Re: [Qemu-devel] [PATCH 1/4] add QemuSupportState

[Gerd Hoffmann]

On Wed, Oct 31, 2018 at 03:06:04PM -0300, Eduardo Habkost wrote:
> On Wed, Oct 31, 2018 at 12:04:16PM -0400, John Snow wrote:
> > 
> > 
> > On 10/30/2018 09:32 AM, Philippe Mathieu-Daudé wrote:
> > > Hi Gerd,
> > > 
> > > On 30/10/18 12:13, Gerd Hoffmann wrote:
> > >> Indicates support state for somerhing (device, backend, subsystem, ...)
> > > 
> > > "something"
> > > 
> > >> in qemu.  Modeled roughly after the "S:" states we have in MAINTANERS.
> > >>
> > >> Signed-off-by: Gerd Hoffmann 
> > >> ---
> > >>   include/qemu/support-state.h | 17 +
> > >>   util/support-state.c | 23 +++
> > >>   qapi/common.json | 16 
> > >>   util/Makefile.objs   |  1 +
> > >>   4 files changed, 57 insertions(+)
> > >>   create mode 100644 include/qemu/support-state.h
> > >>   create mode 100644 util/support-state.c
> > >>
> > >> diff --git a/include/qemu/support-state.h b/include/qemu/support-state.h
> > >> new file mode 100644
> > >> index 00..5fd3c83eee
> > >> --- /dev/null
> > >> +++ b/include/qemu/support-state.h
> > >> @@ -0,0 +1,17 @@
> > >> +#ifndef QEMU_SUPPORT_STATE_H
> > >> +#define QEMU_SUPPORT_STATE_H
> > >> +
> > >> +#include "qapi/qapi-types-common.h"
> > >> +
> > >> +typedef struct QemuSupportState {
> > >> +    SupportState state;
> > >> +    const char *reason;
> > >> +} QemuSupportState;
> > >> +
> > >> +void qemu_warn_support_state(const char *type, const char *name,
> > >> + QemuSupportState *state);
> > >> +
> > >> +bool qemu_is_deprecated(QemuSupportState *state);
> > >> +bool qemu_is_obsolete(QemuSupportState *state);
> > >> +
> > >> +#endif /* QEMU_SUPPORT_STATE_H */
> > >> diff --git a/util/support-state.c b/util/support-state.c
> > >> new file mode 100644
> > >> index 00..7966fa0fc7
> > >> --- /dev/null
> > >> +++ b/util/support-state.c
> > >> @@ -0,0 +1,23 @@
> > >> +#include "qemu/osdep.h"
> > >> +#include "qemu/error-report.h"
> > >> +#include "qemu/support-state.h"
> > >> +
> > >> +void qemu_warn_support_state(const char *type, const char *name,
> > >> + QemuSupportState *state)
> > >> +{
> > >> +    warn_report("%s %s is %s%s%s%s", type, name,
> > >> +    SupportState_str(state->state),
> > >> +    state->reason ? " ("  : "",
> > >> +    state->reason ? state->reason : "",
> > >> +    state->reason ? ")"   : "");
> > >> +}
> > >> +
> > >> +bool qemu_is_deprecated(QemuSupportState *state)
> > >> +{
> > >> +    return state->state == SUPPORT_STATE_DEPRECATED;
> > >> +}
> > >> +
> > >> +bool qemu_is_obsolete(QemuSupportState *state)
> > >> +{
> > >> +    return state->state == SUPPORT_STATE_OBSOLETE;
> > >> +}
> > >> diff --git a/qapi/common.json b/qapi/common.json
> > >> index 021174f04e..78176151af 100644
> > >> --- a/qapi/common.json
> > >> +++ b/qapi/common.json
> > >> @@ -151,3 +151,19 @@
> > >>    'ppc64', 'riscv32', 'riscv64', 's390x', 'sh4',
> > >>    'sh4eb', 'sparc', 'sparc64', 'tricore', 'unicore32',
> > >>    'x86_64', 'xtensa', 'xtensaeb' ] }
> > >> +
> > >> +##
> > >> +# @SupportState:
> > >> +#
> > >> +# Indicate Support level of qemu devices, backends, subsystems, ...
> > >> +#
> > >> +# Since: 3.2
> > >> +##
> > >> +{ 'enum': 'SupportState',
> > >> +  'data': [ 'unknown',
> > > 
> > > 'unknown' is scary and should be fixed.
> > > 
> > >> +    'supported',
> > >> +    'maintained',
> > >> +    'odd-fixes',
> > > 
> > > All those fit in 'supported'
> > > 
> > >> +    'orphan',
> > >> +    'obsolete',
> > >> +    'deprecated' ] }
> > > 
> > > And all those should appear as 'deprecated' IMHO.
> > > 
> > 
> > You've covered it a bit below, but I think we need more than "supported"
> > and "deprecated" -- at *least* a third state "unsupported" is required, IMO:
> > 
> > - Supported: We expect this to work. We test this component. We will
> > ship CVE fixes in a timely manner for this component. You are, as a
> > user, using something that is cared for and you may rely on us to care
> > for it.

supported + maintained.  Yes, merging them makes sense probably.

> > - Unsupported: We expect this to work, but nobody is tending to it
> > actively. It might be perfectly OK, but the tests and support may be
> > lacking. Try not to rely on this in an enterprise environment unless you
> > have resources to devote to caring for it personally. I'd count things
> > like Raspberry Pi boards in this category: they work, usually, but not
> > fully. Some people are working on them, but they're not ready for prime
> > time usage.
> 
> I wonder: do we need a distinction between code that's
> unsupported and expected to be removed in the next versions of
> QEMU, and code that's unsupported but not planned to be removed
> yet?

odd-fixes + orphan would be the "not planned to be removed" bucket.
Maybe merge 

Re: [Qemu-devel] [PATCH 1/4] add QemuSupportState

[Gerd Hoffmann]

  Hi,

> > - Maintainers can deprecate stuffs
> > - Orphan code can become Supported
> > - Once scheduled for removal, there is no way back
> > - 'Unknown' seems pretty similar to 'Orphan'.
> 
> I'm still worried that the supported/unsupported distinction may
> cause unnecessary hassle for every downstream distributor of
> QEMU.  Do we really have a need to differentiate supported vs
> unsupported device types at runtime?

How do you suggest to handle cirrus then?

Trying to deprecate it outright didn't work very well, kind of
understandable given that it has been the default for a long time.

So I think we have to mark cirrus as "obsolete", printing a message for
the users that they should switch to another display device (stdvga for
example), but keep it working for a while.

There are also a bunch of devices where I suspect they are not used much
if at all.  All those isa sound cards for example.  Playing old DOS
games is pretty much the only use case I can think of.  But I'm
wondering whenever people actually use qemu for that.  There are
alternatives which probably handle that use case better, i.e. dosbox.

Simliar case is bluetooth emulation.  I can't remember having seen any
message or patch for years.

Tagging such devices as "obsolete", with a message asking people to
report their use cases, might help figuring if and why those devices are
used in the wild.

> I'd prefer to make support/unsupported differentiation to be a
> build system feature (e.g. a CONFIG_UNSUPPORTED build-time
> option) instead of a QMP/runtime feature.

That would be nice too, but I think we need kbuild first, otherwise
it'll be pretty messy.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH] chardev: fix mess in OPENED/CLOSED events when muxed

[Marc-André Lureau]

Hi
On Mon, Nov 5, 2018 at 11:22 AM Artem Pisarenko
 wrote:
>
> Sorry, I forgot to check unit tests. Although, it's very strange that this 
> specific test failed while things work functionally...
>
> > I am a bit reluctant to take patches that don't actually "fix" things.
> >
> > Could you add some tests to demonstrate the problems?
>
> Ok
>
> >> @@ -257,6 +257,7 @@ void qemu_chr_fe_set_handlers(CharBackend *b,
> >>  {
> >>  Chardev *s;
> >>  int fe_open;
> >> +static __thread bool mux_reentered;
> >
> > Not very elegant. Maybe mux_chr_set_handlers() could call a refactored
> > internal chr_fe_set_handlers() with an extra arg "no_open_event" ?
>
> Agree. It would make this hack more elegant. Although, it may become 
> irrelevant as soon as I'll find soultion for failed docker test...
>
> >> @@ -272,21 +272,24 @@ static void char_mux_finalize(Object *obj)
> >>  for (i = 0; i < d->mux_cnt; i++) {
> >>  CharBackend *be = d->backends[i];
> >>  if (be) {
> >> +if (be->chr && be->chr->be_open) {
> >> +qemu_chr_be_event(be->chr, CHR_EVENT_CLOSED);
> >> +}
> >
> > It looks like this could be a seperate patch, with a seperate test.
>
> Why this should be separate ? Do you mean that overall "opened/closed" 
> pairing fix should be separated to "opened" fix+test and "closed" fix+test ?
>
> Since in next version it cannot be single patch anymore, how should I proceed 
> with it ? Should I publish it as patch series with same subject marked as V2 
> or start new patch series?

A patch series would be great. You can keep the subject and make it v2.

thanks

Re: [Qemu-devel] [PATCH 4/4] MAINTAINERS: s390/boot: the ipl code and the bios belong together

[Thomas Huth]

On 2018-10-29 16:42, Christian Borntraeger wrote:
> The s390-ccw bios and the ipl code do work in lock-step. Let us merge
> them in the maintainer file.
> 
> Signed-off-by: Christian Borntraeger 
> ---
>  MAINTAINERS | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index e63cfa2..8ce223d 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -946,10 +946,11 @@ T: git git://github.com/cohuck/qemu.git s390-next
>  T: git git://github.com/borntraeger/qemu.git s390-next
>  L: qemu-s3...@nongnu.org
>  
> -S390-ccw Bios
> +S390-ccw boot
>  M: Christian Borntraeger 
>  M: Thomas Huth 
>  S: Supported
> +F: hw/s390x/ipl.*
>  F: pc-bios/s390-ccw/
>  F: pc-bios/s390-ccw.img
>  T: git git://github.com/borntraeger/qemu.git s390-next
> 

Acked-by: Thomas Huth 

Re: [Qemu-devel] [PATCH] chardev: fix mess in OPENED/CLOSED events when muxed

[Artem Pisarenko]

Sorry, I forgot to check unit tests. Although, it's very strange that this
specific test failed while things work functionally...

> I am a bit reluctant to take patches that don't actually "fix" things.
>
> Could you add some tests to demonstrate the problems?

Ok

>> @@ -257,6 +257,7 @@ void qemu_chr_fe_set_handlers(CharBackend *b,
>>  {
>>  Chardev *s;
>>  int fe_open;
>> +static __thread bool mux_reentered;
>
> Not very elegant. Maybe mux_chr_set_handlers() could call a refactored
> internal chr_fe_set_handlers() with an extra arg "no_open_event" ?

Agree. It would make this hack more elegant. Although, it may become
irrelevant as soon as I'll find soultion for failed docker test...

>> @@ -272,21 +272,24 @@ static void char_mux_finalize(Object *obj)
>>  for (i = 0; i < d->mux_cnt; i++) {
>>  CharBackend *be = d->backends[i];
>>  if (be) {
>> +if (be->chr && be->chr->be_open) {
>> +qemu_chr_be_event(be->chr, CHR_EVENT_CLOSED);
>> +}
>
> It looks like this could be a seperate patch, with a seperate test.

Why this should be separate ? Do you mean that overall "opened/closed"
pairing fix should be separated to "opened" fix+test and "closed" fix+test ?

Since in next version it cannot be single patch anymore, how should I
proceed with it ? Should I publish it as patch series with same subject
marked as V2 or start new patch series?

Re: [Qemu-devel] [PATCH v3 7/8] target-alpha: use HTTPS git URL for palcode

[Richard Henderson]

On 11/4/18 11:24 AM, Stefan Hajnoczi wrote:
> When you clone the repository without previous commit history, 'git://'
> doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
> since the client verifies the server certificate.
> 
> Cc: Richard Henderson 
> Suggested-by: Eric Blake 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  pc-bios/README | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Acked-by: Richard Henderson 


r~

Re: [Qemu-devel] [RFC PATCH spice v2 1/2] QXL interface: add functions to identify monitors in the guest

[Gerd Hoffmann]

> 2. Have a single function as follows:
> 
> void spice_qxl_set_device_info(QXLInstance *instance,
>const char *device_address,
>uint32_t device_display_id_start,
>uint32_t device_display_id_count);

How about:

void spice_qxl_set_device_info(QXLInstance *instance,
   const char *device_address,
   uint32_t device_display_id);

I don't think we need start+count:

 * For single-head devices device_display_id will be zero.
 * For one-channel-per-head multihead devices (i.e. virtio-gpu)
   device_display_id will enumerate the heads (so everybody can figure
   which channel is which head).
 * For one-channel-per-device multihead devices (i.e. qxl/linux)
   device_display_id will be zero too.  Number of heads is set via
   spice_qxl_set_max_monitors().

cheers,
  Gerd

Re: [Qemu-devel] one issue about usb passsthrough devices

[gerd hoffmann]

On Thu, Nov 01, 2018 at 01:57:15AM +, linzhecheng wrote:
> Hi, all
> A found a problem about libusb, the reproducing steps are as followed:
> 1. start up a vm with host-usb devices
> 2. kill -9 `pgrep qemu`
> We can not see the usb device on host any more, I think this is because qemu 
> has no chance to release
> resources to kernel in this case.

Yes.

> How can we recover environment if we encounter this problem?

Unplug device, plug it again?
Use -TERM instead of -KILL, so it doesn't happen in the first place?

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v4 01/13] qtest: Add set_irq_in command to set IRQ/GPIO level

[Thomas Huth]

On 2018-11-02 18:07, Steffen Görtz wrote:
> Adds a new qtest command "set_irq_in" which allows
> to set qemu gpio lines to a given level.
> 
> Based on https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02363.html
> which never got merged.
> 
> Signed-off-by: Steffen Görtz 
> Originally-by: Matthew Ogilvie 
> Reviewed-by: Stefan Hajnoczi 
> ---
>  qtest.c  | 43 +++
>  tests/libqtest.c | 10 ++
>  tests/libqtest.h | 28 
>  3 files changed, 81 insertions(+)
[...]
> diff --git a/tests/libqtest.h b/tests/libqtest.h
> index ed88ff99d5..65bffa9ace 100644
> --- a/tests/libqtest.h
> +++ b/tests/libqtest.h
> @@ -232,6 +232,19 @@ void qtest_irq_intercept_in(QTestState *s, const char 
> *string);
>   */
>  void qtest_irq_intercept_out(QTestState *s, const char *string);
>  
> +/**
> + * qtest_set_irq_in:
> + * @s: QTestState instance to operate on.
> + * @string: QOM path of a device
> + * @name: IRQ name
> + * @irq: IRQ number
> + * @level: IRQ level
> + *
> + * Force given device/irq GPIO-in pin to the given level.
> + */
> +void qtest_set_irq_in(QTestState *s, const char *string, const char *name,
> +  int irq, int level);
> +
>  /**
>   * qtest_outb:
>   * @s: #QTestState instance to operate on.
> @@ -678,6 +691,21 @@ static inline void irq_intercept_out(const char *string)
>  qtest_irq_intercept_out(global_qtest, string);
>  }
>  
> +/**
> + * qtest_set_irq_in:
> + * @string: QOM path of a device
> + * @name: IRQ name
> + * @irq: IRQ number
> + * @level: IRQ level
> + *
> + * Force given device/IRQ GPIO-in pin to the given level.
> + */
> +static inline void set_irq_in(const char *string, const char *name,
> +  int irq, int level)
> +{
> +qtest_set_irq_in(global_qtest, string, name, irq, level);
> +}
> +
>  /**
>   * outb:
>   * @addr: I/O port to write to.
> 

 Hi Steffen,

please don't add any new function wrappers around global_qtest anymore.
We recently already started to get rid of this global variable in a
couple of places (see
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=db57d7a3c284db2315d9 and
preceding commits for example), since it causes trouble in tests that
want to run multiple QEMU instances at once (in migration tests for
example). It would be good to have new code clean for this right from
the start.

 Thanks,
  Thomas

Re: [Qemu-devel] [PATCH RFC v7 0/9] qemu_thread_create: propagate errors to callers to check

[Fei Li]

Sorry that somehow forget the "#include "qemu/error-report.h" for
hw/usb/ccid-card-emulated.c

Have a nice day, thanks
Fei

On 11/04/2018 02:09 AM, no-re...@patchew.org wrote:

Hi,

This series failed docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20181101101715.9443-1-...@suse.com
Subject: [Qemu-devel] [PATCH RFC v7 0/9] qemu_thread_create: propagate errors 
to callers to check

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-quick@centos7 SHOW_ENV=1 J=8
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
8239f692a6 qemu_thread_create: propagate the error to callers to handle
f73c91c32a migration: add more error handling for postcopy_ram_enable_notify
6b8c9d0a7b migration: remove unused _err parameter in migrate_set_error
adcb648e2e migration: fix the multifd code when receiving less channels
ce89d9baf9 migration: fix the multifd code when sending less channels
a06e512206 migration: fix some segmentation faults when using multifd
7f516dc786 qemu_thread_join: fix segmentation fault
a6f6f24ff3 qemu_init_vcpu: add a new Error parameter to propagate
b44013aa26 Fix segmentation fault when qemu_signal_init fails

=== OUTPUT BEGIN ===
   BUILD   centos7
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-6f6bzbwa/src'
   GEN 
/var/tmp/patchew-tester-tmp-6f6bzbwa/src/docker-src.2018-11-03-14.07.14.17130/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-6f6bzbwa/src/docker-src.2018-11-03-14.07.14.17130/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-6f6bzbwa/src/docker-src.2018-11-03-14.07.14.17130/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-6f6bzbwa/src/docker-src.2018-11-03-14.07.14.17130/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
   COPYRUNNER
 RUN test-quick in qemu:centos7
Packages installed:
SDL-devel-1.2.15-14.el7.x86_64
bison-3.0.4-1.el7.x86_64
bzip2-1.0.6-13.el7.x86_64
bzip2-devel-1.0.6-13.el7.x86_64
ccache-3.3.4-1.el7.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el7.x86_64
flex-2.5.37-3.el7.x86_64
gcc-4.8.5-28.el7_5.1.x86_64
gettext-0.19.8.1-2.el7.x86_64
git-1.8.3.1-14.el7_5.x86_64
glib2-devel-2.54.2-2.el7.x86_64
libaio-devel-0.3.109-13.el7.x86_64
libepoxy-devel-1.3.1-2.el7_5.x86_64
libfdt-devel-1.4.6-1.el7.x86_64
lzo-devel-2.06-8.el7.x86_64
make-3.82-23.el7.x86_64
mesa-libEGL-devel-17.2.3-8.20171019.el7.x86_64
mesa-libgbm-devel-17.2.3-8.20171019.el7.x86_64
nettle-devel-2.7.1-8.el7.x86_64
package g++ is not installed
package librdmacm-devel is not installed
pixman-devel-0.34.0-1.el7.x86_64
spice-glib-devel-0.34-3.el7_5.1.x86_64
spice-server-devel-0.14.0-2.el7_5.4.x86_64
tar-1.26-34.el7.x86_64
vte-devel-0.28.2-10.el7.x86_64
xen-devel-4.6.6-12.el7.x86_64
zlib-devel-1.2.7-17.el7.x86_64

Environment variables:
PACKAGES=bison bzip2 bzip2-devel ccache csnappy-devel flex  
   g++ gcc gettext git glib2-devel libaio-devel 
libepoxy-devel libfdt-devel librdmacm-devel lzo-devel make 
mesa-libEGL-devel mesa-libgbm-devel nettle-devel pixman-devel 
SDL-devel spice-glib-devel spice-server-devel tar vte-devel 
xen-devel zlib-devel
HOSTNAME=ec6a074d2e2d
MAKEFLAGS= -j8
J=8
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
SHLVL=1
HOME=/home/patchew
TEST_DIR=/tmp/qemu-test
FEATURES= dtc
DEBUG=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/install
BIOS directory/tmp/qemu-test/install/share/qemu
firmware path /tmp/qemu-test/install/share/qemu-firmware
binary directory  /tmp/qemu-test/install/bin
library directory /tmp/qemu-test/install/lib
module directory  /tmp/qemu-test/install/lib/qemu
libexec directory /tmp/qemu-test/install/libexec
include directory /tmp/qemu-test/install/include
config directory  /tmp/qemu-test/install/etc
local state directory   /tmp/qemu-test/install/var
Manual directory  /tmp/qemu-test/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
GIT binarygit
GIT submodules
C compilercc
Host C compiler   cc
C++ compiler
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 

[Qemu-devel] [Bug 1496384] Re: Error 0x5D in Qemu for Windows

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1496384

Title:
  Error 0x5D in Qemu for Windows

Status in QEMU:
  Expired

Bug description:
  The reason to use qemu for Windows is that the mouse in emulated Windows 
works well while it is unusable in  qemu at Ubuntu. 
  Alternative solution/bug is mouse usability in qemu for Linux.
  Well-known issue of error 0x5D when booting Win 7 x64 on qemu without kvm, 
marked as resolved at Linux.

  Used qemu for Windows downloaded from http://qemu.weilnetz.de/
  Tested on  qemu 2.3.94 64-bit and  qemu 2.4.0 32-bit.

  Options :
  qemu-system-x86_64.exe  -m 1536 -cpu 
qemu64,+nx,+pae,+mce,+cx8,+apic,+sep,+mtrr,+pge,+mca,+cmov,+pat,+pse36,+clflush,+acpi,+mmx,+fxsr,+sse,+sse2,+ss,+fxsr,+sse,+sse2,+ss,+de,+mtrr,+mca,+clflush
   win_7_work.qcow2

  On qemu at Ubuntu with kvm Win7 x64 works ,but mouse is unusable as
  mentioned above.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1496384/+subscriptions

[Qemu-devel] [Bug 1497479] Re: memory corruption with migrate/savevm in TCG mode

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1497479

Title:
  memory corruption with migrate/savevm in TCG mode

Status in QEMU:
  Expired

Bug description:
  [ISSUE]

  QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
  enabling the global dirty pages log and entering the final stage of
  saving the VM.

  [DESCRIPTION]

  The situation is the following:
  1. TLB misses is the only way for page dirtying in the TCG mode.
  2. If TLB is always hit by a running VM code during the execution of the 
`ram_save_iterate' by migration thread then these pages are missing in the 
dirty log. The TLB is always hit for instance when the VM is mostly idling and 
the Kernel only handles APIC timer interrupts.
  3. These pages are then missed during `ram_save_complete' stage.
  4. This makes memory content in a saved VM state differ from the actual VM 
memory.
  5. If the affected memory pages contain some Kernel data structures these can 
be corrupted by this memory inconsistency, causing Kernel to Oops after loading 
the saved state.

  [SOLUTION]

  A proposed solution is to flush TLB when `log_global_start' is called.
  Here is the patch: 
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch

  [LINKS]

  Ubuntu bug:
  https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1497479/+subscriptions

[Qemu-devel] [Bug 1496712] Re: no bootable device after qemu-img convert parallels windows 2012 r2 to raw/qcow2

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1496712

Title:
  no bootable device after qemu-img convert parallels windows 2012 r2 to
  raw/qcow2

Status in QEMU:
  Expired

Bug description:
  Hello
  We have converted a parallels windows 2012 R2 image with the command
  qemu-img convert -p -f parallels -O raw 
./TestLibvirt.pvm/TestLibvirtMig-0.hdd/TestLibvirtMig-0.hdd.0.hds 
/var/lib/libvirt/images/testlibvirtmig.raw

  Afterthat we have created a new entry with virtual machine manager and
  used this raw-hdd file as "import existing disk image"

  Then we booted this virtual server and we got the error 
  "Booting from Hard Disk"
  "no Bootable device"

  Test 1: we also tried to "overwrite" the windows server drive
  1. Create a vm with windows 2012 r2 (W2K12R2) with virtual machine manager. 
Which runs good
  2. Then we mounted in the command line the "no bootable device" server  as 
source (raw image)
  mount /ev/mapper/loop0p4 /mnt/source
  3. Then we mounted the new created (W2K12R2) as target (raw image)
  mount /ev/mapper/loop1p2 /mnt/target
  4. with the copy command we have overwritten all files on the windows drive
  rsync -av --delete /mnt/source/* /mnt/target/ 
  5. reboot the server and we have a blue screen and it tells me something 
prl_strg.sys 
   "your PC ran into a problem and needs to restart .. If you'd like to 
know more, you can search online later for this error: 
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED(prl_strg.sys)

  Test 2: We also did a qemu-img convert from an ubuntu 14.04 disk and
  this works perfect.

  Thanks a lot
  Moritz

  PS: Installation of Host-Server uses: ubuntu vivid 15.04 with
  qemu-system 1:2.2+dfsg-5expubuntu9.4
  libvirt-bin 1.2.12-0ubuntu14.2
  libvirt-glib-1.0-0  0.1.9-4
  libvirt01.2.12-0ubuntu14.2
  virt-manager1:1.0.1-5ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1496712/+subscriptions

[Qemu-devel] [PATCH] blockdev: handle error on block latency histogram set error

[zhenwei pi]

Function block_latency_histogram_set may return error, but qapi ignore this.
This can be reproduced easily by qmp command:
virsh qemu-monitor-command INSTANCE '{"execute":"x-block-latency-histogram-set",
"arguments":{"device":"drive-virtio-disk1","boundaries":[10,200,40]}}'
In fact this command does not work, but we still get success result.

qmp_x_block_latency_histogram_set is a batch setting API, report error ASAP.

Signed-off-by: zhenwei pi 
---
 blockdev.c | 19 ---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index a8755bd..03b1aa3 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -4377,6 +4377,7 @@ void qmp_x_block_latency_histogram_set(
 {
 BlockBackend *blk = blk_by_name(device);
 BlockAcctStats *stats;
+int ret;
 
 if (!blk) {
 error_setg(errp, "Device '%s' not found", device);
@@ -4392,21 +4393,33 @@ void qmp_x_block_latency_histogram_set(
 }
 
 if (has_boundaries || has_boundaries_read) {
-block_latency_histogram_set(
+ret = block_latency_histogram_set(
 stats, BLOCK_ACCT_READ,
 has_boundaries_read ? boundaries_read : boundaries);
+if (ret) {
+error_setg(errp, "Device '%s' set read boundaries fail", device);
+return;
+}
 }
 
 if (has_boundaries || has_boundaries_write) {
-block_latency_histogram_set(
+ret = block_latency_histogram_set(
 stats, BLOCK_ACCT_WRITE,
 has_boundaries_write ? boundaries_write : boundaries);
+if (ret) {
+error_setg(errp, "Device '%s' set write boundaries fail", device);
+return;
+}
 }
 
 if (has_boundaries || has_boundaries_flush) {
-block_latency_histogram_set(
+ret = block_latency_histogram_set(
 stats, BLOCK_ACCT_FLUSH,
 has_boundaries_flush ? boundaries_flush : boundaries);
+if (ret) {
+error_setg(errp, "Device '%s' set flush boundaries fail", device);
+return;
+}
 }
 }
 
-- 
2.7.4

Re: [Qemu-devel] [PATCH v4 00/23] ACPI reorganization for hardware-reduced support

[Samuel Ortiz]

Hi Igor,

On Fri, Nov 02, 2018 at 01:29:25PM +0100, Igor Mammedov wrote:
> On Thu,  1 Nov 2018 11:22:40 +0100
> Samuel Ortiz  wrote:
> 
> Thanks for looking at ACPI mess we have in QEMU and trying to make it better,
Thanks for the initial review and feedback.

> this series look a bit hackish probably because it was written to suit new
> virt board, so it needs some more clean up to be done.
>
> > This patch set provides an ACPI code reorganization in preparation for
> > adding hardware-reduced support to QEMU.
> QEMU already has hw reduced implementation, specifically in arm/virt board
Back in May, I tried booting a virt machine type with "acpi=force" with
no success, and today's HEAD still fails. With "acpi=on":

[0.00] ACPI: Early table checksum verification disabled
[0.00] ACPI: Failed to init ACPI tables

So this code has been broken for several months and I suspect it's not
really run by anyone.
Moreover, even though the virt-acpi-build.c code aims at building a
hardware-reduced ACPI compliant set of tables, the implementation is
largely specific to the arm/virt board. We did take the generic parts
from it in order to build a shareable API across architectures.

So by "adding hardware-reduced support to QEMU", we meant providing a
architecture and machine type agnostic hardware-reduced ACPI
implementation that all QEMU machine types could use.
I'll make sure to change the cover letter wording and rephrase it to
reflect our intention.

> > The changes are coming from the NEMU [1] project where we're defining
> > a new x86 machine type: i386/virt. This is an EFI only, ACPI
> > hardware-reduced platform and as such we had to implement support
> > for the latter.
> > 
> > As a preliminary for adding hardware-reduced support to QEMU, we did
> s:support to QEMU:support for new i386/virt machine:
Most of this serie moves non x86 specific stuff out of i386 into the
(theoretically) architecture agnostic hw/acpi folder in order to a) reuse
and share as much as possible of the non x86 specific ACPI code that
currently lives under hw/i386 and b) improve and extend the current
hw/acpi APIs.
So on one hand I agree this cover letter needs massaging, but on the
other hand I feel it's unfair to say there's anything specific to
i386/virt on this serie. At least we tried really hard to avoid falling
into that trap.

> > some ACPI code reorganization with the following goals:
> > 
> > * Share as much as possible of the current ACPI build APIs between
> >   legacy and hardware-reduced ACPI.
> > * Share the ACPI build code across machine types and architectures and
> >   remove the typical PC machine type dependency.
> >   Eventually we hope to see arm/virt also re-use much of that code.
> it probably should be other way around, generalize and reuse as much of
> arm/virt acpi code,
Our hardware-reduced implementation does that indeed, and the next
patchset following this one will add the actual hardware-reduced ACPI
API implementation together with the arm/virt switch to it (which will
mostly be code removal from virt-acpi-build.c).

> instead of adding new duplicated code without
> an actual user and then swapping/dropping old arm version in favor of the
> new one.
This patch set is not adding any code duplication, I hope.
It's really preparing the current ACPI code in order to precisely NOT add
code duplication when building a machine type agnostic hardware reduced
ACPI API.
I initally added our hardware-reduced ACPI API to that patch serie but
decided to remove it. Here is what it looks like:
https://github.com/intel/nemu/blob/topic/virt-x86/hw/acpi/reduced.c

It's consuming the factorization work that this serie provides, and the
arm/virt machine type will use a fairly large part of that API.

> It's hard to review when it done in this order and easy to miss
> issues that would be easier to spot if you reused arm versions (where
> applicable) as starting point for generalization.
> 
> Here are some generic suggestions/nits that apply to whole series:
>   * s/Factorize/Factor out/
>   * try to restructure series in following way
>  1. put bug fixes at the beginning of series.
I'll try to do that, yes.


> 'make V=1 check' should produce tables diffs to account for
> changes made in the tables.
I'll run the make check tests, thanks for the reminder.


> After error fixing, add an extra patch to update reference
> ACPI tables to simplify testing for reviewing and so for
> self-check when you'll be doing refactoring to make sure
> there aren't any changes during generalization/refactoring
> later.
>
>  2. instead of adding 'new' implementations try to generalize
> existing ones so that a user for new code will always exist.
> It's also makes patches easier to review/test.
The PC machine type is consuming all the exported API and e.g. the
new ACPI builder interface as well.


>  3. Since you are touching/moving around 

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

[Li Qiang]

Kevin Wolf  于2018年11月2日周五 下午11:42写道：

> Am 02.11.2018 um 16:22 hat Li Qiang geschrieben:
> > Hello Kevin,
> >
> > Kevin Wolf  于2018年11月2日周五 下午6:54写道：
> >
> > > Am 02.11.2018 um 02:22 hat Li Qiang geschrieben:
> > > > Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> > > > This can lead an oob access issue. This is triggerable in the guest.
> > > > Add check to avoid this issue.
> > > >
> > > > Fixes CVE-2018-16847.
> > > >
> > > > Reported-by: Li Qiang 
> > > > Reviewed-by: Paolo Bonzini 
> > > > Signed-off-by: Li Qiang 
> > > > ---
> > > >  hw/block/nvme.c | 7 +++
> > > >  1 file changed, 7 insertions(+)
> > > >
> > > > diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> > > > index fc7dacb..d097add 100644
> > > > --- a/hw/block/nvme.c
> > > > +++ b/hw/block/nvme.c
> > > > @@ -1175,6 +1175,10 @@ static void nvme_cmb_write(void *opaque,
> hwaddr
> > > addr, uint64_t data,
> > > >  unsigned size)
> > > >  {
> > > >  NvmeCtrl *n = (NvmeCtrl *)opaque;
> > > > +
> > > > +if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
> > >
> > > What prevents a guest from moving the device to the end of the address
> > > space and causing an integer overflow in addr + size?
> > >
> > >
> > This can't happen as the addr can't be any value, it just can be in the
> > Memory Region n->ctrl_mem defines.
>
> Yes, but can't the guest map that memory region whereever it wants?
>
>
I think it can't happen, as the 'addr' here is the relative offset in the
MR.
As we don't (can't) register such a MMIO region(the end of this region is
very big to
make addr+size overflow, size here can only be 1,2, 4, 8,). So the 'addr'
here can't be that large.

Thanks,
Li Qiang


> (As Keith confirmed, the integer overflow doesn't seem to have any bad
> consequences here, but anyway.)
>
> Kevin
>

[Qemu-devel] [PATCH v5 19/24] hw: acpi: Retrieve the PCI bus from AcpiPciHpState

[Samuel Ortiz]

From: Sebastien Boeuf 

Instead of using the machine type specific method find_i440fx() to
retrieve the PCI bus, this commit aims to rely on the fact that the
PCI bus is known by the structure AcpiPciHpState.

When the structure is initialized through acpi_pcihp_init() call,
it saves the PCI bus, which means there is no need to invoke a
special function later on.

Based on the fact that find_i440fx() was only used there, this
patch also removes the function find_i440fx() itself from the
entire codebase.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Sebastien Boeuf 
Signed-off-by: Jing Liu 
---
 include/hw/i386/pc.h  |  1 -
 hw/acpi/pcihp.c   | 10 --
 hw/pci-host/piix.c|  8 
 stubs/pci-host-piix.c |  6 --
 stubs/Makefile.objs   |  1 -
 5 files changed, 4 insertions(+), 22 deletions(-)
 delete mode 100644 stubs/pci-host-piix.c

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 44cb6bf3f3..8e5f1464eb 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -255,7 +255,6 @@ PCIBus *i440fx_init(const char *host_type, const char 
*pci_type,
 MemoryRegion *pci_memory,
 MemoryRegion *ram_memory);
 
-PCIBus *find_i440fx(void);
 /* piix4.c */
 extern PCIDevice *piix4_dev;
 int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn);
diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index 80d42e12ff..254b2e50ab 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -93,10 +93,9 @@ static void *acpi_set_bsel(PCIBus *bus, void *opaque)
 return bsel_alloc;
 }
 
-static void acpi_set_pci_info(void)
+static void acpi_set_pci_info(AcpiPciHpState *s)
 {
 static bool bsel_is_set;
-PCIBus *bus;
 unsigned bsel_alloc = ACPI_PCIHP_BSEL_DEFAULT;
 
 if (bsel_is_set) {
@@ -104,10 +103,9 @@ static void acpi_set_pci_info(void)
 }
 bsel_is_set = true;
 
-bus = find_i440fx(); /* TODO: Q35 support */
-if (bus) {
+if (s->root) {
 /* Scan all PCI buses. Set property to enable acpi based hotplug. */
-pci_for_each_bus_depth_first(bus, acpi_set_bsel, NULL, _alloc);
+pci_for_each_bus_depth_first(s->root, acpi_set_bsel, NULL, 
_alloc);
 }
 }
 
@@ -213,7 +211,7 @@ static void acpi_pcihp_update(AcpiPciHpState *s)
 
 void acpi_pcihp_reset(AcpiPciHpState *s)
 {
-acpi_set_pci_info();
+acpi_set_pci_info(s);
 acpi_pcihp_update(s);
 }
 
diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index 47293a3915..658460264b 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -445,14 +445,6 @@ PCIBus *i440fx_init(const char *host_type, const char 
*pci_type,
 return b;
 }
 
-PCIBus *find_i440fx(void)
-{
-PCIHostState *s = OBJECT_CHECK(PCIHostState,
-   object_resolve_path("/machine/i440fx", 
NULL),
-   TYPE_PCI_HOST_BRIDGE);
-return s ? s->bus : NULL;
-}
-
 /* PIIX3 PCI to ISA bridge */
 static void piix3_set_irq_pic(PIIX3State *piix3, int pic_irq)
 {
diff --git a/stubs/pci-host-piix.c b/stubs/pci-host-piix.c
deleted file mode 100644
index 6ed81b1f21..00
--- a/stubs/pci-host-piix.c
+++ /dev/null
@@ -1,6 +0,0 @@
-#include "qemu/osdep.h"
-#include "hw/i386/pc.h"
-PCIBus *find_i440fx(void)
-{
-return NULL;
-}
diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs
index 5dd0aeeec6..725f78bedc 100644
--- a/stubs/Makefile.objs
+++ b/stubs/Makefile.objs
@@ -41,6 +41,5 @@ stub-obj-y += pc_madt_cpu_entry.o
 stub-obj-y += vmgenid.o
 stub-obj-y += xen-common.o
 stub-obj-y += xen-hvm.o
-stub-obj-y += pci-host-piix.o
 stub-obj-y += ram-block.o
 stub-obj-y += ramfb.o
-- 
2.19.1

[Qemu-devel] [PATCH v5 17/24] hw: acpi: Export the PCI hotplug API

[Samuel Ortiz]

From: Sebastien Boeuf 

The ACPI hotplug support for PCI devices APIs are not x86 or even
machine type specific. In order for future machine types to be able to
re-use that code, we export it through the architecture agnostic
hw/acpi folder.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Sebastien Boeuf 
Signed-off-by: Jing Liu 
---
 include/hw/acpi/aml-build.h |   3 +
 hw/acpi/aml-build.c | 194 
 hw/i386/acpi-build.c| 192 +--
 3 files changed, 199 insertions(+), 190 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 64ea371656..6b0a9735c5 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -418,6 +418,9 @@ Aml *build_osc_method(uint32_t value);
 void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info);
 Aml *build_gsi_link_dev(const char *name, uint8_t uid, uint8_t gsi);
 Aml *build_prt(bool is_pci0_prt);
+void build_acpi_pcihp(Aml *scope);
+void build_append_pci_bus_devices(Aml *parent_scope, PCIBus *bus,
+  bool pcihp_bridge_en);
 void acpi_dsdt_add_pci_bus(Aml *dsdt, AcpiPciBus *pci_host);
 Aml *build_pci_host_bridge(Aml *table, AcpiPciBus *pci_host);
 void crs_range_set_init(CrsRangeSet *range_set);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 2c5446ab23..6112cc2149 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -34,6 +34,7 @@
 #include "hw/acpi/tpm.h"
 #include "qom/qom-qobject.h"
 #include "qapi/qmp/qnum.h"
+#include "hw/acpi/pcihp.h"
 
 #define PCI_HOST_BRIDGE_CONFIG_ADDR0xcf8
 #define PCI_HOST_BRIDGE_IO_0_MIN_ADDR  0x
@@ -2305,6 +2306,199 @@ Aml *build_pci_host_bridge(Aml *table, AcpiPciBus 
*pci_host)
 return scope;
 }
 
+void build_acpi_pcihp(Aml *scope)
+{
+Aml *field;
+Aml *method;
+
+aml_append(scope,
+aml_operation_region("PCST", AML_SYSTEM_IO, aml_int(0xae00), 0x08));
+field = aml_field("PCST", AML_DWORD_ACC, AML_NOLOCK, AML_WRITE_AS_ZEROS);
+aml_append(field, aml_named_field("PCIU", 32));
+aml_append(field, aml_named_field("PCID", 32));
+aml_append(scope, field);
+
+aml_append(scope,
+aml_operation_region("SEJ", AML_SYSTEM_IO, aml_int(0xae08), 0x04));
+field = aml_field("SEJ", AML_DWORD_ACC, AML_NOLOCK, AML_WRITE_AS_ZEROS);
+aml_append(field, aml_named_field("B0EJ", 32));
+aml_append(scope, field);
+
+aml_append(scope,
+aml_operation_region("BNMR", AML_SYSTEM_IO, aml_int(0xae10), 0x04));
+field = aml_field("BNMR", AML_DWORD_ACC, AML_NOLOCK, AML_WRITE_AS_ZEROS);
+aml_append(field, aml_named_field("BNUM", 32));
+aml_append(scope, field);
+
+aml_append(scope, aml_mutex("BLCK", 0));
+
+method = aml_method("PCEJ", 2, AML_NOTSERIALIZED);
+aml_append(method, aml_acquire(aml_name("BLCK"), 0x));
+aml_append(method, aml_store(aml_arg(0), aml_name("BNUM")));
+aml_append(method,
+aml_store(aml_shiftleft(aml_int(1), aml_arg(1)), aml_name("B0EJ")));
+aml_append(method, aml_release(aml_name("BLCK")));
+aml_append(method, aml_return(aml_int(0)));
+aml_append(scope, method);
+}
+
+static void build_append_pcihp_notify_entry(Aml *method, int slot)
+{
+Aml *if_ctx;
+int32_t devfn = PCI_DEVFN(slot, 0);
+
+if_ctx = aml_if(aml_and(aml_arg(0), aml_int(0x1U << slot), NULL));
+aml_append(if_ctx, aml_notify(aml_name("S%.02X", devfn), aml_arg(1)));
+aml_append(method, if_ctx);
+}
+
+void build_append_pci_bus_devices(Aml *parent_scope, PCIBus *bus,
+  bool pcihp_bridge_en)
+{
+Aml *dev, *notify_method = NULL, *method;
+QObject *bsel;
+PCIBus *sec;
+int i;
+
+bsel = object_property_get_qobject(OBJECT(bus), ACPI_PCIHP_PROP_BSEL, 
NULL);
+if (bsel) {
+uint64_t bsel_val = qnum_get_uint(qobject_to(QNum, bsel));
+
+aml_append(parent_scope, aml_name_decl("BSEL", aml_int(bsel_val)));
+notify_method = aml_method("DVNT", 2, AML_NOTSERIALIZED);
+}
+
+for (i = 0; i < ARRAY_SIZE(bus->devices); i += PCI_FUNC_MAX) {
+DeviceClass *dc;
+PCIDeviceClass *pc;
+PCIDevice *pdev = bus->devices[i];
+int slot = PCI_SLOT(i);
+bool hotplug_enabled_dev;
+bool bridge_in_acpi;
+
+if (!pdev) {
+if (bsel) { /* add hotplug slots for non present devices */
+dev = aml_device("S%.02X", PCI_DEVFN(slot, 0));
+aml_append(dev, aml_name_decl("_SUN", aml_int(slot)));
+aml_append(dev, aml_name_decl("_ADR", aml_int(slot << 16)));
+method = aml_method("_EJ0", 1, AML_NOTSERIALIZED);
+aml_append(method,
+aml_call2("PCEJ", aml_name("BSEL"), aml_name("_SUN"))
+);
+aml_append(dev, method);
+aml_append(parent_scope, dev);
+
+   

Re: [Qemu-devel] [PATCH] nvme: fix oob access issue(CVE-2018-16847)

[Li Qiang]

Keith Busch  于2018年11月2日周五 下午11:42写道：

> On Thu, Nov 01, 2018 at 06:22:43PM -0700, Li Qiang wrote:
> > Currently, the nvme_cmb_ops mr doesn't check the addr and size.
> > This can lead an oob access issue. This is triggerable in the guest.
> > Add check to avoid this issue.
> >
> > Fixes CVE-2018-16847.
> >
> > Reported-by: Li Qiang 
> > Reviewed-by: Paolo Bonzini 
> > Signed-off-by: Li Qiang 
>
> Hey, so why is this memory region access even considered valid if the
> request is out of range from what NVMe had registered for its
> MemoryRegion? Wouldn't it be better to not call the mr->ops->read/write
> if it's out of bounds? Otherwise every MemoryRegion needs to duplicate
> the same check, right?
>
>
Yes, This seems a good idea. Once I also encounter one issue like this.
The read callback in MR will be called even it is NULL so cause a
NULL-deref.
discussed here:
-->https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg01391.html

This touchs the core design of memory subsystem I think, May Paolo or Peter
can answer this.



> Would something like the following work (minimally tested)?
>
> ---
> diff --git a/memory.c b/memory.c
> index 9b73892768..883fd818e6 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -1369,6 +1369,9 @@ bool memory_region_access_valid(MemoryRegion *mr,
>  access_size_max = 4;
>  }
>
> +if (addr + size > mr->size)
> +return false;
> +
>  access_size = MAX(MIN(size, access_size_max), access_size_min);
>  for (i = 0; i < size; i += access_size) {
>  if (!mr->ops->valid.accepts(mr->opaque, addr + i, access_size,
> --
>

[Qemu-devel] [PATCH v5 18/24] hw: i386: Export the MADT build method

[Samuel Ortiz]

It is going to be used by the PC machine type as the MADT table builder
method and thus needs to be exported outside of acpi-build.c

Also, now that the generic build_madt() API is exported, we have to
rename the ARM static one in order to avoid build time conflicts.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Samuel Ortiz 
---
 include/hw/i386/acpi.h   | 28 
 hw/arm/virt-acpi-build.c |  4 ++--
 hw/i386/acpi-build.c |  4 ++--
 3 files changed, 32 insertions(+), 4 deletions(-)
 create mode 100644 include/hw/i386/acpi.h

diff --git a/include/hw/i386/acpi.h b/include/hw/i386/acpi.h
new file mode 100644
index 00..b7a887111d
--- /dev/null
+++ b/include/hw/i386/acpi.h
@@ -0,0 +1,28 @@
+/*
+ *
+ * Copyright (c) 2018 Intel Corportation
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_I386_ACPI_H
+#define HW_I386_ACPI_H
+
+#include "hw/acpi/acpi.h"
+#include "hw/acpi/bios-linker-loader.h"
+
+/* ACPI MADT (Multiple APIC Description Table) build method */
+void build_madt(GArray *table_data, BIOSLinker *linker,
+MachineState *ms, AcpiConfiguration *conf);
+
+#endif
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index b5e165543a..b0354c5f03 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -564,7 +564,7 @@ build_gtdt(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
 
 /* MADT */
 static void
-build_madt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
+virt_build_madt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
 {
 VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);
 int madt_start = table_data->len;
@@ -745,7 +745,7 @@ void virt_acpi_build(VirtMachineState *vms, AcpiBuildTables 
*tables)
 build_fadt_rev5(tables_blob, tables->linker, vms, dsdt);
 
 acpi_add_table(table_offsets, tables_blob);
-build_madt(tables_blob, tables->linker, vms);
+virt_build_madt(tables_blob, tables->linker, vms);
 
 acpi_add_table(table_offsets, tables_blob);
 build_gtdt(tables_blob, tables->linker, vms);
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index bef5b23168..4b1d8fbe3f 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -35,7 +35,6 @@
 #include "hw/acpi/acpi.h"
 #include "hw/acpi/cpu.h"
 #include "hw/nvram/fw_cfg.h"
-#include "hw/acpi/bios-linker-loader.h"
 #include "hw/loader.h"
 #include "hw/isa/isa.h"
 #include "hw/block/fdc.h"
@@ -60,6 +59,7 @@
 #include "qom/qom-qobject.h"
 #include "hw/i386/amd_iommu.h"
 #include "hw/i386/intel_iommu.h"
+#include "hw/i386/acpi.h"
 
 #include "hw/acpi/ipmi.h"
 
@@ -279,7 +279,7 @@ void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid,
 }
 }
 
-static void
+void
 build_madt(GArray *table_data, BIOSLinker *linker,
MachineState *ms, AcpiConfiguration *acpi_conf)
 {
-- 
2.19.1

[Qemu-devel] [PATCH v5 24/24] hw: i386: Refactor PCI host getter

[Samuel Ortiz]

From: Yang Zhong 

Now that the ACPI builder methods are added, we can reach the ACPI
configuration pointer from the MachineState pointer. From there we can
get to the PCI host pointer and return it.

This makes the PCI host getter an ACPI, architecture agnostic function.

Signed-off-by: Yang Zhong 
---
 hw/acpi/aml-build.c | 20 +++-
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 6112cc2149..b532817fb5 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -22,6 +22,8 @@
 #include "qemu/osdep.h"
 #include 
 #include "hw/acpi/aml-build.h"
+#include "hw/acpi/builder.h"
+#include "hw/mem/memory-device.h"
 #include "qemu/bswap.h"
 #include "qemu/bitops.h"
 #include "sysemu/numa.h"
@@ -1617,23 +1619,15 @@ void acpi_build_tables_cleanup(AcpiBuildTables *tables, 
bool mfre)
 g_array_free(tables->vmgenid, mfre);
 }
 
-/*
- * Because of the PXB hosts we cannot simply query TYPE_PCI_HOST_BRIDGE.
- */
 Object *acpi_get_pci_host(void)
 {
-PCIHostState *host;
+MachineState *ms = MACHINE(qdev_get_machine());
+AcpiBuilder *ab = ACPI_BUILDER(ms);
+AcpiConfiguration *acpi_conf;
 
-host = OBJECT_CHECK(PCIHostState,
-object_resolve_path("/machine/i440fx", NULL),
-TYPE_PCI_HOST_BRIDGE);
-if (!host) {
-host = OBJECT_CHECK(PCIHostState,
-object_resolve_path("/machine/q35", NULL),
-TYPE_PCI_HOST_BRIDGE);
-}
+acpi_conf = acpi_builder_configuration(ab);
 
-return OBJECT(host);
+return OBJECT(acpi_conf->pci_host);
 }
 
 
-- 
2.19.1

[Qemu-devel] [PATCH v5 07/24] hw: acpi: Generalize AML build routines

[Samuel Ortiz]

From: Yang Zhong 

Most of the AML build routines under acpi-build are not even
architecture specific. They can be moved to the more generic hw/acpi
folder where they could be shared across machine types and
architectures.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Yang Zhong 
---
 include/hw/acpi/aml-build.h |  25 ++
 hw/acpi/aml-build.c | 498 ++
 hw/arm/virt-acpi-build.c|   4 +-
 hw/i386/acpi-build.c| 518 +---
 4 files changed, 528 insertions(+), 517 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index a2ef8b6f31..4f678c45a5 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -3,6 +3,7 @@
 
 #include "hw/acpi/acpi-defs.h"
 #include "hw/acpi/bios-linker-loader.h"
+#include "hw/pci/pcie_host.h"
 
 /* Reserve RAM space for tables: add another order of magnitude. */
 #define ACPI_BUILD_TABLE_MAX_SIZE 0x20
@@ -223,6 +224,21 @@ struct AcpiBuildTables {
 BIOSLinker *linker;
 } AcpiBuildTables;
 
+typedef struct AcpiMcfgInfo {
+uint64_t mcfg_base;
+uint32_t mcfg_size;
+} AcpiMcfgInfo;
+
+typedef struct CrsRangeEntry {
+uint64_t base;
+uint64_t limit;
+} CrsRangeEntry;
+
+typedef struct CrsRangeSet {
+GPtrArray *io_ranges;
+GPtrArray *mem_ranges;
+GPtrArray *mem_64bit_ranges;
+} CrsRangeSet;
 /**
  * init_aml_allocator:
  *
@@ -389,6 +405,15 @@ void acpi_align_size(GArray *blob, unsigned align);
 void acpi_add_table(GArray *table_offsets, GArray *table_data);
 void acpi_build_tables_init(AcpiBuildTables *tables);
 void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre);
+Aml *build_osc_method(void);
+void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info);
+Aml *build_gsi_link_dev(const char *name, uint8_t uid, uint8_t gsi);
+Aml *build_prt(bool is_pci0_prt);
+void crs_range_set_init(CrsRangeSet *range_set);
+Aml *build_crs(PCIHostState *host, CrsRangeSet *range_set);
+void crs_replace_with_free_ranges(GPtrArray *ranges,
+  uint64_t start, uint64_t end);
+void crs_range_set_free(CrsRangeSet *range_set);
 void
 build_rsdp_rsdt(GArray *table_data,
 BIOSLinker *linker, unsigned rsdt_tbl_offset);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 8c2388274c..d3242c6b31 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -25,6 +25,10 @@
 #include "qemu/bswap.h"
 #include "qemu/bitops.h"
 #include "sysemu/numa.h"
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_bus.h"
+#include "qemu/range.h"
+#include "hw/pci/pci_bridge.h"
 
 static GArray *build_alloc_array(void)
 {
@@ -1597,6 +1601,500 @@ void acpi_build_tables_cleanup(AcpiBuildTables *tables, 
bool mfre)
 g_array_free(tables->vmgenid, mfre);
 }
 
+static void crs_range_insert(GPtrArray *ranges, uint64_t base, uint64_t limit)
+{
+CrsRangeEntry *entry;
+
+entry = g_malloc(sizeof(*entry));
+entry->base = base;
+entry->limit = limit;
+
+g_ptr_array_add(ranges, entry);
+}
+
+static void crs_range_free(gpointer data)
+{
+CrsRangeEntry *entry = (CrsRangeEntry *)data;
+g_free(entry);
+}
+
+void crs_range_set_init(CrsRangeSet *range_set)
+{
+range_set->io_ranges = g_ptr_array_new_with_free_func(crs_range_free);
+range_set->mem_ranges = g_ptr_array_new_with_free_func(crs_range_free);
+range_set->mem_64bit_ranges =
+g_ptr_array_new_with_free_func(crs_range_free);
+}
+
+void crs_range_set_free(CrsRangeSet *range_set)
+{
+g_ptr_array_free(range_set->io_ranges, true);
+g_ptr_array_free(range_set->mem_ranges, true);
+g_ptr_array_free(range_set->mem_64bit_ranges, true);
+}
+
+static gint crs_range_compare(gconstpointer a, gconstpointer b)
+{
+ CrsRangeEntry *entry_a = *(CrsRangeEntry **)a;
+ CrsRangeEntry *entry_b = *(CrsRangeEntry **)b;
+
+ return (int64_t)entry_a->base - (int64_t)entry_b->base;
+}
+
+/*
+ * crs_replace_with_free_ranges - given the 'used' ranges within [start - end]
+ * interval, computes the 'free' ranges from the same interval.
+ * Example: If the input array is { [a1 - a2],[b1 - b2] }, the function
+ * will return { [base - a1], [a2 - b1], [b2 - limit] }.
+ */
+void crs_replace_with_free_ranges(GPtrArray *ranges,
+ uint64_t start, uint64_t end)
+{
+GPtrArray *free_ranges = g_ptr_array_new();
+uint64_t free_base = start;
+int i;
+
+g_ptr_array_sort(ranges, crs_range_compare);
+for (i = 0; i < ranges->len; i++) {
+CrsRangeEntry *used = g_ptr_array_index(ranges, i);
+
+if (free_base < used->base) {
+crs_range_insert(free_ranges, free_base, used->base - 1);
+}
+
+free_base = used->limit + 1;
+}
+
+if (free_base < end) {
+crs_range_insert(free_ranges, free_base, end);
+}
+
+g_ptr_array_set_size(ranges, 0);
+for (i = 0; i < 

[Qemu-devel] [PATCH v5 16/24] hw: acpi: Fix memory hotplug AML generation error

[Samuel Ortiz]

From: Yang Zhong 

When using the generated memory hotplug AML, the iasl
compiler would give the following error:

dsdt.dsl 266: Return (MOST (_UID, Arg0, Arg1, Arg2))
Error 6080 - Called method returns no value ^

Signed-off-by: Yang Zhong 
---
 hw/acpi/memory_hotplug.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index db2c4df961..893fc2bd27 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -686,15 +686,15 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 
 method = aml_method("_OST", 3, AML_NOTSERIALIZED);
 s = MEMORY_SLOT_OST_METHOD;
-aml_append(method, aml_return(aml_call4(
-s, aml_name("_UID"), aml_arg(0), aml_arg(1), aml_arg(2)
-)));
+aml_append(method,
+   aml_call4(s, aml_name("_UID"), aml_arg(0),
+ aml_arg(1), aml_arg(2)));
 aml_append(dev, method);
 
 method = aml_method("_EJ0", 1, AML_NOTSERIALIZED);
 s = MEMORY_SLOT_EJECT_METHOD;
-aml_append(method, aml_return(aml_call2(
-   s, aml_name("_UID"), aml_arg(0;
+aml_append(method,
+   aml_call2(s, aml_name("_UID"), aml_arg(0)));
 aml_append(dev, method);
 
 aml_append(dev_container, dev);
-- 
2.19.1

[Qemu-devel] [PATCH v5 21/24] hw: i386: Implement the ACPI builder interface for PC

[Samuel Ortiz]

All PC machine type derivatives will use the same ACPI table build
methods. But with that change in place, any new x86 machine type will be
able to re-use the acpi-build API and customize part of it by defining
its own ACPI table build methods.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Samuel Ortiz 
---
 hw/i386/acpi-build.c | 14 +-
 hw/i386/pc.c | 19 +++
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 4b1d8fbe3f..93d89b96f1 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -34,6 +34,7 @@
 #include "hw/acpi/acpi-defs.h"
 #include "hw/acpi/acpi.h"
 #include "hw/acpi/cpu.h"
+#include "hw/acpi/builder.h"
 #include "hw/nvram/fw_cfg.h"
 #include "hw/loader.h"
 #include "hw/isa/isa.h"
@@ -1683,6 +1684,7 @@ void acpi_build(AcpiBuildTables *tables,
 GArray *tables_blob = tables->table_data;
 AcpiSlicOem slic_oem = { .id = NULL, .table_id = NULL };
 Object *vmgenid_dev;
+AcpiBuilder *ab = ACPI_BUILDER(machine);
 
 acpi_get_pm_info();
 acpi_get_misc_info();
@@ -1732,7 +1734,8 @@ void acpi_build(AcpiBuildTables *tables,
 aml_len += tables_blob->len - fadt;
 
 acpi_add_table(table_offsets, tables_blob);
-build_madt(tables_blob, tables->linker, machine, acpi_conf);
+acpi_builder_madt(ab, tables_blob, tables->linker,
+  machine, acpi_conf);
 
 vmgenid_dev = find_vmgenid_dev();
 if (vmgenid_dev) {
@@ -1756,15 +1759,16 @@ void acpi_build(AcpiBuildTables *tables,
 }
 if (acpi_conf->numa_nodes) {
 acpi_add_table(table_offsets, tables_blob);
-build_srat(tables_blob, tables->linker, machine, acpi_conf);
+acpi_builder_srat(ab, tables_blob, tables->linker,
+  machine, acpi_conf);
 if (have_numa_distance) {
 acpi_add_table(table_offsets, tables_blob);
-build_slit(tables_blob, tables->linker);
+acpi_builder_slit(ab, tables_blob, tables->linker);
 }
 }
 if (acpi_get_mcfg()) {
 acpi_add_table(table_offsets, tables_blob);
-build_mcfg(tables_blob, tables->linker, );
+acpi_builder_mcfg(ab, tables_blob, tables->linker, );
 }
 if (x86_iommu_get_default()) {
 IommuType IOMMUType = x86_iommu_get_type();
@@ -1795,7 +1799,7 @@ void acpi_build(AcpiBuildTables *tables,
slic_oem.id, slic_oem.table_id);
 
 /* RSDP is in FSEG memory, so allocate it separately */
-build_rsdp_rsdt(tables->rsdp, tables->linker, rsdt);
+acpi_builder_rsdp(ab, tables->rsdp, tables->linker, rsdt);
 
 /* We'll expose it all to Guest so we want to reduce
  * chance of size changes.
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index c9ffc8cff6..53a3036066 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -64,6 +64,7 @@
 #include "qemu/option.h"
 #include "hw/acpi/acpi.h"
 #include "hw/acpi/cpu_hotplug.h"
+#include "hw/acpi/builder.h"
 #include "hw/boards.h"
 #include "acpi-build.h"
 #include "hw/mem/pc-dimm.h"
@@ -75,6 +76,7 @@
 #include "hw/nmi.h"
 #include "hw/i386/intel_iommu.h"
 #include "hw/net/ne2000-isa.h"
+#include "hw/i386/acpi.h"
 
 /* debug PC/ISA interrupts */
 //#define DEBUG_IRQ
@@ -2404,12 +2406,20 @@ static void x86_nmi(NMIState *n, int cpu_index, Error 
**errp)
 }
 }
 
+static AcpiConfiguration *pc_acpi_configuration(AcpiBuilder *builder)
+{
+PCMachineState *pcms = PC_MACHINE(builder);
+
+return >acpi_configuration;
+}
+
 static void pc_machine_class_init(ObjectClass *oc, void *data)
 {
 MachineClass *mc = MACHINE_CLASS(oc);
 PCMachineClass *pcmc = PC_MACHINE_CLASS(oc);
 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
 NMIClass *nc = NMI_CLASS(oc);
+AcpiBuilderMethods *abm = ACPI_BUILDER_METHODS(oc);
 
 pcmc->pci_enabled = true;
 pcmc->has_acpi_build = true;
@@ -2444,6 +2454,14 @@ static void pc_machine_class_init(ObjectClass *oc, void 
*data)
 nc->nmi_monitor_handler = x86_nmi;
 mc->default_cpu_type = TARGET_DEFAULT_CPU_TYPE;
 
+/* ACPI building methods */
+abm->madt = build_madt;
+abm->rsdp = build_rsdp_rsdt;
+abm->mcfg = build_mcfg;
+abm->srat = build_srat;
+abm->slit = build_slit;
+abm->configuration = pc_acpi_configuration;
+
 object_class_property_add(oc, MEMORY_DEVICE_REGION_SIZE, "int",
 pc_machine_get_device_memory_region_size, NULL,
 NULL, NULL, _abort);
@@ -2495,6 +2513,7 @@ static const TypeInfo pc_machine_info = {
 .interfaces = (InterfaceInfo[]) {
  { TYPE_HOTPLUG_HANDLER },
  { TYPE_NMI },
+ { TYPE_ACPI_BUILDER },
  { }
 },
 };
-- 
2.19.1

[Qemu-devel] [PATCH v5 22/24] hw: pci-host: piix: Return PCI host pointer instead of PCI bus

[Samuel Ortiz]

For building the MCFG table, we need to track a given machine
type PCI host pointer, and we can't get it from the bus pointer alone.
As piix returns a PCI bus pointer, we simply modify its builder to
return a PCI host pointer instead.

Signed-off-by: Samuel Ortiz 
---
 include/hw/i386/pc.h | 21 +++--
 hw/i386/pc_piix.c| 18 +++---
 hw/pci-host/piix.c   | 24 
 3 files changed, 34 insertions(+), 29 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 8e5f1464eb..b6b79e146d 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -244,16 +244,17 @@ typedef struct PCII440FXState PCII440FXState;
  */
 #define RCR_IOPORT 0xcf9
 
-PCIBus *i440fx_init(const char *host_type, const char *pci_type,
-PCII440FXState **pi440fx_state, int *piix_devfn,
-ISABus **isa_bus, qemu_irq *pic,
-MemoryRegion *address_space_mem,
-MemoryRegion *address_space_io,
-ram_addr_t ram_size,
-ram_addr_t below_4g_mem_size,
-ram_addr_t above_4g_mem_size,
-MemoryRegion *pci_memory,
-MemoryRegion *ram_memory);
+struct PCIHostState *i440fx_init(const char *host_type, const char *pci_type,
+ PCII440FXState **pi440fx_state,
+ int *piix_devfn,
+ ISABus **isa_bus, qemu_irq *pic,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io,
+ ram_addr_t ram_size,
+ ram_addr_t below_4g_mem_size,
+ ram_addr_t above_4g_mem_size,
+ MemoryRegion *pci_memory,
+ MemoryRegion *ram_memory);
 
 /* piix4.c */
 extern PCIDevice *piix4_dev;
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 0620d10715..f5b139a3eb 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -32,6 +32,7 @@
 #include "hw/display/ramfb.h"
 #include "hw/smbios/smbios.h"
 #include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
 #include "hw/pci/pci_ids.h"
 #include "hw/usb.h"
 #include "net/net.h"
@@ -75,6 +76,7 @@ static void pc_init1(MachineState *machine,
 MemoryRegion *system_memory = get_system_memory();
 MemoryRegion *system_io = get_system_io();
 int i;
+struct PCIHostState *pci_host;
 PCIBus *pci_bus;
 ISABus *isa_bus;
 PCII440FXState *i440fx_state;
@@ -196,15 +198,17 @@ static void pc_init1(MachineState *machine,
 }
 
 if (pcmc->pci_enabled) {
-pci_bus = i440fx_init(host_type,
-  pci_type,
-  _state, _devfn, _bus, pcms->gsi,
-  system_memory, system_io, machine->ram_size,
-  acpi_conf->below_4g_mem_size,
-  acpi_conf->above_4g_mem_size,
-  pci_memory, ram_memory);
+pci_host = i440fx_init(host_type,
+   pci_type,
+   _state, _devfn, _bus, 
pcms->gsi,
+   system_memory, system_io, machine->ram_size,
+   acpi_conf->below_4g_mem_size,
+   acpi_conf->above_4g_mem_size,
+   pci_memory, ram_memory);
+pci_bus = pci_host->bus;
 pcms->bus = pci_bus;
 } else {
+pci_host = NULL;
 pci_bus = NULL;
 i440fx_state = NULL;
 isa_bus = isa_bus_new(NULL, get_system_memory(), system_io,
diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index 658460264b..4a412db44c 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -342,17 +342,17 @@ static void i440fx_realize(PCIDevice *dev, Error **errp)
 }
 }
 
-PCIBus *i440fx_init(const char *host_type, const char *pci_type,
-PCII440FXState **pi440fx_state,
-int *piix3_devfn,
-ISABus **isa_bus, qemu_irq *pic,
-MemoryRegion *address_space_mem,
-MemoryRegion *address_space_io,
-ram_addr_t ram_size,
-ram_addr_t below_4g_mem_size,
-ram_addr_t above_4g_mem_size,
-MemoryRegion *pci_address_space,
-MemoryRegion *ram_memory)
+struct PCIHostState *i440fx_init(const char *host_type, const char *pci_type,
+ PCII440FXState **pi440fx_state,
+ int *piix3_devfn,
+ ISABus **isa_bus, qemu_irq *pic,
+ MemoryRegion *address_space_mem,
+ MemoryRegion *address_space_io,
+ 

[Qemu-devel] [PATCH v5 14/24] hw: i386: Make the hotpluggable memory size property more generic

[Samuel Ortiz]

This property is currently defined under i386/pc while it only describes
a region size that's eventually fetched from the AML ACPI code.

We can make it more generic and shareable across machine types by moving
it to memory-device.h instead.

Signed-off-by: Samuel Ortiz 
---
 include/hw/i386/pc.h   | 1 -
 include/hw/mem/memory-device.h | 2 ++
 hw/i386/acpi-build.c   | 2 +-
 hw/i386/pc.c   | 3 ++-
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index bbbdb33ea3..44cb6bf3f3 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -62,7 +62,6 @@ struct PCMachineState {
 };
 
 #define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device"
-#define PC_MACHINE_DEVMEM_REGION_SIZE "device-memory-region-size"
 #define PC_MACHINE_MAX_RAM_BELOW_4G "max-ram-below-4g"
 #define PC_MACHINE_VMPORT   "vmport"
 #define PC_MACHINE_SMM  "smm"
diff --git a/include/hw/mem/memory-device.h b/include/hw/mem/memory-device.h
index e904e194d5..d9a4fc7c3e 100644
--- a/include/hw/mem/memory-device.h
+++ b/include/hw/mem/memory-device.h
@@ -97,6 +97,8 @@ typedef struct MemoryDeviceClass {
  MemoryDeviceInfo *info);
 } MemoryDeviceClass;
 
+#define MEMORY_DEVICE_REGION_SIZE "memory-device-region-size"
+
 MemoryDeviceInfoList *qmp_memory_device_list(void);
 uint64_t get_plugged_memory_size(void);
 void memory_device_pre_plug(MemoryDeviceState *md, MachineState *ms,
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index d8bba16776..1ef1a38441 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1628,7 +1628,7 @@ build_srat(GArray *table_data, BIOSLinker *linker,
 MachineClass *mc = MACHINE_GET_CLASS(machine);
 const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(machine);
 ram_addr_t hotplugabble_address_space_size =
-object_property_get_int(OBJECT(machine), PC_MACHINE_DEVMEM_REGION_SIZE,
+object_property_get_int(OBJECT(machine), MEMORY_DEVICE_REGION_SIZE,
 NULL);
 
 srat_start = table_data->len;
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 090f969933..c9ffc8cff6 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -67,6 +67,7 @@
 #include "hw/boards.h"
 #include "acpi-build.h"
 #include "hw/mem/pc-dimm.h"
+#include "hw/mem/memory-device.h"
 #include "qapi/error.h"
 #include "qapi/qapi-visit-common.h"
 #include "qapi/visitor.h"
@@ -2443,7 +2444,7 @@ static void pc_machine_class_init(ObjectClass *oc, void 
*data)
 nc->nmi_monitor_handler = x86_nmi;
 mc->default_cpu_type = TARGET_DEFAULT_CPU_TYPE;
 
-object_class_property_add(oc, PC_MACHINE_DEVMEM_REGION_SIZE, "int",
+object_class_property_add(oc, MEMORY_DEVICE_REGION_SIZE, "int",
 pc_machine_get_device_memory_region_size, NULL,
 NULL, NULL, _abort);
 
-- 
2.19.1

[Qemu-devel] [PATCH v5 06/24] hw: acpi: Factorize the RSDP build API implementation

[Samuel Ortiz]

We can now share the RSDP build between the ARM and x86 architectures.
Here we make the default RSDP build use XSDT and keep the existing x86
ACPI build implementation using the legacy RSDT version.

Signed-off-by: Samuel Ortiz 
---
 include/hw/acpi/aml-build.h |  8 
 hw/acpi/aml-build.c | 28 +---
 hw/arm/virt-acpi-build.c| 28 
 hw/i386/acpi-build.c| 26 +-
 4 files changed, 30 insertions(+), 60 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 3580d0ce90..a2ef8b6f31 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -390,11 +390,11 @@ void acpi_add_table(GArray *table_offsets, GArray 
*table_data);
 void acpi_build_tables_init(AcpiBuildTables *tables);
 void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre);
 void
-build_rsdp(GArray *table_data,
-   BIOSLinker *linker, unsigned rsdt_tbl_offset);
+build_rsdp_rsdt(GArray *table_data,
+BIOSLinker *linker, unsigned rsdt_tbl_offset);
 void
-build_rsdp_xsdt(GArray *table_data,
-BIOSLinker *linker, unsigned xsdt_tbl_offset);
+build_rsdp(GArray *table_data,
+   BIOSLinker *linker, unsigned xsdt_tbl_offset);
 void
 build_rsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets,
const char *oem_id, const char *oem_table_id);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index a030d40674..8c2388274c 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1651,10 +1651,32 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, 
GArray *table_offsets,
  (void *)xsdt, "XSDT", xsdt_len, 1, oem_id, oem_table_id);
 }
 
+/* Legacy RSDP pointing at an RSDT. This is deprecated */
+void build_rsdp_rsdt(GArray *rsdp_table, BIOSLinker *linker, unsigned 
rsdt_tbl_offset)
+{
+AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
+unsigned rsdt_pa_size = sizeof(rsdp->rsdt_physical_address);
+unsigned rsdt_pa_offset =
+(char *)>rsdt_physical_address - rsdp_table->data;
+
+bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, rsdp_table, 16,
+ true /* fseg memory */);
+
+memcpy(>signature, "RSD PTR ", 8);
+memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, 6);
+/* Address to be filled by Guest linker */
+bios_linker_loader_add_pointer(linker,
+ACPI_BUILD_RSDP_FILE, rsdt_pa_offset, rsdt_pa_size,
+ACPI_BUILD_TABLE_FILE, rsdt_tbl_offset);
+
+/* Checksum to be filled by Guest linker */
+bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
+(char *)rsdp - rsdp_table->data, sizeof *rsdp,
+(char *)>checksum - rsdp_table->data);
+}
+
 /* RSDP pointing at an XSDT */
-void
-build_rsdp_xsdt(GArray *rsdp_table,
-BIOSLinker *linker, unsigned xsdt_tbl_offset)
+void build_rsdp(GArray *rsdp_table, BIOSLinker *linker, unsigned 
xsdt_tbl_offset)
 {
 AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
 unsigned xsdt_pa_size = sizeof(rsdp->xsdt_physical_address);
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 623a6c4eac..261363e20c 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -366,34 +366,6 @@ static void acpi_dsdt_add_power_button(Aml *scope)
 aml_append(scope, dev);
 }
 
-/* RSDP */
-void
-build_rsdp(GArray *rsdp_table, BIOSLinker *linker, unsigned xsdt_tbl_offset)
-{
-AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
-unsigned xsdt_pa_size = sizeof(rsdp->xsdt_physical_address);
-unsigned xsdt_pa_offset =
-(char *)>xsdt_physical_address - rsdp_table->data;
-
-bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, rsdp_table, 16,
- true /* fseg memory */);
-
-memcpy(>signature, "RSD PTR ", sizeof(rsdp->signature));
-memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, sizeof(rsdp->oem_id));
-rsdp->length = cpu_to_le32(sizeof(*rsdp));
-rsdp->revision = 0x02;
-
-/* Address to be filled by Guest linker */
-bios_linker_loader_add_pointer(linker,
-ACPI_BUILD_RSDP_FILE, xsdt_pa_offset, xsdt_pa_size,
-ACPI_BUILD_TABLE_FILE, xsdt_tbl_offset);
-
-/* Checksum to be filled by Guest linker */
-bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
-(char *)rsdp - rsdp_table->data, sizeof *rsdp,
-(char *)>checksum - rsdp_table->data);
-}
-
 static void
 build_iort(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
 {
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index f7a67f5c9c..cfc2444d0d 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2513,30 +2513,6 @@ build_amd_iommu(GArray *table_data, BIOSLinker *linker)
  "IVRS", table_data->len - iommu_start, 1, NULL, NULL);
 }
 
-void
-build_rsdp(GArray *rsdp_table, BIOSLinker *linker, 

[Qemu-devel] [PATCH v5 15/24] hw: i386: Export the i386 ACPI SRAT build method

[Samuel Ortiz]

This is the standard way of building SRAT on x86 platfoms. But future
machine types could decide to define their own custom SRAT build method
through the ACPI builder methods.
Moreover, we will also need to reach build_srat() from outside of
acpi-build in order to use it as the ACPI builder SRAT build method.

Signed-off-by: Samuel Ortiz 
---
 hw/i386/acpi-build.h | 5 +
 hw/i386/acpi-build.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/i386/acpi-build.h b/hw/i386/acpi-build.h
index 065a1d8250..d73c41fe8f 100644
--- a/hw/i386/acpi-build.h
+++ b/hw/i386/acpi-build.h
@@ -4,6 +4,11 @@
 
 #include "hw/acpi/acpi.h"
 
+/* ACPI SRAT (Static Resource Affinity Table) build method for x86 */
+void
+build_srat(GArray *table_data, BIOSLinker *linker,
+   MachineState *machine, AcpiConfiguration *acpi_conf);
+
 void acpi_setup(MachineState *machine, AcpiConfiguration *acpi_conf);
 
 #endif
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 1ef1a38441..673c5dfafc 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1615,7 +1615,7 @@ build_tpm2(GArray *table_data, BIOSLinker *linker, GArray 
*tcpalog)
 #define HOLE_640K_START  (640 * KiB)
 #define HOLE_640K_END   (1 * MiB)
 
-static void
+void
 build_srat(GArray *table_data, BIOSLinker *linker,
MachineState *machine, AcpiConfiguration *acpi_conf)
 {
-- 
2.19.1

[Qemu-devel] [PATCH v5 23/24] hw: i386: Set ACPI configuration PCI host pointer

[Samuel Ortiz]

For both PC and Q35 machine types, we can set it at the PCI host
bridge creation time.

Signed-off-by: Samuel Ortiz 
---
 hw/i386/pc_piix.c | 1 +
 hw/i386/pc_q35.c  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index f5b139a3eb..f1f0de3585 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -216,6 +216,7 @@ static void pc_init1(MachineState *machine,
 no_hpet = 1;
 }
 isa_bus_irqs(isa_bus, pcms->gsi);
+acpi_conf->pci_host = pci_host;
 
 if (kvm_pic_in_kernel()) {
 i8259 = kvm_i8259_init(isa_bus);
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index cdde4a4beb..a8772e29a5 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -188,6 +188,7 @@ static void pc_q35_init(MachineState *machine)
 qdev_init_nofail(DEVICE(q35_host));
 phb = PCI_HOST_BRIDGE(q35_host);
 host_bus = phb->bus;
+acpi_conf->pci_host = phb;
 /* create ISA bus */
 lpc = pci_create_simple_multifunction(host_bus, PCI_DEVFN(ICH9_LPC_DEV,
   ICH9_LPC_FUNC), true,
-- 
2.19.1

[Qemu-devel] [PATCH v5 05/24] hw: acpi: Implement XSDT support for RSDP

[Samuel Ortiz]

XSDT is the 64-bit version of the legacy ACPI RSDT (Root System
Description Table). RSDT only allow for 32-bit addressses and have thus
been deprecated. Since ACPI version 2.0, RSDPs should point at XSDTs and
no longer RSDTs, although RSDTs are still supported for backward
compatibility.

Since version 2.0, RSDPs should add an extended checksum, a complete table
length and a version field to the table.

Signed-off-by: Samuel Ortiz 
---
 include/hw/acpi/aml-build.h |  3 +++
 hw/acpi/aml-build.c | 37 +
 2 files changed, 40 insertions(+)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index c9bcb32d81..3580d0ce90 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -393,6 +393,9 @@ void
 build_rsdp(GArray *table_data,
BIOSLinker *linker, unsigned rsdt_tbl_offset);
 void
+build_rsdp_xsdt(GArray *table_data,
+BIOSLinker *linker, unsigned xsdt_tbl_offset);
+void
 build_rsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets,
const char *oem_id, const char *oem_table_id);
 void
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 51b608432f..a030d40674 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1651,6 +1651,43 @@ build_xsdt(GArray *table_data, BIOSLinker *linker, 
GArray *table_offsets,
  (void *)xsdt, "XSDT", xsdt_len, 1, oem_id, oem_table_id);
 }
 
+/* RSDP pointing at an XSDT */
+void
+build_rsdp_xsdt(GArray *rsdp_table,
+BIOSLinker *linker, unsigned xsdt_tbl_offset)
+{
+AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
+unsigned xsdt_pa_size = sizeof(rsdp->xsdt_physical_address);
+unsigned xsdt_pa_offset =
+(char *)>xsdt_physical_address - rsdp_table->data;
+unsigned xsdt_offset =
+(char *)>length - rsdp_table->data;
+
+bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, rsdp_table, 16,
+ true /* fseg memory */);
+
+memcpy(>signature, "RSD PTR ", 8);
+memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, 6);
+rsdp->length = cpu_to_le32(sizeof(*rsdp));
+/* version 2, we will use the XSDT pointer */
+rsdp->revision = 0x02;
+
+/* Address to be filled by Guest linker */
+bios_linker_loader_add_pointer(linker,
+ACPI_BUILD_RSDP_FILE, xsdt_pa_offset, xsdt_pa_size,
+ACPI_BUILD_TABLE_FILE, xsdt_tbl_offset);
+
+/* Legacy checksum to be filled by Guest linker */
+bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
+(char *)rsdp - rsdp_table->data, xsdt_offset,
+(char *)>checksum - rsdp_table->data);
+
+/* Extended checksum to be filled by Guest linker */
+bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
+(char *)rsdp - rsdp_table->data, sizeof *rsdp,
+(char *)>extended_checksum - rsdp_table->data);
+}
+
 void build_srat_memory(AcpiSratMemoryAffinity *numamem, uint64_t base,
uint64_t len, int node, MemoryAffinityFlags flags)
 {
-- 
2.19.1

[Qemu-devel] [PATCH v5 12/24] hw: acpi: Export the MCFG getter

[Samuel Ortiz]

From: Yang Zhong 

The ACPI MCFG getter is not x86 specific and could be called from
anywhere within generic ACPI API, so let's export it.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Yang Zhong 
---
 include/hw/acpi/aml-build.h |  1 +
 hw/acpi/aml-build.c | 24 
 hw/i386/acpi-build.c| 22 --
 3 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 1861e37ebf..64ea371656 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -408,6 +408,7 @@ void *acpi_data_push(GArray *table_data, unsigned size);
 unsigned acpi_data_len(GArray *table);
 Object *acpi_get_pci_host(void);
 void acpi_get_pci_holes(Range *hole, Range *hole64);
+bool acpi_get_mcfg(AcpiMcfgInfo *mcfg);
 /* Align AML blob size to a multiple of 'align' */
 void acpi_align_size(GArray *blob, unsigned align);
 void acpi_add_table(GArray *table_offsets, GArray *table_data);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 869ed70db3..2c5446ab23 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -32,6 +32,8 @@
 #include "hw/i386/pc.h"
 #include "sysemu/tpm.h"
 #include "hw/acpi/tpm.h"
+#include "qom/qom-qobject.h"
+#include "qapi/qmp/qnum.h"
 
 #define PCI_HOST_BRIDGE_CONFIG_ADDR0xcf8
 #define PCI_HOST_BRIDGE_IO_0_MIN_ADDR  0x
@@ -1657,6 +1659,28 @@ void acpi_get_pci_holes(Range *hole, Range *hole64)
NULL));
 }
 
+bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
+{
+Object *pci_host;
+QObject *o;
+
+pci_host = acpi_get_pci_host();
+g_assert(pci_host);
+
+o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_BASE, NULL);
+if (!o) {
+return false;
+}
+mcfg->mcfg_base = qnum_get_uint(qobject_to(QNum, o));
+qobject_unref(o);
+
+o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_SIZE, NULL);
+assert(o);
+mcfg->mcfg_size = qnum_get_uint(qobject_to(QNum, o));
+qobject_unref(o);
+return true;
+}
+
 static void crs_range_insert(GPtrArray *ranges, uint64_t base, uint64_t limit)
 {
 CrsRangeEntry *entry;
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 14e2624d14..d8bba16776 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1856,28 +1856,6 @@ build_amd_iommu(GArray *table_data, BIOSLinker *linker)
  "IVRS", table_data->len - iommu_start, 1, NULL, NULL);
 }
 
-static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
-{
-Object *pci_host;
-QObject *o;
-
-pci_host = acpi_get_pci_host();
-g_assert(pci_host);
-
-o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_BASE, NULL);
-if (!o) {
-return false;
-}
-mcfg->mcfg_base = qnum_get_uint(qobject_to(QNum, o));
-qobject_unref(o);
-
-o = object_property_get_qobject(pci_host, PCIE_HOST_MCFG_SIZE, NULL);
-assert(o);
-mcfg->mcfg_size = qnum_get_uint(qobject_to(QNum, o));
-qobject_unref(o);
-return true;
-}
-
 static
 void acpi_build(AcpiBuildTables *tables,
 MachineState *machine, AcpiConfiguration *acpi_conf)
-- 
2.19.1

[Qemu-devel] [PATCH v5 20/24] hw: acpi: Define ACPI tables builder interface

[Samuel Ortiz]

In order to decouple ACPI APIs from specific machine types, we are
creating an ACPI builder interface that each ACPI platform can choose to
implement.
This way, a new machine type can re-use the high level ACPI APIs and
define some custom table build methods, without having to duplicate most
of the existing implementation only to add small variations to it.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Samuel Ortiz 
---
 include/hw/acpi/builder.h | 100 ++
 hw/acpi/builder.c |  97 
 hw/acpi/Makefile.objs |   1 +
 3 files changed, 198 insertions(+)
 create mode 100644 include/hw/acpi/builder.h
 create mode 100644 hw/acpi/builder.c

diff --git a/include/hw/acpi/builder.h b/include/hw/acpi/builder.h
new file mode 100644
index 00..a63b88ffe9
--- /dev/null
+++ b/include/hw/acpi/builder.h
@@ -0,0 +1,100 @@
+/*
+ *
+ * Copyright (c) 2018 Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef ACPI_BUILDER_H
+#define ACPI_BUILDER_H
+
+#include "qemu/osdep.h"
+#include "hw/acpi/bios-linker-loader.h"
+#include "qom/object.h"
+
+#define TYPE_ACPI_BUILDER "acpi-builder"
+
+#define ACPI_BUILDER_METHODS(klass) \
+ OBJECT_CLASS_CHECK(AcpiBuilderMethods, (klass), TYPE_ACPI_BUILDER)
+#define ACPI_BUILDER_GET_METHODS(obj) \
+ OBJECT_GET_CLASS(AcpiBuilderMethods, (obj), TYPE_ACPI_BUILDER)
+#define ACPI_BUILDER(obj)   \
+ INTERFACE_CHECK(AcpiBuilder, (obj), TYPE_ACPI_BUILDER)
+
+typedef struct AcpiConfiguration AcpiConfiguration;
+typedef struct AcpiBuildState AcpiBuildState;
+typedef struct AcpiMcfgInfo AcpiMcfgInfo;
+
+typedef struct AcpiBuilder {
+/*  */
+Object Parent;
+} AcpiBuilder;
+
+/**
+ * AcpiBuildMethods:
+ *
+ * Interface to be implemented by a machine type that needs to provide
+ * custom ACPI tables build method.
+ *
+ * @parent: Opaque parent interface.
+ * @rsdp: ACPI RSDP (Root System Description Pointer) table build callback.
+ * @madt: ACPI MADT (Multiple APIC Description Table) table build callback.
+ * @mcfg: ACPI MCFG table build callback.
+ * @srat: ACPI SRAT (System/Static Resource Affinity Table)
+ *table build callback.
+ * @slit: ACPI SLIT (System Locality System Information Table)
+ *table build callback.
+ * @configuration: ACPI configuration getter.
+ * This is used to query the machine instance for its
+ * AcpiConfiguration pointer.
+ */
+typedef struct AcpiBuilderMethods {
+/*  */
+InterfaceClass parent;
+
+/*  */
+void (*rsdp)(GArray *table_data, BIOSLinker *linker,
+ unsigned rsdt_tbl_offset);
+void (*madt)(GArray *table_data, BIOSLinker *linker,
+ MachineState *ms, AcpiConfiguration *conf);
+void (*mcfg)(GArray *table_data, BIOSLinker *linker,
+ AcpiMcfgInfo *info);
+void (*srat)(GArray *table_data, BIOSLinker *linker,
+ MachineState *machine, AcpiConfiguration *conf);
+void (*slit)(GArray *table_data, BIOSLinker *linker);
+
+AcpiConfiguration *(*configuration)(AcpiBuilder *builder);
+} AcpiBuilderMethods;
+
+void acpi_builder_rsdp(AcpiBuilder *builder,
+   GArray *table_data, BIOSLinker *linker,
+   unsigned rsdt_tbl_offset);
+
+void acpi_builder_madt(AcpiBuilder *builder,
+   GArray *table_data, BIOSLinker *linker,
+   MachineState *ms, AcpiConfiguration *conf);
+
+void acpi_builder_mcfg(AcpiBuilder *builder,
+   GArray *table_data, BIOSLinker *linker,
+   AcpiMcfgInfo *info);
+
+void acpi_builder_srat(AcpiBuilder *builder,
+   GArray *table_data, BIOSLinker *linker,
+   MachineState *machine, AcpiConfiguration *conf);
+
+void acpi_builder_slit(AcpiBuilder *builder,
+   GArray *table_data, BIOSLinker *linker);
+
+AcpiConfiguration *acpi_builder_configuration(AcpiBuilder *builder);
+
+#endif
diff --git a/hw/acpi/builder.c b/hw/acpi/builder.c
new file mode 100644
index 00..c29a614793
--- /dev/null
+++ b/hw/acpi/builder.c
@@ -0,0 +1,97 @@
+/*
+ *
+ * Copyright (c) 2018 Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and 

[Qemu-devel] [PATCH v5 11/24] hw: acpi: Export and generalize the PCI host AML API

[Samuel Ortiz]

From: Yang Zhong 

The AML build routines for the PCI host bridge and the corresponding
DSDT addition are neither x86 nor PC machine type specific.
We can move them to the architecture agnostic hw/acpi folder, and by
carrying all the needed information through a new AcpiPciBus structure,
we can make them PC machine type independent.

Signed-off-by: Yang Zhong 
Signed-off-by: Rob Bradford 
Signed-off-by: Samuel Ortiz 
---
 include/hw/acpi/aml-build.h |   8 ++
 hw/acpi/aml-build.c | 157 
 hw/i386/acpi-build.c| 115 ++
 3 files changed, 173 insertions(+), 107 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index fde2785b9a..1861e37ebf 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -229,6 +229,12 @@ typedef struct AcpiMcfgInfo {
 uint32_t mcfg_size;
 } AcpiMcfgInfo;
 
+typedef struct AcpiPciBus {
+PCIBus *pci_bus;
+Range *pci_hole;
+Range *pci_hole64;
+} AcpiPciBus;
+
 typedef struct CrsRangeEntry {
 uint64_t base;
 uint64_t limit;
@@ -411,6 +417,8 @@ Aml *build_osc_method(uint32_t value);
 void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info);
 Aml *build_gsi_link_dev(const char *name, uint8_t uid, uint8_t gsi);
 Aml *build_prt(bool is_pci0_prt);
+void acpi_dsdt_add_pci_bus(Aml *dsdt, AcpiPciBus *pci_host);
+Aml *build_pci_host_bridge(Aml *table, AcpiPciBus *pci_host);
 void crs_range_set_init(CrsRangeSet *range_set);
 Aml *build_crs(PCIHostState *host, CrsRangeSet *range_set);
 void crs_replace_with_free_ranges(GPtrArray *ranges,
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index b8e32f15f7..869ed70db3 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -29,6 +29,19 @@
 #include "hw/pci/pci_bus.h"
 #include "qemu/range.h"
 #include "hw/pci/pci_bridge.h"
+#include "hw/i386/pc.h"
+#include "sysemu/tpm.h"
+#include "hw/acpi/tpm.h"
+
+#define PCI_HOST_BRIDGE_CONFIG_ADDR0xcf8
+#define PCI_HOST_BRIDGE_IO_0_MIN_ADDR  0x
+#define PCI_HOST_BRIDGE_IO_0_MAX_ADDR  0x0cf7
+#define PCI_HOST_BRIDGE_IO_1_MIN_ADDR  0x0d00
+#define PCI_HOST_BRIDGE_IO_1_MAX_ADDR  0x
+#define PCI_VGA_MEM_BASE_ADDR  0x000a
+#define PCI_VGA_MEM_MAX_ADDR   0x000b
+#define IO_0_LEN   0xcf8
+#define VGA_MEM_LEN0x2
 
 static GArray *build_alloc_array(void)
 {
@@ -2142,6 +2155,150 @@ Aml *build_prt(bool is_pci0_prt)
 return method;
 }
 
+Aml *build_pci_host_bridge(Aml *table, AcpiPciBus *pci_host)
+{
+CrsRangeEntry *entry;
+Aml *scope, *dev, *crs;
+CrsRangeSet crs_range_set;
+Range *pci_hole = NULL;
+Range *pci_hole64 = NULL;
+PCIBus *bus = NULL;
+int root_bus_limit = 0xFF;
+int i;
+
+bus = pci_host->pci_bus;
+assert(bus);
+pci_hole = pci_host->pci_hole;
+pci_hole64 = pci_host->pci_hole64;
+
+crs_range_set_init(_range_set);
+QLIST_FOREACH(bus, >child, sibling) {
+uint8_t bus_num = pci_bus_num(bus);
+uint8_t numa_node = pci_bus_numa_node(bus);
+
+/* look only for expander root buses */
+if (!pci_bus_is_root(bus)) {
+continue;
+}
+
+if (bus_num < root_bus_limit) {
+root_bus_limit = bus_num - 1;
+}
+
+scope = aml_scope("\\_SB");
+dev = aml_device("PC%.02X", bus_num);
+aml_append(dev, aml_name_decl("_UID", aml_int(bus_num)));
+aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03")));
+aml_append(dev, aml_name_decl("_BBN", aml_int(bus_num)));
+if (pci_bus_is_express(bus)) {
+aml_append(dev, aml_name_decl("SUPP", aml_int(0)));
+aml_append(dev, aml_name_decl("CTRL", aml_int(0)));
+aml_append(dev, build_osc_method(0x1F));
+}
+if (numa_node != NUMA_NODE_UNASSIGNED) {
+aml_append(dev, aml_name_decl("_PXM", aml_int(numa_node)));
+}
+
+aml_append(dev, build_prt(false));
+crs = build_crs(PCI_HOST_BRIDGE(BUS(bus)->parent), _range_set);
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+aml_append(table, scope);
+}
+scope = aml_scope("\\_SB.PCI0");
+/* build PCI0._CRS */
+crs = aml_resource_template();
+/* set the pcie bus num */
+aml_append(crs,
+aml_word_bus_number(AML_MIN_FIXED, AML_MAX_FIXED, AML_POS_DECODE,
+0x, 0x0, root_bus_limit,
+0x, root_bus_limit + 1));
+aml_append(crs, aml_io(AML_DECODE16, PCI_HOST_BRIDGE_CONFIG_ADDR,
+   PCI_HOST_BRIDGE_CONFIG_ADDR, 0x01, 0x08));
+/* set the io region 0 in pci host bridge */
+aml_append(crs,
+aml_word_io(AML_MIN_FIXED, AML_MAX_FIXED,
+AML_POS_DECODE, AML_ENTIRE_RANGE,
+0x, 

[Qemu-devel] [PATCH v5 04/24] hw: acpi: Export the RSDP build API

[Samuel Ortiz]

The hardware-reduced API will need to build RSDP as well, so we should
export this routine.

Signed-off-by: Samuel Ortiz 
---
 include/hw/acpi/aml-build.h | 3 +++
 hw/arm/virt-acpi-build.c| 2 +-
 hw/i386/acpi-build.c| 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 73fc6659f2..c9bcb32d81 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -390,6 +390,9 @@ void acpi_add_table(GArray *table_offsets, GArray 
*table_data);
 void acpi_build_tables_init(AcpiBuildTables *tables);
 void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre);
 void
+build_rsdp(GArray *table_data,
+   BIOSLinker *linker, unsigned rsdt_tbl_offset);
+void
 build_rsdt(GArray *table_data, BIOSLinker *linker, GArray *table_offsets,
const char *oem_id, const char *oem_table_id);
 void
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index fc59cce769..623a6c4eac 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -367,7 +367,7 @@ static void acpi_dsdt_add_power_button(Aml *scope)
 }
 
 /* RSDP */
-static void
+void
 build_rsdp(GArray *rsdp_table, BIOSLinker *linker, unsigned xsdt_tbl_offset)
 {
 AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 74419d0663..f7a67f5c9c 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2513,7 +2513,7 @@ build_amd_iommu(GArray *table_data, BIOSLinker *linker)
  "IVRS", table_data->len - iommu_start, 1, NULL, NULL);
 }
 
-static void
+void
 build_rsdp(GArray *rsdp_table, BIOSLinker *linker, unsigned rsdt_tbl_offset)
 {
 AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
-- 
2.19.1

[Qemu-devel] [PATCH v5 13/24] hw: acpi: Do not create hotplug method when handler is not defined

[Samuel Ortiz]

CPU and memory ACPI hotplug are not necessarily handled through SCI
events. For example, with Hardware-reduced ACPI, the GED device will
manage ACPI hotplug entirely.
As a consequence, we make the CPU and memory specific events AML
generation optional. The code will only be added when the method name is
not NULL.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Samuel Ortiz 
---
 hw/acpi/cpu.c|  8 +---
 hw/acpi/memory_hotplug.c | 11 +++
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/hw/acpi/cpu.c b/hw/acpi/cpu.c
index f10b190019..cd41377b5a 100644
--- a/hw/acpi/cpu.c
+++ b/hw/acpi/cpu.c
@@ -569,9 +569,11 @@ void build_cpus_aml(Aml *table, MachineState *machine, 
CPUHotplugFeatures opts,
 aml_append(sb_scope, cpus_dev);
 aml_append(table, sb_scope);
 
-method = aml_method(event_handler_method, 0, AML_NOTSERIALIZED);
-aml_append(method, aml_call0("\\_SB.CPUS." CPU_SCAN_METHOD));
-aml_append(table, method);
+if (event_handler_method) {
+method = aml_method(event_handler_method, 0, AML_NOTSERIALIZED);
+aml_append(method, aml_call0("\\_SB.CPUS." CPU_SCAN_METHOD));
+aml_append(table, method);
+}
 
 g_free(cphp_res_path);
 }
diff --git a/hw/acpi/memory_hotplug.c b/hw/acpi/memory_hotplug.c
index 8c7c1013f3..db2c4df961 100644
--- a/hw/acpi/memory_hotplug.c
+++ b/hw/acpi/memory_hotplug.c
@@ -715,10 +715,13 @@ void build_memory_hotplug_aml(Aml *table, uint32_t nr_mem,
 }
 aml_append(table, dev_container);
 
-method = aml_method(event_handler_method, 0, AML_NOTSERIALIZED);
-aml_append(method,
-aml_call0(MEMORY_DEVICES_CONTAINER "." MEMORY_SLOT_SCAN_METHOD));
-aml_append(table, method);
+if (event_handler_method) {
+method = aml_method(event_handler_method, 0, AML_NOTSERIALIZED);
+aml_append(method,
+   aml_call0(MEMORY_DEVICES_CONTAINER "."
+ MEMORY_SLOT_SCAN_METHOD));
+aml_append(table, method);
+}
 
 g_free(mhp_res_path);
 }
-- 
2.19.1

[Qemu-devel] [PATCH v5 08/24] hw: acpi: Factorize _OSC AML across architectures

[Samuel Ortiz]

From: Yang Zhong 

The _OSC AML table is almost identical between the i386 Q35 and arm virt
machine types. We can make it slightly more generic and share it across
all PCIe architectures.

Signed-off-by: Yang Zhong 
---
 include/hw/acpi/acpi-defs.h | 14 +++
 include/hw/acpi/aml-build.h |  2 +-
 hw/acpi/aml-build.c | 84 +++--
 hw/arm/virt-acpi-build.c| 45 ++--
 hw/i386/acpi-build.c|  6 ++-
 5 files changed, 66 insertions(+), 85 deletions(-)

diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index af8e023968..6e1726e0a2 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -652,4 +652,18 @@ struct AcpiIortRC {
 } QEMU_PACKED;
 typedef struct AcpiIortRC AcpiIortRC;
 
+/* _OSC */
+
+#define ACPI_OSC_CTRL_PCIE_NATIVE_HP (1 << 0)
+#define ACPI_OSC_CTRL_SHPC_NATIVE_HP (1 << 1)
+#define ACPI_OSC_CTRL_PCIE_PM_EVT(1 << 2)
+#define ACPI_OSC_CTRL_PCIE_AER   (1 << 3)
+#define ACPI_OSC_CTRL_PCIE_CAP_CTRL  (1 << 4)
+#define ACPI_OSC_CTRL_PCI_ALL \
+(ACPI_OSC_CTRL_PCIE_NATIVE_HP | \
+ ACPI_OSC_CTRL_SHPC_NATIVE_HP | \
+ ACPI_OSC_CTRL_PCIE_PM_EVT |\
+ ACPI_OSC_CTRL_PCIE_AER |   \
+ ACPI_OSC_CTRL_PCIE_CAP_CTRL)
+
 #endif
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 4f678c45a5..c27c0935ae 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -405,7 +405,7 @@ void acpi_align_size(GArray *blob, unsigned align);
 void acpi_add_table(GArray *table_offsets, GArray *table_data);
 void acpi_build_tables_init(AcpiBuildTables *tables);
 void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre);
-Aml *build_osc_method(void);
+Aml *build_osc_method(uint32_t value);
 void build_mcfg(GArray *table_data, BIOSLinker *linker, AcpiMcfgInfo *info);
 Aml *build_gsi_link_dev(const char *name, uint8_t uid, uint8_t gsi);
 Aml *build_prt(bool is_pci0_prt);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index d3242c6b31..2b9a636e75 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1869,51 +1869,55 @@ Aml *build_crs(PCIHostState *host, CrsRangeSet 
*range_set)
 return crs;
 }
 
-Aml *build_osc_method(void)
+/*
+ * ctrl_mask is the _OSC capabilities buffer control field mask.
+ */
+Aml *build_osc_method(uint32_t ctrl_mask)
 {
-Aml *if_ctx;
-Aml *if_ctx2;
-Aml *else_ctx;
-Aml *method;
-Aml *a_cwd1 = aml_name("CDW1");
-Aml *a_ctrl = aml_local(0);
+Aml *ifctx, *ifctx1, *elsectx, *method, *UUID;
 
 method = aml_method("_OSC", 4, AML_NOTSERIALIZED);
-aml_append(method, aml_create_dword_field(aml_arg(3), aml_int(0), "CDW1"));
-
-if_ctx = aml_if(aml_equal(
-aml_arg(0), aml_touuid("33DB4D5B-1FF7-401C-9657-7441C03DD766")));
-aml_append(if_ctx, aml_create_dword_field(aml_arg(3), aml_int(4), "CDW2"));
-aml_append(if_ctx, aml_create_dword_field(aml_arg(3), aml_int(8), "CDW3"));
-
-aml_append(if_ctx, aml_store(aml_name("CDW3"), a_ctrl));
-
-/*
- * Always allow native PME, AER (no dependencies)
- * Allow SHPC (PCI bridges can have SHPC controller)
+aml_append(method,
+aml_create_dword_field(aml_arg(3), aml_int(0), "CDW1"));
+
+/* PCI Firmware Specification 3.0
+ * 4.5.1. _OSC Interface for PCI Host Bridge Devices
+ * The _OSC interface for a PCI/PCI-X/PCI Express hierarchy is
+ * identified by the Universal Unique IDentifier (UUID)
+ * 33DB4D5B-1FF7-401C-9657-7441C03DD766
  */
-aml_append(if_ctx, aml_and(a_ctrl, aml_int(0x1F), a_ctrl));
-
-if_ctx2 = aml_if(aml_lnot(aml_equal(aml_arg(1), aml_int(1;
-/* Unknown revision */
-aml_append(if_ctx2, aml_or(a_cwd1, aml_int(0x08), a_cwd1));
-aml_append(if_ctx, if_ctx2);
-
-if_ctx2 = aml_if(aml_lnot(aml_equal(aml_name("CDW3"), a_ctrl)));
-/* Capabilities bits were masked */
-aml_append(if_ctx2, aml_or(a_cwd1, aml_int(0x10), a_cwd1));
-aml_append(if_ctx, if_ctx2);
-
-/* Update DWORD3 in the buffer */
-aml_append(if_ctx, aml_store(a_ctrl, aml_name("CDW3")));
-aml_append(method, if_ctx);
-
-else_ctx = aml_else();
-/* Unrecognized UUID */
-aml_append(else_ctx, aml_or(a_cwd1, aml_int(4), a_cwd1));
-aml_append(method, else_ctx);
+UUID = aml_touuid("33DB4D5B-1FF7-401C-9657-7441C03DD766");
+ifctx = aml_if(aml_equal(aml_arg(0), UUID));
+aml_append(ifctx,
+aml_create_dword_field(aml_arg(3), aml_int(4), "CDW2"));
+aml_append(ifctx,
+aml_create_dword_field(aml_arg(3), aml_int(8), "CDW3"));
+aml_append(ifctx, aml_store(aml_name("CDW2"), aml_name("SUPP")));
+aml_append(ifctx, aml_store(aml_name("CDW3"), aml_name("CTRL")));
+aml_append(ifctx, aml_store(aml_and(aml_name("CTRL"),
+aml_int(ctrl_mask), NULL),
+aml_name("CTRL")));
+
+ifctx1 = 

[Qemu-devel] [PATCH v5 01/24] hw: i386: Decouple the ACPI build from the PC machine type

[Samuel Ortiz]

ACPI tables are platform and machine type and even architecture
agnostic, and as such we want to provide an internal ACPI API that
only depends on platform agnostic information.

For the x86 architecture, in order to build ACPI tables independently
from the PC or Q35 machine types, we are moving a few MachineState
structure fields into a machine type agnostic structure called
AcpiConfiguration. The structure fields we move are:

   HotplugHandler *acpi_dev
   AcpiNVDIMMState acpi_nvdimm_state;
   FWCfgState *fw_cfg
   ram_addr_t below_4g_mem_size, above_4g_mem_size
   bool apic_xrupt_override
   unsigned apic_id_limit
   uint64_t numa_nodes
   uint64_t numa_mem

Signed-off-by: Samuel Ortiz 
---
 hw/i386/acpi-build.h |   4 +-
 include/hw/acpi/acpi.h   |  44 ++
 include/hw/i386/pc.h |  19 ++---
 hw/acpi/cpu_hotplug.c|   9 +-
 hw/arm/virt-acpi-build.c |  10 ---
 hw/i386/acpi-build.c | 136 ++
 hw/i386/pc.c | 176 ---
 hw/i386/pc_piix.c|  21 ++---
 hw/i386/pc_q35.c |  21 ++---
 hw/i386/xen/xen-hvm.c|  19 +++--
 10 files changed, 257 insertions(+), 202 deletions(-)

diff --git a/hw/i386/acpi-build.h b/hw/i386/acpi-build.h
index 007332e51c..065a1d8250 100644
--- a/hw/i386/acpi-build.h
+++ b/hw/i386/acpi-build.h
@@ -2,6 +2,8 @@
 #ifndef HW_I386_ACPI_BUILD_H
 #define HW_I386_ACPI_BUILD_H
 
-void acpi_setup(void);
+#include "hw/acpi/acpi.h"
+
+void acpi_setup(MachineState *machine, AcpiConfiguration *acpi_conf);
 
 #endif
diff --git a/include/hw/acpi/acpi.h b/include/hw/acpi/acpi.h
index c20ace0d0b..254c8d0cfc 100644
--- a/include/hw/acpi/acpi.h
+++ b/include/hw/acpi/acpi.h
@@ -24,6 +24,8 @@
 #include "exec/memory.h"
 #include "hw/irq.h"
 #include "hw/acpi/acpi_dev_interface.h"
+#include "hw/hotplug.h"
+#include "hw/mem/nvdimm.h"
 
 /*
  * current device naming scheme supports up to 256 memory devices
@@ -186,6 +188,48 @@ extern int acpi_enabled;
 extern char unsigned *acpi_tables;
 extern size_t acpi_tables_len;
 
+typedef
+struct AcpiBuildState {
+/* Copy of table in RAM (for patching). */
+MemoryRegion *table_mr;
+/* Is table patched? */
+bool patched;
+void *rsdp;
+MemoryRegion *rsdp_mr;
+MemoryRegion *linker_mr;
+} AcpiBuildState;
+
+typedef
+struct AcpiConfiguration {
+/* Machine class ACPI settings */
+int legacy_acpi_table_size;
+bool rsdp_in_ram;
+unsigned acpi_data_size;
+
+/* Machine state ACPI settings */
+HotplugHandler *acpi_dev;
+AcpiNVDIMMState acpi_nvdimm_state;
+
+/*
+ * The fields below are machine settings that
+ * are not ACPI specific. However they are needed
+ * for building ACPI tables and as such should be
+ * carried through the ACPI configuration structure.
+ */
+bool legacy_cpu_hotplug;
+bool linuxboot_dma_enabled;
+FWCfgState *fw_cfg;
+ram_addr_t below_4g_mem_size, above_4g_mem_size;;
+uint64_t numa_nodes;
+uint64_t *node_mem;
+bool apic_xrupt_override;
+unsigned apic_id_limit;
+PCIHostState *pci_host;
+
+/* Build state */
+AcpiBuildState *build_state;
+} AcpiConfiguration;
+
 uint8_t *acpi_table_first(void);
 uint8_t *acpi_table_next(uint8_t *current);
 unsigned acpi_table_len(void *current);
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 136fe497b6..fed136fcdd 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -12,6 +12,7 @@
 #include "qemu/range.h"
 #include "qemu/bitmap.h"
 #include "sysemu/sysemu.h"
+#include "hw/acpi/acpi.h"
 #include "hw/pci/pci.h"
 #include "hw/compat.h"
 #include "hw/mem/pc-dimm.h"
@@ -35,10 +36,8 @@ struct PCMachineState {
 Notifier machine_done;
 
 /* Pointers to devices and objects: */
-HotplugHandler *acpi_dev;
 ISADevice *rtc;
 PCIBus *bus;
-FWCfgState *fw_cfg;
 qemu_irq *gsi;
 
 /* Configuration options: */
@@ -46,28 +45,20 @@ struct PCMachineState {
 OnOffAuto vmport;
 OnOffAuto smm;
 
-AcpiNVDIMMState acpi_nvdimm_state;
-
 bool acpi_build_enabled;
 bool smbus;
 bool sata;
 bool pit;
 
-/* RAM information (sizes, addresses, configuration): */
-ram_addr_t below_4g_mem_size, above_4g_mem_size;
-
-/* CPU and apic information: */
-bool apic_xrupt_override;
-unsigned apic_id_limit;
+/* CPU information */
 uint16_t boot_cpus;
 
-/* NUMA information: */
-uint64_t numa_nodes;
-uint64_t *node_mem;
-
 /* Address space used by IOAPIC device. All IOAPIC interrupts
  * will be translated to MSI messages in the address space. */
 AddressSpace *ioapic_as;
+
+/* ACPI configuration */
+AcpiConfiguration acpi_configuration;
 };
 
 #define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device"
diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c
index 5243918125..634dc3b846 100644
--- a/hw/acpi/cpu_hotplug.c
+++ b/hw/acpi/cpu_hotplug.c
@@ -237,9 +237,9 @@ void build_legacy_cpu_hotplug_aml(Aml 

[Qemu-devel] [PATCH v5 03/24] hw: acpi: The RSDP build API can return void

[Samuel Ortiz]

For both x86 and ARM architectures, the internal RSDP build API can
return void as the current return value is unused.

Signed-off-by: Samuel Ortiz 
---
 hw/arm/virt-acpi-build.c | 4 +---
 hw/i386/acpi-build.c | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index f28a2faa53..fc59cce769 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -367,7 +367,7 @@ static void acpi_dsdt_add_power_button(Aml *scope)
 }
 
 /* RSDP */
-static GArray *
+static void
 build_rsdp(GArray *rsdp_table, BIOSLinker *linker, unsigned xsdt_tbl_offset)
 {
 AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
@@ -392,8 +392,6 @@ build_rsdp(GArray *rsdp_table, BIOSLinker *linker, unsigned 
xsdt_tbl_offset)
 bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
 (char *)rsdp - rsdp_table->data, sizeof *rsdp,
 (char *)>checksum - rsdp_table->data);
-
-return rsdp_table;
 }
 
 static void
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 81d98fa34f..74419d0663 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2513,7 +2513,7 @@ build_amd_iommu(GArray *table_data, BIOSLinker *linker)
  "IVRS", table_data->len - iommu_start, 1, NULL, NULL);
 }
 
-static GArray *
+static void
 build_rsdp(GArray *rsdp_table, BIOSLinker *linker, unsigned rsdt_tbl_offset)
 {
 AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
@@ -2535,8 +2535,6 @@ build_rsdp(GArray *rsdp_table, BIOSLinker *linker, 
unsigned rsdt_tbl_offset)
 bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
 (char *)rsdp - rsdp_table->data, sizeof *rsdp,
 (char *)>checksum - rsdp_table->data);
-
-return rsdp_table;
 }
 
 static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg)
-- 
2.19.1

[Qemu-devel] [PATCH v5 10/24] hw: acpi: Export the PCI host and holes getters

[Samuel Ortiz]

This is going to be needed by the hardware reduced implementation, so
let's export it.
Once the ACPI builder methods and getters will be implemented, the
acpi_get_pci_host() implementation will become hardware agnostic.

Signed-off-by: Samuel Ortiz 
---
 include/hw/acpi/aml-build.h |  2 ++
 hw/acpi/aml-build.c | 43 +
 hw/i386/acpi-build.c| 47 ++---
 3 files changed, 47 insertions(+), 45 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index c27c0935ae..fde2785b9a 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -400,6 +400,8 @@ build_header(BIOSLinker *linker, GArray *table_data,
  const char *oem_id, const char *oem_table_id);
 void *acpi_data_push(GArray *table_data, unsigned size);
 unsigned acpi_data_len(GArray *table);
+Object *acpi_get_pci_host(void);
+void acpi_get_pci_holes(Range *hole, Range *hole64);
 /* Align AML blob size to a multiple of 'align' */
 void acpi_align_size(GArray *blob, unsigned align);
 void acpi_add_table(GArray *table_offsets, GArray *table_data);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 2b9a636e75..b8e32f15f7 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1601,6 +1601,49 @@ void acpi_build_tables_cleanup(AcpiBuildTables *tables, 
bool mfre)
 g_array_free(tables->vmgenid, mfre);
 }
 
+/*
+ * Because of the PXB hosts we cannot simply query TYPE_PCI_HOST_BRIDGE.
+ */
+Object *acpi_get_pci_host(void)
+{
+PCIHostState *host;
+
+host = OBJECT_CHECK(PCIHostState,
+object_resolve_path("/machine/i440fx", NULL),
+TYPE_PCI_HOST_BRIDGE);
+if (!host) {
+host = OBJECT_CHECK(PCIHostState,
+object_resolve_path("/machine/q35", NULL),
+TYPE_PCI_HOST_BRIDGE);
+}
+
+return OBJECT(host);
+}
+
+
+void acpi_get_pci_holes(Range *hole, Range *hole64)
+{
+Object *pci_host;
+
+pci_host = acpi_get_pci_host();
+g_assert(pci_host);
+
+range_set_bounds1(hole,
+  object_property_get_uint(pci_host,
+   PCI_HOST_PROP_PCI_HOLE_START,
+   NULL),
+  object_property_get_uint(pci_host,
+   PCI_HOST_PROP_PCI_HOLE_END,
+   NULL));
+range_set_bounds1(hole64,
+  object_property_get_uint(pci_host,
+   PCI_HOST_PROP_PCI_HOLE64_START,
+   NULL),
+  object_property_get_uint(pci_host,
+   PCI_HOST_PROP_PCI_HOLE64_END,
+   NULL));
+}
+
 static void crs_range_insert(GPtrArray *ranges, uint64_t base, uint64_t limit)
 {
 CrsRangeEntry *entry;
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index bd147a6bd2..a5f5f83500 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -232,49 +232,6 @@ static void acpi_get_misc_info(AcpiMiscInfo *info)
 info->applesmc_io_base = applesmc_port();
 }
 
-/*
- * Because of the PXB hosts we cannot simply query TYPE_PCI_HOST_BRIDGE.
- * On i386 arch we only have two pci hosts, so we can look only for them.
- */
-static Object *acpi_get_i386_pci_host(void)
-{
-PCIHostState *host;
-
-host = OBJECT_CHECK(PCIHostState,
-object_resolve_path("/machine/i440fx", NULL),
-TYPE_PCI_HOST_BRIDGE);
-if (!host) {
-host = OBJECT_CHECK(PCIHostState,
-object_resolve_path("/machine/q35", NULL),
-TYPE_PCI_HOST_BRIDGE);
-}
-
-return OBJECT(host);
-}
-
-static void acpi_get_pci_holes(Range *hole, Range *hole64)
-{
-Object *pci_host;
-
-pci_host = acpi_get_i386_pci_host();
-g_assert(pci_host);
-
-range_set_bounds1(hole,
-  object_property_get_uint(pci_host,
-   PCI_HOST_PROP_PCI_HOLE_START,
-   NULL),
-  object_property_get_uint(pci_host,
-   PCI_HOST_PROP_PCI_HOLE_END,
-   NULL));
-range_set_bounds1(hole64,
-  object_property_get_uint(pci_host,
-   PCI_HOST_PROP_PCI_HOLE64_START,
-   NULL),
-  object_property_get_uint(pci_host,
-   PCI_HOST_PROP_PCI_HOLE64_END,
-   NULL));
-}
-
 /* FACS */
 static void
 build_facs(GArray *table_data, BIOSLinker *linker)

[Qemu-devel] [PATCH v5 09/24] hw: i386: Move PCI host definitions to pci_host.h

[Samuel Ortiz]

The PCI hole properties are not pc or i386 specific. They belong to the
PCI host header instead.

Signed-off-by: Samuel Ortiz 
---
 include/hw/i386/pc.h  | 5 -
 include/hw/pci/pci_host.h | 6 ++
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index fed136fcdd..bbbdb33ea3 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -182,11 +182,6 @@ void pc_acpi_init(const char *default_dsdt);
 
 void pc_guest_info_init(PCMachineState *pcms);
 
-#define PCI_HOST_PROP_PCI_HOLE_START   "pci-hole-start"
-#define PCI_HOST_PROP_PCI_HOLE_END "pci-hole-end"
-#define PCI_HOST_PROP_PCI_HOLE64_START "pci-hole64-start"
-#define PCI_HOST_PROP_PCI_HOLE64_END   "pci-hole64-end"
-#define PCI_HOST_PROP_PCI_HOLE64_SIZE  "pci-hole64-size"
 #define PCI_HOST_BELOW_4G_MEM_SIZE "below-4g-mem-size"
 #define PCI_HOST_ABOVE_4G_MEM_SIZE "above-4g-mem-size"
 
diff --git a/include/hw/pci/pci_host.h b/include/hw/pci/pci_host.h
index ba31595fc7..e343f4d9ca 100644
--- a/include/hw/pci/pci_host.h
+++ b/include/hw/pci/pci_host.h
@@ -38,6 +38,12 @@
 #define PCI_HOST_BRIDGE_GET_CLASS(obj) \
  OBJECT_GET_CLASS(PCIHostBridgeClass, (obj), TYPE_PCI_HOST_BRIDGE)
 
+#define PCI_HOST_PROP_PCI_HOLE_START   "pci-hole-start"
+#define PCI_HOST_PROP_PCI_HOLE_END "pci-hole-end"
+#define PCI_HOST_PROP_PCI_HOLE64_START "pci-hole64-start"
+#define PCI_HOST_PROP_PCI_HOLE64_END   "pci-hole64-end"
+#define PCI_HOST_PROP_PCI_HOLE64_SIZE  "pci-hole64-size"
+
 struct PCIHostState {
 SysBusDevice busdev;
 
-- 
2.19.1

[Qemu-devel] [PATCH v5 02/24] hw: acpi: Export ACPI build alignment API

[Samuel Ortiz]

This is going to be needed by the Hardware-reduced ACPI routines.

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Samuel Ortiz 
---
 include/hw/acpi/aml-build.h | 2 ++
 hw/acpi/aml-build.c | 8 
 hw/i386/acpi-build.c| 8 
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 6c36903c0a..73fc6659f2 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -384,6 +384,8 @@ build_header(BIOSLinker *linker, GArray *table_data,
  const char *oem_id, const char *oem_table_id);
 void *acpi_data_push(GArray *table_data, unsigned size);
 unsigned acpi_data_len(GArray *table);
+/* Align AML blob size to a multiple of 'align' */
+void acpi_align_size(GArray *blob, unsigned align);
 void acpi_add_table(GArray *table_offsets, GArray *table_data);
 void acpi_build_tables_init(AcpiBuildTables *tables);
 void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 1e43cd736d..51b608432f 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1565,6 +1565,14 @@ unsigned acpi_data_len(GArray *table)
 return table->len;
 }
 
+void acpi_align_size(GArray *blob, unsigned align)
+{
+/* Align size to multiple of given size. This reduces the chance
+ * we need to change size in the future (breaking cross version migration).
+ */
+g_array_set_size(blob, ROUND_UP(acpi_data_len(blob), align));
+}
+
 void acpi_add_table(GArray *table_offsets, GArray *table_data)
 {
 uint32_t offset = table_data->len;
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index d0362e1382..81d98fa34f 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -282,14 +282,6 @@ static void acpi_get_pci_holes(Range *hole, Range *hole64)
NULL));
 }
 
-static void acpi_align_size(GArray *blob, unsigned align)
-{
-/* Align size to multiple of given size. This reduces the chance
- * we need to change size in the future (breaking cross version migration).
- */
-g_array_set_size(blob, ROUND_UP(acpi_data_len(blob), align));
-}
-
 /* FACS */
 static void
 build_facs(GArray *table_data, BIOSLinker *linker)
-- 
2.19.1

[Qemu-devel] [PATCH v5 00/24] ACPI reorganization for hardware-reduced API addition

[Samuel Ortiz]

This patch set provides an ACPI code reorganization in preparation for
adding a shared hardware-reduced ACPI API to QEMU.

The changes are coming from the NEMU [1] project where we're defining
a new x86 machine type: i386/virt. This is an EFI only, ACPI
hardware-reduced platform that is built on top of a generic
hardware-reduced ACPI API [2]. This API was initially based off the
generic parts of the arm/virt-acpi-build.c implementation, and the goal
is for both i386/virt and arm/virt to duplicate as little code as
possible by using this new, shared API.

As a preliminary for adding this hardware-reduced ACPI API to QEMU, we did
some ACPI code reorganization with the following goals:

* Share as much as possible of the current ACPI build APIs between
  legacy and hardware-reduced ACPI.
* Share the ACPI build code across machine types and architectures and
  remove the typical PC machine type dependency.

The patches are also available in their own git branch [3].

[1] https://github.com/intel/nemu
[2] https://github.com/intel/nemu/blob/topic/virt-x86/hw/acpi/reduced.c
[3] https://github.com/intel/nemu/tree/topic/upstream/acpi

v1 -> v2:
   * Drop the hardware-reduced implementation for now. Our next patch
   * set
 will add hardware-reduced and convert arm/virt to it.
   * Implement the ACPI build methods as a QOM Interface Class and
   * convert
 the PC machine type to it.
   * acpi_conf_pc_init() uses a PCMachineState pointer and not a
 MachineState one as its argument.

v2 -> v3:
   * Cc all relevant maintainers, no functional changes.

v3 -> v4:
   * Renamed all AcpiConfiguration pointers from conf to acpi_conf.
   * Removed the ACPI_BUILD_ALIGN_SIZE export.
   * Temporarily updated the arm virt build_rsdp() prototype for
 bisectability purposes.
   * Removed unneeded pci headers from acpi-build.c.
   * Refactor the acpi PCI host getter so that it truly is architecture
 agnostic, by carrying the PCI host pointer through the
 AcpiConfiguration structure.
   * Splitted the PCI host AML builder API export patch from the PCI
 host and holes getter one.
   * Reduced the build_srat() export scope to hw/i386 instead of the
 broader hw/acpi. SRAT builders are truly architecture specific
 and can hardly be generalized.
   * Completed the ACPI builder documentation.

v4 -> v5:
   * Reorganize the ACPI RSDP export and XSDT implementation into 3
 patches.
   * Fix the hw/i386/acpi header inclusions.

Samuel Ortiz (16):
  hw: i386: Decouple the ACPI build from the PC machine type
  hw: acpi: Export ACPI build alignment API
  hw: acpi: The RSDP build API can return void
  hw: acpi: Export the RSDP build API
  hw: acpi: Implement XSDT support for RSDP
  hw: acpi: Factorize the RSDP build API implementation
  hw: i386: Move PCI host definitions to pci_host.h
  hw: acpi: Export the PCI host and holes getters
  hw: acpi: Do not create hotplug method when handler is not defined
  hw: i386: Make the hotpluggable memory size property more generic
  hw: i386: Export the i386 ACPI SRAT build method
  hw: i386: Export the MADT build method
  hw: acpi: Define ACPI tables builder interface
  hw: i386: Implement the ACPI builder interface for PC
  hw: pci-host: piix: Return PCI host pointer instead of PCI bus
  hw: i386: Set ACPI configuration PCI host pointer

Sebastien Boeuf (2):
  hw: acpi: Export the PCI hotplug API
  hw: acpi: Retrieve the PCI bus from AcpiPciHpState

Yang Zhong (6):
  hw: acpi: Generalize AML build routines
  hw: acpi: Factorize _OSC AML across architectures
  hw: acpi: Export and generalize the PCI host AML API
  hw: acpi: Export the MCFG getter
  hw: acpi: Fix memory hotplug AML generation error
  hw: i386: Refactor PCI host getter

 hw/i386/acpi-build.h   |9 +-
 include/hw/acpi/acpi-defs.h|   14 +
 include/hw/acpi/acpi.h |   44 ++
 include/hw/acpi/aml-build.h|   47 ++
 include/hw/acpi/builder.h  |  100 +++
 include/hw/i386/acpi.h |   28 +
 include/hw/i386/pc.h   |   49 +-
 include/hw/mem/memory-device.h |2 +
 include/hw/pci/pci_host.h  |6 +
 hw/acpi/aml-build.c|  981 +
 hw/acpi/builder.c  |   97 +++
 hw/acpi/cpu.c  |8 +-
 hw/acpi/cpu_hotplug.c  |9 +-
 hw/acpi/memory_hotplug.c   |   21 +-
 hw/acpi/pcihp.c|   10 +-
 hw/arm/virt-acpi-build.c   |   93 +--
 hw/i386/acpi-build.c   | 1072 +++-
 hw/i386/pc.c   |  198 +++---
 hw/i386/pc_piix.c  |   36 +-
 hw/i386/pc_q35.c   |   22 +-
 hw/i386/xen/xen-hvm.c  |   19 +-
 hw/pci-host/piix.c |   32 +-
 stubs/pci-host-piix.c  |6 -
 hw/acpi/Makefile.objs  |1 +
 stubs/Makefile.objs|1 -
 25 files changed, 1644 insertions(+), 1261 deletions(-)
 create mode 100644 include/hw/acpi/builder.h
 create mode 100644 include/hw/i386/acpi.h
 

Re: [Qemu-devel] [PATCH v2 0/5] Various option help readability improvement suggestions

[Max Reitz]

Ping.  I don't quite want the help output to change in 3.1 only to
change it to something else in 3.2.

(And at some point into freeze we have to consider just merging one of
the many simple 082 reference output "fixes", which I really don't want,
because I still consider the test "broken for a reason"(tm).)

Max


On 19.10.18 18:49, Max Reitz wrote:
> I noticed that with the (more or less) recent series from Marc-André the
> output of qemu-img amend -f qcow2 -o help changed to this:
> 
> $ ./qemu-img amend -f qcow2 -o help
> Creation options for 'qcow2':
> qcow2-create-opts.backing_file=str - File name of a base image
> qcow2-create-opts.backing_fmt=str - Image format of the base image
> qcow2-create-opts.cluster_size=size - qcow2 cluster size
> qcow2-create-opts.compat=str - Compatibility level (0.10 or 1.1)
> [...]
> 
> The types are a nice addition, but I didn't like having the list name
> printed in every single line (in fact, the list name does not make any
> sense here at all, because there already is a caption which reads
> "Creation options for 'qcow2'"), and I did not like the use of '=' for
> types.
> 
> In general, I don't like the robot-y appearance, which is even worse in
> things like -device virtio-blk,help, which gives you this (among
> other lines):
> 
>> virtio-blk-pci.iothread=link
> 
> Sadly, there isn't much we can do about the "link", so this
> series doesn't improve on that point.
> 
> What this series does do, however, is it changes these lists not to
> print the list name on every single line, but only as a caption (and for
> option lists, this caption is option, because the caller may want to
> print a custom caption that is more expressive -- as is the case for
> qemu-img amend -o help).
> 
> Consequentially, all list items are indented by two spaces to make clear
> they belong to the caption.  I can already see that some people might
> disagree on having this indentation, but I like it, so I have it in this
> series.
> 
> Furthermore, types are now enclosed by angle brackets, and the alignment
> we originally had for descriptions is restored (although now after 24
> instead of 16 characters, because every option name is now accompanied
> by indentation and a type).
> 
> 
> Thus, after this series, the amend output looks like this:
> 
> $ ./qemu-img amend -f qcow2 -o help
> Creation options for 'qcow2':
>   backing_file= - File name of a base image
>   backing_fmt=  - Image format of the base image
>   cluster_size=- qcow2 cluster size
>   compat=   - Compatibility level (0.10 or 1.1)
> [...]
> 
> 
> virtio-blk's list presents itself like so:
> 
> $ x86_64-softmmu/qemu-system-x86_64 -device virtio-blk,help
> virtio-blk-pci options:
>   iothread=>
>   request-merging= - on/off
>   secs=
> [...]
> 
> 
> And now we even print something when there are no options:
> 
> $ x86_64-softmmu/qemu-system-x86_64 -object can-bus,help
> There are no options for can-bus.
> 
> (Before this series, there just is no output.)
> 
> 
> As a side effect, patch 1 fixes iotest 082.
> 
> 
> v2:
> - Patch 1:
>   - Abandon the "$name: $type" formatting in favor of "$name=<$type>"
> [Marc-André, at least the "abandon" part]
>   - Restore description alignment [Kevin]
>   - Do the alignment when generating each line's GString instead of when
> printing them.  This results in less lines modified and allows the
> compiler to optimize the printf("%s\n", x) to puts(x).
> - Patch 3:
>   - Same changes as above, with the addition of also separating the
> description with " - " instead of enclosing it in parentheses (to
> match the other places)
>   - Also, we never did align the descriptions here, so this is not
> "restore" but "introduce description alignment".
> - Patch 4:
>   - Same as patch 1, but again with the catch of s/restore/introduce/.
> 
> 
> git-backport-diff against v1:
> 
> Key:
> [] : patches are identical
> [] : number of functional differences between upstream/downstream patch
> [down] : patch is downstream-only
> The flags [FC] indicate (F)unctional and (C)ontextual differences, 
> respectively
> 
> 001/5:[0963] [FC] 'option: Make option help nicer to read'
> 002/5:[] [--] 'chardev: Indent list of chardevs'
> 003/5:[0008] [FC] 'qdev-monitor: Make device options help nicer'
> 004/5:[0007] [FC] 'object: Make option help nicer to read'
> 005/5:[] [--] 'fw_cfg: Drop newline in @file description'
> 
> 
> Max Reitz (5):
>   option: Make option help nicer to read
>   chardev: Indent list of chardevs
>   qdev-monitor: Make device options help nicer
>   object: Make option help nicer to read
>   fw_cfg: Drop newline in @file description
> 
>  include/qemu/option.h  |   2 +-
>  chardev/char.c |   2 +-
>  qdev-monitor.c |  13 +-
>  qemu-img.c |   4 +-
>  util/qemu-option.c |  32 +-
>  vl.c   |  15 +-
>  tests/qemu-iotests/082.out | 956 ++---
>  

Re: [Qemu-devel] [PATCH v4 5/8] block: Fix potential Null pointer dereferences in vvfat.c

[Max Reitz]

On 19.10.18 22:39, Liam Merwick wrote:
> The calls to find_mapping_for_cluster() may return NULL but it
> isn't always checked for before dereferencing the value returned.
> Additionally, add some asserts to cover cases where NULL can't
> be returned but which might not be obvious at first glance.
> 
> Signed-off-by: Liam Merwick 
> ---
>  block/vvfat.c | 33 -
>  1 file changed, 28 insertions(+), 5 deletions(-)
> 
> diff --git a/block/vvfat.c b/block/vvfat.c
> index fc41841a5c3c..19f6725054a0 100644
> --- a/block/vvfat.c
> +++ b/block/vvfat.c
> @@ -100,6 +100,7 @@ static inline void array_free(array_t* array)
>  /* does not automatically grow */
>  static inline void* array_get(array_t* array,unsigned int index) {
>  assert(index < array->next);
> +assert(array->pointer);
>  return array->pointer + index * array->item_size;
>  }
>  
> @@ -108,8 +109,7 @@ static inline int array_ensure_allocated(array_t* array, 
> int index)
>  if((index + 1) * array->item_size > array->size) {
>  int new_size = (index + 32) * array->item_size;
>  array->pointer = g_realloc(array->pointer, new_size);
> -if (!array->pointer)
> -return -1;
> +assert(array->pointer);

It would make sense to make this function not return any value (because
it just always returns 0 now), but I fully understand if you don't want
to mess around with vvfat more than you have to.  (Neither do I.)

>  memset(array->pointer + array->size, 0, new_size - array->size);
>  array->size = new_size;
>  array->next = index + 1;
> @@ -2261,6 +2261,9 @@ static mapping_t* insert_mapping(BDRVVVFATState* s,
>  }
>  if (index >= s->mapping.next || mapping->begin > begin) {
>  mapping = array_insert(&(s->mapping), index, 1);
> +if (mapping == NULL) {
> +return NULL;
> +}

array_insert() will never return NULL.

>  mapping->path = NULL;
>  adjust_mapping_indices(s, index, +1);
>  }
> @@ -2428,6 +2431,9 @@ static int commit_direntries(BDRVVVFATState* s,
>  direntry_t* direntry = array_get(&(s->directory), dir_index);
>  uint32_t first_cluster = dir_index == 0 ? 0 : 
> begin_of_direntry(direntry);
>  mapping_t* mapping = find_mapping_for_cluster(s, first_cluster);
> +if (mapping == NULL) {
> +return -1;
> +}

This should be moved below the declarations that still follow here.

>  
>  int factor = 0x10 * s->sectors_per_cluster;
>  int old_cluster_count, new_cluster_count;

[...]

> @@ -3193,6 +3215,7 @@ static int enable_write_target(BlockDriverState *bs, 
> Error **errp)
>  
>  backing = bdrv_new_open_driver(_write_target, NULL, 
> BDRV_O_ALLOW_RDWR,
> _abort);
> +assert(backing);
>  *(void**) backing->opaque = s;

I personally wouldn't use an assert() here because it's clear that the
value is dereferenced immediately, so that is the assertion that it is
non-NULL, but I won't give too much of a fight.

The thing is, I believe we should write code for humans, not machines.
Fixing machines to understand what we produce is possible -- fixing
humans is more difficult.

On top of that, it would be a bug if NULL is returned and it would be
good if a static analyzer could catch that case.  Just fully silencing
it with assert() is not ideal.  Ideal would be if it would know that
setting _abort to any value crashes the program, and could thus
infer whether this function will actually ever get to return NULL when
_abort has been passed to it.

Max

>  
>  bdrv_set_backing_hd(s->bs, backing, _abort);
> 




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v4 6/8] block: dump_qlist() may dereference a Null pointer

[Max Reitz]

On 19.10.18 22:39, Liam Merwick wrote:
> A NULL 'list' passed into function dump_qlist() isn't correctly
> validated and can be passed to qlist_first() where it is dereferenced.
> 
> Given that dump_qlist() is static, and callers already do the right
> thing, just add an assert to catch future potential bugs (plus the
> added benefit of suppressing a warning from a static analysis tool
> and removing this noise will help us better find real issues).

But can't you fix the tool?  My opinion is still that large parts of our
code do not assert that some parameter is not NULL, and I think it isn't
a good idea to make them assert that.  I don't know what makes this
function special, and I wonder why it is special to your tool -- as I've
said in the last version, dump_qdict() is basically the same in this
regard.  I wonder why your tool doesn't mind that.

Can you not whitelist something as false positives?  I know we have a
lot of those in Coverity, and we just mark them as such, and that's it.

Finally, one could argue that the nonnull GCC function attribute would
be a better fit, actually.

But overall, I just don't think it's a good idea to start changing the
code to accommodate for false positives in static analyzers, because in
my experience the number of false positives only rises with time.

Max

> Signed-off-by: Liam Merwick 
> Reviewed-by: Eric Blake 
> ---
>  block/qapi.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/block/qapi.c b/block/qapi.c
> index c66f949db839..e81be604217c 100644
> --- a/block/qapi.c
> +++ b/block/qapi.c
> @@ -740,6 +740,8 @@ static void dump_qlist(fprintf_function func_fprintf, 
> void *f, int indentation,
>  const QListEntry *entry;
>  int i = 0;
>  
> +assert(list);
> +
>  for (entry = qlist_first(list); entry; entry = qlist_next(entry), i++) {
>  QType type = qobject_type(entry->value);
>  bool composite = (type == QTYPE_QDICT || type == QTYPE_QLIST);
> 




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v4 4/8] qemu-img: assert block_job_get() does not return NULL in img_commit()

[Max Reitz]

On 19.10.18 22:39, Liam Merwick wrote:
> Although the function block_job_get() can return NULL, it would be a
> serious bug if it did so (because the job yields before executing anything
> (if it started successfully); but otherwise, commit_active_start() would
> have returned an error).  However, as a precaution, before dereferencing
> the 'job' pointer in img_commit() assert it is not NULL.

(In the meantime, Markus has argued to me in some other case that
asserting that something isn't NULL is just as good as just
dereferencing it.  Oh well, I still don't mind either way.)

> Signed-off-by: Liam Merwick 
> ---
>  qemu-img.c | 1 +
>  1 file changed, 1 insertion(+)

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v4 3/8] block: Null pointer dereference in blk_root_get_parent_desc()

[Max Reitz]

On 19.10.18 22:39, Liam Merwick wrote:
> The dev_id returned by the call to blk_get_attached_dev_id() in
> blk_root_get_parent_desc() can be NULL (an internal call to
> object_get_canonical_path may have returned NULL).
> 
> Instead of just checking this case before before dereferencing,
> adjust blk_get_attached_dev_id() to return the empty string if no
> object path can be found (similar to the case when blk->dev is NULL
> and an empty string is returned).
> 
> Signed-off-by: Liam Merwick 
> ---
>  block/block-backend.c | 6 +-
>  dtc   | 2 +-
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/block/block-backend.c b/block/block-backend.c
> index dc0cd5772413..e628920f3cd8 100644
> --- a/block/block-backend.c
> +++ b/block/block-backend.c
> @@ -909,6 +909,7 @@ void *blk_get_attached_dev(BlockBackend *blk)
>  char *blk_get_attached_dev_id(BlockBackend *blk)
>  {
>  DeviceState *dev;
> +char *dev_id;
>  
>  assert(!blk->legacy_dev);
>  dev = blk->dev;
> @@ -918,7 +919,10 @@ char *blk_get_attached_dev_id(BlockBackend *blk)
>  } else if (dev->id) {
>  return g_strdup(dev->id);
>  }
> -return object_get_canonical_path(OBJECT(dev));
> +
> +dev_id = object_get_canonical_path(OBJECT(dev));
> +
> +return dev_id ? dev_id : g_strdup("");
>  }
>  
>  /*

Looks good, but since you'll have to respin anyway because of the hunk
below, you may want to consider

return object_get_canonical_path(OBJECT(dev)) ?: g_strdup("");

instead.  (We have several instances of binary "?:" in the code already,
so it's fine to use it.  Of course you don't have to, though, if you
don't like it.)

> diff --git a/dtc b/dtc
> index 88f18909db73..e54388015af1 16
> --- a/dtc
> +++ b/dtc
> @@ -1 +1 @@
> -Subproject commit 88f18909db731a627456f26d779445f84e449536
> +Subproject commit e54388015af1fb4bf04d0bca99caba1074d9cc42

I don't think this hunk belongs here.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] block: Make more block drivers compile-time configurable

[Max Reitz]

On 19.10.18 13:34, Markus Armbruster wrote:
> From: Jeff Cody 
> 
> This adds configure options to control the following block drivers:
> 
> * Bochs
> * Cloop
> * Dmg
> * Qcow (V1)
> * Vdi
> * Vvfat
> * qed
> * parallels
> * sheepdog
> 
> Each of these defaults to being enabled.
> 
> Signed-off-by: Jeff Cody 
> Signed-off-by: Markus Armbruster 
> ---
> 
> Hmm, we got quite a few --enable-BLOCK-DRIVER now.  Perhaps a single
> list-valued option similar --target-list would be better.  Could be
> done on top.
> 
>  block/Makefile.objs | 22 ---
>  configure   | 91 +
>  2 files changed, 107 insertions(+), 6 deletions(-)
> 
> diff --git a/block/Makefile.objs b/block/Makefile.objs
> index c8337bf186..1cad9fc4f1 100644
> --- a/block/Makefile.objs
> +++ b/block/Makefile.objs

[...]

> @@ -45,7 +54,8 @@ gluster.o-libs := $(GLUSTERFS_LIBS)
>  vxhs.o-libs:= $(VXHS_LIBS)
>  ssh.o-cflags   := $(LIBSSH2_CFLAGS)
>  ssh.o-libs := $(LIBSSH2_LIBS)
> -block-obj-$(if $(CONFIG_BZIP2),m,n) += dmg-bz2.o
> +block-obj-dmg-bz2$(if $(CONFIG_BZIP2),m,n) += dmg-bz2.o
> +block-obj-$(CONFIG_DMG) += $(block-obj-dmg-bz2-y)

This defines "block-obj-dmg-bz2m" or "block-obj-dmg-bz2n", so
"block-obj-dmg-bz2-y" is never defined (note both the missing hyphen and
the "m" vs. "y").

How about:

block-obj-dmg-bz2-$(CONFIG_BZIP2) += dmg-bz2.o
block-obj-$(if $(CONFIG_DMG),m,n) += $(block-obj-dmg-bz2-y)

Bonus point: The "+=" are naturally aligned!

(Fun fact on the side: I tried downloading some dmg image, but qemu
refused to open that.  ("sector count 409600 for chunk 4 is larger than
max (131072)" -- yeah, yeah, I know that I'm not the largest guy) -- but
you can test it just by replacing "dmg-bz2.o" by "does-not-exist.o", and
then make complains normally, but stops complaining with --disable-dmg
or --disable-bzip2.)

Max

>  dmg-bz2.o-libs := $(BZIP2_LIBS)
>  qcow.o-libs:= -lz
>  linux-aio.o-libs   := -laio



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3 1/8] README: use 'https://' instead of 'git://'

[Philippe Mathieu-Daudé]

On 4/11/18 12:24, Stefan Hajnoczi wrote:

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Reported-by: Jann Horn 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Stefan Hajnoczi 


Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 


---
  README | 4 ++--
  pc-bios/README | 4 ++--
  2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README b/README
index 49a9fd09cd..441c33eb2f 100644
--- a/README
+++ b/README
@@ -54,7 +54,7 @@ Submitting patches
  
  The QEMU source code is maintained under the GIT version control system.
  
-   git clone git://git.qemu.org/qemu.git

+   git clone https://git.qemu.org/git/qemu.git
  
  When submitting patches, one common approach is to use 'git

  format-patch' and/or 'git send-email' to format & send the mail to the
@@ -70,7 +70,7 @@ the QEMU website
  
  The QEMU website is also maintained under source control.
  
-  git clone git://git.qemu.org/qemu-web.git

+  git clone https://git.qemu.org/git/qemu-web.git
https://www.qemu.org/2017/02/04/the-new-qemu-website-is-up/
  
  A 'git-publish' utility was created to make above process less

diff --git a/pc-bios/README b/pc-bios/README
index 90f0fa7aa7..b572e9eb00 100644
--- a/pc-bios/README
+++ b/pc-bios/README
@@ -23,7 +23,7 @@
legacy x86 software to communicate with an attached serial console as
if a video card were attached.  The master sources reside in a subversion
repository at http://sgabios.googlecode.com/svn/trunk.  A git mirror is
-  available at git://git.qemu.org/sgabios.git.
+  available at https://git.qemu.org/git/sgabios.git.
  
  - The PXE roms come from the iPXE project. Built with BANNER_TIME 0.

Sources available at http://ipxe.org.  Vendor:Device ID -> ROM mapping:
@@ -40,7 +40,7 @@
  
  - The u-boot binary for e500 comes from the upstream denx u-boot project where

it was compiled using the qemu-ppce500 target.
-  A git mirror is available at: git://git.qemu.org/u-boot.git
+  A git mirror is available at: https://git.qemu.org/git/u-boot.git
The hash used to compile the current version is: 2072e72
  
  - Skiboot (https://github.com/open-power/skiboot/) is an OPAL

Re: [Qemu-devel] [PATCH v3 2/8] get_maintainer: use 'https://' instead of 'git://'

[Philippe Mathieu-Daudé]

Hi Stefan,

On 4/11/18 12:24, Stefan Hajnoczi wrote:

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Reported-by: Jann Horn 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Stefan Hajnoczi 
---
  scripts/get_maintainer.pl | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl
index 43fb5f512f..fc7275b9e2 100755
--- a/scripts/get_maintainer.pl
+++ b/scripts/get_maintainer.pl
@@ -1376,7 +1376,7 @@ sub vcs_exists {
warn("$P: No supported VCS found.  Add --nogit to options?\n");
warn("Using a git repository produces better results.\n");
warn("Try latest git repository using:\n");
-   warn("git clone git://git.qemu.org/qemu.git\n");
+   warn("git clone https//git.qemu.org/git/qemu.git\n");


You missed the ':' in the scheme. Once fixed:
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 


$printed_novcs = 1;
  }
  return 0;

Re: [Qemu-devel] [PATCH v3 8/8] docker: use HTTPS git URL for virglrenderer

[Philippe Mathieu-Daudé]

On 4/11/18 12:24, Stefan Hajnoczi wrote:

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Cc: Philippe Mathieu-Daudé 
Suggested-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 


Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 


---
  tests/docker/dockerfiles/debian-amd64.docker | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/docker/dockerfiles/debian-amd64.docker 
b/tests/docker/dockerfiles/debian-amd64.docker
index eb13f06ed1..24b113b76f 100644
--- a/tests/docker/dockerfiles/debian-amd64.docker
+++ b/tests/docker/dockerfiles/debian-amd64.docker
@@ -24,7 +24,7 @@ RUN DEBIAN_FRONTEND=noninteractive eatmydata \
  libegl1-mesa-dev \
  libepoxy-dev \
  libgbm-dev
-RUN git clone git://anongit.freedesktop.org/virglrenderer 
/usr/src/virglrenderer
+RUN git clone https://anongit.freedesktop.org/git/virglrenderer.git 
/usr/src/virglrenderer
  RUN cd /usr/src/virglrenderer && ./autogen.sh && ./configure --with-glx 
--disable-tests && make install
  
  # netmap

Re: [Qemu-devel] [PATCH v3 7/8] target-alpha: use HTTPS git URL for palcode

[Philippe Mathieu-Daudé]

On 4/11/18 12:24, Stefan Hajnoczi wrote:

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Cc: Richard Henderson 
Suggested-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 


Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 


---
  pc-bios/README | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pc-bios/README b/pc-bios/README
index 8f98c07a74..20f7c33c24 100644
--- a/pc-bios/README
+++ b/pc-bios/README
@@ -36,7 +36,7 @@
1af4:1000 -> pxe-virtio.rom
  
  - The sources for the Alpha palcode image is available from:

-  git://github.com/rth7680/qemu-palcode.git
+  https://github.com/rth7680/qemu-palcode.git
  
  - The u-boot binary for e500 comes from the upstream denx u-boot project where

it was compiled using the qemu-ppce500 target.

Re: [Qemu-devel] [PATCH v3 6/8] pc-testdev: use HTTPS git URL

[Philippe Mathieu-Daudé]

On 4/11/18 12:24, Stefan Hajnoczi wrote:

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Cc: Paolo Bonzini 
Suggested-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 


Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 


---
  hw/misc/pc-testdev.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/misc/pc-testdev.c b/hw/misc/pc-testdev.c
index 697eb88c97..0aee04f231 100644
--- a/hw/misc/pc-testdev.c
+++ b/hw/misc/pc-testdev.c
@@ -32,7 +32,7 @@
   * -kernel /home/lmr/Code/virt-test.git/kvm/unittests/msr.flat
   *
   * Where msr.flat is one of the KVM unittests, present on a separate repo,
- * git://git.kernel.org/pub/scm/virt/kvm/kvm-unit-tests.git
+ * https://git.kernel.org/pub/scm/virt/kvm/kvm-unit-tests.git
  */
  
  #include "qemu/osdep.h"

Re: [Qemu-devel] [PATCH] qga-win: fix leaks of build_guest_disk_info()

[Philippe Mathieu-Daudé]

On 3/11/18 14:01, Marc-André Lureau wrote:

Introduced in commit b1ba8890e63ce9432c41c5c3fc229f54c87c9c99, vol_h
handle should be closed, and "out" cleanup should be done after
DeviceIoControl() fails.

Signed-off-by: Marc-André Lureau 


Reviewed-by: Philippe Mathieu-Daudé 


---
  qga/commands-win32.c | 5 -
  1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index ef1d7d48d2..62e1b51dfe 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -797,7 +797,7 @@ static GuestDiskAddressList *build_guest_disk_info(char 
*guid, Error **errp)
  0, extents, size, NULL, NULL)) {
  error_setg_win32(errp, GetLastError(),
  "failed to get disk extents");
-return NULL;
+goto out;
  }
  } else if (last_err == ERROR_INVALID_FUNCTION) {
  /* Possibly CD-ROM or a shared drive. Try to pass the volume */
@@ -855,6 +855,9 @@ static GuestDiskAddressList *build_guest_disk_info(char 
*guid, Error **errp)
  
  
  out:

+if (vol_h != INVALID_HANDLE_VALUE) {
+CloseHandle(vol_h);
+}
  qapi_free_GuestDiskAddress(disk);
  g_free(extents);
  g_free(name);

[Qemu-devel] [qemu-web PATCH] Use 'https://' instead of 'git://'

[Paolo Bonzini]

Jeff Cody has enabled git smart HTTP support on qemu.org.  From now on HTTPS is
the preferred protocol because it adds some protection against
man-in-the-middle when cloning a repo.

This patch series updates git:// URLs and changes them to https://.  The 
https:// URL format is:

  https://git.qemu.org/git/.git

The old git:// URL format was:

  git://git.qemu.org/.git

Signed-off-by: Paolo Bonzini 
---
 _download/source.html | 2 +-
 contribute.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/_download/source.html b/_download/source.html
index 33cba41..aacd1e0 100644
--- a/_download/source.html
+++ b/_download/source.html
@@ -24,7 +24,7 @@ make
{% endfor %}
 
To download and build QEMU from git:
-git clone git://git.qemu.org/qemu.git
+git clone https://git.qemu.org/git/qemu.git
 cd qemu
 git submodule init
 git submodule update --recursive
diff --git a/contribute.md b/contribute.md
index eb0f281..56306e0 100644
--- a/contribute.md
+++ b/contribute.md
@@ -5,7 +5,7 @@ permalink: /contribute/
 
 * Report a bug: 
[https://bugs.launchpad.net/qemu/](https://bugs.launchpad.net/qemu/)[How to 
report a bug](report-a-bug/)
 
-* Clone ([or browse](https://git.qemu.org/?p=qemu.git)) the git repository: 
`git clone git://git.qemu.org/qemu.git`
+* Clone ([or browse](https://git.qemu.org/?p=qemu.git)) the git repository: 
`git clone https://git.qemu.org/git/qemu.git`
 
 * Join the mailing list: 
[qemu-devel@nongnu.org](https://lists.nongnu.org/mailman/listinfo/qemu-devel)[See
 the list of QEMU mailing lists](https://wiki.qemu.org/MailingLists)
 
-- 
2.17.1

Re: [Qemu-devel] [PATCH v3 0/8] Use 'https://' instead of 'git://'

[Paolo Bonzini]

On 04/11/2018 12:24, Stefan Hajnoczi wrote:
> v3:
>  * Fix broken openhackware URL [Eric]
>  * Convert a few remaining URLs [Eric]
> v2:
>  * Use HTTPS for repo.or.cz [Eric]
> 
> Jeff Cody has enabled git smart HTTP support on qemu.org.  From now on HTTPS 
> is
> the preferred protocol because it adds some protection against
> man-in-the-middle when cloning a repo.
> 
> This patch series updates git:// URLs and changes them to https://.  The 
> https:// URL format is:
> 
>   https://git.qemu.org/git/.git
> 
> The old git:// URL format was:
> 
>   git://git.qemu.org/.git
> 
> I have also updated git://github.com/ and repo.or.cz URLs because they offer 
> HTTPS.
> 
> I have tested that submodules continue to work after the change to 
> .gitmodules.

Thanks!  I've send a similar patch for qemu-web.git.

Paolo

> 
> Stefan Hajnoczi (8):
>   README: use 'https://' instead of 'git://'
>   get_maintainer: use 'https://' instead of 'git://'
>   MAINTAINERS: use 'https://' instead of 'git://' for GitHub
>   gitmodules: use 'https://' instead of 'git://'
>   git: use HTTPS git URLs for repo.or.cz
>   pc-testdev: use HTTPS git URL
>   target-alpha: use HTTPS git URL for palcode
>   docker: use HTTPS git URL for virglrenderer
> 
>  MAINTAINERS  | 88 ++--
>  hw/misc/pc-testdev.c |  2 +-
>  .gitmodules  | 34 
>  README   |  4 +-
>  pc-bios/README   |  8 +-
>  scripts/get_maintainer.pl|  2 +-
>  tests/docker/dockerfiles/debian-amd64.docker |  2 +-
>  7 files changed, 70 insertions(+), 70 deletions(-)
> 

Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state

[Paolo Bonzini]

On 02/11/2018 13:35, Dr. David Alan Gilbert wrote:
>>
>> Personally, I would like to say that, starting from QEMU 3.2, enabling
>> nested VMX requires a 4.20 kernel.  It's a bit bold, but I think it's a
>> good way to keep some sanity.  Any opinions on that?
> That seems a bit mean; there's a lot of people already using nested.

True.  However, a more complete version of the "plan" is that they could
continue using it, but only with a pre-3.2 machine type.

Paolo

Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state

[Paolo Bonzini]

On 02/11/2018 17:54, Daniel P. Berrangé wrote:
> We have usually followed a rule that new machine types must not
> affect runability of a VM on a host. IOW new machine types should
> not introduce dependancies on specific kernels, or hardware features
> such as CPU flags.

> Anything that requires a new kernel feature thus ought to be an
> opt-in config tunable on the CLI, separate from machine type
> choice.

Unless someone tinkered with the module parameters, they could not even
use nested virtualization before 4.20.  So for everyone else, "-cpu
...,+vmx" does count as an "opt-in config tunable on the CLI" that
requires 4.20.

For those that did tinker with module parameters, we can grandfather in
the old machine types, so that they can use nested virtualization with
no live migration support.  For those that did not, however, I don't
think it makes sense to say "oh by the way I really want to be able to
migrate this VM" on the command line, or even worse on the monitor.

Paolo

> Alternatively in this case, it could potentially be a
> migration parameter settable via QMP. QEMU on each side could
> advertize whether the migration parameter is available, and
> the mgmt app (which can see both sides of the migration) can
> then decide whether to enable it.

Re: [Qemu-devel] [PATCH] tests: Disable test-bdrv-drain

[Paolo Bonzini]

On 02/11/2018 14:33, Peter Maydell wrote:
> On 9 October 2018 at 12:16, Paolo Bonzini  wrote:
>> On 08/10/2018 18:40, Kevin Wolf wrote:

 I'm pretty confident this analysis of the problem is correct:
 unfortunately I have no idea what the right way to fix it is...
>>> Yes, I agree with your analysis. If __thread variables can be destructed
>>> before pthread_key_create() destructors are called (and in particular if
>>> the former are implemented in terms of the latter), this implies at
>>> least two rules:
>>>
>>> 1. The Notfier itself can't be a TLS variable
>>>
>>> 2. The notifier callback can't access any TLS variables
>>>
>>> Of course, with these restrictions, qemu_thread_atexit_*() with its
>>> existing API is as useless as it could be.
>>
>> Yup, we have to stop using pthread_key_create.  Luckily, these days
>> there is always qemu_thread_start that wraps the thread, so we can call
>> qemu_thread_atexit_run from there, and change exit_key to a thread-local
>> NotifierList.
> 
> We would also need to catch exits via qemu_thread_exit(), right?
> We probably also need to handle the main thread specially, via
> atexit(). This seems to be pretty much what we already do in
> util/qemu-thread-win32.c...

There's only one caller of qemu_thread_exit and it can be removed easily.

However, an improvement on the idea is to use pthread_cleanup_push/pop
in qemu_thread_start.  This does handle qemu_thread_exit.

Thanks,

Paolo

Re: [Qemu-devel] [PATCH v2 1/1] vdi: Use a literal number of bytes for DEFAULT_CLUSTER_SIZE

[Stefan Weil]

On 04.11.18 19:09, Leonid Bloch wrote:
> If an expression is used to define DEFAULT_CLUSTER_SIZE, when compiled,
> it will be embedded as a literal expression in the binary (as the
> default value) because it is stringified to mark the size of the default
> value. Now this is fixed by using a defined number to define this value.
> 
> Signed-off-by: Leonid Bloch 
> ---
>  block/vdi.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/block/vdi.c b/block/vdi.c
> index 6555cffb88..d996793f1c 100644
> --- a/block/vdi.c
> +++ b/block/vdi.c
> @@ -85,7 +85,7 @@
>  #define BLOCK_OPT_STATIC "static"
>  
>  #define SECTOR_SIZE 512
> -#define DEFAULT_CLUSTER_SIZE (1 * MiB)
> +#define DEFAULT_CLUSTER_SIZE S_1MiB
>  
>  #if defined(CONFIG_VDI_DEBUG)
>  #define VDI_DEBUG 1
> @@ -432,7 +432,7 @@ static int vdi_open(BlockDriverState *bs, QDict *options, 
> int flags,
>  goto fail;
>  } else if (header.block_size != DEFAULT_CLUSTER_SIZE) {
>  error_setg(errp, "unsupported VDI image (block size %" PRIu32
> - " is not %" PRIu64 ")",
> + " is not %" PRIu32 ")",
> header.block_size, DEFAULT_CLUSTER_SIZE);
>  ret = -ENOTSUP;
>  goto fail;
> 

"%u" would have be sufficient for printing the DEFAULT_CLUSTER_SIZE
(maybe this can be changed when merging this commit), but PRIu32 also works.

Reviewed-by: Stefan Weil 

Thank you,
Stefan

[Qemu-devel] [PATCH v2 1/1] vdi: Use a literal number of bytes for DEFAULT_CLUSTER_SIZE

[Leonid Bloch]

If an expression is used to define DEFAULT_CLUSTER_SIZE, when compiled,
it will be embedded as a literal expression in the binary (as the
default value) because it is stringified to mark the size of the default
value. Now this is fixed by using a defined number to define this value.

Signed-off-by: Leonid Bloch 
---
 block/vdi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/vdi.c b/block/vdi.c
index 6555cffb88..d996793f1c 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -85,7 +85,7 @@
 #define BLOCK_OPT_STATIC "static"
 
 #define SECTOR_SIZE 512
-#define DEFAULT_CLUSTER_SIZE (1 * MiB)
+#define DEFAULT_CLUSTER_SIZE S_1MiB
 
 #if defined(CONFIG_VDI_DEBUG)
 #define VDI_DEBUG 1
@@ -432,7 +432,7 @@ static int vdi_open(BlockDriverState *bs, QDict *options, 
int flags,
 goto fail;
 } else if (header.block_size != DEFAULT_CLUSTER_SIZE) {
 error_setg(errp, "unsupported VDI image (block size %" PRIu32
- " is not %" PRIu64 ")",
+ " is not %" PRIu32 ")",
header.block_size, DEFAULT_CLUSTER_SIZE);
 ret = -ENOTSUP;
 goto fail;
-- 
2.17.1

[Qemu-devel] [PATCH v2 0/1] vdi: Use a literal number of bytes for

[Leonid Bloch]

Please see the commit message for the rationale.

Difference from v1:
* Format string is fixed.

Leonid Bloch (1):
  vdi: Use a literal number of bytes for DEFAULT_CLUSTER_SIZE

 block/vdi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.17.1

[Qemu-devel] [PATCH v2 1/1] include: Add a comment to explain the origin of sizes' lookup table

[Leonid Bloch]

The lookup table for power-of-two sizes was added in commit 540b8492618eb
for the purpose of having convenient shortcuts for these sizes in cases
when the literal number has to be present at compile time, and
expressions as '(1 * KiB)' can not be used. One such case is the
stringification of sizes. Beyond that, it is convenient to use these
shortcuts for all power-of-two sizes, even if they don't have to be
literal numbers.

Despite its convenience, this table introduced 55 lines of "dumb" code,
the purpose and origin of which are obscure without reading the message
of the commit which introduced it. This patch fixes that by adding a
comment to the code itself with a brief explanation for the reasoning
behind this table. This comment includes the short AWK script that
generated the table, so that anyone who's interested could make sure
that the values in it are correct (otherwise these values look as if
they were typed manually).

Signed-off-by: Leonid Bloch 
---
 include/qemu/units.h | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/include/qemu/units.h b/include/qemu/units.h
index 68a7758650..1c959d182e 100644
--- a/include/qemu/units.h
+++ b/include/qemu/units.h
@@ -17,6 +17,24 @@
 #define PiB (INT64_C(1) << 50)
 #define EiB (INT64_C(1) << 60)
 
+/*
+ * The following lookup table is intended to be used when a literal string of
+ * the number of bytes is required (for example if it needs to be stringified).
+ * It can also be used for generic shortcuts of power-of-two sizes.
+ * This table is generated using the AWK script below:
+ *
+ *  BEGIN {
+ *  suffix="KMGTPE";
+ *  for(i=10; i<64; i++) {
+ *  val=2**i;
+ *  s=substr(suffix, int(i/10), 1);
+ *  n=2**(i%10);
+ *  pad=21-int(log(n)/log(10));
+ *  printf("#define S_%d%siB %*d\n", n, s, pad, val);
+ *  }
+ *  }
+ */
+
 #define S_1KiB  1024
 #define S_2KiB  2048
 #define S_4KiB  4096
-- 
2.17.1

[Qemu-devel] [PATCH v2 0/1] include: Add a comment to explain the origin of

[Leonid Bloch]

Please see the commit message for the rationale.

Difference from v1:
* Tabs removed from the code indentation of the sample code in the
  comment, in order to pass checkpatch.

Leonid Bloch (1):
  include: Add a comment to explain the origin of sizes' lookup table

 include/qemu/units.h | 18 ++
 1 file changed, 18 insertions(+)

-- 
2.17.1

Re: [Qemu-devel] [PATCH] vdi: Use a literal number of bytes for DEFAULT_CLUSTER_SIZE

[Leonid Bloch]

> This changes the data type, so a fix is needed for a format string in
> line 434.

Yes, I saw, thanks! Will do.

> 
> Regards
> Stefan
> 

Re: [Qemu-devel] [PATCH] vdi: Use a literal number of bytes for DEFAULT_CLUSTER_SIZE

[Stefan Weil]

On 03.11.18 02:48, Leonid Bloch wrote:
> If an expression is used to define DEFAULT_CLUSTER_SIZE, when compiled,
> it will be embedded as a literal expression in the binary (as the
> default value) because it is stringified to mark the size of the default
> value. Now this is fixed by using a defined number to define this value.
> 
> Signed-off-by: Leonid Bloch 
> ---
>  block/vdi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/block/vdi.c b/block/vdi.c
> index 6555cffb88..25320eff47 100644
> --- a/block/vdi.c
> +++ b/block/vdi.c
> @@ -85,7 +85,7 @@
>  #define BLOCK_OPT_STATIC "static"
>  
>  #define SECTOR_SIZE 512
> -#define DEFAULT_CLUSTER_SIZE (1 * MiB)
> +#define DEFAULT_CLUSTER_SIZE S_1MiB

This changes the data type, so a fix is needed for a format string in
line 434.

Regards
Stefan

Re: [Qemu-devel] [PATCH] vdi: Use a literal number of bytes for DEFAULT_CLUSTER_SIZE

[no-reply]

Hi,

This series failed docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20181103014831.29889-1-lbl...@janustech.com
Subject: [Qemu-devel] [PATCH] vdi: Use a literal number of bytes for 
DEFAULT_CLUSTER_SIZE

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-quick@centos7 SHOW_ENV=1 J=8
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
95535d6957 vdi: Use a literal number of bytes for DEFAULT_CLUSTER_SIZE

=== OUTPUT BEGIN ===
  BUILD   centos7
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-jxxkkm8d/src'
  GEN 
/var/tmp/patchew-tester-tmp-jxxkkm8d/src/docker-src.2018-11-04-07.01.39.18726/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-jxxkkm8d/src/docker-src.2018-11-04-07.01.39.18726/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-jxxkkm8d/src/docker-src.2018-11-04-07.01.39.18726/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-jxxkkm8d/src/docker-src.2018-11-04-07.01.39.18726/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-quick in qemu:centos7 
Packages installed:
SDL-devel-1.2.15-14.el7.x86_64
bison-3.0.4-1.el7.x86_64
bzip2-1.0.6-13.el7.x86_64
bzip2-devel-1.0.6-13.el7.x86_64
ccache-3.3.4-1.el7.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el7.x86_64
flex-2.5.37-3.el7.x86_64
gcc-4.8.5-28.el7_5.1.x86_64
gettext-0.19.8.1-2.el7.x86_64
git-1.8.3.1-14.el7_5.x86_64
glib2-devel-2.54.2-2.el7.x86_64
libaio-devel-0.3.109-13.el7.x86_64
libepoxy-devel-1.3.1-2.el7_5.x86_64
libfdt-devel-1.4.6-1.el7.x86_64
lzo-devel-2.06-8.el7.x86_64
make-3.82-23.el7.x86_64
mesa-libEGL-devel-17.2.3-8.20171019.el7.x86_64
mesa-libgbm-devel-17.2.3-8.20171019.el7.x86_64
nettle-devel-2.7.1-8.el7.x86_64
package g++ is not installed
package librdmacm-devel is not installed
pixman-devel-0.34.0-1.el7.x86_64
spice-glib-devel-0.34-3.el7_5.1.x86_64
spice-server-devel-0.14.0-2.el7_5.4.x86_64
tar-1.26-34.el7.x86_64
vte-devel-0.28.2-10.el7.x86_64
xen-devel-4.6.6-12.el7.x86_64
zlib-devel-1.2.7-17.el7.x86_64

Environment variables:
PACKAGES=bison bzip2 bzip2-devel ccache csnappy-devel flex  
   g++ gcc gettext git glib2-devel libaio-devel 
libepoxy-devel libfdt-devel librdmacm-devel lzo-devel make 
mesa-libEGL-devel mesa-libgbm-devel nettle-devel pixman-devel 
SDL-devel spice-glib-devel spice-server-devel tar vte-devel 
xen-devel zlib-devel
HOSTNAME=86d95b856414
MAKEFLAGS= -j8
J=8
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
SHLVL=1
HOME=/home/patchew
TEST_DIR=/tmp/qemu-test
FEATURES= dtc
DEBUG=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/install
BIOS directory/tmp/qemu-test/install/share/qemu
firmware path /tmp/qemu-test/install/share/qemu-firmware
binary directory  /tmp/qemu-test/install/bin
library directory /tmp/qemu-test/install/lib
module directory  /tmp/qemu-test/install/lib/qemu
libexec directory /tmp/qemu-test/install/libexec
include directory /tmp/qemu-test/install/include
config directory  /tmp/qemu-test/install/etc
local state directory   /tmp/qemu-test/install/var
Manual directory  /tmp/qemu-test/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
GIT binarygit
GIT submodules
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-Werror   -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -fPIE -DPIE -m64 -mcx16 
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels 
-Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security 
-Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration 
-Wold-style-definition -Wtype-limits -fstack-protector-strong 
-Wno-missing-braces   -I/usr/include/libpng15 -pthread 
-I/usr/include/spice-server -I/usr/include/cacard 

Re: [Qemu-devel] [PATCH 1/2] target/mips: Fix decoding mechanism of R5900 MFLO1, MFHI1, MTLO1 and MTHI1

[Maciej W. Rozycki]

On Sun, 4 Nov 2018, Fredrik Noring wrote:

> It appears the correct function is tcg_gen_mov_tl because the TX79 manual
> says
> 
>   MFHI:  GPR[rd]63..0 <- HI63..0
>   MFLO:  GPR[rd]63..0 <- LO63..0
>   MTHI:  HI63..0 <- GPR[rs]63..0
>   MTLO:  LO63..0 <- GPR[rs]63..0
>   MFHI1: GPR[rd]63..0 <- HI127..64
>   MFLO1: GPR[rd]63..0 <- LO127..64
>   MTHI1: HI127..64 <- GPR[rs]63..0
>   MTLO1: LO127..64 <- GPR[rs]63..0
> 
> so the GPR is copied to/from in full in all cases. This is slightly
> different to how acc = 1 is handled in gen_HILO.

 However `gen_HILO' looks wrong to me as it'll truncate the values of 
$acc3-$acc1 with the 64-bit DSP ASE.

  Maciej

Re: [Qemu-devel] [PATCH] chardev: fix mess in OPENED/CLOSED events when muxed

[Marc-André Lureau]

Hi
On Thu, Nov 1, 2018 at 6:55 PM Artem Pisarenko
 wrote:
>
> When chardev is multiplexed (mux=on) there are a lot of cases, when
> CHR_EVENT_OPENED/CHR_EVENT_CLOSED events pairing (expected from
> frontend side) is broken. There are either generation of multiple
> repeated or extra CHR_EVENT_OPENED events, or CHR_EVENT_CLOSED just
> isn't generated at all (when it does with mux=off).
> Fix that.
>
> Signed-off-by: Artem Pisarenko 
> ---
>
> Notes:
> This issue actually more complex. Idea of generating events from inside 
> function called '*_set_handlers' isn't good, at least its implicit nature, 
> and especially a fact, that function decides about open state (see 'fe_open' 
> variable), but generates event only in one direction. Combined with 
> 'mux_chr_set_handlers()' hack this makes things even worse.
> Better solution is to change fe interface and rewrite all frontends code 
> (a lot of stuff in hw/char/* and somewhere else).
> Although this patch doesn't fix any issue/bug (known to me), it prevents 
> them in future. Also it optimizes emulation performance by avoiding extra 
> activity.
> I did several trivial tests on x86_64 target and seems like nothing 
> broken.

I am a bit reluctant to take patches that don't actually "fix" things.

Could you add some tests to demonstrate the problems?



>
>  chardev/char-fe.c  |  9 ++---
>  chardev/char-mux.c | 13 -
>  include/chardev/char-mux.h |  2 +-
>  3 files changed, 15 insertions(+), 9 deletions(-)
>
> diff --git a/chardev/char-fe.c b/chardev/char-fe.c
> index a8931f7..31cf7f0 100644
> --- a/chardev/char-fe.c
> +++ b/chardev/char-fe.c
> @@ -257,6 +257,7 @@ void qemu_chr_fe_set_handlers(CharBackend *b,
>  {
>  Chardev *s;
>  int fe_open;
> +static __thread bool mux_reentered;

Not very elegant. Maybe mux_chr_set_handlers() could call a refactored
internal chr_fe_set_handlers() with an extra arg "no_open_event" ?

>
>  s = b->chr;
>  if (!s) {
> @@ -284,14 +285,16 @@ void qemu_chr_fe_set_handlers(CharBackend *b,
>  if (fe_open) {
>  qemu_chr_fe_take_focus(b);
>  /* We're connecting to an already opened device, so let's make sure 
> we
> -   also get the open event */
> -if (s->be_open) {
> +   also get the open event (hack: except when chardev is muxed) */
> +if (s->be_open && !mux_reentered) {
>  qemu_chr_be_event(s, CHR_EVENT_OPENED);
>  }
>  }
>
>  if (CHARDEV_IS_MUX(s)) {
> -mux_chr_set_handlers(s, context);
> +mux_reentered = true;
> +mux_chr_set_handlers(s, fe_open, context);
> +mux_reentered = false;
>  }
>  }
>
> diff --git a/chardev/char-mux.c b/chardev/char-mux.c
> index 6055e76..9244802 100644
> --- a/chardev/char-mux.c
> +++ b/chardev/char-mux.c
> @@ -272,21 +272,24 @@ static void char_mux_finalize(Object *obj)
>  for (i = 0; i < d->mux_cnt; i++) {
>  CharBackend *be = d->backends[i];
>  if (be) {
> +if (be->chr && be->chr->be_open) {
> +qemu_chr_be_event(be->chr, CHR_EVENT_CLOSED);
> +}

It looks like this could be a seperate patch, with a seperate test.

>  be->chr = NULL;
>  }
>  }
>  qemu_chr_fe_deinit(>chr, false);
>  }
>
> -void mux_chr_set_handlers(Chardev *chr, GMainContext *context)
> +void mux_chr_set_handlers(Chardev *chr, bool is_open, GMainContext *context)
>  {
>  MuxChardev *d = MUX_CHARDEV(chr);
>
>  /* Fix up the real driver with mux routines */
>  qemu_chr_fe_set_handlers(>chr,
> - mux_chr_can_read,
> - mux_chr_read,
> - mux_chr_event,
> + is_open ? mux_chr_can_read : NULL,
> + is_open ? mux_chr_read : NULL,
> + is_open ? mux_chr_event : NULL,

same

>   NULL,
>   chr,
>   context, true);
> @@ -367,7 +370,7 @@ static int open_muxes(Chardev *chr)
>   * mark mux as OPENED so any new FEs will immediately receive
>   * OPENED event
>   */
> -qemu_chr_be_event(chr, CHR_EVENT_OPENED);
> +chr->be_open = 1;
>
>  return 0;
>  }
> diff --git a/include/chardev/char-mux.h b/include/chardev/char-mux.h
> index 1e13187..4b4df6e 100644
> --- a/include/chardev/char-mux.h
> +++ b/include/chardev/char-mux.h
> @@ -55,7 +55,7 @@ typedef struct MuxChardev {
>  #define CHARDEV_IS_MUX(chr) \
>  object_dynamic_cast(OBJECT(chr), TYPE_CHARDEV_MUX)
>
> -void mux_chr_set_handlers(Chardev *chr, GMainContext *context);
> +void mux_chr_set_handlers(Chardev *chr, bool is_open, GMainContext *context);
>  void mux_set_focus(Chardev *chr, int focus);
>  void mux_chr_send_all_event(Chardev *chr, int event);
>
> --
> 2.7.4

thanks!

Re: [Qemu-devel] [PATCH v6 00/10] hw/m68k: add Apple Machintosh Quadra 800 machine

[Mark Cave-Ayland]

On 04/11/2018 06:53, no-re...@patchew.org wrote:

> Hi,
> 
> This series seems to have some coding style problems. See output below for
> more information:
> 
> Type: series
> Message-id: 20181102152257.20637-1-mark.cave-ayl...@ilande.co.uk
> Subject: [Qemu-devel] [PATCH v6 00/10] hw/m68k: add Apple Machintosh Quadra 
> 800 machine
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> 
> BASE=base
> n=1
> total=$(git log --oneline $BASE.. | wc -l)
> failed=0
> 
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> git config --local diff.algorithm histogram
> 
> commits="$(git log --format=%H --reverse $BASE..)"
> for c in $commits; do
> echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
> if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; 
> then
> failed=1
> echo
> fi
> n=$((n+1))
> done
> 
> exit $failed
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> Switched to a new branch 'test'
> 9245542a6d hw/m68k: define Macintosh Quadra 800
> 4b2499b92a dp8393x: manage big endian bus
> 9a13b06b9f hw/m68k: add a dummy SWIM floppy controller
> bdf5c3725c hw/m68k: add Nubus support for macfb video card
> 6feff81d33 hw/m68k: add Nubus support
> b24a39f653 esp: add pseudo-DMA as used by Macintosh
> 970394cb59 hw/m68k: add macfb video card
> 30013c1b4b escc: introduce a selector for the register bit
> 3274bd6559 hw/m68k: implement ADB bus support for via
> b78fd7f12a hw/m68k: add via support
> 
> === OUTPUT BEGIN ===
> Checking PATCH 1/10: hw/m68k: add via support...
> WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
> #26: 
> new file mode 100644
> 
> ERROR: space prohibited after that '&&' (ctx:WxW)
> #348: FILE: hw/misc/mac_via.c:318:
> +if (!(v1s->last_b & VIA1B_vRTCClk) && (s->b & VIA1B_vRTCClk)) {
> ^

False positive from checkpatch?

> total: 1 errors, 1 warnings, 778 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 
> Checking PATCH 2/10: hw/m68k: implement ADB bus support for via...
> Checking PATCH 3/10: escc: introduce a selector for the register bit...
> Checking PATCH 4/10: hw/m68k: add macfb video card...
> WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
> #43: 
> new file mode 100644
> 
> total: 0 errors, 1 warnings, 496 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> Checking PATCH 5/10: esp: add pseudo-DMA as used by Macintosh...
> Checking PATCH 6/10: hw/m68k: add Nubus support...
> WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
> #24: 
> new file mode 100644
> 
> total: 0 errors, 1 warnings, 509 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> Checking PATCH 7/10: hw/m68k: add Nubus support for macfb video card...
> Checking PATCH 8/10: hw/m68k: add a dummy SWIM floppy controller...
> WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
> #28: 
> new file mode 100644
> 
> total: 0 errors, 1 warnings, 498 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> Checking PATCH 9/10: dp8393x: manage big endian bus...
> Checking PATCH 10/10: hw/m68k: define Macintosh Quadra 800...
> WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
> #90: 
> new file mode 100644
> 
> total: 0 errors, 1 warnings, 605 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> === OUTPUT END ===
> 
> Test command exited with code: 1


ATB,

Mark.

Re: [Qemu-devel] [PATCH 1/2] target/mips: Fix decoding mechanism of R5900 MFLO1, MFHI1, MTLO1 and MTHI1

[Fredrik Noring]

Thank you for your reviews, Philippe and Richard,

> > +switch (opc) {
> > +case TX79_MMI_MFHI1:
> > +#if defined(TARGET_MIPS64)
> > +tcg_gen_ext32s_tl(cpu_gpr[reg], cpu_HI[1]);
> > +#else
> > +tcg_gen_mov_tl(cpu_gpr[reg], cpu_HI[1]);
> > +#endif
> 
> You do not need this ifdef.  This is already done in tcg/tcg-op.h:
> 
> $ grep tcg_gen_ext32s_tl tcg/tcg-op.h
> #define tcg_gen_ext32s_tl tcg_gen_ext32s_i64
> #define tcg_gen_ext32s_tl tcg_gen_mov_i32

It appears the correct function is tcg_gen_mov_tl because the TX79 manual
says

MFHI:  GPR[rd]63..0 <- HI63..0
MFLO:  GPR[rd]63..0 <- LO63..0
MTHI:  HI63..0 <- GPR[rs]63..0
MTLO:  LO63..0 <- GPR[rs]63..0
MFHI1: GPR[rd]63..0 <- HI127..64
MFLO1: GPR[rd]63..0 <- LO127..64
MTHI1: HI127..64 <- GPR[rs]63..0
MTLO1: LO127..64 <- GPR[rs]63..0

so the GPR is copied to/from in full in all cases. This is slightly
different to how acc = 1 is handled in gen_HILO.

Fredrik

[Qemu-devel] [Bug 1734810] Re: Windows guest virtual PC running abnormally slow

[Jeb E.]

Windows installs are still acting abnormally slow on the latest Gnome Boxes 
flatpaks in Ubuntu 18.10.
I'll try to get my CLI parameters and add it to the bug.

** Changed in: qemu
   Status: Invalid => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1734810

Title:
  Windows guest virtual PC running abnormally slow

Status in Boxes:
  New
Status in KVM:
  New
Status in libvirt:
  New
Status in QEMU:
  Confirmed
Status in spice related packages:
  Confirmed
Status in gnome-boxes package in Ubuntu:
  Confirmed

Bug description:
  Guest systems running Windows 10 in a virtualized environment run
  unacceptably slow, with no option in Boxes to offer the virtual
  machine more (or less) cores from my physical CPU.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.10
  Package: gnome-boxes 3.26.1-1
  ProcVersionSignature: Ubuntu 4.13.0-17.20-lowlatency 4.13.8
  Uname: Linux 4.13.0-17-lowlatency x86_64
  ApportVersion: 2.20.7-0ubuntu3.5
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Nov 28 00:37:11 2017
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: gnome-boxes
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-boxes/+bug/1734810/+subscriptions

Re: [Qemu-devel] [PATCH] include: Add a comment to explain the origin of sizes' lookup table

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20181103015821.30074-1-lbl...@janustech.com
Subject: [Qemu-devel] [PATCH] include: Add a comment to explain the origin of 
sizes' lookup table

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
ed3386770c include: Add a comment to explain the origin of sizes' lookup table

=== OUTPUT BEGIN ===
Checking PATCH 1/1: include: Add a comment to explain the origin of sizes' 
lookup table...
ERROR: code indent should never use tabs
#42: FILE: include/qemu/units.h:27:
+ *  ^Isuffix="KMGTPE";$

ERROR: code indent should never use tabs
#43: FILE: include/qemu/units.h:28:
+ *  ^Ifor(i=10; i<64; i++) {$

ERROR: code indent should never use tabs
#44: FILE: include/qemu/units.h:29:
+ *  ^I^Ival=2**i;$

ERROR: code indent should never use tabs
#45: FILE: include/qemu/units.h:30:
+ *  ^I^Is=substr(suffix, int(i/10), 1);$

ERROR: code indent should never use tabs
#46: FILE: include/qemu/units.h:31:
+ *  ^I^In=2**(i%10);$

ERROR: code indent should never use tabs
#47: FILE: include/qemu/units.h:32:
+ *  ^I^Ipad=21-int(log(n)/log(10));$

ERROR: code indent should never use tabs
#48: FILE: include/qemu/units.h:33:
+ *  ^I^Iprintf("#define S_%d%siB %*d\n", n, s, pad, val);$

ERROR: code indent should never use tabs
#49: FILE: include/qemu/units.h:34:
+ *  ^I}$

total: 8 errors, 0 warnings, 24 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [Qemu-devel] [PATCH v4 00/13] arm: nRF51 Devices and Microbit Support

[no-reply]

Hi,

This series failed docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20181102170730.12432-1-cont...@steffen-goertz.de
Subject: [Qemu-devel] [PATCH v4 00/13] arm: nRF51 Devices and Microbit Support

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-mingw@fedora SHOW_ENV=1 J=8
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
2d9a6b5d5c arm: Add Clock peripheral stub to NRF51 SOC
997bf8b919 arm: Instantiate NRF51 Timers
16d495e367 hw/timer/nrf51_timer: Add nRF51 Timer peripheral
760932a87f tests/microbit-test: Add Tests for nRF51 GPIO
9626ab61dd arm: Instantiate NRF51 general purpose I/O
54f13328db hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral
0f2a4bd2a9 tests: Add bbc:microbit / nRF51 test suite
6ca9e1b79e arm: Instantiate NRF51 special NVM's and NVMC
380d534294 hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories
958902d110 arm: Instantiate NRF51 random number generator
62e9af3bf9 hw/misc/nrf51_rng: Add NRF51 random number generator peripheral
b0557395c5 arm: Add header to host common definition for nRF51 SOC peripherals
85be06b537 qtest: Add set_irq_in command to set IRQ/GPIO level

=== OUTPUT BEGIN ===
  BUILD   fedora
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-h2objz8p/src'
  GEN 
/var/tmp/patchew-tester-tmp-h2objz8p/src/docker-src.2018-11-04-03.18.51.27274/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-h2objz8p/src/docker-src.2018-11-04-03.18.51.27274/qemu.tar.vroot'...
done.
Checking out files:  45% (2958/6455)   
Checking out files:  46% (2970/6455)   
Checking out files:  47% (3034/6455)   
Checking out files:  48% (3099/6455)   
Checking out files:  49% (3163/6455)   
Checking out files:  50% (3228/6455)   
Checking out files:  51% (3293/6455)   
Checking out files:  52% (3357/6455)   
Checking out files:  53% (3422/6455)   
Checking out files:  54% (3486/6455)   
Checking out files:  55% (3551/6455)   
Checking out files:  56% (3615/6455)   
Checking out files:  57% (3680/6455)   
Checking out files:  58% (3744/6455)   
Checking out files:  59% (3809/6455)   
Checking out files:  60% (3873/6455)   
Checking out files:  61% (3938/6455)   
Checking out files:  62% (4003/6455)   
Checking out files:  63% (4067/6455)   
Checking out files:  64% (4132/6455)   
Checking out files:  65% (4196/6455)   
Checking out files:  66% (4261/6455)   
Checking out files:  67% (4325/6455)   
Checking out files:  68% (4390/6455)   
Checking out files:  69% (4454/6455)   
Checking out files:  70% (4519/6455)   
Checking out files:  71% (4584/6455)   
Checking out files:  72% (4648/6455)   
Checking out files:  73% (4713/6455)   
Checking out files:  74% (4777/6455)   
Checking out files:  75% (4842/6455)   
Checking out files:  76% (4906/6455)   
Checking out files:  77% (4971/6455)   
Checking out files:  78% (5035/6455)   
Checking out files:  79% (5100/6455)   
Checking out files:  80% (5164/6455)   
Checking out files:  81% (5229/6455)   
Checking out files:  82% (5294/6455)   
Checking out files:  83% (5358/6455)   
Checking out files:  84% (5423/6455)   
Checking out files:  85% (5487/6455)   
Checking out files:  86% (5552/6455)   
Checking out files:  87% (5616/6455)   
Checking out files:  88% (5681/6455)   
Checking out files:  89% (5745/6455)   
Checking out files:  90% (5810/6455)   
Checking out files:  91% (5875/6455)   
Checking out files:  92% (5939/6455)   
Checking out files:  93% (6004/6455)   
Checking out files:  94% (6068/6455)   
Checking out files:  95% (6133/6455)   
Checking out files:  96% (6197/6455)   
Checking out files:  97% (6262/6455)   
Checking out files:  98% (6326/6455)   
Checking out files:  99% (6391/6455)   
Checking out files: 100% (6455/6455)   
Checking out files: 100% (6455/6455), done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-h2objz8p/src/docker-src.2018-11-04-03.18.51.27274/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-h2objz8p/src/docker-src.2018-11-04-03.18.51.27274/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-mingw in qemu:fedora 
Packages installed:
SDL2-devel-2.0.8-5.fc28.x86_64
bc-1.07.1-5.fc28.x86_64
bison-3.0.4-9.fc28.x86_64
bluez-libs-devel-5.50-1.fc28.x86_64
brlapi-devel-0.6.7-19.fc28.x86_64
bzip2-1.0.6-26.fc28.x86_64
bzip2-devel-1.0.6-26.fc28.x86_64
ccache-3.4.2-2.fc28.x86_64
clang-6.0.1-1.fc28.x86_64
device-mapper-multipath-devel-0.7.4-3.git07e7bd5.fc28.x86_64
findutils-4.6.0-19.fc28.x86_64

[Qemu-devel] [PATCH v3 8/8] docker: use HTTPS git URL for virglrenderer

[Stefan Hajnoczi]

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Cc: Philippe Mathieu-Daudé 
Suggested-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 tests/docker/dockerfiles/debian-amd64.docker | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/docker/dockerfiles/debian-amd64.docker 
b/tests/docker/dockerfiles/debian-amd64.docker
index eb13f06ed1..24b113b76f 100644
--- a/tests/docker/dockerfiles/debian-amd64.docker
+++ b/tests/docker/dockerfiles/debian-amd64.docker
@@ -24,7 +24,7 @@ RUN DEBIAN_FRONTEND=noninteractive eatmydata \
 libegl1-mesa-dev \
 libepoxy-dev \
 libgbm-dev
-RUN git clone git://anongit.freedesktop.org/virglrenderer 
/usr/src/virglrenderer
+RUN git clone https://anongit.freedesktop.org/git/virglrenderer.git 
/usr/src/virglrenderer
 RUN cd /usr/src/virglrenderer && ./autogen.sh && ./configure --with-glx 
--disable-tests && make install
 
 # netmap
-- 
2.17.2

[Qemu-devel] [PATCH v3 7/8] target-alpha: use HTTPS git URL for palcode

[Stefan Hajnoczi]

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Cc: Richard Henderson 
Suggested-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 pc-bios/README | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pc-bios/README b/pc-bios/README
index 8f98c07a74..20f7c33c24 100644
--- a/pc-bios/README
+++ b/pc-bios/README
@@ -36,7 +36,7 @@
1af4:1000 -> pxe-virtio.rom
 
 - The sources for the Alpha palcode image is available from:
-  git://github.com/rth7680/qemu-palcode.git
+  https://github.com/rth7680/qemu-palcode.git
 
 - The u-boot binary for e500 comes from the upstream denx u-boot project where
   it was compiled using the qemu-ppce500 target.
-- 
2.17.2

[Qemu-devel] [PATCH v3 6/8] pc-testdev: use HTTPS git URL

[Stefan Hajnoczi]

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Cc: Paolo Bonzini 
Suggested-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 hw/misc/pc-testdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/misc/pc-testdev.c b/hw/misc/pc-testdev.c
index 697eb88c97..0aee04f231 100644
--- a/hw/misc/pc-testdev.c
+++ b/hw/misc/pc-testdev.c
@@ -32,7 +32,7 @@
  * -kernel /home/lmr/Code/virt-test.git/kvm/unittests/msr.flat
  *
  * Where msr.flat is one of the KVM unittests, present on a separate repo,
- * git://git.kernel.org/pub/scm/virt/kvm/kvm-unit-tests.git
+ * https://git.kernel.org/pub/scm/virt/kvm/kvm-unit-tests.git
 */
 
 #include "qemu/osdep.h"
-- 
2.17.2

[Qemu-devel] [PATCH v3 5/8] git: use HTTPS git URLs for repo.or.cz

[Stefan Hajnoczi]

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Suggested-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 MAINTAINERS| 14 +++---
 pc-bios/README |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 5cca097c49..a0576aa68a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1455,7 +1455,7 @@ F: tests/qemu-iotests/
 F: util/qemu-progress.c
 F: qobject/block-qdict.c
 F: tests/check-block-qdict.c
-T: git git://repo.or.cz/qemu/kevin.git block
+T: git https://repo.or.cz/qemu/kevin.git block
 
 Block I/O path
 M: Stefan Hajnoczi 
@@ -1502,7 +1502,7 @@ F: blockdev.c
 F: block/qapi.c
 F: qapi/block*.json
 F: qapi/transaction.json
-T: git git://repo.or.cz/qemu/armbru.git block-next
+T: git https://repo.or.cz/qemu/armbru.git block-next
 
 Dirty Bitmaps
 M: Fam Zheng 
@@ -1697,14 +1697,14 @@ F: tests/test-visitor-serialization.c
 F: scripts/qapi-gen.py
 F: scripts/qapi/*
 F: docs/devel/qapi*
-T: git git://repo.or.cz/qemu/armbru.git qapi-next
+T: git https://repo.or.cz/qemu/armbru.git qapi-next
 
 QAPI Schema
 M: Eric Blake 
 M: Markus Armbruster 
 S: Supported
 F: qapi/*.json
-T: git git://repo.or.cz/qemu/armbru.git qapi-next
+T: git https://repo.or.cz/qemu/armbru.git qapi-next
 
 QObject
 M: Markus Armbruster 
@@ -1718,7 +1718,7 @@ F: tests/check-qnum.c
 F: tests/check-qjson.c
 F: tests/check-qlist.c
 F: tests/check-qstring.c
-T: git git://repo.or.cz/qemu/armbru.git qapi-next
+T: git https://repo.or.cz/qemu/armbru.git qapi-next
 
 QEMU Guest Agent
 M: Michael Roth 
@@ -1750,7 +1750,7 @@ F: docs/devel/*qmp-*
 F: scripts/qmp/
 F: tests/qmp-test.c
 F: tests/qmp-cmd-test.c
-T: git git://repo.or.cz/qemu/armbru.git qapi-next
+T: git https://repo.or.cz/qemu/armbru.git qapi-next
 
 qtest
 M: Paolo Bonzini 
@@ -2065,7 +2065,7 @@ F: include/block/nbd*
 F: qemu-nbd.*
 F: blockdev-nbd.c
 F: docs/interop/nbd.txt
-T: git git://repo.or.cz/qemu/ericb.git nbd
+T: git https://repo.or.cz/qemu/ericb.git nbd
 
 NFS
 M: Jeff Cody 
diff --git a/pc-bios/README b/pc-bios/README
index b572e9eb00..8f98c07a74 100644
--- a/pc-bios/README
+++ b/pc-bios/README
@@ -5,7 +5,7 @@
   project (http://www.nongnu.org/vgabios/).
 
 - The PowerPC Open Hack'Ware Open Firmware Compatible BIOS is
-  available at http://repo.or.cz/w/openhackware.git.
+  available at https://repo.or.cz/openhackware.git.
 
 - OpenBIOS (http://www.openbios.org/) is a free (GPL v2) portable
   firmware implementation. The goal is to implement a 100% IEEE
-- 
2.17.2

[Qemu-devel] [PATCH v3 2/8] get_maintainer: use 'https://' instead of 'git://'

[Stefan Hajnoczi]

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Reported-by: Jann Horn 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Stefan Hajnoczi 
---
 scripts/get_maintainer.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl
index 43fb5f512f..fc7275b9e2 100755
--- a/scripts/get_maintainer.pl
+++ b/scripts/get_maintainer.pl
@@ -1376,7 +1376,7 @@ sub vcs_exists {
warn("$P: No supported VCS found.  Add --nogit to options?\n");
warn("Using a git repository produces better results.\n");
warn("Try latest git repository using:\n");
-   warn("git clone git://git.qemu.org/qemu.git\n");
+   warn("git clone https//git.qemu.org/git/qemu.git\n");
$printed_novcs = 1;
 }
 return 0;
-- 
2.17.2

[Qemu-devel] [PATCH v3 1/8] README: use 'https://' instead of 'git://'

[Stefan Hajnoczi]

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Reported-by: Jann Horn 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Stefan Hajnoczi 
---
 README | 4 ++--
 pc-bios/README | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README b/README
index 49a9fd09cd..441c33eb2f 100644
--- a/README
+++ b/README
@@ -54,7 +54,7 @@ Submitting patches
 
 The QEMU source code is maintained under the GIT version control system.
 
-   git clone git://git.qemu.org/qemu.git
+   git clone https://git.qemu.org/git/qemu.git
 
 When submitting patches, one common approach is to use 'git
 format-patch' and/or 'git send-email' to format & send the mail to the
@@ -70,7 +70,7 @@ the QEMU website
 
 The QEMU website is also maintained under source control.
 
-  git clone git://git.qemu.org/qemu-web.git
+  git clone https://git.qemu.org/git/qemu-web.git
   https://www.qemu.org/2017/02/04/the-new-qemu-website-is-up/
 
 A 'git-publish' utility was created to make above process less
diff --git a/pc-bios/README b/pc-bios/README
index 90f0fa7aa7..b572e9eb00 100644
--- a/pc-bios/README
+++ b/pc-bios/README
@@ -23,7 +23,7 @@
   legacy x86 software to communicate with an attached serial console as
   if a video card were attached.  The master sources reside in a subversion
   repository at http://sgabios.googlecode.com/svn/trunk.  A git mirror is
-  available at git://git.qemu.org/sgabios.git.
+  available at https://git.qemu.org/git/sgabios.git.
 
 - The PXE roms come from the iPXE project. Built with BANNER_TIME 0.
   Sources available at http://ipxe.org.  Vendor:Device ID -> ROM mapping:
@@ -40,7 +40,7 @@
 
 - The u-boot binary for e500 comes from the upstream denx u-boot project where
   it was compiled using the qemu-ppce500 target.
-  A git mirror is available at: git://git.qemu.org/u-boot.git
+  A git mirror is available at: https://git.qemu.org/git/u-boot.git
   The hash used to compile the current version is: 2072e72
 
 - Skiboot (https://github.com/open-power/skiboot/) is an OPAL
-- 
2.17.2

[Qemu-devel] [PATCH v3 0/8] Use 'https://' instead of 'git://'

[Stefan Hajnoczi]

v3:
 * Fix broken openhackware URL [Eric]
 * Convert a few remaining URLs [Eric]
v2:
 * Use HTTPS for repo.or.cz [Eric]

Jeff Cody has enabled git smart HTTP support on qemu.org.  From now on HTTPS is
the preferred protocol because it adds some protection against
man-in-the-middle when cloning a repo.

This patch series updates git:// URLs and changes them to https://.  The 
https:// URL format is:

  https://git.qemu.org/git/.git

The old git:// URL format was:

  git://git.qemu.org/.git

I have also updated git://github.com/ and repo.or.cz URLs because they offer 
HTTPS.

I have tested that submodules continue to work after the change to .gitmodules.

Stefan Hajnoczi (8):
  README: use 'https://' instead of 'git://'
  get_maintainer: use 'https://' instead of 'git://'
  MAINTAINERS: use 'https://' instead of 'git://' for GitHub
  gitmodules: use 'https://' instead of 'git://'
  git: use HTTPS git URLs for repo.or.cz
  pc-testdev: use HTTPS git URL
  target-alpha: use HTTPS git URL for palcode
  docker: use HTTPS git URL for virglrenderer

 MAINTAINERS  | 88 ++--
 hw/misc/pc-testdev.c |  2 +-
 .gitmodules  | 34 
 README   |  4 +-
 pc-bios/README   |  8 +-
 scripts/get_maintainer.pl|  2 +-
 tests/docker/dockerfiles/debian-amd64.docker |  2 +-
 7 files changed, 70 insertions(+), 70 deletions(-)

-- 
2.17.2

[Qemu-devel] [PATCH v3 3/8] MAINTAINERS: use 'https://' instead of 'git://' for GitHub

[Stefan Hajnoczi]

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Reported-by: Jann Horn 
Reviewed-by: Daniel P. Berrangé 
Acked-by: Cornelia Huck 
Signed-off-by: Stefan Hajnoczi 
---
 MAINTAINERS | 74 ++---
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index f2360efe3e..5cca097c49 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -74,7 +74,7 @@ S: Maintained
 L: qemu-triv...@nongnu.org
 K: ^Subject:.*(?i)trivial
 T: git git://git.corpit.ru/qemu.git trivial-patches
-T: git git://github.com/vivier/qemu.git trivial-patches
+T: git https://github.com/vivier/qemu.git trivial-patches
 
 Architecture support
 
@@ -98,7 +98,7 @@ F: pc-bios/s390-ccw.img
 F: target/s390x/
 F: docs/vfio-ap.txt
 K: ^Subject:.*(?i)s390x?
-T: git git://github.com/cohuck/qemu.git s390-next
+T: git https://github.com/cohuck/qemu.git s390-next
 L: qemu-s3...@nongnu.org
 
 Guest CPU cores (TCG):
@@ -295,7 +295,7 @@ F: tests/tcg/x86_64/
 F: hw/i386/
 F: disas/i386.c
 F: docs/qemu-cpu-models.texi
-T: git git://github.com/ehabkost/qemu.git x86-next
+T: git https://github.com/ehabkost/qemu.git x86-next
 
 Xtensa
 M: Max Filippov 
@@ -359,8 +359,8 @@ F: hw/intc/s390_flic.c
 F: hw/intc/s390_flic_kvm.c
 F: include/hw/s390x/s390_flic.h
 F: gdb-xml/s390*.xml
-T: git git://github.com/cohuck/qemu.git s390-next
-T: git git://github.com/borntraeger/qemu.git s390-next
+T: git https://github.com/cohuck/qemu.git s390-next
+T: git https://github.com/borntraeger/qemu.git s390-next
 L: qemu-s3...@nongnu.org
 
 X86
@@ -942,8 +942,8 @@ F: include/hw/s390x/
 F: hw/watchdog/wdt_diag288.c
 F: include/hw/watchdog/wdt_diag288.h
 F: default-configs/s390x-softmmu.mak
-T: git git://github.com/cohuck/qemu.git s390-next
-T: git git://github.com/borntraeger/qemu.git s390-next
+T: git https://github.com/cohuck/qemu.git s390-next
+T: git https://github.com/borntraeger/qemu.git s390-next
 L: qemu-s3...@nongnu.org
 
 S390-ccw Bios
@@ -952,7 +952,7 @@ M: Thomas Huth 
 S: Supported
 F: pc-bios/s390-ccw/
 F: pc-bios/s390-ccw.img
-T: git git://github.com/borntraeger/qemu.git s390-next
+T: git https://github.com/borntraeger/qemu.git s390-next
 L: qemu-s3...@nongnu.org
 
 UniCore32 Machines
@@ -1022,7 +1022,7 @@ S: Supported
 F: hw/core/machine.c
 F: hw/core/null-machine.c
 F: include/hw/boards.h
-T: git git://github.com/ehabkost/qemu.git machine-next
+T: git https://github.com/ehabkost/qemu.git machine-next
 
 Xtensa Machines
 ---
@@ -1058,7 +1058,7 @@ F: tests/ide-test.c
 F: tests/ahci-test.c
 F: tests/cdrom-test.c
 F: tests/libqos/ahci*
-T: git git://github.com/jnsnow/qemu.git ide
+T: git https://github.com/jnsnow/qemu.git ide
 
 IPMI
 M: Corey Minyard 
@@ -1067,7 +1067,7 @@ F: include/hw/ipmi/*
 F: hw/ipmi/*
 F: hw/smbios/smbios_type_38.c
 F: tests/ipmi*
-T: git git://github.com/cminyard/qemu.git master-ipmi-rebase
+T: git https://github.com/cminyard/qemu.git master-ipmi-rebase
 
 Floppy
 M: John Snow 
@@ -1076,7 +1076,7 @@ S: Supported
 F: hw/block/fdc.c
 F: include/hw/block/fdc.h
 F: tests/fdc-test.c
-T: git git://github.com/jnsnow/qemu.git ide
+T: git https://github.com/jnsnow/qemu.git ide
 
 OMAP
 M: Peter Maydell 
@@ -1144,7 +1144,7 @@ S: Odd Fixes
 F: hw/net/
 F: include/hw/net/
 F: tests/virtio-net-test.c
-T: git git://github.com/jasowang/qemu.git net
+T: git https://github.com/jasowang/qemu.git net
 
 SCSI
 M: Paolo Bonzini 
@@ -1153,7 +1153,7 @@ S: Supported
 F: include/hw/scsi/*
 F: hw/scsi/*
 F: tests/virtio-scsi-test.c
-T: git git://github.com/bonzini/qemu.git scsi-next
+T: git https://github.com/bonzini/qemu.git scsi-next
 
 SSI
 M: Peter Crosthwaite 
@@ -1208,7 +1208,7 @@ S: Supported
 F: hw/vfio/ccw.c
 F: hw/s390x/s390-ccw.c
 F: include/hw/s390x/s390-ccw.h
-T: git git://github.com/cohuck/qemu.git s390-next
+T: git https://github.com/cohuck/qemu.git s390-next
 L: qemu-s3...@nongnu.org
 
 vfio-ap
@@ -1247,7 +1247,7 @@ S: Supported
 F: hw/9pfs/
 F: fsdev/
 F: tests/virtio-9p-test.c
-T: git git://github.com/gkurz/qemu.git 9p-next
+T: git https://github.com/gkurz/qemu.git 9p-next
 
 virtio-blk
 M: Stefan Hajnoczi 
@@ -1256,7 +1256,7 @@ S: Supported
 F: hw/block/virtio-blk.c
 F: hw/block/dataplane/*
 F: tests/virtio-blk-test.c
-T: git git://github.com/stefanha/qemu.git block
+T: git https://github.com/stefanha/qemu.git block
 
 virtio-ccw
 M: Cornelia Huck 
@@ -1264,8 +1264,8 @@ M: Christian Borntraeger 
 S: Supported
 F: hw/s390x/virtio-ccw*.[hc]
 F: hw/s390x/vhost-vsock-ccw.c
-T: git git://github.com/cohuck/qemu.git s390-next
-T: git git://github.com/borntraeger/qemu.git s390-next
+T: git https://github.com/cohuck/qemu.git s390-next
+T: git https://github.com/borntraeger/qemu.git s390-next
 L: qemu-s3...@nongnu.org
 
 virtio-input
@@ -1469,7 +1469,7 @@ F: migration/block*
 F: include/block/aio.h
 F: 

[Qemu-devel] [PATCH v3 4/8] gitmodules: use 'https://' instead of 'git://'

[Stefan Hajnoczi]

When you clone the repository without previous commit history, 'git://'
doesn't protect from man-in-the-middle attacks.  HTTPS is more secure
since the client verifies the server certificate.

Also change git.qemu-project.org to git.qemu.org (we control both domain
names but qemu.org is used more widely).

Reported-by: Jann Horn 
Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Stefan Hajnoczi 
---
 .gitmodules | 34 +-
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/.gitmodules b/.gitmodules
index a48d2a764c..6b91176098 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,51 +1,51 @@
 [submodule "roms/seabios"]
path = roms/seabios
-   url = git://git.qemu-project.org/seabios.git/
+   url = https://git.qemu.org/git/seabios.git/
 [submodule "roms/SLOF"]
path = roms/SLOF
-   url = git://git.qemu-project.org/SLOF.git
+   url = https://git.qemu.org/git/SLOF.git
 [submodule "roms/ipxe"]
path = roms/ipxe
-   url = git://git.qemu-project.org/ipxe.git
+   url = https://git.qemu.org/git/ipxe.git
 [submodule "roms/openbios"]
path = roms/openbios
-   url = git://git.qemu-project.org/openbios.git
+   url = https://git.qemu.org/git/openbios.git
 [submodule "roms/openhackware"]
path = roms/openhackware
-   url = git://git.qemu-project.org/openhackware.git
+   url = https://git.qemu.org/git/openhackware.git
 [submodule "roms/qemu-palcode"]
path = roms/qemu-palcode
-   url = git://git.qemu.org/qemu-palcode.git
+   url = https://git.qemu.org/git/qemu-palcode.git
 [submodule "roms/sgabios"]
path = roms/sgabios
-   url = git://git.qemu-project.org/sgabios.git
+   url = https://git.qemu.org/git/sgabios.git
 [submodule "dtc"]
path = dtc
-   url = git://git.qemu-project.org/dtc.git
+   url = https://git.qemu.org/git/dtc.git
 [submodule "roms/u-boot"]
path = roms/u-boot
-   url = git://git.qemu-project.org/u-boot.git
+   url = https://git.qemu.org/git/u-boot.git
 [submodule "roms/skiboot"]
path = roms/skiboot
-   url = git://git.qemu.org/skiboot.git
+   url = https://git.qemu.org/git/skiboot.git
 [submodule "roms/QemuMacDrivers"]
path = roms/QemuMacDrivers
-   url = git://git.qemu.org/QemuMacDrivers.git
+   url = https://git.qemu.org/git/QemuMacDrivers.git
 [submodule "ui/keycodemapdb"]
path = ui/keycodemapdb
-   url = git://git.qemu.org/keycodemapdb.git
+   url = https://git.qemu.org/git/keycodemapdb.git
 [submodule "capstone"]
path = capstone
-   url = git://git.qemu.org/capstone.git
+   url = https://git.qemu.org/git/capstone.git
 [submodule "roms/seabios-hppa"]
path = roms/seabios-hppa
-   url = git://github.com/hdeller/seabios-hppa.git
+   url = https://github.com/hdeller/seabios-hppa.git
 [submodule "roms/u-boot-sam460ex"]
path = roms/u-boot-sam460ex
-   url = git://git.qemu.org/u-boot-sam460ex.git
+   url = https://git.qemu.org/git/u-boot-sam460ex.git
 [submodule "tests/fp/berkeley-testfloat-3"]
path = tests/fp/berkeley-testfloat-3
-   url = git://github.com/cota/berkeley-testfloat-3
+   url = https://github.com/cota/berkeley-testfloat-3
 [submodule "tests/fp/berkeley-softfloat-3"]
path = tests/fp/berkeley-softfloat-3
-   url = git://github.com/cota/berkeley-softfloat-3
+   url = https://github.com/cota/berkeley-softfloat-3
-- 
2.17.2

Re: [Qemu-devel] [PATCH v2 0/5] target/arm: KVM vs ARMISARegisters

[Marc Zyngier]

Hi Richard,

On Sun, 04 Nov 2018 09:50:29 +,
Richard Henderson  wrote:
> 
> On 11/3/18 12:32 PM, Marc Zyngier wrote:
> > We actively hide the LORegion feature from the guest since
> > cc33c4e20185a391766ed5e78e2acc97e17ba511 (in the 4.17 time frame), so
> > you shouldn't be able to obtain these on a recent host.
> 
> I don't think that patch is ideal.
> 
> In particular, LOR is a mandatory requirement of ARMv8.1.
> The OS can rightly presume it is present in context.
> 
> Better, I think, is to trap the LOR registers, as you are doing,
> and have them act as RAZ/WI.  This indicates, via LORID_EL1, that
> there are zero supported LO regions, which is a valid ARMv8.1
> configuration.

I agree this looks like a much better solution. I seem to remember
Mark (now cc'd) battling some half baked implementation that didn't
expose the LOR feature, and yet allowed the various LOR registers to
be freely used, with unknown consequences.

Since we unfortunately need to handle that sorry excuse for a CPU (and
assuming I remember the case correctly), I'd suggest the following
(untested) change:

- We leave the LOR feature visible
- We handle the LOR registers as RAZ/WI
- We still delivering an UNDEF when we're in the aforementioned case.

It would also solve the pathological cases that would result from
mixing 8.0 and 8.1+ CPUs in the same system (yeah, we all foolishly
thought it would never happen...).

Thoughts?

M.

diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index 22fbbdbece3c..d50f912d3f4a 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -314,10 +314,15 @@ static bool trap_raz_wi(struct kvm_vcpu *vcpu,
return read_zero(vcpu, p);
 }
 
-static bool trap_undef(struct kvm_vcpu *vcpu,
-  struct sys_reg_params *p,
-  const struct sys_reg_desc *r)
+static bool trap_loregion(struct kvm_vcpu *vcpu,
+ struct sys_reg_params *p,
+ const struct sys_reg_desc *r)
 {
+   u64 val = read_sanitised_ftr_reg(SYS_ID_AA64MMFR1_EL1);
+
+   if (val & (0xfUL << ID_AA64MMFR1_LOR_SHIFT))
+   return trap_raz_wi(vcpu, p, r);
+
kvm_inject_undefined(vcpu);
return false;
 }
@@ -1040,11 +1045,6 @@ static u64 read_id_reg(struct sys_reg_desc const *r, 
bool raz)
kvm_debug("SVE unsupported for guests, suppressing\n");
 
val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
-   } else if (id == SYS_ID_AA64MMFR1_EL1) {
-   if (val & (0xfUL << ID_AA64MMFR1_LOR_SHIFT))
-   kvm_debug("LORegions unsupported for guests, 
suppressing\n");
-
-   val &= ~(0xfUL << ID_AA64MMFR1_LOR_SHIFT);
}
 
return val;
@@ -1330,11 +1330,11 @@ static const struct sys_reg_desc sys_reg_descs[] = {
{ SYS_DESC(SYS_MAIR_EL1), access_vm_reg, reset_unknown, MAIR_EL1 },
{ SYS_DESC(SYS_AMAIR_EL1), access_vm_reg, reset_amair_el1, AMAIR_EL1 },
 
-   { SYS_DESC(SYS_LORSA_EL1), trap_undef },
-   { SYS_DESC(SYS_LOREA_EL1), trap_undef },
-   { SYS_DESC(SYS_LORN_EL1), trap_undef },
-   { SYS_DESC(SYS_LORC_EL1), trap_undef },
-   { SYS_DESC(SYS_LORID_EL1), trap_undef },
+   { SYS_DESC(SYS_LORSA_EL1), trap_loregion },
+   { SYS_DESC(SYS_LOREA_EL1), trap_loregion },
+   { SYS_DESC(SYS_LORN_EL1), trap_loregion },
+   { SYS_DESC(SYS_LORC_EL1), trap_loregion },
+   { SYS_DESC(SYS_LORID_EL1), trap_loregion },
 
{ SYS_DESC(SYS_VBAR_EL1), NULL, reset_val, VBAR_EL1, 0 },
{ SYS_DESC(SYS_DISR_EL1), NULL, reset_val, DISR_EL1, 0 },


-- 
Jazz is not dead, it just smell funny.

Re: [Qemu-devel] [PATCH] softfloat: don't execute ppc64 ISA 3.0B instruction if it is not supported

[Laurent Vivier]

On 03/11/2018 13:57, David Gibson wrote:
> On Thu, Nov 01, 2018 at 06:54:59PM +0100, Laurent Vivier wrote:
>> On 01/11/2018 18:49, Peter Maydell wrote:
>>> On 1 November 2018 at 17:38, Laurent Vivier  wrote:
 commit 27ae5109a2 has introduced an assembly instruction only supported
 by ISA 3.0B and it fails to execute on previous versions of the POWER
 CPU (like PowerPC G5).

 This patch fixes that by checking the ISA level, and falls back to
 the default C function if the instruction is not supported.

 Fixes: 27ae5109a2ba8b6b679cce3e03e16570a34390a0
(softfloat: Specialize udiv_qrnnd for ppc64)
 Signed-off-by: Laurent Vivier 
 ---
  include/fpu/softfloat-macros.h | 39 --
  1 file changed, 23 insertions(+), 16 deletions(-)

 diff --git a/include/fpu/softfloat-macros.h 
 b/include/fpu/softfloat-macros.h
 index c86687fa5e..fe98b33df9 100644
 --- a/include/fpu/softfloat-macros.h
 +++ b/include/fpu/softfloat-macros.h
 @@ -78,6 +78,9 @@ this code that are retained.
  /* Portions of this work are licensed under the terms of the GNU GPL,
   * version 2 or later. See the COPYING file in the top-level directory.
   */
 +#if defined(_ARCH_PPC64)
 +extern bool have_isa_3_00;
 +#endif
>>>
>>> I was wondering where this bool came from. The answer is
>>> that it's defined in tcg/ppc/tcg-target.inc.c. It's ok to
>>> use it here because fpu/softfloat.c is only compiled if
>>> CONFIG_TCG is true, so the tcg code will be present. The
>>> other user of this include file is target/m68k/softfloat.c,
>>> which also will only be compiled for a ppc host if CONFIG_TCG.
>>>
>>> It's a little awkward to be borrowing this tcg/ppc internal
>>> flag into the softfloat code, though.
>>
>> I agree, I was hopping Richard can advice another way to do that.
> 
> We already have ISA version flags in insns_flags & insns_flags2, so
> I'm hoping we can use those rather than introduce a new bool.
> 

Richard has sent another patch using "defined(_ARCH_PWR7)"

Thanks,
Laurent



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PULL 0/1] softfloat: Don't execute divdeu without power7

[Richard Henderson]

The following changes since commit 7d56239f159afc2e7bd42623947e56ba48f37836:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20181102' 
into staging (2018-11-02 17:17:12 +)

are available in the Git repository at:

  https://github.com/rth7680/qemu.git tags/pull-softfloat-20181104

for you to fetch changes up to 7370981bd1ef58b3c20ba8b83cc342d1c61bc773:

  softfloat: Don't execute divdeu without power7 (2018-11-04 10:04:40 +)


Only use divdeu insn with Power7 and later.


Richard Henderson (1):
  softfloat: Don't execute divdeu without power7

 include/fpu/softfloat-macros.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Re: [Qemu-devel] [PATCH 1/2] target/mips: Fix decoding mechanism of R5900 MFLO1, MFHI1, MTLO1 and MTHI1

[Richard Henderson]

On 11/2/18 4:08 PM, Fredrik Noring wrote:
> +switch (opc) {
> +case TX79_MMI_MFHI1:
> +#if defined(TARGET_MIPS64)
> +tcg_gen_ext32s_tl(cpu_gpr[reg], cpu_HI[1]);
> +#else
> +tcg_gen_mov_tl(cpu_gpr[reg], cpu_HI[1]);
> +#endif

You do not need this ifdef.  This is already done in tcg/tcg-op.h:

$ grep tcg_gen_ext32s_tl tcg/tcg-op.h
#define tcg_gen_ext32s_tl tcg_gen_ext32s_i64
#define tcg_gen_ext32s_tl tcg_gen_mov_i32


r~

[Qemu-devel] [PULL 1/1] softfloat: Don't execute divdeu without power7

[Richard Henderson]

The divdeu instruction was added to ISA 2.06 (Power7).
Exclude this block from older cpus.

Fixes: 27ae5109a2ba (softfloat: Specialize udiv_qrnnd for ppc64)
Reported-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 include/fpu/softfloat-macros.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/fpu/softfloat-macros.h b/include/fpu/softfloat-macros.h
index c86687fa5e..b1d772e6d4 100644
--- a/include/fpu/softfloat-macros.h
+++ b/include/fpu/softfloat-macros.h
@@ -647,8 +647,8 @@ static inline uint64_t udiv_qrnnd(uint64_t *r, uint64_t n1,
 asm("dlgr %0, %1" : "+r"(n) : "r"(d));
 *r = n >> 64;
 return n;
-#elif defined(_ARCH_PPC64)
-/* From Power ISA 3.0B, programming note for divdeu.  */
+#elif defined(_ARCH_PPC64) && defined(_ARCH_PWR7)
+/* From Power ISA 2.06, programming note for divdeu.  */
 uint64_t q1, q2, Q, r1, r2, R;
 asm("divdeu %0,%2,%4; divdu %1,%3,%4"
 : "="(q1), "=r"(q2)
-- 
2.17.2

Re: [Qemu-devel] [PATCH v2 0/5] target/arm: KVM vs ARMISARegisters

[Richard Henderson]

On 11/3/18 12:32 PM, Marc Zyngier wrote:
> We actively hide the LORegion feature from the guest since
> cc33c4e20185a391766ed5e78e2acc97e17ba511 (in the 4.17 time frame), so
> you shouldn't be able to obtain these on a recent host.

I don't think that patch is ideal.

In particular, LOR is a mandatory requirement of ARMv8.1.
The OS can rightly presume it is present in context.

Better, I think, is to trap the LOR registers, as you are doing,
and have them act as RAZ/WI.  This indicates, via LORID_EL1, that
there are zero supported LO regions, which is a valid ARMv8.1
configuration.


r~

Re: [Qemu-devel] [PATCH v6 00/10] hw/m68k: add Apple Machintosh Quadra 800 machine

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20181102152257.20637-1-mark.cave-ayl...@ilande.co.uk
Subject: [Qemu-devel] [PATCH v6 00/10] hw/m68k: add Apple Machintosh Quadra 800 
machine

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
9245542a6d hw/m68k: define Macintosh Quadra 800
4b2499b92a dp8393x: manage big endian bus
9a13b06b9f hw/m68k: add a dummy SWIM floppy controller
bdf5c3725c hw/m68k: add Nubus support for macfb video card
6feff81d33 hw/m68k: add Nubus support
b24a39f653 esp: add pseudo-DMA as used by Macintosh
970394cb59 hw/m68k: add macfb video card
30013c1b4b escc: introduce a selector for the register bit
3274bd6559 hw/m68k: implement ADB bus support for via
b78fd7f12a hw/m68k: add via support

=== OUTPUT BEGIN ===
Checking PATCH 1/10: hw/m68k: add via support...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#26: 
new file mode 100644

ERROR: space prohibited after that '&&' (ctx:WxW)
#348: FILE: hw/misc/mac_via.c:318:
+if (!(v1s->last_b & VIA1B_vRTCClk) && (s->b & VIA1B_vRTCClk)) {
^

total: 1 errors, 1 warnings, 778 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 2/10: hw/m68k: implement ADB bus support for via...
Checking PATCH 3/10: escc: introduce a selector for the register bit...
Checking PATCH 4/10: hw/m68k: add macfb video card...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#43: 
new file mode 100644

total: 0 errors, 1 warnings, 496 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 5/10: esp: add pseudo-DMA as used by Macintosh...
Checking PATCH 6/10: hw/m68k: add Nubus support...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#24: 
new file mode 100644

total: 0 errors, 1 warnings, 509 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 7/10: hw/m68k: add Nubus support for macfb video card...
Checking PATCH 8/10: hw/m68k: add a dummy SWIM floppy controller...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#28: 
new file mode 100644

total: 0 errors, 1 warnings, 498 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 9/10: dp8393x: manage big endian bus...
Checking PATCH 10/10: hw/m68k: define Macintosh Quadra 800...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#90: 
new file mode 100644

total: 0 errors, 1 warnings, 605 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [Qemu-devel] [PATCH v4 00/13] arm: nRF51 Devices and Microbit Support

[no-reply]

Hi,

This series failed docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20181102170730.12432-1-cont...@steffen-goertz.de
Subject: [Qemu-devel] [PATCH v4 00/13] arm: nRF51 Devices and Microbit Support

=== TEST SCRIPT BEGIN ===
#!/bin/bash
time make docker-test-quick@centos7 SHOW_ENV=1 J=8
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
2d9a6b5d5c arm: Add Clock peripheral stub to NRF51 SOC
997bf8b919 arm: Instantiate NRF51 Timers
16d495e367 hw/timer/nrf51_timer: Add nRF51 Timer peripheral
760932a87f tests/microbit-test: Add Tests for nRF51 GPIO
9626ab61dd arm: Instantiate NRF51 general purpose I/O
54f13328db hw/gpio/nrf51_gpio: Add nRF51 GPIO peripheral
0f2a4bd2a9 tests: Add bbc:microbit / nRF51 test suite
6ca9e1b79e arm: Instantiate NRF51 special NVM's and NVMC
380d534294 hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories
958902d110 arm: Instantiate NRF51 random number generator
62e9af3bf9 hw/misc/nrf51_rng: Add NRF51 random number generator peripheral
b0557395c5 arm: Add header to host common definition for nRF51 SOC peripherals
85be06b537 qtest: Add set_irq_in command to set IRQ/GPIO level

=== OUTPUT BEGIN ===
  BUILD   centos7
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-cvjczh2m/src'
  GEN 
/var/tmp/patchew-tester-tmp-cvjczh2m/src/docker-src.2018-11-04-03.19.46.27931/qemu.tar
Cloning into 
'/var/tmp/patchew-tester-tmp-cvjczh2m/src/docker-src.2018-11-04-03.19.46.27931/qemu.tar.vroot'...
done.
Your branch is up-to-date with 'origin/test'.
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 
'/var/tmp/patchew-tester-tmp-cvjczh2m/src/docker-src.2018-11-04-03.19.46.27931/qemu.tar.vroot/dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Submodule 'ui/keycodemapdb' (git://git.qemu.org/keycodemapdb.git) registered 
for path 'ui/keycodemapdb'
Cloning into 
'/var/tmp/patchew-tester-tmp-cvjczh2m/src/docker-src.2018-11-04-03.19.46.27931/qemu.tar.vroot/ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
  COPYRUNNER
RUN test-quick in qemu:centos7 
Packages installed:
SDL-devel-1.2.15-14.el7.x86_64
bison-3.0.4-1.el7.x86_64
bzip2-1.0.6-13.el7.x86_64
bzip2-devel-1.0.6-13.el7.x86_64
ccache-3.3.4-1.el7.x86_64
csnappy-devel-0-6.20150729gitd7bc683.el7.x86_64
flex-2.5.37-3.el7.x86_64
gcc-4.8.5-28.el7_5.1.x86_64
gettext-0.19.8.1-2.el7.x86_64
git-1.8.3.1-14.el7_5.x86_64
glib2-devel-2.54.2-2.el7.x86_64
libaio-devel-0.3.109-13.el7.x86_64
libepoxy-devel-1.3.1-2.el7_5.x86_64
libfdt-devel-1.4.6-1.el7.x86_64
lzo-devel-2.06-8.el7.x86_64
make-3.82-23.el7.x86_64
mesa-libEGL-devel-17.2.3-8.20171019.el7.x86_64
mesa-libgbm-devel-17.2.3-8.20171019.el7.x86_64
nettle-devel-2.7.1-8.el7.x86_64
package g++ is not installed
package librdmacm-devel is not installed
pixman-devel-0.34.0-1.el7.x86_64
spice-glib-devel-0.34-3.el7_5.1.x86_64
spice-server-devel-0.14.0-2.el7_5.4.x86_64
tar-1.26-34.el7.x86_64
vte-devel-0.28.2-10.el7.x86_64
xen-devel-4.6.6-12.el7.x86_64
zlib-devel-1.2.7-17.el7.x86_64

Environment variables:
PACKAGES=bison bzip2 bzip2-devel ccache csnappy-devel flex  
   g++ gcc gettext git glib2-devel libaio-devel 
libepoxy-devel libfdt-devel librdmacm-devel lzo-devel make 
mesa-libEGL-devel mesa-libgbm-devel nettle-devel pixman-devel 
SDL-devel spice-glib-devel spice-server-devel tar vte-devel 
xen-devel zlib-devel
HOSTNAME=5a31b2b871ad
MAKEFLAGS= -j8
J=8
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
TARGET_LIST=
SHLVL=1
HOME=/home/patchew
TEST_DIR=/tmp/qemu-test
FEATURES= dtc
DEBUG=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/tmp/qemu-test/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/install
BIOS directory/tmp/qemu-test/install/share/qemu
firmware path /tmp/qemu-test/install/share/qemu-firmware
binary directory  /tmp/qemu-test/install/bin
library directory /tmp/qemu-test/install/lib
module directory  /tmp/qemu-test/install/lib/qemu
libexec directory /tmp/qemu-test/install/libexec
include directory /tmp/qemu-test/install/include
config directory  /tmp/qemu-test/install/etc
local state directory   /tmp/qemu-test/install/var
Manual directory  /tmp/qemu-test/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
GIT binarygit
GIT submodules
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE