_unaligned_access)(CPUState *cpu, vaddr addr,
-int is_write, int is_user, uintptr_t retaddr);
+void (*do_unaligned_access)(CPUState *cpu, vaddr addr, int access_type,
+int mmu_idx, uintptr_t retaddr);
 bool (*virtio_is_big_endian)(CPUState *cpu);
 int (*memory_rw_debug)(CPUState *cpu, vaddr addr,
uint8_t *buf, int len, bool is_write);
@@ -716,12 +716,12 @@ static inline void cpu_unassigned_access(CPUState *cpu, 
hwaddr addr,
 }
 
 static inline void cpu_unaligned_access(CPUState *cpu, vaddr addr,
-int is_write, int is_user,
+int access_type, int mmu_idx,
 uintptr_t retaddr)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
-cc->do_unaligned_access(cpu, addr, is_write, is_user, retaddr);
+cc->do_unaligned_access(cpu, addr, access_type, mmu_idx, retaddr);
 }
 #endif
 
diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index e71ea70..4e512a2 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -322,8 +322,8 @@ void alpha_cpu_dump_state(CPUState *cs, FILE *f, 
fprintf_function cpu_fprintf,
 hwaddr alpha_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
 int alpha_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
 int alpha_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-void alpha_cpu_do_unaligned_access(CPUState *cpu, vaddr addr,
-   int is_write, int is_user, uintptr_t 
retaddr);
+void alpha_cpu_do_unaligned_access(CPUState *cpu, vaddr addr, int access_type,
+   int mmu_idx, uintptr_t retaddr);
 
 #define cpu_list alpha_cpu_list
 #define cpu_exec cpu_alpha_exec
diff --git a/target-alpha/mem_helper.c b/target-alpha/mem_helper.c
index 7f4d15f..cfb4898 100644
--- a/target-alpha/mem_helper.c
+++ b/target-alpha/mem_helper.c
@@ -98,8 +98,8 @@ uint64_t helper_stq_c_phys(CPUAlphaState *env, uint64_t p, 
uint64_t v)
 return ret;
 }
 
-void alpha_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-   int is_write, int is_user, uintptr_t 
retaddr)
+void alpha_cpu_do_unaligned_access(CPUState *cs, vaddr addr, int access_type,
+   int mmu_idx, uintptr_t retaddr)
 {
 AlphaCPU *cpu = ALPHA_CPU(cs);
 CPUAlphaState *env = >env;
diff --git a/target-arm/internals.h b/target-arm/internals.h
index 728ecba..6d469bf 100644
--- a/target-arm/internals.h
+++ b/target-arm/internals.h
@@ -476,7 +476,7 @@ bool arm_tlb_fill(CPUState *cpu, vaddr address, int rw, int 
mmu_idx,
 bool arm_s1_regime_using_lpae_format(CPUARMState *env, ARMMMUIdx mmu_idx);
 
 /* Raise a data fault alignment exception for the specified virtual address */
-void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr, int is_write,
- int is_user, uintptr_t retaddr);
+void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr, int access_type,
+ int mmu_idx, uintptr_t retaddr);
 
 #endif
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index 35912a1..04316b5 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -79,7 +79,7 @@ uint32_t HELPER(neon_tbl)(CPUARMState *env, uint32_t ireg, 
uint32_t def,
 static inline uint32_t merge_syn_data_abort(uint32_t template_syn,
 unsigned int target_el,
 bool same_el,
-bool s1ptw, int is_write,
+bool s1ptw, bool is_write,
 int fsc)
 {
 uint32_t syn;
@@ -97,7 +97,7 @@ static inline uint32_t merge_syn_data_abort(uint32_t 
template_syn,
 

Re: [Qemu-devel] [PATCH 4/6] trace: Add per-vCPU tracing states for events with the 'vcpu' property

[Stefan Hajnoczi]

On Thu, Jun 09, 2016 at 04:17:11PM +0200, Lluís Vilanova wrote:
> >> @@ -61,7 +69,7 @@ static inline bool 
> >> trace_event_get_state_static(TraceEvent *ev)
> >> static inline bool trace_event_get_state_dynamic_by_id(TraceEventID id)
> >> {
> >> /* it's on fast path, avoid consistency checks (asserts) */
> >> -return unlikely(trace_events_enabled_count) && 
> >> trace_events_dstate[id];
> >> +return unlikely(trace_events_enabled_count) && 
> >> (trace_events_dstate[id] > 0);
> 
> > typeof(trace_events_dstate[0]) is size_t, so trace_events_dstate[id] > 0
> > is equivalent to trace_events_dstate[id] (due to unsigned).  Why change
> > this line?
> 
> Sorry, I have a tendency to make this type of checks explicit when the types 
> are
> not boolean (for a maybe-false sense of future-proofing). I can leave it as it
> was if it bothers you.

When reviewing patches I try to understand each change.  When I don't
see a reason for a change I need to ask.

In general it's easier to leave code as-is unless there is a need to
change it.  But there are no hard rules :).

> >> +void trace_event_set_state_dynamic(TraceEvent *ev, bool state)
> >> +{
> >> +CPUState *cpu;
> >> +assert(ev != NULL);
> >> +assert(trace_event_get_state_static(ev));
> >> +if (trace_event_get_cpu_id(ev) != trace_event_cpu_count()) {
> >> +CPU_FOREACH(cpu) {
> >> +trace_event_set_cpu_state_dynamic(cpu, ev, state);
> >> +}
> >> +} else {
> >> +TraceEventID id = trace_event_get_id(ev);
> >> +trace_events_enabled_count += state - trace_events_dstate[id];
> >> +trace_events_dstate[id] = state;
> >> +}
> >> +}
> 
> > I find it a little confusing to use different semantics for
> > trace_events_dstate[] elements depending on trace_event_get_cpu_id(ev)
> > != trace_event_cpu_count().  In other words, it either acts as a vcpu
> > enabled counter or as an enable/disable flag.
> 
> > That said, it's nice to preserve the non-cpu_id case since it was
> > written by Paolo as a performance optimization.  Changing it could
> > introduce a regression so I think your approach is okay.
> 
> Yes, it's a bit messy. I'll add some proper documentation about how this is
> interpreted.

Thanks!

> > The number of cpus has type int (see CPUState *qemu_get_cpu(int index)).
> 
> > Why did you choose size_t?
> 
> It just sounds proper to me to use size_t, since the state can never be 
> negative
> (it's either interpreted as a boolean or as an unsigned counter, depending on
> the "vcpu" property).

If you feel strongly about it, feel free to keep it.  Alternative
reasoning about the type:

int is the CPU index type used in qemu_get_cpu().  It is guaranteed to
be large enough for the vcpu count.  IMO there's no need to select a new
type, but there's more...

size_t is larger than necessary on 64-bit machines and has an impact on
the CPU cache performance that Paolo's optimization takes advantage of
(if you trigger adjacent trace event IDs they will probably already be
in cache).

size_t made me have to think hard when reading the "int += bool -
size_t" statement for updating trace_events_enabled_count.

If int is used then it's clear that int = (int)bool - int will be one of
[-1, 0, +1].

But with size_t you have to starting wondering whether the type coercion
is portable and works as expected:

int = (int)((size_t)bool - size_t);

In "6.3.1.3 Signed and unsigned integers" the C99 standard says:

  [If] the new type is signed and the value cannot be represented in
  it; either the result is implementation-defined or an
  implementation-defined signal is raised.

The size_t -> int conversion is therefore implementation-defined.  This
is not portable although QEMU probably does it in many places.

So for these reasons, I think int is the natural choice.

Stefan


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH 0/2] Fix confusing argument names in some common functions

[Sergey Sorokin]

There are functions tlb_fill(), cpu_unaligned_access() and
do_unaligned_access() that are called with access type and mmu index
arguments. But these arguments are named 'is_write' and 'is_user' in their
declarations. The patches fix the names to avoid a confusion.

Sergey Sorokin (2):
  Fix confusing argument names of do_unaligned_access() functions
  Fix a confusing argument name in tlb_fill() function

 include/exec/exec-all.h   |  2 +-
 include/qom/cpu.h |  8 
 target-alpha/cpu.h|  4 ++--
 target-alpha/mem_helper.c |  8 
 target-arm/internals.h|  4 ++--
 target-arm/op_helper.c| 27 +++
 target-cris/op_helper.c   |  4 ++--
 target-i386/mem_helper.c  |  4 ++--
 target-lm32/op_helper.c   |  4 ++--
 target-m68k/op_helper.c   |  4 ++--
 target-microblaze/op_helper.c |  4 ++--
 target-mips/cpu.h |  4 ++--
 target-mips/op_helper.c   |  6 +++---
 target-moxie/helper.c |  4 ++--
 target-openrisc/mmu_helper.c  |  4 ++--
 target-ppc/mmu_helper.c   |  6 +++---
 target-s390x/mem_helper.c |  4 ++--
 target-sh4/op_helper.c|  4 ++--
 target-sparc/cpu.h|  5 +++--
 target-sparc/ldst_helper.c|  9 +
 target-tricore/op_helper.c|  4 ++--
 target-unicore32/op_helper.c  |  4 ++--
 target-xtensa/cpu.h   |  4 ++--
 target-xtensa/op_helper.c | 10 ++
 24 files changed, 74 insertions(+), 67 deletions(-)

-- 
1.9.3

[Qemu-devel] [PATCH] hw/sh4/sh_pci.c: Use ldl_le_p() and stl_le_p()

[Peter Maydell]

Use ldl_le_p() and stl_le_p() instead of le32_to_cpup() and
cpu_to_le32w(); the former handle misaligned addresses and don't
need casts, and the latter are deprecated.

Signed-off-by: Peter Maydell 
---
 hw/sh4/sh_pci.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/sh4/sh_pci.c b/hw/sh4/sh_pci.c
index e820a32..1747628 100644
--- a/hw/sh4/sh_pci.c
+++ b/hw/sh4/sh_pci.c
@@ -55,7 +55,7 @@ static void sh_pci_reg_write (void *p, hwaddr addr, uint64_t 
val,
 
 switch(addr) {
 case 0 ... 0xfc:
-cpu_to_le32w((uint32_t*)(pcic->dev->config + addr), val);
+stl_le_p(pcic->dev->config + addr, val);
 break;
 case 0x1c0:
 pcic->par = val;
@@ -85,7 +85,7 @@ static uint64_t sh_pci_reg_read (void *p, hwaddr addr,
 
 switch(addr) {
 case 0 ... 0xfc:
-return le32_to_cpup((uint32_t*)(pcic->dev->config + addr));
+return ldl_le_p(pcic->dev->config + addr);
 case 0x1c0:
 return pcic->par;
 case 0x1c4:
-- 
1.9.1

[Qemu-devel] [PATCH v2] migration: Don't use *_to_cpup() and cpu_to_*w()

[Peter Maydell]

The *_to_cpup() and cpu_to_*w() functions just compose a pointer
dereference with a byteswap. Instead use ld*_p() and st*_p(),
which handle potential pointer misalignment and avoid the need
to cast the pointer.

Signed-off-by: Peter Maydell 
---
Changes v1->v2: fix cpu_to_*w() uses too.

The motivation here is that I'd like to get rid of _to_cpup()
and cpu_to_*w() entirely: we don't have many places that use them.
---
 migration/migration.c | 12 ++--
 migration/savevm.c|  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index 7ecbade..551da0a 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1381,7 +1381,7 @@ static void *source_return_path_thread(void *opaque)
 /* OK, we have the message and the data */
 switch (header_type) {
 case MIG_RP_MSG_SHUT:
-sibling_error = be32_to_cpup((uint32_t *)buf);
+sibling_error = ldl_be_p(buf);
 trace_source_return_path_thread_shut(sibling_error);
 if (sibling_error) {
 error_report("RP: Sibling indicated error %d", sibling_error);
@@ -1395,13 +1395,13 @@ static void *source_return_path_thread(void *opaque)
 goto out;
 
 case MIG_RP_MSG_PONG:
-tmp32 = be32_to_cpup((uint32_t *)buf);
+tmp32 = ldl_be_p(buf);
 trace_source_return_path_thread_pong(tmp32);
 break;
 
 case MIG_RP_MSG_REQ_PAGES:
-start = be64_to_cpup((uint64_t *)buf);
-len = be32_to_cpup((uint32_t *)(buf + 8));
+start = ldq_be_p(buf);
+len = ldl_be_p(buf + 8);
 migrate_handle_rp_req_pages(ms, NULL, start, len);
 break;
 
@@ -1409,8 +1409,8 @@ static void *source_return_path_thread(void *opaque)
 expected_len = 12 + 1; /* header + termination */
 
 if (header_len >= expected_len) {
-start = be64_to_cpup((uint64_t *)buf);
-len = be32_to_cpup((uint32_t *)(buf + 8));
+start = ldq_be_p(buf);
+len = ldl_be_p(buf + 8);
 /* Now we expect an idstr */
 tmp32 = buf[12]; /* Length of the following idstr */
 buf[13 + tmp32] = '\0';
diff --git a/migration/savevm.c b/migration/savevm.c
index 6c21231..7da46a6 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -822,9 +822,9 @@ void qemu_savevm_send_postcopy_ram_discard(QEMUFile *f, 
const char *name,
 buf[tmplen++] = '\0';
 
 for (t = 0; t < len; t++) {
-cpu_to_be64w((uint64_t *)(buf + tmplen), start_list[t]);
+stq_be_p(buf + tmplen, start_list[t]);
 tmplen += 8;
-cpu_to_be64w((uint64_t *)(buf + tmplen), length_list[t]);
+stq_be_p(buf + tmplen, length_list[t]);
 tmplen += 8;
 }
 qemu_savevm_command_send(f, MIG_CMD_POSTCOPY_RAM_DISCARD, tmplen, buf);
-- 
1.9.1

[Qemu-devel] [PATCH 2/6] block: Make .bdrv_load_vmstate() vectored

[Kevin Wolf]

This brings it in line with .bdrv_save_vmstate().

Signed-off-by: Kevin Wolf 
---
 block/io.c| 26 +-
 block/qcow2.c |  6 +++---
 block/sheepdog.c  | 13 ++---
 include/block/block.h |  1 +
 include/block/block_int.h |  4 ++--
 5 files changed, 37 insertions(+), 13 deletions(-)

diff --git a/block/io.c b/block/io.c
index 11510cf..602c7d3 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1862,13 +1862,29 @@ int bdrv_writev_vmstate(BlockDriverState *bs, 
QEMUIOVector *qiov, int64_t pos)
 int bdrv_load_vmstate(BlockDriverState *bs, uint8_t *buf,
   int64_t pos, int size)
 {
+QEMUIOVector qiov;
+struct iovec iov = {
+.iov_base   = buf,
+.iov_len= size,
+};
+int ret;
+
+qemu_iovec_init_external(, , 1);
+return bdrv_readv_vmstate(bs, , pos);
+}
+
+int bdrv_readv_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos)
+{
 BlockDriver *drv = bs->drv;
-if (!drv)
+
+if (!drv) {
 return -ENOMEDIUM;
-if (drv->bdrv_load_vmstate)
-return drv->bdrv_load_vmstate(bs, buf, pos, size);
-if (bs->file)
-return bdrv_load_vmstate(bs->file->bs, buf, pos, size);
+} else if (drv->bdrv_load_vmstate) {
+return drv->bdrv_load_vmstate(bs, qiov, pos);
+} else if (bs->file) {
+return bdrv_readv_vmstate(bs->file->bs, qiov, pos);
+}
+
 return -ENOTSUP;
 }
 
diff --git a/block/qcow2.c b/block/qcow2.c
index cb55e2d..72ae2bf 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -2920,8 +2920,8 @@ static int qcow2_save_vmstate(BlockDriverState *bs, 
QEMUIOVector *qiov,
 return ret;
 }
 
-static int qcow2_load_vmstate(BlockDriverState *bs, uint8_t *buf,
-  int64_t pos, int size)
+static int qcow2_load_vmstate(BlockDriverState *bs, QEMUIOVector *qiov,
+  int64_t pos)
 {
 BDRVQcow2State *s = bs->opaque;
 bool zero_beyond_eof = bs->zero_beyond_eof;
@@ -2929,7 +2929,7 @@ static int qcow2_load_vmstate(BlockDriverState *bs, 
uint8_t *buf,
 
 BLKDBG_EVENT(bs->file, BLKDBG_VMSTATE_LOAD);
 bs->zero_beyond_eof = false;
-ret = bdrv_pread(bs, qcow2_vm_state_offset(s) + pos, buf, size);
+ret = bdrv_preadv(bs, qcow2_vm_state_offset(s) + pos, qiov);
 bs->zero_beyond_eof = zero_beyond_eof;
 
 return ret;
diff --git a/block/sheepdog.c b/block/sheepdog.c
index 23fbace..ef5d044 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -2784,12 +2784,19 @@ static int sd_save_vmstate(BlockDriverState *bs, 
QEMUIOVector *qiov,
 return ret;
 }
 
-static int sd_load_vmstate(BlockDriverState *bs, uint8_t *data,
-   int64_t pos, int size)
+static int sd_load_vmstate(BlockDriverState *bs, QEMUIOVector *qiov,
+   int64_t pos)
 {
 BDRVSheepdogState *s = bs->opaque;
+void *buf;
+int ret;
 
-return do_load_save_vmstate(s, data, pos, size, 1);
+buf = qemu_blockalign(bs, qiov->size);
+ret = do_load_save_vmstate(s, buf, pos, qiov->size, 1);
+qemu_iovec_from_buf(qiov, 0, buf, qiov->size);
+qemu_vfree(buf);
+
+return ret;
 }
 
 
diff --git a/include/block/block.h b/include/block/block.h
index aca7f23..a158575 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -428,6 +428,7 @@ void path_combine(char *dest, int dest_size,
   const char *base_path,
   const char *filename);
 
+int bdrv_readv_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos);
 int bdrv_writev_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos);
 int bdrv_save_vmstate(BlockDriverState *bs, const uint8_t *buf,
   int64_t pos, int size);
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 8a4963c..f9a32cc 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -226,8 +226,8 @@ struct BlockDriver {
 
 int (*bdrv_save_vmstate)(BlockDriverState *bs, QEMUIOVector *qiov,
  int64_t pos);
-int (*bdrv_load_vmstate)(BlockDriverState *bs, uint8_t *buf,
- int64_t pos, int size);
+int (*bdrv_load_vmstate)(BlockDriverState *bs, QEMUIOVector *qiov,
+ int64_t pos);
 
 int (*bdrv_change_backing_file)(BlockDriverState *bs,
 const char *backing_file, const char *backing_fmt);
-- 
1.8.3.1

[Qemu-devel] [PATCH] nbd: Don't use cpu_to_*w() functions

[Peter Maydell]

The cpu_to_*w() functions just compose a pointer dereference
with a byteswap. Instead use st*_p(), which handles potential
pointer misalignment and avoids the need to cast the pointer.

Signed-off-by: Peter Maydell 
---
 nbd/client.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/nbd/client.c b/nbd/client.c
index bb8981f..6d9c74d 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -686,11 +686,11 @@ ssize_t nbd_send_request(QIOChannel *ioc, struct 
nbd_request *request)
   "{ .from = %" PRIu64", .len = %u, .handle = %" PRIu64", .type=%i}",
   request->from, request->len, request->handle, request->type);
 
-cpu_to_be32w((uint32_t*)buf, NBD_REQUEST_MAGIC);
-cpu_to_be32w((uint32_t*)(buf + 4), request->type);
-cpu_to_be64w((uint64_t*)(buf + 8), request->handle);
-cpu_to_be64w((uint64_t*)(buf + 16), request->from);
-cpu_to_be32w((uint32_t*)(buf + 24), request->len);
+stl_be_p(buf, NBD_REQUEST_MAGIC);
+stl_be_p(buf + 4, request->type);
+stq_be_p(buf + 8, request->handle);
+stq_be_p(buf + 16, request->from);
+stl_be_p(buf + 24, request->len);
 
 ret = write_sync(ioc, buf, sizeof(buf));
 if (ret < 0) {
-- 
1.9.1

[Qemu-devel] [PATCH 1/6] block: Introduce bdrv_preadv()

[Kevin Wolf]

We already have a byte-based bdrv_pwritev(), but the read counterpart
was still missing. This commit adds it.

Signed-off-by: Kevin Wolf 
---
 block/io.c| 20 +---
 include/block/block.h |  1 +
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/block/io.c b/block/io.c
index b3d6228..11510cf 100644
--- a/block/io.c
+++ b/block/io.c
@@ -700,6 +700,18 @@ int bdrv_make_zero(BlockDriverState *bs, BdrvRequestFlags 
flags)
 }
 }
 
+int bdrv_preadv(BlockDriverState *bs, int64_t offset, QEMUIOVector *qiov)
+{
+int ret;
+
+ret = bdrv_prwv_co(bs, offset, qiov, false, 0);
+if (ret < 0) {
+return ret;
+}
+
+return qiov->size;
+}
+
 int bdrv_pread(BlockDriverState *bs, int64_t offset, void *buf, int bytes)
 {
 QEMUIOVector qiov;
@@ -707,19 +719,13 @@ int bdrv_pread(BlockDriverState *bs, int64_t offset, void 
*buf, int bytes)
 .iov_base = (void *)buf,
 .iov_len = bytes,
 };
-int ret;
 
 if (bytes < 0) {
 return -EINVAL;
 }
 
 qemu_iovec_init_external(, , 1);
-ret = bdrv_prwv_co(bs, offset, , false, 0);
-if (ret < 0) {
-return ret;
-}
-
-return bytes;
+return bdrv_preadv(bs, offset, );
 }
 
 int bdrv_pwritev(BlockDriverState *bs, int64_t offset, QEMUIOVector *qiov)
diff --git a/include/block/block.h b/include/block/block.h
index fb0078f..aca7f23 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -232,6 +232,7 @@ int bdrv_pwrite_zeroes(BlockDriverState *bs, int64_t offset,
 int bdrv_make_zero(BlockDriverState *bs, BdrvRequestFlags flags);
 int bdrv_pread(BlockDriverState *bs, int64_t offset,
void *buf, int count);
+int bdrv_preadv(BlockDriverState *bs, int64_t offset, QEMUIOVector *qiov);
 int bdrv_pwrite(BlockDriverState *bs, int64_t offset,
 const void *buf, int count);
 int bdrv_pwritev(BlockDriverState *bs, int64_t offset, QEMUIOVector *qiov);
-- 
1.8.3.1

Re: [Qemu-devel] [RFC 02/10] softmmu_llsc_template.h: Move to multi-threading

[Alex Bennée]

Sergey Fedorov  writes:

> On 26/05/16 19:35, Alvise Rigo wrote:
>> Using tcg_exclusive_{lock,unlock}(), make the emulation of
>> LoadLink/StoreConditional thread safe.
>>
>> During an LL access, this lock protects the load access itself, the
>> update of the exclusive history and the update of the VCPU's protected
>> range.  In a SC access, the lock protects the store access itself, the
>> possible reset of other VCPUs' protected range and the reset of the
>> exclusive context of calling VCPU.
>>
>> The lock is also taken when a normal store happens to access an
>> exclusive page to reset other VCPUs' protected range in case of
>> collision.
>
> I think the key problem here is that the load in LL helper can race with
> a concurrent regular fast-path store. It's probably easier to annotate
> the source here:
>
>  1  WORD_TYPE helper_ldlink_name(CPUArchState *env, target_ulong addr,
>  2  TCGMemOpIdx oi, uintptr_t retaddr)
>  3  {
>  4  WORD_TYPE ret;
>  5  int index;
>  6  CPUState *this_cpu = ENV_GET_CPU(env);
>  7  CPUClass *cc = CPU_GET_CLASS(this_cpu);
>  8  hwaddr hw_addr;
>  9  unsigned mmu_idx = get_mmuidx(oi);
>
> 10  index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
>
> 11  tcg_exclusive_lock();
>
> 12  /* Use the proper load helper from cpu_ldst.h */
> 13  ret = helper_ld(env, addr, oi, retaddr);
>
> 14  /* hw_addr = hwaddr of the page (i.e. section->mr->ram_addr
> + xlat)
> 15   * plus the offset (i.e. addr & ~TARGET_PAGE_MASK) */
> 16  hw_addr = (env->iotlb[mmu_idx][index].addr &
> TARGET_PAGE_MASK) + addr;
> 17  if (likely(!(env->tlb_table[mmu_idx][index].addr_read &
> TLB_MMIO))) {
> 18  /* If all the vCPUs have the EXCL bit set for this page
> there is no need
> 19   * to request any flush. */
> 20  if (cpu_physical_memory_set_excl(hw_addr)) {
> 21  CPUState *cpu;
>
> 22  excl_history_put_addr(hw_addr);
> 23  CPU_FOREACH(cpu) {
> 24  if (this_cpu != cpu) {
> 25  tlb_flush_other(this_cpu, cpu, 1);
> 26  }
> 27  }
> 28  }
> 29  /* For this vCPU, just update the TLB entry, no need to
> flush. */
> 30  env->tlb_table[mmu_idx][index].addr_write |= TLB_EXCL;
> 31  } else {
> 32  /* Set a pending exclusive access in the MemoryRegion */
> 33  MemoryRegion *mr = iotlb_to_region(this_cpu,
> 34
> env->iotlb[mmu_idx][index].addr,
> 35
> env->iotlb[mmu_idx][index].attrs);
> 36  mr->pending_excl_access = true;
> 37  }
>
> 38  cc->cpu_set_excl_protected_range(this_cpu, hw_addr, DATA_SIZE);
>
> 39  tcg_exclusive_unlock();
>
> 40  /* From now on we are in LL/SC context */
> 41  this_cpu->ll_sc_context = true;
>
> 42  return ret;
> 43  }
>
>
> The exclusive lock at line 11 doesn't help if concurrent fast-patch
> store at this address occurs after we finished load at line 13 but
> before TLB is flushed as a result of line 25. If we reorder the load to
> happen after the TLB flush request we still must be sure that the flush
> is complete before we can do the load safely.

I think this can be fixed using async_safe_run_on_cpu and tweaking the
ldlink helper.

  * Change the helper_ldlink call
- pass it offset-of(cpu->reg[n]) so it can store result of load
- maybe pass it next-pc (unless there is some other way to know)

  vCPU runs until the ldlink instruction occurs and jumps to the helper

  * Once in the helper_ldlink
- queue up an async helper function with info of offset
- cpu_loop_exit_restore(with next PC)

  vCPU the issued the ldlink exits immediately, waits until all vCPUs are
  out of generated code.

  * Once in helper_ldlink async helper
- Everything at this point is quiescent, no vCPU activity
- Flush all TLBs/set flags
- Do the load from memory, store directly into cpu->reg[n]

The key thing is once we are committed to load in the async helper
nothing else can get in the way. Any stores before we are in the helper
happen as normal, once we exit the async helper all potential
conflicting stores will slow path.

There is a little messing about in knowing the next PC which is simple
in the ARM case but gets a bit more complicated for architectures that
have deferred jump slots. I haven't looked into this nit yet.

>
>>
>> Moreover, adapt target-arm to also cope with the new multi-threaded
>> execution.
>>
>> Signed-off-by: Alvise Rigo 
>> ---
>>  softmmu_llsc_template.h | 11 +--
>>  softmmu_template.h  |  6 ++
>>  target-arm/op_helper.c  |  6 ++
>>  3 files changed, 21 insertions(+), 2 deletions(-)
>>
>> diff --git a/softmmu_llsc_template.h 

[Qemu-devel] [PATCH 6/6] block: Remove bs->zero_beyond_eof

[Kevin Wolf]

It is always true for open images now.

Signed-off-by: Kevin Wolf 
---
 block.c   |  2 --
 block/io.c| 51 +--
 include/block/block_int.h |  3 ---
 3 files changed, 23 insertions(+), 33 deletions(-)

diff --git a/block.c b/block.c
index 3d850a2..b350794 100644
--- a/block.c
+++ b/block.c
@@ -938,7 +938,6 @@ static int bdrv_open_common(BlockDriverState *bs, BdrvChild 
*file,
 }
 
 bs->request_alignment = drv->bdrv_co_preadv ? 1 : 512;
-bs->zero_beyond_eof = true;
 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
 
 if (use_bdrv_whitelist && !bdrv_is_whitelisted(drv, bs->read_only)) {
@@ -2192,7 +2191,6 @@ static void bdrv_close(BlockDriverState *bs)
 bs->encrypted = 0;
 bs->valid_key = 0;
 bs->sg = 0;
-bs->zero_beyond_eof = false;
 QDECREF(bs->options);
 QDECREF(bs->explicit_options);
 bs->options = NULL;
diff --git a/block/io.c b/block/io.c
index adf2726..d504443 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1000,40 +1000,35 @@ static int coroutine_fn 
bdrv_aligned_preadv(BlockDriverState *bs,
 }
 
 /* Forward the request to the BlockDriver */
-if (!bs->zero_beyond_eof) {
-ret = bdrv_driver_preadv(bs, offset, bytes, qiov, 0);
-} else {
-/* Read zeros after EOF */
-int64_t total_bytes, max_bytes;
+int64_t total_bytes, max_bytes;
 
-total_bytes = bdrv_getlength(bs);
-if (total_bytes < 0) {
-ret = total_bytes;
-goto out;
-}
+total_bytes = bdrv_getlength(bs);
+if (total_bytes < 0) {
+ret = total_bytes;
+goto out;
+}
 
-max_bytes = ROUND_UP(MAX(0, total_bytes - offset), align);
-if (bytes < max_bytes) {
-ret = bdrv_driver_preadv(bs, offset, bytes, qiov, 0);
-} else if (max_bytes > 0) {
-QEMUIOVector local_qiov;
+max_bytes = ROUND_UP(MAX(0, total_bytes - offset), align);
+if (bytes < max_bytes) {
+ret = bdrv_driver_preadv(bs, offset, bytes, qiov, 0);
+} else if (max_bytes > 0) {
+QEMUIOVector local_qiov;
 
-qemu_iovec_init(_qiov, qiov->niov);
-qemu_iovec_concat(_qiov, qiov, 0, max_bytes);
+qemu_iovec_init(_qiov, qiov->niov);
+qemu_iovec_concat(_qiov, qiov, 0, max_bytes);
 
-ret = bdrv_driver_preadv(bs, offset, max_bytes, _qiov, 0);
+ret = bdrv_driver_preadv(bs, offset, max_bytes, _qiov, 0);
 
-qemu_iovec_destroy(_qiov);
-} else {
-ret = 0;
-}
+qemu_iovec_destroy(_qiov);
+} else {
+ret = 0;
+}
 
-/* Reading beyond end of file is supposed to produce zeroes */
-if (ret == 0 && total_bytes < offset + bytes) {
-uint64_t zero_offset = MAX(0, total_bytes - offset);
-uint64_t zero_bytes = offset + bytes - zero_offset;
-qemu_iovec_memset(qiov, zero_offset, 0, zero_bytes);
-}
+/* Reading beyond end of file is supposed to produce zeroes */
+if (ret == 0 && total_bytes < offset + bytes) {
+uint64_t zero_offset = MAX(0, total_bytes - offset);
+uint64_t zero_bytes = offset + bytes - zero_offset;
+qemu_iovec_memset(qiov, zero_offset, 0, zero_bytes);
 }
 
 out:
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 1fe0811..16c43e2 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -451,9 +451,6 @@ struct BlockDriverState {
 /* I/O Limits */
 BlockLimits bl;
 
-/* Whether produces zeros when read beyond eof */
-bool zero_beyond_eof;
-
 /* Alignment requirement for offset/length of I/O requests */
 unsigned int request_alignment;
 /* Flags honored during pwrite (so far: BDRV_REQ_FUA) */
-- 
1.8.3.1

[Qemu-devel] [PATCH 0/6] block: bdrv_load/save_vmstate() cleanups

[Kevin Wolf]

This series contains a few cleanups with respect to the vmstate I/O functions.
Apart from making the interface more consistent (writes were already vectored,
but not reads), this makes use of the new byte-based .bdrv_co_preadv/pwritev
callbacks in qcow2 to get rid of a few hacks, including bs->zero_beyond_eof.

