Re: [Qemu-devel] macOS build error after ddac19f534 (virtio: split virtio 9p bits from virtio-pci)

[Philippe Mathieu-Daudé]

Hi Zoltan,

On 1/29/19 2:20 AM, BALATON Zoltan wrote:
> Hello,
> 
> I'm getting error building on macOS after commit ddac19f534:
> 
>   CC  aarch64-softmmu/hw/virtio/virtio-blk-pci.o
> In file included from qemu/hw/virtio/virtio-9p-pci.c:19:
> In file included from qemu/hw/9pfs/virtio-9p.h:6:
> In file included from qemu/hw/9pfs/9p.h:7:
> qemu/fsdev/file-op-9p.h:19:10: fatal error: 'sys/vfs.h' file not found
> #include 
>  ^~~
> 
> Am I missing something? (Apart from the include file which is not
> present on OS X... Maybe this needs the #ifdefs it had before the split?)

It seems commits are not correctly ordered for bisectability :(

If you cherry-pick ecd3b89b054, does it build?

Re: [Qemu-devel] [PATCH 08/13] spapr/rtas: modify spapr_rtas_register() to remove RTAS handlers

[Cédric Le Goater]

On 1/29/19 6:09 AM, Alexey Kardashevskiy wrote:
> 
> 
> On 08/01/2019 05:39, Cédric Le Goater wrote:
>> Removing RTAS handlers will become necessary when the new pseries
>> machine supporting multiple interrupt mode is introduced.
>>
>> Signed-off-by: Cédric Le Goater 
>> ---
>>  include/hw/ppc/spapr.h | 4 
>>  hw/ppc/spapr_rtas.c| 2 +-
>>  2 files changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
>> index 9e01a5a12e4a..9a6d015b9cf5 100644
>> --- a/include/hw/ppc/spapr.h
>> +++ b/include/hw/ppc/spapr.h
>> @@ -657,6 +657,10 @@ typedef void (*spapr_rtas_fn)(PowerPCCPU *cpu, 
>> sPAPRMachineState *sm,
>>uint32_t nargs, target_ulong args,
>>uint32_t nret, target_ulong rets);
>>  void spapr_rtas_register(int token, const char *name, spapr_rtas_fn fn);
>> +static inline void spapr_rtas_unregister(int token)
>> +{
>> +spapr_rtas_register(token, NULL, NULL);
>> +}
> 
> The new helper is not used anywhere.

ah yes. patch 10 should be introducing the helper in xics_kvm_disconnect()

I am fixing that.

Thanks,

C.

>>  target_ulong spapr_rtas_call(PowerPCCPU *cpu, sPAPRMachineState *sm,
>>   uint32_t token, uint32_t nargs, target_ulong 
>> args,
>>   uint32_t nret, target_ulong rets);
>> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
>> index d6a0952154ac..e005d5d08151 100644
>> --- a/hw/ppc/spapr_rtas.c
>> +++ b/hw/ppc/spapr_rtas.c
>> @@ -404,7 +404,7 @@ void spapr_rtas_register(int token, const char *name, 
>> spapr_rtas_fn fn)
>>  
>>  token -= RTAS_TOKEN_BASE;
>>  
>> -assert(!rtas_table[token].name);
>> +assert(!name || !rtas_table[token].name);
> 
> 
> but allowing name==NULL is.
> 
> 
>>  
>>  rtas_table[token].name = name;
>>  rtas_table[token].fn = fn;
>>
> 

Re: [Qemu-devel] [PATCH 2/3] scsi-disk: Add device_id property

[Markus Armbruster]

Kevin Wolf  writes:

> Am 28.01.2019 um 17:55 hat Markus Armbruster geschrieben:
>> Kevin Wolf  writes:
>> 
>> > Am 28.01.2019 um 09:50 hat Peter Krempa geschrieben:
>> [...]
>> >> 2) Is actually using 'scsi-cd'/'scsi-hd' the better option than
>> >> 'scsi-disk'?
>> >
>> > Yes, scsi-disk is a legacy device. Maybe we should formally deprecate
>> > it.
>> 
>> There's an internal use in scsi_bus_legacy_add_drive(), which in turn
>> powers two legacy features:
>> 
>> 1. -drive if=scsi
>> 
>>Creates scsi-disk frontends.
>> 
>>Only works with onboard HBAs since commit 14545097267, v2.12.0.
>> 
>> 2. -device usb-storage
>> 
>>Bad magic: usb-storage pretends to be a block device, but it's really
>>a SCSI bus that can serve only a single device, which it creates
>>automatically.
>> 
>> If we deprecate scsi-disk, we should deprecate these, too.  Can't say
>> whether that's practical right now.
>
> Most likely not worth the effort anyway. I don't think it's blocking
> anything.

We could also wean them off the legacy device models.

>> >> 3) Since upstream libvirt supports qemu-1.5 and newer and 'scsi-cd' is
>> >> already supported there, can we assume that all newer versions support
>> >> it? (Basically the question is whether it can be compiled out by
>> >> upstream means).
>> >
>> > I think so.
>> 
>> Compiling out scsi-hd or scsi-cd, but not scsi-disk would be silly.  All
>> three devices are in scsi-disk.c.  You'd have to hack that up to be
>> silly.
>
> I understood this as a question about libvirt, i.e. whether libvirt can
> drop/compile out their scsi-disk code and instead assume that scsi-hd/cd
> are always present. Maybe I misunderstood, though?

If questions remain, I trust Peter will ask.

Re: [Qemu-devel] [RFC PATCH] ahci-test: Add dependency to qemu-img tool

[Philippe Mathieu-Daudé]

On 1/28/19 8:14 PM, John Snow wrote:
> On 1/28/19 11:08 AM, Kevin Wolf wrote:
>> Am 25.01.2019 um 22:57 hat John Snow geschrieben:
>>> On 1/25/19 3:34 PM, Philippe Mathieu-Daudé wrote:
 Since the ahci-test uses qemu-img, add a dependency to build it
 before using it.
 This fixes:

   $ gmake check-qtest V=1
   QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 
 QTEST_QEMU_IMG=qemu-img tests/ahci-test
   Failed to execute child process "/tmp/qemu-test.19tMRF/qemu-img" (No 
 such file or directory)
   ERROR:tests/libqos/libqos.c:192:mkimg: assertion failed: (ret && !err)

 Signed-off-by: Philippe Mathieu-Daudé 
 ---
 RFC because while this dependency is valid, I don't think this is the
 clever way to solve this problem (which is, assuming the host
 distribution has the qemu-tools installed).
 I guess remember a thread about it (Eric, John?) where it was asked
 "What do we want to test, qemu-img or AHCI? Can we trust an unstable
 version of a tool to verify a device?"

>>> [...]
>>>
>>> Reviewed-by: John Snow 
>>
>> Are you taking this through your tree, or through which tree should it
>> be merged?
>>
>> Kevin
>>
> 
> I can, but it'd be the only patch I have this week. If it's not a
> burden, would you mind including it?

Actually there are few follow up patches slighly related (not AHCI), so
it indeed makes sense Kevin takes them. I'll respin.

Re: [Qemu-devel] [PATCH v11 1/3] util/mmap-alloc: Add a 'is_pmem' parameter to qemu_ram_mmap

[Pankaj Gupta]

> 
> From: Zhang Yi 
> 
> besides the existing 'shared' flags, we are going to add
> 'is_pmem' to qemu_ram_mmap(), which indicated the memory backend
> file is a persist memory.
> 
> Signed-off-by: Haozhong Zhang 
> Signed-off-by: Zhang Yi 
> ---
>  exec.c|  2 +-
>  include/qemu/mmap-alloc.h | 21 -
>  util/mmap-alloc.c |  6 +-
>  util/oslib-posix.c|  2 +-
>  4 files changed, 27 insertions(+), 4 deletions(-)
> 
> diff --git a/exec.c b/exec.c
> index bb6170d..27cea52 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1860,7 +1860,7 @@ static void *file_ram_alloc(RAMBlock *block,
>  }
>  
>  area = qemu_ram_mmap(fd, memory, block->mr->align,
> - block->flags & RAM_SHARED);
> + block->flags & RAM_SHARED, block->flags &
> RAM_PMEM);
>  if (area == MAP_FAILED) {
>  error_setg_errno(errp, errno,
>   "unable to map backing store for guest RAM");
> diff --git a/include/qemu/mmap-alloc.h b/include/qemu/mmap-alloc.h
> index 50385e3..190688a 100644
> --- a/include/qemu/mmap-alloc.h
> +++ b/include/qemu/mmap-alloc.h
> @@ -7,7 +7,26 @@ size_t qemu_fd_getpagesize(int fd);
>  
>  size_t qemu_mempath_getpagesize(const char *mem_path);
>  
> -void *qemu_ram_mmap(int fd, size_t size, size_t align, bool shared);
> +/**
> + * qemu_ram_mmap: mmap the specified file or device.
> + *
> + * Parameters:
> + *  @fd: the file or the device to mmap
> + *  @size: the number of bytes to be mmaped
> + *  @align: if not zero, specify the alignment of the starting mapping
> address;
> + *  otherwise, the alignment in use will be determined by QEMU.
> + *  @shared: map has RAM_SHARED flag.
> + *  @is_pmem: map has RAM_PMEM flag.
> + *
> + * Return:
> + *  On success, return a pointer to the mapped area.
> + *  On failure, return MAP_FAILED.
> + */
> +void *qemu_ram_mmap(int fd,
> +size_t size,
> +size_t align,
> +bool shared,
> +bool is_pmem);
>  
>  void qemu_ram_munmap(void *ptr, size_t size);
>  
> diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
> index fd329ec..97bbeed 100644
> --- a/util/mmap-alloc.c
> +++ b/util/mmap-alloc.c
> @@ -75,7 +75,11 @@ size_t qemu_mempath_getpagesize(const char *mem_path)
>  return getpagesize();
>  }
>  
> -void *qemu_ram_mmap(int fd, size_t size, size_t align, bool shared)
> +void *qemu_ram_mmap(int fd,
> +size_t size,
> +size_t align,
> +bool shared,
> +bool is_pmem)
>  {
>  /*
>   * Note: this always allocates at least one extra page of virtual
>   address
> diff --git a/util/oslib-posix.c b/util/oslib-posix.c
> index fbd0dc8..040937f 100644
> --- a/util/oslib-posix.c
> +++ b/util/oslib-posix.c
> @@ -203,7 +203,7 @@ void *qemu_memalign(size_t alignment, size_t size)
>  void *qemu_anon_ram_alloc(size_t size, uint64_t *alignment, bool shared)
>  {
>  size_t align = QEMU_VMALLOC_ALIGN;
> -void *ptr = qemu_ram_mmap(-1, size, align, shared);
> +void *ptr = qemu_ram_mmap(-1, size, align, shared, false);
>  
>  if (ptr == MAP_FAILED) {
>  return NULL;
> --
> 2.7.4

Looks good to me.

Reviewed-by: pagu...@redhat.com

> 
> 
> 

Re: [Qemu-devel] [PATCH v2 0/3] Trivial cleanup in hw/acpi

[Philippe Mathieu-Daudé]

Hi Wei,

On 1/29/19 1:08 AM, Wei Yang wrote:
> There are several functions/variable which are not used anymore.
> 
> This serials just remove those without functional change.
> 
> Wei Yang (3):
>   hw/i386/pc.c: remove unused function pc_acpi_init()
>   hw/acpi: remove unused function acpi_table_add_builtin()
>   hw/acpi: remove unnecessary variable acpi_table_builtin
> 
>  hw/acpi/core.c | 10 +-
>  hw/i386/pc.c   | 27 ---
>  include/hw/acpi/acpi.h |  1 -
>  include/hw/i386/pc.h   |  1 -
>  4 files changed, 1 insertion(+), 38 deletions(-)
> 

Please do not post iterated series in reply to previous version, but as
new thread:
- patches are parsed by scripts
- some email clients can tag a thread as "reviewed, skip" and replies to
this thread will be masked.

Regards,

Phil.

Re: [Qemu-devel] [PATCH v11 2/3] util/mmap-alloc: support MAP_SYNC in qemu_ram_mmap()

[Pankaj Gupta]

> 
> From: Zhang Yi 
> 
> When a file supporting DAX is used as vNVDIMM backend, mmap it with
> MAP_SYNC flag in addition which can ensure file system metadata
> synced in each guest writes to the backend file, without other QEMU
> actions (e.g., periodic fsync() by QEMU).
> 
> Current, We have below different possible use cases:
> 
> 1. pmem=on is set, shared=on is set, MAP_SYNC supported:
>a: backend is a dax supporting file.
> - MAP_SYNC will active.
>b: backend is not a dax supporting file.
> - mmap will trigger a warning. then MAP_SYNC flag will be ignored
> 
> 2. The rest of cases:
>- we will never pass the MAP_SYNC to mmap2
> 
> Signed-off-by: Haozhong Zhang 
> Signed-off-by: Zhang Yi 
> ---
>  include/qemu/osdep.h | 21 +
>  util/mmap-alloc.c| 28 +++-
>  2 files changed, 48 insertions(+), 1 deletion(-)
> 
> diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
> index 457d24e..96209bb 100644
> --- a/include/qemu/osdep.h
> +++ b/include/qemu/osdep.h
> @@ -419,6 +419,27 @@ void qemu_anon_ram_free(void *ptr, size_t size);
>  #  define QEMU_VMALLOC_ALIGN getpagesize()
>  #endif
>  
> +/*
> + * MAP_SHARED_VALIDATE and MAP_SYNC are introduced in Linux kernel
> + * 4.15, so they may not be defined when compiling on older kernels.
> + */
> +#ifdef CONFIG_LINUX
> +
> +#include 
> +
> +#ifndef MAP_SYNC
> +#define MAP_SYNC 0x8
> +#endif
> +
> +#ifndef MAP_SHARED_VALIDATE
> +#define MAP_SHARED_VALIDATE 0x03
> +#endif
> +
> +#else  /* !CONFIG_LINUX */
> +#define MAP_SYNC  0x0
> +#define MAP_SHARED_VALIDATE   0x0
> +#endif /* CONFIG_LINUX */
> +
>  #ifdef CONFIG_POSIX
>  struct qemu_signalfd_siginfo {
>  uint32_t ssi_signo;   /* Signal number */
> diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
> index 97bbeed..2c86ad2 100644
> --- a/util/mmap-alloc.c
> +++ b/util/mmap-alloc.c
> @@ -101,6 +101,7 @@ void *qemu_ram_mmap(int fd,
>  #else
>  void *ptr = mmap(0, total, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1,
>  0);
>  #endif
> +int mmap_xflags = 0;
>  size_t offset;
>  void *ptr1;
>  
> @@ -111,13 +112,38 @@ void *qemu_ram_mmap(int fd,
>  assert(is_power_of_2(align));
>  /* Always align to host page size */
>  assert(align >= getpagesize());
> +if (shared && is_pmem) {
> +mmap_xflags = MAP_SYNC | MAP_SHARED_VALIDATE;
> +}
>  
>  offset = QEMU_ALIGN_UP((uintptr_t)ptr, align) - (uintptr_t)ptr;
> +retry_mmap:
>  ptr1 = mmap(ptr + offset, size, PROT_READ | PROT_WRITE,
>  MAP_FIXED |
>  (fd == -1 ? MAP_ANONYMOUS : 0) |
> -(shared ? MAP_SHARED : MAP_PRIVATE),
> +(shared ? MAP_SHARED : MAP_PRIVATE) | mmap_xflags,
>  fd, 0);
> +
> +/* if map failed with MAP_SHARED_VALIDATE | MAP_SYNC,
> + * we try with MAP_SHARED_VALIDATE without MAP_SYNC
> + */
> +if (ptr1 == MAP_FAILED &&
> +mmap_xflags == (MAP_SYNC | MAP_SHARED_VALIDATE)) {
> +if (errno == ENOTSUP) {
> +perror("failed to validate with mapping flags");
> +}
> +mmap_xflags = MAP_SHARED_VALIDATE;
> +goto retry_mmap;
> +}
> +/* MAP_SHARED_VALIDATE flag is available since Linux 4.15
> + * Test only with MAP_SHARED_VALIDATE flag for compatibility.
> + * Then ignore the MAP_SHARED_VALIDATE flag and retry again
> + */
> +if (mmap_xflags == MAP_SHARED_VALIDATE &&
> +ptr1 == MAP_FAILED) {
> +mmap_xflags &= ~MAP_SHARED_VALIDATE;
> +goto retry_mmap;
> +}

I am not sure if we need this multiple validation. If MAP_SYNC with 
MAP_SHARED_VALIDATE is not supported or failed, just fallback to 
mmap without MAP_SYNC & MAP_SHARED_VALIDATE?

I saw a'lot of discussion in previous version of this patch series. 
I am not sure if its suggested this way or I am missing anything
important here.

Thanks,
Pankaj


>  if (ptr1 == MAP_FAILED) {
>  munmap(ptr, total);
>  return MAP_FAILED;
> --
> 2.7.4
> 
> 
> 

Re: [Qemu-devel] [PATCH] trace: rerun tracetool after ./configure changes

[Philippe Mathieu-Daudé]

On 1/29/19 3:53 AM, Stefan Hajnoczi wrote:
> Autogenerated code in trace.h/trace.c and friends is specific to the
> config-host.mak TRACE_BACKENDS setting and must be regenerated when
> ./configure --enable-trace-backend= changes settings.
> 
> This patch ensures that changes to TRACE_BACKENDS are detected.  For
> example, the trace-root.h file is now updated after switching trace
> backends:
> 
>   $ ./configure && make
>   $ cp trace-root.h /tmp/old-trace-root.h
>   $ ./configure --enable-trace-backend=simple && make
>   $ diff -u /tmp/old-trace-root.h trace-root.h
> 
> Reported-by: Christophe Lyon 
> Signed-off-by: Stefan Hajnoczi 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  Makefile | 16 
>  1 file changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index de898eab62..4e70cebc6a 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -145,7 +145,7 @@ tracetool-y += $(shell find $(SRC_PATH)/scripts/tracetool 
> -name "*.py")
>  
>  %/trace.h: %/trace.h-timestamp
>   @cmp $< $@ >/dev/null 2>&1 || cp $< $@
> -%/trace.h-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y)
> +%/trace.h-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y) 
> $(BUILD_DIR)/config-host.mak
>   $(call quiet-command,$(TRACETOOL) \
>   --group=$(call trace-group-name,$@) \
>   --format=h \
> @@ -154,7 +154,7 @@ tracetool-y += $(shell find $(SRC_PATH)/scripts/tracetool 
> -name "*.py")
>  
>  %/trace.c: %/trace.c-timestamp
>   @cmp $< $@ >/dev/null 2>&1 || cp $< $@
> -%/trace.c-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y)
> +%/trace.c-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y) 
> $(BUILD_DIR)/config-host.mak
>   $(call quiet-command,$(TRACETOOL) \
>   --group=$(call trace-group-name,$@) \
>   --format=c \
> @@ -163,7 +163,7 @@ tracetool-y += $(shell find $(SRC_PATH)/scripts/tracetool 
> -name "*.py")
>  
>  %/trace-ust.h: %/trace-ust.h-timestamp
>   @cmp $< $@ >/dev/null 2>&1 || cp $< $@
> -%/trace-ust.h-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y)
> +%/trace-ust.h-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y) 
> $(BUILD_DIR)/config-host.mak
>   $(call quiet-command,$(TRACETOOL) \
>   --group=$(call trace-group-name,$@) \
>   --format=ust-events-h \
> @@ -187,7 +187,7 @@ tracetool-y += $(shell find $(SRC_PATH)/scripts/tracetool 
> -name "*.py")
>  
>  trace-root.h: trace-root.h-timestamp
>   @cmp $< $@ >/dev/null 2>&1 || cp $< $@
> -trace-root.h-timestamp: $(SRC_PATH)/trace-events $(tracetool-y)
> +trace-root.h-timestamp: $(SRC_PATH)/trace-events $(tracetool-y) 
> $(BUILD_DIR)/config-host.mak
>   $(call quiet-command,$(TRACETOOL) \
>   --group=root \
>   --format=h \
> @@ -196,7 +196,7 @@ trace-root.h-timestamp: $(SRC_PATH)/trace-events 
> $(tracetool-y)
>  
>  trace-root.c: trace-root.c-timestamp
>   @cmp $< $@ >/dev/null 2>&1 || cp $< $@
> -trace-root.c-timestamp: $(SRC_PATH)/trace-events $(tracetool-y)
> +trace-root.c-timestamp: $(SRC_PATH)/trace-events $(tracetool-y) 
> $(BUILD_DIR)/config-host.mak
>   $(call quiet-command,$(TRACETOOL) \
>   --group=root \
>   --format=c \
> @@ -205,7 +205,7 @@ trace-root.c-timestamp: $(SRC_PATH)/trace-events 
> $(tracetool-y)
>  
>  trace-ust-root.h: trace-ust-root.h-timestamp
>   @cmp $< $@ >/dev/null 2>&1 || cp $< $@
> -trace-ust-root.h-timestamp: $(SRC_PATH)/trace-events $(tracetool-y)
> +trace-ust-root.h-timestamp: $(SRC_PATH)/trace-events $(tracetool-y) 
> $(BUILD_DIR)/config-host.mak
>   $(call quiet-command,$(TRACETOOL) \
>   --group=root \
>   --format=ust-events-h \
> @@ -214,7 +214,7 @@ trace-ust-root.h-timestamp: $(SRC_PATH)/trace-events 
> $(tracetool-y)
>  
>  trace-ust-all.h: trace-ust-all.h-timestamp
>   @cmp $< $@ >/dev/null 2>&1 || cp $< $@
> -trace-ust-all.h-timestamp: $(trace-events-files) $(tracetool-y)
> +trace-ust-all.h-timestamp: $(trace-events-files) $(tracetool-y) 
> $(BUILD_DIR)/config-host.mak
>   $(call quiet-command,$(TRACETOOL) \
>   --group=all \
>   --format=ust-events-h \
> @@ -223,7 +223,7 @@ trace-ust-all.h-timestamp: $(trace-events-files) 
> $(tracetool-y)
>  
>  trace-ust-all.c: trace-ust-all.c-timestamp
>   @cmp $< $@ >/dev/null 2>&1 || cp $< $@
> -trace-ust-all.c-timestamp: $(trace-events-files) $(tracetool-y)
> +trace-ust-all.c-timestamp: $(trace-events-files) $(tracetool-y) 
> $(BUILD_DIR)/config-host.mak
>   $(call quiet-command,$(TRACETOOL) \
>   --group=all \
>   --format=ust-events-c \
> 

Re: [Qemu-devel] [Qemu-ppc] [PATCH v3 2/8] target/ppc: rework vmrg{l, h}{b, h, w} instructions to use Vsr* macros

[Mark Cave-Ayland]

On 29/01/2019 02:28, David Gibson wrote:

> On Sun, Jan 27, 2019 at 10:07:12AM -0800, Richard Henderson wrote:
>> On 1/27/19 9:45 AM, Mark Cave-Ayland wrote:
 I would expect the i < n/2 loop to be faster, because the assignments are
 unconditional.  FWIW.
>>>
>>> Do you have any idea as to how much faster? Is it something that would show
>>> up as significant within the context of QEMU?
>>
>> I don't have any numbers on that, no.
>>
>>> As well as eliminating the HI_IDX/LO_IDX constants I do find the updated
>>> version much easier to read, so I would prefer to keep it if possible.
>>> What about unrolling the loop into 2 separate ones...
>>
>> I doubt that would be helpful.
>>
>> I would think that
>>
>> #define VMRG_DO(name, access, ofs)
>> ...
>> int i, half = ARRAY_SIZE(r->access(0)) / 2;
>> ...
>> for (i = 0; i < half; i++) {
>> result.access(2 * i + 0) = a->access(i + ofs);
>> result.access(2 * i + 1) = b->access(i + ofs);
>> }
>>
>> where OFS = 0 for HI and half for LO is best.  I find it quite readable, and 
>> it
>> avoids duplicating code between LO and HI as you're currently doing.
> 
> Marc, Richard, where are we at with this?
> 
> Should I wait on a revised version of this patch before applying the
> series?

Certainly the v3 as posted is correct (I've tested this particular patch on 
both big
and small endian machines), so I believe the only question is whether this 
introduces
any noticeable performance penalty.

Let me try and run a few simple tests and report back.

BTW are you able to take my qemu-macppc queue posted yesterday at
https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg07263.html? There's no
functional change except for PPC MacOS users who explicitly enable the new QEMU 
EDID
support on the command line.


ATB,

Mark.

[Qemu-devel] [PATCH v2] chardev: Avoid adding duplicate chardev

[Pankaj Gupta]

Hotplugging existing char chardev with qmp, dereferences(removes) 
existing chardev. This patch avoids adding a chardev if a chardev 
with same id exists.

RH BZ 1660831: 

# (host) ls -lt /tmp/helloworld*
srwxr-xr-x.  /tmp/helloworld1
srwxr-xr-x.  /tmp/helloworld2

Before this patch:

hotplug existed chardev(channel1) in qmp:
{"execute":"chardev-add","arguments":{"id":"charchannel1","backend":{"type":"socket",
"data":{"addr":{"type":"unix", "data": {"path": "/tmp/helloworld1"}}

{"error": {"class": "GenericError", "desc": "attempt to add duplicate 
property 'charchannel1' to object (type 'container')"}}

# ls -lt /tmp/helloworld*
srwxr-xr-x. 1 root root 0 Dec 19 16:39 /tmp/helloworld2

After this patch:

{"execute":"chardev-add","arguments":{"id":"charchannel1","backend":{"type":"socket",
"data":{"addr":{"type":"unix", "data": {"path": "/tmp/helloworld1"}}
{"error": {"class": "GenericError", "desc": "Chardev 'charchannel1' already 
exists"}}

# ls -lt /tmp/helloworld*
srwxr-xr-x. 1 /tmp/helloworld1
srwxr-xr-x. 1 /tmp/helloworld2
 
Reported-by: Xiaohui Li 
Signed-off-by: Pankaj Gupta 
---

v1->v2
 Correct error message - Eric 

 chardev/char.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/chardev/char.c b/chardev/char.c
index ccba36bafb..cab0d3df16 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -985,6 +985,12 @@ ChardevReturn *qmp_chardev_add(const char *id, 
ChardevBackend *backend,
 ChardevReturn *ret;
 Chardev *chr;
 
+chr = qemu_chr_find(id);
+if (chr) {
+error_setg(errp, "Chardev '%s' already exists", id);
+return NULL;
+}
+
 cc = char_get_class(ChardevBackendKind_str(backend->type), errp);
 if (!cc) {
 return NULL;
-- 
2.14.3

Re: [Qemu-devel] [PATCH v4 02/14] audio: use qapi AudioFormat instead of audfmt_e

[Thomas Huth]

On 2019-01-28 23:43, Kővágó, Zoltán wrote:
> I had to include an enum for audio sampling formats into qapi, but that
> meant duplicating the audfmt_e enum.  This patch replaces audfmt_e and
> associated values with the qapi generated AudioFormat enum.
> 
> This patch is mostly a search-and-replace, except for switches where the
> qapi generated AUDIO_FORMAT_MAX caused problems.
> 
> Signed-off-by: Kővágó, Zoltán 
> ---

Reviewed-by: Thomas Huth 

[Qemu-devel] [PATCH v11 2/3] util/mmap-alloc: support MAP_SYNC in qemu_ram_mmap()

[Zhang, Yi]

From: Zhang Yi 

When a file supporting DAX is used as vNVDIMM backend, mmap it with
MAP_SYNC flag in addition which can ensure file system metadata
synced in each guest writes to the backend file, without other QEMU
actions (e.g., periodic fsync() by QEMU).

Current, We have below different possible use cases:

1. pmem=on is set, shared=on is set, MAP_SYNC supported:
   a: backend is a dax supporting file.
- MAP_SYNC will active.
   b: backend is not a dax supporting file.
- mmap will trigger a warning. then MAP_SYNC flag will be ignored

2. The rest of cases:
   - we will never pass the MAP_SYNC to mmap2

Signed-off-by: Haozhong Zhang 
Signed-off-by: Zhang Yi 
---
 include/qemu/osdep.h | 21 +
 util/mmap-alloc.c| 28 +++-
 2 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 457d24e..96209bb 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -419,6 +419,27 @@ void qemu_anon_ram_free(void *ptr, size_t size);
 #  define QEMU_VMALLOC_ALIGN getpagesize()
 #endif
 
+/*
+ * MAP_SHARED_VALIDATE and MAP_SYNC are introduced in Linux kernel
+ * 4.15, so they may not be defined when compiling on older kernels.
+ */
+#ifdef CONFIG_LINUX
+
+#include 
+
+#ifndef MAP_SYNC
+#define MAP_SYNC 0x8
+#endif
+
+#ifndef MAP_SHARED_VALIDATE
+#define MAP_SHARED_VALIDATE 0x03
+#endif
+
+#else  /* !CONFIG_LINUX */
+#define MAP_SYNC  0x0
+#define MAP_SHARED_VALIDATE   0x0
+#endif /* CONFIG_LINUX */
+
 #ifdef CONFIG_POSIX
 struct qemu_signalfd_siginfo {
 uint32_t ssi_signo;   /* Signal number */
diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
index 97bbeed..2c86ad2 100644
--- a/util/mmap-alloc.c
+++ b/util/mmap-alloc.c
@@ -101,6 +101,7 @@ void *qemu_ram_mmap(int fd,
 #else
 void *ptr = mmap(0, total, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
 #endif
+int mmap_xflags = 0;
 size_t offset;
 void *ptr1;
 
@@ -111,13 +112,38 @@ void *qemu_ram_mmap(int fd,
 assert(is_power_of_2(align));
 /* Always align to host page size */
 assert(align >= getpagesize());
+if (shared && is_pmem) {
+mmap_xflags = MAP_SYNC | MAP_SHARED_VALIDATE;
+}
 
 offset = QEMU_ALIGN_UP((uintptr_t)ptr, align) - (uintptr_t)ptr;
+retry_mmap:
 ptr1 = mmap(ptr + offset, size, PROT_READ | PROT_WRITE,
 MAP_FIXED |
 (fd == -1 ? MAP_ANONYMOUS : 0) |
-(shared ? MAP_SHARED : MAP_PRIVATE),
+(shared ? MAP_SHARED : MAP_PRIVATE) | mmap_xflags,
 fd, 0);
+
+/* if map failed with MAP_SHARED_VALIDATE | MAP_SYNC,
+ * we try with MAP_SHARED_VALIDATE without MAP_SYNC
+ */
+if (ptr1 == MAP_FAILED &&
+mmap_xflags == (MAP_SYNC | MAP_SHARED_VALIDATE)) {
+if (errno == ENOTSUP) {
+perror("failed to validate with mapping flags");
+}
+mmap_xflags = MAP_SHARED_VALIDATE;
+goto retry_mmap;
+}
+/* MAP_SHARED_VALIDATE flag is available since Linux 4.15
+ * Test only with MAP_SHARED_VALIDATE flag for compatibility.
+ * Then ignore the MAP_SHARED_VALIDATE flag and retry again
+ */
+if (mmap_xflags == MAP_SHARED_VALIDATE &&
+ptr1 == MAP_FAILED) {
+mmap_xflags &= ~MAP_SHARED_VALIDATE;
+goto retry_mmap;
+}
 if (ptr1 == MAP_FAILED) {
 munmap(ptr, total);
 return MAP_FAILED;
-- 
2.7.4

[Qemu-devel] [PATCH v11 1/3] util/mmap-alloc: Add a 'is_pmem' parameter to qemu_ram_mmap

[Zhang, Yi]

From: Zhang Yi 

besides the existing 'shared' flags, we are going to add
'is_pmem' to qemu_ram_mmap(), which indicated the memory backend
file is a persist memory.

Signed-off-by: Haozhong Zhang 
Signed-off-by: Zhang Yi 
---
 exec.c|  2 +-
 include/qemu/mmap-alloc.h | 21 -
 util/mmap-alloc.c |  6 +-
 util/oslib-posix.c|  2 +-
 4 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/exec.c b/exec.c
index bb6170d..27cea52 100644
--- a/exec.c
+++ b/exec.c
@@ -1860,7 +1860,7 @@ static void *file_ram_alloc(RAMBlock *block,
 }
 
 area = qemu_ram_mmap(fd, memory, block->mr->align,
- block->flags & RAM_SHARED);
+ block->flags & RAM_SHARED, block->flags & RAM_PMEM);
 if (area == MAP_FAILED) {
 error_setg_errno(errp, errno,
  "unable to map backing store for guest RAM");
diff --git a/include/qemu/mmap-alloc.h b/include/qemu/mmap-alloc.h
index 50385e3..190688a 100644
--- a/include/qemu/mmap-alloc.h
+++ b/include/qemu/mmap-alloc.h
@@ -7,7 +7,26 @@ size_t qemu_fd_getpagesize(int fd);
 
 size_t qemu_mempath_getpagesize(const char *mem_path);
 
-void *qemu_ram_mmap(int fd, size_t size, size_t align, bool shared);
+/**
+ * qemu_ram_mmap: mmap the specified file or device.
+ *
+ * Parameters:
+ *  @fd: the file or the device to mmap
+ *  @size: the number of bytes to be mmaped
+ *  @align: if not zero, specify the alignment of the starting mapping address;
+ *  otherwise, the alignment in use will be determined by QEMU.
+ *  @shared: map has RAM_SHARED flag.
+ *  @is_pmem: map has RAM_PMEM flag.
+ *
+ * Return:
+ *  On success, return a pointer to the mapped area.
+ *  On failure, return MAP_FAILED.
+ */
+void *qemu_ram_mmap(int fd,
+size_t size,
+size_t align,
+bool shared,
+bool is_pmem);
 
 void qemu_ram_munmap(void *ptr, size_t size);
 
diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
index fd329ec..97bbeed 100644
--- a/util/mmap-alloc.c
+++ b/util/mmap-alloc.c
@@ -75,7 +75,11 @@ size_t qemu_mempath_getpagesize(const char *mem_path)
 return getpagesize();
 }
 
-void *qemu_ram_mmap(int fd, size_t size, size_t align, bool shared)
+void *qemu_ram_mmap(int fd,
+size_t size,
+size_t align,
+bool shared,
+bool is_pmem)
 {
 /*
  * Note: this always allocates at least one extra page of virtual address
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index fbd0dc8..040937f 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -203,7 +203,7 @@ void *qemu_memalign(size_t alignment, size_t size)
 void *qemu_anon_ram_alloc(size_t size, uint64_t *alignment, bool shared)
 {
 size_t align = QEMU_VMALLOC_ALIGN;
-void *ptr = qemu_ram_mmap(-1, size, align, shared);
+void *ptr = qemu_ram_mmap(-1, size, align, shared, false);
 
 if (ptr == MAP_FAILED) {
 return NULL;
-- 
2.7.4

[Qemu-devel] [PATCH v11 3/3] docs: Added MAP_SYNC documentation

[Zhang, Yi]

From: Zhang Yi 

Signed-off-by: Zhang Yi 
---
 docs/nvdimm.txt | 29 -
 qemu-options.hx |  4 
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/docs/nvdimm.txt b/docs/nvdimm.txt
index 5f158a6..9da96aa 100644
--- a/docs/nvdimm.txt
+++ b/docs/nvdimm.txt
@@ -142,11 +142,38 @@ backend of vNVDIMM:
 Guest Data Persistence
 --
 
+vNVDIMM is designed and implemented to guarantee the guest data
+persistence on the backends in case of host crash or a power failures.
+However, there are still some requirements and limitations
+as explained below.
+
 Though QEMU supports multiple types of vNVDIMM backends on Linux,
-currently the only one that can guarantee the guest write persistence
+if MAP_SYNC is not supported by the host kernel and the backends,
+the only backend that can guarantee the guest write persistence
 is the device DAX on the real NVDIMM device (e.g., /dev/dax0.0), to
 which all guest access do not involve any host-side kernel cache.
 
+mmap(2) flag MAP_SYNC is added since Linux kernel 4.15. On such
+systems, QEMU can mmap(2) the dax backend files with MAP_SYNC, which
+ensures filesystem metadata consistency in case of a host crash or a power
+failure. Enabling MAP_SYNC in QEMU requires below conditions
+
+ - 'pmem' option of memory-backend-file is 'on':
+   The backend is a file supporting DAX, e.g., a file on an ext4 or
+   xfs file system mounted with '-o dax'. if your pmem=on ,but the backend is
+   not a file supporting DAX, mapping with this flag results in an EOPNOTSUPP
+   warning. then MAP_SYNC will be ignored
+
+ - 'share' option of memory-backend-file is 'on':
+   MAP_SYNC flag available only with the MAP_SHARED_VALIDATE mapping type.
+
+ - 'MAP_SYNC' is supported on linux kernel.(default opened since Linux 4.15)
+
+Otherwise, We will ignore the MAP_SYNC flag.
+
+For more details, please reference mmap(2) man page:
+http://man7.org/linux/man-pages/man2/mmap.2.html.
+
 When using other types of backends, it's suggested to set 'unarmed'
 option of '-device nvdimm' to 'on', which sets the unarmed flag of the
 guest NVDIMM region mapping structure.  This unarmed flag indicates
diff --git a/qemu-options.hx b/qemu-options.hx
index 08f8516..0cd41f4 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4002,6 +4002,10 @@ using the SNIA NVM programming model (e.g. Intel NVDIMM).
 If @option{pmem} is set to 'on', QEMU will take necessary operations to
 guarantee the persistence of its own writes to @option{mem-path}
 (e.g. in vNVDIMM label emulation and live migration).
+Also, we will map the backend-file with MAP_SYNC flag, which can ensure
+the file metadata is in sync to @option{mem-path} in case of host crash
+or a power failure. MAP_SYNC requires support from both the host kernel
+(since Linux kernel 4.15) and @option{mem-path} (only files supporting DAX).
 
 @item -object 
memory-backend-ram,id=@var{id},merge=@var{on|off},dump=@var{on|off},share=@var{on|off},prealloc=@var{on|off},size=@var{size},host-nodes=@var{host-nodes},policy=@var{default|preferred|bind|interleave}
 
-- 
2.7.4

[Qemu-devel] [PATCH v11 0/3] support MAP_SYNC for memory-backend-file

[Zhang, Yi]

Linux 4.15 introduces a new mmap flag MAP_SYNC, which can be used to
guarantee the write persistence to mmap'ed files supporting DAX (e.g.,
files on ext4/xfs file system mounted with '-o dax').

