[Qemu-devel] [PULL v2 00/15] Misc patches for QEMU 3.1-rc3

[Qemu-devel] [PULL v2 00/15] Misc patches for QEMU 3.1-rc3

[Paolo Bonzini]

The following changes since commit 4822f1ee9efa8df56e29db0a68323b484bdb0335:

  Merge remote-tracking branch 'remotes/kraxel/tags/fixes-31-20181127-pull-request' into staging (2018-11-27 11:21:38 +0000)

are available in the git repository at:


  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to cb16c8466b6c62868aba47cd95fadcf316541f40:

  hostmem: no need to check for host_memory_backend_mr_inited() in alloc() (2018-11-27 15:35:19 +0100)

----------------------------------------------------------------
* lsi HBA reselection fix (George)
* Small cleanups (Li Qiang)
* bugfixes for vhost-user-bridge and hostmem (Marc-André)
* single-thread TCG fix (me)
* VMX migration blocker (me)
* target/i386 fix for LOCK (Richard)
* fix elf2dmp check (Roman)
* MAINTAINERS update (Philippe, Thomas)

----------------------------------------------------------------
George Kennedy (1):
      lsi: Reselection needed to remove pending commands from queue

Li Qiang (2):
      vl: Improve error message when we can't load fw_cfg from file
      vl.c: remove outdated comment

Marc-André Lureau (4):
      vmstate: constify VMStateField
      vhost-user-bridge: fix recvmsg iovlen
      hostmem-memfd: honour share=on/off property
      hostmem: no need to check for host_memory_backend_mr_inited() in alloc()

Paolo Bonzini (4):
      target/i386: kvm: add VMX migration blocker
      cpus: run work items for all vCPUs if single-threaded
      migration: savevm: consult migration blockers
      checkpatch: g_test_message does not need a trailing newline

Philippe Mathieu-Daudé (1):
      MAINTAINERS: Add an entry for the Firmware Configuration (fw_cfg) device

Richard Henderson (1):
      target/i386: Generate #UD when applying LOCK to a register destination

Roman Kagan (1):
      configure: fix elf2dmp check

Thomas Huth (1):
      MAINTAINERS: Add some missing entries related to accelerators

 MAINTAINERS                 |  18 +++++++
 backends/hostmem-file.c     |  24 ++++-----
 backends/hostmem-memfd.c    |   8 ++-
 configure                   |   2 +-
 cpus.c                      |  12 +++--
 hw/display/virtio-gpu.c     |   4 +-
 hw/intc/s390_flic_kvm.c     |   4 +-
 hw/nvram/eeprom93xx.c       |   6 +--
 hw/nvram/fw_cfg.c           |   6 +--
 hw/pci/msix.c               |   4 +-
 hw/pci/pci.c                |   8 +--
 hw/pci/shpc.c               |   7 +--
 hw/scsi/lsi53c895a.c        |  48 +++++++++++++-----
 hw/scsi/scsi-bus.c          |   4 +-
 hw/timer/twl92230.c         |   4 +-
 hw/usb/redirect.c           |  12 ++---
 hw/virtio/virtio.c          |   8 +--
 include/migration/vmstate.h |   6 +--
 migration/savevm.c          |  11 ++--
 migration/vmstate-types.c   | 119 ++++++++++++++++++++++++--------------------
 migration/vmstate.c         |  31 ++++++------
 qemu-options.hx             |   4 +-
 scripts/checkpatch.pl       |   3 +-
 target/alpha/machine.c      |   5 +-
 target/arm/machine.c        |  12 ++---
 target/hppa/machine.c       |  10 ++--
 target/i386/kvm.c           |  15 ++++--
 target/i386/translate.c     |  35 +++++++------
 target/mips/machine.c       |  14 +++---
 target/openrisc/machine.c   |   5 +-
 target/ppc/machine.c        |  14 +++---
 target/sparc/machine.c      |   7 +--
 tests/vhost-user-bridge.c   |   2 +-
 vl.c                        |   9 ++--
 34 files changed, 286 insertions(+), 195 deletions(-)
-- 
1.8.3.1

[Qemu-devel] [PULL 01/15] target/i386: kvm: add VMX migration blocker

[Paolo Bonzini]

Nested VMX does not support live migration yet.  Add a blocker
until that is worked out.

Nested SVM only does not support it, but unfortunately it is
enabled by default for -cpu host so we cannot really disable it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/kvm.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 3d6739a..2724800 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -855,6 +855,7 @@ static int hyperv_init_vcpu(X86CPU *cpu)
 }
 
 static Error *invtsc_mig_blocker;
+static Error *vmx_mig_blocker;
 
 #define KVM_MAX_CPUID_ENTRIES  100
 
@@ -1247,6 +1248,17 @@ int kvm_arch_init_vcpu(CPUState *cs)
                                   !!(c->ecx & CPUID_EXT_SMX);
     }
 
+    if ((env->features[FEAT_1_ECX] & CPUID_EXT_VMX) && !vmx_mig_blocker) {
+        error_setg(&vmx_mig_blocker,
+                   "Nested VMX virtualization does not support live migration yet");
+        r = migrate_add_blocker(vmx_mig_blocker, &local_err);
+        if (local_err) {
+            error_report_err(local_err);
+            error_free(vmx_mig_blocker);
+            return r;
+        }
+    }
+
     if (env->mcg_cap & MCG_LMCE_P) {
         has_msr_mcg_ext_ctl = has_msr_feature_control = true;
     }
-- 
1.8.3.1

[Qemu-devel] [PULL 02/15] cpus: run work items for all vCPUs if single-threaded

[Paolo Bonzini]

This avoids the following I/O thread deadlock:

1) the I/O thread calls run_on_cpu for CPU 3 from a timer.  single_tcg_halt_cond
is signaled

2) CPU 1 is running and exits.  It finds no work item and enters CPU 2

3) because the I/O thread is stuck in run_on_cpu, the round-robin kick
timer never triggers, and CPU 3 never runs the work item

4) run_on_cpu never completes

Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 cpus.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/cpus.c b/cpus.c
index a2b33cc..0ddeeef 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1220,16 +1220,20 @@ static void qemu_wait_io_event_common(CPUState *cpu)
     process_queued_cpu_work(cpu);
 }
 
-static void qemu_tcg_rr_wait_io_event(CPUState *cpu)
+static void qemu_tcg_rr_wait_io_event(void)
 {
+    CPUState *cpu;
+
     while (all_cpu_threads_idle()) {
         stop_tcg_kick_timer();
-        qemu_cond_wait(cpu->halt_cond, &qemu_global_mutex);
+        qemu_cond_wait(first_cpu->halt_cond, &qemu_global_mutex);
     }
 
     start_tcg_kick_timer();
 
-    qemu_wait_io_event_common(cpu);
+    CPU_FOREACH(cpu) {
+        qemu_wait_io_event_common(cpu);
+    }
 }
 
 static void qemu_wait_io_event(CPUState *cpu)
@@ -1562,7 +1566,7 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
             qemu_notify_event();
         }
 
-        qemu_tcg_rr_wait_io_event(cpu ? cpu : first_cpu);
+        qemu_tcg_rr_wait_io_event();
         deal_with_unplugged_cpus();
     }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 03/15] lsi: Reselection needed to remove pending commands from queue

[Paolo Bonzini]

From: George Kennedy <george.kennedy@oracle.com>

Under heavy IO (e.g. fio) the queue is not checked frequently enough for
pending commands. As a result some pending commands are timed out by the
linux sym53c8xx driver, which sends SCSI Abort messages for the timed out
commands. The SCSI Abort messages result in linux errors, which show up
on the console and in /var/log/messages.

e.g.
sd 0:0:3:0: [sdd] tag#33 ABORT operation started
scsi target0:0:3: control msgout:
80 20 47 d
sd 0:0:3:0: ABORT operation complete.
scsi target0:0:4: message d sent on bad reselection

Now following a WAIT DISCONNECT Script instruction, and if there is no
current command, check for a pending command on the queue and if one
exists call lsi_reselect().

Signed-off-by: George Kennedy <george.kennedy@oracle.com>
Message-Id: <1541776692-12271-1-git-send-email-george.kennedy@oracle.com>
[For safety, add a s->current check in lsi_update_irq - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/scsi/lsi53c895a.c | 48 ++++++++++++++++++++++++++++++++++++------------
 1 file changed, 36 insertions(+), 12 deletions(-)

diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index 3f207f6..52a3893 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -298,6 +298,18 @@ static inline int lsi_irq_on_rsl(LSIState *s)
     return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
 }
 
+static lsi_request *get_pending_req(LSIState *s)
+{
+    lsi_request *p;
+
+    QTAILQ_FOREACH(p, &s->queue, next) {
+        if (p->pending) {
+            return p;
+        }
+    }
+    return NULL;
+}
+
 static void lsi_soft_reset(LSIState *s)
 {
     trace_lsi_reset();
@@ -446,7 +458,6 @@ static void lsi_update_irq(LSIState *s)
 {
     int level;
     static int last_level;
-    lsi_request *p;
 
     /* It's unclear whether the DIP/SIP bits should be cleared when the
        Interrupt Status Registers are cleared or when istat0 is read.
@@ -476,13 +487,13 @@ static void lsi_update_irq(LSIState *s)
     }
     lsi_set_irq(s, level);
 
-    if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
+    if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
+        lsi_request *p;
+
         trace_lsi_update_irq_disconnected();
-        QTAILQ_FOREACH(p, &s->queue, next) {
-            if (p->pending) {
-                lsi_reselect(s, p);
-                break;
-            }
+        p = get_pending_req(s);
+        if (p) {
+            lsi_reselect(s, p);
         }
     }
 }
@@ -1065,11 +1076,12 @@ static void lsi_wait_reselect(LSIState *s)
 
     trace_lsi_wait_reselect();
 
-    QTAILQ_FOREACH(p, &s->queue, next) {
-        if (p->pending) {
-            lsi_reselect(s, p);
-            break;
-        }
+    if (s->current) {
+        return;
+    }
+    p = get_pending_req(s);
+    if (p) {
+        lsi_reselect(s, p);
     }
     if (s->current == NULL) {
         s->waiting = 1;
@@ -1259,6 +1271,18 @@ again:
             case 1: /* Disconnect */
                 trace_lsi_execute_script_io_disconnect();
                 s->scntl1 &= ~LSI_SCNTL1_CON;
+                /* FIXME: this is not entirely correct; the target need not ask
+                 * for reselection until it has to send data, while here we force a
+                 * reselection as soon as the bus is free.  The correct flow would
+                 * reselect before lsi_transfer_data and disconnect as soon as
+                 * DMA ends.
+                 */
+                if (!s->current) {
+                    lsi_request *p = get_pending_req(s);
+                    if (p) {
+                        lsi_reselect(s, p);
+                    }
+                }
                 break;
             case 2: /* Wait Reselect */
                 if (!lsi_irq_on_rsl(s)) {
-- 
1.8.3.1

[Qemu-devel] [PULL 04/15] migration: savevm: consult migration blockers

[Paolo Bonzini]

There is really no difference between live migration and savevm, except
that savevm does not require bdrv_invalidate_cache to be implemented
by all disks.  However, it is unlikely that savevm is used with anything
except qcow2 disks, so the penalty is small and worth the improvement
in catching bad usage of savevm.

Only one place was taking care of savevm when adding a migration blocker,
and it can be removed.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 migration/savevm.c | 4 ++++
 target/i386/kvm.c  | 3 ---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/migration/savevm.c b/migration/savevm.c
index ef707b8..1c49776 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -2455,6 +2455,10 @@ int save_snapshot(const char *name, Error **errp)
     struct tm tm;
     AioContext *aio_context;
 
+    if (migration_is_blocked(errp)) {
+        return false;
+    }
+
     if (!replay_can_snapshot()) {
         error_setg(errp, "Record/replay does not allow making snapshot "
                    "right now. Try once more later.");
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 2724800..b2401d1 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1266,7 +1266,6 @@ int kvm_arch_init_vcpu(CPUState *cs)
     if (!env->user_tsc_khz) {
         if ((env->features[FEAT_8000_0007_EDX] & CPUID_APM_INVTSC) &&
             invtsc_mig_blocker == NULL) {
-            /* for migration */
             error_setg(&invtsc_mig_blocker,
                        "State blocked by non-migratable CPU device"
                        " (invtsc flag)");
@@ -1276,8 +1275,6 @@ int kvm_arch_init_vcpu(CPUState *cs)
                 error_free(invtsc_mig_blocker);
                 return r;
             }
-            /* for savevm */
-            vmstate_x86_cpu.unmigratable = 1;
         }
     }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 05/15] vmstate: constify VMStateField

[Paolo Bonzini]

From: Marc-André Lureau <marcandre.lureau@redhat.com>

Because they are supposed to remain const.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20181114132931.22624-1-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/display/virtio-gpu.c     |   4 +-
 hw/intc/s390_flic_kvm.c     |   4 +-
 hw/nvram/eeprom93xx.c       |   6 +--
 hw/nvram/fw_cfg.c           |   6 +--
 hw/pci/msix.c               |   4 +-
 hw/pci/pci.c                |   8 +--
 hw/pci/shpc.c               |   7 +--
 hw/scsi/scsi-bus.c          |   4 +-
 hw/timer/twl92230.c         |   4 +-
 hw/usb/redirect.c           |  12 ++---
 hw/virtio/virtio.c          |   8 +--
 include/migration/vmstate.h |   6 +--
 migration/savevm.c          |   7 +--
 migration/vmstate-types.c   | 119 ++++++++++++++++++++++++--------------------
 migration/vmstate.c         |  31 ++++++------
 target/alpha/machine.c      |   5 +-
 target/arm/machine.c        |  12 ++---
 target/hppa/machine.c       |  10 ++--
 target/mips/machine.c       |  14 +++---
 target/openrisc/machine.c   |   5 +-
 target/ppc/machine.c        |  14 +++---
 target/sparc/machine.c      |   7 +--
 22 files changed, 162 insertions(+), 135 deletions(-)

diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 7be3a9d..c6fab56 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -1073,7 +1073,7 @@ static const VMStateDescription vmstate_virtio_gpu_scanouts = {
 };
 
 static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size,
-                           VMStateField *field, QJSON *vmdesc)
+                           const VMStateField *field, QJSON *vmdesc)
 {
     VirtIOGPU *g = opaque;
     struct virtio_gpu_simple_resource *res;
@@ -1101,7 +1101,7 @@ static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size,
 }
 
 static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size,
-                           VMStateField *field)
+                           const VMStateField *field)
 {
     VirtIOGPU *g = opaque;
     struct virtio_gpu_simple_resource *res;
diff --git a/hw/intc/s390_flic_kvm.c b/hw/intc/s390_flic_kvm.c
index 3f804ad..a03df37 100644
--- a/hw/intc/s390_flic_kvm.c
+++ b/hw/intc/s390_flic_kvm.c
@@ -376,7 +376,7 @@ static void kvm_s390_release_adapter_routes(S390FLICState *fs,
  * reached
  */
 static int kvm_flic_save(QEMUFile *f, void *opaque, size_t size,
-                         VMStateField *field, QJSON *vmdesc)
+                         const VMStateField *field, QJSON *vmdesc)
 {
     KVMS390FLICState *flic = opaque;
     int len = FLIC_SAVE_INITIAL_SIZE;
@@ -426,7 +426,7 @@ static int kvm_flic_save(QEMUFile *f, void *opaque, size_t size,
  * in QEMUFile
  */
 static int kvm_flic_load(QEMUFile *f, void *opaque, size_t size,
-                         VMStateField *field)
+                         const VMStateField *field)
 {
     uint64_t len = 0;
     uint64_t count = 0;
diff --git a/hw/nvram/eeprom93xx.c b/hw/nvram/eeprom93xx.c
index 2fd0e3c..2db3d7c 100644
--- a/hw/nvram/eeprom93xx.c
+++ b/hw/nvram/eeprom93xx.c
@@ -95,15 +95,15 @@ struct _eeprom_t {
  */
 
 static int get_uint16_from_uint8(QEMUFile *f, void *pv, size_t size,
-                                 VMStateField *field)
+                                 const VMStateField *field)
 {
     uint16_t *v = pv;
     *v = qemu_get_ubyte(f);
     return 0;
 }
 
-static int put_unused(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                      QJSON *vmdesc)
+static int put_unused(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field, QJSON *vmdesc)
 {
     fprintf(stderr, "uint16_from_uint8 is used only for backwards compatibility.\n");
     fprintf(stderr, "Never should be used to write a new state.\n");
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 946f765..3cb726f 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -520,15 +520,15 @@ static void fw_cfg_reset(DeviceState *d)
  */
 
 static int get_uint32_as_uint16(QEMUFile *f, void *pv, size_t size,
-                                VMStateField *field)
+                                const VMStateField *field)
 {
     uint32_t *v = pv;
     *v = qemu_get_be16(f);
     return 0;
 }
 
-static int put_unused(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                      QJSON *vmdesc)
+static int put_unused(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field, QJSON *vmdesc)
 {
     fprintf(stderr, "uint32_as_uint16 is only used for backward compatibility.\n");
     fprintf(stderr, "This functions shouldn't be called.\n");
diff --git a/hw/pci/msix.c b/hw/pci/msix.c
index c944c02..702dac4 100644
--- a/hw/pci/msix.c
+++ b/hw/pci/msix.c
@@ -625,7 +625,7 @@ void msix_unset_vector_notifiers(PCIDevice *dev)
 }
 
 static int put_msix_state(QEMUFile *f, void *pv, size_t size,
-                          VMStateField *field, QJSON *vmdesc)
+                          const VMStateField *field, QJSON *vmdesc)
 {
     msix_save(pv, f);
 
@@ -633,7 +633,7 @@ static int put_msix_state(QEMUFile *f, void *pv, size_t size,
 }
 
 static int get_msix_state(QEMUFile *f, void *pv, size_t size,
-                          VMStateField *field)
+                          const VMStateField *field)
 {
     msix_load(pv, f);
     return 0;
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index b937f0d..56b13b3 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -450,7 +450,7 @@ int pci_bus_numa_node(PCIBus *bus)
 }
 
 static int get_pci_config_device(QEMUFile *f, void *pv, size_t size,
-                                 VMStateField *field)
+                                 const VMStateField *field)
 {
     PCIDevice *s = container_of(pv, PCIDevice, config);
     PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(s);
@@ -490,7 +490,7 @@ static int get_pci_config_device(QEMUFile *f, void *pv, size_t size,
 
 /* just put buffer */
 static int put_pci_config_device(QEMUFile *f, void *pv, size_t size,
-                                 VMStateField *field, QJSON *vmdesc)
+                                 const VMStateField *field, QJSON *vmdesc)
 {
     const uint8_t **v = pv;
     assert(size == pci_config_size(container_of(pv, PCIDevice, config)));
@@ -506,7 +506,7 @@ static VMStateInfo vmstate_info_pci_config = {
 };
 
 static int get_pci_irq_state(QEMUFile *f, void *pv, size_t size,
-                             VMStateField *field)
+                             const VMStateField *field)
 {
     PCIDevice *s = container_of(pv, PCIDevice, irq_state);
     uint32_t irq_state[PCI_NUM_PINS];
@@ -528,7 +528,7 @@ static int get_pci_irq_state(QEMUFile *f, void *pv, size_t size,
 }
 
 static int put_pci_irq_state(QEMUFile *f, void *pv, size_t size,
-                             VMStateField *field, QJSON *vmdesc)
+                             const VMStateField *field, QJSON *vmdesc)
 {
     int i;
     PCIDevice *s = container_of(pv, PCIDevice, irq_state);
diff --git a/hw/pci/shpc.c b/hw/pci/shpc.c
index a8462d4..96a43d2 100644
--- a/hw/pci/shpc.c
+++ b/hw/pci/shpc.c
@@ -688,8 +688,8 @@ void shpc_cap_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int l)
     shpc_cap_update_dword(d);
 }
 
-static int shpc_save(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                     QJSON *vmdesc)
+static int shpc_save(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field, QJSON *vmdesc)
 {
     PCIDevice *d = container_of(pv, PCIDevice, shpc);
     qemu_put_buffer(f, d->shpc->config, SHPC_SIZEOF(d));
@@ -697,7 +697,8 @@ static int shpc_save(QEMUFile *f, void *pv, size_t size, VMStateField *field,
     return 0;
 }
 
-static int shpc_load(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int shpc_load(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field)
 {
     PCIDevice *d = container_of(pv, PCIDevice, shpc);
     int ret = qemu_get_buffer(f, d->shpc->config, SHPC_SIZEOF(d));
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index 5905f6b..97cd167 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -1571,7 +1571,7 @@ SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int id, int lun)
 /* SCSI request list.  For simplicity, pv points to the whole device */
 
 static int put_scsi_requests(QEMUFile *f, void *pv, size_t size,
-                             VMStateField *field, QJSON *vmdesc)
+                             const VMStateField *field, QJSON *vmdesc)
 {
     SCSIDevice *s = pv;
     SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus);
@@ -1599,7 +1599,7 @@ static int put_scsi_requests(QEMUFile *f, void *pv, size_t size,
 }
 
 static int get_scsi_requests(QEMUFile *f, void *pv, size_t size,
-                             VMStateField *field)
+                             const VMStateField *field)
 {
     SCSIDevice *s = pv;
     SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus);
diff --git a/hw/timer/twl92230.c b/hw/timer/twl92230.c
index 3b43b46..51ec355 100644
--- a/hw/timer/twl92230.c
+++ b/hw/timer/twl92230.c
@@ -750,7 +750,7 @@ static int menelaus_rx(I2CSlave *i2c)
  */
 
 static int get_int32_as_uint16(QEMUFile *f, void *pv, size_t size,
-                               VMStateField *field)
+                               const VMStateField *field)
 {
     int *v = pv;
     *v = qemu_get_be16(f);
@@ -758,7 +758,7 @@ static int get_int32_as_uint16(QEMUFile *f, void *pv, size_t size,
 }
 
 static int put_int32_as_uint16(QEMUFile *f, void *pv, size_t size,
-                               VMStateField *field, QJSON *vmdesc)
+                               const VMStateField *field, QJSON *vmdesc)
 {
     int *v = pv;
     qemu_put_be16(f, *v);
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 99094a7..18a42d1 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -2155,7 +2155,7 @@ static int usbredir_post_load(void *priv, int version_id)
 
 /* For usbredirparser migration */
 static int usbredir_put_parser(QEMUFile *f, void *priv, size_t unused,
-                               VMStateField *field, QJSON *vmdesc)
+                               const VMStateField *field, QJSON *vmdesc)
 {
     USBRedirDevice *dev = priv;
     uint8_t *data;
@@ -2178,7 +2178,7 @@ static int usbredir_put_parser(QEMUFile *f, void *priv, size_t unused,
 }
 
 static int usbredir_get_parser(QEMUFile *f, void *priv, size_t unused,
-                               VMStateField *field)
+                               const VMStateField *field)
 {
     USBRedirDevice *dev = priv;
     uint8_t *data;
@@ -2222,7 +2222,7 @@ static const VMStateInfo usbredir_parser_vmstate_info = {
 
 /* For buffered packets (iso/irq) queue migration */
 static int usbredir_put_bufpq(QEMUFile *f, void *priv, size_t unused,
-                              VMStateField *field, QJSON *vmdesc)
+                              const VMStateField *field, QJSON *vmdesc)
 {
     struct endp_data *endp = priv;
     USBRedirDevice *dev = endp->dev;
@@ -2245,7 +2245,7 @@ static int usbredir_put_bufpq(QEMUFile *f, void *priv, size_t unused,
 }
 
 static int usbredir_get_bufpq(QEMUFile *f, void *priv, size_t unused,
-                              VMStateField *field)
+                              const VMStateField *field)
 {
     struct endp_data *endp = priv;
     USBRedirDevice *dev = endp->dev;
@@ -2349,7 +2349,7 @@ static const VMStateDescription usbredir_ep_vmstate = {
 
 /* For PacketIdQueue migration */
 static int usbredir_put_packet_id_q(QEMUFile *f, void *priv, size_t unused,
-                                    VMStateField *field, QJSON *vmdesc)
+                                    const VMStateField *field, QJSON *vmdesc)
 {
     struct PacketIdQueue *q = priv;
     USBRedirDevice *dev = q->dev;
@@ -2368,7 +2368,7 @@ static int usbredir_put_packet_id_q(QEMUFile *f, void *priv, size_t unused,
 }
 
 static int usbredir_get_packet_id_q(QEMUFile *f, void *priv, size_t unused,
-                                    VMStateField *field)
+                                    const VMStateField *field)
 {
     struct PacketIdQueue *q = priv;
     USBRedirDevice *dev = q->dev;
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 4136d23..5828ed1 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -1816,7 +1816,7 @@ static const VMStateDescription vmstate_virtio_ringsize = {
 };
 
 static int get_extra_state(QEMUFile *f, void *pv, size_t size,
-                           VMStateField *field)
+                           const VMStateField *field)
 {
     VirtIODevice *vdev = pv;
     BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
@@ -1830,7 +1830,7 @@ static int get_extra_state(QEMUFile *f, void *pv, size_t size,
 }
 
 static int put_extra_state(QEMUFile *f, void *pv, size_t size,
-                           VMStateField *field, QJSON *vmdesc)
+                           const VMStateField *field, QJSON *vmdesc)
 {
     VirtIODevice *vdev = pv;
     BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
@@ -1979,14 +1979,14 @@ int virtio_save(VirtIODevice *vdev, QEMUFile *f)
 
 /* A wrapper for use as a VMState .put function */
 static int virtio_device_put(QEMUFile *f, void *opaque, size_t size,
-                              VMStateField *field, QJSON *vmdesc)
+                              const VMStateField *field, QJSON *vmdesc)
 {
     return virtio_save(VIRTIO_DEVICE(opaque), f);
 }
 
 /* A wrapper for use as a VMState .get function */
 static int virtio_device_get(QEMUFile *f, void *opaque, size_t size,
-                             VMStateField *field)
+                             const VMStateField *field)
 {
     VirtIODevice *vdev = VIRTIO_DEVICE(opaque);
     DeviceClass *dc = DEVICE_CLASS(VIRTIO_DEVICE_GET_CLASS(vdev));
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 2b501d0..61bef3e 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -40,8 +40,8 @@ typedef struct VMStateField VMStateField;
  */
 struct VMStateInfo {
     const char *name;
-    int (*get)(QEMUFile *f, void *pv, size_t size, VMStateField *field);
-    int (*put)(QEMUFile *f, void *pv, size_t size, VMStateField *field,
+    int (*get)(QEMUFile *f, void *pv, size_t size, const VMStateField *field);
+    int (*put)(QEMUFile *f, void *pv, size_t size, const VMStateField *field,
                QJSON *vmdesc);
 };
 
@@ -186,7 +186,7 @@ struct VMStateDescription {
     int (*post_load)(void *opaque, int version_id);
     int (*pre_save)(void *opaque);
     bool (*needed)(void *opaque);
-    VMStateField *fields;
+    const VMStateField *fields;
     const VMStateDescription **subsections;
 };
 
diff --git a/migration/savevm.c b/migration/savevm.c
index 1c49776..9e45fb4 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -263,15 +263,16 @@ void timer_get(QEMUFile *f, QEMUTimer *ts)
  * Not in vmstate.c to not add qemu-timer.c as dependency to vmstate.c
  */
 
-static int get_timer(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_timer(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field)
 {
     QEMUTimer *v = pv;
     timer_get(f, v);
     return 0;
 }
 
-static int put_timer(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                     QJSON *vmdesc)
+static int put_timer(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field, QJSON *vmdesc)
 {
     QEMUTimer *v = pv;
     timer_put(f, v);
diff --git a/migration/vmstate-types.c b/migration/vmstate-types.c
index 48184c3..6f75f97 100644
--- a/migration/vmstate-types.c
+++ b/migration/vmstate-types.c
@@ -22,15 +22,16 @@
 
 /* bool */
 
-static int get_bool(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_bool(QEMUFile *f, void *pv, size_t size,
+                    const VMStateField *field)
 {
     bool *v = pv;
     *v = qemu_get_byte(f);
     return 0;
 }
 
-static int put_bool(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                    QJSON *vmdesc)
+static int put_bool(QEMUFile *f, void *pv, size_t size,
+                    const VMStateField *field, QJSON *vmdesc)
 {
     bool *v = pv;
     qemu_put_byte(f, *v);
@@ -45,15 +46,16 @@ const VMStateInfo vmstate_info_bool = {
 
 /* 8 bit int */
 
-static int get_int8(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_int8(QEMUFile *f, void *pv, size_t size,
+                    const VMStateField *field)
 {
     int8_t *v = pv;
     qemu_get_s8s(f, v);
     return 0;
 }
 
-static int put_int8(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                     QJSON *vmdesc)
+static int put_int8(QEMUFile *f, void *pv, size_t size,
+                    const VMStateField *field, QJSON *vmdesc)
 {
     int8_t *v = pv;
     qemu_put_s8s(f, v);
@@ -68,15 +70,16 @@ const VMStateInfo vmstate_info_int8 = {
 
 /* 16 bit int */
 
-static int get_int16(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_int16(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field)
 {
     int16_t *v = pv;
     qemu_get_sbe16s(f, v);
     return 0;
 }
 
-static int put_int16(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                     QJSON *vmdesc)
+static int put_int16(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field, QJSON *vmdesc)
 {
     int16_t *v = pv;
     qemu_put_sbe16s(f, v);
@@ -91,15 +94,16 @@ const VMStateInfo vmstate_info_int16 = {
 
 /* 32 bit int */
 
-static int get_int32(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_int32(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field)
 {
     int32_t *v = pv;
     qemu_get_sbe32s(f, v);
     return 0;
 }
 
-static int put_int32(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                     QJSON *vmdesc)
+static int put_int32(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field, QJSON *vmdesc)
 {
     int32_t *v = pv;
     qemu_put_sbe32s(f, v);
@@ -116,7 +120,7 @@ const VMStateInfo vmstate_info_int32 = {
    in the field */
 
 static int get_int32_equal(QEMUFile *f, void *pv, size_t size,
-                           VMStateField *field)
+                           const VMStateField *field)
 {
     int32_t *v = pv;
     int32_t v2;
@@ -142,7 +146,8 @@ const VMStateInfo vmstate_info_int32_equal = {
  * and less than or equal to the one in the field.
  */
 
-static int get_int32_le(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_int32_le(QEMUFile *f, void *pv, size_t size,
+                        const VMStateField *field)
 {
     int32_t *cur = pv;
     int32_t loaded;
@@ -166,15 +171,16 @@ const VMStateInfo vmstate_info_int32_le = {
 
 /* 64 bit int */
 
-static int get_int64(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_int64(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field)
 {
     int64_t *v = pv;
     qemu_get_sbe64s(f, v);
     return 0;
 }
 
-static int put_int64(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                      QJSON *vmdesc)
+static int put_int64(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field, QJSON *vmdesc)
 {
     int64_t *v = pv;
     qemu_put_sbe64s(f, v);
@@ -189,15 +195,16 @@ const VMStateInfo vmstate_info_int64 = {
 
 /* 8 bit unsigned int */
 
-static int get_uint8(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_uint8(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field)
 {
     uint8_t *v = pv;
     qemu_get_8s(f, v);
     return 0;
 }
 
-static int put_uint8(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                     QJSON *vmdesc)
+static int put_uint8(QEMUFile *f, void *pv, size_t size,
+                     const VMStateField *field, QJSON *vmdesc)
 {
     uint8_t *v = pv;
     qemu_put_8s(f, v);
@@ -212,15 +219,16 @@ const VMStateInfo vmstate_info_uint8 = {
 
 /* 16 bit unsigned int */
 
-static int get_uint16(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_uint16(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field)
 {
     uint16_t *v = pv;
     qemu_get_be16s(f, v);
     return 0;
 }
 
-static int put_uint16(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                      QJSON *vmdesc)
+static int put_uint16(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field, QJSON *vmdesc)
 {
     uint16_t *v = pv;
     qemu_put_be16s(f, v);
@@ -235,15 +243,16 @@ const VMStateInfo vmstate_info_uint16 = {
 
 /* 32 bit unsigned int */
 
-static int get_uint32(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_uint32(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field)
 {
     uint32_t *v = pv;
     qemu_get_be32s(f, v);
     return 0;
 }
 
-static int put_uint32(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                      QJSON *vmdesc)
+static int put_uint32(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field, QJSON *vmdesc)
 {
     uint32_t *v = pv;
     qemu_put_be32s(f, v);
@@ -260,7 +269,7 @@ const VMStateInfo vmstate_info_uint32 = {
    in the field */
 
 static int get_uint32_equal(QEMUFile *f, void *pv, size_t size,
-                            VMStateField *field)
+                            const VMStateField *field)
 {
     uint32_t *v = pv;
     uint32_t v2;
@@ -284,15 +293,16 @@ const VMStateInfo vmstate_info_uint32_equal = {
 
 /* 64 bit unsigned int */
 
-static int get_uint64(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_uint64(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field)
 {
     uint64_t *v = pv;
     qemu_get_be64s(f, v);
     return 0;
 }
 
-static int put_uint64(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                      QJSON *vmdesc)
+static int put_uint64(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field, QJSON *vmdesc)
 {
     uint64_t *v = pv;
     qemu_put_be64s(f, v);
@@ -305,7 +315,8 @@ const VMStateInfo vmstate_info_uint64 = {
     .put  = put_uint64,
 };
 
-static int get_nullptr(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_nullptr(QEMUFile *f, void *pv, size_t size,
+                       const VMStateField *field)
 
 {
     if (qemu_get_byte(f) == VMS_NULLPTR_MARKER) {
@@ -316,7 +327,7 @@ static int get_nullptr(QEMUFile *f, void *pv, size_t size, VMStateField *field)
 }
 
 static int put_nullptr(QEMUFile *f, void *pv, size_t size,
-                        VMStateField *field, QJSON *vmdesc)
+                        const VMStateField *field, QJSON *vmdesc)
 
 {
     if (pv == NULL) {
@@ -337,7 +348,7 @@ const VMStateInfo vmstate_info_nullptr = {
    in the field */
 
 static int get_uint64_equal(QEMUFile *f, void *pv, size_t size,
-                            VMStateField *field)
+                            const VMStateField *field)
 {
     uint64_t *v = pv;
     uint64_t v2;
@@ -363,7 +374,7 @@ const VMStateInfo vmstate_info_uint64_equal = {
    in the field */
 
 static int get_uint8_equal(QEMUFile *f, void *pv, size_t size,
-                           VMStateField *field)
+                           const VMStateField *field)
 {
     uint8_t *v = pv;
     uint8_t v2;
@@ -389,7 +400,7 @@ const VMStateInfo vmstate_info_uint8_equal = {
    in the field */
 
 static int get_uint16_equal(QEMUFile *f, void *pv, size_t size,
-                            VMStateField *field)
+                            const VMStateField *field)
 {
     uint16_t *v = pv;
     uint16_t v2;
@@ -414,7 +425,7 @@ const VMStateInfo vmstate_info_uint16_equal = {
 /* floating point */
 
 static int get_float64(QEMUFile *f, void *pv, size_t size,
-                       VMStateField *field)
+                       const VMStateField *field)
 {
     float64 *v = pv;
 
@@ -422,8 +433,8 @@ static int get_float64(QEMUFile *f, void *pv, size_t size,
     return 0;
 }
 
-static int put_float64(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                       QJSON *vmdesc)
+static int put_float64(QEMUFile *f, void *pv, size_t size,
+                       const VMStateField *field, QJSON *vmdesc)
 {
     uint64_t *v = pv;
 
@@ -440,7 +451,7 @@ const VMStateInfo vmstate_info_float64 = {
 /* CPU_DoubleU type */
 
 static int get_cpudouble(QEMUFile *f, void *pv, size_t size,
-                         VMStateField *field)
+                         const VMStateField *field)
 {
     CPU_DoubleU *v = pv;
     qemu_get_be32s(f, &v->l.upper);
@@ -449,7 +460,7 @@ static int get_cpudouble(QEMUFile *f, void *pv, size_t size,
 }
 
 static int put_cpudouble(QEMUFile *f, void *pv, size_t size,
-                         VMStateField *field, QJSON *vmdesc)
+                         const VMStateField *field, QJSON *vmdesc)
 {
     CPU_DoubleU *v = pv;
     qemu_put_be32s(f, &v->l.upper);
@@ -466,15 +477,15 @@ const VMStateInfo vmstate_info_cpudouble = {
 /* uint8_t buffers */
 
 static int get_buffer(QEMUFile *f, void *pv, size_t size,
-                      VMStateField *field)
+                      const VMStateField *field)
 {
     uint8_t *v = pv;
     qemu_get_buffer(f, v, size);
     return 0;
 }
 
-static int put_buffer(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                      QJSON *vmdesc)
+static int put_buffer(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field, QJSON *vmdesc)
 {
     uint8_t *v = pv;
     qemu_put_buffer(f, v, size);
@@ -491,7 +502,7 @@ const VMStateInfo vmstate_info_buffer = {
    not useful anymore */
 
 static int get_unused_buffer(QEMUFile *f, void *pv, size_t size,
-                             VMStateField *field)
+                             const VMStateField *field)
 {
     uint8_t buf[1024];
     int block_len;
@@ -505,7 +516,7 @@ static int get_unused_buffer(QEMUFile *f, void *pv, size_t size,
 }
 
 static int put_unused_buffer(QEMUFile *f, void *pv, size_t size,
-                             VMStateField *field, QJSON *vmdesc)
+                             const VMStateField *field, QJSON *vmdesc)
 {
     static const uint8_t buf[1024];
     int block_len;
@@ -531,7 +542,8 @@ const VMStateInfo vmstate_info_unused_buffer = {
  * in fields that don't really exist in the parent but need to be in the
  * stream.
  */
-static int get_tmp(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_tmp(QEMUFile *f, void *pv, size_t size,
+                   const VMStateField *field)
 {
     int ret;
     const VMStateDescription *vmsd = field->vmsd;
@@ -545,8 +557,8 @@ static int get_tmp(QEMUFile *f, void *pv, size_t size, VMStateField *field)
     return ret;
 }
 
-static int put_tmp(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                    QJSON *vmdesc)
+static int put_tmp(QEMUFile *f, void *pv, size_t size,
+                   const VMStateField *field, QJSON *vmdesc)
 {
     const VMStateDescription *vmsd = field->vmsd;
     void *tmp = g_malloc(size);
@@ -573,7 +585,8 @@ const VMStateInfo vmstate_info_tmp = {
  */
 /* This is the number of 64 bit words sent over the wire */
 #define BITS_TO_U64S(nr) DIV_ROUND_UP(nr, 64)
-static int get_bitmap(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_bitmap(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field)
 {
     unsigned long *bmp = pv;
     int i, idx = 0;
@@ -587,8 +600,8 @@ static int get_bitmap(QEMUFile *f, void *pv, size_t size, VMStateField *field)
     return 0;
 }
 
-static int put_bitmap(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                      QJSON *vmdesc)
+static int put_bitmap(QEMUFile *f, void *pv, size_t size,
+                      const VMStateField *field, QJSON *vmdesc)
 {
     unsigned long *bmp = pv;
     int i, idx = 0;
@@ -613,7 +626,7 @@ const VMStateInfo vmstate_info_bitmap = {
  * meta data about the QTAILQ is encoded in a VMStateField structure
  */
 static int get_qtailq(QEMUFile *f, void *pv, size_t unused_size,
-                      VMStateField *field)
+                      const VMStateField *field)
 {
     int ret = 0;
     const VMStateDescription *vmsd = field->vmsd;
@@ -652,7 +665,7 @@ static int get_qtailq(QEMUFile *f, void *pv, size_t unused_size,
 
 /* put for QTAILQ */
 static int put_qtailq(QEMUFile *f, void *pv, size_t unused_size,
-                      VMStateField *field, QJSON *vmdesc)
+                      const VMStateField *field, QJSON *vmdesc)
 {
     const VMStateDescription *vmsd = field->vmsd;
     /* offset of the QTAILQ entry in a QTAILQ element*/
diff --git a/migration/vmstate.c b/migration/vmstate.c
index 0bc240a..80b5900 100644
--- a/migration/vmstate.c
+++ b/migration/vmstate.c
@@ -26,7 +26,7 @@ static int vmstate_subsection_save(QEMUFile *f, const VMStateDescription *vmsd,
 static int vmstate_subsection_load(QEMUFile *f, const VMStateDescription *vmsd,
                                    void *opaque);
 
-static int vmstate_n_elems(void *opaque, VMStateField *field)
+static int vmstate_n_elems(void *opaque, const VMStateField *field)
 {
     int n_elems = 1;
 
@@ -50,7 +50,7 @@ static int vmstate_n_elems(void *opaque, VMStateField *field)
     return n_elems;
 }
 
-static int vmstate_size(void *opaque, VMStateField *field)
+static int vmstate_size(void *opaque, const VMStateField *field)
 {
     int size = field->size;
 
@@ -64,7 +64,8 @@ static int vmstate_size(void *opaque, VMStateField *field)
     return size;
 }
 
-static void vmstate_handle_alloc(void *ptr, VMStateField *field, void *opaque)
+static void vmstate_handle_alloc(void *ptr, const VMStateField *field,
+                                 void *opaque)
 {
     if (field->flags & VMS_POINTER && field->flags & VMS_ALLOC) {
         gsize size = vmstate_size(opaque, field);
@@ -78,7 +79,7 @@ static void vmstate_handle_alloc(void *ptr, VMStateField *field, void *opaque)
 int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
                        void *opaque, int version_id)
 {
-    VMStateField *field = vmsd->fields;
+    const VMStateField *field = vmsd->fields;
     int ret = 0;
 
     trace_vmstate_load_state(vmsd->name, version_id);
@@ -171,9 +172,10 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
     return ret;
 }
 
-static int vmfield_name_num(VMStateField *start, VMStateField *search)
+static int vmfield_name_num(const VMStateField *start,
+                            const VMStateField *search)
 {
-    VMStateField *field;
+    const VMStateField *field;
     int found = 0;
 
     for (field = start; field->name; field++) {
@@ -188,9 +190,10 @@ static int vmfield_name_num(VMStateField *start, VMStateField *search)
     return -1;
 }
 
-static bool vmfield_name_is_unique(VMStateField *start, VMStateField *search)
+static bool vmfield_name_is_unique(const VMStateField *start,
+                                   const VMStateField *search)
 {
-    VMStateField *field;
+    const VMStateField *field;
     int found = 0;
 
     for (field = start; field->name; field++) {
@@ -206,7 +209,7 @@ static bool vmfield_name_is_unique(VMStateField *start, VMStateField *search)
     return true;
 }
 
-static const char *vmfield_get_type_name(VMStateField *field)
+static const char *vmfield_get_type_name(const VMStateField *field)
 {
     const char *type = "unknown";
 
@@ -221,7 +224,7 @@ static const char *vmfield_get_type_name(VMStateField *field)
     return type;
 }
 
-static bool vmsd_can_compress(VMStateField *field)
+static bool vmsd_can_compress(const VMStateField *field)
 {
     if (field->field_exists) {
         /* Dynamically existing fields mess up compression */
@@ -229,7 +232,7 @@ static bool vmsd_can_compress(VMStateField *field)
     }
 
     if (field->flags & VMS_STRUCT) {
-        VMStateField *sfield = field->vmsd->fields;
+        const VMStateField *sfield = field->vmsd->fields;
         while (sfield->name) {
             if (!vmsd_can_compress(sfield)) {
                 /* Child elements can't compress, so can't we */
@@ -248,7 +251,7 @@ static bool vmsd_can_compress(VMStateField *field)
 }
 
 static void vmsd_desc_field_start(const VMStateDescription *vmsd, QJSON *vmdesc,
-                                  VMStateField *field, int i, int max)
+                                  const VMStateField *field, int i, int max)
 {
     char *name, *old_name;
     bool is_array = max > 1;
@@ -287,7 +290,7 @@ static void vmsd_desc_field_start(const VMStateDescription *vmsd, QJSON *vmdesc,
 }
 
 static void vmsd_desc_field_end(const VMStateDescription *vmsd, QJSON *vmdesc,
-                                VMStateField *field, size_t size, int i)
+                                const VMStateField *field, size_t size, int i)
 {
     if (!vmdesc) {
         return;
@@ -323,7 +326,7 @@ int vmstate_save_state_v(QEMUFile *f, const VMStateDescription *vmsd,
                          void *opaque, QJSON *vmdesc, int version_id)
 {
     int ret = 0;
-    VMStateField *field = vmsd->fields;
+    const VMStateField *field = vmsd->fields;
 
     trace_vmstate_save_state_top(vmsd->name);
 
diff --git a/target/alpha/machine.c b/target/alpha/machine.c
index 0914ba5..abc81ce 100644
--- a/target/alpha/machine.c
+++ b/target/alpha/machine.c
@@ -5,7 +5,8 @@
 #include "hw/boards.h"
 #include "migration/cpu.h"
 
-static int get_fpcr(QEMUFile *f, void *opaque, size_t size, VMStateField *field)
+static int get_fpcr(QEMUFile *f, void *opaque, size_t size,
+                    const VMStateField *field)
 {
     CPUAlphaState *env = opaque;
     cpu_alpha_store_fpcr(env, qemu_get_be64(f));
@@ -13,7 +14,7 @@ static int get_fpcr(QEMUFile *f, void *opaque, size_t size, VMStateField *field)
 }
 
 static int put_fpcr(QEMUFile *f, void *opaque, size_t size,
-                    VMStateField *field, QJSON *vmdesc)
+                    const VMStateField *field, QJSON *vmdesc)
 {
     CPUAlphaState *env = opaque;
     qemu_put_be64(f, cpu_alpha_load_fpcr(env));
diff --git a/target/arm/machine.c b/target/arm/machine.c
index 2033816..7a22ebc 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -18,7 +18,7 @@ static bool vfp_needed(void *opaque)
 }
 
 static int get_fpscr(QEMUFile *f, void *opaque, size_t size,
-                     VMStateField *field)
+                     const VMStateField *field)
 {
     ARMCPU *cpu = opaque;
     CPUARMState *env = &cpu->env;
@@ -29,7 +29,7 @@ static int get_fpscr(QEMUFile *f, void *opaque, size_t size,
 }
 
 static int put_fpscr(QEMUFile *f, void *opaque, size_t size,
-                     VMStateField *field, QJSON *vmdesc)
+                     const VMStateField *field, QJSON *vmdesc)
 {
     ARMCPU *cpu = opaque;
     CPUARMState *env = &cpu->env;
@@ -503,7 +503,7 @@ static const VMStateDescription vmstate_m_security = {
 };
 
 static int get_cpsr(QEMUFile *f, void *opaque, size_t size,
-                    VMStateField *field)
+                    const VMStateField *field)
 {
     ARMCPU *cpu = opaque;
     CPUARMState *env = &cpu->env;
@@ -559,7 +559,7 @@ static int get_cpsr(QEMUFile *f, void *opaque, size_t size,
 }
 
 static int put_cpsr(QEMUFile *f, void *opaque, size_t size,
-                    VMStateField *field, QJSON *vmdesc)
+                    const VMStateField *field, QJSON *vmdesc)
 {
     ARMCPU *cpu = opaque;
     CPUARMState *env = &cpu->env;
@@ -585,7 +585,7 @@ static const VMStateInfo vmstate_cpsr = {
 };
 
 static int get_power(QEMUFile *f, void *opaque, size_t size,
-                    VMStateField *field)
+                    const VMStateField *field)
 {
     ARMCPU *cpu = opaque;
     bool powered_off = qemu_get_byte(f);
@@ -594,7 +594,7 @@ static int get_power(QEMUFile *f, void *opaque, size_t size,
 }
 
 static int put_power(QEMUFile *f, void *opaque, size_t size,
-                    VMStateField *field, QJSON *vmdesc)
+                    const VMStateField *field, QJSON *vmdesc)
 {
     ARMCPU *cpu = opaque;
 
diff --git a/target/hppa/machine.c b/target/hppa/machine.c
index 8e07778..a1bee97 100644
--- a/target/hppa/machine.c
+++ b/target/hppa/machine.c
@@ -46,7 +46,8 @@
     VMSTATE_UINTTR_ARRAY_V(_f, _s, _n, 0)
 
 
-static int get_psw(QEMUFile *f, void *opaque, size_t size, VMStateField *field)
+static int get_psw(QEMUFile *f, void *opaque, size_t size,
+                   const VMStateField *field)
 {
     CPUHPPAState *env = opaque;
     cpu_hppa_put_psw(env, qemu_get_betr(f));
@@ -54,7 +55,7 @@ static int get_psw(QEMUFile *f, void *opaque, size_t size, VMStateField *field)
 }
 
 static int put_psw(QEMUFile *f, void *opaque, size_t size,
-                   VMStateField *field, QJSON *vmdesc)
+                   const VMStateField *field, QJSON *vmdesc)
 {
     CPUHPPAState *env = opaque;
     qemu_put_betr(f, cpu_hppa_get_psw(env));
@@ -68,7 +69,8 @@ static const VMStateInfo vmstate_psw = {
 };
 
 /* FIXME: Use the PA2.0 format, which is a superset of the PA1.1 format.  */
-static int get_tlb(QEMUFile *f, void *opaque, size_t size, VMStateField *field)
+static int get_tlb(QEMUFile *f, void *opaque, size_t size,
+                   const VMStateField *field)
 {
     hppa_tlb_entry *ent = opaque;
     uint32_t val;
@@ -94,7 +96,7 @@ static int get_tlb(QEMUFile *f, void *opaque, size_t size, VMStateField *field)
 }
 
 static int put_tlb(QEMUFile *f, void *opaque, size_t size,
-                   VMStateField *field, QJSON *vmdesc)
+                   const VMStateField *field, QJSON *vmdesc)
 {
     hppa_tlb_entry *ent = opaque;
     uint32_t val = 0;
diff --git a/target/mips/machine.c b/target/mips/machine.c
index 70a8909..704e9c0 100644
--- a/target/mips/machine.c
+++ b/target/mips/machine.c
@@ -20,7 +20,8 @@ static int cpu_post_load(void *opaque, int version_id)
 
 /* FPU state */
 
-static int get_fpr(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_fpr(QEMUFile *f, void *pv, size_t size,
+                   const VMStateField *field)
 {
     int i;
     fpr_t *v = pv;
@@ -31,8 +32,8 @@ static int get_fpr(QEMUFile *f, void *pv, size_t size, VMStateField *field)
     return 0;
 }
 
-static int put_fpr(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                   QJSON *vmdesc)
+static int put_fpr(QEMUFile *f, void *pv, size_t size,
+                   const VMStateField *field, QJSON *vmdesc)
 {
     int i;
     fpr_t *v = pv;
@@ -128,7 +129,8 @@ const VMStateDescription vmstate_mvp = {
 
 /* TLB state */
 
-static int get_tlb(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_tlb(QEMUFile *f, void *pv, size_t size,
+                   const VMStateField *field)
 {
     r4k_tlb_t *v = pv;
     uint16_t flags;
@@ -155,8 +157,8 @@ static int get_tlb(QEMUFile *f, void *pv, size_t size, VMStateField *field)
     return 0;
 }
 
-static int put_tlb(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                   QJSON *vmdesc)
+static int put_tlb(QEMUFile *f, void *pv, size_t size,
+                   const VMStateField *field, QJSON *vmdesc)
 {
     r4k_tlb_t *v = pv;
 
diff --git a/target/openrisc/machine.c b/target/openrisc/machine.c
index 1eedbf3..5d822f7 100644
--- a/target/openrisc/machine.c
+++ b/target/openrisc/machine.c
@@ -49,7 +49,8 @@ static const VMStateDescription vmstate_cpu_tlb = {
     }
 };
 
-static int get_sr(QEMUFile *f, void *opaque, size_t size, VMStateField *field)
+static int get_sr(QEMUFile *f, void *opaque, size_t size,
+                  const VMStateField *field)
 {
     CPUOpenRISCState *env = opaque;
     cpu_set_sr(env, qemu_get_be32(f));
@@ -57,7 +58,7 @@ static int get_sr(QEMUFile *f, void *opaque, size_t size, VMStateField *field)
 }
 
 static int put_sr(QEMUFile *f, void *opaque, size_t size,
-                  VMStateField *field, QJSON *vmdesc)
+                  const VMStateField *field, QJSON *vmdesc)
 {
     CPUOpenRISCState *env = opaque;
     qemu_put_be32(f, cpu_get_sr(env));
diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index b2745ec..e7b3725 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -110,7 +110,8 @@ static int cpu_load_old(QEMUFile *f, void *opaque, int version_id)
     return 0;
 }
 
-static int get_avr(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_avr(QEMUFile *f, void *pv, size_t size,
+                   const VMStateField *field)
 {
     ppc_avr_t *v = pv;
 
@@ -120,8 +121,8 @@ static int get_avr(QEMUFile *f, void *pv, size_t size, VMStateField *field)
     return 0;
 }
 
-static int put_avr(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                   QJSON *vmdesc)
+static int put_avr(QEMUFile *f, void *pv, size_t size,
+                   const VMStateField *field, QJSON *vmdesc)
 {
     ppc_avr_t *v = pv;
 
@@ -452,7 +453,8 @@ static const VMStateDescription vmstate_sr = {
 };
 
 #ifdef TARGET_PPC64
-static int get_slbe(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+static int get_slbe(QEMUFile *f, void *pv, size_t size,
+                    const VMStateField *field)
 {
     ppc_slb_t *v = pv;
 
@@ -462,8 +464,8 @@ static int get_slbe(QEMUFile *f, void *pv, size_t size, VMStateField *field)
     return 0;
 }
 
-static int put_slbe(QEMUFile *f, void *pv, size_t size, VMStateField *field,
-                    QJSON *vmdesc)
+static int put_slbe(QEMUFile *f, void *pv, size_t size,
+                    const VMStateField *field, QJSON *vmdesc)
 {
     ppc_slb_t *v = pv;
 
diff --git a/target/sparc/machine.c b/target/sparc/machine.c
index 8ff9dea..7791c84 100644
--- a/target/sparc/machine.c
+++ b/target/sparc/machine.c
@@ -56,7 +56,8 @@ static const VMStateDescription vmstate_tlb_entry = {
 };
 #endif
 
-static int get_psr(QEMUFile *f, void *opaque, size_t size, VMStateField *field)
+static int get_psr(QEMUFile *f, void *opaque, size_t size,
+                   const VMStateField *field)
 {
     SPARCCPU *cpu = opaque;
     CPUSPARCState *env = &cpu->env;
@@ -69,8 +70,8 @@ static int get_psr(QEMUFile *f, void *opaque, size_t size, VMStateField *field)
     return 0;
 }
 
-static int put_psr(QEMUFile *f, void *opaque, size_t size, VMStateField *field,
-                   QJSON *vmdesc)
+static int put_psr(QEMUFile *f, void *opaque, size_t size,
+                   const VMStateField *field, QJSON *vmdesc)
 {
     SPARCCPU *cpu = opaque;
     CPUSPARCState *env = &cpu->env;
-- 
1.8.3.1

[Qemu-devel] [PULL 06/15] vl: Improve error message when we can't load fw_cfg from file

[Paolo Bonzini]

From: Li Qiang <liq3ea@gmail.com>

parse_fw_cfg() reports "can't load" without further details.  Get
the details from g_file_get_contents(), and include them in the
error message.

Signed-off-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <1541051971-28584-1-git-send-email-liq3ea@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 vl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/vl.c b/vl.c
index d6fd95c..611d887 100644
--- a/vl.c
+++ b/vl.c
@@ -2250,8 +2250,10 @@ static int parse_fw_cfg(void *opaque, QemuOpts *opts, Error **errp)
         size = strlen(str); /* NUL terminator NOT included in fw_cfg blob */
         buf = g_memdup(str, size);
     } else {
-        if (!g_file_get_contents(file, &buf, &size, NULL)) {
-            error_setg(errp, "can't load %s", file);
+        GError *err = NULL;
+        if (!g_file_get_contents(file, &buf, &size, &err)) {
+            error_setg(errp, "can't load %s: %s", file, err->message);
+            g_error_free(err);
             return -1;
         }
     }
-- 
1.8.3.1

[Qemu-devel] [PULL 07/15] vhost-user-bridge: fix recvmsg iovlen

[Paolo Bonzini]

From: Marc-André Lureau <marcandre.lureau@redhat.com>

After iov_discard_front(), the iov may be smaller than its initial
size. Fixes the heap-buffer-overflow spotted by ASAN:

==9036==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6060000001e0 at pc 0x7fe632eca3f0 bp 0x7ffddc4a05a0 sp 0x7ffddc49fd48
WRITE of size 32 at 0x6060000001e0 thread T0
    #0 0x7fe632eca3ef  (/lib64/libasan.so.5+0x773ef)
    #1 0x7fe632ecad23 in __interceptor_recvmsg (/lib64/libasan.so.5+0x77d23)
    #2 0x561e7491936b in vubr_backend_recv_cb /home/elmarco/src/qemu/tests/vhost-user-bridge.c:333
    #3 0x561e74917711 in dispatcher_wait /home/elmarco/src/qemu/tests/vhost-user-bridge.c:160
    #4 0x561e7491c3b5 in vubr_run /home/elmarco/src/qemu/tests/vhost-user-bridge.c:725
    #5 0x561e7491c85c in main /home/elmarco/src/qemu/tests/vhost-user-bridge.c:806
    #6 0x7fe631a6c412 in __libc_start_main (/lib64/libc.so.6+0x24412)
    #7 0x561e7491667d in _start (/home/elmarco/src/qemu/build/tests/vhost-user-bridge+0x3967d)

0x6060000001e0 is located 0 bytes to the right of 64-byte region [0x6060000001a0,0x6060000001e0)
allocated by thread T0 here:
    #0 0x7fe632f42848 in __interceptor_malloc (/lib64/libasan.so.5+0xef848)
    #1 0x561e7493acd8 in virtqueue_alloc_element /home/elmarco/src/qemu/contrib/libvhost-user/libvhost-user.c:1848
    #2 0x561e7493c2a8 in vu_queue_pop /home/elmarco/src/qemu/contrib/libvhost-user/libvhost-user.c:1954
    #3 0x561e749189bf in vubr_backend_recv_cb /home/elmarco/src/qemu/tests/vhost-user-bridge.c:297
    #4 0x561e74917711 in dispatcher_wait /home/elmarco/src/qemu/tests/vhost-user-bridge.c:160
    #5 0x561e7491c3b5 in vubr_run /home/elmarco/src/qemu/tests/vhost-user-bridge.c:725
    #6 0x561e7491c85c in main /home/elmarco/src/qemu/tests/vhost-user-bridge.c:806
    #7 0x7fe631a6c412 in __libc_start_main (/lib64/libc.so.6+0x24412)

SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.5+0x773ef)
Shadow bytes around the buggy address:
  0x0c0c7fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c0c7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c0c7fff8000: fa fa fa fa 00 00 00 00 00 00 05 fa fa fa fa fa
  0x0c0c7fff8010: 00 00 00 00 00 00 00 00 fa fa fa fa fd fd fd fd
  0x0c0c7fff8020: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c0c7fff8030: fa fa fa fa 00 00 00 00 00 00 00 00[fa]fa fa fa
  0x0c0c7fff8040: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
  0x0c0c7fff8050: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0c7fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c7fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c7fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20181109173028.3372-1-marcandre.lureau@redhat.com>
Signed-off-by: Paolo BOnzini <pbonzini@redhat.com>
---
 tests/vhost-user-bridge.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/vhost-user-bridge.c b/tests/vhost-user-bridge.c
index 0884294..0cf8d0b 100644
--- a/tests/vhost-user-bridge.c
+++ b/tests/vhost-user-bridge.c
@@ -323,7 +323,7 @@ vubr_backend_recv_cb(int sock, void *ctx)
             .msg_name = (struct sockaddr *) &vubr->backend_udp_dest,
             .msg_namelen = sizeof(struct sockaddr_in),
             .msg_iov = sg,
-            .msg_iovlen = elem->in_num,
+            .msg_iovlen = num,
             .msg_flags = MSG_DONTWAIT,
         };
         do {
-- 
1.8.3.1

[Qemu-devel] [PULL 08/15] vl.c: remove outdated comment

[Paolo Bonzini]

From: Li Qiang <liq3ea@gmail.com>

Cc: qemu-trivial@nongnu.org

Signed-off-by: Li Qiang <liq3ea@gmail.com>
Message-Id: <1542276385-7638-1-git-send-email-liq3ea@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 vl.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/vl.c b/vl.c
index 611d887..a5ae5f2 100644
--- a/vl.c
+++ b/vl.c
@@ -1523,9 +1523,6 @@ static int machine_help_func(QemuOpts *opts, MachineState *machine)
     return 1;
 }
 
-/***********************************************************/
-/* main execution loop */
-
 struct vm_change_state_entry {
     VMChangeStateHandler *cb;
     void *opaque;
-- 
1.8.3.1

[Qemu-devel] [PULL 09/15] checkpatch: g_test_message does not need a trailing newline

[Paolo Bonzini]

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 scripts/checkpatch.pl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 06ec14e..60f6f89 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -2752,7 +2752,8 @@ sub process {
 				info_vreport|
 				error_report|
 				warn_report|
-				info_report}x;
+				info_report|
+				g_test_message}x;
 
 	if ($rawline =~ /\b(?:$qemu_error_funcs)\s*\(.*\".*\\n/) {
 		ERROR("Error messages should not contain newlines\n" . $herecurr);
-- 
1.8.3.1

[Qemu-devel] [PULL 10/15] target/i386: Generate #UD when applying LOCK to a register destination

[Paolo Bonzini]

From: Richard Henderson <richard.henderson@linaro.org>

Fixes a TCG crash due to attempting the atomic operation without
having set up the address first.  This does not attempt to fix
all of the other missing checks for LOCK.

Fixes: a7cee522f35
Fixes: https://bugs.launchpad.net/qemu/+bug/1803160
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20181113193510.24862-1-richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/translate.c | 35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/target/i386/translate.c b/target/i386/translate.c
index f8bc768..0dd5fbe 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -1268,10 +1268,30 @@ static void gen_helper_fp_arith_STN_ST0(int op, int opreg)
     }
 }
 
+static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip)
+{
+    gen_update_cc_op(s);
+    gen_jmp_im(s, cur_eip);
+    gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
+    s->base.is_jmp = DISAS_NORETURN;
+}
+
+/* Generate #UD for the current instruction.  The assumption here is that
+   the instruction is known, but it isn't allowed in the current cpu mode.  */
+static void gen_illegal_opcode(DisasContext *s)
+{
+    gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base);
+}
+
 /* if d == OR_TMP0, it means memory operand (address in A0) */
 static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d)
 {
     if (d != OR_TMP0) {
+        if (s1->prefix & PREFIX_LOCK) {
+            /* Lock prefix when destination is not memory.  */
+            gen_illegal_opcode(s1);
+            return;
+        }
         gen_op_mov_v_reg(s1, ot, s1->T0, d);
     } else if (!(s1->prefix & PREFIX_LOCK)) {
         gen_op_ld_v(s1, ot, s1->T0, s1->A0);
@@ -2469,21 +2489,6 @@ static void gen_leave(DisasContext *s)
     gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1);
 }
 
-static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip)
-{
-    gen_update_cc_op(s);
-    gen_jmp_im(s, cur_eip);
-    gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
-    s->base.is_jmp = DISAS_NORETURN;
-}
-
-/* Generate #UD for the current instruction.  The assumption here is that
-   the instruction is known, but it isn't allowed in the current cpu mode.  */
-static void gen_illegal_opcode(DisasContext *s)
-{
-    gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base);
-}
-
 /* Similarly, except that the assumption here is that we don't decode
    the instruction at all -- either a missing opcode, an unimplemented
    feature, or just a bogus instruction stream.  */
-- 
1.8.3.1

[Qemu-devel] [PULL 11/15] MAINTAINERS: Add some missing entries related to accelerators

[Paolo Bonzini]

From: Thomas Huth <thuth@redhat.com>

Add some files from accel/stubs/, include/hw/kvm/ and scripts/kvm/
to the MAINTAINERS file.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1542891438-13329-1-git-send-email-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 MAINTAINERS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 9410bbb..c7acb55 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -117,6 +117,7 @@ S: Maintained
 F: cpus.c
 F: exec.c
 F: accel/tcg/
+F: accel/stubs/tcg-stub.c
 F: include/exec/cpu*.h
 F: include/exec/exec-all.h
 F: include/exec/helper*.h
@@ -341,7 +342,10 @@ L: kvm@vger.kernel.org
 S: Supported
 F: */kvm.*
 F: accel/kvm/
+F: accel/stubs/kvm-stub.c
+F: include/hw/kvm/
 F: include/sysemu/kvm*.h
+F: scripts/kvm/kvm_flightrecorder
 
 ARM
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -384,6 +388,7 @@ M: Marcelo Tosatti <mtosatti@redhat.com>
 L: kvm@vger.kernel.org
 S: Supported
 F: target/i386/kvm.c
+F: scripts/kvm/vmxcap
 
 Guest CPU Cores (Xen):
 ----------------------
-- 
1.8.3.1

[Qemu-devel] [PULL 12/15] MAINTAINERS: Add an entry for the Firmware Configuration (fw_cfg) device

[Paolo Bonzini]

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Step in to maintain it, with Laszlo (EDK2) and Gerd (SeaBIOS)
as designated reviewers.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20181122021139.1486-1-philmd@redhat.com>
Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 MAINTAINERS | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index c7acb55..63effdc 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1564,6 +1564,19 @@ F: hw/display/edid*
 F: include/hw/display/edid.h
 F: qemu-edid.c
 
+Firmware configuration (fw_cfg)
+M: Philippe Mathieu-Daudé <philmd@redhat.com>
+R: Laszlo Ersek <lersek@redhat.com>
+R: Gerd Hoffmann <kraxel@redhat.com>
+S: Supported
+F: docs/specs/fw_cfg.txt
+F: hw/nvram/fw_cfg.c
+F: include/hw/nvram/fw_cfg.h
+F: include/standard-headers/linux/qemu_fw_cfg.h
+F: tests/libqos/fw_cfg.c
+F: tests/fw_cfg-test.c
+T: git https://github.com/philmd/qemu.git fw_cfg-next
+
 Subsystems
 ----------
 Audio
-- 
1.8.3.1

[Qemu-devel] [PULL 13/15] configure: fix elf2dmp check

[Paolo Bonzini]

From: Roman Kagan <rkagan@virtuozzo.com>

elf2dmp is keyed on "$posix" = "yes", but "$posix" doesn't seem to be
set anywhere.

The original intent was presumably to skip building it on Windows, so
check for "$mingw32" = "no" instead.

Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-Id: <20181123090058.6931-1-rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index 0a3c6a7..fc6ce00 100755
--- a/configure
+++ b/configure
@@ -5722,7 +5722,7 @@ if test "$want_tools" = "yes" ; then
   if [ "$ivshmem" = "yes" ]; then
     tools="ivshmem-client\$(EXESUF) ivshmem-server\$(EXESUF) $tools"
   fi
-  if [ "$posix" = "yes" ] && [ "$curl" = "yes" ]; then
+  if [ "$mingw32" = "no" ] && [ "$curl" = "yes" ]; then
     tools="elf2dmp $tools"
   fi
 fi
-- 
1.8.3.1

[Qemu-devel] [PULL 14/15] hostmem-memfd: honour share=on/off property

[Paolo Bonzini]

From: Marc-André Lureau <marcandre.lureau@redhat.com>

The share=on/off property is used to modified mmap() MAP_SHARED
setting. Make it on by default for convenience and compatibility
reasons.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 backends/hostmem-memfd.c | 4 +++-
 qemu-options.hx          | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/backends/hostmem-memfd.c b/backends/hostmem-memfd.c
index b6836b2..1c3579e 100644
--- a/backends/hostmem-memfd.c
+++ b/backends/hostmem-memfd.c
@@ -59,7 +59,8 @@ memfd_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
 
     name = object_get_canonical_path(OBJECT(backend));
     memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend),
-                                   name, backend->size, true, fd, errp);
+                                   name, backend->size,
+                                   backend->share, fd, errp);
     g_free(name);
 }
 
@@ -131,6 +132,7 @@ memfd_backend_instance_init(Object *obj)
 
     /* default to sealed file */
     m->seal = true;
+    MEMORY_BACKEND(m)->share = true;
 }
 
 static void
diff --git a/qemu-options.hx b/qemu-options.hx
index f7df472..269eda7 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4025,7 +4025,7 @@ Memory backend objects offer more control than the @option{-m} option that is
 traditionally used to define guest RAM. Please refer to
 @option{memory-backend-file} for a description of the options.
 
-@item -object memory-backend-memfd,id=@var{id},merge=@var{on|off},dump=@var{on|off},prealloc=@var{on|off},size=@var{size},host-nodes=@var{host-nodes},policy=@var{default|preferred|bind|interleave},seal=@var{on|off},hugetlb=@var{on|off},hugetlbsize=@var{size}
+@item -object memory-backend-memfd,id=@var{id},merge=@var{on|off},dump=@var{on|off},share=@var{on|off},prealloc=@var{on|off},size=@var{size},host-nodes=@var{host-nodes},policy=@var{default|preferred|bind|interleave},seal=@var{on|off},hugetlb=@var{on|off},hugetlbsize=@var{size}
 
 Creates an anonymous memory file backend object, which allows QEMU to
 share the memory with an external process (e.g. when using
@@ -4047,6 +4047,8 @@ with the @option{seal} option (requires at least Linux 4.16).
 Please refer to @option{memory-backend-file} for a description of the
 other options.
 
+The @option{share} boolean option is @var{on} by default with memfd.
+
 @item -object rng-random,id=@var{id},filename=@var{/dev/random}
 
 Creates a random number generator backend which obtains entropy from
-- 
1.8.3.1

[Qemu-devel] [PULL 15/15] hostmem: no need to check for host_memory_backend_mr_inited() in alloc()

[Paolo Bonzini]

From: Marc-André Lureau <marcandre.lureau@redhat.com>

memfd_backend_memory_alloc/file_backend_memory_alloc both needlessly
are are calling host_memory_backend_mr_inited() which creates an
illusion that alloc could be called multiple times but it isn't, it's
called once from UserCreatable complete().

Suggested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 backends/hostmem-file.c  | 24 ++++++++++++------------
 backends/hostmem-memfd.c |  4 ----
 2 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c
index 639c8d4..7cd3a2b 100644
--- a/backends/hostmem-file.c
+++ b/backends/hostmem-file.c
@@ -42,6 +42,9 @@ static void
 file_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
 {
     HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(backend);
+#ifdef CONFIG_LINUX
+    gchar *path;
+#endif
 
     if (!backend->size) {
         error_setg(errp, "can't create backend with size 0");
@@ -54,18 +57,15 @@ file_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
 #ifndef CONFIG_POSIX
     error_setg(errp, "-mem-path not supported on this host");
 #else
-    if (!host_memory_backend_mr_inited(backend)) {
-        gchar *path;
-        backend->force_prealloc = mem_prealloc;
-        path = object_get_canonical_path(OBJECT(backend));
-        memory_region_init_ram_from_file(&backend->mr, OBJECT(backend),
-                                 path,
-                                 backend->size, fb->align,
-                                 (backend->share ? RAM_SHARED : 0) |
-                                 (fb->is_pmem ? RAM_PMEM : 0),
-                                 fb->mem_path, errp);
-        g_free(path);
-    }
+    backend->force_prealloc = mem_prealloc;
+    path = object_get_canonical_path(OBJECT(backend));
+    memory_region_init_ram_from_file(&backend->mr, OBJECT(backend),
+                                     path,
+                                     backend->size, fb->align,
+                                     (backend->share ? RAM_SHARED : 0) |
+                                     (fb->is_pmem ? RAM_PMEM : 0),
+                                     fb->mem_path, errp);
+    g_free(path);
 #endif
 }
 
diff --git a/backends/hostmem-memfd.c b/backends/hostmem-memfd.c
index 1c3579e..2eb9c82 100644
--- a/backends/hostmem-memfd.c
+++ b/backends/hostmem-memfd.c
@@ -44,10 +44,6 @@ memfd_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
         return;
     }
 
-    if (host_memory_backend_mr_inited(backend)) {
-        return;
-    }
-
     backend->force_prealloc = mem_prealloc;
     fd = qemu_memfd_create(TYPE_MEMORY_BACKEND_MEMFD, backend->size,
                            m->hugetlb, m->hugetlbsize, m->seal ?
-- 
1.8.3.1

Re: [Qemu-devel] [PULL v2 00/15] Misc patches for QEMU 3.1-rc3

[Peter Maydell]

On Tue, 27 Nov 2018 at 14:38, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> The following changes since commit 4822f1ee9efa8df56e29db0a68323b484bdb0335:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/fixes-31-20181127-pull-request' into staging (2018-11-27 11:21:38 +0000)
>
> are available in the git repository at:
>
>
>   git://github.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to cb16c8466b6c62868aba47cd95fadcf316541f40:
>
>   hostmem: no need to check for host_memory_backend_mr_inited() in alloc() (2018-11-27 15:35:19 +0100)
>
> ----------------------------------------------------------------
> * lsi HBA reselection fix (George)
> * Small cleanups (Li Qiang)
> * bugfixes for vhost-user-bridge and hostmem (Marc-André)
> * single-thread TCG fix (me)
> * VMX migration blocker (me)
> * target/i386 fix for LOCK (Richard)
> * fix elf2dmp check (Roman)
> * MAINTAINERS update (Philippe, Thomas)
>
> ----------------------------------------------------------------

Hi; I'm afraid this has compile problems on 32-bit hosts and
on the various BSDs.

Format string issues, 32-bit hosts:

/home/peter.maydell/qemu/contrib/elf2dmp/main.c: In function 'get_kdbg':
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:90:52: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka
long long unsigned int}' [-Werror=format=]
         if (!SYM_RESOLVE(KernBase, pdb, KiWaitNever) ||
                                                    ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
definition of macro 'SYM_RESOLVE'
     s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
                 ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:91:57: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka
long long unsigned int}' [-Werror=format=]
                 !SYM_RESOLVE(KernBase, pdb, KiWaitAlways) ||
                                                         ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
definition of macro 'SYM_RESOLVE'
     s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
                 ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:92:64: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka
long long unsigned int}' [-Werror=format=]
                 !SYM_RESOLVE(KernBase, pdb, KdpDataBlockEncoded)) {
                                                                ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
definition of macro 'SYM_RESOLVE'
     s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
                 ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:101:16: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka
 long long unsigned int}' [-Werror=format=]
         printf("[KiWaitNever] = 0x%016lx\n", kwn);
                ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:102:16: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka
 long long unsigned int}' [-Werror=format=]
         printf("[KiWaitAlways] = 0x%016lx\n", kwa);
                ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c: In function 'fix_dtb':
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:205:20: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka
 long long unsigned int}' [-Werror=format=]
             printf("DTB 0x%016lx has been found from CPU #%zu"
                    ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:225:16: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka
 long long unsigned int}' [-Werror=format=]
         printf("DirectoryTableBase = 0x%016lx has been found from CPU #0"
                ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c: In function 'main':
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:491:12: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
     printf("CPU #0 CR3 is 0x%016lx\n", state->cr[3]);
            ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:500:12: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
     printf("CPU #0 IDT is at 0x%016lx\n", state->idt.base);
            ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:508:12: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
     printf("CPU #0 IDT[0] -> 0x%016lx\n", idt_desc_addr(first_idt_desc));
            ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:511:12: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
     printf("Searching kernel downwards from 0x%16lx...\n", KernBase);
            ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:524:12: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
     printf("KernBase = 0x%16lx, signature is \'%.2s\'\n", KernBase,
            ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:548:57: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
     if (!SYM_RESOLVE(KernBase, &pdb, KdDebuggerDataBlock) ||
                                                         ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
definition of macro 'SYM_RESOLVE'
     s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
                 ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:549:56: error: format
'%lx' expects argument of type 'long unsigned int', but argument 2 has
type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
             !SYM_RESOLVE(KernBase, &pdb, KdVersionBlock)) {
                                                        ^
/home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
definition of macro 'SYM_RESOLVE'
     s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
                 ^
/home/peter.maydell/qemu/contrib/elf2dmp/pdb.c: In function
'pdb_find_public_v3_symbol':
/home/peter.maydell/qemu/contrib/elf2dmp/pdb.c:69:20: error: format
'%lx' expects argument of type 'long unsigned int', but argument 7 has
type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
             printf("%s: 0x%016x(%d:\'%.8s\') + 0x%08x = 0x%09lx\n", name,
                    ^


Compile failure, FreeBSD:

backends/hostmem-file.c:61:5: error: use of undeclared identifier 'path'
    path = object_get_canonical_path(OBJECT(backend));
    ^
backends/hostmem-file.c:63:38: error: use of undeclared identifier 'path'
                                     path,
                                     ^
backends/hostmem-file.c:68:12: error: use of undeclared identifier 'path'
    g_free(path);
           ^

(The variable declaration is in #ifdef CONFIG_LINUX, but the use is
guarded by CONFIG_POSIX.)


Compile failure, OpenBSD and OSX:
In file included from contrib/elf2dmp/addrspace.h:11:0,
                 from contrib/elf2dmp/main.c:10:
contrib/elf2dmp/qemu_elf.h:12:17: fatal error: elf.h: No such file or directory
 #include <elf.h>
                 ^

and a format-descriptor issue not in the 32-bit host lot above:
contrib/elf2dmp/pdb.c: In function 'pdb_find_public_v3_symbol':
contrib/elf2dmp/pdb.c:71:21: warning: format '%lx' expects argument of
type 'long unsigned int', but argument 7 has type 'uint64_t'
[-Wformat=]
                     ((char *)segment - 8), sym->public_v3.offset, rva);
                     ^


thanks
-- PMM

Re: [Qemu-devel] [PULL v2 00/15] Misc patches for QEMU 3.1-rc3

[Laurent Vivier]

On 27/11/2018 16:43, Peter Maydell wrote:
> On Tue, 27 Nov 2018 at 14:38, Paolo Bonzini <pbonzini@redhat.com> wrote:
>>
>> The following changes since commit 4822f1ee9efa8df56e29db0a68323b484bdb0335:
>>
>>   Merge remote-tracking branch 'remotes/kraxel/tags/fixes-31-20181127-pull-request' into staging (2018-11-27 11:21:38 +0000)
>>
>> are available in the git repository at:
>>
>>
>>   git://github.com/bonzini/qemu.git tags/for-upstream
>>
>> for you to fetch changes up to cb16c8466b6c62868aba47cd95fadcf316541f40:
>>
>>   hostmem: no need to check for host_memory_backend_mr_inited() in alloc() (2018-11-27 15:35:19 +0100)
>>
>> ----------------------------------------------------------------
>> * lsi HBA reselection fix (George)
>> * Small cleanups (Li Qiang)
>> * bugfixes for vhost-user-bridge and hostmem (Marc-André)
>> * single-thread TCG fix (me)
>> * VMX migration blocker (me)
>> * target/i386 fix for LOCK (Richard)
>> * fix elf2dmp check (Roman)
>> * MAINTAINERS update (Philippe, Thomas)
>>
>> ----------------------------------------------------------------
> 
> Hi; I'm afraid this has compile problems on 32-bit hosts and
> on the various BSDs.
> 
> Format string issues, 32-bit hosts:
> 
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c: In function 'get_kdbg':
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:90:52: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka
> long long unsigned int}' [-Werror=format=]
>          if (!SYM_RESOLVE(KernBase, pdb, KiWaitNever) ||
>                                                     ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
> definition of macro 'SYM_RESOLVE'
>      s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
>                  ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:91:57: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka
> long long unsigned int}' [-Werror=format=]
>                  !SYM_RESOLVE(KernBase, pdb, KiWaitAlways) ||
>                                                          ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
> definition of macro 'SYM_RESOLVE'
>      s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
>                  ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:92:64: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka
> long long unsigned int}' [-Werror=format=]
>                  !SYM_RESOLVE(KernBase, pdb, KdpDataBlockEncoded)) {
>                                                                 ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
> definition of macro 'SYM_RESOLVE'
>      s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
>                  ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:101:16: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka
>  long long unsigned int}' [-Werror=format=]
>          printf("[KiWaitNever] = 0x%016lx\n", kwn);
>                 ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:102:16: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka
>  long long unsigned int}' [-Werror=format=]
>          printf("[KiWaitAlways] = 0x%016lx\n", kwa);
>                 ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c: In function 'fix_dtb':
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:205:20: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka
>  long long unsigned int}' [-Werror=format=]
>              printf("DTB 0x%016lx has been found from CPU #%zu"
>                     ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:225:16: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka
>  long long unsigned int}' [-Werror=format=]
>          printf("DirectoryTableBase = 0x%016lx has been found from CPU #0"
>                 ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c: In function 'main':
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:491:12: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>      printf("CPU #0 CR3 is 0x%016lx\n", state->cr[3]);
>             ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:500:12: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>      printf("CPU #0 IDT is at 0x%016lx\n", state->idt.base);
>             ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:508:12: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>      printf("CPU #0 IDT[0] -> 0x%016lx\n", idt_desc_addr(first_idt_desc));
>             ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:511:12: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>      printf("Searching kernel downwards from 0x%16lx...\n", KernBase);
>             ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:524:12: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>      printf("KernBase = 0x%16lx, signature is \'%.2s\'\n", KernBase,
>             ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:548:57: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>      if (!SYM_RESOLVE(KernBase, &pdb, KdDebuggerDataBlock) ||
>                                                          ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
> definition of macro 'SYM_RESOLVE'
>      s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
>                  ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:549:56: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 2 has
> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>              !SYM_RESOLVE(KernBase, &pdb, KdVersionBlock)) {
>                                                         ^
> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
> definition of macro 'SYM_RESOLVE'
>      s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
>                  ^
> /home/peter.maydell/qemu/contrib/elf2dmp/pdb.c: In function
> 'pdb_find_public_v3_symbol':
> /home/peter.maydell/qemu/contrib/elf2dmp/pdb.c:69:20: error: format
> '%lx' expects argument of type 'long unsigned int', but argument 7 has
> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>              printf("%s: 0x%016x(%d:\'%.8s\') + 0x%08x = 0x%09lx\n", name,
>                     ^
> 
> 
> Compile failure, FreeBSD:
> 
> backends/hostmem-file.c:61:5: error: use of undeclared identifier 'path'
>     path = object_get_canonical_path(OBJECT(backend));
>     ^
> backends/hostmem-file.c:63:38: error: use of undeclared identifier 'path'
>                                      path,
>                                      ^
> backends/hostmem-file.c:68:12: error: use of undeclared identifier 'path'
>     g_free(path);
>            ^
> 
> (The variable declaration is in #ifdef CONFIG_LINUX, but the use is
> guarded by CONFIG_POSIX.)
> 
> 
> Compile failure, OpenBSD and OSX:
> In file included from contrib/elf2dmp/addrspace.h:11:0,
>                  from contrib/elf2dmp/main.c:10:
> contrib/elf2dmp/qemu_elf.h:12:17: fatal error: elf.h: No such file or directory
>  #include <elf.h>
>                  ^
> 
> and a format-descriptor issue not in the 32-bit host lot above:
> contrib/elf2dmp/pdb.c: In function 'pdb_find_public_v3_symbol':
> contrib/elf2dmp/pdb.c:71:21: warning: format '%lx' expects argument of
> type 'long unsigned int', but argument 7 has type 'uint64_t'
> [-Wformat=]
>                      ((char *)segment - 8), sym->public_v3.offset, rva);

I think PATCH 15/15 should be "$mingw32" = "yes" as the intend of the tool 
is to convert ELF dump to Windows MEMORY.DMP:

commit 3fa2d384c245bcee3a9ecfa11f298b76ea4c9d57
Author: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com>
Date:   Wed Aug 29 15:41:25 2018 +0300

    contrib: add elf2dmp tool
    
    elf2dmp is a converter from ELF dump (produced by 'dump-guest-memory') to
    Windows MEMORY.DMP format (also know as 'Complete Memory Dump') which can be
    opened in WinDbg.
    
    This tool can help if VMCoreInfo device/driver is absent in Windows VM and
    'dump-guest-memory -w' is not available but dump can be created in ELF format.
    
    The tool works as follows:
    1. Determine the system paging root looking at GS_BASE or KERNEL_GS_BASE
    to locate the PRCB structure and finds the kernel CR3 nearby if QEMU CPU
    state CR3 is not suitable.
    2. Find an address within the kernel image by dereferencing the first
    IDT entry and scans virtual memory upwards until the start of the
    kernel.
    3. Download a PDB matching the kernel from the Microsoft symbol store,
    and figure out the layout of certain relevant structures necessary for
    the dump.
    4. Populate the corresponding structures in the memory image and create
    the appropriate dump header.

Re: [Qemu-devel] [PULL v2 00/15] Misc patches for QEMU 3.1-rc3

[Paolo Bonzini]

On 27/11/18 16:47, Laurent Vivier wrote:
> On 27/11/2018 16:43, Peter Maydell wrote:
>> On Tue, 27 Nov 2018 at 14:38, Paolo Bonzini <pbonzini@redhat.com> wrote:
>>>
>>> The following changes since commit 4822f1ee9efa8df56e29db0a68323b484bdb0335:
>>>
>>>   Merge remote-tracking branch 'remotes/kraxel/tags/fixes-31-20181127-pull-request' into staging (2018-11-27 11:21:38 +0000)
>>>
>>> are available in the git repository at:
>>>
>>>
>>>   git://github.com/bonzini/qemu.git tags/for-upstream
>>>
>>> for you to fetch changes up to cb16c8466b6c62868aba47cd95fadcf316541f40:
>>>
>>>   hostmem: no need to check for host_memory_backend_mr_inited() in alloc() (2018-11-27 15:35:19 +0100)
>>>
>>> ----------------------------------------------------------------
>>> * lsi HBA reselection fix (George)
>>> * Small cleanups (Li Qiang)
>>> * bugfixes for vhost-user-bridge and hostmem (Marc-André)
>>> * single-thread TCG fix (me)
>>> * VMX migration blocker (me)
>>> * target/i386 fix for LOCK (Richard)
>>> * fix elf2dmp check (Roman)
>>> * MAINTAINERS update (Philippe, Thomas)
>>>
>>> ----------------------------------------------------------------
>>
>> Hi; I'm afraid this has compile problems on 32-bit hosts and
>> on the various BSDs.
>>
>> Format string issues, 32-bit hosts:
>>
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c: In function 'get_kdbg':
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:90:52: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka
>> long long unsigned int}' [-Werror=format=]
>>          if (!SYM_RESOLVE(KernBase, pdb, KiWaitNever) ||
>>                                                     ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
>> definition of macro 'SYM_RESOLVE'
>>      s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
>>                  ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:91:57: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka
>> long long unsigned int}' [-Werror=format=]
>>                  !SYM_RESOLVE(KernBase, pdb, KiWaitAlways) ||
>>                                                          ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
>> definition of macro 'SYM_RESOLVE'
>>      s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
>>                  ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:92:64: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka
>> long long unsigned int}' [-Werror=format=]
>>                  !SYM_RESOLVE(KernBase, pdb, KdpDataBlockEncoded)) {
>>                                                                 ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
>> definition of macro 'SYM_RESOLVE'
>>      s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
>>                  ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:101:16: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka
>>  long long unsigned int}' [-Werror=format=]
>>          printf("[KiWaitNever] = 0x%016lx\n", kwn);
>>                 ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:102:16: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka
>>  long long unsigned int}' [-Werror=format=]
>>          printf("[KiWaitAlways] = 0x%016lx\n", kwa);
>>                 ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c: In function 'fix_dtb':
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:205:20: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka
>>  long long unsigned int}' [-Werror=format=]
>>              printf("DTB 0x%016lx has been found from CPU #%zu"
>>                     ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:225:16: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka
>>  long long unsigned int}' [-Werror=format=]
>>          printf("DirectoryTableBase = 0x%016lx has been found from CPU #0"
>>                 ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c: In function 'main':
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:491:12: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>>      printf("CPU #0 CR3 is 0x%016lx\n", state->cr[3]);
>>             ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:500:12: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>>      printf("CPU #0 IDT is at 0x%016lx\n", state->idt.base);
>>             ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:508:12: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>>      printf("CPU #0 IDT[0] -> 0x%016lx\n", idt_desc_addr(first_idt_desc));
>>             ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:511:12: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>>      printf("Searching kernel downwards from 0x%16lx...\n", KernBase);
>>             ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:524:12: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>>      printf("KernBase = 0x%16lx, signature is \'%.2s\'\n", KernBase,
>>             ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:548:57: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>>      if (!SYM_RESOLVE(KernBase, &pdb, KdDebuggerDataBlock) ||
>>                                                          ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
>> definition of macro 'SYM_RESOLVE'
>>      s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
>>                  ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:549:56: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 2 has
>> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>>              !SYM_RESOLVE(KernBase, &pdb, KdVersionBlock)) {
>>                                                         ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/main.c:44:17: note: in
>> definition of macro 'SYM_RESOLVE'
>>      s ? printf(#s" = 0x%016lx\n", s) : eprintf("Failed to resolve "#s"\n"), s)
>>                  ^
>> /home/peter.maydell/qemu/contrib/elf2dmp/pdb.c: In function
>> 'pdb_find_public_v3_symbol':
>> /home/peter.maydell/qemu/contrib/elf2dmp/pdb.c:69:20: error: format
>> '%lx' expects argument of type 'long unsigned int', but argument 7 has
>> type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
>>              printf("%s: 0x%016x(%d:\'%.8s\') + 0x%08x = 0x%09lx\n", name,
>>                     ^
>>
>>
>> Compile failure, FreeBSD:
>>
>> backends/hostmem-file.c:61:5: error: use of undeclared identifier 'path'
>>     path = object_get_canonical_path(OBJECT(backend));
>>     ^
>> backends/hostmem-file.c:63:38: error: use of undeclared identifier 'path'
>>                                      path,
>>                                      ^
>> backends/hostmem-file.c:68:12: error: use of undeclared identifier 'path'
>>     g_free(path);
>>            ^
>>
>> (The variable declaration is in #ifdef CONFIG_LINUX, but the use is
>> guarded by CONFIG_POSIX.)
>>
>>
>> Compile failure, OpenBSD and OSX:
>> In file included from contrib/elf2dmp/addrspace.h:11:0,
>>                  from contrib/elf2dmp/main.c:10:
>> contrib/elf2dmp/qemu_elf.h:12:17: fatal error: elf.h: No such file or directory
>>  #include <elf.h>
>>                  ^
>>
>> and a format-descriptor issue not in the 32-bit host lot above:
>> contrib/elf2dmp/pdb.c: In function 'pdb_find_public_v3_symbol':
>> contrib/elf2dmp/pdb.c:71:21: warning: format '%lx' expects argument of
>> type 'long unsigned int', but argument 7 has type 'uint64_t'
>> [-Wformat=]
>>                      ((char *)segment - 8), sym->public_v3.offset, rva);
> 
> I think PATCH 15/15 should be "$mingw32" = "yes" as the intend of the tool 
> is to convert ELF dump to Windows MEMORY.DMP:

No, the tool can be run on POSIX systems, the ones where you get the ELF
dump, and produces a MEMORY.DMP that you can load in windbg, so
mingw32=no is correct; it simply hasn't been ported to Windows yet.

Anyway the fix can wait for 3.2, I'll just drop the patch.

Paolo

> commit 3fa2d384c245bcee3a9ecfa11f298b76ea4c9d57
> Author: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com>
> Date:   Wed Aug 29 15:41:25 2018 +0300
> 
>     contrib: add elf2dmp tool
>     
>     elf2dmp is a converter from ELF dump (produced by 'dump-guest-memory') to
>     Windows MEMORY.DMP format (also know as 'Complete Memory Dump') which can be
>     opened in WinDbg.
>     
>     This tool can help if VMCoreInfo device/driver is absent in Windows VM and
>     'dump-guest-memory -w' is not available but dump can be created in ELF format.
>     
>     The tool works as follows:
>     1. Determine the system paging root looking at GS_BASE or KERNEL_GS_BASE
>     to locate the PRCB structure and finds the kernel CR3 nearby if QEMU CPU
>     state CR3 is not suitable.
>     2. Find an address within the kernel image by dereferencing the first
>     IDT entry and scans virtual memory upwards until the start of the
>     kernel.
>     3. Download a PDB matching the kernel from the Microsoft symbol store,
>     and figure out the layout of certain relevant structures necessary for
>     the dump.
>     4. Populate the corresponding structures in the memory image and create
>     the appropriate dump header.
> 
> 

Re: [Qemu-devel] [PULL v2 00/15] Misc patches for QEMU 3.1-rc3

[Peter Maydell]

On Tue, 27 Nov 2018 at 14:38, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> The following changes since commit 4822f1ee9efa8df56e29db0a68323b484bdb0335:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/fixes-31-20181127-pull-request' into staging (2018-11-27 11:21:38 +0000)
>
> are available in the git repository at:
>
>
>   git://github.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to cb16c8466b6c62868aba47cd95fadcf316541f40:
>
>   hostmem: no need to check for host_memory_backend_mr_inited() in alloc() (2018-11-27 15:35:19 +0100)
>
> ----------------------------------------------------------------
> * lsi HBA reselection fix (George)
> * Small cleanups (Li Qiang)
> * bugfixes for vhost-user-bridge and hostmem (Marc-André)
> * single-thread TCG fix (me)
> * VMX migration blocker (me)
> * target/i386 fix for LOCK (Richard)
> * fix elf2dmp check (Roman)
> * MAINTAINERS update (Philippe, Thomas)
>
> ----------------------------------------------------------------

I'll delay rc3 til tomorrow so we can get a v3 of this pullreq
in, in the hope of making rc3 our last before release...

thanks
-- PMM

[Qemu-devel] [PULL 00/15] Misc patches for QEMU 3.1-rc3

[Paolo Bonzini]

The following changes since commit d522fba24478474911b0e6e488b6d1dcf1af54f8:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20181126' into staging (2018-11-26 13:58:46 +0000)

are available in the git repository at:


  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to b6a1ae97bad8dbad43d5614e4c88c1f50e9ee737:

  hostmem: no need to check for host_memory_backend_mr_inited() in alloc() (2018-11-26 20:35:19 +0100)

----------------------------------------------------------------
* lsi HBA reselection fix (George)
* Small cleanups (Li Qiang)
* bugfixes for vhost-user-bridge and hostmem (Marc-André)
* single-thread TCG fix (me)
* VMX migration blocker (me)
* target/i386 fix for LOCK (Richard)
* fix elf2dmp check (Roman)
* MAINTAINERS update (Philippe, Thomas)

----------------------------------------------------------------
George Kennedy (1):
      lsi: Reselection needed to remove pending commands from queue

Li Qiang (2):
      vl: Improve error message when we can't load fw_cfg from file
      vl.c: remove outdated comment

Marc-André Lureau (4):
      vmstate: constify VMStateField
      vhost-user-bridge: fix recvmsg iovlen
      hostmem-memfd: honour share=on/off property
      hostmem: no need to check for host_memory_backend_mr_inited() in alloc()

Paolo Bonzini (4):
      target/i386: kvm: add VMX migration blocker
      cpus: run work items for all vCPUs if single-threaded
      migration: savevm: consult migration blockers
      checkpatch: g_test_message does not need a trailing newline

Philippe Mathieu-Daudé (1):
      MAINTAINERS: Add an entry for the Firmware Configuration (fw_cfg) device

Richard Henderson (1):
      target/i386: Generate #UD when applying LOCK to a register destination

Roman Kagan (1):
      configure: fix elf2dmp check

Thomas Huth (1):
      MAINTAINERS: Add some missing entries related to accelerators

 MAINTAINERS                 |  18 +++++++
 backends/hostmem-file.c     |  24 ++++-----
 backends/hostmem-memfd.c    |   8 ++-
 configure                   |   2 +-
 cpus.c                      |  12 +++--
 hw/display/virtio-gpu.c     |   4 +-
 hw/intc/s390_flic_kvm.c     |   4 +-
 hw/nvram/eeprom93xx.c       |   6 +--
 hw/nvram/fw_cfg.c           |   6 +--
 hw/pci/msix.c               |   4 +-
 hw/pci/pci.c                |   8 +--
 hw/pci/shpc.c               |   7 +--
 hw/scsi/lsi53c895a.c        |  48 +++++++++++++-----
 hw/scsi/scsi-bus.c          |   4 +-
 hw/timer/twl92230.c         |   4 +-
 hw/usb/redirect.c           |  12 ++---
 hw/virtio/virtio.c          |   8 +--
 include/migration/vmstate.h |   6 +--
 migration/savevm.c          |  11 ++--
 migration/vmstate-types.c   | 119 ++++++++++++++++++++++++--------------------
 migration/vmstate.c         |  31 ++++++------
 qemu-options.hx             |   4 +-
 scripts/checkpatch.pl       |   3 +-
 target/alpha/machine.c      |   5 +-
 target/arm/machine.c        |  12 ++---
 target/hppa/machine.c       |  10 ++--
 target/i386/kvm.c           |  15 ++++--
 target/i386/translate.c     |  35 +++++++------
 target/mips/machine.c       |  14 +++---
 target/openrisc/machine.c   |   5 +-
 target/ppc/machine.c        |  14 +++---
 target/sparc/machine.c      |   7 +--
 tests/vhost-user-bridge.c   |   2 +-
 vl.c                        |   9 ++--
 34 files changed, 286 insertions(+), 195 deletions(-)
-- 
1.8.3.1

[Qemu-devel] [PULL 01/15] target/i386: kvm: add VMX migration blocker

[Paolo Bonzini]

Nested VMX does not support live migration yet.  Add a blocker
until that is worked out.

Nested SVM only does not support it, but unfortunately it is
enabled by default for -cpu host so we cannot really disable it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/kvm.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index f524e7d..27dcca5 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -854,6 +854,7 @@ static int hyperv_init_vcpu(X86CPU *cpu)
 }
 
 static Error *invtsc_mig_blocker;
+static Error *vmx_mig_blocker;
 
 #define KVM_MAX_CPUID_ENTRIES  100
 
@@ -1246,6 +1247,17 @@ int kvm_arch_init_vcpu(CPUState *cs)
                                   !!(c->ecx & CPUID_EXT_SMX);
     }
 
+    if ((env->features[FEAT_1_ECX] & CPUID_EXT_VMX) && !vmx_mig_blocker) {
+        error_setg(&vmx_mig_blocker,
+                   "Nested VMX virtualization does not support live migration yet");
+        r = migrate_add_blocker(vmx_mig_blocker, &local_err);
+        if (local_err) {
+            error_report_err(local_err);
+            error_free(vmx_mig_blocker);
+            return r;
+        }
+    }
+
     if (env->mcg_cap & MCG_LMCE_P) {
         has_msr_mcg_ext_ctl = has_msr_feature_control = true;
     }
-- 
1.8.3.1