Re: [Qemu-devel] [PATCH v7 01/23] docs: update QMP documents for OOB commands

[Peter Xu]

On Fri, Feb 09, 2018 at 08:10:53AM -0600, Eric Blake wrote:
> On 01/23/2018 11:39 PM, Peter Xu wrote:
> > Update both the developer and spec for the new QMP OOB (Out-Of-Band)
> > command.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >   docs/devel/qapi-code-gen.txt | 68 
> > 
> >   docs/interop/qmp-spec.txt| 30 ---
> >   2 files changed, 89 insertions(+), 9 deletions(-)
> > 
> > diff --git a/docs/devel/qapi-code-gen.txt b/docs/devel/qapi-code-gen.txt
> > index 06ab699066..4d3db0ad39 100644
> > --- a/docs/devel/qapi-code-gen.txt
> > +++ b/docs/devel/qapi-code-gen.txt
> > @@ -554,9 +554,12 @@ following example objects:
> >   === Commands ===
> > +--- General Command Layout ---
> > +
> >   Usage: { 'command': STRING, '*data': COMPLEX-TYPE-NAME-OR-DICT,
> >'*returns': TYPE-NAME, '*boxed': true,
> > - '*gen': false, '*success-response': false }
> > + '*gen': false, '*success-response': false,
> > + '*allow-oob': false }
> 
> Shouldn't this be '*allow-oob': true, as the only time you add the field is
> if you turn oob on (as it already defaults to off)?
> 
> >   Commands are defined by using a dictionary containing several members,
> >   where three members are most common.  The 'command' member is a
> > @@ -636,6 +639,59 @@ possible, the command expression should include the 
> > optional key
> >   'success-response' with boolean value false.  So far, only QGA makes
> >   use of this member.
> > +A command can be declared to support Out-Of-Band (OOB) execution.  By
> > +default, commands do not support OOB.  To declare a command to support
> 
> s/to support/that supports/
> 
> > +it, we need an extra 'allow-oob' field.  For example:
> > +
> > + { 'command': 'migrate_recover',
> > +   'data': { 'uri': 'str' }, 'allow-oob': true }
> > +
> > +To execute a command in Out-Of-Band way, we need to specify the
> > +"control" field in the request, with "run-oob" set to true. Example:
> > +
> > + => { "execute": "command-support-oob",
> > +  "arguments": { ... },
> > +  "control": { "run-oob": true } }
> > + <= { "return": { } }
> 
> This talks more about the QMP user protocol, while the rest of the document
> is about QAPI constructs.  But we do have an example of 'my-first-command'
> in the document, so I guess this is okay.
> 
> > +
> > +Without it, even the commands that support out-of-band execution will
> > +still be run In-Band.
> > +
> > +Please read the "Out-Of-Band Command Execution" section below for more
> > +information on how OOB execution works.
> > +
> > +--- About Out-Of-Band (OOB) Command Execution ---
> 
> Do we really need the paragraph mentioning a forward reference, when the
> very next thing is the item that was referenced?

Yeah, I can remove that paragraph.

For all the rest of comments (above or below, which I omitted), all of
them make sense, and I'll fix accordingly.  Thanks for reviewing.

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 1/3] qapi: Pass '-u' when doing non-silent diff

[Philippe Mathieu-Daudé]

On Sat, Feb 10, 2018 at 9:40 PM, Eric Blake  wrote:
> Ed-script diffs are awful compared to context diffs.  Fix another
> 'diff -q' while in the area (if the files are different, being
> noisy makes it easier to diagnose why).
>
> Fixes: 46ec4fce
> Signed-off-by: Eric Blake 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  tests/Makefile.include | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/tests/Makefile.include b/tests/Makefile.include
> index f41da235aef..375f31b5bc0 100644
> --- a/tests/Makefile.include
> +++ b/tests/Makefile.include
> @@ -919,14 +919,14 @@ $(patsubst %, check-%, $(check-qapi-schema-y)): 
> check-%.json: $(SRC_PATH)/%.json
> $^ >$*.test.out 2>$*.test.err; \
> echo $$? >$*.test.exit, \
> "TEST","$*.out")
> -   @diff $(SRC_PATH)/$*.out $*.test.out
> +   @diff -u $(SRC_PATH)/$*.out $*.test.out
> @# Sanitize error messages (make them independent of build directory)
> -   @perl -p -e 's|\Q$(SRC_PATH)\E/||g' $*.test.err | diff 
> $(SRC_PATH)/$*.err -
> -   @diff $(SRC_PATH)/$*.exit $*.test.exit
> +   @perl -p -e 's|\Q$(SRC_PATH)\E/||g' $*.test.err | diff -u 
> $(SRC_PATH)/$*.err -
> +   @diff -u $(SRC_PATH)/$*.exit $*.test.exit
>
>  .PHONY: check-tests/qapi-schema/doc-good.texi
>  check-tests/qapi-schema/doc-good.texi: tests/qapi-schema/doc-good.test.texi
> -   @diff -q $(SRC_PATH)/tests/qapi-schema/doc-good.texi $<
> +   @diff -u $(SRC_PATH)/tests/qapi-schema/doc-good.texi $<
>
>  # Consolidated targets
>
> --
> 2.14.3
>
>

Re: [Qemu-devel] [RFC PATCH] vfio/pci: Add ioeventfd support

[Peter Xu]

On Fri, Feb 09, 2018 at 02:45:41PM -0700, Alex Williamson wrote:
> On Fri, 9 Feb 2018 15:05:11 +0800
> Peter Xu  wrote:
> 
> > On Tue, Feb 06, 2018 at 05:08:14PM -0700, Alex Williamson wrote:
> > 
> > [...]
> > 
> > > +long vfio_pci_ioeventfd(struct vfio_pci_device *vdev, loff_t offset,
> > > + uint64_t data, int count, int fd)
> > > +{
> > > + struct pci_dev *pdev = vdev->pdev;
> > > + loff_t pos = offset & VFIO_PCI_OFFSET_MASK;
> > > + int ret, bar = VFIO_PCI_OFFSET_TO_INDEX(offset);
> > > + struct vfio_pci_ioeventfd *ioeventfd;
> > > + int (*handler)(void *, void *);
> > > + unsigned long val;
> > > +
> > > + /* Only support ioeventfds into BARs */
> > > + if (bar > VFIO_PCI_BAR5_REGION_INDEX)
> > > + return -EINVAL;
> > > +
> > > + if (pos + count > pci_resource_len(pdev, bar))
> > > + return -EINVAL;
> > > +
> > > + /* Disallow ioeventfds working around MSI-X table writes */
> > > + if (bar == vdev->msix_bar &&
> > > + !(pos + count <= vdev->msix_offset ||
> > > +   pos >= vdev->msix_offset + vdev->msix_size))
> > > + return -EINVAL;
> > > +
> > > + switch (count) {
> > > + case 1:
> > > + handler = _pci_ioeventfd_handler8;
> > > + val = data;
> > > + break;
> > > + case 2:
> > > + handler = _pci_ioeventfd_handler16;
> > > + val = le16_to_cpu(data);
> > > + break;
> > > + case 4:
> > > + handler = _pci_ioeventfd_handler32;
> > > + val = le32_to_cpu(data);
> > > + break;
> > > +#ifdef iowrite64
> > > + case 8:
> > > + handler = _pci_ioeventfd_handler64;
> > > + val = le64_to_cpu(data);
> > > + break;
> > > +#endif
> > > + default:
> > > + return -EINVAL;
> > > + }
> > > +
> > > + ret = vfio_pci_setup_barmap(vdev, bar);
> > > + if (ret)
> > > + return ret;
> > > +
> > > + mutex_lock(>ioeventfds_lock);
> > > +
> > > + list_for_each_entry(ioeventfd, >ioeventfds_list, next) {
> > > + if (ioeventfd->pos == pos && ioeventfd->bar == bar &&
> > > + ioeventfd->data == data && ioeventfd->count == count) {
> > > + if (fd == -1) {
> > > + vfio_virqfd_disable(>virqfd);
> > > + list_del(>next);
> > > + kfree(ioeventfd);
> > > + ret = 0;
> > > + } else
> > > + ret = -EEXIST;
> > > +
> > > + goto out_unlock;
> > > + }
> > > + }
> > > +
> > > + if (fd < 0) {
> > > + ret = -ENODEV;
> > > + goto out_unlock;
> > > + }
> > > +
> > > + ioeventfd = kzalloc(sizeof(*ioeventfd), GFP_KERNEL);
> > > + if (!ioeventfd) {
> > > + ret = -ENOMEM;
> > > + goto out_unlock;
> > > + }
> > > +
> > > + ioeventfd->pos = pos;
> > > + ioeventfd->bar = bar;
> > > + ioeventfd->data = data;
> > > + ioeventfd->count = count;
> > > +
> > > + ret = vfio_virqfd_enable(vdev->barmap[ioeventfd->bar] + ioeventfd->pos,
> > > +  handler, NULL, (void *)val,
> > > +  >virqfd, fd);
> > > + if (ret) {
> > > + kfree(ioeventfd);
> > > + goto out_unlock;
> > > + }
> > > +
> > > + list_add(>next, >ioeventfds_list);  
> > 
> > Is there a limit on how many ioeventfds that can be created?
> > 
> > IIUC we'll create this eventfd "automatically" if a MMIO addr/data
> > triggered continuously for N=10 times, then would it be safer we have
> > a limitation on maximum eventfds?  Or not sure whether a malicious
> > guest can consume the host memory by sending:
> > 
> > - addr1/data1, 10 times
> > - addr2/data2, 10 times
> > - ...
> > 
> > To create unlimited ioeventfds?  Thanks,
> 
> Good question, it is somewhat exploitable in the guest the way it's
> written, however a user process does have an open file limit and each
> eventfd consumes a file handle, so unless someone is running QEMU with
> unlimited file handles, there is a built-in limit.  Two problems remain
> though:
> 
> First, is it still a bad idea that a user within a guest can target
> this device page to consume all of the QEMU process' open file handles,
> even if ultimately they're only harming themselves?  What would a
> reasonable cap of file descriptors for this purpose be?  How would we
> know which are actively used and which could be expired?  Currently
> only 2 are registered, the MSI-ACK address and some unknown secondary
> one that's low frequency, but enough to trigger the algorithm here (and
> doesn't seem harmful to let it get enabled).  We could therefore
> arbitrarily pick 5 as an upper limit here, maybe with a warning if the
> code hits that limit.
> 
> Second, is there still an exploit in the proposed vfio interface that a
> user could re-use a single file descriptor for multiple vfio
> ioeventfds.  I don't know.  I thought about looking to see whether a
> file descriptor is re-used, but then I wondered if that might actually
> 

Re: [Qemu-devel] [RFC PATCH 5/5] vfio/quirks: Enable ioeventfd quirks to be handled by vfio directly

[Peter Xu]

On Fri, Feb 09, 2018 at 03:09:33PM -0700, Alex Williamson wrote:
> On Fri, 9 Feb 2018 15:11:45 +0800
> Peter Xu  wrote:
> 
> > On Tue, Feb 06, 2018 at 05:26:46PM -0700, Alex Williamson wrote:
> > > With vfio ioeventfd support, we can program vfio-pci to perform a
> > > specified BAR write when an eventfd is triggered.  This allows the
> > > KVM ioeventfd to be wired directly to vfio-pci, entirely avoiding
> > > userspace handling for these events.  On the same micro-benchmark
> > > where the ioeventfd got us to almost 90% of performance versus
> > > disabling the GeForce quirks, this gets us to within 95%.
> > > 
> > > Signed-off-by: Alex Williamson 
> > > ---
> > >  hw/vfio/pci-quirks.c |   42 --
> > >  1 file changed, 36 insertions(+), 6 deletions(-)
> > > 
> > > diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
> > > index e739efe601b1..35a4d5197e2d 100644
> > > --- a/hw/vfio/pci-quirks.c
> > > +++ b/hw/vfio/pci-quirks.c
> > > @@ -16,6 +16,7 @@
> > >  #include "qemu/range.h"
> > >  #include "qapi/error.h"
> > >  #include "qapi/visitor.h"
> > > +#include 
> > >  #include "hw/nvram/fw_cfg.h"
> > >  #include "pci.h"
> > >  #include "trace.h"
> > > @@ -287,13 +288,27 @@ static VFIOQuirk *vfio_quirk_alloc(int nr_mem)
> > >  return quirk;
> > >  }
> > >  
> > > -static void vfio_ioeventfd_exit(VFIOIOEventFD *ioeventfd)
> > > +static void vfio_ioeventfd_exit(VFIOPCIDevice *vdev, VFIOIOEventFD 
> > > *ioeventfd)
> > >  {
> > > +struct vfio_device_ioeventfd vfio_ioeventfd;
> > > +
> > >  QLIST_REMOVE(ioeventfd, next);
> > > +
> > >  memory_region_del_eventfd(ioeventfd->mr, ioeventfd->addr, 
> > > ioeventfd->size,
> > >ioeventfd->match_data, ioeventfd->data,
> > >>e);
> > > +
> > >  qemu_set_fd_handler(event_notifier_get_fd(>e), NULL, 
> > > NULL, NULL);
> > > +
> > > +vfio_ioeventfd.argsz = sizeof(vfio_ioeventfd);
> > > +vfio_ioeventfd.flags = ioeventfd->size;
> > > +vfio_ioeventfd.data = ioeventfd->data;
> > > +vfio_ioeventfd.offset = ioeventfd->region->fd_offset +
> > > +ioeventfd->region_addr;
> > > +vfio_ioeventfd.fd = -1;
> > > +
> > > +ioctl(vdev->vbasedev.fd, VFIO_DEVICE_IOEVENTFD, _ioeventfd);
> > > +
> > >  event_notifier_cleanup(>e);
> > >  g_free(ioeventfd);
> > >  }
> > > @@ -315,6 +330,8 @@ static VFIOIOEventFD 
> > > *vfio_ioeventfd_init(VFIOPCIDevice *vdev,
> > >hwaddr region_addr)
> > >  {
> > >  VFIOIOEventFD *ioeventfd = g_malloc0(sizeof(*ioeventfd));
> > > +struct vfio_device_ioeventfd vfio_ioeventfd;
> > > +char vfio_enabled = '+';
> > >  
> > >  if (event_notifier_init(>e, 0)) {
> > >  g_free(ioeventfd);
> > > @@ -329,15 +346,28 @@ static VFIOIOEventFD 
> > > *vfio_ioeventfd_init(VFIOPCIDevice *vdev,
> > >  ioeventfd->region = region;
> > >  ioeventfd->region_addr = region_addr;
> > >  
> > > -qemu_set_fd_handler(event_notifier_get_fd(>e),
> > > -vfio_ioeventfd_handler, NULL, ioeventfd);
> > > +vfio_ioeventfd.argsz = sizeof(vfio_ioeventfd);
> > > +vfio_ioeventfd.flags = ioeventfd->size;
> > > +vfio_ioeventfd.data = ioeventfd->data;
> > > +vfio_ioeventfd.offset = ioeventfd->region->fd_offset +
> > > +ioeventfd->region_addr;
> > > +vfio_ioeventfd.fd = event_notifier_get_fd(>e);
> > > +
> > > +if (ioctl(vdev->vbasedev.fd,
> > > +  VFIO_DEVICE_IOEVENTFD, _ioeventfd) != 0) {
> > > +qemu_set_fd_handler(event_notifier_get_fd(>e),
> > > +vfio_ioeventfd_handler, NULL, ioeventfd);
> > > +vfio_enabled = '-';  
> > 
> > Would the performance be even slower if a new QEMU runs on a old
> > kernel due to these ioeventfds (MMIO -> eventfd -> same MMIO again)?
> > If so, shall we only enable this ioeventfd enhancement only if we
> > detected that the kernel supports this new feature (assuming this
> > feature bit won't change after VM starts)?
> 
> No, it's actually still a significant improvement to enable the KVM
> ioeventfd even if we can't enable vfio.  My testing shows that the KVM
> ioeventfd alone accounts for slightly more than half of the total
> improvement, so I don't see any reason to restrict this to depending on
> both ends being available.  Thanks,

The numbers (83%->90%->95%) were mentioned in different patches but I
didn't really catch all of them.  Sorry.

And obviously the userspace code path is different, which I missed
too.  And it makes sense that ioeventfd should always be faster.

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [V9fs-developer] [RFC] we should solve create-unlink-getattr idiom

[jiangyiwen]

On 2018/2/9 19:33, Greg Kurz wrote:
> On Fri, 9 Feb 2018 15:10:46 +0800
> jiangyiwen  wrote:
> 
>> Hi Eric and Greg,
>>
>> I encountered the similar problem with create-unlink-getattr idiom.
>> I use the testcase that create-unlink-setattr idiom, and I see the
>> bug is reported at https://bugs.launchpad.net/qemu/+bug/1336794.
>> Then I also see you already fix the issue and push the patch to upstream.
>> https://github.com/ericvh/linux/commit/eaf70223eac094291169f5a6de580351890162a2
>> http://patchwork.ozlabs.org/patch/626194/
>>
>> Unfortunately, the two patches are not merged into master, I don't know
>> the reason, so I suggest if the patche can be merged into master, and
>> it will solve the create-unlink-getattr idiom.
>>
> 
> I had tried to go a bit further and address the general issue of f*() syscalls
> versus unlinked files:
> 
> QEMU:
> http://lists.gnu.org/archive/html/qemu-devel/2016-06/msg07586.html
> 
> Linux 9p driver:
> https://sourceforge.net/p/v9fs/mailman/message/35175775/
> 
> I remember that some issues were then reported during review of the
> linux patches, and I never got bandwidth to investigate further...
> 
> But if you'd like to resurrect these threads, please do. :)
> 
>> Thanks,
>> Yiwen
>>
> 
> Cheers,
> 
> --
> Greg
> 
> .
> 
Thanks Greg,

Ok, we will move forward, I hope we can solve these problems that you
encountered.

Thanks,
Yiwen.

[Qemu-devel] [PATCH 2/3] qapi: Rename QMP and QGA schema files

[Eric Blake]

Having two files in the tree both named qapi-schema.json just adds
confusion.  Rename these files, and relocate them into the common
qapi/ subdirectory.  Update all build rules that refer to the file
names, and adjust other documentation and comment references to
either track the new name or be rewritten so as to not mention
the file name.

Maintainer-wise, this means that qapi/qga-schema.json continues
to belong to Michael as QGA maintainer, but now also notifies
Markus and Eric as QAPI maintainers, alongside all the other
QMP QAPI files, matching how other .json QAPI modules belong
to multiple maintainer blurbs.

Signed-off-by: Eric Blake 
---
 docs/devel/writing-qmp-commands.txt  | 13 ++-
 docs/interop/qmp-intro.txt   |  3 ++-
 Makefile | 10 
 qga/qapi-schema.json => qapi/qga-schema.json |  0
 qapi-schema.json => qapi/qmp-schema.json | 34 ++--
 tpm.c|  2 +-
 MAINTAINERS  |  2 +-
 7 files changed, 33 insertions(+), 31 deletions(-)
 rename qga/qapi-schema.json => qapi/qga-schema.json (100%)
 rename qapi-schema.json => qapi/qmp-schema.json (99%)

diff --git a/docs/devel/writing-qmp-commands.txt 
b/docs/devel/writing-qmp-commands.txt
index 4f5b24c0c4c..53a668817f5 100644
--- a/docs/devel/writing-qmp-commands.txt
+++ b/docs/devel/writing-qmp-commands.txt
@@ -13,10 +13,11 @@ start with docs/interop/qmp-intro.txt.
 == Overview ==

 Generally speaking, the following steps should be taken in order to write a
-new QMP command.
+new QMP command (similar steps for QGA).

-1. Write the command's and type(s) specification in the QAPI schema file
-   (qapi-schema.json in the root source directory)
+1. Write the command's and type(s) specification in the appropriate
+   QAPI schema file (qapi/qmp-schema.json, or one of the module .json
+   files it includes)

 2. Write the QMP command itself, which is a regular C function. Preferably,
the command should be exported by some QEMU subsystem. But it can also be
@@ -89,7 +90,7 @@ Our command will be called "hello-world". It takes no 
arguments, nor does it
 return any data.

 The first step is to add the following line to the bottom of the
-qapi-schema.json file:
+qapi/qmp-schema.json file:

 { 'command': 'hello-world' }

@@ -234,7 +235,7 @@ this rule:
 If the failure you want to report falls into one of the two cases above,
 use error_set() with a second argument of an ErrorClass value.

- * All existing ErrorClass values are defined in the qapi-schema.json file
+ * All existing ErrorClass values are defined in the qapi/qmp-schema.json file

 === Command Documentation ===

@@ -245,7 +246,7 @@ This is very important. No QMP command will be accepted in 
QEMU without proper
 documentation.

 There are many examples of such documentation in the schema file already, but
-here goes "hello-world"'s new entry for the qapi-schema.json file:
+here goes "hello-world"'s new entry for the qapi/qmp-schema.json file:

 ##
 # @hello-world
diff --git a/docs/interop/qmp-intro.txt b/docs/interop/qmp-intro.txt
index adbc94abb1d..06d9c85a2cd 100644
--- a/docs/interop/qmp-intro.txt
+++ b/docs/interop/qmp-intro.txt
@@ -78,7 +78,8 @@ Escape character is '^]'.
 }
 }

-Please, refer to the qapi-schema.json file for a complete command reference.
+Please, refer to the qapi/qmp-schema.json file for a complete command
+reference.

 QMP wiki page
 -
diff --git a/Makefile b/Makefile
index 4ec7a3cb825..33d554a0801 100644
--- a/Makefile
+++ b/Makefile
@@ -488,22 +488,22 @@ gen-out-type = $(subst .,-,$(suffix $@))
 qapi-py = $(SRC_PATH)/scripts/qapi.py $(SRC_PATH)/scripts/ordereddict.py

 qga/qapi-generated/qga-qapi-types.c qga/qapi-generated/qga-qapi-types.h :\
-$(SRC_PATH)/qga/qapi-schema.json $(SRC_PATH)/scripts/qapi-types.py $(qapi-py)
+$(SRC_PATH)/qapi/qga-schema.json $(SRC_PATH)/scripts/qapi-types.py $(qapi-py)
$(call quiet-command,$(PYTHON_UTF8) $(SRC_PATH)/scripts/qapi-types.py \
$(gen-out-type) -o qga/qapi-generated -p "qga-" $<, \
"GEN","$@")
 qga/qapi-generated/qga-qapi-visit.c qga/qapi-generated/qga-qapi-visit.h :\
-$(SRC_PATH)/qga/qapi-schema.json $(SRC_PATH)/scripts/qapi-visit.py $(qapi-py)
+$(SRC_PATH)/qapi/qga-schema.json $(SRC_PATH)/scripts/qapi-visit.py $(qapi-py)
$(call quiet-command,$(PYTHON_UTF8) $(SRC_PATH)/scripts/qapi-visit.py \
$(gen-out-type) -o qga/qapi-generated -p "qga-" $<, \
"GEN","$@")
 qga/qapi-generated/qga-qmp-commands.h qga/qapi-generated/qga-qmp-marshal.c :\
-$(SRC_PATH)/qga/qapi-schema.json $(SRC_PATH)/scripts/qapi-commands.py 
$(qapi-py)
+$(SRC_PATH)/qapi/qga-schema.json $(SRC_PATH)/scripts/qapi-commands.py 
$(qapi-py)
$(call quiet-command,$(PYTHON_UTF8) 
$(SRC_PATH)/scripts/qapi-commands.py \
$(gen-out-type) -o qga/qapi-generated -p "qga-" $<, \
 

[Qemu-devel] [PATCH 1/3] qapi: Pass '-u' when doing non-silent diff

[Eric Blake]

Ed-script diffs are awful compared to context diffs.  Fix another
'diff -q' while in the area (if the files are different, being
noisy makes it easier to diagnose why).

Fixes: 46ec4fce
Signed-off-by: Eric Blake 
---
 tests/Makefile.include | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index f41da235aef..375f31b5bc0 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -919,14 +919,14 @@ $(patsubst %, check-%, $(check-qapi-schema-y)): 
check-%.json: $(SRC_PATH)/%.json
$^ >$*.test.out 2>$*.test.err; \
echo $$? >$*.test.exit, \
"TEST","$*.out")
-   @diff $(SRC_PATH)/$*.out $*.test.out
+   @diff -u $(SRC_PATH)/$*.out $*.test.out
@# Sanitize error messages (make them independent of build directory)
-   @perl -p -e 's|\Q$(SRC_PATH)\E/||g' $*.test.err | diff 
$(SRC_PATH)/$*.err -
-   @diff $(SRC_PATH)/$*.exit $*.test.exit
+   @perl -p -e 's|\Q$(SRC_PATH)\E/||g' $*.test.err | diff -u 
$(SRC_PATH)/$*.err -
+   @diff -u $(SRC_PATH)/$*.exit $*.test.exit

 .PHONY: check-tests/qapi-schema/doc-good.texi
 check-tests/qapi-schema/doc-good.texi: tests/qapi-schema/doc-good.test.texi
-   @diff -q $(SRC_PATH)/tests/qapi-schema/doc-good.texi $<
+   @diff -u $(SRC_PATH)/tests/qapi-schema/doc-good.texi $<

 # Consolidated targets

-- 
2.14.3

[Qemu-devel] [PATCH 0/3] QAPI file renames

[Eric Blake]

This has been mentioned on list before as a possible improvement,
so I went ahead and did some renames to figure out how it would
look.  Patch 1 is something I hit on the way while debugging
patch 2 and 3; patch 2 is rather non-controversial, and patch 3
may or may not be worth doing (but if we do it, it is going
to cause a lot of rebase churn to anyone editing files in the
meantime, although git rename detection will probably get things
right more often than not).

Eric Blake (3):
  qapi: Pass '-u' when doing non-silent diff
  qapi: Rename QMP and QGA schema files
  qapi: Rename .json to .qapi

 docs/devel/blkdebug.txt|   2 +-
 docs/devel/qapi-code-gen.txt   |  16 +-
 docs/devel/testing.rst |   4 +-
 docs/devel/writing-qmp-commands.txt|  13 +-
 docs/interop/live-block-operations.rst |   4 +-
 docs/interop/qmp-intro.txt |   3 +-
 Makefile   |  36 +--
 Makefile.objs  |   2 +-
 qapi/{block-core.json => block-core.qapi}  |   6 +-
 qapi/{block.json => block.qapi}|   2 +-
 qapi/{char.json => char.qapi}  |   2 +-
 qapi/{common.json => common.qapi}  |   0
 qapi/{crypto.json => crypto.qapi}  |   0
 qapi/{introspect.json => introspect.qapi}  |   0
 qapi/{migration.json => migration.qapi}|   2 +-
 qapi/{net.json => net.qapi}|   2 +-
 qga/qapi-schema.json => qapi/qga-schema.qapi   |   0
 qapi-schema.json => qapi/qmp-schema.qapi   |  34 +-
 qapi/{rocker.json => rocker.qapi}  |   0
 qapi/{run-state.json => run-state.qapi}|   0
 qapi/{sockets.json => sockets.qapi}|   2 +-
 qapi/{tpm.json => tpm.qapi}|   0
 qapi/{trace.json => trace.qapi}|   0
 qapi/{transaction.json => transaction.qapi}|   2 +-
 qapi/{ui.json => ui.qapi}  |   2 +-
 include/crypto/block.h |   2 +-
 include/crypto/cipher.h|   2 +-
 include/crypto/hash.h  |   2 +-
 include/crypto/ivgen.h |   2 +-
 tpm.c  |   2 +-
 MAINTAINERS|  26 +-
 scripts/git.orderfile  |   2 +-
 tests/Makefile.include | 350 ++---
 tests/qapi-schema/alternate-any.err|   2 +-
 .../{alternate-any.json => alternate-any.qapi} |   0
 tests/qapi-schema/alternate-array.err  |   2 +-
 .../{alternate-array.json => alternate-array.qapi} |   0
 tests/qapi-schema/alternate-base.err   |   2 +-
 .../{alternate-base.json => alternate-base.qapi}   |   0
 tests/qapi-schema/alternate-clash.err  |   2 +-
 .../{alternate-clash.json => alternate-clash.qapi} |   0
 .../qapi-schema/alternate-conflict-bool-string.err |   2 +-
 ...ng.json => alternate-conflict-bool-string.qapi} |   0
 tests/qapi-schema/alternate-conflict-dict.err  |   2 +-
 ...lict-dict.json => alternate-conflict-dict.qapi} |   0
 tests/qapi-schema/alternate-conflict-enum-bool.err |   2 +-
 ...bool.json => alternate-conflict-enum-bool.qapi} |   0
 tests/qapi-schema/alternate-conflict-enum-int.err  |   2 +-
 ...m-int.json => alternate-conflict-enum-int.qapi} |   0
 .../qapi-schema/alternate-conflict-num-string.err  |   2 +-
 ...ing.json => alternate-conflict-num-string.qapi} |   0
 tests/qapi-schema/alternate-conflict-string.err|   2 +-
 ...-string.json => alternate-conflict-string.qapi} |   0
 tests/qapi-schema/alternate-empty.err  |   2 +-
 .../{alternate-empty.json => alternate-empty.qapi} |   0
 tests/qapi-schema/alternate-nested.err |   2 +-
 ...alternate-nested.json => alternate-nested.qapi} |   0
 tests/qapi-schema/alternate-unknown.err|   2 +-
 ...ternate-unknown.json => alternate-unknown.qapi} |   0
 tests/qapi-schema/args-alternate.err   |   2 +-
 .../{args-alternate.json => args-alternate.qapi}   |   0
 tests/qapi-schema/args-any.err |   2 +-
 tests/qapi-schema/{args-any.json => args-any.qapi} |   0
 tests/qapi-schema/args-array-empty.err |   2 +-
 ...args-array-empty.json => args-array-empty.qapi} |   0
 tests/qapi-schema/args-array-unknown.err   |   2 +-
 ...-array-unknown.json => args-array-unknown.qapi} |   0
 tests/qapi-schema/args-bad-boxed.err   |   2 +-
 .../{args-bad-boxed.json => args-bad-boxed.qapi}   |   0
 tests/qapi-schema/args-boxed-anon.err  |   2 +-
 .../{args-boxed-anon.json => args-boxed-anon.qapi} |   0
 tests/qapi-schema/args-boxed-empty.err |   2 +-
 ...args-boxed-empty.json => args-boxed-empty.qapi} |   0
 

Re: [Qemu-devel] [PATCHv2 05/12] cuda: rename frequency property to tb_frequency

[David Gibson]

On Sun, Feb 11, 2018 at 09:32:14AM +1100, David Gibson wrote:
> On Fri, Feb 09, 2018 at 06:51:35PM +, Mark Cave-Ayland wrote:
> > This allows us to more easily differentiate between the timebase frequency 
> > used
> > to calibrate the MacOS timers and the actual frequency of the hardware 
> > clock as
> > indicated by CUDA_TIMER_FREQ.
> > 
> > Signed-off-by: Mark Cave-Ayland 
> > Reviewed-by: Philippe Mathieu-Daudé 
> 
> Applied, thanks.

Actually, this patch doesn't compile, because you've changed
ti->frequency in a couple of places where you should only be changing
s->frequency.  I've fixed it up in my tree.

> 
> > ---
> >  hw/misc/macio/cuda.c  | 10 +-
> >  hw/misc/macio/macio.c |  2 +-
> >  hw/ppc/mac.h  |  2 +-
> >  3 files changed, 7 insertions(+), 7 deletions(-)
> > 
> > diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c
> > index a88535fa66..232b7f61aa 100644
> > --- a/hw/misc/macio/cuda.c
> > +++ b/hw/misc/macio/cuda.c
> > @@ -158,8 +158,8 @@ static unsigned int get_counter(CUDAState *s, CUDATimer 
> > *ti)
> >  uint64_t current_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
> >  
> >  /* Reverse of the tb calculation algorithm that Mac OS X uses on 
> > bootup. */
> > -tb_diff = get_tb(current_time, ti->frequency) - ti->load_time;
> > -d = (tb_diff * 0xBF401675E5DULL) / (ti->frequency << 24);
> > +tb_diff = get_tb(current_time, ti->tb_frequency) - ti->load_time;
> > +d = (tb_diff * 0xBF401675E5DULL) / (ti->tb_frequency << 24);
> >  
> >  if (ti->index == 0) {
> >  /* the timer goes down from latch to -1 (period of latch + 2) */
> > @@ -179,7 +179,7 @@ static void set_counter(CUDAState *s, CUDATimer *ti, 
> > unsigned int val)
> >  {
> >  CUDA_DPRINTF("T%d.counter=%d\n", 1 + ti->index, val);
> >  ti->load_time = get_tb(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
> > -   s->frequency);
> > +   s->tb_frequency);
> >  ti->counter_value = val;
> >  cuda_timer_update(s, ti, ti->load_time);
> >  }
> > @@ -878,7 +878,7 @@ static void cuda_realizefn(DeviceState *dev, Error 
> > **errp)
> >  struct tm tm;
> >  
> >  s->timers[0].timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, cuda_timer1, s);
> > -s->timers[0].frequency = s->frequency;
> > +s->timers[0].frequency = s->tb_frequency;
> >  s->timers[1].timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, cuda_timer2, s);
> >  s->timers[1].frequency = (SCALE_US * 6000) / 4700;
> >  
> > @@ -909,7 +909,7 @@ static void cuda_initfn(Object *obj)
> >  }
> >  
> >  static Property cuda_properties[] = {
> > -DEFINE_PROP_UINT64("frequency", CUDAState, frequency, 0),
> > +DEFINE_PROP_UINT64("timebase-frequency", CUDAState, tb_frequency, 0),
> >  DEFINE_PROP_END_OF_LIST()
> >  };
> >  
> > diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
> > index 44f91d1e7f..a639b09e00 100644
> > --- a/hw/misc/macio/macio.c
> > +++ b/hw/misc/macio/macio.c
> > @@ -451,7 +451,7 @@ void macio_init(PCIDevice *d,
> >  macio_state->escc_mem = escc_mem;
> >  /* Note: this code is strongly inspirated from the corresponding code
> > in PearPC */
> > -qdev_prop_set_uint64(DEVICE(_state->cuda), "frequency",
> > +qdev_prop_set_uint64(DEVICE(_state->cuda), "timebase-frequency",
> >   macio_state->frequency);
> >  
> >  qdev_init_nofail(DEVICE(d));
> > diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
> > index b501af1653..fa78115c95 100644
> > --- a/hw/ppc/mac.h
> > +++ b/hw/ppc/mac.h
> > @@ -99,7 +99,7 @@ typedef struct CUDAState {
> >  CUDATimer timers[2];
> >  
> >  uint32_t tick_offset;
> > -uint64_t frequency;
> > +uint64_t tb_frequency;
> >  
> >  uint8_t last_b;
> >  uint8_t last_acr;
> 



-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCHv2 06/12] cuda: minor cosmetic tidy-ups to get_next_irq_time()

[David Gibson]

On Fri, Feb 09, 2018 at 06:51:36PM +, Mark Cave-Ayland wrote:
> Signed-off-by: Mark Cave-Ayland 
> Reviewed-by: Philippe Mathieu-Daudé 

Applied, thanks.

> ---
>  hw/misc/macio/cuda.c | 23 ---
>  1 file changed, 12 insertions(+), 11 deletions(-)
> 
> diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c
> index 232b7f61aa..408858e688 100644
> --- a/hw/misc/macio/cuda.c
> +++ b/hw/misc/macio/cuda.c
> @@ -184,36 +184,37 @@ static void set_counter(CUDAState *s, CUDATimer *ti, 
> unsigned int val)
>  cuda_timer_update(s, ti, ti->load_time);
>  }
>  
> -static int64_t get_next_irq_time(CUDATimer *s, int64_t current_time)
> +static int64_t get_next_irq_time(CUDATimer *ti, int64_t current_time)
>  {
>  int64_t d, next_time;
>  unsigned int counter;
>  
>  /* current counter value */
> -d = muldiv64(current_time - s->load_time,
> +d = muldiv64(current_time - ti->load_time,
>   CUDA_TIMER_FREQ, NANOSECONDS_PER_SECOND);
>  /* the timer goes down from latch to -1 (period of latch + 2) */
> -if (d <= (s->counter_value + 1)) {
> -counter = (s->counter_value - d) & 0x;
> +if (d <= (ti->counter_value + 1)) {
> +counter = (ti->counter_value - d) & 0x;
>  } else {
> -counter = (d - (s->counter_value + 1)) % (s->latch + 2);
> -counter = (s->latch - counter) & 0x;
> +counter = (d - (ti->counter_value + 1)) % (ti->latch + 2);
> +counter = (ti->latch - counter) & 0x;
>  }
>  
>  /* Note: we consider the irq is raised on 0 */
>  if (counter == 0x) {
> -next_time = d + s->latch + 1;
> +next_time = d + ti->latch + 1;
>  } else if (counter == 0) {
> -next_time = d + s->latch + 2;
> +next_time = d + ti->latch + 2;
>  } else {
>  next_time = d + counter;
>  }
>  CUDA_DPRINTF("latch=%d counter=%" PRId64 " delta_next=%" PRId64 "\n",
> - s->latch, d, next_time - d);
> + ti->latch, d, next_time - d);
>  next_time = muldiv64(next_time, NANOSECONDS_PER_SECOND, CUDA_TIMER_FREQ) 
> +
> -s->load_time;
> -if (next_time <= current_time)
> + ti->load_time;
> +if (next_time <= current_time) {
>  next_time = current_time + 1;
> +}
>  return next_time;
>  }
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCHv2 04/12] cuda: introduce CUDAState parameter to get_counter()

[David Gibson]

On Fri, Feb 09, 2018 at 06:51:34PM +, Mark Cave-Ayland wrote:
> This will be required shortly and also happens to match nicely with the
> corresponding signature for set_counter().
> 
> Signed-off-by: Mark Cave-Ayland 
> Reviewed-by: Philippe Mathieu-Daudé 

Applied, thanks.

> ---
>  hw/misc/macio/cuda.c | 10 +-
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c
> index 1d0f7e8289..a88535fa66 100644
> --- a/hw/misc/macio/cuda.c
> +++ b/hw/misc/macio/cuda.c
> @@ -150,7 +150,7 @@ static uint64_t get_tb(uint64_t time, uint64_t freq)
>  return muldiv64(time, freq, NANOSECONDS_PER_SECOND);
>  }
>  
> -static unsigned int get_counter(CUDATimer *ti)
> +static unsigned int get_counter(CUDAState *s, CUDATimer *ti)
>  {
>  int64_t d;
>  unsigned int counter;
> @@ -295,12 +295,12 @@ static uint64_t cuda_read(void *opaque, hwaddr addr, 
> unsigned size)
>  val = s->dira;
>  break;
>  case CUDA_REG_T1CL:
> -val = get_counter(>timers[0]) & 0xff;
> +val = get_counter(s, >timers[0]) & 0xff;
>  s->ifr &= ~T1_INT;
>  cuda_update_irq(s);
>  break;
>  case CUDA_REG_T1CH:
> -val = get_counter(>timers[0]) >> 8;
> +val = get_counter(s, >timers[0]) >> 8;
>  cuda_update_irq(s);
>  break;
>  case CUDA_REG_T1LL:
> @@ -311,12 +311,12 @@ static uint64_t cuda_read(void *opaque, hwaddr addr, 
> unsigned size)
>  val = (s->timers[0].latch >> 8) & 0xff;
>  break;
>  case CUDA_REG_T2CL:
> -val = get_counter(>timers[1]) & 0xff;
> +val = get_counter(s, >timers[1]) & 0xff;
>  s->ifr &= ~T2_INT;
>  cuda_update_irq(s);
>  break;
>  case CUDA_REG_T2CH:
> -val = get_counter(>timers[1]) >> 8;
> +val = get_counter(s, >timers[1]) >> 8;
>  break;
>  case CUDA_REG_SR:
>  val = s->sr;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCHv2 05/12] cuda: rename frequency property to tb_frequency

[David Gibson]

On Fri, Feb 09, 2018 at 06:51:35PM +, Mark Cave-Ayland wrote:
> This allows us to more easily differentiate between the timebase frequency 
> used
> to calibrate the MacOS timers and the actual frequency of the hardware clock 
> as
> indicated by CUDA_TIMER_FREQ.
> 
> Signed-off-by: Mark Cave-Ayland 
> Reviewed-by: Philippe Mathieu-Daudé 

Applied, thanks.

> ---
>  hw/misc/macio/cuda.c  | 10 +-
>  hw/misc/macio/macio.c |  2 +-
>  hw/ppc/mac.h  |  2 +-
>  3 files changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c
> index a88535fa66..232b7f61aa 100644
> --- a/hw/misc/macio/cuda.c
> +++ b/hw/misc/macio/cuda.c
> @@ -158,8 +158,8 @@ static unsigned int get_counter(CUDAState *s, CUDATimer 
> *ti)
>  uint64_t current_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
>  
>  /* Reverse of the tb calculation algorithm that Mac OS X uses on bootup. 
> */
> -tb_diff = get_tb(current_time, ti->frequency) - ti->load_time;
> -d = (tb_diff * 0xBF401675E5DULL) / (ti->frequency << 24);
> +tb_diff = get_tb(current_time, ti->tb_frequency) - ti->load_time;
> +d = (tb_diff * 0xBF401675E5DULL) / (ti->tb_frequency << 24);
>  
>  if (ti->index == 0) {
>  /* the timer goes down from latch to -1 (period of latch + 2) */
> @@ -179,7 +179,7 @@ static void set_counter(CUDAState *s, CUDATimer *ti, 
> unsigned int val)
>  {
>  CUDA_DPRINTF("T%d.counter=%d\n", 1 + ti->index, val);
>  ti->load_time = get_tb(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
> -   s->frequency);
> +   s->tb_frequency);
>  ti->counter_value = val;
>  cuda_timer_update(s, ti, ti->load_time);
>  }
> @@ -878,7 +878,7 @@ static void cuda_realizefn(DeviceState *dev, Error **errp)
>  struct tm tm;
>  
>  s->timers[0].timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, cuda_timer1, s);
> -s->timers[0].frequency = s->frequency;
> +s->timers[0].frequency = s->tb_frequency;
>  s->timers[1].timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, cuda_timer2, s);
>  s->timers[1].frequency = (SCALE_US * 6000) / 4700;
>  
> @@ -909,7 +909,7 @@ static void cuda_initfn(Object *obj)
>  }
>  
>  static Property cuda_properties[] = {
> -DEFINE_PROP_UINT64("frequency", CUDAState, frequency, 0),
> +DEFINE_PROP_UINT64("timebase-frequency", CUDAState, tb_frequency, 0),
>  DEFINE_PROP_END_OF_LIST()
>  };
>  
> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
> index 44f91d1e7f..a639b09e00 100644
> --- a/hw/misc/macio/macio.c
> +++ b/hw/misc/macio/macio.c
> @@ -451,7 +451,7 @@ void macio_init(PCIDevice *d,
>  macio_state->escc_mem = escc_mem;
>  /* Note: this code is strongly inspirated from the corresponding code
> in PearPC */
> -qdev_prop_set_uint64(DEVICE(_state->cuda), "frequency",
> +qdev_prop_set_uint64(DEVICE(_state->cuda), "timebase-frequency",
>   macio_state->frequency);
>  
>  qdev_init_nofail(DEVICE(d));
> diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h
> index b501af1653..fa78115c95 100644
> --- a/hw/ppc/mac.h
> +++ b/hw/ppc/mac.h
> @@ -99,7 +99,7 @@ typedef struct CUDAState {
>  CUDATimer timers[2];
>  
>  uint32_t tick_offset;
> -uint64_t frequency;
> +uint64_t tb_frequency;
>  
>  uint8_t last_b;
>  uint8_t last_acr;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCHv2 09/12] misc: introduce new mos6522 VIA device and enable it for ppc builds

[David Gibson]

On Fri, Feb 09, 2018 at 06:51:39PM +, Mark Cave-Ayland wrote:
> The MOS6522 VIA forms the bridge part of several Mac devices, including the
> Mac via-cuda and via-pmu devices. Introduce a standard mos6522 device that
> can be shared amongst multiple implementations.
> 
> This is effectively taking the 6522 parts out of cuda.c and turning them
> into a separate device whilst also applying some style tidy-ups and including
> a conversion to trace-events.
> 
> Signed-off-by: Mark Cave-Ayland 

Applied, thanks.

> ---
>  default-configs/ppc-softmmu.mak |   1 +
>  hw/misc/Makefile.objs   |   3 +
>  hw/misc/mos6522.c   | 505 
> 
>  hw/misc/trace-events|   7 +
>  include/hw/misc/mos6522.h   | 152 
>  5 files changed, 668 insertions(+)
>  create mode 100644 hw/misc/mos6522.c
>  create mode 100644 include/hw/misc/mos6522.h
> 
> diff --git a/default-configs/ppc-softmmu.mak b/default-configs/ppc-softmmu.mak
> index 65680d85bc..76e29cfa14 100644
> --- a/default-configs/ppc-softmmu.mak
> +++ b/default-configs/ppc-softmmu.mak
> @@ -30,6 +30,7 @@ CONFIG_MAC=y
>  CONFIG_ESCC=y
>  CONFIG_MACIO=y
>  CONFIG_SUNGEM=y
> +CONFIG_MOS6522=y
>  CONFIG_CUDA=y
>  CONFIG_ADB=y
>  CONFIG_MAC_NVRAM=y
> diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
> index fce426eb75..f33b37a8e5 100644
> --- a/hw/misc/Makefile.objs
> +++ b/hw/misc/Makefile.objs
> @@ -17,6 +17,9 @@ common-obj-$(CONFIG_INTEGRATOR_DEBUG) += 
> arm_integrator_debug.o
>  common-obj-$(CONFIG_A9SCU) += a9scu.o
>  common-obj-$(CONFIG_ARM11SCU) += arm11scu.o
>  
> +# Mac devices
> +common-obj-$(CONFIG_MOS6522) += mos6522.o
> +
>  # PKUnity SoC devices
>  common-obj-$(CONFIG_PUV3) += puv3_pm.o
>  
> diff --git a/hw/misc/mos6522.c b/hw/misc/mos6522.c
> new file mode 100644
> index 00..8ad9fc831e
> --- /dev/null
> +++ b/hw/misc/mos6522.c
> @@ -0,0 +1,505 @@
> +/*
> + * QEMU MOS6522 VIA emulation
> + *
> + * Copyright (c) 2004-2007 Fabrice Bellard
> + * Copyright (c) 2007 Jocelyn Mayer
> + * Copyright (c) 2018 Mark Cave-Ayland
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a 
> copy
> + * of this software and associated documentation files (the "Software"), to 
> deal
> + * in the Software without restriction, including without limitation the 
> rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
> FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> + * THE SOFTWARE.
> + */
> +#include "qemu/osdep.h"
> +#include "hw/hw.h"
> +#include "hw/input/adb.h"
> +#include "hw/misc/mos6522.h"
> +#include "qemu/timer.h"
> +#include "sysemu/sysemu.h"
> +#include "qemu/cutils.h"
> +#include "qemu/log.h"
> +#include "trace.h"
> +
> +/* XXX: implement all timer modes */
> +
> +static void mos6522_timer_update(MOS6522State *s, MOS6522Timer *ti,
> + int64_t current_time);
> +
> +static void mos6522_update_irq(MOS6522State *s)
> +{
> +if (s->ifr & s->ier & (SR_INT | T1_INT | T2_INT)) {
> +qemu_irq_raise(s->irq);
> +} else {
> +qemu_irq_lower(s->irq);
> +}
> +}
> +
> +static uint64_t get_counter_value(MOS6522State *s, MOS6522Timer *ti)
> +{
> +MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(s);
> +
> +if (ti->index == 0) {
> +return mdc->get_timer1_counter_value(s, ti);
> +} else {
> +return mdc->get_timer2_counter_value(s, ti);
> +}
> +}
> +
> +static uint64_t get_load_time(MOS6522State *s, MOS6522Timer *ti)
> +{
> +MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(s);
> +
> +if (ti->index == 0) {
> +return mdc->get_timer1_load_time(s, ti);
> +} else {
> +return mdc->get_timer2_load_time(s, ti);
> +}
> +}
> +
> +static unsigned int get_counter(MOS6522State *s, MOS6522Timer *ti)
> +{
> +int64_t d;
> +unsigned int counter;
> +
> +d = get_counter_value(s, ti);
> +
> +if (ti->index == 0) {
> +/* the timer goes down from latch to -1 (period of latch + 2) */
> +if (d <= (ti->counter_value + 1)) {
> +counter = (ti->counter_value - d) & 0x;
> +} else {
> +counter = (d - (ti->counter_value + 1)) % 

Re: [Qemu-devel] [PATCHv2 08/12] cuda: factor out timebase-derived counter value and load time

[David Gibson]

On Fri, Feb 09, 2018 at 06:51:38PM +, Mark Cave-Ayland wrote:
> Commit b981289c49 "PPC: Cuda: Use cuda timer to expose tbfreq to guest" 
> altered
> the timer calculations from those based upon the hardware CUDA clock frequency
> to those based upon the CPU timebase frequency.
> 
> In fact we can isolate the differences to 2 simple changes: one to the counter
> read value and another to the counter load time. Move these changes into
> separate functions so the implementation can be swapped later.
> 
> Signed-off-by: Mark Cave-Ayland 
> Reviewed-by: Philippe Mathieu-Daudé 

Applied, thanks.

> ---
>  hw/misc/macio/cuda.c | 25 -
>  1 file changed, 16 insertions(+), 9 deletions(-)
> 
> diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c
> index e00df4a21a..a185252144 100644
> --- a/hw/misc/macio/cuda.c
> +++ b/hw/misc/macio/cuda.c
> @@ -145,21 +145,29 @@ static void cuda_update_irq(CUDAState *s)
>  }
>  }
>  
> -static uint64_t get_tb(uint64_t time, uint64_t freq)
> +static uint64_t get_counter_value(CUDAState *s, CUDATimer *ti)
>  {
> -return muldiv64(time, freq, NANOSECONDS_PER_SECOND);
> +/* Reverse of the tb calculation algorithm that Mac OS X uses on bootup 
> */
> +uint64_t tb_diff = muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
> +s->tb_frequency, NANOSECONDS_PER_SECOND) -
> +   ti->load_time;
> +
> +return (tb_diff * 0xBF401675E5DULL) / (s->tb_frequency << 24);
> +}
> +
> +static uint64_t get_counter_load_time(CUDAState *s, CUDATimer *ti)
> +{
> +uint64_t load_time = muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
> +  s->tb_frequency, NANOSECONDS_PER_SECOND);
> +return load_time;
>  }
>  
>  static unsigned int get_counter(CUDAState *s, CUDATimer *ti)
>  {
>  int64_t d;
>  unsigned int counter;
> -uint64_t tb_diff;
> -uint64_t current_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
>  
> -/* Reverse of the tb calculation algorithm that Mac OS X uses on bootup. 
> */
> -tb_diff = get_tb(current_time, s->tb_frequency) - ti->load_time;
> -d = (tb_diff * 0xBF401675E5DULL) / (s->tb_frequency << 24);
> +d = get_counter_value(s, ti);
>  
>  if (ti->index == 0) {
>  /* the timer goes down from latch to -1 (period of latch + 2) */
> @@ -178,8 +186,7 @@ static unsigned int get_counter(CUDAState *s, CUDATimer 
> *ti)
>  static void set_counter(CUDAState *s, CUDATimer *ti, unsigned int val)
>  {
>  CUDA_DPRINTF("T%d.counter=%d\n", 1 + ti->index, val);
> -ti->load_time = get_tb(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
> -   s->tb_frequency);
> +ti->load_time = get_counter_load_time(s, ti);
>  ti->counter_value = val;
>  cuda_timer_update(s, ti, ti->load_time);
>  }

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCHv2 07/12] cuda: set timer 1 frequency property to CUDA_TIMER_FREQ

[David Gibson]

On Fri, Feb 09, 2018 at 06:51:37PM +, Mark Cave-Ayland wrote:
> Now that we have successfully decoupled the timebase frequency and the 
> hardware
> timer frequency, set the timer 1 frequency property to CUDA_TIMER_FREQ and 
> alter
> get_next_irq_time() to use it rather than the hard-coded constant.
> 
> In addition to this we must now switch the tb_diff calculation over to use the
> timebase frequency now that the hardware clock frequency and the timebase
> frequency are different.
> 
> Signed-off-by: Mark Cave-Ayland 
> ---
>  hw/misc/macio/cuda.c | 10 +-
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c
> index 408858e688..e00df4a21a 100644
> --- a/hw/misc/macio/cuda.c
> +++ b/hw/misc/macio/cuda.c
> @@ -158,8 +158,8 @@ static unsigned int get_counter(CUDAState *s, CUDATimer 
> *ti)
>  uint64_t current_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
>  
>  /* Reverse of the tb calculation algorithm that Mac OS X uses on bootup. 
> */
> -tb_diff = get_tb(current_time, ti->tb_frequency) - ti->load_time;
> -d = (tb_diff * 0xBF401675E5DULL) / (ti->tb_frequency << 24);
> +tb_diff = get_tb(current_time, s->tb_frequency) - ti->load_time;
> +d = (tb_diff * 0xBF401675E5DULL) / (s->tb_frequency << 24);

This requires an update due to the bug in the earlier patch which
touched this.  I've fixed this up in my tree.

>  if (ti->index == 0) {
>  /* the timer goes down from latch to -1 (period of latch + 2) */
> @@ -191,7 +191,7 @@ static int64_t get_next_irq_time(CUDATimer *ti, int64_t 
> current_time)
>  
>  /* current counter value */
>  d = muldiv64(current_time - ti->load_time,
> - CUDA_TIMER_FREQ, NANOSECONDS_PER_SECOND);
> + ti->frequency, NANOSECONDS_PER_SECOND);
>  /* the timer goes down from latch to -1 (period of latch + 2) */
>  if (d <= (ti->counter_value + 1)) {
>  counter = (ti->counter_value - d) & 0x;
> @@ -210,7 +210,7 @@ static int64_t get_next_irq_time(CUDATimer *ti, int64_t 
> current_time)
>  }
>  CUDA_DPRINTF("latch=%d counter=%" PRId64 " delta_next=%" PRId64 "\n",
>   ti->latch, d, next_time - d);
> -next_time = muldiv64(next_time, NANOSECONDS_PER_SECOND, CUDA_TIMER_FREQ) 
> +
> +next_time = muldiv64(next_time, NANOSECONDS_PER_SECOND, ti->frequency) +
>   ti->load_time;
>  if (next_time <= current_time) {
>  next_time = current_time + 1;
> @@ -879,7 +879,7 @@ static void cuda_realizefn(DeviceState *dev, Error **errp)
>  struct tm tm;
>  
>  s->timers[0].timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, cuda_timer1, s);
> -s->timers[0].frequency = s->tb_frequency;
> +s->timers[0].frequency = CUDA_TIMER_FREQ;
>  s->timers[1].timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, cuda_timer2, s);
>  s->timers[1].frequency = (SCALE_US * 6000) / 4700;
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCHv2 03/12] cuda: don't call cuda_update() when writing to ACR register

[David Gibson]

On Fri, Feb 09, 2018 at 06:51:33PM +, Mark Cave-Ayland wrote:
> The wire protocol for reading data to/from the VIA is triggered by changing
> inputs on port B rather than changing the timer configuration via the ACR.
> 
> Signed-off-by: Mark Cave-Ayland 

Applied, thanks.

> ---
>  hw/misc/macio/cuda.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c
> index eaa8924f49..1d0f7e8289 100644
> --- a/hw/misc/macio/cuda.c
> +++ b/hw/misc/macio/cuda.c
> @@ -406,7 +406,6 @@ static void cuda_write(void *opaque, hwaddr addr, 
> uint64_t val, unsigned size)
>  case CUDA_REG_ACR:
>  s->acr = val;
>  cuda_timer_update(s, >timers[0], 
> qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
> -cuda_update(s);
>  break;
>  case CUDA_REG_PCR:
>  s->pcr = val;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH 5/5] target/arm: Handle SVE registers when using clear_vec_high

[Richard Henderson]

When storing to an AdvSIMD FP register, all of the high
bits of the SVE register are zeroed.  Therefore, call it
more often with is_q as a parameter.

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 162 +
 1 file changed, 62 insertions(+), 100 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index e3881d4999..1c88539d62 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -602,13 +602,30 @@ static TCGv_i32 read_fp_sreg(DisasContext *s, int reg)
 return v;
 }
 
+/* Clear the bits above an N-bit vector, for N = (is_q ? 128 : 64).
+ * If SVE is not enabled, then there are only 128 bits in the vector.
+ */
+static void clear_vec_high(DisasContext *s, bool is_q, int rd)
+{
+unsigned ofs = fp_reg_offset(s, rd, MO_64);
+unsigned vsz = vec_full_reg_size(s);
+
+if (!is_q) {
+TCGv_i64 tcg_zero = tcg_const_i64(0);
+tcg_gen_st_i64(tcg_zero, cpu_env, ofs + 8);
+tcg_temp_free_i64(tcg_zero);
+}
+if (vsz > 16) {
+tcg_gen_gvec_dup8i(ofs + 16, vsz - 16, vsz - 16, 0);
+}
+}
+
 static void write_fp_dreg(DisasContext *s, int reg, TCGv_i64 v)
 {
-TCGv_i64 tcg_zero = tcg_const_i64(0);
+unsigned ofs = fp_reg_offset(s, reg, MO_64);
 
-tcg_gen_st_i64(v, cpu_env, fp_reg_offset(s, reg, MO_64));
-tcg_gen_st_i64(tcg_zero, cpu_env, fp_reg_hi_offset(s, reg));
-tcg_temp_free_i64(tcg_zero);
+tcg_gen_st_i64(v, cpu_env, ofs);
+clear_vec_high(s, false, reg);
 }
 
 static void write_fp_sreg(DisasContext *s, int reg, TCGv_i32 v)
@@ -1009,6 +1026,8 @@ static void do_fp_ld(DisasContext *s, int destidx, 
TCGv_i64 tcg_addr, int size)
 
 tcg_temp_free_i64(tmplo);
 tcg_temp_free_i64(tmphi);
+
+clear_vec_high(s, true, destidx);
 }
 
 /*
@@ -1124,17 +1143,6 @@ static void write_vec_element_i32(DisasContext *s, 
TCGv_i32 tcg_src,
 }
 }
 
-/* Clear the high 64 bits of a 128 bit vector (in general non-quad
- * vector ops all need to do this).
- */
-static void clear_vec_high(DisasContext *s, int rd)
-{
-TCGv_i64 tcg_zero = tcg_const_i64(0);
-
-write_vec_element(s, tcg_zero, rd, 1, MO_64);
-tcg_temp_free_i64(tcg_zero);
-}
-
 /* Store from vector register to memory */
 static void do_vec_st(DisasContext *s, int srcidx, int element,
   TCGv_i64 tcg_addr, int size)
@@ -2794,12 +2802,13 @@ static void disas_ldst_multiple_struct(DisasContext *s, 
uint32_t insn)
 /* For non-quad operations, setting a slice of the low
  * 64 bits of the register clears the high 64 bits (in
  * the ARM ARM pseudocode this is implicit in the fact
- * that 'rval' is a 64 bit wide variable). We optimize
- * by noticing that we only need to do this the first
- * time we touch a register.
+ * that 'rval' is a 64 bit wide variable).
+ * For quad operations, we might still need to zero the
+ * high bits of SVE.  We optimize by noticing that we only
+ * need to do this the first time we touch a register.
  */
-if (!is_q && e == 0 && (r == 0 || xs == selem - 1)) {
-clear_vec_high(s, tt);
+if (e == 0 && (r == 0 || xs == selem - 1)) {
+clear_vec_high(s, is_q, tt);
 }
 }
 tcg_gen_addi_i64(tcg_addr, tcg_addr, ebytes);
@@ -2942,10 +2951,9 @@ static void disas_ldst_single_struct(DisasContext *s, 
uint32_t insn)
 write_vec_element(s, tcg_tmp, rt, 0, MO_64);
 if (is_q) {
 write_vec_element(s, tcg_tmp, rt, 1, MO_64);
-} else {
-clear_vec_high(s, rt);
 }
 tcg_temp_free_i64(tcg_tmp);
+clear_vec_high(s, is_q, rt);
 } else {
 /* Load/store one element per register */
 if (is_load) {
@@ -6718,7 +6726,6 @@ static void handle_vec_simd_sqshrn(DisasContext *s, bool 
is_scalar, bool is_q,
 }
 
 if (!is_q) {
-clear_vec_high(s, rd);
 write_vec_element(s, tcg_final, rd, 0, MO_64);
 } else {
 write_vec_element(s, tcg_final, rd, 1, MO_64);
@@ -6731,7 +6738,8 @@ static void handle_vec_simd_sqshrn(DisasContext *s, bool 
is_scalar, bool is_q,
 tcg_temp_free_i64(tcg_rd);
 tcg_temp_free_i32(tcg_rd_narrowed);
 tcg_temp_free_i64(tcg_final);
-return;
+
+clear_vec_high(s, is_q, rd);
 }
 
 /* SQSHLU, UQSHL, SQSHL: saturating left shifts */
@@ -6795,10 +6803,7 @@ static void handle_simd_qshl(DisasContext *s, bool 
scalar, bool is_q,
 tcg_temp_free_i64(tcg_op);
 }
 tcg_temp_free_i64(tcg_shift);
-
-if (!is_q) {
-clear_vec_high(s, rd);
-}
+

[Qemu-devel] [PATCH 3/5] target/arm: Suppress TB end for FPCR/FPSR

[Richard Henderson]

Nothing in either register affects the TB.

Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index d41fb8371f..e0184c7162 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3356,11 +3356,11 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
   .writefn = aa64_daif_write, .resetfn = arm_cp_reset_ignore },
 { .name = "FPCR", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 4,
-  .access = PL0_RW, .type = ARM_CP_FPU,
+  .access = PL0_RW, .type = ARM_CP_FPU | ARM_CP_SUPPRESS_TB_END,
   .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
 { .name = "FPSR", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 4,
-  .access = PL0_RW, .type = ARM_CP_FPU,
+  .access = PL0_RW, .type = ARM_CP_FPU | ARM_CP_SUPPRESS_TB_END,
   .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
 { .name = "DCZID_EL0", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 3, .opc2 = 7, .crn = 0, .crm = 0,
-- 
2.14.3

[Qemu-devel] [PATCH 4/5] target/arm: Enforce access to ZCR_EL at translation

[Richard Henderson]

This also makes sure that we get the correct ordering of
SVE vs FP exceptions.

Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h   |  3 ++-
 target/arm/internals.h |  6 ++
 target/arm/helper.c| 22 --
 target/arm/translate-a64.c | 16 
 4 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index e966a57f8a..51a3e16275 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1750,10 +1750,11 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
 #define ARM_CP_DC_ZVA(ARM_CP_SPECIAL | 0x0500)
 #define ARM_LAST_SPECIAL ARM_CP_DC_ZVA
 #define ARM_CP_FPU   0x1000
+#define ARM_CP_SVE   0x2000
 /* Used only as a terminator for ARMCPRegInfo lists */
 #define ARM_CP_SENTINEL  0x
 /* Mask of only the flag bits in a type field */
-#define ARM_CP_FLAG_MASK 0x10ff
+#define ARM_CP_FLAG_MASK 0x30ff
 
 /* Valid values for ARMCPRegInfo state field, indicating which of
  * the AArch32 and AArch64 execution states this register is visible in.
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 89f5d2fe12..47cc224a46 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -243,6 +243,7 @@ enum arm_exception_class {
 EC_AA64_HVC   = 0x16,
 EC_AA64_SMC   = 0x17,
 EC_SYSTEMREGISTERTRAP = 0x18,
+EC_SVEACCESSTRAP  = 0x19,
 EC_INSNABORT  = 0x20,
 EC_INSNABORT_SAME_EL  = 0x21,
 EC_PCALIGNMENT= 0x22,
@@ -381,6 +382,11 @@ static inline uint32_t syn_fp_access_trap(int cv, int 
cond, bool is_16bit)
 | (cv << 24) | (cond << 20);
 }
 
+static inline uint32_t syn_sve_access_trap(void)
+{
+return EC_SVEACCESSTRAP << ARM_EL_EC_SHIFT;
+}
+
 static inline uint32_t syn_insn_abort(int same_el, int ea, int s1ptw, int fsc)
 {
 return (EC_INSNABORT << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e0184c7162..550dc3d290 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4335,20 +4335,6 @@ static int sve_exception_el(CPUARMState *env)
 return 0;
 }
 
-static CPAccessResult zcr_access(CPUARMState *env, const ARMCPRegInfo *ri,
- bool isread)
-{
-switch (sve_exception_el(env)) {
-case 3:
-return CP_ACCESS_TRAP_EL3;
-case 2:
-return CP_ACCESS_TRAP_EL2;
-case 1:
-return CP_ACCESS_TRAP;
-}
-return CP_ACCESS_OK;
-}
-
 static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
   uint64_t value)
 {
@@ -4359,7 +4345,7 @@ static void zcr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 static const ARMCPRegInfo zcr_el1_reginfo = {
 .name = "ZCR_EL1", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL1_RW, .accessfn = zcr_access,
+.access = PL1_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[1]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
@@ -4367,7 +4353,7 @@ static const ARMCPRegInfo zcr_el1_reginfo = {
 static const ARMCPRegInfo zcr_el2_reginfo = {
 .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL2_RW, .accessfn = zcr_access,
+.access = PL2_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[2]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
@@ -4375,14 +4361,14 @@ static const ARMCPRegInfo zcr_el2_reginfo = {
 static const ARMCPRegInfo zcr_no_el2_reginfo = {
 .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL2_RW,
+.access = PL2_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
 .readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore
 };
 
 static const ARMCPRegInfo zcr_el3_reginfo = {
 .name = "ZCR_EL3", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL3_RW, .accessfn = zcr_access,
+.access = PL3_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[3]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 89f50558a7..e3881d4999 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1182,6 +1182,19 @@ static inline bool fp_access_check(DisasContext *s)
 return false;
 }
 
+/* Check that SVE access is enabled.  If it is, return true.
+ * If not, emit code to generate an appropriate exception and return false.
+ */
+static inline bool sve_access_check(DisasContext *s)
+{
+if (s->sve_excp_el) {
+gen_exception_insn(s, 4, EXCP_UDEF, syn_sve_access_trap(),
+   s->sve_excp_el);
+   

[Qemu-devel] [PATCH 1/5] target/arm: Remove ARM_CP_64BIT from ZCR_EL registers

[Richard Henderson]

Because they are ARM_CP_STATE_AA64, ARM_CP_64BIT is implied.

Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 180ab75458..4b102ec356 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4357,7 +4357,7 @@ static void zcr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 static const ARMCPRegInfo zcr_el1_reginfo = {
 .name = "ZCR_EL1", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL1_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,
+.access = PL1_RW, .accessfn = zcr_access,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[1]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
@@ -4365,7 +4365,7 @@ static const ARMCPRegInfo zcr_el1_reginfo = {
 static const ARMCPRegInfo zcr_el2_reginfo = {
 .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL2_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,
+.access = PL2_RW, .accessfn = zcr_access,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[2]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
@@ -4373,14 +4373,14 @@ static const ARMCPRegInfo zcr_el2_reginfo = {
 static const ARMCPRegInfo zcr_no_el2_reginfo = {
 .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL2_RW, .type = ARM_CP_64BIT,
+.access = PL2_RW,
 .readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore
 };
 
 static const ARMCPRegInfo zcr_el3_reginfo = {
 .name = "ZCR_EL3", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL3_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,
+.access = PL3_RW, .accessfn = zcr_access,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[3]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
-- 
2.14.3

[Qemu-devel] [PATCH 2/5] target/arm: Enforce FP access to FPCR/FPSR

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h   | 35 ++-
 target/arm/helper.c|  6 --
 target/arm/translate-a64.c |  3 +++
 3 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 521444a5a1..e966a57f8a 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1714,7 +1714,7 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
 }
 
 /* ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a
- * special-behaviour cp reg and bits [15..8] indicate what behaviour
+ * special-behaviour cp reg and bits [11..8] indicate what behaviour
  * it has. Otherwise it is a simple cp reg, where CONST indicates that
  * TCG can assume the value to be constant (ie load at translate time)
  * and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END
@@ -1735,24 +1735,25 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
  * need to be surrounded by gen_io_start()/gen_io_end(). In particular,
  * registers which implement clocks or timers require this.
  */
-#define ARM_CP_SPECIAL 1
-#define ARM_CP_CONST 2
-#define ARM_CP_64BIT 4
-#define ARM_CP_SUPPRESS_TB_END 8
-#define ARM_CP_OVERRIDE 16
-#define ARM_CP_ALIAS 32
-#define ARM_CP_IO 64
-#define ARM_CP_NO_RAW 128
-#define ARM_CP_NOP (ARM_CP_SPECIAL | (1 << 8))
-#define ARM_CP_WFI (ARM_CP_SPECIAL | (2 << 8))
-#define ARM_CP_NZCV (ARM_CP_SPECIAL | (3 << 8))
-#define ARM_CP_CURRENTEL (ARM_CP_SPECIAL | (4 << 8))
-#define ARM_CP_DC_ZVA (ARM_CP_SPECIAL | (5 << 8))
-#define ARM_LAST_SPECIAL ARM_CP_DC_ZVA
+#define ARM_CP_SPECIAL   0x0001
+#define ARM_CP_CONST 0x0002
+#define ARM_CP_64BIT 0x0004
+#define ARM_CP_SUPPRESS_TB_END   0x0008
+#define ARM_CP_OVERRIDE  0x0010
+#define ARM_CP_ALIAS 0x0020
+#define ARM_CP_IO0x0040
+#define ARM_CP_NO_RAW0x0080
+#define ARM_CP_NOP   (ARM_CP_SPECIAL | 0x0100)
+#define ARM_CP_WFI   (ARM_CP_SPECIAL | 0x0200)
+#define ARM_CP_NZCV  (ARM_CP_SPECIAL | 0x0300)
+#define ARM_CP_CURRENTEL (ARM_CP_SPECIAL | 0x0400)
+#define ARM_CP_DC_ZVA(ARM_CP_SPECIAL | 0x0500)
+#define ARM_LAST_SPECIAL ARM_CP_DC_ZVA
+#define ARM_CP_FPU   0x1000
 /* Used only as a terminator for ARMCPRegInfo lists */
-#define ARM_CP_SENTINEL 0x
+#define ARM_CP_SENTINEL  0x
 /* Mask of only the flag bits in a type field */
-#define ARM_CP_FLAG_MASK 0xff
+#define ARM_CP_FLAG_MASK 0x10ff
 
 /* Valid values for ARMCPRegInfo state field, indicating which of
  * the AArch32 and AArch64 execution states this register is visible in.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 4b102ec356..d41fb8371f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3356,10 +3356,12 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
   .writefn = aa64_daif_write, .resetfn = arm_cp_reset_ignore },
 { .name = "FPCR", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 4,
-  .access = PL0_RW, .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
+  .access = PL0_RW, .type = ARM_CP_FPU,
+  .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
 { .name = "FPSR", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 4,
-  .access = PL0_RW, .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
+  .access = PL0_RW, .type = ARM_CP_FPU,
+  .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
 { .name = "DCZID_EL0", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 3, .opc2 = 7, .crn = 0, .crm = 0,
   .access = PL0_R, .type = ARM_CP_NO_RAW,
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index fb1a4cb532..89f50558a7 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1631,6 +1631,9 @@ static void handle_sys(DisasContext *s, uint32_t insn, 
bool isread,
 default:
 break;
 }
+if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {
+return;
+}
 
 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
 gen_io_start();
-- 
2.14.3

[Qemu-devel] [PATCH 0/5] target/arm: More SVE prep work

[Richard Henderson]

First, we had noted that ARM_CP_64BIT needed to be removed from
the ZCR_EL registers, but the patch set was applied without
actually fixing that.

Second, there's an existing bug by which the FPCR/FPSR registers
are not properly trapped when FP is disabled.  Fix that with a
translation-time check.

Third, my attempt at using .accessfn for ZCR_EL fails to take
into account the two different exception syndromes that must be
raised.  Although they probably aren't as important as FPCR/FPSR,
handle them at translation time too.

Fourth, when writing to an AdvSIMD register, zero the rest of
the SVE register.


r~


Richard Henderson (5):
  target/arm: Remove ARM_CP_64BIT from ZCR_EL registers
  target/arm: Enforce FP access to FPCR/FPSR
  target/arm: Suppress TB end for FPCR/FPSR
  target/arm: Enforce access to ZCR_EL at translation
  target/arm: Handle SVE registers when using clear_vec_high

 target/arm/cpu.h   |  36 -
 target/arm/internals.h |   6 ++
 target/arm/helper.c|  28 ++-
 target/arm/translate-a64.c | 181 -
 4 files changed, 114 insertions(+), 137 deletions(-)

-- 
2.14.3

Re: [Qemu-devel] [PATCH 1/1] nbd: increase maximum size of the PWRITE_ZERO request

[Alex Bligh]

> On 10 Feb 2018, at 18:43, Alex Bligh  wrote:
> 
> So I think a reasonable logic for Qemu would be to try NBD_CMD_INFO and find 
> the maximum write size, and if that's unsupported use 0x (capping at 
> export size, or export size minus write offset).

Ur actually capping it at (2^16 - blocksize) would be the right thing to do 
(writes should be multiples of the block size).

-- 
Alex Bligh

Re: [Qemu-devel] [PATCH 1/1] nbd: increase maximum size of the PWRITE_ZERO request

[Alex Bligh]

> On 8 Feb 2018, at 16:28, Eric Blake  wrote:
> 
> On 02/08/2018 07:23 AM, Edgar Kaziakhmedov wrote:
>> Upstream NBD protocol implementation supports an efficient zero out
>> mechanism over the wire, along with the ability to check whether a
>> client allows using a hole.
>> Accordingly, since PWRITE_ZERO doesn't involve any payload on the wire,
>> increase a maximum size of the PWRITE_ZERO request up to 1Gb (aligned).
>> Moreover, such change will decrease the number of PWRITE_ZERO NBD commands
>> in comparison with the current 32M limit. The benefits of
>> the larger constraint can be examined in a block mirroring over NBD.
> 
> We've got a potential problem.  Unless you have out-of-band communication of 
> the maximum NBD_CMD_WRITE_ZEROES sizing (or if the NBD protocol is enhanced 
> to advertise that as an additional piece of block size information during 
> NBD_OPT_GO), then a client CANNOT assume that the server will accept a 
> request this large.  We MIGHT get lucky if all existing servers that accept 
> WRITE_ZEROES requests either act on large requests or reply with EINVAL but 
> do not outright drop the connection (which is different from servers that DO 
> outright drop the connection for an NBD_CMD_WRITE larger than 32M).  But I 
> don't know if that's how all servers behave, so sending a too-large 
> WRITE_ZEROES request may have the unintended consequence of killing the 
> connection.
> 
> I'm adding the NBD list; perhaps before accepting this into qemu, I should 
> revive my earlier attempt at codifying an NBD_OPT_GO info advertisement for 
> maximum trim/zero sizing, which would let clients have a guarantee that their 
> choice of sizing won't cause unexpected failures.

A couple of comments:

1. The length field is only 32 bits, so no writes more than 0x in 
length are going to work anyway :-)

2. I'm not sure the situation is as bad as you make out Eric. I think you've 
forgotten the NBD_OPT_INFO work and the conversation around that we had where 
we determined that servers not supporting NBD_OPT_INFO were already meant to 
support 'unlimited' size writes. Per the spec:

"If block size constraints have not been advertised or agreed on externally, 
then a client SHOULD assume a default minimum block size of 1, a preferred 
block size of 2^12 (4,096), and a maximum block size of the smaller of the 
export size or 0x (effectively unlimited)."

I read these to apply to all uses of 'length', but even if one argues it 
doesn't apply to NBD_CMD_WRITE_ZEROES because it doesn't have a payload, I 
think the rebuttal is that a server which supports NBD_CMD_WRITE of a given 
length must also support NBD_CMD_WRITE_ZEROES of that length.

So I think a reasonable logic for Qemu would be to try NBD_CMD_INFO and find 
the maximum write size, and if that's unsupported use 0x (capping at 
export size, or export size minus write offset).

-- 
Alex Bligh

Re: [Qemu-devel] fix evsrwu and others for powerpcspe

[Richard Henderson]

On 02/09/2018 11:25 PM, Michael Tokarev wrote:
> 26.12.2017 14:29, i...@mobile-stream.com wrote:
>> GEN_SPEOP_ARITH2 declares non-local temporaries then calls 
>> gen_op_evsrwu/evsrws/evslw which generates branch insn.
> 
> I'm Cc'ing qemu-devel@ for review, since I don't know much about how ppc 
> works.
> 
> Thanks,
> 
> /mjt
> 
>> --- target/ppc/translate/spe-impl.inc.c.orig
>> +++ target/ppc/translate/spe-impl.inc.c
>> @@ -158,8 +158,8 @@
>>  gen_exception(ctx, POWERPC_EXCP_SPEU);  
>>   \
>>  return; 
>>   \
>>  }   
>>   \
>> -t0 = tcg_temp_new_i32();
>>   \
>> -t1 = tcg_temp_new_i32();
>>   \
>> +t0 = tcg_temp_local_new_i32();  
>> \
>> +t1 = tcg_temp_local_new_i32();  
>> \

While that's one possible solution, it would be better to rewrite the helpers
not to use branches.  E.g.

tcg_gen_andi_i32(t0, arg2, 0x1f);
tcg_gen_andi_i32(t1, arg2, 0x20);
tcg_gen_shr_i32(ret, arg1, t0);
tcg_gen_movi_i32(t0, 0);
tcg_gen_movcond_i32(TCG_COND_NE, ret, t1, t0, t0, ret);


r~

[Qemu-devel] [Bug 1748612] [NEW] qemu-user option -strace -D doesn't work

[mou]

Public bug reported:

I have been trying to access qemu -strace output from a script
The main problem was it was on stderr, the strace output was merged with my 
program's stderr output.
Then I tried to use the -D option, to log the output to a file.
This didn't work even if the log file was created, but it was empty.

I have looked at the source code and found the print function was not
qemu_log with -strace but gemu_log (to be clear it was GEMU NOT QEMU)


I have then replaced all gemu_log by qemu_log removed declaration of gemu_log 
and recompiled, it seems to works just fine right now.

removed declaration here and here:
https://github.com/qemu/qemu/blob/master/linux-user/main.c#L108
https://github.com/qemu/qemu/blob/master/linux-user/qemu.h#L203

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1748612

Title:
  qemu-user option -strace -D  doesn't work

Status in QEMU:
  New

Bug description:
  I have been trying to access qemu -strace output from a script
  The main problem was it was on stderr, the strace output was merged with my 
program's stderr output.
  Then I tried to use the -D option, to log the output to a file.
  This didn't work even if the log file was created, but it was empty.

  I have looked at the source code and found the print function was not
  qemu_log with -strace but gemu_log (to be clear it was GEMU NOT QEMU)

  
  I have then replaced all gemu_log by qemu_log removed declaration of gemu_log 
and recompiled, it seems to works just fine right now.

  removed declaration here and here:
  https://github.com/qemu/qemu/blob/master/linux-user/main.c#L108
  https://github.com/qemu/qemu/blob/master/linux-user/qemu.h#L203

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1748612/+subscriptions

[Qemu-devel] Qemu aborted in ide_restart_bh after migration

[Wang King]

Empty IDE CD-ROM configured on the VM:

  
  
  
  

Make migration for this VM, then qemu aborted in ide_restart_bh. IDEState expect
end_transfer_func equal to ide_atapi_cmd, but it refer to 
ide_dummy_transfer_stop.
I have no idea about this, can anyone help me?

qemu version is 2.8.1
(gdb) bt
#0  0x7fcff7c4b157 in raise () from /usr/lib64/libc.so.6
#1  0x7fcff7c4c848 in abort () from /usr/lib64/libc.so.6
#2  0x7fcff7c441c6 in __assert_fail_base () from /usr/lib64/libc.so.6
#3  0x7fcff7c44272 in __assert_fail () from /usr/lib64/libc.so.6
#4  0x006207ab in ide_restart_bh (opaque=0x38b3430) at 
hw/ide/core.c:2570
#5  0x00763a6f in aio_bh_poll (ctx=ctx@entry=0x234f940) at async.c:115
#6  0x00770948 in aio_dispatch (ctx=0x234f940) at aio_posix.c:303
#7  0x007638e1 in aio_ctx_dispatch (source=, 
callback=, user_data=) at async.c:254
#8  0x7fcff8e6799a in g_main_context_dispatch () from 
/usr/lib64/libglib-2.0.so.0
#9  0x0076e606 in glib_pollfds_poll () at main_loop.c:228
#10 0x0076e6ab in os_host_main_loop_wait (timeout=0) at main_loop.c:273
#11 0x0076e7d5 in main_loop_wait (nonblocking=nonblocking@entry=0) at 
main_loop.c:521
#12 0x0056b911 in main_loop () at vl.c:2089
#13 0x00420805 in main (argc=, argv=, 
envp=) at vl.c:4964
(gdb) f 4
#4  0x006207ab in ide_restart_bh (opaque=0x38b3430)
2570assert(s->end_transfer_func == ide_atapi_cmd);
(gdb) p *bus
$7 = {qbus = {obj = {class = 0x2313a30, free = 0x0, properties = 0x3871520, ref 
= 2, parent = 0x38b2b00}, parent = 0x38b2b00, name = 0x3980af0 "ide.0", 
hotplug_handler = 0x0, max_index = 1, realized = true,
children = {tqh_first = 0x349e050, tqh_last = 0x349e060}, sibling = 
{le_next = 0x0, le_prev = 0x38b3d68}}, master = 0x0, slave = 0x349e3c0, ifs = 
{{bus = 0x38b3430, unit = 0 '\000', drive_kind = IDE_HD,
  cylinders = 0, heads = 0, sectors = 0, chs_trans = 0, nb_sectors = 0, 
mult_sectors = 16, identify_set = 0, identify_data = '\000' , drive_serial = 1,
  drive_serial_str = '\000' , drive_model_str = '\000' 
, wwn = 0, feature = 0 '\000', error = 1 '\001', nsector = 0, 
sector = 0 '\000', lcyl = 96 '`',
  hcyl = 0 '\000', hob_feature = 0 '\000', hob_nsector = 0 '\000', 
hob_sector = 0 '\000', hob_lcyl = 0 '\000', hob_hcyl = 0 '\000', select = 160 
'\240', status = 80 'P', lba48 = 0 '\000', blk = 0x0,
  version = "\000\000\000\000\000\000\000\000", events = {eject_request = 
false, new_media = false}, sense_key = 0 '\000', asc = 0 '\000', tray_open = 
false, tray_locked = false,
  cdrom_changed = 0 '\000', packet_transfer_size = 0, 
elementary_transfer_size = 0, io_buffer_index = 0, lba = 0, cd_sector_size = 0, 
atapi_dma = 0, acct = {bytes = 0, start_time_ns = 0,
type = BLOCK_ACCT_READ}, pio_aiocb = 0x0, iov = {iov_base = 0x0, 
iov_len = 0}, qiov = {iov = 0x0, niov = 0, nalloc = 0, size = 0}, 
buffered_requests = {lh_first = 0x0}, io_buffer_offset = 0,
  io_buffer_size = 0, sg = {sg = 0x0, nsg = 0, nalloc = 0, size = 0, dev = 
0x0, as = 0x0}, req_nb_sectors = 0, end_transfer_func = 0x61b780 
,
  data_ptr = 0x7fcffd126800 "\377\377\377\377", data_end = 0x7fcffd126800 
"\377\377\377\377", io_buffer = 0x7fcffd126800 "\377\377\377\377", 
io_buffer_total_len = 131076, cur_io_buffer_offset = 0,
  cur_io_buffer_len = 0, end_transfer_fn_idx = 0 '\000', sector_write_timer 
= 0x39e5c60, irq_count = 0, ext_error = 0 '\000', mdata_size = 0, mdata_storage 
= 0x0, media_changed = 0,
  dma_cmd = IDE_DMA_READ, smart_enabled = 0 '\000', smart_autosave = 0 
'\000', smart_errors = 0, smart_selftest_count = 0 '\000', smart_selftest_data 
= 0x39e6000 "", ncq_queues = 0}, {bus = 0x38b3430,
  unit = 1 '\001', drive_kind = IDE_CD, cylinders = 0, heads = 0, sectors = 
0, chs_trans = 0, nb_sectors = 0, mult_sectors = 16, identify_set = 1,
  identify_data = "\300\205", '\000' , "MQ 2", ' ' 
, "\003\000\000\002\004\000.2+5EQUMD DVR-MO", ' ' 
, "\000\000\001\000\000\003\000\000\000\000\000\000\a", 
'\000' , 
"\a\000\a\000\003\000\264\000\264\000,\001\264\000\000\000\000\000\036\000\036",
 '\000' , "\036", '\000' , "?", '\000' 
, drive_serial = 2, drive_serial_str = "QM2", '\000' 
, drive_model_str = "QEMU DVD-ROM", '\000' , wwn = 0, feature = 0 '\000', error = 0 '\000', nsector = 3,
  sector = 0 '\000', lcyl = 18 '\022', hcyl = 0 '\000', hob_feature = 0 
'\000', hob_nsector = 3 '\003', hob_sector = 0 '\000', hob_lcyl = 0 '\000', 
hob_hcyl = 0 '\000', select = 176 '\260',
  status = 80 'P', lba48 = 0 '\000', blk = 0x2498650, version = 
"2.5+\000\000\000\000", events = {eject_request = false, new_media = false}, 
sense_key = 2 '\002', asc = 58 ':', tray_open = false,
  tray_locked = false, cdrom_changed = 0 '\000', packet_transfer_size = 0, 
elementary_transfer_size = 0, io_buffer_index = 0, lba = 0, cd_sector_size = 0, 
atapi_dma = 0, acct = {bytes = 0,

Re: [Qemu-devel] [PULL 00/26] virtio, vhost, pci, pc: features, fixes and cleanups

[Gonglei (Arei)]

> -Original Message-
> From: Qemu-devel
> [mailto:qemu-devel-bounces+arei.gonglei=huawei@nongnu.org] On
> Behalf Of Peter Maydell
> Sent: Friday, February 09, 2018 6:07 PM
> To: Michael S. Tsirkin
> Cc: QEMU Developers
> Subject: Re: [Qemu-devel] [PULL 00/26] virtio, vhost, pci, pc: features, 
> fixes and
> cleanups
> 
> On 8 February 2018 at 19:08, Michael S. Tsirkin  wrote:
> > The following changes since commit
> 008a51bbb343972dd8cf09126da8c3b87f4e1c96:
> >
> >   Merge remote-tracking branch 'remotes/famz/tags/staging-pull-request'
> into staging (2018-02-08 14:31:51 +)
> >
> > are available in the git repository at:
> >
> >   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
> >
> > for you to fetch changes up to
> f4ac9b2e04e8d98854a97bc473353207765aa9e7:
> >
> >   virtio-balloon: include statistics of disk/file caches (2018-02-08 
> > 21:06:42
> +0200)
> >
> > 
> > virtio,vhost,pci,pc: features, fixes and cleanups
> >
> > - a new vhost crypto device
> > - new stats in virtio balloon
> > - virtio eventfd rework for boot speedup
> > - vhost memory rework for boot speedup
> > - fixes and cleanups all over the place
> >
> > Signed-off-by: Michael S. Tsirkin 
> >
> 
> Hi. This has some format-string issues:
> 
> /home/peter.maydell/qemu/backends/cryptodev-vhost-user.c: In function
> 'cryptodev_vhost_user_start':
> /home/peter.maydell/qemu/backends/cryptodev-vhost-user.c:112:26:
> error: format '%lu' expects argument of type 'long unsigned int', but
> argument 2 has type 'size_t {aka unsigned int}' [-Werror=format=]
>  error_report("failed to init vhost_crypto for queue %lu", i);
>   ^
> /home/peter.maydell/qemu/backends/cryptodev-vhost-user.c: In function
> 'cryptodev_vhost_user_init':
> /home/peter.maydell/qemu/backends/cryptodev-vhost-user.c:205:40:
> error: format '%lu' expects argument of type 'long unsigned int', but
> argument 2 has type 'size_t {aka unsigned int}' [-Werror=format=]
>  cc->info_str = g_strdup_printf("cryptodev-vhost-user%lu to %s ",
> ^
> 
Using %zu instead of %lu will be correct. Michael, could you pls fix it 
directly?

Very sorry for the inconvenience. :(

Thanks,
-Gonglei

Re: [Qemu-devel] [PATCH v3] spapr: set vsmt to MAX(8, smp_threads)

[David Gibson]

On Fri, Feb 09, 2018 at 03:06:49PM +0100, Greg Kurz wrote:
> On Fri,  9 Feb 2018 09:18:58 +0100
> Laurent Vivier  wrote:
> 
> > We ignore silently the value of smp_threads when we set
> > the default VSMT value, and if smp_threads is greater than VSMT
> > kernel is going into trouble later.
> > 
> 
> Hi Laurent,
> 
> I've looked a bit more and I'm not sure what kernel troubles you're referring 
> to,
> but several places in QEMU where we use kvm_ppc_smt() later on do assume that
> smp_threads > kvm_ppc_smt(). Basically, everywhere we compute a vCPU id:
> 
> In spapr_init_cpus() when creating DRC connectors:
> 
> int core_id = i * smp_threads;
> 
> if (mc->has_hotpluggable_cpus) {
> spapr_dr_connector_new(OBJECT(spapr), TYPE_SPAPR_DRC_CPU,
>(core_id / smp_threads) * smt);
> }
> 
> or in spapr_cpu_core_realize() when creating vCPUs:
> 
> cpu->vcpu_id = (cc->core_id * spapr->vsmt / smp_threads) + i;
> 
> It is visible by adding some printfs in the current code base. This is what
> happens when passing -smp cores=2,threads=16 without your patch:
> 
> DRC connector to vcpu_id 0
> CPU vcpu_id 0
> CPU vcpu_id 1
> CPU vcpu_id 2
> CPU vcpu_id 3
> CPU vcpu_id 4
> CPU vcpu_id 5
> CPU vcpu_id 6
> CPU vcpu_id 7
> CPU vcpu_id 8
> CPU vcpu_id 9
> CPU vcpu_id 10
> CPU vcpu_id 11
> CPU vcpu_id 12
> CPU vcpu_id 13
> CPU vcpu_id 14
> CPU vcpu_id 15
> DRC connector to vcpu_id 8
> ^^^
>  should be 16
> CPU vcpu_id 8
>^^^
>should start numbering at 16
> CPU vcpu_id 9
> CPU vcpu_id 10
> CPU vcpu_id 11
> CPU vcpu_id 12
> CPU vcpu_id 13
> CPU vcpu_id 14
> CPU vcpu_id 15
> CPU vcpu_id 16
> CPU vcpu_id 17
> CPU vcpu_id 18
> CPU vcpu_id 19
> CPU vcpu_id 20
> CPU vcpu_id 21
> CPU vcpu_id 22
> CPU vcpu_id 23
> qemu-system-ppc64: kvm_init_vcpu failed: File exists
>   
>  CPU 8 already created by the first core
> 
> I'm not feeling comfortable with the rest of the code silently depending on
> the fact that spapr_set_vsmt_mode() terminates QEMU if it cannot enforce
> smp_threads <= kvm_ppc_smt().

I'm not quite sure what you're suggesting as an alternative, though.

> 
> Anyway, with your patch, the same command line as above gives:
> 
> qemu-system-ppc64: Failed to set KVM's VSMT mode to 16 (errno -22)
> On PPC, a VM with 16 threads/core on a host with 8 threads/core requires
>  the use of VSMT mode 16.
> This KVM seems to be too old to support VSMT.
> 
> This hammer is big enough to fix the vCPU ids miscalculations, so:
> 
> Reviewed-by: Greg Kurz 
> 
> > Fixes: 8904e5a750
> > ("spapr: Adjust default VSMT value for better migration compatibility")
> > 
> > Signed-off-by: Laurent Vivier 
> > ---
> > 
> > Notes:
> > v3: use MAX(8, smp_threads) and let KVM to return an error
> > if nb_threads is too big
> > update subject to reflect the change
> > 
> > v2: display a specific error message when the default VSMT is used
> > fix subject
> > 
> >  hw/ppc/spapr.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index 32a876be56..c8a1eefa17 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -2310,7 +2310,7 @@ static void spapr_set_vsmt_mode(sPAPRMachineState 
> > *spapr, Error **errp)
> >   * the value that we'd get with KVM on POWER8, the
> >   * overwhelmingly common case in production systems.
> >   */
> > -spapr->vsmt = 8;
> > +spapr->vsmt = MAX(8, smp_threads);
> >  }
> >  
> >  /* KVM: If necessary, set the SMT mode: */
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v3] spapr: set vsmt to MAX(8, smp_threads)

[David Gibson]

On Fri, Feb 09, 2018 at 09:18:58AM +0100, Laurent Vivier wrote:
> We ignore silently the value of smp_threads when we set
> the default VSMT value, and if smp_threads is greater than VSMT
> kernel is going into trouble later.
> 
> Fixes: 8904e5a750
> ("spapr: Adjust default VSMT value for better migration compatibility")
> 
> Signed-off-by: Laurent Vivier 

Applied, thanks.

> ---
> 
> Notes:
> v3: use MAX(8, smp_threads) and let KVM to return an error
> if nb_threads is too big
> update subject to reflect the change
> 
> v2: display a specific error message when the default VSMT is used
> fix subject
> 
>  hw/ppc/spapr.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 32a876be56..c8a1eefa17 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2310,7 +2310,7 @@ static void spapr_set_vsmt_mode(sPAPRMachineState 
> *spapr, Error **errp)
>   * the value that we'd get with KVM on POWER8, the
>   * overwhelmingly common case in production systems.
>   */
> -spapr->vsmt = 8;
> +spapr->vsmt = MAX(8, smp_threads);
>  }
>  
>  /* KVM: If necessary, set the SMT mode: */

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH qemu v7 1/4] linux-headers: update to f1517df8701c

[David Gibson]

On Fri, Feb 09, 2018 at 06:55:00PM +1100, Alexey Kardashevskiy wrote:
> Update headers against f1517df8701c.
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f1517df8701c
> 
> Signed-off-by: Alexey Kardashevskiy 

Might be worth mentioning that a32295c612c57 is the specific kernel
commit you want to include here, but in any case

Reviewed-by: David Gibson 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PULL 04/17] Drop unneeded system header includes

[Michael Tokarev]

From: Eric Blake 

 is a non-standard obsolete header that was long ago
replaced by .

 is a non-standard header; it is not obsolete (we must
use it for malloc_trim, for example), but generally should not
be used in files that just need malloc() and friends, where
 is the standard header.

And since osdep.h already guarantees string.h and stdlib.h, we
can drop these unusual system header includes as redundant
rather than replacing them.

Signed-off-by: Eric Blake 
Signed-off-by: Michael Tokarev 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Thomas Huth 
---
 target/i386/hax-windows.h | 2 --
 target/i386/hvf/x86_mmu.c | 1 -
 2 files changed, 3 deletions(-)

diff --git a/target/i386/hax-windows.h b/target/i386/hax-windows.h
index 004f867694..20e2f85407 100644
--- a/target/i386/hax-windows.h
+++ b/target/i386/hax-windows.h
@@ -20,8 +20,6 @@
 #ifndef TARGET_I386_HAX_WINDOWS_H
 #define TARGET_I386_HAX_WINDOWS_H
 
-#include 
-#include 
 #include 
 #include 
 
diff --git a/target/i386/hvf/x86_mmu.c b/target/i386/hvf/x86_mmu.c
index c6be2cca35..d5a0efe718 100644
--- a/target/i386/hvf/x86_mmu.c
+++ b/target/i386/hvf/x86_mmu.c
@@ -17,7 +17,6 @@
  */
 
 #include "qemu/osdep.h"
-#include 
 #include "panic.h"
 #include "qemu-common.h"
 #include "cpu.h"
-- 
2.11.0

[Qemu-devel] [PULL 07/17] scripts/make-release: Don't archive .git files

[Michael Tokarev]

From: Cole Robinson 

As was last done in 379e21c25, we don't want .git files for
submodules here, which we aren't presently doing for capstone and
keycodemapdb.

Rather than delete the offending files before archiving, ask tar
to --exclude=.git

Signed-off-by: Cole Robinson 
Signed-off-by: Michael Tokarev 
Reviewed-by: Thomas Huth 
---
 scripts/make-release | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/scripts/make-release b/scripts/make-release
index 3917df7142..04fa9defdc 100755
--- a/scripts/make-release
+++ b/scripts/make-release
@@ -19,11 +19,10 @@ pushd ${destination}
 git checkout "v${version}"
 git submodule update --init
 (cd roms/seabios && git describe --tags --long --dirty > .version)
-rm -rf .git roms/*/.git dtc/.git pixman/.git
 # FIXME: The following line is a workaround for avoiding filename collisions
 # when unpacking u-boot sources on case-insensitive filesystems. Once we
 # update to something with u-boot commit 610eec7f0 we can drop this line.
-tar cfj roms/u-boot.tar.bz2 -C roms u-boot && rm -rf roms/u-boot
+tar --exclude=.git -cjf roms/u-boot.tar.bz2 -C roms u-boot && rm -rf 
roms/u-boot
 popd
-tar cfj ${destination}.tar.bz2 ${destination}
+tar --exclude=.git -cjf ${destination}.tar.bz2 ${destination}
 rm -rf ${destination}
-- 
2.11.0

[Qemu-devel] [PULL 14/17] async: use ARRAY_SIZE macro

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Michael Tokarev 
Reviewed-by: Marc-André Lureau 
---
 util/aio-posix.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/aio-posix.c b/util/aio-posix.c
index 1427f49b4a..d8f0cb4af8 100644
--- a/util/aio-posix.c
+++ b/util/aio-posix.c
@@ -119,7 +119,7 @@ static int aio_epoll(AioContext *ctx, GPollFD *pfds,
 }
 if (timeout <= 0 || ret > 0) {
 ret = epoll_wait(ctx->epollfd, events,
- sizeof(events) / sizeof(events[0]),
+ ARRAY_SIZE(events),
  timeout);
 if (ret <= 0) {
 goto out;
-- 
2.11.0

[Qemu-devel] [PULL 09/17] build: fix typo in error message

[Michael Tokarev]

From: Laurent Vivier 

Signed-off-by: Laurent Vivier 
Signed-off-by: Michael Tokarev 
Reviewed-by: Philippe Mathieu-Daudé 
Fixes: f62bbee55d503f639ee9498878ebf42ff4f4299a
---
 scripts/git-submodule.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/git-submodule.sh b/scripts/git-submodule.sh
index bc7224a27f..807ca0b4f8 100755
--- a/scripts/git-submodule.sh
+++ b/scripts/git-submodule.sh
@@ -28,7 +28,7 @@ error() {
 echo
 echo "and then manually update submodules prior to running make, with:"
 echo
-echo " $ scripts/git-sbumodule.sh update $modules"
+echo " $ scripts/git-submodule.sh update $modules"
 echo
 exit 1
 }
-- 
2.11.0

[Qemu-devel] [PULL 12/17] MAINTAINERS: Add qemu-binfmt-conf.sh script

[Michael Tokarev]

From: Thomas Huth 

qemu-binfmt-conf.sh is used for the Linux usermode emulation, so
let's add this file to that section in the MAINTAINERS file.

Signed-off-by: Thomas Huth 
Signed-off-by: Michael Tokarev 
Reviewed-by: Laurent Vivier 
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 54feb95646..57358a08e2 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1761,6 +1761,7 @@ R: Laurent Vivier 
 S: Maintained
 F: linux-user/
 F: default-configs/*-linux-user.mak
+F: scripts/qemu-binfmt-conf.sh
 
 Tiny Code Generator (TCG)
 -
-- 
2.11.0

[Qemu-devel] [PULL 08/17] configure: Allow capstone=git only if git update is not disabled

[Michael Tokarev]

From: Alexey Kardashevskiy 

Even with --disable-git-update, ./configure tries updating the capstone
submodule instead of marking it "no"; this disables capstone submodule
if git update is disabled.

Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: Michael Tokarev 
Reviewed-by: Thomas Huth 
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index 62562f08cf..c1bbf17559 100755
--- a/configure
+++ b/configure
@@ -4568,7 +4568,7 @@ case "$capstone" in
   "" | yes)
 if $pkg_config capstone; then
   capstone=system
-elif test -e "${source_path}/.git" ; then
+elif test -e "${source_path}/.git" -a $git_update = 'yes' ; then
   capstone=git
 elif test -e "${source_path}/capstone/Makefile" ; then
   capstone=internal
-- 
2.11.0

[Qemu-devel] [PULL 13/17] qga: use ARRAY_SIZE macro

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Michael Tokarev 
Reviewed-by: Marc-André Lureau 
---
 qga/commands-posix.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 88807f3c78..967061444a 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -901,7 +901,7 @@ static void build_guest_fsinfo_for_real_device(char const 
*syspath,
 if (p && sscanf(q, "%u", ) == 1) {
 has_host = true;
 nhosts = build_hosts(syspath, p, has_ata, hosts,
- sizeof(hosts) / sizeof(hosts[0]), errp);
+ ARRAY_SIZE(hosts), errp);
 if (nhosts < 0) {
 goto cleanup;
 }
-- 
2.11.0

[Qemu-devel] [PULL 15/17] tests/hbitmap: use ARRAY_SIZE macro

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Michael Tokarev 
Reviewed-by: Marc-André Lureau 
Reviewed-by: John Snow 
---
 tests/test-hbitmap.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/test-hbitmap.c b/tests/test-hbitmap.c
index 9091c639b3..f29631f939 100644
--- a/tests/test-hbitmap.c
+++ b/tests/test-hbitmap.c
@@ -813,7 +813,7 @@ static void test_hbitmap_serialize_basic(TestHBitmapData 
*data,
 size_t buf_size;
 uint8_t *buf;
 uint64_t positions[] = { 0, 1, L1 - 1, L1, L2 - 1, L2, L2 + 1, L3 - 1 };
-int num_positions = sizeof(positions) / sizeof(positions[0]);
+int num_positions = ARRAY_SIZE(positions);
 
 hbitmap_test_init(data, L3, 0);
 g_assert(hbitmap_is_serializable(data->hb));
@@ -838,7 +838,7 @@ static void test_hbitmap_serialize_part(TestHBitmapData 
*data,
 size_t buf_size;
 uint8_t *buf;
 uint64_t positions[] = { 0, 1, L1 - 1, L1, L2 - 1, L2, L2 + 1, L3 - 1 };
-int num_positions = sizeof(positions) / sizeof(positions[0]);
+int num_positions = ARRAY_SIZE(positions);
 
 hbitmap_test_init(data, L3, 0);
 buf_size = L2;
@@ -880,7 +880,7 @@ static void test_hbitmap_serialize_zeroes(TestHBitmapData 
*data,
 int64_t next;
 uint64_t min_l1 = MAX(L1, 64);
 uint64_t positions[] = { 0, min_l1, L2, L3 - min_l1};
-int num_positions = sizeof(positions) / sizeof(positions[0]);
+int num_positions = ARRAY_SIZE(positions);
 
 hbitmap_test_init(data, L3, 0);
 
-- 
2.11.0

[Qemu-devel] [PULL 16/17] tests/qapi: use QEMU_IS_ALIGNED macro

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Michael Tokarev 
Reviewed-by: Marc-André Lureau 
---
 tests/test-qobject-output-visitor.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test-qobject-output-visitor.c 
b/tests/test-qobject-output-visitor.c
index 3cf942414c..11e8c5aa40 100644
--- a/tests/test-qobject-output-visitor.c
+++ b/tests/test-qobject-output-visitor.c
@@ -572,7 +572,7 @@ static void init_native_list(UserDefNativeListUnion *cvalue)
 boolList **list = >u.boolean.data;
 for (i = 0; i < 32; i++) {
 *list = g_new0(boolList, 1);
-(*list)->value = (i % 3 == 0);
+(*list)->value = QEMU_IS_ALIGNED(i, 3);
 (*list)->next = NULL;
 list = &(*list)->next;
 }
-- 
2.11.0

[Qemu-devel] [PULL 10/17] maint: Mention web site maintenance in README

[Michael Tokarev]

From: Eric Blake 

Now that we have a website that accepts patches on the list, the
main project should make it easier to find information about that
process.

Signed-off-by: Eric Blake 
Signed-off-by: Michael Tokarev 
Reviewed-by: Fam Zheng 
---
 README | 4 
 1 file changed, 4 insertions(+)

diff --git a/README b/README
index b92a07a61a..2c8e1c8cc4 100644
--- a/README
+++ b/README
@@ -68,6 +68,10 @@ the QEMU website
   https://qemu.org/Contribute/SubmitAPatch
   https://qemu.org/Contribute/TrivialPatches
 
+The QEMU website is also maintained under source control.
+
+  git clone git://git.qemu.org/qemu-web.git
+  https://www.qemu.org/2017/02/04/the-new-qemu-website-is-up/
 
 Bug reporting
 =
-- 
2.11.0

[Qemu-devel] [PULL 11/17] oslib-posix: check for posix_memalign in configure script

[Michael Tokarev]

From: Andreas Gustafsson 

Check for the presence of posix_memalign() in the configure script,
not using "defined(_POSIX_C_SOURCE) && !defined(__sun__)".  This
lets qemu use posix_memalign() on NetBSD versions that have it,
instead of falling back to valloc() which is wasteful when the
required alignment is smaller than a page.

Signed-off-by: Andreas Gustafsson 
Signed-off-by: Michael Tokarev 
Reviewed-by: Kamil Rytarowski 
Reviewed-by: Peter Maydell 
---
 configure  | 19 +++
 util/oslib-posix.c |  2 +-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index c1bbf17559..fe9eea9218 100755
--- a/configure
+++ b/configure
@@ -4659,6 +4659,21 @@ if compile_prog "" "" ; then
 fi
 
 ##
+# check if we have posix_memalign()
+
+posix_memalign=no
+cat > $TMPC << EOF
+#include 
+int main(void) {
+void *p;
+return posix_memalign(, 8, 8);
+}
+EOF
+if compile_prog "" "" ; then
+posix_memalign=yes
+fi
+
+##
 # check if we have posix_syslog
 
 posix_syslog=no
@@ -5746,6 +5761,7 @@ echo "preadv support$preadv"
 echo "fdatasync $fdatasync"
 echo "madvise   $madvise"
 echo "posix_madvise $posix_madvise"
+echo "posix_memalign$posix_memalign"
 echo "libcap-ng support $cap_ng"
 echo "vhost-net support $vhost_net"
 echo "vhost-scsi support $vhost_scsi"
@@ -6232,6 +6248,9 @@ fi
 if test "$posix_madvise" = "yes" ; then
   echo "CONFIG_POSIX_MADVISE=y" >> $config_host_mak
 fi
+if test "$posix_memalign" = "yes" ; then
+  echo "CONFIG_POSIX_MEMALIGN=y" >> $config_host_mak
+fi
 
 if test "$spice" = "yes" ; then
   echo "CONFIG_SPICE=y" >> $config_host_mak
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index 77369c92ce..4655bc1f89 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -105,7 +105,7 @@ void *qemu_try_memalign(size_t alignment, size_t size)
 alignment = sizeof(void*);
 }
 
-#if defined(_POSIX_C_SOURCE) && !defined(__sun__)
+#if defined(CONFIG_POSIX_MEMALIGN)
 int ret;
 ret = posix_memalign(, alignment, size);
 if (ret != 0) {
-- 
2.11.0

[Qemu-devel] [PULL 17/17] tests/qapi: use ARRAY_SIZE macro

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Applied using the Coccinelle semantic patch scripts/coccinelle/use_osdep.cocci

Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Michael Tokarev 
Reviewed-by: Marc-André Lureau 
---
 tests/test-string-output-visitor.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test-string-output-visitor.c 
b/tests/test-string-output-visitor.c
index fa4b4ca288..02766c0f65 100644
--- a/tests/test-string-output-visitor.c
+++ b/tests/test-string-output-visitor.c
@@ -95,7 +95,7 @@ static void test_visitor_out_intList(TestOutputVisitorData 
*data,
 Error *err = NULL;
 char *str;
 
-for (i = 0; i < sizeof(value) / sizeof(value[0]); i++) {
+for (i = 0; i < ARRAY_SIZE(value); i++) {
 *tmp = g_malloc0(sizeof(**tmp));
 (*tmp)->value = value[i];
 tmp = &(*tmp)->next;
-- 
2.11.0

[Qemu-devel] [PULL 03/17] machine: Polish -machine xxx,help

[Michael Tokarev]

From: Alexey Kardashevskiy 

The "-machine xxx,help" prints kernel-irqchip possible values as
"OnOffSplit", this adds separators to the printed line.

Also, since only lower case letters are specified in qapi/common.json,
this changes the letter cases too.

Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: Michael Tokarev 
---
 hw/core/machine.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/core/machine.c b/hw/core/machine.c
index cdc1163dc6..5d445839e8 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -520,7 +520,7 @@ static void machine_class_init(ObjectClass *oc, void *data)
 object_class_property_set_description(oc, "accel",
 "Accelerator list", _abort);
 
-object_class_property_add(oc, "kernel-irqchip", "OnOffSplit",
+object_class_property_add(oc, "kernel-irqchip", "on|off|split",
 NULL, machine_set_kernel_irqchip,
 NULL, NULL, _abort);
 object_class_property_set_description(oc, "kernel-irqchip",
-- 
2.11.0