Re: [Qemu-devel] [PULL 6/6] MAINTAINERS: Remove obsolete stable branches

[Thomas Huth]

On 10.01.2017 04:32, Michael S. Tsirkin wrote:
> On Thu, Nov 10, 2016 at 11:11:43AM +0100, Thomas Huth wrote:
>> There are only very old and orphaned stable branches listed
>> in the MAINTAINERS file - so this section is pretty useless
>> nowadays. Let's remove it.
>>
>> Reviewed-by: John Snow 
>> Signed-off-by: Thomas Huth 
> 
> 
> Could you add some kind of entry for stable though?
> Otherwise people won't know which address to CC.

I think that's a question to Michael Roth - whether such an entry should
be added and how it should look like.

 Thomas


>> ---
>>  MAINTAINERS | 22 --
>>  1 file changed, 22 deletions(-)
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index d8575ab..4a60579 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -1574,28 +1574,6 @@ F: tcg/tci/
>>  F: tci.c
>>  F: disas/tci.c
>>  
>> -Stable branches
>> 
>> -Stable 1.0
>> -L: qemu-sta...@nongnu.org
>> -T: git git://git.qemu-project.org/qemu-stable-1.0.git
>> -S: Orphan
>> -
>> -Stable 0.15
>> -L: qemu-sta...@nongnu.org
>> -T: git git://git.qemu-project.org/qemu-stable-0.15.git
>> -S: Orphan
>> -
>> -Stable 0.14
>> -L: qemu-sta...@nongnu.org
>> -T: git git://git.qemu-project.org/qemu-stable-0.14.git
>> -S: Orphan
>> -
>> -Stable 0.10
>> -L: qemu-sta...@nongnu.org
>> -T: git git://git.qemu-project.org/qemu-stable-0.10.git
>> -S: Orphan
>> -
>>  Block drivers
>>  -
>>  VMDK
>> -- 
>> 1.8.3.1
>>

Re: [Qemu-devel] [PATCH] hw/ppc/spapr: Allow POWER9 as hot-pluggable CPU for pseries

[Thomas Huth]

On 10.01.2017 01:39, David Gibson wrote:
> On Mon, Jan 09, 2017 at 01:57:24PM +0100, Thomas Huth wrote:
>> Running "qemu-system-ppc64 -M pseries -cpu POWER9" currently does not work
>> yet and results in this error message:
>>
>>  qemu-system-ppc64: Unable to find sPAPR CPU Core definition
>>
>> Since we want to support the pseries machine with POWER9 in the future,
>> allow using POWER9 as hot-pluggable CPU there, too.
>>
>> Signed-off-by: Thomas Huth 
> 
> I'm not sure it makes sense to apply this until we have at least the
> basics of the POWER9 PAPR pieces implemented in qemu.

OK, then I'll keep it in my private branch for my experiments...

 Thomas




signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1654826] Re: Holding key down using input-linux freezes guest

[mutedbytes]

I have tried without "repeat=on" option, and with 2.8.0 I still seem to
be getting weird behavior with mouse dropping out at points, and with
keys seemingly being continued to be pressed (ie still running around in
an fps game after releasing the key). I also experienced at one point
l-ctrl+r-ctrl not passing keyboard control to guest, and needed to VNC
in to shutdown/restart guest (this was after plugging in a usb xbox360
controller, not sure if related).

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1654826

Title:
  Holding key down using input-linux freezes guest

Status in QEMU:
  New

Bug description:
  Qemu release version 2.8.0
  KVM, kernel 4.9.1

  When using the -object input-linux capability in qemu for passthrough
  of input/evdev devices, I found that when a key is held for a few
  seconds or more (such as ctrl key), the guest system freezes until the
  key is released. In some cases, mouse control is also lost following
  one of these "freezes". I also noticed that one of the four cpu cores
  I have the guest pinned to ramps to 100% during these freezes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1654826/+subscriptions

Re: [Qemu-devel] [PULL v2 00/11] ui patch queue

[Gerd Hoffmann]

  Hi,

> >   git://git.kraxel.org/qemu tags/pull-ui-20170109-1

> Hi. I'm afraid this fails to build on OSX:
> 
> /Users/pm215/src/qemu-for-merges/ui/cocoa.m:688:21: error: use of
> undeclared identifier 'MOUSE_EVENT_WHEELUP'
> MOUSE_EVENT_WHEELUP : MOUSE_EVENT_WHEELDN;
> ^
> /Users/pm215/src/qemu-for-merges/ui/cocoa.m:710:45: error: use of
> undeclared identifier 'MOUSE_EVENT_WHEELUP'
> [INPUT_BUTTON_WHEEL_UP]   = MOUSE_EVENT_WHEELUP,
> ^
> /Users/pm215/src/qemu-for-merges/ui/cocoa.m:711:45: error: use of
> undeclared identifier 'MOUSE_EVENT_WHEELDN'
> [INPUT_BUTTON_WHEEL_DOWN] = MOUSE_EVENT_WHEELDN,

Pushed new tag:

  git://git.kraxel.org/qemu tags/pull-ui-20170110-1

Dropped offending patch (8/11), no other changes.

cheers,
  Gerd

[Qemu-devel] [PATCH] x86: add AVX512_VPOPCNTDQ features

[He Chen]

AVX512_VPOPCNTDQ: Vector POPCNT instructions for word and qwords.
variable precision.

Signed-off-by: He Chen 
---
 target/i386/cpu.c | 2 +-
 target/i386/cpu.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index b0640f1..ae900b5 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -435,7 +435,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
 NULL, "avx512vbmi", "umip", "pku",
 "ospke", NULL, NULL, NULL,
 NULL, NULL, NULL, NULL,
-NULL, NULL, NULL, NULL,
+NULL, NULL, "vpopcntdq", NULL,
 "la57", NULL, NULL, NULL,
 NULL, NULL, "rdpid", NULL,
 NULL, NULL, NULL, NULL,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index a7f2f60..73edc60 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -630,6 +630,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
 #define CPUID_7_0_ECX_UMIP (1U << 2)
 #define CPUID_7_0_ECX_PKU  (1U << 3)
 #define CPUID_7_0_ECX_OSPKE(1U << 4)
+#define CPUID_7_0_ECX_VPOPCNTDQ (1U << 14) /* POPCNT for vectors of DW/QW */
 #define CPUID_7_0_ECX_LA57 (1U << 16)
 #define CPUID_7_0_ECX_RDPID(1U << 22)
 
-- 
2.7.4

Re: [Qemu-devel] [PATCH v6 kernel 0/5] Extend virtio-balloon for fast (de)inflating & fast live migration

[Li, Liang Z]

Hi guys,

Could you help to review this patch set?

Thanks!
Liang

> -Original Message-
> From: Li, Liang Z
> Sent: Wednesday, December 21, 2016 2:52 PM
> To: k...@vger.kernel.org
> Cc: virtio-...@lists.oasis-open.org; qemu-devel@nongnu.org; linux-
> m...@kvack.org; linux-ker...@vger.kernel.org; virtualization@lists.linux-
> foundation.org; amit.s...@redhat.com; Hansen, Dave;
> cornelia.h...@de.ibm.com; pbonz...@redhat.com; m...@redhat.com;
> da...@redhat.com; aarca...@redhat.com; dgilb...@redhat.com;
> quint...@redhat.com; Li, Liang Z
> Subject: [PATCH v6 kernel 0/5] Extend virtio-balloon for fast (de)inflating &
> fast live migration
> 
> This patch set contains two parts of changes to the virtio-balloon.
> 
> One is the change for speeding up the inflating & deflating process, the main
> idea of this optimization is to use {pfn|length} to present the page
> information instead of the PFNs, to reduce the overhead of virtio data
> transmission, address translation and madvise(). This can help to improve the
> performance by about 85%.
> 
> Another change is for speeding up live migration. By skipping process guest's
> unused pages in the first round of data copy, to reduce needless data
> processing, this can help to save quite a lot of CPU cycles and network
> bandwidth. We put guest's unused page information in a {pfn|length} array
> and send it to host with the virt queue of virtio-balloon. For an idle guest 
> with
> 8GB RAM, this can help to shorten the total live migration time from 2Sec to
> about 500ms in 10Gbps network environment. For an guest with quite a lot
> of page cache and with little unused pages, it's possible to let the guest 
> drop
> it's page cache before live migration, this case can benefit from this new
> feature too.
> 
> Changes from v5 to v6:
> * Drop the bitmap from the virtio ABI, use {pfn|length} only.
> * Enhance the API to get the unused page information from mm.
> 
> Changes from v4 to v5:
> * Drop the code to get the max_pfn, use another way instead.
> * Simplify the API to get the unused page information from mm.
> 
> Changes from v3 to v4:
> * Use the new scheme suggested by Dave Hansen to encode the bitmap.
> * Add code which is missed in v3 to handle migrate page.
> * Free the memory for bitmap intime once the operation is done.
> * Address some of the comments in v3.
> 
> Changes from v2 to v3:
> * Change the name of 'free page' to 'unused page'.
> * Use the scatter & gather bitmap instead of a 1MB page bitmap.
> * Fix overwriting the page bitmap after kicking.
> * Some of MST's comments for v2.
> 
> Changes from v1 to v2:
> * Abandon the patch for dropping page cache.
> * Put some structures to uapi head file.
> * Use a new way to determine the page bitmap size.
> * Use a unified way to send the free page information with the bitmap
> * Address the issues referred in MST's comments
> 
> Liang Li (5):
>   virtio-balloon: rework deflate to add page to a list
>   virtio-balloon: define new feature bit and head struct
>   virtio-balloon: speed up inflate/deflate process
>   virtio-balloon: define flags and head for host request vq
>   virtio-balloon: tell host vm's unused page info
> 
>  drivers/virtio/virtio_balloon.c | 510
> 
>  include/linux/mm.h  |   3 +
>  include/uapi/linux/virtio_balloon.h |  34 +++
>  mm/page_alloc.c | 120 +
>  4 files changed, 621 insertions(+), 46 deletions(-)
> 
> --
> 1.9.1

[Qemu-devel] [PULL 40/41] memhp: move DIMM devices into dedicated scope with related common methods

[Michael S. Tsirkin]

From: Igor Mammedov 

Move DIMM devices from global _SB scope to a new \_SB.MHPC
container along with common methods used by DIMMs:
  MCRS, MRST, MPXM, MOST, MEJ00, MSCN, MTFY

this reduces AML size on 12 * #slots bytes,
i.e. up to 3072 bytes for 265 slots.

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Marcel Apfelbaum 
---
 hw/acpi/memory_hotplug.c | 190 ---
 1 file changed, 97 insertions(+), 93 deletions(-)

diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index fb04d24..210073d 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -31,6 +31,7 @@
 #define MEMORY_SLOT_SCAN_METHOD  "MSCN"
 #define MEMORY_HOTPLUG_DEVICE"MHPD"
 #define MEMORY_HOTPLUG_IO_LEN 24
+#define MEMORY_DEVICES_CONTAINER "\\_SB.MHPC"
 
 static uint16_t memhp_io_base;
 
@@ -343,9 +344,8 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 int i;
 Aml *ifctx;
 Aml *method;
-Aml *sb_scope;
+Aml *dev_container;
 Aml *mem_ctrl_dev;
-char *scan_path;
 char *mhp_res_path;
 
 if (!memhp_io_base) {
@@ -356,24 +356,11 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 mem_ctrl_dev = aml_device("%s", mhp_res_path);
 {
 Aml *crs;
-Aml *field;
-Aml *one = aml_int(1);
-Aml *zero = aml_int(0);
-Aml *ret_val = aml_local(0);
-Aml *slot_arg0 = aml_arg(0);
-Aml *slots_nr = aml_name(MEMORY_SLOTS_NUMBER);
-Aml *ctrl_lock = aml_name(MEMORY_SLOT_LOCK);
-Aml *slot_selector = aml_name(MEMORY_SLOT_SLECTOR);
 
 aml_append(mem_ctrl_dev, aml_name_decl("_HID", aml_string("PNP0A06")));
 aml_append(mem_ctrl_dev,
 aml_name_decl("_UID", aml_string("Memory hotplug resources")));
 
-assert(nr_mem <= ACPI_MAX_RAM_SLOTS);
-aml_append(mem_ctrl_dev,
-aml_name_decl(MEMORY_SLOTS_NUMBER, aml_int(nr_mem))
-);
-
 crs = aml_resource_template();
 aml_append(crs,
 aml_io(AML_DECODE16, memhp_io_base, memhp_io_base, 0,
@@ -386,7 +373,32 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 aml_int(memhp_io_base), MEMORY_HOTPLUG_IO_LEN)
 );
 
-field = aml_field(MEMORY_HOTPLUG_IO_REGION, AML_DWORD_ACC,
+}
+aml_append(table, mem_ctrl_dev);
+
+dev_container = aml_device(MEMORY_DEVICES_CONTAINER);
+{
+Aml *field;
+Aml *one = aml_int(1);
+Aml *zero = aml_int(0);
+Aml *ret_val = aml_local(0);
+Aml *slot_arg0 = aml_arg(0);
+Aml *slots_nr = aml_name(MEMORY_SLOTS_NUMBER);
+Aml *ctrl_lock = aml_name(MEMORY_SLOT_LOCK);
+Aml *slot_selector = aml_name(MEMORY_SLOT_SLECTOR);
+char *mmio_path = g_strdup_printf("%s." MEMORY_HOTPLUG_IO_REGION,
+  mhp_res_path);
+
+aml_append(dev_container, aml_name_decl("_HID", 
aml_string("PNP0A06")));
+aml_append(dev_container,
+aml_name_decl("_UID", aml_string("DIMM devices")));
+
+assert(nr_mem <= ACPI_MAX_RAM_SLOTS);
+aml_append(dev_container,
+aml_name_decl(MEMORY_SLOTS_NUMBER, aml_int(nr_mem))
+);
+
+field = aml_field(mmio_path, AML_DWORD_ACC,
   AML_NOLOCK, AML_PRESERVE);
 aml_append(field, /* read only */
 aml_named_field(MEMORY_SLOT_ADDR_LOW, 32));
@@ -398,9 +410,9 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 aml_named_field(MEMORY_SLOT_SIZE_HIGH, 32));
 aml_append(field, /* read only */
 aml_named_field(MEMORY_SLOT_PROXIMITY, 32));
-aml_append(mem_ctrl_dev, field);
+aml_append(dev_container, field);
 
-field = aml_field(MEMORY_HOTPLUG_IO_REGION, AML_BYTE_ACC,
+field = aml_field(mmio_path, AML_BYTE_ACC,
   AML_NOLOCK, AML_WRITE_AS_ZEROS);
 aml_append(field, aml_reserved_field(160 /* bits, Offset(20) */));
 aml_append(field, /* 1 if enabled, read only */
@@ -414,9 +426,9 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 aml_append(field,
 /* initiates device eject, write only */
 aml_named_field(MEMORY_SLOT_EJECT, 1));
-aml_append(mem_ctrl_dev, field);
+aml_append(dev_container, field);
 
-field = aml_field(MEMORY_HOTPLUG_IO_REGION, AML_DWORD_ACC,
+field = aml_field(mmio_path, AML_DWORD_ACC,
   AML_NOLOCK, AML_PRESERVE);
 aml_append(field, /* DIMM selector, write only */
 aml_named_field(MEMORY_SLOT_SLECTOR, 32));
@@ -424,7 +436,8 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 aml_named_field(MEMORY_SLOT_OST_EVENT, 32));
 

[Qemu-devel] [PULL 39/41] memhp: don't generate memory hotplug AML if it's not enabled/supported

[Michael S. Tsirkin]

From: Igor Mammedov 

That reduces DSDT by 910 bytes when memory hotplug
isn't enabled.

While doing so drop intermediate variables/arguments
passing around ACPI_MEMORY_HOTPLUG_IO_LEN and making
it local to memory_hotplug.c, hardcoding it there as
it can't change.

Also don't pass around ACPI_MEMORY_HOTPLUG_BASE through
intermediate variables/arguments where it's not needed.
Instead initialize in module static variable when MMIO
region is mapped and use that within memory_hotplug.c
whenever it's required.
That way MMIO base specified only at one place and AML
with MMIO would always use the same value.

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Marcel Apfelbaum 
---
 include/hw/acpi/memory_hotplug.h |  3 +--
 include/hw/acpi/pc-hotplug.h |  1 -
 hw/acpi/ich9.c   |  3 ++-
 hw/acpi/memory_hotplug.c | 24 +---
 hw/acpi/piix4.c  |  3 ++-
 hw/i386/acpi-build.c |  9 +
 6 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/include/hw/acpi/memory_hotplug.h b/include/hw/acpi/memory_hotplug.h
index 91d4045..db8ebc9 100644
--- a/include/hw/acpi/memory_hotplug.h
+++ b/include/hw/acpi/memory_hotplug.h
@@ -30,7 +30,7 @@ typedef struct MemHotplugState {
 } MemHotplugState;
 
 void acpi_memory_hotplug_init(MemoryRegion *as, Object *owner,
-  MemHotplugState *state);
+  MemHotplugState *state, uint16_t io_base);
 
 void acpi_memory_plug_cb(HotplugHandler *hotplug_dev, MemHotplugState *mem_st,
  DeviceState *dev, Error **errp);
@@ -48,7 +48,6 @@ extern const VMStateDescription vmstate_memory_hotplug;
 void acpi_memory_ospm_status(MemHotplugState *mem_st, ACPIOSTInfoList ***list);
 
 void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
-  uint16_t io_base, uint16_t io_len,
   const char *res_root,
   const char *event_handler_method);
 #endif
diff --git a/include/hw/acpi/pc-hotplug.h b/include/hw/acpi/pc-hotplug.h
index a4f513d..31bc919 100644
--- a/include/hw/acpi/pc-hotplug.h
+++ b/include/hw/acpi/pc-hotplug.h
@@ -29,7 +29,6 @@
 #define PIIX4_CPU_HOTPLUG_IO_BASE 0xaf00
 #define CPU_HOTPLUG_RESOURCE_DEVICE PRES
 
-#define ACPI_MEMORY_HOTPLUG_IO_LEN 24
 #define ACPI_MEMORY_HOTPLUG_BASE 0x0a00
 
 #endif
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 830c475..5c279bb 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -306,7 +306,8 @@ void ich9_pm_init(PCIDevice *lpc_pci, ICH9LPCPMRegs *pm,
 
 if (pm->acpi_memory_hotplug.is_enabled) {
 acpi_memory_hotplug_init(pci_address_space_io(lpc_pci), 
OBJECT(lpc_pci),
- >acpi_memory_hotplug);
+ >acpi_memory_hotplug,
+ ACPI_MEMORY_HOTPLUG_BASE);
 }
 }
 
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index da29332..fb04d24 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -30,6 +30,9 @@
 #define MEMORY_SLOT_NOTIFY_METHOD"MTFY"
 #define MEMORY_SLOT_SCAN_METHOD  "MSCN"
 #define MEMORY_HOTPLUG_DEVICE"MHPD"
+#define MEMORY_HOTPLUG_IO_LEN 24
+
+static uint16_t memhp_io_base;
 
 static ACPIOSTInfo *acpi_memory_device_status(int slot, MemStatus *mdev)
 {
@@ -202,7 +205,7 @@ static const MemoryRegionOps acpi_memory_hotplug_ops = {
 };
 
 void acpi_memory_hotplug_init(MemoryRegion *as, Object *owner,
-  MemHotplugState *state)
+  MemHotplugState *state, uint16_t io_base)
 {
 MachineState *machine = MACHINE(qdev_get_machine());
 
@@ -211,10 +214,12 @@ void acpi_memory_hotplug_init(MemoryRegion *as, Object 
*owner,
 return;
 }
 
+assert(!memhp_io_base);
+memhp_io_base = io_base;
 state->devs = g_malloc0(sizeof(*state->devs) * state->dev_count);
 memory_region_init_io(>io, owner, _memory_hotplug_ops, state,
-  "acpi-mem-hotplug", ACPI_MEMORY_HOTPLUG_IO_LEN);
-memory_region_add_subregion(as, ACPI_MEMORY_HOTPLUG_BASE, >io);
+  "acpi-mem-hotplug", MEMORY_HOTPLUG_IO_LEN);
+memory_region_add_subregion(as, memhp_io_base, >io);
 }
 
 /**
@@ -332,7 +337,6 @@ const VMStateDescription vmstate_memory_hotplug = {
 };
 
 void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
-  uint16_t io_base, uint16_t io_len,
   const char *res_root,
   const char *event_handler_method)
 {
@@ -342,8 +346,13 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 Aml *sb_scope;
 Aml *mem_ctrl_dev;
 char *scan_path;
-char *mhp_res_path = g_strdup_printf("%s." MEMORY_HOTPLUG_DEVICE, 

Re: [Qemu-devel] Live migration + cpu/mem hotplug

[Bob Chen]

Answer my own question:

The corresponding cmd-line parameter for memory hot-add by QEMU monitor is,
-object memory-backend-ram,id=mem0,size=1024M -device
pc-dimm,id=dimm0,memdev=mem0

2017-01-05 18:12 GMT+08:00 Daniel P. Berrange :

> On Thu, Jan 05, 2017 at 04:27:26PM +0800, Bob Chen wrote:
> > Hi,
> >
> > According to the docs, the destination Qemu must have the exactly same
> > parameters as the source one. So if the source has just finished cpu or
> > memory hotplug, what would the dest's parameters be like?
> >
> > Does DIMM device, or logically QOM object, have to be reflected on the
> new
> > command-line parameters?
>
> Yes, if you have hotplugged any type of device since the VM was started,
> the QEMU command line args on the target host must include all the original
> args from the source QEMU, and also any args reflect to reflect the
> hotplugged devices too.
>
> A further complication is that on the target, you must also make sure you
> fully specify *all* device address information (PCI slots, SCSI luns, etc
> etc), because the addresses QEMU assigns to a device after hotplug may
> not be the same as the addresses QEMU assigns to a device whne coldplug.
>
> eg if you boot a guest with 1 NIC + 1 disk, and then hotplug a 2nd NIC
> you might get
>
>1st NIC  == PCI slot 2
>1st disk == PCI slot 3
>2nd NIC  == PCI slot 4
>
> if however, you started QEMU with 2 NICs and 1 disk straight away QEMU
> might assign addresses in the order
>
>1st NIC  == PCI slot 2
>2nd NIC  == PCI slot 3
>1st disk == PCI slot 4
>
> this would totally kill a guest OS during live migration as the slots
> for devices its using would change.
>
> So as a general rule when launching QEMU on a target host for migrating,
> you must be explicit about all device addresses and not rely on QEMU to
> auto-assign addresses. This is quite alot of work to get right, but if
> you're using libvirt it'll do pretty much all this automatically for
> you.
>
> Regards,
> Daniel
> --
> |: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/
> :|
> |: http://libvirt.org  -o- http://virt-manager.org
> :|
> |: http://entangle-photo.org   -o-http://search.cpan.org/~danberr/
> :|
>

[Qemu-devel] [PULL 30/41] vhost-net: Notify the backend about the host MTU

[Michael S. Tsirkin]

From: Maxime Coquelin 

This patch provides a way for virtio-net to notify the
backend about the host MTU set by the user.

Cc: Michael S. Tsirkin 
Cc: Aaron Conole 
Signed-off-by: Maxime Coquelin 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/net/vhost_net.h |  2 ++
 hw/net/vhost_net.c  | 18 ++
 2 files changed, 20 insertions(+)

diff --git a/include/net/vhost_net.h b/include/net/vhost_net.h
index 5a08eff..afc1499 100644
--- a/include/net/vhost_net.h
+++ b/include/net/vhost_net.h
@@ -35,4 +35,6 @@ int vhost_set_vring_enable(NetClientState * nc, int enable);
 
 uint64_t vhost_net_get_acked_features(VHostNetState *net);
 
+int vhost_net_set_mtu(struct vhost_net *net, uint16_t mtu);
+
 #endif
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index f2d49ad..6280422 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -51,6 +51,7 @@ static const int kernel_feature_bits[] = {
 VIRTIO_RING_F_EVENT_IDX,
 VIRTIO_NET_F_MRG_RXBUF,
 VIRTIO_F_VERSION_1,
+VIRTIO_NET_F_MTU,
 VHOST_INVALID_FEATURE_BIT
 };
 
@@ -74,6 +75,7 @@ static const int user_feature_bits[] = {
 VIRTIO_NET_F_HOST_ECN,
 VIRTIO_NET_F_HOST_UFO,
 VIRTIO_NET_F_MRG_RXBUF,
+VIRTIO_NET_F_MTU,
 
 /* This bit implies RARP isn't sent by QEMU out of band */
 VIRTIO_NET_F_GUEST_ANNOUNCE,
@@ -435,6 +437,17 @@ int vhost_set_vring_enable(NetClientState *nc, int enable)
 return 0;
 }
 
+int vhost_net_set_mtu(struct vhost_net *net, uint16_t mtu)
+{
+const VhostOps *vhost_ops = net->dev.vhost_ops;
+
+if (!vhost_ops->vhost_net_set_mtu) {
+return 0;
+}
+
+return vhost_ops->vhost_net_set_mtu(>dev, mtu);
+}
+
 #else
 uint64_t vhost_net_get_max_queues(VHostNetState *net)
 {
@@ -501,4 +514,9 @@ int vhost_set_vring_enable(NetClientState *nc, int enable)
 {
 return 0;
 }
+
+int vhost_net_set_mtu(struct vhost_net *net, uint16_t mtu)
+{
+return 0;
+}
 #endif
-- 
MST

Re: [Qemu-devel] [PATCH 00/21] new backup architecture

[Jeff Cody]

On Mon, Jan 09, 2017 at 11:04:27AM +, Stefan Hajnoczi wrote:
> On Fri, Dec 23, 2016 at 05:28:43PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> 
> Jeff or John: are you reviewing this?

It's in my review queue, but it would probably be a good one for John to
review as well if he has time.

> 
> > This is a new architecture for backup. It solves some current problems:
> > 1. intersecting requests: for now at request start we wait for all 
> > intersecting requests, which means that
> > a. we may wait even for unrelated to our request clusters
> > b. not full async: if we are going to copy clusters 1,2,3,4, when 2 and 
> > 4 are in flight, why should we wait for 2 and 4 to be fully copied? Why not 
> > to start 1 and 3 in parallel with 2 and 4?
> > 
> > 2. notifier request is internally synchronous: if notifier starts copying 
> > clusters 1,2,3,4, they will be copied one by one in synchronous loop.
> > 
> > 3. notifier wait full copying of corresponding clusters (when actually it 
> > may wait only for _read_ operations to be finished)
> > 
> > In short, what is done:
> > 1. full async scheme
> > 4. no intersecting requests
> > 3. notifiers can wait only for read, not for write
> > 4. notifiers wait only for corresponding clusters
> > 5. time limit for notifiers
> > 5. skip unallocated clusters for full mode
> > 6. use HBitmap as main backup bitmap and just init it from dirty bitmap for 
> > incremental case
> > 7. retrying: do not reread on write fail
> > 
> > # Intro
> > 
> > Instead of sync-copying + async-notifiers as in old backup, or aio requests 
> > like in mirror, this scheme just start 24 workers - separate coroutines, 
> > each of them copying clusters synchronously. Copying is only done by one 
> > cluster, there are no large requests.
> > The only difference for clusters, awaited by write notifiers, is larger 
> > priority. So, notifiers do not start io requests, they just mark some 
> > clusters as awaited and yield. Then, when some worker completes read of 
> > last cluster, awaited by this notifier it will enter it.
> > 
> > # Some data structures
> > 
> > Instead of done_bitmap - copy_bitmap, like in mirror.
> > HBitmap copy_bitmap
> > Exactly, what should be copied:
> > 0 - may mean one of three things:
> > - this cluster should not be copied at all
> > - this cluster is in flight
> > - this cluster is already copied
> > 1 - means that cluster should be copied, but not touched yet (no async 
> > io exists for it)
> > 
> > New bitmap: notif_wait_bitmap - not HBitmap, just Bitmap.
> > Exactly, in flight clusters, waiting for read operation:
> > 0 - may mean one of three things:
> > - this cluster should not be copied at all
> > - this cluster is in flight and it is _already_ read to memory
> > - this cluster is already copied
> > 1 - means that cluster is in flight, but read operation have not 
> > finished
> > yet
> > The only exception is none-mode: in this case 1 means in flight: in io 
> > read or write. This is needed for image fleecing.
> > 
> > Cluster states (copy_bitmap, notif_wait_bitmap)
> > 
> > 0, 0 - Ignored (should not be copied at all) or In flight (read done) or 
> > Copied
> > 0, 1 - In flight, read operation not finished (or write op. - for none-mode)
> > 1, 0 - Should be copied, but not touched yet
> > 1, 1 - Impossible state
> > 
> > NotifierRequest - request from notifier, it changes sequence of cluster 
> > copying by workers.
> > NotifierRequest {
> > int64_t start;
> > int64_t end;
> > int nb_wait; // nb clusters (in specified range) that should be copied 
> > but not already read, i.e. clusters awaited by this notifier
> > Coroutine *notif; // corresponding notifier coroutine
> > }
> > 
> > notifier_reqs - list of notifier requests
> > 
> > # More info
> > 
> > At backup start copy_bitmap is inited to sync_bitmap for incremental 
> > backup. For top/full backup it is inited to all ones, but in parallel with 
> > workers main coroutine skips not allocated clusters.
> > 
> > Worker coroutines are copying clusters, preferable awaited by notifiers 
> > (for which NotifierRequest exists in the list). Function get_work helps 
> > them.
> > Workers will copy clusters, awaited by notifiers even if block-job is 
> > paused - it is the same behaviour  as in old architecture.
> > 
> > Old backup fails guest-write if notifier fails to backup corresponding 
> > clusters. In the new scheme there is a little difference: notifier just 
> > wait for 5s and if backup can't copy all corresponding clusters in this 
> > time - guest-write fails.
> > Error scenarios was considered on list, the final solution was to provide 
> > user a possibility to chose what should be failed: backup or guest-write. 
> > I'll add this later.
> > 
> > Worker can exit (no more clusters to copy or fatal error) or pause (error 
> > or user pause or throttling). When last worker goes to pause it 

[Qemu-devel] [PULL 27/41] virtio: Introduce virtqueue_drop_all procedure

[Michael S. Tsirkin]

From: Yuri Benditovich 

Add procedure for fast drop of queued packets, acting like
pop and push without mapping the buffers into memory.

Signed-off-by: Yuri Benditovich 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/virtio.h |  1 +
 hw/virtio/virtio.c | 38 ++
 2 files changed, 39 insertions(+)

diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index e15c064..e5541c6 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -173,6 +173,7 @@ void virtqueue_fill(VirtQueue *vq, const VirtQueueElement 
*elem,
 
 void virtqueue_map(VirtIODevice *vdev, VirtQueueElement *elem);
 void *virtqueue_pop(VirtQueue *vq, size_t sz);
+unsigned int virtqueue_drop_all(VirtQueue *vq);
 void *qemu_get_virtqueue_element(VirtIODevice *vdev, QEMUFile *f, size_t sz);
 void qemu_put_virtqueue_element(QEMUFile *f, VirtQueueElement *elem);
 int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index ba7..aa4f38f 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -783,6 +783,44 @@ err_undo_map:
 return NULL;
 }
 
+/* virtqueue_drop_all:
+ * @vq: The #VirtQueue
+ * Drops all queued buffers and indicates them to the guest
+ * as if they are done. Useful when buffers can not be
+ * processed but must be returned to the guest.
+ */
+unsigned int virtqueue_drop_all(VirtQueue *vq)
+{
+unsigned int dropped = 0;
+VirtQueueElement elem = {};
+VirtIODevice *vdev = vq->vdev;
+bool fEventIdx = virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX);
+
+if (unlikely(vdev->broken)) {
+return 0;
+}
+
+while (!virtio_queue_empty(vq) && vq->inuse < vq->vring.num) {
+/* works similar to virtqueue_pop but does not map buffers
+* and does not allocate any memory */
+smp_rmb();
+if (!virtqueue_get_head(vq, vq->last_avail_idx, )) {
+break;
+}
+vq->inuse++;
+vq->last_avail_idx++;
+if (fEventIdx) {
+vring_set_avail_event(vq, vq->last_avail_idx);
+}
+/* immediately push the element, nothing to unmap
+ * as both in_num and out_num are set to 0 */
+virtqueue_push(vq, , 0);
+dropped++;
+}
+
+return dropped;
+}
+
 /* Reading and writing a structure directly to QEMUFile is *awful*, but
  * it is what QEMU has always done by mistake.  We can change it sooner
  * or later by bumping the version number of the affected vm states.
-- 
MST

[Qemu-devel] [PULL 37/41] memhp: move GPE handler_E03 into build_memory_hotplug_aml()

[Michael S. Tsirkin]

From: Igor Mammedov 

>From this patch all the memory hotplug related AML
bits are consolidated in one place within DSTD.
Follow up patches will utilize that to simplify
memory hotplug related C/AML code.

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Marcel Apfelbaum 
---
 include/hw/acpi/memory_hotplug.h |  6 +++---
 hw/acpi/memory_hotplug.c | 42 ++--
 hw/i386/acpi-build.c |  7 ++-
 3 files changed, 32 insertions(+), 23 deletions(-)

diff --git a/include/hw/acpi/memory_hotplug.h b/include/hw/acpi/memory_hotplug.h
index 6dc48d2..37e2706 100644
--- a/include/hw/acpi/memory_hotplug.h
+++ b/include/hw/acpi/memory_hotplug.h
@@ -49,9 +49,9 @@ void acpi_memory_ospm_status(MemHotplugState *mem_st, 
ACPIOSTInfoList ***list);
 
 #define MEMORY_HOTPLUG_DEVICE"MHPD"
 #define MEMORY_SLOT_SCAN_METHOD  "MSCN"
-#define MEMORY_HOTPLUG_HANDLER_PATH "\\_SB.PCI0." \
- MEMORY_HOTPLUG_DEVICE "." MEMORY_SLOT_SCAN_METHOD
 
 void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
-  uint16_t io_base, uint16_t io_len);
+  uint16_t io_base, uint16_t io_len,
+  const char *res_root,
+  const char *event_handler_method);
 #endif
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index 18b95f2..49e856f 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -308,18 +308,19 @@ const VMStateDescription vmstate_memory_hotplug = {
 };
 
 void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
-  uint16_t io_base, uint16_t io_len)
+  uint16_t io_base, uint16_t io_len,
+  const char *res_root,
+  const char *event_handler_method)
 {
 int i;
 Aml *ifctx;
 Aml *method;
-Aml *pci_scope;
 Aml *sb_scope;
 Aml *mem_ctrl_dev;
+char *scan_path;
+char *mhp_res_path = g_strdup_printf("%s." MEMORY_HOTPLUG_DEVICE, 
res_root);
 
-/* scope for memory hotplug controller device node */
-pci_scope = aml_scope("_SB.PCI0");
-mem_ctrl_dev = aml_device(MEMORY_HOTPLUG_DEVICE);
+mem_ctrl_dev = aml_device("%s", mhp_res_path);
 {
 Aml *crs;
 Aml *field;
@@ -610,47 +611,50 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 }
 aml_append(mem_ctrl_dev, method);
 }
-aml_append(pci_scope, mem_ctrl_dev);
-aml_append(table, pci_scope);
+aml_append(table, mem_ctrl_dev);
 
 sb_scope = aml_scope("_SB");
 /* build memory devices */
 for (i = 0; i < nr_mem; i++) {
-#define BASEPATH "\\_SB.PCI0." MEMORY_HOTPLUG_DEVICE "."
 Aml *dev;
-const char *s;
+char *s;
 
 dev = aml_device("MP%02X", i);
 aml_append(dev, aml_name_decl("_UID", aml_string("0x%02X", i)));
 aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0C80")));
 
 method = aml_method("_CRS", 0, AML_NOTSERIALIZED);
-s = BASEPATH MEMORY_SLOT_CRS_METHOD;
+s = g_strdup_printf("%s.%s", mhp_res_path, MEMORY_SLOT_CRS_METHOD);
 aml_append(method, aml_return(aml_call1(s, aml_name("_UID";
+g_free(s);
 aml_append(dev, method);
 
 method = aml_method("_STA", 0, AML_NOTSERIALIZED);
-s = BASEPATH MEMORY_SLOT_STATUS_METHOD;
+s = g_strdup_printf("%s.%s", mhp_res_path, MEMORY_SLOT_STATUS_METHOD);
 aml_append(method, aml_return(aml_call1(s, aml_name("_UID";
+g_free(s);
 aml_append(dev, method);
 
 method = aml_method("_PXM", 0, AML_NOTSERIALIZED);
-s = BASEPATH MEMORY_SLOT_PROXIMITY_METHOD;
+s = g_strdup_printf("%s.%s", mhp_res_path,
+MEMORY_SLOT_PROXIMITY_METHOD);
 aml_append(method, aml_return(aml_call1(s, aml_name("_UID";
+g_free(s);
 aml_append(dev, method);
 
 method = aml_method("_OST", 3, AML_NOTSERIALIZED);
-s = BASEPATH MEMORY_SLOT_OST_METHOD;
-
+s = g_strdup_printf("%s.%s", mhp_res_path, MEMORY_SLOT_OST_METHOD);
 aml_append(method, aml_return(aml_call4(
 s, aml_name("_UID"), aml_arg(0), aml_arg(1), aml_arg(2)
 )));
+g_free(s);
 aml_append(dev, method);
 
 method = aml_method("_EJ0", 1, AML_NOTSERIALIZED);
-s = BASEPATH MEMORY_SLOT_EJECT_METHOD;
+s = g_strdup_printf("%s.%s", mhp_res_path, MEMORY_SLOT_EJECT_METHOD);
 aml_append(method, aml_return(aml_call2(
s, aml_name("_UID"), aml_arg(0;
+g_free(s);
 aml_append(dev, method);
 
 aml_append(sb_scope, dev);
@@ -669,4 +673,12 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 

[Qemu-devel] [PULL 24/41] balloon: Don't balloon roms

[Michael S. Tsirkin]

From: "Dr. David Alan Gilbert" 

A broken guest can specify physical addresses that correspond
to any memory region, but it shouldn't be able to change ROM.

