Re: [Qemu-devel] [PULL 6/6] hw/usb/dev-serial: Do not try to set vendorid or productid properties

[Markus Armbruster]

Thomas Huth  writes:

> On 18.05.2017 15:35, Paolo Bonzini wrote:
>> 
>> 
>> On 18/05/2017 15:22, Thomas Huth wrote:
>>> On 18.05.2017 14:00, Paolo Bonzini wrote:


 On 12/05/2017 14:21, Gerd Hoffmann wrote:
> From: Thomas Huth 
>
> When starting QEMU with the legacy USB serial device like this:
>
>  qemu-system-x86_64 -usbdevice serial:vendorid=0x1234:stdio
>
> it currently aborts since the vendorid property does not exist
> anymore (it has been removed by commit f29783f72ea77dfbd7ea0c9):
>
>  Unexpected error in object_property_find() at qemu/qom/object.c:1008:
>  qemu-system-x86_64: -usbdevice serial:vendorid=0x1234:stdio: Property
>  '.vendorid' not found
>  Aborted (core dumped)
>
> Fix this crash by issuing a more friendly error message instead
> (and simplify the code also a little bit this way).
>
> Signed-off-by: Thomas Huth 
> Message-id: 1493883704-27604-1-git-send-email-th...@redhat.com
> Signed-off-by: Gerd Hoffmann 
> ---
>  hw/usb/dev-serial.c | 24 ++--
>  1 file changed, 6 insertions(+), 18 deletions(-)
>
> diff --git a/hw/usb/dev-serial.c b/hw/usb/dev-serial.c
> index 6d5137383b..83a4f0e6fb 100644
> --- a/hw/usb/dev-serial.c
> +++ b/hw/usb/dev-serial.c
> @@ -513,27 +513,18 @@ static USBDevice *usb_serial_init(USBBus *bus, 
> const char *filename)
>  {
>  USBDevice *dev;
>  Chardev *cdrv;
> -uint32_t vendorid = 0, productid = 0;
>  char label[32];
>  static int index;
>  
>  while (*filename && *filename != ':') {
>  const char *p;
> -char *e;
> +
>  if (strstart(filename, "vendorid=", )) {
> -vendorid = strtol(p, , 16);
> -if (e == p || (*e && *e != ',' && *e != ':')) {
> -error_report("bogus vendor ID %s", p);
> -return NULL;
> -}
> -filename = e;
> +error_report("vendorid is not supported anymore");
> +return NULL;
>  } else if (strstart(filename, "productid=", )) {
> -productid = strtol(p, , 16);
> -if (e == p || (*e && *e != ',' && *e != ':')) {
> -error_report("bogus product ID %s", p);
> -return NULL;
> -}
> -filename = e;
> +error_report("productid is not supported anymore");
> +return NULL;
>  } else {
>  error_report("unrecognized serial USB option %s", filename);
>  return NULL;

 All breanches of the "if" now return NULL, so the "while" loop in turn
 can become an

 if (*filename && *filename != ':') {
 }

 and the "while (*filename == ',')" subloop can go away, replaced by just
 "return NULL".

 Even better, the "if (!*filename)" if just below can be moved first.
>>>
>>> Feel free to send an additional cleanup patch ... otherwise, I'd say let
>>> it bitrot for another year and we then remove it completely together
>>> with all the other "-usbdevice" functions...
>> 
>> Well, Coverity reports it so I'd rather keep it clean...
>
> Hmm, maybe we should simply remove "-usbdevice serial" right now already
> ... ? The vendorid/productid parameter handling has been broken since
> QEMU v0.14 already and nobody ever complained, so I guess hardly anybody
> is using "-usbdevice serial" anymore ... so I tend to simply remove it
> directly instead of going through the typical "mark-as-deprecated ->
> wait-two-release-cycles -> finally-remove-it" process here...
>
> Paolo, Gerd, what do you think?

Being broken counts as being deprecated, I'd say.

But was -usbdevice serial broken?  Or just its two optional (and
somewhat exotic) parameters?

[Qemu-devel] [PULL 0/4] xtensa semihosting fixes

[Max Filippov]

Hi Peter,

please pull the following fixes for the target/xtensa.

The following changes since commit 56821559f0ba682fe6b367815572e6f974d329ab:

  Merge remote-tracking branch 'dgilbert/tags/pull-hmp-20170517' into staging 
(2017-05-18 13:36:15 +0100)

are available in the git repository at:

  git://github.com/OSLL/qemu-xtensa.git tags/20170518-xtensa

for you to fetch changes up to 4611d6e7956b4ae7c24ec2a70c3f3f46dcfa59c7:

  target/xtensa: support output to chardev console (2017-05-18 22:10:08 -0700)


target/xtensa semihosting fixes:

- fix read/write simcall mapping flags and return value;
- use -serial option to direct console output of sim machine to QEMU chardev.


Max Filippov (4):
  hw/xtensa: sim: use g_string/g_new
  target/xtensa: fix mapping direction in read/write simcalls
  target/xtensa: fix return value of read/write simcalls
  target/xtensa: support output to chardev console

 hw/xtensa/sim.c | 14 ---
 target/xtensa/cpu.h |  1 +
 target/xtensa/xtensa-semi.c | 91 +++--
 3 files changed, 82 insertions(+), 24 deletions(-)

-- 
Thanks.
-- Max

[Qemu-devel] [RFC PATCH v2 4/4] spapr: Fix migration of Radix guests

[Bharata B Rao]

Fix migration of radix guests by ensuring that we issue
KVM_PPC_CONFIGURE_V3_MMU for radix case post migration.

Reported-by: Nageswara R Sastry 
Signed-off-by: Bharata B Rao 
---
 hw/ppc/spapr.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index daf335c..8f20f14 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1400,6 +1400,18 @@ static int spapr_post_load(void *opaque, int version_id)
 err = spapr_rtc_import_offset(>rtc, spapr->rtc_offset);
 }
 
+if (spapr->patb_entry) {
+PowerPCCPU *cpu = POWERPC_CPU(first_cpu);
+if (kvmppc_has_cap_mmu_radix() && kvm_enabled()) {
+err = kvmppc_configure_v3_mmu(cpu, SPAPR_PROC_TABLE_RADIX,
+((cpu->env.spr[SPR_LPCR] & LPCR_GTSE) ? SPAPR_PROC_TABLE_GTSE :
+0), spapr->patb_entry);
+} else {
+error_report("Radix guest is unsupported by the host");
+return -EINVAL;
+}
+}
+
 return err;
 }
 
-- 
2.7.4

[Qemu-devel] [RFC PATCH v2 0/4] ppc/spapr: Fix migration of radix guests

[Bharata B Rao]

This patchset fixes the migration of sPAPR radix guests.

Changes in v1:
--
- Dropped the unrequired patch that fixed unregister_savevm().
- Reimplemented unregister_savevm_live() such that the existing
  unregister_savevm() signature isn't modified.
- Folded HTAB savevm unregistration into spapr_free_hpt().
- Obtaining GTSE bit from LPCR now and hence patb_flags needn't be part
  of the migration stream.

v1: https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03923.html

Bharata B Rao (4):
  migration: Introduce unregister_savevm_live()
  spapr: Unregister HPT savevm handlers for radix guests
  spapr: Make h_register_process_table hcall flags global
  spapr: Fix migration of Radix guests

 hw/ppc/spapr.c  | 111 +---
 hw/ppc/spapr_hcall.c|  31 ++---
 include/hw/ppc/spapr.h  |  12 +
 include/migration/vmstate.h |   1 +
 migration/savevm.c  |  17 ++-
 5 files changed, 104 insertions(+), 68 deletions(-)

-- 
2.7.4

[Qemu-devel] [RFC PATCH v2 3/4] spapr: Make h_register_process_table hcall flags global

[Bharata B Rao]

The flags used in h_register_process_table hcall are needed in spapr.c
and hence move them to a header file. While doing so, give them
slightly specific names.

Signed-off-by: Bharata B Rao 
Reviewed-by: David Gibson 
---
 hw/ppc/spapr_hcall.c   | 31 ++-
 include/hw/ppc/spapr.h | 10 ++
 2 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index cea5d99..3915e6f 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -921,13 +921,6 @@ static void spapr_check_setup_free_hpt(sPAPRMachineState 
*spapr,
 return;
 }
 
-#define FLAGS_MASK  0x01FULL
-#define FLAG_MODIFY 0x10
-#define FLAG_REGISTER   0x08
-#define FLAG_RADIX  0x04
-#define FLAG_HASH_PROC_TBL  0x02
-#define FLAG_GTSE   0x01
-
 static target_ulong h_register_process_table(PowerPCCPU *cpu,
  sPAPRMachineState *spapr,
  target_ulong opcode,
@@ -940,12 +933,13 @@ static target_ulong h_register_process_table(PowerPCCPU 
*cpu,
 target_ulong table_size = args[3];
 uint64_t cproc;
 
-if (flags & ~FLAGS_MASK) { /* Check no reserved bits are set */
+if (flags & ~SPAPR_PROC_TABLE_MASK) { /* Check no reserved bits are set */
 return H_PARAMETER;
 }
-if (flags & FLAG_MODIFY) {
-if (flags & FLAG_REGISTER) {
-if (flags & FLAG_RADIX) { /* Register new RADIX process table */
+if (flags & SPAPR_PROC_TABLE_MODIFY) {
+if (flags & SPAPR_PROC_TABLE_REGISTER) {
+if (flags & SPAPR_PROC_TABLE_RADIX) {
+/* Register new RADIX process table */
 if (proc_tbl & 0xfff || proc_tbl >> 60) {
 return H_P2;
 } else if (page_size) {
@@ -955,7 +949,8 @@ static target_ulong h_register_process_table(PowerPCCPU 
*cpu,
 }
 cproc = PATBE1_GR | proc_tbl | table_size;
 } else { /* Register new HPT process table */
-if (flags & FLAG_HASH_PROC_TBL) { /* Hash with Segment Tables 
*/
+if (flags & SPAPR_PROC_TABLE_HPT_PT) {
+/* Hash with Segment Tables */
 /* TODO - Not Supported */
 /* Technically caused by flag bits => H_PARAMETER */
 return H_PARAMETER;
@@ -978,7 +973,8 @@ static target_ulong h_register_process_table(PowerPCCPU 
*cpu,
 cproc = spapr->patb_entry & PATBE1_GR;
 }
 } else { /* Maintain current registration */
-if (!(flags & FLAG_RADIX) != !(spapr->patb_entry & PATBE1_GR)) {
+if (!(flags & SPAPR_PROC_TABLE_RADIX) !=
+!(spapr->patb_entry & PATBE1_GR)) {
 /* Technically caused by flag bits => H_PARAMETER */
 return H_PARAMETER; /* Existing Process Table Mismatch */
 }
@@ -993,13 +989,14 @@ static target_ulong h_register_process_table(PowerPCCPU 
*cpu,
 /* Update the UPRT and GTSE bits in the LPCR for all cpus */
 CPU_FOREACH(cs) {
 set_spr(cs, SPR_LPCR, LPCR_UPRT | LPCR_GTSE,
-((flags & (FLAG_RADIX | FLAG_HASH_PROC_TBL)) ? LPCR_UPRT : 0) |
-((flags & FLAG_GTSE) ? LPCR_GTSE : 0));
+((flags & (SPAPR_PROC_TABLE_RADIX | SPAPR_PROC_TABLE_HPT_PT)) ?
+LPCR_UPRT : 0) | ((flags & SPAPR_PROC_TABLE_GTSE) ?
+SPAPR_PROC_TABLE_GTSE : 0));
 }
 
 if (kvm_enabled()) {
-return kvmppc_configure_v3_mmu(cpu, flags & FLAG_RADIX,
-   flags & FLAG_GTSE, cproc);
+return kvmppc_configure_v3_mmu(cpu, flags & SPAPR_PROC_TABLE_RADIX,
+   flags & SPAPR_PROC_TABLE_GTSE, cproc);
 }
 return H_SUCCESS;
 }
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index e581c4a..588872a 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -685,4 +685,14 @@ int spapr_rng_populate_dt(void *fdt);
 
 void spapr_do_system_reset_on_cpu(CPUState *cs, run_on_cpu_data arg);
 
+/*
+ * Defines for flag value used in H_REGISTER_PROC_TBL hcall.
+ */
+#define SPAPR_PROC_TABLE_MASK0x01FULL
+#define SPAPR_PROC_TABLE_MODIFY  0x10
+#define SPAPR_PROC_TABLE_REGISTER0x08
+#define SPAPR_PROC_TABLE_RADIX   0x04
+#define SPAPR_PROC_TABLE_HPT_PT  0x02
+#define SPAPR_PROC_TABLE_GTSE0x01
+
 #endif /* HW_SPAPR_H */
-- 
2.7.4

[Qemu-devel] [RFC PATCH v2 2/4] spapr: Unregister HPT savevm handlers for radix guests

[Bharata B Rao]

HPT gets created by default for TCG guests and later when the guest turns
out to be a radix guest, the HPT is destroyed when guest does
H_REGISTER_PROC_TBL hcall. Let HTAB savevm handlers registration and
unregistration follow the same model so that we don't end up having
unrequired HTAB savevm handlers for radix guests.

This also ensures that HTAB savevm handlers seemlessly get destroyed and
recreated like HTAB itself when hash guest reboots.

HTAB savevm handlers registration/unregistration is now done from
spapr_reallocate_hpt() which itself is called from one of the
savevm_htab_handlers.htab_load(). To cater to this circular dependency
spapr_reallocate_hpt() is made global.

Signed-off-by: Bharata B Rao 
---
 hw/ppc/spapr.c | 99 +-
 include/hw/ppc/spapr.h |  2 +
 2 files changed, 52 insertions(+), 49 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 91f7434..daf335c 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1233,53 +1233,7 @@ void spapr_free_hpt(sPAPRMachineState *spapr)
 spapr->htab = NULL;
 spapr->htab_shift = 0;
 close_htab_fd(spapr);
-}
-
-static void spapr_reallocate_hpt(sPAPRMachineState *spapr, int shift,
- Error **errp)
-{
-long rc;
-
-/* Clean up any HPT info from a previous boot */
-spapr_free_hpt(spapr);
-
-rc = kvmppc_reset_htab(shift);
-if (rc < 0) {
-/* kernel-side HPT needed, but couldn't allocate one */
-error_setg_errno(errp, errno,
- "Failed to allocate KVM HPT of order %d (try smaller 
maxmem?)",
- shift);
-/* This is almost certainly fatal, but if the caller really
- * wants to carry on with shift == 0, it's welcome to try */
-} else if (rc > 0) {
-/* kernel-side HPT allocated */
-if (rc != shift) {
-error_setg(errp,
-   "Requested order %d HPT, but kernel allocated order %ld 
(try smaller maxmem?)",
-   shift, rc);
-}
-
-spapr->htab_shift = shift;
-spapr->htab = NULL;
-} else {
-/* kernel-side HPT not needed, allocate in userspace instead */
-size_t size = 1ULL << shift;
-int i;
-
-spapr->htab = qemu_memalign(size, size);
-if (!spapr->htab) {
-error_setg_errno(errp, errno,
- "Could not allocate HPT of order %d", shift);
-return;
-}
-
-memset(spapr->htab, 0, size);
-spapr->htab_shift = shift;
-
-for (i = 0; i < size / HASH_PTE_SIZE_64; i++) {
-DIRTY_HPTE(HPTE(spapr->htab, i));
-}
-}
+unregister_savevm_live(NULL, "spapr/htab", spapr);
 }
 
 void spapr_setup_hpt_and_vrma(sPAPRMachineState *spapr)
@@ -1879,6 +1833,55 @@ static SaveVMHandlers savevm_htab_handlers = {
 .load_state = htab_load,
 };
 
+void spapr_reallocate_hpt(sPAPRMachineState *spapr, int shift,
+ Error **errp)
+{
+long rc;
+
+/* Clean up any HPT info from a previous boot */
+spapr_free_hpt(spapr);
+
+rc = kvmppc_reset_htab(shift);
+if (rc < 0) {
+/* kernel-side HPT needed, but couldn't allocate one */
+error_setg_errno(errp, errno,
+ "Failed to allocate KVM HPT of order %d (try smaller 
maxmem?)",
+ shift);
+/* This is almost certainly fatal, but if the caller really
+ * wants to carry on with shift == 0, it's welcome to try */
+} else if (rc > 0) {
+/* kernel-side HPT allocated */
+if (rc != shift) {
+error_setg(errp,
+   "Requested order %d HPT, but kernel allocated order %ld 
(try smaller maxmem?)",
+   shift, rc);
+}
+
+spapr->htab_shift = shift;
+spapr->htab = NULL;
+} else {
+/* kernel-side HPT not needed, allocate in userspace instead */
+size_t size = 1ULL << shift;
+int i;
+
+spapr->htab = qemu_memalign(size, size);
+if (!spapr->htab) {
+error_setg_errno(errp, errno,
+ "Could not allocate HPT of order %d", shift);
+return;
+}
+
+memset(spapr->htab, 0, size);
+spapr->htab_shift = shift;
+
+for (i = 0; i < size / HASH_PTE_SIZE_64; i++) {
+DIRTY_HPTE(HPTE(spapr->htab, i));
+}
+}
+register_savevm_live(NULL, "spapr/htab", -1, 1,
+ _htab_handlers, spapr);
+}
+
 static void spapr_boot_set(void *opaque, const char *boot_device,
Error **errp)
 {
@@ -2341,8 +2344,6 @@ static void ppc_spapr_init(MachineState *machine)
  * interface, this is a legacy from the sPAPREnvironment structure
  * which predated MachineState but had a similar function */
 vmstate_register(NULL, 0, _spapr, 

[Qemu-devel] [RFC PATCH v2 1/4] migration: Introduce unregister_savevm_live()

[Bharata B Rao]

Introduce a new function unregister_savevm_live() to unregister the vmstate
handlers registered via register_savevm_live().

register_savevm() allocates SaveVMHandlers while register_savevm_live()
gets passed with SaveVMHandlers. During unregistration, we  want to
free SaveVMHandlers in the former case but not free in the latter case.
Hence this new API is needed to differentiate this.

This new API will be needed by PowerPC to unregister the HTAB savevm
handlers.

Signed-off-by: Bharata B Rao 
---
 include/migration/vmstate.h |  1 +
 migration/savevm.c  | 17 +++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 8489659..02a1bac 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -79,6 +79,7 @@ int register_savevm_live(DeviceState *dev,
  void *opaque);
 
 void unregister_savevm(DeviceState *dev, const char *idstr, void *opaque);
+void unregister_savevm_live(DeviceState *dev, const char *idstr, void *opaque);
 
 typedef struct VMStateInfo VMStateInfo;
 typedef struct VMStateDescription VMStateDescription;
diff --git a/migration/savevm.c b/migration/savevm.c
index f5e8194..4ef6fdc 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -630,7 +630,8 @@ int register_savevm(DeviceState *dev,
 ops, opaque);
 }
 
-void unregister_savevm(DeviceState *dev, const char *idstr, void *opaque)
+static void unregister_savevm_common(DeviceState *dev, const char *idstr,
+ void *opaque, bool free_savevmhandlers)
 {
 SaveStateEntry *se, *new_se;
 char id[256] = "";
@@ -649,12 +650,24 @@ void unregister_savevm(DeviceState *dev, const char 
*idstr, void *opaque)
 if (strcmp(se->idstr, id) == 0 && se->opaque == opaque) {
 QTAILQ_REMOVE(_state.handlers, se, entry);
 g_free(se->compat);
-g_free(se->ops);
+if (free_savevmhandlers) {
+g_free(se->ops);
+}
 g_free(se);
 }
 }
 }
 
+void unregister_savevm(DeviceState *dev, const char *idstr, void *opaque)
+{
+unregister_savevm_common(dev, idstr, opaque, true);
+}
+
+void unregister_savevm_live(DeviceState *dev, const char *idstr, void *opaque)
+{
+unregister_savevm_common(dev, idstr, opaque, false);
+}
+
 int vmstate_register_with_alias_id(DeviceState *dev, int instance_id,
const VMStateDescription *vmsd,
void *opaque, int alias_id,
-- 
2.7.4

Re: [Qemu-devel] [RFC PATCH 09/20] Memory: introduce iommu_ops->record_device

[Liu, Yi L]

Hi Alex,

What's your opinion with Tianyu's question? Is it accepatable
to use VFIO API in intel_iommu emulator?

Thanks,
Yi L
On Fri, Apr 28, 2017 at 02:46:16PM +0800, Lan Tianyu wrote:
> On 2017年04月26日 18:06, Liu, Yi L wrote:
> > With vIOMMU exposed to guest, vIOMMU emulator needs to do translation
> > between host and guest. e.g. a device-selective TLB flush, vIOMMU
> > emulator needs to replace guest SID with host SID so that to limit
> > the invalidation. This patch introduces a new callback
> > iommu_ops->record_device() to notify vIOMMU emulator to record necessary
> > information about the assigned device.
> 
> This patch is to prepare to translate guest sbdf to host sbdf.
> 
> Alex:
>   Could we add a new vfio API to do such translation? This will be more
> straight forward than storing host sbdf in the vIOMMU device model.
> 
> > 
> > Signed-off-by: Liu, Yi L 
> > ---
> >  include/exec/memory.h | 11 +++
> >  memory.c  | 12 
> >  2 files changed, 23 insertions(+)
> > 
> > diff --git a/include/exec/memory.h b/include/exec/memory.h
> > index 7bd13ab..49087ef 100644
> > --- a/include/exec/memory.h
> > +++ b/include/exec/memory.h
> > @@ -203,6 +203,8 @@ struct MemoryRegionIOMMUOps {
> >  IOMMUNotifierFlag new_flags);
> >  /* Set this up to provide customized IOMMU replay function */
> >  void (*replay)(MemoryRegion *iommu, IOMMUNotifier *notifier);
> > +void (*record_device)(MemoryRegion *iommu,
> > +  void *device_info);
> >  };
> >  
> >  typedef struct CoalescedMemoryRange CoalescedMemoryRange;
> > @@ -708,6 +710,15 @@ void memory_region_notify_iommu(MemoryRegion *mr,
> >  void memory_region_notify_one(IOMMUNotifier *notifier,
> >IOMMUTLBEntry *entry);
> >  
> > +/*
> > + * memory_region_notify_device_record: notify IOMMU to record assign
> > + * device.
> > + * @mr: the memory region to notify
> > + * @ device_info: device information
> > + */
> > +void memory_region_notify_device_record(MemoryRegion *mr,
> > +void *info);
> > +
> >  /**
> >   * memory_region_register_iommu_notifier: register a notifier for changes 
> > to
> >   * IOMMU translation entries.
> > diff --git a/memory.c b/memory.c
> > index 0728e62..45ef069 100644
> > --- a/memory.c
> > +++ b/memory.c
> > @@ -1600,6 +1600,18 @@ static void 
> > memory_region_update_iommu_notify_flags(MemoryRegion *mr)
> >  mr->iommu_notify_flags = flags;
> >  }
> >  
> > +void memory_region_notify_device_record(MemoryRegion *mr,
> > +void *info)
> > +{
> > +assert(memory_region_is_iommu(mr));
> > +
> > +if (mr->iommu_ops->record_device) {
> > +mr->iommu_ops->record_device(mr, info);
> > +}
> > +
> > +return;
> > +}
> > +
> >  void memory_region_register_iommu_notifier(MemoryRegion *mr,
> > IOMMUNotifier *n)
> >  {
> > 
> 
> 

[Qemu-devel] [PATCH v0 4/4] move cpu-exec-common.c

[Yang Zhong]

move cpu-exec-common.c to accel/tcg

Signed-off-by: Yang Zhong 
---
 Makefile.target  | 1 -
 accel/tcg/Makefile.objs  | 2 +-
 cpu-exec-common.c => accel/tcg/cpu-exec-common.c | 0
 3 files changed, 1 insertion(+), 2 deletions(-)
 rename cpu-exec-common.c => accel/tcg/cpu-exec-common.c (100%)

diff --git a/Makefile.target b/Makefile.target
index 709d07a..b083a76 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -91,7 +91,6 @@ all: $(PROGS) stap
 obj-y = exec.o translate-all.o
 obj-y += accel/
 obj-y += translate-common.o
-obj-y += cpu-exec-common.o
 obj-y += tcg/tcg.o tcg/tcg-op.o tcg/optimize.o
 obj-$(CONFIG_TCG_INTERPRETER) += tci.o
 obj-y += tcg/tcg-common.o
diff --git a/accel/tcg/Makefile.objs b/accel/tcg/Makefile.objs
index 6b75a31..940379b 100644
--- a/accel/tcg/Makefile.objs
+++ b/accel/tcg/Makefile.objs
@@ -1,3 +1,3 @@
 obj-$(CONFIG_SOFTMMU) += tcg-all.o
 obj-$(CONFIG_SOFTMMU) += cputlb.o
-obj-y += cpu-exec.o
+obj-y += cpu-exec.o cpu-exec-common.o
diff --git a/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c
similarity index 100%
rename from cpu-exec-common.c
rename to accel/tcg/cpu-exec-common.c
-- 
1.9.1

[Qemu-devel] [PATCH v0 3/4] move cpu-exec.c

[Yang Zhong]

move cpu-exec.c to ./accel/tcg/

Signed-off-by: Yang Zhong 
---
 Makefile.objs  | 1 +
 Makefile.target| 4 ++--
 accel/tcg/Makefile.objs| 1 +
 cpu-exec.c => accel/tcg/cpu-exec.c | 5 +++--
 accel/tcg/trace-events | 7 +++
 trace-events   | 5 -
 6 files changed, 14 insertions(+), 9 deletions(-)
 rename cpu-exec.c => accel/tcg/cpu-exec.c (99%)
 create mode 100644 accel/tcg/trace-events

diff --git a/Makefile.objs b/Makefile.objs
index 2a8de77..6a33874 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -163,6 +163,7 @@ trace-events-subdirs += target/ppc
 trace-events-subdirs += qom
 trace-events-subdirs += linux-user
 trace-events-subdirs += qapi
+trace-events-subdirs += accel/tcg
 
 trace-events-files = $(SRC_PATH)/trace-events 
$(trace-events-subdirs:%=$(SRC_PATH)/%/trace-events)
 
diff --git a/Makefile.target b/Makefile.target
index 3e19fe9..709d07a 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -88,7 +88,8 @@ all: $(PROGS) stap
 
 #
 # cpu emulator library
-obj-y = exec.o translate-all.o cpu-exec.o
+obj-y = exec.o translate-all.o
+obj-y += accel/
 obj-y += translate-common.o
 obj-y += cpu-exec-common.o
 obj-y += tcg/tcg.o tcg/tcg-op.o tcg/optimize.o
@@ -143,7 +144,6 @@ obj-y += arch_init.o cpus.o monitor.o gdbstub.o balloon.o 
ioport.o numa.o
 obj-y += qtest.o bootdevice.o
 obj-y += hw/
 obj-$(CONFIG_KVM) += kvm-all.o
-obj-y += accel/
 obj-y += memory.o
 obj-y += memory_mapping.o
 obj-y += dump.o
diff --git a/accel/tcg/Makefile.objs b/accel/tcg/Makefile.objs
index 487570f..6b75a31 100644
--- a/accel/tcg/Makefile.objs
+++ b/accel/tcg/Makefile.objs
@@ -1,2 +1,3 @@
 obj-$(CONFIG_SOFTMMU) += tcg-all.o
 obj-$(CONFIG_SOFTMMU) += cputlb.o
+obj-y += cpu-exec.o
diff --git a/cpu-exec.c b/accel/tcg/cpu-exec.c
similarity index 99%
rename from cpu-exec.c
rename to accel/tcg/cpu-exec.c
index 63a56d0..2019160 100644
--- a/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -18,7 +18,7 @@
  */
 #include "qemu/osdep.h"
 #include "cpu.h"
-#include "trace-root.h"
+#include "trace.h"
 #include "disas/disas.h"
 #include "exec/exec-all.h"
 #include "tcg.h"
@@ -200,8 +200,9 @@ static void cpu_exec_nocache(CPUState *cpu, int max_cycles,
 
 /* Should never happen.
We only end up here when an existing TB is too long.  */
-if (max_cycles > CF_COUNT_MASK)
+if (max_cycles > CF_COUNT_MASK) {
 max_cycles = CF_COUNT_MASK;
+}
 
 tb_lock();
 tb = tb_gen_code(cpu, orig_tb->pc, orig_tb->cs_base, orig_tb->flags,
diff --git a/accel/tcg/trace-events b/accel/tcg/trace-events
new file mode 100644
index 000..f2db388
--- /dev/null
+++ b/accel/tcg/trace-events
@@ -0,0 +1,7 @@
+# Trace events for debugging and performance instrumentation
+
+# TCG related tracing (mostly disabled by default)
+# cpu-exec.c
+disable exec_tb(void *tb, uintptr_t pc) "tb:%p pc=0x%"PRIxPTR
+disable exec_tb_nocache(void *tb, uintptr_t pc) "tb:%p pc=0x%"PRIxPTR
+disable exec_tb_exit(void *last_tb, unsigned int flags) "tb:%p flags=%x"
diff --git a/trace-events b/trace-events
index e582d63..153942d 100644
--- a/trace-events
+++ b/trace-events
@@ -73,11 +73,6 @@ kvm_irqchip_add_msi_route(int virq) "Adding MSI route 
virq=%d"
 kvm_irqchip_update_msi_route(int virq) "Updating MSI route virq=%d"
 
 # TCG related tracing (mostly disabled by default)
-# cpu-exec.c
-disable exec_tb(void *tb, uintptr_t pc) "tb:%p pc=0x%"PRIxPTR
-disable exec_tb_nocache(void *tb, uintptr_t pc) "tb:%p pc=0x%"PRIxPTR
-disable exec_tb_exit(void *last_tb, unsigned int flags) "tb:%p flags=%x"
-
 # translate-all.c
 translate_block(void *tb, uintptr_t pc, uint8_t *tb_code) "tb:%p, 
pc:0x%"PRIxPTR", tb_code:%p"
 
-- 
1.9.1

[Qemu-devel] [PATCH v0 0/4] split the tcg code and separate tcg files.

[Yang Zhong]

In order to disable tcg, the first phase is to split some
tcg code and separate those tcg relative files into one 
directory. The next phase will disable tcg more easily.

In the first phase, there are three serial patchsets to
deal with split code and separate the files.
1) split the tcg exec code.
   a)split the tcg accelerators from accel.c file.
   b)create one accel directory, which will include kvm,
 tcg and general exec files.
   c)move tcg exec files into ./accel/tcg directory.
2) move tcg relative files into ./tcg directory
   those files include translate-all.c, translate-common.c
   and etc.
3) move kvm exec and exec.c file.
   a)move kvm relative exec files into ./accel/kvm directory.
   b)move exec.c in ./accel directory. 

The below patchset are the first serial patchset, the other two 
serial patchsets will be sent out soon.

Yang Zhong (4):
  accel: split the tcg accelerator from accel.c file
  move cputlb.c
  move cpu-exec.c
  move cpu-exec-common.c

 Makefile.objs|  2 +-
 Makefile.target  |  6 +--
 accel/Makefile.objs  |  2 +
 accel.c => accel/accel.c | 27 ---
 accel/tcg/Makefile.objs  |  3 ++
 cpu-exec-common.c => accel/tcg/cpu-exec-common.c |  0
 cpu-exec.c => accel/tcg/cpu-exec.c   |  5 +-
 cputlb.c => accel/tcg/cputlb.c   |  0
 accel/tcg/tcg-all.c  | 61 
 accel/tcg/trace-events   |  7 +++
 trace-events |  5 --
 11 files changed, 80 insertions(+), 38 deletions(-)
 create mode 100644 accel/Makefile.objs
 rename accel.c => accel/accel.c (87%)
 create mode 100644 accel/tcg/Makefile.objs
 rename cpu-exec-common.c => accel/tcg/cpu-exec-common.c (100%)
 rename cpu-exec.c => accel/tcg/cpu-exec.c (99%)
 rename cputlb.c => accel/tcg/cputlb.c (100%)
 create mode 100644 accel/tcg/tcg-all.c
 create mode 100644 accel/tcg/trace-events

-- 
1.9.1

[Qemu-devel] [PATCH v0 1/4] accel: split the tcg accelerator from accel.c file

[Yang Zhong]

there are two accelerators in qemu, kvm and tcg.  kvm
accelerator is defined in kvm-all.c, but tcg accelerator
is defined in accel.c file. we split tcg accelerator from
accel.c file and create one new accel directory, which
will include kvm and tcg accel files.

Signed-off-by: Yang Zhong 
---
 Makefile.objs|  1 -
 Makefile.target  |  1 +
 accel/Makefile.objs  |  2 ++
 accel.c => accel/accel.c | 27 -
 accel/tcg/Makefile.objs  |  1 +
 accel/tcg/tcg-all.c  | 61 
 6 files changed, 65 insertions(+), 28 deletions(-)
 create mode 100644 accel/Makefile.objs
 rename accel.c => accel/accel.c (87%)
 create mode 100644 accel/tcg/Makefile.objs
 create mode 100644 accel/tcg/tcg-all.c

diff --git a/Makefile.objs b/Makefile.objs
index 6167e7b..2a8de77 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -55,7 +55,6 @@ common-obj-$(CONFIG_SPICE) += spice-qemu-char.o
 
 common-obj-y += audio/
 common-obj-y += hw/
-common-obj-y += accel.o
 
 common-obj-y += replay/
 
diff --git a/Makefile.target b/Makefile.target
index 465a633..ba893a8 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -143,6 +143,7 @@ obj-y += arch_init.o cpus.o monitor.o gdbstub.o balloon.o 
ioport.o numa.o
 obj-y += qtest.o bootdevice.o
 obj-y += hw/
 obj-$(CONFIG_KVM) += kvm-all.o
+obj-y += accel/
 obj-y += memory.o cputlb.o
 obj-y += memory_mapping.o
 obj-y += dump.o
diff --git a/accel/Makefile.objs b/accel/Makefile.objs
new file mode 100644
index 000..11ad823
--- /dev/null
+++ b/accel/Makefile.objs
@@ -0,0 +1,2 @@
+obj-$(CONFIG_SOFTMMU) += accel.o
+obj-y += tcg/
diff --git a/accel.c b/accel/accel.c
similarity index 87%
rename from accel.c
rename to accel/accel.c
index 664bb88..7c079a5 100644
--- a/accel.c
+++ b/accel/accel.c
@@ -34,15 +34,6 @@
 #include "hw/xen/xen.h"
 #include "qom/object.h"
 
-int tcg_tb_size;
-static bool tcg_allowed = true;
-
-static int tcg_init(MachineState *ms)
-{
-tcg_exec_init(tcg_tb_size * 1024 * 1024);
-return 0;
-}
-
 static const TypeInfo accel_type = {
 .name = TYPE_ACCEL,
 .parent = TYPE_OBJECT,
@@ -129,27 +120,9 @@ void configure_accelerator(MachineState *ms)
 }
 }
 
-
-static void tcg_accel_class_init(ObjectClass *oc, void *data)
-{
-AccelClass *ac = ACCEL_CLASS(oc);
-ac->name = "tcg";
-ac->init_machine = tcg_init;
-ac->allowed = _allowed;
-}
-
-#define TYPE_TCG_ACCEL ACCEL_CLASS_NAME("tcg")
-
-static const TypeInfo tcg_accel_type = {
-.name = TYPE_TCG_ACCEL,
-.parent = TYPE_ACCEL,
-.class_init = tcg_accel_class_init,
-};
-
 static void register_accel_types(void)
 {
 type_register_static(_type);
-type_register_static(_accel_type);
 }
 
 type_init(register_accel_types);
diff --git a/accel/tcg/Makefile.objs b/accel/tcg/Makefile.objs
new file mode 100644
index 000..6e3211a
--- /dev/null
+++ b/accel/tcg/Makefile.objs
@@ -0,0 +1 @@
+obj-$(CONFIG_SOFTMMU) += tcg-all.o
diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c
new file mode 100644
index 000..dba9931
--- /dev/null
+++ b/accel/tcg/tcg-all.c
@@ -0,0 +1,61 @@
+/*
+ * QEMU System Emulator, accelerator interfaces
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ * Copyright (c) 2014 Red Hat Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "sysemu/accel.h"
+#include "sysemu/sysemu.h"
+#include "qom/object.h"
+
+int tcg_tb_size;
+static bool tcg_allowed = true;
+
+static int tcg_init(MachineState *ms)
+{
+tcg_exec_init(tcg_tb_size * 1024 * 1024);
+return 0;
+}
+
+static void tcg_accel_class_init(ObjectClass *oc, void *data)
+{
+AccelClass *ac = ACCEL_CLASS(oc);
+ac->name = "tcg";
+ac->init_machine = tcg_init;
+ac->allowed = _allowed;
+}
+
+#define TYPE_TCG_ACCEL ACCEL_CLASS_NAME("tcg")
+
+static const TypeInfo tcg_accel_type = {
+.name = TYPE_TCG_ACCEL,
+.parent = TYPE_ACCEL,
+

[Qemu-devel] [PATCH v0 2/4] move cputlb.c

[Yang Zhong]

move cputlb.c to accel/tcg/

Signed-off-by: Yang Zhong 
---
 Makefile.target| 2 +-
 accel/tcg/Makefile.objs| 1 +
 cputlb.c => accel/tcg/cputlb.c | 0
 3 files changed, 2 insertions(+), 1 deletion(-)
 rename cputlb.c => accel/tcg/cputlb.c (100%)

diff --git a/Makefile.target b/Makefile.target
index ba893a8..3e19fe9 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -144,7 +144,7 @@ obj-y += qtest.o bootdevice.o
 obj-y += hw/
 obj-$(CONFIG_KVM) += kvm-all.o
 obj-y += accel/
-obj-y += memory.o cputlb.o
+obj-y += memory.o
 obj-y += memory_mapping.o
 obj-y += dump.o
 obj-y += migration/ram.o migration/savevm.o
diff --git a/accel/tcg/Makefile.objs b/accel/tcg/Makefile.objs
index 6e3211a..487570f 100644
--- a/accel/tcg/Makefile.objs
+++ b/accel/tcg/Makefile.objs
@@ -1 +1,2 @@
 obj-$(CONFIG_SOFTMMU) += tcg-all.o
+obj-$(CONFIG_SOFTMMU) += cputlb.o
diff --git a/cputlb.c b/accel/tcg/cputlb.c
similarity index 100%
rename from cputlb.c
rename to accel/tcg/cputlb.c
-- 
1.9.1

Re: [Qemu-devel] qemu-system-sh4 -M r2d serial is broken.

[Rob Landley]

On 05/18/2017 06:00 PM, Aurelien Jarno wrote:
>> Exiting the linux instance says "reboot: Restarting system\nUnauthorized
>> access" and then hangs eating 100% cpu, but maybe I can fix that with
>> kernel configuration changes.
> 
> I guess you mean rebooting the linux instance. This is because you do
> not use a bootloader to load the kernel and the initrd. Then you might
> be interested in:
> 
>   http://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03881.html

That patch worked for me.

Rob

Re: [Qemu-devel] [PATCH 2/2] postcopy: Require RAMBlocks that are whole pages

[Peter Xu]

On Thu, May 18, 2017 at 09:08:34AM +0100, Dr. David Alan Gilbert wrote:
> * Juan Quintela (quint...@redhat.com) wrote:
> > "Dr. David Alan Gilbert (git)"  wrote:
> > > From: "Dr. David Alan Gilbert" 
> > >
> > > It turns out that it's legal to create a VM with RAMBlocks that aren't
> > > a multiple of the pagesize in use; e.g. a 1025M main memory using
> > > 2M host pages.  That breaks postcopy's atomic placement of pages,
> > > so disallow it.
> > >
> > > Signed-off-by: Dr. David Alan Gilbert 
> > 
> > Reviewed-by: Juan Quintela 
> 
> Thanks
> 
> > >  }
> > >  
> > >  /* We don't support postcopy with shared RAM yet */
> > > -if (qemu_ram_foreach_block(test_range_shared, NULL)) {
> > > +if (qemu_ram_foreach_block(test_ramblock_postcopiable, NULL)) {
> > 
> > When I was looking at this code, I still don't know why
> > qemu_ram_foreach_block() don't pass the block directly.  It needs it
> > almost all callers.
> > 
> > When I saw it I was about to change it, but got sidetracked on other
> > things :-p
> 
> I think originally it passed very little information at all, and
> that RAMBlocks were these mystical things no one outside exec.c
> was really supposed to know about.

(Yeah I got the same question before. That's why I got
 RAMBLOCK_FOREACH() but didn't use qemu_ram_foreach_block() since I
 need at least page size info for the block...)

-- 
Peter Xu

[Qemu-devel] [PATCH v4 09/10] intel_iommu: turn off pt before 2.9

[Peter Xu]

This is for compatibility.

Signed-off-by: Peter Xu 
---
 include/hw/compat.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/include/hw/compat.h b/include/hw/compat.h
index 55b1765..4c53d60 100644
--- a/include/hw/compat.h
+++ b/include/hw/compat.h
@@ -6,6 +6,10 @@
 .driver   = "pci-bridge",\
 .property = "shpc",\
 .value= "off",\
+},{\
+.driver   = "intel-iommu",\
+.property = "pt",\
+.value= "off",\
 },
 
 #define HW_COMPAT_2_8 \
-- 
2.7.4

[Qemu-devel] [PATCH v4 07/10] intel_iommu: allow dev-iotlb context entry conditionally

[Peter Xu]

When device-iotlb is not specified, we should fail this check. A new
function vtd_ce_type_check() is introduced.

While I'm at it, clean up the vtd_dev_to_context_entry() a bit - replace
many "else if" usage into direct if check. That'll make the logic more
clear.

Signed-off-by: Peter Xu 
---
 hw/i386/intel_iommu.c | 49 -
 1 file changed, 36 insertions(+), 13 deletions(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 3240e5d..aac2cc7 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -600,6 +600,26 @@ static inline uint32_t vtd_ce_get_type(VTDContextEntry *ce)
 return ce->lo & VTD_CONTEXT_ENTRY_TT;
 }
 
+/* Return true if check passed, otherwise false */
+static inline bool vtd_ce_type_check(X86IOMMUState *x86_iommu,
+ VTDContextEntry *ce)
+{
+switch (vtd_ce_get_type(ce)) {
+case VTD_CONTEXT_TT_MULTI_LEVEL:
+/* Always supported */
+break;
+case VTD_CONTEXT_TT_DEV_IOTLB:
+if (!x86_iommu->dt_supported) {
+return false;
+}
+break;
+default:
+/* Unknwon type */
+return false;
+}
+return true;
+}
+
 static inline uint64_t vtd_iova_limit(VTDContextEntry *ce)
 {
 uint32_t ce_agaw = vtd_ce_get_agaw(ce);
@@ -836,6 +856,7 @@ static int vtd_dev_to_context_entry(IntelIOMMUState *s, 
uint8_t bus_num,
 {
 VTDRootEntry re;
 int ret_fr;
+X86IOMMUState *x86_iommu = X86_IOMMU_DEVICE(s);
 
 ret_fr = vtd_get_root_entry(s, bus_num, );
 if (ret_fr) {
@@ -846,7 +867,9 @@ static int vtd_dev_to_context_entry(IntelIOMMUState *s, 
uint8_t bus_num,
 /* Not error - it's okay we don't have root entry. */
 trace_vtd_re_not_present(bus_num);
 return -VTD_FR_ROOT_ENTRY_P;
-} else if (re.rsvd || (re.val & VTD_ROOT_ENTRY_RSVD)) {
+}
+
+if (re.rsvd || (re.val & VTD_ROOT_ENTRY_RSVD)) {
 trace_vtd_re_invalid(re.rsvd, re.val);
 return -VTD_FR_ROOT_ENTRY_RSVD;
 }
@@ -860,26 +883,26 @@ static int vtd_dev_to_context_entry(IntelIOMMUState *s, 
uint8_t bus_num,
 /* Not error - it's okay we don't have context entry. */
 trace_vtd_ce_not_present(bus_num, devfn);
 return -VTD_FR_CONTEXT_ENTRY_P;
-} else if ((ce->hi & VTD_CONTEXT_ENTRY_RSVD_HI) ||
-   (ce->lo & VTD_CONTEXT_ENTRY_RSVD_LO)) {
+}
+
+if ((ce->hi & VTD_CONTEXT_ENTRY_RSVD_HI) ||
+(ce->lo & VTD_CONTEXT_ENTRY_RSVD_LO)) {
 trace_vtd_ce_invalid(ce->hi, ce->lo);
 return -VTD_FR_CONTEXT_ENTRY_RSVD;
 }
+
 /* Check if the programming of context-entry is valid */
 if (!vtd_is_level_supported(s, vtd_ce_get_level(ce))) {
 trace_vtd_ce_invalid(ce->hi, ce->lo);
 return -VTD_FR_CONTEXT_ENTRY_INV;
-} else {
-switch (vtd_ce_get_type(ce)) {
-case VTD_CONTEXT_TT_MULTI_LEVEL:
-/* fall through */
-case VTD_CONTEXT_TT_DEV_IOTLB:
-break;
-default:
-trace_vtd_ce_invalid(ce->hi, ce->lo);
-return -VTD_FR_CONTEXT_ENTRY_INV;
-}
 }
+
+/* Do translation type check */
+if (!vtd_ce_type_check(x86_iommu, ce)) {
+trace_vtd_ce_invalid(ce->hi, ce->lo);
+return -VTD_FR_CONTEXT_ENTRY_INV;
+}
+
 return 0;
 }
 
-- 
2.7.4

[Qemu-devel] [PATCH v4 06/10] intel_iommu: use IOMMU_ACCESS_FLAG()

[Peter Xu]

We have that now, so why not use it.

Signed-off-by: Peter Xu 
---
 hw/i386/intel_iommu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index b477143..3240e5d 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -1010,7 +1010,7 @@ out:
 entry->iova = addr & page_mask;
 entry->translated_addr = vtd_get_slpte_addr(slpte) & page_mask;
 entry->addr_mask = ~page_mask;
-entry->perm = (writes ? 2 : 0) + (reads ? 1 : 0);
+entry->perm = IOMMU_ACCESS_FLAG(reads, writes);
 }
 
 static void vtd_root_table_setup(IntelIOMMUState *s)
-- 
2.7.4

[Qemu-devel] [PATCH v4 10/10] vhost: iommu: cache static mapping if there is

[Peter Xu]

This patch pre-heat vhost iotlb cache when passthrough mode enabled.

Sometimes, even if user specified iommu_platform for vhost devices,
IOMMU might still be disabled. One case is passthrough mode in VT-d
implementation. We can detect this by observing iommu_list. If it's
empty, it means IOMMU translation is disabled, then we can actually
pre-heat the translation (it'll be static mapping then) by first
invalidating all IOTLB, then cache existing memory ranges into vhost
backend iotlb using 1:1 mapping.

Signed-off-by: Peter Xu 
---
 hw/virtio/trace-events |  4 
 hw/virtio/vhost.c  | 49 +
 2 files changed, 53 insertions(+)

diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
index 1f7a7c1..54dcbb3 100644
--- a/hw/virtio/trace-events
+++ b/hw/virtio/trace-events
@@ -24,3 +24,7 @@ virtio_balloon_handle_output(const char *name, uint64_t gpa) 
"section name: %s g
 virtio_balloon_get_config(uint32_t num_pages, uint32_t actual) "num_pages: %d 
actual: %d"
 virtio_balloon_set_config(uint32_t actual, uint32_t oldactual) "actual: %d 
oldactual: %d"
 virtio_balloon_to_target(uint64_t target, uint32_t num_pages) "balloon target: 
%"PRIx64" num_pages: %d"
+
+# hw/virtio/vhost.c
+vhost_iommu_commit(void) ""
+vhost_iommu_static_preheat(void) ""
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 03a46a7..8069135 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -27,6 +27,7 @@
 #include "hw/virtio/virtio-access.h"
 #include "migration/blocker.h"
 #include "sysemu/dma.h"
+#include "trace.h"
 
 /* enabled until disconnected backend stabilizes */
 #define _VHOST_DEBUG 1
@@ -730,6 +731,11 @@ static void vhost_iommu_unmap_notify(IOMMUNotifier *n, 
IOMMUTLBEntry *iotlb)
 }
 }
 
+static bool vhost_iommu_mr_enabled(struct vhost_dev *dev)
+{
+return !QLIST_EMPTY(>iommu_list);
+}
+
 static void vhost_iommu_region_add(MemoryListener *listener,
MemoryRegionSection *section)
 {
@@ -782,6 +788,48 @@ static void vhost_iommu_region_del(MemoryListener 
*listener,
 }
 }
 
+static void vhost_iommu_commit(MemoryListener *listener)
+{
+struct vhost_dev *dev = container_of(listener, struct vhost_dev,
+ iommu_listener);
+struct vhost_memory_region *r;
+int i;
+
+trace_vhost_iommu_commit();
+
+if (!vhost_iommu_mr_enabled(dev)) {
+/*
+* This means iommu_platform is enabled, however iommu memory
+* region is disabled, e.g., when device passthrough is setup.
+* Then, no translation is needed any more.
+*
+* Let's first invalidate the whole IOTLB, then pre-heat the
+* static mapping by looping over vhost memory ranges.
+*/
+
+if (dev->vhost_ops->vhost_invalidate_device_iotlb(dev, 0,
+  UINT64_MAX)) {
+error_report("%s: flush existing IOTLB failed", __func__);
+return;
+}
+
+for (i = 0; i < dev->mem->nregions; i++) {
+r = >mem->regions[i];
+/* Vhost regions are writable RAM, so IOMMU_RW suites. */
+if (dev->vhost_ops->vhost_update_device_iotlb(dev,
+  r->guest_phys_addr,
+  r->userspace_addr,
+  r->memory_size,
+  IOMMU_RW)) {
+error_report("%s: pre-heat static mapping failed", __func__);
+return;
+}
+}
+
+trace_vhost_iommu_static_preheat();
+}
+}
+
 static void vhost_region_nop(MemoryListener *listener,
  MemoryRegionSection *section)
 {
@@ -1298,6 +1346,7 @@ int vhost_dev_init(struct vhost_dev *hdev, void *opaque,
 hdev->iommu_listener = (MemoryListener) {
 .region_add = vhost_iommu_region_add,
 .region_del = vhost_iommu_region_del,
+.commit = vhost_iommu_commit,
 };
 
 if (hdev->migration_blocker == NULL) {
-- 
2.7.4

[Qemu-devel] [PATCH v4 02/10] memory: remove the last param in memory_region_iommu_replay()

[Peter Xu]

We were always passing in that one as "false" to assume that's an read
operation, and we also assume that IOMMU translation would always have
that read permission. A better permission would be IOMMU_NONE since the
replay is after all not a real read operation, but just a page table
rebuilding process.

CC: David Gibson 
CC: Paolo Bonzini 
Reviewed-by: David Gibson 
Acked-by: Paolo Bonzini 
Signed-off-by: Peter Xu 
---
 hw/vfio/common.c  | 2 +-
 include/exec/memory.h | 5 +
 memory.c  | 8 +++-
 3 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index a8f12ee..b9abe77 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -502,7 +502,7 @@ static void vfio_listener_region_add(MemoryListener 
*listener,
 QLIST_INSERT_HEAD(>giommu_list, giommu, giommu_next);
 
 memory_region_register_iommu_notifier(giommu->iommu, >n);
-memory_region_iommu_replay(giommu->iommu, >n, false);
+memory_region_iommu_replay(giommu->iommu, >n);
 
 return;
 }
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 97fd0c2..bfdc685 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -731,11 +731,8 @@ void memory_region_register_iommu_notifier(MemoryRegion 
*mr,
  *
  * @mr: the memory region to observe
  * @n: the notifier to which to replay iommu mappings
- * @is_write: Whether to treat the replay as a translate "write"
- * through the iommu
  */
-void memory_region_iommu_replay(MemoryRegion *mr, IOMMUNotifier *n,
-bool is_write);
+void memory_region_iommu_replay(MemoryRegion *mr, IOMMUNotifier *n);
 
 /**
  * memory_region_iommu_replay_all: replay existing IOMMU translations
diff --git a/memory.c b/memory.c
index 3f0aae8..0ddc4cc 100644
--- a/memory.c
+++ b/memory.c
@@ -1620,12 +1620,10 @@ uint64_t 
memory_region_iommu_get_min_page_size(MemoryRegion *mr)
 return TARGET_PAGE_SIZE;
 }
 
-void memory_region_iommu_replay(MemoryRegion *mr, IOMMUNotifier *n,
-bool is_write)
+void memory_region_iommu_replay(MemoryRegion *mr, IOMMUNotifier *n)
 {
 hwaddr addr, granularity;
 IOMMUTLBEntry iotlb;
-IOMMUAccessFlags flag = is_write ? IOMMU_WO : IOMMU_RO;
 
 /* If the IOMMU has its own replay callback, override */
 if (mr->iommu_ops->replay) {
@@ -1636,7 +1634,7 @@ void memory_region_iommu_replay(MemoryRegion *mr, 
IOMMUNotifier *n,
 granularity = memory_region_iommu_get_min_page_size(mr);
 
 for (addr = 0; addr < memory_region_size(mr); addr += granularity) {
-iotlb = mr->iommu_ops->translate(mr, addr, flag);
+iotlb = mr->iommu_ops->translate(mr, addr, IOMMU_NONE);
 if (iotlb.perm != IOMMU_NONE) {
 n->notify(n, );
 }
@@ -1654,7 +1652,7 @@ void memory_region_iommu_replay_all(MemoryRegion *mr)
 IOMMUNotifier *notifier;
 
 IOMMU_NOTIFIER_FOREACH(notifier, mr) {
-memory_region_iommu_replay(mr, notifier, false);
+memory_region_iommu_replay(mr, notifier);
 }
 }
 
-- 
2.7.4

[Qemu-devel] [PATCH v4 03/10] x86-iommu: use DeviceClass properties

[Peter Xu]

No reason to keep tens of lines if we can do it actually far shorter.

Signed-off-by: Peter Xu 
---
 hw/i386/x86-iommu.c | 47 +++
 1 file changed, 7 insertions(+), 40 deletions(-)

diff --git a/hw/i386/x86-iommu.c b/hw/i386/x86-iommu.c
index 23dcd3f..02b8825 100644
--- a/hw/i386/x86-iommu.c
+++ b/hw/i386/x86-iommu.c
@@ -88,55 +88,22 @@ static void x86_iommu_realize(DeviceState *dev, Error 
**errp)
 x86_iommu_set_default(X86_IOMMU_DEVICE(dev));
 }
 
+static Property x86_iommu_properties[] = {
+DEFINE_PROP_BOOL("intremap", X86IOMMUState, intr_supported, false),
+DEFINE_PROP_BOOL("device-iotlb", X86IOMMUState, dt_supported, false),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void x86_iommu_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 dc->realize = x86_iommu_realize;
-}
-
-static bool x86_iommu_intremap_prop_get(Object *o, Error **errp)
-{
-X86IOMMUState *s = X86_IOMMU_DEVICE(o);
-return s->intr_supported;
-}
-
-static void x86_iommu_intremap_prop_set(Object *o, bool value, Error **errp)
-{
-X86IOMMUState *s = X86_IOMMU_DEVICE(o);
-s->intr_supported = value;
-}
-
-static bool x86_iommu_device_iotlb_prop_get(Object *o, Error **errp)
-{
-X86IOMMUState *s = X86_IOMMU_DEVICE(o);
-return s->dt_supported;
-}
-
-static void x86_iommu_device_iotlb_prop_set(Object *o, bool value, Error 
**errp)
-{
-X86IOMMUState *s = X86_IOMMU_DEVICE(o);
-s->dt_supported = value;
-}
-
-static void x86_iommu_instance_init(Object *o)
-{
-X86IOMMUState *s = X86_IOMMU_DEVICE(o);
-
-/* By default, do not support IR */
-s->intr_supported = false;
-object_property_add_bool(o, "intremap", x86_iommu_intremap_prop_get,
- x86_iommu_intremap_prop_set, NULL);
-s->dt_supported = false;
-object_property_add_bool(o, "device-iotlb",
- x86_iommu_device_iotlb_prop_get,
- x86_iommu_device_iotlb_prop_set,
- NULL);
+dc->props = x86_iommu_properties;
 }
 
 static const TypeInfo x86_iommu_info = {
 .name  = TYPE_X86_IOMMU_DEVICE,
 .parent= TYPE_SYS_BUS_DEVICE,
-.instance_init = x86_iommu_instance_init,
 .instance_size = sizeof(X86IOMMUState),
 .class_init= x86_iommu_class_init,
 .class_size= sizeof(X86IOMMUClass),
-- 
2.7.4

[Qemu-devel] [PATCH v4 05/10] intel_iommu: provide vtd_ce_get_type()

[Peter Xu]

Helper to fetch VT-d context entry type.

Signed-off-by: Peter Xu 
---
 hw/i386/intel_iommu.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index f06055f..b477143 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -595,6 +595,11 @@ static inline uint32_t vtd_ce_get_agaw(VTDContextEntry *ce)
 return 30 + (ce->hi & VTD_CONTEXT_ENTRY_AW) * 9;
 }
 
+static inline uint32_t vtd_ce_get_type(VTDContextEntry *ce)
+{
+return ce->lo & VTD_CONTEXT_ENTRY_TT;
+}
+
 static inline uint64_t vtd_iova_limit(VTDContextEntry *ce)
 {
 uint32_t ce_agaw = vtd_ce_get_agaw(ce);
@@ -865,7 +870,7 @@ static int vtd_dev_to_context_entry(IntelIOMMUState *s, 
uint8_t bus_num,
 trace_vtd_ce_invalid(ce->hi, ce->lo);
 return -VTD_FR_CONTEXT_ENTRY_INV;
 } else {
-switch (ce->lo & VTD_CONTEXT_ENTRY_TT) {
+switch (vtd_ce_get_type(ce)) {
 case VTD_CONTEXT_TT_MULTI_LEVEL:
 /* fall through */
 case VTD_CONTEXT_TT_DEV_IOTLB:
-- 
2.7.4

[Qemu-devel] [PATCH v4 04/10] intel_iommu: renaming context entry helpers

[Peter Xu]

The old names are too long and less ordered. Let's start to use
vtd_ce_*() as a pattern.

Signed-off-by: Peter Xu 
---
 hw/i386/intel_iommu.c | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 4a51df8..f06055f 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -512,7 +512,7 @@ static int vtd_get_root_entry(IntelIOMMUState *s, uint8_t 
index,
 return 0;
 }
 
-static inline bool vtd_context_entry_present(VTDContextEntry *context)
+static inline bool vtd_ce_present(VTDContextEntry *context)
 {
 return context->lo & VTD_CONTEXT_ENTRY_P;
 }
@@ -533,7 +533,7 @@ static int vtd_get_context_entry_from_root(VTDRootEntry 
*root, uint8_t index,
 return 0;
 }
 
-static inline dma_addr_t vtd_get_slpt_base_from_context(VTDContextEntry *ce)
+static inline dma_addr_t vtd_ce_get_slpt_base(VTDContextEntry *ce)
 {
 return ce->lo & VTD_CONTEXT_ENTRY_SLPTPTR;
 }
@@ -585,19 +585,19 @@ static inline bool vtd_is_level_supported(IntelIOMMUState 
*s, uint32_t level)
 /* Get the page-table level that hardware should use for the second-level
  * page-table walk from the Address Width field of context-entry.
  */
-static inline uint32_t vtd_get_level_from_context_entry(VTDContextEntry *ce)
+static inline uint32_t vtd_ce_get_level(VTDContextEntry *ce)
 {
 return 2 + (ce->hi & VTD_CONTEXT_ENTRY_AW);
 }
 
-static inline uint32_t vtd_get_agaw_from_context_entry(VTDContextEntry *ce)
+static inline uint32_t vtd_ce_get_agaw(VTDContextEntry *ce)
 {
 return 30 + (ce->hi & VTD_CONTEXT_ENTRY_AW) * 9;
 }
 
 static inline uint64_t vtd_iova_limit(VTDContextEntry *ce)
 {
-uint32_t ce_agaw = vtd_get_agaw_from_context_entry(ce);
+uint32_t ce_agaw = vtd_ce_get_agaw(ce);
 return 1ULL << MIN(ce_agaw, VTD_MGAW);
 }
 
@@ -642,8 +642,8 @@ static int vtd_iova_to_slpte(VTDContextEntry *ce, uint64_t 
iova, bool is_write,
  uint64_t *slptep, uint32_t *slpte_level,
  bool *reads, bool *writes)
 {
-dma_addr_t addr = vtd_get_slpt_base_from_context(ce);
-uint32_t level = vtd_get_level_from_context_entry(ce);
+dma_addr_t addr = vtd_ce_get_slpt_base(ce);
+uint32_t level = vtd_ce_get_level(ce);
 uint32_t offset;
 uint64_t slpte;
 uint64_t access_right_check;
@@ -664,7 +664,7 @@ static int vtd_iova_to_slpte(VTDContextEntry *ce, uint64_t 
iova, bool is_write,
 VTD_DPRINTF(GENERAL, "error: fail to access second-level paging "
 "entry at level %"PRIu32 " for iova 0x%"PRIx64,
 level, iova);
-if (level == vtd_get_level_from_context_entry(ce)) {
+if (level == vtd_ce_get_level(ce)) {
 /* Invalid programming of context-entry */
 return -VTD_FR_CONTEXT_ENTRY_INV;
 } else {
@@ -809,8 +809,8 @@ static int vtd_page_walk(VTDContextEntry *ce, uint64_t 
start, uint64_t end,
  vtd_page_walk_hook hook_fn, void *private,
  bool notify_unmap)
 {
-dma_addr_t addr = vtd_get_slpt_base_from_context(ce);
-uint32_t level = vtd_get_level_from_context_entry(ce);
+dma_addr_t addr = vtd_ce_get_slpt_base(ce);
+uint32_t level = vtd_ce_get_level(ce);
 
 if (!vtd_iova_range_check(start, ce)) {
 return -VTD_FR_ADDR_BEYOND_MGAW;
@@ -851,7 +851,7 @@ static int vtd_dev_to_context_entry(IntelIOMMUState *s, 
uint8_t bus_num,
 return ret_fr;
 }
 
-if (!vtd_context_entry_present(ce)) {
+if (!vtd_ce_present(ce)) {
 /* Not error - it's okay we don't have context entry. */
 trace_vtd_ce_not_present(bus_num, devfn);
 return -VTD_FR_CONTEXT_ENTRY_P;
@@ -861,7 +861,7 @@ static int vtd_dev_to_context_entry(IntelIOMMUState *s, 
uint8_t bus_num,
 return -VTD_FR_CONTEXT_ENTRY_RSVD;
 }
 /* Check if the programming of context-entry is valid */
-if (!vtd_is_level_supported(s, vtd_get_level_from_context_entry(ce))) {
+if (!vtd_is_level_supported(s, vtd_ce_get_level(ce))) {
 trace_vtd_ce_invalid(ce->hi, ce->lo);
 return -VTD_FR_CONTEXT_ENTRY_INV;
 } else {
-- 
2.7.4

[Qemu-devel] [PATCH v4 08/10] intel_iommu: support passthrough (PT)

[Peter Xu]

Hardware support for VT-d device passthrough. Although current Linux can
live with iommu=pt even without this, but this is faster than when using
software passthrough.

Signed-off-by: Peter Xu 
---
 hw/i386/intel_iommu.c  | 231 ++---
 hw/i386/intel_iommu_internal.h |   1 +
 hw/i386/trace-events   |   2 +
 hw/i386/x86-iommu.c|   1 +
 include/hw/i386/x86-iommu.h|   1 +
 5 files changed, 177 insertions(+), 59 deletions(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index aac2cc7..15610b9 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -613,6 +613,11 @@ static inline bool vtd_ce_type_check(X86IOMMUState 
*x86_iommu,
 return false;
 }
 break;
+case VTD_CONTEXT_TT_PASS_THROUGH:
+if (!x86_iommu->pt_supported) {
+return false;
+}
+break;
 default:
 /* Unknwon type */
 return false;
@@ -660,6 +665,29 @@ static bool vtd_slpte_nonzero_rsvd(uint64_t slpte, 
uint32_t level)
 }
 }
 
+/* Find the VTD address space associated with a given bus number */
+static VTDBus *vtd_find_as_from_bus_num(IntelIOMMUState *s, uint8_t bus_num)
+{
+VTDBus *vtd_bus = s->vtd_as_by_bus_num[bus_num];
+if (!vtd_bus) {
+/*
+ * Iterate over the registered buses to find the one which
+ * currently hold this bus number, and update the bus_num
+ * lookup table:
+ */
+GHashTableIter iter;
+
+g_hash_table_iter_init(, s->vtd_as_by_busptr);
+while (g_hash_table_iter_next(, NULL, (void **)_bus)) {
+if (pci_bus_num(vtd_bus->bus) == bus_num) {
+s->vtd_as_by_bus_num[bus_num] = vtd_bus;
+return vtd_bus;
+}
+}
+}
+return vtd_bus;
+}
+
 /* Given the @iova, get relevant @slptep. @slpte_level will be the last level
  * of the translation, can be used for deciding the size of large page.
  */
@@ -906,6 +934,91 @@ static int vtd_dev_to_context_entry(IntelIOMMUState *s, 
uint8_t bus_num,
 return 0;
 }
 
+/*
+ * Fetch translation type for specific device. Returns <0 if error
+ * happens, otherwise return the shifted type to check against
+ * VTD_CONTEXT_TT_*.
+ */
+static int vtd_dev_get_trans_type(VTDAddressSpace *as)
+{
+IntelIOMMUState *s;
+VTDContextEntry ce;
+int ret;
+
+s = as->iommu_state;
+
+ret = vtd_dev_to_context_entry(s, pci_bus_num(as->bus),
+   as->devfn, );
+if (ret) {
+return ret;
+}
+
+return vtd_ce_get_type();
+}
+
+static bool vtd_dev_pt_enabled(VTDAddressSpace *as)
+{
+int ret;
+
+assert(as);
+
+ret = vtd_dev_get_trans_type(as);
+if (ret < 0) {
+/*
+ * Possibly failed to parse the context entry for some reason
+ * (e.g., during init, or any guest configuration errors on
+ * context entries). We should assume PT not enabled for
+ * safety.
+ */
+return false;
+}
+
+return ret == VTD_CONTEXT_TT_PASS_THROUGH;
+}
+
+/* Return whether the device is using IOMMU translation. */
+static bool vtd_switch_address_space(VTDAddressSpace *as)
+{
+bool use_iommu;
+
+assert(as);
+
+use_iommu = as->iommu_state->dmar_enabled & !vtd_dev_pt_enabled(as);
+
+trace_vtd_switch_address_space(pci_bus_num(as->bus),
+   VTD_PCI_SLOT(as->devfn),
+   VTD_PCI_FUNC(as->devfn),
+   use_iommu);
+
+/* Turn off first then on the other */
+if (use_iommu) {
+memory_region_set_enabled(>sys_alias, false);
+memory_region_set_enabled(>iommu, true);
+} else {
+memory_region_set_enabled(>iommu, false);
+memory_region_set_enabled(>sys_alias, true);
+}
+
+return use_iommu;
+}
+
+static void vtd_switch_address_space_all(IntelIOMMUState *s)
+{
+GHashTableIter iter;
+VTDBus *vtd_bus;
+int i;
+
+g_hash_table_iter_init(, s->vtd_as_by_busptr);
+while (g_hash_table_iter_next(, NULL, (void **)_bus)) {
+for (i = 0; i < X86_IOMMU_PCI_DEVFN_MAX; i++) {
+if (!vtd_bus->dev_as[i]) {
+continue;
+}
+vtd_switch_address_space(vtd_bus->dev_as[i]);
+}
+}
+}
+
 static inline uint16_t vtd_make_source_id(uint8_t bus_num, uint8_t devfn)
 {
 return ((bus_num & 0xffUL) << 8) | (devfn & 0xffUL);
@@ -943,6 +1056,31 @@ static inline bool vtd_is_interrupt_addr(hwaddr addr)
 return VTD_INTERRUPT_ADDR_FIRST <= addr && addr <= VTD_INTERRUPT_ADDR_LAST;
 }
 
+static void vtd_pt_enable_fast_path(IntelIOMMUState *s, uint16_t source_id)
+{
+VTDBus *vtd_bus;
+VTDAddressSpace *vtd_as;
+bool success = false;
+
+vtd_bus = vtd_find_as_from_bus_num(s, VTD_SID_TO_BUS(source_id));
+if (!vtd_bus) {
+goto out;
+}
+
+vtd_as = 

[Qemu-devel] [PATCH v4 00/10] VT-d: PT (passthrough) mode support and misc fixes

[Peter Xu]

Online repo:

  https://github.com/xzpeter/qemu/tree/vtd-passthrough-misc-1

v4
- remove patch "pc: add 2.10 machine type" since it's merged already
- remove patch "memory: fix address_space_get_iotlb_entry()" since
  the problem is fixed by an much better upstream patch:
  "exec: abstract address_space_do_translate()"
- fix issue that patchew reported
- introduce vtd_ce_type_check(), then use it in
  vtd_dev_to_context_entry() [Jason]
- vtd_pt_enable_fast_path() don't use "SUCCESS" but bool [Jason]
- do address space switch for dsi/global ce invalidate [Jason]
- remove detect_pt in vtd_switch_address_space() [Jason]

v3:
- add one patch to provide machine type 2.10 for pc, add r-b for Edurado
- add r-b/a-b for David on the two memory patches
- add a-b for Paolo on the two memory patches
- remove useless if in vtd_switch_address_space() [Jason]
- check pt_supported when needed [Yi]
- one more patch to check whether dev-iotlb is supported before
  allowing such type of context entry
- enable pt fast path (squashed into current patch 10). when we found
  pt is setup on the first translation, we do address space switch.
  When it's unset, we can capture it via invalidations. [Jason]
- add compat bit for HW_COMPAT_2_9 for "pt" param [Jason]
- one vhost fix for pt (added patch 4)
- faster vhost caching (added patch 12) [Jason]

This series add support for per-device passthrough mode for VT-d
emulation, along with some tweaks on existing codes.

Patches 1-2: memory related cleanups.

Patches 3-7: some VT-d cleanups and fixes.

Patch 8: add support for passthrough.

Patch 9: turn pt off for machine type <=2.9, for compatibility.

Patch 10: vhost enhancement when used with passthrough, to pre-cache
  static mappings.

A simple test with PT mode using 10g nic is line speed.

Please review. Thanks.

Peter Xu (10):
  memory: tune last param of iommu_ops.translate()
  memory: remove the last param in memory_region_iommu_replay()
  x86-iommu: use DeviceClass properties
  intel_iommu: renaming context entry helpers
  intel_iommu: provide vtd_ce_get_type()
  intel_iommu: use IOMMU_ACCESS_FLAG()
  intel_iommu: allow dev-iotlb context entry conditionally
  intel_iommu: support passthrough (PT)
  intel_iommu: turn off pt before 2.9
  vhost: iommu: cache static mapping if there is

 exec.c |   3 +-
 hw/alpha/typhoon.c |   2 +-
 hw/dma/rc4030.c|   2 +-
 hw/i386/amd_iommu.c|   4 +-
 hw/i386/intel_iommu.c  | 313 ++---
 hw/i386/intel_iommu_internal.h |   1 +
 hw/i386/trace-events   |   2 +
 hw/i386/x86-iommu.c|  48 ++-
 hw/pci-host/apb.c  |   2 +-
 hw/ppc/spapr_iommu.c   |   2 +-
 hw/s390x/s390-pci-bus.c|   2 +-
 hw/s390x/s390-pci-inst.c   |   2 +-
 hw/vfio/common.c   |   2 +-
 hw/virtio/trace-events |   4 +
 hw/virtio/vhost.c  |  49 +++
 include/exec/memory.h  |  15 +-
 include/hw/compat.h|   4 +
 include/hw/i386/x86-iommu.h|   1 +
 memory.c   |   7 +-
 19 files changed, 319 insertions(+), 146 deletions(-)

-- 
2.7.4

[Qemu-devel] [PATCH v4 01/10] memory: tune last param of iommu_ops.translate()

[Peter Xu]

This patch converts the old "is_write" bool into IOMMUAccessFlags. The
difference is that "is_write" can only express either read/write, but
sometimes what we really want is "none" here (neither read nor write).
Replay is an good example - during replay, we should not check any RW
permission bits since thats not an actual IO at all.

CC: Paolo Bonzini 
CC: David Gibson 
Reviewed-by: David Gibson 
Acked-by: David Gibson 
Acked-by: Paolo Bonzini 
Signed-off-by: Peter Xu 
---
 exec.c   |  3 ++-
 hw/alpha/typhoon.c   |  2 +-
 hw/dma/rc4030.c  |  2 +-
 hw/i386/amd_iommu.c  |  4 ++--
 hw/i386/intel_iommu.c|  4 ++--
 hw/pci-host/apb.c|  2 +-
 hw/ppc/spapr_iommu.c |  2 +-
 hw/s390x/s390-pci-bus.c  |  2 +-
 hw/s390x/s390-pci-inst.c |  2 +-
 include/exec/memory.h| 10 --
 memory.c |  3 ++-
 11 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/exec.c b/exec.c
index 96e3ac9..0d479b2 100644
--- a/exec.c
+++ b/exec.c
@@ -485,7 +485,8 @@ static MemoryRegionSection 
address_space_do_translate(AddressSpace *as,
 break;
 }
 
-iotlb = mr->iommu_ops->translate(mr, addr, is_write);
+iotlb = mr->iommu_ops->translate(mr, addr, is_write ?
+ IOMMU_WO : IOMMU_RO);
 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
 | (addr & iotlb.addr_mask));
 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
diff --git a/hw/alpha/typhoon.c b/hw/alpha/typhoon.c
index f50f5cf..c1cf780 100644
--- a/hw/alpha/typhoon.c
+++ b/hw/alpha/typhoon.c
@@ -664,7 +664,7 @@ static bool window_translate(TyphoonWindow *win, hwaddr 
addr,
 /* TODO: A translation failure here ought to set PCI error codes on the
Pchip and generate a machine check interrupt.  */
 static IOMMUTLBEntry typhoon_translate_iommu(MemoryRegion *iommu, hwaddr addr,
- bool is_write)
+ IOMMUAccessFlags flag)
 {
 TyphoonPchip *pchip = container_of(iommu, TyphoonPchip, iommu);
 IOMMUTLBEntry ret;
diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
index 0080141..edf9432 100644
--- a/hw/dma/rc4030.c
+++ b/hw/dma/rc4030.c
@@ -489,7 +489,7 @@ static const MemoryRegionOps jazzio_ops = {
 };
 
 static IOMMUTLBEntry rc4030_dma_translate(MemoryRegion *iommu, hwaddr addr,
-  bool is_write)
+  IOMMUAccessFlags flag)
 {
 rc4030State *s = container_of(iommu, rc4030State, dma_mr);
 IOMMUTLBEntry ret = {
diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 329058d..7b6d4ea 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -988,7 +988,7 @@ static inline bool amdvi_is_interrupt_addr(hwaddr addr)
 }
 
 static IOMMUTLBEntry amdvi_translate(MemoryRegion *iommu, hwaddr addr,
- bool is_write)
+ IOMMUAccessFlags flag)
 {
 AMDVIAddressSpace *as = container_of(iommu, AMDVIAddressSpace, iommu);
 AMDVIState *s = as->iommu_state;
@@ -1017,7 +1017,7 @@ static IOMMUTLBEntry amdvi_translate(MemoryRegion *iommu, 
hwaddr addr,
 return ret;
 }
 
-amdvi_do_translate(as, addr, is_write, );
+amdvi_do_translate(as, addr, flag & IOMMU_WO, );
 trace_amdvi_translation_result(as->bus_num, PCI_SLOT(as->devfn),
 PCI_FUNC(as->devfn), addr, ret.translated_addr);
 return ret;
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 9ba2162..4a51df8 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -2221,7 +2221,7 @@ static void vtd_mem_write(void *opaque, hwaddr addr,
 }
 
 static IOMMUTLBEntry vtd_iommu_translate(MemoryRegion *iommu, hwaddr addr,
- bool is_write)
+ IOMMUAccessFlags flag)
 {
 VTDAddressSpace *vtd_as = container_of(iommu, VTDAddressSpace, iommu);
 IntelIOMMUState *s = vtd_as->iommu_state;
@@ -2243,7 +2243,7 @@ static IOMMUTLBEntry vtd_iommu_translate(MemoryRegion 
*iommu, hwaddr addr,
 }
 
 vtd_do_iommu_translate(vtd_as, vtd_as->bus, vtd_as->devfn, addr,
-   is_write, );
+   flag & IOMMU_WO, );
 VTD_DPRINTF(MMU,
 "bus %"PRIu8 " slot %"PRIu8 " func %"PRIu8 " devfn %"PRIu8
 " iova 0x%"PRIx64 " hpa 0x%"PRIx64, pci_bus_num(vtd_as->bus),
diff --git a/hw/pci-host/apb.c b/hw/pci-host/apb.c
index edc88f4..2a80f68 100644
--- a/hw/pci-host/apb.c
+++ b/hw/pci-host/apb.c
@@ -209,7 +209,7 @@ static AddressSpace *pbm_pci_dma_iommu(PCIBus *bus, void 
*opaque, int devfn)
 
 /* Called from RCU critical section */
 static IOMMUTLBEntry pbm_translate_iommu(MemoryRegion *iommu, 

Re: [Qemu-devel] [virtio-dev] Re: [virtio-dev] Re: [PATCH v2 00/16] Vhost-pci for inter-VM communication

[Jason Wang]

On 2017年05月18日 11:03, Wei Wang wrote:

On 05/17/2017 02:22 PM, Jason Wang wrote:



On 2017年05月17日 14:16, Jason Wang wrote:



On 2017年05月16日 15:12, Wei Wang wrote:




Hi:

Care to post the driver codes too?

OK. It may take some time to clean up the driver code before post 
it out. You can first

have a check of the draft at the repo here:
https://github.com/wei-w-wang/vhost-pci-driver

Best,
Wei


Interesting, looks like there's one copy on tx side. We used to have 
zerocopy support for tun for VM2VM traffic. Could you please try to 
compare it with your vhost-pci-net by:


We can analyze from the whole data path - from VM1's network stack to 
send packets -> VM2's
network stack to receive packets. The number of copies are actually 
the same for both.


That's why I'm asking you to compare the performance. The only reason 
for vhost-pci is performance. You should prove it.




vhost-pci: 1-copy happen in VM1's driver xmit(), which copes packets 
from its network stack to VM2's
RX ring buffer. (we call it "zerocopy" because there is no 
intermediate copy between VMs)
zerocopy enabled vhost-net: 1-copy happen in tun's recvmsg, which 
copies packets from VM1's TX ring

buffer to VM2's RX ring buffer.


Actually, there's a major difference here. You do copy in guest which 
consumes time slice of vcpu thread on host. Vhost_net do this in its own 
thread. So I feel vhost_net is even faster here, maybe I was wrong.




That being said, we compared to vhost-user, instead of vhost_net, 
because vhost-user is the one

that is used in NFV, which we think is a major use case for vhost-pci.


If this is true, why not draft a pmd driver instead of a kernel one? And 
do you use virtio-net kernel driver to compare the performance? If yes, 
has OVS dpdk optimized for kernel driver (I think not)?


What's more important, if vhost-pci is faster, I think its kernel driver 
should be also faster than virtio-net, no?






- make sure zerocopy is enabled for vhost_net
- comment skb_orphan_frags() in tun_net_xmit()

Thanks



You can even enable tx batching for tun by ethtool -C tap0 rx-frames 
N. This will greatly improve the performance according to my test.




Thanks, but would this hurt latency?

Best,
Wei


I don't see this in my test.

Thanks

Re: [Qemu-devel] [PATCH 3/9] migration: Export qemu-file-channel.c functions in its own file

[Peter Xu]

On Thu, May 18, 2017 at 06:16:49PM +0200, Juan Quintela wrote:
> Signed-off-by: Juan Quintela 

Reviewed-by: Peter Xu 

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 3/9] migration: Export qemu-file-channel.c functions in its own file

[Peter Xu]

On Thu, May 18, 2017 at 03:26:23PM +0200, Juan Quintela wrote:
> Peter Xu  wrote:
> > On Wed, May 17, 2017 at 05:47:50PM +0200, Juan Quintela wrote:
> >> Signed-off-by: Juan Quintela 
> >> ---
> >>  include/migration/migration.h |  1 +
> >>  include/migration/qemu-file.h |  4 
> >>  migration/channel.c   |  1 +
> >>  migration/colo.c  |  1 +
> >>  migration/migration.c |  1 +
> >>  migration/qemu-file-channel.c |  1 +
> >>  migration/qemu-file-channel.h | 21 +
> >>  migration/rdma.c  |  1 +
> >>  migration/savevm.c|  1 +
> >>  tests/test-vmstate.c  |  1 +
> >>  10 files changed, 29 insertions(+), 4 deletions(-)
> >>  create mode 100644 migration/qemu-file-channel.h
> >> 
> >> diff --git a/include/migration/migration.h b/include/migration/migration.h
> >> index e831259..8280df1 100644
> >> --- a/include/migration/migration.h
> >> +++ b/include/migration/migration.h
> >> @@ -19,6 +19,7 @@
> >>  #include "qemu/thread.h"
> >>  #include "qemu/notify.h"
> >>  #include "migration/vmstate.h"
> >> +#include "io/channel.h"
> >
> > Could I ask why we add this line here? I thought one of the main goals
> > of this series is removing things from migration.h...
> 
> 
> 
> I remove from include/migration/qemu-file.h
> 
> -#include "io/channel.h"
> 
> 
> Because all the QIOChannel functions in qemu-file.h are moved to
> qemu-file-channel.h.
> 
> Great!
> 
> But migration/vmstate.h includes qemu-file.h
> 
> And migration.h includes vmstate.h
> 
> And migration.h has this functions:
> 
> void qemu_start_incoming_migration(const char *uri, Error **errp);
> QIOChannel *ioc,
> Error **errp);

(In my repo, it does not need QIOChannel, which looks like:
 void qemu_start_incoming_migration(const char *uri, Error **errp)
 but it does not really matter much...)

> 
> void migration_tls_channel_connect(MigrationState *s,
>QIOChannel *ioc,
>const char *hostname,
>Error **errp);
> 
> And nothing else declares the QIOChannel.
> 
> So, the easy solution so far is to include this by now to maintain
> compilation.

I see. It's okay to me.

(Another solution would be moving these functions outside of
 migration/migration.h as well since they are used by migration
 internally as well? Anyway we already have migration/tls.c to keep
 migration_tls_* functions)

I'll reply to the latest version of this patch for the r-b. Thanks.

-- 
Peter Xu

[Qemu-devel] specify memory in QEMU with Virtio

[jenia mtl]

Hello.


How do I specify how much graphics memory the Windows client should have in
QEMU. I have successfully installed Virtio and can launch the VM (Windows)
with it. This doubles the memory form 8MB to 16MB. But I need 512. How can
I set that?

I launch it like this (this command can be used to installed the OS and
also to launch it. If you don't want to install, Just don't enter the
Windows Install Interface, let it go to booting the OS)

qemu-system-x86_64 -enable-kvm -m 4G -soundhw hda -boot order=c -drive
file=image_file,if=virtio -drive file="OS.iso",index=2,media=cdrom -drive
file=/usr/share/virtio/virtio-win.iso,index=3,media=cdrom



Thanks in advance
Jenia

[Qemu-devel] [PATCH RFC] virtio-net: enable configurable tx queue size

[Wei Wang]

This patch enables the virtio-net tx queue size to be configurable
between 256 (the default queue size) and 1024 by the user. The queue
size specified by the user should be power of 2.

Setting the tx queue size to be 1024 requires the guest driver to
support the VIRTIO_NET_F_MAX_CHAIN_SIZE feature. This feature restricts
the guest driver from chaining 1024 vring descriptors, which may cause
the device side implementation to send more than 1024 iov to writev.
Currently, the max chain size allowed for the guest driver is set to
1023.

In the case that the tx queue size is set to 1024 and the
VIRTIO_NET_F_MAX_CHAIN_SIZE feature is not supported by the guest driver,
the default tx queue size (256) will be used.

Signed-off-by: Wei Wang 
---
 hw/net/virtio-net.c | 71 +++--
 include/hw/virtio/virtio-net.h  |  1 +
 include/standard-headers/linux/virtio_net.h |  3 ++
 3 files changed, 71 insertions(+), 4 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 7d091c9..ef38cb1 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -33,8 +33,12 @@
 
 /* previously fixed value */
 #define VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE 256
+#define VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE 256
 /* for now, only allow larger queues; with virtio-1, guest can downsize */
 #define VIRTIO_NET_RX_QUEUE_MIN_SIZE VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE
+#define VIRTIO_NET_TX_QUEUE_MIN_SIZE VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE
+
+#define VIRTIO_NET_MAX_CHAIN_SIZE 1023
 
 /*
  * Calculate the number of bytes up to and including the given 'field' of
@@ -57,6 +61,8 @@ static VirtIOFeature feature_sizes[] = {
  .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
 {.flags = 1 << VIRTIO_NET_F_MTU,
  .end = endof(struct virtio_net_config, mtu)},
+{.flags = 1 << VIRTIO_NET_F_MAX_CHAIN_SIZE,
+ .end = endof(struct virtio_net_config, max_chain_size)},
 {}
 };
 
@@ -84,6 +90,7 @@ static void virtio_net_get_config(VirtIODevice *vdev, uint8_t 
*config)
 virtio_stw_p(vdev, , n->status);
 virtio_stw_p(vdev, _virtqueue_pairs, n->max_queues);
 virtio_stw_p(vdev, , n->net_conf.mtu);
+virtio_stw_p(vdev, _chain_size, VIRTIO_NET_MAX_CHAIN_SIZE);
 memcpy(netcfg.mac, n->mac, ETH_ALEN);
 memcpy(config, , n->config_size);
 }
@@ -568,6 +575,7 @@ static uint64_t virtio_net_get_features(VirtIODevice *vdev, 
uint64_t features,
 features |= n->host_features;
 
 virtio_add_feature(, VIRTIO_NET_F_MAC);
+virtio_add_feature(, VIRTIO_NET_F_MAX_CHAIN_SIZE);
 
 if (!peer_has_vnet_hdr(n)) {
 virtio_clear_feature(, VIRTIO_NET_F_CSUM);
@@ -603,6 +611,7 @@ static uint64_t virtio_net_bad_features(VirtIODevice *vdev)
 virtio_add_feature(, VIRTIO_NET_F_HOST_TSO4);
 virtio_add_feature(, VIRTIO_NET_F_HOST_TSO6);
 virtio_add_feature(, VIRTIO_NET_F_HOST_ECN);
+virtio_add_feature(, VIRTIO_NET_F_MAX_CHAIN_SIZE);
 
 return features;
 }
@@ -635,6 +644,27 @@ static inline uint64_t 
virtio_net_supported_guest_offloads(VirtIONet *n)
 return virtio_net_guest_offloads_by_features(vdev->guest_features);
 }
 
+static bool is_tx(int queue_index)
+{
+return queue_index % 2 == 1;
+}
+
+static void virtio_net_change_tx_queue_size(VirtIONet *n)
+{
+VirtIODevice *vdev = VIRTIO_DEVICE(n);
+int i, num_queues = virtio_get_num_queues(vdev);
+
+if (n->net_conf.tx_queue_size == VIRTIO_NET_TX_QUEUE_DEFAULT_SIZE) {
+return;
+}
+
+for (i = 0; i < num_queues; i++) {
+if (is_tx(i)) {
+virtio_queue_set_num(vdev, i, n->net_conf.tx_queue_size);
+}
+}
+}
+
 static void virtio_net_set_features(VirtIODevice *vdev, uint64_t features)
 {
 VirtIONet *n = VIRTIO_NET(vdev);
@@ -649,6 +679,16 @@ static void virtio_net_set_features(VirtIODevice *vdev, 
uint64_t features)
virtio_has_feature(features,
   VIRTIO_F_VERSION_1));
 
+/*
+ * Change the tx queue size if the guest supports
+ * VIRTIO_NET_F_MAX_CHAIN_SIZE. This will restrict the guest from sending
+ * a very large chain of vring descriptors (e.g. 1024), which may cause
+ * 1025 iov to be written to writev.
+ */
+if (virtio_has_feature(features, VIRTIO_NET_F_MAX_CHAIN_SIZE)) {
+virtio_net_change_tx_queue_size(n);
+}
+
 if (n->has_vnet_hdr) {
 n->curr_guest_offloads =
 virtio_net_guest_offloads_by_features(features);
@@ -1297,8 +1337,8 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
 
 out_num = elem->out_num;
 out_sg = elem->out_sg;
-if (out_num < 1) {
-virtio_error(vdev, "virtio-net header not in first element");
+if (out_num < 1 || out_num > VIRTIO_NET_F_MAX_CHAIN_SIZE) {
+virtio_error(vdev, "no packet or too large vring desc chain");
 virtqueue_detach_element(q->tx_vq, elem, 0);
 

[Qemu-devel] [PATCH 2/4] block: Guarantee that *file is set on bdrv_get_block_status()

[Eric Blake]

We document that *file is valid if the return is not an error and
includes BDRV_BLOCK_OFFSET_VALID, but forgot to obey this contract
when a driver (such as blkdebug) lacks a callback.  Broken in
commit 67a0fd2 (v2.6), when we added the file parameter.

Enhance qemu-iotest 177 to cover this, using a sequence that would
print garbage or even SEGV, because it was dererefencing through
uninitialized memory.  [The resulting test output shows that we
have less-than-ideal block status from the blkdebug driver, but
that's a separate fix coming up soon.]

Setting *file only when setting BDRV_BLOCK_OFFSET_VALID is enough
to fix the crash, but we can go one step further: always setting
*file, even on error, means that a caller is no longer dereferencing
uninitialized memory, so that we are more likely to get a reliable
SEGV instead of randomly acting on garbage.  Adding an assertion
doesn't hurt either.

CC: qemu-sta...@nongnu.org
Signed-off-by: Eric Blake 
---
 block/io.c | 4 +++-
 tests/qemu-iotests/177 | 3 +++
 tests/qemu-iotests/177.out | 2 ++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/block/io.c b/block/io.c
index fdd7485..164a82b 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1749,6 +1749,7 @@ static int64_t coroutine_fn 
bdrv_co_get_block_status(BlockDriverState *bs,
 int64_t n;
 int64_t ret, ret2;

+*file = NULL;
 total_sectors = bdrv_nb_sectors(bs);
 if (total_sectors < 0) {
 return total_sectors;
@@ -1769,6 +1770,7 @@ static int64_t coroutine_fn 
bdrv_co_get_block_status(BlockDriverState *bs,
 ret = BDRV_BLOCK_DATA | BDRV_BLOCK_ALLOCATED;
 if (bs->drv->protocol_name) {
 ret |= BDRV_BLOCK_OFFSET_VALID | (sector_num * BDRV_SECTOR_SIZE);
+*file = bs;
 }
 return ret;
 }
@@ -1783,7 +1785,7 @@ static int64_t coroutine_fn 
bdrv_co_get_block_status(BlockDriverState *bs,
 }

 if (ret & BDRV_BLOCK_RAW) {
-assert(ret & BDRV_BLOCK_OFFSET_VALID);
+assert(ret & BDRV_BLOCK_OFFSET_VALID && *file);
 ret = bdrv_co_get_block_status(*file, ret >> BDRV_SECTOR_BITS,
*pnum, pnum, file);
 goto out;
diff --git a/tests/qemu-iotests/177 b/tests/qemu-iotests/177
index 2005c17..f8ed8fb 100755
--- a/tests/qemu-iotests/177
+++ b/tests/qemu-iotests/177
@@ -43,6 +43,7 @@ _supported_proto file
 CLUSTER_SIZE=1M
 size=128M
 options=driver=blkdebug,image.driver=qcow2
+nested_opts=image.file.driver=file,image.file.filename=$TEST_IMG

 echo
 echo "== setting up files =="
@@ -106,6 +107,8 @@ function verify_io()
 }

 verify_io | $QEMU_IO -r "$TEST_IMG" | _filter_qemu_io
+$QEMU_IMG map --image-opts "$options,$nested_opts,align=4k" \
+| _filter_qemu_img_map

 _check_test_img

diff --git a/tests/qemu-iotests/177.out b/tests/qemu-iotests/177.out
index e887542..b754ed4 100644
--- a/tests/qemu-iotests/177.out
+++ b/tests/qemu-iotests/177.out
@@ -45,5 +45,7 @@ read 30408704/30408704 bytes at offset 80740352
 29 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 read 23068672/23068672 bytes at offset 49056
 22 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Offset  Length  File
+0   0x800   blkdebug::TEST_DIR/t.IMGFMT
 No errors were found on the image.
 *** done
-- 
2.9.4

[Qemu-devel] [PATCH 0/4] more blkdebug tweaks

[Eric Blake]

I found a crasher and some odd behavior while rebasing my
bdrv_get_block_status series, so I figured I'd get these things
fixed first.  This is based on top of Max's block branch.

Eric Blake (4):
  qemu-io: Don't die on second open
  block: Guarantee that *file is set on bdrv_get_block_status()
  block: Simplify use of BDRV_BLOCK_RAW.
  blkdebug: Support .bdrv_co_get_block_status

 block/blkdebug.c   | 11 +++
 block/commit.c |  2 +-
 block/io.c |  4 +++-
 block/mirror.c |  2 +-
 block/raw-format.c |  2 +-
 block/vpc.c|  2 +-
 qemu-io.c  |  2 +-
 tests/qemu-iotests/177 |  3 +++
 tests/qemu-iotests/177.out |  5 +
 9 files changed, 27 insertions(+), 6 deletions(-)

-- 
2.9.4

[Qemu-devel] [PATCH 1/4] qemu-io: Don't die on second open

[Eric Blake]

Failure to open a file in qemu-io should normally return 1 on
failure to end the command loop, on the presumption that when
batching commands all on the command line, failure to open means
nothing further can be attempted. But when executing qemu-io
interactively, there is a special case: if open is executed a
second time, we print a hint that the user should try the
interactive 'close' first.  But the hint is useless if we don't
actually LET them try 'close'.

This has been awkward since at least as far back as commit
43642b3, in 2011 (probably earlier, but git blame has a harder
time going past the file renames at that point).

Signed-off-by: Eric Blake 
---
 qemu-io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qemu-io.c b/qemu-io.c
index 34fa8a1..0c82dac 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -63,7 +63,7 @@ static int openfile(char *name, int flags, bool writethrough, 
bool force_share,
 if (qemuio_blk) {
 error_report("file open already, try 'help close'");
 QDECREF(opts);
-return 1;
+return 0;
 }

 if (force_share) {
-- 
2.9.4

[Qemu-devel] [PATCH 4/4] blkdebug: Support .bdrv_co_get_block_status

[Eric Blake]

Without a passthrough status of BDRV_BLOCK_RAW, anything wrapped by
blkdebug appears 100% allocated as data.  Better is treating it the
same as the underlying file being wrapped.

For a quick manual test, compare this sequence, pre- and post-patch:
$ qemu-img create -f qcow2 file 10M
$ qemu-io -f qcow2 -c 'w 1m' file
$ qemu-img map -f qcow2 file
$ qemu-img map --image-opts driver=blkdebug,image.driver=qcow2,\
image.file.driver=file,image.file.filename=file

Update iotest 177 for the new expected output.

Signed-off-by: Eric Blake 
---
 block/blkdebug.c   | 11 +++
 tests/qemu-iotests/177.out |  5 -
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/block/blkdebug.c b/block/blkdebug.c
index a5196e8..1ad8d65 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -642,6 +642,16 @@ static int coroutine_fn 
blkdebug_co_pdiscard(BlockDriverState *bs,
 return bdrv_co_pdiscard(bs->file->bs, offset, count);
 }

+static int64_t coroutine_fn blkdebug_co_get_block_status(
+BlockDriverState *bs, int64_t sector_num, int nb_sectors, int *pnum,
+BlockDriverState **file)
+{
+*pnum = nb_sectors;
+*file = bs->file->bs;
+return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID |
+(sector_num << BDRV_SECTOR_BITS);
+}
+
 static void blkdebug_close(BlockDriverState *bs)
 {
 BDRVBlkdebugState *s = bs->opaque;
@@ -912,6 +922,7 @@ static BlockDriver bdrv_blkdebug = {
 .bdrv_co_flush_to_disk  = blkdebug_co_flush,
 .bdrv_co_pwrite_zeroes  = blkdebug_co_pwrite_zeroes,
 .bdrv_co_pdiscard   = blkdebug_co_pdiscard,
+.bdrv_co_get_block_status = blkdebug_co_get_block_status,

 .bdrv_debug_event   = blkdebug_debug_event,
 .bdrv_debug_breakpoint  = blkdebug_debug_breakpoint,
diff --git a/tests/qemu-iotests/177.out b/tests/qemu-iotests/177.out
index b754ed4..43a7778 100644
--- a/tests/qemu-iotests/177.out
+++ b/tests/qemu-iotests/177.out
@@ -46,6 +46,9 @@ read 30408704/30408704 bytes at offset 80740352
 read 23068672/23068672 bytes at offset 49056
 22 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 Offset  Length  File
-0   0x800   blkdebug::TEST_DIR/t.IMGFMT
+0   0x80TEST_DIR/t.IMGFMT
+0x900x240   TEST_DIR/t.IMGFMT
+0x3c0   0x110   TEST_DIR/t.IMGFMT
+0x6a0   0x160   TEST_DIR/t.IMGFMT
 No errors were found on the image.
 *** done
-- 
2.9.4

Re: [Qemu-devel] [PATCH 1/3] numa: consolidate cpu_preplug fixups/checks for pc/arm/spapr

[David Gibson]

On Thu, May 18, 2017 at 10:09:29AM +0200, Igor Mammedov wrote:
> Signed-off-by: Igor Mammedov 

Reviewed-by: David Gibson 

> ---
>  include/sysemu/numa.h |  1 +
>  hw/arm/virt.c | 16 ++--
>  hw/i386/pc.c  | 17 +
>  hw/ppc/spapr.c| 17 +
>  numa.c| 22 ++
>  5 files changed, 27 insertions(+), 46 deletions(-)
> 
> diff --git a/include/sysemu/numa.h b/include/sysemu/numa.h
> index 7ffde5b..610eece 100644
> --- a/include/sysemu/numa.h
> +++ b/include/sysemu/numa.h
> @@ -35,4 +35,5 @@ void numa_legacy_auto_assign_ram(MachineClass *mc, NodeInfo 
> *nodes,
>   int nb_nodes, ram_addr_t size);
>  void numa_default_auto_assign_ram(MachineClass *mc, NodeInfo *nodes,
>int nb_nodes, ram_addr_t size);
> +void numa_cpu_pre_plug(const CPUArchId *slot, DeviceState *dev, Error 
> **errp);
>  #endif
> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> index c7c8159..ce676df 100644
> --- a/hw/arm/virt.c
> +++ b/hw/arm/virt.c
> @@ -1351,7 +1351,6 @@ static void machvirt_init(MachineState *machine)
>  for (n = 0; n < possible_cpus->len; n++) {
>  Object *cpuobj;
>  CPUState *cs;
> -int node_id;
>  
>  if (n >= smp_cpus) {
>  break;
> @@ -1364,19 +1363,8 @@ static void machvirt_init(MachineState *machine)
>  cs = CPU(cpuobj);
>  cs->cpu_index = n;
>  
> -node_id = possible_cpus->cpus[cs->cpu_index].props.node_id;
> -if (!possible_cpus->cpus[cs->cpu_index].props.has_node_id) {
> -/* by default CPUState::numa_node was 0 if it's not set via CLI
> - * keep it this way for now but in future we probably should
> - * refuse to start up with incomplete numa mapping */
> - node_id = 0;
> -}
> -if (cs->numa_node == CPU_UNSET_NUMA_NODE_ID) {
> -cs->numa_node = node_id;
> -} else {
> -/* CPU isn't device_add compatible yet, this shouldn't happen */
> -error_setg(_abort, "user set node-id not implemented");
> -}
> +numa_cpu_pre_plug(_cpus->cpus[cs->cpu_index], 
> DEVICE(cpuobj),
> +  _fatal);
>  
>  if (!vms->secure) {
>  object_property_set_bool(cpuobj, false, "has_el3", NULL);
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index e36a375..d83c158 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -1895,7 +1895,6 @@ static void pc_cpu_pre_plug(HotplugHandler *hotplug_dev,
>  DeviceState *dev, Error **errp)
>  {
>  int idx;
> -int node_id;
>  CPUState *cs;
>  CPUArchId *cpu_slot;
>  X86CPUTopoInfo topo;
> @@ -1986,21 +1985,7 @@ static void pc_cpu_pre_plug(HotplugHandler 
> *hotplug_dev,
>  cs = CPU(cpu);
>  cs->cpu_index = idx;
>  
> -node_id = cpu_slot->props.node_id;
> -if (!cpu_slot->props.has_node_id) {
> -/* by default CPUState::numa_node was 0 if it's not set via CLI
> - * keep it this way for now but in future we probably should
> - * refuse to start up with incomplete numa mapping */
> -node_id = 0;
> -}
> -if (cs->numa_node == CPU_UNSET_NUMA_NODE_ID) {
> -cs->numa_node = node_id;
> -} else if (cs->numa_node != node_id) {
> -error_setg(errp, "node-id %d must match numa node specified"
> -"with -numa option for cpu-index %d",
> -cs->numa_node, cs->cpu_index);
> -return;
> -}
> +numa_cpu_pre_plug(cpu_slot, dev, errp);
>  }
>  
>  static void pc_machine_device_pre_plug_cb(HotplugHandler *hotplug_dev,
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0980d73..c7fee8b 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2831,11 +2831,9 @@ static void spapr_core_pre_plug(HotplugHandler 
> *hotplug_dev, DeviceState *dev,
>  MachineClass *mc = MACHINE_GET_CLASS(hotplug_dev);
>  Error *local_err = NULL;
>  CPUCore *cc = CPU_CORE(dev);
> -sPAPRCPUCore *sc = SPAPR_CPU_CORE(dev);
>  char *base_core_type = spapr_get_cpu_core_type(machine->cpu_model);
>  const char *type = object_get_typename(OBJECT(dev));
>  CPUArchId *core_slot;
> -int node_id;
>  int index;
>  
>  if (dev->hotplugged && !mc->has_hotpluggable_cpus) {
> @@ -2870,20 +2868,7 @@ static void spapr_core_pre_plug(HotplugHandler 
> *hotplug_dev, DeviceState *dev,
>  goto out;
>  }
>  
> -node_id = core_slot->props.node_id;
> -if (!core_slot->props.has_node_id) {
> -/* by default CPUState::numa_node was 0 if it's not set via CLI
> - * keep it this way for now but in future we probably should
> - * refuse to start up with incomplete numa mapping */
> -node_id = 0;
> -}
> -if (sc->node_id == CPU_UNSET_NUMA_NODE_ID) {
> -sc->node_id = 

[Qemu-devel] [PATCH 3/4] block: Simplify use of BDRV_BLOCK_RAW.

[Eric Blake]

The lone caller that cares about a return of BDRV_BLOCK_RAW
completely replaces the return value, so there is no point in
passing BDRV_BLOCK_DATA.

Signed-off-by: Eric Blake 
---
 block/commit.c | 2 +-
 block/mirror.c | 2 +-
 block/raw-format.c | 2 +-
 block/vpc.c| 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/block/commit.c b/block/commit.c
index 76a0d98..cf662ba 100644
--- a/block/commit.c
+++ b/block/commit.c
@@ -239,7 +239,7 @@ static int64_t coroutine_fn 
bdrv_commit_top_get_block_status(
 {
 *pnum = nb_sectors;
 *file = bs->backing->bs;
-return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID | BDRV_BLOCK_DATA |
+return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID |
(sector_num << BDRV_SECTOR_BITS);
 }

diff --git a/block/mirror.c b/block/mirror.c
index e86f8f8..970c9f2 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -1047,7 +1047,7 @@ static int64_t coroutine_fn 
bdrv_mirror_top_get_block_status(
 {
 *pnum = nb_sectors;
 *file = bs->backing->bs;
-return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID | BDRV_BLOCK_DATA |
+return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID |
(sector_num << BDRV_SECTOR_BITS);
 }

diff --git a/block/raw-format.c b/block/raw-format.c
index 36e6503..1136eba 100644
--- a/block/raw-format.c
+++ b/block/raw-format.c
@@ -259,7 +259,7 @@ static int64_t coroutine_fn 
raw_co_get_block_status(BlockDriverState *bs,
 *pnum = nb_sectors;
 *file = bs->file->bs;
 sector_num += s->offset / BDRV_SECTOR_SIZE;
-return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID | BDRV_BLOCK_DATA |
+return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID |
(sector_num << BDRV_SECTOR_BITS);
 }

diff --git a/block/vpc.c b/block/vpc.c
index ecfee77..048504b 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -701,7 +701,7 @@ static int64_t coroutine_fn 
vpc_co_get_block_status(BlockDriverState *bs,
 if (be32_to_cpu(footer->type) == VHD_FIXED) {
 *pnum = nb_sectors;
 *file = bs->file->bs;
-return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID | BDRV_BLOCK_DATA |
+return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID |
(sector_num << BDRV_SECTOR_BITS);
 }

-- 
2.9.4

Re: [Qemu-devel] [PATCH v11 2/2] migration: spapr: migrate pending_events of spapr state

[David Gibson]

On Thu, May 18, 2017 at 05:24:02PM -0300, Daniel Henrique Barboza wrote:
> From: Jianjun Duan 
> 
> In racing situations between hotplug events and migration operation,
> a rtas hotplug event could have not yet be delivered to the source
> guest when migration is started. In this case the pending_events of
> spapr state need be transmitted to the target so that the hotplug
> event can be finished on the target.
> 
> All the different fields of the events are encoded as defined by
> PAPR. We can migrate them as uint8_t binary stream without any
> concerns about data padding or endianess.
> 
> pending_events is put in a subsection in the spapr state VMSD to make
> sure migration across different versions is not broken.
> 
> Signed-off-by: Jianjun Duan 
> Signed-off-by: Daniel Henrique Barboza 
> ---
>  hw/ppc/spapr.c | 32 
>  hw/ppc/spapr_events.c  |  1 +
>  include/hw/ppc/spapr.h |  3 ++-
>  3 files changed, 35 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0980d73..5afd328 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1444,6 +1444,37 @@ static bool version_before_3(void *opaque, int 
> version_id)
>  return version_id < 3;
>  }
>  
> +static bool spapr_pending_events_needed(void *opaque)
> +{
> +sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
> +return !QTAILQ_EMPTY(>pending_events);
> +}
> +
> +static const VMStateDescription vmstate_spapr_event_entry = {
> +.name = "spapr_event_log_entry",
> +.version_id = 1,
> +.minimum_version_id = 1,
> +.fields = (VMStateField[]) {
> +VMSTATE_INT32(log_type, sPAPREventLogEntry),
> +VMSTATE_UINT32(data_size, sPAPREventLogEntry),
> +VMSTATE_VBUFFER_ALLOC_UINT32(data, sPAPREventLogEntry, 0,
> + NULL, data_size),
> +VMSTATE_END_OF_LIST()
> +},
> +};
> +
> +static const VMStateDescription vmstate_spapr_pending_events = {
> +.name = "spapr_pending_events",
> +.version_id = 1,
> +.minimum_version_id = 1,
> +.needed = spapr_pending_events_needed,
> +.fields = (VMStateField[]) {
> +VMSTATE_QTAILQ_V(pending_events, sPAPRMachineState, 1,
> + vmstate_spapr_event_entry, sPAPREventLogEntry, 
> next),
> +VMSTATE_END_OF_LIST()
> +},
> +};
> +
>  static bool spapr_ov5_cas_needed(void *opaque)
>  {
>  sPAPRMachineState *spapr = opaque;
> @@ -1542,6 +1573,7 @@ static const VMStateDescription vmstate_spapr = {
>  .subsections = (const VMStateDescription*[]) {
>  _spapr_ov5_cas,
>  _spapr_patb_entry,
> +_spapr_pending_events,
>  NULL
>  }
>  };
> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
> index 73e2a18..96c1605 100644
> --- a/hw/ppc/spapr_events.c
> +++ b/hw/ppc/spapr_events.c
> @@ -350,6 +350,7 @@ static void rtas_event_log_queue(int log_type, void *data)
>  g_assert(data);
>  entry->log_type = log_type;
>  entry->data = data;
> +entry->data_size = sizeof(*data);

This can't be right, since data is a void*.  I'm surprised it even
compiles.  You'll need to actually look into the data buffer here and
extract the size field.

>  QTAILQ_INSERT_TAIL(>pending_events, entry, next);
>  }
>  
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index 02239a5..0554e11 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -597,8 +597,9 @@ struct sPAPRTCETable {
>  sPAPRTCETable *spapr_tce_find_by_liobn(target_ulong liobn);
>  
>  struct sPAPREventLogEntry {
> -int log_type;
> +int32_t log_type;
>  void *data;
> +uint32_t data_size;
>  QTAILQ_ENTRY(sPAPREventLogEntry) next;
>  };
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v11 1/2] hw/ppc/spapr_events.c: removing 'exception' from sPAPREventLogEntry

[David Gibson]

On Thu, May 18, 2017 at 05:24:01PM -0300, Daniel Henrique Barboza wrote:
> Currenty we do not have any RTAS event that is reported by the
> event-scan interface. The existing events, RTAS_LOG_TYPE_EPOW and
> RTAS_LOG_TYPE_HOTPLUG, are being reported by the check-exception
> interface and, as such, marked as 'exception=true'.
> 
> Commit 79853e18d9, 'spapr_events: event-scan RTAS interface', added
> the event_scan interface because the guest kernel requires it to
> initialize other required interfaces. It is acting since then as
> a stub because no events that would be reported by it were added
> since then. However, the existence of the 'exception' boolean adds
> an unnecessary load in the future migration of the pending_events,
> sPAPREventLogEntry QTAILQ that hosts the pending RTAS events.
> 
> To make the code cleaner and ease the future migration changes, this
> patch makes the following changes:
> 
> - remove the 'exception' boolean that filter these events. There is
> nothing to filter since all events are reported by check-exception;
> 
> - functions rtas_event_log_queue, rtas_event_log_dequeue and
> rtas_event_log_contains don't receive the 'exception' boolean
> as parameter;
> 
> - event_scan function was simplified. It was calling
> 'rtas_event_log_dequeue(mask, false)' that was always returning
> 'NULL' because we have no events that are created with
> exception=false, thus in the end it would execute a jump to
> 'out_no_events' all the time. The function now assumes that
> this will always be the case and all the remaining logic were
> deleted.
> 
> In the future, when or if we add new RTAS events that should
> be reported with the event_scan interface, we can refer to
> the changes made in this patch to add the event_scan logic
> back.
> 
> Signed-off-by: Daniel Henrique Barboza 

Applied to ppc-for-2.10.

> ---
>  hw/ppc/spapr_events.c  | 52 
> +++---
>  include/hw/ppc/spapr.h |  1 -
>  2 files changed, 7 insertions(+), 46 deletions(-)
> 
> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
> index f0b28d8..73e2a18 100644
> --- a/hw/ppc/spapr_events.c
> +++ b/hw/ppc/spapr_events.c
> @@ -342,20 +342,18 @@ static int rtas_event_log_to_irq(sPAPRMachineState 
> *spapr, int log_type)
>  return source->irq;
>  }
>  
> -static void rtas_event_log_queue(int log_type, void *data, bool exception)
> +static void rtas_event_log_queue(int log_type, void *data)
>  {
>  sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
>  sPAPREventLogEntry *entry = g_new(sPAPREventLogEntry, 1);
>  
>  g_assert(data);
>  entry->log_type = log_type;
> -entry->exception = exception;
>  entry->data = data;
>  QTAILQ_INSERT_TAIL(>pending_events, entry, next);
>  }
>  
> -static sPAPREventLogEntry *rtas_event_log_dequeue(uint32_t event_mask,
> -  bool exception)
> +static sPAPREventLogEntry *rtas_event_log_dequeue(uint32_t event_mask)
>  {
>  sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
>  sPAPREventLogEntry *entry = NULL;
> @@ -364,10 +362,6 @@ static sPAPREventLogEntry 
> *rtas_event_log_dequeue(uint32_t event_mask,
>  const sPAPREventSource *source =
>  rtas_event_log_to_source(spapr, entry->log_type);
>  
> -if (entry->exception != exception) {
> -continue;
> -}
> -
>  if (source->mask & event_mask) {
>  break;
>  }
> @@ -380,7 +374,7 @@ static sPAPREventLogEntry 
> *rtas_event_log_dequeue(uint32_t event_mask,
>  return entry;
>  }
>  
> -static bool rtas_event_log_contains(uint32_t event_mask, bool exception)
> +static bool rtas_event_log_contains(uint32_t event_mask)
>  {
>  sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
>  sPAPREventLogEntry *entry = NULL;
> @@ -389,10 +383,6 @@ static bool rtas_event_log_contains(uint32_t event_mask, 
> bool exception)
>  const sPAPREventSource *source =
>  rtas_event_log_to_source(spapr, entry->log_type);
>  
> -if (entry->exception != exception) {
> -continue;
> -}
> -
>  if (source->mask & event_mask) {
>  return true;
>  }
> @@ -479,7 +469,7 @@ static void spapr_powerdown_req(Notifier *n, void *opaque)
>  epow->event_modifier = RTAS_LOG_V6_EPOW_MODIFIER_NORMAL;
>  epow->extended_modifier = RTAS_LOG_V6_EPOW_XMODIFIER_PARTITION_SPECIFIC;
>  
> -rtas_event_log_queue(RTAS_LOG_TYPE_EPOW, new_epow, true);
> +rtas_event_log_queue(RTAS_LOG_TYPE_EPOW, new_epow);
>  
>  qemu_irq_pulse(xics_get_qirq(XICS_FABRIC(spapr),
>   rtas_event_log_to_irq(spapr,
> @@ -572,7 +562,7 @@ static void spapr_hotplug_req_event(uint8_t hp_id, 
> uint8_t hp_action,
>  cpu_to_be32(drc_id->count_indexed.index);
>  }
>  
> -rtas_event_log_queue(RTAS_LOG_TYPE_HOTPLUG, new_hp, 

Re: [Qemu-devel] [PATCH] spapr: ensure core_slot isn't NULL in spapr_core_unplug()

[David Gibson]

On Thu, May 18, 2017 at 03:58:31PM +0200, Greg Kurz wrote:
> If we go that far on the path of hot-removing a core and we find out that
> the core-id is invalid, then we have a serious bug.
> 
> Let's make it explicit with an assert() instead of dereferencing a NULL
> pointer.
> 
> This fixes Coverity issue CID 1375404.
> 
> Signed-off-by: Greg Kurz 

Merged to ppc-for-2.10.

> ---
>  hw/ppc/spapr.c |1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0980d733cd7a..1c5b814fc0bf 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2715,6 +2715,7 @@ static void spapr_core_unplug(HotplugHandler 
> *hotplug_dev, DeviceState *dev,
>  CPUCore *cc = CPU_CORE(dev);
>  CPUArchId *core_slot = spapr_find_cpu_slot(ms, cc->core_id, NULL);
>  
> +assert(core_slot);
>  core_slot->cpu = NULL;
>  object_unparent(OBJECT(dev));
>  }
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Bug 1691379] [NEW] NetBSD evbmips64el port installation doesn't work with qemu-system-mips64el.

[Kamil Rytarowski]

On 18.05.2017 12:54, Aurelien Jarno wrote:
> On 2017-05-18 04:29, Kamil Rytarowski wrote:
>> On 17.05.2017 19:58, Kamil Rytarowski wrote:
>>> On 17.05.2017 10:10, Thomas Huth wrote:
 On 17.05.2017 09:52, Utkarsh Anand wrote:
> Public bug reported:
>
> I successfully installed the NetBSD evbmips64el port on gxemul but was
> unable to install it on qemu. Trying to boot it on qemu takes me to the
> 'db>' prompt. Here's the output and backtrace:
>
> panic: pcib_isa_intr_string: bogus isa irq 0x0
> kernel: breakpoint trap
> Stopped in pid 0.1 (system) at  netbsd:cpu_Debugger+0x4:jr  ra
> bdslot: nop
> db> bt
> 0x805977f0: cpu_Debugger+4 
> (63061,9000180003f8,6,804c2290) ra 8030acd0 sz 0
> 0x805977f0: vpanic+158 
> (63061,9000180003f8,6,804c2290) ra 8030ad7c sz 64
> 0x80597830: panic+34 (63061,803d65b0,0,40) ra 
> 80109784 sz 96
> 0x80597890: pcib_isa_intr_string+6c (63061,803d65b0,0,40) 
> ra 80149bfc sz 16
> 0x805978a0: uhci_pci_attach+16c (63061,803d65b0,0,40) ra 
> 802f0400 sz 176
> 0x80597950: config_attach_loc+1c8 (63061,803d65b0,0,40) 
> ra 802f053c sz 64
> 0x80597990: config_found_sm_loc+5c (63061,803d65b0,0,40) 
> ra 80121354 sz 64
> 0x805979d0: pci_probe_device+524 (63061,803d65b0,0,0) ra 
> 80121548 sz 288
> 0x80597af0: pci_enumerate_bus+1d0 (63061,803d65b0,0,0) ra 
> 8012167c sz 160
> 0x80597b90: pcirescan+5c (63061,803d65b0,0,0) ra 
> 801218c4 sz 32
> 0x80597bb0: pciattach+19c (63061,803d65b0,0,0) ra 
> 802f0400 sz 80
> 0x80597c00: config_attach_loc+1c8 (63061,803d65b0,0,0) ra 
> 802f053c sz 64
> 0x80597c40: config_found_sm_loc+5c (63061,803d65b0,0,0) 
> ra 80108934 sz 64
> 0x80597c80: gt_attach+7c (63061,803d65b0,0,0) ra 
> 802f0400 sz 112   
> 0x80597cf0: config_attach_loc+1c8 (63061,803d65b0,0,0) ra 
> 802f053c sz 64
> 0x80597d30: config_found_sm_loc+5c (63061,803d65b0,0,0) 
> ra 801086ac sz 64
> 0x80597d70: mainbus_attach+dc (63061,803d65b0,0,0) ra 
> 802f0400 sz 96
> 0x80597dd0: config_attach_loc+1c8 (63061,803d65b0,0,0) ra 
> 80104bf8 sz 64
> 0x80597e10: cpu_configure+28 (63061,803d65b0,0,0) ra 
> 803d5f30 sz 16
> 0x80597e20: main+3a0 (63061,803d65b0,0,0) ra 
> 801000dc sz 128   
> 0x80597ea0: kernel_text+dc (63061,803d65b0,0,0) ra 0 sz 0
> User-level: pid 0.1
>
> Here's the command that I used:
>
> Build evbmips64el from source and then launch it from qemu (replace the
> paths relative to your system):
>
> qemu-system-mips64el -cdrom
> /extra/evbmips64/distrib/evbmips/cdroms/installcd/NetBSD-7.99.71
> -evbmips-mips64el.iso -hda /extra/evbmips64.img -kernel
> /extra/evbmips64/releasedir/evbmips/installation/netbsd-INSTALL_MALTA64
> -nographic -M malta
>
> (I've decompressed the kernel)
>
> Here's the output for qemu-system-mips64el --version :
>
> QEMU emulator version 2.7.1(qemu-2.7.1-6.fc25), Copyright (c) 2003-2016
> Fabrice Bellard and the QEMU Project developers
>
> This doesn't look like a NetBSD bug. I've attached a screenshot of the
> working installation using gxemul in the attachments.