A description of MAP_SYNC and MAP_SHARED_VALIDATE can be found at
https://patchwork.kernel.org/patch/10028151/

In order to make sure that the file metadata is in sync after a fault 
while we are writing a shared DAX supporting backend files, this
patch-set enables QEMU to use MAP_SYNC flag for memory-backend-dax-file.

As the DAX vs DMA truncated issue was solved, we refined the code and
send out this feature for the v5 version.

We will pass MAP_SYNC to mmap(2); if MAP_SYNC is supported and
'share=on' & 'pmem=on'. 
Or QEMU will not pass this flag to mmap(2)

Test with below cases:
1. pmem=on is set, shared=on is set, MAP_SYNC supported:
   a: backend is a dax supporting file.
   1) start VM1 with options:
   -object 
memory-backend-file,id=nv_be4,share,mem-path=${DAX_FILE_1},size=${DAX_FILE_SIZE_1},align=128M,pmem=on,share=on
   -device nvdimm,id=nv4,memdev=nv_be4,label-size=2M.
   
   2) start VM2 with options:
   -object 
memory-backend-file,id=nv_be4,share,mem-path=${DAX_FILE_2,size=${DAX_FILE_SIZE_2},align=128M,pmem=on,share=on
   -device nvdimm,id=nv4,memdev=nv_be4,label-size=2M.

   3) live migrate from VM1 to VM2.
   
   4) Suddly let Host crash or power failure.

   5) check DAX_FILE_1 and DAX_FILE_2, no corrupt.

   b: backend is a regular file.
   1) start with options
   -object 
memory-backend-file,id=nv_be4,share,mem-path=${REG_FILE},size=${REG_FILE_SIZE},align=128M,pmem=on,share=on
   -device nvdimm,id=nv4,memdev=nv_be4,label-size=2M.

   will warning "failed to validate with mapping flags: Operation not supported"
   FILE_1 and FILE_2 random corrupt.

2. Other cases:
   FILE_1 and FILE_2 random corrupt.

Changes in V11:
 * 1/3: Micheal: Change to just add a bool is_pmem in qemu_ram_mmap.
 * 2/3: Micheal: Fix the compatibility for old kernel.
 * 2/3&3/3: Micheal :Update the behavior below: 
   Waning at no-dax and continue without MAP_SYNC.
   Test if fails again for compatibility, then remove the MAP_VALIDATE and
   silently proceed.

Changes in V10:
 * 4/4: refine the document.
 * 3/4: Reviewed-by: Stefano Garzarella 
 * 2/4: refine the commit message, Added MAP_SHARED_VALIDATE.
 * 2/4: Fix the wrong include header

Changes in V9:
 * 1/6: Reviewed-by: Eduardo Habkost 
 * 2/6: New Added: Micheal: use sparse feature define RAM_FLAG. 
 since I don't have much knowledge about the sparse feature, @Micheal Could you 
 add some documentation/commit message on this patch? Thank you very much.
 * 3/6: from 2/5: Eduardo: updated the commit message. 
 * 4/6: from 3/5: Micheal: don't ignore MAP_SYNC failures silently.
 * 5/6: from 4/5: Eduardo: updated the commit message.
 * 6/6: from 5/5: Micheal: Drop the sync option, document the MAP_SYNC.

Changes in v8:
 * Micheal: 3/5, remove the duplicated define in the os_dep.h
 * Micheal: 2/5, make type define safety.
 * Micheal: 2/5, fixed the incorrect define MAP_SHARE on qemu_anon_ram_alloc.
 * 4/6 removed, we remove the on/off/auto define of sync,  as by now,
   MAP_SYNC only worked with pmem=on.
 * @Micheal, I still reuse the RAM_SYNC flag, it is much straightforward to 
parse 
   all the flags in one parameter.

Changes in v7:
 * Micheal: [3,4,6]/6 limited the "sync" flag only on a nvdimm backend.(pmem=on)

Changes in v6:
 * Pankaj: 3/7 are squashed with 2/7
 * Pankaj: 7/7 update comments to "consistent filesystem metadata".
 * Pankaj, Igor: 1/7 Added Reviewed-by in patch-1/7
 * Stefan, 4/7 move the include header from "/linux/mman.h" to "osdep.h"
 * Stefan, 5/7 Add missing "munmap"
 * Stefan, 2/7 refine the shared/flag.

Changes in v5:
 * Add patch 1 to fix a memory leak issue.
 * Refine the patch 4-6
 * Remove the patch 3 as we already change the parameter from "shared" to
   "flags"

Changes in v4:
 * Add patch 1-3 to switch some functions to a single 'flags'
   parameters. (Michael S. Tsirkin)
 * v3 patch 1-3 become v4 patch 4-6.
 * Patch 4: move definitions of MAP_SYNC and MAP_SHARED_VALIDATE to a
   new header file under include/standard-headers/linux/. (Michael S. Tsirkin)
 * Patch 6: refine the description of the 'sync' option. (Michael S. Tsirkin)

Changes in v3:
 * Patch 1: add MAP_SHARED_VALIDATE in both sync=on and sync=auto
   cases, and add back the retry mechanism. MAP_SYNC will be ignored
   by Linux kernel 4.15 if MAP_SHARED_VALIDATE is missed.
 * Patch 1: define MAP_SYNC and MAP_SHARED_VALIDATE as 0 on non-Linux
   platforms in order to make qemu_ram_mmap() compile on those platforms.
 * Patch 2&3: include more information in error messages of
   memory-backend in hope to help user to identify the error.
   (Dr. David Alan Gilbert)
 * Patch 3: fix typo in the commit message. (Dr. David Alan Gilbert)

Changes in v2:
 * Add 'sync' option to control the use of MAP_SYNC. (Eduardo Habkost)
 * Remove the unnecessary set of MAP_SHARED_VALIDATE 

Re: [Qemu-devel] [PATCH v5 1/6] vhost-user: Support transferring inflight buffer between qemu and backend

[Yongji Xie]

On Tue, 29 Jan 2019 at 12:26, Michael S. Tsirkin  wrote:
>
> On Tue, Jan 29, 2019 at 12:11:55PM +0800, Stefan Hajnoczi wrote:
> > On Tue, Jan 22, 2019 at 04:31:47PM +0800, elohi...@gmail.com wrote:
> > > +typedef struct DescState {
> > > +uint8_t inuse;
> > > +uint8_t version;
> > > +uint16_t used_idx;
> > > +uint16_t avail_idx;
> > > +uint16_t reserved;
> > > +} DescState;
> > > +
> > > +typedef struct QueueRegion {
> > > +uint8_t valid;
>
> what's this?
>

We can use this to check whether this buffer is reset by qemu.

> > > +uint16_t desc_num;
>
> there's padding before this field. Pls make it explicit.
>

Will do it.

> > > +DescState desc[0];
> > > +} QueueRegion;
> > > +
> > > +The struct DescState is used to describe one head-descriptor's state. The
> > > +fields have following meanings:
> > > +
> > > +inuse: Indicate whether the descriptor is inuse or not.
>
> inuse by what?
>

Maybe inflight is better?

> > > +
> > > +version: Indicate whether we have an atomic update to used ring and
> > > +inflight buffer when slave crash at that point. This field should be
> > > +increased by one before and after this two updates. An odd version
> > > +indicates an in-progress update.
>
> I'm not sure I understand what does the above say. Also does this
> require two atomics? Seems pretty expensive. And why is it called
> version?
>
> > > +
> > > +used_idx: Store old index of used ring before we update used ring and
> > > +inflight buffer so that slave can know whether an odd version 
> > > inflight
> > > +head-descriptor in inflight buffer is processed or not.
>
> Here too.
>

Sorry, the above description may be not clear. This two fields are
used to indicate whether we have an in-progress update to used ring
and inflight buffer. If slave crash before the update to used_ring and
after the update to inflight buffer, the version should be odd and
used_idx should be equal to used_ring.idx. Then we need to roll back
the update to inflight buffer. As for the name of the version filed,
actually I didn't find a good one, so I just copy it from struct
kvm_steal_time...

> > > +
> > > +avail_idx: Used to preserve the descriptor's order in avail ring so 
> > > that
> > > +slave can resubmit descriptors in order.
>
> Why would that be necessary?
>

Maybe some devices will be able to use it to preserve order after
reconnecting in future?

> >
> > Will a completely new "packed vring" inflight shm layout be necessary to
> > support the packed vring layout in VIRTIO 1.1?
> >
> > https://docs.oasis-open.org/virtio/virtio/v1.1/csprd01/virtio-v1.1-csprd01.html#x1-610007
>
> Probably.
>

How about supporting packed virtqueue in guest driver?

Thanks,
Yongji

Re: [Qemu-devel] [PATCH v4 03/14] audio: -audiodev command line option: documentation

[Thomas Huth]

On 2019-01-28 23:43, Kővágó, Zoltán wrote:
> This patch adds documentation of an -audiodev command line option, that
> deprecates the old QEMU_* environment variables for audio backend
> configuration.  It's syntax is similar to existing options (-netdev,
> -device, etc):
> 
>   -audiodev driver_name,property=value,...
> 
> Although now it's possible to specify multiple -audiodev options on
> command line, multiple audio backends are not supported yet.
> 
> Signed-off-by: Kővágó, Zoltán 
> ---
>  qemu-options.hx | 222 +++-
>  1 file changed, 219 insertions(+), 3 deletions(-)
> 
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 521511ec13..a12931899b 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -416,14 +416,230 @@ The default is @code{en-us}.
>  ETEXI
>  
>  
> +HXCOMM Deprecated by -audiodev
>  DEF("audio-help", 0, QEMU_OPTION_audio_help,
> -"-audio-help print list of audio drivers and their options\n",
> +"-audio-help show -audiodev equivalent of the currently specified 
> audio settings\n",
>  QEMU_ARCH_ALL)

Note that if you want to deprecate a parameter "officially" (in the
sense that it could be removed in a future release), you also have to
add an entry to qemu-deprecated.texi. But that could also be done in an
additional patch later, so no need to respin just because of this.

 Thomas

Re: [Qemu-devel] [PATCH v2 4/4] hw/display/milkymist-tmu2: Move inlined code from header to source

[Thomas Huth]

On 2019-01-28 18:47, Philippe Mathieu-Daudé wrote:
> Cc'ing Thomas/Paolo for Makefile rules...
> 
> On 1/24/19 12:43 PM, Gerd Hoffmann wrote:
>> On Thu, Jan 24, 2019 at 02:15:54AM +0100, Philippe Mathieu-Daudé wrote:
>>> Move the complexity of milkymist_tmu2_create() into the
>>> source file. Doing so we avoid to include the X11/OpenGL
>>> headers in all LM32 devices, and we also avoid the duplicate
>>> declaration of glx_fbconfig_attr[] (it is already declared
>>> in hw/display/milkymist-tmu2.c).
>>> Since TYPE_MILKYMIST_TMU2 is now accessible, use it.
>>
>> Oops, fails the build:
>>
>>   LINKlm32-softmmu/qemu-system-lm32
>> hw/lm32/milkymist.o: In function `milkymist_init':
>> milkymist.c:(.text+0xb0f): undefined reference to `milkymist_tmu2_create'
> 
> The problem comes from patch #2:
> 
>> diff --git a/default-configs/lm32-softmmu.mak
> b/default-configs/lm32-softmmu.mak
>> index 4889348a10..4049b23562 100644
>> --- a/default-configs/lm32-softmmu.mak
>> +++ b/default-configs/lm32-softmmu.mak
>> @@ -2,7 +2,7 @@
>>
>>  CONFIG_LM32=y
>>  CONFIG_MILKYMIST=y
>> -CONFIG_MILKYMIST_TMU2=$(CONFIG_OPENGL)
>> +CONFIG_MILKYMIST_TMU2=$(call land,$(CONFIG_X11),$(CONFIG_OPENGL))
>>  CONFIG_FRAMEBUFFER=y
>>  CONFIG_PTIMER=y
>>  CONFIG_PFLASH_CFI01=y
>> diff --git a/hw/display/Makefile.objs b/hw/display/Makefile.objs
>> index 97acd5b6cb..079e702f25 100644
>> --- a/hw/display/Makefile.objs
>> +++ b/hw/display/Makefile.objs
>> @@ -29,8 +29,8 @@ common-obj-$(CONFIG_MILKYMIST) += milkymist-vgafb.o
>>  common-obj-$(CONFIG_ZAURUS) += tc6393xb.o
>>
>>  common-obj-$(CONFIG_MILKYMIST_TMU2) += milkymist-tmu2.o
>> -milkymist-tmu2.o-cflags := $(X11_CFLAGS)
>> -milkymist-tmu2.o-libs := $(X11_LIBS)
>> +milkymist-tmu2.o-cflags := $(X11_CFLAGS) $(OPENGL_CFLAGS)
>> +milkymist-tmu2.o-libs := $(X11_LIBS) $(OPENGL_LIBS)
>>
>>  obj-$(CONFIG_OMAP) += omap_dss.o
>>  obj-$(CONFIG_OMAP) += omap_lcdc.o
> 
> Using $(call land) seems to break CONFIG_MILKYMIST_TMU2 availability in
> $(common-obj), while it works correctly in the per-target $(obj).
> I'm not sure what is the cause, but moving milkymist-tmu2.o to $(obj)
> makes more sense and fix this, so I'll go this way.

You could try whether adding an additional

 common-obj-$(CONFIG_ALL) += milkymist-tmu2.o

fixes the issue for you, too.

OTOH, milkymist is only used by one target, so there is really no reason
that this file should be added to common-obj, thus using $(obj) is fine
here.

 Thomas

[Qemu-devel] [PATCH] iothread: fix iothread hang when stop too soon

[Peter Xu]

Lukas reported an hard to reproduce QMP iothread hang on s390 that
QEMU might hang at pthread_join() of the QMP monitor iothread before
quitting:

  Thread 1
  #0  0x03ffad10932c in pthread_join
  #1  0x000109e95750 in qemu_thread_join
  at /home/thuth/devel/qemu/util/qemu-thread-posix.c:570
  #2  0x000109c95a1c in iothread_stop
  #3  0x000109bb0874 in monitor_cleanup
  #4  0x000109b55042 in main

While the iothread is still in the main loop:

  Thread 4
  #0  0x03ffad0010e4 in ??
  #1  0x03ffad553958 in g_main_context_iterate.isra.19
  #2  0x03ffad553d90 in g_main_loop_run
  #3  0x000109c9585a in iothread_run
  at /home/thuth/devel/qemu/iothread.c:74
  #4  0x000109e94752 in qemu_thread_start
  at /home/thuth/devel/qemu/util/qemu-thread-posix.c:502
  #5  0x03ffad10825a in start_thread
  #6  0x03ffad00dcf2 in thread_start

IMHO it's because there's a race between the main thread and iothread
when stopping the thread in following sequence:

main thread   iothread
===   ==
  aio_poll()
iothread_get_g_main_context
  set iothread->worker_context
iothread_stop
  schedule iothread_stop_bh
execute iothread_stop_bh [1]
  set iothread->running=false
  (since main_loop==NULL so
   skip to quit main loop.
   Note: although main_loop is
   NULL but worker_context is
   not!)
  atomic_read(>worker_context) [2]
create main_loop object
g_main_loop_run() [3]
pthread_join() [4]

We can see that when execute iothread_stop_bh() at [1] it's possible
that main_loop is still NULL because it's only created until the first
check of the worker_context later at [2].  Then the iothread will hang
in the main loop [3] and it'll starve the main thread too [4].

Here the simple solution should be that we check again the "running"
variable before check against worker_context.

CC: Thomas Huth 
CC: Dr. David Alan Gilbert 
CC: Stefan Hajnoczi 
CC: Lukáš Doktor 
CC: Markus Armbruster 
CC: Eric Blake 
CC: Paolo Bonzini 
Reported-by: Lukáš Doktor 
Signed-off-by: Peter Xu 
---

This hasn't yet been verified on the initial s390 systems, but since I
can reproduce it locally with this code clip:

IOThread *iothread = iothread_create("test", NULL);
iothread_get_g_main_context(iothread);
iothread_stop(iothread);

so I'm still posting this out for review first in case it was hit by
other users.
---
 iothread.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/iothread.c b/iothread.c
index 2fb1cdf55d..e615b7ae52 100644
--- a/iothread.c
+++ b/iothread.c
@@ -63,7 +63,11 @@ static void *iothread_run(void *opaque)
 while (iothread->running) {
 aio_poll(iothread->ctx, true);
 
-if (atomic_read(>worker_context)) {
+/*
+ * We must check the running state again in case it was
+ * changed in previous aio_poll()
+ */
+if (iothread->running && atomic_read(>worker_context)) {
 GMainLoop *loop;
 
 g_main_context_push_thread_default(iothread->worker_context);
-- 
2.17.1

[Qemu-devel] Last call for GSoC/Outreachy project ideas

[Stefan Hajnoczi]

Dear QEMU, KVM, Jailhouse, and Rust-VMM communities,
Please post your internship project ideas by February 1st so we can
include them in the Google Summer of Code and Outreachy ideas list:

https://wiki.qemu.org/Google_Summer_of_Code_2019

If you'd like to mentor but don't have your own project idea, take a
look at the list and ask to co-mentor one of the existing project
ideas.

Good project ideas are suitable for 12 weeks of full-time work by a
competent programmer who is not yet familiar with the codebase.  In
addition, they are:
 * Well-defined - the scope is clear
 * Self-contained - there are few dependencies
 * Uncontroversial - they are acceptable to the community
 * Incremental - they produce deliverables along the way

For more background on QEMU internships, check out this video:
https://www.youtube.com/watch?v=xNVCX7YMUL8

Please let me know if you have any questions.

Stefan

Re: [Qemu-devel] [PATCH 08/13] spapr/rtas: modify spapr_rtas_register() to remove RTAS handlers

[Alexey Kardashevskiy]

On 08/01/2019 05:39, Cédric Le Goater wrote:
> Removing RTAS handlers will become necessary when the new pseries
> machine supporting multiple interrupt mode is introduced.
> 
> Signed-off-by: Cédric Le Goater 
> ---
>  include/hw/ppc/spapr.h | 4 
>  hw/ppc/spapr_rtas.c| 2 +-
>  2 files changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index 9e01a5a12e4a..9a6d015b9cf5 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -657,6 +657,10 @@ typedef void (*spapr_rtas_fn)(PowerPCCPU *cpu, 
> sPAPRMachineState *sm,
>uint32_t nargs, target_ulong args,
>uint32_t nret, target_ulong rets);
>  void spapr_rtas_register(int token, const char *name, spapr_rtas_fn fn);
> +static inline void spapr_rtas_unregister(int token)
> +{
> +spapr_rtas_register(token, NULL, NULL);
> +}

The new helper is not used anywhere.


>  target_ulong spapr_rtas_call(PowerPCCPU *cpu, sPAPRMachineState *sm,
>   uint32_t token, uint32_t nargs, target_ulong 
> args,
>   uint32_t nret, target_ulong rets);
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index d6a0952154ac..e005d5d08151 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -404,7 +404,7 @@ void spapr_rtas_register(int token, const char *name, 
> spapr_rtas_fn fn)
>  
>  token -= RTAS_TOKEN_BASE;
>  
> -assert(!rtas_table[token].name);
> +assert(!name || !rtas_table[token].name);


but allowing name==NULL is.


>  
>  rtas_table[token].name = name;
>  rtas_table[token].fn = fn;
> 

-- 
Alexey

Re: [Qemu-devel] [PATCH v8 07/16] gdbstub: add multiprocess support to (f|s)ThreadInfo and ThreadExtraInfo

[Max Filippov]

Hello,

On Fri, Dec 7, 2018 at 1:04 AM Luc Michel  wrote:
>
> Change the thread info related packets handling to support multiprocess
> extension.
>
> Add the CPUs class name in the extra info to help differentiate
> them in multiprocess mode.
>
> Signed-off-by: Luc Michel 
> Reviewed-by: Philippe Mathieu-Daudé 
> Reviewed-by: Edgar E. Iglesias 
> ---
>  gdbstub.c | 37 +++--
>  1 file changed, 27 insertions(+), 10 deletions(-)

Starting with this commit it is no longer possible to kill QEMU
with the 'kill' command from the gdb. This was a nice feature,
was this removal intentional, or is it just an implementation
bug?

> diff --git a/gdbstub.c b/gdbstub.c
> index bea0215f30..770915446a 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -1267,11 +1267,10 @@ out:
>  static int gdb_handle_packet(GDBState *s, const char *line_buf)
>  {
>  CPUState *cpu;
>  CPUClass *cc;
>  const char *p;
> -uint32_t thread;
>  uint32_t pid, tid;
>  int ch, reg_size, type, res;
>  uint8_t mem_buf[MAX_PACKET_LENGTH];
>  char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
>  char thread_id[16];
> @@ -1563,30 +1562,48 @@ static int gdb_handle_packet(GDBState *s, const char 
> *line_buf)
>  snprintf(buf, sizeof(buf), "QC%s",
>   gdb_fmt_thread_id(s, cpu, thread_id, 
> sizeof(thread_id)));
>  put_packet(s, buf);
>  break;
>  } else if (strcmp(p,"fThreadInfo") == 0) {
> -s->query_cpu = first_cpu;
> +s->query_cpu = gdb_first_attached_cpu(s);
>  goto report_cpuinfo;
>  } else if (strcmp(p,"sThreadInfo") == 0) {
>  report_cpuinfo:
>  if (s->query_cpu) {
> -snprintf(buf, sizeof(buf), "m%x", 
> cpu_gdb_index(s->query_cpu));
> +snprintf(buf, sizeof(buf), "m%s",
> + gdb_fmt_thread_id(s, s->query_cpu,
> +   thread_id, sizeof(thread_id)));
>  put_packet(s, buf);
> -s->query_cpu = CPU_NEXT(s->query_cpu);
> +s->query_cpu = gdb_next_attached_cpu(s, s->query_cpu);
>  } else
>  put_packet(s, "l");
>  break;
>  } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
> -thread = strtoull(p+16, (char **), 16);
> -cpu = find_cpu(thread);
> +if (read_thread_id(p + 16, , , ) == 
> GDB_READ_THREAD_ERR) {
> +put_packet(s, "E22");
> +break;
> +}
> +cpu = gdb_get_cpu(s, pid, tid);
>  if (cpu != NULL) {
>  cpu_synchronize_state(cpu);
> -/* memtohex() doubles the required space */
> -len = snprintf((char *)mem_buf, sizeof(buf) / 2,
> -   "CPU#%d [%s]", cpu->cpu_index,
> -   cpu->halted ? "halted " : "running");
> +
> +if (s->multiprocess && (s->process_num > 1)) {
> +/* Print the CPU model and name in multiprocess mode */
> +ObjectClass *oc = object_get_class(OBJECT(cpu));
> +const char *cpu_model = object_class_get_name(oc);
> +char *cpu_name =
> +object_get_canonical_path_component(OBJECT(cpu));
> +len = snprintf((char *)mem_buf, sizeof(buf) / 2,
> +   "%s %s [%s]", cpu_model, cpu_name,
> +   cpu->halted ? "halted " : "running");
> +g_free(cpu_name);
> +} else {
> +/* memtohex() doubles the required space */
> +len = snprintf((char *)mem_buf, sizeof(buf) / 2,
> +   "CPU#%d [%s]", cpu->cpu_index,
> +   cpu->halted ? "halted " : "running");
> +}
>  trace_gdbstub_op_extra_info((char *)mem_buf);
>  memtohex(buf, mem_buf, len);
>  put_packet(s, buf);
>  }
>  break;
> --
> 2.19.2
>
>


-- 
Thanks.
-- Max

Re: [Qemu-devel] [Qemu-ppc] [PATCH v3 2/8] target/ppc: rework vmrg{l, h}{b, h, w} instructions to use Vsr* macros

[David Gibson]

On Sun, Jan 27, 2019 at 10:07:12AM -0800, Richard Henderson wrote:
> On 1/27/19 9:45 AM, Mark Cave-Ayland wrote:
> >> I would expect the i < n/2 loop to be faster, because the assignments are
> >> unconditional.  FWIW.
> > 
> > Do you have any idea as to how much faster? Is it something that would show
> > up as significant within the context of QEMU?
> 
> I don't have any numbers on that, no.
> 
> > As well as eliminating the HI_IDX/LO_IDX constants I do find the updated
> > version much easier to read, so I would prefer to keep it if possible.
> > What about unrolling the loop into 2 separate ones...
> 
> I doubt that would be helpful.
> 
> I would think that
> 
> #define VMRG_DO(name, access, ofs)
> ...
> int i, half = ARRAY_SIZE(r->access(0)) / 2;
> ...
> for (i = 0; i < half; i++) {
> result.access(2 * i + 0) = a->access(i + ofs);
> result.access(2 * i + 1) = b->access(i + ofs);
> }
> 
> where OFS = 0 for HI and half for LO is best.  I find it quite readable, and 
> it
> avoids duplicating code between LO and HI as you're currently doing.

Marc, Richard, where are we at with this?

Should I wait on a revised version of this patch before applying the
series?

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v5 1/6] vhost-user: Support transferring inflight buffer between qemu and backend

[Michael S. Tsirkin]

On Tue, Jan 29, 2019 at 12:11:55PM +0800, Stefan Hajnoczi wrote:
> On Tue, Jan 22, 2019 at 04:31:47PM +0800, elohi...@gmail.com wrote:
> > +typedef struct DescState {
> > +uint8_t inuse;
> > +uint8_t version;
> > +uint16_t used_idx;
> > +uint16_t avail_idx;
> > +uint16_t reserved;
> > +} DescState;
> > +
> > +typedef struct QueueRegion {
> > +uint8_t valid;

what's this?

> > +uint16_t desc_num;

there's padding before this field. Pls make it explicit.

> > +DescState desc[0];
> > +} QueueRegion;
> > +
> > +The struct DescState is used to describe one head-descriptor's state. The
> > +fields have following meanings:
> > +
> > +inuse: Indicate whether the descriptor is inuse or not.

inuse by what?

> > +
> > +version: Indicate whether we have an atomic update to used ring and
> > +inflight buffer when slave crash at that point. This field should be
> > +increased by one before and after this two updates. An odd version
> > +indicates an in-progress update.

I'm not sure I understand what does the above say. Also does this
require two atomics? Seems pretty expensive. And why is it called
version?

> > +
> > +used_idx: Store old index of used ring before we update used ring and
> > +inflight buffer so that slave can know whether an odd version inflight
> > +head-descriptor in inflight buffer is processed or not.

Here too.

> > +
> > +avail_idx: Used to preserve the descriptor's order in avail ring so 
> > that
> > +slave can resubmit descriptors in order.

Why would that be necessary?

> 
> Will a completely new "packed vring" inflight shm layout be necessary to
> support the packed vring layout in VIRTIO 1.1?
> 
> https://docs.oasis-open.org/virtio/virtio/v1.1/csprd01/virtio-v1.1-csprd01.html#x1-610007

Probably.

-- 
MST

Re: [Qemu-devel] [PATCH v5 1/6] vhost-user: Support transferring inflight buffer between qemu and backend

[Stefan Hajnoczi]

On Tue, Jan 22, 2019 at 04:31:47PM +0800, elohi...@gmail.com wrote:
> +typedef struct DescState {
> +uint8_t inuse;
> +uint8_t version;
> +uint16_t used_idx;
> +uint16_t avail_idx;
> +uint16_t reserved;
> +} DescState;
> +
> +typedef struct QueueRegion {
> +uint8_t valid;
> +uint16_t desc_num;
> +DescState desc[0];
> +} QueueRegion;
> +
> +The struct DescState is used to describe one head-descriptor's state. The
> +fields have following meanings:
> +
> +inuse: Indicate whether the descriptor is inuse or not.
> +
> +version: Indicate whether we have an atomic update to used ring and
> +inflight buffer when slave crash at that point. This field should be
> +increased by one before and after this two updates. An odd version
> +indicates an in-progress update.
> +
> +used_idx: Store old index of used ring before we update used ring and
> +inflight buffer so that slave can know whether an odd version inflight
> +head-descriptor in inflight buffer is processed or not.
> +
> +avail_idx: Used to preserve the descriptor's order in avail ring so that
> +slave can resubmit descriptors in order.

Will a completely new "packed vring" inflight shm layout be necessary to
support the packed vring layout in VIRTIO 1.1?

https://docs.oasis-open.org/virtio/virtio/v1.1/csprd01/virtio-v1.1-csprd01.html#x1-610007


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v6 1/2] qemu-io: Use error_[gs]et_progname()

[Stefan Hajnoczi]

On Fri, Jan 25, 2019 at 06:22:28PM +0100, Christophe Fergeau wrote:
> qemu-io reimplements itself what
> error_get_progname()/error_set_progname() already does.
> This commit switches it to use this API from qemu-error.h
> 
> Signed-off-by: Christophe Fergeau 
> ---
>  qemu-io.c | 14 ++
>  1 file changed, 6 insertions(+), 8 deletions(-)

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v6 2/2] log: Make glib logging go through QEMU

[Stefan Hajnoczi]

On Fri, Jan 25, 2019 at 06:22:29PM +0100, Christophe Fergeau wrote:
> This commit adds a qemu_init_logging() helper which calls
> g_log_set_default_handler() so that glib logs (g_log, g_warning, ...)
> are handled similarly to other QEMU logs. This means they will get a
> timestamp if timestamps are enabled, and they will go through the
> HMP monitor if one is configured.
> This commit also adds a call to qemu_init_logging() to the binaries
> installed by QEMU.
> glib debug messages are enabled through G_MESSAGES_DEBUG similarly to
> glib default log handler.
> 
> At the moment, this change will mostly impact SPICE logging if your
> spice version is >= 0.14.1. With older spice versions, this is not going
> to work as expected, but will not have any ill effect, so this call is
> not conditional on the SPICE version.
> 
> Signed-off-by: Christophe Fergeau 
> ---
>  bsd-user/main.c |  2 ++
>  include/qemu/error-report.h |  3 ++-
>  linux-user/main.c   |  2 ++
>  qemu-img.c  |  2 +-
>  qemu-io.c   |  2 +-
>  qemu-nbd.c  |  2 +-
>  scsi/qemu-pr-helper.c   |  1 +
>  util/qemu-error.c   | 48 -
>  vl.c|  2 +-
>  9 files changed, 58 insertions(+), 6 deletions(-)

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-block] [RFC PATCH] block: local qiov helper

[Stefan Hajnoczi]

On Fri, Jan 25, 2019 at 07:46:01PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> Hi all.
> 
> What about such a simple helper for a very often patter around
> qemu_iovec_init_external ?

Sounds good, qemu_iovec_init() has 55 references vs
qemu_iovec_init_external() with 51.  It's worth making
qemu_iovec_init_external() nicer to use.

> If we like it, I'll update other callers of qemu_iovec_init_external.
> 
> Possible interface change would be
> LOCAL_QIOV(lc, buf, len);
> instead of 
> LocalQiov lc = LOCAL_QIOV(lc, buf, len);
> 
> or, may be, someone has a better idea?

Bike-shedding territory, but I prefer LocalQiov lc = LOCAL_QIOV(lc, buf,
len) because it reveals the type.  This makes the code easier to read
than just LOCAL_QIOV(lc, buf, len) by itself - the reader is forced to
look up the macro definition to figure out what magic happens.

> diff --git a/block/io.c b/block/io.c
> index bd9d688f8b..c7d7b199c1 100644
> --- a/block/io.c
> +++ b/block/io.c
> @@ -949,18 +949,13 @@ int bdrv_preadv(BdrvChild *child, int64_t offset, 
> QEMUIOVector *qiov)
>  
>  int bdrv_pread(BdrvChild *child, int64_t offset, void *buf, int bytes)
>  {
> -QEMUIOVector qiov;
> -struct iovec iov = {
> -.iov_base = (void *)buf,
> -.iov_len = bytes,
> -};
> +LocalQiov lq = LOCAL_QIOV(lq, buf, bytes);
>  
>  if (bytes < 0) {
>  return -EINVAL;
>  }
>  
> -qemu_iovec_init_external(, , 1);
> -return bdrv_preadv(child, offset, );
> +return bdrv_preadv(child, offset, );

I think it's unfortunate that LocalQiov is necessary since the caller
only needs the qiov.  Can we afford to embed the struct iovec into
QEMUIOVector?

That way callers don't need a separate LocalQiov type:

  QEMUIOVector qiov = QEMU_IOVEC_INIT_BUF(qiov, buf, bytes);
  ...
  return bdrv_preadv(child, offset, );


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 3/5 v2] RISC-V: Map gdb CSR reg numbers to hw reg numbers.

[Jim Wilson]

On Tue, Jan 22, 2019 at 1:45 PM Alistair Francis  wrote:
> I think it makes more sense to just define the variable in the
> gdbstubs.c file then. Can you move it to patch 5?

Yes, that is no problem.  That makes patch 3 a lot smaller and patch 5
a lot bigger, but it is the same code as before, just arranged
differently, so this shouldn't complicate the review too much.

Jim

Re: [Qemu-devel] [PATCH 5/5 v2] RISC-V: Add hooks to use the gdb xml files.

[Jim Wilson]

On Tue, Jan 22, 2019 at 1:52 PM Alistair Francis  wrote:
> You can get env and then check for floating point support:
>
> CPURISCVState *env = >env;
> if (env->misa_mask & RVF) {
> ...

I needed this which wasn't hard to figure out.
RISCVCPU *cpu = RISCV_CPU(cs);
CPURISCVState *env = >env;
if (env->misa & RVF) {

The tricky bit was figuring out how to test it, because I wasn't sure
if making registers conditional would actually work.  I figured out
that using -machine sifive_e gives me a target with no fpu, and
playing with that a bit I get the expected result, which is that the
FP regs don't print anymore.  The FP related CSRs still do, but that
would require gdb fixes I think, because gdb knows that they are both
FP regs and CSR, and tries to print them both ways.  That leads to a
more general problem of figuring out exactly which CSRs a particular
target implements, which is a bigger problem than I have time to fix
at the moment, and should be handled as a separate problem.

Since my patch set is now a month old, I'll rebase onto current master
and post a version 3 patch set.

Jim

Re: [Qemu-devel] [Bug 1813305] [NEW] trace-root.h is not regerenerated after re-configure

[Stefan Hajnoczi]

On Fri, Jan 25, 2019 at 02:03:39PM -, Christophe Lyon wrote:
> I've just realized that after I reconfigured my qemu with
> ../configure 
> --target-list=arm-softmmu,arm-linux-user,aarch64-softmmu,aarch64-linux-user 
> --enable-trace-backends=simple
> 
> $ make
> did rebuild some stuff for the 'simple' trace, but it did not update 
> trace-root.h until after I
> $ make clean
> 
> 
> I took me while to understand why I didn't get the traces I wanted (my 
> trace-root.h still thought it was configured for the default 'log').
> 
> I didn't check how easy it is to fix this in the build system.

Thank you for reporting this.  I have sent a patch to fix the makefile.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] hw/arm/nrf51_soc: set object owner in memory_region_init_ram

[Stefan Hajnoczi]

On Fri, Jan 25, 2019 at 09:26:30PM +0530, kumar sourav wrote:
> set object owner in memory_region_init_ram() instead
> of NULL.
> 
> Signed-off-by: kumar sourav 
> ---
>  hw/arm/nrf51_soc.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH] trace: rerun tracetool after ./configure changes

[Stefan Hajnoczi]

Autogenerated code in trace.h/trace.c and friends is specific to the
config-host.mak TRACE_BACKENDS setting and must be regenerated when
./configure --enable-trace-backend= changes settings.

This patch ensures that changes to TRACE_BACKENDS are detected.  For
example, the trace-root.h file is now updated after switching trace
backends:

  $ ./configure && make
  $ cp trace-root.h /tmp/old-trace-root.h
  $ ./configure --enable-trace-backend=simple && make
  $ diff -u /tmp/old-trace-root.h trace-root.h

Reported-by: Christophe Lyon 
Signed-off-by: Stefan Hajnoczi 
---
 Makefile | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index de898eab62..4e70cebc6a 100644
--- a/Makefile
+++ b/Makefile
@@ -145,7 +145,7 @@ tracetool-y += $(shell find $(SRC_PATH)/scripts/tracetool 
-name "*.py")
 
 %/trace.h: %/trace.h-timestamp
@cmp $< $@ >/dev/null 2>&1 || cp $< $@
-%/trace.h-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y)
+%/trace.h-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y) 
$(BUILD_DIR)/config-host.mak
$(call quiet-command,$(TRACETOOL) \
--group=$(call trace-group-name,$@) \
--format=h \
@@ -154,7 +154,7 @@ tracetool-y += $(shell find $(SRC_PATH)/scripts/tracetool 
-name "*.py")
 
 %/trace.c: %/trace.c-timestamp
@cmp $< $@ >/dev/null 2>&1 || cp $< $@
-%/trace.c-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y)
+%/trace.c-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y) 
$(BUILD_DIR)/config-host.mak
$(call quiet-command,$(TRACETOOL) \
--group=$(call trace-group-name,$@) \
--format=c \
@@ -163,7 +163,7 @@ tracetool-y += $(shell find $(SRC_PATH)/scripts/tracetool 
-name "*.py")
 
 %/trace-ust.h: %/trace-ust.h-timestamp
@cmp $< $@ >/dev/null 2>&1 || cp $< $@
-%/trace-ust.h-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y)
+%/trace-ust.h-timestamp: $(SRC_PATH)/%/trace-events $(tracetool-y) 
$(BUILD_DIR)/config-host.mak
$(call quiet-command,$(TRACETOOL) \
--group=$(call trace-group-name,$@) \
--format=ust-events-h \
@@ -187,7 +187,7 @@ tracetool-y += $(shell find $(SRC_PATH)/scripts/tracetool 
-name "*.py")
 
 trace-root.h: trace-root.h-timestamp
@cmp $< $@ >/dev/null 2>&1 || cp $< $@
-trace-root.h-timestamp: $(SRC_PATH)/trace-events $(tracetool-y)
+trace-root.h-timestamp: $(SRC_PATH)/trace-events $(tracetool-y) 
$(BUILD_DIR)/config-host.mak
$(call quiet-command,$(TRACETOOL) \
--group=root \
--format=h \
@@ -196,7 +196,7 @@ trace-root.h-timestamp: $(SRC_PATH)/trace-events 
$(tracetool-y)
 
 trace-root.c: trace-root.c-timestamp
@cmp $< $@ >/dev/null 2>&1 || cp $< $@
-trace-root.c-timestamp: $(SRC_PATH)/trace-events $(tracetool-y)
+trace-root.c-timestamp: $(SRC_PATH)/trace-events $(tracetool-y) 
$(BUILD_DIR)/config-host.mak
$(call quiet-command,$(TRACETOOL) \
--group=root \
--format=c \
@@ -205,7 +205,7 @@ trace-root.c-timestamp: $(SRC_PATH)/trace-events 
$(tracetool-y)
 
 trace-ust-root.h: trace-ust-root.h-timestamp
@cmp $< $@ >/dev/null 2>&1 || cp $< $@
-trace-ust-root.h-timestamp: $(SRC_PATH)/trace-events $(tracetool-y)
+trace-ust-root.h-timestamp: $(SRC_PATH)/trace-events $(tracetool-y) 
$(BUILD_DIR)/config-host.mak
$(call quiet-command,$(TRACETOOL) \
--group=root \
--format=ust-events-h \
@@ -214,7 +214,7 @@ trace-ust-root.h-timestamp: $(SRC_PATH)/trace-events 
$(tracetool-y)
 
 trace-ust-all.h: trace-ust-all.h-timestamp
@cmp $< $@ >/dev/null 2>&1 || cp $< $@
-trace-ust-all.h-timestamp: $(trace-events-files) $(tracetool-y)
+trace-ust-all.h-timestamp: $(trace-events-files) $(tracetool-y) 
$(BUILD_DIR)/config-host.mak
$(call quiet-command,$(TRACETOOL) \
--group=all \
--format=ust-events-h \
@@ -223,7 +223,7 @@ trace-ust-all.h-timestamp: $(trace-events-files) 
$(tracetool-y)
 
 trace-ust-all.c: trace-ust-all.c-timestamp
@cmp $< $@ >/dev/null 2>&1 || cp $< $@
-trace-ust-all.c-timestamp: $(trace-events-files) $(tracetool-y)
+trace-ust-all.c-timestamp: $(trace-events-files) $(tracetool-y) 
$(BUILD_DIR)/config-host.mak
$(call quiet-command,$(TRACETOOL) \
--group=all \
--format=ust-events-c \
-- 
2.20.1

Re: [Qemu-devel] [PATCH] test-filter-mirror: pass UNIX domain socket through fd

[Jason Wang]

On 2019/1/28 下午6:30, Daniel P. Berrangé wrote:

On Mon, Jan 28, 2019 at 12:11:59PM +0800, Jason Wang wrote:

The tests tries to let qemu server mode to process the connection
which turns out to be racy after commit 8258292e18c3 ("monitor: Remove
"x-oob", offer capability "oob" unconditionally"). This is because the
filter may try to mirror the packets before UNIX socket object is
ready (connected was set to true) from the view of qemu. In this case
the packet will be dropped silently.