Signed-off-by: Dr. David Alan Gilbert 
Cc: qemu-sta...@nongnu.org
Acked-by: Paolo Bonzini 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-balloon.c | 7 ++-
 hw/virtio/trace-events | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index 884570a..a705e0e 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -228,8 +228,13 @@ static void virtio_balloon_handle_output(VirtIODevice 
*vdev, VirtQueue *vq)
 
 /* FIXME: remove get_system_memory(), but how? */
 section = memory_region_find(get_system_memory(), pa, 1);
-if (!int128_nz(section.size) || !memory_region_is_ram(section.mr))
+if (!int128_nz(section.size) ||
+!memory_region_is_ram(section.mr) ||
+memory_region_is_rom(section.mr) ||
+memory_region_is_romd(section.mr)) {
+trace_virtio_balloon_bad_addr(pa);
 continue;
+}
 
 trace_virtio_balloon_handle_output(memory_region_name(section.mr),
pa);
diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
index 7b6f55e..6926eed 100644
--- a/hw/virtio/trace-events
+++ b/hw/virtio/trace-events
@@ -15,6 +15,8 @@ virtio_rng_pushed(void *rng, size_t len) "rng %p: %zd bytes 
pushed"
 virtio_rng_request(void *rng, size_t size, unsigned quota) "rng %p: %zd bytes 
requested, %u bytes quota left"
 
 # hw/virtio/virtio-balloon.c
+#
+virtio_balloon_bad_addr(uint64_t gpa) "%"PRIx64
 virtio_balloon_handle_output(const char *name, uint64_t gpa) "section name: %s 
gpa: %"PRIx64
 virtio_balloon_get_config(uint32_t num_pages, uint32_t actual) "num_pages: %d 
actual: %d"
 virtio_balloon_set_config(uint32_t actual, uint32_t oldactual) "actual: %d 
oldactual: %d"
-- 
MST

[Qemu-devel] [PULL 38/41] memhp: move memory hotplug only defines to memory_hotplug.c

[Michael S. Tsirkin]

From: Igor Mammedov 

Move defines used locally only by memory_hotplug.c into it
from header files.

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Marcel Apfelbaum 
---
 include/hw/acpi/memory_hotplug.h |  3 ---
 include/hw/acpi/pc-hotplug.h | 22 --
 hw/acpi/memory_hotplug.c | 24 
 3 files changed, 24 insertions(+), 25 deletions(-)

diff --git a/include/hw/acpi/memory_hotplug.h b/include/hw/acpi/memory_hotplug.h
index 37e2706..91d4045 100644
--- a/include/hw/acpi/memory_hotplug.h
+++ b/include/hw/acpi/memory_hotplug.h
@@ -47,9 +47,6 @@ extern const VMStateDescription vmstate_memory_hotplug;
 
 void acpi_memory_ospm_status(MemHotplugState *mem_st, ACPIOSTInfoList ***list);
 
-#define MEMORY_HOTPLUG_DEVICE"MHPD"
-#define MEMORY_SLOT_SCAN_METHOD  "MSCN"
-
 void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
   uint16_t io_base, uint16_t io_len,
   const char *res_root,
diff --git a/include/hw/acpi/pc-hotplug.h b/include/hw/acpi/pc-hotplug.h
index 6a8d268..a4f513d 100644
--- a/include/hw/acpi/pc-hotplug.h
+++ b/include/hw/acpi/pc-hotplug.h
@@ -32,26 +32,4 @@
 #define ACPI_MEMORY_HOTPLUG_IO_LEN 24
 #define ACPI_MEMORY_HOTPLUG_BASE 0x0a00
 
-#define MEMORY_SLOTS_NUMBER  "MDNR"
-#define MEMORY_HOTPLUG_IO_REGION "HPMR"
-#define MEMORY_SLOT_ADDR_LOW "MRBL"
-#define MEMORY_SLOT_ADDR_HIGH"MRBH"
-#define MEMORY_SLOT_SIZE_LOW "MRLL"
-#define MEMORY_SLOT_SIZE_HIGH"MRLH"
-#define MEMORY_SLOT_PROXIMITY"MPX"
-#define MEMORY_SLOT_ENABLED  "MES"
-#define MEMORY_SLOT_INSERT_EVENT "MINS"
-#define MEMORY_SLOT_REMOVE_EVENT "MRMV"
-#define MEMORY_SLOT_EJECT"MEJ"
-#define MEMORY_SLOT_SLECTOR  "MSEL"
-#define MEMORY_SLOT_OST_EVENT"MOEV"
-#define MEMORY_SLOT_OST_STATUS   "MOSC"
-#define MEMORY_SLOT_LOCK "MLCK"
-#define MEMORY_SLOT_STATUS_METHOD"MRST"
-#define MEMORY_SLOT_CRS_METHOD   "MCRS"
-#define MEMORY_SLOT_OST_METHOD   "MOST"
-#define MEMORY_SLOT_PROXIMITY_METHOD "MPXM"
-#define MEMORY_SLOT_EJECT_METHOD "MEJ0"
-#define MEMORY_SLOT_NOTIFY_METHOD"MTFY"
-
 #endif
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index 49e856f..da29332 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -7,6 +7,30 @@
 #include "trace.h"
 #include "qapi-event.h"
 
+#define MEMORY_SLOTS_NUMBER  "MDNR"
+#define MEMORY_HOTPLUG_IO_REGION "HPMR"
+#define MEMORY_SLOT_ADDR_LOW "MRBL"
+#define MEMORY_SLOT_ADDR_HIGH"MRBH"
+#define MEMORY_SLOT_SIZE_LOW "MRLL"
+#define MEMORY_SLOT_SIZE_HIGH"MRLH"
+#define MEMORY_SLOT_PROXIMITY"MPX"
+#define MEMORY_SLOT_ENABLED  "MES"
+#define MEMORY_SLOT_INSERT_EVENT "MINS"
+#define MEMORY_SLOT_REMOVE_EVENT "MRMV"
+#define MEMORY_SLOT_EJECT"MEJ"
+#define MEMORY_SLOT_SLECTOR  "MSEL"
+#define MEMORY_SLOT_OST_EVENT"MOEV"
+#define MEMORY_SLOT_OST_STATUS   "MOSC"
+#define MEMORY_SLOT_LOCK "MLCK"
+#define MEMORY_SLOT_STATUS_METHOD"MRST"
+#define MEMORY_SLOT_CRS_METHOD   "MCRS"
+#define MEMORY_SLOT_OST_METHOD   "MOST"
+#define MEMORY_SLOT_PROXIMITY_METHOD "MPXM"
+#define MEMORY_SLOT_EJECT_METHOD "MEJ0"
+#define MEMORY_SLOT_NOTIFY_METHOD"MTFY"
+#define MEMORY_SLOT_SCAN_METHOD  "MSCN"
+#define MEMORY_HOTPLUG_DEVICE"MHPD"
+
 static ACPIOSTInfo *acpi_memory_device_status(int slot, MemStatus *mdev)
 {
 ACPIOSTInfo *info = g_new0(ACPIOSTInfo, 1);
-- 
MST

Re: [Qemu-devel] [PATCH v2] docs: add document to explain the usage of vNVDIMM

[Haozhong Zhang]

On 11/21/16 18:38 +0200, Michael S. Tsirkin wrote:

On Mon, Nov 21, 2016 at 02:00:23PM +0800, Haozhong Zhang wrote:

On 11/09/16 12:35 +, Stefan Hajnoczi wrote:
> On Wed, Nov 09, 2016 at 09:04:48AM +0800, Haozhong Zhang wrote:
> > Signed-off-by: Haozhong Zhang 
> > Reviewed-by: Xiao Guangrong 
> > Reviewed-by: Stefan Hajnoczi 
> > ---
> > Changes since v1:
> > * explicitly state the block window mode is not supported (Stefan Hajnoczi)
> > * typo fix: label_size ==> label-size (David Alan Gilbert)
> > ---
> >  docs/nvdimm.txt | 124 

> >  1 file changed, 124 insertions(+)
> >  create mode 100644 docs/nvdimm.txt
>
> Great.  This patch can go through Michael Tsirkin's tree alongside the
> other current nvdimm patches.

Hi Stefan and Michael,

I noticed that Guangrong's patches had all been checked in. Will this
doc patch be included in 2.8?

Thanks,
Haozhong


Given it was posted after soft freeze, I'd say no.
Pls remember to ping/repost after the release.



Ping, if this one has not been in anyone's tree.

Thanks,
Haozhong

[Qemu-devel] [PULL 36/41] memhp: merge build_memory_devices() into build_memory_hotplug_aml()

[Michael S. Tsirkin]

From: Igor Mammedov 

It consolidates memory hotplug AML in one place within DSDT

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/memory_hotplug.h |  2 --
 hw/acpi/memory_hotplug.c | 14 -
 hw/i386/acpi-build.c | 61 ++--
 3 files changed, 33 insertions(+), 44 deletions(-)

diff --git a/include/hw/acpi/memory_hotplug.h b/include/hw/acpi/memory_hotplug.h
index c70481e..6dc48d2 100644
--- a/include/hw/acpi/memory_hotplug.h
+++ b/include/hw/acpi/memory_hotplug.h
@@ -54,6 +54,4 @@ void acpi_memory_ospm_status(MemHotplugState *mem_st, 
ACPIOSTInfoList ***list);
 
 void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
   uint16_t io_base, uint16_t io_len);
-void build_memory_devices(Aml *sb_scope, int nr_mem,
-  uint16_t io_base, uint16_t io_len);
 #endif
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index fb40a5e..18b95f2 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -310,9 +310,11 @@ const VMStateDescription vmstate_memory_hotplug = {
 void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
   uint16_t io_base, uint16_t io_len)
 {
+int i;
 Aml *ifctx;
 Aml *method;
 Aml *pci_scope;
+Aml *sb_scope;
 Aml *mem_ctrl_dev;
 
 /* scope for memory hotplug controller device node */
@@ -610,19 +612,12 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 }
 aml_append(pci_scope, mem_ctrl_dev);
 aml_append(table, pci_scope);
-}
-
-void build_memory_devices(Aml *sb_scope, int nr_mem,
-  uint16_t io_base, uint16_t io_len)
-{
-int i;
-Aml *dev;
-Aml *method;
-Aml *ifctx;
 
+sb_scope = aml_scope("_SB");
 /* build memory devices */
 for (i = 0; i < nr_mem; i++) {
 #define BASEPATH "\\_SB.PCI0." MEMORY_HOTPLUG_DEVICE "."
+Aml *dev;
 const char *s;
 
 dev = aml_device("MP%02X", i);
@@ -673,4 +668,5 @@ void build_memory_devices(Aml *sb_scope, int nr_mem,
 aml_append(method, ifctx);
 }
 aml_append(sb_scope, method);
+aml_append(table, sb_scope);
 }
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index a3f9caa..ca4165e 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2197,45 +2197,40 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
 
 sb_scope = aml_scope("\\_SB");
 {
-build_memory_devices(sb_scope, nr_mem, pm->mem_hp_io_base,
- pm->mem_hp_io_len);
+Object *pci_host;
+PCIBus *bus = NULL;
 
-{
-Object *pci_host;
-PCIBus *bus = NULL;
+pci_host = acpi_get_i386_pci_host();
+if (pci_host) {
+bus = PCI_HOST_BRIDGE(pci_host)->bus;
+}
 
-pci_host = acpi_get_i386_pci_host();
-if (pci_host) {
-bus = PCI_HOST_BRIDGE(pci_host)->bus;
+if (bus) {
+Aml *scope = aml_scope("PCI0");
+/* Scan all PCI buses. Generate tables to support hotplug. */
+build_append_pci_bus_devices(scope, bus, pm->pcihp_bridge_en);
+
+if (misc->tpm_version != TPM_VERSION_UNSPEC) {
+dev = aml_device("ISA.TPM");
+aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0C31")));
+aml_append(dev, aml_name_decl("_STA", aml_int(0xF)));
+crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(TPM_TIS_ADDR_BASE,
+   TPM_TIS_ADDR_SIZE, AML_READ_WRITE));
+/*
+FIXME: TPM_TIS_IRQ=5 conflicts with PNP0C0F irqs,
+Rewrite to take IRQ from TPM device model and
+fix default IRQ value there to use some unused IRQ
+ */
+/* aml_append(crs, aml_irq_no_flags(TPM_TIS_IRQ)); */
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
 }
 
-if (bus) {
-Aml *scope = aml_scope("PCI0");
-/* Scan all PCI buses. Generate tables to support hotplug. */
-build_append_pci_bus_devices(scope, bus, pm->pcihp_bridge_en);
-
-if (misc->tpm_version != TPM_VERSION_UNSPEC) {
-dev = aml_device("ISA.TPM");
-aml_append(dev, aml_name_decl("_HID", 
aml_eisaid("PNP0C31")));
-aml_append(dev, aml_name_decl("_STA", aml_int(0xF)));
-crs = aml_resource_template();
-aml_append(crs, aml_memory32_fixed(TPM_TIS_ADDR_BASE,
-   TPM_TIS_ADDR_SIZE, AML_READ_WRITE));
-/*
-FIXME: 

[Qemu-devel] [PULL 35/41] memhp: consolidate scattered MHPD device declaration

[Michael S. Tsirkin]

From: Igor Mammedov 

since static and dynamic parts of memory MHPD device are now
in the same table (DSDT), there is no point keeping
them scattered across the table, so consolidate it
in one place.

There aren't any functional change, only AML text movement
from externally refferenced MHPD scope directly into
MHPD device declaration.

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Marcel Apfelbaum 
---
 include/hw/acpi/memory_hotplug.h |   2 +-
 hw/acpi/memory_hotplug.c | 123 +++
 2 files changed, 61 insertions(+), 64 deletions(-)

diff --git a/include/hw/acpi/memory_hotplug.h b/include/hw/acpi/memory_hotplug.h
index 964c244..c70481e 100644
--- a/include/hw/acpi/memory_hotplug.h
+++ b/include/hw/acpi/memory_hotplug.h
@@ -52,7 +52,7 @@ void acpi_memory_ospm_status(MemHotplugState *mem_st, 
ACPIOSTInfoList ***list);
 #define MEMORY_HOTPLUG_HANDLER_PATH "\\_SB.PCI0." \
  MEMORY_HOTPLUG_DEVICE "." MEMORY_SLOT_SCAN_METHOD
 
-void build_memory_hotplug_aml(Aml *ctx, uint32_t nr_mem,
+void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
   uint16_t io_base, uint16_t io_len);
 void build_memory_devices(Aml *sb_scope, int nr_mem,
   uint16_t io_base, uint16_t io_len);
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index 67dd3f8..fb40a5e 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -307,7 +307,7 @@ const VMStateDescription vmstate_memory_hotplug = {
 }
 };
 
-void build_memory_hotplug_aml(Aml *ctx, uint32_t nr_mem,
+void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
   uint16_t io_base, uint16_t io_len)
 {
 Aml *ifctx;
@@ -319,6 +319,8 @@ void build_memory_hotplug_aml(Aml *ctx, uint32_t nr_mem,
 pci_scope = aml_scope("_SB.PCI0");
 mem_ctrl_dev = aml_device(MEMORY_HOTPLUG_DEVICE);
 {
+Aml *crs;
+Aml *field;
 Aml *one = aml_int(1);
 Aml *zero = aml_int(0);
 Aml *ret_val = aml_local(0);
@@ -331,6 +333,62 @@ void build_memory_hotplug_aml(Aml *ctx, uint32_t nr_mem,
 aml_append(mem_ctrl_dev,
 aml_name_decl("_UID", aml_string("Memory hotplug resources")));
 
+assert(nr_mem <= ACPI_MAX_RAM_SLOTS);
+aml_append(mem_ctrl_dev,
+aml_name_decl(MEMORY_SLOTS_NUMBER, aml_int(nr_mem))
+);
+
+crs = aml_resource_template();
+aml_append(crs,
+aml_io(AML_DECODE16, io_base, io_base, 0, io_len)
+);
+aml_append(mem_ctrl_dev, aml_name_decl("_CRS", crs));
+
+aml_append(mem_ctrl_dev, aml_operation_region(
+MEMORY_HOTPLUG_IO_REGION, AML_SYSTEM_IO,
+aml_int(io_base), io_len)
+);
+
+field = aml_field(MEMORY_HOTPLUG_IO_REGION, AML_DWORD_ACC,
+  AML_NOLOCK, AML_PRESERVE);
+aml_append(field, /* read only */
+aml_named_field(MEMORY_SLOT_ADDR_LOW, 32));
+aml_append(field, /* read only */
+aml_named_field(MEMORY_SLOT_ADDR_HIGH, 32));
+aml_append(field, /* read only */
+aml_named_field(MEMORY_SLOT_SIZE_LOW, 32));
+aml_append(field, /* read only */
+aml_named_field(MEMORY_SLOT_SIZE_HIGH, 32));
+aml_append(field, /* read only */
+aml_named_field(MEMORY_SLOT_PROXIMITY, 32));
+aml_append(mem_ctrl_dev, field);
+
+field = aml_field(MEMORY_HOTPLUG_IO_REGION, AML_BYTE_ACC,
+  AML_NOLOCK, AML_WRITE_AS_ZEROS);
+aml_append(field, aml_reserved_field(160 /* bits, Offset(20) */));
+aml_append(field, /* 1 if enabled, read only */
+aml_named_field(MEMORY_SLOT_ENABLED, 1));
+aml_append(field,
+/*(read) 1 if has a insert event. (write) 1 to clear event */
+aml_named_field(MEMORY_SLOT_INSERT_EVENT, 1));
+aml_append(field,
+/* (read) 1 if has a remove event. (write) 1 to clear event */
+aml_named_field(MEMORY_SLOT_REMOVE_EVENT, 1));
+aml_append(field,
+/* initiates device eject, write only */
+aml_named_field(MEMORY_SLOT_EJECT, 1));
+aml_append(mem_ctrl_dev, field);
+
+field = aml_field(MEMORY_HOTPLUG_IO_REGION, AML_DWORD_ACC,
+  AML_NOLOCK, AML_PRESERVE);
+aml_append(field, /* DIMM selector, write only */
+aml_named_field(MEMORY_SLOT_SLECTOR, 32));
+aml_append(field, /* _OST event code, write only */
+aml_named_field(MEMORY_SLOT_OST_EVENT, 32));
+aml_append(field, /* _OST status code, write only */
+aml_named_field(MEMORY_SLOT_OST_STATUS, 32));
+aml_append(mem_ctrl_dev, field);
+
 method = aml_method("_STA", 0, AML_NOTSERIALIZED);

[Qemu-devel] [PULL 23/41] virtio: fix vq->inuse recalc after migr

[Michael S. Tsirkin]

From: Halil Pasic 

Correct recalculation of vq->inuse after migration for the corner case
where the avail_idx has already wrapped but used_idx not yet.

Also change the type of the VirtQueue.inuse to unsigned int. This is
done to be consistent with other members representing sizes (VRing.num),
and because C99 guarantees max ring size < UINT_MAX but does not
guarantee max ring size < INT_MAX.

Signed-off-by: Halil Pasic 
Fixes: bccdef6b ("virtio: recalculate vq->inuse after migration")
CC: qemu-sta...@nongnu.org
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Stefan Hajnoczi 
---
 hw/virtio/virtio.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 933a3d7..8357218 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -93,7 +93,7 @@ struct VirtQueue
 
 uint16_t queue_index;
 
-int inuse;
+unsigned int inuse;
 
 uint16_t vector;
 VirtIOHandleOutput handle_output;
@@ -1878,9 +1878,11 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f, int 
version_id)
 /*
  * Some devices migrate VirtQueueElements that have been popped
  * from the avail ring but not yet returned to the used ring.
+ * Since max ring size < UINT16_MAX it's safe to use modulo
+ * UINT16_MAX + 1 subtraction.
  */
-vdev->vq[i].inuse = vdev->vq[i].last_avail_idx -
-vdev->vq[i].used_idx;
+vdev->vq[i].inuse = (uint16_t)(vdev->vq[i].last_avail_idx -
+vdev->vq[i].used_idx);
 if (vdev->vq[i].inuse > vdev->vq[i].vring.num) {
 error_report("VQ %d size 0x%x < last_avail_idx 0x%x - "
  "used_idx 0x%x",
-- 
MST

[Qemu-devel] [PULL 41/41] acpi-test: update expected files

[Michael S. Tsirkin]

clean up warnings after latest hotplug changes.

Signed-off-by: Michael S. Tsirkin 
---
 tests/acpi-test-data/pc/DSDT | Bin 6008 -> 5098 bytes
 tests/acpi-test-data/pc/DSDT.bridge  | Bin 7867 -> 6957 bytes
 tests/acpi-test-data/pc/DSDT.cphp| Bin 6471 -> 5561 bytes
 tests/acpi-test-data/pc/DSDT.ipmikcs | Bin 6080 -> 5170 bytes
 tests/acpi-test-data/pc/DSDT.memhp   | Bin 6613 -> 6463 bytes
 tests/acpi-test-data/q35/DSDT| Bin 8770 -> 7860 bytes
 tests/acpi-test-data/q35/DSDT.bridge | Bin 8787 -> 7877 bytes
 tests/acpi-test-data/q35/DSDT.cphp   | Bin 9233 -> 8323 bytes
 tests/acpi-test-data/q35/DSDT.ipmibt | Bin 8845 -> 7935 bytes
 tests/acpi-test-data/q35/DSDT.memhp  | Bin 9375 -> 9225 bytes
 10 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/tests/acpi-test-data/pc/DSDT b/tests/acpi-test-data/pc/DSDT
index 
8053d711058c0f9541d6d97690819f9de697751c..15c3135d65f168a91edfdc3471ea1d3f012a824f
 100644
GIT binary patch
delta 44
zcmeyN_e!11CDCV68Ogk06tL;
AL;wH)

delta 961
zcmZWoO>fgc5Z!I6;I8`>YC`~wh}oY
z6D~--T0L+JD1QL;U!nd0P7O2uXd|$t)tmQb#xtJT-|K%inC|M$Pd5pn=fBv395%`u
zzPsbwwYutk)ymwob;`kdXcRZXoD$$tqJZ-4Ce`lU|yNPIYcTk5qByT`rP?L(q0
z`EFAq!MFpX#f$SBLeOk)^I7}^@dA%
z^VzF_3W~;$;!ugW!}k-G<$wmO7tp|4$1EeNl)2+J=|o=fy+h)Ja>NbSr-ChH-hrYm
z^P1z%WHo?q7&}Ycscsi4Og(u_$ZU@M^IVLRC!VBkVb=1@6B4)q?|G$so%NslfW
zL>6k+P`?%-O`zw>Rv}ztcfP?kTs4i!n(++bykG05*jR{-ZBIE6*1$QSr%u-
zQDC7cr9;B7OIY1j?sNNq({u)J#@WCG(Ein^9`Zf6IXy9{cu?XU-!t~bdk||$PUS8)
zcGao>94XLg1(>t$}QheE2OnKoozgBJFe(iNB^#}~AbCWJoyxNiv
zyHl8B>^UV2-sL{=zL++5s7x4J_6BQc3K6{b>3uZ?dasU7T

diff --git a/tests/acpi-test-data/pc/DSDT.bridge 
b/tests/acpi-test-data/pc/DSDT.bridge
index 
850e71a973e52cc5e546fdd2757f0e089fed7192..d38586c95bf31f0212279a2505efd8e2fd321ccc
 100644
GIT binary patch
delta 44

[Qemu-devel] [PULL 34/41] memhp: move build_memory_devices() into memory_hotplug.c

[Michael S. Tsirkin]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Marcel Apfelbaum 
---
 include/hw/acpi/memory_hotplug.h |   2 +
 hw/acpi/memory_hotplug.c | 124 +++
 hw/i386/acpi-build.c | 124 ---
 3 files changed, 126 insertions(+), 124 deletions(-)

diff --git a/include/hw/acpi/memory_hotplug.h b/include/hw/acpi/memory_hotplug.h
index d2c7452..964c244 100644
--- a/include/hw/acpi/memory_hotplug.h
+++ b/include/hw/acpi/memory_hotplug.h
@@ -54,4 +54,6 @@ void acpi_memory_ospm_status(MemHotplugState *mem_st, 
ACPIOSTInfoList ***list);
 
 void build_memory_hotplug_aml(Aml *ctx, uint32_t nr_mem,
   uint16_t io_base, uint16_t io_len);
+void build_memory_devices(Aml *sb_scope, int nr_mem,
+  uint16_t io_base, uint16_t io_len);
 #endif
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index 57ac4fc..67dd3f8 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -553,3 +553,127 @@ void build_memory_hotplug_aml(Aml *ctx, uint32_t nr_mem,
 aml_append(pci_scope, mem_ctrl_dev);
 aml_append(ctx, pci_scope);
 }
+
+void build_memory_devices(Aml *sb_scope, int nr_mem,
+  uint16_t io_base, uint16_t io_len)
+{
+int i;
+Aml *scope;
+Aml *crs;
+Aml *field;
+Aml *dev;
+Aml *method;
+Aml *ifctx;
+
+/* build memory devices */
+assert(nr_mem <= ACPI_MAX_RAM_SLOTS);
+scope = aml_scope("\\_SB.PCI0." MEMORY_HOTPLUG_DEVICE);
+aml_append(scope,
+aml_name_decl(MEMORY_SLOTS_NUMBER, aml_int(nr_mem))
+);
+
+crs = aml_resource_template();
+aml_append(crs,
+aml_io(AML_DECODE16, io_base, io_base, 0, io_len)
+);
+aml_append(scope, aml_name_decl("_CRS", crs));
+
+aml_append(scope, aml_operation_region(
+MEMORY_HOTPLUG_IO_REGION, AML_SYSTEM_IO,
+aml_int(io_base), io_len)
+);
+
+field = aml_field(MEMORY_HOTPLUG_IO_REGION, AML_DWORD_ACC,
+  AML_NOLOCK, AML_PRESERVE);
+aml_append(field, /* read only */
+aml_named_field(MEMORY_SLOT_ADDR_LOW, 32));
+aml_append(field, /* read only */
+aml_named_field(MEMORY_SLOT_ADDR_HIGH, 32));
+aml_append(field, /* read only */
+aml_named_field(MEMORY_SLOT_SIZE_LOW, 32));
+aml_append(field, /* read only */
+aml_named_field(MEMORY_SLOT_SIZE_HIGH, 32));
+aml_append(field, /* read only */
+aml_named_field(MEMORY_SLOT_PROXIMITY, 32));
+aml_append(scope, field);
+
+field = aml_field(MEMORY_HOTPLUG_IO_REGION, AML_BYTE_ACC,
+  AML_NOLOCK, AML_WRITE_AS_ZEROS);
+aml_append(field, aml_reserved_field(160 /* bits, Offset(20) */));
+aml_append(field, /* 1 if enabled, read only */
+aml_named_field(MEMORY_SLOT_ENABLED, 1));
+aml_append(field,
+/*(read) 1 if has a insert event. (write) 1 to clear event */
+aml_named_field(MEMORY_SLOT_INSERT_EVENT, 1));
+aml_append(field,
+/* (read) 1 if has a remove event. (write) 1 to clear event */
+aml_named_field(MEMORY_SLOT_REMOVE_EVENT, 1));
+aml_append(field,
+/* initiates device eject, write only */
+aml_named_field(MEMORY_SLOT_EJECT, 1));
+aml_append(scope, field);
+
+field = aml_field(MEMORY_HOTPLUG_IO_REGION, AML_DWORD_ACC,
+  AML_NOLOCK, AML_PRESERVE);
+aml_append(field, /* DIMM selector, write only */
+aml_named_field(MEMORY_SLOT_SLECTOR, 32));
+aml_append(field, /* _OST event code, write only */
+aml_named_field(MEMORY_SLOT_OST_EVENT, 32));
+aml_append(field, /* _OST status code, write only */
+aml_named_field(MEMORY_SLOT_OST_STATUS, 32));
+aml_append(scope, field);
+aml_append(sb_scope, scope);
+
+for (i = 0; i < nr_mem; i++) {
+#define BASEPATH "\\_SB.PCI0." MEMORY_HOTPLUG_DEVICE "."
+const char *s;
+
+dev = aml_device("MP%02X", i);
+aml_append(dev, aml_name_decl("_UID", aml_string("0x%02X", i)));
+aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0C80")));
+
+method = aml_method("_CRS", 0, AML_NOTSERIALIZED);
+s = BASEPATH MEMORY_SLOT_CRS_METHOD;
+aml_append(method, aml_return(aml_call1(s, aml_name("_UID";
+aml_append(dev, method);
+
+method = aml_method("_STA", 0, AML_NOTSERIALIZED);
+s = BASEPATH MEMORY_SLOT_STATUS_METHOD;
+aml_append(method, aml_return(aml_call1(s, aml_name("_UID";
+aml_append(dev, method);
+
+method = aml_method("_PXM", 0, AML_NOTSERIALIZED);
+s = BASEPATH MEMORY_SLOT_PROXIMITY_METHOD;
+aml_append(method, aml_return(aml_call1(s, aml_name("_UID";
+aml_append(dev, method);
+
+

[Qemu-devel] [PULL 31/41] virtio-net: Add MTU feature support

[Michael S. Tsirkin]

From: Maxime Coquelin 

This patch allows advising guest with host MTU's by setting
host_mtu parameter.

If VIRTIO_NET_F_MTU has been successfully negotiated, MTU
value is passed to the backend.

Cc: Michael S. Tsirkin 
Cc: Aaron Conole 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/virtio-net.h |  1 +
 hw/net/virtio-net.c| 19 +++
 2 files changed, 20 insertions(+)

diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h
index 0ced975..8ea56a8 100644
--- a/include/hw/virtio/virtio-net.h
+++ b/include/hw/virtio/virtio-net.h
@@ -36,6 +36,7 @@ typedef struct virtio_net_conf
 int32_t txburst;
 char *tx;
 uint16_t rx_queue_size;
+uint16_t mtu;
 } virtio_net_conf;
 
 /* Maximum packet size we can receive from tap device: header + 64k */
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 6f98eab..7b3ad4a 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -55,6 +55,8 @@ static VirtIOFeature feature_sizes[] = {
  .end = endof(struct virtio_net_config, status)},
 {.flags = 1 << VIRTIO_NET_F_MQ,
  .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
+{.flags = 1 << VIRTIO_NET_F_MTU,
+ .end = endof(struct virtio_net_config, mtu)},
 {}
 };
 
@@ -81,6 +83,7 @@ static void virtio_net_get_config(VirtIODevice *vdev, uint8_t 
*config)
 
 virtio_stw_p(vdev, , n->status);
 virtio_stw_p(vdev, _virtqueue_pairs, n->max_queues);
+virtio_stw_p(vdev, , n->net_conf.mtu);
 memcpy(netcfg.mac, n->mac, ETH_ALEN);
 memcpy(config, , n->config_size);
 }
@@ -152,6 +155,16 @@ static void virtio_net_vhost_status(VirtIONet *n, uint8_t 
status)
 qemu_net_queue_purge(qnc->incoming_queue, qnc->peer);
 }
 
+if (virtio_has_feature(vdev->guest_features, VIRTIO_NET_F_MTU)) {
+r = vhost_net_set_mtu(get_vhost_net(nc->peer), n->net_conf.mtu);
+if (r < 0) {
+error_report("%uBytes MTU not supported by the backend",
+ n->net_conf.mtu);
+
+return;
+}
+}
+
 n->vhost_started = 1;
 r = vhost_net_start(vdev, n->nic->ncs, queues);
 if (r < 0) {
@@ -1721,6 +1734,7 @@ static void virtio_net_set_config_size(VirtIONet *n, 
uint64_t host_features)
 {
 int i, config_size = 0;
 virtio_add_feature(_features, VIRTIO_NET_F_MAC);
+
 for (i = 0; feature_sizes[i].flags != 0; i++) {
 if (host_features & feature_sizes[i].flags) {
 config_size = MAX(feature_sizes[i].end, config_size);
@@ -1750,6 +1764,10 @@ static void virtio_net_device_realize(DeviceState *dev, 
Error **errp)
 NetClientState *nc;
 int i;
 
+if (n->net_conf.mtu) {
+n->host_features |= (0x1 << VIRTIO_NET_F_MTU);
+}
+
 virtio_net_set_config_size(n, n->host_features);
 virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size);
 
@@ -1948,6 +1966,7 @@ static Property virtio_net_properties[] = {
 DEFINE_PROP_STRING("tx", VirtIONet, net_conf.tx),
 DEFINE_PROP_UINT16("rx_queue_size", VirtIONet, net_conf.rx_queue_size,
VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE),
+DEFINE_PROP_UINT16("host_mtu", VirtIONet, net_conf.mtu, 0),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
MST

[Qemu-devel] [PULL 21/41] pcie_aer: Convert pcie_aer_init to Error

[Michael S. Tsirkin]

From: Cao jin 

When user specify invalid value for property aer_log_max, device should
fail to create, and report appropriate message.

Signed-off-by: Cao jin 
Reviewed-by: Marcel Apfelbaum 
Acked-by: Dmitry Fleytman 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pcie_aer.h  |  4 ++--
 hw/net/e1000e.c|  2 +-
 hw/pci-bridge/ioh3420.c|  3 ++-
 hw/pci-bridge/xio3130_downstream.c |  3 ++-
 hw/pci-bridge/xio3130_upstream.c   |  3 ++-
 hw/pci/pcie_aer.c  | 17 +++--
 6 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/include/hw/pci/pcie_aer.h b/include/hw/pci/pcie_aer.h
index c2ee4e2..5891b68 100644
--- a/include/hw/pci/pcie_aer.h
+++ b/include/hw/pci/pcie_aer.h
@@ -44,7 +44,6 @@ struct PCIEAERLog {
  */
 #define PCIE_AER_LOG_MAX_DEFAULT8
 #define PCIE_AER_LOG_MAX_LIMIT  128
-#define PCIE_AER_LOG_MAX_UNSET  0x
 uint16_t log_max;
 
 /* Error log. log_max-sized array */
@@ -87,7 +86,8 @@ struct PCIEAERErr {
 
 extern const VMStateDescription vmstate_pcie_aer_log;
 
-int pcie_aer_init(PCIDevice *dev, uint16_t offset, uint16_t size);
+int pcie_aer_init(PCIDevice *dev, uint16_t offset, uint16_t size,
+  Error **errp);
 void pcie_aer_exit(PCIDevice *dev);
 void pcie_aer_write_config(PCIDevice *dev,
uint32_t addr, uint32_t val, int len);
diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
index 4994e1c..89f96eb 100644
--- a/hw/net/e1000e.c
+++ b/hw/net/e1000e.c
@@ -472,7 +472,7 @@ static void e1000e_pci_realize(PCIDevice *pci_dev, Error 
**errp)
 hw_error("Failed to initialize PM capability");
 }
 
-if (pcie_aer_init(pci_dev, e1000e_aer_offset, PCI_ERR_SIZEOF) < 0) {
+if (pcie_aer_init(pci_dev, e1000e_aer_offset, PCI_ERR_SIZEOF, NULL) < 0) {
 hw_error("Failed to initialize AER capability");
 }
 
diff --git a/hw/pci-bridge/ioh3420.c b/hw/pci-bridge/ioh3420.c
index c8b5ac4..04180af 100644
--- a/hw/pci-bridge/ioh3420.c
+++ b/hw/pci-bridge/ioh3420.c
@@ -135,8 +135,9 @@ static int ioh3420_initfn(PCIDevice *d)
 goto err_pcie_cap;
 }
 
-rc = pcie_aer_init(d, IOH_EP_AER_OFFSET, PCI_ERR_SIZEOF);
+rc = pcie_aer_init(d, IOH_EP_AER_OFFSET, PCI_ERR_SIZEOF, );
 if (rc < 0) {
+error_report_err(err);
 goto err;
 }
 pcie_aer_root_init(d);
diff --git a/hw/pci-bridge/xio3130_downstream.c 
b/hw/pci-bridge/xio3130_downstream.c
index cef6e13..5713341 100644
--- a/hw/pci-bridge/xio3130_downstream.c
+++ b/hw/pci-bridge/xio3130_downstream.c
@@ -97,8 +97,9 @@ static int xio3130_downstream_initfn(PCIDevice *d)
 goto err_pcie_cap;
 }
 
-rc = pcie_aer_init(d, XIO3130_AER_OFFSET, PCI_ERR_SIZEOF);
+rc = pcie_aer_init(d, XIO3130_AER_OFFSET, PCI_ERR_SIZEOF, );
 if (rc < 0) {
+error_report_err(err);
 goto err;
 }
 
diff --git a/hw/pci-bridge/xio3130_upstream.c b/hw/pci-bridge/xio3130_upstream.c
index 4ad0440..94c1691 100644
--- a/hw/pci-bridge/xio3130_upstream.c
+++ b/hw/pci-bridge/xio3130_upstream.c
@@ -85,8 +85,9 @@ static int xio3130_upstream_initfn(PCIDevice *d)
 pcie_cap_flr_init(d);
 pcie_cap_deverr_init(d);
 
-rc = pcie_aer_init(d, XIO3130_AER_OFFSET, PCI_ERR_SIZEOF);
+rc = pcie_aer_init(d, XIO3130_AER_OFFSET, PCI_ERR_SIZEOF, );
 if (rc < 0) {
+error_report_err(err);
 goto err;
 }
 
diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
index 048ce6a..2a4bd5a 100644
--- a/hw/pci/pcie_aer.c
+++ b/hw/pci/pcie_aer.c
@@ -29,6 +29,7 @@
 #include "hw/pci/msi.h"
 #include "hw/pci/pci_bus.h"
 #include "hw/pci/pcie_regs.h"
+#include "qapi/error.h"
 
 //#define DEBUG_PCIE
 #ifdef DEBUG_PCIE
@@ -96,21 +97,17 @@ static void aer_log_clear_all_err(PCIEAERLog *aer_log)
 aer_log->log_num = 0;
 }
 
-int pcie_aer_init(PCIDevice *dev, uint16_t offset, uint16_t size)
+int pcie_aer_init(PCIDevice *dev, uint16_t offset, uint16_t size,
+  Error **errp)
 {
-PCIExpressDevice *exp;
-
 pcie_add_capability(dev, PCI_EXT_CAP_ID_ERR, PCI_ERR_VER,
 offset, size);
-exp = >exp;
-exp->aer_cap = offset;
+dev->exp.aer_cap = offset;
 
-/* log_max is property */
-if (dev->exp.aer_log.log_max == PCIE_AER_LOG_MAX_UNSET) {
-dev->exp.aer_log.log_max = PCIE_AER_LOG_MAX_DEFAULT;
-}
-/* clip down the value to avoid unreasobale memory usage */
+/* clip down the value to avoid unreasonable memory usage */
 if (dev->exp.aer_log.log_max > PCIE_AER_LOG_MAX_LIMIT) {
+error_setg(errp, "Invalid aer_log_max %d. The max number of aer log "
+"is %d", dev->exp.aer_log.log_max, PCIE_AER_LOG_MAX_LIMIT);
 return -EINVAL;
 }
 dev->exp.aer_log.log = g_malloc0(sizeof dev->exp.aer_log.log[0] *
-- 

[Qemu-devel] [PULL 33/41] memhp: move build_memory_hotplug_aml() into memory_hotplug.c

[Michael S. Tsirkin]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Marcel Apfelbaum 
---
 hw/acpi/memory_hotplug.c| 247 +
 hw/acpi/memory_hotplug_acpi_table.c | 262 
 hw/acpi/Makefile.objs   |   2 +-
 3 files changed, 248 insertions(+), 263 deletions(-)
 delete mode 100644 hw/acpi/memory_hotplug_acpi_table.c

diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index ec4e64b..57ac4fc 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -306,3 +306,250 @@ const VMStateDescription vmstate_memory_hotplug = {
 VMSTATE_END_OF_LIST()
 }
 };
+
+void build_memory_hotplug_aml(Aml *ctx, uint32_t nr_mem,
+  uint16_t io_base, uint16_t io_len)
+{
+Aml *ifctx;
+Aml *method;
+Aml *pci_scope;
+Aml *mem_ctrl_dev;
+
+/* scope for memory hotplug controller device node */
+pci_scope = aml_scope("_SB.PCI0");
+mem_ctrl_dev = aml_device(MEMORY_HOTPLUG_DEVICE);
+{
+Aml *one = aml_int(1);
+Aml *zero = aml_int(0);
+Aml *ret_val = aml_local(0);
+Aml *slot_arg0 = aml_arg(0);
+Aml *slots_nr = aml_name(MEMORY_SLOTS_NUMBER);
+Aml *ctrl_lock = aml_name(MEMORY_SLOT_LOCK);
+Aml *slot_selector = aml_name(MEMORY_SLOT_SLECTOR);
+
+aml_append(mem_ctrl_dev, aml_name_decl("_HID", aml_string("PNP0A06")));
+aml_append(mem_ctrl_dev,
+aml_name_decl("_UID", aml_string("Memory hotplug resources")));
+
+method = aml_method("_STA", 0, AML_NOTSERIALIZED);
+ifctx = aml_if(aml_equal(slots_nr, zero));
+{
+aml_append(ifctx, aml_return(zero));
+}
+aml_append(method, ifctx);
+/* present, functioning, decoding, not shown in UI */
+aml_append(method, aml_return(aml_int(0xB)));
+aml_append(mem_ctrl_dev, method);
+
+aml_append(mem_ctrl_dev, aml_mutex(MEMORY_SLOT_LOCK, 0));
+
+method = aml_method(MEMORY_SLOT_SCAN_METHOD, 0, AML_NOTSERIALIZED);
+{
+Aml *else_ctx;
+Aml *while_ctx;
+Aml *idx = aml_local(0);
+Aml *eject_req = aml_int(3);
+Aml *dev_chk = aml_int(1);
+
+ifctx = aml_if(aml_equal(slots_nr, zero));
+{
+aml_append(ifctx, aml_return(zero));
+}
+aml_append(method, ifctx);
+
+aml_append(method, aml_store(zero, idx));
+aml_append(method, aml_acquire(ctrl_lock, 0x));
+/* build AML that:
+ * loops over all slots and Notifies DIMMs with
+ * Device Check or Eject Request notifications if
+ * slot has corresponding status bit set and clears
+ * slot status.
+ */
+while_ctx = aml_while(aml_lless(idx, slots_nr));
+{
+Aml *ins_evt = aml_name(MEMORY_SLOT_INSERT_EVENT);
+Aml *rm_evt = aml_name(MEMORY_SLOT_REMOVE_EVENT);
+
+aml_append(while_ctx, aml_store(idx, slot_selector));
+ifctx = aml_if(aml_equal(ins_evt, one));
+{
+aml_append(ifctx,
+   aml_call2(MEMORY_SLOT_NOTIFY_METHOD,
+ idx, dev_chk));
+aml_append(ifctx, aml_store(one, ins_evt));
+}
+aml_append(while_ctx, ifctx);
+
+else_ctx = aml_else();
+ifctx = aml_if(aml_equal(rm_evt, one));
+{
+aml_append(ifctx,
+aml_call2(MEMORY_SLOT_NOTIFY_METHOD,
+  idx, eject_req));
+aml_append(ifctx, aml_store(one, rm_evt));
+}
+aml_append(else_ctx, ifctx);
+aml_append(while_ctx, else_ctx);
+
+aml_append(while_ctx, aml_add(idx, one, idx));
+}
+aml_append(method, while_ctx);
+aml_append(method, aml_release(ctrl_lock));
+aml_append(method, aml_return(one));
+}
+aml_append(mem_ctrl_dev, method);
+
+method = aml_method(MEMORY_SLOT_STATUS_METHOD, 1, AML_NOTSERIALIZED);
+{
+Aml *slot_enabled = aml_name(MEMORY_SLOT_ENABLED);
+
+aml_append(method, aml_store(zero, ret_val));
+aml_append(method, aml_acquire(ctrl_lock, 0x));
+aml_append(method,
+aml_store(aml_to_integer(slot_arg0), slot_selector));
+
+ifctx = aml_if(aml_equal(slot_enabled, one));
+{
+aml_append(ifctx, aml_store(aml_int(0xF), ret_val));
+}
+aml_append(method, ifctx);
+
+ 

[Qemu-devel] [PULL 25/41] net: Add virtio queue interface to update used index from vring state

[Michael S. Tsirkin]

From: Yuri Benditovich 

Bring virtio queue to correct internal  state for host-to-guest
operations when vhost is temporary stopped.

Signed-off-by: Yuri Benditovich 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/virtio.h | 1 +
 hw/virtio/virtio.c | 5 +
 2 files changed, 6 insertions(+)

diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index 5e4176f..e15c064 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -269,6 +269,7 @@ hwaddr virtio_queue_get_used_size(VirtIODevice *vdev, int 
n);
 uint16_t virtio_queue_get_last_avail_idx(VirtIODevice *vdev, int n);
 void virtio_queue_set_last_avail_idx(VirtIODevice *vdev, int n, uint16_t idx);
 void virtio_queue_invalidate_signalled_used(VirtIODevice *vdev, int n);
+void virtio_queue_update_used_idx(VirtIODevice *vdev, int n);
 VirtQueue *virtio_get_queue(VirtIODevice *vdev, int n);
 uint16_t virtio_get_queue_index(VirtQueue *vq);
 EventNotifier *virtio_queue_get_guest_notifier(VirtQueue *vq);
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 8357218..ba7 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -2020,6 +2020,11 @@ void virtio_queue_set_last_avail_idx(VirtIODevice *vdev, 
int n, uint16_t idx)
 vdev->vq[n].shadow_avail_idx = idx;
 }
 
+void virtio_queue_update_used_idx(VirtIODevice *vdev, int n)
+{
+vdev->vq[n].used_idx = vring_used_idx(>vq[n]);
+}
+
 void virtio_queue_invalidate_signalled_used(VirtIODevice *vdev, int n)
 {
 vdev->vq[n].signalled_used_valid = false;
-- 
MST

[Qemu-devel] [PULL 16/41] cryptodev: wrap the ready flag

[Michael S. Tsirkin]

From: Gonglei 

The ready flag should be set by the children of
cryptodev backend interface. Warp the setter/getter
functions for it.

Signed-off-by: Gonglei 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/sysemu/cryptodev.h   | 19 +++
 backends/cryptodev-builtin.c |  4 
 backends/cryptodev.c | 15 +++
 hw/virtio/virtio-crypto.c|  4 ++--
 4 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/include/sysemu/cryptodev.h b/include/sysemu/cryptodev.h
index 461389d..a9d0d1e 100644
--- a/include/sysemu/cryptodev.h
+++ b/include/sysemu/cryptodev.h
@@ -317,5 +317,24 @@ void cryptodev_backend_set_used(CryptoDevBackend *backend, 
bool used);
  */
 bool cryptodev_backend_is_used(CryptoDevBackend *backend);
 
+/**
+ * cryptodev_backend_set_ready:
+ * @backend: the cryptodev backend object
+ * @ready: ture or false
+ *
+ * Set the cryptodev backend is ready or not, which is called
+ * by the children of the cryptodev banckend interface.
+ */
+void cryptodev_backend_set_ready(CryptoDevBackend *backend, bool ready);
+
+/**
+ * cryptodev_backend_is_ready:
+ * @backend: the cryptodev backend object
+ *
+ * Return the status that the cryptodev backend is ready or not
+ *
+ * Returns: true on ready, or false on not ready
+ */
+bool cryptodev_backend_is_ready(CryptoDevBackend *backend);
 
 #endif /* CRYPTODEV_H */
diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index 486b4a6..82a068e 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -94,6 +94,8 @@ static void cryptodev_builtin_init(
 backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendSymOpInfo);
 backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
 backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
+
+cryptodev_backend_set_ready(backend, true);
 }
 
 static int
@@ -366,6 +368,8 @@ static void cryptodev_builtin_cleanup(
 backend->conf.peers.ccs[i] = NULL;
 }
 }
+
+cryptodev_backend_set_ready(backend, false);
 }
 
 static void
diff --git a/backends/cryptodev.c b/backends/cryptodev.c
index 6a66c27..832f056 100644
--- a/backends/cryptodev.c
+++ b/backends/cryptodev.c
@@ -73,8 +73,6 @@ void cryptodev_backend_cleanup(
 if (bc->cleanup) {
 bc->cleanup(backend, errp);
 }
-
-backend->ready = false;
 }
 
 int64_t cryptodev_backend_sym_create_session(
@@ -189,11 +187,10 @@ cryptodev_backend_complete(UserCreatable *uc, Error 
**errp)
 goto out;
 }
 }
-backend->ready = true;
+
 return;
 
 out:
-backend->ready = false;
 error_propagate(errp, local_err);
 }
 
@@ -207,6 +204,16 @@ bool cryptodev_backend_is_used(CryptoDevBackend *backend)
 return backend->is_used;
 }
 
+void cryptodev_backend_set_ready(CryptoDevBackend *backend, bool ready)
+{
+backend->ready = ready;
+}
+
+bool cryptodev_backend_is_ready(CryptoDevBackend *backend)
+{
+return backend->ready;
+}
+
 static bool
 cryptodev_backend_can_be_deleted(UserCreatable *uc, Error **errp)
 {
diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
index 6318fcf..9213258 100644
--- a/hw/virtio/virtio-crypto.c
+++ b/hw/virtio/virtio-crypto.c
@@ -732,7 +732,7 @@ static void virtio_crypto_reset(VirtIODevice *vdev)
 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(vdev);
 /* multiqueue is disabled by default */
 vcrypto->curr_queues = 1;
-if (!vcrypto->cryptodev->ready) {
+if (!cryptodev_backend_is_ready(vcrypto->cryptodev)) {
 vcrypto->status &= ~VIRTIO_CRYPTO_S_HW_READY;
 } else {
 vcrypto->status |= VIRTIO_CRYPTO_S_HW_READY;
@@ -792,7 +792,7 @@ static void virtio_crypto_device_realize(DeviceState *dev, 
Error **errp)
 }
 
 vcrypto->ctrl_vq = virtio_add_queue(vdev, 64, virtio_crypto_handle_ctrl);
-if (!vcrypto->cryptodev->ready) {
+if (!cryptodev_backend_is_ready(vcrypto->cryptodev)) {
 vcrypto->status &= ~VIRTIO_CRYPTO_S_HW_READY;
 } else {
 vcrypto->status |= VIRTIO_CRYPTO_S_HW_READY;
-- 
MST

[Qemu-devel] [PULL 26/41] net: vhost stop updates virtio queue state

[Michael S. Tsirkin]

From: Yuri Benditovich 

Make virtio queue suitable for push operation from qemu
after vhost was stopped.

Signed-off-by: Yuri Benditovich 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/vhost.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index f7f7023..d396b22 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -993,6 +993,7 @@ static void vhost_virtqueue_stop(struct vhost_dev *dev,
 virtio_queue_set_last_avail_idx(vdev, idx, state.num);
 }
 virtio_queue_invalidate_signalled_used(vdev, idx);
+virtio_queue_update_used_idx(vdev, idx);
 
 /* In the cross-endian case, we need to reset the vring endianness to
  * native as legacy devices expect so by default.
-- 
MST

[Qemu-devel] [PULL 32/41] tests: pc: add memory hotplug acpi tables tests

[Michael S. Tsirkin]

From: Igor Mammedov 

This also adds SRAT and DSDT blobs for memory hotplug variant

Signed-off-by: Igor Mammedov 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Marcel Apfelbaum 
---
 tests/bios-tables-test.c|  24 
 tests/acpi-test-data/pc/DSDT.memhp  | Bin 0 -> 6613 bytes
 tests/acpi-test-data/pc/SRAT.memhp  | Bin 0 -> 224 bytes
 tests/acpi-test-data/q35/DSDT.memhp | Bin 0 -> 9375 bytes
 tests/acpi-test-data/q35/SRAT.memhp | Bin 0 -> 224 bytes
 5 files changed, 24 insertions(+)
 create mode 100644 tests/acpi-test-data/pc/DSDT.memhp
 create mode 100644 tests/acpi-test-data/pc/SRAT.memhp
 create mode 100644 tests/acpi-test-data/q35/DSDT.memhp
 create mode 100644 tests/acpi-test-data/q35/SRAT.memhp

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 812f830..5404805 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -867,6 +867,28 @@ static void test_acpi_piix4_tcg_ipmi(void)
 free_test_data();
 }
 
+static void test_acpi_q35_tcg_memhp(void)
+{
+test_data data;
+
+memset(, 0, sizeof(data));
+data.machine = MACHINE_Q35;
+data.variant = ".memhp";
+test_acpi_one(" -m 128,slots=3,maxmem=1G -numa node", );
+free_test_data();
+}
+
+static void test_acpi_piix4_tcg_memhp(void)
+{
+test_data data;
+
+memset(, 0, sizeof(data));
+data.machine = MACHINE_PC;
+data.variant = ".memhp";
+test_acpi_one(" -m 128,slots=3,maxmem=1G -numa node", );
+free_test_data();
+}
+
 int main(int argc, char *argv[])
 {
 const char *arch = qtest_get_arch();
@@ -887,6 +909,8 @@ int main(int argc, char *argv[])
 qtest_add_func("acpi/q35/ipmi", test_acpi_q35_tcg_ipmi);
 qtest_add_func("acpi/piix4/cpuhp", test_acpi_piix4_tcg_cphp);
 qtest_add_func("acpi/q35/cpuhp", test_acpi_q35_tcg_cphp);
+qtest_add_func("acpi/piix4/memhp", test_acpi_piix4_tcg_memhp);
+qtest_add_func("acpi/q35/memhp", test_acpi_q35_tcg_memhp);
 }
 ret = g_test_run();
 boot_sector_cleanup(disk);
diff --git a/tests/acpi-test-data/pc/DSDT.memhp 
b/tests/acpi-test-data/pc/DSDT.memhp
new file mode 100644
index 
..a1010c7fb5c526278d743891f2543d873f9ef9b9
GIT binary patch
literal 6613
zcmdT|&2JmW6`$pYw49}+rL?wXD~VXyNt(2_`QgY3S`;RCDUlYJT5~Da#Tw;OmQgB5
z>xB{nQH%f*11L^z0qdeYl{R>`|Ah8W$ffu6+*^vqK3V;}T@J-iS|GW#1Vqhy?>Fyb
z=DjyFG;E{skF$(P|0=HQWjkHGW$6ZZ5@U?U^k1#SZZl`kD6TdoB@?Q+t0-$f
zH;Nmp(x2PzpIrB&^B0*+X}e5$OJ=$2kqurKVkMI-LbeuVmzAxnd*>
zU-PKkEEshrH#aJVq?)DR#EAc)~c*=m?9$=KH~6&7>$Rifu^mTE@YsvFI;
zw%oKE1?CaQ^@!E_#O12nOMcaLS=Ut#5Bsb){Z+Tc{@6;gfBq-lXMH{+H}$%mO7ZD~
z1R{oV7GrFesjpumZ^_*RyMCk7(Z06#YbRztYR0M0S*gGxGNbw
z!d(t`-}vn%(n2#CD_>@lRjX8!*t;yM7ibXGi}
zxxO)+I5RgsQReX_rV_9quNeAp6DJ2AE%5nO>D%bHQ5IX3o=2Z!p_Z<(w`0EU>`K)t
zh|OLxDzj;o@i<@S8HqpR5y}=+9$IBtN$BlL
z+l;0=ZxXxD)EY{t*i_dzrM+hGrd4k+Z#J^$daU)Nn0VCUd)_B49$}l_gPqnU<56~}
zr*`iElt9^3YikDE>RssGk$S0ai^qm+n{7Rw8d3#-Qr$Z|GUOBooam6Fvn}t_-A%4C
z6fS$X#hCY?1$z&-B<5{BbX)9xtM5Ad7cNK1TdEbRHp!~r$jJE0(pQeY^0GEpxq(
zB_8m-Hi|yc=ZdymxuMq+0Ms+7X|8-R!4iJ5?XoY4$K&{}^prr>AGp4)yxtos@tV%8c3tiNNdSvrB;zWMogzuym;I1Qt&14Z>peMl}sj^ArFG{
zJg%km#>#IZJ>G4z13i<;Y-{BS^sqw0Ie+_dOdMx=y5j=!-s3Z_
z^X4&0b*=AeW}G7WafYOERnTyveyu#M+j>n73qx|B6qK%uBN?r7Tq#z#w;DSZkiQdH
zu5maPU-FK52DB%+kJnp)J*8>b|V=U=!yGv%vnV2ZJ!XA
z$0Orhg1$e_#1fq7o%7jRjM54$T`-Z5()b2=;5Nmky4p`oq;KpPXxm
zP!CjUOD1w2m%Z#Q>sKCMfg$qioQ}kn8OIq-DDNgb~Je*7s(e%Nd{jEQtdg!FOoxg
z%HM&1kM0Y{e$WMrJ`v_i#A`u5Jp9|sK=SwR=*^tl$91u%?5U*T%Kz4FG!Q%AoSleCa2n$)%~?5y
zXAmAZpxz+~1)%=oX!)GZrIlanD}e(yO6CSSVUEya9;g>nFVEW>p&@m7_CI*wlI2p7>|Ij#wKtcJ4f$w-a4t}#RB>cDr(
zoxv;Se|_E2{EjY`lswyX$CM5*%x?FTZktDFoZD8-dw!=WBIi)Dik->ehXVSQ$?3dp
zX9om$kV{-yk%$K#YB6fHu#kaQ=&|p_0xkM(`10e1kI6Jg5oUz
zQ-I<(i4dsJ8W+%b7@m;uR2Rod|^rt&;*e83w%~wBk3GK=I6
z<)Kia6-_p9Kna5`3#~~3O@=~+)+qs<3WHu1TBikcIut6j;*}rxIuizcS7=oQR1Jj+
zttkObg+bpFT4x1xHWVtf#yT7_=a?BJ+c=v{0zfdP+b~g+Yr#>uCW!9SRj%{$5
zFsLrH{;#C{$=YE1+k?poY+TPC(CvLWR}^0bK}#mW0+<1oV|qsL=YVfW8_AT@hMe
z6VTT}p+f7TfG(Z{)yfOT%~~VUOFn4h!E`{qZrdkR5a?zBktRYD3M6|(kYwsX
zTfuAVz(!jcP!XbrvKS~dhk=Z2y)%@NF_ic~M%I>xGBSrk9mvSuRg%p-XrsI0##
z-~^336X+v3ZcYa_N=L}?A_RRTSBXXu2zlD4kL1^gMmh`mo=+di{fLp6LXN}az}83P
z6g5(8D5toM5jjPUWEslSM32a?fyTBE<$FX!t}W8_8$bKg@3*vtIO{f~!NB0r{{l^z
Bd0PMg

literal 0
HcmV?d1

diff --git a/tests/acpi-test-data/pc/SRAT.memhp 
b/tests/acpi-test-data/pc/SRAT.memhp
new file mode 100644
index 

[Qemu-devel] [PULL 22/41] pcie_aer: support configurable AER capa version

[Michael S. Tsirkin]

From: Dou Liyang 

Now, AER capa version is fixed to v2, if assigned device isn't v2,
then this value will be inconsistent between guest and host

Signed-off-by: Dou Liyang 
Signed-off-by: Cao jin 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pcie_aer.h  | 4 ++--
 hw/net/e1000e.c| 3 ++-
 hw/pci-bridge/ioh3420.c| 3 ++-
 hw/pci-bridge/xio3130_downstream.c | 3 ++-
 hw/pci-bridge/xio3130_upstream.c   | 3 ++-
 hw/pci/pcie_aer.c  | 6 +++---
 6 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/include/hw/pci/pcie_aer.h b/include/hw/pci/pcie_aer.h
index 5891b68..526802b 100644
--- a/include/hw/pci/pcie_aer.h
+++ b/include/hw/pci/pcie_aer.h
@@ -86,8 +86,8 @@ struct PCIEAERErr {
 
 extern const VMStateDescription vmstate_pcie_aer_log;
 
-int pcie_aer_init(PCIDevice *dev, uint16_t offset, uint16_t size,
-  Error **errp);
+int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset,
+  uint16_t size, Error **errp);
 void pcie_aer_exit(PCIDevice *dev);
 void pcie_aer_write_config(PCIDevice *dev,
uint32_t addr, uint32_t val, int len);
diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
index 89f96eb..77a4b3e 100644
--- a/hw/net/e1000e.c
+++ b/hw/net/e1000e.c
@@ -472,7 +472,8 @@ static void e1000e_pci_realize(PCIDevice *pci_dev, Error 
**errp)
 hw_error("Failed to initialize PM capability");
 }
 
-if (pcie_aer_init(pci_dev, e1000e_aer_offset, PCI_ERR_SIZEOF, NULL) < 0) {
+if (pcie_aer_init(pci_dev, PCI_ERR_VER, e1000e_aer_offset,
+  PCI_ERR_SIZEOF, NULL) < 0) {
 hw_error("Failed to initialize AER capability");
 }
 
diff --git a/hw/pci-bridge/ioh3420.c b/hw/pci-bridge/ioh3420.c
index 04180af..84b7946 100644
--- a/hw/pci-bridge/ioh3420.c
+++ b/hw/pci-bridge/ioh3420.c
@@ -135,7 +135,8 @@ static int ioh3420_initfn(PCIDevice *d)
 goto err_pcie_cap;
 }
 
-rc = pcie_aer_init(d, IOH_EP_AER_OFFSET, PCI_ERR_SIZEOF, );
+rc = pcie_aer_init(d, PCI_ERR_VER, IOH_EP_AER_OFFSET,
+   PCI_ERR_SIZEOF, );
 if (rc < 0) {
 error_report_err(err);
 goto err;
diff --git a/hw/pci-bridge/xio3130_downstream.c 
b/hw/pci-bridge/xio3130_downstream.c
index 5713341..04b8e5b 100644
--- a/hw/pci-bridge/xio3130_downstream.c
+++ b/hw/pci-bridge/xio3130_downstream.c
@@ -97,7 +97,8 @@ static int xio3130_downstream_initfn(PCIDevice *d)
 goto err_pcie_cap;
 }
 
-rc = pcie_aer_init(d, XIO3130_AER_OFFSET, PCI_ERR_SIZEOF, );
+rc = pcie_aer_init(d, PCI_ERR_VER, XIO3130_AER_OFFSET,
+   PCI_ERR_SIZEOF, );
 if (rc < 0) {
 error_report_err(err);
 goto err;
diff --git a/hw/pci-bridge/xio3130_upstream.c b/hw/pci-bridge/xio3130_upstream.c
index 94c1691..d1f59c8 100644
--- a/hw/pci-bridge/xio3130_upstream.c
+++ b/hw/pci-bridge/xio3130_upstream.c
@@ -85,7 +85,8 @@ static int xio3130_upstream_initfn(PCIDevice *d)
 pcie_cap_flr_init(d);
 pcie_cap_deverr_init(d);
 
-rc = pcie_aer_init(d, XIO3130_AER_OFFSET, PCI_ERR_SIZEOF, );
+rc = pcie_aer_init(d, PCI_ERR_VER, XIO3130_AER_OFFSET,
+   PCI_ERR_SIZEOF, );
 if (rc < 0) {
 error_report_err(err);
 goto err;
diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
index 2a4bd5a..daf1f65 100644
--- a/hw/pci/pcie_aer.c
+++ b/hw/pci/pcie_aer.c
@@ -97,10 +97,10 @@ static void aer_log_clear_all_err(PCIEAERLog *aer_log)
 aer_log->log_num = 0;
 }
 
-int pcie_aer_init(PCIDevice *dev, uint16_t offset, uint16_t size,
-  Error **errp)
+int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset,
+  uint16_t size, Error **errp)
 {
-pcie_add_capability(dev, PCI_EXT_CAP_ID_ERR, PCI_ERR_VER,
+pcie_add_capability(dev, PCI_EXT_CAP_ID_ERR, cap_ver,
 offset, size);
 dev->exp.aer_cap = offset;
 
-- 
MST

[Qemu-devel] [PULL 11/41] memory: handle alias for iommu notifier

[Michael S. Tsirkin]

From: Jason Wang 

Cc: Paolo Bonzini 
Acked-by: Paolo Bonzini 
Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Peter Xu 
---
 memory.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/memory.c b/memory.c
index 33110e9..2bfc37f 100644
--- a/memory.c
+++ b/memory.c
@@ -1603,6 +1603,11 @@ static void 
memory_region_update_iommu_notify_flags(MemoryRegion *mr)
 void memory_region_register_iommu_notifier(MemoryRegion *mr,
IOMMUNotifier *n)
 {
+if (mr->alias) {
+memory_region_register_iommu_notifier(mr->alias, n);
+return;
+}
+
 /* We need to register for at least one bitfield */
 assert(n->notifier_flags != IOMMU_NOTIFIER_NONE);
 QLIST_INSERT_HEAD(>iommu_notify, n, node);
@@ -1643,6 +1648,10 @@ void memory_region_iommu_replay(MemoryRegion *mr, 
IOMMUNotifier *n,
 void memory_region_unregister_iommu_notifier(MemoryRegion *mr,
  IOMMUNotifier *n)
 {
+if (mr->alias) {
+memory_region_unregister_iommu_notifier(mr->alias, n);
+return;
+}
 QLIST_REMOVE(n, node);
 memory_region_update_iommu_notify_flags(mr);
 }
-- 
MST

[Qemu-devel] [PULL 20/41] virtio-crypto: zeroize the key material before free

[Michael S. Tsirkin]

From: Gonglei 

Common practice with sensitive information (key material, passwords,
etc). Prevents sensitive information from being exposed by accident later in
coredumps, memory disclosure bugs when heap memory is reused, etc.

Sensitive information is sometimes also held in mlocked pages to prevent
it being swapped to disk but that's not being done here.

Let's zeroize the memory of CryptoDevBackendSymOpInfo structure pointed
for key material security.

[Thanks to Stefan for help with crafting the commit message]

Signed-off-by: Gonglei 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Eric Blake 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-crypto.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
index fc30bc3..296472f 100644
--- a/hw/virtio/virtio-crypto.c
+++ b/hw/virtio/virtio-crypto.c
@@ -337,7 +337,18 @@ static void virtio_crypto_free_request(VirtIOCryptoReq 
*req)
 {
 if (req) {
 if (req->flags == CRYPTODEV_BACKEND_ALG_SYM) {
-g_free(req->u.sym_op_info);
+size_t max_len;
+CryptoDevBackendSymOpInfo *op_info = req->u.sym_op_info;
+
+max_len = op_info->iv_len +
+  op_info->aad_len +
+  op_info->src_len +
+  op_info->dst_len +
+  op_info->digest_result_len;
+
+/* Zeroize and free request data structure */
+memset(op_info, 0, sizeof(*op_info) + max_len);
+g_free(op_info);
 }
 g_free(req);
 }
-- 
MST

[Qemu-devel] [PULL 13/41] doc/pcie: correct command line examples

[Michael S. Tsirkin]

From: Cao jin 

Nit picking: Multi-function PCI Express Root Ports should mean that
'addr' property is mandatory, and slot is optional because it defaults
to 0, and 'chassis' is mandatory for 2nd & 3rd root port because it
defaults to 0 too.

Bonus: fix a typo(2->3)
Signed-off-by: Cao jin 
Reviewed-by: Marcel Apfelbaum 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 docs/pcie.txt | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/pcie.txt b/docs/pcie.txt
index 9fb20aa..5bada24 100644
--- a/docs/pcie.txt
+++ b/docs/pcie.txt
@@ -110,18 +110,18 @@ Plug only PCI Express devices into PCI Express Ports.
   -device ioh3420,id=root_port1,chassis=x,slot=y[,bus=pcie.0][,addr=z] 
 \
   -device ,bus=root_port1
 2.2.2 Using multi-function PCI Express Root Ports:
-  -device 
ioh3420,id=root_port1,multifunction=on,chassis=x,slot=y[,bus=pcie.0][,addr=z.0] 
\
-  -device ioh3420,id=root_port2,chassis=x1,slot=y1[,bus=pcie.0][,addr=z.1] 
\
-  -device ioh3420,id=root_port3,chassis=x2,slot=y2[,bus=pcie.0][,addr=z.2] 
\
-2.2.2 Plugging a PCI Express device into a Switch:
+  -device 
ioh3420,id=root_port1,multifunction=on,chassis=x,addr=z.0[,slot=y][,bus=pcie.0] 
\
+  -device ioh3420,id=root_port2,chassis=x1,addr=z.1[,slot=y1][,bus=pcie.0] 
\
+  -device ioh3420,id=root_port3,chassis=x2,addr=z.2[,slot=y2][,bus=pcie.0] 
\
+2.2.3 Plugging a PCI Express device into a Switch:
   -device ioh3420,id=root_port1,chassis=x,slot=y[,bus=pcie.0][,addr=z]  \
   -device x3130-upstream,id=upstream_port1,bus=root_port1[,addr=x] 
 \
   -device 
xio3130-downstream,id=downstream_port1,bus=upstream_port1,chassis=x1,slot=y1[,addr=z1]]
 \
   -device ,bus=downstream_port1
 
 Notes:
-  - (slot, chassis) pair is mandatory and must be
- unique for each PCI Express Root Port.
+  - (slot, chassis) pair is mandatory and must be unique for each
+PCI Express Root Port. slot defaults to 0 when not specified.
   - 'addr' parameter can be 0 for all the examples above.
 
 
-- 
MST

[Qemu-devel] [PULL 29/41] vhost-user: Add MTU protocol feature and op

[Michael S. Tsirkin]

From: Maxime Coquelin 

This patch implements VHOST_USER_PROTOCOL_F_NET_MTU
protocol feature and VHOST_USER_NET_SET_MTU request so
that the backend gets notified of the user defined host
MTU.

If backend supports VHOST_USER_PROTOCOL_F_REPLY_ACK,
QEMU assumes MTU is valid if success is returned.

Vhost-net driver sends this request through a new
vhost_net_set_mtu vhost_ops entry.

Cc: Michael S. Tsirkin 
Cc: Aaron Conole 
Signed-off-by: Maxime Coquelin 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 docs/specs/vhost-user.txt | 16 
 include/hw/virtio/vhost-backend.h |  2 ++
 hw/virtio/vhost-user.c| 34 ++
 3 files changed, 52 insertions(+)

diff --git a/docs/specs/vhost-user.txt b/docs/specs/vhost-user.txt
index d70bd83..036890f 100644
--- a/docs/specs/vhost-user.txt
+++ b/docs/specs/vhost-user.txt
@@ -259,6 +259,7 @@ Protocol features
 #define VHOST_USER_PROTOCOL_F_LOG_SHMFD  1
 #define VHOST_USER_PROTOCOL_F_RARP   2
 #define VHOST_USER_PROTOCOL_F_REPLY_ACK  3
+#define VHOST_USER_PROTOCOL_F_MTU4
 
 Message types
 -
@@ -470,6 +471,21 @@ Message types
   The first 6 bytes of the payload contain the mac address of the guest to
   allow the vhost user backend to construct and broadcast the fake RARP.
 
+ * VHOST_USER_NET_SET_MTU
+
+  Id: 20
+  Equivalent ioctl: N/A
+  Master payload: u64
+
+  Set host MTU value exposed to the guest.
+  This request should be sent only when VIRTIO_NET_F_MTU feature has been
+  successfully negotiated, VHOST_USER_F_PROTOCOL_FEATURES is present in
+  VHOST_USER_GET_FEATURES and protocol feature bit
+  VHOST_USER_PROTOCOL_F_NET_MTU is present in
+  VHOST_USER_GET_PROTOCOL_FEATURES.
+  If VHOST_USER_PROTOCOL_F_REPLY_ACK is negotiated, slave must respond
+  with zero in case the specified MTU is valid, or non-zero otherwise.
+
 VHOST_USER_PROTOCOL_F_REPLY_ACK:
 ---
 The original vhost-user specification only demands replies for certain
diff --git a/include/hw/virtio/vhost-backend.h 
b/include/hw/virtio/vhost-backend.h
index 6e90703..30abc11 100644
--- a/include/hw/virtio/vhost-backend.h
+++ b/include/hw/virtio/vhost-backend.h
@@ -32,6 +32,7 @@ typedef int (*vhost_backend_memslots_limit)(struct vhost_dev 
*dev);
 
 typedef int (*vhost_net_set_backend_op)(struct vhost_dev *dev,
 struct vhost_vring_file *file);
+typedef int (*vhost_net_set_mtu_op)(struct vhost_dev *dev, uint16_t mtu);
 typedef int (*vhost_scsi_set_endpoint_op)(struct vhost_dev *dev,
   struct vhost_scsi_target *target);
 typedef int (*vhost_scsi_clear_endpoint_op)(struct vhost_dev *dev,
@@ -83,6 +84,7 @@ typedef struct VhostOps {
 vhost_backend_cleanup vhost_backend_cleanup;
 vhost_backend_memslots_limit vhost_backend_memslots_limit;
 vhost_net_set_backend_op vhost_net_set_backend;
+vhost_net_set_mtu_op vhost_net_set_mtu;
 vhost_scsi_set_endpoint_op vhost_scsi_set_endpoint;
 vhost_scsi_clear_endpoint_op vhost_scsi_clear_endpoint;
 vhost_scsi_get_abi_version_op vhost_scsi_get_abi_version;
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 7ee92b3..9334a8a 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -32,6 +32,7 @@ enum VhostUserProtocolFeature {
 VHOST_USER_PROTOCOL_F_LOG_SHMFD = 1,
 VHOST_USER_PROTOCOL_F_RARP = 2,
 VHOST_USER_PROTOCOL_F_REPLY_ACK = 3,
+VHOST_USER_PROTOCOL_F_NET_MTU = 4,
 
 VHOST_USER_PROTOCOL_F_MAX
 };
@@ -59,6 +60,7 @@ typedef enum VhostUserRequest {
 VHOST_USER_GET_QUEUE_NUM = 17,
 VHOST_USER_SET_VRING_ENABLE = 18,
 VHOST_USER_SEND_RARP = 19,
+VHOST_USER_NET_SET_MTU = 20,
 VHOST_USER_MAX
 } VhostUserRequest;
 
@@ -186,6 +188,7 @@ static bool vhost_user_one_time_request(VhostUserRequest 
request)
 case VHOST_USER_RESET_OWNER:
 case VHOST_USER_SET_MEM_TABLE:
 case VHOST_USER_GET_QUEUE_NUM:
+case VHOST_USER_NET_SET_MTU:
 return true;
 default:
 return false;
@@ -685,6 +688,36 @@ static bool vhost_user_can_merge(struct vhost_dev *dev,
 return mfd == rfd;
 }
 
+static int vhost_user_net_set_mtu(struct vhost_dev *dev, uint16_t mtu)
+{
+VhostUserMsg msg;
+bool reply_supported = virtio_has_feature(dev->protocol_features,
+  VHOST_USER_PROTOCOL_F_REPLY_ACK);
+
+if (!(dev->protocol_features & (1ULL << VHOST_USER_PROTOCOL_F_NET_MTU))) {
+return 0;
+}
+
+msg.request = VHOST_USER_NET_SET_MTU;
+msg.payload.u64 = mtu;
+msg.size = sizeof(msg.payload.u64);
+msg.flags = VHOST_USER_VERSION;
+if (reply_supported) {
+msg.flags |= VHOST_USER_NEED_REPLY_MASK;
+}
+
+if 

[Qemu-devel] [PULL 19/41] virtio-crypto-pci: tag virtio-crypto device hot pluggable

[Michael S. Tsirkin]

From: Gonglei 

After resolving the relationship with cryptodev backend,
the virtio crypto device supports hotplug now.

Signed-off-by: Gonglei 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-crypto-pci.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/virtio/virtio-crypto-pci.c b/hw/virtio/virtio-crypto-pci.c
index 14bd12c..422aca3 100644
--- a/hw/virtio/virtio-crypto-pci.c
+++ b/hw/virtio/virtio-crypto-pci.c
@@ -53,7 +53,6 @@ static void virtio_crypto_pci_class_init(ObjectClass *klass, 
void *data)
 k->realize = virtio_crypto_pci_realize;
 set_bit(DEVICE_CATEGORY_MISC, dc->categories);
 dc->props = virtio_crypto_pci_properties;
-dc->hotpluggable = false;
 pcidev_k->class_id = PCI_CLASS_OTHERS;
 }
 
-- 
MST

[Qemu-devel] [PULL 10/41] acpi: add ATSR for q35

[Michael S. Tsirkin]

From: Jason Wang 

This patch provides ATSR which was a requirement for software that
wants to enable ATS on endpoint devices behind a Root Port. This is
done simply by setting ALL_PORTS which indicates all PCI-Express Root
Ports support ATS transactions.

Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/acpi-defs.h | 12 
 hw/i386/acpi-build.c|  9 +
 2 files changed, 21 insertions(+)

diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index d43ec00..4cc3630 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -627,8 +627,20 @@ struct AcpiDmarHardwareUnit {
 } QEMU_PACKED;
 typedef struct AcpiDmarHardwareUnit AcpiDmarHardwareUnit;
 
+/* Type 2: Root Port ATS Capability Reporting Structure */
+struct AcpiDmarRootPortATS {
+uint16_t type;
+uint16_t length;
+uint8_t flags;
+uint8_t reserved;
+uint16_t pci_segment;
+AcpiDmarDeviceScope scope[0];
+} QEMU_PACKED;
+typedef struct AcpiDmarRootPortATS AcpiDmarRootPortATS;
+
 /* Masks for Flags field above */
 #define ACPI_DMAR_INCLUDE_PCI_ALL   1
+#define ACPI_DMAR_ATSR_ALL_PORTS1
 
 /*
  * Input Output Remapping Table (IORT)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 42ecf61..4609db1 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2575,6 +2575,7 @@ build_dmar_q35(GArray *table_data, BIOSLinker *linker)
 
 AcpiTableDmar *dmar;
 AcpiDmarHardwareUnit *drhd;
+AcpiDmarRootPortATS *atsr;
 uint8_t dmar_flags = 0;
 X86IOMMUState *iommu = x86_iommu_get_default();
 AcpiDmarDeviceScope *scope = NULL;
@@ -2608,6 +2609,14 @@ build_dmar_q35(GArray *table_data, BIOSLinker *linker)
 scope->path[0].device = PCI_SLOT(Q35_PSEUDO_DEVFN_IOAPIC);
 scope->path[0].function = PCI_FUNC(Q35_PSEUDO_DEVFN_IOAPIC);
 
+if (iommu->dt_supported) {
+atsr = acpi_data_push(table_data, sizeof(*atsr));
+atsr->type = cpu_to_le16(ACPI_DMAR_TYPE_ATSR);
+atsr->length = cpu_to_le16(sizeof(*atsr));
+atsr->flags = ACPI_DMAR_ATSR_ALL_PORTS;
+atsr->pci_segment = cpu_to_le16(0);
+}
+
 build_header(linker, table_data, (void *)(table_data->data + dmar_start),
  "DMAR", table_data->len - dmar_start, 1, NULL, NULL);
 }
-- 
MST

[Qemu-devel] [PULL 09/41] virtio-pci: address space translation service (ATS) support

[Michael S. Tsirkin]

From: Jason Wang 

This patches enable the Address Translation Service support for virtio
pci devices. This is needed for a guest visible Device IOTLB
implementation and will be required by vhost device IOTLB API
implementation for intel IOMMU.

Cc: Michael S. Tsirkin 
Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-pci.h|  4 
 include/hw/pci/pcie.h |  4 
 include/standard-headers/linux/pci_regs.h |  1 +
 hw/pci/pcie.c | 15 +++
 hw/virtio/virtio-pci.c|  7 +++
 5 files changed, 31 insertions(+)

diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h
index 5e07886..d00064c 100644
--- a/hw/virtio/virtio-pci.h
+++ b/hw/virtio/virtio-pci.h
@@ -72,6 +72,7 @@ enum {
 VIRTIO_PCI_FLAG_MODERN_PIO_NOTIFY_BIT,
 VIRTIO_PCI_FLAG_DISABLE_PCIE_BIT,
 VIRTIO_PCI_FLAG_PAGE_PER_VQ_BIT,
+VIRTIO_PCI_FLAG_ATS_BIT,
 };
 
 /* Need to activate work-arounds for buggy guests at vmstate load. */
@@ -96,6 +97,9 @@ enum {
 #define VIRTIO_PCI_FLAG_PAGE_PER_VQ \
 (1 << VIRTIO_PCI_FLAG_PAGE_PER_VQ_BIT)
 
+/* address space translation service */
+#define VIRTIO_PCI_FLAG_ATS (1 << VIRTIO_PCI_FLAG_ATS_BIT)
+
 typedef struct {
 MSIMessage msg;
 int virq;
diff --git a/include/hw/pci/pcie.h b/include/hw/pci/pcie.h
index 056d25e..b08451d 100644
--- a/include/hw/pci/pcie.h
+++ b/include/hw/pci/pcie.h
@@ -74,6 +74,9 @@ struct PCIExpressDevice {
 /* AER */
 uint16_t aer_cap;
 PCIEAERLog aer_log;
+
+/* Offset of ATS capability in config space */
+uint16_t ats_cap;
 };
 
 #define COMPAT_PROP_PCP "power_controller_present"
@@ -120,6 +123,7 @@ void pcie_add_capability(PCIDevice *dev,
 
 void pcie_ari_init(PCIDevice *dev, uint16_t offset, uint16_t nextfn);
 void pcie_dev_ser_num_init(PCIDevice *dev, uint16_t offset, uint64_t ser_num);
+void pcie_ats_init(PCIDevice *dev, uint16_t offset);
 
 extern const VMStateDescription vmstate_pcie_device;
 
diff --git a/include/standard-headers/linux/pci_regs.h 
b/include/standard-headers/linux/pci_regs.h
index e5a2e68..be5b066 100644
--- a/include/standard-headers/linux/pci_regs.h
+++ b/include/standard-headers/linux/pci_regs.h
@@ -678,6 +678,7 @@
 #define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_PTM
 
 #define PCI_EXT_CAP_DSN_SIZEOF 12
+#define PCI_EXT_CAP_ATS_SIZEOF 8
 #define PCI_EXT_CAP_MCAST_ENDPOINT_SIZEOF 40
 
 /* Advanced Error Reporting */
diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
index 99cfb45..adeda04 100644
--- a/hw/pci/pcie.c
+++ b/hw/pci/pcie.c
@@ -717,3 +717,18 @@ void pcie_dev_ser_num_init(PCIDevice *dev, uint16_t 
offset, uint64_t ser_num)
 PCI_EXT_CAP_DSN_SIZEOF);
 pci_set_quad(dev->config + offset + pci_dsn_cap, ser_num);
 }
+
+void pcie_ats_init(PCIDevice *dev, uint16_t offset)
+{
+pcie_add_capability(dev, PCI_EXT_CAP_ID_ATS, 0x1,
+offset, PCI_EXT_CAP_ATS_SIZEOF);
+
+dev->exp.ats_cap = offset;
+
+/* Invalidate Queue Depth 0, Page Aligned Request 0 */
+pci_set_word(dev->config + offset + PCI_ATS_CAP, 0);
+/* STU 0, Disabled by default */
+pci_set_word(dev->config + offset + PCI_ATS_CTRL, 0);
+
+pci_set_word(dev->wmask + dev->exp.ats_cap + PCI_ATS_CTRL, 0x800f);
+}
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 213d57e..854b8f2 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1815,6 +1815,11 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error 
**errp)
  * PCI Power Management Interface Specification.
  */
 pci_set_word(pci_dev->config + pos + PCI_PM_PMC, 0x3);
+
+if (proxy->flags & VIRTIO_PCI_FLAG_ATS) {
+pcie_ats_init(pci_dev, 256);
+}
+
 } else {
 /*
  * make future invocations of pci_is_express() return false
@@ -1868,6 +1873,8 @@ static Property virtio_pci_properties[] = {
 VIRTIO_PCI_FLAG_PAGE_PER_VQ_BIT, false),
 DEFINE_PROP_BOOL("x-ignore-backend-features", VirtIOPCIProxy,
  ignore_backend_features, false),
+DEFINE_PROP_BIT("ats", VirtIOPCIProxy, flags,
+VIRTIO_PCI_FLAG_ATS_BIT, false),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
MST

[Qemu-devel] [PULL 28/41] net: virtio-net discards TX data after link down

[Michael S. Tsirkin]

From: Yuri Benditovich 

https://bugzilla.redhat.com/show_bug.cgi?id=1295637
Upon set_link monitor command or upon netdev deletion
virtio-net sends link down indication to the guest
and stops vhost if one is used.
Guest driver can still submit data for TX until it
recognizes link loss. If these packets not returned by
the host, the Windows guest will never be able to finish
disable/removal/shutdown.
Now each packet sent by guest after NIC indicated link
down will be completed immediately.

Signed-off-by: Yuri Benditovich 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/net/virtio-net.c | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 5009533..6f98eab 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -218,6 +218,14 @@ static void virtio_net_vnet_endian_status(VirtIONet *n, 
uint8_t status)
 }
 }
 
+static void virtio_net_drop_tx_queue_data(VirtIODevice *vdev, VirtQueue *vq)
+{
+unsigned int dropped = virtqueue_drop_all(vq);
+if (dropped) {
+virtio_notify(vdev, vq);
+}
+}
+
 static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
 {
 VirtIONet *n = VIRTIO_NET(vdev);
@@ -262,6 +270,14 @@ static void virtio_net_set_status(struct VirtIODevice 
*vdev, uint8_t status)
 } else {
 qemu_bh_cancel(q->tx_bh);
 }
+if ((n->status & VIRTIO_NET_S_LINK_UP) == 0 &&
+(queue_status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+/* if tx is waiting we are likely have some packets in tx queue
+ * and disabled notification */
+q->tx_waiting = 0;
+virtio_queue_set_notification(q->tx_vq, 1);
+virtio_net_drop_tx_queue_data(vdev, q->tx_vq);
+}
 }
 }
 }
@@ -1323,6 +1339,11 @@ static void virtio_net_handle_tx_timer(VirtIODevice 
*vdev, VirtQueue *vq)
 VirtIONet *n = VIRTIO_NET(vdev);
 VirtIONetQueue *q = >vqs[vq2q(virtio_get_queue_index(vq))];
 
+if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) {
+virtio_net_drop_tx_queue_data(vdev, vq);
+return;
+}
+
 /* This happens when device was stopped but VCPU wasn't. */
 if (!vdev->vm_running) {
 q->tx_waiting = 1;
@@ -1349,6 +1370,11 @@ static void virtio_net_handle_tx_bh(VirtIODevice *vdev, 
VirtQueue *vq)
 VirtIONet *n = VIRTIO_NET(vdev);
 VirtIONetQueue *q = >vqs[vq2q(virtio_get_queue_index(vq))];
 
+if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) {
+virtio_net_drop_tx_queue_data(vdev, vq);
+return;
+}
+
 if (unlikely(q->tx_waiting)) {
 return;
 }
-- 
MST

[Qemu-devel] [PULL 15/41] cryptodev: introduce a new is_used property

[Michael S. Tsirkin]

From: Gonglei 

This property is used to Tag the cryptodev backend
is used by virtio-crypto or not. Making cryptodev
can't be hot unplugged when it's in use. Cleanup
resources when cryptodev is finalized.

Signed-off-by: Gonglei 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/sysemu/cryptodev.h | 23 +++
 backends/cryptodev.c   | 19 +++
 hw/virtio/virtio-crypto.c  |  2 ++
 3 files changed, 44 insertions(+)

diff --git a/include/sysemu/cryptodev.h b/include/sysemu/cryptodev.h
index 84526c0..461389d 100644
--- a/include/sysemu/cryptodev.h
+++ b/include/sysemu/cryptodev.h
@@ -202,6 +202,8 @@ struct CryptoDevBackend {
 Object parent_obj;
 
 bool ready;
+/* Tag the cryptodev backend is used by virtio-crypto or not */
+bool is_used;
 CryptoDevBackendConf conf;
 };
 
@@ -295,4 +297,25 @@ int cryptodev_backend_crypto_operation(
  void *opaque,
  uint32_t queue_index, Error **errp);
 
+/**
+ * cryptodev_backend_set_used:
+ * @backend: the cryptodev backend object
+ * @used: ture or false
+ *
+ * Set the cryptodev backend is used by virtio-crypto or not
+ */
+void cryptodev_backend_set_used(CryptoDevBackend *backend, bool used);
+
+/**
+ * cryptodev_backend_is_used:
+ * @backend: the cryptodev backend object
+ *
+ * Return the status that the cryptodev backend is used
+ * by virtio-crypto or not
+ *
+ * Returns: true on used, or false on not used
+ */
+bool cryptodev_backend_is_used(CryptoDevBackend *backend);
+
+
 #endif /* CRYPTODEV_H */
diff --git a/backends/cryptodev.c b/backends/cryptodev.c
index 4a49f97..6a66c27 100644
--- a/backends/cryptodev.c
+++ b/backends/cryptodev.c
@@ -197,6 +197,22 @@ out:
 error_propagate(errp, local_err);
 }
 
+void cryptodev_backend_set_used(CryptoDevBackend *backend, bool used)
+{
+backend->is_used = used;
+}
+
+bool cryptodev_backend_is_used(CryptoDevBackend *backend)
+{
+return backend->is_used;
+}
+
+static bool
+cryptodev_backend_can_be_deleted(UserCreatable *uc, Error **errp)
+{
+return !cryptodev_backend_is_used(CRYPTODEV_BACKEND(uc));
+}
+
 static void cryptodev_backend_instance_init(Object *obj)
 {
 object_property_add(obj, "queues", "int",
@@ -209,7 +225,9 @@ static void cryptodev_backend_instance_init(Object *obj)
 
 static void cryptodev_backend_finalize(Object *obj)
 {
+CryptoDevBackend *backend = CRYPTODEV_BACKEND(obj);
 
+cryptodev_backend_cleanup(backend, NULL);
 }
 
 static void
@@ -218,6 +236,7 @@ cryptodev_backend_class_init(ObjectClass *oc, void *data)
 UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
 
 ucc->complete = cryptodev_backend_complete;
+ucc->can_be_deleted = cryptodev_backend_can_be_deleted;
 
 QTAILQ_INIT(_clients);
 }
diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
index f872c87..6318fcf 100644
--- a/hw/virtio/virtio-crypto.c
+++ b/hw/virtio/virtio-crypto.c
@@ -799,6 +799,7 @@ static void virtio_crypto_device_realize(DeviceState *dev, 
Error **errp)
 }
 
 virtio_crypto_init_config(vdev);
+cryptodev_backend_set_used(vcrypto->cryptodev, true);
 }
 
 static void virtio_crypto_device_unrealize(DeviceState *dev, Error **errp)
@@ -818,6 +819,7 @@ static void virtio_crypto_device_unrealize(DeviceState 
*dev, Error **errp)
 g_free(vcrypto->vqs);
 
 virtio_cleanup(vdev);
+cryptodev_backend_set_used(vcrypto->cryptodev, false);
 }
 
 static const VMStateDescription vmstate_virtio_crypto = {
-- 
MST

[Qemu-devel] [PULL 06/41] intel_iommu: allocate new key when creating new address space

[Michael S. Tsirkin]

From: Jason Wang 

We use the pointer to stack for key for new address space, this will break hash
table searching, fixing by g_malloc() a new key instead.

Cc: Michael S. Tsirkin 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Acked-by: Peter Xu 
Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/intel_iommu.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 0dd1c8f..e39b764 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -2347,12 +2347,13 @@ VTDAddressSpace *vtd_find_add_as(IntelIOMMUState *s, 
PCIBus *bus, int devfn)
 char name[128];
 
 if (!vtd_bus) {
+uintptr_t *new_key = g_malloc(sizeof(*new_key));
+*new_key = (uintptr_t)bus;
 /* No corresponding free() */
 vtd_bus = g_malloc0(sizeof(VTDBus) + sizeof(VTDAddressSpace *) * \
 X86_IOMMU_PCI_DEVFN_MAX);
 vtd_bus->bus = bus;
-key = (uintptr_t)bus;
-g_hash_table_insert(s->vtd_as_by_busptr, , vtd_bus);
+g_hash_table_insert(s->vtd_as_by_busptr, new_key, vtd_bus);
 }
 
 vtd_dev_as = vtd_bus->dev_as[devfn];
-- 
MST

[Qemu-devel] [PULL 18/41] virtio-crypto: avoid one cryptodev device is used by multiple virtio crypto devices

[Michael S. Tsirkin]

From: Gonglei 

Add the check condition for cryptodev device in order
to avoid one cryptodev device is used by multiple
virtio crypto devices.

Signed-off-by: Gonglei 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-crypto.c | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
index 9213258..fc30bc3 100644
--- a/hw/virtio/virtio-crypto.c
+++ b/hw/virtio/virtio-crypto.c
@@ -877,6 +877,20 @@ static void virtio_crypto_class_init(ObjectClass *klass, 
void *data)
 vdc->reset = virtio_crypto_reset;
 }
 
+static void
+virtio_crypto_check_cryptodev_is_used(Object *obj, const char *name,
+  Object *val, Error **errp)
+{
+if (cryptodev_backend_is_used(CRYPTODEV_BACKEND(val))) {
+char *path = object_get_canonical_path_component(val);
+error_setg(errp,
+"can't use already used cryptodev backend: %s", path);
+g_free(path);
+} else {
+qdev_prop_allow_set_link_before_realize(obj, name, val, errp);
+}
+}
+
 static void virtio_crypto_instance_init(Object *obj)
 {
 VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(obj);
@@ -890,7 +904,7 @@ static void virtio_crypto_instance_init(Object *obj)
 object_property_add_link(obj, "cryptodev",
  TYPE_CRYPTODEV_BACKEND,
  (Object **)>conf.cryptodev,
- qdev_prop_allow_set_link_before_realize,
+ virtio_crypto_check_cryptodev_is_used,
  OBJ_PROP_LINK_UNREF_ON_RELEASE, NULL);
 }
 
-- 
MST

[Qemu-devel] [PULL 12/41] memory: handle alias in memory_region_is_iommu()

[Michael S. Tsirkin]

From: Jason Wang 

Cc: Paolo Bonzini 
Acked-by: Paolo Bonzini 
Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Peter Xu 
---
 include/exec/memory.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 358edfb..bec9756 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -628,6 +628,9 @@ static inline bool memory_region_is_romd(MemoryRegion *mr)
  */
 static inline bool memory_region_is_iommu(MemoryRegion *mr)
 {
+if (mr->alias) {
+return memory_region_is_iommu(mr->alias);
+}
 return mr->iommu_ops;
 }
 
-- 
MST

[Qemu-devel] [PULL 04/41] virtio: convert to use DMA api

[Michael S. Tsirkin]

From: Jason Wang 

Currently, all virtio devices bypass IOMMU completely. This is because
address_space_memory is assumed and used during DMA emulation. This
patch converts the virtio core API to use DMA API. This idea is

- introducing a new transport specific helper to query the dma address
  space. (only pci version is implemented).
- query and use this address space during virtio device guest memory
  accessing when iommu platform (VIRTIO_F_IOMMU_PLATFORM) was enabled
  for this device.

Cc: Michael S. Tsirkin 
Cc: Stefan Hajnoczi 
Cc: Kevin Wolf 
Cc: Amit Shah 
Cc: Paolo Bonzini 
Cc: qemu-bl...@nongnu.org
Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/virtio/virtio-access.h | 31 ++---
 include/hw/virtio/virtio-bus.h|  1 +
 include/hw/virtio/virtio.h|  9 ---
 hw/block/virtio-blk.c |  2 +-
 hw/char/virtio-serial-bus.c   |  3 ++-
 hw/scsi/virtio-scsi.c |  4 ++-
 hw/virtio/virtio-bus.c|  8 ++
 hw/virtio/virtio-pci.c| 14 ++
 hw/virtio/virtio.c| 57 +--
 9 files changed, 93 insertions(+), 36 deletions(-)

diff --git a/include/hw/virtio/virtio-access.h 
b/include/hw/virtio/virtio-access.h
index 440b455..91ae14d 100644
--- a/include/hw/virtio/virtio-access.h
+++ b/include/hw/virtio/virtio-access.h
@@ -17,6 +17,7 @@
 #define QEMU_VIRTIO_ACCESS_H
 
 #include "hw/virtio/virtio.h"
+#include "hw/virtio/virtio-bus.h"
 #include "exec/address-spaces.h"
 
 #if defined(TARGET_PPC64) || defined(TARGET_ARM)
@@ -40,45 +41,55 @@ static inline bool virtio_access_is_big_endian(VirtIODevice 
*vdev)
 
 static inline uint16_t virtio_lduw_phys(VirtIODevice *vdev, hwaddr pa)
 {
+AddressSpace *dma_as = vdev->dma_as;
+
 if (virtio_access_is_big_endian(vdev)) {
-return lduw_be_phys(_space_memory, pa);
+return lduw_be_phys(dma_as, pa);
 }
-return lduw_le_phys(_space_memory, pa);
+return lduw_le_phys(dma_as, pa);
 }
 
 static inline uint32_t virtio_ldl_phys(VirtIODevice *vdev, hwaddr pa)
 {
+AddressSpace *dma_as = vdev->dma_as;
+
 if (virtio_access_is_big_endian(vdev)) {
-return ldl_be_phys(_space_memory, pa);
+return ldl_be_phys(dma_as, pa);
 }
-return ldl_le_phys(_space_memory, pa);
+return ldl_le_phys(dma_as, pa);
 }
 
 static inline uint64_t virtio_ldq_phys(VirtIODevice *vdev, hwaddr pa)
 {
+AddressSpace *dma_as = vdev->dma_as;
+
 if (virtio_access_is_big_endian(vdev)) {
-return ldq_be_phys(_space_memory, pa);
+return ldq_be_phys(dma_as, pa);
 }
-return ldq_le_phys(_space_memory, pa);
+return ldq_le_phys(dma_as, pa);
 }
 
 static inline void virtio_stw_phys(VirtIODevice *vdev, hwaddr pa,
uint16_t value)
 {
+AddressSpace *dma_as = vdev->dma_as;
+
 if (virtio_access_is_big_endian(vdev)) {
-stw_be_phys(_space_memory, pa, value);
+stw_be_phys(dma_as, pa, value);
 } else {
-stw_le_phys(_space_memory, pa, value);
+stw_le_phys(dma_as, pa, value);
 }
 }
 
 static inline void virtio_stl_phys(VirtIODevice *vdev, hwaddr pa,
uint32_t value)
 {
+AddressSpace *dma_as = vdev->dma_as;
+
 if (virtio_access_is_big_endian(vdev)) {
-stl_be_phys(_space_memory, pa, value);
+stl_be_phys(dma_as, pa, value);
 } else {
-stl_le_phys(_space_memory, pa, value);
+stl_le_phys(dma_as, pa, value);
 }
 }
 
diff --git a/include/hw/virtio/virtio-bus.h b/include/hw/virtio/virtio-bus.h
index 8a51e2c..a63c1d2 100644
--- a/include/hw/virtio/virtio-bus.h
+++ b/include/hw/virtio/virtio-bus.h
@@ -88,6 +88,7 @@ typedef struct VirtioBusClass {
  * Note that changing this will break migration for this transport.
  */
 bool has_variable_vring_alignment;
+AddressSpace *(*get_dma_as)(DeviceState *d);
 } VirtioBusClass;
 
 struct VirtioBusState {
diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index ab0e030..5e4176f 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -92,6 +92,7 @@ struct VirtIODevice
 char *bus_name;
 uint8_t device_endian;
 bool use_guest_notifier_mask;
+AddressSpace *dma_as;
 QLIST_HEAD(, VirtQueue) *vector_queues;
 };
 
@@ -170,9 +171,9 @@ bool virtqueue_rewind(VirtQueue *vq, unsigned int num);
 void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
 unsigned int len, unsigned int idx);
 
-void virtqueue_map(VirtQueueElement *elem);
+void virtqueue_map(VirtIODevice *vdev, VirtQueueElement *elem);
 void *virtqueue_pop(VirtQueue *vq, size_t sz);
-void *qemu_get_virtqueue_element(QEMUFile *f, size_t 

[Qemu-devel] [PULL 05/41] intel_iommu: name vtd address space with devfn

[Michael S. Tsirkin]

From: Jason Wang 

To avoid duplicated name and ease debugging.

Cc: Michael S. Tsirkin 
Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Acked-by: Peter Xu 
Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/intel_iommu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 119217b..0dd1c8f 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -2344,6 +2344,7 @@ VTDAddressSpace *vtd_find_add_as(IntelIOMMUState *s, 
PCIBus *bus, int devfn)
 uintptr_t key = (uintptr_t)bus;
 VTDBus *vtd_bus = g_hash_table_lookup(s->vtd_as_by_busptr, );
 VTDAddressSpace *vtd_dev_as;
+char name[128];
 
 if (!vtd_bus) {
 /* No corresponding free() */
@@ -2357,6 +2358,7 @@ VTDAddressSpace *vtd_find_add_as(IntelIOMMUState *s, 
PCIBus *bus, int devfn)
 vtd_dev_as = vtd_bus->dev_as[devfn];
 
 if (!vtd_dev_as) {
+snprintf(name, sizeof(name), "intel_iommu_devfn_%d", devfn);
 vtd_bus->dev_as[devfn] = vtd_dev_as = 
g_malloc0(sizeof(VTDAddressSpace));
 
 vtd_dev_as->bus = bus;
@@ -2371,7 +2373,7 @@ VTDAddressSpace *vtd_find_add_as(IntelIOMMUState *s, 
PCIBus *bus, int devfn)
 memory_region_add_subregion(_dev_as->iommu, 
VTD_INTERRUPT_ADDR_FIRST,
 _dev_as->iommu_ir);
 address_space_init(_dev_as->as,
-   _dev_as->iommu, "intel_iommu");
+   _dev_as->iommu, name);
 }
 return vtd_dev_as;
 }
-- 
MST

[Qemu-devel] [PULL 17/41] virtio-crypto-pci: add check for cryptodev object

[Michael S. Tsirkin]

From: Gonglei 

We must assure each virtio crypto pci device has
an vaild cryptodev backend object.

Signed-off-by: Gonglei 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-crypto-pci.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/virtio/virtio-crypto-pci.c b/hw/virtio/virtio-crypto-pci.c
index a1b0906..14bd12c 100644
--- a/hw/virtio/virtio-crypto-pci.c
+++ b/hw/virtio/virtio-crypto-pci.c
@@ -31,6 +31,11 @@ static void virtio_crypto_pci_realize(VirtIOPCIProxy 
*vpci_dev, Error **errp)
 VirtIOCryptoPCI *vcrypto = VIRTIO_CRYPTO_PCI(vpci_dev);
 DeviceState *vdev = DEVICE(>vdev);
 
+if (vcrypto->vdev.conf.cryptodev == NULL) {
+error_setg(errp, "'cryptodev' parameter expects a valid object");
+return;
+}
+
 qdev_set_parent_bus(vdev, BUS(_dev->bus));
 virtio_pci_force_virtio_1(vpci_dev);
 object_property_set_bool(OBJECT(vdev), true, "realized", errp);
-- 
MST

[Qemu-devel] [PULL 03/41] virtio-crypto: fix possible integer and heap overflow

[Michael S. Tsirkin]

From: Gonglei 

Because the 'size_t' type is 4 bytes in 32-bit platform, which
is the same with 'int'. It's easy to make 'max_len' to zero when
integer overflow and then cause heap overflow if 'max_len' is zero.

Using uint_64 instead of size_t to avoid the integer overflow.

Cc: qemu-sta...@nongnu.org
Reported-by: Li Qiang 
Signed-off-by: Gonglei 
Tested-by: Li Qiang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
index 2f2467e..c23e1ad 100644
--- a/hw/virtio/virtio-crypto.c
+++ b/hw/virtio/virtio-crypto.c
@@ -416,7 +416,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
 uint32_t hash_start_src_offset = 0, len_to_hash = 0;
 uint32_t cipher_start_src_offset = 0, len_to_cipher = 0;
 
-size_t max_len, curr_size = 0;
+uint64_t max_len, curr_size = 0;
 size_t s;
 
 /* Plain cipher */
@@ -441,7 +441,7 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev,
 return NULL;
 }
 
-max_len = iv_len + aad_len + src_len + dst_len + hash_result_len;
+max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len;
 if (unlikely(max_len > vcrypto->conf.max_size)) {
 virtio_error(vdev, "virtio-crypto too big length");
 return NULL;
-- 
MST

[Qemu-devel] [PULL 08/41] intel_iommu: support device iotlb descriptor

[Michael S. Tsirkin]

From: Jason Wang 

This patch enables device IOTLB support for intel iommu. The major
work is to implement QI device IOTLB descriptor processing and notify
the device through iommu notifier.

Cc: Paolo Bonzini 
Cc: Richard Henderson 
Cc: Eduardo Habkost 
Cc: Michael S. Tsirkin 
Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Peter Xu 
---
 hw/i386/intel_iommu_internal.h | 13 ++-
 include/hw/i386/x86-iommu.h|  1 +
 hw/i386/intel_iommu.c  | 83 +++---
 hw/i386/x86-iommu.c| 17 +
 4 files changed, 107 insertions(+), 7 deletions(-)

diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h
index 11abfa2..356f188 100644
--- a/hw/i386/intel_iommu_internal.h
+++ b/hw/i386/intel_iommu_internal.h
@@ -183,6 +183,7 @@
 /* (offset >> 4) << 8 */
 #define VTD_ECAP_IRO(DMAR_IOTLB_REG_OFFSET << 4)
 #define VTD_ECAP_QI (1ULL << 1)
+#define VTD_ECAP_DT (1ULL << 2)
 /* Interrupt Remapping support */
 #define VTD_ECAP_IR (1ULL << 3)
 #define VTD_ECAP_EIM(1ULL << 4)
@@ -326,6 +327,7 @@ typedef union VTDInvDesc VTDInvDesc;
 #define VTD_INV_DESC_TYPE   0xf
 #define VTD_INV_DESC_CC 0x1 /* Context-cache Invalidate Desc */
 #define VTD_INV_DESC_IOTLB  0x2
+#define VTD_INV_DESC_DEVICE 0x3
 #define VTD_INV_DESC_IEC0x4 /* Interrupt Entry Cache
Invalidate Descriptor */
 #define VTD_INV_DESC_WAIT   0x5 /* Invalidation Wait Descriptor */
@@ -361,6 +363,13 @@ typedef union VTDInvDesc VTDInvDesc;
 #define VTD_INV_DESC_IOTLB_RSVD_LO  0xff00ULL
 #define VTD_INV_DESC_IOTLB_RSVD_HI  0xf80ULL
 
+/* Mask for Device IOTLB Invalidate Descriptor */
+#define VTD_INV_DESC_DEVICE_IOTLB_ADDR(val) ((val) & 0xf000ULL)
+#define VTD_INV_DESC_DEVICE_IOTLB_SIZE(val) ((val) & 0x1)
+#define VTD_INV_DESC_DEVICE_IOTLB_SID(val) (((val) >> 32) & 0xULL)
+#define VTD_INV_DESC_DEVICE_IOTLB_RSVD_HI 0xffeULL
+#define VTD_INV_DESC_DEVICE_IOTLB_RSVD_LO 0xffe0fff8
+
 /* Information about page-selective IOTLB invalidate */
 struct VTDIOTLBPageInvInfo {
 uint16_t domain_id;
@@ -399,8 +408,8 @@ typedef struct VTDRootEntry VTDRootEntry;
 #define VTD_CONTEXT_ENTRY_FPD   (1ULL << 1) /* Fault Processing Disable */
 #define VTD_CONTEXT_ENTRY_TT(3ULL << 2) /* Translation Type */
 #define VTD_CONTEXT_TT_MULTI_LEVEL  0
-#define VTD_CONTEXT_TT_DEV_IOTLB1
-#define VTD_CONTEXT_TT_PASS_THROUGH 2
+#define VTD_CONTEXT_TT_DEV_IOTLB(1ULL << 2)
+#define VTD_CONTEXT_TT_PASS_THROUGH (2ULL << 2)
 /* Second Level Page Translation Pointer*/
 #define VTD_CONTEXT_ENTRY_SLPTPTR   (~0xfffULL)
 #define VTD_CONTEXT_ENTRY_RSVD_LO   (0xff0ULL | ~VTD_HAW_MASK)
diff --git a/include/hw/i386/x86-iommu.h b/include/hw/i386/x86-iommu.h
index 0c89d98..361c07c 100644
--- a/include/hw/i386/x86-iommu.h
+++ b/include/hw/i386/x86-iommu.h
@@ -73,6 +73,7 @@ typedef struct IEC_Notifier IEC_Notifier;
 struct X86IOMMUState {
 SysBusDevice busdev;
 bool intr_supported;/* Whether vIOMMU supports IR */
+bool dt_supported;  /* Whether vIOMMU supports DT */
 IommuType type; /* IOMMU type - AMD/Intel */
 QLIST_HEAD(, IEC_Notifier) iec_notifiers; /* IEC notify list */
 };
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index e39b764..ec62239 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -738,11 +738,18 @@ static int vtd_dev_to_context_entry(IntelIOMMUState *s, 
uint8_t bus_num,
 "context-entry hi 0x%"PRIx64 " lo 0x%"PRIx64,
 ce->hi, ce->lo);
 return -VTD_FR_CONTEXT_ENTRY_INV;
-} else if (ce->lo & VTD_CONTEXT_ENTRY_TT) {
-VTD_DPRINTF(GENERAL, "error: unsupported Translation Type in "
-"context-entry hi 0x%"PRIx64 " lo 0x%"PRIx64,
-ce->hi, ce->lo);
-return -VTD_FR_CONTEXT_ENTRY_INV;
+} else {
+switch (ce->lo & VTD_CONTEXT_ENTRY_TT) {
+case VTD_CONTEXT_TT_MULTI_LEVEL:
+/* fall through */
+case VTD_CONTEXT_TT_DEV_IOTLB:
+break;
+default:
+VTD_DPRINTF(GENERAL, "error: unsupported Translation Type in "
+"context-entry hi 0x%"PRIx64 " lo 0x%"PRIx64,
+ce->hi, ce->lo);
+return -VTD_FR_CONTEXT_ENTRY_INV;
+}
 }
 return 0;
 }
@@ -1438,7 +1445,61 @@ static bool vtd_process_inv_iec_desc(IntelIOMMUState *s,
 vtd_iec_notify_all(s, !inv_desc->iec.granularity,
inv_desc->iec.index,

[Qemu-devel] [PULL 00/41] virtio, vhost, pc: fixes, features

[Michael S. Tsirkin]

The following changes since commit 77424a452abe5f941d8cd81f1e85f42bca31c9ef:

  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
(2017-01-09 15:30:45 +)

are available in the git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream

for you to fetch changes up to 987da7be996e63c294dc6485acb1c37af7696257:

  acpi-test: update expected files (2017-01-10 07:06:42 +0200)


virtio, vhost, pc: fixes, features

beginnings of iotlb support for vhost
acpi hotplug rework
vhost net tx flush on link down
passing mtu to guests
hotplug for virtio crypto
fixes and cleanups all over the place

Signed-off-by: Michael S. Tsirkin 


Cao jin (2):
  doc/pcie: correct command line examples
  pcie_aer: Convert pcie_aer_init to Error

Dou Liyang (1):
  pcie_aer: support configurable AER capa version

Dr. David Alan Gilbert (1):
  balloon: Don't balloon roms

Gonglei (8):
  virtio-crypto: fix possible integer and heap overflow
  virtio-crypto: use the correct length for cipher operation
  cryptodev: introduce a new is_used property
  cryptodev: wrap the ready flag
  virtio-crypto-pci: add check for cryptodev object
  virtio-crypto: avoid one cryptodev device is used by multiple virtio 
crypto devices
  virtio-crypto-pci: tag virtio-crypto device hot pluggable
  virtio-crypto: zeroize the key material before free

Halil Pasic (1):
  virtio: fix vq->inuse recalc after migr

Igor Mammedov (9):
  tests: pc: add memory hotplug acpi tables tests
  memhp: move build_memory_hotplug_aml() into memory_hotplug.c
  memhp: move build_memory_devices() into memory_hotplug.c
  memhp: consolidate scattered MHPD device declaration
  memhp: merge build_memory_devices() into build_memory_hotplug_aml()
  memhp: move GPE handler_E03 into build_memory_hotplug_aml()
  memhp: move memory hotplug only defines to memory_hotplug.c
  memhp: don't generate memory hotplug AML if it's not enabled/supported
  memhp: move DIMM devices into dedicated scope with related common methods

Jason Wang (9):
  virtio: convert to use DMA api
  intel_iommu: name vtd address space with devfn
  intel_iommu: allocate new key when creating new address space
  exec: introduce address_space_get_iotlb_entry()
  intel_iommu: support device iotlb descriptor
  virtio-pci: address space translation service (ATS) support
  acpi: add ATSR for q35
  memory: handle alias for iommu notifier
  memory: handle alias in memory_region_is_iommu()

Maxime Coquelin (3):
  vhost-user: Add MTU protocol feature and op
  vhost-net: Notify the backend about the host MTU
  virtio-net: Add MTU feature support

Michael S. Tsirkin (1):
  acpi-test: update expected files

Peter Xu (2):
  migration: allow to prioritize save state entries
  intel_iommu: allow migration

Yuri Benditovich (4):
  net: Add virtio queue interface to update used index from vring state
  net: vhost stop updates virtio queue state
  virtio: Introduce virtqueue_drop_all procedure
  net: virtio-net discards TX data after link down

 docs/pcie.txt |  12 +-
 docs/specs/vhost-user.txt |  16 ++
 hw/i386/intel_iommu_internal.h|  13 +-
 hw/virtio/virtio-pci.h|   4 +
 include/exec/memory.h |   8 +
 include/hw/acpi/acpi-defs.h   |  12 +
 include/hw/acpi/memory_hotplug.h  |  12 +-
 include/hw/acpi/pc-hotplug.h  |  23 --
 include/hw/i386/x86-iommu.h   |   1 +
 include/hw/pci/pcie.h |   4 +
 include/hw/pci/pcie_aer.h |   4 +-
 include/hw/virtio/vhost-backend.h |   2 +
 include/hw/virtio/virtio-access.h |  31 ++-
 include/hw/virtio/virtio-bus.h|   1 +
 include/hw/virtio/virtio-net.h|   1 +
 include/hw/virtio/virtio.h|  11 +-
 include/migration/vmstate.h   |   7 +
 include/net/vhost_net.h   |   2 +
 include/standard-headers/linux/pci_regs.h |   1 +
 include/sysemu/cryptodev.h|  42 +++
 backends/cryptodev-builtin.c  |   4 +
 backends/cryptodev.c  |  34 ++-
 exec.c|  33 +++
 hw/acpi/ich9.c|   3 +-
 hw/acpi/memory_hotplug.c  | 420 +-
 hw/acpi/memory_hotplug_acpi_table.c   | 262 ---
 hw/acpi/piix4.c   |   3 +-
 hw/block/virtio-blk.c |   2 +-
 hw/char/virtio-serial-bus.c   |   3 +-
 hw/i386/acpi-build.c  | 206 +++
 hw/i386/intel_iommu.c | 114 +++-
 

[Qemu-devel] [PULL 14/41] virtio-crypto: use the correct length for cipher operation

[Michael S. Tsirkin]

From: Gonglei 

In some modes of cipher algorithms, the length of destination data
maybe larger then source data, such as ciphertext stealing (CTS).

For symmetric algorithms, the length of ciphertext is definitly
equal to the plaintext for each crypto operation. So we should
use the src_len instead of dst_len avoid to pass the incorrect
cryptographical results to the frontend driver.

Signed-off-by: Gonglei 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio-crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
index c23e1ad..f872c87 100644
--- a/hw/virtio/virtio-crypto.c
+++ b/hw/virtio/virtio-crypto.c
@@ -355,7 +355,7 @@ virtio_crypto_sym_input_data_helper(VirtIODevice *vdev,
 return;
 }
 
-len = sym_op_info->dst_len;
+len = sym_op_info->src_len;
 /* Save the cipher result */
 s = iov_from_buf(req->in_iov, req->in_num, 0, sym_op_info->dst, len);
 if (s != len) {
-- 
MST

[Qemu-devel] [PULL 07/41] exec: introduce address_space_get_iotlb_entry()

[Michael S. Tsirkin]

From: Jason Wang 

This patch introduces a helper to query the iotlb entry for a
possible iova. This will be used by later device IOTLB API to enable
the capability for a dataplane (e.g vhost) to query the IOTLB.