 When reporting such issues, please always use the latest release of QEMU
 first, so could you please try again with the latest upstream release of
 QEMU (currently v2.9.0)? Thanks!

  Thomas

>>>
>>> 7.99.71 is the most recent kernel ABI version (NetBSD-current).
>>>
>>> Release engineering builds of NetBSD-current are hosted on nyftp.netbsd.org.
>>>
>>> kernel:
>>>
>>> http://nyftp.netbsd.org/pub/NetBSD-daily/HEAD/201705170540Z/evbmips-mips64el/installation/
>>>
>>> installation medium:
>>>
>>> http://nyftp.netbsd.org/pub/NetBSD-daily/HEAD/201705170540Z/images/
>>>
>>> [In future there will be need to switch 201705170540Z to a newer
>>> snapshot, as this one will be removed.]
>>>
>>> I will have to a look tonight and try to reproduce locally (and take
>>> MIPS 64-bit crash course).
>>>
>>
>> I've reproduced it locally with qemu/NetBSD-7.99.71 ver. 2.9 git HEAD
>> (rev. cdece0467c7cf8e3).
>>
>> 464 const char *
>> 465 pcib_isa_intr_string(void *v, int irq, char *buf, size_t len)
>> 466 {
>> 467  if (irq == 0 || irq >= ICU_LEN || irq == 2)
>> 468  panic("%s: bogus isa irq 0x%x", __func__, irq);
>> 469
>> 

Re: [Qemu-devel] [PATCH v8 00/13] basic channel IO passthrough infrastructure based on vfio

[Dong Jia Shi]

* Cornelia Huck  [2017-05-18 15:13:56 +0200]:

Hi Conny,

> On Wed, 17 May 2017 02:48:00 +0200
> Dong Jia Shi  wrote:
> 
> > The patch series introduce a basic channel I/O passthrough
> > infrastructure based on vfio.
> > - Focus on supporting dasd-eckd(cu_type/dev_type = 0x3990/0x3390) as
> >   the target device. 
> > - Support new qemu parameters in the style of:
> > -machine s390-ccw-virtio(,s390-squash-mcss=on|off) \
> > -device vfio-ccw,sysfsdev=$MDEV_PATH
> >   We want to support real (i.e. not virtual) channel devices even for
> >   guests that do not support MCSS-E (where guests may see devices from
> >   any channel subsystem image at once). As all virtio-ccw devices are in
> >   css 0xfe (and show up in the default css 0 for guests not activating
> >   MCSS-E), we need an option to squash e.g. passed-through channel devices
> >   from their real css (0-3, or 0 for hosts not activating MCSS-E) into
> >   the default css, that is what the new machine option s390-squash-css is
> >   added.
> 
> Patches queued, with minor changes (see my comments).
> 
> I'll push out to s390-next once this passes some of my tests.
> 
:-D

> > 
> > Build and install:
> > 1. kernel configuration
> >   CONFIG_S390_CCW_IOMMU=m
> >   CONFIG_VFIO=m
> >   CONFIG_VFIO_MDEV=m
> >   CONFIG_VFIO_MDEV_DEVICE=m
> >   CONFIG_VFIO_CCW=m
> > 2. modules required
> >   modprobe vfio.ko
> >   modprobe mdev.ko
> >   modprobe vfio_mdev.ko
> >   modprobe vfio_iommu_type1.ko
> >   modprobe vfio_ccw.ko
> > 3. find a subchannel(0.0."%schid") of a DASD-ECKD device and bind it to
> >   vfio_ccw driver
> >   #find the dasd you can use with lsdasd on your host. e.g.:
> >   devno="7e52"
> >   schid="16ca"
> >   #unbind the ccw device from the subchannel
> >   echo 0.0."$devno" > /sys/bus/ccw/devices/0.0."$devno"/driver/unbind
> >   #unbind the subchannel from io_subchannel driver
> >   echo 0.0."$schid" > /sys/bus/css/devices/0.0."$schid"/driver/unbind
> >   #bind the subchannel with vfio_ccw driver
> >   echo 0.0."$schid" > /sys/bus/css/drivers/vfio_ccw/bind
> > 4. create a mediated device
> >   #generate a uuid with uuidgen. e.g.:
> >   uuid="6dfd3ec5-e8b3-4e18-a6fe-57bc9eceb920"
> >   echo "$uuid" > \
> >   /sys/bus/css/devices/0.0."$schid"/mdev_supported_types/vfio_ccw-io/create
> > 5. pass-through this device to a vm
> >   -M s390-ccw-virtio,s390-squash-css=on \
> >   -device vfio-ccw,sysfsdev=/sys/bus/mdev/devices/$uuid \
> >   ... ...
> 
> These instructions would be helpful to preserve in the qemu wiki and
> could even be expanded upon.
Nod.

> Ping me if you need an account (hint, hint ;)
(uh...)
Dear Frau, could you please kindly get me an account? Then I can try to
add a new page for vfio-ccw in the qemu wiki. ;)

I will ping you when you online.

Thanks!

-- 
Dong Jia Shi

Re: [Qemu-devel] [PATCH] SMM: disable smram region if smm is disabled

[Xu, Anthony]

> On 16/05/2017 22:22, Xu, Anthony wrote:
> >> On 16/05/2017 03:21, Anthony Xu wrote:
> >>> when smm is disabled, smram is not used, so disable it
> >>>
> >>> Signed-off-by: Anthony Xu 
> >>
> >> What is the benefit?
> >
> > This patch removes 1 memory region for i440 platform and 3 memory
> regions
> > for q35 platform. That makes functions which iterates memory region tree
> > a little bit fast even the memory regions are disabled.
> 
> Does it translate to anything measurable in benchmarks?  
Yes , we see boot time improvement with this patch in our setup (skip guest 
BIOS, 
disable guest PAM).

>Could you leave
> the regions there, but skip the creation of the SMRAM address space in
> register_smram_listener when the machine doesn't have SMM enabled?
Sounds like you have concerns on removing smram regions.
What are your concerns?

-Anthony

Re: [Qemu-devel] [PATCH] Memory: use memory address space for cpu-memory

[Xu, Anthony]

> On 18/05/2017 23:48, Xu, Anthony wrote:
> >> It should be called.  Alternatively you could try adding a new function
> >> to mark address_space_memory as a never-destroyed AddressSpace:
> >>
> > This patch would do it, could you please submit this patch?
> 
> If you have tested it (together with the change in the initialization of
> address_space_memory), I can do that.
> 

Based on your patch, I added the change in the initialization of 
address_space_memory. It works well in my setup, cpu-memory
address space doesn't show up as we expected.

Anthony

diff --git a/exec.c b/exec.c
index 96e3ac9..746dbbc 100644
--- a/exec.c
+++ b/exec.c
@@ -2712,7 +2712,7 @@ static void memory_map_init(void)
 system_memory = g_malloc(sizeof(*system_memory));

 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
-address_space_init(_space_memory, system_memory, "memory");
+address_space_init_static(_space_memory, system_memory, "memory");

 system_io = g_malloc(sizeof(*system_io));
 memory_region_init_io(system_io, NULL, _io_ops, NULL, "io",
diff --git a/include/exec/memory.h b/include/exec/memory.h
index b27b288..6f44b79 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1395,6 +1395,17 @@ MemTxResult memory_region_dispatch_write(MemoryRegion 
*mr,
 void address_space_init(AddressSpace *as, MemoryRegion *root, const char 
*name);

 /**
+ * address_space_init_static: initializes an static address space
+ *
+ * @as: an uninitialized #AddressSpace
+ * @root: a #MemoryRegion that routes addresses for the address space
+ * @name: an address space name.  The name is only used for debugging
+ *output.
+ */
+void address_space_init_static(AddressSpace *as, MemoryRegion *root,
+   const char *name);
+
+/**
  * address_space_init_shareable: return an address space for a memory region,
  *   creating it if it does not already exist
  *
diff --git a/memory.c b/memory.c
index 190cd3d..6c933d8 100644
--- a/memory.c
+++ b/memory.c
@@ -2461,7 +2461,8 @@ static void do_address_space_destroy(AddressSpace *as)
 }
 }

-void address_space_init_static(AddressSpace *as, MemoryRegion *root, const 
char *name)
+void address_space_init_static(AddressSpace *as, MemoryRegion *root,
+   const char *name)
 {
 address_space_init(as, root, name);
 as->shared = true;

Re: [Qemu-devel] qemu-system-sh4 -M r2d serial is broken.

[Aurelien Jarno]

On 2017-05-18 17:35, Rob Landley wrote:
> 
> 
> On 05/18/2017 02:57 PM, Paolo Bonzini wrote:
> > 
> > 
> > On 18/05/2017 18:08, Rob Landley wrote:
> >> Serial input hangs after the first character in the 4.11 kernel:
> >>
> >>   http://www.spinics.net/lists/linux-sh/msg51183.html
> >>
> >> Because they enabled support for a buffer size thing QEMU doesn't
> >> emulate right:
> >>
> >>   http://www.spinics.net/lists/linux-sh/msg51189.html
> > 
> > Hey,
> > 
> > regarding this:
> > 
> >> The really _fun_ thing about this is qemu broke it a couple years back
> >> and now if you hit ctrl-c it kills the _emulator_ rather than passing it
> >> through to the Linux console. (Just sh4, the rest do it right.)
> > 
> > Try replacing "-serial stdio" with "-serial mon:stdio".  You'll also be
> > able to use the QEMU monitor with "Ctrl-a c", so you can quit with
> > "Ctrl-a c quit ".
> 
> Ctrl-c now goes through. Thanks!
> 
> Exiting the linux instance says "reboot: Restarting system\nUnauthorized
> access" and then hangs eating 100% cpu, but maybe I can fix that with
> kernel configuration changes.

I guess you mean rebooting the linux instance. This is because you do
not use a bootloader to load the kernel and the initrd. Then you might
be interested in:

  http://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03881.html

Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] qemu-system-sh4 -M r2d serial is broken.

[Aurelien Jarno]

On 2017-05-18 17:37, Rob Landley wrote:
> 
> 
> On 05/18/2017 02:00 PM, Aurelien Jarno wrote:
> > On 2017-05-18 11:08, Rob Landley wrote:
> >> Serial input hangs after the first character in the 4.11 kernel:
> >>
> >>   http://www.spinics.net/lists/linux-sh/msg51183.html
> >>
> >> Because they enabled support for a buffer size thing QEMU doesn't
> >> emulate right:
> >>
> >>   http://www.spinics.net/lists/linux-sh/msg51189.html
> > 
> > Indeed the SCIF emulation in QEMU is quite limited. The problem is that
> > it exposes many internal states to the software (and that's the same for
> > the SH4 CPU in general), and that's not really compatible with quick
> > emulation. In that case the timer should depend on the baud rate which
> > we don't really emulate.
> > 
> > I'll try to have a look, that said my test environment is stuck with
> > kernel 4.8 due to the broken futex support on UP in kernel 4.9 (and
> > that's not QEMU specific). I'll try to build a more recent kernel with
> > additional patches.
> 
> I thought Rich fixed that. Rich?
> 

I have sent a patch already, but TTBOMK it hasn't been applied yet.

Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] qemu-system-sh4 -M r2d serial is broken.

[Rob Landley]

On 05/18/2017 02:00 PM, Aurelien Jarno wrote:
> On 2017-05-18 11:08, Rob Landley wrote:
>> Serial input hangs after the first character in the 4.11 kernel:
>>
>>   http://www.spinics.net/lists/linux-sh/msg51183.html
>>
>> Because they enabled support for a buffer size thing QEMU doesn't
>> emulate right:
>>
>>   http://www.spinics.net/lists/linux-sh/msg51189.html
> 
> Indeed the SCIF emulation in QEMU is quite limited. The problem is that
> it exposes many internal states to the software (and that's the same for
> the SH4 CPU in general), and that's not really compatible with quick
> emulation. In that case the timer should depend on the baud rate which
> we don't really emulate.
> 
> I'll try to have a look, that said my test environment is stuck with
> kernel 4.8 due to the broken futex support on UP in kernel 4.9 (and
> that's not QEMU specific). I'll try to build a more recent kernel with
> additional patches.

I thought Rich fixed that. Rich?

I'm doing a new https://github.com/landley/mkroot thing on top of Rich's
musl-cross-make toolchain, but it's still cooking and the kernels it
builds are really simple so far.

Rob

Re: [Qemu-devel] qemu-system-sh4 -M r2d serial is broken.

[Rob Landley]

On 05/18/2017 02:57 PM, Paolo Bonzini wrote:
> 
> 
> On 18/05/2017 18:08, Rob Landley wrote:
>> Serial input hangs after the first character in the 4.11 kernel:
>>
>>   http://www.spinics.net/lists/linux-sh/msg51183.html
>>
>> Because they enabled support for a buffer size thing QEMU doesn't
>> emulate right:
>>
>>   http://www.spinics.net/lists/linux-sh/msg51189.html
> 
> Hey,
> 
> regarding this:
> 
>> The really _fun_ thing about this is qemu broke it a couple years back
>> and now if you hit ctrl-c it kills the _emulator_ rather than passing it
>> through to the Linux console. (Just sh4, the rest do it right.)
> 
> Try replacing "-serial stdio" with "-serial mon:stdio".  You'll also be
> able to use the QEMU monitor with "Ctrl-a c", so you can quit with
> "Ctrl-a c quit ".

Ctrl-c now goes through. Thanks!

Exiting the linux instance says "reboot: Restarting system\nUnauthorized
access" and then hangs eating 100% cpu, but maybe I can fix that with
kernel configuration changes.

(I'm still doing a variant of
https://landley.net/aboriginal/control-images so the virtual system
needs to be able to indicate when it's done. But
https://landley.net/aboriginal/about.html is getting replaced with
https://github.com/landley/mkroot so there's some plumbing to do before
that's blocking anything...)

Thanks again,

Rob

Re: [Qemu-devel] [PATCH] SMM: disable smram region if smm is disabled

[Paolo Bonzini]

On 16/05/2017 22:22, Xu, Anthony wrote:
>> On 16/05/2017 03:21, Anthony Xu wrote:
>>> when smm is disabled, smram is not used, so disable it
>>>
>>> Signed-off-by: Anthony Xu 
>>
>> What is the benefit?
> 
> This patch removes 1 memory region for i440 platform and 3 memory regions
> for q35 platform. That makes functions which iterates memory region tree
> a little bit fast even the memory regions are disabled.

Does it translate to anything measurable in benchmarks?  Could you leave
the regions there, but skip the creation of the SMRAM address space in
register_smram_listener when the machine doesn't have SMM enabled?

Paolo

[Qemu-devel] [RESEND PATCH v10 1/5] hw/ppc/spapr.c: adding pending_dimm_unplugs to sPAPRMachineState

[Daniel Henrique Barboza]

The LMB DRC release callback, spapr_lmb_release(), uses an opaque
parameter, a sPAPRDIMMState struct that stores the current LMBs that
are allocated to a DIMM (nr_lmbs). After each call to this callback,
the nr_lmbs is decremented by one and, when it reaches zero, the callback
proceeds with the qdev calls to hot unplug the LMB.

Using drc->detach_cb_opaque is problematic because it can't be migrated in
the future DRC migration work. This patch makes the following changes to
eliminate the usage of this opaque callback inside spapr_lmb_release:

- sPAPRDIMMState was moved from spapr.c and added to spapr.h. A new
attribute called 'addr' was added to it. This is used as an unique
identifier to associate a sPAPRDIMMState to a PCDIMM element.

- sPAPRMachineState now hosts a new QTAILQ called 'pending_dimm_unplugs'.
This queue of sPAPRDIMMState elements will store the DIMM state of DIMMs
that are currently going under an unplug process.

- spapr_lmb_release() will now retrieve the nr_lmbs value by getting the
correspondent sPAPRDIMMState. A helper function called spapr_dimm_get_address
was created to fetch the address of a PCDIMM device inside spapr_lmb_release.
When nr_lmbs reaches zero and the callback proceeds with the qdev hot unplug
calls, the sPAPRDIMMState struct is removed from spapr->pending_dimm_unplugs.

After these changes, the opaque argument for spapr_lmb_release is now
unused and is passed as NULL inside spapr_del_lmbs. This and the other
opaque arguments can now be safely removed from the code.

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr.c | 57 +-
 include/hw/ppc/spapr.h |  4 
 2 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 0980d73..b05abe5 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2050,6 +2050,7 @@ static void ppc_spapr_init(MachineState *machine)
 msi_nonbroken = true;
 
 QLIST_INIT(>phbs);
+QTAILQ_INIT(>pending_dimm_unplugs);
 
 /* Allocate RMA if necessary */
 rma_alloc_size = kvmppc_alloc_rma();
@@ -2603,20 +2604,63 @@ out:
 error_propagate(errp, local_err);
 }
 
-typedef struct sPAPRDIMMState {
+struct sPAPRDIMMState {
+uint64_t addr;
 uint32_t nr_lmbs;
-} sPAPRDIMMState;
+QTAILQ_ENTRY(sPAPRDIMMState) next;
+};
+
+static sPAPRDIMMState *spapr_pending_dimm_unplugs_find(sPAPRMachineState *s,
+   uint64_t addr)
+{
+sPAPRDIMMState *dimm_state = NULL;
+QTAILQ_FOREACH(dimm_state, >pending_dimm_unplugs, next) {
+if (dimm_state->addr == addr) {
+break;
+}
+}
+return dimm_state;
+}
+
+static void spapr_pending_dimm_unplugs_add(sPAPRMachineState *spapr,
+   sPAPRDIMMState *dimm_state)
+{
+g_assert(!spapr_pending_dimm_unplugs_find(spapr, dimm_state->addr));
+QTAILQ_INSERT_HEAD(>pending_dimm_unplugs, dimm_state, next);
+}
+
+static void spapr_pending_dimm_unplugs_remove(sPAPRMachineState *spapr,
+  sPAPRDIMMState *dimm_state)
+{
+QTAILQ_REMOVE(>pending_dimm_unplugs, dimm_state, next);
+g_free(dimm_state);
+}
+
+static uint64_t spapr_dimm_get_address(PCDIMMDevice *dimm)
+{
+Error *local_err = NULL;
+uint64_t addr;
+addr = object_property_get_int(OBJECT(dimm), PC_DIMM_ADDR_PROP,
+   _err);
+if (local_err) {
+error_propagate(_abort, local_err);
+return 0;
+}
+return addr;
+}
 
 static void spapr_lmb_release(DeviceState *dev, void *opaque)
 {
-sPAPRDIMMState *ds = (sPAPRDIMMState *)opaque;
 HotplugHandler *hotplug_ctrl;
+uint64_t addr = spapr_dimm_get_address(PC_DIMM(dev));
+sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
+sPAPRDIMMState *ds = spapr_pending_dimm_unplugs_find(spapr, addr);
 
 if (--ds->nr_lmbs) {
 return;
 }
 
-g_free(ds);
+spapr_pending_dimm_unplugs_remove(spapr, ds);
 
 /*
  * Now that all the LMBs have been removed by the guest, call the
@@ -2633,17 +2677,20 @@ static void spapr_del_lmbs(DeviceState *dev, uint64_t 
addr_start, uint64_t size,
 sPAPRDRConnectorClass *drck;
 uint32_t nr_lmbs = size / SPAPR_MEMORY_BLOCK_SIZE;
 int i;
+sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 sPAPRDIMMState *ds = g_malloc0(sizeof(sPAPRDIMMState));
 uint64_t addr = addr_start;
 
 ds->nr_lmbs = nr_lmbs;
+ds->addr = addr_start;
+spapr_pending_dimm_unplugs_add(spapr, ds);
 for (i = 0; i < nr_lmbs; i++) {
 drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
 addr / SPAPR_MEMORY_BLOCK_SIZE);
 g_assert(drc);
 
 drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
-drck->detach(drc, dev, spapr_lmb_release, ds, errp);
+drck->detach(drc, dev, spapr_lmb_release, NULL, errp);
  

[Qemu-devel] [RESEND PATCH v10 5/5] migration: spapr: migrate ccs_list in spapr state

[Daniel Henrique Barboza]

From: Jianjun Duan 

ccs_list in spapr state maintains the device tree related
information on the rtas side for hotplugged devices. In racing
situations between hotplug events and migration operation, a rtas
hotplug event could be migrated from the source guest to target
guest, or the source guest could have not yet finished fetching
the device tree when migration is started, the target will try
to finish fetching the device tree. By migrating ccs_list, the
target can fetch the device tree properly.

In theory there would be other alternatives besides migrating the
css_list to fix this. For example, we could add a flag that indicates
whether a device is in the middle of the configure_connector during the
migration process, in the post_load we can detect if this flag
is active and then return an error informing the guest to restart the
hotplug process. However, the DRC state can still be modified outside of
hotplug. Using:

   drmgr -c pci -s  -r
   drmgr -c pci -s  -a

it is possible to return a device to firmware and then later take it
back and reconfigure it. This is not a common case but it's not prohibited,
and performing a migration between these 2 operations would fail because
the default coldplug state on target assumes a configured state in
the source*. Migrating ccs_list is one solution that cover this
case as well.

ccs_list is put in a subsection in the spapr state VMSD to make
sure migration across different versions is not broken.

* see http://lists.nongnu.org/archive/html/qemu-devel/2016-10/msg01763.html
for more information on this discussion.

Signed-off-by: Jianjun Duan 
Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr.c | 32 
 1 file changed, 32 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 7d304fc..ec1605a 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1444,6 +1444,37 @@ static bool version_before_3(void *opaque, int 
version_id)
 return version_id < 3;
 }
 
+static bool spapr_ccs_list_needed(void *opaque)
+{
+sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
+return !QTAILQ_EMPTY(>ccs_list);
+}
+
+static const VMStateDescription vmstate_spapr_ccs = {
+.name = "spapr_configure_connector_state",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(drc_index, sPAPRConfigureConnectorState),
+VMSTATE_INT32(fdt_offset, sPAPRConfigureConnectorState),
+VMSTATE_INT32(fdt_depth, sPAPRConfigureConnectorState),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static const VMStateDescription vmstate_spapr_ccs_list = {
+.name = "spapr_ccs_list",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_ccs_list_needed,
+.fields = (VMStateField[]) {
+VMSTATE_QTAILQ_V(ccs_list, sPAPRMachineState, 1,
+ vmstate_spapr_ccs, sPAPRConfigureConnectorState,
+ next),
+VMSTATE_END_OF_LIST()
+},
+};
+
 static bool spapr_ov5_cas_needed(void *opaque)
 {
 sPAPRMachineState *spapr = opaque;
@@ -1542,6 +1573,7 @@ static const VMStateDescription vmstate_spapr = {
 .subsections = (const VMStateDescription*[]) {
 _spapr_ov5_cas,
 _spapr_patb_entry,
+_spapr_ccs_list,
 NULL
 }
 };
-- 
2.9.4

[Qemu-devel] [RESEND PATCH v10 4/5] hw/ppc/spapr.c: recover pending LMB unplug info in spapr_lmb_release

[Daniel Henrique Barboza]

When a LMB hot unplug starts, the current DRC LMB status is stored at
spapr->pending_dimm_unplugs QTAILQ. This queue isn't migrated, thus
if a migration occurs in the middle of a LMB unplug the
spapr_lmb_release callback will lost track of the LMB unplug progress.

This patch implements a new recover function spapr_recover_pending_dimm_state
that is used inside spapr_lmb_release to recover this DRC LMB release
status that is lost during the migration.

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr.c | 39 ++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 5602cfc..7d304fc 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2649,6 +2649,36 @@ static uint64_t spapr_dimm_get_address(PCDIMMDevice 
*dimm)
 return addr;
 }
 
+static sPAPRDIMMState *spapr_recover_pending_dimm_state(PCDIMMDevice *dimm,
+uint64_t addr)
+{
+sPAPRDRConnector *drc;
+PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
+MemoryRegion *mr = ddc->get_memory_region(dimm);
+uint64_t curr_addr = addr;
+uint64_t size = memory_region_size(mr);
+uint32_t nr_lmbs = size / SPAPR_MEMORY_BLOCK_SIZE;
+uint32_t avail_lmbs = 0;
+int i = 0;
+
+for (i = 0; i < nr_lmbs; i++) {
+drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
+   curr_addr / SPAPR_MEMORY_BLOCK_SIZE);
+g_assert(drc);
+if (drc->indicator_state != SPAPR_DR_INDICATOR_STATE_INACTIVE) {
+avail_lmbs++;
+}
+curr_addr += SPAPR_MEMORY_BLOCK_SIZE;
+}
+
+sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
+sPAPRDIMMState *ds = g_malloc0(sizeof(sPAPRDIMMState));
+ds->nr_lmbs = avail_lmbs;
+ds->addr = addr;
+spapr_pending_dimm_unplugs_add(spapr, ds);
+return ds;
+}
+
 /* Callback to be called during DRC release. */
 void spapr_lmb_release(DeviceState *dev)
 {
@@ -2657,7 +2687,14 @@ void spapr_lmb_release(DeviceState *dev)
 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 sPAPRDIMMState *ds = spapr_pending_dimm_unplugs_find(spapr, addr);
 
-if (--ds->nr_lmbs) {
+/* This information will get lost if a migration occurs
+ * during the unplug process. In this case recover it. */
+if (ds == NULL) {
+ds = spapr_recover_pending_dimm_state(PC_DIMM(dev), addr);
+if (ds->nr_lmbs) {
+return;
+}
+} else if (--ds->nr_lmbs) {
 return;
 }
 
-- 
2.9.4

[Qemu-devel] [RESEND PATCH v10 3/5] hw/ppc: migrating the DRC state of hotplugged devices

[Daniel Henrique Barboza]

In pseries, a firmware abstraction called Dynamic Reconfiguration
Connector (DRC) is used to assign a particular dynamic resource
to the guest and provide an interface to manage configuration/removal
of the resource associated with it. In other words, DRC is the
'plugged state' of a device.

Before this patch, DRC wasn't being migrated. This causes
post-migration problems due to DRC state mismatch between source and
target. The DRC state of a device X in the source might
change, while in the target the DRC state of X is still fresh. When
migrating the guest, X will not have the same hotplugged state as it
did in the source. This means that we can't hot unplug X in the
target after migration is completed because its DRC state is not consistent.
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1677552 is one
bug that is caused by this DRC state mismatch between source and
target.

To migrate the DRC state, we defined the VMStateDescription struct for
spapr_drc to enable the transmission of spapr_drc state in migration.
Not all the elements in the DRC state are migrated - only those
that can be modified by guest actions or device add/remove
operations:

- 'isolation_state', 'allocation_state' and 'indicator_state'
are involved in the DR state transition diagram from
PAPR+ 2.7, 13.4;

- 'configured', 'signalled', 'awaiting_release' and 'awaiting_allocation'
are needed in attaching and detaching devices;

- 'indicator_state' provides users with hardware state information.

These are the DRC elements that are migrated.

In this patch the DRC state is migrated for PCI, LMB and CPU
connector types. At this moment there is no support to migrate
DRC for the PHB (PCI Host Bridge) type.

In the 'realize' function the DRC is registered using vmstate_register,
similar to what hw/ppc/spapr_iommu.c does in 'spapr_tce_table_realize'.
This approach works because  DRCs are bus-less and do not sit
on a BusClass that implements bc->get_dev_path, so as a fallback the
VMSD gets identified via "spapr_drc"/get_index(drc).

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr_drc.c | 52 
 1 file changed, 52 insertions(+)

diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index 2851e16..9932c24 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -519,6 +519,56 @@ static void reset(DeviceState *d)
 }
 }
 
+static bool spapr_drc_needed(void *opaque)
+{
+sPAPRDRConnector *drc = (sPAPRDRConnector *)opaque;
+sPAPRDRConnectorClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+bool rc = false;
+sPAPRDREntitySense value;
+drck->entity_sense(drc, );
+
+/* If no dev is plugged in there is no need to migrate the DRC state */
+if (value != SPAPR_DR_ENTITY_SENSE_PRESENT) {
+return false;
+}
+
+/*
+ * If there is dev plugged in, we need to migrate the DRC state when
+ * it is different from cold-plugged state
+ */
+switch (drc->type) {
+case SPAPR_DR_CONNECTOR_TYPE_PCI:
+rc = !((drc->isolation_state == SPAPR_DR_ISOLATION_STATE_UNISOLATED) &&
+   (drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_USABLE) &&
+   drc->configured && drc->signalled && !drc->awaiting_release);
+case SPAPR_DR_CONNECTOR_TYPE_CPU:
+case SPAPR_DR_CONNECTOR_TYPE_LMB:
+rc = !((drc->isolation_state == SPAPR_DR_ISOLATION_STATE_ISOLATED) &&
+   (drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_UNUSABLE) &&
+   drc->configured && drc->signalled && !drc->awaiting_release);
+default:
+g_assert(false);
+}
+return rc;
+}
+
+static const VMStateDescription vmstate_spapr_drc = {
+.name = "spapr_drc",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_drc_needed,
+.fields  = (VMStateField []) {
+VMSTATE_UINT32(isolation_state, sPAPRDRConnector),
+VMSTATE_UINT32(allocation_state, sPAPRDRConnector),
+VMSTATE_UINT32(indicator_state, sPAPRDRConnector),
+VMSTATE_BOOL(configured, sPAPRDRConnector),
+VMSTATE_BOOL(awaiting_release, sPAPRDRConnector),
+VMSTATE_BOOL(awaiting_allocation, sPAPRDRConnector),
+VMSTATE_BOOL(signalled, sPAPRDRConnector),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static void realize(DeviceState *d, Error **errp)
 {
 sPAPRDRConnector *drc = SPAPR_DR_CONNECTOR(d);
@@ -547,6 +597,8 @@ static void realize(DeviceState *d, Error **errp)
 object_unref(OBJECT(drc));
 }
 g_free(child_name);
+vmstate_register(DEVICE(drc), drck->get_index(drc), _spapr_drc,
+ drc);
 trace_spapr_drc_realize_complete(drck->get_index(drc));
 }
 
-- 
2.9.4

[Qemu-devel] [RESEND PATCH v10 2/5] hw/ppc: removing drc->detach_cb and drc->detach_cb_opaque

[Daniel Henrique Barboza]

The pointer drc->detach_cb is being used as a way of informing
the detach() function inside spapr_drc.c which cb to execute. This
information can also be retrieved simply by checking drc->type and
choosing the right callback based on it. In this context, detach_cb
is redundant information that must be managed.

After the previous spapr_lmb_release change, no detach_cb_opaques
are being used by any of the three callbacks functions. This is
yet another information that is now unused and, on top of that, can't
be migrated either.

This patch makes the following changes:

- removal of detach_cb_opaque. the 'opaque' argument was removed from
the callbacks and from the detach() function of sPAPRConnectorClass. The
attribute detach_cb_opaque of sPAPRConnector was removed.

- removal of detach_cb from the detach() call. The function pointer
detach_cb of sPAPRConnector was removed. detach() now uses a
switch(drc->type) to execute the apropriate callback. To achieve this,
spapr_core_release, spapr_lmb_release and spapr_phb_remove_pci_device_cb
callbacks were made public to be visible inside detach().

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr.c  | 10 ++
 hw/ppc/spapr_drc.c  | 36 
 hw/ppc/spapr_pci.c  |  5 +++--
 include/hw/pci-host/spapr.h |  3 +++
 include/hw/ppc/spapr.h  |  4 
 include/hw/ppc/spapr_drc.h  |  8 +---
 6 files changed, 37 insertions(+), 29 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index b05abe5..5602cfc 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2649,7 +2649,8 @@ static uint64_t spapr_dimm_get_address(PCDIMMDevice *dimm)
 return addr;
 }
 
-static void spapr_lmb_release(DeviceState *dev, void *opaque)
+/* Callback to be called during DRC release. */
+void spapr_lmb_release(DeviceState *dev)
 {
 HotplugHandler *hotplug_ctrl;
 uint64_t addr = spapr_dimm_get_address(PC_DIMM(dev));
@@ -2690,7 +2691,7 @@ static void spapr_del_lmbs(DeviceState *dev, uint64_t 
addr_start, uint64_t size,
 g_assert(drc);
 
 drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
-drck->detach(drc, dev, spapr_lmb_release, NULL, errp);
+drck->detach(drc, dev, errp);
 addr += SPAPR_MEMORY_BLOCK_SIZE;
 }
 
@@ -2766,7 +2767,8 @@ static void spapr_core_unplug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 object_unparent(OBJECT(dev));
 }
 
-static void spapr_core_release(DeviceState *dev, void *opaque)
+/* Callback to be called during DRC release. */
+void spapr_core_release(DeviceState *dev)
 {
 HotplugHandler *hotplug_ctrl;
 
@@ -2799,7 +2801,7 @@ void spapr_core_unplug_request(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 g_assert(drc);
 
 drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
-drck->detach(drc, dev, spapr_core_release, NULL, _err);
+drck->detach(drc, dev, _err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index 9fa5545..2851e16 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -20,6 +20,7 @@
 #include "qapi/visitor.h"
 #include "qemu/error-report.h"
 #include "hw/ppc/spapr.h" /* for RTAS return codes */
+#include "hw/pci-host/spapr.h" /* spapr_phb_remove_pci_device_cb callback */
 #include "trace.h"
 
 #define DRC_CONTAINER_PATH "/dr-connector"
@@ -99,8 +100,7 @@ static uint32_t set_isolation_state(sPAPRDRConnector *drc,
 if (drc->awaiting_release) {
 if (drc->configured) {
 trace_spapr_drc_set_isolation_state_finalizing(get_index(drc));
-drck->detach(drc, DEVICE(drc->dev), drc->detach_cb,
- drc->detach_cb_opaque, NULL);
+drck->detach(drc, DEVICE(drc->dev), NULL);
 } else {
 trace_spapr_drc_set_isolation_state_deferring(get_index(drc));
 }
@@ -153,8 +153,7 @@ static uint32_t set_allocation_state(sPAPRDRConnector *drc,
 if (drc->awaiting_release &&
 drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_UNUSABLE) {
 trace_spapr_drc_set_allocation_state_finalizing(get_index(drc));
-drck->detach(drc, DEVICE(drc->dev), drc->detach_cb,
- drc->detach_cb_opaque, NULL);
+drck->detach(drc, DEVICE(drc->dev), NULL);
 } else if (drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_USABLE) {
 drc->awaiting_allocation = false;
 }
@@ -404,15 +403,10 @@ static void attach(sPAPRDRConnector *drc, DeviceState *d, 
void *fdt,
  NULL, 0, NULL);
 }
 
-static void detach(sPAPRDRConnector *drc, DeviceState *d,
-   spapr_drc_detach_cb *detach_cb,
-   void *detach_cb_opaque, Error **errp)
+static void detach(sPAPRDRConnector *drc, DeviceState *d, Error **errp)
 {
 trace_spapr_drc_detach(get_index(drc));
 
-drc->detach_cb = 

[Qemu-devel] [RESEND PATCH v10 0/5] migration/ppc: migrating DRC and ccs_list

[Daniel Henrique Barboza]

v10:
- removed 'migrating pending_events' patch this series
- patch 1:
* removed extra line between definitions;
* removed spapr_pending_dimms functions definitons from spapr.h
* turned spapr_pending_dimms functions into static
- patch 2:
* fixed the switch() statement - PHB and VIO cases goes to default,
default now executes assert()
- patch 3:
* minor style changes/fixes
* changed switch default to execute assert() and now uses the same
logic for both CPU and LMB DRCs 
- patch 4 (*new*):
* this new patch implements a new function to recover the pending DIMM
unplug LMB state inside the spapr_lmb_release callback

v9:
- patch 1 (*new*): added a qtail in sPAPRMachineState called 
pending_dimm_unplugs
that stores the DIMM LMB state during the unplug process.
- patch 2 (*new*): merged v8-patch1 and v8-patch2: removing detach_cb and
detach_cb_opaque.
- patch 3:
* removed dk->vmsd entry. We're using vmstate_register instead
* added 'awaiting_allocation' flag in the DRC migration
- patch 4 (*new*): migrating spapr->pending_dimm_unplugs qtailq to allow
for an ongoing PCDIMM unplug to continue after a migration.

v8:
- new patch added: 'removing spapr_drc_detach_cb opaques'. This new patch 
removes
the need for the detach_cb_opaques inside the removal callback functions. See
the commit message of the patch for more info.

v7:
- removed the first patch. DRC registration is now done by vmstate_register
in patch 2.
- added a new patch that changes spapr_dr_connector_new to receive as argument
the detach_cb.
- removed the callback logic of patch 2 since there is no need to restore the
detach_cb on post-load due to the detach_cb on spapr_dr_connector_new change.
- added word separators in the VMSD names of patch 3 and 4.

v6: - Rebased with QEMU master after 6+ months.
- Simplified the logic in patch 1.
- Reworked patch 2: added CPU DRC migration, removed a function pointer 
from DRC
class and minor improvements.
- Added clarifications from the previous v5 discussions in the commit 
messages.

v5: - Rebased to David's ppc-for-2.8.

v4: - Introduce a way to set customized instance_id in SaveStateEntry. Use it
  to set instance_id for DRC using its unique index to address David 
  Gibson's concern.
- Rename VMS_CSTM to VMS_LINKED based on Paolo Bonzini's suggestions.
- Clean up qjson stuff in put_qtailq. 
- Add trace for put_qtailq and get_qtailq based on David Gilbert's 
  suggestion.

- Based on David's ppc-for-2.7. 

v3: - Simplify overall design followng discussion with Paolo. No longer need
  metadata to migrate QTAILQ.
- Extend VMStateInfo instead of adding similar fields to VMStateField.
- Clean up macros in qemu/queue.h.
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg05695.html)

v2: - Introduce a general approach to migrate QTAILQ in qemu/queue.h.
- Migrate signalled field in the DRC state.
- Put the newly added migrating fields in subsections so that backward 
  migration is not broken.  
- Set detach_cb field right after migration so that a migrated hot-unplug
  event could finish its course.
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg04188.html)

v1: - Inital version.
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-04/msg02601.html)


To make guest devices (PCI, CPU and memory) hotplug work together 
with guest migration, spapr drc state needs be transmitted in
migration. This patch defines the VMStateDescription struct for
spapr drc state to enable it.

To fix the potential racing between hotplug events on guest and 
guest migration and ccs_list of spapr state need be transmitted in
migration. This patch set also takes care of it.


Daniel Henrique Barboza (4):
  hw/ppc/spapr.c: adding pending_dimm_unplugs to sPAPRMachineState
  hw/ppc: removing drc->detach_cb and drc->detach_cb_opaque
  hw/ppc: migrating the DRC state of hotplugged devices
  hw/ppc/spapr.c: recover pending LMB unplug info in spapr_lmb_release

Jianjun Duan (1):
  migration: spapr: migrate ccs_list in spapr state

 hw/ppc/spapr.c  | 138 
 hw/ppc/spapr_drc.c  |  88 +++-
 hw/ppc/spapr_pci.c  |   5 +-
 include/hw/pci-host/spapr.h |   3 +
 include/hw/ppc/spapr.h  |   8 +++
 include/hw/ppc/spapr_drc.h  |   8 +--
 6 files changed, 215 insertions(+), 35 deletions(-)

-- 
2.9.4

Re: [Qemu-devel] [PATCH] Memory: use memory address space for cpu-memory

[Paolo Bonzini]

On 18/05/2017 23:48, Xu, Anthony wrote:
>> It should be called.  Alternatively you could try adding a new function
>> to mark address_space_memory as a never-destroyed AddressSpace:
>>
> This patch would do it, could you please submit this patch?

If you have tested it (together with the change in the initialization of
address_space_memory), I can do that.

Thanks,

Paolo

Re: [Qemu-devel] [PATCH] Memory: use memory address space for cpu-memory

[Xu, Anthony]

> >>> -AddressSpace *as = address_space_init_shareable(cpu->memory,
> >>> -"cpu-memory");
> >>> +AddressSpace *as;
> >>> +if (cpu->memory == address_space_memory.root) {
> >>> +address_space_memory.ref_count++;
> >> probably this would cause reference leak when vcpu is destroyed
> > I thought address_space_destroy is called when vcpu is unplugged,
> > seems that's not the case, then ref_count++ is not needed.
> 
> It should be called.  Alternatively you could try adding a new function
> to mark address_space_memory as a never-destroyed AddressSpace:
> 
This patch would do it, could you please submit this patch?

address_space_destroy is not called when vcpu is unplugged, that likely
causes memory leak. I will take a look when I have time.
If someone can take a look now, that'd be great.


Thanks,
Anthony



> diff --git a/include/exec/memory.h b/include/exec/memory.h
> index 99e0f54d86..b27b288c8f 100644
> --- a/include/exec/memory.h
> +++ b/include/exec/memory.h
> @@ -290,6 +290,7 @@ struct AddressSpace {
>  MemoryRegion *root;
>  int ref_count;
>  bool malloced;
> +bool shared;
> 
>  /* Accessed via RCU.  */
>  struct FlatView *current_map;
> diff --git a/memory.c b/memory.c
> index b727f5ec0e..190cd3d5ce 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -2432,6 +2432,7 @@ void address_space_init(AddressSpace *as,
> MemoryRegion *root, const char *name)
>  as->ref_count = 1;
>  as->root = root;
>  as->malloced = false;
> +as->shared = false;
>  as->current_map = g_new(FlatView, 1);
>  flatview_init(as->current_map);
>  as->ioeventfd_nb = 0;
> @@ -2460,12 +2461,18 @@ static void
> do_address_space_destroy(AddressSpace *as)
>  }
>  }
> 
> +void address_space_init_static(AddressSpace *as, MemoryRegion *root,
> const char *name)
> +{
> +address_space_init(as, root, name);
> +as->shared = true;
> +}
> +
>  AddressSpace *address_space_init_shareable(MemoryRegion *root, const
> char *name)
>  {
>  AddressSpace *as;
> 
>  QTAILQ_FOREACH(as, _spaces, address_spaces_link) {
> -if (root == as->root && as->malloced) {
> +if (root == as->root && as->shared) {
>  as->ref_count++;
>  return as;
>  }
> @@ -2474,6 +2481,7 @@ AddressSpace
> *address_space_init_shareable(MemoryRegion *root, const char *name)
>  as = g_malloc0(sizeof *as);
>  address_space_init(as, root, name);
>  as->malloced = true;
> +as->shared = true;
>  return as;
>  }
> 
> @@ -2485,6 +2493,8 @@ void address_space_destroy(AddressSpace *as)
>  if (as->ref_count) {
>  return;
>  }
> +assert(!as->shared || as->malloced);
> +
>  /* Flush out anything from MemoryListeners listening in on this */
>  memory_region_transaction_begin();
>  as->root = NULL;
> 
> 
> then CPUs can keep using address_space_init_shareable.
> 
> Paolo

Re: [Qemu-devel] [PATCH] Memory: use memory address space for cpu-memory

[Paolo Bonzini]

On 17/05/2017 19:01, Xu, Anthony wrote:
>>> -AddressSpace *as = address_space_init_shareable(cpu->memory,
>>> -"cpu-memory");
>>> +AddressSpace *as;
>>> +if (cpu->memory == address_space_memory.root) {
>>> +address_space_memory.ref_count++;
>> probably this would cause reference leak when vcpu is destroyed
> I thought address_space_destroy is called when vcpu is unplugged,
> seems that's not the case, then ref_count++ is not needed.

It should be called.  Alternatively you could try adding a new function
to mark address_space_memory as a never-destroyed AddressSpace:

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 99e0f54d86..b27b288c8f 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -290,6 +290,7 @@ struct AddressSpace {
 MemoryRegion *root;
 int ref_count;
 bool malloced;
+bool shared;
 
 /* Accessed via RCU.  */
 struct FlatView *current_map;
diff --git a/memory.c b/memory.c
index b727f5ec0e..190cd3d5ce 100644
--- a/memory.c
+++ b/memory.c
@@ -2432,6 +2432,7 @@ void address_space_init(AddressSpace *as, MemoryRegion 
*root, const char *name)
 as->ref_count = 1;
 as->root = root;
 as->malloced = false;
+as->shared = false;
 as->current_map = g_new(FlatView, 1);
 flatview_init(as->current_map);
 as->ioeventfd_nb = 0;
@@ -2460,12 +2461,18 @@ static void do_address_space_destroy(AddressSpace *as)
 }
 }
 
+void address_space_init_static(AddressSpace *as, MemoryRegion *root, const 
char *name)
+{
+address_space_init(as, root, name);
+as->shared = true;
+}
+
 AddressSpace *address_space_init_shareable(MemoryRegion *root, const char 
*name)
 {
 AddressSpace *as;
 
 QTAILQ_FOREACH(as, _spaces, address_spaces_link) {
-if (root == as->root && as->malloced) {
+if (root == as->root && as->shared) {
 as->ref_count++;
 return as;
 }
@@ -2474,6 +2481,7 @@ AddressSpace *address_space_init_shareable(MemoryRegion 
*root, const char *name)
 as = g_malloc0(sizeof *as);
 address_space_init(as, root, name);
 as->malloced = true;
+as->shared = true;
 return as;
 }
 
@@ -2485,6 +2493,8 @@ void address_space_destroy(AddressSpace *as)
 if (as->ref_count) {
 return;
 }
+assert(!as->shared || as->malloced);
+
 /* Flush out anything from MemoryListeners listening in on this */
 memory_region_transaction_begin();
 as->root = NULL;


then CPUs can keep using address_space_init_shareable.

Paolo

Re: [Qemu-devel] qemu-system-sh4 -M r2d serial is broken.

[Paolo Bonzini]

On 18/05/2017 22:10, Aurelien Jarno wrote:
> On 2017-05-18 21:57, Paolo Bonzini wrote:
>> Anyway, Uli Hecht is saying SCIF "asserts DR even if the FIFO threshold
>> has not been reached if no data is received for 1.5 frames".  If that's
>> just a register and doesn't trigger an interrupt, you can compute the
>> bit's value dynamically based on the current clock.
>>
>> This is for example how the x86 RTC chip computes the "update in
>> progress" bit, which is set for 220 us before the RC updates.  Doing
>> that with a timer would be really imprecise.
> 
> Unfortunately, the DR bit is set to 1 after 1.5 frames (so the exact
> timing depends on the actual baud rate), and that also triggers an
> interrupt if the RIE bit is set to 1. I haven't checked yet if the
> kernel relies on the bit or the interrupt or both.

DR only generates interrupts in asynchronous mode according to the data
sheet I found
(http://datasheet.octopart.com/DF72115D160FPV-Renesas-datasheet-11797591.pdf).

Paolo

[Qemu-devel] [PATCH v10 5/5] migration: spapr: migrate ccs_list in spapr state

[Daniel Henrique Barboza]

From: Jianjun Duan 

ccs_list in spapr state maintains the device tree related
information on the rtas side for hotplugged devices. In racing
situations between hotplug events and migration operation, a rtas
hotplug event could be migrated from the source guest to target
guest, or the source guest could have not yet finished fetching
the device tree when migration is started, the target will try
to finish fetching the device tree. By migrating ccs_list, the
target can fetch the device tree properly.

In theory there would be other alternatives besides migrating the
css_list to fix this. For example, we could add a flag that indicates
whether a device is in the middle of the configure_connector during the
migration process, in the post_load we can detect if this flag
is active and then return an error informing the guest to restart the
hotplug process. However, the DRC state can still be modified outside of
hotplug. Using:

   drmgr -c pci -s  -r
   drmgr -c pci -s  -a

it is possible to return a device to firmware and then later take it
back and reconfigure it. This is not a common case but it's not prohibited,
and performing a migration between these 2 operations would fail because
the default coldplug state on target assumes a configured state in
the source*. Migrating ccs_list is one solution that cover this
case as well.

ccs_list is put in a subsection in the spapr state VMSD to make
sure migration across different versions is not broken.

* see http://lists.nongnu.org/archive/html/qemu-devel/2016-10/msg01763.html
for more information on this discussion.

Signed-off-by: Jianjun Duan 
Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr.c | 32 
 1 file changed, 32 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 7d304fc..ec1605a 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1444,6 +1444,37 @@ static bool version_before_3(void *opaque, int 
version_id)
 return version_id < 3;
 }
 
+static bool spapr_ccs_list_needed(void *opaque)
+{
+sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
+return !QTAILQ_EMPTY(>ccs_list);
+}
+
+static const VMStateDescription vmstate_spapr_ccs = {
+.name = "spapr_configure_connector_state",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(drc_index, sPAPRConfigureConnectorState),
+VMSTATE_INT32(fdt_offset, sPAPRConfigureConnectorState),
+VMSTATE_INT32(fdt_depth, sPAPRConfigureConnectorState),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static const VMStateDescription vmstate_spapr_ccs_list = {
+.name = "spapr_ccs_list",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_ccs_list_needed,
+.fields = (VMStateField[]) {
+VMSTATE_QTAILQ_V(ccs_list, sPAPRMachineState, 1,
+ vmstate_spapr_ccs, sPAPRConfigureConnectorState,
+ next),
+VMSTATE_END_OF_LIST()
+},
+};
+
 static bool spapr_ov5_cas_needed(void *opaque)
 {
 sPAPRMachineState *spapr = opaque;
@@ -1542,6 +1573,7 @@ static const VMStateDescription vmstate_spapr = {
 .subsections = (const VMStateDescription*[]) {
 _spapr_ov5_cas,
 _spapr_patb_entry,
+_spapr_ccs_list,
 NULL
 }
 };
-- 
2.9.4

[Qemu-devel] [PATCH v10 4/5] hw/ppc/spapr.c: recover pending LMB unplug info in spapr_lmb_release

[Daniel Henrique Barboza]

When a LMB hot unplug starts, the current DRC LMB status is stored at
spapr->pending_dimm_unplugs QTAILQ. This queue isn't migrated, thus
if a migration occurs in the middle of a LMB unplug the
spapr_lmb_release callback will lost track of the LMB unplug progress.

This patch implements a new recover function spapr_recover_pending_dimm_state
that is used inside spapr_lmb_release to recover this DRC LMB release
status that is lost during the migration.

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr.c | 39 ++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 5602cfc..7d304fc 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2649,6 +2649,36 @@ static uint64_t spapr_dimm_get_address(PCDIMMDevice 
*dimm)
 return addr;
 }
 
+static sPAPRDIMMState *spapr_recover_pending_dimm_state(PCDIMMDevice *dimm,
+uint64_t addr)
+{
+sPAPRDRConnector *drc;
+PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm);
+MemoryRegion *mr = ddc->get_memory_region(dimm);
+uint64_t curr_addr = addr;
+uint64_t size = memory_region_size(mr);
+uint32_t nr_lmbs = size / SPAPR_MEMORY_BLOCK_SIZE;
+uint32_t avail_lmbs = 0;
+int i = 0;
+
+for (i = 0; i < nr_lmbs; i++) {
+drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
+   curr_addr / SPAPR_MEMORY_BLOCK_SIZE);
+g_assert(drc);
+if (drc->indicator_state != SPAPR_DR_INDICATOR_STATE_INACTIVE) {
+avail_lmbs++;
+}
+curr_addr += SPAPR_MEMORY_BLOCK_SIZE;
+}
+
+sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
+sPAPRDIMMState *ds = g_malloc0(sizeof(sPAPRDIMMState));
+ds->nr_lmbs = avail_lmbs;
+ds->addr = addr;
+spapr_pending_dimm_unplugs_add(spapr, ds);
+return ds;
+}
+
 /* Callback to be called during DRC release. */
 void spapr_lmb_release(DeviceState *dev)
 {
@@ -2657,7 +2687,14 @@ void spapr_lmb_release(DeviceState *dev)
 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 sPAPRDIMMState *ds = spapr_pending_dimm_unplugs_find(spapr, addr);
 
-if (--ds->nr_lmbs) {
+/* This information will get lost if a migration occurs
+ * during the unplug process. In this case recover it. */
+if (ds == NULL) {
+ds = spapr_recover_pending_dimm_state(PC_DIMM(dev), addr);
+if (ds->nr_lmbs) {
+return;
+}
+} else if (--ds->nr_lmbs) {
 return;
 }
 
-- 
2.9.4

[Qemu-devel] [PATCH v10 2/5] hw/ppc: removing drc->detach_cb and drc->detach_cb_opaque

[Daniel Henrique Barboza]

The pointer drc->detach_cb is being used as a way of informing
the detach() function inside spapr_drc.c which cb to execute. This
information can also be retrieved simply by checking drc->type and
choosing the right callback based on it. In this context, detach_cb
is redundant information that must be managed.

After the previous spapr_lmb_release change, no detach_cb_opaques
are being used by any of the three callbacks functions. This is
yet another information that is now unused and, on top of that, can't
be migrated either.

This patch makes the following changes:

- removal of detach_cb_opaque. the 'opaque' argument was removed from
the callbacks and from the detach() function of sPAPRConnectorClass. The
attribute detach_cb_opaque of sPAPRConnector was removed.

- removal of detach_cb from the detach() call. The function pointer
detach_cb of sPAPRConnector was removed. detach() now uses a
switch(drc->type) to execute the apropriate callback. To achieve this,
spapr_core_release, spapr_lmb_release and spapr_phb_remove_pci_device_cb
callbacks were made public to be visible inside detach().

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr.c  | 10 ++
 hw/ppc/spapr_drc.c  | 36 
 hw/ppc/spapr_pci.c  |  5 +++--
 include/hw/pci-host/spapr.h |  3 +++
 include/hw/ppc/spapr.h  |  4 
 include/hw/ppc/spapr_drc.h  |  8 +---
 6 files changed, 37 insertions(+), 29 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index b05abe5..5602cfc 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2649,7 +2649,8 @@ static uint64_t spapr_dimm_get_address(PCDIMMDevice *dimm)
 return addr;
 }
 
-static void spapr_lmb_release(DeviceState *dev, void *opaque)
+/* Callback to be called during DRC release. */
+void spapr_lmb_release(DeviceState *dev)
 {
 HotplugHandler *hotplug_ctrl;
 uint64_t addr = spapr_dimm_get_address(PC_DIMM(dev));
@@ -2690,7 +2691,7 @@ static void spapr_del_lmbs(DeviceState *dev, uint64_t 
addr_start, uint64_t size,
 g_assert(drc);
 
 drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
-drck->detach(drc, dev, spapr_lmb_release, NULL, errp);
+drck->detach(drc, dev, errp);
 addr += SPAPR_MEMORY_BLOCK_SIZE;
 }
 
@@ -2766,7 +2767,8 @@ static void spapr_core_unplug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 object_unparent(OBJECT(dev));
 }
 
-static void spapr_core_release(DeviceState *dev, void *opaque)
+/* Callback to be called during DRC release. */
+void spapr_core_release(DeviceState *dev)
 {
 HotplugHandler *hotplug_ctrl;
 
@@ -2799,7 +2801,7 @@ void spapr_core_unplug_request(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 g_assert(drc);
 
 drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
-drck->detach(drc, dev, spapr_core_release, NULL, _err);
+drck->detach(drc, dev, _err);
 if (local_err) {
 error_propagate(errp, local_err);
 return;
diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index a1cdc87..976f71f 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -20,6 +20,7 @@
 #include "qapi/visitor.h"
 #include "qemu/error-report.h"
 #include "hw/ppc/spapr.h" /* for RTAS return codes */
+#include "hw/pci-host/spapr.h" /* spapr_phb_remove_pci_device_cb callback */
 #include "trace.h"
 
 #define DRC_CONTAINER_PATH "/dr-connector"
@@ -99,8 +100,7 @@ static uint32_t set_isolation_state(sPAPRDRConnector *drc,
 if (drc->awaiting_release) {
 if (drc->configured) {
 trace_spapr_drc_set_isolation_state_finalizing(get_index(drc));
-drck->detach(drc, DEVICE(drc->dev), drc->detach_cb,
- drc->detach_cb_opaque, NULL);
+drck->detach(drc, DEVICE(drc->dev), NULL);
 } else {
 trace_spapr_drc_set_isolation_state_deferring(get_index(drc));
 }
@@ -153,8 +153,7 @@ static uint32_t set_allocation_state(sPAPRDRConnector *drc,
 if (drc->awaiting_release &&
 drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_UNUSABLE) {
 trace_spapr_drc_set_allocation_state_finalizing(get_index(drc));
-drck->detach(drc, DEVICE(drc->dev), drc->detach_cb,
- drc->detach_cb_opaque, NULL);
+drck->detach(drc, DEVICE(drc->dev), NULL);
 } else if (drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_USABLE) {
 drc->awaiting_allocation = false;
 }
@@ -404,15 +403,10 @@ static void attach(sPAPRDRConnector *drc, DeviceState *d, 
void *fdt,
  NULL, 0, NULL);
 }
 
-static void detach(sPAPRDRConnector *drc, DeviceState *d,
-   spapr_drc_detach_cb *detach_cb,
-   void *detach_cb_opaque, Error **errp)
+static void detach(sPAPRDRConnector *drc, DeviceState *d, Error **errp)
 {
 trace_spapr_drc_detach(get_index(drc));
 
-drc->detach_cb = 

[Qemu-devel] [PATCH v10 3/5] hw/ppc: migrating the DRC state of hotplugged devices

[Daniel Henrique Barboza]

In pseries, a firmware abstraction called Dynamic Reconfiguration
Connector (DRC) is used to assign a particular dynamic resource
to the guest and provide an interface to manage configuration/removal
of the resource associated with it. In other words, DRC is the
'plugged state' of a device.

Before this patch, DRC wasn't being migrated. This causes
post-migration problems due to DRC state mismatch between source and
target. The DRC state of a device X in the source might
change, while in the target the DRC state of X is still fresh. When
migrating the guest, X will not have the same hotplugged state as it
did in the source. This means that we can't hot unplug X in the
target after migration is completed because its DRC state is not consistent.
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1677552 is one
bug that is caused by this DRC state mismatch between source and
target.

To migrate the DRC state, we defined the VMStateDescription struct for
spapr_drc to enable the transmission of spapr_drc state in migration.
Not all the elements in the DRC state are migrated - only those
that can be modified by guest actions or device add/remove
operations:

- 'isolation_state', 'allocation_state' and 'indicator_state'
are involved in the DR state transition diagram from
PAPR+ 2.7, 13.4;

- 'configured', 'signalled', 'awaiting_release' and 'awaiting_allocation'
are needed in attaching and detaching devices;

- 'indicator_state' provides users with hardware state information.

These are the DRC elements that are migrated.

In this patch the DRC state is migrated for PCI, LMB and CPU
connector types. At this moment there is no support to migrate
DRC for the PHB (PCI Host Bridge) type.

In the 'realize' function the DRC is registered using vmstate_register,
similar to what hw/ppc/spapr_iommu.c does in 'spapr_tce_table_realize'.
This approach works because  DRCs are bus-less and do not sit
on a BusClass that implements bc->get_dev_path, so as a fallback the
VMSD gets identified via "spapr_drc"/get_index(drc).

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr_drc.c | 53 +
 1 file changed, 53 insertions(+)

diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index 976f71f..3c3e9e9 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -519,6 +519,57 @@ static void reset(DeviceState *d)
 }
 }
 
+static bool spapr_drc_needed(void *opaque)
+{
+sPAPRDRConnector *drc = (sPAPRDRConnector *)opaque;
+sPAPRDRConnectorClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+bool rc = false;
+sPAPRDREntitySense value;
+drck->entity_sense(drc, );
+
+/* If no dev is plugged in there is no need to migrate the DRC state */
+if (value != SPAPR_DR_ENTITY_SENSE_PRESENT) {
+return false;
+}
+
+/*
+ * If there is dev plugged in, we need to migrate the DRC state when
+ * it is different from cold-plugged state
+ */
+switch (drc->type) {
+case SPAPR_DR_CONNECTOR_TYPE_PCI:
+rc = !((drc->isolation_state == SPAPR_DR_ISOLATION_STATE_UNISOLATED) &&
+   (drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_USABLE) &&
+   drc->configured && drc->signalled && !drc->awaiting_release);
+return rc;
+case SPAPR_DR_CONNECTOR_TYPE_CPU:
+case SPAPR_DR_CONNECTOR_TYPE_LMB:
+rc = !((drc->isolation_state == SPAPR_DR_ISOLATION_STATE_ISOLATED) &&
+   (drc->allocation_state == SPAPR_DR_ALLOCATION_STATE_UNUSABLE) &&
+   drc->configured && drc->signalled && !drc->awaiting_release);
+return rc;
+default:
+g_assert(false);
+}
+}
+
+static const VMStateDescription vmstate_spapr_drc = {
+.name = "spapr_drc",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_drc_needed,
+.fields  = (VMStateField []) {
+VMSTATE_UINT32(isolation_state, sPAPRDRConnector),
+VMSTATE_UINT32(allocation_state, sPAPRDRConnector),
+VMSTATE_UINT32(indicator_state, sPAPRDRConnector),
+VMSTATE_BOOL(configured, sPAPRDRConnector),
+VMSTATE_BOOL(awaiting_release, sPAPRDRConnector),
+VMSTATE_BOOL(awaiting_allocation, sPAPRDRConnector),
+VMSTATE_BOOL(signalled, sPAPRDRConnector),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static void realize(DeviceState *d, Error **errp)
 {
 sPAPRDRConnector *drc = SPAPR_DR_CONNECTOR(d);
@@ -547,6 +598,8 @@ static void realize(DeviceState *d, Error **errp)
 object_unref(OBJECT(drc));
 }
 g_free(child_name);
+vmstate_register(DEVICE(drc), drck->get_index(drc), _spapr_drc,
+ drc);
 trace_spapr_drc_realize_complete(drck->get_index(drc));
 }
 
-- 
2.9.4

[Qemu-devel] [PATCH v10 1/5] hw/ppc/spapr.c: adding pending_dimm_unplugs to sPAPRMachineState

[Daniel Henrique Barboza]

The LMB DRC release callback, spapr_lmb_release(), uses an opaque
parameter, a sPAPRDIMMState struct that stores the current LMBs that
are allocated to a DIMM (nr_lmbs). After each call to this callback,
the nr_lmbs is decremented by one and, when it reaches zero, the callback
proceeds with the qdev calls to hot unplug the LMB.

Using drc->detach_cb_opaque is problematic because it can't be migrated in
the future DRC migration work. This patch makes the following changes to
eliminate the usage of this opaque callback inside spapr_lmb_release:

- sPAPRDIMMState was moved from spapr.c and added to spapr.h. A new
attribute called 'addr' was added to it. This is used as an unique
identifier to associate a sPAPRDIMMState to a PCDIMM element.

- sPAPRMachineState now hosts a new QTAILQ called 'pending_dimm_unplugs'.
This queue of sPAPRDIMMState elements will store the DIMM state of DIMMs
that are currently going under an unplug process.

- spapr_lmb_release() will now retrieve the nr_lmbs value by getting the
correspondent sPAPRDIMMState. A helper function called spapr_dimm_get_address
was created to fetch the address of a PCDIMM device inside spapr_lmb_release.
When nr_lmbs reaches zero and the callback proceeds with the qdev hot unplug
calls, the sPAPRDIMMState struct is removed from spapr->pending_dimm_unplugs.

After these changes, the opaque argument for spapr_lmb_release is now
unused and is passed as NULL inside spapr_del_lmbs. This and the other
opaque arguments can now be safely removed from the code.

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr.c | 57 +-
 include/hw/ppc/spapr.h |  4 
 2 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 0980d73..b05abe5 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2050,6 +2050,7 @@ static void ppc_spapr_init(MachineState *machine)
 msi_nonbroken = true;
 
 QLIST_INIT(>phbs);
+QTAILQ_INIT(>pending_dimm_unplugs);
 
 /* Allocate RMA if necessary */
 rma_alloc_size = kvmppc_alloc_rma();
@@ -2603,20 +2604,63 @@ out:
 error_propagate(errp, local_err);
 }
 
-typedef struct sPAPRDIMMState {
+struct sPAPRDIMMState {
+uint64_t addr;
 uint32_t nr_lmbs;
-} sPAPRDIMMState;
+QTAILQ_ENTRY(sPAPRDIMMState) next;
+};
+
+static sPAPRDIMMState *spapr_pending_dimm_unplugs_find(sPAPRMachineState *s,
+   uint64_t addr)
+{
+sPAPRDIMMState *dimm_state = NULL;
+QTAILQ_FOREACH(dimm_state, >pending_dimm_unplugs, next) {
+if (dimm_state->addr == addr) {
+break;
+}
+}
+return dimm_state;
+}
+
+static void spapr_pending_dimm_unplugs_add(sPAPRMachineState *spapr,
+   sPAPRDIMMState *dimm_state)
+{
+g_assert(!spapr_pending_dimm_unplugs_find(spapr, dimm_state->addr));
+QTAILQ_INSERT_HEAD(>pending_dimm_unplugs, dimm_state, next);
+}
+
+static void spapr_pending_dimm_unplugs_remove(sPAPRMachineState *spapr,
+  sPAPRDIMMState *dimm_state)
+{
+QTAILQ_REMOVE(>pending_dimm_unplugs, dimm_state, next);
+g_free(dimm_state);
+}
+
+static uint64_t spapr_dimm_get_address(PCDIMMDevice *dimm)
+{
+Error *local_err = NULL;
+uint64_t addr;
+addr = object_property_get_int(OBJECT(dimm), PC_DIMM_ADDR_PROP,
+   _err);
+if (local_err) {
+error_propagate(_abort, local_err);
+return 0;
+}
+return addr;
+}
 
 static void spapr_lmb_release(DeviceState *dev, void *opaque)
 {
-sPAPRDIMMState *ds = (sPAPRDIMMState *)opaque;
 HotplugHandler *hotplug_ctrl;
+uint64_t addr = spapr_dimm_get_address(PC_DIMM(dev));
+sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
+sPAPRDIMMState *ds = spapr_pending_dimm_unplugs_find(spapr, addr);
 
 if (--ds->nr_lmbs) {
 return;
 }
 
-g_free(ds);
+spapr_pending_dimm_unplugs_remove(spapr, ds);
 
 /*
  * Now that all the LMBs have been removed by the guest, call the
@@ -2633,17 +2677,20 @@ static void spapr_del_lmbs(DeviceState *dev, uint64_t 
addr_start, uint64_t size,
 sPAPRDRConnectorClass *drck;
 uint32_t nr_lmbs = size / SPAPR_MEMORY_BLOCK_SIZE;
 int i;
+sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 sPAPRDIMMState *ds = g_malloc0(sizeof(sPAPRDIMMState));
 uint64_t addr = addr_start;
 
 ds->nr_lmbs = nr_lmbs;
+ds->addr = addr_start;
+spapr_pending_dimm_unplugs_add(spapr, ds);
 for (i = 0; i < nr_lmbs; i++) {
 drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB,
 addr / SPAPR_MEMORY_BLOCK_SIZE);
 g_assert(drc);
 
 drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
-drck->detach(drc, dev, spapr_lmb_release, ds, errp);
+drck->detach(drc, dev, spapr_lmb_release, NULL, errp);
  

[Qemu-devel] [PATCH v10 0/5] migration/ppc: migrating DRC and ccs_list

[Daniel Henrique Barboza]

v10:
- removed 'migrating pending_events' patch this series
- patch 1:
* removed extra line between definitions;
* removed spapr_pending_dimms functions definitons from spapr.h
* turned spapr_pending_dimms functions into static
- patch 2:
* fixed the switch() statement - PHB and VIO cases goes to default,
default now executes assert()
- patch 3:
* minor style changes/fixes
* changed switch to return after rc is calculated, default executes
assert()
- patch 4 (*new*):
* this new patch implements a new function to recover the pending DIMM
unplug LMB state inside the spapr_lmb_release callback

v9:
- patch 1 (*new*): added a qtail in sPAPRMachineState called 
pending_dimm_unplugs
that stores the DIMM LMB state during the unplug process.
- patch 2 (*new*): merged v8-patch1 and v8-patch2: removing detach_cb and
detach_cb_opaque.
- patch 3:
* removed dk->vmsd entry. We're using vmstate_register instead
* added 'awaiting_allocation' flag in the DRC migration
- patch 4 (*new*): migrating spapr->pending_dimm_unplugs qtailq to allow
for an ongoing PCDIMM unplug to continue after a migration.

v8:
- new patch added: 'removing spapr_drc_detach_cb opaques'. This new patch 
removes
the need for the detach_cb_opaques inside the removal callback functions. See
the commit message of the patch for more info.

v7:
- removed the first patch. DRC registration is now done by vmstate_register
in patch 2.
- added a new patch that changes spapr_dr_connector_new to receive as argument
the detach_cb.
- removed the callback logic of patch 2 since there is no need to restore the
detach_cb on post-load due to the detach_cb on spapr_dr_connector_new change.
- added word separators in the VMSD names of patch 3 and 4.

v6: - Rebased with QEMU master after 6+ months.
- Simplified the logic in patch 1.
- Reworked patch 2: added CPU DRC migration, removed a function pointer 
from DRC
class and minor improvements.
- Added clarifications from the previous v5 discussions in the commit 
messages.

v5: - Rebased to David's ppc-for-2.8.

v4: - Introduce a way to set customized instance_id in SaveStateEntry. Use it
  to set instance_id for DRC using its unique index to address David 
  Gibson's concern.
- Rename VMS_CSTM to VMS_LINKED based on Paolo Bonzini's suggestions.
- Clean up qjson stuff in put_qtailq. 
- Add trace for put_qtailq and get_qtailq based on David Gilbert's 
  suggestion.

- Based on David's ppc-for-2.7. 

v3: - Simplify overall design followng discussion with Paolo. No longer need
  metadata to migrate QTAILQ.
- Extend VMStateInfo instead of adding similar fields to VMStateField.
- Clean up macros in qemu/queue.h.
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg05695.html)

v2: - Introduce a general approach to migrate QTAILQ in qemu/queue.h.
- Migrate signalled field in the DRC state.
- Put the newly added migrating fields in subsections so that backward 
  migration is not broken.  
- Set detach_cb field right after migration so that a migrated hot-unplug
  event could finish its course.
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg04188.html)

v1: - Inital version.
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-04/msg02601.html)


To make guest devices (PCI, CPU and memory) hotplug work together 
with guest migration, spapr drc state needs be transmitted in
migration. This patch defines the VMStateDescription struct for
spapr drc state to enable it.

To fix the potential racing between hotplug events on guest and 
guest migration and ccs_list of spapr state need be transmitted in
migration. This patch set also takes care of it.


Daniel Henrique Barboza (4):
  hw/ppc/spapr.c: adding pending_dimm_unplugs to sPAPRMachineState
  hw/ppc: removing drc->detach_cb and drc->detach_cb_opaque
  hw/ppc: migrating the DRC state of hotplugged devices
  hw/ppc/spapr.c: recover pending LMB unplug info in spapr_lmb_release

Jianjun Duan (1):
  migration: spapr: migrate ccs_list in spapr state

 hw/ppc/spapr.c  | 138 
 hw/ppc/spapr_drc.c  |  89 +++-
 hw/ppc/spapr_pci.c  |   5 +-
 include/hw/pci-host/spapr.h |   3 +
 include/hw/ppc/spapr.h  |   8 +++
 include/hw/ppc/spapr_drc.h  |   8 +--
 6 files changed, 216 insertions(+), 35 deletions(-)

-- 
2.9.4

[Qemu-devel] [PATCH v11 2/2] migration: spapr: migrate pending_events of spapr state

[Daniel Henrique Barboza]

From: Jianjun Duan 

In racing situations between hotplug events and migration operation,
a rtas hotplug event could have not yet be delivered to the source
guest when migration is started. In this case the pending_events of
spapr state need be transmitted to the target so that the hotplug
event can be finished on the target.

All the different fields of the events are encoded as defined by
PAPR. We can migrate them as uint8_t binary stream without any
concerns about data padding or endianess.

pending_events is put in a subsection in the spapr state VMSD to make
sure migration across different versions is not broken.

Signed-off-by: Jianjun Duan 
Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr.c | 32 
 hw/ppc/spapr_events.c  |  1 +
 include/hw/ppc/spapr.h |  3 ++-
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 0980d73..5afd328 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1444,6 +1444,37 @@ static bool version_before_3(void *opaque, int 
version_id)
 return version_id < 3;
 }
 
+static bool spapr_pending_events_needed(void *opaque)
+{
+sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
+return !QTAILQ_EMPTY(>pending_events);
+}
+
+static const VMStateDescription vmstate_spapr_event_entry = {
+.name = "spapr_event_log_entry",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_INT32(log_type, sPAPREventLogEntry),
+VMSTATE_UINT32(data_size, sPAPREventLogEntry),
+VMSTATE_VBUFFER_ALLOC_UINT32(data, sPAPREventLogEntry, 0,
+ NULL, data_size),
+VMSTATE_END_OF_LIST()
+},
+};
+
+static const VMStateDescription vmstate_spapr_pending_events = {
+.name = "spapr_pending_events",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = spapr_pending_events_needed,
+.fields = (VMStateField[]) {
+VMSTATE_QTAILQ_V(pending_events, sPAPRMachineState, 1,
+ vmstate_spapr_event_entry, sPAPREventLogEntry, next),
+VMSTATE_END_OF_LIST()
+},
+};
+
 static bool spapr_ov5_cas_needed(void *opaque)
 {
 sPAPRMachineState *spapr = opaque;
@@ -1542,6 +1573,7 @@ static const VMStateDescription vmstate_spapr = {
 .subsections = (const VMStateDescription*[]) {
 _spapr_ov5_cas,
 _spapr_patb_entry,
+_spapr_pending_events,
 NULL
 }
 };
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 73e2a18..96c1605 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -350,6 +350,7 @@ static void rtas_event_log_queue(int log_type, void *data)
 g_assert(data);
 entry->log_type = log_type;
 entry->data = data;
+entry->data_size = sizeof(*data);
 QTAILQ_INSERT_TAIL(>pending_events, entry, next);
 }
 
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 02239a5..0554e11 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -597,8 +597,9 @@ struct sPAPRTCETable {
 sPAPRTCETable *spapr_tce_find_by_liobn(target_ulong liobn);
 
 struct sPAPREventLogEntry {
-int log_type;
+int32_t log_type;
 void *data;
+uint32_t data_size;
 QTAILQ_ENTRY(sPAPREventLogEntry) next;
 };
 
-- 
2.9.4

[Qemu-devel] [PATCH v11 1/2] hw/ppc/spapr_events.c: removing 'exception' from sPAPREventLogEntry

[Daniel Henrique Barboza]

Currenty we do not have any RTAS event that is reported by the
event-scan interface. The existing events, RTAS_LOG_TYPE_EPOW and
RTAS_LOG_TYPE_HOTPLUG, are being reported by the check-exception
interface and, as such, marked as 'exception=true'.

Commit 79853e18d9, 'spapr_events: event-scan RTAS interface', added
the event_scan interface because the guest kernel requires it to
initialize other required interfaces. It is acting since then as
a stub because no events that would be reported by it were added
since then. However, the existence of the 'exception' boolean adds
an unnecessary load in the future migration of the pending_events,
sPAPREventLogEntry QTAILQ that hosts the pending RTAS events.

To make the code cleaner and ease the future migration changes, this
patch makes the following changes:

- remove the 'exception' boolean that filter these events. There is
nothing to filter since all events are reported by check-exception;

- functions rtas_event_log_queue, rtas_event_log_dequeue and
rtas_event_log_contains don't receive the 'exception' boolean
as parameter;

- event_scan function was simplified. It was calling
'rtas_event_log_dequeue(mask, false)' that was always returning
'NULL' because we have no events that are created with
exception=false, thus in the end it would execute a jump to
'out_no_events' all the time. The function now assumes that
this will always be the case and all the remaining logic were
deleted.

In the future, when or if we add new RTAS events that should
be reported with the event_scan interface, we can refer to
the changes made in this patch to add the event_scan logic
back.

Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr_events.c  | 52 +++---
 include/hw/ppc/spapr.h |  1 -
 2 files changed, 7 insertions(+), 46 deletions(-)

diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index f0b28d8..73e2a18 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -342,20 +342,18 @@ static int rtas_event_log_to_irq(sPAPRMachineState 
*spapr, int log_type)
 return source->irq;
 }
 
-static void rtas_event_log_queue(int log_type, void *data, bool exception)
+static void rtas_event_log_queue(int log_type, void *data)
 {
 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 sPAPREventLogEntry *entry = g_new(sPAPREventLogEntry, 1);
 
 g_assert(data);
 entry->log_type = log_type;
-entry->exception = exception;
 entry->data = data;
 QTAILQ_INSERT_TAIL(>pending_events, entry, next);
 }
 
-static sPAPREventLogEntry *rtas_event_log_dequeue(uint32_t event_mask,
-  bool exception)
+static sPAPREventLogEntry *rtas_event_log_dequeue(uint32_t event_mask)
 {
 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 sPAPREventLogEntry *entry = NULL;
@@ -364,10 +362,6 @@ static sPAPREventLogEntry *rtas_event_log_dequeue(uint32_t 
event_mask,
 const sPAPREventSource *source =
 rtas_event_log_to_source(spapr, entry->log_type);
 
-if (entry->exception != exception) {
-continue;
-}
-
 if (source->mask & event_mask) {
 break;
 }
@@ -380,7 +374,7 @@ static sPAPREventLogEntry *rtas_event_log_dequeue(uint32_t 
event_mask,
 return entry;
 }
 
-static bool rtas_event_log_contains(uint32_t event_mask, bool exception)
+static bool rtas_event_log_contains(uint32_t event_mask)
 {
 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
 sPAPREventLogEntry *entry = NULL;
@@ -389,10 +383,6 @@ static bool rtas_event_log_contains(uint32_t event_mask, 
bool exception)
 const sPAPREventSource *source =
 rtas_event_log_to_source(spapr, entry->log_type);
 
-if (entry->exception != exception) {
-continue;
-}
-
 if (source->mask & event_mask) {
 return true;
 }
@@ -479,7 +469,7 @@ static void spapr_powerdown_req(Notifier *n, void *opaque)
 epow->event_modifier = RTAS_LOG_V6_EPOW_MODIFIER_NORMAL;
 epow->extended_modifier = RTAS_LOG_V6_EPOW_XMODIFIER_PARTITION_SPECIFIC;
 
-rtas_event_log_queue(RTAS_LOG_TYPE_EPOW, new_epow, true);
+rtas_event_log_queue(RTAS_LOG_TYPE_EPOW, new_epow);
 
 qemu_irq_pulse(xics_get_qirq(XICS_FABRIC(spapr),
  rtas_event_log_to_irq(spapr,
@@ -572,7 +562,7 @@ static void spapr_hotplug_req_event(uint8_t hp_id, uint8_t 
hp_action,
 cpu_to_be32(drc_id->count_indexed.index);
 }
 
-rtas_event_log_queue(RTAS_LOG_TYPE_HOTPLUG, new_hp, true);
+rtas_event_log_queue(RTAS_LOG_TYPE_HOTPLUG, new_hp);
 
 qemu_irq_pulse(xics_get_qirq(XICS_FABRIC(spapr),
  rtas_event_log_to_irq(spapr,
@@ -667,7 +657,7 @@ static void check_exception(PowerPCCPU *cpu, 
sPAPRMachineState *spapr,
 xinfo |= (uint64_t)rtas_ld(args, 6) << 32;
 }
 
-

[Qemu-devel] [PATCH v11 0/2] pseries: migrate pending_events of spapr state

[Daniel Henrique Barboza]

v11:
- patch 1 (new): cleanup of spapr_events.c:
* removed the 'exception' boolean from the sPAPREventLogEntry
* simplified the 'event_scan' function
- patch 2:
* data_size is now calculated inside rtas_event_log_queue()
* using VBUFFER instead of VARRAY to avoid casts
* log_type changed to int32_t

v10: detached from DRC patch set

v9: no changes

v8: no changes

v7: no changes

v6: - Rebased with QEMU master after 6+ months.
class and minor improvements.
- Added clarifications from the previous v5 discussions in the commit 
messages.

v5: - Rebased on David's ppc-for-2.8.

v4: - Rebased on David's ppc-for-2.7. 

v3: - Simplify overall design followng discussion with Paolo. No longer need
  metadata to migrate QTAILQ.
- Extend VMStateInfo instead of adding similar fields to VMStateField.

v2: - Put the newly added migrating fields in subsections so that backward 
  migration is not broken.  
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg04188.html)

v1: - Inital version.
(link: https://lists.nongnu.org/archive/html/qemu-devel/2016-04/msg02601.html)


This patch was detached from the patchset:

"[PATCH v9 0/6] migration/ppc: migrating DRC, ccs_list and pending_events"

Because it is independent and has use outside of the scope of the
pseries DRC migration patchset.

Daniel Henrique Barboza (1):
  hw/ppc/spapr_events.c: removing 'exception' from sPAPREventLogEntry

Jianjun Duan (1):
  migration: spapr: migrate pending_events of spapr state

 hw/ppc/spapr.c | 32 ++
 hw/ppc/spapr_events.c  | 53 --
 include/hw/ppc/spapr.h |  4 ++--
 3 files changed, 42 insertions(+), 47 deletions(-)

-- 
2.9.4

Re: [Qemu-devel] qemu-system-sh4 -M r2d serial is broken.

[Aurelien Jarno]

On 2017-05-18 21:57, Paolo Bonzini wrote:
> Anyway, Uli Hecht is saying SCIF "asserts DR even if the FIFO threshold
> has not been reached if no data is received for 1.5 frames".  If that's
> just a register and doesn't trigger an interrupt, you can compute the
> bit's value dynamically based on the current clock.
> 
> This is for example how the x86 RTC chip computes the "update in
> progress" bit, which is set for 220 us before the RC updates.  Doing
> that with a timer would be really imprecise.

Unfortunately, the DR bit is set to 1 after 1.5 frames (so the exact
timing depends on the actual baud rate), and that also triggers an
interrupt if the RIE bit is set to 1. I haven't checked yet if the
kernel relies on the bit or the interrupt or both.

Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] qemu-system-sh4 -M r2d serial is broken.

[Paolo Bonzini]

On 18/05/2017 18:08, Rob Landley wrote:
> Serial input hangs after the first character in the 4.11 kernel:
> 
>   http://www.spinics.net/lists/linux-sh/msg51183.html
> 
> Because they enabled support for a buffer size thing QEMU doesn't
> emulate right:
> 
>   http://www.spinics.net/lists/linux-sh/msg51189.html

Hey,

regarding this:

> The really _fun_ thing about this is qemu broke it a couple years back
> and now if you hit ctrl-c it kills the _emulator_ rather than passing it
> through to the Linux console. (Just sh4, the rest do it right.)

Try replacing "-serial stdio" with "-serial mon:stdio".  You'll also be
able to use the QEMU monitor with "Ctrl-a c", so you can quit with
"Ctrl-a c quit ".

> Very likely given how crappy the rest of its serial emulation is for
> this architecture, but ever since qemu added glib support I've stopped
> trying to understand their developers' thought processes.

I'm sure this is going to help you get support, right?

Anyway, Uli Hecht is saying SCIF "asserts DR even if the FIFO threshold
has not been reached if no data is received for 1.5 frames".  If that's
just a register and doesn't trigger an interrupt, you can compute the
bit's value dynamically based on the current clock.

This is for example how the x86 RTC chip computes the "update in
progress" bit, which is set for 220 us before the RC updates.  Doing
that with a timer would be really imprecise.

Paolo

Re: [Qemu-devel] [PATCH v2] gluster: add support for PREALLOC_MODE_FALLOC

[Niels de Vos]

On Thu, May 18, 2017 at 01:54:36PM -0400, Jeff Cody wrote:
> On Thu, May 18, 2017 at 11:54:22AM +0200, Niels de Vos wrote:
> > Add missing support for "preallocation=falloc" to the Gluster block
> > driver. This change bases its logic on that of block/file-posix.c and
> > removed the gluster_supports_zerofill() and qemu_gluster_zerofill()
> > functiond in favour of #ifdef checks in an easy to read
> > switch-statement.
> > 
> > Both glfs_zerofill() and glfs_fallocate() have been introduced with
> > GlusterFS 3.5.0 (pkg-config glusterfs-api = 6). A #define for the
> > availability of glfs_fallocate() has been added to ./configure.
> > 
> > Reported-by: Satheesaran Sundaramoorthi 
> > URL: https://bugzilla.redhat.com/1450759
> > Signed-off-by: Niels de Vos 
> > ---
> > v2 changes requested by Jeff Cody:
> > - add CONFIG_GLUSTERFS_FALLOCATE
> > - remove unneeded wrapper qemu_gluster_zerofill()
> > 
> >  block/gluster.c | 76 
> > ++---
> >  configure   |  6 +
> >  2 files changed, 46 insertions(+), 36 deletions(-)
> > 
> > diff --git a/block/gluster.c b/block/gluster.c
> > index 7c76cd0..0610183 100644
> > --- a/block/gluster.c
> > +++ b/block/gluster.c
> > @@ -964,29 +964,6 @@ static coroutine_fn int 
> > qemu_gluster_co_pwrite_zeroes(BlockDriverState *bs,
> >  qemu_coroutine_yield();
> >  return acb.ret;
> >  }
> > -
> > -static inline bool gluster_supports_zerofill(void)
> > -{
> > -return 1;
> > -}
> > -
> > -static inline int qemu_gluster_zerofill(struct glfs_fd *fd, int64_t offset,
> > -int64_t size)
> > -{
> > -return glfs_zerofill(fd, offset, size);
> > -}
> > -
> > -#else
> > -static inline bool gluster_supports_zerofill(void)
> > -{
> > -return 0;
> > -}
> > -
> > -static inline int qemu_gluster_zerofill(struct glfs_fd *fd, int64_t offset,
> > -int64_t size)
> > -{
> > -return 0;
> > -}
> >  #endif
> >  
> >  static int qemu_gluster_create(const char *filename,
> > @@ -996,9 +973,10 @@ static int qemu_gluster_create(const char *filename,
> >  struct glfs *glfs;
> >  struct glfs_fd *fd;
> >  int ret = 0;
> > -int prealloc = 0;
> > +PreallocMode prealloc;
> >  int64_t total_size = 0;
> >  char *tmp = NULL;
> > +Error *local_err = NULL;
> >  
> >  gconf = g_new0(BlockdevOptionsGluster, 1);
> >  gconf->debug = qemu_opt_get_number_del(opts, GLUSTER_OPT_DEBUG,
> > @@ -1026,13 +1004,12 @@ static int qemu_gluster_create(const char *filename,
> >BDRV_SECTOR_SIZE);
> >  
> >  tmp = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
> > -if (!tmp || !strcmp(tmp, "off")) {
> > -prealloc = 0;
> > -} else if (!strcmp(tmp, "full") && gluster_supports_zerofill()) {
> > -prealloc = 1;
> > -} else {
> > -error_setg(errp, "Invalid preallocation mode: '%s'"
> > - " or GlusterFS doesn't support zerofill API", 
> > tmp);
> > +prealloc = qapi_enum_parse(PreallocMode_lookup, tmp,
> > +   PREALLOC_MODE__MAX, PREALLOC_MODE_OFF,
> > +   _err);
> > +g_free(tmp);
> > +if (local_err) {
> > +error_propagate(errp, local_err);
> >  ret = -EINVAL;
> >  goto out;
> >  }
> > @@ -1041,21 +1018,48 @@ static int qemu_gluster_create(const char *filename,
> >  O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, S_IRUSR | 
> > S_IWUSR);
> >  if (!fd) {
> >  ret = -errno;
> > -} else {
> > +goto out;
> > +}
> > +
> > +switch (prealloc) {
> > +#ifdef CONFIG_GLUSTERFS_FALLOCATE
> > +case PREALLOC_MODE_FALLOC:
> > +if (!glfs_fallocate(fd, 0, 0, total_size)) {
> 
> Does glfs_fallocate() return 0 on failure?  Both posix and linux versions of
> fallocate() return 0 on success.

No, it should return 0 on success. This is a copy/paste error from the
glfs_ftruncate() below, and that if/else structure is a little
different. I did not notice the error message during my testing
though... Will check it again tomorrow.

Thanks,
Niels


> 
> > +error_setg(errp, "Could not preallocate data for the new 
> > file");
> > +ret = -errno;
> > +}
> > +break;
> > +#endif /* CONFIG_GLUSTERFS_FALLOCATE */
> > +#ifdef CONFIG_GLUSTERFS_ZEROFILL
> > +case PREALLOC_MODE_FULL:
> >  if (!glfs_ftruncate(fd, total_size)) {
> > -if (prealloc && qemu_gluster_zerofill(fd, 0, total_size)) {
> > +if (glfs_zerofill(fd, 0, total_size)) {
> > +error_setg(errp, "Could not zerofill the new file");
> >  ret = -errno;
> >  }
> >  } else {
> > +error_setg(errp, "Could not resize file");
> >  ret = -errno;
> >  }
> > -
> > -if (glfs_close(fd) != 0) {
> > 

Re: [Qemu-devel] qemu-system-sh4 -M r2d serial is broken.

[Aurelien Jarno]

On 2017-05-18 11:08, Rob Landley wrote:
> Serial input hangs after the first character in the 4.11 kernel:
> 
>   http://www.spinics.net/lists/linux-sh/msg51183.html
> 
> Because they enabled support for a buffer size thing QEMU doesn't
> emulate right:
> 
>   http://www.spinics.net/lists/linux-sh/msg51189.html

Indeed the SCIF emulation in QEMU is quite limited. The problem is that
it exposes many internal states to the software (and that's the same for
the SH4 CPU in general), and that's not really compatible with quick
emulation. In that case the timer should depend on the baud rate which
we don't really emulate.

I'll try to have a look, that said my test environment is stuck with
kernel 4.8 due to the broken futex support on UP in kernel 4.9 (and
that's not QEMU specific). I'll try to build a more recent kernel with
additional patches.

Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH v2] target/s390x: Add support for the TEST BLOCK instruction

[Aurelien Jarno]

On 2017-05-18 08:42, Richard Henderson wrote:
> On 05/18/2017 06:20 AM, Aurelien Jarno wrote:
> > > +DEF_HELPER_FLAGS_2(testblock, TCG_CALL_NO_WG, i32, env, i64)
> > As the helper does not read any values from the global, you can even use
> > TCG_CALL_NO_RWG.
> > 
> 
> By throwing an exception, we imply a read of all values along the exception 
> path.
> 

You are indeed correct, sorry about the wrong comment.

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH v4] target/s390x: Add support for the TEST BLOCK instruction

[Aurelien Jarno]

On 2017-05-18 19:26, Thomas Huth wrote:
> TEST BLOCK was likely once used to execute basic memory
> tests, but nowadays it's just a (slow) way to clear a page.
> 
> Signed-off-by: Thomas Huth 
> ---
>  v4:
>  - Switched TCG_CALL_NO_RWG back to TCG_CALL_NO_WG as indicated by Richard
> 
>  v3:
>  - Use TCG_CALL_NO_RWG instead of TCG_CALL_NO_WG
>  - Use potential_page_fault() since the helper can generate an exception
> 
>  v2:
>  - Use DEF_HELPER_FLAGS_2 instead for DEF_HELPER_2 for returning CC value
>  - Convert real to absolute address
>  - Added a check for valid RAM page
>  - Added low-address protection check
> 
>  target/s390x/cpu.h |  1 +
>  target/s390x/helper.h  |  1 +
>  target/s390x/insn-data.def |  2 ++
>  target/s390x/mem_helper.c  | 28 
>  target/s390x/mmu_helper.c  |  2 +-
>  target/s390x/translate.c   | 11 +++
>  6 files changed, 44 insertions(+), 1 deletion(-)
> 

Reviewed-by: Aurelien Jarno 

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Re: [Qemu-devel] [PATCH 2/3] numa: move default mapping init to machine

[Eduardo Habkost]

On Thu, May 18, 2017 at 10:09:30AM +0200, Igor Mammedov wrote:
> there is no need use cpu_index_to_instance_props() for setting
> default cpu -> node mapping. Generic machine code can do it
> without cpu_index by just enabling already preset defaults
> in possible_cpus.
> 
> PS:
> as bonus it makes one less user of cpu_index_to_instance_props()
> 
> Signed-off-by: Igor Mammedov 
> ---
>  hw/core/machine.c | 32 +---
>  numa.c| 26 --
>  2 files changed, 21 insertions(+), 37 deletions(-)
> 
> diff --git a/hw/core/machine.c b/hw/core/machine.c
> index fd6a436..2e91aa9 100644
> --- a/hw/core/machine.c
> +++ b/hw/core/machine.c
> @@ -700,26 +700,36 @@ static char *cpu_slot_to_string(const CPUArchId *cpu)
>  return g_string_free(s, false);
>  }
>  
> -static void machine_numa_validate(MachineState *machine)
> +static void machine_numa_finish_init(MachineState *machine)
>  {
> -int i;
> +int i, default_mapping;

I suggest bool instead of int.

>  GString *s = g_string_new(NULL);
>  MachineClass *mc = MACHINE_GET_CLASS(machine);
>  const CPUArchIdList *possible_cpus = mc->possible_cpu_arch_ids(machine);
>  
>  assert(nb_numa_nodes);
> +for (i = possible_cpus->len;
> + i && !possible_cpus->cpus[i - 1].props.has_node_id;
> + i--)
> +;;

I believe the original code was more readable, and it had only 1
more line than this version. i.e.:

for (i = 0; i < possible_cpus->len; i++) {
if (possible_cpus->cpus[i].props.has_node_id) {
break;
}
}
default_mapping = (i == possible_cpus->len);

> +default_mapping = !i; /* i == 0 : no explicit mapping provided by user */
> +
>  for (i = 0; i < possible_cpus->len; i++) {
>  const CPUArchId *cpu_slot = _cpus->cpus[i];
>  
> -/* at this point numa mappings are initilized by CLI options
> - * or with default mappings so it's sufficient to list
> - * all not yet mapped CPUs here */
> -/* TODO: make it hard error in future */

Did we change our mind about making it a hard error in the
future?

>  if (!cpu_slot->props.has_node_id) {
> -char *cpu_str = cpu_slot_to_string(cpu_slot);
> -g_string_append_printf(s, "%sCPU %d [%s]", s->len ? ", " : "", i,
> -   cpu_str);
> -g_free(cpu_str);
> +if (default_mapping) {
> +/* fetch default mapping from board and enable it */
> +CpuInstanceProperties props = cpu_slot->props;
> +props.has_node_id = true;
> +machine_set_cpu_numa_node(machine, , _fatal);

Is a machine_set_cpu_numa_node() call really necessary here, if
we are already looking at cpu_slot->props directly?

> +} else {
> +/* record slots with not set mapping */
> +char *cpu_str = cpu_slot_to_string(cpu_slot);
> +g_string_append_printf(s, "%sCPU %d [%s]",
> +   s->len ? ", " : "", i, cpu_str);
> +g_free(cpu_str);
> +}
>  }

What about doing this instead:

if (default_mapping) {
/*
 * Default mapping was already set by board at
 * cpu_slot->props.node_id, just enable it
 */
cpu_slot->props.has_node_id = true;
} else if (!cpu_slot->props.has_node_id) {
char *cpu_str = cpu_slot_to_string(cpu_slot);
g_string_append_printf(s, "%sCPU %d [%s]", s->len ? ", " : "", i,
   cpu_str);
g_free(cpu_str);
}

>  }
>  if (s->len) {
> @@ -737,7 +747,7 @@ void machine_run_board_init(MachineState *machine)
>  MachineClass *machine_class = MACHINE_GET_CLASS(machine);
>  
>  if (nb_numa_nodes) {
> -machine_numa_validate(machine);
> +machine_numa_finish_init(machine);
>  }
>  machine_class->init(machine);
>  }
> diff --git a/numa.c b/numa.c
> index 0115bfd..796cd7d 100644
> --- a/numa.c
> +++ b/numa.c
> @@ -427,7 +427,6 @@ void numa_default_auto_assign_ram(MachineClass *mc, 
> NodeInfo *nodes,
>  void parse_numa_opts(MachineState *ms)
>  {
>  int i;
> -const CPUArchIdList *possible_cpus;
>  MachineClass *mc = MACHINE_GET_CLASS(ms);
>  
>  if (qemu_opts_foreach(qemu_find_opts("numa"), parse_numa, ms, NULL)) {
> @@ -485,31 +484,6 @@ void parse_numa_opts(MachineState *ms)
>  
>  numa_set_mem_ranges();
>  
> -/* assign CPUs to nodes using board provided default mapping */
> -if (!mc->cpu_index_to_instance_props || !mc->possible_cpu_arch_ids) {
> -error_report("default CPUs to NUMA node mapping isn't 
> supported");
> -exit(1);
> -}
> -
> -possible_cpus = mc->possible_cpu_arch_ids(ms);
> -for (i = 0; i < possible_cpus->len; i++) {
> -

Re: [Qemu-devel] [Qemu-ppc] [PATCH v10] migration: spapr: migrate pending_events of spapr state

[Daniel Henrique Barboza]

On 05/18/2017 01:46 PM, Michael Roth wrote:

Quoting Daniel Henrique Barboza (2017-05-17 15:31:44)


On 05/16/2017 09:04 AM, Daniel Henrique Barboza wrote:


On 05/16/2017 01:25 AM, David Gibson wrote:

On Mon, May 15, 2017 at 10:10:52AM -0300, Daniel Henrique Barboza wrote:

From: Jianjun Duan 

In racing situations between hotplug events and migration operation,
a rtas hotplug event could have not yet be delivered to the source
guest when migration is started. In this case the pending_events of
spapr state need be transmitted to the target so that the hotplug
event can be finished on the target.

All the different fields of the events are encoded as defined by
PAPR. We can migrate them as uint8_t binary stream without any
concerns about data padding or endianess.

pending_events is put in a subsection in the spapr state VMSD to make
sure migration across different versions is not broken.

Signed-off-by: Jianjun Duan 
Signed-off-by: Daniel Henrique Barboza 

Ok, thanks for splitting this out, but you don't seem to have
addressed the other comments I had on this patch as presented before.

Sorry, I haven't noticed you had previous comments on this patch. I'll
address
them and re-send.


Daniel


---
   hw/ppc/spapr.c | 33 +
   hw/ppc/spapr_events.c  | 24 +---
   include/hw/ppc/spapr.h |  3 ++-
   3 files changed, 48 insertions(+), 12 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 80d12d0..8cfdc71 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1437,6 +1437,38 @@ static bool version_before_3(void *opaque,
int version_id)
   return version_id < 3;
   }
   +static bool spapr_pending_events_needed(void *opaque)
+{
+sPAPRMachineState *spapr = (sPAPRMachineState *)opaque;
+return !QTAILQ_EMPTY(>pending_events);
+}
+
+static const VMStateDescription vmstate_spapr_event_entry = {
+.name = "spapr_event_log_entry",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_INT32(log_type, sPAPREventLogEntry),
+VMSTATE_BOOL(exception, sPAPREventLogEntry),

I'd like some more information to convince me there isn't redundant
data here.

I'll quote David's v9 review here for reference:

"So, at the moment, AFAICT every event is marked as exception == true,
so this doesn't actually tell us anything.   If that becomes not the
case in future, can the exception flag be derived from the log_type or
information in the even buffer? "

I've checked the code and we're just using exception == true.  The two
event logs that we currently support are RTAS_LOG_TYPE_EPOW and
RTAS_LOG_TYPE_HOTPLUG, both are being added in the queue by
calling rtas_event_log_queue() with exception == true.

This boolean is passed as a parameter in the functions
rtas_event_log_contains
and rtas_event_log_dequeue. The former is called once with exception=true
inside check_exception, the latter is called once with exception=true in
check_exception
and exception=false in event_scan.

I didn't find anywhere in the code where, once set as true, we change
this boolean
to false. So in my opinion we can discard this boolean from the
migration and,
in post_load, set it to true if log_type is RTAS_LOG_TYPE_EPOW or
RTAS_LOG_TYPE_HOTPLUG. This would mean that when we implement more event
log types we will need to also change the post_load to reflect the change.



PS: I've read the LoPAPR document [1] and it says in section 10.2.3 page
289:

"Hot Plug Events, when implemented, are reported through the event-scan
RTAS call."

Why are we setting the RTAS_LOG_TYPE_HOTPLUG as exception==true and
therefore
reporting it in check_exception instead? Does the sPAPR spec differ from
the LoPAPR
in this regard?

Published versions of PAPR/LoPAPR are a bit behind on the current
documentation for hotplug (and a few other things). That section in
particular has been update to read:

   10.2.3 Hot Plug Events

   Hot Plug Events, when implemented, are reported through either the
   event-scan RTAS call or a hotplug interrupt.

   An OS that wants to be notified of hotplug events will need to set the
   appropriate arch-vector bit (XXX TBD) look for the
   hot-plug-events node in the /event-sources node of the OF device tree
   (see C.6.12.1.4), enable the interrupts listed in its
   “interrupts” property and provide an interrupt handler to call
   check-exception when one of those interrupts are received.

   When a hotplug event occurs, whether reported by check-exception or
   event-scan, RTAS will directly pass back the Hotplug
   Event Log as described in Table XXX “Platform Event Log, Version 6,
   Hotplug Section” on page XXX.

Published documentation also lacks a description of the actual,
newly-added hotplug event format. A summary of that and most of the
other changes is included in:

   qemu.git/docs/specs/ppc-spapr-hotplug.txt

There's 

Re: [Qemu-devel] [PATCH 3/3] numa: silence incomplete mapping warning under qtest

[Eduardo Habkost]

On Thu, May 18, 2017 at 10:09:31AM +0200, Igor Mammedov wrote:
> Suggested-by: Markus Armbruster 
> Signed-off-by: Igor Mammedov 

Where exactly is the test code that triggers those messages and
requires this patch? I would like to document that in the commit
message.

> ---
> CC: Markus Armbruster 
> 
> ---
>  hw/core/machine.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/core/machine.c b/hw/core/machine.c
> index 2e91aa9..21ebef8 100644
> --- a/hw/core/machine.c
> +++ b/hw/core/machine.c
> @@ -21,6 +21,7 @@
>  #include "qemu/error-report.h"
>  #include "qemu/cutils.h"
>  #include "sysemu/numa.h"
> +#include "sysemu/qtest.h"
>  
>  static char *machine_get_accel(Object *obj, Error **errp)
>  {
> @@ -732,7 +733,7 @@ static void machine_numa_finish_init(MachineState 
> *machine)
>  }
>  }
>  }
> -if (s->len) {
> +if (s->len && !qtest_enabled()) {
>  error_report("warning: CPU(s) not present in any NUMA nodes: %s",
>   s->str);
>  error_report("warning: All CPU(s) up to maxcpus should be described "
> -- 
> 2.7.4
> 

-- 
Eduardo

Re: [Qemu-devel] [PATCH 1/3] numa: consolidate cpu_preplug fixups/checks for pc/arm/spapr

[Eduardo Habkost]

On Thu, May 18, 2017 at 10:09:29AM +0200, Igor Mammedov wrote:
> Signed-off-by: Igor Mammedov 
> ---
>  include/sysemu/numa.h |  1 +
>  hw/arm/virt.c | 16 ++--
>  hw/i386/pc.c  | 17 +
>  hw/ppc/spapr.c| 17 +
>  numa.c| 22 ++
>  5 files changed, 27 insertions(+), 46 deletions(-)
> 
> diff --git a/include/sysemu/numa.h b/include/sysemu/numa.h
> index 7ffde5b..610eece 100644
> --- a/include/sysemu/numa.h
> +++ b/include/sysemu/numa.h
> @@ -35,4 +35,5 @@ void numa_legacy_auto_assign_ram(MachineClass *mc, NodeInfo 
> *nodes,
>   int nb_nodes, ram_addr_t size);
>  void numa_default_auto_assign_ram(MachineClass *mc, NodeInfo *nodes,
>int nb_nodes, ram_addr_t size);
> +void numa_cpu_pre_plug(const CPUArchId *slot, DeviceState *dev, Error 
> **errp);

I understand an explicitly call to numa_cpu_pre_plug() is needed
on spapr_core_pre_plug() because it is not handling a TYPE_CPU
object. But why not adding a numa_cpu_pre_plug() call to
cpu_common_realizefn(), so the explicit calls in machvirt_init()
and pc_cpu_pre_plug() are not necessary?

Adding the code to cpu_common_realizefn() would also ensure
CPUState::node_id is set consistently, even if hotplug was not
done at thread level.


>  #endif
> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> index c7c8159..ce676df 100644
> --- a/hw/arm/virt.c
> +++ b/hw/arm/virt.c
> @@ -1351,7 +1351,6 @@ static void machvirt_init(MachineState *machine)
>  for (n = 0; n < possible_cpus->len; n++) {
>  Object *cpuobj;
>  CPUState *cs;
> -int node_id;
>  
>  if (n >= smp_cpus) {
>  break;
> @@ -1364,19 +1363,8 @@ static void machvirt_init(MachineState *machine)
>  cs = CPU(cpuobj);
>  cs->cpu_index = n;
>  
> -node_id = possible_cpus->cpus[cs->cpu_index].props.node_id;
> -if (!possible_cpus->cpus[cs->cpu_index].props.has_node_id) {
> -/* by default CPUState::numa_node was 0 if it's not set via CLI
> - * keep it this way for now but in future we probably should
> - * refuse to start up with incomplete numa mapping */
> - node_id = 0;
> -}
> -if (cs->numa_node == CPU_UNSET_NUMA_NODE_ID) {
> -cs->numa_node = node_id;
> -} else {
> -/* CPU isn't device_add compatible yet, this shouldn't happen */
> -error_setg(_abort, "user set node-id not implemented");
> -}
> +numa_cpu_pre_plug(_cpus->cpus[cs->cpu_index], 
> DEVICE(cpuobj),
> +  _fatal);
>  
>  if (!vms->secure) {
>  object_property_set_bool(cpuobj, false, "has_el3", NULL);
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index e36a375..d83c158 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -1895,7 +1895,6 @@ static void pc_cpu_pre_plug(HotplugHandler *hotplug_dev,
>  DeviceState *dev, Error **errp)
>  {
>  int idx;
> -int node_id;
>  CPUState *cs;
>  CPUArchId *cpu_slot;
>  X86CPUTopoInfo topo;
> @@ -1986,21 +1985,7 @@ static void pc_cpu_pre_plug(HotplugHandler 
> *hotplug_dev,
>  cs = CPU(cpu);
>  cs->cpu_index = idx;
>  
> -node_id = cpu_slot->props.node_id;
> -if (!cpu_slot->props.has_node_id) {
> -/* by default CPUState::numa_node was 0 if it's not set via CLI
> - * keep it this way for now but in future we probably should
> - * refuse to start up with incomplete numa mapping */
> -node_id = 0;
> -}
> -if (cs->numa_node == CPU_UNSET_NUMA_NODE_ID) {
> -cs->numa_node = node_id;
> -} else if (cs->numa_node != node_id) {
> -error_setg(errp, "node-id %d must match numa node specified"
> -"with -numa option for cpu-index %d",
> -cs->numa_node, cs->cpu_index);
> -return;
> -}
> +numa_cpu_pre_plug(cpu_slot, dev, errp);
>  }
>  
>  static void pc_machine_device_pre_plug_cb(HotplugHandler *hotplug_dev,
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 0980d73..c7fee8b 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2831,11 +2831,9 @@ static void spapr_core_pre_plug(HotplugHandler 
> *hotplug_dev, DeviceState *dev,
>  MachineClass *mc = MACHINE_GET_CLASS(hotplug_dev);
>  Error *local_err = NULL;
>  CPUCore *cc = CPU_CORE(dev);
> -sPAPRCPUCore *sc = SPAPR_CPU_CORE(dev);
>  char *base_core_type = spapr_get_cpu_core_type(machine->cpu_model);
>  const char *type = object_get_typename(OBJECT(dev));
>  CPUArchId *core_slot;
> -int node_id;
>  int index;
>  
>  if (dev->hotplugged && !mc->has_hotpluggable_cpus) {
> @@ -2870,20 +2868,7 @@ static void spapr_core_pre_plug(HotplugHandler 
> *hotplug_dev, DeviceState *dev,
>  goto out;
>  }
>  
> -node_id = 

Re: [Qemu-devel] [PATCH v2] gluster: add support for PREALLOC_MODE_FALLOC

[Jeff Cody]

On Thu, May 18, 2017 at 11:54:22AM +0200, Niels de Vos wrote:
> Add missing support for "preallocation=falloc" to the Gluster block
> driver. This change bases its logic on that of block/file-posix.c and
> removed the gluster_supports_zerofill() and qemu_gluster_zerofill()
> functiond in favour of #ifdef checks in an easy to read
> switch-statement.
> 
> Both glfs_zerofill() and glfs_fallocate() have been introduced with
> GlusterFS 3.5.0 (pkg-config glusterfs-api = 6). A #define for the
> availability of glfs_fallocate() has been added to ./configure.
> 
> Reported-by: Satheesaran Sundaramoorthi 
> URL: https://bugzilla.redhat.com/1450759
> Signed-off-by: Niels de Vos 
> ---
> v2 changes requested by Jeff Cody:
> - add CONFIG_GLUSTERFS_FALLOCATE
> - remove unneeded wrapper qemu_gluster_zerofill()
> 
>  block/gluster.c | 76 
> ++---
>  configure   |  6 +
>  2 files changed, 46 insertions(+), 36 deletions(-)
> 
> diff --git a/block/gluster.c b/block/gluster.c
> index 7c76cd0..0610183 100644
> --- a/block/gluster.c
> +++ b/block/gluster.c
> @@ -964,29 +964,6 @@ static coroutine_fn int 
> qemu_gluster_co_pwrite_zeroes(BlockDriverState *bs,
>  qemu_coroutine_yield();
>  return acb.ret;
>  }
> -
> -static inline bool gluster_supports_zerofill(void)
> -{
> -return 1;
> -}
> -
> -static inline int qemu_gluster_zerofill(struct glfs_fd *fd, int64_t offset,
> -int64_t size)
> -{
> -return glfs_zerofill(fd, offset, size);
> -}
> -
> -#else
> -static inline bool gluster_supports_zerofill(void)
> -{
> -return 0;
> -}
> -
> -static inline int qemu_gluster_zerofill(struct glfs_fd *fd, int64_t offset,
> -int64_t size)
> -{
> -return 0;
> -}
>  #endif
>  
>  static int qemu_gluster_create(const char *filename,
> @@ -996,9 +973,10 @@ static int qemu_gluster_create(const char *filename,
>  struct glfs *glfs;
>  struct glfs_fd *fd;
>  int ret = 0;
> -int prealloc = 0;
> +PreallocMode prealloc;
>  int64_t total_size = 0;
>  char *tmp = NULL;
> +Error *local_err = NULL;
>  
>  gconf = g_new0(BlockdevOptionsGluster, 1);
>  gconf->debug = qemu_opt_get_number_del(opts, GLUSTER_OPT_DEBUG,
> @@ -1026,13 +1004,12 @@ static int qemu_gluster_create(const char *filename,
>BDRV_SECTOR_SIZE);
>  
>  tmp = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
> -if (!tmp || !strcmp(tmp, "off")) {
> -prealloc = 0;
> -} else if (!strcmp(tmp, "full") && gluster_supports_zerofill()) {
> -prealloc = 1;
> -} else {
> -error_setg(errp, "Invalid preallocation mode: '%s'"
> - " or GlusterFS doesn't support zerofill API", tmp);
> +prealloc = qapi_enum_parse(PreallocMode_lookup, tmp,
> +   PREALLOC_MODE__MAX, PREALLOC_MODE_OFF,
> +   _err);
> +g_free(tmp);
> +if (local_err) {
> +error_propagate(errp, local_err);
>  ret = -EINVAL;
>  goto out;
>  }
> @@ -1041,21 +1018,48 @@ static int qemu_gluster_create(const char *filename,
>  O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, S_IRUSR | 
> S_IWUSR);
>  if (!fd) {
>  ret = -errno;
> -} else {
> +goto out;
> +}
> +
> +switch (prealloc) {
> +#ifdef CONFIG_GLUSTERFS_FALLOCATE
> +case PREALLOC_MODE_FALLOC:
> +if (!glfs_fallocate(fd, 0, 0, total_size)) {

Does glfs_fallocate() return 0 on failure?  Both posix and linux versions of
fallocate() return 0 on success.

> +error_setg(errp, "Could not preallocate data for the new file");
> +ret = -errno;
> +}
> +break;
> +#endif /* CONFIG_GLUSTERFS_FALLOCATE */
> +#ifdef CONFIG_GLUSTERFS_ZEROFILL
> +case PREALLOC_MODE_FULL:
>  if (!glfs_ftruncate(fd, total_size)) {
> -if (prealloc && qemu_gluster_zerofill(fd, 0, total_size)) {
> +if (glfs_zerofill(fd, 0, total_size)) {
> +error_setg(errp, "Could not zerofill the new file");
>  ret = -errno;
>  }
>  } else {
> +error_setg(errp, "Could not resize file");
>  ret = -errno;
>  }
> -
> -if (glfs_close(fd) != 0) {
> +break;
> +#endif /* CONFIG_GLUSTERFS_ZEROFILL */
> +case PREALLOC_MODE_OFF:
> +if (glfs_ftruncate(fd, total_size) != 0) {
>  ret = -errno;
> +error_setg(errp, "Could not resize file");
>  }
> +break;
> +default:
> +ret = -EINVAL;
> +error_setg(errp, "Unsupported preallocation mode: %s",
> +   PreallocMode_lookup[prealloc]);
> +break;
> +}
> +
> +if (glfs_close(fd) != 0) {
> +ret = -errno;
>  }
>  out:
> -g_free(tmp);
>  

Re: [Qemu-devel] [PATCH 1/1] s390x/css: catch section mismatch on load

[Dr. David Alan Gilbert]

* Halil Pasic (pa...@linux.vnet.ibm.com) wrote:
> Prior to the virtio-ccw-2.7 machine (and commit 2a79eb1a), our virtio
> devices residing under the virtual-css bus do not have qdev_path based
> migration stream identifiers (because their qdev_path is NULL). The ids
> are instead generated when the device is registered as a composition of
> the so called idstr, which takes the vmsd name as its value, and an
> instance_id, which is which is calculated as a maximal instance_id
> registered with the same idstr plus one, or zero (if none was registered
> previously).
> 
> That means, under certain circumstances, one device might try, and even
> succeed, to load the state of a different device. This can lead to
> trouble.
> 
> Let us fail the migration if the above problem is detected during load.
> 
> How to reproduce the problem:
> 1) start qemu-system-s390x making sure you have the following devices
>defined on your command line:
>  -device virtio-rng-ccw,id=rng1,devno=fe.0.0001
>  -device virtio-rng-ccw,id=rng2,devno=fe.0.0002
> 2) detach the devices and reattach in reverse order using the monitor:
>  (qemu) device_del rng1
>  (qemu) device_del rng2
>  (qemu) device_add virtio-rng-ccw,id=rng2,devno=fe.0.0002
>  (qemu) device_add virtio-rng-ccw,id=rng1,devno=fe.0.0001
> 3) save the state of the vm into a temporary file and quit QEMU:
>  (qemu) migrate "exec:gzip -c > /tmp/tmp_vmstate.gz"
>  (qemu) q
> 4) use your command line from step 1 with
>  -incoming "exec:gzip -c -d /tmp/tmp_vmstate.gz"
>appended to reproduce the problem (while trying to to load the saved vm)
> 
> CC: qemu-sta...@nongnu.org
> Signed-off-by: Halil Pasic 
> Reviewed-by: Dong Jia Shi 
> ---
> 
> Hi!
> 
> I also wonder what is the best way to do this with vmstate.  I know there
> are VMSTATE_*_EQUAL macros for integers, and I have partially modelled my
> patch after that, but there we only get a != b as error message, which is
> satisfactory for detecting bugs which are supposed to get fixed. In this
> particular case having a verbose error message should be really helpful
> and thus important.
> 
> I'm asking because I'm currently working on a vmstate conversion of the
> s390x css and virtio-ccw  stuff (find my latest patch set here
> https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg01364.html).

I think the way to solve that problem will probably be adding a 'hint'
parameter to the VMSTATE_*_EQUAL macros that is a constant string,
stuff a pointer to that into a possibly new field in VMStateField,
and then make the get_*_equal functions include that string in the
message like you do.  There's a lot of copy and paste but it's
not too bad now that Jianjun's patch from a few months ago passed
the VMStateField* to the .get/.put.

Dave


> Regards,
> Halil
> ---
>  hw/s390x/css.c| 14 ++
>  hw/s390x/virtio-ccw.c |  6 +-
>  2 files changed, 19 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/s390x/css.c b/hw/s390x/css.c
> index 15c4f4b..6cff3a3 100644
> --- a/hw/s390x/css.c
> +++ b/hw/s390x/css.c
> @@ -14,6 +14,7 @@
>  #include "qapi/visitor.h"
>  #include "hw/qdev.h"
>  #include "qemu/bitops.h"
> +#include "qemu/error-report.h"
>  #include "exec/address-spaces.h"
>  #include "cpu.h"
>  #include "hw/s390x/ioinst.h"
> @@ -1721,13 +1722,26 @@ void subch_device_save(SubchDev *s, QEMUFile *f)
>  int subch_device_load(SubchDev *s, QEMUFile *f)
>  {
>  SubchDev *old_s;
> +Error *err = NULL;
>  uint16_t old_schid = s->schid;
> +uint16_t old_devno = s->devno;
>  int i;
>  
>  s->cssid = qemu_get_byte(f);
>  s->ssid = qemu_get_byte(f);
>  s->schid = qemu_get_be16(f);
>  s->devno = qemu_get_be16(f);
> +if (s->devno != old_devno) {
> +/* Only possible if machine < 2.7 (no css_dev_path) */
> +
> +error_setg(, "%x != %x", old_devno,  s->devno);
> +error_append_hint(, "Devno mismatch, tried to load wrong 
> section!"
> +  " Likely reason: some sequences of plug and unplug"
> +  " can break migration for machine versions prior"
> +  " 2.7 (known design flaw).\n");
> +error_report_err(err);
> +return -EINVAL;
> +}
>  /* Re-assign subch. */
>  if (old_schid != s->schid) {
>  old_s = 
> channel_subsys.css[s->cssid]->sch_set[s->ssid]->sch[old_schid];
> diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
> index e7167e3..4f7efa2 100644
> --- a/hw/s390x/virtio-ccw.c
> +++ b/hw/s390x/virtio-ccw.c
> @@ -1274,9 +1274,13 @@ static int virtio_ccw_load_config(DeviceState *d, 
> QEMUFile *f)
>  SubchDev *s = ccw_dev->sch;
>  VirtIODevice *vdev = virtio_ccw_get_vdev(s);
>  int len;
> +int ret;
>  
>  s->driver_data = dev;
> -subch_device_load(s, f);
> +ret = subch_device_load(s, f);
> +if (ret) {
> +return ret;
> +}
>  

[Qemu-devel] [PATCH 09/11] migration: Create include for migration snapshots

[Juan Quintela]

Start removing migration code from sysemu/sysemu.h.

Signed-off-by: Juan Quintela 
---
 hmp.c|  5 +++--
 include/block/block_int.h|  4 ++--
 include/migration/snapshot.h | 20 
 include/sysemu/sysemu.h  |  3 ---
 migration/savevm.c   |  5 +++--
 replay/replay-snapshot.c |  5 +++--
 vl.c |  3 ++-
 7 files changed, 33 insertions(+), 12 deletions(-)
 create mode 100644 include/migration/snapshot.h

diff --git a/hmp.c b/hmp.c
index 20f5dab..ad72390 100644
--- a/hmp.c
+++ b/hmp.c
@@ -42,6 +42,7 @@
 #include "qemu/error-report.h"
 #include "exec/ramlist.h"
 #include "hw/intc/intc.h"
+#include "migration/snapshot.h"
 
 #ifdef CONFIG_SPICE
 #include 
@@ -1284,7 +1285,7 @@ void hmp_loadvm(Monitor *mon, const QDict *qdict)
 
 vm_stop(RUN_STATE_RESTORE_VM);
 
-if (load_vmstate(name, ) == 0 && saved_vm_running) {
+if (load_snapshot(name, ) == 0 && saved_vm_running) {
 vm_start();
 }
 hmp_handle_error(mon, );
@@ -1294,7 +1295,7 @@ void hmp_savevm(Monitor *mon, const QDict *qdict)
 {
 Error *err = NULL;
 
-save_vmstate(qdict_get_try_str(qdict, "name"), );
+save_snapshot(qdict_get_try_str(qdict, "name"), );
 hmp_handle_error(mon, );
 }
 
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 8d3724c..e761077 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -601,8 +601,8 @@ struct BlockDriverState {
 int copy_on_read;
 
 /* If we are reading a disk image, give its size in sectors.
- * Generally read-only; it is written to by load_vmstate and save_vmstate,
- * but the block layer is quiescent during those.
+ * Generally read-only; it is written to by load_snapshot and
+ * save_snaphost, but the block layer is quiescent during those.
  */
 int64_t total_sectors;
 
diff --git a/include/migration/snapshot.h b/include/migration/snapshot.h
new file mode 100644
index 000..79062b5
--- /dev/null
+++ b/include/migration/snapshot.h
@@ -0,0 +1,20 @@
+/*
+ * QEMU live migration
+ *
+ * Copyright IBM, Corp. 2008
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_MIGRATION_SAVEVM_H
+#define QEMU_MIGRATION_SAVEVM_H
+
+int save_snapshot(const char *name, Error **errp);
+int load_snapshot(const char *name, Error **errp);
+
+#endif
diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index 73baea1..4dc6651 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -74,9 +74,6 @@ void qemu_remove_exit_notifier(Notifier *notify);
 void qemu_add_machine_init_done_notifier(Notifier *notify);
 void qemu_remove_machine_init_done_notifier(Notifier *notify);
 
-int save_vmstate(const char *name, Error **errp);
-int load_vmstate(const char *name, Error **errp);
-
 void qemu_announce_self(void);
 
 extern int autostart;
diff --git a/migration/savevm.c b/migration/savevm.c
index 0a32474..10731ea 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -35,6 +35,7 @@
 #include "sysemu/sysemu.h"
 #include "qemu/timer.h"
 #include "migration/migration.h"
+#include "migration/snapshot.h"
 #include "qemu-file-channel.h"
 #include "qemu-file.h"
 #include "savevm.h"
@@ -2087,7 +2088,7 @@ int qemu_loadvm_state(QEMUFile *f)
 return ret;
 }
 
-int save_vmstate(const char *name, Error **errp)
+int save_snapshot(const char *name, Error **errp)
 {
 BlockDriverState *bs, *bs1;
 QEMUSnapshotInfo sn1, *sn = , old_sn1, *old_sn = _sn1;
@@ -2244,7 +2245,7 @@ void qmp_xen_load_devices_state(const char *filename, 
Error **errp)
 migration_incoming_state_destroy();
 }
 
-int load_vmstate(const char *name, Error **errp)
+int load_snapshot(const char *name, Error **errp)
 {
 BlockDriverState *bs, *bs_vm_state;
 QEMUSnapshotInfo sn;
diff --git a/replay/replay-snapshot.c b/replay/replay-snapshot.c
index c75cd38..a4ded29 100644
--- a/replay/replay-snapshot.c
+++ b/replay/replay-snapshot.c
@@ -19,6 +19,7 @@
 #include "qapi/qmp/qstring.h"
 #include "qemu/error-report.h"
 #include "migration/vmstate.h"
+#include "migration/snapshot.h"
 
 static void replay_pre_save(void *opaque)
 {
@@ -66,13 +67,13 @@ void replay_vmstate_init(void)
 
 if (replay_snapshot) {
 if (replay_mode == REPLAY_MODE_RECORD) {
-if (save_vmstate(replay_snapshot, ) != 0) {
+if (save_snapshot(replay_snapshot, ) != 0) {
 error_report_err(err);
 error_report("Could not create snapshot for icount record");
 exit(1);
 }
 } else if (replay_mode == REPLAY_MODE_PLAY) {
-if (load_vmstate(replay_snapshot, ) != 0) {
+if (load_snapshot(replay_snapshot, ) != 0) {
 error_report_err(err);
 error_report("Could not load snapshot for 

[Qemu-devel] [PATCH 07/11] migration: Export tls.c functions in its own file

[Juan Quintela]

Just for the functions exported from tls.c.  Notice that we can't
remove the migration/migration.h include from tls.c because it access
directly MigrationState for the tls params.

Signed-off-by: Juan Quintela 
---
 include/migration/migration.h | 10 --
 migration/channel.c   |  1 +
 migration/migration.c |  1 -
 migration/tls.c   |  1 +
 migration/tls.h   | 34 ++
 5 files changed, 36 insertions(+), 11 deletions(-)
 create mode 100644 migration/tls.h

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 7a0a50b..f125961 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -18,7 +18,6 @@
 #include "qemu-common.h"
 #include "qemu/thread.h"
 #include "qemu/notify.h"
-#include "io/channel.h"
 #include "qapi-types.h"
 #include "exec/cpu-common.h"
 #include "qemu/coroutine_int.h"
@@ -157,15 +156,6 @@ void migration_fd_process_incoming(QEMUFile *f);
 
 void qemu_start_incoming_migration(const char *uri, Error **errp);
 
-void migration_tls_channel_process_incoming(MigrationState *s,
-QIOChannel *ioc,
-Error **errp);
-
-void migration_tls_channel_connect(MigrationState *s,
-   QIOChannel *ioc,
-   const char *hostname,
-   Error **errp);
-
 uint64_t migrate_max_downtime(void);
 
 void rdma_start_outgoing_migration(void *opaque, const char *host_port, Error 
**errp);
diff --git a/migration/channel.c b/migration/channel.c
index fed8563..4972045 100644
--- a/migration/channel.c
+++ b/migration/channel.c
@@ -15,6 +15,7 @@
 
 #include "qemu/osdep.h"
 #include "channel.h"
+#include "tls.h"
 #include "migration/migration.h"
 #include "qemu-file-channel.h"
 #include "trace.h"
diff --git a/migration/migration.c b/migration/migration.c
index efdb9bb..90f0521 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -43,7 +43,6 @@
 #include "exec/address-spaces.h"
 #include "exec/target_page.h"
 #include "io/channel-buffer.h"
-#include "io/channel-tls.h"
 #include "migration/colo.h"
 
 #define MAX_THROTTLE  (32 << 20)  /* Migration transfer speed throttling */
diff --git a/migration/tls.c b/migration/tls.c
index 34ad121..bae9aca 100644
--- a/migration/tls.c
+++ b/migration/tls.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "channel.h"
 #include "migration/migration.h"
+#include "tls.h"
 #include "io/channel-tls.h"
 #include "crypto/tlscreds.h"
 #include "qemu/error-report.h"
diff --git a/migration/tls.h b/migration/tls.h
new file mode 100644
index 000..cdd7000
--- /dev/null
+++ b/migration/tls.h
@@ -0,0 +1,34 @@
+/*
+ * QEMU migration TLS support
+ *
+ * Copyright (c) 2015 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#ifndef QEMU_MIGRATION_TLS_H
+#define QEMU_MIGRATION_TLS_H
+
+#include "io/channel.h"
+
+void migration_tls_channel_process_incoming(MigrationState *s,
+QIOChannel *ioc,
+Error **errp);
+
+void migration_tls_channel_connect(MigrationState *s,
+   QIOChannel *ioc,
+   const char *hostname,
+   Error **errp);
+#endif
-- 
2.9.3

[Qemu-devel] [PATCH 06/11] migration: Export socket.c functions in its own file

[Juan Quintela]

Signed-off-by: Juan Quintela 
---
 include/migration/migration.h |  8 
 migration/migration.c |  1 +
 migration/socket.c|  1 +
 migration/socket.h| 28 
 4 files changed, 30 insertions(+), 8 deletions(-)
 create mode 100644 migration/socket.h

diff --git a/include/migration/migration.h b/include/migration/migration.h
index d0ce199..7a0a50b 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -168,14 +168,6 @@ void migration_tls_channel_connect(MigrationState *s,
 
 uint64_t migrate_max_downtime(void);
 
-void tcp_start_incoming_migration(const char *host_port, Error **errp);
-
-void tcp_start_outgoing_migration(MigrationState *s, const char *host_port, 
Error **errp);
-
-void unix_start_incoming_migration(const char *path, Error **errp);
-
-void unix_start_outgoing_migration(MigrationState *s, const char *path, Error 
**errp);
-
 void rdma_start_outgoing_migration(void *opaque, const char *host_port, Error 
**errp);
 
 void rdma_start_incoming_migration(const char *host_port, Error **errp);
diff --git a/migration/migration.c b/migration/migration.c
index 1b99ced..efdb9bb 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -20,6 +20,7 @@
 #include "migration/blocker.h"
 #include "exec.h"
 #include "fd.h"
+#include "socket.h"
 #include "migration/migration.h"
 #include "savevm.h"
 #include "qemu-file-channel.h"
diff --git a/migration/socket.c b/migration/socket.c
index 3f8ffc9..85bfdcc 100644
--- a/migration/socket.c
+++ b/migration/socket.c
@@ -20,6 +20,7 @@
 #include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "channel.h"
+#include "socket.h"
 #include "migration/migration.h"
 #include "qemu-file.h"
 #include "io/channel-socket.h"
diff --git a/migration/socket.h b/migration/socket.h
new file mode 100644
index 000..6b91e9d
--- /dev/null
+++ b/migration/socket.h
@@ -0,0 +1,28 @@
+/*
+ * QEMU live migration via socket
+ *
+ * Copyright Red Hat, Inc. 2009-2016
+ *
+ * Authors:
+ *  Chris Lalancette 
+ *  Daniel P. Berrange 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#ifndef QEMU_MIGRATION_SOCKET_H
+#define QEMU_MIGRATION_SOCKET_H
+void tcp_start_incoming_migration(const char *host_port, Error **errp);
+
+void tcp_start_outgoing_migration(MigrationState *s, const char *host_port,
+  Error **errp);
+
+void unix_start_incoming_migration(const char *path, Error **errp);
+
+void unix_start_outgoing_migration(MigrationState *s, const char *path,
+   Error **errp);
+#endif
-- 
2.9.3

[Qemu-devel] [PATCH 05/11] migration: Export fd.c functions in its own file

[Juan Quintela]

Signed-off-by: Juan Quintela 
---
 include/migration/migration.h |  4 
 migration/fd.c|  1 +
 migration/fd.h| 23 +++
 migration/migration.c |  1 +
 4 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 migration/fd.h

diff --git a/include/migration/migration.h b/include/migration/migration.h
index b942378..d0ce199 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -176,10 +176,6 @@ void unix_start_incoming_migration(const char *path, Error 
**errp);
 
 void unix_start_outgoing_migration(MigrationState *s, const char *path, Error 
**errp);
 
-void fd_start_incoming_migration(const char *path, Error **errp);
-
-void fd_start_outgoing_migration(MigrationState *s, const char *fdname, Error 
**errp);
-
 void rdma_start_outgoing_migration(void *opaque, const char *host_port, Error 
**errp);
 
 void rdma_start_incoming_migration(const char *host_port, Error **errp);
diff --git a/migration/fd.c b/migration/fd.c
index 05e0a5c..0077a50 100644
--- a/migration/fd.c
+++ b/migration/fd.c
@@ -18,6 +18,7 @@
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "channel.h"
+#include "fd.h"
 #include "migration/migration.h"
 #include "monitor/monitor.h"
 #include "io/channel-util.h"
diff --git a/migration/fd.h b/migration/fd.h
new file mode 100644
index 000..a14a63c
--- /dev/null
+++ b/migration/fd.h
@@ -0,0 +1,23 @@
+/*
+ * QEMU live migration via generic fd
+ *
+ * Copyright Red Hat, Inc. 2009-2016
+ *
+ * Authors:
+ *  Chris Lalancette 
+ *  Daniel P. Berrange 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#ifndef QEMU_MIGRATION_FD_H
+#define QEMU_MIGRATION_FD_H
+void fd_start_incoming_migration(const char *path, Error **errp);
+
+void fd_start_outgoing_migration(MigrationState *s, const char *fdname,
+ Error **errp);
+#endif
diff --git a/migration/migration.c b/migration/migration.c
index cefffac..1b99ced 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -19,6 +19,7 @@
 #include "qemu/main-loop.h"
 #include "migration/blocker.h"
 #include "exec.h"
+#include "fd.h"
 #include "migration/migration.h"
 #include "savevm.h"
 #include "qemu-file-channel.h"
-- 
2.9.3

[Qemu-devel] [PATCH 04/11] migration: Export exec.c functions in its own file

[Juan Quintela]

Signed-off-by: Juan Quintela 
---
 include/migration/migration.h |  4 
 migration/exec.c  |  1 +
 migration/exec.h  | 26 ++
 migration/migration.c |  1 +
 4 files changed, 28 insertions(+), 4 deletions(-)
 create mode 100644 migration/exec.h

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 0e807b6..b942378 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -168,10 +168,6 @@ void migration_tls_channel_connect(MigrationState *s,
 
 uint64_t migrate_max_downtime(void);
 
-void exec_start_incoming_migration(const char *host_port, Error **errp);
-
-void exec_start_outgoing_migration(MigrationState *s, const char *host_port, 
Error **errp);
-
 void tcp_start_incoming_migration(const char *host_port, Error **errp);
 
 void tcp_start_outgoing_migration(MigrationState *s, const char *host_port, 
Error **errp);
diff --git a/migration/exec.c b/migration/exec.c
index 57a9335..9077024 100644
--- a/migration/exec.c
+++ b/migration/exec.c
@@ -21,6 +21,7 @@
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "channel.h"
+#include "exec.h"
 #include "migration/migration.h"
 #include "io/channel-command.h"
 #include "trace.h"
diff --git a/migration/exec.h b/migration/exec.h
new file mode 100644
index 000..b210ffd
--- /dev/null
+++ b/migration/exec.h
@@ -0,0 +1,26 @@
+/*
+ * QEMU live migration
+ *
+ * Copyright IBM, Corp. 2008
+ * Copyright Dell MessageOne 2008
+ * Copyright Red Hat, Inc. 2015-2016
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *  Charles Duffy 
+ *  Daniel P. Berrange 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#ifndef QEMU_MIGRATION_EXEC_H
+#define QEMU_MIGRATION_EXEC_H
+void exec_start_incoming_migration(const char *host_port, Error **errp);
+
+void exec_start_outgoing_migration(MigrationState *s, const char *host_port,
+   Error **errp);
+#endif
diff --git a/migration/migration.c b/migration/migration.c
index b65f5cc..cefffac 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -18,6 +18,7 @@
 #include "qemu/error-report.h"
 #include "qemu/main-loop.h"
 #include "migration/blocker.h"
+#include "exec.h"
 #include "migration/migration.h"
 #include "savevm.h"
 #include "qemu-file-channel.h"
-- 
2.9.3

Re: [Qemu-devel] [PATCH v4] target/s390x: Add support for the TEST BLOCK instruction

[Richard Henderson]

On 05/18/2017 10:26 AM, Thomas Huth wrote:

TEST BLOCK was likely once used to execute basic memory
tests, but nowadays it's just a (slow) way to clear a page.

Signed-off-by: Thomas Huth
---
  v4:
  - Switched TCG_CALL_NO_RWG back to TCG_CALL_NO_WG as indicated by Richard

  v3:
  - Use TCG_CALL_NO_RWG instead of TCG_CALL_NO_WG
  - Use potential_page_fault() since the helper can generate an exception

  v2:
  - Use DEF_HELPER_FLAGS_2 instead for DEF_HELPER_2 for returning CC value
  - Convert real to absolute address
  - Added a check for valid RAM page
  - Added low-address protection check

  target/s390x/cpu.h |  1 +
  target/s390x/helper.h  |  1 +
  target/s390x/insn-data.def |  2 ++
  target/s390x/mem_helper.c  | 28 
  target/s390x/mmu_helper.c  |  2 +-
  target/s390x/translate.c   | 11 +++
  6 files changed, 44 insertions(+), 1 deletion(-)


Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PATCH 03/11] migration: Split qemu-file.h

[Juan Quintela]

Split the file into public and internal interfaces.  I have to rename
the external one because we can't have two include files with the same
name in the same directory.  Build system gets confused.  The only
exported functions are the ones that handle basic types.

Signed-off-by: Juan Quintela 
---
 hw/i2c/i2c-ddc.c |   1 +
 hw/intc/s390_flic.c  |   1 -
 hw/intc/s390_flic_kvm.c  |   1 -
 hw/s390x/s390-skeys.c|   1 -
 include/hw/hw.h  |   2 +-
 include/migration/qemu-file-types.h  | 164 +++
 migration/block.c|   2 +-
 migration/colo.c |   2 +-
 migration/migration.c|   2 +-
 migration/postcopy-ram.c |   2 +-
 migration/qemu-file-channel.c|   3 +-
 migration/qemu-file.c|   2 +-
 {include/migration => migration}/qemu-file.h | 157 +
 migration/ram.c  |   2 +-
 migration/rdma.c |   2 +-
 migration/savevm.c   |   1 +
 migration/socket.c   |   2 +-
 migration/vmstate-types.c|   3 +-
 migration/vmstate.c  |   2 +-
 tests/test-vmstate.c |   3 +-
 20 files changed, 186 insertions(+), 169 deletions(-)
 create mode 100644 include/migration/qemu-file-types.h
 rename {include/migration => migration}/qemu-file.h (62%)

diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
index 66899d7..6b92e95 100644
--- a/hw/i2c/i2c-ddc.c
+++ b/hw/i2c/i2c-ddc.c
@@ -17,6 +17,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu-common.h"
 #include "qemu/log.h"
 #include "hw/i2c/i2c.h"
 #include "hw/i2c/i2c-ddc.h"
diff --git a/hw/intc/s390_flic.c b/hw/intc/s390_flic.c
index 711c114..a26e906 100644
--- a/hw/intc/s390_flic.c
+++ b/hw/intc/s390_flic.c
@@ -13,7 +13,6 @@
 #include "qemu/osdep.h"
 #include "qemu/error-report.h"
 #include "hw/sysbus.h"
-#include "migration/qemu-file.h"
 #include "hw/s390x/s390_flic.h"
 #include "trace.h"
 #include "hw/qdev.h"
diff --git a/hw/intc/s390_flic_kvm.c b/hw/intc/s390_flic_kvm.c
index cc44bc4..b4c61d8 100644
--- a/hw/intc/s390_flic_kvm.c
+++ b/hw/intc/s390_flic_kvm.c
@@ -17,7 +17,6 @@
 #include "qemu/error-report.h"
 #include "hw/sysbus.h"
 #include "sysemu/kvm.h"
-#include "migration/qemu-file.h"
 #include "hw/s390x/s390_flic.h"
 #include "hw/s390x/adapter.h"
 #include "trace.h"
diff --git a/hw/s390x/s390-skeys.c b/hw/s390x/s390-skeys.c
index e2d4e1a..619152c 100644
--- a/hw/s390x/s390-skeys.c
+++ b/hw/s390x/s390-skeys.c
@@ -12,7 +12,6 @@
 #include "qemu/osdep.h"
 #include "hw/boards.h"
 #include "qmp-commands.h"
-#include "migration/qemu-file.h"
 #include "hw/s390x/storage-keys.h"
 #include "qemu/error-report.h"
 #include "sysemu/kvm.h"
diff --git a/include/hw/hw.h b/include/hw/hw.h
index af9eae1..ab4950c 100644
--- a/include/hw/hw.h
+++ b/include/hw/hw.h
@@ -11,7 +11,7 @@
 #include "exec/memory.h"
 #include "hw/irq.h"
 #include "migration/vmstate.h"
-#include "migration/qemu-file.h"
+#include "migration/qemu-file-types.h"
 #include "qemu/module.h"
 #include "sysemu/reset.h"
 
diff --git a/include/migration/qemu-file-types.h 
b/include/migration/qemu-file-types.h
new file mode 100644
index 000..bd6d7dd
--- /dev/null
+++ b/include/migration/qemu-file-types.h
@@ -0,0 +1,164 @@
+/*
+ * QEMU System Emulator
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef QEMU_FILE_H
+#define QEMU_FILE_H
+
+void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size);
+void qemu_put_byte(QEMUFile *f, int v);
+
+#define qemu_put_sbyte qemu_put_byte
+
+void qemu_put_be16(QEMUFile *f, unsigned int v);
+void 

[Qemu-devel] [PATCH 02/11] migration: Remove unneeded includes of migration/vmstate.h

[Juan Quintela]

Signed-off-by: Juan Quintela 
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/core/qdev.c   | 1 -
 include/hw/acpi/memory_hotplug.h | 1 -
 include/hw/acpi/pcihp.h  | 1 -
 include/hw/pci/shpc.h| 1 -
 include/net/net.h| 1 -
 target/alpha/cpu.c   | 1 -
 target/hppa/cpu.c| 1 -
 target/s390x/cpu.c   | 1 -
 target/tilegx/cpu.c  | 1 -
 9 files changed, 9 deletions(-)

diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 71ff95f..0ce45a2 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -37,7 +37,6 @@
 #include "hw/boards.h"
 #include "hw/sysbus.h"
 #include "qapi-event.h"
-#include "migration/vmstate.h"
 
 bool qdev_hotplug = false;
 static bool qdev_hot_added = false;
diff --git a/include/hw/acpi/memory_hotplug.h b/include/hw/acpi/memory_hotplug.h
index db8ebc9..77c6576 100644
--- a/include/hw/acpi/memory_hotplug.h
+++ b/include/hw/acpi/memory_hotplug.h
@@ -3,7 +3,6 @@
 
 #include "hw/qdev-core.h"
 #include "hw/acpi/acpi.h"
-#include "migration/vmstate.h"
 #include "hw/acpi/aml-build.h"
 
 /**
diff --git a/include/hw/acpi/pcihp.h b/include/hw/acpi/pcihp.h
index 04528b7..8a65f99 100644
--- a/include/hw/acpi/pcihp.h
+++ b/include/hw/acpi/pcihp.h
@@ -28,7 +28,6 @@
 #define HW_ACPI_PCIHP_H
 
 #include "hw/acpi/acpi.h"
-#include "migration/vmstate.h"
 #include "hw/hotplug.h"
 
 #define ACPI_PCIHP_IO_BASE_PROP "acpi-pcihp-io-base"
diff --git a/include/hw/pci/shpc.h b/include/hw/pci/shpc.h
index b208554..71e836b 100644
--- a/include/hw/pci/shpc.h
+++ b/include/hw/pci/shpc.h
@@ -3,7 +3,6 @@
 
 #include "qemu-common.h"
 #include "exec/memory.h"
-#include "migration/vmstate.h"
 #include "hw/hotplug.h"
 #include "hw/pci/pci.h"
 
diff --git a/include/net/net.h b/include/net/net.h
index 99b28d5..ba663bd 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -6,7 +6,6 @@
 #include "qapi/qmp/qdict.h"
 #include "qemu/option.h"
 #include "net/queue.h"
-#include "migration/vmstate.h"
 #include "qapi-types.h"
 
 #define MAC_FMT "%02X:%02X:%02X:%02X:%02X:%02X"
diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
index b4f9798..8186c9d 100644
--- a/target/alpha/cpu.c
+++ b/target/alpha/cpu.c
@@ -23,7 +23,6 @@
 #include "qapi/error.h"
 #include "cpu.h"
 #include "qemu-common.h"
-#include "migration/vmstate.h"
 #include "exec/exec-all.h"
 
 
diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
index 1d791d0..30299e9 100644
--- a/target/hppa/cpu.c
+++ b/target/hppa/cpu.c
@@ -22,7 +22,6 @@
 #include "qapi/error.h"
 #include "cpu.h"
 #include "qemu-common.h"
-#include "migration/vmstate.h"
 #include "exec/exec-all.h"
 
 
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index a1bf2ba..e820e63 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -32,7 +32,6 @@
 #include "qemu/error-report.h"
 #include "trace.h"
 #include "qapi/visitor.h"
-#include "migration/vmstate.h"
 #include "exec/exec-all.h"
 #ifndef CONFIG_USER_ONLY
 #include "hw/hw.h"
diff --git a/target/tilegx/cpu.c b/target/tilegx/cpu.c
index d90e38e..4532639 100644
--- a/target/tilegx/cpu.c
+++ b/target/tilegx/cpu.c
@@ -23,7 +23,6 @@
 #include "cpu.h"
 #include "qemu-common.h"
 #include "hw/qdev-properties.h"
-#include "migration/vmstate.h"
 #include "linux-user/syscall_defs.h"
 #include "exec/exec-all.h"
 
-- 
2.9.3

[Qemu-devel] [PATCH 08/11] migration: Export rdma.c functions in its own file

[Juan Quintela]

Signed-off-by: Juan Quintela 
---
 include/migration/migration.h |  4 
 migration/migration.c |  1 +
 migration/rdma.c  |  1 +
 migration/rdma.h  | 25 +
 4 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 migration/rdma.h

diff --git a/include/migration/migration.h b/include/migration/migration.h
index f125961..4695af7 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -158,10 +158,6 @@ void qemu_start_incoming_migration(const char *uri, Error 
**errp);
 
 uint64_t migrate_max_downtime(void);
 
-void rdma_start_outgoing_migration(void *opaque, const char *host_port, Error 
**errp);
-
-void rdma_start_incoming_migration(const char *host_port, Error **errp);
-
 void migrate_fd_error(MigrationState *s, const Error *error);
 
 void migrate_fd_connect(MigrationState *s);
diff --git a/migration/migration.c b/migration/migration.c
index 90f0521..bacdb44 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -21,6 +21,7 @@
 #include "exec.h"
 #include "fd.h"
 #include "socket.h"
+#include "rdma.h"
 #include "migration/migration.h"
 #include "savevm.h"
 #include "qemu-file-channel.h"
diff --git a/migration/rdma.c b/migration/rdma.c
index 4cb5bf8..fab30ea 100644
--- a/migration/rdma.c
+++ b/migration/rdma.c
@@ -17,6 +17,7 @@
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "qemu/cutils.h"
+#include "rdma.h"
 #include "migration/migration.h"
 #include "qemu-file.h"
 #include "exec/cpu-common.h"
diff --git a/migration/rdma.h b/migration/rdma.h
new file mode 100644
index 000..de2ba09
--- /dev/null
+++ b/migration/rdma.h
@@ -0,0 +1,25 @@
+/*
+ * RDMA protocol and interfaces
+ *
+ * Copyright IBM, Corp. 2010-2013
+ * Copyright Red Hat, Inc. 2015-2016
+ *
+ * Authors:
+ *  Michael R. Hines 
+ *  Jiuxing Liu 
+ *  Daniel P. Berrange 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_MIGRATION_RDMA_H
+#define QEMU_MIGRATION_RDMA_H
+
+void rdma_start_outgoing_migration(void *opaque, const char *host_port,
+   Error **errp);
+
+void rdma_start_incoming_migration(const char *host_port, Error **errp);
+
+#endif
-- 
2.9.3

[Qemu-devel] [PATCH 01/11] migration: Create savevm.h for functions exported from savevm.c

[Juan Quintela]

This removes last trace of migration functions from sysemu/sysemu.h.

Signed-off-by: Juan Quintela 
---
 include/sysemu/sysemu.h  | 47 ---
 migration/colo.c |  1 +
 migration/migration.c|  1 +
 migration/postcopy-ram.c |  1 +
 migration/savevm.c   | 29 +
 migration/savevm.h   | 41 +
 6 files changed, 69 insertions(+), 51 deletions(-)
 create mode 100644 migration/savevm.h

diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index ed8fe3b..73baea1 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -79,53 +79,6 @@ int load_vmstate(const char *name, Error **errp);
 
 void qemu_announce_self(void);
 
-/* Subcommands for QEMU_VM_COMMAND */
-enum qemu_vm_cmd {
-MIG_CMD_INVALID = 0,   /* Must be 0 */
-MIG_CMD_OPEN_RETURN_PATH,  /* Tell the dest to open the Return path */
-MIG_CMD_PING,  /* Request a PONG on the RP */
-
-MIG_CMD_POSTCOPY_ADVISE,   /* Prior to any page transfers, just
-  warn we might want to do PC */
-MIG_CMD_POSTCOPY_LISTEN,   /* Start listening for incoming
-  pages as it's running. */
-MIG_CMD_POSTCOPY_RUN,  /* Start execution */
-
-MIG_CMD_POSTCOPY_RAM_DISCARD,  /* A list of pages to discard that
-  were previously sent during
-  precopy but are dirty. */
-MIG_CMD_PACKAGED,  /* Send a wrapped stream within this stream */
-MIG_CMD_MAX
-};
-
-#define MAX_VM_CMD_PACKAGED_SIZE (1ul << 24)
-
-bool qemu_savevm_state_blocked(Error **errp);
-void qemu_savevm_state_begin(QEMUFile *f);
-void qemu_savevm_state_header(QEMUFile *f);
-int qemu_savevm_state_iterate(QEMUFile *f, bool postcopy);
-void qemu_savevm_state_cleanup(void);
-void qemu_savevm_state_complete_postcopy(QEMUFile *f);
-void qemu_savevm_state_complete_precopy(QEMUFile *f, bool iterable_only);
-void qemu_savevm_state_pending(QEMUFile *f, uint64_t max_size,
-   uint64_t *res_non_postcopiable,
-   uint64_t *res_postcopiable);
-void qemu_savevm_command_send(QEMUFile *f, enum qemu_vm_cmd command,
-  uint16_t len, uint8_t *data);
-void qemu_savevm_send_ping(QEMUFile *f, uint32_t value);
-void qemu_savevm_send_open_return_path(QEMUFile *f);
-int qemu_savevm_send_packaged(QEMUFile *f, const uint8_t *buf, size_t len);
-void qemu_savevm_send_postcopy_advise(QEMUFile *f);
-void qemu_savevm_send_postcopy_listen(QEMUFile *f);
-void qemu_savevm_send_postcopy_run(QEMUFile *f);
-
-void qemu_savevm_send_postcopy_ram_discard(QEMUFile *f, const char *name,
-   uint16_t len,
-   uint64_t *start_list,
-   uint64_t *length_list);
-
-int qemu_loadvm_state(QEMUFile *f);
-
 extern int autostart;
 
 typedef enum {
diff --git a/migration/colo.c b/migration/colo.c
index 929b31c..8c2ade4 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -16,6 +16,7 @@
 #include "qemu-file-channel.h"
 #include "migration/migration.h"
 #include "migration/qemu-file.h"
+#include "savevm.h"
 #include "migration/colo.h"
 #include "migration/block.h"
 #include "io/channel-buffer.h"
diff --git a/migration/migration.c b/migration/migration.c
index ad29e53..7087d1a 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -19,6 +19,7 @@
 #include "qemu/main-loop.h"
 #include "migration/blocker.h"
 #include "migration/migration.h"
+#include "savevm.h"
 #include "qemu-file-channel.h"
 #include "migration/qemu-file.h"
 #include "migration/vmstate.h"
diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
index a37620d..3f9ae1b 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -22,6 +22,7 @@
 #include "exec/target_page.h"
 #include "migration/migration.h"
 #include "migration/qemu-file.h"
+#include "savevm.h"
 #include "postcopy-ram.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/balloon.h"
diff --git a/migration/savevm.c b/migration/savevm.c
index d971e5e..d840731 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -36,6 +36,7 @@
 #include "qemu/timer.h"
 #include "migration/migration.h"
 #include "qemu-file-channel.h"
+#include "savevm.h"
 #include "postcopy-ram.h"
 #include "qapi/qmp/qerror.h"
 #include "qemu/error-report.h"
@@ -63,6 +64,26 @@ const unsigned int postcopy_ram_discard_version = 0;
 
 static bool skip_section_footers;
 
+/* Subcommands for QEMU_VM_COMMAND */
+enum qemu_vm_cmd {
+MIG_CMD_INVALID = 0,   /* Must be 0 */
+MIG_CMD_OPEN_RETURN_PATH,  /* Tell the dest to open the Return path */
+MIG_CMD_PING,  /* Request a PONG on the RP */
+
+MIG_CMD_POSTCOPY_ADVISE,   /* Prior to any page transfers, just
+ 

[Qemu-devel] [PATCH 10/11] migration: Export ram.c functions in its own file

[Juan Quintela]

All functions are internal except for ram_mig_init().  Create
migration/misc.h for this kind of functions.

Signed-off-by: Juan Quintela 
Reviewed-by: Dr. David Alan Gilbert 
---
 include/migration/migration.h | 38 ---
 include/migration/misc.h  | 21 +
 migration/migration.c |  1 +
 migration/postcopy-ram.c  |  1 +
 migration/ram.c   |  2 ++
 migration/ram.h   | 70 +++
 migration/rdma.c  |  2 +-
 migration/savevm.c|  1 +
 vl.c  |  1 +
 9 files changed, 98 insertions(+), 39 deletions(-)
 create mode 100644 include/migration/misc.h
 create mode 100644 migration/ram.h

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 4695af7..e0c66c5 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -176,38 +176,6 @@ bool migration_in_postcopy(void);
 bool migration_in_postcopy_after_devices(MigrationState *);
 MigrationState *migrate_get_current(void);
 
-void migrate_compress_threads_create(void);
-void migrate_compress_threads_join(void);
-void migrate_decompress_threads_create(void);
-void migrate_decompress_threads_join(void);
-uint64_t ram_bytes_remaining(void);
-uint64_t ram_bytes_transferred(void);
-uint64_t ram_bytes_total(void);
-uint64_t ram_dirty_sync_count(void);
-uint64_t ram_dirty_pages_rate(void);
-uint64_t ram_postcopy_requests(void);
-void free_xbzrle_decoded_buf(void);
-
-void acct_update_position(QEMUFile *f, size_t size, bool zero);
-
-uint64_t dup_mig_pages_transferred(void);
-uint64_t norm_mig_pages_transferred(void);
-uint64_t xbzrle_mig_bytes_transferred(void);
-uint64_t xbzrle_mig_pages_transferred(void);
-uint64_t xbzrle_mig_pages_overflow(void);
-uint64_t xbzrle_mig_pages_cache_miss(void);
-double xbzrle_mig_cache_miss_rate(void);
-
-void ram_handle_compressed(void *host, uint8_t ch, uint64_t size);
-void ram_debug_dump_bitmap(unsigned long *todump, bool expected,
-   unsigned long pages);
-/* For outgoing discard bitmap */
-int ram_postcopy_send_discard_bitmap(MigrationState *ms);
-/* For incoming postcopy discard */
-int ram_discard_range(const char *block_name, uint64_t start, size_t length);
-int ram_postcopy_incoming_init(MigrationIncomingState *mis);
-void ram_postcopy_migrated_memory_release(MigrationState *ms);
-
 bool migrate_release_ram(void);
 bool migrate_postcopy_ram(void);
 bool migrate_zero_blocks(void);
@@ -218,8 +186,6 @@ int migrate_use_xbzrle(void);
 int64_t migrate_xbzrle_cache_size(void);
 bool migrate_colo_enabled(void);
 
-int64_t xbzrle_cache_resize(int64_t new_size);
-
 bool migrate_use_block(void);
 bool migrate_use_block_incremental(void);
 
@@ -258,7 +224,6 @@ size_t ram_control_save_page(QEMUFile *f, ram_addr_t 
block_offset,
  ram_addr_t offset, size_t size,
  uint64_t *bytes_sent);
 
-void ram_mig_init(void);
 void savevm_skip_section_footers(void);
 void register_global_state(void);
 void global_state_set_optional(void);
@@ -266,7 +231,4 @@ void savevm_skip_configuration(void);
 int global_state_store(void);
 void global_state_store_running(void);
 
-void migration_page_queue_free(void);
-int ram_save_queue_pages(const char *rbname, ram_addr_t start, ram_addr_t len);
-uint64_t ram_pagesize_summary(void);
 #endif
diff --git a/include/migration/misc.h b/include/migration/misc.h
new file mode 100644
index 000..0b37714
--- /dev/null
+++ b/include/migration/misc.h
@@ -0,0 +1,21 @@
+/*
+ * QEMU migration miscellaneus exported functions
+ *
+ * Copyright IBM, Corp. 2008
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef MIGRATION_MISC_H
+#define MIGRATION_MISC_H
+
+/* migration/ram.c */
+
+void ram_mig_init(void);
+
+#endif
diff --git a/migration/migration.c b/migration/migration.c
index bacdb44..ffad8e5 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -22,6 +22,7 @@
 #include "fd.h"
 #include "socket.h"
 #include "rdma.h"
+#include "ram.h"
 #include "migration/migration.h"
 #include "savevm.h"
 #include "qemu-file-channel.h"
diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
index 6f239f9..230b5dc 100644
--- a/migration/postcopy-ram.c
+++ b/migration/postcopy-ram.c
@@ -24,6 +24,7 @@
 #include "qemu-file.h"
 #include "savevm.h"
 #include "postcopy-ram.h"
+#include "ram.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/balloon.h"
 #include "qemu/error-report.h"
diff --git a/migration/ram.c b/migration/ram.c
index cbb7b7a..f09549d 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -36,7 +36,9 @@
 #include "qemu/timer.h"
 #include "qemu/main-loop.h"
 #include "xbzrle.h"
+#include "ram.h"
 #include "migration/migration.h"
+#include 

[Qemu-devel] [PATCH v4] target/s390x: Add support for the TEST BLOCK instruction

[Thomas Huth]

TEST BLOCK was likely once used to execute basic memory
tests, but nowadays it's just a (slow) way to clear a page.

Signed-off-by: Thomas Huth 
---
 v4:
 - Switched TCG_CALL_NO_RWG back to TCG_CALL_NO_WG as indicated by Richard

 v3:
 - Use TCG_CALL_NO_RWG instead of TCG_CALL_NO_WG
 - Use potential_page_fault() since the helper can generate an exception

 v2:
 - Use DEF_HELPER_FLAGS_2 instead for DEF_HELPER_2 for returning CC value
 - Convert real to absolute address
 - Added a check for valid RAM page
 - Added low-address protection check

 target/s390x/cpu.h |  1 +
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 28 
 target/s390x/mmu_helper.c  |  2 +-
 target/s390x/translate.c   | 11 +++
 6 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 240b8a5..4f38ba0 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -1082,6 +1082,7 @@ struct sysib_322 {
 #define SIGP_ORDER_MASK 0x00ff
 
 void load_psw(CPUS390XState *env, uint64_t mask, uint64_t addr);
+target_ulong mmu_real2abs(CPUS390XState *env, target_ulong raddr);
 int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
   target_ulong *raddr, int *flags, bool exc);
 int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code);
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 0b70770..1fae191 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -102,6 +102,7 @@ DEF_HELPER_FLAGS_4(lctl, TCG_CALL_NO_WG, void, env, i32, 
i64, i32)
 DEF_HELPER_FLAGS_4(lctlg, TCG_CALL_NO_WG, void, env, i32, i64, i32)
 DEF_HELPER_FLAGS_4(stctl, TCG_CALL_NO_WG, void, env, i32, i64, i32)
 DEF_HELPER_FLAGS_4(stctg, TCG_CALL_NO_WG, void, env, i32, i64, i32)
+DEF_HELPER_FLAGS_2(testblock, TCG_CALL_NO_WG, i32, env, i64)
 DEF_HELPER_FLAGS_2(tprot, TCG_CALL_NO_RWG, i32, i64, i64)
 DEF_HELPER_FLAGS_2(iske, TCG_CALL_NO_RWG_SE, i64, env, i64)
 DEF_HELPER_FLAGS_3(sske, TCG_CALL_NO_RWG, void, env, i64, i64)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 55a7c52..cac0f51 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -918,6 +918,8 @@
 /* STORE USING REAL ADDRESS */
 C(0xb246, STURA,   RRE,   Z,   r1_o, r2_o, 0, 0, stura, 0)
 C(0xb925, STURG,   RRE,   Z,   r1_o, r2_o, 0, 0, sturg, 0)
+/* TEST BLOCK */
+C(0xb22c, TB,  RRE,   Z,   0, r2_o, 0, 0, testblock, 0)
 /* TEST PROTECTION */
 C(0xe501, TPROT,   SSE,   Z,   la1, a2, 0, 0, tprot, 0)
 
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index f6e5bce..0c6a0d9 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -20,6 +20,7 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
+#include "exec/address-spaces.h"
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
@@ -973,6 +974,33 @@ void HELPER(stctl)(CPUS390XState *env, uint32_t r1, 
uint64_t a2, uint32_t r3)
 }
 }
 
+uint32_t HELPER(testblock)(CPUS390XState *env, uint64_t real_addr)
+{
+CPUState *cs = CPU(s390_env_get_cpu(env));
+uint64_t abs_addr;
+int i;
+
+real_addr = fix_address(env, real_addr);
+abs_addr = mmu_real2abs(env, real_addr) & TARGET_PAGE_MASK;
+if (!address_space_access_valid(_space_memory, abs_addr,
+TARGET_PAGE_SIZE, true)) {
+program_interrupt(env, PGM_ADDRESSING, 4);
+return 1;
+}
+
+/* Check low-address protection */
+if ((env->cregs[0] & CR0_LOWPROT) && real_addr < 0x2000) {
+program_interrupt(env, PGM_PROTECTION, 4);
+return 1;
+}
+
+for (i = 0; i < TARGET_PAGE_SIZE; i += 8) {
+stq_phys(cs->as, abs_addr + i, 0);
+}
+
+return 0;
+}
+
 uint32_t HELPER(tprot)(uint64_t a1, uint64_t a2)
 {
 /* XXX implement */
diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index b11a027..31eb9ef 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -108,7 +108,7 @@ static void trigger_page_fault(CPUS390XState *env, 
target_ulong vaddr,
  * Translate real address to absolute (= physical)
  * address by taking care of the prefix mapping.
  */
-static target_ulong mmu_real2abs(CPUS390XState *env, target_ulong raddr)
+target_ulong mmu_real2abs(CPUS390XState *env, target_ulong raddr)
 {
 if (raddr < 0x2000) {
 return raddr + env->psa;/* Map the lowcore. */
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 4c48c59..d6736e4 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4057,6 +4057,16 @@ static ExitStatus op_tcxb(DisasContext *s, DisasOps *o)
 }
 
 #ifndef CONFIG_USER_ONLY
+
+static ExitStatus op_testblock(DisasContext *s, DisasOps *o)
+{
+check_privileged(s);
+potential_page_fault(s);
+gen_helper_testblock(cc_op, cpu_env, o->in2);
+

[Qemu-devel] [PATCH 00/11] Another cleanup of includes

[Juan Quintela]

Hi

This series:
- make all migration methods export its functions in its own header
- move block.h into migration/
- create migration/savevm.h for functions exported in savevm.c
- create migration/ram.h for functions from ram.c
- split qemu-file.h into it an qemu-file-types.h
  only the last one is used outside of migration/
- move migration.h to be private
- create include/migration/misc.h for misc exported functions that
  don't belong anywhere

Please review.

Thanks, Juan.



Juan Quintela (11):
  migration: Create savevm.h for functions exported from savevm.c
  migration: Remove unneeded includes of migration/vmstate.h
  migration: Split qemu-file.h
  migration: Export exec.c functions in its own file
  migration: Export fd.c functions in its own file
  migration: Export socket.c functions in its own file
  migration: Export tls.c functions in its own file
  migration: Export rdma.c functions in its own file
  migration: Create include for migration snapshots
  migration: Export ram.c functions in its own file
  migration: Move include/migration/block.h into migration/

 hmp.c|   5 +-
 hw/core/qdev.c   |   1 -
 hw/i2c/i2c-ddc.c |   1 +
 hw/intc/s390_flic.c  |   1 -
 hw/intc/s390_flic_kvm.c  |   1 -
 hw/s390x/s390-skeys.c|   1 -
 include/block/block_int.h|   4 +-
 include/hw/acpi/memory_hotplug.h |   1 -
 include/hw/acpi/pcihp.h  |   1 -
 include/hw/hw.h  |   2 +-
 include/hw/pci/shpc.h|   1 -
 include/migration/migration.h|  68 ---
 include/migration/misc.h |  29 +
 include/migration/qemu-file-types.h  | 164 +++
 include/migration/snapshot.h |  20 
 include/net/net.h|   1 -
 include/sysemu/sysemu.h  |  50 
 migration/block.c|   5 +-
 {include/migration => migration}/block.h |   2 -
 migration/channel.c  |   1 +
 migration/colo.c |   5 +-
 migration/exec.c |   1 +
 migration/exec.h |  26 +
 migration/fd.c   |   1 +
 migration/fd.h   |  23 
 migration/migration.c|  11 +-
 migration/postcopy-ram.c |   4 +-
 migration/qemu-file-channel.c|   3 +-
 migration/qemu-file.c|   2 +-
 {include/migration => migration}/qemu-file.h | 157 +
 migration/ram.c  |   4 +-
 migration/ram.h  |  70 
 migration/rdma.c |   5 +-
 migration/rdma.h |  25 
 migration/savevm.c   |  36 +-
 migration/savevm.h   |  41 +++
 migration/socket.c   |   3 +-
 migration/socket.h   |  28 +
 migration/tls.c  |   1 +
 migration/tls.h  |  34 ++
 migration/vmstate-types.c|   3 +-
 migration/vmstate.c  |   2 +-
 replay/replay-snapshot.c |   5 +-
 target/alpha/cpu.c   |   1 -
 target/hppa/cpu.c|   1 -
 target/s390x/cpu.c   |   1 -
 target/tilegx/cpu.c  |   1 -
 tests/test-vmstate.c |   3 +-
 vl.c |   5 +-
 49 files changed, 544 insertions(+), 317 deletions(-)
 create mode 100644 include/migration/misc.h
 create mode 100644 include/migration/qemu-file-types.h
 create mode 100644 include/migration/snapshot.h
 rename {include/migration => migration}/block.h (93%)
 create mode 100644 migration/exec.h
 create mode 100644 migration/fd.h
 rename {include/migration => migration}/qemu-file.h (62%)
 create mode 100644 migration/ram.h
 create mode 100644 migration/rdma.h
 create mode 100644 migration/savevm.h
 create mode 100644 migration/socket.h
 create mode 100644 migration/tls.h

-- 
2.9.3

[Qemu-devel] [PULL 08/18] migration: Create migration/xbzrle.h

[Juan Quintela]

Signed-off-by: Juan Quintela 
Reviewed-by: Peter Xu 
---
 include/migration/migration.h |  4 
 migration/ram.c   |  1 +
 migration/xbzrle.c|  2 +-
 migration/xbzrle.h| 21 +
 tests/test-xbzrle.c   |  2 +-
 5 files changed, 24 insertions(+), 6 deletions(-)
 create mode 100644 migration/xbzrle.h

diff --git a/include/migration/migration.h b/include/migration/migration.h
index b80a6ed..7d1eef7 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -251,10 +251,6 @@ bool migrate_zero_blocks(void);
 
 bool migrate_auto_converge(void);
 
-int xbzrle_encode_buffer(uint8_t *old_buf, uint8_t *new_buf, int slen,
- uint8_t *dst, int dlen);
-int xbzrle_decode_buffer(uint8_t *src, int slen, uint8_t *dst, int dlen);
-
 int migrate_use_xbzrle(void);
 int64_t migrate_xbzrle_cache_size(void);
 bool migrate_colo_enabled(void);
diff --git a/migration/ram.c b/migration/ram.c
index 59459ef..c14269f 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -35,6 +35,7 @@
 #include "qemu/bitmap.h"
 #include "qemu/timer.h"
 #include "qemu/main-loop.h"
+#include "xbzrle.h"
 #include "migration/migration.h"
 #include "postcopy-ram.h"
 #include "exec/address-spaces.h"
diff --git a/migration/xbzrle.c b/migration/xbzrle.c
index c858339..1ba482d 100644
--- a/migration/xbzrle.c
+++ b/migration/xbzrle.c
@@ -12,7 +12,7 @@
  */
 #include "qemu/osdep.h"
 #include "qemu/cutils.h"
-#include "include/migration/migration.h"
+#include "xbzrle.h"
 
 /*
   page = zrun nzrun
diff --git a/migration/xbzrle.h b/migration/xbzrle.h
new file mode 100644
index 000..a0db507
--- /dev/null
+++ b/migration/xbzrle.h
@@ -0,0 +1,21 @@
+/*
+ * QEMU live migration
+ *
+ * Copyright IBM, Corp. 2008
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef QEMU_MIGRATION_XBZRLE_H
+#define QEMU_MIGRATION_XBZRLE_H
+
+int xbzrle_encode_buffer(uint8_t *old_buf, uint8_t *new_buf, int slen,
+ uint8_t *dst, int dlen);
+
+int xbzrle_decode_buffer(uint8_t *src, int slen, uint8_t *dst, int dlen);
+#endif
diff --git a/tests/test-xbzrle.c b/tests/test-xbzrle.c
index 49f6419..f5e08de 100644
--- a/tests/test-xbzrle.c
+++ b/tests/test-xbzrle.c
@@ -13,7 +13,7 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qemu/cutils.h"
-#include "include/migration/migration.h"
+#include "../migration/xbzrle.h"
 
 #define PAGE_SIZE 4096
 
-- 
2.9.3

[Qemu-devel] [PATCH 11/11] migration: Move include/migration/block.h into migration/

[Juan Quintela]

All functions were internal, except blk_mig_init() that is exported in
misc.h now.

Signed-off-by: Juan Quintela 
---
 include/migration/misc.h | 8 
 migration/block.c| 3 ++-
 {include/migration => migration}/block.h | 2 --
 migration/colo.c | 2 +-
 migration/migration.c| 2 +-
 vl.c | 1 -
 6 files changed, 12 insertions(+), 6 deletions(-)
 rename {include/migration => migration}/block.h (93%)

diff --git a/include/migration/misc.h b/include/migration/misc.h
index 0b37714..d7892b7 100644
--- a/include/migration/misc.h
+++ b/include/migration/misc.h
@@ -18,4 +18,12 @@
 
 void ram_mig_init(void);
 
+/* migration/block.c */
+
+#ifdef CONFIG_LIVE_BLOCK_MIGRATION
+void blk_mig_init(void);
+#else
+static inline void blk_mig_init(void) {}
+#endif
+
 #endif
diff --git a/migration/block.c b/migration/block.c
index 3e27499..4d8c2e9 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -23,7 +23,8 @@
 #include "qemu/cutils.h"
 #include "qemu/queue.h"
 #include "qemu/timer.h"
-#include "migration/block.h"
+#include "block.h"
+#include "migration/misc.h"
 #include "migration/migration.h"
 #include "sysemu/blockdev.h"
 #include "qemu-file.h"
diff --git a/include/migration/block.h b/migration/block.h
similarity index 93%
rename from include/migration/block.h
rename to migration/block.h
index 28cff53..22ebe94 100644
--- a/include/migration/block.h
+++ b/migration/block.h
@@ -15,14 +15,12 @@
 #define MIGRATION_BLOCK_H
 
 #ifdef CONFIG_LIVE_BLOCK_MIGRATION
-void blk_mig_init(void);
 int blk_mig_active(void);
 uint64_t blk_mig_bytes_transferred(void);
 uint64_t blk_mig_bytes_remaining(void);
 uint64_t blk_mig_bytes_total(void);
 
 #else
-static inline void blk_mig_init(void) { }
 static inline int blk_mig_active(void)
 {
 return false;
diff --git a/migration/colo.c b/migration/colo.c
index 5be4656..f6a54d1 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -18,7 +18,7 @@
 #include "qemu-file.h"
 #include "savevm.h"
 #include "migration/colo.h"
-#include "migration/block.h"
+#include "block.h"
 #include "io/channel-buffer.h"
 #include "trace.h"
 #include "qemu/error-report.h"
diff --git a/migration/migration.c b/migration/migration.c
index ffad8e5..bb4be78 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -34,7 +34,7 @@
 #include "qapi/util.h"
 #include "qemu/sockets.h"
 #include "qemu/rcu.h"
-#include "migration/block.h"
+#include "block.h"
 #include "postcopy-ram.h"
 #include "qemu/thread.h"
 #include "qmp-commands.h"
diff --git a/vl.c b/vl.c
index 5b09937..ae90c4f 100644
--- a/vl.c
+++ b/vl.c
@@ -86,7 +86,6 @@ int main(int argc, char **argv)
 #include "qemu/log.h"
 #include "sysemu/blockdev.h"
 #include "hw/block/block.h"
-#include "migration/block.h"
 #include "migration/misc.h"
 #include "migration/snapshot.h"
 #include "sysemu/tpm.h"
-- 
2.9.3

[Qemu-devel] [PULL 09/18] migration: Split migration/channel.c for channel operations

[Juan Quintela]

Create an include for its exported functions.

Signed-off-by: Juan Quintela 
Reviewed-by: Dr. David Alan Gilbert 

---
Add proper header
---
 include/migration/migration.h |  7 -
 migration/Makefile.objs   |  2 +-
 migration/channel.c   | 66 +++
 migration/channel.h   | 27 ++
 migration/exec.c  |  1 +
 migration/fd.c|  1 +
 migration/migration.c | 50 
 migration/socket.c|  1 +
 migration/tls.c   |  1 +
 9 files changed, 98 insertions(+), 58 deletions(-)
 create mode 100644 migration/channel.c
 create mode 100644 migration/channel.h

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 7d1eef7..e831259 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -157,17 +157,10 @@ void migration_fd_process_incoming(QEMUFile *f);
 
 void qemu_start_incoming_migration(const char *uri, Error **errp);
 
-void migration_channel_process_incoming(MigrationState *s,
-QIOChannel *ioc);
-
 void migration_tls_channel_process_incoming(MigrationState *s,
 QIOChannel *ioc,
 Error **errp);
 
-void migration_channel_connect(MigrationState *s,
-   QIOChannel *ioc,
-   const char *hostname);
-
 void migration_tls_channel_connect(MigrationState *s,
QIOChannel *ioc,
const char *hostname,
diff --git a/migration/Makefile.objs b/migration/Makefile.objs
index 00a3f4a..4e8ab0a 100644
--- a/migration/Makefile.objs
+++ b/migration/Makefile.objs
@@ -1,5 +1,5 @@
 common-obj-y += migration.o socket.o fd.o exec.o
-common-obj-y += tls.o
+common-obj-y += tls.o channel.o
 common-obj-y += colo-comm.o colo.o colo-failover.o
 common-obj-y += vmstate.o page_cache.o
 common-obj-y += qemu-file.o
diff --git a/migration/channel.c b/migration/channel.c
new file mode 100644
index 000..40c6382
--- /dev/null
+++ b/migration/channel.c
@@ -0,0 +1,66 @@
+/*
+ * QEMU live migration channel operations
+ *
+ * Copyright Red Hat, Inc. 2016
+ *
+ * Authors:
+ *  Daniel P. Berrange 
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "channel.h"
+#include "migration/migration.h"
+#include "trace.h"
+#include "qapi/error.h"
+#include "io/channel-tls.h"
+
+void migration_channel_process_incoming(MigrationState *s,
+QIOChannel *ioc)
+{
+trace_migration_set_incoming_channel(
+ioc, object_get_typename(OBJECT(ioc)));
+
+if (s->parameters.tls_creds &&
+*s->parameters.tls_creds &&
+!object_dynamic_cast(OBJECT(ioc),
+ TYPE_QIO_CHANNEL_TLS)) {
+Error *local_err = NULL;
+migration_tls_channel_process_incoming(s, ioc, _err);
+if (local_err) {
+error_report_err(local_err);
+}
+} else {
+QEMUFile *f = qemu_fopen_channel_input(ioc);
+migration_fd_process_incoming(f);
+}
+}
+
+
+void migration_channel_connect(MigrationState *s,
+   QIOChannel *ioc,
+   const char *hostname)
+{
+trace_migration_set_outgoing_channel(
+ioc, object_get_typename(OBJECT(ioc)), hostname);
+
+if (s->parameters.tls_creds &&
+*s->parameters.tls_creds &&
+!object_dynamic_cast(OBJECT(ioc),
+ TYPE_QIO_CHANNEL_TLS)) {
+Error *local_err = NULL;
+migration_tls_channel_connect(s, ioc, hostname, _err);
+if (local_err) {
+migrate_fd_error(s, local_err);
+error_free(local_err);
+}
+} else {
+QEMUFile *f = qemu_fopen_channel_output(ioc);
+
+s->to_dst_file = f;
+
+migrate_fd_connect(s);
+}
+}
diff --git a/migration/channel.h b/migration/channel.h
new file mode 100644
index 000..2e0a7e3
--- /dev/null
+++ b/migration/channel.h
@@ -0,0 +1,27 @@
+/*
+ * QEMU live migration channel operations
+ *
+ * Copyright Red Hat, Inc. 2016
+ *
+ * Authors:
+ *  Daniel P. Berrange 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#ifndef QEMU_MIGRATION_CHANNEL_H
+#define QEMU_MIGRATION_CHANNEL_H
+
+#include "io/channel.h"
+
+void migration_channel_process_incoming(MigrationState *s,
+QIOChannel *ioc);
+
+void 

[Qemu-devel] [PULL 07/18] block migration: Allow compile time disable

[Juan Quintela]

From: "Dr. David Alan Gilbert" 

Many users now prefer to use drive_mirror over NBD as an
alternative to the older migrate -b option; drive_mirror is
more complex to setup but gives you more options (e.g. only
migrating some of the disks if some of them are shared).

Allow the large chunk of block migration code to be compiled
out for those who don't use it.

Based on a downstream-patch we've had for a while by Jeff Cody.

Signed-off-by: Dr. David Alan Gilbert 
Signed-off-by: Juan Quintela 
Reviewed-by: Eric Blake 

--

- When compiled out, allow seting block only with false value (eric)
---
 configure | 11 +++
 include/migration/block.h | 24 +++-
 migration/Makefile.objs   |  2 +-
 migration/migration.c | 14 ++
 4 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 139638e..1a5ee4b 100755
--- a/configure
+++ b/configure
@@ -316,6 +316,7 @@ vte=""
 virglrenderer=""
 tpm="yes"
 libssh2=""
+live_block_migration="yes"
 numa=""
 tcmalloc="no"
 jemalloc="no"
@@ -1169,6 +1170,10 @@ for opt do
   ;;
   --enable-libssh2) libssh2="yes"
   ;;
+  --disable-live-block-migration) live_block_migration="no"
+  ;;
+  --enable-live-block-migration) live_block_migration="yes"
+  ;;
   --disable-numa) numa="no"
   ;;
   --enable-numa) numa="yes"
@@ -1401,6 +1406,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   libnfs  nfs support
   smartcard   smartcard support (libcacard)
   libusb  libusb (for usb passthrough)
+  live-block-migration   Block migration in the main migration stream
   usb-redir   usb network redirection support
   lzo support of lzo compression library
   snappy  support of snappy compression library
@@ -5216,6 +5222,7 @@ echo "TPM support   $tpm"
 echo "libssh2 support   $libssh2"
 echo "TPM passthrough   $tpm_passthrough"
 echo "QOM debugging $qom_cast_debug"
+echo "Live block migration $live_block_migration"
 echo "lzo support   $lzo"
 echo "snappy support$snappy"
 echo "bzip2 support $bzip2"
@@ -5782,6 +5789,10 @@ if test "$libssh2" = "yes" ; then
   echo "LIBSSH2_LIBS=$libssh2_libs" >> $config_host_mak
 fi
 
+if test "$live_block_migration" = "yes" ; then
+  echo "CONFIG_LIVE_BLOCK_MIGRATION=y" >> $config_host_mak
+fi
+
 # USB host support
 if test "$libusb" = "yes"; then
   echo "HOST_USB=libusb legacy" >> $config_host_mak
diff --git a/include/migration/block.h b/include/migration/block.h
index 5225af9..28cff53 100644
--- a/include/migration/block.h
+++ b/include/migration/block.h
@@ -14,12 +14,34 @@
 #ifndef MIGRATION_BLOCK_H
 #define MIGRATION_BLOCK_H
 
+#ifdef CONFIG_LIVE_BLOCK_MIGRATION
 void blk_mig_init(void);
 int blk_mig_active(void);
 uint64_t blk_mig_bytes_transferred(void);
 uint64_t blk_mig_bytes_remaining(void);
 uint64_t blk_mig_bytes_total(void);
 
+#else
+static inline void blk_mig_init(void) { }
+static inline int blk_mig_active(void)
+{
+return false;
+}
+static inline uint64_t blk_mig_bytes_transferred(void)
+{
+return 0;
+}
+
+static inline uint64_t blk_mig_bytes_remaining(void)
+{
+return 0;
+}
+
+static inline uint64_t blk_mig_bytes_total(void)
+{
+return 0;
+}
+#endif /* CONFIG_LIVE_BLOCK_MIGRATION */
+
 void migrate_set_block_enabled(bool value, Error **errp);
-
 #endif /* MIGRATION_BLOCK_H */
diff --git a/migration/Makefile.objs b/migration/Makefile.objs
index c1920b6..00a3f4a 100644
--- a/migration/Makefile.objs
+++ b/migration/Makefile.objs
@@ -9,5 +9,5 @@ common-obj-y += qjson.o
 
 common-obj-$(CONFIG_RDMA) += rdma.o
 
-common-obj-y += block.o
+common-obj-$(CONFIG_LIVE_BLOCK_MIGRATION) += block.o
 
diff --git a/migration/migration.c b/migration/migration.c
index ed66158..2f8 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -547,6 +547,11 @@ MigrationCapabilityStatusList 
*qmp_query_migrate_capabilities(Error **errp)
 
 caps = NULL; /* silence compiler warning */
 for (i = 0; i < MIGRATION_CAPABILITY__MAX; i++) {
+#ifndef CONFIG_LIVE_BLOCK_MIGRATION
+if (i == MIGRATION_CAPABILITY_BLOCK) {
+continue;
+}
+#endif
 if (i == MIGRATION_CAPABILITY_X_COLO && !colo_supported()) {
 continue;
 }
@@ -763,6 +768,15 @@ void 
qmp_migrate_set_capabilities(MigrationCapabilityStatusList *params,
 }
 
 for (cap = params; cap; cap = cap->next) {
+#ifndef CONFIG_LIVE_BLOCK_MIGRATION
+if (cap->value->capability == MIGRATION_CAPABILITY_BLOCK
+&& cap->value->state) {
+error_setg(errp, "QEMU compiled without old-style (blk/-b, inc/-i) 
"
+   "block migration");
+error_append_hint(errp, "Use drive_mirror+NBD instead.\n");
+continue;
+}
+#endif
 if (cap->value->capability == MIGRATION_CAPABILITY_X_COLO) {
 if 

[Qemu-devel] [PULL 05/18] migration: Remove use of old MigrationParams

[Juan Quintela]

We have change in the previous patch to use migration capabilities for
it.  Notice that we continue using the old command line flags from
migrate command from the time being.  Remove the set_params method as
now it is empty.

For savevm, one can't do a:

savevm -b/-i foo

but now one can do:

migrate_set_capability block on
savevm foo

And we can't use block migration. We could disable block capability
unconditionally, but it would not be much better.

Signed-off-by: Juan Quintela 
Reviewed-by: Eric Blake 

---
- Maintain shared/enabled dependency (Xu suggestion)
- Now we maintain the dependency on the setter functions
- improve error messages
---
 include/migration/migration.h |  3 +--
 migration/block.c | 17 ++---
 migration/colo.c  |  4 ++--
 migration/migration.c |  3 ---
 migration/savevm.c|  8 ++--
 5 files changed, 11 insertions(+), 24 deletions(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 024a048..4dedc66 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -39,8 +39,7 @@
 #define QEMU_VM_SECTION_FOOTER   0x7e
 
 struct MigrationParams {
-bool blk;
-bool shared;
+bool unused; /* C doesn't allow empty structs */
 };
 
 /* Messages sent on the return path from destination to source */
diff --git a/migration/block.c b/migration/block.c
index 060087f..5d22926 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -94,9 +94,6 @@ typedef struct BlkMigBlock {
 } BlkMigBlock;
 
 typedef struct BlkMigState {
-/* Written during setup phase.  Can be read without a lock.  */
-int blk_enable;
-int shared_base;
 QSIMPLEQ_HEAD(bmds_list, BlkMigDevState) bmds_list;
 int64_t total_sector_sum;
 bool zero_blocks;
@@ -425,7 +422,7 @@ static int init_blk_migration(QEMUFile *f)
 bmds->bulk_completed = 0;
 bmds->total_sectors = sectors;
 bmds->completed_sectors = 0;
-bmds->shared_base = block_mig_state.shared_base;
+bmds->shared_base = migrate_use_block_incremental();
 
 assert(i < num_bs);
 bmds_bs[i].bmds = bmds;
@@ -994,22 +991,12 @@ static int block_load(QEMUFile *f, void *opaque, int 
version_id)
 return 0;
 }
 
-static void block_set_params(const MigrationParams *params, void *opaque)
-{
-block_mig_state.blk_enable = params->blk;
-block_mig_state.shared_base = params->shared;
-
-/* shared base means that blk_enable = 1 */
-block_mig_state.blk_enable |= params->shared;
-}
-
 static bool block_is_active(void *opaque)
 {
-return block_mig_state.blk_enable == 1;
+return migrate_use_block();
 }
 
 static SaveVMHandlers savevm_block_handlers = {
-.set_params = block_set_params,
 .save_live_setup = block_save_setup,
 .save_live_iterate = block_save_iterate,
 .save_live_complete_precopy = block_save_complete,
diff --git a/migration/colo.c b/migration/colo.c
index 963c802..8c86892 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -14,6 +14,7 @@
 #include "qemu/timer.h"
 #include "sysemu/sysemu.h"
 #include "migration/colo.h"
+#include "migration/block.h"
 #include "io/channel-buffer.h"
 #include "trace.h"
 #include "qemu/error-report.h"
@@ -345,8 +346,7 @@ static int colo_do_checkpoint_transaction(MigrationState *s,
 }
 
 /* Disable block migration */
-s->params.blk = 0;
-s->params.shared = 0;
+migrate_set_block_enabled(false, _err);
 qemu_savevm_state_header(fb);
 qemu_savevm_state_begin(fb, >params);
 qemu_mutex_lock_iothread();
diff --git a/migration/migration.c b/migration/migration.c
index c13c0a2..b3d300d 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1224,9 +1224,6 @@ void qmp_migrate(const char *uri, bool has_blk, bool blk,
 MigrationParams params;
 const char *p;
 
-params.blk = has_blk && blk;
-params.shared = has_inc && inc;
-
 if (migration_is_setup_or_active(s->state) ||
 s->state == MIGRATION_STATUS_CANCELLING ||
 s->state == MIGRATION_STATUS_COLO) {
diff --git a/migration/savevm.c b/migration/savevm.c
index f5e8194..2f1f4eb 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1233,8 +1233,6 @@ static int qemu_savevm_state(QEMUFile *f, Error **errp)
 {
 int ret;
 MigrationParams params = {
-.blk = 0,
-.shared = 0
 };
 MigrationState *ms = migrate_init();
 MigrationStatus status;
@@ -1245,6 +1243,12 @@ static int qemu_savevm_state(QEMUFile *f, Error **errp)
 goto done;
 }
 
+if (migrate_use_block()) {
+error_setg(errp, "Block migration and snapshots are incompatible");
+ret = -EINVAL;
+goto done;
+}
+
 qemu_mutex_unlock_iothread();
 qemu_savevm_state_header(f);
 qemu_savevm_state_begin(f, );
-- 
2.9.3

[Qemu-devel] [PULL 04/18] migration: Create block capability

[Juan Quintela]

Create one capability for block migration and one parameter for
incremental block migration.

Signed-off-by: Juan Quintela 
Reviewed-by: Eric Blake 

---

- address all Markus comments
- use Markus and Eric text descriptions
- change logic another time
- improve text messages
---
 hmp.c | 13 
 include/migration/block.h |  2 ++
 include/migration/migration.h |  6 
 migration/migration.c | 71 +++
 qapi-schema.json  | 28 +++--
 5 files changed, 117 insertions(+), 3 deletions(-)

diff --git a/hmp.c b/hmp.c
index 83e45c8..20f5dab 100644
--- a/hmp.c
+++ b/hmp.c
@@ -327,6 +327,10 @@ void hmp_info_migrate_parameters(Monitor *mon, const QDict 
*qdict)
 monitor_printf(mon, "%s: %" PRId64 "\n",
 MigrationParameter_lookup[MIGRATION_PARAMETER_X_CHECKPOINT_DELAY],
 params->x_checkpoint_delay);
+assert(params->has_block_incremental);
+monitor_printf(mon, "%s: %s\n",
+MigrationParameter_lookup[MIGRATION_PARAMETER_BLOCK_INCREMENTAL],
+   params->block_incremental ? "on" : "off");
 }
 
 qapi_free_MigrationParameters(params);
@@ -1528,6 +1532,7 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict 
*qdict)
 Visitor *v = string_input_visitor_new(valuestr);
 uint64_t valuebw = 0;
 int64_t valueint = 0;
+bool valuebool = false;
 Error *err = NULL;
 bool use_int_value = false;
 int i, ret;
@@ -1582,6 +1587,14 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict 
*qdict)
 p.has_x_checkpoint_delay = true;
 use_int_value = true;
 break;
+case MIGRATION_PARAMETER_BLOCK_INCREMENTAL:
+p.has_block_incremental = true;
+visit_type_bool(v, param, , );
+if (err) {
+goto cleanup;
+}
+p.block_incremental = valuebool;
+break;
 }
 
 if (use_int_value) {
diff --git a/include/migration/block.h b/include/migration/block.h
index 41a1ac8..5225af9 100644
--- a/include/migration/block.h
+++ b/include/migration/block.h
@@ -20,4 +20,6 @@ uint64_t blk_mig_bytes_transferred(void);
 uint64_t blk_mig_bytes_remaining(void);
 uint64_t blk_mig_bytes_total(void);
 
+void migrate_set_block_enabled(bool value, Error **errp);
+
 #endif /* MIGRATION_BLOCK_H */
diff --git a/include/migration/migration.h b/include/migration/migration.h
index 49ec501..024a048 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -153,6 +153,9 @@ struct MigrationState
 
 /* The last error that occurred */
 Error *error;
+/* Do we have to clean up -b/-i from old migrate parameters */
+/* This feature is deprecated and will be removed */
+bool must_remove_block_options;
 };
 
 void migrate_set_state(int *state, int old_state, int new_state);
@@ -265,6 +268,9 @@ bool migrate_colo_enabled(void);
 
 int64_t xbzrle_cache_resize(int64_t new_size);
 
+bool migrate_use_block(void);
+bool migrate_use_block_incremental(void);
+
 bool migrate_use_compression(void);
 int migrate_compress_level(void);
 int migrate_compress_threads(void);
diff --git a/migration/migration.c b/migration/migration.c
index 0304c01..c13c0a2 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -592,6 +592,8 @@ MigrationParameters *qmp_query_migrate_parameters(Error 
**errp)
 params->downtime_limit = s->parameters.downtime_limit;
 params->has_x_checkpoint_delay = true;
 params->x_checkpoint_delay = s->parameters.x_checkpoint_delay;
+params->has_block_incremental = true;
+params->block_incremental = s->parameters.block_incremental;
 
 return params;
 }
@@ -900,6 +902,9 @@ void qmp_migrate_set_parameters(MigrationParameters 
*params, Error **errp)
 colo_checkpoint_notify(s);
 }
 }
+if (params->has_block_incremental) {
+s->parameters.block_incremental = params->block_incremental;
+}
 }
 
 
@@ -935,6 +940,33 @@ void migrate_set_state(int *state, int old_state, int 
new_state)
 }
 }
 
+void migrate_set_block_enabled(bool value, Error **errp)
+{
+MigrationCapabilityStatusList *cap;
+
+cap = g_new0(MigrationCapabilityStatusList, 1);
+cap->value = g_new0(MigrationCapabilityStatus, 1);
+cap->value->capability = MIGRATION_CAPABILITY_BLOCK;
+cap->value->state = value;
+qmp_migrate_set_capabilities(cap, errp);
+qapi_free_MigrationCapabilityStatusList(cap);
+}
+
+static void migrate_set_block_incremental(MigrationState *s, bool value)
+{
+s->parameters.block_incremental = value;
+}
+
+static void block_cleanup_parameters(MigrationState *s)
+{
+if (s->must_remove_block_options) {
+/* setting to false can never fail */
+migrate_set_block_enabled(false, _abort);
+

[Qemu-devel] [PULL 06/18] migration: Remove old MigrationParams

[Juan Quintela]

Not used anymore after moving block migration to use capabilities.

Signed-off-by: Juan Quintela 
Reviewed-by: Dr. David Alan Gilbert 
Reviewed-by: zhanghailiang 
Reviewed-by: Peter Xu 
---
 include/migration/migration.h | 10 ++
 include/migration/vmstate.h   |  1 -
 include/qemu/typedefs.h   |  1 -
 include/sysemu/sysemu.h   |  3 +--
 migration/colo.c  |  2 +-
 migration/migration.c |  8 +++-
 migration/savevm.c| 16 +++-
 7 files changed, 10 insertions(+), 31 deletions(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 4dedc66..b80a6ed 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -38,10 +38,6 @@
 #define QEMU_VM_COMMAND  0x08
 #define QEMU_VM_SECTION_FOOTER   0x7e
 
-struct MigrationParams {
-bool unused; /* C doesn't allow empty structs */
-};
-
 /* Messages sent on the return path from destination to source */
 enum mig_rp_message_type {
 MIG_RP_MSG_INVALID = 0,  /* Must be 0 */
@@ -109,12 +105,10 @@ struct MigrationState
 QEMUBH *cleanup_bh;
 QEMUFile *to_dst_file;
 
-/* New style params from 'migrate-set-parameters' */
+/* params from 'migrate-set-parameters' */
 MigrationParameters parameters;
 
 int state;
-/* Old style params from 'migrate' command */
-MigrationParams params;
 
 /* State related to return path */
 struct {
@@ -207,7 +201,7 @@ void migrate_fd_connect(MigrationState *s);
 
 void add_migration_state_change_notifier(Notifier *notify);
 void remove_migration_state_change_notifier(Notifier *notify);
-MigrationState *migrate_init(const MigrationParams *params);
+MigrationState *migrate_init(void);
 bool migration_is_blocked(Error **errp);
 bool migration_in_setup(MigrationState *);
 bool migration_is_idle(void);
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 8489659..dacb052 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -37,7 +37,6 @@ typedef int LoadStateHandler(QEMUFile *f, void *opaque, int 
version_id);
 
 typedef struct SaveVMHandlers {
 /* This runs inside the iothread lock.  */
-void (*set_params)(const MigrationParams *params, void * opaque);
 SaveStateHandler *save_state;
 
 void (*cleanup)(void *opaque);
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 7d85057..33a6aa1 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -49,7 +49,6 @@ typedef struct MemoryRegion MemoryRegion;
 typedef struct MemoryRegionCache MemoryRegionCache;
 typedef struct MemoryRegionSection MemoryRegionSection;
 typedef struct MigrationIncomingState MigrationIncomingState;
-typedef struct MigrationParams MigrationParams;
 typedef struct MigrationState MigrationState;
 typedef struct Monitor Monitor;
 typedef struct MonitorDef MonitorDef;
diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index 83c1ceb..765358e 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -102,8 +102,7 @@ enum qemu_vm_cmd {
 #define MAX_VM_CMD_PACKAGED_SIZE (1ul << 24)
 
 bool qemu_savevm_state_blocked(Error **errp);
-void qemu_savevm_state_begin(QEMUFile *f,
- const MigrationParams *params);
+void qemu_savevm_state_begin(QEMUFile *f);
 void qemu_savevm_state_header(QEMUFile *f);
 int qemu_savevm_state_iterate(QEMUFile *f, bool postcopy);
 void qemu_savevm_state_cleanup(void);
diff --git a/migration/colo.c b/migration/colo.c
index 8c86892..dd38fed 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -348,7 +348,7 @@ static int colo_do_checkpoint_transaction(MigrationState *s,
 /* Disable block migration */
 migrate_set_block_enabled(false, _err);
 qemu_savevm_state_header(fb);
-qemu_savevm_state_begin(fb, >params);
+qemu_savevm_state_begin(fb);
 qemu_mutex_lock_iothread();
 qemu_savevm_state_complete_precopy(fb, false);
 qemu_mutex_unlock_iothread();
diff --git a/migration/migration.c b/migration/migration.c
index b3d300d..ed66158 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1118,7 +1118,7 @@ bool migration_is_idle(void)
 return false;
 }
 
-MigrationState *migrate_init(const MigrationParams *params)
+MigrationState *migrate_init(void)
 {
 MigrationState *s = migrate_get_current();
 
@@ -1132,7 +1132,6 @@ MigrationState *migrate_init(const MigrationParams 
*params)
 s->cleanup_bh = 0;
 s->to_dst_file = NULL;
 s->state = MIGRATION_STATUS_NONE;
-s->params = *params;
 s->rp_state.from_dst_file = NULL;
 s->rp_state.error = false;
 s->mbps = 0.0;
@@ -1221,7 +1220,6 @@ void qmp_migrate(const char *uri, bool has_blk, bool blk,
 {
 Error *local_err = NULL;
 MigrationState *s = migrate_get_current();
-MigrationParams params;
 const char *p;
 
 if