Kevin Wolf (6):
  block: Introduce bdrv_preadv()
  block: Make .bdrv_load_vmstate() vectored
  block: Allow .bdrv_load/save_vmstate() to return 0/-errno
  block: Make bdrv_load/save_vmstate coroutine_fns
  qcow2: Let vmstate call qcow2_co_preadv/pwrite directly
  block: Remove bs->zero_beyond_eof

 block.c   |   2 -
 block/io.c| 173 +++---
 block/qcow2.c |  28 ++--
 block/sheepdog.c  |  13 +++-
 include/block/block.h |   2 +
 include/block/block_int.h |  13 ++--
 6 files changed, 143 insertions(+), 88 deletions(-)

-- 
1.8.3.1

[Qemu-devel] [PATCH 5/6] qcow2: Let vmstate call qcow2_co_preadv/pwrite directly

[Kevin Wolf]

We don't really want to go through the block layer in order to read from
or write to the vmstate in a qcow2 image. Doing so required a few ugly
hacks like saving and restoring the old image size (because writing to
vmstate offsets would increase the image size) or disabling the "reads
after EOF = zeroes" logic. When calling the right functions directly,
these hacks aren't necessary any more.

Note that .bdrv_vmstate_load/save() return 0 instead of the number of
bytes in case of success now.

Signed-off-by: Kevin Wolf 
---
 block/qcow2.c | 24 
 1 file changed, 4 insertions(+), 20 deletions(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index 72ae2bf..c40baca 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -2903,36 +2903,20 @@ static int qcow2_save_vmstate(BlockDriverState *bs, 
QEMUIOVector *qiov,
   int64_t pos)
 {
 BDRVQcow2State *s = bs->opaque;
-int64_t total_sectors = bs->total_sectors;
-bool zero_beyond_eof = bs->zero_beyond_eof;
-int ret;
 
 BLKDBG_EVENT(bs->file, BLKDBG_VMSTATE_SAVE);
-bs->zero_beyond_eof = false;
-ret = bdrv_pwritev(bs, qcow2_vm_state_offset(s) + pos, qiov);
-bs->zero_beyond_eof = zero_beyond_eof;
-
-/* bdrv_co_do_writev will have increased the total_sectors value to include
- * the VM state - the VM state is however not an actual part of the block
- * device, therefore, we need to restore the old value. */
-bs->total_sectors = total_sectors;
-
-return ret;
+return bs->drv->bdrv_co_pwritev(bs, qcow2_vm_state_offset(s) + pos,
+qiov->size, qiov, 0);
 }
 
 static int qcow2_load_vmstate(BlockDriverState *bs, QEMUIOVector *qiov,
   int64_t pos)
 {
 BDRVQcow2State *s = bs->opaque;
-bool zero_beyond_eof = bs->zero_beyond_eof;
-int ret;
 
 BLKDBG_EVENT(bs->file, BLKDBG_VMSTATE_LOAD);
-bs->zero_beyond_eof = false;
-ret = bdrv_preadv(bs, qcow2_vm_state_offset(s) + pos, qiov);
-bs->zero_beyond_eof = zero_beyond_eof;
-
-return ret;
+return bs->drv->bdrv_co_preadv(bs, qcow2_vm_state_offset(s) + pos,
+   qiov->size, qiov, 0);
 }
 
 /*
-- 
1.8.3.1

[Qemu-devel] [PATCH 4/6] block: Make bdrv_load/save_vmstate coroutine_fns

[Kevin Wolf]

This allows drivers to share code between normal I/O and vmstate
accesses.

Signed-off-by: Kevin Wolf 
---
 block/io.c| 80 ++-
 include/block/block_int.h | 10 +++---
 2 files changed, 64 insertions(+), 26 deletions(-)

diff --git a/block/io.c b/block/io.c
index bca244c..adf2726 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1831,6 +1831,62 @@ int bdrv_write_compressed(BlockDriverState *bs, int64_t 
sector_num,
 return drv->bdrv_write_compressed(bs, sector_num, buf, nb_sectors);
 }
 
+typedef struct BdrvVmstateCo {
+BlockDriverState*bs;
+QEMUIOVector*qiov;
+int64_t pos;
+boolis_read;
+int ret;
+} BdrvVmstateCo;
+
+static int coroutine_fn
+bdrv_co_rw_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos,
+   bool is_read)
+{
+BlockDriver *drv = bs->drv;
+
+if (!drv) {
+return -ENOMEDIUM;
+} else if (drv->bdrv_load_vmstate) {
+return is_read ? drv->bdrv_load_vmstate(bs, qiov, pos)
+   : drv->bdrv_save_vmstate(bs, qiov, pos);
+} else if (bs->file) {
+return bdrv_co_rw_vmstate(bs->file->bs, qiov, pos, is_read);
+}
+
+return -ENOTSUP;
+}
+
+static void bdrv_co_rw_vmstate_entry(void *opaque)
+{
+BdrvVmstateCo *co = opaque;
+co->ret = bdrv_co_rw_vmstate(co->bs, co->qiov, co->pos, co->is_read);
+}
+
+static inline int
+bdrv_rw_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos,
+bool is_read)
+{
+if (qemu_in_coroutine()) {
+return bdrv_co_rw_vmstate(bs, qiov, pos, is_read);
+} else {
+BdrvVmstateCo data = {
+.bs = bs,
+.qiov   = qiov,
+.pos= pos,
+.is_read= is_read,
+.ret= -EINPROGRESS,
+};
+Coroutine *co = qemu_coroutine_create(bdrv_co_rw_vmstate_entry);
+
+qemu_coroutine_enter(co, );
+while (data.ret == -EINPROGRESS) {
+aio_poll(bdrv_get_aio_context(bs), true);
+}
+return data.ret;
+}
+}
+
 int bdrv_save_vmstate(BlockDriverState *bs, const uint8_t *buf,
   int64_t pos, int size)
 {
@@ -1853,17 +1909,7 @@ int bdrv_save_vmstate(BlockDriverState *bs, const 
uint8_t *buf,
 
 int bdrv_writev_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos)
 {
-BlockDriver *drv = bs->drv;
-
-if (!drv) {
-return -ENOMEDIUM;
-} else if (drv->bdrv_save_vmstate) {
-return drv->bdrv_save_vmstate(bs, qiov, pos);
-} else if (bs->file) {
-return bdrv_writev_vmstate(bs->file->bs, qiov, pos);
-}
-
-return -ENOTSUP;
+return bdrv_rw_vmstate(bs, qiov, pos, false);
 }
 
 int bdrv_load_vmstate(BlockDriverState *bs, uint8_t *buf,
@@ -1887,17 +1933,7 @@ int bdrv_load_vmstate(BlockDriverState *bs, uint8_t *buf,
 
 int bdrv_readv_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos)
 {
-BlockDriver *drv = bs->drv;
-
-if (!drv) {
-return -ENOMEDIUM;
-} else if (drv->bdrv_load_vmstate) {
-return drv->bdrv_load_vmstate(bs, qiov, pos);
-} else if (bs->file) {
-return bdrv_readv_vmstate(bs->file->bs, qiov, pos);
-}
-
-return -ENOTSUP;
+return bdrv_rw_vmstate(bs, qiov, pos, true);
 }
 
 /**/
diff --git a/include/block/block_int.h b/include/block/block_int.h
index f9a32cc..1fe0811 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -224,10 +224,12 @@ struct BlockDriver {
 int (*bdrv_get_info)(BlockDriverState *bs, BlockDriverInfo *bdi);
 ImageInfoSpecific *(*bdrv_get_specific_info)(BlockDriverState *bs);
 
-int (*bdrv_save_vmstate)(BlockDriverState *bs, QEMUIOVector *qiov,
- int64_t pos);
-int (*bdrv_load_vmstate)(BlockDriverState *bs, QEMUIOVector *qiov,
- int64_t pos);
+int coroutine_fn (*bdrv_save_vmstate)(BlockDriverState *bs,
+  QEMUIOVector *qiov,
+  int64_t pos);
+int coroutine_fn (*bdrv_load_vmstate)(BlockDriverState *bs,
+  QEMUIOVector *qiov,
+  int64_t pos);
 
 int (*bdrv_change_backing_file)(BlockDriverState *bs,
 const char *backing_file, const char *backing_fmt);
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH] migration: Don't use *_to_cpup()

[Peter Maydell]

On 10 June 2016 at 16:05, Eric Blake  wrote:
> On 06/10/2016 09:01 AM, Peter Maydell wrote:
>> The *_to_cpup() functions just compose a pointer dereference with
>> a *_to_cpu() byteswap. Instead use ld*_p(), which handles potential
>> pointer misaligment and avoids the need to cast the pointer.
>
> s/misaligment/misalignment/
>
>>
>> Signed-off-by: Peter Maydell 
>> ---
>> The motivation here is that I'd like to get rid of _to_cpup()
>> entirely: we don't have many places that use it.
>> ---
>>  migration/migration.c | 12 ++--
>>  1 file changed, 6 insertions(+), 6 deletions(-)
>>
>
> Reviewed-by: Eric Blake 

Thanks. I just noticed that I missed the use of cpu_to_be64w()
for loads, so I'll send a v2.

-- PMM

[Qemu-devel] [PATCH 3/6] block: Allow .bdrv_load/save_vmstate() to return 0/-errno

[Kevin Wolf]

The return value of .bdrv_load/save_vmstate() can be any non-negative
number in case of success now. It used to be bytes/-errno.

Signed-off-by: Kevin Wolf 
---
 block/io.c | 16 ++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/block/io.c b/block/io.c
index 602c7d3..bca244c 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1839,9 +1839,16 @@ int bdrv_save_vmstate(BlockDriverState *bs, const 
uint8_t *buf,
 .iov_base   = (void *) buf,
 .iov_len= size,
 };
+int ret;
 
 qemu_iovec_init_external(, , 1);
-return bdrv_writev_vmstate(bs, , pos);
+
+ret = bdrv_writev_vmstate(bs, , pos);
+if (ret < 0) {
+return ret;
+}
+
+return size;
 }
 
 int bdrv_writev_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos)
@@ -1870,7 +1877,12 @@ int bdrv_load_vmstate(BlockDriverState *bs, uint8_t *buf,
 int ret;
 
 qemu_iovec_init_external(, , 1);
-return bdrv_readv_vmstate(bs, , pos);
+ret = bdrv_readv_vmstate(bs, , pos);
+if (ret < 0) {
+return ret;
+}
+
+return size;
 }
 
 int bdrv_readv_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos)
-- 
1.8.3.1

Re: [Qemu-devel] [RFC 02/10] softmmu_llsc_template.h: Move to multi-threading

[alvise rigo]

This would require to fill again the whole history which I find very
unlikely. In any case, this has to be documented.

Thank you,
alvise

On Fri, Jun 10, 2016 at 6:00 PM, Sergey Fedorov  wrote:
> On 10/06/16 18:53, alvise rigo wrote:
>> On Fri, Jun 10, 2016 at 5:21 PM, Sergey Fedorov  wrote:
>>> On 26/05/16 19:35, Alvise Rigo wrote:
 Using tcg_exclusive_{lock,unlock}(), make the emulation of
 LoadLink/StoreConditional thread safe.

 During an LL access, this lock protects the load access itself, the
 update of the exclusive history and the update of the VCPU's protected
 range.  In a SC access, the lock protects the store access itself, the
 possible reset of other VCPUs' protected range and the reset of the
 exclusive context of calling VCPU.

 The lock is also taken when a normal store happens to access an
 exclusive page to reset other VCPUs' protected range in case of
 collision.
>>> I think the key problem here is that the load in LL helper can race with
>>> a concurrent regular fast-path store. It's probably easier to annotate
>>> the source here:
>>>
>>>  1  WORD_TYPE helper_ldlink_name(CPUArchState *env, target_ulong addr,
>>>  2  TCGMemOpIdx oi, uintptr_t retaddr)
>>>  3  {
>>>  4  WORD_TYPE ret;
>>>  5  int index;
>>>  6  CPUState *this_cpu = ENV_GET_CPU(env);
>>>  7  CPUClass *cc = CPU_GET_CLASS(this_cpu);
>>>  8  hwaddr hw_addr;
>>>  9  unsigned mmu_idx = get_mmuidx(oi);
>>>
>>> 10  index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
>>>
>>> 11  tcg_exclusive_lock();
>>>
>>> 12  /* Use the proper load helper from cpu_ldst.h */
>>> 13  ret = helper_ld(env, addr, oi, retaddr);
>>>
>>> 14  /* hw_addr = hwaddr of the page (i.e. section->mr->ram_addr
>>> + xlat)
>>> 15   * plus the offset (i.e. addr & ~TARGET_PAGE_MASK) */
>>> 16  hw_addr = (env->iotlb[mmu_idx][index].addr &
>>> TARGET_PAGE_MASK) + addr;
>>> 17  if (likely(!(env->tlb_table[mmu_idx][index].addr_read &
>>> TLB_MMIO))) {
>>> 18  /* If all the vCPUs have the EXCL bit set for this page
>>> there is no need
>>> 19   * to request any flush. */
>>> 20  if (cpu_physical_memory_set_excl(hw_addr)) {
>>> 21  CPUState *cpu;
>>>
>>> 22  excl_history_put_addr(hw_addr);
>>> 23  CPU_FOREACH(cpu) {
>>> 24  if (this_cpu != cpu) {
>>> 25  tlb_flush_other(this_cpu, cpu, 1);
>>> 26  }
>>> 27  }
>>> 28  }
>>> 29  /* For this vCPU, just update the TLB entry, no need to
>>> flush. */
>>> 30  env->tlb_table[mmu_idx][index].addr_write |= TLB_EXCL;
>>> 31  } else {
>>> 32  /* Set a pending exclusive access in the MemoryRegion */
>>> 33  MemoryRegion *mr = iotlb_to_region(this_cpu,
>>> 34
>>> env->iotlb[mmu_idx][index].addr,
>>> 35
>>> env->iotlb[mmu_idx][index].attrs);
>>> 36  mr->pending_excl_access = true;
>>> 37  }
>>>
>>> 38  cc->cpu_set_excl_protected_range(this_cpu, hw_addr, DATA_SIZE);
>>>
>>> 39  tcg_exclusive_unlock();
>>>
>>> 40  /* From now on we are in LL/SC context */
>>> 41  this_cpu->ll_sc_context = true;
>>>
>>> 42  return ret;
>>> 43  }
>>>
>>>
>>> The exclusive lock at line 11 doesn't help if concurrent fast-patch
>>> store at this address occurs after we finished load at line 13 but
>>> before TLB is flushed as a result of line 25. If we reorder the load to
>>> happen after the TLB flush request we still must be sure that the flush
>>> is complete before we can do the load safely.
>> You are right, the risk actually exists. One solution to the problem
>> could be to ignore the data acquired by the load and redo the LL after
>> the flushes have been completed (basically the disas_ctx->pc points to
>> the LL instruction). This time the LL will happen without flush
>> requests and the access will be actually protected by the lock.
>
> Yes, if some other CPU wouldn't evict an entry with the same address
> from the exclusive history...
>
> Kind regards,
> Sergey

Re: [Qemu-devel] [RFC 02/10] softmmu_llsc_template.h: Move to multi-threading

[Sergey Fedorov]

On 10/06/16 18:53, alvise rigo wrote:
> On Fri, Jun 10, 2016 at 5:21 PM, Sergey Fedorov  wrote:
>> On 26/05/16 19:35, Alvise Rigo wrote:
>>> Using tcg_exclusive_{lock,unlock}(), make the emulation of
>>> LoadLink/StoreConditional thread safe.
>>>
>>> During an LL access, this lock protects the load access itself, the
>>> update of the exclusive history and the update of the VCPU's protected
>>> range.  In a SC access, the lock protects the store access itself, the
>>> possible reset of other VCPUs' protected range and the reset of the
>>> exclusive context of calling VCPU.
>>>
>>> The lock is also taken when a normal store happens to access an
>>> exclusive page to reset other VCPUs' protected range in case of
>>> collision.
>> I think the key problem here is that the load in LL helper can race with
>> a concurrent regular fast-path store. It's probably easier to annotate
>> the source here:
>>
>>  1  WORD_TYPE helper_ldlink_name(CPUArchState *env, target_ulong addr,
>>  2  TCGMemOpIdx oi, uintptr_t retaddr)
>>  3  {
>>  4  WORD_TYPE ret;
>>  5  int index;
>>  6  CPUState *this_cpu = ENV_GET_CPU(env);
>>  7  CPUClass *cc = CPU_GET_CLASS(this_cpu);
>>  8  hwaddr hw_addr;
>>  9  unsigned mmu_idx = get_mmuidx(oi);
>>
>> 10  index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
>>
>> 11  tcg_exclusive_lock();
>>
>> 12  /* Use the proper load helper from cpu_ldst.h */
>> 13  ret = helper_ld(env, addr, oi, retaddr);
>>
>> 14  /* hw_addr = hwaddr of the page (i.e. section->mr->ram_addr
>> + xlat)
>> 15   * plus the offset (i.e. addr & ~TARGET_PAGE_MASK) */
>> 16  hw_addr = (env->iotlb[mmu_idx][index].addr &
>> TARGET_PAGE_MASK) + addr;
>> 17  if (likely(!(env->tlb_table[mmu_idx][index].addr_read &
>> TLB_MMIO))) {
>> 18  /* If all the vCPUs have the EXCL bit set for this page
>> there is no need
>> 19   * to request any flush. */
>> 20  if (cpu_physical_memory_set_excl(hw_addr)) {
>> 21  CPUState *cpu;
>>
>> 22  excl_history_put_addr(hw_addr);
>> 23  CPU_FOREACH(cpu) {
>> 24  if (this_cpu != cpu) {
>> 25  tlb_flush_other(this_cpu, cpu, 1);
>> 26  }
>> 27  }
>> 28  }
>> 29  /* For this vCPU, just update the TLB entry, no need to
>> flush. */
>> 30  env->tlb_table[mmu_idx][index].addr_write |= TLB_EXCL;
>> 31  } else {
>> 32  /* Set a pending exclusive access in the MemoryRegion */
>> 33  MemoryRegion *mr = iotlb_to_region(this_cpu,
>> 34
>> env->iotlb[mmu_idx][index].addr,
>> 35
>> env->iotlb[mmu_idx][index].attrs);
>> 36  mr->pending_excl_access = true;
>> 37  }
>>
>> 38  cc->cpu_set_excl_protected_range(this_cpu, hw_addr, DATA_SIZE);
>>
>> 39  tcg_exclusive_unlock();
>>
>> 40  /* From now on we are in LL/SC context */
>> 41  this_cpu->ll_sc_context = true;
>>
>> 42  return ret;
>> 43  }
>>
>>
>> The exclusive lock at line 11 doesn't help if concurrent fast-patch
>> store at this address occurs after we finished load at line 13 but
>> before TLB is flushed as a result of line 25. If we reorder the load to
>> happen after the TLB flush request we still must be sure that the flush
>> is complete before we can do the load safely.
> You are right, the risk actually exists. One solution to the problem
> could be to ignore the data acquired by the load and redo the LL after
> the flushes have been completed (basically the disas_ctx->pc points to
> the LL instruction). This time the LL will happen without flush
> requests and the access will be actually protected by the lock.

Yes, if some other CPU wouldn't evict an entry with the same address
from the exclusive history...