Fixing this by passing pre-connected socket created by socketpair() to
qemu through fd.

Cc: Peter Maydell 
Cc: Li Zhijian 
Cc: Peter Xu 
Cc: Dr. David Alan Gilbert 
Cc: Zhang Chen 
Cc: Markus Armbruster 
Cc: Daniel P. Berrange 
Signed-off-by: Jason Wang 
---
  tests/test-filter-mirror.c | 18 ++
  1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/tests/test-filter-mirror.c b/tests/test-filter-mirror.c
index 7ab2aed8a0..3c3d1f8961 100644
--- a/tests/test-filter-mirror.c
+++ b/tests/test-filter-mirror.c
@@ -21,10 +21,9 @@
  
  static void test_mirror(void)

  {
-int send_sock[2], recv_sock;
+int send_sock[2], recv_sock[2];
  uint32_t ret = 0, len = 0;
  char send_buf[] = "Hello! filter-mirror~";
-char sock_path[] = "filter-mirror.XX";
  char *recv_buf;
  uint32_t size = sizeof(send_buf);
  size = htonl(size);
@@ -38,18 +37,15 @@ static void test_mirror(void)
  ret = socketpair(PF_UNIX, SOCK_STREAM, 0, send_sock);
  g_assert_cmpint(ret, !=, -1);
  
-ret = mkstemp(sock_path);

+ret = socketpair(PF_UNIX, SOCK_STREAM, 0, recv_sock);
  g_assert_cmpint(ret, !=, -1);
  
  qts = qtest_initf(

  "-netdev socket,id=qtest-bn0,fd=%d "
  "-device %s,netdev=qtest-bn0,id=qtest-e0 "
-"-chardev socket,id=mirror0,path=%s,server,nowait "
+"-chardev socket,id=mirror0,fd=%d "
  "-object 
filter-mirror,id=qtest-f0,netdev=qtest-bn0,queue=tx,outdev=mirror0 "
-, send_sock[1], devstr, sock_path);
-
-recv_sock = unix_connect(sock_path, NULL);
-g_assert_cmpint(recv_sock, !=, -1);
+, send_sock[1], devstr, recv_sock[1]);
  
  struct iovec iov[] = {

  {
@@ -67,18 +63,16 @@ static void test_mirror(void)
  g_assert_cmpint(ret, ==, sizeof(send_buf) + sizeof(size));
  close(send_sock[0]);
  
-ret = qemu_recv(recv_sock, , sizeof(len), 0);

+ret = qemu_recv(recv_sock[0], , sizeof(len), 0);
  g_assert_cmpint(ret, ==, sizeof(len));
  len = ntohl(len);
  
  g_assert_cmpint(len, ==, sizeof(send_buf));

  recv_buf = g_malloc(len);
-ret = qemu_recv(recv_sock, recv_buf, len, 0);
+ret = qemu_recv(recv_sock[0], recv_buf, len, 0);
  g_assert_cmpstr(recv_buf, ==, send_buf);
  
  g_free(recv_buf);

-close(recv_sock);

You're leaking recv_sock[0] and recv_sock[1] now. For that matter it
seems send_sock[0] & send_sock[1] are already both leaked too.



Will fix in V2.

Thanks



-unlink(sock_path);
  qtest_quit(qts);
  }

Regards,
Daniel

Re: [Qemu-devel] [PATCH qemu v2] hmp: Print if memory section is registered with an accelerator

[Alexey Kardashevskiy]

On 14/01/2019 12:43, Alexey Kardashevskiy wrote:
> 
> 
> On 04/01/2019 04:37, Dr. David Alan Gilbert wrote:
>> * Alexey Kardashevskiy (a...@ozlabs.ru) wrote:
>>>
>>>
>>> On 17/12/2018 23:47, Philippe Mathieu-Daudé wrote:
 On 12/17/18 2:27 AM, Alexey Kardashevskiy wrote:
> On 14/12/2018 22:07, Philippe Mathieu-Daudé wrote:
>> Hi Alexey,
>>
>> On 12/14/18 3:58 AM, Alexey Kardashevskiy wrote:
>>> This adds an accelerator name to the "into mtree -f" to tell the user if
>>> a particular memory section is registered with the accelerator;
>>> the primary user for this is KVM and such information is useful
>>> for debugging purposes.
>>>
>>> This adds a has_memory() callback to the accelerator class allowing any
>>> accelerator to have a label in that memory tree dump.
>>>
>>> Since memory sections are passed to memory listeners and get registered
>>> in accelerators (rather than memory regions), this only prints new 
>>> labels
>>> for flatviews attached to the system address space.
>>>
>>> An example:
>>>  Root memory region: system
>>>   -002f (prio 0, ram): /objects/mem0 kvm
>>>   0030-005f (prio 0, ram): /objects/mem1 kvm
>>>   2020-203f (prio 1, i/o): virtio-pci
>>>   20008000-2000803f (prio 0, i/o): capabilities
>>>
>>> Signed-off-by: Alexey Kardashevskiy 
>>> ---
>>>
>>> This supercedes "[PATCH qemu] hmp: Print if memory section is 
>>> registered in KVM"
>>>
>>> ---
>>> Changes:
>>> v2:
>>> * added an accelerator callback instead of hardcoding it to kvm only
>>> ---
>>>  include/sysemu/accel.h |  2 ++
>>>  accel/kvm/kvm-all.c| 10 ++
>>>  memory.c   | 22 ++
>>>  3 files changed, 34 insertions(+)
>>>
>>> diff --git a/include/sysemu/accel.h b/include/sysemu/accel.h
>>> index 637358f..30b456d 100644
>>> --- a/include/sysemu/accel.h
>>> +++ b/include/sysemu/accel.h
>>> @@ -25,6 +25,7 @@
>>>  
>>>  #include "qom/object.h"
>>>  #include "hw/qdev-properties.h"
>>> +#include "exec/hwaddr.h"
>>>  
>>>  typedef struct AccelState {
>>>  /*< private >*/
>>> @@ -41,6 +42,7 @@ typedef struct AccelClass {
>>>  int (*available)(void);
>>>  int (*init_machine)(MachineState *ms);
>>>  void (*setup_post)(MachineState *ms, AccelState *accel);
>>> +bool (*has_memory)(MachineState *ms, hwaddr start_addr, hwaddr 
>>> size);
>>>  bool *allowed;
>>>  /*
>>>   * Array of global properties that would be applied when specific
>>> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
>>> index 4880a05..634f386 100644
>>> --- a/accel/kvm/kvm-all.c
>>> +++ b/accel/kvm/kvm-all.c
>>> @@ -2589,11 +2589,21 @@ int kvm_get_one_reg(CPUState *cs, uint64_t id, 
>>> void *target)
>>>  return r;
>>>  }
>>>  
>>> +static bool kvm_accel_has_memory(MachineState *ms, hwaddr start_addr,
>>> + hwaddr size)
>>> +{
>>> +KVMState *kvm = KVM_STATE(ms->accelerator);
>>> +KVMMemoryListener *kml = >memory_listener;
>>> +
>>> +return NULL != kvm_lookup_matching_slot(kml, start_addr, size);
>>> +}
>>> +
>>>  static void kvm_accel_class_init(ObjectClass *oc, void *data)
>>>  {
>>>  AccelClass *ac = ACCEL_CLASS(oc);
>>>  ac->name = "KVM";
>>>  ac->init_machine = kvm_init;
>>> +ac->has_memory = kvm_accel_has_memory;
>>>  ac->allowed = _allowed;
>>>  }
>>>  
>>> diff --git a/memory.c b/memory.c
>>> index d14c6de..61e758a 100644
>>> --- a/memory.c
>>> +++ b/memory.c
>>> @@ -29,7 +29,9 @@
>>>  #include "exec/ram_addr.h"
>>>  #include "sysemu/kvm.h"
>>>  #include "sysemu/sysemu.h"
>>> +#include "sysemu/accel.h"
>>>  #include "hw/qdev-properties.h"
>>> +#include "hw/boards.h"
>>>  #include "migration/vmstate.h"
>>>  
>>>  //#define DEBUG_UNASSIGNED
>>> @@ -2924,6 +2926,8 @@ struct FlatViewInfo {
>>>  int counter;
>>>  bool dispatch_tree;
>>>  bool owner;
>>> +AccelClass *ac;
>>> +const char *ac_name;
>>>  };
>>>  
>>>  static void mtree_print_flatview(gpointer key, gpointer value,
>>> @@ -2939,6 +2943,7 @@ static void mtree_print_flatview(gpointer key, 
>>> gpointer value,
>>>  int n = view->nr;
>>>  int i;
>>>  AddressSpace *as;
>>> +bool system_as = false;
>>>  
>>>  p(f, "FlatView #%d\n", fvi->counter);
>>>  ++fvi->counter;
>>> @@ -2950,6 +2955,9 @@ static void mtree_print_flatview(gpointer key, 
>>> gpointer value,
>>>  p(f, ", alias %s", memory_region_name(as->root->alias));
>>>  

Re: [Qemu-devel] building rst docs with sphinx

[Stefan Hajnoczi]

On Thu, Jan 24, 2019 at 06:56:09PM +, Peter Maydell wrote:
> (1) configure: My thought is that we should just make
> sphinx-build a requirement for the existing --enable-docs
> switch (as texinfo and pod2man are currently). The
> disadvantage is that we won't support a "build the half
> of the docs you have the tools for and leave the others"
> setup. The advantage, which I think is significant, is that
> distros will naturally be directed to the missing build
> dependency (either they're building with --enable-docs
> and will get the configure message, or they aren't and
> then their build will fail later because of missing docs
> files when they try to put the built files into the package).

I'm CCing Cole (Fedora) and the Debian QEMU team so they can give their
input on this point and your next point.

> (2) What do we actually want to ship?
> That is, what do we want 'make install-doc' to copy into
> the installation directory?
> https://wiki.qemu.org/Features/Documentation
> has a good suggested breakdown of docs for where we
> eventually want to be. I think we probably don't want
> to install the "developer's guide" (docs/devel) on
> end-user systems. The others are presumably OK.
> Currently, we seem to only install manpages and a
> few other things in the 'install-doc' makefile target
> (we don't install a bunch of plain-text user-facing
> docs) so this would be a significant expansion.

I agree, developer documentation is not relevant to end-users.

> (3) Indexes, table-of-contents pages, etc
> Are we aiming to ship these?
> I think that we probably want to have what from
> Sphinx's point of view are multiple separate documents,
> so that they each get their own ToC and index. This
> means we can for instance ship the ToC/index for
> the user docs but not have it contain index entries
> for developer docs.

Indexes sound useful for each separate manual (user, developer, etc).

Stefan


signature.asc
Description: PGP signature

[Qemu-devel] macOS build error after ddac19f534 (virtio: split virtio 9p bits from virtio-pci)

[BALATON Zoltan]

Hello,

I'm getting error building on macOS after commit ddac19f534:

  CC  aarch64-softmmu/hw/virtio/virtio-blk-pci.o
In file included from qemu/hw/virtio/virtio-9p-pci.c:19:
In file included from qemu/hw/9pfs/virtio-9p.h:6:
In file included from qemu/hw/9pfs/9p.h:7:
qemu/fsdev/file-op-9p.h:19:10: fatal error: 'sys/vfs.h' file not found
#include 
 ^~~

Am I missing something? (Apart from the include file which is not present 
on OS X... Maybe this needs the #ifdefs it had before the split?)


Regards,
BALATON Zoltan

Re: [Qemu-devel] [PATCH] i386: extended the cpuid level when Intel PT is enabled

[Kang, Luwei]

> > > > > > Intel Processor Trace required CPUID[0x14] but the cpuid level
> > > > > > is 0xd when create a kvm guest with e.g. "-cpu qemu64,+intel-pt".
> > > > > >
> > > > > > Signed-off-by: Luwei Kang 
> > > > > > ---
> > > > > >  target/i386/cpu.c | 7 +++
> > > > > >  1 file changed, 7 insertions(+)
> > > > > >
> > > > > > diff --git a/target/i386/cpu.c b/target/i386/cpu.c index
> > > > > > 2f54125..da477b3 100644
> > > > > > --- a/target/i386/cpu.c
> > > > > > +++ b/target/i386/cpu.c
> > > > > > @@ -5023,6 +5023,13 @@ static void x86_cpu_expand_features(X86CPU 
> > > > > > *cpu, Error **errp)
> > > > > >  x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
> > > > > >  x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
> > > > > >  x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
> > > > > > +
> > > > > > +/* Intel Processor Trace requires CPUID[0x14] */
> > > > > > +if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) 
> > > > > > &&
> > > > > > + kvm_enabled()) {
> > > > > > +x86_cpu_adjust_level(cpu, >env.cpuid_min_level, 
> > > > > > 0x14);
> > > > > > +}
> > > > >
> > > > > This will require a new machine-type compatibility flag to
> > > > > enable the new behavior, so we don't change CPUID data under the
> > > > > guest feet
> > > during live migration.
> > > >
> > > > Hi Eduardo,
> > > > Thanks for your reply. I have some question on your comments.
> > > > The cpuid level come from specific machine-type (e.g. qemu64,
> > > > Skylake-Server) and they are all 0xd, but Intel PT required 0x14
> > > > so I
> > > extend the cpuid level.
> > > > I don't fully understand what is the "require a new
> > > > machine-type compatibility flag" mean, I need to add a new flag in
> > > > each machine-
> > > type?
> > > > I try to do live migration with "-cpu qemu64,+intel-pt" and
> > > > "-cpu host" are all passed test. We didn't change the cpuid data
> > > > during live
> > > migration just initialize the cpuid data when create a new vcpu. Please 
> > > correct me if anything wrong.
> > >
> > > CPUID data is not sent as part of the migration stream (it is recreated 
> > > on the migration destination), so if "-cpu qemu,+intel-pt"
> > > results in different CPUID data, migration between QEMU 4.0 and
> > > 3.1 will make CPUID level change during live migration.
> >
> > Yes, CPUID data is not sent as part of migration stream. But when will
> > the "-cpu qemu,+intel-pt" result different results? I think CPU type
> > include some specific features and CPUID data of Intel PT are constant
> > value, so I think the CPUID data should not change as well.
> 
> Before your patch, "-cpu qemu64,+intel-pt" has CPUID[0].EAX = 0xD, and guest 
> won't see intel-pt data in CPUID[0x14].
> 
> After your patch, "-cpu qemu64,+intel-pt" has CPUID[0].EAX = 0x14, and guest 
> will see intel-pt data in CPUID[0x14].
> 

Oh yes, get it. Thanks.

Luwei Kang

> --
> Eduardo

Re: [Qemu-devel] [Qemu-ppc] [PATCH v4 2/3] target/ppc: Add GDB callbacks for SPRs

[Alexey Kardashevskiy]

On 29/01/2019 07:00, Fabiano Rosas wrote:
> David Gibson  writes:
> 
>> On Thu, Jan 24, 2019 at 06:20:02PM +1100, Alexey Kardashevskiy wrote:
>>>
>>>
>>> On 23/01/2019 04:01, Fabiano Rosas wrote:
 These will be used to let GDB know about PPC's Special Purpose
 Registers (SPR).

 They take an index based on the order the registers appear in the XML
 file sent by QEMU to GDB. This index does not match the actual
 location of the registers in the env->spr array so the
 gdb_find_spr_idx function does that conversion.

 Signed-off-by: Fabiano Rosas 
 ---
  target/ppc/translate_init.inc.c | 54 -
  1 file changed, 53 insertions(+), 1 deletion(-)

 diff --git a/target/ppc/translate_init.inc.c 
 b/target/ppc/translate_init.inc.c
 index 710064a25d..f29ac3558a 100644
 --- a/target/ppc/translate_init.inc.c
 +++ b/target/ppc/translate_init.inc.c
 @@ -9487,6 +9487,55 @@ static bool avr_need_swap(CPUPPCState *env)
  #endif
  }
  
 +#if !defined(CONFIG_USER_ONLY)
 +static int gdb_find_spr_idx(CPUPPCState *env, int n)
 +{
 +int i;
 +
 +for (i = 0; i < ARRAY_SIZE(env->spr_cb); i++) {
 +ppc_spr_t *spr = >spr_cb[i];
 +
 +if (spr->name && spr->gdb_id == n) {
 +return i;
 +}
 +}
 +return -1;
 +}
 +
 +static int gdb_get_spr_reg(CPUPPCState *env, uint8_t *mem_buf, int n)
 +{
 +int reg;
 +int len;
 +
 +reg = gdb_find_spr_idx(env, n);
 +if (reg < 0) {
 +return 0;
 +}
 +
 +len = TARGET_LONG_SIZE;
 +stn_p(mem_buf, len, env->spr[reg]);
 +ppc_maybe_bswap_register(env, mem_buf, len);
>>>
>>>
>>> I am confused by this as it produces different results depending on the
>>> guest mode:
>>
>>
>> Hm, yeah, I thought the bswap here looked odd, but it wasn't obvious
>> to me if it was bogus here, or just a bogus gdb interface we have to
>> work around.
>>
>>> (gdb) p $pvr
>>> $1 = 0x14c00
>>> (gdb) c
>>> Continuing.
>>> Program received signal SIGINT, Interrupt.
>>> (gdb) p $pvr
>>> $2 = 0x4c0100
>>
>> But that behaviour definitely looks wrong.
> 
> GDB detects the endianness by looking at the ELF headers:


but this is a register which does not have endianness, the endianness
appears here because the interface between gdb and qemu is
uint8_t*==bytestream but this interface should have fixed endianness
imho (now it is bigendian afaict).

Something is not right here...

> 
> (gdb) p/x $pvr
> $1 = 0x1024b00
> (gdb) file ~/qemu/roms/SLOF/board-qemu/llfw/stage1.elf
> Reading symbols from ~/qemu/roms/SLOF/board-qemu/llfw/stage1.elf...done.
> (gdb) show endian
> The target endianness is set automatically (currently big endian)
> (gdb) p/x $pvr
> $2 = 0x4b0201
> (gdb) c
> Continuing.
> 
> (gdb) ^C
> Program received signal SIGINT, Interrupt.
> 0x74a70cc0 in ?? ()
> (gdb) file vmlinux
> Reading symbols from vmlinux...done.
> (gdb) show endian
> The target endianness is set automatically (currently little endian)
> (gdb) p/x $pvr
> $3 = 0x4b0201
> 
> The maybe_bswap_register is done due to QEMU having TARGET_WORDS_BIGENDIAN set
> even after we have changed into LE mode.
> 
>>> First print is when I stopped the guest in the SLOF firmware (so it is
>>> big-endian) and then I continued and stopped gdb when the guest booted a
>>> little-endian system; the KVM host is little endian, the machine running
>>> gdb is LE too.
>>>
>>> QEMU monitor prints the same 0x4c0100 in both cases.
>>>
>>> I am adding the inventor of maybe_bswap_register() in cc: for
>>> assistance. Swapping happens:
>>> - once for BE: after stn_p()
>>> *(unsigned long *)mem_buf is 0x14c00
>>> - twice for LE.
>>>
>>>
>>>
>>>
>>>
 +return len;
 +}
 +
 +static int gdb_set_spr_reg(CPUPPCState *env, uint8_t *mem_buf, int n)
 +{
 +int reg;
 +int len;
 +
 +reg = gdb_find_spr_idx(env, n);
 +if (reg < 0) {
 +return 0;
 +}
 +
 +len = TARGET_LONG_SIZE;
 +ppc_maybe_bswap_register(env, mem_buf, len);
 +env->spr[reg] = ldn_p(mem_buf, len);
 +
 +return len;
 +}
 +#endif
 +
  static int gdb_get_float_reg(CPUPPCState *env, uint8_t *mem_buf, int n)
  {
  if (n < 32) {
 @@ -9716,7 +9765,10 @@ static void ppc_cpu_realize(DeviceState *dev, Error 
 **errp)
  gdb_register_coprocessor(cs, gdb_get_vsx_reg, gdb_set_vsx_reg,
   32, "power-vsx.xml", 0);
  }
 -
 +#ifndef CONFIG_USER_ONLY
 +gdb_register_coprocessor(cs, gdb_get_spr_reg, gdb_set_spr_reg,
 + pcc->gdb_num_sprs, "power-spr.xml", 0);
 +#endif
  qemu_init_vcpu(cs);
  
  pcc->parent_realize(dev, errp);

>>>
> 

-- 
Alexey

[Qemu-devel] [PATCH v2 1/3] hw/i386/pc.c: remove unused function pc_acpi_init()

[Wei Yang]

Function pc_acpi_init() is not used anymore.

Remove the definition and declaration.

Signed-off-by: Wei Yang 
---
 hw/i386/pc.c | 27 ---
 include/hw/i386/pc.h |  1 -
 2 files changed, 28 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 5317e08f60..734d3268fa 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1280,33 +1280,6 @@ void pc_pci_as_mapping_init(Object *owner, MemoryRegion 
*system_memory,
 pci_address_space, -1);
 }
 
-void pc_acpi_init(const char *default_dsdt)
-{
-char *filename;
-
-if (acpi_tables != NULL) {
-/* manually set via -acpitable, leave it alone */
-return;
-}
-
-filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, default_dsdt);
-if (filename == NULL) {
-warn_report("failed to find %s", default_dsdt);
-} else {
-QemuOpts *opts = qemu_opts_create(qemu_find_opts("acpi"), NULL, 0,
-  _abort);
-Error *err = NULL;
-
-qemu_opt_set(opts, "file", filename, _abort);
-
-acpi_table_add_builtin(opts, );
-if (err) {
-warn_reportf_err(err, "failed to load %s: ", filename);
-}
-g_free(filename);
-}
-}
-
 void xen_load_linux(PCMachineState *pcms)
 {
 int i;
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 9d29c4b1df..541124ba6d 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -187,7 +187,6 @@ void pc_acpi_smi_interrupt(void *opaque, int irq, int 
level);
 
 void pc_cpus_init(PCMachineState *pcms);
 void pc_hot_add_cpu(const int64_t id, Error **errp);
-void pc_acpi_init(const char *default_dsdt);
 
 void pc_guest_info_init(PCMachineState *pcms);
 
-- 
2.19.1

[Qemu-devel] [PATCH v2 0/3] Trivial cleanup in hw/acpi

[Wei Yang]

There are several functions/variable which are not used anymore.

This serials just remove those without functional change.

Wei Yang (3):
  hw/i386/pc.c: remove unused function pc_acpi_init()
  hw/acpi: remove unused function acpi_table_add_builtin()
  hw/acpi: remove unnecessary variable acpi_table_builtin

 hw/acpi/core.c | 10 +-
 hw/i386/pc.c   | 27 ---
 include/hw/acpi/acpi.h |  1 -
 include/hw/i386/pc.h   |  1 -
 4 files changed, 1 insertion(+), 38 deletions(-)

-- 
2.19.1

Re: [Qemu-devel] [qemu-s390x] [PATCH v3 2/2] s390x/pci: Unplug remaining devices on pcihost reset

[Collin Walling]

On 1/28/19 6:28 AM, Cornelia Huck wrote:

On Wed, 23 Jan 2019 12:05:39 +0100
Cornelia Huck  wrote:


On Mon, 21 Jan 2019 14:42:49 +0100
David Hildenbrand  wrote:


When resetting the guest we should unplug and remove all devices that
are still pending. Otherwise the fresh guest will see devices that will
suddenly vanish.

Can be triggered e.g. via
(hmp) device_add virtio-mouse-pci,id=test
(hmp) stop
(hmp) device_del test
(hmp) system_reset
(hmp) c

The device will vanish after roughly 5 minutes. With this patch, the
device will vanish on reboot (S390_RESET_EXTERNAL and S390_RESET_REIPL,
which reset the pcihost bridge via qemu_devices_reset()). If we want
these devices to vanish directly on any reset (S390_RESET_MODIFIED_CLEAR
and S390_RESET_LOAD_NORMAL), we have to modify s390_machine_reset(). But
I have the feeling that this should not be done for all reset types.

This approach is similar to what's done for acpi PCI hotplug in
acpi_pcihp_reset() -> acpi_pcihp_update() ->
acpi_pcihp_update_hotplug_bus() -> acpi_pcihp_eject_slot().

s390_pci_generate_plug_event()'s will still be generated, I guess this
is not an issue (same thing could happen right now if the timer expires
just after reset).


I'm wondering what the architecture says regarding those events -- can
someone with access to the documentation comment?


Ping. Any comments from the IBM folks?




So the idea here is that if we have a PCI device that is the process of 
being deconfigured and we are also in the middle of a reset, then let's 
accelerate deconfiguring of the PCI device during the reset. Makes sense.


Note:

The callback function will deconfigure the the device and put it into 
standby mode. However, a PCI device should only go into standby from the 
*disabled state* (which it could already be in due to the unplug 
sequence), or from a *permanent error state* (something we should 
hopefully never see -- this means something went seriously wrong with 
the device).


Two things I'm concerned about:

1)

What I would suggest is adding a check for the pbdev->state for 
ZPCI_FS_DISABLED || ZPCI_FS_PERMANENT_ERROR. If it is in either of these 
states, then we're safe to deconfigure and put into standby. If the 
device is still in another state (such as enabled or blocked, etc) then 
we should allow the timer to resume and give the device some more time 
before forcing an unplug. It's also probably not a good idea to try and 
deconfigure a device that might already be deconfigured (e.g. if it's 
already in standby or reserved state). That might not happen though, but 
it's good to cover our bases.


A side thought: In addition to checking the states, what would happen if 
you forced the timer to 0? Would the callback get called? Would that 
just accelerate the already-in-progress unplug sequence?


and 2)

I worry that the sclp might try to deconfigure a PCI device at the same 
time we force the callback in this patch. I noticed that the 
sclp_deconfigure function also checks on the release timer before 
unplugging. I think we should make sure the timer is properly stopped or 
canceled before the sclp tries to deconfigure and before this patch 
forces the callback, that way we hopefully won't try to do both at the 
same time.


something like

if (release_timer) {
stop timer
unplug
}

Your adjustments to the pcihost_unplug function in patch #1 would of 
course handle freeing the release timer later on.






Signed-off-by: David Hildenbrand 
---
  hw/s390x/s390-pci-bus.c | 8 
  1 file changed, 8 insertions(+)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index bc17a8cf65..b70ae25533 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -1102,6 +1102,14 @@ static void s390_pcihost_reset(DeviceState *dev)
  {
  S390pciState *s = S390_PCI_HOST_BRIDGE(dev);
  PCIBus *bus = s->parent_obj.bus;
+S390PCIBusDevice *pbdev, *next;
+
+/* Unplug all pending devices that were requested to be released */
+QTAILQ_FOREACH_SAFE(pbdev, >zpci_devs, link, next) {
+if (pbdev->release_timer) {
+s390_pcihost_timer_cb(pbdev);
+}
+}
  
  s->bus_no = 0;

  pci_for_each_device(bus, pci_bus_num(bus), s390_pci_enumerate_bridge, s);

[Qemu-devel] [PATCH v2 3/3] hw/acpi: remove unnecessary variable acpi_table_builtin

[Wei Yang]

acpi_table_builtin is now always false, it is not necessary to check it
again.

This patch just removes it.

Signed-off-by: Wei Yang 
---
 hw/acpi/core.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/hw/acpi/core.c b/hw/acpi/core.c
index e9b1a85e54..f9c96535d1 100644
--- a/hw/acpi/core.c
+++ b/hw/acpi/core.c
@@ -303,8 +303,6 @@ out:
 error_propagate(errp, err);
 }
 
-static bool acpi_table_builtin = false;
-
 unsigned acpi_table_len(void *current)
 {
 struct acpi_table_header *hdr = current - sizeof(hdr->_length);
@@ -320,7 +318,7 @@ void *acpi_table_hdr(void *h)
 
 uint8_t *acpi_table_first(void)
 {
-if (acpi_table_builtin || !acpi_tables) {
+if (!acpi_tables) {
 return NULL;
 }
 return acpi_table_hdr(acpi_tables + ACPI_TABLE_PFX_SIZE);
-- 
2.19.1

[Qemu-devel] [PATCH v2 2/3] hw/acpi: remove unused function acpi_table_add_builtin()

[Wei Yang]

Function acpi_table_add_builtin() is not used anymore.

Remove the definition and declaration.

Signed-off-by: Wei Yang 
---
 hw/acpi/core.c | 6 --
 include/hw/acpi/acpi.h | 1 -
 2 files changed, 7 deletions(-)

diff --git a/hw/acpi/core.c b/hw/acpi/core.c
index d6f0709691..e9b1a85e54 100644
--- a/hw/acpi/core.c
+++ b/hw/acpi/core.c
@@ -305,12 +305,6 @@ out:
 
 static bool acpi_table_builtin = false;
 
-void acpi_table_add_builtin(const QemuOpts *opts, Error **errp)
-{
-acpi_table_builtin = true;
-acpi_table_add(opts, errp);
-}
-
 unsigned acpi_table_len(void *current)
 {
 struct acpi_table_header *hdr = current - sizeof(hdr->_length);
diff --git a/include/hw/acpi/acpi.h b/include/hw/acpi/acpi.h
index c20ace0d0b..4a8bbaf1b5 100644
--- a/include/hw/acpi/acpi.h
+++ b/include/hw/acpi/acpi.h
@@ -190,7 +190,6 @@ uint8_t *acpi_table_first(void);
 uint8_t *acpi_table_next(uint8_t *current);
 unsigned acpi_table_len(void *current);
 void acpi_table_add(const QemuOpts *opts, Error **errp);
-void acpi_table_add_builtin(const QemuOpts *opts, Error **errp);
 
 typedef struct AcpiSlicOem AcpiSlicOem;
 struct AcpiSlicOem {
-- 
2.19.1

Re: [Qemu-devel] [PATCH 1/3] hw/i386/pc.c: remove unused function pc_acpi_init()

[Wei Yang]

On Mon, Jan 28, 2019 at 02:32:30PM +0100, Igor Mammedov wrote:
>On Fri, 25 Jan 2019 14:01:55 +0800
>Wei Yang  wrote:
>
>> Function pc_acpi_init() is now used in no place.
>s/is now used in no place./in not used anymore,/
>
>fixup the same phrase in other patches.
>
>otherwise series looks good, so fix commit messages and resubmit series.
>
>Also when sending  multi-patch series, pls use cover letter
>(see help for git format-patch --cover-letter)

Thanks :-)

Will change and re-submit.

>
> 
>> Remove the definition and declaration.
>> 
>> Signed-off-by: Wei Yang 
>> ---
>>  hw/i386/pc.c | 27 ---
>>  include/hw/i386/pc.h |  1 -
>>  2 files changed, 28 deletions(-)
>> 
>> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
>> index 5317e08f60..734d3268fa 100644
>> --- a/hw/i386/pc.c
>> +++ b/hw/i386/pc.c
>> @@ -1280,33 +1280,6 @@ void pc_pci_as_mapping_init(Object *owner, 
>> MemoryRegion *system_memory,
>>  pci_address_space, -1);
>>  }
>>  
>> -void pc_acpi_init(const char *default_dsdt)
>> -{
>> -char *filename;
>> -
>> -if (acpi_tables != NULL) {
>> -/* manually set via -acpitable, leave it alone */
>> -return;
>> -}
>> -
>> -filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, default_dsdt);
>> -if (filename == NULL) {
>> -warn_report("failed to find %s", default_dsdt);
>> -} else {
>> -QemuOpts *opts = qemu_opts_create(qemu_find_opts("acpi"), NULL, 0,
>> -  _abort);
>> -Error *err = NULL;
>> -
>> -qemu_opt_set(opts, "file", filename, _abort);
>> -
>> -acpi_table_add_builtin(opts, );
>> -if (err) {
>> -warn_reportf_err(err, "failed to load %s: ", filename);
>> -}
>> -g_free(filename);
>> -}
>> -}
>> -
>>  void xen_load_linux(PCMachineState *pcms)
>>  {
>>  int i;
>> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
>> index 9d29c4b1df..541124ba6d 100644
>> --- a/include/hw/i386/pc.h
>> +++ b/include/hw/i386/pc.h
>> @@ -187,7 +187,6 @@ void pc_acpi_smi_interrupt(void *opaque, int irq, int 
>> level);
>>  
>>  void pc_cpus_init(PCMachineState *pcms);
>>  void pc_hot_add_cpu(const int64_t id, Error **errp);
>> -void pc_acpi_init(const char *default_dsdt);
>>  
>>  void pc_guest_info_init(PCMachineState *pcms);
>>  

-- 
Wei Yang
Help you, Help me

[Qemu-devel] [PATCH v4 04/14] audio: -audiodev command line option basic implementation

[Kővágó, Zoltán]

Audio drivers now get an Audiodev * as config paramters, instead of the
global audio_option structs.  There is some code in audio/audio_legacy.c
that converts the old environment variables to audiodev options (this
way backends do not have to worry about legacy options).  It also
contains a replacement of -audio-help, which prints out the equivalent
-audiodev based config of the currently specified environment variables.

Note that backends are not updated and still rely on environment
variables.

Also note that (due to moving try-poll from global to backend specific
option) currently ALSA and OSS will always try poll mode, regardless of
environment variables or -audiodev options.

Signed-off-by: Kővágó, Zoltán 
---

Notes:
Changes from v2:

* MAJOR: use qobject_input_visitor instead of QemuOpts
* almost completely rewrote legacy options handling
* added missing license comment to audio_legacy.c0

 audio/audio.h  |  18 +-
 audio/audio_int.h  |  16 +-
 audio/audio_template.h |  13 +-
 audio/alsaaudio.c  |   2 +-
 audio/audio.c  | 601 -
 audio/audio_legacy.c   | 295 
 audio/coreaudio.c  |   2 +-
 audio/dsoundaudio.c|   2 +-
 audio/noaudio.c|   2 +-
 audio/ossaudio.c   |   2 +-
 audio/paaudio.c|   2 +-
 audio/sdlaudio.c   |   2 +-
 audio/spiceaudio.c |   2 +-
 audio/wavaudio.c   |   2 +-
 vl.c   |   7 +-
 audio/Makefile.objs|   2 +-
 16 files changed, 590 insertions(+), 380 deletions(-)
 create mode 100644 audio/audio_legacy.c

diff --git a/audio/audio.h b/audio/audio.h
index 02f29a3b3e..64b0f761bc 100644
--- a/audio/audio.h
+++ b/audio/audio.h
@@ -36,12 +36,21 @@ typedef void (*audio_callback_fn) (void *opaque, int avail);
 #define AUDIO_HOST_ENDIANNESS 0
 #endif
 
-struct audsettings {
+typedef struct audsettings {
 int freq;
 int nchannels;
 AudioFormat fmt;
 int endianness;
-};
+} audsettings;
+
+audsettings audiodev_to_audsettings(AudiodevPerDirectionOptions *pdo);
+int audioformat_bytes_per_sample(AudioFormat fmt);
+int audio_buffer_frames(AudiodevPerDirectionOptions *pdo,
+audsettings *as, int def_usecs);
+int audio_buffer_samples(AudiodevPerDirectionOptions *pdo,
+ audsettings *as, int def_usecs);
+int audio_buffer_bytes(AudiodevPerDirectionOptions *pdo,
+   audsettings *as, int def_usecs);
 
 typedef enum {
 AUD_CNOTIFY_ENABLE,
@@ -81,7 +90,6 @@ typedef struct QEMUAudioTimeStamp {
 void AUD_vlog (const char *cap, const char *fmt, va_list ap) GCC_FMT_ATTR(2, 
0);
 void AUD_log (const char *cap, const char *fmt, ...) GCC_FMT_ATTR(2, 3);
 
-void AUD_help (void);
 void AUD_register_card (const char *name, QEMUSoundCard *card);
 void AUD_remove_card (QEMUSoundCard *card);
 CaptureVoiceOut *AUD_add_capture (
@@ -163,4 +171,8 @@ void audio_sample_to_uint64(void *samples, int pos,
 void audio_sample_from_uint64(void *samples, int pos,
 uint64_t left, uint64_t right);
 
+void audio_parse_option(const char *opt);
+void audio_init_audiodevs(void);
+void audio_legacy_help(void);
+
 #endif /* QEMU_AUDIO_H */
diff --git a/audio/audio_int.h b/audio/audio_int.h
index 6c451b995c..cee46c4809 100644
--- a/audio/audio_int.h
+++ b/audio/audio_int.h
@@ -146,7 +146,7 @@ struct audio_driver {
 const char *name;
 const char *descr;
 struct audio_option *options;
-void *(*init) (void);
+void *(*init) (Audiodev *);
 void (*fini) (void *);
 struct audio_pcm_ops *pcm_ops;
 int can_be_default;
@@ -193,6 +193,7 @@ struct SWVoiceCap {
 
 typedef struct AudioState {
 struct audio_driver *drv;
+Audiodev *dev;
 void *drv_opaque;
 
 QEMUTimer *ts;
@@ -203,10 +204,13 @@ typedef struct AudioState {
 int nb_hw_voices_out;
 int nb_hw_voices_in;
 int vm_running;
+int64_t period_ticks;
 } AudioState;
 
 extern const struct mixeng_volume nominal_volume;
 
+extern const char *audio_prio_list[];
+
 void audio_driver_register(audio_driver *drv);
 audio_driver *audio_driver_lookup(const char *name);
 
@@ -248,4 +252,14 @@ static inline int audio_ring_dist (int dst, int src, int 
len)
 #define AUDIO_STRINGIFY_(n) #n
 #define AUDIO_STRINGIFY(n) AUDIO_STRINGIFY_(n)
 
+typedef struct AudiodevListEntry {
+Audiodev *dev;
+QSIMPLEQ_ENTRY(AudiodevListEntry) next;
+} AudiodevListEntry;
+
+typedef QSIMPLEQ_HEAD(, AudiodevListEntry) AudiodevListHead;
+AudiodevListHead audio_handle_legacy_opts(void);
+
+void audio_free_audiodev_list(AudiodevListHead *head);
+
 #endif /* QEMU_AUDIO_INT_H */
diff --git a/audio/audio_template.h b/audio/audio_template.h
index 7de227d2d1..c1d7207abd 100644
--- a/audio/audio_template.h
+++ b/audio/audio_template.h
@@ -302,8 +302,10 @@ static HW *glue (audio_pcm_hw_add_new_, TYPE) (struct 
audsettings *as)
 static HW *glue (audio_pcm_hw_add_, TYPE) (struct audsettings *as)
 {
 HW 

[Qemu-devel] [PATCH v4 10/14] paaudio: port to -audiodev config

[Kővágó, Zoltán]

Signed-off-by: Kővágó, Zoltán 
---
 audio/audio_legacy.c | 39 +++
 audio/paaudio.c  | 91 +++-
 2 files changed, 79 insertions(+), 51 deletions(-)

diff --git a/audio/audio_legacy.c b/audio/audio_legacy.c
index 3d336259bb..d8cd5e27f6 100644
--- a/audio/audio_legacy.c
+++ b/audio/audio_legacy.c
@@ -127,6 +127,16 @@ static uint32_t samples_to_usecs(uint32_t samples,
 return frames_to_usecs(samples / channels, pdo);
 }
 
+static void get_samples_to_usecs(const char *env, uint32_t *dst, bool *has_dst,
+ AudiodevPerDirectionOptions *pdo)
+{
+const char *val = getenv(env);
+if (val) {
+*dst = samples_to_usecs(toui32(val), pdo);
+*has_dst = true;
+}
+}
+
 static uint32_t bytes_to_usecs(uint32_t bytes, AudiodevPerDirectionOptions 
*pdo)
 {
 AudioFormat fmt = pdo->has_format ? pdo->format : AUDIO_FORMAT_S16;
@@ -250,6 +260,31 @@ static void handle_oss(Audiodev *dev)
 get_int("QEMU_OSS_POLICY", >dsp_policy, >has_dsp_policy);
 }
 
+/* pulseaudio */
+static void handle_pa_per_direction(
+AudiodevPaPerDirectionOptions **ppdo, bool *has_ppdo, const char *env)
+{
+*ppdo = g_malloc0(sizeof(AudiodevPaPerDirectionOptions));
+*has_ppdo = true;
+
+get_str(env, &(*ppdo)->name, &(*ppdo)->has_name);
+}
+
+static void handle_pa(Audiodev *dev)
+{
+handle_pa_per_direction(>u.pa.sink, >u.pa.has_sink,
+"QEMU_PA_SINK");
+handle_pa_per_direction(>u.pa.source, >u.pa.has_source,
+"QEMU_PA_SOURCE");
+
+get_samples_to_usecs("QEMU_PA_SAMPLES", >in->buffer_len,
+ >in->has_buffer_len, dev->in);
+get_samples_to_usecs("QEMU_PA_SAMPLES", >out->buffer_len,
+ >out->has_buffer_len, dev->out);
+
+get_str("QEMU_PA_SERVER", >u.pa.server, >u.pa.has_server);
+}
+
 /* general */
 static void handle_per_direction(
 AudiodevPerDirectionOptions *pdo, const char *prefix)
@@ -309,6 +344,10 @@ static AudiodevListEntry *legacy_opt(const char *drvname)
 handle_oss(e->dev);
 break;
 
+case AUDIODEV_DRIVER_PA:
+handle_pa(e->dev);
+break;
+
 default:
 break;
 }
diff --git a/audio/paaudio.c b/audio/paaudio.c
index d649c58e3d..18db0ae26c 100644
--- a/audio/paaudio.c
+++ b/audio/paaudio.c
@@ -2,6 +2,7 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "audio.h"
+#include "qapi/opts-visitor.h"
 
 #include 
 
@@ -10,14 +11,7 @@
 #include "audio_pt_int.h"
 
 typedef struct {
-int samples;
-char *server;
-char *sink;
-char *source;
-} PAConf;
-
-typedef struct {
-PAConf conf;
+Audiodev *dev;
 pa_threaded_mainloop *mainloop;
 pa_context *context;
 } paaudio;
@@ -32,6 +26,7 @@ typedef struct {
 void *pcm_buf;
 struct audio_pt pt;
 paaudio *g;
+int samples;
 } PAVoiceOut;
 
 typedef struct {
@@ -46,6 +41,7 @@ typedef struct {
 const void *read_data;
 size_t read_index, read_length;
 paaudio *g;
+int samples;
 } PAVoiceIn;
 
 static void qpa_audio_fini(void *opaque);
@@ -227,7 +223,7 @@ static void *qpa_thread_out (void *arg)
 }
 }
 
-decr = to_mix = audio_MIN(pa->live, pa->g->conf.samples >> 5);
+decr = to_mix = audio_MIN(pa->live, pa->samples >> 5);
 rpos = pa->rpos;
 
 if (audio_pt_unlock(>pt, __func__)) {
@@ -319,7 +315,7 @@ static void *qpa_thread_in (void *arg)
 }
 }
 
-incr = to_grab = audio_MIN(pa->dead, pa->g->conf.samples >> 5);
+incr = to_grab = audio_MIN(pa->dead, pa->samples >> 5);
 wpos = pa->wpos;
 
 if (audio_pt_unlock(>pt, __func__)) {
@@ -546,6 +542,8 @@ static int qpa_init_out(HWVoiceOut *hw, struct audsettings 
*as,
 struct audsettings obt_as = *as;
 PAVoiceOut *pa = (PAVoiceOut *) hw;
 paaudio *g = pa->g = drv_opaque;
+AudiodevPaOptions *popts = >dev->u.pa;
+AudiodevPaPerDirectionOptions *ppdo = popts->sink;
 
 ss.format = audfmt_to_pa (as->fmt, as->endianness);
 ss.channels = as->nchannels;
@@ -566,7 +564,7 @@ static int qpa_init_out(HWVoiceOut *hw, struct audsettings 
*as,
 g,
 "qemu",
 PA_STREAM_PLAYBACK,
-g->conf.sink,
+ppdo->has_name ? ppdo->name : NULL,
 ,
 NULL,   /* channel map */
 ,/* buffering attributes */
@@ -578,7 +576,8 @@ static int qpa_init_out(HWVoiceOut *hw, struct audsettings 
*as,
 }
 
 audio_pcm_init_info (>info, _as);
-hw->samples = g->conf.samples;
+hw->samples = pa->samples = audio_buffer_samples(g->dev->out, _as,
+ 46440);
 pa->pcm_buf = audio_calloc(__func__, hw->samples, 1 << hw->info.shift);
 pa->rpos = hw->rpos;
 if (!pa->pcm_buf) {
@@ -612,6 +611,8 @@ static int qpa_init_in(HWVoiceIn *hw, struct audsettings 
*as, void 

[Qemu-devel] [PATCH v4 03/14] audio: -audiodev command line option: documentation

[Kővágó, Zoltán]

This patch adds documentation of an -audiodev command line option, that
deprecates the old QEMU_* environment variables for audio backend
configuration.  It's syntax is similar to existing options (-netdev,
-device, etc):

  -audiodev driver_name,property=value,...

Although now it's possible to specify multiple -audiodev options on
command line, multiple audio backends are not supported yet.

Signed-off-by: Kővágó, Zoltán 
---
 qemu-options.hx | 222 +++-
 1 file changed, 219 insertions(+), 3 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 521511ec13..a12931899b 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -416,14 +416,230 @@ The default is @code{en-us}.
 ETEXI
 
 
+HXCOMM Deprecated by -audiodev
 DEF("audio-help", 0, QEMU_OPTION_audio_help,
-"-audio-help print list of audio drivers and their options\n",
+"-audio-help show -audiodev equivalent of the currently specified 
audio settings\n",
 QEMU_ARCH_ALL)
 STEXI
 @item -audio-help
 @findex -audio-help
-Will show the audio subsystem help: list of drivers, tunable
-parameters.
+Will show the -audiodev equivalent of the currently specified
+(deprecated) environment variables.
+ETEXI
+
+DEF("audiodev", HAS_ARG, QEMU_OPTION_audiodev,
+"-audiodev [driver=]driver,id=id[,prop[=value][,...]]\n"
+"specifies the audio backend to use\n"
+"id= identifier of the backend\n"
+"timer-period= timer period in microseconds\n"
+"in|out.fixed-settings= use fixed settings for host 
audio\n"
+"in|out.frequency= frequency to use with fixed settings\n"
+"in|out.channels= number of channels to use with fixed 
settings\n"
+"in|out.format= sample format to use with fixed settings\n"
+"valid values: s8, s16, s32, u8, u16, u32\n"
+"in|out.voices= number of voices to use\n"
+"in|out.buffer-len= size of buffer in microseconds\n"
+"in|out.buffer-count= number of buffers\n"
+"-audiodev none,id=id,[,prop[=value][,...]]\n"
+"dummy driver that discards all output\n"
+#ifdef CONFIG_ALSA
+"-audiodev alsa,id=id[,prop[=value][,...]]\n"
+"alsa-in|alsa-out.dev= name of the audio device to use\n"
+"alsa-in|alsa-out.try-poll= attempt to use poll mode\n"
+"threshold= threshold (in microseconds) when playback 
starts\n"
+#endif
+#ifdef CONFIG_COREAUDIO
+"-audiodev coreaudio,id=id[,prop[=value][,...]]\n"
+#endif
+#ifdef CONFIG_DSOUND
+"-audiodev dsound,id=id[,prop[=value][,...]]\n"
+"latency= add extra latency to playback in microseconds\n"
+#endif
+#ifdef CONFIG_OSS
+"-audiodev oss,id=id[,prop[=value][,...]]\n"
+"oss-in|oss-out.dev= path of the audio device to use\n"
+"oss-in|oss-out.try-poll= attempt to use poll mode\n"
+"try-mmap= try using memory mapped access\n"
+"exclusive= open device in exclusive mode\n"
+"dsp-policy= set timing policy (0..10), -1 to use fragment 
mode\n"
+#endif
+#ifdef CONFIG_PA
+"-audiodev pa,id=id[,prop[=value][,...]]\n"
+"server= PulseAudio server address\n"
+"sink|source.name= sink/source device name\n"
+#endif
+#ifdef CONFIG_SDL
+"-audiodev sdl,id=id[,prop[=value][,...]]\n"
+#endif
+#ifdef CONFIG_SPICE
+"-audiodev spice,id=id[,prop[=value][,...]]\n"
+#endif
+"-audiodev wav,id=id[,prop[=value][,...]]\n"
+"path= path of wav file to record\n",
+QEMU_ARCH_ALL)
+STEXI
+@item -audiodev 
[driver=]@var{driver},id=@var{id}[,@var{prop}[=@var{value}][,...]]
+@findex -audiodev
+Adds a new audio backend @var{driver} identified by @var{id}.  There are
+global and driver specific properties.  Some values can be set
+differently for input and output, they're marked with @code{in|out.}.
+You can set the input's property with @code{in.@var{prop}} and the
+output's property with @code{out.@var{prop}}. For example:
+@example
+-audiodev alsa,id=example,in.frequency=44110,out.frequency=8000
+-audiodev alsa,id=example,out.channels=1 # leaves in.channels unspecified
+@end example
+
+Valid global options are:
+
+@table @option
+@item id=@var{identifier}
+Identifies the audio backend.
+
+@item timer-period=@var{period}
+Sets the timer @var{period} used by the audio subsystem in microseconds.
+Default is 1 (10 ms).
+
+@item in|out.fixed-settings=on|off
+Use fixed settings for host audio.  When off, it will change based on
+how the guest opens the sound card.  In this case you must not specify
+@var{frequency}, @var{channels} or @var{format}.  Default is on.
+
+@item in|out.frequency=@var{frequency}
+Specify the @var{frequency} to use when using @var{fixed-settings}.
+Default is 44100Hz.
+

[Qemu-devel] [PATCH v4 02/14] audio: use qapi AudioFormat instead of audfmt_e

[Kővágó, Zoltán]

I had to include an enum for audio sampling formats into qapi, but that
meant duplicating the audfmt_e enum.  This patch replaces audfmt_e and
associated values with the qapi generated AudioFormat enum.

This patch is mostly a search-and-replace, except for switches where the
qapi generated AUDIO_FORMAT_MAX caused problems.

Signed-off-by: Kővágó, Zoltán 
---
 audio/audio.h | 12 +
 audio/alsaaudio.c | 53 +++--
 audio/audio.c | 97 +--
 audio/audio_win_int.c | 18 
 audio/ossaudio.c  | 30 ++--
 audio/paaudio.c   | 28 +--
 audio/sdlaudio.c  | 26 +--
 audio/spiceaudio.c|  4 +-
 audio/wavaudio.c  | 17 ---
 audio/wavcapture.c|  2 +-
 hw/arm/omap2.c|  2 +-
 hw/audio/ac97.c   |  2 +-
 hw/audio/adlib.c  |  2 +-
 hw/audio/cs4231a.c|  6 +--
 hw/audio/es1370.c |  4 +-
 hw/audio/gus.c|  2 +-
 hw/audio/hda-codec.c  | 18 
 hw/audio/lm4549.c |  6 +--
 hw/audio/milkymist-ac97.c |  2 +-
 hw/audio/pcspk.c  |  2 +-
 hw/audio/sb16.c   | 14 +++---
 hw/audio/wm8750.c |  6 +--
 hw/display/xlnx_dp.c  |  2 +-
 hw/input/tsc210x.c|  2 +-
 hw/usb/dev-audio.c|  2 +-
 ui/vnc.c  | 26 +--
 26 files changed, 196 insertions(+), 189 deletions(-)

diff --git a/audio/audio.h b/audio/audio.h
index f4339a185e..02f29a3b3e 100644
--- a/audio/audio.h
+++ b/audio/audio.h
@@ -26,18 +26,10 @@
 #define QEMU_AUDIO_H
 
 #include "qemu/queue.h"
+#include "qapi/qapi-types-audio.h"
 
 typedef void (*audio_callback_fn) (void *opaque, int avail);
 
-typedef enum {
-AUD_FMT_U8,
-AUD_FMT_S8,
-AUD_FMT_U16,
-AUD_FMT_S16,
-AUD_FMT_U32,
-AUD_FMT_S32
-} audfmt_e;
-
 #ifdef HOST_WORDS_BIGENDIAN
 #define AUDIO_HOST_ENDIANNESS 1
 #else
@@ -47,7 +39,7 @@ typedef enum {
 struct audsettings {
 int freq;
 int nchannels;
-audfmt_e fmt;
+AudioFormat fmt;
 int endianness;
 };
 
diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index 635be73bf4..5bd034267f 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -87,7 +87,7 @@ struct alsa_params_req {
 
 struct alsa_params_obt {
 int freq;
-audfmt_e fmt;
+AudioFormat fmt;
 int endianness;
 int nchannels;
 snd_pcm_uframes_t samples;
@@ -294,16 +294,16 @@ static int alsa_write (SWVoiceOut *sw, void *buf, int len)
 return audio_pcm_sw_write (sw, buf, len);
 }
 
-static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt, int endianness)
+static snd_pcm_format_t aud_to_alsafmt (AudioFormat fmt, int endianness)
 {
 switch (fmt) {
-case AUD_FMT_S8:
+case AUDIO_FORMAT_S8:
 return SND_PCM_FORMAT_S8;
 
-case AUD_FMT_U8:
+case AUDIO_FORMAT_U8:
 return SND_PCM_FORMAT_U8;
 
-case AUD_FMT_S16:
+case AUDIO_FORMAT_S16:
 if (endianness) {
 return SND_PCM_FORMAT_S16_BE;
 }
@@ -311,7 +311,7 @@ static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt, int 
endianness)
 return SND_PCM_FORMAT_S16_LE;
 }
 
-case AUD_FMT_U16:
+case AUDIO_FORMAT_U16:
 if (endianness) {
 return SND_PCM_FORMAT_U16_BE;
 }
@@ -319,7 +319,7 @@ static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt, int 
endianness)
 return SND_PCM_FORMAT_U16_LE;
 }
 
-case AUD_FMT_S32:
+case AUDIO_FORMAT_S32:
 if (endianness) {
 return SND_PCM_FORMAT_S32_BE;
 }
@@ -327,7 +327,7 @@ static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt, int 
endianness)
 return SND_PCM_FORMAT_S32_LE;
 }
 
-case AUD_FMT_U32:
+case AUDIO_FORMAT_U32:
 if (endianness) {
 return SND_PCM_FORMAT_U32_BE;
 }
@@ -344,58 +344,58 @@ static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt, int 
endianness)
 }
 }
 
-static int alsa_to_audfmt (snd_pcm_format_t alsafmt, audfmt_e *fmt,
+static int alsa_to_audfmt (snd_pcm_format_t alsafmt, AudioFormat *fmt,
int *endianness)
 {
 switch (alsafmt) {
 case SND_PCM_FORMAT_S8:
 *endianness = 0;
-*fmt = AUD_FMT_S8;
+*fmt = AUDIO_FORMAT_S8;
 break;
 
 case SND_PCM_FORMAT_U8:
 *endianness = 0;
-*fmt = AUD_FMT_U8;
+*fmt = AUDIO_FORMAT_U8;
 break;
 
 case SND_PCM_FORMAT_S16_LE:
 *endianness = 0;
-*fmt = AUD_FMT_S16;
+*fmt = AUDIO_FORMAT_S16;
 break;
 
 case SND_PCM_FORMAT_U16_LE:
 *endianness = 0;
-*fmt = AUD_FMT_U16;
+*fmt = AUDIO_FORMAT_U16;
 break;
 
 case SND_PCM_FORMAT_S16_BE:
 *endianness = 1;
-*fmt = AUD_FMT_S16;
+*fmt = AUDIO_FORMAT_S16;
 break;
 
 case SND_PCM_FORMAT_U16_BE:
 *endianness = 1;
-*fmt = AUD_FMT_U16;
+*fmt = 

[Qemu-devel] [PATCH v4 13/14] wavaudio: port to -audiodev config

[Kővágó, Zoltán]

Signed-off-by: Kővágó, Zoltán 
---
 audio/audio_legacy.c | 15 
 audio/wavaudio.c | 58 +++-
 2 files changed, 24 insertions(+), 49 deletions(-)

diff --git a/audio/audio_legacy.c b/audio/audio_legacy.c
index 214774b947..2c2447176c 100644
--- a/audio/audio_legacy.c
+++ b/audio/audio_legacy.c
@@ -293,6 +293,17 @@ static void handle_sdl(Audiodev *dev)
  >out->has_buffer_len, dev->out);
 }
 
+/* wav */
+static void handle_wav(Audiodev *dev)
+{
+get_int("QEMU_WAV_FREQUENCY",
+>out->frequency, >out->has_frequency);
+get_fmt("QEMU_WAV_FORMAT", >out->format, >out->has_format);
+get_int("QEMU_WAV_DAC_FIXED_CHANNELS",
+>out->channels, >out->has_channels);
+get_str("QEMU_WAV_PATH", >u.wav.path, >u.wav.has_path);
+}
+
 /* general */
 static void handle_per_direction(
 AudiodevPerDirectionOptions *pdo, const char *prefix)
@@ -360,6 +371,10 @@ static AudiodevListEntry *legacy_opt(const char *drvname)
 handle_sdl(e->dev);
 break;
 
+case AUDIODEV_DRIVER_WAV:
+handle_wav(e->dev);
+break;
+
 default:
 break;
 }
diff --git a/audio/wavaudio.c b/audio/wavaudio.c
index 9eff3555b3..214e30ccd9 100644
--- a/audio/wavaudio.c
+++ b/audio/wavaudio.c
@@ -24,6 +24,7 @@
 #include "qemu/osdep.h"
 #include "qemu/host-utils.h"
 #include "qemu/timer.h"
+#include "qapi/opts-visitor.h"
 #include "audio.h"
 
 #define AUDIO_CAP "wav"
@@ -37,11 +38,6 @@ typedef struct WAVVoiceOut {
 int total_samples;
 } WAVVoiceOut;
 
-typedef struct {
-struct audsettings settings;
-const char *wav_path;
-} WAVConf;
-
 static int wav_run_out (HWVoiceOut *hw, int live)
 {
 WAVVoiceOut *wav = (WAVVoiceOut *) hw;
@@ -112,8 +108,10 @@ static int wav_init_out(HWVoiceOut *hw, struct audsettings 
*as,
 0x02, 0x00, 0x44, 0xac, 0x00, 0x00, 0x10, 0xb1, 0x02, 0x00, 0x04,
 0x00, 0x10, 0x00, 0x64, 0x61, 0x74, 0x61, 0x00, 0x00, 0x00, 0x00
 };
-WAVConf *conf = drv_opaque;
-struct audsettings wav_as = conf->settings;
+Audiodev *dev = drv_opaque;
+AudiodevWavOptions *wopts = >u.wav;
+struct audsettings wav_as = audiodev_to_audsettings(dev->out);
+const char *wav_path = wopts->has_path ? wopts->path : "qemu.wav";
 
 stereo = wav_as.nchannels == 2;
 switch (wav_as.fmt) {
@@ -154,10 +152,10 @@ static int wav_init_out(HWVoiceOut *hw, struct 
audsettings *as,
 le_store (hdr + 28, hw->info.freq << (bits16 + stereo), 4);
 le_store (hdr + 32, 1 << (bits16 + stereo), 2);
 
-wav->f = fopen (conf->wav_path, "wb");
+wav->f = fopen(wav_path, "wb");
 if (!wav->f) {
 dolog ("Failed to open wave file `%s'\nReason: %s\n",
-   conf->wav_path, strerror (errno));
+   wav_path, strerror(errno));
 g_free (wav->pcm_buf);
 wav->pcm_buf = NULL;
 return -1;
@@ -225,54 +223,17 @@ static int wav_ctl_out (HWVoiceOut *hw, int cmd, ...)
 return 0;
 }
 
-static WAVConf glob_conf = {
-.settings.freq  = 44100,
-.settings.nchannels = 2,
-.settings.fmt   = AUDIO_FORMAT_S16,
-.wav_path   = "qemu.wav"
-};
-
 static void *wav_audio_init(Audiodev *dev)
 {
-WAVConf *conf = g_malloc(sizeof(WAVConf));
-*conf = glob_conf;
-return conf;
+assert(dev->driver == AUDIODEV_DRIVER_WAV);
+return dev;
 }
 
 static void wav_audio_fini (void *opaque)
 {
 ldebug ("wav_fini");
-g_free(opaque);
 }
 
-static struct audio_option wav_options[] = {
-{
-.name  = "FREQUENCY",
-.tag   = AUD_OPT_INT,
-.valp  = _conf.settings.freq,
-.descr = "Frequency"
-},
-{
-.name  = "FORMAT",
-.tag   = AUD_OPT_FMT,
-.valp  = _conf.settings.fmt,
-.descr = "Format"
-},
-{
-.name  = "DAC_FIXED_CHANNELS",
-.tag   = AUD_OPT_INT,
-.valp  = _conf.settings.nchannels,
-.descr = "Number of channels (1 - mono, 2 - stereo)"
-},
-{
-.name  = "PATH",
-.tag   = AUD_OPT_STR,
-.valp  = _conf.wav_path,
-.descr = "Path to wave file"
-},
-{ /* End of list */ }
-};
-
 static struct audio_pcm_ops wav_pcm_ops = {
 .init_out = wav_init_out,
 .fini_out = wav_fini_out,
@@ -284,7 +245,6 @@ static struct audio_pcm_ops wav_pcm_ops = {
 static struct audio_driver wav_audio_driver = {
 .name   = "wav",
 .descr  = "WAV renderer http://wikipedia.org/wiki/WAV;,
-.options= wav_options,
 .init   = wav_audio_init,
 .fini   = wav_audio_fini,
 .pcm_ops= _pcm_ops,
-- 
2.20.1

[Qemu-devel] [PATCH v4 00/14] Audio patches (was: Audio 5.1 patches)

[Kővágó, Zoltán]

Hi,

Here's an updated version of my audio patches. Due to the size of the patch
series, I broke it down to smaller parts, this is the first part.  This series
adds an -audiodev command line parameter instead of the old environment variable
based config.

Changes from v3:

* fixed formatting issues reported by issues by checkpatch.pl, except in patch
  2 "audio: use qapi AudioFormat instead of audfmt_e", since it's a search and
  replace patch

Regards,
Zoltan

Kővágó, Zoltán (14):
  qapi: qapi for audio backends
  audio: use qapi AudioFormat instead of audfmt_e
  audio: -audiodev command line option: documentation
  audio: -audiodev command line option basic implementation
  alsaaudio: port to -audiodev config
  coreaudio: port to -audiodev config
  dsoundaudio: port to -audiodev config
  noaudio: port to -audiodev config
  ossaudio: port to -audiodev config
  paaudio: port to -audiodev config
  sdlaudio: port to -audiodev config
  spiceaudio: port to -audiodev config
  wavaudio: port to -audiodev config
  audio: -audiodev command line option: cleanup

 Makefile.objs |   6 +-
 qapi/audio.json   | 233 +++
 qapi/qapi-schema.json |   1 +
 audio/audio.h |  30 +-
 audio/audio_int.h |  33 +-
 audio/audio_template.h|  13 +-
 audio/dsound_template.h   |   6 +-
 audio/alsaaudio.c | 383 ++---
 audio/audio.c | 845 --
 audio/audio_legacy.c  | 549 +
 audio/audio_win_int.c |  18 +-
 audio/coreaudio.c |  50 +--
 audio/dsoundaudio.c   |  61 +--
 audio/noaudio.c   |   3 +-
 audio/ossaudio.c  | 197 -
 audio/paaudio.c   | 121 +++---
 audio/sdlaudio.c  |  50 +--
 audio/spiceaudio.c|  11 +-
 audio/wavaudio.c  |  75 +---
 audio/wavcapture.c|   2 +-
 hw/arm/omap2.c|   2 +-
 hw/audio/ac97.c   |   2 +-
 hw/audio/adlib.c  |   2 +-
 hw/audio/cs4231a.c|   6 +-
 hw/audio/es1370.c |   4 +-
 hw/audio/gus.c|   2 +-
 hw/audio/hda-codec.c  |  18 +-
 hw/audio/lm4549.c |   6 +-
 hw/audio/milkymist-ac97.c |   2 +-
 hw/audio/pcspk.c  |   2 +-
 hw/audio/sb16.c   |  14 +-
 hw/audio/wm8750.c |   6 +-
 hw/display/xlnx_dp.c  |   2 +-
 hw/input/tsc210x.c|   2 +-
 hw/usb/dev-audio.c|   2 +-
 ui/vnc.c  |  26 +-
 vl.c  |   7 +-
 audio/Makefile.objs   |   2 +-
 qemu-options.hx   | 222 +-
 39 files changed, 1715 insertions(+), 1301 deletions(-)
 create mode 100644 qapi/audio.json
 create mode 100644 audio/audio_legacy.c

-- 
2.20.1

[Qemu-devel] [PATCH v4 05/14] alsaaudio: port to -audiodev config

[Kővágó, Zoltán]

Signed-off-by: Kővágó, Zoltán 
---
 audio/alsaaudio.c| 344 ++-
 audio/audio_legacy.c |  94 +++-
 2 files changed, 205 insertions(+), 233 deletions(-)

diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index 8302f3e882..68fcfdd038 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -33,28 +33,9 @@
 #define AUDIO_CAP "alsa"
 #include "audio_int.h"
 
-typedef struct ALSAConf {
-int size_in_usec_in;
-int size_in_usec_out;
-const char *pcm_name_in;
-const char *pcm_name_out;
-unsigned int buffer_size_in;
-unsigned int period_size_in;
-unsigned int buffer_size_out;
-unsigned int period_size_out;
-unsigned int threshold;
-
-int buffer_size_in_overridden;
-int period_size_in_overridden;
-
-int buffer_size_out_overridden;
-int period_size_out_overridden;
-} ALSAConf;
-
 struct pollhlp {
 snd_pcm_t *handle;
 struct pollfd *pfds;
-ALSAConf *conf;
 int count;
 int mask;
 };
@@ -66,6 +47,7 @@ typedef struct ALSAVoiceOut {
 void *pcm_buf;
 snd_pcm_t *handle;
 struct pollhlp pollhlp;
+Audiodev *dev;
 } ALSAVoiceOut;
 
 typedef struct ALSAVoiceIn {
@@ -73,16 +55,13 @@ typedef struct ALSAVoiceIn {
 snd_pcm_t *handle;
 void *pcm_buf;
 struct pollhlp pollhlp;
+Audiodev *dev;
 } ALSAVoiceIn;
 
 struct alsa_params_req {
 int freq;
 snd_pcm_format_t fmt;
 int nchannels;
-int size_in_usec;
-int override_mask;
-unsigned int buffer_size;
-unsigned int period_size;
 };
 
 struct alsa_params_obt {
@@ -408,17 +387,19 @@ static int alsa_to_audfmt (snd_pcm_format_t alsafmt, 
AudioFormat *fmt,
 
 static void alsa_dump_info (struct alsa_params_req *req,
 struct alsa_params_obt *obt,
-snd_pcm_format_t obtfmt)
+snd_pcm_format_t obtfmt,
+AudiodevPerDirectionOptions *pdo)
 {
-dolog ("parameter | requested value | obtained value\n");
-dolog ("format|  %10d | %10d\n", req->fmt, obtfmt);
-dolog ("channels  |  %10d | %10d\n",
-   req->nchannels, obt->nchannels);
-dolog ("frequency |  %10d | %10d\n", req->freq, obt->freq);
-dolog ("\n");
-dolog ("requested: buffer size %d period size %d\n",
-   req->buffer_size, req->period_size);
-dolog ("obtained: samples %ld\n", obt->samples);
+dolog("parameter | requested value | obtained value\n");
+dolog("format|  %10d | %10d\n", req->fmt, obtfmt);
+dolog("channels  |  %10d | %10d\n",
+  req->nchannels, obt->nchannels);
+dolog("frequency |  %10d | %10d\n", req->freq, obt->freq);
+dolog("\n");
+dolog("requested: buffer len %" PRId32 " buffer count %" PRId32 "\n",
+  pdo->has_buffer_len ? pdo->buffer_len : 0,
+  pdo->has_buffer_count ? pdo->buffer_count : 0);
+dolog("obtained: samples %ld\n", obt->samples);
 }
 
 static void alsa_set_threshold (snd_pcm_t *handle, snd_pcm_uframes_t threshold)
@@ -451,23 +432,25 @@ static void alsa_set_threshold (snd_pcm_t *handle, 
snd_pcm_uframes_t threshold)
 }
 }
 
-static int alsa_open (int in, struct alsa_params_req *req,
-  struct alsa_params_obt *obt, snd_pcm_t **handlep,
-  ALSAConf *conf)
+static int alsa_open(bool in, struct alsa_params_req *req,
+ struct alsa_params_obt *obt, snd_pcm_t **handlep,
+ Audiodev *dev)
 {
+AudiodevPerDirectionOptions *pdo = in ? dev->in : dev->out;
+AudiodevAlsaOptions *aopts = >u.alsa;
+AudiodevAlsaPerDirectionOptions *apdo =
+in ? aopts->alsa_in : aopts->alsa_out;
 snd_pcm_t *handle;
 snd_pcm_hw_params_t *hw_params;
 int err;
-int size_in_usec;
 unsigned int freq, nchannels;
-const char *pcm_name = in ? conf->pcm_name_in : conf->pcm_name_out;
+const char *pcm_name = apdo->has_dev ? apdo->dev : "default";
 snd_pcm_uframes_t obt_buffer_size;
 const char *typ = in ? "ADC" : "DAC";
 snd_pcm_format_t obtfmt;
 
 freq = req->freq;
 nchannels = req->nchannels;
-size_in_usec = req->size_in_usec;
 
 snd_pcm_hw_params_alloca (_params);
 
@@ -527,79 +510,49 @@ static int alsa_open (int in, struct alsa_params_req *req,
 goto err;
 }
 
-if (req->buffer_size) {
-unsigned long obt;
+if (pdo->buffer_count) {
+if (pdo->buffer_len) {
+int64_t req = pdo->buffer_len * pdo->buffer_count;
 
-if (size_in_usec) {
 int dir = 0;
-unsigned int btime = req->buffer_size;
+unsigned int btime = req;
 
-err = snd_pcm_hw_params_set_buffer_time_near (
-handle,
-hw_params,
-,
-
-);
-obt = 

[Qemu-devel] [PATCH v4 11/14] sdlaudio: port to -audiodev config

[Kővágó, Zoltán]

Signed-off-by: Kővágó, Zoltán 
---
 audio/audio_legacy.c | 12 
 audio/sdlaudio.c | 22 --
 2 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/audio/audio_legacy.c b/audio/audio_legacy.c
index d8cd5e27f6..214774b947 100644
--- a/audio/audio_legacy.c
+++ b/audio/audio_legacy.c
@@ -285,6 +285,14 @@ static void handle_pa(Audiodev *dev)
 get_str("QEMU_PA_SERVER", >u.pa.server, >u.pa.has_server);
 }
 
+/* SDL */
+static void handle_sdl(Audiodev *dev)
+{
+/* SDL is output only */
+get_samples_to_usecs("QEMU_SDL_SAMPLES", >out->buffer_len,
+ >out->has_buffer_len, dev->out);
+}
+
 /* general */
 static void handle_per_direction(
 AudiodevPerDirectionOptions *pdo, const char *prefix)
@@ -348,6 +356,10 @@ static AudiodevListEntry *legacy_opt(const char *drvname)
 handle_pa(e->dev);
 break;
 
+case AUDIODEV_DRIVER_SDL:
+handle_sdl(e->dev);
+break;
+
 default:
 break;
 }
diff --git a/audio/sdlaudio.c b/audio/sdlaudio.c
index 097841fde1..cf6ac19927 100644
--- a/audio/sdlaudio.c
+++ b/audio/sdlaudio.c
@@ -49,12 +49,6 @@ typedef struct SDLVoiceOut {
 int decr;
 } SDLVoiceOut;
 
-static struct {
-int nb_samples;
-} conf = {
-.nb_samples = 1024
-};
-
 static struct SDLAudioState {
 int exit;
 #if USE_SEMAPHORE
@@ -63,6 +57,7 @@ static struct SDLAudioState {
 #endif
 int initialized;
 bool driver_created;
+Audiodev *dev;
 } glob_sdl;
 typedef struct SDLAudioState SDLAudioState;
 
@@ -392,7 +387,7 @@ static int sdl_init_out(HWVoiceOut *hw, struct audsettings 
*as,
 req.freq = as->freq;
 req.format = aud_to_sdlfmt (as->fmt);
 req.channels = as->nchannels;
-req.samples = conf.nb_samples;
+req.samples = audio_buffer_samples(s->dev->out, as, 11610);
 req.callback = sdl_callback;
 req.userdata = sdl;
 
@@ -467,6 +462,7 @@ static void *sdl_audio_init(Audiodev *dev)
 #endif
 
 s->driver_created = true;
+s->dev = dev;
 return s;
 }
 
@@ -480,18 +476,9 @@ static void sdl_audio_fini (void *opaque)
 #endif
 SDL_QuitSubSystem (SDL_INIT_AUDIO);
 s->driver_created = false;
+s->dev = NULL;
 }
 
-static struct audio_option sdl_options[] = {
-{
-.name  = "SAMPLES",
-.tag   = AUD_OPT_INT,
-.valp  = _samples,
-.descr = "Size of SDL buffer in samples"
-},
-{ /* End of list */ }
-};
-
 static struct audio_pcm_ops sdl_pcm_ops = {
 .init_out = sdl_init_out,
 .fini_out = sdl_fini_out,
@@ -503,7 +490,6 @@ static struct audio_pcm_ops sdl_pcm_ops = {
 static struct audio_driver sdl_audio_driver = {
 .name   = "sdl",
 .descr  = "SDL http://www.libsdl.org;,
-.options= sdl_options,
 .init   = sdl_audio_init,
 .fini   = sdl_audio_fini,
 .pcm_ops= _pcm_ops,
-- 
2.20.1

[Qemu-devel] [PATCH v2 02/12] target/arm: Add PSTATE.BTYPE

[Richard Henderson]

Place this in its own field within ENV, as that will
make it easier to reset from within TCG generated code.

With the change to pstate_read/write, exception entry
and return are automatically handled.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h   | 8 ++--
 target/arm/translate-a64.c | 3 +++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index d7190f0712..76e2f8fd42 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -234,6 +234,7 @@ typedef struct CPUARMState {
  *semantics as for AArch32, as described in the comments on each field)
  *  nRW (also known as M[4]) is kept, inverted, in env->aarch64
  *  DAIF (exception masks) are kept in env->daif
+ *  BTYPE is kept in env->btype
  *  all other bits are stored in their correct places in env->pstate
  */
 uint32_t pstate;
@@ -263,6 +264,7 @@ typedef struct CPUARMState {
 uint32_t GE; /* cpsr[19:16] */
 uint32_t thumb; /* cpsr[5]. 0 = arm mode, 1 = thumb mode. */
 uint32_t condexec_bits; /* IT bits.  cpsr[15:10,26:25].  */
+uint32_t btype;  /* BTI branch type.  spsr[11:10].  */
 uint64_t daif; /* exception masks, in the bits they are in PSTATE */
 
 uint64_t elr_el[4]; /* AArch64 exception link regs  */
@@ -1197,6 +1199,7 @@ uint64_t get_pmceid(CPUARMState *env, unsigned which);
 #define PSTATE_I (1U << 7)
 #define PSTATE_A (1U << 8)
 #define PSTATE_D (1U << 9)
+#define PSTATE_BTYPE (3U << 10)
 #define PSTATE_IL (1U << 20)
 #define PSTATE_SS (1U << 21)
 #define PSTATE_V (1U << 28)
@@ -1205,7 +1208,7 @@ uint64_t get_pmceid(CPUARMState *env, unsigned which);
 #define PSTATE_N (1U << 31)
 #define PSTATE_NZCV (PSTATE_N | PSTATE_Z | PSTATE_C | PSTATE_V)
 #define PSTATE_DAIF (PSTATE_D | PSTATE_A | PSTATE_I | PSTATE_F)
-#define CACHED_PSTATE_BITS (PSTATE_NZCV | PSTATE_DAIF)
+#define CACHED_PSTATE_BITS (PSTATE_NZCV | PSTATE_DAIF | PSTATE_BTYPE)
 /* Mode values for AArch64 */
 #define PSTATE_MODE_EL3h 13
 #define PSTATE_MODE_EL3t 12
@@ -1237,7 +1240,7 @@ static inline uint32_t pstate_read(CPUARMState *env)
 ZF = (env->ZF == 0);
 return (env->NF & 0x8000) | (ZF << 30)
 | (env->CF << 29) | ((env->VF & 0x8000) >> 3)
-| env->pstate | env->daif;
+| env->pstate | env->daif | (env->btype << 10);
 }
 
 static inline void pstate_write(CPUARMState *env, uint32_t val)
@@ -1247,6 +1250,7 @@ static inline void pstate_write(CPUARMState *env, 
uint32_t val)
 env->CF = (val >> 29) & 1;
 env->VF = (val << 3) & 0x8000;
 env->daif = val & PSTATE_DAIF;
+env->btype = (val >> 10) & 3;
 env->pstate = val & ~CACHED_PSTATE_BITS;
 }
 
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 4d28a27c3b..611279e98e 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -163,6 +163,9 @@ void aarch64_cpu_dump_state(CPUState *cs, FILE *f,
 el,
 psr & PSTATE_SP ? 'h' : 't');
 
+if (cpu_isar_feature(aa64_bti, cpu)) {
+cpu_fprintf(f, "  BTYPE=%d", (psr & PSTATE_BTYPE) >> 10);
+}
 if (!(flags & CPU_DUMP_FPU)) {
 cpu_fprintf(f, "\n");
 return;
-- 
2.17.2

[Qemu-devel] [PATCH v4 14/14] audio: -audiodev command line option: cleanup

[Kővágó, Zoltán]

Remove no longer needed code.

Signed-off-by: Kővágó, Zoltán 
---
 audio/audio_int.h |  17 
 audio/audio.c | 201 +-
 2 files changed, 4 insertions(+), 214 deletions(-)

diff --git a/audio/audio_int.h b/audio/audio_int.h
index cee46c4809..51963ccff8 100644
--- a/audio/audio_int.h
+++ b/audio/audio_int.h
@@ -33,22 +33,6 @@
 
 struct audio_pcm_ops;
 
-typedef enum {
-AUD_OPT_INT,
-AUD_OPT_FMT,
-AUD_OPT_STR,
-AUD_OPT_BOOL
-} audio_option_tag_e;
-
-struct audio_option {
-const char *name;
-audio_option_tag_e tag;
-void *valp;
-const char *descr;
-int *overriddenp;
-int overridden;
-};
-
 struct audio_callback {
 void *opaque;
 audio_callback_fn fn;
@@ -145,7 +129,6 @@ typedef struct audio_driver audio_driver;
 struct audio_driver {
 const char *name;
 const char *descr;
-struct audio_option *options;
 void *(*init) (Audiodev *);
 void (*fini) (void *);
 struct audio_pcm_ops *pcm_ops;
diff --git a/audio/audio.c b/audio/audio.c
index b37c245a8a..fd6e54998a 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -172,113 +172,6 @@ void *audio_calloc (const char *funcname, int nmemb, 
size_t size)
 return g_malloc0 (len);
 }
 
-static const char *audio_audfmt_to_string (AudioFormat fmt)
-{
-switch (fmt) {
-case AUDIO_FORMAT_U8:
-return "U8";
-
-case AUDIO_FORMAT_U16:
-return "U16";
-
-case AUDIO_FORMAT_S8:
-return "S8";
-
-case AUDIO_FORMAT_S16:
-return "S16";
-
-case AUDIO_FORMAT_U32:
-return "U32";
-
-case AUDIO_FORMAT_S32:
-return "S32";
-
-default:
-abort();
-}
-
-dolog ("Bogus audfmt %d returning S16\n", fmt);
-return "S16";
-}
-
-static AudioFormat audio_string_to_audfmt (const char *s, AudioFormat defval,
-int *defaultp)
-{
-if (!strcasecmp (s, "u8")) {
-*defaultp = 0;
-return AUDIO_FORMAT_U8;
-}
-else if (!strcasecmp (s, "u16")) {
-*defaultp = 0;
-return AUDIO_FORMAT_U16;
-}
-else if (!strcasecmp (s, "u32")) {
-*defaultp = 0;
-return AUDIO_FORMAT_U32;
-}
-else if (!strcasecmp (s, "s8")) {
-*defaultp = 0;
-return AUDIO_FORMAT_S8;
-}
-else if (!strcasecmp (s, "s16")) {
-*defaultp = 0;
-return AUDIO_FORMAT_S16;
-}
-else if (!strcasecmp (s, "s32")) {
-*defaultp = 0;
-return AUDIO_FORMAT_S32;
-}
-else {
-dolog ("Bogus audio format `%s' using %s\n",
-   s, audio_audfmt_to_string (defval));
-*defaultp = 1;
-return defval;
-}
-}
-
-static AudioFormat audio_get_conf_fmt (const char *envname,
-AudioFormat defval,
-int *defaultp)
-{
-const char *var = getenv (envname);
-if (!var) {
-*defaultp = 1;
-return defval;
-}
-return audio_string_to_audfmt (var, defval, defaultp);
-}
-
-static int audio_get_conf_int (const char *key, int defval, int *defaultp)
-{
-int val;
-char *strval;
-
-strval = getenv (key);
-if (strval && !qemu_strtoi(strval, NULL, 10, )) {
-*defaultp = 0;
-return val;
-}
-else {
-*defaultp = 1;
-return defval;
-}
-}
-
-static const char *audio_get_conf_str (const char *key,
-   const char *defval,
-   int *defaultp)
-{
-const char *val = getenv (key);
-if (!val) {
-*defaultp = 1;
-return defval;
-}
-else {
-*defaultp = 0;
-return val;
-}
-}
-
 void AUD_vlog (const char *cap, const char *fmt, va_list ap)
 {
 if (cap) {
@@ -297,89 +190,6 @@ void AUD_log (const char *cap, const char *fmt, ...)
 va_end (ap);
 }
 
-static void audio_process_options (const char *prefix,
-   struct audio_option *opt)
-{
-char *optname;
-const char qemu_prefix[] = "QEMU_";
-size_t preflen, optlen;
-
-if (audio_bug(__func__, !prefix)) {
-dolog ("prefix = NULL\n");
-return;
-}
-
-if (audio_bug(__func__, !opt)) {
-dolog ("opt = NULL\n");
-return;
-}
-
-preflen = strlen (prefix);
-
-for (; opt->name; opt++) {
-size_t len, i;
-int def;
-
-if (!opt->valp) {
-dolog ("Option value pointer for `%s' is not set\n",
-   opt->name);
-continue;
-}
-
-len = strlen (opt->name);
-/* len of opt->name + len of prefix + size of qemu_prefix
- * (includes trailing zero) + zero + underscore (on behalf of
- * sizeof) */
-optlen = len + preflen + sizeof (qemu_prefix) + 1;
-optname = g_malloc (optlen);
-
-pstrcpy (optname, optlen, qemu_prefix);
-
-/* copy while upper-casing, including 

[Qemu-devel] [PATCH v4 09/14] ossaudio: port to -audiodev config

[Kővágó, Zoltán]

Signed-off-by: Kővágó, Zoltán 
---
 audio/audio_legacy.c |  33 +
 audio/ossaudio.c | 167 +++
 2 files changed, 90 insertions(+), 110 deletions(-)

diff --git a/audio/audio_legacy.c b/audio/audio_legacy.c
index 0002fce627..3d336259bb 100644
--- a/audio/audio_legacy.c
+++ b/audio/audio_legacy.c
@@ -221,6 +221,35 @@ static void handle_dsound(Audiodev *dev)
>in->has_buffer_len, dev->in);
 }
 
+/* OSS */
+static void handle_oss_per_direction(
+AudiodevPerDirectionOptions *pdo, AudiodevOssPerDirectionOptions **opdo,
+bool *has_opdo, const char *try_poll_env, const char *dev_env)
+{
+*opdo = g_malloc0(sizeof(AudiodevOssPerDirectionOptions));
+*has_opdo = true;
+
+get_bool(try_poll_env, &(*opdo)->try_poll, &(*opdo)->has_try_poll);
+get_str(dev_env, &(*opdo)->dev, &(*opdo)->has_dev);
+
+get_bytes_to_usecs("QEMU_OSS_FRAGSIZE",
+   >buffer_len, >has_buffer_len, pdo);
+   get_int("QEMU_OSS_NFRAGS", >buffer_count, >has_buffer_count);
+}
+
+static void handle_oss(Audiodev *dev)
+{
+AudiodevOssOptions *oopt = >u.oss;
+handle_oss_per_direction(dev->in, >oss_in, >has_oss_in,
+ "QEMU_AUDIO_ADC_TRY_POLL", "QEMU_OSS_ADC_DEV");
+handle_oss_per_direction(dev->out, >oss_out, >has_oss_out,
+ "QEMU_AUDIO_DAC_TRY_POLL", "QEMU_OSS_DAC_DEV");
+
+get_bool("QEMU_OSS_MMAP", >try_mmap, >has_try_mmap);
+get_bool("QEMU_OSS_EXCLUSIVE", >exclusive, >has_exclusive);
+get_int("QEMU_OSS_POLICY", >dsp_policy, >has_dsp_policy);
+}
+
 /* general */
 static void handle_per_direction(
 AudiodevPerDirectionOptions *pdo, const char *prefix)
@@ -276,6 +305,10 @@ static AudiodevListEntry *legacy_opt(const char *drvname)
 handle_dsound(e->dev);
 break;
 
+case AUDIODEV_DRIVER_OSS:
+handle_oss(e->dev);
+break;
+
 default:
 break;
 }
diff --git a/audio/ossaudio.c b/audio/ossaudio.c
index e0cadbef29..72b9dc3b5f 100644
--- a/audio/ossaudio.c
+++ b/audio/ossaudio.c
@@ -37,16 +37,6 @@
 #define USE_DSP_POLICY
 #endif
 
-typedef struct OSSConf {
-int try_mmap;
-int nfrags;
-int fragsize;
-const char *devpath_out;
-const char *devpath_in;
-int exclusive;
-int policy;
-} OSSConf;
-
 typedef struct OSSVoiceOut {
 HWVoiceOut hw;
 void *pcm_buf;
@@ -56,7 +46,7 @@ typedef struct OSSVoiceOut {
 int fragsize;
 int mmapped;
 int pending;
-OSSConf *conf;
+Audiodev *dev;
 } OSSVoiceOut;
 
 typedef struct OSSVoiceIn {
@@ -65,12 +55,12 @@ typedef struct OSSVoiceIn {
 int fd;
 int nfrags;
 int fragsize;
-OSSConf *conf;
+Audiodev *dev;
 } OSSVoiceIn;
 
 struct oss_params {
 int freq;
-AudioFormat fmt;
+int fmt;
 int nchannels;
 int nfrags;
 int fragsize;
@@ -262,19 +252,26 @@ static int oss_get_version (int fd, int *version, const 
char *typ)
 }
 #endif
 
-static int oss_open (int in, struct oss_params *req,
- struct oss_params *obt, int *pfd, OSSConf* conf)
+static int oss_open(int in, struct oss_params *req, audsettings *as,
+struct oss_params *obt, int *pfd, Audiodev *dev)
 {
+AudiodevOssOptions *oopts = >u.oss;
+AudiodevOssPerDirectionOptions *opdo = in ? oopts->oss_in : oopts->oss_out;
+AudiodevPerDirectionOptions *pdo = in ? dev->in : dev->out;
 int fd;
-int oflags = conf->exclusive ? O_EXCL : 0;
+int oflags = (oopts->has_exclusive && oopts->exclusive) ? O_EXCL : 0;
 audio_buf_info abinfo;
 int fmt, freq, nchannels;
 int setfragment = 1;
-const char *dspname = in ? conf->devpath_in : conf->devpath_out;
+const char *dspname = opdo->has_dev ? opdo->dev : "/dev/dsp";
 const char *typ = in ? "ADC" : "DAC";
+#ifdef USE_DSP_POLICY
+int policy = oopts->has_dsp_policy ? oopts->dsp_policy : 5;
+#endif
 
 /* Kludge needed to have working mmap on Linux */
-oflags |= conf->try_mmap ? O_RDWR : (in ? O_RDONLY : O_WRONLY);
+oflags |= (oopts->has_try_mmap && oopts->try_mmap) ?
+O_RDWR : (in ? O_RDONLY : O_WRONLY);
 
 fd = open (dspname, oflags | O_NONBLOCK);
 if (-1 == fd) {
@@ -285,6 +282,8 @@ static int oss_open (int in, struct oss_params *req,
 freq = req->freq;
 nchannels = req->nchannels;
 fmt = req->fmt;
+req->nfrags = pdo->has_buffer_count ? pdo->buffer_count : 4;
+req->fragsize = audio_buffer_bytes(pdo, as, 23220);
 
 if (ioctl (fd, SNDCTL_DSP_SAMPLESIZE, )) {
 oss_logerr2 (errno, typ, "Failed to set sample size %d\n", req->fmt);
@@ -308,18 +307,18 @@ static int oss_open (int in, struct oss_params *req,
 }
 
 #ifdef USE_DSP_POLICY
-if (conf->policy >= 0) {
+if (policy >= 0) {
 int version;
 
 if (!oss_get_version (fd, , typ)) {
 trace_oss_version(version);
 
 if (version >= 0x04) {
-int policy = 

[Qemu-devel] [PATCH v4 01/14] qapi: qapi for audio backends

[Kővágó, Zoltán]

This patch adds structures into qapi to replace the existing
configuration structures used by audio backends currently. This qapi
will be the base of the -audiodev command line parameter (that replaces
the old environment variables based config).

This is not a 1:1 translation of the old options, I've tried to make
them much more consistent (e.g. almost every backend had an option to
specify buffer size, but the name was different for every backend, and
some backends required usecs, while some other required frames, samples
or bytes). Also tried to reduce the number of abbreviations used by the
config keys.

Some of the more important changes:
* use `in` and `out` instead of `ADC` and `DAC`, as the former is more
  user friendly imho
* moved buffer settings into the global setting area (so it's the same
  for all backends that support it. Backends that can't change buffer
  size will simply ignore them). Also using usecs, as it's probably more
  user friendly than samples or bytes.
* try-poll is now an alsa backend specific option (as all other backends
  currently ignore it)

AudiodevPaPerDirectionOptions struct might look pointless right now, but
later we will have new per-direction options, so it's more future-proof
this way.

Signed-off-by: Kővágó, Zoltán 
---

Notes:
Changes from v2:

* update copyright, version numbers
* remove #optional
* per-direction options are now optional (needed for 
qobject_object_visitor_new_str)
* removed unnecessary AudiodevNoOptions
* changed integers to unsigned

 Makefile.objs |   6 +-
 qapi/audio.json   | 233 ++
 qapi/qapi-schema.json |   1 +
 3 files changed, 237 insertions(+), 3 deletions(-)
 create mode 100644 qapi/audio.json

diff --git a/Makefile.objs b/Makefile.objs
index 67a054b08a..d9ee3fed32 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -1,6 +1,6 @@
-QAPI_MODULES = block-core block char common crypto introspect job migration
-QAPI_MODULES += misc net rdma rocker run-state sockets tpm trace transaction
-QAPI_MODULES += ui
+QAPI_MODULES = audio block-core block char common crypto introspect job
+QAPI_MODULES += migration misc net rdma rocker run-state sockets tpm trace
+QAPI_MODULES += transaction ui
 
 ###
 # Common libraries for tools and emulators
diff --git a/qapi/audio.json b/qapi/audio.json
new file mode 100644
index 00..bd6e2494bd
--- /dev/null
+++ b/qapi/audio.json
@@ -0,0 +1,233 @@
+# -*- mode: python -*-
+#
+# Copyright (C) 2015-2019 Zoltán Kővágó 
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or later.
+# See the COPYING file in the top-level directory.
+
+##
+# @AudiodevAlsaPerDirectionOptions:
+#
+# Options of the alsa backend that are used for both playback and recording.
+#
+# @dev: the name of the alsa device to use (default 'default')
+#
+# @try-poll: attempt to use poll mode, falling back to non polling access on
+#failure (default on)
+#
+# Since: 4.0
+##
+{ 'struct': 'AudiodevAlsaPerDirectionOptions',
+  'data': {
+'*dev':  'str',
+'*try-poll': 'bool' } }
+
+##
+# @AudiodevAlsaOptions:
+#
+# Options of the alsa audio backend.
+#
+# @alsa-in: options of the capture stream
+#
+# @alsa-out: options of the playback stream
+#
+# @threshold: set the threshold (in microseconds) when playback starts
+#
+# Since: 4.0
+##
+{ 'struct': 'AudiodevAlsaOptions',
+  'data': {
+'*alsa-in':   'AudiodevAlsaPerDirectionOptions',
+'*alsa-out':  'AudiodevAlsaPerDirectionOptions',
+'*threshold': 'uint32' } }
+
+##
+# @AudiodevDsoundOptions:
+#
+# Options of the dsound audio backend.
+#
+# @latency: add extra latency to playback in microseconds (default 1)
+#
+# Since: 4.0
+##
+{ 'struct': 'AudiodevDsoundOptions',
+  'data': {
+'*latency': 'uint32' } }
+
+##
+# @AudiodevOssPerDirectionOptions:
+#
+# Options of the oss backend that are used for both playback and recording.
+#
+# @dev: file name of the oss device (default '/dev/dsp')
+#
+# @try-poll: attempt to use poll mode, falling back to non polling access on
+#failure (default on)
+#
+# Since: 4.0
+##
+{ 'struct': 'AudiodevOssPerDirectionOptions',
+  'data': {
+'*dev':  'str',
+'*try-poll': 'bool' } }
+
+##
+# @AudiodevOssOptions:
+#
+# Options of the oss audio backend.
+#
+# @oss-in: options of the capture stream
+#
+# @oss-out: options of the playback stream
+#
+# @try-mmap: try using memory mapped access, falling back to non
+#memory mapped access on failure (default off)
+#
+# @exclusive: open device in exclusive mode (vmix won't work) (default off)
+#
+# @dsp-policy: set the timing policy of the device (between 0 and 10, where
+#  smaller number means smaller latency but higher CPU usage) or -1
+#  to use fragment mode (option ignored on some platforms)
+#  (default 5)
+#
+# Since: 4.0
+##
+{ 'struct': 

[Qemu-devel] [PATCH v2 11/12] linux-user/aarch64: Reset btype for syscalls and signals

[Richard Henderson]

The value of btype for syscalls is CONSTRAINED UNPREDICTABLE,
so we need to make sure that the value is 0 before clone,
fork, or syscall return.

The value of btype for signals is defined, but it does not make
sense for a SIGILL handler to enter with the btype set as for
the indirect branch that caused the SIGILL.

Clearing the value early means that btype is zero within the pstate
saved into the signal frame, and so is also zero on (normal) signal
return, but also allows the signal handler to adjust the value as
seen after the sigcontext restore.

This last is a guess at a future kernel's user-space ABI.

Signed-off-by: Richard Henderson 
---
 linux-user/aarch64/cpu_loop.c | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index 65d815f030..51ea9961ba 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -83,8 +83,19 @@ void cpu_loop(CPUARMState *env)
 cpu_exec_end(cs);
 process_queued_cpu_work(cs);
 
+/*
+ * The state of BTYPE on syscall and interrupt entry is CONSTRAINED
+ * UNPREDICTABLE.  The real kernel will need to tidy this up as well.
+ * Do this before syscalls and signals, so that the value is correct
+ * both within signal handlers, and on return from syscall (especially
+ * clone & fork) and from signal handlers.
+ *
+ * The SIGILL signal handler, for BTITrap, can see the failing BTYPE
+ * within the ESR value in the signal frame.
+ */
 switch (trapnr) {
 case EXCP_SWI:
+env->btype = 0;
 ret = do_syscall(env,
  env->xregs[8],
  env->xregs[0],
@@ -104,6 +115,7 @@ void cpu_loop(CPUARMState *env)
 /* just indicate that signals should be handled asap */
 break;
 case EXCP_UDEF:
+env->btype = 0;
 info.si_signo = TARGET_SIGILL;
 info.si_errno = 0;
 info.si_code = TARGET_ILL_ILLOPN;
@@ -112,6 +124,7 @@ void cpu_loop(CPUARMState *env)
 break;
 case EXCP_PREFETCH_ABORT:
 case EXCP_DATA_ABORT:
+env->btype = 0;
 info.si_signo = TARGET_SIGSEGV;
 info.si_errno = 0;
 /* XXX: check env->error_code */
@@ -121,12 +134,14 @@ void cpu_loop(CPUARMState *env)
 break;
 case EXCP_DEBUG:
 case EXCP_BKPT:
+env->btype = 0;
 info.si_signo = TARGET_SIGTRAP;
 info.si_errno = 0;
 info.si_code = TARGET_TRAP_BRKPT;
 queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
 break;
 case EXCP_SEMIHOST:
+env->btype = 0;
 env->xregs[0] = do_arm_semihosting(env);
 break;
 case EXCP_YIELD:
-- 
2.17.2

[Qemu-devel] [PATCH v4 07/14] dsoundaudio: port to -audiodev config

[Kővágó, Zoltán]

Signed-off-by: Kővágó, Zoltán 
---
 audio/dsound_template.h |  6 ++---
 audio/audio_legacy.c| 39 +++
 audio/dsoundaudio.c | 59 -
 3 files changed, 59 insertions(+), 45 deletions(-)

diff --git a/audio/dsound_template.h b/audio/dsound_template.h
index b439f33f58..96181efb36 100644
--- a/audio/dsound_template.h
+++ b/audio/dsound_template.h
@@ -167,17 +167,18 @@ static int dsound_init_out(HWVoiceOut *hw, struct 
audsettings *as,
 dsound *s = drv_opaque;
 WAVEFORMATEX wfx;
 struct audsettings obt_as;
-DSoundConf *conf = >conf;
 #ifdef DSBTYPE_IN
 const char *typ = "ADC";
 DSoundVoiceIn *ds = (DSoundVoiceIn *) hw;
 DSCBUFFERDESC bd;
 DSCBCAPS bc;
+AudiodevPerDirectionOptions *pdo = s->dev->in;
 #else
 const char *typ = "DAC";
 DSoundVoiceOut *ds = (DSoundVoiceOut *) hw;
 DSBUFFERDESC bd;
 DSBCAPS bc;
+AudiodevPerDirectionOptions *pdo = s->dev->out;
 #endif
 
 if (!s->FIELD2) {
@@ -193,8 +194,8 @@ static int dsound_init_out(HWVoiceOut *hw, struct 
audsettings *as,
 memset (, 0, sizeof (bd));
 bd.dwSize = sizeof (bd);
 bd.lpwfxFormat = 
+bd.dwBufferBytes = audio_buffer_bytes(pdo, as, 92880);
 #ifdef DSBTYPE_IN
-bd.dwBufferBytes = conf->bufsize_in;
 hr = IDirectSoundCapture_CreateCaptureBuffer (
 s->dsound_capture,
 ,
@@ -203,7 +204,6 @@ static int dsound_init_out(HWVoiceOut *hw, struct 
audsettings *as,
 );
 #else
 bd.dwFlags = DSBCAPS_STICKYFOCUS | DSBCAPS_GETCURRENTPOSITION2;
-bd.dwBufferBytes = conf->bufsize_out;
 hr = IDirectSound_CreateSoundBuffer (
 s->dsound,
 ,
diff --git a/audio/audio_legacy.c b/audio/audio_legacy.c
index 301934bf0c..0002fce627 100644
--- a/audio/audio_legacy.c
+++ b/audio/audio_legacy.c
@@ -120,6 +120,30 @@ static void get_frames_to_usecs(const char *env, uint32_t 
*dst, bool *has_dst,
 }
 }
 
+static uint32_t samples_to_usecs(uint32_t samples,
+ AudiodevPerDirectionOptions *pdo)
+{
+uint32_t channels = pdo->has_channels ? pdo->channels : 2;
+return frames_to_usecs(samples / channels, pdo);
+}
+
+static uint32_t bytes_to_usecs(uint32_t bytes, AudiodevPerDirectionOptions 
*pdo)
+{
+AudioFormat fmt = pdo->has_format ? pdo->format : AUDIO_FORMAT_S16;
+uint32_t bytes_per_sample = audioformat_bytes_per_sample(fmt);
+return samples_to_usecs(bytes / bytes_per_sample, pdo);
+}
+
+static void get_bytes_to_usecs(const char *env, uint32_t *dst, bool *has_dst,
+   AudiodevPerDirectionOptions *pdo)
+{
+const char *val = getenv(env);
+if (val) {
+*dst = bytes_to_usecs(toui32(val), pdo);
+*has_dst = true;
+}
+}
+
 /* backend specific functions */
 /* ALSA */
 static void handle_alsa_per_direction(
@@ -186,6 +210,17 @@ static void handle_coreaudio(Audiodev *dev)
 >out->buffer_count, >out->has_buffer_count);
 }
 
+/* dsound */
+static void handle_dsound(Audiodev *dev)
+{
+get_millis_to_usecs("QEMU_DSOUND_LATENCY_MILLIS",
+>u.dsound.latency, >u.dsound.has_latency);
+get_bytes_to_usecs("QEMU_DSOUND_BUFSIZE_OUT", >out->buffer_len,
+   >out->has_buffer_len, dev->out);
+get_bytes_to_usecs("QEMU_DSOUND_BUFSIZE_IN", >in->buffer_len,
+   >in->has_buffer_len, dev->in);
+}
+
 /* general */
 static void handle_per_direction(
 AudiodevPerDirectionOptions *pdo, const char *prefix)
@@ -237,6 +272,10 @@ static AudiodevListEntry *legacy_opt(const char *drvname)
 handle_coreaudio(e->dev);
 break;
 
+case AUDIODEV_DRIVER_DSOUND:
+handle_dsound(e->dev);
+break;
+
 default:
 break;
 }
diff --git a/audio/dsoundaudio.c b/audio/dsoundaudio.c
index 02fe777cba..a7d04b5033 100644
--- a/audio/dsoundaudio.c
+++ b/audio/dsoundaudio.c
@@ -32,6 +32,7 @@
 
 #define AUDIO_CAP "dsound"
 #include "audio_int.h"
+#include "qemu/host-utils.h"
 
 #include 
 #include 
@@ -42,17 +43,11 @@
 
 /* #define DEBUG_DSOUND */
 
-typedef struct {
-int bufsize_in;
-int bufsize_out;
-int latency_millis;
-} DSoundConf;
-
 typedef struct {
 LPDIRECTSOUND dsound;
 LPDIRECTSOUNDCAPTURE dsound_capture;
 struct audsettings settings;
-DSoundConf conf;
+Audiodev *dev;
 } dsound;
 
 typedef struct {
@@ -248,9 +243,9 @@ static void GCC_FMT_ATTR (3, 4) dsound_logerr2 (
 dsound_log_hresult (hr);
 }
 
-static DWORD millis_to_bytes (struct audio_pcm_info *info, DWORD millis)
+static uint64_t usecs_to_bytes(struct audio_pcm_info *info, uint32_t usecs)
 {
-return (millis * info->bytes_per_second) / 1000;
+return muldiv64(usecs, info->bytes_per_second, 100);
 }
 
 #ifdef DEBUG_DSOUND
@@ -478,7 +473,7 @@ static int dsound_run_out (HWVoiceOut *hw, int live)
 LPVOID p1, p2;
 int bufsize;
 dsound *s = ds->s;
-DSoundConf *conf = >conf;
+

[Qemu-devel] [PATCH v4 06/14] coreaudio: port to -audiodev config

[Kővágó, Zoltán]

Signed-off-by: Kővágó, Zoltán 
---
 audio/audio_legacy.c | 24 ++
 audio/coreaudio.c| 48 +---
 2 files changed, 34 insertions(+), 38 deletions(-)

diff --git a/audio/audio_legacy.c b/audio/audio_legacy.c
index 8319dc5240..301934bf0c 100644
--- a/audio/audio_legacy.c
+++ b/audio/audio_legacy.c
@@ -109,6 +109,17 @@ static uint32_t frames_to_usecs(uint32_t frames,
 return (frames * 100 + freq / 2) / freq;
 }
 
+
+static void get_frames_to_usecs(const char *env, uint32_t *dst, bool *has_dst,
+AudiodevPerDirectionOptions *pdo)
+{
+const char *val = getenv(env);
+if (val) {
+*dst = frames_to_usecs(toui32(val), pdo);
+*has_dst = true;
+}
+}
+
 /* backend specific functions */
 /* ALSA */
 static void handle_alsa_per_direction(
@@ -166,6 +177,15 @@ static void handle_alsa(Audiodev *dev)
 >threshold, >has_threshold);
 }
 
+/* coreaudio */
+static void handle_coreaudio(Audiodev *dev)
+{
+get_frames_to_usecs("QEMU_COREAUDIO_BUFFER_SIZE", >out->buffer_len,
+>out->has_buffer_len, dev->out);
+get_int("QEMU_COREAUDIO_BUFFER_COUNT",
+>out->buffer_count, >out->has_buffer_count);
+}
+
 /* general */
 static void handle_per_direction(
 AudiodevPerDirectionOptions *pdo, const char *prefix)
@@ -213,6 +233,10 @@ static AudiodevListEntry *legacy_opt(const char *drvname)
 handle_alsa(e->dev);
 break;
 
+case AUDIODEV_DRIVER_COREAUDIO:
+handle_coreaudio(e->dev);
+break;
+
 default:
 break;
 }
diff --git a/audio/coreaudio.c b/audio/coreaudio.c
index 7d4225dbee..a7c1e418b6 100644
--- a/audio/coreaudio.c
+++ b/audio/coreaudio.c
@@ -36,11 +36,6 @@
 #define MAC_OS_X_VERSION_10_6 1060
 #endif
 
-typedef struct {
-int buffer_frames;
-int nbuffers;
-} CoreaudioConf;
-
 typedef struct coreaudioVoiceOut {
 HWVoiceOut hw;
 pthread_mutex_t mutex;
@@ -507,7 +502,9 @@ static int coreaudio_init_out(HWVoiceOut *hw, struct 
audsettings *as,
 int err;
 const char *typ = "playback";
 AudioValueRange frameRange;
-CoreaudioConf *conf = drv_opaque;
+Audiodev *dev = drv_opaque;
+AudiodevPerDirectionOptions *pdo = dev->out;
+int frames;
 
 /* create mutex */
 err = pthread_mutex_init(>mutex, NULL);
@@ -538,16 +535,16 @@ static int coreaudio_init_out(HWVoiceOut *hw, struct 
audsettings *as,
 return -1;
 }
 
-if (frameRange.mMinimum > conf->buffer_frames) {
+frames = audio_buffer_frames(pdo, as, 11610);
+if (frameRange.mMinimum > frames) {
 core->audioDevicePropertyBufferFrameSize = (UInt32) 
frameRange.mMinimum;
 dolog ("warning: Upsizing Buffer Frames to %f\n", frameRange.mMinimum);
-}
-else if (frameRange.mMaximum < conf->buffer_frames) {
+} else if (frameRange.mMaximum < frames) {
 core->audioDevicePropertyBufferFrameSize = (UInt32) 
frameRange.mMaximum;
 dolog ("warning: Downsizing Buffer Frames to %f\n", 
frameRange.mMaximum);
 }
 else {
-core->audioDevicePropertyBufferFrameSize = conf->buffer_frames;
+core->audioDevicePropertyBufferFrameSize = frames;
 }
 
 /* set Buffer Frame Size */
@@ -568,7 +565,8 @@ static int coreaudio_init_out(HWVoiceOut *hw, struct 
audsettings *as,
"Could not get device buffer frame size\n");
 return -1;
 }
-hw->samples = conf->nbuffers * core->audioDevicePropertyBufferFrameSize;
+hw->samples = (pdo->has_buffer_count ? pdo->buffer_count : 4) *
+core->audioDevicePropertyBufferFrameSize;
 
 /* get StreamFormat */
 status = coreaudio_get_streamformat(core->outputDeviceID,
@@ -680,40 +678,15 @@ static int coreaudio_ctl_out (HWVoiceOut *hw, int cmd, 
...)
 return 0;
 }
 
-static CoreaudioConf glob_conf = {
-.buffer_frames = 512,
-.nbuffers = 4,
-};
-
 static void *coreaudio_audio_init(Audiodev *dev)
 {
-CoreaudioConf *conf = g_malloc(sizeof(CoreaudioConf));
-*conf = glob_conf;
-
-return conf;
+return dev;
 }
 
 static void coreaudio_audio_fini (void *opaque)
 {
-g_free(opaque);
 }
 
-static struct audio_option coreaudio_options[] = {
-{
-.name  = "BUFFER_SIZE",
-.tag   = AUD_OPT_INT,
-.valp  = _conf.buffer_frames,
-.descr = "Size of the buffer in frames"
-},
-{
-.name  = "BUFFER_COUNT",
-.tag   = AUD_OPT_INT,
-.valp  = _conf.nbuffers,
-.descr = "Number of buffers"
-},
-{ /* End of list */ }
-};
-
 static struct audio_pcm_ops coreaudio_pcm_ops = {
 .init_out = coreaudio_init_out,
 .fini_out = coreaudio_fini_out,
@@ -725,7 +698,6 @@ static struct audio_pcm_ops coreaudio_pcm_ops = {
 static struct audio_driver coreaudio_audio_driver = {
 .name   = "coreaudio",
 .descr  = "CoreAudio 

[Qemu-devel] [PATCH v3] QGA: Fix guest-get-fsinfo PCI address collection in Windows

[mhines]

From: Matt Hines 

The Windows QEMU guest agent erroneously tries to collect PCI information
directly from the physical drive. However, windows stores SCSI/IDE information
with the drive and PCI information with the underlying storage controller
This changes get_pci_info to use the physical drive's underlying storage
controller to get PCI information.

* Additionally Fixes incorrect size being passed to DeviceIoControl
  when getting volume extents. Can occasionally crash the guest agent

Signed-off-by: Matt Hines 
---
 configure|   2 +-
 qga/commands-win32.c | 305 +--
 2 files changed, 199 insertions(+), 108 deletions(-)

diff --git a/configure b/configure
index 5b1d83ea26..46f21c089f 100755
--- a/configure
+++ b/configure
@@ -4694,7 +4694,7 @@ int main(void) {
 EOF
   if compile_prog "" "" ; then
 guest_agent_ntddscsi=yes
-libs_qga="-lsetupapi $libs_qga"
+libs_qga="-lsetupapi -lcfgmgr32 $libs_qga"
   fi
 fi
 
diff --git a/qga/commands-win32.c b/qga/commands-win32.c
index 62e1b51dfe..5f8e797032 100644
--- a/qga/commands-win32.c
+++ b/qga/commands-win32.c
@@ -26,6 +26,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #endif
 #include 
@@ -491,56 +492,29 @@ static GuestDiskBusType find_bus_type(STORAGE_BUS_TYPE 
bus)
 return win2qemu[(int)bus];
 }
 
-/* XXX: The following function is BROKEN!
- *
- * It does not work and probably has never worked. When we query for list of
- * disks we get cryptic names like "\Device\001d" instead of
- * "\PhysicalDriveX" or "\HarddiskX". Whether the names can be translated one
- * way or the other for comparison is an open question.
- *
- * When we query volume names (the original version) we are able to match those
- * but then the property queries report error "Invalid function". (duh!)
- */
-
-/*
-DEFINE_GUID(GUID_DEVINTERFACE_VOLUME,
-0x53f5630dL, 0xb6bf, 0x11d0, 0x94, 0xf2,
-0x00, 0xa0, 0xc9, 0x1e, 0xfb, 0x8b);
-*/
 DEFINE_GUID(GUID_DEVINTERFACE_DISK,
 0x53f56307L, 0xb6bf, 0x11d0, 0x94, 0xf2,
 0x00, 0xa0, 0xc9, 0x1e, 0xfb, 0x8b);
+DEFINE_GUID(GUID_DEVINTERFACE_STORAGEPORT,
+0x2accfe60L, 0xc130, 0x11d2, 0xb0, 0x82,
+0x00, 0xa0, 0xc9, 0x1e, 0xfb, 0x8b);
 
-
-static GuestPCIAddress *get_pci_info(char *guid, Error **errp)
+static GuestPCIAddress *get_pci_info(int number, Error **errp)
 {
 HDEVINFO dev_info;
 SP_DEVINFO_DATA dev_info_data;
-DWORD size = 0;
+SP_DEVICE_INTERFACE_DATA dev_iface_data;
+HANDLE dev_file;
 int i;
-char dev_name[MAX_PATH];
-char *buffer = NULL;
 GuestPCIAddress *pci = NULL;
-char *name = NULL;
 bool partial_pci = false;
+
 pci = g_malloc0(sizeof(*pci));
 pci->domain = -1;
 pci->slot = -1;
 pci->function = -1;
 pci->bus = -1;
 
-if (g_str_has_prefix(guid, ".\\") ||
-g_str_has_prefix(guid, "?\\")) {
-name = g_strdup(guid + 4);
-} else {
-name = g_strdup(guid);
-}
-
-if (!QueryDosDevice(name, dev_name, ARRAY_SIZE(dev_name))) {
-error_setg_win32(errp, GetLastError(), "failed to get dos device 
name");
-goto out;
-}
-
 dev_info = SetupDiGetClassDevs(_DEVINTERFACE_DISK, 0, 0,
DIGCF_PRESENT | DIGCF_DEVICEINTERFACE);
 if (dev_info == INVALID_HANDLE_VALUE) {
@@ -550,90 +524,208 @@ static GuestPCIAddress *get_pci_info(char *guid, Error 
**errp)
 
 g_debug("enumerating devices");
 dev_info_data.cbSize = sizeof(SP_DEVINFO_DATA);
+dev_iface_data.cbSize = sizeof(SP_DEVICE_INTERFACE_DATA);
 for (i = 0; SetupDiEnumDeviceInfo(dev_info, i, _info_data); i++) {
-DWORD addr, bus, slot, data, size2;
-int func, dev;
-while (!SetupDiGetDeviceRegistryProperty(dev_info, _info_data,
-SPDRP_PHYSICAL_DEVICE_OBJECT_NAME,
-, (PBYTE)buffer, size,
-)) {
-size = MAX(size, size2);
-if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
-g_free(buffer);
-/* Double the size to avoid problems on
- * W2k MBCS systems per KB 888609.
- * https://support.microsoft.com/en-us/kb/259695 */
-buffer = g_malloc(size * 2);
-} else {
+PSP_DEVICE_INTERFACE_DETAIL_DATA pdev_iface_detail_data = NULL;
+STORAGE_DEVICE_NUMBER sdn;
+char *parent_dev_id = NULL;
+HDEVINFO parent_dev_info;
+SP_DEVINFO_DATA parent_dev_info_data;
+DWORD j;
+DWORD size = 0;
+
+g_debug("getting device path");
+if (SetupDiEnumDeviceInterfaces(dev_info, _info_data,
+_DEVINTERFACE_DISK, 0,
+_iface_data)) {
+while (!SetupDiGetDeviceInterfaceDetail(dev_info, _iface_data,
+

[Qemu-devel] [PATCH v2 01/12] target/arm: Introduce isar_feature_aa64_bti

[Richard Henderson]

Also create field definitions for id_aa64pfr1 from ARMv8.5.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
v2: Include MTE and RAS_FRAC fields of AA64PFR1.
---
 target/arm/cpu.h | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index ff81db420d..d7190f0712 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1672,6 +1672,11 @@ FIELD(ID_AA64PFR0, GIC, 24, 4)
 FIELD(ID_AA64PFR0, RAS, 28, 4)
 FIELD(ID_AA64PFR0, SVE, 32, 4)
 
+FIELD(ID_AA64PFR1, BT, 0, 4)
+FIELD(ID_AA64PFR1, SBSS, 4, 4)
+FIELD(ID_AA64PFR1, MTE, 8, 4)
+FIELD(ID_AA64PFR1, RAS_FRAC, 12, 4)
+
 FIELD(ID_AA64MMFR0, PARANGE, 0, 4)
 FIELD(ID_AA64MMFR0, ASIDBITS, 4, 4)
 FIELD(ID_AA64MMFR0, BIGEND, 8, 4)
@@ -3319,6 +3324,11 @@ static inline bool isar_feature_aa64_lor(const 
ARMISARegisters *id)
 return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, LO) != 0;
 }
 
+static inline bool isar_feature_aa64_bti(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64pfr1, ID_AA64PFR1, BT) != 0;
+}
+
 /*
  * Forward to the above feature tests given an ARMCPU pointer.
  */
-- 
2.17.2

[Qemu-devel] [PATCH v2 00/12] target/arm: Implement ARMv8.5-BTI

[Richard Henderson]

The branch target identification extension does not yet have
kernel or gcc support.  It should be in shape for developing
those though.

In system mode I do honor the GP bit from the page tables.
In user-only mode, there is a way to pretend that the GP bit
is always set.  Further linux-user changes will have to track
the ABI that gets developed.

In the meantime, provide a statically linable make check-tcg 
test for the functionality.

Changes since v2:
  * Rebase on master.
  * Incorporate feedback from Peter.


r~


Richard Henderson (12):
  target/arm: Introduce isar_feature_aa64_bti
  target/arm: Add PSTATE.BTYPE
  target/arm: Add BT and BTYPE to tb->flags
  exec: Add target-specific tlb bits to MemTxAttrs
  target/arm: Cache the GP bit for a page in MemTxAttrs
  target/arm: Default handling of BTYPE during translation
  target/arm: Reset btype for direct branches
  target/arm: Set btype for indirect branches
  target/arm: Add x-guarded-pages cpu property for user-only
  target/arm: Enable BTI for -cpu max
  linux-user/aarch64: Reset btype for syscalls and signals
  tests/tcg/aarch64: Add bti smoke test

 include/exec/memattrs.h   |  10 ++
 target/arm/cpu.h  |  24 +++-
 target/arm/internals.h|   6 +
 target/arm/translate.h|   9 ++
 linux-user/aarch64/cpu_loop.c |  15 +++
 target/arm/cpu64.c|  22 
 target/arm/helper.c   |  28 +++--
 target/arm/translate-a64.c| 193 +-
 tests/tcg/aarch64/bti-1.c |  61 ++
 tests/tcg/aarch64/bti-crt.inc.c   |  51 
 tests/tcg/aarch64/Makefile.target |   7 +-
 11 files changed, 415 insertions(+), 11 deletions(-)
 create mode 100644 tests/tcg/aarch64/bti-1.c
 create mode 100644 tests/tcg/aarch64/bti-crt.inc.c

-- 
2.17.2

[Qemu-devel] [PATCH v4 12/14] spiceaudio: port to -audiodev config

[Kővágó, Zoltán]

Signed-off-by: Kővágó, Zoltán 
---
 audio/spiceaudio.c | 5 -
 1 file changed, 5 deletions(-)

diff --git a/audio/spiceaudio.c b/audio/spiceaudio.c
index affc3df17f..4f7873af5a 100644
--- a/audio/spiceaudio.c
+++ b/audio/spiceaudio.c
@@ -373,10 +373,6 @@ static int line_in_ctl (HWVoiceIn *hw, int cmd, ...)
 return 0;
 }
 
-static struct audio_option audio_options[] = {
-{ /* end of list */ },
-};
-
 static struct audio_pcm_ops audio_callbacks = {
 .init_out = line_out_init,
 .fini_out = line_out_fini,
@@ -394,7 +390,6 @@ static struct audio_pcm_ops audio_callbacks = {
 static struct audio_driver spice_audio_driver = {
 .name   = "spice",
 .descr  = "spice audio driver",
-.options= audio_options,
 .init   = spice_audio_init,
 .fini   = spice_audio_fini,
 .pcm_ops= _callbacks,
-- 
2.20.1

[Qemu-devel] [PATCH v2 03/12] target/arm: Add BT and BTYPE to tb->flags

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h   |  2 ++
 target/arm/translate.h |  4 
 target/arm/helper.c| 22 +++---
 target/arm/translate-a64.c |  2 ++
 4 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 76e2f8fd42..e18f823419 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3043,6 +3043,8 @@ FIELD(TBFLAG_A64, TBII, 0, 2)
 FIELD(TBFLAG_A64, SVEEXC_EL, 2, 2)
 FIELD(TBFLAG_A64, ZCR_LEN, 4, 4)
 FIELD(TBFLAG_A64, PAUTH_ACTIVE, 8, 1)
+FIELD(TBFLAG_A64, BT, 9, 1)
+FIELD(TBFLAG_A64, BTYPE, 10, 2)
 
 static inline bool bswap_code(bool sctlr_b)
 {
diff --git a/target/arm/translate.h b/target/arm/translate.h
index bb37d35741..3d5e8bacac 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -69,6 +69,10 @@ typedef struct DisasContext {
 bool ss_same_el;
 /* True if v8.3-PAuth is active.  */
 bool pauth_active;
+/* True with v8.5-BTI and SCTLR_ELx.BT* set.  */
+bool bt;
+/* A copy of PSTATE.BTYPE, which will be 0 without v8.5-BTI.  */
+uint8_t btype;
 /* Bottom two bits of XScale c15_cpar coprocessor access control reg */
 int c15_cpar;
 /* TCG op of the current insn_start.  */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 92666e5208..6efe88a157 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -13607,6 +13607,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, 
target_ulong *pc,
 
 if (is_a64(env)) {
 ARMCPU *cpu = arm_env_get_cpu(env);
+uint64_t sctlr;
 
 *pc = env->pc;
 flags = FIELD_DP32(flags, TBFLAG_ANY, AARCH64_STATE, 1);
@@ -13651,6 +13652,12 @@ void cpu_get_tb_cpu_state(CPUARMState *env, 
target_ulong *pc,
 flags = FIELD_DP32(flags, TBFLAG_A64, ZCR_LEN, zcr_len);
 }
 
+if (current_el == 0) {
+/* FIXME: ARMv8.1-VHE S2 translation regime.  */
+sctlr = env->cp15.sctlr_el[1];
+} else {
+sctlr = env->cp15.sctlr_el[current_el];
+}
 if (cpu_isar_feature(aa64_pauth, cpu)) {
 /*
  * In order to save space in flags, we record only whether
@@ -13658,17 +13665,18 @@ void cpu_get_tb_cpu_state(CPUARMState *env, 
target_ulong *pc,
  * a nop, or "active" when some action must be performed.
  * The decision of which action to take is left to a helper.
  */
-uint64_t sctlr;
-if (current_el == 0) {
-/* FIXME: ARMv8.1-VHE S2 translation regime.  */
-sctlr = env->cp15.sctlr_el[1];
-} else {
-sctlr = env->cp15.sctlr_el[current_el];
-}
 if (sctlr & (SCTLR_EnIA | SCTLR_EnIB | SCTLR_EnDA | SCTLR_EnDB)) {
 flags = FIELD_DP32(flags, TBFLAG_A64, PAUTH_ACTIVE, 1);
 }
 }
+
+if (cpu_isar_feature(aa64_bti, cpu)) {
+/* Note that SCTLR_EL[23].BT == SCTLR_BT1.  */
+if (sctlr & (current_el == 0 ? SCTLR_BT0 : SCTLR_BT1)) {
+flags = FIELD_DP32(flags, TBFLAG_A64, BT, 1);
+}
+flags = FIELD_DP32(flags, TBFLAG_A64, BTYPE, env->btype);
+}
 } else {
 *pc = env->regs[15];
 flags = FIELD_DP32(flags, TBFLAG_A32, THUMB, env->thumb);
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 611279e98e..9ce523e2ff 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -13801,6 +13801,8 @@ static void 
aarch64_tr_init_disas_context(DisasContextBase *dcbase,
 dc->sve_excp_el = FIELD_EX32(tb_flags, TBFLAG_A64, SVEEXC_EL);
 dc->sve_len = (FIELD_EX32(tb_flags, TBFLAG_A64, ZCR_LEN) + 1) * 16;
 dc->pauth_active = FIELD_EX32(tb_flags, TBFLAG_A64, PAUTH_ACTIVE);
+dc->bt = FIELD_EX32(tb_flags, TBFLAG_A64, BT);
+dc->btype = FIELD_EX32(tb_flags, TBFLAG_A64, BTYPE);
 dc->vec_len = 0;
 dc->vec_stride = 0;
 dc->cp_regs = arm_cpu->cp_regs;
-- 
2.17.2

[Qemu-devel] [PATCH v2 10/12] target/arm: Enable BTI for -cpu max

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu64.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index a563f7e74d..9d2276fe53 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -368,6 +368,10 @@ static void aarch64_max_initfn(Object *obj)
 t = FIELD_DP64(t, ID_AA64PFR0, ADVSIMD, 1);
 cpu->isar.id_aa64pfr0 = t;
 
+t = cpu->isar.id_aa64pfr1;
+t = FIELD_DP64(t, ID_AA64PFR1, BT, 1);
+cpu->isar.id_aa64pfr1 = t;
+
 t = cpu->isar.id_aa64mmfr1;
 t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* HPD */
 t = FIELD_DP64(t, ID_AA64MMFR1, LO, 1);
-- 
2.17.2

[Qemu-devel] [PATCH v4 08/14] noaudio: port to -audiodev config

[Kővágó, Zoltán]

Signed-off-by: Kővágó, Zoltán 
---
 audio/noaudio.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/audio/noaudio.c b/audio/noaudio.c
index 79690af1ea..ccc611fc84 100644
--- a/audio/noaudio.c
+++ b/audio/noaudio.c
@@ -163,7 +163,6 @@ static struct audio_pcm_ops no_pcm_ops = {
 static struct audio_driver no_audio_driver = {
 .name   = "none",
 .descr  = "Timer based audio emulation",
-.options= NULL,
 .init   = no_audio_init,
 .fini   = no_audio_fini,
 .pcm_ops= _pcm_ops,
-- 
2.20.1

[Qemu-devel] [PATCH v2 07/12] target/arm: Reset btype for direct branches

[Richard Henderson]

This is all of the non-exception cases of DISAS_NORETURN.

Signed-off-by: Richard Henderson 
---
v2: Do not reset byte for syscalls
---
 target/arm/translate-a64.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index bb64a47c0f..dbac09743c 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1362,6 +1362,7 @@ static void disas_uncond_b_imm(DisasContext *s, uint32_t 
insn)
 }
 
 /* B Branch / BL Branch with link */
+reset_btype(s);
 gen_goto_tb(s, 0, addr);
 }
 
@@ -1386,6 +1387,7 @@ static void disas_comp_b_imm(DisasContext *s, uint32_t 
insn)
 tcg_cmp = read_cpu_reg(s, rt, sf);
 label_match = gen_new_label();
 
+reset_btype(s);
 tcg_gen_brcondi_i64(op ? TCG_COND_NE : TCG_COND_EQ,
 tcg_cmp, 0, label_match);
 
@@ -1415,6 +1417,8 @@ static void disas_test_b_imm(DisasContext *s, uint32_t 
insn)
 tcg_cmp = tcg_temp_new_i64();
 tcg_gen_andi_i64(tcg_cmp, cpu_reg(s, rt), (1ULL << bit_pos));
 label_match = gen_new_label();
+
+reset_btype(s);
 tcg_gen_brcondi_i64(op ? TCG_COND_NE : TCG_COND_EQ,
 tcg_cmp, 0, label_match);
 tcg_temp_free_i64(tcg_cmp);
@@ -1441,6 +1445,7 @@ static void disas_cond_b_imm(DisasContext *s, uint32_t 
insn)
 addr = s->pc + sextract32(insn, 5, 19) * 4 - 4;
 cond = extract32(insn, 0, 4);
 
+reset_btype(s);
 if (cond < 0x0e) {
 /* genuinely conditional branches */
 TCGLabel *label_match = gen_new_label();
@@ -1605,6 +1610,7 @@ static void handle_sync(DisasContext *s, uint32_t insn,
  * a self-modified code correctly and also to take
  * any pending interrupts immediately.
  */
+reset_btype(s);
 gen_goto_tb(s, 0, s->pc);
 return;
 default:
-- 
2.17.2

[Qemu-devel] [PATCH v2 06/12] target/arm: Default handling of BTYPE during translation

[Richard Henderson]

The branch target exception for guarded pages has high priority,
and only 8 instructions are valid for that case.  Perform this
check before doing any other decode.

Clear BTYPE after all insns that neither set BTYPE nor exit via
exception (DISAS_NORETURN).

Not yet handled are insns that exit via DISAS_NORETURN for some
other reason, like direct branches.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
v2: Change octal constants to binary.
---
 target/arm/internals.h |   6 ++
 target/arm/translate.h |   9 ++-
 target/arm/translate-a64.c | 139 +
 3 files changed, 152 insertions(+), 2 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index a6fd4582b2..d01a3f9f44 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -268,6 +268,7 @@ enum arm_exception_class {
 EC_FPIDTRAP   = 0x08,
 EC_PACTRAP= 0x09,
 EC_CP14RRTTRAP= 0x0c,
+EC_BTITRAP= 0x0d,
 EC_ILLEGALSTATE   = 0x0e,
 EC_AA32_SVC   = 0x11,
 EC_AA32_HVC   = 0x12,
@@ -439,6 +440,11 @@ static inline uint32_t syn_pactrap(void)
 return EC_PACTRAP << ARM_EL_EC_SHIFT;
 }
 
+static inline uint32_t syn_btitrap(int btype)
+{
+return (EC_BTITRAP << ARM_EL_EC_SHIFT) | btype;
+}
+
 static inline uint32_t syn_insn_abort(int same_el, int ea, int s1ptw, int fsc)
 {
 return (EC_INSNABORT << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT)
diff --git a/target/arm/translate.h b/target/arm/translate.h
index 3d5e8bacac..f73939d7b4 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -71,8 +71,13 @@ typedef struct DisasContext {
 bool pauth_active;
 /* True with v8.5-BTI and SCTLR_ELx.BT* set.  */
 bool bt;
-/* A copy of PSTATE.BTYPE, which will be 0 without v8.5-BTI.  */
-uint8_t btype;
+/*
+ * >= 0, a copy of PSTATE.BTYPE, which will be 0 without v8.5-BTI.
+ *  < 0, set by the current instruction.
+ */
+int8_t btype;
+/* True if this page is guarded.  */
+bool guarded_page;
 /* Bottom two bits of XScale c15_cpar coprocessor access control reg */
 int c15_cpar;
 /* TCG op of the current insn_start.  */
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 9ce523e2ff..bb64a47c0f 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -128,6 +128,16 @@ static inline int get_a64_user_mem_index(DisasContext *s)
 return arm_to_core_mmu_idx(useridx);
 }
 
+static void reset_btype(DisasContext *s)
+{
+if (s->btype != 0) {
+TCGv_i32 zero = tcg_const_i32(0);
+tcg_gen_st_i32(zero, cpu_env, offsetof(CPUARMState, btype));
+tcg_temp_free_i32(zero);
+s->btype = 0;
+}
+}
+
 void aarch64_cpu_dump_state(CPUState *cs, FILE *f,
 fprintf_function cpu_fprintf, int flags)
 {
@@ -13717,6 +13727,90 @@ static void disas_data_proc_simd_fp(DisasContext *s, 
uint32_t insn)
 }
 }
 
+/**
+ * is_guarded_page:
+ * @env: The cpu environment
+ * @s: The DisasContext
+ *
+ * Return true if the page is guarded.
+ */
+static bool is_guarded_page(CPUARMState *env, DisasContext *s)
+{
+#ifdef CONFIG_USER_ONLY
+return false;  /* FIXME */
+#else
+uint64_t addr = s->base.pc_first;
+int mmu_idx = arm_to_core_mmu_idx(s->mmu_idx);
+unsigned int index = tlb_index(env, mmu_idx, addr);
+CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+
+/*
+ * We test this immediately after reading an insn, which means
+ * that any normal page must be in the TLB.  The only exception
+ * would be for executing from flash or device memory, which
+ * does not retain the TLB entry.
+ *
+ * FIXME: Assume false for those, for now.  We could use
+ * arm_cpu_get_phys_page_attrs_debug to re-read the page
+ * table entry even for that case.
+ */
+return (tlb_hit(entry->addr_code, addr) &&
+env->iotlb[mmu_idx][index].attrs.target_tlb_bit0);
+#endif
+}
+
+/**
+ * btype_destination_ok:
+ * @insn: The instruction at the branch destination
+ * @bt: SCTLR_ELx.BT
+ * @btype: PSTATE.BTYPE, and is non-zero
+ *
+ * On a guarded page, there are a limited number of insns
+ * that may be present at the branch target:
+ *   - branch target identifiers,
+ *   - paciasp, pacibsp,
+ *   - BRK insn
+ *   - HLT insn
+ * Anything else causes a Branch Target Exception.
+ *
+ * Return true if the branch is compatible, false to raise BTITRAP.
+ */
+static bool btype_destination_ok(uint32_t insn, bool bt, int btype)
+{
+if ((insn & 0xf01fu) == 0xd503201fu) {
+/* HINT space */
+switch (extract32(insn, 5, 7)) {
+case 0b011001: /* PACIASP */
+case 0b011011: /* PACIBSP */
+/*
+ * If SCTLR_ELx.BT, then PACI*SP are not compatible
+ * with btype == 3.  Otherwise all btype are ok.
+ */
+

[Qemu-devel] [PATCH v2 08/12] target/arm: Set btype for indirect branches

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 37 -
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index dbac09743c..89cc54dbed 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -138,6 +138,19 @@ static void reset_btype(DisasContext *s)
 }
 }
 
+static void set_btype(DisasContext *s, int val)
+{
+TCGv_i32 tcg_val;
+
+/* BTYPE is a 2-bit field, and 0 should be done with reset_btype.  */
+tcg_debug_assert(val >= 1 && val <= 3);
+
+tcg_val = tcg_const_i32(val);
+tcg_gen_st_i32(tcg_val, cpu_env, offsetof(CPUARMState, btype));
+tcg_temp_free_i32(tcg_val);
+s->btype = -1;
+}
+
 void aarch64_cpu_dump_state(CPUState *cs, FILE *f,
 fprintf_function cpu_fprintf, int flags)
 {
@@ -1982,6 +1995,7 @@ static void disas_exc(DisasContext *s, uint32_t insn)
 static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
 {
 unsigned int opc, op2, op3, rn, op4;
+unsigned btype_mod = 2;   /* 0: BR, 1: BLR, 2: other */
 TCGv_i64 dst;
 TCGv_i64 modifier;
 
@@ -1999,6 +2013,7 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t 
insn)
 case 0: /* BR */
 case 1: /* BLR */
 case 2: /* RET */
+btype_mod = opc;
 switch (op3) {
 case 0:
 /* BR, BLR, RET */
@@ -2042,7 +2057,6 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t 
insn)
 default:
 goto do_unallocated;
 }
-
 gen_a64_set_pc(s, dst);
 /* BLR also needs to load return address */
 if (opc == 1) {
@@ -2058,6 +2072,7 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t 
insn)
 if (op3 != 2 || op3 != 3) {
 goto do_unallocated;
 }
+btype_mod = opc & 1;
 if (s->pauth_active) {
 dst = new_tmp_a64(s);
 modifier = cpu_reg_sp(s, op4);
@@ -2141,6 +2156,26 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t 
insn)
 return;
 }
 
+switch (btype_mod) {
+case 0: /* BR */
+if (dc_isar_feature(aa64_bti, s)) {
+/* BR to {x16,x17} or !guard -> 1, else 3.  */
+set_btype(s, rn == 16 || rn == 17 || !s->guarded_page ? 1 : 3);
+}
+break;
+
+case 1: /* BLR */
+if (dc_isar_feature(aa64_bti, s)) {
+/* BLR sets BTYPE to 2, regardless of source guarded page.  */
+set_btype(s, 2);
+}
+break;
+
+default: /* RET or none of the above.  */
+/* BTYPE will be set to 0 by normal end-of-insn processing.  */
+break;
+}
+
 s->base.is_jmp = DISAS_JUMP;
 }
 
-- 
2.17.2

[Qemu-devel] [PATCH v2 04/12] exec: Add target-specific tlb bits to MemTxAttrs

[Richard Henderson]

These bits can be used to cache target-specific data in cputlb
read from the page tables.

Signed-off-by: Richard Henderson 
---
 include/exec/memattrs.h | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/include/exec/memattrs.h b/include/exec/memattrs.h
index d4a1642098..d4a3477d71 100644
--- a/include/exec/memattrs.h
+++ b/include/exec/memattrs.h
@@ -37,6 +37,16 @@ typedef struct MemTxAttrs {
 unsigned int user:1;
 /* Requester ID (for MSI for example) */
 unsigned int requester_id:16;
+/*
+ * The following are target-specific page-table bits.  These are not
+ * related to actual memory transactions at all.  However, this structure
+ * is part of the tlb_fill interface, cached in the cputlb structure,
+ * and has unused bits.  These fields will be read by target-specific
+ * helpers using env->iotlb[mmu_idx][tlb_index()].attrs.target_tlb_bitN.
+ */
+unsigned int target_tlb_bit0 : 1;
+unsigned int target_tlb_bit1 : 1;
+unsigned int target_tlb_bit2 : 1;
 } MemTxAttrs;
 
 /* Bus masters which don't specify any attributes will get this,
-- 
2.17.2

[Qemu-devel] [PATCH v2 05/12] target/arm: Cache the GP bit for a page in MemTxAttrs

[Richard Henderson]

Caching the bit means that we will not have to re-walk the
page tables to look up the bit during translation.

Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 6efe88a157..70277222da 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10457,6 +10457,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
target_ulong address,
 bool ttbr1_valid;
 uint64_t descaddrmask;
 bool aarch64 = arm_el_is_aa64(env, el);
+bool guarded = false;
 
 /* TODO:
  * This code does not handle the different format TCR for VTCR_EL2.
@@ -10629,6 +10630,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
target_ulong address,
 }
 /* Merge in attributes from table descriptors */
 attrs |= nstable << 3; /* NS */
+guarded |= extract64(descriptor, 50, 1);  /* GP */
 if (param.hpd) {
 /* HPD disables all the table attributes except NSTable.  */
 break;
@@ -10674,6 +10676,10 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
target_ulong address,
  */
 txattrs->secure = false;
 }
+/* When in aarch64 mode, and BTI is enabled, remember GP in the IOTLB.  */
+if (aarch64 && guarded && cpu_isar_feature(aa64_bti, cpu)) {
+txattrs->target_tlb_bit0 = true;
+}
 
 if (cacheattrs != NULL) {
 if (mmu_idx == ARMMMUIdx_S2NS) {
-- 
2.17.2

[Qemu-devel] [PATCH v2 09/12] target/arm: Add x-guarded-pages cpu property for user-only

[Richard Henderson]

While waiting for a proper userland ABI, allow static test
cases to be written assuming that GP is set for all pages.

Signed-off-by: Richard Henderson 
---
v2: Renamed the property with x- prefix
---
 target/arm/cpu.h   |  4 
 target/arm/cpu64.c | 18 ++
 target/arm/translate-a64.c |  8 +++-
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index e18f823419..8c9eb519ef 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -895,6 +895,10 @@ struct ARMCPU {
  */
 bool cfgend;
 
+#ifdef CONFIG_USER_ONLY
+bool guarded_pages;
+#endif
+
 QLIST_HEAD(, ARMELChangeHook) pre_el_change_hooks;
 QLIST_HEAD(, ARMELChangeHook) el_change_hooks;
 
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index e9bc461c36..a563f7e74d 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -311,6 +311,18 @@ static void cpu_max_set_packey(Object *obj, Visitor *v, 
const char *name,
 }
 error_propagate(errp, err);
 }
+
+static bool aarch64_cpu_get_guarded_pages(Object *obj, Error **errp)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+return cpu->guarded_pages;
+}
+
+static void aarch64_cpu_set_guarded_pages(Object *obj, bool val, Error **errp)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+cpu->guarded_pages = val;
+}
 #endif
 
 /* -cpu max: if KVM is enabled, like -cpu host (best possible with this host);
@@ -416,6 +428,12 @@ static void aarch64_max_initfn(Object *obj)
 cpu->env.cp15.sctlr_el[1] |= SCTLR_EnIA | SCTLR_EnIB;
 cpu->env.cp15.sctlr_el[1] |= SCTLR_EnDA | SCTLR_EnDB;
 }
+
+object_property_add_bool(obj, "x-guarded-pages",
+ aarch64_cpu_get_guarded_pages,
+ aarch64_cpu_set_guarded_pages, NULL);
+object_property_set_description(obj, "x-guarded-pages",
+"Set on/off GuardPage bit for all pages", NULL);
 #endif
 
 cpu->sve_max_vq = ARM_MAX_VQ;
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 89cc54dbed..a1adb8cde0 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -13778,7 +13778,13 @@ static void disas_data_proc_simd_fp(DisasContext *s, 
uint32_t insn)
 static bool is_guarded_page(CPUARMState *env, DisasContext *s)
 {
 #ifdef CONFIG_USER_ONLY
-return false;  /* FIXME */
+/*
+ * FIXME: What is the userland ABI for this?
+ * For the moment this is controlled by an attribute:
+ *   -cpu max,guarded_pages=on.
+ */
+ARMCPU *cpu = arm_env_get_cpu(env);
+return cpu->guarded_pages;
 #else
 uint64_t addr = s->base.pc_first;
 int mmu_idx = arm_to_core_mmu_idx(s->mmu_idx);
-- 
2.17.2

[Qemu-devel] [PATCH v2 12/12] tests/tcg/aarch64: Add bti smoke test

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tests/tcg/aarch64/bti-1.c | 61 +++
 tests/tcg/aarch64/bti-crt.inc.c   | 51 ++
 tests/tcg/aarch64/Makefile.target |  7 +++-
 3 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 tests/tcg/aarch64/bti-1.c
 create mode 100644 tests/tcg/aarch64/bti-crt.inc.c

diff --git a/tests/tcg/aarch64/bti-1.c b/tests/tcg/aarch64/bti-1.c
new file mode 100644
index 00..fa8a521a47
--- /dev/null
+++ b/tests/tcg/aarch64/bti-1.c
@@ -0,0 +1,61 @@
+/*
+ * Branch target identification, basic notskip cases.
+ */
+
+#include "bti-crt.inc.c"
+
+static void skip2_sigill(int sig, siginfo_t *info, ucontext_t *uc)
+{
+uc->uc_mcontext.pc += 8;
+}
+
+#define NOP   "nop"
+#define BTI_N "hint #32"
+#define BTI_C "hint #34"
+#define BTI_J "hint #36"
+#define BTI_JC"hint #38"
+
+#define BTYPE_1(DEST) \
+asm("mov %0,#1; adr x16, 1f; br x16; 1: " DEST "; mov %0,#0" \
+: "=r"(skipped) : : "x16")
+
+#define BTYPE_2(DEST) \
+asm("mov %0,#1; adr x16, 1f; blr x16; 1: " DEST "; mov %0,#0" \
+: "=r"(skipped) : : "x16", "x30")
+
+#define BTYPE_3(DEST) \
+asm("mov %0,#1; adr x15, 1f; br x15; 1: " DEST "; mov %0,#0" \
+: "=r"(skipped) : : "x15")
+
+#define TEST(WHICH, DEST, EXPECT) \
+do { WHICH(DEST); fail += skipped ^ EXPECT; } while (0)
+
+
+int main()
+{
+int fail = 0;
+int skipped;
+
+/* Signal-like with SA_SIGINFO.  */
+signal_info(SIGILL, skip2_sigill);
+
+TEST(BTYPE_1, NOP, 1);
+TEST(BTYPE_1, BTI_N, 1);
+TEST(BTYPE_1, BTI_C, 0);
+TEST(BTYPE_1, BTI_J, 0);
+TEST(BTYPE_1, BTI_JC, 0);
+
+TEST(BTYPE_2, NOP, 1);
+TEST(BTYPE_2, BTI_N, 1);
+TEST(BTYPE_2, BTI_C, 0);
+TEST(BTYPE_2, BTI_J, 1);
+TEST(BTYPE_2, BTI_JC, 0);
+
+TEST(BTYPE_3, NOP, 1);
+TEST(BTYPE_3, BTI_N, 1);
+TEST(BTYPE_3, BTI_C, 1);
+TEST(BTYPE_3, BTI_J, 0);
+TEST(BTYPE_3, BTI_JC, 0);
+
+return fail;
+}
diff --git a/tests/tcg/aarch64/bti-crt.inc.c b/tests/tcg/aarch64/bti-crt.inc.c
new file mode 100644
index 00..ef7831ad76
--- /dev/null
+++ b/tests/tcg/aarch64/bti-crt.inc.c
@@ -0,0 +1,51 @@
+/*
+ * Minimal user-environment for testing BTI.
+ *
+ * Normal libc is not built with BTI support enabled, and so could
+ * generate a BTI TRAP before ever reaching main.
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+int main(void);
+
+void _start(void)
+{
+exit(main());
+}
+
+void exit(int ret)
+{
+register int x0 __asm__("x0") = ret;
+register int x8 __asm__("x8") = __NR_exit;
+
+asm volatile("svc #0" : : "r"(x0), "r"(x8));
+__builtin_unreachable();
+}
+
+/*
+ * Irritatingly, the user API struct sigaction does not match the
+ * kernel API struct sigaction.  So for simplicity, isolate the
+ * kernel ABI here, and make this act like signal.
+ */
+void signal_info(int sig, void (*fn)(int, siginfo_t *, ucontext_t *))
+{
+struct kernel_sigaction {
+void (*handler)(int, siginfo_t *, ucontext_t *);
+unsigned long flags;
+unsigned long restorer;
+unsigned long mask;
+} sa = { fn, SA_SIGINFO, 0, 0 };
+
+register int x0 __asm__("x0") = sig;
+register void *x1 __asm__("x1") = 
+register void *x2 __asm__("x2") = 0;
+register int x3 __asm__("x3") = sizeof(unsigned long);
+register int x8 __asm__("x8") = __NR_rt_sigaction;
+
+asm volatile("svc #0"
+ : : "r"(x0), "r"(x1), "r"(x2), "r"(x3), "r"(x8) : "memory");
+}
diff --git a/tests/tcg/aarch64/Makefile.target 
b/tests/tcg/aarch64/Makefile.target
index 08c45b8470..b529a8c9c9 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -8,10 +8,15 @@ VPATH += $(AARCH64_SRC)
 # we don't build any of the ARM tests
 AARCH64_TESTS=$(filter-out $(ARM_TESTS), $(TESTS))
 AARCH64_TESTS+=fcvt
-TESTS:=$(AARCH64_TESTS)
 
 fcvt: LDFLAGS+=-lm
 
 run-fcvt: fcvt
$(call run-test,$<,$(QEMU) $<, "$< on $(TARGET_NAME)")
$(call diff-out,$<,$(AARCH64_SRC)/fcvt.ref)
+
+AARCH64_TESTS += bti-1
+bti-1: LDFLAGS += -nostartfiles -nodefaultlibs -nostdlib
+run-bti-1: QEMU += -cpu max,x-guarded-pages=on
+
+TESTS:=$(AARCH64_TESTS)
-- 
2.17.2

Re: [Qemu-devel] [PATCH v1 4/4] tests/tcg/aarch64: userspace system register test

[Alex Bennée]

Alex Bennée  writes:

> This tests a bunch of registers that the kernel allows userspace to
> read including the CPUID registers.
>
> Signed-off-by: Alex Bennée 

I'll also merge the following fix:

modified   tests/tcg/aarch64/sysregs.c
@@ -11,6 +11,10 @@
 #include 
 #include 

+#ifndef HWCAP_CPUID
+#define HWCAP_CPUID (1 << 11)
+#endif
+
 int failed_mask_count;

 #define get_cpu_reg(id) ({  \


>
> ---
> v4
>   - also test for extra bits that shouldn't be exposed
> ---
>  tests/tcg/aarch64/Makefile.target |   2 +-
>  tests/tcg/aarch64/sysregs.c   | 120 ++
>  2 files changed, 121 insertions(+), 1 deletion(-)
>  create mode 100644 tests/tcg/aarch64/sysregs.c
>
> diff --git a/tests/tcg/aarch64/Makefile.target 
> b/tests/tcg/aarch64/Makefile.target
> index 08c45b8470..cc1a7eb486 100644
> --- a/tests/tcg/aarch64/Makefile.target
> +++ b/tests/tcg/aarch64/Makefile.target
> @@ -7,7 +7,7 @@ VPATH += $(AARCH64_SRC)
>
>  # we don't build any of the ARM tests
>  AARCH64_TESTS=$(filter-out $(ARM_TESTS), $(TESTS))
> -AARCH64_TESTS+=fcvt
> +AARCH64_TESTS+=fcvt sysregs
>  TESTS:=$(AARCH64_TESTS)
>
>  fcvt: LDFLAGS+=-lm
> diff --git a/tests/tcg/aarch64/sysregs.c b/tests/tcg/aarch64/sysregs.c
> new file mode 100644
> index 00..8e11288ee3
> --- /dev/null
> +++ b/tests/tcg/aarch64/sysregs.c
> @@ -0,0 +1,120 @@
> +/*
> + * Check emulated system register access for linux-user mode.
> + *
> + * See: 
> https://www.kernel.org/doc/Documentation/arm64/cpu-feature-registers.txt
> + */
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +int failed_mask_count;
> +
> +#define get_cpu_reg(id) ({  \
> +unsigned long __val = 0xdeadbeef;   \
> +asm("mrs %0, "#id : "=r" (__val));  \
> +printf("%-20s: 0x%016lx\n", #id, __val);\
> +__val;   \
> +})
> +
> +#define get_cpu_reg_check_mask(id, mask) ({ \
> +unsigned long __cval = get_cpu_reg(id); \
> +unsigned long __extra = __cval & ~mask; \
> +if (__extra) {  \
> +printf("%-20s: 0x%016lx\n", "  !!extra bits!!", __extra);   \
> +failed_mask_count++;\
> +}   \
> +})
> +
> +bool should_fail;
> +int should_fail_count;
> +int should_not_fail_count;
> +uintptr_t failed_pc[10];
> +
> +void sigill_handler(int signo, siginfo_t *si, void *data)
> +{
> +ucontext_t *uc = (ucontext_t *)data;
> +
> +if (should_fail) {
> +should_fail_count++;
> +} else {
> +uintptr_t pc = (uintptr_t) uc->uc_mcontext.pc;
> +failed_pc[should_not_fail_count++] =  pc;
> +}
> +uc->uc_mcontext.pc += 4;
> +}
> +
> +int main(void)
> +{
> +struct sigaction sa;
> +
> +/* Hook in a SIGILL handler */
> +memset(, 0, sizeof(struct sigaction));
> +sa.sa_flags = SA_SIGINFO;
> +sa.sa_sigaction = _handler;
> +sigemptyset(_mask);
> +
> +if (sigaction(SIGILL, , 0) != 0) {
> +perror("sigaction");
> +return 1;
> +}
> +
> +/* since 4.12 */
> +printf("Checking CNT registers\n");
> +
> +get_cpu_reg(ctr_el0);
> +get_cpu_reg(cntvct_el0);
> +get_cpu_reg(cntfrq_el0);
> +
> +/* when (getauxval(AT_HWCAP) & HWCAP_CPUID), since 4.11*/
> +if (!(getauxval(AT_HWCAP) & HWCAP_CPUID)) {
> +printf("CPUID registers unavailable\n");
> +return 1;
> +} else {
> +printf("Checking CPUID registers\n");
> +}
> +
> +/*
> + * Some registers only expose some bits to user-space. Anything
> + * that is IMDEF is exported as 0 to user-space.
> + */
> +get_cpu_reg_check_mask(id_aa64isar0_el1, 0x000fff00ULL);
> +get_cpu_reg_check_mask(id_aa64isar1_el1, 0xULL);
> +get_cpu_reg(id_aa64mmfr0_el1);
> +get_cpu_reg(id_aa64mmfr1_el1);
> +get_cpu_reg_check_mask(id_aa64pfr0_el1, 0x000f000f0ffULL);
> +get_cpu_reg(id_aa64pfr1_el1);
> +get_cpu_reg(id_aa64dfr0_el1);
> +get_cpu_reg(id_aa64dfr1_el1);
> +
> +get_cpu_reg_check_mask(midr_el1, 0xULL);
> +get_cpu_reg(mpidr_el1);
> +/* REVIDR is all IMPDEF so should be all zeros to user-space */
> +get_cpu_reg_check_mask(revidr_el1, 0x0);
> +
> +printf("Remaining registers should fail\n");
> +should_fail = true;
> +
> +/* Unexposed register access causes SIGILL */
> +get_cpu_reg(id_mmfr0_el1);
> +
> +if (should_not_fail_count > 0) {
> +int i;
> +for (i = 0; i < should_not_fail_count; i++) {
> +uintptr_t pc = failed_pc[i];
> +uint32_t insn = *(uint32_t *) pc;
> +printf("insn %#x @ %#lx 

Re: [Qemu-devel] [PATCH 08/11] target/arm: Add guarded_pages cpu property for user-only

[Richard Henderson]

On 1/22/19 8:57 AM, Peter Maydell wrote:
>>> This is OK code-wise but I'm a bit wary of committing it
>>> because then we're stuck with the property forever even
>>> if it turns out to be irrelevant to whatever the userland
>>> ABI eventually is.
>>
>> That's surely simply a matter of documentation.
>> "Don't rely on this property: it will go away."
> 
> Convention is that those should be prefixed with "x-".

Ok, done.


r~

Re: [Qemu-devel] [PATCH] acpi: Make TPM 2.0 with TIS available as MSFT0101

[Stefan Berger]

On 1/28/19 12:49 PM, Michael S. Tsirkin wrote:

On Mon, Jan 28, 2019 at 12:19:37PM -0500, Stefan Berger wrote:

On 1/28/19 11:14 AM, Stefan Berger wrote:

On 1/28/19 9:45 AM, Igor Mammedov wrote:

On Fri, 25 Jan 2019 16:00:58 -0500
Stefan Berger  wrote:


This patch makes the a TPM 2.0 with TIS interface available under the
HID 'MSF0101'. This is supported by Linux and also Windows now

MSF0101 is relatively recent addition to Linux,
are there in wild (old) kernels that worked with PNP0C31 but won't work
with MSF0101?


Linux 4.3.4 and later references this HID here:
https://elixir.bootlin.com/linux/v4.3.4/source/drivers/char/tpm/tpm_tis.c
. I don't see it before that. A 3.10 kernel works with this patch as
well.


... that 3.10 kernel from el7 has been patched, though.

    Stefan

.. and supports the new HID.

And this spec here also speaks for it: 
https://trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v51.pdf


See chapter 8.

Re: [Qemu-devel] [PATCH v2 2/5] vfio-ccw: concurrent I/O handling

[Eric Farman]

On 01/28/2019 12:24 PM, Cornelia Huck wrote:

On Fri, 25 Jan 2019 10:57:38 -0500
Eric Farman  wrote:


On 01/25/2019 07:58 AM, Cornelia Huck wrote:

On Fri, 25 Jan 2019 11:24:37 +0100
Cornelia Huck  wrote:
   

On Thu, 24 Jan 2019 21:37:44 -0500
Eric Farman  wrote:
  

On 01/24/2019 09:25 PM, Eric Farman wrote:



On 01/21/2019 06:03 AM, Cornelia Huck wrote:
  

[1] I think these changes are cool.  We end up going into (and staying
in) state=BUSY if we get cc=0 on the SSCH, rather than in/out as we
bumble along.

But why can't these be separated out from this patch?  It does change
the behavior of the state machine, and seem distinct from the addition
of the mutex you otherwise add here?  At the very least, this behavior
change should be documented in the commit since it's otherwise lost in
the mutex/EAGAIN stuff.


That's a very good idea. I'll factor them out into a separate patch.


And now that I've factored it out, I noticed some more problems.


That's good!  Maybe it helps us with the circles we're on :)


:)





What we basically need is the following, I think:

- The code should not be interrupted while we process the channel
program, do the ssch etc. We want the caller to try again later (i.e.
return -EAGAIN)
- We currently do not want the user space to submit another channel
program while the first one is still in flight.


These two seem to contradict one another.  I think you're saying is that
we don't _want_ userspace to issue another channel program, even though
its _allowed_ to as far as vfio-ccw is concerned.


What I'm trying to say is that we want to distinguish two things:
- The code is currently doing translation etc. We probably want to keep
   that atomic, in order not to make things too complicated.
- We have sent the ssch() to the hardware, but have not yet received
   the final interrupt for that request (that's what I meant with "in
   flight"). It's easier for the first shot to disallow a second ssch()
   as that would need handling of more than one cp request, but we may
   want to allow it in the future.
   A hsch()/csch() (which does not generate a new cp) should be fine.

(see also my reply to Halil's mail)



As submitting another

one is a valid request, however, we should allow this in the future
(once we have the code to handle that in place).
- With the async interface, we want user space to be able to submit a
halt/clear while a start request is still in flight, but not while
we're processing a start request with translation etc. We probably
want to do -EAGAIN in that case.

My idea would be:

- The BUSY state denotes "I'm busy processing a request right now, try
again". We hold it while processing the cp and doing the ssch and
leave it afterwards (i.e., while the start request is processed by
the hardware). I/O requests and async requests get -EAGAIN in that
state.
- A new state (CP_PENDING?) is entered after ssch returned with cc 0
(from the BUSY state). We stay in there as long as no final state for
that request has been received and delivered. (This may be final
interrupt for that request, a deferred cc, or successful halt/clear.)
I/O requests get -EBUSY


I liked CP_PENDING, since it corresponds to the subchannel being marked
"start pending" as described in POPS, but this statement suggests that
the BUSY/PENDING state to be swapped, such that state=PENDING returns
-EAGAIN and state=BUSY returns -EBUSY.  Not super-concerned with the
terminology though.


What about s/BUSY/CP_PROCESSING/ ?


So we go IDLE -> CP_PROCESSING -> CP_PENDING -> (IRQ) -> IDLE right? 
Seems good to me.






, async requests are processed. This state can

be removed again once we are able to handle more than one outstanding
cp.

Does that make sense?
   


I think so, and I think I like it.  So you want to distinguish between
(I have swapped BUSY/PENDING in this example per my above comment):

A) SSCH issued by userspace (IDLE->PENDING)
B) SSCH issued (successfully) by kernel (PENDING->BUSY)
B') SSCH issued (unsuccessfully) by kernel (PENDING->IDLE?)


I think so.


C) Interrupt received by kernel (no change?)
D) Interrupt given to userspace (BUSY->IDLE)


Only if that is the final interrupt for that cp.


Agreed.





If we receive A and A, the second A gets EAGAIN

If we do A+B and A, the second A gets EBUSY (unless async, which is
processed)


Nod.


Does the boundary of "in flight" in the interrupt side (C and D) need to
be defined, such that we go BUSY->PENDING->IDLE instead of BUSY->IDLE ?


I don't think we can go BUSY->PENDING (in your terminology), at that
would imply a retry of the ssch()?



I didn't think so, but figured it's worth asking while we're already 
confused.  :)

Re: [Qemu-devel] [PATCH v2 2/5] vfio-ccw: concurrent I/O handling

[Eric Farman]

On 01/28/2019 02:15 PM, Halil Pasic wrote:

On Mon, 28 Jan 2019 18:09:48 +0100
Cornelia Huck  wrote:


On Fri, 25 Jan 2019 15:01:01 +0100
Halil Pasic  wrote:


On Fri, 25 Jan 2019 13:58:35 +0100
Cornelia Huck  wrote:



- The code should not be interrupted while we process the channel
   program, do the ssch etc. We want the caller to try again later (i.e.
   return -EAGAIN)


(...)


- With the async interface, we want user space to be able to submit a
   halt/clear while a start request is still in flight, but not while
   we're processing a start request with translation etc. We probably
   want to do -EAGAIN in that case.


This reads very similar to your first point.


Not quite. ssch() means that we have a cp around; for hsch()/csch() we
don't have such a thing. So we want to protect the process of
translating the cp etc., but we don't need such protection for the
halt/clear processing.



What does this don't 'need such protection' mean in terms of code,
moving the unlock of the io_mutex upward (in
vfio_ccw_async_region_write())?

Here the function in question for reference:

+static ssize_t vfio_ccw_async_region_write(struct vfio_ccw_private
*private,
+  const char __user *buf,
size_t count,
+  loff_t *ppos)
+{
+   unsigned int i = VFIO_CCW_OFFSET_TO_INDEX(*ppos) -
VFIO_CCW_NUM_REGIONS;
+   loff_t pos = *ppos & VFIO_CCW_OFFSET_MASK;
+   struct ccw_cmd_region *region;
+   int ret;
+
+   if (pos + count > sizeof(*region))
+   return -EINVAL;
+
+   if (private->state == VFIO_CCW_STATE_NOT_OPER ||
+   private->state == VFIO_CCW_STATE_STANDBY)
+   return -EACCES;
+   if (!mutex_trylock(>io_mutex))
+   return -EAGAIN;
+
+   region = private->region[i].data;
+   if (copy_from_user((void *)region + pos, buf, count)) {
+   ret = -EFAULT;
+   goto out_unlock;
+   }
+
+   vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_ASYNC_REQ);
+
+   ret = region->ret_code ? region->ret_code : count;
+
+out_unlock:
+   mutex_unlock(>io_mutex);
+   return ret;
+}

That does not make much sense to me at the moment (so I guess I
misunderstood again).





My idea would be:

- The BUSY state denotes "I'm busy processing a request right now, try
   again". We hold it while processing the cp and doing the ssch and
   leave it afterwards (i.e., while the start request is processed by
   the hardware). I/O requests and async requests get -EAGAIN in that
   state.
- A new state (CP_PENDING?) is entered after ssch returned with cc 0
   (from the BUSY state). We stay in there as long as no final state for
   that request has been received and delivered. (This may be final
   interrupt for that request, a deferred cc, or successful halt/clear.)
   I/O requests get -EBUSY, async requests are processed. This state can
   be removed again once we are able to handle more than one outstanding
   cp.

Does that make sense?
   


AFAIU your idea is to split up the busy state into two states: CP_PENDING
and of busy without CP_PENDING called BUSY. I like the idea of having a
separate state for CP_PENDING but I don't like the new semantic of BUSY.

Hm mashing a conceptual state machine and the jumptabe stuff ain't
making reasoning about this simpler either. I'm taking about the
conceptual state machine. It would be nice to have a picture of it and
then think about how to express that in code.


Sorry, I'm having a hard time parsing your comments. Are you looking
for something like the below?


I had more something like this
https://en.wikipedia.org/wiki/UML_state_machine,
in mind but the lists of state transitions are also useful.



I think the picture Connie paints below is just as useful as any 
formalized UML diagram.




IDLE --- IO_REQ --> BUSY ---> CP_PENDING --- IRQ ---> IDLE (if final


There ain't no trigger/action list  between BUSY and CP_PENDING.


Right, because BUSY means "KVM started processing a SSCH" and CP_PENDING 
means "KVM finished processing the SSCH and issued it to the hardware, 
and got cc=0."



I'm also in the  dark about where the issuing of the ssch() happen
here (is it an internal transition within CP_PENDING?). 


Connie said...

 - A new state (CP_PENDING?) is entered after ssch returned with cc 0
(from the BUSY state).

...and I agree with that.

I guess if

the ssch() returns with non cc == 0 the CP_PENDING ---IRQ---> IDLE
transition
won't take place. And I guess the IRQ is a final one.


Yes this is the one point I hadn't seen explicitly stated.  We shouldn't 
remain in state=BUSY if the ssch got cc!=0, and probably return to IDLE 
when processing the failure.  In Connie's response (Mon, 28 Jan 2019 
18:24:24 +0100) to my note, she expressed some agreement to that.




Sorry abstraction is not a concept unknown to me. But this is too much
abstraction for me in this context. The devil is in the 

Re: [Qemu-devel] [PATCH 06/11] target/arm: Reset btype for direct branches and syscalls

[Richard Henderson]

On 1/22/19 6:12 AM, Peter Maydell wrote:
> On Thu, 10 Jan 2019 at 12:17, Richard Henderson
>  wrote:
>>
>> This is all of the non-exception cases of DISAS_NORETURN.
> 
> What about the gen_helper_exit_atomic() exit cases ?

In that case we are going to re-execute the same insn with a different
translation, so we do not want to change btype.

(Although I'm not sure how the guest could tell.  Given where we check for
btype mismatch, we would recognize the BTI exception before getting into the
ldst_ex path that generates the ATOMIC exception.  So any DataAbort exception
that the atomic insn itself might generate must also have BTYPE == 0.)

>> For the rest of the synchronous exceptions, the state of
>> SPSR_ELx.BTYPE is CONSTRAINED UNPREDICTABLE.  However, it
>> makes more sense to me to have syscalls reset BTYPE.
> 
> The advantage of picking the other choice (SPSR_ELx.BTYPE ==
> PSTATE.BTYPE) is that it means that the behaviour is identical
> for all exceptions (async or sync of any type) and we don't
> do the work of clearing the BTYPE field (which will happen
> potentially in "normal" guest code if we're not in a guarded page,
> I think).

Well, BTYPE is in the TB flags, so we know it's already zero in that case, so
there's no extra work.  But you're probably right about not making syscall
special.  I've removed that.


r~

[Qemu-devel] [PATCH 0/2] qemu-macppc patches

[Mark Cave-Ayland]

Here's the contents of my qemu-macppc branch: just two minor patches consisting 
of
an update to MAINTAINERS, plus bringing in updated binaries containing bugfixes
for Ben's MacOS NDRV VGA driver.

Signed-off-by: Mark Cave-Ayland 

Mark Cave-Ayland (2):
  MAINTAINERS: add myself as maintainer for Mac Old World and New World
machines
  QemuMacDrivers: update qemu_vga.ndrv to 90c488d built from submodule

 MAINTAINERS   |   6 --
 pc-bios/qemu_vga.ndrv | Bin 14752 -> 18752 bytes
 roms/QemuMacDrivers   |   2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

-- 
2.11.0

[Qemu-devel] [PATCH 2/2] QemuMacDrivers: update qemu_vga.ndrv to 90c488d built from submodule

[Mark Cave-Ayland]

This update to qemu_vga.ndrv includes the following changes:

- Build guest resolution list from QEMU EDID data if enabled
- Fixes to re-enable 256 color mode

Signed-off-by: Mark Cave-Ayland 
---
 pc-bios/qemu_vga.ndrv | Bin 14752 -> 18752 bytes
 roms/QemuMacDrivers   |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/pc-bios/qemu_vga.ndrv b/pc-bios/qemu_vga.ndrv
index 
6e02f74d61e01c87cf50b10e174a6626bee13677..de81cfd1c57c30671d2017eb1899583fb1c887c3
 100644
GIT binary patch
literal 18752
zcmc&+4{%gPn*ZicCX+v4gwcx-!b4$e)X2p(S`QPm69^cDV3g6|oqNtC^N`t{WX72Z
zOx6c^A-ILLS`|y&<91mMD_U$FTCvKl!V@K|=wg+6?%itPF0Q!ZomZzWp16w&%>BN8
z{bpV!Gk|w>bx)h_{<{0??_YoYb-#JJDLyzap{-q;*pTQYBFEv??|6~t9~U{flEq^J
z8$Tkll53RQZd;pgg2+luhQncRGe;A-7{B4hIQck;oYfY7D@Pl5@FAg{P9UpBzhkm4
zXhPX~>@?4?fXK^`thP=4N)-SigT_|73_02@rBP~PvTcjw`Mx-rBKSA1q^gPl(
zBmEoFSDVQ(9qC(0*CDMy!Z^o0NDm-AF1R47V%#^)T>QOdE@OY7a`;DqON`lpD~-Po
z)DpEPqwBTgYAv}w+N-5jMtf*gxKF!PyE~dnCkMISwPZPGw?`vd+}>|VxW8A61*3gh
zlDgvYSX(R>?+vFhHifSJX<9wl-@7gu?~ndKTYfVwzj;Z#uP@vmS)M{65!2Ed-In0t
z)E0@f4%i%Z(kBm3>L!L
zqp3tZr4@pg_eaw?SXVNh(30uF8?~aa)gYgi_D7=O{?!}8iL0+$jIm2IiO#!|OXB@&
zqj%q`g(KbZWW?6#nr|0&>P|+}n&@@=>XnkJ9CuQxgr-&6hGO9M_!MYxoo4E;T}$;Q
zqY0K?d)x#;+`^LGumIl+N2&5Rryb;Y4z^rJ4ktNYXX}^N0o%~M{T|XOE9M$h`
zc3jtIXY|J|%Z%=%g#L$XGWzM}jN0SeF?8_rOb0n0@z+yj+pwb%up`|QHP`FCv`~+_
zo?KApBdwTnA_f-8TtTiyU@0i+uWbo@ZC9etmikj_Ld^;@7vnz
zOnN+hHkh}0BKrp9^(@PfY3d;A>>ew>H?W!f4fW(eUfn#wvY=W)+rjdt4*KhPMjQF`
zP328PFMXad9JEHAM_szt_2l!=*D8Y)!ZSKdbCM*#jv1kw1rAH8#_oC_jaA5al%}??gF)auDT5
zcF!RipG&0j+;eIE_PKN^QhW1zFDo#h6t{
ze<6sLl$MmXA8YvbbV-i02rh8G2;)ppem6_6>~R0(u@WULXQJWpZpS#@5@$
zPLpG26^!k`*nQ^MGq0lj@rvx3118;9MtO|BarPkS^r<~=FWU&(cVf<(4w`MXV?DSV
zWZQj1kHe1ax`C`&?m#7;De~Wl_4TM-2kv`IeErL
zM14BX$8yD(%Zts+^F922_LS83gg!JI^s=tq(Bv?H%G^*3V?s>J+)x05E!^PvrP%!GM|ZLl{@SVgA|
zwok%z+ou%!+{6ZVdFlnQ$X4{NMY;6$}Rvos%x=h|~}39Ed^2J=hU
z7dDvBgiXuw(|~o!YpnTb_6^o^Df`%eAbZl%ss7@XnUN23@;|jA`}H$wPg(WuM`;$y
zPrxo&7gs_T3BYR$b;0v=&;?g9UC>3)tegH1^>(xFeO5_FOco~WdHkQeUDkMw)*cd>lX_B
zV*CSUea6eOzi!q@~SDN*T0oh;b)bWU{H<;~JU$^rvDyV*YB$
zXN~1IQGdg}PM?Pkd2R7}w{)p|V3OvR{5uxUQ{rSfu}9^nalc|5^Hfg#HhHgZ?Mc
z|GVmDU%L^Z`F`vJ?8`C!82GGfa%HolZko@q4yqOMDn%LMyCQq?w1r=Fk%RI1
z5x|=`|LPW_;`|%%b*qYSqo2`LN#wLNE2CG#`bZtmk#$iWQwFb+6*c$Y_
z(i$xHw1SV*#-mi%5=x|0*FZu?w2yW8Y`~yEODNi}y3%VUYzttuEun~}y4I&9EQImf
zT0*ge>e`T$uoz%QOK3g%B~udS$Jkg)C^e|M`gX`qQ
zrK+p*Hd${3jlHTXs>r%x8|$-`*@t|}Hd@T)AkN%#uJ|L^>uFV8*^_?6Hf_U%xX}|T
z^dZoV!S;rHSmv8$F5tPzPzZ)RtqnxOkT1)l24w@e54`$O9zmJ;_5qhy;ucZYqE(>XvRUjql!1JMfO$a!+cCo;MjZ&4+^G(22T_)~b51^J&1nLcSQ+eXLehw~$jeE(ISKi+Hp-OAdYRM}fd__Mo)gqVZob
z`giw|JGkkBGYVn~og6j#5M_4Pk!NVX6LF2_AZ+_h%)f|ZS=AsK`VjH(lZY#RE#ivL
zp!1@0vCPh;?~?QkfgbEnf}Ty1o)>fUz^7z?A?a}py^J`S>G}7sInD{6jh>S8ot6J`
z_>Al#)~`*M9a5Jozq!sXdLabaoR7{dn^MqU4>@X7%Kk}r)n?c>0V?ostgCVbGGKrE
zDddog)6UYr1^vH!w*FJ&!zp*(CdGt-1`;J8181!tq9SiETSr{jDE
z#QT2mCw)J!8Js}`{xo8~r;H=9m5<4NbR7D1~C;O{_x;TrRpxK(Or@Mw
zGJ69uQzzMlZ9lZlKXI1%E+B{8w$oTEThb@
z{GF$L%$NMV2A)2V_Tk1E#fvm$9?MRc{(QV5^nV=VpW?M=x2w|j?X5xojo+YuBl>s#
zFV_RxYm>>Zcg>3ISEnIQ__Fc=*fY+CHCB9z7^dbK)@7lb?fe(BPl+3A;j5hmYlU@L
z3z#3pBN7PAkDdla~rTK>lm8f|NF+tx>kw!Vk}-tc?}a9?mtH<~-tlqoI4Ee2Di#$OmW8
znNP5+z+Vl^3-w31UMM^J8f5;a+9%tQ_aNreSTB-J_*S|RYnt`(ayD5#tM
zm&$djRb{_i+|Bk3n4^#uOOI$4%9!5O+F6?bmynYsYK7syh|L57i0``A$qoqd$
zRM_{C!ZlRP9?bh6mRW@gTvr#dH`SO+YfOLj=QfVH;FkzK>rN40*OQaw!@dgrW{lR8
zw@^-&zw`AgF#D?%%>e|e_J{43c%iv3_Gsn`!%aK?;=FelEX9`M+L_&3mIi1_Ob
z=(i62XR!a&-Hx|)m(ypXDId$&{3uX~r?fp)=%DQ)OU}}MEc@_-|H^Uc=eFan2FV3j
z2)@sayP7HTu(V_*aOq@;~tD~c631JHJB@ccmT0+
zPXF^E`*P4xW1g*gO?eRg7%=E;a?E0vi=d|<{w
zExhL4@w9o26Ya6lI@noHrO((wh-XhkC7*eFx7`zChz
zQ>cIDcg(n#oXsy~vtzR@zW-}5xY5)4_)jI@xGT-`UG+i;vx)UsH;KnJpgSaatP}i#
z#~i=h7w0;@*W`KkJ9#wG7Ttn(JjCpJ1ex6an#{xT%)#=)EAYcb5U_agco
zd7SmaKCm*dBK!GO1v=(EcXz{_>>1Ej-8^RQQ4Mp5_Ym*MehM|eOAhEI!uBuu!TC9R
z8ai>a9x#4g1Mc?ON9pyoc3bV@J6v^`T2%P94ytsZyPZGwXAKV@AvgOu)-lTwc{OaD
z>%6aR9gjg8!@Hl>FqmH3`faOvl;(x*W9IAw!>v*?>
z{pzz}oCgBxT*M^w(HZ@5$J>wx0f%Q4cT1d)yI_-M?v?p;nKMt^Z$?W9XQ>f6ZiFrt
z@DZ9N+rNdmTEv(U+`oe#S*{lOo=R^b>TCk5Ikr`0T**<<{
zvGM4ul)z!qH9~eA;@uUmN9ZBH#%%96*q`L$`JdxF{RGVl_PTNBgZBydIiBvI84vM$
z0gTV>ONHyx9?yw;ye)YgL>@`zUKqh5B<(;r^n6Cfsj>rm9oTFO`u#av6Ne
zjEfkbKJ@v*4!ZEOLi!5#hvM{Aol;%E7jZI9?%~3nXQQ<=eKY^5`6Z8}@4`<^
ze4jDyTh2wFl>fLI=5=HCM>zmp*W(?hig%z`ixLmu&_(-bm^v_SCHi$3n;m<^y89L0
z<-9^Sq3>;S+tbjI}CuzNq(*1;n
zJ6Xq~?hoA8wSXQ!jZc6M+5y9kISn;Xe0b-ecjvy!sqh=HVA{e;UG%DRAEr
z+z1=S`a{_f)J55adx9^5_oCcWdBobEhSvTbI;Ynk-b8DVf*n*P?(c#TckAe**dKZ-
zPon*)=A+DmZ?6HLgL)(G!ri!gA~8Sj@h)=f*#E?S6Azsl>8W$GdSR!@%CYTV~c15HhUS#tIpYpKEbA?)f_ulMO+O8%Yj1F+q%
z?=R+q3-}+G>zUW6-zHyOR3OerKSVfjQIpw(g^Wg+oVOnejQe%b!4b
zLX@4sQ2W9zK071ck$TUsJGqBWnP2`sfZrYP*%N*tBF+K%vu?m?3KG$9c^=e-i>9
z>`QRgAwT5A>rS?b^9TDD+nwAL8dwh2Bj~aDU;PKr$4@WI==-kB=y)%}_JP>{*#CA
zqR_)b6nywGT8H(?cO@-)oxCf-Sqgo5U!mdyT9js7w3O|pQXV5CxCx0^2
zApeAGy_@8M}=8!0Qv_2AvB=vgVq>{(7t!P3PJV
ztv#LRXFKIR8^4Ef$US?~Z-EGpu+RMa1MB{0FUD>$UIbld5C@bkf(~o0m+Svxao06W
zqww)=jvsWlpJh?Q>slu@0A1i+asdo?BLX%|?3>v}aNp{kCj2mb1fP{2ehGeINYLG+

[Qemu-devel] [PATCH 1/2] MAINTAINERS: add myself as maintainer for Mac Old World and New World machines

[Mark Cave-Ayland]

I've unofficially been doing most of the work on the Mac machines for a while
now, so update MAINTAINERS to reflect this. David is still happy to be listed
as a reviewer as per our discussion at KVM forum.

Signed-off-by: Mark Cave-Ayland 
Acked-by: David Gibson 
---
 MAINTAINERS | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 59e1f24d68..14b0ed95c3 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -970,7 +970,8 @@ F: hw/ppc/mpc8544ds.c
 F: hw/ppc/mpc8544_guts.c
 
 New World (mac99)
-M: David Gibson 
+M: Mark Cave-Ayland 
+R: David Gibson 
 L: qemu-...@nongnu.org
 S: Odd Fixes
 F: hw/ppc/mac_newworld.c
@@ -988,7 +989,8 @@ F: include/hw/input/adb*
 F: pc-bios/qemu_vga.ndrv
 
 Old World (g3beige)
-M: David Gibson 
+M: Mark Cave-Ayland 
+R: David Gibson 
 L: qemu-...@nongnu.org
 S: Odd Fixes
 F: hw/ppc/mac_oldworld.c
-- 
2.11.0

[Qemu-devel] [PATCH 1/2] usb: XHCI shall not halt isochronous endpoints

[Yuri Benditovich]

According to the XHCI spec (4.10.2) the controller
never halts isochronous endpoints. This commit prevent
stop of isochronous streaming when sporadic errors
status received from backends.

Signed-off-by: Yuri Benditovich 
---
 hw/usb/hcd-xhci.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 8f1a01a..1a8fd96 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1571,6 +1571,11 @@ static void xhci_stall_ep(XHCITransfer *xfer)
 uint32_t err;
 XHCIStreamContext *sctx;
 
+if (epctx->type == ET_ISO_IN || epctx->type == ET_ISO_OUT) {
+/* never halt isoch endpoints, 4.10.2 */
+return;
+}
+
 if (epctx->nr_pstreams) {
 sctx = xhci_find_stream(epctx, xfer->streamid, );
 if (sctx == NULL) {
-- 
2.9.5

[Qemu-devel] [PATCH 0/2] Fix XHCI errors with isochronous transfer

[Yuri Benditovich]

These patches fix errors causing isochronous transfer to stop
when XHCI works with redirected devices:
* avoid halt of isochronous endpoints
* implement underrun/overrun events

Note that checkpatch emits errors for patch 2 on usage by
'slotid-1' statement. I still leave it for readability
as this construction is used in this file everywhere.

Yuri Benditovich (2):
  usb: XHCI shall not halt isochronous endpoints
  usb: implement XHCI underrun/overrun events

 hw/usb/hcd-xhci.c | 22 --
 hw/usb/hcd-xhci.h |  1 +
 2 files changed, 21 insertions(+), 2 deletions(-)

-- 
2.9.5

[Qemu-devel] [PATCH 2/2] usb: implement XHCI underrun/overrun events

[Yuri Benditovich]

Implement underrun/overrun events of isochronous endpoints
according to XHCI spec (4.10.3.1)
Guest software restarts data streaming when receives these events.
The XHCI reports these events using interrupter assigned
to the slot (as these events do not have TRB), so current
commit adds the field of assigned interrupter to the
XHCISlot structure. Guest software assigns interrupter to the
slot on 'Address Device' and 'Evaluate Context' commands.

Signed-off-by: Yuri Benditovich 
---
 hw/usb/hcd-xhci.c | 17 +++--
 hw/usb/hcd-xhci.h |  1 +
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 1a8fd96..19c64f7 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1949,6 +1949,16 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, 
unsigned int streamid)
 while (1) {
 length = xhci_ring_chain_length(xhci, ring);
 if (length <= 0) {
+if (epctx->type == ET_ISO_OUT || epctx->type == ET_ISO_IN) {
+/* 4.10.3.1 */
+XHCIEvent ev = { ER_TRANSFER };
+ev.ccode  = epctx->type == ET_ISO_IN ?
+CC_RING_OVERRUN : CC_RING_UNDERRUN;
+ev.slotid = epctx->slotid;
+ev.epid   = epctx->epid;
+ev.ptr= epctx->ring.dequeue;
+xhci_event(xhci, , xhci->slots[epctx->slotid-1].intr);
+}
 break;
 }
 xfer = xhci_ep_alloc_xfer(epctx, length);
@@ -2028,6 +2038,7 @@ static TRBCCode xhci_disable_slot(XHCIState *xhci, 
unsigned int slotid)
 xhci->slots[slotid-1].enabled = 0;
 xhci->slots[slotid-1].addressed = 0;
 xhci->slots[slotid-1].uport = NULL;
+xhci->slots[slotid-1].intr = 0;
 return CC_SUCCESS;
 }
 
@@ -2127,6 +2138,7 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, 
unsigned int slotid,
 slot = >slots[slotid-1];
 slot->uport = uport;
 slot->ctx = octx;
+slot->intr = get_field(slot_ctx[2], TRB_INTR);
 
 /* Make sure device is in USB_STATE_DEFAULT state */
 usb_device_reset(dev);
@@ -2300,8 +2312,9 @@ static TRBCCode xhci_evaluate_slot(XHCIState *xhci, 
unsigned int slotid,
 
 slot_ctx[1] &= ~0x; /* max exit latency */
 slot_ctx[1] |= islot_ctx[1] & 0x;
-slot_ctx[2] &= ~0xFF0; /* interrupter target */
-slot_ctx[2] |= islot_ctx[2] & 0xFF00;
+/* update interrupter target field */
+xhci->slots[slotid-1].intr = get_field(islot_ctx[2], TRB_INTR);
+set_field(_ctx[2], xhci->slots[slotid-1].intr, TRB_INTR);
 
 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
diff --git a/hw/usb/hcd-xhci.h b/hw/usb/hcd-xhci.h
index fc36a4c..240caa4 100644
--- a/hw/usb/hcd-xhci.h
+++ b/hw/usb/hcd-xhci.h
@@ -140,6 +140,7 @@ typedef struct XHCIPort {
 typedef struct XHCISlot {
 bool enabled;
 bool addressed;
+uint16_t intr;
 dma_addr_t ctx;
 USBPort *uport;
 XHCIEPContext *eps[31];
-- 
2.9.5

Re: [Qemu-devel] [PATCH 04/11] target/arm: Record the GP bit for a page in MemTxAttrs

[Richard Henderson]

On 1/22/19 5:26 AM, Peter Maydell wrote:
> On Thu, 10 Jan 2019 at 12:17, Richard Henderson
>  wrote:
>>
>> This isn't really a transaction attribute, but that's the most
>> convenient place to hold a random bit of information within the
>> softmmu tlb.
>>
>> Signed-off-by: Richard Henderson 
>> ---
>>  include/exec/memattrs.h | 2 ++
>>  target/arm/helper.c | 6 ++
>>  2 files changed, 8 insertions(+)
>>
>> diff --git a/include/exec/memattrs.h b/include/exec/memattrs.h
>> index d4a1642098..39d61188e1 100644
>> --- a/include/exec/memattrs.h
>> +++ b/include/exec/memattrs.h
>> @@ -35,6 +35,8 @@ typedef struct MemTxAttrs {
>>  unsigned int secure:1;
>>  /* Memory access is usermode (unprivileged) */
>>  unsigned int user:1;
>> +/* Page is marked as "guarded" */
>> +unsigned int guarded:1;
> 
> Given that this isn't a real transaction attribute in the traditional
> sense, and it's pretty Arm-specific, I think we could do with a
> more expansive comment than this...

I have split this out to a separate patch, rearranged this to
target_tlb_bit[0-2], with a large block comment.  We will need some more of
these bits for for system mode v8.5-MemTag anyway.


>> +guarded |= extract64(descriptor, 50, 1);  /* GP */
> 
> Do we need to do the logical-OR here? Since this is a
> block/page entry bit with no similar bit in the table
> descriptors, there's no merging to be done (ie we
> only execute this code once and 'guarded' will always
> be 'false' before execution of the |=.)

The document that I have has exactly one sentence about this, and does not
specify whether the bit is akin to the page table attributes (which appear at
every table level) or not.

As written above, this will execute more than once.


r~

Re: [Qemu-devel] [PATCH v9 1/2] qemu-img info lists bitmap directory entries

[Eric Blake]

On 1/28/19 2:01 PM, Andrey Shinkevich wrote:
> In the 'Format specific information' section of the 'qemu-img info'
> command output, the supplemental information about existing QCOW2
> bitmaps will be shown, such as a bitmap name, flags and granularity:
> 

> 
> As the print of the qcow2 specific information expanded by adding
> the bitmap parameters to the 'qemu-img info' command output,
> it requires amendment of the output benchmark in the following
> tests: 060, 065, 082, 198, and 206.
> 
> Signed-off-by: Andrey Shinkevich 
> ---

>  
> +static Qcow2BitmapInfoFlagsList *get_bitmap_info_flags(uint32_t flags)
> +{
> +Qcow2BitmapInfoFlagsList *list = NULL;
> +Qcow2BitmapInfoFlagsList **plist = 
> +
> +if (flags & BME_FLAG_IN_USE) {
> +Qcow2BitmapInfoFlagsList *entry = g_new0(Qcow2BitmapInfoFlagsList, 
> 1);
> +entry->value = QCOW2_BITMAP_INFO_FLAGS_IN_USE;
> +*plist = entry;
> +plist = >next;

This line...

> +}
> +if (flags & BME_FLAG_AUTO) {
> +Qcow2BitmapInfoFlagsList *entry = g_new0(Qcow2BitmapInfoFlagsList, 
> 1);
> +entry->value = QCOW2_BITMAP_INFO_FLAGS_AUTO;
> +*plist = entry;
> +}

...is omitted here. Harmless for now, but may cause grief if a later
flag is added and we forget to add it in. On the other hand, I don't
know if a static analyzer might warn about a dead assignment, so
breaking the symmetry between the two is okay if that is the justification.

Also, thinking about future flag additions, would it make any sense to
write this code in a for loop?  Something like (untested):

static const struct Map {
int bme;
int info;
} map[] = {
{ BME_FLAG_IN_USE, QCOW2_BITMAP_INFO_FLAGS_IN_USE },
{ BME_FLAG_AUTO,   QCOW2_BITMAP_INFO_FLAGS_AUTO },
};

for (i = 0; i < ARRAY_LENGTH(map); i++) {
if (flags & map[i].bme) {
...; entry->value = map[i].info;
}

where adding a new bit is now a one-liner change to the definition of
'map' rather than a 6-line addition of a new conditional.


> +##
> +# @Qcow2BitmapInfo:
> +#
> +# Qcow2 bitmap information.
> +#
> +# @name: the name of the bitmap
> +#
> +# @granularity: granularity of the bitmap in bytes
> +#
> +# @flags: flags of the bitmap
> +#
> +# @unknown-flags: unspecified flags if detected

Maybe:

@flags: recognized flags of the bitmap

@unknown-flags: any remaining flags not recognized by this qemu version


> +++ b/tests/qemu-iotests/060.out
> @@ -18,6 +18,7 @@ cluster_size: 65536
>  Format specific information:
>  compat: 1.1
>  lazy refcounts: false
> +bitmaps:

Hmm. I'm wondering if the human-readable output of a QAPI type with an
optional array should output "" or something similar for a
0-element array, to make it obvious to the human reading the output that
there are no bitmaps.  That's not necessarily a problem in your patch;
and may have even bigger effects to other iotests, so it should be done
as a separate patch if we want it.  But even in your patch, if we did
that,...

>  refcount bits: 16
>  corrupt: true
>  can't open device TEST_DIR/t.IMGFMT: IMGFMT: Image is corrupt; cannot be 
> opened read/write
> diff --git a/tests/qemu-iotests/065 b/tests/qemu-iotests/065
> index 8bac383..86406cb 100755
> --- a/tests/qemu-iotests/065
> +++ b/tests/qemu-iotests/065
> @@ -88,23 +88,23 @@ class TestQMP(TestImageInfoSpecific):
>  class TestQCow2(TestQemuImgInfo):
>  '''Testing a qcow2 version 2 image'''
>  img_options = 'compat=0.10'
> -json_compare = { 'compat': '0.10', 'refcount-bits': 16 }
> -human_compare = [ 'compat: 0.10', 'refcount bits: 16' ]
> +json_compare = { 'compat': '0.10', 'bitmaps': [], 'refcount-bits': 16 }
> +human_compare = [ 'compat: 0.10', 'bitmaps:', 'refcount bits: 16' ]

...the human_compare dict would have to account for whatever string we
output for an empty JSON array.

I'm finding the functionality useful, though, so unless there are strong
opinions presented on making further tweaks, I'm also fine giving this
version as-is:

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3] qdev/core: fix qbus_is_full()

[Tony Krowiak]

On 12/17/18 10:57 AM, Tony Krowiak wrote:

The qbus_is_full(BusState *bus) function (qdev_monitor.c) compares the max_index
value of the BusState structure with the max_dev value of the BusClass structure
to determine whether the maximum number of children has been reached for the
bus. The problem is, the max_index field of the BusState structure does not
necessarily reflect the number of devices that have been plugged into
the bus.

Whenever a child device is plugged into the bus, the bus's max_index value is
assigned to the child device and then incremented. If the child is subsequently
unplugged, the value of the max_index does not change and no longer reflects the
number of children.

When the bus's max_index value reaches the maximum number of devices
allowed for the bus (i.e., the max_dev field in the BusClass structure),
attempts to plug another device will be rejected claiming that the bus is
full -- even if the bus is actually empty.

To resolve the problem, a new 'num_children' field is being added to the
BusState structure to keep track of the number of children plugged into the
bus. It will be incremented when a child is plugged, and decremented when a
child is unplugged.

Signed-off-by: Tony Krowiak 
Reviewed-by: Pierre Morel
Reviewed-by: Halil Pasic 
---
  hw/core/qdev.c | 3 +++
  include/hw/qdev-core.h | 1 +
  qdev-monitor.c | 2 +-
  3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 6b3cc55b27c2..956923f33520 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -59,6 +59,8 @@ static void bus_remove_child(BusState *bus, DeviceState 
*child)
  snprintf(name, sizeof(name), "child[%d]", kid->index);
  QTAILQ_REMOVE(>children, kid, sibling);
  
+bus->num_children--;

+
  /* This gives back ownership of kid->child back to us.  */
  object_property_del(OBJECT(bus), name, NULL);
  object_unref(OBJECT(kid->child));
@@ -73,6 +75,7 @@ static void bus_add_child(BusState *bus, DeviceState *child)
  char name[32];
  BusChild *kid = g_malloc0(sizeof(*kid));
  
+bus->num_children++;

  kid->index = bus->max_index++;
  kid->child = child;
  object_ref(OBJECT(kid->child));
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index a24d0dd566e3..521f0a947ead 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -206,6 +206,7 @@ struct BusState {
  HotplugHandler *hotplug_handler;
  int max_index;
  bool realized;
+int num_children;
  QTAILQ_HEAD(ChildrenHead, BusChild) children;
  QLIST_ENTRY(BusState) sibling;
  };
diff --git a/qdev-monitor.c b/qdev-monitor.c
index 07147c63bf8b..45a8ba49644c 100644
--- a/qdev-monitor.c
+++ b/qdev-monitor.c
@@ -414,7 +414,7 @@ static DeviceState *qbus_find_dev(BusState *bus, char *elem)
  static inline bool qbus_is_full(BusState *bus)
  {
  BusClass *bus_class = BUS_GET_CLASS(bus);
-return bus_class->max_dev && bus->max_index >= bus_class->max_dev;
+return bus_class->max_dev && bus->num_children >= bus_class->max_dev;
  }
  
  /*


Just checking back on this one. Do we want to merge this patch and deal
with the max_index issue in another patch, in this patch, or not at all?

[Qemu-devel] [PATCH v2] s390x/vfio-ap: Implement hot plug/unplug of vfio-ap device

[Tony Krowiak]

Introduces hot plug/unplug support for the vfio-ap device. Note that only one
vfio-ap device can be attached to the ap-bus, so a vfio-ap device can only be
hot plugged if the '-device vfio-ap,sysfsdev=$path_to_mdev' option is not
specified on the QEMU command line.

Please note that a hot plug handler is not necessary for the vfio-ap device
because the AP matrix configuration for the guest is performed by the
kernel device driver when the vfio-ap device is realized. The vfio-ap device
represents a VFIO mediated device created in the host sysfs for use by a guest.
The mdev device is configured with an AP matrix (i.e., adapters and domains) via
its sysfs attribute interfaces prior to starting the guest or plugging a vfio-ap
device in. When the device is realized, a file descriptor is opened on the mdev
device which results in a callback to the vfio_ap kernel device driver. The
device driver then configures the AP matrix in the guest's SIE state description
from the AP matrix assigned via the mdev device's sysfs interfaces. The AP
devices will be created for the guest when the AP bus running on the guest
subsequently performs its periodic scan for AP devices.

The qdev_simple_device_unplug_cb() callback function is used for the same
reaons; namely, the vfio_ap kernel device driver will perform the AP resource
de-configuration for the guest when the vfio-ap device is unplugged. When the
vfio-ap device is unrealized, the mdev device file descriptor is closed which
results in a callback to the vfio_ap kernel device driver. The device driver
then clears the AP matrix configuration in the guest's SIE state description
and resets all of the affected queues. The AP devices created for the guest
will be removed when the AP bus running on the guest subsequently performs
its periodic scan and finds there are no longer any AP resources assigned to the
guest.

Signed-off-by: Tony Krowiak 
Reviewed-by: Pierre Morel
Reviewed-by: David Hildenbrand 
Reviewed-by: Halil Pasic 
Tested-by: Pierre Morel
---
 docs/vfio-ap.txt | 58 +++-
 hw/s390x/ap-bridge.c | 12 ++-
 hw/vfio/ap.c |  2 +-
 3 files changed, 65 insertions(+), 7 deletions(-)

diff --git a/docs/vfio-ap.txt b/docs/vfio-ap.txt
index 12339684cd52..fae40f218620 100644
--- a/docs/vfio-ap.txt
+++ b/docs/vfio-ap.txt
@@ -440,8 +440,7 @@ unassign_control_domain
'unassign_domain' file. This may be done multiple times to unassign more 
than
one control domain.
 
-Notes: Hot plug/unplug is not currently supported for mediated AP matrix
-devices, so no changes to the AP matrix will be allowed while a guest using
+Notes: No changes to the AP matrix will be allowed while a guest using
 the mediated matrix device is running. Attempts to assign an adapter,
 domain or control domain will be rejected and an error (EBUSY) returned.
 
@@ -562,6 +561,51 @@ facilities:
  for guest usage, no AP devices can be made accessible to a
  guest started without APFT installed.
 
+Hot plug a vfio-ap device into a running guest:
+==
+Only one vfio-ap device can be attached to the guest's ap-bus, so a vfio-ap
+device can be hot plugged if and only if the 
+'-device vfio-ap,sysfsdev=$path-to-mdev' option was NOT specified on the QEMU
+command line when the guest was started.
+
+To hot plug a vfio-ap device, use the QEMU device_add command:
+
+(qemu) device_add vfio-ap,sysfsdev="$path-to-mdev"
+
+Where the '$path-to-mdev' value specifies the absolute path to a mediated
+device configured with an AP matrix identifying the AP resources assigned
+to the guest.
+
+The AP devices will be created in the /sys/bus/ap/devices directory on the
+guest when the AP bus subsequently performs its periodic scan, so there may be
+a short delay before the AP devices are accessible on the guest.
+
+The command will fail if:
+
+* The KVM guest was started with the '-device vfio-ap,sysfs=$path-to-mdev'
+  QEMU command line option.
+
+* The CPU model features for controlling guest access to AP facilities are not
+  enabled (see 'CPU model features' subsection in the previous section).
+
+Hot unplug a vfio-ap device from a running guest:
+
+A vfio-ap device can be unplugged from a running KVM guest if the
+'-device vfio-ap,sysfsdev=$path-to-mdev' option was specified on the QEMU
+command line when the guest was started.
+
+To hot unplug a vfio-ap device, use the QEMU device_del command:
+
+(qemu) device_del vfio-ap,sysfsdev="$path-to-mdev"
+
+The AP devices will be removed from the /sys/bus/ap/devices directory on the
+guest when the AP bus subsequently performs its periodic scan, so there may be
+a short delay before the AP devices are no longer accessible by the guest.
+
+The command will fail if the $path-to-mdev specified on the device_del command
+does not match the value specified on the '-device 

Re: [Qemu-devel] [Qemu-block] [PATCH v3 13/19] block: Remove aio_poll() in bdrv_drain_poll variants

[Max Reitz]

On 20.09.18 18:19, Kevin Wolf wrote:
> bdrv_drain_poll_top_level() was buggy because it didn't release the
> AioContext lock of the node to be drained before calling aio_poll().
> This way, callbacks called by aio_poll() would possibly take the lock a
> second time and run into a deadlock with a nested AIO_WAIT_WHILE() call.
> 
> However, it turns out that the aio_poll() call isn't actually needed any
> more. It was introduced in commit 91af091f923, which is effectively
> reverted by this patch. The cases it was supposed to fix are now covered
> by bdrv_drain_poll(), which waits for block jobs to reach a quiescent
> state.
> 
> Signed-off-by: Kevin Wolf 
> Reviewed-by: Fam Zheng 
> Reviewed-by: Max Reitz 
> ---
>  block/io.c | 8 
>  1 file changed, 8 deletions(-)

Hm...  While looking at iotest 129 (which I think is broken because it
tries to use BB-level throttling which doesn't do anything for the
mirror job), I noticed this:

$ x86_64-softmmu/qemu-system-x86_64 \
-object throttle-group,id=tg0 \
-drive node-name=node0,driver=throttle,\
throttle-group=tg0,file.driver=qcow2,file.file.driver=file,\
file.file.filename=/tmp/src.qcow2 -qmp stdio \

[Qemu-devel] [PATCH v9 1/2] qemu-img info lists bitmap directory entries

[Andrey Shinkevich]

In the 'Format specific information' section of the 'qemu-img info'
command output, the supplemental information about existing QCOW2
bitmaps will be shown, such as a bitmap name, flags and granularity:

image: /vz/vmprivate/VM1/harddisk.hdd
file format: qcow2
virtual size: 64G (68719476736 bytes)
disk size: 3.0M
cluster_size: 1048576
Format specific information:
compat: 1.1
lazy refcounts: true
bitmaps:
[0]:
flags:
[0]: in-use
[1]: auto
name: back-up1
unknown flags: 4
granularity: 65536
[1]:
flags:
[0]: in-use
[1]: auto
name: back-up2
unknown flags: 8
granularity: 65536
refcount bits: 16
corrupt: false

As the print of the qcow2 specific information expanded by adding
the bitmap parameters to the 'qemu-img info' command output,
it requires amendment of the output benchmark in the following
tests: 060, 065, 082, 198, and 206.

Signed-off-by: Andrey Shinkevich 
---
 block/qapi.c   |  6 +
 block/qcow2-bitmap.c   | 64 ++
 block/qcow2.c  | 13 ++
 block/qcow2.h  |  2 ++
 qapi/block-core.json   | 42 +-
 tests/qemu-iotests/060.out |  1 +
 tests/qemu-iotests/065 | 16 ++--
 tests/qemu-iotests/082.out |  7 +
 tests/qemu-iotests/198.out |  2 ++
 tests/qemu-iotests/206.out |  5 
 10 files changed, 149 insertions(+), 9 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index c66f949..0fde98c 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -38,6 +38,7 @@
 #include "qapi/qmp/qstring.h"
 #include "sysemu/block-backend.h"
 #include "qemu/cutils.h"
+#include "qemu/error-report.h"
 
 BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk,
 BlockDriverState *bs, Error **errp)
@@ -868,6 +869,11 @@ void bdrv_image_info_dump(fprintf_function func_fprintf, 
void *f,
 
 if (info->has_format_specific) {
 func_fprintf(f, "Format specific information:\n");
+if (info->format_specific &&
+info->format_specific->type == IMAGE_INFO_SPECIFIC_KIND_QCOW2 &&
+info->format_specific->u.qcow2.data->has_bitmaps == false) {
+warn_report("Failed to load bitmap list");
+}
 bdrv_image_info_specific_dump(func_fprintf, f, info->format_specific);
 }
 }
diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
index b946301..ae842eb 100644
--- a/block/qcow2-bitmap.c
+++ b/block/qcow2-bitmap.c
@@ -1006,6 +1006,70 @@ fail:
 return false;
 }
 
+static Qcow2BitmapInfoFlagsList *get_bitmap_info_flags(uint32_t flags)
+{
+Qcow2BitmapInfoFlagsList *list = NULL;
+Qcow2BitmapInfoFlagsList **plist = 
+
+if (flags & BME_FLAG_IN_USE) {
+Qcow2BitmapInfoFlagsList *entry = g_new0(Qcow2BitmapInfoFlagsList, 1);
+entry->value = QCOW2_BITMAP_INFO_FLAGS_IN_USE;
+*plist = entry;
+plist = >next;
+}
+if (flags & BME_FLAG_AUTO) {
+Qcow2BitmapInfoFlagsList *entry = g_new0(Qcow2BitmapInfoFlagsList, 1);
+entry->value = QCOW2_BITMAP_INFO_FLAGS_AUTO;
+*plist = entry;
+}
+return list;
+}
+
+/*
+ * qcow2_get_bitmap_info_list()
+ * Returns a list of QCOW2 bitmap details.
+ * In case of no bitmaps, the function returns NULL and
+ * the @errp parameter is not set (for a 0-length list in the QMP).
+ * When bitmap information can not be obtained, the function returns
+ * NULL and the @errp parameter is set (for omitting the list in QMP).
+ */
+Qcow2BitmapInfoList *qcow2_get_bitmap_info_list(BlockDriverState *bs,
+Error **errp)
+{
+BDRVQcow2State *s = bs->opaque;
+Qcow2BitmapList *bm_list;
+Qcow2Bitmap *bm;
+Qcow2BitmapInfoList *list = NULL;
+Qcow2BitmapInfoList **plist = 
+
+if (s->nb_bitmaps == 0) {
+return NULL;
+}
+
+bm_list = bitmap_list_load(bs, s->bitmap_directory_offset,
+   s->bitmap_directory_size, errp);
+if (bm_list == NULL) {
+return NULL;
+}
+
+QSIMPLEQ_FOREACH(bm, bm_list, entry) {
+Qcow2BitmapInfo *info = g_new0(Qcow2BitmapInfo, 1);
+Qcow2BitmapInfoList *obj = g_new0(Qcow2BitmapInfoList, 1);
+info->granularity = 1U << bm->granularity_bits;
+info->name = g_strdup(bm->name);
+info->flags = get_bitmap_info_flags(bm->flags);
+info->unknown_flags = bm->flags & BME_RESERVED_FLAGS;
+info->has_unknown_flags = !!info->unknown_flags;
+obj->value = info;
+*plist = obj;
+plist = >next;
+}
+
+bitmap_list_free(bm_list);
+
+return list;
+}
+
 int qcow2_reopen_bitmaps_rw_hint(BlockDriverState *bs, bool *header_updated,
  Error **errp)
 {
diff --git a/block/qcow2.c b/block/qcow2.c
index 

[Qemu-devel] [PATCH v9 0/2] qemu-img info lists bitmap directory entries

[Andrey Shinkevich]

Currently, I am tackling the implementation of the Eric Blake's ideas,
who proposed the following:
"Should the test also create a disabled bitmap ("enabled":false), to show
the change in flags, and/or a non-persistent bitmap (to show that it
does not affect the qcow2 information, but only the query-blocks output,
because it is transient)?" which were with the the message ID:

The version #7 was discussed with the message ID:
<1544698788-52893-1-git-send-email-andrey.shinkev...@virtuozzo.com>

v9: The new test 239 of the qemu-iotests set was amended to show the bitmaps
being added and to demonstrate the bitmap flag "in-use".

v8:
The output benchmark files for the qemu-iotests, namely 060, 065 082, 198
and 206, were modified to show the bitmap extension for the qemu specific
information. A new test file 239 was added to the test set that checks the
output for the fields of the bitmap section.
The backward compatibility of the output for images of the version 2
of qcow2 was added.

v7:
A description was added to the function qcow2_get_bitmap_info_list().
In the function qcow2_get_specific_info(), the comment was modified
so that we ignore any error in obtaining the list of bitmaps to
pass the rest of QCOW2 specific information to a caller.

v6:
'[PATCH v6] qemu-img info lists bitmap directory entries'.
The error handling logic for the bitmaps empty list was reversed.

v5:
'[PATCH v5] qemu-img info lists bitmap directory entries'.
The error handling logic for the bitmaps empty list was fixed and documented.

v4:
'[PATCH v4] qemu-img info lists bitmap directory entries'.
Unknown flags are checked with the mask BME_RESERVED_FLAGS.
The code minor refactoring was made.

v3:
'[PATCH v3] qemu-img info lists bitmap directory entries'.
Now, qcow2_get_bitmap_info_list() is invoked under the condition of QCOW
version #3 to avoid memory leaks in case of QCOW version #2.
Furthermore, qcow2_get_bitmap_info_list() checks the number of existing bitmaps.
So, if no bitmap exists, no bitmap error message is printed in the output.
The data type of the bitmap 'granularity' parameter was left as 'uint32'
because bitmap_list_load() returns error if granularity_bits is grater than 31.

v2:
'[PATCH v2] qemu-img info lists bitmap directory entries'.
The targeted version of the release at 'Since' word of the comments to the new
structures changed to 4.0 in the file qapi/block-core.json.
A comment to the 'bitmaps' new member was supplied.
The 'unknown flags' parameter was introduced to indicate presence of QCOW2
bitmap unknown flags, if any.
The word 'dirty' was removed from the code and from the comments as we list all
the bitmaps.
The 'bitmaps' printed parameter was removed for the release versions earlier
than 3.x.
The example of the output was moved above the 'Signed-off-by' line.

The first version was '[PATCH] qemu-img info lists bitmap directory entries'.

Andrey Shinkevich (2):
  qemu-img info lists bitmap directory entries
  qemu-img info: bitmaps extension new test 239

 block/qapi.c   |  6 
 block/qcow2-bitmap.c   | 64 +
 block/qcow2.c  | 13 +++
 block/qcow2.h  |  2 ++
 qapi/block-core.json   | 42 +-
 tests/qemu-iotests/060.out |  1 +
 tests/qemu-iotests/065 | 16 -
 tests/qemu-iotests/082.out |  7 
 tests/qemu-iotests/198.out |  2 ++
 tests/qemu-iotests/206.out |  5 +++
 tests/qemu-iotests/239 | 60 +++
 tests/qemu-iotests/239.out | 88 ++
 tests/qemu-iotests/group   |  1 +
 13 files changed, 298 insertions(+), 9 deletions(-)
 create mode 100755 tests/qemu-iotests/239
 create mode 100644 tests/qemu-iotests/239.out

-- 
1.8.3.1

[Qemu-devel] [PATCH v9 2/2] qemu-img info: bitmaps extension new test 239

[Andrey Shinkevich]

A new test file 239 added to the qemu-iotests set. It checks
the output format of 'qemu-img info' for bitmaps extension of
qcow2 specific information.

Signed-off-by: Andrey Shinkevich 
---
 tests/qemu-iotests/239 | 60 +++
 tests/qemu-iotests/239.out | 88 ++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 149 insertions(+)
 create mode 100755 tests/qemu-iotests/239
 create mode 100644 tests/qemu-iotests/239.out

diff --git a/tests/qemu-iotests/239 b/tests/qemu-iotests/239
new file mode 100755
index 000..233b58b
--- /dev/null
+++ b/tests/qemu-iotests/239
@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+#
+# Test for qcow2 bitmap printed information
+#
+# Copyright (c) 2018 Virtuozzo International GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import iotests
+import json
+from iotests import qemu_img_create, qemu_io, qemu_img_pipe, \
+file_path, log
+
+disk = file_path('disk')
+chunk = 256
+
+def print_bitmap():
+log('bitmap info dump:')
+result = json.loads(qemu_img_pipe('info', '--force-share',
+  '--output=json', disk))
+bitmaps = result['format-specific']['data']['bitmaps']
+log(bitmaps, indent=2)
+
+def add_bitmap(bitmap_number):
+num = bitmap_number
+granularity = 2**(13 + num)
+bitmap_name = 'bitmap-' + str(num)
+vm = iotests.VM().add_drive(disk)
+vm.launch()
+vm.qmp_log('block-dirty-bitmap-add', node='drive0', name=bitmap_name,
+   granularity=granularity, persistent=True)
+vm.shutdown()
+write = 'write {} {}K'.format((num-1)*chunk, chunk)
+qemu_io('-f', iotests.imgfmt, '-c', write, disk)
+
+iotests.verify_image_format(supported_fmts=['qcow2'])
+qemu_img_create('-f', iotests.imgfmt, disk, '1M')
+
+for num in range(1, 4):
+add_bitmap(num)
+print_bitmap()
+log('')
+
+vm = iotests.VM().add_drive(disk)
+vm.launch()
+log('Check \"in-use\" flag')
+print_bitmap()
+vm.shutdown()
diff --git a/tests/qemu-iotests/239.out b/tests/qemu-iotests/239.out
new file mode 100644
index 000..efeca9f
--- /dev/null
+++ b/tests/qemu-iotests/239.out
@@ -0,0 +1,88 @@
+{"execute": "block-dirty-bitmap-add", "arguments": {"granularity": 16384, 
"name": "bitmap-1", "node": "drive0", "persistent": true}}
+{"return": {}}
+bitmap info dump:
+[
+  {
+"flags": [
+  "auto"
+],
+"granularity": 16384,
+"name": "bitmap-1"
+  }
+]
+
+{"execute": "block-dirty-bitmap-add", "arguments": {"granularity": 32768, 
"name": "bitmap-2", "node": "drive0", "persistent": true}}
+{"return": {}}
+bitmap info dump:
+[
+  {
+"flags": [
+  "auto"
+],
+"granularity": 16384,
+"name": "bitmap-1"
+  },
+  {
+"flags": [
+  "auto"
+],
+"granularity": 32768,
+"name": "bitmap-2"
+  }
+]
+
+{"execute": "block-dirty-bitmap-add", "arguments": {"granularity": 65536, 
"name": "bitmap-3", "node": "drive0", "persistent": true}}
+{"return": {}}
+bitmap info dump:
+[
+  {
+"flags": [
+  "auto"
+],
+"granularity": 16384,
+"name": "bitmap-1"
+  },
+  {
+"flags": [
+  "auto"
+],
+"granularity": 32768,
+"name": "bitmap-2"
+  },
+  {
+"flags": [
+  "auto"
+],
+"granularity": 65536,
+"name": "bitmap-3"
+  }
+]
+
+Check "in-use" flag
+bitmap info dump:
+[
+  {
+"flags": [
+  "in-use",
+  "auto"
+],
+"granularity": 16384,
+"name": "bitmap-1"
+  },
+  {
+"flags": [
+  "in-use",
+  "auto"
+],
+"granularity": 32768,
+"name": "bitmap-2"
+  },
+  {
+"flags": [
+  "in-use",
+  "auto"
+],
+"granularity": 65536,
+"name": "bitmap-3"
+  }
+]
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 0f1c3f9..3e310c7 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -235,3 +235,4 @@
 235 auto quick
 236 auto quick
 238 auto quick
+239 rw auto quick
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v2 1/2] tests.acceptance: adds multi vm capability for acceptance tests

[Wainer dos Santos Moschetta]

On 01/28/2019 03:47 PM, Caio Carrara wrote:

This change adds the possibility to write acceptance tests with multi
virtual machine support. It's done keeping the virtual machines objects
stored in a test attribute (dictionary). This dictionary shouldn't be
accessed directly but through the new method added `get_vm`. This new
method accept a list of args (that will be added as virtual machine
arguments) and an optional name argument. The name is the key that
identify a single virtual machine along the test machines available. If
a name without a machine is informed a new machine will be instantiated.

The current usage of vm in tests will not be broken by this change since
it keeps a property called vm in the base test class. This property only
calls the new method `get_vm` with default parameters (no args and
'default' as machine name).


I've checked that current tests does not break by this change. I also 
checked the example you provided on docs/devel/testing.rst works too.


So Tested-by: Wainer dos Santos Moschetta 



Signed-off-by: Caio Carrara 
---
  docs/devel/testing.rst| 40 ++-
  tests/acceptance/avocado_qemu/__init__.py | 25 +++---
  2 files changed, 60 insertions(+), 5 deletions(-)

diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index 18e2c0868a..b97c0368bc 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -634,7 +634,45 @@ instance, available at ``self.vm``.  Because many tests 
will tweak the
  QEMU command line, launching the QEMUMachine (by using ``self.vm.launch()``)
  is left to the test writer.
  
-At test "tear down", ``avocado_qemu.Test`` handles the QEMUMachine

+The base test class has also support for tests with more than one
+QEMUMachine. The way to get machines is through the ``self.get_vm()``
+method which will return a QEMUMachine instance. The ``self.get_vm()``
+method also accepts an optional `name` attribute so you can identify a
+specific machine and get it more than once through the tests methods. A
+simple and hypothetical example follows:


Since you explain the self.get_vm() optional name attribute, you also 
could mention it accepts arguments to be passed to the newly created VM.



+
+.. code::
+
+  from avocado_qemu import Test
+
+
+  class MultipleMachines(Test):
+  """
+  :avocado: enable
+  """
+  def test_multiple_machines(self):
+  first_machine = self.get_vm()
+  second_machine = self.get_vm()
+  self.get_vm(name='third_machine').launch()
+
+  first_machine.launch()
+  second_machine.launch()
+
+  first_res = first_machine.command(
+  'human-monitor-command',
+  command_line='info version')
+
+  second_res = second_machine.command(
+  'human-monitor-command',
+  command_line='info version')
+
+  third_res = self.get_vm(name='third_machine').command(
+  'human-monitor-command',
+  command_line='info version')
+
+  self.assertEquals(first_res, second_res, third_res)
+
+At test "tear down", ``avocado_qemu.Test`` handles all the QEMUMachines
  shutdown.
  
  QEMUMachine

diff --git a/tests/acceptance/avocado_qemu/__init__.py 
b/tests/acceptance/avocado_qemu/__init__.py
index 1e54fd5932..4c9e27feda 100644
--- a/tests/acceptance/avocado_qemu/__init__.py
+++ b/tests/acceptance/avocado_qemu/__init__.py
@@ -10,6 +10,7 @@
  
  import os

  import sys
+import uuid
  
  import avocado
  
@@ -42,13 +43,29 @@ def pick_default_qemu_bin():
  
  class Test(avocado.Test):

  def setUp(self):
-self.vm = None
+self._vms = {}
  self.qemu_bin = self.params.get('qemu_bin',
  default=pick_default_qemu_bin())
  if self.qemu_bin is None:
  self.cancel("No QEMU binary defined or found in the source tree")
-self.vm = QEMUMachine(self.qemu_bin)
+
+def _new_vm(self, *args):
+vm = QEMUMachine(self.qemu_bin)
+if args:
+vm.add_args(*args)
+return vm
+
+@property
+def vm(self):
+return self.get_vm(name='default')
+
+def get_vm(self, *args, name=None):
+if not name:
+name = str(uuid.uuid4())


Beware that if you don't give a name to the VM, the only way to access 
it later is to keep the reference returned by get_vm(). Do you think it 
is something we should care about? or assume the test writer handle this 
(unlikely?) case somehow?


- Wainer


+if self._vms.get(name) is None:
+self._vms[name] = self._new_vm(*args)
+return self._vms[name]
  
  def tearDown(self):

-if self.vm is not None:
-self.vm.shutdown()
+for vm in self._vms.values():
+vm.shutdown()

Re: [Qemu-devel] [Qemu-ppc] [PATCH v4 2/3] target/ppc: Add GDB callbacks for SPRs

[Fabiano Rosas]

David Gibson  writes:

> On Thu, Jan 24, 2019 at 06:20:02PM +1100, Alexey Kardashevskiy wrote:
>> 
>> 
>> On 23/01/2019 04:01, Fabiano Rosas wrote:
>> > These will be used to let GDB know about PPC's Special Purpose
>> > Registers (SPR).
>> > 
>> > They take an index based on the order the registers appear in the XML
>> > file sent by QEMU to GDB. This index does not match the actual
>> > location of the registers in the env->spr array so the
>> > gdb_find_spr_idx function does that conversion.
>> > 
>> > Signed-off-by: Fabiano Rosas 
>> > ---
>> >  target/ppc/translate_init.inc.c | 54 -
>> >  1 file changed, 53 insertions(+), 1 deletion(-)
>> > 
>> > diff --git a/target/ppc/translate_init.inc.c 
>> > b/target/ppc/translate_init.inc.c
>> > index 710064a25d..f29ac3558a 100644
>> > --- a/target/ppc/translate_init.inc.c
>> > +++ b/target/ppc/translate_init.inc.c
>> > @@ -9487,6 +9487,55 @@ static bool avr_need_swap(CPUPPCState *env)
>> >  #endif
>> >  }
>> >  
>> > +#if !defined(CONFIG_USER_ONLY)
>> > +static int gdb_find_spr_idx(CPUPPCState *env, int n)
>> > +{
>> > +int i;
>> > +
>> > +for (i = 0; i < ARRAY_SIZE(env->spr_cb); i++) {
>> > +ppc_spr_t *spr = >spr_cb[i];
>> > +
>> > +if (spr->name && spr->gdb_id == n) {
>> > +return i;
>> > +}
>> > +}
>> > +return -1;
>> > +}
>> > +
>> > +static int gdb_get_spr_reg(CPUPPCState *env, uint8_t *mem_buf, int n)
>> > +{
>> > +int reg;
>> > +int len;
>> > +
>> > +reg = gdb_find_spr_idx(env, n);
>> > +if (reg < 0) {
>> > +return 0;
>> > +}
>> > +
>> > +len = TARGET_LONG_SIZE;
>> > +stn_p(mem_buf, len, env->spr[reg]);
>> > +ppc_maybe_bswap_register(env, mem_buf, len);
>> 
>> 
>> I am confused by this as it produces different results depending on the
>> guest mode:
>
>
> Hm, yeah, I thought the bswap here looked odd, but it wasn't obvious
> to me if it was bogus here, or just a bogus gdb interface we have to
> work around.
>
>> (gdb) p $pvr
>> $1 = 0x14c00
>> (gdb) c
>> Continuing.
>> Program received signal SIGINT, Interrupt.
>> (gdb) p $pvr
>> $2 = 0x4c0100
>
> But that behaviour definitely looks wrong.

GDB detects the endianness by looking at the ELF headers:

(gdb) p/x $pvr
$1 = 0x1024b00
(gdb) file ~/qemu/roms/SLOF/board-qemu/llfw/stage1.elf
Reading symbols from ~/qemu/roms/SLOF/board-qemu/llfw/stage1.elf...done.
(gdb) show endian
The target endianness is set automatically (currently big endian)
(gdb) p/x $pvr
$2 = 0x4b0201
(gdb) c
Continuing.

(gdb) ^C
Program received signal SIGINT, Interrupt.
0x74a70cc0 in ?? ()
(gdb) file vmlinux
Reading symbols from vmlinux...done.
(gdb) show endian
The target endianness is set automatically (currently little endian)
(gdb) p/x $pvr
$3 = 0x4b0201

The maybe_bswap_register is done due to QEMU having TARGET_WORDS_BIGENDIAN set
even after we have changed into LE mode.

>> First print is when I stopped the guest in the SLOF firmware (so it is
>> big-endian) and then I continued and stopped gdb when the guest booted a
>> little-endian system; the KVM host is little endian, the machine running
>> gdb is LE too.
>> 
>> QEMU monitor prints the same 0x4c0100 in both cases.
>> 
>> I am adding the inventor of maybe_bswap_register() in cc: for
>> assistance. Swapping happens:
>> - once for BE: after stn_p()
>>  *(unsigned long *)mem_buf is 0x14c00
>> - twice for LE.
>> 
>> 
>> 
>> 
>> 
>> > +return len;
>> > +}
>> > +
>> > +static int gdb_set_spr_reg(CPUPPCState *env, uint8_t *mem_buf, int n)
>> > +{
>> > +int reg;
>> > +int len;
>> > +
>> > +reg = gdb_find_spr_idx(env, n);
>> > +if (reg < 0) {
>> > +return 0;
>> > +}
>> > +
>> > +len = TARGET_LONG_SIZE;
>> > +ppc_maybe_bswap_register(env, mem_buf, len);
>> > +env->spr[reg] = ldn_p(mem_buf, len);
>> > +
>> > +return len;
>> > +}
>> > +#endif
>> > +
>> >  static int gdb_get_float_reg(CPUPPCState *env, uint8_t *mem_buf, int n)
>> >  {
>> >  if (n < 32) {
>> > @@ -9716,7 +9765,10 @@ static void ppc_cpu_realize(DeviceState *dev, Error 
>> > **errp)
>> >  gdb_register_coprocessor(cs, gdb_get_vsx_reg, gdb_set_vsx_reg,
>> >   32, "power-vsx.xml", 0);
>> >  }
>> > -
>> > +#ifndef CONFIG_USER_ONLY
>> > +gdb_register_coprocessor(cs, gdb_get_spr_reg, gdb_set_spr_reg,
>> > + pcc->gdb_num_sprs, "power-spr.xml", 0);
>> > +#endif
>> >  qemu_init_vcpu(cs);
>> >  
>> >  pcc->parent_realize(dev, errp);
>> > 
>> 

Re: [Qemu-devel] Crash when booting KDE Neon using qxl-vga

[Leonardo Soares Müller]

libspice-server1 on host: 0.14.0-1ubuntu2.2
spice-vdagent (the only package) on guest: 0.17.0-1ubuntu2
Guest kernel version: 4.15.0-44-generic

> 
> OK, great;  can can you confirm the version of the spice packages
> on both the guest and host, and the kernel on the guest.
> 
> Dave
> 
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
> 

[Qemu-devel] [PULL 2/2] hostmem: add more information in error messages

[Eduardo Habkost]

From: Zhang Yi 

When there are multiple memory backends in use, including the object type
and property name in the error message can help users to locate the error.

Signed-off-by: Haozhong Zhang 
Signed-off-by: Zhang Yi 
Message-Id: 
<97d9193875747d8378c05b9e3b3cb39c1b7d2b4e.1546399191.git.yi.z.zh...@linux.intel.com>
Reviewed-by: Eduardo Habkost 
[ehabkost: reword commit message]
Signed-off-by: Eduardo Habkost 
---
 backends/hostmem-file.c | 6 --
 backends/hostmem.c  | 8 +---
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c
index 7a34e25c43..ba601ce940 100644
--- a/backends/hostmem-file.c
+++ b/backends/hostmem-file.c
@@ -82,7 +82,8 @@ static void set_mem_path(Object *o, const char *str, Error 
**errp)
 HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(o);
 
 if (host_memory_backend_mr_inited(backend)) {
-error_setg(errp, "cannot change property value");
+error_setg(errp, "cannot change property 'mem-path' of %s",
+   object_get_typename(o));
 return;
 }
 g_free(fb->mem_path);
@@ -120,7 +121,8 @@ static void file_memory_backend_set_align(Object *o, 
Visitor *v,
 uint64_t val;
 
 if (host_memory_backend_mr_inited(backend)) {
-error_setg(_err, "cannot change property value");
+error_setg(_err, "cannot change property '%s' of %s",
+   name, object_get_typename(o));
 goto out;
 }
 
diff --git a/backends/hostmem.c b/backends/hostmem.c
index 0c8ef17653..87b19d2111 100644
--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -57,7 +57,8 @@ host_memory_backend_set_size(Object *obj, Visitor *v, const 
char *name,
 uint64_t value;
 
 if (host_memory_backend_mr_inited(backend)) {
-error_setg(_err, "cannot change property value");
+error_setg(_err, "cannot change property %s of %s ",
+   name, object_get_typename(obj));
 goto out;
 }
 
@@ -66,8 +67,9 @@ host_memory_backend_set_size(Object *obj, Visitor *v, const 
char *name,
 goto out;
 }
 if (!value) {
-error_setg(_err, "Property '%s.%s' doesn't take value '%"
-   PRIu64 "'", object_get_typename(obj), name, value);
+error_setg(_err,
+   "property '%s' of %s doesn't take value '%" PRIu64 "'",
+   name, object_get_typename(obj), value);
 goto out;
 }
 backend->size = value;
-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PULL 0/2] Machine queue, 2019-01-28

[Eduardo Habkost]

The following changes since commit 5f39a91dbd9a186edb999afd4d17524f4b1da14f:

  Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into 
staging (2019-01-28 12:54:06 +)

are available in the Git repository at:

  git://github.com/ehabkost/qemu.git tags/machine-next-pull-request

for you to fetch changes up to 21d1683690e048663855dd6feb3034ab7c5039bc:

  hostmem: add more information in error messages (2019-01-28 15:52:05 -0200)


Machine queue, 2019-01-28

* Fix small leak on NUMA code
* Improve memory backend error messages



Queue for Machine Core patches


Zhang Yi (2):
  numa: Fixed the memory leak of numa error message
  hostmem: add more information in error messages

 backends/hostmem-file.c | 6 --
 backends/hostmem.c  | 8 +---
 numa.c  | 1 +
 3 files changed, 10 insertions(+), 5 deletions(-)

-- 
2.18.0.rc1.1.g3f1ff2140

[Qemu-devel] [PULL 1/2] numa: Fixed the memory leak of numa error message

[Eduardo Habkost]

From: Zhang Yi 

object_get_canonical_path_component() returns a string which
must be freed using g_free().

Signed-off-by: Zhang Yi 
Reviewed-by: Pankaj gupta 
Reviewed-by: Igor Mammedov 
Message-Id: 
<51ba6d7d0333a5517d824a870dd20887156dd15a.1546399191.git.yi.z.zh...@linux.intel.com>
Signed-off-by: Eduardo Habkost 
---
 numa.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/numa.c b/numa.c
index 50ec016013..3875e1efda 100644
--- a/numa.c
+++ b/numa.c
@@ -533,6 +533,7 @@ void memory_region_allocate_system_memory(MemoryRegion *mr, 
Object *owner,
 error_report("memory backend %s is used multiple times. Each "
  "-numa option must use a different memdev value.",
  path);
+g_free(path);
 exit(1);
 }
 
-- 
2.18.0.rc1.1.g3f1ff2140