Re: [Qemu-devel] [PATCH 3/3] iothread: delay the context release to finalize

[Fam Zheng]

On Mon, 09/25 13:50, Peter Xu wrote:
> On Mon, Sep 25, 2017 at 01:30:02PM +0800, Fam Zheng wrote:
> > On Mon, 09/25 13:23, Peter Xu wrote:
> > > On Fri, Sep 22, 2017 at 09:09:22PM +0800, Fam Zheng wrote:
> > > > On Fri, 09/22 16:56, Peter Xu wrote:
> > > > > When gcontext is used with iothread, the context will be destroyed
> > > > > during iothread_stop().  That's not good since sometimes we would like
> > > > > to keep the resources until iothread is destroyed, but we may want to
> > > > > stop the thread before that point.
> > > > 
> > > > Would be nice if you can also mention the glib bug that "required" this 
> > > > in the
> > > > commit message.
> > > 
> > > I can add it, but I am not sure it's very closely related (and I'm
> > > afraid that may confuse more people).  Say, even without that bug, I
> > > would still think it not a good idea to free the context in the loop,
> > > especially considering that we have the finalize function there.  Thanks,
> > 
> > It's interesting to know if or not your future change will break without 
> > this
> > patch, this is especially useful for backport.
> 
> I haven't tried to run with iothread and without this patch, but I
> think it should fail, so this patch should be needed.
> 
> The point is that we should not destroy the context before explicitly
> calling remove_fd_in_watch() if the context is running chardevs.
> Without this patch, this rule does not satisfy.  And IIUC this rule
> comes from the glib bug.
> 
> Anyway, I'll mention it in commit message to clarify.

OK, thanks for the explanations! My r-b still stands with the amended commit
log.

Fam

Re: [Qemu-devel] [PATCH 3/3] iothread: delay the context release to finalize

[Peter Xu]

On Mon, Sep 25, 2017 at 01:30:02PM +0800, Fam Zheng wrote:
> On Mon, 09/25 13:23, Peter Xu wrote:
> > On Fri, Sep 22, 2017 at 09:09:22PM +0800, Fam Zheng wrote:
> > > On Fri, 09/22 16:56, Peter Xu wrote:
> > > > When gcontext is used with iothread, the context will be destroyed
> > > > during iothread_stop().  That's not good since sometimes we would like
> > > > to keep the resources until iothread is destroyed, but we may want to
> > > > stop the thread before that point.
> > > 
> > > Would be nice if you can also mention the glib bug that "required" this 
> > > in the
> > > commit message.
> > 
> > I can add it, but I am not sure it's very closely related (and I'm
> > afraid that may confuse more people).  Say, even without that bug, I
> > would still think it not a good idea to free the context in the loop,
> > especially considering that we have the finalize function there.  Thanks,
> 
> It's interesting to know if or not your future change will break without this
> patch, this is especially useful for backport.

I haven't tried to run with iothread and without this patch, but I
think it should fail, so this patch should be needed.

The point is that we should not destroy the context before explicitly
calling remove_fd_in_watch() if the context is running chardevs.
Without this patch, this rule does not satisfy.  And IIUC this rule
comes from the glib bug.

Anyway, I'll mention it in commit message to clarify.

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 34/34] misc: drop old i386 dependency

[Thomas Huth]

On 22.09.2017 18:01, Philippe Mathieu-Daudé wrote:
> while here, add an entry for wdt_ib700 in MAINTAINERS
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/char/debugcon.c  | 1 -
>  hw/intc/lm32_pic.c  | 1 -
>  hw/moxie/moxiesim.c | 1 -
>  hw/sparc/sun4m.c| 1 -
>  hw/watchdog/wdt_ib700.c | 1 -
>  MAINTAINERS | 1 +
>  6 files changed, 1 insertion(+), 5 deletions(-)

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 33/34] hw/alpha: remove old i386 dependency

[Thomas Huth]

On 22.09.2017 18:01, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/alpha/alpha_sys.h | 2 --
>  hw/alpha/pci.c   | 2 ++
>  hw/alpha/typhoon.c   | 2 +-
>  3 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/alpha/alpha_sys.h b/hw/alpha/alpha_sys.h
> index b6d8369ed7..ac685c1c46 100644
> --- a/hw/alpha/alpha_sys.h
> +++ b/hw/alpha/alpha_sys.h
> @@ -5,8 +5,6 @@
>  
>  #include "target/alpha/cpu-qom.h"
>  #include "hw/pci/pci.h"
> -#include "hw/pci/pci_host.h"
> -#include "hw/ide.h"
>  #include "hw/i386/pc.h"

Didn't you want to remove that pc.h line according to the patch description?

 Thomas

Re: [Qemu-devel] [PATCH 31/34] hw/net/rtl8139: use TYPE_PCI_RTL8139

[Thomas Huth]

On 22.09.2017 18:01, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/net/pci.h| 1 +
>  hw/arm/realview.c   | 3 ++-
>  hw/arm/versatilepb.c| 3 ++-
>  hw/mips/mips_fulong2e.c | 3 ++-
>  hw/net/rtl8139.c| 7 +++
>  hw/sh4/r2d.c| 5 +++--
>  6 files changed, 13 insertions(+), 9 deletions(-)

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 29/34] hw/net/e1000e: use TYPE_PCI_E1000E

[Thomas Huth]

On 22.09.2017 18:01, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/net/pci.h | 1 +
>  hw/net/e1000e.c  | 6 +++---
>  2 files changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/include/hw/net/pci.h b/include/hw/net/pci.h
> index b24b5257a5..92111f86f3 100644
> --- a/include/hw/net/pci.h
> +++ b/include/hw/net/pci.h
> @@ -14,6 +14,7 @@
>  #include "hw/pci/pci_bus.h"
>  
>  #define TYPE_PCI_E1000  "e1000"
> +#define TYPE_PCI_E1000E "e1000e"
>  
>  PCIDevice *pci_nic_init_nofail(NICInfo *nd, PCIBus *rootbus,
> const char *default_model,
> diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
> index 6c42b4478c..494f8cced6 100644
> --- a/hw/net/e1000e.c
> +++ b/hw/net/e1000e.c
> @@ -40,6 +40,7 @@
>  #include "sysemu/sysemu.h"
>  #include "hw/pci/msi.h"
>  #include "hw/pci/msix.h"
> +#include "hw/net/pci.h"
>  
>  #include "hw/net/e1000_regs.h"
>  
> @@ -49,8 +50,7 @@
>  #include "trace.h"
>  #include "qapi/error.h"
>  
> -#define TYPE_E1000E "e1000e"
> -#define E1000E(obj) OBJECT_CHECK(E1000EState, (obj), TYPE_E1000E)
> +#define E1000E(obj) OBJECT_CHECK(E1000EState, (obj), TYPE_PCI_E1000E)
>  
>  typedef struct E1000EState {
>  PCIDevice parent_obj;
> @@ -703,7 +703,7 @@ static void e1000e_instance_init(Object *obj)
>  }
>  
>  static const TypeInfo e1000e_info = {
> -.name = TYPE_E1000E,
> +.name =   TYPE_PCI_E1000E,
>  .parent = TYPE_PCI_DEVICE,
>  .instance_size = sizeof(E1000EState),
>  .class_init = e1000e_class_init,
> 

That seems unnecessary to me, since it's not used anywhere outside of
e1000e.c. I'd suggest to drop this patch.

 Thomas

Re: [Qemu-devel] [PATCH 3/3] iothread: delay the context release to finalize

[Fam Zheng]

On Mon, 09/25 13:23, Peter Xu wrote:
> On Fri, Sep 22, 2017 at 09:09:22PM +0800, Fam Zheng wrote:
> > On Fri, 09/22 16:56, Peter Xu wrote:
> > > When gcontext is used with iothread, the context will be destroyed
> > > during iothread_stop().  That's not good since sometimes we would like
> > > to keep the resources until iothread is destroyed, but we may want to
> > > stop the thread before that point.
> > 
> > Would be nice if you can also mention the glib bug that "required" this in 
> > the
> > commit message.
> 
> I can add it, but I am not sure it's very closely related (and I'm
> afraid that may confuse more people).  Say, even without that bug, I
> would still think it not a good idea to free the context in the loop,
> especially considering that we have the finalize function there.  Thanks,

It's interesting to know if or not your future change will break without this
patch, this is especially useful for backport.

Fam

Re: [Qemu-devel] [PATCH 3/3] iothread: delay the context release to finalize

[Peter Xu]

On Fri, Sep 22, 2017 at 09:09:22PM +0800, Fam Zheng wrote:
> On Fri, 09/22 16:56, Peter Xu wrote:
> > When gcontext is used with iothread, the context will be destroyed
> > during iothread_stop().  That's not good since sometimes we would like
> > to keep the resources until iothread is destroyed, but we may want to
> > stop the thread before that point.
> 
> Would be nice if you can also mention the glib bug that "required" this in the
> commit message.

I can add it, but I am not sure it's very closely related (and I'm
afraid that may confuse more people).  Say, even without that bug, I
would still think it not a good idea to free the context in the loop,
especially considering that we have the finalize function there.  Thanks,

> 
> Reviewed-by: Fam Zheng 
> 
> > 
> > Delay the destruction of gcontext to iothread finalize.  Then we can do:
> > 
> >   iothread_stop(thread);
> >   some_cleanup_on_resources();
> >   iothread_destroy(thread);
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  iothread.c | 6 --
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> > 
> > diff --git a/iothread.c b/iothread.c
> > index 894756b..b95369b 100644
> > --- a/iothread.c
> > +++ b/iothread.c
> > @@ -71,8 +71,6 @@ static void *iothread_run(void *opaque)
> >  g_main_loop_unref(loop);
> >  
> >  g_main_context_pop_thread_default(iothread->worker_context);
> > -g_main_context_unref(iothread->worker_context);
> > -iothread->worker_context = NULL;
> >  }
> >  }
> >  
> > @@ -117,6 +115,10 @@ static void iothread_instance_finalize(Object *obj)
> >  IOThread *iothread = IOTHREAD(obj);
> >  
> >  iothread_stop(iothread);
> > +if (iothread->worker_context) {
> > +g_main_context_unref(iothread->worker_context);
> > +iothread->worker_context = NULL;
> > +}
> >  qemu_cond_destroy(>init_done_cond);
> >  qemu_mutex_destroy(>init_done_lock);
> >  if (!iothread->ctx) {
> > -- 
> > 2.7.4
> > 
> > 

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 17/34] hw/virtio-balloon: remove old i386 dependency

[Thomas Huth]

On 22.09.2017 17:39, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/virtio/virtio-balloon.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> index 37cde38982..14e08d20d0 100644
> --- a/hw/virtio/virtio-balloon.c
> +++ b/hw/virtio/virtio-balloon.c
> @@ -18,7 +18,7 @@
>  #include "qemu/timer.h"
>  #include "qemu-common.h"
>  #include "hw/virtio/virtio.h"
> -#include "hw/i386/pc.h"
> +#include "hw/mem/pc-dimm.h"
>  #include "sysemu/balloon.h"
>  #include "hw/virtio/virtio-balloon.h"
>  #include "sysemu/kvm.h"
> 

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 18/34] hw/unicore32: restrict hw addr defines to source file

[Thomas Huth]

On 22.09.2017 17:39, Philippe Mathieu-Daudé wrote:
> and drop unused #includes
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/unicore32/puv3.h | 10 --
>  hw/unicore32/puv3.c | 16 ++--
>  2 files changed, 10 insertions(+), 16 deletions(-)
> 
> diff --git a/include/hw/unicore32/puv3.h b/include/hw/unicore32/puv3.h
> index 5a4839f8df..f587a1f622 100644
> --- a/include/hw/unicore32/puv3.h
> +++ b/include/hw/unicore32/puv3.h
> @@ -14,16 +14,6 @@
>  
>  #define PUV3_REGS_OFFSET(0x1000) /* 4K is reasonable */
>  
> -/* PKUnity System bus (AHB): 0xc000 - 0xedff (640MB) */
> -#define PUV3_DMA_BASE   (0xc020) /* AHB-4 */
> -
> -/* PKUnity Peripheral bus (APB): 0xee00 - 0xefff (128MB) */
> -#define PUV3_GPIO_BASE  (0xee50) /* APB-5 */
> -#define PUV3_INTC_BASE  (0xee60) /* APB-6 */
> -#define PUV3_OST_BASE   (0xee80) /* APB-8 */
> -#define PUV3_PM_BASE(0xeea0) /* APB-10 */
> -#define PUV3_PS2_BASE   (0xeeb0) /* APB-11 */
> -
>  /* Hardware interrupts */
>  #define PUV3_IRQS_NR(32)
>  
> diff --git a/hw/unicore32/puv3.c b/hw/unicore32/puv3.c
> index 504ea46211..6849bac59c 100644
> --- a/hw/unicore32/puv3.c
> +++ b/hw/unicore32/puv3.c
> @@ -11,16 +11,10 @@
>  
>  #include "qemu/osdep.h"
>  #include "qapi/error.h"
> -#include "qemu-common.h"
>  #include "cpu.h"
>  #include "ui/console.h"
> -#include "elf.h"
> -#include "exec/address-spaces.h"
> -#include "hw/sysbus.h"
>  #include "hw/boards.h"
>  #include "hw/loader.h"
> -#include "hw/i386/pc.h"
> -#include "qemu/error-report.h"
>  #include "sysemu/qtest.h"
>  
>  #undef DEBUG_PUV3
> @@ -29,6 +23,16 @@
>  #define KERNEL_LOAD_ADDR0x0300
>  #define KERNEL_MAX_SIZE 0x0080 /* Just a guess */
>  
> +/* PKUnity System bus (AHB): 0xc000 - 0xedff (640MB) */
> +#define PUV3_DMA_BASE   (0xc020) /* AHB-4 */
> +
> +/* PKUnity Peripheral bus (APB): 0xee00 - 0xefff (128MB) */
> +#define PUV3_GPIO_BASE  (0xee50) /* APB-5 */
> +#define PUV3_INTC_BASE  (0xee60) /* APB-6 */
> +#define PUV3_OST_BASE   (0xee80) /* APB-8 */
> +#define PUV3_PM_BASE(0xeea0) /* APB-10 */
> +#define PUV3_PS2_BASE   (0xeeb0) /* APB-11 */
> +
>  static void puv3_intc_cpu_handler(void *opaque, int irq, int level)
>  {
>  UniCore32CPU *cpu = opaque;
> 

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 15/34] hw/i2c: remove old i386 dependency

[Thomas Huth]

On 22.09.2017 17:39, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/i2c/pm_smbus.c   | 1 -
>  hw/i2c/smbus_ich9.c | 1 -
>  2 files changed, 2 deletions(-)
>

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 11/34] i386/pc: use TYPE_PORT92

[Thomas Huth]

On 22.09.2017 17:39, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/i386/pc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 05985d4927..f116cede91 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -1577,7 +1577,7 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq 
> *gsi,
>  qdev_prop_set_ptr(dev, "ps2_mouse", i8042);
>  qdev_init_nofail(dev);
>  }
> -port92 = isa_create_simple(isa_bus, "port92");
> +port92 = isa_create_simple(isa_bus, TYPE_PORT92);
>  port92_init(port92, a20_line[1]);
>  g_free(a20_line);

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 12/34] misc: remove old i386 dependency

[Thomas Huth]

On 22.09.2017 17:39, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/audio/pcspk.c| 1 -
>  hw/i386/kvm/pci-assign.c| 1 -
>  hw/i386/pci-assign-load-rom.c   | 1 -
>  hw/i386/xen/xen_platform.c  | 1 -
>  hw/isa/vt82c686.c   | 1 -
>  hw/misc/ivshmem.c   | 1 -
>  hw/misc/sga.c   | 1 -
>  hw/pci-bridge/pci_expander_bridge.c | 1 -
>  monitor.c   | 1 -
>  9 files changed, 9 deletions(-)

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 10/34] amd_iommu: avoid needless includes in header file

[Thomas Huth]

On 22.09.2017 17:39, Philippe Mathieu-Daudé wrote:
> instead move them to the source file
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/i386/amd_iommu.h | 5 -
>  hw/i386/amd_iommu.c | 5 -
>  2 files changed, 4 insertions(+), 6 deletions(-)

Reviewed-by: Thomas Huth 

[Qemu-devel] [Bug 1681439] Re: qemu-system-x86_64: hw/ide/core.c:685: ide_cancel_dma_sync: Assertion `s->bus->dma->aiocb == NULL' failed.

[Michał Kępień via Qemu-devel]

I cannot reproduce this any more with QEMU 2.9.0.  As I do not really
have time right now to determine which commit fixed this, feel free to
close this bug.  I will reopen it in case the issue resurfaces.  Thanks
for your assistance.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1681439

Title:
  qemu-system-x86_64: hw/ide/core.c:685: ide_cancel_dma_sync: Assertion
  `s->bus->dma->aiocb == NULL' failed.

Status in QEMU:
  New

Bug description:
  Since upgrading to QEMU 2.8.0, my Windows 7 64-bit virtual machines
  started crashing due to the assertion quoted in the summary failing.
  The assertion in question was added by commit 9972354856 ("block: add
  BDS field to count in-flight requests").  My tests show that setting
  discard=unmap is needed to reproduce the issue.  Speaking of
  reproduction, it is a bit flaky, because I have been unable to come up
  with specific instructions that would allow the issue to be triggered
  outside of my environment, but I do have a semi-sane way of testing that
  appears to depend on a specific initial state of data on the underlying
  storage volume, actions taken within the VM and waiting for about 20
  minutes.

  Here is the shortest QEMU command line that I managed to reproduce the
  bug with:

  qemu-system-x86_64 \
  -machine pc-i440fx-2.7,accel=kvm \
  -m 3072 \
  -drive file=/dev/lvm/qemu,format=raw,if=ide,discard=unmap \
-netdev tap,id=hostnet0,ifname=tap0,script=no,downscript=no,vhost=on \
  -device virtio-net-pci,netdev=hostnet0 \
-vnc :0

  The underlying storage (/dev/lvm/qemu) is a thin LVM snapshot.

  QEMU was compiled using:

  ./configure --python=/usr/bin/python2.7 --target-list=x86_64-softmmu
  make -j3

  My virtualization environment is not really a critical one and
  reproduction is not that much of a hassle, so if you need me to gather
  further diagnostic information or test patches, I will be happy to help.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1681439/+subscriptions

Re: [Qemu-devel] [PATCH 2/3] iothread: export iothread_stop()

[Peter Xu]

On Fri, Sep 22, 2017 at 09:06:26PM +0800, Fam Zheng wrote:
> On Fri, 09/22 16:56, Peter Xu wrote:
> > So that internal iothread users can explicitly stop one iothread without
> > destroying it.
> > 
> > Since at it, fix iothread_stop() to allow re-entrance.  Before this
> 
> I don't think there is any re-entrace here. Maybe you mean
> 
> s/re-entrance/calling multiple times/
> 
> ?

Yes, you are right.

> 
> > patch we may call iothread_stop() twice on single iothread, while that
> > may not be correct since qemu_thread_join() is not allowed to run twice.
> > From manual of pthread_join():
> 
> Is one call from iothread_stop_all() and one from object finalize?

Yes.

> 
> > 
> >   Joining with a thread that has previously been joined results in
> >   undefined behavior.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >  include/sysemu/iothread.h |  1 +
> >  iothread.c| 24 
> >  2 files changed, 17 insertions(+), 8 deletions(-)
> > 
> > diff --git a/include/sysemu/iothread.h b/include/sysemu/iothread.h
> > index b07663f..110329b 100644
> > --- a/include/sysemu/iothread.h
> > +++ b/include/sysemu/iothread.h
> > @@ -52,6 +52,7 @@ GMainContext *iothread_get_g_main_context(IOThread 
> > *iothread);
> >   * "query-iothreads".
> >   */
> >  IOThread *iothread_create(const char *id, Error **errp);
> > +void iothread_stop(IOThread *iothread);
> >  void iothread_destroy(IOThread *iothread);
> >  
> >  #endif /* IOTHREAD_H */
> > diff --git a/iothread.c b/iothread.c
> > index 74e400c..894756b 100644
> > --- a/iothread.c
> > +++ b/iothread.c
> > @@ -80,13 +80,10 @@ static void *iothread_run(void *opaque)
> >  return NULL;
> >  }
> >  
> > -static int iothread_stop(Object *object, void *opaque)
> > +void iothread_stop(IOThread *iothread)
> >  {
> > -IOThread *iothread;
> > -
> > -iothread = (IOThread *)object_dynamic_cast(object, TYPE_IOTHREAD);
> > -if (!iothread || !iothread->ctx) {
> > -return 0;
> > +if (iothread->stopping) {
> > +return;
> >  }
> >  iothread->stopping = true;
> >  aio_notify(iothread->ctx);
> > @@ -94,6 +91,17 @@ static int iothread_stop(Object *object, void *opaque)
> >  g_main_loop_quit(iothread->main_loop);
> >  }
> >  qemu_thread_join(>thread);
> > +}
> > +
> > +static int iothread_stop_iter(Object *object, void *opaque)
> > +{
> > +IOThread *iothread;
> > +
> > +iothread = (IOThread *)object_dynamic_cast(object, TYPE_IOTHREAD);
> > +if (!iothread || !iothread->ctx) {
> > +return 0;
> > +}
> 
> I think the check of iothread->ctx can be moved to iothread_stop() too.

Yes, will do.

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v4 5/5] s390x/css: support ccw IDA

[Dong Jia Shi]

* Halil Pasic  [2017-09-21 20:08:41 +0200]:

> Let's add indirect data addressing support for our virtual channel
> subsystem. This implementation does not bother with any kind of
> prefetching. We simply step through the IDAL on demand.
> 
> Signed-off-by: Halil Pasic 
> ---
>  hw/s390x/css.c | 114 
> -
>  1 file changed, 113 insertions(+), 1 deletion(-)
> 

LGTM:
Reviewed-by: Dong Jia Shi 

[...]

-- 
Dong Jia Shi

Re: [Qemu-devel] [PATCH v2] docker: add installation to build tests

[Fam Zheng]

On Fri, 09/22 17:49, Paolo Bonzini wrote:
> diff --git a/tests/docker/common.rc b/tests/docker/common.rc
> index 6865689..1522aab 100755
> --- a/tests/docker/common.rc
> +++ b/tests/docker/common.rc
> @@ -36,3 +36,11 @@ build_qemu()
>  $QEMU_SRC/configure $config_opts
>  make $MAKEFLAGS
>  }
> +
> +install_qemu()
> +{
> +make install $MAKEFLAGS DESTDIR=$PWD/=destdir

Why provide DESTDIR? build_qemu already has "--prefix=$INSTALL_DIR", can a
simple "make install $MAKEFLAGS" work? Is there a permission problem?

> +ret=$?
> +rm -rf $PWD/=destdir

Why is this cleanup needed given the container will go away anyway?

Fam

Re: [Qemu-devel] [PATCH v4 4/5] 390x/css: introduce maximum data address checking

[Dong Jia Shi]

* Halil Pasic  [2017-09-21 20:08:40 +0200]:

> The architecture mandates the addresses to be accessed on the first
> indirection level (that is, the data addresses without IDA, and the
> (M)IDAW addresses with (M)IDA) to be checked against an CCW format
> dependent limit maximum address.  If a violation is detected, the storage
> access is not to be performed and a channel program check needs to be
> generated. As of today, we fail to do this check.
> 
> Let us stick even closer to the architecture specification.
> 
> Signed-off-by: Halil Pasic 
> ---
>  hw/s390x/css.c | 10 ++
>  include/hw/s390x/css.h |  1 +
>  2 files changed, 11 insertions(+)
> 
> diff --git a/hw/s390x/css.c b/hw/s390x/css.c
> index e0d989829f..cd5580ebb8 100644
> --- a/hw/s390x/css.c
> +++ b/hw/s390x/css.c
> @@ -795,6 +795,11 @@ static inline int cds_check_len(CcwDataStream *cds, int 
> len)
>  return cds->flags & CDS_F_STREAM_BROKEN ? -EINVAL : len;
>  }
> 
> +static inline bool cds_ccw_addrs_ok(hwaddr addr, int len, bool ccw_fmt1)
> +{
> +return (addr + len) < (ccw_fmt1 ? (1UL << 31) : (1UL << 24));
> +}
> +
>  static int ccw_dstream_rw_noflags(CcwDataStream *cds, void *buff, int len,
>CcwDataStreamOp op)
>  {
> @@ -804,6 +809,9 @@ static int ccw_dstream_rw_noflags(CcwDataStream *cds, 
> void *buff, int len,
>  if (ret <= 0) {
>  return ret;
>  }
> +if (!cds_ccw_addrs_ok(cds->cda, len, cds->flags & CDS_F_FMT)) {
> +return -EINVAL; /* channel program check */
> +}
>  if (op == CDS_OP_A) {
>  goto incr;
>  }
> @@ -828,7 +836,9 @@ void ccw_dstream_init(CcwDataStream *cds, CCW1 const 
> *ccw, ORB const *orb)
>  g_assert(!(orb->ctrl1 & ORB_CTRL1_MASK_MIDAW));
>  cds->flags = (orb->ctrl0 & ORB_CTRL0_MASK_I2K ? CDS_F_I2K : 0) |
>   (orb->ctrl0 & ORB_CTRL0_MASK_C64 ? CDS_F_C64 : 0) |
> + (orb->ctrl0 & ORB_CTRL0_MASK_FMT ? CDS_F_FMT : 0) |
>   (ccw->flags & CCW_FLAG_IDA ? CDS_F_IDA : 0);
> +
>  cds->count = ccw->count;
>  cds->cda_orig = ccw->cda;
>  ccw_dstream_rewind(cds);
> diff --git a/include/hw/s390x/css.h b/include/hw/s390x/css.h
> index 078356e94c..69b374730e 100644
> --- a/include/hw/s390x/css.h
> +++ b/include/hw/s390x/css.h
> @@ -87,6 +87,7 @@ typedef struct CcwDataStream {
>  #define CDS_F_MIDA  0x02
>  #define CDS_F_I2K   0x04
>  #define CDS_F_C64   0x08
> +#define CDS_F_FMT   0x10 /* CCW format-1 */
>  #define CDS_F_STREAM_BROKEN  0x80
>  uint8_t flags;
>  uint8_t at_idaw;
> -- 
> 2.13.5
> 

Reviewed-by: Dong Jia Shi 

-- 
Dong Jia Shi

Re: [Qemu-devel] [PATCH] MAINTAINERS: Fix subsystem name for "Build and test automation"

[Fam Zheng]

On Fri, 09/22 16:02, Eric Blake wrote:
> On 09/21/2017 10:30 PM, Fam Zheng wrote:
> 
> >>>  Build and test automation
> >>>  -
> >>> +Build and test automation
> >>
> >> Would it make sense to use something more specific here? Like "Travis
> >> and Docker" or so? ... in case we add other subsections in the future?
> > 
> > Unless we are to split off (i.e. more people volunteering maintaining a 
> > certain
> > subset), the list will just go on and on in this line. For not it's already
> > going to be "Travis, Shippable, Docker and VM test".. so I think a generic
> > description here is okay, though the duplication is a bit odd (but I don't 
> > have
> > a better idea).
> 
> Or we could make a generic section of "Build, Tests, and Documentation",
> and merge in the "Build system architecture" of the
> immediately-subsequent "Documentation" section, as well as possibly any
> future sections for someone to maintain top-level build-related files
> (including MAINTAINERS itself...), so that we have just one larger
> section with multiple sub-sections, instead of two sections each with
> one sub-section.

That sounds okay, but actually most of the files under docs/ don't have a
maintainer, so in the hope that one day they will, the "Documentation" section
may be a good place to host more entries.

Fam

Re: [Qemu-devel] [PATCH v3 1/3] block: add bdrv_co_drain_end callback

[Fam Zheng]

On Sat, 09/23 14:14, Manos Pitsidianakis wrote:
> BlockDriverState has a bdrv_co_drain() callback but no equivalent for
> the end of the drain. The throttle driver (block/throttle.c) needs a way
> to mark the end of the drain in order to toggle io_limits_disabled
> correctly, thus bdrv_co_drain_end is needed.
> 
> Signed-off-by: Manos Pitsidianakis 

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] [PATCH v7 8/8] tpm: Added support for TPM emulator

[Stefan Berger]

On 09/24/2017 02:52 PM, Marc-André Lureau wrote:

Hi

Thanks for the nice update, removing the exec() code, using chardev
and a private socketpair. Some comments below:

On Fri, Sep 22, 2017 at 2:33 PM, Amarnath Valluri
 wrote:

This change introduces a new TPM backend driver that can communicate with
swtpm(software TPM emulator) using unix domain socket interface. QEMU talks to
TPM emulator using socket based chardev backend device.

Swtpm uses two Unix sockets for communications, one for plain TPM commands and
responses, and one for out-of-band control messages. QEMU passes data socket
been used over the control channel.

The swtpm and associated tools can be found here:
 https://github.com/stefanberger/swtpm

The swtpm's control channel protocol specification can be found here:
 https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification

Usage:
 # setup TPM state directory
 mkdir /tmp/mytpm
 chown -R tss:root /tmp/mytpm
 /usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek

 # Ask qemu to use TPM emulator with given tpm state directory
 qemu-system-x86_64 \
 [...] \
 -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \
 -tpmdev emulator,id=tpm0,chardev=chrtpm \
 -device tpm-tis,tpmdev=tpm0 \
 [...]

Signed-off-by: Amarnath Valluri 
---
  configure |  15 +-
  hmp.c |   5 +
  hw/tpm/Makefile.objs  |   1 +
  hw/tpm/tpm_emulator.c | 649 ++
  hw/tpm/tpm_ioctl.h| 246 +++
  qapi/tpm.json |  21 +-
  qemu-options.hx   |  22 +-
  7 files changed, 950 insertions(+), 9 deletions(-)
  create mode 100644 hw/tpm/tpm_emulator.c
  create mode 100644 hw/tpm/tpm_ioctl.h

diff --git a/configure b/configure
index cb0f7ed..ce2df2d 100755
--- a/configure
+++ b/configure
@@ -3461,10 +3461,15 @@ fi
  ##
  # TPM passthrough is only on x86 Linux

-if test "$targetos" = Linux && test "$cpu" = i386 -o "$cpu" = x86_64; then
-  tpm_passthrough=$tpm
+if test "$targetos" = Linux; then
+  tpm_emulator=$tpm
+  if test "$cpu" = i386 -o "$cpu" = x86_64; then
+tpm_passthrough=$tpm
+  else
+tpm_passthrough=no
+  fi
  else
-  tpm_passthrough=no
+  tpm_emulator=no
  fi

  ##
@@ -5359,6 +5364,7 @@ echo "gcov enabled  $gcov"
  echo "TPM support   $tpm"
  echo "libssh2 support   $libssh2"
  echo "TPM passthrough   $tpm_passthrough"
+echo "TPM emulator  $tpm_emulator"
  echo "QOM debugging $qom_cast_debug"
  echo "Live block migration $live_block_migration"
  echo "lzo support   $lzo"
@@ -5943,6 +5949,9 @@ if test "$tpm" = "yes"; then
if test "$tpm_passthrough" = "yes"; then
  echo "CONFIG_TPM_PASSTHROUGH=y" >> $config_host_mak
fi
+  if test "$tpm_emulator" = "yes"; then
+echo "CONFIG_TPM_EMULATOR=y" >> $config_host_mak

It shouldn't require Linux, but posix (and I assume a port to other
systems isn't impossible). same for build-sys / help / comments.


+  fi
  fi

  echo "TRACE_BACKENDS=$trace_backends" >> $config_host_mak
diff --git a/hmp.c b/hmp.c
index cf62b2e..7e69eca 100644
--- a/hmp.c
+++ b/hmp.c
@@ -995,6 +995,7 @@ void hmp_info_tpm(Monitor *mon, const QDict *qdict)
  Error *err = NULL;
  unsigned int c = 0;
  TPMPassthroughOptions *tpo;
+TPMEmulatorOptions *teo;

  info_list = qmp_query_tpm();
  if (err) {
@@ -1024,6 +1025,10 @@ void hmp_info_tpm(Monitor *mon, const QDict *qdict)
 tpo->has_cancel_path ? ",cancel-path=" : "",
 tpo->has_cancel_path ? tpo->cancel_path : "");
  break;
+case TPM_TYPE_EMULATOR:
+teo = ti->options->u.emulator.data;
+monitor_printf(mon, ",chardev=%s", teo->chardev);
+break;
  case TPM_TYPE__MAX:
  break;
  }
diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
index 64cecc3..41f0b7a 100644
--- a/hw/tpm/Makefile.objs
+++ b/hw/tpm/Makefile.objs
@@ -1,2 +1,3 @@
  common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
  common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o tpm_util.o
+common-obj-$(CONFIG_TPM_EMULATOR) += tpm_emulator.o tpm_util.o
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
new file mode 100644
index 000..c02bbe2
--- /dev/null
+++ b/hw/tpm/tpm_emulator.c
@@ -0,0 +1,649 @@
+/*
+ *  emulator TPM driver
+ *
+ *  Copyright (c) 2017 Intel Corporation
+ *  Author: Amarnath Valluri 
+ *
+ *  Copyright (c) 2010 - 2013 IBM Corporation
+ *  Authors:
+ *Stefan Berger 
+ *
+ *  Copyright (C) 2011 IAIK, Graz University of Technology
+ *Author: Andreas Niederl
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by 

[Qemu-devel] [PULL 09/31] MAINTAINERS: add missing PCI entries

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Marcel Apfelbaum 
Acked-by: Michael S. Tsirkin 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index b77131ec5f..dcd07505b0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -930,6 +930,8 @@ F: include/hw/pci/*
 F: hw/misc/pci-testdev.c
 F: hw/pci/*
 F: hw/pci-bridge/*
+F: docs/pci*
+F: docs/specs/*pci*
 
 ACPI/SMBIOS
 M: Michael S. Tsirkin 
-- 
2.11.0

[Qemu-devel] [PULL 27/31] nbd-client: Use correct macro parenthesization

[Michael Tokarev]

From: Eric Blake 

If 'bs' is a complex expression, we were only casting the front half
rather than the full expression.  Luckily, none of the callers were
passing bad arguments, but it's better to be robust up front.

Signed-off-by: Eric Blake 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Michael Tokarev 
---
 block/nbd-client.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/nbd-client.c b/block/nbd-client.c
index ee7f758e68..cc05e73c2d 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -31,8 +31,8 @@
 #include "qapi/error.h"
 #include "nbd-client.h"
 
-#define HANDLE_TO_INDEX(bs, handle) ((handle) ^ ((uint64_t)(intptr_t)bs))
-#define INDEX_TO_HANDLE(bs, index)  ((index)  ^ ((uint64_t)(intptr_t)bs))
+#define HANDLE_TO_INDEX(bs, handle) ((handle) ^ (uint64_t)(intptr_t)(bs))
+#define INDEX_TO_HANDLE(bs, index)  ((index)  ^ (uint64_t)(intptr_t)(bs))
 
 static void nbd_recv_coroutines_wake_all(NBDClientSession *s)
 {
-- 
2.11.0

Re: [Qemu-devel] [PATCH v11 0/5] Add support for Smartfusion2 SoC

[sundeep subbaraya]

Thanks Peter, Philippe and Alistair :)
Sundeep

On Thu, Sep 21, 2017 at 10:03 PM, Peter Maydell 
wrote:

> On 20 September 2017 at 21:17, Philippe Mathieu-Daudé 
> wrote:
> > Hi Peter,
> >
> > Now than Igor's patch landed, I respin Sundeep's series updating it to
> work
> > after the "arm: drop intermediate cpu_model -> cpu type parsing and use
> cpu
> > type directly" patch.
> >
> > v11:
> > - msf2-soc.c: add a check for null m3clk
> > - msf2-soc.c, msf2-som.c: drop cpu_model to directly use cpu type
> >
> > --
>
> Applied to target-arm.next.
>
> Thanks to Sundeep for being so patient with our code review process,
> and to Philippe and Alistair for doing the review and shepherding
> the series through it.
>
> thank
> -- PMM
>

[Qemu-devel] [PATCH v2] hw/pci-bridge/pcie_pci_bridge: properly handle MSI unavailability case

[Aleksandr Bezzubikov]

QEMU with the pcie-pci-bridge device crashes if the guest board doesn't support 
MSI,
e.g. 'qemu-system-ppc64 -M prep -device pcie-pci-bridge'.
This is caused by wrong pcie-pci-bridge instantiation error handling. This 
patch fixes this issue
by falling back to legacy INTx if MSI is not available.
Also set the bridge's 'msi' property default value to 'auto' in order to 
trigger errors 
only when user explicitly set msi=on.

v2:
rewrite the commit message

Reported-by: Eduardo Habkost 
Signed-off-by: Aleksandr Bezzubikov 
Reviewed-by: Marcel Apfelbaum 
---
 hw/pci-bridge/pcie_pci_bridge.c | 24 ++--
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/hw/pci-bridge/pcie_pci_bridge.c b/hw/pci-bridge/pcie_pci_bridge.c
index 9aa5cc3..da562fe 100644
--- a/hw/pci-bridge/pcie_pci_bridge.c
+++ b/hw/pci-bridge/pcie_pci_bridge.c
@@ -65,10 +65,18 @@ static void pcie_pci_bridge_realize(PCIDevice *d, Error 
**errp)
 goto aer_error;
 }
 
+Error *local_err = NULL;
 if (pcie_br->msi != ON_OFF_AUTO_OFF) {
-rc = msi_init(d, 0, 1, true, true, errp);
+rc = msi_init(d, 0, 1, true, true, _err);
 if (rc < 0) {
-goto msi_error;
+assert(rc == -ENOTSUP);
+if (pcie_br->msi != ON_OFF_AUTO_ON) {
+error_free(local_err);
+} else {
+/* failed to satisfy user's explicit request for MSI */
+error_propagate(errp, local_err);
+goto msi_error;
+}
 }
 }
 pci_register_bar(d, 0, PCI_BASE_ADDRESS_SPACE_MEMORY |
@@ -81,7 +89,7 @@ aer_error:
 pm_error:
 pcie_cap_exit(d);
 cap_error:
-shpc_free(d);
+shpc_cleanup(d, _br->shpc_bar);
 error:
 pci_bridge_exitfn(d);
 }
@@ -98,7 +106,9 @@ static void pcie_pci_bridge_reset(DeviceState *qdev)
 {
 PCIDevice *d = PCI_DEVICE(qdev);
 pci_bridge_reset(qdev);
-msi_reset(d);
+if (msi_present(d)) {
+msi_reset(d);
+}
 shpc_reset(d);
 }
 
@@ -106,12 +116,14 @@ static void pcie_pci_bridge_write_config(PCIDevice *d,
 uint32_t address, uint32_t val, int len)
 {
 pci_bridge_write_config(d, address, val, len);
-msi_write_config(d, address, val, len);
+if (msi_present(d)) {
+msi_write_config(d, address, val, len);
+}
 shpc_cap_write_config(d, address, val, len);
 }
 
 static Property pcie_pci_bridge_dev_properties[] = {
-DEFINE_PROP_ON_OFF_AUTO("msi", PCIEPCIBridge, msi, ON_OFF_AUTO_ON),
+DEFINE_PROP_ON_OFF_AUTO("msi", PCIEPCIBridge, msi, ON_OFF_AUTO_AUTO),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.7.4

[Qemu-devel] [PULL 20/31] hw/display/xenfb.c: Add trace_xenfb_key_event

[Michael Tokarev]

From: Liang Yan 

It may be better to add a trace event to monitor the last moment of
a key event from QEMU to guest VM

Signed-off-by: Liang Yan 
Signed-off-by: Michael Tokarev 
---
 hw/display/trace-events | 1 +
 hw/display/xenfb.c  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/hw/display/trace-events b/hw/display/trace-events
index ed8cca0755..da498c1def 100644
--- a/hw/display/trace-events
+++ b/hw/display/trace-events
@@ -6,6 +6,7 @@ jazz_led_write(uint64_t addr, uint8_t new) "write 
addr=0x%"PRIx64": 0x%x"
 
 # hw/display/xenfb.c
 xenfb_mouse_event(void *opaque, int dx, int dy, int dz, int button_state, int 
abs_pointer_wanted) "%p x %d y %d z %d bs 0x%x abs %d"
+xenfb_key_event(void *opaque, int scancode, int button_state) "%p scancode %d 
bs 0x%x"
 xenfb_input_connected(void *xendev, int abs_pointer_wanted) "%p abs %d"
 
 # hw/display/g364fb.c
diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index df8b78f6f4..8e2547ac05 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -290,6 +290,7 @@ static void xenfb_key_event(void *opaque, int scancode)
scancode |= 0x80;
xenfb->extended = 0;
 }
+trace_xenfb_key_event(opaque, scancode2linux[scancode], down);
 xenfb_send_key(xenfb, down, scancode2linux[scancode]);
 }
 
-- 
2.11.0

[Qemu-devel] [PULL 19/31] aux-to-i2c-bridge: don't allow user to create one

[Michael Tokarev]

From: KONRAD Frederic 

This device is private and is created once per aux-bus.
So don't allow the user to create one from command-line.

Reported-by: Thomas Huth 
Signed-off-by: KONRAD Frederic 
Reviewed-by: Thomas Huth 
Signed-off-by: Michael Tokarev 
---
 hw/misc/auxbus.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/hw/misc/auxbus.c b/hw/misc/auxbus.c
index 8a90ddda84..1182745044 100644
--- a/hw/misc/auxbus.c
+++ b/hw/misc/auxbus.c
@@ -210,6 +210,16 @@ struct AUXTOI2CState {
 I2CBus *i2c_bus;
 };
 
+static void aux_bridge_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+
+/* This device is private and is created only once for each
+ * aux-bus in aux_init_bus(..). So don't allow the user to add one.
+ */
+dc->user_creatable = false;
+}
+
 static void aux_bridge_init(Object *obj)
 {
 AUXTOI2CState *s = AUXTOI2C(obj);
@@ -225,6 +235,7 @@ static inline I2CBus *aux_bridge_get_i2c_bus(AUXTOI2CState 
*bridge)
 static const TypeInfo aux_to_i2c_type_info = {
 .name = TYPE_AUXTOI2C,
 .parent = TYPE_DEVICE,
+.class_init = aux_bridge_class_init,
 .instance_size = sizeof(AUXTOI2CState),
 .instance_init = aux_bridge_init
 };
-- 
2.11.0

[Qemu-devel] [PULL 29/31] tests/boot-sector: Increase timeout to 600 seconds

[Michael Tokarev]

From: Thomas Huth 

If QEMU has been compiled with the flags --enable-tcg-interpreter and
--enable-debug, the guest is running incredibly slow. The pxe boot test
can take up to 400 seconds when testing the pseries ppc64 machine. While
we should still look for ways to speed up the test on the pseries machine,
it's better to increase the timeout in this test to 600 seconds anyway to
allow the test to pass successfully now with this unusal configuration
already.

Signed-off-by: Thomas Huth 
Reviewed-by: Stefan Weil 
Signed-off-by: Michael Tokarev 
---
 tests/boot-sector.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/boot-sector.c b/tests/boot-sector.c
index 9ee85370b0..be29d5bb9b 100644
--- a/tests/boot-sector.c
+++ b/tests/boot-sector.c
@@ -137,9 +137,9 @@ void boot_sector_test(void)
 uint16_t signature;
 int i;
 
-/* Wait at most 90 seconds */
+/* Wait at most 600 seconds (test is slow with TCI and --enable-debug) */
 #define TEST_DELAY (1 * G_USEC_PER_SEC / 10)
-#define TEST_CYCLES MAX((90 * G_USEC_PER_SEC / TEST_DELAY), 1)
+#define TEST_CYCLES MAX((600 * G_USEC_PER_SEC / TEST_DELAY), 1)
 
 /* Poll until code has run and modified memory.  Once it has we know BIOS
  * initialization is done.  TODO: check that IP reached the halt
-- 
2.11.0

[Qemu-devel] [PULL 31/31] hw/isa/pc87312: Mark the device with user_creatable = false

[Michael Tokarev]

From: Thomas Huth 

QEMU currently aborts if you try to use the device at the command
line:

$ ppc64-softmmu/qemu-system-ppc64 -S -machine prep -device pc87312
Unexpected error in qemu_chr_fe_init() at chardev/char-fe.c:222:
qemu-system-ppc64: -device pc87312: Device 'parallel0' is in use
Aborted (core dumped)

It uses parallel_hds in its realize function, so I can not be
instantiated by the user again.

Signed-off-by: Thomas Huth 
Reviewed-by: Hervé Poussineau 
Signed-off-by: Michael Tokarev 
---
 hw/isa/pc87312.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/isa/pc87312.c b/hw/isa/pc87312.c
index 5ce9f0a062..48b29e3c3c 100644
--- a/hw/isa/pc87312.c
+++ b/hw/isa/pc87312.c
@@ -386,6 +386,8 @@ static void pc87312_class_init(ObjectClass *klass, void 
*data)
 dc->reset = pc87312_reset;
 dc->vmsd = _pc87312;
 dc->props = pc87312_properties;
+/* Reason: Uses parallel_hds[0] in realize(), so it can't be used twice */
+dc->user_creatable = false;
 }
 
 static const TypeInfo pc87312_type_info = {
-- 
2.11.0

[Qemu-devel] [PULL 22/31] chardev/baum: fix baum that releases brlapi twice

[Michael Tokarev]

From: Liang Yan 

Error process of baum_chr_open needs to set brlapi null, so it won't
get released twice in char_braille_finalize, which will cause
"/usr/bin/qemu-system-x86_64: double free or corruption (!prev)"

Signed-off-by: Liang Yan 
Reviewed-by: Marc-André Lureau 
Signed-off-by: Michael Tokarev 
---
 chardev/baum.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/chardev/baum.c b/chardev/baum.c
index 302dd9666c..67fd783a59 100644
--- a/chardev/baum.c
+++ b/chardev/baum.c
@@ -643,6 +643,7 @@ static void baum_chr_open(Chardev *chr,
 error_setg(errp, "brlapi__openConnection: %s",
brlapi_strerror(brlapi_error_location()));
 g_free(handle);
+baum->brlapi = NULL;
 return;
 }
 baum->deferred_init = 0;
-- 
2.11.0

[Qemu-devel] [PULL 30/31] Drop gld linker usage on SunOS

[Michael Tokarev]

From: Kamil Rytarowski 

This is required to be removed on SmartOS (Illumos).
As of now there are no alternative supported SunOS distributions.

Signed-off-by: Kamil Rytarowski 
Signed-off-by: Michael Tokarev 
---
 configure | 1 -
 1 file changed, 1 deletion(-)

diff --git a/configure b/configure
index 1f7b4f03ce..7727f6ba5b 100755
--- a/configure
+++ b/configure
@@ -746,7 +746,6 @@ SunOS)
   solaris="yes"
   make="${MAKE-gmake}"
   install="${INSTALL-ginstall}"
-  ld="gld"
   smbd="${SMBD-/usr/sfw/sbin/smbd}"
   if test -f /usr/include/sys/soundcard.h ; then
 audio_drv_list="oss"
-- 
2.11.0

[Qemu-devel] [PULL 08/31] MAINTAINERS: add missing qcow2 entry

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Kevin Wolf 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index f86c68a107..b77131ec5f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1872,6 +1872,7 @@ M: Max Reitz 
 L: qemu-bl...@nongnu.org
 S: Supported
 F: block/qcow2*
+F: docs/interop/qcow2.txt
 
 qcow
 M: Kevin Wolf 
-- 
2.11.0

[Qemu-devel] [PULL 13/31] MAINTAINERS: add missing entry for Generic Loader

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 4ab3bdda29..1c659a94d0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1168,6 +1168,7 @@ M: Alistair Francis 
 S: Maintained
 F: hw/core/generic-loader.c
 F: include/hw/core/generic-loader.h
+F: docs/generic-loader.txt
 
 CHRP NVRAM
 M: Thomas Huth 
-- 
2.11.0

[Qemu-devel] [PULL 15/31] MAINTAINERS: update docs/devel/ entries

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

moved in commit ac06724a7158

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Eric Blake 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 1a5cd3c05c..f467e0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1440,7 +1440,7 @@ F: tests/test-qapi-*.c
 F: tests/test-qmp-*.c
 F: tests/test-visitor-serialization.c
 F: scripts/qapi*
-F: docs/qapi*
+F: docs/devel/qapi*
 T: git git://repo.or.cz/qemu/armbru.git qapi-next
 
 QAPI Schema
@@ -1492,7 +1492,7 @@ M: Markus Armbruster 
 S: Supported
 F: qmp.c
 F: monitor.c
-F: docs/*qmp-*
+F: docs/devel/*qmp-*
 F: scripts/qmp/
 F: tests/qmp-test.c
 T: git git://repo.or.cz/qemu/armbru.git qapi-next
@@ -1523,7 +1523,7 @@ S: Maintained
 F: trace/
 F: scripts/tracetool.py
 F: scripts/tracetool/
-F: docs/tracing.txt
+F: docs/devel/tracing.txt
 T: git git://github.com/stefanha/qemu.git tracing
 
 TPM
@@ -1546,7 +1546,7 @@ F: include/migration/
 F: migration/
 F: scripts/vmstate-static-checker.py
 F: tests/vmstate-static-checker-data/
-F: docs/migration.txt
+F: docs/devel/migration.txt
 F: qapi/migration.json
 
 Seccomp
@@ -1945,5 +1945,5 @@ Documentation
 Build system architecture
 M: Daniel P. Berrange 
 S: Odd Fixes
-F: docs/build-system.txt
+F: docs/devel/build-system.txt
 
-- 
2.11.0

[Qemu-devel] [PULL 23/31] trivial: Add missing "-m" parameter in docs/memory-hotplug.txt

[Michael Tokarev]

From: Thomas Huth 

The example obviously lacks the "-m" parameter.

Signed-off-by: Thomas Huth 
Reviewed-by: Igor Mammedov 
Signed-off-by: Michael Tokarev 
---
 docs/memory-hotplug.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/memory-hotplug.txt b/docs/memory-hotplug.txt
index 56bdd0a47b..d96397c1af 100644
--- a/docs/memory-hotplug.txt
+++ b/docs/memory-hotplug.txt
@@ -24,7 +24,7 @@ Where,
 
 For example, the following command-line:
 
- qemu [...] 1G,slots=3,maxmem=4G
+ qemu [...] -m 1G,slots=3,maxmem=4G
 
 Creates a guest with 1GB of memory and three hotpluggable memory slots.
 The hotpluggable memory slots are empty when the guest is booted, so all
-- 
2.11.0

[Qemu-devel] [PULL 18/31] util/qemu-thread-posix.c: Replace OS ifdefs with CONFIG_HAVE_SEM_TIMEDWAIT

[Michael Tokarev]

From: Peter Maydell 

In qemu-thread-posix.c we have two implementations of the
various qemu_sem_* functions, one of which uses native POSIX
sem_* and the other of which emulates them with pthread conditions.
This is necessary because not all our host OSes support
sem_timedwait().

Instead of a hard-coded list of OSes which don't implement
sem_timedwait(), which gets out of date, make configure
test for the presence of the function and set a new
CONFIG_HAVE_SEM_TIMEDWAIT appropriately.

In particular, newer NetBSDs have sem_timedwait(), so this
commit will switch them over to using it. OSX still does
not have an implementation.

Signed-off-by: Peter Maydell 
Reviewed-by: Kamil Rytarowski 
Reviewed-by: Eric Blake 
Signed-off-by: Michael Tokarev 
---
 configure   | 15 +++
 include/qemu/thread-posix.h |  2 +-
 util/qemu-thread-posix.c| 10 +-
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/configure b/configure
index 12d4e4ebfa..1f7b4f03ce 100755
--- a/configure
+++ b/configure
@@ -4425,6 +4425,18 @@ if compile_prog "" "" ; then
 fi
 
 ##
+# check if we have sem_timedwait
+
+sem_timedwait=no
+cat > $TMPC << EOF
+#include 
+int main(void) { return sem_timedwait(0, 0); }
+EOF
+if compile_prog "" "" ; then
+sem_timedwait=yes
+fi
+
+##
 # check if trace backend exists
 
 $python "$source_path/scripts/tracetool.py" "--backends=$trace_backends" 
--check-backends  > /dev/null 2> /dev/null
@@ -5678,6 +5690,9 @@ fi
 if test "$inotify1" = "yes" ; then
   echo "CONFIG_INOTIFY1=y" >> $config_host_mak
 fi
+if test "$sem_timedwait" = "yes" ; then
+  echo "CONFIG_SEM_TIMEDWAIT=y" >> $config_host_mak
+fi
 if test "$byteswap_h" = "yes" ; then
   echo "CONFIG_BYTESWAP_H=y" >> $config_host_mak
 fi
diff --git a/include/qemu/thread-posix.h b/include/qemu/thread-posix.h
index e5e3a0ff97..f4296d31c4 100644
--- a/include/qemu/thread-posix.h
+++ b/include/qemu/thread-posix.h
@@ -21,7 +21,7 @@ struct QemuCond {
 };
 
 struct QemuSemaphore {
-#if defined(__APPLE__) || defined(__NetBSD__)
+#ifndef CONFIG_SEM_TIMEDWAIT
 pthread_mutex_t lock;
 pthread_cond_t cond;
 unsigned int count;
diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index 4e95d272dc..7306475899 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -168,7 +168,7 @@ void qemu_sem_init(QemuSemaphore *sem, int init)
 {
 int rc;
 
-#if defined(__APPLE__) || defined(__NetBSD__)
+#ifndef CONFIG_SEM_TIMEDWAIT
 rc = pthread_mutex_init(>lock, NULL);
 if (rc != 0) {
 error_exit(rc, __func__);
@@ -196,7 +196,7 @@ void qemu_sem_destroy(QemuSemaphore *sem)
 
 assert(sem->initialized);
 sem->initialized = false;
-#if defined(__APPLE__) || defined(__NetBSD__)
+#ifndef CONFIG_SEM_TIMEDWAIT
 rc = pthread_cond_destroy(>cond);
 if (rc < 0) {
 error_exit(rc, __func__);
@@ -218,7 +218,7 @@ void qemu_sem_post(QemuSemaphore *sem)
 int rc;
 
 assert(sem->initialized);
-#if defined(__APPLE__) || defined(__NetBSD__)
+#ifndef CONFIG_SEM_TIMEDWAIT
 pthread_mutex_lock(>lock);
 if (sem->count == UINT_MAX) {
 rc = EINVAL;
@@ -256,7 +256,7 @@ int qemu_sem_timedwait(QemuSemaphore *sem, int ms)
 struct timespec ts;
 
 assert(sem->initialized);
-#if defined(__APPLE__) || defined(__NetBSD__)
+#ifndef CONFIG_SEM_TIMEDWAIT
 rc = 0;
 compute_abs_deadline(, ms);
 pthread_mutex_lock(>lock);
@@ -304,7 +304,7 @@ void qemu_sem_wait(QemuSemaphore *sem)
 int rc;
 
 assert(sem->initialized);
-#if defined(__APPLE__) || defined(__NetBSD__)
+#ifndef CONFIG_SEM_TIMEDWAIT
 pthread_mutex_lock(>lock);
 while (sem->count == 0) {
 rc = pthread_cond_wait(>cond, >lock);
-- 
2.11.0

[Qemu-devel] [PULL 05/31] MAINTAINERS: add missing entry for vhost

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Michael S. Tsirkin 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 09e8e964ba..96ba0ffba6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1034,6 +1034,7 @@ vhost
 M: Michael S. Tsirkin 
 S: Supported
 F: hw/*/*vhost*
+F: docs/interop/vhost-user.txt
 
 virtio
 M: Michael S. Tsirkin 
-- 
2.11.0

[Qemu-devel] [PULL 03/31] MAINTAINERS: add missing ARM entries

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index ffcd25bf1f..8593bfa09f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -380,6 +380,7 @@ M: Peter Maydell 
 L: qemu-...@nongnu.org
 S: Maintained
 F: hw/char/pl011.c
+F: include/hw/char/pl011.h
 F: hw/display/pl110*
 F: hw/dma/pl080.c
 F: hw/dma/pl330.c
@@ -403,13 +404,15 @@ F: hw/intc/gic_internal.h
 F: hw/misc/a9scu.c
 F: hw/misc/arm11scu.c
 F: hw/timer/a9gtimer*
-F: hw/timer/arm_*
-F: include/hw/arm/arm.h
+F: hw/timer/arm*
+F: include/hw/arm/arm*.h
 F: include/hw/intc/arm*
 F: include/hw/misc/a9scu.h
 F: include/hw/misc/arm11scu.h
 F: include/hw/timer/a9gtimer.h
 F: include/hw/timer/arm_mptimer.h
+F: include/hw/timer/armv7m_systick.h
+F: tests/test-arm-mptimer.c
 
 Exynos
 M: Igor Mitsyanko 
@@ -512,6 +515,7 @@ M: Peter Maydell 
 L: qemu-...@nongnu.org
 S: Maintained
 F: hw/*/versatile*
+F: hw/misc/arm_sysctl.c
 
 Xilinx Zynq
 M: Edgar E. Iglesias 
-- 
2.11.0

[Qemu-devel] [PULL 24/31] target/xtensa: Use the pre-defined MEMTXATTRS_UNSPECIFIED macro

[Michael Tokarev]

From: Alistair Francis 

Instead of using the hardcoded (MemTxAttrs){0} for no memory attributes
let's use the already defined MEMTXATTRS_UNSPECIFIED macro instead.

This is technically a change of behaviour as MEMTXATTRS_UNSPECIFIED sets
the unspecified field to 1, but it doesn't look like anything is
checking this field.

Signed-off-by: Alistair Francis 
Acked-by: Max Filippov 
Signed-off-by: Michael Tokarev 
---
 target/xtensa/op_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/xtensa/op_helper.c b/target/xtensa/op_helper.c
index 519fbeddd6..3d990c0caa 100644
--- a/target/xtensa/op_helper.c
+++ b/target/xtensa/op_helper.c
@@ -1025,11 +1025,11 @@ void HELPER(ule_s)(CPUXtensaState *env, uint32_t br, 
float32 a, float32 b)
 uint32_t HELPER(rer)(CPUXtensaState *env, uint32_t addr)
 {
 return address_space_ldl(env->address_space_er, addr,
- (MemTxAttrs){0}, NULL);
+ MEMTXATTRS_UNSPECIFIED, NULL);
 }
 
 void HELPER(wer)(CPUXtensaState *env, uint32_t data, uint32_t addr)
 {
 address_space_stl(env->address_space_er, addr, data,
-  (MemTxAttrs){0}, NULL);
+  MEMTXATTRS_UNSPECIFIED, NULL);
 }
-- 
2.11.0

[Qemu-devel] [PULL 28/31] dma/i82374: avoid double creation of i82374 device

[Michael Tokarev]

From: Eduardo Otubo 

QEMU fails when used with the following command line:

  ./ppc64-softmmu/qemu-system-ppc64 -S -machine 40p,accel=tcg -device i82374
  qemu-system-ppc64: hw/isa/isa-bus.c:110: isa_bus_dma: Assertion `!bus->dma[0] 
&& !bus->dma[1]' failed.
  Aborted (core dumped)

The 40p machine type already creates the device i82374. If specified in the
command line, it will try to create it again, hence generating the error. The
function isa_bus_dma() isn't supposed to be called twice for the same bus. One
way to avoid this problem is to set user_creatable=false.

A possible fix in a near future would be making
isa_bus_dma()/DMA_init()/i82374_realize() return an error instead of asserting
as well.

Signed-off-by: Eduardo Otubo 
Signed-off-by: Michael Tokarev 
---
 hw/dma/i82374.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/dma/i82374.c b/hw/dma/i82374.c
index 6c0f975df0..e76dea8dc7 100644
--- a/hw/dma/i82374.c
+++ b/hw/dma/i82374.c
@@ -139,6 +139,11 @@ static void i82374_class_init(ObjectClass *klass, void 
*data)
 dc->realize = i82374_realize;
 dc->vmsd = _i82374;
 dc->props = i82374_properties;
+dc->user_creatable = false;
+/*
+ * Reason: i82374_realize() crashes (assertion failure inside isa_bus_dma()
+ * if the device is instantiated twice.
+ */
 }
 
 static const TypeInfo i82374_info = {
-- 
2.11.0

[Qemu-devel] [PULL 11/31] MAINTAINERS: add missing entries for throttling infra

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Alberto Garcia 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 041605ce13..c40935f441 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1595,8 +1595,10 @@ M: Alberto Garcia 
 S: Supported
 F: block/throttle-groups.c
 F: include/block/throttle-groups.h
-F: include/qemu/throttle.h
+F: include/qemu/throttle*.h
 F: util/throttle.c
+F: docs/throttle.txt
+F: tests/test-throttle.c
 L: qemu-bl...@nongnu.org
 
 UUID
-- 
2.11.0

[Qemu-devel] [PULL 14/31] MAINTAINERS: add missing Cryptography entry

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Daniel P. Berrange 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 1c659a94d0..1a5cd3c05c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1561,6 +1561,7 @@ S: Maintained
 F: crypto/
 F: include/crypto/
 F: tests/test-crypto-*
+F: tests/benchmark-crypto-*
 F: qemu.sasl
 
 Coroutines
-- 
2.11.0

[Qemu-devel] [PULL 25/31] osdep: Fix ROUND_UP(64-bit, 32-bit)

[Michael Tokarev]

From: Eric Blake 

When using bit-wise operations that exploit the power-of-two
nature of the second argument of ROUND_UP(), we still need to
ensure that the mask is as wide as the first argument (done
by using a ternary to force proper arithmetic promotion).
Unpatched, ROUND_UP(2ULL*1024*1024*1024*1024, 512U) produces 0,
instead of the intended 2TiB, because negation of an unsigned
32-bit quantity followed by widening to 64-bits does not
sign-extend the mask.

Broken since its introduction in commit 292c8e50 (v1.5.0).
Callers that passed the same width type to both macro parameters,
or that had other code to ensure the first parameter's maximum
runtime value did not exceed the second parameter's width, are
unaffected, but I did not audit to see which (if any) existing
clients of the macro could trigger incorrect behavior (I found
the bug while adding a new use of the macro).

While preparing the patch, checkpatch complained about poor
spacing, so I also fixed that here and in the nearby DIV_ROUND_UP.

CC: qemu-triv...@nongnu.org
CC: qemu-sta...@nongnu.org
Signed-off-by: Eric Blake 
Reviewed-by: Laszlo Ersek 
Reviewed-by: Richard Henderson 
Signed-off-by: Michael Tokarev 
---
 include/qemu/osdep.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 72b75bf044..9dd318a7dd 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -205,13 +205,13 @@ extern int daemon(int, int);
 
 /* Round number up to multiple. Requires that d be a power of 2 (see
  * QEMU_ALIGN_UP for a safer but slower version on arbitrary
- * numbers) */
+ * numbers); works even if d is a smaller type than n.  */
 #ifndef ROUND_UP
-#define ROUND_UP(n,d) (((n) + (d) - 1) & -(d))
+#define ROUND_UP(n, d) (((n) + (d) - 1) & -(0 ? (n) : (d)))
 #endif
 
 #ifndef DIV_ROUND_UP
-#define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d))
+#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
 #endif
 
 /*
-- 
2.11.0

[Qemu-devel] [PULL 21/31] remove trailing whitespace from qemu-options.hx

[Michael Tokarev]

Remove trailing whitespace in qemu-options documentation, as it causes
reproducibility issues depending on the echo implementation used by
the Makefile.

Reported-By: Vagrant Cascadian 
Signed-off-by: Michael Tokarev 
---
 qemu-options.hx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 77859a248c..39225ae6c3 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -284,8 +284,8 @@ Set default value of @var{driver}'s property @var{prop} to 
@var{value}, e.g.:
 qemu-system-i386 -global ide-hd.physical_block_size=4096 disk-image.img
 @end example
 
-In particular, you can use this to set driver properties for devices which are 
-created automatically by the machine model. To create a device which is not 
+In particular, you can use this to set driver properties for devices which are
+created automatically by the machine model. To create a device which is not
 created automatically and set properties on it, use -@option{device}.
 
 -global @var{driver}.@var{prop}=@var{value} is shorthand for -global
-- 
2.11.0

[Qemu-devel] [PULL 12/31] MAINTAINERS: add missing AIO entry

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Fam Zheng 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index c40935f441..4ab3bdda29 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1229,6 +1229,7 @@ F: util/aio-*.c
 F: block/io.c
 F: migration/block*
 F: include/block/aio.h
+F: scripts/qemugdb/aio.py
 T: git git://github.com/stefanha/qemu.git block
 
 Block SCSI subsystem
-- 
2.11.0

[Qemu-devel] [PULL 16/31] MAINTAINERS: update docs/interop/ entries

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

moved in commit 7746cf8aab68

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Fam Zheng 
Acked-by: John Snow 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index f467e0..932443df41 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1271,7 +1271,7 @@ F: block/dirty-bitmap.c
 F: include/qemu/hbitmap.h
 F: include/block/dirty-bitmap.h
 F: tests/test-hbitmap.c
-F: docs/bitmaps.md
+F: docs/interop/bitmaps.rst
 T: git git://github.com/famz/qemu.git bitmaps
 T: git git://github.com/jnsnow/qemu.git bitmaps
 
@@ -1857,7 +1857,7 @@ M: Denis V. Lunev 
 L: qemu-bl...@nongnu.org
 S: Supported
 F: block/parallels.c
-F: docs/specs/parallels.txt
+F: docs/interop/parallels.txt
 
 qed
 M: Stefan Hajnoczi 
-- 
2.11.0

[Qemu-devel] [PULL 26/31] hw/display/virtio-gpu: Put the virtio-gpu-device into the display category

[Michael Tokarev]

From: Thomas Huth 

The virtio-gpu-pci device is already in the display category, so the
virtio-gpu-device should be there, too.

Signed-off-by: Thomas Huth 
Signed-off-by: Michael Tokarev 
---
 hw/display/virtio-gpu.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 3a8f1e1a2d..6b5f119d96 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -1321,6 +1321,7 @@ static void virtio_gpu_class_init(ObjectClass *klass, 
void *data)
 
 vdc->reset = virtio_gpu_reset;
 
+set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
 dc->props = virtio_gpu_properties;
 dc->vmsd = _virtio_gpu;
 dc->hotpluggable = false;
-- 
2.11.0

[Qemu-devel] [PULL 17/31] filter-mirror: segfault when specifying non existent device

[Michael Tokarev]

From: Eduardo Otubo 

When using filter-mirror like the example below where the interface
'ndev0' does not exist on the host, QEMU crashes into segmentation
fault.

 $ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object 
filter-mirror,id=test-object,netdev=ndev0

This happens because the function filter_mirror_setup() does not checks
if the device actually exists and still keep on processing calling
qemu_chr_find(). This patch fixes this issue.

Signed-off-by: Eduardo Otubo 
Reviewed-by: Zhang Chen 
Signed-off-by: Michael Tokarev 
---
 net/filter-mirror.c | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 90e2c92337..e18a4b16a0 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -213,14 +213,22 @@ static void filter_mirror_setup(NetFilterState *nf, Error 
**errp)
 MirrorState *s = FILTER_MIRROR(nf);
 Chardev *chr;
 
+if (s->outdev == NULL) {
+goto err;
+}
+
 chr = qemu_chr_find(s->outdev);
+
 if (chr == NULL) {
-error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
-  "Device '%s' not found", s->outdev);
-return;
+goto err;
 }
 
 qemu_chr_fe_init(>chr_out, chr, errp);
+
+err:
+error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, "Device '%s' not found",
+  nf->netdev_id);
+return;
 }
 
 static void redirector_rs_finalize(SocketReadState *rs)
-- 
2.11.0

[Qemu-devel] [PULL 10/31] MAINTAINERS: add missing SSI entries

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Alistair Francis volunteered :)

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index dcd07505b0..041605ce13 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -990,10 +990,13 @@ F: hw/scsi/lsi53c895a.c
 
 SSI
 M: Peter Crosthwaite 
+M: Alistair Francis 
 S: Maintained
 F: hw/ssi/*
 F: hw/block/m25p80.c
+F: include/hw/ssi/ssi.h
 X: hw/ssi/xilinx_*
+F: tests/m25p80-test.c
 
 Xilinx SPI
 M: Alistair Francis 
-- 
2.11.0

[Qemu-devel] [PULL 00/31] Trivial patches for 2017-09-25

[Michael Tokarev]

This is a collection of trivial stuff collected for quite some time.
It includes various stuff, and just one series from
Philippe Mathieu-Daudé (MAINTAINERS update), - other his series are
in the works.