Kind regards,
Sergey

Re: [Qemu-devel] [PULL 00/15] tb hash improvements

[Peter Maydell]

On 10 June 2016 at 16:33, Peter Maydell <peter.mayd...@linaro.org> wrote:
> On 10 June 2016 at 15:26, Richard Henderson <r...@twiddle.net> wrote:
>> We're all good to go with v7.
>>
>>
>> r~
>>
>>
>> The following changes since commit 0c33682d5f29b0a4ae53bdec4c8e52e4fae37b34:
>>
>>   target-i386: Move user-mode exception actions out of user-exec.c 
>> (2016-06-09 15:55:02 +0100)
>>
>> are available in the git repository at:
>>
>>   git://github.com/rth7680/qemu.git tags/pull-tcg-20160610
>>
>> for you to fetch changes up to 9b1b8e78a5a8c849f5ca800d71497dc88a338483:
>>
>>   translate-all: add tb hash bucket info to 'info jit' dump (2016-06-10 
>> 07:21:54 -0700)
>>
>> 
>> TB hashing improvements
>
> Fails to build on ppc64be :-(

Also fails trying to build a test on 32-bit:

/home/petmay01/qemu/tests/qht-bench.c: In function 'pr_params':
/home/petmay01/qemu/tests/qht-bench.c:270:5: error: format '%zu'
expects argument of type 'size_t', but argument 2 has type 'long
unsigned int' [-Werror=format=]
 printf(" lookup range:  %zu\n", lookup_range);
 ^
/home/petmay01/qemu/tests/qht-bench.c:271:5: error: format '%zu'
expects argument of type 'size_t', but argument 2 has type 'long
unsigned int' [-Werror=format=]
 printf(" update range:  %zu\n", update_range);
 ^
cc1: all warnings being treated as errors

thanks
-- PMM

Re: [Qemu-devel] [RFC 02/10] softmmu_llsc_template.h: Move to multi-threading

[alvise rigo]

On Fri, Jun 10, 2016 at 5:21 PM, Sergey Fedorov  wrote:
> On 26/05/16 19:35, Alvise Rigo wrote:
>> Using tcg_exclusive_{lock,unlock}(), make the emulation of
>> LoadLink/StoreConditional thread safe.
>>
>> During an LL access, this lock protects the load access itself, the
>> update of the exclusive history and the update of the VCPU's protected
>> range.  In a SC access, the lock protects the store access itself, the
>> possible reset of other VCPUs' protected range and the reset of the
>> exclusive context of calling VCPU.
>>
>> The lock is also taken when a normal store happens to access an
>> exclusive page to reset other VCPUs' protected range in case of
>> collision.
>
> I think the key problem here is that the load in LL helper can race with
> a concurrent regular fast-path store. It's probably easier to annotate
> the source here:
>
>  1  WORD_TYPE helper_ldlink_name(CPUArchState *env, target_ulong addr,
>  2  TCGMemOpIdx oi, uintptr_t retaddr)
>  3  {
>  4  WORD_TYPE ret;
>  5  int index;
>  6  CPUState *this_cpu = ENV_GET_CPU(env);
>  7  CPUClass *cc = CPU_GET_CLASS(this_cpu);
>  8  hwaddr hw_addr;
>  9  unsigned mmu_idx = get_mmuidx(oi);
>
> 10  index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
>
> 11  tcg_exclusive_lock();
>
> 12  /* Use the proper load helper from cpu_ldst.h */
> 13  ret = helper_ld(env, addr, oi, retaddr);
>
> 14  /* hw_addr = hwaddr of the page (i.e. section->mr->ram_addr
> + xlat)
> 15   * plus the offset (i.e. addr & ~TARGET_PAGE_MASK) */
> 16  hw_addr = (env->iotlb[mmu_idx][index].addr &
> TARGET_PAGE_MASK) + addr;
> 17  if (likely(!(env->tlb_table[mmu_idx][index].addr_read &
> TLB_MMIO))) {
> 18  /* If all the vCPUs have the EXCL bit set for this page
> there is no need
> 19   * to request any flush. */
> 20  if (cpu_physical_memory_set_excl(hw_addr)) {
> 21  CPUState *cpu;
>
> 22  excl_history_put_addr(hw_addr);
> 23  CPU_FOREACH(cpu) {
> 24  if (this_cpu != cpu) {
> 25  tlb_flush_other(this_cpu, cpu, 1);
> 26  }
> 27  }
> 28  }
> 29  /* For this vCPU, just update the TLB entry, no need to
> flush. */
> 30  env->tlb_table[mmu_idx][index].addr_write |= TLB_EXCL;
> 31  } else {
> 32  /* Set a pending exclusive access in the MemoryRegion */
> 33  MemoryRegion *mr = iotlb_to_region(this_cpu,
> 34
> env->iotlb[mmu_idx][index].addr,
> 35
> env->iotlb[mmu_idx][index].attrs);
> 36  mr->pending_excl_access = true;
> 37  }
>
> 38  cc->cpu_set_excl_protected_range(this_cpu, hw_addr, DATA_SIZE);
>
> 39  tcg_exclusive_unlock();
>
> 40  /* From now on we are in LL/SC context */
> 41  this_cpu->ll_sc_context = true;
>
> 42  return ret;
> 43  }
>
>
> The exclusive lock at line 11 doesn't help if concurrent fast-patch
> store at this address occurs after we finished load at line 13 but
> before TLB is flushed as a result of line 25. If we reorder the load to
> happen after the TLB flush request we still must be sure that the flush
> is complete before we can do the load safely.

You are right, the risk actually exists. One solution to the problem
could be to ignore the data acquired by the load and redo the LL after
the flushes have been completed (basically the disas_ctx->pc points to
the LL instruction). This time the LL will happen without flush
requests and the access will be actually protected by the lock.

Regards,
alvise

>
>>
>> Moreover, adapt target-arm to also cope with the new multi-threaded
>> execution.
>>
>> Signed-off-by: Alvise Rigo 
>> ---
>>  softmmu_llsc_template.h | 11 +--
>>  softmmu_template.h  |  6 ++
>>  target-arm/op_helper.c  |  6 ++
>>  3 files changed, 21 insertions(+), 2 deletions(-)
>>
>> diff --git a/softmmu_llsc_template.h b/softmmu_llsc_template.h
>> index 2c4a494..d3810c0 100644
>> --- a/softmmu_llsc_template.h
>> +++ b/softmmu_llsc_template.h
>> @@ -62,11 +62,13 @@ WORD_TYPE helper_ldlink_name(CPUArchState *env, 
>> target_ulong addr,
>>  hwaddr hw_addr;
>>  unsigned mmu_idx = get_mmuidx(oi);
>>
>> +index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
>> +
>> +tcg_exclusive_lock();
>> +
>>  /* Use the proper load helper from cpu_ldst.h */
>>  ret = helper_ld(env, addr, oi, retaddr);
>>
>> -index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
>> -
>>  /* hw_addr = hwaddr of the page (i.e. section->mr->ram_addr + xlat)
>>   * plus the offset (i.e. addr & ~TARGET_PAGE_MASK) */
>>  hw_addr = (env->iotlb[mmu_idx][index].addr & TARGET_PAGE_MASK) + addr;
>> @@ -95,6 +97,8 @@ 

[Qemu-devel] [PATCH] hw/usb/dev-network.c: Use ldl_le_p() and stl_le_p()

[Peter Maydell]

Use stl_le_p() and ldl_le_p() to read and write data from
buffers, rather than using pointer casts and cpu_to_le32()
for writes and le32_to_cpup() for reads. This:
 * avoids lots of casts
 * works even if the buffer isn't as aligned as the host would like
 * avoids using the *_to_cpup() functions which we want to get rid of

Note that there may still be some places where a pointer from the
guest is cast to a pointer to a host structure; these would also
have to be changed for the device to work on a host CPU which
enforces alignment restrictions.

Signed-off-by: Peter Maydell 
---
 hw/usb/dev-network.c | 63 +---
 1 file changed, 30 insertions(+), 33 deletions(-)

diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
index 74306b5..5c18198 100644
--- a/hw/usb/dev-network.c
+++ b/hw/usb/dev-network.c
@@ -670,48 +670,49 @@ static int ndis_query(USBNetState *s, uint32_t oid,
 /* general oids (table 4-1) */
 /* mandatory */
 case OID_GEN_SUPPORTED_LIST:
-for (i = 0; i < ARRAY_SIZE(oid_supported_list); i++)
-((le32 *) outbuf)[i] = cpu_to_le32(oid_supported_list[i]);
+for (i = 0; i < ARRAY_SIZE(oid_supported_list); i++) {
+stl_le_p(outbuf + (i * sizeof(le32)), oid_supported_list[i]);
+}
 return sizeof(oid_supported_list);
 
 /* mandatory */
 case OID_GEN_HARDWARE_STATUS:
-*((le32 *) outbuf) = cpu_to_le32(0);
+stl_le_p(outbuf, 0);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_MEDIA_SUPPORTED:
-*((le32 *) outbuf) = cpu_to_le32(s->medium);
+stl_le_p(outbuf, s->medium);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_MEDIA_IN_USE:
-*((le32 *) outbuf) = cpu_to_le32(s->medium);
+stl_le_p(outbuf, s->medium);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_MAXIMUM_FRAME_SIZE:
-*((le32 *) outbuf) = cpu_to_le32(ETH_FRAME_LEN);
+stl_le_p(outbuf, ETH_FRAME_LEN);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_LINK_SPEED:
-*((le32 *) outbuf) = cpu_to_le32(s->speed);
+stl_le_p(outbuf, s->speed);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_TRANSMIT_BLOCK_SIZE:
-*((le32 *) outbuf) = cpu_to_le32(ETH_FRAME_LEN);
+stl_le_p(outbuf, ETH_FRAME_LEN);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_RECEIVE_BLOCK_SIZE:
-*((le32 *) outbuf) = cpu_to_le32(ETH_FRAME_LEN);
+stl_le_p(outbuf, ETH_FRAME_LEN);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_VENDOR_ID:
-*((le32 *) outbuf) = cpu_to_le32(s->vendorid);
+stl_le_p(outbuf, s->vendorid);
 return sizeof(le32);
 
 /* mandatory */
@@ -720,58 +721,57 @@ static int ndis_query(USBNetState *s, uint32_t oid,
 return strlen((char *)outbuf) + 1;
 
 case OID_GEN_VENDOR_DRIVER_VERSION:
-*((le32 *) outbuf) = cpu_to_le32(1);
+stl_le_p(outbuf, 1);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_CURRENT_PACKET_FILTER:
-*((le32 *) outbuf) = cpu_to_le32(s->filter);
+stl_le_p(outbuf, s->filter);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_MAXIMUM_TOTAL_SIZE:
-*((le32 *) outbuf) = cpu_to_le32(RNDIS_MAX_TOTAL_SIZE);
+stl_le_p(outbuf, RNDIS_MAX_TOTAL_SIZE);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_MEDIA_CONNECT_STATUS:
-*((le32 *) outbuf) = cpu_to_le32(s->media_state);
+stl_le_p(outbuf, s->media_state);
 return sizeof(le32);
 
 case OID_GEN_PHYSICAL_MEDIUM:
-*((le32 *) outbuf) = cpu_to_le32(0);
+stl_le_p(outbuf, 0);
 return sizeof(le32);
 
 case OID_GEN_MAC_OPTIONS:
-*((le32 *) outbuf) = cpu_to_le32(
-NDIS_MAC_OPTION_RECEIVE_SERIALIZED |
-NDIS_MAC_OPTION_FULL_DUPLEX);
+stl_le_p(outbuf, NDIS_MAC_OPTION_RECEIVE_SERIALIZED |
+ NDIS_MAC_OPTION_FULL_DUPLEX);
 return sizeof(le32);
 
 /* statistics OIDs (table 4-2) */
 /* mandatory */
 case OID_GEN_XMIT_OK:
-*((le32 *) outbuf) = cpu_to_le32(0);
+stl_le_p(outbuf, 0);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_RCV_OK:
-*((le32 *) outbuf) = cpu_to_le32(0);
+stl_le_p(outbuf, 0);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_XMIT_ERROR:
-*((le32 *) outbuf) = cpu_to_le32(0);
+stl_le_p(outbuf, 0);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_RCV_ERROR:
-*((le32 *) outbuf) = cpu_to_le32(0);
+stl_le_p(outbuf, 0);
 return sizeof(le32);
 
 /* mandatory */
 case OID_GEN_RCV_NO_BUFFER:
-*((le32 *) outbuf) = cpu_to_le32(0);
+stl_le_p(outbuf, 0);
 return 

Re: [Qemu-devel] [PULL 00/15] tb hash improvements

[Peter Maydell]

On 10 June 2016 at 15:26, Richard Henderson <r...@twiddle.net> wrote:
> We're all good to go with v7.
>
>
> r~
>
>
> The following changes since commit 0c33682d5f29b0a4ae53bdec4c8e52e4fae37b34:
>
>   target-i386: Move user-mode exception actions out of user-exec.c 
> (2016-06-09 15:55:02 +0100)
>
> are available in the git repository at:
>
>   git://github.com/rth7680/qemu.git tags/pull-tcg-20160610
>
> for you to fetch changes up to 9b1b8e78a5a8c849f5ca800d71497dc88a338483:
>
>   translate-all: add tb hash bucket info to 'info jit' dump (2016-06-10 
> 07:21:54 -0700)
>
> 
> TB hashing improvements

Fails to build on ppc64be :-(

In file included from /home/pm215/qemu/include/qemu/thread.h:4:0,
 from /home/pm215/qemu/include/block/aio.h:20,
 from /home/pm215/qemu/include/block/block.h:4,
 from /home/pm215/qemu/include/monitor/monitor.h:6,
 from /home/pm215/qemu/trace/control.c:23:
/home/pm215/qemu/include/qemu/processor.h:24:35: error: expected
identifier or ‘(’ before string constant
   "or 2, 2, 2;" ::: "memory")
   ^
In file included from /home/pm215/qemu/include/block/aio.h:20:0,
 from /home/pm215/qemu/include/block/block.h:4,
 from /home/pm215/qemu/include/monitor/monitor.h:6,
 from /home/pm215/qemu/trace/control.c:23:
/home/pm215/qemu/include/qemu/thread.h:22:22: error: unknown type name
‘QemuMutex’
 void qemu_mutex_init(QemuMutex *mutex);
  ^
/home/pm215/qemu/include/qemu/thread.h:23:25: error: unknown type name
‘QemuMutex’
 void qemu_mutex_destroy(QemuMutex *mutex);
 ^
/home/pm215/qemu/include/qemu/thread.h:24:22: error: unknown type name
‘QemuMutex’
 void qemu_mutex_lock(QemuMutex *mutex);
  ^
/home/pm215/qemu/include/qemu/thread.h:25:24: error: unknown type name
‘QemuMutex’
 int qemu_mutex_trylock(QemuMutex *mutex);
^
/home/pm215/qemu/include/qemu/thread.h:26:24: error: unknown type name
‘QemuMutex’
 void qemu_mutex_unlock(QemuMutex *mutex);
^
/home/pm215/qemu/include/qemu/thread.h:38:37: error: unknown type name
‘QemuMutex’
 void qemu_cond_wait(QemuCond *cond, QemuMutex *mutex);
 ^
/home/pm215/qemu/include/qemu/thread.h: In function ‘qemu_spin_lock’:
/home/pm215/qemu/include/qemu/thread.h:78:24: error: expected ‘:’ or
‘)’ before ‘;’ token
 cpu_relax();
^

(and some more errors that I think are just run-on from those).

thanks
-- PMM

[Qemu-devel] [PATCH] block: drop support for using qcow[2] encryption with system emulators

[Daniel P. Berrange]

Back in the 2.3.0 release we declared qcow[2] encryption as
deprecated, warning people that it would be removed in a future
release.

  commit a1f688f4152e65260b94f37543521ceff8bfebe4
  Author: Markus Armbruster 
  Date:   Fri Mar 13 21:09:40 2015 +0100

block: Deprecate QCOW/QCOW2 encryption

The code still exists today, but by a (happy?) accident we entirely
broke the ability to use qcow[2] encryption in the system emulators
in the 2.4.0 release due to

  commit 8336aafae1451d54c81dd2b187b45f7c45d2428e
  Author: Daniel P. Berrange 
  Date:   Tue May 12 17:09:18 2015 +0100

qcow2/qcow: protect against uninitialized encryption key

This commit was designed to prevent future coding bugs which
might cause QEMU to read/write data on an encrypted block
device in plain text mode before a decryption key is set.

It turns out this preventative measure was a little too good,
because we already had a long standing bug where QEMU read
encrypted data in plain text mode during system emulator
startup, in order to guess disk geometry:

  Thread 10 (Thread 0x7fffd3fff700 (LWP 30373)):
  #0  0x7fffe90b1a28 in raise () at /lib64/libc.so.6
  #1  0x7fffe90b362a in abort () at /lib64/libc.so.6
  #2  0x7fffe90aa227 in __assert_fail_base () at /lib64/libc.so.6
  #3  0x7fffe90aa2d2 in  () at /lib64/libc.so.6
  #4  0x5587ae19 in qcow2_co_readv (bs=0x562accb0, sector_num=0, 
remaining_sectors=1, qiov=0x7fffd260) at block/qcow2.c:1229
  #5  0x5589b60d in bdrv_aligned_preadv (bs=bs@entry=0x562accb0, 
req=req@entry=0x7fffd3ffea50, offset=offset@entry=0, bytes=bytes@entry=512, 
align=align@entry=512, qiov=qiov@entry=0x7fffd260, flags=0) at 
block/io.c:908
  #6  0x5589b8bc in bdrv_co_do_preadv (bs=0x562accb0, offset=0, 
bytes=512, qiov=0x7fffd260, flags=) at block/io.c:999
  #7  0x5589c375 in bdrv_rw_co_entry (opaque=0x7fffd210) at 
block/io.c:544
  #8  0x5586933b in coroutine_thread (opaque=0x57876310) at 
coroutine-gthread.c:134
  #9  0x764e1835 in g_thread_proxy (data=0x562b5590) at 
gthread.c:778
  #10 0x76bb760a in start_thread () at /lib64/libpthread.so.0
  #11 0x7fffe917f59d in clone () at /lib64/libc.so.6

  Thread 1 (Thread 0x77ecab40 (LWP 30343)):
  #0  0x7fffe91797a9 in syscall () at /lib64/libc.so.6
  #1  0x764ff87f in g_cond_wait (cond=cond@entry=0x55e085f0 
, mutex=mutex@entry=0x55e08600 ) at 
gthread-posix.c:1397
  #2  0x558692c3 in qemu_coroutine_switch (co=) at 
coroutine-gthread.c:117
  #3  0x558692c3 in qemu_coroutine_switch (from_=0x562b5e30, 
to_=to_@entry=0x57876310, action=action@entry=COROUTINE_ENTER) at 
coroutine-gthread.c:175
  #4  0x55868a90 in qemu_coroutine_enter (co=0x57876310, 
opaque=0x0) at qemu-coroutine.c:116
  #5  0x55859b84 in thread_pool_completion_bh (opaque=0x7fffd40010e0) 
at thread-pool.c:187
  #6  0x55859514 in aio_bh_poll (ctx=ctx@entry=0x562953b0) at 
async.c:85
  #7  0x55864d10 in aio_dispatch (ctx=ctx@entry=0x562953b0) at 
aio-posix.c:135
  #8  0x55864f75 in aio_poll (ctx=ctx@entry=0x562953b0, 
blocking=blocking@entry=true) at aio-posix.c:291
  #9  0x5589c40d in bdrv_prwv_co (bs=bs@entry=0x562accb0, 
offset=offset@entry=0, qiov=qiov@entry=0x7fffd260, 
is_write=is_write@entry=false, flags=flags@entry=(unknown: 0)) at block/io.c:591
  #10 0x5589c503 in bdrv_rw_co (bs=bs@entry=0x562accb0, 
sector_num=sector_num@entry=0, buf=buf@entry=0x7fffd2e0 "\321,", 
nb_sectors=nb_sectors@entry=21845, is_write=is_write@entry=false, 
flags=flags@entry=(unknown: 0)) at block/io.c:614
  #11 0x5589c562 in bdrv_read_unthrottled (nb_sectors=21845, 
buf=0x7fffd2e0 "\321,", sector_num=0, bs=0x562accb0) at block/io.c:622
  #12 0x5589c562 in bdrv_read_unthrottled (bs=0x562accb0, 
sector_num=sector_num@entry=0, buf=buf@entry=0x7fffd2e0 "\321,", 
nb_sectors=nb_sectors@entry=21845) at block/io.c:634
nb_sectors@entry=1) at block/block-backend.c:504
  #14 0x55752e9f in guess_disk_lchs (blk=blk@entry=0x562a5290, 
pcylinders=pcylinders@entry=0x7fffd52c, pheads=pheads@entry=0x7fffd530, 
psectors=psectors@entry=0x7fffd534) at hw/block/hd-geometry.c:68
  #15 0x55752ff7 in hd_geometry_guess (blk=0x562a5290, 
pcyls=pcyls@entry=0x57875d1c, pheads=pheads@entry=0x57875d20, 
psecs=psecs@entry=0x57875d24, ptrans=ptrans@entry=0x57875d28) at 
hw/block/hd-geometry.c:133
  #16 0x55752b87 in blkconf_geometry (conf=conf@entry=0x57875d00, 
ptrans=ptrans@entry=0x57875d28, cyls_max=cyls_max@entry=65536, 
heads_max=heads_max@entry=16, secs_max=secs_max@entry=255, 
errp=errp@entry=0x7fffd5e0) at hw/block/block.c:71
  #17 0x55799bc4 in ide_dev_initfn (dev=0x57875c80, kind=IDE_HD) at 
hw/ide/qdev.c:174
  #18 0x55768394 in 

Re: [Qemu-devel] [PULL 0/5] ui: misc bug fixes

[Peter Maydell]

On 10 June 2016 at 10:58, Gerd Hoffmann <kra...@redhat.com> wrote:
>   Hi,
>
> Here comes the ui patch queue with a collection of bugfixes.
>
> please pull,
>   Gerd
>
> The following changes since commit 0c33682d5f29b0a4ae53bdec4c8e52e4fae37b34:
>
>   target-i386: Move user-mode exception actions out of user-exec.c 
> (2016-06-09 15:55:02 +0100)
>
> are available in the git repository at:
>
>   git://git.kraxel.org/qemu tags/pull-ui-20160610-1
>
> for you to fetch changes up to 1185fde40c3ba02406665b9ee0743270c526be26:
>
>   console: ignore ui_info updates which don't actually update something 
> (2016-06-10 11:16:18 +0200)
>
> 
> ui: misc bug fixes.
>
> 

Applied, thanks.

