[Qemu-devel] [PULL 00/32] Misc patches for QEMU soft freeze

[Qemu-devel] [PULL 00/32] Misc patches for QEMU soft freeze

[Paolo Bonzini]

The following changes since commit 7dd929dfdc5c52ce79b21bf557ff506e89acbf63:

  configure: Make AVX2 test robust to non-ELF systems (2016-06-28 15:40:40 +0100)

are available in the git repository at:

  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to ea74c50f48100860ef4d27f4a1b2aa3f5cb9a766:

  vl: smp_parse: fix regression (2016-06-28 19:19:29 +0200)

----------------------------------------------------------------
* serial port fixes (Paolo)
* Q35 modeling improvements (Paolo, Vasily)
* chardev cleanup improvements (Marc-André)
* iscsi bugfix (Peter L.)
* cpu_exec patch from multi-arch patches (Peter C.)
* pci-assign tweak (Lin Ma)

----------------------------------------------------------------
Andrew Jones (1):
      vl: smp_parse: fix regression

Efimov Vasily (13):
      ide: move headers to include folder
      pcspk: convert "pit" property type from ptr to link
      vmport: identify vmport type by macro TYPE_VMPORT
      pflash: make TYPE_CFI_PFLASH0{1,2} macros public
      Q35: implement property interfece to several parameters
      pc_q35: configure Q35 instance using properties
      pckbd: handle A20 IRQ as GPIO
      port92: handle A20 IRQ as GPIO
      ICH9 SMB: make TYPE_ICH9_SMB_DEVICE macro public
      ICH9 LPC: handle GSI as qdev GPIO
      ICH9 LPC: move call of isa_bus_irqs to 'realize' method
      isa: introduce wrapper isa_connect_gpio_out
      MC146818 RTC: add GPIO access to output IRQ

Lin Ma (1):
      pci-assign: Move "Invalid ROM" error message to pci-assign-load-rom.c

Marc-André Lureau (3):
      char: clean up remaining chardevs when leaving
      socket: add listen feature
      socket: unlink unix socket on remove

Paolo Bonzini (13):
      ich9: call ich9_lpc_update_pic for disabled pirqs
      ich9: clean up ich9_lpc_update_pic/ich9_lpc_update_apic and callers
      ich9: unify pic and ioapic IRQ vectors
      scsi: esp: fix migration
      vnc: generalize "VNC server running on ..." message
      serial: make tsr_retry unsigned
      serial: simplify tsr_retry reset
      serial: separate serial_xmit and serial_watch_cb
      char: change qemu_chr_fe_add_watch to return unsigned
      serial: remove watch on reset
      serial: reinstate watch after migration
      ich9: implement ACPI_EN register
      ich9: implement SCI_IRQ_SEL register

Peter Crosthwaite (1):
      target-*: Don't redefine cpu_exec()

Peter Lieven (1):
      iscsi: fix assertion in is_sector_request_lun_aligned

 block/iscsi.c                     |  5 ++-
 hw/audio/pcspk.c                  |  9 +++-
 hw/block/pflash_cfi01.c           |  1 -
 hw/block/pflash_cfi02.c           |  1 -
 hw/char/cadence_uart.c            |  9 ++--
 hw/char/serial.c                  | 67 ++++++++++++++++++++++-------
 hw/i2c/smbus_ich9.c               |  1 -
 hw/i386/kvm/pci-assign.c          |  4 --
 hw/i386/pc.c                      | 10 ++---
 hw/i386/pc_q35.c                  | 28 +++++++-----
 hw/i386/pci-assign-load-rom.c     |  3 ++
 hw/ide/ahci.c                     |  2 +-
 hw/input/pckbd.c                  | 21 +++------
 hw/isa/isa-bus.c                  |  7 +++
 hw/isa/lpc_ich9.c                 | 89 ++++++++++++++++++++++-----------------
 hw/misc/vmport.c                  |  1 -
 hw/pci-host/q35.c                 | 20 +++++++++
 hw/scsi/esp.c                     |  5 ++-
 hw/timer/mc146818rtc.c            |  6 ++-
 include/exec/cpu-all.h            |  2 +
 include/hw/audio/pcspk.h          |  2 +-
 include/hw/block/flash.h          |  3 ++
 include/hw/char/serial.h          |  3 +-
 include/hw/i386/ich9.h            |  8 +++-
 include/hw/i386/pc.h              |  8 +++-
 {hw => include/hw}/ide/ahci.h     |  0
 {hw => include/hw}/ide/internal.h |  0
 {hw => include/hw}/ide/pci.h      |  0
 include/hw/isa/isa.h              |  1 +
 include/hw/pci-host/q35.h         |  9 +++-
 include/io/channel.h              |  1 +
 include/migration/vmstate.h       |  5 ++-
 include/qemu/sockets.h            |  3 +-
 include/sysemu/char.h             | 16 ++++++-
 include/ui/console.h              |  7 ---
 io/channel-socket.c               | 17 ++++++++
 linux-user/main.c                 | 32 +++++++-------
 net/vhost-user.c                  |  2 +-
 qemu-char.c                       | 19 +++++++--
 target-alpha/cpu.h                |  2 -
 target-arm/cpu.h                  |  2 -
 target-cris/cpu.h                 |  2 -
 target-i386/cpu.h                 |  2 -
 target-lm32/cpu.h                 |  2 -
 target-m68k/cpu.h                 |  2 -
 target-microblaze/cpu.h           |  2 -
 target-mips/cpu.h                 |  2 -
 target-moxie/cpu.h                |  2 -
 target-openrisc/cpu.h             |  2 -
 target-ppc/cpu.h                  |  2 -
 target-s390x/cpu.h                |  2 -
 target-sh4/cpu.h                  |  2 -
 target-sparc/cpu.h                |  2 -
 target-tilegx/cpu.h               |  2 -
 target-tricore/cpu.h              |  2 -
 target-unicore32/cpu.h            |  3 --
 target-xtensa/cpu.h               |  2 -
 tests/test-io-channel-socket.c    |  2 +-
 ui/vnc.c                          | 23 +++++-----
 util/qemu-sockets.c               | 18 ++++++++
 vl.c                              |  9 +---
 61 files changed, 317 insertions(+), 199 deletions(-)
 rename {hw => include/hw}/ide/ahci.h (100%)
 rename {hw => include/hw}/ide/internal.h (100%)
 rename {hw => include/hw}/ide/pci.h (100%)
-- 
2.7.4

[Qemu-devel] [PULL 01/32] ide: move headers to include folder

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

The patch moves "hw/ide/achi.h", "hw/ide/pci.h" and "hw/ide/internal.h" headers
to corresponding folders inside "include" folder alike other Qemu headers.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/ide/ahci.c                     | 2 +-
 {hw => include/hw}/ide/ahci.h     | 0
 {hw => include/hw}/ide/internal.h | 0
 {hw => include/hw}/ide/pci.h      | 0
 4 files changed, 1 insertion(+), 1 deletion(-)
 rename {hw => include/hw}/ide/ahci.h (100%)
 rename {hw => include/hw}/ide/internal.h (100%)
 rename {hw => include/hw}/ide/pci.h (100%)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 502d4f1..b1a7b65 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -30,7 +30,7 @@
 #include "qemu/error-report.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/dma.h"
-#include "internal.h"
+#include <hw/ide/internal.h>
 #include <hw/ide/pci.h>
 #include <hw/ide/ahci.h>
 
diff --git a/hw/ide/ahci.h b/include/hw/ide/ahci.h
similarity index 100%
rename from hw/ide/ahci.h
rename to include/hw/ide/ahci.h
diff --git a/hw/ide/internal.h b/include/hw/ide/internal.h
similarity index 100%
rename from hw/ide/internal.h
rename to include/hw/ide/internal.h
diff --git a/hw/ide/pci.h b/include/hw/ide/pci.h
similarity index 100%
rename from hw/ide/pci.h
rename to include/hw/ide/pci.h
-- 
2.7.4

[Qemu-devel] [PULL 02/32] pcspk: convert "pit" property type from ptr to link

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

The speaker device needs pointer to ISA PIT device to operate. But according to
qdev-properties.h, properties of pointer type should be avoided. It seems a
link type property is a good substitution.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/audio/pcspk.c         | 9 +++++++--
 include/hw/audio/pcspk.h | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/hw/audio/pcspk.c b/hw/audio/pcspk.c
index d259960..a7aa4e9 100644
--- a/hw/audio/pcspk.c
+++ b/hw/audio/pcspk.c
@@ -31,6 +31,7 @@
 #include "qemu/timer.h"
 #include "hw/timer/i8254.h"
 #include "hw/audio/pcspk.h"
+#include "qapi/error.h"
 
 #define PCSPK_BUF_LEN 1792
 #define PCSPK_SAMPLE_RATE 32000
@@ -169,6 +170,11 @@ static void pcspk_initfn(Object *obj)
     PCSpkState *s = PC_SPEAKER(obj);
 
     memory_region_init_io(&s->ioport, OBJECT(s), &pcspk_io_ops, s, "pcspk", 1);
+
+    object_property_add_link(obj, "pit", TYPE_I8254,
+                             (Object **)&s->pit,
+                             qdev_prop_allow_set_link_before_realize,
+                             0, &error_abort);
 }
 
 static void pcspk_realizefn(DeviceState *dev, Error **errp)
@@ -183,7 +189,6 @@ static void pcspk_realizefn(DeviceState *dev, Error **errp)
 
 static Property pcspk_properties[] = {
     DEFINE_PROP_UINT32("iobase", PCSpkState, iobase,  -1),
-    DEFINE_PROP_PTR("pit", PCSpkState, pit),
     DEFINE_PROP_END_OF_LIST(),
 };
 
@@ -194,7 +199,7 @@ static void pcspk_class_initfn(ObjectClass *klass, void *data)
     dc->realize = pcspk_realizefn;
     set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
     dc->props = pcspk_properties;
-    /* Reason: pointer property "pit", realize sets global pcspk_state */
+    /* Reason: realize sets global pcspk_state */
     dc->cannot_instantiate_with_device_add_yet = true;
 }
 
diff --git a/include/hw/audio/pcspk.h b/include/hw/audio/pcspk.h
index ef95dd1..33e46a5 100644
--- a/include/hw/audio/pcspk.h
+++ b/include/hw/audio/pcspk.h
@@ -38,7 +38,7 @@ static inline ISADevice *pcspk_init(ISABus *bus, ISADevice *pit)
     isadev = isa_create(bus, TYPE_PC_SPEAKER);
     dev = DEVICE(isadev);
     qdev_prop_set_uint32(dev, "iobase", 0x61);
-    qdev_prop_set_ptr(dev, "pit", pit);
+    object_property_set_link(OBJECT(dev), OBJECT(pit), "pit", NULL);
     qdev_init_nofail(dev);
 
     return isadev;
-- 
2.7.4

[Qemu-devel] [PULL 03/32] vmport: identify vmport type by macro TYPE_VMPORT

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

Currently vmport device is identified by the string literal. Using a
preprocessor alias instead is preferable.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/misc/vmport.c     | 1 -
 include/hw/i386/pc.h | 3 ++-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/misc/vmport.c b/hw/misc/vmport.c
index 6896789..c763811 100644
--- a/hw/misc/vmport.c
+++ b/hw/misc/vmport.c
@@ -36,7 +36,6 @@
 #define VMPORT_ENTRIES 0x2c
 #define VMPORT_MAGIC   0x564D5868
 
-#define TYPE_VMPORT "vmport"
 #define VMPORT(obj) OBJECT_CHECK(VMPortState, (obj), TYPE_VMPORT)
 
 typedef struct VMPortState
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 948ed0c..bc85054 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -201,11 +201,12 @@ typedef struct GSIState {
 void gsi_handler(void *opaque, int n, int level);
 
 /* vmport.c */
+#define TYPE_VMPORT "vmport"
 typedef uint32_t (VMPortReadFunc)(void *opaque, uint32_t address);
 
 static inline void vmport_init(ISABus *bus)
 {
-    isa_create_simple(bus, "vmport");
+    isa_create_simple(bus, TYPE_VMPORT);
 }
 
 void vmport_register(unsigned char command, VMPortReadFunc *func, void *opaque);
-- 
2.7.4

[Qemu-devel] [PULL 04/32] pflash: make TYPE_CFI_PFLASH0{1, 2} macros public

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

qdev API can be used to create CFI pflash devices despite existance of helper
functions. The type name is needed in course of such creation. Using the
preprocessor alias instead of the string literal itself is preferable.

The patch makes the aliases accessible through the header.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/block/pflash_cfi01.c  | 1 -
 hw/block/pflash_cfi02.c  | 1 -
 include/hw/block/flash.h | 3 +++
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 31585e3..62d7a56 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -65,7 +65,6 @@ do {                                                        \
 #define DPRINTF(fmt, ...) do { } while (0)
 #endif
 
-#define TYPE_CFI_PFLASH01 "cfi.pflash01"
 #define CFI_PFLASH01(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH01)
 
 #define PFLASH_BE          0
diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
index 5f10610..4f6105c 100644
--- a/hw/block/pflash_cfi02.c
+++ b/hw/block/pflash_cfi02.c
@@ -57,7 +57,6 @@ do {                                                       \
 
 #define PFLASH_LAZY_ROMD_THRESHOLD 42
 
-#define TYPE_CFI_PFLASH02 "cfi.pflash02"
 #define CFI_PFLASH02(obj) OBJECT_CHECK(pflash_t, (obj), TYPE_CFI_PFLASH02)
 
 struct pflash_t {
diff --git a/include/hw/block/flash.h b/include/hw/block/flash.h
index 50ccbbc..a088baa 100644
--- a/include/hw/block/flash.h
+++ b/include/hw/block/flash.h
@@ -5,6 +5,9 @@
 
 #include "exec/memory.h"
 
+#define TYPE_CFI_PFLASH01 "cfi.pflash01"
+#define TYPE_CFI_PFLASH02 "cfi.pflash02"
+
 typedef struct pflash_t pflash_t;
 
 /* pflash_cfi01.c */
-- 
2.7.4

[Qemu-devel] [PULL 05/32] Q35: implement property interfece to several parameters

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

During creation of Q35 instance several parameters are set using direct access.
It violates Qemu device model. Correctly, the parameters should be handled as
object properties.