Thanks,

/mjt

The following changes since commit 460b6c8e581aa06b86f59eebd9e52edfe7adf417:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging 
(2017-09-23 12:55:40 +0100)

are available in the git repository at:

  git://git.corpit.ru/qemu.git tags/trivial-patches-fetch

for you to fetch changes up to 97fb016a2aae686098f01d1c2dc194ed0f8e1c36:

  hw/isa/pc87312: Mark the device with user_creatable = false (2017-09-25 
00:09:11 +0300)


trivial patches for 2017-09-25


Alistair Francis (1):
  target/xtensa: Use the pre-defined MEMTXATTRS_UNSPECIFIED macro

Eduardo Otubo (2):
  filter-mirror: segfault when specifying non existent device
  dma/i82374: avoid double creation of i82374 device

Eric Blake (2):
  osdep: Fix ROUND_UP(64-bit, 32-bit)
  nbd-client: Use correct macro parenthesization

KONRAD Frederic (1):
  aux-to-i2c-bridge: don't allow user to create one

Kamil Rytarowski (2):
  Replace round_page() with TARGET_PAGE_ALIGN()
  Drop gld linker usage on SunOS

Liang Yan (2):
  hw/display/xenfb.c: Add trace_xenfb_key_event
  chardev/baum: fix baum that releases brlapi twice

Michael Tokarev (1):
  remove trailing whitespace from qemu-options.hx

Peter Maydell (1):
  util/qemu-thread-posix.c: Replace OS ifdefs with CONFIG_HAVE_SEM_TIMEDWAIT

Philippe Mathieu-Daudé (14):
  MAINTAINERS: add missing ARM entries
  MAINTAINERS: add missing STM32 entry
  MAINTAINERS: add missing entry for vhost
  MAINTAINERS: add missing VMWare entry
  MAINTAINERS: add missing Guest Agent entries
  MAINTAINERS: add missing qcow2 entry
  MAINTAINERS: add missing PCI entries
  MAINTAINERS: add missing SSI entries
  MAINTAINERS: add missing entries for throttling infra
  MAINTAINERS: add missing AIO entry
  MAINTAINERS: add missing entry for Generic Loader
  MAINTAINERS: add missing Cryptography entry
  MAINTAINERS: update docs/devel/ entries
  MAINTAINERS: update docs/interop/ entries

Stefan Weil (1):
  configure: Remove unused code (found by shellcheck)

Thomas Huth (4):
  trivial: Add missing "-m" parameter in docs/memory-hotplug.txt
  hw/display/virtio-gpu: Put the virtio-gpu-device into the display category
  tests/boot-sector: Increase timeout to 600 seconds
  hw/isa/pc87312: Mark the device with user_creatable = false

 MAINTAINERS | 42 --
 block/nbd-client.c  |  4 ++--
 chardev/baum.c  |  1 +
 configure   | 17 +++--
 docs/memory-hotplug.txt |  2 +-
 hw/display/trace-events |  1 +
 hw/display/virtio-gpu.c |  1 +
 hw/display/xenfb.c  |  1 +
 hw/dma/i82374.c |  5 +
 hw/isa/pc87312.c|  2 ++
 hw/misc/auxbus.c| 11 +++
 hw/ppc/mac_newworld.c   | 11 +++
 hw/ppc/mac_oldworld.c   | 11 +++
 include/qemu/osdep.h|  6 +++---
 include/qemu/thread-posix.h |  2 +-
 net/filter-mirror.c | 14 +++---
 qemu-options.hx |  4 ++--
 target/xtensa/op_helper.c   |  4 ++--
 tests/boot-sector.c |  4 ++--
 util/qemu-thread-posix.c| 10 +-
 20 files changed, 104 insertions(+), 49 deletions(-)

[Qemu-devel] [PULL 01/31] configure: Remove unused code (found by shellcheck)

[Michael Tokarev]

From: Stefan Weil 

smartcard_cflags is no longer needed since commit
0b22ef0f57a8910d849602bef0940edcd0553d2c.

Signed-off-by: Stefan Weil 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Michael Tokarev 
---
 configure | 1 -
 1 file changed, 1 deletion(-)

diff --git a/configure b/configure
index 133a5757ef..12d4e4ebfa 100755
--- a/configure
+++ b/configure
@@ -4229,7 +4229,6 @@ EOF
 fi
 
 # check for smartcard support
-smartcard_cflags=""
 if test "$smartcard" != "no"; then
 if $pkg_config libcacard; then
 libcacard_cflags=$($pkg_config --cflags libcacard)
-- 
2.11.0

[Qemu-devel] [PULL 02/31] Replace round_page() with TARGET_PAGE_ALIGN()

[Michael Tokarev]

From: Kamil Rytarowski 

This change fixes conflict with the DragonFly BSD headers.

Signed-off-by: Kamil Rytarowski 
Reviewed-by: Thomas Huth 
Signed-off-by: Michael Tokarev 
---
 hw/ppc/mac_newworld.c | 11 +++
 hw/ppc/mac_oldworld.c | 11 +++
 2 files changed, 6 insertions(+), 16 deletions(-)

diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 33b46cb50b..d013c412d6 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -124,11 +124,6 @@ static uint64_t translate_kernel_address(void *opaque, 
uint64_t addr)
 return (addr & 0x0fff) + KERNEL_LOAD_ADDR;
 }
 
-static hwaddr round_page(hwaddr addr)
-{
-return (addr + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
-}
-
 static void ppc_core99_reset(void *opaque)
 {
 PowerPCCPU *cpu = opaque;
@@ -252,7 +247,7 @@ static void ppc_core99_init(MachineState *machine)
 }
 /* load initrd */
 if (initrd_filename) {
-initrd_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
+initrd_base = TARGET_PAGE_ALIGN(kernel_base + kernel_size + 
KERNEL_GAP);
 initrd_size = load_image_targphys(initrd_filename, initrd_base,
   ram_size - initrd_base);
 if (initrd_size < 0) {
@@ -260,11 +255,11 @@ static void ppc_core99_init(MachineState *machine)
  initrd_filename);
 exit(1);
 }
-cmdline_base = round_page(initrd_base + initrd_size);
+cmdline_base = TARGET_PAGE_ALIGN(initrd_base + initrd_size);
 } else {
 initrd_base = 0;
 initrd_size = 0;
-cmdline_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
+cmdline_base = TARGET_PAGE_ALIGN(kernel_base + kernel_size + 
KERNEL_GAP);
 }
 ppc_boot_device = 'm';
 } else {
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 193b9047d9..61838c3e6f 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -66,11 +66,6 @@ static uint64_t translate_kernel_address(void *opaque, 
uint64_t addr)
 return (addr & 0x0fff) + KERNEL_LOAD_ADDR;
 }
 
-static hwaddr round_page(hwaddr addr)
-{
-return (addr + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
-}
-
 static void ppc_heathrow_reset(void *opaque)
 {
 PowerPCCPU *cpu = opaque;
@@ -187,7 +182,7 @@ static void ppc_heathrow_init(MachineState *machine)
 }
 /* load initrd */
 if (initrd_filename) {
-initrd_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
+initrd_base = TARGET_PAGE_ALIGN(kernel_base + kernel_size + 
KERNEL_GAP);
 initrd_size = load_image_targphys(initrd_filename, initrd_base,
   ram_size - initrd_base);
 if (initrd_size < 0) {
@@ -195,11 +190,11 @@ static void ppc_heathrow_init(MachineState *machine)
  initrd_filename);
 exit(1);
 }
-cmdline_base = round_page(initrd_base + initrd_size);
+cmdline_base = TARGET_PAGE_ALIGN(initrd_base + initrd_size);
 } else {
 initrd_base = 0;
 initrd_size = 0;
-cmdline_base = round_page(kernel_base + kernel_size + KERNEL_GAP);
+cmdline_base = TARGET_PAGE_ALIGN(kernel_base + kernel_size + 
KERNEL_GAP);
 }
 ppc_boot_device = 'm';
 } else {
-- 
2.11.0

[Qemu-devel] [PULL 04/31] MAINTAINERS: add missing STM32 entry

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Reviewed-by: Alistair Francis 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 8593bfa09f..09e8e964ba 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -552,6 +552,7 @@ F: hw/char/stm32f2xx_usart.c
 F: hw/timer/stm32f2xx_timer.c
 F: hw/adc/*
 F: hw/ssi/stm32f2xx_spi.c
+F: include/hw/*/stm32*.h
 
 Netduino 2
 M: Alistair Francis 
-- 
2.11.0

[Qemu-devel] [PULL 07/31] MAINTAINERS: add missing Guest Agent entries

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Michael Roth 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 4 
 1 file changed, 4 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 4d7a06a0ed..f86c68a107 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1462,6 +1462,10 @@ QEMU Guest Agent
 M: Michael Roth 
 S: Maintained
 F: qga/
+F: qemu-ga.texi
+F: scripts/qemu-guest-agent/
+F: tests/test-qga.c
+F: docs/interop/qemu-ga-ref.texi
 T: git git://github.com/mdroth/qemu.git qga
 
 QOM
-- 
2.11.0

[Qemu-devel] [PULL 06/31] MAINTAINERS: add missing VMWare entry

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
Reviewed-by: Dmitry Fleytman 
Signed-off-by: Michael Tokarev 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 96ba0ffba6..4d7a06a0ed 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1132,6 +1132,7 @@ M: Dmitry Fleytman 
 S: Maintained
 F: hw/net/vmxnet*
 F: hw/scsi/vmw_pvscsi*
+F: tests/vmxnet3-test.c
 
 Rocker
 M: Jiri Pirko 
-- 
2.11.0

Re: [Qemu-devel] [PATCH] vmxcap: Fix output formatting

[Michael Tokarev]

Please excuse me for the long delay with this patch.

20.07.2017 11:14, Stefan Fritsch wrote:
> From: Stefan Fritsch 
> 
> One string is longer than 40 chars. Set the field width to 50.

The string is this one, I guess:

Miscellaneous data
  Hex: 0x100401e5
  VMX-preemption timer scale (log2)5
  Store EFER.LMA into IA-32e mode guest control yes
  HLT activity state   yes
  Shutdown activity state  yes

While technically after this change, it will be aligned
in one column, I think it is better to reword this one
entry instead: when widening the alignment column, the
whole thing becomes less and less readable, it is more
difficult this way to follow which value correspond to
which entry.

A better wording for this one entry is welcome :)

Thanks,

/mjt

Re: [Qemu-devel] [PATCH] hw/isa/pc87312: Mark the device with user_creatable = false

[Michael Tokarev]

13.09.2017 12:07, Thomas Huth wrote:
> QEMU currently aborts if you try to use the device at the command
> line:
> 
> $ ppc64-softmmu/qemu-system-ppc64 -S -machine prep -device pc87312
> Unexpected error in qemu_chr_fe_init() at chardev/char-fe.c:222:
> qemu-system-ppc64: -device pc87312: Device 'parallel0' is in use
> Aborted (core dumped)
> 
> It uses parallel_hds in its realize function, so I can not be
> instantiated by the user again.
> 

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] Drop gld linker usage on SunOS

[Michael Tokarev]

11.09.2017 23:50, Kamil Rytarowski wrote:
> This is required to be removed on SmartOS (Illumos).

I take this as granted - I haven't verified this.

> As of now there are no alternative supported SunOS distributions.

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] tests/boot-sector: Increase timeout to 600 seconds

[Michael Tokarev]

22.09.2017 06:06, Thomas Huth wrote:
> If QEMU has been compiled with the flags --enable-tcg-interpreter and
> --enable-debug, the guest is running incredibly slow. The pxe boot test
> can take up to 400 seconds when testing the pseries ppc64 machine. While
> we should still look for ways to speed up the test on the pseries machine,
> it's better to increase the timeout in this test to 600 seconds anyway to
> allow the test to pass successfully now with this unusal configuration
> already.

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [[PATCH] dma/i82374: avoid double creation of i82374 device

[Michael Tokarev]

15.09.2017 12:06, Eduardo Otubo wrote:
> QEMU fails when used with the following command line:
> 
>   ./ppc64-softmmu/qemu-system-ppc64 -S -machine 40p,accel=tcg -device i82374
>   qemu-system-ppc64: hw/isa/isa-bus.c:110: isa_bus_dma: Assertion 
> `!bus->dma[0] && !bus->dma[1]' failed.
>   Aborted (core dumped)
> 
> The 40p machine type already creates the device i82374. If specified in the
> command line, it will try to create it again, hence generating the error. The
> function isa_bus_dma() isn't supposed to be called twice for the same bus. One
> way to avoid this problem is to set user_creatable=false.

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] nbd-client: Use correct macro parenthesization

[Michael Tokarev]

19.09.2017 00:46, Eric Blake wrote:
> If 'bs' is a complex expression, we were only casting the front half
> rather than the full expression.  Luckily, none of the callers were
> passing bad arguments, but it's better to be robust up front.

Applied to -trivial.

/mjt

Re: [Qemu-devel] [PATCH] hw/display/virtio-gpu: Put the virtio-gpu-device into the display category

[Michael Tokarev]

15.09.2017 11:46, Thomas Huth wrote:
> The virtio-gpu-pci device is already in the display category, so the
> virtio-gpu-device should be there, too.

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH v2] osdep: Fix ROUND_UP(64-bit, 32-bit)

[Michael Tokarev]

14.09.2017 16:49, Eric Blake wrote:
> When using bit-wise operations that exploit the power-of-two
> nature of the second argument of ROUND_UP(), we still need to
> ensure that the mask is as wide as the first argument (done
> by using a ternary to force proper arithmetic promotion).
> Unpatched, ROUND_UP(2ULL*1024*1024*1024*1024, 512U) produces 0,
> instead of the intended 2TiB, because negation of an unsigned
> 32-bit quantity followed by widening to 64-bits does not
> sign-extend the mask.
> 
> Broken since its introduction in commit 292c8e50 (v1.5.0).
> Callers that passed the same width type to both macro parameters,
> or that had other code to ensure the first parameter's maximum
> runtime value did not exceed the second parameter's width, are
> unaffected, but I did not audit to see which (if any) existing
> clients of the macro could trigger incorrect behavior (I found
> the bug while adding a new use of the macro).
> 
> While preparing the patch, checkpatch complained about poor
> spacing, so I also fixed that here and in the nearby DIV_ROUND_UP.

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH v2 1/1] target/xtensa: Use the pre-defined MEMTXATTRS_UNSPECIFIED macro

[Michael Tokarev]

16.09.2017 00:56, Alistair Francis wrote:
> Instead of using the hardcoded (MemTxAttrs){0} for no memory attributes
> let's use the already defined MEMTXATTRS_UNSPECIFIED macro instead.
> 
> This is technically a change of behaviour as MEMTXATTRS_UNSPECIFIED sets
> the unspecified field to 1, but it doesn't look like anything is
> checking this field.

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] trivial: Add missing "-m" parameter in docs/memory-hotplug.txt

[Michael Tokarev]

19.09.2017 12:02, Thomas Huth wrote:
> The example obviously lacks the "-m" parameter.

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH] chardev/baum: fix baum that releases brlapi twice

[Michael Tokarev]

23.09.2017 01:55, Liang Yan wrote:
> Error process of baum_chr_open needs to set brlapi null, so it won't
> get released twice in char_braille_finalize, which will cause
> "/usr/bin/qemu-system-x86_64: double free or corruption (!prev)"

Applied to -trivial, thanks!

/mjt

Re: [Qemu-devel] [PATCH v7 8/8] tpm: Added support for TPM emulator

[Marc-André Lureau]

Hi

Thanks for the nice update, removing the exec() code, using chardev
and a private socketpair. Some comments below:

On Fri, Sep 22, 2017 at 2:33 PM, Amarnath Valluri
 wrote:
> This change introduces a new TPM backend driver that can communicate with
> swtpm(software TPM emulator) using unix domain socket interface. QEMU talks to
> TPM emulator using socket based chardev backend device.
>
> Swtpm uses two Unix sockets for communications, one for plain TPM commands and
> responses, and one for out-of-band control messages. QEMU passes data socket
> been used over the control channel.
>
> The swtpm and associated tools can be found here:
> https://github.com/stefanberger/swtpm
>
> The swtpm's control channel protocol specification can be found here:
> https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification
>
> Usage:
> # setup TPM state directory
> mkdir /tmp/mytpm
> chown -R tss:root /tmp/mytpm
> /usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek
>
> # Ask qemu to use TPM emulator with given tpm state directory
> qemu-system-x86_64 \
> [...] \
> -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \
> -tpmdev emulator,id=tpm0,chardev=chrtpm \
> -device tpm-tis,tpmdev=tpm0 \
> [...]
>
> Signed-off-by: Amarnath Valluri 
> ---
>  configure |  15 +-
>  hmp.c |   5 +
>  hw/tpm/Makefile.objs  |   1 +
>  hw/tpm/tpm_emulator.c | 649 
> ++
>  hw/tpm/tpm_ioctl.h| 246 +++
>  qapi/tpm.json |  21 +-
>  qemu-options.hx   |  22 +-
>  7 files changed, 950 insertions(+), 9 deletions(-)
>  create mode 100644 hw/tpm/tpm_emulator.c
>  create mode 100644 hw/tpm/tpm_ioctl.h
>
> diff --git a/configure b/configure
> index cb0f7ed..ce2df2d 100755
> --- a/configure
> +++ b/configure
> @@ -3461,10 +3461,15 @@ fi
>  ##
>  # TPM passthrough is only on x86 Linux
>
> -if test "$targetos" = Linux && test "$cpu" = i386 -o "$cpu" = x86_64; then
> -  tpm_passthrough=$tpm
> +if test "$targetos" = Linux; then
> +  tpm_emulator=$tpm
> +  if test "$cpu" = i386 -o "$cpu" = x86_64; then
> +tpm_passthrough=$tpm
> +  else
> +tpm_passthrough=no
> +  fi
>  else
> -  tpm_passthrough=no
> +  tpm_emulator=no
>  fi
>
>  ##
> @@ -5359,6 +5364,7 @@ echo "gcov enabled  $gcov"
>  echo "TPM support   $tpm"
>  echo "libssh2 support   $libssh2"
>  echo "TPM passthrough   $tpm_passthrough"
> +echo "TPM emulator  $tpm_emulator"
>  echo "QOM debugging $qom_cast_debug"
>  echo "Live block migration $live_block_migration"
>  echo "lzo support   $lzo"
> @@ -5943,6 +5949,9 @@ if test "$tpm" = "yes"; then
>if test "$tpm_passthrough" = "yes"; then
>  echo "CONFIG_TPM_PASSTHROUGH=y" >> $config_host_mak
>fi
> +  if test "$tpm_emulator" = "yes"; then
> +echo "CONFIG_TPM_EMULATOR=y" >> $config_host_mak

It shouldn't require Linux, but posix (and I assume a port to other
systems isn't impossible). same for build-sys / help / comments.

> +  fi
>  fi
>
>  echo "TRACE_BACKENDS=$trace_backends" >> $config_host_mak
> diff --git a/hmp.c b/hmp.c
> index cf62b2e..7e69eca 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -995,6 +995,7 @@ void hmp_info_tpm(Monitor *mon, const QDict *qdict)
>  Error *err = NULL;
>  unsigned int c = 0;
>  TPMPassthroughOptions *tpo;
> +TPMEmulatorOptions *teo;
>
>  info_list = qmp_query_tpm();
>  if (err) {
> @@ -1024,6 +1025,10 @@ void hmp_info_tpm(Monitor *mon, const QDict *qdict)
> tpo->has_cancel_path ? ",cancel-path=" : "",
> tpo->has_cancel_path ? tpo->cancel_path : "");
>  break;
> +case TPM_TYPE_EMULATOR:
> +teo = ti->options->u.emulator.data;
> +monitor_printf(mon, ",chardev=%s", teo->chardev);
> +break;
>  case TPM_TYPE__MAX:
>  break;
>  }
> diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs
> index 64cecc3..41f0b7a 100644
> --- a/hw/tpm/Makefile.objs
> +++ b/hw/tpm/Makefile.objs
> @@ -1,2 +1,3 @@
>  common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
>  common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o tpm_util.o
> +common-obj-$(CONFIG_TPM_EMULATOR) += tpm_emulator.o tpm_util.o
> diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
> new file mode 100644
> index 000..c02bbe2
> --- /dev/null
> +++ b/hw/tpm/tpm_emulator.c
> @@ -0,0 +1,649 @@
> +/*
> + *  emulator TPM driver
> + *
> + *  Copyright (c) 2017 Intel Corporation
> + *  Author: Amarnath Valluri 
> + *
> + *  Copyright (c) 2010 - 2013 IBM Corporation
> + *  Authors:
> + *Stefan Berger 
> + *
> + *  Copyright (C) 2011 IAIK, Graz University of Technology
> + *Author: Andreas Niederl
> + *
> + * 

Re: [Qemu-devel] [PULL 0/3] slirp updates

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20170924180848.19168-1-samuel.thiba...@ens-lyon.org
Subject: [Qemu-devel] [PULL 0/3] slirp updates

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
3b8560cf71 slirp: Add a special case for the NULL socket
91a5c1c7c4 slirp: Fix intermittent send queue hangs on a socket
16d5416215 slirp: Add explanation for hostfwd parsing failure

=== OUTPUT BEGIN ===
Checking PATCH 1/3: slirp: Add explanation for hostfwd parsing failure...
Checking PATCH 2/3: slirp: Fix intermittent send queue hangs on a socket...
Checking PATCH 3/3: slirp: Add a special case for the NULL socket...
ERROR: code indent should never use tabs
#31: FILE: slirp/if.c:76:
+^Iif (so) {$

ERROR: code indent should never use tabs
#32: FILE: slirp/if.c:77:
+^I^Ifor (ifq = (struct mbuf *) slirp->if_batchq.qh_rlink;$

ERROR: code indent should never use tabs
#33: FILE: slirp/if.c:78:
+^I^I (struct quehead *) ifq != >if_batchq;$

ERROR: code indent should never use tabs
#34: FILE: slirp/if.c:79:
+^I^I ifq = ifq->ifq_prev) {$

ERROR: code indent should never use tabs
#35: FILE: slirp/if.c:80:
+^I^I^Iif (so == ifq->ifq_so) {$

ERROR: code indent should never use tabs
#36: FILE: slirp/if.c:81:
+^I^I^I^I/* A match! */$

ERROR: code indent should never use tabs
#37: FILE: slirp/if.c:82:
+^I^I^I^Iifm->ifq_so = so;$

ERROR: code indent should never use tabs
#38: FILE: slirp/if.c:83:
+^I^I^I^Iifs_insque(ifm, ifq->ifs_prev);$

ERROR: code indent should never use tabs
#39: FILE: slirp/if.c:84:
+^I^I^I^Igoto diddit;$

ERROR: code indent should never use tabs
#40: FILE: slirp/if.c:85:
+^I^I^I}$

total: 10 errors, 0 warnings, 24 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PULL 3/3] slirp: Add a special case for the NULL socket

[Samuel Thibault]

From: Kevin Cernekee 

NULL sockets are used for NDP, BOOTP, and other critical operations.
If the topmost mbuf in a NULL session is blocked pending resolution,
it may cause problems if it blocks other packets with a NULL socket.
So do not add mbufs with a NULL socket field to the same session.

Signed-off-by: Kevin Cernekee 
Signed-off-by: Samuel Thibault 
---
 slirp/if.c | 18 ++
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/slirp/if.c b/slirp/if.c
index 6262d77495..590753c658 100644
--- a/slirp/if.c
+++ b/slirp/if.c
@@ -73,14 +73,16 @@ if_output(struct socket *so, struct mbuf *ifm)
 * We mustn't put this packet back on the fastq (or we'll send it out 
of order)
 * XXX add cache here?
 */
-   for (ifq = (struct mbuf *) slirp->if_batchq.qh_rlink;
-(struct quehead *) ifq != >if_batchq;
-ifq = ifq->ifq_prev) {
-   if (so == ifq->ifq_so) {
-   /* A match! */
-   ifm->ifq_so = so;
-   ifs_insque(ifm, ifq->ifs_prev);
-   goto diddit;
+   if (so) {
+   for (ifq = (struct mbuf *) slirp->if_batchq.qh_rlink;
+(struct quehead *) ifq != >if_batchq;
+ifq = ifq->ifq_prev) {
+   if (so == ifq->ifq_so) {
+   /* A match! */
+   ifm->ifq_so = so;
+   ifs_insque(ifm, ifq->ifs_prev);
+   goto diddit;
+   }
}
}
 
-- 
2.14.1

[Qemu-devel] [PULL 1/3] slirp: Add explanation for hostfwd parsing failure

[Samuel Thibault]

From: "Dr. David Alan Gilbert" 

e.g.
./x86_64-softmmu/qemu-system-x86_64 -nographic -netdev 
'user,id=vnet,hostfwd=:555.0.0.0:0-:22'
qemu-system-x86_64: -netdev user,id=vnet,hostfwd=:555.0.0.0:0-:22: Invalid host 
forwarding rule ':555.0.0.0:0-:22' (Bad host address)

Signed-off-by: Dr. David Alan Gilbert 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Samuel Thibault 
---
 net/slirp.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/net/slirp.c b/net/slirp.c
index 01ed21c006..318a26e892 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -496,9 +496,11 @@ static int slirp_hostfwd(SlirpState *s, const char 
*redir_str,
 char buf[256];
 int is_udp;
 char *end;
+const char *fail_reason = "Unknown reason";
 
 p = redir_str;
 if (!p || get_str_sep(buf, sizeof(buf), , ':') < 0) {
+fail_reason = "No : separators";
 goto fail_syntax;
 }
 if (!strcmp(buf, "tcp") || buf[0] == '\0') {
@@ -506,35 +508,43 @@ static int slirp_hostfwd(SlirpState *s, const char 
*redir_str,
 } else if (!strcmp(buf, "udp")) {
 is_udp = 1;
 } else {
+fail_reason = "Bad protocol name";
 goto fail_syntax;
 }
 
 if (!legacy_format) {
 if (get_str_sep(buf, sizeof(buf), , ':') < 0) {
+fail_reason = "Missing : separator";
 goto fail_syntax;
 }
 if (buf[0] != '\0' && !inet_aton(buf, _addr)) {
+fail_reason = "Bad host address";
 goto fail_syntax;
 }
 }
 
 if (get_str_sep(buf, sizeof(buf), , legacy_format ? ':' : '-') < 0) {
+fail_reason = "Bad host port separator";
 goto fail_syntax;
 }
 host_port = strtol(buf, , 0);
 if (*end != '\0' || host_port < 0 || host_port > 65535) {
+fail_reason = "Bad host port";
 goto fail_syntax;
 }
 
 if (get_str_sep(buf, sizeof(buf), , ':') < 0) {
+fail_reason = "Missing guest address";
 goto fail_syntax;
 }
 if (buf[0] != '\0' && !inet_aton(buf, _addr)) {
+fail_reason = "Bad guest address";
 goto fail_syntax;
 }
 
 guest_port = strtol(p, , 0);
 if (*end != '\0' || guest_port < 1 || guest_port > 65535) {
+fail_reason = "Bad guest port";
 goto fail_syntax;
 }
 
@@ -547,7 +557,8 @@ static int slirp_hostfwd(SlirpState *s, const char 
*redir_str,
 return 0;
 
  fail_syntax:
-error_setg(errp, "Invalid host forwarding rule '%s'", redir_str);
+error_setg(errp, "Invalid host forwarding rule '%s' (%s)", redir_str,
+   fail_reason);
 return -1;
 }
 
-- 
2.14.1

[Qemu-devel] [PULL 2/3] slirp: Fix intermittent send queue hangs on a socket

[Samuel Thibault]

From: Kevin Cernekee 

if_output() originally sent one mbuf per call and used the slirp->next_m
variable to keep track of where it left off.  But nowadays it tries to
send all of the mbufs from the fastq, and one mbuf from each session on
the batchq.  The next_m variable is both redundant and harmful: there is
a case[0] involving delayed packets in which next_m ends up pointing
to >if_batchq when an active session still exists, and this
blocks all traffic for that session until qemu is restarted.

The test case was created to reproduce a problem that was seen on
long-running Chromium OS VM tests[1] which rapidly create and
destroy ssh connections through hostfwd.

[0] https://pastebin.com/NNy6LreF
[1] https://bugs.chromium.org/p/chromium/issues/detail?id=766323

Signed-off-by: Kevin Cernekee 
Signed-off-by: Samuel Thibault 
---
 slirp/if.c| 51 +--
 slirp/slirp.h |  1 -
 2 files changed, 17 insertions(+), 35 deletions(-)

diff --git a/slirp/if.c b/slirp/if.c
index 51ae0d0e9a..6262d77495 100644
--- a/slirp/if.c
+++ b/slirp/if.c
@@ -30,7 +30,6 @@ if_init(Slirp *slirp)
 {
 slirp->if_fastq.qh_link = slirp->if_fastq.qh_rlink = >if_fastq;
 slirp->if_batchq.qh_link = slirp->if_batchq.qh_rlink = >if_batchq;
-slirp->next_m = (struct mbuf *) >if_batchq;
 }
 
 /*
@@ -100,10 +99,6 @@ if_output(struct socket *so, struct mbuf *ifm)
}
 } else {
ifq = (struct mbuf *) slirp->if_batchq.qh_rlink;
-/* Set next_m if the queue was empty so far */
-if ((struct quehead *) slirp->next_m == >if_batchq) {
-slirp->next_m = ifm;
-}
 }
 
/* Create a new doubly linked list for this session */
@@ -143,21 +138,18 @@ diddit:
 }
 
 /*
- * Send a packet
- * We choose a packet based on its position in the output queues;
+ * Send one packet from each session.
  * If there are packets on the fastq, they are sent FIFO, before
- * everything else.  Otherwise we choose the first packet from the
- * batchq and send it.  the next packet chosen will be from the session
- * after this one, then the session after that one, and so on..  So,
- * for example, if there are 3 ftp session's fighting for bandwidth,
+ * everything else.  Then we choose the first packet from each
+ * batchq session (socket) and send it.
+ * For example, if there are 3 ftp sessions fighting for bandwidth,
  * one packet will be sent from the first session, then one packet
- * from the second session, then one packet from the third, then back
- * to the first, etc. etc.
+ * from the second session, then one packet from the third.
  */
 void if_start(Slirp *slirp)
 {
 uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
-bool from_batchq, next_from_batchq;
+bool from_batchq = false;
 struct mbuf *ifm, *ifm_next, *ifqt;
 
 DEBUG_CALL("if_start");
@@ -167,26 +159,29 @@ void if_start(Slirp *slirp)
 }
 slirp->if_start_busy = true;
 
+struct mbuf *batch_head = NULL;
+if (slirp->if_batchq.qh_link != >if_batchq) {
+batch_head = (struct mbuf *) slirp->if_batchq.qh_link;
+}
+
 if (slirp->if_fastq.qh_link != >if_fastq) {
 ifm_next = (struct mbuf *) slirp->if_fastq.qh_link;
-next_from_batchq = false;
-} else if ((struct quehead *) slirp->next_m != >if_batchq) {
-/* Nothing on fastq, pick up from batchq via next_m */
-ifm_next = slirp->next_m;
-next_from_batchq = true;
+} else if (batch_head) {
+/* Nothing on fastq, pick up from batchq */
+ifm_next = batch_head;
+from_batchq = true;
 } else {
 ifm_next = NULL;
 }
 
 while (ifm_next) {
 ifm = ifm_next;
-from_batchq = next_from_batchq;
 
 ifm_next = ifm->ifq_next;
 if ((struct quehead *) ifm_next == >if_fastq) {
 /* No more packets in fastq, switch to batchq */
-ifm_next = slirp->next_m;
-next_from_batchq = true;
+ifm_next = batch_head;
+from_batchq = true;
 }
 if ((struct quehead *) ifm_next == >if_batchq) {
 /* end of batchq */
@@ -199,11 +194,6 @@ void if_start(Slirp *slirp)
 continue;
 }
 
-if (ifm == slirp->next_m) {
-/* Set which packet to send on next iteration */
-slirp->next_m = ifm->ifq_next;
-}
-
 /* Remove it from the queue */
 ifqt = ifm->ifq_prev;
 remque(ifm);
@@ -214,15 +204,8 @@ void if_start(Slirp *slirp)
 
 insque(next, ifqt);
 ifs_remque(ifm);
-
 if (!from_batchq) {
-/* Next packet in fastq is from the same session */
 ifm_next = next;
-next_from_batchq = false;
-} else if ((struct quehead *) slirp->next_m == >if_batchq) {
- 

[Qemu-devel] [PULL 0/3] slirp updates

[Samuel Thibault]

warning: redirection vers https://people.debian.org/~sthibault/qemu.git/
The following changes since commit 460b6c8e581aa06b86f59eebd9e52edfe7adf417:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging 
(2017-09-23 12:55:40 +0100)

are available in the git repository at:

  http://people.debian.org/~sthibault/qemu.git tags/samuel-thibault

for you to fetch changes up to 13146a83951e045c810c37c5c11c2a016ebc0663:

  slirp: Add a special case for the NULL socket (2017-09-24 20:04:09 +0200)


slirp updates


Dr. David Alan Gilbert (1):
  slirp: Add explanation for hostfwd parsing failure

Kevin Cernekee (2):
  slirp: Fix intermittent send queue hangs on a socket
  slirp: Add a special case for the NULL socket

 net/slirp.c   | 13 ++-
 slirp/if.c| 69 +++
 slirp/slirp.h |  1 -
 3 files changed, 39 insertions(+), 44 deletions(-)

Re: [Qemu-devel] [PATCH 2/2] slirp: Add a special case for the NULL socket

[Samuel Thibault]

Kevin Cernekee, on mer. 20 sept. 2017 13:42:05 -0700, wrote:
> NULL sockets are used for NDP, BOOTP, and other critical operations.
> If the topmost mbuf in a NULL session is blocked pending resolution,
> it may cause problems if it blocks other packets with a NULL socket.
> So do not add mbufs with a NULL socket field to the same session.

That makes a lot of sense indeed, applied to my tree.

Thanks!
Samuel

Re: [Qemu-devel] [PATCH 1/2] slirp: Fix intermittent send queue hangs on a socket

[Samuel Thibault]

Hello,

Kevin Cernekee, on mer. 20 sept. 2017 13:42:04 -0700, wrote:
> if_output() originally sent one mbuf per call and used the slirp->next_m
> variable to keep track of where it left off.  But nowadays it tries to
> send all of the mbufs from the fastq, and one mbuf from each session on
> the batchq.  The next_m variable is both redundant and harmful: there is
> a case[0] involving delayed packets in which next_m ends up pointing
> to >if_batchq when an active session still exists, and this
> blocks all traffic for that session until qemu is restarted.

That also makes things simpler, I applied it to my tree, thanks!

Samuel

Re: [Qemu-devel] [PATCH] chardev/baum: fix baum that releases brlapi twice

[Marc-André Lureau]

- Original Message -
> Error process of baum_chr_open needs to set brlapi null, so it won't
> get released twice in char_braille_finalize, which will cause
> "/usr/bin/qemu-system-x86_64: double free or corruption (!prev)"
> 
> Signed-off-by: Liang Yan 

Reviewed-by: Marc-André Lureau 

> ---
>  chardev/baum.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/chardev/baum.c b/chardev/baum.c
> index 302dd9666c..67fd783a59 100644
> --- a/chardev/baum.c
> +++ b/chardev/baum.c
> @@ -643,6 +643,7 @@ static void baum_chr_open(Chardev *chr,
>  error_setg(errp, "brlapi__openConnection: %s",
> brlapi_strerror(brlapi_error_location()));
>  g_free(handle);
> +baum->brlapi = NULL;
>  return;
>  }
>  baum->deferred_init = 0;
> --
> 2.14.1
> 
> 

Re: [Qemu-devel] [PATCH] pci: allow 32-bit PCI IO accesses to pass through the PCI bridge

[Mark Cave-Ayland]

On 24/09/17 16:43, Marcel Apfelbaum wrote:

> Hi Mark,
> 
>>> Based on the commit message, I assume this change is guest-visible. If
>>> so, should it be made dependent on a compat property, so that it doesn't
>>> cause problems with migration?
>>
>> In order to enable 32-bit IO accesses the PCI bridge needs to set bit 0
>> in the IO_LIMIT and IO_BASE registers - this bit is read-only to guests,
>> so unless a PCI bridge has this bit set then it's impossible for this
>> change to be guest visible.
>>
>> I did a grep for PCI_IO_RANGE_TYPE_32 and didn't see any existing users
>> (other than an upcoming patchset from me!), so this combined with the
>> fact that without this patch the feature is broken makes me think that I
>> am the first user and so existing guests won't have a problem.
>>
> 
> (adding Dave for his expertise)
> 
> Do you know how the migration code will behave if it will have
> a 65k address space on source and MAX UINT on destination?
> (and the other way around for rolling back)

Thanks Marcel. I should add that qemu-system-sparc64 isn't currently
migratable anyhow, so if with my upcoming patch qemu-system-sparc64 is
still the only user of PCI_IO_RANGE_TYPE_32 then that won't cause me any
particular issue trying to migrate to earlier versions.

Also in my local tests without the patch applied, the guest always
panics during boot trying to access the IO space above 64K so I can't
see there's a way that an older guest could boot in order to migrate
forward either.


ATB,

Mark.

Re: [Qemu-devel] [PATCH] pci: allow 32-bit PCI IO accesses to pass through the PCI bridge

[Marcel Apfelbaum]

On 23/09/2017 11:23, Mark Cave-Ayland wrote:

On 22/09/17 23:18, Laszlo Ersek wrote:


On 09/22/17 14:18, Mark Cave-Ayland wrote:

Whilst the underlying PCI bridge implementation supports 32-bit PCI IO
accesses, unfortunately they are truncated at the legacy 64K limit.

Signed-off-by: Mark Cave-Ayland 
---
  hw/pci/pci_bridge.c |3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
index 17feae5..a47d257 100644
--- a/hw/pci/pci_bridge.c
+++ b/hw/pci/pci_bridge.c
@@ -379,7 +379,8 @@ void pci_bridge_initfn(PCIDevice *dev, const char *typename)
  sec_bus->address_space_mem = >address_space_mem;
  memory_region_init(>address_space_mem, OBJECT(br), "pci_bridge_pci", 
UINT64_MAX);
  sec_bus->address_space_io = >address_space_io;
-memory_region_init(>address_space_io, OBJECT(br), "pci_bridge_io", 
65536);
+memory_region_init(>address_space_io, OBJECT(br), "pci_bridge_io",
+   UINT32_MAX);
  br->windows = pci_bridge_region_init(br);
  QLIST_INIT(_bus->child);
  QLIST_INSERT_HEAD(>child, sec_bus, sibling);





Hi Mark,


Based on the commit message, I assume this change is guest-visible. If
so, should it be made dependent on a compat property, so that it doesn't
cause problems with migration?


In order to enable 32-bit IO accesses the PCI bridge needs to set bit 0
in the IO_LIMIT and IO_BASE registers - this bit is read-only to guests,
so unless a PCI bridge has this bit set then it's impossible for this
change to be guest visible.

I did a grep for PCI_IO_RANGE_TYPE_32 and didn't see any existing users
(other than an upcoming patchset from me!), so this combined with the
fact that without this patch the feature is broken makes me think that I
am the first user and so existing guests won't have a problem.



(adding Dave for his expertise)

Do you know how the migration code will behave if it will have
a 65k address space on source and MAX UINT on destination?
(and the other way around for rolling back)

Thanks,
Marcel



ATB,

Mark.

[Qemu-devel] [PATCH 5/7] macio: use object link between MACIO_IDE and MAC_DBDMA object

[Mark Cave-Ayland]

Using a standard QOM object link we can pass a reference to the MAC_DBDMA
controller to the MACIO_IDE object which removes the last external parameter
to macio_ide_register_dma().

Signed-off-by: Mark Cave-Ayland 
---
 hw/ide/macio.c|9 ++---
 hw/misc/macio/macio.c |3 ++-
 hw/ppc/mac.h  |2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index 19d5f5a..ce194c6 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -450,6 +450,10 @@ static void macio_ide_initfn(Object *obj)
 sysbus_init_irq(d, >real_dma_irq);
 s->dma_irq = qemu_allocate_irq(pmac_ide_irq, s, 0);
 s->ide_irq = qemu_allocate_irq(pmac_ide_irq, s, 1);
+
+object_property_add_link(obj, "dbdma", TYPE_MAC_DBDMA,
+ (Object **) >dbdma,
+ qdev_prop_allow_set_link_before_realize, 0, NULL);
 }
 
 static Property macio_ide_properties[] = {
@@ -493,10 +497,9 @@ void macio_ide_init_drives(MACIOIDEState *s, DriveInfo 
**hd_table)
 }
 }
 
-void macio_ide_register_dma(MACIOIDEState *s, void *dbdma)
+void macio_ide_register_dma(MACIOIDEState *s)
 {
-s->dbdma = dbdma;
-DBDMA_register_channel(dbdma, s->channel, s->dma_irq,
+DBDMA_register_channel(s->dbdma, s->channel, s->dma_irq,
pmac_ide_transfer, pmac_ide_flush, s);
 }
 
diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 41b377e..9aa7e75 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -160,7 +160,8 @@ static void macio_realize_ide(MacIOState *s, MACIOIDEState 
*ide,
 sysbus_connect_irq(sysbus_dev, 0, irq0);
 sysbus_connect_irq(sysbus_dev, 1, irq1);
 qdev_prop_set_uint32(DEVICE(ide), "channel", dmaid);
-macio_ide_register_dma(ide, s->dbdma);
+object_property_set_link(OBJECT(ide), OBJECT(s->dbdma), "dbdma", errp);
+macio_ide_register_dma(ide);
 
 object_property_set_bool(OBJECT(ide), true, "realized", errp);
 }
diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
index b3a26c4..b501af1 100644
--- a/hw/ppc/mac.h
+++ b/hw/ppc/mac.h
@@ -147,7 +147,7 @@ typedef struct MACIOIDEState {
 } MACIOIDEState;
 
 void macio_ide_init_drives(MACIOIDEState *ide, DriveInfo **hd_table);
-void macio_ide_register_dma(MACIOIDEState *ide, void *dbdma);
+void macio_ide_register_dma(MACIOIDEState *ide);
 
 void macio_init(PCIDevice *dev,
 MemoryRegion *pic_mem,
-- 
1.7.10.4

[Qemu-devel] [PATCH 7/7] mac_dbdma: change DBDMA_kick to a MAC_DBDMA type method

[Mark Cave-Ayland]

With this we can now remove the last external method used to interface
between macio and DBDMA.

Signed-off-by: Mark Cave-Ayland 
---
 hw/ide/macio.c |3 ++-
 hw/misc/macio/mac_dbdma.c  |   19 ++-
 include/hw/ppc/mac_dbdma.h |4 +---
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index b296017..6f7f286 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -384,6 +384,7 @@ static void ide_dbdma_start(IDEDMA *dma, IDEState *s,
 BlockCompletionFunc *cb)
 {
 MACIOIDEState *m = container_of(dma, MACIOIDEState, dma);
+DBDMAState *dbdma = (DBDMAState *)m->dbdma;
 
 s->io_buffer_index = 0;
 if (s->drive_kind == IDE_CD) {
@@ -399,7 +400,7 @@ static void ide_dbdma_start(IDEDMA *dma, IDEState *s,
 MACIO_DPRINTF("-\n");
 
 m->dma_active = true;
-DBDMA_kick(m->dbdma);
+dbdma->kick(dbdma);
 }
 
 static const IDEDMAOps dbdma_ops = {
diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index addb97d..f8375db 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -301,6 +301,11 @@ wait:
 channel_run(ch);
 }
 
+static void dbdma_kick(DBDMAState *dbdma)
+{
+qemu_bh_schedule(dbdma->bh);
+}
+
 static void start_output(DBDMA_channel *ch, int key, uint32_t addr,
 uint16_t req_count, int is_last)
 {
@@ -381,7 +386,7 @@ static void load_word(DBDMA_channel *ch, int key, uint32_t 
addr,
 next(ch);
 
 wait:
-DBDMA_kick(dbdma_from_ch(ch));
+dbdma_kick(dbdma_from_ch(ch));
 }
 
 static void store_word(DBDMA_channel *ch, int key, uint32_t addr,
@@ -413,7 +418,7 @@ static void store_word(DBDMA_channel *ch, int key, uint32_t 
addr,
 next(ch);
 
 wait:
-DBDMA_kick(dbdma_from_ch(ch));
+dbdma_kick(dbdma_from_ch(ch));
 }
 
 static void nop(DBDMA_channel *ch)
@@ -430,7 +435,7 @@ static void nop(DBDMA_channel *ch)
 conditional_branch(ch);
 
 wait:
-DBDMA_kick(dbdma_from_ch(ch));
+dbdma_kick(dbdma_from_ch(ch));
 }
 
 static void stop(DBDMA_channel *ch)
@@ -552,11 +557,6 @@ static void DBDMA_run_bh(void *opaque)
 DBDMA_DPRINTF("<- DBDMA_run_bh\n");
 }
 
-void DBDMA_kick(DBDMAState *dbdma)
-{
-qemu_bh_schedule(dbdma->bh);
-}
-
 static void
 dbdma_register_channel(DBDMAState *s, int nchan, qemu_irq irq,
DBDMA_rw rw, DBDMA_flush flush, void *opaque)
@@ -686,7 +686,7 @@ static void dbdma_control_write(DBDMA_channel *ch)
 
 /* If active, make sure the BH gets to run */
 if (status & ACTIVE) {
-DBDMA_kick(dbdma_from_ch(ch));
+dbdma_kick(dbdma_from_ch(ch));
 }
 }
 
@@ -904,6 +904,7 @@ static void mac_dbdma_init(Object *obj)
 sysbus_init_mmio(sbd, >mem);
 
 s->register_channel = dbdma_register_channel;
+s->kick = dbdma_kick;
 }
 
 static void mac_dbdma_realize(DeviceState *dev, Error **errp)
diff --git a/include/hw/ppc/mac_dbdma.h b/include/hw/ppc/mac_dbdma.h
index d6a38c5..a30f8d8 100644
--- a/include/hw/ppc/mac_dbdma.h
+++ b/include/hw/ppc/mac_dbdma.h
@@ -169,11 +169,9 @@ typedef struct DBDMAState {
 
 void (*register_channel)(struct DBDMAState *s, int nchan, qemu_irq irq,
  DBDMA_rw rw, DBDMA_flush flush, void *opaque);
+void (*kick)(struct DBDMAState *s);
 } DBDMAState;
 
-/* Externally callable functions */
-void DBDMA_kick(DBDMAState *dbdma);
-
 #define TYPE_MAC_DBDMA "mac-dbdma"
 #define MAC_DBDMA(obj) OBJECT_CHECK(DBDMAState, (obj), TYPE_MAC_DBDMA)
 
-- 
1.7.10.4

[Qemu-devel] [PATCH 3/7] mac_dbdma: remove DBDMA_init() function

[Mark Cave-Ayland]

Instead we can now instantiate the MAC_DBDMA object directly within the
macio device. We also add the DBDMA device as a child property so that
it is possible to retrieve later.

Signed-off-by: Mark Cave-Ayland 
---
 hw/misc/macio/mac_dbdma.c  |   14 --
 hw/misc/macio/macio.c  |   16 
 include/hw/ppc/mac_dbdma.h |1 -
 3 files changed, 12 insertions(+), 19 deletions(-)

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index 302f131..0eddf2e 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -886,20 +886,6 @@ static void dbdma_unassigned_flush(DBDMA_io *io)
   __func__, ch->channel);
 }
 
-void* DBDMA_init (MemoryRegion **dbdma_mem)
-{
-DBDMAState *s;
-SysBusDevice *sbd;
-
-s = MAC_DBDMA(object_new(TYPE_MAC_DBDMA));
-object_property_set_bool(OBJECT(s), true, "realized", NULL);
-
-sbd = SYS_BUS_DEVICE(s);
-*dbdma_mem = sysbus_mmio_get_region(sbd, 0);
-
-return s;
-}
-
 static void mac_dbdma_init(Object *obj)
 {
 SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 5d57f45..f459f17 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -41,7 +41,7 @@ typedef struct MacIOState
 
 MemoryRegion bar;
 CUDAState cuda;
-void *dbdma;
+DBDMAState *dbdma;
 MemoryRegion *pic_mem;
 MemoryRegion *escc_mem;
 uint64_t frequency;
@@ -127,10 +127,15 @@ static void macio_common_realize(PCIDevice *d, Error 
**errp)
 MacIOState *s = MACIO(d);
 SysBusDevice *sysbus_dev;
 Error *err = NULL;
-MemoryRegion *dbdma_mem;
 
-s->dbdma = DBDMA_init(_mem);
-memory_region_add_subregion(>bar, 0x08000, dbdma_mem);
+object_property_set_bool(OBJECT(s->dbdma), true, "realized", );
+if (err) {
+error_propagate(errp, err);
+return;
+}
+sysbus_dev = SYS_BUS_DEVICE(s->dbdma);
+memory_region_add_subregion(>bar, 0x08000,
+sysbus_mmio_get_region(sysbus_dev, 0));
 
 object_property_set_bool(OBJECT(>cuda), true, "realized", );
 if (err) {
@@ -334,6 +339,9 @@ static void macio_instance_init(Object *obj)
 object_initialize(>cuda, sizeof(s->cuda), TYPE_CUDA);
 qdev_set_parent_bus(DEVICE(>cuda), sysbus_get_default());
 object_property_add_child(obj, "cuda", OBJECT(>cuda), NULL);
+
+s->dbdma = MAC_DBDMA(object_new(TYPE_MAC_DBDMA));
+object_property_add_child(obj, "dbdma", OBJECT(s->dbdma), NULL);
 }
 
 static const VMStateDescription vmstate_macio_oldworld = {
diff --git a/include/hw/ppc/mac_dbdma.h b/include/hw/ppc/mac_dbdma.h
index 4bc6274..26cc469 100644
--- a/include/hw/ppc/mac_dbdma.h
+++ b/include/hw/ppc/mac_dbdma.h
@@ -174,7 +174,6 @@ void DBDMA_register_channel(void *dbdma, int nchan, 
qemu_irq irq,
 DBDMA_rw rw, DBDMA_flush flush,
 void *opaque);
 void DBDMA_kick(DBDMAState *dbdma);
-void* DBDMA_init (MemoryRegion **dbdma_mem);
 
 #define TYPE_MAC_DBDMA "mac-dbdma"
 #define MAC_DBDMA(obj) OBJECT_CHECK(DBDMAState, (obj), TYPE_MAC_DBDMA)
-- 
1.7.10.4

[Qemu-devel] [PATCH 6/7] mac_dbdma: change DBDMA_register_channel to a MAC_DBDMA type method

[Mark Cave-Ayland]

Using this we can change the MACIO_IDE instance to register the channel
itself via a type method instead of requiring a separate
DBDMA_register_channel() function.

As a consequence of this it is now possible to remove the old external
macio_ide_register_dma() function.

Signed-off-by: Mark Cave-Ayland 
---
 hw/ide/macio.c |   12 ++--
 hw/misc/macio/mac_dbdma.c  |9 +
 hw/misc/macio/macio.c  |1 -
 include/hw/ppc/mac_dbdma.h |9 -
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index ce194c6..b296017 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -411,12 +411,18 @@ static const IDEDMAOps dbdma_ops = {
 static void macio_ide_realizefn(DeviceState *dev, Error **errp)
 {
 MACIOIDEState *s = MACIO_IDE(dev);
+DBDMAState *dbdma;
 
 ide_init2(>bus, s->ide_irq);
 
 /* Register DMA callbacks */
 s->dma.ops = _ops;
 s->bus.dma = >dma;
+
+/* Register DBDMA channel */
+dbdma = MAC_DBDMA(object_property_get_link(OBJECT(dev), "dbdma", errp));
+dbdma->register_channel(dbdma, s->channel, s->dma_irq,
+pmac_ide_transfer, pmac_ide_flush, s);
 }
 
 static void pmac_ide_irq(void *opaque, int n, int level)
@@ -497,10 +503,4 @@ void macio_ide_init_drives(MACIOIDEState *s, DriveInfo 
**hd_table)
 }
 }
 
-void macio_ide_register_dma(MACIOIDEState *s)
-{
-DBDMA_register_channel(s->dbdma, s->channel, s->dma_irq,
-   pmac_ide_transfer, pmac_ide_flush, s);
-}
-
 type_init(macio_ide_register_types)
diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index 0eddf2e..addb97d 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -557,11 +557,10 @@ void DBDMA_kick(DBDMAState *dbdma)
 qemu_bh_schedule(dbdma->bh);
 }
 
-void DBDMA_register_channel(void *dbdma, int nchan, qemu_irq irq,
-DBDMA_rw rw, DBDMA_flush flush,
-void *opaque)
+static void
+dbdma_register_channel(DBDMAState *s, int nchan, qemu_irq irq,
+   DBDMA_rw rw, DBDMA_flush flush, void *opaque)
 {
-DBDMAState *s = dbdma;
 DBDMA_channel *ch = >channels[nchan];
 
