Re: [Qemu-devel] [PATCH RFC] tests: Run qtest cases in parallel

[Gonglei (Arei)]

> -Original Message-
> From: Fam Zheng [mailto:f...@redhat.com]
> Sent: Friday, September 23, 2016 5:59 PM
> To: Gonglei (Arei)
> Cc: John Snow; pbonz...@redhat.com; qemu-devel@nongnu.org
> Subject: Re: [Qemu-devel] [PATCH RFC] tests: Run qtest cases in parallel
> 
> On Fri, 09/23 09:39, Gonglei (Arei) wrote:
> >
> > Hi Fam,
> >
> >
> > > -Original Message-
> > > From: Qemu-devel
> > > [mailto:qemu-devel-bounces+arei.gonglei=huawei@nongnu.org] On
> > > Behalf Of Fam Zheng
> > > Sent: Friday, September 23, 2016 3:58 PM
> > > To: John Snow
> > > Cc: pbonz...@redhat.com; qemu-devel@nongnu.org
> > > Subject: Re: [Qemu-devel] [PATCH RFC] tests: Run qtest cases in parallel
> > >
> > > On Wed, 09/21 14:24, John Snow wrote:
> > > >
> > > >
> > > > On 08/12/2016 05:19 AM, Fam Zheng wrote:
> > > > > Previously all test cases in a category, such as check-qtest-y, are
> > > > > executed in a single long gtester command. This patch separates each
> > > > > test into its own make target to allow better parallism.
> > > > >
> >
> > That's will be great if we can specify a test to run, especially for the 
> > scenario
> > which add one use qtest case.
> >
> > For example:
> >
> >  # make check test-crypto-cipher
> >
> > then only run the tests/ test-crypto-cipher.
> >
> > Do you think it makes sense?
> 
> Or more likely:
> 
> # make check TESTS="test-crypto-cipher test-crypto-hash ..."
> 
> Usually I just extract the gtester command line with V=1 and run it from my
> shell prompt.  Feel free to send a patch, though.
> 
Sorry, I have no patch for this, it's just my idea ;)
Appreciate it if you can realize it. 

Regards,
-Gonglei

Re: [Qemu-devel] [PATCH v2 0/3] crypto: add ctr mode support and little inprovement

[Gonglei (Arei)]

> -Original Message-
> From: no-re...@patchew.org [mailto:no-re...@patchew.org]
> Sent: Saturday, September 24, 2016 10:22 AM
> To: Gonglei (Arei)
> Cc: f...@redhat.com; qemu-devel@nongnu.org; Gonglei (Arei); Wubin (H)
> Subject: Re: [Qemu-devel] [PATCH v2 0/3] crypto: add ctr mode support and
> little inprovement
> 
> Hi,
> 
> Your series failed automatic build test. Please find the testing commands and
> their output below. If you have docker installed, you can probably reproduce 
> it
> locally.
> 
> Type: series
> Message-id: 1474683000-346560-1-git-send-email-arei.gong...@huawei.com
> Subject: [Qemu-devel] [PATCH v2 0/3] crypto: add ctr mode support and little
> inprovement
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> set -e
> git submodule update --init dtc
> make J=8 docker-test-quick@centos6
> make J=8 docker-test-mingw@fedora
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> From https://github.com/patchew-project/qemu
>  * [new tag]
> patchew/1474683000-346560-1-git-send-email-arei.gong...@huawei.com ->
> patchew/1474683000-346560-1-git-send-email-arei.gong...@huawei.com
> Switched to a new branch 'test'
> 9080eef crypto: add mode check in qcrypto_cipher_new() for cipher-builtin
> 91179fc crypto: extend mode as a parameter in qcrypto_cipher_supports()
> 87948de crypto: add CTR mode support
> 
> === OUTPUT BEGIN ===
> Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
> Cloning into 'dtc'...
> Submodule path 'dtc': checked out
> '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
>   BUILD centos6
>   ARCHIVE qemu.tgz
>   ARCHIVE dtc.tgz
>   COPY RUNNER
>   RUN test-quick in centos6
> Configure options:
> --enable-werror --target-list=x86_64-softmmu,aarch64-softmmu
> --prefix=/tmp/qemu-test/src/tests/docker/install
> No C++ compiler available; disabling C++ specific optional code
> Install prefix/tmp/qemu-test/src/tests/docker/install
> BIOS directory/tmp/qemu-test/src/tests/docker/install/share/qemu
> binary directory  /tmp/qemu-test/src/tests/docker/install/bin
> library directory /tmp/qemu-test/src/tests/docker/install/lib
> module directory  /tmp/qemu-test/src/tests/docker/install/lib/qemu
> libexec directory /tmp/qemu-test/src/tests/docker/install/libexec
> include directory /tmp/qemu-test/src/tests/docker/install/include
> config directory  /tmp/qemu-test/src/tests/docker/install/etc
> local state directory   /tmp/qemu-test/src/tests/docker/install/var
> Manual directory  /tmp/qemu-test/src/tests/docker/install/share/man
> ELF interp prefix /usr/gnemul/qemu-%M
> Source path   /tmp/qemu-test/src
> C compilercc
> Host C compiler   cc
> C++ compiler
> Objective-C compiler cc
> ARFLAGS   rv
> CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
> -pthread -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -g
> QEMU_CFLAGS   -I/usr/include/pixman-1-fPIE -DPIE -m64
> -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
> -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings
> -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels
> -Wmissing-include-dirs -Wempty-body -Wnested-externs -Wformat-security
> -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration
> -Wold-style-definition -Wtype-limits -fstack-protector-all
> LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g
> make  make
> install   install
> pythonpython -B
> smbd  /usr/sbin/smbd
> module supportno
> host CPU  x86_64
> host big endian   no
> target list   x86_64-softmmu aarch64-softmmu
> tcg debug enabled no
> gprof enabled no
> sparse enabledno
> strip binariesyes
> profiler  no
> static build  no
> pixmansystem
> SDL support   yes (1.2.14)
> GTK support   no
> GTK GL supportno
> VTE support   no
> TLS priority  NORMAL
> GNUTLS supportno
> GNUTLS rndno
> libgcrypt no
> libgcrypt kdf no
> nettleno
> nettle kdfno
> libtasn1  no
> curses supportno
> virgl support no
> curl support  no
> mingw32 support   no
> Audio drivers oss
> Block whitelist (rw)
> Block whitelist (ro)
> VirtFS supportno
> VNC support   yes
> VNC SASL support  no
> VNC JPEG support  no
> VNC PNG support   no
> xen support   no
> brlapi supportno
> bluez  supportno
> Documentation no
> PIE   yes
> vde support   no
> netmap supportno
> Linux AIO support no
> ATTR/XATTR support yes
> Install blobs yes
> KVM support   yes
> RDMA support  no
> TCG interpreter   no
> fdt support   yes
> preadv supportyes
> fdatasync yes
> madvise   yes
> posix_madvise yes
> libcap-ng support no
> vhost-net support yes
> vhost-scsi support yes
> vhost-vsock support yes
> Trace backendslog
> spice support no
> rbd support   no
> 

Re: [Qemu-devel] [PATCH v2 0/3] crypto: add ctr mode support and little inprovement

[no-reply]

Hi,

Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 1474683000-346560-1-git-send-email-arei.gong...@huawei.com
Subject: [Qemu-devel] [PATCH v2 0/3] crypto: add ctr mode support and little 
inprovement

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
make J=8 docker-test-quick@centos6
make J=8 docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] 
patchew/1474683000-346560-1-git-send-email-arei.gong...@huawei.com -> 
patchew/1474683000-346560-1-git-send-email-arei.gong...@huawei.com
Switched to a new branch 'test'
9080eef crypto: add mode check in qcrypto_cipher_new() for cipher-builtin
91179fc crypto: extend mode as a parameter in qcrypto_cipher_supports()
87948de crypto: add CTR mode support

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
  BUILD centos6
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPY RUNNER
  RUN test-quick in centos6
Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/src/tests/docker/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/src/tests/docker/install
BIOS directory/tmp/qemu-test/src/tests/docker/install/share/qemu
binary directory  /tmp/qemu-test/src/tests/docker/install/bin
library directory /tmp/qemu-test/src/tests/docker/install/lib
module directory  /tmp/qemu-test/src/tests/docker/install/lib/qemu
libexec directory /tmp/qemu-test/src/tests/docker/install/libexec
include directory /tmp/qemu-test/src/tests/docker/install/include
config directory  /tmp/qemu-test/src/tests/docker/install/etc
local state directory   /tmp/qemu-test/src/tests/docker/install/var
Manual directory  /tmp/qemu-test/src/tests/docker/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-fPIE -DPIE -m64 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels -Wmissing-include-dirs 
-Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition 
-Wtype-limits -fstack-protector-all
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi supportno
bluez  supportno
Documentation no
PIE   yes
vde support   no
netmap supportno
Linux AIO support no
ATTR/XATTR support yes
Install blobs yes
KVM support   yes
RDMA support  no
TCG interpreter   no
fdt support   yes
preadv supportyes
fdatasync yes
madvise   yes
posix_madvise yes
libcap-ng support no
vhost-net support yes
vhost-scsi support yes
vhost-vsock support yes
Trace backendslog
spice support no 
rbd support   no
xfsctl supportno
smartcard support no
libusbno
usb net redir no
OpenGL supportno
OpenGL dmabufsno
libiscsi support  no
libnfs supportno
build guest agent yes
QGA VSS support   no
QGA w32 disk info no
QGA MSI support   no
seccomp support   no
coroutine backend ucontext
coroutine poolyes
GlusterFS support no
Archipelago support no
gcov  gcov
gcov enabled  no
TPM support   yes
libssh2 support   no
TPM passthrough   yes
QOM debugging yes
lzo support   no
snappy supportno
bzip2 support no
NUMA host 

[Qemu-devel] [PATCH v2 2/3] crypto: extend mode as a parameter in qcrypto_cipher_supports()

[Gonglei]

It can't guarantee all cipher modes are supported
if one cipher algorithm is supported by a backend.
Let's extend qcrypto_cipher_supports() to take both
the algorithm and mode as parameters.

Signed-off-by: Gonglei 
---
 block/qcow.c   |  3 ++-
 block/qcow2.c  |  3 ++-
 crypto/cipher-builtin.c| 14 +-
 crypto/cipher-gcrypt.c | 13 -
 crypto/cipher-nettle.c | 13 -
 include/crypto/cipher.h|  6 --
 tests/test-crypto-cipher.c |  2 +-
 ui/vnc.c   |  2 +-
 8 files changed, 47 insertions(+), 9 deletions(-)

diff --git a/block/qcow.c b/block/qcow.c
index 94f01b3..7540f43 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -153,7 +153,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, 
int flags,
 ret = -EINVAL;
 goto fail;
 }
-if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) {
+if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128,
+ QCRYPTO_CIPHER_MODE_CBC)) {
 error_setg(errp, "AES cipher not available");
 ret = -EINVAL;
 goto fail;
diff --git a/block/qcow2.c b/block/qcow2.c
index 0e53a4d..e11c7c9 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -959,7 +959,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, 
int flags,
 ret = -EINVAL;
 goto fail;
 }
-if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128)) {
+if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128,
+ QCRYPTO_CIPHER_MODE_CBC)) {
 error_setg(errp, "AES cipher not available");
 ret = -EINVAL;
 goto fail;
diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index 9d25842..fd59a9e 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -400,14 +400,26 @@ static int qcrypto_cipher_init_des_rfb(QCryptoCipher 
*cipher,
 }
 
 
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode)
 {
 switch (alg) {
 case QCRYPTO_CIPHER_ALG_DES_RFB:
 case QCRYPTO_CIPHER_ALG_AES_128:
 case QCRYPTO_CIPHER_ALG_AES_192:
 case QCRYPTO_CIPHER_ALG_AES_256:
+break;
+default:
+return false;
+}
+
+switch (mode) {
+case QCRYPTO_CIPHER_MODE_ECB:
+case QCRYPTO_CIPHER_MODE_CBC:
+case QCRYPTO_CIPHER_MODE_XTS:
 return true;
+case QCRYPTO_CIPHER_MODE_CTR:
+return false;
 default:
 return false;
 }
diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index 97b015a..c550db9 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -24,7 +24,8 @@
 #include 
 
 
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode)
 {
 switch (alg) {
 case QCRYPTO_CIPHER_ALG_DES_RFB:
@@ -37,6 +38,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
 case QCRYPTO_CIPHER_ALG_SERPENT_256:
 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
+break;
+default:
+return false;
+}
+
+switch (mode) {
+case QCRYPTO_CIPHER_MODE_ECB:
+case QCRYPTO_CIPHER_MODE_CBC:
+case QCRYPTO_CIPHER_MODE_XTS:
+case QCRYPTO_CIPHER_MODE_CTR:
 return true;
 default:
 return false;
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index 4b673aa..cd094cd 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -192,7 +192,8 @@ struct QCryptoCipherNettle {
 size_t blocksize;
 };
 
-bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
+bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+ QCryptoCipherMode mode)
 {
 switch (alg) {
 case QCRYPTO_CIPHER_ALG_DES_RFB:
@@ -206,6 +207,16 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
 case QCRYPTO_CIPHER_ALG_TWOFISH_128:
 case QCRYPTO_CIPHER_ALG_TWOFISH_192:
 case QCRYPTO_CIPHER_ALG_TWOFISH_256:
+break;
+default:
+return false;
+}
+
+switch (mode) {
+case QCRYPTO_CIPHER_MODE_ECB:
+case QCRYPTO_CIPHER_MODE_CBC:
+case QCRYPTO_CIPHER_MODE_XTS:
+case QCRYPTO_CIPHER_MODE_CTR:
 return true;
 default:
 return false;
diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h
index f9015e1..bec9f41 100644
--- a/include/crypto/cipher.h
+++ b/include/crypto/cipher.h
@@ -85,13 +85,15 @@ struct QCryptoCipher {
 /**
  * qcrypto_cipher_supports:
  * @alg: the cipher algorithm
+ * @mode: the cipher mode
  *
- * Determine if @alg cipher algorithm is supported by the
+ * Determine if @alg cipher algorithm in @mode is supported by the
  * current configured build
  *
  * Returns: true if the algorithm is supported, false otherwise
  */
-bool 

[Qemu-devel] [PATCH v2 1/3] crypto: add CTR mode support

[Gonglei]

Introduce CTR mode support for the cipher APIs.
CTR mode uses a counter rather than a traditional IV.
The counter has additional properties, including a nonce
and initial counter block. We reuse the ctx->iv as
the counter for conveniences.

Both libgcrypt and nettle are support CTR mode, the
cipher-builtin doesn't support yet.

Signed-off-by: Gonglei 
---
 crypto/cipher-gcrypt.c | 25 -
 crypto/cipher-nettle.c | 15 -
 crypto/cipher.c|  1 +
 include/crypto/cipher.h|  6 ++---
 qapi/crypto.json   |  3 ++-
 tests/test-crypto-cipher.c | 55 ++
 6 files changed, 94 insertions(+), 11 deletions(-)

diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index da3f4c7..97b015a 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -48,6 +48,7 @@ struct QCryptoCipherGcrypt {
 gcry_cipher_hd_t handle;
 gcry_cipher_hd_t tweakhandle;
 size_t blocksize;
+/* Initialization vector or Counter */
 uint8_t *iv;
 };
 
@@ -69,6 +70,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
 case QCRYPTO_CIPHER_MODE_CBC:
 gcrymode = GCRY_CIPHER_MODE_CBC;
 break;
+case QCRYPTO_CIPHER_MODE_CTR:
+gcrymode = GCRY_CIPHER_MODE_CTR;
+break;
 default:
 error_setg(errp, "Unsupported cipher mode %s",
QCryptoCipherMode_lookup[mode]);
@@ -339,12 +343,21 @@ int qcrypto_cipher_setiv(QCryptoCipher *cipher,
 if (ctx->iv) {
 memcpy(ctx->iv, iv, niv);
 } else {
-gcry_cipher_reset(ctx->handle);
-err = gcry_cipher_setiv(ctx->handle, iv, niv);
-if (err != 0) {
-error_setg(errp, "Cannot set IV: %s",
-   gcry_strerror(err));
-return -1;
+if (cipher->mode == QCRYPTO_CIPHER_MODE_CTR) {
+err = gcry_cipher_setctr(ctx->handle, iv, niv);
+if (err != 0) {
+error_setg(errp, "Cannot set Counter: %s",
+   gcry_strerror(err));
+return -1;
+}
+} else {
+gcry_cipher_reset(ctx->handle);
+err = gcry_cipher_setiv(ctx->handle, iv, niv);
+if (err != 0) {
+error_setg(errp, "Cannot set IV: %s",
+   gcry_strerror(err));
+return -1;
+}
 }
 }
 
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index 879d831..4b673aa 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -28,6 +28,7 @@
 #include 
 #include 
 #include 
+#include 
 
 typedef void (*QCryptoCipherNettleFuncWrapper)(const void *ctx,
size_t length,
@@ -186,7 +187,7 @@ struct QCryptoCipherNettle {
 QCryptoCipherNettleFuncNative alg_decrypt_native;
 QCryptoCipherNettleFuncWrapper alg_encrypt_wrapper;
 QCryptoCipherNettleFuncWrapper alg_decrypt_wrapper;
-
+/* Initialization vector or Counter */
 uint8_t *iv;
 size_t blocksize;
 };
@@ -225,6 +226,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm 
alg,
 case QCRYPTO_CIPHER_MODE_ECB:
 case QCRYPTO_CIPHER_MODE_CBC:
 case QCRYPTO_CIPHER_MODE_XTS:
+case QCRYPTO_CIPHER_MODE_CTR:
 break;
 default:
 error_setg(errp, "Unsupported cipher mode %s",
@@ -430,6 +432,12 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher,
 ctx->iv, len, out, in);
 break;
 
+case QCRYPTO_CIPHER_MODE_CTR:
+ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+ctx->blocksize, ctx->iv,
+len, out, in);
+break;
+
 default:
 error_setg(errp, "Unsupported cipher mode %s",
QCryptoCipherMode_lookup[cipher->mode]);
@@ -469,6 +477,11 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
 ctx->iv, len, out, in);
 break;
+case QCRYPTO_CIPHER_MODE_CTR:
+ctr_crypt(ctx->ctx, ctx->alg_encrypt_native,
+ctx->blocksize, ctx->iv,
+len, out, in);
+break;
 
 default:
 error_setg(errp, "Unsupported cipher mode %s",
diff --git a/crypto/cipher.c b/crypto/cipher.c
index cafb454..a9bca41 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -55,6 +55,7 @@ static bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {
 [QCRYPTO_CIPHER_MODE_ECB] = false,
 [QCRYPTO_CIPHER_MODE_CBC] = true,
 [QCRYPTO_CIPHER_MODE_XTS] = true,
+[QCRYPTO_CIPHER_MODE_CTR] = true,
 };
 
 
diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h
index 376654d..f9015e1 100644
--- a/include/crypto/cipher.h
+++ b/include/crypto/cipher.h
@@ -213,16 +213,16 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
 /**
  * qcrypto_cipher_setiv:
  * @cipher: the cipher object
- * @iv: the 

[Qemu-devel] [PATCH v2 3/3] crypto: add mode check in qcrypto_cipher_new() for cipher-builtin

[Gonglei]

Signed-off-by: Gonglei 
---
 crypto/cipher-builtin.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index fd59a9e..d710608 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -433,6 +433,16 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm 
alg,
 {
 QCryptoCipher *cipher;
 
+switch (mode) {
+case QCRYPTO_CIPHER_MODE_ECB:
+case QCRYPTO_CIPHER_MODE_CBC:
+case QCRYPTO_CIPHER_MODE_XTS:
+default:
+error_setg(errp, "Unsupported cipher mode %s",
+   QCryptoCipherMode_lookup[mode]);
+return NULL;
+}
+
 cipher = g_new0(QCryptoCipher, 1);
 cipher->alg = alg;
 cipher->mode = mode;
-- 
1.7.12.4

[Qemu-devel] [PATCH v2 0/3] crypto: add ctr mode support and little inprovement

[Gonglei]

Please see the detailed description in each patch.

v2:
 - fix qtest complaint in cipher-builtin backend.
 - introduce patch 2 and patch 3.

Gonglei (3):
  crypto: add CTR mode support
  crypto: extend mode as a parameter in qcrypto_cipher_supports()
  crypto: add mode check in qcrypto_cipher_new() for cipher-builtin

 block/qcow.c   |  3 ++-
 block/qcow2.c  |  3 ++-
 crypto/cipher-builtin.c| 24 ++-
 crypto/cipher-gcrypt.c | 38 +--
 crypto/cipher-nettle.c | 28 +--
 crypto/cipher.c|  1 +
 include/crypto/cipher.h| 12 ++
 qapi/crypto.json   |  3 ++-
 tests/test-crypto-cipher.c | 57 +-
 ui/vnc.c   |  2 +-
 10 files changed, 151 insertions(+), 20 deletions(-)

-- 
1.7.12.4

Re: [Qemu-devel] [PULL 00/44] ppc-for-2.8 queue 20160922

[David Gibson]

On Fri, Sep 23, 2016 at 08:42:22AM +0100, Alex Bennée wrote:
> 
> David Gibson  writes:
> 
> > On Thu, Sep 22, 2016 at 03:03:50PM +0100, Peter Maydell wrote:
> >> On 22 September 2016 at 07:36, David Gibson  
> >> wrote:
> >> > The following changes since commit 
> >> > a008535b9fa396226ff9cf78b8ac5f3584bda58e:
> >> >
> >> >   build-sys: fix make install regression (2016-09-20 11:32:43 +0100)
> >> >
> >> > are available in the git repository at:
> >> >
> >> >   git://github.com/dgibson/qemu.git tags/ppc-for-2.8-20160922
> >> >
> >> > for you to fetch changes up to 2832da4b6fc549d5feb2cf9fe53ad98cee894327:
> >> >
> >> >   monitor: fix crash for platforms without a CPU 0 (2016-09-22 15:53:01 
> >> > +1000)
> >> >
> >> > 
> >> > ppc patch queue 2016-09-22
> >> >
> >> > This is my second pull request of ppc and spapr related patches for
> >> > qemu-2.8.  Included here are
> >> > * TCG implementations for more POWER9 instructions
> >> > * Some preliminary XICS fixes in preparataion for the pnv machine 
> >> > type
> >> > * A significant ADB (Macintosh kbd/mouse) cleanup
> >> > * Some conversions to use trace instead of debug macros
> >> > * Fixes to correctly handle global TLB flush synchronization in
> >> >   TCG.  This is already a bug, but it will have much more impact
> >> >   when we get MTTCG
> >> > * Add more qtest testcases for Power
> >> > * Some MAINTAINERS updates
> >> > * Assorted bugfixes
> >> >
> >> > This touches some test files and monitor.c which are technically
> >> > outside the ppc code, but coming through this tree because the changes
> >> > are primarily of interest to ppc.
> >> >
> >> > 
> >>
> >> I'm afraid this fails to build with clang:
> >>
> >> /home/petmay01/linaro/qemu-for-merges/target-ppc/translate.c:532:16:
> >> error: unused function 'L' [-Werro
> >> r,-Wunused-function]
> >> EXTRACT_HELPER(L, 16, 2);
> >>^
> >> 1 error generated.
> >
> > Drat, I wonder why travis didn't catch that for me.
> 
> Maybe a version thing? I've got a patch in flight for building with the
> ThreadSanitizer which threw up some compiler warnings but that uses GCC.
> Maybe a more recent clang build should be added as well?

That'd be nice if possible .  However, I think we're restricted to
what's in the not terribly up-to-date Ubuntu image that Travis uses
for its containers, so we might not be able to get something new
enough to trip this warning.

> 
> >
> > Anyway, I've added an extra ifdef to address this and will send a new
> > pull request shortly.
> 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] QEMU dtc submodule

[David Gibson]

On Fri, Sep 23, 2016 at 03:23:26PM +0100, Paul Burton wrote:
> On Friday, 23 September 2016 09:13:51 BST Jeff Cody wrote:
> > > Leon: Please give the git URL and branch that should be mirrored.  It
> > > cannot be a tag since that is immutable.  Instead it should be the
> > > dtc development/release tree that will be updated in the future.
> > 
> > Yes, once I get the git URL I'll update it on the server.  I presume it is
> > 'master' on git://git.kernel.org/pub/scm/utils/dtc/dtc.git, but I will wait
> > for confirmation before I do anything.
> > 
> > Thanks,
> > Jeff
> 
> Hi Jeff,
> 
> That would be the right branch for DTC, but sadly the master branch doesn't 
> contain the 
> actual commit that was tagged as the v1.4.2 release. v1.4.2 tags this commit:
> 
> https://git.kernel.org/cgit/utils/dtc/dtc.git/commit/?
> h=v1.4.2=ec02b34c05be04f249ffaaca4b666f5246877dea[1] 
> 
> Its parent commit is in the master branch, but it isn't. So simply mirroring 
> the master 
> branch wouldn't be enough, you'd need to include the v1.4.2 tag specifically. 
> I've CC'd David 
> Gibson who tagged DTC v1.4.2 in case he has input or can rectify this (which 
> would 
> probably be either a rebase & force push of the last 2 commits on the master 
> branch atop 
> v1.4.2, or a new release).

Oops.. that's my mistake (with my upstream dtc maintainer hat on).

Not sure quite how I managed that, but yes, master branches off just
before the v1.4.2 release, instead of just after.  I've merged them
back together now, so that master should include v1.4.2 now.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2] qtest: fix make check complaint in crypto module

[Gonglei (Arei)]

> -Original Message-
> From: Daniel P. Berrange [mailto:berra...@redhat.com]
> Sent: Friday, September 23, 2016 6:21 PM
> To: Gonglei (Arei)
> Cc: qemu-devel@nongnu.org; Wubin (H)
> Subject: Re: [PATCH v2] qtest: fix make check complaint in crypto module
> 
> On Thu, Sep 22, 2016 at 04:56:39PM +0800, Gonglei wrote:
> >   CCtests/test-crypto-tlscredsx509.o
> >   CCtests/crypto-tls-x509-helpers.o
> >   CCtests/pkix_asn1_tab.o
> > tests/pkix_asn1_tab.c:7:22: warning: libtasn1.h: No such file or directory
> > tests/pkix_asn1_tab.c:9: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or
> ‘__attribute__’ before ‘pkix_asn1_tab’
> > make: *** [tests/pkix_asn1_tab.o] Error 1
> >
> > Signed-off-by: Gonglei 
> > ---
> >  v2: add condition check for TLS support (Daniel)
> > ---
> >  tests/pkix_asn1_tab.c | 9 +
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/tests/pkix_asn1_tab.c b/tests/pkix_asn1_tab.c
> > index 903bc02..036e222b 100644
> > --- a/tests/pkix_asn1_tab.c
> > +++ b/tests/pkix_asn1_tab.c
> > @@ -4,6 +4,14 @@
> >   */
> >
> >  #include "qemu/osdep.h"
> > +#if !(defined WIN32) && \
> > +defined(CONFIG_TASN1) && \
> > +(LIBGNUTLS_VERSION_NUMBER >= 0x020600)
> > +#define QCRYPTO_HAVE_TLS_TEST_SUPPORT
> > +#endif
> 
> This doesn't actually build
> 
> tests/pkix_asn1_tab.c:9:6: error: "LIBGNUTLS_VERSION_NUMBER" is not
> defined [-Werror=undef]
>  (LIBGNUTLS_VERSION_NUMBER >= 0x020600)
>   ^~~~
> cc1: all warnings being treated as errors
> /home/berrange/src/virt/qemu/rules.mak:60: recipe for target
> 'tests/pkix_asn1_tab.o' failed
> make: *** [tests/pkix_asn1_tab.o] Error 1
> 
Oops, I didn't encounter it because CONFIG_TASN1 is not defined in my 
environment.

> 
> This is because you missed the gnutls.h include. Rather than
> repeating the condition here, you sould just #include the
> existing tests/crypto-tls-x509-helpers.h header
> 
Yes, you are definitely right, thanks! V3 will come. 

Regards,
-Gonglei

> > +
> > +#ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
> > +
> >  #include 
> >
> >  const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
> > @@ -1103,3 +,4 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
> >{0, 1048586, "2"},
> >{0, 0, 0}
> >  };
> > +#endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */
> > --
> 
> Regards,
> Daniel
> --
> |: http://berrange.com  -o-
> http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org  -o-
> http://virt-manager.org :|
> |: http://autobuild.org   -o-
> http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org   -o-
> http://live.gnome.org/gtk-vnc :|

[Qemu-devel] [PATCH v3] qtest: fix make check complaint in crypto module

[Gonglei]

  CCtests/test-crypto-tlscredsx509.o
  CCtests/crypto-tls-x509-helpers.o
  CCtests/pkix_asn1_tab.o
tests/pkix_asn1_tab.c:7:22: warning: libtasn1.h: No such file or directory
tests/pkix_asn1_tab.c:9: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or 
‘__attribute__’ before ‘pkix_asn1_tab’
make: *** [tests/pkix_asn1_tab.o] Error 1

Signed-off-by: Gonglei 
---
v3: fix an error: "LIBGNUTLS_VERSION_NUMBER" is not defined (Daniel)
v2: add condition check for TLS support (Daniel)

 tests/pkix_asn1_tab.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/pkix_asn1_tab.c b/tests/pkix_asn1_tab.c
index 903bc02..f15fc51 100644
--- a/tests/pkix_asn1_tab.c
+++ b/tests/pkix_asn1_tab.c
@@ -4,7 +4,9 @@
  */
 
 #include "qemu/osdep.h"
-#include 
+#include "tests/crypto-tls-x509-helpers.h"
+
+#ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
 
 const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
   {"PKIX1", 536875024, 0},
@@ -1103,3 +1105,4 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
   {0, 1048586, "2"},
   {0, 0, 0}
 };
+#endif /* QCRYPTO_HAVE_TLS_TEST_SUPPORT */
-- 
1.7.12.4

Re: [Qemu-devel] [PULL v2 00/19] virtio, pc: fixes and features

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1474668213-15643-1-git-send-email-...@redhat.com
Subject: [Qemu-devel] [PULL v2 00/19] virtio, pc: fixes and features

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git show --no-patch --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]  
patchew/1474658044-9479-1-git-send-email-dgilb...@redhat.com -> 
patchew/1474658044-9479-1-git-send-email-dgilb...@redhat.com
 - [tag update]  patchew/1474658051-18617-1-git-send-email-...@redhat.com 
-> patchew/1474658051-18617-1-git-send-email-...@redhat.com
 * [new tag] patchew/1474668213-15643-1-git-send-email-...@redhat.com 
-> patchew/1474668213-15643-1-git-send-email-...@redhat.com
Switched to a new branch 'test'
e60318a hw/i386: AMD IOMMU IVRS table
a37e600 hw/i386: Introduce AMD IOMMU
d14baae hw/i386/trace-events: Add AMD IOMMU trace events
26b9d41 hw/pci: Prepare for AMD IOMMU
965cf43 virtio: handle virtqueue_get_head() errors
9514f00 virtio: handle virtqueue_num_heads() errors
6b81ab8 virtio: handle virtqueue_read_next_desc() errors
4bb1905 virtio: use unsigned int for virtqueue_get_avail_bytes() index
868b390 virtio: handle virtqueue_get_avail_bytes() errors
a307efe virtio: handle virtqueue_map_desc() errors
f7549bd virtio: migrate vdev->broken flag
1b80c3a virtio: stop virtqueue processing if device is broken
1649672 virtio: fix stray tab character
77e188d target-i386: turn off CPU.l3-cache only for 2.7 and older machine types
c8d0f2f pc: clean up COMPAT macro chaining
0d59009 virtio: add check for descriptor's mapped address
d9efd63 tests: add /vhost-user/flags-mismatch test
7aa9333 tests: add a simple /vhost-user/multiqueue test
5f1b5da tests: add /vhost-user/connect-fail test

=== OUTPUT BEGIN ===
Checking PATCH 1/19: tests: add /vhost-user/connect-fail test...
Checking PATCH 2/19: tests: add a simple /vhost-user/multiqueue test...
WARNING: line over 80 characters
#192: FILE: tests/vhost-user-test.c:824:
+cmd = g_strdup_printf(QEMU_CMD_MEM QEMU_CMD_CHR QEMU_CMD_NETDEV 
",queues=%d "

total: 0 errors, 1 warnings, 198 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 3/19: tests: add /vhost-user/flags-mismatch test...
Checking PATCH 4/19: virtio: add check for descriptor's mapped address...
Checking PATCH 5/19: pc: clean up COMPAT macro chaining...
Checking PATCH 6/19: target-i386: turn off CPU.l3-cache only for 2.7 and older 
machine types...
Checking PATCH 7/19: virtio: fix stray tab character...
Checking PATCH 8/19: virtio: stop virtqueue processing if device is broken...
Checking PATCH 9/19: virtio: migrate vdev->broken flag...
Checking PATCH 10/19: virtio: handle virtqueue_map_desc() errors...
Checking PATCH 11/19: virtio: handle virtqueue_get_avail_bytes() errors...
Checking PATCH 12/19: virtio: use unsigned int for virtqueue_get_avail_bytes() 
index...
Checking PATCH 13/19: virtio: handle virtqueue_read_next_desc() errors...
Checking PATCH 14/19: virtio: handle virtqueue_num_heads() errors...
Checking PATCH 15/19: virtio: handle virtqueue_get_head() errors...
Checking PATCH 16/19: hw/pci: Prepare for AMD IOMMU...
Checking PATCH 17/19: hw/i386/trace-events: Add AMD IOMMU trace events...
Checking PATCH 18/19: hw/i386: Introduce AMD IOMMU...
ERROR: struct MemoryRegionIOMMUOps should normally be const
#1528: FILE: hw/i386/amd_iommu.h:280:
+MemoryRegionIOMMUOps iommu_ops;

total: 1 errors, 0 warnings, 1496 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 19/19: hw/i386: AMD IOMMU IVRS table...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PULL 00/19] virtio, pc: fixes and features

[Michael S. Tsirkin]

On Fri, Sep 23, 2016 at 01:35:11PM -0700, 
no-re...@ec2-52-6-146-230.compute-1.amazonaws.com wrote:
> Hi,
> 
> Your series failed automatic build test. Please find the testing commands and
> their output below. If you have docker installed, you can probably reproduce 
> it
> locally.
> 
> Type: series
> Message-id: 1474658051-18617-1-git-send-email-...@redhat.com
> Subject: [Qemu-devel] [PULL 00/19] virtio, pc: fixes and features
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> set -e
> git submodule update --init dtc
> make J=8 docker-test-quick@centos6
> make J=8 docker-test-mingw@fedora
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> From https://github.com/patchew-project/qemu
>  * [new tag] patchew/1474658051-18617-1-git-send-email-...@redhat.com 
> -> patchew/1474658051-18617-1-git-send-email-...@redhat.com
> Switched to a new branch 'test'
> cacc4b0 hw/i386: AMD IOMMU IVRS table
> 9dd76e8 hw/i386: Introduce AMD IOMMU
> 51d6513 hw/i386/trace-events: Add AMD IOMMU trace events
> 2897b28 hw/pci: Prepare for AMD IOMMU
> 9ed4ac9 virtio: handle virtqueue_get_head() errors
> eba15c9 virtio: handle virtqueue_num_heads() errors
> 3c5513c virtio: handle virtqueue_read_next_desc() errors
> 3e2dd44 virtio: use unsigned int for virtqueue_get_avail_bytes() index
> b63060b virtio: handle virtqueue_get_avail_bytes() errors
> a7e238f virtio: handle virtqueue_map_desc() errors
> b1ee7b9 virtio: migrate vdev->broken flag
> 5ae212e virtio: stop virtqueue processing if device is broken
> 7add352 virtio: fix stray tab character
> a8b4e23 target-i386: turn off CPU.l3-cache only for 2.7 and older machine 
> types
> eb0f9de pc: clean up COMPAT macro chaining
> f2df3c1 virtio: add check for descriptor's mapped address
> f2997b7 tests: add /vhost-user/flags-mismatch test
> b612c50 tests: add a simple /vhost-user/multiqueue test
> c38be03 tests: add /vhost-user/connect-fail test
> 
> === OUTPUT BEGIN ===
> Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
> Cloning into 'dtc'...
> Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
>   BUILD centos6
>   ARCHIVE qemu.tgz
>   ARCHIVE dtc.tgz
>   COPY RUNNER
>   RUN test-quick in centos6
> Configure options:
> --enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
> --prefix=/tmp/qemu-test/src/tests/docker/install
> No C++ compiler available; disabling C++ specific optional code
> Install prefix/tmp/qemu-test/src/tests/docker/install
> BIOS directory/tmp/qemu-test/src/tests/docker/install/share/qemu
> binary directory  /tmp/qemu-test/src/tests/docker/install/bin
> library directory /tmp/qemu-test/src/tests/docker/install/lib
> module directory  /tmp/qemu-test/src/tests/docker/install/lib/qemu
> libexec directory /tmp/qemu-test/src/tests/docker/install/libexec
> include directory /tmp/qemu-test/src/tests/docker/install/include
> config directory  /tmp/qemu-test/src/tests/docker/install/etc
> local state directory   /tmp/qemu-test/src/tests/docker/install/var
> Manual directory  /tmp/qemu-test/src/tests/docker/install/share/man
> ELF interp prefix /usr/gnemul/qemu-%M
> Source path   /tmp/qemu-test/src
> C compilercc
> Host C compiler   cc
> C++ compiler  
> Objective-C compiler cc
> ARFLAGS   rv
> CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread 
> -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -g 
> QEMU_CFLAGS   -I/usr/include/pixman-1-fPIE -DPIE -m64 -D_GNU_SOURCE 
> -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
> -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
> -fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels 
> -Wmissing-include-dirs -Wempty-body -Wnested-externs -Wformat-security 
> -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration 
> -Wold-style-definition -Wtype-limits -fstack-protector-all
> LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
> make  make
> install   install
> pythonpython -B
> smbd  /usr/sbin/smbd
> module supportno
> host CPU  x86_64
> host big endian   no
> target list   x86_64-softmmu aarch64-softmmu
> tcg debug enabled no
> gprof enabled no
> sparse enabledno
> strip binariesyes
> profiler  no
> static build  no
> pixmansystem
> SDL support   yes (1.2.14)
> GTK support   no 
> GTK GL supportno
> VTE support   no 
> TLS priority  NORMAL
> GNUTLS supportno
> GNUTLS rndno
> libgcrypt no
> libgcrypt kdf no
> nettleno 
> nettle kdfno
> libtasn1  no
> curses supportno
> virgl support no
> curl support  no
> mingw32 support   no
> Audio drivers oss
> Block whitelist (rw) 
> Block whitelist (ro) 
> VirtFS supportno
> VNC support   yes
> VNC SASL support  no
> VNC JPEG support  no
> VNC PNG support   no
> xen 

[Qemu-devel] [PULL v2 16/19] hw/pci: Prepare for AMD IOMMU

[Michael S. Tsirkin]

From: David Kiarie 

Introduce PCI macros from for use by AMD IOMMU

Signed-off-by: David Kiarie 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pci.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index e8b83bb..772692f 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -13,9 +13,12 @@
 /* PCI bus */
 
 #define PCI_DEVFN(slot, func)   slot) & 0x1f) << 3) | ((func) & 0x07))
+#define PCI_BUS_NUM(x)  (((x) >> 8) & 0xff)
 #define PCI_SLOT(devfn) (((devfn) >> 3) & 0x1f)
 #define PCI_FUNC(devfn) ((devfn) & 0x07)
 #define PCI_BUILD_BDF(bus, devfn) ((bus << 8) | (devfn))
+#define PCI_BUS_MAX 256
+#define PCI_DEVFN_MAX   256
 #define PCI_SLOT_MAX32
 #define PCI_FUNC_MAX8
 
-- 
MST

[Qemu-devel] [PULL v2 11/19] virtio: handle virtqueue_get_avail_bytes() errors

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

If the vring is invalid, tell the caller no bytes are available and mark
the device broken.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index f2d6c3c..10c2f3d 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -426,14 +426,14 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned 
int *in_bytes,
 
 if (desc.flags & VRING_DESC_F_INDIRECT) {
 if (desc.len % sizeof(VRingDesc)) {
-error_report("Invalid size for indirect buffer table");
-exit(1);
+virtio_error(vdev, "Invalid size for indirect buffer table");
+goto err;
 }
 
 /* If we've got too many, that implies a descriptor loop. */
 if (num_bufs >= max) {
-error_report("Looped descriptor");
-exit(1);
+virtio_error(vdev, "Looped descriptor");
+goto err;
 }
 
 /* loop over the indirect descriptor table */
@@ -447,8 +447,8 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 do {
 /* If we've got too many, that implies a descriptor loop. */
 if (++num_bufs > max) {
-error_report("Looped descriptor");
-exit(1);
+virtio_error(vdev, "Looped descriptor");
+goto err;
 }
 
 if (desc.flags & VRING_DESC_F_WRITE) {
@@ -473,6 +473,11 @@ done:
 if (out_bytes) {
 *out_bytes = out_total;
 }
+return;
+
+err:
+in_total = out_total = 0;
+goto done;
 }
 
 int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,
-- 
MST

[Qemu-devel] [PULL v2 10/19] virtio: handle virtqueue_map_desc() errors

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

Errors can occur during virtqueue_pop(), especially in
virtqueue_map_desc().  In order to handle this we must unmap iov[]
before returning NULL.  The caller will consider the virtqueue empty and
the virtio_error() call will have marked the device broken.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio.c | 74 --
 1 file changed, 55 insertions(+), 19 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index bac6b51..f2d6c3c 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -484,30 +484,33 @@ int virtqueue_avail_bytes(VirtQueue *vq, unsigned int 
in_bytes,
 return in_bytes <= in_total && out_bytes <= out_total;
 }
 
-static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct 
iovec *iov,
+static bool virtqueue_map_desc(VirtIODevice *vdev, unsigned int *p_num_sg,
+   hwaddr *addr, struct iovec *iov,
unsigned int max_num_sg, bool is_write,
hwaddr pa, size_t sz)
 {
+bool ok = false;
 unsigned num_sg = *p_num_sg;
 assert(num_sg <= max_num_sg);
 
 if (!sz) {
-error_report("virtio: zero sized buffers are not allowed");
-exit(1);
+virtio_error(vdev, "virtio: zero sized buffers are not allowed");
+goto out;
 }
 
 while (sz) {
 hwaddr len = sz;
 
 if (num_sg == max_num_sg) {
-error_report("virtio: too many write descriptors in indirect 
table");
-exit(1);
+virtio_error(vdev, "virtio: too many write descriptors in "
+   "indirect table");
+goto out;
 }
 
 iov[num_sg].iov_base = cpu_physical_memory_map(pa, , is_write);
 if (!iov[num_sg].iov_base) {
-error_report("virtio: bogus descriptor or out of resources");
-exit(1);
+virtio_error(vdev, "virtio: bogus descriptor or out of resources");
+goto out;
 }
 
 iov[num_sg].iov_len = len;
@@ -517,7 +520,28 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, 
hwaddr *addr, struct iove
 pa += len;
 num_sg++;
 }
+ok = true;
+
+out:
 *p_num_sg = num_sg;
+return ok;
+}
+
+/* Only used by error code paths before we have a VirtQueueElement (therefore
+ * virtqueue_unmap_sg() can't be used).  Assumes buffers weren't written to
+ * yet.
+ */
+static void virtqueue_undo_map_desc(unsigned int out_num, unsigned int in_num,
+struct iovec *iov)
+{
+unsigned int i;
+
+for (i = 0; i < out_num + in_num; i++) {
+int is_write = i >= out_num;
+
+cpu_physical_memory_unmap(iov->iov_base, iov->iov_len, is_write, 0);
+iov++;
+}
 }
 
 static void virtqueue_map_iovec(struct iovec *sg, hwaddr *addr,
@@ -609,8 +633,8 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 max = vq->vring.num;
 
 if (vq->inuse >= vq->vring.num) {
-error_report("Virtqueue size exceeded");
-exit(1);
+virtio_error(vdev, "Virtqueue size exceeded");
+return NULL;
 }
 
 i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
@@ -621,8 +645,8 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 vring_desc_read(vdev, , desc_pa, i);
 if (desc.flags & VRING_DESC_F_INDIRECT) {
 if (desc.len % sizeof(VRingDesc)) {
-error_report("Invalid size for indirect buffer table");
-exit(1);
+virtio_error(vdev, "Invalid size for indirect buffer table");
+return NULL;
 }
 
 /* loop over the indirect descriptor table */
@@ -634,22 +658,30 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 
 /* Collect all the descriptors */
 do {
+bool map_ok;
+
 if (desc.flags & VRING_DESC_F_WRITE) {
-virtqueue_map_desc(_num, addr + out_num, iov + out_num,
-   VIRTQUEUE_MAX_SIZE - out_num, true, desc.addr, 
desc.len);
+map_ok = virtqueue_map_desc(vdev, _num, addr + out_num,
+iov + out_num,
+VIRTQUEUE_MAX_SIZE - out_num, true,
+desc.addr, desc.len);
 } else {
 if (in_num) {
-error_report("Incorrect order for descriptors");
-exit(1);
+virtio_error(vdev, "Incorrect order for descriptors");
+goto err_undo_map;
 }
-virtqueue_map_desc(_num, addr, iov,
-   VIRTQUEUE_MAX_SIZE, false, desc.addr, desc.len);
+map_ok = virtqueue_map_desc(vdev, _num, addr, iov,
+VIRTQUEUE_MAX_SIZE, 

[Qemu-devel] [PULL v2 18/19] hw/i386: Introduce AMD IOMMU

[Michael S. Tsirkin]

From: David Kiarie 

Add AMD IOMMU emulaton to Qemu in addition to Intel IOMMU.
The IOMMU does basic translation, error checking and has a
minimal IOTLB implementation. This IOMMU bypassed the need
for target aborts by responding with IOMMU_NONE access rights
and exempts the region 0xfee0-0xfeef from translation
as it is the q35 interrupt region.

We advertise features that are not yet implemented to please
the Linux IOMMU driver.

IOTLB aims at implementing commands on real IOMMUs which is
essential for debugging and may not offer any performance
benefits

Signed-off-by: David Kiarie 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/amd_iommu.h   |  289 
 hw/i386/amd_iommu.c   | 1200 +
 hw/i386/Makefile.objs |1 +
 3 files changed, 1490 insertions(+)
 create mode 100644 hw/i386/amd_iommu.h
 create mode 100644 hw/i386/amd_iommu.c

diff --git a/hw/i386/amd_iommu.h b/hw/i386/amd_iommu.h
new file mode 100644
index 000..884926e
--- /dev/null
+++ b/hw/i386/amd_iommu.h
@@ -0,0 +1,289 @@
+/*
+ * QEMU emulation of an AMD IOMMU (AMD-Vi)
+ *
+ * Copyright (C) 2011 Eduard - Gabriel Munteanu
+ * Copyright (C) 2015 David Kiarie, 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#ifndef AMD_IOMMU_H_
+#define AMD_IOMMU_H_
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/msi.h"
+#include "hw/sysbus.h"
+#include "sysemu/dma.h"
+#include "hw/i386/pc.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/i386/x86-iommu.h"
+
+/* Capability registers */
+#define AMDVI_CAPAB_BAR_LOW   0x04
+#define AMDVI_CAPAB_BAR_HIGH  0x08
+#define AMDVI_CAPAB_RANGE 0x0C
+#define AMDVI_CAPAB_MISC  0x10
+
+#define AMDVI_CAPAB_SIZE  0x18
+#define AMDVI_CAPAB_REG_SIZE  0x04
+
+/* Capability header data */
+#define AMDVI_CAPAB_ID_SEC0xf
+#define AMDVI_CAPAB_FLAT_EXT  (1 << 28)
+#define AMDVI_CAPAB_EFR_SUP   (1 << 27)
+#define AMDVI_CAPAB_FLAG_NPCACHE  (1 << 26)
+#define AMDVI_CAPAB_FLAG_HTTUNNEL (1 << 25)
+#define AMDVI_CAPAB_FLAG_IOTLBSUP (1 << 24)
+#define AMDVI_CAPAB_INIT_TYPE (3 << 16)
+
+/* No. of used MMIO registers */
+#define AMDVI_MMIO_REGS_HIGH  8
+#define AMDVI_MMIO_REGS_LOW   7
+
+/* MMIO registers */
+#define AMDVI_MMIO_DEVICE_TABLE   0x
+#define AMDVI_MMIO_COMMAND_BASE   0x0008
+#define AMDVI_MMIO_EVENT_BASE 0x0010
+#define AMDVI_MMIO_CONTROL0x0018
+#define AMDVI_MMIO_EXCL_BASE  0x0020
+#define AMDVI_MMIO_EXCL_LIMIT 0x0028
+#define AMDVI_MMIO_EXT_FEATURES   0x0030
+#define AMDVI_MMIO_COMMAND_HEAD   0x2000
+#define AMDVI_MMIO_COMMAND_TAIL   0x2008
+#define AMDVI_MMIO_EVENT_HEAD 0x2010
+#define AMDVI_MMIO_EVENT_TAIL 0x2018
+#define AMDVI_MMIO_STATUS 0x2020
+#define AMDVI_MMIO_PPR_BASE   0x0038
+#define AMDVI_MMIO_PPR_HEAD   0x2030
+#define AMDVI_MMIO_PPR_TAIL   0x2038
+
+#define AMDVI_MMIO_SIZE   0x4000
+
+#define AMDVI_MMIO_DEVTAB_SIZE_MASK   ((1ULL << 12) - 1)
+#define AMDVI_MMIO_DEVTAB_BASE_MASK   (((1ULL << 52) - 1) & ~ \
+   AMDVI_MMIO_DEVTAB_SIZE_MASK)
+#define AMDVI_MMIO_DEVTAB_ENTRY_SIZE  32
+#define AMDVI_MMIO_DEVTAB_SIZE_UNIT   4096
+
+/* some of this are similar but just for readability */
+#define AMDVI_MMIO_CMDBUF_SIZE_BYTE   (AMDVI_MMIO_COMMAND_BASE + 7)
+#define AMDVI_MMIO_CMDBUF_SIZE_MASK   0x0f
+#define AMDVI_MMIO_CMDBUF_BASE_MASK   AMDVI_MMIO_DEVTAB_BASE_MASK
+#define AMDVI_MMIO_CMDBUF_HEAD_MASK   (((1ULL << 19) - 1) & ~0x0f)
+#define AMDVI_MMIO_CMDBUF_TAIL_MASK   AMDVI_MMIO_EVTLOG_HEAD_MASK
+
+#define AMDVI_MMIO_EVTLOG_SIZE_BYTE   (AMDVI_MMIO_EVENT_BASE + 7)
+#define AMDVI_MMIO_EVTLOG_SIZE_MASK   AMDVI_MMIO_CMDBUF_SIZE_MASK
+#define AMDVI_MMIO_EVTLOG_BASE_MASK   AMDVI_MMIO_CMDBUF_BASE_MASK
+#define AMDVI_MMIO_EVTLOG_HEAD_MASK   (((1ULL << 19) - 1) & ~0x0f)
+#define AMDVI_MMIO_EVTLOG_TAIL_MASK   AMDVI_MMIO_EVTLOG_HEAD_MASK
+
+#define AMDVI_MMIO_PPRLOG_SIZE_BYTE   (AMDVI_MMIO_EVENT_BASE + 7)
+#define AMDVI_MMIO_PPRLOG_HEAD_MASK   AMDVI_MMIO_EVTLOG_HEAD_MASK
+#define 

[Qemu-devel] [PULL v2 19/19] hw/i386: AMD IOMMU IVRS table

[Michael S. Tsirkin]

From: David Kiarie 

Add IVRS table for AMD IOMMU. Generate IVRS or DMAR
depending on emulated IOMMU.

Signed-off-by: David Kiarie 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/aml-build.h |  1 +
 include/hw/i386/x86-iommu.h | 12 +++
 hw/acpi/aml-build.c |  2 +-
 hw/i386/acpi-build.c| 76 +++--
 hw/i386/amd_iommu.c |  2 ++
 hw/i386/intel_iommu.c   |  1 +
 hw/i386/x86-iommu.c |  6 
 7 files changed, 90 insertions(+), 10 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index e5f0878..559326c 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -367,6 +367,7 @@ Aml *aml_sizeof(Aml *arg);
 Aml *aml_concatenate(Aml *source1, Aml *source2, Aml *target);
 Aml *aml_object_type(Aml *object);
 
+void build_append_int_noprefix(GArray *table, uint64_t value, int size);
 void
 build_header(BIOSLinker *linker, GArray *table_data,
  AcpiTableHeader *h, const char *sig, int len, uint8_t rev,
diff --git a/include/hw/i386/x86-iommu.h b/include/hw/i386/x86-iommu.h
index c48e8dd..0c89d98 100644
--- a/include/hw/i386/x86-iommu.h
+++ b/include/hw/i386/x86-iommu.h
@@ -37,6 +37,12 @@
 typedef struct X86IOMMUState X86IOMMUState;
 typedef struct X86IOMMUClass X86IOMMUClass;
 
+typedef enum IommuType {
+TYPE_INTEL,
+TYPE_AMD,
+TYPE_NONE
+} IommuType;
+
 struct X86IOMMUClass {
 SysBusDeviceClass parent;
 /* Intel/AMD specific realize() hook */
@@ -67,6 +73,7 @@ typedef struct IEC_Notifier IEC_Notifier;
 struct X86IOMMUState {
 SysBusDevice busdev;
 bool intr_supported;/* Whether vIOMMU supports IR */
+IommuType type; /* IOMMU type - AMD/Intel */
 QLIST_HEAD(, IEC_Notifier) iec_notifiers; /* IEC notify list */
 };
 
@@ -76,6 +83,11 @@ struct X86IOMMUState {
  */
 X86IOMMUState *x86_iommu_get_default(void);
 
+/*
+ * x86_iommu_get_type - get IOMMU type
+ */
+IommuType x86_iommu_get_type(void);
+
 /**
  * x86_iommu_iec_register_notifier - register IEC (Interrupt Entry
  *   Cache) notifiers
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index db3e914..b2a1e40 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -226,7 +226,7 @@ static void build_extop_package(GArray *package, uint8_t op)
 build_prepend_byte(package, 0x5B); /* ExtOpPrefix */
 }
 
-static void build_append_int_noprefix(GArray *table, uint64_t value, int size)
+void build_append_int_noprefix(GArray *table, uint64_t value, int size)
 {
 int i;
 
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 433feba..c20bc71 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -59,7 +59,8 @@
 
 #include "qapi/qmp/qint.h"
 #include "qom/qom-qobject.h"
-#include "hw/i386/x86-iommu.h"
+#include "hw/i386/amd_iommu.h"
+#include "hw/i386/intel_iommu.h"
 
 #include "hw/acpi/ipmi.h"
 
@@ -2562,6 +2563,62 @@ build_dmar_q35(GArray *table_data, BIOSLinker *linker)
 build_header(linker, table_data, (void *)(table_data->data + dmar_start),
  "DMAR", table_data->len - dmar_start, 1, NULL, NULL);
 }
+/*
+ *   IVRS table as specified in AMD IOMMU Specification v2.62, Section 5.2
+ *   accessible here http://support.amd.com/TechDocs/48882_IOMMU.pdf
+ */
+static void
+build_amd_iommu(GArray *table_data, BIOSLinker *linker)
+{
+int iommu_start = table_data->len;
+AMDVIState *s = AMD_IOMMU_DEVICE(x86_iommu_get_default());
+
+/* IVRS header */
+acpi_data_push(table_data, sizeof(AcpiTableHeader));
+/* IVinfo - IO virtualization information common to all
+ * IOMMU units in a system
+ */
+build_append_int_noprefix(table_data, 40UL << 8/* PASize */, 4);
+/* reserved */
+build_append_int_noprefix(table_data, 0, 8);
+
+/* IVHD definition - type 10h */
+build_append_int_noprefix(table_data, 0x10, 1);
+/* virtualization flags */
+build_append_int_noprefix(table_data,
+ (1UL << 0) | /* HtTunEn  */
+ (1UL << 4) | /* iotblSup */
+ (1UL << 6) | /* PrefSup  */
+ (1UL << 7),  /* PPRSup   */
+ 1);
+/* IVHD length */
+build_append_int_noprefix(table_data, 0x24, 2);
+/* DeviceID */
+build_append_int_noprefix(table_data, s->devid, 2);
+/* Capability offset */
+build_append_int_noprefix(table_data, s->capab_offset, 2);
+/* IOMMU base address */
+build_append_int_noprefix(table_data, s->mmio.addr, 8);
+/* PCI Segment Group */
+build_append_int_noprefix(table_data, 0, 2);
+/* IOMMU info */
+build_append_int_noprefix(table_data, 0, 2);
+/* IOMMU Feature Reporting */
+build_append_int_noprefix(table_data,
+   

[Qemu-devel] [PULL v2 09/19] virtio: migrate vdev->broken flag

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

Send a subsection if the vdev->broken flag is set.  This allows live
migration of broken virtio devices.

The subsection is only sent if vdev->broken has been set.  In most cases
the flag will be clear and no subsection will be sent.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 1671ea8..bac6b51 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -1343,6 +1343,13 @@ static bool virtio_extra_state_needed(void *opaque)
 k->has_extra_state(qbus->parent);
 }
 
+static bool virtio_broken_needed(void *opaque)
+{
+VirtIODevice *vdev = opaque;
+
+return vdev->broken;
+}
+
 static const VMStateDescription vmstate_virtqueue = {
 .name = "virtqueue_state",
 .version_id = 1,
@@ -1457,6 +1464,17 @@ static const VMStateDescription 
vmstate_virtio_64bit_features = {
 }
 };
 
+static const VMStateDescription vmstate_virtio_broken = {
+.name = "virtio/broken",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = _broken_needed,
+.fields = (VMStateField[]) {
+VMSTATE_BOOL(broken, VirtIODevice),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_virtio = {
 .name = "virtio",
 .version_id = 1,
@@ -1470,6 +1488,7 @@ static const VMStateDescription vmstate_virtio = {
 _virtio_64bit_features,
 _virtio_virtqueues,
 _virtio_ringsize,
+_virtio_broken,
 _virtio_extra_state,
 NULL
 }
-- 
MST

[Qemu-devel] [PULL v2 15/19] virtio: handle virtqueue_get_head() errors

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

Stop processing the vring if virtqueue_get_head() fetches an
out-of-bounds head index.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 27 +--
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index b7ac356..18ce333 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -360,21 +360,20 @@ static int virtqueue_num_heads(VirtQueue *vq, unsigned 
int idx)
 return num_heads;
 }
 
-static unsigned int virtqueue_get_head(VirtQueue *vq, unsigned int idx)
+static bool virtqueue_get_head(VirtQueue *vq, unsigned int idx,
+   unsigned int *head)
 {
-unsigned int head;
-
 /* Grab the next descriptor number they're advertising, and increment
  * the index we've seen. */
-head = vring_avail_ring(vq, idx % vq->vring.num);
+*head = vring_avail_ring(vq, idx % vq->vring.num);
 
 /* If their number is silly, that's a fatal mistake. */
-if (head >= vq->vring.num) {
-error_report("Guest says index %u is available", head);
-exit(1);
+if (*head >= vq->vring.num) {
+virtio_error(vq->vdev, "Guest says index %u is available", *head);
+return false;
 }
 
-return head;
+return true;
 }
 
 enum {
@@ -426,7 +425,11 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 
 max = vq->vring.num;
 num_bufs = total_bufs;
-i = virtqueue_get_head(vq, idx++);
+
+if (!virtqueue_get_head(vq, idx++, )) {
+goto err;
+}
+
 desc_pa = vq->vring.desc;
 vring_desc_read(vdev, , desc_pa, i);
 
@@ -660,11 +663,15 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 return NULL;
 }
 
-i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
+if (!virtqueue_get_head(vq, vq->last_avail_idx++, )) {
+return NULL;
+}
+
 if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) {
 vring_set_avail_event(vq, vq->last_avail_idx);
 }
 
+i = head;
 vring_desc_read(vdev, , desc_pa, i);
 if (desc.flags & VRING_DESC_F_INDIRECT) {
 if (desc.len % sizeof(VRingDesc)) {
-- 
MST

[Qemu-devel] [PULL v2 07/19] virtio: fix stray tab character

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

Fix a single occurrence of a tab character in a file that otherwise uses
spaces for indentation.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Fam Zheng 
Acked-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Acked-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index bb656b1..1199149 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -1613,7 +1613,7 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int 
version_id)
  "inconsistent with Host index 0x%x",
  i, vdev->vq[i].last_avail_idx);
 return -1;
-   }
+}
 if (k->load_queue) {
 ret = k->load_queue(qbus->parent, i, f);
 if (ret)
-- 
MST

Re: [Qemu-devel] [PULL 00/19] virtio, pc: fixes and features

[Michael S. Tsirkin]

On Fri, Sep 23, 2016 at 01:35:32PM -0700, 
no-re...@ec2-52-6-146-230.compute-1.amazonaws.com wrote:
> Hi,
> 
> Your series seems to have some coding style problems. See output below for
> more information:
> 
> Type: series
> Message-id: 1474658051-18617-1-git-send-email-...@redhat.com
> Subject: [Qemu-devel] [PULL 00/19] virtio, pc: fixes and features
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> 
> BASE=base
> n=1
> total=$(git log --oneline $BASE.. | wc -l)
> failed=0
> 
> # Useful git options
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> 
> commits="$(git log --format=%H --reverse $BASE..)"
> for c in $commits; do
> echo "Checking PATCH $n/$total: $(git show --no-patch --format=%s $c)..."
> if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; 
> then
> failed=1
> echo
> fi
> n=$((n+1))
> done
> 
> exit $failed
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> Switched to a new branch 'test'
> cacc4b0 hw/i386: AMD IOMMU IVRS table
> 9dd76e8 hw/i386: Introduce AMD IOMMU
> 51d6513 hw/i386/trace-events: Add AMD IOMMU trace events
> 2897b28 hw/pci: Prepare for AMD IOMMU
> 9ed4ac9 virtio: handle virtqueue_get_head() errors
> eba15c9 virtio: handle virtqueue_num_heads() errors
> 3c5513c virtio: handle virtqueue_read_next_desc() errors
> 3e2dd44 virtio: use unsigned int for virtqueue_get_avail_bytes() index
> b63060b virtio: handle virtqueue_get_avail_bytes() errors
> a7e238f virtio: handle virtqueue_map_desc() errors
> b1ee7b9 virtio: migrate vdev->broken flag
> 5ae212e virtio: stop virtqueue processing if device is broken
> 7add352 virtio: fix stray tab character
> a8b4e23 target-i386: turn off CPU.l3-cache only for 2.7 and older machine 
> types
> eb0f9de pc: clean up COMPAT macro chaining
> f2df3c1 virtio: add check for descriptor's mapped address
> f2997b7 tests: add /vhost-user/flags-mismatch test
> b612c50 tests: add a simple /vhost-user/multiqueue test
> c38be03 tests: add /vhost-user/connect-fail test
> 
> === OUTPUT BEGIN ===
> Checking PATCH 1/19: tests: add /vhost-user/connect-fail test...
> Checking PATCH 2/19: tests: add a simple /vhost-user/multiqueue test...
> WARNING: line over 80 characters
> #192: FILE: tests/vhost-user-test.c:824:
> +cmd = g_strdup_printf(QEMU_CMD_MEM QEMU_CMD_CHR QEMU_CMD_NETDEV 
> ",queues=%d "
> 
> total: 0 errors, 1 warnings, 198 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> Checking PATCH 3/19: tests: add /vhost-user/flags-mismatch test...
> Checking PATCH 4/19: virtio: add check for descriptor's mapped address...
> Checking PATCH 5/19: pc: clean up COMPAT macro chaining...
> Checking PATCH 6/19: target-i386: turn off CPU.l3-cache only for 2.7 and 
> older machine types...
> Checking PATCH 7/19: virtio: fix stray tab character...
> Checking PATCH 8/19: virtio: stop virtqueue processing if device is broken...
> Checking PATCH 9/19: virtio: migrate vdev->broken flag...
> Checking PATCH 10/19: virtio: handle virtqueue_map_desc() errors...
> Checking PATCH 11/19: virtio: handle virtqueue_get_avail_bytes() errors...
> Checking PATCH 12/19: virtio: use unsigned int for 
> virtqueue_get_avail_bytes() index...
> Checking PATCH 13/19: virtio: handle virtqueue_read_next_desc() errors...
> Checking PATCH 14/19: virtio: handle virtqueue_num_heads() errors...
> Checking PATCH 15/19: virtio: handle virtqueue_get_head() errors...
> Checking PATCH 16/19: hw/pci: Prepare for AMD IOMMU...
> Checking PATCH 17/19: hw/i386/trace-events: Add AMD IOMMU trace events...
> Checking PATCH 18/19: hw/i386: Introduce AMD IOMMU...
> ERROR: struct MemoryRegionIOMMUOps should normally be const
> #1527: FILE: hw/i386/amd_iommu.h:280:
> +MemoryRegionIOMMUOps iommu_ops;


False positive.

> 
> total: 1 errors, 0 warnings, 1495 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 
> Checking PATCH 19/19: hw/i386: AMD IOMMU IVRS table...
> === OUTPUT END ===
> 
> Test command exited with code: 1
> 
> 
> ---
> Email generated automatically by Patchew [http://patchew.org/].
> Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PULL v2 14/19] virtio: handle virtqueue_num_heads() errors

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

If the avail ring index is bogus virtqueue_num_heads() must return
-EINVAL.

The only caller is virtqueue_get_avail_bytes().  Return saying no bytes
are available when virtqueue_num_heads() fails.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 82142c6..b7ac356 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -347,9 +347,9 @@ static int virtqueue_num_heads(VirtQueue *vq, unsigned int 
idx)
 
 /* Check it isn't doing very strange things with descriptor numbers. */
 if (num_heads > vq->vring.num) {
-error_report("Guest moved used index from %u to %u",
+virtio_error(vq->vdev, "Guest moved used index from %u to %u",
  idx, vq->shadow_avail_idx);
-exit(1);
+return -EINVAL;
 }
 /* On success, callers read a descriptor at vq->last_avail_idx.
  * Make sure descriptor read does not bypass avail index read. */
@@ -417,7 +417,7 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 idx = vq->last_avail_idx;
 
 total_bufs = in_total = out_total = 0;
-while (virtqueue_num_heads(vq, idx)) {
+while ((rc = virtqueue_num_heads(vq, idx)) > 0) {
 VirtIODevice *vdev = vq->vdev;
 unsigned int max, num_bufs, indirect = 0;
 VRingDesc desc;
@@ -478,6 +478,11 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 else
 total_bufs++;
 }
+
+if (rc < 0) {
+goto err;
+}
+
 done:
 if (in_bytes) {
 *in_bytes = in_total;
-- 
MST

[Qemu-devel] [PULL v2 17/19] hw/i386/trace-events: Add AMD IOMMU trace events

[Michael S. Tsirkin]

From: David Kiarie 

Signed-off-by: David Kiarie 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/trace-events | 29 +
 1 file changed, 29 insertions(+)

diff --git a/hw/i386/trace-events b/hw/i386/trace-events
index 5b99eba..1938b98 100644
--- a/hw/i386/trace-events
+++ b/hw/i386/trace-events
@@ -13,3 +13,32 @@ mhp_pc_dimm_assigned_address(uint64_t addr) "0x%"PRIx64
 
 # hw/i386/x86-iommu.c
 x86_iommu_iec_notify(bool global, uint32_t index, uint32_t mask) "Notify IEC 
invalidation: global=%d index=%" PRIu32 " mask=%" PRIu32
+
+# hw/i386/amd_iommu.c
+amdvi_evntlog_fail(uint64_t addr, uint32_t head) "error: fail to write at addr 
0x%"PRIx64" +  offset 0x%"PRIx32
+amdvi_cache_update(uint16_t domid, uint8_t bus, uint8_t slot, uint8_t func, 
uint64_t gpa, uint64_t txaddr) " update iotlb domid 0x%"PRIx16" devid: 
%02x:%02x.%x gpa 0x%"PRIx64" hpa 0x%"PRIx64
+amdvi_completion_wait_fail(uint64_t addr) "error: fail to write at address 
0x%"PRIx64
+amdvi_mmio_write(const char *reg, uint64_t addr, unsigned size, uint64_t val, 
uint64_t offset) "%s write addr 0x%"PRIx64", size %u, val 0x%"PRIx64", offset 
0x%"PRIx64
+amdvi_mmio_read(const char *reg, uint64_t addr, unsigned size, uint64_t 
offset) "%s read addr 0x%"PRIx64", size %u offset 0x%"PRIx64
+amdvi_command_error(uint64_t status) "error: Executing commands with command 
buffer disabled 0x%"PRIx64
+amdvi_command_read_fail(uint64_t addr, uint32_t head) "error: fail to access 
memory at 0x%"PRIx64" + 0x%"PRIx32
+amdvi_command_exec(uint32_t head, uint32_t tail, uint64_t buf) "command buffer 
head at 0x%"PRIx32" command buffer tail at 0x%"PRIx32" command buffer base at 
0x%"PRIx64
+amdvi_unhandled_command(uint8_t type) "unhandled command 0x%"PRIx8
+amdvi_intr_inval(void) "Interrupt table invalidated"
+amdvi_iotlb_inval(void) "IOTLB pages invalidated"
+amdvi_prefetch_pages(void) "Pre-fetch of AMD-Vi pages requested"
+amdvi_pages_inval(uint16_t domid) "AMD-Vi pages for domain 0x%"PRIx16 " 
invalidated"
+amdvi_all_inval(void) "Invalidation of all AMD-Vi cache requested "
+amdvi_ppr_exec(void) "Execution of PPR queue requested "
+amdvi_devtab_inval(uint8_t bus, uint8_t slot, uint8_t func) "device table 
entry for devid: %02x:%02x.%x invalidated"
+amdvi_completion_wait(uint64_t addr, uint64_t data) "completion wait requested 
with store address 0x%"PRIx64" and store data 0x%"PRIx64
+amdvi_control_status(uint64_t val) "MMIO_STATUS state 0x%"PRIx64
+amdvi_iotlb_reset(void) "IOTLB exceed size limit - reset "
+amdvi_completion_wait_exec(uint64_t addr, uint64_t data) "completion wait 
requested with store address 0x%"PRIx64" and store data 0x%"PRIx64
+amdvi_dte_get_fail(uint64_t addr, uint32_t offset) "error: failed to access 
Device Entry devtab 0x%"PRIx64" offset 0x%"PRIx32
+amdvi_invalid_dte(uint64_t addr) "PTE entry at 0x%"PRIx64" is invalid "
+amdvi_get_pte_hwerror(uint64_t addr) "hardware error eccessing PTE at addr 
0x%"PRIx64
+amdvi_mode_invalid(uint8_t level, uint64_t addr)"error: translation level 
0x%"PRIx8" translating addr 0x%"PRIx64
+amdvi_page_fault(uint64_t addr) "error: page fault accessing guest physical 
address 0x%"PRIx64
+amdvi_iotlb_hit(uint8_t bus, uint8_t slot, uint8_t func, uint64_t addr, 
uint64_t txaddr) "hit iotlb devid %02x:%02x.%x gpa 0x%"PRIx64" hpa 0x%"PRIx64
+amdvi_translation_result(uint8_t bus, uint8_t slot, uint8_t func, uint64_t 
addr, uint64_t txaddr) "devid: %02x:%02x.%x gpa 0x%"PRIx64" hpa 0x%"PRIx64
-- 
MST

[Qemu-devel] [PULL v2 05/19] pc: clean up COMPAT macro chaining

[Michael S. Tsirkin]

From: Igor Mammedov 

Since commit
 bacc344c ("machine: add properties to compat_props incrementaly")
there is no need to chain per machine type compat macro.

Clean up places where it was done anyway so it will be
consistent and won't confuse contributors during addtion
of new machine types.

Signed-off-by: Igor Mammedov 
Reviewed-by: Eduardo Habkost 
---
 include/hw/i386/pc.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index ab8e319..b0a61f3 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -375,7 +375,6 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 
 
 #define PC_COMPAT_2_7 \
-PC_COMPAT_2_8 \
 HW_COMPAT_2_7
 
 #define PC_COMPAT_2_6 \
@@ -405,7 +404,6 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 },
 
 #define PC_COMPAT_2_5 \
-PC_COMPAT_2_6 \
 HW_COMPAT_2_5
 
 /* Helper for setting model-id for CPU models that changed model-id
-- 
MST

[Qemu-devel] [PULL v2 08/19] virtio: stop virtqueue processing if device is broken

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

QEMU prints an error message and exits when the device enters an invalid
state.  Terminating the process is heavy-handed.  The guest may still be
able to function even if there is a bug in a virtio guest driver.

Moreover, exiting is a bug in nested virtualization where a nested guest
could DoS other nested guests by killing a pass-through virtio device.
I don't think this configuration is possible today but it is likely in
the future.

If the broken flag is set, do not process virtqueues or write back used
descriptors.  The broken flag can be cleared again by resetting the
device.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 include/hw/virtio/virtio.h |  3 +++
 hw/virtio/virtio.c | 39 +++
 2 files changed, 42 insertions(+)

diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index f05559d..888c8de 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -87,6 +87,7 @@ struct VirtIODevice
 VirtQueue *vq;
 uint16_t device_id;
 bool vm_running;
+bool broken; /* device in invalid state, needs reset */
 VMChangeStateEntry *vmstate;
 char *bus_name;
 uint8_t device_endian;
@@ -135,6 +136,8 @@ void virtio_init(VirtIODevice *vdev, const char *name,
  uint16_t device_id, size_t config_size);
 void virtio_cleanup(VirtIODevice *vdev);
 
+void virtio_error(VirtIODevice *vdev, const char *fmt, ...) GCC_FMT_ATTR(2, 3);
+
 /* Set the child bus name. */
 void virtio_device_set_child_bus_name(VirtIODevice *vdev, char *bus_name);
 
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 1199149..1671ea8 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -303,6 +303,10 @@ void virtqueue_fill(VirtQueue *vq, const VirtQueueElement 
*elem,
 
 virtqueue_unmap_sg(vq, elem, len);
 
+if (unlikely(vq->vdev->broken)) {
+return;
+}
+
 idx = (idx + vq->used_idx) % vq->vring.num;
 
 uelem.id = elem->index;
@@ -313,6 +317,12 @@ void virtqueue_fill(VirtQueue *vq, const VirtQueueElement 
*elem,
 void virtqueue_flush(VirtQueue *vq, unsigned int count)
 {
 uint16_t old, new;
+
+if (unlikely(vq->vdev->broken)) {
+vq->inuse -= count;
+return;
+}
+
 /* Make sure buffer is written before we update index. */
 smp_wmb();
 trace_virtqueue_flush(vq, count);
@@ -583,6 +593,9 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 struct iovec iov[VIRTQUEUE_MAX_SIZE];
 VRingDesc desc;
 
+if (unlikely(vdev->broken)) {
+return NULL;
+}
 if (virtio_queue_empty(vq)) {
 return NULL;
 }
@@ -747,6 +760,10 @@ static void virtio_notify_vector(VirtIODevice *vdev, 
uint16_t vector)
 BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
 VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
 
+if (unlikely(vdev->broken)) {
+return;
+}
+
 if (k->notify) {
 k->notify(qbus->parent, vector);
 }
@@ -830,6 +847,7 @@ void virtio_reset(void *opaque)
 k->reset(vdev);
 }
 
+vdev->broken = false;
 vdev->guest_features = 0;
 vdev->queue_sel = 0;
 vdev->status = 0;
@@ -1137,6 +1155,10 @@ static void virtio_queue_notify_vq(VirtQueue *vq)
 if (vq->vring.desc && vq->handle_output) {
 VirtIODevice *vdev = vq->vdev;
 
+if (unlikely(vdev->broken)) {
+return;
+}
+
 trace_virtio_queue_notify(vdev, vq - vdev->vq, vq);
 vq->handle_output(vdev, vq);
 }
@@ -1758,6 +1780,7 @@ void virtio_init(VirtIODevice *vdev, const char *name,
 vdev->config_vector = VIRTIO_NO_VECTOR;
 vdev->vq = g_malloc0(sizeof(VirtQueue) * VIRTIO_QUEUE_MAX);
 vdev->vm_running = runstate_is_running();
+vdev->broken = false;
 for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
 vdev->vq[i].vector = VIRTIO_NO_VECTOR;
 vdev->vq[i].vdev = vdev;
@@ -1944,6 +1967,22 @@ void virtio_device_set_child_bus_name(VirtIODevice 
*vdev, char *bus_name)
 vdev->bus_name = g_strdup(bus_name);
 }
 
+void GCC_FMT_ATTR(2, 3) virtio_error(VirtIODevice *vdev, const char *fmt, ...)
+{
+va_list ap;
+
+va_start(ap, fmt);
+error_vreport(fmt, ap);
+va_end(ap);
+
+vdev->broken = true;
+
+if (virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1)) {
+virtio_set_status(vdev, vdev->status | VIRTIO_CONFIG_S_NEEDS_RESET);
+virtio_notify_config(vdev);
+}
+}
+
 static void virtio_device_realize(DeviceState *dev, Error **errp)
 {
 VirtIODevice *vdev = VIRTIO_DEVICE(dev);
-- 
MST

[Qemu-devel] [PULL v2 12/19] virtio: use unsigned int for virtqueue_get_avail_bytes() index

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

The virtio code uses int, unsigned int, and uint16_t for virtqueue
indices.  The uint16_t is used for the low-level descriptor layout in
virtio_ring.h while code that isn't concerned with descriptor layout can
use unsigned int.

Use of int is problematic because it can result in signed/unsigned
comparison and incompatible int*/unsigned int* pointer types.

Make the virtqueue_get_avail_bytes() 'i' variable unsigned int.  This
eliminates the need to introduce casts and modify code further in the
patches that follow.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 10c2f3d..973d0c2 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -416,7 +416,7 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 unsigned int max, num_bufs, indirect = 0;
 VRingDesc desc;
 hwaddr desc_pa;
-int i;
+unsigned int i;
 
 max = vq->vring.num;
 num_bufs = total_bufs;
-- 
MST

[Qemu-devel] [PULL v2 13/19] virtio: handle virtqueue_read_next_desc() errors

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

Stop processing the vring if an avail ring index is invalid.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 45 -
 1 file changed, 32 insertions(+), 13 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 973d0c2..82142c6 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -377,28 +377,33 @@ static unsigned int virtqueue_get_head(VirtQueue *vq, 
unsigned int idx)
 return head;
 }
 
-static unsigned virtqueue_read_next_desc(VirtIODevice *vdev, VRingDesc *desc,
- hwaddr desc_pa, unsigned int max)
-{
-unsigned int next;
+enum {
+VIRTQUEUE_READ_DESC_ERROR = -1,
+VIRTQUEUE_READ_DESC_DONE = 0,   /* end of chain */
+VIRTQUEUE_READ_DESC_MORE = 1,   /* more buffers in chain */
+};
 
+static int virtqueue_read_next_desc(VirtIODevice *vdev, VRingDesc *desc,
+hwaddr desc_pa, unsigned int max,
+unsigned int *next)
+{
 /* If this descriptor says it doesn't chain, we're done. */
 if (!(desc->flags & VRING_DESC_F_NEXT)) {
-return max;
+return VIRTQUEUE_READ_DESC_DONE;
 }
 
 /* Check they're not leading us off end of descriptors. */
-next = desc->next;
+*next = desc->next;
 /* Make sure compiler knows to grab that: we don't want it changing! */
 smp_wmb();
 
-if (next >= max) {
-error_report("Desc next is %u", next);
-exit(1);
+if (*next >= max) {
+virtio_error(vdev, "Desc next is %u", *next);
+return VIRTQUEUE_READ_DESC_ERROR;
 }
 
-vring_desc_read(vdev, desc, desc_pa, next);
-return next;
+vring_desc_read(vdev, desc, desc_pa, *next);
+return VIRTQUEUE_READ_DESC_MORE;
 }
 
 void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
@@ -407,6 +412,7 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 {
 unsigned int idx;
 unsigned int total_bufs, in_total, out_total;
+int rc;
 
 idx = vq->last_avail_idx;
 
@@ -459,7 +465,13 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 if (in_total >= max_in_bytes && out_total >= max_out_bytes) {
 goto done;
 }
-} while ((i = virtqueue_read_next_desc(vdev, , desc_pa, max)) != 
max);
+
+rc = virtqueue_read_next_desc(vdev, , desc_pa, max, );
+} while (rc == VIRTQUEUE_READ_DESC_MORE);
+
+if (rc == VIRTQUEUE_READ_DESC_ERROR) {
+goto err;
+}
 
 if (!indirect)
 total_bufs = num_bufs;
@@ -621,6 +633,7 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 hwaddr addr[VIRTQUEUE_MAX_SIZE];
 struct iovec iov[VIRTQUEUE_MAX_SIZE];
 VRingDesc desc;
+int rc;
 
 if (unlikely(vdev->broken)) {
 return NULL;
@@ -688,7 +701,13 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 virtio_error(vdev, "Looped descriptor");
 goto err_undo_map;
 }
-} while ((i = virtqueue_read_next_desc(vdev, , desc_pa, max)) != max);
+
+rc = virtqueue_read_next_desc(vdev, , desc_pa, max, );
+} while (rc == VIRTQUEUE_READ_DESC_MORE);
+
+if (rc == VIRTQUEUE_READ_DESC_ERROR) {
+goto err_undo_map;
+}
 
 /* Now copy what we have collected and mapped */
 elem = virtqueue_alloc_element(sz, out_num, in_num);
-- 
MST

[Qemu-devel] [PULL v2 03/19] tests: add /vhost-user/flags-mismatch test

[Michael S. Tsirkin]

From: Marc-André Lureau 

Check that qemu disconnects the backend that doesn't have the previously
acked features.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/vhost-user-test.c | 60 -
 1 file changed, 59 insertions(+), 1 deletion(-)

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index ffdd398..a39846e 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -130,6 +130,13 @@ static VhostUserMsg m __attribute__ ((unused));
 #define VHOST_USER_VERSION(0x1)
 /*/
 
+enum {
+TEST_FLAGS_OK,
+TEST_FLAGS_DISCONNECT,
+TEST_FLAGS_BAD,
+TEST_FLAGS_END,
+};
+
 typedef struct TestServer {
 gchar *socket_path;
 gchar *mig_path;
@@ -143,6 +150,7 @@ typedef struct TestServer {
 int log_fd;
 uint64_t rings;
 bool test_fail;
+int test_flags;
 int queues;
 } TestServer;
 
@@ -292,6 +300,10 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 if (s->queues > 1) {
 msg.payload.u64 |= 0x1ULL << VIRTIO_NET_F_MQ;
 }
+if (s->test_flags >= TEST_FLAGS_BAD) {
+msg.payload.u64 = 0;
+s->test_flags = TEST_FLAGS_END;
+}
 p = (uint8_t *) 
 qemu_chr_fe_write_all(chr, p, VHOST_USER_HDR_SIZE + msg.size);
 break;
@@ -299,6 +311,10 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 case VHOST_USER_SET_FEATURES:
g_assert_cmpint(msg.payload.u64 & (0x1ULL << 
VHOST_USER_F_PROTOCOL_FEATURES),
!=, 0ULL);
+if (s->test_flags == TEST_FLAGS_DISCONNECT) {
+qemu_chr_disconnect(chr);
+s->test_flags = TEST_FLAGS_BAD;
+}
 break;
 
 case VHOST_USER_GET_PROTOCOL_FEATURES:
@@ -424,6 +440,16 @@ static TestServer *test_server_new(const gchar *name)
 return server;
 }
 
+static void chr_event(void *opaque, int event)
+{
+TestServer *s = opaque;
+
+if (s->test_flags == TEST_FLAGS_END &&
+event == CHR_EVENT_CLOSED) {
+s->test_flags = TEST_FLAGS_OK;
+}
+}
+
 static void test_server_create_chr(TestServer *server, const gchar *opt)
 {
 gchar *chr_path;
@@ -432,7 +458,8 @@ static void test_server_create_chr(TestServer *server, 
const gchar *opt)
 server->chr = qemu_chr_new(server->chr_name, chr_path, NULL);
 g_free(chr_path);
 
-qemu_chr_add_handlers(server->chr, chr_can_read, chr_read, NULL, server);
+qemu_chr_add_handlers(server->chr, chr_can_read, chr_read,
+  chr_event, server);
 }
 
 static void test_server_listen(TestServer *server)
@@ -774,6 +801,34 @@ static void test_connect_fail(void)
 g_free(path);
 }
 
+static void test_flags_mismatch_subprocess(void)
+{
+TestServer *s = test_server_new("flags-mismatch");
+char *cmd;
+
+s->test_flags = TEST_FLAGS_DISCONNECT;
+g_thread_new("connect", connect_thread, s);
+cmd = GET_QEMU_CMDE(s, 2, ",server", "");
+qtest_start(cmd);
+g_free(cmd);
+
+init_virtio_dev(s);
+wait_for_fds(s);
+wait_for_rings_started(s, 2);
+
+qtest_end();
+test_server_free(s);
+}
+
+static void test_flags_mismatch(void)
+{
+gchar *path = g_strdup_printf("/%s/vhost-user/flags-mismatch/subprocess",
+  qtest_get_arch());
+g_test_trap_subprocess(path, 0, 0);
+g_test_trap_assert_passed();
+g_free(path);
+}
+
 #endif
 
 static QVirtioPCIDevice *virtio_net_pci_init(QPCIBus *bus, int slot)
@@ -908,6 +963,9 @@ int main(int argc, char **argv)
 qtest_add_func("/vhost-user/connect-fail/subprocess",
test_connect_fail_subprocess);
 qtest_add_func("/vhost-user/connect-fail", test_connect_fail);
+qtest_add_func("/vhost-user/flags-mismatch/subprocess",
+   test_flags_mismatch_subprocess);
+qtest_add_func("/vhost-user/flags-mismatch", test_flags_mismatch);
 #endif
 
 ret = g_test_run();
-- 
MST

[Qemu-devel] [PULL v2 04/19] virtio: add check for descriptor's mapped address

[Michael S. Tsirkin]

From: Prasad J Pandit 

virtio back end uses set of buffers to facilitate I/O operations.
If its size is too large, 'cpu_physical_memory_map' could return
a null address. This would result in a null dereference while
un-mapping descriptors. Add check to avoid it.

Reported-by: Qinghao Tang 
Signed-off-by: Prasad J Pandit 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Laszlo Ersek 
---
 hw/virtio/virtio.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index fcf3358..bb656b1 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -495,6 +495,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, 
hwaddr *addr, struct iove
 }
 
 iov[num_sg].iov_base = cpu_physical_memory_map(pa, , is_write);
+if (!iov[num_sg].iov_base) {
+error_report("virtio: bogus descriptor or out of resources");
+exit(1);
+}
+
 iov[num_sg].iov_len = len;
 addr[num_sg] = pa;
 
-- 
MST

[Qemu-devel] [PULL v2 00/19] virtio, pc: fixes and features

[Michael S. Tsirkin]

The following changes since commit eaff9c4367ac3f7ac44f6c6f4cb7bcd4daa89af5:

  Merge remote-tracking branch 'remotes/lalrae/tags/mips-20160923' into staging 
(2016-09-23 15:28:07 +0100)

are available in the git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream

for you to fetch changes up to fb9f592623b0f9bb82a88d68d7921fb581918ef5:

  hw/i386: AMD IOMMU IVRS table (2016-09-24 01:02:01 +0300)

changes since v1:
fixed a build failure due to a duplicate typedef
which trips up older gccs


virtio, pc: fixes and features

beginning of guest error handling for virtio devices
amd iommu
pc compat fixes

Signed-off-by: Michael S. Tsirkin <m...@redhat.com>


David Kiarie (4):
  hw/pci: Prepare for AMD IOMMU
  hw/i386/trace-events: Add AMD IOMMU trace events
  hw/i386: Introduce AMD IOMMU
  hw/i386: AMD IOMMU IVRS table

Igor Mammedov (2):
  pc: clean up COMPAT macro chaining
  target-i386: turn off CPU.l3-cache only for 2.7 and older machine types

Marc-André Lureau (3):
  tests: add /vhost-user/connect-fail test
  tests: add a simple /vhost-user/multiqueue test
  tests: add /vhost-user/flags-mismatch test

Prasad J Pandit (1):
  virtio: add check for descriptor's mapped address

Stefan Hajnoczi (9):
  virtio: fix stray tab character
  virtio: stop virtqueue processing if device is broken
  virtio: migrate vdev->broken flag
  virtio: handle virtqueue_map_desc() errors
  virtio: handle virtqueue_get_avail_bytes() errors
  virtio: use unsigned int for virtqueue_get_avail_bytes() index
  virtio: handle virtqueue_read_next_desc() errors
  virtio: handle virtqueue_num_heads() errors
  virtio: handle virtqueue_get_head() errors

 hw/i386/amd_iommu.h |  289 +++
 include/hw/acpi/aml-build.h |1 +
 include/hw/i386/pc.h|9 +-
 include/hw/i386/x86-iommu.h |   12 +
 include/hw/pci/pci.h|3 +
 include/hw/virtio/virtio.h  |3 +
 hw/acpi/aml-build.c |2 +-
 hw/i386/acpi-build.c|   76 ++-
 hw/i386/amd_iommu.c | 1202 +++
 hw/i386/intel_iommu.c   |1 +
 hw/i386/x86-iommu.c |6 +
 hw/virtio/virtio.c  |  237 +++--
 tests/vhost-user-test.c |  208 +++-
 hw/i386/Makefile.objs   |1 +
 hw/i386/trace-events|   29 ++
 tests/Makefile.include  |2 +-
 16 files changed, 2009 insertions(+), 72 deletions(-)
 create mode 100644 hw/i386/amd_iommu.h
 create mode 100644 hw/i386/amd_iommu.c

[Qemu-devel] [PULL v2 02/19] tests: add a simple /vhost-user/multiqueue test

[Michael S. Tsirkin]

From: Marc-André Lureau 

This test just checks that 2 virtio-net queues can be setup over
vhost-user and waits for them to be started.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/vhost-user-test.c | 109 ++--
 tests/Makefile.include  |   2 +-
 2 files changed, 107 insertions(+), 4 deletions(-)

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index ab91e16..ffdd398 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -20,6 +20,11 @@
 #include "libqos/pci-pc.h"
 #include "libqos/virtio-pci.h"
 
+#include "libqos/pci-pc.h"
+#include "libqos/virtio-pci.h"
+#include "libqos/malloc-pc.h"
+#include "hw/virtio/virtio-net.h"
+
 #include 
 #include 
 #include 
@@ -50,6 +55,7 @@
 #define VHOST_MEMORY_MAX_NREGIONS8
 
 #define VHOST_USER_F_PROTOCOL_FEATURES 30
+#define VHOST_USER_PROTOCOL_F_MQ 0
 #define VHOST_USER_PROTOCOL_F_LOG_SHMFD 1
 
 #define VHOST_LOG_PAGE 0x1000
@@ -72,6 +78,7 @@ typedef enum VhostUserRequest {
 VHOST_USER_SET_VRING_ERR = 14,
 VHOST_USER_GET_PROTOCOL_FEATURES = 15,
 VHOST_USER_SET_PROTOCOL_FEATURES = 16,
+VHOST_USER_GET_QUEUE_NUM = 17,
 VHOST_USER_SET_VRING_ENABLE = 18,
 VHOST_USER_MAX
 } VhostUserRequest;
@@ -136,6 +143,7 @@ typedef struct TestServer {
 int log_fd;
 uint64_t rings;
 bool test_fail;
+int queues;
 } TestServer;
 
 static const char *tmpfs;
@@ -281,6 +289,9 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 msg.size = sizeof(m.payload.u64);
 msg.payload.u64 = 0x1ULL << VHOST_F_LOG_ALL |
 0x1ULL << VHOST_USER_F_PROTOCOL_FEATURES;
+if (s->queues > 1) {
+msg.payload.u64 |= 0x1ULL << VIRTIO_NET_F_MQ;
+}
 p = (uint8_t *) 
 qemu_chr_fe_write_all(chr, p, VHOST_USER_HDR_SIZE + msg.size);
 break;
@@ -295,6 +306,9 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 msg.flags |= VHOST_USER_REPLY_MASK;
 msg.size = sizeof(m.payload.u64);
 msg.payload.u64 = 1 << VHOST_USER_PROTOCOL_F_LOG_SHMFD;
+if (s->queues > 1) {
+msg.payload.u64 |= 1 << VHOST_USER_PROTOCOL_F_MQ;
+}
 p = (uint8_t *) 
 qemu_chr_fe_write_all(chr, p, VHOST_USER_HDR_SIZE + msg.size);
 break;
@@ -307,7 +321,7 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 p = (uint8_t *) 
 qemu_chr_fe_write_all(chr, p, VHOST_USER_HDR_SIZE + msg.size);
 
-assert(msg.payload.state.index < 2);
+assert(msg.payload.state.index < s->queues * 2);
 s->rings &= ~(0x1ULL << msg.payload.state.index);
 break;
 
@@ -347,10 +361,18 @@ static void chr_read(void *opaque, const uint8_t *buf, 
int size)
 break;
 
 case VHOST_USER_SET_VRING_BASE:
-assert(msg.payload.state.index < 2);
+assert(msg.payload.state.index < s->queues * 2);
 s->rings |= 0x1ULL << msg.payload.state.index;
 break;
 
+case VHOST_USER_GET_QUEUE_NUM:
+msg.flags |= VHOST_USER_REPLY_MASK;
+msg.size = sizeof(m.payload.u64);
+msg.payload.u64 = s->queues;
+p = (uint8_t *) 
+qemu_chr_fe_write_all(chr, p, VHOST_USER_HDR_SIZE + msg.size);
+break;
+
 default:
 break;
 }
@@ -397,6 +419,7 @@ static TestServer *test_server_new(const gchar *name)
 g_cond_init(>data_cond);
 
 server->log_fd = -1;
+server->queues = 1;
 
 return server;
 }
@@ -648,7 +671,6 @@ static void test_migrate(void)
 global_qtest = global;
 }
 
-#ifdef CONFIG_HAS_GLIB_SUBPROCESS_TESTS
 static void wait_for_rings_started(TestServer *s, size_t count)
 {
 gint64 end_time;
@@ -666,6 +688,7 @@ static void wait_for_rings_started(TestServer *s, size_t 
count)
 g_mutex_unlock(>data_mutex);
 }
 
+#ifdef CONFIG_HAS_GLIB_SUBPROCESS_TESTS
 static gboolean
 reconnect_cb(gpointer user_data)
 {
@@ -753,6 +776,85 @@ static void test_connect_fail(void)
 
 #endif
 
+static QVirtioPCIDevice *virtio_net_pci_init(QPCIBus *bus, int slot)
+{
+QVirtioPCIDevice *dev;
+
+dev = qvirtio_pci_device_find(bus, VIRTIO_ID_NET);
+g_assert(dev != NULL);
+g_assert_cmphex(dev->vdev.device_type, ==, VIRTIO_ID_NET);
+
+qvirtio_pci_device_enable(dev);
+qvirtio_reset(_pci, >vdev);
+qvirtio_set_acknowledge(_pci, >vdev);
+qvirtio_set_driver(_pci, >vdev);
+
+return dev;
+}
+
+static void driver_init(const QVirtioBus *bus, QVirtioDevice *dev)
+{
+uint32_t features;
+
+features = qvirtio_get_features(bus, dev);
+features = features & ~(QVIRTIO_F_BAD_FEATURE |
+(1u << VIRTIO_RING_F_INDIRECT_DESC) |
+(1u << VIRTIO_RING_F_EVENT_IDX));
+qvirtio_set_features(bus, dev, features);
+
+

[Qemu-devel] [PULL v2 06/19] target-i386: turn off CPU.l3-cache only for 2.7 and older machine types

[Michael S. Tsirkin]

From: Igor Mammedov 

commit (14c985cff target-i386: present virtual L3 cache info for vcpus)
misplaced compat property putting it in new 2.8 machine type
which would effectively to disable feature until 2.9 is released.
Intent of commit probably should be to disable feature for 2.7
and older while allowing not yet released 2.8 to have feature
enabled by default.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Igor Mammedov 
Reviewed-by: Marcel Apfelbaum 
Reviewed-by: Eduardo Habkost 
---
 include/hw/i386/pc.h | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index b0a61f3..29a6c9b 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -367,16 +367,15 @@ int e820_get_num_entries(void);
 bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 
 #define PC_COMPAT_2_8 \
+
+#define PC_COMPAT_2_7 \
+HW_COMPAT_2_7 \
 {\
 .driver   = TYPE_X86_CPU,\
 .property = "l3-cache",\
 .value= "off",\
 },
 
-
-#define PC_COMPAT_2_7 \
-HW_COMPAT_2_7
-
 #define PC_COMPAT_2_6 \
 HW_COMPAT_2_6 \
 {\
-- 
MST

[Qemu-devel] [PULL v2 01/19] tests: add /vhost-user/connect-fail test

[Michael S. Tsirkin]

From: Marc-André Lureau 

Check early connection failure and resume.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/vhost-user-test.c | 39 +++
 1 file changed, 39 insertions(+)

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index b89a551..ab91e16 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -135,6 +135,7 @@ typedef struct TestServer {
 CompatGCond data_cond;
 int log_fd;
 uint64_t rings;
+bool test_fail;
 } TestServer;
 
 static const char *tmpfs;
@@ -249,6 +250,12 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 uint8_t *p = (uint8_t *) 
 int fd;
 
+if (s->test_fail) {
+qemu_chr_disconnect(chr);
+/* now switch to non-failure */
+s->test_fail = false;
+}
+
 if (size != VHOST_USER_HDR_SIZE) {
 g_test_message("Wrong message size received %d\n", size);
 return;
@@ -715,6 +722,35 @@ static void test_reconnect(void)
 g_test_trap_assert_passed();
 g_free(path);
 }
+
+static void test_connect_fail_subprocess(void)
+{
+TestServer *s = test_server_new("connect-fail");
+char *cmd;
+
+s->test_fail = true;
+g_thread_new("connect", connect_thread, s);
+cmd = GET_QEMU_CMDE(s, 2, ",server", "");
+qtest_start(cmd);
+g_free(cmd);
+
+init_virtio_dev(s);
+wait_for_fds(s);
+wait_for_rings_started(s, 2);
+
+qtest_end();
+test_server_free(s);
+}
+
+static void test_connect_fail(void)
+{
+gchar *path = g_strdup_printf("/%s/vhost-user/connect-fail/subprocess",
+  qtest_get_arch());
+g_test_trap_subprocess(path, 0, 0);
+g_test_trap_assert_passed();
+g_free(path);
+}
+
 #endif
 
 int main(int argc, char **argv)
@@ -766,6 +802,9 @@ int main(int argc, char **argv)
 qtest_add_func("/vhost-user/reconnect/subprocess",
test_reconnect_subprocess);
 qtest_add_func("/vhost-user/reconnect", test_reconnect);
+qtest_add_func("/vhost-user/connect-fail/subprocess",
+   test_connect_fail_subprocess);
+qtest_add_func("/vhost-user/connect-fail", test_connect_fail);
 #endif
 
 ret = g_test_run();
-- 
MST

Re: [Qemu-devel] [PATCH] tcg: increase MAX_OP_PER_INSTR to 395

[Joseph Myers]

On Fri, 23 Sep 2016, Richard Henderson wrote:

> While increasing the max per insn is indeed one way to approach this, aarch64
> is being remarkably inefficient in this case.  With the following, I see a
> reduction from 387 ops to 261 ops; for a 64-bit host, the reduction is from
> 258 ops to 195 ops.

261 ops plus ops generated in gen_intermediate_code_a64 after the loop 
plus ops from optimization may still require an increase from 266, of 
course (I don't know how to bound the number of ops space must still be 
available for after translating an instruction has resulted in 
tcg_op_buf_full() being true, but my testing had cases where it was at 
least 8).

-- 
Joseph S. Myers
jos...@codesourcery.com

Re: [Qemu-devel] [PATCH 0/3] RDMA error handling

[Michael R. Hines]

Reviewed-by: Michael R. Hines 

(By the way, I no longer work for IBM and no longer have direct access to RDMA 
hardware. If someone is willing to let me login to something that does in the 
future, I don't mind debugging things. I just don't have any hardware of my own 
anymore to debug, and the last time I tried to use software RDMA it was an 
unpleasurable experience.)

/*
 * Michael R. Hines
 * Senior Engineer, DigitalOcean.
 */

On 09/23/2016 02:14 PM, Dr. David Alan Gilbert (git) wrote:

From: "Dr. David Alan Gilbert" 

lp: https://bugs.launchpad.net/qemu/+bug/1545052

The RDMA code tends to hang if the destination dies
in the wrong place;  this series doesn't completely fix
that, but in cases where the destination knows there's
been an error, it makes sure it tells the source and
that cleans up quickly.
If the destination just dies, then the source still hangs
and I still need to look at better ways to fix that.

Dave

Dr. David Alan Gilbert (3):
   migration/rdma: Pass qemu_file errors across link
   migration: Make failed migration load set file error
   migration/rdma: Don't flag an error when we've been told about one

  migration/rdma.c   |  9 -
  migration/savevm.c | 19 ---
  2 files changed, 20 insertions(+), 8 deletions(-)

Re: [Qemu-devel] write_zeroes/trim on the whole disk

[Wouter Verhelst]

On Fri, Sep 23, 2016 at 02:00:06PM -0500, Eric Blake wrote:
> My preference would be a new flag to the existing commands, with
> explicit documentation that 0 offset and 0 length must be used with that
> flag, when requesting a full-device wipe.

Alternatively, what about a flag that says "if you use this flag, the
size should be left-shifted by X bits before processing"? That allows
you to do TRIM or WRITE_ZEROES on much larger chunks, without being
limited to "whole disk" commands. We should probably make it an illegal
flag for any command that actually sends data over the wire, though.

-- 
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
   people in the world who think they really understand all of its rules,
   and pretty much all of them are just lying to themselves too.
 -- #debian-devel, OFTC, 2016-02-12

Re: [Qemu-devel] [PULL 00/19] virtio, pc: fixes and features

[no-reply]

Hi,

Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 1474658051-18617-1-git-send-email-...@redhat.com
Subject: [Qemu-devel] [PULL 00/19] virtio, pc: fixes and features

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
make J=8 docker-test-quick@centos6
make J=8 docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/1474658051-18617-1-git-send-email-...@redhat.com 
-> patchew/1474658051-18617-1-git-send-email-...@redhat.com
Switched to a new branch 'test'
cacc4b0 hw/i386: AMD IOMMU IVRS table
9dd76e8 hw/i386: Introduce AMD IOMMU
51d6513 hw/i386/trace-events: Add AMD IOMMU trace events
2897b28 hw/pci: Prepare for AMD IOMMU
9ed4ac9 virtio: handle virtqueue_get_head() errors
eba15c9 virtio: handle virtqueue_num_heads() errors
3c5513c virtio: handle virtqueue_read_next_desc() errors
3e2dd44 virtio: use unsigned int for virtqueue_get_avail_bytes() index
b63060b virtio: handle virtqueue_get_avail_bytes() errors
a7e238f virtio: handle virtqueue_map_desc() errors
b1ee7b9 virtio: migrate vdev->broken flag
5ae212e virtio: stop virtqueue processing if device is broken
7add352 virtio: fix stray tab character
a8b4e23 target-i386: turn off CPU.l3-cache only for 2.7 and older machine types
eb0f9de pc: clean up COMPAT macro chaining
f2df3c1 virtio: add check for descriptor's mapped address
f2997b7 tests: add /vhost-user/flags-mismatch test
b612c50 tests: add a simple /vhost-user/multiqueue test
c38be03 tests: add /vhost-user/connect-fail test

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
  BUILD centos6
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPY RUNNER
  RUN test-quick in centos6
Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/src/tests/docker/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/src/tests/docker/install
BIOS directory/tmp/qemu-test/src/tests/docker/install/share/qemu
binary directory  /tmp/qemu-test/src/tests/docker/install/bin
library directory /tmp/qemu-test/src/tests/docker/install/lib
module directory  /tmp/qemu-test/src/tests/docker/install/lib/qemu
libexec directory /tmp/qemu-test/src/tests/docker/install/libexec
include directory /tmp/qemu-test/src/tests/docker/install/include
config directory  /tmp/qemu-test/src/tests/docker/install/etc
local state directory   /tmp/qemu-test/src/tests/docker/install/var
Manual directory  /tmp/qemu-test/src/tests/docker/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-fPIE -DPIE -m64 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels -Wmissing-include-dirs 
-Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition 
-Wtype-limits -fstack-protector-all
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi supportno
bluez  supportno
Documentation no
PIE   yes
vde support   no
netmap supportno
Linux AIO support no
ATTR/XATTR support yes
Install blobs yes
KVM support   yes
RDMA support  no
TCG interpreter   no
fdt support   yes
preadv supportyes
fdatasync yes
madvise  

Re: [Qemu-devel] [PATCH 6/7] target-i386: xsave: Calculate set of xsave components on realize

[Richard Henderson]

On 09/23/2016 12:45 PM, Eduardo Habkost wrote:

Instead of doing complex calculations and calling
kvm_arch_get_supported_cpuid() inside cpu_x86_cpuid(), calculate
the set of required XSAVE components earlier, at realize time.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 51 ---
 target-i386/cpu.h |  1 +
 2 files changed, 29 insertions(+), 23 deletions(-)


Reviewed-by: Richard Henderson 


@@ -2504,9 +2504,6 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 *ebx &= 0x; /* The count doesn't need to be reliable. */
 break;
 case 0xD: {
-uint64_t ena_mask;
-int i;
-
 /* Processor Extended State */
 *eax = 0;
 *ebx = 0;


We should be able to drop the braces around this case as well, please.


r~

Re: [Qemu-devel] [PATCH 7/7] target-i386: Move xsave component mask to features array

[Richard Henderson]

On 09/23/2016 12:45 PM, Eduardo Habkost wrote:

This will reuse the existing check/enforce logic in
x86_cpu_filter_features() to check the xsave component bits
against GET_SUPPORTED_CPUID.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 42 --
 target-i386/cpu.h |  3 ++-
 2 files changed, 30 insertions(+), 15 deletions(-)


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PULL 00/19] virtio, pc: fixes and features

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1474658051-18617-1-git-send-email-...@redhat.com
Subject: [Qemu-devel] [PULL 00/19] virtio, pc: fixes and features

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git show --no-patch --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
cacc4b0 hw/i386: AMD IOMMU IVRS table
9dd76e8 hw/i386: Introduce AMD IOMMU
51d6513 hw/i386/trace-events: Add AMD IOMMU trace events
2897b28 hw/pci: Prepare for AMD IOMMU
9ed4ac9 virtio: handle virtqueue_get_head() errors
eba15c9 virtio: handle virtqueue_num_heads() errors
3c5513c virtio: handle virtqueue_read_next_desc() errors
3e2dd44 virtio: use unsigned int for virtqueue_get_avail_bytes() index
b63060b virtio: handle virtqueue_get_avail_bytes() errors
a7e238f virtio: handle virtqueue_map_desc() errors
b1ee7b9 virtio: migrate vdev->broken flag
5ae212e virtio: stop virtqueue processing if device is broken
7add352 virtio: fix stray tab character
a8b4e23 target-i386: turn off CPU.l3-cache only for 2.7 and older machine types
eb0f9de pc: clean up COMPAT macro chaining
f2df3c1 virtio: add check for descriptor's mapped address
f2997b7 tests: add /vhost-user/flags-mismatch test
b612c50 tests: add a simple /vhost-user/multiqueue test
c38be03 tests: add /vhost-user/connect-fail test

=== OUTPUT BEGIN ===
Checking PATCH 1/19: tests: add /vhost-user/connect-fail test...
Checking PATCH 2/19: tests: add a simple /vhost-user/multiqueue test...
WARNING: line over 80 characters
#192: FILE: tests/vhost-user-test.c:824:
+cmd = g_strdup_printf(QEMU_CMD_MEM QEMU_CMD_CHR QEMU_CMD_NETDEV 
",queues=%d "

total: 0 errors, 1 warnings, 198 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 3/19: tests: add /vhost-user/flags-mismatch test...
Checking PATCH 4/19: virtio: add check for descriptor's mapped address...
Checking PATCH 5/19: pc: clean up COMPAT macro chaining...
Checking PATCH 6/19: target-i386: turn off CPU.l3-cache only for 2.7 and older 
machine types...
Checking PATCH 7/19: virtio: fix stray tab character...
Checking PATCH 8/19: virtio: stop virtqueue processing if device is broken...
Checking PATCH 9/19: virtio: migrate vdev->broken flag...
Checking PATCH 10/19: virtio: handle virtqueue_map_desc() errors...
Checking PATCH 11/19: virtio: handle virtqueue_get_avail_bytes() errors...
Checking PATCH 12/19: virtio: use unsigned int for virtqueue_get_avail_bytes() 
index...
Checking PATCH 13/19: virtio: handle virtqueue_read_next_desc() errors...
Checking PATCH 14/19: virtio: handle virtqueue_num_heads() errors...
Checking PATCH 15/19: virtio: handle virtqueue_get_head() errors...
Checking PATCH 16/19: hw/pci: Prepare for AMD IOMMU...
Checking PATCH 17/19: hw/i386/trace-events: Add AMD IOMMU trace events...
Checking PATCH 18/19: hw/i386: Introduce AMD IOMMU...
ERROR: struct MemoryRegionIOMMUOps should normally be const
#1527: FILE: hw/i386/amd_iommu.h:280:
+MemoryRegionIOMMUOps iommu_ops;

total: 1 errors, 0 warnings, 1495 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 19/19: hw/i386: AMD IOMMU IVRS table...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH] qapi: make the json schema files more regular.

[David Anderson]

On Thu, Sep 22, 2016 at 6:07 AM, Eric Blake  wrote:

> On 09/21/2016 11:00 PM, David Anderson wrote:
> > This makes it easier to parse the schema file for tool generation:
> > each paragraph is either a non-docstring comment, or a docstring
> > immediately followed by a Python dict describing an API item.
> >
> > Signed-off-by: David Anderson 
> > ---
> >  qapi-schema.json | 3 +--
> >  qapi/block-core.json | 5 -
> >  2 files changed, 1 insertion(+), 7 deletions(-)
>
> Related to the work Marc-Andre is already doing, but fine to take now.
>

Do you have a link to that work? It sounds like the schema format may be
changing, which is relevant to my interests since I'm trying to parse it :).

- Dave


>
> Reviewed-by: Eric Blake 
>
> >
> > diff --git a/qapi-schema.json b/qapi-schema.json
> > index e507061..edd803f 100644
> > --- a/qapi-schema.json
> > +++ b/qapi-schema.json
> > @@ -752,6 +752,7 @@
> >  'cpu-throttle-increment': 'int',
> >  'tls-creds': 'str',
> >  'tls-hostname': 'str'} }
> > +
> >  ##
> >  # @query-migrate-parameters
> >  #
> > @@ -4115,7 +4116,6 @@
> >  #
> >  # Since 1.6
> >  ##
> > -
> >  { 'struct': 'RxFilterInfo',
> >'data': {
> >  'name':   'str',
> > @@ -4335,7 +4335,6 @@
> >  #
> >  # Since: 2.1
> >  ##
> > -
> >  { 'struct': 'Memdev',
> >'data': {
> >  'size':   'size',
> > diff --git a/qapi/block-core.json b/qapi/block-core.json
> > index 24223fd..e12fbd3 100644
> > --- a/qapi/block-core.json
> > +++ b/qapi/block-core.json
> > @@ -25,7 +25,6 @@
> >  # Since: 1.3
> >  #
> >  ##
> > -
> >  { 'struct': 'SnapshotInfo',
> >'data': { 'id': 'str', 'name': 'str', 'vm-state-size': 'int',
> >  'date-sec': 'int', 'date-nsec': 'int',
> > @@ -81,7 +80,6 @@
> >  #
> >  # Since: 1.7
> >  ##
> > -
> >  { 'union': 'ImageInfoSpecific',
> >'data': {
> >'qcow2': 'ImageInfoSpecificQCow2',
> > @@ -129,7 +127,6 @@
> >  # Since: 1.3
> >  #
> >  ##
> > -
> >  { 'struct': 'ImageInfo',
> >'data': {'filename': 'str', 'format': 'str', '*dirty-flag': 'bool',
> > '*actual-size': 'int', 'virtual-size': 'int',
> > @@ -181,7 +178,6 @@
> >  # Since: 1.4
> >  #
> >  ##
> > -
> >  { 'struct': 'ImageCheck',
> >'data': {'filename': 'str', 'format': 'str', 'check-errors': 'int',
> > '*image-end-offset': 'int', '*corruptions': 'int', '*leaks':
> 'int',
> > @@ -518,7 +514,6 @@
> >  #
> >  # Since: 2.5
> >  ##
> > -
> >  { 'struct': 'BlockDeviceTimedStats',
> >'data': { 'interval_length': 'int', 'min_rd_latency_ns': 'int',
> >  'max_rd_latency_ns': 'int', 'avg_rd_latency_ns': 'int',
> >
>
> --
> Eric Blake   eblake redhat com+1-919-301-3266
> Libvirt virtualization library http://libvirt.org
>
>

Re: [Qemu-devel] [PATCH 4/7] target-i386: xsave: Simplify CPUID[0xD, 0].{EAX, EDX} calculation

[Richard Henderson]

On 09/23/2016 12:45 PM, Eduardo Habkost wrote:

Instead of assigning individual bits in a loop, just copy the
values from ena_mask.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH 1/7] target-i386: Move feature name arrays inside FeatureWordInfo

[Richard Henderson]

On 09/23/2016 12:45 PM, Eduardo Habkost wrote:

It makes it easier to guarantee the arrays are the right size,
and to find information when looking at the code.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 370 +-
 1 file changed, 170 insertions(+), 200 deletions(-)


Reviewed-by: Richard Henderson 


 static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
 [FEAT_1_EDX] = {
-.feat_names = feature_name,
+.feat_names = {
+"fpu", "vme", "de", "pse",
+"tsc", "msr", "pae", "mce",
+"cx8", "apic", NULL, "sep",
+"mtrr", "pge", "mca", "cmov",
+"pat", "pse36", "pn" /* Intel psn */, "clflush" /* Intel clfsh */,
+NULL, "ds" /* Intel dts */, "acpi", "mmx",
+"fxsr", "sse", "sse2", "ss",
+"ht" /* Intel htt */, "tm", "ia64", "pbe",
+},


Unrelated, but can we make this feature_word_info structure const?  It may 
require the addition of const to other function parameters, in which case the 
change should be a separate patch.



r~

[Qemu-devel] [PULL 18/19] hw/i386: Introduce AMD IOMMU

[Michael S. Tsirkin]

From: David Kiarie 

Add AMD IOMMU emulaton to Qemu in addition to Intel IOMMU.
The IOMMU does basic translation, error checking and has a
minimal IOTLB implementation. This IOMMU bypassed the need
for target aborts by responding with IOMMU_NONE access rights
and exempts the region 0xfee0-0xfeef from translation
as it is the q35 interrupt region.

We advertise features that are not yet implemented to please
the Linux IOMMU driver.

IOTLB aims at implementing commands on real IOMMUs which is
essential for debugging and may not offer any performance
benefits

Signed-off-by: David Kiarie 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/amd_iommu.h   |  289 
 hw/i386/amd_iommu.c   | 1199 +
 hw/i386/Makefile.objs |1 +
 3 files changed, 1489 insertions(+)
 create mode 100644 hw/i386/amd_iommu.h
 create mode 100644 hw/i386/amd_iommu.c

diff --git a/hw/i386/amd_iommu.h b/hw/i386/amd_iommu.h
new file mode 100644
index 000..884926e
--- /dev/null
+++ b/hw/i386/amd_iommu.h
@@ -0,0 +1,289 @@
+/*
+ * QEMU emulation of an AMD IOMMU (AMD-Vi)
+ *
+ * Copyright (C) 2011 Eduard - Gabriel Munteanu
+ * Copyright (C) 2015 David Kiarie, 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#ifndef AMD_IOMMU_H_
+#define AMD_IOMMU_H_
+
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/msi.h"
+#include "hw/sysbus.h"
+#include "sysemu/dma.h"
+#include "hw/i386/pc.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/i386/x86-iommu.h"
+
+/* Capability registers */
+#define AMDVI_CAPAB_BAR_LOW   0x04
+#define AMDVI_CAPAB_BAR_HIGH  0x08
+#define AMDVI_CAPAB_RANGE 0x0C
+#define AMDVI_CAPAB_MISC  0x10
+
+#define AMDVI_CAPAB_SIZE  0x18
+#define AMDVI_CAPAB_REG_SIZE  0x04
+
+/* Capability header data */
+#define AMDVI_CAPAB_ID_SEC0xf
+#define AMDVI_CAPAB_FLAT_EXT  (1 << 28)
+#define AMDVI_CAPAB_EFR_SUP   (1 << 27)
+#define AMDVI_CAPAB_FLAG_NPCACHE  (1 << 26)
+#define AMDVI_CAPAB_FLAG_HTTUNNEL (1 << 25)
+#define AMDVI_CAPAB_FLAG_IOTLBSUP (1 << 24)
+#define AMDVI_CAPAB_INIT_TYPE (3 << 16)
+
+/* No. of used MMIO registers */
+#define AMDVI_MMIO_REGS_HIGH  8
+#define AMDVI_MMIO_REGS_LOW   7
+
+/* MMIO registers */
+#define AMDVI_MMIO_DEVICE_TABLE   0x
+#define AMDVI_MMIO_COMMAND_BASE   0x0008
+#define AMDVI_MMIO_EVENT_BASE 0x0010
+#define AMDVI_MMIO_CONTROL0x0018
+#define AMDVI_MMIO_EXCL_BASE  0x0020
+#define AMDVI_MMIO_EXCL_LIMIT 0x0028
+#define AMDVI_MMIO_EXT_FEATURES   0x0030
+#define AMDVI_MMIO_COMMAND_HEAD   0x2000
+#define AMDVI_MMIO_COMMAND_TAIL   0x2008
+#define AMDVI_MMIO_EVENT_HEAD 0x2010
+#define AMDVI_MMIO_EVENT_TAIL 0x2018
+#define AMDVI_MMIO_STATUS 0x2020
+#define AMDVI_MMIO_PPR_BASE   0x0038
+#define AMDVI_MMIO_PPR_HEAD   0x2030
+#define AMDVI_MMIO_PPR_TAIL   0x2038
+
+#define AMDVI_MMIO_SIZE   0x4000
+
+#define AMDVI_MMIO_DEVTAB_SIZE_MASK   ((1ULL << 12) - 1)
+#define AMDVI_MMIO_DEVTAB_BASE_MASK   (((1ULL << 52) - 1) & ~ \
+   AMDVI_MMIO_DEVTAB_SIZE_MASK)
+#define AMDVI_MMIO_DEVTAB_ENTRY_SIZE  32
+#define AMDVI_MMIO_DEVTAB_SIZE_UNIT   4096
+
+/* some of this are similar but just for readability */
+#define AMDVI_MMIO_CMDBUF_SIZE_BYTE   (AMDVI_MMIO_COMMAND_BASE + 7)
+#define AMDVI_MMIO_CMDBUF_SIZE_MASK   0x0f
+#define AMDVI_MMIO_CMDBUF_BASE_MASK   AMDVI_MMIO_DEVTAB_BASE_MASK
+#define AMDVI_MMIO_CMDBUF_HEAD_MASK   (((1ULL << 19) - 1) & ~0x0f)
+#define AMDVI_MMIO_CMDBUF_TAIL_MASK   AMDVI_MMIO_EVTLOG_HEAD_MASK
+
+#define AMDVI_MMIO_EVTLOG_SIZE_BYTE   (AMDVI_MMIO_EVENT_BASE + 7)
+#define AMDVI_MMIO_EVTLOG_SIZE_MASK   AMDVI_MMIO_CMDBUF_SIZE_MASK
+#define AMDVI_MMIO_EVTLOG_BASE_MASK   AMDVI_MMIO_CMDBUF_BASE_MASK
+#define AMDVI_MMIO_EVTLOG_HEAD_MASK   (((1ULL << 19) - 1) & ~0x0f)
+#define AMDVI_MMIO_EVTLOG_TAIL_MASK   AMDVI_MMIO_EVTLOG_HEAD_MASK
+
+#define AMDVI_MMIO_PPRLOG_SIZE_BYTE   (AMDVI_MMIO_EVENT_BASE + 7)
+#define AMDVI_MMIO_PPRLOG_HEAD_MASK   AMDVI_MMIO_EVTLOG_HEAD_MASK
+#define 

[Qemu-devel] [PULL 19/19] hw/i386: AMD IOMMU IVRS table

[Michael S. Tsirkin]

From: David Kiarie 

Add IVRS table for AMD IOMMU. Generate IVRS or DMAR
depending on emulated IOMMU.

Signed-off-by: David Kiarie 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/aml-build.h |  1 +
 include/hw/i386/x86-iommu.h | 12 +++
 hw/acpi/aml-build.c |  2 +-
 hw/i386/acpi-build.c| 76 +++--
 hw/i386/amd_iommu.c |  2 ++
 hw/i386/intel_iommu.c   |  1 +
 hw/i386/x86-iommu.c |  6 
 7 files changed, 90 insertions(+), 10 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index e5f0878..559326c 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -367,6 +367,7 @@ Aml *aml_sizeof(Aml *arg);
 Aml *aml_concatenate(Aml *source1, Aml *source2, Aml *target);
 Aml *aml_object_type(Aml *object);
 
+void build_append_int_noprefix(GArray *table, uint64_t value, int size);
 void
 build_header(BIOSLinker *linker, GArray *table_data,
  AcpiTableHeader *h, const char *sig, int len, uint8_t rev,
diff --git a/include/hw/i386/x86-iommu.h b/include/hw/i386/x86-iommu.h
index c48e8dd..0c89d98 100644
--- a/include/hw/i386/x86-iommu.h
+++ b/include/hw/i386/x86-iommu.h
@@ -37,6 +37,12 @@
 typedef struct X86IOMMUState X86IOMMUState;
 typedef struct X86IOMMUClass X86IOMMUClass;
 
+typedef enum IommuType {
+TYPE_INTEL,
+TYPE_AMD,
+TYPE_NONE
+} IommuType;
+
 struct X86IOMMUClass {
 SysBusDeviceClass parent;
 /* Intel/AMD specific realize() hook */
@@ -67,6 +73,7 @@ typedef struct IEC_Notifier IEC_Notifier;
 struct X86IOMMUState {
 SysBusDevice busdev;
 bool intr_supported;/* Whether vIOMMU supports IR */
+IommuType type; /* IOMMU type - AMD/Intel */
 QLIST_HEAD(, IEC_Notifier) iec_notifiers; /* IEC notify list */
 };
 
@@ -76,6 +83,11 @@ struct X86IOMMUState {
  */
 X86IOMMUState *x86_iommu_get_default(void);
 
+/*
+ * x86_iommu_get_type - get IOMMU type
+ */
+IommuType x86_iommu_get_type(void);
+
 /**
  * x86_iommu_iec_register_notifier - register IEC (Interrupt Entry
  *   Cache) notifiers
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index db3e914..b2a1e40 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -226,7 +226,7 @@ static void build_extop_package(GArray *package, uint8_t op)
 build_prepend_byte(package, 0x5B); /* ExtOpPrefix */
 }
 
-static void build_append_int_noprefix(GArray *table, uint64_t value, int size)
+void build_append_int_noprefix(GArray *table, uint64_t value, int size)
 {
 int i;
 
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 433feba..c20bc71 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -59,7 +59,8 @@
 
 #include "qapi/qmp/qint.h"
 #include "qom/qom-qobject.h"
-#include "hw/i386/x86-iommu.h"
+#include "hw/i386/amd_iommu.h"
+#include "hw/i386/intel_iommu.h"
 
 #include "hw/acpi/ipmi.h"
 
@@ -2562,6 +2563,62 @@ build_dmar_q35(GArray *table_data, BIOSLinker *linker)
 build_header(linker, table_data, (void *)(table_data->data + dmar_start),
  "DMAR", table_data->len - dmar_start, 1, NULL, NULL);
 }
+/*
+ *   IVRS table as specified in AMD IOMMU Specification v2.62, Section 5.2
+ *   accessible here http://support.amd.com/TechDocs/48882_IOMMU.pdf
+ */
+static void
+build_amd_iommu(GArray *table_data, BIOSLinker *linker)
+{
+int iommu_start = table_data->len;
+AMDVIState *s = AMD_IOMMU_DEVICE(x86_iommu_get_default());
+
+/* IVRS header */
+acpi_data_push(table_data, sizeof(AcpiTableHeader));
+/* IVinfo - IO virtualization information common to all
+ * IOMMU units in a system
+ */
+build_append_int_noprefix(table_data, 40UL << 8/* PASize */, 4);
+/* reserved */
+build_append_int_noprefix(table_data, 0, 8);
+
+/* IVHD definition - type 10h */
+build_append_int_noprefix(table_data, 0x10, 1);
+/* virtualization flags */
+build_append_int_noprefix(table_data,
+ (1UL << 0) | /* HtTunEn  */
+ (1UL << 4) | /* iotblSup */
+ (1UL << 6) | /* PrefSup  */
+ (1UL << 7),  /* PPRSup   */
+ 1);
+/* IVHD length */
+build_append_int_noprefix(table_data, 0x24, 2);
+/* DeviceID */
+build_append_int_noprefix(table_data, s->devid, 2);
+/* Capability offset */
+build_append_int_noprefix(table_data, s->capab_offset, 2);
+/* IOMMU base address */
+build_append_int_noprefix(table_data, s->mmio.addr, 8);
+/* PCI Segment Group */
+build_append_int_noprefix(table_data, 0, 2);
+/* IOMMU info */
+build_append_int_noprefix(table_data, 0, 2);
+/* IOMMU Feature Reporting */
+build_append_int_noprefix(table_data,
+   

[Qemu-devel] [PULL 13/19] virtio: handle virtqueue_read_next_desc() errors

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

Stop processing the vring if an avail ring index is invalid.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 45 -
 1 file changed, 32 insertions(+), 13 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 973d0c2..82142c6 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -377,28 +377,33 @@ static unsigned int virtqueue_get_head(VirtQueue *vq, 
unsigned int idx)
 return head;
 }
 
-static unsigned virtqueue_read_next_desc(VirtIODevice *vdev, VRingDesc *desc,
- hwaddr desc_pa, unsigned int max)
-{
-unsigned int next;
+enum {
+VIRTQUEUE_READ_DESC_ERROR = -1,
+VIRTQUEUE_READ_DESC_DONE = 0,   /* end of chain */
+VIRTQUEUE_READ_DESC_MORE = 1,   /* more buffers in chain */
+};
 
+static int virtqueue_read_next_desc(VirtIODevice *vdev, VRingDesc *desc,
+hwaddr desc_pa, unsigned int max,
+unsigned int *next)
+{
 /* If this descriptor says it doesn't chain, we're done. */
 if (!(desc->flags & VRING_DESC_F_NEXT)) {
-return max;
+return VIRTQUEUE_READ_DESC_DONE;
 }
 
 /* Check they're not leading us off end of descriptors. */
-next = desc->next;
+*next = desc->next;
 /* Make sure compiler knows to grab that: we don't want it changing! */
 smp_wmb();
 
-if (next >= max) {
-error_report("Desc next is %u", next);
-exit(1);
+if (*next >= max) {
+virtio_error(vdev, "Desc next is %u", *next);
+return VIRTQUEUE_READ_DESC_ERROR;
 }
 
-vring_desc_read(vdev, desc, desc_pa, next);
-return next;
+vring_desc_read(vdev, desc, desc_pa, *next);
+return VIRTQUEUE_READ_DESC_MORE;
 }
 
 void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
@@ -407,6 +412,7 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 {
 unsigned int idx;
 unsigned int total_bufs, in_total, out_total;
+int rc;
 
 idx = vq->last_avail_idx;
 
@@ -459,7 +465,13 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 if (in_total >= max_in_bytes && out_total >= max_out_bytes) {
 goto done;
 }
-} while ((i = virtqueue_read_next_desc(vdev, , desc_pa, max)) != 
max);
+
+rc = virtqueue_read_next_desc(vdev, , desc_pa, max, );
+} while (rc == VIRTQUEUE_READ_DESC_MORE);
+
+if (rc == VIRTQUEUE_READ_DESC_ERROR) {
+goto err;
+}
 
 if (!indirect)
 total_bufs = num_bufs;
@@ -621,6 +633,7 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 hwaddr addr[VIRTQUEUE_MAX_SIZE];
 struct iovec iov[VIRTQUEUE_MAX_SIZE];
 VRingDesc desc;
+int rc;
 
 if (unlikely(vdev->broken)) {
 return NULL;
@@ -688,7 +701,13 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 virtio_error(vdev, "Looped descriptor");
 goto err_undo_map;
 }
-} while ((i = virtqueue_read_next_desc(vdev, , desc_pa, max)) != max);
+
+rc = virtqueue_read_next_desc(vdev, , desc_pa, max, );
+} while (rc == VIRTQUEUE_READ_DESC_MORE);
+
+if (rc == VIRTQUEUE_READ_DESC_ERROR) {
+goto err_undo_map;
+}
 
 /* Now copy what we have collected and mapped */
 elem = virtqueue_alloc_element(sz, out_num, in_num);
-- 
MST

[Qemu-devel] [PULL 12/19] virtio: use unsigned int for virtqueue_get_avail_bytes() index

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

The virtio code uses int, unsigned int, and uint16_t for virtqueue
indices.  The uint16_t is used for the low-level descriptor layout in
virtio_ring.h while code that isn't concerned with descriptor layout can
use unsigned int.

Use of int is problematic because it can result in signed/unsigned
comparison and incompatible int*/unsigned int* pointer types.

Make the virtqueue_get_avail_bytes() 'i' variable unsigned int.  This
eliminates the need to introduce casts and modify code further in the
patches that follow.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 10c2f3d..973d0c2 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -416,7 +416,7 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 unsigned int max, num_bufs, indirect = 0;
 VRingDesc desc;
 hwaddr desc_pa;
-int i;
+unsigned int i;
 
 max = vq->vring.num;
 num_bufs = total_bufs;
-- 
MST

[Qemu-devel] [PULL 17/19] hw/i386/trace-events: Add AMD IOMMU trace events

[Michael S. Tsirkin]

From: David Kiarie 

Signed-off-by: David Kiarie 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/trace-events | 29 +
 1 file changed, 29 insertions(+)

diff --git a/hw/i386/trace-events b/hw/i386/trace-events
index 5b99eba..1938b98 100644
--- a/hw/i386/trace-events
+++ b/hw/i386/trace-events
@@ -13,3 +13,32 @@ mhp_pc_dimm_assigned_address(uint64_t addr) "0x%"PRIx64
 
 # hw/i386/x86-iommu.c
 x86_iommu_iec_notify(bool global, uint32_t index, uint32_t mask) "Notify IEC 
invalidation: global=%d index=%" PRIu32 " mask=%" PRIu32
+
+# hw/i386/amd_iommu.c
+amdvi_evntlog_fail(uint64_t addr, uint32_t head) "error: fail to write at addr 
0x%"PRIx64" +  offset 0x%"PRIx32
+amdvi_cache_update(uint16_t domid, uint8_t bus, uint8_t slot, uint8_t func, 
uint64_t gpa, uint64_t txaddr) " update iotlb domid 0x%"PRIx16" devid: 
%02x:%02x.%x gpa 0x%"PRIx64" hpa 0x%"PRIx64
+amdvi_completion_wait_fail(uint64_t addr) "error: fail to write at address 
0x%"PRIx64
+amdvi_mmio_write(const char *reg, uint64_t addr, unsigned size, uint64_t val, 
uint64_t offset) "%s write addr 0x%"PRIx64", size %u, val 0x%"PRIx64", offset 
0x%"PRIx64
+amdvi_mmio_read(const char *reg, uint64_t addr, unsigned size, uint64_t 
offset) "%s read addr 0x%"PRIx64", size %u offset 0x%"PRIx64
+amdvi_command_error(uint64_t status) "error: Executing commands with command 
buffer disabled 0x%"PRIx64
+amdvi_command_read_fail(uint64_t addr, uint32_t head) "error: fail to access 
memory at 0x%"PRIx64" + 0x%"PRIx32
+amdvi_command_exec(uint32_t head, uint32_t tail, uint64_t buf) "command buffer 
head at 0x%"PRIx32" command buffer tail at 0x%"PRIx32" command buffer base at 
0x%"PRIx64
+amdvi_unhandled_command(uint8_t type) "unhandled command 0x%"PRIx8
+amdvi_intr_inval(void) "Interrupt table invalidated"
+amdvi_iotlb_inval(void) "IOTLB pages invalidated"
+amdvi_prefetch_pages(void) "Pre-fetch of AMD-Vi pages requested"
+amdvi_pages_inval(uint16_t domid) "AMD-Vi pages for domain 0x%"PRIx16 " 
invalidated"
+amdvi_all_inval(void) "Invalidation of all AMD-Vi cache requested "
+amdvi_ppr_exec(void) "Execution of PPR queue requested "
+amdvi_devtab_inval(uint8_t bus, uint8_t slot, uint8_t func) "device table 
entry for devid: %02x:%02x.%x invalidated"
+amdvi_completion_wait(uint64_t addr, uint64_t data) "completion wait requested 
with store address 0x%"PRIx64" and store data 0x%"PRIx64
+amdvi_control_status(uint64_t val) "MMIO_STATUS state 0x%"PRIx64
+amdvi_iotlb_reset(void) "IOTLB exceed size limit - reset "
+amdvi_completion_wait_exec(uint64_t addr, uint64_t data) "completion wait 
requested with store address 0x%"PRIx64" and store data 0x%"PRIx64
+amdvi_dte_get_fail(uint64_t addr, uint32_t offset) "error: failed to access 
Device Entry devtab 0x%"PRIx64" offset 0x%"PRIx32
+amdvi_invalid_dte(uint64_t addr) "PTE entry at 0x%"PRIx64" is invalid "
+amdvi_get_pte_hwerror(uint64_t addr) "hardware error eccessing PTE at addr 
0x%"PRIx64
+amdvi_mode_invalid(uint8_t level, uint64_t addr)"error: translation level 
0x%"PRIx8" translating addr 0x%"PRIx64
+amdvi_page_fault(uint64_t addr) "error: page fault accessing guest physical 
address 0x%"PRIx64
+amdvi_iotlb_hit(uint8_t bus, uint8_t slot, uint8_t func, uint64_t addr, 
uint64_t txaddr) "hit iotlb devid %02x:%02x.%x gpa 0x%"PRIx64" hpa 0x%"PRIx64
+amdvi_translation_result(uint8_t bus, uint8_t slot, uint8_t func, uint64_t 
addr, uint64_t txaddr) "devid: %02x:%02x.%x gpa 0x%"PRIx64" hpa 0x%"PRIx64
-- 
MST

Re: [Qemu-devel] [PATCH] qapi: make the json schema files more regular.

[Marc-André Lureau]

Hi

- Original Message -
> On Thu, Sep 22, 2016 at 6:07 AM, Eric Blake  wrote:
> 
> > On 09/21/2016 11:00 PM, David Anderson wrote:
> > > This makes it easier to parse the schema file for tool generation:
> > > each paragraph is either a non-docstring comment, or a docstring
> > > immediately followed by a Python dict describing an API item.
> > >
> > > Signed-off-by: David Anderson 
> > > ---
> > >  qapi-schema.json | 3 +--
> > >  qapi/block-core.json | 5 -
> > >  2 files changed, 1 insertion(+), 7 deletions(-)
> >
> > Related to the work Marc-Andre is already doing, but fine to take now.
> >
> 
> Do you have a link to that work? It sounds like the schema format may be
> changing, which is relevant to my interests since I'm trying to parse it :).
> 

I wrote a schema doc parser/generator: see 
http://patchew.org/QEMU/20160922155808.8504-1-marcandre.lureau%40redhat.com/.

The format is not changing, just augmented a bit.

> - Dave
> 
> 
> >
> > Reviewed-by: Eric Blake 
> >
> > >
> > > diff --git a/qapi-schema.json b/qapi-schema.json
> > > index e507061..edd803f 100644
> > > --- a/qapi-schema.json
> > > +++ b/qapi-schema.json
> > > @@ -752,6 +752,7 @@
> > >  'cpu-throttle-increment': 'int',
> > >  'tls-creds': 'str',
> > >  'tls-hostname': 'str'} }
> > > +
> > >  ##
> > >  # @query-migrate-parameters
> > >  #
> > > @@ -4115,7 +4116,6 @@
> > >  #
> > >  # Since 1.6
> > >  ##
> > > -
> > >  { 'struct': 'RxFilterInfo',
> > >'data': {
> > >  'name':   'str',
> > > @@ -4335,7 +4335,6 @@
> > >  #
> > >  # Since: 2.1
> > >  ##
> > > -
> > >  { 'struct': 'Memdev',
> > >'data': {
> > >  'size':   'size',
> > > diff --git a/qapi/block-core.json b/qapi/block-core.json
> > > index 24223fd..e12fbd3 100644
> > > --- a/qapi/block-core.json
> > > +++ b/qapi/block-core.json
> > > @@ -25,7 +25,6 @@
> > >  # Since: 1.3
> > >  #
> > >  ##
> > > -
> > >  { 'struct': 'SnapshotInfo',
> > >'data': { 'id': 'str', 'name': 'str', 'vm-state-size': 'int',
> > >  'date-sec': 'int', 'date-nsec': 'int',
> > > @@ -81,7 +80,6 @@
> > >  #
> > >  # Since: 1.7
> > >  ##
> > > -
> > >  { 'union': 'ImageInfoSpecific',
> > >'data': {
> > >'qcow2': 'ImageInfoSpecificQCow2',
> > > @@ -129,7 +127,6 @@
> > >  # Since: 1.3
> > >  #
> > >  ##
> > > -
> > >  { 'struct': 'ImageInfo',
> > >'data': {'filename': 'str', 'format': 'str', '*dirty-flag': 'bool',
> > > '*actual-size': 'int', 'virtual-size': 'int',
> > > @@ -181,7 +178,6 @@
> > >  # Since: 1.4
> > >  #
> > >  ##
> > > -
> > >  { 'struct': 'ImageCheck',
> > >'data': {'filename': 'str', 'format': 'str', 'check-errors': 'int',
> > > '*image-end-offset': 'int', '*corruptions': 'int', '*leaks':
> > 'int',
> > > @@ -518,7 +514,6 @@
> > >  #
> > >  # Since: 2.5
> > >  ##
> > > -
> > >  { 'struct': 'BlockDeviceTimedStats',
> > >'data': { 'interval_length': 'int', 'min_rd_latency_ns': 'int',
> > >  'max_rd_latency_ns': 'int', 'avg_rd_latency_ns': 'int',
> > >
> >
> > --
> > Eric Blake   eblake redhat com+1-919-301-3266
> > Libvirt virtualization library http://libvirt.org
> >
> >
> 

[Qemu-devel] [PULL 11/19] virtio: handle virtqueue_get_avail_bytes() errors

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

If the vring is invalid, tell the caller no bytes are available and mark
the device broken.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index f2d6c3c..10c2f3d 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -426,14 +426,14 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned 
int *in_bytes,
 
 if (desc.flags & VRING_DESC_F_INDIRECT) {
 if (desc.len % sizeof(VRingDesc)) {
-error_report("Invalid size for indirect buffer table");
-exit(1);
+virtio_error(vdev, "Invalid size for indirect buffer table");
+goto err;
 }
 
 /* If we've got too many, that implies a descriptor loop. */
 if (num_bufs >= max) {
-error_report("Looped descriptor");
-exit(1);
+virtio_error(vdev, "Looped descriptor");
+goto err;
 }
 
 /* loop over the indirect descriptor table */
@@ -447,8 +447,8 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 do {
 /* If we've got too many, that implies a descriptor loop. */
 if (++num_bufs > max) {
-error_report("Looped descriptor");
-exit(1);
+virtio_error(vdev, "Looped descriptor");
+goto err;
 }
 
 if (desc.flags & VRING_DESC_F_WRITE) {
@@ -473,6 +473,11 @@ done:
 if (out_bytes) {
 *out_bytes = out_total;
 }
+return;
+
+err:
+in_total = out_total = 0;
+goto done;
 }
 
 int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,
-- 
MST

[Qemu-devel] [PULL 16/19] hw/pci: Prepare for AMD IOMMU

[Michael S. Tsirkin]

From: David Kiarie 

Introduce PCI macros from for use by AMD IOMMU

Signed-off-by: David Kiarie 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pci.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index e8b83bb..772692f 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -13,9 +13,12 @@
 /* PCI bus */
 
 #define PCI_DEVFN(slot, func)   slot) & 0x1f) << 3) | ((func) & 0x07))
+#define PCI_BUS_NUM(x)  (((x) >> 8) & 0xff)
 #define PCI_SLOT(devfn) (((devfn) >> 3) & 0x1f)
 #define PCI_FUNC(devfn) ((devfn) & 0x07)
 #define PCI_BUILD_BDF(bus, devfn) ((bus << 8) | (devfn))
+#define PCI_BUS_MAX 256
+#define PCI_DEVFN_MAX   256
 #define PCI_SLOT_MAX32
 #define PCI_FUNC_MAX8
 
-- 
MST

Re: [Qemu-devel] [PATCH] qapi: make the json schema files more regular.

[Eric Blake]

On 09/23/2016 03:04 PM, David Anderson wrote:
> On Thu, Sep 22, 2016 at 6:07 AM, Eric Blake  wrote:
> 
>> On 09/21/2016 11:00 PM, David Anderson wrote:
>>> This makes it easier to parse the schema file for tool generation:
>>> each paragraph is either a non-docstring comment, or a docstring
>>> immediately followed by a Python dict describing an API item.
>>>
>>> Signed-off-by: David Anderson 
>>> ---
>>>  qapi-schema.json | 3 +--
>>>  qapi/block-core.json | 5 -
>>>  2 files changed, 1 insertion(+), 7 deletions(-)
>>
>> Related to the work Marc-Andre is already doing, but fine to take now.
>>
> 
> Do you have a link to that work? It sounds like the schema format may be
> changing, which is relevant to my interests since I'm trying to parse it :).

https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05782.html

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 5/7] target-i386: xsave: Helper function to calculate xsave area size

[Richard Henderson]

On 09/23/2016 12:45 PM, Eduardo Habkost wrote:

Move the xsave area size calculation from cpu_x86_cpuid() inside
its own function. While doing it, change it to use the XSAVE area
struct sizes for the initial size, instead of the magic 0x240
number.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 22 +++---
 1 file changed, 15 insertions(+), 7 deletions(-)


Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PULL 10/19] virtio: handle virtqueue_map_desc() errors

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

Errors can occur during virtqueue_pop(), especially in
virtqueue_map_desc().  In order to handle this we must unmap iov[]
before returning NULL.  The caller will consider the virtqueue empty and
the virtio_error() call will have marked the device broken.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio.c | 74 --
 1 file changed, 55 insertions(+), 19 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index bac6b51..f2d6c3c 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -484,30 +484,33 @@ int virtqueue_avail_bytes(VirtQueue *vq, unsigned int 
in_bytes,
 return in_bytes <= in_total && out_bytes <= out_total;
 }
 
-static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct 
iovec *iov,
+static bool virtqueue_map_desc(VirtIODevice *vdev, unsigned int *p_num_sg,
+   hwaddr *addr, struct iovec *iov,
unsigned int max_num_sg, bool is_write,
hwaddr pa, size_t sz)
 {
+bool ok = false;
 unsigned num_sg = *p_num_sg;
 assert(num_sg <= max_num_sg);
 
 if (!sz) {
-error_report("virtio: zero sized buffers are not allowed");
-exit(1);
+virtio_error(vdev, "virtio: zero sized buffers are not allowed");
+goto out;
 }
 
 while (sz) {
 hwaddr len = sz;
 
 if (num_sg == max_num_sg) {
-error_report("virtio: too many write descriptors in indirect 
table");
-exit(1);
+virtio_error(vdev, "virtio: too many write descriptors in "
+   "indirect table");
+goto out;
 }
 
 iov[num_sg].iov_base = cpu_physical_memory_map(pa, , is_write);
 if (!iov[num_sg].iov_base) {
-error_report("virtio: bogus descriptor or out of resources");
-exit(1);
+virtio_error(vdev, "virtio: bogus descriptor or out of resources");
+goto out;
 }
 
 iov[num_sg].iov_len = len;
@@ -517,7 +520,28 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, 
hwaddr *addr, struct iove
 pa += len;
 num_sg++;
 }
+ok = true;
+
+out:
 *p_num_sg = num_sg;
+return ok;
+}
+
+/* Only used by error code paths before we have a VirtQueueElement (therefore
+ * virtqueue_unmap_sg() can't be used).  Assumes buffers weren't written to
+ * yet.
+ */
+static void virtqueue_undo_map_desc(unsigned int out_num, unsigned int in_num,
+struct iovec *iov)
+{
+unsigned int i;
+
+for (i = 0; i < out_num + in_num; i++) {
+int is_write = i >= out_num;
+
+cpu_physical_memory_unmap(iov->iov_base, iov->iov_len, is_write, 0);
+iov++;
+}
 }
 
 static void virtqueue_map_iovec(struct iovec *sg, hwaddr *addr,
@@ -609,8 +633,8 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 max = vq->vring.num;
 
 if (vq->inuse >= vq->vring.num) {
-error_report("Virtqueue size exceeded");
-exit(1);
+virtio_error(vdev, "Virtqueue size exceeded");
+return NULL;
 }
 
 i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
@@ -621,8 +645,8 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 vring_desc_read(vdev, , desc_pa, i);
 if (desc.flags & VRING_DESC_F_INDIRECT) {
 if (desc.len % sizeof(VRingDesc)) {
-error_report("Invalid size for indirect buffer table");
-exit(1);
+virtio_error(vdev, "Invalid size for indirect buffer table");
+return NULL;
 }
 
 /* loop over the indirect descriptor table */
@@ -634,22 +658,30 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 
 /* Collect all the descriptors */
 do {
+bool map_ok;
+
 if (desc.flags & VRING_DESC_F_WRITE) {
-virtqueue_map_desc(_num, addr + out_num, iov + out_num,
-   VIRTQUEUE_MAX_SIZE - out_num, true, desc.addr, 
desc.len);
+map_ok = virtqueue_map_desc(vdev, _num, addr + out_num,
+iov + out_num,
+VIRTQUEUE_MAX_SIZE - out_num, true,
+desc.addr, desc.len);
 } else {
 if (in_num) {
-error_report("Incorrect order for descriptors");
-exit(1);
+virtio_error(vdev, "Incorrect order for descriptors");
+goto err_undo_map;
 }
-virtqueue_map_desc(_num, addr, iov,
-   VIRTQUEUE_MAX_SIZE, false, desc.addr, desc.len);
+map_ok = virtqueue_map_desc(vdev, _num, addr, iov,
+VIRTQUEUE_MAX_SIZE, 

[Qemu-devel] [PULL 08/19] virtio: stop virtqueue processing if device is broken

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

QEMU prints an error message and exits when the device enters an invalid
state.  Terminating the process is heavy-handed.  The guest may still be
able to function even if there is a bug in a virtio guest driver.

Moreover, exiting is a bug in nested virtualization where a nested guest
could DoS other nested guests by killing a pass-through virtio device.
I don't think this configuration is possible today but it is likely in
the future.

If the broken flag is set, do not process virtqueues or write back used
descriptors.  The broken flag can be cleared again by resetting the
device.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 include/hw/virtio/virtio.h |  3 +++
 hw/virtio/virtio.c | 39 +++
 2 files changed, 42 insertions(+)

diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index f05559d..888c8de 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -87,6 +87,7 @@ struct VirtIODevice
 VirtQueue *vq;
 uint16_t device_id;
 bool vm_running;
+bool broken; /* device in invalid state, needs reset */
 VMChangeStateEntry *vmstate;
 char *bus_name;
 uint8_t device_endian;
@@ -135,6 +136,8 @@ void virtio_init(VirtIODevice *vdev, const char *name,
  uint16_t device_id, size_t config_size);
 void virtio_cleanup(VirtIODevice *vdev);
 
+void virtio_error(VirtIODevice *vdev, const char *fmt, ...) GCC_FMT_ATTR(2, 3);
+
 /* Set the child bus name. */
 void virtio_device_set_child_bus_name(VirtIODevice *vdev, char *bus_name);
 
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 1199149..1671ea8 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -303,6 +303,10 @@ void virtqueue_fill(VirtQueue *vq, const VirtQueueElement 
*elem,
 
 virtqueue_unmap_sg(vq, elem, len);
 
+if (unlikely(vq->vdev->broken)) {
+return;
+}
+
 idx = (idx + vq->used_idx) % vq->vring.num;
 
 uelem.id = elem->index;
@@ -313,6 +317,12 @@ void virtqueue_fill(VirtQueue *vq, const VirtQueueElement 
*elem,
 void virtqueue_flush(VirtQueue *vq, unsigned int count)
 {
 uint16_t old, new;
+
+if (unlikely(vq->vdev->broken)) {
+vq->inuse -= count;
+return;
+}
+
 /* Make sure buffer is written before we update index. */
 smp_wmb();
 trace_virtqueue_flush(vq, count);
@@ -583,6 +593,9 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 struct iovec iov[VIRTQUEUE_MAX_SIZE];
 VRingDesc desc;
 
+if (unlikely(vdev->broken)) {
+return NULL;
+}
 if (virtio_queue_empty(vq)) {
 return NULL;
 }
@@ -747,6 +760,10 @@ static void virtio_notify_vector(VirtIODevice *vdev, 
uint16_t vector)
 BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
 VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
 
+if (unlikely(vdev->broken)) {
+return;
+}
+
 if (k->notify) {
 k->notify(qbus->parent, vector);
 }
@@ -830,6 +847,7 @@ void virtio_reset(void *opaque)
 k->reset(vdev);
 }
 
+vdev->broken = false;
 vdev->guest_features = 0;
 vdev->queue_sel = 0;
 vdev->status = 0;
@@ -1137,6 +1155,10 @@ static void virtio_queue_notify_vq(VirtQueue *vq)
 if (vq->vring.desc && vq->handle_output) {
 VirtIODevice *vdev = vq->vdev;
 
+if (unlikely(vdev->broken)) {
+return;
+}
+
 trace_virtio_queue_notify(vdev, vq - vdev->vq, vq);
 vq->handle_output(vdev, vq);
 }
@@ -1758,6 +1780,7 @@ void virtio_init(VirtIODevice *vdev, const char *name,
 vdev->config_vector = VIRTIO_NO_VECTOR;
 vdev->vq = g_malloc0(sizeof(VirtQueue) * VIRTIO_QUEUE_MAX);
 vdev->vm_running = runstate_is_running();
+vdev->broken = false;
 for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
 vdev->vq[i].vector = VIRTIO_NO_VECTOR;
 vdev->vq[i].vdev = vdev;
@@ -1944,6 +1967,22 @@ void virtio_device_set_child_bus_name(VirtIODevice 
*vdev, char *bus_name)
 vdev->bus_name = g_strdup(bus_name);
 }
 
+void GCC_FMT_ATTR(2, 3) virtio_error(VirtIODevice *vdev, const char *fmt, ...)
+{
+va_list ap;
+
+va_start(ap, fmt);
+error_vreport(fmt, ap);
+va_end(ap);
+
+vdev->broken = true;
+
+if (virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1)) {
+virtio_set_status(vdev, vdev->status | VIRTIO_CONFIG_S_NEEDS_RESET);
+virtio_notify_config(vdev);
+}
+}
+
 static void virtio_device_realize(DeviceState *dev, Error **errp)
 {
 VirtIODevice *vdev = VIRTIO_DEVICE(dev);
-- 
MST

Re: [Qemu-devel] [PATCH 2/7] target-i386: Don't try to enable PT State xsave component

[Richard Henderson]

On 09/23/2016 12:45 PM, Eduardo Habkost wrote:

The code that calculates the set of supported XSAVE components on
CPUID looks at ext_save_areas to find out which components should
be enabled. However, if there are zeroed entries in the
ext_save_areas array, the
  ((env->features[esa->feature] & esa->bits) == esa->bits)
check will always succeed and QEMU will unconditionally try to
enable the component.

Luckily this never caused any problems because the only missing
entry in ext_save_areas is the PT State component (bit 8), and
KVM currently doesn't support it (so it was cleared on ena_mask).
But the code was still incorrect and would break if KVM starts
returning CPUID[EAX=0xD,ECX=0].EAX[bit 8] as supported on
GET_SUPPORTED_CPUID.

Fix the problem by changing the code to not enable a XSAVE
component if ExtSaveArea::bits is zero.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PULL 09/19] virtio: migrate vdev->broken flag

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

Send a subsection if the vdev->broken flag is set.  This allows live
migration of broken virtio devices.

The subsection is only sent if vdev->broken has been set.  In most cases
the flag will be clear and no subsection will be sent.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 1671ea8..bac6b51 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -1343,6 +1343,13 @@ static bool virtio_extra_state_needed(void *opaque)
 k->has_extra_state(qbus->parent);
 }
 
+static bool virtio_broken_needed(void *opaque)
+{
+VirtIODevice *vdev = opaque;
+
+return vdev->broken;
+}
+
 static const VMStateDescription vmstate_virtqueue = {
 .name = "virtqueue_state",
 .version_id = 1,
@@ -1457,6 +1464,17 @@ static const VMStateDescription 
vmstate_virtio_64bit_features = {
 }
 };
 
+static const VMStateDescription vmstate_virtio_broken = {
+.name = "virtio/broken",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = _broken_needed,
+.fields = (VMStateField[]) {
+VMSTATE_BOOL(broken, VirtIODevice),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_virtio = {
 .name = "virtio",
 .version_id = 1,
@@ -1470,6 +1488,7 @@ static const VMStateDescription vmstate_virtio = {
 _virtio_64bit_features,
 _virtio_virtqueues,
 _virtio_ringsize,
+_virtio_broken,
 _virtio_extra_state,
 NULL
 }
-- 
MST

[Qemu-devel] [PULL 05/19] pc: clean up COMPAT macro chaining

[Michael S. Tsirkin]

From: Igor Mammedov 

Since commit
 bacc344c ("machine: add properties to compat_props incrementaly")
there is no need to chain per machine type compat macro.

Clean up places where it was done anyway so it will be
consistent and won't confuse contributors during addtion
of new machine types.

Signed-off-by: Igor Mammedov 
Reviewed-by: Eduardo Habkost 
---
 include/hw/i386/pc.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index ab8e319..b0a61f3 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -375,7 +375,6 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 
 
 #define PC_COMPAT_2_7 \
-PC_COMPAT_2_8 \
 HW_COMPAT_2_7
 
 #define PC_COMPAT_2_6 \
@@ -405,7 +404,6 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 },
 
 #define PC_COMPAT_2_5 \
-PC_COMPAT_2_6 \
 HW_COMPAT_2_5
 
 /* Helper for setting model-id for CPU models that changed model-id
-- 
MST

[Qemu-devel] [PULL 00/19] virtio, pc: fixes and features

[Michael S. Tsirkin]

The following changes since commit eaff9c4367ac3f7ac44f6c6f4cb7bcd4daa89af5:

  Merge remote-tracking branch 'remotes/lalrae/tags/mips-20160923' into staging 
(2016-09-23 15:28:07 +0100)

are available in the git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream

for you to fetch changes up to a86ec0ca7d6022f58e80a6b637bc0670a8efb601:

  hw/i386: AMD IOMMU IVRS table (2016-09-23 19:03:56 +0300)


virtio, pc: fixes and features

beginning of guest error handling for virtio devices
amd iommu
pc compat fixes

Signed-off-by: Michael S. Tsirkin <m...@redhat.com>


David Kiarie (4):
  hw/pci: Prepare for AMD IOMMU
  hw/i386/trace-events: Add AMD IOMMU trace events
  hw/i386: Introduce AMD IOMMU
  hw/i386: AMD IOMMU IVRS table

Igor Mammedov (2):
  pc: clean up COMPAT macro chaining
  target-i386: turn off CPU.l3-cache only for 2.7 and older machine types

Marc-André Lureau (3):
  tests: add /vhost-user/connect-fail test
  tests: add a simple /vhost-user/multiqueue test
  tests: add /vhost-user/flags-mismatch test

Prasad J Pandit (1):
  virtio: add check for descriptor's mapped address

Stefan Hajnoczi (9):
  virtio: fix stray tab character
  virtio: stop virtqueue processing if device is broken
  virtio: migrate vdev->broken flag
  virtio: handle virtqueue_map_desc() errors
  virtio: handle virtqueue_get_avail_bytes() errors
  virtio: use unsigned int for virtqueue_get_avail_bytes() index
  virtio: handle virtqueue_read_next_desc() errors
  virtio: handle virtqueue_num_heads() errors
  virtio: handle virtqueue_get_head() errors

 hw/i386/amd_iommu.h |  289 +++
 include/hw/acpi/aml-build.h |1 +
 include/hw/i386/pc.h|9 +-
 include/hw/i386/x86-iommu.h |   12 +
 include/hw/pci/pci.h|3 +
 include/hw/virtio/virtio.h  |3 +
 hw/acpi/aml-build.c |2 +-
 hw/i386/acpi-build.c|   76 ++-
 hw/i386/amd_iommu.c | 1201 +++
 hw/i386/intel_iommu.c   |1 +
 hw/i386/x86-iommu.c |6 +
 hw/virtio/virtio.c  |  237 +++--
 tests/vhost-user-test.c |  208 +++-
 hw/i386/Makefile.objs   |1 +
 hw/i386/trace-events|   29 ++
 tests/Makefile.include  |2 +-
 16 files changed, 2008 insertions(+), 72 deletions(-)
 create mode 100644 hw/i386/amd_iommu.h
 create mode 100644 hw/i386/amd_iommu.c

[Qemu-devel] [PULL 06/19] target-i386: turn off CPU.l3-cache only for 2.7 and older machine types

[Michael S. Tsirkin]

From: Igor Mammedov 

commit (14c985cff target-i386: present virtual L3 cache info for vcpus)
misplaced compat property putting it in new 2.8 machine type
which would effectively to disable feature until 2.9 is released.
Intent of commit probably should be to disable feature for 2.7
and older while allowing not yet released 2.8 to have feature
enabled by default.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Igor Mammedov 
Reviewed-by: Marcel Apfelbaum 
Reviewed-by: Eduardo Habkost 
---
 include/hw/i386/pc.h | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index b0a61f3..29a6c9b 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -367,16 +367,15 @@ int e820_get_num_entries(void);
 bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 
 #define PC_COMPAT_2_8 \
+
+#define PC_COMPAT_2_7 \
+HW_COMPAT_2_7 \
 {\
 .driver   = TYPE_X86_CPU,\
 .property = "l3-cache",\
 .value= "off",\
 },
 
-
-#define PC_COMPAT_2_7 \
-HW_COMPAT_2_7
-
 #define PC_COMPAT_2_6 \
 HW_COMPAT_2_6 \
 {\
-- 
MST

[Qemu-devel] [PULL 15/19] virtio: handle virtqueue_get_head() errors

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

Stop processing the vring if virtqueue_get_head() fetches an
out-of-bounds head index.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 27 +--
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index b7ac356..18ce333 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -360,21 +360,20 @@ static int virtqueue_num_heads(VirtQueue *vq, unsigned 
int idx)
 return num_heads;
 }
 
-static unsigned int virtqueue_get_head(VirtQueue *vq, unsigned int idx)
+static bool virtqueue_get_head(VirtQueue *vq, unsigned int idx,
+   unsigned int *head)
 {
-unsigned int head;
-
 /* Grab the next descriptor number they're advertising, and increment
  * the index we've seen. */
-head = vring_avail_ring(vq, idx % vq->vring.num);
+*head = vring_avail_ring(vq, idx % vq->vring.num);
 
 /* If their number is silly, that's a fatal mistake. */
-if (head >= vq->vring.num) {
-error_report("Guest says index %u is available", head);
-exit(1);
+if (*head >= vq->vring.num) {
+virtio_error(vq->vdev, "Guest says index %u is available", *head);
+return false;
 }
 
-return head;
+return true;
 }
 
 enum {
@@ -426,7 +425,11 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 
 max = vq->vring.num;
 num_bufs = total_bufs;
-i = virtqueue_get_head(vq, idx++);
+
+if (!virtqueue_get_head(vq, idx++, )) {
+goto err;
+}
+
 desc_pa = vq->vring.desc;
 vring_desc_read(vdev, , desc_pa, i);
 
@@ -660,11 +663,15 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
 return NULL;
 }
 
-i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
+if (!virtqueue_get_head(vq, vq->last_avail_idx++, )) {
+return NULL;
+}
+
 if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) {
 vring_set_avail_event(vq, vq->last_avail_idx);
 }
 
+i = head;
 vring_desc_read(vdev, , desc_pa, i);
 if (desc.flags & VRING_DESC_F_INDIRECT) {
 if (desc.len % sizeof(VRingDesc)) {
-- 
MST

Re: [Qemu-devel] [PATCH 3/7] target-i386: xsave: Calculate enabled components only once

[Richard Henderson]

On 09/23/2016 12:45 PM, Eduardo Habkost wrote:

Instead of checking both env->features and ena_mask at two
different places in the CPUID code, initialize ena_mask based on
the features that are enabled for the CPU, and then clear
unsupported bits based on kvm_arch_get_supported_cpuid().

The results should be exactly the same, but it will make it
easier to move the mask calculation elsewhare, and reuse
x86_cpu_filter_features() for the kvm_arch_get_supported_cpuid()
check.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 26 --
 1 file changed, 16 insertions(+), 10 deletions(-)


Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PULL 04/19] virtio: add check for descriptor's mapped address

[Michael S. Tsirkin]

From: Prasad J Pandit 

virtio back end uses set of buffers to facilitate I/O operations.
If its size is too large, 'cpu_physical_memory_map' could return
a null address. This would result in a null dereference while
un-mapping descriptors. Add check to avoid it.

Reported-by: Qinghao Tang 
Signed-off-by: Prasad J Pandit 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Laszlo Ersek 
---
 hw/virtio/virtio.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index fcf3358..bb656b1 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -495,6 +495,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, 
hwaddr *addr, struct iove
 }
 
 iov[num_sg].iov_base = cpu_physical_memory_map(pa, , is_write);
+if (!iov[num_sg].iov_base) {
+error_report("virtio: bogus descriptor or out of resources");
+exit(1);
+}
+
 iov[num_sg].iov_len = len;
 addr[num_sg] = pa;
 
-- 
MST

[Qemu-devel] [PULL 07/19] virtio: fix stray tab character

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

Fix a single occurrence of a tab character in a file that otherwise uses
spaces for indentation.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Fam Zheng 
Acked-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Acked-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index bb656b1..1199149 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -1613,7 +1613,7 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int 
version_id)
  "inconsistent with Host index 0x%x",
  i, vdev->vq[i].last_avail_idx);
 return -1;
-   }
+}
 if (k->load_queue) {
 ret = k->load_queue(qbus->parent, i, f);
 if (ret)
-- 
MST

[Qemu-devel] [PULL 02/19] tests: add a simple /vhost-user/multiqueue test

[Michael S. Tsirkin]

From: Marc-André Lureau 

This test just checks that 2 virtio-net queues can be setup over
vhost-user and waits for them to be started.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/vhost-user-test.c | 109 ++--
 tests/Makefile.include  |   2 +-
 2 files changed, 107 insertions(+), 4 deletions(-)

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index ab91e16..ffdd398 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -20,6 +20,11 @@
 #include "libqos/pci-pc.h"
 #include "libqos/virtio-pci.h"
 
+#include "libqos/pci-pc.h"
+#include "libqos/virtio-pci.h"
+#include "libqos/malloc-pc.h"
+#include "hw/virtio/virtio-net.h"
+
 #include 
 #include 
 #include 
@@ -50,6 +55,7 @@
 #define VHOST_MEMORY_MAX_NREGIONS8
 
 #define VHOST_USER_F_PROTOCOL_FEATURES 30
+#define VHOST_USER_PROTOCOL_F_MQ 0
 #define VHOST_USER_PROTOCOL_F_LOG_SHMFD 1
 
 #define VHOST_LOG_PAGE 0x1000
@@ -72,6 +78,7 @@ typedef enum VhostUserRequest {
 VHOST_USER_SET_VRING_ERR = 14,
 VHOST_USER_GET_PROTOCOL_FEATURES = 15,
 VHOST_USER_SET_PROTOCOL_FEATURES = 16,
+VHOST_USER_GET_QUEUE_NUM = 17,
 VHOST_USER_SET_VRING_ENABLE = 18,
 VHOST_USER_MAX
 } VhostUserRequest;
@@ -136,6 +143,7 @@ typedef struct TestServer {
 int log_fd;
 uint64_t rings;
 bool test_fail;
+int queues;
 } TestServer;
 
 static const char *tmpfs;
@@ -281,6 +289,9 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 msg.size = sizeof(m.payload.u64);
 msg.payload.u64 = 0x1ULL << VHOST_F_LOG_ALL |
 0x1ULL << VHOST_USER_F_PROTOCOL_FEATURES;
+if (s->queues > 1) {
+msg.payload.u64 |= 0x1ULL << VIRTIO_NET_F_MQ;
+}
 p = (uint8_t *) 
 qemu_chr_fe_write_all(chr, p, VHOST_USER_HDR_SIZE + msg.size);
 break;
@@ -295,6 +306,9 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 msg.flags |= VHOST_USER_REPLY_MASK;
 msg.size = sizeof(m.payload.u64);
 msg.payload.u64 = 1 << VHOST_USER_PROTOCOL_F_LOG_SHMFD;
+if (s->queues > 1) {
+msg.payload.u64 |= 1 << VHOST_USER_PROTOCOL_F_MQ;
+}
 p = (uint8_t *) 
 qemu_chr_fe_write_all(chr, p, VHOST_USER_HDR_SIZE + msg.size);
 break;
@@ -307,7 +321,7 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 p = (uint8_t *) 
 qemu_chr_fe_write_all(chr, p, VHOST_USER_HDR_SIZE + msg.size);
 
-assert(msg.payload.state.index < 2);
+assert(msg.payload.state.index < s->queues * 2);
 s->rings &= ~(0x1ULL << msg.payload.state.index);
 break;
 
@@ -347,10 +361,18 @@ static void chr_read(void *opaque, const uint8_t *buf, 
int size)
 break;
 
 case VHOST_USER_SET_VRING_BASE:
-assert(msg.payload.state.index < 2);
+assert(msg.payload.state.index < s->queues * 2);
 s->rings |= 0x1ULL << msg.payload.state.index;
 break;
 
+case VHOST_USER_GET_QUEUE_NUM:
+msg.flags |= VHOST_USER_REPLY_MASK;
+msg.size = sizeof(m.payload.u64);
+msg.payload.u64 = s->queues;
+p = (uint8_t *) 
+qemu_chr_fe_write_all(chr, p, VHOST_USER_HDR_SIZE + msg.size);
+break;
+
 default:
 break;
 }
@@ -397,6 +419,7 @@ static TestServer *test_server_new(const gchar *name)
 g_cond_init(>data_cond);
 
 server->log_fd = -1;
+server->queues = 1;
 
 return server;
 }
@@ -648,7 +671,6 @@ static void test_migrate(void)
 global_qtest = global;
 }
 
-#ifdef CONFIG_HAS_GLIB_SUBPROCESS_TESTS
 static void wait_for_rings_started(TestServer *s, size_t count)
 {
 gint64 end_time;
@@ -666,6 +688,7 @@ static void wait_for_rings_started(TestServer *s, size_t 
count)
 g_mutex_unlock(>data_mutex);
 }
 
+#ifdef CONFIG_HAS_GLIB_SUBPROCESS_TESTS
 static gboolean
 reconnect_cb(gpointer user_data)
 {
@@ -753,6 +776,85 @@ static void test_connect_fail(void)
 
 #endif
 
+static QVirtioPCIDevice *virtio_net_pci_init(QPCIBus *bus, int slot)
+{
+QVirtioPCIDevice *dev;
+
+dev = qvirtio_pci_device_find(bus, VIRTIO_ID_NET);
+g_assert(dev != NULL);
+g_assert_cmphex(dev->vdev.device_type, ==, VIRTIO_ID_NET);
+
+qvirtio_pci_device_enable(dev);
+qvirtio_reset(_pci, >vdev);
+qvirtio_set_acknowledge(_pci, >vdev);
+qvirtio_set_driver(_pci, >vdev);
+
+return dev;
+}
+
+static void driver_init(const QVirtioBus *bus, QVirtioDevice *dev)
+{
+uint32_t features;
+
+features = qvirtio_get_features(bus, dev);
+features = features & ~(QVIRTIO_F_BAD_FEATURE |
+(1u << VIRTIO_RING_F_INDIRECT_DESC) |
+(1u << VIRTIO_RING_F_EVENT_IDX));
+qvirtio_set_features(bus, dev, features);
+
+

[Qemu-devel] [PULL 14/19] virtio: handle virtqueue_num_heads() errors

[Michael S. Tsirkin]

From: Stefan Hajnoczi 

If the avail ring index is bogus virtqueue_num_heads() must return
-EINVAL.

The only caller is virtqueue_get_avail_bytes().  Return saying no bytes
are available when virtqueue_num_heads() fails.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Cornelia Huck 
---
 hw/virtio/virtio.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 82142c6..b7ac356 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -347,9 +347,9 @@ static int virtqueue_num_heads(VirtQueue *vq, unsigned int 
idx)
 
 /* Check it isn't doing very strange things with descriptor numbers. */
 if (num_heads > vq->vring.num) {
-error_report("Guest moved used index from %u to %u",
+virtio_error(vq->vdev, "Guest moved used index from %u to %u",
  idx, vq->shadow_avail_idx);
-exit(1);
+return -EINVAL;
 }
 /* On success, callers read a descriptor at vq->last_avail_idx.
  * Make sure descriptor read does not bypass avail index read. */
@@ -417,7 +417,7 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 idx = vq->last_avail_idx;
 
 total_bufs = in_total = out_total = 0;
-while (virtqueue_num_heads(vq, idx)) {
+while ((rc = virtqueue_num_heads(vq, idx)) > 0) {
 VirtIODevice *vdev = vq->vdev;
 unsigned int max, num_bufs, indirect = 0;
 VRingDesc desc;
@@ -478,6 +478,11 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int 
*in_bytes,
 else
 total_bufs++;
 }
+
+if (rc < 0) {
+goto err;
+}
+
 done:
 if (in_bytes) {
 *in_bytes = in_total;
-- 
MST

[Qemu-devel] [PULL 03/19] tests: add /vhost-user/flags-mismatch test

[Michael S. Tsirkin]

From: Marc-André Lureau 

Check that qemu disconnects the backend that doesn't have the previously
acked features.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/vhost-user-test.c | 60 -
 1 file changed, 59 insertions(+), 1 deletion(-)

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index ffdd398..a39846e 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -130,6 +130,13 @@ static VhostUserMsg m __attribute__ ((unused));
 #define VHOST_USER_VERSION(0x1)
 /*/
 
+enum {
+TEST_FLAGS_OK,
+TEST_FLAGS_DISCONNECT,
+TEST_FLAGS_BAD,
+TEST_FLAGS_END,
+};
+
 typedef struct TestServer {
 gchar *socket_path;
 gchar *mig_path;
@@ -143,6 +150,7 @@ typedef struct TestServer {
 int log_fd;
 uint64_t rings;
 bool test_fail;
+int test_flags;
 int queues;
 } TestServer;
 
@@ -292,6 +300,10 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 if (s->queues > 1) {
 msg.payload.u64 |= 0x1ULL << VIRTIO_NET_F_MQ;
 }
+if (s->test_flags >= TEST_FLAGS_BAD) {
+msg.payload.u64 = 0;
+s->test_flags = TEST_FLAGS_END;
+}
 p = (uint8_t *) 
 qemu_chr_fe_write_all(chr, p, VHOST_USER_HDR_SIZE + msg.size);
 break;
@@ -299,6 +311,10 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 case VHOST_USER_SET_FEATURES:
g_assert_cmpint(msg.payload.u64 & (0x1ULL << 
VHOST_USER_F_PROTOCOL_FEATURES),
!=, 0ULL);
+if (s->test_flags == TEST_FLAGS_DISCONNECT) {
+qemu_chr_disconnect(chr);
+s->test_flags = TEST_FLAGS_BAD;
+}
 break;
 
 case VHOST_USER_GET_PROTOCOL_FEATURES:
@@ -424,6 +440,16 @@ static TestServer *test_server_new(const gchar *name)
 return server;
 }
 
+static void chr_event(void *opaque, int event)
+{
+TestServer *s = opaque;
+
+if (s->test_flags == TEST_FLAGS_END &&
+event == CHR_EVENT_CLOSED) {
+s->test_flags = TEST_FLAGS_OK;
+}
+}
+
 static void test_server_create_chr(TestServer *server, const gchar *opt)
 {
 gchar *chr_path;
@@ -432,7 +458,8 @@ static void test_server_create_chr(TestServer *server, 
const gchar *opt)
 server->chr = qemu_chr_new(server->chr_name, chr_path, NULL);
 g_free(chr_path);
 
-qemu_chr_add_handlers(server->chr, chr_can_read, chr_read, NULL, server);
+qemu_chr_add_handlers(server->chr, chr_can_read, chr_read,
+  chr_event, server);
 }
 
 static void test_server_listen(TestServer *server)
@@ -774,6 +801,34 @@ static void test_connect_fail(void)
 g_free(path);
 }
 
+static void test_flags_mismatch_subprocess(void)
+{
+TestServer *s = test_server_new("flags-mismatch");
+char *cmd;
+
+s->test_flags = TEST_FLAGS_DISCONNECT;
+g_thread_new("connect", connect_thread, s);
+cmd = GET_QEMU_CMDE(s, 2, ",server", "");
+qtest_start(cmd);
+g_free(cmd);
+
+init_virtio_dev(s);
+wait_for_fds(s);
+wait_for_rings_started(s, 2);
+
+qtest_end();
+test_server_free(s);
+}
+
+static void test_flags_mismatch(void)
+{
+gchar *path = g_strdup_printf("/%s/vhost-user/flags-mismatch/subprocess",
+  qtest_get_arch());
+g_test_trap_subprocess(path, 0, 0);
+g_test_trap_assert_passed();
+g_free(path);
+}
+
 #endif
 
 static QVirtioPCIDevice *virtio_net_pci_init(QPCIBus *bus, int slot)
@@ -908,6 +963,9 @@ int main(int argc, char **argv)
 qtest_add_func("/vhost-user/connect-fail/subprocess",
test_connect_fail_subprocess);
 qtest_add_func("/vhost-user/connect-fail", test_connect_fail);
+qtest_add_func("/vhost-user/flags-mismatch/subprocess",
+   test_flags_mismatch_subprocess);
+qtest_add_func("/vhost-user/flags-mismatch", test_flags_mismatch);
 #endif
 
 ret = g_test_run();
-- 
MST

[Qemu-devel] [PULL 01/19] tests: add /vhost-user/connect-fail test

[Michael S. Tsirkin]

From: Marc-André Lureau 

Check early connection failure and resume.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 tests/vhost-user-test.c | 39 +++
 1 file changed, 39 insertions(+)

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index b89a551..ab91e16 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -135,6 +135,7 @@ typedef struct TestServer {
 CompatGCond data_cond;
 int log_fd;
 uint64_t rings;
+bool test_fail;
 } TestServer;
 
 static const char *tmpfs;
@@ -249,6 +250,12 @@ static void chr_read(void *opaque, const uint8_t *buf, int 
size)
 uint8_t *p = (uint8_t *) 
 int fd;
 
+if (s->test_fail) {
+qemu_chr_disconnect(chr);
+/* now switch to non-failure */
+s->test_fail = false;
+}
+
 if (size != VHOST_USER_HDR_SIZE) {
 g_test_message("Wrong message size received %d\n", size);
 return;
@@ -715,6 +722,35 @@ static void test_reconnect(void)
 g_test_trap_assert_passed();
 g_free(path);
 }
+
+static void test_connect_fail_subprocess(void)
+{
+TestServer *s = test_server_new("connect-fail");
+char *cmd;
+
+s->test_fail = true;
+g_thread_new("connect", connect_thread, s);
+cmd = GET_QEMU_CMDE(s, 2, ",server", "");
+qtest_start(cmd);
+g_free(cmd);
+
+init_virtio_dev(s);
+wait_for_fds(s);
+wait_for_rings_started(s, 2);
+
+qtest_end();
+test_server_free(s);
+}
+
+static void test_connect_fail(void)
+{
+gchar *path = g_strdup_printf("/%s/vhost-user/connect-fail/subprocess",
+  qtest_get_arch());
+g_test_trap_subprocess(path, 0, 0);
+g_test_trap_assert_passed();
+g_free(path);
+}
+
 #endif
 
 int main(int argc, char **argv)
@@ -766,6 +802,9 @@ int main(int argc, char **argv)
 qtest_add_func("/vhost-user/reconnect/subprocess",
test_reconnect_subprocess);
 qtest_add_func("/vhost-user/reconnect", test_reconnect);
+qtest_add_func("/vhost-user/connect-fail/subprocess",
+   test_connect_fail_subprocess);
+qtest_add_func("/vhost-user/connect-fail", test_connect_fail);
 #endif
 
 ret = g_test_run();
-- 
MST

Re: [Qemu-devel] [PATCH] tcg: increase MAX_OP_PER_INSTR to 395

[Richard Henderson]

On 09/22/2016 04:53 PM, Joseph Myers wrote:

MAX_OP_PER_INSTR is currently 266, reported in commit
14dcdac82f398cbac874c8579b9583fab31c67bf to be the worst case for the
ARM A64 decoder.

Whether or not it was in fact the worst case at that time in 2014, I'm
observing the instruction 0x4c006020 (st1 {v0.16b-v2.16b}, [x1])
generate 386 ops from disas_ldst_multiple_struct with current sources,


For the record, I reproduce your results on a 32-bit host with v0-v3.  I assume 
the v2 here is a typo.


While increasing the max per insn is indeed one way to approach this, aarch64 
is being remarkably inefficient in this case.  With the following, I see a 
reduction from 387 ops to 261 ops; for a 64-bit host, the reduction is from 258 
ops to 195 ops.


I should also note that the implementation of this insn should be even simpler. 
 I see this insn as performing 8 64-bit, little-endian, unaligned loads.  We 
should be able to implement this insn for a 64-bit host in about 25 ops, which 
implies that the current code is nearly 8 times too large.


The same should be true for other combinations of sizes for ldst.  I recognize 
that it gets more complicated for big-endian guest and element sizes larger 
than 1, but for element sizes larger than 1 we automatically have <= half of 
the number of ops seen here.



r~
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index ddf52f5..e44bf96 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -2536,7 +2536,7 @@ static void disas_ldst_multiple_struct(DisasContext *s, 
uint32_t insn)
 bool is_store = !extract32(insn, 22, 1);
 bool is_postidx = extract32(insn, 23, 1);
 bool is_q = extract32(insn, 30, 1);
-TCGv_i64 tcg_addr, tcg_rn;
+TCGv_i64 tcg_addr, tcg_rn, tcg_ebytes;
 
 int ebytes = 1 << size;
 int elements = (is_q ? 128 : 64) / (8 << size);
@@ -2601,6 +2601,7 @@ static void disas_ldst_multiple_struct(DisasContext *s, 
uint32_t insn)
 tcg_rn = cpu_reg_sp(s, rn);
 tcg_addr = tcg_temp_new_i64();
 tcg_gen_mov_i64(tcg_addr, tcg_rn);
+tcg_ebytes = tcg_const_i64(ebytes);
 
 for (r = 0; r < rpt; r++) {
 int e;
@@ -2624,7 +2625,7 @@ static void disas_ldst_multiple_struct(DisasContext *s, 
uint32_t insn)
 clear_vec_high(s, tt);
 }
 }
-tcg_gen_addi_i64(tcg_addr, tcg_addr, ebytes);
+tcg_gen_add_i64(tcg_addr, tcg_addr, tcg_ebytes);
 tt = (tt + 1) % 32;
 }
 }
@@ -2638,6 +2639,7 @@ static void disas_ldst_multiple_struct(DisasContext *s, 
uint32_t insn)
 tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, rm));
 }
 }
+tcg_temp_free_i64(tcg_ebytes);
 tcg_temp_free_i64(tcg_addr);
 }
 
@@ -2680,7 +2682,7 @@ static void disas_ldst_single_struct(DisasContext *s, 
uint32_t insn)
 bool replicate = false;
 int index = is_q << 3 | S << 2 | size;
 int ebytes, xs;
-TCGv_i64 tcg_addr, tcg_rn;
+TCGv_i64 tcg_addr, tcg_rn, tcg_ebytes;
 
 switch (scale) {
 case 3:
@@ -2733,6 +2735,7 @@ static void disas_ldst_single_struct(DisasContext *s, 
uint32_t insn)
 tcg_rn = cpu_reg_sp(s, rn);
 tcg_addr = tcg_temp_new_i64();
 tcg_gen_mov_i64(tcg_addr, tcg_rn);
+tcg_ebytes = tcg_const_i64(ebytes);
 
 for (xs = 0; xs < selem; xs++) {
 if (replicate) {
@@ -2776,7 +2779,7 @@ static void disas_ldst_single_struct(DisasContext *s, 
uint32_t insn)
 do_vec_st(s, rt, index, tcg_addr, s->be_data + scale);
 }
 }
-tcg_gen_addi_i64(tcg_addr, tcg_addr, ebytes);
+tcg_gen_add_i64(tcg_addr, tcg_addr, tcg_ebytes);
 rt = (rt + 1) % 32;
 }
 
@@ -2788,6 +2791,7 @@ static void disas_ldst_single_struct(DisasContext *s, 
uint32_t insn)
 tcg_gen_add_i64(tcg_rn, tcg_rn, cpu_reg(s, rm));
 }
 }
+tcg_temp_free_i64(tcg_ebytes);
 tcg_temp_free_i64(tcg_addr);
 }
 

[Qemu-devel] [PATCH 6/7] target-i386: xsave: Calculate set of xsave components on realize

[Eduardo Habkost]

Instead of doing complex calculations and calling
kvm_arch_get_supported_cpuid() inside cpu_x86_cpuid(), calculate
the set of required XSAVE components earlier, at realize time.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 51 ---
 target-i386/cpu.h |  1 +
 2 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 9034d8e..e6525e7 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2504,9 +2504,6 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 *ebx &= 0x; /* The count doesn't need to be reliable. */
 break;
 case 0xD: {
-uint64_t ena_mask;
-int i;
-
 /* Processor Extended State */
 *eax = 0;
 *ebx = 0;
@@ -2516,32 +2513,16 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 break;
 }
 
-ena_mask = (XSTATE_FP_MASK | XSTATE_SSE_MASK);
-for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
-const ExtSaveArea *esa = _ext_save_areas[i];
-if (env->features[esa->feature] & esa->bits) {
-ena_mask |= (1ULL << i);
-}
-}
-
-if (kvm_enabled()) {
-KVMState *s = cs->kvm_state;
-uint64_t kvm_mask = kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EDX);
-kvm_mask <<= 32;
-kvm_mask |= kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EAX);
-ena_mask &= kvm_mask;
-}
-
 if (count == 0) {
-*ecx = xsave_area_size(ena_mask);;
-*eax = ena_mask;
-*edx = ena_mask >> 32;
+*ecx = xsave_area_size(env->xsave_components);
+*eax = env->xsave_components;
+*edx = env->xsave_components >> 32;
 *ebx = *ecx;
 } else if (count == 1) {
 *eax = env->features[FEAT_XSAVE];
 } else if (count < ARRAY_SIZE(x86_ext_save_areas)) {
 const ExtSaveArea *esa = _ext_save_areas[count];
-if ((ena_mask >> count) & 1) {
+if ((env->xsave_components >> count) & 1) {
 *eax = esa->size;
 *ebx = esa->offset;
 }
@@ -2971,6 +2952,29 @@ static void x86_cpu_adjust_feat_level(X86CPU *cpu, 
FeatureWord w)
 }
 }
 
+/* Calculate XSAVE components based on the configured CPU feature flags */
+static void x86_cpu_enable_xsave_components(X86CPU *cpu)
+{
+CPUX86State *env = >env;
+int i;
+
+env->xsave_components = (XSTATE_FP_MASK | XSTATE_SSE_MASK);
+for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
+const ExtSaveArea *esa = _ext_save_areas[i];
+if (env->features[esa->feature] & esa->bits) {
+env->xsave_components |= (1ULL << i);
+}
+}
+
+if (kvm_enabled()) {
+KVMState *s = kvm_state;
+uint64_t kvm_mask = kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EDX);
+kvm_mask <<= 32;
+kvm_mask |= kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EAX);
+env->xsave_components &= kvm_mask;
+}
+}
+
 #define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \
(env)->cpuid_vendor2 == CPUID_VENDOR_INTEL_2 && \
(env)->cpuid_vendor3 == CPUID_VENDOR_INTEL_3)
@@ -3016,6 +3020,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error 
**errp)
 cpu->env.features[w] &= ~minus_features[w];
 }
 
+x86_cpu_enable_xsave_components(cpu);
 
 /* CPUID[EAX=7,ECX=0].EBX always increased level automatically: */
 x86_cpu_adjust_feat_level(cpu, FEAT_7_0_EBX);
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index aaa45f0..6c457ed 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -1122,6 +1122,7 @@ typedef struct CPUX86State {
 uint32_t cpuid_vendor3;
 uint32_t cpuid_version;
 FeatureWordArray features;
+uint64_t xsave_components;
 uint32_t cpuid_model[12];
 
 /* MTRRs */
-- 
2.7.4

Re: [Qemu-devel] Default CPU for NMI injection (QMP and IPMI)

[Eduardo Habkost]

On Thu, Sep 22, 2016 at 02:49:35PM -0500, Corey Minyard wrote:
> On 09/22/2016 01:42 PM, Eduardo Habkost wrote:
[...]
> > In the case of the inject-nmi QMP command, I need to understand
> > what "default CPU" is supposed to mean in the inject-nmi
> > documentation. Maybe it can be changed to use the first CPU, too
> > (that's probably the existing behavior because there's no way to
> > change cur_mon->mon_cpu in a QMP monitor).
> > 
> I looked through is a bit, and the only place I found it was used was
> the x390 code.
> 
> If we remove the CPU index from this, then the IPMI device can
> keep the same interface.

Well, the existing behavior is to use the first CPU, so I will
just keep the existing behavior but remove the
monitor_get_cpu_index() call from qmp_inject_nmi(). Then the IPMI
code can stay the same.

-- 
Eduardo

[Qemu-devel] [PATCH 2/7] target-i386: Don't try to enable PT State xsave component

[Eduardo Habkost]

The code that calculates the set of supported XSAVE components on
CPUID looks at ext_save_areas to find out which components should
be enabled. However, if there are zeroed entries in the
ext_save_areas array, the
  ((env->features[esa->feature] & esa->bits) == esa->bits)
check will always succeed and QEMU will unconditionally try to
enable the component.

Luckily this never caused any problems because the only missing
entry in ext_save_areas is the PT State component (bit 8), and
KVM currently doesn't support it (so it was cleared on ena_mask).
But the code was still incorrect and would break if KVM starts
returning CPUID[EAX=0xD,ECX=0].EAX[bit 8] as supported on
GET_SUPPORTED_CPUID.

Fix the problem by changing the code to not enable a XSAVE
component if ExtSaveArea::bits is zero.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index cc07fdb..25ab4f8 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2514,7 +2514,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 *ecx = 0x240;
 for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
 const ExtSaveArea *esa = _ext_save_areas[i];
-if ((env->features[esa->feature] & esa->bits) == esa->bits
+if ((env->features[esa->feature] & esa->bits)
 && ((ena_mask >> i) & 1) != 0) {
 if (i < 32) {
 *eax |= 1u << i;
@@ -2530,7 +2530,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 *eax = env->features[FEAT_XSAVE];
 } else if (count < ARRAY_SIZE(x86_ext_save_areas)) {
 const ExtSaveArea *esa = _ext_save_areas[count];
-if ((env->features[esa->feature] & esa->bits) == esa->bits
+if ((env->features[esa->feature] & esa->bits)
 && ((ena_mask >> count) & 1) != 0) {
 *eax = esa->size;
 *ebx = esa->offset;
@@ -2766,7 +2766,7 @@ static void x86_cpu_reset(CPUState *s)
 }
 for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
 const ExtSaveArea *esa = _ext_save_areas[i];
-if ((env->features[esa->feature] & esa->bits) == esa->bits) {
+if (env->features[esa->feature] & esa->bits) {
 xcr0 |= 1ull << i;
 }
 }
-- 
2.7.4

[Qemu-devel] [PATCH 7/7] target-i386: Move xsave component mask to features array

[Eduardo Habkost]

This will reuse the existing check/enforce logic in
x86_cpu_filter_features() to check the xsave component bits
against GET_SUPPORTED_CPUID.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 42 --
 target-i386/cpu.h |  3 ++-
 2 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index e6525e7..b2c3e17 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -489,6 +489,18 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
 .cpuid_eax = 6, .cpuid_reg = R_EAX,
 .tcg_features = TCG_6_EAX_FEATURES,
 },
+[FEAT_XSAVE_COMP_LO] = {
+.cpuid_eax = 0xD,
+.cpuid_needs_ecx = true, .cpuid_ecx = 0,
+.cpuid_reg = R_EAX,
+.tcg_features = ~0U,
+},
+[FEAT_XSAVE_COMP_HI] = {
+.cpuid_eax = 0xD,
+.cpuid_needs_ecx = true, .cpuid_ecx = 0,
+.cpuid_reg = R_EDX,
+.tcg_features = ~0U,
+},
 };
 
 typedef struct X86RegisterInfo32 {
@@ -562,6 +574,12 @@ static uint32_t xsave_area_size(uint64_t mask)
 return ret;
 }
 
+static inline uint64_t x86_cpu_xsave_components(X86CPU *cpu)
+{
+return ((uint64_t)cpu->env.features[FEAT_XSAVE_COMP_HI]) << 32 |
+   cpu->env.features[FEAT_XSAVE_COMP_LO];
+}
+
 const char *get_register_name_32(unsigned int reg)
 {
 if (reg >= CPU_NB_REGS32) {
@@ -2514,15 +2532,15 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 }
 
 if (count == 0) {
-*ecx = xsave_area_size(env->xsave_components);
-*eax = env->xsave_components;
-*edx = env->xsave_components >> 32;
+*ecx = xsave_area_size(x86_cpu_xsave_components(cpu));
+*eax = env->features[FEAT_XSAVE_COMP_LO];
+*edx = env->features[FEAT_XSAVE_COMP_HI];
 *ebx = *ecx;
 } else if (count == 1) {
 *eax = env->features[FEAT_XSAVE];
 } else if (count < ARRAY_SIZE(x86_ext_save_areas)) {
-const ExtSaveArea *esa = _ext_save_areas[count];
-if ((env->xsave_components >> count) & 1) {
+if ((x86_cpu_xsave_components(cpu) >> count) & 1) {
+const ExtSaveArea *esa = _ext_save_areas[count];
 *eax = esa->size;
 *ebx = esa->offset;
 }
@@ -2957,22 +2975,18 @@ static void x86_cpu_enable_xsave_components(X86CPU *cpu)
 {
 CPUX86State *env = >env;
 int i;
+uint64_t mask;
 
-env->xsave_components = (XSTATE_FP_MASK | XSTATE_SSE_MASK);
+mask = (XSTATE_FP_MASK | XSTATE_SSE_MASK);
 for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
 const ExtSaveArea *esa = _ext_save_areas[i];
 if (env->features[esa->feature] & esa->bits) {
-env->xsave_components |= (1ULL << i);
+mask |= (1ULL << i);
 }
 }
 
-if (kvm_enabled()) {
-KVMState *s = kvm_state;
-uint64_t kvm_mask = kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EDX);
-kvm_mask <<= 32;
-kvm_mask |= kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EAX);
-env->xsave_components &= kvm_mask;
-}
+env->features[FEAT_XSAVE_COMP_LO] = mask;
+env->features[FEAT_XSAVE_COMP_HI] = mask >> 32;
 }
 
 #define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 6c457ed..1cb32ae 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -453,6 +453,8 @@ typedef enum FeatureWord {
 FEAT_SVM,   /* CPUID[8000_000A].EDX */
 FEAT_XSAVE, /* CPUID[EAX=0xd,ECX=1].EAX */
 FEAT_6_EAX, /* CPUID[6].EAX */
+FEAT_XSAVE_COMP_LO, /* CPUID[EAX=0xd,ECX=0].EAX */
+FEAT_XSAVE_COMP_HI, /* CPUID[EAX=0xd,ECX=0].EDX */
 FEATURE_WORDS,
 } FeatureWord;
 
@@ -1122,7 +1124,6 @@ typedef struct CPUX86State {
 uint32_t cpuid_vendor3;
 uint32_t cpuid_version;
 FeatureWordArray features;
-uint64_t xsave_components;
 uint32_t cpuid_model[12];
 
 /* MTRRs */
-- 
2.7.4

[Qemu-devel] [PATCH 5/7] target-i386: xsave: Helper function to calculate xsave area size

[Eduardo Habkost]

Move the xsave area size calculation from cpu_x86_cpuid() inside
its own function. While doing it, change it to use the XSAVE area
struct sizes for the initial size, instead of the magic 0x240
number.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 22 +++---
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 7e66003..9034d8e 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -548,6 +548,20 @@ static const ExtSaveArea x86_ext_save_areas[] = {
 .size = sizeof(XSavePKRU) },
 };
 
+static uint32_t xsave_area_size(uint64_t mask)
+{
+int i;
+uint64_t ret = sizeof(X86LegacyXSaveArea) + sizeof(X86XSaveHeader);
+
+for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
+const ExtSaveArea *esa = _ext_save_areas[i];
+if ((mask >> i) & 1) {
+ret = MAX(ret, esa->offset + esa->size);
+}
+}
+return ret;
+}
+
 const char *get_register_name_32(unsigned int reg)
 {
 if (reg >= CPU_NB_REGS32) {
@@ -2519,13 +2533,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 }
 
 if (count == 0) {
-*ecx = 0x240;
-for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
-const ExtSaveArea *esa = _ext_save_areas[i];
-if ((ena_mask >> i) & 1) {
-*ecx = MAX(*ecx, esa->offset + esa->size);
-}
-}
+*ecx = xsave_area_size(ena_mask);;
 *eax = ena_mask;
 *edx = ena_mask >> 32;
 *ebx = *ecx;
-- 
2.7.4

[Qemu-devel] [PATCH 3/7] target-i386: xsave: Calculate enabled components only once

[Eduardo Habkost]

Instead of checking both env->features and ena_mask at two
different places in the CPUID code, initialize ena_mask based on
the features that are enabled for the CPU, and then clear
unsupported bits based on kvm_arch_get_supported_cpuid().

The results should be exactly the same, but it will make it
easier to move the mask calculation elsewhare, and reuse
x86_cpu_filter_features() for the kvm_arch_get_supported_cpuid()
check.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 26 --
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 25ab4f8..9968581 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2490,7 +2490,6 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 *ebx &= 0x; /* The count doesn't need to be reliable. */
 break;
 case 0xD: {
-KVMState *s = cs->kvm_state;
 uint64_t ena_mask;
 int i;
 
@@ -2502,20 +2501,28 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
 break;
 }
+
+ena_mask = (XSTATE_FP_MASK | XSTATE_SSE_MASK);
+for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
+const ExtSaveArea *esa = _ext_save_areas[i];
+if (env->features[esa->feature] & esa->bits) {
+ena_mask |= (1ULL << i);
+}
+}
+
 if (kvm_enabled()) {
-ena_mask = kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EDX);
-ena_mask <<= 32;
-ena_mask |= kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EAX);
-} else {
-ena_mask = -1;
+KVMState *s = cs->kvm_state;
+uint64_t kvm_mask = kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EDX);
+kvm_mask <<= 32;
+kvm_mask |= kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EAX);
+ena_mask &= kvm_mask;
 }
 
 if (count == 0) {
 *ecx = 0x240;
 for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
 const ExtSaveArea *esa = _ext_save_areas[i];
-if ((env->features[esa->feature] & esa->bits)
-&& ((ena_mask >> i) & 1) != 0) {
+if ((ena_mask >> i) & 1) {
 if (i < 32) {
 *eax |= 1u << i;
 } else {
@@ -2530,8 +2537,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 *eax = env->features[FEAT_XSAVE];
 } else if (count < ARRAY_SIZE(x86_ext_save_areas)) {
 const ExtSaveArea *esa = _ext_save_areas[count];
-if ((env->features[esa->feature] & esa->bits)
-&& ((ena_mask >> count) & 1) != 0) {
+if ((ena_mask >> count) & 1) {
 *eax = esa->size;
 *ebx = esa->offset;
 }
-- 
2.7.4

[Qemu-devel] [PATCH 1/7] target-i386: Move feature name arrays inside FeatureWordInfo

[Eduardo Habkost]

It makes it easier to guarantee the arrays are the right size,
and to find information when looking at the code.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 370 +-
 1 file changed, 170 insertions(+), 200 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index a5d3b1a..cc07fdb 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -181,185 +181,6 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t 
vendor1,
 dst[CPUID_VENDOR_SZ] = '\0';
 }
 
-/* feature flags taken from "Intel Processor Identification and the CPUID
- * Instruction" and AMD's "CPUID Specification".  In cases of disagreement
- * between feature naming conventions, aliases may be added.
- */
-static const char *feature_name[] = {
-"fpu", "vme", "de", "pse",
-"tsc", "msr", "pae", "mce",
-"cx8", "apic", NULL, "sep",
-"mtrr", "pge", "mca", "cmov",
-"pat", "pse36", "pn" /* Intel psn */, "clflush" /* Intel clfsh */,
-NULL, "ds" /* Intel dts */, "acpi", "mmx",
-"fxsr", "sse", "sse2", "ss",
-"ht" /* Intel htt */, "tm", "ia64", "pbe",
-};
-static const char *ext_feature_name[] = {
-"pni|sse3" /* Intel,AMD sse3 */, "pclmulqdq|pclmuldq", "dtes64", "monitor",
-"ds_cpl", "vmx", "smx", "est",
-"tm2", "ssse3", "cid", NULL,
-"fma", "cx16", "xtpr", "pdcm",
-NULL, "pcid", "dca", "sse4.1|sse4_1",
-"sse4.2|sse4_2", "x2apic", "movbe", "popcnt",
-"tsc-deadline", "aes", "xsave", "osxsave",
-"avx", "f16c", "rdrand", "hypervisor",
-};
-/* Feature names that are already defined on feature_name[] but are set on
- * CPUID[8000_0001].EDX on AMD CPUs don't have their names on
- * ext2_feature_name[]. They are copied automatically to cpuid_ext2_features
- * if and only if CPU vendor is AMD.
- */
-static const char *ext2_feature_name[] = {
-NULL /* fpu */, NULL /* vme */, NULL /* de */, NULL /* pse */,
-NULL /* tsc */, NULL /* msr */, NULL /* pae */, NULL /* mce */,
-NULL /* cx8 */ /* AMD CMPXCHG8B */, NULL /* apic */, NULL, "syscall",
-NULL /* mtrr */, NULL /* pge */, NULL /* mca */, NULL /* cmov */,
-NULL /* pat */, NULL /* pse36 */, NULL, NULL /* Linux mp */,
-"nx|xd", NULL, "mmxext", NULL /* mmx */,
-NULL /* fxsr */, "fxsr_opt|ffxsr", "pdpe1gb" /* AMD Page1GB */, "rdtscp",
-NULL, "lm|i64", "3dnowext", "3dnow",
-};
-static const char *ext3_feature_name[] = {
-"lahf_lm" /* AMD LahfSahf */, "cmp_legacy", "svm", "extapic" /* AMD 
ExtApicSpace */,
-"cr8legacy" /* AMD AltMovCr8 */, "abm", "sse4a", "misalignsse",
-"3dnowprefetch", "osvw", "ibs", "xop",
-"skinit", "wdt", NULL, "lwp",
-"fma4", "tce", NULL, "nodeid_msr",
-NULL, "tbm", "topoext", "perfctr_core",
-"perfctr_nb", NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-};
-
-static const char *ext4_feature_name[] = {
-NULL, NULL, "xstore", "xstore-en",
-NULL, NULL, "xcrypt", "xcrypt-en",
-"ace2", "ace2-en", "phe", "phe-en",
-"pmm", "pmm-en", NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-};
-
-static const char *kvm_feature_name[] = {
-"kvmclock", "kvm_nopiodelay", "kvm_mmu", "kvmclock",
-"kvm_asyncpf", "kvm_steal_time", "kvm_pv_eoi", "kvm_pv_unhalt",
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-"kvmclock-stable-bit", NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-};
-
-static const char *hyperv_priv_feature_name[] = {
-NULL /* hv_msr_vp_runtime_access */, NULL /* hv_msr_time_refcount_access 
*/,
-NULL /* hv_msr_synic_access */, NULL /* hv_msr_stimer_access */,
-NULL /* hv_msr_apic_access */, NULL /* hv_msr_hypercall_access */,
-NULL /* hv_vpindex_access */, NULL /* hv_msr_reset_access */,
-NULL /* hv_msr_stats_access */, NULL /* hv_reftsc_access */,
-NULL /* hv_msr_idle_access */, NULL /* hv_msr_frequency_access */,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-};
-
-static const char *hyperv_ident_feature_name[] = {
-NULL /* hv_create_partitions */, NULL /* hv_access_partition_id */,
-NULL /* hv_access_memory_pool */, NULL /* hv_adjust_message_buffers */,
-NULL /* hv_post_messages */, NULL /* hv_signal_events */,
-NULL /* hv_create_port */, NULL /* hv_connect_port */,
-NULL /* hv_access_stats */, NULL, NULL, NULL /* hv_debugging */,
-NULL /* hv_cpu_power_management */, NULL /* hv_configure_profiler */,
-NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
-};
-
-static const char *hyperv_misc_feature_name[] = {
-NULL /* hv_mwait */, NULL /* hv_guest_debugging */,
-NULL /* hv_perf_monitor */, NULL /* hv_cpu_dynamic_part */,
-NULL /* hv_hypercall_params_xmm */, NULL /* 

[Qemu-devel] [PATCH 4/7] target-i386: xsave: Simplify CPUID[0xD, 0].{EAX, EDX} calculation

[Eduardo Habkost]

Instead of assigning individual bits in a loop, just copy the
values from ena_mask.

Signed-off-by: Eduardo Habkost 
---
 target-i386/cpu.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 9968581..7e66003 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2523,15 +2523,11 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
 const ExtSaveArea *esa = _ext_save_areas[i];
 if ((ena_mask >> i) & 1) {
-if (i < 32) {
-*eax |= 1u << i;
-} else {
-*edx |= 1u << (i - 32);
-}
 *ecx = MAX(*ecx, esa->offset + esa->size);
 }
 }
-*eax |= ena_mask & (XSTATE_FP_MASK | XSTATE_SSE_MASK);
+*eax = ena_mask;
+*edx = ena_mask >> 32;
 *ebx = *ecx;
 } else if (count == 1) {
 *eax = env->features[FEAT_XSAVE];
-- 
2.7.4

[Qemu-devel] [PATCH 0/7] target-i386: xsave CPUID handling refactor

[Eduardo Habkost]

This series refactor the xsave CPUID handling so it won't
silently disable any XSAVE components on CPUID[0xD] in case the
host doesn't support it. It will instead use the exisitng
check/enforce logic for filtering the CPUID bits and checking for
host-side support.

This series is available on git at:
  https://github.com/ehabkost/qemu-hacks.git work/xsave-cpuid-cleanup

The series is based on my x86-next branch, that contains other
CPUID-related changes:
  https://github.com/ehabkost/qemu.git x8-next

Eduardo Habkost (7):
  target-i386: Move feature name arrays inside FeatureWordInfo
  target-i386: Don't try to enable PT State xsave component
  target-i386: xsave: Calculate enabled components only once
  target-i386: xsave: Simplify CPUID[0xD,0].{EAX,EDX} calculation
  target-i386: xsave: Helper function to calculate xsave area size
  target-i386: xsave: Calculate set of xsave components on realize
  target-i386: Move xsave component mask to features array

 target-i386/cpu.c | 457 +++---
 target-i386/cpu.h |   2 +
 2 files changed, 230 insertions(+), 229 deletions(-)

-- 
2.7.4

Re: [Qemu-devel] 9p as rootfs

[mar.krzeminski]

And most important, while mounting as roots, error is:

[1.086235] device: '9p-1': device_add
[1.087859] 9pnet_virtio: no channels available
[1.091619] device: '9p-1': device_unregister
[1.092783] device: '9p-1': device_create_release
[1.093534] VFS: Cannot open root device "host" or 
unknown-block(0,0): error -2


Thanks,
Marcin

W dniu 23.09.2016 o 21:38, mar.krzeminski pisze:

Hello,

I have a problem in my custom arm machine to use 9p fs as a rootfs.

9p command line i qemu:

/-device virtio-9p-device,fsdev=host_fs,mount_tag=hostfs -fsdev 
local,id=host_fs,security_model=none,path=/work/rootfs/


Kernel cmd line:

/--append "root=hostfs rootfstype=9p rootflags=trans=virtio noinitrd 
console=ttyS3,115200"


/Device tree entry:

/virtio: virtio_mmio@ff0a4000 {//
//compatible = "virtio,mmio";//
//reg = <0xff0a4000 0x200>;//
//interrupts = <0 72 1>;//
//status = "okay";//
//};


/ I can mount this fs from kernel using fstab entry:
/hostfs   /mnt/host9p trans=virtio  0  0

/Do you have any idea what am I doing wrong?

Thanks,
Marcin/
/ 

[Qemu-devel] 9p as rootfs

[mar.krzeminski]

Hello,

I have a problem in my custom arm machine to use 9p fs as a rootfs.

9p command line i qemu:

/-device virtio-9p-device,fsdev=host_fs,mount_tag=hostfs -fsdev 
local,id=host_fs,security_model=none,path=/work/rootfs/


Kernel cmd line:

/--append "root=hostfs rootfstype=9p rootflags=trans=virtio noinitrd 
console=ttyS3,115200"


/Device tree entry:

/virtio: virtio_mmio@ff0a4000 {//
//compatible = "virtio,mmio";//
//reg = <0xff0a4000 0x200>;//
//interrupts = <0 72 1>;//
//status = "okay";//
//};


/ I can mount this fs from kernel using fstab entry:
/hostfs   /mnt/host9p trans=virtio  0  0

/Do you have any idea what am I doing wrong?

Thanks,
Marcin/
/

Re: [Qemu-devel] [PATCH v5 0/3] block: allow flush on devices with open tray

[John Snow]

On 09/23/2016 11:35 AM, Max Reitz wrote:

On 23.09.2016 03:45, John Snow wrote:

When I said "Final re-send," I was lying. Here's a v5.
The title is also a misnomer by now :)

The move to blk_flush altered the behavior of migration and flushing
nodes that are not reachable via the guest, but are still reachable
via QEMU and may or may not need to be flushed.

This is intended for 2.6.2 and/or 2.7.1, to fix problems with libvirt
et al being unable to migrate QEMU when the CDROM tray is open.

v5:
 Fix bracket spacing in patch 1. By one space. :(
 Added third patch to remove blk_flush_all.

v4:
 Commit message update.

v3:
 Reworking approach and reinstating bdrv_flush_all at Kevin's suggestion.



For convenience, this branch is available at:
https://github.com/jnsnow/qemu.git branch atapi-tray-migfix
https://github.com/jnsnow/qemu/tree/atapi-tray-migfix

This version is tagged atapi-tray-migfix-v5:
https://github.com/jnsnow/qemu/releases/tag/atapi-tray-migfix-v5

John Snow (3):
  block: reintroduce bdrv_flush_all
  qemu: use bdrv_flush_all for vm_stop et al
  block-backend: remove blk_flush_all

 block/block-backend.c  | 22 --
 block/io.c | 25 +
 cpus.c |  4 ++--
 hw/i386/xen/xen_platform.c |  2 --
 hw/ide/piix.c  |  4 
 include/block/block.h  |  1 +
 include/sysemu/block-backend.h |  1 -
 7 files changed, 32 insertions(+), 27 deletions(-)


Reviewed-by: Max Reitz 



Since Fam acked this, I suppose it's for Kevin's tree?

--js

[Qemu-devel] [PATCH 3/3] migration/rdma: Don't flag an error when we've been told about one

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

If the other side tells us there's been an error and we fail
the migration, we don't need to signal that failure to the other
side because it already knew.

Signed-off-by: Dr. David Alan Gilbert 
---
 migration/rdma.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/migration/rdma.c b/migration/rdma.c
index 7271292..674ccab 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -350,6 +350,7 @@ typedef struct RDMAContext {
  */
 int error_state;
 int error_reported;
+int received_error;
 
 /*
  * Description of ram blocks used throughout the code.
@@ -1676,6 +1677,9 @@ static int qemu_rdma_exchange_get_response(RDMAContext 
*rdma,
 ", but got: %s (%d), length: %d",
 control_desc[expecting], expecting,
 control_desc[head->type], head->type, head->len);
+if (head->type == RDMA_CONTROL_ERROR) {
+rdma->received_error = true;
+}
 return -EIO;
 }
 if (head->len > RDMA_CONTROL_MAX_BUFFER - sizeof(*head)) {
@@ -2202,7 +2206,7 @@ static void qemu_rdma_cleanup(RDMAContext *rdma)
 int ret, idx;
 
 if (rdma->cm_id && rdma->connected) {
-if (rdma->error_state) {
+if (rdma->error_state && !rdma->received_error) {
 RDMAControlHeader head = { .len = 0,
.type = RDMA_CONTROL_ERROR,
.repeat = 1,
-- 
2.7.4

[Qemu-devel] [PATCH 1/3] migration/rdma: Pass qemu_file errors across link

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

If we fail for some reason (e.g. a mismatched RAMBlock)
and it's set the qemu_file error flag, pass that error back to the
peer so it can clean up rather than waiting for some higher level
progress.

Signed-off-by: Dr. David Alan Gilbert 
---
 migration/rdma.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/migration/rdma.c b/migration/rdma.c
index 88bdb64..7271292 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -2804,6 +2804,9 @@ static int qio_channel_rdma_close(QIOChannel *ioc,
 QIOChannelRDMA *rioc = QIO_CHANNEL_RDMA(ioc);
 trace_qemu_rdma_close();
 if (rioc->rdma) {
+if (!rioc->rdma->error_state) {
+rioc->rdma->error_state = qemu_file_get_error(rioc->file);
+}
 qemu_rdma_cleanup(rioc->rdma);
 g_free(rioc->rdma);
 rioc->rdma = NULL;
-- 
2.7.4

[Qemu-devel] [PATCH 2/3] migration: Make failed migration load set file error

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

If an error occurs in a section load, set the file error flag
so that the transport can get notified to do a cleanup.

Signed-off-by: Dr. David Alan Gilbert 
---
 migration/savevm.c | 19 ---
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/migration/savevm.c b/migration/savevm.c
index 33a2911..a831ec2 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1828,40 +1828,45 @@ qemu_loadvm_section_part_end(QEMUFile *f, 
MigrationIncomingState *mis)
 static int qemu_loadvm_state_main(QEMUFile *f, MigrationIncomingState *mis)
 {
 uint8_t section_type;
-int ret;
+int ret = 0;
 
 while ((section_type = qemu_get_byte(f)) != QEMU_VM_EOF) {
-
+ret = 0;
 trace_qemu_loadvm_state_section(section_type);
 switch (section_type) {
 case QEMU_VM_SECTION_START:
 case QEMU_VM_SECTION_FULL:
 ret = qemu_loadvm_section_start_full(f, mis);
 if (ret < 0) {
-return ret;
+goto out;
 }
 break;
 case QEMU_VM_SECTION_PART:
 case QEMU_VM_SECTION_END:
 ret = qemu_loadvm_section_part_end(f, mis);
 if (ret < 0) {
-return ret;
+goto out;
 }
 break;
 case QEMU_VM_COMMAND:
 ret = loadvm_process_command(f);
 trace_qemu_loadvm_state_section_command(ret);
 if ((ret < 0) || (ret & LOADVM_QUIT)) {
-return ret;
+goto out;
 }
 break;
 default:
 error_report("Unknown savevm section type %d", section_type);
-return -EINVAL;
+ret = -EINVAL;
+goto out;
 }
 }
 
-return 0;
+out:
+if (ret < 0) {
+qemu_file_set_error(f, ret);
+}
+return ret;
 }
 
 int qemu_loadvm_state(QEMUFile *f)
-- 
2.7.4

[Qemu-devel] [PATCH 0/3] RDMA error handling

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

lp: https://bugs.launchpad.net/qemu/+bug/1545052

The RDMA code tends to hang if the destination dies
in the wrong place;  this series doesn't completely fix
that, but in cases where the destination knows there's
been an error, it makes sure it tells the source and
that cleans up quickly.
If the destination just dies, then the source still hangs
and I still need to look at better ways to fix that.

Dave

Dr. David Alan Gilbert (3):
  migration/rdma: Pass qemu_file errors across link
  migration: Make failed migration load set file error
  migration/rdma: Don't flag an error when we've been told about one

 migration/rdma.c   |  9 -
 migration/savevm.c | 19 ---
 2 files changed, 20 insertions(+), 8 deletions(-)

-- 
2.7.4

Re: [Qemu-devel] [PATCH 0/3] vhost-user tests

[Michael S. Tsirkin]

On Fri, Sep 23, 2016 at 07:10:02PM +, Marc-André Lureau wrote:
> 
> Hi
> 
> On Fri, Sep 9, 2016 at 3:36 PM Marc-André Lureau 
> wrote:
> 
> Hi,
> 
> The following tests have been post-poned for after 2.7 from the
> vhost-user-reconnect series.
> 
> 
> ping

They are in my tree, thanks.

> 
> 
> They have been rebased and fixed to work with last changes.
> 
> Marc-André Lureau (3):
>   tests: add /vhost-user/connect-fail test
>   tests: add a simple /vhost-user/multiqueue test
>   tests: add /vhost-user/flags-mismatch test
> 
>  tests/vhost-user-test.c | 208
> +++-
>  tests/Makefile.include  |   2 +-
>  2 files changed, 205 insertions(+), 5 deletions(-)
> 
> --
> 2.10.0
> 
> 
> 
> --
> Marc-André Lureau

Re: [Qemu-devel] [PATCH 0/3] vhost-user tests

[Marc-André Lureau]

Hi

On Fri, Sep 9, 2016 at 3:36 PM Marc-André Lureau <
marcandre.lur...@redhat.com> wrote:

> Hi,
>
> The following tests have been post-poned for after 2.7 from the
> vhost-user-reconnect series.
>

ping


>
> They have been rebased and fixed to work with last changes.
>
> Marc-André Lureau (3):
>   tests: add /vhost-user/connect-fail test
>   tests: add a simple /vhost-user/multiqueue test
>   tests: add /vhost-user/flags-mismatch test
>
>  tests/vhost-user-test.c | 208
> +++-
>  tests/Makefile.include  |   2 +-
>  2 files changed, 205 insertions(+), 5 deletions(-)
>
> --
> 2.10.0
>
>
> --
Marc-André Lureau

Re: [Qemu-devel] write_zeroes/trim on the whole disk

[Eric Blake]

On 09/23/2016 01:32 PM, Vladimir Sementsov-Ogievskiy wrote:
> Hi all!
> 
> There is a following problem. When we need to write_zeroes or trim the
> whole disk, we have to do it iteratively, because of 32-bit restriction
> on request length.
> For example, current implementation of mirror (see mirror_dirty_init())
> do this by chunks of 2147418112 bytes (with default granularity of
> 65536). So, to zero 16tb disk we will make 8192 requests instead of one.
> 
> Incremental zeroing of 1tb qcow2 takes > 80 seconds for me (see below).
> This means ~20 minutes for copying empty 16tb qcow2 disk which is
> obviously a waste of time.
> 
> We see the following solutions for nbd:
> ||
> 1. Add command NBD_MAKE_EMPTY, with flag, saying what should be done:
> trim or write_zeroes.

Presumably spelled NBD_CMD_MAKE_EMPTY.

> 2. Add flag NBD_CMD_FLAG_WHOLE for commands NBD_TRIM and
> NBD_WRITE_ZEROES, which will say (with zeroed offset and lenght of the
> request), that the whole disk should be discarded/zeroed.

Both of these are possible.  As it is, NBD_CMD_WRITE_ZEROES is not even
formally part of the NBD spec yet, although NBD_CMD_TRIM is (I'm still
sitting on my qemu proof-of-concept patches for WRITE_ZEROES, and need
to resubmit them now that the qemu 2.8 development window is open).
Either way, the server would have to advertise if the new command and/or
new flags to existing commands are available for a whole-disk trim/zero,
before a client could use it, and clients must be prepared to fall back
to incremental approaches otherwise.

My preference would be a new flag to the existing commands, with
explicit documentation that 0 offset and 0 length must be used with that
flag, when requesting a full-device wipe.

> 3. Increase length field of the request to 64bit.

No; that won't work.  It would be a fundamental change to the NBD
protocol, and require both new servers and new clients to talk a
different wire protocol with different size length parameters.

> 
> As soon as we have some way to empty disk  in nbd, we can use
> qcow2_make_empty, to trim the whole disk (and something similar should
> be done for zeroing).
> 
> What do you think about this all, and which way has a chance to get into
> nbd proto?

It's not necessarily obvious that the ability to bulk-trim or bulk-zero
a device should be fundamentally faster than doing it incrementally in
2G chunks; but I concede that there may indeed be scenarios such as
qemu's qcow2 file where that is true.  So it does sound like a useful
option and/or command to be proposed for addition to the NBD protocol,
from that point of view.

As with other extensions to NBD, the best way is to write up a proposal
for how the documentation should change, submit that as patches to the
nbd list, and accompany it with a proof-of-concept implementation
(qemu's nbd server and nbd client work well), so that we can iron out
the details of the documentation before making it a formal part of the
spec.  It's important to remember that such a proposal should still be
optional (a server need not implement the new mode, and a client should
be prepared to fall back to other means if the server does not support a
whole-device action).

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC v2] libvirt vGPU QEMU integration

[Kirti Wankhede]

On 9/23/2016 12:55 AM, Tian, Kevin wrote:
>> From: Kirti Wankhede [mailto:kwankh...@nvidia.com]
>> Sent: Wednesday, September 21, 2016 12:23 AM
>>>
>  I have
> a hard time believing that a given vendor can even allocate unique type
> ids for their own devices.  Unique type id across vendors is not
> practical.  So which attribute are we actually using to identify which
> type of mdev device we need and why would we ever specify additional
> attributes like fb_length?  Doesn't the vendor guarantee that "GRID
> M60-0B" has a fixed setup of those attributes?
>

 Specifying attributes here is not our requirement. Yes we have fixed set
 of attributes for "GRID-M60-0B" and on.
 We are defining the attributed here for "display" class for all other
 vendor of gpu can use.

> 
> Hi, Kirti, 
> 
> We decide to go with above type-based interface for KVMGT, with fixed setup 
> of attributes too. If both Intel and NVIDIA solutions use such fixed manner,
> can we go with a proposal which doesn't include 'class' extension for now?
> Later if there is a concrete usage requiring such class-specific attribute 
> setting,
> then it's easy to extend following discussion in this thread. I'm thinking 
> how we
> can converge the discussion here into something simple enough (and extensible)
> to accelerate upstreaming of both Intel/NVIDIA solutions...
> 

Hi Kevin,

We have fixed set of attributes which are GPU/graphics specific, like
framebuffer_length, resolution, number of heads, max supported instances.
If you are going with fixed set of attributes, how are the vGPU types on
KVMGT looks like from attributes point of view? attributes are graphics
specific attributes?

Thanks,
Kirti

[Qemu-devel] write_zeroes/trim on the whole disk

[Vladimir Sementsov-Ogievskiy]

Hi all!

There is a following problem. When we need to write_zeroes or trim the 
whole disk, we have to do it iteratively, because of 32-bit restriction 
on request length.
For example, current implementation of mirror (see mirror_dirty_init()) 
do this by chunks of 2147418112 bytes (with default granularity of 
65536). So, to zero 16tb disk we will make 8192 requests instead of one.


Incremental zeroing of 1tb qcow2 takes > 80 seconds for me (see below). 
This means ~20 minutes for copying empty 16tb qcow2 disk which is 
obviously a waste of time.


We see the following solutions for nbd:
||
1. Add command NBD_MAKE_EMPTY, with flag, saying what should be done: 
trim or write_zeroes.
2. Add flag NBD_CMD_FLAG_WHOLE for commands NBD_TRIM and 
NBD_WRITE_ZEROES, which will say (with zeroed offset and lenght of the 
request), that the whole disk should be discarded/zeroed.

3. Increase length field of the request to 64bit.

As soon as we have some way to empty disk  in nbd, we can use 
qcow2_make_empty, to trim the whole disk (and something similar should 
be done for zeroing).


What do you think about this all, and which way has a chance to get into 
nbd proto?



== test incremental qcow2 zeroing in mirror ==

1. enable it. If we will use nbd, it will be enabled.
diff --git a/block/mirror.c b/block/mirror.c
index f9d1fec..4ac0c39 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -556,7 +556,7 @@ static int coroutine_fn 
mirror_dirty_init(MirrorBlockJob *s)


 end = s->bdev_length / BDRV_SECTOR_SIZE;

-if (base == NULL && !bdrv_has_zero_init(target_bs)) {
+if (base == NULL) {
 if (!bdrv_can_write_zeroes_with_unmap(target_bs)) {
 bdrv_set_dirty_bitmap(s->dirty_bitmap, 0, end);
 return 0;


 test 
qemu-img create  -f qcow2 /tmp/1tb.qcow2 1T

virsh start backup-vm --paused
Domain backup-vm started

virsh qemu-monitor-command backup-vm 
{"execute":"blockdev-add","arguments":{"options": {"aio": "native", 
"file": {"driver": "file", "filename": "/tmp/1tb.qcow2"}, "discard": 
"unmap", "cache": {"direct": true}, "driver": "qcow2", "id": "disk"}}}

{"return":{},"id":"libvirt-32"}

/usr/bin/time -f '%e seconds' sh -c 'virsh qemu-monitor-event' &
virsh qemu-monitor-command backup-vm 
{"execute":"drive-mirror","arguments":{"device": "disk", "sync": "full", 
"target": "/tmp/targ"}}

{"return":{},"id":"libvirt-33"}

[root@kvm qemu]# event BLOCK_JOB_READY at 1474652677.668624 for domain 
backup-vm: 
{"device":"disk","len":1099511627776,"offset":1099511627776,"speed":0,"type":"mirror"}

events received: 1

86.39 seconds

- the same for 2tb empty disk: 180.19 seconds
- and without patch, it takes < 1 second, of course.

--
Best regards,
Vladimir

Re: [Qemu-devel] [PATCH 4/7] m25p80: add a m25p80_set_rom_storage() routine

[mar.krzeminski]

Hi Cedric,

W dniu 23.09.2016 o 10:28, Cédric Le Goater pisze:

On 09/23/2016 10:17 AM, Peter Maydell wrote:

On 23 September 2016 at 08:19, Cédric Le Goater  wrote:

But the goal is to boot from the device, so I added a memory region alias
at 0 to trigger the flash module mmios at boot time, as this is where
u-boot expects to be.

and I fell in this trap :/

 aspeed_smc_flash_read: To 0x0 of size 1: 0xbe mode:0
 Bad ram pointer (nil)
 Aborted (core dumped)

There is a failure in get_page_addr_code(), possibly because qemu uses
byte per byte reads of the code (cpu_ldub_code). But this is beyond my
understanding of qemu's internal.

This is a bug in how we report the problem, but the underlying
issue here is attempting to execute from something that's not RAM
or ROM. You can't execute code out of something backed by MMIO.

OK. So I see two solutions. T

The "brutal" one which is to copy the flash contents in a rom blob
at 0, but there is still an issue in getting access to the storage
anyhow, as it is internal to m25p80. Or we should get the name of the
backing file of the drive but I am not sure we are expected to do
that as I don't see any API for it.

The other solution is something like this patch which lets the storage
of the flash device be assigned externally.
Since I do not like dirty hacks in the code, I want just to suggest a 
workaround,

that probably you will not like ;]

As Qemu expects that first running code will be in ROM or RAM memory,
you can implement in your board -bios option that you will use to
pass u-boot binary to rom memory, or even use generic loader functionality
when it reach master.

Thanks,
Marcin


Thanks,

C.

Re: [Qemu-devel] [PATCH 5/6] tests/tcg: Add and update Makefiles

[Max Filippov]

Hello,

On Sat, Sep 17, 2016 at 7:03 AM, Pranith Kumar  wrote:

[...]

> diff --git a/tests/tcg/xtensa/Makefile b/tests/tcg/xtensa/Makefile
> index 522a63e..e3269ed 100644
> --- a/tests/tcg/xtensa/Makefile
> +++ b/tests/tcg/xtensa/Makefile
> @@ -1,10 +1,23 @@
> --include ../../../config-host.mak
> +# -*- Mode: makefile -*-
> +#
> +# xtensa linux TCG tests

These are system tests, not linux tests.

> +#
> +# The Make is expected to be called in the
> +# ${BUILD_DIR}/xtensa-softmmu/tests directory

There's no such directory under the BUILD_DIR.
If I create it and then try to run tests as
  make -C xtensa-softmmu/tests -f ../../tests/tcg/xtensa/Makefile
it fails with the following error:
make: Entering directory 'build-xtensa-tcg-tests/xtensa-softmmu/tests'
make: *** No rule to make target 'test_b.tst', needed by 'build'.  Stop.

> +#
> +
> +BUILD_DIR=../..
> +include $(BUILD_DIR)/config-host.mak   # brings in SRC_PATH
> +include ../config-target.mak   # TARGET_NAME
> +include $(SRC_PATH)/rules.mak
> +
> +$(call set-vpath, $(SRC_PATH)/tests/tcg/xtensa)
>
>  CORE=dc232b
>  CROSS=xtensa-$(CORE)-elf-
>
>  ifndef XT
> -SIM = ../../../xtensa-softmmu/qemu-system-xtensa
> +SIM = $(BUILD_DIR)/xtensa-softmmu/qemu-system-xtensa
>  SIMFLAGS = -M sim -cpu $(CORE) -nographic -semihosting $(EXTFLAGS) -kernel
>  SIMDEBUG = -s -S
>  else

-- 
Thanks.
-- Max

Re: [Qemu-devel] [PATCH 16/16] cpus-common: lock-free fast path for cpu_exec_start/end

[Richard Henderson]

On 09/23/2016 12:31 AM, Paolo Bonzini wrote:

+if (atomic_read(_cpu->running)) {

...

+atomic_set(>running, true);

...

+cpu->running = false;

...

+cpu->running = true;


Inconsistent use of atomics.  I don't see that the cpu_list_lock protects the 
last two lines in any way.



r~

Re: [Qemu-devel] [PATCH 15/16] tcg: Make tb_flush() thread safe

[Richard Henderson]

On 09/23/2016 12:31 AM, Paolo Bonzini wrote:

+unsigned tb_flush_req = (unsigned) (uintptr_t) data;


Extra cast?


-tcg_ctx.tb_ctx.tb_flush_count++;
+atomic_inc(_ctx.tb_ctx.tb_flush_count);


Since this is the only place this value is incremented, and we're under a lock, 
it should be cheaper to use


  atomic_mb_set(_ctx.tb_ctx.tb_flush_count, tb_flush_req + 1);


+uintptr_t tb_flush_req = (uintptr_t)
+atomic_read(_ctx.tb_ctx.tb_flush_count);


Extra cast?

That said, it's correct as-is so,

Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PATCH] Add more APIC state to dump

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Add the rest of the APIC state to the 'info lapic' dump,
since it is of course state that wasn't printed that I'd
messed up.

You now have output like:

(qemu) info lapic
dumping local APIC state for CPU 1

apicbase 0xfee00c00 ID 1 Version 20
LVT0 0x00010700 active-hi edge  masked  ExtINT (vec 0)
LVT1 0x00010400 active-hi edge  masked  NMI
LVTPC0x00010400 active-hi edge  masked  NMI
LVTERR   0x00fe active-hi edge  Fixed (vec 254)
LVTTHMR  0x0001 active-hi edge  masked  Fixed (vec 0)
LVTT 0x00ef active-hi edge one-shot Fixed (vec 239)
TimerDCR=0x3 (divide by 16) initial_count=12490894
 count_shift=4 iclt=65526002593 next=65725856913 expiry=65725856913
SPIV 0x01ff APIC enabled, focus=off, spurious vec 255
SIPI vector 0 wait 0
vAPICcontrol 1 paddr 0x0
ICR  0x00fd physical edge de-assert no-shorthand
ICR2 0x0002 cpu 2 (X2APIC ID)
ESR  0x
ISR  (none)
IRR  (none)

APR 0x00 TPR 0x00 DFR 0x0f LDR 0x00 PPR 0x00
(qemu)

Signed-off-by: Dr. David Alan Gilbert 
---
 target-i386/helper.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/target-i386/helper.c b/target-i386/helper.c
index 1c250b8..769d7df 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -329,6 +329,8 @@ void x86_cpu_dump_local_apic_state(CPUState *cs, FILE *f,
 
 cpu_fprintf(f, "dumping local APIC state for CPU %-2u\n\n",
 CPU(cpu)->cpu_index);
+cpu_fprintf(f, "apicbase 0x%x ID %d Version %d\n", s->apicbase, s->id,
+s->version);
 dump_apic_lvt(f, cpu_fprintf, "LVT0", lvt[APIC_LVT_LINT0], false);
 dump_apic_lvt(f, cpu_fprintf, "LVT1", lvt[APIC_LVT_LINT1], false);
 dump_apic_lvt(f, cpu_fprintf, "LVTPC", lvt[APIC_LVT_PERFORM], false);
@@ -336,10 +338,14 @@ void x86_cpu_dump_local_apic_state(CPUState *cs, FILE *f,
 dump_apic_lvt(f, cpu_fprintf, "LVTTHMR", lvt[APIC_LVT_THERMAL], false);
 dump_apic_lvt(f, cpu_fprintf, "LVTT", lvt[APIC_LVT_TIMER], true);
 
-cpu_fprintf(f, "Timer\t DCR=0x%x (divide by %u) initial_count = %u\n",
+cpu_fprintf(f, "Timer\t DCR=0x%x (divide by %u) initial_count=%u\n",
 s->divide_conf & APIC_DCR_MASK,
 divider_conf(s->divide_conf),
 s->initial_count);
+cpu_fprintf(f, " \t count_shift=%d iclt=%" PRId64 " next=%" PRId64
+   " expiry=%" PRId64 "\n",
+s->count_shift, s->initial_count_load_time,
+s->next_time, s->timer_expiry);
 
 cpu_fprintf(f, "SPIV\t 0x%08x APIC %s, focus=%s, spurious vec %u\n",
 s->spurious_vec,
@@ -347,6 +353,11 @@ void x86_cpu_dump_local_apic_state(CPUState *cs, FILE *f,
 s->spurious_vec & APIC_SPURIO_FOCUS ? "on" : "off",
 s->spurious_vec & APIC_VECTOR_MASK);
 
+cpu_fprintf(f, "SIPI\t vector %d wait %d\n", s->sipi_vector,
+s->wait_for_sipi);
+cpu_fprintf(f, "vAPIC\t control %d paddr 0x%" HWADDR_PRIX "\n",
+s->vapic_control, s->vapic_paddr);
+
 dump_apic_icr(f, cpu_fprintf, s, >env);
 
 cpu_fprintf(f, "ESR\t 0x%08x\n", s->esr);
-- 
2.7.4

Re: [Qemu-devel] vhost-user-test failure

[Maxime Coquelin]

On 09/23/2016 05:41 PM, Michael S. Tsirkin wrote:

On Fri, Sep 23, 2016 at 12:36:12PM -0300, Eduardo Habkost wrote:

Hi,

I hit a weird vhost-user-test failure on travis-ci recently, on a
branch where I didn't touch any vhost-related code. From a quick
look at the code, it looks like the vhost-user code is unhappy to
see a disconnected socket.

I wasn't able to reproduce it. It seems to be a hard to reproduce
race between vhost-user code and socket reconnection.

The failure can be seen at:

https://travis-ci.org/ehabkost/qemu-hacks/jobs/162077239


Maxime looked at something similiar. Any idea?

No, not really.
Marc-André contributed a lot to these tests, I add him in cc: in case
he has an idea.

I will have a look in the mean time.

Maxime




Error output:

  **
  ERROR:tests/vhost-user-test.c:715:test_reconnect: child process 
(/i386/vhost-user/reconnect/subprocess [23792]) failed unexpectedly
  qemu-system-i386: Failed to set msg fds.
  qemu-system-i386: vhost VQ 0 ring restore failed: -1: Resource temporarily 
unavailable (11)
  qemu-system-i386: Failed to set msg fds.
  qemu-system-i386: vhost VQ 1 ring restore failed: -1: Resource temporarily 
unavailable (11)
  GTester: last random seed: R02S2892f6ad84bd5d03acd54cb75f444243
  make: *** [check-qtest-i386] Error 1

--
Eduardo

Re: [Qemu-devel] [PATCH v2 1/3] block: Add '-blockdev' command line option

[Max Reitz]

On 23.09.2016 18:06, Kevin Wolf wrote:
> This is an option that is directly mapped to the blockdev-add QMP
> command. It works more or less like -drive, except that it doesn't
> create a BlockBackend and doesn't support legacy options.
> 
> This patch adds minimal documentation, the next patches will improve it.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  blockdev.c  | 12 +++
>  include/sysemu/sysemu.h |  1 +
>  qemu-options.hx | 12 +++
>  vl.c| 53 
> +
>  4 files changed, 78 insertions(+)

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 3/3] doc: Document driver-specific -blockdev options

[Max Reitz]

On 23.09.2016 18:06, Kevin Wolf wrote:
> This documents the driver-specific options for the raw, qcow2 and file
> block drivers for the man page. For everything else, we refer to the
> QAPI documentation.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  qemu-options.hx | 104 
> +++-
>  1 file changed, 103 insertions(+), 1 deletion(-)
> 
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 8766589..9811370 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -522,7 +522,18 @@ STEXI
>  @item -blockdev @var{option}[,@var{option}[,@var{option}[,...]]]
>  @findex -blockdev
>  
> -Define a new block driver node.
> +Define a new block driver node. Some of the options apply to all block 
> drivers,
> +other options are only accepted for a specific block driver. See below for a
> +list of generic options and options for the most common block drivers.
> +
> +Options that expect a reference to another node (e.g. @code{file}) can given
> +given in two ways. Either you specify the node name of an already existing 
> node

s/given given/be given/

> +(file=@var{node-name}), or you define a new node inline, adding options
> +for the referenced node after a dot 
> (file.filename=@var{path},file.aio=native).
> +
> +A block driver node created with @option{-blockdev} can be used for a guest
> +device by specifying its node name for the @code{drive} property in a
> +@option{-device} argument that defines a block device.
>  
>  @table @option
>  @item Valid options for any block driver node:
> @@ -558,6 +569,97 @@ zero write commands. You may even choose "unmap" if 
> @var{discard} is set
>  to "unmap" to allow a zero write to be converted to an UNMAP operation.
>  @end table
>  
> +@item Driver-specific options for @code{file}

I'd really like a short explanation of what this driver does here,
really just a "This is a protocol-level block driver for reading normal
files." because I don't think that is obvious to most users.

> +@table @code
> +@item filename
> +The path to the image file in the local filesystem
> +@item aio
> +Specifies the AIO backend (threads/native, default: threads)
> +@end table
> +Example:
> +@example
> +-blockdev driver=file,node-name=disk,filename=disk.img
> +@end example
> +
> +@item Driver-specific options for @code{raw}

I think a "This is a format(-level) block driver for raw image files."
could be useful here, too, although I can imagine that most people can
guess that already. But it wouldn't hurt, I think.

> +@table @code
> +@item file
> +Reference to or definition of the data source block driver ndoe

s/ndoe/node/

> +(e.g. a @code{file} driver node)
> +@end table
> +Example 1:
> +@example
> +-blockdev driver=file,node-name=disk_file,filename=disk.img
> +-blockdev driver=raw,node-name=disk,file=disk_file
> +@end example
> +Example 2:
> +@example
> +-blockdev driver=raw,node-name=disk,file.driver=file,file.filename=disk.img
> +@end example
> +
> +@item Driver-specific options for @code{qcow2}
> +@table @code
> +@item file
> +Reference to or definition of the data source block driver node
> +(e.g. a @code{file} driver node)
> +
> +@item backing
> +Reference to or definition of the backing file block device (if missing, 
> taken

I'd use "not specified" or a plain "defaults to..." instead of
"missing", because "missing" sounds like it's supposed to be specified.

> +from the image file content). It is allowed to pass an empty string here in
> +order to disable the default backing file.
> +
> +@item lazy-refcounts
> +Whether to enable the lazy refcounts feature (on/off; default is taken from 
> the
> +image file)
> +
> +@item cache-size
> +The maximum total size of the L2 table and refcount block caches in bytes
> +(default: 1048576 bytes or 8 clusters, whichever is larger)
> +
> +@item l2-cache-size
> +The maximum size of the L2 table cache in bytes
> +(default: 4/5 of the total cache size)
> +
> +@item refcount-cache-size
> +The maximum size of the refcount block cache in bytes
> +(default: 1/5 of the total cache size)
> +
> +@item cache-clean-interval
> +Clean unused entries in the L2 and refcount caches. The interval is in 
> seconds.
> +The default value is 0 and it disables this feature.
> +
> +@item pass-discard-request
> +Whether discard requests to the qcow2 device should be forwarded to the data
> +source (on/off; default: on if discard=unmap is specified, off otherwise)
> +
> +@item pass-discard-snapshot
> +Whether discard requests for the data source should be issued when a snapshot
> +operation (e.g. deleting a snapshot) frees clusters in the qcow2 file 
> (on/off;
> +default: on)
> +
> +@item pass-discard-other
> +Whether discard requests for the data source should be issued on other
> +occasions where a cluster gets freed (on/off; default: off)
> +
> +@item overlap-check
> +Which overlap checks to perform for writes to the image
> +(none/constant/cache/all; default: cached). For details or finer

Re: [Qemu-devel] [PATCH 14/16] cpus-common: Introduce async_safe_run_on_cpu()

[Richard Henderson]

On 09/23/2016 12:31 AM, Paolo Bonzini wrote:

Signed-off-by: Paolo Bonzini 
---
 cpus-common.c | 33 +++--
 include/qom/cpu.h | 14 ++
 2 files changed, 45 insertions(+), 2 deletions(-)


Reviewed-by: Richard Henderson 


r~