[Qemu-devel] [PATCH v2 for-2.11 2/2] tests/pxe: Check virtio-net-ccw on s390x

[Thomas Huth]

Now that we've got a firmware that can do TFTP booting on s390x (i.e.
the pc-bios/s390-netboot.img), we can enable the PXE tester for this
architecture, too.

Signed-off-by: Thomas Huth 
---
 tests/Makefile.include |  1 +
 tests/boot-sector.c| 20 
 tests/pxe-test.c   |  7 +++
 3 files changed, 28 insertions(+)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index eb4895f..2a238db 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -337,6 +337,7 @@ check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
 check-qtest-xtensaeb-y = $(check-qtest-xtensa-y)
 
 check-qtest-s390x-y = tests/boot-serial-test$(EXESUF)
+check-qtest-s390x-$(CONFIG_SLIRP) += tests/pxe-test$(EXESUF)
 
 check-qtest-generic-y += tests/qom-test$(EXESUF)
 check-qtest-generic-y += tests/test-hmp$(EXESUF)
diff --git a/tests/boot-sector.c b/tests/boot-sector.c
index 8729562..9ee8537 100644
--- a/tests/boot-sector.c
+++ b/tests/boot-sector.c
@@ -67,6 +67,21 @@ static uint8_t x86_boot_sector[512] = {
 [0x1FF] = 0xAA,
 };
 
+/* For s390x, use a mini "kernel" with the appropriate signature */
+static const uint8_t s390x_psw[] = {
+0x00, 0x08, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00
+};
+static const uint8_t s390x_code[] = {
+0xa7, 0xf4, 0x00, 0x0a,/* j 0x10010 */
+0x00, 0x00, 0x00, 0x00,
+'S', '3', '9', '0',
+'E', 'P', 0x00, 0x01,
+0xa7, 0x38, HIGH(SIGNATURE_ADDR), LOW(SIGNATURE_ADDR), /* lhi r3,0x7c10 */
+0xa7, 0x48, LOW(SIGNATURE), HIGH(SIGNATURE),   /* lhi r4,0xadde */
+0x40, 0x40, 0x30, 0x00,/* sth r4,0(r3) */
+0xa7, 0xf4, 0xff, 0xfa /* j 0x10010 */
+};
+
 /* Create boot disk file.  */
 int boot_sector_init(char *fname)
 {
@@ -92,6 +107,11 @@ int boot_sector_init(char *fname)
 LOW(SIGNATURE), SIGNATURE_ADDR,
 HIGH(SIGNATURE), SIGNATURE_ADDR + 1);
 len = strlen(boot_code);
+} else if (g_str_equal(arch, "s390x")) {
+len = 0x1 + sizeof(s390x_code);
+boot_code = g_malloc0(len);
+memcpy(boot_code, s390x_psw, sizeof(s390x_psw));
+memcpy(_code[0x1], s390x_code, sizeof(s390x_code));
 } else {
 g_assert_not_reached();
 }
diff --git a/tests/pxe-test.c b/tests/pxe-test.c
index cf6e225..0d70afc 100644
--- a/tests/pxe-test.c
+++ b/tests/pxe-test.c
@@ -51,6 +51,11 @@ static void test_pxe_spapr_vlan(void)
 test_pxe_one("-device spapr-vlan,netdev=" NETNAME, true);
 }
 
+static void test_pxe_virtio_ccw(void)
+{
+test_pxe_one("-device virtio-net-ccw,bootindex=1,netdev=" NETNAME, false);
+}
+
 int main(int argc, char *argv[])
 {
 int ret;
@@ -68,6 +73,8 @@ int main(int argc, char *argv[])
 } else if (strcmp(arch, "ppc64") == 0) {
 qtest_add_func("pxe/virtio", test_pxe_virtio_pci);
 qtest_add_func("pxe/spapr-vlan", test_pxe_spapr_vlan);
+} else if (g_str_equal(arch, "s390x")) {
+qtest_add_func("pxe/virtio-ccw", test_pxe_virtio_ccw);
 }
 ret = g_test_run();
 boot_sector_cleanup(disk);
-- 
1.8.3.1

[Qemu-devel] [PATCH v2 for-2.11 1/2] tests/boot-sector: Do not overwrite the x86 buffer on other architectures

[Thomas Huth]

Re-using the boot_sector code buffer from x86 for other architectures
is not very nice, especially if we add more architectures later. It's
also ugly that the test uses a huge pre-initialized array at all - the
size of the executable is very huge due to this array. So let's use a
separate buffer for each architecture instead, allocated from the heap,
so that we really just use the memory that we need.

Suggested-by: Michael Tsirkin 
Signed-off-by: Thomas Huth 
---
 tests/boot-sector.c | 41 ++---
 1 file changed, 26 insertions(+), 15 deletions(-)

diff --git a/tests/boot-sector.c b/tests/boot-sector.c
index e3880f4..8729562 100644
--- a/tests/boot-sector.c
+++ b/tests/boot-sector.c
@@ -21,13 +21,12 @@
 #define SIGNATURE 0xdead
 #define SIGNATURE_OFFSET 0x10
 #define BOOT_SECTOR_ADDRESS 0x7c00
+#define SIGNATURE_ADDR (BOOT_SECTOR_ADDRESS + SIGNATURE_OFFSET)
 
-/* Boot sector code: write SIGNATURE into memory,
+/* x86 boot sector code: write SIGNATURE into memory,
  * then halt.
- * Q35 machine requires a minimum 0x7e000 bytes disk.
- * (bug or feature?)
  */
-static uint8_t boot_sector[0x7e000] = {
+static uint8_t x86_boot_sector[512] = {
 /* The first sector will be placed at RAM address 7C00, and
  * the BIOS transfers control to 7C00
  */
@@ -50,8 +49,8 @@ static uint8_t boot_sector[0x7e000] = {
 [0x07] = HIGH(SIGNATURE),
 /* 7c08:  mov %ax,0x7c10 */
 [0x08] = 0xa3,
-[0x09] = LOW(BOOT_SECTOR_ADDRESS + SIGNATURE_OFFSET),
-[0x0a] = HIGH(BOOT_SECTOR_ADDRESS + SIGNATURE_OFFSET),
+[0x09] = LOW(SIGNATURE_ADDR),
+[0x0a] = HIGH(SIGNATURE_ADDR),
 
 /* 7c0b cli */
 [0x0b] = 0xfa,
@@ -72,7 +71,9 @@ static uint8_t boot_sector[0x7e000] = {
 int boot_sector_init(char *fname)
 {
 int fd, ret;
-size_t len = sizeof boot_sector;
+size_t len;
+char *boot_code;
+const char *arch = qtest_get_arch();
 
 fd = mkstemp(fname);
 if (fd < 0) {
@@ -80,16 +81,26 @@ int boot_sector_init(char *fname)
 return 1;
 }
 
-/* For Open Firmware based system, we can use a Forth script instead */
-if (strcmp(qtest_get_arch(), "ppc64") == 0) {
-len = sprintf((char *)boot_sector, "\\ Bootscript\n%x %x c! %x %x 
c!\n",
-LOW(SIGNATURE), BOOT_SECTOR_ADDRESS + SIGNATURE_OFFSET,
-HIGH(SIGNATURE), BOOT_SECTOR_ADDRESS + SIGNATURE_OFFSET + 1);
+if (g_str_equal(arch, "i386") || g_str_equal(arch, "x86_64")) {
+/* Q35 requires a minimum 0x7e000 bytes disk (bug or feature?) */
+len = MAX(0x7e000, sizeof(x86_boot_sector));
+boot_code = g_malloc0(len);
+memcpy(boot_code, x86_boot_sector, sizeof(x86_boot_sector));
+} else if (g_str_equal(arch, "ppc64")) {
+/* For Open Firmware based system, use a Forth script */
+boot_code = g_strdup_printf("\\ Bootscript\n%x %x c! %x %x c!\n",
+LOW(SIGNATURE), SIGNATURE_ADDR,
+HIGH(SIGNATURE), SIGNATURE_ADDR + 1);
+len = strlen(boot_code);
+} else {
+g_assert_not_reached();
 }
 
-ret = write(fd, boot_sector, len);
+ret = write(fd, boot_code, len);
 close(fd);
 
+g_free(boot_code);
+
 if (ret != len) {
 fprintf(stderr, "Could not write \"%s\"", fname);
 return 1;
@@ -115,8 +126,8 @@ void boot_sector_test(void)
  * instruction.
  */
 for (i = 0; i < TEST_CYCLES; ++i) {
-signature_low = readb(BOOT_SECTOR_ADDRESS + SIGNATURE_OFFSET);
-signature_high = readb(BOOT_SECTOR_ADDRESS + SIGNATURE_OFFSET + 1);
+signature_low = readb(SIGNATURE_ADDR);
+signature_high = readb(SIGNATURE_ADDR + 1);
 signature = (signature_high << 8) | signature_low;
 if (signature == SIGNATURE) {
 break;
-- 
1.8.3.1

[Qemu-devel] [PATCH v2 for-2.11 0/2] Improvements for the pxe tester

[Thomas Huth]

The first patch improves the buffer handling in the pxe tester a
little bit by allocating a separate buffer on the heap for each
architecture. This also gets rid of the huge pre-initialized
array in the tester, shrinking the size of the executable by
half of a megabyte!
The second patch adds s390x support to the pxe tester. Starting
with QEMU 2.10, the guest firmware on s390x can now net-boot via
TFTP, too, so we can automatically test this code in the pxe tester.

v2: Adressed Cornelia's review feedback from the first version, e.g.:
 - Use g_malloc0() instead of g_malloc()
 - Use sizeof with parentheses

Thomas Huth (2):
  tests/boot-sector: Do not overwrite the x86 buffer on other
architectures
  tests/pxe: Check virtio-net-ccw on s390x

 tests/Makefile.include |  1 +
 tests/boot-sector.c| 61 +-
 tests/pxe-test.c   |  7 ++
 3 files changed, 54 insertions(+), 15 deletions(-)

-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v6 15/19] migration: Create thread infrastructure for multifd recv side

[Peter Xu]

On Tue, Aug 08, 2017 at 06:26:25PM +0200, Juan Quintela wrote:
> We make the locking and the transfer of information specific, even if we
> are still receiving things through the main thread.
> 
> Signed-off-by: Juan Quintela 
> 
> --
> 
> We split when we create the main channel and where we start the main
> migration thread, so we wait for the creation of the other threads.
> 
> Use multifd_clear_group().
> ---
>  migration/migration.c |  7 ---
>  migration/migration.h |  1 +
>  migration/ram.c   | 55 
> +++
>  migration/socket.c|  2 +-
>  4 files changed, 57 insertions(+), 8 deletions(-)
> 
> diff --git a/migration/migration.c b/migration/migration.c
> index 8e9505a..b78dffc 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -381,7 +381,7 @@ static void migration_incoming_setup(QEMUFile *f)
>  qemu_file_set_blocking(f, false);
>  }
>  
> -static void migration_incoming_process(void)
> +void migration_incoming_process(void)
>  {
>  Coroutine *co = qemu_coroutine_create(process_incoming_migration_co, 
> NULL);
>  qemu_coroutine_enter(co);
> @@ -400,9 +400,10 @@ void migration_ioc_process_incoming(QIOChannel *ioc)
>  if (!mis->from_src_file) {
>  QEMUFile *f = qemu_fopen_channel_input(ioc);
>  mis->from_src_file = f;
> -migration_fd_process_incoming(f);
> +migration_incoming_setup(f);

Here now we only setup the incoming channels, but not processing it
any more. Then would it be good we rename the function name as well?
The old "migration_ioc_process_incoming" has hints that it processed
something... And...

> +return;
>  }
> -/* We still only have a single channel.  Nothing to do here yet */
> +multifd_new_channel(ioc);
>  }

[...]

> @@ -183,12 +183,12 @@ static gboolean 
> socket_accept_incoming_migration(QIOChannel *ioc,
>  
>  qio_channel_set_name(QIO_CHANNEL(sioc), "migration-socket-incoming");
>  migration_channel_process_incoming(QIO_CHANNEL(sioc));
> -object_unref(OBJECT(sioc));
>  
>  out:
>  if (migration_has_all_channels()) {
>  /* Close listening socket as its no longer needed */
>  qio_channel_close(ioc, NULL);
> +migration_incoming_process();

... here we only added migration_incoming_process() for sockets. Would
that break fd/exec migration?

Thanks,

>  return G_SOURCE_REMOVE;
>  } else {
>  return G_SOURCE_CONTINUE;

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v6 19/19] migration: Flush receive queue

[Peter Xu]

On Tue, Aug 08, 2017 at 06:26:29PM +0200, Juan Quintela wrote:
> Each time that we sync the bitmap, it is a possiblity that we receive
> a page that is being processed by a different thread.  We fix this
> problem just making sure that we wait for all receiving threads to
> finish its work before we procedeed with the next stage.
> 
> We are low on page flags, so we use a combination that is not valid to
> emit that message:  MULTIFD_PAGE and COMPRESSED.
> 
> I tried to make a migration command for it, but it don't work because
> we sync the bitmap sometimes when we have already sent the beggining
> of the section, so I just added a new page flag.
> 
> Signed-off-by: Juan Quintela 

Oh, I just pop up an idea on whether we can just avoid introduing the
new flush command...

Can we just hash the page address into the channel number we send?
Then if we are sending the same page, it will always be on the same
channel. Since it's on the same channel, the order of arrival is also
deterministic.

It may affect performance, at least in two ways:

- it can be slower, considering we may need to wait on specific
  channel when send. But it may not be a big problem since we have a
  local IOV array buffer, then when the array buffer is full, the old
  send() should mostly be completed I guess.

- it can be faster, considering that we don't need the flush any more,
  so receiving is faster (no need to wait for all the channels to
  complete on flush).

Makes any sense?

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v6 02/19] migration: Teach it about G_SOURCE_REMOVE

[Peter Xu]

On Tue, Aug 08, 2017 at 06:26:12PM +0200, Juan Quintela wrote:
> As this is defined on glib 2.32, add compatibility macros for older glibs.
> 
> Signed-off-by: Juan Quintela 

Reviewed-by: Peter Xu 

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v6 01/19] migration: Create migration_ioc_process_incoming()

[Peter Xu]

On Tue, Aug 08, 2017 at 06:26:11PM +0200, Juan Quintela wrote:

[...]

>  void migration_fd_process_incoming(QEMUFile *f)
>  {
> -Coroutine *co = qemu_coroutine_create(process_incoming_migration_co, f);
> -
> +Coroutine *co = qemu_coroutine_create(process_incoming_migration_co, 
> NULL);
> +MigrationIncomingState *mis = migration_incoming_get_current();
> +
> +if (!mis->from_src_file) {
> +mis->from_src_file = f;

[1]

> +}
>  qemu_file_set_blocking(f, false);
>  qemu_coroutine_enter(co);
>  }
>  
> +void migration_ioc_process_incoming(QIOChannel *ioc)
> +{
> +MigrationIncomingState *mis = migration_incoming_get_current();
> +
> +if (!mis->from_src_file) {
> +QEMUFile *f = qemu_fopen_channel_input(ioc);
> +mis->from_src_file = f;

Remove this line? Since migration_fd_process_incoming() will set it up
as well below at [1].

Then we can make sure there will be only one place to setup
from_src_file.

> +migration_fd_process_incoming(f);
> +}
> +/* We still only have a single channel.  Nothing to do here yet */
> +}

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 1/2] vl: Factor object_create() out of main()

[Philippe Mathieu-Daudé]

On 08/10/2017 01:28 PM, Markus Armbruster wrote:

Eric Blake  writes:


On 08/10/2017 07:25 AM, Markus Armbruster wrote:

Signed-off-by: Markus Armbruster 


for the refactor:
Reviewed-by: Philippe Mathieu-Daudé 


---
  vl.c | 21 ++---
  1 file changed, 10 insertions(+), 11 deletions(-)




+++ b/vl.c
@@ -2845,7 +2845,6 @@ static bool object_create_initial(const char *type)
  return true;
  }
  
-

  /*


Spurious whitespace change? I can live with it because it adds
consistency, but it's not on a function directly touched by this patch.


Not intentional (alternatively: I've since forgotten).  I'll drop it.


If you ever send the whitespace change as another patch with at least 
some funny message:

Reviewed-by: Philippe Mathieu-Daudé 




Reviewed-by: Eric Blake 


Thanks!

[Qemu-devel] [PATCH 2/2] HACK: define NBD_SERVER_DEBUG to force malicious server

[Eric Blake]

---
 nbd/server.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/nbd/server.c b/nbd/server.c
index 82a78bf439..d6fbd46370 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -919,6 +919,17 @@ static int nbd_send_reply(QIOChannel *ioc, NBDReply 
*reply, Error **errp)
 stl_be_p(buf + 4, reply->error);
 stq_be_p(buf + 8, reply->handle);

+static int debug;
+static int count;
+if (!count++) {
+const char *str = getenv("NBD_SERVER_DEBUG");
+if (str) {
+debug = atoi(str);
+}
+}
+if (debug && !(count % debug)) {
+buf[0] = 0;
+}
 return nbd_write(ioc, buf, sizeof(buf), errp);
 }

-- 
2.13.4

[Qemu-devel] [PATCH 1/2] nbd: Drop connection if broken server is detected

[Eric Blake]

As soon as the server is sending us garbage, we should quit
trying to send further messages to the server, and allow all
pending coroutines for any remaining replies to error out.
Failure to do so can let a malicious server cause the client
to hang, for example, if the server sends an invalid magic
number in its response.

Reported by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Eric Blake 
---
 block/nbd-client.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/block/nbd-client.c b/block/nbd-client.c
index 25dd28406b..802d50b636 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -68,7 +68,8 @@ static void nbd_teardown_connection(BlockDriverState *bs)

 static coroutine_fn void nbd_read_reply_entry(void *opaque)
 {
-NBDClientSession *s = opaque;
+BlockDriverState *bs = opaque;
+NBDClientSession *s = nbd_get_client_session(bs);
 uint64_t i;
 int ret;
 Error *local_err = NULL;
@@ -107,8 +108,12 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
 qemu_coroutine_yield();
 }

+s->reply.handle = 0;
 nbd_recv_coroutines_enter_all(s);
 s->read_reply_co = NULL;
+if (ret < 0) {
+nbd_teardown_connection(bs);
+}
 }

 static int nbd_co_send_request(BlockDriverState *bs,
@@ -416,7 +421,7 @@ int nbd_client_init(BlockDriverState *bs,
 /* Now that we're connected, set the socket to be non-blocking and
  * kick the reply mechanism.  */
 qio_channel_set_blocking(QIO_CHANNEL(sioc), false, NULL);
-client->read_reply_co = qemu_coroutine_create(nbd_read_reply_entry, 
client);
+client->read_reply_co = qemu_coroutine_create(nbd_read_reply_entry, bs);
 nbd_client_attach_aio_context(bs, bdrv_get_aio_context(bs));

 logout("Established connection with NBD server\n");
-- 
2.13.4

[Qemu-devel] [PATCH for-2.10 0/2] Fix NBD client after server error

[Eric Blake]

Patch 1 is a much smaller patch than Vladimir's attempt [1] at fixing
the client in the face of a malicious server.

[1] https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01501.html

Patch 2 is not to be applied; it is a hack for easily creating a
malicious server; by setting NBD_SERVER_DEBUG to a positive integer,
the server will intentionally send bad magic when it reaches that
many replies.

I tested using:
 NBD_SERVER_DEBUG=1 ./qemu-nbd -f raw -x foo file
coupled with
 qemu-io -c 'r 0 1' -c 'r 0 1' -f raw nbd://localhost:10809/foo

Without the patch, the qemu-io client hangs; with the patch, the
client reports 'read failed: Input/output error' for the first read
(where the bad server was detected) and 'read failed: Broken pipe'
for the second (because the client has already dropped the
connection from the bad server).

I would like this to go in -rc3, but would definitely appreciate
review, as the manipulation of coroutines was tricky for me to
step through in the debugger, and I want to make sure I'm not
leaking any memory or stranding an incomplete coroutine.

Eric Blake (2):
  nbd: Drop connection if broken server is detected
  HACK: define NBD_SERVER_DEBUG to force malicious server

 block/nbd-client.c |  9 +++--
 nbd/server.c   | 11 +++
 2 files changed, 18 insertions(+), 2 deletions(-)

-- 
2.13.4

[Qemu-devel] [PATCH] nbd: Fix trace message for disconnect

[Eric Blake]

NBD_CMD_DISC is a disconnect request, not a data discard request.

Signed-off-by: Eric Blake 
---

Although this is not 2.10 material in isolation (it is only a
bad trace message), I don't mind including it in a larger pull
request; I'm still planning to fix the issue of a client hanging
on a malicious server in time for -rc3 (whether via Vladimir's
patch or a smaller one that I'm testing locally).

 nbd/common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nbd/common.c b/nbd/common.c
index a2f28f2eec..e288d1b972 100644
--- a/nbd/common.c
+++ b/nbd/common.c
@@ -182,7 +182,7 @@ const char *nbd_cmd_lookup(uint16_t cmd)
 case NBD_CMD_WRITE:
 return "write";
 case NBD_CMD_DISC:
-return "discard";
+return "disconnect";
 case NBD_CMD_FLUSH:
 return "flush";
 case NBD_CMD_TRIM:
-- 
2.13.4

Re: [Qemu-devel] block replication

[Xie Changlong]

在 8/10/2017 8:26 PM, Vladimir Sementsov-Ogievskiy 写道:

09.08.2017 17:11, Vladimir Sementsov-Ogievskiy wrote:

Hi Wen!

I'm trying to understand block/replication code and have a question.

Why should we block the region from intersecting cow requests when 
read? If I understand correctly


regardless of writes to the secondary-disk we have consistent view of 
it through hidden-disk:


Even if we are intersecting with some writes to secondary-disk (and 
corresponding cow-requests), the


data in secondary disk will not be updated until backed up to 
hidden-disk, therefore, for read we have two


options:

1. read old data from secondary-disk (unallocated region in 
hidden-disk means data in secondary-disk is not updated yet)


2. read backed-up data from hidden-disk (data in secondary-disk may be 
already updated but we don't care)


(the whole region to read may consists of parts, corresponding to 1 or 
2, but this should be ok too)


Where am I wrong?


Ok, now I think this is needed to prevent intersecting of writes and 
reads on hidden-disk. If it so, I think it is better to use serializing 


Hi, Vladimir. Pls refer 
https://lists.nongnu.org/archive/html/qemu-devel/2016-05/msg03025.html


BTW, wen's email has changed, also CC Zhang Hailiang, Zhang Chen, Li Zhijian


requests
mechanism (just serialize all requests on hidden-disk, and on write wait 
for all intersecting serializing requests, on read wait for intersecting 
serializing writes) - it may require additional
option for BlockDriverState, but it is more generic and more clear than 
export internal backup things to lock disk region. This also can be 
reused for image-fleecing scheme
(which is based on same pattern  [active-disk is backing for temp-disk, 
backup sync=none from active to temp, read from temp])





==

static coroutine_fn int replication_co_readv(BlockDriverState *bs,
 int64_t sector_num,
 int remaining_sectors,
 QEMUIOVector *qiov)
{
BDRVReplicationState *s = bs->opaque;
BdrvChild *child = s->secondary_disk;
BlockJob *job = NULL;
CowRequest req;
int ret;

if (s->mode == REPLICATION_MODE_PRIMARY) {
/* We only use it to forward primary write requests */
return -EIO;
}

ret = replication_get_io_status(s);
if (ret < 0) {
return ret;
}

if (child && child->bs) {
job = child->bs->job;
}

if (job) {
uint64_t remaining_bytes = remaining_sectors * BDRV_SECTOR_SIZE;

backup_wait_for_overlapping_requests(child->bs->job,
 sector_num * 
BDRV_SECTOR_SIZE,

remaining_bytes);
backup_cow_request_begin(, child->bs->job,
 sector_num * BDRV_SECTOR_SIZE,
remaining_bytes);
ret = bdrv_co_readv(bs->file, sector_num, remaining_sectors,
qiov);
backup_cow_request_end();
goto out;
}

ret = bdrv_co_readv(bs->file, sector_num, remaining_sectors, qiov);
out:
return replication_return_value(s, ret);
}





--
Thanks
-Xie

[Qemu-devel] [Bug 1706296] Re: Booting NT 4 disk causes /home/rjones/d/qemu/cpus.c:1580:qemu_mutex_lock_iothread: assertion failed: (!qemu_mutex_iothread_locked())

[John Arbuckle]

Using '-cpu 486' gets past the assertion error. I guess Windows NT 4.0
is not compatible with newer Intel processors.

Currently I can install Windows NT 4.0, but booting from the
installation has its problems. It won't boot unless you use the NTFS
file system. Even with this file system I still see a BSOD that states
INACCESSIBLE_BOOT_DEVICE. Not sure what is wrong. Switching to a SCSI
controller didn't help.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1706296

Title:
  Booting NT 4 disk causes
  /home/rjones/d/qemu/cpus.c:1580:qemu_mutex_lock_iothread: assertion
  failed: (!qemu_mutex_iothread_locked())

Status in QEMU:
  New

Bug description:
  Grab the NT 4 disk from
  https://archive.org/details/Microsoft_Windows_NT_Server_Version_4.0_227-075
  -385_CD-KEY_419-1343253_1996

  Try to boot it as follows:

  qemu-system-x86_64 -hda disk.img -cdrom 
Microsoft_Windows_NT_Server_Version_4.0_227-075-385_CD-KEY_419-1343253_1996.iso 
-m 2048 -boot d -machine pc,accel=tcg
  WARNING: Image format was not specified for 'disk.img' and probing guessed 
raw.
   Automatically detecting the format is dangerous for raw images, 
write operations on block 0 will be restricted.
   Specify the 'raw' format explicitly to remove the restrictions.
  **
  ERROR:/home/rjones/d/qemu/cpus.c:1580:qemu_mutex_lock_iothread: assertion 
failed: (!qemu_mutex_iothread_locked())
  Aborted (core dumped)

  The stack trace in the failing thread is:

  Thread 4 (Thread 0x7fffb0418700 (LWP 21979)):
  #0  0x7fffdd89b64b in raise () at /lib64/libc.so.6
  #1  0x7fffdd89d450 in abort () at /lib64/libc.so.6
  #2  0x7fffdff8c75d in g_assertion_message () at /lib64/libglib-2.0.so.0
  #3  0x7fffdff8c7ea in g_assertion_message_expr ()
  at /lib64/libglib-2.0.so.0
  #4  0x557a7d00 in qemu_mutex_lock_iothread ()
  at /home/rjones/d/qemu/cpus.c:1580
  #5  0x557cb429 in io_writex (env=env@entry=0x56751400, 
iotlbentry=0x5675b678, 
  iotlbentry@entry=0x5ae40c918, val=val@entry=8, 
addr=addr@entry=2148532220, retaddr=0, retaddr@entry=93825011136120, 
size=size@entry=4)
  at /home/rjones/d/qemu/accel/tcg/cputlb.c:795
  #6  0x557ce0f7 in io_writel (retaddr=93825011136120, addr=2148532220, 
val=8, index=255, mmu_idx=21845, env=0x56751400)
  at /home/rjones/d/qemu/softmmu_template.h:265
  #7  0x557ce0f7 in helper_le_stl_mmu (env=env@entry=0x56751400, 
addr=addr@entry=2148532220, val=val@entry=8, oi=, 
retaddr=93825011136120, retaddr@entry=0) at 
/home/rjones/d/qemu/softmmu_template.h:300
  #8  0x5587c0a4 in cpu_stl_kernel_ra (env=0x56751400, 
ptr=2148532220, v=8, retaddr=0) at 
/home/rjones/d/qemu/include/exec/cpu_ldst_template.h:182
  #9  0x55882610 in do_interrupt_protected (is_hw=, 
next_eip=, error_code=2, is_int=, 
intno=, env=0x56751400) at 
/home/rjones/d/qemu/target/i386/seg_helper.c:758
  #10 0x55882610 in do_interrupt_all (cpu=cpu@entry=0x56749170, 
intno=, is_int=, error_code=2, 
next_eip=, is_hw=is_hw@entry=0) at 
/home/rjones/d/qemu/target/i386/seg_helper.c:1252
  #11 0x558839d3 in x86_cpu_do_interrupt (cs=0x56749170)
  at /home/rjones/d/qemu/target/i386/seg_helper.c:1298
  #12 0x557d2ccb in cpu_handle_exception (ret=, 
cpu=0x566a4590) at /home/rjones/d/qemu/accel/tcg/cpu-exec.c:465
  #13 0x557d2ccb in cpu_exec (cpu=cpu@entry=0x56749170)
  at /home/rjones/d/qemu/accel/tcg/cpu-exec.c:670
  #14 0x557a855a in tcg_cpu_exec (cpu=0x56749170)
  at /home/rjones/d/qemu/cpus.c:1270
  #15 0x557a855a in qemu_tcg_rr_cpu_thread_fn (arg=)
  at /home/rjones/d/qemu/cpus.c:1365
  #16 0x7fffddc3d36d in start_thread () at /lib64/libpthread.so.0
  #17 0x7fffdd975b9f in clone () at /lib64/libc.so.6

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1706296/+subscriptions

[Qemu-devel] [PATCH v5 2/4] hw/pci: introduce bridge-only vendor-specific capability to provide some hints to firmware

[Aleksandr Bezzubikov]

On PCI init PCI bridges may need some extra info about bus number,
IO, memory and prefetchable memory to reserve. QEMU can provide this
with a special vendor-specific PCI capability.

Signed-off-by: Aleksandr Bezzubikov 
Reviewed-by: Marcel Apfelbaum 
---
 hw/pci/pci_bridge.c | 54 +
 include/hw/pci/pci_bridge.h | 24 
 2 files changed, 78 insertions(+)

diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
index 720119b..2495a51 100644
--- a/hw/pci/pci_bridge.c
+++ b/hw/pci/pci_bridge.c
@@ -408,6 +408,60 @@ void pci_bridge_map_irq(PCIBridge *br, const char* 
bus_name,
 br->bus_name = bus_name;
 }
 
+
+int pci_bridge_qemu_reserve_cap_init(PCIDevice *dev, int cap_offset,
+  uint32_t bus_reserve, uint64_t io_reserve,
+  uint32_t mem_non_pref_reserve,
+  uint32_t mem_pref_32_reserve,
+  uint64_t mem_pref_64_reserve,
+  Error **errp)
+{
+if (mem_pref_32_reserve != (uint32_t)-1 &&
+mem_pref_64_reserve != (uint64_t) -1) {
+error_setg(errp,
+   "PCI resource reserve cap: PREF32 and PREF64 conflict");
+return -EINVAL;
+}
+
+if (bus_reserve == (uint32_t)-1 &&
+io_reserve == (uint64_t)-1 &&
+mem_non_pref_reserve == (uint32_t)-1 &&
+mem_pref_32_reserve == (uint32_t)-1 &&
+mem_pref_64_reserve == (uint64_t)-1) {
+return 0;
+}
+
+size_t cap_len = sizeof(PCIBridgeQemuCap);
+PCIBridgeQemuCap cap = {
+.len = cap_len,
+.type = REDHAT_PCI_CAP_RESOURCE_RESERVE,
+.bus_res = bus_reserve,
+.io = io_reserve,
+.mem = mem_non_pref_reserve,
+.mem_pref_32 = (uint32_t)-1,
+.mem_pref_64 = (uint64_t)-1
+};
+
+if (mem_pref_32_reserve != (uint32_t)-1 &&
+mem_pref_64_reserve == (uint64_t)-1) {
+cap.mem_pref_32 = mem_pref_32_reserve;
+} else if (mem_pref_32_reserve == (uint32_t)-1 &&
+mem_pref_64_reserve != (uint64_t)-1) {
+cap.mem_pref_64 = mem_pref_64_reserve;
+}
+
+int offset = pci_add_capability(dev, PCI_CAP_ID_VNDR,
+cap_offset, cap_len, errp);
+if (offset < 0) {
+return offset;
+}
+
+memcpy(dev->config + offset + PCI_CAP_FLAGS,
+(char *) + PCI_CAP_FLAGS,
+cap_len - PCI_CAP_FLAGS);
+return 0;
+}
+
 static const TypeInfo pci_bridge_type_info = {
 .name = TYPE_PCI_BRIDGE,
 .parent = TYPE_PCI_DEVICE,
diff --git a/include/hw/pci/pci_bridge.h b/include/hw/pci/pci_bridge.h
index ff7cbaa..2d8c635 100644
--- a/include/hw/pci/pci_bridge.h
+++ b/include/hw/pci/pci_bridge.h
@@ -67,4 +67,28 @@ void pci_bridge_map_irq(PCIBridge *br, const char* bus_name,
 #define  PCI_BRIDGE_CTL_DISCARD_STATUS 0x400   /* Discard timer status */
 #define  PCI_BRIDGE_CTL_DISCARD_SERR   0x800   /* Discard timer SERR# enable */
 
+typedef struct PCIBridgeQemuCap {
+uint8_t id; /* Standard PCI capability header field */
+uint8_t next;   /* Standard PCI capability header field */
+uint8_t len;/* Standard PCI vendor-specific capability header field */
+uint8_t type;   /* Red Hat vendor-specific capability type.
+   Types are defined with REDHAT_PCI_CAP_ prefix */
+
+uint32_t bus_res;   /* Minimum number of buses to reserve */
+uint64_t io;/* IO space to reserve */
+uint32_t mem;   /* Non-prefetchable memory to reserve */
+/* This two fields are mutually exclusive */
+uint32_t mem_pref_32; /* Prefetchable memory to reserve (32-bit MMIO) */
+uint64_t mem_pref_64; /* Prefetchable memory to reserve (64-bit MMIO) */
+} PCIBridgeQemuCap;
+
+#define REDHAT_PCI_CAP_RESOURCE_RESERVE 1
+
+int pci_bridge_qemu_reserve_cap_init(PCIDevice *dev, int cap_offset,
+  uint32_t bus_reserve, uint64_t io_reserve,
+  uint32_t mem_non_pref_reserve,
+  uint32_t mem_pref_32_reserve,
+  uint64_t mem_pref_64_reserve,
+  Error **errp);
+
 #endif /* QEMU_PCI_BRIDGE_H */
-- 
2.7.4

[Qemu-devel] [PATCH v5 4/4] docs: update documentation considering PCIE-PCI bridge

[Aleksandr Bezzubikov]

Signed-off-by: Aleksandr Bezzubikov 
---
 docs/pcie.txt|  49 ++--
 docs/pcie_pci_bridge.txt | 115 +++
 2 files changed, 141 insertions(+), 23 deletions(-)
 create mode 100644 docs/pcie_pci_bridge.txt

diff --git a/docs/pcie.txt b/docs/pcie.txt
index 5bada24..76b85ec 100644
--- a/docs/pcie.txt
+++ b/docs/pcie.txt
@@ -46,7 +46,7 @@ Place only the following kinds of devices directly on the 
Root Complex:
 (2) PCI Express Root Ports (ioh3420), for starting exclusively PCI Express
 hierarchies.
 
-(3) DMI-PCI Bridges (i82801b11-bridge), for starting legacy PCI
+(3) PCI Express to PCI Bridge (pcie-pci-bridge), for starting legacy PCI
 hierarchies.
 
 (4) Extra Root Complexes (pxb-pcie), if multiple PCI Express Root Buses
@@ -55,18 +55,18 @@ Place only the following kinds of devices directly on the 
Root Complex:
pcie.0 bus

 |||  |
-   ---   --   --   --
-   | PCI Dev |   | PCIe Root Port |   | DMI-PCI Bridge |   |  pxb-pcie  |
-   ---   --   --   --
+   ---   --   ---   --
+   | PCI Dev |   | PCIe Root Port |   | PCIe-PCI Bridge |   |  pxb-pcie  |
+   ---   --   ---   --
 
 2.1.1 To plug a device into pcie.0 as a Root Complex Integrated Endpoint use:
   -device [,bus=pcie.0]
 2.1.2 To expose a new PCI Express Root Bus use:
   -device pxb-pcie,id=pcie.1,bus_nr=x[,numa_node=y][,addr=z]
-  Only PCI Express Root Ports and DMI-PCI bridges can be connected
-  to the pcie.1 bus:
+  PCI Express Root Ports and PCI Express to PCI bridges can be
+  connected to the pcie.1 bus:
   -device 
ioh3420,id=root_port1[,bus=pcie.1][,chassis=x][,slot=y][,addr=z]
 \
-  -device i82801b11-bridge,id=dmi_pci_bridge1,bus=pcie.1
+  -device pcie-pci-bridge,id=pcie_pci_bridge1,bus=pcie.1
 
 
 2.2 PCI Express only hierarchy
@@ -130,24 +130,24 @@ Notes:
 Legacy PCI devices can be plugged into pcie.0 as Integrated Endpoints,
 but, as mentioned in section 5, doing so means the legacy PCI
 device in question will be incapable of hot-unplugging.
-Besides that use DMI-PCI Bridges (i82801b11-bridge) in combination
-with PCI-PCI Bridges (pci-bridge) to start PCI hierarchies.
+Besides that use PCI Express to PCI Bridges (pcie-pci-bridge) in
+combination with PCI-PCI Bridges (pci-bridge) to start PCI hierarchies.
 
-Prefer flat hierarchies. For most scenarios a single DMI-PCI Bridge
+Prefer flat hierarchies. For most scenarios a single PCI Express to PCI Bridge
 (having 32 slots) and several PCI-PCI Bridges attached to it
 (each supporting also 32 slots) will support hundreds of legacy devices.
-The recommendation is to populate one PCI-PCI Bridge under the DMI-PCI Bridge
-until is full and then plug a new PCI-PCI Bridge...
+The recommendation is to populate one PCI-PCI Bridge under the
+PCI Express to PCI Bridge until is full and then plug a new PCI-PCI Bridge...
 
pcie.0 bus
--
 ||
-   ---   --
-   | PCI Dev |   | DMI-PCI BRIDGE |
-   ----
+   ---   ---
+   | PCI Dev |   | PCIe-PCI Bridge |
+   ---   ---
||
   ----
-  | PCI-PCI Bridge || PCI-PCI Bridge |   ...
+  | PCI-PCI Bridge || PCI-PCI Bridge |
   ----
  |   |
   --- ---
@@ -157,11 +157,11 @@ until is full and then plug a new PCI-PCI Bridge...
 2.3.1 To plug a PCI device into pcie.0 as an Integrated Endpoint use:
   -device [,bus=pcie.0]
 2.3.2 Plugging a PCI device into a PCI-PCI Bridge:
-  -device i82801b11-bridge,id=dmi_pci_bridge1[,bus=pcie.0] 
   \
-  -device 
pci-bridge,id=pci_bridge1,bus=dmi_pci_bridge1[,chassis_nr=x][,addr=y]   \
+  -device pcie-pci-bridge,id=pcie_pci_bridge1[,bus=pcie.0] \
+  -device 
pci-bridge,id=pci_bridge1,bus=pcie_pci_bridge1[,chassis_nr=x][,addr=y] \
   -device ,bus=pci_bridge1[,addr=x]
   Note that 'addr' cannot be 0 unless shpc=off parameter is passed to
-  the PCI Bridge.
+  the PCI Bridge/PCI Express to PCI Bridge.
 
 3. IO space issues
 ===
@@ -219,14 +219,16 @@ do not support hot-plug, so 

[Qemu-devel] [PATCH v5 1/4] hw/pci: introduce pcie-pci-bridge device

[Aleksandr Bezzubikov]

Introduce a new PCIExpress-to-PCI Bridge device,
which is a hot-pluggable PCI Express device and
supports devices hot-plug with SHPC.

This device is intended to replace the DMI-to-PCI Bridge.