 DBDMA_DPRINTFCH(ch, "DBDMA_register_channel 0x%x\n", nchan);
@@ -903,6 +902,8 @@ static void mac_dbdma_init(Object *obj)
 
 memory_region_init_io(>mem, obj, _ops, s, "dbdma", 0x1000);
 sysbus_init_mmio(sbd, >mem);
+
+s->register_channel = dbdma_register_channel;
 }
 
 static void mac_dbdma_realize(DeviceState *dev, Error **errp)
diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index 9aa7e75..51a 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -161,7 +161,6 @@ static void macio_realize_ide(MacIOState *s, MACIOIDEState 
*ide,
 sysbus_connect_irq(sysbus_dev, 1, irq1);
 qdev_prop_set_uint32(DEVICE(ide), "channel", dmaid);
 object_property_set_link(OBJECT(ide), OBJECT(s->dbdma), "dbdma", errp);
-macio_ide_register_dma(ide);
 
 object_property_set_bool(OBJECT(ide), true, "realized", errp);
 }
diff --git a/include/hw/ppc/mac_dbdma.h b/include/hw/ppc/mac_dbdma.h
index 26cc469..d6a38c5 100644
--- a/include/hw/ppc/mac_dbdma.h
+++ b/include/hw/ppc/mac_dbdma.h
@@ -160,19 +160,18 @@ typedef struct DBDMA_channel {
 dbdma_cmd current;
 } DBDMA_channel;
 
-typedef struct {
+typedef struct DBDMAState {
 SysBusDevice parent_obj;
 
 MemoryRegion mem;
 DBDMA_channel channels[DBDMA_CHANNELS];
 QEMUBH *bh;
+
+void (*register_channel)(struct DBDMAState *s, int nchan, qemu_irq irq,
+ DBDMA_rw rw, DBDMA_flush flush, void *opaque);
 } DBDMAState;
 
 /* Externally callable functions */
-
-void DBDMA_register_channel(void *dbdma, int nchan, qemu_irq irq,
-DBDMA_rw rw, DBDMA_flush flush,
-void *opaque);
 void DBDMA_kick(DBDMAState *dbdma);
 
 #define TYPE_MAC_DBDMA "mac-dbdma"
-- 
1.7.10.4

[Qemu-devel] [PATCH 2/7] mac_dbdma: QOMify

[Mark Cave-Ayland]

Signed-off-by: Mark Cave-Ayland 
---
 hw/misc/macio/mac_dbdma.c  |   59 
 include/hw/ppc/mac_dbdma.h |6 +
 2 files changed, 55 insertions(+), 10 deletions(-)

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index 9795172..302f131 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -851,13 +851,14 @@ static const VMStateDescription vmstate_dbdma = {
 }
 };
 
-static void dbdma_reset(void *opaque)
+static void mac_dbdma_reset(DeviceState *d)
 {
-DBDMAState *s = opaque;
+DBDMAState *s = MAC_DBDMA(d);
 int i;
 
-for (i = 0; i < DBDMA_CHANNELS; i++)
+for (i = 0; i < DBDMA_CHANNELS; i++) {
 memset(s->channels[i].regs, 0, DBDMA_SIZE);
+}
 }
 
 static void dbdma_unassigned_rw(DBDMA_io *io)
@@ -888,9 +889,22 @@ static void dbdma_unassigned_flush(DBDMA_io *io)
 void* DBDMA_init (MemoryRegion **dbdma_mem)
 {
 DBDMAState *s;
-int i;
+SysBusDevice *sbd;
+
+s = MAC_DBDMA(object_new(TYPE_MAC_DBDMA));
+object_property_set_bool(OBJECT(s), true, "realized", NULL);
+
+sbd = SYS_BUS_DEVICE(s);
+*dbdma_mem = sysbus_mmio_get_region(sbd, 0);
 
-s = g_malloc0(sizeof(DBDMAState));
+return s;
+}
+
+static void mac_dbdma_init(Object *obj)
+{
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+DBDMAState *s = MAC_DBDMA(obj);
+int i;
 
 for (i = 0; i < DBDMA_CHANNELS; i++) {
 DBDMA_channel *ch = >channels[i];
@@ -901,12 +915,37 @@ void* DBDMA_init (MemoryRegion **dbdma_mem)
 ch->io.channel = ch;
 }
 
-memory_region_init_io(>mem, NULL, _ops, s, "dbdma", 0x1000);
-*dbdma_mem = >mem;
-vmstate_register(NULL, -1, _dbdma, s);
-qemu_register_reset(dbdma_reset, s);
+memory_region_init_io(>mem, obj, _ops, s, "dbdma", 0x1000);
+sysbus_init_mmio(sbd, >mem);
+}
+
+static void mac_dbdma_realize(DeviceState *dev, Error **errp)
+{
+DBDMAState *s = MAC_DBDMA(dev);
 
 s->bh = qemu_bh_new(DBDMA_run_bh, s);
+}
 
-return s;
+static void mac_dbdma_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+
+dc->realize = mac_dbdma_realize;
+dc->reset = mac_dbdma_reset;
+dc->vmsd = _dbdma;
 }
+
+static const TypeInfo mac_dbdma_type_info = {
+.name = TYPE_MAC_DBDMA,
+.parent = TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(DBDMAState),
+.instance_init = mac_dbdma_init,
+.class_init = mac_dbdma_class_init
+};
+
+static void mac_dbdma_register_types(void)
+{
+type_register_static(_dbdma_type_info);
+}
+
+type_init(mac_dbdma_register_types)
diff --git a/include/hw/ppc/mac_dbdma.h b/include/hw/ppc/mac_dbdma.h
index 21bd66f..4bc6274 100644
--- a/include/hw/ppc/mac_dbdma.h
+++ b/include/hw/ppc/mac_dbdma.h
@@ -26,6 +26,7 @@
 #include "exec/memory.h"
 #include "qemu/iov.h"
 #include "sysemu/dma.h"
+#include "hw/sysbus.h"
 
 typedef struct DBDMA_io DBDMA_io;
 
@@ -160,6 +161,8 @@ typedef struct DBDMA_channel {
 } DBDMA_channel;
 
 typedef struct {
+SysBusDevice parent_obj;
+
 MemoryRegion mem;
 DBDMA_channel channels[DBDMA_CHANNELS];
 QEMUBH *bh;
@@ -173,4 +176,7 @@ void DBDMA_register_channel(void *dbdma, int nchan, 
qemu_irq irq,
 void DBDMA_kick(DBDMAState *dbdma);
 void* DBDMA_init (MemoryRegion **dbdma_mem);
 
+#define TYPE_MAC_DBDMA "mac-dbdma"
+#define MAC_DBDMA(obj) OBJECT_CHECK(DBDMAState, (obj), TYPE_MAC_DBDMA)
+
 #endif
-- 
1.7.10.4

[Qemu-devel] [PATCH 4/7] macio: pass channel into MACIOIDEState via qdev property

[Mark Cave-Ayland]

One of the reasons macio_ide_register_dma() needs to exist is because the
channel id isn't passed into the MACIO_IDE object. Pass in the channel id
using a qdev property to remove this requirement.

Signed-off-by: Mark Cave-Ayland 
---
 hw/ide/macio.c|   10 --
 hw/misc/macio/macio.c |4 +++-
 hw/ppc/mac.h  |4 ++--
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/hw/ide/macio.c b/hw/ide/macio.c
index 18ae952..19d5f5a 100644
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -452,12 +452,18 @@ static void macio_ide_initfn(Object *obj)
 s->ide_irq = qemu_allocate_irq(pmac_ide_irq, s, 1);
 }
 
+static Property macio_ide_properties[] = {
+DEFINE_PROP_UINT32("channel", MACIOIDEState, channel, 0),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void macio_ide_class_init(ObjectClass *oc, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(oc);
 
 dc->realize = macio_ide_realizefn;
 dc->reset = macio_ide_reset;
+dc->props = macio_ide_properties;
 dc->vmsd = _pmac;
 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
 }
@@ -487,10 +493,10 @@ void macio_ide_init_drives(MACIOIDEState *s, DriveInfo 
**hd_table)
 }
 }
 
-void macio_ide_register_dma(MACIOIDEState *s, void *dbdma, int channel)
+void macio_ide_register_dma(MACIOIDEState *s, void *dbdma)
 {
 s->dbdma = dbdma;
-DBDMA_register_channel(dbdma, channel, s->dma_irq,
+DBDMA_register_channel(dbdma, s->channel, s->dma_irq,
pmac_ide_transfer, pmac_ide_flush, s);
 }
 
diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
index f459f17..41b377e 100644
--- a/hw/misc/macio/macio.c
+++ b/hw/misc/macio/macio.c
@@ -159,7 +159,9 @@ static void macio_realize_ide(MacIOState *s, MACIOIDEState 
*ide,
 sysbus_dev = SYS_BUS_DEVICE(ide);
 sysbus_connect_irq(sysbus_dev, 0, irq0);
 sysbus_connect_irq(sysbus_dev, 1, irq1);
-macio_ide_register_dma(ide, s->dbdma, dmaid);
+qdev_prop_set_uint32(DEVICE(ide), "channel", dmaid);
+macio_ide_register_dma(ide, s->dbdma);
+
 object_property_set_bool(OBJECT(ide), true, "realized", errp);
 }
 
diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
index 300fc8a..b3a26c4 100644
--- a/hw/ppc/mac.h
+++ b/hw/ppc/mac.h
@@ -131,7 +131,7 @@ typedef struct MACIOIDEState {
 /*< private >*/
 SysBusDevice parent_obj;
 /*< public >*/
-
+uint32_t channel;
 qemu_irq real_ide_irq;
 qemu_irq real_dma_irq;
 qemu_irq ide_irq;
@@ -147,7 +147,7 @@ typedef struct MACIOIDEState {
 } MACIOIDEState;
 
 void macio_ide_init_drives(MACIOIDEState *ide, DriveInfo **hd_table);
-void macio_ide_register_dma(MACIOIDEState *ide, void *dbdma, int channel);
+void macio_ide_register_dma(MACIOIDEState *ide, void *dbdma);
 
 void macio_init(PCIDevice *dev,
 MemoryRegion *pic_mem,
-- 
1.7.10.4

[Qemu-devel] [PATCH 1/7] mac_dbdma: remove unused IO fields from DBDMAState

[Mark Cave-Ayland]

These fields were used to manually handle IO requests that weren't aligned
to a sector boundary before this feature was supported by the block API.

Once the block API changed to support byte-aligned IO requests, the macio
controller was switched over to use it in commit be1e343 but these fields
were accidentally left behind. Remove them, including the initialisation
in DBDMA_init().

Signed-off-by: Mark Cave-Ayland 
---
 hw/misc/macio/mac_dbdma.c  |2 --
 include/hw/ppc/mac_dbdma.h |4 
 2 files changed, 6 deletions(-)

diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c
index 3fe5073..9795172 100644
--- a/hw/misc/macio/mac_dbdma.c
+++ b/hw/misc/macio/mac_dbdma.c
@@ -893,9 +893,7 @@ void* DBDMA_init (MemoryRegion **dbdma_mem)
 s = g_malloc0(sizeof(DBDMAState));
 
 for (i = 0; i < DBDMA_CHANNELS; i++) {
-DBDMA_io *io = >channels[i].io;
 DBDMA_channel *ch = >channels[i];
-qemu_iovec_init(>iov, 1);
 
 ch->rw = dbdma_unassigned_rw;
 ch->flush = dbdma_unassigned_flush;
diff --git a/include/hw/ppc/mac_dbdma.h b/include/hw/ppc/mac_dbdma.h
index a860387..21bd66f 100644
--- a/include/hw/ppc/mac_dbdma.h
+++ b/include/hw/ppc/mac_dbdma.h
@@ -42,10 +42,6 @@ struct DBDMA_io {
 DBDMA_end dma_end;
 /* DMA is in progress, don't start another one */
 bool processing;
-/* unaligned last sector of a request */
-uint8_t head_remainder[0x200];
-uint8_t tail_remainder[0x200];
-QEMUIOVector iov;
 /* DMA request */
 void *dma_mem;
 dma_addr_t dma_len;
-- 
1.7.10.4

[Qemu-devel] [PATCH 0/7] mac_dbdma: tidy-up and QOMify

[Mark Cave-Ayland]

Whilst looking at implementing another DBDMA device for the Mac machines
I noticed a couple of things: firstly there were some unused fields still
in DBDMAState, and secondly the existing code still used global functions
to register DMA channels and handle the relationship between macio IDE and
DBDMA.

This patchset removes the now-unused fields from DBDMA state, QOMifys the
DBDMA device, uses a QOM object link to allow the macio IDE object to
reference the DBDMA device, and then finally removes the global DBDMA_*
functions substituting them instead for QOM methods.

Note: this patchset does not apply to master but on top of David's
ppc-for-2.11 branch since there are merge conflicts with my previous
patchset. Hopefully the Based-On line below is enough to keep patchew
happy, even though it wasn't the final version applied to the ppc-for-2.11
branch.

Signed-off-by: Mark Cave-Ayland 
Based-on: 1505668548-16616-1-git-send-email-mark.cave-ayl...@ilande.co.uk (ppc: 
more Mac-related fixups)


Mark Cave-Ayland (7):
  mac_dbdma: remove unused IO fields from DBDMAState
  mac_dbdma: QOMify
  mac_dbdma: remove DBDMA_init() function
  macio: pass channel into MACIOIDEState via qdev property
  macio: use object link between MACIO_IDE and MAC_DBDMA object
  mac_dbdma: change DBDMA_register_channel to a MAC_DBDMA type method
  mac_dbdma: change DBDMA_kick to a MAC_DBDMA type method

 hw/ide/macio.c |   26 ++-
 hw/misc/macio/mac_dbdma.c  |   79 +---
 hw/misc/macio/macio.c  |   20 ---
 hw/ppc/mac.h   |4 +--
 include/hw/ppc/mac_dbdma.h |   22 ++--
 5 files changed, 97 insertions(+), 54 deletions(-)

-- 
1.7.10.4

Re: [Qemu-devel] [PATCH] docker: add installation to build tests

[Paolo Bonzini]

- Original Message -
> From: "Fam Zheng" 
> To: "Paolo Bonzini" 
> Cc: "alex bennee" , qemu-devel@nongnu.org
> Sent: Sunday, September 24, 2017 4:54:39 AM
> Subject: Re: [Qemu-devel] [PATCH] docker: add installation to build tests
> 
> On Fri, 09/22 17:52, Paolo Bonzini wrote:
> > On 22/09/2017 14:47, Fam Zheng wrote:
> > > On Fri, 09/22 13:42, Paolo Bonzini wrote:
> > >> Drop ccache on Fedora, because it fails on RHEL 7.4, it is not used
> > >> by any other distro and it is not particularly useful on throwaway
> > >> containers.
> > > 
> > > I wonder what exactly failed with ccache? Patchew relies on it to speed
> > > up
> > > compiling every series on the list. The ccache db is not throwaway with
> > > that in
> > > mind - git grep for CCACHE_DIR.
> > 
> > Got it.  For some reason the ccache dir in ~/.cache was owned by root.
> > I zapped it and now it works, so I've sent v2.
> 
> Hmm, right, root in the container can mess with it if you have NOUSER=1, we
> should avoid that.

Aha, so the brokenness happened when RHEL introduced user namespaces and the
container stopped running as root.  Then the persistent part of the
container's filesystem (the ccache dir) couldn't be accessed anymore from
within the user namespace.

Paolo

Re: [Qemu-devel] [PATCH] qemu.py: Call logging.basicConfig() automatically

[Lukáš Doktor]

Dne 22.9.2017 v 11:40 Kevin Wolf napsal(a):
> Am 22.09.2017 um 10:37 hat Lukáš Doktor geschrieben:
>> But we should focus on fixing all the entry points (either initialize
>> from all of them, or force-create the root logger based on the
>> entry-point requirements). Kevin, could you please share the exact
>> reproducer? I used a custom file importing QEMUMachine() with a some
>> added LOG calls.
> 
> I was running qemu-iotests 030 on a development branch that had a bug
> that made qemu segfault. This should result in a logged 'qemu received
> signal 6' message, but only prints the logging error now. The same kind
> of problem affects all Python-based tests in the tree, git grep didn't
> find any that initialise the logger manually.
> 
> In order to reproduce, you can fake such a crash by inserting an HMP
> command like 'qemu-io ide0-hd0 abort' somewhere in a Python-based test.
> 
OK, that's basically what I did. As a proper fix would require all tests to 
initialize logging (even if as an extra call to `iotests.initialize_logging` or 
`qemu.initialize_logging` I think Eduardo's patch actually fits the usage 
within qemu/scripts. Sorry for over-thinking this.

Lukáš

> Kevin
> 




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] xen/disk: don't leak stack data via response ring

[Michael Tokarev]

23.09.2017 19:05, Michael Tokarev wrote:
> 28.06.2017 01:04, Stefano Stabellini wrote:
>> Rather than constructing a local structure instance on the stack, fill
>> the fields directly on the shared ring, just like other (Linux)
>> backends do. Build on the fact that all response structure flavors are
>> actually identical (aside from alignment and padding at the end).
>>
>> This is XSA-216.
>>
>> Reported by: Anthony Perard 
>> Signed-off-by: Jan Beulich 
>> Signed-off-by: Stefano Stabellini 
>> Acked-by: Anthony PERARD 
> 
> Reportedly, after this patch, HVM DomUs running with qemu-system-i386
> (note i386, not x86_64), are leaking memory and host is running out of
> memory rather fast.  See for example https://bugs.debian.org/871702

Looks like this is a false alarm, the problem actually is with
04bf2526ce87f21b32c9acba1c5518708c243ad0 (exec: use qemu_ram_ptr_length
to access guest ram) without f5aa69bdc3418773f26747ca282c291519626ece
(exec: Add lock parameter to qemu_ram_ptr_length).

I applied only 04bf2526ce87f to 2.8, without realizing that we also
need f5aa69bdc3418).

Now when I try to backport f5aa69bdc3418 to 2.8 (on top of 04bf2526ce87f),
I face an interesting logic without also applying 1ff7c5986a515d2d936eba0
(xen/mapcache: store dma information in revmapcache entries for debugging),
the arguments for xen_map_cache in qemu_ram_ptr_length() in these two patches
are quite fun.. :)

Thanks,

/mjt