-- PMM

Re: [Qemu-devel] [RFC 00/10] MTTCG: Slow-path for atomic insns

[alvise rigo]

I might have broken something while rebasing on top of
enable-mttcg-for-armv7-v1.
I will sort this problem out.

Thank you,
alvise

On Fri, Jun 10, 2016 at 5:21 PM, Alex Bennée  wrote:
>
> Alvise Rigo  writes:
>
>> Hi,
>>
>> This series ports the latest iteration of the LL/SC work on top of the
>> latest MTTCG reference branch posted recently by Alex.
>>
>> These patches apply on top of the following series:
>>
>> - [RFC v1 00/12] Enable MTTCG for 32 bit arm on x86
>>   https://github.com/stsquad/qemu/tree/mttcg/enable-mttcg-for-armv7-v1
>> - [RFC v8 00/14] Slow-path for atomic instruction translation
>>   https://git.virtualopensystems.com/dev/qemu-mt/tree/\
>>   slowpath-for-atomic-v8-no-mttcg - only minor changes have been necessary
>> - Few recent patches from Emilio regarding the spinlock implementation
>>
>> Overall, these patches allow the LL/SC infrastructure to work in 
>> multi-threaded
>> mode (patches 01-02-04) and make TLB flushes to other VCPUs safe.
>>
>> Patch 03 introduces a new API to submit a work item to a VCPU and wait for 
>> its
>> completion. This API is used to query TLB flushes that result from the
>> emulation of some ARM instructions. Patches 07, 08 and 09 modify the current
>> tlb_flush_* functions to use the new API.  Patch 10 fixes a rare hang that I
>> was experiencing with this branch.
>>
>> The whole work can be fetched from the following repository:
>> g...@git.virtualopensystems.com:dev/qemu-mt.git
>> at the branch "slowpath-for-atomic-v8-mttcg".
>
> Hmm this branch has build failures for linux-user and other
> architectures. Is this the latest one?
>
>>
>> Alvise Rigo (10):
>>   exec: Introduce tcg_exclusive_{lock,unlock}()
>>   softmmu_llsc_template.h: Move to multi-threading
>>   cpus: Introduce async_wait_run_on_cpu()
>>   cputlb: Introduce tlb_flush_other()
>>   target-arm: End TB after ldrex instruction
>>   cputlb: Add tlb_tables_flush_bitmap()
>>   cputlb: Query tlb_flush_by_mmuidx
>>   cputlb: Query tlb_flush_page_by_mmuidx
>>   cputlb: Query tlb_flush_page_all
>>   cpus: Do not sleep if some work item is pending
>>
>>  cpus.c |  48 ++-
>>  cputlb.c   | 202 
>> ++---
>>  exec.c |  18 
>>  include/exec/exec-all.h|  13 +--
>>  include/qom/cpu.h  |  36 
>>  softmmu_llsc_template.h|  13 ++-
>>  softmmu_template.h |   6 ++
>>  target-arm/helper.c|  79 +-
>>  target-arm/op_helper.c |   6 ++
>>  target-arm/translate-a64.c |   2 +
>>  target-arm/translate.c |   2 +
>>  11 files changed, 327 insertions(+), 98 deletions(-)
>
>
> --
> Alex Bennée

[Qemu-devel] [PATCH] configure: Rename CONFIG_QGA_NTDDDISK into CONFIG_QGA_NTDDSCSI

[Thomas Huth]

There is no CONFIG_QGA_NTDDDISK define used anywhere in the QEMU
sources. Looking at the changelog and qga/commands-win32.c, it
seems like this should be called CONFIG_QGA_NTDDSCSI instead.

Signed-off-by: Thomas Huth 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index 8c2f90b..55019d6 100755
--- a/configure
+++ b/configure
@@ -4965,7 +4965,7 @@ if test "$mingw32" = "yes" ; then
 echo "WIN_SDK=\"$win_sdk\"" >> $config_host_mak
   fi
   if test "$guest_agent_ntddscsi" = "yes" ; then
-echo "CONFIG_QGA_NTDDDISK=y" >> $config_host_mak
+echo "CONFIG_QGA_NTDDSCSI=y" >> $config_host_mak
   fi
   if test "$guest_agent_msi" = "yes"; then
 echo "QEMU_GA_MSI_ENABLED=yes" >> $config_host_mak  
-- 
1.8.3.1

[Qemu-devel] [PATCH v3 6/6] trace: Add QAPI/QMP interfaces to query and control per-vCPU tracing state

[Lluís Vilanova]

Signed-off-by: Lluís Vilanova 
Reviewed-by: Stefan Hajnoczi 
---
 monitor.c   |4 +-
 qapi/trace.json |   20 ++--
 qmp-commands.hx |   17 ++-
 trace/qmp.c |  143 ---
 4 files changed, 147 insertions(+), 37 deletions(-)

diff --git a/monitor.c b/monitor.c
index a27e115..bb89877 100644
--- a/monitor.c
+++ b/monitor.c
@@ -910,7 +910,7 @@ static void hmp_trace_event(Monitor *mon, const QDict 
*qdict)
 bool new_state = qdict_get_bool(qdict, "option");
 Error *local_err = NULL;
 
-qmp_trace_event_set_state(tp_name, new_state, true, true, _err);
+qmp_trace_event_set_state(tp_name, new_state, true, true, false, 0, 
_err);
 if (local_err) {
 error_report_err(local_err);
 }
@@ -1069,7 +1069,7 @@ static void hmp_info_cpustats(Monitor *mon, const QDict 
*qdict)
 
 static void hmp_info_trace_events(Monitor *mon, const QDict *qdict)
 {
-TraceEventInfoList *events = qmp_trace_event_get_state("*", NULL);
+TraceEventInfoList *events = qmp_trace_event_get_state("*", false, 0, 
NULL);
 TraceEventInfoList *elem;
 
 for (elem = events; elem != NULL; elem = elem->next) {
diff --git a/qapi/trace.json b/qapi/trace.json
index 01b0a52..25d8095 100644
--- a/qapi/trace.json
+++ b/qapi/trace.json
@@ -1,6 +1,6 @@
 # -*- mode: python -*-
 #
-# Copyright (C) 2011-2014 Lluís Vilanova 
+# Copyright (C) 2011-2016 Lluís Vilanova 
 #
 # This work is licensed under the terms of the GNU GPL, version 2 or later.
 # See the COPYING file in the top-level directory.
@@ -29,11 +29,12 @@
 #
 # @name: Event name.
 # @state: Tracing state.
+# @vcpu: Whether this is a per-vCPU event (since 2.7).
 #
 # Since 2.2
 ##
 { 'struct': 'TraceEventInfo',
-  'data': {'name': 'str', 'state': 'TraceEventState'} }
+  'data': {'name': 'str', 'state': 'TraceEventState', 'vcpu': 'bool'} }
 
 ##
 # @trace-event-get-state:
@@ -41,13 +42,18 @@
 # Query the state of events.
 #
 # @name: Event name pattern (case-sensitive glob).
+# @vcpu: #optional The vCPU to check (any by default; since 2.7).
 #
 # Returns: a list of @TraceEventInfo for the matching events
 #
+# For any event without the "vcpu" property:
+# - If @name is a pattern and @vcpu is set, events are ignored.
+# - If @name is not a pattern and @vcpu is set, an error is raised.
+#
 # Since 2.2
 ##
 { 'command': 'trace-event-get-state',
-  'data': {'name': 'str'},
+  'data': {'name': 'str', '*vcpu': 'int'},
   'returns': ['TraceEventInfo'] }
 
 ##
@@ -58,8 +64,14 @@
 # @name: Event name pattern (case-sensitive glob).
 # @enable: Whether to enable tracing.
 # @ignore-unavailable: #optional Do not match unavailable events with @name.
+# @vcpu: #optional The vCPU to act upon (all by default; since 2.7).
+#
+# For any event without the "vcpu" property:
+# - If @name is a pattern and @vcpu is set, events are ignored.
+# - If @name is not a pattern and @vcpu is set, an error is raised.
 #
 # Since 2.2
 ##
 { 'command': 'trace-event-set-state',
-  'data': {'name': 'str', 'enable': 'bool', '*ignore-unavailable': 'bool'} }
+  'data': {'name': 'str', 'enable': 'bool', '*ignore-unavailable': 'bool',
+   '*vcpu': 'int'} }
diff --git a/qmp-commands.hx b/qmp-commands.hx
index 28801a2..c9eb25c 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -4676,7 +4676,7 @@ EQMP
 
 {
 .name   = "trace-event-get-state",
-.args_type  = "name:s",
+.args_type  = "name:s,vcpu:i?",
 .mhandler.cmd_new = qmp_marshal_trace_event_get_state,
 },
 
@@ -4686,6 +4686,11 @@ trace-event-get-state
 
 Query the state of events.
 
+Arguments:
+
+- "name": Event name pattern (json-string).
+- "vcpu": Specific vCPU to query, any vCPU by default (json-int, optional).
+
 Example:
 
 -> { "execute": "trace-event-get-state", "arguments": { "name": 
"qemu_memalign" } }
@@ -4694,7 +4699,7 @@ EQMP
 
 {
 .name   = "trace-event-set-state",
-.args_type  = "name:s,enable:b,ignore-unavailable:b?",
+.args_type  = "name:s,enable:b,ignore-unavailable:b?,vcpu:i?",
 .mhandler.cmd_new = qmp_marshal_trace_event_set_state,
 },
 
@@ -4704,6 +4709,14 @@ trace-event-set-state
 
 Set the state of events.
 
+Arguments:
+
+- "name": Event name pattern (json-string).
+- "enable": Whether to enable or disable the event (json-bool).
+- "ignore-unavailable": Whether to ignore errors for events that cannot be
+  changed (json-bool, optional).
+- "vcpu": Specific vCPU to set, all vCPUs by default (json-int, optional).
+
 Example:
 
 -> { "execute": "trace-event-set-state", "arguments": { "name": 
"qemu_memalign", "enable": "true" } }
diff --git a/trace/qmp.c b/trace/qmp.c
index 8aa2660..a814ac2 100644
--- a/trace/qmp.c
+++ b/trace/qmp.c
@@ -1,7 +1,7 @@
 /*
  * QMP commands for tracing events.
  *
- * Copyright (C) 2014 Lluís Vilanova 
+ * Copyright (C) 2014-2016 Lluís