Signed-off-by: Aleksandr Bezzubikov 
---
 hw/pci-bridge/Makefile.objs |   2 +-
 hw/pci-bridge/pcie_pci_bridge.c | 192 
 include/hw/pci/pci.h|   1 +
 3 files changed, 194 insertions(+), 1 deletion(-)
 create mode 100644 hw/pci-bridge/pcie_pci_bridge.c

diff --git a/hw/pci-bridge/Makefile.objs b/hw/pci-bridge/Makefile.objs
index c4683cf..666db37 100644
--- a/hw/pci-bridge/Makefile.objs
+++ b/hw/pci-bridge/Makefile.objs
@@ -1,4 +1,4 @@
-common-obj-y += pci_bridge_dev.o
+common-obj-y += pci_bridge_dev.o pcie_pci_bridge.o
 common-obj-$(CONFIG_PCIE_PORT) += pcie_root_port.o gen_pcie_root_port.o
 common-obj-$(CONFIG_PXB) += pci_expander_bridge.o
 common-obj-$(CONFIG_XIO3130) += xio3130_upstream.o xio3130_downstream.o
diff --git a/hw/pci-bridge/pcie_pci_bridge.c b/hw/pci-bridge/pcie_pci_bridge.c
new file mode 100644
index 000..9aa5cc3
--- /dev/null
+++ b/hw/pci-bridge/pcie_pci_bridge.c
@@ -0,0 +1,192 @@
+/*
+ * QEMU Generic PCIE-PCI Bridge
+ *
+ * Copyright (c) 2017 Aleksandr Bezzubikov
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_bus.h"
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/shpc.h"
+#include "hw/pci/slotid_cap.h"
+
+typedef struct PCIEPCIBridge {
+/*< private >*/
+PCIBridge parent_obj;
+
+OnOffAuto msi;
+MemoryRegion shpc_bar;
+/*< public >*/
+} PCIEPCIBridge;
+
+#define TYPE_PCIE_PCI_BRIDGE_DEV "pcie-pci-bridge"
+#define PCIE_PCI_BRIDGE_DEV(obj) \
+OBJECT_CHECK(PCIEPCIBridge, (obj), TYPE_PCIE_PCI_BRIDGE_DEV)
+
+static void pcie_pci_bridge_realize(PCIDevice *d, Error **errp)
+{
+PCIBridge *br = PCI_BRIDGE(d);
+PCIEPCIBridge *pcie_br = PCIE_PCI_BRIDGE_DEV(d);
+int rc, pos;
+
+pci_bridge_initfn(d, TYPE_PCI_BUS);
+
+d->config[PCI_INTERRUPT_PIN] = 0x1;
+memory_region_init(_br->shpc_bar, OBJECT(d), "shpc-bar",
+   shpc_bar_size(d));
+rc = shpc_init(d, >sec_bus, _br->shpc_bar, 0, errp);
+if (rc) {
+goto error;
+}
+
+rc = pcie_cap_init(d, 0, PCI_EXP_TYPE_PCI_BRIDGE, 0, errp);
+if (rc < 0) {
+goto cap_error;
+}
+
+pos = pci_add_capability(d, PCI_CAP_ID_PM, 0, PCI_PM_SIZEOF, errp);
+if (pos < 0) {
+goto pm_error;
+}
+d->exp.pm_cap = pos;
+pci_set_word(d->config + pos + PCI_PM_PMC, 0x3);
+
+pcie_cap_arifwd_init(d);
+pcie_cap_deverr_init(d);
+
+rc = pcie_aer_init(d, PCI_ERR_VER, 0x100, PCI_ERR_SIZEOF, errp);
+if (rc < 0) {
+goto aer_error;
+}
+
+if (pcie_br->msi != ON_OFF_AUTO_OFF) {
+rc = msi_init(d, 0, 1, true, true, errp);
+if (rc < 0) {
+goto msi_error;
+}
+}
+pci_register_bar(d, 0, PCI_BASE_ADDRESS_SPACE_MEMORY |
+ PCI_BASE_ADDRESS_MEM_TYPE_64, _br->shpc_bar);
+return;
+
+msi_error:
+pcie_aer_exit(d);
+aer_error:
+pm_error:
+pcie_cap_exit(d);
+cap_error:
+shpc_free(d);
+error:
+pci_bridge_exitfn(d);
+}
+
+static void pcie_pci_bridge_exit(PCIDevice *d)
+{
+PCIEPCIBridge *bridge_dev = PCIE_PCI_BRIDGE_DEV(d);
+pcie_cap_exit(d);
+shpc_cleanup(d, _dev->shpc_bar);
+pci_bridge_exitfn(d);
+}
+
+static void pcie_pci_bridge_reset(DeviceState *qdev)
+{
+PCIDevice *d = PCI_DEVICE(qdev);
+pci_bridge_reset(qdev);
+msi_reset(d);
+shpc_reset(d);
+}
+
+static void pcie_pci_bridge_write_config(PCIDevice *d,
+uint32_t address, uint32_t val, int len)
+{
+pci_bridge_write_config(d, address, val, len);
+msi_write_config(d, address, val, len);
+shpc_cap_write_config(d, address, val, len);
+}
+
+static Property pcie_pci_bridge_dev_properties[] = {
+DEFINE_PROP_ON_OFF_AUTO("msi", PCIEPCIBridge, msi, ON_OFF_AUTO_ON),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static const VMStateDescription pcie_pci_bridge_dev_vmstate = {
+.name = TYPE_PCIE_PCI_BRIDGE_DEV,
+.fields = (VMStateField[]) {
+VMSTATE_PCI_DEVICE(parent_obj, PCIBridge),
+SHPC_VMSTATE(shpc, PCIDevice, NULL),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static void pcie_pci_bridge_hotplug_cb(HotplugHandler *hotplug_dev,
+  DeviceState *dev, Error **errp)
+{
+PCIDevice *pci_hotplug_dev = PCI_DEVICE(hotplug_dev);
+
+if (!shpc_present(pci_hotplug_dev)) {
+error_setg(errp, "standard hotplug controller has been disabled for "
+   "this %s", TYPE_PCIE_PCI_BRIDGE_DEV);
+return;
+}
+shpc_device_hotplug_cb(hotplug_dev, dev, errp);
+}
+
+static void 

[Qemu-devel] [PATCH v5 0/4] Generic PCIE-PCI Bridge

[Aleksandr Bezzubikov]

This series introduces a new device - Generic PCI Express to PCI bridge,
and also makes all necessary changes to enable hotplug of the bridge itself
and any device into the bridge.

Changes v4->v5:
1. Change PCIE-PCI Bridge license (addresses Marcel's comment)
2. The capability layout changes (adress Laszlo' comments): 
- separate pref_mem into pref_mem_32 and pref_mem_64 fields (SeaBIOS side 
has the same changes)
- accordingly change the Generic Root Port's properties
3. Do not add the capability to the root port if no valid values are provided 
(adresses Michael's comment)
4. Rename the capability type to 'RESOURCE_RESERVE' (addresses Marcel's comment)
5. Remove shpc_present check function (addresses Marcel's comment)
6. Fix the 4th patch message (adresses Michael's comment)
7. Patch for SHPC enabling in _OSC method has been already merged

Changes v3->v4:
1. PCIE-PCI Bridge device: "msi_enable"->"msi", "shpc"->"shpc_bar", remove 
local_err,
   make "msi" property OnOffAuto, shpc_present() is still here 
   to avoid SHPC_VMSTATE refactoring (address Marcel's comments). 
2. Change QEMU PCI capability layout (SeaBIOS side has the same changes):
  - change reservation fields types: bus_res - uint32_t, others - uint64_t
  - rename 'non_pref' and 'pref' fields
  - interpret -1 value as 'ignore'
3. Use parent_realize in Generic PCI Express Root Port properly.
4. Fix documentation: fully replace the DMI-PCI bridge references with the new 
PCIE-PCI bridge,
"PCIE"->"PCI Express", small mistakes and typos - address Laszlo's and Marcel's 
comments.
5. Rename QEMU PCI cap creation fucntion - addresses Marcel's comment.

Changes v2->v3:
(0). 'do_not_use' capability field flag is still _not_ in here since we haven't 
come to consesus on it yet.
1. Merge commits 5 (bus_reserve property creation) and 6 (property usage) 
together - addresses Michael's comment.
2. Add 'bus_reserve' property and QEMU PCI capability only to Generic PCIE Root 
Port - addresses Michael's and Marcel's comments.
3. Change 'bus_reserve' property's default value to 0 - addresses Michael's 
comment.
4. Rename QEMU bridge-specific PCI capability creation function - addresses 
Michael's comment.
5. Init the whole QEMU PCI capability with zeroes - addresses Michael's and 
Laszlo's comments.
6. Change QEMU PCI capability layout (SeaBIOS side has the same changes)
  - add 'type' field to distinguish multiple 
RedHat-specific capabilities - addresses Michael's comment
  - do not mimiс PCI Config space register layout, but use mutually exclusive 
differently
sized fields for IO and prefetchable memory limits - addresses Laszlo's 
comment
7. Correct error handling in PCIE-PCI bridge realize function.
8. Replace a '2' constant with PCI_CAP_FLAGS in the capability creation 
function - addresses Michael's comment.
9. Remove a comment on _OSC which isn't correct anymore - address Marcel's 
comment.
10. Add documentation for the Generic PCIE-PCI Bridge and QEMU PCI capability - 
addresses Michael's comment.

Changes v1->v2:
1. Enable SHPC for the bridge.
2. Enable SHPC support for the Q35 machine (ACPI stuff).
3. Introduce PCI capability to help firmware on the system init.
   This allows the bridge to be hotpluggable. Now it's supported 
   only for pcie-root-port. Now it's supposed to used with 
   SeaBIOS only, look at the SeaBIOS corresponding series
   "Allow RedHat PCI bridges reserve more buses than necessary during init".

Aleksandr Bezzubikov (4):
  hw/pci: introduce pcie-pci-bridge device
  hw/pci: introduce bridge-only vendor-specific capability to provide
some hints to firmware
  hw/pci: add QEMU-specific PCI capability to the Generic PCI Express
Root Port
  docs: update documentation considering PCIE-PCI bridge

 docs/pcie.txt  |  49 +-
 docs/pcie_pci_bridge.txt   | 115 ++
 hw/pci-bridge/Makefile.objs|   2 +-
 hw/pci-bridge/gen_pcie_root_port.c |  36 +++
 hw/pci-bridge/pcie_pci_bridge.c| 192 +
 hw/pci/pci_bridge.c|  54 +++
 include/hw/pci/pci.h   |   1 +
 include/hw/pci/pci_bridge.h|  24 +
 include/hw/pci/pcie_port.h |   1 +
 9 files changed, 450 insertions(+), 24 deletions(-)
 create mode 100644 docs/pcie_pci_bridge.txt
 create mode 100644 hw/pci-bridge/pcie_pci_bridge.c

-- 
2.7.4

[Qemu-devel] [PATCH v5 3/4] hw/pci: add QEMU-specific PCI capability to the Generic PCI Express Root Port

[Aleksandr Bezzubikov]

To enable hotplugging of a newly created pcie-pci-bridge,
we need to tell firmware (e.g. SeaBIOS) to reserve
additional buses or IO/MEM/PREF space for pcie-root-port.
Additional bus reservation allows us to hotplug pcie-pci-bridge into this root 
port.
The number of buses and IO/MEM/PREF space to reserve are provided to the device 
via
a corresponding property, and to the firmware via new PCI capability.
The properties' default values are -1 to keep default behavior unchanged.

Signed-off-by: Aleksandr Bezzubikov 
Reviewed-by: Marcel Apfelbaum 
---
 hw/pci-bridge/gen_pcie_root_port.c | 36 
 include/hw/pci/pcie_port.h |  1 +
 2 files changed, 37 insertions(+)

diff --git a/hw/pci-bridge/gen_pcie_root_port.c 
b/hw/pci-bridge/gen_pcie_root_port.c
index cb694d6..bd65479 100644
--- a/hw/pci-bridge/gen_pcie_root_port.c
+++ b/hw/pci-bridge/gen_pcie_root_port.c
@@ -16,6 +16,8 @@
 #include "hw/pci/pcie_port.h"
 
 #define TYPE_GEN_PCIE_ROOT_PORT"pcie-root-port"
+#define GEN_PCIE_ROOT_PORT(obj) \
+OBJECT_CHECK(GenPCIERootPort, (obj), TYPE_GEN_PCIE_ROOT_PORT)
 
 #define GEN_PCIE_ROOT_PORT_AER_OFFSET   0x100
 #define GEN_PCIE_ROOT_PORT_MSIX_NR_VECTOR   1
@@ -26,6 +28,13 @@ typedef struct GenPCIERootPort {
 /*< public >*/
 
 bool migrate_msix;
+
+/* additional resources to reserve on firmware init */
+uint32_t bus_reserve;
+uint64_t io_reserve;
+uint32_t mem_reserve;
+uint32_t pref32_reserve;
+uint64_t pref64_reserve;
 } GenPCIERootPort;
 
 static uint8_t gen_rp_aer_vector(const PCIDevice *d)
@@ -60,6 +69,24 @@ static bool gen_rp_test_migrate_msix(void *opaque, int 
version_id)
 return rp->migrate_msix;
 }
 
+static void gen_rp_realize(DeviceState *dev, Error **errp)
+{
+PCIDevice *d = PCI_DEVICE(dev);
+GenPCIERootPort *grp = GEN_PCIE_ROOT_PORT(d);
+PCIERootPortClass *rpc = PCIE_ROOT_PORT_GET_CLASS(d);
+
+rpc->parent_realize(dev, errp);
+
+int rc = pci_bridge_qemu_reserve_cap_init(d, 0, grp->bus_reserve,
+grp->io_reserve, grp->mem_reserve, grp->pref32_reserve,
+grp->pref64_reserve, errp);
+
+if (rc < 0) {
+rpc->parent_class.exit(d);
+return;
+}
+}
+
 static const VMStateDescription vmstate_rp_dev = {
 .name = "pcie-root-port",
 .version_id = 1,
@@ -78,6 +105,11 @@ static const VMStateDescription vmstate_rp_dev = {
 
 static Property gen_rp_props[] = {
 DEFINE_PROP_BOOL("x-migrate-msix", GenPCIERootPort, migrate_msix, true),
+DEFINE_PROP_UINT32("bus-reserve", GenPCIERootPort, bus_reserve, -1),
+DEFINE_PROP_UINT64("io-reserve", GenPCIERootPort, io_reserve, -1),
+DEFINE_PROP_UINT32("mem-reserve", GenPCIERootPort, mem_reserve, -1),
+DEFINE_PROP_UINT32("pref32-reserve", GenPCIERootPort, pref32_reserve, -1),
+DEFINE_PROP_UINT64("pref64-reserve", GenPCIERootPort, pref64_reserve, -1),
 DEFINE_PROP_END_OF_LIST()
 };
 
@@ -92,6 +124,10 @@ static void gen_rp_dev_class_init(ObjectClass *klass, void 
*data)
 dc->desc = "PCI Express Root Port";
 dc->vmsd = _rp_dev;
 dc->props = gen_rp_props;
+
+rpc->parent_realize = dc->realize;
+dc->realize = gen_rp_realize;
+
 rpc->aer_vector = gen_rp_aer_vector;
 rpc->interrupts_init = gen_rp_interrupts_init;
 rpc->interrupts_uninit = gen_rp_interrupts_uninit;
diff --git a/include/hw/pci/pcie_port.h b/include/hw/pci/pcie_port.h
index 1333266..0736014 100644
--- a/include/hw/pci/pcie_port.h
+++ b/include/hw/pci/pcie_port.h
@@ -65,6 +65,7 @@ void pcie_chassis_del_slot(PCIESlot *s);
 
 typedef struct PCIERootPortClass {
 PCIDeviceClass parent_class;
+DeviceRealize parent_realize;
 
 uint8_t (*aer_vector)(const PCIDevice *dev);
 int (*interrupts_init)(PCIDevice *dev, Error **errp);
-- 
2.7.4

[Qemu-devel] [PATCH v5 3/3] pci: enable RedHat PCI bridges to reserve additional resource on PCI init

[Aleksandr Bezzubikov]

In case of Red Hat Generic PCIE Root Port reserve additional buses
and/or IO/MEM/PREF space, which values are provided in a vendor-specific 
capability.

Signed-off-by: Aleksandr Bezzubikov 
---
 src/fw/dev-pci.h |   2 +-
 src/fw/pciinit.c | 125 +--
 src/hw/pci_ids.h |   3 ++
 3 files changed, 116 insertions(+), 14 deletions(-)

diff --git a/src/fw/dev-pci.h b/src/fw/dev-pci.h
index cf16b2e..99ccc12 100644
--- a/src/fw/dev-pci.h
+++ b/src/fw/dev-pci.h
@@ -38,7 +38,7 @@
 #define PCI_CAP_REDHAT_TYPE_OFFSET  3
 
 /* List of valid Red Hat vendor-specific capability types */
-#define REDHAT_CAP_RESOURCE_RESERVE1
+#define REDHAT_CAP_RESOURCE_RESERVE 1
 
 
 /* Offsets of RESOURCE_RESERVE capability fields */
diff --git a/src/fw/pciinit.c b/src/fw/pciinit.c
index 864954f..d9aef56 100644
--- a/src/fw/pciinit.c
+++ b/src/fw/pciinit.c
@@ -15,6 +15,7 @@
 #include "hw/pcidevice.h" // pci_probe_devices
 #include "hw/pci_ids.h" // PCI_VENDOR_ID_INTEL
 #include "hw/pci_regs.h" // PCI_COMMAND
+#include "fw/dev-pci.h" // REDHAT_CAP_RESOURCE_RESERVE
 #include "list.h" // struct hlist_node
 #include "malloc.h" // free
 #include "output.h" // dprintf
@@ -522,6 +523,32 @@ static void pci_bios_init_platform(void)
 }
 }
 
+static u8 pci_find_resource_reserve_capability(u16 bdf)
+{
+if (pci_config_readw(bdf, PCI_VENDOR_ID) == PCI_VENDOR_ID_REDHAT &&
+pci_config_readw(bdf, PCI_DEVICE_ID) ==
+PCI_DEVICE_ID_REDHAT_ROOT_PORT) {
+u8 cap = 0;
+do {
+cap = pci_find_capability(bdf, PCI_CAP_ID_VNDR, cap);
+} while (cap &&
+ pci_config_readb(bdf, cap + PCI_CAP_REDHAT_TYPE_OFFSET) !=
+REDHAT_CAP_RESOURCE_RESERVE);
+if (cap) {
+u8 cap_len = pci_config_readb(bdf, cap + PCI_CAP_FLAGS);
+if (cap_len < RES_RESERVE_CAP_SIZE) {
+dprintf(1, "PCI: QEMU resource reserve cap length %d is 
invalid\n",
+cap_len);
+}
+} else {
+dprintf(1, "PCI: invalid QEMU resource reserve cap offset\n");
+}
+return cap;
+} else {
+dprintf(1, "PCI: QEMU resource reserve cap not found\n");
+return 0;
+}
+}
 
 /
  * Bus initialization
@@ -578,9 +605,28 @@ pci_bios_init_bus_rec(int bus, u8 *pci_bus)
 pci_bios_init_bus_rec(secbus, pci_bus);
 
 if (subbus != *pci_bus) {
+u8 res_bus = 0;
+u8 cap = pci_find_resource_reserve_capability(bdf);
+
+if (cap) {
+u32 tmp_res_bus = pci_config_readl(bdf,
+cap + RES_RESERVE_BUS_RES);
+if (tmp_res_bus != (u32)-1) {
+res_bus = tmp_res_bus & 0xFF;
+if ((u8)(res_bus + secbus) < secbus ||
+(u8)(res_bus + secbus) < res_bus) {
+dprintf(1, "PCI: bus_reserve value %d is invalid\n",
+res_bus);
+res_bus = 0;
+}
+}
+res_bus = (*pci_bus > secbus + res_bus) ? *pci_bus
+: secbus + res_bus;
+}
 dprintf(1, "PCI: subordinate bus = 0x%x -> 0x%x\n",
-subbus, *pci_bus);
-subbus = *pci_bus;
+subbus, res_bus);
+subbus = res_bus;
+*pci_bus = res_bus;
 } else {
 dprintf(1, "PCI: subordinate bus = 0x%x\n", subbus);
 }
@@ -844,22 +890,74 @@ static int pci_bios_check_devices(struct pci_bus *busses)
  */
 parent = [0];
 int type;
-u8 pcie_cap = pci_find_capability(s->bus_dev->bdf, PCI_CAP_ID_EXP, 0);
+u16 bdf = s->bus_dev->bdf;
+u8 pcie_cap = pci_find_capability(bdf, PCI_CAP_ID_EXP, 0);
+u8 qemu_cap = pci_find_resource_reserve_capability(bdf);
+
 int hotplug_support = pci_bus_hotplug_support(s, pcie_cap);
 for (type = 0; type < PCI_REGION_TYPE_COUNT; type++) {
 u64 align = (type == PCI_REGION_TYPE_IO) ?
-PCI_BRIDGE_IO_MIN : PCI_BRIDGE_MEM_MIN;
+PCI_BRIDGE_IO_MIN : PCI_BRIDGE_MEM_MIN;
 if (!pci_bridge_has_region(s->bus_dev, type))
 continue;
-if (pci_region_align(>r[type]) > align)
- align = pci_region_align(>r[type]);
-u64 sum = pci_region_sum(>r[type]);
-int resource_optional = pcie_cap && (type == PCI_REGION_TYPE_IO);
-if (!sum && hotplug_support && !resource_optional)
-sum = align; /* reserve min size for hot-plug */
-u64 size = ALIGN(sum, align);
-int is64 = pci_bios_bridge_region_is64(>r[type],
-s->bus_dev, type);
+

[Qemu-devel] [PATCH v5 2/3] pci: add QEMU-specific PCI capability structure

[Aleksandr Bezzubikov]

On PCI init PCI bridge devices may need some
extra info about bus number to reserve, IO, memory and
prefetchable memory limits. QEMU can provide this
with special vendor-specific PCI capability.

This capability is intended to be used only
for Red Hat PCI bridges, i.e. QEMU cooperation.

Signed-off-by: Aleksandr Bezzubikov 
---
 src/fw/dev-pci.h | 52 
 1 file changed, 52 insertions(+)
 create mode 100644 src/fw/dev-pci.h

diff --git a/src/fw/dev-pci.h b/src/fw/dev-pci.h
new file mode 100644
index 000..cf16b2e
--- /dev/null
+++ b/src/fw/dev-pci.h
@@ -0,0 +1,52 @@
+#ifndef _PCI_CAP_H
+#define _PCI_CAP_H
+
+#include "types.h"
+
+/*
+ *
+ * QEMU-specific vendor(Red Hat)-specific capability.
+ * It's intended to provide some hints for firmware to init PCI devices.
+ *
+ * Its structure is shown below:
+ *
+ * Header:
+ *
+ * u8 id;   Standard PCI Capability Header field
+ * u8 next; Standard PCI Capability Header field
+ * u8 len;  Standard PCI Capability Header field
+ * u8 type; Red Hat vendor-specific capability type
+ * Data:
+ *
+ * u32 bus_res; minimum bus number to reserve;
+ *  this is necessary for PCI Express Root Ports
+ *  to support PCI bridges hotplug
+ * u64 io;  IO space to reserve
+ * u32 mem; non-prefetchable memory to reserve
+ *
+ * this two fields are mutually exclusive:
+ * u32 prefetchable_mem_32; prefetchable memory to reserve (32-bit MMIO)
+ * u64 prefetchable_mem_64; prefetchable memory to reserve (64-bit MMIO)
+ *
+ *
+ * If any field value in Data section is 0xFF...F,
+ * it means that such kind of reservation is not needed and must be ignored.
+ *
+*/
+
+/* Offset of vendor-specific capability type field */
+#define PCI_CAP_REDHAT_TYPE_OFFSET  3
+
+/* List of valid Red Hat vendor-specific capability types */
+#define REDHAT_CAP_RESOURCE_RESERVE1
+
+
+/* Offsets of RESOURCE_RESERVE capability fields */
+#define RES_RESERVE_BUS_RES4
+#define RES_RESERVE_IO 8
+#define RES_RESERVE_MEM16
+#define RES_RESERVE_PREF_MEM_3220
+#define RES_RESERVE_PREF_MEM_6424
+#define RES_RESERVE_CAP_SIZE   32
+
+#endif /* _PCI_CAP_H */
-- 
2.7.4

[Qemu-devel] [PATCH v5 0/3] Red Hat PCI bridge resource reserve capability (was: Allow RedHat PCI bridges reserve more buses than necessary during init)

[Aleksandr Bezzubikov]

Now PCI bridges get a bus range number on a system init,
basing on currently plugged devices. That's why when one wants to hotplug 
another bridge,
it needs his child bus, which the parent is unable to provide (speaking about 
virtual device).
The suggested workaround is to have vendor-specific capability in Red Hat PCI 
bridges
that contains number of additional bus to reserve (as well as IO/MEM/PREF space 
limit hints) 
on BIOS PCI init.
So this capability is intended only for pure QEMU->SeaBIOS usage.

Considering all aforesaid, this series is directly connected with
QEMU series "Generic PCIE-PCI Bridge".

Although the new PCI capability is supposed to contain various limits along with
bus number to reserve, now only its full layout is proposed. And
only bus_reserve field is used in QEMU and BIOS. Limits usage
is still a subject for implementation as now
the main goal of this series to provide necessary support from the 
firmware side to PCIE-PCI bridge hotplug. 

Changes v4->v5:
1. Rename capability-related #defines
2. Move capability IO/MEM/PREF fields values usage to the regions creation 
stage (addresses Marcel's comment)
3. The capability layout change: separate pref_mem into pref_mem_32 and 
pref_mem_64 fields (QEMU side has the same changes) (addresses Laszlo's comment)
4. Extract the capability lookup and check to the separate function (addresses 
Marcel's comment)
- despite of Marcel's comment do not extract field check for -1 since 
it increases code length
  and doesn't look nice because of different field types 
5. Fix the capability's comment (addresses Marcel's comment)
6. Fix the 3rd patch message

Changes v3->v4:
1. Use all QEMU PCI capability fields - addresses Michael's comment
2. Changes of the capability layout (QEMU side has the same changes):
- change reservation fields types: bus_res - uint32_t, others - uint64_t
- interpret -1 value as 'ignore'

Changes v2->v3:
1. Merge commit 2 (Red Hat vendor ID) into commit 4 - addresses Marcel's 
comment,
and add Generic PCIE Root Port device ID - addresses Michael's comment.
2. Changes of the capability layout  (QEMU side has the same changes):
- add 'type' field to distinguish multiple 
RedHat-specific capabilities - addresses Michael's comment
- do not mimiс PCI Config space register layout, but use mutually 
exclusive differently
sized fields for IO and prefetchable memory limits - addresses 
Laszlo's comment
- use defines instead of structure and offsetof - addresses Michael's 
comment
3. Interpret 'bus_reserve' field as a minimum necessary
 range to reserve - addresses Gerd's comment
4. pci_find_capability moved to pci.c - addresses Kevin's comment
5. Move capability layout header to src/fw/dev-pci.h - addresses Kevin's comment
6. Add the capability documentation - addresses Michael's comment
7. Add capability length and bus_reserve field sanity checks - addresses 
Michael's comment

Changes v1->v2:
1. New #define for Red Hat vendor added (addresses Konrad's comment).
2. Refactored pci_find_capability function (addresses Marcel's comment).
3. Capability reworked:
- data type added;
- reserve space in a structure for IO, memory and 
  prefetchable memory limits.

Aleksandr Bezzubikov (3):
  pci: refactor pci_find_capapibilty to get bdf as the first argument
instead of the whole pci_device
  pci: add QEMU-specific PCI capability structure
  pci: enable RedHat PCI bridges to reserve additional resource on PCI
init

 src/fw/dev-pci.h|  52 +
 src/fw/pciinit.c| 127 ++--
 src/hw/pci.c|  25 +++
 src/hw/pci.h|   1 +
 src/hw/pci_ids.h|   3 ++
 src/hw/pcidevice.c  |  24 --
 src/hw/pcidevice.h  |   1 -
 src/hw/virtio-pci.c |   6 +--
 8 files changed, 197 insertions(+), 42 deletions(-)
 create mode 100644 src/fw/dev-pci.h

-- 
2.7.4

[Qemu-devel] [PATCH] target/i386: fix pcmpxstrx substring search

[Joseph Myers]

One of the cases of the SSE4.2 pcmpestri / pcmpestrm / pcmpistri /
pcmpistrm instructions does a substring search.  The implementation of
this case in the pcmpxstrx helper is incorrect.  The operation in this
case is a search for a string (argument d to the helper) in another
string (argument s to the helper); if a copy of d at a particular
position would run off the end of s, the resulting output bit should
be 0 whether or not the strings match in the region where they
overlap, but the QEMU implementation was wrongly comparing only up to
the point where s ends and counting it as a match if an initial
segment of d matched a terminal segment of s.  Here, "run off the end
of s" means that some byte of d would overlap some byte outside of s;
thus, if d has zero length, it is considered to match everywhere,
including after the end of s.  This patch fixes the implementation to
correspond with the proper instruction semantics.  This fixes four gcc
test failures in my GCC 6-based testing.

Signed-off-by: Joseph Myers 

---

diff --git a/target/i386/ops_sse.h b/target/i386/ops_sse.h
index 16509d0..9f1b351 100644
--- a/target/i386/ops_sse.h
+++ b/target/i386/ops_sse.h
@@ -2037,10 +2040,14 @@ static inline unsigned pcmpxstrx(CPUX86State *env, Reg 
*d, Reg *s,
 }
 break;
 case 3:
-for (j = valids; j >= 0; j--) {
+if (validd == -1) {
+res = (2 << upper) - 1;
+break;
+}
+for (j = valids - validd; j >= 0; j--) {
 res <<= 1;
 v = 1;
-for (i = MIN(valids - j, validd); i >= 0; i--) {
+for (i = validd; i >= 0; i--) {
 v &= (pcmp_val(s, ctrl, i + j) == pcmp_val(d, ctrl, i));
 }
 res |= v;

-- 
Joseph S. Myers
jos...@codesourcery.com

Re: [Qemu-devel] [PATCH] virtio-scsi: Add virtqueue_size parameter allowing virtqueue size to be set.

[Michael S. Tsirkin]

On Thu, Aug 10, 2017 at 05:52:55PM +0100, Richard W.M. Jones wrote:
> Since Linux switched to blk-mq as the default in Linux commit
> 5c279bd9e406 ("scsi: default to scsi-mq"), virtio-scsi LUNs consume
> about 10x as much guest kernel memory.
> 
> This commit allows you to choose the virtqueue size for each
> virtio-scsi-pci controller like this:
> 
>   -device virtio-scsi-pci,id=scsi,virtqueue_size=16
> 
> The default is still 128 as before.  Using smaller virtqueue_size
> allows many more disks to be added to small memory virtual machines.
> For a 1 vCPU, 500 MB, no swap VM I observed:
> 
>   With scsi-mq enabled (upstream kernel):  175 disks
> -"- ditto -"-   virtqueue_size=64: 318 disks
> -"- ditto -"-   virtqueue_size=16: 775 disks
>   With scsi-mq disabled (kernel before 5c279bd9e406): 1755 disks
> 
> Note that to have any effect, this requires a kernel patch:
> 
>   https://lkml.org/lkml/2017/8/10/689
> 
> Signed-off-by: Richard W.M. Jones 

Looks reasonable but pls remember to repost after the release.

> ---
>  hw/scsi/virtio-scsi.c   | 8 +---
>  include/hw/virtio/virtio-scsi.h | 2 +-
>  2 files changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
> index eb639442d1..aca1909a59 100644
> --- a/hw/scsi/virtio-scsi.c
> +++ b/hw/scsi/virtio-scsi.c
> @@ -867,10 +867,10 @@ void virtio_scsi_common_realize(DeviceState *dev,
>  s->sense_size = VIRTIO_SCSI_SENSE_DEFAULT_SIZE;
>  s->cdb_size = VIRTIO_SCSI_CDB_DEFAULT_SIZE;
>  
> -s->ctrl_vq = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE, ctrl);
> -s->event_vq = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE, evt);
> +s->ctrl_vq = virtio_add_queue(vdev, s->conf.virtqueue_size, ctrl);
> +s->event_vq = virtio_add_queue(vdev, s->conf.virtqueue_size, evt);
>  for (i = 0; i < s->conf.num_queues; i++) {
> -s->cmd_vqs[i] = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE, cmd);
> +s->cmd_vqs[i] = virtio_add_queue(vdev, s->conf.virtqueue_size, cmd);
>  }
>  }
>  
> @@ -917,6 +917,8 @@ static void virtio_scsi_device_unrealize(DeviceState 
> *dev, Error **errp)
>  
>  static Property virtio_scsi_properties[] = {
>  DEFINE_PROP_UINT32("num_queues", VirtIOSCSI, parent_obj.conf.num_queues, 
> 1),
> +DEFINE_PROP_UINT32("virtqueue_size", VirtIOSCSI,
> + parent_obj.conf.virtqueue_size, 
> 128),
>  DEFINE_PROP_UINT32("max_sectors", VirtIOSCSI, 
> parent_obj.conf.max_sectors,
>0x),
>  DEFINE_PROP_UINT32("cmd_per_lun", VirtIOSCSI, 
> parent_obj.conf.cmd_per_lun,
> diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h
> index de6ae5a9f6..4c0bcdb788 100644
> --- a/include/hw/virtio/virtio-scsi.h
> +++ b/include/hw/virtio/virtio-scsi.h
> @@ -32,7 +32,6 @@
>  #define VIRTIO_SCSI(obj) \
>  OBJECT_CHECK(VirtIOSCSI, (obj), TYPE_VIRTIO_SCSI)
>  
> -#define VIRTIO_SCSI_VQ_SIZE 128
>  #define VIRTIO_SCSI_MAX_CHANNEL 0
>  #define VIRTIO_SCSI_MAX_TARGET  255
>  #define VIRTIO_SCSI_MAX_LUN 16383
> @@ -48,6 +47,7 @@ typedef struct virtio_scsi_config VirtIOSCSIConfig;
>  
>  struct VirtIOSCSIConf {
>  uint32_t num_queues;
> +uint32_t virtqueue_size;
>  uint32_t max_sectors;
>  uint32_t cmd_per_lun;
>  #ifdef CONFIG_VHOST_SCSI
> -- 
> 2.13.1

[Qemu-devel] hw/char/virtio-serial-bus.c displays warnings when being compiled

[Programmingkid]

Host:
Operating system: Mac OS 10.12.5
GCC: Apple LLVM version 8.1.0 (clang-802.0.42)
Command to reproduce: ./configure --target-list=ppc-softmmu,i386-softmmu && 
make -j 4


During compiling I saw these warning messages:


  CC  ppc-softmmu/hw/char/virtio-serial-bus.o
/Users/john/Documents/Development/Projects/Qemu/qemu-git/hw/char/virtio-serial-bus.c:660:24:
 warning: 
  taking address of packed member 'cols' of class or structure
  'virtio_console_config' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
qemu_put_be16s(f, );
   ^~~
/Users/john/Documents/Development/Projects/Qemu/qemu-git/hw/char/virtio-serial-bus.c:661:24:
 warning: 
  taking address of packed member 'rows' of class or structure
  'virtio_console_config' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
qemu_put_be16s(f, );
   ^~~
/Users/john/Documents/Development/Projects/Qemu/qemu-git/hw/char/virtio-serial-bus.c:662:24:
 warning: 
  taking address of packed member 'max_nr_ports' of class or structure
  'virtio_console_config' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
qemu_put_be32s(f, _nr_ports);
   ^~~

[Qemu-devel] SLIRP warning messages displayed while compiling

[Programmingkid]

Host: Mac OS 10.12.5
Compiler: Apple LLVM version 8.1.0 (clang-802.0.42)
Command used: ./configure --target-list=ppc-softmmu,i386-softmmu && make -j 4

While compiling I saw these error messages:

slirp/ip6_icmp.c:79:32: warning: taking address of packed member 'ip_src' of 
class or
  structure 'ip6' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
if (IN6_IS_ADDR_MULTICAST(>ip_src) ||
   ^~
/usr/include/netinet6/in6.h:299:36: note: expanded from macro 
'IN6_IS_ADDR_MULTICAST'
#define IN6_IS_ADDR_MULTICAST(a)((a)->s6_addr[0] == 0xff)
  ^
slirp/ip6_icmp.c:80:38: warning: taking address of packed member 'ip_src' of 
class or
  structure 'ip6' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
 ^~
/usr/include/netinet6/in6.h:238:42: note: expanded from macro 
'IN6_IS_ADDR_UNSPECIFIED'
((*(const __uint32_t *)(const void *)(&(a)->s6_addr[0]) == 0) && \
^
slirp/ip6_icmp.c:80:38: warning: taking address of packed member 'ip_src' of 
class or
  structure 'ip6' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
 ^~
/usr/include/netinet6/in6.h:239:41: note: expanded from macro 
'IN6_IS_ADDR_UNSPECIFIED'
(*(const __uint32_t *)(const void *)(&(a)->s6_addr[4]) == 0) && \
   ^
slirp/ip6_icmp.c:80:38: warning: taking address of packed member 'ip_src' of 
class or
  structure 'ip6' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
 ^~
/usr/include/netinet6/in6.h:240:41: note: expanded from macro 
'IN6_IS_ADDR_UNSPECIFIED'
(*(const __uint32_t *)(const void *)(&(a)->s6_addr[8]) == 0) && \
   ^
slirp/ip6_icmp.c:80:38: warning: taking address of packed member 'ip_src' of 
class or
  structure 'ip6' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
 ^~
/usr/include/netinet6/in6.h:241:41: note: expanded from macro 
'IN6_IS_ADDR_UNSPECIFIED'
(*(const __uint32_t *)(const void *)(&(a)->s6_addr[12]) == 0))
   ^
slirp/ip6_icmp.c:275:34: warning: taking address of packed member 'ip_src' of 
class or
  structure 'ip6' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
if (IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
 ^~
/usr/include/netinet6/in6.h:238:42: note: expanded from macro 
'IN6_IS_ADDR_UNSPECIFIED'
((*(const __uint32_t *)(const void *)(&(a)->s6_addr[0]) == 0) && \
^
slirp/ip6_icmp.c:275:34: warning: taking address of packed member 'ip_src' of 
class or
  structure 'ip6' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
if (IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
 ^~
/usr/include/netinet6/in6.h:239:41: note: expanded from macro 
'IN6_IS_ADDR_UNSPECIFIED'
(*(const __uint32_t *)(const void *)(&(a)->s6_addr[4]) == 0) && \
   ^
slirp/ip6_icmp.c:275:34: warning: taking address of packed member 'ip_src' of 
class or
  structure 'ip6' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
if (IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
 ^~
/usr/include/netinet6/in6.h:240:41: note: expanded from macro 
'IN6_IS_ADDR_UNSPECIFIED'
(*(const __uint32_t *)(const void *)(&(a)->s6_addr[8]) == 0) && \
   ^
slirp/ip6_icmp.c:275:34: warning: taking address of packed member 'ip_src' of 
class or
  structure 'ip6' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
if (IN6_IS_ADDR_UNSPECIFIED(>ip_src)) {
 ^~
/usr/include/netinet6/in6.h:241:41: note: expanded from macro 
'IN6_IS_ADDR_UNSPECIFIED'
(*(const __uint32_t *)(const void *)(&(a)->s6_addr[12]) == 0))
   ^
slirp/ip6_icmp.c:294:50: warning: taking address of packed member 'ip_dst' of 
class or
  structure 'ip6' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
ricmp->icmp6_nna.S = !IN6_IS_ADDR_MULTICAST(>ip_dst);
 ^~~
/usr/include/netinet6/in6.h:299:36: note: expanded from macro 
'IN6_IS_ADDR_MULTICAST'
#define 

[Qemu-devel] Block warning messages displayed while compiling

[Programmingkid]

Host info:
Operating system: Mac OS 10.12.5
Compiler: Apple LLVM version 8.1.0 (clang-802.0.42)
Command to reproduce: ./configure --target-list=ppc-softmmu,i386-softmmu && 
make -j 4

When compiling QEMU I see these warning messages:


  CC  block/vdi.o
block/qcow.c:138:19: warning: taking address of packed member 'magic' of class 
or
  structure 'QCowHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
be32_to_cpus();
  ^~~~
block/qcow.c:139:19: warning: taking address of packed member 'version' of 
class or
  structure 'QCowHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
be32_to_cpus();
  ^~
block/qcow.c:140:19: warning: taking address of packed member 
'backing_file_offset' of
  class or structure 'QCowHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
be64_to_cpus(_file_offset);
  ^~
block/qcow.c:141:19: warning: taking address of packed member 
'backing_file_size' of
  class or structure 'QCowHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
be32_to_cpus(_file_size);
  ^~~~
block/qcow.c:142:19: warning: taking address of packed member 'mtime' of class 
or
  structure 'QCowHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
be32_to_cpus();
  ^~~~
block/qcow.c:143:19: warning: taking address of packed member 'size' of class or
  structure 'QCowHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
be64_to_cpus();
  ^~~
block/qcow.c:144:19: warning: taking address of packed member 'crypt_method' of 
class or
  structure 'QCowHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
be32_to_cpus(_method);
  ^~~
block/qcow.c:145:19: warning: taking address of packed member 'l1_table_offset' 
of class
  or structure 'QCowHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
be64_to_cpus(_table_offset);
  ^~
block/vdi.c:182:19: warning: taking address of packed member 'signature' of 
class or
  structure 'VdiHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
le32_to_cpus(>signature);
  ^
block/vdi.c:183:19: warning: taking address of packed member 'version' of class 
or
  structure 'VdiHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
le32_to_cpus(>version);
  ^~~
block/vdi.c:184:19: warning: taking address of packed member 'header_size' of 
class or
  structure 'VdiHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
le32_to_cpus(>header_size);
  ^~~
block/vdi.c:185:19: warning: taking address of packed member 'image_type' of 
class or
  structure 'VdiHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
le32_to_cpus(>image_type);
  ^~
block/vdi.c:186:19: warning: taking address of packed member 'image_flags' of 
class or
  structure 'VdiHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
le32_to_cpus(>image_flags);
  ^~~
block/vdi.c:187:19: warning: taking address of packed member 'offset_bmap' of 
class or
  structure 'VdiHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
le32_to_cpus(>offset_bmap);
  ^~~
block/vdi.c:188:19: warning: taking address of packed member 'offset_data' of 
class or
  structure 'VdiHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
le32_to_cpus(>offset_data);
  ^~~
block/vdi.c:189:19: warning: taking address of packed member 'cylinders' of 
class or
  structure 'VdiHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
le32_to_cpus(>cylinders);
  ^
block/vdi.c:190:19: warning: taking address of packed member 'heads' of class or
  structure 'VdiHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
le32_to_cpus(>heads);
  ^
block/vdi.c:191:19: warning: taking address of packed member 'sectors' of class 
or
  structure 'VdiHeader' may result in an unaligned pointer value
  [-Waddress-of-packed-member]
le32_to_cpus(>sectors);
  ^~~
block/vdi.c:192:19: warning: taking address of packed member 'sector_size' of 
class or
  structure 'VdiHeader' may result in an 

[Qemu-devel] CPU Interrupt for a PPC

[Wu, Michael Y [US] (MS)]

Hi,

I am having an issue with getting a CPU external interrupt to occur from my own 
device model. The custom device is a set of registers than can be read and 
written to. The plan is whenever a particular register is written into, an 
external interrupt will occur.

I tried to use the function cpu_interrupt() inside the register write callback 
function but QEMU crashes when that occurs. The reason I tried it this way is 
because I found a post stating the success made with using the cpu_interrupt 
function 
(https://stackoverflow.com/questions/14869317/arm-interrupt-handling-in-qemu).
After that attempt I added an interrupt controller in my own hardware model. 
But right now I am unclear with how to cause my external device to kick off an 
interrupt. Is there a certain function I can call when the register is written 
into that will cause an external interrupt?

Any suggestions or guidance would be appreciated. Thanks!

Re: [Qemu-devel] [PATCH] x86: Increase max vcpu number to 352

[Radim Krčmář]

2017-08-10 15:16-0300, Eduardo Habkost:
> On Thu, Aug 10, 2017 at 02:41:03PM +0200, Radim Krčmář wrote:
> > 2017-08-10 19:02+0800, Lan Tianyu:
> > > On 2017年08月10日 18:26, Daniel P. Berrange wrote:
> > >> On Thu, Aug 10, 2017 at 06:08:07PM +0800, Lan Tianyu wrote:
> > >>> Intel Xeon phi chip will support 352 logical threads. For HPC
> > >>> usage case, it will create a huge VM with vcpus number as same as host
> > >>> cpus. This patch is to increase max vcpu number to 352.
> > >> 
> > >> If we pick arbitray limits based on size of physical CPUs that happen
> > >> to be shipping today, we'll continue the cat+mouse game forever trailing
> > >> latest CPUs that vendors ship.
> > >> 
> > >> IMHO we should pick a higher number influenced by technical constraints
> > >> of the q35 impl instead. eg can we go straight to something like 512 or
> > >> 1024  ?
> > > 
> > > Sure. 512 should be enough and some arrays is defined according to max
> > > vcpu number.
> > 
> > Hm, which arrays are that?  I was thinking it is safe to bump it to
> > INT_MAX as the number is only used when setting global max_cpus.
> 
> We had a MAX_CPUMASK_BITS macro, and bitmaps whose sizes were
> defined at compile time based on it.  But commit
> cdda2018e3b9ce0c18938767dfdb1e05a05b67ca removed it.  Probably
> those arrays all use max_cpus, by now (and the default for
> max_cpus is smp_cpus, not MachineClass::max_cpus).

Ah, thanks.

> Anyway, if we set it to INT_MAX, there are some cases where more
> appropriate error checking/reporting could be required because
> they won't handle overflow very well:
> * pcms->apic_id_limit initialization at pc_cpus_init()
> * ACPI code that assumes possible_cpus->cpus[i].arch_id fits
>   in a 32-bit integer
> * Other x86_cpu_apic_id_from_index() calls in PC code
>   (especially the initialization of possible_cpus->cpus[i].arch_id).
>   Note that x86_cpu_apic_id_from_index(cpu_index) might not fit
>   in 32 bits even if cpu_index <= UINT32_MAX.

Good point, looks like it all comes to x86_cpu_apic_id_from_index().
Each level of the topology has at most one underutilized bit, so
2^(32 - 3) would be safe.

It is still needlessly large for the foreseeable future, but 512 is
going to be surpassed pretty soon, so I think that jumping at least to
8k would be better.
(8k the current default maximum for Linux and the resulting overcommit
 of ~20 is bearable for smoke testing on current hardware.)

Re: [Qemu-devel] [PATCH 03/15] ui: convert key events to QKeyCodes immediately

[Eric Blake]

On 08/10/2017 10:55 AM, Daniel P. Berrange wrote:
> Always use QKeyCode in the InputKeyEvent struct, by converting key
> numbers to QKeyCode at the time the event is created.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  ui/input.c | 6 ++
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 

Reviewed-by: Eric Blake 

> diff --git a/ui/input.c b/ui/input.c
> index af05f06368..64e9103a61 100644
> --- a/ui/input.c
> +++ b/ui/input.c
> @@ -400,10 +400,8 @@ void qemu_input_event_send_key(QemuConsole *src, 
> KeyValue *key, bool down)
>  
>  void qemu_input_event_send_key_number(QemuConsole *src, int num, bool down)
>  {
> -KeyValue *key = g_new0(KeyValue, 1);
> -key->type = KEY_VALUE_KIND_NUMBER;
> -key->u.number.data = num;
> -qemu_input_event_send_key(src, key, down);
> +QKeyCode code = qemu_input_key_number_to_qcode(num);
> +qemu_input_event_send_key_qcode(src, code, down);
>  }
>  
>  void qemu_input_event_send_key_qcode(QemuConsole *src, QKeyCode q, bool down)
> 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 05/15] ui: use QKeyCode exclusively in InputKeyEvent

[Eric Blake]

On 08/10/2017 10:55 AM, Daniel P. Berrange wrote:
> Now that keycode numbers are converted to QKeyCodes immediately
> when creating input events, the InputKeyEvent struct can be
> changed to only accept a QKeyCode, instead of a KeyValue.
> 
> Signed-off-by: Daniel P. Berrange 
> ---

> +++ b/qapi-schema.json
> @@ -5747,7 +5747,7 @@
>  # Since: 2.0
>  ##
>  { 'struct'  : 'InputKeyEvent',
> -  'data'  : { 'key' : 'KeyValue',
> +  'data'  : { 'key' : 'QKeyCode',
>'down': 'bool' } }

Isn't this going to break backwards-compatibility of 'input-send-event'?

I think you have to keep the public API the same, even if you make the
conversion as early as possible to the preferred mapping form internally.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 02/15] ui: convert common input code to keycodemapdb

[Eric Blake]

On 08/10/2017 10:55 AM, Daniel P. Berrange wrote:
> Replace the number_to_qcode, qcode_to_number and linux_to_qcode
> tables with automatically generated tables.
> 
> Missing entries in linux_to_qcode now fixed:

> In additionsome fixes:

s/additionsome/addition, some/

> 
>  - KEY_PLAYPAUSE now maps to Q_KEY_CODE_AUDIOPLAY, instead of
>KEY_PLAYCD. KEY_PLAYPAUSE is defined across almost all scancodes
>sets, while KEY_PLAYCD only appears in AT set1, so the former is
>a more useful mapping.
> 
> Missing entries in qcode_to_number now fixed:
> 
>   Q_KEY_CODE_AGAIN -> 0x85

I didn't research that these mappings are correct in relation to an
official documentation, but trust that you have done due diligence.

> In addition some fixes:
> 
>  - Q_KEY_CODE_MENU was incorrectly mapped to the compose
>scancode (0xdd) and is now mapped to 0x9e
>  - Q_KEY_CODE_FIND was mapped to 0xe065 (Search) instead
>of to 0xe041 (Find)
>  - Q_KEY_CODE_HIRAGANA was mapped to 0x70 (Katakanahiragana)
>instead of of 0x77 (Hirigana)
>  - Q_KEY_CODE_PRINT was mapped to 0xb7 which is not a defined
>scan code in AT set 1, it is now mapped to 0x54 (sysrq)
> 

Are any of these fixes something we need in 2.10 (more likely, as manual
fixes rather than via the git submodule)?  At this point, though, I'm
inclined to say we're deep enough in freeze that if it is not a
regression over 2.9 behavior, it's not worth rushing in the fix to 2.10.

> Signed-off-by: Daniel P. Berrange 
> ---
>  include/ui/input.h |  11 +-
>  ui/Makefile.objs   |   3 +
>  ui/input-keymap.c  | 326 
> +++--
>  3 files changed, 28 insertions(+), 312 deletions(-)
> 
> +++ b/ui/Makefile.objs
> @@ -54,6 +54,9 @@ KEYCODEMAP_GEN = ui/keycodemapdb/tools/keymap-gen
>  KEYCODEMAP_CSV = ui/keycodemapdb/data/keymaps.csv
>  
>  KEYCODEMAP_FILES = \
> +  ui/input-keymap-linux2qcode.c \
> +  ui/input-keymap-qcode2qnum.c \
> +  ui/input-keymap-qnum2qcode.c \

My comment on patch 1 complained about regex of [a-zA-Z0-9] - do any of
the keycode names have digits, or can you shorten the regex to [a-zA-Z]?

> -
> -static int number_to_qcode[0x100];
> +#include "ui/input-keymap-linux2qcode.c"
> +#include "ui/input-keymap-qcode2qnum.c"
> +#include "ui/input-keymap-qnum2qcode.c"
>  
>  int qemu_input_linux_to_qcode(unsigned int lnx)
>  {
> -assert(lnx < KEY_CNT);
> -return linux_to_qcode[lnx];

The old code asserted on an out-of-range input,

> +if (lnx >= qemu_input_map_linux2qcode_len) {
> +return 0;
> +}
> +return qemu_input_map_linux2qcode[lnx];

the new code returns 0.  I guess that's okay, though, since the
generated table uses 0 for invalid entries, and there's no implicit
reason why out-of-range input has to assert.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] tests/qmp-test: Add generic, basic test of query commands

[Eric Blake]

On 08/10/2017 01:30 PM, Markus Armbruster wrote:
> A command is a query if it has no side effect and yields a result.
> Such commands are typically named query-FOO, but there are exceptions.
> 
> The basic idea is to find candidates with query-qmp-schema, filter out
> the ones that aren't queries with an explicit blacklist, and test the
> remaining ones against a QEMU with no special arguments.
> 
> The current blacklist is just add-fd.

I guess this is because it has no mandatory parameters.  Hmm - I wonder
if introspection should flag WHICH commands require an fd over SCM
rights (I guess just add-fd) - as that is a USEFUL piece of information
to know (I can't call command XYZ unlss I also pass an fd) - and then
you could use that real bit of the introspection rather than your
blacklist as the mechanism for filtering this command (since anything
that requires an fd is obviously not a query).

> 
> query-qmp-schema reports a few commands that aren't actually
> available.  See qmp_unregister_commands_hack() for details.  Work
> around this flaw by accepting CommandNotFound errors, but add a TODO
> to drop this when the flaw is fixed.
> 
> The test can't do queries with arguments, because it knows nothing
> about the arguments.  No coverage for query-cpu-model-baseline,
> query-cpu-model-comparison and query-cpu-model-expansion, because

s/because//

> query-rocker, query-rocker-ports, query-rocker-of-dpa-flows and
> query-rocker-of-dpa-groups.
> 
> We get basic test coverage for the following commands:

Cool!

> 
> qom-list-types
> query-acpi-ospm-status
> query-balloon   (expected to fail)

> query-vm-generation-id  (expected to fail)

> Most tested commands are expected to succeed.  The test does not check
> the return value then.  A few commands are expected to fail because
> they need special arguments to succeed, and this test is too dumb to
> supply them.

Sounds like it would just be a matter of adding additional command line
parameters to the qemu being invoked for testing those commands?

>  
> +static int query_error_class(const char *cmd)
> +{
> +static struct {
> +const char *cmd;
> +int err_class;
> +} fails[] = {
> +{ "query-balloon", ERROR_CLASS_DEVICE_NOT_ACTIVE },
> +{ "query-vm-generation-id", ERROR_CLASS_GENERIC_ERROR },

But even THIS level of testing of those commands is pretty good!


> +static void test_query(const void *data)
> +{
> +const char *cmd = data;
> +int expected_error_class = query_error_class(cmd);
> +QDict *resp, *error;
> +const char *error_class;
> +
> +qtest_start("-nodefaults");
> +
> +resp = qmp("{ 'execute': %s }", cmd);

Oh fun - your patch and my libqtest cleanup series will collide :)

> +static void qmp_schema_init(QmpSchema *schema)
> +{
> +QDict *resp;
> +Visitor *qiv;
> +SchemaInfoList *tail;
> +
> +qtest_start("-nodefaults");
> +resp = qmp("{ 'execute': 'query-qmp-schema' }");
> +
> +qiv = qobject_input_visitor_new(qdict_get(resp, "return"));
> +visit_type_SchemaInfoList(qiv, NULL, >list, _abort);

It's always fun to see this in action!  Our efforts to add automated
introspection code generation have been WELL worth the cost in time.

Overall, I like the patch.

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] No video for Windows 2000 guest

[Programmingkid]

> On Aug 10, 2017, at 3:37 AM, Michael Tokarev  wrote:
> 
> 10.08.2017 06:51, Thomas Huth wrote:
> []
> 
>> I guess you'll end up with QEMU 2.1 as good version and 2.2 as the first
>> "bad" version. According the qemu-doc:
>> 
>> -vga type
>> 
>>Select type of VGA card to emulate. Valid values for type are
>> 
>>cirrus
>> 
>>Cirrus Logic GD5446 Video card. All Windows versions starting
>>from Windows 95 should recognize and use this graphic card. For
>>optimal performances, use 16 bit color depth in the guest and
>>the host OS. (This card was the default before QEMU 2.2)
>> 
>>std
>> 
>>Standard VGA card with Bochs VBE extensions. If your guest OS
>>supports the VESA 2.0 VBE extensions (e.g. Windows XP) and if
>>you want to use high resolution modes (>= 1280x1024x16) then you
>>should use this option. (This card is the default since QEMU
>>2.2)
> 
> Both cirrus and stdvga worked in Win2k not-so-recently. Cirrus, IIRC,
> required a driver install, stdvga used "standard vga controller" which,
> in win2k, was always marked with yellow exclamation mark, just because
> the driver itself always sets that mark, "thinking" it is always wrong
> driver.
> 
> So no, it's not the switch from cirrus to std, it's something else.
> 
> /mjt

Here is the commit that causes Windows 2000 video problems: 

commit 94ef4f337fb614f18b765a8e0e878a4c23cdedcd
Author: Gerd Hoffmann 
Date:   Tue May 17 10:54:54 2016 +0200

vga: add sr_vbe register set

Commit "fd3c136 vga: make sure vga register setup for vbe stays intact
(CVE-2016-3712)." causes a regression.  The win7 installer is unhappy
because it can't freely modify vga registers any more while in vbe mode.

Re: [Qemu-devel] [PATCH 8/8] sockets: fix parsing of ipv4/ipv6 opts in parse_socket_addr

[Eric Blake]

On 08/10/2017 11:04 AM, Daniel P. Berrange wrote:
> The inet_parse() function looks for 'ipv4' and 'ipv6'
> flags, but only treats them as bare bool flags. The normal
> QemuOpts parsing would allow on/off values to be set too.
> 
> This updated inet_parse() so that its handling of the

s/updated/updates/ ?

> 'ipv4' and 'ipv6' flags matches that done by QemuOpts.

Do we have a regression compared to any previous version, such that this
patch might be considered 2.10 material?  Offhand, though, I think it's
fine as the end of your series, waiting for 2.11.

> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  tests/test-sockets-proto.c | 13 -
>  util/qemu-sockets.c| 36 
>  2 files changed, 32 insertions(+), 17 deletions(-)
> 

> +++ b/util/qemu-sockets.c
> @@ -616,6 +616,25 @@ err:
>  }
>  
>  /* compatibility wrapper */
> +static int inet_parse_flag(const char *flagname, const char *optstr, bool 
> *val,
> +   Error **errp)
> +{
> +char *end;
> +size_t len;
> +
> +end = strstr(optstr, ",");

Do we need to check that we are not landing on a ',,' escape that would
make QemuOpts behave differently?  [That is, ipv4=on,,garbage should be
parsed as setting ipv4 to 'on,garbage' (which is not valid), and NOT
setting 'ipv4=on' followed by the 'garbage' or ',garbage' key - while
the key named 'garbage' would fail, there might be other key names where
the distinction matters for catching command line typos]

But if this is unrelated to QemuOpts escape parsing, it seems okay.

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] tests/qmp-test: Add generic, basic test of query commands

[Markus Armbruster]

A command is a query if it has no side effect and yields a result.
Such commands are typically named query-FOO, but there are exceptions.

The basic idea is to find candidates with query-qmp-schema, filter out
the ones that aren't queries with an explicit blacklist, and test the
remaining ones against a QEMU with no special arguments.

The current blacklist is just add-fd.

query-qmp-schema reports a few commands that aren't actually
available.  See qmp_unregister_commands_hack() for details.  Work
around this flaw by accepting CommandNotFound errors, but add a TODO
to drop this when the flaw is fixed.

The test can't do queries with arguments, because it knows nothing
about the arguments.  No coverage for query-cpu-model-baseline,
query-cpu-model-comparison and query-cpu-model-expansion, because
query-rocker, query-rocker-ports, query-rocker-of-dpa-flows and
query-rocker-of-dpa-groups.

We get basic test coverage for the following commands:

qom-list-types
query-acpi-ospm-status
query-balloon   (expected to fail)
query-block
query-block-jobs
query-blockstats
query-chardev
query-chardev-backends
query-command-line-options
query-commands
query-cpu-definitions
query-cpus
query-dump
query-dump-guest-memory-capability
query-events
query-fdsets
query-gic-capabilities
query-hotpluggable-cpus
query-iothreads
query-kvm
query-machines
query-memdev
query-memory-devices
query-mice
query-migrate
query-migrate-cache-size
query-migrate-capabilities
query-migrate-parameters
query-name
query-named-block-nodes
query-pci
query-qmp-schema
query-rx-filter
query-spice
query-status
query-target
query-tpm
query-tpm-models
query-tpm-types
query-uuid
query-version
query-vm-generation-id  (expected to fail)
query-vnc
query-vnc-servers
query-xen-replication-status

Most tested commands are expected to succeed.  The test does not check
the return value then.  A few commands are expected to fail because
they need special arguments to succeed, and this test is too dumb to
supply them.

Signed-off-by: Markus Armbruster 
---
 tests/qmp-test.c | 173 ++-
 1 file changed, 172 insertions(+), 1 deletion(-)

diff --git a/tests/qmp-test.c b/tests/qmp-test.c
index 5d0260b..f62d34c 100644
--- a/tests/qmp-test.c
+++ b/tests/qmp-test.c
@@ -15,6 +15,7 @@
 #include "qapi-visit.h"
 #include "qapi/error.h"
 #include "qapi/qobject-input-visitor.h"
+#include "qapi/util.h"
 #include "qapi/visitor.h"
 
 const char common_args[] = "-nodefaults -machine none";
@@ -129,11 +130,181 @@ static void test_qmp_protocol(void)
 qtest_end();
 }
 
+static int query_error_class(const char *cmd)
+{
+static struct {
+const char *cmd;
+int err_class;
+} fails[] = {
+{ "query-balloon", ERROR_CLASS_DEVICE_NOT_ACTIVE },
+{ "query-vm-generation-id", ERROR_CLASS_GENERIC_ERROR },
+{ NULL, -1 }
+};
+int i;
+
+for (i = 0; fails[i].cmd; i++) {
+if (!strcmp(cmd, fails[i].cmd)) {
+return fails[i].err_class;
+}
+}
+return -1;
+}
+
+static void test_query(const void *data)
+{
+const char *cmd = data;
+int expected_error_class = query_error_class(cmd);
+QDict *resp, *error;
+const char *error_class;
+
+qtest_start("-nodefaults");
+
+resp = qmp("{ 'execute': %s }", cmd);
+error = qdict_get_qdict(resp, "error");
+error_class = error ? qdict_get_str(error, "class") : NULL;
+
+if (expected_error_class < 0) {
+/*
+ * query-qmp-schema reports a few commands that aren't
+ * actually available.  See qmp_unregister_commands_hack() for
+ * details.  Work around this flaw:
+ * TODO drop when the flaw is fixed
+ */
+if (error) {
+g_assert_cmpstr(error_class, ==,
+QapiErrorClass_lookup[ERROR_CLASS_COMMAND_NOT_FOUND]);
+} else {
+g_assert(qdict_haskey(resp, "return"));
+}
+} else {
+g_assert(error);
+g_assert_cmpint(qapi_enum_parse(QapiErrorClass_lookup, error_class,
+QAPI_ERROR_CLASS__MAX, -1,
+_abort),
+==, expected_error_class);
+}
+QDECREF(resp);
+
+qtest_end();
+}
+
+static bool query_is_blacklisted(const char *cmd)
+{
+const char *blacklist[] = {
+"add-fd",
+NULL
+};
+int i;
+
+for (i = 0; blacklist[i]; i++) {
+if (!strcmp(cmd, blacklist[i])) {
+return true;
+}
+}
+return false;
+}
+
+typedef struct {
+SchemaInfoList *list;
+GHashTable *hash;
+} QmpSchema;
+
+static void qmp_schema_init(QmpSchema *schema)
+{
+QDict *resp;
+Visitor *qiv;
+SchemaInfoList *tail;
+
+   

Re: [Qemu-devel] [PATCH 4/8] blockdev: convert qemu-nbd server to QIONetListener

[Eric Blake]

On 08/10/2017 11:04 AM, Daniel P. Berrange wrote:
> Instead of creating a QIOChannelSocket directly for the NBD
> server socket, use a QIONetListener. This provides the ability
> to listen on multiple sockets at the same time, so enables
> full support for IPv4/IPv6 dual stack.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  qemu-nbd.c | 50 +-
>  1 file changed, 17 insertions(+), 33 deletions(-)
> 
Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 01/15] ui: add keycodemapdb repository as a GIT submodule

[Eric Blake]

On 08/10/2017 10:55 AM, Daniel P. Berrange wrote:
> The https://gitlab.com/keycodemap/keycodemapdb/ repo contains a
> data file mapping between all the different scancode/keycode/keysym
> sets that are known, and a tool to auto-generate lookup tables for
> different combinations.
> 
> It is used by GTK-VNC, SPICE-GTK and libvirt for mapping keys.
> Using it in QEMU will let us replace many hand written lookup
> tables with auto-generated tables from a master data source,
> reducing bugs. Adding new QKeyCodes will now only require the
> master table to be updated, all ~20 other tables will be
> automatically updated to follow.
> 
> Signed-off-by: Daniel P. Berrange 
> ---

> +
> +ui/input-keymap-%.c: $(KEYCODEMAP_GEN) $(KEYCODEMAP_CSV) ui/Makefile.objs
> + $(call quiet-command,\
> + $(PYTHON) $(KEYCODEMAP_GEN) \
> +   --lang glib2 \
> +   --varname qemu_input_map_$$(echo $@ | sed -e 
> "s,^ui/input-keymap-,," -e "s,\.c$$,,") \
> +   code-map $(KEYCODEMAP_CSV) \
> +   $$(echo $@ | sed -E -e 
> "s,^ui/input-keymap-([a-zA-Z0-9]+)2([a-zA-Z0-9]+)\.c$$,\1,") \
> +   $$(echo $@ | sed -E -e 
> "s,^ui/input-keymap-([a-zA-Z0-9]+)2([a-zA-Z0-9]+)\.c$$,\2,") \

Can this text transformation be done using intrinsic make functions,
instead of requiring the shell to spawn external processes?

The regex looks fragile: if we ever have one keymap named '2abc' and
another named 'xyz2', then the input-keymap-xyz222abc may be difficult
to extract based on greedy matching favoring 'xyz22' 2 'abc'.  Would it
be better to have 'xyz2-to-2abc' as the preferred naming in the
keycodemapdb project, to make sure the conversion names are unambiguous?
 But as this is dependent on keymap names, I don't think it's a
showstopper for this patch.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL] 9pfs: local: fix fchmodat_nofollow() limitations

[Greg Kurz]

Michael,

This fixes annoying bugs introduced by the CVE-2016-9602 fixes in 2.9.
Please consider picking it for 2.9.1.

Cheers,

--
Greg

On Thu, 10 Aug 2017 18:02:41 +0200
Greg Kurz  wrote:

> This function has to ensure it doesn't follow a symlink that could be used
> to escape the virtfs directory. This could be easily achieved if fchmodat()
> on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
> it doesn't. There was a tentative to implement a new fchmodat2() syscall
> with the correct semantics:
> 
> https://patchwork.kernel.org/patch/9596301/
> 
> but it didn't gain much momentum. Also it was suggested to look at an O_PATH
> based solution in the first place.
> 
> The current implementation covers most use-cases, but it notably fails if:
> - the target path has access rights equal to  (openat() returns EPERM),
>   => once you've done chmod() on a file, you can never chmod() again  
> - the target path is UNIX domain socket (openat() returns ENXIO)
>   => bind() of UNIX domain sockets fails if the file is on 9pfs  
> 
> The solution is to use O_PATH: openat() now succeeds in both cases, and we
> can ensure the path isn't a symlink with fstat(). The associated entry in
> "/proc/self/fd" can hence be safely passed to the regular chmod() syscall.
> 
> The previous behavior is kept for older systems that don't have O_PATH.
> 
> Signed-off-by: Greg Kurz 
> Reviewed-by: Eric Blake 
> Tested-by: Zhi Yong Wu 
> Acked-by: Philippe Mathieu-Daudé 
> ---
>  hw/9pfs/9p-local.c | 42 +++---
>  hw/9pfs/9p-util.h  | 24 +++-
>  2 files changed, 50 insertions(+), 16 deletions(-)
> 
> diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
> index 6e478f4765ef..efb0b79a74bf 100644
> --- a/hw/9pfs/9p-local.c
> +++ b/hw/9pfs/9p-local.c
> @@ -333,17 +333,27 @@ update_map_file:
>  
>  static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode)
>  {
> +struct stat stbuf;
>  int fd, ret;
>  
>  /* FIXME: this should be handled with fchmodat(AT_SYMLINK_NOFOLLOW).
> - * Unfortunately, the linux kernel doesn't implement it yet. As an
> - * alternative, let's open the file and use fchmod() instead. This
> - * may fail depending on the permissions of the file, but it is the
> - * best we can do to avoid TOCTTOU. We first try to open read-only
> - * in case name points to a directory. If that fails, we try write-only
> - * in case name doesn't point to a directory.
> + * Unfortunately, the linux kernel doesn't implement it yet.
>   */
> -fd = openat_file(dirfd, name, O_RDONLY, 0);
> +
> + /* First, we clear non-racing symlinks out of the way. */
> +if (fstatat(dirfd, name, , AT_SYMLINK_NOFOLLOW)) {
> +return -1;
> +}
> +if (S_ISLNK(stbuf.st_mode)) {
> +errno = ELOOP;
> +return -1;
> +}
> +
> +/* Access modes are ignored when O_PATH is supported. We try O_RDONLY and
> + * O_WRONLY for old-systems that don't support O_PATH.
> + */
> +fd = openat_file(dirfd, name, O_RDONLY | O_PATH_9P_UTIL, 0);
> +#if O_PATH_9P_UTIL == 0
>  if (fd == -1) {
>  /* In case the file is writable-only and isn't a directory. */
>  if (errno == EACCES) {
> @@ -357,6 +367,24 @@ static int fchmodat_nofollow(int dirfd, const char 
> *name, mode_t mode)
>  return -1;
>  }
>  ret = fchmod(fd, mode);
> +#else
> +if (fd == -1) {
> +return -1;
> +}
> +
> +/* Now we handle racing symlinks. */
> +ret = fstat(fd, );
> +if (!ret) {
> +if (S_ISLNK(stbuf.st_mode)) {
> +errno = ELOOP;
> +ret = -1;
> +} else {
> +char *proc_path = g_strdup_printf("/proc/self/fd/%d", fd);
> +ret = chmod(proc_path, mode);
> +g_free(proc_path);
> +}
> +}
> +#endif
>  close_preserve_errno(fd);
>  return ret;
>  }
> diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
> index 91299a24b8af..dc0d2e29aa3b 100644
> --- a/hw/9pfs/9p-util.h
> +++ b/hw/9pfs/9p-util.h
> @@ -13,6 +13,12 @@
>  #ifndef QEMU_9P_UTIL_H
>  #define QEMU_9P_UTIL_H
>  
> +#ifdef O_PATH
> +#define O_PATH_9P_UTIL O_PATH
> +#else
> +#define O_PATH_9P_UTIL 0
> +#endif
> +
>  static inline void close_preserve_errno(int fd)
>  {
>  int serrno = errno;
> @@ -22,13 +28,8 @@ static inline void close_preserve_errno(int fd)
>  
>  static inline int openat_dir(int dirfd, const char *name)
>  {
> -#ifdef O_PATH
> -#define OPENAT_DIR_O_PATH O_PATH
> -#else
> -#define OPENAT_DIR_O_PATH 0
> -#endif
>  return openat(dirfd, name,
> -  O_DIRECTORY | O_RDONLY | O_NOFOLLOW | OPENAT_DIR_O_PATH);
> +  O_DIRECTORY | O_RDONLY | O_NOFOLLOW | O_PATH_9P_UTIL);
>  }
>  
>  static inline int openat_file(int dirfd, const char *name, int flags,
> @@ -43,9 +44,14 @@ static inline 

Re: [Qemu-devel] [PATCH] x86: Increase max vcpu number to 352

[Eduardo Habkost]

On Thu, Aug 10, 2017 at 02:41:03PM +0200, Radim Krčmář wrote:
> 2017-08-10 19:02+0800, Lan Tianyu:
> > On 2017年08月10日 18:26, Daniel P. Berrange wrote:
> >> On Thu, Aug 10, 2017 at 06:08:07PM +0800, Lan Tianyu wrote:
> >>> Intel Xeon phi chip will support 352 logical threads. For HPC
> >>> usage case, it will create a huge VM with vcpus number as same as host
> >>> cpus. This patch is to increase max vcpu number to 352.
> >> 
> >> If we pick arbitray limits based on size of physical CPUs that happen
> >> to be shipping today, we'll continue the cat+mouse game forever trailing
> >> latest CPUs that vendors ship.
> >> 
> >> IMHO we should pick a higher number influenced by technical constraints
> >> of the q35 impl instead. eg can we go straight to something like 512 or
> >> 1024  ?
> > 
> > Sure. 512 should be enough and some arrays is defined according to max
> > vcpu number.
> 
> Hm, which arrays are that?  I was thinking it is safe to bump it to
> INT_MAX as the number is only used when setting global max_cpus.

We had a MAX_CPUMASK_BITS macro, and bitmaps whose sizes were
defined at compile time based on it.  But commit
cdda2018e3b9ce0c18938767dfdb1e05a05b67ca removed it.  Probably
those arrays all use max_cpus, by now (and the default for
max_cpus is smp_cpus, not MachineClass::max_cpus).

Anyway, if we set it to INT_MAX, there are some cases where more
appropriate error checking/reporting could be required because
they won't handle overflow very well:
* pcms->apic_id_limit initialization at pc_cpus_init()
* ACPI code that assumes possible_cpus->cpus[i].arch_id fits
  in a 32-bit integer
* Other x86_cpu_apic_id_from_index() calls in PC code
  (especially the initialization of possible_cpus->cpus[i].arch_id).
  Note that x86_cpu_apic_id_from_index(cpu_index) might not fit
  in 32 bits even if cpu_index <= UINT32_MAX.

-- 
Eduardo

Re: [Qemu-devel] [PATCH 3/8] blockdev: convert internal NBD server to QIONetListener

[Eric Blake]

On 08/10/2017 11:04 AM, Daniel P. Berrange wrote:
> Instead of creating a QIOChannelSocket directly for the NBD
> server socket, use a QIONetListener. This provides the ability
> to listen on multiple sockets at the same time, so enables
> full support for IPv4/IPv6 dual stack.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  blockdev-nbd.c | 50 --
>  1 file changed, 16 insertions(+), 34 deletions(-)

May need rebasing on top of other pending NBD cleanups; we'll see how
that plays out.

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2/8] io: introduce a network socket listener API

[Eric Blake]

On 08/10/2017 11:04 AM, Daniel P. Berrange wrote:
> The existing QIOChannelSocket class provides the ability to
> listen on a single socket at a time. This patch introduces
> a QIONetListener class that provides a higher level API
> concept around listening for network services, allowing
> for listening on multiple sockets.
> 
> Signed-off-by: Daniel P. Berrange 
> ---

> +++ b/include/io/net-listener.h
> @@ -0,0 +1,174 @@
> +/*
> + * QEMU I/O network listener
> + *
> + * Copyright (c) 2016 Red Hat, Inc.

Want to add 2017?

At least it's covered by MAINTAINERS :)


> +/**
> + * qio_net_listener_is_disconnected:
> + * @listener: the network listener object
> + *
> + * Determine if the listener is connected to any socket
> + * channels
> + *
> + * Returns: TRUE if connected, FALSE otherwise
> + */
> +gboolean qio_net_listener_is_disconnected(QIONetListener *listener);
> +

Must it return gboolean, or is bool sufficient?

TRUE if connected for a function named 'is_disconnected' sounds
backwards.  Avoid the double negative, name it:

qio_net_listener_is_connected(), returning true if connected

> +++ b/io/net-listener.c
> @@ -0,0 +1,315 @@
> +/*
> + * QEMU network listener
> + *
> + * Copyright (c) 2016 Red Hat, Inc.

More 2017.  Probably for the whole series :)


> +static gboolean qio_net_listener_channel_func(QIOChannel *ioc,
> +  GIOCondition condition,
> +  gpointer opaque)
> +{

Again, can we use bool instead of gboolean?

> +int qio_net_listener_open_sync(QIONetListener *listener,
> +   SocketAddress *addr,
> +   Error **errp)
> +{
> +QIODNSResolver *resolver = qio_dns_resolver_get_instance();
> +SocketAddress **resaddrs;
> +size_t nresaddrs;
> +size_t i;
> +Error *err = NULL;
> +bool success = false;
> +
> +if (qio_dns_resolver_lookup_sync(resolver,
> + addr,
> + ,
> + ,
> + errp) < 0) {
> +return -1;
> +}
> +
> +for (i = 0; i < nresaddrs; i++) {
> +QIOChannelSocket *sioc = qio_channel_socket_new();
> +
> +if (qio_channel_socket_listen_sync(sioc, resaddrs[i],
> +   err ? NULL : ) == 0) {
> +success = true;
> +}

This says that as long as at least one address connected, we are
successful...

> +
> +qio_net_listener_add(listener, sioc);

...but this adds sioc as a listener regardless of whether listen_sync()
succeeded.  Is that right?


> +gboolean qio_net_listener_is_disconnected(QIONetListener *listener)
> +{
> +return listener->disconnected;

Documentation says it returns true on connected, but here you are
returning true on disconnected?

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] x86: Increase max vcpu number to 352

[Konrad Rzeszutek Wilk]

On Wed, Aug 09, 2017 at 11:58:20PM -0400, Lan Tianyu wrote:
> Intel Xeon phi chip will support 352 logical threads. For HPC
> usage case, it will create a huge VM with vcpus number as same as host
> cpus. This patch is to increase max vcpu number to 352.

There is this ioctl called KVM_CAP_MAX_VCPUS. Why not use that?

Oh wait, this is generic code. Perhaps there is a way to make
this more abstract? Where this information is provided via
an function to which various accelerators register?

> 
> Signed-off-by: Lan Tianyu 
> ---
>  hw/i386/pc_q35.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> index 169a214..5e93749 100644
> --- a/hw/i386/pc_q35.c
> +++ b/hw/i386/pc_q35.c
> @@ -299,7 +299,7 @@ static void pc_q35_machine_options(MachineClass *m)
>  m->default_display = "std";
>  m->no_floppy = 1;
>  m->has_dynamic_sysbus = true;
> -m->max_cpus = 288;
> +m->max_cpus = 352;
>  }
>  
>  static void pc_q35_2_10_machine_options(MachineClass *m)
> -- 
> 1.8.3.1
> 
> 

Re: [Qemu-devel] [PATCH 0/2] QEMU Backup Tool

[no-reply]

Hi,

This series failed build test on s390x host. Please find the details below.

Subject: [Qemu-devel] [PATCH 0/2] QEMU Backup Tool
Type: series
Message-id: 1502387075-29078-1-git-send-email-chugh.ish...@research.iiit.ac.in

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
CC=$HOME/bin/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL
make -j4
# XXX: we need reliable clean up
# make check -j4 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] 
patchew/1502387075-29078-1-git-send-email-chugh.ish...@research.iiit.ac.in -> 
patchew/1502387075-29078-1-git-send-email-chugh.ish...@research.iiit.ac.in
Switched to a new branch 'test'
5fa1b46 backup: QEMU Backup Tool
fbbdf5c Add manpage for QEMU Backup Tool

=== OUTPUT BEGIN ===
=== ENV ===
XDG_SESSION_ID=20695
SHELL=/bin/sh
USER=fam
PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug
PATH=/usr/bin:/bin
PWD=/var/tmp/patchew-tester-tmp-sosb0mf2/src
LANG=en_US.UTF-8
HOME=/home/fam
SHLVL=2
LOGNAME=fam
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus
XDG_RUNTIME_DIR=/run/user/1012
_=/usr/bin/env
=== PACKAGES ===
gpg-pubkey-873529b8-54e386ff
xz-libs-5.2.2-2.fc24.s390x
libxshmfence-1.2-3.fc24.s390x
giflib-4.1.6-15.fc24.s390x
trousers-lib-0.3.13-6.fc24.s390x
ncurses-base-6.0-6.20160709.fc25.noarch
gmp-6.1.1-1.fc25.s390x
libidn-1.33-1.fc25.s390x
slang-2.3.0-7.fc25.s390x
pkgconfig-0.29.1-1.fc25.s390x
alsa-lib-1.1.1-2.fc25.s390x
yum-metadata-parser-1.1.4-17.fc25.s390x
python3-slip-dbus-0.6.4-4.fc25.noarch
python2-cssselect-0.9.2-1.fc25.noarch
createrepo_c-libs-0.10.0-6.fc25.s390x
initscripts-9.69-1.fc25.s390x
parted-3.2-21.fc25.s390x
flex-2.6.0-3.fc25.s390x
colord-libs-1.3.4-1.fc25.s390x
python-osbs-client-0.33-3.fc25.noarch
perl-Pod-Simple-3.35-1.fc25.noarch
python2-simplejson-3.10.0-1.fc25.s390x
brltty-5.4-2.fc25.s390x
librados2-10.2.4-2.fc25.s390x
tcp_wrappers-7.6-83.fc25.s390x
libcephfs_jni1-10.2.4-2.fc25.s390x
nettle-devel-3.3-1.fc25.s390x
bzip2-devel-1.0.6-21.fc25.s390x
libuuid-2.28.2-2.fc25.s390x
python3-dnf-1.1.10-6.fc25.noarch
texlive-kpathsea-doc-svn41139-33.fc25.1.noarch
openssh-7.4p1-4.fc25.s390x
texlive-kpathsea-bin-svn40473-33.20160520.fc25.1.s390x
texlive-graphics-svn41015-33.fc25.1.noarch
texlive-dvipdfmx-def-svn40328-33.fc25.1.noarch
texlive-mfware-svn40768-33.fc25.1.noarch
texlive-texlive-scripts-svn41433-33.fc25.1.noarch
texlive-euro-svn22191.1.1-33.fc25.1.noarch
texlive-etex-svn37057.0-33.fc25.1.noarch
texlive-iftex-svn29654.0.2-33.fc25.1.noarch
texlive-palatino-svn31835.0-33.fc25.1.noarch
texlive-texlive-docindex-svn41430-33.fc25.1.noarch
texlive-xunicode-svn30466.0.981-33.fc25.1.noarch
texlive-koma-script-svn41508-33.fc25.1.noarch
texlive-pst-grad-svn15878.1.06-33.fc25.1.noarch
texlive-pst-blur-svn15878.2.0-33.fc25.1.noarch
texlive-jknapltx-svn19440.0-33.fc25.1.noarch
texinfo-6.1-4.fc25.s390x
openssl-devel-1.0.2k-1.fc25.s390x
gdk-pixbuf2-2.36.6-1.fc25.s390x
nspr-4.14.0-2.fc25.s390x
nss-softokn-freebl-3.30.2-1.0.fc25.s390x
jansson-2.10-2.fc25.s390x
fedora-repos-25-4.noarch
python3-libs-3.5.3-6.fc25.s390x
perl-Errno-1.25-387.fc25.s390x
acl-2.2.52-13.fc25.s390x
pcre2-utf16-10.23-8.fc25.s390x
pango-1.40.5-1.fc25.s390x
systemd-pam-231-17.fc25.s390x
python2-gluster-3.10.4-1.fc25.s390x
NetworkManager-libnm-1.4.4-5.fc25.s390x
selinux-policy-3.13.1-225.18.fc25.noarch
poppler-0.45.0-5.fc25.s390x
ccache-3.3.4-1.fc25.s390x
valgrind-3.12.0-9.fc25.s390x
perl-open-1.10-387.fc25.noarch
libaio-0.3.110-6.fc24.s390x
libfontenc-1.1.3-3.fc24.s390x
lzo-2.08-8.fc24.s390x
isl-0.14-5.fc24.s390x
libXau-1.0.8-6.fc24.s390x
linux-atm-libs-2.5.1-14.fc24.s390x
libXext-1.3.3-4.fc24.s390x
libXxf86vm-1.1.4-3.fc24.s390x
bison-3.0.4-4.fc24.s390x
perl-srpm-macros-1-20.fc25.noarch
gawk-4.1.3-8.fc25.s390x
libwayland-client-1.12.0-1.fc25.s390x
perl-Exporter-5.72-366.fc25.noarch
perl-version-0.99.17-1.fc25.s390x
fftw-libs-double-3.3.5-3.fc25.s390x
libssh2-1.8.0-1.fc25.s390x
ModemManager-glib-1.6.4-1.fc25.s390x
newt-python3-0.52.19-2.fc25.s390x
python-munch-2.0.4-3.fc25.noarch
python-bugzilla-1.2.2-4.fc25.noarch
libedit-3.1-16.20160618cvs.fc25.s390x
createrepo_c-0.10.0-6.fc25.s390x
device-mapper-multipath-libs-0.4.9-83.fc25.s390x
yum-3.4.3-510.fc25.noarch
dracut-config-rescue-044-78.fc25.s390x
mozjs17-17.0.0-16.fc25.s390x
libselinux-2.5-13.fc25.s390x
libgo-devel-6.3.1-1.fc25.s390x
python2-pyparsing-2.1.10-1.fc25.noarch
cairo-gobject-1.14.8-1.fc25.s390x
ethtool-4.8-1.fc25.s390x
xorg-x11-proto-devel-7.7-20.fc25.noarch
brlapi-0.6.5-2.fc25.s390x
librados-devel-10.2.4-2.fc25.s390x
libXinerama-devel-1.1.3-6.fc24.s390x

[Qemu-devel] [PULL for-2.10 2/3] IDE: test flush on empty CDROM

[Stefan Hajnoczi]

From: Kevin Wolf 

Signed-off-by: Kevin Wolf 
Signed-off-by: John Snow 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
Message-id: 20170809160212.29976-3-stefa...@redhat.com
Signed-off-by: Stefan Hajnoczi 
---
 tests/ide-test.c | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/tests/ide-test.c b/tests/ide-test.c
index bfd79ddbdc..aa9de065fc 100644
--- a/tests/ide-test.c
+++ b/tests/ide-test.c
@@ -689,6 +689,24 @@ static void test_flush_nodev(void)
 ide_test_quit();
 }
 
+static void test_flush_empty_drive(void)
+{
+QPCIDevice *dev;
+QPCIBar bmdma_bar, ide_bar;
+
+ide_test_start("-device ide-cd,bus=ide.0");
+dev = get_pci_device(_bar, _bar);
+
+/* FLUSH CACHE command on device 0 */
+qpci_io_writeb(dev, ide_bar, reg_device, 0);
+qpci_io_writeb(dev, ide_bar, reg_command, CMD_FLUSH_CACHE);
+
+/* Just testing that qemu doesn't crash... */
+
+free_pci_device(dev);
+ide_test_quit();
+}
+
 static void test_pci_retry_flush(void)
 {
 test_retry_flush("pc");
@@ -954,6 +972,7 @@ int main(int argc, char **argv)
 
 qtest_add_func("/ide/flush", test_flush);
 qtest_add_func("/ide/flush/nodev", test_flush_nodev);
+qtest_add_func("/ide/flush/empty_drive", test_flush_empty_drive);
 qtest_add_func("/ide/flush/retry_pci", test_pci_retry_flush);
 qtest_add_func("/ide/flush/retry_isa", test_isa_retry_flush);
 
-- 
2.13.4

[Qemu-devel] [PULL for-2.10 1/3] IDE: Do not flush empty CDROM drives

[Stefan Hajnoczi]

The block backend changed in a way that flushing empty CDROM drives now
crashes.  Amend IDE to avoid doing so until the root problem can be
addressed for 2.11.

Original patch by John Snow .

Reported-by: Kieron Shorrock 
Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Eric Blake 
Message-id: 20170809160212.29976-2-stefa...@redhat.com
Signed-off-by: Stefan Hajnoczi 
---
 hw/ide/core.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 0b48b64d3a..bea39536b0 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s)
 s->status |= BUSY_STAT;
 ide_set_retry(s);
 block_acct_start(blk_get_stats(s->blk), >acct, 0, BLOCK_ACCT_FLUSH);
-s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
+
+if (blk_bs(s->blk)) {
+s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
+} else {
+/* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this
+ * temporary workaround when blk_aio_*() functions handle NULL blk_bs.
+ */
+ide_flush_cb(s, 0);
+}
 }
 
 static void ide_cfata_metadata_inquiry(IDEState *s)
-- 
2.13.4

[Qemu-devel] [PULL for-2.10 3/3] virtio-blk: handle blk_getlength() errors

[Stefan Hajnoczi]

If blk_getlength() fails in virtio_blk_update_config() consider the disk
image length to be 0 bytes.

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Fam Zheng 
Message-id: 20170808122251.29815-1-stefa...@redhat.com
Signed-off-by: Stefan Hajnoczi 
---
 hw/block/virtio-blk.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index b750bd8b53..a16ac75090 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -730,6 +730,7 @@ static void virtio_blk_update_config(VirtIODevice *vdev, 
uint8_t *config)
 BlockConf *conf = >conf.conf;
 struct virtio_blk_config blkcfg;
 uint64_t capacity;
+int64_t length;
 int blk_size = conf->logical_block_size;
 
 blk_get_geometry(s->blk, );
@@ -752,7 +753,8 @@ static void virtio_blk_update_config(VirtIODevice *vdev, 
uint8_t *config)
  * divided by 512 - instead it is the amount of blk_size blocks
  * per track (cylinder).
  */
-if (blk_getlength(s->blk) /  conf->heads / conf->secs % blk_size) {
+length = blk_getlength(s->blk);
+if (length > 0 && length / conf->heads / conf->secs % blk_size) {
 blkcfg.geometry.sectors = conf->secs & ~s->sector_mask;
 } else {
 blkcfg.geometry.sectors = conf->secs;
-- 
2.13.4

[Qemu-devel] [PULL for-2.10 0/3] Block patches

[Stefan Hajnoczi]

The following changes since commit b38df311c174c98ef8cce7dec9f46603b083018e:

  Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.10-20170809' 
into staging (2017-08-10 11:12:36 +0100)

are available in the git repository at:

  git://github.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 17d0bc01bfcce0ad4fb5105d4502595224569ff0:

  virtio-blk: handle blk_getlength() errors (2017-08-10 14:33:43 +0100)





Kevin Wolf (1):
  IDE: test flush on empty CDROM

Stefan Hajnoczi (2):
  IDE: Do not flush empty CDROM drives
  virtio-blk: handle blk_getlength() errors

 hw/block/virtio-blk.c |  4 +++-
 hw/ide/core.c | 10 +-
 tests/ide-test.c  | 19 +++
 3 files changed, 31 insertions(+), 2 deletions(-)

-- 
2.13.4

Re: [Qemu-devel] [Qemu-trivial] [PATCH] qemu-doc: Fix "-net van" typo

[Laurent Vivier]

On 10/08/2017 13:44, Thomas Huth wrote:
> While Andrew S. Tanenbaum has a point by saying "Never underestimate the
> bandwidth of a station wagon full of tapes hurtling down the highway",
> we don't support that way of transportation in QEMU yet, so replace the
> typo with the correct word "vlan".
> 
> Signed-off-by: Thomas Huth 

Reviewed-by: Laurent Vivier 

> ---
>  qemu-doc.texi | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/qemu-doc.texi b/qemu-doc.texi
> index 92d50f1..9811476 100644
> --- a/qemu-doc.texi
> +++ b/qemu-doc.texi
> @@ -3243,7 +3243,7 @@ the ``-netdev user,guestfwd=ARGS'' argument instead.
>  
>  @subsection -net vlan (since 2.9.0)
>  
> -The ``-net van=NN'' argument is partially replaced with the
> +The ``-net vlan=NN'' argument is partially replaced with the
>  new ``-netdev'' argument. The remaining use cases will no
>  longer be directly supported in QEMU.
>  
> 

Re: [Qemu-devel] [PULL] 9pfs fixes for 2.10 20170810

[Peter Maydell]

On 10 August 2017 at 17:02, Greg Kurz  wrote:
> The following changes since commit b38df311c174c98ef8cce7dec9f46603b083018e:
>
>   Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.10-20170809' 
> into staging (2017-08-10 11:12:36 +0100)
>
> are available in the git repository at:
>
>   https://github.com/gkurz/qemu.git tags/for-upstream
>
> for you to fetch changes up to 4751fd5328dfcd4fe2f9055728a72a0e3ae56512:
>
>   9pfs: local: fix fchmodat_nofollow() limitations (2017-08-10 14:36:11 +0200)
>
> 
> Just a single fix for an annoying regression introduced in 2.9 when fixing
> CVE-2016-9602.
>
> 
> Greg Kurz (1):
>   9pfs: local: fix fchmodat_nofollow() limitations
>
>  hw/9pfs/9p-local.c | 42 +++---
>  hw/9pfs/9p-util.h  | 24 +++-
>  2 files changed, 50 insertions(+), 16 deletions(-)
> --

Applied, thanks.

-- PMM

[Qemu-devel] [PATCH 2/2] backup: QEMU Backup Tool

[Ishani Chugh]

qemu-backup will be a command-line tool for performing full and
incremental disk backups on running VMs. It is intended as a
reference implementation for management stack and backup developers
to see QEMU's backup features in action. The tool writes details of
guest in a configuration file and the data is retrieved from the file
while creating a backup. The location of config file can be set as an
environment variable QEMU_BACKUP_CONFIG. The usage is as follows:

Add a guest
python qemu-backup.py guest add --guest  --qmp 

Add a drive for backup in a specified guest
python qemu-backup.py drive add --guest  --id  [--target 
]

Create backup of the added drives:
python qemu-backup.py backup --guest 

List all guest configs in configuration file:
python qemu-backup.py guest list

Restore operation
python qemu-backup.py restore --guest 

Remove a guest
python qemu-backup.py guest remove --guest 

Signed-off-by: Ishani Chugh 
---
 contrib/backup/qemu-backup.py | 309 ++
 1 file changed, 309 insertions(+)
 create mode 100644 contrib/backup/qemu-backup.py

diff --git a/contrib/backup/qemu-backup.py b/contrib/backup/qemu-backup.py
new file mode 100644
index 000..9bbbdb7
--- /dev/null
+++ b/contrib/backup/qemu-backup.py
@@ -0,0 +1,309 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+"""
+This file is an implementation of backup tool
+"""
+from __future__ import print_function
+from argparse import ArgumentParser
+import os
+import errno
+from socket import error as socket_error
+try:
+import configparser
+except ImportError:
+import ConfigParser as configparser
+import sys
+sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..',
+ 'scripts', 'qmp'))
+from qmp import QEMUMonitorProtocol
+
+
+class BackupTool(object):
+"""BackupTool Class"""
+def __init__(self,
+ config_file=os.path.expanduser('~')+'/.qemu/backup/config'):
+if "QEMU_BACKUP_CONFIG" in os.environ:
+self.config_file = os.environ["QEMU_BACKUP_CONFIG"]
+else:
+self.config_file = config_file
+try:
+if not os.path.isdir(os.path.expanduser('~')+'/.qemu/backup'):
+os.makedirs(os.path.expanduser('~')+'/.qemu/backup')
+except:
+print("Cannot find the config file", file=sys.stderr)
+exit(1)
+self.config = configparser.ConfigParser()
+self.config.read(self.config_file)
+
+def write_config(self):
+"""
+Writes configuration to ini file.
+"""
+config_file = open(self.config_file+".tmp", 'w')
+self.config.write(config_file)
+config_file.flush()
+os.fsync(config_file.fileno())
+config_file.close()
+os.rename(self.config_file+".tmp", self.config_file)
+
+def get_socket_address(self, socket_address):
+"""
+Return Socket address in form of string or tuple
+"""
+if socket_address.startswith('tcp'):
+return (socket_address.split(':')[1],
+int(socket_address.split(':')[2]))
+return socket_address.split(':',2)[1]
+
+def _full_backup(self, guest_name):
+"""
+Performs full backup of guest
+"""
+if guest_name not in self.config.sections():
+print ("Cannot find specified guest", file=sys.stderr)
+exit(1)
+
+self.verify_guest_running(guest_name)
+connection = QEMUMonitorProtocol(
+ self.get_socket_address(
+ self.config[guest_name]['qmp']))
+connection.connect()
+cmd = {"execute": "transaction", "arguments": {"actions": []}}
+for key in self.config[guest_name]:
+if key.startswith("drive_"):
+drive = key[len('drive_'):]
+target = self.config[guest_name][key]
+sub_cmd = {"type": "drive-backup", "data": {"device": drive,
+"target": target,
+"sync": "full"}}
+

[Qemu-devel] [PATCH 1/2] Add manpage for QEMU Backup Tool

[Ishani Chugh]

qemu-backup will be a command-line tool for performing full and
incremental disk backups on running VMs. It is intended as a
reference implementation for management stack and backup developers
to see QEMU's backup features in action. The following commit is an
initial implementation of manpage listing the commands which the
backup tool will support. The manpage wil be build along with other
docs when configure is provided with --enable-docs flag in the
location contrib/backup in build directory.

Signed-off-by: Ishani Chugh 
---
 Makefile|  15 +++--
 contrib/backup/qemu-backup.texi | 135 
 2 files changed, 146 insertions(+), 4 deletions(-)
 create mode 100644 contrib/backup/qemu-backup.texi

diff --git a/Makefile b/Makefile
index 16a0430..1826a74 100644
--- a/Makefile
+++ b/Makefile
@@ -209,6 +209,8 @@ ifdef BUILD_DOCS
 DOCS=qemu-doc.html qemu-doc.txt qemu.1 qemu-img.1 qemu-nbd.8 qemu-ga.8
 DOCS+=docs/interop/qemu-qmp-ref.html docs/interop/qemu-qmp-ref.txt 
docs/interop/qemu-qmp-ref.7
 DOCS+=docs/interop/qemu-ga-ref.html docs/interop/qemu-ga-ref.txt 
docs/interop/qemu-ga-ref.7
+DOCS+=contrib/backup/qemu-backup.html contrib/backup/qemu-backup.txt
+DOCS+=contrib/backup/qemu-backup.pdf contrib/backup/qemu-backup.info
 ifdef CONFIG_VIRTFS
 DOCS+=fsdev/virtfs-proxy-helper.1
 endif
@@ -508,6 +510,8 @@ VERSION ?= $(shell cat VERSION)
 
 dist: qemu-$(VERSION).tar.bz2
 
+qemu-backup.8: contrib/backup/qemu-backup.texi
+
 qemu-%.tar.bz2:
$(SRC_PATH)/scripts/make-release "$(SRC_PATH)" "$(patsubst 
qemu-%.tar.bz2,%,$@)"
 
@@ -719,16 +723,19 @@ fsdev/virtfs-proxy-helper.1: 
fsdev/virtfs-proxy-helper.texi
 qemu-nbd.8: qemu-nbd.texi qemu-option-trace.texi
 qemu-ga.8: qemu-ga.texi
 
-html: qemu-doc.html docs/interop/qemu-qmp-ref.html 
docs/interop/qemu-ga-ref.html
-info: qemu-doc.info docs/interop/qemu-qmp-ref.info 
docs/interop/qemu-ga-ref.info
-pdf: qemu-doc.pdf docs/interop/qemu-qmp-ref.pdf docs/interop/qemu-ga-ref.pdf
-txt: qemu-doc.txt docs/interop/qemu-qmp-ref.txt docs/interop/qemu-ga-ref.txt
+html: qemu-doc.html docs/interop/qemu-qmp-ref.html 
docs/interop/qemu-ga-ref.html contrib/backup/qemu-backup.html
+info: qemu-doc.info docs/interop/qemu-qmp-ref.info 
docs/interop/qemu-ga-ref.info contrib/backup/qemu-backup.info
+pdf: qemu-doc.pdf docs/interop/qemu-qmp-ref.pdf docs/interop/qemu-ga-ref.pdf 
contrib/backup/qemu-backup.pdf
+txt: qemu-doc.txt docs/interop/qemu-qmp-ref.txt docs/interop/qemu-ga-ref.txt 
contrib/backup/qemu-backup.txt
 
 qemu-doc.html qemu-doc.info qemu-doc.pdf qemu-doc.txt: \
qemu-img.texi qemu-nbd.texi qemu-options.texi qemu-option-trace.texi \
qemu-monitor.texi qemu-img-cmds.texi qemu-ga.texi \
qemu-monitor-info.texi
 
+contrib/backup/qemu-backup.html contrib/backup/qemu-backup.pdf 
contrib/backup/qemu-backup.txt contrib/backup/qemu-backup.info: \
+   contrib/backup/qemu-backup.texi
+
 docs/interop/qemu-ga-ref.dvi docs/interop/qemu-ga-ref.html \
 docs/interop/qemu-ga-ref.info docs/interop/qemu-ga-ref.pdf \
 docs/interop/qemu-ga-ref.txt docs/interop/qemu-ga-ref.7: \
diff --git a/contrib/backup/qemu-backup.texi b/contrib/backup/qemu-backup.texi
new file mode 100644
index 000..ba9f9ec
--- /dev/null
+++ b/contrib/backup/qemu-backup.texi
@@ -0,0 +1,135 @@
+\input texinfo
+@setfilename qemu-backup
+
+@documentlanguage en
+@documentencoding UTF-8
+
+@settitle QEMU Backup Tool
+@copying
+
+Copyright @copyright{} 2017 The QEMU Project developers
+@end copying
+@ifinfo
+@direntry
+* QEMU: (QEMU-backup).Man page for QEMU Backup Tool.
+@end direntry
+@end ifinfo
+@iftex
+@titlepage
+@sp 7
+@center @titlefont{QEMU Backup Tool}
+@sp 1
+@sp 3
+@end titlepage
+@end iftex
+@ifnottex
+@node Top
+@top Short Sample
+
+@menu
+* Name::
+* Synopsis::
+* List of Commands::
+* Command Parameters::
+* Command Descriptions::
+* License::
+@end menu
+
+@end ifnottex
+
+@node Name
+@chapter Name
+
+QEMU disk backup tool.
+
+@node Synopsis
+@chapter Synopsis
+
+qemu-backup command [command options].
+
+@node  List of Commands
+@chapter  List of Commands
+@itemize
+@item qemu-backup guest add --guest guestname --qmp socketpath [--tcp]
+@item qemu-backup guest list
+@item qemu-backup drive add --id driveid --guest guestname --target target
+@item qemu-backup drive add --all --guest guestname --target target
+@item qemu-backup drive list --guest guestname
+@item qemu-backup backup [--inc] --guest guestname
+@item qemu-backup restore --guest guestname
+@item qemu-backup guest remove --guest guestname
+@item qemu-backup drive remove --guest guestname --id driveid
+@end itemize
+@node  Command Parameters
+@chapter  Command Parameters
+@itemize
+@item --all: Add all the drives present in a guest which are suitable for 
backup.
+@item --guest: Name of the guest.
+@item --id: id of guest or drive.
+@item --inc: (Optional) For incremental backup.
+@item --qmp: Path of qmp socket.
+@item 

[Qemu-devel] [PATCH 0/2] QEMU Backup Tool

[Ishani Chugh]

This patch series is intended to introduce QEMU Backup tool.
qemu-backup will be a command-line tool for performing full and
incremental disk backups on running VMs. It is intended as a
reference implementation for management stack and backup developers
to see QEMU's backup features in action.
This patch series contains two patches,
 1) Adding Manpage for the tool
 2) QEMU Backup command line tool

Ishani Chugh (2):
  Add manpage for QEMU Backup Tool
  backup: QEMU Backup Tool

 Makefile|  15 +-
 contrib/backup/qemu-backup.py   | 309 
 contrib/backup/qemu-backup.texi | 135 ++
 3 files changed, 455 insertions(+), 4 deletions(-)
 create mode 100644 contrib/backup/qemu-backup.py
 create mode 100644 contrib/backup/qemu-backup.texi

-- 
2.7.4

Re: [Qemu-devel] [PATCH v8 0/8] Optimize VMDK I/O by allocating multiple clusters

[Stefan Hajnoczi]

On Thu, Aug 10, 2017 at 9:18 AM, Ashijeet Acharya
 wrote:
> On Thu, Aug 10, 2017 at 1:41 PM, Stefan Hajnoczi  wrote:
>>
>> On Thu, Jul 27, 2017 at 3:33 PM, Ashijeet Acharya
>>  wrote:
>> > Previously posted series patches:
>> > v1 -
>> > http://lists.nongnu.org/archive/html/qemu-devel/2017-03/msg02044.html
>> > v2 -
>> > http://lists.nongnu.org/archive/html/qemu-devel/2017-03/msg05080.html
>> > v3 -
>> > http://lists.nongnu.org/archive/html/qemu-devel/2017-04/msg00074.html
>> > v4 -
>> > http://lists.nongnu.org/archive/html/qemu-devel/2017-04/msg03851.html
>> > v5 -
>> > http://lists.nongnu.org/archive/html/qemu-devel/2017-06/msg00929.html
>> > v6 -
>> > http://lists.nongnu.org/archive/html/qemu-devel/2017-06/msg00947.html
>> > v7 -
>> > http://lists.nongnu.org/archive/html/qemu-devel/2017-06/msg06600.html
>> >
>> > This series helps to optimize the I/O performance of VMDK driver.
>> >
>> > Patch 1 helps us to move vmdk_find_offset_in_cluster.
>> >
>> > Patch 2 & 3 perform a simple function re-naming tasks.
>> >
>> > Patch 4 is used to factor out metadata loading code and implement it in
>> > separate
>> > functions. This will help us to avoid code duplication in future patches
>> > of this
>> > series.
>> >
>> > Patch 5 helps to set the upper limit of the bytes handled in one cycle.
>> >
>> > Patch 6 adds new functions to help us allocate multiple clusters
>> > according to
>> > the size requested, perform COW if required and return the offset of the
>> > first
>> > newly allocated cluster.
>> >
>> > Patch 7 changes the metadata update code to update the L2 tables for
>> > multiple
>> > clusters at once.
>> >
>> > Patch 8 helps us to finally change vmdk_get_cluster_offset() to find
>> > cluster
>> > offset only as cluster allocation task is now handled by
>> > vmdk_alloc_clusters()
>> >
>> > Optimization test results:
>> >
>> > This patch series improves 128 KB sequential write performance to an
>> > empty VMDK file by 54%
>> >
>> > Benchmark command: ./qemu-img bench -w -c 1024 -s 128K -d 1 -t none -f
>> > vmdk test.vmdk
>> >
>> > Changes in v8:
>> > - fix minor variable naming issue in patch 6
>>
>> Fam: Ping?
>>
>> Ashijeet: Feel free to send a ping reply if no one reviews your
>> patches within a few days.
>
>
> Hi Stefan,
>
> I had a chat with Fam on #qemu-block before submitting this series and he
> said he will be merging it soon when the freeze is over (I am not sure if it
> is yet) since all the patches are already reviewed :-)

Good to hear :).

QEMU 2.10 is scheduled to be released on 22nd or 29th of August.

Stefan

[Qemu-devel] [PATCH] virtio-scsi: Add virtqueue_size parameter allowing virtqueue size to be set.

[Richard W.M. Jones]

Since Linux switched to blk-mq as the default in Linux commit
5c279bd9e406 ("scsi: default to scsi-mq"), virtio-scsi LUNs consume
about 10x as much guest kernel memory.

This commit allows you to choose the virtqueue size for each
virtio-scsi-pci controller like this:

  -device virtio-scsi-pci,id=scsi,virtqueue_size=16

The default is still 128 as before.  Using smaller virtqueue_size
allows many more disks to be added to small memory virtual machines.
For a 1 vCPU, 500 MB, no swap VM I observed:

  With scsi-mq enabled (upstream kernel):  175 disks
-"- ditto -"-   virtqueue_size=64: 318 disks
-"- ditto -"-   virtqueue_size=16: 775 disks
  With scsi-mq disabled (kernel before 5c279bd9e406): 1755 disks

Note that to have any effect, this requires a kernel patch:

  https://lkml.org/lkml/2017/8/10/689

Signed-off-by: Richard W.M. Jones 
---
 hw/scsi/virtio-scsi.c   | 8 +---
 include/hw/virtio/virtio-scsi.h | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index eb639442d1..aca1909a59 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -867,10 +867,10 @@ void virtio_scsi_common_realize(DeviceState *dev,
 s->sense_size = VIRTIO_SCSI_SENSE_DEFAULT_SIZE;
 s->cdb_size = VIRTIO_SCSI_CDB_DEFAULT_SIZE;
 
-s->ctrl_vq = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE, ctrl);
-s->event_vq = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE, evt);
+s->ctrl_vq = virtio_add_queue(vdev, s->conf.virtqueue_size, ctrl);
+s->event_vq = virtio_add_queue(vdev, s->conf.virtqueue_size, evt);
 for (i = 0; i < s->conf.num_queues; i++) {
-s->cmd_vqs[i] = virtio_add_queue(vdev, VIRTIO_SCSI_VQ_SIZE, cmd);
+s->cmd_vqs[i] = virtio_add_queue(vdev, s->conf.virtqueue_size, cmd);
 }
 }
 
@@ -917,6 +917,8 @@ static void virtio_scsi_device_unrealize(DeviceState *dev, 
Error **errp)
 
 static Property virtio_scsi_properties[] = {
 DEFINE_PROP_UINT32("num_queues", VirtIOSCSI, parent_obj.conf.num_queues, 
1),
+DEFINE_PROP_UINT32("virtqueue_size", VirtIOSCSI,
+ parent_obj.conf.virtqueue_size, 128),
 DEFINE_PROP_UINT32("max_sectors", VirtIOSCSI, parent_obj.conf.max_sectors,
   0x),
 DEFINE_PROP_UINT32("cmd_per_lun", VirtIOSCSI, parent_obj.conf.cmd_per_lun,
diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h
index de6ae5a9f6..4c0bcdb788 100644
--- a/include/hw/virtio/virtio-scsi.h
+++ b/include/hw/virtio/virtio-scsi.h
@@ -32,7 +32,6 @@
 #define VIRTIO_SCSI(obj) \
 OBJECT_CHECK(VirtIOSCSI, (obj), TYPE_VIRTIO_SCSI)
 
-#define VIRTIO_SCSI_VQ_SIZE 128
 #define VIRTIO_SCSI_MAX_CHANNEL 0
 #define VIRTIO_SCSI_MAX_TARGET  255
 #define VIRTIO_SCSI_MAX_LUN 16383
@@ -48,6 +47,7 @@ typedef struct virtio_scsi_config VirtIOSCSIConfig;
 
 struct VirtIOSCSIConf {
 uint32_t num_queues;
+uint32_t virtqueue_size;
 uint32_t max_sectors;
 uint32_t cmd_per_lun;
 #ifdef CONFIG_VHOST_SCSI
-- 
2.13.1

Re: [Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb

[Daniel P. Berrange]

On Thu, Aug 10, 2017 at 09:10:51AM -0700, no-re...@patchew.org wrote:
> Hi,
> 
> This series failed build test on s390x host. Please find the details below.
> 
> Subject: [Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb
> Type: series
> Message-id: 20170810155522.31099-1-berra...@redhat.com
> 
>   GEN trace/generated-helpers.h
>   GEN trace/generated-helpers-wrappers.h
>   GEN trace/generated-tcg-tracers.h
>   GEN trace/generated-helpers.c
> make: *** No rule to make target 'ui/input-keymap-atset12qcode.c', needed by 
> 'Makefile'.  Stop.
> make: *** Waiting for unfinished jobs

Opps, failure due to me not testing non-srcdir builds.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH 2/2] vl: Partial support for non-scalar properties with -object

[Paolo Bonzini]

On 10/08/2017 18:36, Markus Armbruster wrote:
>>> +while (!QSIMPLEQ_EMPTY(_queue)) {
>>> +ObjectOptionsQueueEntry *e = QSIMPLEQ_FIRST(_queue);
>>> +
>>> +QSIMPLEQ_REMOVE_HEAD(_queue, entry);
>>> +qapi_free_ObjectOptions(e->oo);
>>> +g_free(e);
>>> +}
>> Why not free the queue entry in object_create, and assert here that it's
>> empty?
> 
> Assumes object_create_delayed(TYPE) == !object_create_initial(TYPE),
> which is the case.  Fewer assumptions is good.  Less code is also good.
> Pick your goodness, please :)

I think the assumption is not that object_create_delayed(TYPE) ==
!object_create_initial(TYPE), but rather that all -object options are
dealt with (and they shouldn't be dealt more than once).  It's a
reasonable assumption, methinks. :)

Paolo

Re: [Qemu-devel] [PATCH 2/2] vl: Partial support for non-scalar properties with -object

[Markus Armbruster]

Paolo Bonzini  writes:

> On 10/08/2017 14:25, Markus Armbruster wrote:
>> We've wanted -object to support non-scalar properties for a while.
>> Dan Berrange tried in "[PATCH v4 00/10]Provide a QOM-based
>> authorization API".  Review led to the conclusion that we need to
>> replace rather than add to QemuOpts.  Initial work towards that goal
>> has been merged to provide -blockdev (commit 8746709), but there's
>> substantial work left, mostly due to an bewildering array of
>> compatibility problems.
>> 
>> Even if a full solution is still out of reach, we can have a partial
>> solution now: accept -object argument in JSON syntax.  This should
>> unblock development work that needs non-scalar properties with -object
>> 
>> The implementation is similar to -blockdev, except we use the new
>> infrastructure only for the new JSON case, and stick to QemuOpts for
>> the existing KEY=VALUE,... case, to sidestep compatibility problems.
>> 
>> If we did this for more options, we'd have to factor out common code.
>> But for one option, this will do.
>> 
>> Signed-off-by: Markus Armbruster 
>> ---
>>  qapi-schema.json | 14 +++---
>>  vl.c | 55 
>> +++
>>  2 files changed, 66 insertions(+), 3 deletions(-)
>> 
>> diff --git a/qapi-schema.json b/qapi-schema.json
>> index 802ea53..7ed1db1 100644
>> --- a/qapi-schema.json
>> +++ b/qapi-schema.json
>> @@ -3618,15 +3618,23 @@
>>  { 'command': 'netdev_del', 'data': {'id': 'str'} }
>>  
>>  ##
>> -# @object-add:
>> +# @ObjectOptions:
>>  #
>> -# Create a QOM object.
>> +# Options for creating an object.
>>  #
>>  # @qom-type: the class name for the object to be created
>>  #
>>  # @id: the name of the new object
>>  #
>>  # @props: a dictionary of properties to be passed to the backend
>> +##
>> +{ 'struct': 'ObjectOptions',
>> +  'data': {'qom-type': 'str', 'id': 'str', '*props': 'any'} }
>> +
>> +##
>> +# @object-add:
>> +#
>> +# Create a QOM object.
>>  #
>>  # Returns: Nothing on success
>>  #  Error if @qom-type is not a valid class name
>> @@ -3642,7 +3650,7 @@
>>  #
>>  ##
>>  { 'command': 'object-add',
>> -  'data': {'qom-type': 'str', 'id': 'str', '*props': 'any'} }
>> +  'data': 'ObjectOptions' }
>>  
>>  ##
>>  # @object-del:
>> diff --git a/vl.c b/vl.c
>> index fd98ed1..db4680b 100644
>> --- a/vl.c
>> +++ b/vl.c
>> @@ -2854,8 +2854,32 @@ static bool object_create_delayed(const char *type)
>>  return !object_create_initial(type);
>>  }
>>  
>> +typedef struct ObjectOptionsQueueEntry {
>> +ObjectOptions *oo;
>> +Location loc;
>> +QSIMPLEQ_ENTRY(ObjectOptionsQueueEntry) entry;
>> +} ObjectOptionsQueueEntry;
>> +
>> +typedef QSIMPLEQ_HEAD(ObjectOptionsQueue, ObjectOptionsQueueEntry)
>> +ObjectOptionsQueue;
>> +
>> +ObjectOptionsQueue oo_queue = QSIMPLEQ_HEAD_INITIALIZER(oo_queue);
>> +
>> +
>>  static void object_create(bool (*type_predicate)(const char *))
>>  {
>> +ObjectOptionsQueueEntry *e;
>> +
>> +QSIMPLEQ_FOREACH(e, _queue, entry) {
>> +if (!type_predicate(e->oo->qom_type)) {
>> +continue;
>> +}
>> +loc_push_restore(>loc);
>> +qmp_object_add(e->oo->qom_type, e->oo->id,
>> +   e->oo->has_props, e->oo->props, _fatal);
>> +loc_pop(>loc);
>> +}
>> +
>>  if (qemu_opts_foreach(qemu_find_opts("object"),
>>user_creatable_add_opts_foreach,
>>type_predicate, NULL)) {
>> @@ -4078,6 +4102,29 @@ int main(int argc, char **argv, char **envp)
>>  #endif
>>  break;
>>  case QEMU_OPTION_object:
>> +/*
>> + * TODO Use qobject_input_visitor_new_str() instead of
>> + * QemuOpts, not in addition to.  Not done now because
>> + * keyval_parse() isn't wart-compatible with QemuOpts.
>> + */
>> +if (optarg[0] == '{') {
>> +Visitor *v;
>> +ObjectOptionsQueueEntry *e;
>> +
>> +v = qobject_input_visitor_new_str(optarg, "qom-type",
>> +  );
>> +if (!v) {
>> +error_report_err(err);
>> +exit(1);
>> +}
>> +
>> +e = g_new(ObjectOptionsQueueEntry, 1);
>> +visit_type_ObjectOptions(v, NULL, >oo, _fatal);
>> +visit_free(v);
>> +loc_save(>loc);
>> +QSIMPLEQ_INSERT_TAIL(_queue, e, entry);
>> +break;
>> +}
>>  opts = qemu_opts_parse_noisily(qemu_find_opts("object"),
>> optarg, true);
>>  if (!opts) {
>> @@ -4525,6 +4572,14 @@ int main(int argc, char **argv, char **envp)
>>  
>>  

Re: [Qemu-devel] [PATCH 0/8] Enable full IPv4/IPv6 dual stack support

[no-reply]

Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Message-id: 20170810160451.32723-1-berra...@redhat.com
Subject: [Qemu-devel] [PATCH 0/8] Enable full IPv4/IPv6 dual stack support
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-build@min-glib
time make docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   patchew/20170810160451.32723-1-berra...@redhat.com 
-> patchew/20170810160451.32723-1-berra...@redhat.com
Switched to a new branch 'test'
c80d4b3d99 sockets: fix parsing of ipv4/ipv6 opts in parse_socket_addr
85193a29c1 ui: convert VNC server to QIONetListener
59dd1813c8 chardev: convert the socket server to QIONetListener
2304ec200f migration: convert socket server to QIONetListener
4f4c339d2c blockdev: convert qemu-nbd server to QIONetListener
9837cc0ccd blockdev: convert internal NBD server to QIONetListener
f3aa1d82c5 io: introduce a network socket listener API
81584cdc6f tests: add functional test validating ipv4/ipv6 address flag handling

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-7o1dgdzo/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-7o1dgdzo/src'
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
bison-2.4.1-5.el6.x86_64
ccache-3.1.6-2.el6.x86_64
epel-release-6-8.noarch
flex-2.5.35-9.el6.x86_64
gcc-4.4.7-18.el6.x86_64
git-1.7.1-8.el6.x86_64
glib2-devel-2.28.8-9.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
make-3.81-23.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
tar-1.23-15.el6_8.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=libfdt-devel ccache tar git make gcc g++ flex bison zlib-devel 
glib2-devel SDL-devel pixman-devel epel-release
HOSTNAME=638a1a17597e
TERM=xterm
MAKEFLAGS= -j8
HISTSIZE=1000
J=8
USER=root
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
MAIL=/var/spool/mail/root
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
LANG=en_US.UTF-8
TARGET_LIST=
HISTCONTROL=ignoredups
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
FEATURES= dtc
DEBUG=
G_BROKEN_FILENAMES=1
CCACHE_HASHDIR=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/var/tmp/qemu-build/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/var/tmp/qemu-build/install
BIOS directory/var/tmp/qemu-build/install/share/qemu
binary directory  /var/tmp/qemu-build/install/bin
library directory /var/tmp/qemu-build/install/lib
module directory  /var/tmp/qemu-build/install/lib/qemu
libexec directory /var/tmp/qemu-build/install/libexec
include directory /var/tmp/qemu-build/install/include
config directory  /var/tmp/qemu-build/install/etc
local state directory   /var/tmp/qemu-build/install/var
Manual directory  /var/tmp/qemu-build/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc

Re: [Qemu-devel] [PATCH 0/8] Enable full IPv4/IPv6 dual stack support

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20170810160451.32723-1-berra...@redhat.com
Subject: [Qemu-devel] [PATCH 0/8] Enable full IPv4/IPv6 dual stack support
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
c80d4b3d99 sockets: fix parsing of ipv4/ipv6 opts in parse_socket_addr
85193a29c1 ui: convert VNC server to QIONetListener
59dd1813c8 chardev: convert the socket server to QIONetListener
2304ec200f migration: convert socket server to QIONetListener
4f4c339d2c blockdev: convert qemu-nbd server to QIONetListener
9837cc0ccd blockdev: convert internal NBD server to QIONetListener
f3aa1d82c5 io: introduce a network socket listener API
81584cdc6f tests: add functional test validating ipv4/ipv6 address flag handling

=== OUTPUT BEGIN ===
Checking PATCH 1/8: tests: add functional test validating ipv4/ipv6 address 
flag handling...
Checking PATCH 2/8: io: introduce a network socket listener API...
Checking PATCH 3/8: blockdev: convert internal NBD server to QIONetListener...
Checking PATCH 4/8: blockdev: convert qemu-nbd server to QIONetListener...
WARNING: line over 80 characters
#41: FILE: qemu-nbd.c:348:
+static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, 
gpointer opaque)

total: 0 errors, 1 warnings, 99 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 5/8: migration: convert socket server to QIONetListener...
ERROR: line over 90 characters
#89: FILE: migration/socket.c:163:
+qio_net_listener_set_client_func(listener, 
socket_accept_incoming_migration, NULL, NULL);

total: 1 errors, 0 warnings, 82 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 6/8: chardev: convert the socket server to QIONetListener...
WARNING: line over 80 characters
#57: FILE: chardev/char-socket.c:408:
+qio_net_listener_set_client_func(s->listener, tcp_chr_accept, chr, 
NULL);

WARNING: line over 80 characters
#165: FILE: chardev/char-socket.c:946:
+qio_net_listener_set_client_func(s->listener, tcp_chr_accept, 
chr, NULL);

total: 0 errors, 2 warnings, 168 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 7/8: ui: convert VNC server to QIONetListener...
WARNING: line over 80 characters
#51: FILE: ui/vnc.c:390:
+addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], 
errp);

total: 0 errors, 1 warnings, 292 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 8/8: sockets: fix parsing of ipv4/ipv6 opts in 
parse_socket_addr...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH v7 2/6] qmp: Create IOThrottle structure

[Markus Armbruster]

Eric Blake  writes:

> On 08/10/2017 09:06 AM, Pradeep Jagadeesh wrote:
>
 It's not "moving it back", it's keeping it where it is. But I see no big
 problem with moving it to a common file either.
>>>
>>> I'd rather not put every struct shared across subsystem boundaries in
>>> its own file.
>>>
>>> We can keep it right where it is for now.  Bonus: more readable diff.
>>> If we start sharing more throttle-related material than just a struct,
>>> we can reconsider.
>>>
>>> We could also move it to the existing file for common stuff:
>>> qapi/common.json.  Not a great fit, though.
>>
>> So, the final conclusion is to move to common.json?
>
> No.
>
> If more than one .json file would benefit by including the definition,
> then put it in a separate file that both .json include from.

This is the case.

Your opinion is incompatible with mine, stated above.

> But if only one .json file would be including a new file, then just
> inline the struct directly into that one original file (in this case,
> block-core.json) instead of creating a separate file (so no to needing
> iothrottle.json), or putting the code in yet a different file than the
> one that is using the struct (so no to putting it in common.json).

This is no longer the case.

Conclusion: no consensus, yet.

Re: [Qemu-devel] [PATCH 2/2] vl: Partial support for non-scalar properties with -object

[Markus Armbruster]

Eric Blake  writes:

> On 08/10/2017 07:25 AM, Markus Armbruster wrote:
>> We've wanted -object to support non-scalar properties for a while.
>> Dan Berrange tried in "[PATCH v4 00/10]Provide a QOM-based
>> authorization API".  Review led to the conclusion that we need to
>> replace rather than add to QemuOpts.  Initial work towards that goal
>> has been merged to provide -blockdev (commit 8746709), but there's
>> substantial work left, mostly due to an bewildering array of
>> compatibility problems.
>> 
>> Even if a full solution is still out of reach, we can have a partial
>> solution now: accept -object argument in JSON syntax.  This should
>> unblock development work that needs non-scalar properties with -object
>> 
>
> Trailing dot?

Will fix.

>> The implementation is similar to -blockdev, except we use the new
>> infrastructure only for the new JSON case, and stick to QemuOpts for
>> the existing KEY=VALUE,... case, to sidestep compatibility problems.
>> 
>> If we did this for more options, we'd have to factor out common code.
>> But for one option, this will do.
>> 
>> Signed-off-by: Markus Armbruster 
>> ---
>>  qapi-schema.json | 14 +++---
>>  vl.c | 55 
>> +++
>>  2 files changed, 66 insertions(+), 3 deletions(-)
>> 
>
> 2.11 material.

Yes.

>> @@ -4078,6 +4102,29 @@ int main(int argc, char **argv, char **envp)
>>  #endif
>>  break;
>>  case QEMU_OPTION_object:
>> +/*
>> + * TODO Use qobject_input_visitor_new_str() instead of
>> + * QemuOpts, not in addition to.  Not done now because
>> + * keyval_parse() isn't wart-compatible with QemuOpts.
>> + */
>> +if (optarg[0] == '{') {
>
> So we DON'T allow " {...}", even though that is valid JSON.  I'm okay
> with stating that { is magic only as the first byte.

Consistent with -blockdev.  Can improve later, if we want to.

> Reviewed-by: Eric Blake 
>
> Do we need any documentation additions (whether in --help output, or in
> the man page, or ?)

Let's not advertise this just yet.  It's mostly so that Manos can make
progress while we work on the full solution (he wants to use -object for
throttle filters, and needs non-scalar properties).

Re: [Qemu-devel] [PATCH 1/2] vl: Factor object_create() out of main()

[Markus Armbruster]

Eric Blake  writes:

> On 08/10/2017 07:25 AM, Markus Armbruster wrote:
>> Signed-off-by: Markus Armbruster 
>> ---
>>  vl.c | 21 ++---
>>  1 file changed, 10 insertions(+), 11 deletions(-)
>> 
>
>> +++ b/vl.c
>> @@ -2845,7 +2845,6 @@ static bool object_create_initial(const char *type)
>>  return true;
>>  }
>>  
>> -
>>  /*
>
> Spurious whitespace change? I can live with it because it adds
> consistency, but it's not on a function directly touched by this patch.

Not intentional (alternatively: I've since forgotten).  I'll drop it.

> Reviewed-by: Eric Blake 

Thanks!

Re: [Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20170810155522.31099-1-berra...@redhat.com
Subject: [Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/1502380961-16398-2-git-send-email-gr...@kaod.org -> 
patchew/1502380961-16398-2-git-send-email-gr...@kaod.org
Switched to a new branch 'test'
7c26de29e6 display: convert XenInput keyboard to keycodemapdb
b9d4f633bb ui: remove qemu_input_linux_to_qcode method
b82952e02a ui: remove qemu_input_qcode_to_number method
e61e51c4c6 ui: convert GTK and SDL1 frontends to keycodemapdb
8da0073fa4 ui: convert the SDL2 frontend to keycodemapdb
f4347fae8a ui: convert cocoa frontend to keycodemapdb
0bb5e3ca3a char: convert the escc device to keycodemapdb
1524c6518c input: convert the adb device to keycodemapdb
931965df01 input: convert ps2 device to keycodemapdb
0e01238d65 input: convert virtio-input-hid device to keycodemapdb
f6ca40df3d ui: use QKeyCode exclusively in InputKeyEvent
5252b5946a ui: don't export qemu_input_event_new_key
047c3a0c37 ui: convert key events to QKeyCodes immediately
9ee7d5824f ui: convert common input code to keycodemapdb
ae5a212c48 ui: add keycodemapdb repository as a GIT submodule

=== OUTPUT BEGIN ===
Checking PATCH 1/15: ui: add keycodemapdb repository as a GIT submodule...
Checking PATCH 2/15: ui: convert common input code to keycodemapdb...
Checking PATCH 3/15: ui: convert key events to QKeyCodes immediately...
Checking PATCH 4/15: ui: don't export qemu_input_event_new_key...
Checking PATCH 5/15: ui: use QKeyCode exclusively in InputKeyEvent...
WARNING: line over 80 characters
#361: FILE: ui/input.c:380:
+void qemu_input_event_send_key_qcode(QemuConsole *src, QKeyCode qcode, bool 
down)

total: 0 errors, 1 warnings, 321 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 6/15: input: convert virtio-input-hid device to keycodemapdb...
Checking PATCH 7/15: input: convert ps2 device to keycodemapdb...
Checking PATCH 8/15: input: convert the adb device to keycodemapdb...
Checking PATCH 9/15: char: convert the escc device to keycodemapdb...
Checking PATCH 10/15: ui: convert cocoa frontend to keycodemapdb...
Checking PATCH 11/15: ui: convert the SDL2 frontend to keycodemapdb...
WARNING: line over 80 characters
#101: FILE: ui/sdl2-input.c:40:
+for (i = 0; i < SDL_NUM_SCANCODES && i < qemu_input_map_usb2qcode_len ; 
i++) {

total: 0 errors, 1 warnings, 56 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 12/15: ui: convert GTK and SDL1 frontends to keycodemapdb...
ERROR: unnecessary whitespace before a quoted newline
#279: FILE: ui/gtk.c:1149:
+g_warning("experimental: using broadway, x11 virtual keysym \n"

ERROR: unnecessary whitespace before a quoted newline
#280: FILE: ui/gtk.c:1150:
+  "mapping - with very limited support. See also \n"

ERROR: braces {} are necessary for all arms of this statement
#301: FILE: ui/gtk.c:1170:
+if (!keycode_map)
[...]

ERROR: braces {} are necessary for all arms of this statement
#303: FILE: ui/gtk.c:1172:
+if (scancode > keycode_maplen)
[...]

ERROR: braces {} are necessary for all arms of this statement
#550: FILE: ui/sdl.c:245:
+if (!keycode_map)
[...]

ERROR: braces {} are necessary for all arms of this statement
#552: FILE: ui/sdl.c:247:
+if (ev->keysym.scancode > keycode_maplen)
[...]

ERROR: braces {} are necessary for all arms of this statement
#797: FILE: ui/x_keymap.c:27:
+if (strstr(vendor, "Cygwin/X"))
[...]

ERROR: braces {} are necessary for all arms of this statement
#813: FILE: ui/x_keymap.c:41:
+if (strcmp(extensions[i], "Apple-WM") == 0 ||
[...]

ERROR: braces {} are necessary for all arms of this statement
#817: FILE: ui/x_keymap.c:45:
+if (extensions)
[...]

total: 9 errors, 0 warnings, 833 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 13/15: ui: remove qemu_input_qcode_to_number method...
Checking PATCH 14/15: ui: remove 

Re: [Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb

[no-reply]

Hi,

This series failed build test on s390x host. Please find the details below.

Subject: [Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb
Type: series
Message-id: 20170810155522.31099-1-berra...@redhat.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
CC=$HOME/bin/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL
make -j4
# XXX: we need reliable clean up
# make check -j4 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]  
patchew/150229685736.21846.2809147507731700887.st...@bahia.lan -> 
patchew/150229685736.21846.2809147507731700887.st...@bahia.lan
 - [tag update]  
patchew/1502359588-29451-1-git-send-email-arm...@redhat.com -> 
patchew/1502359588-29451-1-git-send-email-arm...@redhat.com
 - [tag update]  patchew/1502365466-19432-1-git-send-email-th...@redhat.com 
-> patchew/1502365466-19432-1-git-send-email-th...@redhat.com
 - [tag update]  
patchew/1502367921-17730-1-git-send-email-arm...@redhat.com -> 
patchew/1502367921-17730-1-git-send-email-arm...@redhat.com
 - [tag update]  patchew/20170808162629.32493-1-quint...@redhat.com -> 
patchew/20170808162629.32493-1-quint...@redhat.com
 - [tag update]  patchew/20170809203808.31725-1-ebl...@redhat.com -> 
patchew/20170809203808.31725-1-ebl...@redhat.com
 - [tag update]  patchew/20170810080108.31047-1-f...@redhat.com -> 
patchew/20170810080108.31047-1-f...@redhat.com
 - [tag update]  patchew/20170810123741.30449-1-coh...@redhat.com -> 
patchew/20170810123741.30449-1-coh...@redhat.com
 * [new tag] patchew/20170810155522.31099-1-berra...@redhat.com -> 
patchew/20170810155522.31099-1-berra...@redhat.com
Switched to a new branch 'test'
7c26de2 display: convert XenInput keyboard to keycodemapdb
b9d4f63 ui: remove qemu_input_linux_to_qcode method
b82952e ui: remove qemu_input_qcode_to_number method
e61e51c ui: convert GTK and SDL1 frontends to keycodemapdb
8da0073 ui: convert the SDL2 frontend to keycodemapdb
f4347fa ui: convert cocoa frontend to keycodemapdb
0bb5e3c char: convert the escc device to keycodemapdb
1524c65 input: convert the adb device to keycodemapdb
931965d input: convert ps2 device to keycodemapdb
0e01238 input: convert virtio-input-hid device to keycodemapdb
f6ca40d ui: use QKeyCode exclusively in InputKeyEvent
5252b59 ui: don't export qemu_input_event_new_key
047c3a0 ui: convert key events to QKeyCodes immediately
9ee7d58 ui: convert common input code to keycodemapdb
ae5a212 ui: add keycodemapdb repository as a GIT submodule

=== OUTPUT BEGIN ===
=== ENV ===
XDG_SESSION_ID=20695
SHELL=/bin/sh
USER=fam
PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug
PATH=/usr/bin:/bin
PWD=/var/tmp/patchew-tester-tmp-pe1ekf8x/src
LANG=en_US.UTF-8
HOME=/home/fam
SHLVL=2
LOGNAME=fam
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus
XDG_RUNTIME_DIR=/run/user/1012
_=/usr/bin/env
=== PACKAGES ===
gpg-pubkey-873529b8-54e386ff
xz-libs-5.2.2-2.fc24.s390x
libxshmfence-1.2-3.fc24.s390x
giflib-4.1.6-15.fc24.s390x
trousers-lib-0.3.13-6.fc24.s390x
ncurses-base-6.0-6.20160709.fc25.noarch
gmp-6.1.1-1.fc25.s390x
libidn-1.33-1.fc25.s390x
slang-2.3.0-7.fc25.s390x
pkgconfig-0.29.1-1.fc25.s390x
alsa-lib-1.1.1-2.fc25.s390x
yum-metadata-parser-1.1.4-17.fc25.s390x
python3-slip-dbus-0.6.4-4.fc25.noarch
python2-cssselect-0.9.2-1.fc25.noarch
createrepo_c-libs-0.10.0-6.fc25.s390x
initscripts-9.69-1.fc25.s390x
parted-3.2-21.fc25.s390x
flex-2.6.0-3.fc25.s390x
colord-libs-1.3.4-1.fc25.s390x
python-osbs-client-0.33-3.fc25.noarch
perl-Pod-Simple-3.35-1.fc25.noarch
python2-simplejson-3.10.0-1.fc25.s390x
brltty-5.4-2.fc25.s390x
librados2-10.2.4-2.fc25.s390x
tcp_wrappers-7.6-83.fc25.s390x
libcephfs_jni1-10.2.4-2.fc25.s390x
nettle-devel-3.3-1.fc25.s390x
bzip2-devel-1.0.6-21.fc25.s390x
libuuid-2.28.2-2.fc25.s390x
python3-dnf-1.1.10-6.fc25.noarch
texlive-kpathsea-doc-svn41139-33.fc25.1.noarch
openssh-7.4p1-4.fc25.s390x
texlive-kpathsea-bin-svn40473-33.20160520.fc25.1.s390x
texlive-graphics-svn41015-33.fc25.1.noarch
texlive-dvipdfmx-def-svn40328-33.fc25.1.noarch
texlive-mfware-svn40768-33.fc25.1.noarch
texlive-texlive-scripts-svn41433-33.fc25.1.noarch
texlive-euro-svn22191.1.1-33.fc25.1.noarch
texlive-etex-svn37057.0-33.fc25.1.noarch
texlive-iftex-svn29654.0.2-33.fc25.1.noarch
texlive-palatino-svn31835.0-33.fc25.1.noarch
texlive-texlive-docindex-svn41430-33.fc25.1.noarch
texlive-xunicode-svn30466.0.981-33.fc25.1.noarch
texlive-koma-script-svn41508-33.fc25.1.noarch
texlive-pst-grad-svn15878.1.06-33.fc25.1.noarch
texlive-pst-blur-svn15878.2.0-33.fc25.1.noarch

Re: [Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb

[no-reply]

Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Message-id: 20170810155522.31099-1-berra...@redhat.com
Subject: [Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-build@min-glib
time make docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]
patchew/150229685736.21846.2809147507731700887.st...@bahia.lan -> 
patchew/150229685736.21846.2809147507731700887.st...@bahia.lan
 t [tag update]
patchew/1502359588-29451-1-git-send-email-arm...@redhat.com -> 
patchew/1502359588-29451-1-git-send-email-arm...@redhat.com
 t [tag update]
patchew/1502365466-19432-1-git-send-email-th...@redhat.com -> 
patchew/1502365466-19432-1-git-send-email-th...@redhat.com
 t [tag update]
patchew/1502367921-17730-1-git-send-email-arm...@redhat.com -> 
patchew/1502367921-17730-1-git-send-email-arm...@redhat.com
 t [tag update]patchew/20170808162629.32493-1-quint...@redhat.com 
-> patchew/20170808162629.32493-1-quint...@redhat.com
 t [tag update]patchew/20170809203808.31725-1-ebl...@redhat.com -> 
patchew/20170809203808.31725-1-ebl...@redhat.com
 t [tag update]patchew/20170810080108.31047-1-f...@redhat.com -> 
patchew/20170810080108.31047-1-f...@redhat.com
 * [new tag]   patchew/20170810155522.31099-1-berra...@redhat.com 
-> patchew/20170810155522.31099-1-berra...@redhat.com
Switched to a new branch 'test'
7c26de29e6 display: convert XenInput keyboard to keycodemapdb
b9d4f633bb ui: remove qemu_input_linux_to_qcode method
b82952e02a ui: remove qemu_input_qcode_to_number method
e61e51c4c6 ui: convert GTK and SDL1 frontends to keycodemapdb
8da0073fa4 ui: convert the SDL2 frontend to keycodemapdb
f4347fae8a ui: convert cocoa frontend to keycodemapdb
0bb5e3ca3a char: convert the escc device to keycodemapdb
1524c6518c input: convert the adb device to keycodemapdb
931965df01 input: convert ps2 device to keycodemapdb
0e01238d65 input: convert virtio-input-hid device to keycodemapdb
f6ca40df3d ui: use QKeyCode exclusively in InputKeyEvent
5252b5946a ui: don't export qemu_input_event_new_key
047c3a0c37 ui: convert key events to QKeyCodes immediately
9ee7d5824f ui: convert common input code to keycodemapdb
ae5a212c48 ui: add keycodemapdb repository as a GIT submodule

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-b0_jr94m/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-b0_jr94m/src'
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
bison-2.4.1-5.el6.x86_64
ccache-3.1.6-2.el6.x86_64
epel-release-6-8.noarch
flex-2.5.35-9.el6.x86_64
gcc-4.4.7-18.el6.x86_64
git-1.7.1-8.el6.x86_64
glib2-devel-2.28.8-9.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
make-3.81-23.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
tar-1.23-15.el6_8.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=libfdt-devel ccache tar git make gcc g++ flex bison zlib-devel 
glib2-devel SDL-devel pixman-devel epel-release
HOSTNAME=01405751235b
TERM=xterm
MAKEFLAGS= -j8
HISTSIZE=1000
J=8
USER=root

[Qemu-devel] [PATCH 7/8] ui: convert VNC server to QIONetListener

[Daniel P. Berrange]

The VNC server already has the ability to listen on multiple sockets.
Converting it to use the QIONetListener APIs though, will reduce the
amount of code in the VNC server and improve the clarity of what is
left.

Signed-off-by: Daniel P. Berrange 
---
 ui/vnc.c | 194 ++-
 ui/vnc.h |   9 +--
 2 files changed, 57 insertions(+), 146 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index 651cbb8606..5b78541575 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -227,12 +227,12 @@ static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
 VncServerInfo *info;
 Error *err = NULL;
 
-if (!vd->nlsock) {
+if (!vd->listener || !vd->listener->nsioc) {
 return NULL;
 }
 
 info = g_malloc0(sizeof(*info));
-vnc_init_basic_info_from_server_addr(vd->lsock[0],
+vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
  qapi_VncServerInfo_base(info), );
 info->has_auth = true;
 info->auth = g_strdup(vnc_auth_name(vd));
@@ -378,7 +378,7 @@ VncInfo *qmp_query_vnc(Error **errp)
 VncDisplay *vd = vnc_display_find(NULL);
 SocketAddress *addr = NULL;
 
-if (vd == NULL || !vd->nlsock) {
+if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
 info->enabled = false;
 } else {
 info->enabled = true;
@@ -387,11 +387,7 @@ VncInfo *qmp_query_vnc(Error **errp)
 info->has_clients = true;
 info->clients = qmp_query_client_list(vd);
 
-if (vd->lsock == NULL) {
-return info;
-}
-
-addr = qio_channel_socket_get_local_address(vd->lsock[0], errp);
+addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], 
errp);
 if (!addr) {
 goto out_error;
 }
@@ -571,13 +567,14 @@ VncInfo2List *qmp_query_vnc_servers(Error **errp)
 info->has_display = true;
 info->display = g_strdup(dev->id);
 }
-for (i = 0; i < vd->nlsock; i++) {
+for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
 info->server = qmp_query_server_entry(
-vd->lsock[i], false, vd->auth, vd->subauth, info->server);
+vd->listener->sioc[i], false, vd->auth, vd->subauth,
+info->server);
 }
-for (i = 0; i < vd->nlwebsock; i++) {
+for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
 info->server = qmp_query_server_entry(
-vd->lwebsock[i], true, vd->ws_auth,
+vd->wslistener->sioc[i], true, vd->ws_auth,
 vd->ws_subauth, info->server);
 }
 
@@ -2991,36 +2988,18 @@ void vnc_start_protocol(VncState *vs)
 qemu_add_mouse_mode_change_notifier(>mouse_mode_notifier);
 }
 
-static gboolean vnc_listen_io(QIOChannel *ioc,
-  GIOCondition condition,
-  void *opaque)
+static void vnc_listen_io(QIONetListener *listener,
+  QIOChannelSocket *cioc,
+  void *opaque)
 {
 VncDisplay *vd = opaque;
-QIOChannelSocket *sioc = NULL;
-Error *err = NULL;
-bool isWebsock = false;
-size_t i;
-
-for (i = 0; i < vd->nlwebsock; i++) {
-if (ioc == QIO_CHANNEL(vd->lwebsock[i])) {
-isWebsock = true;
-break;
-}
-}
-
-sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), );
-if (sioc != NULL) {
-qio_channel_set_name(QIO_CHANNEL(sioc),
- isWebsock ? "vnc-ws-server" : "vnc-server");
-qio_channel_set_delay(QIO_CHANNEL(sioc), false);
-vnc_connect(vd, sioc, false, isWebsock);
-object_unref(OBJECT(sioc));
-} else {
-/* client probably closed connection before we got there */
-error_free(err);
-}
+bool isWebsock = listener == vd->wslistener;
 
-return TRUE;
+qio_channel_set_name(QIO_CHANNEL(cioc),
+ isWebsock ? "vnc-ws-server" : "vnc-server");
+qio_channel_set_delay(QIO_CHANNEL(cioc), false);
+vnc_connect(vd, cioc, false, isWebsock);
+object_unref(OBJECT(cioc));
 }
 
 static const DisplayChangeListenerOps dcl_ops = {
@@ -3072,34 +3051,22 @@ void vnc_display_init(const char *id)
 
 static void vnc_display_close(VncDisplay *vd)
 {
-size_t i;
 if (!vd) {
 return;
 }
 vd->is_unix = false;
-for (i = 0; i < vd->nlsock; i++) {
-if (vd->lsock_tag[i]) {
-g_source_remove(vd->lsock_tag[i]);
-}
-object_unref(OBJECT(vd->lsock[i]));
+
+if (vd->listener) {
+qio_net_listener_disconnect(vd->listener);
+object_unref(OBJECT(vd->listener));
 }
-g_free(vd->lsock);
-g_free(vd->lsock_tag);
-vd->lsock = NULL;
-vd->lsock_tag = NULL;
-vd->nlsock = 0;
+vd->listener = NULL;
 
-for (i = 0; i < vd->nlwebsock; i++) {
-   

Re: [Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb

[no-reply]

Hi,

This series failed build test on FreeBSD host. Please find the details below.

Subject: [Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb
Type: series
Message-id: 20170810155522.31099-1-berra...@redhat.com

=== TEST SCRIPT BEGIN ===
#!/bin/sh
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
pkg info
echo "=== TEST BEGIN ==="
CC=/usr/local/libexec/ccache/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL --target-list=x86_64-softmmu
gmake -j4
# XXX: we need reliable clean up
# make check -j4 V=1
gmake install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]
patchew/150229685736.21846.2809147507731700887.st...@bahia.lan -> 
patchew/150229685736.21846.2809147507731700887.st...@bahia.lan
 t [tag update]
patchew/1502359588-29451-1-git-send-email-arm...@redhat.com -> 
patchew/1502359588-29451-1-git-send-email-arm...@redhat.com
 t [tag update]
patchew/1502365466-19432-1-git-send-email-th...@redhat.com -> 
patchew/1502365466-19432-1-git-send-email-th...@redhat.com
 t [tag update]
patchew/1502367921-17730-1-git-send-email-arm...@redhat.com -> 
patchew/1502367921-17730-1-git-send-email-arm...@redhat.com
 t [tag update]patchew/20170808162629.32493-1-quint...@redhat.com 
-> patchew/20170808162629.32493-1-quint...@redhat.com
 t [tag update]patchew/20170809203808.31725-1-ebl...@redhat.com -> 
patchew/20170809203808.31725-1-ebl...@redhat.com
 t [tag update]patchew/20170810080108.31047-1-f...@redhat.com -> 
patchew/20170810080108.31047-1-f...@redhat.com
 t [tag update]patchew/20170810123741.30449-1-coh...@redhat.com -> 
patchew/20170810123741.30449-1-coh...@redhat.com
 * [new tag]   patchew/20170810155522.31099-1-berra...@redhat.com 
-> patchew/20170810155522.31099-1-berra...@redhat.com
Switched to a new branch 'test'
7c26de29e6 display: convert XenInput keyboard to keycodemapdb
b9d4f633bb ui: remove qemu_input_linux_to_qcode method
b82952e02a ui: remove qemu_input_qcode_to_number method
e61e51c4c6 ui: convert GTK and SDL1 frontends to keycodemapdb
8da0073fa4 ui: convert the SDL2 frontend to keycodemapdb
f4347fae8a ui: convert cocoa frontend to keycodemapdb
0bb5e3ca3a char: convert the escc device to keycodemapdb
1524c6518c input: convert the adb device to keycodemapdb
931965df01 input: convert ps2 device to keycodemapdb
0e01238d65 input: convert virtio-input-hid device to keycodemapdb
f6ca40df3d ui: use QKeyCode exclusively in InputKeyEvent
5252b5946a ui: don't export qemu_input_event_new_key
047c3a0c37 ui: convert key events to QKeyCodes immediately
9ee7d5824f ui: convert common input code to keycodemapdb
ae5a212c48 ui: add keycodemapdb repository as a GIT submodule

=== OUTPUT BEGIN ===
=== ENV ===
LOGNAME=patchew-tester
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
PWD=/var/tmp/patchew-tester-tmp-auzl37fu/src
HOME=/home/patchew-tester
USER=patchew-tester
SHELL=/bin/sh
PATCHEW=/home/patchew-tester/patchew/patchew-cli -s http://patchew.org --nodebug
=== PACKAGES ===
bash-4.4.12_2  GNU Project's Bourne Again SHell
binutils-2.28,1GNU binary tools
bison-3.0.4,1  Parser generator from FSF, (mostly) compatible 
with Yacc
ca_root_nss-3.30.2 Root certificate bundle from the Mozilla Project
ccache-3.3.4_3 Tool to minimize the compile time of C/C++ 
programs
curl-7.54.0Non-interactive tool to get files from FTP, 
GOPHER, HTTP(S) servers
cvsps-2.1_2Create patchset information from CVS
dtc-1.4.2_1Device Tree Compiler
expat-2.2.0_1  XML 1.0 parser written in C
gcc-5.4.0  GNU Compiler Collection 5
gcc-ecj-4.5Eclipse Java Compiler used to build GCC Java
gettext-runtime-0.19.8.1_1 GNU gettext runtime libraries and programs
git-2.13.0 Distributed source code management tool
glib-2.46.2_5  Some useful routines of C programming (current 
stable version)
gmake-4.2.1_1  GNU version of 'make' utility
gmp-6.1.2  Free library for arbitrary precision arithmetic
indexinfo-0.2.6Utility to regenerate the GNU info page index
libffi-3.2.1   Foreign Function Interface
libiconv-1.14_10   Character set conversion library
libnghttp2-1.21.0  HTTP/2.0 C Library
m4-1.4.18,1GNU M4
mpc-1.0.3  Library of complex numbers with arbitrarily high 
precision
mpfr-3.1.5_1   Library for multiple-precision 

[Qemu-devel] [PATCH 8/8] sockets: fix parsing of ipv4/ipv6 opts in parse_socket_addr

[Daniel P. Berrange]

The inet_parse() function looks for 'ipv4' and 'ipv6'
flags, but only treats them as bare bool flags. The normal
QemuOpts parsing would allow on/off values to be set too.

This updated inet_parse() so that its handling of the
'ipv4' and 'ipv6' flags matches that done by QemuOpts.

Signed-off-by: Daniel P. Berrange 
---
 tests/test-sockets-proto.c | 13 -
 util/qemu-sockets.c| 36 
 2 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/tests/test-sockets-proto.c b/tests/test-sockets-proto.c
index a92389bef6..5805d2be5f 100644
--- a/tests/test-sockets-proto.c
+++ b/tests/test-sockets-proto.c
@@ -69,7 +69,6 @@ typedef struct {
  */
 static QSocketsData test_data[] = {
 /* Migrate with "" address */
-/* XXX all settings with =off are disabled due to inet_parse() bug */
 { .ipv4 = 1, .ipv6 = 1, .error = false,
   .name = "/sockets/migrate/wildcard/all",
   .args = "-incoming tcp::9000" },
@@ -85,7 +84,6 @@ static QSocketsData test_data[] = {
 { .ipv4 = 0, .ipv6 = 1, .error = false,
   .name = "/sockets/migrate/wildcard/ipv6on",
   .args = "-incoming tcp::9000,ipv6=on" },
-/*
 { .ipv4 = 0, .ipv6 = 1, .error = false,
   .name = "/sockets/migrate/wildcard/ipv4off",
   .args = "-incoming tcp::9000,ipv4=off" },
@@ -98,15 +96,12 @@ static QSocketsData test_data[] = {
 { .ipv4 = 0, .ipv6 = 1, .error = false,
   .name = "/sockets/migrate/wildcard/ipv4offipv6on",
   .args = "-incoming tcp::9000,ipv4=off,ipv6=on" },
-*/
 { .ipv4 = 1, .ipv6 = 1, .error = false,
   .name = "/sockets/migrate/wildcard/ipv4onipv6on",
   .args = "-incoming tcp::9000,ipv4=on,ipv6=on" },
-/*
 { .ipv4 = 0, .ipv6 = 0, .error = true,
   .name = "/sockets/migrate/wildcard/ipv4offipv6off",
   .args = "-incoming tcp::9000,ipv4=off,ipv6=off" },
-*/
 
 /* Migrate with 0.0.0.0 address */
 { .ipv4 = 1, .ipv6 = 0, .error = false,
@@ -124,7 +119,6 @@ static QSocketsData test_data[] = {
 { .ipv4 = 0, .ipv6 = 0, .error = true,
   .name = "/sockets/migrate/0.0.0.0/ipv6on",
   .args = "-incoming tcp:0.0.0.0:9000,ipv6=on" },
-/*
 { .ipv4 = 0, .ipv6 = 0, .error = true,
   .name = "/sockets/migrate/0.0.0.0/ipv4off",
   .args = "-incoming tcp:0.0.0.0:9000,ipv4=off" },
@@ -137,15 +131,12 @@ static QSocketsData test_data[] = {
 { .ipv4 = 0, .ipv6 = 0, .error = true,
   .name = "/sockets/migrate/0.0.0.0/ipv4offipv6on",
   .args = "-incoming tcp:0.0.0.0:9000,ipv4=off,ipv6=on" },
-*/
 { .ipv4 = 1, .ipv6 = 0, .error = false,
   .name = "/sockets/migrate/0.0.0.0/ipv4onipv6on",
   .args = "-incoming tcp:0.0.0.0:9000,ipv4=on,ipv6=on" },
-/*
 { .ipv4 = 0, .ipv6 = 0, .error = true,
   .name = "/sockets/migrate/0.0.0.0/ipv4offipv6off",
   .args = "-incoming tcp:0.0.0.0:9000,ipv4=off,ipv6=off" },
-*/
 
 /* Migrate with :: address */
 { .ipv4 = 1, .ipv6 = 1, .error = false,
@@ -163,7 +154,6 @@ static QSocketsData test_data[] = {
 { .ipv4 = 0, .ipv6 = 1, .error = false,
   .name = "/sockets/migrate/::/ipv6on",
   .args = "-incoming tcp:[::]:9000,ipv6=on" },
-/*
 { .ipv4 = 0, .ipv6 = 1, .error = false,
   .name = "/sockets/migrate/::/ipv4off",
   .args = "-incoming tcp:[::]:9000,ipv4=off" },
@@ -176,15 +166,12 @@ static QSocketsData test_data[] = {
 { .ipv4 = 0, .ipv6 = 1, .error = false,
   .name = "/sockets/migrate/::/ipv4offipv6on",
   .args = "-incoming tcp:[::]:9000,ipv4=off,ipv6=on" },
-*/
 { .ipv4 = 1, .ipv6 = 1, .error = false,
   .name = "/sockets/migrate/::/ipv4onipv6on",
   .args = "-incoming tcp:[::]:9000,ipv4=on,ipv6=on" },
-/*
 { .ipv4 = 0, .ipv6 = 0, .error = true,
   .name = "/sockets/migrate/::/ipv4offipv6off",
   .args = "-incoming tcp:[::]:9000,ipv4=off,ipv6=off" },
-*/
 
 
 
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 1358c81bcc..76202949f5 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -616,6 +616,25 @@ err:
 }
 
 /* compatibility wrapper */
+static int inet_parse_flag(const char *flagname, const char *optstr, bool *val,
+   Error **errp)
+{
+char *end;
+size_t len;
+
+end = strstr(optstr, ",");
+len = end ? end - optstr : strlen(optstr);
+if (len == 0 || (len == 3 && strncmp(optstr, "=on", len) == 0)) {
+*val = true;
+} else if ((len == 4) && strncmp(optstr, "=off", len) == 0) {
+*val = false;
+} else {
+error_setg(errp, "error parsing '%s' flag '%s'", flagname, optstr);
+return -1;
+}
+return 0;
+}
+
 int inet_parse(InetSocketAddress *addr, const char *str, Error **errp)
 {
 const char *optstr, *h;
@@ -623,6 +642,7 @@ int inet_parse(InetSocketAddress *addr, const char *str, 
Error **errp)
 char port[33];
 int to;
 int pos;
+char *begin;
 
 memset(addr, 0, 

[Qemu-devel] [PATCH 4/8] blockdev: convert qemu-nbd server to QIONetListener

[Daniel P. Berrange]

Instead of creating a QIOChannelSocket directly for the NBD
server socket, use a QIONetListener. This provides the ability
to listen on multiple sockets at the same time, so enables
full support for IPv4/IPv6 dual stack.

Signed-off-by: Daniel P. Berrange 
---
 qemu-nbd.c | 50 +-
 1 file changed, 17 insertions(+), 33 deletions(-)

diff --git a/qemu-nbd.c b/qemu-nbd.c
index b8666bb575..dcde7ac75c 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -38,6 +38,7 @@
 #include "qapi/qmp/qstring.h"
 #include "qom/object_interfaces.h"
 #include "io/channel-socket.h"
+#include "io/net-listener.h"
 #include "crypto/init.h"
 #include "trace/control.h"
 #include "qemu-version.h"
@@ -63,8 +64,7 @@ static int persistent = 0;
 static enum { RUNNING, TERMINATE, TERMINATING, TERMINATED } state;
 static int shared = 1;
 static int nb_fds;
-static QIOChannelSocket *server_ioc;
-static int server_watch = -1;
+static QIONetListener *server;
 static QCryptoTLSCreds *tlscreds;
 
 static void usage(const char *name)
@@ -345,44 +345,24 @@ static void nbd_client_closed(NBDClient *client, bool 
negotiated)
 nbd_client_put(client);
 }
 
-static gboolean nbd_accept(QIOChannel *ioc, GIOCondition cond, gpointer opaque)
+static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc, 
gpointer opaque)
 {
-QIOChannelSocket *cioc;
-
-cioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc),
- NULL);
-if (!cioc) {
-return TRUE;
-}
-
 if (state >= TERMINATE) {
-object_unref(OBJECT(cioc));
-return TRUE;
+return;
 }
 
 nb_fds++;
 nbd_update_server_watch();
 nbd_client_new(newproto ? NULL : exp, cioc,
tlscreds, NULL, nbd_client_closed);
-object_unref(OBJECT(cioc));
-
-return TRUE;
 }
 
 static void nbd_update_server_watch(void)
 {
 if (nbd_can_accept()) {
-if (server_watch == -1) {
-server_watch = qio_channel_add_watch(QIO_CHANNEL(server_ioc),
- G_IO_IN,
- nbd_accept,
- NULL, NULL);
-}
+qio_net_listener_set_client_func(server, nbd_accept, NULL, NULL);
 } else {
-if (server_watch != -1) {
-g_source_remove(server_watch);
-server_watch = -1;
-}
+qio_net_listener_set_client_func(server, NULL, NULL, NULL);
 }
 }
 
@@ -917,24 +897,28 @@ int main(int argc, char **argv)
 snprintf(sockpath, 128, SOCKET_PATH, basename(device));
 }
 
+server = qio_net_listener_new();
 if (socket_activation == 0) {
-server_ioc = qio_channel_socket_new();
 saddr = nbd_build_socket_address(sockpath, bindto, port);
-if (qio_channel_socket_listen_sync(server_ioc, saddr, _err) < 0) 
{
-object_unref(OBJECT(server_ioc));
+if (qio_net_listener_open_sync(server, saddr, _err) < 0) {
+object_unref(OBJECT(server));
 error_report_err(local_err);
-return 1;
+exit(EXIT_FAILURE);
 }
 } else {
+QIOChannelSocket *sioc;
 /* See comment in check_socket_activation above. */
 assert(socket_activation == 1);
-server_ioc = qio_channel_socket_new_fd(FIRST_SOCKET_ACTIVATION_FD,
-   _err);
-if (server_ioc == NULL) {
+sioc = qio_channel_socket_new_fd(FIRST_SOCKET_ACTIVATION_FD,
+ _err);
+if (sioc == NULL) {
+object_unref(OBJECT(server));
 error_report("Failed to use socket activation: %s",
  error_get_pretty(local_err));
 exit(EXIT_FAILURE);
 }
+qio_net_listener_add(server, sioc);
+object_unref(OBJECT(sioc));
 }
 
 if (qemu_init_main_loop(_err)) {
-- 
2.13.3

[Qemu-devel] [PATCH 2/8] io: introduce a network socket listener API

[Daniel P. Berrange]

The existing QIOChannelSocket class provides the ability to
listen on a single socket at a time. This patch introduces
a QIONetListener class that provides a higher level API
concept around listening for network services, allowing
for listening on multiple sockets.

Signed-off-by: Daniel P. Berrange 
---
 include/io/net-listener.h | 174 +
 io/Makefile.objs  |   1 +
 io/net-listener.c | 315 ++
 3 files changed, 490 insertions(+)
 create mode 100644 include/io/net-listener.h
 create mode 100644 io/net-listener.c

diff --git a/include/io/net-listener.h b/include/io/net-listener.h
new file mode 100644
index 00..0ac5c9cc72
--- /dev/null
+++ b/include/io/net-listener.h
@@ -0,0 +1,174 @@
+/*
+ * QEMU I/O network listener
+ *
+ * Copyright (c) 2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#ifndef QIO_NET_LISTENER_H
+#define QIO_NET_LISTENER_H
+
+#include "io/channel-socket.h"
+
+#define TYPE_QIO_NET_LISTENER "qio-net-listener"
+#define QIO_NET_LISTENER(obj)\
+OBJECT_CHECK(QIONetListener, (obj), TYPE_QIO_NET_LISTENER)
+#define QIO_NET_LISTENER_CLASS(klass)\
+OBJECT_CLASS_CHECK(QIONetListenerClass, klass, TYPE_QIO_NET_LISTENER)
+#define QIO_NET_LISTENER_GET_CLASS(obj)  \
+OBJECT_GET_CLASS(QIONetListenerClass, obj, TYPE_QIO_NET_LISTENER)
+
+typedef struct QIONetListener QIONetListener;
+typedef struct QIONetListenerClass QIONetListenerClass;
+
+typedef void (*QIONetListenerClientFunc)(QIONetListener *listener,
+ QIOChannelSocket *sioc,
+ gpointer data);
+
+/**
+ * QIONetListener:
+ *
+ * The QIONetListener object encapsulates the management of a
+ * listening socket. It is able to listen on multiple sockets
+ * concurrently, to deal with the scenario where IPv4 / IPv6
+ * needs separate sockets, or there is a need to listen on a
+ * subset of interface IP addresses, instead of the wildcard
+ * address.
+ */
+struct QIONetListener {
+Object parent;
+
+char *name;
+QIOChannelSocket **sioc;
+gulong *io_tag;
+size_t nsioc;
+
+gboolean disconnected;
+
+QIONetListenerClientFunc io_func;
+gpointer io_data;
+GDestroyNotify io_notify;
+};
+
+struct QIONetListenerClass {
+ObjectClass parent;
+};
+
+
+/**
+ * qio_net_listener_new:
+ *
+ * Create a new network listener service, which is not
+ * listening on any sockets initially.
+ *
+ * Returns: the new listener
+ */
+QIONetListener *qio_net_listener_new(void);
+
+
+/**
+ * qio_net_listener_set_name:
+ * @listener: the network listener object
+ * @name: the listener name
+ *
+ * Set the name of the listener. This is used as a debugging
+ * aid, to set names on any GSource instances associated
+ * with the listener
+ */
+void qio_net_listener_set_name(QIONetListener *listener,
+   const char *name);
+
+/**
+ * qio_net_listener_open_sync:
+ * @listener: the network listener object
+ * @addr: the address to listen on
+ * @errp: pointer to a NULL initialized error object
+ *
+ * Synchronously open a listening connection on all
+ * addresses associated with @addr. This method may
+ * also be invoked multiple times, in order to have a
+ * single listener on multiple distinct addresses.
+ */
+int qio_net_listener_open_sync(QIONetListener *listener,
+   SocketAddress *addr,
+   Error **errp);
+
+/**
+ * qio_net_listener_add:
+ * @listener: the network listener object
+ * @sioc: the socket I/O channel
+ *
+ * Associate a listening socket I/O channel with the
+ * listener. The listener will acquire an new reference
+ * on @sioc, so the caller should release its own reference
+ * if it no longer requires the object.
+ */
+void qio_net_listener_add(QIONetListener *listener,
+  QIOChannelSocket *sioc);
+
+/**
+ * qio_net_listener_set_client_func:
+ * @listener: the network listener object
+ * @func: the callback function
+ * @data: opaque data to pass to @func
+ * @notify: callback to free @data
+ *
+ * Register @func to be invoked whenever a new client
+ * connects to the listener. 

[Qemu-devel] [PATCH 1/8] tests: add functional test validating ipv4/ipv6 address flag handling

[Daniel P. Berrange]

The semantics around handling ipv4=on|off & ipv6=on|off are quite
subtle to understand in combination with the various hostname addresses
and backend types. Introduce a massive test matrix that launches QEMU
and validates the ability to connect a client on each protocol as
appropriate.

The test requires that the host has ability to bind to both :: and
0.0.0.0, on port 9000. If either protocol is not available, or if
something is already listening on that port the test will skip.

Although it isn't using the QTest APIs, it expects the
QTEST_QEMU_BINARY env variable to be set.

Reviewed-by: Eric Blake 
Tested-by: Eric Blake 
Signed-off-by: Daniel P. Berrange 
---
 tests/.gitignore   |   1 +
 tests/Makefile.include |   3 +
 tests/test-sockets-proto.c | 924 +
 3 files changed, 928 insertions(+)
 create mode 100644 tests/test-sockets-proto.c

diff --git a/tests/.gitignore b/tests/.gitignore
index fed0189a5a..044183f4a0 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -78,6 +78,7 @@ test-qobject-output-visitor
 test-rcu-list
 test-replication
 test-shift128
+test-sockets-proto
 test-string-input-visitor
 test-string-output-visitor
 test-thread-pool
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 59e536bf0b..8caa5a7ae8 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -340,6 +340,7 @@ check-qtest-s390x-y = tests/boot-serial-test$(EXESUF)
 
 check-qtest-generic-y += tests/qom-test$(EXESUF)
 check-qtest-generic-y += tests/test-hmp$(EXESUF)
+check-qtest-generic-y += tests/test-sockets-proto$(EXESUF)
 
 qapi-schema += alternate-any.json
 qapi-schema += alternate-array.json
@@ -750,6 +751,8 @@ tests/usb-hcd-ehci-test$(EXESUF): tests/usb-hcd-ehci-test.o 
$(libqos-usb-obj-y)
 tests/usb-hcd-xhci-test$(EXESUF): tests/usb-hcd-xhci-test.o $(libqos-usb-obj-y)
 tests/pc-cpu-test$(EXESUF): tests/pc-cpu-test.o
 tests/postcopy-test$(EXESUF): tests/postcopy-test.o
+tests/test-sockets-proto$(EXESUF): tests/test-sockets-proto.o \
+   $(test-io-obj-y)
 tests/vhost-user-test$(EXESUF): tests/vhost-user-test.o $(test-util-obj-y) \
$(qtest-obj-y) $(test-io-obj-y) $(libqos-virtio-obj-y) 
$(libqos-pc-obj-y) \
$(chardev-obj-y)
diff --git a/tests/test-sockets-proto.c b/tests/test-sockets-proto.c
new file mode 100644
index 00..1d6beda59f
--- /dev/null
+++ b/tests/test-sockets-proto.c
@@ -0,0 +1,924 @@
+/*
+ * QTest for IPv4/IPv6 protocol setup
+ *
+ * Copyright (c) 2017 Red Hat, Inc.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+
+#include "io/channel-socket.h"
+#include "qapi/error.h"
+#include "qemu/cutils.h"
+
+typedef struct {
+const char *name;
+const char *args;
+int ipv4; /* 0 -> disabled, 1 -> enabled */
+int ipv6; /* 0 -> disabled, 1 -> enabled, -1 -> check getaddrinfo() order 
*/
+bool error;
+} QSocketsData;
+
+/*
+ * This is the giant matrix of combinations we need to consider.
+ * There are 3 axes we deal with
+ *
+ * Axis 1: Protocol flags:
+ *
+ *  ipv4=unset, ipv6=unset  -> v4 & v6 clients ([1]
+ *  ipv4=unset, ipv6=off-> v4 clients only
+ *  ipv4=unset, ipv6=on -> v6 clients only
+ *  ipv4=off, ipv6=unset-> v6 clients only
+ *  ipv4=off, ipv6=off  -> error - can't disable both [2]
+ *  ipv4=off, ipv6=on   -> v6 clients only
+ *  ipv4=on, ipv6=unset -> v4 clients only
+ *  ipv4=on, ipv6=off   -> v4 clients only
+ *  ipv4=on, ipv6=on-> v4 & v6 clients [3]
+ *
+ * Depending on the listening address, some of those combinations
+ * may result in errors. eg ipv4=off,ipv6=on combined with 0.0.0.0
+ * is nonsensical.
+ *
+ * [1] Some backends only support a single socket listener, so
+ * will actually only allow v4 clients
+ * [2] QEMU should fail to startup in this case
+ * [3] If hostname is "" or "::", then we get a single listener
+ * on IPv6 and thus can also accept v4 clients. For all other
+ * hostnames, have same problem as [1].
+ *
+ * Axis 2: Listening address:
+ *
+ *  ""- resolves to 0.0.0.0 and ::, in that order
+ *  "0.0.0.0" - v4 clients only
+ *  "::"  - Mostly v6 clients only. Some scenarios should
+ *  permit v4 clients too.
+ *
+ * Axis 3: Backend type:
+ *
+ *  Migration - restricted to a single listener. Also relies
+ *  on buggy inet_parse() which can't accept
+ *  =off/=on parameters to ipv4/ipv6 flags
+ *  Chardevs  - restricted to a single listener.
+ *  VNC   - supports multiple listeners. Also supports
+ *  socket ranges, so has extra set of tests
+ *  in the matrix
+ *
+ */
+static QSocketsData test_data[] = {
+/* Migrate with "" address */
+/* XXX all settings with =off are disabled due to inet_parse() bug */
+/* XXX multilistener bug - 

[Qemu-devel] [PATCH 6/8] chardev: convert the socket server to QIONetListener

[Daniel P. Berrange]

Instead of creating a QIOChannelSocket directly for the chardev
server socket, use a QIONetListener. This provides the ability
to listen on multiple sockets at the same time, so enables
full support for IPv4/IPv6 dual stack.