The patch adds four link type properties for fields:
mch.ram_memory
mch.pci_address_space
mch.system_memory
mch.address_space_io
And, it adds two size type properties for fields:
mch.below_4g_mem_size
mch.above_4g_mem_size

Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/pci-host/q35.c         | 20 ++++++++++++++++++++
 include/hw/i386/pc.h      |  2 ++
 include/hw/pci-host/q35.h |  9 +++++++--
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
index 70f897e..03be05d 100644
--- a/hw/pci-host/q35.c
+++ b/hw/pci-host/q35.c
@@ -127,6 +127,10 @@ static Property mch_props[] = {
     DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35PCIHost,
                      mch.pci_hole64_size, DEFAULT_PCI_HOLE64_SIZE),
     DEFINE_PROP_UINT32("short_root_bus", Q35PCIHost, mch.short_root_bus, 0),
+    DEFINE_PROP_SIZE(PCI_HOST_BELOW_4G_MEM_SIZE, Q35PCIHost,
+                     mch.below_4g_mem_size, 0),
+    DEFINE_PROP_SIZE(PCI_HOST_ABOVE_4G_MEM_SIZE, Q35PCIHost,
+                     mch.above_4g_mem_size, 0),
     DEFINE_PROP_END_OF_LIST(),
 };
 
@@ -177,6 +181,22 @@ static void q35_host_initfn(Object *obj)
                         q35_host_get_mmcfg_size,
                         NULL, NULL, NULL, NULL);
 
+    object_property_add_link(obj, MCH_HOST_PROP_RAM_MEM, TYPE_MEMORY_REGION,
+                             (Object **) &s->mch.ram_memory,
+                             qdev_prop_allow_set_link_before_realize, 0, NULL);
+
+    object_property_add_link(obj, MCH_HOST_PROP_PCI_MEM, TYPE_MEMORY_REGION,
+                             (Object **) &s->mch.pci_address_space,
+                             qdev_prop_allow_set_link_before_realize, 0, NULL);
+
+    object_property_add_link(obj, MCH_HOST_PROP_SYSTEM_MEM, TYPE_MEMORY_REGION,
+                             (Object **) &s->mch.system_memory,
+                             qdev_prop_allow_set_link_before_realize, 0, NULL);
+
+    object_property_add_link(obj, MCH_HOST_PROP_IO_MEM, TYPE_MEMORY_REGION,
+                             (Object **) &s->mch.address_space_io,
+                             qdev_prop_allow_set_link_before_realize, 0, NULL);
+
     /* Leave enough space for the biggest MCFG BAR */
     /* TODO: this matches current bios behaviour, but
      * it's not a power of two, which means an MTRR
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index bc85054..f806be4 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -240,6 +240,8 @@ void pc_guest_info_init(PCMachineState *pcms);
 #define PCI_HOST_PROP_PCI_HOLE64_START "pci-hole64-start"
 #define PCI_HOST_PROP_PCI_HOLE64_END   "pci-hole64-end"
 #define PCI_HOST_PROP_PCI_HOLE64_SIZE  "pci-hole64-size"
+#define PCI_HOST_BELOW_4G_MEM_SIZE     "below-4g-mem-size"
+#define PCI_HOST_ABOVE_4G_MEM_SIZE     "above-4g-mem-size"
 #define DEFAULT_PCI_HOLE64_SIZE (~0x0ULL)
 
 
diff --git a/include/hw/pci-host/q35.h b/include/hw/pci-host/q35.h
index c5c073d..1075f3e 100644
--- a/include/hw/pci-host/q35.h
+++ b/include/hw/pci-host/q35.h
@@ -56,8 +56,8 @@ typedef struct MCHPCIState {
     MemoryRegion smram, low_smram, high_smram;
     MemoryRegion tseg_blackhole, tseg_window;
     PcPciInfo pci_info;
-    ram_addr_t below_4g_mem_size;
-    ram_addr_t above_4g_mem_size;
+    uint64_t below_4g_mem_size;
+    uint64_t above_4g_mem_size;
     uint64_t pci_hole64_size;
     uint32_t short_root_bus;
     IntelIOMMUState *iommu;
@@ -78,6 +78,11 @@ typedef struct Q35PCIHost {
  * gmch part
  */
 
+#define MCH_HOST_PROP_RAM_MEM "ram-mem"
+#define MCH_HOST_PROP_PCI_MEM "pci-mem"
+#define MCH_HOST_PROP_SYSTEM_MEM "system-mem"
+#define MCH_HOST_PROP_IO_MEM "io-mem"
+
 /* PCI configuration */
 #define MCH_HOST_BRIDGE                        "MCH"
 
-- 
2.7.4

[Qemu-devel] [PULL 06/32] pc_q35: configure Q35 instance using properties

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

Currently, Q35 instance is configured using direct access to structure fields.
The patch uses property interface to set the fields.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/pc_q35.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 97a8835..65ae78a 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -159,12 +159,18 @@ static void pc_q35_init(MachineState *machine)
     q35_host = Q35_HOST_DEVICE(qdev_create(NULL, TYPE_Q35_HOST_DEVICE));
 
     object_property_add_child(qdev_get_machine(), "q35", OBJECT(q35_host), NULL);
-    q35_host->mch.ram_memory = ram_memory;
-    q35_host->mch.pci_address_space = pci_memory;
-    q35_host->mch.system_memory = get_system_memory();
-    q35_host->mch.address_space_io = system_io;
-    q35_host->mch.below_4g_mem_size = pcms->below_4g_mem_size;
-    q35_host->mch.above_4g_mem_size = pcms->above_4g_mem_size;
+    object_property_set_link(OBJECT(q35_host), OBJECT(ram_memory),
+                             MCH_HOST_PROP_RAM_MEM, NULL);
+    object_property_set_link(OBJECT(q35_host), OBJECT(pci_memory),
+                             MCH_HOST_PROP_PCI_MEM, NULL);
+    object_property_set_link(OBJECT(q35_host), OBJECT(get_system_memory()),
+                             MCH_HOST_PROP_SYSTEM_MEM, NULL);
+    object_property_set_link(OBJECT(q35_host), OBJECT(system_io),
+                             MCH_HOST_PROP_IO_MEM, NULL);
+    object_property_set_int(OBJECT(q35_host), pcms->below_4g_mem_size,
+                            PCI_HOST_BELOW_4G_MEM_SIZE, NULL);
+    object_property_set_int(OBJECT(q35_host), pcms->above_4g_mem_size,
+                            PCI_HOST_ABOVE_4G_MEM_SIZE, NULL);
     /* pci */
     qdev_init_nofail(DEVICE(q35_host));
     phb = PCI_HOST_BRIDGE(q35_host);
-- 
2.7.4

[Qemu-devel] [PULL 07/32] pckbd: handle A20 IRQ as GPIO

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

The i8042 device has outgouing IRQ line A20. Currently the IRQ is referenced
by a pointer which normally is set during machine initialization. The pointer
is never changed at runtime. So common GPIO model can be applied to A20 IRQ
line. Note that checking for IRQ to be connected as in previous version
of code is not required because qemu_set_irq will do it.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/input/pckbd.c     | 21 +++++++--------------
 include/hw/i386/pc.h |  1 +
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index 1d932ec..dc57e2c 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -146,7 +146,7 @@ typedef struct KBDState {
 
     qemu_irq irq_kbd;
     qemu_irq irq_mouse;
-    qemu_irq *a20_out;
+    qemu_irq a20_out;
     hwaddr mask;
 } KBDState;
 
@@ -224,9 +224,7 @@ static void outport_write(KBDState *s, uint32_t val)
 {
     DPRINTF("kbd: write outport=0x%02x\n", val);
     s->outport = val;
-    if (s->a20_out) {
-        qemu_set_irq(*s->a20_out, (val >> 1) & 1);
-    }
+    qemu_set_irq(s->a20_out, (val >> 1) & 1);
     if (!(val & 1)) {
         qemu_system_reset_request();
     }
@@ -295,15 +293,11 @@ static void kbd_write_command(void *opaque, hwaddr addr,
         kbd_queue(s, s->outport, 0);
         break;
     case KBD_CCMD_ENABLE_A20:
-        if (s->a20_out) {
-            qemu_irq_raise(*s->a20_out);
-        }
+        qemu_irq_raise(s->a20_out);
         s->outport |= KBD_OUT_A20;
         break;
     case KBD_CCMD_DISABLE_A20:
-        if (s->a20_out) {
-            qemu_irq_lower(*s->a20_out);
-        }
+        qemu_irq_lower(s->a20_out);
         s->outport &= ~KBD_OUT_A20;
         break;
     case KBD_CCMD_RESET:
@@ -507,10 +501,7 @@ void i8042_isa_mouse_fake_event(void *opaque)
 
 void i8042_setup_a20_line(ISADevice *dev, qemu_irq *a20_out)
 {
-    ISAKBDState *isa = I8042(dev);
-    KBDState *s = &isa->kbd;
-
-    s->a20_out = a20_out;
+    qdev_connect_gpio_out_named(DEVICE(dev), I8042_A20_LINE, 0, *a20_out);
 }
 
 static const VMStateDescription vmstate_kbd_isa = {
@@ -552,6 +543,8 @@ static void i8042_initfn(Object *obj)
                           "i8042-data", 1);
     memory_region_init_io(isa_s->io + 1, obj, &i8042_cmd_ops, s,
                           "i8042-cmd", 1);
+
+    qdev_init_gpio_out_named(DEVICE(obj), &s->a20_out, I8042_A20_LINE, 1);
 }
 
 static void i8042_realizefn(DeviceState *dev, Error **errp)
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index f806be4..7297848 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -214,6 +214,7 @@ void vmmouse_get_data(uint32_t *data);
 void vmmouse_set_data(const uint32_t *data);
 
 /* pckbd.c */
+#define I8042_A20_LINE "a20"
 
 void i8042_init(qemu_irq kbd_irq, qemu_irq mouse_irq, uint32_t io_base);
 void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
-- 
2.7.4

[Qemu-devel] [PULL 08/32] port92: handle A20 IRQ as GPIO

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

The port92 device has outgouing IRQ line A20. Currently the IRQ is referenced
by a pointer which normally is set during machine initialization. The
pointer is never changed at runtime. Hence, common GPIO model can be applied
to A20 IRQ line. Note that checking for IRQ to be connected as in
previous version of code is not required qemu_set_irq will do it.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/pc.c         | 10 +++++-----
 include/hw/i386/pc.h |  2 ++
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index b8fead3..44a8f3b 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -505,7 +505,7 @@ typedef struct Port92State {
 
     MemoryRegion io;
     uint8_t outport;
-    qemu_irq *a20_out;
+    qemu_irq a20_out;
 } Port92State;
 
 static void port92_write(void *opaque, hwaddr addr, uint64_t val,
@@ -516,7 +516,7 @@ static void port92_write(void *opaque, hwaddr addr, uint64_t val,
 
     DPRINTF("port92: write 0x%02" PRIx64 "\n", val);
     s->outport = val;
-    qemu_set_irq(*s->a20_out, (val >> 1) & 1);
+    qemu_set_irq(s->a20_out, (val >> 1) & 1);
     if ((val & 1) && !(oldval & 1)) {
         qemu_system_reset_request();
     }
@@ -535,9 +535,7 @@ static uint64_t port92_read(void *opaque, hwaddr addr,
 
 static void port92_init(ISADevice *dev, qemu_irq *a20_out)
 {
-    Port92State *s = PORT92(dev);
-
-    s->a20_out = a20_out;
+    qdev_connect_gpio_out_named(DEVICE(dev), PORT92_A20_LINE, 0, *a20_out);
 }
 
 static const VMStateDescription vmstate_port92_isa = {
@@ -574,6 +572,8 @@ static void port92_initfn(Object *obj)
     memory_region_init_io(&s->io, OBJECT(s), &port92_ops, s, "port92", 1);
 
     s->outport = 0;
+
+    qdev_init_gpio_out_named(DEVICE(obj), &s->a20_out, PORT92_A20_LINE, 1);
 }
 
 static void port92_realizefn(DeviceState *dev, Error **errp)
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 7297848..7e43b20 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -277,6 +277,8 @@ int cmos_get_fd_drive_type(FloppyDriveType fd0);
 
 #define FW_CFG_IO_BASE     0x510
 
+#define PORT92_A20_LINE "a20"
+
 /* acpi_piix.c */
 
 I2CBus *piix4_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
-- 
2.7.4

[Qemu-devel] [PULL 09/32] ICH9 SMB: make TYPE_ICH9_SMB_DEVICE macro public

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

ICH9 SMB bridge can be created using qdev API despite existence of helper
function. The type name is needed for such creation. Using a preprocessor
alias instead the string type name itself is preferable.

The patch makes the alias accessible through the header.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i2c/smbus_ich9.c    | 1 -
 include/hw/i386/ich9.h | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/i2c/smbus_ich9.c b/hw/i2c/smbus_ich9.c
index 498f03e..48fab22 100644
--- a/hw/i2c/smbus_ich9.c
+++ b/hw/i2c/smbus_ich9.c
@@ -35,7 +35,6 @@
 
 #include "hw/i386/ich9.h"
 
-#define TYPE_ICH9_SMB_DEVICE "ICH9 SMB"
 #define ICH9_SMB_DEVICE(obj) \
      OBJECT_CHECK(ICH9SMBState, (obj), TYPE_ICH9_SMB_DEVICE)
 
diff --git a/include/hw/i386/ich9.h b/include/hw/i386/ich9.h
index 88233c3..f1294bc 100644
--- a/include/hw/i386/ich9.h
+++ b/include/hw/i386/ich9.h
@@ -208,6 +208,8 @@ Object *ich9_lpc_find(void);
 
 
 /* D31:F3 SMBus controller */
+#define TYPE_ICH9_SMB_DEVICE "ICH9 SMB"
+
 #define ICH9_A2_SMB_REVISION                    0x02
 #define ICH9_SMB_PI                             0x00
 
-- 
2.7.4

[Qemu-devel] [PULL 10/32] ich9: call ich9_lpc_update_pic for disabled pirqs

[Paolo Bonzini]

An asserted pirq can be disabled and the corresponding GSIs
should then go down to 0.  However, because of the conditional in
ich9_lpc_update_by_pirq, the legacy 8259 pin could remain stuck to 1.

Reviewed-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/isa/lpc_ich9.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index c1a4f1b..f7aed23 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -234,9 +234,6 @@ static void ich9_lpc_update_by_pirq(ICH9LPCState *lpc, int pirq)
 
     ich9_lpc_pic_irq(lpc, pirq, &pic_irq, &pic_dis);
     assert(pic_irq < ICH9_LPC_PIC_NUM_PINS);
-    if (pic_dis) {
-        return;
-    }
 
     ich9_lpc_update_pic(lpc, pic_irq);
 }
-- 
2.7.4

[Qemu-devel] [PULL 11/32] ich9: clean up ich9_lpc_update_pic/ich9_lpc_update_apic and callers

[Paolo Bonzini]

Make ich9_lpc_update_pic take care only of GSIs 0-15, and
ich9_lpc_update_apic take care only of GSIs 16-23.  Assert
that they are called with the correct GSI indices.

Reviewed-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/isa/lpc_ich9.c | 40 +++++++++++++++++-----------------------
 1 file changed, 17 insertions(+), 23 deletions(-)

diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index f7aed23..2caa5e9 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -204,38 +204,28 @@ static void ich9_lpc_pic_irq(ICH9LPCState *lpc, int pirq_num,
     abort();
 }
 
-/* pic_irq: i8254 irq 0-15 */
-static void ich9_lpc_update_pic(ICH9LPCState *lpc, int pic_irq)
+/* gsi: i8259+ioapic irq 0-15, otherwise assert */
+static void ich9_lpc_update_pic(ICH9LPCState *lpc, int gsi)
 {
     int i, pic_level;
 
+    assert(gsi < ICH9_LPC_PIC_NUM_PINS);
+
     /* The pic level is the logical OR of all the PCI irqs mapped to it */
     pic_level = 0;
     for (i = 0; i < ICH9_LPC_NB_PIRQS; i++) {
         int tmp_irq;
         int tmp_dis;
         ich9_lpc_pic_irq(lpc, i, &tmp_irq, &tmp_dis);
-        if (!tmp_dis && pic_irq == tmp_irq) {
+        if (!tmp_dis && tmp_irq == gsi) {
             pic_level |= pci_bus_get_irq_level(lpc->d.bus, i);
         }
     }
-    if (pic_irq == ich9_lpc_sci_irq(lpc)) {
+    if (gsi == ich9_lpc_sci_irq(lpc)) {
         pic_level |= lpc->sci_level;
     }
 
-    qemu_set_irq(lpc->pic[pic_irq], pic_level);
-}
-
-/* pirq: pirq[A-H] 0-7*/
-static void ich9_lpc_update_by_pirq(ICH9LPCState *lpc, int pirq)
-{
-    int pic_irq;
-    int pic_dis;
-
-    ich9_lpc_pic_irq(lpc, pirq, &pic_irq, &pic_dis);
-    assert(pic_irq < ICH9_LPC_PIC_NUM_PINS);
-
-    ich9_lpc_update_pic(lpc, pic_irq);
+    qemu_set_irq(lpc->pic[gsi], pic_level);
 }
 
 /* APIC mode: GSIx: PIRQ[A-H] -> GSI 16, ... no pirq shares same APIC pins. */
@@ -249,13 +239,14 @@ static int ich9_gsi_to_pirq(int gsi)
     return gsi - ICH9_LPC_PIC_NUM_PINS;
 }
 
+/* gsi: ioapic irq 16-23, otherwise assert */
 static void ich9_lpc_update_apic(ICH9LPCState *lpc, int gsi)
 {
     int level = 0;
 
-    if (gsi >= ICH9_LPC_PIC_NUM_PINS) {
-        level |= pci_bus_get_irq_level(lpc->d.bus, ich9_gsi_to_pirq(gsi));
-    }
+    assert(gsi >= ICH9_LPC_PIC_NUM_PINS);
+
+    level |= pci_bus_get_irq_level(lpc->d.bus, ich9_gsi_to_pirq(gsi));
     if (gsi == ich9_lpc_sci_irq(lpc)) {
         level |= lpc->sci_level;
     }
@@ -266,12 +257,14 @@ static void ich9_lpc_update_apic(ICH9LPCState *lpc, int gsi)
 void ich9_lpc_set_irq(void *opaque, int pirq, int level)
 {
     ICH9LPCState *lpc = opaque;
+    int pic_irq, pic_dis;
 
     assert(0 <= pirq);
     assert(pirq < ICH9_LPC_NB_PIRQS);
 
     ich9_lpc_update_apic(lpc, ich9_pirq_to_gsi(pirq));
-    ich9_lpc_update_by_pirq(lpc, pirq);
+    ich9_lpc_pic_irq(lpc, pirq, &pic_irq, &pic_dis);
+    ich9_lpc_update_pic(lpc, pic_irq);
 }
 
 /* return the pirq number (PIRQ[A-H]:0-7) corresponding to
@@ -362,8 +355,9 @@ static void ich9_set_sci(void *opaque, int irq_num, int level)
         return;
     }
 
-    ich9_lpc_update_apic(lpc, irq);
-    if (irq < ICH9_LPC_PIC_NUM_PINS) {
+    if (irq >= ICH9_LPC_PIC_NUM_PINS) {
+        ich9_lpc_update_apic(lpc, irq);
+    } else {
         ich9_lpc_update_pic(lpc, irq);
     }
 }
-- 
2.7.4

[Qemu-devel] [PULL 12/32] ich9: unify pic and ioapic IRQ vectors

[Paolo Bonzini]

ich9->pic and ich9->ioapic differ for the first 16 GSIs (because
ich9->pic is wired to 8259+IOAPIC but ich9->ioapic is wired to
IOAPIC only).  However, ich9->ioapic is never used for the first
16 GSIs, so the two vectors can be merged.

Reviewed-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/pc_q35.c       | 3 +--
 hw/isa/lpc_ich9.c      | 4 ++--
 include/hw/i386/ich9.h | 3 +--
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 65ae78a..6e296c0 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -190,8 +190,7 @@ static void pc_q35_init(MachineState *machine)
                              PC_MACHINE_ACPI_DEVICE_PROP, &error_abort);
 
     ich9_lpc = ICH9_LPC_DEVICE(lpc);
-    ich9_lpc->pic = gsi;
-    ich9_lpc->ioapic = gsi_state->ioapic_irq;
+    ich9_lpc->gsi = gsi;
     pci_bus_irqs(host_bus, ich9_lpc_set_irq, ich9_lpc_map_irq, ich9_lpc,
                  ICH9_LPC_NB_PIRQS);
     pci_bus_set_route_irq_fn(host_bus, ich9_route_intx_pin_to_irq);
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index 2caa5e9..3bdb78d 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -225,7 +225,7 @@ static void ich9_lpc_update_pic(ICH9LPCState *lpc, int gsi)
         pic_level |= lpc->sci_level;
     }
 
-    qemu_set_irq(lpc->pic[gsi], pic_level);
+    qemu_set_irq(lpc->gsi[gsi], pic_level);
 }
 
 /* APIC mode: GSIx: PIRQ[A-H] -> GSI 16, ... no pirq shares same APIC pins. */
@@ -251,7 +251,7 @@ static void ich9_lpc_update_apic(ICH9LPCState *lpc, int gsi)
         level |= lpc->sci_level;
     }
 
-    qemu_set_irq(lpc->ioapic[gsi], level);
+    qemu_set_irq(lpc->gsi[gsi], level);
 }
 
 void ich9_lpc_set_irq(void *opaque, int pirq, int level)
diff --git a/include/hw/i386/ich9.h b/include/hw/i386/ich9.h
index f1294bc..a09a445 100644
--- a/include/hw/i386/ich9.h
+++ b/include/hw/i386/ich9.h
@@ -68,8 +68,7 @@ typedef struct ICH9LPCState {
     MemoryRegion rcrb_mem; /* root complex register block */
     Notifier machine_ready;
 
-    qemu_irq *pic;
-    qemu_irq *ioapic;
+    qemu_irq *gsi;
 } ICH9LPCState;
 
 Object *ich9_lpc_find(void);
-- 
2.7.4

[Qemu-devel] [PULL 13/32] ICH9 LPC: handle GSI as qdev GPIO

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

The ICH9 LPC bridge has 24 output IRQs connected to GSI. Currently the IRQs are
referenced by pointers. The pointers are initialized at startup by direct access
to the structure fields. This violates Qemu device model.

The patch makes the IRQs handling to use GPIO model.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/pc_q35.c       | 6 +++++-
 hw/isa/lpc_ich9.c      | 3 +++
 include/hw/i386/ich9.h | 4 +++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 6e296c0..17634dd 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -60,6 +60,7 @@ static void pc_q35_init(MachineState *machine)
     PCIHostState *phb;
     PCIBus *host_bus;
     PCIDevice *lpc;
+    DeviceState *lpc_dev;
     BusState *idebus[MAX_SATA_PORTS];
     ISADevice *rtc_state;
     MemoryRegion *system_io = get_system_io();
@@ -190,7 +191,10 @@ static void pc_q35_init(MachineState *machine)
                              PC_MACHINE_ACPI_DEVICE_PROP, &error_abort);
 
     ich9_lpc = ICH9_LPC_DEVICE(lpc);
-    ich9_lpc->gsi = gsi;
+    lpc_dev = DEVICE(lpc);
+    for (i = 0; i < GSI_NUM_PINS; i++) {
+        qdev_connect_gpio_out_named(lpc_dev, ICH9_GPIO_GSI, i, gsi[i]);
+    }
     pci_bus_irqs(host_bus, ich9_lpc_set_irq, ich9_lpc_map_irq, ich9_lpc,
                  ICH9_LPC_NB_PIRQS);
     pci_bus_set_route_irq_fn(host_bus, ich9_route_intx_pin_to_irq);
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index 3bdb78d..59f15a1 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -599,6 +599,7 @@ static void ich9_lpc_initfn(Object *obj)
 static void ich9_lpc_realize(PCIDevice *d, Error **errp)
 {
     ICH9LPCState *lpc = ICH9_LPC_DEVICE(d);
+    DeviceState *dev = DEVICE(d);
     ISABus *isa_bus;
 
     isa_bus = isa_bus_new(DEVICE(d), get_system_memory(), get_system_io(),
@@ -626,6 +627,8 @@ static void ich9_lpc_realize(PCIDevice *d, Error **errp)
     memory_region_add_subregion_overlap(pci_address_space_io(d),
                                         ICH9_RST_CNT_IOPORT, &lpc->rst_cnt_mem,
                                         1);
+
+    qdev_init_gpio_out_named(dev, lpc->gsi, ICH9_GPIO_GSI, GSI_NUM_PINS);
 }
 
 static bool ich9_rst_cnt_needed(void *opaque)
diff --git a/include/hw/i386/ich9.h b/include/hw/i386/ich9.h
index a09a445..c14490b 100644
--- a/include/hw/i386/ich9.h
+++ b/include/hw/i386/ich9.h
@@ -68,7 +68,7 @@ typedef struct ICH9LPCState {
     MemoryRegion rcrb_mem; /* root complex register block */
     Notifier machine_ready;
 
-    qemu_irq *gsi;
+    qemu_irq gsi[GSI_NUM_PINS];
 } ICH9LPCState;
 
 Object *ich9_lpc_find(void);
@@ -176,6 +176,8 @@ Object *ich9_lpc_find(void);
 #define ICH9_LPC_PIC_NUM_PINS                   16
 #define ICH9_LPC_IOAPIC_NUM_PINS                24
 
+#define ICH9_GPIO_GSI "gsi"
+
 /* D31:F2 SATA Controller #1 */
 #define ICH9_SATA1_DEV                          31
 #define ICH9_SATA1_FUNC                         2
-- 
2.7.4

[Qemu-devel] [PULL 14/32] ICH9 LPC: move call of isa_bus_irqs to 'realize' method

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

The isa_bus_irqs function initializes ISA bus IRQ array pointer with specified
value.

Previously the ICH9 LPC bridge model did not have its own IRQs but
only IRQ pointer cache. And same GSI were used for ISA bus and other sources
behind the bridge (PCI, SCI). Hence, the pc_q35_init was only possible place to
setup both ISA bus IRQs and the bridge IRQ cache.

As a result, the call of isa_bus_irqs was made from pc_q35_init.

Now the ICH9 LPC bridge has its own output IRQs which are connected to GSI. The
output IRQs are already used to route IRQs from PCI and SCI.

The patch makes the ICH9 LPC bridge output IRQs to used for ISA bus too.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/pc_q35.c  | 3 ---
 hw/isa/lpc_ich9.c | 2 ++
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 17634dd..04b2684 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -200,9 +200,6 @@ static void pc_q35_init(MachineState *machine)
     pci_bus_set_route_irq_fn(host_bus, ich9_route_intx_pin_to_irq);
     isa_bus = ich9_lpc->isa_bus;
 
-    /*end early*/
-    isa_bus_irqs(isa_bus, gsi);
-
     if (kvm_pic_in_kernel()) {
         i8259 = kvm_i8259_init(isa_bus);
     } else if (xen_enabled()) {
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index 59f15a1..fe0ba83 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -629,6 +629,8 @@ static void ich9_lpc_realize(PCIDevice *d, Error **errp)
                                         1);
 
     qdev_init_gpio_out_named(dev, lpc->gsi, ICH9_GPIO_GSI, GSI_NUM_PINS);
+
+    isa_bus_irqs(isa_bus, lpc->gsi);
 }
 
 static bool ich9_rst_cnt_needed(void *opaque)
-- 
2.7.4

[Qemu-devel] [PULL 15/32] isa: introduce wrapper isa_connect_gpio_out

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

Currently a direct access to the device structure field is used to connect ISA
device IRQ to the bus. GPIO access should be used instead if possible.

The patch adds wrapper isa_connect_gpio_out. The function connects specified
output GPIO to specified ISA IRQ.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/isa/isa-bus.c     | 7 +++++++
 include/hw/isa/isa.h | 1 +
 2 files changed, 8 insertions(+)

diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index 7aa115c..ce74db2 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -97,6 +97,13 @@ void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq)
     dev->nirqs++;
 }
 
+void isa_connect_gpio_out(ISADevice *isadev, int gpioirq, int isairq)
+{
+    qemu_irq irq;
+    isa_init_irq(isadev, &irq, isairq);
+    qdev_connect_gpio_out(DEVICE(isadev), gpioirq, irq);
+}
+
 void isa_bus_dma(ISABus *bus, IsaDma *dma8, IsaDma *dma16)
 {
     assert(bus && dma8 && dma16);
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index c87fbad..7693ac5 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -102,6 +102,7 @@ ISABus *isa_bus_new(DeviceState *dev, MemoryRegion *address_space,
 void isa_bus_irqs(ISABus *bus, qemu_irq *irqs);
 qemu_irq isa_get_irq(ISADevice *dev, int isairq);
 void isa_init_irq(ISADevice *dev, qemu_irq *p, int isairq);
+void isa_connect_gpio_out(ISADevice *isadev, int gpioirq, int isairq);
 void isa_bus_dma(ISABus *bus, IsaDma *dma8, IsaDma *dma16);
 IsaDma *isa_get_dma(ISABus *bus, int nchan);
 MemoryRegion *isa_address_space(ISADevice *dev);
-- 
2.7.4

[Qemu-devel] [PULL 16/32] MC146818 RTC: add GPIO access to output IRQ

[Paolo Bonzini]

From: Efimov Vasily <real@ispras.ru>

The MC146818 RTC device has output IRQ line. Currently the corresponding field
is only accessible through direct access. Such access violates Qemu model.

The patch makes the field accessible through GPIO. It also updates the setting
of the IRQ during initialization.

Signed-off-by: Efimov Vasily <real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/timer/mc146818rtc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hw/timer/mc146818rtc.c b/hw/timer/mc146818rtc.c
index f4e333e..ea625f2 100644
--- a/hw/timer/mc146818rtc.c
+++ b/hw/timer/mc146818rtc.c
@@ -906,6 +906,8 @@ static void rtc_realizefn(DeviceState *dev, Error **errp)
 
     object_property_add_alias(qdev_get_machine(), "rtc-time",
                               OBJECT(s), "date", NULL);
+
+    qdev_init_gpio_out(dev, &s->irq, 1);
 }
 
 ISADevice *rtc_init(ISABus *bus, int base_year, qemu_irq intercept_irq)
@@ -920,9 +922,9 @@ ISADevice *rtc_init(ISABus *bus, int base_year, qemu_irq intercept_irq)
     qdev_prop_set_int32(dev, "base_year", base_year);
     qdev_init_nofail(dev);
     if (intercept_irq) {
-        s->irq = intercept_irq;
+        qdev_connect_gpio_out(dev, 0, intercept_irq);
     } else {
-        isa_init_irq(isadev, &s->irq, RTC_ISA_IRQ);
+        isa_connect_gpio_out(isadev, 0, RTC_ISA_IRQ);
     }
     QLIST_INSERT_HEAD(&rtc_devices, s, link);
 
-- 
2.7.4

[Qemu-devel] [PULL 17/32] scsi: esp: fix migration

[Paolo Bonzini]

Commit 926cde5 ("scsi: esp: make cmdbuf big enough for maximum CDB size",
2016-06-16) changed the size of a migrated field.  Split it in two
parts, and only migrate the second part in a new vmstate version.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/scsi/esp.c               | 5 +++--
 include/migration/vmstate.h | 5 ++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index baa0a2c..1f2f2d3 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -574,7 +574,7 @@ static bool esp_mem_accepts(void *opaque, hwaddr addr,
 
 const VMStateDescription vmstate_esp = {
     .name ="esp",
-    .version_id = 3,
+    .version_id = 4,
     .minimum_version_id = 3,
     .fields = (VMStateField[]) {
         VMSTATE_BUFFER(rregs, ESPState),
@@ -585,7 +585,8 @@ const VMStateDescription vmstate_esp = {
         VMSTATE_BUFFER(ti_buf, ESPState),
         VMSTATE_UINT32(status, ESPState),
         VMSTATE_UINT32(dma, ESPState),
-        VMSTATE_BUFFER(cmdbuf, ESPState),
+        VMSTATE_PARTIAL_BUFFER(cmdbuf, ESPState, 16),
+        VMSTATE_BUFFER_START_MIDDLE_V(cmdbuf, ESPState, 16, 4),
         VMSTATE_UINT32(cmdlen, ESPState),
         VMSTATE_UINT32(do_cmd, ESPState),
         VMSTATE_UINT32(dma_left, ESPState),
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 25ea58a..15ea767 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -904,8 +904,11 @@ extern const VMStateInfo vmstate_info_bitmap;
 #define VMSTATE_PARTIAL_BUFFER(_f, _s, _size)                         \
     VMSTATE_STATIC_BUFFER(_f, _s, 0, NULL, 0, _size)
 
+#define VMSTATE_BUFFER_START_MIDDLE_V(_f, _s, _start, _v) \
+    VMSTATE_STATIC_BUFFER(_f, _s, _v, NULL, _start, sizeof(typeof_field(_s, _f)))
+
 #define VMSTATE_BUFFER_START_MIDDLE(_f, _s, _start) \
-    VMSTATE_STATIC_BUFFER(_f, _s, 0, NULL, _start, sizeof(typeof_field(_s, _f)))
+    VMSTATE_BUFFER_START_MIDDLE_V(_f, _s, _start, 0)
 
 #define VMSTATE_PARTIAL_VBUFFER(_f, _s, _size)                        \
     VMSTATE_VBUFFER(_f, _s, 0, NULL, 0, _size)
-- 
2.7.4

[Qemu-devel] [PULL 18/32] vnc: generalize "VNC server running on ..." message

[Paolo Bonzini]

The message is useful whenever the user specifies "-vnc to=XX".
Move it to ui/vnc.c.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 include/ui/console.h |  7 -------
 ui/vnc.c             | 23 ++++++++++++-----------
 vl.c                 |  7 -------
 3 files changed, 12 insertions(+), 25 deletions(-)

diff --git a/include/ui/console.h b/include/ui/console.h
index 52a5f65..7c1fdba 100644
--- a/include/ui/console.h
+++ b/include/ui/console.h
@@ -460,7 +460,6 @@ void vnc_display_add_client(const char *id, int csock, bool skipauth);
 #ifdef CONFIG_VNC
 int vnc_display_password(const char *id, const char *password);
 int vnc_display_pw_expire(const char *id, time_t expires);
-char *vnc_display_local_addr(const char *id);
 QemuOpts *vnc_parse(const char *str, Error **errp);
 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp);
 #else
@@ -482,12 +481,6 @@ static inline int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
     error_setg(errp, "VNC support is disabled");
     return -1;
 }
-static inline char *vnc_display_local_addr(const char *id)
-{
-    /* This must never be called if CONFIG_VNC is disabled */
-    error_report("VNC support is disabled");
-    abort();
-}
 #endif
 
 /* curses.c */
diff --git a/ui/vnc.c b/ui/vnc.c
index 95e4db7..18c0b56 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3205,29 +3205,24 @@ int vnc_display_pw_expire(const char *id, time_t expires)
     return 0;
 }
 
-char *vnc_display_local_addr(const char *id)
+static void vnc_display_print_local_addr(VncDisplay *vs)
 {
-    VncDisplay *vs = vnc_display_find(id);
     SocketAddress *addr;
-    char *ret;
     Error *err = NULL;
 
-    assert(vs);
-
     addr = qio_channel_socket_get_local_address(vs->lsock, &err);
     if (!addr) {
-        return NULL;
+        return;
     }
 
     if (addr->type != SOCKET_ADDRESS_KIND_INET) {
         qapi_free_SocketAddress(addr);
-        return NULL;
+        return;
     }
-    ret = g_strdup_printf("%s:%s", addr->u.inet.data->host,
-                          addr->u.inet.data->port);
+    error_printf_unless_qmp("VNC server running on %s:%s\n",
+                            addr->u.inet.data->host,
+                            addr->u.inet.data->port);
     qapi_free_SocketAddress(addr);
-
-    return ret;
 }
 
 static QemuOptsList qemu_vnc_opts = {
@@ -3513,6 +3508,7 @@ void vnc_display_open(const char *id, Error **errp)
     const char *vnc;
     char *h;
     const char *credid;
+    int show_vnc_port = 0;
     bool sasl = false;
 #ifdef CONFIG_VNC_SASL
     int saslErr;
@@ -3592,6 +3588,7 @@ void vnc_display_open(const char *id, Error **errp)
             if (to) {
                 inet->has_to = true;
                 inet->to = to + 5900;
+                show_vnc_port = 1;
             }
             inet->ipv4 = ipv4;
             inet->has_ipv4 = has_ipv4;
@@ -3836,6 +3833,10 @@ void vnc_display_open(const char *id, Error **errp)
         }
     }
 
+    if (show_vnc_port) {
+        vnc_display_print_local_addr(vs);
+    }
+
     qapi_free_SocketAddress(saddr);
     qapi_free_SocketAddress(wsaddr);
     return;
diff --git a/vl.c b/vl.c
index 4c1f9ae..ee2966b 100644
--- a/vl.c
+++ b/vl.c
@@ -2948,7 +2948,6 @@ int main(int argc, char **argv, char **envp)
     const char *qtest_log = NULL;
     const char *pid_file = NULL;
     const char *incoming = NULL;
-    int show_vnc_port = 0;
     bool defconfig = true;
     bool userconfig = true;
     bool nographic = false;
@@ -4217,7 +4216,6 @@ int main(int argc, char **argv, char **envp)
         display_type = DT_COCOA;
 #elif defined(CONFIG_VNC)
         vnc_parse("localhost:0,to=99,id=default", &error_abort);
-        show_vnc_port = 1;
 #else
         display_type = DT_NONE;
 #endif
@@ -4566,11 +4564,6 @@ int main(int argc, char **argv, char **envp)
     qemu_opts_foreach(qemu_find_opts("vnc"),
                       vnc_init_func, NULL, NULL);
 #endif
-    if (show_vnc_port) {
-        char *ret = vnc_display_local_addr("default");
-        printf("VNC server running on '%s'\n", ret);
-        g_free(ret);
-    }
 
     if (using_spice) {
         qemu_spice_display_init();
-- 
2.7.4

[Qemu-devel] [PULL 19/32] pci-assign: Move "Invalid ROM" error message to pci-assign-load-rom.c

[Paolo Bonzini]

From: Lin Ma <lma@suse.com>

In function pci_assign_dev_load_option_rom, For those pci devices don't
have 'rom' file under sysfs or if loading ROM from external file, The
function returns NULL, and won't set the passed 'size' variable.

In these 2 cases, qemu still reports "Invalid ROM" error message, Users
may be confused by it.

Signed-off-by: Lin Ma <lma@suse.com>
Message-Id: <1466010327-22368-1-git-send-email-lma@suse.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/kvm/pci-assign.c      | 4 ----
 hw/i386/pci-assign-load-rom.c | 3 +++
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index 98997d1..3623aa1 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -1891,8 +1891,4 @@ static void assigned_dev_load_option_rom(AssignedDevice *dev)
     pci_assign_dev_load_option_rom(&dev->dev, OBJECT(dev), &size,
                                    dev->host.domain, dev->host.bus,
                                    dev->host.slot, dev->host.function);
-
-    if (!size) {
-        error_report("pci-assign: Invalid ROM.");
-    }
 }
diff --git a/hw/i386/pci-assign-load-rom.c b/hw/i386/pci-assign-load-rom.c
index 4bbb08c..0d8e4b2 100644
--- a/hw/i386/pci-assign-load-rom.c
+++ b/hw/i386/pci-assign-load-rom.c
@@ -40,6 +40,9 @@ void *pci_assign_dev_load_option_rom(PCIDevice *dev, struct Object *owner,
              domain, bus, slot, function);
 
     if (stat(rom_file, &st)) {
+        if (errno != ENOENT) {
+            error_report("pci-assign: Invalid ROM.");
+        }
         return NULL;
     }
 
-- 
2.7.4

[Qemu-devel] [PULL 20/32] target-*: Don't redefine cpu_exec()

[Paolo Bonzini]

From: Peter Crosthwaite <crosthwaitepeter@gmail.com>

This function needs to be converted to QOM hook and virtualised for
multi-arch. This rename interferes, as cpu-qom will not have access
to the renaming causing name divergence. This rename doesn't really do
anything anyway so just delete it.

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <69bd25a8678b8b31b91cd9760c777bed1aafb44e.1437212383.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Crosthwaite <crosthwaitepeter@gmail.com>
---
 include/exec/cpu-all.h  |  2 ++
 linux-user/main.c       | 32 ++++++++++++++++----------------
 target-alpha/cpu.h      |  2 --
 target-arm/cpu.h        |  2 --
 target-cris/cpu.h       |  2 --
 target-i386/cpu.h       |  2 --
 target-lm32/cpu.h       |  2 --
 target-m68k/cpu.h       |  2 --
 target-microblaze/cpu.h |  2 --
 target-mips/cpu.h       |  2 --
 target-moxie/cpu.h      |  2 --
 target-openrisc/cpu.h   |  2 --
 target-ppc/cpu.h        |  2 --
 target-s390x/cpu.h      |  2 --
 target-sh4/cpu.h        |  2 --
 target-sparc/cpu.h      |  2 --
 target-tilegx/cpu.h     |  2 --
 target-tricore/cpu.h    |  2 --
 target-unicore32/cpu.h  |  3 ---
 target-xtensa/cpu.h     |  2 --
 20 files changed, 18 insertions(+), 53 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 9f38edf..6a6796d 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -304,4 +304,6 @@ void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf);
 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
                         uint8_t *buf, int len, int is_write);
 
+int cpu_exec(CPUState *cpu);
+
 #endif /* CPU_ALL_H */
diff --git a/linux-user/main.c b/linux-user/main.c
index 78d8d04..617a179 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -157,7 +157,7 @@ static inline void exclusive_idle(void)
 }
 
 /* Start an exclusive operation.
-   Must only be called from outside cpu_arm_exec.   */
+   Must only be called from outside cpu_exec.   */
 static inline void start_exclusive(void)
 {
     CPUState *other_cpu;
@@ -291,7 +291,7 @@ void cpu_loop(CPUX86State *env)
 
     for(;;) {
         cpu_exec_start(cs);
-        trapnr = cpu_x86_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         switch(trapnr) {
         case 0x80:
@@ -732,7 +732,7 @@ void cpu_loop(CPUARMState *env)
 
     for(;;) {
         cpu_exec_start(cs);
-        trapnr = cpu_arm_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         switch(trapnr) {
         case EXCP_UDEF:
@@ -1068,7 +1068,7 @@ void cpu_loop(CPUARMState *env)
 
     for (;;) {
         cpu_exec_start(cs);
-        trapnr = cpu_arm_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
 
         switch (trapnr) {
@@ -1156,7 +1156,7 @@ void cpu_loop(CPUUniCore32State *env)
 
     for (;;) {
         cpu_exec_start(cs);
-        trapnr = uc32_cpu_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         switch (trapnr) {
         case UC32_EXCP_PRIV:
@@ -1361,7 +1361,7 @@ void cpu_loop (CPUSPARCState *env)
 
     while (1) {
         cpu_exec_start(cs);
-        trapnr = cpu_sparc_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
 
