[Qemu-devel] [PULL 00/13] KVM patches for 2013-09-20

[Qemu-devel] [PULL 00/13] KVM patches for 2013-09-20

[Paolo Bonzini]

Anthony,

The following changes since commit 2d1fe1873a984d1c2c89ffa3d12949cafc718551:

  Merge remote-tracking branch 'pmaydell/tags/pull-target-arm-20130910' into staging (2013-09-11 14:46:52 -0500)

are available in the git repository at:


  git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git uq/master

for you to fetch changes up to f010bc643a2759e87e989c3e4e85f15ec71ae98f:

  target-i386: add feature kvm_pv_unhalt (2013-09-20 12:38:49 +0200)

Paolo
----------------------------------------------------------------
Alexey Kardashevskiy (3):
      kvm irqfd: support direct msimessage to irq translation
      kvm: fix traces to use %x instead of %d
      linux-headers: update to 3.11

Andrea Arcangeli (1):
      exec: always use MADV_DONTFORK

Andrew Jones (3):
      kvm: warn if num cpus is greater than num recommended
      linux-headers: update to 3.12-rc1
      target-i386: add feature kvm_pv_unhalt

Benoît Canet (1):
      target-i386: forward CPUID cache leaves when -cpu host is used

James Hogan (1):
      cpu: Move cpu state syncs up into cpu_dump_state()

Jan Kiszka (3):
      kvmvapic: Catch invalid ROM size
      kvmvapic: Enter inactive state on hardware reset
      kvmvapic: Clear also physical ROM address when entering INACTIVE state

Marcelo Tosatti (1):
      fix steal time MSR vmsd callback to proper opaque type

 exec.c                              |   1 +
 hw/i386/kvmvapic.c                  |  17 ++--
 include/sysemu/kvm.h                |  29 ++++---
 kvm-all.c                           |  82 +++++++++++-------
 kvm-stub.c                          |   1 +
 linux-headers/asm-arm64/kvm.h       | 168 ++++++++++++++++++++++++++++++++++++
 linux-headers/asm-arm64/kvm_para.h  |   1 +
 linux-headers/asm-mips/kvm.h        |  81 +++++++++--------
 linux-headers/asm-x86/kvm_para.h    |   1 +
 linux-headers/linux/kvm.h           |   4 +
 linux-headers/linux/kvm_para.h      |   1 +
 linux-headers/linux/vfio.h          |  80 ++++++++++++++++-
 linux-headers/linux/virtio_config.h |   3 +
 qom/cpu.c                           |   1 +
 target-i386/cpu-qom.h               |   3 +
 target-i386/cpu.c                   |  21 ++++-
 target-i386/helper.c                |   2 -
 target-i386/machine.c               |   6 +-
 target-ppc/translate.c              |   2 -
 trace-events                        |   6 +-
 20 files changed, 411 insertions(+), 99 deletions(-)
 create mode 100644 linux-headers/asm-arm64/kvm.h
 create mode 100644 linux-headers/asm-arm64/kvm_para.h
-- 
1.8.3.1

[Qemu-devel] [PULL 01/13] exec: always use MADV_DONTFORK

[Paolo Bonzini]

From: Andrea Arcangeli <aarcange@redhat.com>

MADV_DONTFORK prevents fork to fail with -ENOMEM if the default
overcommit heuristics decides there's too much anonymous virtual
memory allocated. If the KVM secondary MMU is synchronized with MMU
notifiers or not, doesn't make a difference in that regard.

Secondly it's always more efficient to avoid copying the guest
physical address space in the fork child (so we avoid to mark all the
guest memory readonly in the parent and so we skip the establishment
and teardown of lots of pagetables in the child).

In the common case we can ignore the error if MADV_DONTFORK is not
available. Leave a second invocation that errors out in the KVM path
if MMU notifiers are missing and KVM is enabled, to abort in such
case.

Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Tested-By: Benoit Canet <benoit@irqsave.net>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
---
 exec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/exec.c b/exec.c
index 030118e..5e6015c 100644
--- a/exec.c
+++ b/exec.c
@@ -1157,6 +1157,7 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
 
     qemu_ram_setup_dump(new_block->host, size);
     qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
+    qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
 
     if (kvm_enabled())
         kvm_setup_guest_memory(new_block->host, size);
-- 
1.8.3.1

[PULL 02/13] cpu: Move cpu state syncs up into cpu_dump_state()

From: James Hogan <james.hogan@imgtec.com>

The x86 and ppc targets call cpu_synchronize_state() from their
*_cpu_dump_state() callbacks to ensure that up to date state is dumped
when KVM is enabled (for example when a KVM internal error occurs).

Move this call up into the generic cpu_dump_state() function so that
other KVM targets (namely MIPS) can take advantage of it.

This requires kvm_cpu_synchronize_state() and cpu_synchronize_state() to
be moved out of the #ifdef NEED_CPU_H in <sysemu/kvm.h> so that they're
accessible to qom/cpu.c.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Andreas Färber <afaerber@suse.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Gleb Natapov <gleb@redhat.com>
Cc: qemu-ppc@nongnu.org
Cc: kvm@vger.kernel.org
Signed-off-by: Gleb Natapov <gleb@redhat.com>
---
 include/sysemu/kvm.h   | 20 ++++++++++----------
 qom/cpu.c              |  1 +
 target-i386/helper.c   |  2 --
 target-ppc/translate.c |  2 --
 4 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 8e76685..3b0ef46 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -270,16 +270,6 @@ int kvm_check_extension(KVMState *s, unsigned int extension);
 
 uint32_t kvm_arch_get_supported_cpuid(KVMState *env, uint32_t function,
                                       uint32_t index, int reg);
-void kvm_cpu_synchronize_state(CPUState *cpu);
-
-/* generic hooks - to be moved/refactored once there are more users */
-
-static inline void cpu_synchronize_state(CPUState *cpu)
-{
-    if (kvm_enabled()) {
-        kvm_cpu_synchronize_state(cpu);
-    }
-}
 
 #if !defined(CONFIG_USER_ONLY)
 int kvm_physical_memory_addr_from_host(KVMState *s, void *ram_addr,
@@ -288,9 +278,19 @@ int kvm_physical_memory_addr_from_host(KVMState *s, void *ram_addr,
 
 #endif /* NEED_CPU_H */
 
+void kvm_cpu_synchronize_state(CPUState *cpu);
 void kvm_cpu_synchronize_post_reset(CPUState *cpu);
 void kvm_cpu_synchronize_post_init(CPUState *cpu);
 
+/* generic hooks - to be moved/refactored once there are more users */
+
+static inline void cpu_synchronize_state(CPUState *cpu)
+{
+    if (kvm_enabled()) {
+        kvm_cpu_synchronize_state(cpu);
+    }
+}
+
 static inline void cpu_synchronize_post_reset(CPUState *cpu)
 {
     if (kvm_enabled()) {
diff --git a/qom/cpu.c b/qom/cpu.c
index fa7ec6b..818fb26 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -162,6 +162,7 @@ void cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
     CPUClass *cc = CPU_GET_CLASS(cpu);
 
     if (cc->dump_state) {
+        cpu_synchronize_state(cpu);
         cc->dump_state(cpu, f, cpu_fprintf, flags);
     }
 }
diff --git a/target-i386/helper.c b/target-i386/helper.c
index 7c58e27..0ad7c8e 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -188,8 +188,6 @@ void x86_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
     char cc_op_name[32];
     static const char *seg_name[6] = { "ES", "CS", "SS", "DS", "FS", "GS" };
 
-    cpu_synchronize_state(cs);
-
     eflags = cpu_compute_eflags(env);
 #ifdef TARGET_X86_64
     if (env->hflags & HF_CS64_MASK) {
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 2da7bc7..9c59f69 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -9536,8 +9536,6 @@ void ppc_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
     CPUPPCState *env = &cpu->env;
     int i;
 
-    cpu_synchronize_state(cs);
-
     cpu_fprintf(f, "NIP " TARGET_FMT_lx "   LR " TARGET_FMT_lx " CTR "
                 TARGET_FMT_lx " XER " TARGET_FMT_lx "\n",
                 env->nip, env->lr, env->ctr, cpu_read_xer(env));
-- 
1.8.3.1

[Qemu-devel] [PULL 02/13] cpu: Move cpu state syncs up into cpu_dump_state()

[Paolo Bonzini]

From: James Hogan <james.hogan@imgtec.com>

The x86 and ppc targets call cpu_synchronize_state() from their
*_cpu_dump_state() callbacks to ensure that up to date state is dumped
when KVM is enabled (for example when a KVM internal error occurs).

Move this call up into the generic cpu_dump_state() function so that
other KVM targets (namely MIPS) can take advantage of it.

This requires kvm_cpu_synchronize_state() and cpu_synchronize_state() to
be moved out of the #ifdef NEED_CPU_H in <sysemu/kvm.h> so that they're
accessible to qom/cpu.c.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Andreas Färber <afaerber@suse.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Gleb Natapov <gleb@redhat.com>
Cc: qemu-ppc@nongnu.org
Cc: kvm@vger.kernel.org
Signed-off-by: Gleb Natapov <gleb@redhat.com>
---
 include/sysemu/kvm.h   | 20 ++++++++++----------
 qom/cpu.c              |  1 +
 target-i386/helper.c   |  2 --
 target-ppc/translate.c |  2 --
 4 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 8e76685..3b0ef46 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -270,16 +270,6 @@ int kvm_check_extension(KVMState *s, unsigned int extension);
 
 uint32_t kvm_arch_get_supported_cpuid(KVMState *env, uint32_t function,
                                       uint32_t index, int reg);
-void kvm_cpu_synchronize_state(CPUState *cpu);
-
-/* generic hooks - to be moved/refactored once there are more users */
-
-static inline void cpu_synchronize_state(CPUState *cpu)
-{
-    if (kvm_enabled()) {
-        kvm_cpu_synchronize_state(cpu);
-    }
-}
 
 #if !defined(CONFIG_USER_ONLY)
 int kvm_physical_memory_addr_from_host(KVMState *s, void *ram_addr,
@@ -288,9 +278,19 @@ int kvm_physical_memory_addr_from_host(KVMState *s, void *ram_addr,
 
 #endif /* NEED_CPU_H */
 
+void kvm_cpu_synchronize_state(CPUState *cpu);
 void kvm_cpu_synchronize_post_reset(CPUState *cpu);
 void kvm_cpu_synchronize_post_init(CPUState *cpu);
 
+/* generic hooks - to be moved/refactored once there are more users */
+
+static inline void cpu_synchronize_state(CPUState *cpu)
+{
+    if (kvm_enabled()) {
+        kvm_cpu_synchronize_state(cpu);
+    }
+}
+
 static inline void cpu_synchronize_post_reset(CPUState *cpu)
 {
     if (kvm_enabled()) {
diff --git a/qom/cpu.c b/qom/cpu.c
index fa7ec6b..818fb26 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -162,6 +162,7 @@ void cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
     CPUClass *cc = CPU_GET_CLASS(cpu);
 
     if (cc->dump_state) {
+        cpu_synchronize_state(cpu);
         cc->dump_state(cpu, f, cpu_fprintf, flags);
     }
 }
diff --git a/target-i386/helper.c b/target-i386/helper.c
index 7c58e27..0ad7c8e 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -188,8 +188,6 @@ void x86_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
     char cc_op_name[32];
     static const char *seg_name[6] = { "ES", "CS", "SS", "DS", "FS", "GS" };
 
-    cpu_synchronize_state(cs);
-
     eflags = cpu_compute_eflags(env);
 #ifdef TARGET_X86_64
     if (env->hflags & HF_CS64_MASK) {
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 2da7bc7..9c59f69 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -9536,8 +9536,6 @@ void ppc_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
     CPUPPCState *env = &cpu->env;
     int i;
 
-    cpu_synchronize_state(cs);
-
     cpu_fprintf(f, "NIP " TARGET_FMT_lx "   LR " TARGET_FMT_lx " CTR "
                 TARGET_FMT_lx " XER " TARGET_FMT_lx "\n",
                 env->nip, env->lr, env->ctr, cpu_read_xer(env));
-- 
1.8.3.1

[Qemu-devel] [PULL 03/13] kvm: warn if num cpus is greater than num recommended

[Paolo Bonzini]

From: Andrew Jones <drjones@redhat.com>

The comment in kvm_max_vcpus() states that it's using the recommended
procedure from the kernel API documentation to get the max number
of vcpus that kvm supports. It is, but by always returning the
maximum number supported. The maximum number should only be used
for development purposes. qemu should check KVM_CAP_NR_VCPUS for
the recommended number of vcpus. This patch adds a warning if a user
specifies a number of cpus between the recommended and max.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Acked-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
---
 kvm-all.c | 69 ++++++++++++++++++++++++++++++++++++---------------------------
 1 file changed, 40 insertions(+), 29 deletions(-)

diff --git a/kvm-all.c b/kvm-all.c
index c29a015..d55c21f 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1322,24 +1322,20 @@ static int kvm_irqchip_create(KVMState *s)
     return 0;
 }
 
-static int kvm_max_vcpus(KVMState *s)
+/* Find number of supported CPUs using the recommended
+ * procedure from the kernel API documentation to cope with
+ * older kernels that may be missing capabilities.
+ */
+static int kvm_recommended_vcpus(KVMState *s)
 {
-    int ret;
-
-    /* Find number of supported CPUs using the recommended
-     * procedure from the kernel API documentation to cope with
-     * older kernels that may be missing capabilities.
-     */
-    ret = kvm_check_extension(s, KVM_CAP_MAX_VCPUS);
-    if (ret) {
-        return ret;
-    }
-    ret = kvm_check_extension(s, KVM_CAP_NR_VCPUS);
-    if (ret) {
-        return ret;
-    }
+    int ret = kvm_check_extension(s, KVM_CAP_NR_VCPUS);
+    return (ret) ? ret : 4;
+}
 
-    return 4;
+static int kvm_max_vcpus(KVMState *s)
+{
+    int ret = kvm_check_extension(s, KVM_CAP_MAX_VCPUS);
+    return (ret) ? ret : kvm_recommended_vcpus(s);
 }
 
 int kvm_init(void)
@@ -1347,11 +1343,19 @@ int kvm_init(void)
     static const char upgrade_note[] =
         "Please upgrade to at least kernel 2.6.29 or recent kvm-kmod\n"
         "(see http://sourceforge.net/projects/kvm).\n";
+    struct {
+        const char *name;
+        int num;
+    } num_cpus[] = {
+        { "SMP",          smp_cpus },
+        { "hotpluggable", max_cpus },
+        { NULL, }
+    }, *nc = num_cpus;
+    int soft_vcpus_limit, hard_vcpus_limit;
     KVMState *s;
     const KVMCapabilityInfo *missing_cap;
     int ret;
     int i;
-    int max_vcpus;
 
     s = g_malloc0(sizeof(KVMState));
 
@@ -1392,19 +1396,26 @@ int kvm_init(void)
         goto err;
     }
 
-    max_vcpus = kvm_max_vcpus(s);
-    if (smp_cpus > max_vcpus) {
-        ret = -EINVAL;
-        fprintf(stderr, "Number of SMP cpus requested (%d) exceeds max cpus "
-                "supported by KVM (%d)\n", smp_cpus, max_vcpus);
-        goto err;
-    }
+    /* check the vcpu limits */
+    soft_vcpus_limit = kvm_recommended_vcpus(s);
+    hard_vcpus_limit = kvm_max_vcpus(s);
 
-    if (max_cpus > max_vcpus) {
-        ret = -EINVAL;
-        fprintf(stderr, "Number of hotpluggable cpus requested (%d) exceeds max cpus "
-                "supported by KVM (%d)\n", max_cpus, max_vcpus);
-        goto err;
+    while (nc->name) {
+        if (nc->num > soft_vcpus_limit) {
+            fprintf(stderr,
+                    "Warning: Number of %s cpus requested (%d) exceeds "
+                    "the recommended cpus supported by KVM (%d)\n",
+                    nc->name, nc->num, soft_vcpus_limit);
+
+            if (nc->num > hard_vcpus_limit) {
+                ret = -EINVAL;
+                fprintf(stderr, "Number of %s cpus requested (%d) exceeds "
+                        "the maximum cpus supported by KVM (%d)\n",
+                        nc->name, nc->num, hard_vcpus_limit);
+                goto err;
+            }
+        }
+        nc++;
     }
 
     s->vmfd = kvm_ioctl(s, KVM_CREATE_VM, 0);
-- 
1.8.3.1

[Qemu-devel] [PULL 04/13] fix steal time MSR vmsd callback to proper opaque type

[Paolo Bonzini]

From: Marcelo Tosatti <mtosatti@redhat.com>

Convert steal time MSR vmsd callback pointer to proper X86CPU type.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target-i386/machine.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target-i386/machine.c b/target-i386/machine.c
index dc81cde..e568da2 100644
--- a/target-i386/machine.c
+++ b/target-i386/machine.c
@@ -330,9 +330,9 @@ static bool pv_eoi_msr_needed(void *opaque)
 
 static bool steal_time_msr_needed(void *opaque)
 {
-    CPUX86State *cpu = opaque;
+    X86CPU *cpu = opaque;
 
-    return cpu->steal_time_msr != 0;
+    return cpu->env.steal_time_msr != 0;
 }
 
 static const VMStateDescription vmstate_steal_time_msr = {
@@ -341,7 +341,7 @@ static const VMStateDescription vmstate_steal_time_msr = {
     .minimum_version_id = 1,
     .minimum_version_id_old = 1,
     .fields      = (VMStateField []) {
-        VMSTATE_UINT64(steal_time_msr, CPUX86State),
+        VMSTATE_UINT64(env.steal_time_msr, X86CPU),
         VMSTATE_END_OF_LIST()
     }
 };
-- 
1.8.3.1

[Qemu-devel] [PULL 05/13] kvm irqfd: support direct msimessage to irq translation

[Paolo Bonzini]

From: Alexey Kardashevskiy <aik@ozlabs.ru>

On PPC64 systems MSI Messages are translated to system IRQ in a PCI
host bridge. This is already supported for emulated MSI/MSIX but
not for irqfd where the current QEMU allocates IRQ numbers from
irqchip and maps MSIMessages to IRQ in the host kernel.

This adds a new direct mapping flag which tells
the kvm_irqchip_add_msi_route() function that a new VIRQ
should not be allocated, instead the value from MSIMessage::data
should be used. It is up to the platform code to make sure that
this contains a valid IRQ number as sPAPR does in spapr_pci.c.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 include/sysemu/kvm.h |  9 +++++++++
 kvm-all.c            | 13 +++++++++++++
 kvm-stub.c           |  1 +
 3 files changed, 23 insertions(+)

diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 3b0ef46..73c1ec5 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -46,6 +46,7 @@ extern bool kvm_halt_in_kernel_allowed;
 extern bool kvm_irqfds_allowed;
 extern bool kvm_msi_via_irqfd_allowed;
 extern bool kvm_gsi_routing_allowed;
+extern bool kvm_gsi_direct_mapping;
 extern bool kvm_readonly_mem_allowed;
 
 #if defined CONFIG_KVM || !defined NEED_CPU_H
@@ -108,6 +109,13 @@ extern bool kvm_readonly_mem_allowed;
 #define kvm_gsi_routing_enabled() (kvm_gsi_routing_allowed)
 
 /**
+ * kvm_gsi_direct_mapping:
+ *
+ * Returns: true if GSI direct mapping is enabled.
+ */
+#define kvm_gsi_direct_mapping() (kvm_gsi_direct_mapping)
+
+/**
  * kvm_readonly_mem_enabled:
  *
  * Returns: true if KVM readonly memory is enabled (ie the kernel
@@ -123,6 +131,7 @@ extern bool kvm_readonly_mem_allowed;
 #define kvm_irqfds_enabled() (false)
 #define kvm_msi_via_irqfd_enabled() (false)
 #define kvm_gsi_routing_allowed() (false)
+#define kvm_gsi_direct_mapping() (false)
 #define kvm_readonly_mem_enabled() (false)
 #endif
 
diff --git a/kvm-all.c b/kvm-all.c
index d55c21f..7630a7d 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -111,6 +111,7 @@ bool kvm_halt_in_kernel_allowed;
 bool kvm_irqfds_allowed;
 bool kvm_msi_via_irqfd_allowed;
 bool kvm_gsi_routing_allowed;
+bool kvm_gsi_direct_mapping;
 bool kvm_allowed;
 bool kvm_readonly_mem_allowed;
 
@@ -1069,6 +1070,10 @@ void kvm_irqchip_release_virq(KVMState *s, int virq)
     struct kvm_irq_routing_entry *e;
     int i;
 
+    if (kvm_gsi_direct_mapping()) {
+        return;
+    }
+
     for (i = 0; i < s->irq_routes->nr; i++) {
         e = &s->irq_routes->entries[i];
         if (e->gsi == virq) {
@@ -1190,6 +1195,10 @@ int kvm_irqchip_add_msi_route(KVMState *s, MSIMessage msg)
     struct kvm_irq_routing_entry kroute = {};
     int virq;
 
+    if (kvm_gsi_direct_mapping()) {
+        return msg.data & 0xffff;
+    }
+
     if (!kvm_gsi_routing_enabled()) {
         return -ENOSYS;
     }
@@ -1216,6 +1225,10 @@ int kvm_irqchip_update_msi_route(KVMState *s, int virq, MSIMessage msg)
 {
     struct kvm_irq_routing_entry kroute = {};
 
+    if (kvm_gsi_direct_mapping()) {
+        return 0;
+    }
+
     if (!kvm_irqchip_in_kernel()) {
         return -ENOSYS;
     }
diff --git a/kvm-stub.c b/kvm-stub.c
index 548f471..e979f76 100644
--- a/kvm-stub.c
+++ b/kvm-stub.c
@@ -25,6 +25,7 @@ bool kvm_async_interrupts_allowed;
 bool kvm_irqfds_allowed;
 bool kvm_msi_via_irqfd_allowed;
 bool kvm_gsi_routing_allowed;
+bool kvm_gsi_direct_mapping;
 bool kvm_allowed;
 bool kvm_readonly_mem_allowed;
 
-- 
1.8.3.1

[Qemu-devel] [PULL 06/13] kvmvapic: Catch invalid ROM size

[Paolo Bonzini]

From: Jan Kiszka <jan.kiszka@siemens.com>

If not caught early, a zero-length ROM will cause a NULL-pointer access
later on in patch_hypercalls when allocating a zero-length ROM copy and
trying to read from it.

CC: qemu-stable@nongnu.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/kvmvapic.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index d3a6fbe..c66fbf2 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -578,7 +578,7 @@ static int patch_hypercalls(VAPICROMState *s)
  * enable write access to the option ROM so that variables can be updated by
  * the guest.
  */
-static void vapic_map_rom_writable(VAPICROMState *s)
+static int vapic_map_rom_writable(VAPICROMState *s)
 {
     hwaddr rom_paddr = s->rom_state_paddr & ROM_BLOCK_MASK;
     MemoryRegionSection section;
@@ -599,6 +599,9 @@ static void vapic_map_rom_writable(VAPICROMState *s)
     /* read ROM size from RAM region */
     ram = memory_region_get_ram_ptr(section.mr);
     rom_size = ram[rom_paddr + 2] * ROM_BLOCK_SIZE;
+    if (rom_size == 0) {
+        return -1;
+    }
     s->rom_size = rom_size;
 
     /* We need to round to avoid creating subpages
@@ -612,11 +615,15 @@ static void vapic_map_rom_writable(VAPICROMState *s)
     memory_region_add_subregion_overlap(as, rom_paddr, &s->rom, 1000);
     s->rom_mapped_writable = true;
     memory_region_unref(section.mr);
+
+    return 0;
 }
 
 static int vapic_prepare(VAPICROMState *s)
 {
-    vapic_map_rom_writable(s);
+    if (vapic_map_rom_writable(s) < 0) {
+        return -1;
+    }
 
     if (patch_hypercalls(s) < 0) {
         return -1;
-- 
1.8.3.1

[Qemu-devel] [PULL 07/13] kvmvapic: Enter inactive state on hardware reset

[Paolo Bonzini]

From: Jan Kiszka <jan.kiszka@siemens.com>

ROM layout may change after reset of devices are hotplugged, so we have
to pick up the physical address again when the ROM is initialized. This
is best achieved by resetting the state to INACTIVE.

CC: qemu-stable@nongnu.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/kvmvapic.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index c66fbf2..e4cea34 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -510,9 +510,7 @@ static void vapic_reset(DeviceState *dev)
 {
     VAPICROMState *s = VAPIC(dev);
 
-    if (s->state == VAPIC_ACTIVE) {
-        s->state = VAPIC_STANDBY;
-    }
+    s->state = VAPIC_INACTIVE;
     vapic_enable_tpr_reporting(false);
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 08/13] kvmvapic: Clear also physical ROM address when entering INACTIVE state

[Paolo Bonzini]

From: Jan Kiszka <jan.kiszka@siemens.com>

To avoid misinterpreting INACTIVE after migration as old qemu-kvm's
STANDBY, also clear rom_state_paddr when going back to this state.

CC: qemu-stable@nongnu.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/i386/kvmvapic.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index e4cea34..1c2dbf5 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -511,6 +511,7 @@ static void vapic_reset(DeviceState *dev)
     VAPICROMState *s = VAPIC(dev);
 
     s->state = VAPIC_INACTIVE;
+    s->rom_state_paddr = 0;
     vapic_enable_tpr_reporting(false);
 }
 
@@ -664,6 +665,7 @@ static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
         }
         if (vapic_prepare(s) < 0) {
             s->state = VAPIC_INACTIVE;
+            s->rom_state_paddr = 0;
             break;
         }
         break;
-- 
1.8.3.1

[Qemu-devel] [PULL 09/13] kvm: fix traces to use %x instead of %d

[Paolo Bonzini]

From: Alexey Kardashevskiy <aik@ozlabs.ru>

KVM request types are normally defined using hex constants but QEMU traces
print decimal values instead, which is not very convenient.

This changes the request type format from %d to %x.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 trace-events | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/trace-events b/trace-events
index d4dba24..6bbceaf 100644
--- a/trace-events
+++ b/trace-events
@@ -1167,9 +1167,9 @@ virtio_ccw_new_device(int cssid, int ssid, int schid, int devno, const char *dev
 migrate_set_state(int new_state) "new state %d"
 
 # kvm-all.c
-kvm_ioctl(int type, void *arg) "type %d, arg %p"
-kvm_vm_ioctl(int type, void *arg) "type %d, arg %p"
-kvm_vcpu_ioctl(int cpu_index, int type, void *arg) "cpu_index %d, type %d, arg %p"
+kvm_ioctl(int type, void *arg) "type 0x%x, arg %p"
+kvm_vm_ioctl(int type, void *arg) "type 0x%x, arg %p"
+kvm_vcpu_ioctl(int cpu_index, int type, void *arg) "cpu_index %d, type 0x%x, arg %p"
 kvm_run_exit(int cpu_index, uint32_t reason) "cpu_index %d, reason %d"
 
 # memory.c
-- 
1.8.3.1

[Qemu-devel] [PULL 10/13] linux-headers: update to 3.11

[Paolo Bonzini]

From: Alexey Kardashevskiy <aik@ozlabs.ru>

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 linux-headers/asm-arm64/kvm.h       | 168 ++++++++++++++++++++++++++++++++++++
 linux-headers/asm-arm64/kvm_para.h  |   1 +
 linux-headers/asm-mips/kvm.h        |  81 +++++++++--------
 linux-headers/linux/kvm.h           |   3 +
 linux-headers/linux/vfio.h          |  42 ++++++++-
 linux-headers/linux/virtio_config.h |   3 +
 6 files changed, 254 insertions(+), 44 deletions(-)
 create mode 100644 linux-headers/asm-arm64/kvm.h
 create mode 100644 linux-headers/asm-arm64/kvm_para.h

diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h
new file mode 100644
index 0000000..5031f42
--- /dev/null
+++ b/linux-headers/asm-arm64/kvm.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright (C) 2012,2013 - ARM Ltd
+ * Author: Marc Zyngier <marc.zyngier@arm.com>
+ *
+ * Derived from arch/arm/include/uapi/asm/kvm.h:
+ * Copyright (C) 2012 - Virtual Open Systems and Columbia University
+ * Author: Christoffer Dall <c.dall@virtualopensystems.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __ARM_KVM_H__
+#define __ARM_KVM_H__
+
+#define KVM_SPSR_EL1	0
+#define KVM_SPSR_SVC	KVM_SPSR_EL1
+#define KVM_SPSR_ABT	1
+#define KVM_SPSR_UND	2
+#define KVM_SPSR_IRQ	3
+#define KVM_SPSR_FIQ	4
+#define KVM_NR_SPSR	5
+
+#ifndef __ASSEMBLY__
+#include <asm/types.h>
+#include <asm/ptrace.h>
+
+#define __KVM_HAVE_GUEST_DEBUG
+#define __KVM_HAVE_IRQ_LINE
+
+#define KVM_REG_SIZE(id)						\
+	(1U << (((id) & KVM_REG_SIZE_MASK) >> KVM_REG_SIZE_SHIFT))
+
+struct kvm_regs {
+	struct user_pt_regs regs;	/* sp = sp_el0 */
+
+	__u64	sp_el1;
+	__u64	elr_el1;
+
+	__u64	spsr[KVM_NR_SPSR];
+
+	struct user_fpsimd_state fp_regs;
+};
+
+/* Supported Processor Types */
+#define KVM_ARM_TARGET_AEM_V8		0
+#define KVM_ARM_TARGET_FOUNDATION_V8	1
+#define KVM_ARM_TARGET_CORTEX_A57	2
+
+#define KVM_ARM_NUM_TARGETS		3
+
+/* KVM_ARM_SET_DEVICE_ADDR ioctl id encoding */
+#define KVM_ARM_DEVICE_TYPE_SHIFT	0
+#define KVM_ARM_DEVICE_TYPE_MASK	(0xffff << KVM_ARM_DEVICE_TYPE_SHIFT)
+#define KVM_ARM_DEVICE_ID_SHIFT		16
+#define KVM_ARM_DEVICE_ID_MASK		(0xffff << KVM_ARM_DEVICE_ID_SHIFT)
+
+/* Supported device IDs */
+#define KVM_ARM_DEVICE_VGIC_V2		0
+
+/* Supported VGIC address types  */
+#define KVM_VGIC_V2_ADDR_TYPE_DIST	0
+#define KVM_VGIC_V2_ADDR_TYPE_CPU	1
+
+#define KVM_VGIC_V2_DIST_SIZE		0x1000
+#define KVM_VGIC_V2_CPU_SIZE		0x2000
+
+#define KVM_ARM_VCPU_POWER_OFF		0 /* CPU is started in OFF state */
+#define KVM_ARM_VCPU_EL1_32BIT		1 /* CPU running a 32bit VM */
+
+struct kvm_vcpu_init {
+	__u32 target;
+	__u32 features[7];
+};
+
+struct kvm_sregs {
+};
+
+struct kvm_fpu {
+};
+
+struct kvm_guest_debug_arch {
+};
+
+struct kvm_debug_exit_arch {
+};
+
+struct kvm_sync_regs {
+};
+
+struct kvm_arch_memory_slot {
+};
+
+/* If you need to interpret the index values, here is the key: */
+#define KVM_REG_ARM_COPROC_MASK		0x000000000FFF0000
+#define KVM_REG_ARM_COPROC_SHIFT	16
+
+/* Normal registers are mapped as coprocessor 16. */
+#define KVM_REG_ARM_CORE		(0x0010 << KVM_REG_ARM_COPROC_SHIFT)
+#define KVM_REG_ARM_CORE_REG(name)	(offsetof(struct kvm_regs, name) / sizeof(__u32))
+
+/* Some registers need more space to represent values. */
+#define KVM_REG_ARM_DEMUX		(0x0011 << KVM_REG_ARM_COPROC_SHIFT)
+#define KVM_REG_ARM_DEMUX_ID_MASK	0x000000000000FF00
+#define KVM_REG_ARM_DEMUX_ID_SHIFT	8
+#define KVM_REG_ARM_DEMUX_ID_CCSIDR	(0x00 << KVM_REG_ARM_DEMUX_ID_SHIFT)
+#define KVM_REG_ARM_DEMUX_VAL_MASK	0x00000000000000FF
+#define KVM_REG_ARM_DEMUX_VAL_SHIFT	0
+
+/* AArch64 system registers */
+#define KVM_REG_ARM64_SYSREG		(0x0013 << KVM_REG_ARM_COPROC_SHIFT)
+#define KVM_REG_ARM64_SYSREG_OP0_MASK	0x000000000000c000
+#define KVM_REG_ARM64_SYSREG_OP0_SHIFT	14
+#define KVM_REG_ARM64_SYSREG_OP1_MASK	0x0000000000003800
+#define KVM_REG_ARM64_SYSREG_OP1_SHIFT	11
+#define KVM_REG_ARM64_SYSREG_CRN_MASK	0x0000000000000780
+#define KVM_REG_ARM64_SYSREG_CRN_SHIFT	7
+#define KVM_REG_ARM64_SYSREG_CRM_MASK	0x0000000000000078
+#define KVM_REG_ARM64_SYSREG_CRM_SHIFT	3
+#define KVM_REG_ARM64_SYSREG_OP2_MASK	0x0000000000000007
+#define KVM_REG_ARM64_SYSREG_OP2_SHIFT	0
+
+/* KVM_IRQ_LINE irq field index values */
+#define KVM_ARM_IRQ_TYPE_SHIFT		24
+#define KVM_ARM_IRQ_TYPE_MASK		0xff
+#define KVM_ARM_IRQ_VCPU_SHIFT		16
+#define KVM_ARM_IRQ_VCPU_MASK		0xff
+#define KVM_ARM_IRQ_NUM_SHIFT		0
+#define KVM_ARM_IRQ_NUM_MASK		0xffff
+
+/* irq_type field */
+#define KVM_ARM_IRQ_TYPE_CPU		0
+#define KVM_ARM_IRQ_TYPE_SPI		1
+#define KVM_ARM_IRQ_TYPE_PPI		2
+
+/* out-of-kernel GIC cpu interrupt injection irq_number field */
+#define KVM_ARM_IRQ_CPU_IRQ		0
+#define KVM_ARM_IRQ_CPU_FIQ		1
+
+/* Highest supported SPI, from VGIC_NR_IRQS */
+#define KVM_ARM_IRQ_GIC_MAX		127
+
+/* PSCI interface */
+#define KVM_PSCI_FN_BASE		0x95c1ba5e
+#define KVM_PSCI_FN(n)			(KVM_PSCI_FN_BASE + (n))
+
+#define KVM_PSCI_FN_CPU_SUSPEND		KVM_PSCI_FN(0)
+#define KVM_PSCI_FN_CPU_OFF		KVM_PSCI_FN(1)
+#define KVM_PSCI_FN_CPU_ON		KVM_PSCI_FN(2)
+#define KVM_PSCI_FN_MIGRATE		KVM_PSCI_FN(3)
+
+#define KVM_PSCI_RET_SUCCESS		0
+#define KVM_PSCI_RET_NI			((unsigned long)-1)
+#define KVM_PSCI_RET_INVAL		((unsigned long)-2)
+#define KVM_PSCI_RET_DENIED		((unsigned long)-3)
+
+#endif
+
+#endif /* __ARM_KVM_H__ */
diff --git a/linux-headers/asm-arm64/kvm_para.h b/linux-headers/asm-arm64/kvm_para.h
new file mode 100644
index 0000000..14fab8f
--- /dev/null
+++ b/linux-headers/asm-arm64/kvm_para.h
@@ -0,0 +1 @@
+#include <asm-generic/kvm_para.h>
diff --git a/linux-headers/asm-mips/kvm.h b/linux-headers/asm-mips/kvm.h
index 3f424f5..f09ff5a 100644
--- a/linux-headers/asm-mips/kvm.h
+++ b/linux-headers/asm-mips/kvm.h
@@ -58,56 +58,53 @@ struct kvm_fpu {
  *  bits[2..0]   - Register 'sel' index.
  *  bits[7..3]   - Register 'rd'  index.
  *  bits[15..8]  - Must be zero.
- *  bits[63..16] - 1 -> CP0 registers.
+ *  bits[31..16] - 1 -> CP0 registers.
+ *  bits[51..32] - Must be zero.
+ *  bits[63..52] - As per linux/kvm.h
  *
  * Other sets registers may be added in the future.  Each set would
- * have its own identifier in bits[63..16].
- *
- * The addr field of struct kvm_one_reg must point to an aligned
- * 64-bit wide location.  For registers that are narrower than
- * 64-bits, the value is stored in the low order bits of the location,
- * and sign extended to 64-bits.
+ * have its own identifier in bits[31..16].
  *
  * The registers defined in struct kvm_regs are also accessible, the
  * id values for these are below.
  */
 
-#define KVM_REG_MIPS_R0 0
-#define KVM_REG_MIPS_R1 1
-#define KVM_REG_MIPS_R2 2
-#define KVM_REG_MIPS_R3 3
-#define KVM_REG_MIPS_R4 4
-#define KVM_REG_MIPS_R5 5
-#define KVM_REG_MIPS_R6 6
-#define KVM_REG_MIPS_R7 7
-#define KVM_REG_MIPS_R8 8
-#define KVM_REG_MIPS_R9 9
-#define KVM_REG_MIPS_R10 10
-#define KVM_REG_MIPS_R11 11
-#define KVM_REG_MIPS_R12 12
-#define KVM_REG_MIPS_R13 13
-#define KVM_REG_MIPS_R14 14
-#define KVM_REG_MIPS_R15 15
-#define KVM_REG_MIPS_R16 16
-#define KVM_REG_MIPS_R17 17
-#define KVM_REG_MIPS_R18 18
-#define KVM_REG_MIPS_R19 19
-#define KVM_REG_MIPS_R20 20
-#define KVM_REG_MIPS_R21 21
-#define KVM_REG_MIPS_R22 22
-#define KVM_REG_MIPS_R23 23
-#define KVM_REG_MIPS_R24 24
-#define KVM_REG_MIPS_R25 25
-#define KVM_REG_MIPS_R26 26
-#define KVM_REG_MIPS_R27 27
-#define KVM_REG_MIPS_R28 28
-#define KVM_REG_MIPS_R29 29
-#define KVM_REG_MIPS_R30 30
-#define KVM_REG_MIPS_R31 31
+#define KVM_REG_MIPS_R0 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 0)
+#define KVM_REG_MIPS_R1 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 1)
+#define KVM_REG_MIPS_R2 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 2)
+#define KVM_REG_MIPS_R3 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 3)
+#define KVM_REG_MIPS_R4 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 4)
+#define KVM_REG_MIPS_R5 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 5)
+#define KVM_REG_MIPS_R6 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 6)
+#define KVM_REG_MIPS_R7 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 7)
+#define KVM_REG_MIPS_R8 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 8)
+#define KVM_REG_MIPS_R9 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 9)
+#define KVM_REG_MIPS_R10 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 10)
+#define KVM_REG_MIPS_R11 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 11)
+#define KVM_REG_MIPS_R12 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 12)
+#define KVM_REG_MIPS_R13 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 13)
+#define KVM_REG_MIPS_R14 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 14)
+#define KVM_REG_MIPS_R15 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 15)
+#define KVM_REG_MIPS_R16 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 16)
+#define KVM_REG_MIPS_R17 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 17)
+#define KVM_REG_MIPS_R18 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 18)
+#define KVM_REG_MIPS_R19 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 19)
+#define KVM_REG_MIPS_R20 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 20)
+#define KVM_REG_MIPS_R21 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 21)
+#define KVM_REG_MIPS_R22 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 22)
+#define KVM_REG_MIPS_R23 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 23)
+#define KVM_REG_MIPS_R24 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 24)
+#define KVM_REG_MIPS_R25 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 25)
+#define KVM_REG_MIPS_R26 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 26)
+#define KVM_REG_MIPS_R27 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 27)
+#define KVM_REG_MIPS_R28 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 28)
+#define KVM_REG_MIPS_R29 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 29)
+#define KVM_REG_MIPS_R30 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 30)
+#define KVM_REG_MIPS_R31 (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 31)
 
-#define KVM_REG_MIPS_HI 32
-#define KVM_REG_MIPS_LO 33
-#define KVM_REG_MIPS_PC 34
+#define KVM_REG_MIPS_HI (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 32)
+#define KVM_REG_MIPS_LO (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 33)
+#define KVM_REG_MIPS_PC (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 34)
 
 /*
  * KVM MIPS specific structures and definitions
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index c614070..56fce1c 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -666,6 +666,7 @@ struct kvm_ppc_smmu_info {
 #define KVM_CAP_IRQ_MPIC 90
 #define KVM_CAP_PPC_RTAS 91
 #define KVM_CAP_IRQ_XICS 92
+#define KVM_CAP_ARM_EL1_32BIT 93
 
 #ifdef KVM_CAP_IRQ_ROUTING
 
@@ -783,6 +784,8 @@ struct kvm_dirty_tlb {
 #define KVM_REG_IA64		0x3000000000000000ULL
 #define KVM_REG_ARM		0x4000000000000000ULL
 #define KVM_REG_S390		0x5000000000000000ULL
+#define KVM_REG_ARM64		0x6000000000000000ULL
+#define KVM_REG_MIPS		0x7000000000000000ULL
 
 #define KVM_REG_SIZE_SHIFT	52
 #define KVM_REG_SIZE_MASK	0x00f0000000000000ULL
diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
index 7ec1864..b42b9ab 100644
--- a/linux-headers/linux/vfio.h
+++ b/linux-headers/linux/vfio.h
@@ -22,6 +22,7 @@
 /* Extensions */
 
 #define VFIO_TYPE1_IOMMU		1
+#define VFIO_SPAPR_TCE_IOMMU		2
 
 /*
  * The IOCTL interface is designed for extensibility by embedding the
@@ -361,10 +362,14 @@ struct vfio_iommu_type1_dma_map {
 #define VFIO_IOMMU_MAP_DMA _IO(VFIO_TYPE, VFIO_BASE + 13)
 
 /**
- * VFIO_IOMMU_UNMAP_DMA - _IOW(VFIO_TYPE, VFIO_BASE + 14, struct vfio_dma_unmap)
+ * VFIO_IOMMU_UNMAP_DMA - _IOWR(VFIO_TYPE, VFIO_BASE + 14,
+ *							struct vfio_dma_unmap)
  *
  * Unmap IO virtual addresses using the provided struct vfio_dma_unmap.
- * Caller sets argsz.
+ * Caller sets argsz.  The actual unmapped size is returned in the size
+ * field.  No guarantee is made to the user that arbitrary unmaps of iova
+ * or size different from those used in the original mapping call will
+ * succeed.
  */
 struct vfio_iommu_type1_dma_unmap {
 	__u32	argsz;
@@ -375,4 +380,37 @@ struct vfio_iommu_type1_dma_unmap {
 
 #define VFIO_IOMMU_UNMAP_DMA _IO(VFIO_TYPE, VFIO_BASE + 14)
 
+/*
+ * IOCTLs to enable/disable IOMMU container usage.
+ * No parameters are supported.
+ */
+#define VFIO_IOMMU_ENABLE	_IO(VFIO_TYPE, VFIO_BASE + 15)
+#define VFIO_IOMMU_DISABLE	_IO(VFIO_TYPE, VFIO_BASE + 16)
+
+/* -------- Additional API for SPAPR TCE (Server POWERPC) IOMMU -------- */
+
+/*
+ * The SPAPR TCE info struct provides the information about the PCI bus
+ * address ranges available for DMA, these values are programmed into
+ * the hardware so the guest has to know that information.
+ *
+ * The DMA 32 bit window start is an absolute PCI bus address.
+ * The IOVA address passed via map/unmap ioctls are absolute PCI bus
+ * addresses too so the window works as a filter rather than an offset
+ * for IOVA addresses.
+ *
+ * A flag will need to be added if other page sizes are supported,
+ * so as defined here, it is always 4k.
+ */
+struct vfio_iommu_spapr_tce_info {
+	__u32 argsz;
+	__u32 flags;			/* reserved for future use */
+	__u32 dma32_window_start;	/* 32 bit window start (bytes) */
+	__u32 dma32_window_size;	/* 32 bit window size (bytes) */
+};
+
+#define VFIO_IOMMU_SPAPR_TCE_GET_INFO	_IO(VFIO_TYPE, VFIO_BASE + 12)
+
+/* ***************************************************************** */
+
 #endif /* VFIO_H */
diff --git a/linux-headers/linux/virtio_config.h b/linux-headers/linux/virtio_config.h
index 4f51d8f..75dc20b 100644
--- a/linux-headers/linux/virtio_config.h
+++ b/linux-headers/linux/virtio_config.h
@@ -51,4 +51,7 @@
  * suppressed them? */
 #define VIRTIO_F_NOTIFY_ON_EMPTY	24
 
+/* Can the device handle any descriptor layout? */
+#define VIRTIO_F_ANY_LAYOUT		27
+
 #endif /* _LINUX_VIRTIO_CONFIG_H */
-- 
1.8.3.1

[Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

From: Benoît Canet <benoit@irqsave.net>

Some users running cpu intensive tasks checking the cache CPUID leaves at
startup and making decisions based on the result reported that the guest was
not reflecting the host CPUID leaves when -cpu host is used.

This patch fix this.

Signed-off-by: Benoît Canet <benoit@irqsave.net>
[Rename new field to cache_info_passthrough - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target-i386/cpu-qom.h |  3 +++
 target-i386/cpu.c     | 19 +++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h
index c4447c2..f4fab15 100644
--- a/target-i386/cpu-qom.h
+++ b/target-i386/cpu-qom.h
@@ -70,6 +70,9 @@ typedef struct X86CPU {
     bool hyperv_relaxed_timing;
     int hyperv_spinlock_attempts;
 
+    /* if true the CPUID code directly forward host cache leaves to the guest */
+    bool cache_info_passthrough;
+
     /* Features that were filtered out because of missing host capabilities */
     uint32_t filtered_features[FEATURE_WORDS];
 
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index c36345e..46edd75 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -486,6 +486,7 @@ typedef struct x86_def_t {
     int stepping;
     FeatureWordArray features;
     char model_id[48];
+    bool cache_info_passthrough;
 } x86_def_t;
 
 #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
@@ -1139,6 +1140,7 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
     assert(kvm_enabled());
 
     x86_cpu_def->name = "host";
+    x86_cpu_def->cache_info_passthrough = true;
     host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
     x86_cpu_vendor_words2str(x86_cpu_def->vendor, ebx, edx, ecx);
 
@@ -1888,6 +1890,7 @@ static void cpu_x86_register(X86CPU *cpu, const char *name, Error **errp)
     env->features[FEAT_C000_0001_EDX] = def->features[FEAT_C000_0001_EDX];
     env->features[FEAT_7_0_EBX] = def->features[FEAT_7_0_EBX];
     env->cpuid_xlevel2 = def->xlevel2;
+    cpu->cache_info_passthrough = def->cache_info_passthrough;
 
     object_property_set_str(OBJECT(cpu), def->model_id, "model-id", errp);
 }
@@ -2062,6 +2065,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         break;
     case 2:
         /* cache info: needed for Pentium Pro compatibility */
+        if (cpu->cache_info_passthrough) {
+            host_cpuid(index, 0, eax, ebx, ecx, edx);
+            break;
+        }
         *eax = 1; /* Number of CPUID[EAX=2] calls required */
         *ebx = 0;
         *ecx = 0;
@@ -2071,6 +2078,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         break;
     case 4:
         /* cache info: needed for Core compatibility */
+        if (cpu->cache_info_passthrough) {
+            host_cpuid(index, count, eax, ebx, ecx, edx);
+            break;
+        }
         if (cs->nr_cores > 1) {
             *eax = (cs->nr_cores - 1) << 26;
         } else {
@@ -2228,6 +2239,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         break;
     case 0x80000005:
         /* cache info (L1 cache) */
+        if (cpu->cache_info_passthrough) {
+            host_cpuid(index, 0, eax, ebx, ecx, edx);
+            break;
+        }
         *eax = (L1_DTLB_2M_ASSOC << 24) | (L1_DTLB_2M_ENTRIES << 16) | \
                (L1_ITLB_2M_ASSOC <<  8) | (L1_ITLB_2M_ENTRIES);
         *ebx = (L1_DTLB_4K_ASSOC << 24) | (L1_DTLB_4K_ENTRIES << 16) | \
@@ -2239,6 +2254,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         break;
     case 0x80000006:
         /* cache info (L2 cache) */
+        if (cpu->cache_info_passthrough) {
+            host_cpuid(index, 0, eax, ebx, ecx, edx);
+            break;
+        }
         *eax = (AMD_ENC_ASSOC(L2_DTLB_2M_ASSOC) << 28) | \
                (L2_DTLB_2M_ENTRIES << 16) | \
                (AMD_ENC_ASSOC(L2_ITLB_2M_ASSOC) << 12) | \
-- 
1.8.3.1

[Qemu-devel] [PULL 12/13] linux-headers: update to 3.12-rc1

[Paolo Bonzini]

From: Andrew Jones <drjones@redhat.com>

Signed-off-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 linux-headers/asm-x86/kvm_para.h |  1 +
 linux-headers/linux/kvm.h        |  1 +
 linux-headers/linux/kvm_para.h   |  1 +
 linux-headers/linux/vfio.h       | 38 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 41 insertions(+)

diff --git a/linux-headers/asm-x86/kvm_para.h b/linux-headers/asm-x86/kvm_para.h
index a1c3d72..e41c5c1 100644
--- a/linux-headers/asm-x86/kvm_para.h
+++ b/linux-headers/asm-x86/kvm_para.h
@@ -23,6 +23,7 @@
 #define KVM_FEATURE_ASYNC_PF		4
 #define KVM_FEATURE_STEAL_TIME		5
 #define KVM_FEATURE_PV_EOI		6
+#define KVM_FEATURE_PV_UNHALT		7
 
 /* The last 8 bits are used to indicate how to interpret the flags field
  * in pvclock structure. If no bits are set, all flags are ignored.
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 56fce1c..13e890c 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -667,6 +667,7 @@ struct kvm_ppc_smmu_info {
 #define KVM_CAP_PPC_RTAS 91
 #define KVM_CAP_IRQ_XICS 92
 #define KVM_CAP_ARM_EL1_32BIT 93
+#define KVM_CAP_SPAPR_MULTITCE 94
 
 #ifdef KVM_CAP_IRQ_ROUTING
 
diff --git a/linux-headers/linux/kvm_para.h b/linux-headers/linux/kvm_para.h
index 7bdcf93..2dff783 100644
--- a/linux-headers/linux/kvm_para.h
+++ b/linux-headers/linux/kvm_para.h
@@ -19,6 +19,7 @@
 #define KVM_HC_MMU_OP			2
 #define KVM_HC_FEATURES			3
 #define KVM_HC_PPC_MAP_MAGIC_PAGE	4
+#define KVM_HC_KICK_CPU			5
 
 /*
  * hypercalls use architecture specific
diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
index b42b9ab..17c58e0 100644
--- a/linux-headers/linux/vfio.h
+++ b/linux-headers/linux/vfio.h
@@ -324,6 +324,44 @@ enum {
 	VFIO_PCI_NUM_IRQS
 };
 
+/**
+ * VFIO_DEVICE_GET_PCI_HOT_RESET_INFO - _IORW(VFIO_TYPE, VFIO_BASE + 12,
+ *					      struct vfio_pci_hot_reset_info)
+ *
+ * Return: 0 on success, -errno on failure:
+ *	-enospc = insufficient buffer, -enodev = unsupported for device.
+ */
+struct vfio_pci_dependent_device {
+	__u32	group_id;
+	__u16	segment;
+	__u8	bus;
+	__u8	devfn; /* Use PCI_SLOT/PCI_FUNC */
+};
+
+struct vfio_pci_hot_reset_info {
+	__u32	argsz;
+	__u32	flags;
+	__u32	count;
+	struct vfio_pci_dependent_device	devices[];
+};
+
+#define VFIO_DEVICE_GET_PCI_HOT_RESET_INFO	_IO(VFIO_TYPE, VFIO_BASE + 12)
+
+/**
+ * VFIO_DEVICE_PCI_HOT_RESET - _IOW(VFIO_TYPE, VFIO_BASE + 13,
+ *				    struct vfio_pci_hot_reset)
+ *
+ * Return: 0 on success, -errno on failure.
+ */
+struct vfio_pci_hot_reset {
+	__u32	argsz;
+	__u32	flags;
+	__u32	count;
+	__s32	group_fds[];
+};
+
+#define VFIO_DEVICE_PCI_HOT_RESET	_IO(VFIO_TYPE, VFIO_BASE + 13)
+
 /* -------- API for Type1 VFIO IOMMU -------- */
 
 /**
-- 
1.8.3.1

[Qemu-devel] [PULL 13/13] target-i386: add feature kvm_pv_unhalt

[Paolo Bonzini]

From: Andrew Jones <drjones@redhat.com>

I don't know yet if want this feature on by default, so for now I'm
just adding support for "-cpu ...,+kvm_pv_unhalt".

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target-i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 46edd75..b682802 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -235,7 +235,7 @@ static const char *ext4_feature_name[] = {
 
 static const char *kvm_feature_name[] = {
     "kvmclock", "kvm_nopiodelay", "kvm_mmu", "kvmclock",
-    "kvm_asyncpf", "kvm_steal_time", "kvm_pv_eoi", NULL,
+    "kvm_asyncpf", "kvm_steal_time", "kvm_pv_eoi", "kvm_pv_unhalt",
     NULL, NULL, NULL, NULL,
     NULL, NULL, NULL, NULL,
     NULL, NULL, NULL, NULL,
-- 
1.8.3.1

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

I do not know, but this patch might introduce a regression.

If I specify: -smp 2,sockets=1,cores=2,threads=1 to a Windows 2012 R2 Server it crashes
at boot time. -smp 2 works.

git bisect start
# good: [62ecc3a0e3c77a4944c92a02dd7fae2ab1f2290d] Update VERSION for 1.6.1 release
git bisect good 62ecc3a0e3c77a4944c92a02dd7fae2ab1f2290d
# bad: [964668b03d26f0b5baa5e5aff0c966f4fcb76e9e] Update version for 1.7.0-rc0 release
git bisect bad 964668b03d26f0b5baa5e5aff0c966f4fcb76e9e
# good: [1ee2daeb6448312d6d0e22175f5c1b9b01f8974c] Update version for 1.6.0
git bisect good 1ee2daeb6448312d6d0e22175f5c1b9b01f8974c
# bad: [03cfd8faa7ffb7201e2949b99c2f35b1fef7078b] linux-user: add support of binfmt_misc 'O' flag
git bisect bad 03cfd8faa7ffb7201e2949b99c2f35b1fef7078b
# good: [5a93d5c2abc719bd44f6c9fbeed88d3cae712606] Merge remote-tracking branch 'mjt/trivial-patches' into staging
git bisect good 5a93d5c2abc719bd44f6c9fbeed88d3cae712606
# good: [a27292b5d7545509bfa171922516d2033c570205] virtio-scsi: Make type virtio-scsi-common abstract
git bisect good a27292b5d7545509bfa171922516d2033c570205
# good: [469936ae0a9891b2de7e46743f683535b0819bee] target-i386: Fix segment cache dump
git bisect good 469936ae0a9891b2de7e46743f683535b0819bee
# bad: [3e4be9c29784df09c364b52a55e826a0b05b950e] Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
git bisect bad 3e4be9c29784df09c364b52a55e826a0b05b950e
# good: [2571f8f5fbaea5dc3bdcd84737f109b459576e90] Merge remote-tracking branch 'spice/spice.v74' into staging
git bisect good 2571f8f5fbaea5dc3bdcd84737f109b459576e90
# good: [c5daeae1b4ddff97d605bd954a7c2a2b2cf6040f] linux-headers: update to 3.11
git bisect good c5daeae1b4ddff97d605bd954a7c2a2b2cf6040f
# good: [ceae18bd74e8940ff79935a257c72e665b084bcc] lsi: add 53C810 variant
git bisect good ceae18bd74e8940ff79935a257c72e665b084bcc
# bad: [f010bc643a2759e87e989c3e4e85f15ec71ae98f] target-i386: add feature kvm_pv_unhalt
git bisect bad f010bc643a2759e87e989c3e4e85f15ec71ae98f
# bad: [4f2656079f903efcd0d8224cbc79170ad3ee5b70] linux-headers: update to 3.12-rc1
git bisect bad 4f2656079f903efcd0d8224cbc79170ad3ee5b70
# bad: [787aaf5703a702094f395db6795e74230282cd62] target-i386: forward CPUID cache leaves when -cpu host is used
git bisect bad 787aaf5703a702094f395db6795e74230282cd62

Peter

On 20.09.2013 18:24, Paolo Bonzini wrote:
> From: Benoît Canet <benoit@irqsave.net>
>
> Some users running cpu intensive tasks checking the cache CPUID leaves at
> startup and making decisions based on the result reported that the guest was
> not reflecting the host CPUID leaves when -cpu host is used.
>
> This patch fix this.
>
> Signed-off-by: Benoît Canet <benoit@irqsave.net>
> [Rename new field to cache_info_passthrough - Paolo]
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>   target-i386/cpu-qom.h |  3 +++
>   target-i386/cpu.c     | 19 +++++++++++++++++++
>   2 files changed, 22 insertions(+)
>
> diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h
> index c4447c2..f4fab15 100644
> --- a/target-i386/cpu-qom.h
> +++ b/target-i386/cpu-qom.h
> @@ -70,6 +70,9 @@ typedef struct X86CPU {
>       bool hyperv_relaxed_timing;
>       int hyperv_spinlock_attempts;
>   
> +    /* if true the CPUID code directly forward host cache leaves to the guest */
> +    bool cache_info_passthrough;
> +
>       /* Features that were filtered out because of missing host capabilities */
>       uint32_t filtered_features[FEATURE_WORDS];
>   
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index c36345e..46edd75 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -486,6 +486,7 @@ typedef struct x86_def_t {
>       int stepping;
>       FeatureWordArray features;
>       char model_id[48];
> +    bool cache_info_passthrough;
>   } x86_def_t;
>   
>   #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
> @@ -1139,6 +1140,7 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
>       assert(kvm_enabled());
>   
>       x86_cpu_def->name = "host";
> +    x86_cpu_def->cache_info_passthrough = true;
>       host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
>       x86_cpu_vendor_words2str(x86_cpu_def->vendor, ebx, edx, ecx);
>   
> @@ -1888,6 +1890,7 @@ static void cpu_x86_register(X86CPU *cpu, const char *name, Error **errp)
>       env->features[FEAT_C000_0001_EDX] = def->features[FEAT_C000_0001_EDX];
>       env->features[FEAT_7_0_EBX] = def->features[FEAT_7_0_EBX];
>       env->cpuid_xlevel2 = def->xlevel2;
> +    cpu->cache_info_passthrough = def->cache_info_passthrough;
>   
>       object_property_set_str(OBJECT(cpu), def->model_id, "model-id", errp);
>   }
> @@ -2062,6 +2065,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>           break;
>       case 2:
>           /* cache info: needed for Pentium Pro compatibility */
> +        if (cpu->cache_info_passthrough) {
> +            host_cpuid(index, 0, eax, ebx, ecx, edx);
> +            break;
> +        }
>           *eax = 1; /* Number of CPUID[EAX=2] calls required */
>           *ebx = 0;
>           *ecx = 0;
> @@ -2071,6 +2078,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>           break;
>       case 4:
>           /* cache info: needed for Core compatibility */
> +        if (cpu->cache_info_passthrough) {
> +            host_cpuid(index, count, eax, ebx, ecx, edx);
> +            break;
> +        }
>           if (cs->nr_cores > 1) {
>               *eax = (cs->nr_cores - 1) << 26;
>           } else {
> @@ -2228,6 +2239,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>           break;
>       case 0x80000005:
>           /* cache info (L1 cache) */
> +        if (cpu->cache_info_passthrough) {
> +            host_cpuid(index, 0, eax, ebx, ecx, edx);
> +            break;
> +        }
>           *eax = (L1_DTLB_2M_ASSOC << 24) | (L1_DTLB_2M_ENTRIES << 16) | \
>                  (L1_ITLB_2M_ASSOC <<  8) | (L1_ITLB_2M_ENTRIES);
>           *ebx = (L1_DTLB_4K_ASSOC << 24) | (L1_DTLB_4K_ENTRIES << 16) | \
> @@ -2239,6 +2254,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>           break;
>       case 0x80000006:
>           /* cache info (L2 cache) */
> +        if (cpu->cache_info_passthrough) {
> +            host_cpuid(index, 0, eax, ebx, ecx, edx);
> +            break;
> +        }
>           *eax = (AMD_ENC_ASSOC(L2_DTLB_2M_ASSOC) << 28) | \
>                  (L2_DTLB_2M_ENTRIES << 16) | \
>                  (AMD_ENC_ASSOC(L2_ITLB_2M_ASSOC) << 12) | \

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 18.11.2013 16:23, Peter Lieven wrote:
> I do not know, but this patch might introduce a regression.
>
> If I specify: -smp 2,sockets=1,cores=2,threads=1 to a Windows 2012 R2 Server it crashes
> at boot time. -smp 2 works.
for Linux /proc/cpuinfo reveals no cpu layout information (sibliings, cores, threads etc.) with
this patch applied and a manual socket,core,thread configuration.
>
> git bisect start
> # good: [62ecc3a0e3c77a4944c92a02dd7fae2ab1f2290d] Update VERSION for 1.6.1 release
> git bisect good 62ecc3a0e3c77a4944c92a02dd7fae2ab1f2290d
> # bad: [964668b03d26f0b5baa5e5aff0c966f4fcb76e9e] Update version for 1.7.0-rc0 release
> git bisect bad 964668b03d26f0b5baa5e5aff0c966f4fcb76e9e
> # good: [1ee2daeb6448312d6d0e22175f5c1b9b01f8974c] Update version for 1.6.0
> git bisect good 1ee2daeb6448312d6d0e22175f5c1b9b01f8974c
> # bad: [03cfd8faa7ffb7201e2949b99c2f35b1fef7078b] linux-user: add support of binfmt_misc 'O' flag
> git bisect bad 03cfd8faa7ffb7201e2949b99c2f35b1fef7078b
> # good: [5a93d5c2abc719bd44f6c9fbeed88d3cae712606] Merge remote-tracking branch 'mjt/trivial-patches' into staging
> git bisect good 5a93d5c2abc719bd44f6c9fbeed88d3cae712606
> # good: [a27292b5d7545509bfa171922516d2033c570205] virtio-scsi: Make type virtio-scsi-common abstract
> git bisect good a27292b5d7545509bfa171922516d2033c570205
> # good: [469936ae0a9891b2de7e46743f683535b0819bee] target-i386: Fix segment cache dump
> git bisect good 469936ae0a9891b2de7e46743f683535b0819bee
> # bad: [3e4be9c29784df09c364b52a55e826a0b05b950e] Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
> git bisect bad 3e4be9c29784df09c364b52a55e826a0b05b950e
> # good: [2571f8f5fbaea5dc3bdcd84737f109b459576e90] Merge remote-tracking branch 'spice/spice.v74' into staging
> git bisect good 2571f8f5fbaea5dc3bdcd84737f109b459576e90
> # good: [c5daeae1b4ddff97d605bd954a7c2a2b2cf6040f] linux-headers: update to 3.11
> git bisect good c5daeae1b4ddff97d605bd954a7c2a2b2cf6040f
> # good: [ceae18bd74e8940ff79935a257c72e665b084bcc] lsi: add 53C810 variant
> git bisect good ceae18bd74e8940ff79935a257c72e665b084bcc
> # bad: [f010bc643a2759e87e989c3e4e85f15ec71ae98f] target-i386: add feature kvm_pv_unhalt
> git bisect bad f010bc643a2759e87e989c3e4e85f15ec71ae98f
> # bad: [4f2656079f903efcd0d8224cbc79170ad3ee5b70] linux-headers: update to 3.12-rc1
> git bisect bad 4f2656079f903efcd0d8224cbc79170ad3ee5b70
> # bad: [787aaf5703a702094f395db6795e74230282cd62] target-i386: forward CPUID cache leaves when -cpu host is used
> git bisect bad 787aaf5703a702094f395db6795e74230282cd62
>
> Peter
>
> On 20.09.2013 18:24, Paolo Bonzini wrote:
>> From: Benoît Canet <benoit@irqsave.net>
>>
>> Some users running cpu intensive tasks checking the cache CPUID leaves at
>> startup and making decisions based on the result reported that the guest was
>> not reflecting the host CPUID leaves when -cpu host is used.
>>
>> This patch fix this.
>>
>> Signed-off-by: Benoît Canet <benoit@irqsave.net>
>> [Rename new field to cache_info_passthrough - Paolo]
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>> ---
>>   target-i386/cpu-qom.h |  3 +++
>>   target-i386/cpu.c     | 19 +++++++++++++++++++
>>   2 files changed, 22 insertions(+)
>>
>> diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h
>> index c4447c2..f4fab15 100644
>> --- a/target-i386/cpu-qom.h
>> +++ b/target-i386/cpu-qom.h
>> @@ -70,6 +70,9 @@ typedef struct X86CPU {
>>       bool hyperv_relaxed_timing;
>>       int hyperv_spinlock_attempts;
>>   +    /* if true the CPUID code directly forward host cache leaves to the guest */
>> +    bool cache_info_passthrough;
>> +
>>       /* Features that were filtered out because of missing host capabilities */
>>       uint32_t filtered_features[FEATURE_WORDS];
>>   diff --git a/target-i386/cpu.c b/target-i386/cpu.c
>> index c36345e..46edd75 100644
>> --- a/target-i386/cpu.c
>> +++ b/target-i386/cpu.c
>> @@ -486,6 +486,7 @@ typedef struct x86_def_t {
>>       int stepping;
>>       FeatureWordArray features;
>>       char model_id[48];
>> +    bool cache_info_passthrough;
>>   } x86_def_t;
>>     #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
>> @@ -1139,6 +1140,7 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
>>       assert(kvm_enabled());
>>         x86_cpu_def->name = "host";
>> +    x86_cpu_def->cache_info_passthrough = true;
>>       host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
>>       x86_cpu_vendor_words2str(x86_cpu_def->vendor, ebx, edx, ecx);
>>   @@ -1888,6 +1890,7 @@ static void cpu_x86_register(X86CPU *cpu, const char *name, Error **errp)
>>       env->features[FEAT_C000_0001_EDX] = def->features[FEAT_C000_0001_EDX];
>>       env->features[FEAT_7_0_EBX] = def->features[FEAT_7_0_EBX];
>>       env->cpuid_xlevel2 = def->xlevel2;
>> +    cpu->cache_info_passthrough = def->cache_info_passthrough;
>>         object_property_set_str(OBJECT(cpu), def->model_id, "model-id", errp);
>>   }
>> @@ -2062,6 +2065,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>>           break;
>>       case 2:
>>           /* cache info: needed for Pentium Pro compatibility */
>> +        if (cpu->cache_info_passthrough) {
>> +            host_cpuid(index, 0, eax, ebx, ecx, edx);
>> +            break;
>> +        }
>>           *eax = 1; /* Number of CPUID[EAX=2] calls required */
>>           *ebx = 0;
>>           *ecx = 0;
>> @@ -2071,6 +2078,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>>           break;
>>       case 4:
>>           /* cache info: needed for Core compatibility */
>> +        if (cpu->cache_info_passthrough) {
>> +            host_cpuid(index, count, eax, ebx, ecx, edx);
>> +            break;
>> +        }
>>           if (cs->nr_cores > 1) {
>>               *eax = (cs->nr_cores - 1) << 26;
>>           } else {
>> @@ -2228,6 +2239,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>>           break;
>>       case 0x80000005:
>>           /* cache info (L1 cache) */
>> +        if (cpu->cache_info_passthrough) {
>> +            host_cpuid(index, 0, eax, ebx, ecx, edx);
>> +            break;
>> +        }
>>           *eax = (L1_DTLB_2M_ASSOC << 24) | (L1_DTLB_2M_ENTRIES << 16) | \
>>                  (L1_ITLB_2M_ASSOC <<  8) | (L1_ITLB_2M_ENTRIES);
>>           *ebx = (L1_DTLB_4K_ASSOC << 24) | (L1_DTLB_4K_ENTRIES << 16) | \
>> @@ -2239,6 +2254,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>>           break;
>>       case 0x80000006:
>>           /* cache info (L2 cache) */
>> +        if (cpu->cache_info_passthrough) {
>> +            host_cpuid(index, 0, eax, ebx, ecx, edx);
>> +            break;
>> +        }
>>           *eax = (AMD_ENC_ASSOC(L2_DTLB_2M_ASSOC) << 28) | \
>>                  (L2_DTLB_2M_ENTRIES << 16) | \
>>                  (AMD_ENC_ASSOC(L2_ITLB_2M_ASSOC) << 12) | \
>
>


-- 

Mit freundlichen Grüßen

Peter Lieven

...........................................................

   KAMP Netzwerkdienste GmbH
   Vestische Str. 89-91 | 46117 Oberhausen
   Tel: +49 (0) 208.89 402-50 | Fax: +49 (0) 208.89 402-40
   pl@kamp.de | http://www.kamp.de

   Geschäftsführer: Heiner Lante | Michael Lante
   Amtsgericht Duisburg | HRB Nr. 12154
   USt-Id-Nr.: DE 120607556

...........................................................

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

Il 18/11/2013 16:37, Peter Lieven ha scritto:
>>
>>
>> If I specify: -smp 2,sockets=1,cores=2,threads=1 to a Windows 2012 R2
>> Server it crashes
>> at boot time. -smp 2 works.
> for Linux /proc/cpuinfo reveals no cpu layout information (sibliings,
> cores, threads etc.) with
> this patch applied and a manual socket,core,thread configuration.

What's the full command line?

Paolo

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

Am 18.11.2013 17:11, schrieb Paolo Bonzini:
> Il 18/11/2013 16:37, Peter Lieven ha scritto:
>>>
>>> If I specify: -smp 2,sockets=1,cores=2,threads=1 to a Windows 2012 R2
>>> Server it crashes
>>> at boot time. -smp 2 works.
>> for Linux /proc/cpuinfo reveals no cpu layout information (sibliings,
>> cores, threads etc.) with
>> this patch applied and a manual socket,core,thread configuration.
> What's the full command line?

The essential part is -enable-kvm -smp 2,sockets=1,cores=2,threads=1 -cpu host.
I believe the corect fix could be to disabled the cache leave forwarding as soon
as the user specifies his own socket/core/thread layout.

Peter

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 18.11.2013 17:11, Paolo Bonzini wrote:
> Il 18/11/2013 16:37, Peter Lieven ha scritto:
>>>
>>> If I specify: -smp 2,sockets=1,cores=2,threads=1 to a Windows 2012 R2
>>> Server it crashes
>>> at boot time. -smp 2 works.
>> for Linux /proc/cpuinfo reveals no cpu layout information (sibliings,
>> cores, threads etc.) with
>> this patch applied and a manual socket,core,thread configuration.
> What's the full command line?

~/git/qemu$ x86_64-softmmu/qemu-system-x86_64 -m 2048 -drive if=virtio,file=iscsi://172.21.200.45/iqn.2001-05.com.equallogic:0-8a0906-9d95c510a-344001d54795289f-2012-r2-1-7-0/0,format=raw,cache=writeback,aio=native -smp 2,cores=2,threads=1,sockets=1 -cpu 
host -monitor stdio -vnc :1 -enable-kvm -usb -usbdevice tablet -vga cirrus -global virtio-blk-pci.scsi=off  -serial null  -parallel null -boot c

With just -smp 2 it works. However, have a look at my other email I think there is a bug in smp_parse, because -smp 2 yields cpus=2,cores=1,threads=1,sockets=1 whereas I think cores should
be 2.

Peter

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

Il 19/11/2013 11:25, Peter Lieven ha scritto:
>>
> 
> ~/git/qemu$ x86_64-softmmu/qemu-system-x86_64 -m 2048 -drive
> if=virtio,file=iscsi://172.21.200.45/iqn.2001-05.com.equallogic:0-8a0906-9d95c510a-344001d54795289f-2012-r2-1-7-0/0,format=raw,cache=writeback,aio=native
> -smp 2,cores=2,threads=1,sockets=1 -cpu host -monitor stdio -vnc :1
> -enable-kvm -usb -usbdevice tablet -vga cirrus -global
> virtio-blk-pci.scsi=off  -serial null  -parallel null -boot c

What is your host CPU's topology

> With just -smp 2 it works. However, have a look at my other email I
> think there is a bug in smp_parse, because -smp 2 yields
> cpus=2,cores=1,threads=1,sockets=1 whereas I think cores should
> be 2.

The code matching the comment in vl.c ("compute missing values, prefer
sockets over cores over threads") would be like "-smp
cpu=2,cores=1,threads=1,sockets=2", giving this code:

        if (cpus == 0) {
            sockets = sockets > 0 ? sockets : 1;
            cores = cores > 0 ? cores : 1;
            threads = threads > 0 ? threads : 1;
            cpus = cores * threads * sockets;
        } else if (sockets == 0) {
            cores = cores > 0 ? cores : 1;
            threads = threads > 0 ? threads : 1;
            sockets = cpus / (cores * threads);
        } else if (cores == 0) {
            threads = threads > 0 ? threads : 1;
            cores = cpus / (sockets * threads);
        } else {
            threads = cpus / (sockets * cores);
        }

What you suggest is cores over threads over sockets:

        if (cpus == 0) {
            cores = cores > 0 ? cores : 1;
            threads = threads > 0 ? threads : 1;
            sockets = sockets > 0 ? sockets : 1;
            cpus = cores * threads * sockets;
        } else if (cores == 0) {
            threads = threads > 0 ? threads : 1;
            sockets = sockets > 0 ? sockets : 1;
            cores = cpus / (threads * sockets);
        } else if (threads == 0) {
            sockets = sockets > 0 ? sockets : 1;
            threads = cpus / (cores * sockets);
        } else {
            sockets = cpus / (cores * threads);
        }

Can you test which of these two work?  But I agree it's best to disable
cache-leaf forwarding.

Paolo

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

Il 18/11/2013 20:53, Peter Lieven ha scritto:
> The essential part is -enable-kvm -smp 2,sockets=1,cores=2,threads=1 -cpu host.
> I believe the corect fix could be to disabled the cache leave forwarding as soon
> as the user specifies his own socket/core/thread layout.

Please test this:

diff --git a/include/sysemu/cpus.h b/include/sysemu/cpus.h
index 6502488..170fd70 100644
--- a/include/sysemu/cpus.h
+++ b/include/sysemu/cpus.h
@@ -17,6 +17,7 @@ void qtest_clock_warp(int64_t dest);
 /* vl.c */
 extern int smp_cores;
 extern int smp_threads;
+extern bool smp_manual_topology;
 #else
 /* *-user doesn't have configurable SMP topology */
 #define smp_cores   1
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 864c80e..49b5d45 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1149,7 +1149,7 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
     assert(kvm_enabled());
 
     x86_cpu_def->name = "host";
-    x86_cpu_def->cache_info_passthrough = true;
+    x86_cpu_def->cache_info_passthrough = !smp_manual_topology;
     host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
     x86_cpu_vendor_words2str(x86_cpu_def->vendor, ebx, edx, ecx);
 
diff --git a/vl.c b/vl.c
index 4ad15b8..f319976 100644
--- a/vl.c
+++ b/vl.c
@@ -207,6 +207,7 @@ CharDriverState *virtcon_hds[MAX_VIRTIO_CONSOLES];
 CharDriverState *sclp_hds[MAX_SCLP_CONSOLES];
 int win2k_install_hack = 0;
 int singlestep = 0;
+bool smp_manual_topology = false;
 int smp_cpus = 1;
 int max_cpus = 0;
 int smp_cores = 1;
@@ -1391,6 +1392,8 @@ static void smp_parse(QemuOpts *opts)
         unsigned cores   = qemu_opt_get_number(opts, "cores", 0);
         unsigned threads = qemu_opt_get_number(opts, "threads", 0);
 
+        smp_manual_topology = sockets || threads || cores;
+
         /* compute missing values, prefer sockets over cores over threads */
         if (cpus == 0 || sockets == 0) {
             sockets = sockets > 0 ? sockets : 1;

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 19.11.2013 11:47, Paolo Bonzini wrote:
> Il 19/11/2013 11:25, Peter Lieven ha scritto:
>> ~/git/qemu$ x86_64-softmmu/qemu-system-x86_64 -m 2048 -drive
>> if=virtio,file=iscsi://172.21.200.45/iqn.2001-05.com.equallogic:0-8a0906-9d95c510a-344001d54795289f-2012-r2-1-7-0/0,format=raw,cache=writeback,aio=native
>> -smp 2,cores=2,threads=1,sockets=1 -cpu host -monitor stdio -vnc :1
>> -enable-kvm -usb -usbdevice tablet -vga cirrus -global
>> virtio-blk-pci.scsi=off  -serial null  -parallel null -boot c
> What is your host CPU's topology
I tested it with 1 socket, 2 cores, 2 threads per core (my workstation) and 2 sockets, 8 cores per socket, 2 threads per thread.
Both crash.
>
>> With just -smp 2 it works. However, have a look at my other email I
>> think there is a bug in smp_parse, because -smp 2 yields
>> cpus=2,cores=1,threads=1,sockets=1 whereas I think cores should
>> be 2.
> The code matching the comment in vl.c ("compute missing values, prefer
> sockets over cores over threads") would be like "-smp
> cpu=2,cores=1,threads=1,sockets=2", giving this code:
>
>          if (cpus == 0) {
>              sockets = sockets > 0 ? sockets : 1;
>              cores = cores > 0 ? cores : 1;
>              threads = threads > 0 ? threads : 1;
>              cpus = cores * threads * sockets;
>          } else if (sockets == 0) {
>              cores = cores > 0 ? cores : 1;
>              threads = threads > 0 ? threads : 1;
>              sockets = cpus / (cores * threads);
>          } else if (cores == 0) {
>              threads = threads > 0 ? threads : 1;
>              cores = cpus / (sockets * threads);
>          } else {
>              threads = cpus / (sockets * cores);
>          }
I am fine with either of the both variants, it should just
be consistent ;-)
>
> What you suggest is cores over threads over sockets:
>
>          if (cpus == 0) {
>              cores = cores > 0 ? cores : 1;
>              threads = threads > 0 ? threads : 1;
>              sockets = sockets > 0 ? sockets : 1;
>              cpus = cores * threads * sockets;
>          } else if (cores == 0) {
>              threads = threads > 0 ? threads : 1;
>              sockets = sockets > 0 ? sockets : 1;
>              cores = cpus / (threads * sockets);
>          } else if (threads == 0) {
>              sockets = sockets > 0 ? sockets : 1;
>              threads = cpus / (cores * sockets);
>          } else {
>              sockets = cpus / (cores * threads);
>          }
>
> Can you test which of these two work?  But I agree it's best to disable
> cache-leaf forwarding.
The problem is, its broken because at least cpuid index 4 includes a hint
to the number of cores and threads. I think we have to disable the cache
leaf forwarding if the qemu cpu topology does not match the host topology.

I also tried to fix index 4, but this alone seems to be not enough. at least
in index 2 seems also to be some info about cores and threads (which is currently
not there).

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

next question: is cache leaf forwarding a migration blocker?

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

Il 19/11/2013 12:35, Peter Lieven ha scritto:
> next question: is cache leaf forwarding a migration blocker?

"-cpu host" in general is "interesting" at migration time, so I would
say no.

Paolo

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 19.11.2013 12:37, Paolo Bonzini wrote:
> Il 19/11/2013 12:35, Peter Lieven ha scritto:
>> next question: is cache leaf forwarding a migration blocker?
> "-cpu host" in general is "interesting" at migration time, so I would
> say no.
It works for for a long time as long as all cpu features that are supported on the source
are also supported on the destination.

As for the cache leaves feature I would go for making it a optional parameter. If we
woudl want to support it, we need to adjust several cpuid indexes to reflect the emulated
cpu topology. Question would be to what extend the cache information would then
make sense. Or with other words if one wants to use cache leaf pass-thru the topology
must match the physical one?

Peter

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 19.11.2013 11:47, Paolo Bonzini wrote:
> Il 19/11/2013 11:25, Peter Lieven ha scritto:
>> ~/git/qemu$ x86_64-softmmu/qemu-system-x86_64 -m 2048 -drive
>> if=virtio,file=iscsi://172.21.200.45/iqn.2001-05.com.equallogic:0-8a0906-9d95c510a-344001d54795289f-2012-r2-1-7-0/0,format=raw,cache=writeback,aio=native
>> -smp 2,cores=2,threads=1,sockets=1 -cpu host -monitor stdio -vnc :1
>> -enable-kvm -usb -usbdevice tablet -vga cirrus -global
>> virtio-blk-pci.scsi=off  -serial null  -parallel null -boot c
> What is your host CPU's topology
>
>> With just -smp 2 it works. However, have a look at my other email I
>> think there is a bug in smp_parse, because -smp 2 yields
>> cpus=2,cores=1,threads=1,sockets=1 whereas I think cores should
>> be 2.
> The code matching the comment in vl.c ("compute missing values, prefer
> sockets over cores over threads") would be like "-smp
> cpu=2,cores=1,threads=1,sockets=2", giving this code:
>
>          if (cpus == 0) {
>              sockets = sockets > 0 ? sockets : 1;
>              cores = cores > 0 ? cores : 1;
>              threads = threads > 0 ? threads : 1;
>              cpus = cores * threads * sockets;
>          } else if (sockets == 0) {
>              cores = cores > 0 ? cores : 1;
>              threads = threads > 0 ? threads : 1;
>              sockets = cpus / (cores * threads);
>          } else if (cores == 0) {
>              threads = threads > 0 ? threads : 1;
>              cores = cpus / (sockets * threads);
>          } else {
>              threads = cpus / (sockets * cores);
>          }
>
> What you suggest is cores over threads over sockets:
>
>          if (cpus == 0) {
>              cores = cores > 0 ? cores : 1;
>              threads = threads > 0 ? threads : 1;
>              sockets = sockets > 0 ? sockets : 1;
>              cpus = cores * threads * sockets;
>          } else if (cores == 0) {
>              threads = threads > 0 ? threads : 1;
>              sockets = sockets > 0 ? sockets : 1;
>              cores = cpus / (threads * sockets);
>          } else if (threads == 0) {
>              sockets = sockets > 0 ? sockets : 1;
>              threads = cpus / (cores * sockets);
>          } else {
>              sockets = cpus / (cores * threads);
>          }
>
> Can you test which of these two work?  But I agree it's best to disable
> cache-leaf forwarding.
The first does make windows boot again and it calculates a
correct combination of cpus, threads, cores and sockets. But
I think the reason it boots is because cores=threads=1.

As its more intuitive (I think) I would prefer your "cores over threads over socket ".
The last thing I would think of is emulating more than 1 socket. -smp N
would then mean, N cores, no hyper-threading, 1 socket.

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 19.11.2013 13:03, Peter Lieven wrote:
> On 19.11.2013 11:47, Paolo Bonzini wrote:
>> Il 19/11/2013 11:25, Peter Lieven ha scritto:
>>> ~/git/qemu$ x86_64-softmmu/qemu-system-x86_64 -m 2048 -drive
>>> if=virtio,file=iscsi://172.21.200.45/iqn.2001-05.com.equallogic:0-8a0906-9d95c510a-344001d54795289f-2012-r2-1-7-0/0,format=raw,cache=writeback,aio=native
>>> -smp 2,cores=2,threads=1,sockets=1 -cpu host -monitor stdio -vnc :1
>>> -enable-kvm -usb -usbdevice tablet -vga cirrus -global
>>> virtio-blk-pci.scsi=off  -serial null  -parallel null -boot c
>> What is your host CPU's topology
>>
>>> With just -smp 2 it works. However, have a look at my other email I
>>> think there is a bug in smp_parse, because -smp 2 yields
>>> cpus=2,cores=1,threads=1,sockets=1 whereas I think cores should
>>> be 2.
>> The code matching the comment in vl.c ("compute missing values, prefer
>> sockets over cores over threads") would be like "-smp
>> cpu=2,cores=1,threads=1,sockets=2", giving this code:
>>
>>          if (cpus == 0) {
>>              sockets = sockets > 0 ? sockets : 1;
>>              cores = cores > 0 ? cores : 1;
>>              threads = threads > 0 ? threads : 1;
>>              cpus = cores * threads * sockets;
>>          } else if (sockets == 0) {
>>              cores = cores > 0 ? cores : 1;
>>              threads = threads > 0 ? threads : 1;
>>              sockets = cpus / (cores * threads);
>>          } else if (cores == 0) {
>>              threads = threads > 0 ? threads : 1;
>>              cores = cpus / (sockets * threads);
>>          } else {
>>              threads = cpus / (sockets * cores);
>>          }
>>
>> What you suggest is cores over threads over sockets:
>>
>>          if (cpus == 0) {
>>              cores = cores > 0 ? cores : 1;
>>              threads = threads > 0 ? threads : 1;
>>              sockets = sockets > 0 ? sockets : 1;
>>              cpus = cores * threads * sockets;
>>          } else if (cores == 0) {
>>              threads = threads > 0 ? threads : 1;
>>              sockets = sockets > 0 ? sockets : 1;
>>              cores = cpus / (threads * sockets);
>>          } else if (threads == 0) {
>>              sockets = sockets > 0 ? sockets : 1;
>>              threads = cpus / (cores * sockets);
>>          } else {
>>              sockets = cpus / (cores * threads);
>>          }
>>
>> Can you test which of these two work?  But I agree it's best to disable
>> cache-leaf forwarding.
> The first does make windows boot again and it calculates a
> correct combination of cpus, threads, cores and sockets. But
> I think the reason it boots is because cores=threads=1.
Forgot to mention: In this case the information about cores and threads is not retreived
from additional indexes. bits 16..23 in ebx in index 0x00000001 are zero.

So bottom line, the whole cache leaf passthru thing only worked because of a bug
in smp_parse yielding threads and cores 1 by default.

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

Il 19/11/2013 13:03, Peter Lieven ha scritto:
>>
>> Can you test which of these two work?  But I agree it's best to disable
>> cache-leaf forwarding.
> The first does make windows boot again and it calculates a
> correct combination of cpus, threads, cores and sockets. But
> I think the reason it boots is because cores=threads=1.
> 
> As its more intuitive (I think) I would prefer your "cores over threads
> over socket ".
> The last thing I would think of is emulating more than 1 socket. -smp N
> would then mean, N cores, no hyper-threading, 1 socket.

After looking more at the docs, I think I found the bug.  Can you test this?

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 864c80e..16d4db1 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2086,14 +2086,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         /* cache info: needed for Core compatibility */
         if (cpu->cache_info_passthrough) {
             host_cpuid(index, count, eax, ebx, ecx, edx);
-            break;
-        }
-        if (cs->nr_cores > 1) {
-            *eax = (cs->nr_cores - 1) << 26;
+            *eax &= ~0xFC000000;
         } else {
             *eax = 0;
-        }
-        switch (count) {
+            switch (count) {
             case 0: /* L1 dcache info */
                 *eax |= CPUID_4_TYPE_DCACHE | \
                         CPUID_4_LEVEL(1) | \
@@ -2118,9 +2114,6 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
                 *eax |= CPUID_4_TYPE_UNIFIED | \
                         CPUID_4_LEVEL(2) | \
                         CPUID_4_SELF_INIT_LEVEL;
-                if (cs->nr_threads > 1) {
-                    *eax |= (cs->nr_threads - 1) << 14;
-                }
                 *ebx = (L2_LINE_SIZE - 1) | \
                        ((L2_PARTITIONS - 1) << 12) | \
                        ((L2_ASSOCIATIVITY - 1) << 22);
@@ -2133,6 +2126,12 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
                 *ecx = 0;
                 *edx = 0;
                 break;
+            }
+        }
+
+        /* We give out APIC IDs ourselves, so force bits 31..26 even for "-cpu host".  */
+        if (cs->nr_cores > 1) {
+            *eax |= (cs->nr_cores - 1) << 26;
         }
         break;
     case 5:

Paolo

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 19.11.2013 13:14, Paolo Bonzini wrote:
> Il 19/11/2013 13:03, Peter Lieven ha scritto:
>>> Can you test which of these two work?  But I agree it's best to disable
>>> cache-leaf forwarding.
>> The first does make windows boot again and it calculates a
>> correct combination of cpus, threads, cores and sockets. But
>> I think the reason it boots is because cores=threads=1.
>>
>> As its more intuitive (I think) I would prefer your "cores over threads
>> over socket ".
>> The last thing I would think of is emulating more than 1 socket. -smp N
>> would then mean, N cores, no hyper-threading, 1 socket.
> After looking more at the docs, I think I found the bug.  Can you test this?
>
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 864c80e..16d4db1 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -2086,14 +2086,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>           /* cache info: needed for Core compatibility */
>           if (cpu->cache_info_passthrough) {
>               host_cpuid(index, count, eax, ebx, ecx, edx);
> -            break;
> -        }
> -        if (cs->nr_cores > 1) {
> -            *eax = (cs->nr_cores - 1) << 26;
> +            *eax &= ~0xFC000000;
>           } else {
>               *eax = 0;
> -        }
> -        switch (count) {
> +            switch (count) {
>               case 0: /* L1 dcache info */
>                   *eax |= CPUID_4_TYPE_DCACHE | \
>                           CPUID_4_LEVEL(1) | \
> @@ -2118,9 +2114,6 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>                   *eax |= CPUID_4_TYPE_UNIFIED | \
>                           CPUID_4_LEVEL(2) | \
>                           CPUID_4_SELF_INIT_LEVEL;
> -                if (cs->nr_threads > 1) {
> -                    *eax |= (cs->nr_threads - 1) << 14;
> -                }
>                   *ebx = (L2_LINE_SIZE - 1) | \
>                          ((L2_PARTITIONS - 1) << 12) | \
>                          ((L2_ASSOCIATIVITY - 1) << 22);
> @@ -2133,6 +2126,12 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>                   *ecx = 0;
>                   *edx = 0;
>                   break;
> +            }
> +        }
> +
> +        /* We give out APIC IDs ourselves, so force bits 31..26 even for "-cpu host".  */
> +        if (cs->nr_cores > 1) {
> +            *eax |= (cs->nr_cores - 1) << 26;
>           }
>           break;
>       case 5:
>
> Paolo
I already tried exactly this fix. Its reading index 0x0000004 for increasing indexes until qemu aborts:

~/git/qemu$ x86_64-softmmu/qemu-system-x86_64 -m 2048 -drive if=virtio,file=iscsi://172.21.200.45/iqn.2001-05.com.equallogic:0-8a0906-9d95c510a-344001d54795289f-2012-r2-1-7-0/0,format=raw,cache=writeback,aio=native -cpu host -monitor stdio -vnc :1 
-enable-kvm -usb -usbdevice tablet -vga cirrus -global virtio-blk-pci.scsi=off -smp 4,cores=4,threads=1,sockets=1  -serial null  -parallel null -boot c

(qemu) cpuid_data is full, no space for cpuid(eax:0x4,ecx:0x5d)
Abgebrochen (Speicherabzug geschrieben)

If you really want to have this feature:

a) fix smp_parse and leave it at "prefer sockets over cores over threads", but use your new code:

         if (cpus == 0) {
             sockets = sockets > 0 ? sockets : 1;
             cores = cores > 0 ? cores : 1;
             threads = threads > 0 ? threads : 1;
             cpus = cores * threads * sockets;
         } else if (sockets == 0) {
             cores = cores > 0 ? cores : 1;
             threads = threads > 0 ? threads : 1;
             sockets = cpus / (cores * threads);
         } else if (cores == 0) {
             threads = threads > 0 ? threads : 1;
             cores = cpus / (sockets * threads);
         } else {
             threads = cpus / (sockets * cores);
         }


b) disable cache leaf pass-thru as soon as threads*cores > 1. It seems to work as long as there is only one core with one thread per socket.

Peter

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

Il 19/11/2013 13:32, Peter Lieven ha scritto:
>>
>> +
>> +        /* We give out APIC IDs ourselves, so force bits 31..26 even
>> for "-cpu host".  */
>> +        if (cs->nr_cores > 1) {
>> +            *eax |= (cs->nr_cores - 1) << 26;
>>           }
>>           break;
>>       case 5:
>
> I already tried exactly this fix. Its reading index 0x0000004 for
> increasing indexes until qemu aborts:

Oops, it should be I guess "if ((*eax & 31) && cs->nr_cores > 1)".

Paolo

> ~/git/qemu$ x86_64-softmmu/qemu-system-x86_64 -m 2048 -drive
> if=virtio,file=iscsi://172.21.200.45/iqn.2001-05.com.equallogic:0-8a0906-9d95c510a-344001d54795289f-2012-r2-1-7-0/0,format=raw,cache=writeback,aio=native
> -cpu host -monitor stdio -vnc :1 -enable-kvm -usb -usbdevice tablet -vga
> cirrus -global virtio-blk-pci.scsi=off -smp
> 4,cores=4,threads=1,sockets=1  -serial null  -parallel null -boot c

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 19.11.2013 14:21, Paolo Bonzini wrote:
> Il 19/11/2013 13:32, Peter Lieven ha scritto:
>>> +
>>> +        /* We give out APIC IDs ourselves, so force bits 31..26 even
>>> for "-cpu host".  */
>>> +        if (cs->nr_cores > 1) {
>>> +            *eax |= (cs->nr_cores - 1) << 26;
>>>            }
>>>            break;
>>>        case 5:
>> I already tried exactly this fix. Its reading index 0x0000004 for
>> increasing indexes until qemu aborts:
> Oops, it should be I guess "if ((*eax & 31) && cs->nr_cores > 1)".
Maybe, how should we continue. This should be fixed before 1.7 comes out.

Peter

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

Il 19/11/2013 15:11, Peter Lieven ha scritto:
>>>>
>>> I already tried exactly this fix. Its reading index 0x0000004 for
>>> increasing indexes until qemu aborts:
>> Oops, it should be I guess "if ((*eax & 31) && cs->nr_cores > 1)".
> Maybe, how should we continue. This should be fixed before 1.7 comes out.

If this works, I'll post a patch.

Paolo

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 19.11.2013 15:14, Paolo Bonzini wrote:
> if ((*eax & 31) && cs->nr_cores > 1)
at which position exactly do you want to put this condition and take which action?

Peter

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

Il 19/11/2013 15:17, Peter Lieven ha scritto:
>> if ((*eax & 31) && cs->nr_cores > 1)
> at which position exactly do you want to put this condition and take
> which action?

Just replace "if (cs->nr_cores > 1)" in the patch I posted, i.e. after the switch.

Paolo

-------------- 8< -----------------
>From 781ff96e9d1eeacbd4ff588d4d3773351f14320b Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 19 Nov 2013 13:19:17 +0100
Subject: [PATCH] target-i386: do not override nr_cores for "-cpu host"

Commit 787aaf5 (target-i386: forward CPUID cache leaves when -cpu host is
used, 2013-09-02) brings bits 31..26 of CPUID leaf 04h out of sync with
the APIC IDs that QEMU reserves for each package.  This number must come
from "-smp" options rather than from the host CPUID.

It also turns out that this unsyncing makes Windows Server 2012R2 fail
to boot.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target-i386/cpu.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 864c80e..8df6747 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2086,14 +2086,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         /* cache info: needed for Core compatibility */
         if (cpu->cache_info_passthrough) {
             host_cpuid(index, count, eax, ebx, ecx, edx);
-            break;
-        }
-        if (cs->nr_cores > 1) {
-            *eax = (cs->nr_cores - 1) << 26;
+            *eax &= ~0xFC000000;
         } else {
             *eax = 0;
-        }
-        switch (count) {
+            switch (count) {
             case 0: /* L1 dcache info */
                 *eax |= CPUID_4_TYPE_DCACHE | \
                         CPUID_4_LEVEL(1) | \
@@ -2133,6 +2129,12 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
                 *ecx = 0;
                 *edx = 0;
                 break;
+            }
+        }
+
+        /* We give out APIC IDs ourselves, so force bits 31..26 even for "-cpu host".  */
+        if ((*eax & 31) && cs->nr_cores > 1) {
+            *eax |= (cs->nr_cores - 1) << 26;
         }
         break;
     case 5:
-- 
1.8.4.2

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 19.11.2013 15:19, Paolo Bonzini wrote:
> Il 19/11/2013 15:17, Peter Lieven ha scritto:
>>> if ((*eax & 31) && cs->nr_cores > 1)
>> at which position exactly do you want to put this condition and take
>> which action?
> Just replace "if (cs->nr_cores > 1)" in the patch I posted, i.e. after the switch.
This seems to work. What is in bits 0..5 of eax?
What about the number of threads in count == 2?

I would still like to have at least an option to disable the passthru without
recompiling if other issues occur.

>
> Paolo
>
> -------------- 8< -----------------
>  From 781ff96e9d1eeacbd4ff588d4d3773351f14320b Mon Sep 17 00:00:00 2001
> From: Paolo Bonzini <pbonzini@redhat.com>
> Date: Tue, 19 Nov 2013 13:19:17 +0100
> Subject: [PATCH] target-i386: do not override nr_cores for "-cpu host"
>
> Commit 787aaf5 (target-i386: forward CPUID cache leaves when -cpu host is
> used, 2013-09-02) brings bits 31..26 of CPUID leaf 04h out of sync with
> the APIC IDs that QEMU reserves for each package.  This number must come
> from "-smp" options rather than from the host CPUID.
>
> It also turns out that this unsyncing makes Windows Server 2012R2 fail
> to boot.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>   target-i386/cpu.c | 14 ++++++++------
>   1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 864c80e..8df6747 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -2086,14 +2086,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>           /* cache info: needed for Core compatibility */
>           if (cpu->cache_info_passthrough) {
>               host_cpuid(index, count, eax, ebx, ecx, edx);
> -            break;
> -        }
> -        if (cs->nr_cores > 1) {
> -            *eax = (cs->nr_cores - 1) << 26;
> +            *eax &= ~0xFC000000;
>           } else {
>               *eax = 0;
> -        }
> -        switch (count) {
> +            switch (count) {
>               case 0: /* L1 dcache info */
>                   *eax |= CPUID_4_TYPE_DCACHE | \
>                           CPUID_4_LEVEL(1) | \
> @@ -2133,6 +2129,12 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>                   *ecx = 0;
>                   *edx = 0;
>                   break;
> +            }
> +        }
> +
> +        /* We give out APIC IDs ourselves, so force bits 31..26 even for "-cpu host".  */
> +        if ((*eax & 31) && cs->nr_cores > 1) {
> +            *eax |= (cs->nr_cores - 1) << 26;
>           }
>           break;
>       case 5:

Tested-by: Peter Lieven <pl@kamp.de>

Peter

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

Il 19/11/2013 15:46, Peter Lieven ha scritto:
>>>
>> Just replace "if (cs->nr_cores > 1)" in the patch I posted, i.e. after
>> the switch.
> This seems to work. What is in bits 0..5 of eax?

It's the kind of cache.  0 means that there is no cache and the returned
data is not valid.  In theory, Intel says you should only check whether
those bits are 0, and stop iterating when they are, but apparently
something is expecting eax=0.

> What about the number of threads in count == 2?

That's a property of the L2 cache.  It's not related to APIC IDs.

> I would still like to have at least an option to disable the passthru
> without recompiling if other issues occur.

I think of "-cpu host" in general as a hit-or-miss option.  I'm not sure
whether it makes sense to have such fine grain.

Paolo

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Peter Lieven]

On 19.11.2013 15:57, Paolo Bonzini wrote:
> Il 19/11/2013 15:46, Peter Lieven ha scritto:
>>> Just replace "if (cs->nr_cores > 1)" in the patch I posted, i.e. after
>>> the switch.
>> This seems to work. What is in bits 0..5 of eax?
> It's the kind of cache.  0 means that there is no cache and the returned
> data is not valid.  In theory, Intel says you should only check whether
> those bits are 0, and stop iterating when they are, but apparently
> something is expecting eax=0.
>
>> What about the number of threads in count == 2?
> That's a property of the L2 cache.  It's not related to APIC IDs.
okay, but the contents could be wrong if the physical system
has threads while the emulated vserver has not. does this
matter?
>
>> I would still like to have at least an option to disable the passthru
>> without recompiling if other issues occur.
> I think of "-cpu host" in general as a hit-or-miss option.  I'm not sure
> whether it makes sense to have such fine grain.
As I explained, I have no trouble with -cpu host for ages when I ensure that
I do not live migrate to a processor that misses a feature that was there
when the vserver was created. With the caching option this could become
a problem or do you think wrong assumption about the cache are just
a performance penalty?

Peter

Re: [Qemu-devel] [PULL 11/13] target-i386: forward CPUID cache leaves when -cpu host is used

[Paolo Bonzini]

Il 19/11/2013 16:05, Peter Lieven ha scritto:
>>
>>> What about the number of threads in count == 2?
>> That's a property of the L2 cache.  It's not related to APIC IDs.
> okay, but the contents could be wrong if the physical system
> has threads while the emulated vserver has not. does this
> matter?

If you care about passing cache leaves, you probably can be expected to
pass a number of threads that matches the host, making the vCPUs a
multiple of the number of threads, and pinning the virtual cores to the
physical cores.

But in general, I'd say that the cache _is_ shared with another thread.
 It may be that the thread is not part of the VM---that depends on
things such as the pinning of vCPUs to physical CPUs.

Paolo