Signed-off-by: Daniel P. Berrange 
---
 chardev/char-socket.c  | 70 ++
 tests/test-sockets-proto.c |  8 ++
 2 files changed, 29 insertions(+), 49 deletions(-)

diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 1ae730a4cb..96ff2a3ff4 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -25,6 +25,7 @@
 #include "chardev/char.h"
 #include "io/channel-socket.h"
 #include "io/channel-tls.h"
+#include "io/net-listener.h"
 #include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "qapi/clone-visitor.h"
@@ -40,8 +41,7 @@ typedef struct {
 Chardev parent;
 QIOChannel *ioc; /* Client I/O channel */
 QIOChannelSocket *sioc; /* Client master channel */
-QIOChannelSocket *listen_ioc;
-guint listen_tag;
+QIONetListener *listener;
 QCryptoTLSCreds *tls_creds;
 int connected;
 int max_size;
@@ -93,9 +93,9 @@ static void check_report_connect_error(Chardev *chr,
 qemu_chr_socket_restart_timer(chr);
 }
 
-static gboolean tcp_chr_accept(QIOChannel *chan,
-   GIOCondition cond,
-   void *opaque);
+static void tcp_chr_accept(QIONetListener *listener,
+   QIOChannelSocket *cioc,
+   void *opaque);
 
 static int tcp_chr_read_poll(void *opaque);
 static void tcp_chr_disconnect(Chardev *chr);
@@ -404,9 +404,8 @@ static void tcp_chr_disconnect(Chardev *chr)
 
 tcp_chr_free_connection(chr);
 
-if (s->listen_ioc) {
-s->listen_tag = qio_channel_add_watch(
-QIO_CHANNEL(s->listen_ioc), G_IO_IN, tcp_chr_accept, chr, NULL);
+if (s->listener) {
+qio_net_listener_set_client_func(s->listener, tcp_chr_accept, chr, 
NULL);
 }
 update_disconnected_filename(s);
 qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
@@ -704,9 +703,8 @@ static int tcp_chr_new_client(Chardev *chr, 
QIOChannelSocket *sioc)
 if (s->do_nodelay) {
 qio_channel_set_delay(s->ioc, false);
 }
-if (s->listen_tag) {
-g_source_remove(s->listen_tag);
-s->listen_tag = 0;
+if (s->listener) {
+qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL);
 }
 
 if (s->tls_creds) {
@@ -738,24 +736,14 @@ static int tcp_chr_add_client(Chardev *chr, int fd)
 return ret;
 }
 
-static gboolean tcp_chr_accept(QIOChannel *channel,
-   GIOCondition cond,
-   void *opaque)
+static void tcp_chr_accept(QIONetListener *listener,
+   QIOChannelSocket *cioc,
+   void *opaque)
 {
 Chardev *chr = CHARDEV(opaque);
-QIOChannelSocket *sioc;
-
-sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(channel),
- NULL);
-if (!sioc) {
-return TRUE;
-}
-
-tcp_chr_new_client(chr, sioc);
 
-object_unref(OBJECT(sioc));
-
-return TRUE;
+tcp_chr_set_client_ioc_name(chr, cioc);
+tcp_chr_new_client(chr, cioc);
 }
 
 static int tcp_chr_wait_connected(Chardev *chr, Error **errp)
@@ -769,9 +757,10 @@ static int tcp_chr_wait_connected(Chardev *chr, Error 
**errp)
 if (s->is_listen) {
 info_report("QEMU waiting for connection on: %s",
 chr->filename);
-qio_channel_set_blocking(QIO_CHANNEL(s->listen_ioc), true, NULL);
-tcp_chr_accept(QIO_CHANNEL(s->listen_ioc), G_IO_IN, chr);
-qio_channel_set_blocking(QIO_CHANNEL(s->listen_ioc), false, NULL);
+sioc = qio_net_listener_wait_client(s->listener);
+tcp_chr_set_client_ioc_name(chr, sioc);
+tcp_chr_new_client(chr, sioc);
+object_unref(OBJECT(sioc));
 } else {
 sioc = qio_channel_socket_new();
 tcp_chr_set_client_ioc_name(chr, sioc);
@@ -799,12 +788,9 @@ static void char_socket_finalize(Object *obj)
 s->reconnect_timer = 0;
 }
 qapi_free_SocketAddress(s->addr);
-if (s->listen_tag) {
-g_source_remove(s->listen_tag);
-s->listen_tag = 0;
-}
-if (s->listen_ioc) {
-object_unref(OBJECT(s->listen_ioc));
+if (s->listener) {
+qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL);
+object_unref(OBJECT(s->listener));
 }
 if (s->tls_creds) {
 object_unref(OBJECT(s->tls_creds));
@@ -937,29 +923,27 @@ static void qmp_chardev_open_socket(Chardev *chr,
 } else {
 if (s->is_listen) {
 char *name;
-sioc = qio_channel_socket_new();
+s->listener = qio_net_listener_new();
 
 name = g_strdup_printf("chardev-tcp-listener-%s", 

[Qemu-devel] [PATCH 0/8] Enable full IPv4/IPv6 dual stack support

[Daniel P. Berrange]

Currently all the network listeners in QEMU, except the VNC server,
are restricted to listening on a single socket. This makes it
impossible to fully support IPv4/IPv6 dual stack. We're restricted
to using IPV6_V6ONLY=0 to listen on both protocols from a single
socket, but this doesn't work at all on OpenBSD, and even where
supported it is quite crude (only really works for localhost and
wildcard addresses).

This patch series introduces a new object QIONetListener, which
encapsulates multiple QIOChannelSocket listeners. This makes it
trivial to support multiple listening sockets in any part of
QEMU.

Daniel P. Berrange (8):
  tests: add functional test validating ipv4/ipv6 address flag handling
  io: introduce a network socket listener API
  blockdev: convert internal NBD server to QIONetListener
  blockdev: convert qemu-nbd server to QIONetListener
  migration: convert socket server to QIONetListener
  chardev: convert the socket server to QIONetListener
  ui: convert VNC server to QIONetListener
  sockets: fix parsing of ipv4/ipv6 opts in parse_socket_addr

 blockdev-nbd.c |  50 +--
 chardev/char-socket.c  |  70 ++--
 include/io/net-listener.h  | 174 +
 io/Makefile.objs   |   1 +
 io/net-listener.c  | 315 
 migration/socket.c |  44 +--
 qemu-nbd.c |  50 +--
 tests/.gitignore   |   1 +
 tests/Makefile.include |   3 +
 tests/test-sockets-proto.c | 906 +
 ui/vnc.c   | 194 +++---
 ui/vnc.h   |   9 +-
 util/qemu-sockets.c|  36 +-
 13 files changed, 1563 insertions(+), 290 deletions(-)
 create mode 100644 include/io/net-listener.h
 create mode 100644 io/net-listener.c
 create mode 100644 tests/test-sockets-proto.c

-- 
2.13.3

[Qemu-devel] [PATCH 5/8] migration: convert socket server to QIONetListener

[Daniel P. Berrange]

Instead of creating a QIOChannelSocket directly for the migration
server socket, use a QIONetListener. This provides the ability
to listen on multiple sockets at the same time, so enables
full support for IPv4/IPv6 dual stack.

Signed-off-by: Daniel P. Berrange 
---
 migration/socket.c | 44 ++--
 tests/test-sockets-proto.c |  3 +--
 2 files changed, 15 insertions(+), 32 deletions(-)

diff --git a/migration/socket.c b/migration/socket.c
index 757d3821a1..34811addc5 100644
--- a/migration/socket.c
+++ b/migration/socket.c
@@ -24,6 +24,7 @@
 #include "migration.h"
 #include "qemu-file.h"
 #include "io/channel-socket.h"
+#include "io/net-listener.h"
 #include "trace.h"
 
 
@@ -130,53 +131,36 @@ void unix_start_outgoing_migration(MigrationState *s,
 }
 
 
-static gboolean socket_accept_incoming_migration(QIOChannel *ioc,
- GIOCondition condition,
- gpointer opaque)
+static void socket_accept_incoming_migration(QIONetListener *listener,
+ QIOChannelSocket *cioc,
+ gpointer opaque)
 {
-QIOChannelSocket *sioc;
-Error *err = NULL;
-
-sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc),
- );
-if (!sioc) {
-error_report("could not accept migration connection (%s)",
- error_get_pretty(err));
-goto out;
-}
-
 trace_migration_socket_incoming_accepted();
 
-qio_channel_set_name(QIO_CHANNEL(sioc), "migration-socket-incoming");
-migration_channel_process_incoming(QIO_CHANNEL(sioc));
-object_unref(OBJECT(sioc));
+qio_channel_set_name(QIO_CHANNEL(cioc), "migration-socket-incoming");
+migration_channel_process_incoming(QIO_CHANNEL(cioc));
 
-out:
 /* Close listening socket as its no longer needed */
-qio_channel_close(ioc, NULL);
-return FALSE; /* unregister */
+qio_net_listener_disconnect(listener);
+
+object_unref(OBJECT(listener));
 }
 
 
 static void socket_start_incoming_migration(SocketAddress *saddr,
 Error **errp)
 {
-QIOChannelSocket *listen_ioc = qio_channel_socket_new();
+QIONetListener *listener = qio_net_listener_new();
 
-qio_channel_set_name(QIO_CHANNEL(listen_ioc),
- "migration-socket-listener");
+qio_net_listener_set_name(listener, "migration-socket-listener");
 
-if (qio_channel_socket_listen_sync(listen_ioc, saddr, errp) < 0) {
-object_unref(OBJECT(listen_ioc));
+if (qio_net_listener_open_sync(listener, saddr, errp) < 0) {
+object_unref(OBJECT(listener));
 qapi_free_SocketAddress(saddr);
 return;
 }
 
-qio_channel_add_watch(QIO_CHANNEL(listen_ioc),
-  G_IO_IN,
-  socket_accept_incoming_migration,
-  listen_ioc,
-  (GDestroyNotify)object_unref);
+qio_net_listener_set_client_func(listener, 
socket_accept_incoming_migration, NULL, NULL);
 qapi_free_SocketAddress(saddr);
 }
 
diff --git a/tests/test-sockets-proto.c b/tests/test-sockets-proto.c
index 1d6beda59f..1495369696 100644
--- a/tests/test-sockets-proto.c
+++ b/tests/test-sockets-proto.c
@@ -70,8 +70,7 @@ typedef struct {
 static QSocketsData test_data[] = {
 /* Migrate with "" address */
 /* XXX all settings with =off are disabled due to inet_parse() bug */
-/* XXX multilistener bug - should be .ipv6 = 1 */
-{ .ipv4 = 1, .ipv6 = -1, .error = false,
+{ .ipv4 = 1, .ipv6 = 1, .error = false,
   .name = "/sockets/migrate/wildcard/all",
   .args = "-incoming tcp::9000" },
 { .ipv4 = 1, .ipv6 = 0, .error = false,
-- 
2.13.3

[Qemu-devel] [PULL] 9pfs fixes for 2.10 20170810

[Greg Kurz]

The following changes since commit b38df311c174c98ef8cce7dec9f46603b083018e:

  Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.10-20170809' 
into staging (2017-08-10 11:12:36 +0100)

are available in the git repository at:

  https://github.com/gkurz/qemu.git tags/for-upstream

for you to fetch changes up to 4751fd5328dfcd4fe2f9055728a72a0e3ae56512:

  9pfs: local: fix fchmodat_nofollow() limitations (2017-08-10 14:36:11 +0200)


Just a single fix for an annoying regression introduced in 2.9 when fixing
CVE-2016-9602.


Greg Kurz (1):
  9pfs: local: fix fchmodat_nofollow() limitations

 hw/9pfs/9p-local.c | 42 +++---
 hw/9pfs/9p-util.h  | 24 +++-
 2 files changed, 50 insertions(+), 16 deletions(-)
-- 
2.7.5

[Qemu-devel] [PATCH 3/8] blockdev: convert internal NBD server to QIONetListener

[Daniel P. Berrange]

Instead of creating a QIOChannelSocket directly for the NBD
server socket, use a QIONetListener. This provides the ability
to listen on multiple sockets at the same time, so enables
full support for IPv4/IPv6 dual stack.

Signed-off-by: Daniel P. Berrange 
---
 blockdev-nbd.c | 50 --
 1 file changed, 16 insertions(+), 34 deletions(-)

diff --git a/blockdev-nbd.c b/blockdev-nbd.c
index 28f551a7b0..9e3c22109c 100644
--- a/blockdev-nbd.c
+++ b/blockdev-nbd.c
@@ -18,10 +18,10 @@
 #include "qmp-commands.h"
 #include "block/nbd.h"
 #include "io/channel-socket.h"
+#include "io/net-listener.h"
 
 typedef struct NBDServerData {
-QIOChannelSocket *listen_ioc;
-int watch;
+QIONetListener *listener;
 QCryptoTLSCreds *tlscreds;
 } NBDServerData;
 
@@ -32,27 +32,13 @@ static void nbd_blockdev_client_closed(NBDClient *client, 
bool ignored)
 nbd_client_put(client);
 }
 
-static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
-   gpointer opaque)
+static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
+   gpointer opaque)
 {
-QIOChannelSocket *cioc;
-
-if (!nbd_server) {
-return FALSE;
-}
-
-cioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc),
- NULL);
-if (!cioc) {
-return TRUE;
-}
-
 qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
 nbd_client_new(NULL, cioc,
nbd_server->tlscreds, NULL,
nbd_blockdev_client_closed);
-object_unref(OBJECT(cioc));
-return TRUE;
 }
 
 
@@ -62,10 +48,8 @@ static void nbd_server_free(NBDServerData *server)
 return;
 }
 
-if (server->watch != -1) {
-g_source_remove(server->watch);
-}
-object_unref(OBJECT(server->listen_ioc));
+qio_net_listener_disconnect(server->listener);
+object_unref(OBJECT(server->listener));
 if (server->tlscreds) {
 object_unref(OBJECT(server->tlscreds));
 }
@@ -112,12 +96,12 @@ void nbd_server_start(SocketAddress *addr, const char 
*tls_creds,
 }
 
 nbd_server = g_new0(NBDServerData, 1);
-nbd_server->watch = -1;
-nbd_server->listen_ioc = qio_channel_socket_new();
-qio_channel_set_name(QIO_CHANNEL(nbd_server->listen_ioc),
- "nbd-listener");
-if (qio_channel_socket_listen_sync(
-nbd_server->listen_ioc, addr, errp) < 0) {
+nbd_server->listener = qio_net_listener_new();
+
+qio_net_listener_set_name(nbd_server->listener,
+  "nbd-listener");
+
+if (qio_net_listener_open_sync(nbd_server->listener, addr, errp) < 0) {
 goto error;
 }
 
@@ -134,12 +118,10 @@ void nbd_server_start(SocketAddress *addr, const char 
*tls_creds,
 }
 }
 
-nbd_server->watch = qio_channel_add_watch(
-QIO_CHANNEL(nbd_server->listen_ioc),
-G_IO_IN,
-nbd_accept,
-NULL,
-NULL);
+qio_net_listener_set_client_func(nbd_server->listener,
+ nbd_accept,
+ NULL,
+ NULL);
 
 return;
 
-- 
2.13.3

[Qemu-devel] [PULL] 9pfs: local: fix fchmodat_nofollow() limitations

[Greg Kurz]

This function has to ensure it doesn't follow a symlink that could be used
to escape the virtfs directory. This could be easily achieved if fchmodat()
on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
it doesn't. There was a tentative to implement a new fchmodat2() syscall
with the correct semantics:

https://patchwork.kernel.org/patch/9596301/

but it didn't gain much momentum. Also it was suggested to look at an O_PATH
based solution in the first place.

The current implementation covers most use-cases, but it notably fails if:
- the target path has access rights equal to  (openat() returns EPERM),
  => once you've done chmod() on a file, you can never chmod() again
- the target path is UNIX domain socket (openat() returns ENXIO)
  => bind() of UNIX domain sockets fails if the file is on 9pfs

The solution is to use O_PATH: openat() now succeeds in both cases, and we
can ensure the path isn't a symlink with fstat(). The associated entry in
"/proc/self/fd" can hence be safely passed to the regular chmod() syscall.

The previous behavior is kept for older systems that don't have O_PATH.

Signed-off-by: Greg Kurz 
Reviewed-by: Eric Blake 
Tested-by: Zhi Yong Wu 
Acked-by: Philippe Mathieu-Daudé 
---
 hw/9pfs/9p-local.c | 42 +++---
 hw/9pfs/9p-util.h  | 24 +++-
 2 files changed, 50 insertions(+), 16 deletions(-)

diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index 6e478f4765ef..efb0b79a74bf 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -333,17 +333,27 @@ update_map_file:
 
 static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode)
 {
+struct stat stbuf;
 int fd, ret;
 
 /* FIXME: this should be handled with fchmodat(AT_SYMLINK_NOFOLLOW).
- * Unfortunately, the linux kernel doesn't implement it yet. As an
- * alternative, let's open the file and use fchmod() instead. This
- * may fail depending on the permissions of the file, but it is the
- * best we can do to avoid TOCTTOU. We first try to open read-only
- * in case name points to a directory. If that fails, we try write-only
- * in case name doesn't point to a directory.
+ * Unfortunately, the linux kernel doesn't implement it yet.
  */
-fd = openat_file(dirfd, name, O_RDONLY, 0);
+
+ /* First, we clear non-racing symlinks out of the way. */
+if (fstatat(dirfd, name, , AT_SYMLINK_NOFOLLOW)) {
+return -1;
+}
+if (S_ISLNK(stbuf.st_mode)) {
+errno = ELOOP;
+return -1;
+}
+
+/* Access modes are ignored when O_PATH is supported. We try O_RDONLY and
+ * O_WRONLY for old-systems that don't support O_PATH.
+ */
+fd = openat_file(dirfd, name, O_RDONLY | O_PATH_9P_UTIL, 0);
+#if O_PATH_9P_UTIL == 0
 if (fd == -1) {
 /* In case the file is writable-only and isn't a directory. */
 if (errno == EACCES) {
@@ -357,6 +367,24 @@ static int fchmodat_nofollow(int dirfd, const char *name, 
mode_t mode)
 return -1;
 }
 ret = fchmod(fd, mode);
+#else
+if (fd == -1) {
+return -1;
+}
+
+/* Now we handle racing symlinks. */
+ret = fstat(fd, );
+if (!ret) {
+if (S_ISLNK(stbuf.st_mode)) {
+errno = ELOOP;
+ret = -1;
+} else {
+char *proc_path = g_strdup_printf("/proc/self/fd/%d", fd);
+ret = chmod(proc_path, mode);
+g_free(proc_path);
+}
+}
+#endif
 close_preserve_errno(fd);
 return ret;
 }
diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
index 91299a24b8af..dc0d2e29aa3b 100644
--- a/hw/9pfs/9p-util.h
+++ b/hw/9pfs/9p-util.h
@@ -13,6 +13,12 @@
 #ifndef QEMU_9P_UTIL_H
 #define QEMU_9P_UTIL_H
 
+#ifdef O_PATH
+#define O_PATH_9P_UTIL O_PATH
+#else
+#define O_PATH_9P_UTIL 0
+#endif
+
 static inline void close_preserve_errno(int fd)
 {
 int serrno = errno;
@@ -22,13 +28,8 @@ static inline void close_preserve_errno(int fd)
 
 static inline int openat_dir(int dirfd, const char *name)
 {
-#ifdef O_PATH
-#define OPENAT_DIR_O_PATH O_PATH
-#else
-#define OPENAT_DIR_O_PATH 0
-#endif
 return openat(dirfd, name,
-  O_DIRECTORY | O_RDONLY | O_NOFOLLOW | OPENAT_DIR_O_PATH);
+  O_DIRECTORY | O_RDONLY | O_NOFOLLOW | O_PATH_9P_UTIL);
 }
 
 static inline int openat_file(int dirfd, const char *name, int flags,
@@ -43,9 +44,14 @@ static inline int openat_file(int dirfd, const char *name, 
int flags,
 }
 
 serrno = errno;
-/* O_NONBLOCK was only needed to open the file. Let's drop it. */
-ret = fcntl(fd, F_SETFL, flags);
-assert(!ret);
+/* O_NONBLOCK was only needed to open the file. Let's drop it. We don't
+ * do that with O_PATH since fcntl(F_SETFL) isn't supported, and openat()
+ * ignored it anyway.
+ */
+if (!(flags & O_PATH_9P_UTIL)) {
+ret = fcntl(fd, 

[Qemu-devel] [PATCH 15/15] display: convert XenInput keyboard to keycodemapdb

[Daniel P. Berrange]

Replace the scancode2linux table with an automatically
generated table. In doing so, the XenFB keyboard
handler is also converted to the modern InputEvent
framework.

Signed-off-by: Daniel P. Berrange 
---
 hw/display/xenfb.c | 131 -
 1 file changed, 28 insertions(+), 103 deletions(-)

diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index df8b78f6f4..fc3f1198e0 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -28,6 +28,7 @@
 
 #include "hw/hw.h"
 #include "ui/console.h"
+#include "ui/input.h"
 #include "hw/xen/xen_backend.h"
 
 #include 
@@ -52,7 +53,7 @@ struct XenInput {
 struct common c;
 int abs_pointer_wanted; /* Whether guest supports absolute pointer */
 int button_state;   /* Last seen pointer button state */
-int extended;
+QemuInputHandlerState *qkbd;
 QEMUPutMouseEntry *qmouse;
 };
 
@@ -120,78 +121,6 @@ static void common_unbind(struct common *c)
 
 /*  */
 
-#if 0
-/*
- * These two tables are not needed any more, but left in here
- * intentionally as documentation, to show how scancode2linux[]
- * was generated.
- *
- * Tables to map from scancode to Linux input layer keycode.
- * Scancodes are hardware-specific.  These maps assumes a
- * standard AT or PS/2 keyboard which is what QEMU feeds us.
- */
-const unsigned char atkbd_set2_keycode[512] = {
-
- 0, 67, 65, 63, 61, 59, 60, 88,  0, 68, 66, 64, 62, 15, 41,117,
- 0, 56, 42, 93, 29, 16,  2,  0,  0,  0, 44, 31, 30, 17,  3,  0,
- 0, 46, 45, 32, 18,  5,  4, 95,  0, 57, 47, 33, 20, 19,  6,183,
- 0, 49, 48, 35, 34, 21,  7,184,  0,  0, 50, 36, 22,  8,  9,185,
- 0, 51, 37, 23, 24, 11, 10,  0,  0, 52, 53, 38, 39, 25, 12,  0,
- 0, 89, 40,  0, 26, 13,  0,  0, 58, 54, 28, 27,  0, 43,  0, 85,
- 0, 86, 91, 90, 92,  0, 14, 94,  0, 79,124, 75, 71,121,  0,  0,
-82, 83, 80, 76, 77, 72,  1, 69, 87, 78, 81, 74, 55, 73, 70, 99,
-
-  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
-217,100,255,  0, 97,165,  0,  0,156,  0,  0,  0,  0,  0,  0,125,
-173,114,  0,113,  0,  0,  0,126,128,  0,  0,140,  0,  0,  0,127,
-159,  0,115,  0,164,  0,  0,116,158,  0,150,166,  0,  0,  0,142,
-157,  0,  0,  0,  0,  0,  0,  0,155,  0, 98,  0,  0,163,  0,  0,
-226,  0,  0,  0,  0,  0,  0,  0,  0,255, 96,  0,  0,  0,143,  0,
-  0,  0,  0,  0,  0,  0,  0,  0,  0,107,  0,105,102,  0,  0,112,
-110,111,108,112,106,103,  0,119,  0,118,109,  0, 99,104,119,  0,
-
-};
-
-const unsigned char atkbd_unxlate_table[128] = {
-
-  0,118, 22, 30, 38, 37, 46, 54, 61, 62, 70, 69, 78, 85,102, 13,
- 21, 29, 36, 45, 44, 53, 60, 67, 68, 77, 84, 91, 90, 20, 28, 27,
- 35, 43, 52, 51, 59, 66, 75, 76, 82, 14, 18, 93, 26, 34, 33, 42,
- 50, 49, 58, 65, 73, 74, 89,124, 17, 41, 88,  5,  6,  4, 12,  3,
- 11,  2, 10,  1,  9,119,126,108,117,125,123,107,115,116,121,105,
-114,122,112,113,127, 96, 97,120,  7, 15, 23, 31, 39, 47, 55, 63,
- 71, 79, 86, 94,  8, 16, 24, 32, 40, 48, 56, 64, 72, 80, 87,111,
- 19, 25, 57, 81, 83, 92, 95, 98, 99,100,101,103,104,106,109,110
-
-};
-#endif
-
-/*
- * for (i = 0; i < 128; i++) {
- * scancode2linux[i] = atkbd_set2_keycode[atkbd_unxlate_table[i]];
- * scancode2linux[i | 0x80] = atkbd_set2_keycode[atkbd_unxlate_table[i] | 
0x80];
- * }
- */
-static const unsigned char scancode2linux[512] = {
-  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15,
- 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
- 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
- 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63,
- 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79,
- 80, 81, 82, 83, 99,  0, 86, 87, 88,117,  0,  0, 95,183,184,185,
-  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
- 93,  0,  0, 89,  0,  0, 85, 91, 90, 92,  0, 94,  0,124,121,  0,
-
-  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
-165,  0,  0,  0,  0,  0,  0,  0,  0,163,  0,  0, 96, 97,  0,  0,
-113,140,164,  0,166,  0,  0,  0,  0,  0,255,  0,  0,  0,114,  0,
-115,  0,150,  0,  0, 98,255, 99,100,  0,  0,  0,  0,  0,  0,  0,
-  0,  0,  0,  0,  0,119,119,102,103,104,  0,105,112,106,118,107,
-108,109,110,111,  0,  0,  0,  0,  0,  0,  0,125,126,127,116,142,
-  0,  0,  0,143,  0,217,156,173,128,159,158,157,155,226,  0,112,
-  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
-};
-
 /* Send an event to the keyboard frontend driver */
 static int xenfb_kbd_event(struct XenInput *xenfb,
   union xenkbd_in_event *event)
@@ -260,37 +189,19 @@ static int xenfb_send_position(struct XenInput *xenfb,
 return xenfb_kbd_event(xenfb, );
 }
 
-/*
- * Send a key event from the client to the guest OS
- * QEMU gives us a raw scancode from an AT / PS/2 

[Qemu-devel] [PATCH 14/15] ui: remove qemu_input_linux_to_qcode method

[Daniel P. Berrange]

The qemu_input_linux_to_qcode method is only used in one place and
no new code should require it, so inline it at the only caller.

Signed-off-by: Daniel P. Berrange 
---
 include/ui/input.h | 1 -
 ui/input-keymap.c  | 8 
 ui/input-linux.c   | 4 ++--
 3 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/include/ui/input.h b/include/ui/input.h
index b3827b6082..92e54c25e2 100644
--- a/include/ui/input.h
+++ b/include/ui/input.h
@@ -43,7 +43,6 @@ void qemu_input_event_send_key_qcode(QemuConsole *src, 
QKeyCode q, bool down);
 void qemu_input_event_send_key_delay(uint32_t delay_ms);
 int qemu_input_key_number_to_qcode(unsigned int nr);
 int qemu_input_qcode_to_scancode(QKeyCode qcode, bool down, int *codes);
-int qemu_input_linux_to_qcode(unsigned int lnx);
 
 InputEvent *qemu_input_event_new_btn(InputButton btn, bool down);
 void qemu_input_queue_btn(QemuConsole *src, InputButton btn, bool down);
diff --git a/ui/input-keymap.c b/ui/input-keymap.c
index 71c6a79e66..bbd818ef97 100644
--- a/ui/input-keymap.c
+++ b/ui/input-keymap.c
@@ -24,14 +24,6 @@
 #include "ui/input-keymap-xorgxquartz2qcode.c"
 #include "ui/input-keymap-xorgxwin2qcode.c"
 
-int qemu_input_linux_to_qcode(unsigned int lnx)
-{
-if (lnx >= qemu_input_map_linux2qcode_len) {
-return 0;
-}
-return qemu_input_map_linux2qcode[lnx];
-}
-
 int qemu_input_key_number_to_qcode(unsigned int nr)
 {
 if (nr >= qemu_input_map_qnum2qcode_len) {
diff --git a/ui/input-linux.c b/ui/input-linux.c
index 9720333b2c..f5eb589b1d 100644
--- a/ui/input-linux.c
+++ b/ui/input-linux.c
@@ -128,8 +128,8 @@ static void input_linux_handle_keyboard(InputLinux *il,
 }
 
 /* send event to guest when grab is active */
-if (il->grab_active) {
-int qcode = qemu_input_linux_to_qcode(event->code);
+if (il->grab_active && event->code < qemu_input_map_linux2qcode_len) {
+int qcode = qemu_input_map_linux2qcode[event->code];
 qemu_input_event_send_key_qcode(NULL, qcode, event->value);
 }
 
-- 
2.13.3

[Qemu-devel] [PATCH 10/15] ui: convert cocoa frontend to keycodemapdb

[Daniel P. Berrange]

Replace the mac_to_qkeycode_map table with automatically
generated table.

Signed-off-by: Daniel P. Berrange 
---
 include/ui/input.h |   3 ++
 ui/Makefile.objs   |   1 +
 ui/cocoa.m | 129 +
 ui/input-keymap.c  |   1 +
 4 files changed, 7 insertions(+), 127 deletions(-)

diff --git a/include/ui/input.h b/include/ui/input.h
index 69522b..595e596ef3 100644
--- a/include/ui/input.h
+++ b/include/ui/input.h
@@ -68,6 +68,9 @@ void qemu_remove_mouse_mode_change_notifier(Notifier *notify);
 extern const guint qemu_input_map_linux2qcode_len;
 extern const guint16 qemu_input_map_linux2qcode[];
 
+extern const guint qemu_input_map_osx2qcode_len;
+extern const guint16 qemu_input_map_osx2qcode[];
+
 extern const guint qemu_input_map_qcode2adb_len;
 extern const guint16 qemu_input_map_qcode2adb[];
 
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index 935a54c109..ce9c4380ae 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -55,6 +55,7 @@ KEYCODEMAP_CSV = ui/keycodemapdb/data/keymaps.csv
 
 KEYCODEMAP_FILES = \
 ui/input-keymap-linux2qcode.c \
+ui/input-keymap-osx2qcode.c \
 ui/input-keymap-qcode2adb.c \
 ui/input-keymap-qcode2atset1.c \
 ui/input-keymap-qcode2atset2.c \
diff --git a/ui/cocoa.m b/ui/cocoa.m
index 93e56d0518..97a0001cc5 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -106,139 +106,14 @@ bool stretch_video;
 NSTextField *pauseLabel;
 NSArray * supportedImageFileTypes;
 
-// Mac to QKeyCode conversion
-const int mac_to_qkeycode_map[] = {
-[kVK_ANSI_A] = Q_KEY_CODE_A,
-[kVK_ANSI_B] = Q_KEY_CODE_B,
-[kVK_ANSI_C] = Q_KEY_CODE_C,
-[kVK_ANSI_D] = Q_KEY_CODE_D,
-[kVK_ANSI_E] = Q_KEY_CODE_E,
-[kVK_ANSI_F] = Q_KEY_CODE_F,
-[kVK_ANSI_G] = Q_KEY_CODE_G,
-[kVK_ANSI_H] = Q_KEY_CODE_H,
-[kVK_ANSI_I] = Q_KEY_CODE_I,
-[kVK_ANSI_J] = Q_KEY_CODE_J,
-[kVK_ANSI_K] = Q_KEY_CODE_K,
-[kVK_ANSI_L] = Q_KEY_CODE_L,
-[kVK_ANSI_M] = Q_KEY_CODE_M,
-[kVK_ANSI_N] = Q_KEY_CODE_N,
-[kVK_ANSI_O] = Q_KEY_CODE_O,
-[kVK_ANSI_P] = Q_KEY_CODE_P,
-[kVK_ANSI_Q] = Q_KEY_CODE_Q,
-[kVK_ANSI_R] = Q_KEY_CODE_R,
-[kVK_ANSI_S] = Q_KEY_CODE_S,
-[kVK_ANSI_T] = Q_KEY_CODE_T,
-[kVK_ANSI_U] = Q_KEY_CODE_U,
-[kVK_ANSI_V] = Q_KEY_CODE_V,
-[kVK_ANSI_W] = Q_KEY_CODE_W,
-[kVK_ANSI_X] = Q_KEY_CODE_X,
-[kVK_ANSI_Y] = Q_KEY_CODE_Y,
-[kVK_ANSI_Z] = Q_KEY_CODE_Z,
-
-[kVK_ANSI_0] = Q_KEY_CODE_0,
-[kVK_ANSI_1] = Q_KEY_CODE_1,
-[kVK_ANSI_2] = Q_KEY_CODE_2,
-[kVK_ANSI_3] = Q_KEY_CODE_3,
-[kVK_ANSI_4] = Q_KEY_CODE_4,
-[kVK_ANSI_5] = Q_KEY_CODE_5,
-[kVK_ANSI_6] = Q_KEY_CODE_6,
-[kVK_ANSI_7] = Q_KEY_CODE_7,
-[kVK_ANSI_8] = Q_KEY_CODE_8,
-[kVK_ANSI_9] = Q_KEY_CODE_9,
-
-[kVK_ANSI_Grave] = Q_KEY_CODE_GRAVE_ACCENT,
-[kVK_ANSI_Minus] = Q_KEY_CODE_MINUS,
-[kVK_ANSI_Equal] = Q_KEY_CODE_EQUAL,
-[kVK_Delete] = Q_KEY_CODE_BACKSPACE,
-[kVK_CapsLock] = Q_KEY_CODE_CAPS_LOCK,
-[kVK_Tab] = Q_KEY_CODE_TAB,
-[kVK_Return] = Q_KEY_CODE_RET,
-[kVK_ANSI_LeftBracket] = Q_KEY_CODE_BRACKET_LEFT,
-[kVK_ANSI_RightBracket] = Q_KEY_CODE_BRACKET_RIGHT,
-[kVK_ANSI_Backslash] = Q_KEY_CODE_BACKSLASH,
-[kVK_ANSI_Semicolon] = Q_KEY_CODE_SEMICOLON,
-[kVK_ANSI_Quote] = Q_KEY_CODE_APOSTROPHE,
-[kVK_ANSI_Comma] = Q_KEY_CODE_COMMA,
-[kVK_ANSI_Period] = Q_KEY_CODE_DOT,
-[kVK_ANSI_Slash] = Q_KEY_CODE_SLASH,
-[kVK_Shift] = Q_KEY_CODE_SHIFT,
-[kVK_RightShift] = Q_KEY_CODE_SHIFT_R,
-[kVK_Control] = Q_KEY_CODE_CTRL,
-[kVK_RightControl] = Q_KEY_CODE_CTRL_R,
-[kVK_Option] = Q_KEY_CODE_ALT,
-[kVK_RightOption] = Q_KEY_CODE_ALT_R,
-[kVK_Command] = Q_KEY_CODE_META_L,
-[0x36] = Q_KEY_CODE_META_R, /* There is no kVK_RightCommand */
-[kVK_Space] = Q_KEY_CODE_SPC,
-
-[kVK_ANSI_Keypad0] = Q_KEY_CODE_KP_0,
-[kVK_ANSI_Keypad1] = Q_KEY_CODE_KP_1,
-[kVK_ANSI_Keypad2] = Q_KEY_CODE_KP_2,
-[kVK_ANSI_Keypad3] = Q_KEY_CODE_KP_3,
-[kVK_ANSI_Keypad4] = Q_KEY_CODE_KP_4,
-[kVK_ANSI_Keypad5] = Q_KEY_CODE_KP_5,
-[kVK_ANSI_Keypad6] = Q_KEY_CODE_KP_6,
-[kVK_ANSI_Keypad7] = Q_KEY_CODE_KP_7,
-[kVK_ANSI_Keypad8] = Q_KEY_CODE_KP_8,
-[kVK_ANSI_Keypad9] = Q_KEY_CODE_KP_9,
-[kVK_ANSI_KeypadDecimal] = Q_KEY_CODE_KP_DECIMAL,
-[kVK_ANSI_KeypadEnter] = Q_KEY_CODE_KP_ENTER,
-[kVK_ANSI_KeypadPlus] = Q_KEY_CODE_KP_ADD,
-[kVK_ANSI_KeypadMinus] = Q_KEY_CODE_KP_SUBTRACT,
-[kVK_ANSI_KeypadMultiply] = Q_KEY_CODE_KP_MULTIPLY,
-[kVK_ANSI_KeypadDivide] = Q_KEY_CODE_KP_DIVIDE,
-[kVK_ANSI_KeypadEquals] = Q_KEY_CODE_KP_EQUALS,
-[kVK_ANSI_KeypadClear] = Q_KEY_CODE_NUM_LOCK,
-
-[kVK_UpArrow] = Q_KEY_CODE_UP,
-[kVK_DownArrow] = Q_KEY_CODE_DOWN,
-[kVK_LeftArrow] = Q_KEY_CODE_LEFT,
-[kVK_RightArrow] = Q_KEY_CODE_RIGHT,
-
-[kVK_Help] = Q_KEY_CODE_INSERT,
-[kVK_Home] = 

[Qemu-devel] [PATCH 12/15] ui: convert GTK and SDL1 frontends to keycodemapdb

[Daniel P. Berrange]

The x_keycode_to_pc_keycode and evdev_keycode_to_pc_keycode
tables are replaced with automatically generated tables.
In addition the X11 heuristics are improved to detect running
on XQuartz and XWin X11 servers, to activate the correct OS-X
and Win32 keycode maps.

Signed-off-by: Daniel P. Berrange 
---
 include/ui/input.h |  21 +
 ui/Makefile.objs   |  12 ++-
 ui/gtk.c   | 205 ++--
 ui/input-keymap.c  |   7 ++
 ui/sdl.c   | 103 +++---
 ui/trace-events|   9 +-
 ui/x_keymap.c  | 247 -
 ui/x_keymap.h  |   8 +-
 8 files changed, 294 insertions(+), 318 deletions(-)

diff --git a/include/ui/input.h b/include/ui/input.h
index 11bf94aacf..7ac1d62747 100644
--- a/include/ui/input.h
+++ b/include/ui/input.h
@@ -65,6 +65,9 @@ void qemu_input_check_mode_change(void);
 void qemu_add_mouse_mode_change_notifier(Notifier *notify);
 void qemu_remove_mouse_mode_change_notifier(Notifier *notify);
 
+extern const guint qemu_input_map_atset12qcode_len;
+extern const guint16 qemu_input_map_atset12qcode[];
+
 extern const guint qemu_input_map_linux2qcode_len;
 extern const guint16 qemu_input_map_linux2qcode[];
 
@@ -98,4 +101,22 @@ extern const guint16 qemu_input_map_qnum2qcode[];
 extern const guint qemu_input_map_usb2qcode_len;
 extern const guint16 qemu_input_map_usb2qcode[];
 
+extern const guint qemu_input_map_win322qcode_len;
+extern const guint16 qemu_input_map_win322qcode[];
+
+extern const guint qemu_input_map_x112qcode_len;
+extern const guint16 qemu_input_map_x112qcode[];
+
+extern const guint qemu_input_map_xorgevdev2qcode_len;
+extern const guint16 qemu_input_map_xorgevdev2qcode[];
+
+extern const guint qemu_input_map_xorgkbd2qcode_len;
+extern const guint16 qemu_input_map_xorgkbd2qcode[];
+
+extern const guint qemu_input_map_xorgxquartz2qcode_len;
+extern const guint16 qemu_input_map_xorgxquartz2qcode[];
+
+extern const guint qemu_input_map_xorgxwin2qcode_len;
+extern const guint16 qemu_input_map_xorgxwin2qcode[];
+
 #endif /* INPUT_H */
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index cd2bf1e790..f240c4aa87 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -11,11 +11,12 @@ common-obj-y += keymaps.o console.o cursor.o qemu-pixman.o
 common-obj-y += input.o input-keymap.o input-legacy.o
 common-obj-$(CONFIG_LINUX) += input-linux.o
 common-obj-$(CONFIG_SPICE) += spice-core.o spice-input.o spice-display.o
-common-obj-$(CONFIG_SDL) += sdl.mo x_keymap.o
+common-obj-$(CONFIG_SDL) += sdl.mo
 common-obj-$(CONFIG_COCOA) += cocoa.o
 common-obj-$(CONFIG_CURSES) += curses.o
 common-obj-$(CONFIG_VNC) += $(vnc-obj-y)
-common-obj-$(CONFIG_GTK) += gtk.o x_keymap.o
+common-obj-$(CONFIG_GTK) += gtk.o
+common-obj-$(if $(CONFIG_WIN32),n,$(if $(CONFIG_SDL),y,$(CONFIG_GTK))) += 
x_keymap.o
 
 ifeq ($(CONFIG_SDLABI),1.2)
 sdl.mo-objs := sdl.o sdl_zoom.o
@@ -54,6 +55,7 @@ KEYCODEMAP_GEN = ui/keycodemapdb/tools/keymap-gen
 KEYCODEMAP_CSV = ui/keycodemapdb/data/keymaps.csv
 
 KEYCODEMAP_FILES = \
+ui/input-keymap-atset12qcode.c \
 ui/input-keymap-linux2qcode.c \
 ui/input-keymap-osx2qcode.c \
 ui/input-keymap-qcode2adb.c \
@@ -65,6 +67,12 @@ KEYCODEMAP_FILES = \
 ui/input-keymap-qcode2sun.c \
 ui/input-keymap-qnum2qcode.c \
 ui/input-keymap-usb2qcode.c \
+ui/input-keymap-win322qcode.c \
+ui/input-keymap-x112qcode.c \
+ui/input-keymap-xorgevdev2qcode.c \
+ui/input-keymap-xorgkbd2qcode.c \
+ui/input-keymap-xorgxquartz2qcode.c \
+ui/input-keymap-xorgxwin2qcode.c \
 $(NULL)
 
 GENERATED_FILES += $(KEYCODEMAP_FILES)
diff --git a/ui/gtk.c b/ui/gtk.c
index 5bd87c265a..52519e9aeb 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -52,7 +52,6 @@
 #include "ui/input.h"
 #include "sysemu/sysemu.h"
 #include "qmp-commands.h"
-#include "x_keymap.h"
 #include "keymaps.h"
 #include "chardev/char.h"
 #include "qom/object.h"
@@ -65,6 +64,48 @@
 #define VC_SCALE_MIN0.25
 #define VC_SCALE_STEP   0.25
 
+#ifdef GDK_WINDOWING_X11
+#include "ui/x_keymap.h"
+
+/* Gtk2 compat */
+#ifndef GDK_IS_X11_DISPLAY
+#define GDK_IS_X11_DISPLAY(dpy) (dpy != NULL)
+#endif
+#endif
+
+
+#ifdef GDK_WINDOWING_WAYLAND
+/* Gtk2 compat */
+#ifndef GDK_IS_WAYLAND_DISPLAY
+#define GDK_IS_WAYLAND_DISPLAY(dpy) (dpy != NULL)
+#endif
+#endif
+
+
+#ifdef GDK_WINDOWING_WIN32
+/* Gtk2 compat */
+#ifndef GDK_IS_WIN32_DISPLAY
+#define GDK_IS_WIN32_DISPLAY(dpy) (dpy != NULL)
+#endif
+#endif
+
+
+#ifdef GDK_WINDOWING_BROADWAY
+/* Gtk2 compat */
+#ifndef GDK_IS_BROADWAY_DISPLAY
+#define GDK_IS_BROADWAY_DISPLAY(dpy) (dpy != NULL)
+#endif
+#endif
+
+
+#ifdef GDK_WINDOWING_QUARTZ
+/* Gtk2 compat */
+#ifndef GDK_IS_QUARTZ_DISPLAY
+#define GDK_IS_QUARTZ_DISPLAY(dpy) (dpy != NULL)
+#endif
+#endif
+
+
 #if 

[Qemu-devel] [PATCH 08/15] input: convert the adb device to keycodemapdb

[Daniel P. Berrange]

Replace the qcode_to_adb_keycode table with automatically
generated tables.

Missing entries in qcode_to_adb_keycode now fixed:

 - Q_KEY_CODE_KP_COMMA -> 0x47

Signed-off-by: Daniel P. Berrange 
---
 hw/input/adb.c  | 124 +-
 include/hw/input/adb-keys.h | 141 
 include/ui/input.h  |   3 +
 ui/Makefile.objs|   1 +
 ui/input-keymap.c   |   1 +
 5 files changed, 7 insertions(+), 263 deletions(-)
 delete mode 100644 include/hw/input/adb-keys.h

diff --git a/hw/input/adb.c b/hw/input/adb.c
index 992f5bd1c4..1a3216c31b 100644
--- a/hw/input/adb.c
+++ b/hw/input/adb.c
@@ -25,7 +25,6 @@
 #include "hw/hw.h"
 #include "hw/input/adb.h"
 #include "ui/console.h"
-#include "include/hw/input/adb-keys.h"
 #include "ui/input.h"
 #include "sysemu/sysemu.h"
 
@@ -193,125 +192,6 @@ typedef struct ADBKeyboardClass {
 DeviceRealize parent_realize;
 } ADBKeyboardClass;
 
-int qcode_to_adb_keycode[] = {
- /* Make sure future additions are automatically set to NO_KEY */
-[0 ... 0xff]   = NO_KEY,
-
-[Q_KEY_CODE_SHIFT] = ADB_KEY_LEFT_SHIFT,
-[Q_KEY_CODE_SHIFT_R]   = ADB_KEY_RIGHT_SHIFT,
-[Q_KEY_CODE_ALT]   = ADB_KEY_LEFT_OPTION,
-[Q_KEY_CODE_ALT_R] = ADB_KEY_RIGHT_OPTION,
-[Q_KEY_CODE_CTRL]  = ADB_KEY_LEFT_CONTROL,
-[Q_KEY_CODE_CTRL_R]= ADB_KEY_RIGHT_CONTROL,
-[Q_KEY_CODE_META_L]= ADB_KEY_COMMAND,
-[Q_KEY_CODE_META_R]= ADB_KEY_COMMAND,
-[Q_KEY_CODE_SPC]   = ADB_KEY_SPACEBAR,
-
-[Q_KEY_CODE_ESC]   = ADB_KEY_ESC,
-[Q_KEY_CODE_1] = ADB_KEY_1,
-[Q_KEY_CODE_2] = ADB_KEY_2,
-[Q_KEY_CODE_3] = ADB_KEY_3,
-[Q_KEY_CODE_4] = ADB_KEY_4,
-[Q_KEY_CODE_5] = ADB_KEY_5,
-[Q_KEY_CODE_6] = ADB_KEY_6,
-[Q_KEY_CODE_7] = ADB_KEY_7,
-[Q_KEY_CODE_8] = ADB_KEY_8,
-[Q_KEY_CODE_9] = ADB_KEY_9,
-[Q_KEY_CODE_0] = ADB_KEY_0,
-[Q_KEY_CODE_MINUS] = ADB_KEY_MINUS,
-[Q_KEY_CODE_EQUAL] = ADB_KEY_EQUAL,
-[Q_KEY_CODE_BACKSPACE] = ADB_KEY_DELETE,
-[Q_KEY_CODE_TAB]   = ADB_KEY_TAB,
-[Q_KEY_CODE_Q] = ADB_KEY_Q,
-[Q_KEY_CODE_W] = ADB_KEY_W,
-[Q_KEY_CODE_E] = ADB_KEY_E,
-[Q_KEY_CODE_R] = ADB_KEY_R,
-[Q_KEY_CODE_T] = ADB_KEY_T,
-[Q_KEY_CODE_Y] = ADB_KEY_Y,
-[Q_KEY_CODE_U] = ADB_KEY_U,
-[Q_KEY_CODE_I] = ADB_KEY_I,
-[Q_KEY_CODE_O] = ADB_KEY_O,
-[Q_KEY_CODE_P] = ADB_KEY_P,
-[Q_KEY_CODE_BRACKET_LEFT]  = ADB_KEY_LEFT_BRACKET,
-[Q_KEY_CODE_BRACKET_RIGHT] = ADB_KEY_RIGHT_BRACKET,
-[Q_KEY_CODE_RET]   = ADB_KEY_RETURN,
-[Q_KEY_CODE_A] = ADB_KEY_A,
-[Q_KEY_CODE_S] = ADB_KEY_S,
-[Q_KEY_CODE_D] = ADB_KEY_D,
-[Q_KEY_CODE_F] = ADB_KEY_F,
-[Q_KEY_CODE_G] = ADB_KEY_G,
-[Q_KEY_CODE_H] = ADB_KEY_H,
-[Q_KEY_CODE_J] = ADB_KEY_J,
-[Q_KEY_CODE_K] = ADB_KEY_K,
-[Q_KEY_CODE_L] = ADB_KEY_L,
-[Q_KEY_CODE_SEMICOLON] = ADB_KEY_SEMICOLON,
-[Q_KEY_CODE_APOSTROPHE]= ADB_KEY_APOSTROPHE,
-[Q_KEY_CODE_GRAVE_ACCENT]  = ADB_KEY_GRAVE_ACCENT,
-[Q_KEY_CODE_BACKSLASH] = ADB_KEY_BACKSLASH,
-[Q_KEY_CODE_Z] = ADB_KEY_Z,
-[Q_KEY_CODE_X] = ADB_KEY_X,
-[Q_KEY_CODE_C] = ADB_KEY_C,
-[Q_KEY_CODE_V] = ADB_KEY_V,
-[Q_KEY_CODE_B] = ADB_KEY_B,
-[Q_KEY_CODE_N] = ADB_KEY_N,
-[Q_KEY_CODE_M] = ADB_KEY_M,
-[Q_KEY_CODE_COMMA] = ADB_KEY_COMMA,
-[Q_KEY_CODE_DOT]   = ADB_KEY_PERIOD,
-[Q_KEY_CODE_SLASH] = ADB_KEY_FORWARD_SLASH,
-[Q_KEY_CODE_ASTERISK]  = ADB_KEY_KP_MULTIPLY,
-[Q_KEY_CODE_CAPS_LOCK] = ADB_KEY_CAPS_LOCK,
-
-[Q_KEY_CODE_F1]= ADB_KEY_F1,
-[Q_KEY_CODE_F2]= ADB_KEY_F2,
-[Q_KEY_CODE_F3]= ADB_KEY_F3,
-[Q_KEY_CODE_F4]= ADB_KEY_F4,
-[Q_KEY_CODE_F5]= ADB_KEY_F5,
-[Q_KEY_CODE_F6]= ADB_KEY_F6,
-[Q_KEY_CODE_F7]= ADB_KEY_F7,
-[Q_KEY_CODE_F8]= ADB_KEY_F8,
-[Q_KEY_CODE_F9]= ADB_KEY_F9,
-[Q_KEY_CODE_F10]   = ADB_KEY_F10,
-[Q_KEY_CODE_F11]   = ADB_KEY_F11,
-[Q_KEY_CODE_F12]   = ADB_KEY_F12,
-[Q_KEY_CODE_PRINT] = ADB_KEY_F13,
-[Q_KEY_CODE_SYSRQ] = ADB_KEY_F13,
-[Q_KEY_CODE_SCROLL_LOCK]   = ADB_KEY_F14,
-[Q_KEY_CODE_PAUSE] = ADB_KEY_F15,
-
-[Q_KEY_CODE_NUM_LOCK]  = ADB_KEY_KP_CLEAR,
-[Q_KEY_CODE_KP_EQUALS] = ADB_KEY_KP_EQUAL,

[Qemu-devel] [PATCH 06/15] input: convert virtio-input-hid device to keycodemapdb

[Daniel P. Berrange]

Replace the keymap_qcode table with automatically generated
tables.

Missing entries in keymap_qcode now fixed:

  Q_KEY_CODE_ASTERISK -> KEY_KPASTERISK
  Q_KEY_CODE_KP_MULTIPLY -> KEY_KPASTERISK
  Q_KEY_CODE_STOP -> KEY_STOP
  Q_KEY_CODE_AGAIN -> KEY_AGAIN
  Q_KEY_CODE_PROPS -> KEY_PROPS
  Q_KEY_CODE_UNDO -> KEY_UNDO
  Q_KEY_CODE_FRONT -> KEY_FRONT
  Q_KEY_CODE_COPY -> KEY_COPY
  Q_KEY_CODE_OPEN -> KEY_OPEN
  Q_KEY_CODE_PASTE -> KEY_PASTE
  Q_KEY_CODE_FIND -> KEY_FIND
  Q_KEY_CODE_CUT -> KEY_CUT
  Q_KEY_CODE_LF -> KEY_LINEFEED
  Q_KEY_CODE_HELP -> KEY_HELP
  Q_KEY_CODE_COMPOSE -> KEY_COMPOSE
  Q_KEY_CODE_RO -> KEY_RO
  Q_KEY_CODE_HIRAGANA -> KEY_HIRAGANA
  Q_KEY_CODE_HENKAN -> KEY_HENKAN
  Q_KEY_CODE_YEN -> KEY_YEN
  Q_KEY_CODE_KP_COMMA -> KEY_KPCOMMA
  Q_KEY_CODE_KP_EQUALS -> KEY_KPEQUAL
  Q_KEY_CODE_POWER -> KEY_POWER
  Q_KEY_CODE_SLEEP -> KEY_SLEEP
  Q_KEY_CODE_WAKE -> KEY_WAKEUP
  Q_KEY_CODE_AUDIONEXT -> KEY_NEXTSONG
  Q_KEY_CODE_AUDIOPREV -> KEY_PREVIOUSSONG
  Q_KEY_CODE_AUDIOSTOP -> KEY_STOPCD
  Q_KEY_CODE_AUDIOPLAY -> KEY_PLAYPAUSE
  Q_KEY_CODE_AUDIOMUTE -> KEY_MUTE
  Q_KEY_CODE_VOLUMEUP -> KEY_VOLUMEUP
  Q_KEY_CODE_VOLUMEDOWN -> KEY_VOLUMEDOWN
  Q_KEY_CODE_MEDIASELECT -> KEY_MEDIA
  Q_KEY_CODE_MAIL -> KEY_MAIL
  Q_KEY_CODE_CALCULATOR -> KEY_CALC
  Q_KEY_CODE_COMPUTER -> KEY_COMPUTER
  Q_KEY_CODE_AC_HOME -> KEY_HOMEPAGE
  Q_KEY_CODE_AC_BACK -> KEY_BACK
  Q_KEY_CODE_AC_FORWARD -> KEY_FORWARD
  Q_KEY_CODE_AC_REFRESH -> KEY_REFRESH
  Q_KEY_CODE_AC_BOOKMARKS -> KEY_BOOKMARKS

Signed-off-by: Daniel P. Berrange 
---
 hw/input/virtio-input-hid.c | 136 +++-
 include/ui/input.h  |   3 +
 ui/Makefile.objs|   1 +
 ui/input-keymap.c   |   1 +
 4 files changed, 14 insertions(+), 127 deletions(-)

diff --git a/hw/input/virtio-input-hid.c b/hw/input/virtio-input-hid.c
index 7a04e21b33..47efc6f35b 100644
--- a/hw/input/virtio-input-hid.c
+++ b/hw/input/virtio-input-hid.c
@@ -22,126 +22,7 @@
 
 /* - */
 
-static const unsigned int keymap_qcode[Q_KEY_CODE__MAX] = {
-[Q_KEY_CODE_ESC] = KEY_ESC,
-[Q_KEY_CODE_1]   = KEY_1,
-[Q_KEY_CODE_2]   = KEY_2,
-[Q_KEY_CODE_3]   = KEY_3,
-[Q_KEY_CODE_4]   = KEY_4,
-[Q_KEY_CODE_5]   = KEY_5,
-[Q_KEY_CODE_6]   = KEY_6,
-[Q_KEY_CODE_7]   = KEY_7,
-[Q_KEY_CODE_8]   = KEY_8,
-[Q_KEY_CODE_9]   = KEY_9,
-[Q_KEY_CODE_0]   = KEY_0,
-[Q_KEY_CODE_MINUS]   = KEY_MINUS,
-[Q_KEY_CODE_EQUAL]   = KEY_EQUAL,
-[Q_KEY_CODE_BACKSPACE]   = KEY_BACKSPACE,
-
-[Q_KEY_CODE_TAB] = KEY_TAB,
-[Q_KEY_CODE_Q]   = KEY_Q,
-[Q_KEY_CODE_W]   = KEY_W,
-[Q_KEY_CODE_E]   = KEY_E,
-[Q_KEY_CODE_R]   = KEY_R,
-[Q_KEY_CODE_T]   = KEY_T,
-[Q_KEY_CODE_Y]   = KEY_Y,
-[Q_KEY_CODE_U]   = KEY_U,
-[Q_KEY_CODE_I]   = KEY_I,
-[Q_KEY_CODE_O]   = KEY_O,
-[Q_KEY_CODE_P]   = KEY_P,
-[Q_KEY_CODE_BRACKET_LEFT]= KEY_LEFTBRACE,
-[Q_KEY_CODE_BRACKET_RIGHT]   = KEY_RIGHTBRACE,
-[Q_KEY_CODE_RET] = KEY_ENTER,
-
-[Q_KEY_CODE_CTRL]= KEY_LEFTCTRL,
-[Q_KEY_CODE_A]   = KEY_A,
-[Q_KEY_CODE_S]   = KEY_S,
-[Q_KEY_CODE_D]   = KEY_D,
-[Q_KEY_CODE_F]   = KEY_F,
-[Q_KEY_CODE_G]   = KEY_G,
-[Q_KEY_CODE_H]   = KEY_H,
-[Q_KEY_CODE_J]   = KEY_J,
-[Q_KEY_CODE_K]   = KEY_K,
-[Q_KEY_CODE_L]   = KEY_L,
-[Q_KEY_CODE_SEMICOLON]   = KEY_SEMICOLON,
-[Q_KEY_CODE_APOSTROPHE]  = KEY_APOSTROPHE,
-[Q_KEY_CODE_GRAVE_ACCENT]= KEY_GRAVE,
-
-[Q_KEY_CODE_SHIFT]   = KEY_LEFTSHIFT,
-[Q_KEY_CODE_BACKSLASH]   = KEY_BACKSLASH,
-[Q_KEY_CODE_LESS]= KEY_102ND,
-[Q_KEY_CODE_Z]   = KEY_Z,
-[Q_KEY_CODE_X]   = KEY_X,
-[Q_KEY_CODE_C]   = KEY_C,
-[Q_KEY_CODE_V]   = KEY_V,
-[Q_KEY_CODE_B]   = KEY_B,
-[Q_KEY_CODE_N]   = KEY_N,
-[Q_KEY_CODE_M]   = KEY_M,
-[Q_KEY_CODE_COMMA]   = KEY_COMMA,
-[Q_KEY_CODE_DOT] = KEY_DOT,
-[Q_KEY_CODE_SLASH]   = KEY_SLASH,
-[Q_KEY_CODE_SHIFT_R] = KEY_RIGHTSHIFT,
-
-[Q_KEY_CODE_ALT] = KEY_LEFTALT,
-[Q_KEY_CODE_SPC] = KEY_SPACE,
-[Q_KEY_CODE_CAPS_LOCK]   = 

[Qemu-devel] [PATCH 09/15] char: convert the escc device to keycodemapdb

[Daniel P. Berrange]

Replace the qcode_to_keycode table with automatically
generated tables.

Missing entries in qcode_to_keycode now fixed:

 - Q_KEY_CODE_KP_COMMA -> 0x2d

Signed-off-by: Daniel P. Berrange 
---
 hw/char/escc.c | 126 +++--
 include/ui/input.h |   3 ++
 ui/Makefile.objs   |   1 +
 ui/input-keymap.c  |   1 +
 4 files changed, 10 insertions(+), 121 deletions(-)

diff --git a/hw/char/escc.c b/hw/char/escc.c
index 5af7f0cddf..3cacdb5102 100644
--- a/hw/char/escc.c
+++ b/hw/char/escc.c
@@ -717,126 +717,6 @@ MemoryRegion *escc_init(hwaddr base, qemu_irq irqA, 
qemu_irq irqB,
 return >mmio;
 }
 
-static const uint8_t qcode_to_keycode[Q_KEY_CODE__MAX] = {
-[Q_KEY_CODE_SHIFT] = 99,
-[Q_KEY_CODE_SHIFT_R]   = 110,
-[Q_KEY_CODE_ALT]   = 19,
-[Q_KEY_CODE_ALT_R] = 13,
-[Q_KEY_CODE_CTRL]  = 76,
-[Q_KEY_CODE_CTRL_R]= 76,
-[Q_KEY_CODE_ESC]   = 29,
-[Q_KEY_CODE_1] = 30,
-[Q_KEY_CODE_2] = 31,
-[Q_KEY_CODE_3] = 32,
-[Q_KEY_CODE_4] = 33,
-[Q_KEY_CODE_5] = 34,
-[Q_KEY_CODE_6] = 35,
-[Q_KEY_CODE_7] = 36,
-[Q_KEY_CODE_8] = 37,
-[Q_KEY_CODE_9] = 38,
-[Q_KEY_CODE_0] = 39,
-[Q_KEY_CODE_MINUS] = 40,
-[Q_KEY_CODE_EQUAL] = 41,
-[Q_KEY_CODE_BACKSPACE] = 43,
-[Q_KEY_CODE_TAB]   = 53,
-[Q_KEY_CODE_Q] = 54,
-[Q_KEY_CODE_W] = 55,
-[Q_KEY_CODE_E] = 56,
-[Q_KEY_CODE_R] = 57,
-[Q_KEY_CODE_T] = 58,
-[Q_KEY_CODE_Y] = 59,
-[Q_KEY_CODE_U] = 60,
-[Q_KEY_CODE_I] = 61,
-[Q_KEY_CODE_O] = 62,
-[Q_KEY_CODE_P] = 63,
-[Q_KEY_CODE_BRACKET_LEFT]  = 64,
-[Q_KEY_CODE_BRACKET_RIGHT] = 65,
-[Q_KEY_CODE_RET]   = 89,
-[Q_KEY_CODE_A] = 77,
-[Q_KEY_CODE_S] = 78,
-[Q_KEY_CODE_D] = 79,
-[Q_KEY_CODE_F] = 80,
-[Q_KEY_CODE_G] = 81,
-[Q_KEY_CODE_H] = 82,
-[Q_KEY_CODE_J] = 83,
-[Q_KEY_CODE_K] = 84,
-[Q_KEY_CODE_L] = 85,
-[Q_KEY_CODE_SEMICOLON] = 86,
-[Q_KEY_CODE_APOSTROPHE]= 87,
-[Q_KEY_CODE_GRAVE_ACCENT]  = 42,
-[Q_KEY_CODE_BACKSLASH] = 88,
-[Q_KEY_CODE_Z] = 100,
-[Q_KEY_CODE_X] = 101,
-[Q_KEY_CODE_C] = 102,
-[Q_KEY_CODE_V] = 103,
-[Q_KEY_CODE_B] = 104,
-[Q_KEY_CODE_N] = 105,
-[Q_KEY_CODE_M] = 106,
-[Q_KEY_CODE_COMMA] = 107,
-[Q_KEY_CODE_DOT]   = 108,
-[Q_KEY_CODE_SLASH] = 109,
-[Q_KEY_CODE_ASTERISK]  = 47,
-[Q_KEY_CODE_SPC]   = 121,
-[Q_KEY_CODE_CAPS_LOCK] = 119,
-[Q_KEY_CODE_F1]= 5,
-[Q_KEY_CODE_F2]= 6,
-[Q_KEY_CODE_F3]= 8,
-[Q_KEY_CODE_F4]= 10,
-[Q_KEY_CODE_F5]= 12,
-[Q_KEY_CODE_F6]= 14,
-[Q_KEY_CODE_F7]= 16,
-[Q_KEY_CODE_F8]= 17,
-[Q_KEY_CODE_F9]= 18,
-[Q_KEY_CODE_F10]   = 7,
-[Q_KEY_CODE_NUM_LOCK]  = 98,
-[Q_KEY_CODE_SCROLL_LOCK]   = 23,
-[Q_KEY_CODE_KP_DIVIDE] = 46,
-[Q_KEY_CODE_KP_MULTIPLY]   = 47,
-[Q_KEY_CODE_KP_SUBTRACT]   = 71,
-[Q_KEY_CODE_KP_ADD]= 125,
-[Q_KEY_CODE_KP_ENTER]  = 90,
-[Q_KEY_CODE_KP_DECIMAL]= 50,
-[Q_KEY_CODE_KP_0]  = 94,
-[Q_KEY_CODE_KP_1]  = 112,
-[Q_KEY_CODE_KP_2]  = 113,
-[Q_KEY_CODE_KP_3]  = 114,
-[Q_KEY_CODE_KP_4]  = 91,
-[Q_KEY_CODE_KP_5]  = 92,
-[Q_KEY_CODE_KP_6]  = 93,
-[Q_KEY_CODE_KP_7]  = 68,
-[Q_KEY_CODE_KP_8]  = 69,
-[Q_KEY_CODE_KP_9]  = 70,
-[Q_KEY_CODE_LESS]  = 124,
-[Q_KEY_CODE_F11]   = 9,
-[Q_KEY_CODE_F12]   = 11,
-[Q_KEY_CODE_HOME]  = 52,
-[Q_KEY_CODE_PGUP]  = 96,
-[Q_KEY_CODE_PGDN]  = 123,
-[Q_KEY_CODE_END]   = 74,
-[Q_KEY_CODE_LEFT]  = 24,
-[Q_KEY_CODE_UP]= 20,
-[Q_KEY_CODE_DOWN]  = 27,
-[Q_KEY_CODE_RIGHT] = 28,
-[Q_KEY_CODE_INSERT]= 44,
-[Q_KEY_CODE_DELETE]= 66,
-[Q_KEY_CODE_STOP]  = 1,
-[Q_KEY_CODE_AGAIN] = 3,
-[Q_KEY_CODE_PROPS] = 25,
-[Q_KEY_CODE_UNDO]  = 26,
-[Q_KEY_CODE_FRONT] = 49,
-[Q_KEY_CODE_COPY]  = 51,
-[Q_KEY_CODE_OPEN]  = 72,
-[Q_KEY_CODE_PASTE] = 73,
-[Q_KEY_CODE_FIND]  = 95,
-[Q_KEY_CODE_CUT]   = 97,
-[Q_KEY_CODE_LF]= 111,

[Qemu-devel] [PATCH 13/15] ui: remove qemu_input_qcode_to_number method

[Daniel P. Berrange]

The qemu_input_qcode_to_number method is only used in one place and
no new code should require it, so inline it at the only caller.

Signed-off-by: Daniel P. Berrange 
---
 include/ui/input.h |  1 -
 ui/input-keymap.c  | 16 +++-
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/include/ui/input.h b/include/ui/input.h
index 7ac1d62747..b3827b6082 100644
--- a/include/ui/input.h
+++ b/include/ui/input.h
@@ -42,7 +42,6 @@ void qemu_input_event_send_key_number(QemuConsole *src, int 
num, bool down);
 void qemu_input_event_send_key_qcode(QemuConsole *src, QKeyCode q, bool down);
 void qemu_input_event_send_key_delay(uint32_t delay_ms);
 int qemu_input_key_number_to_qcode(unsigned int nr);
-int qemu_input_qcode_to_number(QKeyCode qcode);
 int qemu_input_qcode_to_scancode(QKeyCode qcode, bool down, int *codes);
 int qemu_input_linux_to_qcode(unsigned int lnx);
 
diff --git a/ui/input-keymap.c b/ui/input-keymap.c
index 566b8f2000..71c6a79e66 100644
--- a/ui/input-keymap.c
+++ b/ui/input-keymap.c
@@ -32,14 +32,6 @@ int qemu_input_linux_to_qcode(unsigned int lnx)
 return qemu_input_map_linux2qcode[lnx];
 }
 
-int qemu_input_qcode_to_number(QKeyCode qcode)
-{
-if (qcode >= qemu_input_map_qcode2qnum_len) {
-return 0;
-}
-return qemu_input_map_qcode2qnum[qcode];
-}
-
 int qemu_input_key_number_to_qcode(unsigned int nr)
 {
 if (nr >= qemu_input_map_qnum2qcode_len) {
@@ -51,9 +43,15 @@ int qemu_input_key_number_to_qcode(unsigned int nr)
 int qemu_input_qcode_to_scancode(QKeyCode qcode, bool down,
  int *codes)
 {
-int keycode = qemu_input_qcode_to_number(qcode);
+int keycode;
 int count = 0;
 
+if (qcode >= qemu_input_map_qcode2qnum_len) {
+keycode = 0;
+} else {
+keycode = qemu_input_map_qcode2qnum[qcode];
+}
+
 if (qcode == Q_KEY_CODE_PAUSE) {
 /* specific case */
 int v = down ? 0 : 0x80;
-- 
2.13.3

[Qemu-devel] [PATCH 07/15] input: convert ps2 device to keycodemapdb

[Daniel P. Berrange]

Replace the qcode_to_keycode_set1, qcode_to_keycode_set2,
and qcode_to_keycode_set3 tables with automatically
generated tables.

Missing entries in qcode_to_keycode_set1 now fixed:

 - Q_KEY_CODE_SYSRQ -> 0x54
 - Q_KEY_CODE_PRINT -> 0x54 (NB ignored due to special case)
 - Q_KEY_CODE_AGAIN -> 0xe005
 - Q_KEY_CODE_PROPS -> 0xe006
 - Q_KEY_CODE_UNDO -> 0xe007
 - Q_KEY_CODE_FRONT -> 0xe00c
 - Q_KEY_CODE_COPY -> 0xe078
 - Q_KEY_CODE_OPEN -> 0x64
 - Q_KEY_CODE_PASTE -> 0x65
 - Q_KEY_CODE_CUT -> 0xe03c
 - Q_KEY_CODE_LF -> 0x5b
 - Q_KEY_CODE_HELP -> 0xe075
 - Q_KEY_CODE_COMPOSE -> 0xe05d
 - Q_KEY_CODE_PAUSE -> 0xe046
 - Q_KEY_CODE_KP_EQUALS -> 0x59

And some mistakes corrected:

 - Q_KEY_CODE_HIRAGANA was mapped to 0x70 (Katakanahiragana)
   instead of of 0x77 (Hirigana)
 - Q_KEY_CODE_MENU was incorrectly mapped to the compose
   scancode (0xe05d) and is now mapped to 0xe01e
 - Q_KEY_CODE_FIND was mapped to 0xe065 (Search) instead
   of to 0xe041 (Find)
 - Q_KEY_CODE_POWER, SLEEP & WAKE had 0x0e instead of 0xe0
   as the prefix

Missing entries in qcode_to_keycode_set2 now fixed:

 - Q_KEY_CODE_PRINT -> 0x7f (NB ignored due to special case)
 - Q_KEY_CODE_COMPOSE -> 0xe02f
 - Q_KEY_CODE_PAUSE -> 0xe077
 - Q_KEY_CODE_KP_EQUALS -> 0x0f

And some mistakes corrected:

 - Q_KEY_CODE_HIRAGANA was mapped to 0x13 (Katakanahiragana)
   instead of of 0x62 (Hirigana)
 - Q_KEY_CODE_MENU was incorrectly mapped to the compose
   scancode (0xe02f) and is now not mapped
 - Q_KEY_CODE_FIND was mapped to 0xe010 (Search) and is now
   not mapped.
 - Q_KEY_CODE_POWER, SLEEP & WAKE had 0x0e instead of 0xe0
   as the prefix

Missing entries in qcode_to_keycode_set3 now fixed:

 - Q_KEY_CODE_ASTERISK -> 0x7e
 - Q_KEY_CODE_SYSRQ -> 0x57
 - Q_KEY_CODE_LESS -> 0x13
 - Q_KEY_CODE_STOP -> 0x0a
 - Q_KEY_CODE_AGAIN -> 0x0b
 - Q_KEY_CODE_PROPS -> 0x0c
 - Q_KEY_CODE_UNDO -> 0x10
 - Q_KEY_CODE_COPY -> 0x18
 - Q_KEY_CODE_OPEN -> 0x20
 - Q_KEY_CODE_PASTE -> 0x28
 - Q_KEY_CODE_FIND -> 0x30
 - Q_KEY_CODE_CUT -> 0x38
 - Q_KEY_CODE_HELP -> 0x09
 - Q_KEY_CODE_COMPOSE -> 0x8d
 - Q_KEY_CODE_AUDIONEXT -> 0x93
 - Q_KEY_CODE_AUDIOPREV -> 0x94
 - Q_KEY_CODE_AUDIOSTOP -> 0x98
 - Q_KEY_CODE_AUDIOMUTE -> 0x9c
 - Q_KEY_CODE_VOLUMEUP -> 0x95
 - Q_KEY_CODE_VOLUMEDOWN -> 0x9d
 - Q_KEY_CODE_CALCULATOR -> 0xa3
 - Q_KEY_CODE_AC_HOME -> 0x97

And some mistakes corrected:

 - Q_KEY_CODE_MENU was incorrectly mapped to the compose
   scancode (0x8d) and is now 0x91

Signed-off-by: Daniel P. Berrange 
---
 hw/input/ps2.c | 406 +
 include/ui/input.h |   9 ++
 ui/Makefile.objs   |   3 +
 ui/input-keymap.c  |   3 +
 4 files changed, 22 insertions(+), 399 deletions(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 14b1d85f6c..86529a058a 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -115,401 +115,6 @@ typedef struct {
 uint8_t mouse_buttons;
 } PS2MouseState;
 
-/* Table to convert from QEMU codes to scancodes.  */
-static const uint16_t qcode_to_keycode_set1[Q_KEY_CODE__MAX] = {
-[0 ... Q_KEY_CODE__MAX - 1] = 0,
-
-[Q_KEY_CODE_A] = 0x1e,
-[Q_KEY_CODE_B] = 0x30,
-[Q_KEY_CODE_C] = 0x2e,
-[Q_KEY_CODE_D] = 0x20,
-[Q_KEY_CODE_E] = 0x12,
-[Q_KEY_CODE_F] = 0x21,
-[Q_KEY_CODE_G] = 0x22,
-[Q_KEY_CODE_H] = 0x23,
-[Q_KEY_CODE_I] = 0x17,
-[Q_KEY_CODE_J] = 0x24,
-[Q_KEY_CODE_K] = 0x25,
-[Q_KEY_CODE_L] = 0x26,
-[Q_KEY_CODE_M] = 0x32,
-[Q_KEY_CODE_N] = 0x31,
-[Q_KEY_CODE_O] = 0x18,
-[Q_KEY_CODE_P] = 0x19,
-[Q_KEY_CODE_Q] = 0x10,
-[Q_KEY_CODE_R] = 0x13,
-[Q_KEY_CODE_S] = 0x1f,
-[Q_KEY_CODE_T] = 0x14,
-[Q_KEY_CODE_U] = 0x16,
-[Q_KEY_CODE_V] = 0x2f,
-[Q_KEY_CODE_W] = 0x11,
-[Q_KEY_CODE_X] = 0x2d,
-[Q_KEY_CODE_Y] = 0x15,
-[Q_KEY_CODE_Z] = 0x2c,
-[Q_KEY_CODE_0] = 0x0b,
-[Q_KEY_CODE_1] = 0x02,
-[Q_KEY_CODE_2] = 0x03,
-[Q_KEY_CODE_3] = 0x04,
-[Q_KEY_CODE_4] = 0x05,
-[Q_KEY_CODE_5] = 0x06,
-[Q_KEY_CODE_6] = 0x07,
-[Q_KEY_CODE_7] = 0x08,
-[Q_KEY_CODE_8] = 0x09,
-[Q_KEY_CODE_9] = 0x0a,
-[Q_KEY_CODE_GRAVE_ACCENT] = 0x29,
-[Q_KEY_CODE_MINUS] = 0x0c,
-[Q_KEY_CODE_EQUAL] = 0x0d,
-[Q_KEY_CODE_BACKSLASH] = 0x2b,
-[Q_KEY_CODE_BACKSPACE] = 0x0e,
-[Q_KEY_CODE_SPC] = 0x39,
-[Q_KEY_CODE_TAB] = 0x0f,
-[Q_KEY_CODE_CAPS_LOCK] = 0x3a,
-[Q_KEY_CODE_SHIFT] = 0x2a,
-[Q_KEY_CODE_CTRL] = 0x1d,
-[Q_KEY_CODE_META_L] = 0xe05b,
-[Q_KEY_CODE_ALT] = 0x38,
-[Q_KEY_CODE_SHIFT_R] = 0x36,
-[Q_KEY_CODE_CTRL_R] = 0xe01d,
-[Q_KEY_CODE_META_R] = 0xe05c,
-[Q_KEY_CODE_ALT_R] = 0xe038,
-[Q_KEY_CODE_MENU] = 0xe05d,
-[Q_KEY_CODE_RET] = 0x1c,
-[Q_KEY_CODE_ESC] = 0x01,
-[Q_KEY_CODE_F1] = 0x3b,
-[Q_KEY_CODE_F2] = 0x3c,
-[Q_KEY_CODE_F3] = 0x3d,
-[Q_KEY_CODE_F4] = 0x3e,
-[Q_KEY_CODE_F5] = 0x3f,
-[Q_KEY_CODE_F6] = 0x40,
-[Q_KEY_CODE_F7] = 0x41,
-[Q_KEY_CODE_F8] = 0x42,
-[Q_KEY_CODE_F9] = 0x43,
-

[Qemu-devel] [PATCH 03/15] ui: convert key events to QKeyCodes immediately

[Daniel P. Berrange]

Always use QKeyCode in the InputKeyEvent struct, by converting key
numbers to QKeyCode at the time the event is created.

Signed-off-by: Daniel P. Berrange 
---
 ui/input.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/ui/input.c b/ui/input.c
index af05f06368..64e9103a61 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -400,10 +400,8 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue 
*key, bool down)
 
 void qemu_input_event_send_key_number(QemuConsole *src, int num, bool down)
 {
-KeyValue *key = g_new0(KeyValue, 1);
-key->type = KEY_VALUE_KIND_NUMBER;
-key->u.number.data = num;
-qemu_input_event_send_key(src, key, down);
+QKeyCode code = qemu_input_key_number_to_qcode(num);
+qemu_input_event_send_key_qcode(src, code, down);
 }
 
 void qemu_input_event_send_key_qcode(QemuConsole *src, QKeyCode q, bool down)
-- 
2.13.3

[Qemu-devel] [PATCH 05/15] ui: use QKeyCode exclusively in InputKeyEvent

[Daniel P. Berrange]

Now that keycode numbers are converted to QKeyCodes immediately
when creating input events, the InputKeyEvent struct can be
changed to only accept a QKeyCode, instead of a KeyValue.

Signed-off-by: Daniel P. Berrange 
---
 hw/char/escc.c  |  2 +-
 hw/input/adb.c  |  2 +-
 hw/input/hid.c  |  6 +++---
 hw/input/ps2.c  |  2 +-
 hw/input/virtio-input-hid.c |  2 +-
 include/ui/input.h  |  7 ++-
 qapi-schema.json|  2 +-
 replay/replay-input.c   | 36 --
 ui/input-keymap.c   | 32 --
 ui/input-legacy.c   | 31 +-
 ui/input.c  | 47 +
 ui/trace-events |  1 -
 12 files changed, 53 insertions(+), 117 deletions(-)

diff --git a/hw/char/escc.c b/hw/char/escc.c
index 1aca564e33..5af7f0cddf 100644
--- a/hw/char/escc.c
+++ b/hw/char/escc.c
@@ -847,7 +847,7 @@ static void sunkbd_handle_event(DeviceState *dev, 
QemuConsole *src,
 
 assert(evt->type == INPUT_EVENT_KIND_KEY);
 key = evt->u.key.data;
-qcode = qemu_input_key_value_to_qcode(key->key);
+qcode = key->key;
 trace_escc_sunkbd_event_in(qcode, QKeyCode_lookup[qcode],
key->down);
 
diff --git a/hw/input/adb.c b/hw/input/adb.c
index fcca3a8eb9..992f5bd1c4 100644
--- a/hw/input/adb.c
+++ b/hw/input/adb.c
@@ -438,7 +438,7 @@ static void adb_keyboard_event(DeviceState *dev, 
QemuConsole *src,
 KBDState *s = (KBDState *)dev;
 int qcode, keycode;
 
-qcode = qemu_input_key_value_to_qcode(evt->u.key.data->key);
+qcode = evt->u.key.data->key;
 if (qcode >= ARRAY_SIZE(qcode_to_adb_keycode)) {
 return;
 }
diff --git a/hw/input/hid.c b/hw/input/hid.c
index 0d049ff61c..fdb77b8b2a 100644
--- a/hw/input/hid.c
+++ b/hw/input/hid.c
@@ -231,9 +231,9 @@ static void hid_keyboard_event(DeviceState *dev, 
QemuConsole *src,
 int slot;
 InputKeyEvent *key = evt->u.key.data;
 
-count = qemu_input_key_value_to_scancode(key->key,
- key->down,
- scancodes);
+count = qemu_input_qcode_to_scancode(key->key,
+ key->down,
+ scancodes);
 if (hs->n + count > QUEUE_LENGTH) {
 trace_hid_kbd_queue_full();
 return;
diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 77906d5f46..14b1d85f6c 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -599,7 +599,7 @@ static void ps2_keyboard_event(DeviceState *dev, 
QemuConsole *src,
 
 qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER);
 assert(evt->type == INPUT_EVENT_KIND_KEY);
-qcode = qemu_input_key_value_to_qcode(key->key);
+qcode = key->key;
 
 if (s->scancode_set == 1) {
 if (qcode == Q_KEY_CODE_PAUSE) {
diff --git a/hw/input/virtio-input-hid.c b/hw/input/virtio-input-hid.c
index 46c038110c..7a04e21b33 100644
--- a/hw/input/virtio-input-hid.c
+++ b/hw/input/virtio-input-hid.c
@@ -200,7 +200,7 @@ static void virtio_input_handle_event(DeviceState *dev, 
QemuConsole *src,
 switch (evt->type) {
 case INPUT_EVENT_KIND_KEY:
 key = evt->u.key.data;
-qcode = qemu_input_key_value_to_qcode(key->key);
+qcode = key->key;
 if (qcode && keymap_qcode[qcode]) {
 event.type  = cpu_to_le16(EV_KEY);
 event.code  = cpu_to_le16(keymap_qcode[qcode]);
diff --git a/include/ui/input.h b/include/ui/input.h
index 576006c370..5577cbcb04 100644
--- a/include/ui/input.h
+++ b/include/ui/input.h
@@ -38,15 +38,12 @@ void qemu_input_event_send_impl(QemuConsole *src, 
InputEvent *evt);
 void qemu_input_event_sync(void);
 void qemu_input_event_sync_impl(void);
 
-void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down);
 void qemu_input_event_send_key_number(QemuConsole *src, int num, bool down);
 void qemu_input_event_send_key_qcode(QemuConsole *src, QKeyCode q, bool down);
 void qemu_input_event_send_key_delay(uint32_t delay_ms);
 int qemu_input_key_number_to_qcode(unsigned int nr);
-int qemu_input_key_value_to_number(const KeyValue *value);
-int qemu_input_key_value_to_qcode(const KeyValue *value);
-int qemu_input_key_value_to_scancode(const KeyValue *value, bool down,
- int *codes);
+int qemu_input_qcode_to_number(QKeyCode qcode);
+int qemu_input_qcode_to_scancode(QKeyCode qcode, bool down, int *codes);
 int qemu_input_linux_to_qcode(unsigned int lnx);
 
 InputEvent *qemu_input_event_new_btn(InputButton btn, bool down);
diff --git a/qapi-schema.json b/qapi-schema.json
index 802ea53d00..fa6e99ee9c 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -5747,7 +5747,7 @@
 # Since: 2.0
 ##
 { 'struct'  : 'InputKeyEvent',
-  'data'  : { 'key' : 'KeyValue',
+  'data'  : { 'key' : 'QKeyCode',
   

[Qemu-devel] [PATCH 04/15] ui: don't export qemu_input_event_new_key

[Daniel P. Berrange]

All public code should use qemu_input_event_send_key* functions
instead of creating an event directly.

Signed-off-by: Daniel P. Berrange 
---
 include/ui/input.h | 1 -
 ui/input.c | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/ui/input.h b/include/ui/input.h
index 1e1cfa0fdf..576006c370 100644
--- a/include/ui/input.h
+++ b/include/ui/input.h
@@ -38,7 +38,6 @@ void qemu_input_event_send_impl(QemuConsole *src, InputEvent 
*evt);
 void qemu_input_event_sync(void);
 void qemu_input_event_sync_impl(void);
 
-InputEvent *qemu_input_event_new_key(KeyValue *key, bool down);
 void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down);
 void qemu_input_event_send_key_number(QemuConsole *src, int num, bool down);
 void qemu_input_event_send_key_qcode(QemuConsole *src, QKeyCode q, bool down);
diff --git a/ui/input.c b/ui/input.c
index 64e9103a61..ba85bf01a9 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -374,7 +374,7 @@ void qemu_input_event_sync(void)
 replay_input_sync_event();
 }
 
-InputEvent *qemu_input_event_new_key(KeyValue *key, bool down)
+static InputEvent *qemu_input_event_new_key(KeyValue *key, bool down)
 {
 InputEvent *evt = g_new0(InputEvent, 1);
 evt->u.key.data = g_new0(InputKeyEvent, 1);
-- 
2.13.3

[Qemu-devel] [PATCH 01/15] ui: add keycodemapdb repository as a GIT submodule

[Daniel P. Berrange]

The https://gitlab.com/keycodemap/keycodemapdb/ repo contains a
data file mapping between all the different scancode/keycode/keysym
sets that are known, and a tool to auto-generate lookup tables for
different combinations.

It is used by GTK-VNC, SPICE-GTK and libvirt for mapping keys.
Using it in QEMU will let us replace many hand written lookup
tables with auto-generated tables from a master data source,
reducing bugs. Adding new QKeyCodes will now only require the
master table to be updated, all ~20 other tables will be
automatically updated to follow.

Signed-off-by: Daniel P. Berrange 
---
 .gitignore   |  2 ++
 .gitmodules  |  3 +++
 ui/Makefile.objs | 18 ++
 ui/keycodemapdb  |  1 +
 4 files changed, 24 insertions(+)
 create mode 16 ui/keycodemapdb

diff --git a/.gitignore b/.gitignore
index cf65316863..6e5a1202c8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,6 +14,8 @@
 /trace/generated-tcg-tracers.h
 /ui/shader/texture-blit-frag.h
 /ui/shader/texture-blit-vert.h
+/ui/keycodemap_*.c
+/ui/input-keymap-*.c
 *-timestamp
 /*-softmmu
 /*-darwin-user
diff --git a/.gitmodules b/.gitmodules
index 5b0c212622..369989f19e 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -37,3 +37,6 @@
 [submodule "roms/QemuMacDrivers"]
path = roms/QemuMacDrivers
url = git://git.qemu.org/QemuMacDrivers.git
+[submodule "ui/keycodemapdb"]
+   path = ui/keycodemapdb
+   url = https://gitlab.com/keycodemap/keycodemapdb.git
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index 3369451285..d94d1ca183 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -49,3 +49,21 @@ gtk-egl.o-libs += $(OPENGL_LIBS)
 shader.o-libs += $(OPENGL_LIBS)
 console-gl.o-libs += $(OPENGL_LIBS)
 egl-helpers.o-libs += $(OPENGL_LIBS)
+
+KEYCODEMAP_GEN = ui/keycodemapdb/tools/keymap-gen
+KEYCODEMAP_CSV = ui/keycodemapdb/data/keymaps.csv
+
+KEYCODEMAP_FILES = \
+$(NULL)
+
+GENERATED_FILES += $(KEYCODEMAP_FILES)
+
+ui/input-keymap-%.c: $(KEYCODEMAP_GEN) $(KEYCODEMAP_CSV) ui/Makefile.objs
+   $(call quiet-command,\
+   $(PYTHON) $(KEYCODEMAP_GEN) \
+ --lang glib2 \
+ --varname qemu_input_map_$$(echo $@ | sed -e 
"s,^ui/input-keymap-,," -e "s,\.c$$,,") \
+ code-map $(KEYCODEMAP_CSV) \
+ $$(echo $@ | sed -E -e 
"s,^ui/input-keymap-([a-zA-Z0-9]+)2([a-zA-Z0-9]+)\.c$$,\1,") \
+ $$(echo $@ | sed -E -e 
"s,^ui/input-keymap-([a-zA-Z0-9]+)2([a-zA-Z0-9]+)\.c$$,\2,") \
+   > $@ || rm $@, "GEN", "$@")
diff --git a/ui/keycodemapdb b/ui/keycodemapdb
new file mode 16
index 00..aed87bb2aa
--- /dev/null
+++ b/ui/keycodemapdb
@@ -0,0 +1 @@
+Subproject commit aed87bb2aa6ed83b49574eb982e3bdd4c36acf17
-- 
2.13.3

[Qemu-devel] [PATCH 11/15] ui: convert the SDL2 frontend to keycodemapdb

[Daniel P. Berrange]

The SDL2 scancodes are conveniently identical to the USB
scancodes. Replace the sdl2_scancode_to_qcode table with
an automatically generated table.

Missing entries in sdl2_scancode_to_qcode now fixed:

  - 0x32 -> Q_KEY_CODE_BACKSLASH
  - 0x66 -> Q_KEY_CODE_POWER
  - 0x67 -> Q_KEY_CODE_KP_EQUALS
  - 0x74 -> Q_KEY_CODE_OPEN
  - 0x77 -> Q_KEY_CODE_FRONT
  - 0x7f -> Q_KEY_CODE_AUDIOMUTE
  - 0x80 -> Q_KEY_CODE_VOLUMEUP
  - 0x81 -> Q_KEY_CODE_VOLUMEDOWN
  - 0x85 -> Q_KEY_CODE_KP_COMMA
  - 0x87 -> Q_KEY_CODE_RO
  - 0x89 -> Q_KEY_CODE_YEN
  - 0x8a -> Q_KEY_CODE_HENKAN
  - 0x93 -> Q_KEY_CODE_HIRAGANA
  - 0xe8 -> Q_KEY_CODE_AUDIOPLAY
  - 0xe9 -> Q_KEY_CODE_AUDIOSTOP
  - 0xea -> Q_KEY_CODE_AUDIOPREV
  - 0xeb -> Q_KEY_CODE_AUDIONEXT
  - 0xed -> Q_KEY_CODE_VOLUMEUP
  - 0xee -> Q_KEY_CODE_VOLUMEDOWN
  - 0xef -> Q_KEY_CODE_AUDIOMUTE
  - 0xf1 -> Q_KEY_CODE_AC_BACK
  - 0xf2 -> Q_KEY_CODE_AC_FORWARD
  - 0xf3 -> Q_KEY_CODE_STOP
  - 0xf4 -> Q_KEY_CODE_FIND
  - 0xf8 -> Q_KEY_CODE_SLEEP
  - 0xfa -> Q_KEY_CODE_AC_REFRESH
  - 0xfb -> Q_KEY_CODE_CALCULATOR

And some mistakes corrected:

  - 0x65 -> Q_KEY_CODE_COMPOSE, not duplicating Q_KEY_CODE_MENU

Signed-off-by: Daniel P. Berrange 
---
 include/ui/input.h |   3 +
 ui/Makefile.objs   |   1 +
 ui/input-keymap.c  |   1 +
 ui/sdl2-input.c|  14 ++-
 ui/sdl2-keymap.h   | 267 -
 5 files changed, 14 insertions(+), 272 deletions(-)
 delete mode 100644 ui/sdl2-keymap.h

diff --git a/include/ui/input.h b/include/ui/input.h
index 595e596ef3..11bf94aacf 100644
--- a/include/ui/input.h
+++ b/include/ui/input.h
@@ -95,4 +95,7 @@ extern const guint16 qemu_input_map_qcode2sun[];
 extern const guint qemu_input_map_qnum2qcode_len;
 extern const guint16 qemu_input_map_qnum2qcode[];
 
+extern const guint qemu_input_map_usb2qcode_len;
+extern const guint16 qemu_input_map_usb2qcode[];
+
 #endif /* INPUT_H */
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index ce9c4380ae..cd2bf1e790 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -64,6 +64,7 @@ KEYCODEMAP_FILES = \
 ui/input-keymap-qcode2qnum.c \
 ui/input-keymap-qcode2sun.c \
 ui/input-keymap-qnum2qcode.c \
+ui/input-keymap-usb2qcode.c \
 $(NULL)
 
 GENERATED_FILES += $(KEYCODEMAP_FILES)
diff --git a/ui/input-keymap.c b/ui/input-keymap.c
index e575348cb2..c7a9c08bdb 100644
--- a/ui/input-keymap.c
+++ b/ui/input-keymap.c
@@ -15,6 +15,7 @@
 #include "ui/input-keymap-qcode2qnum.c"
 #include "ui/input-keymap-qcode2sun.c"
 #include "ui/input-keymap-qnum2qcode.c"
+#include "ui/input-keymap-usb2qcode.c"
 
 int qemu_input_linux_to_qcode(unsigned int lnx)
 {
diff --git a/ui/sdl2-input.c b/ui/sdl2-input.c
index 6e315ae800..f0a99ffd73 100644
--- a/ui/sdl2-input.c
+++ b/ui/sdl2-input.c
@@ -30,8 +30,6 @@
 #include "ui/sdl2.h"
 #include "sysemu/sysemu.h"
 
-#include "sdl2-keymap.h"
-
 static uint8_t modifiers_state[SDL_NUM_SCANCODES];
 
 void sdl2_reset_keys(struct sdl2_console *scon)
@@ -39,9 +37,9 @@ void sdl2_reset_keys(struct sdl2_console *scon)
 QemuConsole *con = scon ? scon->dcl.con : NULL;
 int i;
 
-for (i = 0; i < SDL_NUM_SCANCODES; i++) {
+for (i = 0; i < SDL_NUM_SCANCODES && i < qemu_input_map_usb2qcode_len ; 
i++) {
 if (modifiers_state[i]) {
-int qcode = sdl2_scancode_to_qcode[i];
+int qcode = qemu_input_map_usb2qcode[i];
 qemu_input_event_send_key_qcode(con, qcode, false);
 modifiers_state[i] = 0;
 }
@@ -51,9 +49,15 @@ void sdl2_reset_keys(struct sdl2_console *scon)
 void sdl2_process_key(struct sdl2_console *scon,
   SDL_KeyboardEvent *ev)
 {
-int qcode = sdl2_scancode_to_qcode[ev->keysym.scancode];
+int qcode;
 QemuConsole *con = scon ? scon->dcl.con : NULL;
 
+if (ev->keysym.scancode >= qemu_input_map_usb2qcode_len) {
+return;
+}
+
+qcode = qemu_input_map_usb2qcode[ev->keysym.scancode];
+
 if (!qemu_console_is_graphic(con)) {
 if (ev->type == SDL_KEYDOWN) {
 switch (ev->keysym.scancode) {
diff --git a/ui/sdl2-keymap.h b/ui/sdl2-keymap.h
deleted file mode 100644
index cbedaa477d..00
--- a/ui/sdl2-keymap.h
+++ /dev/null
@@ -1,267 +0,0 @@
-
-/* map SDL2 scancodes to QKeyCode */
-
-static const int sdl2_scancode_to_qcode[SDL_NUM_SCANCODES] = {
-[SDL_SCANCODE_A] = Q_KEY_CODE_A,
-[SDL_SCANCODE_B] = Q_KEY_CODE_B,
-[SDL_SCANCODE_C] = Q_KEY_CODE_C,
-[SDL_SCANCODE_D] = Q_KEY_CODE_D,
-[SDL_SCANCODE_E] = Q_KEY_CODE_E,
-[SDL_SCANCODE_F] = Q_KEY_CODE_F,
-[SDL_SCANCODE_G] = Q_KEY_CODE_G,
-[SDL_SCANCODE_H] = Q_KEY_CODE_H,
-[SDL_SCANCODE_I] = Q_KEY_CODE_I,
-[SDL_SCANCODE_J] = Q_KEY_CODE_J,
-[SDL_SCANCODE_K] = 

[Qemu-devel] [PATCH 02/15] ui: convert common input code to keycodemapdb

[Daniel P. Berrange]

Replace the number_to_qcode, qcode_to_number and linux_to_qcode
tables with automatically generated tables.

Missing entries in linux_to_qcode now fixed:

  KEY_LINEFEED -> Q_KEY_CODE_LF
  KEY_KPEQUAL -> Q_KEY_CODE_KP_EQUALS
  KEY_COMPOSE -> Q_KEY_CODE_COMPOSE
  KEY_AGAIN -> Q_KEY_CODE_AGAIN
  KEY_PROPS -> Q_KEY_CODE_PROPS
  KEY_UNDO -> Q_KEY_CODE_UNDO
  KEY_FRONT -> Q_KEY_CODE_FRONT
  KEY_COPY -> Q_KEY_CODE_COPY
  KEY_OPEN -> Q_KEY_CODE_OPEN
  KEY_PASTE -> Q_KEY_CODE_PASTE
  KEY_CUT -> Q_KEY_CODE_CUT
  KEY_HELP -> Q_KEY_CODE_HELP
  KEY_MEDIA -> Q_KEY_CODE_MEDIASELECT

In additionsome fixes:

 - KEY_PLAYPAUSE now maps to Q_KEY_CODE_AUDIOPLAY, instead of
   KEY_PLAYCD. KEY_PLAYPAUSE is defined across almost all scancodes
   sets, while KEY_PLAYCD only appears in AT set1, so the former is
   a more useful mapping.

Missing entries in qcode_to_number now fixed:

  Q_KEY_CODE_AGAIN -> 0x85
  Q_KEY_CODE_PROPS -> 0x86
  Q_KEY_CODE_UNDO -> 0x87
  Q_KEY_CODE_FRONT -> 0x8c
  Q_KEY_CODE_COPY -> 0xf8
  Q_KEY_CODE_OPEN -> 0x64
  Q_KEY_CODE_PASTE -> 0x65
  Q_KEY_CODE_CUT -> 0xbc
  Q_KEY_CODE_LF -> 0x5b
  Q_KEY_CODE_HELP -> 0xf5
  Q_KEY_CODE_COMPOSE -> 0xdd
  Q_KEY_CODE_KP_EQUALS -> 0x59
  Q_KEY_CODE_MEDIASELECT -> 0xed

In addition some fixes:

 - Q_KEY_CODE_MENU was incorrectly mapped to the compose
   scancode (0xdd) and is now mapped to 0x9e
 - Q_KEY_CODE_FIND was mapped to 0xe065 (Search) instead
   of to 0xe041 (Find)
 - Q_KEY_CODE_HIRAGANA was mapped to 0x70 (Katakanahiragana)
   instead of of 0x77 (Hirigana)
 - Q_KEY_CODE_PRINT was mapped to 0xb7 which is not a defined
   scan code in AT set 1, it is now mapped to 0x54 (sysrq)

Signed-off-by: Daniel P. Berrange 
---
 include/ui/input.h |  11 +-
 ui/Makefile.objs   |   3 +
 ui/input-keymap.c  | 326 +++--
 3 files changed, 28 insertions(+), 312 deletions(-)

diff --git a/include/ui/input.h b/include/ui/input.h
index c488585def..1e1cfa0fdf 100644
--- a/include/ui/input.h
+++ b/include/ui/input.h
@@ -43,7 +43,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue 
*key, bool down);
 void qemu_input_event_send_key_number(QemuConsole *src, int num, bool down);
 void qemu_input_event_send_key_qcode(QemuConsole *src, QKeyCode q, bool down);
 void qemu_input_event_send_key_delay(uint32_t delay_ms);
-int qemu_input_key_number_to_qcode(uint8_t nr);
+int qemu_input_key_number_to_qcode(unsigned int nr);
 int qemu_input_key_value_to_number(const KeyValue *value);
 int qemu_input_key_value_to_qcode(const KeyValue *value);
 int qemu_input_key_value_to_scancode(const KeyValue *value, bool down,
@@ -69,4 +69,13 @@ void qemu_input_check_mode_change(void);
 void qemu_add_mouse_mode_change_notifier(Notifier *notify);
 void qemu_remove_mouse_mode_change_notifier(Notifier *notify);
 
+extern const guint qemu_input_map_linux2qcode_len;
+extern const guint16 qemu_input_map_linux2qcode[];
+
+extern const guint qemu_input_map_qcode2qnum_len;
+extern const guint16 qemu_input_map_qcode2qnum[];
+
+extern const guint qemu_input_map_qnum2qcode_len;
+extern const guint16 qemu_input_map_qnum2qcode[];
+
 #endif /* INPUT_H */
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index d94d1ca183..964fabdd3a 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -54,6 +54,9 @@ KEYCODEMAP_GEN = ui/keycodemapdb/tools/keymap-gen
 KEYCODEMAP_CSV = ui/keycodemapdb/data/keymaps.csv
 
 KEYCODEMAP_FILES = \
+ui/input-keymap-linux2qcode.c \
+ui/input-keymap-qcode2qnum.c \
+ui/input-keymap-qnum2qcode.c \
 $(NULL)
 
 GENERATED_FILES += $(KEYCODEMAP_FILES)
diff --git a/ui/input-keymap.c b/ui/input-keymap.c
index cf979c2ce9..66bae7 100644
--- a/ui/input-keymap.c
+++ b/ui/input-keymap.c
@@ -5,333 +5,37 @@
 
 #include "standard-headers/linux/input.h"
 
-static int linux_to_qcode[KEY_CNT] = {
-[KEY_ESC]= Q_KEY_CODE_ESC,
-[KEY_1]  = Q_KEY_CODE_1,
-[KEY_2]  = Q_KEY_CODE_2,
-[KEY_3]  = Q_KEY_CODE_3,
-[KEY_4]  = Q_KEY_CODE_4,
-[KEY_5]  = Q_KEY_CODE_5,
-[KEY_6]  = Q_KEY_CODE_6,
-[KEY_7]  = Q_KEY_CODE_7,
-[KEY_8]  = Q_KEY_CODE_8,
-[KEY_9]  = Q_KEY_CODE_9,
-[KEY_0]  = Q_KEY_CODE_0,
-[KEY_MINUS]  = Q_KEY_CODE_MINUS,
-[KEY_EQUAL]  = Q_KEY_CODE_EQUAL,
-[KEY_BACKSPACE]  = Q_KEY_CODE_BACKSPACE,
-[KEY_TAB]= Q_KEY_CODE_TAB,
-[KEY_Q]  = Q_KEY_CODE_Q,
-[KEY_W]  = Q_KEY_CODE_W,
-[KEY_E]  = Q_KEY_CODE_E,
-[KEY_R]  = Q_KEY_CODE_R,
-[KEY_T]  = Q_KEY_CODE_T,
-[KEY_Y]  = Q_KEY_CODE_Y,
-[KEY_U]  = Q_KEY_CODE_U,
-[KEY_I]  = Q_KEY_CODE_I,
-[KEY_O]  = Q_KEY_CODE_O,
-[KEY_P]  = Q_KEY_CODE_P,
-[KEY_LEFTBRACE]  = 

[Qemu-devel] [PATCH 00/15] Convert over to use keycodemapdb

[Daniel P. Berrange]

The keycodemap project[1] provides a database mapping between
many different keysym/keycode/scancode sets, along with a
tool to generate mapping/lookup tables in various programming
languages. It is already used by GTK-VNC, SPICE-GTK and
libvirt.

This series enables its use in QEMU, thus fixing a great
many bugs/ommissions in the 15+ key mapping tables people
have manually written for QEMU.

The keycodemapdb code is designed to be used as a git
sub-module, it is not an external dependancy you need
installed before use.

This series converts all the front ends and all the input
devices which are using the new InputEvent framework. A
handful of devices still use the legacy kbd handler

  $ git grep -l add_kbd_event_handler hw
  hw/arm/musicpal.c
  hw/arm/nseries.c
  hw/arm/palm.c
  hw/arm/spitz.c
  hw/input/pxa2xx_keypad.c
  hw/input/stellaris_input.c

and could be usefully converted too.

I've not done much realworld testing of this yet. I did
however write code that compared the mapping tables before
and after conversion to identify what mapping changes have
resulted in each frontend/backend.  What I still need to
go back and validate is the Print/Sysrq handling, because
that is special everywhere and I'm not entirely sure I've
done that correctly yet. The GTK frontend should now work
correctly when run on X11 servers on Win32 and OS-X, as
well as when run on native Win32/OS-X display backends.

[1] https://gitlab.com/keycodemap/keycodemapdb/

Daniel P. Berrange (15):
  ui: add keycodemapdb repository as a GIT submodule
  ui: convert common input code to keycodemapdb
  ui: convert key events to QKeyCodes immediately
  ui: don't export qemu_input_event_new_key
  ui: use QKeyCode exclusively in InputKeyEvent
  input: convert virtio-input-hid device to keycodemapdb
  input: convert ps2 device to keycodemapdb
  input: convert the adb device to keycodemapdb
  char: convert the escc device to keycodemapdb
  ui: convert cocoa frontend to keycodemapdb
  ui: convert the SDL2 frontend to keycodemapdb
  ui: convert GTK and SDL1 frontends to keycodemapdb
  ui: remove qemu_input_qcode_to_number method
  ui: remove qemu_input_linux_to_qcode method
  display: convert XenInput keyboard to keycodemapdb

 .gitignore  |   2 +
 .gitmodules |   3 +
 hw/char/escc.c  | 128 +-
 hw/display/xenfb.c  | 131 +++---
 hw/input/adb.c  | 126 +-
 hw/input/hid.c  |   6 +-
 hw/input/ps2.c  | 408 +---
 hw/input/virtio-input-hid.c | 138 ++-
 include/hw/input/adb-keys.h | 141 ---
 include/ui/input.h  |  64 ++-
 qapi-schema.json|   2 +-
 replay/replay-input.c   |  36 +---
 ui/Makefile.objs|  41 -
 ui/cocoa.m  | 129 +-
 ui/gtk.c| 205 +-
 ui/input-keymap.c   | 369 ---
 ui/input-legacy.c   |  31 ++--
 ui/input-linux.c|   4 +-
 ui/input.c  |  49 ++
 ui/keycodemapdb |   1 +
 ui/sdl.c| 103 ---
 ui/sdl2-input.c |  14 +-
 ui/sdl2-keymap.h| 267 -
 ui/trace-events |  10 +-
 ui/x_keymap.c   | 247 ++-
 ui/x_keymap.h   |   8 +-
 26 files changed, 495 insertions(+), 2168 deletions(-)
 delete mode 100644 include/hw/input/adb-keys.h
 create mode 16 ui/keycodemapdb
 delete mode 100644 ui/sdl2-keymap.h

-- 
2.13.3

Re: [Qemu-devel] [for-2.10 PATCH v4] 9pfs: local: fix fchmodat_nofollow() limitations

[Zhi Yong Wu]

Tested-by: Zhi Yong Wu 



Regards,


Zhi Yong Wu
At 2017-08-10 00:40:57, "Greg Kurz"  wrote:
>This function has to ensure it doesn't follow a symlink that could be used
>to escape the virtfs directory. This could be easily achieved if fchmodat()
>on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
>it doesn't. There was a tentative to implement a new fchmodat2() syscall
>with the correct semantics:
>
>https://patchwork.kernel.org/patch/9596301/
>
>but it didn't gain much momentum. Also it was suggested to look at an O_PATH
>based solution in the first place.
>
>The current implementation covers most use-cases, but it notably fails if:
>- the target path has access rights equal to  (openat() returns EPERM),
>  => once you've done chmod() on a file, you can never chmod() again
>- the target path is UNIX domain socket (openat() returns ENXIO)
>  => bind() of UNIX domain sockets fails if the file is on 9pfs
>
>The solution is to use O_PATH: openat() now succeeds in both cases, and we
>can ensure the path isn't a symlink with fstat(). The associated entry in
>"/proc/self/fd" can hence be safely passed to the regular chmod() syscall.
>
>The previous behavior is kept for older systems that don't have O_PATH.
>
>Signed-off-by: Greg Kurz 
>Reviewed-by: Eric Blake 
>---
>v4: - fixed #if condition
>- moved out: label above #endif
>- fixed typo in changelog
>- added Eric's r-b
>
>v3: - O_PATH in a separate block of code
>- added a reference to the fchmodat2() tentative in the changelog
>
>v2: - renamed OPENAT_DIR_O_PATH to O_PATH_9P_UTIL and use it as a replacement
>  for O_PATH to avoid build breaks on O_PATH-less systems
>- keep current behavior for O_PATH-less systems
>- added comments
>- TODO in 2.11: add _nofollow suffix to openat_dir() and openat_file()
>---
> hw/9pfs/9p-local.c |   43 ---
> hw/9pfs/9p-util.h  |   24 +++-
> 2 files changed, 51 insertions(+), 16 deletions(-)
>
>diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
>index 6e478f4765ef..d9ef57d343c9 100644
>--- a/hw/9pfs/9p-local.c
>+++ b/hw/9pfs/9p-local.c
>@@ -333,17 +333,27 @@ update_map_file:
> 
> static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode)
> {
>+struct stat stbuf;
> int fd, ret;
> 
> /* FIXME: this should be handled with fchmodat(AT_SYMLINK_NOFOLLOW).
>- * Unfortunately, the linux kernel doesn't implement it yet. As an
>- * alternative, let's open the file and use fchmod() instead. This
>- * may fail depending on the permissions of the file, but it is the
>- * best we can do to avoid TOCTTOU. We first try to open read-only
>- * in case name points to a directory. If that fails, we try write-only
>- * in case name doesn't point to a directory.
>+ * Unfortunately, the linux kernel doesn't implement it yet.
>  */
>-fd = openat_file(dirfd, name, O_RDONLY, 0);
>+
>+ /* First, we clear non-racing symlinks out of the way. */
>+if (fstatat(dirfd, name, , AT_SYMLINK_NOFOLLOW)) {
>+return -1;
>+}
>+if (S_ISLNK(stbuf.st_mode)) {
>+errno = ELOOP;
>+return -1;
>+}
>+
>+/* Access modes are ignored when O_PATH is supported. We try O_RDONLY and
>+ * O_WRONLY for old-systems that don't support O_PATH.
>+ */
>+fd = openat_file(dirfd, name, O_RDONLY | O_PATH_9P_UTIL, 0);
>+#if O_PATH_9P_UTIL == 0
> if (fd == -1) {
> /* In case the file is writable-only and isn't a directory. */
> if (errno == EACCES) {
>@@ -357,6 +367,25 @@ static int fchmodat_nofollow(int dirfd, const char *name, 
>mode_t mode)
> return -1;
> }
> ret = fchmod(fd, mode);
>+#else
>+/* Now we handle racing symlinks. */
>+ret = fstat(fd, );
>+if (ret) {
>+goto out;
>+}
>+if (S_ISLNK(stbuf.st_mode)) {
>+errno = ELOOP;
>+ret = -1;
>+goto out;
>+}
>+
>+{
>+char *proc_path = g_strdup_printf("/proc/self/fd/%d", fd);
>+ret = chmod(proc_path, mode);
>+g_free(proc_path);
>+}
>+out:
>+#endif
> close_preserve_errno(fd);
> return ret;
> }
>diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
>index 91299a24b8af..dc0d2e29aa3b 100644
>--- a/hw/9pfs/9p-util.h
>+++ b/hw/9pfs/9p-util.h
>@@ -13,6 +13,12 @@
> #ifndef QEMU_9P_UTIL_H
> #define QEMU_9P_UTIL_H
> 
>+#ifdef O_PATH
>+#define O_PATH_9P_UTIL O_PATH
>+#else
>+#define O_PATH_9P_UTIL 0
>+#endif
>+
> static inline void close_preserve_errno(int fd)
> {
> int serrno = errno;
>@@ -22,13 +28,8 @@ static inline void close_preserve_errno(int fd)
> 
> static inline int openat_dir(int dirfd, const char *name)
> {
>-#ifdef O_PATH
>-#define OPENAT_DIR_O_PATH O_PATH
>-#else
>-#define OPENAT_DIR_O_PATH 0
>-#endif
> return openat(dirfd, name,
>-  O_DIRECTORY | O_RDONLY | O_NOFOLLOW | 

[Qemu-devel] [Bug 1709784] Re: KVM on 16.04.3 throws an error

[Andrew Cloke]

** Also affects: qemu
   Importance: Undecided
   Status: New

** Also affects: qemu (Ubuntu)
   Importance: Undecided
   Status: New

** No longer affects: qemu

** Changed in: ubuntu-power-systems
 Assignee: (unassigned) => Canonical Server Team (canonical-server)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1709784

Title:
  KVM on 16.04.3 throws an error

Status in The Ubuntu-power-systems project:
  New
Status in linux package in Ubuntu:
  New
Status in qemu package in Ubuntu:
  New

Bug description:
  Problem Description
  
  KVM on Ubuntu 16.04.3 throws an error when used
   
  ---uname output---
  Linux bastion-1 4.4.0-89-generic #112-Ubuntu SMP Mon Jul 31 19:37:08 UTC 2017 
ppc64le ppc64le ppc64le GNU/Linux
   
  Machine Type =  8348-21C Habanero 
   
  ---Steps to Reproduce---
   Install 16.04.3

  install KVM like:

  apt-get install libvirt-bin qemu qemu-slof qemu-system qemu-utils

  then exit and log back in so virsh will work without sudo

  then run my spawn script

  $ cat spawn.sh
  #!/bin/bash

  img=$1
  qemu-system-ppc64 \
  -machine pseries,accel=kvm,usb=off -cpu host -m 512 \
  -display none -nographic \
  -net nic -net user \
  -drive "file=$img"

  with a freshly downloaded ubuntu cloud image

  sudo ./spawn.sh xenial-server-cloudimg-ppc64el-disk1.img

  And I get nothing on the output.

  and errors in dmesg

  
  ubuntu@bastion-1:~$ [  340.180295] Facility 'TM' unavailable, exception at 
0xd000148b7f10, MSR=90009033
  [  340.180399] Oops: Unexpected facility unavailable exception, sig: 6 [#1]
  [  340.180513] SMP NR_CPUS=2048 NUMA PowerNV
  [  340.180547] Modules linked in: xt_CHECKSUM iptable_mangle ipt_MASQUERADE 
nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 
nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp 
bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables 
iptable_filter ip_tables x_tables kvm_hv kvm binfmt_misc joydev input_leds 
mac_hid opal_prd ofpart cmdlinepart powernv_flash ipmi_powernv ipmi_msghandler 
mtd at24 uio_pdrv_genirq uio ibmpowernv powernv_rng vmx_crypto ib_iser rdma_cm 
iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi 
scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov 
async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath 
linear mlx4_en hid_generic usbhid hid uas usb_storage ast i2c_algo_bit bnx2x 
ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mlx4_core drm 
ahci vxlan libahci ip6_udp_tunnel udp_tunnel mdio libcrc32c
  [  340.181331] CPU: 46 PID: 5252 Comm: qemu-system-ppc Not tainted 
4.4.0-89-generic #112-Ubuntu
  [  340.181382] task: c01e34c30b50 ti: c01e34ce4000 task.ti: 
c01e34ce4000
  [  340.181432] NIP: d000148b7f10 LR: d00014822a14 CTR: 
d000148b7e40
  [  340.181475] REGS: c01e34ce77b0 TRAP: 0f60   Not tainted  
(4.4.0-89-generic)
  [  340.181519] MSR: 90009033   CR: 22024848  
XER: 
  [  340.181629] CFAR: d000148b7ea4 SOFTE: 1 
  GPR00: d00014822a14 c01e34ce7a30 d000148cc018 c01e37bc 
  GPR04: c01db9ac c01e34ce7bc0   
  GPR08: 0001 c01e34c30b50 0001 d000148278f8 
  GPR12: d000148b7e40 cfb5b500  001f 
  GPR16: 3fff91c3 0080 3fffa8e34390 3fff9242f200 
  GPR20: 3fff92430010 01001de5c030 3fff9242eb60 100c1ff0 
  GPR24: 3fffc91fe990 3fff91c10028  c01e37bc 
  GPR28:  c01db9ac c01e37bc c01db9ac 
  [  340.182315] NIP [d000148b7f10] kvmppc_vcpu_run_hv+0xd0/0xff0 [kvm_hv]
  [  340.182357] LR [d00014822a14] kvmppc_vcpu_run+0x44/0x60 [kvm]
  [  340.182394] Call Trace:
  [  340.182413] [c01e34ce7a30] [c01e34ce7ab0] 0xc01e34ce7ab0 
(unreliable)
  [  340.182468] [c01e34ce7b70] [d00014822a14] 
kvmppc_vcpu_run+0x44/0x60 [kvm]
  [  340.182522] [c01e34ce7ba0] [d0001481f674] 
kvm_arch_vcpu_ioctl_run+0x64/0x170 [kvm]
  [  340.182581] [c01e34ce7be0] [d00014813918] 
kvm_vcpu_ioctl+0x528/0x7b0 [kvm]
  [  340.182634] [c01e34ce7d40] [c02fffa0] do_vfs_ioctl+0x480/0x7d0
  [  340.182678] [c01e34ce7de0] [c03003c4] SyS_ioctl+0xd4/0xf0
  [  340.182723] [c01e34ce7e30] [c0009204] system_call+0x38/0xb4
  [  340.182766] Instruction dump:
  [  340.182788] e92d02a0 e9290a50 e9290108 792a07e3 41820058 e92d02a0 e9290a50 
e9290108 
  [  340.182863] 7927e8a4 78e71f87 40820ed8 e92d02a0 <7d4022a6> f9490ee8 
e92d02a0 7d4122a6 
  [  340.182938] ---[ end trace bc5080cb7d18f102 ]---
  [  340.276202] 

  
  This was with the latest ubuntu cloud image. I get the same thing when trying 
to use 

Re: [Qemu-devel] [PATCH v6 04/19] migration: Create migration_has_all_channels

[Eric Blake]

On 08/08/2017 11:26 AM, Juan Quintela wrote:
> This functions allows us to decide when to close the listener socket.

s/functions/function/

> For now, we only need one connection.
> 
> Signed-off-by: Juan Quintela 
> ---
-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v7 2/6] qmp: Create IOThrottle structure

[Eric Blake]

On 08/10/2017 09:06 AM, Pradeep Jagadeesh wrote:

>>> It's not "moving it back", it's keeping it where it is. But I see no big
>>> problem with moving it to a common file either.
>>
>> I'd rather not put every struct shared across subsystem boundaries in
>> its own file.
>>
>> We can keep it right where it is for now.  Bonus: more readable diff.
>> If we start sharing more throttle-related material than just a struct,
>> we can reconsider.
>>
>> We could also move it to the existing file for common stuff:
>> qapi/common.json.  Not a great fit, though.
> So, the final conclusion is to move to common.json?

No.

If more than one .json file would benefit by including the definition,
then put it in a separate file that both .json include from.

But if only one .json file would be including a new file, then just
inline the struct directly into that one original file (in this case,
block-core.json) instead of creating a separate file (so no to needing
iothrottle.json), or putting the code in yet a different file than the
one that is using the struct (so no to putting it in common.json).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH for-2.10 v2 0/5] More bdrv_getlength() fixes

[Eric Blake]

On 08/10/2017 08:02 AM, Kevin Wolf wrote:
> Am 09.08.2017 um 22:38 hat Eric Blake geschrieben:
>> We already have a lot of bdrv_getlength() fixes in -rc2; so I think
>> this is still okay for -rc3.
>>
>> v1 was here (with a typo'd subject line):
>> https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01226.html
>>
>> Since v1:
>> - patch 1: fix error message capitalization (Kevin, R-b kept)
>> - fix locking bug in original patch 2 (Kevin)
>> - split original patch 2 into two parts: signature update, and
>> added error checking (Kevin)
>> - check for unlikely integer overflow before bdrv_truncate (Jeff)
>>
>> 001/5:[0002] [FC] 'vpc: Check failure of bdrv_getlength()'
>> 002/5:[down] 'qcow: Change signature of get_cluster_offset()'
>> 003/5:[0048] [FC] 'qcow: Check failure of bdrv_getlength() and 
>> bdrv_truncate()'
>> 004/5:[] [--] 'qcow2: Drop debugging dump_refcounts()'
>> 005/5:[] [--] 'qcow2: Check failure of bdrv_getlength()'
> 
> Looks good to me, but as the bug is far from being critical, I'd rather
> apply the more complex qcow1 patches only to block-next. The vpc and
> qcow2 parts seems a lot less risky, so 2.10 should be okay for them.
> 
> What do you think?

The argument for NOT doing the qcow changes (patches 2 and 3): the only
place where we are not checking for failures is part of
get_cluster_offset() - but in all likelihood, if we were unable to
determine or change the length of the backing file, we will have nearby
problems that will ultimately cause failure soon enough.  Furthermore,
it's not a regression (we've had several releases with the problem), and
qcow is not a good format (it's painfully slow, and we strongly
recommend qcow2 instead) - so no one will be hitting any actual bugs in
practice.

I'll trust your judgment as maintainer, so taking just 1, 4, and 5 in
2.10 is fine.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v6 05/19] qio: Create new qio_channel_{readv, writev}_all

[Daniel P. Berrange]

On Tue, Aug 08, 2017 at 06:26:15PM +0200, Juan Quintela wrote:
> The functions waits until it is able to write the full iov.
> 
> Signed-off-by: Juan Quintela 
> 
> --
> 
> Add tests.
> 
> fix reader to check for len == 0.
> ---
>  include/io/channel.h   | 46 +
>  io/channel.c   | 77 
> ++
>  migration/qemu-file-channel.c  | 29 +---
>  tests/io-channel-helpers.c | 55 ++
>  tests/io-channel-helpers.h |  4 +++
>  tests/test-io-channel-buffer.c | 55 --
>  6 files changed, 235 insertions(+), 31 deletions(-)
> 
> diff --git a/include/io/channel.h b/include/io/channel.h
> index db9bb02..bfc97e2 100644
> --- a/include/io/channel.h
> +++ b/include/io/channel.h
> @@ -269,6 +269,52 @@ ssize_t qio_channel_writev_full(QIOChannel *ioc,
>  Error **errp);
>  
>  /**
> + * qio_channel_readv_all:
> + * @ioc: the channel object
> + * @iov: the array of memory regions to read data into
> + * @niov: the length of the @iov array
> + * @errp: pointer to a NULL-initialized error object
> + *
> + * Read data from the IO channel, storing it in the
> + * memory regions referenced by @iov. Each element
> + * in the @iov will be fully populated with data
> + * before the next one is used. The @niov parameter
> + * specifies the total number of elements in @iov.
> + *
> + * Returns: the number of bytes read, or -1 on error,
> + * or QIO_CHANNEL_ERR_BLOCK if no data is available
> + * and the channel is non-blocking

This is incorrect - it'll never return QIO_CHANNEL_ERR_BLOCK.
If it seems that, it'll go into a wait until data arrives.

> + */
> +ssize_t qio_channel_readv_all(QIOChannel *ioc,
> +  const struct iovec *iov,
> +  size_t niov,
> +  Error **errp);
> +
> +
> +/**
> + * qio_channel_writev_all:
> + * @ioc: the channel object
> + * @iov: the array of memory regions to write data from
> + * @niov: the length of the @iov array
> + * @errp: pointer to a NULL-initialized error object
> + *
> + * Write data to the IO channel, reading it from the
> + * memory regions referenced by @iov. Each element
> + * in the @iov will be fully sent, before the next
> + * one is used. The @niov parameter specifies the
> + * total number of elements in @iov.
> + *
> + * It is required for all @iov data to be fully
> + * sent.
> + *
> + * Returns: the number of bytes sent, or -1 on error,
> + */
> +ssize_t qio_channel_writev_all(QIOChannel *ioc,
> +   const struct iovec *iov,
> +   size_t niov,
> +   Error **erp);
> +
> +/**
>   * qio_channel_readv:
>   * @ioc: the channel object
>   * @iov: the array of memory regions to read data into
> diff --git a/io/channel.c b/io/channel.c
> index 1cfb8b3..0b521f9 100644
> --- a/io/channel.c
> +++ b/io/channel.c
> @@ -22,6 +22,7 @@
>  #include "io/channel.h"
>  #include "qapi/error.h"
>  #include "qemu/main-loop.h"
> +#include "qemu/iov.h"
>  
>  bool qio_channel_has_feature(QIOChannel *ioc,
>   QIOChannelFeature feature)
> @@ -85,6 +86,82 @@ ssize_t qio_channel_writev_full(QIOChannel *ioc,
>  }
>  
>  
> +
> +ssize_t qio_channel_readv_all(QIOChannel *ioc,
> +  const struct iovec *iov,
> +  size_t niov,
> +  Error **errp)
> +{
> +ssize_t done = 0;
> +struct iovec *local_iov = g_new(struct iovec, niov);
> +struct iovec *local_iov_head = local_iov;
> +unsigned int nlocal_iov = niov;

Should be  size_t

> +
> +nlocal_iov = iov_copy(local_iov, nlocal_iov,
> +  iov, niov,
> +  0, iov_size(iov, niov));
> +
> +while (nlocal_iov > 0) {
> +ssize_t len;
> +len = qio_channel_readv(ioc, local_iov, nlocal_iov, errp);
> +if (len == QIO_CHANNEL_ERR_BLOCK) {
> +qio_channel_wait(ioc, G_IO_OUT);


This should be waiting for G_IO_IN


> +continue;
> +} else if (len < 0) {
> +error_setg_errno(errp, EIO,
> + "Channel was not able to read full iov");
> +done = -1;
> +goto cleanup;
> +} else if (len == 0) {
> +goto cleanup;
> +}
> +
> +iov_discard_front(_iov, _iov, len);
> +done += len;
> +}
> +
> + cleanup:
> +g_free(local_iov_head);
> +return done;
> +}
> +
> +ssize_t qio_channel_writev_all(QIOChannel *ioc,
> +   const struct iovec *iov,
> +   size_t niov,
> +   Error **errp)
> +{
> +ssize_t done = 0;
> +struct iovec *local_iov = g_new(struct iovec, niov);
> +struct iovec *local_iov_head = local_iov;
> +