         /* Compute PSR before exposing state.  */
@@ -1633,7 +1633,7 @@ void cpu_loop(CPUPPCState *env)
 
     for(;;) {
         cpu_exec_start(cs);
-        trapnr = cpu_ppc_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         switch(trapnr) {
         case POWERPC_EXCP_NONE:
@@ -2490,7 +2490,7 @@ void cpu_loop(CPUMIPSState *env)
 
     for(;;) {
         cpu_exec_start(cs);
-        trapnr = cpu_mips_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         switch(trapnr) {
         case EXCP_SYSCALL:
@@ -2730,7 +2730,7 @@ void cpu_loop(CPUOpenRISCState *env)
 
     for (;;) {
         cpu_exec_start(cs);
-        trapnr = cpu_openrisc_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         gdbsig = 0;
 
@@ -2824,7 +2824,7 @@ void cpu_loop(CPUSH4State *env)
 
     while (1) {
         cpu_exec_start(cs);
-        trapnr = cpu_sh4_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
 
         switch (trapnr) {
@@ -2890,7 +2890,7 @@ void cpu_loop(CPUCRISState *env)
     
     while (1) {
         cpu_exec_start(cs);
-        trapnr = cpu_cris_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         switch (trapnr) {
         case 0xaa:
@@ -2955,7 +2955,7 @@ void cpu_loop(CPUMBState *env)
     
     while (1) {
         cpu_exec_start(cs);
-        trapnr = cpu_mb_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         switch (trapnr) {
         case 0xaa:
@@ -3072,7 +3072,7 @@ void cpu_loop(CPUM68KState *env)
 
     for(;;) {
         cpu_exec_start(cs);
-        trapnr = cpu_m68k_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         switch(trapnr) {
         case EXCP_ILLEGAL:
@@ -3215,7 +3215,7 @@ void cpu_loop(CPUAlphaState *env)
 
     while (1) {
         cpu_exec_start(cs);
-        trapnr = cpu_alpha_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
 
         /* All of the traps imply a transition through PALcode, which
@@ -3407,7 +3407,7 @@ void cpu_loop(CPUS390XState *env)
 
     while (1) {
         cpu_exec_start(cs);
-        trapnr = cpu_s390x_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         switch (trapnr) {
         case EXCP_INTERRUPT:
@@ -3716,7 +3716,7 @@ void cpu_loop(CPUTLGState *env)
 
     while (1) {
         cpu_exec_start(cs);
-        trapnr = cpu_tilegx_exec(cs);
+        trapnr = cpu_exec(cs);
         cpu_exec_end(cs);
         switch (trapnr) {
         case TILEGX_EXCP_SYSCALL:
diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index e71ea70..ce8d296 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -326,7 +326,6 @@ void alpha_cpu_do_unaligned_access(CPUState *cpu, vaddr addr,
                                    int is_write, int is_user, uintptr_t retaddr);
 
 #define cpu_list alpha_cpu_list
-#define cpu_exec cpu_alpha_exec
 #define cpu_signal_handler cpu_alpha_signal_handler
 
 #include "exec/cpu-all.h"
@@ -467,7 +466,6 @@ AlphaCPU *cpu_alpha_init(const char *cpu_model);
 #define cpu_init(cpu_model) CPU(cpu_alpha_init(cpu_model))
 
 void alpha_cpu_list(FILE *f, fprintf_function cpu_fprintf);
-int cpu_alpha_exec(CPUState *cpu);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
    signal handlers to inform the virtual CPU of exceptions. non zero
    is returned if the signal was handled by the virtual CPU.  */
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 7938ddc..e2fac46 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -703,7 +703,6 @@ int aarch64_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 #endif
 
 ARMCPU *cpu_arm_init(const char *cpu_model);
-int cpu_arm_exec(CPUState *cpu);
 target_ulong do_arm_semihosting(CPUARMState *env);
 void aarch64_sync_32_to_64(CPUARMState *env);
 void aarch64_sync_64_to_32(CPUARMState *env);
@@ -1891,7 +1890,6 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
 
 #define cpu_init(cpu_model) CPU(cpu_arm_init(cpu_model))
 
-#define cpu_exec cpu_arm_exec
 #define cpu_signal_handler cpu_arm_signal_handler
 #define cpu_list arm_cpu_list
 
diff --git a/target-cris/cpu.h b/target-cris/cpu.h
index d8c47a6..e6046d2 100644
--- a/target-cris/cpu.h
+++ b/target-cris/cpu.h
@@ -213,7 +213,6 @@ int cris_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
 int cris_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 
 CRISCPU *cpu_cris_init(const char *cpu_model);
-int cpu_cris_exec(CPUState *cpu);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
    signal handlers to inform the virtual CPU of exceptions. non zero
    is returned if the signal was handled by the virtual CPU.  */
@@ -260,7 +259,6 @@ enum {
 
 #define cpu_init(cpu_model) CPU(cpu_cris_init(cpu_model))
 
-#define cpu_exec cpu_cris_exec
 #define cpu_signal_handler cpu_cris_signal_handler
 
 /* MMU modes definitions */
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index d9ab884..474b0b9 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -1235,7 +1235,6 @@ void x86_cpu_exec_exit(CPUState *cpu);
 
 X86CPU *cpu_x86_init(const char *cpu_model);
 X86CPU *cpu_x86_create(const char *cpu_model, Error **errp);
-int cpu_x86_exec(CPUState *cpu);
 void x86_cpu_list(FILE *f, fprintf_function cpu_fprintf);
 int cpu_x86_support_mca_broadcast(CPUX86State *env);
 
@@ -1411,7 +1410,6 @@ uint64_t cpu_get_tsc(CPUX86State *env);
 
 #define cpu_init(cpu_model) CPU(cpu_x86_init(cpu_model))
 
-#define cpu_exec cpu_x86_exec
 #define cpu_signal_handler cpu_x86_signal_handler
 #define cpu_list x86_cpu_list
 
diff --git a/target-lm32/cpu.h b/target-lm32/cpu.h
index 62880f7..4efe98d 100644
--- a/target-lm32/cpu.h
+++ b/target-lm32/cpu.h
@@ -236,7 +236,6 @@ static inline lm32_wp_t lm32_wp_type(uint32_t dc, int idx)
 }
 
 LM32CPU *cpu_lm32_init(const char *cpu_model);
-int cpu_lm32_exec(CPUState *cpu);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
    signal handlers to inform the virtual CPU of exceptions. non zero
    is returned if the signal was handled by the virtual CPU.  */
@@ -257,7 +256,6 @@ bool lm32_cpu_do_semihosting(CPUState *cs);
 #define cpu_init(cpu_model) CPU(cpu_lm32_init(cpu_model))
 
 #define cpu_list lm32_cpu_list
-#define cpu_exec cpu_lm32_exec
 #define cpu_signal_handler cpu_lm32_signal_handler
 
 int lm32_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int rw,
diff --git a/target-m68k/cpu.h b/target-m68k/cpu.h
index 008a057..9087769 100644
--- a/target-m68k/cpu.h
+++ b/target-m68k/cpu.h
@@ -146,7 +146,6 @@ void m68k_cpu_exec_exit(CPUState *cs);
 void m68k_tcg_init(void);
 void m68k_cpu_init_gdb(M68kCPU *cpu);
 M68kCPU *cpu_m68k_init(const char *cpu_model);
-int cpu_m68k_exec(CPUState *cpu);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
    signal handlers to inform the virtual CPU of exceptions. non zero
    is returned if the signal was handled by the virtual CPU.  */
@@ -243,7 +242,6 @@ void register_m68k_insns (CPUM68KState *env);
 
 #define cpu_init(cpu_model) CPU(cpu_m68k_init(cpu_model))
 
-#define cpu_exec cpu_m68k_exec
 #define cpu_signal_handler cpu_m68k_signal_handler
 #define cpu_list m68k_cpu_list
 
diff --git a/target-microblaze/cpu.h b/target-microblaze/cpu.h
index d17cf1e..16815df 100644
--- a/target-microblaze/cpu.h
+++ b/target-microblaze/cpu.h
@@ -321,7 +321,6 @@ int mb_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 
 void mb_tcg_init(void);
 MicroBlazeCPU *cpu_mb_init(const char *cpu_model);
-int cpu_mb_exec(CPUState *cpu);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
    signal handlers to inform the virtual CPU of exceptions. non zero
    is returned if the signal was handled by the virtual CPU.  */
@@ -336,7 +335,6 @@ int cpu_mb_signal_handler(int host_signum, void *pinfo,
 
 #define cpu_init(cpu_model) CPU(cpu_mb_init(cpu_model))
 
-#define cpu_exec cpu_mb_exec
 #define cpu_signal_handler cpu_mb_signal_handler
 
 /* MMU modes definitions */
diff --git a/target-mips/cpu.h b/target-mips/cpu.h
index c2da5ec..1037f9b 100644
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@@ -676,7 +676,6 @@ void mips_cpu_unassigned_access(CPUState *cpu, hwaddr addr,
 
 void mips_cpu_list (FILE *f, fprintf_function cpu_fprintf);
 
-#define cpu_exec cpu_mips_exec
 #define cpu_signal_handler cpu_mips_signal_handler
 #define cpu_list mips_cpu_list
 
@@ -802,7 +801,6 @@ enum {
  */
 #define CPU_INTERRUPT_WAKE CPU_INTERRUPT_TGT_INT_0
 
-int cpu_mips_exec(CPUState *cpu);
 void mips_tcg_init(void);
 MIPSCPU *cpu_mips_init(const char *cpu_model);
 int cpu_mips_signal_handler(int host_signum, void *pinfo, void *puc);
diff --git a/target-moxie/cpu.h b/target-moxie/cpu.h
index c10898e..63d5caf 100644
--- a/target-moxie/cpu.h
+++ b/target-moxie/cpu.h
@@ -109,7 +109,6 @@ static inline MoxieCPU *moxie_env_get_cpu(CPUMoxieState *env)
 #define ENV_OFFSET offsetof(MoxieCPU, env)
 
 MoxieCPU *cpu_moxie_init(const char *cpu_model);
-int cpu_moxie_exec(CPUState *cpu);
 void moxie_cpu_do_interrupt(CPUState *cs);
 void moxie_cpu_dump_state(CPUState *cpu, FILE *f,
                           fprintf_function cpu_fprintf, int flags);
@@ -120,7 +119,6 @@ int cpu_moxie_signal_handler(int host_signum, void *pinfo,
 
 #define cpu_init(cpu_model) CPU(cpu_moxie_init(cpu_model))
 
-#define cpu_exec cpu_moxie_exec
 #define cpu_signal_handler cpu_moxie_signal_handler
 
 static inline int cpu_mmu_index(CPUMoxieState *env, bool ifetch)
diff --git a/target-openrisc/cpu.h b/target-openrisc/cpu.h
index 810a280..9451a7c 100644
--- a/target-openrisc/cpu.h
+++ b/target-openrisc/cpu.h
@@ -344,7 +344,6 @@ static inline OpenRISCCPU *openrisc_env_get_cpu(CPUOpenRISCState *env)
 OpenRISCCPU *cpu_openrisc_init(const char *cpu_model);
 
 void cpu_openrisc_list(FILE *f, fprintf_function cpu_fprintf);
-int cpu_openrisc_exec(CPUState *cpu);
 void openrisc_cpu_do_interrupt(CPUState *cpu);
 bool openrisc_cpu_exec_interrupt(CPUState *cpu, int int_req);
 void openrisc_cpu_dump_state(CPUState *cpu, FILE *f,
@@ -358,7 +357,6 @@ int openrisc_cpu_handle_mmu_fault(CPUState *cpu, vaddr address,
 int cpu_openrisc_signal_handler(int host_signum, void *pinfo, void *puc);
 
 #define cpu_list cpu_openrisc_list
-#define cpu_exec cpu_openrisc_exec
 #define cpu_signal_handler cpu_openrisc_signal_handler
 
 #ifndef CONFIG_USER_ONLY
diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index b1354a4..534381e 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -1189,7 +1189,6 @@ extern const struct VMStateDescription vmstate_ppc_cpu;
 PowerPCCPU *cpu_ppc_init(const char *cpu_model);
 void ppc_translate_init(void);
 void gen_update_current_nip(void *opaque);
-int cpu_ppc_exec (CPUState *s);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
    signal handlers to inform the virtual CPU of exceptions. non zero
    is returned if the signal was handled by the virtual CPU.  */
@@ -1268,7 +1267,6 @@ int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val);
 
 #define cpu_init(cpu_model) CPU(cpu_ppc_init(cpu_model))
 
-#define cpu_exec cpu_ppc_exec
 #define cpu_signal_handler cpu_ppc_signal_handler
 #define cpu_list ppc_cpu_list
 
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index bd6b2e5..8bcb0f7 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -463,7 +463,6 @@ S390CPU *cpu_s390x_init(const char *cpu_model);
 S390CPU *s390x_new_cpu(const char *cpu_model, int64_t id, Error **errp);
 S390CPU *cpu_s390x_create(const char *cpu_model, Error **errp);
 void s390x_translate_init(void);
-int cpu_s390x_exec(CPUState *cpu);
 
 /* you can call this signal handler from your SIGBUS and SIGSEGV
    signal handlers to inform the virtual CPU of exceptions. non zero
@@ -627,7 +626,6 @@ void cpu_unlock(void);
 extern void subsystem_reset(void);
 
 #define cpu_init(model) CPU(cpu_s390x_init(model))
-#define cpu_exec cpu_s390x_exec
 #define cpu_signal_handler cpu_s390x_signal_handler
 
 void s390_cpu_list(FILE *f, fprintf_function cpu_fprintf);
diff --git a/target-sh4/cpu.h b/target-sh4/cpu.h
index 3f5c689..3f9dae2 100644
--- a/target-sh4/cpu.h
+++ b/target-sh4/cpu.h
@@ -221,7 +221,6 @@ int superh_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 
 void sh4_translate_init(void);
 SuperHCPU *cpu_sh4_init(const char *cpu_model);
-int cpu_sh4_exec(CPUState *s);
 int cpu_sh4_signal_handler(int host_signum, void *pinfo,
                            void *puc);
 int superh_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int rw,
@@ -254,7 +253,6 @@ void cpu_load_tlb(CPUSH4State * env);
 
 #define cpu_init(cpu_model) CPU(cpu_sh4_init(cpu_model))
 
-#define cpu_exec cpu_sh4_exec
 #define cpu_signal_handler cpu_sh4_signal_handler
 #define cpu_list sh4_cpu_list
 
diff --git a/target-sparc/cpu.h b/target-sparc/cpu.h
index ba37f4b..f78fabf 100644
--- a/target-sparc/cpu.h
+++ b/target-sparc/cpu.h
@@ -565,7 +565,6 @@ int sparc_cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
 void gen_intermediate_code_init(CPUSPARCState *env);
 
 /* cpu-exec.c */
-int cpu_sparc_exec(CPUState *cpu);
 
 /* win_helper.c */
 target_ulong cpu_get_psr(CPUSPARCState *env1);
@@ -626,7 +625,6 @@ int cpu_sparc_signal_handler(int host_signum, void *pinfo, void *puc);
 #define cpu_init(cpu_model) CPU(cpu_sparc_init(cpu_model))
 #endif
 
-#define cpu_exec cpu_sparc_exec
 #define cpu_signal_handler cpu_sparc_signal_handler
 #define cpu_list sparc_cpu_list
 
diff --git a/target-tilegx/cpu.h b/target-tilegx/cpu.h
index b9b588d..d740329 100644
--- a/target-tilegx/cpu.h
+++ b/target-tilegx/cpu.h
@@ -158,14 +158,12 @@ static inline TileGXCPU *tilegx_env_get_cpu(CPUTLGState *env)
 #include "exec/cpu-all.h"
 
 void tilegx_tcg_init(void);
-int cpu_tilegx_exec(CPUState *s);
 int cpu_tilegx_signal_handler(int host_signum, void *pinfo, void *puc);
 
 TileGXCPU *cpu_tilegx_init(const char *cpu_model);
 
 #define cpu_init(cpu_model) CPU(cpu_tilegx_init(cpu_model))
 
-#define cpu_exec cpu_tilegx_exec
 #define cpu_signal_handler cpu_tilegx_signal_handler
 
 static inline void cpu_get_tb_cpu_state(CPUTLGState *env, target_ulong *pc,
diff --git a/target-tricore/cpu.h b/target-tricore/cpu.h
index 3c6f7b7..a298d63 100644
--- a/target-tricore/cpu.h
+++ b/target-tricore/cpu.h
@@ -374,7 +374,6 @@ void fpu_set_state(CPUTriCoreState *env);
 
 void tricore_cpu_list(FILE *f, fprintf_function cpu_fprintf);
 
-#define cpu_exec cpu_tricore_exec
 #define cpu_signal_handler cpu_tricore_signal_handler
 #define cpu_list tricore_cpu_list
 
@@ -400,7 +399,6 @@ enum {
 };
 
 void cpu_state_reset(CPUTriCoreState *s);
-int cpu_tricore_exec(CPUState *cpu);
 void tricore_tcg_init(void);
 int cpu_tricore_signal_handler(int host_signum, void *pinfo, void *puc);
 
diff --git a/target-unicore32/cpu.h b/target-unicore32/cpu.h
index f3e877b..83f7584 100644
--- a/target-unicore32/cpu.h
+++ b/target-unicore32/cpu.h
@@ -149,7 +149,6 @@ void cpu_asr_write(CPUUniCore32State *env1, target_ulong val, target_ulong mask)
 #define UC32_HWCAP_CMOV                 4 /* 1 << 2 */
 #define UC32_HWCAP_UCF64                8 /* 1 << 3 */
 
-#define cpu_exec                        uc32_cpu_exec
 #define cpu_signal_handler              uc32_cpu_signal_handler
 
 int uc32_cpu_signal_handler(int host_signum, void *pinfo, void *puc);
@@ -165,8 +164,6 @@ static inline int cpu_mmu_index(CPUUniCore32State *env, bool ifetch)
 
 #include "exec/cpu-all.h"
 
-int uc32_cpu_exec(CPUState *s);
-
 UniCore32CPU *uc32_cpu_init(const char *cpu_model);
 
 #define cpu_init(cpu_model) CPU(uc32_cpu_init(cpu_model))
diff --git a/target-xtensa/cpu.h b/target-xtensa/cpu.h
index 442176a..8477ec9 100644
--- a/target-xtensa/cpu.h
+++ b/target-xtensa/cpu.h
@@ -416,7 +416,6 @@ int xtensa_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 void xtensa_cpu_do_unaligned_access(CPUState *cpu, vaddr addr,
                                     int is_write, int is_user, uintptr_t retaddr);
 
-#define cpu_exec cpu_xtensa_exec
 #define cpu_signal_handler cpu_xtensa_signal_handler
 #define cpu_list xtensa_cpu_list
 
@@ -432,7 +431,6 @@ XtensaCPU *cpu_xtensa_init(const char *cpu_model);
 
 void xtensa_translate_init(void);
 void xtensa_breakpoint_handler(CPUState *cs);
-int cpu_xtensa_exec(CPUState *cpu);
 void xtensa_finalize_config(XtensaConfig *config);
 void xtensa_register_core(XtensaConfigList *node);
 void check_interrupts(CPUXtensaState *s);
-- 
2.7.4

[Qemu-devel] [PULL 21/32] char: clean up remaining chardevs when leaving

[Paolo Bonzini]

From: Marc-André Lureau <marcandre.lureau@redhat.com>

This helps to remove various chardev resources leaks when leaving qemu.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1466105332-10285-2-git-send-email-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 qemu-char.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/qemu-char.c b/qemu-char.c
index 84f49ac..016badb 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -4549,6 +4549,15 @@ void qmp_chardev_remove(const char *id, Error **errp)
     qemu_chr_delete(chr);
 }
 
+static void qemu_chr_cleanup(void)
+{
+    CharDriverState *chr;
+
+    QTAILQ_FOREACH(chr, &chardevs, next) {
+        qemu_chr_delete(chr);
+    }
+}
+
 static void register_types(void)
 {
     register_char_driver("null", CHARDEV_BACKEND_KIND_NULL, NULL,
@@ -4595,6 +4604,8 @@ static void register_types(void)
      * is specified
      */
     qemu_add_machine_init_done_notifier(&muxes_realize_notify);
+
+    atexit(qemu_chr_cleanup);
 }
 
 type_init(register_types);
-- 
2.7.4

[Qemu-devel] [PULL 22/32] socket: add listen feature

[Paolo Bonzini]

From: Marc-André Lureau <marcandre.lureau@redhat.com>

Add a flag to tell whether the channel socket is listening.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1466105332-10285-3-git-send-email-marcandre.lureau@redhat.com>
Acked-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 include/io/channel.h | 1 +
 io/channel-socket.c  | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/include/io/channel.h b/include/io/channel.h
index d37acd2..e52f059 100644
--- a/include/io/channel.h
+++ b/include/io/channel.h
@@ -42,6 +42,7 @@ typedef enum QIOChannelFeature QIOChannelFeature;
 enum QIOChannelFeature {
     QIO_CHANNEL_FEATURE_FD_PASS  = (1 << 0),
     QIO_CHANNEL_FEATURE_SHUTDOWN = (1 << 1),
+    QIO_CHANNEL_FEATURE_LISTEN   = (1 << 2),
 };
 
 
diff --git a/io/channel-socket.c b/io/channel-socket.c
index ca8bc20..1cd5848 100644
--- a/io/channel-socket.c
+++ b/io/channel-socket.c
@@ -71,6 +71,9 @@ qio_channel_socket_set_fd(QIOChannelSocket *sioc,
                           int fd,
                           Error **errp)
 {
+    int val;
+    socklen_t len = sizeof(val);
+
     if (sioc->fd != -1) {
         error_setg(errp, "Socket is already open");
         return -1;
@@ -106,6 +109,10 @@ qio_channel_socket_set_fd(QIOChannelSocket *sioc,
         ioc->features |= (1 << QIO_CHANNEL_FEATURE_FD_PASS);
     }
 #endif /* WIN32 */
+    if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &val, &len) == 0 && val) {
+        QIOChannel *ioc = QIO_CHANNEL(sioc);
+        ioc->features |= (1 << QIO_CHANNEL_FEATURE_LISTEN);
+    }
 
     return 0;
 
-- 
2.7.4

[Qemu-devel] [PULL 23/32] socket: unlink unix socket on remove

[Paolo Bonzini]

From: Marc-André Lureau <marcandre.lureau@redhat.com>

qemu leaves unix socket files behind when removing a listening chardev
or leaving. qemu could clean that up, even if doing so isn't race-free.

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1347077

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1466105332-10285-4-git-send-email-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 include/qemu/sockets.h         |  3 ++-
 io/channel-socket.c            | 10 ++++++++++
 tests/test-io-channel-socket.c |  2 +-
 util/qemu-sockets.c            | 18 ++++++++++++++++++
 4 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
index 3a1a887..462033a 100644
--- a/include/qemu/sockets.h
+++ b/include/qemu/sockets.h
@@ -51,6 +51,7 @@ SocketAddress *socket_parse(const char *str, Error **errp);
 int socket_connect(SocketAddress *addr, Error **errp,
                    NonBlockingConnectHandler *callback, void *opaque);
 int socket_listen(SocketAddress *addr, Error **errp);
+void socket_listen_cleanup(int fd, Error **errp);
 int socket_dgram(SocketAddress *remote, SocketAddress *local, Error **errp);
 
 /* Old, ipv4 only bits.  Don't use for new code. */
@@ -124,4 +125,4 @@ void qapi_copy_SocketAddress(SocketAddress **p_dest,
  * Returns: the socket address in string format, or NULL on error
  */
 char *socket_address_to_string(struct SocketAddress *addr, Error **errp);
-#endif /* QEMU_SOCKET_H */
\ No newline at end of file
+#endif /* QEMU_SOCKET_H */
diff --git a/io/channel-socket.c b/io/channel-socket.c
index 1cd5848..6ec87f8 100644
--- a/io/channel-socket.c
+++ b/io/channel-socket.c
@@ -400,7 +400,17 @@ static void qio_channel_socket_init(Object *obj)
 static void qio_channel_socket_finalize(Object *obj)
 {
     QIOChannelSocket *ioc = QIO_CHANNEL_SOCKET(obj);
+
     if (ioc->fd != -1) {
+        if (QIO_CHANNEL(ioc)->features & QIO_CHANNEL_FEATURE_LISTEN) {
+            Error *err = NULL;
+
+            socket_listen_cleanup(ioc->fd, &err);
+            if (err) {
+                error_report_err(err);
+                err = NULL;
+            }
+        }
 #ifdef WIN32
         WSAEventSelect(ioc->fd, NULL, 0);
 #endif
diff --git a/tests/test-io-channel-socket.c b/tests/test-io-channel-socket.c
index 855306b..f73e063 100644
--- a/tests/test-io-channel-socket.c
+++ b/tests/test-io-channel-socket.c
@@ -383,7 +383,7 @@ static void test_io_channel_unix(bool async)
 
     qapi_free_SocketAddress(listen_addr);
     qapi_free_SocketAddress(connect_addr);
-    unlink(TEST_SOCKET);
+    g_assert(g_file_test(TEST_SOCKET, G_FILE_TEST_EXISTS) == FALSE);
 }
 
 
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index ef35889..cc2b043 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -997,6 +997,24 @@ int socket_listen(SocketAddress *addr, Error **errp)
     return fd;
 }
 
+void socket_listen_cleanup(int fd, Error **errp)
+{
+    SocketAddress *addr;
+
+    addr = socket_local_address(fd, errp);
+
+    if (addr->type == SOCKET_ADDRESS_KIND_UNIX
+        && addr->u.q_unix.data->path) {
+        if (unlink(addr->u.q_unix.data->path) < 0 && errno != ENOENT) {
+            error_setg_errno(errp, errno,
+                             "Failed to unlink socket %s",
+                             addr->u.q_unix.data->path);
+        }
+    }
+
+    g_free(addr);
+}
+
 int socket_dgram(SocketAddress *remote, SocketAddress *local, Error **errp)
 {
     int fd;
-- 
2.7.4

[Qemu-devel] [PULL 24/32] iscsi: fix assertion in is_sector_request_lun_aligned

[Paolo Bonzini]

From: Peter Lieven <pl@kamp.de>

Commit 94d047a added an assertion the the request alignment check.
This introduced 2 issues:
 a) A off-by-one error since a request of BDRV_REQUEST_MAX_SECTORS
    is actually allowed.
 b) The bdrv_get_block_status call in the read path to check the allocation
    status requests up to INT_MAX sectors which triggers the assertion.

Fixes: 94d047a35bf663e28f8fef137544d8ea78165add
Signed-off-by: Peter Lieven <pl@kamp.de>
Message-Id: <1466414680-18383-1-git-send-email-pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 block/iscsi.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/block/iscsi.c b/block/iscsi.c
index 7e78ade..9bb5ff6 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -417,7 +417,7 @@ static bool is_byte_request_lun_aligned(int64_t offset, int count,
 static bool is_sector_request_lun_aligned(int64_t sector_num, int nb_sectors,
                                           IscsiLun *iscsilun)
 {
-    assert(nb_sectors < BDRV_REQUEST_MAX_SECTORS);
+    assert(nb_sectors <= BDRV_REQUEST_MAX_SECTORS);
     return is_byte_request_lun_aligned(sector_num << BDRV_SECTOR_BITS,
                                        nb_sectors << BDRV_SECTOR_BITS,
                                        iscsilun);
@@ -661,7 +661,8 @@ static int coroutine_fn iscsi_co_readv(BlockDriverState *bs,
         int64_t ret;
         int pnum;
         BlockDriverState *file;
-        ret = iscsi_co_get_block_status(bs, sector_num, INT_MAX, &pnum, &file);
+        ret = iscsi_co_get_block_status(bs, sector_num,
+                                        BDRV_REQUEST_MAX_SECTORS, &pnum, &file);
         if (ret < 0) {
             return ret;
         }
-- 
2.7.4

[Qemu-devel] [PULL 25/32] serial: make tsr_retry unsigned

[Paolo Bonzini]

It can never become negative; reflect this in the type of the field
and simplify the conditions.

Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/char/serial.c         | 12 ++++++++----
 include/hw/char/serial.h |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/char/serial.c b/hw/char/serial.c
index 6d815b5..e65e9e0 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -229,7 +229,7 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
 
     do {
         assert(!(s->lsr & UART_LSR_TEMT));
-        if (s->tsr_retry <= 0) {
+        if (s->tsr_retry == 0) {
             assert(!(s->lsr & UART_LSR_THRE));
 
             if (s->fcr & UART_FCR_FE) {
@@ -252,7 +252,7 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
             /* in loopback mode, say that we just received a char */
             serial_receive1(s, &s->tsr, 1);
         } else if (qemu_chr_fe_write(s->chr, &s->tsr, 1) != 1) {
-            if (s->tsr_retry >= 0 && s->tsr_retry < MAX_XMIT_RETRY &&
+            if (s->tsr_retry < MAX_XMIT_RETRY &&
                 qemu_chr_fe_add_watch(s->chr, G_IO_OUT|G_IO_HUP,
                                       serial_xmit, s) > 0) {
                 s->tsr_retry++;
@@ -330,7 +330,7 @@ static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
             s->lsr &= ~UART_LSR_THRE;
             s->lsr &= ~UART_LSR_TEMT;
             serial_update_irq(s);
-            if (s->tsr_retry <= 0) {
+            if (s->tsr_retry == 0) {
                 serial_xmit(NULL, G_IO_OUT, s);
             }
         }
@@ -639,6 +639,10 @@ static int serial_post_load(void *opaque, int version_id)
     if (s->thr_ipending == -1) {
         s->thr_ipending = ((s->iir & UART_IIR_ID) == UART_IIR_THRI);
     }
+    if (s->tsr_retry > MAX_XMIT_RETRY) {
+        s->tsr_retry = MAX_XMIT_RETRY;
+    }
+
     s->last_break_enable = (s->lcr >> 6) & 1;
     /* Initialize fcr via setter to perform essential side-effects */
     serial_write_fcr(s, s->fcr_vmstate);
@@ -685,7 +689,7 @@ static const VMStateDescription vmstate_serial_tsr = {
     .minimum_version_id = 1,
     .needed = serial_tsr_needed,
     .fields = (VMStateField[]) {
-        VMSTATE_INT32(tsr_retry, SerialState),
+        VMSTATE_UINT32(tsr_retry, SerialState),
         VMSTATE_UINT8(thr, SerialState),
         VMSTATE_UINT8(tsr, SerialState),
         VMSTATE_END_OF_LIST()
diff --git a/include/hw/char/serial.h b/include/hw/char/serial.h
index 15beb6b..6a322eb 100644
--- a/include/hw/char/serial.h
+++ b/include/hw/char/serial.h
@@ -55,7 +55,7 @@ struct SerialState {
     int last_break_enable;
     int it_shift;
     int baudbase;
-    int tsr_retry;
+    uint32_t tsr_retry;
     uint32_t wakeup;
 
     /* Time when the last byte was successfully sent out of the tsr */
-- 
2.7.4

[Qemu-devel] [PULL 26/32] serial: simplify tsr_retry reset

[Paolo Bonzini]

Move common code outside the if, and reset tsr_retry even in loopback mode.
Right now it cannot become non-zero, but it will be possible as soon as
we start respecting the baud rate.

Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/char/serial.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/hw/char/serial.c b/hw/char/serial.c
index e65e9e0..904b218 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -258,10 +258,8 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
                 s->tsr_retry++;
                 return FALSE;
             }
-            s->tsr_retry = 0;
-        } else {
-            s->tsr_retry = 0;
         }
+        s->tsr_retry = 0;
 
         /* Transmit another byte if it is already available. It is only
            possible when FIFO is enabled and not empty. */
-- 
2.7.4

[Qemu-devel] [PULL 27/32] serial: separate serial_xmit and serial_watch_cb

[Paolo Bonzini]

serial_xmit starts transmission of whatever is in the transmitter
register, THR or FIFO; serial_watch_cb is a wrapper around it and is
only used as a qemu_chr_fe_add_watch callback.

Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/char/serial.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/hw/char/serial.c b/hw/char/serial.c
index 904b218..0b09094 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -106,6 +106,7 @@ do {} while (0)
 #endif
 
 static void serial_receive1(void *opaque, const uint8_t *buf, int size);
+static void serial_xmit(SerialState *s);
 
 static inline void recv_fifo_put(SerialState *s, uint8_t chr)
 {
@@ -223,10 +224,16 @@ static void serial_update_msl(SerialState *s)
     }
 }
 
-static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
+static gboolean serial_watch_cb(GIOChannel *chan, GIOCondition cond,
+                                void *opaque)
 {
     SerialState *s = opaque;
+    serial_xmit(s);
+    return FALSE;
+}
 
+static void serial_xmit(SerialState *s)
+{
     do {
         assert(!(s->lsr & UART_LSR_TEMT));
         if (s->tsr_retry == 0) {
@@ -254,9 +261,9 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
         } else if (qemu_chr_fe_write(s->chr, &s->tsr, 1) != 1) {
             if (s->tsr_retry < MAX_XMIT_RETRY &&
                 qemu_chr_fe_add_watch(s->chr, G_IO_OUT|G_IO_HUP,
-                                      serial_xmit, s) > 0) {
+                                      serial_watch_cb, s) > 0) {
                 s->tsr_retry++;
-                return FALSE;
+                return;
             }
         }
         s->tsr_retry = 0;
@@ -267,11 +274,8 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
 
     s->last_xmit_ts = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
     s->lsr |= UART_LSR_TEMT;
-
-    return FALSE;
 }
 
-
 /* Setter for FCR.
    is_load flag means, that value is set while loading VM state
    and interrupt should not be invoked */
@@ -329,7 +333,7 @@ static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
             s->lsr &= ~UART_LSR_TEMT;
             serial_update_irq(s);
             if (s->tsr_retry == 0) {
-                serial_xmit(NULL, G_IO_OUT, s);
+                serial_xmit(s);
             }
         }
         break;
-- 
2.7.4

[Qemu-devel] [PULL 28/32] char: change qemu_chr_fe_add_watch to return unsigned

[Paolo Bonzini]

g_source_attach can return any value between 1 and UINT_MAX if you let
QEMU run long enough.  However, qemu_chr_fe_add_watch can also return
a negative errno value when the device is disconnected or does not
support chr_add_watch.  Change it to return zero to avoid overloading
these values.

Fix the cadence_uart which asserts in this case (easily obtained with
"-serial pty").

Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/char/cadence_uart.c |  9 ++++++---
 include/sysemu/char.h  | 16 ++++++++++++++--
 net/vhost-user.c       |  2 +-
 qemu-char.c            |  8 ++++----
 4 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index 844542f..e3bc52f 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -295,9 +295,12 @@ static gboolean cadence_uart_xmit(GIOChannel *chan, GIOCondition cond,
     }
 
     if (s->tx_count) {
-        int r = qemu_chr_fe_add_watch(s->chr, G_IO_OUT|G_IO_HUP,
-                                      cadence_uart_xmit, s);
-        assert(r);
+        guint r = qemu_chr_fe_add_watch(s->chr, G_IO_OUT|G_IO_HUP,
+                                        cadence_uart_xmit, s);
+        if (!r) {
+            s->tx_count = 0;
+            return FALSE;
+        }
     }
 
     uart_update_status(s);
diff --git a/include/sysemu/char.h b/include/sysemu/char.h
index 1eb2d0f..57df10a 100644
--- a/include/sysemu/char.h
+++ b/include/sysemu/char.h
@@ -221,8 +221,20 @@ void qemu_chr_fe_event(CharDriverState *s, int event);
 void qemu_chr_fe_printf(CharDriverState *s, const char *fmt, ...)
     GCC_FMT_ATTR(2, 3);
 
-int qemu_chr_fe_add_watch(CharDriverState *s, GIOCondition cond,
-                          GIOFunc func, void *user_data);
+/**
+ * @qemu_chr_fe_add_watch:
+ *
+ * If the backend is connected, create and add a #GSource that fires
+ * when the given condition (typically G_IO_OUT|G_IO_HUP or G_IO_HUP)
+ * is active; return the #GSource's tag.  If it is disconnected,
+ * return 0.
+ *
+ * @cond the condition to poll for
+ * @func the function to call when the condition happens
+ * @user_data the opaque pointer to pass to @func
+ */
+guint qemu_chr_fe_add_watch(CharDriverState *s, GIOCondition cond,
+                            GIOFunc func, void *user_data);
 
 /**
  * @qemu_chr_fe_write:
diff --git a/net/vhost-user.c b/net/vhost-user.c
index d72ce9b..636899a 100644
--- a/net/vhost-user.c
+++ b/net/vhost-user.c
@@ -22,7 +22,7 @@ typedef struct VhostUserState {
     NetClientState nc;
     CharDriverState *chr;
     VHostNetState *vhost_net;
-    int watch;
+    guint watch;
     uint64_t acked_features;
 } VhostUserState;
 
diff --git a/qemu-char.c b/qemu-char.c
index 016badb..4aeafe8 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -3966,19 +3966,19 @@ void qemu_chr_fe_event(struct CharDriverState *chr, int event)
     }
 }
 
-int qemu_chr_fe_add_watch(CharDriverState *s, GIOCondition cond,
-                          GIOFunc func, void *user_data)
+guint qemu_chr_fe_add_watch(CharDriverState *s, GIOCondition cond,
+                            GIOFunc func, void *user_data)
 {
     GSource *src;
     guint tag;
 
     if (s->chr_add_watch == NULL) {
-        return -ENOSYS;
+        return 0;
     }
 
     src = s->chr_add_watch(s, cond);
     if (!src) {
-        return -EINVAL;
+        return 0;
     }
 
     g_source_set_callback(src, (GSourceFunc)func, user_data, NULL);
-- 
2.7.4

[Qemu-devel] [PULL 29/32] serial: remove watch on reset

[Paolo Bonzini]

Otherwise, this can cause serial_xmit to be entered with LSR.TEMT=0,
which is invalid and causes an assertion failure.

Reported-by: Bret Ketchum <bcketchum@gmail.com>
Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/char/serial.c         | 16 ++++++++++++----
 include/hw/char/serial.h |  1 +
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/hw/char/serial.c b/hw/char/serial.c
index 0b09094..af39e8f 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -228,6 +228,7 @@ static gboolean serial_watch_cb(GIOChannel *chan, GIOCondition cond,
                                 void *opaque)
 {
     SerialState *s = opaque;
+    s->watch_tag = 0;
     serial_xmit(s);
     return FALSE;
 }
@@ -258,10 +259,12 @@ static void serial_xmit(SerialState *s)
         if (s->mcr & UART_MCR_LOOP) {
             /* in loopback mode, say that we just received a char */
             serial_receive1(s, &s->tsr, 1);
-        } else if (qemu_chr_fe_write(s->chr, &s->tsr, 1) != 1) {
-            if (s->tsr_retry < MAX_XMIT_RETRY &&
-                qemu_chr_fe_add_watch(s->chr, G_IO_OUT|G_IO_HUP,
-                                      serial_watch_cb, s) > 0) {
+        } else if (qemu_chr_fe_write(s->chr, &s->tsr, 1) != 1 &&
+                   s->tsr_retry < MAX_XMIT_RETRY) {
+            assert(s->watch_tag == 0);
+            s->watch_tag = qemu_chr_fe_add_watch(s->chr, G_IO_OUT|G_IO_HUP,
+                                                 serial_watch_cb, s);
+            if (s->watch_tag > 0) {
                 s->tsr_retry++;
                 return;
             }
@@ -821,6 +824,11 @@ static void serial_reset(void *opaque)
 {
     SerialState *s = opaque;
 
+    if (s->watch_tag > 0) {
+        g_source_remove(s->watch_tag);
+        s->watch_tag = 0;
+    }
+
     s->rbr = 0;
     s->ier = 0;
     s->iir = UART_IIR_NO_INT;
diff --git a/include/hw/char/serial.h b/include/hw/char/serial.h
index 6a322eb..9feddc6 100644
--- a/include/hw/char/serial.h
+++ b/include/hw/char/serial.h
@@ -56,6 +56,7 @@ struct SerialState {
     int it_shift;
     int baudbase;
     uint32_t tsr_retry;
+    guint watch_tag;
     uint32_t wakeup;
 
     /* Time when the last byte was successfully sent out of the tsr */
-- 
2.7.4

[Qemu-devel] [PULL 30/32] serial: reinstate watch after migration

[Paolo Bonzini]

Otherwise, a serial port can get stuck if it is migrated while flow control
is in effect.

Tested-by: Bret Ketchum <bcketchum@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/char/serial.c | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/hw/char/serial.c b/hw/char/serial.c
index af39e8f..3442f47 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -644,8 +644,29 @@ static int serial_post_load(void *opaque, int version_id)
     if (s->thr_ipending == -1) {
         s->thr_ipending = ((s->iir & UART_IIR_ID) == UART_IIR_THRI);
     }
-    if (s->tsr_retry > MAX_XMIT_RETRY) {
-        s->tsr_retry = MAX_XMIT_RETRY;
+
+    if (s->tsr_retry > 0) {
+        /* tsr_retry > 0 implies LSR.TEMT = 0 (transmitter not empty).  */
+        if (s->lsr & UART_LSR_TEMT) {
+            error_report("inconsistent state in serial device "
+                         "(tsr empty, tsr_retry=%d", s->tsr_retry);
+            return -1;
+        }
+
+        if (s->tsr_retry > MAX_XMIT_RETRY) {
+            s->tsr_retry = MAX_XMIT_RETRY;
+        }
+
+        assert(s->watch_tag == 0);
+        s->watch_tag = qemu_chr_fe_add_watch(s->chr, G_IO_OUT|G_IO_HUP,
+                                             serial_watch_cb, s);
+    } else {
+        /* tsr_retry == 0 implies LSR.TEMT = 1 (transmitter empty).  */
+        if (!(s->lsr & UART_LSR_TEMT)) {
+            error_report("inconsistent state in serial device "
+                         "(tsr not empty, tsr_retry=0");
+            return -1;
+        }
     }
 
     s->last_break_enable = (s->lcr >> 6) & 1;
-- 
2.7.4

[Qemu-devel] [PULL 31/32] ich9: implement ACPI_EN register

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/isa/lpc_ich9.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index fe0ba83..f8e6fb8 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -394,10 +394,16 @@ static void ich9_apm_ctrl_changed(uint32_t val, void *arg)
 
 /* config:PMBASE */
 static void
-ich9_lpc_pmbase_update(ICH9LPCState *lpc)
+ich9_lpc_pmbase_sci_update(ICH9LPCState *lpc)
 {
     uint32_t pm_io_base = pci_get_long(lpc->d.config + ICH9_LPC_PMBASE);
-    pm_io_base &= ICH9_LPC_PMBASE_BASE_ADDRESS_MASK;
+    uint8_t acpi_cntl = pci_get_long(lpc->d.config + ICH9_LPC_ACPI_CTRL);
+
+    if (acpi_cntl & ICH9_LPC_ACPI_CTRL_ACPI_EN) {
+        pm_io_base &= ICH9_LPC_PMBASE_BASE_ADDRESS_MASK;
+    } else {
+        pm_io_base = 0;
+    }
 
     ich9_pm_iospace_update(&lpc->pm, pm_io_base);
 }
@@ -449,7 +455,8 @@ static void ich9_lpc_config_write(PCIDevice *d,
     uint32_t rcba_old = pci_get_long(d->config + ICH9_LPC_RCBA);
 
     pci_default_write_config(d, addr, val, len);
-    if (ranges_overlap(addr, len, ICH9_LPC_PMBASE, 4)) {
+    if (ranges_overlap(addr, len, ICH9_LPC_PMBASE, 4) ||
+        ranges_overlap(addr, len, ICH9_LPC_ACPI_CTRL, 1)) {
         ich9_lpc_pmbase_update(lpc);
     }
     if (ranges_overlap(addr, len, ICH9_LPC_RCBA, 4)) {
@@ -610,6 +617,8 @@ static void ich9_lpc_realize(PCIDevice *d, Error **errp)
 
     pci_set_long(d->wmask + ICH9_LPC_PMBASE,
                  ICH9_LPC_PMBASE_BASE_ADDRESS_MASK);
+    pci_set_byte(d->wmask + ICH9_LPC_PMBASE,
+                 ICH9_LPC_ACPI_CTRL_ACPI_EN);
 
     memory_region_init_io(&lpc->rcrb_mem, OBJECT(d), &rcrb_mmio_ops, lpc,
                           "lpc-rcrb-mmio", ICH9_CC_SIZE);
-- 
2.7.4

[Qemu-devel] [PULL 32/32] ich9: implement SCI_IRQ_SEL register

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/isa/lpc_ich9.c      | 28 ++++++++++++++++++----------
 include/hw/i386/ich9.h |  1 +
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index f8e6fb8..10d1ee8 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -49,8 +49,6 @@
 #include "sysemu/sysemu.h"
 #include "qom/cpu.h"
 
-static int ich9_lpc_sci_irq(ICH9LPCState *lpc);
-
 /*****************************************************************************/
 /* ICH9 LPC PCI to ISA bridge */
 
@@ -221,7 +219,7 @@ static void ich9_lpc_update_pic(ICH9LPCState *lpc, int gsi)
             pic_level |= pci_bus_get_irq_level(lpc->d.bus, i);
         }
     }
-    if (gsi == ich9_lpc_sci_irq(lpc)) {
+    if (gsi == lpc->sci_gsi) {
         pic_level |= lpc->sci_level;
     }
 
@@ -247,7 +245,7 @@ static void ich9_lpc_update_apic(ICH9LPCState *lpc, int gsi)
     assert(gsi >= ICH9_LPC_PIC_NUM_PINS);
 
     level |= pci_bus_get_irq_level(lpc->d.bus, ich9_gsi_to_pirq(gsi));
-    if (gsi == ich9_lpc_sci_irq(lpc)) {
+    if (gsi == lpc->sci_gsi) {
         level |= lpc->sci_level;
     }
 
@@ -350,7 +348,7 @@ static void ich9_set_sci(void *opaque, int irq_num, int level)
     }
     lpc->sci_level = level;
 
-    irq = ich9_lpc_sci_irq(lpc);
+    irq = lpc->sci_gsi;
     if (irq < 0) {
         return;
     }
@@ -398,6 +396,7 @@ ich9_lpc_pmbase_sci_update(ICH9LPCState *lpc)
 {
     uint32_t pm_io_base = pci_get_long(lpc->d.config + ICH9_LPC_PMBASE);
     uint8_t acpi_cntl = pci_get_long(lpc->d.config + ICH9_LPC_ACPI_CTRL);
+    uint8_t new_gsi;
 
     if (acpi_cntl & ICH9_LPC_ACPI_CTRL_ACPI_EN) {
         pm_io_base &= ICH9_LPC_PMBASE_BASE_ADDRESS_MASK;
@@ -406,6 +405,14 @@ ich9_lpc_pmbase_sci_update(ICH9LPCState *lpc)
     }
 
     ich9_pm_iospace_update(&lpc->pm, pm_io_base);
+
+    new_gsi = ich9_lpc_sci_irq(lpc);
+    if (lpc->sci_level && new_gsi != lpc->sci_gsi) {
+        qemu_set_irq(lpc->pm.irq, 0);
+        lpc->sci_gsi = new_gsi;
+        qemu_set_irq(lpc->pm.irq, 1);
+    }
+    lpc->sci_gsi = new_gsi;
 }
 
 /* config:RCBA */
@@ -442,7 +449,7 @@ static int ich9_lpc_post_load(void *opaque, int version_id)
 {
     ICH9LPCState *lpc = opaque;
 
-    ich9_lpc_pmbase_update(lpc);
+    ich9_lpc_pmbase_sci_update(lpc);
     ich9_lpc_rcba_update(lpc, 0 /* disabled ICH9_LPC_RCBA_EN */);
     ich9_lpc_pmcon_update(lpc);
     return 0;
@@ -457,7 +464,7 @@ static void ich9_lpc_config_write(PCIDevice *d,
     pci_default_write_config(d, addr, val, len);
     if (ranges_overlap(addr, len, ICH9_LPC_PMBASE, 4) ||
         ranges_overlap(addr, len, ICH9_LPC_ACPI_CTRL, 1)) {
-        ich9_lpc_pmbase_update(lpc);
+        ich9_lpc_pmbase_sci_update(lpc);
     }
     if (ranges_overlap(addr, len, ICH9_LPC_RCBA, 4)) {
         ich9_lpc_rcba_update(lpc, rcba_old);
@@ -495,7 +502,7 @@ static void ich9_lpc_reset(DeviceState *qdev)
 
     ich9_cc_reset(lpc);
 
-    ich9_lpc_pmbase_update(lpc);
+    ich9_lpc_pmbase_sci_update(lpc);
     ich9_lpc_rcba_update(lpc, rcba_old);
 
     lpc->sci_level = 0;
@@ -575,7 +582,7 @@ static void ich9_lpc_get_sci_int(Object *obj, Visitor *v, const char *name,
                                  void *opaque, Error **errp)
 {
     ICH9LPCState *lpc = ICH9_LPC_DEVICE(obj);
-    uint32_t value = ich9_lpc_sci_irq(lpc);
+    uint32_t value = lpc->sci_gsi;
 
     visit_type_uint32(v, name, &value, errp);
 }
@@ -618,7 +625,8 @@ static void ich9_lpc_realize(PCIDevice *d, Error **errp)
     pci_set_long(d->wmask + ICH9_LPC_PMBASE,
                  ICH9_LPC_PMBASE_BASE_ADDRESS_MASK);
     pci_set_byte(d->wmask + ICH9_LPC_PMBASE,
-                 ICH9_LPC_ACPI_CTRL_ACPI_EN);
+                 ICH9_LPC_ACPI_CTRL_ACPI_EN |
+                 ICH9_LPC_ACPI_CTRL_SCI_IRQ_SEL_MASK);
 
     memory_region_init_io(&lpc->rcrb_mem, OBJECT(d), &rcrb_mmio_ops, lpc,
                           "lpc-rcrb-mmio", ICH9_CC_SIZE);
diff --git a/include/hw/i386/ich9.h b/include/hw/i386/ich9.h
index c14490b..5fd7e97 100644
--- a/include/hw/i386/ich9.h
+++ b/include/hw/i386/ich9.h
@@ -45,6 +45,7 @@ typedef struct ICH9LPCState {
     APMState apm;
     ICH9LPCPMRegs pm;
     uint32_t sci_level; /* track sci level */
+    uint8_t sci_gsi;
 
     /* 2.24 Pin Straps */
     struct {
-- 
2.7.4

Re: [Qemu-devel] [PULL 00/32] Misc patches for QEMU soft freeze

[Peter Maydell]

On 28 June 2016 at 18:33, Paolo Bonzini <pbonzini@redhat.com> wrote:
> The following changes since commit 7dd929dfdc5c52ce79b21bf557ff506e89acbf63:
>
>   configure: Make AVX2 test robust to non-ELF systems (2016-06-28 15:40:40 +0100)
>
> are available in the git repository at:
>
>   git://github.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to ea74c50f48100860ef4d27f4a1b2aa3f5cb9a766:
>
>   vl: smp_parse: fix regression (2016-06-28 19:19:29 +0200)
>
> ----------------------------------------------------------------
> * serial port fixes (Paolo)
> * Q35 modeling improvements (Paolo, Vasily)
> * chardev cleanup improvements (Marc-André)
> * iscsi bugfix (Peter L.)
> * cpu_exec patch from multi-arch patches (Peter C.)
> * pci-assign tweak (Lin Ma)

This triggers a lot of errors from the clang ubsan:

/home/petmay01/linaro/qemu-for-merges/qemu-char.c:4043:5: runtime
error: member access within misaligned address 0x101010101010101 for
type 'CharDriverState' (aka 'struct CharDriverState'), which requires
8 byte alignment
0x101010101010101: note: pointer points here


(There was also a hang trying to run tests on 32-bit
ARM, which might or might not be related. Don't have
more details on that one, sorry.)

thanks
-- PMM

Re: [Qemu-devel] [PULL 00/32] Misc patches for QEMU soft freeze

[Paolo Bonzini]

On 29/06/2016 11:42, Peter Maydell wrote:
> On 28 June 2016 at 18:33, Paolo Bonzini <pbonzini@redhat.com> wrote:
>> The following changes since commit 7dd929dfdc5c52ce79b21bf557ff506e89acbf63:
>>
>>   configure: Make AVX2 test robust to non-ELF systems (2016-06-28 15:40:40 +0100)
>>
>> are available in the git repository at:
>>
>>   git://github.com/bonzini/qemu.git tags/for-upstream
>>
>> for you to fetch changes up to ea74c50f48100860ef4d27f4a1b2aa3f5cb9a766:
>>
>>   vl: smp_parse: fix regression (2016-06-28 19:19:29 +0200)
>>
>> ----------------------------------------------------------------
>> * serial port fixes (Paolo)
>> * Q35 modeling improvements (Paolo, Vasily)
>> * chardev cleanup improvements (Marc-André)
>> * iscsi bugfix (Peter L.)
>> * cpu_exec patch from multi-arch patches (Peter C.)
>> * pci-assign tweak (Lin Ma)
> 
> This triggers a lot of errors from the clang ubsan:
> 
> /home/petmay01/linaro/qemu-for-merges/qemu-char.c:4043:5: runtime
> error: member access within misaligned address 0x101010101010101 for
> type 'CharDriverState' (aka 'struct CharDriverState'), which requires
> 8 byte alignment
> 0x101010101010101: note: pointer points here

Real bug, this should fix it:

diff --git a/qemu-char.c b/qemu-char.c
index 4aeafe8..33ddabf 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -4553,7 +4553,7 @@ static void qemu_chr_cleanup(void)
 {
     CharDriverState *chr;

-    QTAILQ_FOREACH(chr, &chardevs, next) {
+    QTAILQ_FOREACH_SAFE(chr, &chardevs, next) {
         qemu_chr_delete(chr);
     }
 }


Paolo

> 
> 
> (There was also a hang trying to run tests on 32-bit
> ARM, which might or might not be related. Don't have
> more details on that one, sorry.)
> 
> thanks
> -- PMM
> 
> 

Re: [Qemu-devel] [PULL 21/32] char: clean up remaining chardevs when leaving

[Andrew Jones]

On Tue, Jun 28, 2016 at 07:33:51PM +0200, Paolo Bonzini wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
> 
> This helps to remove various chardev resources leaks when leaving qemu.
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> Message-Id: <1466105332-10285-2-git-send-email-marcandre.lureau@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  qemu-char.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/qemu-char.c b/qemu-char.c
> index 84f49ac..016badb 100644
> --- a/qemu-char.c
> +++ b/qemu-char.c
> @@ -4549,6 +4549,15 @@ void qmp_chardev_remove(const char *id, Error **errp)
>      qemu_chr_delete(chr);
>  }
>  
> +static void qemu_chr_cleanup(void)
> +{
> +    CharDriverState *chr;
> +
> +    QTAILQ_FOREACH(chr, &chardevs, next) {
> +        qemu_chr_delete(chr);
> +    }
> +}
> +
>  static void register_types(void)
>  {
>      register_char_driver("null", CHARDEV_BACKEND_KIND_NULL, NULL,
> @@ -4595,6 +4604,8 @@ static void register_types(void)
>       * is specified
>       */
>      qemu_add_machine_init_done_notifier(&muxes_realize_notify);
> +
> +    atexit(qemu_chr_cleanup);
>  }
>  
>  type_init(register_types);
> -- 
> 2.7.4
> 
> 
>

With this patch, I now get

 qemu: qemu_mutex_destroy: Device or resource busy

and a SIGABRT when my arm tcg kvm-unit-tests guest exits
(I haven't tried any other guest types yet)

Thanks,
drew

Re: [Qemu-devel] [PULL 21/32] char: clean up remaining chardevs when leaving

[Paolo Bonzini]

On 01/07/2016 14:34, Andrew Jones wrote:
>> >
> With this patch, I now get
> 
>  qemu: qemu_mutex_destroy: Device or resource busy
> 
> and a SIGABRT when my arm tcg kvm-unit-tests guest exits
> (I haven't tried any other guest types yet)

Eric, Laszlo, is it POSIX compliant to fail destruction of a taken mutex?

Paolo

Re: [Qemu-devel] [PULL 21/32] char: clean up remaining chardevs when leaving

[Laszlo Ersek]

On 07/01/16 17:18, Paolo Bonzini wrote:
> 
> 
> On 01/07/2016 14:34, Andrew Jones wrote:
>>>>
>> With this patch, I now get
>>
>>  qemu: qemu_mutex_destroy: Device or resource busy
>>
>> and a SIGABRT when my arm tcg kvm-unit-tests guest exits
>> (I haven't tried any other guest types yet)
> 
> Eric, Laszlo, is it POSIX compliant to fail destruction of a taken mutex?

http://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_mutex_destroy.html

    [...] Attempting to destroy a locked mutex or a mutex that is
    referenced (for example, while being used in a
    pthread_cond_timedwait() or pthread_cond_wait()) by another thread
    results in undefined behavior.

Thus EBUSY is POSIX compliant, because just the attempt is undefined
behavior.

Thanks
Laszlo