Cc: Paolo Bonzini 
Cc: Peter Crosthwaite 
Cc: Richard Henderson 
Acked-by: Paolo Bonzini 
Signed-off-by: Jason Wang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/exec/memory.h |  5 +
 exec.c| 33 +
 2 files changed, 38 insertions(+)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 64560f6..358edfb 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1537,6 +1537,11 @@ void stl_le_phys_cached(MemoryRegionCache *cache, hwaddr 
addr, uint32_t val);
 void stl_be_phys_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val);
 void stq_le_phys_cached(MemoryRegionCache *cache, hwaddr addr, uint64_t val);
 void stq_be_phys_cached(MemoryRegionCache *cache, hwaddr addr, uint64_t val);
+/* address_space_get_iotlb_entry: translate an address into an IOTLB
+ * entry. Should be called from an RCU critical section.
+ */
+IOMMUTLBEntry address_space_get_iotlb_entry(AddressSpace *as, hwaddr addr,
+bool is_write);
 
 /* address_space_translate: translate an address range into an address space
  * into a MemoryRegion and an address range into that section.  Should be
diff --git a/exec.c b/exec.c
index 8d4bb0e..47835c1 100644
--- a/exec.c
+++ b/exec.c
@@ -449,6 +449,39 @@ address_space_translate_internal(AddressSpaceDispatch *d, 
hwaddr addr, hwaddr *x
 }
 
 /* Called from RCU critical section */
+IOMMUTLBEntry address_space_get_iotlb_entry(AddressSpace *as, hwaddr addr,
+bool is_write)
+{
+IOMMUTLBEntry iotlb = {0};
+MemoryRegionSection *section;
+MemoryRegion *mr;
+
+for (;;) {
+AddressSpaceDispatch *d = atomic_rcu_read(>dispatch);
+section = address_space_lookup_region(d, addr, false);
+addr = addr - section->offset_within_address_space
+   + section->offset_within_region;
+mr = section->mr;
+
+if (!mr->iommu_ops) {
+break;
+}
+
+iotlb = mr->iommu_ops->translate(mr, addr, is_write);
+if (!(iotlb.perm & (1 << is_write))) {
+iotlb.target_as = NULL;
+break;
+}
+
+addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
+| (addr & iotlb.addr_mask));
+as = iotlb.target_as;
+}
+
+return iotlb;
+}
+
+/* Called from RCU critical section */
 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
   hwaddr *xlat, hwaddr *plen,
   bool is_write)
-- 
MST

[Qemu-devel] [PULL 02/41] intel_iommu: allow migration

[Michael S. Tsirkin]

From: Peter Xu 

IOMMU needs to be migrated before all the PCI devices (in case there are
devices that will request for address translation). So marking it with a
priority higher than the default (which PCI devices and other belong).
Migration framework handled the rest.

Signed-off-by: Peter Xu 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/migration/vmstate.h |  1 +
 hw/i386/intel_iommu.c   | 22 +-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 1a22887..2125829 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -188,6 +188,7 @@ enum VMStateFlags {
 
 typedef enum {
 MIG_PRI_DEFAULT = 0,
+MIG_PRI_IOMMU,  /* Must happen before PCI devices */
 MIG_PRI_MAX,
 } MigrationPriority;
 
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 5f3e351..119217b 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -1996,7 +1996,27 @@ static void vtd_iommu_notify_flag_changed(MemoryRegion 
*iommu,
 
 static const VMStateDescription vtd_vmstate = {
 .name = "iommu-intel",
-.unmigratable = 1,
+.version_id = 1,
+.minimum_version_id = 1,
+.priority = MIG_PRI_IOMMU,
+.fields = (VMStateField[]) {
+VMSTATE_UINT64(root, IntelIOMMUState),
+VMSTATE_UINT64(intr_root, IntelIOMMUState),
+VMSTATE_UINT64(iq, IntelIOMMUState),
+VMSTATE_UINT32(intr_size, IntelIOMMUState),
+VMSTATE_UINT16(iq_head, IntelIOMMUState),
+VMSTATE_UINT16(iq_tail, IntelIOMMUState),
+VMSTATE_UINT16(iq_size, IntelIOMMUState),
+VMSTATE_UINT16(next_frcd_reg, IntelIOMMUState),
+VMSTATE_UINT8_ARRAY(csr, IntelIOMMUState, DMAR_REG_SIZE),
+VMSTATE_UINT8(iq_last_desc_type, IntelIOMMUState),
+VMSTATE_BOOL(root_extended, IntelIOMMUState),
+VMSTATE_BOOL(dmar_enabled, IntelIOMMUState),
+VMSTATE_BOOL(qi_enabled, IntelIOMMUState),
+VMSTATE_BOOL(intr_enabled, IntelIOMMUState),
+VMSTATE_BOOL(intr_eime, IntelIOMMUState),
+VMSTATE_END_OF_LIST()
+}
 };
 
 static const MemoryRegionOps vtd_mem_ops = {
-- 
MST

[Qemu-devel] [PULL 01/41] migration: allow to prioritize save state entries

[Michael S. Tsirkin]

From: Peter Xu 

During migration, save state entries are saved/loaded without a specific
order - we just traverse the savevm_state.handlers list and do it one by
one. This might not be enough.

There are requirements that we need to load specific device's vmstate
first before others. For example, VT-d IOMMU contains DMA address
remapping information, which is required by all the PCI devices to do
address translations. We need to make sure IOMMU's device state is
loaded before the rest of the PCI devices, so that DMA address
translation can work properly.

This patch provide a VMStateDescription.priority value to allow specify
the priority of the saved states. The loadvm operation will be done with
those devices with higher vmsd priority.

Before this patch, we are possibly achieving the ordering requirement by
an assumption that the ordering will be the same with the ordering that
objects are created. A better way is to mark it out explicitly in the
VMStateDescription table, like what this patch does.

Current ordering logic is still naive and slow, but after all that's not
a critical path so IMO it's a workable solution for now.

Signed-off-by: Peter Xu 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Dr. David Alan Gilbert 
---
 include/migration/vmstate.h |  6 ++
 migration/savevm.c  | 34 ++
 2 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 1638ee5..1a22887 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -186,6 +186,11 @@ enum VMStateFlags {
 VMS_MULTIPLY_ELEMENTS = 0x4000,
 };
 
+typedef enum {
+MIG_PRI_DEFAULT = 0,
+MIG_PRI_MAX,
+} MigrationPriority;
+
 typedef struct {
 const char *name;
 size_t offset;
@@ -207,6 +212,7 @@ struct VMStateDescription {
 int version_id;
 int minimum_version_id;
 int minimum_version_id_old;
+MigrationPriority priority;
 LoadStateHandler *load_state_old;
 int (*pre_load)(void *opaque);
 int (*post_load)(void *opaque, int version_id);
diff --git a/migration/savevm.c b/migration/savevm.c
index 0363372..f9c06e9 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -532,6 +532,34 @@ static int calculate_compat_instance_id(const char *idstr)
 return instance_id;
 }
 
+static inline MigrationPriority save_state_priority(SaveStateEntry *se)
+{
+if (se->vmsd) {
+return se->vmsd->priority;
+}
+return MIG_PRI_DEFAULT;
+}
+
+static void savevm_state_handler_insert(SaveStateEntry *nse)
+{
+MigrationPriority priority = save_state_priority(nse);
+SaveStateEntry *se;
+
+assert(priority <= MIG_PRI_MAX);
+
+QTAILQ_FOREACH(se, _state.handlers, entry) {
+if (save_state_priority(se) < priority) {
+break;
+}
+}
+
+if (se) {
+QTAILQ_INSERT_BEFORE(se, nse, entry);
+} else {
+QTAILQ_INSERT_TAIL(_state.handlers, nse, entry);
+}
+}
+
 /* TODO: Individual devices generally have very little idea about the rest
of the system, so instance_id should be removed/replaced.
Meanwhile pass -1 as instance_id if you do not already have a clearly
@@ -578,8 +606,7 @@ int register_savevm_live(DeviceState *dev,
 se->instance_id = instance_id;
 }
 assert(!se->compat || se->instance_id == 0);
-/* add at the end of list */
-QTAILQ_INSERT_TAIL(_state.handlers, se, entry);
+savevm_state_handler_insert(se);
 return 0;
 }
 
@@ -662,8 +689,7 @@ int vmstate_register_with_alias_id(DeviceState *dev, int 
instance_id,
 se->instance_id = instance_id;
 }
 assert(!se->compat || se->instance_id == 0);
-/* add at the end of list */
-QTAILQ_INSERT_TAIL(_state.handlers, se, entry);
+savevm_state_handler_insert(se);
 return 0;
 }
 
-- 
MST

Re: [Qemu-devel] [PATCH for-2.9 00/10] pc: acpi: memory hotplug cleanup/consolidation

[Michael S. Tsirkin]

On Mon, Jan 09, 2017 at 03:22:01PM +0100, Igor Mammedov wrote:
> On Tue,  6 Dec 2016 00:32:19 +0100
> Igor Mammedov  wrote:
> 
> > Series cleanups and consolidates scattered memory hotplug
> > code so it could be easily reused by ARM target later.
> > 
> > As result:
> >  * added memory hotplug variant to bios tables test
> >  * all ACPI related parts of memory hotplug are consolidated
> >within memory_hotplug.c
> >  * DSDT table size is reduced ~900 bytes when memory hotplug
> >is not enabled (by not generating not used AML)
> >  * DSDT table size is reduced on 12 bytes per slot
> >(i.e. up to ~3000 bytes savings for 256 DIMMs) with memory hotplug
> >enabled due AML reorganization that makes calls to common functions
> >smaller as devices and common functions are now within the same scope.
> > 
> > Tested with following guests:
> >   - RHEL7.3, WS2008DC, WS2008R2DC, WS2012R2DC, WS2016TP5 - no regressions 
> > found
> >   - XP3 and WS2003 - boots fine even if memhotplug is enabled (but otherwise
> > it never worked as memhp is not supported there)
> 
> Michael,
> 
> Marcel's already reviewed this series a while ago could you
> pull it in your tree if there aren't any questions?

I merged this and updated expected files accordingly.

Could you please check expected files in my tree
to make sure it looks good?

Thanks!

> 
> > Git tree for testing:
> >   https://github.com/imammedo/qemu.git memhp_consolidate_v1
> > viewing:
> >   https://github.com/imammedo/qemu/commits/memhp_consolidate_v1
> > 
> > Note to maintaner:
> >   * blobs patch 2/10 should be merged to patch 1/10
> >   * ACPI tables should be regenarated and applied after series is merged
> > as DSDT will cange for all tests cases due removal of inactive
> > memory hotplug code.
> > 
> > CC: "Michael S. Tsirkin" 
> > CC: Eduardo Habkost 
> > CC: Marcel Apfelbaum 
> > 
> > 
> > Igor Mammedov (10):
> >   tests: pc: add memory hotplug acpi tables tests
> >   tests: pc: acpi: add SRAT and DSDT blobs for memory hotplug variant
> >   memhp: move build_memory_hotplug_aml() into memory_hotplug.c
> >   memhp: move build_memory_devices() into memory_hotplug.c
> >   memhp: consolidate scattered MHPD device declaration
> >   memhp: merge build_memory_devices() into build_memory_hotplug_aml()
> >   memhp: move GPE handler_E03 into build_memory_hotplug_aml()
> >   memhp: move memory hotplug only defines to memory_hotplug.c
> >   memhp: don't generate memory hotplug AML if it's not enabled/supported
> >   memhp: move DIMM devices into dedicated scope with related common
> > methods
> > 
> >  include/hw/acpi/memory_hotplug.h|  12 +-
> >  include/hw/acpi/pc-hotplug.h|  23 --
> >  hw/acpi/Makefile.objs   |   2 +-
> >  hw/acpi/ich9.c  |   3 +-
> >  hw/acpi/memory_hotplug.c| 420 
> > +++-
> >  hw/acpi/memory_hotplug_acpi_table.c | 262 --
> >  hw/acpi/piix4.c |   3 +-
> >  hw/i386/acpi-build.c| 197 +++--
> >  tests/acpi-test-data/pc/DSDT.memhp  | Bin 0 -> 6613 bytes
> >  tests/acpi-test-data/pc/SRAT.memhp  | Bin 0 -> 224 bytes
> >  tests/acpi-test-data/q35/DSDT.memhp | Bin 0 -> 9375 bytes
> >  tests/acpi-test-data/q35/SRAT.memhp | Bin 0 -> 224 bytes
> >  tests/bios-tables-test.c|  24 +++
> >  13 files changed, 479 insertions(+), 467 deletions(-)
> >  delete mode 100644 hw/acpi/memory_hotplug_acpi_table.c
> >  create mode 100644 tests/acpi-test-data/pc/DSDT.memhp
> >  create mode 100644 tests/acpi-test-data/pc/SRAT.memhp
> >  create mode 100644 tests/acpi-test-data/q35/DSDT.memhp
> >  create mode 100644 tests/acpi-test-data/q35/SRAT.memhp
> > 

Re: [Qemu-devel] [PATCH V4 10/10] vhost_net: device IOTLB support

[Michael S. Tsirkin]

On Fri, Dec 30, 2016 at 06:09:19PM +0800, Jason Wang wrote:
> This patches implements Device IOTLB support for vhost kernel. This is
> done through:
> 
> 1) switch to use dma helpers when map/unmap vrings from vhost codes
> 2) introduce a set of VhostOps to:
>- setting up device IOTLB request callback
>- processing device IOTLB request
>- processing device IOTLB invalidation
> 2) kernel support for Device IOTLB API:
> 
> - allow vhost-net to query the IOMMU IOTLB entry through eventfd
> - enable the ability for qemu to update a specified mapping of vhost
> - through ioctl.
> - enable the ability to invalidate a specified range of iova for the
>   device IOTLB of vhost through ioctl. In x86/intel_iommu case this is
>   triggered through iommu memory region notifier from device IOTLB
>   invalidation descriptor processing routine.
> 
> With all the above, kernel vhost_net can co-operate with userspace
> IOMMU. For vhost-user, the support could be easily done on top by
> implementing the VhostOps.
> 
> Cc: Michael S. Tsirkin 
> Signed-off-by: Jason Wang 

Specifically this patch is the one causing issues.


> ---
>  hw/virtio/vhost-backend.c |  99 +
>  hw/virtio/vhost.c | 178 
> +-
>  include/hw/virtio/vhost-backend.h |  13 +++
>  include/hw/virtio/vhost.h |   4 +
>  net/tap.c |   1 +
>  5 files changed, 273 insertions(+), 22 deletions(-)
> 
> diff --git a/hw/virtio/vhost-backend.c b/hw/virtio/vhost-backend.c
> index 272a5ec..be927b8 100644
> --- a/hw/virtio/vhost-backend.c
> +++ b/hw/virtio/vhost-backend.c
> @@ -185,6 +185,102 @@ static int vhost_kernel_vsock_set_running(struct 
> vhost_dev *dev, int start)
>  }
>  #endif /* CONFIG_VHOST_VSOCK */
>  
> +static void vhost_kernel_iotlb_read(void *opaque)
> +{
> +struct vhost_dev *dev = opaque;
> +struct vhost_msg msg;
> +ssize_t len;
> +
> +while ((len = read((uintptr_t)dev->opaque, , sizeof msg)) > 0) {
> +struct vhost_iotlb_msg *imsg = 
> +if (len < sizeof msg) {
> +error_report("Wrong vhost message len: %d", (int)len);
> +break;
> +}
> +if (msg.type != VHOST_IOTLB_MSG) {
> +error_report("Unknown vhost iotlb message type");
> +break;
> +}
> +switch (imsg->type) {
> +case VHOST_IOTLB_MISS:
> +vhost_device_iotlb_miss(dev, imsg->iova,
> +imsg->perm != VHOST_ACCESS_RO);
> +break;
> +case VHOST_IOTLB_UPDATE:
> +case VHOST_IOTLB_INVALIDATE:
> +error_report("Unexpected IOTLB message type");
> +break;
> +case VHOST_IOTLB_ACCESS_FAIL:
> +/* FIXME: report device iotlb error */
> +break;
> +default:
> +break;
> +}
> +}
> +}
> +
> +static int vhost_kernel_update_device_iotlb(struct vhost_dev *dev,
> +uint64_t iova, uint64_t uaddr,
> +uint64_t len,
> +IOMMUAccessFlags perm)
> +{
> +struct vhost_msg msg;
> +msg.type = VHOST_IOTLB_MSG;
> +msg.iotlb.iova =  iova;
> +msg.iotlb.uaddr = uaddr;
> +msg.iotlb.size = len;
> +msg.iotlb.type = VHOST_IOTLB_UPDATE;
> +
> +switch (perm) {
> +case IOMMU_RO:
> +msg.iotlb.perm = VHOST_ACCESS_RO;
> +break;
> +case IOMMU_WO:
> +msg.iotlb.perm = VHOST_ACCESS_WO;
> +break;
> +case IOMMU_RW:
> +msg.iotlb.perm = VHOST_ACCESS_RW;
> +break;
> +default:
> +g_assert_not_reached();
> +}
> +
> +if (write((uintptr_t)dev->opaque, , sizeof msg) != sizeof msg) {
> +error_report("Fail to update device iotlb");
> +return -EFAULT;
> +}
> +
> +return 0;
> +}
> +
> +static int vhost_kernel_invalidate_device_iotlb(struct vhost_dev *dev,
> +uint64_t iova, uint64_t len)
> +{
> +struct vhost_msg msg;
> +
> +msg.type = VHOST_IOTLB_MSG;
> +msg.iotlb.iova = iova;
> +msg.iotlb.size = len;
> +msg.iotlb.type = VHOST_IOTLB_INVALIDATE;
> +
> +if (write((uintptr_t)dev->opaque, , sizeof msg) != sizeof msg) {
> +error_report("Fail to invalidate device iotlb");
> +return -EFAULT;
> +}
> +
> +return 0;
> +}
> +
> +static void vhost_kernel_set_iotlb_callback(struct vhost_dev *dev,
> +   int enabled)
> +{
> +if (enabled)
> +qemu_set_fd_handler((uintptr_t)dev->opaque,
> +vhost_kernel_iotlb_read, NULL, dev);
> +else
> +qemu_set_fd_handler((uintptr_t)dev->opaque, NULL, NULL, NULL);
> +}
> +
>  static const VhostOps kernel_ops = {
>  .backend_type = VHOST_BACKEND_TYPE_KERNEL,
>  

Re: [Qemu-devel] [PATCH V4 00/10] vhost device IOTLB support

[Michael S. Tsirkin]

On Fri, Dec 30, 2016 at 06:09:09PM +0800, Jason Wang wrote:
> Hi all:
> 
> As the userspace vitio driver became popular, more and more request
> were received for secure DMA environemt (DMAR). So this series tries
> to make DMAR works for virtio/vhost. The idea is let virtio/vhost
> co-work with userspace iommu implememtation. This is done through:
> 
> - for virtio, when platform supports IOMMU (VIRTIO_F_IOMMU_PLATFORM),
>   virtio will not assume address_space_memory, instead a transport
>   specific method were introduced for querying the dma address space
>   and dma helpers were used in device emulation codes.
> - for vhost, implement a device IOTLB by using device IOTLB API
>   supported by recent kernel. With this API, vhost kernel can query
>   IOTLB entry for a specified iova from qemu, qemu can invalidate an
>   arbitrary range of iova in vhost kernel.
> 
> The device IOTLB API is totaly architecture independent, an example
> implementation was done with intel iommu by:
> 
> - implement basic ATS (Address Translation Service) for virtio-pci,
>   this will make device IOTLB visible for iommu driver in guest.
> - implement device IOTLB descriptor processing in intel iommu (enabled
>   through device-iotlb=on), and trigger the device IOTLB invalidation
>   in vhost through iommu notifier.
> 
> It could be easily ported to other IOMMU or architecture even if it
> doesn't support device IOTLB. (e.g just invalidate the vhost IOTLB
> during IOMMU IOTLB invalidation). But this will be slow since several
> devics were contending userspace IOTLB entries.
> 
> AMD IOMMU suppot for device IOTLB is ready, but it depends on other
> fixes to work correctly.
> 
> Test was done by:
> 
> - intel_iommu=on/strict in guest.
> - vfio l2fwd in guest.
> 
> This main use case is the programs that use fixed mapping in guest
> (e.g dpdk). If 1G hugepage were used in guest, thanks to the SLLPS
> support, we can get 100% TLB hit rate for l2fwd in guest.
> 
> For the normal kernel driver which uses lots of dynamic mapping and
> unmapping, we may see performance penalty, this could be optimized in
> the future.

This causes make check failure with Broken pipe message.
Probably an unexpected interaction with vhost-user.

> TODO:
> - more platforms and IOMMU support (done but block by other bugs of
>   AMD IOMMU)
> - performance optimizations (e.g merging adjacent mappings)
> - non ATS support (userspace IOTLB snooping)
> - using ATSCtl to disable Device IOTLB
> 
> Changes from V3:
> - rebase to HEAD
> - fill all entry of IOMMUTLBEntry before notify
> 
> Changes from V2:
> - rebase to HEAD
> - avoid querying dma_as each time by using vdev->dma_as directly
> - fix and improve address_space_get_iotlb_entry()
> - drop patch 1 (which has been posted as an independent fix)
> - fix ECAP when device-iotlb=off
> - fix centos6 build
> 
> Changes from V1:
> - rebase to HEAD
> - avoid calling transport specific dma as fetching method each time by
>   caching it in vdev
> - convert to use new IOMMU notifier API
> - silent checkpatch warnings and fix 32bit build
> - use "device-iotlb" instead of "device_iotlb"
> - rename virtio_memory_map() to vhost_memory_map() and move it to vhost.c
> - use memory_region_is_iommu() instead of inventing new one
> 
> Changes from RFC:
> - rebase to HEAD
> - switch to use new vhost device IOTLB API
> - use the new feature bit VIRITO_F_IOMMU_PLATFORM
> - finalize basic ATS implementation
> - add ATSR for Root port ATS transaction
> - fix the iommu notifier handling during unregistering
> - use snprintf() in patch 3
> - correc the loop in address_space_get_iotlb_entry()
> - small tweak on the address calculation during device iotlb
>   descriptor processing.
> 
> Jason Wang (10):
>   virtio: convert to use DMA api
>   intel_iommu: name vtd address space with devfn
>   intel_iommu: allocate new key when creating new address space
>   exec: introduce address_space_get_iotlb_entry()
>   intel_iommu: support device iotlb descriptor
>   virtio-pci: address space translation service (ATS) support
>   acpi: add ATSR for q35
>   memory: handle alias for iommu notifier
>   memory: handle alias in memory_region_is_iommu()
>   vhost_net: device IOTLB support
> 
>  exec.c|  33 ++
>  hw/block/virtio-blk.c |   2 +-
>  hw/char/virtio-serial-bus.c   |   3 +-
>  hw/i386/acpi-build.c  |   9 ++
>  hw/i386/intel_iommu.c |  92 +--
>  hw/i386/intel_iommu_internal.h|  13 ++-
>  hw/i386/x86-iommu.c   |  17 +++
>  hw/pci/pcie.c |  16 +++
>  hw/scsi/virtio-scsi.c |   4 +-
>  hw/virtio/vhost-backend.c |  99 +
>  hw/virtio/vhost.c | 178 
> ++
>  hw/virtio/virtio-bus.c|   8 ++
>  hw/virtio/virtio-pci.c|  21 
>  

Re: [Qemu-devel] [PATCH 4/5] pc: Add 2.9 machine-types

[Michael S. Tsirkin]

On Sun, Jan 08, 2017 at 05:40:40PM -0200, Eduardo Habkost wrote:
> Cc: "Michael S. Tsirkin" 
> Cc: Laszlo Ersek 
> Cc: Igor Mammedov 
> Signed-off-by: Eduardo Habkost 

Do I understand it correctly that you are merging this through
another tree?

In that case

Reviewed-by: Michael S. Tsirkin 


> ---
> Changes v1 -> v2:
> * Added extra backslash to PC_COMPAT_2_8 definition
>   * Suggested-by: Laszlo Ersek 
> ---
>  include/hw/i386/pc.h |  2 ++
>  hw/i386/pc_piix.c| 15 ---
>  hw/i386/pc_q35.c | 13 +++--
>  3 files changed, 25 insertions(+), 5 deletions(-)
> 
> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> index b22e699c46..230e9e70c5 100644
> --- a/include/hw/i386/pc.h
> +++ b/include/hw/i386/pc.h
> @@ -375,6 +375,8 @@ int e820_get_num_entries(void);
>  bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
>  
>  #define PC_COMPAT_2_8 \
> +HW_COMPAT_2_8 \
> +
>  
>  #define PC_COMPAT_2_7 \
>  HW_COMPAT_2_7 \
> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> index 5e1adbe53c..9f102aa388 100644
> --- a/hw/i386/pc_piix.c
> +++ b/hw/i386/pc_piix.c
> @@ -437,13 +437,24 @@ static void pc_i440fx_machine_options(MachineClass *m)
>  m->default_display = "std";
>  }
>  
> -static void pc_i440fx_2_8_machine_options(MachineClass *m)
> +static void pc_i440fx_2_9_machine_options(MachineClass *m)
>  {
>  pc_i440fx_machine_options(m);
>  m->alias = "pc";
>  m->is_default = 1;
>  }
>  
> +DEFINE_I440FX_MACHINE(v2_9, "pc-i440fx-2.9", NULL,
> +  pc_i440fx_2_9_machine_options);
> +
> +static void pc_i440fx_2_8_machine_options(MachineClass *m)
> +{
> +pc_i440fx_2_9_machine_options(m);
> +m->is_default = 0;
> +m->alias = NULL;
> +SET_MACHINE_COMPAT(m, PC_COMPAT_2_8);
> +}
> +
>  DEFINE_I440FX_MACHINE(v2_8, "pc-i440fx-2.8", NULL,
>pc_i440fx_2_8_machine_options);
>  
> @@ -451,8 +462,6 @@ DEFINE_I440FX_MACHINE(v2_8, "pc-i440fx-2.8", NULL,
>  static void pc_i440fx_2_7_machine_options(MachineClass *m)
>  {
>  pc_i440fx_2_8_machine_options(m);
> -m->is_default = 0;
> -m->alias = NULL;
>  SET_MACHINE_COMPAT(m, PC_COMPAT_2_7);
>  }
>  
> diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> index d042fe0843..dd792a8547 100644
> --- a/hw/i386/pc_q35.c
> +++ b/hw/i386/pc_q35.c
> @@ -301,19 +301,28 @@ static void pc_q35_machine_options(MachineClass *m)
>  m->max_cpus = 288;
>  }
>  
> -static void pc_q35_2_8_machine_options(MachineClass *m)
> +static void pc_q35_2_9_machine_options(MachineClass *m)
>  {
>  pc_q35_machine_options(m);
>  m->alias = "q35";
>  }
>  
> +DEFINE_Q35_MACHINE(v2_9, "pc-q35-2.9", NULL,
> +   pc_q35_2_9_machine_options);
> +
> +static void pc_q35_2_8_machine_options(MachineClass *m)
> +{
> +pc_q35_2_9_machine_options(m);
> +m->alias = NULL;
> +SET_MACHINE_COMPAT(m, PC_COMPAT_2_8);
> +}
> +
>  DEFINE_Q35_MACHINE(v2_8, "pc-q35-2.8", NULL,
> pc_q35_2_8_machine_options);
>  
>  static void pc_q35_2_7_machine_options(MachineClass *m)
>  {
>  pc_q35_2_8_machine_options(m);
> -m->alias = NULL;
>  m->max_cpus = 255;
>  SET_MACHINE_COMPAT(m, PC_COMPAT_2_7);
>  }
> -- 
> 2.11.0.259.g40922b1

Re: [Qemu-devel] [PATCH for-2.9 0/3] hw/pcie: Introduce Generic PCI Express Root Port

[Michael S. Tsirkin]

On Wed, Nov 23, 2016 at 02:02:46PM +0200, Marcel Apfelbaum wrote:
> The Generic Root Port behaves the same as the
> Intel's IOH device with id 3420, without having
> Intel specific attributes.
> 
> The device has two purposes:
>  (1) Can be used on both X86 and ARM machines.
>  (2) It will allow us to tweak the behaviour
> (e.g add vendor-specific PCI capabilities)
>  - something that obviously cannot be done
>on a known device.

I don't see any issues but the patches don't apply anymore.
If you still want this in, pls rebase and repost.


> Patch 1/3: Introduce a base class for Root Ports - most of the code
>is migrated from IOH3420 implementation.
> Patch 2/3: Derives the IOH3420 from the new base class
> Patch 3/3: Introduces the generic Root Port.
> 
> Tested with Linux and Windows guests only on x86 hosts.
> 
> Marcel Apfelbaum (3):
>   hw/pcie: Introduce a base class for PCI Express Root Ports
>   hw/ioh3420: derive from PCI Express Root Port base class
>   hw/pcie: Introduce Generic PCI Express Root Port
> 
>  default-configs/arm-softmmu.mak|   1 +
>  default-configs/i386-softmmu.mak   |   1 +
>  default-configs/x86_64-softmmu.mak |   1 +
>  hw/pci-bridge/Makefile.objs|   1 +
>  hw/pci-bridge/ioh3420.c| 150 ++--
>  hw/pci-bridge/pcie_root_port.c | 227 
> +
>  include/hw/pci/pci.h   |   1 +
>  include/hw/pci/pcie_port.h |  18 +++
>  8 files changed, 257 insertions(+), 143 deletions(-)
>  create mode 100644 hw/pci-bridge/pcie_root_port.c
> 
> -- 
> 2.5.5

Re: [Qemu-devel] [PATCH] hw/pci: disable pci-bridge's shpc by default

[Michael S. Tsirkin]

On Wed, Nov 02, 2016 at 05:16:42PM +0200, Marcel Apfelbaum wrote:
> The shpc component is optional while  ACPI hotplug is used
> for hot-plugging PCI devices into a PCI-PCI bridge.
> Disabling the shpc by default will make slot 0 usable at boot time
> and not only for hot-plug, without loosing any functionality.
> Older machines will have shpc enabled for compatibility reasons.
> 
> Signed-off-by: Marcel Apfelbaum 

Can you pls post a rebase since compat changed?

> ---
>  hw/pci-bridge/pci_bridge_dev.c | 2 +-
>  include/hw/compat.h| 4 
>  2 files changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/pci-bridge/pci_bridge_dev.c b/hw/pci-bridge/pci_bridge_dev.c
> index 5dbd933..647ad80 100644
> --- a/hw/pci-bridge/pci_bridge_dev.c
> +++ b/hw/pci-bridge/pci_bridge_dev.c
> @@ -163,7 +163,7 @@ static Property pci_bridge_dev_properties[] = {
>  DEFINE_PROP_ON_OFF_AUTO(PCI_BRIDGE_DEV_PROP_MSI, PCIBridgeDev, msi,
>  ON_OFF_AUTO_AUTO),
>  DEFINE_PROP_BIT(PCI_BRIDGE_DEV_PROP_SHPC, PCIBridgeDev, flags,
> -PCI_BRIDGE_DEV_F_SHPC_REQ, true),
> +PCI_BRIDGE_DEV_F_SHPC_REQ, false),
>  DEFINE_PROP_END_OF_LIST(),
>  };
>  
> diff --git a/include/hw/compat.h b/include/hw/compat.h
> index 0f06e11..388b7ec 100644
> --- a/include/hw/compat.h
> +++ b/include/hw/compat.h
> @@ -18,6 +18,10 @@
>  .driver   = "intel-iommu",\
>  .property = "x-buggy-eim",\
>  .value= "true",\
> +},{\
> +.driver   = "pci-bridge",\
> +.property = "shpc",\
> +.value= "on",\
>  },
>  
>  #define HW_COMPAT_2_6 \
> -- 
> 2.5.5

Re: [Qemu-devel] [PATCH v4 0/3] virtio-net: Add support to MTU feature

[Michael S. Tsirkin]

On Tue, Dec 13, 2016 at 02:17:11PM +0100, Maxime Coquelin wrote:
> 
> 
> On 12/13/2016 02:07 PM, Daniel P. Berrange wrote:
> > On Tue, Dec 13, 2016 at 02:04:52PM +0100, Maxime Coquelin wrote:
> > > 
> > > 
> > > On 12/12/2016 11:34 AM, Daniel P. Berrange wrote:
> > > > On Mon, Dec 12, 2016 at 11:12:56AM +0100, Maxime Coquelin wrote:
> > > > > Hi Daniel,
> > > > > 
> > > > > On 12/12/2016 11:02 AM, Daniel P. Berrange wrote:
> > > > > > On Sat, Dec 10, 2016 at 04:30:35PM +0100, Maxime Coquelin wrote:
> > > > > > > Thanks for the reviews,
> > > > > > > 
> > > > > > > This series implements Virtio spec update from Aaron Conole which
> > > > > > > defines a way for the host to expose its max MTU to the guest.
> > > > > > > 
> > > > > > > "host_mtu" parameter is added to provide QEMU with the MTU value,
> > > > > > > and the backend, if supported, gets notified of the MTU value 
> > > > > > > when the
> > > > > > > MTU feature neogotiation succeeds.
> > > > > > > 
> > > > > > > Only user backend currently supports MTU notification. A new 
> > > > > > > protocol
> > > > > > > feature has been implemented for sending MTU value to the backend.
> > > > > > > 
> > > > > > > For kernel backend, it is expected the management tool also 
> > > > > > > configures
> > > > > > > the tap/macvtap interface with same MTU value.
> > > > > > > Daniel, I would be interrested about your feedback on this 
> > > > > > > implementation
> > > > > > > from management tool point of view.
> > > > > > 
> > > > > > I can't give real feedback yet, as I'm not seeing clear information 
> > > > > > on
> > > > > > what problem this series is designed to solve
> > > > > 
> > > > > Right, I agree it is missing a bit of context here, I'll add more 
> > > > > about
> > > > > the background in next revision.
> > > > > 
> > > > > The goal of this series is to address two things:
> > > > > 1. Providing a way for the guests to use the same MTU as the host,
> > > > >in order to have a consistent MTU value across the infrastructure.
> > > > 
> > > > Ok, currently libvirt sets the MTU of the tap device based on the MTU
> > > > of the device it will be attached to. This change means we need to pass
> > > > that MTU value into QEMU via the -netdev command line so it can inform
> > > > the guest what the MTU is.
> > > Nice, do you have a pointer on where this is done in QEMU?
> > 
> > Its in libvirt code via virNetDevSetMTUFromDevice()
> 
> Thanks.
> For QEMU part, this series adds host_mtu parameter to virtio-net device,
> not to vhost netdev. Should it be reworked?
> 
> Maxime

I applied as is for now, we can rework as necessary but people want to
be able to test this.

Re: [Qemu-devel] [RFC] PCI/migration merge vmstate_pci_device and vmstate_pcie_device

[Michael S. Tsirkin]

On Fri, Dec 16, 2016 at 09:35:28AM +, Dr. David Alan Gilbert wrote:
> * Michael S. Tsirkin (m...@redhat.com) wrote:
> > On Wed, Dec 14, 2016 at 07:58:29PM +, Dr. David Alan Gilbert (git) 
> > wrote:
> > > From: "Dr. David Alan Gilbert" 
> > > 
> > > The vmstate_pci_device and vmstate_pcie_devices differ
> > > just in the size of one buffer; combine the two using a _TEST
> > > macro.
> > > 
> > > I think this is safe as long as everywhere which currently
> > > uses either of these two uses the right type.
> > > 
> > > One thing that concerns me is that some places use pci_device_load/save
> > > which does some irq mangling, but others just use the VMSTATE_PCI_DEVICE
> > > macro - how are they getting the same irq mangling?
> > > 
> > > This passes a smoke test migrate of:
> > > ./x86_64-softmmu/qemu-system-x86_64 -M pc,accel=kvm -m 1024
> > > ./littlefed20.img -device e1000e -device virtio-net -device
> > > e1000 -device virtio-rng -device megasas -device megasas-gen2 -device
> > > ioh3420 -device nec-usb-xhci
> > > 
> > > to an unmodified qemu.
> > > 
> > > Signed-off-by: Dr. David Alan Gilbert 
> > 
> > Reviewed-by: Michael S. Tsirkin 
> > 
> > feel free to merge through migration tree.
> 
> Thanks!
> What about my related question about the difference between 
> pci_device_load/save
> with respect to the irq mangling it does?
> 
> Dave

Do you mean pci_update_irq_status?

All this saving/clearing is for compatibility with
old code which didn't set/clear it properly.
I would not be too surprised if that compatibility
just got broken at some point ...


> > > ---
> > >  hw/net/e1000e.c|  2 +-
> > >  hw/net/vmxnet3.c   |  2 +-
> > >  hw/pci-bridge/ioh3420.c|  2 +-
> > >  hw/pci-bridge/xio3130_downstream.c |  2 +-
> > >  hw/pci-bridge/xio3130_upstream.c   |  2 +-
> > >  hw/pci/pci.c   | 41 
> > > +-
> > >  hw/scsi/megasas.c  |  2 +-
> > >  hw/scsi/vmw_pvscsi.c   |  2 +-
> > >  hw/usb/hcd-xhci.c  |  2 +-
> > >  include/hw/pci/pcie.h  | 10 --
> > >  10 files changed, 26 insertions(+), 41 deletions(-)
> > > 
> > > diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
> > > index 4994e1c..463ac9b 100644
> > > --- a/hw/net/e1000e.c
> > > +++ b/hw/net/e1000e.c
> > > @@ -592,7 +592,7 @@ static const VMStateDescription e1000e_vmstate = {
> > >  .pre_save = e1000e_pre_save,
> > >  .post_load = e1000e_post_load,
> > >  .fields = (VMStateField[]) {
> > > -VMSTATE_PCIE_DEVICE(parent_obj, E1000EState),
> > > +VMSTATE_PCI_DEVICE(parent_obj, E1000EState),
> > >  VMSTATE_MSIX(parent_obj, E1000EState),
> > >  
> > >  VMSTATE_UINT32(ioaddr, E1000EState),
> > > diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
> > > index bbb898b..86cded9 100644
> > > --- a/hw/net/vmxnet3.c
> > > +++ b/hw/net/vmxnet3.c
> > > @@ -2538,7 +2538,7 @@ static const VMStateDescription 
> > > vmstate_vmxnet3_pcie_device = {
> > >  .minimum_version_id = 1,
> > >  .needed = vmxnet3_vmstate_need_pcie_device,
> > >  .fields = (VMStateField[]) {
> > > -VMSTATE_PCIE_DEVICE(parent_obj, VMXNET3State),
> > > +VMSTATE_PCI_DEVICE(parent_obj, VMXNET3State),
> > >  VMSTATE_END_OF_LIST()
> > >  }
> > >  };
> > > diff --git a/hw/pci-bridge/ioh3420.c b/hw/pci-bridge/ioh3420.c
> > > index c8b5ac4..98114e1 100644
> > > --- a/hw/pci-bridge/ioh3420.c
> > > +++ b/hw/pci-bridge/ioh3420.c
> > > @@ -178,7 +178,7 @@ static const VMStateDescription vmstate_ioh3420 = {
> > >  .minimum_version_id = 1,
> > >  .post_load = pcie_cap_slot_post_load,
> > >  .fields = (VMStateField[]) {
> > > -VMSTATE_PCIE_DEVICE(parent_obj.parent_obj.parent_obj, PCIESlot),
> > > +VMSTATE_PCI_DEVICE(parent_obj.parent_obj.parent_obj, PCIESlot),
> > >  VMSTATE_STRUCT(parent_obj.parent_obj.parent_obj.exp.aer_log,
> > > PCIESlot, 0, vmstate_pcie_aer_log, PCIEAERLog),
> > >  VMSTATE_END_OF_LIST()
> > > diff --git a/hw/pci-bridge/xio3130_downstream.c 
> > > b/hw/pci-bridge/xio3130_downstream.c
> > > index cef6e13..4c54301 100644
> > > --- a/hw/pci-bridge/xio3130_downstream.c
> > > +++ b/hw/pci-bridge/xio3130_downstream.c
> > > @@ -164,7 +164,7 @@ static const VMStateDescription 
> > > vmstate_xio3130_downstream = {
> > >  .minimum_version_id = 1,
> > >  .post_load = pcie_cap_slot_post_load,
> > >  .fields = (VMStateField[]) {
> > > -VMSTATE_PCIE_DEVICE(parent_obj.parent_obj.parent_obj, PCIESlot),
> > > +VMSTATE_PCI_DEVICE(parent_obj.parent_obj.parent_obj, PCIESlot),
> > >  VMSTATE_STRUCT(parent_obj.parent_obj.parent_obj.exp.aer_log,
> > > PCIESlot, 0, vmstate_pcie_aer_log, PCIEAERLog),
> > >  VMSTATE_END_OF_LIST()
> > > diff --git a/hw/pci-bridge/xio3130_upstream.c 
> 

Re: [Qemu-devel] [PATCH v4 2/2] pcie_aer: support configurable AER capa version

[Cao jin]

On 01/10/2017 11:27 AM, Michael S. Tsirkin wrote:
> On Wed, Dec 21, 2016 at 04:21:31PM +0800, Cao jin wrote:
>> From: Dou Liyang 
>>
>> Now, AER capa version is fixed to v2, if assigned device isn't v2,
>> then this value will be inconsistent between guest and host
>>
>> Signed-off-by: Dou Liyang 
>> Signed-off-by: Cao jin 
>> Reviewed-by: Michael S. Tsirkin 
> 
> I assume this is good for AER work so I'll merge this,
> but these patches don't do anything by themselves
> in the future pls make this explicit in commit log.
> 

Thanks for the reminding, please amend the commit log if you want.

-- 
Sincerely,
Cao jin

>> ---
>>  hw/net/e1000e.c| 3 ++-
>>  hw/pci-bridge/ioh3420.c| 3 ++-
>>  hw/pci-bridge/xio3130_downstream.c | 3 ++-
>>  hw/pci-bridge/xio3130_upstream.c   | 3 ++-
>>  hw/pci/pcie_aer.c  | 6 +++---
>>  include/hw/pci/pcie_aer.h  | 4 ++--
>>  6 files changed, 13 insertions(+), 9 deletions(-)
>>
>> diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
>> index 89f96eb4a076..77a4b3e5bf9d 100644
>> --- a/hw/net/e1000e.c
>> +++ b/hw/net/e1000e.c
>> @@ -472,7 +472,8 @@ static void e1000e_pci_realize(PCIDevice *pci_dev, Error 
>> **errp)
>>  hw_error("Failed to initialize PM capability");
>>  }
>>  
>> -if (pcie_aer_init(pci_dev, e1000e_aer_offset, PCI_ERR_SIZEOF, NULL) < 
>> 0) {
>> +if (pcie_aer_init(pci_dev, PCI_ERR_VER, e1000e_aer_offset,
>> +  PCI_ERR_SIZEOF, NULL) < 0) {
>>  hw_error("Failed to initialize AER capability");
>>  }
>>  
>> diff --git a/hw/pci-bridge/ioh3420.c b/hw/pci-bridge/ioh3420.c
>> index 04180af79471..84b7946c3136 100644
>> --- a/hw/pci-bridge/ioh3420.c
>> +++ b/hw/pci-bridge/ioh3420.c
>> @@ -135,7 +135,8 @@ static int ioh3420_initfn(PCIDevice *d)
>>  goto err_pcie_cap;
>>  }
>>  
>> -rc = pcie_aer_init(d, IOH_EP_AER_OFFSET, PCI_ERR_SIZEOF, );
>> +rc = pcie_aer_init(d, PCI_ERR_VER, IOH_EP_AER_OFFSET,
>> +   PCI_ERR_SIZEOF, );
>>  if (rc < 0) {
>>  error_report_err(err);
>>  goto err;
>> diff --git a/hw/pci-bridge/xio3130_downstream.c 
>> b/hw/pci-bridge/xio3130_downstream.c
>> index 571334185b42..04b8e5b8479e 100644
>> --- a/hw/pci-bridge/xio3130_downstream.c
>> +++ b/hw/pci-bridge/xio3130_downstream.c
>> @@ -97,7 +97,8 @@ static int xio3130_downstream_initfn(PCIDevice *d)
>>  goto err_pcie_cap;
>>  }
>>  
>> -rc = pcie_aer_init(d, XIO3130_AER_OFFSET, PCI_ERR_SIZEOF, );
>> +rc = pcie_aer_init(d, PCI_ERR_VER, XIO3130_AER_OFFSET,
>> +   PCI_ERR_SIZEOF, );
>>  if (rc < 0) {
>>  error_report_err(err);
>>  goto err;
>> diff --git a/hw/pci-bridge/xio3130_upstream.c 
>> b/hw/pci-bridge/xio3130_upstream.c
>> index 94c16910069e..d1f59c883477 100644
>> --- a/hw/pci-bridge/xio3130_upstream.c
>> +++ b/hw/pci-bridge/xio3130_upstream.c
>> @@ -85,7 +85,8 @@ static int xio3130_upstream_initfn(PCIDevice *d)
>>  pcie_cap_flr_init(d);
>>  pcie_cap_deverr_init(d);
>>  
>> -rc = pcie_aer_init(d, XIO3130_AER_OFFSET, PCI_ERR_SIZEOF, );
>> +rc = pcie_aer_init(d, PCI_ERR_VER, XIO3130_AER_OFFSET,
>> +   PCI_ERR_SIZEOF, );
>>  if (rc < 0) {
>>  error_report_err(err);
>>  goto err;
>> diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
>> index 2a4bd5aef639..daf1f65427c2 100644
>> --- a/hw/pci/pcie_aer.c
>> +++ b/hw/pci/pcie_aer.c
>> @@ -97,10 +97,10 @@ static void aer_log_clear_all_err(PCIEAERLog *aer_log)
>>  aer_log->log_num = 0;
>>  }
>>  
>> -int pcie_aer_init(PCIDevice *dev, uint16_t offset, uint16_t size,
>> -  Error **errp)
>> +int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset,
>> +  uint16_t size, Error **errp)
>>  {
>> -pcie_add_capability(dev, PCI_EXT_CAP_ID_ERR, PCI_ERR_VER,
>> +pcie_add_capability(dev, PCI_EXT_CAP_ID_ERR, cap_ver,
>>  offset, size);
>>  dev->exp.aer_cap = offset;
>>  
>> diff --git a/include/hw/pci/pcie_aer.h b/include/hw/pci/pcie_aer.h
>> index 5891b6816e85..526802bd312b 100644
>> --- a/include/hw/pci/pcie_aer.h
>> +++ b/include/hw/pci/pcie_aer.h
>> @@ -86,8 +86,8 @@ struct PCIEAERErr {
>>  
>>  extern const VMStateDescription vmstate_pcie_aer_log;
>>  
>> -int pcie_aer_init(PCIDevice *dev, uint16_t offset, uint16_t size,
>> -  Error **errp);
>> +int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset,
>> +  uint16_t size, Error **errp);
>>  void pcie_aer_exit(PCIDevice *dev);
>>  void pcie_aer_write_config(PCIDevice *dev,
>> uint32_t addr, uint32_t val, int len);
>> -- 
>> 2.1.0
>>
>>
> 
> 
> .
> 

Re: [Qemu-devel] [PULL 6/6] MAINTAINERS: Remove obsolete stable branches

[Michael S. Tsirkin]

On Thu, Nov 10, 2016 at 11:11:43AM +0100, Thomas Huth wrote:
> There are only very old and orphaned stable branches listed
> in the MAINTAINERS file - so this section is pretty useless
> nowadays. Let's remove it.
> 
> Reviewed-by: John Snow 
> Signed-off-by: Thomas Huth 


Could you add some kind of entry for stable though?
Otherwise people won't know which address to CC.

> ---
>  MAINTAINERS | 22 --
>  1 file changed, 22 deletions(-)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index d8575ab..4a60579 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1574,28 +1574,6 @@ F: tcg/tci/
>  F: tci.c
>  F: disas/tci.c
>  
> -Stable branches
> 
> -Stable 1.0
> -L: qemu-sta...@nongnu.org
> -T: git git://git.qemu-project.org/qemu-stable-1.0.git
> -S: Orphan
> -
> -Stable 0.15
> -L: qemu-sta...@nongnu.org
> -T: git git://git.qemu-project.org/qemu-stable-0.15.git
> -S: Orphan
> -
> -Stable 0.14
> -L: qemu-sta...@nongnu.org
> -T: git git://git.qemu-project.org/qemu-stable-0.14.git
> -S: Orphan
> -
> -Stable 0.10
> -L: qemu-sta...@nongnu.org
> -T: git git://git.qemu-project.org/qemu-stable-0.10.git
> -S: Orphan
> -
>  Block drivers
>  -
>  VMDK
> -- 
> 1.8.3.1
> 

Re: [Qemu-devel] [PATCH v4 2/2] pcie_aer: support configurable AER capa version

[Michael S. Tsirkin]

On Wed, Dec 21, 2016 at 04:21:31PM +0800, Cao jin wrote:
> From: Dou Liyang 
> 
> Now, AER capa version is fixed to v2, if assigned device isn't v2,
> then this value will be inconsistent between guest and host
> 
> Signed-off-by: Dou Liyang 
> Signed-off-by: Cao jin 
> Reviewed-by: Michael S. Tsirkin 

I assume this is good for AER work so I'll merge this,
but these patches don't do anything by themselves
in the future pls make this explicit in commit log.

> ---
>  hw/net/e1000e.c| 3 ++-
>  hw/pci-bridge/ioh3420.c| 3 ++-
>  hw/pci-bridge/xio3130_downstream.c | 3 ++-
>  hw/pci-bridge/xio3130_upstream.c   | 3 ++-
>  hw/pci/pcie_aer.c  | 6 +++---
>  include/hw/pci/pcie_aer.h  | 4 ++--
>  6 files changed, 13 insertions(+), 9 deletions(-)
> 
> diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
> index 89f96eb4a076..77a4b3e5bf9d 100644
> --- a/hw/net/e1000e.c
> +++ b/hw/net/e1000e.c
> @@ -472,7 +472,8 @@ static void e1000e_pci_realize(PCIDevice *pci_dev, Error 
> **errp)
>  hw_error("Failed to initialize PM capability");
>  }
>  
> -if (pcie_aer_init(pci_dev, e1000e_aer_offset, PCI_ERR_SIZEOF, NULL) < 0) 
> {
> +if (pcie_aer_init(pci_dev, PCI_ERR_VER, e1000e_aer_offset,
> +  PCI_ERR_SIZEOF, NULL) < 0) {
>  hw_error("Failed to initialize AER capability");
>  }
>  
> diff --git a/hw/pci-bridge/ioh3420.c b/hw/pci-bridge/ioh3420.c
> index 04180af79471..84b7946c3136 100644
> --- a/hw/pci-bridge/ioh3420.c
> +++ b/hw/pci-bridge/ioh3420.c
> @@ -135,7 +135,8 @@ static int ioh3420_initfn(PCIDevice *d)
>  goto err_pcie_cap;
>  }
>  
> -rc = pcie_aer_init(d, IOH_EP_AER_OFFSET, PCI_ERR_SIZEOF, );
> +rc = pcie_aer_init(d, PCI_ERR_VER, IOH_EP_AER_OFFSET,
> +   PCI_ERR_SIZEOF, );
>  if (rc < 0) {
>  error_report_err(err);
>  goto err;
> diff --git a/hw/pci-bridge/xio3130_downstream.c 
> b/hw/pci-bridge/xio3130_downstream.c
> index 571334185b42..04b8e5b8479e 100644
> --- a/hw/pci-bridge/xio3130_downstream.c
> +++ b/hw/pci-bridge/xio3130_downstream.c
> @@ -97,7 +97,8 @@ static int xio3130_downstream_initfn(PCIDevice *d)
>  goto err_pcie_cap;
>  }
>  
> -rc = pcie_aer_init(d, XIO3130_AER_OFFSET, PCI_ERR_SIZEOF, );
> +rc = pcie_aer_init(d, PCI_ERR_VER, XIO3130_AER_OFFSET,
> +   PCI_ERR_SIZEOF, );
>  if (rc < 0) {
>  error_report_err(err);
>  goto err;
> diff --git a/hw/pci-bridge/xio3130_upstream.c 
> b/hw/pci-bridge/xio3130_upstream.c
> index 94c16910069e..d1f59c883477 100644
> --- a/hw/pci-bridge/xio3130_upstream.c
> +++ b/hw/pci-bridge/xio3130_upstream.c
> @@ -85,7 +85,8 @@ static int xio3130_upstream_initfn(PCIDevice *d)
>  pcie_cap_flr_init(d);
>  pcie_cap_deverr_init(d);
>  
> -rc = pcie_aer_init(d, XIO3130_AER_OFFSET, PCI_ERR_SIZEOF, );
> +rc = pcie_aer_init(d, PCI_ERR_VER, XIO3130_AER_OFFSET,
> +   PCI_ERR_SIZEOF, );
>  if (rc < 0) {
>  error_report_err(err);
>  goto err;
> diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
> index 2a4bd5aef639..daf1f65427c2 100644
> --- a/hw/pci/pcie_aer.c
> +++ b/hw/pci/pcie_aer.c
> @@ -97,10 +97,10 @@ static void aer_log_clear_all_err(PCIEAERLog *aer_log)
>  aer_log->log_num = 0;
>  }
>  
> -int pcie_aer_init(PCIDevice *dev, uint16_t offset, uint16_t size,
> -  Error **errp)
> +int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset,
> +  uint16_t size, Error **errp)
>  {
> -pcie_add_capability(dev, PCI_EXT_CAP_ID_ERR, PCI_ERR_VER,
> +pcie_add_capability(dev, PCI_EXT_CAP_ID_ERR, cap_ver,
>  offset, size);
>  dev->exp.aer_cap = offset;
>  
> diff --git a/include/hw/pci/pcie_aer.h b/include/hw/pci/pcie_aer.h
> index 5891b6816e85..526802bd312b 100644
> --- a/include/hw/pci/pcie_aer.h
> +++ b/include/hw/pci/pcie_aer.h
> @@ -86,8 +86,8 @@ struct PCIEAERErr {
>  
>  extern const VMStateDescription vmstate_pcie_aer_log;
>  
> -int pcie_aer_init(PCIDevice *dev, uint16_t offset, uint16_t size,
> -  Error **errp);
> +int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset,
> +  uint16_t size, Error **errp);
>  void pcie_aer_exit(PCIDevice *dev);
>  void pcie_aer_write_config(PCIDevice *dev,
> uint32_t addr, uint32_t val, int len);
> -- 
> 2.1.0
> 
> 

Re: [Qemu-devel] [Qemu-ppc] [PATCH v3 0/4] ppc: add a IBM 40p machine (RS/6000, PReP)

[David Gibson]

On Mon, Jan 09, 2017 at 08:43:47AM +0100, Thomas Huth wrote:
> On 07.01.2017 16:23, Hervé Poussineau wrote:
> > Hi,
> > 
> > This patchset adds the emulation of the IBM RS/6000 7020 (40p). The real 
> > machine is
> > able to run AIX (up to 4.3.3), Windows NT (up to 4.0 SP1), the beta of OS/2 
> > PowerPC,
> > Solaris, Linux, NetBSD/PReP ...
> > 
> > I've tested current emulation with Open Hack'Ware, OpenBIOS and official 
> > firmware.
> > 
> > Linux kernel starts, and freezes during boot (seems like a problem with the 
> > SCSI adapter).
> > Windows NT starts up to the point where it wants to change endianness.
> > Other OSes have not been tested.
> > 
> > This machine is a superset of the 'prep' one, because we know exactly what 
> > is/should
> > emulated, and that operating system list running on it is quite wide.
> > I hope that 'prep' machine can be deprecated soon and then later removed.
> > 
> > Patch 1 is a cleanup, and can probably be committed first.
> > Patches 2 to 4  are the real implementation of the IBM 40p.
> > 
> > Changes since v2:
> > - patch 2: fix mismatch between read and write functions for port 92
> > - patch 4: use error_report instead of fprintf/hw_error
> > 
> > Changes since v1:
> > - removed patches related to display adapter:
> >   Let's wait for an emulation of the real display adapter (an S3 Trio), as 
> > current
> >   VGA adapter already mostly works with Open Hack'Ware and OpenBIOS
> > - various changes due to David Gibson's remarks
> > 
> > Hervé Poussineau (4):
> >   prep: do not use global variable to access nvram
> >   prep: add PReP System I/O
> >   prep: add IBM RS/6000 7020 (40p) memory controller
> >   prep: add IBM RS/6000 7020 (40p) machine emulation
> > 
> >  default-configs/ppc-softmmu.mak |   2 +
> >  hw/ppc/Makefile.objs|   2 +
> >  hw/ppc/prep.c   | 233 +-
> >  hw/ppc/prep_systemio.c  | 303 
> > 
> >  hw/ppc/rs6000_mc.c  | 232 ++
> >  hw/ppc/trace-events |  11 ++
> >  6 files changed, 781 insertions(+), 2 deletions(-)
> >  create mode 100644 hw/ppc/prep_systemio.c
> >  create mode 100644 hw/ppc/rs6000_mc.c
> 
> By the way, the PReP machine currently does not have a proper maintainer
> according to the MAINTAINERS file ... would you maybe volunteer to do
> that job? If so, could you please send a patch for the MAINTAINERS file?

Yes, that would be much appreciated.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] hw/ppc/spapr: Allow POWER9 as hot-pluggable CPU for pseries

[David Gibson]

On Mon, Jan 09, 2017 at 01:57:24PM +0100, Thomas Huth wrote:
> Running "qemu-system-ppc64 -M pseries -cpu POWER9" currently does not work
> yet and results in this error message:
> 
>  qemu-system-ppc64: Unable to find sPAPR CPU Core definition
> 
> Since we want to support the pseries machine with POWER9 in the future,
> allow using POWER9 as hot-pluggable CPU there, too.
> 
> Signed-off-by: Thomas Huth 

I'm not sure it makes sense to apply this until we have at least the
basics of the POWER9 PAPR pieces implemented in qemu.

> ---
>  hw/ppc/spapr_cpu_core.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> index 9dddaeb..71253f9 100644
> --- a/hw/ppc/spapr_cpu_core.c
> +++ b/hw/ppc/spapr_cpu_core.c
> @@ -360,6 +360,9 @@ static const char *spapr_core_models[] = {
>  
>  /* POWER8NVL */
>  "POWER8NVL_v1.0",
> +
> +/* POWER9 */
> +"POWER9_v1.0",
>  };
>  
>  void spapr_cpu_core_class_init(ObjectClass *oc, void *data)

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] ppc: Prevent inifnite loop in decrementer auto-reload.

[David Gibson]

On Mon, Jan 09, 2017 at 12:23:38PM +0100, Roman Kapl wrote:
> If the DECAR register is set to 0, QEMU tries to reload the decrementer with
> zero in an inifinite loop. According to PPC documentation, the decrementer is
> triggered on 1->0 transition, so avoid reloading the decrementer if if is
> already zero.
> 
> The problem does not manifest under Linux, but it is valid to set DECAR to 
> zero
> (and may make sense as part of decrementer initialization when interrupts are
> disabled).
> 
> Signed-off-by: Roman Kapl 

Applied, fixing the coding style nit (no space after if) in the
process.  Please remember to run checkpatch.pl in future.

> ---
>  hw/ppc/ppc_booke.c | 8 ++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/ppc/ppc_booke.c b/hw/ppc/ppc_booke.c
> index ab8d026..f8d5c28 100644
> --- a/hw/ppc/ppc_booke.c
> +++ b/hw/ppc/ppc_booke.c
> @@ -198,8 +198,12 @@ static void booke_decr_cb(void *opaque)
>  booke_update_irq(cpu);
>  
>  if (env->spr[SPR_BOOKE_TCR] & TCR_ARE) {
> -/* Auto Reload */
> -cpu_ppc_store_decr(env, env->spr[SPR_BOOKE_DECAR]);
> +/* Do not reload 0, it is already there. It would just trigger
> + * the timer again and lead to infinite loop */
> +if(env->spr[SPR_BOOKE_DECAR] != 0) {
> +/* Auto Reload */
> +cpu_ppc_store_decr(env, env->spr[SPR_BOOKE_DECAR]);
> +}
>  }
>  }
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 0/3] POWER9 TCG enablements - part10

[David Gibson]

On Mon, Jan 09, 2017 at 07:56:12PM +0530, Nikunj A Dadhania wrote:
> This series contains 11 new instructions for POWER9 ISA3.0
>  VSX Scalar Convert
>  VSX Scalar Add QP
> 
> Changelog:
> v1: 
> * xsaddqp, xscv[dpqp, qpdp] instructions use register numbering 0-31, this 
> needs
>   to be handled in the decoding. ISA 3.0 documents to use them as VSR[VRA + 
> 32], 
>   and likewise for other registers. 
> 
> v0:
>Rebase and update reviewed-by

Applied to ppc-for-2.9, replacing the earlier versions.

> 
> 
> Bharata B Rao (3):
>   target-ppc: Add xsaddqp instructions
>   target-ppc: Add xscvdpqp instruction
>   target-ppc: Add xscvqpdp instruction
> 
>  target/ppc/fpu_helper.c | 109 
> 
>  target/ppc/helper.h |   3 +
>  target/ppc/internal.h   |   1 +
>  target/ppc/translate/vsx-impl.inc.c |   3 +
>  target/ppc/translate/vsx-ops.inc.c  |   3 +
>  5 files changed, 119 insertions(+)
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] pc: fix crash in rtc_set_memory() if initial cpu is marked as hotplugged

[Michael S. Tsirkin]

On Fri, Dec 30, 2016 at 03:33:11PM +0100, Igor Mammedov wrote:
> 'hotplugged' propperty is meant to be used on migration side when migrating
> source with hotplugged devices.
> However though it not exacly correct usage of 'hotplugged' property
> it's possible to set generic hotplugged property for CPU using
>  -cpu foo,hotplugged=on
> or
>  -global foo.hotplugged=on
> 
> in this case qemu crashes with following backtrace:
> 
> ...
> 
> because pc_cpu_plug() assumes that hotplugged CPU could appear only after
> rtc/fw_cfg are initialized.
> Fix crash by replacing assumption with explicit checks of rtc/fw_cfg
> and updating them only if they were initialized.
> 
> Signed-off-by: Igor Mammedov 
> Reported-by: Eduardo Habkost 

Looks like Paolo is merging this.

Reviewed-by: Michael S. Tsirkin 

> ---
>  hw/i386/pc.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index f3d7ad4..7b7e126 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -1810,8 +1810,10 @@ static void pc_cpu_plug(HotplugHandler *hotplug_dev,
>  
>  /* increment the number of CPUs */
>  pcms->boot_cpus++;
> -if (dev->hotplugged) {
> +if (pcms->rtc) {
>  rtc_set_cpus_count(pcms->rtc, pcms->boot_cpus);
> +}
> +if (pcms->fw_cfg) {
>  fw_cfg_modify_i16(pcms->fw_cfg, FW_CFG_NB_CPUS, pcms->boot_cpus);
>  }
>  
> -- 
> 2.7.4

Re: [Qemu-devel] [PATCH 1/6] pci: add pci_vga_type(), giving the device name of the chosen VGA device

[Michael S. Tsirkin]

On Tue, Jan 03, 2017 at 10:01:25AM +1100, David Gibson wrote:
> On Thu, Dec 29, 2016 at 11:12:11PM +0100, Hervé Poussineau wrote:
> > This is in fact a split of pci_vga_init() function in two parts.
> > 
> > Signed-off-by: Hervé Poussineau 
> 
> Reviewed-by: David Gibson 
> 
> I think it needs Michael or someone to merge it though.

Do we have to keep poking at pci_vga_type?
I'd rather people just used -device for everything.

> > ---
> >  hw/pci/pci.c | 22 --
> >  include/hw/pci/pci.h |  1 +
> >  2 files changed, 17 insertions(+), 6 deletions(-)
> > 
> > diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> > index 24fae16..0d5a862 100644
> > --- a/hw/pci/pci.c
> > +++ b/hw/pci/pci.c
> > @@ -1816,19 +1816,19 @@ PCIDevice *pci_nic_init_nofail(NICInfo *nd, PCIBus 
> > *rootbus,
> >  return pci_dev;
> >  }
> >  
> > -PCIDevice *pci_vga_init(PCIBus *bus)
> > +const char *pci_vga_type(void)
> >  {
> >  switch (vga_interface_type) {
> >  case VGA_CIRRUS:
> > -return pci_create_simple(bus, -1, "cirrus-vga");
> > +return "cirrus-vga";
> >  case VGA_QXL:
> > -return pci_create_simple(bus, -1, "qxl-vga");
> > +return "qxl-vga";
> >  case VGA_STD:
> > -return pci_create_simple(bus, -1, "VGA");
> > +return "VGA";
> >  case VGA_VMWARE:
> > -return pci_create_simple(bus, -1, "vmware-svga");
> > +return "vmware-svga";
> >  case VGA_VIRTIO:
> > -return pci_create_simple(bus, -1, "virtio-vga");
> > +return "virtio-vga";
> >  case VGA_NONE:
> >  default: /* Other non-PCI types. Checking for unsupported types is 
> > already
> >  done in vl.c. */
> > @@ -1836,6 +1836,16 @@ PCIDevice *pci_vga_init(PCIBus *bus)
> >  }
> >  }
> >  
> > +PCIDevice *pci_vga_init(PCIBus *bus)
> > +{
> > +const char *vga_type = pci_vga_type();
> > +if (vga_type) {
> > +return pci_create_simple(bus, -1, vga_type);
> > +} else {
> > +return NULL;
> > +}
> > +}
> > +
> >  /* Whether a given bus number is in range of the secondary
> >   * bus of the given bridge device. */
> >  static bool pci_secondary_bus_in_range(PCIDevice *dev, int bus_num)
> > diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
> > index 772692f..aa8d014 100644
> > --- a/include/hw/pci/pci.h
> > +++ b/include/hw/pci/pci.h
> > @@ -420,6 +420,7 @@ PCIDevice *pci_nic_init_nofail(NICInfo *nd, PCIBus 
> > *rootbus,
> > const char *default_model,
> > const char *default_devaddr);
> >  
> > +const char *pci_vga_type(void);
> >  PCIDevice *pci_vga_init(PCIBus *bus);
> >  
> >  int pci_bus_num(PCIBus *s);
> 
> -- 
> David Gibson  | I'll have my music baroque, and my code
> david AT gibson.dropbear.id.au| minimalist, thank you.  NOT _the_ 
> _other_
>   | _way_ _around_!
> http://www.ozlabs.org/~dgibson

Re: [Qemu-devel] [PATCH 1/4] hw/pcie: fix Extended Configuration Space for devices with no Extended Capabilities

[Michael S. Tsirkin]

On Wed, Jan 04, 2017 at 09:57:15PM +0200, Marcel Apfelbaum wrote:
> Absence of any Extended Capabilities is required to be
> indicated by an Extended Capability header with a Capability ID of
> h, a Capability Version of 0h, and a Next Capability Offset of 000h.
> 
> Instead of inserting a 'NULL' capability is simpler to mark the start
> of the Extended Configuration Space as read-only to achieve the same
> behaviour.
> 
> Signed-off-by: Marcel Apfelbaum 

Kind of hacky and only theoretical - I don't think any guest writes
there - but ok. However I think
1. we should init config to 0 too
2. this needs a compat flag

> ---
>  hw/pci/pcie.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
> index 99cfb45..62c1def 100644
> --- a/hw/pci/pcie.c
> +++ b/hw/pci/pcie.c
> @@ -109,6 +109,9 @@ int pcie_cap_init(PCIDevice *dev, uint8_t offset, uint8_t 
> type, uint8_t port)
>   PCI_EXP_DEVCAP2_EFF | PCI_EXP_DEVCAP2_EETLPP);
>  
>  pci_set_word(dev->wmask + pos + PCI_EXP_DEVCTL2, 
> PCI_EXP_DEVCTL2_EETLPPB);
> +
> +/* read-only to behave like a 'NULL' Extended Capability Header */
> +pci_set_long(dev->wmask + PCI_CONFIG_SPACE_SIZE, 0);
>  return pos;
>  }
>  
> -- 
> 2.5.5

Re: [Qemu-devel] [PATCH 4/4] hw/virtio: fix Power Management Control Register for PCI Express virtio devices

[Michael S. Tsirkin]

On Wed, Jan 04, 2017 at 09:57:18PM +0200, Marcel Apfelbaum wrote:
> Make Power Management State flag writable to conform
> with the PCI Express spec.
> 
> Signed-off-by: Marcel Apfelbaum 

Same comment as previously.

> ---
>  hw/virtio/virtio-pci.c | 5 +
>  include/hw/pci/pcie.h  | 2 ++
>  2 files changed, 7 insertions(+)
> 
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index 66a5bf3..7a98078 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -1796,12 +1796,15 @@ static void virtio_pci_realize(PCIDevice *pci_dev, 
> Error **errp)
>  
>  pos = pci_add_capability(pci_dev, PCI_CAP_ID_PM, 0, PCI_PM_SIZEOF);
>  assert(pos > 0);
> +pci_dev->exp.pm_cap = pos;
>  
>  /*
>   * Indicates that this function complies with revision 1.2 of the
>   * PCI Power Management Interface Specification.
>   */
>  pci_set_word(pci_dev->config + pos + PCI_PM_PMC, 0x3);
> +pci_set_word(pci_dev->wmask + pos + PCI_PM_CTRL,
> + PCI_PM_CTRL_STATE_MASK);
>  /* Init error enabling flags */
>  pcie_cap_deverr_init(pci_dev);
>  /* Init Link Control Register */
> @@ -1846,6 +1849,8 @@ static void virtio_pci_reset(DeviceState *qdev)
>  if (pci_is_express(dev)) {
>  pcie_cap_deverr_reset(dev);
>  pcie_cap_lnkctl_reset(dev);
> +
> +pci_set_word(dev->config + dev->exp.pm_cap + PCI_PM_CTRL, 0);
>  }
>  }
>  
> diff --git a/include/hw/pci/pcie.h b/include/hw/pci/pcie.h
> index 7d6611a..7c9c573 100644
> --- a/include/hw/pci/pcie.h
> +++ b/include/hw/pci/pcie.h
> @@ -63,6 +63,8 @@ typedef enum {
>  struct PCIExpressDevice {
>  /* Offset of express capability in config space */
>  uint8_t exp_cap;
> +/* Offset of Power Management capability in config space */
> +uint8_t pm_cap;
>  
>  /* SLOT */
>  bool hpev_notified; /* Logical AND of conditions for hot plug event.
> -- 
> 2.5.5

Re: [Qemu-devel] [PATCH 3/4] hw/virtio: fix Link Control Register for PCI Express virtio devices

[Michael S. Tsirkin]

On Wed, Jan 04, 2017 at 09:57:17PM +0200, Marcel Apfelbaum wrote:
> Make several Link Control Register flags writable to conform
> with the PCI Express spec.
> 
> Signed-off-by: Marcel Apfelbaum 

Same comment as 2.

> ---
>  hw/pci/pcie.c  | 14 ++
>  hw/virtio/virtio-pci.c |  3 +++
>  include/hw/pci/pcie.h  |  3 +++
>  3 files changed, 20 insertions(+)
> 
> diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
> index 62c1def..a596400 100644
> --- a/hw/pci/pcie.c
> +++ b/hw/pci/pcie.c
> @@ -220,6 +220,20 @@ void pcie_cap_deverr_reset(PCIDevice *dev)
>   PCI_EXP_DEVCTL_FERE | PCI_EXP_DEVCTL_URRE);
>  }
>  
> +void pcie_cap_lnkctl_init(PCIDevice *dev)
> +{
> +uint32_t pos = dev->exp.exp_cap;
> +pci_long_test_and_set_mask(dev->wmask + pos + PCI_EXP_LNKCTL,
> +   PCI_EXP_LNKCTL_CCC | PCI_EXP_LNKCTL_ES);
> +}
> +
> +void pcie_cap_lnkctl_reset(PCIDevice *dev)
> +{
> +uint8_t *lnkctl = dev->config + dev->exp.exp_cap + PCI_EXP_LNKCTL;
> +pci_long_test_and_clear_mask(lnkctl,
> + PCI_EXP_LNKCTL_CCC | PCI_EXP_LNKCTL_ES);
> +}
> +
>  static void hotplug_event_update_event_status(PCIDevice *dev)
>  {
>  uint32_t pos = dev->exp.exp_cap;
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index da2124f..66a5bf3 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -1804,6 +1804,8 @@ static void virtio_pci_realize(PCIDevice *pci_dev, 
> Error **errp)
>  pci_set_word(pci_dev->config + pos + PCI_PM_PMC, 0x3);
>  /* Init error enabling flags */
>  pcie_cap_deverr_init(pci_dev);
> +/* Init Link Control Register */
> +pcie_cap_lnkctl_init(pci_dev);
>  } else {
>  /*
>   * make future invocations of pci_is_express() return false
> @@ -1843,6 +1845,7 @@ static void virtio_pci_reset(DeviceState *qdev)
>  
>  if (pci_is_express(dev)) {
>  pcie_cap_deverr_reset(dev);
> +pcie_cap_lnkctl_reset(dev);
>  }
>  }
>  
> diff --git a/include/hw/pci/pcie.h b/include/hw/pci/pcie.h
> index 056d25e..7d6611a 100644
> --- a/include/hw/pci/pcie.h
> +++ b/include/hw/pci/pcie.h
> @@ -93,6 +93,9 @@ uint8_t pcie_cap_flags_get_vector(PCIDevice *dev);
>  void pcie_cap_deverr_init(PCIDevice *dev);
>  void pcie_cap_deverr_reset(PCIDevice *dev);
>  
> +void pcie_cap_lnkctl_init(PCIDevice *dev);
> +void pcie_cap_lnkctl_reset(PCIDevice *dev);
> +
>  void pcie_cap_slot_init(PCIDevice *dev, uint16_t slot);
>  void pcie_cap_slot_reset(PCIDevice *dev);
>  void pcie_cap_slot_write_config(PCIDevice *dev,
> -- 
> 2.5.5

Re: [Qemu-devel] [PATCH 2/4] hw/virtio: fix error enabling flags in Device Control register

[Michael S. Tsirkin]

On Wed, Jan 04, 2017 at 09:57:16PM +0200, Marcel Apfelbaum wrote:
> When the virtio devices are PCI Express, make error-enabling flags
> writable to respect the PCIe spec.
> 
> Signed-off-by: Marcel Apfelbaum 

If guest writes there, it won't be able to migrate.
So I think this needs a compat flag.

> ---
>  hw/virtio/virtio-pci.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index 21c2b9d..da2124f 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -1802,6 +1802,8 @@ static void virtio_pci_realize(PCIDevice *pci_dev, 
> Error **errp)
>   * PCI Power Management Interface Specification.
>   */
>  pci_set_word(pci_dev->config + pos + PCI_PM_PMC, 0x3);
> +/* Init error enabling flags */
> +pcie_cap_deverr_init(pci_dev);
>  } else {
>  /*
>   * make future invocations of pci_is_express() return false
> @@ -1828,6 +1830,7 @@ static void virtio_pci_reset(DeviceState *qdev)
>  {
>  VirtIOPCIProxy *proxy = VIRTIO_PCI(qdev);
>  VirtioBusState *bus = VIRTIO_BUS(>bus);
> +PCIDevice *dev = PCI_DEVICE(qdev);
>  int i;
>  
>  virtio_pci_stop_ioeventfd(proxy);
> @@ -1837,6 +1840,10 @@ static void virtio_pci_reset(DeviceState *qdev)
>  for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
>  proxy->vqs[i].enabled = 0;
>  }
> +
> +if (pci_is_express(dev)) {
> +pcie_cap_deverr_reset(dev);
> +}
>  }
>  
>  static Property virtio_pci_properties[] = {
> -- 
> 2.5.5

Re: [Qemu-devel] [PULL for-2.9 0/9] virtio, vhost, pc: fixes

[Michael S. Tsirkin]

On Tue, Jan 10, 2017 at 09:34:20AM +0800, Fam Zheng wrote:
> On Mon, 01/09 17:28, Peter Maydell wrote:
> > On 9 January 2017 at 16:48, Michael S. Tsirkin  wrote:
> > > The strange thing here is that this actually seems to apply patches
> > > from list instead of getting the tag from the tree.
> > 
> > That's because it's really supposed to be working on patches sent
> > to the list -- it only checks pull requests because it can't
> > tell them apart from patches, I think.
> 
> It can be taught not to check pull requests but I don't see a reason to, maybe
> it's better to let patchew pull the tag instead of applying, but on the other
> hand it's a bit odd to assume they two differ, that's why I haven't done it.
> 
> Fam

Well it's definitely better to actually test the pull req
as it is and not test patches applied at a random master.

[Qemu-devel] [PATCH v5 4/7] ppc: Implement bcdus. instruction

[Jose Ricardo Ziviani]

bcdus.: Decimal unsigned shift. This instruction works like bcds. but
considers only unsigned BCDs (no sign in least meaning 4 bits).

Signed-off-by: Jose Ricardo Ziviani 
---
 target/ppc/helper.h |  1 +
 target/ppc/int_helper.c | 41 +
 target/ppc/translate/vmx-impl.inc.c |  3 +++
 target/ppc/translate/vmx-ops.inc.c  |  2 +-
 4 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 36e9b82..065eb66 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -399,6 +399,7 @@ DEF_HELPER_3(bcdctsq, i32, avr, avr, i32)
 DEF_HELPER_4(bcdcpsgn, i32, avr, avr, avr, i32)
 DEF_HELPER_3(bcdsetsgn, i32, avr, avr, i32)
 DEF_HELPER_4(bcds, i32, avr, avr, avr, i32)
+DEF_HELPER_4(bcdus, i32, avr, avr, avr, i32)
 
 DEF_HELPER_2(xsadddp, void, env, i32)
 DEF_HELPER_2(xsaddqp, void, env, i32)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 26774a6..91ae89f 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -3134,6 +3134,47 @@ uint32_t helper_bcds(ppc_avr_t *r, ppc_avr_t *a, 
ppc_avr_t *b, uint32_t ps)
 return cr;
 }
 
+uint32_t helper_bcdus(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b, uint32_t ps)
+{
+int cr;
+int i;
+int invalid = 0;
+bool ox_flag = false;
+ppc_avr_t ret = *b;
+
+for (i = 0; i < 32; i++) {
+bcd_get_digit(b, i, );
+
+if (unlikely(invalid)) {
+return CRF_SO;
+}
+}
+
+#if defined(HOST_WORDS_BIGENDIAN)
+i = a->s8[7];
+#else
+i = a->s8[8];
+#endif
+if (i >= 32) {
+ox_flag = true;
+ret.u64[LO_IDX] = ret.u64[HI_IDX] = 0;
+} else if (i <= -32) {
+ret.u64[LO_IDX] = ret.u64[HI_IDX] = 0;
+} else if (i > 0) {
+ulshift([LO_IDX], [HI_IDX], i * 4, _flag);
+} else {
+urshift([LO_IDX], [HI_IDX], -i * 4);
+}
+*r = ret;
+
+cr = bcd_cmp_zero(r);
+if (ox_flag) {
+cr |= CRF_SO;
+}
+
+return cr;
+}
+
 void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
 {
 int i;
diff --git a/target/ppc/translate/vmx-impl.inc.c 
b/target/ppc/translate/vmx-impl.inc.c
index 84ebb7e..fc54881 100644
--- a/target/ppc/translate/vmx-impl.inc.c
+++ b/target/ppc/translate/vmx-impl.inc.c
@@ -1017,6 +1017,7 @@ GEN_BCD2(bcdctsq)
 GEN_BCD2(bcdsetsgn)
 GEN_BCD(bcdcpsgn);
 GEN_BCD(bcds);
+GEN_BCD(bcdus);
 
 static void gen_xpnd04_1(DisasContext *ctx)
 {
@@ -1093,6 +1094,8 @@ GEN_VXFORM_DUAL(vaddshs, PPC_ALTIVEC, PPC_NONE, \
 bcdcpsgn, PPC_NONE, PPC2_ISA300)
 GEN_VXFORM_DUAL(vsubudm, PPC2_ALTIVEC_207, PPC_NONE, \
 bcds, PPC_NONE, PPC2_ISA300)
+GEN_VXFORM_DUAL(vsubuwm, PPC_ALTIVEC, PPC_NONE, \
+bcdus, PPC_NONE, PPC2_ISA300)
 
 static void gen_vsbox(DisasContext *ctx)
 {
diff --git a/target/ppc/translate/vmx-ops.inc.c 
b/target/ppc/translate/vmx-ops.inc.c
index 7b4b009..cdd3abe 100644
--- a/target/ppc/translate/vmx-ops.inc.c
+++ b/target/ppc/translate/vmx-ops.inc.c
@@ -61,7 +61,7 @@ GEN_VXFORM(vadduwm, 0, 2),
 GEN_VXFORM_207(vaddudm, 0, 3),
 GEN_VXFORM_DUAL(vsububm, bcdadd, 0, 16, PPC_ALTIVEC, PPC_NONE),
 GEN_VXFORM_DUAL(vsubuhm, bcdsub, 0, 17, PPC_ALTIVEC, PPC_NONE),
-GEN_VXFORM(vsubuwm, 0, 18),
+GEN_VXFORM_DUAL(vsubuwm, bcdus, 0, 18, PPC_ALTIVEC, PPC2_ISA300),
 GEN_VXFORM_DUAL(vsubudm, bcds, 0, 19, PPC2_ALTIVEC_207, PPC2_ISA300),
 GEN_VXFORM_300(bcds, 0, 27),
 GEN_VXFORM(vmaxub, 1, 0),
-- 
2.7.4

[Qemu-devel] [PATCH v5 3/7] ppc: Implement bcds. instruction

[Jose Ricardo Ziviani]

bcds.: Decimal shift. Given two registers vra and vrb, this instruction
shift the vrb value by vra bits into the result register.

Signed-off-by: Jose Ricardo Ziviani 
---
 target/ppc/helper.h |  1 +
 target/ppc/int_helper.c | 40 +
 target/ppc/translate/vmx-impl.inc.c |  3 +++
 target/ppc/translate/vmx-ops.inc.c  |  3 ++-
 4 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index f28bf62..36e9b82 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -398,6 +398,7 @@ DEF_HELPER_3(bcdcfsq, i32, avr, avr, i32)
 DEF_HELPER_3(bcdctsq, i32, avr, avr, i32)
 DEF_HELPER_4(bcdcpsgn, i32, avr, avr, avr, i32)
 DEF_HELPER_3(bcdsetsgn, i32, avr, avr, i32)
+DEF_HELPER_4(bcds, i32, avr, avr, avr, i32)
 
 DEF_HELPER_2(xsadddp, void, env, i32)
 DEF_HELPER_2(xsaddqp, void, env, i32)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 24e5964..26774a6 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -3094,6 +3094,46 @@ uint32_t helper_bcdsetsgn(ppc_avr_t *r, ppc_avr_t *b, 
uint32_t ps)
 return bcd_cmp_zero(r);
 }
 
+uint32_t helper_bcds(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b, uint32_t ps)
+{
+int cr;
+#if defined(HOST_WORDS_BIGENDIAN)
+int i = a->s8[7];
+#else
+int i = a->s8[8];
+#endif
+bool ox_flag = false;
+int sgnb = bcd_get_sgn(b);
+ppc_avr_t ret = *b;
+ret.u64[LO_IDX] &= ~0xf;
+
+if (bcd_is_valid(b) == false) {
+return CRF_SO;
+}
+
+if (unlikely(i > 31)) {
+i = 31;
+} else if (unlikely(i < -31)) {
+i = -31;
+}
+
+if (i > 0) {
+ulshift([LO_IDX], [HI_IDX], i * 4, _flag);
+} else {
+urshift([LO_IDX], [HI_IDX], -i * 4);
+}
+bcd_put_digit(, bcd_preferred_sgn(sgnb, ps), 0);
+
+*r = ret;
+
+cr = bcd_cmp_zero(r);
+if (ox_flag) {
+cr |= CRF_SO;
+}
+
+return cr;
+}
+
 void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
 {
 int i;
diff --git a/target/ppc/translate/vmx-impl.inc.c 
b/target/ppc/translate/vmx-impl.inc.c
index e8e527f..84ebb7e 100644
--- a/target/ppc/translate/vmx-impl.inc.c
+++ b/target/ppc/translate/vmx-impl.inc.c
@@ -1016,6 +1016,7 @@ GEN_BCD2(bcdcfsq)
 GEN_BCD2(bcdctsq)
 GEN_BCD2(bcdsetsgn)
 GEN_BCD(bcdcpsgn);
+GEN_BCD(bcds);
 
 static void gen_xpnd04_1(DisasContext *ctx)
 {
@@ -1090,6 +1091,8 @@ GEN_VXFORM_DUAL(vsubuhs, PPC_ALTIVEC, PPC_NONE, \
 bcdsub, PPC_NONE, PPC2_ALTIVEC_207)
 GEN_VXFORM_DUAL(vaddshs, PPC_ALTIVEC, PPC_NONE, \
 bcdcpsgn, PPC_NONE, PPC2_ISA300)
+GEN_VXFORM_DUAL(vsubudm, PPC2_ALTIVEC_207, PPC_NONE, \
+bcds, PPC_NONE, PPC2_ISA300)
 
 static void gen_vsbox(DisasContext *ctx)
 {
diff --git a/target/ppc/translate/vmx-ops.inc.c 
b/target/ppc/translate/vmx-ops.inc.c
index 57dce6e..7b4b009 100644
--- a/target/ppc/translate/vmx-ops.inc.c
+++ b/target/ppc/translate/vmx-ops.inc.c
@@ -62,7 +62,8 @@ GEN_VXFORM_207(vaddudm, 0, 3),
 GEN_VXFORM_DUAL(vsububm, bcdadd, 0, 16, PPC_ALTIVEC, PPC_NONE),
 GEN_VXFORM_DUAL(vsubuhm, bcdsub, 0, 17, PPC_ALTIVEC, PPC_NONE),
 GEN_VXFORM(vsubuwm, 0, 18),
-GEN_VXFORM_207(vsubudm, 0, 19),
+GEN_VXFORM_DUAL(vsubudm, bcds, 0, 19, PPC2_ALTIVEC_207, PPC2_ISA300),
+GEN_VXFORM_300(bcds, 0, 27),
 GEN_VXFORM(vmaxub, 1, 0),
 GEN_VXFORM(vmaxuh, 1, 1),
 GEN_VXFORM(vmaxuw, 1, 2),
-- 
2.7.4

[Qemu-devel] [PATCH v5 5/7] ppc: Implement bcdsr. instruction

[Jose Ricardo Ziviani]

bcdsr.: Decimal shift and round. This instruction works like bcds.
however, when performing right shift, 1 will be added to the
result if the last digit was >= 5.

Signed-off-by: Jose Ricardo Ziviani 
---
 target/ppc/helper.h |  1 +
 target/ppc/int_helper.c | 48 +
 target/ppc/translate/vmx-impl.inc.c |  1 +
 target/ppc/translate/vmx-ops.inc.c  |  2 ++
 4 files changed, 52 insertions(+)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 065eb66..d1db462 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -400,6 +400,7 @@ DEF_HELPER_4(bcdcpsgn, i32, avr, avr, avr, i32)
 DEF_HELPER_3(bcdsetsgn, i32, avr, avr, i32)
 DEF_HELPER_4(bcds, i32, avr, avr, avr, i32)
 DEF_HELPER_4(bcdus, i32, avr, avr, avr, i32)
+DEF_HELPER_4(bcdsr, i32, avr, avr, avr, i32)
 
 DEF_HELPER_2(xsadddp, void, env, i32)
 DEF_HELPER_2(xsaddqp, void, env, i32)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 91ae89f..b184063 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -3175,6 +3175,54 @@ uint32_t helper_bcdus(ppc_avr_t *r, ppc_avr_t *a, 
ppc_avr_t *b, uint32_t ps)
 return cr;
 }
 
+uint32_t helper_bcdsr(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b, uint32_t ps)
+{
+int cr;
+int unused = 0;
+int invalid = 0;
+bool ox_flag = false;
+int sgnb = bcd_get_sgn(b);
+ppc_avr_t ret = *b;
+ret.u64[LO_IDX] &= ~0xf;
+
+#if defined(HOST_WORDS_BIGENDIAN)
+int i = a->s8[7];
+ppc_avr_t bcd_one = { .u64 = { 0, 0x10 } };
+#else
+int i = a->s8[8];
+ppc_avr_t bcd_one = { .u64 = { 0x10, 0 } };
+#endif
+
+if (bcd_is_valid(b) == false) {
+return CRF_SO;
+}
+
+if (unlikely(i > 31)) {
+i = 31;
+} else if (unlikely(i < -31)) {
+i = -31;
+}
+
+if (i > 0) {
+ulshift([LO_IDX], [HI_IDX], i * 4, _flag);
+} else {
+urshift([LO_IDX], [HI_IDX], -i * 4);
+
+if (bcd_get_digit(, 0, ) >= 5) {
+bcd_add_mag(, , _one, , );
+}
+}
+bcd_put_digit(, bcd_preferred_sgn(sgnb, ps), 0);
+
+cr = bcd_cmp_zero();
+if (ox_flag) {
+cr |= CRF_SO;
+}
+*r = ret;
+
+return cr;
+}
+
 void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
 {
 int i;
diff --git a/target/ppc/translate/vmx-impl.inc.c 
b/target/ppc/translate/vmx-impl.inc.c
index fc54881..451abb5 100644
--- a/target/ppc/translate/vmx-impl.inc.c
+++ b/target/ppc/translate/vmx-impl.inc.c
@@ -1018,6 +1018,7 @@ GEN_BCD2(bcdsetsgn)
 GEN_BCD(bcdcpsgn);
 GEN_BCD(bcds);
 GEN_BCD(bcdus);
+GEN_BCD(bcdsr);
 
 static void gen_xpnd04_1(DisasContext *ctx)
 {
diff --git a/target/ppc/translate/vmx-ops.inc.c 
b/target/ppc/translate/vmx-ops.inc.c
index cdd3abe..fa9c996 100644
--- a/target/ppc/translate/vmx-ops.inc.c
+++ b/target/ppc/translate/vmx-ops.inc.c
@@ -132,6 +132,8 @@ GEN_HANDLER_E_2(vprtybd, 0x4, 0x1, 0x18, 9, 0, PPC_NONE, 
PPC2_ISA300),
 GEN_HANDLER_E_2(vprtybq, 0x4, 0x1, 0x18, 10, 0, PPC_NONE, PPC2_ISA300),
 
 GEN_VXFORM_DUAL(vsubcuw, xpnd04_1, 0, 22, PPC_ALTIVEC, PPC_NONE),
+GEN_VXFORM_300(bcdsr, 0, 23),
+GEN_VXFORM_300(bcdsr, 0, 31),
 GEN_VXFORM_DUAL(vaddubs, vmul10uq, 0, 8, PPC_ALTIVEC, PPC_NONE),
 GEN_VXFORM_DUAL(vadduhs, vmul10euq, 0, 9, PPC_ALTIVEC, PPC_NONE),
 GEN_VXFORM(vadduws, 0, 10),
-- 
2.7.4

[Qemu-devel] [PATCH v5 2/7] host-utils: Implement unsigned quadword left/right shift and unit tests

[Jose Ricardo Ziviani]

Implements 128-bit left shift and right shift as well as their
testcases. By design, shift silently mods by 128, so the caller is
responsible to assert the shift range if necessary.

Left shift sets the overflow flag if any non-zero digit is shifted out.

Examples:
 ulshift(, , 250, );
 equivalent: n << 122

 urshift(, , -2);
 equivalent: n << 126

Signed-off-by: Jose Ricardo Ziviani 
---
 include/qemu/host-utils.h |  27 +
 tests/Makefile.include|   5 +-
 tests/test-shift128.c | 139 ++
 util/host-utils.c |  64 +
 4 files changed, 234 insertions(+), 1 deletion(-)
 create mode 100644 tests/test-shift128.c

diff --git a/include/qemu/host-utils.h b/include/qemu/host-utils.h
index 46187bb..89c3dc7 100644
--- a/include/qemu/host-utils.h
+++ b/include/qemu/host-utils.h
@@ -516,4 +516,31 @@ static inline uint64_t pow2ceil(uint64_t value)
 return 1ULL << (64 - nlz);
 }
 
+/**
+ * urshift - 128-bit Unsigned Right Shift.
+ * @plow: in/out - lower 64-bit integer.
+ * @phigh: in/out - higher 64-bit integer.
+ * @shift: in - bytes to shift, between 0 and 127.
+ *
+ * Result is zero-extended and stored in plow/phigh, which are
+ * input/output variables. Shift values outside the range will
+ * be mod to 128. In other words, the caller is responsible to
+ * verify/assert both the shift range and plow/phigh pointers.
+ */
+void urshift(uint64_t *plow, uint64_t *phigh, int32_t shift);
+
+/**
+ * ulshift - 128-bit Unsigned Left Shift.
+ * @plow: in/out - lower 64-bit integer.
+ * @phigh: in/out - higher 64-bit integer.
+ * @shift: in - bytes to shift, between 0 and 127.
+ * @overflow: out - true if any 1-bit is shifted out.
+ *
+ * Result is zero-extended and stored in plow/phigh, which are
+ * input/output variables. Shift values outside the range will
+ * be mod to 128. In other words, the caller is responsible to
+ * verify/assert both the shift range and plow/phigh pointers.
+ */
+void ulshift(uint64_t *plow, uint64_t *phigh, int32_t shift, bool *overflow);
+
 #endif
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 0bb939d..1981a32 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -65,6 +65,8 @@ check-unit-$(CONFIG_POSIX) += tests/test-vmstate$(EXESUF)
 endif
 check-unit-y += tests/test-cutils$(EXESUF)
 gcov-files-test-cutils-y += util/cutils.c
+check-unit-y += tests/test-shift128$(EXESUF)
+gcov-files-test-shift128-y = util/host-utils.c
 check-unit-y += tests/test-mul64$(EXESUF)
 gcov-files-test-mul64-y = util/host-utils.c
 check-unit-y += tests/test-int128$(EXESUF)
@@ -466,7 +468,7 @@ test-obj-y = tests/check-qint.o tests/check-qstring.o 
tests/check-qdict.o \
tests/test-x86-cpuid.o tests/test-mul64.o tests/test-int128.o \
tests/test-opts-visitor.o tests/test-qmp-event.o \
tests/rcutorture.o tests/test-rcu-list.o \
-   tests/test-qdist.o \
+   tests/test-qdist.o tests/test-shift128.o \
tests/test-qht.o tests/qht-bench.o tests/test-qht-par.o \
tests/atomic_add-bench.o
 
@@ -574,6 +576,7 @@ tests/test-qmp-commands$(EXESUF): tests/test-qmp-commands.o 
tests/test-qmp-marsh
 tests/test-visitor-serialization$(EXESUF): tests/test-visitor-serialization.o 
$(test-qapi-obj-y)
 tests/test-opts-visitor$(EXESUF): tests/test-opts-visitor.o $(test-qapi-obj-y)
 
+tests/test-shift128$(EXESUF): tests/test-shift128.o $(test-util-obj-y)
 tests/test-mul64$(EXESUF): tests/test-mul64.o $(test-util-obj-y)
 tests/test-bitops$(EXESUF): tests/test-bitops.o $(test-util-obj-y)
 tests/test-crypto-hash$(EXESUF): tests/test-crypto-hash.o $(test-crypto-obj-y)
diff --git a/tests/test-shift128.c b/tests/test-shift128.c
new file mode 100644
index 000..f3ff736
--- /dev/null
+++ b/tests/test-shift128.c
@@ -0,0 +1,139 @@
+/*
+ * Test unsigned left and right shift
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/host-utils.h"
+
+typedef struct {
+uint64_t low;
+uint64_t high;
+uint64_t rlow;
+uint64_t rhigh;
+int32_t shift;
+bool overflow;
+} test_data;
+
+static const test_data test_ltable[] = {
+{ 0x4C7ULL, 0x0ULL, 0x04C7ULL,
+  0xULL,   0, false },
+{ 0x001ULL, 0x0ULL, 0x0002ULL,
+  0xULL,   1, false },
+{ 0x001ULL, 0x0ULL, 0x0004ULL,
+  0xULL,   2, false },
+{ 0x001ULL, 0x0ULL, 0x0010ULL,
+  0xULL,   4, false },
+{ 0x001ULL, 0x0ULL, 0x0100ULL,
+  0xULL,   8, false },
+{ 0x001ULL, 0x0ULL, 0x0001ULL,
+  0xULL,  16, false },
+{ 0x001ULL, 0x0ULL, 0x8000ULL,
+  0xULL,  31, false },
+{ 0x001ULL, 0x0ULL, 0x2000ULL,
+  

[Qemu-devel] [PATCH v5 1/7] host-utils: Move 128-bit guard macro to .c file

[Jose Ricardo Ziviani]

It is not possible to implement functions in host-utils.c for
architectures with quadwords because the guard is implemented in the
Makefile. This patch move the guard out of the Makefile to the
implementation file.

Signed-off-by: Jose Ricardo Ziviani 
---
 util/Makefile.objs | 2 +-
 util/host-utils.c  | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/util/Makefile.objs b/util/Makefile.objs
index ad0f9c7..39ae26e 100644
--- a/util/Makefile.objs
+++ b/util/Makefile.objs
@@ -11,7 +11,7 @@ util-obj-$(CONFIG_POSIX) += memfd.o
 util-obj-$(CONFIG_WIN32) += oslib-win32.o
 util-obj-$(CONFIG_WIN32) += qemu-thread-win32.o
 util-obj-y += envlist.o path.o module.o
-util-obj-$(call lnot,$(CONFIG_INT128)) += host-utils.o
+util-obj-y += host-utils.o
 util-obj-y += bitmap.o bitops.o hbitmap.o
 util-obj-y += fifo8.o
 util-obj-y += acl.o
diff --git a/util/host-utils.c b/util/host-utils.c
index b166e57..3495262 100644
--- a/util/host-utils.c
+++ b/util/host-utils.c
@@ -26,6 +26,7 @@
 #include "qemu/osdep.h"
 #include "qemu/host-utils.h"
 
+#ifndef CONFIG_INT128
 /* Long integer helpers */
 static inline void mul64(uint64_t *plow, uint64_t *phigh,
  uint64_t a, uint64_t b)
@@ -158,4 +159,5 @@ int divs128(int64_t *plow, int64_t *phigh, int64_t divisor)
 
 return overflow;
 }
+#endif
 
-- 
2.7.4

[Qemu-devel] [PATCH v5 6/7] ppc: Implement bcdtrunc. instruction

[Jose Ricardo Ziviani]

bcdtrunc.: Decimal integer truncate. Given a BCD number in vrb and the
number of bytes to truncate in vra, the return register will have vrb
with such bits truncated.

Signed-off-by: Jose Ricardo Ziviani 
---
 target/ppc/helper.h |  1 +
 target/ppc/int_helper.c | 37 +
 target/ppc/translate/vmx-impl.inc.c |  5 +
 target/ppc/translate/vmx-ops.inc.c  |  4 ++--
 4 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index d1db462..db17917 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -401,6 +401,7 @@ DEF_HELPER_3(bcdsetsgn, i32, avr, avr, i32)
 DEF_HELPER_4(bcds, i32, avr, avr, avr, i32)
 DEF_HELPER_4(bcdus, i32, avr, avr, avr, i32)
 DEF_HELPER_4(bcdsr, i32, avr, avr, avr, i32)
+DEF_HELPER_4(bcdtrunc, i32, avr, avr, avr, i32)
 
 DEF_HELPER_2(xsadddp, void, env, i32)
 DEF_HELPER_2(xsaddqp, void, env, i32)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index b184063..06b14d5 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -3223,6 +3223,43 @@ uint32_t helper_bcdsr(ppc_avr_t *r, ppc_avr_t *a, 
ppc_avr_t *b, uint32_t ps)
 return cr;
 }
 
+uint32_t helper_bcdtrunc(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b, uint32_t ps)
+{
+uint64_t mask;
+uint32_t ox_flag = 0;
+#if defined(HOST_WORDS_BIGENDIAN)
+int i = a->s16[3] + 1;
+#else
+int i = a->s16[4] + 1;
+#endif
+ppc_avr_t ret = *b;
+
+if (bcd_is_valid(b) == false) {
+return CRF_SO;
+}
+
+if (i > 16 && i < 32) {
+if (ret.u64[HI_IDX] >> (i * 4 - 64)) {
+ox_flag = CRF_SO;
+}
+
+mask = (uint64_t)-1 >> (128 - i * 4);
+ret.u64[HI_IDX] &= mask;
+} else if (i >= 0 && i <= 16) {
+if (ret.u64[HI_IDX] || (i < 16 && ret.u64[LO_IDX] >> (i * 4))) {
+ox_flag = CRF_SO;
+}
+
+mask = (uint64_t)-1 >> (64 - i * 4);
+ret.u64[LO_IDX] &= mask;
+ret.u64[HI_IDX] = 0;
+}
+bcd_put_digit(, bcd_preferred_sgn(bcd_get_sgn(b), ps), 0);
+*r = ret;
+
+return bcd_cmp_zero() | ox_flag;
+}
+
 void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
 {
 int i;
diff --git a/target/ppc/translate/vmx-impl.inc.c 
b/target/ppc/translate/vmx-impl.inc.c
index 451abb5..1683f42 100644
--- a/target/ppc/translate/vmx-impl.inc.c
+++ b/target/ppc/translate/vmx-impl.inc.c
@@ -1019,6 +1019,7 @@ GEN_BCD(bcdcpsgn);
 GEN_BCD(bcds);
 GEN_BCD(bcdus);
 GEN_BCD(bcdsr);
+GEN_BCD(bcdtrunc);
 
 static void gen_xpnd04_1(DisasContext *ctx)
 {
@@ -1097,6 +1098,10 @@ GEN_VXFORM_DUAL(vsubudm, PPC2_ALTIVEC_207, PPC_NONE, \
 bcds, PPC_NONE, PPC2_ISA300)
 GEN_VXFORM_DUAL(vsubuwm, PPC_ALTIVEC, PPC_NONE, \
 bcdus, PPC_NONE, PPC2_ISA300)
+GEN_VXFORM_DUAL(vsubsbs, PPC_ALTIVEC, PPC_NONE, \
+bcdtrunc, PPC_NONE, PPC2_ISA300)
+GEN_VXFORM_DUAL(vsubuqm, PPC2_ALTIVEC_207, PPC_NONE, \
+bcdtrunc, PPC_NONE, PPC2_ISA300)
 
 static void gen_vsbox(DisasContext *ctx)
 {
diff --git a/target/ppc/translate/vmx-ops.inc.c 
b/target/ppc/translate/vmx-ops.inc.c
index fa9c996..e6167a4 100644
--- a/target/ppc/translate/vmx-ops.inc.c
+++ b/target/ppc/translate/vmx-ops.inc.c
@@ -143,14 +143,14 @@ GEN_VXFORM(vaddsws, 0, 14),
 GEN_VXFORM_DUAL(vsububs, bcdadd, 0, 24, PPC_ALTIVEC, PPC_NONE),
 GEN_VXFORM_DUAL(vsubuhs, bcdsub, 0, 25, PPC_ALTIVEC, PPC_NONE),
 GEN_VXFORM(vsubuws, 0, 26),
-GEN_VXFORM(vsubsbs, 0, 28),
+GEN_VXFORM_DUAL(vsubsbs, bcdtrunc, 0, 28, PPC_NONE, PPC2_ISA300),
 GEN_VXFORM(vsubshs, 0, 29),
 GEN_VXFORM_DUAL(vsubsws, xpnd04_2, 0, 30, PPC_ALTIVEC, PPC_NONE),
 GEN_VXFORM_207(vadduqm, 0, 4),
 GEN_VXFORM_207(vaddcuq, 0, 5),
 GEN_VXFORM_DUAL(vaddeuqm, vaddecuq, 30, 0xFF, PPC_NONE, PPC2_ALTIVEC_207),
-GEN_VXFORM_207(vsubuqm, 0, 20),
 GEN_VXFORM_207(vsubcuq, 0, 21),
+GEN_VXFORM_DUAL(vsubuqm, bcdtrunc, 0, 20, PPC2_ALTIVEC_207, PPC2_ISA300),
 GEN_VXFORM_DUAL(vsubeuqm, vsubecuq, 31, 0xFF, PPC_NONE, PPC2_ALTIVEC_207),
 GEN_VXFORM(vrlb, 2, 0),
 GEN_VXFORM(vrlh, 2, 1),
-- 
2.7.4

[Qemu-devel] [PATCH v5 7/7] ppc: Implement bcdutrunc. instruction

[Jose Ricardo Ziviani]

bcdutrunc. Decimal unsigned truncate. Works like bcdtrunc. with
unsigned BCD numbers.

Signed-off-by: Jose Ricardo Ziviani 
---
 target/ppc/helper.h |  1 +
 target/ppc/int_helper.c | 51 +
 target/ppc/translate/vmx-impl.inc.c |  4 +++
 target/ppc/translate/vmx-ops.inc.c  |  2 +-
 4 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index db17917..c2e6b42 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -402,6 +402,7 @@ DEF_HELPER_4(bcds, i32, avr, avr, avr, i32)
 DEF_HELPER_4(bcdus, i32, avr, avr, avr, i32)
 DEF_HELPER_4(bcdsr, i32, avr, avr, avr, i32)
 DEF_HELPER_4(bcdtrunc, i32, avr, avr, avr, i32)
+DEF_HELPER_4(bcdutrunc, i32, avr, avr, avr, i32)
 
 DEF_HELPER_2(xsadddp, void, env, i32)
 DEF_HELPER_2(xsaddqp, void, env, i32)
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 06b14d5..6fe3a73 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -3260,6 +3260,57 @@ uint32_t helper_bcdtrunc(ppc_avr_t *r, ppc_avr_t *a, 
ppc_avr_t *b, uint32_t ps)
 return bcd_cmp_zero() | ox_flag;
 }
 
+uint32_t helper_bcdutrunc(ppc_avr_t *r, ppc_avr_t *a, ppc_avr_t *b, uint32_t 
ps)
+{
+int i;
+uint64_t mask;
+uint32_t ox_flag = 0;
+int invalid = 0;
+ppc_avr_t ret = *b;
+
+for (i = 0; i < 32; i++) {
+bcd_get_digit(b, i, );
+
+if (unlikely(invalid)) {
+return CRF_SO;
+}
+}
+
+#if defined(HOST_WORDS_BIGENDIAN)
+i = a->s16[3];
+#else
+i = a->s16[4];
+#endif
+if (i > 16 && i < 33) {
+if (ret.u64[HI_IDX] >> (i * 4 - 64)) {
+ox_flag = CRF_SO;
+}
+
+mask = (uint64_t)-1 >> (128 - i * 4);
+ret.u64[HI_IDX] &= mask;
+} else if (i > 0 && i <= 16) {
+if (ret.u64[HI_IDX] || (i < 16 && ret.u64[LO_IDX] >> (i * 4))) {
+ox_flag = CRF_SO;
+}
+
+mask = (uint64_t)-1 >> (64 - i * 4);
+ret.u64[LO_IDX] &= mask;
+ret.u64[HI_IDX] = 0;
+} else if (i == 0) {
+if (ret.u64[HI_IDX] || ret.u64[LO_IDX]) {
+ox_flag = CRF_SO;
+}
+ret.u64[HI_IDX] = ret.u64[LO_IDX] = 0;
+}
+
+*r = ret;
+if (r->u64[HI_IDX] == 0 && r->u64[LO_IDX] == 0) {
+return ox_flag | CRF_EQ;
+}
+
+return ox_flag | CRF_GT;
+}
+
 void helper_vsbox(ppc_avr_t *r, ppc_avr_t *a)
 {
 int i;
diff --git a/target/ppc/translate/vmx-impl.inc.c 
b/target/ppc/translate/vmx-impl.inc.c
index 1683f42..3cb6fc2 100644
--- a/target/ppc/translate/vmx-impl.inc.c
+++ b/target/ppc/translate/vmx-impl.inc.c
@@ -1020,6 +1020,7 @@ GEN_BCD(bcds);
 GEN_BCD(bcdus);
 GEN_BCD(bcdsr);
 GEN_BCD(bcdtrunc);
+GEN_BCD(bcdutrunc);
 
 static void gen_xpnd04_1(DisasContext *ctx)
 {
@@ -1102,6 +1103,9 @@ GEN_VXFORM_DUAL(vsubsbs, PPC_ALTIVEC, PPC_NONE, \
 bcdtrunc, PPC_NONE, PPC2_ISA300)
 GEN_VXFORM_DUAL(vsubuqm, PPC2_ALTIVEC_207, PPC_NONE, \
 bcdtrunc, PPC_NONE, PPC2_ISA300)
+GEN_VXFORM_DUAL(vsubcuq, PPC2_ALTIVEC_207, PPC_NONE, \
+bcdutrunc, PPC_NONE, PPC2_ISA300)
+
 
 static void gen_vsbox(DisasContext *ctx)
 {
diff --git a/target/ppc/translate/vmx-ops.inc.c 
b/target/ppc/translate/vmx-ops.inc.c
index e6167a4..139f80c 100644
--- a/target/ppc/translate/vmx-ops.inc.c
+++ b/target/ppc/translate/vmx-ops.inc.c
@@ -149,8 +149,8 @@ GEN_VXFORM_DUAL(vsubsws, xpnd04_2, 0, 30, PPC_ALTIVEC, 
PPC_NONE),
 GEN_VXFORM_207(vadduqm, 0, 4),
 GEN_VXFORM_207(vaddcuq, 0, 5),
 GEN_VXFORM_DUAL(vaddeuqm, vaddecuq, 30, 0xFF, PPC_NONE, PPC2_ALTIVEC_207),
-GEN_VXFORM_207(vsubcuq, 0, 21),
 GEN_VXFORM_DUAL(vsubuqm, bcdtrunc, 0, 20, PPC2_ALTIVEC_207, PPC2_ISA300),
+GEN_VXFORM_DUAL(vsubcuq, bcdutrunc, 0, 21, PPC2_ALTIVEC_207, PPC2_ISA300),
 GEN_VXFORM_DUAL(vsubeuqm, vsubecuq, 31, 0xFF, PPC_NONE, PPC2_ALTIVEC_207),
 GEN_VXFORM(vrlb, 2, 0),
 GEN_VXFORM(vrlh, 2, 1),
-- 
2.7.4

[Qemu-devel] [PATCH v5 0/7] POWER9 TCG enablements - BCD functions - final part

[Jose Ricardo Ziviani]

v5:
 - removes 'unlikely' gcc branch pred. hints from not unlikely places
 - adds comments in host-utils functions
 - adds more test cases for shift functions
 - handles "shift backwards" with signed shifts
 - rebases branch

v4:
 - improves functions to behave exactly like the target

v3:
 - moves shift functions to host-utils.c and added config_int128 guard
 - changes Makefile to always compile host-utils.c
 - redesigns bcd[u]trunc to use bitwise operations
 - removes "target-ppc: Implement bcd_is_valid function" (merged)

v2:
 - bcd[s,sr,us] uses 1 byte for shifting instead of 4 bytes
 - left/right functions in host-utils are out of CONFIG_INT128
 - fixes overflowing issue in left shift and added a testcase

This serie contains 5 new instructions for POWER9 ISA3.0, left/right shifts for 
unsigned quadwords and a small improvement to check whether a bcd value is 
valid or not.

bcds.: Decimal signed shift
bcdus.: Decimal unsigned shift
bcdsr.: Decimal shift and round
bcdtrunc.: Decimal signed trucate
bcdutrunc.: Decimal unsigned truncate

Jose Ricardo Ziviani (7):
  host-utils: Move 128-bit guard macro to .c file
  host-utils: Implement unsigned quadword left/right shift and unit
tests
  ppc: Implement bcds. instruction
  ppc: Implement bcdus. instruction
  ppc: Implement bcdsr. instruction
  ppc: Implement bcdtrunc. instruction
  ppc: Implement bcdutrunc. instruction

 include/qemu/host-utils.h   |  27 +
 target/ppc/helper.h |   5 +
 target/ppc/int_helper.c | 217 
 target/ppc/translate/vmx-impl.inc.c |  16 +++
 target/ppc/translate/vmx-ops.inc.c  |  13 ++-
 tests/Makefile.include  |   5 +-
 tests/test-shift128.c   | 139 +++
 util/Makefile.objs  |   2 +-
 util/host-utils.c   |  66 +++
 9 files changed, 483 insertions(+), 7 deletions(-)
 create mode 100644 tests/test-shift128.c

-- 
2.7.4

Re: [Qemu-devel] [PATCH v3 1/3] arm_generic_timer: Add the ARM Generic Timer

[Alistair Francis]

On Fri, Jan 6, 2017 at 3:57 AM, Peter Maydell  wrote:
> On 20 December 2016 at 22:42, Alistair Francis
>  wrote:
>> Add the ARM generic timer. This allows the guest to poll the timer for
>> values and also supports secure writes only.
>>
>> Signed-off-by: Alistair Francis 
>> ---
>> V3:
>>  - Use ARM ARM names
>>  - Indicate that we don't support all of the registers
>>  - Fixup the Makefile CONFIG
>> V2:
>>  - Fix couter/counter typo
>>
>>  hw/timer/Makefile.objs   |   1 +
>>  hw/timer/arm_generic_timer.c | 205 
>> +++
>>  include/hw/timer/arm_generic_timer.h |  62 +++
>>  3 files changed, 268 insertions(+)
>>  create mode 100644 hw/timer/arm_generic_timer.c
>>  create mode 100644 include/hw/timer/arm_generic_timer.h
>>
>> diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
>> index 7ba8c23..bb203e2 100644
>> --- a/hw/timer/Makefile.objs
>> +++ b/hw/timer/Makefile.objs
>> @@ -17,6 +17,7 @@ common-obj-$(CONFIG_IMX) += imx_epit.o
>>  common-obj-$(CONFIG_IMX) += imx_gpt.o
>>  common-obj-$(CONFIG_LM32) += lm32_timer.o
>>  common-obj-$(CONFIG_MILKYMIST) += milkymist-sysctl.o
>> +common-obj-$(CONFIG_ARM_TIMER) += arm_generic_timer.o
>>
>>  obj-$(CONFIG_EXYNOS4) += exynos4210_mct.o
>>  obj-$(CONFIG_EXYNOS4) += exynos4210_pwm.o
>> diff --git a/hw/timer/arm_generic_timer.c b/hw/timer/arm_generic_timer.c
>> new file mode 100644
>> index 000..da434a7
>> --- /dev/null
>> +++ b/hw/timer/arm_generic_timer.c
>> @@ -0,0 +1,205 @@
>> +/*
>> + * QEMU model of the ARM Generic Timer
>> + *
>> + * Copyright (c) 2016 Xilinx Inc.
>> + * Written by Alistair Francis 
>> + *
>> + * Permission is hereby granted, free of charge, to any person obtaining a 
>> copy
>> + * of this software and associated documentation files (the "Software"), to 
>> deal
>> + * in the Software without restriction, including without limitation the 
>> rights
>> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
>> + * copies of the Software, and to permit persons to whom the Software is
>> + * furnished to do so, subject to the following conditions:
>> + *
>> + * The above copyright notice and this permission notice shall be included 
>> in
>> + * all copies or substantial portions of the Software.
>> + *
>> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 
>> OR
>> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
>> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
>> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 
>> OTHER
>> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
>> FROM,
>> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
>> + * THE SOFTWARE.
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "hw/timer/arm_generic_timer.h"
>> +#include "qemu/timer.h"
>> +#include "qemu/log.h"
>> +
>> +#ifndef ARM_GEN_TIMER_ERR_DEBUG
>> +#define ARM_GEN_TIMER_ERR_DEBUG 0
>> +#endif
>> +
>> +static void counter_control_postw(RegisterInfo *reg, uint64_t val64)
>> +{
>> +ARMGenTimer *s = ARM_GEN_TIMER(reg->opaque);
>> +bool new_status = extract32(s->regs[R_CNTCR],
>> +R_CNTCR_EN_SHIFT,
>> +R_CNTCR_EN_LENGTH);
>> +uint64_t current_ticks;
>> +
>> +current_ticks = muldiv64(qemu_clock_get_us(QEMU_CLOCK_VIRTUAL),
>> + NANOSECONDS_PER_SECOND, 100);
>> +
>> +if ((s->enabled && !new_status) ||
>> +(!s->enabled && new_status)) {
>
> Since s->enabled and new_status are both bool, you can
> write this as "if (s->enabled != new_status)".
> (If they were ints you could use xor.)

I should have realised that, thanks.

>
>> +/* The timer is being disabled or enabled */
>> +s->tick_offset = current_ticks - s->tick_offset;
>> +}
>> +
>> +s->enabled = new_status;
>> +}
>> +
>> +static uint64_t counter_value_postr(RegisterInfo *reg)
>> +{
>> +ARMGenTimer *s = ARM_GEN_TIMER(reg->opaque);
>> +uint64_t current_ticks, total_ticks;
>> +
>> +if (s->enabled) {
>> +current_ticks = muldiv64(qemu_clock_get_us(QEMU_CLOCK_VIRTUAL),
>> + NANOSECONDS_PER_SECOND, 100);
>> +total_ticks = current_ticks - s->tick_offset;
>> +} else {
>> +/* Timer is disabled, return the time when it was disabled */
>> +total_ticks = s->tick_offset;
>> +}
>> +
>> +return total_ticks;
>> +}
>> +
>> +static uint64_t counter_low_value_postr(RegisterInfo *reg, uint64_t val64)
>> +{
>> +return (uint32_t) counter_value_postr(reg);
>> +}
>> +
>> +static uint64_t counter_high_value_postr(RegisterInfo *reg, uint64_t val64)
>> +{
>> +return (uint32_t) (counter_value_postr(reg) >> 32);
>> +}
>
> The spec says 

Re: [Qemu-devel] [PULL for-2.9 0/9] virtio, vhost, pc: fixes

[Fam Zheng]

On Mon, 01/09 17:28, Peter Maydell wrote:
> On 9 January 2017 at 16:48, Michael S. Tsirkin  wrote:
> > The strange thing here is that this actually seems to apply patches
> > from list instead of getting the tag from the tree.
> 
> That's because it's really supposed to be working on patches sent
> to the list -- it only checks pull requests because it can't
> tell them apart from patches, I think.

It can be taught not to check pull requests but I don't see a reason to, maybe
it's better to let patchew pull the tag instead of applying, but on the other
hand it's a bit odd to assume they two differ, that's why I haven't done it.

Fam

[Qemu-devel] [Bug 1653063] Re: qemu-system-arm hangs with -icount and -nodefaults

[Hansni Bu]

** Description changed:

- I tested with the latest git repo, (commit:
+ I tested with release 2.8.0 and the latest git repo, (commit:
  dbe2b65566e76d3c3a0c3358285c0336ac61e757).
  
  My configure options when building QEMU:
  '../configure' '--prefix=$HOME/local/qemu.git' 
'--target-list=aarch64-softmmu,arm-softmmu' '--cpu=x86_64' '--cc=gcc' 
'--disable-user' '--disable-sdl' '--disable-stack-protector' '--disable-attr' 
'--disable-pie' '--disable-linux-aio' '--disable-tpm' '--without-system-pixman' 
'--disable-docs' '--disable-guest-agent' '--disable-guest-agent-msi' 
'--disable-modules' '--disable-sparse' '--disable-gnutls' '--disable-nettle' 
'--disable-gcrypt' '--disable-gtk' '--disable-vte' '--disable-curses' 
'--disable-vnc' '--disable-cocoa' '--disable-virtfs' '--disable-xen' 
'--disable-brlapi' '--disable-curl' '--disable-bluez' '--disable-rdma' 
'--disable-uuid' '--disable-vde' '--disable-netmap' '--disable-cap-ng' 
'--disable-attr' '--disable-vhost-net' '--disable-spice' '--disable-rbd' 
'--disable-libiscsi' '--disable-libnfs' '--disable-smartcard' 
'--disable-libusb' '--disable-usb-redir' '--disable-lzo' '--disable-snappy' 
'--disable-bzip2' '--disable-seccomp' '--disable-glusterfs' 
'--disable-archipelago' '--disable-libssh2' '--disable-vhdx' '--disable-numa' 
'--disable-werror' '--disable-blobs' '--disable-vhost-scsi' '--enable-debug' 
'--disable-strip' '--enable-debug-tcg' '--enable-debug-info' 
'--extra-cflags=-fPIC'
  
  My host OS is Redhat RHEL-6.5. uname command gives:
  Linux rslpc1 2.6.32-431.el6.x86_64 #1 SMP Sun Nov 10 22:19:54 EST 2013 x86_64 
x86_64 x86_64 GNU/Linux
  
  The test image is downloaded from http://wiki.qemu.org/download/arm-
  test-0.2.tar.gz
  
  The command to re-produce the problem:
  qemu-system-arm -M integratorcp -kernel arm-test/zImage.integrator -initrd 
arm-test/arm_root.img -nographic -icount 1 -nodefaults -chardev 
stdio,mux=on,id=char0 -serial chardev:char0 --append "console=ttyAMA0"
  
  After console prints the message below:
  "Uncompressing 
Linux.. 
done, booting the kernel."
  there's no further action noticed.
  
  If "-icount" is not set, namely run as:
  qemu-system-arm -M integratorcp -kernel arm-test/zImage.integrator -initrd 
arm-test/arm_root.img -nographic -nodefaults -chardev stdio,mux=on,id=char0 
-serial chardev:char0 --append "console=ttyAMA0"
  
  or if "-nodefaults" is not set, namely run as:
  qemu-system-arm -M integratorcp -kernel arm-test/zImage.integrator -initrd 
arm-test/arm_root.img -nographic -icount 1 --append "console=ttyAMA0"
  
  The Linux boot procedure can finish successfully.
  
  Thanks.
  Hansni

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1653063

Title:
  qemu-system-arm hangs with -icount and -nodefaults

Status in QEMU:
  New

Bug description:
  I tested with release 2.8.0 and the latest git repo, (commit:
  dbe2b65566e76d3c3a0c3358285c0336ac61e757).

  My configure options when building QEMU:
  '../configure' '--prefix=$HOME/local/qemu.git' 
'--target-list=aarch64-softmmu,arm-softmmu' '--cpu=x86_64' '--cc=gcc' 
'--disable-user' '--disable-sdl' '--disable-stack-protector' '--disable-attr' 
'--disable-pie' '--disable-linux-aio' '--disable-tpm' '--without-system-pixman' 
'--disable-docs' '--disable-guest-agent' '--disable-guest-agent-msi' 
'--disable-modules' '--disable-sparse' '--disable-gnutls' '--disable-nettle' 
'--disable-gcrypt' '--disable-gtk' '--disable-vte' '--disable-curses' 
'--disable-vnc' '--disable-cocoa' '--disable-virtfs' '--disable-xen' 
'--disable-brlapi' '--disable-curl' '--disable-bluez' '--disable-rdma' 
'--disable-uuid' '--disable-vde' '--disable-netmap' '--disable-cap-ng' 
'--disable-attr' '--disable-vhost-net' '--disable-spice' '--disable-rbd' 
'--disable-libiscsi' '--disable-libnfs' '--disable-smartcard' 
'--disable-libusb' '--disable-usb-redir' '--disable-lzo' '--disable-snappy' 
'--disable-bzip2' '--disable-seccomp' '--disable-glusterfs' 
'--disable-archipelago' '--disable-libssh2' '--disable-vhdx' '--disable-numa' 
'--disable-werror' '--disable-blobs' '--disable-vhost-scsi' '--enable-debug' 
'--disable-strip' '--enable-debug-tcg' '--enable-debug-info' 
'--extra-cflags=-fPIC'

  My host OS is Redhat RHEL-6.5. uname command gives:
  Linux rslpc1 2.6.32-431.el6.x86_64 #1 SMP Sun Nov 10 22:19:54 EST 2013 x86_64 
x86_64 x86_64 GNU/Linux

  The test image is downloaded from http://wiki.qemu.org/download/arm-
  test-0.2.tar.gz

  The command to re-produce the problem:
  qemu-system-arm -M integratorcp -kernel arm-test/zImage.integrator -initrd 
arm-test/arm_root.img -nographic -icount 1 -nodefaults -chardev 
stdio,mux=on,id=char0 -serial chardev:char0 --append "console=ttyAMA0"

  After console prints the message below:
  "Uncompressing 
Linux.. 
done, 

Re: [Qemu-devel] [virtio-dev] Re: [PATCH v14 0/2] virtio-crypto: virtio crypto device specification

[Gonglei (Arei)]

Hi Michael,

>
> Subject: [virtio-dev] Re: [Qemu-devel] [PATCH v14 0/2] virtio-crypto: virtio
> crypto device specification
> 
> On Wed, Jan 04, 2017 at 01:03:21AM +, Gonglei (Arei) wrote:
> > Hi Stefan,
> >
> > >
> > > Subject: Re: [Qemu-devel] [PATCH v14 0/2] virtio-crypto: virtio crypto 
> > > device
> > > specification
> > >
> > > On Mon, Dec 26, 2016 at 02:38:29AM +, Gonglei (Arei) wrote:
> > > > Both Alex and Stefan mentioned that the process of create/close a
> session
> > > > makes we have a least one full round-trip cost from guest to host to 
> > > > guest
> > > > to be able to send any data for symmetric algorithms. It gets ourself 
> > > > into
> > > > synchronization troubles in some scenarios like a web server handling 
> > > > lots
> > > > of small requests whose algorithms and keys are different.
> > > >
> > > > Because the virtio crypto specification has not been voted yet and v15 
> > > > is
> on
> > > the way.
> > > > I'd like to make some changes in order to support those scenarios 
> > > > better.
> > > That means
> > > > we will support one-blob request (no sessions) as well for symmetric
> > > > algorithms, including HASH, MAC services. The benefit is obvious for
> > > > HASH service because it's usually a one-blob operation.
> > > >
> > > > The main changes will be:
> > > >  1) using the flag property of struct virtio_crypto_op_header to 
> > > > identify
> the
> > > > type of crypto request. Aka Is it a session-based or non-session
> > > request?
> > > > The flag is not used currently, so we can make use of it.
> > > >
> > > >  2) extending virtio_crypto_*_para structures, for example, add the
> content
> > > of
> > > > struct virtio_crypto_cipher_session_para into struct
> > > virtio_crypto_cipher_para.
> > > > It's true that will increase the size of each crypto request after 
> > > > this
> > > change.
> > > >
> > > > Does it make sense? Thanks!
> > >
> > > That sounds good.  Hopefully many crypto API users only use a single
> > > operation and can therefore benefit from this optimization.
> > >
> > Thanks for your feedback. I'll start this work.
> >
> > Regards,
> > -Gonglei
> 
> I worry what's going to happen with the virtio driver
> I merged upstream though. Do you plan to make changes
> compatible with it?
> 
Yes, I do. We can support both session based and non-session based
crypto operations then. I use some feature bits to negotiate them between
the device and the driver. Please see the spec of v15:

[PATCH v15 0/2] virtio-crypto: virtio crypto device specification


Regards,
-Gonglei

Re: [Qemu-devel] [PATCH v3 0/3] add support for mice with extra/side buttons

[Fabian Lesniak]

Ping.

I forgot to CC Gerd.

http://patchwork.ozlabs.org/patch/703302/

http://patchwork.ozlabs.org/patch/703304/

http://patchwork.ozlabs.org/patch/703303/


Am 06.12.2016 um 20:00 schrieb Fabian Lesniak:

This patch implements event handling for 5-button ps/2 mice and
appropriate event generation for gtk and input-linux input methods.

As Gerd suggested, it is now split into three parts and introduces
distinct ps2 mouse button definitions instead of using the legacy
ones from console.h. Please comment on the location of the new
definitions if inappropriate.

The changes to qapi were improved following Eric's hints.

Fabian Lesniak (3):
   qapi: add support for mice with extra/side buttons
   ps2: add support for mice with extra/side buttons
   ui: add support for mice with extra/side buttons

  hw/input/ps2.c | 8 +---
  include/hw/input/ps2.h | 6 ++
  qapi-schema.json   | 7 ++-
  ui/gtk.c   | 4 
  ui/input-linux.c   | 6 ++
  5 files changed, 27 insertions(+), 4 deletions(-)

Re: [Qemu-devel] [PATCH] virtio-gpu: tag as not hotpluggable

[Michael S. Tsirkin]

On Mon, Jan 09, 2017 at 02:55:38PM +0100, Gerd Hoffmann wrote:
> qemu can't hotplug display devices.
> 
> Signed-off-by: Gerd Hoffmann 

Reviewed-by: Michael S. Tsirkin 


> ---
>  hw/display/virtio-gpu.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
> index ca88cf4..f410a3e 100644
> --- a/hw/display/virtio-gpu.c
> +++ b/hw/display/virtio-gpu.c
> @@ -1282,6 +1282,7 @@ static void virtio_gpu_class_init(ObjectClass *klass, 
> void *data)
>  
>  dc->props = virtio_gpu_properties;
>  dc->vmsd = _virtio_gpu;
> +dc->hotpluggable = false;
>  }
>  
>  static const TypeInfo virtio_gpu_info = {
> -- 
> 1.8.3.1

Re: [Qemu-devel] [PATCH v2] vfio/pci: Support error recovery

[Michael S. Tsirkin]

On Sat, Dec 31, 2016 at 05:15:36PM +0800, Cao jin wrote:
> Support serious device error recovery

serious?

> 
> Signed-off-by: Cao jin 
> ---
>  drivers/vfio/pci/vfio_pci.c | 70 
> +++--
>  drivers/vfio/pci/vfio_pci_private.h |  2 ++
>  2 files changed, 70 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
> index 712a849..752af20 100644
> --- a/drivers/vfio/pci/vfio_pci.c
> +++ b/drivers/vfio/pci/vfio_pci.c
> @@ -534,6 +534,15 @@ static long vfio_pci_ioctl(void *device_data,
>  {
>   struct vfio_pci_device *vdev = device_data;
>   unsigned long minsz;
> + int ret;
> +
> + if (vdev->aer_recovering && (cmd == VFIO_DEVICE_SET_IRQS ||
> + cmd == VFIO_DEVICE_RESET || cmd == VFIO_DEVICE_PCI_HOT_RESET)) {
> + ret = wait_for_completion_interruptible(
> + >aer_completion);

don't split it like that.

> + if (ret)
> + return ret;
> + }
>  
>   if (cmd == VFIO_DEVICE_GET_INFO) {
>   struct vfio_device_info info;
> @@ -953,6 +962,15 @@ static ssize_t vfio_pci_rw(void *device_data, char 
> __user *buf,
>  {
>   unsigned int index = VFIO_PCI_OFFSET_TO_INDEX(*ppos);
>   struct vfio_pci_device *vdev = device_data;
> + int ret;
> +
> + /* block all kinds of access during host recovery */
> + if (vdev->aer_recovering) {
> + ret = wait_for_completion_interruptible(
> + >aer_completion);
> + if (ret)
> + return ret;
> + }
>  
>   if (index >= VFIO_PCI_NUM_REGIONS + vdev->num_regions)
>   return -EINVAL;
> @@ -1117,6 +1135,7 @@ static int vfio_pci_probe(struct pci_dev *pdev, const 
> struct pci_device_id *id)
>   vdev->irq_type = VFIO_PCI_NUM_IRQS;
>   mutex_init(>igate);
>   spin_lock_init(>irqlock);
> + init_completion(>aer_completion);
>  
>   ret = vfio_add_group_dev(>dev, _pci_ops, vdev);
>   if (ret) {
> @@ -1176,6 +1195,9 @@ static pci_ers_result_t 
> vfio_pci_aer_err_detected(struct pci_dev *pdev,
>  {
>   struct vfio_pci_device *vdev;
>   struct vfio_device *device;
> + u32 uncor_status;
> + unsigned int aer_cap_offset;
> + int ret;
>  
>   device = vfio_device_get_from_dev(>dev);
>   if (device == NULL)
> @@ -1187,10 +1209,29 @@ static pci_ers_result_t 
> vfio_pci_aer_err_detected(struct pci_dev *pdev,
>   return PCI_ERS_RESULT_DISCONNECT;
>   }
>  
> + /*
> +  * get device's uncorrectable error status as soon as possible,

should be "Get".

> +  * and signal it to user space. The later we read it, the possibility
> +  * the register value is mangled grows.
> +  */
> + aer_cap_offset = pci_find_ext_capability(vdev->pdev, 
> PCI_EXT_CAP_ID_ERR);
> + ret = pci_read_config_dword(vdev->pdev, aer_cap_offset +
> +PCI_ERR_UNCOR_STATUS, _status);
> +if (ret)
> +return PCI_ERS_RESULT_DISCONNECT;
> +
> + pr_info("device %d got AER detect notification. uncorrectable error 
> status = 0x%x\n", pdev->devfn, uncor_status);//to be removed

Pls drop this.

>   mutex_lock(>igate);
>  
> - if (vdev->err_trigger)
> - eventfd_signal(vdev->err_trigger, 1);
> + vdev->aer_recovering = true;
> + reinit_completion(>aer_completion);
> +
> + if (vdev->err_trigger && uncor_status) {
> + pr_info("device %d signal uncor status 0x%x to user",
> + pdev->devfn, uncor_status);
> + /* signal uncorrectable error status to user space */
> + eventfd_signal(vdev->err_trigger, uncor_status);
> +}
>  
>   mutex_unlock(>igate);
>  
> @@ -1199,8 +1240,33 @@ static pci_ers_result_t 
> vfio_pci_aer_err_detected(struct pci_dev *pdev,
>   return PCI_ERS_RESULT_CAN_RECOVER;
>  }
>  
> +static void vfio_pci_aer_resume(struct pci_dev *pdev)
> +{
> + struct vfio_pci_device *vdev;
> + struct vfio_device *device;
> +
> + device = vfio_device_get_from_dev(>dev);
> + if (device == NULL)
> + return;
> +
> + vdev = vfio_device_data(device);
> + if (vdev == NULL) {
> + vfio_device_put(device);
> + return;
> + }
> +
> + mutex_lock(>igate);
> + vdev->aer_recovering = false;
> + mutex_unlock(>igate);
> +
> + complete_all(>aer_completion);
> +
> + vfio_device_put(device);
> +}
> +
>  static const struct pci_error_handlers vfio_err_handlers = {
>   .error_detected = vfio_pci_aer_err_detected,
> + .resume = vfio_pci_aer_resume,
>  };
>  
>  static struct pci_driver vfio_pci_driver = {
> diff --git a/drivers/vfio/pci/vfio_pci_private.h 
> b/drivers/vfio/pci/vfio_pci_private.h
> index 8a7d546..ba8471f 100644
> --- a/drivers/vfio/pci/vfio_pci_private.h
> +++ b/drivers/vfio/pci/vfio_pci_private.h

Re: [Qemu-devel] [PATCH v4] [i.MX] fix CS handling during SPI access.

[Peter Maydell]

On 9 January 2017 at 22:27, Jean-Christophe DUBOIS  wrote:
> I might be wrong but I think they are coming out of reset with
> their CS line set to low (so they are selected by default)
> because this is the default level at reset.

If that's true then you're in difficulties, because
there's no guarantee about device reset order. So
even if your SPI controller calls qemu_set_irq in
its reset function, if the devices on the other
end happen to have their reset called after the
controller then they'll still reset into selected...

thanks
-- PMM

Re: [Qemu-devel] [PATCH RFC v11 3/4] vfio-pci: pass the aer error to guest

[Michael S. Tsirkin]

On Sat, Dec 31, 2016 at 05:13:07PM +0800, Cao jin wrote:
> From: Chen Fan 
> 
> When physical device has uncorrectable error hanppened, the vfio_pci
> driver will signal the uncorrectable error status register value to
> corresponding QEMU's vfio-pci device via the eventfd registered by this
> device, then, the vfio-pci's error eventfd handler will be invoked in
> event loop.
> 
> Construct and pass the aer message to root port, root port will trigger an
> interrupt to signal guest, then, the guest driver will do the recovery.
> 
> Note: Now only support non-fatal error's recovery, fatal error will
> still result in vm stop.
> 
> Signed-off-by: Chen Fan 
> Signed-off-by: Dou Liyang 
> Signed-off-by: Cao jin 
> ---
>  hw/vfio/pci.c | 50 ++
>  1 file changed, 42 insertions(+), 8 deletions(-)
> 
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index 76a8ac3..9861f72 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -2470,21 +2470,55 @@ static void vfio_put_device(VFIOPCIDevice *vdev)
>  static void vfio_err_notifier_handler(void *opaque)
>  {
>  VFIOPCIDevice *vdev = opaque;
> +PCIDevice *dev = >pdev;
> +PCIEAERMsg msg = {
> +.severity = 0,
> +.source_id = (pci_bus_num(dev->bus) << 8) | dev->devfn,
> +};
> +int len;
> +uint64_t uncor_status;
> +
> +/* Read uncorrectable error status from driver */
> +len = read(vdev->err_notifier.rfd, _status, sizeof(uncor_status));
> +if (len != sizeof(uncor_status)) {
> +error_report("vfio-pci: uncor error status reading returns"
> + " invalid number of bytes: %d", len);
> +return; //Or goto stop?

I would definitely suggest this to make sure we don't regress.

> +}
> +
> +if (!(vdev->features & VFIO_FEATURE_ENABLE_AER)) {
> +goto stop;
> +}
> +
> +/* Populate the aer msg and send it to root port */
> +if (dev->exp.aer_cap) {
> +uint8_t *aer_cap = dev->config + dev->exp.aer_cap;
> +bool isfatal = uncor_status &
> +   pci_get_long(aer_cap + PCI_ERR_UNCOR_SEVER);
> +
> + if (isfatal) {
> + goto stop;
> + }
> +
> +msg.severity = isfatal ? PCI_ERR_ROOT_CMD_FATAL_EN :
> + PCI_ERR_ROOT_CMD_NONFATAL_EN;
>  
> -if (!event_notifier_test_and_clear(>err_notifier)) {
> +error_report("vfio-pci device %d sending AER to root port. uncor"
> + " status = 0x%"PRIx64, dev->devfn, uncor_status);
> +pcie_aer_msg(dev, );
>  return;
>  }
>  
> +stop:
>  /*
> - * TBD. Retrieve the error details and decide what action
> - * needs to be taken. One of the actions could be to pass
> - * the error to the guest and have the guest driver recover
> - * from the error. This requires that PCIe capabilities be
> - * exposed to the guest. For now, we just terminate the
> - * guest to contain the error.
> + * Terminate the guest in case of
> + * 1. AER capability is not exposed to guest.
> + * 2. AER capability is exposed, but error is fatal, only non-fatal
> + * error is handled now.
>   */
>  
> -error_report("%s(%s) Unrecoverable error detected. Please collect any 
> data possible and then kill the guest", __func__, vdev->vbasedev.name);
> +error_report("%s(%s) fatal error detected. Please collect any data"
> +" possible and then kill the guest", __func__, 
> vdev->vbasedev.name);
>  
>  vm_stop(RUN_STATE_INTERNAL_ERROR);
>  }
> -- 
> 1.8.3.1
> 
> 

Re: [Qemu-devel] vfio/pci: guest error recovery proposal

[Michael S. Tsirkin]

On Wed, Dec 28, 2016 at 10:52:13AM +0800, Cao jin wrote:
> 
> 
> On 12/16/2016 07:02 AM, Michael S. Tsirkin wrote:
> > 
> >>  1) We need to do the right thing for the guest, I don't think we
> >> should be presuming that different reset types are equivalent,
> >> leaving gaps where we expect the guest/host to do a reset and don't
> >> follow through on other reset requests, and we need to notify the
> >> guest immediately for the error.
> > c>  2) We need to do the right thing for the host, that means we should
> >> not give the user the opportunity to leave a device in a state
> >> where we haven't at least performed a bus reset on link error (this
> >> may be our current state and if so we should fix it).
> > 
> > Ok so here is a concrete proposal for improving guest device error
> > recovery (1).  This is not trying to fix current bugs for 2, but
> > also does not lock us into not fixing them.
> > 
> > I'll write up proposal for (2) but I feel we can't properly
> > fix host without fixing (1) first and without breaking compatibility.
> > 
> > Background:
> > 
> > non-fatal errors:
> > 
> > - These errors are due to data link problems.
> >   The problem is that a transaction was lost, so driver and device are
> >   out of sync. Device reset is in theory enough to recover from these,
> >   in practice some drivers might try to do link level reset instead.
> > 
> > 
> > fatal errors:
> > 
> > - These errors are due to physical problems.
> >   The problem is that a transaction was lost, so driver and device are
> >   out of sync. Link reset might be necessary to recover from these,
> >   sometimes device reset might be enough for very simple devices.
> >   If a link above the device reports errors, device might have went away,
> >   link reset is the only thing that might being it back.
> > 
> > current behaviour:
> > 
> > - vfio will always report that it recovered function from an error.
> > - whether link reset will trigger depends on whether any other
> >   function on the same link has a host driver that reports an error.
> > - also, if there's a host driver that can't handle errors,
> >   link reset will never trigger
> > 
> > 
> > proposed enhancement:
> > 
> > 1- allow userspace to request reporting non fatal/fatal errors separately
> > 2- report errors on monitor as events as well
> > 3- forward correct error type to guest
> > 4- set link error flag in userspace (this is optional, used for 5 below)
> > 5- if guest requests link reset, and error flag is set,
> >   stop vm (I hope we can distinguish this
> >   from resets that happen on reboot here.
> >   if yes we might not need error flag in 4 above)
> > 
> 
> Hi,
> 
> I have a question about vm stop on fatal error.
> Recently, When test my patches, I often saw fatal error(Malformed TLP
> Status) happens, which disturbed my test. So I am wondering: why vm stop
> is a better choice than qdev_unplug? Although we told user "Please
> collect any data possible and then kill the guest", I still don't know
> how to save any possible data. For example, if user is editing document,
> vm_stop caused by a device fatal error will destroy user's effort.
> 
> -- 
> Sincerely,
> Cao jin

Why vm stop might not always be the right thing to do
it happens to be what we already do.

This patchset isn't making any progress for a long time.

Focusing on incremental enhancements with minimal changes
at each step is probably the only
chance there is to make meaningful progress.


> > 
> > Results:
> > The advantage of this is that we don't need to manage any state at all.
> > Most drivers will handle non fatal errors by FLR and will recover fine.
> > Drivers that attempt link reset will get vmstop which is not
> > worse than what we have now.
> > 
> > I don't see how this can break any reasonable configuration
> > that is not already broken, but we might want a flag
> > to suppress aer reports to guest and just do vmstop
> > unconditionally.
> > Alternatively, management can pause vm itself when it sees the error.
> > 
> > 
> > Pls remember to Cc qemu list on discussion, not just kvm.
> > 
> 
> 
> 

Re: [Qemu-devel] [PATCH] pcie: remove duplicate assertion

[Michael S. Tsirkin]

On Fri, Dec 23, 2016 at 10:16:30AM +0800, Cao jin wrote:
> "size >= 8" connote "size > 0"
> 
> Signed-off-by: Cao jin 

Isn't the point to check for overflows?

> ---
>  hw/pci/pcie.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
> index 39b10b852d91..f864c5cd5458 100644
> --- a/hw/pci/pcie.c
> +++ b/hw/pci/pcie.c
> @@ -668,7 +668,6 @@ void pcie_add_capability(PCIDevice *dev,
>  uint16_t next;
>  
>  assert(offset >= PCI_CONFIG_SPACE_SIZE);
> -assert(offset < offset + size);
>  assert(offset + size <= PCIE_CONFIG_SPACE_SIZE);
>  assert(size >= 8);
>  assert(pci_is_express(dev));
> -- 
> 2.1.0
> 
> 

Re: [Qemu-devel] [PATCH v4] [i.MX] fix CS handling during SPI access.

[Jean-Christophe DUBOIS]

Le 09/01/2017 à 22:45, Peter Maydell a écrit :

On 9 January 2017 at 21:19, Jean-Christophe DUBOIS  wrote:

Hum, ... I think I have a problem.

With the default register value (that I get a reset) the CS line is
deselected when the CS is high.

So at reset I would need to set my 4 CS lines to high in order to be able to
drive them low later.

So during the "reset" I need to set my 4 CS line to 1 but according to you
feedback I should not do it with qemu_set_irq()...

Is there another way than qemu_set_irq() to do set my lines to high level ?

"Line should be asserted at device reset" is an awkward case
that we can't really handle cleanly at the moment,
unfortunately. Assuming that the device at the other end
comes out of reset as "not selected" it should still work,
though -- there is no state stored in a qemu_set_irq(),
so if both ends believe that the reset state of the line
is 1 then there's no need to call qemu_set_irq().


I might be wrong but I think they are coming out of reset with their CS 
line set to low (so they are selected by default) because this is the 
default level at reset.


If I have 4 devices on the same SPI bus/controller (attached to 
different CS line) they would all be selected by default I think.


JC



thanks
-- PMM

Re: [Qemu-devel] [PATCH] disas/cris.c: Fix Coverity warning about unchecked NULL

[Edgar E. Iglesias]

On Mon, Jan 09, 2017 at 09:35:16PM +, Peter Maydell wrote:
> On 9 January 2017 at 19:10,   wrote:
> > Checking PATCH 1/1: disas/cris.c: Fix Coverity warning about unchecked 
> > NULL...
> > ERROR: code indent should never use tabs
> > #24: FILE: disas/cris.c:2493:
> > +^Iif (sregp == NULL || sregp->name == NULL)$
> >
> > ERROR: suspect code indent for conditional statements (8, 10)
> > #24: FILE: disas/cris.c:2493:
> > +   if (sregp == NULL || sregp->name == NULL)
> >   /* Should have been caught as a non-match earlier.  */
> >
> > ERROR: braces {} are necessary for all arms of this statement
> > #24: FILE: disas/cris.c:2493:
> > +   if (sregp == NULL || sregp->name == NULL)
> > [...]
> >
> > total: 3 errors, 0 warnings, 8 lines checked
> 
> This is because the whole file is GNU coding standards
> style, being a binutils import. Better to stick with it rather
> than rework, I think.

Yes, I agree.

Cheers,
Edgar

[Qemu-devel] [Bug 1449687] Re: block migration of qcow2 VMs copies all empty space

[Ansgar Hegerfeld]

There is a patch available: https://lists.gnu.org/archive/html/qemu-
devel/2016-11/msg03742.html (and those which are mentioned in the
responses)

** Changed in: qemu
   Status: New => Confirmed

** Tags added: sparse

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1449687

Title:
  block migration of qcow2 VMs copies all empty space

Status in QEMU:
  Confirmed

Bug description:
  I'm running openstack 2012.1 'icehouse' which, ultimately, calls down
  into qemu-system-x86 2.0.0+dfsg-2ubuntu1.10.

  I primed the process by copying all necessary base images onto the
  destination host.  Nonetheless, post-migration instances are much
  larger than the original image; the copy duplicated all the empty
  space that ought to have remained copy-on-write.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1449687/+subscriptions

Re: [Qemu-devel] [PATCH v7 00/10] Convert msix_init() to error

[Michael S. Tsirkin]

On Mon, Nov 14, 2016 at 03:25:30PM +0800, Cao jin wrote:
> v7 changelog:
> 1. fix the segfaut bug in patch 2. So drop the all the R-b of it,
>please take a look, there is detailed description in the patch.
> 2. add the R-b from Hannes Reinecke
> 
> Test:
> 1. make check: pass
> 2. After applied all the patch, command line test for all the
>affected devices, just make sure device realize process is ok,
>no crash, but no further use of device.

Consider the megasas device for example, don't you
need to test that the change actually does what
it's intended to do?


> CC: Jiri Pirko 
> CC: Gerd Hoffmann 
> CC: Dmitry Fleytman 
> CC: Jason Wang 
> CC: Michael S. Tsirkin 
> CC: Hannes Reinecke 
> CC: Paolo Bonzini 
> CC: Alex Williamson 
> CC: Markus Armbruster 
> CC: Marcel Apfelbaum 
> 
> Cao jin (10):
>   msix: Follow CODING_STYLE
>   hcd-xhci: check & correct param before using it
>   pci: Convert msix_init() to Error and fix callers to check it
>   megasas: change behaviour of msix switch
>   hcd-xhci: change behaviour of msix switch
>   megasas: remove unnecessary megasas_use_msix()
>   megasas: undo the overwrites of msi user configuration
>   vmxnet3: fix reference leak issue
>   vmxnet3: remove unnecessary internal msix flag
>   msi_init: convert assert to return -errno
> 
>  hw/block/nvme.c|  5 +++-
>  hw/misc/ivshmem.c  |  8 +++---
>  hw/net/e1000e.c|  6 -
>  hw/net/rocker/rocker.c |  7 -
>  hw/net/vmxnet3.c   | 46 +++--
>  hw/pci/msi.c   |  9 ---
>  hw/pci/msix.c  | 42 +-
>  hw/scsi/megasas.c  | 49 ---
>  hw/usb/hcd-xhci.c  | 69 
> ++
>  hw/vfio/pci.c  |  8 --
>  hw/virtio/virtio-pci.c | 11 
>  include/hw/pci/msix.h  |  5 ++--
>  12 files changed, 164 insertions(+), 101 deletions(-)
> 
> -- 
> 2.1.0
> 
> 

Re: [Qemu-devel] [PATCH v4] [i.MX] fix CS handling during SPI access.

[Peter Maydell]

On 9 January 2017 at 21:19, Jean-Christophe DUBOIS  wrote:
> Hum, ... I think I have a problem.
>
> With the default register value (that I get a reset) the CS line is
> deselected when the CS is high.
>
> So at reset I would need to set my 4 CS lines to high in order to be able to
> drive them low later.
>
> So during the "reset" I need to set my 4 CS line to 1 but according to you
> feedback I should not do it with qemu_set_irq()...
>
> Is there another way than qemu_set_irq() to do set my lines to high level ?

"Line should be asserted at device reset" is an awkward case
that we can't really handle cleanly at the moment,
unfortunately. Assuming that the device at the other end
comes out of reset as "not selected" it should still work,
though -- there is no state stored in a qemu_set_irq(),
so if both ends believe that the reset state of the line
is 1 then there's no need to call qemu_set_irq().

thanks
-- PMM

Re: [Qemu-devel] [PATCH v14 0/2] virtio-crypto: virtio crypto device specification

[Michael S. Tsirkin]

On Wed, Jan 04, 2017 at 01:03:21AM +, Gonglei (Arei) wrote:
> Hi Stefan,
> 
> >
> > Subject: Re: [Qemu-devel] [PATCH v14 0/2] virtio-crypto: virtio crypto 
> > device
> > specification
> > 
> > On Mon, Dec 26, 2016 at 02:38:29AM +, Gonglei (Arei) wrote:
> > > Both Alex and Stefan mentioned that the process of create/close a session
> > > makes we have a least one full round-trip cost from guest to host to guest
> > > to be able to send any data for symmetric algorithms. It gets ourself into
> > > synchronization troubles in some scenarios like a web server handling lots
> > > of small requests whose algorithms and keys are different.
> > >
> > > Because the virtio crypto specification has not been voted yet and v15 is 
> > > on
> > the way.
> > > I'd like to make some changes in order to support those scenarios better.
> > That means
> > > we will support one-blob request (no sessions) as well for symmetric
> > > algorithms, including HASH, MAC services. The benefit is obvious for
> > > HASH service because it's usually a one-blob operation.
> > >
> > > The main changes will be:
> > >  1) using the flag property of struct virtio_crypto_op_header to identify 
> > > the
> > > type of crypto request. Aka Is it a session-based or non-session
> > request?
> > > The flag is not used currently, so we can make use of it.
> > >
> > >  2) extending virtio_crypto_*_para structures, for example, add the 
> > > content
> > of
> > > struct virtio_crypto_cipher_session_para into struct
> > virtio_crypto_cipher_para.
> > > It's true that will increase the size of each crypto request after 
> > > this
> > change.
> > >
> > > Does it make sense? Thanks!
> > 
> > That sounds good.  Hopefully many crypto API users only use a single
> > operation and can therefore benefit from this optimization.
> > 
> Thanks for your feedback. I'll start this work.
> 
> Regards,
> -Gonglei

I worry what's going to happen with the virtio driver
I merged upstream though. Do you plan to make changes
compatible with it?


-- 
MST

Re: [Qemu-devel] [PATCH 3/3] vmstate registration: check return values

[Peter Maydell]

On 9 January 2017 at 20:13, Dr. David Alan Gilbert (git)
 wrote:
> From: "Dr. David Alan Gilbert" 
>
> Check qdev's call to vmstate_register_with_alias_id; that gets
> most of the common uses; there's hundreds of calls via vmstate_register
> which could get fixed over time.

Not quite that bad, I think -- I make it just over 50 calls.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] ui: fix format specifier in vnc_client_io_error() to avoid break in build.

[Eric Blake]

On 01/08/2017 12:28 PM, Rami Rosen wrote:
> When building qemu after setting _VNC_DEBUG to 1 (see ui/vnc.h),
> we get the following error and the build breaks:
> ...
> ui/vnc.c: In function ‘vnc_client_io_error’:
> ui/vnc.c:1262:13: error: format ‘%d’ expects argument of type ‘int’, but 
> argument 3 has type ‘ssize_t’ [-Werror=format=]
>  VNC_DEBUG("Closing down client sock: ret %d (%s)\n",
>  ^
> cc1: all warnings being treated as errors
> make: *** [ui/vnc.o] Error 1
> ...
> 
> This patch solves this issue by fixing the print format specifier
> in vnc_client_io_error() to be %ld, which corresponds to the type
> of the "ret" variable.

NACK.  "ret" is ssize_t, which might be 'long' on some platforms, but is
'int' on others (32-bit platforms come to mind).

> 
> Signed-off-by: Rami Rosen 
> ---
>  ui/vnc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 2c28a59..4b0a89c 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -1259,7 +1259,7 @@ ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, 
> Error **errp)
>  if (ret == 0) {
>  VNC_DEBUG("Closing down client sock: EOF\n");
>  } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
> -VNC_DEBUG("Closing down client sock: ret %d (%s)\n",
> +VNC_DEBUG("Closing down client sock: ret %ld (%s)\n",

%zd is better than %ld.  Note that %zd is technically undefined -
neither C nor POSIX requires that the signed counterpart to 'size_t' be
ssize_t, nor that 'ssize_t' be the same size as 'size_t'; but it is safe
enough in qemu as we already have plenty of existing uses of this idiom
(and any platform that implements 'ssize_t' in a way that doesn't match
'%zd' is stupid when it comes to quality-of-implementation).

Looking forward to v2.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature