+1.1 Multiline Indent

+

+There are several places where indent is necessary:

+

+ - if/else

+ - while/for

+ - function definition & call

+

+When breaking up a long line to fit within line width, we need a proper indent

+for the following lines.

+

+In case of if/else, while/for, align the secondary lines just after the

+opening parenthesis of the first.

+

+For example:

+

+ if (a == 1 &&

+ b == 2) {

+

+ while (a == 1 &&

+ b == 2) {

+

+In case of function, there are several variants:

+

+ * 4 spaces indent from the beginning

+ * align the secondary lines just after the opening parenthesis of the

+ first

+

+For example:

+

+ do_something(x, y,

+ z);

+

+ do_something(x, y,

+ z);

+

+ do_something(x, do_another(y,

+ z));

+

+ if (a == 1) {

+ /* Reads like: "If a equals 1" */

+ do_something();

+ }

+Parallel NOR Flash devices

+M: Philippe Mathieu-Daudé <philmd@redhat.com>

+T: git https://gitlab.com/philmd/qemu.git pflash-next

+S: Maintained

+F: hw/block/pflash_cfi*.c

+F: include/hw/block/flash.h

+

+S: Odd Fixes

+L: integration@gluster.org

+S: Odd Fixes

+ rm -f $(filter-out %.tlb,$(TOOLS)) $(HELPERS-y) qemu-ga$(EXESUF) TAGS cscope.* *.pod *~ */*~

+TEXI2PODFLAGS=$(MAKEINFOINCLUDES) -DVERSION="$(VERSION)" -DCONFDIR="$(qemu_confdir)"

+docs/version.texi: $(SRC_PATH)/VERSION config-host.mak

+ $(call quiet-command,(\

+ echo "@set VERSION $(VERSION)" && \

+ echo "@set CONFDIR $(qemu_confdir)" \

+ )> $@,"GEN","$@")

+ docs/qemu-cpu-models.texi docs/security.texi

+ assert(bs->drv && bs->drv->bdrv_child_perm);

+ bs->drv->bdrv_child_perm(bs, c, role, reopen_queue,

+ parent_perm, parent_shared,

+ nperm, nshared);

+ bdrv_close(bs);

+

+static void coroutine_fn bdrv_check_co_entry(void *opaque)

+ bdrv_append(commit_top_bs, top, &local_err);

+/* See bdrv_pwrite() for the return codes */

+/* Return no. of bytes on success or < 0 on error. Important errors are:

+ -EIO generic I/O error (may happen for all errors)

+ -ENOMEDIUM No media inserted.

+ -EINVAL Invalid offset or number of bytes

+ -EACCES Trying to write a read-only device

+*/

+ if (ret < 0 && !(flags & BDRV_REQ_NO_FALLBACK)) {

+ qcow2_free_clusters(bs, addr, s->cluster_size, QCOW2_DISCARD_ALWAYS);

+ int64_t file_len;

+ file_len = bdrv_getlength(bs->file->bs);

+ if (file_len < 0) {

+ return file_len;

+ }

+

+ /*

+ * Last cluster of qcow2 image may be semi-allocated, so it may be OK to

+ * reference some space after file end but it should be less than one

+ * cluster.

+ */

+ if (offset + size - file_len >= s->cluster_size) {

+ fprintf(stderr, "ERROR: counting reference for region exceeding the "

+ "end of the file by one cluster or more: offset 0x%" PRIx64

+ " size 0x%" PRIx64 "\n", offset, size);

+ res->corruptions++;

+ return 0;

+ }

+

+ int flags, BdrvCheckMode fix, bool active)

+ res->corruptions++;

+

+ int ign = active ? QCOW2_OL_ACTIVE_L2 :

+ QCOW2_OL_INACTIVE_L2;

+ ret = qcow2_pre_write_overlap_check(bs, ign,

+ res->corruptions--;

+ if (flags & CHECK_FRAG_INFO) {

+ res->bfi.allocated_clusters++;

+ if (next_contiguous_offset &&

+ offset != next_contiguous_offset) {

+ res->bfi.fragmented_clusters++;

+ }

+ next_contiguous_offset = offset + s->cluster_size;

+ }

+

+ int flags, BdrvCheckMode fix, bool active)

+ fix, active);

+ int l2_dirty = 0;

+ res->corruptions++;

+ res->corruptions--;

+ res->corruptions++;

+ l2_dirty++;

+ if (l2_dirty > 0) {

+ res->corruptions -= l2_dirty;

+ res->corruptions_fixed += l2_dirty;

+ res->corruptions++;

+ res->corruptions--;

+ fix, true);

+ sn->l1_table_offset, sn->l1_size, 0, fix,

+ false);

+ ret = bdrv_pwrite(bs->file, refblock_offset, on_disk_refblock,

+ s->cluster_size);

+

+ /*

+ * Store the user name for ssh_refresh_filename() because the

+ * default depends on the system you are on -- therefore, when we

+ * generate a filename, it should always contain the user name we

+ * are actually using.

+ */

+ char *user;

+ g_free(s->user);

+

+ s->user = g_strdup(opts->user);

+ s->user = g_strdup(g_get_user_name());

+ if (!s->user) {

+ ret = authenticate(s, s->user, errp);

+static void ssh_refresh_filename(BlockDriverState *bs)

+{

+ BDRVSSHState *s = bs->opaque;

+ const char *path, *host_key_check;

+ int ret;

+

+ /*

+ * None of these options can be represented in a plain "host:port"

+ * format, so if any was given, we have to abort.

+ */

+ if (s->inet->has_ipv4 || s->inet->has_ipv6 || s->inet->has_to ||

+ s->inet->has_numeric)

+ {

+ return;

+ }

+

+ path = qdict_get_try_str(bs->full_open_options, "path");

+ assert(path); /* mandatory option */

+

+ host_key_check = qdict_get_try_str(bs->full_open_options, "host_key_check");

+

+ ret = snprintf(bs->exact_filename, sizeof(bs->exact_filename),

+ "ssh://%s@%s:%s%s%s%s",

+ s->user, s->inet->host, s->inet->port, path,

+ host_key_check ? "?host_key_check=" : "",

+ host_key_check ?: "");

+ if (ret >= sizeof(bs->exact_filename)) {

+ /* An overflow makes the filename unusable, so do not report any */

+ bs->exact_filename[0] = '\0';

+ }

+}

+

+static char *ssh_bdrv_dirname(BlockDriverState *bs, Error **errp)

+{

+ if (qdict_haskey(bs->full_open_options, "host_key_check")) {

+ /*

+ * We cannot generate a simple prefix if we would have to

+ * append a query string.

+ */

+ error_setg(errp,

+ "Cannot generate a base directory with host_key_check set");

+ return NULL;

+ }

+

+ if (bs->exact_filename[0] == '\0') {

+ error_setg(errp, "Cannot generate a base directory for this ssh node");

+ return NULL;

+ }

+

+ return path_combine(bs->exact_filename, "");

+}

+

+ .bdrv_refresh_filename = ssh_refresh_filename,

+ .bdrv_dirname = ssh_bdrv_dirname,

+QEMU_BUILD_BUG_ON(sizeof(VdiHeader) != 512);

+

+ ret = bdrv_pread(bs->file, 0, &header, sizeof(header));

+ ret = bdrv_pread(bs->file, header.offset_bmap, s->bmap,

+ bmap_size * SECTOR_SIZE);

+ ret = bdrv_pwrite(bs->file, 0, block, sizeof(VdiHeader));

+ ret = bdrv_pwrite(bs->file, offset * SECTOR_SIZE, base,

+ n_sectors * SECTOR_SIZE);

+ return ret < 0 ? ret : 0;

+ if (bdrv_pread(s->qcow, sector_num * BDRV_SECTOR_SIZE,

+ buf + i * 0x200, n) < 0) {

+ res = bdrv_pwrite(s->qcow, offset * BDRV_SECTOR_SIZE,

+ s->cluster_buffer, BDRV_SECTOR_SIZE);

+ if (res < 0) {

+ ret = bdrv_pwrite(s->qcow, sector_num * BDRV_SECTOR_SIZE, buf,

+ nb_sectors * BDRV_SECTOR_SIZE);

+ const struct pam_conv pam_conv = { 0 };

+ pam_start(service_name, user, &pam_conv, &pamh);

+#if defined(_WIN32) && (defined(__x86_64__) || defined(__i386__))

+ secure-coding-practices

+=======================

+Secure Coding Practices

+=======================

+This document covers topics that both developers and security researchers must

+be aware of so that they can develop safe code and audit existing code

+properly.

+

+Reporting Security Bugs

+-----------------------

+For details on how to report security bugs or ask questions about potential

+security bugs, see the `Security Process wiki page

+<https://wiki.qemu.org/SecurityProcess>`_.

+

+General Secure C Coding Practices

+---------------------------------

+Most CVEs (security bugs) reported against QEMU are not specific to

+virtualization or emulation. They are simply C programming bugs. Therefore

+it's critical to be aware of common classes of security bugs.

+

+There is a wide selection of resources available covering secure C coding. For

+example, the `CERT C Coding Standard

+<https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard>`_

+covers the most important classes of security bugs.

+

+Instead of describing them in detail here, only the names of the most important

+classes of security bugs are mentioned:

+

+* Buffer overflows

+* Use-after-free and double-free

+* Integer overflows

+* Format string vulnerabilities

+

+Some of these classes of bugs can be detected by analyzers. Static analysis is

+performed regularly by Coverity and the most obvious of these bugs are even

+reported by compilers. Dynamic analysis is possible with valgrind, tsan, and

+asan.

+

+Input Validation

+----------------

+Inputs from the guest or external sources (e.g. network, files) cannot be

+trusted and may be invalid. Inputs must be checked before using them in a way

+that could crash the program, expose host memory to the guest, or otherwise be

+exploitable by an attacker.

+

+The most sensitive attack surface is device emulation. All hardware register

+accesses and data read from guest memory must be validated. A typical example

+is a device that contains multiple units that are selectable by the guest via

+an index register::

+

+ typedef struct {

+ ProcessingUnit unit[2];

+ ...

+ } MyDeviceState;

+

+ static void mydev_writel(void *opaque, uint32_t addr, uint32_t val)

+ {

+ MyDeviceState *mydev = opaque;

+ ProcessingUnit *unit;

+

+ switch (addr) {

+ case MYDEV_SELECT_UNIT:

+ unit = &mydev->unit[val]; <-- this input wasn't validated!

+ ...

+ }

+ }

+

+If ``val`` is not in range [0, 1] then an out-of-bounds memory access will take

+place when ``unit`` is dereferenced. The code must check that ``val`` is 0 or

+1 and handle the case where it is invalid.

+

+Unexpected Device Accesses

+--------------------------

+The guest may access device registers in unusual orders or at unexpected

+moments. Device emulation code must not assume that the guest follows the

+typical "theory of operation" presented in driver writer manuals. The guest

+may make nonsense accesses to device registers such as starting operations

+before the device has been fully initialized.

+

+A related issue is that device emulation code must be prepared for unexpected

+device register accesses while asynchronous operations are in progress. A

+well-behaved guest might wait for a completion interrupt before accessing

+certain device registers. Device emulation code must handle the case where the

+guest overwrites registers or submits further requests before an ongoing

+request completes. Unexpected accesses must not cause memory corruption or

+leaks in QEMU.

+

+Invalid device register accesses can be reported with

+``qemu_log_mask(LOG_GUEST_ERROR, ...)``. The ``-d guest_errors`` command-line

+option enables these log messages.

+

+Live Migration

+--------------

+Device state can be saved to disk image files and shared with other users.

+Live migration code must validate inputs when loading device state so an

+attacker cannot gain control by crafting invalid device states. Device state

+is therefore considered untrusted even though it is typically generated by QEMU

+itself.

+

+Guest Memory Access Races

+-------------------------

+Guests with multiple vCPUs may modify guest RAM while device emulation code is

+running. Device emulation code must copy in descriptors and other guest RAM

+structures and only process the local copy. This prevents

+time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to

+crash when a vCPU thread modifies guest RAM while device emulation is

+processing it.

+@node Security

+@chapter Security

+

+@section Overview

+

+This chapter explains the security requirements that QEMU is designed to meet

+and principles for securely deploying QEMU.

+

+@section Security Requirements

+

+QEMU supports many different use cases, some of which have stricter security

+requirements than others. The community has agreed on the overall security

+requirements that users may depend on. These requirements define what is

+considered supported from a security perspective.

+

+@subsection Virtualization Use Case

+

+The virtualization use case covers cloud and virtual private server (VPS)

+hosting, as well as traditional data center and desktop virtualization. These

+use cases rely on hardware virtualization extensions to execute guest code

+safely on the physical CPU at close-to-native speed.

+

+The following entities are untrusted, meaning that they may be buggy or

+malicious:

+

+@itemize

+@item Guest

+@item User-facing interfaces (e.g. VNC, SPICE, WebSocket)

+@item Network protocols (e.g. NBD, live migration)

+@item User-supplied files (e.g. disk images, kernels, device trees)

+@item Passthrough devices (e.g. PCI, USB)

+@end itemize

+

+Bugs affecting these entities are evaluated on whether they can cause damage in

+real-world use cases and treated as security bugs if this is the case.

+

+@subsection Non-virtualization Use Case

+

+The non-virtualization use case covers emulation using the Tiny Code Generator

+(TCG). In principle the TCG and device emulation code used in conjunction with

+the non-virtualization use case should meet the same security requirements as

+the virtualization use case. However, for historical reasons much of the

+non-virtualization use case code was not written with these security

+requirements in mind.

+

+Bugs affecting the non-virtualization use case are not considered security

+bugs at this time. Users with non-virtualization use cases must not rely on

+QEMU to provide guest isolation or any security guarantees.

+

+@section Architecture

+

+This section describes the design principles that ensure the security

+requirements are met.

+

+@subsection Guest Isolation

+

+Guest isolation is the confinement of guest code to the virtual machine. When

+guest code gains control of execution on the host this is called escaping the

+virtual machine. Isolation also includes resource limits such as throttling of

+CPU, memory, disk, or network. Guests must be unable to exceed their resource

+limits.

+

+QEMU presents an attack surface to the guest in the form of emulated devices.

+The guest must not be able to gain control of QEMU. Bugs in emulated devices

+could allow malicious guests to gain code execution in QEMU. At this point the

+guest has escaped the virtual machine and is able to act in the context of the

+QEMU process on the host.

+

+Guests often interact with other guests and share resources with them. A

+malicious guest must not gain control of other guests or access their data.

+Disk image files and network traffic must be protected from other guests unless

+explicitly shared between them by the user.

+

+@subsection Principle of Least Privilege

+

+The principle of least privilege states that each component only has access to

+the privileges necessary for its function. In the case of QEMU this means that

+each process only has access to resources belonging to the guest.

+

+The QEMU process should not have access to any resources that are inaccessible

+to the guest. This way the guest does not gain anything by escaping into the

+QEMU process since it already has access to those same resources from within

+the guest.

+

+Following the principle of least privilege immediately fulfills guest isolation

+requirements. For example, guest A only has access to its own disk image file

+@code{a.img} and not guest B's disk image file @code{b.img}.

+

+In reality certain resources are inaccessible to the guest but must be

+available to QEMU to perform its function. For example, host system calls are

+necessary for QEMU but are not exposed to guests. A guest that escapes into

+the QEMU process can then begin invoking host system calls.

+

+New features must be designed to follow the principle of least privilege.

+Should this not be possible for technical reasons, the security risk must be

+clearly documented so users are aware of the trade-off of enabling the feature.

+

+@subsection Isolation mechanisms

+

+Several isolation mechanisms are available to realize this architecture of

+guest isolation and the principle of least privilege. With the exception of

+Linux seccomp, these mechanisms are all deployed by management tools that

+launch QEMU, such as libvirt. They are also platform-specific so they are only

+described briefly for Linux here.

+

+The fundamental isolation mechanism is that QEMU processes must run as

+unprivileged users. Sometimes it seems more convenient to launch QEMU as

+root to give it access to host devices (e.g. @code{/dev/net/tun}) but this poses a

+huge security risk. File descriptor passing can be used to give an otherwise

+unprivileged QEMU process access to host devices without running QEMU as root.

+It is also possible to launch QEMU as a non-root user and configure UNIX groups

+for access to @code{/dev/kvm}, @code{/dev/net/tun}, and other device nodes.

+Some Linux distros already ship with UNIX groups for these devices by default.

+

+@itemize

+@item SELinux and AppArmor make it possible to confine processes beyond the

+traditional UNIX process and file permissions model. They restrict the QEMU

+process from accessing processes and files on the host system that are not

+needed by QEMU.

+

+@item Resource limits and cgroup controllers provide throughput and utilization

+limits on key resources such as CPU time, memory, and I/O bandwidth.

+

+@item Linux namespaces can be used to make process, file system, and other system

+resources unavailable to QEMU. A namespaced QEMU process is restricted to only

+those resources that were granted to it.

+

+@item Linux seccomp is available via the QEMU @option{--sandbox} option. It disables

+system calls that are not needed by QEMU, thereby reducing the host kernel

+attack surface.

+@end itemize

+#include "qemu/units.h"

+ if (board->ram) {

+ mc->default_ram_size = board->ram;

+ }

+ .ram = 256 * MiB,

+ .ram = 512 * MiB,

+ .ram = 512 * MiB,

+ .ram = 512 * MiB,

+#include "qemu/units.h"

+ if (machine->ram_size > 1 * GiB) {

+ error_report("Requested ram size is too large for this machine: "

+ "maximum is 1GB");

+ exit(1);

+ }

+

+#include "qemu/option.h"

+#define VIRT_FLASH_SECTOR_SIZE (256 * KiB)

+

+static PFlashCFI01 *virt_flash_create1(VirtMachineState *vms,

+ const char *name,

+ const char *alias_prop_name)

+ /*

+ * Create a single flash device. We use the same parameters as

+ * the flash devices on the Versatile Express board.

+ qdev_prop_set_uint64(dev, "sector-length", VIRT_FLASH_SECTOR_SIZE);

+ object_property_add_child(OBJECT(vms), name, OBJECT(dev),

+ &error_abort);

+ object_property_add_alias(OBJECT(vms), alias_prop_name,

+ OBJECT(dev), "drive", &error_abort);

+ return PFLASH_CFI01(dev);

+}

+static void virt_flash_create(VirtMachineState *vms)

+{

+ vms->flash[0] = virt_flash_create1(vms, "virt.flash0", "pflash0");

+ vms->flash[1] = virt_flash_create1(vms, "virt.flash1", "pflash1");

+}

+static void virt_flash_map1(PFlashCFI01 *flash,

+ hwaddr base, hwaddr size,

+ MemoryRegion *sysmem)

+{

+ DeviceState *dev = DEVICE(flash);

+ assert(size % VIRT_FLASH_SECTOR_SIZE == 0);

+ assert(size / VIRT_FLASH_SECTOR_SIZE <= UINT32_MAX);

+ qdev_prop_set_uint32(dev, "num-blocks", size / VIRT_FLASH_SECTOR_SIZE);

+ qdev_init_nofail(dev);

+

+ memory_region_add_subregion(sysmem, base,

+ sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),

+ 0));

+static void virt_flash_map(VirtMachineState *vms,

+ MemoryRegion *sysmem,

+ MemoryRegion *secure_sysmem)

+ /*

+ * Map two flash devices to fill the VIRT_FLASH space in the memmap.

+ virt_flash_map1(vms->flash[0], flashbase, flashsize,

+ secure_sysmem);

+ virt_flash_map1(vms->flash[1], flashbase + flashsize, flashsize,

+ sysmem);

+}

+

+static void virt_flash_fdt(VirtMachineState *vms,

+ MemoryRegion *sysmem,

+ MemoryRegion *secure_sysmem)

+{

+ hwaddr flashsize = vms->memmap[VIRT_FLASH].size / 2;

+ hwaddr flashbase = vms->memmap[VIRT_FLASH].base;

+ char *nodename;

+ /*

+ * Report the devices as separate nodes so we can mark one as

+static bool virt_firmware_init(VirtMachineState *vms,

+ MemoryRegion *sysmem,

+ MemoryRegion *secure_sysmem)

+{

+ int i;

+ BlockBackend *pflash_blk0;

+

+ /* Map legacy -drive if=pflash to machine properties */

+ for (i = 0; i < ARRAY_SIZE(vms->flash); i++) {

+ pflash_cfi01_legacy_drive(vms->flash[i],

+ drive_get(IF_PFLASH, 0, i));

+ }

+

+ virt_flash_map(vms, sysmem, secure_sysmem);

+

+ pflash_blk0 = pflash_cfi01_get_blk(vms->flash[0]);

+

+ if (bios_name) {

+ char *fname;

+ MemoryRegion *mr;

+ int image_size;

+

+ if (pflash_blk0) {

+ error_report("The contents of the first flash device may be "

+ "specified with -bios or with -drive if=pflash... "

+ "but you cannot use both options at once");

+ exit(1);

+ }

+

+ /* Fall back to -bios */

+

+ fname = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);

+ if (!fname) {

+ error_report("Could not find ROM image '%s'", bios_name);

+ exit(1);

+ }

+ mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(vms->flash[0]), 0);

+ image_size = load_image_mr(fname, mr);

+ g_free(fname);

+ if (image_size < 0) {

+ error_report("Could not load ROM image '%s'", bios_name);

+ exit(1);

+ }

+ }

+

+ return pflash_blk0 || bios_name;

+}

+

+ bool firmware_loaded;

+ if (vms->secure) {

+ if (kvm_enabled()) {

+ error_report("mach-virt: KVM does not support Security extensions");

+ exit(1);

+ }

+

+ /*

+ * The Secure view of the world is the same as the NonSecure,

+ * but with a few extra devices. Create it as a container region

+ * containing the system memory at low priority; any secure-only

+ * devices go in at higher priority and take precedence.

+ */

+ secure_sysmem = g_new(MemoryRegion, 1);

+ memory_region_init(secure_sysmem, OBJECT(machine), "secure-memory",

+ UINT64_MAX);

+ memory_region_add_subregion_overlap(secure_sysmem, 0, sysmem, -1);

+ }

+

+ firmware_loaded = virt_firmware_init(vms, sysmem,

+ secure_sysmem ?: sysmem);

+

+ virt_flash_fdt(vms, sysmem, secure_sysmem);

+

+ virt_flash_create(vms);

+#include "qemu/error-report.h"

+#include "qemu/option.h"

+#include "sysemu/blockdev.h"

+/*

+ * Handle -drive if=pflash for machines that use properties.

+ * If @dinfo is null, do nothing.

+ * Else if @fl's property "drive" is already set, fatal error.

+ * Else set it to the BlockBackend with @dinfo.

+ */

+void pflash_cfi01_legacy_drive(PFlashCFI01 *fl, DriveInfo *dinfo)

+{

+ Location loc;

+

+ if (!dinfo) {

+ return;

+ }

+

+ loc_push_none(&loc);

+ qemu_opts_loc_restore(dinfo->opts);

+ if (fl->blk) {

+ error_report("clashes with -machine");

+ exit(1);

+ }

+ qdev_prop_set_drive(DEVICE(fl), "drive",

+ blk_by_legacy_dinfo(dinfo), &error_fatal);

+ loc_pop(&loc);

+}

+

+config DDC

+ bool

+ depends on I2C

+ select EDID

+

+common-obj-$(CONFIG_DDC) += i2c-ddc.o

+ src_bits + s->regs.src_x + (s->regs.src_y + s->regs.dst_height) *

+ src_stride * sizeof(uint32_t) >= end ||

+ dst_bits + s->regs.dst_x + (s->regs.dst_y + s->regs.dst_height) *

+ dst_stride * sizeof(uint32_t) >= end) {

+ dst_bits + s->regs.dst_x + (s->regs.dst_y + s->regs.dst_height) *

+ dst_stride * sizeof(uint32_t) >= end) {

+ * Reference: Finn Thogersons' VGADOC4b:

+ *

+ * http://web.archive.org/web/20021019054927/http://home.worldonline.dk/finth/

+ *

+ * VGADOC4b.ZIP content available at:

+ *

+ * https://pdos.csail.mit.edu/6.828/2005/readings/hardware/vgadoc

+#include "hw/display/i2c-ddc.h"

+ uint32_t prod;

+ QXLReleaseRing *ring;

+

+ ring = &d->ram->release_ring;

+ prod = ring->prod & SPICE_RING_INDEX_MASK(ring);

+ assert(prod < ARRAY_SIZE(ring->items));

+ ring->items[prod].el = 0;

+

+ uint32_t prod;

+

+ ring = &d->ram->release_ring;

+ prod = ring->prod & SPICE_RING_INDEX_MASK(ring);

+ if (prod >= ARRAY_SIZE(ring->items)) {

+ qxl_set_guest_bug(d, "SPICE_RING_PROD_ITEM indices mismatch "

+ "%u >= %zu", prod, ARRAY_SIZE(ring->items));

+ ring->items[prod].el = 0;

+ uint32_t prod;

+ uint64_t id;

+ if (!ext.info) {

+ return;

+ }

+ prod = ring->prod & SPICE_RING_INDEX_MASK(ring);

+ if (prod >= ARRAY_SIZE(ring->items)) {

+ qxl_set_guest_bug(qxl, "SPICE_RING_PROD_ITEM indices mismatch "

+ "%u >= %zu", prod, ARRAY_SIZE(ring->items));

+ if (ring->items[prod].el == 0) {

+ ring->items[prod].el = id;

+#include "hw/display/i2c-ddc.h"

+#include "hw/display/i2c-ddc.h"

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ * This program is distributed in the hope that it will be useful,

+ * General Public License for more details.

+ * You should have received a copy of the GNU General Public License

+ * along with this program; if not, see <http://www.gnu.org/licenses/>

+ pflash_cfi01_legacy_drive(pcms->flash[i],

+ drive_get(IF_PFLASH, 0, i));

+ int pend_subprio = 0;

+ int prio, subprio;

+ subprio = vec->prio & ~nvic_gprio_mask(s, targets_secure);

+ if (vec->enabled && vec->pending &&

+ ((prio < pend_prio) ||

+ (prio == pend_prio && prio >= 0 && subprio < pend_subprio))) {

+ pend_subprio = subprio;

+ if (!attrs.secure &&

+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {

+ return 0;

+ }

+ if (!attrs.secure &&

+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {

+ return;

+ }

+ /*

+ * The BFSR bits [15:8] are shared between security states

+ * and we store them in the NS copy. They are RAZ/WI for

+ * NS code if AIRCR.BFHFNMINS is 0.

+ if (!attrs.secure &&

+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {

+ val &= ~R_V7M_CFSR_BFSR_MASK;

+ } else {

+ val |= s->cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK;

+ }

+ if (!attrs.secure &&

+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {

+ /* BFSR bits are RAZ/WI for NS if BFHFNMINS is set */

+ value &= ~R_V7M_CFSR_BFSR_MASK;

+ }

+

+ /* DebugMonitor is enabled via DEMCR.MON_EN */

+ s->vectors[ARMV7M_EXCP_DEBUG].enabled = 0;

+

+#include "qemu/log.h"

+ qemu_log_mask(LOG_GUEST_ERROR, "pcnet: Bad SWSTYLE=0x%02x\n",

+ val & 0xff);

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ RdmaBackendSRQ *backend_srq;

+ RdmaProtectedGSList *cqe_ctx_list;

+ if (bctx->backend_qp) {

+ cqe_ctx_list = &bctx->backend_qp->cqe_ctx_list;

+ } else {

+ cqe_ctx_list = &bctx->backend_srq->cqe_ctx_list;

+ }

+

+ rdma_protected_gslist_remove_int32(cqe_ctx_list, wc[i].wr_id);

+void rdma_backend_post_srq_recv(RdmaBackendDev *backend_dev,

+ RdmaBackendSRQ *srq, struct ibv_sge *sge,

+ uint32_t num_sge, void *ctx)

+{

+ BackendCtx *bctx;

+ struct ibv_sge new_sge[MAX_SGE];

+ uint32_t bctx_id;

+ int rc;

+ struct ibv_recv_wr wr = {}, *bad_wr;

+

+ bctx = g_malloc0(sizeof(*bctx));

+ bctx->up_ctx = ctx;

+ bctx->backend_srq = srq;

+

+ rc = rdma_rm_alloc_cqe_ctx(backend_dev->rdma_dev_res, &bctx_id, bctx);

+ if (unlikely(rc)) {

+ complete_work(IBV_WC_GENERAL_ERR, VENDOR_ERR_NOMEM, ctx);

+ goto err_free_bctx;

+ }

+

+ rdma_protected_gslist_append_int32(&srq->cqe_ctx_list, bctx_id);

+

+ rc = build_host_sge_array(backend_dev->rdma_dev_res, new_sge, sge, num_sge,

+ &backend_dev->rdma_dev_res->stats.rx_bufs_len);

+ if (rc) {

+ complete_work(IBV_WC_GENERAL_ERR, rc, ctx);

+ goto err_dealloc_cqe_ctx;

+ }

+

+ wr.num_sge = num_sge;

+ wr.sg_list = new_sge;

+ wr.wr_id = bctx_id;

+ rc = ibv_post_srq_recv(srq->ibsrq, &wr, &bad_wr);

+ if (rc) {

+ rdma_error_report("ibv_post_srq_recv fail, srqn=0x%x, rc=%d, errno=%d",

+ srq->ibsrq->handle, rc, errno);

+ complete_work(IBV_WC_GENERAL_ERR, VENDOR_ERR_FAIL_BACKEND, ctx);

+ goto err_dealloc_cqe_ctx;

+ }

+

+ atomic_inc(&backend_dev->rdma_dev_res->stats.missing_cqe);

+ backend_dev->rdma_dev_res->stats.rx_bufs++;

+ backend_dev->rdma_dev_res->stats.rx_srq++;

+

+ return;

+

+err_dealloc_cqe_ctx:

+ backend_dev->rdma_dev_res->stats.rx_bufs_err++;

+ rdma_rm_dealloc_cqe_ctx(backend_dev->rdma_dev_res, bctx_id);

+

+err_free_bctx:

+ g_free(bctx);

+}

+

+ RdmaBackendCQ *rcq, RdmaBackendSRQ *srq,

+ uint32_t max_send_wr, uint32_t max_recv_wr,

+ uint32_t max_send_sge, uint32_t max_recv_sge)

+ if (srq) {

+ attr.srq = srq->ibsrq;

+ }

+int rdma_backend_create_srq(RdmaBackendSRQ *srq, RdmaBackendPD *pd,

+ uint32_t max_wr, uint32_t max_sge,

+ uint32_t srq_limit)

+{

+ struct ibv_srq_init_attr srq_init_attr = {};

+

+ srq_init_attr.attr.max_wr = max_wr;

+ srq_init_attr.attr.max_sge = max_sge;

+ srq_init_attr.attr.srq_limit = srq_limit;

+

+ srq->ibsrq = ibv_create_srq(pd->ibpd, &srq_init_attr);

+ if (!srq->ibsrq) {

+ rdma_error_report("ibv_create_srq failed, errno=%d", errno);

+ return -EIO;

+ }

+

+ rdma_protected_gslist_init(&srq->cqe_ctx_list);

+

+ return 0;

+}

+

+int rdma_backend_query_srq(RdmaBackendSRQ *srq, struct ibv_srq_attr *srq_attr)

+{

+ if (!srq->ibsrq) {

+ return -EINVAL;

+ }

+

+ return ibv_query_srq(srq->ibsrq, srq_attr);

+}

+

+int rdma_backend_modify_srq(RdmaBackendSRQ *srq, struct ibv_srq_attr *srq_attr,

+ int srq_attr_mask)

+{

+ if (!srq->ibsrq) {

+ return -EINVAL;

+ }

+

+ return ibv_modify_srq(srq->ibsrq, srq_attr, srq_attr_mask);

+}

+

+void rdma_backend_destroy_srq(RdmaBackendSRQ *srq, RdmaDeviceResources *dev_res)

+{

+ if (srq->ibsrq) {

+ ibv_destroy_srq(srq->ibsrq);

+ }

+ g_slist_foreach(srq->cqe_ctx_list.list, free_cqe_ctx, dev_res);

+ rdma_protected_gslist_destroy(&srq->cqe_ctx_list);

+}

+

+ dev_attr->max_srq_sge = MAX_SGE;

+ CHK_ATTR(dev_attr, bk_dev_attr, max_srq, "%d");

+ RdmaBackendCQ *rcq, RdmaBackendSRQ *srq,

+ uint32_t max_send_wr, uint32_t max_recv_wr,

+ uint32_t max_send_sge, uint32_t max_recv_sge);

+int rdma_backend_create_srq(RdmaBackendSRQ *srq, RdmaBackendPD *pd,

+ uint32_t max_wr, uint32_t max_sge,

+ uint32_t srq_limit);

+int rdma_backend_query_srq(RdmaBackendSRQ *srq, struct ibv_srq_attr *srq_attr);

+int rdma_backend_modify_srq(RdmaBackendSRQ *srq, struct ibv_srq_attr *srq_attr,

+ int srq_attr_mask);

+void rdma_backend_destroy_srq(RdmaBackendSRQ *srq,

+ RdmaDeviceResources *dev_res);

+void rdma_backend_post_srq_recv(RdmaBackendDev *backend_dev,

+ RdmaBackendSRQ *srq, struct ibv_sge *sge,

+ uint32_t num_sge, void *ctx);

+

+typedef struct RdmaBackendSRQ {

+ struct ibv_srq *ibsrq;

+ RdmaProtectedGSList cqe_ctx_list;

+} RdmaBackendSRQ;

+

+ monitor_printf(mon, "\trx_srq : %" PRId64 "\n",

+ dev_res->stats.rx_srq);

+ uint32_t recv_cq_handle, void *opaque, uint32_t *qpn,

+ uint8_t is_srq, uint32_t srq_handle)

+ RdmaRmSRQ *srq = NULL;

+ if (is_srq) {

+ srq = rdma_rm_get_srq(dev_res, srq_handle);

+ if (!srq) {

+ rdma_error_report("Invalid srqn %d", srq_handle);

+ return -EINVAL;

+ }

+

+ srq->recv_cq_handle = recv_cq_handle;

+ }

+

+ qp->is_srq = is_srq;

+ &scq->backend_cq, &rcq->backend_cq,

+ is_srq ? &srq->backend_srq : NULL,

+ max_send_wr, max_recv_wr, max_send_sge,

+ max_recv_sge);

+

+RdmaRmSRQ *rdma_rm_get_srq(RdmaDeviceResources *dev_res, uint32_t srq_handle)

+{

+ return rdma_res_tbl_get(&dev_res->srq_tbl, srq_handle);

+}

+

+int rdma_rm_alloc_srq(RdmaDeviceResources *dev_res, uint32_t pd_handle,

+ uint32_t max_wr, uint32_t max_sge, uint32_t srq_limit,

+ uint32_t *srq_handle, void *opaque)

+{

+ RdmaRmSRQ *srq;

+ RdmaRmPD *pd;

+ int rc;

+

+ pd = rdma_rm_get_pd(dev_res, pd_handle);

+ if (!pd) {

+ return -EINVAL;

+ }

+

+ srq = rdma_res_tbl_alloc(&dev_res->srq_tbl, srq_handle);

+ if (!srq) {

+ return -ENOMEM;

+ }

+

+ rc = rdma_backend_create_srq(&srq->backend_srq, &pd->backend_pd,

+ max_wr, max_sge, srq_limit);

+ if (rc) {

+ rc = -EIO;

+ goto out_dealloc_srq;

+ }

+

+ srq->opaque = opaque;

+

+ return 0;

+

+out_dealloc_srq:

+ rdma_res_tbl_dealloc(&dev_res->srq_tbl, *srq_handle);

+

+ return rc;

+}

+

+int rdma_rm_query_srq(RdmaDeviceResources *dev_res, uint32_t srq_handle,

+ struct ibv_srq_attr *srq_attr)

+{

+ RdmaRmSRQ *srq;

+

+ srq = rdma_rm_get_srq(dev_res, srq_handle);

+ if (!srq) {

+ return -EINVAL;

+ }

+

+ return rdma_backend_query_srq(&srq->backend_srq, srq_attr);

+}

+

+int rdma_rm_modify_srq(RdmaDeviceResources *dev_res, uint32_t srq_handle,

+ struct ibv_srq_attr *srq_attr, int srq_attr_mask)

+{

+ RdmaRmSRQ *srq;

+

+ srq = rdma_rm_get_srq(dev_res, srq_handle);

+ if (!srq) {

+ return -EINVAL;

+ }

+

+ if ((srq_attr_mask & IBV_SRQ_LIMIT) &&

+ (srq_attr->srq_limit == 0)) {

+ return -EINVAL;

+ }

+

+ if ((srq_attr_mask & IBV_SRQ_MAX_WR) &&

+ (srq_attr->max_wr == 0)) {

+ return -EINVAL;

+ }

+

+ return rdma_backend_modify_srq(&srq->backend_srq, srq_attr,

+ srq_attr_mask);

+}

+

+void rdma_rm_dealloc_srq(RdmaDeviceResources *dev_res, uint32_t srq_handle)

+{

+ RdmaRmSRQ *srq;

+

+ srq = rdma_rm_get_srq(dev_res, srq_handle);

+ if (!srq) {

+ return;

+ }

+

+ rdma_backend_destroy_srq(&srq->backend_srq, dev_res);

+ rdma_res_tbl_dealloc(&dev_res->srq_tbl, srq_handle);

+}

+

+ res_tbl_init("SRQ", &dev_res->srq_tbl, dev_attr->max_srq,

+ sizeof(RdmaRmSRQ));

+ res_tbl_free(&dev_res->srq_tbl);

+ uint32_t recv_cq_handle, void *opaque, uint32_t *qpn,

+ uint8_t is_srq, uint32_t srq_handle);

+RdmaRmSRQ *rdma_rm_get_srq(RdmaDeviceResources *dev_res, uint32_t srq_handle);

+int rdma_rm_alloc_srq(RdmaDeviceResources *dev_res, uint32_t pd_handle,

+ uint32_t max_wr, uint32_t max_sge, uint32_t srq_limit,

+ uint32_t *srq_handle, void *opaque);

+int rdma_rm_query_srq(RdmaDeviceResources *dev_res, uint32_t srq_handle,

+ struct ibv_srq_attr *srq_attr);

+int rdma_rm_modify_srq(RdmaDeviceResources *dev_res, uint32_t srq_handle,

+ struct ibv_srq_attr *srq_attr, int srq_attr_mask);

+void rdma_rm_dealloc_srq(RdmaDeviceResources *dev_res, uint32_t srq_handle);

+

+#define MAX_SRQ 512

+ uint8_t is_srq;

+typedef struct RdmaRmSRQ {

+ RdmaBackendSRQ backend_srq;

+ uint32_t recv_cq_handle;

+ void *opaque;

+} RdmaRmSRQ;

+

+ uint64_t rx_srq;

+ RdmaRmResTbl srq_tbl;

+ uint32_t rpages, uint8_t is_srq)

+ if (!spages || spages > PVRDMA_MAX_FAST_REG_PAGES) {

+ rdma_error_report("Got invalid send page count for QP ring: %d",

+ spages);

+ return rc;

+ }

+

+ if (!is_srq && (!rpages || rpages > PVRDMA_MAX_FAST_REG_PAGES)) {

+ rdma_error_report("Got invalid recv page count for QP ring: %d",

+ if (!is_srq) {

+ sr = g_malloc(2 * sizeof(*rr));

+ rr = &sr[1];

+ } else {

+ sr = g_malloc(sizeof(*sr));

+ }

+ if (!is_srq) {

+ /* Create recv ring */

+ rr->ring_state = &sr->ring_state[1];

+ wqe_sz = pow2ceil(sizeof(struct pvrdma_rq_wqe_hdr) +

+ sizeof(struct pvrdma_sge) * rmax_sge - 1);

+ sprintf(ring_name, "qp_rring_%" PRIx64, pdir_dma);

+ rc = pvrdma_ring_init(rr, ring_name, pci_dev, rr->ring_state,

+ rcqe, wqe_sz, (dma_addr_t *)&tbl[1 + spages],

+ rpages);

+ if (rc) {

+ goto out_free_sr;

+ }

+static void destroy_qp_rings(PvrdmaRing *ring, uint8_t is_srq)

+ if (!is_srq) {

+ pvrdma_ring_free(&ring[1]);

+ }

+ cmd->total_chunks - cmd->send_chunks - 1, cmd->is_srq);

+ &resp->qpn, cmd->is_srq, cmd->srq_handle);

+ destroy_qp_rings(rings, cmd->is_srq);

+ destroy_qp_rings(ring, qp->is_srq);

+ rdma_rm_dealloc_qp(&dev->rdma_dev_res, cmd->qp_handle);

+static int create_srq_ring(PCIDevice *pci_dev, PvrdmaRing **ring,

+ uint64_t pdir_dma, uint32_t max_wr,

+ uint32_t max_sge, uint32_t nchunks)

+{

+ uint64_t *dir = NULL, *tbl = NULL;

+ PvrdmaRing *r;

+ int rc = -EINVAL;

+ char ring_name[MAX_RING_NAME_SZ];

+ uint32_t wqe_sz;

+

+ if (!nchunks || nchunks > PVRDMA_MAX_FAST_REG_PAGES) {

+ rdma_error_report("Got invalid page count for SRQ ring: %d",

+ nchunks);

+ return rc;

+ }

+

+ dir = rdma_pci_dma_map(pci_dev, pdir_dma, TARGET_PAGE_SIZE);

+ if (!dir) {

+ rdma_error_report("Failed to map to SRQ page directory");

+ goto out;

+ }

+

+ tbl = rdma_pci_dma_map(pci_dev, dir[0], TARGET_PAGE_SIZE);

+ if (!tbl) {

+ rdma_error_report("Failed to map to SRQ page table");

+ goto out;

+ }

+

+ r = g_malloc(sizeof(*r));

+ *ring = r;

+

+ r->ring_state = (struct pvrdma_ring *)

+ rdma_pci_dma_map(pci_dev, tbl[0], TARGET_PAGE_SIZE);

+ if (!r->ring_state) {

+ rdma_error_report("Failed to map tp SRQ ring state");

+ goto out_free_ring_mem;

+ }

+

+ wqe_sz = pow2ceil(sizeof(struct pvrdma_rq_wqe_hdr) +

+ sizeof(struct pvrdma_sge) * max_sge - 1);

+ sprintf(ring_name, "srq_ring_%" PRIx64, pdir_dma);

+ rc = pvrdma_ring_init(r, ring_name, pci_dev, &r->ring_state[1], max_wr,

+ wqe_sz, (dma_addr_t *)&tbl[1], nchunks - 1);

+ if (rc) {

+ goto out_unmap_ring_state;

+ }

+

+ goto out;

+

+out_unmap_ring_state:

+ rdma_pci_dma_unmap(pci_dev, r->ring_state, TARGET_PAGE_SIZE);

+

+out_free_ring_mem:

+ g_free(r);

+

+out:

+ rdma_pci_dma_unmap(pci_dev, tbl, TARGET_PAGE_SIZE);

+ rdma_pci_dma_unmap(pci_dev, dir, TARGET_PAGE_SIZE);

+

+ return rc;

+}

+

+static void destroy_srq_ring(PvrdmaRing *ring)

+{

+ pvrdma_ring_free(ring);

+ rdma_pci_dma_unmap(ring->dev, ring->ring_state, TARGET_PAGE_SIZE);

+ g_free(ring);

+}

+

+static int create_srq(PVRDMADev *dev, union pvrdma_cmd_req *req,

+ union pvrdma_cmd_resp *rsp)

+{

+ struct pvrdma_cmd_create_srq *cmd = &req->create_srq;

+ struct pvrdma_cmd_create_srq_resp *resp = &rsp->create_srq_resp;

+ PvrdmaRing *ring = NULL;

+ int rc;

+

+ memset(resp, 0, sizeof(*resp));

+

+ rc = create_srq_ring(PCI_DEVICE(dev), &ring, cmd->pdir_dma,

+ cmd->attrs.max_wr, cmd->attrs.max_sge,

+ cmd->nchunks);

+ if (rc) {

+ return rc;

+ }

+

+ rc = rdma_rm_alloc_srq(&dev->rdma_dev_res, cmd->pd_handle,

+ cmd->attrs.max_wr, cmd->attrs.max_sge,

+ cmd->attrs.srq_limit, &resp->srqn, ring);

+ if (rc) {

+ destroy_srq_ring(ring);

+ return rc;

+ }

+

+ return 0;

+}

+

+static int query_srq(PVRDMADev *dev, union pvrdma_cmd_req *req,

+ union pvrdma_cmd_resp *rsp)

+{

+ struct pvrdma_cmd_query_srq *cmd = &req->query_srq;

+ struct pvrdma_cmd_query_srq_resp *resp = &rsp->query_srq_resp;

+

+ memset(resp, 0, sizeof(*resp));

+

+ return rdma_rm_query_srq(&dev->rdma_dev_res, cmd->srq_handle,

+ (struct ibv_srq_attr *)&resp->attrs);

+}

+

+static int modify_srq(PVRDMADev *dev, union pvrdma_cmd_req *req,

+ union pvrdma_cmd_resp *rsp)

+{

+ struct pvrdma_cmd_modify_srq *cmd = &req->modify_srq;

+

+ /* Only support SRQ limit */

+ if (!(cmd->attr_mask & IBV_SRQ_LIMIT) ||

+ (cmd->attr_mask & IBV_SRQ_MAX_WR))

+ return -EINVAL;

+

+ return rdma_rm_modify_srq(&dev->rdma_dev_res, cmd->srq_handle,

+ (struct ibv_srq_attr *)&cmd->attrs,

+ cmd->attr_mask);

+}

+

+static int destroy_srq(PVRDMADev *dev, union pvrdma_cmd_req *req,

+ union pvrdma_cmd_resp *rsp)

+{

+ struct pvrdma_cmd_destroy_srq *cmd = &req->destroy_srq;

+ RdmaRmSRQ *srq;

+ PvrdmaRing *ring;

+

+ srq = rdma_rm_get_srq(&dev->rdma_dev_res, cmd->srq_handle);

+ if (!srq) {

+ return -EINVAL;

+ }

+

+ ring = (PvrdmaRing *)srq->opaque;

+ destroy_srq_ring(ring);

+ rdma_rm_dealloc_srq(&dev->rdma_dev_res, cmd->srq_handle);

+

+ return 0;

+}

+

+ {PVRDMA_CMD_CREATE_SRQ, PVRDMA_CMD_CREATE_SRQ_RESP, create_srq},

+ {PVRDMA_CMD_QUERY_SRQ, PVRDMA_CMD_QUERY_SRQ_RESP, query_srq},

+ {PVRDMA_CMD_MODIFY_SRQ, PVRDMA_CMD_MODIFY_SRQ_RESP, modify_srq},

+ {PVRDMA_CMD_DESTROY_SRQ, PVRDMA_CMD_DESTROY_SRQ_RESP, destroy_srq},

+ DEFINE_PROP_INT32("dev-caps-max-srq", PVRDMADev, dev_attr.max_srq, MAX_SRQ),

+ dsr->caps.max_srq = dev->dev_attr.max_srq;

+ dsr->caps.max_srq_wr = dev->dev_attr.max_srq_wr;

+ dsr->caps.max_srq_sge = dev->dev_attr.max_srq_sge;

+ case PVRDMA_UAR_SRQ_OFFSET:

+ if (val & PVRDMA_UAR_SRQ_RECV) {

+ trace_pvrdma_uar_write(addr, val, "QP", "SRQ",

+ val & PVRDMA_UAR_HANDLE_MASK, 0);

+ pvrdma_srq_recv(dev, val & PVRDMA_UAR_HANDLE_MASK);

+ }

+ break;

+

+ dev->dev_attr.max_srq_wr = pg_tbl_bytes /

+ ((sizeof(struct pvrdma_rq_wqe_hdr) +

+ sizeof(struct pvrdma_sge)) *

+ dev->dev_attr.max_sge) - TARGET_PAGE_SIZE;

+ cqe1->qp = cqe->qp ? cqe->qp : wc->qp_num;

+void pvrdma_srq_recv(PVRDMADev *dev, uint32_t srq_handle)

+{

+ RdmaRmSRQ *srq;

+ PvrdmaRqWqe *wqe;

+ PvrdmaRing *ring;

+

+ srq = rdma_rm_get_srq(&dev->rdma_dev_res, srq_handle);

+ if (unlikely(!srq)) {

+ return;

+ }

+

+ ring = (PvrdmaRing *)srq->opaque;

+

+ wqe = (struct PvrdmaRqWqe *)pvrdma_ring_next_elem_read(ring);

+ while (wqe) {

+ CompHandlerCtx *comp_ctx;

+

+ /* Prepare CQE */

+ comp_ctx = g_malloc(sizeof(CompHandlerCtx));

+ comp_ctx->dev = dev;

+ comp_ctx->cq_handle = srq->recv_cq_handle;

+ comp_ctx->cqe.wr_id = wqe->hdr.wr_id;

+ comp_ctx->cqe.qp = 0;

+ comp_ctx->cqe.opcode = IBV_WC_RECV;

+

+ if (wqe->hdr.num_sge > dev->dev_attr.max_sge) {

+ rdma_error_report("Invalid num_sge=%d (max %d)", wqe->hdr.num_sge,

+ dev->dev_attr.max_sge);

+ complete_with_error(VENDOR_ERR_INV_NUM_SGE, comp_ctx);

+ continue;

+ }

+

+ rdma_backend_post_srq_recv(&dev->backend_dev, &srq->backend_srq,

+ (struct ibv_sge *)&wqe->sge[0],

+ wqe->hdr.num_sge,

+ comp_ctx);

+

+ pvrdma_ring_read_inc(ring);

+

+ wqe = pvrdma_ring_next_elem_read(ring);

+ }

+

+}

+

+void pvrdma_srq_recv(PVRDMADev *dev, uint32_t srq_handle);

+ kernel_size = load_uimage(kernel_filename, NULL, &entry,

+ NULL, NULL, NULL);

+ }

+ if (kernel_size < 0) {

+enum {

+ NBD_FLAG_HAS_FLAGS_BIT = 0, /* Flags are there */

+ NBD_FLAG_READ_ONLY_BIT = 1, /* Device is read-only */

+ NBD_FLAG_SEND_FLUSH_BIT = 2, /* Send FLUSH */

+ NBD_FLAG_SEND_FUA_BIT = 3, /* Send FUA (Force Unit Access) */

+ NBD_FLAG_ROTATIONAL_BIT = 4, /* Use elevator algorithm -

+ rotational media */

+ NBD_FLAG_SEND_TRIM_BIT = 5, /* Send TRIM (discard) */

+ NBD_FLAG_SEND_WRITE_ZEROES_BIT = 6, /* Send WRITE_ZEROES */

+ NBD_FLAG_SEND_DF_BIT = 7, /* Send DF (Do not Fragment) */

+ NBD_FLAG_CAN_MULTI_CONN_BIT = 8, /* Multi-client cache consistent */

+ NBD_FLAG_SEND_RESIZE_BIT = 9, /* Send resize */

+ NBD_FLAG_SEND_CACHE_BIT = 10, /* Send CACHE (prefetch) */

+};

+

+#define NBD_FLAG_HAS_FLAGS (1 << NBD_FLAG_HAS_FLAGS_BIT)

+#define NBD_FLAG_READ_ONLY (1 << NBD_FLAG_READ_ONLY_BIT)

+#define NBD_FLAG_SEND_FLUSH (1 << NBD_FLAG_SEND_FLUSH_BIT)

+#define NBD_FLAG_SEND_FUA (1 << NBD_FLAG_SEND_FUA_BIT)

+#define NBD_FLAG_ROTATIONAL (1 << NBD_FLAG_ROTATIONAL_BIT)

+#define NBD_FLAG_SEND_TRIM (1 << NBD_FLAG_SEND_TRIM_BIT)

+#define NBD_FLAG_SEND_WRITE_ZEROES (1 << NBD_FLAG_SEND_WRITE_ZEROES_BIT)

+#define NBD_FLAG_SEND_DF (1 << NBD_FLAG_SEND_DF_BIT)

+#define NBD_FLAG_CAN_MULTI_CONN (1 << NBD_FLAG_CAN_MULTI_CONN_BIT)

+#define NBD_FLAG_SEND_RESIZE (1 << NBD_FLAG_SEND_RESIZE_BIT)

+#define NBD_FLAG_SEND_CACHE (1 << NBD_FLAG_SEND_CACHE_BIT)

+#pragma GCC poison TARGET_FMT_lu

+ uint32_t ram;

+#include "hw/block/flash.h"

+ PFlashCFI01 *flash[2];

+void pflash_cfi01_legacy_drive(PFlashCFI01 *dev, DriveInfo *dinfo);

+#include "hw/display/i2c-ddc.h"

+#if defined(_WIN32) && (defined(__x86_64__) || defined(__i386__))

+/* enable C99/POSIX format strings (needs mingw32-runtime 3.15 or later) */

+#ifdef __MINGW32__

+#define __USE_MINGW_ANSI_STDIO 1

+#endif

+

+ aio_co_enter(job->aio_context, job->co);

+ /*

+ * Some segments may be completely empty without any backing file

+ * segment, in that case just let zero_bss allocate an empty buffer

+ * for it.

+ */

+ if (eppnt->p_filesz != 0) {

+ error = target_mmap(vaddr_ps, vaddr_len, elf_prot,

+ MAP_PRIVATE | MAP_FIXED,

+ image_fd, eppnt->p_offset - vaddr_po);

+

+ if (error == -1) {

+ goto exit_perror;

+ }

+ char pr_fname[16] QEMU_NONSTRING; /* filename of executable */

+#ifdef TARGET_GPROF

+#include <sys/gmon.h>

+#endif

+ IOCTL(SIOCGIFNAME, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_int_ifreq)))

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+#ifdef TARGET_GPROF

+ if (i == SIGPROF) {

+ continue;

+ }

+#endif

+ case IPV6_ADDRFORM:

+ case IPV6_2292PKTINFO:

+ case IPV6_RECVTCLASS:

+ case IPV6_RECVRTHDR:

+ case IPV6_2292RTHDR:

+ case IPV6_RECVHOPOPTS:

+ case IPV6_2292HOPOPTS:

+ case IPV6_RECVDSTOPTS:

+ case IPV6_2292DSTOPTS:

+ case IPV6_TCLASS:

+#ifdef IPV6_RECVPATHMTU

+ case IPV6_RECVPATHMTU:

+#endif

+#ifdef IPV6_TRANSPARENT

+ case IPV6_TRANSPARENT:

+#endif

+#ifdef IPV6_FREEBIND

+ case IPV6_FREEBIND:

+#endif

+#ifdef IPV6_RECVORIGDSTADDR

+ case IPV6_RECVORIGDSTADDR:

+#endif

+ case IPV6_ADDRFORM:

+ case IPV6_2292PKTINFO:

+ case IPV6_RECVTCLASS:

+ case IPV6_RECVRTHDR:

+ case IPV6_2292RTHDR:

+ case IPV6_RECVHOPOPTS:

+ case IPV6_2292HOPOPTS:

+ case IPV6_RECVDSTOPTS:

+ case IPV6_2292DSTOPTS:

+ case IPV6_TCLASS:

+#ifdef IPV6_RECVPATHMTU

+ case IPV6_RECVPATHMTU:

+#endif

+#ifdef IPV6_TRANSPARENT

+ case IPV6_TRANSPARENT:

+#endif

+#ifdef IPV6_FREEBIND

+ case IPV6_FREEBIND:

+#endif

+#ifdef IPV6_RECVORIGDSTADDR

+ case IPV6_RECVORIGDSTADDR:

+#endif

+ memcpy((dest), (src), MIN(sizeof(src), sizeof(dest))); \

+ (dest)[sizeof(dest) - 1] = '\0'; \

+ printf("Supported NIC models:\n");

+ for (i = 0 ; models[i]; i++) {

+ printf("%s\n", models[i]);

+ }

+* Security::

+@include docs/security.texi

+

+@file{@value{CONFDIR}/qemu-ga.conf} by default), then parse remaining

+ @samp{@value{CONFDIR}/fsfreeze-hook}). If using -F with an argument, do

+#include "qemu/units.h"

+#define IO_BUF_SIZE (2 * MiB)

+ n = MIN(1 * GiB, length - offset);

+ if (bs->backing) {

+ if (bs->backing_format[0] != '\0') {

+ qdict_put_str(options, "driver", bs->backing_format);

+

+ if (force_share) {

+ if (!options) {

+ options = qdict_new();

+ }

+ qdict_put_bool(options, BDRV_OPT_FORCE_SHARE, true);

+ }

+ bdrv_get_backing_filename(bs, backing_name, sizeof(backing_name));

+ blk_old_backing = blk_new_open(backing_name, NULL,

+ options, src_flags, &local_err);

+ if (!blk_old_backing) {

+ error_reportf_err(local_err,

+ "Could not open old backing file '%s': ",

+ backing_name);

+ ret = -1;

+ goto out;

+ }

+ } else {

+ blk_old_backing = NULL;

+ int64_t old_backing_size = 0;

+ if (blk_old_backing) {

+ old_backing_size = blk_getlength(blk_old_backing);

+ if (old_backing_size < 0) {

+ char backing_name[PATH_MAX];

+ bdrv_get_backing_filename(bs, backing_name,

+ sizeof(backing_name));

+ error_report("Could not get size of '%s': %s",

+ backing_name, strerror(-old_backing_size));

+ ret = -1;

+ goto out;

+ }

+ bool buf_old_is_zero = false;

+

+ buf_old_is_zero = true;

+ if (buf_old_is_zero) {

+ ret = blk_pwrite_zeroes(blk, offset + written, pnum, 0);

+ } else {

+ ret = blk_pwrite(blk, offset + written,

+ buf_old + written, pnum, 0);

+ }

+ static const char *const flag_names[] = {

+ [NBD_FLAG_READ_ONLY_BIT] = "readonly",

+ [NBD_FLAG_SEND_FLUSH_BIT] = "flush",

+ [NBD_FLAG_SEND_FUA_BIT] = "fua",

+ [NBD_FLAG_ROTATIONAL_BIT] = "rotational",

+ [NBD_FLAG_SEND_TRIM_BIT] = "trim",

+ [NBD_FLAG_SEND_WRITE_ZEROES_BIT] = "zeroes",

+ [NBD_FLAG_SEND_DF_BIT] = "df",

+ [NBD_FLAG_CAN_MULTI_CONN_BIT] = "multi",

+ [NBD_FLAG_SEND_RESIZE_BIT] = "resize",

+ [NBD_FLAG_SEND_CACHE_BIT] = "cache",

+ };

+

+ for (size_t bit = 0; bit < ARRAY_SIZE(flag_names); bit++) {

+ if (flag_names[bit] && (list[i].flags & (1 << bit))) {

+ printf(" %s", flag_names[bit]);

+ }

+static GuestDiskBusType win2qemu[] = {

+ obj = object_new_with_type(klass->type);

+

+#if defined(_WIN32) && (defined(__x86_64__) || defined(__i386__))

+# define QEMU_PACKED __attribute__((gcc_struct, packed))

+#else

+# define QEMU_PACKED __attribute__((packed))

+#endif

+variablewidth = False

+ return self.func + '(ctx, ' + self.base.str_extract() + ')'

+ def __init__(self, name, lineno, base, fixb, fixm, udfm, fldm, flds, w):

+ self.width = w

+ output('static void ', self.extract_name(), '(DisasContext *ctx, ',

+ output(ind, self.base.extract_name(),

+ '(ctx, &u.f_', arg, ', insn);\n')

+ def __init__(self, lineno, pats, fixb, fixm, udfm, w):

+ self.width = w

+def infer_format(arg, fieldmask, flds, width):

+ if width != fmt.width:

+ continue

+ fmt = Format(name, 0, arg, 0, 0, 0, fieldmask, var_flds, width)

+ global variablewidth

+ if variablewidth and width < insnwidth and width % 8 == 0:

+ shift = insnwidth - width

+ fixedbits <<= shift

+ fixedmask <<= shift

+ undefmask <<= shift

+ undefmask |= (1 << shift) - 1

+

+ elif not (is_format and width == 0) and width != insnwidth:

+ undefmask, fieldmask, flds, width)

+ if width != fmt.width:

+ error(lineno, 'pattern uses format of different width')

+ (fmt, flds) = infer_format(arg, fieldmask, flds, width)

+ undefmask, fieldmask, flds, width)

+ width = None

+ for p in pats:

+ if width is None:

+ width = p.width

+ elif width != p.width:

+ error(lineno, 'width mismatch in patterns within braces')

+

+ mp = MultiPattern(lineno, pats, fixedbits, fixedmask, undefmask, width)

+ '(ctx, &u.f_', self.base.base.name, ', insn);\n')

+class SizeTree:

+ """Class representing a node in a size decode tree"""

+

+ def __init__(self, m, w):

+ self.mask = m

+ self.subs = []

+ self.base = None

+ self.width = w

+

+ def str1(self, i):

+ ind = str_indent(i)

+ r = '{0}{1:08x}'.format(ind, self.mask)

+ r += ' [\n'

+ for (b, s) in self.subs:

+ r += '{0} {1:08x}:\n'.format(ind, b)

+ r += s.str1(i + 4) + '\n'

+ r += ind + ']'

+ return r

+

+ def __str__(self):

+ return self.str1(0)

+

+ def output_code(self, i, extracted, outerbits, outermask):

+ ind = str_indent(i)

+

+ # If we need to load more bytes to test, do so now.

+ if extracted < self.width:

+ output(ind, 'insn = ', decode_function,

+ '_load_bytes(ctx, insn, {0}, {1});\n'

+ .format(extracted / 8, self.width / 8));

+ extracted = self.width

+

+ # Attempt to aid the compiler in producing compact switch statements.

+ # If the bits in the mask are contiguous, extract them.

+ sh = is_contiguous(self.mask)

+ if sh > 0:

+ # Propagate SH down into the local functions.

+ def str_switch(b, sh=sh):

+ return '(insn >> {0}) & 0x{1:x}'.format(sh, b >> sh)

+

+ def str_case(b, sh=sh):

+ return '0x{0:x}'.format(b >> sh)

+ else:

+ def str_switch(b):

+ return 'insn & 0x{0:08x}'.format(b)

+

+ def str_case(b):

+ return '0x{0:08x}'.format(b)

+

+ output(ind, 'switch (', str_switch(self.mask), ') {\n')

+ for b, s in sorted(self.subs):

+ innermask = outermask | self.mask

+ innerbits = outerbits | b

+ output(ind, 'case ', str_case(b), ':\n')

+ output(ind, ' /* ',

+ str_match_bits(innerbits, innermask), ' */\n')

+ s.output_code(i + 4, extracted, innerbits, innermask)

+ output(ind, '}\n')

+ output(ind, 'return insn;\n')

+# end SizeTree

+

+class SizeLeaf:

+ """Class representing a leaf node in a size decode tree"""

+

+ def __init__(self, m, w):

+ self.mask = m

+ self.width = w

+

+ def str1(self, i):

+ ind = str_indent(i)

+ return '{0}{1:08x}'.format(ind, self.mask)

+

+ def __str__(self):

+ return self.str1(0)

+

+ def output_code(self, i, extracted, outerbits, outermask):

+ global decode_function

+ ind = str_indent(i)

+

+ # If we need to load more bytes, do so now.

+ if extracted < self.width:

+ output(ind, 'insn = ', decode_function,

+ '_load_bytes(ctx, insn, {0}, {1});\n'

+ .format(extracted / 8, self.width / 8));

+ extracted = self.width

+ output(ind, 'return insn;\n')

+# end SizeLeaf

+

+

+def build_size_tree(pats, width, outerbits, outermask):

+ global insnwidth

+

+ # Collect the mask of bits that are fixed in this width

+ innermask = 0xff << (insnwidth - width)

+ innermask &= ~outermask

+ minwidth = None

+ onewidth = True

+ for i in pats:

+ innermask &= i.fixedmask

+ if minwidth is None:

+ minwidth = i.width

+ elif minwidth != i.width:

+ onewidth = False;

+ if minwidth < i.width:

+ minwidth = i.width

+

+ if onewidth:

+ return SizeLeaf(innermask, minwidth)

+

+ if innermask == 0:

+ if width < minwidth:

+ return build_size_tree(pats, width + 8, outerbits, outermask)

+

+ pnames = []

+ for p in pats:

+ pnames.append(p.name + ':' + p.file + ':' + str(p.lineno))

+ error_with_file(pats[0].file, pats[0].lineno,

+ 'overlapping patterns size {0}:'.format(width), pnames)

+

+ bins = {}

+ for i in pats:

+ fb = i.fixedbits & innermask

+ if fb in bins:

+ bins[fb].append(i)

+ else:

+ bins[fb] = [i]

+

+ fullmask = outermask | innermask

+ lens = sorted(bins.keys())

+ if len(lens) == 1:

+ b = lens[0]

+ return build_size_tree(bins[b], width + 8, b | outerbits, fullmask)

+

+ r = SizeTree(innermask, width)

+ for b, l in bins.items():

+ s = build_size_tree(l, width, b | outerbits, fullmask)

+ r.subs.append((b, s))

+ return r

+# end build_size_tree

+

+

+def prop_size(tree):

+ """Propagate minimum widths up the decode size tree"""

+

+ if isinstance(tree, SizeTree):

+ min = None

+ for (b, s) in tree.subs:

+ width = prop_size(s)

+ if min is None or min > width:

+ min = width

+ assert min >= tree.width

+ tree.width = min

+ else:

+ min = tree.width

+ return min

+# end prop_size

+

+

+ global variablewidth

+ 'static-decode=', 'varinsnwidth=']

+ (opts, args) = getopt.getopt(sys.argv[1:], 'o:vw:', long_opts)

+ elif o in ('-w', '--insnwidth', '--varinsnwidth'):

+ if o == '--varinsnwidth':

+ variablewidth = True

+ if variablewidth:

+ stree = build_size_tree(patterns, 8, 0, 0)

+ prop_size(stree)

+

+ dtree = build_tree(patterns, 0, 0)

+ prop_format(dtree)

+ dtree.output_code(4, False, 0, 0)

+ if variablewidth:

+ output('\n', decode_scope, insntype, ' ', decode_function,

+ '_load(DisasContext *ctx)\n{\n',

+ ' ', insntype, ' insn = 0;\n\n')

+ stree.output_code(4, 0, 0, 0)

+ output('}\n')

+

+Subproject f0da6726207b740f6101028b2992f918477a4b0

+ | (env->GE << 16)

+ if (mask & XPSR_GE) {

+ env->GE = (val & XPSR_GE) >> 16;

+ }

+ * @kvm_sync: true if this is for syncing back to KVM

+ * @kvm_sync is true if we are doing this in order to sync the

+ * register state back to KVM. In this case we will only update

+ * values in the list if the previous list->cpustate sync actually

+ * successfully wrote the CPU state. Otherwise we will keep the value

+ * that is in the list.

+ *

+bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);

+#include "qemu/units.h"

+bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync)

+ uint64_t newval;

+

+ newval = read_raw_cp_reg(&cpu->env, ri);

+ if (kvm_sync) {

+ /*

+ * Only sync if the previous list->cpustate sync succeeded.

+ * Rather than tracking the success/failure state for every

+ * item in the list, we just recheck "does the raw write we must

+ * have made in write_list_to_cpustate() read back OK" here.

+ */

+ uint64_t oldval = cpu->cpreg_values[i];

+

+ if (oldval == newval) {

+ continue;

+ }

+

+ write_raw_cp_reg(&cpu->env, ri, oldval);

+ if (read_raw_cp_reg(&cpu->env, ri) != oldval) {

+ continue;

+ }

+

+ write_raw_cp_reg(&cpu->env, ri, newval);

+ }

+ cpu->cpreg_values[i] = newval;

+ uint32_t xpsr, xpsr_mask;

+

+ xpsr_mask = ~(XPSR_SPREALIGN | XPSR_SFPA);

+ if (!arm_feature(env, ARM_FEATURE_THUMB_DSP)) {

+ xpsr_mask &= ~XPSR_GE;

+ }

+ xpsr_write(env, xpsr, xpsr_mask);

+ if (arm_feature(env, ARM_FEATURE_THUMB_DSP)) {

+ mask |= XPSR_GE;

+ }

+ * same QEMU executable. So in practice the hostaddr[] array has

+ * two entries, given the current setting of TARGET_PAGE_BITS_MIN.

+ void *hostaddr[DIV_ROUND_UP(2 * KiB, 1 << TARGET_PAGE_BITS_MIN)];

+ assert(maxidx <= ARRAY_SIZE(hostaddr));

+

+ /*

+ * Sync the reset values also into the CPUState. This is necessary

+ * because the next thing we do will be a kvm_arch_put_registers()

+ * which will update the list values from the CPUState before copying

+ * the list values back to KVM. It's OK to ignore failure returns here

+ * for the same reason we do so in kvm_arch_get_registers().

+ */

+ write_list_to_cpustate(cpu);

+ write_cpustate_to_list(cpu, true);

+

+ write_cpustate_to_list(cpu, true);

+

+ if (!write_cpustate_to_list(cpu, false)) {

+static int tszimm_esz(DisasContext *s, int x)

+static int tszimm_shr(DisasContext *s, int x)

+ return (16 << tszimm_esz(s, x)) - x;

+static int tszimm_shl(DisasContext *s, int x)

+ return x - (8 << tszimm_esz(s, x));

+static inline int plus1(DisasContext *s, int x)

+static inline int expand_imm_sh8s(DisasContext *s, int x)

+static inline int expand_imm_sh8u(DisasContext *s, int x)

+static inline int msz_dtype(DisasContext *s, int msz)

+ desc = sve_memopidx(s, msz_dtype(s, msz));

+ do_mem_zpa(s, zt, pg, addr, msz_dtype(s, msz), fn);

+ desc = sve_memopidx(s, msz_dtype(s, msz));

+static int expand_sm_imm(DisasContext *ctx, int val)

+static int expand_sr3x(DisasContext *ctx, int val)

+static int ma_to_m(DisasContext *ctx, int val)

+static int pos_to_m(DisasContext *ctx, int val)

+static int neg_to_m(DisasContext *ctx, int val)

+static int expand_shl2(DisasContext *ctx, int val)

+static int expand_shl3(DisasContext *ctx, int val)

+static int expand_shl11(DisasContext *ctx, int val)

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+# version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ decode_insn16_extract_cl_w(ctx, &tmp, ctx->opcode);

+ decode_insn16_extract_cl_d(ctx, &tmp, ctx->opcode);

+ decode_insn16_extract_cs_w(ctx, &tmp, ctx->opcode);

+ decode_insn16_extract_cs_d(ctx, &tmp, ctx->opcode);

+ decode_insn16_extract_cj(ctx, &tmp, ctx->opcode);

+ static int ex_shift_##amount(DisasContext *ctx, int imm) \

+static int ex_rvc_register(DisasContext *ctx, int reg)

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ * version 2.1 of the License, or (at your option) any later version.

+ PYTHONIOENCODING=utf-8 $(PYTHON) $(SRC_PATH)/tests/qapi-schema/test-qapi.py \

+#define qmp_discard_response(q, ...) qobject_unref(qtest_qmp(q, __VA_ARGS__))

+static void drive_add(QTestState *qts)

+ char *resp = qtest_hmp(qts, "drive_add 0 if=none,id=drive0");

+static void drive_del(QTestState *qts)

+ char *resp = qtest_hmp(qts, "drive_del drive0");

+static void device_del(QTestState *qts)

+ qmp_discard_response(qts, "{'execute': 'device_del',"

+ response = qtest_qmp_receive(qts);

+ QTestState *qts;

+

+ qts = qtest_init("-drive if=none,id=drive0");

+ drive_del(qts);

+ drive_add(qts);

+ qtest_quit(qts);

+ QTestState *qts;

+ qts = qtest_init("-drive if=none,id=drive0");

+ response = qtest_qmp(qts, "{'execute': 'device_add',"

+ " 'arguments': {"

+ " 'driver': %s,"

+ " 'drive': 'drive0'"

+ "}}", driver);

+ drive_del(qts);

+ drive_add(qts);

+ qtest_quit(qts);

+ QTestState *qts;

+ qts = qtest_initf("-drive if=none,id=drive0,file=null-co://,format=raw"

+ " -device virtio-scsi-%s"

+ " -device scsi-hd,drive=drive0,id=dev0",

+ qvirtio_get_dev_type());

+ drive_del(qts);

+ device_del(qts);

+ qtest_quit(qts);

+ QTestState *qts = global_qtest; /* TODO: get rid of global_qtest here */

+

+ qpci_unplug_acpi_device_test(qts, "e1000e_net", 0x06);

+#define qmp_discard_response(q, ...) qobject_unref(qtest_qmp(q, __VA_ARGS__))

+static QTestState *ide_test_start(const char *cmdline_fmt, ...)

+ QTestState *qts;

+ qts = qtest_vinitf(cmdline_fmt, ap);

+ pc_alloc_init(&guest_malloc, qts, 0);

+ return qts;

+static void ide_test_quit(QTestState *qts)

+ qtest_quit(qts);

+static QPCIDevice *get_pci_device(QTestState *qts, QPCIBar *bmdma_bar,

+ QPCIBar *ide_bar)

+ pcibus = qpci_new_pc(qts, NULL);

+static int send_dma_request(QTestState *qts, int cmd, uint64_t sector,

+ int nb_sectors, PrdtEntry *prdt, int prdt_entries,

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ qtest_memwrite(qts, guest_prdt, prdt, len);

+ g_assert_cmpint(qtest_get_irq(qts, IDE_PRIMARY_IRQ), ==,

+ !!(status & BM_STS_INTR));

+ g_assert(!qtest_get_irq(qts, IDE_PRIMARY_IRQ));

+static QTestState *test_bmdma_setup(void)

+{

+ QTestState *qts;

+

+ qts = ide_test_start(

+ "-drive file=%s,if=ide,cache=writeback,format=raw "

+ "-global ide-hd.serial=%s -global ide-hd.ver=%s",

+ tmp_path, "testdisk", "version");

+ qtest_irq_intercept_in(qts, "ioapic");

+

+ return qts;

+}

+

+static void test_bmdma_teardown(QTestState *qts)

+{

+ ide_test_quit(qts);

+}

+

+ QTestState *qts;

+ uintptr_t guest_buf;

+ PrdtEntry prdt[1];

+ qts = test_bmdma_setup();

+

+ guest_buf = guest_alloc(&guest_malloc, len);

+ prdt[0].addr = cpu_to_le32(guest_buf);

+ prdt[0].size = cpu_to_le32(len | PRDT_EOT);

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ qtest_memwrite(qts, guest_buf, buf, len);

+ status = send_dma_request(qts, CMD_WRITE_DMA, 0, 1, prdt,

+ qtest_memwrite(qts, guest_buf, buf, len);

+ status = send_dma_request(qts, CMD_WRITE_DMA, 1, 1, prdt,

+ status = send_dma_request(qts, CMD_READ_DMA, 0, 1, prdt, ARRAY_SIZE(prdt),

+ NULL);

+ qtest_memread(qts, guest_buf, buf, len);

+ status = send_dma_request(qts, CMD_READ_DMA, 1, 1, prdt, ARRAY_SIZE(prdt),

+ NULL);

+ qtest_memread(qts, guest_buf, buf, len);

+

+ test_bmdma_teardown(qts);

+ QTestState *qts;

+ uintptr_t guest_buf;

+ PrdtEntry prdt[1];

+ qts = test_bmdma_setup();

+

+ guest_buf = guest_alloc(&guest_malloc, len);

+ prdt[0].addr = cpu_to_le32(guest_buf),

+ prdt[0].size = cpu_to_le32(len | PRDT_EOT),

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ qtest_memwrite(qts, guest_buf, buf, 2 * sizeof(uint64_t));

+ status = send_dma_request(qts, CMD_DSM, 0, 1, prdt,

+ qtest_memwrite(qts, guest_buf, buf, 2 * sizeof(uint64_t));

+ status = send_dma_request(qts, CMD_DSM, 0, 1, prdt,

+ test_bmdma_teardown(qts);

+ QTestState *qts;

+ qts = test_bmdma_setup();

+

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ status = send_dma_request(qts, CMD_READ_DMA, 0, 1,

+ status = send_dma_request(qts, CMD_READ_DMA | CMDF_ABORT, 0, 1,

+ test_bmdma_teardown(qts);

+ QTestState *qts;

+ qts = test_bmdma_setup();

+

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ status = send_dma_request(qts, CMD_READ_DMA, 0, 2,

+ status = send_dma_request(qts, CMD_READ_DMA | CMDF_ABORT, 0, 2,

+ test_bmdma_teardown(qts);

+ QTestState *qts;

+ qts = test_bmdma_setup();

+

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ status = send_dma_request(qts, CMD_READ_DMA, 0, 1,

+ status = send_dma_request(qts, CMD_READ_DMA | CMDF_ABORT, 0, 1,

+ test_bmdma_teardown(qts);

+ QTestState *qts;

+ qts = test_bmdma_setup();

+

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ status = send_dma_request(qts, CMD_READ_DMA | CMDF_NO_BM, 0, 512,

+ test_bmdma_teardown(qts);

+ QTestState *qts;

+ qts = ide_test_start(

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ ide_test_quit(qts);

+static void make_dirty(QTestState *qts, uint8_t device)

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ qtest_memwrite(qts, guest_buf, buf, len);

+ status = send_dma_request(qts, CMD_WRITE_DMA, 1, 1, prdt,

+ QTestState *qts;

+ qts = ide_test_start(

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ qtest_irq_intercept_in(qts, "ioapic");

+ make_dirty(qts, 0);

+ g_free(qtest_hmp(qts, "qemu-io ide0-hd0 \"break flush_to_os A\""));

+ g_free(qtest_hmp(qts, "qemu-io ide0-hd0 \"resume A\""));

+ ide_test_quit(qts);

+ QTestState *qts;

+ qts = ide_test_start(

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ qtest_irq_intercept_in(qts, "ioapic");

+ make_dirty(qts, 0);

+ qtest_qmp_eventwait(qts, "STOP");

+ qmp_discard_response(qts, "{'execute':'cont' }");

+ ide_test_quit(qts);

+ QTestState *qts;

+ qts = ide_test_start("");

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ ide_test_quit(qts);

+ QTestState *qts;

+ qts = ide_test_start("-device ide-cd,bus=ide.0");

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ ide_test_quit(qts);

+static void nsleep(QTestState *qts, int64_t nsecs)

+ qtest_clock_set(qts, nsecs);

+static uint8_t ide_wait_clear(QTestState *qts, uint8_t flag)

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ nsleep(qts, 400);

+static void ide_wait_intr(QTestState *qts, int irq)

+ intr = qtest_get_irq(qts, irq);

+ nsleep(qts, 400);

+ QTestState *qts;

+ qts = ide_test_start(

+ "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 "

+ "-device ide-cd,drive=sr0,bus=ide.0", tmp_path);

+ dev = get_pci_device(qts, &bmdma_bar, &ide_bar);

+ qtest_irq_intercept_in(qts, "ioapic");

+ nsleep(qts, 400);

+ data = ide_wait_clear(qts, BSY);

+ ide_wait_intr(qts, IDE_PRIMARY_IRQ);

+ data = ide_wait_clear(qts, BSY);

+ ide_wait_intr(qts, IDE_PRIMARY_IRQ);

+ data = ide_wait_clear(qts, DRQ);

+ test_bmdma_teardown(qts);

+ QTestState *qts;

+ qts = ide_test_start(

+ "-drive if=none,file=%s,media=cdrom,format=raw,id=sr0,index=0 "

+ "-device ide-cd,drive=sr0,bus=ide.0", tmp_path);

+ qtest_irq_intercept_in(qts, "ioapic");

+ send_dma_request(qts, CMD_PACKET, 0, 1, prdt, 1, send_scsi_cdb_read10);

+ qtest_memread(qts, guest_buf, rx, len);

+ test_bmdma_teardown(qts);

+ QTestState *qts;

+ qts = qtest_init("-object memory-backend-ram,size=1M,id=mb1");

+ global_qtest = qts; /* TODO: Get rid of global_qtest here */

+ qpci_unplug_acpi_device_test(qts, "iv1", PCI_SLOT_HP);

+ qtest_quit(qts);

+ global_qtest = NULL;

+void qpci_unplug_acpi_device_test(QTestState *qts, const char *id, uint8_t slot)

+ response = qtest_qmp(qts, "{'execute': 'device_del',"

+ " 'arguments': {'id': %s}}", id);

+ qtest_outb(qts, ACPI_PCIHP_ADDR + PCI_EJ_BASE, 1 << slot);

+ qtest_qmp_eventwait(qts, "DEVICE_DELETED");

+void qpci_unplug_acpi_device_test(QTestState *qs, const char *id, uint8_t slot);

+ qtest_memwrite(dev->bus->qts, context_pa, context, sizeof(context));

+qemu-io: can't open device TEST_DIR/t.vmdk: Invalid granularity, image may be corrupt

+qemu-io: can't open device TEST_DIR/t.vmdk: L2 table size too big

+qemu-io: can't open device TEST_DIR/t.vmdk: L1 size too big

+qemu-io: can't open: Cannot use relative extent paths with VMDK descriptor file 'json:{"image": {"driver": "file", "filename": "TEST_DIR/t.IMGFMT"}, "driver": "blkdebug", "inject-error.0.event": "read_aio"}'

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo

+qemu-io: can't open device nbd+tcp://127.0.0.1:PORT/foo