Re: [Qemu-devel] [RFC] Defining firmware (OVMF, et al) metadata format & file

[Gerd Hoffmann]

  Hi,

> > [*] Open question: Who, between QEMU and libvirt, should define the said
> > firmware metadata format and file?
> 
> IMHO QEMU should be defining the format, because the file will contain
> info about certain QEMU features associated with the firmware (eg smm).
> Also there are potentially other non-libvirt mgmt apps that spawn QEMU
> which would like this info (eg libguestfs), so having libvirt define the
> format is inappropriate.
> 
> I'd suggest we just need something in docs/specs/firmware-metadata.rst
> for QEMU source tree.
> 
> Potentially QEMU could even use the metadata files itself for finding
> the default firmeware images, instead of compiling this info into its
> binaries. I wouldn't suggest we need todo that right away, but bear it
> in mind as a potential use case.

With qemu using this itself in mind it probably makes sense to specify
this as qapi schema.  That'll simplify parsing and using these files in
qemu, and possibly simplifies things on the libvirt side too.

cheers,
  Gerd

[Qemu-devel] [PULL] qemu-sparc updates

[Mark Cave-Ayland]

Hi Peter,

Here are a couple of last-minute fixes for SPARC. Please pull.


ATB,

Mark.


The following changes since commit f32408f3b472a088467474ab152be3b6285b2d7b:

  misc: don't use hwaddr as a type in trace events (2018-03-06 14:24:30 +)

are available in the git repository at:

  https://github.com/mcayland/qemu.git tags/qemu-sparc-signed

for you to fetch changes up to 6e10f37c86068e35151f982c976a85f1bec07ef2:

  sparc: fix leon3 casa instruction when MMU is disabled (2018-03-08 07:22:03 
+)


qemu-sparc update


KONRAD Frederic (1):
  sparc: fix leon3 casa instruction when MMU is disabled

Thomas Huth (1):
  hw/sparc/sun4m: Fix implicit creation of "-drive if=scsi" devices

 hw/sparc/sun4m.c | 1 +
 target/sparc/translate.c | 5 +
 2 files changed, 6 insertions(+)

Re: [Qemu-devel] [PATCH v4] iotests: Tweak 030 in order to trigger a race condition with parallel jobs

[Alberto Garcia]

On Wed 07 Mar 2018 06:54:51 PM CET, Max Reitz wrote:
>> v4: Mention that commit 1a63a907507fbbcfaee3f622907ec24 also
>> contributes to solve the original bug (both commits need to
>> reverted in order to reproduce this bug reliably).
>> 
>> Rewrite the loop that writes data into the images to make it more
>> readable.
>
> Thanks!  Applied to my block tree:
>
> https://github.com/XanClic/qemu/commits/block
>
> (Still took me a couple of attempts to get it to fail both commits
> reverted, though...)

Odd, I can reproduce it 100% of the cases. Were you maybe running the
tests on tmpfs ?

Anyway, thanks!

Berto

Re: [Qemu-devel] [RFC] Defining firmware (OVMF, et al) metadata format & file

[Gerd Hoffmann]

> Suggested approach
> --
> 
> Based on an upstream discussion on 'virt-tools'[1] mailing list and some
> Bugzillas, Gerd Hoffmann, Laszlo Ersek and Dan Berrangé had a suggestion
> to define a firmware metadata format and file (example in [1]):
> 
>   - For each firmware file we need a metadata file in a well defined
> location, e.g. /usr/share/qemu/bios/ that lists stuff like:
> 
>   - Path to the firmware binary
>   - Path to the pre-built OVMF 'vars' file (if any)

How to load the binary (using -bios, -pflash, possibly also -kernel, for
uboot @ arm).

>   - Support architectures - associated QEMU feature flags (Secure
> Boot)

Also machine types.  ovmf builds with smm don't boot on pc.  coreboot
has hardware-specific roms too, so the pc build wouldn't boot on q35 and
visa versa.  Same on arm, where the firmware typically is board-specific.

>   - If the binary provides / requires SMM (System Management Mode)

Possibly a more generic "flags" or "properties" thing, I can easily
imagine that simliar requirements show up on other platforms too.

Also a "name" and a "description" field would be useful.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v5 1/1] s390x/sclp: extend SCLP event masks to 64 bits

[Christian Borntraeger]

On 03/07/2018 04:10 PM, Claudio Imbrenda wrote:
> Extend the SCLP event masks to 64 bits.
> 
> Notice that using any of the new bits results in a state that cannot be
> migrated to an older version.
> 
> Signed-off-by: Claudio Imbrenda 
> ---
>  hw/s390x/event-facility.c | 49 
> ---
>  include/hw/s390x/event-facility.h |  2 +-
>  2 files changed, 41 insertions(+), 10 deletions(-)
> 
> diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
> index e04ed9f..c166e0a 100644
> --- a/hw/s390x/event-facility.c
> +++ b/hw/s390x/event-facility.c
> @@ -30,7 +30,10 @@ struct SCLPEventFacility {
>  SysBusDevice parent_obj;
>  SCLPEventsBus sbus;
>  /* guest's receive mask */
> -sccb_mask_t receive_mask;
> +union {
> +uint32_t receive_mask_pieces[2];
> +sccb_mask_t receive_mask;
> +};

Would it work to make sccb_mask_t a union instead?

[Qemu-devel] [PATCH] vga: fix region calculation

[Gerd Hoffmann]

Typically the scanline length and the line offset are identical.  But
case they are not our calculation for region_end is incorrect.  Using
line_offset is fine for all scanlines, except the last one where we have
to use the actual scanline length.

Fixes: CVE-2018-
Cc: P J P 
Cc: Ross Lagerwall 
Signed-off-by: Gerd Hoffmann 
---
 hw/display/vga.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/display/vga.c b/hw/display/vga.c
index 28f298b342..72181330b8 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -1483,6 +1483,8 @@ static void vga_draw_graphic(VGACommonState *s, int 
full_update)
 
 region_start = (s->start_addr * 4);
 region_end = region_start + (ram_addr_t)s->line_offset * height;
+region_end += width * s->get_bpp(s) / 8; /* scanline length */
+region_end -= s->line_offset;
 if (region_end > s->vbe_size) {
 /* wraps around (can happen with cirrus vbe modes) */
 region_start = 0;
-- 
2.9.3

Re: [Qemu-devel] [PATCH v6 05/11] linux-user: fix mmap/munmap/mprotect/mremap/shmat

[Laurent Vivier]

Le 07/03/2018 à 22:50, Max Filippov a écrit :
> In linux-user QEMU that runs for a target with TARGET_ABI_BITS bigger
> than L1_MAP_ADDR_SPACE_BITS an assertion in page_set_flags fires when
> mmap, munmap, mprotect, mremap or shmat is called for an address outside
> the guest address space. mmap and mprotect should return ENOMEM in such
> case.
> 
> Change definition of GUEST_ADDR_MAX to always be the last valid guest
> address. Account for this change in open_self_maps.
> Add macro guest_addr_valid that verifies if the guest address is valid.
> Add function guest_range_valid that verifies if address range is within
> guest address space and does not wrap around. Use that macro in
> mmap/munmap/mprotect/mremap/shmat for error checking.
> 
> Cc: qemu-sta...@nongnu.org
> Cc: Riku Voipio 
> Cc: Laurent Vivier 
> Signed-off-by: Max Filippov 
> ---
> Changes v5->v6:
> - drop 'if (len)' clause from guest_range_valid and explicitly compare
>   len with GUEST_ADDR_MAX.
> 
> Changes v4->v5:
> - change definition of GUEST_ADDR_MAX to always be the last valid guest
>   address. Account for this change in guest_addr_valid and open_self_maps.
> - turn guest_range_valid into a function.
> 
> Changes v3->v4:
> - change GUEST_ADDR_MAX and h2g_valid definitions as suggested by Laurent
>   Vivier.
> 
> Changes v2->v3:
> - fix comparison in guest_valid: it must be 'less' to preserve the existing
>   functionality, not 'less or equal'.
> - fix guest_range_valid: it may not use guest_valid, because single range
>   that occupies all of the guest address space is valid.
> 
>  include/exec/cpu-all.h  |  6 +-
>  include/exec/cpu_ldst.h | 16 +++-
>  linux-user/mmap.c   | 20 +++-
>  linux-user/syscall.c|  5 -
>  4 files changed, 31 insertions(+), 16 deletions(-)
> 

Reviewed-by: Laurent Vivier 

Re: [Qemu-devel] [PATCH] hw/ppc/prep: Fix implicit creation of "-drive if=scsi" devices

[Thomas Huth]

On 08.03.2018 07:58, Hervé Poussineau wrote:
> Le 07/03/2018 à 10:08, Thomas Huth a écrit :
>> The global hack for creating SCSI devices has recently been removed,
>> but this apparently broke SCSI devices on some boards that were not
>> ready for this change yet. For the 40p machine you now get:
>>
>> $ ppc64-softmmu/qemu-system-ppc64 -M 40p -cdrom x.iso
>> qemu-system-ppc64: -cdrom x.iso: machine type does not support
>> if=scsi,bus=0,unit=2
>>
>> Fix it by providing a lsi53c810_create() function that takes care
>> of calling scsi_bus_legacy_handle_cmdline() after creating the
>> corresponding SCSI controller.
>>
>> Fixes: 1454509726719e0933c800fad00d6999752688ea
>> Signed-off-by: Thomas Huth 
> 
> Why is it required?
> - because SCSI adapter is not up to date to QEMU standards (QOM, ...)?
> - because board is not up to date to QEMU standards (QOM, ...)?
> - because board is using SCSI devices by default?
> (mc->block_default_type = IF_SCSI) ?
> 
> In 2 first cases, what is missing?
> In third case, maybe it may be better to put it in generic code?

It's the third case. The "generic" code was just removed with commit
1454509726719e0933 since it was considered as a big hack. The generic
code should not have to guess to which SCSI adapter a SCSI drive should
be attached to. That's the job of the board init code, and this is what
this patch is doing now for the 40p machine.

Other boards like the "pseries" machine were doing this since a long
time already (see the spapr_vscsi_create() function in
hw/scsi/spapr_vscsi.c for example).

> You just fixed 40p and MIPS Jazz machines, but sparc/SS-10 (and other)
> also have the same problem...

I also posted a patch for the Sparc machines, you can find it here:

https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg01830.html

 Thomas

Re: [Qemu-devel] [PATCH] hw/ppc/prep: Fix implicit creation of "-drive if=scsi" devices

[Hervé Poussineau]

Le 07/03/2018 à 10:08, Thomas Huth a écrit :

The global hack for creating SCSI devices has recently been removed,
but this apparently broke SCSI devices on some boards that were not
ready for this change yet. For the 40p machine you now get:

$ ppc64-softmmu/qemu-system-ppc64 -M 40p -cdrom x.iso
qemu-system-ppc64: -cdrom x.iso: machine type does not support 
if=scsi,bus=0,unit=2

Fix it by providing a lsi53c810_create() function that takes care
of calling scsi_bus_legacy_handle_cmdline() after creating the
corresponding SCSI controller.

Fixes: 1454509726719e0933c800fad00d6999752688ea
Signed-off-by: Thomas Huth 


Why is it required?
- because SCSI adapter is not up to date to QEMU standards (QOM, ...)?
- because board is not up to date to QEMU standards (QOM, ...)?
- because board is using SCSI devices by default? (mc->block_default_type = 
IF_SCSI) ?

In 2 first cases, what is missing?
In third case, maybe it may be better to put it in generic code?
You just fixed 40p and MIPS Jazz machines, but sparc/SS-10 (and other) also 
have the same problem...

Hervé


---
  hw/ppc/prep.c| 2 +-
  hw/scsi/lsi53c895a.c | 7 +++
  include/hw/pci/pci.h | 1 +
  3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index 096d4d4..3361509 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -788,7 +788,7 @@ static void ibm_40p_init(MachineState *machine)
  qdev_prop_set_uint32(dev, "equipment", 0xc0);
  qdev_init_nofail(dev);
  
-pci_create_simple(pci_bus, PCI_DEVFN(1, 0), "lsi53c810");

+lsi53c810_create(pci_bus, PCI_DEVFN(1, 0));
  
  /* XXX: s3-trio at PCI_DEVFN(2, 0) */

  pci_vga_init(pci_bus);
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index f3d4c4d..160657f 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -2279,3 +2279,10 @@ void lsi53c895a_create(PCIBus *bus)
  
  scsi_bus_legacy_handle_cmdline(>bus);

  }
+
+void lsi53c810_create(PCIBus *bus, int devfn)
+{
+LSIState *s = LSI53C895A(pci_create_simple(bus, devfn, "lsi53c810"));
+
+scsi_bus_legacy_handle_cmdline(>bus);
+}
diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index d8c18c7..e255941 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -708,6 +708,7 @@ PCIDevice *pci_create(PCIBus *bus, int devfn, const char 
*name);
  PCIDevice *pci_create_simple(PCIBus *bus, int devfn, const char *name);
  
  void lsi53c895a_create(PCIBus *bus);

+void lsi53c810_create(PCIBus *bus, int devfn);
  
  qemu_irq pci_allocate_irq(PCIDevice *pci_dev);

  void pci_set_irq(PCIDevice *pci_dev, int level);

Re: [Qemu-devel] [PATCH] nbd/server: Honor FUA request on NBD_CMD_TRIM

[Paolo Bonzini]

> The NBD spec states that since trim requests can affect disk contents,
> then they should allow for FUA semantics just like writes for ensuring
> the disk has settled before returning.  As bdrv_[co_]pdiscard() does
> not (yet?) support a flags argument, we can't pass FUA down the block
> layer stack, and must therefore emulate it with a flush at the NBD
> layer.

TRIM requests should not need FUA since they're just advisory.  On
the other hand, WRITE ZEROES requests need to support FUA.

Paolo

Re: [Qemu-devel] [PATCH v4 0/8] nvdimm: guarantee persistence of QEMU writes to persistent memory

[Haozhong Zhang]

Ping?

On 02/28/18 15:25 +0800, Haozhong Zhang wrote:
> QEMU writes to vNVDIMM backends in the vNVDIMM label emulation and
> live migration. If the backend is on the persistent memory, QEMU needs
> to take proper operations to ensure its writes persistent on the
> persistent memory. Otherwise, a host power failure may result in the
> loss the guest data on the persistent memory.
> 
> This v3 patch series is based on Marcel's patch "mem: add share
> parameter to memory-backend-ram" [1] because of the changes in patch 1.
> 
> [1] https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg03858.html
> 
> Previous versions can be found at
> v3: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg04365.html
> v2: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg01579.html
> v1: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg05040.html
> 
> Changes in v4:
>  * (Patch 2) Fix compilation errors found by patchew.
> 
> Changes in v3:
>  * (Patch 5) Add a is_pmem flag to ram_handle_compressed() and handle
>PMEM writes in it, so we don't need the _common function.
>  * (Patch 6) Expose qemu_get_buffer_common so we can remove the
>unnecessary qemu_get_buffer_to_pmem wrapper.
>  * (Patch 8) Add a is_pmem flag to xbzrle_decode_buffer() and handle
>PMEM writes in it, so we can remove the unnecessary
>xbzrle_decode_buffer_{common, to_pmem}.
>  * Move libpmem stubs to stubs/pmem.c and fix the compilation failures
>of test-{xbzrle,vmstate}.c.
> 
> Changes in v2:
>  * (Patch 1) Use a flags parameter in file ram allocation functions.
>  * (Patch 2) Add a new option 'pmem' to hostmem-file.
>  * (Patch 3) Use libpmem to operate on the persistent memory, rather
>than re-implementing those operations in QEMU.
>  * (Patch 5-8) Consider the write persistence in the migration path.
> 
> Haozhong Zhang (8):
>   [1/8] memory, exec: switch file ram allocation functions to 'flags' 
> parameters
>   [2/8] hostmem-file: add the 'pmem' option
>   [3/8] configure: add libpmem support
>   [4/8] mem/nvdimm: ensure write persistence to PMEM in label emulation
>   [5/8] migration/ram: ensure write persistence on loading zero pages to PMEM
>   [6/8] migration/ram: ensure write persistence on loading normal pages to 
> PMEM
>   [7/8] migration/ram: ensure write persistence on loading compressed pages 
> to PMEM
>   [8/8] migration/ram: ensure write persistence on loading xbzrle pages to 
> PMEM
> 
>  backends/hostmem-file.c | 27 +++-
>  configure   | 35 ++
>  docs/nvdimm.txt | 14 +++
>  exec.c  | 20 ---
>  hw/mem/nvdimm.c |  9 ++-
>  include/exec/memory.h   | 12 +++--
>  include/exec/ram_addr.h | 28 +++--
>  include/migration/qemu-file-types.h |  2 ++
>  include/qemu/pmem.h | 27 
>  memory.c|  8 +++---
>  migration/qemu-file.c   | 29 ++
>  migration/ram.c | 49 
> +++--
>  migration/ram.h |  2 +-
>  migration/rdma.c|  2 +-
>  migration/xbzrle.c  |  8 --
>  migration/xbzrle.h  |  3 ++-
>  numa.c  |  2 +-
>  qemu-options.hx |  9 ++-
>  stubs/Makefile.objs |  1 +
>  stubs/pmem.c| 37 
>  tests/Makefile.include  |  4 +--
>  tests/test-xbzrle.c |  4 +--
>  22 files changed, 285 insertions(+), 47 deletions(-)
>  create mode 100644 include/qemu/pmem.h
>  create mode 100644 stubs/pmem.c
> 
> -- 
> 2.14.1
> 

Re: [Qemu-devel] [PATCH v3 22/29] vhost+postcopy: Call wakeups

[Peter Xu]

On Tue, Mar 06, 2018 at 10:36:52AM +, Dr. David Alan Gilbert wrote:
> * Peter Xu (pet...@redhat.com) wrote:
> > On Fri, Feb 16, 2018 at 01:16:18PM +, Dr. David Alan Gilbert (git) 
> > wrote:
> > > From: "Dr. David Alan Gilbert" 
> > > 
> > > Cause the vhost-user client to be woken up whenever:
> > >   a) We place a page in postcopy mode
> > >   b) We get a fault and the page has already been received
> > > 
> > > Signed-off-by: Dr. David Alan Gilbert 
> > > ---
> > >  migration/postcopy-ram.c | 14 ++
> > >  migration/trace-events   |  1 +
> > >  2 files changed, 11 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/migration/postcopy-ram.c b/migration/postcopy-ram.c
> > > index 879711968c..13561703b5 100644
> > > --- a/migration/postcopy-ram.c
> > > +++ b/migration/postcopy-ram.c
> > > @@ -566,7 +566,11 @@ int postcopy_request_shared_page(struct PostCopyFD 
> > > *pcfd, RAMBlock *rb,
> > >  
> > >  trace_postcopy_request_shared_page(pcfd->idstr, 
> > > qemu_ram_get_idstr(rb),
> > > rb_offset);
> > > -/* TODO: Check bitmap to see if we already have the page */
> > > +if (ramblock_recv_bitmap_test_byte_offset(rb, aligned_rbo)) {
> > > +trace_postcopy_request_shared_page_present(pcfd->idstr,
> > > +qemu_ram_get_idstr(rb), 
> > > rb_offset);
> > > +return postcopy_wake_shared(pcfd, client_addr, rb);
> > > +}
> > >  if (rb != mis->last_rb) {
> > >  mis->last_rb = rb;
> > >  migrate_send_rp_req_pages(mis, qemu_ram_get_idstr(rb),
> > > @@ -863,7 +867,8 @@ int postcopy_place_page(MigrationIncomingState *mis, 
> > > void *host, void *from,
> > >  }
> > >  
> > >  trace_postcopy_place_page(host);
> > > -return 0;
> > > +return postcopy_notify_shared_wake(rb,
> > > +   qemu_ram_block_host_offset(rb, 
> > > host));
> > >  }
> > >  
> > >  /*
> > > @@ -887,6 +892,9 @@ int postcopy_place_page_zero(MigrationIncomingState 
> > > *mis, void *host,
> > >  
> > >  return -e;
> > >  }
> > > +return postcopy_notify_shared_wake(rb,
> > > +   qemu_ram_block_host_offset(rb,
> > > +  
> > > host));
> > >  } else {
> > >  /* The kernel can't use UFFDIO_ZEROPAGE for hugepages */
> > >  if (!mis->postcopy_tmp_zero_page) {
> > > @@ -906,8 +914,6 @@ int postcopy_place_page_zero(MigrationIncomingState 
> > > *mis, void *host,
> > >  return postcopy_place_page(mis, host, 
> > > mis->postcopy_tmp_zero_page,
> > > rb);
> > >  }
> > > -
> > > -return 0;
> > >  }
> > 
> > Could there be race?  E.g.:
> > 
> >   ram_load_thread page_fault_thread
> >  -   ---
> > 
> >   if (recv_bitmap_set())
> >   wake()
> >  copy_page()
> >  recv_bitmap_set()
> >  wake()
> >   request_page()
> > 
> > Then the last requested page may never be serviced?
> 
> The postcopy finishes when the last page is received, and thus when that
> also performs the wake() (from the load thread); so that's not a
> problem.
> You can get the case where a page that qemu has already received, still
> needs to be woken for the shared users (which is why we have the wake in
> the fault_thread).
> When the postcopy finishes, the client is sent a POSTCOPY_END, at which
> point it closes it's userfaultfd and it should wake everything remaining
> up; so any late requests shouldn't be a problem (the END is sent
> before the fault-thread quits).

Yeah now I think the race is invalid - the wake() in ram_load_thread
will wake up the paused thread in this case.  I misunderstood.

Thanks,

-- 
Peter Xu

Re: [Qemu-devel] [PATCH v2 9/9] chardev: tcp: postpone TLS work until machine done

[Peter Xu]

On Wed, Mar 07, 2018 at 04:06:53PM +0100, Paolo Bonzini wrote:
> On 07/03/2018 13:40, Daniel P. Berrangé wrote:
> > On Wed, Mar 07, 2018 at 12:36:50PM +, Daniel P. Berrangé wrote:
> >> On Tue, Mar 06, 2018 at 01:33:20PM +0800, Peter Xu wrote:
> >>> TLS handshake may create background GSource tasks, while we won't know
> >>> the correct GMainContext until the whole chardev (including frontend)
> >>> inited.  Let's postpone the initial TLS handshake until machine done.
> >>>
> >>> For dynamically created tcp chardev, we don't postpone that by checking
> >>> the init_machine_done variable.
> >>
> >> Not sure I see the need for this one - we've already postponed the
> >> acceptance of a client in the patch 7.
> > 
> > Opps, meant to remove this comment, in favour of the later comment - ignore
> > this bit.
> 
> Since time is ticking for soft freeze, I'll queue the series without
> this patch.

Thanks Paolo.

Note that Dan's pull is still not merged yet, and this series will
need that one.

I'll try to see whether I can prepare a good version for the last TLS
patch before you start to test your next pull request.

-- 
Peter Xu

Re: [Qemu-devel] [PATCH] virtio_net: flush uncompleted TX on reset

[Nageswara R Sastry]

Greg Kurz  wrote on 08/03/2018 12:27:37 AM:

> From: Greg Kurz 
> To: qemu-devel@nongnu.org
> Cc: "Michael S. Tsirkin" , Jason Wang 
> , R Nageswara Sastry 
> Date: 08/03/2018 12:27 AM
> Subject: [PATCH] virtio_net: flush uncompleted TX on reset
> 
> If the backend could not transmit a packet right away for some reason,
> the packet is queued for asynchronous sending. The corresponding vq
> element is tracked in the async_tx.elem field of the VirtIONetQueue,
> for later freeing when the transmission is complete.
> 
> If a reset happens before completion, virtio_net_tx_complete() will push
> async_tx.elem back to the guest anyway, and we end up with the inuse 
flag
> of the vq being equal to -1. The next call to virtqueue_pop() is then
> likely to fail with "Virtqueue size exceeded".
> 
> This can be reproduced easily by starting a guest without a net backend,
> doing a system reset when it is booted, and finally snapshotting it.
> 
> The appropriate fix is to ensure that such an asynchronous transmission
> cannot survive a device reset. So for all queues, we first try to send
> the packet again, and eventually we purge it if the backend still could
> not deliver it.
> 
> Reported-by: R. Nageswara Sastry 

Tested-by: R. Nageswara Sastry 

> Buglink: https://urldefense.proofpoint.com/v2/url?
> 
u=https-3A__github.com_open-2Dpower-2Dhost-2Dos_qemu_issues_37=DwICaQ=jf_iaSHvJObTbx-
> siA1ZOg=mxAxqGE8eb0FlPPFjDZkTNaoci-GdQbkJayE4r-
> 
wzYY=hPoY6b601IXJbUV2uh22jBrnYuByNQpwi1d7gvN4yZs=Ic3NN3mM_Nv1gAJ7dY22-
> ebnJsG7c0yNkbThX8Tu6xg=
> Signed-off-by: Greg Kurz 
> ---
>  hw/net/virtio-net.c |   11 +++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index 188744e17d57..eea3cdb2c700 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -422,6 +422,7 @@ static RxFilterInfo 
> *virtio_net_query_rxfilter(NetClientState *nc)
>  static void virtio_net_reset(VirtIODevice *vdev)
>  {
>  VirtIONet *n = VIRTIO_NET(vdev);
> +int i;
> 
>  /* Reset back to compatibility mode */
>  n->promisc = 1;
> @@ -445,6 +446,16 @@ static void virtio_net_reset(VirtIODevice *vdev)
>  memcpy(>mac[0], >nic->conf->macaddr, sizeof(n->mac));
>  qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
>  memset(n->vlans, 0, MAX_VLAN >> 3);
> +
> +/* Flush any async TX */
> +for (i = 0;  i < n->max_queues; i++) {
> +NetClientState *nc = qemu_get_subqueue(n->nic, i);
> +
> +if (!qemu_net_queue_flush(nc->peer->incoming_queue)) {
> +qemu_net_queue_purge(nc->peer->incoming_queue, nc);
> +}
> +assert(!virtio_net_get_subqueue(nc)->async_tx.elem);
> +}
>  }
> 
>  static void peer_test_vnet_hdr(VirtIONet *n)
> 


With out patch:
(qemu) system_reset
(qemu) savevm 1
Virtqueue size exceeded
(qemu) loadvm 1
VQ 1 size 0x100 < last_avail_idx 0x0 - used_idx 0x1
Failed to load virtio-net:virtio
error while loading state for instance 0x0 of device
'pci@8002000:00.0/virtio-net'
Error -1 while loading VM state

With patch:
(qemu) system_reset
(qemu) savevm 1
(qemu) loadvm 1

Re: [Qemu-devel] [PATCH] ppc440_pcix: Add dummy implementation of BRDGOPT registers

[Thomas Huth]

On 07.03.2018 21:43, BALATON Zoltan wrote:
> I don't know what should be the correct implementation for these so
> these are just stored and returned as is without doing anything for
> now only to silence warnings when u-boot accesses these registers.
> 
> Signed-off-by: BALATON Zoltan 
> ---
>  hw/ppc/ppc440_pcix.c | 18 ++
>  1 file changed, 18 insertions(+)
> 
> diff --git a/hw/ppc/ppc440_pcix.c b/hw/ppc/ppc440_pcix.c
> index ab2626a..3f177d3 100644
> --- a/hw/ppc/ppc440_pcix.c
> +++ b/hw/ppc/ppc440_pcix.c
> @@ -55,6 +55,8 @@ typedef struct PPC440PCIXState {
>  PCIDevice *dev;
>  struct PLBOutMap pom[PPC440_PCIX_NR_POMS];
>  struct PLBInMap pim[PPC440_PCIX_NR_PIMS];
> +uint32_t brdgopt1;
> +uint32_t brdgopt2;
>  uint32_t sts;
>  qemu_irq irq[PCI_NUM_PINS];
>  AddressSpace bm_as;
> @@ -95,6 +97,8 @@ typedef struct PPC440PCIXState {
>  #define PCIX0_PIM0SAH   0xf8
>  #define PCIX0_PIM2SAH   0xfc
>  
> +#define PCIX0_BRDGOPT1  0x40
> +#define PCIX0_BRDGOPT2  0x44
>  #define PCIX0_STS   0xe0
>  
>  #define PCI_ALL_SIZE(PPC440_REG_BASE + PPC440_REG_SIZE)
> @@ -270,6 +274,12 @@ static void ppc440_pcix_reg_write4(void *opaque, hwaddr 
> addr,
>  ppc440_pcix_update_pim(s, 2);
>  break;
>  
> +case PCIX0_BRDGOPT1:
> +s->brdgopt1 = val;
> +break;
> +case PCIX0_BRDGOPT2:
> +s->brdgopt2 = val;
> +break;
>  case PCIX0_STS:
>  s->sts = val;
>  break;
> @@ -365,6 +375,12 @@ static uint64_t ppc440_pcix_reg_read4(void *opaque, 
> hwaddr addr,
>  val = s->pim[2].la >> 32;
>  break;
>  
> +case PCIX0_BRDGOPT1:
> +val = s->brdgopt1;
> +break;
> +case PCIX0_BRDGOPT2:
> +val = s->brdgopt2;
> +break;
>  case PCIX0_STS:
>  val = s->sts;
>  break;
> @@ -408,6 +424,8 @@ static void ppc440_pcix_reset(DeviceState *dev)
>  for (i = 0; i < PPC440_PCIX_NR_PIMS; i++) {
>  s->pim[i].sa = 0xULL;
>  }
> +s->brdgopt1 = 0;
> +s->brdgopt2 = 0;
>  s->sts = 0;
>  }

Looks sane, so:

Reviewed-by: Thomas Huth 

... but I wonder whether the error_report() in the "default:" case
should maybe rather be turned into a qemu_log_mask(LOG_UNIMP, ...) instead?

 Thomas

Re: [Qemu-devel] [PATCH] hw/sparc/sun4m: Fix implicit creation of "-drive if=scsi" devices

[Thomas Huth]

On 07.03.2018 19:43, Mark Cave-Ayland wrote:
> On 07/03/18 09:39, Thomas Huth wrote:
> 
>> The global hack for creating SCSI devices has recently been removed,
>> but this apparently broke SCSI devices on some boards that were not
>> ready for this change yet. For the sun4m machines you now get:
>>
>> $ sparc-softmmu/qemu-system-sparc -boot d -cdrom x.iso
>> qemu-system-sparc: -cdrom x.iso: machine type does not support
>> if=scsi,bus=0,unit=2
>>
>> Fix it by calling scsi_bus_legacy_handle_cmdline() after creating the
>> corresponding SCSI controller.
>>
>> Reported-by: Mark Cave-Ayland 
>> Fixes: 1454509726719e0933c800fad00d6999752688ea
>> Signed-off-by: Thomas Huth 
>> ---
>>   hw/sparc/sun4m.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
>> index 61eb424..0f5804b 100644
>> --- a/hw/sparc/sun4m.c
>> +++ b/hw/sparc/sun4m.c
>> @@ -324,6 +324,7 @@ static void *sparc32_dma_init(hwaddr dma_base,
>>     esp = ESP_STATE(object_resolve_path_component(OBJECT(espdma),
>> "esp"));
>>   sysbus_mmio_map(SYS_BUS_DEVICE(esp), 0, esp_base);
>> +    scsi_bus_legacy_handle_cmdline(>esp.bus);
>>     ledma = SPARC32_LEDMA_DEVICE(object_resolve_path_component(
>>    OBJECT(dma), "ledma"));
>>
> 
> Hi Thomas,
> 
> Thanks for the patch - I can confirm that it resolves the issue with
> qemu-system-sparc.
> 
> Tested-by: Mark Cave-Ayland 
> 
> I presume it makes sense for this to go through a tree along with the
> other patches in the set rather than me taking this via my qemu-sparc
> branch?

The patches are independent from each other, so it doesn't really
matter. So if you're planning to send a PULL request before soft freeze
next Tuesday, please include this patch. Otherwise I hope that Paolo can
take this through his misc / scsi tree.

 Thomas

Re: [Qemu-devel] [PATCH v2] pc-bios/s390-ccw: Move string arrays from bootmap header to .c file

[Thomas Huth]

On 08.03.2018 00:11, Eric Blake wrote:
> On 03/06/2018 12:18 AM, Thomas Huth wrote:
>> bootmap.h can currently only be included once - otherwise the linker
>> complains about multiple definitions of the "magic" strings.
> 
> My first thought when reading that was "Huh? bootmap.h has a proper[*]
> double-inclusion header guard, and therefore a second #include
> "bootmap.h" is a no-op - so how can including the header more than once
> cause a linker complaint?"

Sorry if the description was not precise enough ... but I think it's
clear if you think about it twice ;-)

> [*] Well, proper if you overlook the fact that the name
> _PC_BIOS_S390_CCW_BOOTMAP_H starts with a leading underscore followed by
> uppercase, and is therefore violating namespace safety rules, as it
> could collide with a symbol reserved for the implementation

Yeah, we've got a couple of these left. I recently added a task to the
BiteSizedTasks page to clean those up.

> Your change is fine (moving the declaration into the one .c file that
> needs them), so no need to change this, but...
> 
>> +++ b/pc-bios/s390-ccw/bootmap.h
>> @@ -375,9 +375,6 @@ static inline void read_iso_boot_image(uint32_t
>> block_offset, void *load_addr,
>>  "Failed to read boot image!");
>>   }
>>   -const uint8_t el_torito_magic[] = "EL TORITO SPECIFICATION"
>> -  "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
> 
> ...would adding 'static' here also solved the linker error (at the risk
> of possibly causing a compiler warning/error about unused variable)?

Yes, we would likely get a warning about unused variable instead, so
that's not a real option.

 Thomas

Re: [Qemu-devel] [PATCH v4 1/5] pc-dimm: make qmp_pc_dimm_device_list() sort devices by address

[Bharata B Rao]

On Thu, Mar 08, 2018 at 10:33:33AM +0800, Haozhong Zhang wrote:
> Make qmp_pc_dimm_device_list() return sorted by start address
> list of devices so that it could be reused in places that
> would need sorted list*. Reuse existing pc_dimm_built_list()
> to get sorted list.
> 
> While at it hide recursive callbacks from callers, so that:
> 
>   qmp_pc_dimm_device_list(qdev_get_machine(), );
> 
> could be replaced with simpler:
> 
>   list = qmp_pc_dimm_device_list();
> 
> * follow up patch will use it in build_srat()
> 
> Signed-off-by: Haozhong Zhang 
> Reviewed-by: Igor Mammedov 
> ---
>  hw/mem/pc-dimm.c | 83 
> +---
>  hw/ppc/spapr.c   |  3 +-

I have used this patch with SPAPR to implement the new device tree property
ibm,dynamic-memory-v2 at http://patchwork.ozlabs.org/patch/882387/

Reviewed-by: Bharata B Rao 

Re: [Qemu-devel] [PATCH 1/4] eth: add speed and duplex definitions

[Jason Baron via Qemu-devel]

On 03/06/2018 01:15 PM, Michael S. Tsirkin wrote:
> On Tue, Mar 06, 2018 at 12:53:14PM -0500, Jason Baron wrote:
>>
>>
>> On 03/02/2018 12:54 PM, Michael S. Tsirkin wrote:
>>> On Thu, Mar 01, 2018 at 10:46:33PM -0500, Jason Baron wrote:
 Pull in definitions for SPEED_UNKNOWN, DUPLEX_UNKNOWN, DUPLEX_HALF,
 and DUPLEX_FULL.

 Signed-off-by: Jason Baron 
 Cc: "Michael S. Tsirkin" 
 Cc: Jason Wang 
 Cc: virtio-...@lists.oasis-open.org
 ---
  include/net/eth.h | 7 +++
  1 file changed, 7 insertions(+)

 diff --git a/include/net/eth.h b/include/net/eth.h
 index 09054a5..9843678 100644
 --- a/include/net/eth.h
 +++ b/include/net/eth.h
 @@ -417,4 +417,11 @@ bool
  eth_parse_ipv6_hdr(const struct iovec *pkt, int pkt_frags,
 size_t ip6hdr_off, eth_ip6_hdr_info *info);
  
 +/* ethtool defines - from linux/ethtool.h */
 +#define SPEED_UNKNOWN   -1
 +
 +#define DUPLEX_HALF 0x00
 +#define DUPLEX_FULL 0x01
 +#define DUPLEX_UNKNOWN  0xff
 +
  #endif
>>>
>>> While that's not a lot, I think we should import linux/ethtool.h into
>>> include/standard-headers/linux/ using scripts/update-linux-headers.sh
>>>
>>
>> Ok, I had started down that path, by including
>> include/uapi/linux/ethtool.h but that resulted in a few other headers -
>> kernel.h, sysinfo.h. And so it seemed like a lot of headers for only a
>> few lines. But I will re-visit it...
>>
>> Thanks,
>>
>> -Jason
> 
> I don't know why is sysinfo there. Want to try sending a patch to
> drop it from linux/kernel.h?
> 

Seems like this also ripples into glibc headers, if you look at:
/usr/include/x86_64-linux-gnu/sys/sysinfo.h. It also includes kernel.h
in order to get struct sysinfo. So that would need updating as well.

I've done a v2 that just pulls in sysinfo.h, it doesn't look too bad,
but let me know...

Thanks,

-Jason

Re: [Qemu-devel] [PATCH v3 0/4] vl: introduce vm_shutdown()

[Fam Zheng]

On Wed, 03/07 14:42, Stefan Hajnoczi wrote:
> v3:
>  * Rebase on qemu.git/master after AIO_WAIT_WHILE() was merged [Fam]
> v2:
>  * Tackle the .ioeventfd_stop() vs vq handler race by removing the ioeventfd
>from a BH in the IOThread [Fam]
> 
> There are several race conditions in virtio-blk/virtio-scsi dataplane code.
> This patch series addresses them, see the commit description for details on 
> the
> individual cases.

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] [PATCH v2 9/9] chardev: tcp: postpone TLS work until machine done

[Peter Xu]

On Wed, Mar 07, 2018 at 12:36:50PM +, Daniel P. Berrangé wrote:

[...]

> > diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> > index bd40864f87..997c70dd7d 100644
> > --- a/chardev/char-socket.c
> > +++ b/chardev/char-socket.c
> > @@ -31,6 +31,7 @@
> >  #include "qemu/option.h"
> >  #include "qapi/error.h"
> >  #include "qapi/clone-visitor.h"
> > +#include "sysemu/sysemu.h"
> >  
> >  #include "chardev/char-io.h"
> >  
> > @@ -722,6 +723,11 @@ static void tcp_chr_tls_init(Chardev *chr)
> >  Error *err = NULL;
> >  gchar *name;
> >  
> > +if (!machine_init_done) {
> > +/* This will be postponed to machine_done notifier */
> > +return;
> > +}
> > +
> >  if (s->is_listen) {
> >  tioc = qio_channel_tls_new_server(
> >  s->ioc, s->tls_creds,
> > @@ -1145,6 +1151,10 @@ static int tcp_chr_machine_done_hook(Chardev *chr)
> >  tcp_chr_connect_async(chr);
> >  }
> >  
> > +if (s->tls_creds) {
> > +tcp_chr_tls_init(chr);
> > +}
> 
> This looks questionable - AFAICT, there's no guarantee we have any
> client connection active when the machine dnoe hook runs. Only if
> the chardev is set in client mode, and reconnect_time is *not* set,
> but this seems to be run unconditionally.

You are right.  Thanks for spotting that.

Then how about this?  It's a bit ugly, but I think it should be safe:

diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index bd40864f87..b4686fd23f 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -31,6 +31,7 @@
 #include "qemu/option.h"
 #include "qapi/error.h"
 #include "qapi/clone-visitor.h"
+#include "sysemu/sysemu.h"

 #include "chardev/char-io.h"

@@ -51,6 +52,11 @@ typedef struct {
 QIONetListener *listener;
 GSource *hup_source;
 QCryptoTLSCreds *tls_creds;
+/*
+ * This should only be used once - when we want to setup TLS for
+ * the session but we need to wait until machine init done.
+ */
+bool tls_need_postponed_init;
 int connected;
 int max_size;
 int do_telnetopt;
@@ -791,7 +797,15 @@ static int tcp_chr_new_client(Chardev *chr, 
QIOChannelSocket *sioc)
 }

 if (s->tls_creds) {
-tcp_chr_tls_init(chr);
+if (machine_init_done) {
+tcp_chr_tls_init(chr);
+} else {
+/*
+ * Postpone to machine init done since we need the correct
+ * context to setup the TLS handshake.
+ */
+s->tls_need_postponed_init = true;
+}
 } else {
 if (s->do_telnetopt) {
 tcp_chr_telnet_init(chr);
@@ -1145,6 +1159,11 @@ static int tcp_chr_machine_done_hook(Chardev *chr)
 tcp_chr_connect_async(chr);
 }

+if (s->tls_need_postponed_init) {
+assert(s->tls_creds);
+tcp_chr_tls_init(chr);
+}
+
 return 0;
 }

Thanks,

-- 
Peter Xu

[Qemu-devel] [PATCH v2 0/3] virtio-net: allow linkspeed and duplex setting

[Jason Baron via Qemu-devel]

Hi,

Linux can now read linkspeed and duplex settings as set by the
hypervisor:

faa9b39 virtio_net: propagate linkspeed/duplex settings from the hypervisor

This series thus adds qemu support.

Also, this patchset depends on this header sync:

https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg07072.html

Thanks,

-Jason

v2
-pull in include/linux/ethtool.h (Michael Tsirkin)

Jason Baron (3):
  scripts/update-linux-headers: add ethtool.h and update to 4.16.0-rc4
  virtio-net: use 64-bit values for feature flags
  virtio-net: add linkspeed and duplex settings to virtio-net

 hw/net/virtio-net.c  |   81 +-
 include/hw/virtio/virtio-net.h   |5 +-
 include/standard-headers/linux/ethtool.h | 1821 ++
 include/standard-headers/linux/input.h   |4 +-
 include/standard-headers/linux/kernel.h  |   15 +
 include/standard-headers/linux/sysinfo.h |   25 +
 linux-headers/asm-x86/kvm_para.h |1 +
 linux-headers/linux/kvm.h|2 +
 scripts/update-linux-headers.sh  |   11 +-
 9 files changed, 1934 insertions(+), 31 deletions(-)
 create mode 100644 include/standard-headers/linux/ethtool.h
 create mode 100644 include/standard-headers/linux/kernel.h
 create mode 100644 include/standard-headers/linux/sysinfo.h

-- 
2.7.4

[Qemu-devel] [PATCH v2 1/3] scripts/update-linux-headers: add ethtool.h and update to 4.16.0-rc4

[Jason Baron via Qemu-devel]

A subsequent patch to add support for setting linkspeed/duplex in
virtio-net, requires a few definitions from ethtool.h, which ends up
pulling in kernel.h and sysinfo.h as well.

Signed-off-by: Jason Baron 
Cc: "Michael S. Tsirkin" 
Cc: Jason Wang 
Cc: virtio-...@lists.oasis-open.org
---
 include/standard-headers/linux/ethtool.h | 1821 ++
 include/standard-headers/linux/input.h   |4 +-
 include/standard-headers/linux/kernel.h  |   15 +
 include/standard-headers/linux/sysinfo.h |   25 +
 linux-headers/asm-x86/kvm_para.h |1 +
 linux-headers/linux/kvm.h|2 +
 scripts/update-linux-headers.sh  |   11 +-
 7 files changed, 1876 insertions(+), 3 deletions(-)
 create mode 100644 include/standard-headers/linux/ethtool.h
 create mode 100644 include/standard-headers/linux/kernel.h
 create mode 100644 include/standard-headers/linux/sysinfo.h

diff --git a/include/standard-headers/linux/ethtool.h 
b/include/standard-headers/linux/ethtool.h
new file mode 100644
index 000..94aacb7
--- /dev/null
+++ b/include/standard-headers/linux/ethtool.h
@@ -0,0 +1,1821 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/*
+ * ethtool.h: Defines for Linux ethtool.
+ *
+ * Copyright (C) 1998 David S. Miller (da...@redhat.com)
+ * Copyright 2001 Jeff Garzik 
+ * Portions Copyright 2001 Sun Microsystems (thoc...@sun.com)
+ * Portions Copyright 2002 Intel (eli.kuperm...@intel.com,
+ *christopher.le...@intel.com,
+ *scott.feld...@intel.com)
+ * Portions Copyright (C) Sun Microsystems 2008
+ */
+
+#ifndef _LINUX_ETHTOOL_H
+#define _LINUX_ETHTOOL_H
+
+#include "net/eth.h"
+
+#include "standard-headers/linux/kernel.h"
+#include "standard-headers/linux/types.h"
+#include "standard-headers/linux/if_ether.h"
+
+#include  /* for INT_MAX */
+
+/* All structures exposed to userland should be defined such that they
+ * have the same layout for 32-bit and 64-bit userland.
+ */
+
+/**
+ * struct ethtool_cmd - DEPRECATED, link control and status
+ * This structure is DEPRECATED, please use struct ethtool_link_settings.
+ * @cmd: Command number = %ETHTOOL_GSET or %ETHTOOL_SSET
+ * @supported: Bitmask of %SUPPORTED_* flags for the link modes,
+ * physical connectors and other link features for which the
+ * interface supports autonegotiation or auto-detection.
+ * Read-only.
+ * @advertising: Bitmask of %ADVERTISED_* flags for the link modes,
+ * physical connectors and other link features that are
+ * advertised through autonegotiation or enabled for
+ * auto-detection.
+ * @speed: Low bits of the speed, 1Mb units, 0 to INT_MAX or SPEED_UNKNOWN
+ * @duplex: Duplex mode; one of %DUPLEX_*
+ * @port: Physical connector type; one of %PORT_*
+ * @phy_address: MDIO address of PHY (transceiver); 0 or 255 if not
+ * applicable.  For clause 45 PHYs this is the PRTAD.
+ * @transceiver: Historically used to distinguish different possible
+ * PHY types, but not in a consistent way.  Deprecated.
+ * @autoneg: Enable/disable autonegotiation and auto-detection;
+ * either %AUTONEG_DISABLE or %AUTONEG_ENABLE
+ * @mdio_support: Bitmask of %ETH_MDIO_SUPPORTS_* flags for the MDIO
+ * protocols supported by the interface; 0 if unknown.
+ * Read-only.
+ * @maxtxpkt: Historically used to report TX IRQ coalescing; now
+ * obsoleted by  ethtool_coalesce.  Read-only; deprecated.
+ * @maxrxpkt: Historically used to report RX IRQ coalescing; now
+ * obsoleted by  ethtool_coalesce.  Read-only; deprecated.
+ * @speed_hi: High bits of the speed, 1Mb units, 0 to INT_MAX or SPEED_UNKNOWN
+ * @eth_tp_mdix: Ethernet twisted-pair MDI(-X) status; one of
+ * %ETH_TP_MDI_*.  If the status is unknown or not applicable, the
+ * value will be %ETH_TP_MDI_INVALID.  Read-only.
+ * @eth_tp_mdix_ctrl: Ethernet twisted pair MDI(-X) control; one of
+ * %ETH_TP_MDI_*.  If MDI(-X) control is not implemented, reads
+ * yield %ETH_TP_MDI_INVALID and writes may be ignored or rejected.
+ * When written successfully, the link should be renegotiated if
+ * necessary.
+ * @lp_advertising: Bitmask of %ADVERTISED_* flags for the link modes
+ * and other link features that the link partner advertised
+ * through autonegotiation; 0 if unknown or not applicable.
+ * Read-only.
+ *
+ * The link speed in Mbps is split between @speed and @speed_hi.  Use
+ * the ethtool_cmd_speed() and ethtool_cmd_speed_set() functions to
+ * access it.
+ *
+ * If autonegotiation is disabled, the speed and @duplex represent the
+ * fixed link mode and are writable if the driver supports multiple
+ * link modes.  If it is enabled then they are read-only; if the link
+ * is up they represent the negotiated link mode; if the link is down,
+ * the speed is 0, %SPEED_UNKNOWN or the highest enabled speed and
+ * @duplex is 

[Qemu-devel] [PATCH v2 3/3] virtio-net: add linkspeed and duplex settings to virtio-net

[Jason Baron via Qemu-devel]

Although linkspeed and duplex can be set in a linux guest via 'ethtool -s',
this requires custom ethtool commands for virtio-net by default.

Introduce a new feature flag, VIRTIO_NET_F_SPEED_DUPLEX, which allows
the hypervisor to export a linkspeed and duplex setting. The user can
subsequently overwrite it later if desired via: 'ethtool -s'.

Linkspeed and duplex settings can be set as:
'-device virtio-net,speed=1,duplex=full'

where speed is [0...INT_MAX], and duplex is ["half"|"full"].

Signed-off-by: Jason Baron 
Cc: "Michael S. Tsirkin" 
Cc: Jason Wang 
Cc: virtio-...@lists.oasis-open.org
---
 hw/net/virtio-net.c| 26 ++
 include/hw/virtio/virtio-net.h |  3 +++
 2 files changed, 29 insertions(+)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 4feaa49..c3ce7d2 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -26,6 +26,7 @@
 #include "qapi-event.h"
 #include "hw/virtio/virtio-access.h"
 #include "migration/misc.h"
+#include "standard-headers/linux/ethtool.h"
 
 #define VIRTIO_NET_VM_VERSION11
 
@@ -61,6 +62,8 @@ static VirtIOFeature feature_sizes[] = {
  .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
 {.flags = 1ULL << VIRTIO_NET_F_MTU,
  .end = endof(struct virtio_net_config, mtu)},
+{.flags = 1ULL << VIRTIO_NET_F_SPEED_DUPLEX,
+ .end = endof(struct virtio_net_config, duplex)},
 {}
 };
 
@@ -89,6 +92,8 @@ static void virtio_net_get_config(VirtIODevice *vdev, uint8_t 
*config)
 virtio_stw_p(vdev, _virtqueue_pairs, n->max_queues);
 virtio_stw_p(vdev, , n->net_conf.mtu);
 memcpy(netcfg.mac, n->mac, ETH_ALEN);
+virtio_stl_p(vdev, , n->net_conf.speed);
+netcfg.duplex = n->net_conf.duplex;
 memcpy(config, , n->config_size);
 }
 
@@ -1941,6 +1946,25 @@ static void virtio_net_device_realize(DeviceState *dev, 
Error **errp)
 n->host_features |= (1ULL << VIRTIO_NET_F_MTU);
 }
 
+if (n->net_conf.duplex_str) {
+if (strncmp(n->net_conf.duplex_str, "half", 5) == 0) {
+n->net_conf.duplex = DUPLEX_HALF;
+} else if (strncmp(n->net_conf.duplex_str, "full", 5) == 0) {
+n->net_conf.duplex = DUPLEX_FULL;
+} else {
+error_setg(errp, "'duplex' must be 'half' or 'full'");
+}
+n->host_features |= (1ULL << VIRTIO_NET_F_SPEED_DUPLEX);
+} else {
+n->net_conf.duplex = DUPLEX_UNKNOWN;
+}
+
+if (n->net_conf.speed < SPEED_UNKNOWN) {
+error_setg(errp, "'speed' must be between 0 and INT_MAX");
+} else if (n->net_conf.speed >= 0) {
+n->host_features |= (1ULL << VIRTIO_NET_F_SPEED_DUPLEX);
+}
+
 virtio_net_set_config_size(n, n->host_features);
 virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size);
 
@@ -2161,6 +2185,8 @@ static Property virtio_net_properties[] = {
 DEFINE_PROP_UINT16("host_mtu", VirtIONet, net_conf.mtu, 0),
 DEFINE_PROP_BOOL("x-mtu-bypass-backend", VirtIONet, mtu_bypass_backend,
  true),
+DEFINE_PROP_INT32("speed", VirtIONet, net_conf.speed, SPEED_UNKNOWN),
+DEFINE_PROP_STRING("duplex", VirtIONet, net_conf.duplex_str),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h
index e7634c9..02484dc 100644
--- a/include/hw/virtio/virtio-net.h
+++ b/include/hw/virtio/virtio-net.h
@@ -38,6 +38,9 @@ typedef struct virtio_net_conf
 uint16_t rx_queue_size;
 uint16_t tx_queue_size;
 uint16_t mtu;
+int32_t speed;
+char *duplex_str;
+uint8_t duplex;
 } virtio_net_conf;
 
 /* Maximum packet size we can receive from tap device: header + 64k */
-- 
2.7.4

[Qemu-devel] [PATCH v2 2/3] virtio-net: use 64-bit values for feature flags

[Jason Baron via Qemu-devel]

In prepartion for using some of the high order feature bits, make sure that
virtio-net uses 64-bit values everywhere.

Signed-off-by: Jason Baron 
Cc: "Michael S. Tsirkin" 
Cc: Jason Wang 
Cc: virtio-...@lists.oasis-open.org
---
 hw/net/virtio-net.c| 55 +-
 include/hw/virtio/virtio-net.h |  2 +-
 2 files changed, 29 insertions(+), 28 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 369d40b..4feaa49 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -48,18 +48,18 @@
 (offsetof(container, field) + sizeof(((container *)0)->field))
 
 typedef struct VirtIOFeature {
-uint32_t flags;
+uint64_t flags;
 size_t end;
 } VirtIOFeature;
 
 static VirtIOFeature feature_sizes[] = {
-{.flags = 1 << VIRTIO_NET_F_MAC,
+{.flags = 1ULL << VIRTIO_NET_F_MAC,
  .end = endof(struct virtio_net_config, mac)},
-{.flags = 1 << VIRTIO_NET_F_STATUS,
+{.flags = 1ULL << VIRTIO_NET_F_STATUS,
  .end = endof(struct virtio_net_config, status)},
-{.flags = 1 << VIRTIO_NET_F_MQ,
+{.flags = 1ULL << VIRTIO_NET_F_MQ,
  .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
-{.flags = 1 << VIRTIO_NET_F_MTU,
+{.flags = 1ULL << VIRTIO_NET_F_MTU,
  .end = endof(struct virtio_net_config, mtu)},
 {}
 };
@@ -1938,7 +1938,7 @@ static void virtio_net_device_realize(DeviceState *dev, 
Error **errp)
 int i;
 
 if (n->net_conf.mtu) {
-n->host_features |= (0x1 << VIRTIO_NET_F_MTU);
+n->host_features |= (1ULL << VIRTIO_NET_F_MTU);
 }
 
 virtio_net_set_config_size(n, n->host_features);
@@ -2109,45 +2109,46 @@ static const VMStateDescription vmstate_virtio_net = {
 };
 
 static Property virtio_net_properties[] = {
-DEFINE_PROP_BIT("csum", VirtIONet, host_features, VIRTIO_NET_F_CSUM, true),
-DEFINE_PROP_BIT("guest_csum", VirtIONet, host_features,
+DEFINE_PROP_BIT64("csum", VirtIONet, host_features,
+VIRTIO_NET_F_CSUM, true),
+DEFINE_PROP_BIT64("guest_csum", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_CSUM, true),
-DEFINE_PROP_BIT("gso", VirtIONet, host_features, VIRTIO_NET_F_GSO, true),
-DEFINE_PROP_BIT("guest_tso4", VirtIONet, host_features,
+DEFINE_PROP_BIT64("gso", VirtIONet, host_features, VIRTIO_NET_F_GSO, true),
+DEFINE_PROP_BIT64("guest_tso4", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_TSO4, true),
-DEFINE_PROP_BIT("guest_tso6", VirtIONet, host_features,
+DEFINE_PROP_BIT64("guest_tso6", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_TSO6, true),
-DEFINE_PROP_BIT("guest_ecn", VirtIONet, host_features,
+DEFINE_PROP_BIT64("guest_ecn", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_ECN, true),
-DEFINE_PROP_BIT("guest_ufo", VirtIONet, host_features,
+DEFINE_PROP_BIT64("guest_ufo", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_UFO, true),
-DEFINE_PROP_BIT("guest_announce", VirtIONet, host_features,
+DEFINE_PROP_BIT64("guest_announce", VirtIONet, host_features,
 VIRTIO_NET_F_GUEST_ANNOUNCE, true),
-DEFINE_PROP_BIT("host_tso4", VirtIONet, host_features,
+DEFINE_PROP_BIT64("host_tso4", VirtIONet, host_features,
 VIRTIO_NET_F_HOST_TSO4, true),
-DEFINE_PROP_BIT("host_tso6", VirtIONet, host_features,
+DEFINE_PROP_BIT64("host_tso6", VirtIONet, host_features,
 VIRTIO_NET_F_HOST_TSO6, true),
-DEFINE_PROP_BIT("host_ecn", VirtIONet, host_features,
+DEFINE_PROP_BIT64("host_ecn", VirtIONet, host_features,
 VIRTIO_NET_F_HOST_ECN, true),
-DEFINE_PROP_BIT("host_ufo", VirtIONet, host_features,
+DEFINE_PROP_BIT64("host_ufo", VirtIONet, host_features,
 VIRTIO_NET_F_HOST_UFO, true),
-DEFINE_PROP_BIT("mrg_rxbuf", VirtIONet, host_features,
+DEFINE_PROP_BIT64("mrg_rxbuf", VirtIONet, host_features,
 VIRTIO_NET_F_MRG_RXBUF, true),
-DEFINE_PROP_BIT("status", VirtIONet, host_features,
+DEFINE_PROP_BIT64("status", VirtIONet, host_features,
 VIRTIO_NET_F_STATUS, true),
-DEFINE_PROP_BIT("ctrl_vq", VirtIONet, host_features,
+DEFINE_PROP_BIT64("ctrl_vq", VirtIONet, host_features,
 VIRTIO_NET_F_CTRL_VQ, true),
-DEFINE_PROP_BIT("ctrl_rx", VirtIONet, host_features,
+DEFINE_PROP_BIT64("ctrl_rx", VirtIONet, host_features,
 VIRTIO_NET_F_CTRL_RX, true),
-DEFINE_PROP_BIT("ctrl_vlan", VirtIONet, host_features,
+DEFINE_PROP_BIT64("ctrl_vlan", VirtIONet, host_features,
 VIRTIO_NET_F_CTRL_VLAN, true),
-DEFINE_PROP_BIT("ctrl_rx_extra", VirtIONet, host_features,
+DEFINE_PROP_BIT64("ctrl_rx_extra", VirtIONet, host_features,
 VIRTIO_NET_F_CTRL_RX_EXTRA, true),
-

Re: [Qemu-devel] [RFC v10 00/24] Multifd

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180307110010.2205-1-quint...@redhat.com
Subject: [Qemu-devel] [RFC v10 00/24] Multifd

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
0d4c2b3560 migration: Send pages through the multifd channels
dfd20c6d98 migration: Create pages structure for reception
24414a65b0 migration: Create ram_multifd_page
2d73c8a690 migration: Transmit initial package through the multifd channels
cfe7de3af1 migration: Delay start of migration main routines
c753eaf6af migration: Create multifd channels
870345 migration: Add multifd traces for start/end thread
17e961cc77 migration: Export functions to create send channels
94f824225d migration: Synchronize recv threads
7f34d667a9 migration: Synchronize send threads
4a4b00a54d migration: Be sure all recv channels are created
c97d843216 migration: Introduce multifd_recv_new_channel()
8a13787f66 migration: Reference counting recv channels correctly
577fbe0895 migration: terminate_* can be called for other threads
d4f0966d50 migration: In case of error just end the migration
c9443cf0c7 migration: Set error state in case of error
caea778e74 migration: Add multifd test
eab612ab0a tests: Add migration compress threads tests
849a3b52d2 tests: Add basic migration precopy tcp test
5ce68931c2 tests: Migration ppc now inlines its program
5f046ff880 migration: Set the migration tcp port
4a55e7ead3 migration: Create tcp_port parameter
0daf31aeec tests: Add migration xbzrle test
2d9ce85e32 tests: Add migration precopy test

=== OUTPUT BEGIN ===
Checking PATCH 1/24: tests: Add migration precopy test...
Checking PATCH 2/24: tests: Add migration xbzrle test...
Checking PATCH 3/24: migration: Create tcp_port parameter...
Checking PATCH 4/24: migration: Set the migration tcp port...
Checking PATCH 5/24: tests: Migration ppc now inlines its program...
Checking PATCH 6/24: tests: Add basic migration precopy tcp test...
Checking PATCH 7/24: tests: Add migration compress threads tests...
Checking PATCH 8/24: migration: Add multifd test...
Checking PATCH 9/24: migration: Set error state in case of error...
Checking PATCH 10/24: migration: In case of error just end the migration...
Checking PATCH 11/24: migration: terminate_* can be called for other threads...
Checking PATCH 12/24: migration: Reference counting recv channels correctly...
Checking PATCH 13/24: migration: Introduce multifd_recv_new_channel()...
Checking PATCH 14/24: migration: Be sure all recv channels are created...
Checking PATCH 15/24: migration: Synchronize send threads...
Checking PATCH 16/24: migration: Synchronize recv threads...
Checking PATCH 17/24: migration: Export functions to create send channels...
Checking PATCH 18/24: migration: Add multifd traces for start/end thread...
Checking PATCH 19/24: migration: Create multifd channels...
ERROR: do not initialise statics to 0 or NULL
#109: FILE: migration/ram.c:735:
+static int i = 0;

total: 1 errors, 0 warnings, 100 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 20/24: migration: Delay start of migration main routines...
Checking PATCH 21/24: migration: Transmit initial package through the multifd 
channels...
Checking PATCH 22/24: migration: Create ram_multifd_page...
ERROR: do not initialise statics to 0 or NULL
#184: FILE: migration/ram.c:660:
+static int next_channel = 0;

ERROR: space prohibited before that close parenthesis ')'
#204: FILE: migration/ram.c:680:
+for (i = next_channel;; i = (i + 1) % migrate_multifd_channels() ) {

total: 2 errors, 0 warnings, 250 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 23/24: migration: Create pages structure for reception...
Checking PATCH 24/24: migration: Send pages through the multifd channels...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH v4 0/5] hw/acpi-build: build SRAT memory affinity structures for DIMM devices

[Haozhong Zhang]

On 03/08/18 10:33 +0800, Haozhong Zhang wrote:
> (Patch 5 is only for reviewers to run test cases in patch 4)
> 
> ACPI 6.2A Table 5-129 "SPA Range Structure" requires the proximity
> domain of a NVDIMM SPA range must match with corresponding entry in
> SRAT table.
> 
> The address ranges of vNVDIMM in QEMU are allocated from the
> hot-pluggable address space, which is entirely covered by one SRAT
> memory affinity structure. However, users can set the vNVDIMM
> proximity domain in NFIT SPA range structure by the 'node' property of
> '-device nvdimm' to a value different than the one in the above SRAT
> memory affinity structure.
> 
> In order to solve such proximity domain mismatch, this patch builds
> one SRAT memory affinity structure for each DIMM device present at
> boot time, including both PC-DIMM and NVDIMM, with the proximity
> domain specified in '-device pc-dimm' or '-device nvdimm'.
> 
> The remaining hot-pluggable address space is covered by one or multiple
> SRAT memory affinity structures with the proximity domain of the last
> node as before.
> 
> Changes in v4:
>  * (Patch 1) Update the commit message and add R-b from Igor Mammedov.
>  * (Patch 2) Rebase on misc.json and update the commit message.
>  * (Patch 3) Directly use di-addr and di-node.
>  * (Patch 4) Drop the previous v3 patch 3 and add '-machine nvdimm=on'
 ^^ should be 'v3 patch 4'
 
>to parameters of test_acpi_one().
>  * (Patch 4) Put PC-DIMM and NVDIMM to different numa nodes.
>  * (Patch 4&5) Move binary blobs of ACPI tables to DO-NOT-APPLY patch 5.
> 
> Changes in v3:
>  * (Patch 1&2) Use qmp_pc_dimm_device_list to get information of DIMM
>devices and move it to separate patches.
>  * (Patch 3) Replace while loop by a more readable for loop.
>  * (Patch 3) Refactor the flag setting code.
>  * (Patch 3) s/'static-plugged'/'present at boot time' in commit message.
> 
> Changes in v2:
>  * Build SRAT memory affinity structures of PC-DIMM devices as well.
>  * Add test cases.
> 
> 
> Haozhong Zhang (5):
>   pc-dimm: make qmp_pc_dimm_device_list() sort devices by address
>   qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList
>   hw/acpi-build: build SRAT memory affinity structures for DIMM devices
>   tests/bios-tables-test: add test cases for DIMM proximity
>   [DO NOT APPLY] test/acpi-test-data: add ACPI tables for dimmpxm test
> 
>  hmp.c |  14 +++--
>  hw/i386/acpi-build.c  |  57 ++--
>  hw/mem/pc-dimm.c  |  99 
> --
>  hw/ppc/spapr.c|   3 +-
>  include/hw/mem/pc-dimm.h  |   2 +-
>  numa.c|  23 
>  qapi/misc.json|  18 ++-
>  qmp.c |   7 +--
>  stubs/qmp_pc_dimm.c   |   4 +-
>  tests/acpi-test-data/pc/APIC.dimmpxm  | Bin 0 -> 144 bytes
>  tests/acpi-test-data/pc/DSDT.dimmpxm  | Bin 0 -> 6803 bytes
>  tests/acpi-test-data/pc/NFIT.dimmpxm  | Bin 0 -> 224 bytes
>  tests/acpi-test-data/pc/SRAT.dimmpxm  | Bin 0 -> 472 bytes
>  tests/acpi-test-data/pc/SSDT.dimmpxm  | Bin 0 -> 685 bytes
>  tests/acpi-test-data/q35/APIC.dimmpxm | Bin 0 -> 144 bytes
>  tests/acpi-test-data/q35/DSDT.dimmpxm | Bin 0 -> 9487 bytes
>  tests/acpi-test-data/q35/NFIT.dimmpxm | Bin 0 -> 224 bytes
>  tests/acpi-test-data/q35/SRAT.dimmpxm | Bin 0 -> 472 bytes
>  tests/acpi-test-data/q35/SSDT.dimmpxm | Bin 0 -> 685 bytes
>  tests/bios-tables-test.c  |  38 +
>  20 files changed, 198 insertions(+), 67 deletions(-)
>  create mode 100644 tests/acpi-test-data/pc/APIC.dimmpxm
>  create mode 100644 tests/acpi-test-data/pc/DSDT.dimmpxm
>  create mode 100644 tests/acpi-test-data/pc/NFIT.dimmpxm
>  create mode 100644 tests/acpi-test-data/pc/SRAT.dimmpxm
>  create mode 100644 tests/acpi-test-data/pc/SSDT.dimmpxm
>  create mode 100644 tests/acpi-test-data/q35/APIC.dimmpxm
>  create mode 100644 tests/acpi-test-data/q35/DSDT.dimmpxm
>  create mode 100644 tests/acpi-test-data/q35/NFIT.dimmpxm
>  create mode 100644 tests/acpi-test-data/q35/SRAT.dimmpxm
>  create mode 100644 tests/acpi-test-data/q35/SSDT.dimmpxm
> 
> -- 
> 2.14.1
> 

Re: [Qemu-devel] [PATCH] tests/boot-serial: Check the 40p machine, too

[David Gibson]

On Wed, Mar 07, 2018 at 01:15:15PM +0100, Thomas Huth wrote:
> The "40p" machine is using the Open Hack'Ware BIOS, just like the "prep"
> machine, so we can test it accordingly with the boot-serial tester, too.
> While we're at it, also change the strings that we are using for the
> "prep" machine, so that this test now also checks some CLI parameters.
> 
> Signed-off-by: Thomas Huth 

Applied, thanks.

> ---
>  NB: The 40p machine is currently broken - when the emulator is quit,
>  there is a rcu_read_unlock assertion message printed out. This test
>  here succeeds anyway since the qtest framework does not care about
>  errors in the shutdown path yet.
> 
>  tests/boot-serial-test.c | 6 --
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
> index ece25c6..5b24cd2 100644
> --- a/tests/boot-serial-test.c
> +++ b/tests/boot-serial-test.c
> @@ -75,11 +75,13 @@ typedef struct testdef {
>  static testdef_t tests[] = {
>  { "alpha", "clipper", "", "PCI:" },
>  { "ppc", "ppce500", "", "U-Boot" },
> -{ "ppc", "prep", "", "Open Hack'Ware BIOS" },
> +{ "ppc", "prep", "-m 96", "Memory size: 96 MB" },
> +{ "ppc", "40p", "-boot d", "Booting from device d" },
>  { "ppc", "g3beige", "", "PowerPC,750" },
>  { "ppc", "mac99", "", "PowerPC,G4" },
>  { "ppc64", "ppce500", "", "U-Boot" },
> -{ "ppc64", "prep", "", "Open Hack'Ware BIOS" },
> +{ "ppc64", "prep", "-boot e", "Booting from device e" },
> +{ "ppc64", "40p", "-m 192", "Memory size: 192 MB" },
>  { "ppc64", "mac99", "", "PowerPC,970FX" },
>  { "ppc64", "pseries", "", "Open Firmware" },
>  { "ppc64", "powernv", "-cpu POWER8", "OPAL" },

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v10 10/24] migration: In case of error just end the migration

[Eric Blake]

On 03/07/2018 05:52 AM, Daniel P. Berrangé wrote:

On Wed, Mar 07, 2018 at 11:59:56AM +0100, Juan Quintela wrote:

Signed-off-by: Juan Quintela 
---
  migration/socket.c | 6 ++
  1 file changed, 2 insertions(+), 4 deletions(-)


Reviewed-by: Daniel P. Berrangé 




It will only return NULL if a client connected & then went away. This should
not happen with a "normal" mgmt app usage. On the flip side this allows a
malicious network attacker to inflict a denial of service on the migration
by simply connecting to target QEMU & immediately exiting.

Our "authentication" for migration relies on being able to validate the TLS
certs during TLS handshake. So in general we ought to allow repeated incoming
connections until we get a successful handshake.


Indeed, our NBD code had some CVE fixes last year where a rogue 'nc' 
process could cause denial of service by connecting and hanging up 
immediately, until we fixed it to retry until the first client that 
actually got past the handshake.  We don't need to repeat CVEs like that.




So in fact, I think a better fix here is to simply remove the original
'error_report' line, and ensure we return G_SOURCE_CONTINUE to wait for
another incoming connection from the real mgmt app.



--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH] hw/ppc/prep: Fix implicit creation of "-drive if=scsi" devices

[David Gibson]

On Wed, Mar 07, 2018 at 10:08:14AM +0100, Thomas Huth wrote:
> The global hack for creating SCSI devices has recently been removed,
> but this apparently broke SCSI devices on some boards that were not
> ready for this change yet. For the 40p machine you now get:
> 
> $ ppc64-softmmu/qemu-system-ppc64 -M 40p -cdrom x.iso
> qemu-system-ppc64: -cdrom x.iso: machine type does not support 
> if=scsi,bus=0,unit=2
> 
> Fix it by providing a lsi53c810_create() function that takes care
> of calling scsi_bus_legacy_handle_cmdline() after creating the
> corresponding SCSI controller.
> 
> Fixes: 1454509726719e0933c800fad00d6999752688ea
> Signed-off-by: Thomas Huth 

Applied, thanks.

> ---
>  hw/ppc/prep.c| 2 +-
>  hw/scsi/lsi53c895a.c | 7 +++
>  include/hw/pci/pci.h | 1 +
>  3 files changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
> index 096d4d4..3361509 100644
> --- a/hw/ppc/prep.c
> +++ b/hw/ppc/prep.c
> @@ -788,7 +788,7 @@ static void ibm_40p_init(MachineState *machine)
>  qdev_prop_set_uint32(dev, "equipment", 0xc0);
>  qdev_init_nofail(dev);
>  
> -pci_create_simple(pci_bus, PCI_DEVFN(1, 0), "lsi53c810");
> +lsi53c810_create(pci_bus, PCI_DEVFN(1, 0));
>  
>  /* XXX: s3-trio at PCI_DEVFN(2, 0) */
>  pci_vga_init(pci_bus);
> diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
> index f3d4c4d..160657f 100644
> --- a/hw/scsi/lsi53c895a.c
> +++ b/hw/scsi/lsi53c895a.c
> @@ -2279,3 +2279,10 @@ void lsi53c895a_create(PCIBus *bus)
>  
>  scsi_bus_legacy_handle_cmdline(>bus);
>  }
> +
> +void lsi53c810_create(PCIBus *bus, int devfn)
> +{
> +LSIState *s = LSI53C895A(pci_create_simple(bus, devfn, "lsi53c810"));
> +
> +scsi_bus_legacy_handle_cmdline(>bus);
> +}
> diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
> index d8c18c7..e255941 100644
> --- a/include/hw/pci/pci.h
> +++ b/include/hw/pci/pci.h
> @@ -708,6 +708,7 @@ PCIDevice *pci_create(PCIBus *bus, int devfn, const char 
> *name);
>  PCIDevice *pci_create_simple(PCIBus *bus, int devfn, const char *name);
>  
>  void lsi53c895a_create(PCIBus *bus);
> +void lsi53c810_create(PCIBus *bus, int devfn);
>  
>  qemu_irq pci_allocate_irq(PCIDevice *pci_dev);
>  void pci_set_irq(PCIDevice *pci_dev, int level);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] hw/misc/macio: Mark the macio devices with user_creatable = false

[David Gibson]

On Wed, Mar 07, 2018 at 03:22:54PM +0100, Thomas Huth wrote:
> The macio devices currently cause a crash when the user tries to
> instantiate them on a different machine:
> 
> $ ppc64-softmmu/qemu-system-ppc64 -device macio-newworld
> Unexpected error in qemu_chr_fe_init() at chardev/char-fe.c:222:
> qemu-system-ppc64: -device macio-newworld: Device 'serial0' is in use
> Aborted (core dumped)
> 
> These devices are clearly not intended to be creatable by the user
> since they are using serial_hds[] directly in their instance_init
> function. So let's mark them with user_creatable = false.
> 
> Signed-off-by: Thomas Huth 

Applied, thanks.

> ---
>  hw/misc/macio/macio.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
> index af1bd46..454244f 100644
> --- a/hw/misc/macio/macio.c
> +++ b/hw/misc/macio/macio.c
> @@ -406,6 +406,8 @@ static void macio_class_init(ObjectClass *klass, void 
> *data)
>  k->class_id = PCI_CLASS_OTHERS << 8;
>  dc->props = macio_properties;
>  set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
> +/* Reason: Uses serial_hds in macio_instance_init */
> +dc->user_creatable = false;
>  }
>  
>  static const TypeInfo macio_oldworld_type_info = {

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v4 2/5] qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList

[Haozhong Zhang]

It may need to treat PC-DIMM and NVDIMM differently, e.g., when
deciding the necessity of non-volatile flag bit in SRAT memory
affinity structures.

NVDIMMDeviceInfo, which inherits from PCDIMMDeviceInfo, is added to
union type MemoryDeviceInfo to record information of NVDIMM devices.
The NVDIMM-specific data is currently left empty and will be filled
when necessary in the future.

It also fixes "info memory-devices"/query-memory-devices which
currently show nvdimm devices as dimm devices since
object_dynamic_cast(obj, TYPE_PC_DIMM) happily cast nvdimm to
TYPE_PC_DIMM which it's been inherited from.

Signed-off-by: Haozhong Zhang 
---
 hmp.c| 14 +++---
 hw/mem/pc-dimm.c | 20 ++--
 numa.c   | 19 +--
 qapi/misc.json   | 18 +-
 4 files changed, 59 insertions(+), 12 deletions(-)

diff --git a/hmp.c b/hmp.c
index 016cb5c4f1..692cb81868 100644
--- a/hmp.c
+++ b/hmp.c
@@ -2421,7 +2421,18 @@ void hmp_info_memory_devices(Monitor *mon, const QDict 
*qdict)
 switch (value->type) {
 case MEMORY_DEVICE_INFO_KIND_DIMM:
 di = value->u.dimm.data;
+break;
+
+case MEMORY_DEVICE_INFO_KIND_NVDIMM:
+di = qapi_NVDIMMDeviceInfo_base(value->u.nvdimm.data);
+break;
+
+default:
+di = NULL;
+break;
+}
 
+if (di) {
 monitor_printf(mon, "Memory device [%s]: \"%s\"\n",
MemoryDeviceInfoKind_str(value->type),
di->id ? di->id : "");
@@ -2434,9 +2445,6 @@ void hmp_info_memory_devices(Monitor *mon, const QDict 
*qdict)
di->hotplugged ? "true" : "false");
 monitor_printf(mon, "  hotpluggable: %s\n",
di->hotpluggable ? "true" : "false");
-break;
-default:
-break;
 }
 }
 }
diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
index 4d050fe2cd..866ecc699a 100644
--- a/hw/mem/pc-dimm.c
+++ b/hw/mem/pc-dimm.c
@@ -20,6 +20,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/mem/pc-dimm.h"
+#include "hw/mem/nvdimm.h"
 #include "qapi/error.h"
 #include "qemu/config-file.h"
 #include "qapi/visitor.h"
@@ -249,10 +250,19 @@ MemoryDeviceInfoList *qmp_pc_dimm_device_list(void)
 Object *obj = OBJECT(dimm);
 MemoryDeviceInfoList *elem = g_new0(MemoryDeviceInfoList, 1);
 MemoryDeviceInfo *info = g_new0(MemoryDeviceInfo, 1);
-PCDIMMDeviceInfo *di = g_new0(PCDIMMDeviceInfo, 1);
+PCDIMMDeviceInfo *di;
+NVDIMMDeviceInfo *ndi;
+bool is_nvdimm = object_dynamic_cast(obj, TYPE_NVDIMM);
 DeviceClass *dc = DEVICE_GET_CLASS(obj);
 DeviceState *dev = DEVICE(obj);
 
+if (!is_nvdimm) {
+di = g_new0(PCDIMMDeviceInfo, 1);
+} else {
+ndi = g_new0(NVDIMMDeviceInfo, 1);
+di = qapi_NVDIMMDeviceInfo_base(ndi);
+}
+
 if (dev->id) {
 di->has_id = true;
 di->id = g_strdup(dev->id);
@@ -265,7 +275,13 @@ MemoryDeviceInfoList *qmp_pc_dimm_device_list(void)
 di->size = object_property_get_uint(obj, PC_DIMM_SIZE_PROP, NULL);
 di->memdev = object_get_canonical_path(OBJECT(dimm->hostmem));
 
-info->u.dimm.data = di;
+if (!is_nvdimm) {
+info->u.dimm.data = di;
+info->type = MEMORY_DEVICE_INFO_KIND_DIMM;
+} else {
+info->u.nvdimm.data = ndi;
+info->type = MEMORY_DEVICE_INFO_KIND_NVDIMM;
+}
 elem->value = info;
 elem->next = NULL;
 if (prev) {
diff --git a/numa.c b/numa.c
index 7ca2bef63f..5f291fc919 100644
--- a/numa.c
+++ b/numa.c
@@ -529,18 +529,25 @@ static void numa_stat_memory_devices(NumaNodeMem 
node_mem[])
 
 if (value) {
 switch (value->type) {
-case MEMORY_DEVICE_INFO_KIND_DIMM: {
+case MEMORY_DEVICE_INFO_KIND_DIMM:
 pcdimm_info = value->u.dimm.data;
+break;
+
+case MEMORY_DEVICE_INFO_KIND_NVDIMM:
+pcdimm_info = qapi_NVDIMMDeviceInfo_base(value->u.nvdimm.data);
+break;
+
+default:
+pcdimm_info = NULL;
+break;
+}
+
+if (pcdimm_info) {
 node_mem[pcdimm_info->node].node_mem += pcdimm_info->size;
 if (pcdimm_info->hotpluggable && pcdimm_info->hotplugged) {
 node_mem[pcdimm_info->node].node_plugged_mem +=
 pcdimm_info->size;
 }
-break;
-}
-
-default:
-break;
 }
 }
 }
diff --git a/qapi/misc.json b/qapi/misc.json
index bd04469a4b..5bcabb0d7a 100644
--- a/qapi/misc.json
+++ 

[Qemu-devel] [PATCH v4 3/5] hw/acpi-build: build SRAT memory affinity structures for DIMM devices

[Haozhong Zhang]

ACPI 6.2A Table 5-129 "SPA Range Structure" requires the proximity
domain of a NVDIMM SPA range must match with corresponding entry in
SRAT table.

The address ranges of vNVDIMM in QEMU are allocated from the
hot-pluggable address space, which is entirely covered by one SRAT
memory affinity structure. However, users can set the vNVDIMM
proximity domain in NFIT SPA range structure by the 'node' property of
'-device nvdimm' to a value different than the one in the above SRAT
memory affinity structure.

In order to solve such proximity domain mismatch, this patch builds
one SRAT memory affinity structure for each DIMM device present at
boot time, including both PC-DIMM and NVDIMM, with the proximity
domain specified in '-device pc-dimm' or '-device nvdimm'.

The remaining hot-pluggable address space is covered by one or multiple
SRAT memory affinity structures with the proximity domain of the last
node as before.

Signed-off-by: Haozhong Zhang 
---
 hw/i386/acpi-build.c | 57 
 1 file changed, 53 insertions(+), 4 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index deb440f286..cb99c63fcf 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2323,6 +2323,56 @@ build_tpm2(GArray *table_data, BIOSLinker *linker, 
GArray *tcpalog)
 #define HOLE_640K_START  (640 * 1024)
 #define HOLE_640K_END   (1024 * 1024)
 
+static void build_srat_hotpluggable_memory(GArray *table_data, uint64_t base,
+   uint64_t len, int default_node)
+{
+MemoryDeviceInfoList *info_list = qmp_pc_dimm_device_list();
+MemoryDeviceInfoList *info;
+MemoryDeviceInfo *mi;
+PCDIMMDeviceInfo *di;
+uint64_t end = base + len, cur, size;
+bool is_nvdimm;
+AcpiSratMemoryAffinity *numamem;
+MemoryAffinityFlags flags;
+
+for (cur = base, info = info_list;
+ cur < end;
+ cur += size, info = info->next) {
+numamem = acpi_data_push(table_data, sizeof *numamem);
+
+if (!info) {
+build_srat_memory(numamem, cur, end - cur, default_node,
+  MEM_AFFINITY_HOTPLUGGABLE | 
MEM_AFFINITY_ENABLED);
+break;
+}
+
+mi = info->value;
+is_nvdimm = (mi->type == MEMORY_DEVICE_INFO_KIND_NVDIMM);
+di = !is_nvdimm ? mi->u.dimm.data :
+  qapi_NVDIMMDeviceInfo_base(mi->u.nvdimm.data);
+
+if (cur < di->addr) {
+build_srat_memory(numamem, cur, di->addr - cur, default_node,
+  MEM_AFFINITY_HOTPLUGGABLE | 
MEM_AFFINITY_ENABLED);
+numamem = acpi_data_push(table_data, sizeof *numamem);
+}
+
+size = di->size;
+
+flags = MEM_AFFINITY_ENABLED;
+if (di->hotpluggable) {
+flags |= MEM_AFFINITY_HOTPLUGGABLE;
+}
+if (is_nvdimm) {
+flags |= MEM_AFFINITY_NON_VOLATILE;
+}
+
+build_srat_memory(numamem, di->addr, size, di->node, flags);
+}
+
+qapi_free_MemoryDeviceInfoList(info_list);
+}
+
 static void
 build_srat(GArray *table_data, BIOSLinker *linker, MachineState *machine)
 {
@@ -2434,10 +2484,9 @@ build_srat(GArray *table_data, BIOSLinker *linker, 
MachineState *machine)
  * providing _PXM method if necessary.
  */
 if (hotplugabble_address_space_size) {
-numamem = acpi_data_push(table_data, sizeof *numamem);
-build_srat_memory(numamem, pcms->hotplug_memory.base,
-  hotplugabble_address_space_size, pcms->numa_nodes - 
1,
-  MEM_AFFINITY_HOTPLUGGABLE | MEM_AFFINITY_ENABLED);
+build_srat_hotpluggable_memory(table_data, pcms->hotplug_memory.base,
+   hotplugabble_address_space_size,
+   pcms->numa_nodes - 1);
 }
 
 build_header(linker, table_data,
-- 
2.14.1

[Qemu-devel] [PATCH v4 4/5] tests/bios-tables-test: add test cases for DIMM proximity

[Haozhong Zhang]

QEMU now builds one SRAT memory affinity structure for each PC-DIMM
and NVDIMM device presented at boot time with the proximity domain
specified in the device option 'node', rather than only one SRAT
memory affinity structure covering the entire hotpluggable address
space with the proximity domain of the last node.

Add test cases on PC and Q35 machines with 4 proximity domains, and
one PC-DIMM and one NVDIMM attached to the 2nd and 3rd proximity
domains respectively. Check whether the QEMU-built SRAT tables match
with the expected ones.

The following ACPI tables need to be added for this test:
  tests/acpi-test-data/pc/APIC.dimmpxm
  tests/acpi-test-data/pc/DSDT.dimmpxm
  tests/acpi-test-data/pc/NFIT.dimmpxm
  tests/acpi-test-data/pc/SRAT.dimmpxm
  tests/acpi-test-data/pc/SSDT.dimmpxm
  tests/acpi-test-data/q35/APIC.dimmpxm
  tests/acpi-test-data/q35/DSDT.dimmpxm
  tests/acpi-test-data/q35/NFIT.dimmpxm
  tests/acpi-test-data/q35/SRAT.dimmpxm
  tests/acpi-test-data/q35/SSDT.dimmpxm
New APIC and DSDT are needed because of the multiple processors
configuration. New NFIT and SSDT are needed because of NVDIMM.

Signed-off-by: Haozhong Zhang 
Suggested-by: Igor Mammedov 
---
 tests/bios-tables-test.c | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 65b271a173..34b55ff812 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -869,6 +869,42 @@ static void test_acpi_piix4_tcg_numamem(void)
 free_test_data();
 }
 
+static void test_acpi_tcg_dimm_pxm(const char *machine)
+{
+test_data data;
+
+memset(, 0, sizeof(data));
+data.machine = machine;
+data.variant = ".dimmpxm";
+test_acpi_one(" -machine nvdimm=on"
+  " -smp 4,sockets=4"
+  " -m 128M,slots=3,maxmem=1G"
+  " -numa node,mem=32M,nodeid=0"
+  " -numa node,mem=32M,nodeid=1"
+  " -numa node,mem=32M,nodeid=2"
+  " -numa node,mem=32M,nodeid=3"
+  " -numa cpu,node-id=0,socket-id=0"
+  " -numa cpu,node-id=1,socket-id=1"
+  " -numa cpu,node-id=2,socket-id=2"
+  " -numa cpu,node-id=3,socket-id=3"
+  " -object memory-backend-ram,id=ram0,size=128M"
+  " -object memory-backend-ram,id=nvm0,size=128M"
+  " -device pc-dimm,id=dimm0,memdev=ram0,node=1"
+  " -device nvdimm,id=dimm1,memdev=nvm0,node=2",
+  );
+free_test_data();
+}
+
+static void test_acpi_q35_tcg_dimm_pxm(void)
+{
+test_acpi_tcg_dimm_pxm(MACHINE_Q35);
+}
+
+static void test_acpi_piix4_tcg_dimm_pxm(void)
+{
+test_acpi_tcg_dimm_pxm(MACHINE_PC);
+}
+
 int main(int argc, char *argv[])
 {
 const char *arch = qtest_get_arch();
@@ -893,6 +929,8 @@ int main(int argc, char *argv[])
 qtest_add_func("acpi/q35/memhp", test_acpi_q35_tcg_memhp);
 qtest_add_func("acpi/piix4/numamem", test_acpi_piix4_tcg_numamem);
 qtest_add_func("acpi/q35/numamem", test_acpi_q35_tcg_numamem);
+qtest_add_func("acpi/piix4/dimmpxm", test_acpi_piix4_tcg_dimm_pxm);
+qtest_add_func("acpi/q35/dimmpxm", test_acpi_q35_tcg_dimm_pxm);
 }
 ret = g_test_run();
 boot_sector_cleanup(disk);
-- 
2.14.1

[Qemu-devel] [PATCH v4 5/5] [DO NOT APPLY] test/acpi-test-data: add ACPI tables for dimmpxm test

[Haozhong Zhang]

Reviewers can use ACPI tables in this patch to run
test_acpi_{piix4,q35}_tcg_dimm_pxm cases.

Signed-off-by: Haozhong Zhang 
---
 tests/acpi-test-data/pc/APIC.dimmpxm  | Bin 0 -> 144 bytes
 tests/acpi-test-data/pc/DSDT.dimmpxm  | Bin 0 -> 6803 bytes
 tests/acpi-test-data/pc/NFIT.dimmpxm  | Bin 0 -> 224 bytes
 tests/acpi-test-data/pc/SRAT.dimmpxm  | Bin 0 -> 472 bytes
 tests/acpi-test-data/pc/SSDT.dimmpxm  | Bin 0 -> 685 bytes
 tests/acpi-test-data/q35/APIC.dimmpxm | Bin 0 -> 144 bytes
 tests/acpi-test-data/q35/DSDT.dimmpxm | Bin 0 -> 9487 bytes
 tests/acpi-test-data/q35/NFIT.dimmpxm | Bin 0 -> 224 bytes
 tests/acpi-test-data/q35/SRAT.dimmpxm | Bin 0 -> 472 bytes
 tests/acpi-test-data/q35/SSDT.dimmpxm | Bin 0 -> 685 bytes
 10 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 tests/acpi-test-data/pc/APIC.dimmpxm
 create mode 100644 tests/acpi-test-data/pc/DSDT.dimmpxm
 create mode 100644 tests/acpi-test-data/pc/NFIT.dimmpxm
 create mode 100644 tests/acpi-test-data/pc/SRAT.dimmpxm
 create mode 100644 tests/acpi-test-data/pc/SSDT.dimmpxm
 create mode 100644 tests/acpi-test-data/q35/APIC.dimmpxm
 create mode 100644 tests/acpi-test-data/q35/DSDT.dimmpxm
 create mode 100644 tests/acpi-test-data/q35/NFIT.dimmpxm
 create mode 100644 tests/acpi-test-data/q35/SRAT.dimmpxm
 create mode 100644 tests/acpi-test-data/q35/SSDT.dimmpxm

diff --git a/tests/acpi-test-data/pc/APIC.dimmpxm 
b/tests/acpi-test-data/pc/APIC.dimmpxm
new file mode 100644
index 
..427bb08248e6a029c1c988f74f5e48f93ee4ebe0
GIT binary patch
literal 144
zcmZ<^@N}NQz`($`}|BUr=ZD8>jB1F=Cg1H*%VV44G{4#eePWQ5R6Oc0ux
t8ALPkfFuw61CdNzKn!AlSgfo-nis_4Mv!Q`St
z2satx2E`N=aMQdMT8a(WgA(XD`3T!b=-Xbquh3zwpX!}M^3tko0`0>lAoM-={O<3Z
zd+#~tUNX9+w+H74q5rIGXf-QWxnXKL^ie_xw(+l0mu?cfr>xKTP>;cvNKd
zZN0L*q@vzjEEXpS!fT*&}z0An4wf#~3!0MaQZ*c7MUt>Ur6z)%A4w
zYbMH0S#J^9*{thSG2{SKm1}0T%|R4EpawT;X4@cXLcabXMI`&7g7Vz;YE#ddE#1kf
z%Z}A96Ayb_54$>_xJ+?}=`RN^8Mvv#!x0%ye>v!oKX=mPU;jyr$cW9zj@GiWSvI|&
zgc$=lkqFr%%4?U<8+6z1pEYk3O1`gYkx+2OER-~XutQ}fF$UA5x>a@p94sv2mhzgw
zTn6sG{<}-af+Gp3T_*X0=JldqmXA*bub}{86+Emql(E+3fy1t+ocF!IGt5vC!Xn
z_R<>lh({D*k)mrxkBO}63hq5$)?`)?Q<
zo6*3TxygYtODqxvfn|AB*P=~46?(M5=GW-A;y-A}=aF
z%_`CqCuo=u@xYG8@(2e4@W{ZU)a0We>Y19=rYZ8A$q?cwXb^*$fyJuCeLMqD7
zF``l^Xq9~RDkv=*ZG$O)Cv;ov5#wTJ@@6UqtEf(Cebo+oL-Khud#p
z_lPJ>NTG_OtTPOIRcDUbY7=i(=(!&0JgX$1bXd>(q{9TVkU2e;@jJLoVe>bA)C(@Z3l0hArwVnWnY346q-MP>Va{ZdtN&=vj+{7gHqZ2iqQbjD0Kt&-yU+qziNIVta($cE527rU}6uBxD*2
z2$m-q*2>DBW^-Rmlcbn{C}r?31^@PlIuqm|I)Uz~Sx2v1O|cLOh=nzicKA6ly`Y|KyH*;|w5rNBH7Av{H3%X!
zsZ;)DtEpg((N*Ze-Brr<;K0+^&7-1kwyKc{HsuFbMl&~awL5pckM8|Gw|o2JJNI^P
z-Ts)^R5KgvVfoE4wnoVd@`9$JMnh2fRpbRr+Yc|IP$oGI4;-!Dw5ZlHu2U!oc}gTr
zGju35vj`G3tJ=r`QZKi2YTBtc>#|3%)9_!9V+DQjjupD*OmgWx<*s7qRV
z^|!*14Z37s%jfeu*reDj>k6OE(1;vi`8T|
z_~Q|Gcy2JMzzKS6#dQAxNvGi
zHJv1dO$0p=&7Odzb9QKEL$2n{qG-Fer#R?ZBi`I5X1S`4E!@E9M#sn~C!_Xf8|YaP
zuP|UcbL1IT(1=YCe71Dt8eAx5BHx(6`IrzAmc-+PP!l6UQJf?c#|g!VP*fKn$JflN
zQ_UA4ME#2><~znURNur{nKEi-P>3^T)6AFi%dom|4rYwof4H-|m+Ky@R>8eBC{qj$
z$9XJMH4|?wgt2+MUonCL1I)n*Gr_Fa4I{UG`;R+V`(#6JwwP!?yfhXU=o2!EMyt}u
z!J`I`2DTc|GH*CJ`{COs;LBu%8CA=n2IiZAnPT8Q3oaKYphW|Vq_I)G4i8JqsdN76
zK1>eKC%AdS<-(?hf9)zy8L)KZNC(MpUqs#E;j>>qadCv_BH?gu5Lky4g_z^7Qmj
z9R%)RFQzFWm-vLKfj_699{OlkEzcWp(nA3ZT;N#QXe}>g
zODzBRmxRD8!{EoeL-7!9N;r^BgXfK)ISb8N(0sj7<-Kn~GweNWly8LCbI`1L
zxJ@_+8x16aMx%xUu+c!0UF^mNjzz&&7k#f3U>
zMa|_U^;L*NgHCRMhtbJ5)m481fz_6dfp#$Hybm$z0!noe;xrG}`X6s6gb9Ri0D)V}
zlws!Kbq%vKe;*2Cbb;yds}BYR>OsajIl`C@Mwc9D7k9?WX^EFptZrBn6m1GC
zt-lxHO$utL`aYE20>P6t`U()dvW<0^TGK!JeuRK3RLw7u{h)?6uj?(=Q#3UY@dYWU
zzblOW?NNpZ@EHZ893Su<;2?dFrZV)?Ao;%s^+7t4Gk#9|dpuJZWC*_8;7=gFCO9Jr
zkq;05{zIVo$9KmI3Z8zDTz?8q!2k!(9=7o7f+oST1YZ{>4gl;QyZ*x0qIQ|3#?F;*
zUVQU{N=R~5GHYflSll0}(&6^NTR>_&2lJJ;^_L4IzOYp%0
zW=s6pqIUmY#B-M_T@8*Mdk;9Aw#gbN9V<)p_-LP_9-U8#CE{a0_}j=xtGI1ykP

[Qemu-devel] [PATCH v4 0/5] hw/acpi-build: build SRAT memory affinity structures for DIMM devices

[Haozhong Zhang]

(Patch 5 is only for reviewers to run test cases in patch 4)

ACPI 6.2A Table 5-129 "SPA Range Structure" requires the proximity
domain of a NVDIMM SPA range must match with corresponding entry in
SRAT table.

The address ranges of vNVDIMM in QEMU are allocated from the
hot-pluggable address space, which is entirely covered by one SRAT
memory affinity structure. However, users can set the vNVDIMM
proximity domain in NFIT SPA range structure by the 'node' property of
'-device nvdimm' to a value different than the one in the above SRAT
memory affinity structure.

In order to solve such proximity domain mismatch, this patch builds
one SRAT memory affinity structure for each DIMM device present at
boot time, including both PC-DIMM and NVDIMM, with the proximity
domain specified in '-device pc-dimm' or '-device nvdimm'.

The remaining hot-pluggable address space is covered by one or multiple
SRAT memory affinity structures with the proximity domain of the last
node as before.

Changes in v4:
 * (Patch 1) Update the commit message and add R-b from Igor Mammedov.
 * (Patch 2) Rebase on misc.json and update the commit message.
 * (Patch 3) Directly use di-addr and di-node.
 * (Patch 4) Drop the previous v3 patch 3 and add '-machine nvdimm=on'
   to parameters of test_acpi_one().
 * (Patch 4) Put PC-DIMM and NVDIMM to different numa nodes.
 * (Patch 4&5) Move binary blobs of ACPI tables to DO-NOT-APPLY patch 5.

Changes in v3:
 * (Patch 1&2) Use qmp_pc_dimm_device_list to get information of DIMM
   devices and move it to separate patches.
 * (Patch 3) Replace while loop by a more readable for loop.
 * (Patch 3) Refactor the flag setting code.
 * (Patch 3) s/'static-plugged'/'present at boot time' in commit message.

Changes in v2:
 * Build SRAT memory affinity structures of PC-DIMM devices as well.
 * Add test cases.


Haozhong Zhang (5):
  pc-dimm: make qmp_pc_dimm_device_list() sort devices by address
  qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList
  hw/acpi-build: build SRAT memory affinity structures for DIMM devices
  tests/bios-tables-test: add test cases for DIMM proximity
  [DO NOT APPLY] test/acpi-test-data: add ACPI tables for dimmpxm test

 hmp.c |  14 +++--
 hw/i386/acpi-build.c  |  57 ++--
 hw/mem/pc-dimm.c  |  99 --
 hw/ppc/spapr.c|   3 +-
 include/hw/mem/pc-dimm.h  |   2 +-
 numa.c|  23 
 qapi/misc.json|  18 ++-
 qmp.c |   7 +--
 stubs/qmp_pc_dimm.c   |   4 +-
 tests/acpi-test-data/pc/APIC.dimmpxm  | Bin 0 -> 144 bytes
 tests/acpi-test-data/pc/DSDT.dimmpxm  | Bin 0 -> 6803 bytes
 tests/acpi-test-data/pc/NFIT.dimmpxm  | Bin 0 -> 224 bytes
 tests/acpi-test-data/pc/SRAT.dimmpxm  | Bin 0 -> 472 bytes
 tests/acpi-test-data/pc/SSDT.dimmpxm  | Bin 0 -> 685 bytes
 tests/acpi-test-data/q35/APIC.dimmpxm | Bin 0 -> 144 bytes
 tests/acpi-test-data/q35/DSDT.dimmpxm | Bin 0 -> 9487 bytes
 tests/acpi-test-data/q35/NFIT.dimmpxm | Bin 0 -> 224 bytes
 tests/acpi-test-data/q35/SRAT.dimmpxm | Bin 0 -> 472 bytes
 tests/acpi-test-data/q35/SSDT.dimmpxm | Bin 0 -> 685 bytes
 tests/bios-tables-test.c  |  38 +
 20 files changed, 198 insertions(+), 67 deletions(-)
 create mode 100644 tests/acpi-test-data/pc/APIC.dimmpxm
 create mode 100644 tests/acpi-test-data/pc/DSDT.dimmpxm
 create mode 100644 tests/acpi-test-data/pc/NFIT.dimmpxm
 create mode 100644 tests/acpi-test-data/pc/SRAT.dimmpxm
 create mode 100644 tests/acpi-test-data/pc/SSDT.dimmpxm
 create mode 100644 tests/acpi-test-data/q35/APIC.dimmpxm
 create mode 100644 tests/acpi-test-data/q35/DSDT.dimmpxm
 create mode 100644 tests/acpi-test-data/q35/NFIT.dimmpxm
 create mode 100644 tests/acpi-test-data/q35/SRAT.dimmpxm
 create mode 100644 tests/acpi-test-data/q35/SSDT.dimmpxm

-- 
2.14.1

[Qemu-devel] [PATCH v4 1/5] pc-dimm: make qmp_pc_dimm_device_list() sort devices by address

[Haozhong Zhang]

Make qmp_pc_dimm_device_list() return sorted by start address
list of devices so that it could be reused in places that
would need sorted list*. Reuse existing pc_dimm_built_list()
to get sorted list.

While at it hide recursive callbacks from callers, so that:

  qmp_pc_dimm_device_list(qdev_get_machine(), );

could be replaced with simpler:

  list = qmp_pc_dimm_device_list();

* follow up patch will use it in build_srat()

Signed-off-by: Haozhong Zhang 
Reviewed-by: Igor Mammedov 
---
 hw/mem/pc-dimm.c | 83 +---
 hw/ppc/spapr.c   |  3 +-
 include/hw/mem/pc-dimm.h |  2 +-
 numa.c   |  4 +--
 qmp.c|  7 +---
 stubs/qmp_pc_dimm.c  |  4 +--
 6 files changed, 50 insertions(+), 53 deletions(-)

diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
index 6e74b61cb6..4d050fe2cd 100644
--- a/hw/mem/pc-dimm.c
+++ b/hw/mem/pc-dimm.c
@@ -162,45 +162,6 @@ uint64_t get_plugged_memory_size(void)
 return pc_existing_dimms_capacity(_abort);
 }
 
-int qmp_pc_dimm_device_list(Object *obj, void *opaque)
-{
-MemoryDeviceInfoList ***prev = opaque;
-
-if (object_dynamic_cast(obj, TYPE_PC_DIMM)) {
-DeviceState *dev = DEVICE(obj);
-
-if (dev->realized) {
-MemoryDeviceInfoList *elem = g_new0(MemoryDeviceInfoList, 1);
-MemoryDeviceInfo *info = g_new0(MemoryDeviceInfo, 1);
-PCDIMMDeviceInfo *di = g_new0(PCDIMMDeviceInfo, 1);
-DeviceClass *dc = DEVICE_GET_CLASS(obj);
-PCDIMMDevice *dimm = PC_DIMM(obj);
-
-if (dev->id) {
-di->has_id = true;
-di->id = g_strdup(dev->id);
-}
-di->hotplugged = dev->hotplugged;
-di->hotpluggable = dc->hotpluggable;
-di->addr = dimm->addr;
-di->slot = dimm->slot;
-di->node = dimm->node;
-di->size = object_property_get_uint(OBJECT(dimm), 
PC_DIMM_SIZE_PROP,
-NULL);
-di->memdev = object_get_canonical_path(OBJECT(dimm->hostmem));
-
-info->u.dimm.data = di;
-elem->value = info;
-elem->next = NULL;
-**prev = elem;
-*prev = >next;
-}
-}
-
-object_child_foreach(obj, qmp_pc_dimm_device_list, opaque);
-return 0;
-}
-
 static int pc_dimm_slot2bitmap(Object *obj, void *opaque)
 {
 unsigned long *bitmap = opaque;
@@ -276,6 +237,50 @@ static int pc_dimm_built_list(Object *obj, void *opaque)
 return 0;
 }
 
+MemoryDeviceInfoList *qmp_pc_dimm_device_list(void)
+{
+GSList *dimms = NULL, *item;
+MemoryDeviceInfoList *list = NULL, *prev = NULL;
+
+object_child_foreach(qdev_get_machine(), pc_dimm_built_list, );
+
+for (item = dimms; item; item = g_slist_next(item)) {
+PCDIMMDevice *dimm = PC_DIMM(item->data);
+Object *obj = OBJECT(dimm);
+MemoryDeviceInfoList *elem = g_new0(MemoryDeviceInfoList, 1);
+MemoryDeviceInfo *info = g_new0(MemoryDeviceInfo, 1);
+PCDIMMDeviceInfo *di = g_new0(PCDIMMDeviceInfo, 1);
+DeviceClass *dc = DEVICE_GET_CLASS(obj);
+DeviceState *dev = DEVICE(obj);
+
+if (dev->id) {
+di->has_id = true;
+di->id = g_strdup(dev->id);
+}
+di->hotplugged = dev->hotplugged;
+di->hotpluggable = dc->hotpluggable;
+di->addr = dimm->addr;
+di->slot = dimm->slot;
+di->node = dimm->node;
+di->size = object_property_get_uint(obj, PC_DIMM_SIZE_PROP, NULL);
+di->memdev = object_get_canonical_path(OBJECT(dimm->hostmem));
+
+info->u.dimm.data = di;
+elem->value = info;
+elem->next = NULL;
+if (prev) {
+prev->next = elem;
+} else {
+list = elem;
+}
+prev = elem;
+}
+
+g_slist_free(dimms);
+
+return list;
+}
+
 uint64_t pc_dimm_get_free_addr(uint64_t address_space_start,
uint64_t address_space_size,
uint64_t *hint, uint64_t align, uint64_t size,
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 7e1c858566..44a0670d11 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -722,8 +722,7 @@ static int spapr_populate_drconf_memory(sPAPRMachineState 
*spapr, void *fdt)
 }
 
 if (hotplug_lmb_start) {
-MemoryDeviceInfoList **prev = 
-qmp_pc_dimm_device_list(qdev_get_machine(), );
+dimms = qmp_pc_dimm_device_list();
 }
 
 /* ibm,dynamic-memory */
diff --git a/include/hw/mem/pc-dimm.h b/include/hw/mem/pc-dimm.h
index d83b957829..1fc479281c 100644
--- a/include/hw/mem/pc-dimm.h
+++ b/include/hw/mem/pc-dimm.h
@@ -93,7 +93,7 @@ uint64_t pc_dimm_get_free_addr(uint64_t address_space_start,
 
 int pc_dimm_get_free_slot(const int *hint, int max_slots, Error **errp);
 
-int 

Re: [Qemu-devel] [edk2] [PATCH v2 2/8] SecurityPkg/Tcg2Pei: drop PeiReadOnlyVariable from Depex

[Zhang, Chao B]

Hi Lureau:
   I think we can remove same dependency in TcgPei. 

-Original Message-
From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of 
marcandre.lur...@redhat.com
Sent: Wednesday, March 7, 2018 11:58 PM
To: edk2-de...@lists.01.org
Cc: qemu-devel@nongnu.org; javi...@redhat.com; pjo...@redhat.com; Yao, Jiewen 
; ler...@redhat.com
Subject: [edk2] [PATCH v2 2/8] SecurityPkg/Tcg2Pei: drop PeiReadOnlyVariable 
from Depex

From: Marc-André Lureau 

The module doesn't use read-only variable.

Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marc-André Lureau 
---
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf 
b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
index bc910c3baf97..a4aae1488ff8 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -91,7 +91,6 @@ [Pcd]
 
 [Depex]
   gEfiPeiMasterBootModePpiGuid AND
-  gEfiPeiReadOnlyVariable2PpiGuid AND
   gEfiTpmDeviceSelectedGuid
 
 [UserExtensions.TianoCore."ExtraFiles"]
-- 
2.16.2.346.g9779355e34

___
edk2-devel mailing list
edk2-de...@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [Qemu-devel] [PATCH v2 1/8] SecurityPkg: also clear HashInterfaceHob.SupportedHashMask

[Zeng, Star]

Reviewed-by: Star Zeng 

Thanks,
Star
-Original Message-
From: Zhang, Chao B 
Sent: Thursday, March 8, 2018 8:35 AM
To: marcandre.lur...@redhat.com; edk2-de...@lists.01.org
Cc: pjo...@redhat.com; Yao, Jiewen ; 
stef...@linux.vnet.ibm.com; ler...@redhat.com; qemu-devel@nongnu.org; 
javi...@redhat.com; Zeng, Star 
Subject: RE: [PATCH v2 1/8] SecurityPkg: also clear 
HashInterfaceHob.SupportedHashMask

Reviewed-by: Chao Zhang

-Original Message-
From: marcandre.lur...@redhat.com [mailto:marcandre.lur...@redhat.com] 
Sent: Wednesday, March 7, 2018 11:58 PM
To: edk2-de...@lists.01.org
Cc: pjo...@redhat.com; Yao, Jiewen ; 
stef...@linux.vnet.ibm.com; ler...@redhat.com; qemu-devel@nongnu.org; 
javi...@redhat.com; Marc-André Lureau ; Zhang, 
Chao B ; Zeng, Star 
Subject: [PATCH v2 1/8] SecurityPkg: also clear 
HashInterfaceHob.SupportedHashMask

From: Marc-André Lureau 

Commit 4cc2b63bd829426b05bad0d8952f1855a10d6ed7 fixed an out of bounds
ZeroMem() call. However, as Laszlo Ersek pointed out, the intent was to clear 
all but the Identifier (to revert the effect of RegisterHashInterfaceLib()). 
For that, it should clear the SupportedHashMask too.

Cc: Jiewen Yao 
Cc: Chao Zhang 
Cc: Star Zeng 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marc-André Lureau 
---
 .../Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c | 1 +
 1 file changed, 1 insertion(+)

diff --git 
a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c 
b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
index 361a4f6508a0..bf6e1336ee76 100644
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRoute
+++ rPei.c
@@ -426,6 +426,7 @@ HashLibBaseCryptoRouterPeiConstructor (
 //
 ZeroMem (>HashInterface, sizeof 
(HashInterfaceHob->HashInterface));
 HashInterfaceHob->HashInterfaceCount = 0;
+HashInterfaceHob->SupportedHashMask = 0;
   }
 
   //
--
2.16.2.346.g9779355e34

Re: [Qemu-devel] [PATCH v2 1/8] SecurityPkg: also clear HashInterfaceHob.SupportedHashMask

[Zhang, Chao B]

Reviewed-by: Chao Zhang

-Original Message-
From: marcandre.lur...@redhat.com [mailto:marcandre.lur...@redhat.com] 
Sent: Wednesday, March 7, 2018 11:58 PM
To: edk2-de...@lists.01.org
Cc: pjo...@redhat.com; Yao, Jiewen ; 
stef...@linux.vnet.ibm.com; ler...@redhat.com; qemu-devel@nongnu.org; 
javi...@redhat.com; Marc-André Lureau ; Zhang, 
Chao B ; Zeng, Star 
Subject: [PATCH v2 1/8] SecurityPkg: also clear 
HashInterfaceHob.SupportedHashMask

From: Marc-André Lureau 

Commit 4cc2b63bd829426b05bad0d8952f1855a10d6ed7 fixed an out of bounds
ZeroMem() call. However, as Laszlo Ersek pointed out, the intent was to clear 
all but the Identifier (to revert the effect of RegisterHashInterfaceLib()). 
For that, it should clear the SupportedHashMask too.

Cc: Jiewen Yao 
Cc: Chao Zhang 
Cc: Star Zeng 
Cc: Laszlo Ersek 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marc-André Lureau 
---
 .../Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c | 1 +
 1 file changed, 1 insertion(+)

diff --git 
a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c 
b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
index 361a4f6508a0..bf6e1336ee76 100644
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRoute
+++ rPei.c
@@ -426,6 +426,7 @@ HashLibBaseCryptoRouterPeiConstructor (
 //
 ZeroMem (>HashInterface, sizeof 
(HashInterfaceHob->HashInterface));
 HashInterfaceHob->HashInterfaceCount = 0;
+HashInterfaceHob->SupportedHashMask = 0;
   }
 
   //
--
2.16.2.346.g9779355e34

Re: [Qemu-devel] [Qemu-block] [PATCH 0/2] block/ssh: Implement .bdrv_refresh_filename()

[Fam Zheng]

On Wed, 03/07 12:50, John Snow wrote:
> It's something I'd like to see patchew do, actually:
> 
> "Here's a list of what's on the list that has no reviews or NACKs, and
> needs some love"

It's not hard to define a search condition for that:

http://patchew.org/search-help

http://patchew.org/search?q=project%3AQEMU+age%3A%3E1m+not%3Areviewed+not%3Areplied+not%3Amerged+is%3Atested+to%3Aqemu-block

> 
> coupled with a 30 day "Hey, nobody looked at this" ping to the list
> before it NACKs a set for being too old.

If the initial landing of the patch didn't get enough attention, chances are the
pings will not change much about it especially it's from a bot.

A summary list sounds good, though.

Fam

Re: [Qemu-devel] block migration and dirty bitmap reset

[Fam Zheng]

On Wed, 03/07 09:06, Peter Lieven wrote:
> Hi,
> 
> while looking at the code I wonder if the blk_aio_preadv and the 
> bdrv_reset_dirty_bitmap order must
> be swapped in mig_save_device_bulk:
> 
> qemu_mutex_lock_iothread();
> aio_context_acquire(blk_get_aio_context(bmds->blk));
> blk->aiocb = blk_aio_preadv(bb, cur_sector * BDRV_SECTOR_SIZE, >qiov,
> 0, blk_mig_read_cb, blk);
> 
> bdrv_reset_dirty_bitmap(bmds->dirty_bitmap, cur_sector * BDRV_SECTOR_SIZE,
> nr_sectors * BDRV_SECTOR_SIZE);
> aio_context_release(blk_get_aio_context(bmds->blk));
> qemu_mutex_unlock_iothread();
> 
> In mig_save_device_dirty we first reset the dirty bitmap and read then which 
> shoulds like
> a better idea.

Yes, that sounds right to me.

Fam

[Qemu-devel] QEMU hackers in the Portland area next week

[Michael Clark]

Hi Folks,

FYI. SiFive is hosting a RISC-V hackathon in Portland at the Embedded Linux 
Conference next week:

Date: Monday, March 12 – Wednesday, March 14 
Time: 10:30am Monday – 1:00pm Wednesday 
Location: Embedded Linux Conference, Hilton Portland Downtown, Skyline II, 
Floor 23 

QEMU is being featured as the preferred full system emulator for teams working 
on the challenges:

- 
https://www.sifive.com/blog/2018/03/03/all-aboard-part-11-risc-v-hackathon-presented-by-sifive/

The challenges are primarily hardware based however I am told there is an open 
category for particularly creative outcomes. One of the challenges is to get a 
browser up and running on the Linux capable HiFive Unleashed board, to run a 
JavaScript benchmark suite the fastest. The HiFive Unleashed board is a fully 
Linux capable SOC, and can tunnel PCIe over SiFive’s chiplink interface, as a 
mezzanine on a Xilinx VC707 FPGA to Xilinx PCIe IP on the FPGA allowing the 
board to run X.org OpenGL graphics with an ATI graphics card using the Open 
Source Radeon Linux drivers on a completely RISC-V based Linux system (this 
challenge is based on the U540 SOC or ‘sifive-u54’ in the RISC-V QEMU port). 
The Open Source graphics setup apparently will be demoed at the SiFive booth 
(Quake on RISC-V). There is also the HiFive1 E-series Arduino compatible board 
with a challenge to implement a software solution to bitbang USB over GPIOs 
(this challenge is based on the E310 SOC or ‘sifive-e31’ in RISC-V QEMU port). 
This would allow the LoFive board to be programmed without requiring a 
proprietary FTDI. The specs for the chips are all open and of course similar 
models can be synthesised in FPGA using the freedom rocket-chip generator. 
There will be lots of HiFive Unleashed boards, HiFive1 boards, and SiFive 
Hardware engineers present. We’ll also have the freedom U Open Source 
soft-cores running on FPGA. This is the hardware that we are trying to model in 
the QEMU RISC-V port, and a large proportion of the HDL is Open Source. One of 
the goals is an Open Source USB solution.

There is QEMU specific development that is relevant for both challenges. 
Bringing up graphical framebuffer on the RISC-V port is probably a good idea 
for the HiFive Unleashed challenge but would be relatively easy for an expert 
QEMU hacker, however bringing up VirGL support in QEMU RISC-V would likely be 
hard enough to qualify as a creative outcome that would benefit both the QEMU 
and RISC-V ecosystem. Pragmatists may just run Xvnc using ssh, however that 
doesn’t really benefit QEMU. There is also a need to add SiFive GPIO support to 
the RISC-V QEMU port ‘sifive_e’ machine, so that we could use QEMU to test 
user-space USB protocol stacks, for the HiFive1/LoFive challenge (however I’m 
likely to be working on GPIO support in my day job, and the intent is more to 
have fun than to get free work).

The idea of the hackathon is to get together Open Source software and hardware 
folk and to have some fun hacking on software that is based on an Open Source 
RISC-V stack from the chip all the way up.

Perhaps something creative might be beating the real hardware with a QEMU based 
solution. I think this is relevant to the QEMU community because we could 
benefit the RISC-V QEMU and Linux ports in the process. There is a really good 
opportunity with an Open Source ISA and platform to re-define a clean slate set 
of interfaces between the firmware and operating system, and QEMU is key 
modelling platforms for full system emulation. We could even have a QEMU BOF.

Anyway, at minimum this is a call to any QEMU developers in the Portland area 
who might be keen to meet up next week.

My focus will certainly be on benefiting QEMU, and i’m almost certainly going 
to be hacking on QEMU during the hackathon.

Regards,
Michael.

P.S. We asked on IRC about posting to the list about this, and the consensus 
amongst who was present, was that it would be relevant if the event could 
benefit QEMU. I think it could…

Re: [Qemu-devel] [PATCH v11 00/28] x86: Secure Encrypted Virtualization (AMD)

[Fam Zheng]

On Thu, Mar 8, 2018 at 4:35 AM, Brijesh Singh  wrote:
> Hi,
>
> I have root caused and fixed the build issue seen with mingw32 compiler,
> the patch is very trivial (see below).
>
> I am looking for direction on how to submit the fix, should I resubmit
> the whole series or just send the updated  patch marked as "Patch v11.1
> ..." ? The "patch v11 11/28" included these headers in sev_i386.h, we
> need to move them in sev.c to fix this issue.

Please increment the version number and submit another whole series.

Fam

Re: [Qemu-devel] [PATCH 0/2] vmmouse: convert qdev pointer property to QOM link relationship

[Zihan Yang]

 Hi Philippe,

Thanks for reviewing my patch. Yes I though about it, a specific header file
with only several lines seems not worth it, but otherwise I would have to
define redundant macro in vmmouse.c. Currently rebundant macro is ok
but if we need some more macros, we would end on creating a specific
header at last, although I'm not sure whether we will really need more
macros in the future.

P.S. I forgot to cc to qemu-devel, so I resend one. I apologize if two
identical
emails look confusing to you.

2018-03-08 4:27 GMT+08:00 Philippe Mathieu-Daudé :

> Hi Zihan Yang,
>
> On 03/07/2018 01:55 PM, Zihan Yang wrote:
> >  Hi all, this is a bitesized patch from me a while ago, it seems a little
> > old but I wonder if there is any opinion about it? Is it still valid?
>
> For a single TYPE use, I'm not sure use a specific header is useful
> (patch #1).
> The 2nd patch looks valid to me but I'm not a QOM link expert.
>
> >
> > Thanks.
> >
> > 2018-02-04 15:28 GMT+08:00 Zihan Yang :
> >
> >> The ps2_mouse property of vmmouse is still pointer type which
> >> is defined by DEFINE_PROP_PTR. But qdev pointer property should
> >> be avoided according to qdev-properties.h. Convert it to
> >> QOM link relationship.
> >>
> >> It involves two patches because it requires the TYPE_I8042
> >> macro which is defined in another file. The first patch put
> >> this macro into a single header file so that the macro can
> >> be used elsewhere. The second patch does the actual work.
> >>
> >> Zihan Yang (2):
> >>   hw/input/pckdb: put TYPE_I8042 into a single header file
> >>   vmmouse: change qdev pointer property to qom link
> >>
> >>  hw/i386/pc.c  |  2 +-
> >>  hw/i386/vmmouse.c | 19 ---
> >>  hw/input/pckbd.c  |  2 +-
> >>  hw/input/pckbd.h  |  6 ++
> >>  4 files changed, 20 insertions(+), 9 deletions(-)
> >>  create mode 100644 hw/input/pckbd.h
> >>
> >> --
> >> 2.7.4
> >>
> >>
>

Re: [Qemu-devel] [RFC PATCH v2 00/22] remove i386/pc dependency: generic SuperIO

[Philippe Mathieu-Daudé]

Hi Paolo,

On 03/07/2018 01:52 PM, Paolo Bonzini wrote:
> On 05/03/2018 22:19, Philippe Mathieu-Daudé wrote:
>> Since v1:
>> - complete rewrite, split out the PIIX devices for another series
>>
>> In this rewrite I extract the common SuperIO code from pc87312.c; use it in
>> few MIPS boards; then as example, easily add a new SuperIO chipset 
>> (SMC37C669)
>> to the dp264 machine.
>>
>> More devices are being converted but I'm running out of time for the soft
>> freeze (mips_r4k, hppa_dino, and the PC ones).
>>
>> This series could be the 'part 2' of my previous "remove i386/pc dependency
>> from non-PC world" I started around 2.9.
>>
>> Philippe Mathieu-Daudé (22):
>>   hw/isa: Move parallel_hds_isa_init() to hw/char/parallel-isa.c
>>   hw/dma/i8257: Rename DMA_init() to i8257_dma_init()
>>   hw/input/i8042: Extract declarations from i386/pc.h into input/i8042.h
>>   hw/isa/pc87312: Rename the device type as TYPE_PC87312_SUPERIO
>>   hw/isa/pc87312: Use uint16_t for the ISA I/O base address
>>   hw/isa/pc87312: Use 'unsigned int' for the irq value
>>   hw/isa/superio: Add a Super I/O template based on the PC87312 device
>>   hw/isa/pc87312: Inherit from the abstract TYPE_ISA_SUPERIO
>>   hw/isa/superio: Factor out the parallel code from pc87312.c
>>   hw/isa/superio: Factor out the serial code from pc87312.c
>>   hw/isa/superio: Factor out the floppy disc controller code from pc87312.c
>>   hw/isa/superio: Add a keyboard/mouse controller (8042)
>>   hw/isa/superio: Factor out the IDE code from pc87312.c
>>   hw/mips/malta: Code movement
>>   hw/isa/superio: Factor out the FDC37M817 Super I/O from mips_malta.c
>>   hw/mips/mips_fulong2e: Factor out vt82c686b_southbridge_init()
>>   hw/isa/vt82c686: Rename vt82c686b_init() -> vt82c686b_isa_init()
>>   hw/isa/vt82c686: Add the TYPE_VT82C686B_SUPERIO
>>   hw/isa/superio: Add the SMC FDC37C669 Super I/O
>>   hw/alpha/dp264: Add the ISA DMA controller
>>   hw/alpha/dp264: Use the TYPE_SMC37C669_SUPERIO
>>   hw/i386/pc: Factor out the superio code
>>
>>  default-configs/alpha-softmmu.mak |   5 +
>>  include/hw/char/parallel.h|  14 +++
>>  include/hw/{isa => dma}/i8257.h   |   6 ++
>>  include/hw/i386/pc.h  |  17 ---
>>  include/hw/input/i8042.h  |  24 +
>>  include/hw/isa/isa.h  |   2 -
>>  include/hw/isa/pc87312.h  |  24 ++---
>>  include/hw/isa/superio.h  |  60 +++
>>  include/hw/isa/vt82c686.h |   4 +-
>>  hw/alpha/dp264.c  |  13 ++-
>>  hw/char/parallel-isa.c|  36 +++
>>  hw/char/parallel.c|   2 +-
>>  hw/dma/i82374.c   |   3 +-
>>  hw/dma/i8257.c|   4 +-
>>  hw/i386/pc.c  |  77 --
>>  hw/i386/vmmouse.c |   1 +
>>  hw/i386/vmport.c  |   1 +
>>  hw/input/pckbd.c  |   2 +-
>>  hw/isa/isa-bus.c  |  26 -
>>  hw/isa/isa-superio.c  | 210 
>> ++
>>  hw/isa/pc87312.c  | 178 ++--
>>  hw/isa/smc37c669-superio.c| 115 +
>>  hw/isa/vt82c686.c |  22 +++-
>>  hw/mips/mips_fulong2e.c   |  85 +++
>>  hw/mips/mips_jazz.c   |   5 +-
>>  hw/mips/mips_malta.c  |  48 -
>>  hw/mips/mips_r4k.c|   3 +-
>>  hw/ppc/prep.c |   6 +-
>>  hw/sparc/sun4m.c  |   4 -
>>  hw/sparc64/sun4u.c|   6 +-
>>  hw/unicore32/puv3.c   |   1 +
>>  hw/char/Makefile.objs |   1 +
>>  hw/isa/Makefile.objs  |   1 +
>>  hw/isa/trace-events   |  10 +-
>>  MAINTAINERS   |   6 +-
>>  35 files changed, 721 insertions(+), 301 deletions(-)
>>  create mode 100644 include/hw/char/parallel.h
>>  rename include/hw/{isa => dma}/i8257.h (86%)
>>  create mode 100644 include/hw/input/i8042.h
>>  create mode 100644 include/hw/isa/superio.h
>>  create mode 100644 hw/char/parallel-isa.c
>>  create mode 100644 hw/isa/isa-superio.c
>>  create mode 100644 hw/isa/smc37c669-superio.c
>>
> 
> Queued, thanks.

Thanks for your trust, but this series is not ready yet :|

It touches various archs/machines and I couldn't test all images yet.

I posted it to get feedback and see if this superio refactor is useful
or not, makes sens. I understand you queuing it means somehow "yes" so
I'll continue to work on it, for now not adding more code but testing it
deeper and fixing few bugs :)

Thanks!

Phil.

Re: [Qemu-devel] [PATCH 0/2] block: fix nbd-server-stop crash after blockdev-snapshot-sync

[Eric Blake]

On 03/06/2018 02:48 PM, Stefan Hajnoczi wrote:

The blockdev-snapshot-sync command uses bdrv_append() to update all parents to
point at the external snapshot node.  This breaks BlockBackend's
blk_add/remove_aio_context_notifier(), which doesn't expect a BDS change.

Patch 1 fixes this by tracking AioContext notifiers in BlockBackend.

See the test case in Patch 2 for a reproducer.

Stefan Hajnoczi (2):
   block: let blk_add/remove_aio_context_notifier() tolerate BDS changes
   iotests: add 208 nbd-server + blockdev-snapshot-sync test case

  block/block-backend.c  | 63 ++
  block/trace-events |  2 ++
  tests/qemu-iotests/208 | 55 
  tests/qemu-iotests/208.out |  9 +++
  tests/qemu-iotests/group   |  1 +
  5 files changed, 130 insertions(+)
  create mode 100755 tests/qemu-iotests/208
  create mode 100644 tests/qemu-iotests/208.out


Whose tree should this series go through?  MAINTAINERS didn't flag it as 
directly touching any files that normally affect my NBD queue, but given 
that the iotest that reproduces the problem uses NBD, I'm fine if you 
want it to go through me.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCHv1 07/14] target/mips: convert to DisasContextBase

[Philippe Mathieu-Daudé]

On 03/01/2018 07:53 PM, Emilio G. Cota wrote:
> Cc: Aurelien Jarno 
> Cc: Yongbok Kim 
> Signed-off-by: Emilio G. Cota 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  target/mips/translate.c | 346 
> 
>  1 file changed, 175 insertions(+), 171 deletions(-)
> 
> diff --git a/target/mips/translate.c b/target/mips/translate.c
> index a133205..aefd729 100644
> --- a/target/mips/translate.c
> +++ b/target/mips/translate.c
> @@ -1430,17 +1430,15 @@ static TCGv_i64 msa_wr_d[64];
>  } while(0)
>  
>  typedef struct DisasContext {
> -struct TranslationBlock *tb;
> -target_ulong pc, saved_pc;
> +DisasContextBase base;
> +target_ulong saved_pc;
>  uint32_t opcode;
> -int singlestep_enabled;
>  int insn_flags;
>  int32_t CP0_Config1;
>  /* Routine used to access memory */
>  int mem_idx;
>  TCGMemOp default_tcg_memop_mask;
>  uint32_t hflags, saved_hflags;
> -DisasJumpType is_jmp;
>  target_ulong btarget;
>  bool ulri;
>  int kscrexist;
> @@ -1517,8 +1515,9 @@ static const char * const msaregnames[] = {
>  if (MIPS_DEBUG_DISAS) {  
>  \
>  qemu_log_mask(CPU_LOG_TB_IN_ASM, 
>  \
>TARGET_FMT_lx ": %08x Invalid %s %03x %03x 
> %03x\n", \
> -  ctx->pc, ctx->opcode, op, ctx->opcode >> 26,   
>  \
> -  ctx->opcode & 0x3F, ((ctx->opcode >> 16) & 0x1F)); 
>  \
> +  ctx->base.pc_next, ctx->opcode, op,
>  \
> +  ctx->opcode >> 26, ctx->opcode & 0x3F, 
>  \
> +  ((ctx->opcode >> 16) & 0x1F)); 
>  \
>  }
>  \
>  } while (0)
>  
> @@ -1594,9 +1593,9 @@ static inline void gen_save_pc(target_ulong pc)
>  static inline void save_cpu_state(DisasContext *ctx, int do_save_pc)
>  {
>  LOG_DISAS("hflags %08x saved %08x\n", ctx->hflags, ctx->saved_hflags);
> -if (do_save_pc && ctx->pc != ctx->saved_pc) {
> -gen_save_pc(ctx->pc);
> -ctx->saved_pc = ctx->pc;
> +if (do_save_pc && ctx->base.pc_next != ctx->saved_pc) {
> +gen_save_pc(ctx->base.pc_next);
> +ctx->saved_pc = ctx->base.pc_next;
>  }
>  if (ctx->hflags != ctx->saved_hflags) {
>  tcg_gen_movi_i32(hflags, ctx->hflags);
> @@ -1635,7 +1634,7 @@ static inline void generate_exception_err(DisasContext 
> *ctx, int excp, int err)
>  gen_helper_raise_exception_err(cpu_env, texcp, terr);
>  tcg_temp_free_i32(terr);
>  tcg_temp_free_i32(texcp);
> -ctx->is_jmp = DISAS_EXCP;
> +ctx->base.is_jmp = DISAS_EXCP;
>  }
>  
>  static inline void generate_exception(DisasContext *ctx, int excp)
> @@ -2126,7 +2125,7 @@ static void gen_base_offset_addr (DisasContext *ctx, 
> TCGv addr,
>  
>  static target_ulong pc_relative_pc (DisasContext *ctx)
>  {
> -target_ulong pc = ctx->pc;
> +target_ulong pc = ctx->base.pc_next;
>  
>  if (ctx->hflags & MIPS_HFLAG_BMASK) {
>  int branch_bytes = ctx->hflags & MIPS_HFLAG_BDS16 ? 2 : 4;
> @@ -4275,12 +4274,12 @@ static void gen_trap (DisasContext *ctx, uint32_t opc,
>  
>  static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
>  {
> -if (unlikely(ctx->singlestep_enabled)) {
> +if (unlikely(ctx->base.singlestep_enabled)) {
>  return false;
>  }
>  
>  #ifndef CONFIG_USER_ONLY
> -return (ctx->tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
> +return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & 
> TARGET_PAGE_MASK);
>  #else
>  return true;
>  #endif
> @@ -4291,10 +4290,10 @@ static inline void gen_goto_tb(DisasContext *ctx, int 
> n, target_ulong dest)
>  if (use_goto_tb(ctx, dest)) {
>  tcg_gen_goto_tb(n);
>  gen_save_pc(dest);
> -tcg_gen_exit_tb((uintptr_t)ctx->tb + n);
> +tcg_gen_exit_tb((uintptr_t)ctx->base.tb + n);
>  } else {
>  gen_save_pc(dest);
> -if (ctx->singlestep_enabled) {
> +if (ctx->base.singlestep_enabled) {
>  save_cpu_state(ctx, 0);
>  gen_helper_raise_exception_debug(cpu_env);
>  }
> @@ -4317,7 +4316,7 @@ static void gen_compute_branch (DisasContext *ctx, 
> uint32_t opc,
>  if (ctx->hflags & MIPS_HFLAG_BMASK) {
>  #ifdef MIPS_DEBUG_DISAS
>  LOG_DISAS("Branch in delay / forbidden slot at PC 0x"
> -  TARGET_FMT_lx "\n", ctx->pc);
> +  TARGET_FMT_lx "\n", ctx->base.pc_next);
>  #endif
>  generate_exception_end(ctx, EXCP_RI);
>  goto out;
> @@ -4335,7 +4334,7 @@ static void gen_compute_branch (DisasContext *ctx, 
> uint32_t opc,
>  gen_load_gpr(t1, rt);
>  

Re: [Qemu-devel] [PATCH v2] block: make BDRV_POLL_WHILE() re-entrancy safe

[Eric Blake]

On 03/07/2018 06:46 AM, Stefan Hajnoczi wrote:

Nested BDRV_POLL_WHILE() calls can occur.  Currently
assert(!wait_->wakeup) fails in AIO_WAIT_WHILE() when this happens.

This patch converts the bool wait_->need_kick flag to an unsigned
wait_->num_waiters counter.

Nesting works correctly because outer AIO_WAIT_WHILE() callers evaluate
the condition again after the inner caller completes (invoking the inner
caller counts as aio_poll() progress).

Reported-by: "fuweiwei (C)" 
Cc: Paolo Bonzini 
Signed-off-by: Stefan Hajnoczi 
---
v2:
  * Rebase onto qemu.git/master now that AIO_WAIT_WHILE() has landed
[Kevin]

  include/block/aio-wait.h | 61 


Looks big due to whitespace change when column for trailing \ changed. 
Viewing the diff with whitespace ignored made it easier to review.


Reviewed-by: Eric Blake 

diff --git c/include/block/aio-wait.h w/include/block/aio-wait.h
index a48c744fa87..74cde07bef3 100644
--- c/include/block/aio-wait.h
+++ w/include/block/aio-wait.h
@@ -50,8 +50,8 @@
  *   }
  */
 typedef struct {
-/* Is the main loop waiting for a kick?  Accessed with atomic ops. */
-bool need_kick;
+/* Number of waiting AIO_WAIT_WHILE() callers. Accessed with atomic 
ops. */

+unsigned num_waiters;
 } AioWait;

 /**
@@ -84,9 +84,8 @@ typedef struct {
 } else {   \
 assert(qemu_get_current_aio_context() ==   \
qemu_get_aio_context());\
-assert(!wait_->need_kick);  \
-/* Set wait_->need_kick before evaluating cond.  */ \
-atomic_mb_set(_->need_kick, true); \
+/* Increment wait_->num_waiters before evaluating cond. */ \
+atomic_inc(_->num_waiters);   \
 while (busy_) {\
 if ((cond)) {  \
 waited_ = busy_ = true;\
@@ -98,7 +97,7 @@ typedef struct {
 waited_ |= busy_;  \
 }  \
 }  \
-atomic_set(_->need_kick, false);   \
+atomic_dec(_->num_waiters);   \
 }  \
 waited_; })


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCHv1 08/14] target/mips: use *ctx for DisasContext

[Philippe Mathieu-Daudé]

On 03/01/2018 07:53 PM, Emilio G. Cota wrote:
> No changes to the logic here; this is just to make the diff
> that follows easier to read.
> 
> While at it, remove the unnecessary 'struct' in
> 'struct TranslationBlock'.
> 
> Note that checkpatch complains with a false positive:
>   ERROR: space prohibited after that '&' (ctx:WxW)
>   #75: FILE: target/mips/translate.c:20220:
>   +ctx->kscrexist = (env->CP0_Config4 >> CP0C4_KScrExist) & 0xff;
>   ^
> Cc: Aurelien Jarno 
> Cc: Yongbok Kim 
> Signed-off-by: Emilio G. Cota 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  target/mips/translate.c | 166 
> 
>  1 file changed, 84 insertions(+), 82 deletions(-)
> 
> diff --git a/target/mips/translate.c b/target/mips/translate.c
> index aefd729..08bd140 100644
> --- a/target/mips/translate.c
> +++ b/target/mips/translate.c
> @@ -20194,55 +20194,57 @@ static void decode_opc(CPUMIPSState *env, 
> DisasContext *ctx)
>  }
>  }
>  
> -void gen_intermediate_code(CPUState *cs, struct TranslationBlock *tb)
> +void gen_intermediate_code(CPUState *cs, TranslationBlock *tb)
>  {
>  CPUMIPSState *env = cs->env_ptr;
> -DisasContext ctx;
> +DisasContext ctx1;
> +DisasContext *ctx = 
>  target_ulong next_page_start;
>  int max_insns;
>  int insn_bytes;
>  int is_slot;
>  
> -ctx.base.tb = tb;
> -ctx.base.pc_first = tb->pc;
> -ctx.base.pc_next = tb->pc;
> -ctx.base.is_jmp = DISAS_NEXT;
> -ctx.base.singlestep_enabled = cs->singlestep_enabled;
> -ctx.base.num_insns = 0;
> -
> -next_page_start = (ctx.base.pc_first & TARGET_PAGE_MASK) + 
> TARGET_PAGE_SIZE;
> -ctx.saved_pc = -1;
> -ctx.insn_flags = env->insn_flags;
> -ctx.CP0_Config1 = env->CP0_Config1;
> -ctx.btarget = 0;
> -ctx.kscrexist = (env->CP0_Config4 >> CP0C4_KScrExist) & 0xff;
> -ctx.rxi = (env->CP0_Config3 >> CP0C3_RXI) & 1;
> -ctx.ie = (env->CP0_Config4 >> CP0C4_IE) & 3;
> -ctx.bi = (env->CP0_Config3 >> CP0C3_BI) & 1;
> -ctx.bp = (env->CP0_Config3 >> CP0C3_BP) & 1;
> -ctx.PAMask = env->PAMask;
> -ctx.mvh = (env->CP0_Config5 >> CP0C5_MVH) & 1;
> -ctx.eva = (env->CP0_Config5 >> CP0C5_EVA) & 1;
> -ctx.sc = (env->CP0_Config3 >> CP0C3_SC) & 1;
> -ctx.CP0_LLAddr_shift = env->CP0_LLAddr_shift;
> -ctx.cmgcr = (env->CP0_Config3 >> CP0C3_CMGCR) & 1;
> +ctx->base.tb = tb;
> +ctx->base.pc_first = tb->pc;
> +ctx->base.pc_next = tb->pc;
> +ctx->base.is_jmp = DISAS_NEXT;
> +ctx->base.singlestep_enabled = cs->singlestep_enabled;
> +ctx->base.num_insns = 0;
> +
> +next_page_start = (ctx->base.pc_first & TARGET_PAGE_MASK) +
> +TARGET_PAGE_SIZE;
> +ctx->saved_pc = -1;
> +ctx->insn_flags = env->insn_flags;
> +ctx->CP0_Config1 = env->CP0_Config1;
> +ctx->btarget = 0;
> +ctx->kscrexist = (env->CP0_Config4 >> CP0C4_KScrExist) & 0xff;
> +ctx->rxi = (env->CP0_Config3 >> CP0C3_RXI) & 1;
> +ctx->ie = (env->CP0_Config4 >> CP0C4_IE) & 3;
> +ctx->bi = (env->CP0_Config3 >> CP0C3_BI) & 1;
> +ctx->bp = (env->CP0_Config3 >> CP0C3_BP) & 1;
> +ctx->PAMask = env->PAMask;
> +ctx->mvh = (env->CP0_Config5 >> CP0C5_MVH) & 1;
> +ctx->eva = (env->CP0_Config5 >> CP0C5_EVA) & 1;
> +ctx->sc = (env->CP0_Config3 >> CP0C3_SC) & 1;
> +ctx->CP0_LLAddr_shift = env->CP0_LLAddr_shift;
> +ctx->cmgcr = (env->CP0_Config3 >> CP0C3_CMGCR) & 1;
>  /* Restore delay slot state from the tb context.  */
> -ctx.hflags = (uint32_t)ctx.base.tb->flags; /* FIXME: maybe use 64 bits? 
> */
> -ctx.ulri = (env->CP0_Config3 >> CP0C3_ULRI) & 1;
> -ctx.ps = ((env->active_fpu.fcr0 >> FCR0_PS) & 1) ||
> +ctx->hflags = (uint32_t)ctx->base.tb->flags; /* FIXME: maybe use 64 
> bits? */
> +ctx->ulri = (env->CP0_Config3 >> CP0C3_ULRI) & 1;
> +ctx->ps = ((env->active_fpu.fcr0 >> FCR0_PS) & 1) ||
>   (env->insn_flags & (INSN_LOONGSON2E | INSN_LOONGSON2F));
> -ctx.vp = (env->CP0_Config5 >> CP0C5_VP) & 1;
> -ctx.mrp = (env->CP0_Config5 >> CP0C5_MRP) & 1;
> -ctx.nan2008 = (env->active_fpu.fcr31 >> FCR31_NAN2008) & 1;
> -ctx.abs2008 = (env->active_fpu.fcr31 >> FCR31_ABS2008) & 1;
> -restore_cpu_state(env, );
> +ctx->vp = (env->CP0_Config5 >> CP0C5_VP) & 1;
> +ctx->mrp = (env->CP0_Config5 >> CP0C5_MRP) & 1;
> +ctx->nan2008 = (env->active_fpu.fcr31 >> FCR31_NAN2008) & 1;
> +ctx->abs2008 = (env->active_fpu.fcr31 >> FCR31_ABS2008) & 1;
> +restore_cpu_state(env, ctx);
>  #ifdef CONFIG_USER_ONLY
> -ctx.mem_idx = MIPS_HFLAG_UM;
> +ctx->mem_idx = MIPS_HFLAG_UM;
>  #else
> -ctx.mem_idx = hflags_mmu_index(ctx.hflags);
> +ctx->mem_idx = hflags_mmu_index(ctx->hflags);
>  #endif
> -ctx.default_tcg_memop_mask = (ctx.insn_flags & ISA_MIPS32R6) ?
> -   

Re: [Qemu-devel] [PATCHv1 06/14] target/mips: convert to DisasJumpType

[Philippe Mathieu-Daudé]

On 03/01/2018 07:53 PM, Emilio G. Cota wrote:
> Cc: Aurelien Jarno 
> Cc: Yongbok Kim 
> Signed-off-by: Emilio G. Cota 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  target/mips/translate.c | 186 
> +++-
>  1 file changed, 91 insertions(+), 95 deletions(-)
> 
> diff --git a/target/mips/translate.c b/target/mips/translate.c
> index d05ee67..a133205 100644
> --- a/target/mips/translate.c
> +++ b/target/mips/translate.c
> @@ -36,6 +36,7 @@
>  
>  #include "target/mips/trace.h"
>  #include "trace-tcg.h"
> +#include "exec/translator.h"
>  #include "exec/log.h"
>  
>  #define MIPS_DEBUG_DISAS 0
> @@ -1439,7 +1440,7 @@ typedef struct DisasContext {
>  int mem_idx;
>  TCGMemOp default_tcg_memop_mask;
>  uint32_t hflags, saved_hflags;
> -int bstate;
> +DisasJumpType is_jmp;
>  target_ulong btarget;
>  bool ulri;
>  int kscrexist;
> @@ -1460,13 +1461,8 @@ typedef struct DisasContext {
>  bool abs2008;
>  } DisasContext;
>  
> -enum {
> -BS_NONE = 0, /* We go out of the TB without reaching a branch or an
> -  * exception condition */
> -BS_STOP = 1, /* We want to stop translation for any reason */
> -BS_BRANCH   = 2, /* We reached a branch condition */
> -BS_EXCP = 3, /* We reached an exception condition */
> -};
> +#define DISAS_STOP   DISAS_TARGET_0
> +#define DISAS_EXCP   DISAS_TARGET_1
>  
>  static const char * const regnames[] = {
>  "r0", "at", "v0", "v1", "a0", "a1", "a2", "a3",
> @@ -1639,7 +1635,7 @@ static inline void generate_exception_err(DisasContext 
> *ctx, int excp, int err)
>  gen_helper_raise_exception_err(cpu_env, texcp, terr);
>  tcg_temp_free_i32(terr);
>  tcg_temp_free_i32(texcp);
> -ctx->bstate = BS_EXCP;
> +ctx->is_jmp = DISAS_EXCP;
>  }
>  
>  static inline void generate_exception(DisasContext *ctx, int excp)
> @@ -5334,10 +5330,10 @@ static void gen_mfc0(DisasContext *ctx, TCGv arg, int 
> reg, int sel)
>  gen_io_end();
>  }
>  /* Break the TB to be able to take timer interrupts immediately
> -   after reading count. BS_STOP isn't sufficient, we need to 
> ensure
> -   we break completely out of translated code.  */
> +   after reading count. DISAS_STOP isn't sufficient, we need to
> +   ensure we break completely out of translated code.  */
>  gen_save_pc(ctx->pc + 4);
> -ctx->bstate = BS_EXCP;
> +ctx->is_jmp = DISAS_EXCP;
>  rn = "Count";
>  break;
>  /* 6,7 are implementation dependent */
> @@ -5905,7 +5901,7 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int 
> reg, int sel)
>  check_insn(ctx, ISA_MIPS32R2);
>  gen_helper_mtc0_pagegrain(cpu_env, arg);
>  rn = "PageGrain";
> -ctx->bstate = BS_STOP;
> +ctx->is_jmp = DISAS_STOP;
>  break;
>  case 2:
>  CP0_CHECK(ctx->sc);
> @@ -5966,7 +5962,7 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int 
> reg, int sel)
>  case 0:
>  check_insn(ctx, ISA_MIPS32R2);
>  gen_helper_mtc0_hwrena(cpu_env, arg);
> -ctx->bstate = BS_STOP;
> +ctx->is_jmp = DISAS_STOP;
>  rn = "HWREna";
>  break;
>  default:
> @@ -6028,30 +6024,30 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, int 
> reg, int sel)
>  case 0:
>  save_cpu_state(ctx, 1);
>  gen_helper_mtc0_status(cpu_env, arg);
> -/* BS_STOP isn't good enough here, hflags may have changed. */
> +/* DISAS_STOP isn't good enough here, hflags may have changed. */
>  gen_save_pc(ctx->pc + 4);
> -ctx->bstate = BS_EXCP;
> +ctx->is_jmp = DISAS_EXCP;
>  rn = "Status";
>  break;
>  case 1:
>  check_insn(ctx, ISA_MIPS32R2);
>  gen_helper_mtc0_intctl(cpu_env, arg);
>  /* Stop translation as we may have switched the execution mode */
> -ctx->bstate = BS_STOP;
> +ctx->is_jmp = DISAS_STOP;
>  rn = "IntCtl";
>  break;
>  case 2:
>  check_insn(ctx, ISA_MIPS32R2);
>  gen_helper_mtc0_srsctl(cpu_env, arg);
>  /* Stop translation as we may have switched the execution mode */
> -ctx->bstate = BS_STOP;
> +ctx->is_jmp = DISAS_STOP;
>  rn = "SRSCtl";
>  break;
>  case 3:
>  check_insn(ctx, ISA_MIPS32R2);
>  gen_mtc0_store32(arg, offsetof(CPUMIPSState, CP0_SRSMap));
>  /* Stop translation as we may have switched the execution mode */
> -ctx->bstate = BS_STOP;
> +ctx->is_jmp = DISAS_STOP;
>   

Re: [Qemu-devel] [PATCH v2] pc-bios/s390-ccw: Move string arrays from bootmap header to .c file

[Eric Blake]

On 03/06/2018 12:18 AM, Thomas Huth wrote:

bootmap.h can currently only be included once - otherwise the linker
complains about multiple definitions of the "magic" strings.


My first thought when reading that was "Huh? bootmap.h has a proper[*] 
double-inclusion header guard, and therefore a second #include 
"bootmap.h" is a no-op - so how can including the header more than once 
cause a linker complaint?"


[*] Well, proper if you overlook the fact that the name 
_PC_BIOS_S390_CCW_BOOTMAP_H starts with a leading underscore followed by 
uppercase, and is therefore violating namespace safety rules, as it 
could collide with a symbol reserved for the implementation



It's a
bad style to define string arrays in header files, so let's better
move these to the bootmap.c file instead where they are used.


But I finally figured out what you really meant: if more than one .c 
file each include the header (and not my initial reading of a single .c 
file including the header more than once), then since the header was 
declaring non-static top-level variables, that does indeed cause linker 
errors.




Signed-off-by: Thomas Huth 
---
  v2:
  - Removed duplicated vol_desc_magic (copy-n-paste error)

  pc-bios/s390-ccw/bootmap.c | 20 
  pc-bios/s390-ccw/bootmap.h | 19 ---
  2 files changed, 20 insertions(+), 19 deletions(-)


Your change is fine (moving the declaration into the one .c file that 
needs them), so no need to change this, but...



+++ b/pc-bios/s390-ccw/bootmap.h
@@ -375,9 +375,6 @@ static inline void read_iso_boot_image(uint32_t 
block_offset, void *load_addr,
 "Failed to read boot image!");
  }
  
-const uint8_t el_torito_magic[] = "EL TORITO SPECIFICATION"

-  "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";


...would adding 'static' here also solved the linker error (at the risk 
of possibly causing a compiler warning/error about unused variable)?


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH] slirp: disable Nagle in outgoing connections

[Samuel Thibault]

Philippe Mathieu-Daudé, on mer. 07 mars 2018 19:57:28 -0300, wrote:
> Reviewed-by: Philippe Mathieu-Daudé 

Thanks!

[Qemu-devel] [PATCH] nbd/server: Honor FUA request on NBD_CMD_TRIM

[Eric Blake]

The NBD spec states that since trim requests can affect disk contents,
then they should allow for FUA semantics just like writes for ensuring
the disk has settled before returning.  As bdrv_[co_]pdiscard() does
not (yet?) support a flags argument, we can't pass FUA down the block
layer stack, and must therefore emulate it with a flush at the NBD
layer.

Signed-off-by: Eric Blake 
---

Question for Paolo: does ISCSI support the notion of FUA on a
TRIM request (where we could better emulate a guest TRIM request
with FUA all the way through our stack to the NBD server), or is
FUA just for normal writes?  Likewise, are you familiar enough
with the kernel's NBD module to know if the kernel as an NBD client
would ever request FUA on a discard request?

Question for Kevin: should we update the block layer to have a
flag arguments to bdrv_co_pdiscard (right now, the only valid
flag would be BDRV_REQ_FUA, and we'd probably need a
supported_discard_flags in parallel to supported_write_flags),
and implement qemu-io -c 'discard -f' for easily testing the use
of that flag?

Depending on answers to those questions, I may want to spin a
v2 patch that adds flag support throughout the block layer
discard implementation, rather than this patch which just does
it in NBD; but if nothing else, this is the shortest patch
possible to fix the (corner-case?) NBD spec non-compliance.

 nbd/server.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nbd/server.c b/nbd/server.c
index 4990a5826e6..e098da819df 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1623,6 +1623,9 @@ static coroutine_fn void nbd_trip(void *opaque)
 case NBD_CMD_TRIM:
 ret = blk_co_pdiscard(exp->blk, request.from + exp->dev_offset,
   request.len);
+if (ret == 0 && request.flags & NBD_CMD_FLAG_FUA) {
+ret = blk_co_flush(exp->blk);
+}
 if (ret < 0) {
 error_setg_errno(_err, -ret, "discard failed");
 }
-- 
2.14.3

Re: [Qemu-devel] [PATCH] slirp: disable Nagle in outgoing connections

[Philippe Mathieu-Daudé]

On 03/07/2018 07:34 PM, Samuel Thibault wrote:
> Hello,
> 
> Thanks for the Cc.
> 
> I have applied it to my tree.  I don't think there is any reason to
> avoid the same change for ingoing connections?  Could one of your review
> the attached patch doing it?

attached patch:
Reviewed-by: Philippe Mathieu-Daudé 

> 
> Samuel
> 

Re: [Qemu-devel] [PATCH qemu] slirp/debug: Print IP addresses in human readable form

[Samuel Thibault]

Hello,

Remember to Cc the maintainer, I just can't read qemu-devel fully to
find slirp mails.

Thomas Huth, on mer. 07 mars 2018 07:24:16 +0100, wrote:
> >> diff --git a/slirp/arp_table.c b/slirp/arp_table.c
> >> index 3547043..bac608f 100644
> >> --- a/slirp/arp_table.c
> >> +++ b/slirp/arp_table.c
> >> @@ -33,7 +33,7 @@ void arp_table_add(Slirp *slirp, uint32_t ip_addr, 
> >> uint8_t ethaddr[ETH_ALEN])
> >>  int i;
> >>  
> >>  DEBUG_CALL("arp_table_add");
> >> -DEBUG_ARG("ip = 0x%x", ip_addr);
> >> +DEBUG_ARG("ip = %s", inet_ntoa(*(struct in_addr *)_addr));

I never like casts :)
And it happens that the standard doesn't say that s_addr is necessarily
the first field of struct in_addr, so better really initialize a struct
in_addr variable and use that (ditto for arp_table_search and
tcp_listen).

Samuel

Re: [Qemu-devel] [PATCH] slirp: disable Nagle in outgoing connections

[Samuel Thibault]

Hello,

Thanks for the Cc.

I have applied it to my tree.  I don't think there is any reason to
avoid the same change for ingoing connections?  Could one of your review
the attached patch doing it?

Samuel
commit 99a9a5028e0e15aa3b17d6f884c1e5f48dccea90
Author: Samuel Thibault 
Date:   Wed Mar 7 23:29:41 2018 +0100

slirp: disable Nagle in ingoing connections

This follows 3929766fb3e4 ('slirp: disable Nagle in outgoing connections'):
for the same reasons, ingoing connections should have the Nagle algorithm 
disabled.

Signed-off-by: Samuel Thibault 

diff --git a/slirp/socket.c b/slirp/socket.c
index cb7b5b608d..81f67b5702 100644
--- a/slirp/socket.c
+++ b/slirp/socket.c
@@ -754,6 +754,8 @@ tcp_listen(Slirp *slirp, uint32_t haddr, u_int hport, 
uint32_t laddr,
return NULL;
}
qemu_setsockopt(s, SOL_SOCKET, SO_OOBINLINE, , sizeof(int));
+   opt = 1;
+   qemu_setsockopt(s, IPPROTO_TCP, TCP_NODELAY, , sizeof(int));
 
getsockname(s,(struct sockaddr *),);
so->so_ffamily = AF_INET;

Re: [Qemu-devel] [RFC PATCH qemu] slirp: Update forwarding IP address if guest receiver non-default IP

[Samuel Thibault]

Hello,

Thomas Huth, on mer. 07 mars 2018 07:30:29 +0100, wrote:
> On 07.03.2018 04:39, Alexey Kardashevskiy wrote:
> > On 08/02/18 15:29, Alexey Kardashevskiy wrote:
> >> On 01/02/18 20:36, Alexey Kardashevskiy wrote:
> >>> If we run QEMU with -netdev user,id=USER0,hostfwd=tcp::-:22, it starts
> >>> a DHCP server and starts allocating client IPs from 10.0.2.15 so
> >>> this is what the guest normally receives. Since QEMU automatically adds
> >>> the DHCP starting address into the forwarding table, everything works.
> >>> This is the table before guest started:
> >>>
> >>> (qemu) info usernet
> >>> VLAN -1 (USER0):
> >>>   Protocol[State]FD  Source Address  Port   Dest. Address  Port RecvQ 
> >>> SendQ
> >>>   TCP[HOST_FORWARD]  11   *     10.0.2.1522 0 
> >>> 0
> >>>
> >>> However if the guest happens to have DHCP lease (for example, 10.0.2.16),
> >>> the forwarding stops working. The guest can still reach the outer world
> >>> (which is expected).
> >>>
> >>> This updates the forwarding table when QEMU confirms the requested IP
> >>> to the guest.
> >>>
> >>> Signed-off-by: Alexey Kardashevskiy 
> >>> ---
> >>>
> >>> Does this look any useful?
> > 
> > Ping, anyone?
> 
> Maybe you should make sure to put the SLIRP maintainer on CC: ?

That would work much better to catch my attention indeed :)

I'm afraid this will be a nack. What you basically propose is "the last
DHCP lease wins". There can be setups where it is expected that it's the
first DHCP lease which should get the forward, as documented actually
("If guestaddr is not specified, its value is x.x.x.15"). In your case,
you can always set to hostfwd=tcp::-10.0.2.16:22. If your guest
doesn't have predictable DHCP behavior, better use a static IP
assignment rather than introducing into qemu something which looks
rather undefined to me ("last DHCP lease wins").

Samuel

[Qemu-devel] [PATCH v6 05/11] linux-user: fix mmap/munmap/mprotect/mremap/shmat

[Max Filippov]

In linux-user QEMU that runs for a target with TARGET_ABI_BITS bigger
than L1_MAP_ADDR_SPACE_BITS an assertion in page_set_flags fires when
mmap, munmap, mprotect, mremap or shmat is called for an address outside
the guest address space. mmap and mprotect should return ENOMEM in such
case.

Change definition of GUEST_ADDR_MAX to always be the last valid guest
address. Account for this change in open_self_maps.
Add macro guest_addr_valid that verifies if the guest address is valid.
Add function guest_range_valid that verifies if address range is within
guest address space and does not wrap around. Use that macro in
mmap/munmap/mprotect/mremap/shmat for error checking.

Cc: qemu-sta...@nongnu.org
Cc: Riku Voipio 
Cc: Laurent Vivier 
Signed-off-by: Max Filippov 
---
Changes v5->v6:
- drop 'if (len)' clause from guest_range_valid and explicitly compare
  len with GUEST_ADDR_MAX.

Changes v4->v5:
- change definition of GUEST_ADDR_MAX to always be the last valid guest
  address. Account for this change in guest_addr_valid and open_self_maps.
- turn guest_range_valid into a function.

Changes v3->v4:
- change GUEST_ADDR_MAX and h2g_valid definitions as suggested by Laurent
  Vivier.

Changes v2->v3:
- fix comparison in guest_valid: it must be 'less' to preserve the existing
  functionality, not 'less or equal'.
- fix guest_range_valid: it may not use guest_valid, because single range
  that occupies all of the guest address space is valid.

 include/exec/cpu-all.h  |  6 +-
 include/exec/cpu_ldst.h | 16 +++-
 linux-user/mmap.c   | 20 +++-
 linux-user/syscall.c|  5 -
 4 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 0b141683f095..f4fa94e9669d 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -159,8 +159,12 @@ extern unsigned long guest_base;
 extern int have_guest_base;
 extern unsigned long reserved_va;
 
-#define GUEST_ADDR_MAX (reserved_va ? reserved_va : \
+#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
+#define GUEST_ADDR_MAX (~0ul)
+#else
+#define GUEST_ADDR_MAX (reserved_va ? reserved_va - 1 : \
 (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1)
+#endif
 #else
 
 #include "exec/hwaddr.h"
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 191f2e962a3c..5de8c8a5afeb 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -51,15 +51,13 @@
 /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
 #define g2h(x) ((void *)((unsigned long)(target_ulong)(x) + guest_base))
 
-#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
-#define h2g_valid(x) 1
-#else
-#define h2g_valid(x) ({ \
-unsigned long __guest = (unsigned long)(x) - guest_base; \
-(__guest < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \
-(!reserved_va || (__guest < reserved_va)); \
-})
-#endif
+#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)
+#define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base)
+
+static inline int guest_range_valid(unsigned long start, unsigned long len)
+{
+return len - 1 <= GUEST_ADDR_MAX && start <= GUEST_ADDR_MAX - len + 1;
+}
 
 #define h2g_nocheck(x) ({ \
 unsigned long __ret = (unsigned long)(x) - guest_base; \
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 0fbfd6dff20d..df81f9b803b6 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -80,8 +80,9 @@ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
 return -EINVAL;
 len = TARGET_PAGE_ALIGN(len);
 end = start + len;
-if (end < start)
-return -EINVAL;
+if (!guest_range_valid(start, len)) {
+return -ENOMEM;
+}
 prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
 if (len == 0)
 return 0;
@@ -481,8 +482,8 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int 
prot,
 * It can fail only on 64-bit host with 32-bit target.
 * On any other target/host host mmap() handles this error correctly.
 */
-if ((unsigned long)start + len - 1 > (abi_ulong) -1) {
-errno = EINVAL;
+if (!guest_range_valid(start, len)) {
+errno = ENOMEM;
 goto fail;
 }
 
@@ -622,8 +623,10 @@ int target_munmap(abi_ulong start, abi_ulong len)
 if (start & ~TARGET_PAGE_MASK)
 return -EINVAL;
 len = TARGET_PAGE_ALIGN(len);
-if (len == 0)
+if (len == 0 || !guest_range_valid(start, len)) {
 return -EINVAL;
+}
+
 mmap_lock();
 end = start + len;
 real_start = start & qemu_host_page_mask;
@@ -678,6 +681,13 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong 
old_size,
 int prot;
 void *host_addr;
 
+if (!guest_range_valid(old_addr, old_size) ||
+((flags & MREMAP_FIXED) &&
+ !guest_range_valid(new_addr, new_size))) {
+errno = ENOMEM;
+return -1;
+}
+
 

Re: [Qemu-devel] [PATCH v4 00/37] x-blockdev-create for protocols and qcow2

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180307185946.29366-1-kw...@redhat.com
Subject: [Qemu-devel] [PATCH v4 00/37] x-blockdev-create for protocols and qcow2

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   patchew/20180307185946.29366-1-kw...@redhat.com -> 
patchew/20180307185946.29366-1-kw...@redhat.com
 t [tag update]patchew/cover.1520352600.git.be...@igalia.com -> 
patchew/cover.1520352600.git.be...@igalia.com
Switched to a new branch 'test'
31a3009b18 qemu-iotests: Test ssh image creation over QMP
04d93a3d4f qemu-iotests: Test qcow2 over file image creation with QMP
4d44559176 block: Fail bdrv_truncate() with negative size
199d11005c file-posix: Fix no-op bdrv_truncate() with falloc preallocation
6d9de3491a ssh: Support .bdrv_co_create
38e4ea119c ssh: Pass BlockdevOptionsSsh to connect_to_ssh()
09a94b57cf ssh: QAPIfy host-key-check option
78fe031228 ssh: Use QAPI BlockdevOptionsSsh object
a43d55b0fe sheepdog: Support .bdrv_co_create
5c16d28edd sheepdog: QAPIfy "redundancy" create option
827ffe113c nfs: Support .bdrv_co_create
4c6f72aa3d nfs: Use QAPI options in nfs_client_open()
cb68550d50 rbd: Use qemu_rbd_connect() in qemu_rbd_do_create()
6534001b69 rbd: Assign s->snap/image_name in qemu_rbd_open()
016039e274 rbd: Support .bdrv_co_create
0fae0f1e6b rbd: Pass BlockdevOptionsRbd to qemu_rbd_connect()
0493c80f19 rbd: Remove non-schema options from runtime_opts
b5e3a19199 rbd: Factor out qemu_rbd_connect()
9f5e2db035 rbd: Fix use after free in qemu_rbd_set_keypairs() error path
a6fe11e442 gluster: Support .bdrv_co_create
8dd9c3 file-win32: Support .bdrv_co_create
561c7126e2 file-posix: Support .bdrv_co_create
61c550d7b9 block: x-blockdev-create QMP command
a349d435e7 block: Make bdrv_is_whitelisted() public
da8d4fde95 qcow2: Use visitor for options in qcow2_create()
0c6082fa17 qdict: Introduce qdict_rename_keys()
54130ce09d test-qemu-opts: Test qemu_opts_to_qdict_filtered()
4876bce8c0 test-qemu-opts: Test qemu_opts_append()
e7a13d4c34 util: Add qemu_opts_to_qdict_filtered()
200a661b86 qcow2: Handle full/falloc preallocation in qcow2_co_create()
b5d9f42cf2 qcow2: Use QCryptoBlockCreateOptions in qcow2_co_create()
070c5be70c qcow2: Use BlockdevRef in qcow2_co_create()
b908bbca7a qcow2: Pass BlockdevCreateOptions to qcow2_co_create()
4339d9e11b qcow2: Let qcow2_create() handle protocol layer
d4b04ac240 qcow2: Rename qcow2_co_create2() to qcow2_co_create()
ada0274302 block/qapi: Add qcow2 create options to schema
ab0ff60240 block/qapi: Introduce BlockdevCreateOptions

=== OUTPUT BEGIN ===
Checking PATCH 1/37: block/qapi: Introduce BlockdevCreateOptions...
Checking PATCH 2/37: block/qapi: Add qcow2 create options to schema...
Checking PATCH 3/37: qcow2: Rename qcow2_co_create2() to qcow2_co_create()...
Checking PATCH 4/37: qcow2: Let qcow2_create() handle protocol layer...
Checking PATCH 5/37: qcow2: Pass BlockdevCreateOptions to qcow2_co_create()...
Checking PATCH 6/37: qcow2: Use BlockdevRef in qcow2_co_create()...
Checking PATCH 7/37: qcow2: Use QCryptoBlockCreateOptions in 
qcow2_co_create()...
Checking PATCH 8/37: qcow2: Handle full/falloc preallocation in 
qcow2_co_create()...
Checking PATCH 9/37: util: Add qemu_opts_to_qdict_filtered()...
Checking PATCH 10/37: test-qemu-opts: Test qemu_opts_append()...
Checking PATCH 11/37: test-qemu-opts: Test qemu_opts_to_qdict_filtered()...
WARNING: line over 80 characters
#156: FILE: tests/test-qemu-opts.c:1015:
+g_test_add_func("/qemu-opts/to_qdict/filtered", 
test_opts_to_qdict_filtered);

WARNING: line over 80 characters
#157: FILE: tests/test-qemu-opts.c:1016:
+g_test_add_func("/qemu-opts/to_qdict/duplicates", 
test_opts_to_qdict_duplicates);

total: 0 errors, 2 warnings, 143 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 12/37: qdict: Introduce qdict_rename_keys()...
Checking PATCH 13/37: qcow2: Use visitor for options in qcow2_create()...
Checking PATCH 14/37: block: Make bdrv_is_whitelisted() public...
Checking PATCH 15/37: block: x-blockdev-create QMP command...
Checking PATCH 16/37: file-posix: Support .bdrv_co_create...
Checking PATCH 17/37: file-win32: Support .bdrv_co_create...
Checking PATCH 18/37: 

[Qemu-devel] [PATCH] ppc440_pcix: Add dummy implementation of BRDGOPT registers

[BALATON Zoltan]

I don't know what should be the correct implementation for these so
these are just stored and returned as is without doing anything for
now only to silence warnings when u-boot accesses these registers.

Signed-off-by: BALATON Zoltan 
---
 hw/ppc/ppc440_pcix.c | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/hw/ppc/ppc440_pcix.c b/hw/ppc/ppc440_pcix.c
index ab2626a..3f177d3 100644
--- a/hw/ppc/ppc440_pcix.c
+++ b/hw/ppc/ppc440_pcix.c
@@ -55,6 +55,8 @@ typedef struct PPC440PCIXState {
 PCIDevice *dev;
 struct PLBOutMap pom[PPC440_PCIX_NR_POMS];
 struct PLBInMap pim[PPC440_PCIX_NR_PIMS];
+uint32_t brdgopt1;
+uint32_t brdgopt2;
 uint32_t sts;
 qemu_irq irq[PCI_NUM_PINS];
 AddressSpace bm_as;
@@ -95,6 +97,8 @@ typedef struct PPC440PCIXState {
 #define PCIX0_PIM0SAH   0xf8
 #define PCIX0_PIM2SAH   0xfc
 
+#define PCIX0_BRDGOPT1  0x40
+#define PCIX0_BRDGOPT2  0x44
 #define PCIX0_STS   0xe0
 
 #define PCI_ALL_SIZE(PPC440_REG_BASE + PPC440_REG_SIZE)
@@ -270,6 +274,12 @@ static void ppc440_pcix_reg_write4(void *opaque, hwaddr 
addr,
 ppc440_pcix_update_pim(s, 2);
 break;
 
+case PCIX0_BRDGOPT1:
+s->brdgopt1 = val;
+break;
+case PCIX0_BRDGOPT2:
+s->brdgopt2 = val;
+break;
 case PCIX0_STS:
 s->sts = val;
 break;
@@ -365,6 +375,12 @@ static uint64_t ppc440_pcix_reg_read4(void *opaque, hwaddr 
addr,
 val = s->pim[2].la >> 32;
 break;
 
+case PCIX0_BRDGOPT1:
+val = s->brdgopt1;
+break;
+case PCIX0_BRDGOPT2:
+val = s->brdgopt2;
+break;
 case PCIX0_STS:
 val = s->sts;
 break;
@@ -408,6 +424,8 @@ static void ppc440_pcix_reset(DeviceState *dev)
 for (i = 0; i < PPC440_PCIX_NR_PIMS; i++) {
 s->pim[i].sa = 0xULL;
 }
+s->brdgopt1 = 0;
+s->brdgopt2 = 0;
 s->sts = 0;
 }
 
-- 
2.7.6

Re: [Qemu-devel] [PATCHv1 00/14] Translation loop conversion for sh4/sparc/mips/s390x/openrisc targets

[Mark Cave-Ayland]

On 05/03/18 22:43, Emilio G. Cota wrote:


On Mon, Mar 05, 2018 at 21:58:52 +, Mark Cave-Ayland wrote:

I don't have enough knowledge of TCG internals to review this myself,
however I can run it through my complete set of OpenBIOS test images for
qemu-system-sparc and qemu-system-sparc64 if that helps?


That would be appreciated -- I only tested sparc64 by booting a NetBSD
guest.


Hi Emilio,

I've given this a run through all my OpenBIOS test images for 
qemu-system-sparc and qemu-system-sparc64 (including single-stepping via 
gdb) and everything appears to be working fine using your trloop-conv-v1

branch.

Whilst I don't know enough about TCG to be able to review this patch, 
for the sparc/sparc64 parts:


Tested-by: Mark Cave-Ayland 


ATB,

Mark.

Re: [Qemu-devel] [Qemu-block] Limiting coroutine stack usage

[Peter Lieven]

Am 06.03.2018 um 12:51 schrieb Stefan Hajnoczi:
> On Tue, Feb 20, 2018 at 06:04:02PM +0100, Peter Lieven wrote:
>> I remember we discussed a long time ago to limit the stack usage of all 
>> functions that are executed in a coroutine
>> context to a very low value to be able to safely limit the coroutine stack 
>> size as well.
>>
>> I checked through all functions in block/, migration/ and nbd/ and there are 
>> only very few larger or unbound stack
>> allocations that can easily be fixed.
>>
>> Now my question: Is there an easy way to add a cflag like -Wstack-usage=2048 
>> to all objects in a given directory only?
>> I tried to add a llimit to the whole project, but fixing this will be a 
>> larger task.
> 2KB is fine for QEMU code but actual coroutine stack sizes will have to
> be at least 8KB, I guess, in order for third-party libraries to work
> (e.g. curl, rbd).  PATH_MAX is 4KB on Linux.
>
> Nested event loops in QEMU code can also result in deep call stacks.
> This happens when aio_poll() invokes an fd handler or BH that also
> invokes aio_poll().

The plan was to limit the stack usage only as a compiler option. I would leave 
the coroutine stack size at 1MB
for now until we have a way to identify the worst case usage.

Peter

Re: [Qemu-devel] [Qemu-block] block migration and MAX_IN_FLIGHT_IO

[Peter Lieven]

Am 07.03.2018 um 10:47 schrieb Stefan Hajnoczi:
> On Wed, Mar 7, 2018 at 7:55 AM, Peter Lieven  wrote:
>> Am 06.03.2018 um 17:35 schrieb Peter Lieven:
>>> Am 06.03.2018 um 17:07 schrieb Stefan Hajnoczi:
 On Mon, Mar 05, 2018 at 02:52:16PM +, Dr. David Alan Gilbert wrote:
> * Peter Lieven (p...@kamp.de) wrote:
>> Am 05.03.2018 um 12:45 schrieb Stefan Hajnoczi:
>>> On Thu, Feb 22, 2018 at 12:13:50PM +0100, Peter Lieven wrote:
 I stumbled across the MAX_INFLIGHT_IO field that was introduced in 
 2015 and was curious what was the reason
 to choose 512MB as readahead? The question is that I found that the 
 source VM gets very unresponsive I/O wise
 while the initial 512MB are read and furthermore seems to stay 
 unreasponsive if we choose a high migration speed
 and have a fast storage on the destination VM.

 In our environment I modified this value to 16MB which seems to work 
 much smoother. I wonder if we should make
 this a user configurable value or define a different rate limit for 
 the block transfer in bulk stage at least?
>>> I don't know if benchmarks were run when choosing the value.  From the
>>> commit description it sounds like the main purpose was to limit the
>>> amount of memory that can be consumed.
>>>
>>> 16 MB also fulfills that criteria :), but why is the source VM more
>>> responsive with a lower value?
>>>
>>> Perhaps the issue is queue depth on the storage device - the block
>>> migration code enqueues up to 512 MB worth of reads, and guest I/O has
>>> to wait?
>> That is my guess. Especially if the destination storage is faster we 
>> basically alsways have
>> 512 I/Os in flight on the source storage.
>>
>> Does anyone mind if the reduce that value to 16MB or do we need a better 
>> mechanism?
> We've got migration-parameters these days; you could connect it to one
> of those fairly easily I think.
> Try: grep -i 'cpu[-_]throttle[-_]initial'  for an example of one that's
> already there.
> Then you can set it to whatever you like.
 It would be nice to solve the performance problem without adding a
 tuneable.

 On the other hand, QEMU has no idea what the queue depth of the device
 is.  Therefore it cannot prioritize guest I/O over block migration I/O.

 512 parallel requests is much too high.  Most parallel I/O benchmarking
 is done at 32-64 queue depth.

 I think that 16 parallel requests is a reasonable maximum number for a
 background job.

 We need to be clear though that the purpose of this change is unrelated
 to the original 512 MB memory footprint goal.  It just happens to touch
 the same constant but the goal is now to submit at most 16 I/O requests
 in parallel to avoid monopolizing the I/O device.
>>> I think we should really look at this. The variables that control if we 
>>> stay in the while loop or not are incremented and decremented
>>> at the following places:
>>>
>>> mig_save_device_dirty:
>>> mig_save_device_bulk:
>>> block_mig_state.submitted++;
>>>
>>> blk_mig_read_cb:
>>> block_mig_state.submitted--;
>>> block_mig_state.read_done++;
>>>
>>> flush_blks:
>>> block_mig_state.read_done--;
>>>
>>> The condition of the while loop is:
>>> (block_mig_state.submitted +
>>> block_mig_state.read_done) * BLOCK_SIZE <
>>>qemu_file_get_rate_limit(f) &&
>>>(block_mig_state.submitted +
>>> block_mig_state.read_done) <
>>>MAX_INFLIGHT_IO)
>>>
>>> At first I wonder if we ever reach the rate-limit because we put the read 
>>> buffers onto f AFTER we exit the while loop?
>>>
>>> And even if we reach the limit we constantly maintain 512 I/Os in parallel 
>>> because we immediately decrement read_done
>>> when we put the buffers to f in flush_blks. In the next iteration of the 
>>> while loop we then read again until we have 512 in-flight I/Os.
>>>
>>> And shouldn't we have a time limit to limit the time we stay in the while 
>>> loop? I think we artificially delay sending data to f?
>> Thinking about it for a while I would propose the following:
>>
>> a) rename MAX_INFLIGHT_IO to MAX_IO_BUFFERS
>> b) add MAX_PARALLEL_IO with a value of 16
>> c) compare qemu_file_get_rate_limit only with block_mig_state.read_done
>>
>> This would yield in the following condition for the while loop:
>>
>> (block_mig_state.read_done * BLOCK_SIZE < qemu_file_get_rate_limit(f) &&
>>  (block_mig_state.submitted + block_mig_state.read_done) < MAX_IO_BUFFERS &&
>>  block_mig_state.submitted < MAX_PARALLEL_IO)
>>
>> Sounds that like a plan?
> That sounds good to me.

I will prepare patches for this.

Peter

Re: [Qemu-devel] [PATCH v11 00/28] x86: Secure Encrypted Virtualization (AMD)

[Brijesh Singh]

Hi,

I have root caused and fixed the build issue seen with mingw32 compiler,
the patch is very trivial (see below).

I am looking for direction on how to submit the fix, should I resubmit
the whole series or just send the updated  patch marked as "Patch v11.1
..." ? The "patch v11 11/28" included these headers in sev_i386.h, we
need to move them in sev.c to fix this issue.

thanks

---

diff --git a/target/i386/sev.c b/target/i386/sev.c
index f838cf7e3720..826bdff7bf2e 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -11,6 +11,11 @@
  *
  */
 
+#include 
+#include 
+
+#include 
+
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qom/object_interfaces.h"
diff --git a/target/i386/sev_i386.h b/target/i386/sev_i386.h
index cd802e4b4178..b8622dfb1e49 100644
--- a/target/i386/sev_i386.h
+++ b/target/i386/sev_i386.h
@@ -14,11 +14,6 @@
 #ifndef QEMU_SEV_I386_H
 #define QEMU_SEV_I386_H
 
-#include 
-#include 
-
-#include 
-
 #include "qom/object.h"
 #include "qapi/error.h"
 #include "sysemu/kvm.h"



On 3/7/18 11:24 AM, no-re...@patchew.org wrote:
> Hi,
>
> This series failed docker-mingw@fedora build test. Please find the testing 
> commands and
> their output below. If you have Docker installed, you can probably reproduce 
> it
> locally.
>
> Type: series
> Message-id: 20180307165038.88640-1-brijesh.si...@amd.com
> Subject: [Qemu-devel] [PATCH v11 00/28] x86: Secure Encrypted Virtualization 
> (AMD)
>
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> set -e
> git submodule update --init dtc
> # Let docker tests dump environment info
> export SHOW_ENV=1
> export J=8
> time make docker-test-mingw@fedora
> === TEST SCRIPT END ===
>
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> Switched to a new branch 'test'
> 4fbea75df6 tests/qmp-test: blacklist sev specific qmp commands
> dee06afe23 sev/i386: add sev_get_capabilities()
> 4bc4467cbd qmp: add query-sev-capabilities command
> b96190fd71 cpu/i386: populate CPUID 0x8000_001F when SEV is active
> 3c60cdc4ec sev/i386: add migration blocker
> a9ab0a27b2 qmp: add query-sev-launch-measure command
> 7a9005e7b3 target/i386: clear C-bit when walking SEV guest page table
> 1758f0ec5d sev/i386: add debug encrypt and decrypt commands
> 31a61f5fe9 hw/i386: set ram_debug_ops when memory encryption is enabled
> 346e90b176 sev/i386: finalize the SEV guest launch flow
> 38cf6ff868 sev/i386: add support to LAUNCH_MEASURE command
> a9df6d98ec target/i386: encrypt bios rom
> baa46b9faf sev/i386: add command to encrypt guest memory region
> 41354b73a4 sev/i386: add command to create launch memory encryption context
> 4d35f32583 hmp: add 'info sev' command
> 16598f2cc1 kvm: introduce memory encryption APIs
> 36b000c77c sev/i386: register the guest memory range which may contain 
> encrypted data
> 435a482830 sev/i386: add command to initialize the memory encryption context
> 1c37bac2fa include: add psp-sev.h header file
> ea9d68aad5 qmp: add query-sev command
> e85ff63940 target/i386: add Secure Encrypted Virtulization (SEV) object
> 9605c92f32 docs: add AMD Secure Encrypted Virtualization (SEV)
> 52514277fb kvm: update kvm.h to include memory encryption ioctls
> 2398a21fbd machine: add -memory-encryption property
> 40ba67a92d monitor/i386: use debug APIs when accessing guest memory
> 7a060f2310 exec: add debug version of physical memory read and write API
> 6533e78730 exec: add ram_debug_ops support
> 94ffe21118 memattrs: add debug attribute
>
> === OUTPUT BEGIN ===
> Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
> Cloning into '/var/tmp/patchew-tester-tmp-99e1alq5/src/dtc'...
> Submodule path 'dtc': checked out 'e54388015af1fb4bf04d0bca99caba1074d9cc42'
>   BUILD   fedora
> make[1]: Entering directory '/var/tmp/patchew-tester-tmp-99e1alq5/src'
>   GEN 
> /var/tmp/patchew-tester-tmp-99e1alq5/src/docker-src.2018-03-07-12.18.40.16945/qemu.tar
> Cloning into 
> '/var/tmp/patchew-tester-tmp-99e1alq5/src/docker-src.2018-03-07-12.18.40.16945/qemu.tar.vroot'...
> done.
> Checking out files:  45% (2690/5948)   
> Checking out files:  46% (2737/5948)   
> Checking out files:  47% (2796/5948)   
> Checking out files:  48% (2856/5948)   
> Checking out files:  49% (2915/5948)   
> Checking out files:  50% (2974/5948)   
> Checking out files:  51% (3034/5948)   
> Checking out files:  52% (3093/5948)   
> Checking out files:  53% (3153/5948)   
> Checking out files:  54% (3212/5948)   
> Checking out files:  55% (3272/5948)   
> Checking out files:  56% (3331/5948)   
> Checking out files:  57% (3391/5948)   
> Checking out files:  58% (3450/5948)   
> Checking out files:  59% (3510/5948)   
> Checking out files:  60% (3569/5948)   
> Checking out files:  61% (3629/5948)   
> Checking out files:  62% (3688/5948)   
> Checking out files:  63% (3748/5948)   
> Checking out files:  64% (3807/5948)   
> Checking out files:  65% (3867/5948)   
> Checking out files:  66% (3926/5948)   
> Checking out files:  67% (3986/5948)   
> Checking out 

Re: [Qemu-devel] [PATCH 0/2] vmmouse: convert qdev pointer property to QOM link relationship

[Philippe Mathieu-Daudé]

Hi Zihan Yang,

On 03/07/2018 01:55 PM, Zihan Yang wrote:
>  Hi all, this is a bitesized patch from me a while ago, it seems a little
> old but I wonder if there is any opinion about it? Is it still valid?

For a single TYPE use, I'm not sure use a specific header is useful
(patch #1).
The 2nd patch looks valid to me but I'm not a QOM link expert.

> 
> Thanks.
> 
> 2018-02-04 15:28 GMT+08:00 Zihan Yang :
> 
>> The ps2_mouse property of vmmouse is still pointer type which
>> is defined by DEFINE_PROP_PTR. But qdev pointer property should
>> be avoided according to qdev-properties.h. Convert it to
>> QOM link relationship.
>>
>> It involves two patches because it requires the TYPE_I8042
>> macro which is defined in another file. The first patch put
>> this macro into a single header file so that the macro can
>> be used elsewhere. The second patch does the actual work.
>>
>> Zihan Yang (2):
>>   hw/input/pckdb: put TYPE_I8042 into a single header file
>>   vmmouse: change qdev pointer property to qom link
>>
>>  hw/i386/pc.c  |  2 +-
>>  hw/i386/vmmouse.c | 19 ---
>>  hw/input/pckbd.c  |  2 +-
>>  hw/input/pckbd.h  |  6 ++
>>  4 files changed, 20 insertions(+), 9 deletions(-)
>>  create mode 100644 hw/input/pckbd.h
>>
>> --
>> 2.7.4
>>
>>

[Qemu-devel] [Bug 1726733] Re: ‘qemu-img info replication:’ causes segfault

[Fabiano Rosas]

** Changed in: qemu
 Assignee: (unassigned) => Fabiano Rosas (farosas)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1726733

Title:
  ‘qemu-img info replication:’ causes segfault

Status in QEMU:
  New

Bug description:
  Typing the literal command ‘qemu-img info replication:’ causes a
  segfault.  Note that ‘replication:’ is not a filename.

  $ ./qemu-img info replication:
  qemu-img: block.c:2609: bdrv_open_inherit: Assertion `!!(flags & 
BDRV_O_PROTOCOL) == !!drv->bdrv_file_open' failed.
  Aborted (core dumped)

  This was originally found by Han Han and reported in Fedora:
  https://bugzilla.redhat.com/show_bug.cgi?id=1505652

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1726733/+subscriptions

[Qemu-devel] [Bug 1754038] Re: ARM M: Systick first wrap delayed (qemu-timers/icount prb?)

[Peter Maydell]

OK, I will see if I can find some time to investigate this. Can you
attach your guest binary, please?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1754038

Title:
  ARM M: Systick first wrap delayed (qemu-timers/icount prb?)

Status in QEMU:
  New

Bug description:
  When running this kind of code with qemu:

  static void SysTickISR(void)
  {
printf("SysTick\n");
  }

  void main()
  {
volatile int i, j;
printf("setup timer\n");
*(uint32_t*) 0xE000E014 = 0x8F; //reload value
*(uint32_t*) 0xE000E018 = 0;//force reload
*(uint32_t*) 0xE000E010 = 7;//cpu clk + ISR + enable 

for (j = 0; j < 0x100; j++) {
for (i = 0; i < 0x10; i++)
;
printf("cnt %08x  -- %8x\n", *(uint32_t*) 0xE000E018, 
*(uint32_t*)0xE000E010);
}
  }

  I get the following output (comments added after '#'):

  setup timer
  cnt 007a  --7
  cnt 006998a2  --7
  cnt 00566479  --7
  cnt 0043304f  --7
  cnt 002ffc26  --7
  cnt 001cc7fd  --7
  cnt 000993d5  --7
  cnt   --7  <--- problem here, systick should wrap and raise 
isr
  cnt   --7
  cnt   --7
  cnt   --7
  cnt   --7
  cnt   --7
  cnt   --7
  cnt   --7
  cnt   --7
  cnt   --7
  cnt   --7
  cnt   --7
  cnt   --7
  cnt   --7
  SysTick <--- delayed isr occuring here
  cnt 000986e0  --10007
  SysTick
  cnt 00865290  --10007   < then running fine as long as regs not 
modified
  cnt 00731e51  --7
  cnt 005fea27  --7
  cnt 004cb5ff  --7
  cnt 003981d6  --7
  cnt 00264dad  --7
  cnt 00131984  --7
  SysTick
  cnt 008fe545  --10007
  cnt 007cb106  --7
  cnt 00697cdd  --7
  cnt 005648b4  --7
  cnt 0043148b  --7
  cnt 002fe061  --7
  cnt 001cac38  --7
  cnt 00097810  --7
  SysTick
  cnt 008643d6  --10007
  cnt 00730f97  --7
  cnt 005fdb6d  --7
  cnt 004ca745  --7
  cnt 0039731c  --7
  cnt 00263ef3  --7
  cnt 00130aca  --7
  SysTick
  cnt 008fd68b  --10007
  cnt 007ca24c  --7
  cnt 00696e23  --7
  cnt 005639fa  --7
  cnt 004305d1  --7
  cnt 002fd1a8  --7
  cnt 001c9d7f  --7
  cnt 00096956  --7
  SysTick
  cnt 0086351d  --10007
  cnt 007300dd  --7
  cnt 005fccb4  --7
  cnt 004c988c  --7
  cnt 00396463  --7
  cnt 00263039  --7
  cnt 0012fc10  --7
  [...]

  Command line and version:
  qemu-system-arm -M lm3s6965evb -nographic -kernel hello.bin -monitor stdio 
-serial file:/dev/pts/6 -icount 4 -cpu cortex-m4
  QEMU 2.11.50

  I am compiling from git repo, head is:
  commit f32408f3b472a088467474ab152be3b6285b2d7b
  Author: Daniel P. Berrangé 
  Date:   Tue Mar 6 13:43:17 2018 +

  Config options:
  ./configure --target-list=arm-softmmu --enable-debug --disable-slirp 
--enable-tcg-interpreter --disable-blobs --disable-docs --disable-guest-agent 
--disable-gnutls --disable-nettle --disable-gcrypt --disable-sdl --disable-gtk 
--disable-vnc --disable-virtfs --disable-mpath --disable-xen --disable-brlapi 
--disable-curl --disable-bluez --disable-kvm --disable-hax --disable-hvf 
--disable-whpx --disable-rdma --disable-vde --disable-netmap 
--disable-linux-aio --disable-cap-ng --disable-attr --disable-vhost-net 
--disable-spice --disable-rbd --disable-libiscsi --disable-libnfs 
--disable-smartcard --disable-libusb --disable-live-block-migration 
--disable-usb-redir --disable-lzo --disable-snappy --disable-bzip2 
--disable-seccomp --disable-glusterfs --disable-tpm --disable-libssh2 
--disable-numa --disable-libxml2 --disable-tcmalloc --disable-jemalloc 
--disable-replication --disable-vhost-vsock --disable-opengl 
--disable-virglrenderer --disable-xfsctl --disable-qom-cast-debug 
--disable-vxhs --disable-crypto-afalg --disable-vhost-user --disable-capstone 
--disable-pie --extra-cflags=-mtune=native

  
  Not working with git tag 2.10.0 (almost same config)

  Working with stock qemu-arm 2.5.0 from Ubuntu 16.04.

  I started investigating, though I am not familiar with qemu code and I
  could see that the execution is not geting out of
  qemu_tcg_rr_cpu_thread_fn() 'while' loop and timers are not triggered
  because the values in cpu->icount_extra or cpu->icount_budget are not
  to modified accordingly after the timer is set (host side) when the
  systick register is written (target side).

To manage notifications about this bug go to:

Re: [Qemu-devel] [PATCH v5 05/11] linux-user: fix mmap/munmap/mprotect/mremap/shmat

[Laurent Vivier]

Le 07/03/2018 à 18:45, Max Filippov a écrit :
> On Wed, Mar 7, 2018 at 2:08 AM, Laurent Vivier  wrote:
>>> +static inline int guest_range_valid(unsigned long start, unsigned long len)
>>> +{
>>> +if (len)
>>> +return guest_addr_valid(len - 1) && start <= GUEST_ADDR_MAX - len 
>>> + 1;
>>> +else
>>> +return guest_addr_valid(start);
>>> +}
>>
>> I think we can consider len == 0 is invalid and use only:
>>
>>   return start + (len - 1) <= GUEST_ADDR_MAX;
> 
> start + len - 1 may wrap around, that's why I first validate len and then have
> len at the right side of the comparison. I.e. if we drop check for len == 0 
> I'd
> still write it as
> 
>   guest_addr_valid(len - 1) && start <= GUEST_ADDR_MAX - len + 1;
> 

Yes, you're right.

it would be clearer to write:

len - 1 <= GUEST_ADDR_MAX && start <= GUEST_ADDR_MAX - len + 1;

but it's only cosmetic.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands

[Dr. David Alan Gilbert]

* Brijesh Singh (brijesh.si...@amd.com) wrote:
> 
> 
> On 3/7/18 12:24 PM, Dr. David Alan Gilbert wrote:
> > * Brijesh Singh (brijesh.si...@amd.com) wrote:
> >>
> >> On 03/07/2018 11:27 AM, Dr. David Alan Gilbert wrote:
> >>
> >> [...]
> >>
>  +{
>  +SEVState *s = (SEVState *)handle;
>  +
>  +/* If policy does not allow debug then no need to register ops */
>  +if (s->policy & SEV_POLICY_NODBG) {
>  +return;
>  +}
> >>> So what happens if someone tries to use a gdb or monitor command when
> >>> policy didn't allow debug?  Does it end up with an obvious error
> >>> somehow?
> >>>
> >> In those cases caller will get encrypted bytes, leading to unintelligible
> >> data. It can sometime translate into  obvious errors e.g caller tries to
> >> walk guest pagtable and it gets garbage and will have trouble dumping the
> >> pgtables etc. Many times qemu calls ldphys_* functions to access the data 
> >> it
> >> may get tricky to report the errors.
> > So would it make sense to have something like:
> >
> > sev_mem_cant_read(uint8_t *dst, const uint8_t *src, uint32_t len, 
> > MemTxAttrs attrs)
> > {
> > error_report("SEV Guest policy does not allow debug access");
> >
> > return -EPERM;
> > }
> 
> In very early patches we had something similar but I was not sure  if
> that was right thing. Any debug accesses were  printing ton of messages

OK, if it would generate silly amounts of debug then leave it as is;
but I bet it'll confuse someone in the future when they try and dig
through it for debug without realising SEV-debug is there!

Dave

> and also in some case caller actually wants to dump the memory content
> (e.g x /10gx 0x000).. what we should return in those cases ? In my
> approach was if debug was not enabled then simply don't decrypt the
> memory and provide the raw data.
> 
> There was some discussion to have very high level security policy which
> may have attribute like debug=on|off, if debug is disabled then QEMU
> monitor can display messages like debug not allowed to better inform user.
> 
> 
> > void
> > sev_set_debug_ops(void *handle, MemoryRegion *mr)
> > {
> > SEVState *s = (SEVState *)handle;
> >
> > /* If policy does not allow debug then no need to register ops */
> > if (s->policy & SEV_POLICY_NODBG) {
> > sev_ops.read = sev_mem_cant_read;
> > sev_ops.write = sev_mem_cant_write;
> > } else {
> > sev_ops.read = sev_mem_read;
> > sev_ops.write = sev_mem_write;
> > }
> >
> > Dave
> >
> >> -Brijesh
> > --
> > Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH] tests/boot-serial: Check the 40p machine, too

[Hervé Poussineau]

Le 07/03/2018 à 13:15, Thomas Huth a écrit :

The "40p" machine is using the Open Hack'Ware BIOS, just like the "prep"
machine, so we can test it accordingly with the boot-serial tester, too.
While we're at it, also change the strings that we are using for the
"prep" machine, so that this test now also checks some CLI parameters.

Signed-off-by: Thomas Huth 


Reviewed-by: Hervé Poussineau 


---
  NB: The 40p machine is currently broken - when the emulator is quit,
  there is a rcu_read_unlock assertion message printed out. This test
  here succeeds anyway since the qtest framework does not care about
  errors in the shutdown path yet.

  tests/boot-serial-test.c | 6 --
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index ece25c6..5b24cd2 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -75,11 +75,13 @@ typedef struct testdef {
  static testdef_t tests[] = {
  { "alpha", "clipper", "", "PCI:" },
  { "ppc", "ppce500", "", "U-Boot" },
-{ "ppc", "prep", "", "Open Hack'Ware BIOS" },
+{ "ppc", "prep", "-m 96", "Memory size: 96 MB" },
+{ "ppc", "40p", "-boot d", "Booting from device d" },
  { "ppc", "g3beige", "", "PowerPC,750" },
  { "ppc", "mac99", "", "PowerPC,G4" },
  { "ppc64", "ppce500", "", "U-Boot" },
-{ "ppc64", "prep", "", "Open Hack'Ware BIOS" },
+{ "ppc64", "prep", "-boot e", "Booting from device e" },
+{ "ppc64", "40p", "-m 192", "Memory size: 192 MB" },
  { "ppc64", "mac99", "", "PowerPC,970FX" },
  { "ppc64", "pseries", "", "Open Firmware" },
  { "ppc64", "powernv", "-cpu POWER8", "OPAL" },

Re: [Qemu-devel] [PATCH v4 05/37] qcow2: Pass BlockdevCreateOptions to qcow2_co_create()

[Eric Blake]

On 03/07/2018 12:59 PM, Kevin Wolf wrote:

All of the simple options are now passed to qcow2_co_create() in a
BlockdevCreateOptions object. Still missing: node-name and the
encryption options.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
  block/qcow2.c | 189 ++
  1 file changed, 151 insertions(+), 38 deletions(-)



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH v4 33/37] ssh: Support .bdrv_co_create

[Max Reitz]

On 2018-03-07 19:59, Kevin Wolf wrote:
> This adds the .bdrv_co_create driver callback to ssh, which enables
> image creation over QMP.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  qapi/block-core.json | 16 +-
>  block/ssh.c  | 83 
> ++--
>  2 files changed, 63 insertions(+), 36 deletions(-)

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v11 21/28] sev/i386: add debug encrypt and decrypt commands

[Brijesh Singh]

On 3/7/18 12:24 PM, Dr. David Alan Gilbert wrote:
> * Brijesh Singh (brijesh.si...@amd.com) wrote:
>>
>> On 03/07/2018 11:27 AM, Dr. David Alan Gilbert wrote:
>>
>> [...]
>>
 +{
 +SEVState *s = (SEVState *)handle;
 +
 +/* If policy does not allow debug then no need to register ops */
 +if (s->policy & SEV_POLICY_NODBG) {
 +return;
 +}
>>> So what happens if someone tries to use a gdb or monitor command when
>>> policy didn't allow debug?  Does it end up with an obvious error
>>> somehow?
>>>
>> In those cases caller will get encrypted bytes, leading to unintelligible
>> data. It can sometime translate into  obvious errors e.g caller tries to
>> walk guest pagtable and it gets garbage and will have trouble dumping the
>> pgtables etc. Many times qemu calls ldphys_* functions to access the data it
>> may get tricky to report the errors.
> So would it make sense to have something like:
>
> sev_mem_cant_read(uint8_t *dst, const uint8_t *src, uint32_t len, MemTxAttrs 
> attrs)
> {
> error_report("SEV Guest policy does not allow debug access");
>
> return -EPERM;
> }

In very early patches we had something similar but I was not sure  if
that was right thing. Any debug accesses were  printing ton of messages
and also in some case caller actually wants to dump the memory content
(e.g x /10gx 0x000).. what we should return in those cases ? In my
approach was if debug was not enabled then simply don't decrypt the
memory and provide the raw data.

There was some discussion to have very high level security policy which
may have attribute like debug=on|off, if debug is disabled then QEMU
monitor can display messages like debug not allowed to better inform user.


> void
> sev_set_debug_ops(void *handle, MemoryRegion *mr)
> {
> SEVState *s = (SEVState *)handle;
>
> /* If policy does not allow debug then no need to register ops */
> if (s->policy & SEV_POLICY_NODBG) {
> sev_ops.read = sev_mem_cant_read;
> sev_ops.write = sev_mem_cant_write;
> } else {
> sev_ops.read = sev_mem_read;
> sev_ops.write = sev_mem_write;
> }
>
> Dave
>
>> -Brijesh
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v4 22/37] rbd: Pass BlockdevOptionsRbd to qemu_rbd_connect()

[Max Reitz]

On 2018-03-07 19:59, Kevin Wolf wrote:
> With the conversion to a QAPI options object, the function is now
> prepared to be used in a .bdrv_co_create implementation.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/rbd.c | 115 
> +---
>  1 file changed, 55 insertions(+), 60 deletions(-)

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v4 03/37] qcow2: Rename qcow2_co_create2() to qcow2_co_create()

[Eric Blake]

On 03/07/2018 12:59 PM, Kevin Wolf wrote:

The functions originally known as qcow2_create() and qcow2_create2()
are now called qcow2_co_create_opts() and qcow2_co_create(), which
matches the names of the BlockDriver callbacks that they will implement
at the end of this patch series.

Signed-off-by: Kevin Wolf 
---
  block/qcow2.c | 16 
  1 file changed, 8 insertions(+), 8 deletions(-)



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH v4 03/37] qcow2: Rename qcow2_co_create2() to qcow2_co_create()

[Max Reitz]

On 2018-03-07 19:59, Kevin Wolf wrote:
> The functions originally known as qcow2_create() and qcow2_create2()
> are now called qcow2_co_create_opts() and qcow2_co_create(), which
> matches the names of the BlockDriver callbacks that they will implement
> at the end of this patch series.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/qcow2.c | 16 
>  1 file changed, 8 insertions(+), 8 deletions(-)

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH v4 36/37] qemu-iotests: Test qcow2 over file image creation with QMP

[Kevin Wolf]

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 tests/qemu-iotests/206 | 436 +
 tests/qemu-iotests/206.out | 209 ++
 tests/qemu-iotests/group   |   1 +
 3 files changed, 646 insertions(+)
 create mode 100755 tests/qemu-iotests/206
 create mode 100644 tests/qemu-iotests/206.out

diff --git a/tests/qemu-iotests/206 b/tests/qemu-iotests/206
new file mode 100755
index 00..0a18b2b19a
--- /dev/null
+++ b/tests/qemu-iotests/206
@@ -0,0 +1,436 @@
+#!/bin/bash
+#
+# Test qcow2 and file image creation
+#
+# Copyright (C) 2018 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=kw...@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+status=1   # failure is the default!
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2
+_supported_proto file
+_supported_os Linux
+
+function do_run_qemu()
+{
+echo Testing: "$@"
+$QEMU -nographic -qmp stdio -serial none "$@"
+echo
+}
+
+function run_qemu()
+{
+do_run_qemu "$@" 2>&1 | _filter_testdir | _filter_qmp \
+  | _filter_qemu | _filter_imgfmt \
+  | _filter_actual_image_size
+}
+
+echo
+echo "=== Successful image creation (defaults) ==="
+echo
+
+size=$((128 * 1024 * 1024))
+
+run_qemu <

[Qemu-devel] [PATCH v4 37/37] qemu-iotests: Test ssh image creation over QMP

[Kevin Wolf]

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 tests/qemu-iotests/207 | 261 +
 tests/qemu-iotests/207.out |  75 +
 tests/qemu-iotests/group   |   1 +
 3 files changed, 337 insertions(+)
 create mode 100755 tests/qemu-iotests/207
 create mode 100644 tests/qemu-iotests/207.out

diff --git a/tests/qemu-iotests/207 b/tests/qemu-iotests/207
new file mode 100755
index 00..f5c77852d1
--- /dev/null
+++ b/tests/qemu-iotests/207
@@ -0,0 +1,261 @@
+#!/bin/bash
+#
+# Test ssh image creation
+#
+# Copyright (C) 2018 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=kw...@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+status=1   # failure is the default!
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt raw
+_supported_proto ssh
+_supported_os Linux
+
+function do_run_qemu()
+{
+echo Testing: "$@"
+$QEMU -nographic -qmp stdio -serial none "$@"
+echo
+}
+
+function run_qemu()
+{
+do_run_qemu "$@" 2>&1 | _filter_testdir | _filter_qmp \
+  | _filter_qemu | _filter_imgfmt \
+  | _filter_actual_image_size
+}
+
+echo
+echo "=== Successful image creation (defaults) ==="
+echo
+
+run_qemu 

[Qemu-devel] [PATCH v4 28/37] sheepdog: QAPIfy "redundancy" create option

[Kevin Wolf]

The "redundancy" option for Sheepdog image creation is currently a
string that can encode one or two integers depending on its format,
which at the same time implicitly selects a mode.

This patch turns it into a QAPI union and converts the string into such
a QAPI object before interpreting the values.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 qapi/block-core.json | 45 +
 block/sheepdog.c | 94 +---
 2 files changed, 112 insertions(+), 27 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 39e53c7791..e590ab6c71 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3467,6 +3467,51 @@
 '*cluster-size' :   'size' } }
 
 ##
+# @SheepdogRedundancyType:
+#
+# @full Create a fully replicated vdi with x copies
+# @erasure-codedCreate an erasure coded vdi with x data strips and
+#   y parity strips
+#
+# Since: 2.12
+##
+{ 'enum': 'SheepdogRedundancyType',
+  'data': [ 'full', 'erasure-coded' ] }
+
+##
+# @SheepdogRedundancyFull:
+#
+# @copies   Number of copies to use (between 1 and 31)
+#
+# Since: 2.12
+##
+{ 'struct': 'SheepdogRedundancyFull',
+  'data': { 'copies': 'int' }}
+
+##
+# @SheepdogRedundancyErasureCoded:
+#
+# @data-strips  Number of data strips to use (one of {2,4,8,16})
+# @parity-stripsNumber of parity strips to use (between 1 and 15)
+#
+# Since: 2.12
+##
+{ 'struct': 'SheepdogRedundancyErasureCoded',
+  'data': { 'data-strips': 'int',
+'parity-strips': 'int' }}
+
+##
+# @SheepdogRedundancy:
+#
+# Since: 2.12
+##
+{ 'union': 'SheepdogRedundancy',
+  'base': { 'type': 'SheepdogRedundancyType' },
+  'discriminator': 'type',
+  'data': { 'full': 'SheepdogRedundancyFull',
+'erasure-coded': 'SheepdogRedundancyErasureCoded' } }
+
+##
 # @BlockdevCreateNotSupported:
 #
 # This is used for all drivers that don't support creating images.
diff --git a/block/sheepdog.c b/block/sheepdog.c
index d8c10b7cac..3966cd229a 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -1882,6 +1882,48 @@ out_with_err_set:
 return ret;
 }
 
+static int parse_redundancy(BDRVSheepdogState *s, SheepdogRedundancy *opt)
+{
+struct SheepdogInode *inode = >inode;
+
+switch (opt->type) {
+case SHEEPDOG_REDUNDANCY_TYPE_FULL:
+if (opt->u.full.copies > SD_MAX_COPIES || opt->u.full.copies < 1) {
+return -EINVAL;
+}
+inode->copy_policy = 0;
+inode->nr_copies = opt->u.full.copies;
+return 0;
+
+case SHEEPDOG_REDUNDANCY_TYPE_ERASURE_CODED:
+{
+int64_t copy = opt->u.erasure_coded.data_strips;
+int64_t parity = opt->u.erasure_coded.parity_strips;
+
+if (copy != 2 && copy != 4 && copy != 8 && copy != 16) {
+return -EINVAL;
+}
+
+if (parity >= SD_EC_MAX_STRIP || parity < 1) {
+return -EINVAL;
+}
+
+/*
+ * 4 bits for parity and 4 bits for data.
+ * We have to compress upper data bits because it can't represent 16
+ */
+inode->copy_policy = ((copy / 2) << 4) + parity;
+inode->nr_copies = copy + parity;
+return 0;
+}
+
+default:
+g_assert_not_reached();
+}
+
+return -EINVAL;
+}
+
 /*
  * Sheepdog support two kinds of redundancy, full replication and erasure
  * coding.
@@ -1892,12 +1934,13 @@ out_with_err_set:
  * # create a erasure coded vdi with x data strips and y parity strips
  * -o redundancy=x:y (x must be one of {2,4,8,16} and 1 <= y < SD_EC_MAX_STRIP)
  */
-static int parse_redundancy(BDRVSheepdogState *s, const char *opt)
+static int parse_redundancy_str(BDRVSheepdogState *s, const char *opt)
 {
-struct SheepdogInode *inode = >inode;
+struct SheepdogRedundancy redundancy;
 const char *n1, *n2;
 long copy, parity;
 char p[10];
+int ret;
 
 pstrcpy(p, sizeof(p), opt);
 n1 = strtok(p, ":");
@@ -1907,35 +1950,32 @@ static int parse_redundancy(BDRVSheepdogState *s, const 
char *opt)
 return -EINVAL;
 }
 
-copy = strtol(n1, NULL, 10);
-/* FIXME fix error checking by switching to qemu_strtol() */
-if (copy > SD_MAX_COPIES || copy < 1) {
-return -EINVAL;
-}
-if (!n2) {
-inode->copy_policy = 0;
-inode->nr_copies = copy;
-return 0;
+ret = qemu_strtol(n1, NULL, 10, );
+if (ret < 0) {
+return ret;
 }
 
-if (copy != 2 && copy != 4 && copy != 8 && copy != 16) {
-return -EINVAL;
-}
+if (!n2) {
+redundancy = (SheepdogRedundancy) {
+.type   = SHEEPDOG_REDUNDANCY_TYPE_FULL,
+.u.full.copies  = copy,
+};
+} else {
+ret = qemu_strtol(n2, NULL, 10, );
+if (ret < 0) {
+return ret;
+}
 
-parity = strtol(n2, NULL, 10);
-/* FIXME fix error checking by 

[Qemu-devel] [PATCH v4 35/37] block: Fail bdrv_truncate() with negative size

[Kevin Wolf]

Most callers have their own checks, but something like this should also
be checked centrally. As it happens, x-blockdev-create can pass negative
image sizes to format drivers (because there is no QAPI type that would
reject negative numbers) and triggers the check added by this patch.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
Reviewed-by: Eric Blake 
---
 block.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/block.c b/block.c
index 00f94241fc..75a9fd49de 100644
--- a/block.c
+++ b/block.c
@@ -3719,6 +3719,11 @@ int bdrv_truncate(BdrvChild *child, int64_t offset, 
PreallocMode prealloc,
 error_setg(errp, "No medium inserted");
 return -ENOMEDIUM;
 }
+if (offset < 0) {
+error_setg(errp, "Image size cannot be negative");
+return -EINVAL;
+}
+
 if (!drv->bdrv_truncate) {
 if (bs->file && drv->is_filter) {
 return bdrv_truncate(bs->file, offset, prealloc, errp);
-- 
2.13.6

[Qemu-devel] [PATCH v4 22/37] rbd: Pass BlockdevOptionsRbd to qemu_rbd_connect()

[Kevin Wolf]

With the conversion to a QAPI options object, the function is now
prepared to be used in a .bdrv_co_create implementation.

Signed-off-by: Kevin Wolf 
---
 block/rbd.c | 115 +---
 1 file changed, 55 insertions(+), 60 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index a979107f65..999fea105f 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -24,6 +24,8 @@
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qlist.h"
+#include "qapi/qobject-input-visitor.h"
+#include "qapi/qapi-visit-block-core.h"
 
 /*
  * When specifying the image filename use:
@@ -484,98 +486,71 @@ static void qemu_rbd_complete_aio(RADOSCB *rcb)
 qemu_aio_unref(acb);
 }
 
-static char *qemu_rbd_mon_host(QDict *options, Error **errp)
+static char *qemu_rbd_mon_host(BlockdevOptionsRbd *opts, Error **errp)
 {
-const char **vals = g_new(const char *, qdict_size(options) + 1);
-char keybuf[32];
+const char **vals;
 const char *host, *port;
 char *rados_str;
-int i;
-
-for (i = 0;; i++) {
-sprintf(keybuf, "server.%d.host", i);
-host = qdict_get_try_str(options, keybuf);
-qdict_del(options, keybuf);
-sprintf(keybuf, "server.%d.port", i);
-port = qdict_get_try_str(options, keybuf);
-qdict_del(options, keybuf);
-if (!host && !port) {
-break;
-}
-if (!host) {
-error_setg(errp, "Parameter server.%d.host is missing", i);
-rados_str = NULL;
-goto out;
-}
+InetSocketAddressBaseList *p;
+int i, cnt;
+
+if (!opts->has_server) {
+return NULL;
+}
+
+for (cnt = 0, p = opts->server; p; p = p->next) {
+cnt++;
+}
+
+vals = g_new(const char *, cnt + 1);
+
+for (i = 0, p = opts->server; p; p = p->next, i++) {
+host = p->value->host;
+port = p->value->port;
 
 if (strchr(host, ':')) {
-vals[i] = port ? g_strdup_printf("[%s]:%s", host, port)
-: g_strdup_printf("[%s]", host);
+vals[i] = g_strdup_printf("[%s]:%s", host, port);
 } else {
-vals[i] = port ? g_strdup_printf("%s:%s", host, port)
-: g_strdup(host);
+vals[i] = g_strdup_printf("%s:%s", host, port);
 }
 }
 vals[i] = NULL;
 
 rados_str = i ? g_strjoinv(";", (char **)vals) : NULL;
-out:
 g_strfreev((char **)vals);
 return rados_str;
 }
 
 static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
 char **s_snap, char **s_image_name,
-QDict *options, bool cache,
+BlockdevOptionsRbd *opts, bool cache,
 const char *keypairs, const char *secretid,
 Error **errp)
 {
-QemuOpts *opts;
 char *mon_host = NULL;
-const char *pool, *snap, *conf, *user, *image_name;
 Error *local_err = NULL;
 int r;
 
-opts = qemu_opts_create(_opts, NULL, 0, _abort);
-qemu_opts_absorb_qdict(opts, options, _err);
-if (local_err) {
-error_propagate(errp, local_err);
-r = -EINVAL;
-goto failed_opts;
-}
-
-mon_host = qemu_rbd_mon_host(options, _err);
+mon_host = qemu_rbd_mon_host(opts, _err);
 if (local_err) {
 error_propagate(errp, local_err);
 r = -EINVAL;
 goto failed_opts;
 }
 
-pool   = qemu_opt_get(opts, "pool");
-conf   = qemu_opt_get(opts, "conf");
-snap   = qemu_opt_get(opts, "snapshot");
-user   = qemu_opt_get(opts, "user");
-image_name = qemu_opt_get(opts, "image");
-
-if (!pool || !image_name) {
-error_setg(errp, "Parameters 'pool' and 'image' are required");
-r = -EINVAL;
-goto failed_opts;
-}
-
-r = rados_create(cluster, user);
+r = rados_create(cluster, opts->user);
 if (r < 0) {
 error_setg_errno(errp, -r, "error initializing");
 goto failed_opts;
 }
 
-*s_snap = g_strdup(snap);
-*s_image_name = g_strdup(image_name);
+*s_snap = g_strdup(opts->snapshot);
+*s_image_name = g_strdup(opts->image);
 
 /* try default location when conf=NULL, but ignore failure */
-r = rados_conf_read_file(*cluster, conf);
-if (conf && r < 0) {
-error_setg_errno(errp, -r, "error reading conf file %s", conf);
+r = rados_conf_read_file(*cluster, opts->conf);
+if (opts->has_conf && r < 0) {
+error_setg_errno(errp, -r, "error reading conf file %s", opts->conf);
 goto failed_shutdown;
 }
 
@@ -615,13 +590,12 @@ static int qemu_rbd_connect(rados_t *cluster, 
rados_ioctx_t *io_ctx,
 goto failed_shutdown;
 }
 
-r = rados_ioctx_create(*cluster, pool, io_ctx);
+r = rados_ioctx_create(*cluster, opts->pool, io_ctx);
 if (r < 0) {
-error_setg_errno(errp, -r, "error 

Re: [Qemu-devel] [PATCH v2 5/7] qcow2: Check snapshot L1 table in qcow2_snapshot_goto()

[Eric Blake]

On 03/06/2018 10:14 AM, Alberto Garcia wrote:

This function copies a snapshot's L1 table into the active one without
validating it first.

We now have a function to take care of this, so let's use it.

Signed-off-by: Alberto Garcia 
Cc: Eric Blake 
---
  block/qcow2-snapshot.c | 9 +
  tests/qemu-iotests/080 | 2 ++
  tests/qemu-iotests/080.out | 4 
  3 files changed, 15 insertions(+)



Reviewed-by: Eric Blake 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [PATCH v4 30/37] ssh: Use QAPI BlockdevOptionsSsh object

[Kevin Wolf]

Create a BlockdevOptionsSsh object in connect_to_ssh() and take the
options from there. 'host_key_check' is still processed separately
because it's not in the schema yet.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 block/ssh.c | 137 +++-
 1 file changed, 62 insertions(+), 75 deletions(-)

diff --git a/block/ssh.c b/block/ssh.c
index ff9929497d..8b646c0ede 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -35,6 +35,7 @@
 #include "qemu/sockets.h"
 #include "qemu/uri.h"
 #include "qapi/qapi-visit-sockets.h"
+#include "qapi/qapi-visit-block-core.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qstring.h"
 #include "qapi/qobject-input-visitor.h"
@@ -543,21 +544,6 @@ static QemuOptsList ssh_runtime_opts = {
 .type = QEMU_OPT_NUMBER,
 .help = "Port to connect to",
 },
-{
-.name = "path",
-.type = QEMU_OPT_STRING,
-.help = "Path of the image on the host",
-},
-{
-.name = "user",
-.type = QEMU_OPT_STRING,
-.help = "User as which to connect",
-},
-{
-.name = "host_key_check",
-.type = QEMU_OPT_STRING,
-.help = "Defines how and what to check the host key against",
-},
 { /* end of list */ }
 },
 };
@@ -582,23 +568,31 @@ static bool ssh_process_legacy_socket_options(QDict 
*output_opts,
 return true;
 }
 
-static InetSocketAddress *ssh_config(QDict *options, Error **errp)
+static BlockdevOptionsSsh *ssh_parse_options(QDict *options, Error **errp)
 {
-InetSocketAddress *inet = NULL;
-QDict *addr = NULL;
-QObject *crumpled_addr = NULL;
-Visitor *iv = NULL;
-Error *local_error = NULL;
-
-qdict_extract_subqdict(options, , "server.");
-if (!qdict_size(addr)) {
-error_setg(errp, "SSH server address missing");
-goto out;
+BlockdevOptionsSsh *result = NULL;
+QemuOpts *opts = NULL;
+Error *local_err = NULL;
+QObject *crumpled;
+const QDictEntry *e;
+Visitor *v;
+
+/* Translate legacy options */
+opts = qemu_opts_create(_runtime_opts, NULL, 0, _abort);
+qemu_opts_absorb_qdict(opts, options, _err);
+if (local_err) {
+error_propagate(errp, local_err);
+goto fail;
 }
 
-crumpled_addr = qdict_crumple(addr, errp);
-if (!crumpled_addr) {
-goto out;
+if (!ssh_process_legacy_socket_options(options, opts, errp)) {
+goto fail;
+}
+
+/* Create the QAPI object */
+crumpled = qdict_crumple(options, errp);
+if (crumpled == NULL) {
+goto fail;
 }
 
 /*
@@ -609,51 +603,50 @@ static InetSocketAddress *ssh_config(QDict *options, 
Error **errp)
  * but when they come from -drive, they're all QString.  The
  * visitor expects the former.
  */
-iv = qobject_input_visitor_new(crumpled_addr);
-visit_type_InetSocketAddress(iv, NULL, , _error);
-if (local_error) {
-error_propagate(errp, local_error);
-goto out;
+v = qobject_input_visitor_new(crumpled);
+visit_type_BlockdevOptionsSsh(v, NULL, , _err);
+visit_free(v);
+qobject_decref(crumpled);
+
+if (local_err) {
+error_propagate(errp, local_err);
+goto fail;
 }
 
-out:
-QDECREF(addr);
-qobject_decref(crumpled_addr);
-visit_free(iv);
-return inet;
+/* Remove the processed options from the QDict (the visitor processes
+ * _all_ options in the QDict) */
+while ((e = qdict_first(options))) {
+qdict_del(options, e->key);
+}
+
+fail:
+qemu_opts_del(opts);
+return result;
 }
 
 static int connect_to_ssh(BDRVSSHState *s, QDict *options,
   int ssh_flags, int creat_mode, Error **errp)
 {
+BlockdevOptionsSsh *opts;
 int r, ret;
-QemuOpts *opts = NULL;
-Error *local_err = NULL;
-const char *user, *path, *host_key_check;
+const char *user, *host_key_check;
 long port = 0;
 
-opts = qemu_opts_create(_runtime_opts, NULL, 0, _abort);
-qemu_opts_absorb_qdict(opts, options, _err);
-if (local_err) {
-ret = -EINVAL;
-error_propagate(errp, local_err);
-goto err;
-}
-
-if (!ssh_process_legacy_socket_options(options, opts, errp)) {
-ret = -EINVAL;
-goto err;
+host_key_check = qdict_get_try_str(options, "host_key_check");
+if (!host_key_check) {
+host_key_check = "yes";
+} else {
+qdict_del(options, "host_key_check");
 }
 
-path = qemu_opt_get(opts, "path");
-if (!path) {
-ret = -EINVAL;
-error_setg(errp, "No path was specified");
-goto err;
+opts = ssh_parse_options(options, errp);
+if (opts == NULL) {
+return -EINVAL;
 }
 
-user = qemu_opt_get(opts, "user");
-if (!user) {
+if (opts->has_user) {
+user = opts->user;
+

[Qemu-devel] [PATCH v4 21/37] rbd: Remove non-schema options from runtime_opts

[Kevin Wolf]

Instead of the QemuOpts in qemu_rbd_connect(), we want to use QAPI
objects. As a preparation, fetch those options directly from the QDict
that .bdrv_open() supports in the rbd driver and that are not in the
schema.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 block/rbd.c | 55 ---
 1 file changed, 24 insertions(+), 31 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index 99fcc7ecdf..a979107f65 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -326,28 +326,6 @@ static QemuOptsList runtime_opts = {
 /*
  * server.* extracted manually, see qemu_rbd_mon_host()
  */
-{
-.name = "password-secret",
-.type = QEMU_OPT_STRING,
-.help = "ID of secret providing the password",
-},
-
-/*
- * Keys for qemu_rbd_parse_filename(), not in the QAPI schema
- */
-{
-/*
- * HACK: name starts with '=' so that qemu_opts_parse()
- * can't set it
- */
-.name = "=keyvalue-pairs",
-.type = QEMU_OPT_STRING,
-.help = "Legacy rados key/value option parameters",
-},
-{
-.name = "filename",
-.type = QEMU_OPT_STRING,
-},
 { /* end of list */ }
 },
 };
@@ -548,12 +526,13 @@ out:
 
 static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
 char **s_snap, char **s_image_name,
-QDict *options, bool cache, Error **errp)
+QDict *options, bool cache,
+const char *keypairs, const char *secretid,
+Error **errp)
 {
 QemuOpts *opts;
 char *mon_host = NULL;
-const char *pool, *snap, *conf, *user, *image_name, *keypairs;
-const char *secretid;
+const char *pool, *snap, *conf, *user, *image_name;
 Error *local_err = NULL;
 int r;
 
@@ -572,14 +551,11 @@ static int qemu_rbd_connect(rados_t *cluster, 
rados_ioctx_t *io_ctx,
 goto failed_opts;
 }
 
-secretid = qemu_opt_get(opts, "password-secret");
-
 pool   = qemu_opt_get(opts, "pool");
 conf   = qemu_opt_get(opts, "conf");
 snap   = qemu_opt_get(opts, "snapshot");
 user   = qemu_opt_get(opts, "user");
 image_name = qemu_opt_get(opts, "image");
-keypairs   = qemu_opt_get(opts, "=keyvalue-pairs");
 
 if (!pool || !image_name) {
 error_setg(errp, "Parameters 'pool' and 'image' are required");
@@ -664,6 +640,7 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict 
*options, int flags,
 BDRVRBDState *s = bs->opaque;
 Error *local_err = NULL;
 const char *filename;
+char *keypairs, *secretid;
 int r;
 
 /* If we are given a filename, parse the filename, with precedence given to
@@ -674,16 +651,28 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict 
*options, int flags,
 "This is an unsupported option, and may be deprecated "
 "in the future");
 qemu_rbd_parse_filename(filename, options, _err);
+qdict_del(options, "filename");
 if (local_err) {
 error_propagate(errp, local_err);
 return -EINVAL;
 }
 }
 
+keypairs = g_strdup(qdict_get_try_str(options, "=keyvalue-pairs"));
+if (keypairs) {
+qdict_del(options, "=keyvalue-pairs");
+}
+
+secretid = g_strdup(qdict_get_try_str(options, "password-secret"));
+if (secretid) {
+qdict_del(options, "password-secret");
+}
+
 r = qemu_rbd_connect(>cluster, >io_ctx, >snap, >image_name,
- options, !(flags & BDRV_O_NOCACHE), errp);
+ options, !(flags & BDRV_O_NOCACHE), keypairs, 
secretid,
+ errp);
 if (r < 0) {
-return r;
+goto out;
 }
 
 /* rbd_open is always r/w */
@@ -710,13 +699,17 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict 
*options, int flags,
 }
 }
 
-return 0;
+r = 0;
+goto out;
 
 failed_open:
 rados_ioctx_destroy(s->io_ctx);
 g_free(s->snap);
 g_free(s->image_name);
 rados_shutdown(s->cluster);
+out:
+g_free(keypairs);
+g_free(secretid);
 return r;
 }
 
-- 
2.13.6

[Qemu-devel] [PATCH v4 34/37] file-posix: Fix no-op bdrv_truncate() with falloc preallocation

[Kevin Wolf]

If bdrv_truncate() is called, but the requested size is the same as
before, don't call posix_fallocate(), which returns -EINVAL for length
zero and would therefore make bdrv_truncate() fail.

The problem can be triggered by creating a zero-sized raw image with
'falloc' preallocation mode.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
Reviewed-by: Eric Blake 
---
 block/file-posix.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/block/file-posix.c b/block/file-posix.c
index fbc21a9921..d7fb772c14 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -1686,11 +1686,15 @@ static int raw_regular_truncate(int fd, int64_t offset, 
PreallocMode prealloc,
  * file systems that do not support fallocate(), trying to check if a
  * block is allocated before allocating it, so don't do that here.
  */
-result = -posix_fallocate(fd, current_length, offset - current_length);
-if (result != 0) {
-/* posix_fallocate() doesn't set errno. */
-error_setg_errno(errp, -result,
- "Could not preallocate new data");
+if (offset != current_length) {
+result = -posix_fallocate(fd, current_length, offset - 
current_length);
+if (result != 0) {
+/* posix_fallocate() doesn't set errno. */
+error_setg_errno(errp, -result,
+ "Could not preallocate new data");
+}
+} else {
+result = 0;
 }
 goto out;
 #endif
-- 
2.13.6

[Qemu-devel] [PATCH v4 26/37] nfs: Use QAPI options in nfs_client_open()

[Kevin Wolf]

Using the QAPI visitor to turn all options into QAPI BlockdevOptionsNfs
simplifies the code a lot. It will also be useful for implementing the
QAPI based .bdrv_co_create callback.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 block/nfs.c | 176 ++--
 1 file changed, 53 insertions(+), 123 deletions(-)

diff --git a/block/nfs.c b/block/nfs.c
index 7433d25856..e402d643fe 100644
--- a/block/nfs.c
+++ b/block/nfs.c
@@ -367,49 +367,6 @@ static int coroutine_fn nfs_co_flush(BlockDriverState *bs)
 return task.ret;
 }
 
-static QemuOptsList runtime_opts = {
-.name = "nfs",
-.head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
-.desc = {
-{
-.name = "path",
-.type = QEMU_OPT_STRING,
-.help = "Path of the image on the host",
-},
-{
-.name = "user",
-.type = QEMU_OPT_NUMBER,
-.help = "UID value to use when talking to the server",
-},
-{
-.name = "group",
-.type = QEMU_OPT_NUMBER,
-.help = "GID value to use when talking to the server",
-},
-{
-.name = "tcp-syn-count",
-.type = QEMU_OPT_NUMBER,
-.help = "Number of SYNs to send during the session establish",
-},
-{
-.name = "readahead-size",
-.type = QEMU_OPT_NUMBER,
-.help = "Set the readahead size in bytes",
-},
-{
-.name = "page-cache-size",
-.type = QEMU_OPT_NUMBER,
-.help = "Set the pagecache size in bytes",
-},
-{
-.name = "debug",
-.type = QEMU_OPT_NUMBER,
-.help = "Set the NFS debug level (max 2)",
-},
-{ /* end of list */ }
-},
-};
-
 static void nfs_detach_aio_context(BlockDriverState *bs)
 {
 NFSClient *client = bs->opaque;
@@ -452,71 +409,16 @@ static void nfs_file_close(BlockDriverState *bs)
 nfs_client_close(client);
 }
 
-static NFSServer *nfs_config(QDict *options, Error **errp)
-{
-NFSServer *server = NULL;
-QDict *addr = NULL;
-QObject *crumpled_addr = NULL;
-Visitor *iv = NULL;
-Error *local_error = NULL;
-
-qdict_extract_subqdict(options, , "server.");
-if (!qdict_size(addr)) {
-error_setg(errp, "NFS server address missing");
-goto out;
-}
-
-crumpled_addr = qdict_crumple(addr, errp);
-if (!crumpled_addr) {
-goto out;
-}
-
-/*
- * Caution: this works only because all scalar members of
- * NFSServer are QString in @crumpled_addr.  The visitor expects
- * @crumpled_addr to be typed according to the QAPI schema.  It
- * is when @options come from -blockdev or blockdev_add.  But when
- * they come from -drive, they're all QString.
- */
-iv = qobject_input_visitor_new(crumpled_addr);
-visit_type_NFSServer(iv, NULL, , _error);
-if (local_error) {
-error_propagate(errp, local_error);
-goto out;
-}
-
-out:
-QDECREF(addr);
-qobject_decref(crumpled_addr);
-visit_free(iv);
-return server;
-}
-
-
-static int64_t nfs_client_open(NFSClient *client, QDict *options,
+static int64_t nfs_client_open(NFSClient *client, BlockdevOptionsNfs *opts,
int flags, int open_flags, Error **errp)
 {
 int64_t ret = -EINVAL;
-QemuOpts *opts = NULL;
-Error *local_err = NULL;
 struct stat st;
 char *file = NULL, *strp = NULL;
 
 qemu_mutex_init(>mutex);
-opts = qemu_opts_create(_opts, NULL, 0, _abort);
-qemu_opts_absorb_qdict(opts, options, _err);
-if (local_err) {
-error_propagate(errp, local_err);
-ret = -EINVAL;
-goto fail;
-}
 
-client->path = g_strdup(qemu_opt_get(opts, "path"));
-if (!client->path) {
-ret = -EINVAL;
-error_setg(errp, "No path was specified");
-goto fail;
-}
+client->path = g_strdup(opts->path);
 
 strp = strrchr(client->path, '/');
 if (strp == NULL) {
@@ -526,12 +428,10 @@ static int64_t nfs_client_open(NFSClient *client, QDict 
*options,
 file = g_strdup(strp);
 *strp = 0;
 
-/* Pop the config into our state object, Exit if invalid */
-client->server = nfs_config(options, errp);
-if (!client->server) {
-ret = -EINVAL;
-goto fail;
-}
+/* Steal the NFSServer object from opts; set the original pointer to NULL
+ * to avoid use after free and double free. */
+client->server = opts->server;
+opts->server = NULL;
 
 client->context = nfs_init_context();
 if (client->context == NULL) {
@@ -539,29 +439,29 @@ static int64_t nfs_client_open(NFSClient *client, QDict 
*options,
 goto fail;
 }
 
-if (qemu_opt_get(opts, "user")) {
-client->uid = qemu_opt_get_number(opts, "user", 0);
+if (opts->has_user) {
+

[Qemu-devel] [PATCH v4 18/37] gluster: Support .bdrv_co_create

[Kevin Wolf]

This adds the .bdrv_co_create driver callback to gluster, which enables
image creation over QMP.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
Reviewed-by: Eric Blake 
---
 qapi/block-core.json |  18 ++-
 block/gluster.c  | 135 ++-
 2 files changed, 108 insertions(+), 45 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 41955b097f..9170fbf6e6 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3377,6 +3377,22 @@
 '*nocow':   'bool' } }
 
 ##
+# @BlockdevCreateOptionsGluster:
+#
+# Driver specific image creation options for gluster.
+#
+# @location Where to store the new image file
+# @size Size of the virtual disk in bytes
+# @preallocationPreallocation mode for the new image (default: off)
+#
+# Since: 2.12
+##
+{ 'struct': 'BlockdevCreateOptionsGluster',
+  'data': { 'location': 'BlockdevOptionsGluster',
+'size': 'size',
+'*preallocation':   'PreallocMode' } }
+
+##
 # @BlockdevQcow2Version:
 #
 # @v2:  The original QCOW2 format as introduced in qemu 0.10 (version 2)
@@ -3450,7 +3466,7 @@
   'file':   'BlockdevCreateOptionsFile',
   'ftp':'BlockdevCreateNotSupported',
   'ftps':   'BlockdevCreateNotSupported',
-  'gluster':'BlockdevCreateNotSupported',
+  'gluster':'BlockdevCreateOptionsGluster',
   'host_cdrom': 'BlockdevCreateNotSupported',
   'host_device':'BlockdevCreateNotSupported',
   'http':   'BlockdevCreateNotSupported',
diff --git a/block/gluster.c b/block/gluster.c
index 79b4cfdf74..63d3c37d4c 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -655,9 +655,11 @@ out:
 return -errno;
 }
 
-static struct glfs *qemu_gluster_init(BlockdevOptionsGluster *gconf,
-  const char *filename,
-  QDict *options, Error **errp)
+/* Converts options given in @filename and the @options QDict into the QAPI
+ * object @gconf. */
+static int qemu_gluster_parse(BlockdevOptionsGluster *gconf,
+  const char *filename,
+  QDict *options, Error **errp)
 {
 int ret;
 if (filename) {
@@ -668,8 +670,7 @@ static struct glfs 
*qemu_gluster_init(BlockdevOptionsGluster *gconf,
 "[host[:port]]volume/path[?socket=...]"
 "[,file.debug=N]"
 "[,file.logfile=/path/filename.log]\n");
-errno = -ret;
-return NULL;
+return ret;
 }
 } else {
 ret = qemu_gluster_parse_json(gconf, options, errp);
@@ -685,10 +686,23 @@ static struct glfs 
*qemu_gluster_init(BlockdevOptionsGluster *gconf,
  "file.server.1.transport=unix,"
  "file.server.1.socket=/var/run/glusterd.socket 
..."
  "\n");
-errno = -ret;
-return NULL;
+return ret;
 }
+}
 
+return 0;
+}
+
+static struct glfs *qemu_gluster_init(BlockdevOptionsGluster *gconf,
+  const char *filename,
+  QDict *options, Error **errp)
+{
+int ret;
+
+ret = qemu_gluster_parse(gconf, filename, options, errp);
+if (ret < 0) {
+errno = -ret;
+return NULL;
 }
 
 return qemu_gluster_glfs_init(gconf, errp);
@@ -1021,20 +1035,72 @@ static int qemu_gluster_do_truncate(struct glfs_fd *fd, 
int64_t offset,
 return 0;
 }
 
+static int qemu_gluster_co_create(BlockdevCreateOptions *options,
+  Error **errp)
+{
+BlockdevCreateOptionsGluster *opts = >u.gluster;
+struct glfs *glfs;
+struct glfs_fd *fd = NULL;
+int ret = 0;
+
+assert(options->driver == BLOCKDEV_DRIVER_GLUSTER);
+
+glfs = qemu_gluster_glfs_init(opts->location, errp);
+if (!glfs) {
+ret = -errno;
+goto out;
+}
+
+fd = glfs_creat(glfs, opts->location->path,
+O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, S_IRUSR | 
S_IWUSR);
+if (!fd) {
+ret = -errno;
+goto out;
+}
+
+ret = qemu_gluster_do_truncate(fd, opts->size, opts->preallocation, errp);
+
+out:
+if (fd) {
+if (glfs_close(fd) != 0 && ret == 0) {
+ret = -errno;
+}
+}
+glfs_clear_preopened(glfs);
+return ret;
+}
+
 static int coroutine_fn qemu_gluster_co_create_opts(const char *filename,
 QemuOpts *opts,
 Error **errp)
 {
+BlockdevCreateOptions *options;
+BlockdevCreateOptionsGluster *gopts;
 BlockdevOptionsGluster *gconf;
-struct glfs 

[Qemu-devel] [PATCH v4 33/37] ssh: Support .bdrv_co_create

[Kevin Wolf]

This adds the .bdrv_co_create driver callback to ssh, which enables
image creation over QMP.

Signed-off-by: Kevin Wolf 
---
 qapi/block-core.json | 16 +-
 block/ssh.c  | 83 ++--
 2 files changed, 63 insertions(+), 36 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 4814bb7db7..524d51567a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3593,6 +3593,20 @@
 '*object-size': 'size' } }
 
 ##
+# @BlockdevCreateOptionsSsh:
+#
+# Driver specific image creation options for SSH.
+#
+# @location Where to store the new image file
+# @size Size of the virtual disk in bytes
+#
+# Since: 2.12
+##
+{ 'struct': 'BlockdevCreateOptionsSsh',
+  'data': { 'location': 'BlockdevOptionsSsh',
+'size': 'size' } }
+
+##
 # @BlockdevCreateNotSupported:
 #
 # This is used for all drivers that don't support creating images.
@@ -3644,7 +3658,7 @@
   'rbd':'BlockdevCreateOptionsRbd',
   'replication':'BlockdevCreateNotSupported',
   'sheepdog':   'BlockdevCreateOptionsSheepdog',
-  'ssh':'BlockdevCreateNotSupported',
+  'ssh':'BlockdevCreateOptionsSsh',
   'throttle':   'BlockdevCreateNotSupported',
   'vdi':'BlockdevCreateNotSupported',
   'vhdx':   'BlockdevCreateNotSupported',
diff --git a/block/ssh.c b/block/ssh.c
index 80f59055cc..ab3acf0c22 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -854,59 +854,71 @@ static QemuOptsList ssh_create_opts = {
 }
 };
 
+static int ssh_co_create(BlockdevCreateOptions *options, Error **errp)
+{
+BlockdevCreateOptionsSsh *opts = >u.ssh;
+BDRVSSHState s;
+int ret;
+
+assert(options->driver == BLOCKDEV_DRIVER_SSH);
+
+ssh_state_init();
+
+ret = connect_to_ssh(, opts->location,
+ LIBSSH2_FXF_READ|LIBSSH2_FXF_WRITE|
+ LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC,
+ 0644, errp);
+if (ret < 0) {
+goto fail;
+}
+
+if (opts->size > 0) {
+ret = ssh_grow_file(, opts->size, errp);
+if (ret < 0) {
+goto fail;
+}
+}
+
+ret = 0;
+fail:
+ssh_state_free();
+return ret;
+}
+
 static int coroutine_fn ssh_co_create_opts(const char *filename, QemuOpts 
*opts,
Error **errp)
 {
-int r, ret;
-int64_t total_size = 0;
+BlockdevCreateOptions *create_options;
+BlockdevCreateOptionsSsh *ssh_opts;
+int ret;
 QDict *uri_options = NULL;
-BlockdevOptionsSsh *ssh_opts = NULL;
-BDRVSSHState s;
 
-ssh_state_init();
+create_options = g_new0(BlockdevCreateOptions, 1);
+create_options->driver = BLOCKDEV_DRIVER_SSH;
+ssh_opts = _options->u.ssh;
 
 /* Get desired file size. */
-total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
-  BDRV_SECTOR_SIZE);
-DPRINTF("total_size=%" PRIi64, total_size);
+ssh_opts->size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
+  BDRV_SECTOR_SIZE);
+DPRINTF("total_size=%" PRIi64, ssh_opts->size);
 
 uri_options = qdict_new();
-r = parse_uri(filename, uri_options, errp);
-if (r < 0) {
-ret = r;
+ret = parse_uri(filename, uri_options, errp);
+if (ret < 0) {
 goto out;
 }
 
-ssh_opts = ssh_parse_options(uri_options, errp);
-if (ssh_opts == NULL) {
+ssh_opts->location = ssh_parse_options(uri_options, errp);
+if (ssh_opts->location == NULL) {
 ret = -EINVAL;
 goto out;
 }
 
-r = connect_to_ssh(, ssh_opts,
-   LIBSSH2_FXF_READ|LIBSSH2_FXF_WRITE|
-   LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC,
-   0644, errp);
-if (r < 0) {
-ret = r;
-goto out;
-}
-
-if (total_size > 0) {
-ret = ssh_grow_file(, total_size, errp);
-if (ret < 0) {
-goto out;
-}
-}
-
-ret = 0;
+ret = ssh_co_create(create_options, errp);
 
  out:
-ssh_state_free();
-if (uri_options != NULL) {
-QDECREF(uri_options);
-}
-qapi_free_BlockdevOptionsSsh(ssh_opts);
+QDECREF(uri_options);
+qapi_free_BlockdevCreateOptions(create_options);
 return ret;
 }
 
@@ -1268,6 +1280,7 @@ static BlockDriver bdrv_ssh = {
 .instance_size= sizeof(BDRVSSHState),
 .bdrv_parse_filename  = ssh_parse_filename,
 .bdrv_file_open   = ssh_file_open,
+.bdrv_co_create   = ssh_co_create,
 .bdrv_co_create_opts  = ssh_co_create_opts,
 .bdrv_close   = ssh_close,
 .bdrv_has_zero_init   = ssh_has_zero_init,
-- 
2.13.6

[Qemu-devel] [PATCH v4 31/37] ssh: QAPIfy host-key-check option

[Kevin Wolf]

This makes the host-key-check option available in blockdev-add.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 qapi/block-core.json | 63 +++--
 block/ssh.c  | 88 +---
 2 files changed, 117 insertions(+), 34 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index fd21fc..4814bb7db7 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2553,6 +2553,63 @@
 '*encrypt': 'BlockdevQcow2Encryption' } }
 
 ##
+# @SshHostKeyCheckMode:
+#
+# @none Don't check the host key at all
+# @hash Compare the host key with a given hash
+# @known_hosts  Check the host key against the known_hosts file
+#
+# Since: 2.12
+##
+{ 'enum': 'SshHostKeyCheckMode',
+  'data': [ 'none', 'hash', 'known_hosts' ] }
+
+##
+# @SshHostKeyCheckHashType:
+#
+# @md5  The given hash is an md5 hash
+# @sha1 The given hash is an sha1 hash
+#
+# Since: 2.12
+##
+{ 'enum': 'SshHostKeyCheckHashType',
+  'data': [ 'md5', 'sha1' ] }
+
+##
+# @SshHostKeyHash:
+#
+# @type The hash algorithm used for the hash
+# @hash The expected hash value
+#
+# Since: 2.12
+##
+{ 'struct': 'SshHostKeyHash',
+  'data': { 'type': 'SshHostKeyCheckHashType',
+'hash': 'str' }}
+
+##
+# @SshHostKeyDummy:
+#
+# For those union branches that don't need additional fields.
+#
+# Since: 2.12
+##
+{ 'struct': 'SshHostKeyDummy',
+  'data': {} }
+
+##
+# @SshHostKeyCheck:
+#
+# Since: 2.12
+##
+{ 'union': 'SshHostKeyCheck',
+  'base': { 'mode': 'SshHostKeyCheckMode' },
+  'discriminator': 'mode',
+  'data': { 'none': 'SshHostKeyDummy',
+'hash': 'SshHostKeyHash',
+'known_hosts': 'SshHostKeyDummy' } }
+
+##
 # @BlockdevOptionsSsh:
 #
 # @server:  host address
@@ -2562,14 +2619,16 @@
 # @user:user as which to connect, defaults to current
 #   local user name
 #
-# TODO: Expose the host_key_check option in QMP
+# @host-key-check:  Defines how and what to check the host key against
+#   (default: known_hosts)
 #
 # Since: 2.9
 ##
 { 'struct': 'BlockdevOptionsSsh',
   'data': { 'server': 'InetSocketAddress',
 'path': 'str',
-'*user': 'str' } }
+'*user': 'str',
+'*host-key-check': 'SshHostKeyCheck' } }
 
 
 ##
diff --git a/block/ssh.c b/block/ssh.c
index 8b646c0ede..30cdf9a99f 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -431,31 +431,35 @@ check_host_key_hash(BDRVSSHState *s, const char *hash,
 }
 
 static int check_host_key(BDRVSSHState *s, const char *host, int port,
-  const char *host_key_check, Error **errp)
+  SshHostKeyCheck *hkc, Error **errp)
 {
-/* host_key_check=no */
-if (strcmp(host_key_check, "no") == 0) {
-return 0;
-}
+SshHostKeyCheckMode mode;
 
-/* host_key_check=md5:xx:yy:zz:... */
-if (strncmp(host_key_check, "md5:", 4) == 0) {
-return check_host_key_hash(s, _key_check[4],
-   LIBSSH2_HOSTKEY_HASH_MD5, 16, errp);
-}
-
-/* host_key_check=sha1:xx:yy:zz:... */
-if (strncmp(host_key_check, "sha1:", 5) == 0) {
-return check_host_key_hash(s, _key_check[5],
-   LIBSSH2_HOSTKEY_HASH_SHA1, 20, errp);
+if (hkc) {
+mode = hkc->mode;
+} else {
+mode = SSH_HOST_KEY_CHECK_MODE_KNOWN_HOSTS;
 }
 
-/* host_key_check=yes */
-if (strcmp(host_key_check, "yes") == 0) {
+switch (mode) {
+case SSH_HOST_KEY_CHECK_MODE_NONE:
+return 0;
+case SSH_HOST_KEY_CHECK_MODE_HASH:
+if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_MD5) {
+return check_host_key_hash(s, hkc->u.hash.hash,
+   LIBSSH2_HOSTKEY_HASH_MD5, 16, errp);
+} else if (hkc->u.hash.type == SSH_HOST_KEY_CHECK_HASH_TYPE_SHA1) {
+return check_host_key_hash(s, hkc->u.hash.hash,
+   LIBSSH2_HOSTKEY_HASH_SHA1, 20, errp);
+}
+g_assert_not_reached();
+break;
+case SSH_HOST_KEY_CHECK_MODE_KNOWN_HOSTS:
 return check_host_key_knownhosts(s, host, port, errp);
+default:
+g_assert_not_reached();
 }
 
-error_setg(errp, "unknown host_key_check setting (%s)", host_key_check);
 return -EINVAL;
 }
 
@@ -544,16 +548,22 @@ static QemuOptsList ssh_runtime_opts = {
 .type = QEMU_OPT_NUMBER,
 .help = "Port to connect to",
 },
+{
+.name = "host_key_check",
+.type = QEMU_OPT_STRING,
+.help = "Defines how and what to check the host key against",
+},
 { /* end of list */ }
 },
 };
 
-static bool ssh_process_legacy_socket_options(QDict *output_opts,
-

[Qemu-devel] [PATCH v4 27/37] nfs: Support .bdrv_co_create

[Kevin Wolf]

This adds the .bdrv_co_create driver callback to nfs, which enables
image creation over QMP.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 qapi/block-core.json | 16 ++-
 block/nfs.c  | 76 +---
 2 files changed, 75 insertions(+), 17 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index d4351877fc..39e53c7791 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3393,6 +3393,20 @@
 '*preallocation':   'PreallocMode' } }
 
 ##
+# @BlockdevCreateOptionsNfs:
+#
+# Driver specific image creation options for NFS.
+#
+# @location Where to store the new image file
+# @size Size of the virtual disk in bytes
+#
+# Since: 2.12
+##
+{ 'struct': 'BlockdevCreateOptionsNfs',
+  'data': { 'location': 'BlockdevOptionsNfs',
+'size': 'size' } }
+
+##
 # @BlockdevQcow2Version:
 #
 # @v2:  The original QCOW2 format as introduced in qemu 0.10 (version 2)
@@ -3491,7 +3505,7 @@
   'iscsi':  'BlockdevCreateNotSupported',
   'luks':   'BlockdevCreateNotSupported',
   'nbd':'BlockdevCreateNotSupported',
-  'nfs':'BlockdevCreateNotSupported',
+  'nfs':'BlockdevCreateOptionsNfs',
   'null-aio':   'BlockdevCreateNotSupported',
   'null-co':'BlockdevCreateNotSupported',
   'nvme':   'BlockdevCreateNotSupported',
diff --git a/block/nfs.c b/block/nfs.c
index e402d643fe..2577df4b26 100644
--- a/block/nfs.c
+++ b/block/nfs.c
@@ -551,33 +551,45 @@ out:
 return ret;
 }
 
-static int64_t nfs_client_open_qdict(NFSClient *client, QDict *options,
- int flags, int open_flags, Error **errp)
+static BlockdevOptionsNfs *nfs_options_qdict_to_qapi(QDict *options,
+ Error **errp)
 {
 BlockdevOptionsNfs *opts = NULL;
 QObject *crumpled = NULL;
 Visitor *v;
 Error *local_err = NULL;
-int ret;
 
 crumpled = qdict_crumple(options, errp);
 if (crumpled == NULL) {
-return -EINVAL;
+return NULL;
 }
 
 v = qobject_input_visitor_new_keyval(crumpled);
 visit_type_BlockdevOptionsNfs(v, NULL, , _err);
 visit_free(v);
+qobject_decref(crumpled);
 
 if (local_err) {
-error_propagate(errp, local_err);
+return NULL;
+}
+
+return opts;
+}
+
+static int64_t nfs_client_open_qdict(NFSClient *client, QDict *options,
+ int flags, int open_flags, Error **errp)
+{
+BlockdevOptionsNfs *opts;
+int ret;
+
+opts = nfs_options_qdict_to_qapi(options, errp);
+if (opts == NULL) {
 ret = -EINVAL;
 goto fail;
 }
 
 ret = nfs_client_open(client, opts, flags, open_flags, errp);
 fail:
-qobject_decref(crumpled);
 qapi_free_BlockdevOptionsNfs(opts);
 return ret;
 }
@@ -614,18 +626,43 @@ static QemuOptsList nfs_create_opts = {
 }
 };
 
-static int coroutine_fn nfs_file_co_create_opts(const char *url, QemuOpts 
*opts,
-Error **errp)
+static int nfs_file_co_create(BlockdevCreateOptions *options, Error **errp)
 {
-int64_t ret, total_size;
+BlockdevCreateOptionsNfs *opts = >u.nfs;
 NFSClient *client = g_new0(NFSClient, 1);
-QDict *options = NULL;
+int ret;
+
+assert(options->driver == BLOCKDEV_DRIVER_NFS);
 
 client->aio_context = qemu_get_aio_context();
 
+ret = nfs_client_open(client, opts->location, O_CREAT, 0, errp);
+if (ret < 0) {
+goto out;
+}
+ret = nfs_ftruncate(client->context, client->fh, opts->size);
+nfs_client_close(client);
+
+out:
+g_free(client);
+return ret;
+}
+
+static int coroutine_fn nfs_file_co_create_opts(const char *url, QemuOpts 
*opts,
+Error **errp)
+{
+BlockdevCreateOptions *create_options;
+BlockdevCreateOptionsNfs *nfs_opts;
+QDict *options;
+int ret;
+
+create_options = g_new0(BlockdevCreateOptions, 1);
+create_options->driver = BLOCKDEV_DRIVER_NFS;
+nfs_opts = _options->u.nfs;
+
 /* Read out options */
-total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
-  BDRV_SECTOR_SIZE);
+nfs_opts->size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
+  BDRV_SECTOR_SIZE);
 
 options = qdict_new();
 ret = nfs_parse_uri(url, options, errp);
@@ -633,15 +670,21 @@ static int coroutine_fn nfs_file_co_create_opts(const 
char *url, QemuOpts *opts,
 goto out;
 }
 
-ret = nfs_client_open_qdict(client, options, O_CREAT, 0, errp);
+nfs_opts->location = nfs_options_qdict_to_qapi(options, errp);
+if (nfs_opts->location == NULL) {
+ret = -EINVAL;
+goto out;
+}
+
+ret = 

[Qemu-devel] [PATCH v4 16/37] file-posix: Support .bdrv_co_create

[Kevin Wolf]

This adds the .bdrv_co_create driver callback to file, which enables
image creation over QMP.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
Reviewed-by: Eric Blake 
---
 qapi/block-core.json | 20 -
 block/file-posix.c   | 79 +---
 2 files changed, 75 insertions(+), 24 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 88d7a8678d..41955b097f 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3359,6 +3359,24 @@
 { 'command': 'blockdev-del', 'data': { 'node-name': 'str' } }
 
 ##
+# @BlockdevCreateOptionsFile:
+#
+# Driver specific image creation options for file.
+#
+# @filename Filename for the new image file
+# @size Size of the virtual disk in bytes
+# @preallocationPreallocation mode for the new image (default: off)
+# @nocowTurn off copy-on-write (valid only on btrfs; default: off)
+#
+# Since: 2.12
+##
+{ 'struct': 'BlockdevCreateOptionsFile',
+  'data': { 'filename': 'str',
+'size': 'size',
+'*preallocation':   'PreallocMode',
+'*nocow':   'bool' } }
+
+##
 # @BlockdevQcow2Version:
 #
 # @v2:  The original QCOW2 format as introduced in qemu 0.10 (version 2)
@@ -3429,7 +3447,7 @@
   'bochs':  'BlockdevCreateNotSupported',
   'cloop':  'BlockdevCreateNotSupported',
   'dmg':'BlockdevCreateNotSupported',
-  'file':   'BlockdevCreateNotSupported',
+  'file':   'BlockdevCreateOptionsFile',
   'ftp':'BlockdevCreateNotSupported',
   'ftps':   'BlockdevCreateNotSupported',
   'gluster':'BlockdevCreateNotSupported',
diff --git a/block/file-posix.c b/block/file-posix.c
index 7f2cc63c60..fbc21a9921 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -1982,34 +1982,25 @@ static int64_t 
raw_get_allocated_file_size(BlockDriverState *bs)
 return (int64_t)st.st_blocks * 512;
 }
 
-static int coroutine_fn raw_co_create_opts(const char *filename, QemuOpts 
*opts,
-   Error **errp)
+static int raw_co_create(BlockdevCreateOptions *options, Error **errp)
 {
+BlockdevCreateOptionsFile *file_opts;
 int fd;
 int result = 0;
-int64_t total_size = 0;
-bool nocow = false;
-PreallocMode prealloc;
-char *buf = NULL;
-Error *local_err = NULL;
 
-strstart(filename, "file:", );
+/* Validate options and set default values */
+assert(options->driver == BLOCKDEV_DRIVER_FILE);
+file_opts = >u.file;
 
-/* Read out options */
-total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
-  BDRV_SECTOR_SIZE);
-nocow = qemu_opt_get_bool(opts, BLOCK_OPT_NOCOW, false);
-buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
-prealloc = qapi_enum_parse(_lookup, buf,
-   PREALLOC_MODE_OFF, _err);
-g_free(buf);
-if (local_err) {
-error_propagate(errp, local_err);
-result = -EINVAL;
-goto out;
+if (!file_opts->has_nocow) {
+file_opts->nocow = false;
+}
+if (!file_opts->has_preallocation) {
+file_opts->preallocation = PREALLOC_MODE_OFF;
 }
 
-fd = qemu_open(filename, O_RDWR | O_CREAT | O_TRUNC | O_BINARY,
+/* Create file */
+fd = qemu_open(file_opts->filename, O_RDWR | O_CREAT | O_TRUNC | O_BINARY,
0644);
 if (fd < 0) {
 result = -errno;
@@ -2017,7 +2008,7 @@ static int coroutine_fn raw_co_create_opts(const char 
*filename, QemuOpts *opts,
 goto out;
 }
 
-if (nocow) {
+if (file_opts->nocow) {
 #ifdef __linux__
 /* Set NOCOW flag to solve performance issue on fs like btrfs.
  * This is an optimisation. The FS_IOC_SETFLAGS ioctl return value
@@ -2032,7 +2023,8 @@ static int coroutine_fn raw_co_create_opts(const char 
*filename, QemuOpts *opts,
 #endif
 }
 
-result = raw_regular_truncate(fd, total_size, prealloc, errp);
+result = raw_regular_truncate(fd, file_opts->size, 
file_opts->preallocation,
+  errp);
 if (result < 0) {
 goto out_close;
 }
@@ -2046,6 +2038,46 @@ out:
 return result;
 }
 
+static int coroutine_fn raw_co_create_opts(const char *filename, QemuOpts 
*opts,
+   Error **errp)
+{
+BlockdevCreateOptions options;
+int64_t total_size = 0;
+bool nocow = false;
+PreallocMode prealloc;
+char *buf = NULL;
+Error *local_err = NULL;
+
+/* Skip file: protocol prefix */
+strstart(filename, "file:", );
+
+/* Read out options */
+total_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
+  BDRV_SECTOR_SIZE);
+nocow = qemu_opt_get_bool(opts, BLOCK_OPT_NOCOW, false);
+buf = 

[Qemu-devel] [PATCH v4 32/37] ssh: Pass BlockdevOptionsSsh to connect_to_ssh()

[Kevin Wolf]

Move the parsing of the QDict options up to the callers, in preparation
for the .bdrv_co_create implementation that directly gets a QAPI type.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 block/ssh.c | 34 +-
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/block/ssh.c b/block/ssh.c
index 30cdf9a99f..80f59055cc 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -656,19 +656,13 @@ fail:
 return result;
 }
 
-static int connect_to_ssh(BDRVSSHState *s, QDict *options,
+static int connect_to_ssh(BDRVSSHState *s, BlockdevOptionsSsh *opts,
   int ssh_flags, int creat_mode, Error **errp)
 {
-BlockdevOptionsSsh *opts;
 int r, ret;
 const char *user;
 long port = 0;
 
-opts = ssh_parse_options(options, errp);
-if (opts == NULL) {
-return -EINVAL;
-}
-
 if (opts->has_user) {
 user = opts->user;
 } else {
@@ -748,8 +742,6 @@ static int connect_to_ssh(BDRVSSHState *s, QDict *options,
 goto err;
 }
 
-qapi_free_BlockdevOptionsSsh(opts);
-
 r = libssh2_sftp_fstat(s->sftp_handle, >attrs);
 if (r < 0) {
 sftp_error_setg(errp, s, "failed to read file attributes");
@@ -775,8 +767,6 @@ static int connect_to_ssh(BDRVSSHState *s, QDict *options,
 }
 s->session = NULL;
 
-qapi_free_BlockdevOptionsSsh(opts);
-
 return ret;
 }
 
@@ -784,6 +774,7 @@ static int ssh_file_open(BlockDriverState *bs, QDict 
*options, int bdrv_flags,
  Error **errp)
 {
 BDRVSSHState *s = bs->opaque;
+BlockdevOptionsSsh *opts;
 int ret;
 int ssh_flags;
 
@@ -794,8 +785,13 @@ static int ssh_file_open(BlockDriverState *bs, QDict 
*options, int bdrv_flags,
 ssh_flags |= LIBSSH2_FXF_WRITE;
 }
 
+opts = ssh_parse_options(options, errp);
+if (opts == NULL) {
+return -EINVAL;
+}
+
 /* Start up SSH. */
-ret = connect_to_ssh(s, options, ssh_flags, 0, errp);
+ret = connect_to_ssh(s, opts, ssh_flags, 0, errp);
 if (ret < 0) {
 goto err;
 }
@@ -803,6 +799,8 @@ static int ssh_file_open(BlockDriverState *bs, QDict 
*options, int bdrv_flags,
 /* Go non-blocking. */
 libssh2_session_set_blocking(s->session, 0);
 
+qapi_free_BlockdevOptionsSsh(opts);
+
 return 0;
 
  err:
@@ -811,6 +809,8 @@ static int ssh_file_open(BlockDriverState *bs, QDict 
*options, int bdrv_flags,
 }
 s->sock = -1;
 
+qapi_free_BlockdevOptionsSsh(opts);
+
 return ret;
 }
 
@@ -860,6 +860,7 @@ static int coroutine_fn ssh_co_create_opts(const char 
*filename, QemuOpts *opts,
 int r, ret;
 int64_t total_size = 0;
 QDict *uri_options = NULL;
+BlockdevOptionsSsh *ssh_opts = NULL;
 BDRVSSHState s;
 
 ssh_state_init();
@@ -876,7 +877,13 @@ static int coroutine_fn ssh_co_create_opts(const char 
*filename, QemuOpts *opts,
 goto out;
 }
 
-r = connect_to_ssh(, uri_options,
+ssh_opts = ssh_parse_options(uri_options, errp);
+if (ssh_opts == NULL) {
+ret = -EINVAL;
+goto out;
+}
+
+r = connect_to_ssh(, ssh_opts,
LIBSSH2_FXF_READ|LIBSSH2_FXF_WRITE|
LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC,
0644, errp);
@@ -899,6 +906,7 @@ static int coroutine_fn ssh_co_create_opts(const char 
*filename, QemuOpts *opts,
 if (uri_options != NULL) {
 QDECREF(uri_options);
 }
+qapi_free_BlockdevOptionsSsh(ssh_opts);
 return ret;
 }
 
-- 
2.13.6

[Qemu-devel] [PATCH v4 29/37] sheepdog: Support .bdrv_co_create

[Kevin Wolf]

This adds the .bdrv_co_create driver callback to sheepdog, which enables
image creation over QMP.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 qapi/block-core.json |  24 -
 block/sheepdog.c | 243 +++
 2 files changed, 192 insertions(+), 75 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index e590ab6c71..fd21fc 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3512,6 +3512,28 @@
 'erasure-coded': 'SheepdogRedundancyErasureCoded' } }
 
 ##
+# @BlockdevCreateOptionsSheepdog:
+#
+# Driver specific image creation options for Sheepdog.
+#
+# @location Where to store the new image file
+# @size Size of the virtual disk in bytes
+# @backing-file File name of a base image
+# @preallocationPreallocation mode (allowed values: off, full)
+# @redundancy   Redundancy of the image
+# @object-size  Object size of the image
+#
+# Since: 2.12
+##
+{ 'struct': 'BlockdevCreateOptionsSheepdog',
+  'data': { 'location': 'BlockdevOptionsSheepdog',
+'size': 'size',
+'*backing-file':'str',
+'*preallocation':   'PreallocMode',
+'*redundancy':  'SheepdogRedundancy',
+'*object-size': 'size' } }
+
+##
 # @BlockdevCreateNotSupported:
 #
 # This is used for all drivers that don't support creating images.
@@ -3562,7 +3584,7 @@
   'raw':'BlockdevCreateNotSupported',
   'rbd':'BlockdevCreateOptionsRbd',
   'replication':'BlockdevCreateNotSupported',
-  'sheepdog':   'BlockdevCreateNotSupported',
+  'sheepdog':   'BlockdevCreateOptionsSheepdog',
   'ssh':'BlockdevCreateNotSupported',
   'throttle':   'BlockdevCreateNotSupported',
   'vdi':'BlockdevCreateNotSupported',
diff --git a/block/sheepdog.c b/block/sheepdog.c
index 3966cd229a..8680b2926f 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -15,8 +15,10 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qapi/qapi-visit-sockets.h"
+#include "qapi/qapi-visit-block-core.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qobject-input-visitor.h"
+#include "qapi/qobject-output-visitor.h"
 #include "qemu/uri.h"
 #include "qemu/error-report.h"
 #include "qemu/option.h"
@@ -533,23 +535,6 @@ static void sd_aio_setup(SheepdogAIOCB *acb, 
BDRVSheepdogState *s,
 qemu_co_mutex_unlock(>queue_lock);
 }
 
-static SocketAddress *sd_socket_address(const char *path,
-const char *host, const char *port)
-{
-SocketAddress *addr = g_new0(SocketAddress, 1);
-
-if (path) {
-addr->type = SOCKET_ADDRESS_TYPE_UNIX;
-addr->u.q_unix.path = g_strdup(path);
-} else {
-addr->type = SOCKET_ADDRESS_TYPE_INET;
-addr->u.inet.host = g_strdup(host ?: SD_DEFAULT_ADDR);
-addr->u.inet.port = g_strdup(port ?: stringify(SD_DEFAULT_PORT));
-}
-
-return addr;
-}
-
 static SocketAddress *sd_server_config(QDict *options, Error **errp)
 {
 QDict *server = NULL;
@@ -1882,6 +1867,44 @@ out_with_err_set:
 return ret;
 }
 
+static int sd_create_prealloc(BlockdevOptionsSheepdog *location, int64_t size,
+  Error **errp)
+{
+BlockDriverState *bs;
+Visitor *v;
+QObject *obj = NULL;
+QDict *qdict;
+Error *local_err = NULL;
+int ret;
+
+v = qobject_output_visitor_new();
+visit_type_BlockdevOptionsSheepdog(v, NULL, , _err);
+visit_free(v);
+
+if (local_err) {
+error_propagate(errp, local_err);
+qobject_decref(obj);
+return -EINVAL;
+}
+
+qdict = qobject_to_qdict(obj);
+qdict_flatten(qdict);
+
+qdict_put_str(qdict, "driver", "sheepdog");
+
+bs = bdrv_open(NULL, NULL, qdict, BDRV_O_PROTOCOL | BDRV_O_RDWR, errp);
+if (bs == NULL) {
+ret = -EIO;
+goto fail;
+}
+
+ret = sd_prealloc(bs, 0, size, errp);
+fail:
+bdrv_unref(bs);
+QDECREF(qdict);
+return ret;
+}
+
 static int parse_redundancy(BDRVSheepdogState *s, SheepdogRedundancy *opt)
 {
 struct SheepdogInode *inode = >inode;
@@ -1934,9 +1957,9 @@ static int parse_redundancy(BDRVSheepdogState *s, 
SheepdogRedundancy *opt)
  * # create a erasure coded vdi with x data strips and y parity strips
  * -o redundancy=x:y (x must be one of {2,4,8,16} and 1 <= y < SD_EC_MAX_STRIP)
  */
-static int parse_redundancy_str(BDRVSheepdogState *s, const char *opt)
+static SheepdogRedundancy *parse_redundancy_str(const char *opt)
 {
-struct SheepdogRedundancy redundancy;
+SheepdogRedundancy *redundancy;
 const char *n1, *n2;
 long copy, parity;
 char p[10];
@@ -1947,26 +1970,27 @@ static int parse_redundancy_str(BDRVSheepdogState *s, 
const char *opt)
 n2 = strtok(NULL, ":");
 
 if (!n1) {
-return -EINVAL;
+return NULL;

[Qemu-devel] [PATCH v4 20/37] rbd: Factor out qemu_rbd_connect()

[Kevin Wolf]

The code to establish an RBD connection is duplicated between open and
create. In order to be able to share the code, factor out the code from
qemu_rbd_open() as a first step.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 block/rbd.c | 100 
 1 file changed, 60 insertions(+), 40 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index c1025c8493..99fcc7ecdf 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -546,32 +546,17 @@ out:
 return rados_str;
 }
 
-static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
- Error **errp)
+static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
+char **s_snap, char **s_image_name,
+QDict *options, bool cache, Error **errp)
 {
-BDRVRBDState *s = bs->opaque;
-const char *pool, *snap, *conf, *user, *image_name, *keypairs;
-const char *secretid, *filename;
 QemuOpts *opts;
-Error *local_err = NULL;
 char *mon_host = NULL;
+const char *pool, *snap, *conf, *user, *image_name, *keypairs;
+const char *secretid;
+Error *local_err = NULL;
 int r;
 
-/* If we are given a filename, parse the filename, with precedence given to
- * filename encoded options */
-filename = qdict_get_try_str(options, "filename");
-if (filename) {
-warn_report("'filename' option specified. "
-"This is an unsupported option, and may be deprecated "
-"in the future");
-qemu_rbd_parse_filename(filename, options, _err);
-if (local_err) {
-r = -EINVAL;
-error_propagate(errp, local_err);
-goto exit;
-}
-}
-
 opts = qemu_opts_create(_opts, NULL, 0, _abort);
 qemu_opts_absorb_qdict(opts, options, _err);
 if (local_err) {
@@ -602,35 +587,35 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict 
*options, int flags,
 goto failed_opts;
 }
 
-r = rados_create(>cluster, user);
+r = rados_create(cluster, user);
 if (r < 0) {
 error_setg_errno(errp, -r, "error initializing");
 goto failed_opts;
 }
 
-s->snap = g_strdup(snap);
-s->image_name = g_strdup(image_name);
+*s_snap = g_strdup(snap);
+*s_image_name = g_strdup(image_name);
 
 /* try default location when conf=NULL, but ignore failure */
-r = rados_conf_read_file(s->cluster, conf);
+r = rados_conf_read_file(*cluster, conf);
 if (conf && r < 0) {
 error_setg_errno(errp, -r, "error reading conf file %s", conf);
 goto failed_shutdown;
 }
 
-r = qemu_rbd_set_keypairs(s->cluster, keypairs, errp);
+r = qemu_rbd_set_keypairs(*cluster, keypairs, errp);
 if (r < 0) {
 goto failed_shutdown;
 }
 
 if (mon_host) {
-r = rados_conf_set(s->cluster, "mon_host", mon_host);
+r = rados_conf_set(*cluster, "mon_host", mon_host);
 if (r < 0) {
 goto failed_shutdown;
 }
 }
 
-if (qemu_rbd_set_auth(s->cluster, secretid, errp) < 0) {
+if (qemu_rbd_set_auth(*cluster, secretid, errp) < 0) {
 r = -EIO;
 goto failed_shutdown;
 }
@@ -642,24 +627,65 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict 
*options, int flags,
  * librbd defaults to no caching. If write through caching cannot
  * be set up, fall back to no caching.
  */
-if (flags & BDRV_O_NOCACHE) {
-rados_conf_set(s->cluster, "rbd_cache", "false");
+if (cache) {
+rados_conf_set(*cluster, "rbd_cache", "true");
 } else {
-rados_conf_set(s->cluster, "rbd_cache", "true");
+rados_conf_set(*cluster, "rbd_cache", "false");
 }
 
-r = rados_connect(s->cluster);
+r = rados_connect(*cluster);
 if (r < 0) {
 error_setg_errno(errp, -r, "error connecting");
 goto failed_shutdown;
 }
 
-r = rados_ioctx_create(s->cluster, pool, >io_ctx);
+r = rados_ioctx_create(*cluster, pool, io_ctx);
 if (r < 0) {
 error_setg_errno(errp, -r, "error opening pool %s", pool);
 goto failed_shutdown;
 }
 
+qemu_opts_del(opts);
+return 0;
+
+failed_shutdown:
+rados_shutdown(*cluster);
+g_free(*s_snap);
+g_free(*s_image_name);
+failed_opts:
+qemu_opts_del(opts);
+g_free(mon_host);
+return r;
+}
+
+static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
+ Error **errp)
+{
+BDRVRBDState *s = bs->opaque;
+Error *local_err = NULL;
+const char *filename;
+int r;
+
+/* If we are given a filename, parse the filename, with precedence given to
+ * filename encoded options */
+filename = qdict_get_try_str(options, "filename");
+if (filename) {
+warn_report("'filename' option specified. "
+"This is an unsupported option, and may 

[Qemu-devel] [PATCH v4 13/37] qcow2: Use visitor for options in qcow2_create()

[Kevin Wolf]

Instead of manually creating the BlockdevCreateOptions object, use a
visitor to parse the given options into the QAPI object.

This involves translation from the old command line syntax to the syntax
mandated by the QAPI schema. Option names are still checked against
qcow2_create_opts, so only the old option names are allowed on the
command line, even if they are translated in qcow2_create().

In contrast, new option values are optionally recognised besides the old
values: 'compat' accepts 'v2'/'v3' as an alias for '0.10'/'1.1', and
'encrypt.format' accepts 'qcow' as an alias for 'aes' now.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
Reviewed-by: Eric Blake 
---
 block/qcow2.c  | 218 -
 tests/qemu-iotests/049.out |   8 +-
 tests/qemu-iotests/112.out |   4 +-
 3 files changed, 84 insertions(+), 146 deletions(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index 933c612754..37b0e36c1e 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -37,7 +37,8 @@
 #include "qemu/option_int.h"
 #include "qemu/cutils.h"
 #include "qemu/bswap.h"
-#include "qapi/opts-visitor.h"
+#include "qapi/qobject-input-visitor.h"
+#include "qapi/qapi-visit-block-core.h"
 #include "block/crypto.h"
 
 /*
@@ -2449,37 +2450,6 @@ static int qcow2_crypt_method_from_format(const char 
*encryptfmt)
 }
 }
 
-static QCryptoBlockCreateOptions *
-qcow2_parse_encryption(const char *encryptfmt, QemuOpts *opts, Error **errp)
-{
-QCryptoBlockCreateOptions *cryptoopts = NULL;
-QDict *options, *encryptopts;
-int fmt;
-
-options = qemu_opts_to_qdict(opts, NULL);
-qdict_extract_subqdict(options, , "encrypt.");
-QDECREF(options);
-
-fmt = qcow2_crypt_method_from_format(encryptfmt);
-
-switch (fmt) {
-case QCOW_CRYPT_LUKS:
-cryptoopts = block_crypto_create_opts_init(
-Q_CRYPTO_BLOCK_FORMAT_LUKS, encryptopts, errp);
-break;
-case QCOW_CRYPT_AES:
-cryptoopts = block_crypto_create_opts_init(
-Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp);
-break;
-default:
-error_setg(errp, "Unknown encryption format '%s'", encryptfmt);
-break;
-}
-
-QDECREF(encryptopts);
-return cryptoopts;
-}
-
 static int qcow2_set_up_encryption(BlockDriverState *bs,
QCryptoBlockCreateOptions *cryptoopts,
Error **errp)
@@ -2874,7 +2844,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, 
Error **errp)
 }
 if (version < 3 && qcow2_opts->lazy_refcounts) {
 error_setg(errp, "Lazy refcounts only supported with compatibility "
-   "level 1.1 and above (use compat=1.1 or greater)");
+   "level 1.1 and above (use version=v3 or greater)");
 ret = -EINVAL;
 goto out;
 }
@@ -2892,7 +2862,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, 
Error **errp)
 }
 if (version < 3 && qcow2_opts->refcount_bits != 16) {
 error_setg(errp, "Different refcount widths than 16 bits require "
-   "compatibility level 1.1 or above (use compat=1.1 or "
+   "compatibility level 1.1 or above (use version=v3 or "
"greater)");
 ret = -EINVAL;
 goto out;
@@ -3080,144 +3050,112 @@ out:
 static int coroutine_fn qcow2_co_create_opts(const char *filename, QemuOpts 
*opts,
  Error **errp)
 {
-BlockdevCreateOptions create_options;
-char *backing_file = NULL;
-char *backing_fmt = NULL;
-BlockdevDriver backing_drv;
-char *buf = NULL;
-uint64_t size = 0;
-int flags = 0;
-size_t cluster_size = DEFAULT_CLUSTER_SIZE;
-PreallocMode prealloc;
-int version;
-uint64_t refcount_bits;
-char *encryptfmt = NULL;
-QCryptoBlockCreateOptions *cryptoopts = NULL;
+BlockdevCreateOptions *create_options = NULL;
+QDict *qdict = NULL;
+QObject *qobj;
+Visitor *v;
 BlockDriverState *bs = NULL;
 Error *local_err = NULL;
+const char *val;
 int ret;
 
-/* Read out options */
-size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
-BDRV_SECTOR_SIZE);
-backing_file = qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE);
-backing_fmt = qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FMT);
-backing_drv = qapi_enum_parse(_lookup, backing_fmt,
-  0, _err);
-if (local_err) {
-error_propagate(errp, local_err);
+/* Only the keyval visitor supports the dotted syntax needed for
+ * encryption, so go through a QDict before getting a QAPI type. Ignore
+ * options meant for the protocol layer so that the visitor doesn't
+ * complain. */
+qdict = qemu_opts_to_qdict_filtered(opts, NULL, bdrv_qcow2.create_opts,
+true);
+
+/* 

[Qemu-devel] [PATCH v4 23/37] rbd: Support .bdrv_co_create

[Kevin Wolf]

This adds the .bdrv_co_create driver callback to rbd, which enables
image creation over QMP.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 qapi/block-core.json |  19 ++-
 block/rbd.c  | 150 ++-
 2 files changed, 118 insertions(+), 51 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 9170fbf6e6..d4351877fc 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3436,6 +3436,23 @@
 '*refcount-bits':   'int' } }
 
 ##
+# @BlockdevCreateOptionsRbd:
+#
+# Driver specific image creation options for rbd/Ceph.
+#
+# @location Where to store the new image file. This location cannot
+#   point to a snapshot.
+# @size Size of the virtual disk in bytes
+# @cluster-size RBD object size
+#
+# Since: 2.12
+##
+{ 'struct': 'BlockdevCreateOptionsRbd',
+  'data': { 'location': 'BlockdevOptionsRbd',
+'size': 'size',
+'*cluster-size' :   'size' } }
+
+##
 # @BlockdevCreateNotSupported:
 #
 # This is used for all drivers that don't support creating images.
@@ -3484,7 +3501,7 @@
   'qed':'BlockdevCreateNotSupported',
   'quorum': 'BlockdevCreateNotSupported',
   'raw':'BlockdevCreateNotSupported',
-  'rbd':'BlockdevCreateNotSupported',
+  'rbd':'BlockdevCreateOptionsRbd',
   'replication':'BlockdevCreateNotSupported',
   'sheepdog':   'BlockdevCreateNotSupported',
   'ssh':'BlockdevCreateNotSupported',
diff --git a/block/rbd.c b/block/rbd.c
index 999fea105f..1cd526bcea 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -332,71 +332,55 @@ static QemuOptsList runtime_opts = {
 },
 };
 
-static int coroutine_fn qemu_rbd_co_create_opts(const char *filename,
-QemuOpts *opts,
-Error **errp)
+/* FIXME Deprecate and remove keypairs or make it available in QMP.
+ * password_secret should eventually be configurable in opts->location. Support
+ * for it in .bdrv_open will make it work here as well. */
+static int qemu_rbd_do_create(BlockdevCreateOptions *options,
+  const char *keypairs, const char 
*password_secret,
+  Error **errp)
 {
-Error *local_err = NULL;
-int64_t bytes = 0;
-int64_t objsize;
-int obj_order = 0;
-const char *pool, *image_name, *conf, *user, *keypairs;
-const char *secretid;
+BlockdevCreateOptionsRbd *opts = >u.rbd;
 rados_t cluster;
 rados_ioctx_t io_ctx;
-QDict *options = NULL;
-int ret = 0;
+int obj_order = 0;
+int ret;
+
+assert(options->driver == BLOCKDEV_DRIVER_RBD);
+if (opts->location->has_snapshot) {
+error_setg(errp, "Can't use snapshot name for image creation");
+return -EINVAL;
+}
 
-secretid = qemu_opt_get(opts, "password-secret");
+/* TODO Remove the limitation */
+if (opts->location->has_server) {
+error_setg(errp, "Can't specify server for image creation");
+return -EINVAL;
+}
 
-/* Read out options */
-bytes = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
- BDRV_SECTOR_SIZE);
-objsize = qemu_opt_get_size_del(opts, BLOCK_OPT_CLUSTER_SIZE, 0);
-if (objsize) {
+if (opts->has_cluster_size) {
+int64_t objsize = opts->cluster_size;
 if ((objsize - 1) & objsize) {/* not a power of 2? */
 error_setg(errp, "obj size needs to be power of 2");
-ret = -EINVAL;
-goto exit;
+return -EINVAL;
 }
 if (objsize < 4096) {
 error_setg(errp, "obj size too small");
-ret = -EINVAL;
-goto exit;
+return -EINVAL;
 }
 obj_order = ctz32(objsize);
 }
 
-options = qdict_new();
-qemu_rbd_parse_filename(filename, options, _err);
-if (local_err) {
-ret = -EINVAL;
-error_propagate(errp, local_err);
-goto exit;
-}
-
-/*
- * Caution: while qdict_get_try_str() is fine, getting non-string
- * types would require more care.  When @options come from -blockdev
- * or blockdev_add, its members are typed according to the QAPI
- * schema, but when they come from -drive, they're all QString.
- */
-pool   = qdict_get_try_str(options, "pool");
-conf   = qdict_get_try_str(options, "conf");
-user   = qdict_get_try_str(options, "user");
-image_name = qdict_get_try_str(options, "image");
-keypairs   = qdict_get_try_str(options, "=keyvalue-pairs");
-
-ret = rados_create(, user);
+ret = rados_create(, opts->location->user);
 if (ret < 0) {
 error_setg_errno(errp, -ret, "error initializing");
-goto exit;
+return ret;
 }
 

[Qemu-devel] [PATCH v4 15/37] block: x-blockdev-create QMP command

[Kevin Wolf]

This adds a synchronous x-blockdev-create QMP command that can create
qcow2 images on a given node name.

We don't want to block while creating an image, so this is not the final
interface in all aspects, but BlockdevCreateOptionsQcow2 and
.bdrv_co_create() are what they actually might look like in the end. In
any case, this should be good enough to test whether we interpret
BlockdevCreateOptions as we should.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
Reviewed-by: Eric Blake 
---
 qapi/block-core.json  | 12 
 include/block/block_int.h |  5 +++-
 block/create.c| 76 +++
 block/qcow2.c |  1 +
 block/Makefile.objs   |  2 +-
 5 files changed, 94 insertions(+), 2 deletions(-)
 create mode 100644 block/create.c

diff --git a/qapi/block-core.json b/qapi/block-core.json
index dfea7b0102..88d7a8678d 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3464,6 +3464,18 @@
   } }
 
 ##
+# @x-blockdev-create:
+#
+# Create an image format on a given node.
+# TODO Replace with something asynchronous (block job?)
+#
+# Since: 2.12
+##
+{ 'command': 'x-blockdev-create',
+  'data': 'BlockdevCreateOptions',
+  'boxed': true }
+
+##
 # @blockdev-open-tray:
 #
 # Opens a block device's tray. If there is a block driver state tree inserted 
as
diff --git a/include/block/block_int.h b/include/block/block_int.h
index a84cc04d55..27e17addba 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -129,8 +129,11 @@ struct BlockDriver {
 int (*bdrv_file_open)(BlockDriverState *bs, QDict *options, int flags,
   Error **errp);
 void (*bdrv_close)(BlockDriverState *bs);
-int coroutine_fn (*bdrv_co_create_opts)(const char *filename, QemuOpts 
*opts,
+int coroutine_fn (*bdrv_co_create)(BlockdevCreateOptions *opts,
Error **errp);
+int coroutine_fn (*bdrv_co_create_opts)(const char *filename,
+QemuOpts *opts,
+Error **errp);
 int (*bdrv_make_empty)(BlockDriverState *bs);
 
 void (*bdrv_refresh_filename)(BlockDriverState *bs, QDict *options);
diff --git a/block/create.c b/block/create.c
new file mode 100644
index 00..8bd8a03719
--- /dev/null
+++ b/block/create.c
@@ -0,0 +1,76 @@
+/*
+ * Block layer code related to image creation
+ *
+ * Copyright (c) 2018 Kevin Wolf 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "block/block_int.h"
+#include "qapi/qapi-commands-block-core.h"
+#include "qapi/error.h"
+
+typedef struct BlockdevCreateCo {
+BlockDriver *drv;
+BlockdevCreateOptions *opts;
+int ret;
+Error **errp;
+} BlockdevCreateCo;
+
+static void coroutine_fn bdrv_co_create_co_entry(void *opaque)
+{
+BlockdevCreateCo *cco = opaque;
+cco->ret = cco->drv->bdrv_co_create(cco->opts, cco->errp);
+}
+
+void qmp_x_blockdev_create(BlockdevCreateOptions *options, Error **errp)
+{
+const char *fmt = BlockdevDriver_str(options->driver);
+BlockDriver *drv = bdrv_find_format(fmt);
+Coroutine *co;
+BlockdevCreateCo cco;
+
+/* If the driver is in the schema, we know that it exists. But it may not
+ * be whitelisted. */
+assert(drv);
+if (bdrv_uses_whitelist() && !bdrv_is_whitelisted(drv, false)) {
+error_setg(errp, "Driver is not whitelisted");
+return;
+}
+
+/* Call callback if it exists */
+if (!drv->bdrv_co_create) {
+error_setg(errp, "Driver does not support blockdev-create");
+return;
+}
+
+cco = (BlockdevCreateCo) {
+.drv = drv,
+.opts = options,
+.ret = -EINPROGRESS,
+.errp = errp,
+};
+
+co = qemu_coroutine_create(bdrv_co_create_co_entry, );
+

[Qemu-devel] [PATCH v4 25/37] rbd: Use qemu_rbd_connect() in qemu_rbd_do_create()

[Kevin Wolf]

This is almost exactly the same code. The differences are that
qemu_rbd_connect() supports BlockdevOptionsRbd.server and that the cache
mode is set explicitly.

Supporting 'server' is a welcome new feature for image creation.
Caching is disabled by default, so leave it that way.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 block/rbd.c | 54 ++
 1 file changed, 10 insertions(+), 44 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index 2ac7ffca42..294ed07ac4 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -103,6 +103,11 @@ typedef struct BDRVRBDState {
 char *snap;
 } BDRVRBDState;
 
+static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
+BlockdevOptionsRbd *opts, bool cache,
+const char *keypairs, const char *secretid,
+Error **errp);
+
 static char *qemu_rbd_next_tok(char *src, char delim, char **p)
 {
 char *end;
@@ -351,12 +356,6 @@ static int qemu_rbd_do_create(BlockdevCreateOptions 
*options,
 return -EINVAL;
 }
 
-/* TODO Remove the limitation */
-if (opts->location->has_server) {
-error_setg(errp, "Can't specify server for image creation");
-return -EINVAL;
-}
-
 if (opts->has_cluster_size) {
 int64_t objsize = opts->cluster_size;
 if ((objsize - 1) & objsize) {/* not a power of 2? */
@@ -370,54 +369,21 @@ static int qemu_rbd_do_create(BlockdevCreateOptions 
*options,
 obj_order = ctz32(objsize);
 }
 
-ret = rados_create(, opts->location->user);
+ret = qemu_rbd_connect(, _ctx, opts->location, false, keypairs,
+   password_secret, errp);
 if (ret < 0) {
-error_setg_errno(errp, -ret, "error initializing");
 return ret;
 }
 
-/* try default location when conf=NULL, but ignore failure */
-ret = rados_conf_read_file(cluster, opts->location->conf);
-if (opts->location->conf && ret < 0) {
-error_setg_errno(errp, -ret, "error reading conf file %s",
- opts->location->conf);
-ret = -EIO;
-goto shutdown;
-}
-
-ret = qemu_rbd_set_keypairs(cluster, keypairs, errp);
-if (ret < 0) {
-ret = -EIO;
-goto shutdown;
-}
-
-if (qemu_rbd_set_auth(cluster, password_secret, errp) < 0) {
-ret = -EIO;
-goto shutdown;
-}
-
-ret = rados_connect(cluster);
-if (ret < 0) {
-error_setg_errno(errp, -ret, "error connecting");
-goto shutdown;
-}
-
-ret = rados_ioctx_create(cluster, opts->location->pool, _ctx);
-if (ret < 0) {
-error_setg_errno(errp, -ret, "error opening pool %s",
- opts->location->pool);
-goto shutdown;
-}
-
 ret = rbd_create(io_ctx, opts->location->image, opts->size, _order);
 if (ret < 0) {
 error_setg_errno(errp, -ret, "error rbd create");
+goto out;
 }
 
-rados_ioctx_destroy(io_ctx);
-
 ret = 0;
-shutdown:
+out:
+rados_ioctx_destroy(io_ctx);
 rados_shutdown(cluster);
 return ret;
 }
-- 
2.13.6

[Qemu-devel] [PATCH v4 14/37] block: Make bdrv_is_whitelisted() public

[Kevin Wolf]

We'll use a separate source file for image creation, and we need to
check there whether the requested driver is whitelisted.

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
Reviewed-by: Eric Blake 
---
 include/block/block.h | 1 +
 block.c   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/block/block.h b/include/block/block.h
index 7805187b30..cdec3639a3 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -226,6 +226,7 @@ char *bdrv_perm_names(uint64_t perm);
 void bdrv_init(void);
 void bdrv_init_with_whitelist(void);
 bool bdrv_uses_whitelist(void);
+int bdrv_is_whitelisted(BlockDriver *drv, bool read_only);
 BlockDriver *bdrv_find_protocol(const char *filename,
 bool allow_protocol_prefix,
 Error **errp);
diff --git a/block.c b/block.c
index 4fc65f7621..00f94241fc 100644
--- a/block.c
+++ b/block.c
@@ -370,7 +370,7 @@ BlockDriver *bdrv_find_format(const char *format_name)
 return bdrv_do_find_format(format_name);
 }
 
-static int bdrv_is_whitelisted(BlockDriver *drv, bool read_only)
+int bdrv_is_whitelisted(BlockDriver *drv, bool read_only)
 {
 static const char *whitelist_rw[] = {
 CONFIG_BDRV_RW_WHITELIST
-- 
2.13.6